@lucern/sdk 0.3.0-alpha.16 → 0.3.0-alpha.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +0 -8
- package/README.md +4 -110
- package/dist/adminClient.d.ts +8 -10
- package/dist/adminClient.js +39 -260
- package/dist/adminClient.js.map +1 -1
- package/dist/answersClient.d.ts +0 -2
- package/dist/answersClient.js +11 -239
- package/dist/answersClient.js.map +1 -1
- package/dist/audience/index.d.ts +1 -2
- package/dist/audience/index.js +3 -1
- package/dist/audience/index.js.map +1 -1
- package/dist/audiencesClient.d.ts +16 -18
- package/dist/audiencesClient.js +90 -315
- package/dist/audiencesClient.js.map +1 -1
- package/dist/auditClient.d.ts +0 -2
- package/dist/auditClient.js +15 -245
- package/dist/auditClient.js.map +1 -1
- package/dist/beliefs/index.d.ts +5 -27
- package/dist/beliefs/index.js +1177 -3842
- package/dist/beliefs/index.js.map +1 -1
- package/dist/beliefsClient.d.ts +2 -4
- package/dist/beliefsClient.js +26 -248
- package/dist/beliefsClient.js.map +1 -1
- package/dist/client-B6aWUUwp.d.ts +2552 -0
- package/dist/client.d.ts +27 -3041
- package/dist/client.js +1177 -3842
- package/dist/client.js.map +1 -1
- package/dist/contextClient.d.ts +3 -6
- package/dist/contextClient.js +30 -270
- package/dist/contextClient.js.map +1 -1
- package/dist/contextFacade.js +16 -25
- package/dist/contextFacade.js.map +1 -1
- package/dist/contextPackCompiler.js +30 -19
- package/dist/contextPackCompiler.js.map +1 -1
- package/dist/contextPackPolicy.js +17 -7
- package/dist/contextPackPolicy.js.map +1 -1
- package/dist/contextTypes.d.ts +0 -2
- package/dist/contracts/api-enums.contract.d.ts +2 -2
- package/dist/contracts/api-enums.contract.js +1 -6
- package/dist/contracts/api-enums.contract.js.map +1 -1
- package/dist/contracts/auth-session.contract.d.ts +1 -1
- package/dist/contracts/auth-session.contract.js +1 -13
- package/dist/contracts/auth-session.contract.js.map +1 -1
- package/dist/contracts/index.d.ts +0 -1
- package/dist/contracts/index.js +6 -133
- package/dist/contracts/index.js.map +1 -1
- package/dist/contracts/lens-filter.contract.js +3 -4
- package/dist/contracts/lens-filter.contract.js.map +1 -1
- package/dist/contracts/lens-workflow.contract.js +3 -4
- package/dist/contracts/lens-workflow.contract.js.map +1 -1
- package/dist/contracts/lensFilter.js +3 -4
- package/dist/contracts/lensFilter.js.map +1 -1
- package/dist/contracts/lensWorkflow.js +3 -4
- package/dist/contracts/lensWorkflow.js.map +1 -1
- package/dist/contracts/mcpTools.d.ts +1 -46
- package/dist/contracts/mcpTools.js +0 -108
- package/dist/contracts/mcpTools.js.map +1 -1
- package/dist/contradictions/index.d.ts +4 -26
- package/dist/contradictions/index.js +1177 -3842
- package/dist/contradictions/index.js.map +1 -1
- package/dist/coreClient.d.ts +2 -28
- package/dist/coreClient.js +14 -240
- package/dist/coreClient.js.map +1 -1
- package/dist/decisions/index.d.ts +14 -36
- package/dist/decisions/index.js +1177 -3842
- package/dist/decisions/index.js.map +1 -1
- package/dist/decisionsClient.d.ts +12 -6
- package/dist/decisionsClient.js +37 -253
- package/dist/decisionsClient.js.map +1 -1
- package/dist/edges/index.d.ts +87 -49
- package/dist/edges/index.js +1177 -3842
- package/dist/edges/index.js.map +1 -1
- package/dist/events.js +3 -6
- package/dist/events.js.map +1 -1
- package/dist/eventsCore.d.ts +1 -3
- package/dist/eventsCore.js +14 -240
- package/dist/eventsCore.js.map +1 -1
- package/dist/evidence/index.d.ts +4 -26
- package/dist/evidence/index.js +1177 -3842
- package/dist/evidence/index.js.map +1 -1
- package/dist/evidenceClient.d.ts +0 -2
- package/dist/evidenceClient.js +14 -240
- package/dist/evidenceClient.js.map +1 -1
- package/dist/facade/context.d.ts +1 -2
- package/dist/facade/context.js +16 -25
- package/dist/facade/context.js.map +1 -1
- package/dist/gatewayFacades.d.ts +46 -90
- package/dist/gatewayFacades.js +128 -609
- package/dist/gatewayFacades.js.map +1 -1
- package/dist/graphClient.d.ts +13 -8
- package/dist/graphClient.js +45 -262
- package/dist/graphClient.js.map +1 -1
- package/dist/harnessClient.d.ts +24 -15
- package/dist/harnessClient.js +42 -253
- package/dist/harnessClient.js.map +1 -1
- package/dist/identityClient.d.ts +11 -115
- package/dist/identityClient.js +33 -555
- package/dist/identityClient.js.map +1 -1
- package/dist/index.d.ts +6 -32
- package/dist/index.js +2580 -5825
- package/dist/index.js.map +1 -1
- package/dist/learningClient.d.ts +6 -8
- package/dist/learningClient.js +44 -270
- package/dist/learningClient.js.map +1 -1
- package/dist/lenses/index.d.ts +38 -78
- package/dist/lenses/index.js +1177 -3842
- package/dist/lenses/index.js.map +1 -1
- package/dist/nodes/index.d.ts +21 -65
- package/dist/nodes/index.js +1177 -3842
- package/dist/nodes/index.js.map +1 -1
- package/dist/ontologies/index.d.ts +32 -55
- package/dist/ontologies/index.js +1177 -3842
- package/dist/ontologies/index.js.map +1 -1
- package/dist/ontologyClient.d.ts +25 -19
- package/dist/ontologyClient.js +40 -276
- package/dist/ontologyClient.js.map +1 -1
- package/dist/packsClient.d.ts +23 -11
- package/dist/packsClient.js +46 -252
- package/dist/packsClient.js.map +1 -1
- package/dist/policyClient.d.ts +10 -13
- package/dist/policyClient.js +25 -261
- package/dist/policyClient.js.map +1 -1
- package/dist/questions/index.d.ts +4 -26
- package/dist/questions/index.js +1177 -3842
- package/dist/questions/index.js.map +1 -1
- package/dist/realtime/index.d.ts +1 -1
- package/dist/reportsClient.d.ts +7 -9
- package/dist/reportsClient.js +53 -299
- package/dist/reportsClient.js.map +1 -1
- package/dist/schemaClient.d.ts +3 -5
- package/dist/schemaClient.js +29 -253
- package/dist/schemaClient.js.map +1 -1
- package/dist/sdkSurface.d.ts +3 -8
- package/dist/sdkSurface.js +6 -10
- package/dist/sdkSurface.js.map +1 -1
- package/dist/sourcesClient.d.ts +0 -2
- package/dist/sourcesClient.js +14 -240
- package/dist/sourcesClient.js.map +1 -1
- package/dist/topics/index.d.ts +9 -37
- package/dist/topics/index.js +1177 -3844
- package/dist/topics/index.js.map +1 -1
- package/dist/topicsClient.d.ts +0 -4
- package/dist/topicsClient.js +24 -255
- package/dist/topicsClient.js.map +1 -1
- package/dist/types.d.ts +0 -17
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/dist/version.js.map +1 -1
- package/dist/workflowClient.d.ts +40 -60
- package/dist/workflowClient.js +58 -261
- package/dist/workflowClient.js.map +1 -1
- package/dist/worktrees/index.d.ts +33 -71
- package/dist/worktrees/index.js +1177 -3842
- package/dist/worktrees/index.js.map +1 -1
- package/package.json +3 -17
- package/dist/accessControl.d.ts +0 -79
- package/dist/accessControl.js +0 -1270
- package/dist/accessControl.js.map +0 -1
- package/dist/authContext.d.ts +0 -56
- package/dist/authContext.js +0 -170
- package/dist/authContext.js.map +0 -1
- package/dist/authDeviceClient.d.ts +0 -49
- package/dist/authDeviceClient.js +0 -121
- package/dist/authDeviceClient.js.map +0 -1
- package/dist/boundaryClientSurface.d.ts +0 -20
- package/dist/boundaryClientSurface.js +0 -73
- package/dist/boundaryClientSurface.js.map +0 -1
- package/dist/clientHelpers.d.ts +0 -48
- package/dist/clientHelpers.js +0 -137
- package/dist/clientHelpers.js.map +0 -1
- package/dist/control-plane.d.ts +0 -69
- package/dist/control-plane.js +0 -674
- package/dist/control-plane.js.map +0 -1
- package/dist/embeddingsClient.d.ts +0 -106
- package/dist/embeddingsClient.js +0 -749
- package/dist/embeddingsClient.js.map +0 -1
- package/dist/eventingClient.d.ts +0 -96
- package/dist/eventingClient.js +0 -746
- package/dist/eventingClient.js.map +0 -1
- package/dist/functionSurface.d.ts +0 -144
- package/dist/functionSurface.js +0 -1227
- package/dist/functionSurface.js.map +0 -1
- package/dist/functionSurfaceClient.d.ts +0 -8
- package/dist/functionSurfaceClient.js +0 -1227
- package/dist/functionSurfaceClient.js.map +0 -1
- package/dist/graphAnalysisClient.d.ts +0 -192
- package/dist/graphAnalysisClient.js +0 -817
- package/dist/graphAnalysisClient.js.map +0 -1
- package/dist/graphIntel.d.ts +0 -4
- package/dist/graphIntel.js +0 -3
- package/dist/graphIntel.js.map +0 -1
- package/dist/graphIntelligence.d.ts +0 -2
- package/dist/graphIntelligence.js +0 -47
- package/dist/graphIntelligence.js.map +0 -1
- package/dist/graphRecommendationsClient.d.ts +0 -56
- package/dist/graphRecommendationsClient.js +0 -682
- package/dist/graphRecommendationsClient.js.map +0 -1
- package/dist/graphStateClassifierClient.d.ts +0 -73
- package/dist/graphStateClassifierClient.js +0 -734
- package/dist/graphStateClassifierClient.js.map +0 -1
- package/dist/infisicalRuntime.d.ts +0 -43
- package/dist/infisicalRuntime.js +0 -346
- package/dist/infisicalRuntime.js.map +0 -1
- package/dist/jobsClient.d.ts +0 -98
- package/dist/jobsClient.js +0 -744
- package/dist/jobsClient.js.map +0 -1
- package/dist/mcpClient.d.ts +0 -28
- package/dist/mcpClient.js +0 -687
- package/dist/mcpClient.js.map +0 -1
- package/dist/modelRuntimeClient.d.ts +0 -72
- package/dist/modelRuntimeClient.js +0 -722
- package/dist/modelRuntimeClient.js.map +0 -1
- package/dist/ontologyLinksClient.d.ts +0 -71
- package/dist/ontologyLinksClient.js +0 -715
- package/dist/ontologyLinksClient.js.map +0 -1
- package/dist/orgGraphSearchClient.d.ts +0 -85
- package/dist/orgGraphSearchClient.js +0 -690
- package/dist/orgGraphSearchClient.js.map +0 -1
- package/dist/secrets.d.ts +0 -1
- package/dist/secrets.js +0 -3
- package/dist/secrets.js.map +0 -1
- package/dist/telemetryClient.d.ts +0 -94
- package/dist/telemetryClient.js +0 -759
- package/dist/telemetryClient.js.map +0 -1
- package/dist/toolRegistryClient.d.ts +0 -115
- package/dist/toolRegistryClient.js +0 -785
- package/dist/toolRegistryClient.js.map +0 -1
package/dist/evidenceClient.d.ts
CHANGED
|
@@ -1,6 +1,4 @@
|
|
|
1
1
|
import { GatewayClientConfig, PlatformGatewaySuccess } from './coreClient.js';
|
|
2
|
-
import './authContext.js';
|
|
3
|
-
import './contracts/auth-session.contract.js';
|
|
4
2
|
import './types.js';
|
|
5
3
|
import './contracts/workflow-runtime.contract.js';
|
|
6
4
|
import './contracts/lens-workflow.contract.js';
|
package/dist/evidenceClient.js
CHANGED
|
@@ -1,170 +1,3 @@
|
|
|
1
|
-
// src/authContext.ts
|
|
2
|
-
var LucernSdkAuthContextError = class extends Error {
|
|
3
|
-
reason;
|
|
4
|
-
constructor(reason, message) {
|
|
5
|
-
super(message);
|
|
6
|
-
this.name = "LucernSdkAuthContextError";
|
|
7
|
-
this.reason = reason;
|
|
8
|
-
}
|
|
9
|
-
};
|
|
10
|
-
function cleanString(value) {
|
|
11
|
-
const normalized = value?.trim();
|
|
12
|
-
return normalized ? normalized : void 0;
|
|
13
|
-
}
|
|
14
|
-
function cleanStringList(values) {
|
|
15
|
-
if (!values) {
|
|
16
|
-
return [];
|
|
17
|
-
}
|
|
18
|
-
return values.map((value) => value.trim()).filter(
|
|
19
|
-
(value, index, list) => value.length > 0 && list.indexOf(value) === index
|
|
20
|
-
);
|
|
21
|
-
}
|
|
22
|
-
function requireString(value, reason, label) {
|
|
23
|
-
const normalized = cleanString(value);
|
|
24
|
-
if (!normalized) {
|
|
25
|
-
throw new LucernSdkAuthContextError(
|
|
26
|
-
reason,
|
|
27
|
-
`Canonical Lucern SDK auth context is missing ${label}.`
|
|
28
|
-
);
|
|
29
|
-
}
|
|
30
|
-
return normalized;
|
|
31
|
-
}
|
|
32
|
-
function requirePrincipalType(principalType) {
|
|
33
|
-
if (!principalType) {
|
|
34
|
-
throw new LucernSdkAuthContextError(
|
|
35
|
-
"principal_missing",
|
|
36
|
-
"Canonical Lucern SDK auth context is missing principalType."
|
|
37
|
-
);
|
|
38
|
-
}
|
|
39
|
-
return principalType;
|
|
40
|
-
}
|
|
41
|
-
function requireAuthMode(authMode) {
|
|
42
|
-
if (!authMode) {
|
|
43
|
-
throw new LucernSdkAuthContextError(
|
|
44
|
-
"principal_missing",
|
|
45
|
-
"Canonical Lucern SDK auth context is missing authMode."
|
|
46
|
-
);
|
|
47
|
-
}
|
|
48
|
-
return authMode;
|
|
49
|
-
}
|
|
50
|
-
function ensurePermitMatch(args) {
|
|
51
|
-
const actual = cleanString(args.actual);
|
|
52
|
-
if (actual && actual !== args.expected) {
|
|
53
|
-
throw new LucernSdkAuthContextError(
|
|
54
|
-
"policy_denied",
|
|
55
|
-
`Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`
|
|
56
|
-
);
|
|
57
|
-
}
|
|
58
|
-
}
|
|
59
|
-
function normalizeCanonicalLucernAuthContext(input) {
|
|
60
|
-
if (!input) {
|
|
61
|
-
throw new LucernSdkAuthContextError(
|
|
62
|
-
"principal_missing",
|
|
63
|
-
"Canonical Lucern SDK auth context is required."
|
|
64
|
-
);
|
|
65
|
-
}
|
|
66
|
-
if (input.policyDecision === "deny") {
|
|
67
|
-
throw new LucernSdkAuthContextError(
|
|
68
|
-
"policy_denied",
|
|
69
|
-
"Canonical Lucern SDK auth context carries a denied policy decision."
|
|
70
|
-
);
|
|
71
|
-
}
|
|
72
|
-
const principalId = requireString(
|
|
73
|
-
input.principalId,
|
|
74
|
-
"principal_missing",
|
|
75
|
-
"principalId"
|
|
76
|
-
);
|
|
77
|
-
const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
|
|
78
|
-
const workspaceId = requireString(
|
|
79
|
-
input.workspaceId,
|
|
80
|
-
"workspace_missing",
|
|
81
|
-
"workspaceId"
|
|
82
|
-
);
|
|
83
|
-
const roles = cleanStringList(input.roles);
|
|
84
|
-
const scopes = cleanStringList(input.scopes);
|
|
85
|
-
const principalType = requirePrincipalType(input.principalType);
|
|
86
|
-
const authMode = requireAuthMode(input.authMode);
|
|
87
|
-
const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
|
|
88
|
-
if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
|
|
89
|
-
throw new LucernSdkAuthContextError(
|
|
90
|
-
"membership_missing",
|
|
91
|
-
"Canonical Lucern SDK auth context requires non-empty roles and scopes."
