@lucern/sdk 0.3.0-alpha.16 → 0.3.0-alpha.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +0 -8
- package/README.md +4 -110
- package/dist/adminClient.d.ts +8 -10
- package/dist/adminClient.js +39 -260
- package/dist/adminClient.js.map +1 -1
- package/dist/answersClient.d.ts +0 -2
- package/dist/answersClient.js +11 -239
- package/dist/answersClient.js.map +1 -1
- package/dist/audience/index.d.ts +1 -2
- package/dist/audience/index.js +3 -1
- package/dist/audience/index.js.map +1 -1
- package/dist/audiencesClient.d.ts +16 -18
- package/dist/audiencesClient.js +90 -315
- package/dist/audiencesClient.js.map +1 -1
- package/dist/auditClient.d.ts +0 -2
- package/dist/auditClient.js +15 -245
- package/dist/auditClient.js.map +1 -1
- package/dist/beliefs/index.d.ts +5 -27
- package/dist/beliefs/index.js +1177 -3842
- package/dist/beliefs/index.js.map +1 -1
- package/dist/beliefsClient.d.ts +2 -4
- package/dist/beliefsClient.js +26 -248
- package/dist/beliefsClient.js.map +1 -1
- package/dist/client-B6aWUUwp.d.ts +2552 -0
- package/dist/client.d.ts +27 -3041
- package/dist/client.js +1177 -3842
- package/dist/client.js.map +1 -1
- package/dist/contextClient.d.ts +3 -6
- package/dist/contextClient.js +30 -270
- package/dist/contextClient.js.map +1 -1
- package/dist/contextFacade.js +16 -25
- package/dist/contextFacade.js.map +1 -1
- package/dist/contextPackCompiler.js +30 -19
- package/dist/contextPackCompiler.js.map +1 -1
- package/dist/contextPackPolicy.js +17 -7
- package/dist/contextPackPolicy.js.map +1 -1
- package/dist/contextTypes.d.ts +0 -2
- package/dist/contracts/api-enums.contract.d.ts +2 -2
- package/dist/contracts/api-enums.contract.js +1 -6
- package/dist/contracts/api-enums.contract.js.map +1 -1
- package/dist/contracts/auth-session.contract.d.ts +1 -1
- package/dist/contracts/auth-session.contract.js +1 -13
- package/dist/contracts/auth-session.contract.js.map +1 -1
- package/dist/contracts/index.d.ts +0 -1
- package/dist/contracts/index.js +6 -133
- package/dist/contracts/index.js.map +1 -1
- package/dist/contracts/lens-filter.contract.js +3 -4
- package/dist/contracts/lens-filter.contract.js.map +1 -1
- package/dist/contracts/lens-workflow.contract.js +3 -4
- package/dist/contracts/lens-workflow.contract.js.map +1 -1
- package/dist/contracts/lensFilter.js +3 -4
- package/dist/contracts/lensFilter.js.map +1 -1
- package/dist/contracts/lensWorkflow.js +3 -4
- package/dist/contracts/lensWorkflow.js.map +1 -1
- package/dist/contracts/mcpTools.d.ts +1 -46
- package/dist/contracts/mcpTools.js +0 -108
- package/dist/contracts/mcpTools.js.map +1 -1
- package/dist/contradictions/index.d.ts +4 -26
- package/dist/contradictions/index.js +1177 -3842
- package/dist/contradictions/index.js.map +1 -1
- package/dist/coreClient.d.ts +2 -28
- package/dist/coreClient.js +14 -240
- package/dist/coreClient.js.map +1 -1
- package/dist/decisions/index.d.ts +14 -36
- package/dist/decisions/index.js +1177 -3842
- package/dist/decisions/index.js.map +1 -1
- package/dist/decisionsClient.d.ts +12 -6
- package/dist/decisionsClient.js +37 -253
- package/dist/decisionsClient.js.map +1 -1
- package/dist/edges/index.d.ts +87 -49
- package/dist/edges/index.js +1177 -3842
- package/dist/edges/index.js.map +1 -1
- package/dist/events.js +3 -6
- package/dist/events.js.map +1 -1
- package/dist/eventsCore.d.ts +1 -3
- package/dist/eventsCore.js +14 -240
- package/dist/eventsCore.js.map +1 -1
- package/dist/evidence/index.d.ts +4 -26
- package/dist/evidence/index.js +1177 -3842
- package/dist/evidence/index.js.map +1 -1
- package/dist/evidenceClient.d.ts +0 -2
- package/dist/evidenceClient.js +14 -240
- package/dist/evidenceClient.js.map +1 -1
- package/dist/facade/context.d.ts +1 -2
- package/dist/facade/context.js +16 -25
- package/dist/facade/context.js.map +1 -1
- package/dist/gatewayFacades.d.ts +46 -90
- package/dist/gatewayFacades.js +128 -609
- package/dist/gatewayFacades.js.map +1 -1
- package/dist/graphClient.d.ts +13 -8
- package/dist/graphClient.js +45 -262
- package/dist/graphClient.js.map +1 -1
- package/dist/harnessClient.d.ts +24 -15
- package/dist/harnessClient.js +42 -253
- package/dist/harnessClient.js.map +1 -1
- package/dist/identityClient.d.ts +11 -115
- package/dist/identityClient.js +33 -555
- package/dist/identityClient.js.map +1 -1
- package/dist/index.d.ts +6 -32
- package/dist/index.js +2580 -5825
- package/dist/index.js.map +1 -1
- package/dist/learningClient.d.ts +6 -8
- package/dist/learningClient.js +44 -270
- package/dist/learningClient.js.map +1 -1
- package/dist/lenses/index.d.ts +38 -78
- package/dist/lenses/index.js +1177 -3842
- package/dist/lenses/index.js.map +1 -1
- package/dist/nodes/index.d.ts +21 -65
- package/dist/nodes/index.js +1177 -3842
- package/dist/nodes/index.js.map +1 -1
- package/dist/ontologies/index.d.ts +32 -55
- package/dist/ontologies/index.js +1177 -3842
- package/dist/ontologies/index.js.map +1 -1
- package/dist/ontologyClient.d.ts +25 -19
- package/dist/ontologyClient.js +40 -276
- package/dist/ontologyClient.js.map +1 -1
- package/dist/packsClient.d.ts +23 -11
- package/dist/packsClient.js +46 -252
- package/dist/packsClient.js.map +1 -1
- package/dist/policyClient.d.ts +10 -13
- package/dist/policyClient.js +25 -261
- package/dist/policyClient.js.map +1 -1
- package/dist/questions/index.d.ts +4 -26
- package/dist/questions/index.js +1177 -3842
- package/dist/questions/index.js.map +1 -1
- package/dist/realtime/index.d.ts +1 -1
- package/dist/reportsClient.d.ts +7 -9
- package/dist/reportsClient.js +53 -299
