@lucern/sdk 0.3.0-alpha.12 → 0.3.0-alpha.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (102) hide show
  1. package/README.md +51 -0
  2. package/dist/accessControl.d.ts +1 -0
  3. package/dist/accessControl.js +156 -22
  4. package/dist/accessControl.js.map +1 -1
  5. package/dist/adminClient.js.map +1 -1
  6. package/dist/answersClient.js.map +1 -1
  7. package/dist/audiencesClient.js.map +1 -1
  8. package/dist/auditClient.js.map +1 -1
  9. package/dist/authContext.d.ts +1 -1
  10. package/dist/authContext.js.map +1 -1
  11. package/dist/beliefs/index.d.ts +1 -0
  12. package/dist/beliefs/index.js +206 -40
  13. package/dist/beliefs/index.js.map +1 -1
  14. package/dist/beliefsClient.js.map +1 -1
  15. package/dist/client.d.ts +79 -31
  16. package/dist/client.js +206 -40
  17. package/dist/client.js.map +1 -1
  18. package/dist/contextClient.js.map +1 -1
  19. package/dist/contracts/auth-session.contract.d.ts +1 -1
  20. package/dist/contracts/auth-session.contract.js +13 -1
  21. package/dist/contracts/auth-session.contract.js.map +1 -1
  22. package/dist/contracts/index.js +13 -1
  23. package/dist/contracts/index.js.map +1 -1
  24. package/dist/contradictions/index.d.ts +1 -0
  25. package/dist/contradictions/index.js +206 -40
  26. package/dist/contradictions/index.js.map +1 -1
  27. package/dist/control-plane.d.ts +69 -0
  28. package/dist/control-plane.js +656 -0
  29. package/dist/control-plane.js.map +1 -0
  30. package/dist/coreClient.js.map +1 -1
  31. package/dist/decisions/index.d.ts +1 -0
  32. package/dist/decisions/index.js +206 -40
  33. package/dist/decisions/index.js.map +1 -1
  34. package/dist/decisionsClient.js.map +1 -1
  35. package/dist/edges/index.d.ts +1 -0
  36. package/dist/edges/index.js +206 -40
  37. package/dist/edges/index.js.map +1 -1
  38. package/dist/embeddingsClient.js.map +1 -1
  39. package/dist/eventingClient.js.map +1 -1
  40. package/dist/eventsCore.js.map +1 -1
  41. package/dist/evidence/index.d.ts +1 -0
  42. package/dist/evidence/index.js +206 -40
  43. package/dist/evidence/index.js.map +1 -1
  44. package/dist/evidenceClient.js.map +1 -1
  45. package/dist/functionSurface.d.ts +2 -1
  46. package/dist/functionSurface.js +5 -0
  47. package/dist/functionSurface.js.map +1 -1
  48. package/dist/functionSurfaceClient.js +5 -0
  49. package/dist/functionSurfaceClient.js.map +1 -1
  50. package/dist/gatewayFacades.d.ts +26 -2
  51. package/dist/gatewayFacades.js +135 -7
  52. package/dist/gatewayFacades.js.map +1 -1
  53. package/dist/graphAnalysisClient.js.map +1 -1
  54. package/dist/graphClient.js.map +1 -1
  55. package/dist/graphRecommendationsClient.js.map +1 -1
  56. package/dist/graphStateClassifierClient.js.map +1 -1
  57. package/dist/harnessClient.js.map +1 -1
  58. package/dist/identityClient.d.ts +19 -1
  59. package/dist/identityClient.js +133 -5
  60. package/dist/identityClient.js.map +1 -1
  61. package/dist/index.d.ts +1 -0
  62. package/dist/index.js +232 -49
  63. package/dist/index.js.map +1 -1
  64. package/dist/jobsClient.js.map +1 -1
  65. package/dist/learningClient.js.map +1 -1
  66. package/dist/lenses/index.d.ts +1 -0
  67. package/dist/lenses/index.js +206 -40
  68. package/dist/lenses/index.js.map +1 -1
  69. package/dist/mcpClient.js.map +1 -1
  70. package/dist/modelRuntimeClient.js.map +1 -1
  71. package/dist/nodes/index.d.ts +1 -0
  72. package/dist/nodes/index.js +206 -40
  73. package/dist/nodes/index.js.map +1 -1
  74. package/dist/ontologies/index.d.ts +1 -0
  75. package/dist/ontologies/index.js +206 -40
  76. package/dist/ontologies/index.js.map +1 -1
  77. package/dist/ontologyClient.js.map +1 -1
  78. package/dist/ontologyLinksClient.js.map +1 -1
  79. package/dist/orgGraphSearchClient.js.map +1 -1
  80. package/dist/packsClient.js.map +1 -1