|
|
92
|
-
);
|
|
93
|
-
}
|
|
94
|
-
const subject = cleanString(input.permit?.subject) ?? principalId;
|
|
95
|
-
const tenant = cleanString(input.permit?.tenant) ?? tenantId;
|
|
96
|
-
const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
|
|
97
|
-
ensurePermitMatch({
|
|
98
|
-
field: "subject",
|
|
99
|
-
expected: principalId,
|
|
100
|
-
actual: subject
|
|
101
|
-
});
|
|
102
|
-
ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
|
|
103
|
-
ensurePermitMatch({
|
|
104
|
-
field: "workspace",
|
|
105
|
-
expected: workspaceId,
|
|
106
|
-
actual: workspace
|
|
107
|
-
});
|
|
108
|
-
const context = input.permit?.context ? { ...input.permit.context } : void 0;
|
|
109
|
-
return {
|
|
110
|
-
clerkId: cleanString(input.clerkId),
|
|
111
|
-
principalId,
|
|
112
|
-
tenantId,
|
|
113
|
-
workspaceId,
|
|
114
|
-
principalType,
|
|
115
|
-
authMode,
|
|
116
|
-
roles,
|
|
117
|
-
scopes,
|
|
118
|
-
delegationChain: input.delegationChain ? [...input.delegationChain] : [],
|
|
119
|
-
policyTraceId: cleanString(input.policyTraceId),
|
|
120
|
-
correlationId: cleanString(input.correlationId),
|
|
121
|
-
membershipId: cleanString(input.membershipId),
|
|
122
|
-
permit: {
|
|
123
|
-
subject,
|
|
124
|
-
tenant,
|
|
125
|
-
workspace,
|
|
126
|
-
resource: cleanString(input.permit?.resource),
|
|
127
|
-
action: cleanString(input.permit?.action),
|
|
128
|
-
relation: cleanString(input.permit?.relation),
|
|
129
|
-
context
|
|
130
|
-
}
|
|
131
|
-
};
|
|
132
|
-
}
|
|
133
|
-
function createCanonicalAuthHeaders(authContext) {
|
|
134
|
-
const headers = {
|
|
135
|
-
"x-lucern-principal-id": authContext.principalId,
|
|
136
|
-
"x-lucern-principal-type": authContext.principalType,
|
|
137
|
-
"x-lucern-tenant": authContext.tenantId,
|
|
138
|
-
"x-lucern-tenant-id": authContext.tenantId,
|
|
139
|
-
"x-lucern-workspace": authContext.workspaceId,
|
|
140
|
-
"x-lucern-workspace-id": authContext.workspaceId,
|
|
141
|
-
"x-lucern-auth-mode": authContext.authMode,
|
|
142
|
-
"x-lucern-roles": authContext.roles.join(","),
|
|
143
|
-
"x-lucern-scopes": authContext.scopes.join(","),
|
|
144
|
-
"x-lucern-permit-context": JSON.stringify(authContext.permit)
|
|
145
|
-
};
|
|
146
|
-
if (authContext.clerkId) {
|
|
147
|
-
headers["x-lucern-clerk-id"] = authContext.clerkId;
|
|
148
|
-
headers["x-lucern-user-id"] = authContext.clerkId;
|
|
149
|
-
}
|
|
150
|
-
if (authContext.delegationChain.length > 0) {
|
|
151
|
-
headers["x-lucern-delegation-chain"] = JSON.stringify(
|
|
152
|
-
authContext.delegationChain
|
|
153
|
-
);
|
|
154
|
-
}
|
|
155
|
-
if (authContext.policyTraceId) {
|
|
156
|
-
headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
|
|
157
|
-
}
|
|
158
|
-
if (authContext.correlationId) {
|
|
159
|
-
headers["x-correlation-id"] = authContext.correlationId;
|
|
160
|
-
headers["x-lucern-correlation-id"] = authContext.correlationId;
|
|
161
|
-
}
|
|
162
|
-
if (authContext.membershipId) {
|
|
163
|
-
headers["x-lucern-membership-id"] = authContext.membershipId;
|
|
164
|
-
}
|
|
165
|
-
return headers;
|
|
166
|
-
}
|
|
167
|
-
|
|
168
1
|
// src/coreClient.ts
|
|
169
2
|
var LucernApiError = class extends Error {
|
|
170
3
|
code;
|
|
@@ -212,7 +45,9 @@ function generatePortableRequestId() {
|
|
|
212
45
|
8
|
|
213
46
|
).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
|
|
214
47
|
}
|
|
215
|
-
|
|
48
|
+
function randomIdempotencyKey() {
|
|
49
|
+
return generatePortableRequestId();
|
|
50
|
+
}
|
|
216
51
|
function isRetryableStatus(status) {
|
|
217
52
|
return status >= 500 || status === 408 || status === 429;
|
|
218
53
|
}
|
|
@@ -277,11 +112,8 @@ function timeoutError(timeoutMs) {
|
|
|
277
112
|
error.name = "AbortError";
|
|
278
113
|
return error;
|
|
279
114
|
}
|
|
280
|
-
function isRecord(value) {
|
|
281
|
-
return value !== null && typeof value === "object" && !Array.isArray(value);
|
|
282
|
-
}
|
|
283
115
|
function readPolicySummaryFromDetails(details) {
|
|
284
|
-
if (!
|
|
116
|
+
if (!details || typeof details !== "object" || Array.isArray(details)) {
|
|
285
117
|
return null;
|
|
286
118
|
}
|
|
287
119
|
const directSummary = details.summary;
|
|
@@ -289,11 +121,11 @@ function readPolicySummaryFromDetails(details) {
|
|
|
289
121
|
return directSummary.trim();
|
|
290
122
|
}
|
|
291
123
|
const policy = details.policy;
|
|
292
|
-
if (!
|
|
124
|
+
if (!policy || typeof policy !== "object" || Array.isArray(policy)) {
|
|
293
125
|
return null;
|
|
294
126
|
}
|
|
295
127
|
const explanation = policy.explanation;
|
|
296
|
-
if (!
|
|
128
|
+
if (!explanation || typeof explanation !== "object" || Array.isArray(explanation)) {
|
|
297
129
|
return null;
|
|
298
130
|
}
|
|
299
131
|
const nestedSummary = explanation.summary;
|
|
@@ -302,59 +134,16 @@ function readPolicySummaryFromDetails(details) {
|
|
|
302
134
|
}
|
|
303
135
|
return null;
|
|
304
136
|
}
|
|
305
|
-
async function resolveConfiguredAuthContext(authContext) {
|
|
306
|
-
if (typeof authContext === "function") {
|
|
307
|
-
return await authContext();
|
|
308
|
-
}
|
|
309
|
-
return authContext;
|
|
310
|
-
}
|
|
311
|
-
function mergeHeaderRecord(base, addition) {
|
|
312
|
-
const headers = new Headers(base);
|
|
313
|
-
for (const [key, value] of Object.entries(addition)) {
|
|
314
|
-
const existing = headers.get(key);
|
|
315
|
-
if (existing !== null && existing !== value) {
|
|
316
|
-
throw new LucernSdkAuthContextError(
|
|
317
|
-
"policy_denied",
|
|
318
|
-
`Canonical Lucern SDK auth context conflicts with existing ${key} header.`
|
|
319
|
-
);
|
|
320
|
-
}
|
|
321
|
-
headers.set(key, value);
|
|
322
|
-
}
|
|
323
|
-
return Object.fromEntries(headers.entries());
|
|
324
|
-
}
|
|
325
|
-
function cleanHeaderValue(value) {
|
|
326
|
-
const normalized = value?.trim();
|
|
327
|
-
return normalized ? normalized : void 0;
|
|
328
|
-
}
|
|
329
137
|
function createGatewayRequestClient(config = {}) {
|
|
330
138
|
const fetchImpl = config.fetchImpl ?? fetch;
|
|
331
139
|
const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
|
|
332
140
|
const maxRetries = config.maxRetries ?? 2;
|
|
333
141
|
const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
|
|
334
142
|
async function resolveAuthHeaders() {
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
const setIfAbsent = (name, value) => {
|
|
338
|
-
const normalized = cleanHeaderValue(value);
|
|
339
|
-
if (normalized && !headers.has(name)) {
|
|
340
|
-
headers.set(name, normalized);
|
|
341
|
-
}
|
|
342
|
-
};
|
|
343
|
-
setIfAbsent("x-lucern-key", config.apiKey);
|
|
344
|
-
setIfAbsent("x-lucern-session-token", config.userToken);
|
|
345
|
-
setIfAbsent("x-lucern-environment", config.environment);
|
|
346
|
-
setIfAbsent("x-lucern-clerk-id", config.clerkId);
|
|
347
|
-
setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
|
|
348
|
-
setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
|
|
349
|
-
const base = Object.fromEntries(headers.entries());
|
|
350
|
-
const authContextInput = await resolveConfiguredAuthContext(
|
|
351
|
-
config.authContext
|
|
352
|
-
);
|
|
353
|
-
if (!authContextInput && !config.requireCanonicalAuthContext) {
|
|
354
|
-
return base;
|
|
143
|
+
if (!config.getAuthHeaders) {
|
|
144
|
+
return {};
|
|
355
145
|
}
|
|
356
|
-
|
|
357
|
-
return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));
|
|
146
|
+
return await config.getAuthHeaders();
|
|
358
147
|
}
|
|
359
148
|
async function fetchWithTimeout(url, init, timeoutMs) {
|
|
360
149
|
const controller = new AbortController();
|
|
@@ -375,11 +164,11 @@ function createGatewayRequestClient(config = {}) {
|
|
|
375
164
|
if (!text) {
|
|
376
165
|
return null;
|
|
377
166
|
}
|
|
378
|
-
|
|
379
|
-
|
|
167
|
+
try {
|
|
168
|
+
return JSON.parse(text);
|
|
169
|
+
} catch {
|
|
380
170
|
return null;
|
|
381
171
|
}
|
|
382
|
-
return isRecord(parsed.value) ? parsed.value : null;
|
|
383
172
|
}
|
|
384
173
|
function resolveTimeoutMs(method, requestTimeoutMs) {
|
|
385
174
|
if (typeof requestTimeoutMs === "number") {
|
|
@@ -391,31 +180,16 @@ function createGatewayRequestClient(config = {}) {
|
|
|
391
180
|
}
|
|
392
181
|
return config.timeoutMs ?? 15e3;
|
|
393
182
|
}
|
|
394
|
-
function tryParseGatewayEnvelopeJson(text) {
|
|
395
|
-
const trimmed = text.trim();
|
|
396
|
-
if (!trimmed.startsWith("{") && !trimmed.startsWith("[")) {
|
|
397
|
-
return { ok: false, reason: "non-json" };
|
|
398
|
-
}
|
|
399
|
-
try {
|
|
400
|
-
return { ok: true, value: JSON.parse(trimmed) };
|
|
401
|
-
} catch (error) {
|
|
402
|
-
if (error instanceof SyntaxError) {
|
|
403
|
-
return { ok: false, reason: "invalid-json", error };
|
|
404
|
-
}
|
|
405
|
-
throw error;
|
|
406
|
-
}
|
|
407
|
-
}
|
|
408
183
|
function buildApiError(args) {
|
|
409
184
|
const failure = args.failure;
|
|
410
|
-
const legacyError = failure &&
|
|
185
|
+
const legacyError = failure && typeof failure.error === "object" && failure.error !== null ? failure.error : failure?.legacyError;
|
|
411
186
|
const correlationId = failure?.correlationId ?? args.response.headers.get("x-lucern-correlation-id")?.trim() ?? args.requestId;
|
|
412
187
|
const policyTraceId = failure?.policyTraceId ?? args.response.headers.get("x-lucern-policy-trace-id")?.trim() ?? null;
|
|
413
188
|
const details = failure?.details ?? legacyError?.details;
|
|
414
189
|
const policySummary = readPolicySummaryFromDetails(details);
|
|
415
|
-
const failureMessage = typeof failure?.error === "string" ? failure.error : legacyError?.message;
|
|
416
190
|
return new LucernApiError({
|
|
417
191
|
code: failure?.code ?? legacyError?.code ?? fallbackErrorCode(args.response.status),
|
|
418
|
-
message: policySummary ??
|
|
192
|
+
message: policySummary ?? (typeof failure?.error === "string" ? failure.error : legacyError?.message ?? (args.response.ok ? "Platform API returned an invalid success payload." : "Platform API request failed.")),
|
|
419
193
|
status: args.response.status,
|
|
420
194
|
invariant: failure?.invariant,
|
|
421
195
|
suggestion: failure?.suggestion,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/authContext.ts","../src/coreClient.ts","../src/evidenceClient.ts"],"names":[],"mappings":";AA+DO,IAAM,yBAAA,GAAN,cAAwC,KAAA,CAAM;AAAA,EAC1C,MAAA;AAAA,EAET,WAAA,CAAY,QAAoC,OAAA,EAAiB;AAC/D,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,2BAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AACF,CAAA;AAEA,SAAS,YAAY,KAAA,EAAsD;AACzE,EAAA,MAAM,UAAA,GAAa,OAAO,IAAA,EAAK;AAC/B,EAAA,OAAO,aAAa,UAAA,GAAa,MAAA;AACnC;AAEA,SAAS,gBAAgB,MAAA,EAAiD;AACxE,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO,EAAC;AAAA,EACV;AACA,EAAA,OAAO,OACJ,GAAA,CAAI,CAAC,UAAU,KAAA,CAAM,IAAA,EAAM,CAAA,CAC3B,MAAA;AAAA,IACC,CAAC,KAAA,EAAO,KAAA,EAAO,IAAA,KACb,KAAA,CAAM,SAAS,CAAA,IAAK,IAAA,CAAK,OAAA,CAAQ,KAAK,CAAA,KAAM;AAAA,GAChD;AACJ;AAEA,SAAS,aAAA,CACP,KAAA,EACA,MAAA,EACA,KAAA,EACQ;AACR,EAAA,MAAM,UAAA,GAAa,YAAY,KAAK,CAAA;AACpC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,MAAA;AAAA,MACA,gDAAgD,KAAK,CAAA,CAAA;AAAA,KACvD;AAAA,EACF;AACA,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,qBACP,aAAA,EACsB;AACtB,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,mBAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACA,EAAA,OAAO,aAAA;AACT;AAEA,SAAS,gBAAgB,QAAA,EAAwD;AAC/E,EAAA,IAAI,CAAC,QAAA,EAAU;AACb,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,mBAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACA,EAAA,OAAO,QAAA;AACT;AAEA,SAAS,kBAAkB,IAAA,EAIxB;AACD,EAAA,MAAM,MAAA,GAAS,WAAA,CAAY,IAAA,CAAK,MAAM,CAAA;AACtC,EAAA,IAAI,MAAA,IAAU,MAAA,KAAW,IAAA,CAAK,QAAA,EAAU;AACtC,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,eAAA;AAAA,MACA,CAAA,yDAAA,EAA4D,KAAK,KAAK,CAAA,CAAA;AAAA,KACxE;AAAA,EACF;AACF;AAEO,SAAS,oCACd,KAAA,EAC+B;AAC/B,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,mBAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,KAAA,CAAM,mBAAmB,MAAA,EAAQ;AACnC,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,eAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,WAAA,GAAc,aAAA;AAAA,IAClB,KAAA,CAAM,WAAA;AAAA,IACN,mBAAA;AAAA,IACA;AAAA,GACF;AACA,EAAA,MAAM,QAAA,GAAW,aAAA,CAAc,KAAA,CAAM,QAAA,EAAU,kBAAkB,UAAU,CAAA;AAC3E,EAAA,MAAM,WAAA,GAAc,aAAA;AAAA,IAClB,KAAA,CAAM,WAAA;AAAA,IACN,mBAAA;AAAA,IACA;AAAA,GACF;AACA,EAAA,MAAM,KAAA,GAAQ,eAAA,CAAgB,KAAA,CAAM,KAAK,CAAA;AACzC,EAAA,MAAM,MAAA,GAAS,eAAA,CAAgB,KAAA,CAAM,MAAM,CAAA;AAC3C,EAAA,MAAM,aAAA,GAAgB,oBAAA,CAAqB,KAAA,CAAM,aAAa,CAAA;AAC9D,EAAA,MAAM,QAAA,GAAW,eAAA,CAAgB,KAAA,CAAM,QAAQ,CAAA;AAC/C,EAAA,MAAM,wBAAA,GACJ,QAAA,KAAa,kBAAA,IAAsB,KAAA,CAAM,MAAA,GAAS,CAAA;AACpD,EAAA,IACE,MAAM,MAAA,KAAW,CAAA,IAChB,OAAO,MAAA,KAAW,CAAA,IAAK,CAAC,wBAAA,EACzB;AACA,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,oBAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,OAAO,CAAA,IAAK,WAAA;AACtD,EAAA,MAAM,MAAA,GAAS,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,MAAM,CAAA,IAAK,QAAA;AACpD,EAAA,MAAM,SAAA,GAAY,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,SAAS,CAAA,IAAK,WAAA;AAE1D,EAAA,iBAAA,CAAkB;AAAA,IAChB,KAAA,EAAO,SAAA;AAAA,IACP,QAAA,EAAU,WAAA;AAAA,IACV,MAAA,EAAQ;AAAA,GACT,CAAA;AACD,EAAA,iBAAA,CAAkB,EAAE,KAAA,EAAO,QAAA,EAAU,UAAU,QAAA,EAAU,MAAA,EAAQ,QAAQ,CAAA;AACzE,EAAA,iBAAA,CAAkB;AAAA,IAChB,KAAA,EAAO,WAAA;AAAA,IACP,QAAA,EAAU,WAAA;AAAA,IACV,MAAA,EAAQ;AAAA,GACT,CAAA;AAED,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,EAAQ,OAAA,GACzB,EAAE,GAAG,KAAA,CAAM,MAAA,CAAO,OAAA,EAAQ,GAC3B,MAAA;AAEJ,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,WAAA,CAAY,KAAA,CAAM,OAAO,CAAA;AAAA,IAClC,WAAA;AAAA,IACA,QAAA;AAAA,IACA,WAAA;AAAA,IACA,aAAA;AAAA,IACA,QAAA;AAAA,IACA,KAAA;AAAA,IACA,MAAA;AAAA,IACA,eAAA,EAAiB,MAAM,eAAA,GAAkB,CAAC,GAAG,KAAA,CAAM,eAAe,IAAI,EAAC;AAAA,IACvE,aAAA,EAAe,WAAA,CAAY,KAAA,CAAM,aAAa,CAAA;AAAA,IAC9C,aAAA,EAAe,WAAA,CAAY,KAAA,CAAM,aAAa,CAAA;AAAA,IAC9C,YAAA,EAAc,WAAA,CAAY,KAAA,CAAM,YAAY,CAAA;AAAA,IAC5C,MAAA,EAAQ;AAAA,MACN,OAAA;AAAA,MACA,MAAA;AAAA,MACA,SAAA;AAAA,MACA,QAAA,EAAU,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,QAAQ,CAAA;AAAA,MAC5C,MAAA,EAAQ,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,MAAM,CAAA;AAAA,MACxC,QAAA,EAAU,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,QAAQ,CAAA;AAAA,MAC5C;AAAA;AACF,GACF;AACF;AAEO,SAAS,2BACd,WAAA,EACwB;AACxB,EAAA,MAAM,OAAA,GAAkC;AAAA,IACtC,yBAAyB,WAAA,CAAY,WAAA;AAAA,IACrC,2BAA2B,WAAA,CAAY,aAAA;AAAA,IACvC,mBAAmB,WAAA,CAAY,QAAA;AAAA,IAC/B,sBAAsB,WAAA,CAAY,QAAA;AAAA,IAClC,sBAAsB,WAAA,CAAY,WAAA;AAAA,IAClC,yBAAyB,WAAA,CAAY,WAAA;AAAA,IACrC,sBAAsB,WAAA,CAAY,QAAA;AAAA,IAClC,gBAAA,EAAkB,WAAA,CAAY,KAAA,CAAM,IAAA,CAAK,GAAG,CAAA;AAAA,IAC5C,iBAAA,EAAmB,WAAA,CAAY,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAAA,IAC9C,yBAAA,EAA2B,IAAA,CAAK,SAAA,CAAU,WAAA,CAAY,MAAM;AAAA,GAC9D;AAEA,EAAA,IAAI,YAAY,OAAA,EAAS;AACvB,IAAA,OAAA,CAAQ,mBAAmB,IAAI,WAAA,CAAY,OAAA;AAC3C,IAAA,OAAA,CAAQ,kBAAkB,IAAI,WAAA,CAAY,OAAA;AAAA,EAC5C;AACA,EAAA,IAAI,WAAA,CAAY,eAAA,CAAgB,MAAA,GAAS,CAAA,EAAG;AAC1C,IAAA,OAAA,CAAQ,2BAA2B,IAAI,IAAA,CAAK,SAAA;AAAA,MAC1C,WAAA,CAAY;AAAA,KACd;AAAA,EACF;AACA,EAAA,IAAI,YAAY,aAAA,EAAe;AAC7B,IAAA,OAAA,CAAQ,0BAA0B,IAAI,WAAA,CAAY,aAAA;AAAA,EACpD;AACA,EAAA,IAAI,YAAY,aAAA,EAAe;AAC7B,IAAA,OAAA,CAAQ,kBAAkB,IAAI,WAAA,CAAY,aAAA;AAC1C,IAAA,OAAA,CAAQ,yBAAyB,IAAI,WAAA,CAAY,aAAA;AAAA,EACnD;AACA,EAAA,IAAI,YAAY,YAAA,EAAc;AAC5B,IAAA,OAAA,CAAQ,wBAAwB,IAAI,WAAA,CAAY,YAAA;AAAA,EAClD;AAEA,EAAA,OAAO,OAAA;AACT;;;AC9MO,IAAM,cAAA,GAAN,cAA6B,KAAA,CAAM;AAAA,EACxB,IAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,OAAA;AAAA,EACA,SAAA;AAAA,EACA,aAAA;AAAA,EACA,aAAA;AAAA,EAEhB,YAAY,IAAA,EAUT;AACD,IAAA,KAAA,CAAM,KAAK,OAAO,CAAA;AAClB,IAAA,IAAA,CAAK,IAAA,GAAO,gBAAA;AACZ,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,IAAA;AACjB,IAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACnB,IAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACtB,IAAA,IAAA,CAAK,aAAa,IAAA,CAAK,UAAA;AACvB,IAAA,IAAA,CAAK,UAAU,IAAA,CAAK,OAAA;AACpB,IAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACtB,IAAA,IAAA,CAAK,gBAAgB,IAAA,CAAK,aAAA;AAC1B,IAAA,IAAA,CAAK,gBAAgB,IAAA,CAAK,aAAA;AAAA,EAC5B;AACF,CAAA;AA2HA,SAAS,gBAAgB,MAAA,EAA4B;AACnD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,OAAO,UAAA,CAAW,MAAA,EAAQ,eAAA,KAAoB,UAAA,EAAY;AAC5D,IAAA,UAAA,CAAW,MAAA,CAAO,gBAAgB,KAAK,CAAA;AACvC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,KAAA,IAAS,KAAA,GAAQ,CAAA,EAAG,KAAA,GAAQ,MAAA,EAAQ,SAAS,CAAA,EAAG;AAC9C,IAAA,KAAA,CAAM,KAAK,CAAA,GAAI,IAAA,CAAK,MAAM,IAAA,CAAK,MAAA,KAAW,GAAG,CAAA;AAAA,EAC/C;AACA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,yBAAA,GAAoC;AAC3C,EAAA,IAAI,OAAO,UAAA,CAAW,MAAA,EAAQ,UAAA,KAAe,UAAA,EAAY;AACvD,IAAA,OAAO,UAAA,CAAW,OAAO,UAAA,EAAW;AAAA,EACtC;AAEA,EAAA,MAAM,KAAA,GAAQ,gBAAgB,EAAE,CAAA;AAChC,EAAA,KAAA,CAAM,CAAC,CAAA,GAAK,KAAA,CAAM,CAAC,IAAI,EAAA,GAAQ,EAAA;AAC/B,EAAA,KAAA,CAAM,CAAC,CAAA,GAAK,KAAA,CAAM,CAAC,IAAI,EAAA,GAAQ,GAAA;AAC/B,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAC,KAAA,KAAU,KAAA,CAAM,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA;AAC5E,EAAA,OAAO,GAAG,GAAA,CAAI,KAAA,CAAM,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAC,IAAI,GAAA,CAAI,KAAA,CAAM,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAC,IAAI,GAAA,CAAI,KAAA;AAAA,IACpE,CAAA;AAAA,IACA;AAAA,GACF,CAAE,KAAK,EAAE,CAAC,IAAI,GAAA,CAAI,KAAA,CAAM,GAAG,EAAE,CAAA,CAAE,KAAK,EAAE,CAAC,IAAI,GAAA,CAAI,KAAA,CAAM,EAAE,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC,CAAA,CAAA;AACnE;AAKO,IAAM,oBAAA,GAAuB,yBAAA;AAEpC,SAAS,kBAAkB,MAAA,EAAyB;AAClD,EAAA,OAAO,MAAA,IAAU,GAAA,IAAO,MAAA,KAAW,GAAA,IAAO,MAAA,KAAW,GAAA;AACvD;AAEA,SAAS,kBAAkB,MAAA,EAAwB;AACjD,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,yBAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,WAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,WAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,gBAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,UAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,qBAAA;AAAA,EACT;AACA,EAAA,IAAI,UAAU,GAAA,EAAK;AACjB,IAAA,OAAO,gBAAA;AAAA,EACT;AACA,EAAA,OAAO,gBAAA;AACT;AAEA,SAAS,MAAM,EAAA,EAA2B;AACxC,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,EAAE,CAAC,CAAA;AACzD;AAEA,SAAS,kBAAkB,KAAA,EAAqC;AAC9D,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,OAAA,GAAU,OAAO,OAAO,CAAA;AAC9B,EAAA,IAAI,MAAA,CAAO,QAAA,CAAS,OAAO,CAAA,EAAG;AAC5B,IAAA,OAAO,KAAK,GAAA,CAAI,CAAA,EAAG,KAAK,KAAA,CAAM,OAAA,GAAU,GAAI,CAAC,CAAA;AAAA,EAC/C;AACA,EAAA,MAAM,UAAA,GAAa,IAAA,CAAK,KAAA,CAAM,OAAO,CAAA;AACrC,EAAA,IAAI,MAAA,CAAO,QAAA,CAAS,UAAU,CAAA,EAAG;AAC/B,IAAA,OAAO,KAAK,GAAA,CAAI,CAAA,EAAG,UAAA,GAAa,IAAA,CAAK,KAAK,CAAA;AAAA,EAC5C;AACA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,oBAAoB,IAAA,EAIlB;AACT,EAAA,MAAM,SAAA,GACJ,IAAA,CAAK,MAAA,KAAW,GAAA,GACZ,IAAA,CAAK,GAAA;AAAA,IACH,KAAK,YAAA,IAAgB,CAAA;AAAA,IACrB,KAAK,GAAA,CAAI,GAAA,GAAO,CAAA,IAAK,IAAA,CAAK,SAAS,GAAM;AAAA,MAE3C,IAAA,CAAK,GAAA,CAAI,MAAO,CAAA,IAAK,IAAA,CAAK,SAAS,GAAI,CAAA;AAE7C,EAAA,IAAI,IAAA,CAAK,WAAW,GAAA,EAAK;AACvB,IAAA,OAAO,SAAA;AAAA,EACT;AAEA,EAAA,MAAM,YAAA,GAAe,KAAK,GAAA,CAAI,GAAA,EAAK,KAAK,KAAA,CAAM,SAAA,GAAY,IAAI,CAAC,CAAA;AAC/D,EAAA,OAAO,YAAY,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,MAAA,KAAW,YAAY,CAAA;AAC5D;AAEA,SAAS,aAAa,SAAA,EAA0B;AAC9C,EAAA,MAAM,KAAA,GAAQ,IAAI,KAAA,CAAM,CAAA,wBAAA,EAA2B,SAAS,CAAA,EAAA,CAAI,CAAA;AAChE,EAAA,KAAA,CAAM,IAAA,GAAO,YAAA;AACb,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,SAAS,KAAA,EAAkD;AAClE,EAAA,OAAO,KAAA,KAAU,QAAQ,OAAO,KAAA,KAAU,YAAY,CAAC,KAAA,CAAM,QAAQ,KAAK,CAAA;AAC5E;AAEA,SAAS,6BAA6B,OAAA,EAAoC;AACxE,EAAA,IAAI,CAAC,QAAA,CAAS,OAAO,CAAA,EAAG;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,gBAAgB,OAAA,CAAQ,OAAA;AAC9B,EAAA,IAAI,OAAO,aAAA,KAAkB,QAAA,IAAY,cAAc,IAAA,EAAK,CAAE,SAAS,CAAA,EAAG;AACxE,IAAA,OAAO,cAAc,IAAA,EAAK;AAAA,EAC5B;AAEA,EAAA,MAAM,SAAS,OAAA,CAAQ,MAAA;AACvB,EAAA,IAAI,CAAC,QAAA,CAAS,MAAM,CAAA,EAAG;AACrB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,cAAc,MAAA,CAAO,WAAA;AAC3B,EAAA,IAAI,CAAC,QAAA,CAAS,WAAW,CAAA,EAAG;AAC1B,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,gBAAgB,WAAA,CAAY,OAAA;AAClC,EAAA,IAAI,OAAO,aAAA,KAAkB,QAAA,IAAY,cAAc,IAAA,EAAK,CAAE,SAAS,CAAA,EAAG;AACxE,IAAA,OAAO,cAAc,IAAA,EAAK;AAAA,EAC5B;AAEA,EAAA,OAAO,IAAA;AACT;AAEA,eAAe,6BACb,WAAA,EACgD;AAChD,EAAA,IAAI,OAAO,gBAAgB,UAAA,EAAY;AACrC,IAAA,OAAO,MAAM,WAAA,EAAY;AAAA,EAC3B;AACA,EAAA,OAAO,WAAA;AACT;AAEA,SAAS,iBAAA,CACP,MACA,QAAA,EACwB;AACxB,EAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,IAAI,CAAA;AAChC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,QAAQ,CAAA,EAAG;AACnD,IAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAChC,IAAA,IAAI,QAAA,KAAa,IAAA,IAAQ,QAAA,KAAa,KAAA,EAAO;AAC3C,MAAA,MAAM,IAAI,yBAAA;AAAA,QACR,eAAA;AAAA,QACA,6DAA6D,GAAG,CAAA,QAAA;AAAA,OAClE;AAAA,IACF;AACA,IAAA,OAAA,CAAQ,GAAA,CAAI,KAAK,KAAK,CAAA;AAAA,EACxB;AACA,EAAA,OAAO,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,EAAS,CAAA;AAC7C;AAEA,SAAS,iBAAiB,KAAA,EAAsD;AAC9E,EAAA,MAAM,UAAA,GAAa,OAAO,IAAA,EAAK;AAC/B,EAAA,OAAO,aAAa,UAAA,GAAa,MAAA;AACnC;AAKO,SAAS,0BAAA,CAA2B,MAAA,GAA8B,EAAC,EAAG;AAC3E,EAAA,MAAM,SAAA,GAAY,OAAO,SAAA,IAAa,KAAA;AACtC,EAAA,MAAM,UAAU,MAAA,CAAO,OAAA,EAAS,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAA,IAAK,EAAA;AACvD,EAAA,MAAM,UAAA,GAAa,OAAO,UAAA,IAAc,CAAA;AACxC,EAAA,MAAM,gBAAA,GAAmB,MAAA,CAAO,gBAAA,KAAqB,MAAM,yBAAA,EAA0B,CAAA;AAErF,EAAA,eAAe,kBAAA,GAAsD;AACnE,IAAA,MAAM,WAAW,MAAA,CAAO,cAAA,GAAiB,MAAM,MAAA,CAAO,cAAA,KAAmB,EAAC;AAC1E,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,QAAQ,CAAA;AACpC,IAAA,MAAM,WAAA,GAAc,CAAC,IAAA,EAAc,KAAA,KAA8B;AAC/D,MAAA,MAAM,UAAA,GAAa,iBAAiB,KAAK,CAAA;AACzC,MAAA,IAAI,UAAA,IAAc,CAAC,OAAA,CAAQ,GAAA,CAAI,IAAI,CAAA,EAAG;AACpC,QAAA,OAAA,CAAQ,GAAA,CAAI,MAAM,UAAU,CAAA;AAAA,MAC9B;AAAA,IACF,CAAA;AAEA,IAAA,WAAA,CAAY,cAAA,EAAgB,OAAO,MAAM,CAAA;AACzC,IAAA,WAAA,CAAY,wBAAA,EAA0B,OAAO,SAAS,CAAA;AACtD,IAAA,WAAA,CAAY,sBAAA,EAAwB,OAAO,WAAW,CAAA;AACtD,IAAA,WAAA,CAAY,mBAAA,EAAqB,OAAO,OAAO,CAAA;AAC/C,IAAA,WAAA,CAAY,kBAAA,EAAoB,MAAA,CAAO,MAAA,IAAU,MAAA,CAAO,OAAO,CAAA;AAC/D,IAAA,WAAA,CAAY,0BAAA,EAA4B,OAAO,cAAc,CAAA;AAE7D,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,SAAS,CAAA;AACjD,IAAA,MAAM,mBAAmB,MAAM,4BAAA;AAAA,MAC7B,MAAA,CAAO;AAAA,KACT;AACA,IAAA,IAAI,CAAC,gBAAA,IAAoB,CAAC,MAAA,CAAO,2BAAA,EAA6B;AAC5D,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,MAAM,WAAA,GAAc,oCAAoC,gBAAgB,CAAA;AACxE,IAAA,OAAO,iBAAA,CAAkB,IAAA,EAAM,0BAAA,CAA2B,WAAW,CAAC,CAAA;AAAA,EACxE;AAEA,EAAA,eAAe,gBAAA,CACb,GAAA,EACA,IAAA,EACA,SAAA,EACmB;AACnB,IAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,SAAS,CAAA;AAC5D,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,UAAU,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,UAAA,CAAW,MAAA,EAAQ,CAAA;AAAA,IACpE,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,UAAA,CAAW,OAAO,OAAA,EAAS;AAC7B,QAAA,MAAM,aAAa,SAAS,CAAA;AAAA,MAC9B;AACA,MAAA,MAAM,KAAA;AAAA,IACR,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAEA,EAAA,eAAe,aACb,QAAA,EAC4C;AAC5C,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,MAAM,MAAA,GAAS,4BAA4B,IAAI,CAAA;AAC/C,IAAA,IAAI,CAAC,OAAO,EAAA,EAAI;AACd,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,OAAO,QAAA,CAAS,MAAA,CAAO,KAAK,CAAA,GACvB,OAAO,KAAA,GACR,IAAA;AAAA,EACN;AAEA,EAAA,SAAS,gBAAA,CACP,QACA,gBAAA,EACQ;AACR,IAAA,IAAI,OAAO,qBAAqB,QAAA,EAAU;AACxC,MAAA,OAAO,gBAAA;AAAA,IACT;AACA,IAAA,MAAM,eAAA,GAAkB,MAAA,CAAO,iBAAA,GAAoB,MAAM,CAAA;AACzD,IAAA,IAAI,OAAO,oBAAoB,QAAA,EAAU;AACvC,MAAA,OAAO,eAAA;AAAA,IACT;AACA,IAAA,OAAO,OAAO,SAAA,IAAa,IAAA;AAAA,EAC7B;AAEA,EAAA,SAAS,4BAA4B,IAAA,EAAgC;AACnE,IAAA,MAAM,OAAA,GAAU,KAAK,IAAA,EAAK;AAC1B,IAAA,IAAI,CAAC,QAAQ,UAAA,CAAW,GAAG,KAAK,CAAC,OAAA,CAAQ,UAAA,CAAW,GAAG,CAAA,EAAG;AACxD,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,UAAA,EAAW;AAAA,IACzC;AACA,IAAA,IAAI;AACF,MAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,OAAO,IAAA,CAAK,KAAA,CAAM,OAAO,CAAA,EAAE;AAAA,IAChD,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,iBAAiB,WAAA,EAAa;AAChC,QAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,gBAAgB,KAAA,EAAM;AAAA,MACpD;AACA,MAAA,MAAM,KAAA;AAAA,IACR;AAAA,EACF;AAEA,EAAA,SAAS,cAAc,IAAA,EAIJ;AACjB,IAAA,MAAM,UAAU,IAAA,CAAK,OAAA;AACrB,IAAA,MAAM,WAAA,GACJ,WAAW,QAAA,CAAS,OAAA,CAAQ,KAAK,CAAA,GAAI,OAAA,CAAQ,QAAQ,OAAA,EAAS,WAAA;AAChE,IAAA,MAAM,aAAA,GACJ,OAAA,EAAS,aAAA,IACT,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,yBAAyB,CAAA,EAAG,IAAA,EAAK,IAC3D,IAAA,CAAK,SAAA;AACP,IAAA,MAAM,aAAA,GACJ,OAAA,EAAS,aAAA,IACT,IAAA,CAAK,QAAA,CAAS,QAAQ,GAAA,CAAI,0BAA0B,CAAA,EAAG,IAAA,EAAK,IAC5D,IAAA;AACF,IAAA,MAAM,OAAA,GAAU,OAAA,EAAS,OAAA,IAAW,WAAA,EAAa,OAAA;AACjD,IAAA,MAAM,aAAA,GAAgB,6BAA6B,OAAO,CAAA;AAC1D,IAAA,MAAM,iBACJ,OAAO,OAAA,EAAS,UAAU,QAAA,GACtB,OAAA,CAAQ,QACR,WAAA,EAAa,OAAA;AAEnB,IAAA,OAAO,IAAI,cAAA,CAAe;AAAA,MACxB,IAAA,EACE,SAAS,IAAA,IACT,WAAA,EAAa,QACb,iBAAA,CAAkB,IAAA,CAAK,SAAS,MAAM,CAAA;AAAA,MACxC,SACE,aAAA,IACA,cAAA,KACC,IAAA,CAAK,QAAA,CAAS,KACX,mDAAA,GACA,8BAAA,CAAA;AAAA,MACN,MAAA,EAAQ,KAAK,QAAA,CAAS,MAAA;AAAA,MACtB,WAAW,OAAA,EAAS,SAAA;AAAA,MACpB,YAAY,OAAA,EAAS,UAAA;AAAA,MACrB,OAAA;AAAA,MACA,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,aAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA,EACH;AAEA,EAAA,eAAe,QAAW,IAAA,EAOa;AACrC,IAAA,MAAM,WAAA,GAAc,MAAM,kBAAA,EAAmB;AAC7C,IAAA,MAAM,MAAA,GAAS,KAAK,MAAA,IAAU,KAAA;AAC9B,IAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA;AACzD,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,MAC1B,cAAA,EAAgB,kBAAA;AAAA,MAChB,GAAG;AAAA,KACJ,CAAA;AACD,IAAA,IAAI,KAAK,cAAA,EAAgB;AACvB,MAAA,OAAA,CAAQ,GAAA,CAAI,iBAAA,EAAmB,IAAA,CAAK,cAAc,CAAA;AAAA,IACpD;AACA,IAAA,MAAM,SAAA,GACJ,OAAA,CAAQ,GAAA,CAAI,kBAAkB,GAAG,IAAA,EAAK,IACtC,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,EAAG,IAAA,EAAK,IAClC,IAAA,CAAK,aACL,gBAAA,EAAiB;AACnB,IAAA,IAAI,CAAC,QAAQ,GAAA,CAAI,kBAAkB,KAAK,CAAC,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,EAAG;AACpE,MAAA,OAAA,CAAQ,GAAA,CAAI,oBAAoB,SAAS,CAAA;AAAA,IAC3C;AAEA,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,OAAO,CAAA,EAAG,KAAK,IAAI,CAAA,CAAA;AAClC,IAAA,MAAM,iBAAiB,IAAA,CAAK,IAAA,GAAO,KAAK,SAAA,CAAU,IAAA,CAAK,IAAI,CAAA,GAAI,MAAA;AAC/D,IAAA,MAAM,IAAA,GAAoB;AAAA,MACxB,MAAA;AAAA,MACA,OAAA;AAAA,MACA,IAAA,EAAM;AAAA,KACR;AAEA,IAAA,IAAI,SAAA;AAEJ,IAAA,KAAA,IAAS,OAAA,GAAU,CAAA,EAAG,OAAA,IAAW,UAAA,EAAY,OAAA,EAAA,EAAW;AACtD,MAAA,MAAM,kBAAA,GAAgD;AAAA,QACpD,SAAA;AAAA,QACA,OAAA;AAAA,QACA,UAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,GAAA;AAAA,QACA,OAAA,EAAS,IAAI,OAAA,CAAQ,OAAO,CAAA;AAAA,QAC5B,IAAA,EAAM,cAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,MAAM,MAAA,CAAO,YAAY,kBAAkB,CAAA;AAC3C,MAAA,MAAM,SAAA,GAAY,KAAK,GAAA,EAAI;AAC3B,MAAA,IAAI;AACF,QAAA,MAAM,QAAA,GAAW,MAAM,gBAAA,CAAiB,GAAA,EAAK,MAAM,SAAS,CAAA;AAC5D,QAAA,MAAM,aAAA,GAAgB,SAAS,KAAA,EAAM;AACrC,QAAA,MAAM,OAAA,GAAU,MAAM,YAAA,CAAgB,QAAQ,CAAA;AAC9C,QAAA,MAAM,YAAA,GAAe,iBAAA;AAAA,UACnB,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,aAAa;AAAA,SACpC;AAEA,QAAA,IAAI,CAAC,QAAA,CAAS,EAAA,IAAM,CAAC,SAAS,OAAA,EAAS;AACrC,UAAA,MAAM,OAAA,GACJ,OAAA,IAAW,CAAC,OAAA,CAAQ,UAAW,OAAA,GAAqC,IAAA;AACtE,UAAA,MAAM,WAAW,aAAA,CAAc;AAAA,YAC7B,SAAA;AAAA,YACA,QAAA;AAAA,YACA;AAAA,WACD,CAAA;AACD,UAAA,MAAM,SAAA,GAAY,OAAA,GAAU,UAAA,IAAc,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAE3E,UAAA,MAAM,OAAO,UAAA,GAAa;AAAA,YACxB,GAAG,kBAAA;AAAA,YACH,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA;AAAA,YACzB,QAAQ,QAAA,CAAS,MAAA;AAAA,YACjB,QAAA,EAAU,aAAA;AAAA,YACV,KAAA,EAAO,QAAA;AAAA,YACP,aAAA,EAAe,SAAS,aAAA,IAAiB,SAAA;AAAA,YACzC,aAAA,EAAe,SAAS,aAAA,IAAiB,IAAA;AAAA,YACzC,YAAA;AAAA,YACA;AAAA,WACD,CAAA;AAED,UAAA,IAAI,SAAA,EAAW;AACb,YAAA,SAAA,GAAY,QAAA;AACZ,YAAA,MAAM,KAAA;AAAA,cACJ,mBAAA,CAAoB;AAAA,gBAClB,OAAA;AAAA,gBACA,QAAQ,QAAA,CAAS,MAAA;AAAA,gBACjB;AAAA,eACD;AAAA,aACH;AACA,YAAA;AAAA,UACF;AAEA,UAAA,MAAM,QAAA;AAAA,QACR;AAEA,QAAA,MAAM,cAAA,GAAiB,OAAA;AACvB,QAAA,MAAM,OAAO,UAAA,GAAa;AAAA,UACxB,GAAG,kBAAA;AAAA,UACH,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA;AAAA,UACzB,QAAQ,QAAA,CAAS,MAAA;AAAA,UACjB,QAAA,EAAU,aAAA;AAAA,UACV,aAAA,EACE,eAAe,aAAA,IACf,QAAA,CAAS,QAAQ,GAAA,CAAI,yBAAyB,CAAA,EAAG,IAAA,EAAK,IACtD,SAAA;AAAA,UACF,aAAA,EACE,eAAe,aAAA,IACf,QAAA,CAAS,QAAQ,GAAA,CAAI,0BAA0B,CAAA,EAAG,IAAA,EAAK,IACvD,IAAA;AAAA,UACF,kBAAkB,cAAA,CAAe,gBAAA;AAAA,UACjC,YAAA;AAAA,UACA,SAAA,EAAW;AAAA,SACZ,CAAA;AAED,QAAA,OAAO,cAAA;AAAA,MACT,SAAS,UAAA,EAAY;AACnB,QAAA,IAAI,sBAAsB,cAAA,EAAgB;AACxC,UAAA,MAAM,UAAA;AAAA,QACR;AACA,QAAA,MAAM,YAAY,OAAA,GAAU,UAAA;AAC5B,QAAA,MAAM,OAAO,UAAA,GAAa;AAAA,UACxB,GAAG,kBAAA;AAAA,UACH,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA;AAAA,UACzB,KAAA,EAAO,UAAA;AAAA,UACP,aAAA,EAAe,SAAA;AAAA,UACf,aAAA,EAAe,IAAA;AAAA,UACf;AAAA,SACD,CAAA;AACD,QAAA,SAAA,GAAY,UAAA;AACZ,QAAA,IAAI,SAAA,EAAW;AACb,UAAA,MAAM,KAAA,CAAM,mBAAA,CAAoB,EAAE,OAAA,EAAS,CAAC,CAAA;AAAA,QAC9C;AAAA,MACF;AAAA,IACF;AAEA,IAAA,MAAM,SAAA,YAAqB,KAAA,GACvB,SAAA,GACA,IAAI,MAAM,4CAA4C,CAAA;AAAA,EAC5D;AAEA,EAAA,OAAO;AAAA,IACL;AAAA,GACF;AACF;;;AC5hBO,SAAS,oBAAA,CAAqB,MAAA,GAA+B,EAAC,EAAG;AACtE,EAAA,MAAM,OAAA,GAAU,2BAA2B,MAAM,CAAA;AAEjD,EAAA,OAAO;AAAA,IACL,MAAM,gBAAA,CACJ,QAAA,EACA,UAAA,EACA,sBACA,cAAA,EACA;AACA,MAAA,OAAO,QAAQ,OAAA,CAAgC;AAAA,QAC7C,IAAA,EAAM,oCAAA;AAAA,QACN,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM;AAAA,UACJ,QAAA;AAAA,UACA,UAAA;AAAA,UACA,MAAA,EAAQ;AAAA,SACV;AAAA,QACA,cAAA,EAAgB,kBAAkB,oBAAA;AAAqB,OACxD,CAAA;AAAA,IACH,CAAA;AAAA,IAEA,MAAM,qBAAA,CACJ,QAAA,EACA,QAAA,EACA,sBACA,cAAA,EACA;AACA,MAAA,OAAO,QAAQ,OAAA,CAAqC;AAAA,QAClD,IAAA,EAAM,0CAAA;AAAA,QACN,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM;AAAA,UACJ,QAAA;AAAA,UACA,QAAA;AAAA,UACA,MAAA,EAAQ;AAAA,SACV;AAAA,QACA,cAAA,EAAgB,kBAAkB,oBAAA;AAAqB,OACxD,CAAA;AAAA,IACH;AAAA,GACF;AACF","file":"evidenceClient.js","sourcesContent":["import