- package/dist/reportsClient.js.map +1 -1
- package/dist/schemaClient.d.ts +3 -5
- package/dist/schemaClient.js +29 -253
- package/dist/schemaClient.js.map +1 -1
- package/dist/sdkSurface.d.ts +3 -8
- package/dist/sdkSurface.js +6 -10
- package/dist/sdkSurface.js.map +1 -1
- package/dist/sourcesClient.d.ts +0 -2
- package/dist/sourcesClient.js +14 -240
- package/dist/sourcesClient.js.map +1 -1
- package/dist/topics/index.d.ts +9 -37
- package/dist/topics/index.js +1177 -3844
- package/dist/topics/index.js.map +1 -1
- package/dist/topicsClient.d.ts +0 -4
- package/dist/topicsClient.js +24 -255
- package/dist/topicsClient.js.map +1 -1
- package/dist/types.d.ts +0 -17
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/dist/version.js.map +1 -1
- package/dist/workflowClient.d.ts +40 -60
- package/dist/workflowClient.js +58 -261
- package/dist/workflowClient.js.map +1 -1
- package/dist/worktrees/index.d.ts +33 -71
- package/dist/worktrees/index.js +1177 -3842
- package/dist/worktrees/index.js.map +1 -1
- package/package.json +3 -17
- package/dist/accessControl.d.ts +0 -79
- package/dist/accessControl.js +0 -1270
- package/dist/accessControl.js.map +0 -1
- package/dist/authContext.d.ts +0 -56
- package/dist/authContext.js +0 -170
- package/dist/authContext.js.map +0 -1
- package/dist/authDeviceClient.d.ts +0 -49
- package/dist/authDeviceClient.js +0 -121
- package/dist/authDeviceClient.js.map +0 -1
- package/dist/boundaryClientSurface.d.ts +0 -20
- package/dist/boundaryClientSurface.js +0 -73
- package/dist/boundaryClientSurface.js.map +0 -1
- package/dist/clientHelpers.d.ts +0 -48
- package/dist/clientHelpers.js +0 -137
- package/dist/clientHelpers.js.map +0 -1
- package/dist/control-plane.d.ts +0 -69
- package/dist/control-plane.js +0 -674
- package/dist/control-plane.js.map +0 -1
- package/dist/embeddingsClient.d.ts +0 -106
- package/dist/embeddingsClient.js +0 -749
- package/dist/embeddingsClient.js.map +0 -1
- package/dist/eventingClient.d.ts +0 -96
- package/dist/eventingClient.js +0 -746
- package/dist/eventingClient.js.map +0 -1
- package/dist/functionSurface.d.ts +0 -144
- package/dist/functionSurface.js +0 -1227
- package/dist/functionSurface.js.map +0 -1
- package/dist/functionSurfaceClient.d.ts +0 -8
- package/dist/functionSurfaceClient.js +0 -1227
- package/dist/functionSurfaceClient.js.map +0 -1
- package/dist/graphAnalysisClient.d.ts +0 -192
- package/dist/graphAnalysisClient.js +0 -817
- package/dist/graphAnalysisClient.js.map +0 -1
- package/dist/graphIntel.d.ts +0 -4
- package/dist/graphIntel.js +0 -3
- package/dist/graphIntel.js.map +0 -1
- package/dist/graphIntelligence.d.ts +0 -2
- package/dist/graphIntelligence.js +0 -47
- package/dist/graphIntelligence.js.map +0 -1
- package/dist/graphRecommendationsClient.d.ts +0 -56
- package/dist/graphRecommendationsClient.js +0 -682
- package/dist/graphRecommendationsClient.js.map +0 -1
- package/dist/graphStateClassifierClient.d.ts +0 -73
- package/dist/graphStateClassifierClient.js +0 -734
- package/dist/graphStateClassifierClient.js.map +0 -1
- package/dist/infisicalRuntime.d.ts +0 -43
- package/dist/infisicalRuntime.js +0 -346
- package/dist/infisicalRuntime.js.map +0 -1
- package/dist/jobsClient.d.ts +0 -98
- package/dist/jobsClient.js +0 -744
- package/dist/jobsClient.js.map +0 -1
- package/dist/mcpClient.d.ts +0 -28
- package/dist/mcpClient.js +0 -687
- package/dist/mcpClient.js.map +0 -1
- package/dist/modelRuntimeClient.d.ts +0 -72
- package/dist/modelRuntimeClient.js +0 -722
- package/dist/modelRuntimeClient.js.map +0 -1
- package/dist/ontologyLinksClient.d.ts +0 -71
- package/dist/ontologyLinksClient.js +0 -715
- package/dist/ontologyLinksClient.js.map +0 -1
- package/dist/orgGraphSearchClient.d.ts +0 -85
- package/dist/orgGraphSearchClient.js +0 -690
- package/dist/orgGraphSearchClient.js.map +0 -1
- package/dist/secrets.d.ts +0 -1
- package/dist/secrets.js +0 -3
- package/dist/secrets.js.map +0 -1
- package/dist/telemetryClient.d.ts +0 -94
- package/dist/telemetryClient.js +0 -759
- package/dist/telemetryClient.js.map +0 -1
- package/dist/toolRegistryClient.d.ts +0 -115
- package/dist/toolRegistryClient.js +0 -785
- package/dist/toolRegistryClient.js.map +0 -1
package/dist/identityClient.js
CHANGED
|
@@ -1,170 +1,3 @@
|
|
|
1
|
-
// src/authContext.ts
|
|
2
|
-
var LucernSdkAuthContextError = class extends Error {
|
|
3
|
-
reason;
|
|
4
|
-
constructor(reason, message) {
|
|
5
|
-
super(message);
|
|
6
|
-
this.name = "LucernSdkAuthContextError";
|
|
7
|
-
this.reason = reason;
|
|
8
|
-
}
|
|
9
|
-
};
|
|
10
|
-
function cleanString(value) {
|
|
11
|
-
const normalized = value?.trim();
|
|
12
|
-
return normalized ? normalized : void 0;
|
|
13
|
-
}
|
|
14
|
-
function cleanStringList(values) {
|
|
15
|
-
if (!values) {
|
|
16
|
-
return [];
|
|
17
|
-
}
|
|
18
|
-
return values.map((value) => value.trim()).filter(
|
|
19
|
-
(value, index, list) => value.length > 0 && list.indexOf(value) === index
|
|
20
|
-
);
|
|
21
|
-
}
|
|
22
|
-
function requireString(value, reason, label) {
|
|
23
|
-
const normalized = cleanString(value);
|
|
24
|
-
if (!normalized) {
|
|
25
|
-
throw new LucernSdkAuthContextError(
|
|
26
|
-
reason,
|
|
27
|
-
`Canonical Lucern SDK auth context is missing ${label}.`
|
|
28
|
-
);
|
|
29
|
-
}
|
|
30
|
-
return normalized;
|
|
31
|
-
}
|
|
32
|
-
function requirePrincipalType(principalType2) {
|
|
33
|
-
if (!principalType2) {
|
|
34
|
-
throw new LucernSdkAuthContextError(
|
|
35
|
-
"principal_missing",
|
|
36
|
-
"Canonical Lucern SDK auth context is missing principalType."