  81. package/dist/policyClient.js.map +1 -1
  82. package/dist/questions/index.d.ts +1 -0
  83. package/dist/questions/index.js +206 -40
  84. package/dist/questions/index.js.map +1 -1
  85. package/dist/reportsClient.js.map +1 -1
  86. package/dist/schemaClient.js.map +1 -1
  87. package/dist/sourcesClient.js.map +1 -1
  88. package/dist/telemetryClient.js.map +1 -1
  89. package/dist/toolRegistryClient.js.map +1 -1
  90. package/dist/topics/index.d.ts +1 -0
  91. package/dist/topics/index.js +206 -40
  92. package/dist/topics/index.js.map +1 -1
  93. package/dist/topicsClient.js.map +1 -1
  94. package/dist/types.d.ts +12 -0
  95. package/dist/version.d.ts +1 -1
  96. package/dist/version.js +1 -1
  97. package/dist/version.js.map +1 -1
  98. package/dist/workflowClient.js.map +1 -1
  99. package/dist/worktrees/index.d.ts +1 -0
  100. package/dist/worktrees/index.js +206 -40
  101. package/dist/worktrees/index.js.map +1 -1
  102. package/package.json +9 -5
@@ -38,14 +38,14 @@ function requireString(value, reason, label) {
38
38
  }
39
39
  return normalized;
40
40
  }
41
- function requirePrincipalType(principalType) {
42
- if (!principalType) {
41
+ function requirePrincipalType(principalType2) {
42
+ if (!principalType2) {
43
43
  throw new LucernSdkAuthContextError(
44
44
  "principal_missing",
45
45
  "Canonical Lucern SDK auth context is missing principalType."
46
46
  );
47
47
  }
48
- return principalType;
48
+ return principalType2;
49
49
  }
50
50
  function requireAuthMode(authMode) {
51
51
  if (!authMode) {
@@ -91,7 +91,7 @@ function normalizeCanonicalLucernAuthContext(input) {
91
91
  );
92
92
  const roles = cleanStringList(input.roles);
93
93
  const scopes = cleanStringList(input.scopes);
94
- const principalType = requirePrincipalType(input.principalType);
94
+ const principalType2 = requirePrincipalType(input.principalType);
95
95
  const authMode = requireAuthMode(input.authMode);
96
96
  const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
97
97
  if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
@@ -120,7 +120,7 @@ function normalizeCanonicalLucernAuthContext(input) {
120
120
  principalId,
121
121
  tenantId,
122
122
  workspaceId,
123
- principalType,
123
+ principalType: principalType2,
124
124
  authMode,
125
125
  roles,
126
126
  scopes,
@@ -1109,6 +1109,128 @@ function listResultFromEnvelope(data, legacyKey) {
1109
1109
  );
1110
1110
  }
1111
1111
 
1112
+ // src/control-plane.ts
1113
+ var LucernControlPlaneIdentityError = class extends Error {
1114
+ reason;
1115
+ principalStatus;
1116
+ tenantStatus;
1117
+ workspaceStatus;
1118
+ details;
1119
+ constructor(failure) {
1120
+ super(failure.message);
1121
+ this.name = "LucernControlPlaneIdentityError";
1122
+ this.reason = failure.reason;
1123
+ this.principalStatus = failure.principalStatus;
1124
+ this.tenantStatus = failure.tenantStatus;
1125
+ this.workspaceStatus = failure.workspaceStatus;
1126
+ this.details = failure.details;
1127
+ }
1128
+ };
1129
+ function cleanString3(value) {
1130
+ return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
1131
+ }
1132
+ function stringList(value) {
1133
+ if (!Array.isArray(value)) {
1134
+ return [];
1135
+ }
1136
+ return [
1137
+ ...new Set(
1138
+ value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
1139
+ )
1140
+ ];
1141
+ }
1142
+ function principalType(value) {
1143
+ switch (value) {
1144
+ case "service":
1145
+ case "service_principal":
1146
+ return "service";
1147
+ case "agent":
1148
+ return "agent";
1149
+ case "group":
1150
+ return "group";
1151
+ case "external_viewer":
1152
+ case "external_stakeholder":
1153
+ return "external_viewer";
1154
+ default:
1155
+ return "human";
1156
+ }
1157
+ }
1158
+ function adminFlags(roles) {