type {\n SessionAuthMode,\n SessionDelegationHop,\n SessionPrincipalType,\n} from \"./contracts/auth-session.contract\";\nimport type { JsonObject } from \"./types\";\n\nexport type LucernSdkAuthFailureReason =\n | \"principal_missing\"\n | \"tenant_missing\"\n | \"membership_missing\"\n | \"workspace_missing\"\n | \"clerk_alias_missing\"\n | \"clerk_alias_unrecognized\"\n | \"policy_denied\"\n | \"policy_unavailable\"\n | \"policy_unknown\";\n\nexport type PermitReadyAuthContext = {\n subject: string;\n tenant: string;\n workspace: string;\n resource?: string;\n action?: string;\n relation?: string;\n context?: JsonObject;\n};\n\nexport type LucernSdkAuthPolicyDecision = \"allow\" | \"deny\" | \"unknown\";\n\nexport type LucernSdkAuthContextInput = {\n clerkId?: string;\n principalId?: string;\n tenantId?: string;\n workspaceId?: string | null;\n principalType?: SessionPrincipalType;\n authMode?: SessionAuthMode;\n roles?: readonly string[];\n scopes?: readonly string[];\n delegationChain?: readonly SessionDelegationHop[];\n policyTraceId?: string;\n correlationId?: string;\n membershipId?: string;\n policyDecision?: LucernSdkAuthPolicyDecision;\n permit?: Partial<PermitReadyAuthContext>;\n};\n\nexport type CanonicalLucernSdkAuthContext = {\n clerkId?: string;\n principalId: string;\n tenantId: string;\n workspaceId: string;\n principalType: SessionPrincipalType;\n authMode: SessionAuthMode;\n roles: string[];\n scopes: string[];\n delegationChain: SessionDelegationHop[];\n policyTraceId?: string;\n correlationId?: string;\n membershipId?: string;\n permit: PermitReadyAuthContext;\n};\n\nexport class LucernSdkAuthContextError extends Error {\n readonly reason: LucernSdkAuthFailureReason;\n\n constructor(reason: LucernSdkAuthFailureReason, message: string) {\n super(message);\n this.name = \"LucernSdkAuthContextError\";\n this.reason = reason;\n }\n}\n\nfunction cleanString(value: string | null | undefined): string | undefined {\n const normalized = value?.trim();\n return normalized ? normalized : undefined;\n}\n\nfunction cleanStringList(values: readonly string[] | undefined): string[] {\n if (!values) {\n return [];\n }\n return values\n .map((value) => value.trim())\n .filter(\n (value, index, list) =>\n value.length > 0 && list.indexOf(value) === index\n );\n}\n\nfunction requireString(\n value: string | null | undefined,\n reason: LucernSdkAuthFailureReason,\n label: string\n): string {\n const normalized = cleanString(value);\n if (!normalized) {\n throw new LucernSdkAuthContextError(\n reason,\n `Canonical Lucern SDK auth context is missing ${label}.`\n );\n }\n return normalized;\n}\n\nfunction requirePrincipalType(\n principalType: SessionPrincipalType | undefined\n): SessionPrincipalType {\n if (!principalType) {\n throw new LucernSdkAuthContextError(\n \"principal_missing\",\n \"Canonical Lucern SDK auth context is missing principalType.\"\n );\n }\n return principalType;\n}\n\nfunction requireAuthMode(authMode: SessionAuthMode | undefined): SessionAuthMode {\n if (!authMode) {\n throw new LucernSdkAuthContextError(\n \"principal_missing\",\n \"Canonical Lucern SDK auth context is missing authMode.\"\n );\n }\n return authMode;\n}\n\nfunction ensurePermitMatch(args: {\n field: keyof PermitReadyAuthContext;\n expected: string;\n actual?: string;\n}) {\n const actual = cleanString(args.actual);\n if (actual && actual !== args.expected) {\n throw new LucernSdkAuthContextError(\n \"policy_denied\",\n `Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`\n );\n }\n}\n\nexport function normalizeCanonicalLucernAuthContext(\n input: LucernSdkAuthContextInput | undefined\n): CanonicalLucernSdkAuthContext {\n if (!input) {\n throw new LucernSdkAuthContextError(\n \"principal_missing\",\n \"Canonical Lucern SDK auth context is required.\"\n );\n }\n\n if (input.policyDecision === \"deny\") {\n throw new LucernSdkAuthContextError(\n \"policy_denied\",\n \"Canonical Lucern SDK auth context carries a denied policy decision.\"\n );\n }\n\n const principalId = requireString(\n input.principalId,\n \"principal_missing\",\n \"principalId\"\n );\n const tenantId = requireString(input.tenantId, \"tenant_missing\", \"tenantId\");\n const workspaceId = requireString(\n input.workspaceId,\n \"workspace_missing\",\n \"workspaceId\"\n );\n const roles = cleanStringList(input.roles);\n const scopes = cleanStringList(input.scopes);\n const principalType = requirePrincipalType(input.principalType);\n const authMode = requireAuthMode(input.authMode);\n const roleBasedInteractiveAuth =\n authMode === \"interactive_user\" && roles.length > 0;\n if (\n roles.length === 0 ||\n (scopes.length === 0 && !roleBasedInteractiveAuth)\n ) {\n throw new LucernSdkAuthContextError(\n \"membership_missing\",\n \"Canonical Lucern SDK auth context requires non-empty roles and scopes.\"\n );\n }\n\n const subject = cleanString(input.permit?.subject) ?? principalId;\n const tenant = cleanString(input.permit?.tenant) ?? tenantId;\n const workspace = cleanString(input.permit?.workspace) ?? workspaceId;\n\n ensurePermitMatch({\n field: \"subject\",\n expected: principalId,\n actual: subject,\n });\n ensurePermitMatch({ field: \"tenant\", expected: tenantId, actual: tenant });\n ensurePermitMatch({\n field: \"workspace\",\n expected: workspaceId,\n actual: workspace,\n });\n\n const context = input.permit?.context\n ? ({ ...input.permit.context } as JsonObject)\n : undefined;\n\n return {\n clerkId: cleanString(input.clerkId),\n principalId,\n tenantId,\n workspaceId,\n principalType,\n authMode,\n roles,\n scopes,\n delegationChain: input.delegationChain ? [...input.delegationChain] : [],\n policyTraceId: cleanString(input.policyTraceId),\n correlationId: cleanString(input.correlationId),\n membershipId: cleanString(input.membershipId),\n permit: {\n subject,\n tenant,\n workspace,\n resource: cleanString(input.permit?.resource),\n action: cleanString(input.permit?.action),\n relation: cleanString(input.permit?.relation),\n context,\n },\n };\n}\n\nexport function createCanonicalAuthHeaders(\n authContext: CanonicalLucernSdkAuthContext\n): Record<string, string> {\n const headers: Record<string, string> = {\n \"x-lucern-principal-id\": authContext.principalId,\n \"x-lucern-principal-type\": authContext.principalType,\n \"x-lucern-tenant\": authContext.tenantId,\n \"x-lucern-tenant-id\": authContext.tenantId,\n \"x-lucern-workspace\": authContext.workspaceId,\n \"x-lucern-workspace-id\": authContext.workspaceId,\n \"x-lucern-auth-mode\": authContext.authMode,\n \"x-lucern-roles\": authContext.roles.join(\",\"),\n \"x-lucern-scopes\": authContext.scopes.join(\",\"),\n \"x-lucern-permit-context\": JSON.stringify(authContext.permit),\n };\n\n if (authContext.clerkId) {\n headers[\"x-lucern-clerk-id\"] = authContext.clerkId;\n headers[\"x-lucern-user-id\"] = authContext.clerkId;\n }\n if (authContext.delegationChain.length > 0) {\n headers[\"x-lucern-delegation-chain\"] = JSON.stringify(\n authContext.delegationChain\n );\n }\n if (authContext.policyTraceId) {\n headers[\"x-lucern-policy-trace-id\"] = authContext.policyTraceId;\n }\n if (authContext.correlationId) {\n headers[\"x-correlation-id\"] = authContext.correlationId;\n headers[\"x-lucern-correlation-id\"] = authContext.correlationId;\n }\n if (authContext.membershipId) {\n headers[\"x-lucern-membership-id\"] = authContext.membershipId;\n }\n\n return headers;\n}\n","import {\n createCanonicalAuthHeaders,\n LucernSdkAuthContextError,\n normalizeCanonicalLucernAuthContext,\n type LucernSdkAuthContextInput,\n} from \"./authContext\";\nimport type { JsonObject, JsonValue } from \"./types\";\n\n/** Tenant and workspace identifiers used to scope gateway requests. */\nexport type GatewayScope = {\n tenantId?: string;\n workspaceId?: string;\n};\n\n/** Successful response envelope from the platform gateway with correlation metadata. */\nexport type PlatformGatewaySuccess<T> = {\n success: true;\n data: T;\n correlationId: string;\n policyTraceId: string | null;\n idempotentReplay: boolean;\n};\n\n/** Failed response envelope with structured error codes and optional invariant references. */\nexport type PlatformGatewayFailure = {\n success: false;\n /**\n * Error string is the canonical envelope field.\n * Object form is legacy-only compatibility for older gateway responses.\n */\n error:\n | string\n | {\n code: string;\n message: string;\n details?: JsonValue;\n };\n code?: string;\n invariant?: string | null;\n suggestion?: string | null;\n details?: JsonValue;\n legacyError?: {\n code: string;\n message: string;\n details?: JsonValue;\n };\n correlationId: string;\n policyTraceId: string | null;\n};\n\n/** Discriminated union of success and failure gateway responses. */\nexport type PlatformGatewayEnvelope<T> =\n | PlatformGatewaySuccess<T>\n | PlatformGatewayFailure;\n\n/**\n * Structured error thrown when a platform API request fails.\n *\n * Includes HTTP status, machine-readable error code, optional invariant\n * reference, and actionable suggestions for common failure modes.\n */\nexport class LucernApiError extends Error {\n public readonly code: string;\n public readonly status: number;\n public readonly invariant?: string | null;\n public readonly suggestion?: string | null;\n public readonly details?: JsonValue;\n public readonly requestId?: string;\n public readonly correlationId?: string;\n public readonly policyTraceId?: string | null;\n\n constructor(args: {\n code: string;\n message: string;\n status: number;\n invariant?: string | null;\n suggestion?: string | null;\n details?: JsonValue;\n requestId?: string;\n correlationId?: string;\n policyTraceId?: string | null;\n }) {\n super(args.message);\n this.name = \"LucernApiError\";\n this.code = args.code;\n this.status = args.status;\n this.invariant = args.invariant;\n this.suggestion = args.suggestion;\n this.details = args.details;\n this.requestId = args.requestId;\n this.correlationId = args.correlationId;\n this.policyTraceId = args.policyTraceId;\n }\n}\n\n/** Supported HTTP methods for gateway requests. */\nexport type GatewayHttpMethod = \"GET\" | \"POST\" | \"PUT\" | \"PATCH\" | \"DELETE\";\n\ntype FetchLike = (\n input: RequestInfo | URL,\n init?: RequestInit\n) => Promise<Response>;\n\ntype JsonParseAttempt =\n | { ok: true; value: unknown }\n | { ok: false; reason: \"non-json\" | \"invalid-json\"; error?: SyntaxError };\n\n/** Context passed to the `onRequest` hook before each gateway request attempt. */\nexport type GatewayRequestHookContext = {\n requestId: string;\n attempt: number;\n maxRetries: number;\n method: GatewayHttpMethod;\n path: string;\n url: string;\n headers: Headers;\n body?: string;\n timeoutMs: number;\n};\n\n/** Context passed to the `onResponse` hook after each gateway request attempt (including retries and failures). */\nexport type GatewayResponseHookContext = GatewayRequestHookContext & {\n durationMs: number;\n status?: number;\n response?: Response;\n error?: unknown;\n correlationId?: string;\n policyTraceId?: string | null;\n idempotentReplay?: boolean;\n retryAfterMs?: number | null;\n willRetry: boolean;\n};\n\nexport type GatewayClientEnvironment = \"sandbox\" | \"production\";\n\n/**\n * Low-level transport configuration for the platform gateway client.\n *\n * Most developers should use {@link createLucernClient} instead, which wraps\n * this config with higher-level conveniences like `apiKey` and `environment`.\n */\nexport type GatewayClientConfig = {\n baseUrl?: string;\n fetchImpl?: FetchLike;\n /** Lucern tenant API key or service API key. Sent as `x-lucern-key`. */\n apiKey?: string;\n /**\n * Lucern platform session token. This is not a Clerk JWT.\n * Server-side tenant proxies should normally send `apiKey` plus `clerkId`.