|
|
37
|
-
);
|
|
38
|
-
}
|
|
39
|
-
return principalType2;
|
|
40
|
-
}
|
|
41
|
-
function requireAuthMode(authMode) {
|
|
42
|
-
if (!authMode) {
|
|
43
|
-
throw new LucernSdkAuthContextError(
|
|
44
|
-
"principal_missing",
|
|
45
|
-
"Canonical Lucern SDK auth context is missing authMode."
|
|
46
|
-
);
|
|
47
|
-
}
|
|
48
|
-
return authMode;
|
|
49
|
-
}
|
|
50
|
-
function ensurePermitMatch(args) {
|
|
51
|
-
const actual = cleanString(args.actual);
|
|
52
|
-
if (actual && actual !== args.expected) {
|
|
53
|
-
throw new LucernSdkAuthContextError(
|
|
54
|
-
"policy_denied",
|
|
55
|
-
`Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`
|
|
56
|
-
);
|
|
57
|
-
}
|
|
58
|
-
}
|
|
59
|
-
function normalizeCanonicalLucernAuthContext(input) {
|
|
60
|
-
if (!input) {
|
|
61
|
-
throw new LucernSdkAuthContextError(
|
|
62
|
-
"principal_missing",
|
|
63
|
-
"Canonical Lucern SDK auth context is required."
|
|
64
|
-
);
|
|
65
|
-
}
|
|
66
|
-
if (input.policyDecision === "deny") {
|
|
67
|
-
throw new LucernSdkAuthContextError(
|
|
68
|
-
"policy_denied",
|
|
69
|
-
"Canonical Lucern SDK auth context carries a denied policy decision."
|
|
70
|
-
);
|
|
71
|
-
}
|
|
72
|
-
const principalId = requireString(
|
|
73
|
-
input.principalId,
|
|
74
|
-
"principal_missing",
|
|
75
|
-
"principalId"
|
|
76
|
-
);
|
|
77
|
-
const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
|
|
78
|
-
const workspaceId = requireString(
|
|
79
|
-
input.workspaceId,
|
|
80
|
-
"workspace_missing",
|
|
81
|
-
"workspaceId"
|
|
82
|
-
);
|
|
83
|
-
const roles = cleanStringList(input.roles);
|
|
84
|
-
const scopes = cleanStringList(input.scopes);
|
|
85
|
-
const principalType2 = requirePrincipalType(input.principalType);
|
|
86
|
-
const authMode = requireAuthMode(input.authMode);
|
|
87
|
-
const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
|
|
88
|
-
if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
|
|
89
|
-
throw new LucernSdkAuthContextError(
|
|
90
|
-
"membership_missing",
|
|
91
|
-
"Canonical Lucern SDK auth context requires non-empty roles and scopes."
|
|
92
|
-
);
|
|
93
|
-
}
|
|
94
|
-
const subject = cleanString(input.permit?.subject) ?? principalId;
|
|
95
|
-
const tenant = cleanString(input.permit?.tenant) ?? tenantId;
|
|
96
|
-
const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
|
|
97
|
-
ensurePermitMatch({
|
|
98
|
-
field: "subject",
|
|
99
|
-
expected: principalId,
|
|
100
|
-
actual: subject
|
|
101
|
-
});
|
|
102
|
-
ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
|
|
103
|
-
ensurePermitMatch({
|
|
104
|
-
field: "workspace",
|
|
105
|
-
expected: workspaceId,
|
|
106
|
-
actual: workspace
|
|
107
|
-
});
|
|
108
|
-
const context = input.permit?.context ? { ...input.permit.context } : void 0;
|
|
109
|
-
return {
|
|
110
|
-
clerkId: cleanString(input.clerkId),
|
|
111
|
-
principalId,
|
|
112
|
-
tenantId,
|
|
113
|
-
workspaceId,
|
|
114
|
-
principalType: principalType2,
|
|
115
|
-
authMode,
|
|
116
|
-
roles,
|
|
117
|
-
scopes,
|
|
118
|
-
delegationChain: input.delegationChain ? [...input.delegationChain] : [],
|
|
119
|
-
policyTraceId: cleanString(input.policyTraceId),
|
|
120
|
-
correlationId: cleanString(input.correlationId),
|
|
121
|
-
membershipId: cleanString(input.membershipId),
|
|
122
|
-
permit: {
|
|
123
|
-
subject,
|
|
124
|
-
tenant,
|
|
125
|
-
workspace,
|
|
126
|
-
resource: cleanString(input.permit?.resource),
|
|
127
|
-
action: cleanString(input.permit?.action),
|
|
128
|
-
relation: cleanString(input.permit?.relation),
|
|
129
|
-
context
|
|
130
|
-
}
|
|
131
|
-
};
|
|
132
|
-
}
|
|
133
|
-
function createCanonicalAuthHeaders(authContext) {
|
|
134
|
-
const headers = {
|
|
135
|
-
"x-lucern-principal-id": authContext.principalId,
|
|
136
|
-
"x-lucern-principal-type": authContext.principalType,
|
|
137
|
-
"x-lucern-tenant": authContext.tenantId,
|
|
138
|
-
"x-lucern-tenant-id": authContext.tenantId,
|
|
139
|
-
"x-lucern-workspace": authContext.workspaceId,
|
|
140
|
-
"x-lucern-workspace-id": authContext.workspaceId,
|
|
141
|
-
"x-lucern-auth-mode": authContext.authMode,
|
|
142
|
-
"x-lucern-roles": authContext.roles.join(","),
|
|
143
|
-
"x-lucern-scopes": authContext.scopes.join(","),
|
|
144
|
-
"x-lucern-permit-context": JSON.stringify(authContext.permit)
|
|
145
|
-
};
|
|
146
|
-
if (authContext.clerkId) {
|
|
147
|
-
headers["x-lucern-clerk-id"] = authContext.clerkId;
|
|
148
|
-
headers["x-lucern-user-id"] = authContext.clerkId;
|
|
149
|
-
}
|
|
150
|
-
if (authContext.delegationChain.length > 0) {
|
|
151
|
-
headers["x-lucern-delegation-chain"] = JSON.stringify(
|
|
152
|
-
authContext.delegationChain
|
|
153
|
-
);
|
|
154
|
-
}
|
|
155
|
-
if (authContext.policyTraceId) {
|
|
156
|
-
headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
|
|
157
|
-
}
|
|
158
|
-
if (authContext.correlationId) {
|
|
159
|
-
headers["x-correlation-id"] = authContext.correlationId;
|
|
160
|
-
headers["x-lucern-correlation-id"] = authContext.correlationId;
|
|
161
|
-
}
|
|
162
|
-
if (authContext.membershipId) {
|
|
163
|
-
headers["x-lucern-membership-id"] = authContext.membershipId;
|
|
164
|
-
}
|
|
165
|
-
return headers;
|
|
166
|
-
}
|
|
167
|
-
|
|
168
1
|
// src/coreClient.ts
|
|
169
2
|
var LucernApiError = class extends Error {
|
|
170
3
|
code;
|
|
@@ -232,7 +65,9 @@ function generatePortableRequestId() {
|
|
|
232
65
|
8
|
|
233
66
|
).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
|
|
234
67
|
}
|
|
235
|
-
|
|
68
|
+
function randomIdempotencyKey() {
|
|
69
|
+
return generatePortableRequestId();
|
|
70
|
+
}
|
|
236
71
|
function isRetryableStatus(status) {
|
|
237
72
|
return status >= 500 || status === 408 || status === 429;
|
|
238
73
|
}
|
|
@@ -297,11 +132,8 @@ function timeoutError(timeoutMs) {
|
|
|
297
132
|
error.name = "AbortError";
|
|
298
133
|
return error;
|
|
299
134
|
}
|
|
300
|
-
function isRecord(value) {
|
|
301
|
-
return value !== null && typeof value === "object" && !Array.isArray(value);
|
|
302
|
-
}
|
|
303
135
|
function readPolicySummaryFromDetails(details) {
|
|
304
|
-
if (!
|
|
136
|
+
if (!details || typeof details !== "object" || Array.isArray(details)) {
|
|
305
137
|
return null;
|
|
306
138
|
}
|
|
307
139
|
const directSummary = details.summary;
|
|
@@ -309,11 +141,11 @@ function readPolicySummaryFromDetails(details) {
|
|
|
309
141
|
return directSummary.trim();
|
|
310
142
|
}
|
|
311
143
|
const policy = details.policy;
|
|
312
|
-
if (!
|
|
144
|
+
if (!policy || typeof policy !== "object" || Array.isArray(policy)) {
|
|
313
145
|
return null;
|
|
314
146
|
}
|
|
315
147
|
const explanation = policy.explanation;
|
|
316
|
-
if (!
|
|
148
|
+
if (!explanation || typeof explanation !== "object" || Array.isArray(explanation)) {
|
|
317
149
|
return null;
|
|
318
150
|
}
|
|
319
151
|
const nestedSummary = explanation.summary;
|
|
@@ -322,59 +154,16 @@ function readPolicySummaryFromDetails(details) {
|
|
|
322
154
|
}
|
|
323
155
|
return null;
|
|
324
156
|
}
|
|
325
|
-
async function resolveConfiguredAuthContext(authContext) {
|
|
326
|
-
if (typeof authContext === "function") {
|
|
327
|
-
return await authContext();
|
|
328
|
-
}
|
|
329
|
-
return authContext;
|
|
330
|
-
}
|
|
331
|
-
function mergeHeaderRecord(base, addition) {
|
|
332
|
-
const headers = new Headers(base);
|
|
333
|
-
for (const [key, value] of Object.entries(addition)) {
|
|
334
|
-
const existing = headers.get(key);
|
|
335
|
-
if (existing !== null && existing !== value) {
|
|
336
|
-
throw new LucernSdkAuthContextError(
|
|
337
|
-
"policy_denied",
|
|
338
|
-
`Canonical Lucern SDK auth context conflicts with existing ${key} header.`
|
|
339
|
-
);
|
|
340
|
-
}
|
|
341
|
-
headers.set(key, value);
|
|
342
|
-
}
|
|
343
|
-
return Object.fromEntries(headers.entries());
|
|
344
|
-
}
|
|
345
|
-
function cleanHeaderValue(value) {
|
|
346
|
-
const normalized = value?.trim();
|
|
347
|
-
return normalized ? normalized : void 0;
|
|
348
|
-
}
|
|
349
157
|
function createGatewayRequestClient(config = {}) {
|
|
350
158
|
const fetchImpl = config.fetchImpl ?? fetch;
|
|
351
159
|
const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
|
|
352
160
|
const maxRetries = config.maxRetries ?? 2;
|
|
353
161
|
const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
|
|
354
162
|
async function resolveAuthHeaders() {
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
const setIfAbsent = (name, value) => {
|
|
358
|
-
const normalized = cleanHeaderValue(value);
|
|
359
|
-
if (normalized && !headers.has(name)) {
|
|
360
|
-
headers.set(name, normalized);
|
|
361
|
-
}
|
|
362
|
-
};
|
|
363
|
-
setIfAbsent("x-lucern-key", config.apiKey);
|
|
364
|
-
setIfAbsent("x-lucern-session-token", config.userToken);
|
|
365
|
-
setIfAbsent("x-lucern-environment", config.environment);
|
|
366
|
-
setIfAbsent("x-lucern-clerk-id", config.clerkId);
|
|
367
|
-
setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
|
|
368
|
-
setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
|
|
369
|
-
const base = Object.fromEntries(headers.entries());
|
|
370
|
-
const authContextInput = await resolveConfiguredAuthContext(
|
|
371
|
-
config.authContext
|
|
372
|
-
);
|
|
373
|
-
if (!authContextInput && !config.requireCanonicalAuthContext) {
|
|
374
|
-
return base;
|
|
163
|
+
if (!config.getAuthHeaders) {
|
|
164
|
+
return {};
|
|
375
165
|
}
|
|
376
|
-
|
|
377
|
-
return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));
|
|
166
|
+
return await config.getAuthHeaders();
|
|
378
167
|
}
|
|
379
168
|