1159
+ const normalized = roles.map((role) => role.toLowerCase());
1160
+ const isPlatformAdmin = normalized.includes("platform_admin");
1161
+ const isTenantAdmin = isPlatformAdmin || normalized.includes("tenant_admin");
1162
+ const isWorkspaceAdmin = isTenantAdmin || normalized.includes("workspace_admin") || normalized.includes("workspace_owner");
1163
+ return { isPlatformAdmin, isTenantAdmin, isWorkspaceAdmin };
1164
+ }
1165
+ function normalizeResolvedInteractivePrincipal(payload) {
1166
+ if ("ok" in payload && payload.ok === false) {
1167
+ throw new LucernControlPlaneIdentityError(payload);
1168
+ }
1169
+ const principalId = cleanString3(payload.principalId);
1170
+ const clerkId = cleanString3(payload.clerkId);
1171
+ const tenantId = cleanString3(payload.tenantId);
1172
+ if (!principalId || !clerkId || !tenantId) {
1173
+ throw new LucernControlPlaneIdentityError({
1174
+ ok: false,
1175
+ reason: "resolver_unavailable",
1176
+ message: "Control-plane principal resolver returned an incomplete principal context.",
1177
+ principalStatus: payload.principalStatus ?? "missing",
1178
+ tenantStatus: payload.tenantStatus,
1179
+ workspaceStatus: payload.workspaceStatus
1180
+ });
1181
+ }
1182
+ const roles = stringList(payload.roles);
1183
+ const scopes = stringList(payload.scopes);
1184
+ const workspaceId = cleanString3(payload.workspaceId) ?? null;
1185
+ const flags = adminFlags(roles);
1186
+ return {
1187
+ principalId,
1188
+ principalType: principalType(payload.principalType),
1189
+ clerkId,
1190
+ tenantId,
1191
+ workspaceId,
1192
+ roles,
1193
+ scopes,
1194
+ groupIds: stringList(payload.groupIds),
1195
+ permittedToolNames: stringList(payload.permittedToolNames),
1196
+ permittedPackKeys: stringList(payload.permittedPackKeys),
1197
+ principalStatus: cleanString3(payload.principalStatus) ?? "active",
1198
+ tenantStatus: cleanString3(payload.tenantStatus) ?? "active",
1199
+ workspaceStatus: cleanString3(payload.workspaceStatus) ?? (workspaceId ? "active" : "none"),
1200
+ isPlatformAdmin: typeof payload.isPlatformAdmin === "boolean" ? payload.isPlatformAdmin : flags.isPlatformAdmin,
1201
+ isTenantAdmin: typeof payload.isTenantAdmin === "boolean" ? payload.isTenantAdmin : flags.isTenantAdmin,
1202
+ isWorkspaceAdmin: typeof payload.isWorkspaceAdmin === "boolean" ? payload.isWorkspaceAdmin : flags.isWorkspaceAdmin,
1203
+ permit: {
1204
+ subject: cleanString3(payload.permit?.subject) ?? principalId,
1205
+ tenant: cleanString3(payload.permit?.tenant) ?? tenantId,
1206
+ ...workspaceId ? { workspace: cleanString3(payload.permit?.workspace) ?? workspaceId } : {}
1207
+ },
1208
+ authMode: "interactive_user",
1209
+ sessionId: payload.sessionId,
1210
+ delegatedBy: payload.delegatedBy,
1211
+ expiresAt: payload.expiresAt
1212
+ };
1213
+ }
1214
+ function createControlPlaneIdentityClient(config = {}) {
1215
+ const gateway = createGatewayRequestClient(config);
1216
+ return {
1217
+ async resolveInteractivePrincipal(input) {
1218
+ return gateway.request({
1219
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1220
+ method: "POST",
1221
+ body: input
1222
+ }).then(
1223
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1224
+ );
1225
+ }
1226
+ };
1227
+ }
1228
+ function createControlPlaneClient(config = {}) {
1229
+ return {
1230
+ identity: createControlPlaneIdentityClient(config)
1231
+ };
1232
+ }
1233
+
1112
1234
  // src/identityClient.ts
1113
1235
  function createIdentityWhoamiClient(config = {}) {
1114
1236
  const gateway = createGatewayRequestClient(config);
@@ -1176,13 +1298,25 @@ function createIdentityClient(config = {}) {
1176
1298
  (response) => mapGatewayData(response, (data) => ({
1177
1299
  principalId: data.principalId,
1178
1300
  principalType: data.principalType,