\n */\n userToken?: string;\n /** Gateway environment label for legacy sandbox/production routing. */\n environment?: GatewayClientEnvironment;\n /** Clerk subject for the current end user. */\n clerkId?: string;\n /** Optional explicit user subject. Defaults to `clerkId` when omitted. */\n userId?: string;\n /** Optional deployment host hint for front-door routing. */\n deploymentHost?: string;\n getAuthHeaders?:\n | (() => Promise<Record<string, string>>)\n | (() => Record<string, string>);\n /**\n * Canonical Master Control identity tuple applied to every SDK request.\n * Use this for tenant/workspace-scoped graph and identity operations.\n */\n authContext?:\n | LucernSdkAuthContextInput\n | (() => Promise<LucernSdkAuthContextInput | undefined>)\n | (() => LucernSdkAuthContextInput | undefined);\n /** When true, requests fail before fetch if `authContext` is absent. */\n requireCanonicalAuthContext?: boolean;\n /** Max retries for transient errors (5xx, network). Defaults to 2. */\n maxRetries?: number;\n /** Request timeout in ms. Defaults to 15000. */\n timeoutMs?: number;\n /** Optional timeout overrides by HTTP method. */\n timeoutMsByMethod?: Partial<Record<GatewayHttpMethod, number>>;\n /** Optional request ID factory used for correlation headers. */\n requestIdFactory?: () => string;\n /** Invoked before each request attempt, including retries. */\n onRequest?:\n | ((context: GatewayRequestHookContext) => void)\n | ((context: GatewayRequestHookContext) => Promise<void>);\n /** Invoked after each request attempt, including retries and failures. */\n onResponse?:\n | ((context: GatewayResponseHookContext) => void)\n | ((context: GatewayResponseHookContext) => Promise<void>);\n};\n\n/**\n * Serialize a gateway query object into a URL query string.\n */\nexport function toQueryString(\n scope: GatewayScope & Record<string, string | number | boolean | undefined>\n): string {\n const params = new URLSearchParams();\n if (scope.tenantId) {\n params.set(\"tenantId\", scope.tenantId);\n }\n if (scope.workspaceId) {\n params.set(\"workspaceId\", scope.workspaceId);\n }\n for (const [key, value] of Object.entries(scope)) {\n if (key === \"tenantId\" || key === \"workspaceId\") {\n continue;\n }\n if (value === undefined) {\n continue;\n }\n params.set(key, String(value));\n }\n const serialized = params.toString();\n return serialized.length > 0 ? `?${serialized}` : \"\";\n}\n\nfunction fillRandomBytes(length: number): Uint8Array {\n const bytes = new Uint8Array(length);\n if (typeof globalThis.crypto?.getRandomValues === \"function\") {\n globalThis.crypto.getRandomValues(bytes);\n return bytes;\n }\n\n for (let index = 0; index < length; index += 1) {\n bytes[index] = Math.floor(Math.random() * 256);\n }\n return bytes;\n}\n\nfunction generatePortableRequestId(): string {\n if (typeof globalThis.crypto?.randomUUID === \"function\") {\n return globalThis.crypto.randomUUID();\n }\n\n const bytes = fillRandomBytes(16);\n bytes[6] = (bytes[6] & 0x0f) | 0x40;\n bytes[8] = (bytes[8] & 0x3f) | 0x80;\n const hex = Array.from(bytes, (value) => value.toString(16).padStart(2, \"0\"));\n return `${hex.slice(0, 4).join(\"\")}-${hex.slice(4, 6).join(\"\")}-${hex.slice(\n 6,\n 8\n ).join(\"\")}-${hex.slice(8, 10).join(\"\")}-${hex.slice(10).join(\"\")}`;\n}\n\n/**\n * Generate a random idempotency key for retry-safe writes.\n */\nexport const randomIdempotencyKey = generatePortableRequestId;\n\nfunction isRetryableStatus(status: number): boolean {\n return status >= 500 || status === 408 || status === 429;\n}\n\nfunction fallbackErrorCode(status: number): string {\n if (status === 401) {\n return \"AUTHENTICATION_REQUIRED\";\n }\n if (status === 403) {\n return \"FORBIDDEN\";\n }\n if (status === 404) {\n return \"NOT_FOUND\";\n }\n if (status === 408) {\n return \"UPSTREAM_ERROR\";\n }\n if (status === 409) {\n return \"CONFLICT\";\n }\n if (status === 429) {\n return \"RATE_LIMIT_EXCEEDED\";\n }\n if (status >= 500) {\n return \"UPSTREAM_ERROR\";\n }\n return \"INTERNAL_ERROR\";\n}\n\nfunction delay(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\nfunction parseRetryAfterMs(value: string | null): number | null {\n if (!value) {\n return null;\n }\n const trimmed = value.trim();\n if (!trimmed) {\n return null;\n }\n const numeric = Number(trimmed);\n if (Number.isFinite(numeric)) {\n return Math.max(0, Math.round(numeric * 1000));\n }\n const parsedDate = Date.parse(trimmed);\n if (Number.isFinite(parsedDate)) {\n return Math.max(0, parsedDate - Date.now());\n }\n return null;\n}\n\nfunction computeRetryDelayMs(args: {\n attempt: number;\n status?: number;\n retryAfterMs?: number | null;\n}): number {\n const baseDelay =\n args.status === 429\n ? Math.max(\n args.retryAfterMs ?? 0,\n Math.min(1000 * 2 ** args.attempt, 10_000)\n )\n : Math.min(1000 * 2 ** args.attempt, 4000);\n\n if (args.status !== 429) {\n return baseDelay;\n }\n\n const jitterWindow = Math.max(250, Math.round(baseDelay * 0.25));\n return baseDelay + Math.round(Math.random() * jitterWindow);\n}\n\nfunction timeoutError(timeoutMs: number): Error {\n const error = new Error(`Request timed out after ${timeoutMs}ms`);\n error.name = \"AbortError\";\n return error;\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return value !== null && typeof value === \"object\" && !Array.isArray(value);\n}\n\nfunction readPolicySummaryFromDetails(details?: JsonValue): string | null {\n if (!isRecord(details)) {\n return null;\n }\n\n const directSummary = details.summary;\n if (typeof directSummary === \"string\" && directSummary.trim().length > 0) {\n return directSummary.trim();\n }\n\n const policy = details.policy;\n if (!isRecord(policy)) {\n return null;\n }\n\n const explanation = policy.explanation;\n if (!isRecord(explanation)) {\n return null;\n }\n\n const nestedSummary = explanation.summary;\n if (typeof nestedSummary === \"string\" && nestedSummary.trim().length > 0) {\n return nestedSummary.trim();\n }\n\n return null;\n}\n\nasync function resolveConfiguredAuthContext(\n authContext: GatewayClientConfig[\"authContext\"]\n): Promise<LucernSdkAuthContextInput | undefined> {\n if (typeof authContext === \"function\") {\n return await authContext();\n }\n return authContext;\n}\n\nfunction mergeHeaderRecord(\n base: Record<string, string>,\n addition: Record<string, string>\n): Record<string, string> {\n const headers = new Headers(base);\n for (const [key, value] of Object.entries(addition)) {\n const existing = headers.get(key);\n if (existing !== null && existing !== value) {\n throw new LucernSdkAuthContextError(\n \"policy_denied\",\n `Canonical Lucern SDK auth context conflicts with existing ${key} header.`\n );\n }\n headers.set(key, value);\n }\n return Object.fromEntries(headers.entries());\n}\n\nfunction cleanHeaderValue(value: string | null | undefined): string | undefined {\n const normalized = value?.trim();\n return normalized ? normalized : undefined;\n}\n\n/**\n * Create the transport client used by all SDK modules.\n */\nexport function createGatewayRequestClient(config: GatewayClientConfig = {}) {\n const fetchImpl = config.fetchImpl ?? fetch;\n const baseUrl = config.baseUrl?.replace(/\\/+$/, \"\") ?? \"\";\n const maxRetries = config.maxRetries ?? 2;\n const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());\n\n async function resolveAuthHeaders(): Promise<Record<string, string>> {\n const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};\n const headers = new Headers(provided);\n const setIfAbsent = (name: string, value: string | undefined) => {\n const normalized = cleanHeaderValue(value);\n if (normalized && !headers.has(name)) {\n headers.set(name, normalized);\n }\n };\n\n setIfAbsent(\"x-lucern-key\", config.apiKey);\n setIfAbsent(\"x-lucern-session-token\", config.userToken);\n setIfAbsent(\"x-lucern-environment\", config.environment);\n setIfAbsent(\"x-lucern-clerk-id\", config.clerkId);\n setIfAbsent(\"x-lucern-user-id\", config.userId ?? config.clerkId);\n setIfAbsent(\"x-lucern-deployment-host\", config.deploymentHost);\n\n const base = Object.fromEntries(headers.entries());\n const authContextInput = await resolveConfiguredAuthContext(\n config.authContext\n );\n if (!authContextInput && !config.requireCanonicalAuthContext) {\n return base;\n }\n const authContext = normalizeCanonicalLucernAuthContext(authContextInput);\n return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));\n }\n\n async function fetchWithTimeout(\n url: string,\n init: RequestInit,\n timeoutMs: number\n ): Promise<Response> {\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), timeoutMs);\n try {\n return await fetchImpl(url, { ...init, signal: controller.signal });\n } catch (error) {\n if (controller.signal.aborted) {\n throw timeoutError(timeoutMs);\n }\n throw error;\n } finally {\n clearTimeout(timer);\n }\n }\n\n async function parsePayload<T>(\n response: Response\n ): Promise<PlatformGatewayEnvelope<T> | null> {\n const text = await response.text();\n if (!text) {\n return null;\n }\n const parsed = tryParseGatewayEnvelopeJson(text);\n if (!parsed.ok) {\n return null;\n }\n return isRecord(parsed.value)\n ? (parsed.value as PlatformGatewayEnvelope<T>)\n : null;\n }\n\n function resolveTimeoutMs(\n method: GatewayHttpMethod,\n requestTimeoutMs?: number\n ): number {\n if (typeof requestTimeoutMs === \"number\") {\n return requestTimeoutMs;\n }\n const methodTimeoutMs = config.timeoutMsByMethod?.[method];\n if (typeof methodTimeoutMs === \"number\") {\n return methodTimeoutMs;\n }\n return config.timeoutMs ?? 15_000;\n }\n\n function tryParseGatewayEnvelopeJson(text: string): JsonParseAttempt {\n const trimmed = text.trim();\n if (!trimmed.startsWith(\"{\") && !trimmed.startsWith(\"[\")) {\n return { ok: false, reason: \"non-json\" };\n }\n try {\n return { ok: true, value: JSON.parse(trimmed) };\n } catch (error) {\n if (error instanceof SyntaxError) {\n return { ok: false, reason: \"invalid-json\", error };\n }\n throw error;\n }\n }\n\n function buildApiError(args: {\n requestId: string;\n response: Response;\n failure?: PlatformGatewayFailure | null;\n }): LucernApiError {\n const failure = args.failure;\n const legacyError =\n failure && isRecord(failure.error) ? failure.error : failure?.legacyError;\n const correlationId =\n failure?.correlationId ??\n args.response.headers.get(\"x-lucern-correlation-id\")?.trim() ??\n args.requestId;\n const policyTraceId =\n failure?.policyTraceId ??\n args.response.headers.get(\"x-lucern-policy-trace-id\")?.trim() ??\n null;\n const details = failure?.details ?? legacyError?.details;\n const policySummary = readPolicySummaryFromDetails(details);\n const failureMessage =\n typeof failure?.error === \"string\"\n ? failure.error\n : legacyError?.message;\n\n return new LucernApiError({\n code:\n failure?.code ??\n legacyError?.code ??\n fallbackErrorCode(args.response.status),\n message:\n policySummary ??\n failureMessage ??\n (args.response.ok\n ? \"Platform API returned an invalid success payload.\"\n : \"Platform API request failed.\"),\n status: args.response.status,\n invariant: failure?.invariant,\n suggestion: failure?.suggestion,\n details,\n requestId: args.requestId,\n correlationId,\n policyTraceId,\n });\n }\n\n async function request<T>(args: {\n path: string;\n method?: GatewayHttpMethod;\n body?: JsonObject;\n idempotencyKey?: string;\n requestId?: string;\n timeoutMs?: number;\n }): Promise<PlatformGatewaySuccess<T>> {\n const authHeaders = await resolveAuthHeaders();\n const method = args.method ?? \"GET\";\n const timeoutMs = resolveTimeoutMs(method, args.timeoutMs);\n const headers = new Headers({\n \"content-type\": \"application/json\",\n ...authHeaders,\n });\n if (args.idempotencyKey) {\n headers.set(\"idempotency-key\", args.idempotencyKey);\n }\n const requestId =\n headers.get(\"x-correlation-id\")?.trim() ||\n headers.get(\"x-request-id\")?.trim() ||\n args.requestId ||\n requestIdFactory();\n if (!headers.has(\"x-correlation-id\") && !headers.has(\"x-request-id\")) {\n headers.set(\"x-correlation-id\", requestId);\n }\n\n const url = `${baseUrl}${args.path}`;\n const serializedBody = args.body ? JSON.stringify(args.body) : undefined;\n const init: RequestInit = {\n method,\n headers,\n body: serializedBody,\n };\n\n let lastError: unknown;\n\n for (let attempt = 0; attempt <= maxRetries; attempt++) {\n const hookRequestContext: GatewayRequestHookContext = {\n requestId,\n attempt,\n maxRetries,\n method,\n path: args.path,\n url,\n headers: new Headers(headers),\n body: serializedBody,\n timeoutMs,\n };\n await config.onRequest?.(hookRequestContext);\n const startedAt = Date.now();\n try {\n const response = await fetchWithTimeout(url, init, timeoutMs);\n const responseClone = response.clone();\n const payload = await parsePayload<T>(response);\n const retryAfterMs = parseRetryAfterMs(\n response.headers.get(\"Retry-After\")\n );\n\n if (!response.ok || !payload?.success) {\n const failure =\n payload && !payload.success ? (payload as PlatformGatewayFailure) : null;\n const apiError = buildApiError({\n requestId,\n response,\n failure,\n });\n const willRetry = attempt < maxRetries && isRetryableStatus(response.status);\n\n await config.onResponse?.({\n ...hookRequestContext,\n durationMs: Date.now() - startedAt,\n status: response.status,\n response: responseClone,\n error: apiError,\n correlationId: apiError.correlationId ?? requestId,\n policyTraceId: apiError.policyTraceId ?? null,\n retryAfterMs,\n willRetry,\n });\n\n if (willRetry) {\n lastError = apiError;\n await delay(\n computeRetryDelayMs({\n attempt,\n status: response.status,\n retryAfterMs,\n })\n );\n continue;\n }\n\n throw apiError;\n }\n\n const successPayload = payload as PlatformGatewaySuccess<T>;\n await config.onResponse?.({\n ...hookRequestContext,\n durationMs: Date.now() - startedAt,\n status: response.status,\n response: responseClone,\n correlationId:\n successPayload.correlationId ??