async function fetchWithTimeout(url, init, timeoutMs) {
|
|
380
169
|
const controller = new AbortController();
|
|
@@ -395,11 +184,11 @@ function createGatewayRequestClient(config = {}) {
|
|
|
395
184
|
if (!text) {
|
|
396
185
|
return null;
|
|
397
186
|
}
|
|
398
|
-
|
|
399
|
-
|
|
187
|
+
try {
|
|
188
|
+
return JSON.parse(text);
|
|
189
|
+
} catch {
|
|
400
190
|
return null;
|
|
401
191
|
}
|
|
402
|
-
return isRecord(parsed.value) ? parsed.value : null;
|
|
403
192
|
}
|
|
404
193
|
function resolveTimeoutMs(method, requestTimeoutMs) {
|
|
405
194
|
if (typeof requestTimeoutMs === "number") {
|
|
@@ -411,31 +200,16 @@ function createGatewayRequestClient(config = {}) {
|
|
|
411
200
|
}
|
|
412
201
|
return config.timeoutMs ?? 15e3;
|
|
413
202
|
}
|
|
414
|
-
function tryParseGatewayEnvelopeJson(text) {
|
|
415
|
-
const trimmed = text.trim();
|
|
416
|
-
if (!trimmed.startsWith("{") && !trimmed.startsWith("[")) {
|
|
417
|
-
return { ok: false, reason: "non-json" };
|
|
418
|
-
}
|
|
419
|
-
try {
|
|
420
|
-
return { ok: true, value: JSON.parse(trimmed) };
|
|
421
|
-
} catch (error) {
|
|
422
|
-
if (error instanceof SyntaxError) {
|
|
423
|
-
return { ok: false, reason: "invalid-json", error };
|
|
424
|
-
}
|
|
425
|
-
throw error;
|
|
426
|
-
}
|
|
427
|
-
}
|
|
428
203
|
function buildApiError(args) {
|
|
429
204
|
const failure = args.failure;
|
|
430
|
-
const legacyError = failure &&
|
|
205
|
+
const legacyError = failure && typeof failure.error === "object" && failure.error !== null ? failure.error : failure?.legacyError;
|
|
431
206
|
const correlationId = failure?.correlationId ?? args.response.headers.get("x-lucern-correlation-id")?.trim() ?? args.requestId;
|
|
432
207
|
const policyTraceId = failure?.policyTraceId ?? args.response.headers.get("x-lucern-policy-trace-id")?.trim() ?? null;
|
|
433
208
|
const details = failure?.details ?? legacyError?.details;
|
|
434
209
|
const policySummary = readPolicySummaryFromDetails(details);
|
|
435
|
-
const failureMessage = typeof failure?.error === "string" ? failure.error : legacyError?.message;
|
|
436
210
|
return new LucernApiError({
|
|
437
211
|
code: failure?.code ?? legacyError?.code ?? fallbackErrorCode(args.response.status),
|
|
438
|
-
message: policySummary ??
|
|
212
|
+
message: policySummary ?? (typeof failure?.error === "string" ? failure.error : legacyError?.message ?? (args.response.ok ? "Platform API returned an invalid success payload." : "Platform API request failed.")),
|
|
439
213
|
status: args.response.status,
|
|
440
214
|
invariant: failure?.invariant,
|
|
441
215
|
suggestion: failure?.suggestion,
|
|
@@ -567,10 +341,7 @@ function createListResult(items, legacyKey) {
|
|
|
567
341
|
total: items.length
|
|
568
342
|
};
|
|
569
343
|
if (legacyKey) {
|
|
570
|
-
|
|
571
|
-
...result,
|
|
572
|
-
[legacyKey]: items
|
|
573
|
-
};
|
|
344
|
+
result[legacyKey] = items;
|
|
574
345
|
}
|
|
575
346
|
return result;
|
|
576
347
|
}
|
|
@@ -581,146 +352,6 @@ function mapGatewayData(response, mapper) {
|
|
|
581
352
|
};
|
|
582
353
|
}
|
|
583
354
|
|
|
584
|
-
// src/boundaryClientSurface.ts
|
|
585
|
-
function cleanOptionalString(value) {
|
|
586
|
-
const normalized = value?.trim();
|
|
587
|
-
return normalized ? normalized : void 0;
|
|
588
|
-
}
|
|
589
|
-
function isRecord2(value) {
|
|
590
|
-
return Boolean(value) && typeof value === "object" && !Array.isArray(value);
|
|
591
|
-
}
|
|
592
|
-
function cleanRequiredString(value, label) {
|
|
593
|
-
const normalized = cleanOptionalString(value);
|
|
594
|
-
if (!normalized) {
|
|
595
|
-
throw new Error(`${label} is required`);
|
|
596
|
-
}
|
|
597
|
-
return normalized;
|
|
598
|
-
}
|
|
599
|
-
function assertKnownKeys(input, allowed, operation) {
|
|
600
|
-
const allowedSet = new Set(allowed);
|
|
601
|
-
const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
|
|
602
|
-
if (unknownKeys.length > 0) {
|
|
603
|
-
throw new Error(
|
|
604
|
-
`${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
|
|
605
|
-
);
|
|
606
|
-
}
|
|
607
|
-
}
|
|
608
|
-
function knownPayload(input, allowed, operation) {
|
|
609
|
-
assertKnownKeys(input, allowed, operation);
|
|
610
|
-
return { ...input };
|
|
611
|
-
}
|
|
612
|
-
function listResultFromEnvelope(data, legacyKey) {
|
|
613
|
-
const record = isRecord2(data) ? data : {};
|
|
614
|
-
const legacyItems = record[legacyKey];
|
|
615
|
-
return createListResult(
|
|
616
|
-
Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
|
|
617
|
-
legacyKey
|
|
618
|
-
);
|
|
619
|
-
}
|
|
620
|
-
|
|
621
|
-
// src/control-plane.ts
|
|
622
|
-
var LucernControlPlaneIdentityError = class extends Error {
|
|
623
|
-
reason;
|
|
624
|
-
principalStatus;
|
|
625
|
-
tenantStatus;
|
|
626
|
-
workspaceStatus;
|
|
627