1301
+ clerkId: data.clerkId,
1179
1302
  tenantId: data.tenantId ?? null,
1180
1303
  workspaceId: data.workspaceId ?? null,
1181
1304
  scopes: Array.isArray(data.scopes) ? data.scopes : [],
1182
1305
  roles: Array.isArray(data.roles) ? data.roles : [],
1306
+ groupIds: Array.isArray(data.groupIds) ? data.groupIds : [],
1307
+ permittedToolNames: Array.isArray(data.permittedToolNames) ? data.permittedToolNames : [],
1308
+ permittedPackKeys: Array.isArray(data.permittedPackKeys) ? data.permittedPackKeys : [],
1309
+ principalStatus: data.principalStatus,
1310
+ tenantStatus: data.tenantStatus,
1311
+ workspaceStatus: data.workspaceStatus,
1183
1312
  isPlatformAdmin: data.isPlatformAdmin === true,
1184
1313
  isTenantAdmin: data.isTenantAdmin === true,
1185
1314
  isWorkspaceAdmin: data.isWorkspaceAdmin === true,
1315
+ permit: data.permit ?? (data.tenantId ? {
1316
+ subject: data.principalId,
1317
+ tenant: data.tenantId,
1318
+ ...data.workspaceId ? { workspace: data.workspaceId } : {}
1319
+ } : void 0),
1186
1320
  authMode: data.authMode,
1187
1321
  sessionId: data.sessionId,
1188
1322
  delegatedBy: data.delegatedBy,
@@ -1190,6 +1324,19 @@ function createIdentityClient(config = {}) {
1190
1324
  }))
1191
1325
  );
1192
1326
  },
1327
+ /**
1328
+ * Resolve a Clerk subject through the tenant control-plane Permit projection.
1329
+ * @deprecated Prefer lucern.controlPlane.identity.resolveInteractivePrincipal().
1330
+ */
1331
+ async resolveInteractivePrincipal(input) {
1332
+ return gateway.request({
1333
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1334
+ method: "POST",
1335
+ body: input
1336
+ }).then(
1337
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1338
+ );
1339
+ },
1193
1340
  /**
1194
1341
  * List principals in the current identity scope.
1195
1342
  */
@@ -1386,7 +1533,7 @@ var LucernAccessControlError = class extends LucernSdkAuthContextError {
1386
1533
  this.policyDecision = policyDecision;
1387
1534
  }
1388
1535
  };
1389
- function cleanString3(value) {
1536
+ function cleanString4(value) {
1390
1537
  const normalized = value?.trim();
1391
1538
  return normalized ? normalized : void 0;
1392
1539
  }
@@ -1401,7 +1548,7 @@ function cleanStringList2(values) {
1401
1548
  ];
1402
1549
  }
1403
1550
  function requireString2(value, reason, label) {
1404
- const normalized = cleanString3(value);
1551
+ const normalized = cleanString4(value);
1405
1552
  if (!normalized) {
1406
1553
  throw new LucernAccessControlError(
1407
1554
  reason,
@@ -1410,13 +1557,19 @@ function requireString2(value, reason, label) {
1410
1557
  }
1411
1558
  return normalized;
1412
1559
  }
1413
- function normalizePrincipalType(principalType) {
1414
- if (principalType === "agent") {
1560
+ function normalizePrincipalType(principalType2) {
1561
+ if (principalType2 === "agent") {
1415
1562
  return "agent";
1416
1563
  }
1417
- if (principalType === "service") {
1564
+ if (principalType2 === "service") {
1418
1565
  return "service";
1419
1566
  }
1567
+ if (principalType2 === "group") {
1568
+ return "group";
1569
+ }
1570
+ if (principalType2 === "external_viewer") {
1571
+ return "external_viewer";
1572
+ }
1420
1573
  return "human";
1421
1574
  }
1422
1575
  function aliasKey(alias) {
@@ -1425,15 +1578,15 @@ function aliasKey(alias) {
1425
1578
  function normalizeAliases(input, canonicalClerkUserId) {
1426
1579
  const aliases = /* @__PURE__ */ new Map();
1427
1580
  for (const alias of input ?? []) {
1428
- const externalSubjectId = cleanString3(alias.externalSubjectId);
1581
+ const externalSubjectId = cleanString4(alias.externalSubjectId);
1429
1582
  if (!externalSubjectId) {
1430
1583
  continue;
1431
1584
  }
1432
1585
  const normalized = {
1433
- provider: cleanString3(alias.provider) ?? "clerk",