\n response.headers.get(\"x-lucern-correlation-id\")?.trim() ??\n requestId,\n policyTraceId:\n successPayload.policyTraceId ??\n response.headers.get(\"x-lucern-policy-trace-id\")?.trim() ??\n null,\n idempotentReplay: successPayload.idempotentReplay,\n retryAfterMs,\n willRetry: false,\n });\n\n return successPayload;\n } catch (fetchError) {\n if (fetchError instanceof LucernApiError) {\n throw fetchError;\n }\n const willRetry = attempt < maxRetries;\n await config.onResponse?.({\n ...hookRequestContext,\n durationMs: Date.now() - startedAt,\n error: fetchError,\n correlationId: requestId,\n policyTraceId: null,\n willRetry,\n });\n lastError = fetchError;\n if (willRetry) {\n await delay(computeRetryDelayMs({ attempt }));\n }\n }\n }\n\n throw lastError instanceof Error\n ? lastError\n : new Error(\"Platform API request failed after retries.\");\n }\n\n return {\n request,\n };\n}\n","import {\n createGatewayRequestClient,\n type GatewayClientConfig,\n randomIdempotencyKey,\n} from \"./coreClient\";\n\ntype EvidenceClassificationRelation =\n | \"supports\"\n | \"contradicts\"\n | \"irrelevant\";\n\ntype ModelFallbackConfig = {\n modelKey: string;\n modelId: string;\n temperature: number;\n maxTokens: number;\n};\n\ntype ResolvedModelConfig = ModelFallbackConfig & {\n promptName: string;\n};\n\ntype TracingAdapter = {\n startGeneration(input: {\n name: string;\n userId?: string;\n promptName: string;\n model: string;\n input: unknown;\n }): Promise<{\n start: () => void;\n end: (output: unknown) => Promise<void>;\n error: (err: unknown) => Promise<void>;\n }>;\n};\n\ntype PromptResolver = (name: string) => Promise<string | null>;\n\ntype ModelResolver = (\n slotKey: string,\n fallback: ResolvedModelConfig\n) => Promise<ResolvedModelConfig>;\n\ntype ClassificationRuntimeAdapter = (input: {\n beliefId: string;\n evidenceId: string;\n belief: string;\n evidence: string;\n prompt: string;\n model: ResolvedModelConfig;\n}) => Promise<{\n relation: EvidenceClassificationRelation;\n rationale: string;\n}>;\n\n// Local mirror of the kernel adapter types so SDK DTS generation stays inside\n// packages/sdk rootDir. Source of truth:\n// packages/reasoning-kernel/src/adapters/evidenceClassifier.ts\nexport type SerializableClassifyEvidenceConfig = {\n promptName?: string;\n modelSlotKey?: string;\n modelFallback?: ModelFallbackConfig;\n edgeWeightPolicy?: {\n supports: number;\n contradicts: number;\n };\n statusTransition?: {\n onSupports: string;\n onContradicts: string;\n };\n writeLegacyTables?: boolean;\n};\n\nexport type ClassifyEvidenceConfig = SerializableClassifyEvidenceConfig & {\n trustDiscountPolicy?: (\n relation: Exclude<EvidenceClassificationRelation, \"irrelevant\">,\n rationale: string\n ) => number;\n tracing?: TracingAdapter;\n promptResolver?: PromptResolver;\n modelResolver?: ModelResolver;\n classifier?: ClassificationRuntimeAdapter;\n};\n\nexport type ClassifyEvidenceResult = {\n beliefId: string;\n evidenceId: string;\n relation: EvidenceClassificationRelation;\n rationale: string;\n usedFallback: boolean;\n edgeWeight?: number;\n promptName: string;\n model: ResolvedModelConfig;\n link?: {\n edgeGlobalId: string;\n linkId?: string;\n confidence: number;\n writeLegacyTables: boolean;\n };\n statusUpdate?: {\n previousStatus?: string;\n newStatus: string;\n historyWritten: boolean;\n };\n};\n\nexport type ClassifyEvidenceBatchItem = {\n evidenceId?: string;\n insightId?: string;\n nodeId?: string;\n text?: string;\n};\n\nexport type ClassifyEvidenceBatchResult = {\n items: ClassifyEvidenceResult[];\n summary: {\n supporting: number;\n contradicting: number;\n irrelevant: number;\n };\n};\n\nexport type { PlatformGatewaySuccess } from \"./coreClient\";\n\n/** Configuration for the evidence classification client. */\nexport type EvidenceClientConfig = GatewayClientConfig;\n\n/**\n * Serializable config accepted by the HTTP SDK surface.\n * Runtime-only ports stay inside the kernel adapter.\n */\nexport type EvidenceClassificationRequestConfig =\n SerializableClassifyEvidenceConfig;\n\n/**\n * Create the evidence classification client.\n *\n * This surface mirrors the promoted kernel primitive through the platform\n * gateway. Auth-scoped callers do not provide `createdBy`; the gateway derives\n * it from the authenticated principal.\n */\nexport function createEvidenceClient(config: EvidenceClientConfig = {}) {\n const gateway = createGatewayRequestClient(config);\n\n return {\n async classifyEvidence(\n beliefId: string,\n evidenceId: string,\n classificationConfig?: EvidenceClassificationRequestConfig,\n idempotencyKey?: string\n ) {\n return gateway.request<ClassifyEvidenceResult>({\n path: \"/api/platform/v1/evidence/classify\",\n method: \"POST\",\n body: {\n beliefId,\n evidenceId,\n config: classificationConfig,\n },\n idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),\n });\n },\n\n async classifyEvidenceBatch(\n beliefId: string,\n evidence: ClassifyEvidenceBatchItem[],\n classificationConfig?: EvidenceClassificationRequestConfig,\n idempotencyKey?: string\n ) {\n return gateway.request<ClassifyEvidenceBatchResult>({\n path: \"/api/platform/v1/evidence/classify-batch\",\n method: \"POST\",\n body: {\n beliefId,\n evidence,\n config: classificationConfig,\n },\n idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),\n });\n },\n };\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/coreClient.ts","../src/evidenceClient.ts"],"names":[],"mappings":";AAuDO,IAAM,cAAA,GAAN,cAA6B,KAAA,CAAM;AAAA,EACxB,IAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,OAAA;AAAA,EACA,SAAA;AAAA,EACA,aAAA;AAAA,EACA,aAAA;AAAA,EAEhB,YAAY,IAAA,EAUT;AACD,IAAA,KAAA,CAAM,KAAK,OAAO,CAAA;AAClB,IAAA,IAAA,CAAK,IAAA,GAAO,gBAAA;AACZ,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,IAAA;AACjB,IAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACnB,IAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACtB,IAAA,IAAA,CAAK,aAAa,IAAA,CAAK,UAAA;AACvB,IAAA,IAAA,CAAK,UAAU,IAAA,CAAK,OAAA;AACpB,IAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACtB,IAAA,IAAA,CAAK,gBAAgB,IAAA,CAAK,aAAA;AAC1B,IAAA,IAAA,CAAK,gBAAgB,IAAA,CAAK,aAAA;AAAA,EAC5B;AACF,CAAA;AA4FA,SAAS,gBAAgB,MAAA,EAA4B;AACnD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,OAAO,UAAA,CAAW,MAAA,EAAQ,eAAA,KAAoB,UAAA,EAAY;AAC5D,IAAA,UAAA,CAAW,MAAA,CAAO,gBAAgB,KAAK,CAAA;AACvC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,KAAA,IAAS,KAAA,GAAQ,CAAA,EAAG,KAAA,GAAQ,MAAA,EAAQ,SAAS,CAAA,EAAG;AAC9C,IAAA,KAAA,CAAM,KAAK,CAAA,GAAI,IAAA,CAAK,MAAM,IAAA,CAAK,MAAA,KAAW,GAAG,CAAA;AAAA,EAC/C;AACA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,yBAAA,GAAoC;AAC3C,EAAA,IAAI,OAAO,UAAA,CAAW,MAAA,EAAQ,UAAA,KAAe,UAAA,EAAY;AACvD,IAAA,OAAO,UAAA,CAAW,OAAO,UAAA,EAAW;AAAA,EACtC;AAEA,EAAA,MAAM,KAAA,GAAQ,gBAAgB,EAAE,CAAA;AAChC,EAAA,KAAA,CAAM,CAAC,CAAA,GAAK,KAAA,CAAM,CAAC,IAAI,EAAA,GAAQ,EAAA;AAC/B,EAAA,KAAA,CAAM,CAAC,CAAA,GAAK,KAAA,CAAM,CAAC,IAAI,EAAA,GAAQ,GAAA;AAC/B,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAC,KAAA,KAAU,KAAA,CAAM,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA;AAC5E,EAAA,OAAO,GAAG,GAAA,CAAI,KAAA,CAAM,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAC,IAAI,GAAA,CAAI,KAAA,CAAM,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAC,IAAI,GAAA,CAAI,KAAA;AAAA,IACpE,CAAA;AAAA,IACA;AAAA,GACF,CAAE,KAAK,EAAE,CAAC,IAAI,GAAA,CAAI,KAAA,CAAM,GAAG,EAAE,CAAA,CAAE,KAAK,EAAE,CAAC,IAAI,GAAA,CAAI,KAAA,CAAM,EAAE,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC,CAAA,CAAA;AACnE;AAKO,SAAS,oBAAA,GAA+B;AAC7C,EAAA,OAAO,yBAAA,EAA0B;AACnC;AAEA,SAAS,kBAAkB,MAAA,EAAyB;AAClD,EAAA,OAAO,MAAA,IAAU,GAAA,IAAO,MAAA,KAAW,GAAA,IAAO,MAAA,KAAW,GAAA;AACvD;AAEA,SAAS,kBAAkB,MAAA,EAAwB;AACjD,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,yBAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,WAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,WAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,gBAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,UAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,qBAAA;AAAA,EACT;AACA,EAAA,IAAI,UAAU,GAAA,EAAK;AACjB,IAAA,OAAO,gBAAA;AAAA,EACT;AACA,EAAA,OAAO,gBAAA;AACT;AAEA,SAAS,MAAM,EAAA,EAA2B;AACxC,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,EAAE,CAAC,CAAA;AACzD;AAEA,SAAS,kBAAkB,KAAA,EAAqC;AAC9D,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,OAAA,GAAU,OAAO,OAAO,CAAA;AAC9B,EAAA,IAAI,MAAA,CAAO,QAAA,CAAS,OAAO,CAAA,EAAG;AAC5B,IAAA,OAAO,KAAK,GAAA,CAAI,CAAA,EAAG,KAAK,KAAA,CAAM,OAAA,GAAU,GAAI,CAAC,CAAA;AAAA,EAC/C;AACA,EAAA,MAAM,UAAA,GAAa,IAAA,CAAK,KAAA,CAAM,OAAO,CAAA;AACrC,EAAA,IAAI,MAAA,CAAO,QAAA,CAAS,UAAU,CAAA,EAAG;AAC/B,IAAA,OAAO,KAAK,GAAA,CAAI,CAAA,EAAG,UAAA,GAAa,IAAA,CAAK,KAAK,CAAA;AAAA,EAC5C;AACA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,oBAAoB,IAAA,EAIlB;AACT,EAAA,MAAM,SAAA,GACJ,IAAA,CAAK,MAAA,KAAW,GAAA,GACZ,IAAA,CAAK,GAAA;AAAA,IACH,KAAK,YAAA,IAAgB,CAAA;AAAA,IACrB,KAAK,GAAA,CAAI,GAAA,GAAO,CAAA,IAAK,IAAA,CAAK,SAAS,GAAM;AAAA,MAE3C,IAAA,CAAK,GAAA,CAAI,MAAO,CAAA,IAAK,IAAA,CAAK,SAAS,GAAI,CAAA;AAE7C,EAAA,IAAI,IAAA,CAAK,WAAW,GAAA,EAAK;AACvB,IAAA,OAAO,SAAA;AAAA,EACT;AAEA,EAAA,MAAM,YAAA,GAAe,KAAK,GAAA,CAAI,GAAA,EAAK,KAAK,KAAA,CAAM,SAAA,GAAY,IAAI,CAAC,CAAA;AAC/D,EAAA,OAAO,YAAY,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,MAAA,KAAW,YAAY,CAAA;AAC5D;AAEA,SAAS,aAAa,SAAA,EAA0B;AAC9C,EAAA,MAAM,KAAA,GAAQ,IAAI,KAAA,CAAM,CAAA,wBAAA,EAA2B,SAAS,CAAA,EAAA,CAAI,CAAA;AAChE,EAAA,KAAA,CAAM,IAAA,GAAO,YAAA;AACb,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,6BAA6B,OAAA,EAAoC;AACxE,EAAA,IAAI,CAAC,WAAW,OAAO,OAAA,KAAY,YAAY,KAAA,CAAM,OAAA,CAAQ,OAAO,CAAA,EAAG;AACrE,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,gBAAiB,OAAA,CAAoC,OAAA;AAC3D,EAAA,IAAI,OAAO,aAAA,KAAkB,QAAA,IAAY,cAAc,IAAA,EAAK,CAAE,SAAS,CAAA,EAAG;AACxE,IAAA,OAAO,cAAc,IAAA,EAAK;AAAA,EAC5B;AAEA,EAAA,MAAM,SAAU,OAAA,CAAmC,MAAA;AACnD,EAAA,IAAI,CAAC,UAAU,OAAO,MAAA,KAAW,YAAY,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AAClE,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,cAAe,MAAA,CAAuC,WAAA;AAC5D,EAAA,IAAI,CAAC,eAAe,OAAO,WAAA,KAAgB,YAAY,KAAA,CAAM,OAAA,CAAQ,WAAW,CAAA,EAAG;AACjF,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,gBAAiB,WAAA,CAAwC,OAAA;AAC/D,EAAA,IAAI,OAAO,aAAA,KAAkB,QAAA,IAAY,cAAc,IAAA,EAAK,CAAE,SAAS,CAAA,EAAG;AACxE,IAAA,OAAO,cAAc,IAAA,EAAK;AAAA,EAC5B;AAEA,EAAA,OAAO,IAAA;AACT;AAKO,SAAS,0BAAA,CAA2B,MAAA,GAA8B,EAAC,EAAG;AAC3E,EAAA,MAAM,SAAA,GAAY,OAAO,SAAA,IAAa,KAAA;AACtC,EAAA,MAAM,UAAU,MAAA,CAAO,OAAA,EAAS,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAA,IAAK,EAAA;AACvD,EAAA,MAAM,UAAA,GAAa,OAAO,UAAA,IAAc,CAAA;AACxC,EAAA,MAAM,gBAAA,GAAmB,MAAA,CAAO,gBAAA,KAAqB,MAAM,yBAAA,EAA0B,CAAA;AAErF,EAAA,eAAe,kBAAA,GAAsD;AACnE,IAAA,IAAI,CAAC,OAAO,cAAA,EAAgB;AAC1B,MAAA,OAAO,EAAC;AAAA,IACV;AACA,IAAA,OAAO,MAAM,OAAO,cAAA,EAAe;AAAA,EACrC;AAEA,EAAA,eAAe,gBAAA,CACb,GAAA,EACA,IAAA,EACA,SAAA,EACmB;AACnB,IAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,SAAS,CAAA;AAC5D,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,UAAU,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,UAAA,CAAW,MAAA,EAAQ,CAAA;AAAA,IACpE,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,UAAA,CAAW,OAAO,OAAA,EAAS;AAC7B,QAAA,MAAM,aAAa,SAAS,CAAA;AAAA,MAC9B;AACA,MAAA,MAAM,KAAA;AAAA,IACR,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAEA,EAAA,eAAe,aACb,QAAA,EAC4C;AAC5C,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,IAAI;AACF,MAAA,OAAO,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,IACxB,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,SAAS,gBAAA,CACP,QACA,gBAAA,EACQ;AACR,IAAA,IAAI,OAAO,qBAAqB,QAAA,EAAU;AACxC,MAAA,OAAO,gBAAA;AAAA,IACT;AACA,IAAA,MAAM,eAAA,GAAkB,MAAA,CAAO,iBAAA,GAAoB,MAAM,CAAA;AACzD,IAAA,IAAI,OAAO,oBAAoB,QAAA,EAAU;AACvC,MAAA,OAAO,eAAA;AAAA,IACT;AACA,IAAA,OAAO,OAAO,SAAA,IAAa,IAAA;AAAA,EAC7B;AAEA,EAAA,SAAS,cAAc,IAAA,EAIJ;AACjB,IAAA,MAAM,UAAU,IAAA,CAAK,OAAA;AACrB,IAAA,MAAM,WAAA,GACJ,OAAA,IAAW,OAAO,OAAA,CAAQ,KAAA,KAAU,QAAA,IAAY,OAAA,CAAQ,KAAA,KAAU,IAAA,GAC9D,OAAA,CAAQ,KAAA,GACR,OAAA,EAAS,WAAA;AACf,IAAA,MAAM,aAAA,GACJ,OAAA,EAAS,aAAA,IACT,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,yBAAyB,CAAA,EAAG,IAAA,EAAK,IAC3D,IAAA,CAAK,SAAA;AACP,IAAA,MAAM,aAAA,GACJ,OAAA,EAAS,aAAA,IACT,IAAA,CAAK,QAAA,CAAS,QAAQ,GAAA,CAAI,0BAA0B,CAAA,EAAG,IAAA,EAAK,IAC5D,IAAA;AACF,IAAA,MAAM,OAAA,GAAU,OAAA,EAAS,OAAA,IAAW,WAAA,EAAa,OAAA;AACjD,IAAA,MAAM,aAAA,GAAgB,6BAA6B,OAAO,CAAA;AAE1D,IAAA,OAAO,IAAI,cAAA,CAAe;AAAA,MACxB,IAAA,EAAM,SAAS,IAAA,IAAQ,WAAA,EAAa,QAAQ,iBAAA,CAAkB,IAAA,CAAK,SAAS,MAAM,CAAA;AAAA,MAClF,OAAA,EACE,aAAA,KACC,OAAO,OAAA,EAAS,KAAA,KAAU,QAAA,GACvB,OAAA,CAAQ,KAAA,GACR,WAAA,EAAa,OAAA,KACZ,IAAA,CAAK,QAAA,CAAS,KACX,mDAAA,GACA,8BAAA,CAAA,CAAA;AAAA,MACV,MAAA,EAAQ,KAAK,QAAA,CAAS,MAAA;AAAA,MACtB,WAAW,OAAA,EAAS,SAAA;AAAA,MACpB,YAAY,OAAA,EAAS,UAAA;AAAA,MACrB,OAAA;AAAA,MACA,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,aAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA,EACH;AAEA,EAAA,eAAe,QAAW,IAAA,EAOa;AACrC,IAAA,MAAM,WAAA,GAAc,MAAM,kBAAA,EAAmB;AAC7C,IAAA,MAAM,MAAA,GAAS,KAAK,MAAA,IAAU,KAAA;AAC9B,IAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA;AACzD,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,MAC1B,cAAA,EAAgB,kBAAA;AAAA,MAChB,GAAG;AAAA,KACJ,CAAA;AACD,IAAA,IAAI,KAAK,cAAA,EAAgB;AACvB,MAAA,OAAA,CAAQ,GAAA,CAAI,iBAAA,EAAmB,IAAA,CAAK,cAAc,CAAA;AAAA,IACpD;AACA,IAAA,MAAM,SAAA,GACJ,OAAA,CAAQ,GAAA,CAAI,kBAAkB,GAAG,IAAA,EAAK,IACtC,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,EAAG,IAAA,EAAK,IAClC,IAAA,CAAK,aACL,gBAAA,EAAiB;AACnB,IAAA,IAAI,CAAC,QAAQ,GAAA,CAAI,kBAAkB,KAAK,CAAC,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,EAAG;AACpE,MAAA,OAAA,CAAQ,GAAA,CAAI,oBAAoB,SAAS,CAAA;AAAA,IAC3C;AAEA,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,OAAO,CAAA,EAAG,KAAK,IAAI,CAAA,CAAA;AAClC,IAAA,MAAM,iBAAiB,IAAA,CAAK,IAAA,GAAO,KAAK,SAAA,CAAU,IAAA,CAAK,IAAI,CAAA,GAAI,MAAA;AAC/D,IAAA,MAAM,IAAA,GAAoB;AAAA,MACxB,MAAA;AAAA,MACA,OAAA;AAAA,MACA,IAAA,EAAM;AAAA,KACR;AAEA,IAAA,IAAI,SAAA;AAEJ,IAAA,KAAA,IAAS,OAAA,GAAU,CAAA,EAAG,OAAA,IAAW,UAAA,EAAY,OAAA,EAAA,EAAW;AACtD,MAAA,MAAM,kBAAA,GAAgD;AAAA,QACpD,SAAA;AAAA,QACA,OAAA;AAAA,QACA,UAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,GAAA;AAAA,QACA,OAAA,EAAS,IAAI,OAAA,CAAQ,OAAO,CAAA;AAAA,QAC5B,IAAA,EAAM,cAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,MAAM,MAAA,CAAO,YAAY,kBAAkB,CAAA;AAC3C,MAAA,MAAM,SAAA,GAAY,KAAK,GAAA,EAAI;AAC3B,MAAA,IAAI;AACF,QAAA,MAAM,QAAA,GAAW,MAAM,gBAAA,CAAiB,GAAA,EAAK,MAAM,SAAS,CAAA;AAC5D,QAAA,MAAM,aAAA,GAAgB,SAAS,KAAA,EAAM;AACrC,QAAA,MAAM,OAAA,GAAU,MAAM,YAAA,CAAgB,QAAQ,CAAA;AAC9C,QAAA,MAAM,YAAA,GAAe,iBAAA;AAAA,UACnB,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,aAAa;AAAA,SACpC;AAEA,QAAA,IAAI,CAAC,QAAA,CAAS,EAAA,IAAM,CAAC,SAAS,OAAA,EAAS;AACrC,UAAA,MAAM,OAAA,GACJ,OAAA,IAAW,CAAC,OAAA,CAAQ,UAAW,OAAA,GAAqC,IAAA;AACtE,UAAA,MAAM,WAAW,aAAA,CAAc;AAAA,YAC7B,SAAA;AAAA,YACA,QAAA;AAAA,YACA;AAAA,WACD,CAAA;AACD,UAAA,MAAM,SAAA,GAAY,OAAA,GAAU,UAAA,IAAc,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAE3E,UAAA,MAAM,OAAO,UAAA,GAAa;AAAA,YACxB,GAAG,kBAAA;AAAA,YACH,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA;AAAA,YACzB,QAAQ,QAAA,CAAS,MAAA;AAAA,YACjB,QAAA,EAAU,aAAA;AAAA,YACV,KAAA,EAAO,QAAA;AAAA,YACP,aAAA,EAAe,SAAS,aAAA,IAAiB,SAAA;AAAA,YACzC,aAAA,EAAe,SAAS,aAAA,IAAiB,IAAA;AAAA,YACzC,YAAA;AAAA,YACA;AAAA,WACD,CAAA;AAED,UAAA,IAAI,SAAA,EAAW;AACb,YAAA,SAAA,GAAY,QAAA;AACZ,YAAA,MAAM,KAAA;AAAA,cACJ,mBAAA,CAAoB;AAAA,gBAClB,OAAA;AAAA,gBACA,QAAQ,QAAA,CAAS,MAAA;AAAA,gBACjB;AAAA,eACD;AAAA,aACH;AACA,YAAA;AAAA,UACF;AAEA,UAAA,MAAM,QAAA;AAAA,QACR;AAEA,QAAA,MAAM,cAAA,GAAiB,OAAA;AACvB,QAAA,MAAM,OAAO,UAAA,GAAa;AAAA,UACxB,GAAG,kBAAA;AAAA,UACH,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA;AAAA,UACzB,QAAQ,QAAA,CAAS,MAAA;AAAA,UACjB,QAAA,EAAU,aAAA;AAAA,UACV,aAAA,EACE,eAAe,aAAA,IACf,QAAA,CAAS,QAAQ,GAAA,CAAI,yBAAyB,CAAA,EAAG,IAAA,EAAK,IACtD,SAAA;AAAA,UACF,aAAA,EACE,eAAe,aAAA,IACf,QAAA,CAAS,QAAQ,GAAA,CAAI,0BAA0B,CAAA,EAAG,IAAA,EAAK,IACvD,IAAA;AAAA,UACF,kBAAkB,cAAA,CAAe,gBAAA;AAAA,UACjC,YAAA;AAAA,UACA,SAAA,EAAW;AAAA,SACZ,CAAA;AAED,QAAA,OAAO,cAAA;AAAA,MACT,SAAS,UAAA,EAAY;AACnB,QAAA,IAAI,sBAAsB,cAAA,EAAgB;AACxC,UAAA,MAAM,UAAA;AAAA,QACR;AACA,QAAA,MAAM,YAAY,OAAA,GAAU,UAAA;AAC5B,QAAA,MAAM,OAAO,UAAA,GAAa;AAAA,UACxB,GAAG,kBAAA;AAAA,UACH,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA;AAAA,UACzB,KAAA,EAAO,UAAA;AAAA,UACP,aAAA,EAAe,SAAA;AAAA,UACf,aAAA,EAAe,IAAA;AAAA,UACf;AAAA,SACD,CAAA;AACD,QAAA,SAAA,GAAY,UAAA;AACZ,QAAA,IAAI,SAAA,EAAW;AACb,UAAA,MAAM,KAAA,CAAM,mBAAA,CAAoB,EAAE,OAAA,EAAS,CAAC,CAAA;AAAA,QAC9C;AAAA,MACF;AAAA,IACF;AAEA,IAAA,MAAM,SAAA,YAAqB,KAAA,GACvB,SAAA,GACA,IAAI,MAAM,4CAA4C,CAAA;AAAA,EAC5D;AAEA,EAAA,OAAO;AAAA,IACL;AAAA,GACF;AACF;;;AC5aO,SAAS,oBAAA,CAAqB,MAAA,GAA+B,EAAC,EAAG;AACtE,EAAA,MAAM,OAAA,GAAU,2BAA2B,MAAM,CAAA;AAEjD,EAAA,OAAO;AAAA,IACL,MAAM,gBAAA,CACJ,QAAA,EACA,UAAA,EACA,sBACA,cAAA,EACA;AACA,MAAA,OAAO,QAAQ,OAAA,CAAgC;AAAA,QAC7C,IAAA,EAAM,oCAAA;AAAA,QACN,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM;AAAA,UACJ,QAAA;AAAA,UACA,UAAA;AAAA,UACA,MAAA,EAAQ;AAAA,SACV;AAAA,QACA,cAAA,EAAgB,kBAAkB,oBAAA;AAAqB,OACxD,CAAA;AAAA,IACH,CAAA;AAAA,IAEA,MAAM,qBAAA,CACJ,QAAA,EACA,QAAA,EACA,sBACA,cAAA,EACA;AACA,MAAA,OAAO,QAAQ,OAAA,CAAqC;AAAA,QAClD,IAAA,EAAM,0CAAA;AAAA,QACN,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM;AAAA,UACJ,QAAA;AAAA,UACA,QAAA;AAAA,UACA,MAAA,EAAQ;AAAA,SACV;AAAA,QACA,cAAA,EAAgB,kBAAkB,oBAAA;AAAqB,OACxD,CAAA;AAAA,IACH;AAAA,GACF;AACF","file":"evidenceClient.js","sourcesContent":["import type { JsonObject, JsonValue } from \"./types\";\n\n/** Tenant and workspace identifiers used to scope gateway requests. */\nexport type GatewayScope = {\n tenantId?: string;\n workspaceId?: string;\n};\n\n/** Successful response envelope from the platform gateway with correlation metadata. */\nexport type PlatformGatewaySuccess<T> = {\n success: true;\n data: T;\n correlationId: string;\n policyTraceId: string | null;\n idempotentReplay: boolean;\n};\n\n/** Failed response envelope with structured error codes and optional invariant references. */\nexport type PlatformGatewayFailure = {\n success: false;\n /**\n * Error string is the canonical envelope field.\n * Object form is legacy-only compatibility for older gateway responses.\n */\n error:\n | string\n | {\n code: string;\n message: string;\n details?: JsonValue;\n };\n code?: string;\n invariant?: string | null;\n suggestion?: string | null;\n details?: JsonValue;\n legacyError?: {\n code: string;\n message: string;\n details?: JsonValue;\n };\n correlationId: string;\n policyTraceId: string | null;\n};\n\n/** Discriminated union of success and failure gateway responses. */\nexport type PlatformGatewayEnvelope<T> =\n | PlatformGatewaySuccess<T>\n | PlatformGatewayFailure;\n\n/**\n * Structured error thrown when a platform API request fails.\n *\n * Includes HTTP status, machine-readable error code, optional invariant\n * reference, and actionable suggestions for common failure modes.\n */\nexport class LucernApiError extends Error {\n public readonly code: string;\n public readonly status: number;\n public readonly invariant?: string | null;\n public readonly suggestion?: string | null;\n public readonly details?: JsonValue;\n public readonly requestId?: string;\n public readonly correlationId?: string;\n public readonly policyTraceId?: string | null;\n\n constructor(args: {\n code: string;\n message: string;\n status: number;\n invariant?: string | null;\n suggestion?: string | null;\n details?: JsonValue;\n requestId?: string;\n correlationId?: string;\n policyTraceId?: string | null;\n }) {\n super(args.message);\n this.name = \"LucernApiError\";\n this.code = args.code;\n this.status = args.status;\n this.invariant = args.invariant;\n this.suggestion = args.suggestion;\n this.details = args.details;\n this.requestId = args.requestId;\n this.correlationId = args.correlationId;\n this.policyTraceId = args.policyTraceId;\n }\n}\n\n/** Supported HTTP methods for gateway requests. */\nexport type GatewayHttpMethod = \"GET\" | \"POST\" | \"PUT\" | \"PATCH\" | \"DELETE\";\n\ntype FetchLike = (\n input: RequestInfo | URL,\n init?: RequestInit\n) => Promise<Response>;\n\n/** Context passed to the `onRequest` hook before each gateway request attempt. */\nexport type GatewayRequestHookContext = {\n requestId: string;\n attempt: number;\n maxRetries: number;\n method: GatewayHttpMethod;\n path: string;\n url: string;\n headers: Headers;\n body?: string;\n timeoutMs: number;\n};\n\n/** Context passed to the `onResponse` hook after each gateway request attempt (including retries and failures). */\nexport type GatewayResponseHookContext = GatewayRequestHookContext & {\n durationMs: number;\n status?: number;\n response?: Response;\n error?: unknown;\n correlationId?: string;\n policyTraceId?: string | null;\n idempotentReplay?: boolean;\n retryAfterMs?: number | null;\n willRetry: boolean;\n};\n\n/**\n * Low-level transport configuration for the platform gateway client.\n *\n * Most developers should use {@link createLucernClient} instead, which wraps\n * this config with higher-level conveniences like `apiKey` and `environment`.\n */\nexport type GatewayClientConfig = {\n baseUrl?: string;\n fetchImpl?: FetchLike;\n getAuthHeaders?:\n | (() => Promise<Record<string, string>>)\n | (() => Record<string, string>);\n /** Max retries for transient errors (5xx, network). Defaults to 2. */\n maxRetries?: number;\n /** Request timeout in ms. Defaults to 15000. */\n timeoutMs?: number;\n /** Optional timeout overrides by HTTP method. */\n timeoutMsByMethod?: Partial<Record<GatewayHttpMethod, number>>;\n /** Optional request ID factory used for correlation headers. */\n requestIdFactory?: () => string;\n /** Invoked before each request attempt, including retries. */\n onRequest?:\n | ((context: GatewayRequestHookContext) => void)\n | ((context: GatewayRequestHookContext) => Promise<void>);\n /** Invoked after each request attempt, including retries and failures. */\n onResponse?:\n | ((context: GatewayResponseHookContext) => void)\n | ((context: GatewayResponseHookContext) => Promise<void>);\n};\n\n/**\n * Serialize a gateway query object into a URL query string.\n */\nexport function toQueryString(\n scope: GatewayScope & Record<string, string | number | boolean | undefined>\n): string {\n const params = new URLSearchParams();\n if (scope.tenantId) {\n params.set(\"tenantId\", scope.tenantId);\n }\n if (scope.workspaceId) {\n params.set(\"workspaceId\", scope.workspaceId);\n }\n for (const [key, value] of Object.entries(scope)) {\n if (key === \"tenantId\" || key === \"workspaceId\") {\n continue;\n }\n if (value === undefined) {\n continue;\n }\n params.set(key, String(value));\n }\n const serialized = params.toString();\n return serialized.length > 0 ? `?${serialized}` : \"\";\n}\n\nfunction fillRandomBytes(length: number): Uint8Array {\n const bytes = new Uint8Array(length);\n if (typeof globalThis.crypto?.getRandomValues === \"function\") {\n globalThis.crypto.getRandomValues(bytes);\n return bytes;\n }\n\n for (let index = 0; index < length; index += 1) {\n bytes[index] = Math.floor(Math.random() * 256);\n }\n return bytes;\n}\n\nfunction generatePortableRequestId(): string {\n if (typeof globalThis.crypto?.randomUUID === \"function\") {\n return globalThis.crypto.randomUUID();\n }\n\n const bytes = fillRandomBytes(16);\n bytes[6] = (bytes[6] & 0x0f) | 0x40;\n bytes[8] = (bytes[8] & 0x3f) | 0x80;\n const hex = Array.from(bytes, (value) => value.toString(16).padStart(2, \"0\"));\n return `${hex.slice(0, 4).join(\"\")}-${hex.slice(4, 6).join(\"\")}-${hex.slice(\n 6,\n 8\n ).join(\"\")}-${hex.slice(8, 10).join(\"\")}-${hex.slice(10).join(\"\")}`;\n}\n\n/**\n * Generate a random idempotency key for retry-safe writes.\n */\nexport function randomIdempotencyKey(): string {\n return generatePortableRequestId();\n}\n\nfunction isRetryableStatus(status: number): boolean {\n return status >= 500 || status === 408 || status === 429;\n}\n\nfunction fallbackErrorCode(status: number): string {\n if (status === 401) {\n return \"AUTHENTICATION_REQUIRED\";\n }\n if (status === 403) {\n return \"FORBIDDEN\";\n }\n if (status === 404) {\n return \"NOT_FOUND\";\n }\n if (status === 408) {\n return \"UPSTREAM_ERROR\";\n }\n if (status === 409) {\n return \"CONFLICT\";\n }\n if (status === 429) {\n return \"RATE_LIMIT_EXCEEDED\";\n }\n if (status >= 500) {\n return \"UPSTREAM_ERROR\";\n }\n return \"INTERNAL_ERROR\";\n}\n\nfunction delay(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\nfunction parseRetryAfterMs(value: string | null): number | null {\n if (!value) {\n return null;\n }\n const trimmed = value.trim();\n if (!trimmed) {\n return null;\n }\n const numeric = Number(trimmed);\n if (Number.isFinite(numeric)) {\n return Math.max(0, Math.round(numeric * 1000));\n }\n const parsedDate = Date.parse(trimmed);\n if (Number.isFinite(parsedDate)) {\n return Math.max(0, parsedDate - Date.now());\n }\n return null;\n}\n\nfunction computeRetryDelayMs(args: {\n attempt: number;\n status?: number;\n retryAfterMs?: number | null;\n}): number {\n const baseDelay =\n args.status === 429\n ? Math.max(\n args.retryAfterMs ?? 0,\n Math.min(1000 * 2 ** args.attempt, 10_000)\n )\n : Math.min(1000 * 2 ** args.attempt, 4000);\n\n if (args.status !== 429) {\n return baseDelay;\n }\n\n const jitterWindow = Math.max(250, Math.round(baseDelay * 0.25));\n return baseDelay + Math.round(Math.random() * jitterWindow);\n}\n\nfunction timeoutError(timeoutMs: number): Error {\n const error = new Error(`Request timed out after ${timeoutMs}ms`);\n error.name = \"AbortError\";\n return error;\n}\n\nfunction readPolicySummaryFromDetails(details?: JsonValue): string | null {\n if (!details || typeof details !== \"object\" || Array.isArray(details)) {\n return null;\n }\n\n const directSummary = (details as { summary?: JsonValue }).summary;\n if (typeof directSummary === \"string\" && directSummary.trim().length > 0) {\n return directSummary.trim();\n }\n\n const policy = (details as { policy?: JsonValue }).policy;\n if (!policy || typeof policy !== \"object\" || Array.isArray(policy)) {\n return null;\n }\n\n const explanation = (policy as { explanation?: JsonValue }).explanation;\n if (!explanation || typeof explanation !== \"object\" || Array.isArray(explanation)) {\n return null;\n }\n\n const nestedSummary = (explanation as { summary?: JsonValue }).summary;\n if (typeof nestedSummary === \"string\" && nestedSummary.trim().length > 0) {\n return nestedSummary.trim();\n }\n\n return null;\n}\n\n/**\n * Create the transport client used by all SDK modules.\n */\nexport function createGatewayRequestClient(config: GatewayClientConfig = {}) {\n const fetchImpl = config.fetchImpl ?? fetch;\n const baseUrl = config.baseUrl?.replace(/\\/+$/, \"\") ?? \"\";\n const maxRetries = config.maxRetries ?? 2;\n const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());\n\n async function resolveAuthHeaders(): Promise<Record<string, string>> {\n if (!config.getAuthHeaders) {\n return {};\n }\n return await config.getAuthHeaders();\n }\n\n async function fetchWithTimeout(\n url: string,\n init: RequestInit,\n timeoutMs: number\n ): Promise<Response> {\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), timeoutMs);\n try {\n return await fetchImpl(url, { ...init, signal: controller.signal });\n } catch (error) {\n if (controller.signal.aborted) {\n throw timeoutError(timeoutMs);\n }\n throw error;\n } finally {\n clearTimeout(timer);\n }\n }\n\n async function parsePayload<T>(\n response: Response\n ): Promise<PlatformGatewayEnvelope<T> | null> {\n const text = await response.text();\n if (!text) {\n return null;\n }\n try {\n return JSON.parse(text) as PlatformGatewayEnvelope<T>;\n } catch {\n return null;\n }\n }\n\n function resolveTimeoutMs(\n method: GatewayHttpMethod,\n requestTimeoutMs?: number\n ): number {\n if (typeof requestTimeoutMs === \"number\") {\n return requestTimeoutMs;\n }\n const methodTimeoutMs = config.timeoutMsByMethod?.