|
-
details;
|
|
628
|
-
constructor(failure) {
|
|
629
|
-
super(failure.message);
|
|
630
|
-
this.name = "LucernControlPlaneIdentityError";
|
|
631
|
-
this.reason = failure.reason;
|
|
632
|
-
this.principalStatus = failure.principalStatus;
|
|
633
|
-
this.tenantStatus = failure.tenantStatus;
|
|
634
|
-
this.workspaceStatus = failure.workspaceStatus;
|
|
635
|
-
this.details = failure.details;
|
|
636
|
-
}
|
|
637
|
-
};
|
|
638
|
-
function cleanString2(value) {
|
|
639
|
-
return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
|
|
640
|
-
}
|
|
641
|
-
function stringList(value) {
|
|
642
|
-
if (!Array.isArray(value)) {
|
|
643
|
-
return [];
|
|
644
|
-
}
|
|
645
|
-
return [
|
|
646
|
-
...new Set(
|
|
647
|
-
value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
|
|
648
|
-
)
|
|
649
|
-
];
|
|
650
|
-
}
|
|
651
|
-
function principalType(value) {
|
|
652
|
-
switch (value) {
|
|
653
|
-
case "service":
|
|
654
|
-
case "service_principal":
|
|
655
|
-
return "service";
|
|
656
|
-
case "agent":
|
|
657
|
-
return "agent";
|
|
658
|
-
case "group":
|
|
659
|
-
return "group";
|
|
660
|
-
case "external_viewer":
|
|
661
|
-
case "external_stakeholder":
|
|
662
|
-
return "external_viewer";
|
|
663
|
-
default:
|
|
664
|
-
return "human";
|
|
665
|
-
}
|
|
666
|
-
}
|
|
667
|
-
function adminFlags(roles) {
|
|
668
|
-
const normalized = roles.map((role) => role.toLowerCase());
|
|
669
|
-
const isPlatformAdmin = normalized.includes("platform_admin");
|
|
670
|
-
const isTenantAdmin = isPlatformAdmin || normalized.includes("tenant_admin");
|
|
671
|
-
const isWorkspaceAdmin = isTenantAdmin || normalized.includes("workspace_admin") || normalized.includes("workspace_owner");
|
|
672
|
-
return { isPlatformAdmin, isTenantAdmin, isWorkspaceAdmin };
|
|
673
|
-
}
|
|
674
|
-
function normalizeResolvedInteractivePrincipal(payload) {
|
|
675
|
-
if ("ok" in payload && payload.ok === false) {
|
|
676
|
-
throw new LucernControlPlaneIdentityError(payload);
|
|
677
|
-
}
|
|
678
|
-
const principalId = cleanString2(payload.principalId);
|
|
679
|
-
const clerkId = cleanString2(payload.clerkId);
|
|
680
|
-
const tenantId = cleanString2(payload.tenantId);
|
|
681
|
-
if (!principalId || !clerkId || !tenantId) {
|
|
682
|
-
throw new LucernControlPlaneIdentityError({
|
|
683
|
-
ok: false,
|
|
684
|
-
reason: "resolver_unavailable",
|
|
685
|
-
message: "Control-plane principal resolver returned an incomplete principal context.",
|
|
686
|
-
principalStatus: payload.principalStatus ?? "missing",
|
|
687
|
-
tenantStatus: payload.tenantStatus,
|
|
688
|
-
workspaceStatus: payload.workspaceStatus
|
|
689
|
-
});
|
|
690
|
-
}
|
|
691
|
-
const roles = stringList(payload.roles);
|
|
692
|
-
const scopes = stringList(payload.scopes);
|
|
693
|
-
const workspaceId = cleanString2(payload.workspaceId) ?? null;
|
|
694
|
-
const flags = adminFlags(roles);
|
|
695
|
-
return {
|
|
696
|
-
principalId,
|
|
697
|
-
principalType: principalType(payload.principalType),
|
|
698
|
-
clerkId,
|
|
699
|
-
tenantId,
|
|
700
|
-
workspaceId,
|
|
701
|
-
roles,
|
|
702
|
-
scopes,
|
|
703
|
-
groupIds: stringList(payload.groupIds),
|
|
704
|
-
permittedToolNames: stringList(payload.permittedToolNames),
|
|
705
|
-
permittedPackKeys: stringList(payload.permittedPackKeys),
|
|
706
|
-
principalStatus: cleanString2(payload.principalStatus) ?? "active",
|
|
707
|
-
tenantStatus: cleanString2(payload.tenantStatus) ?? "active",
|
|
708
|
-
workspaceStatus: cleanString2(payload.workspaceStatus) ?? (workspaceId ? "active" : "none"),
|
|
709
|
-
isPlatformAdmin: typeof payload.isPlatformAdmin === "boolean" ? payload.isPlatformAdmin : flags.isPlatformAdmin,
|
|
710
|
-
isTenantAdmin: typeof payload.isTenantAdmin === "boolean" ? payload.isTenantAdmin : flags.isTenantAdmin,
|
|
711
|
-
isWorkspaceAdmin: typeof payload.isWorkspaceAdmin === "boolean" ? payload.isWorkspaceAdmin : flags.isWorkspaceAdmin,
|
|
712
|
-
permit: {
|
|
713
|
-
subject: cleanString2(payload.permit?.subject) ?? principalId,
|
|
714
|
-
tenant: cleanString2(payload.permit?.tenant) ?? tenantId,
|
|
715
|
-
...workspaceId ? { workspace: cleanString2(payload.permit?.workspace) ?? workspaceId } : {}
|
|
716
|
-
},
|
|
717
|
-
authMode: "interactive_user",
|
|
718
|
-
sessionId: payload.sessionId,
|
|
719
|
-
delegatedBy: payload.delegatedBy,
|
|
720
|
-
expiresAt: payload.expiresAt
|
|
721
|
-
};
|
|
722
|
-
}
|
|
723
|
-
|
|
724
355
|
// src/identityClient.ts
|
|
725
356
|
function createIdentityWhoamiClient(config = {}) {
|
|
726
357
|
const gateway = createGatewayRequestClient(config);
|
|
@@ -732,37 +363,6 @@ function createIdentityWhoamiClient(config = {}) {
|
|
|
732
363
|
}
|
|
733
364
|
};
|
|
734
365
|
}
|
|
735
|
-
var TENANT_IDENTITY_FIELDS = [
|
|
736
|