1434
- providerProjectId: cleanString3(alias.providerProjectId),
1586
+ provider: cleanString4(alias.provider) ?? "clerk",
1587
+ providerProjectId: cleanString4(alias.providerProjectId),
1435
1588
  externalSubjectId,
1436
- status: cleanString3(alias.status)
1589
+ status: cleanString4(alias.status)
1437
1590
  };
1438
1591
  aliases.set(aliasKey(normalized), normalized);
1439
1592
  }
@@ -1478,10 +1631,10 @@ function normalizeCanonicalPrincipalIdentity(input, options = {}) {
1478
1631
  "principal_missing",
1479
1632
  "principalId"
1480
1633
  );
1481
- const principalType = normalizePrincipalType(principalInput.principalType);
1482
- const observedClerkId = cleanString3(options.observedClerkId);
1483
- const canonicalClerkUserId = cleanString3(principalInput.canonicalClerkUserId) ?? cleanString3(principalInput.clerkId);
1484
- if (principalType === "human" && !canonicalClerkUserId) {
1634
+ const principalType2 = normalizePrincipalType(principalInput.principalType);
1635
+ const observedClerkId = cleanString4(options.observedClerkId);
1636
+ const canonicalClerkUserId = cleanString4(principalInput.canonicalClerkUserId) ?? cleanString4(principalInput.clerkId);
1637
+ if (principalType2 === "human" && !canonicalClerkUserId) {
1485
1638
  throw new LucernAccessControlError(
1486
1639
  "clerk_alias_missing",
1487
1640
  "Human principals require one canonical Clerk user id."
@@ -1503,11 +1656,11 @@ function normalizeCanonicalPrincipalIdentity(input, options = {}) {
1503
1656
  }
1504
1657
  return {
1505
1658
  principalId,
1506
- principalType,
1659
+ principalType: principalType2,
1507
1660
  canonicalClerkUserId,
1508
1661
  clerkIdentityAliases: aliases,
1509
- tenantId: cleanString3(principalInput.tenantId),
1510
- workspaceId: cleanString3(principalInput.workspaceId),
1662
+ tenantId: cleanString4(principalInput.tenantId),
1663
+ workspaceId: cleanString4(principalInput.workspaceId),
1511
1664
  roles: cleanStringList2(principalInput.roles),
1512
1665
  scopes: cleanStringList2(principalInput.scopes)
1513
1666
  };
@@ -1532,7 +1685,7 @@ function buildPolicyInput(identity, input) {
1532
1685
  "tenant_missing",
1533
1686
  "tenantId"
1534
1687
  );
1535
- const workspaceId = cleanString3(input.workspaceId ?? identity.workspaceId);
1688
+ const workspaceId = cleanString4(input.workspaceId ?? identity.workspaceId);
1536
1689
  if (resourceRequiresWorkspace(input.resource) && !workspaceId) {
1537
1690
  throw new LucernAccessControlError(
1538
1691
  "workspace_missing",
@@ -2932,12 +3085,12 @@ function createGraphClient(config = {}) {
2932
3085
  }
2933
3086
 
2934
3087
  // src/topicsClient.ts
2935
- function cleanString4(value) {
3088
+ function cleanString5(value) {
2936
3089
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
2937
3090
  }
2938
3091
  function normalizeTopicRecord(value) {
2939
3092
  const record = asRecord(value);
2940
- const topicId = cleanString4(record.topicId) ?? cleanString4(record.id) ?? cleanString4(record._id);
3093
+ const topicId = cleanString5(record.topicId) ?? cleanString5(record.id) ?? cleanString5(record._id);
2941
3094
  return withTopicAlias({
2942
3095
  ...record,
2943
3096
  ...topicId ? { topicId } : {}
@@ -4150,7 +4303,7 @@ function createEmbeddingsClient(config = {}) {
4150
4303
  }
4151
4304
 
4152
4305
  // src/contextClient.ts
4153
- function cleanString5(value) {
4306
+ function cleanString6(value) {
4154
4307
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
4155
4308
  }
4156
4309
  function cleanNumber(value) {
@@ -4162,11 +4315,11 @@ function cleanBoolean(value) {
4162
4315
  function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
4163
4316
  const effectiveInput = typeof topicIdOrInput === "string" ? input : topicIdOrInput;
4164
4317