[method];\n if (typeof methodTimeoutMs === \"number\") {\n return methodTimeoutMs;\n }\n return config.timeoutMs ?? 15_000;\n }\n\n function buildApiError(args: {\n requestId: string;\n response: Response;\n failure?: PlatformGatewayFailure | null;\n }): LucernApiError {\n const failure = args.failure;\n const legacyError =\n failure && typeof failure.error === \"object\" && failure.error !== null\n ? failure.error\n : failure?.legacyError;\n const correlationId =\n failure?.correlationId ??\n args.response.headers.get(\"x-lucern-correlation-id\")?.trim() ??\n args.requestId;\n const policyTraceId =\n failure?.policyTraceId ??\n args.response.headers.get(\"x-lucern-policy-trace-id\")?.trim() ??\n null;\n const details = failure?.details ?? legacyError?.details;\n const policySummary = readPolicySummaryFromDetails(details);\n\n return new LucernApiError({\n code: failure?.code ?? legacyError?.code ?? fallbackErrorCode(args.response.status),\n message:\n policySummary ??\n (typeof failure?.error === \"string\"\n ? failure.error\n : legacyError?.message ??\n (args.response.ok\n ? \"Platform API returned an invalid success payload.\"\n : \"Platform API request failed.\")),\n status: args.response.status,\n invariant: failure?.invariant,\n suggestion: failure?.suggestion,\n details,\n requestId: args.requestId,\n correlationId,\n policyTraceId,\n });\n }\n\n async function request<T>(args: {\n path: string;\n method?: GatewayHttpMethod;\n body?: JsonObject;\n idempotencyKey?: string;\n requestId?: string;\n timeoutMs?: number;\n }): Promise<PlatformGatewaySuccess<T>> {\n const authHeaders = await resolveAuthHeaders();\n const method = args.method ?? \"GET\";\n const timeoutMs = resolveTimeoutMs(method, args.timeoutMs);\n const headers = new Headers({\n \"content-type\": \"application/json\",\n ...authHeaders,\n });\n if (args.idempotencyKey) {\n headers.set(\"idempotency-key\", args.idempotencyKey);\n }\n const requestId =\n headers.get(\"x-correlation-id\")?.trim() ||\n headers.get(\"x-request-id\")?.trim() ||\n args.requestId ||\n requestIdFactory();\n if (!headers.has(\"x-correlation-id\") && !headers.has(\"x-request-id\")) {\n headers.set(\"x-correlation-id\", requestId);\n }\n\n const url = `${baseUrl}${args.path}`;\n const serializedBody = args.body ? JSON.stringify(args.body) : undefined;\n const init: RequestInit = {\n method,\n headers,\n body: serializedBody,\n };\n\n let lastError: unknown;\n\n for (let attempt = 0; attempt <= maxRetries; attempt++) {\n const hookRequestContext: GatewayRequestHookContext = {\n requestId,\n attempt,\n maxRetries,\n method,\n path: args.path,\n url,\n headers: new Headers(headers),\n body: serializedBody,\n timeoutMs,\n };\n await config.onRequest?.(hookRequestContext);\n const startedAt = Date.now();\n try {\n const response = await fetchWithTimeout(url, init, timeoutMs);\n const responseClone = response.clone();\n const payload = await parsePayload<T>(response);\n const retryAfterMs = parseRetryAfterMs(\n response.headers.get(\"Retry-After\")\n );\n\n if (!response.ok || !payload?.success) {\n const failure =\n payload && !payload.success ? (payload as PlatformGatewayFailure) : null;\n const apiError = buildApiError({\n requestId,\n response,\n failure,\n });\n const willRetry = attempt < maxRetries && isRetryableStatus(response.status);\n\n await config.onResponse?.({\n ...hookRequestContext,\n durationMs: Date.now() - startedAt,\n status: response.status,\n response: responseClone,\n error: apiError,\n correlationId: apiError.correlationId ?? requestId,\n policyTraceId: apiError.policyTraceId ?? null,\n retryAfterMs,\n willRetry,\n });\n\n if (willRetry) {\n lastError = apiError;\n await delay(\n computeRetryDelayMs({\n attempt,\n status: response.status,\n retryAfterMs,\n })\n );\n continue;\n }\n\n throw apiError;\n }\n\n const successPayload = payload as PlatformGatewaySuccess<T>;\n await config.onResponse?.({\n ...hookRequestContext,\n durationMs: Date.now() - startedAt,\n status: response.status,\n response: responseClone,\n correlationId:\n successPayload.correlationId ??\n response.headers.get(\"x-lucern-correlation-id\")?.trim() ??\n requestId,\n policyTraceId:\n successPayload.policyTraceId ??\n response.headers.get(\"x-lucern-policy-trace-id\")?.trim() ??\n null,\n idempotentReplay: successPayload.idempotentReplay,\n retryAfterMs,\n willRetry: false,\n });\n\n return successPayload;\n } catch (fetchError) {\n if (fetchError instanceof LucernApiError) {\n throw fetchError;\n }\n const willRetry = attempt < maxRetries;\n await config.onResponse?.({\n ...hookRequestContext,\n durationMs: Date.now() - startedAt,\n error: fetchError,\n correlationId: requestId,\n policyTraceId: null,\n willRetry,\n });\n lastError = fetchError;\n if (willRetry) {\n await delay(computeRetryDelayMs({ attempt }));\n }\n }\n }\n\n throw lastError instanceof Error\n ? lastError\n : new Error(\"Platform API request failed after retries.\");\n }\n\n return {\n request,\n };\n}\n","import {\n createGatewayRequestClient,\n type GatewayClientConfig,\n randomIdempotencyKey,\n} from \"./coreClient\";\n\ntype EvidenceClassificationRelation =\n | \"supports\"\n | \"contradicts\"\n | \"irrelevant\";\n\ntype ModelFallbackConfig = {\n modelKey: string;\n modelId: string;\n temperature: number;\n maxTokens: number;\n};\n\ntype ResolvedModelConfig = ModelFallbackConfig & {\n promptName: string;\n};\n\ntype TracingAdapter = {\n startGeneration(input: {\n name: string;\n userId?: string;\n promptName: string;\n model: string;\n input: unknown;\n }): Promise<{\n start: () => void;\n end: (output: unknown) => Promise<void>;\n error: (err: unknown) => Promise<void>;\n }>;\n};\n\ntype PromptResolver = (name: string) => Promise<string | null>;\n\ntype ModelResolver = (\n slotKey: string,\n fallback: ResolvedModelConfig\n) => Promise<ResolvedModelConfig>;\n\ntype ClassificationRuntimeAdapter = (input: {\n beliefId: string;\n evidenceId: string;\n belief: string;\n evidence: string;\n prompt: string;\n model: ResolvedModelConfig;\n}) => Promise<{\n relation: EvidenceClassificationRelation;\n rationale: string;\n}>;\n\n// Local mirror of the kernel adapter types so SDK DTS generation stays inside\n// packages/sdk rootDir. Source of truth:\n// packages/reasoning-kernel/src/adapters/evidenceClassifier.ts\nexport type SerializableClassifyEvidenceConfig = {\n promptName?: string;\n modelSlotKey?: string;\n modelFallback?: ModelFallbackConfig;\n edgeWeightPolicy?: {\n supports: number;\n contradicts: number;\n };\n statusTransition?: {\n onSupports: string;\n onContradicts: string;\n };\n writeLegacyTables?: boolean;\n};\n\nexport type ClassifyEvidenceConfig = SerializableClassifyEvidenceConfig & {\n trustDiscountPolicy?: (\n relation: Exclude<EvidenceClassificationRelation, \"irrelevant\">,\n rationale: string\n ) => number;\n tracing?: TracingAdapter;\n promptResolver?: PromptResolver;\n modelResolver?: ModelResolver;\n classifier?: ClassificationRuntimeAdapter;\n};\n\nexport type ClassifyEvidenceResult = {\n beliefId: string;\n evidenceId: string;\n relation: EvidenceClassificationRelation;\n rationale: string;\n usedFallback: boolean;\n edgeWeight?: number;\n promptName: string;\n model: ResolvedModelConfig;\n link?: {\n edgeGlobalId: string;\n linkId?: string;\n confidence: number;\n writeLegacyTables: boolean;\n };\n statusUpdate?: {\n previousStatus?: string;\n newStatus: string;\n historyWritten: boolean;\n };\n};\n\nexport type ClassifyEvidenceBatchItem = {\n evidenceId?: string;\n insightId?: string;\n nodeId?: string;\n text?: string;\n};\n\nexport type ClassifyEvidenceBatchResult = {\n items: ClassifyEvidenceResult[];\n summary: {\n supporting: number;\n contradicting: number;\n irrelevant: number;\n };\n};\n\nexport type { PlatformGatewaySuccess } from \"./coreClient\";\n\n/** Configuration for the evidence classification client. */\nexport type EvidenceClientConfig = GatewayClientConfig;\n\n/**\n * Serializable config accepted by the HTTP SDK surface.\n * Runtime-only ports stay inside the kernel adapter.\n */\nexport type EvidenceClassificationRequestConfig =\n SerializableClassifyEvidenceConfig;\n\n/**\n * Create the evidence classification client.\n *\n * This surface mirrors the promoted kernel primitive through the platform\n * gateway. Auth-scoped callers do not provide `createdBy`; the gateway derives\n * it from the authenticated principal.\n */\nexport function createEvidenceClient(config: EvidenceClientConfig = {}) {\n const gateway = createGatewayRequestClient(config);\n\n return {\n async classifyEvidence(\n beliefId: string,\n evidenceId: string,\n classificationConfig?: EvidenceClassificationRequestConfig,\n idempotencyKey?: string\n ) {\n return gateway.request<ClassifyEvidenceResult>({\n path: \"/api/platform/v1/evidence/classify\",\n method: \"POST\",\n body: {\n beliefId,\n evidenceId,\n config: classificationConfig,\n },\n idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),\n });\n },\n\n async classifyEvidenceBatch(\n beliefId: string,\n evidence: ClassifyEvidenceBatchItem[],\n classificationConfig?: EvidenceClassificationRequestConfig,\n idempotencyKey?: string\n ) {\n return gateway.request<ClassifyEvidenceBatchResult>({\n path: \"/api/platform/v1/evidence/classify-batch\",\n method: \"POST\",\n body: {\n beliefId,\n evidence,\n config: classificationConfig,\n },\n idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),\n });\n },\n };\n}\n"]}
|
package/dist/facade/context.d.ts
CHANGED
|
@@ -12,8 +12,7 @@ type ContextFacadeConfig = {
|
|
|
12
12
|
transport: ContextFacadeTransport;
|
|
13
13
|
};
|
|
14
14
|
declare function createContextFacade(config: ContextFacadeConfig): {
|
|
15
|
-
compile(
|
|
16
|
-
compileByQuery(input?: CompileContextInput): Promise<PublicCompiledContext>;
|
|
15
|
+
compile(topicId: string, input?: CompileContextInput): Promise<PublicCompiledContext>;
|
|
17
16
|
};
|
|
18
17
|
|
|
19
18
|
export { CompileContextInput, type ContextClientRequest, type ContextFacadeConfig, type ContextFacadeTransport, PublicCompiledContext, createContextFacade };
|
package/dist/facade/context.js
CHANGED
|
@@ -8,55 +8,50 @@ function cleanNumber(value) {
|
|
|
8
8
|
function cleanBoolean(value) {
|
|
9
9
|
return typeof value === "boolean" ? value : void 0;
|
|
10
10
|
}
|
|
11
|
-
function buildCompileContextRequest(
|
|
12
|
-
const
|
|
13
|
-
const
|
|
14
|
-
const topicId = typeof topicIdOrInput === "string" ? cleanString(topicIdOrInput) : cleanString(effectiveInput.topicId);
|
|
15
|
-
if (topicId) {
|
|
16
|
-
payload.topicId = topicId;
|
|
17
|
-
}
|
|
18
|
-
const query = cleanString(effectiveInput.query);
|
|
11
|
+
function buildCompileContextRequest(topicId, input = {}) {
|
|
12
|
+
const payload = { topicId };
|
|
13
|
+
const query = cleanString(input.query);
|
|
19
14
|
if (query) {
|
|
20
15
|
payload.query = query;
|
|
21
16
|
}
|
|
22
|
-
const budget = cleanNumber(
|
|
17
|
+
const budget = cleanNumber(input.budget) ?? cleanNumber(input.tokenBudget);
|
|
23
18
|
if (budget !== void 0) {
|
|
24
19
|
payload.budget = budget;
|
|
25
20
|
}
|
|
26
|
-
const ranking = cleanString(
|
|
21
|
+
const ranking = cleanString(input.ranking) ?? cleanString(input.rankingProfile);
|
|
27
22
|
if (ranking) {
|
|
28
23
|
payload.ranking = ranking;
|
|
29
24
|
}
|
|
30
|
-
const limit = cleanNumber(
|
|
25
|
+
const limit = cleanNumber(input.limit);
|
|
31
26
|
if (limit !== void 0) {
|
|
32
27
|
payload.limit = limit;
|
|
33
28
|
}
|
|
34
|
-
const maxDepth = cleanNumber(
|
|
29
|
+
const maxDepth = cleanNumber(input.maxDepth);
|
|
35
30
|
if (maxDepth !== void 0) {
|
|
36
31
|
payload.maxDepth = maxDepth;
|
|
37
32
|
}
|
|
38
|
-
const includeEntities = cleanBoolean(
|
|
33
|
+
const includeEntities = cleanBoolean(input.includeEntities);
|
|
39
34
|
if (includeEntities !== void 0) {
|
|
40
35
|
payload.includeEntities = includeEntities;
|
|
41
36
|
}
|
|
42
|
-
const mode = cleanString(
|
|
37
|
+
const mode = cleanString(input.mode);
|
|
43
38
|
if (mode) {
|
|
44
39
|
payload.mode = mode;
|
|
45
40
|
}
|
|
46
|
-
const includeFailures = cleanBoolean(
|
|
41
|
+
const includeFailures = cleanBoolean(input.includeFailures);
|
|
47
42
|
if (includeFailures !== void 0) {
|
|
48
43
|
payload.includeFailures = includeFailures;
|
|
49
44
|
}
|
|
50
|
-
const worktreeId = cleanString(
|
|
45
|
+
const worktreeId = cleanString(input.worktreeId);
|
|
51
46
|
if (worktreeId) {
|
|
52
47
|
payload.worktreeId = worktreeId;
|
|
53
48
|
}
|
|
54
|
-
const sessionId = cleanString(
|
|
49
|
+
const sessionId = cleanString(input.sessionId);
|
|
55
50
|
if (sessionId) {
|
|
56
51
|
payload.sessionId = sessionId;
|
|
57
52
|
}
|
|
58
|
-
if (Array.isArray(
|
|
59
|
-
payload.packWeightOverrides =
|
|
53
|
+
if (Array.isArray(input.packWeightOverrides) && input.packWeightOverrides.length > 0) {
|
|
54
|
+
payload.packWeightOverrides = input.packWeightOverrides;
|
|
60
55
|
}
|
|
61
56
|
return {
|
|
62
57
|
path: "/api/platform/v1/context/compile",
|
|
@@ -66,12 +61,8 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
|
|
|
66
61
|
}
|
|
67
62
|
function createContextFacade(config) {
|
|
68
63
|
return {
|
|
69
|
-
compile(
|
|
70
|
-
const request = buildCompileContextRequest(
|
|
71
|
-
return config.transport.request(request);
|
|
72
|
-
},
|
|
73
|
-
compileByQuery(input = {}) {
|
|
74
|
-
const request = buildCompileContextRequest(input);
|
|
64
|
+
compile(topicId, input = {}) {
|
|
65
|
+
const request = buildCompileContextRequest(topicId, input);
|
|
75
66
|
return config.transport.request(request);
|
|
76
67
|
}
|
|
77
68
|
};
|