-
"tenantId",
|
|
737
|
-
"workspaceId",
|
|
738
|
-
"principalId",
|
|
739
|
-
"integrationKey",
|
|
740
|
-
"secretRef",
|
|
741
|
-
"policySubject",
|
|
742
|
-
"policyAction",
|
|
743
|
-
"policyResource",
|
|
744
|
-
"decision",
|
|
745
|
-
"config",
|
|
746
|
-
"configKey",
|
|
747
|
-
"configValue",
|
|
748
|
-
"provider",
|
|
749
|
-
"status",
|
|
750
|
-
"metadata",
|
|
751
|
-
"limit",
|
|
752
|
-
"cursor"
|
|
753
|
-
];
|
|
754
|
-
function tenantIdentityQuery(input) {
|
|
755
|
-
return {
|
|
756
|
-
tenantId: cleanRequiredString(input.tenantId, "tenantId"),
|
|
757
|
-
workspaceId: input.workspaceId,
|
|
758
|
-
principalId: input.principalId,
|
|
759
|
-
limit: input.limit,
|
|
760
|
-
cursor: input.cursor
|
|
761
|
-
};
|
|
762
|
-
}
|
|
763
|
-
function tenantIdentityBody(input, operation) {
|
|
764
|
-
return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
|
|
765
|
-
}
|
|
766
366
|
function createIdentityClient(config = {}) {
|
|
767
367
|
const gateway = createGatewayRequestClient(config);
|
|
768
368
|
const whoamiClient = createIdentityWhoamiClient(config);
|
|
@@ -772,13 +372,6 @@ function createIdentityClient(config = {}) {
|
|
|
772
372
|
body: input,
|
|
773
373
|
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
774
374
|
});
|
|
775
|
-
const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
|
|
776
|
-
const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
|
|
777
|
-
path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
|
|
778
|
-
method: "POST",
|
|
779
|
-
body: input,
|
|
780
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
781
|
-
});
|
|
782
375
|
return {
|
|
783
376
|
/**
|
|
784
377
|
* Resolve the current authenticated identity summary.
|
|
@@ -788,25 +381,13 @@ function createIdentityClient(config = {}) {
|
|
|
788
381
|
(response) => mapGatewayData(response, (data) => ({
|
|
789
382
|
principalId: data.principalId,
|
|
790
383
|
principalType: data.principalType,
|
|
791
|
-
clerkId: data.clerkId,
|
|
792
384
|
tenantId: data.tenantId ?? null,
|
|
793
385
|
workspaceId: data.workspaceId ?? null,
|
|
794
386
|
scopes: Array.isArray(data.scopes) ? data.scopes : [],
|
|
795
387
|
roles: Array.isArray(data.roles) ? data.roles : [],
|
|
796
|
-
groupIds: Array.isArray(data.groupIds) ? data.groupIds : [],
|
|
797
|
-
permittedToolNames: Array.isArray(data.permittedToolNames) ? data.permittedToolNames : [],
|
|
798
|
-
permittedPackKeys: Array.isArray(data.permittedPackKeys) ? data.permittedPackKeys : [],
|
|
799
|
-
principalStatus: data.principalStatus,
|
|
800
|
-
tenantStatus: data.tenantStatus,
|
|
801
|
-
workspaceStatus: data.workspaceStatus,
|
|
802
388
|
isPlatformAdmin: data.isPlatformAdmin === true,
|
|
803
389
|
isTenantAdmin: data.isTenantAdmin === true,
|
|
804
390
|
isWorkspaceAdmin: data.isWorkspaceAdmin === true,
|
|
805
|
-
permit: data.permit ?? (data.tenantId ? {
|
|
806
|
-
subject: data.principalId,
|
|
807
|
-
tenant: data.tenantId,
|
|
808
|
-
...data.workspaceId ? { workspace: data.workspaceId } : {}
|
|
809
|
-
} : void 0),
|
|
810
391
|
authMode: data.authMode,
|
|
811
392
|
sessionId: data.sessionId,
|
|
812
393
|
delegatedBy: data.delegatedBy,
|
|
@@ -814,19 +395,6 @@ function createIdentityClient(config = {}) {
|
|
|
814
395
|
}))
|
|
815
396
|
);
|
|
816
397
|
},
|
|
817
|
-
/**
|
|
818
|
-
* Resolve a Clerk subject through the tenant control-plane Permit projection.
|
|
819
|
-
* @deprecated Prefer lucern.controlPlane.identity.resolveInteractivePrincipal().
|
|
820
|
-
*/
|
|
821
|
-
async resolveInteractivePrincipal(input) {
|
|
822
|
-
return gateway.request({
|
|
823
|
-
path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
|
|
824
|
-
method: "POST",
|
|
825
|
-
body: input
|
|
826
|
-
}).then(
|
|
827
|
-
(response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
|
|
828
|
-
);
|
|
829
|
-
},
|
|
830
398
|
/**
|
|
831
399
|
* List principals in the current identity scope.
|
|
832
400
|
*/
|
|
@@ -852,11 +420,15 @@ function createIdentityClient(config = {}) {
|
|
|
852
420
|
/**
|
|
853
421
|
* Update a principal.
|
|
854
422
|
*/
|
|
855
|
-
updatePrincipal,
|
|
423
|
+
async updatePrincipal(input, idempotencyKey) {
|
|
424
|
+
return requestPrincipalWrite("PATCH", input, idempotencyKey);
|
|
425
|
+
},
|
|
856
426
|
/**
|
|
857
427
|
* @deprecated Use createPrincipal or updatePrincipal.
|
|
858
428
|
*/
|
|
859
|
-
upsertPrincipal
|
|
429
|
+
async upsertPrincipal(input, idempotencyKey) {
|
|
430
|
+
return requestPrincipalWrite("PATCH", input, idempotencyKey);
|
|
431
|
+
},
|
|
860
432
|
/**
|
|
861
433
|
* List keys in the current identity scope.
|
|
862
434
|
*/
|
|
@@ -895,11 +467,20 @@ function createIdentityClient(config = {}) {
|
|
|
895
467
|
/**
|
|
896
468
|
* Delete an API key by revoking it.