  const payload = {};
4165
- const topicId = typeof topicIdOrInput === "string" ? cleanString5(topicIdOrInput) : cleanString5(effectiveInput.topicId);
4318
+ const topicId = typeof topicIdOrInput === "string" ? cleanString6(topicIdOrInput) : cleanString6(effectiveInput.topicId);
4166
4319
  if (topicId) {
4167
4320
  payload.topicId = topicId;
4168
4321
  }
4169
- const query5 = cleanString5(effectiveInput.query);
4322
+ const query5 = cleanString6(effectiveInput.query);
4170
4323
  if (query5) {
4171
4324
  payload.query = query5;
4172
4325
  }
@@ -4174,7 +4327,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
4174
4327
  if (budget !== void 0) {
4175
4328
  payload.budget = budget;
4176
4329
  }
4177
- const ranking = cleanString5(effectiveInput.ranking) ?? cleanString5(effectiveInput.rankingProfile);
4330
+ const ranking = cleanString6(effectiveInput.ranking) ?? cleanString6(effectiveInput.rankingProfile);
4178
4331
  if (ranking) {
4179
4332
  payload.ranking = ranking;
4180
4333
  }
@@ -4190,7 +4343,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
4190
4343
  if (includeEntities !== void 0) {
4191
4344
  payload.includeEntities = includeEntities;
4192
4345
  }
4193
- const mode = cleanString5(effectiveInput.mode);
4346
+ const mode = cleanString6(effectiveInput.mode);
4194
4347
  if (mode) {
4195
4348
  payload.mode = mode;
4196
4349
  }
@@ -4198,11 +4351,11 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
4198
4351
  if (includeFailures !== void 0) {
4199
4352
  payload.includeFailures = includeFailures;
4200
4353
  }
4201
- const worktreeId = cleanString5(effectiveInput.worktreeId);
4354
+ const worktreeId = cleanString6(effectiveInput.worktreeId);
4202
4355
  if (worktreeId) {
4203
4356
  payload.worktreeId = worktreeId;
4204
4357
  }
4205
- const sessionId = cleanString5(effectiveInput.sessionId);
4358
+ const sessionId = cleanString6(effectiveInput.sessionId);
4206
4359
  if (sessionId) {
4207
4360
  payload.sessionId = sessionId;
4208
4361
  }
@@ -5279,6 +5432,7 @@ var CONTRACTS = {
5279
5432
  "remove_edges_between": { method: "DELETE", path: "/edges/between", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5280
5433
  "remove_lens_from_topic": { method: "DELETE", path: "/lenses/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5281
5434
  "resolve_effective_ontology": { method: "POST", path: "/ontologies/effective", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5435
+ "resolve_interactive_principal": { method: "POST", path: "/control-plane/identity/resolve-interactive-principal", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5282
5436
  "run_graph_intelligence_query": { method: "POST", path: "/graph-intelligence/run", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5283
5437
  "search_beliefs": { method: "POST", path: "/beliefs/search", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5284
5438
  "search_evidence": { method: "POST", path: "/evidence/search", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
@@ -5661,6 +5815,9 @@ function createFunctionSurfaceClient(config = {}) {
5661
5815
  resolveEffectiveOntology(input = {}, idempotencyKey) {
5662
5816
  return execute("resolve_effective_ontology", input, idempotencyKey);
5663
5817
  },
5818
+ resolveInteractivePrincipal(input = {}, idempotencyKey) {
5819
+ return execute("resolve_interactive_principal", input, idempotencyKey);
5820
+ },
5664
5821
  runGraphIntelligenceQuery(input = {}, idempotencyKey) {
5665
5822
  return execute("run_graph_intelligence_query", input, idempotencyKey);
5666
5823
  },
@@ -5921,7 +6078,7 @@ var ORG_GRAPH_SEARCH_FIELDS = [
5921
6078
  "cursor",
5922
6079
  "provenanceScope"
5923
6080
  ];
5924
- function cleanString6(value, label) {
6081
+ function cleanString7(value, label) {