|
|
897
469
|
*/
|
|
898
|
-
deleteKey,
|
|
470
|
+
async deleteKey(keyId, input = {}, idempotencyKey) {
|
|
471
|
+
return gateway.request({
|
|
472
|
+
path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
|
|
473
|
+
method: "POST",
|
|
474
|
+
body: input,
|
|
475
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
476
|
+
});
|
|
477
|
+
},
|
|
899
478
|
/**
|
|
900
479
|
* @deprecated Use deleteKey.
|
|
901
480
|
*/
|
|
902
|
-
revokeKey
|
|
481
|
+
async revokeKey(keyId, input = {}, idempotencyKey) {
|
|
482
|
+
return this.deleteKey(keyId, input, idempotencyKey);
|
|
483
|
+
},
|
|
903
484
|
/**
|
|
904
485
|
* Search Clerk users by email or display attributes.
|
|
905
486
|
*/
|
|
@@ -907,113 +488,10 @@ function createIdentityClient(config = {}) {
|
|
|
907
488
|
return gateway.request({
|
|
908
489
|
path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
|
|
909
490
|
});
|
|
910
|
-
},
|
|
911
|
-
async getTenantConfig(input) {
|
|
912
|
-
return gateway.request({
|
|
913
|
-
path: `/api/platform/v1/identity/tenant-config${toQueryString(
|
|
914
|
-
tenantIdentityQuery(input)
|
|
915
|
-
)}`
|
|
916
|
-
});
|
|
917
|
-
},
|
|
918
|
-
async updateTenantConfig(input, idempotencyKey) {
|
|
919
|
-
cleanRequiredString(input.tenantId, "tenantId");
|
|
920
|
-
return gateway.request({
|
|
921
|
-
path: "/api/platform/v1/identity/tenant-config",
|
|
922
|
-
method: "PATCH",
|
|
923
|
-
body: tenantIdentityBody(
|
|
924
|
-
input,
|
|
925
|
-
"identity.updateTenantConfig"
|
|
926
|
-
),
|
|
927
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
928
|
-
});
|
|
929
|
-
},
|
|
930
|
-
async listIntegrations(input) {
|
|
931
|
-
return gateway.request({
|
|
932
|
-
path: `/api/platform/v1/identity/integrations${toQueryString(
|
|
933
|
-
tenantIdentityQuery(input)
|
|
934
|
-
)}`
|
|
935
|
-
}).then(
|
|
936
|
-
(response) => mapGatewayData(
|
|
937
|
-
response,
|
|
938
|
-
(data) => listResultFromEnvelope(
|
|
939
|
-
data,
|
|
940
|
-
"integrations"
|
|
941
|
-
)
|
|
942
|
-
)
|
|
943
|
-
);
|
|
944
|
-
},
|
|
945
|
-
async upsertIntegration(input, idempotencyKey) {
|
|
946
|
-
cleanRequiredString(input.tenantId, "tenantId");
|
|
947
|
-
cleanRequiredString(input.integrationKey, "integrationKey");
|
|
948
|
-
return gateway.request({
|
|
949
|
-
path: "/api/platform/v1/identity/integrations",
|
|
950
|
-
method: "PUT",
|
|
951
|
-
body: tenantIdentityBody(
|
|
952
|
-
input,
|
|
953
|
-
"identity.upsertIntegration"
|
|
954
|
-
),
|
|
955
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
956
|
-
});
|
|
957
|
-
},
|
|
958
|
-
async listSecrets(input) {
|
|
959
|
-
return gateway.request({
|
|
960
|
-
path: `/api/platform/v1/identity/secrets${toQueryString(
|
|
961
|
-
tenantIdentityQuery(input)
|
|
962
|
-
)}`
|
|
963
|
-
}).then(
|
|
964
|
-
(response) => mapGatewayData(
|
|
965
|
-
response,
|
|
966
|
-
(data) => listResultFromEnvelope(
|
|
967
|
-
data,
|
|
968
|
-
"secrets"
|
|
969
|
-
)
|
|
970
|
-
)
|
|
971
|
-
);
|
|
972
|
-
},
|
|
973
|
-
async putSecretReference(input, idempotencyKey) {
|
|
974
|
-
cleanRequiredString(input.tenantId, "tenantId");
|
|
975
|
-
cleanRequiredString(input.secretRef, "secretRef");
|
|
976
|
-
return gateway.request({
|
|
977
|
-
path: "/api/platform/v1/identity/secrets",
|
|
978
|
-
method: "PUT",
|
|
979
|
-
body: tenantIdentityBody(
|
|
980
|
-
input,
|
|
981
|
-
"identity.putSecretReference"
|
|
982
|
-
),
|
|
983
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
984
|
-
});
|
|
985
|
-
},
|
|
986
|
-
async evaluatePolicy(input, idempotencyKey) {
|
|
987
|
-
cleanRequiredString(input.tenantId, "tenantId");
|
|
988
|
-
cleanRequiredString(input.policySubject, "policySubject");
|
|
989
|
-
cleanRequiredString(input.policyAction, "policyAction");
|
|
990
|
-
cleanRequiredString(input.policyResource, "policyResource");
|
|
991
|
-
return gateway.request({
|
|
992
|
-
path: "/api/platform/v1/identity/policy/evaluate",
|
|
993
|
-
method: "POST",
|
|
994
|
-
body: tenantIdentityBody(
|
|
995
|
-
input,
|
|
996
|
-
"identity.evaluatePolicy"
|
|
997
|
-
),
|
|
998
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
999
|
-
});
|
|
1000
|
-
},
|
|
1001
|
-
async recordPolicyDecision(input, idempotencyKey) {
|
|
1002
|
-
cleanRequiredString(input.tenantId, "tenantId");
|
|
1003
|
-
cleanRequiredString(input.decision, "decision");
|
|
1004
|
-
return gateway.request({
|
|
1005
|
-
path: "/api/platform/v1/identity/policy/decisions",
|
|
1006
|
-
method: "POST",
|
|
1007
|
-
body: tenantIdentityBody(
|
|
1008
|
-
input,
|
|
1009
|
-
"identity.recordPolicyDecision"
|
|
1010
|
-
),
|
|
1011
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
1012
|
-
});
|
|
1013
491
|
}
|
|
1014
492
|
};
|
|
1015
493
|
}
|
|
1016
494
|
|
|
1017
|
-
export { LucernApiError,
|
|
495
|
+
export { LucernApiError, createIdentityClient };
|
|
1018
496
|
//# sourceMappingURL=identityClient.js.map
|
|
1019
497
|
//# sourceMappingURL=identityClient.js.map
|