5925
6082
  const normalized = value?.trim();
5926
6083
  if (!normalized) {
5927
6084
  throw new Error(`${label} is required`);
@@ -5943,9 +6100,9 @@ function searchBody(input) {
5943
6100
  "orgGraphSearch.search"
5944
6101
  );
5945
6102
  return {
5946
- tenantId: cleanString6(input.tenantId, "tenantId"),
5947
- workspaceId: cleanString6(input.workspaceId, "workspaceId"),
5948
- query: cleanString6(input.query, "query"),
6103
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6104
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
6105
+ query: cleanString7(input.query, "query"),
5949
6106
  nodeTypes: input.nodeTypes,
5950
6107
  minConfidence: input.minConfidence,
5951
6108
  limit: input.limit,
@@ -5955,8 +6112,8 @@ function searchBody(input) {
5955
6112
  }
5956
6113
  function listQuery2(input) {
5957
6114
  return {
5958
- tenantId: cleanString6(input.tenantId, "tenantId"),
5959
- workspaceId: cleanString6(input.workspaceId, "workspaceId"),
6115
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6116
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
5960
6117
  nodeTypes: input.nodeTypes?.join(","),
5961
6118
  minConfidence: input.minConfidence,
5962
6119
  limit: input.limit,
@@ -5990,8 +6147,8 @@ function createOrgGraphSearchClient(config = {}) {
5990
6147
  return gateway.request({
5991
6148
  path: `/api/platform/v1/org-graph-search/nodes/${nodePath}${toQueryString(
5992
6149
  {
5993
- tenantId: cleanString6(input.tenantId, "tenantId"),
5994
- workspaceId: cleanString6(input.workspaceId, "workspaceId"),
6150
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6151
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
5995
6152
  globalId: nodeId ? void 0 : globalId
5996
6153
  }
5997
6154
  )}`
@@ -6956,7 +7113,7 @@ function createToolRegistryClient(config = {}) {
6956
7113
  }
6957
7114
 
6958
7115
  // src/version.ts
6959
- var LUCERN_SDK_VERSION = "0.3.0-alpha.12";
7116
+ var LUCERN_SDK_VERSION = "0.3.0-alpha.14";
6960
7117
 
6961
7118
  // src/workflowClient.ts
6962
7119
  function normalizeLensQuery(value) {
@@ -7433,6 +7590,7 @@ function createLucernClient(config = {}) {
7433
7590
  const ontologyLinksClient = createOntologyLinksClient(gatewayConfig);
7434
7591
  const orgGraphSearchClient = createOrgGraphSearchClient(gatewayConfig);
7435
7592
  const functionSurfaceClient = createFunctionSurfaceClient(gatewayConfig);
7593
+ const controlPlaneClient = createControlPlaneClient(gatewayConfig);
7436
7594
  const toolRegistryClient = createToolRegistryClient(gatewayConfig);
7437
7595
  const modelRuntimeClient = createModelRuntimeClient(gatewayConfig);
7438
7596
  const packsClient = createPacksClient(gatewayConfig);
@@ -9096,9 +9254,16 @@ function createLucernClient(config = {}) {
9096
9254
  disable: packsClient.disable
9097
9255
  },
9098
9256
  nodes: nodesNamespace,
9257
+ controlPlane: {
9258
+ identity: {
9259
+ resolveInteractivePrincipal: controlPlaneClient.identity.resolveInteractivePrincipal
9260
+ },
9261
+ raw: controlPlaneClient
9262
+ },
9099
9263
  identity: {
9100
9264
  ...identityFacade,
9101
9265
  access: accessControlClient,
9266
+ resolveInteractivePrincipal: identityClient.resolveInteractivePrincipal,
9102
9267
  evaluatePolicy: identityClient.evaluatePolicy,
9103
9268
  recordPolicyDecision: identityClient.recordPolicyDecision,
9104
9269
  putSecretReference: identityClient.putSecretReference,
@@ -9143,6 +9308,7 @@ function createLucernClient(config = {}) {
9143
9308
  ontologyLinks: ontologyLinksClient,
9144
9309
  orgGraphSearch: orgGraphSearchClient,
9145
9310
  functionSurface: functionSurfaceClient,
9311
+ controlPlane: controlPlaneClient,
9146
9312
  toolRegistry: toolRegistryClient,
9147
9313
  modelRuntime: modelRuntimeClient,
9148
9314
  packs: packsClient,