@lucern/sdk 0.3.0-alpha.16 → 0.3.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (227) hide show
  1. package/CHANGELOG.md +0 -8
  2. package/README.md +4 -110
  3. package/dist/adminClient.d.ts +8 -10
  4. package/dist/adminClient.js +39 -260
  5. package/dist/adminClient.js.map +1 -1
  6. package/dist/answersClient.d.ts +0 -2
  7. package/dist/answersClient.js +11 -239
  8. package/dist/answersClient.js.map +1 -1
  9. package/dist/audience/index.d.ts +1 -2
  10. package/dist/audience/index.js +3 -1
  11. package/dist/audience/index.js.map +1 -1
  12. package/dist/audiencesClient.d.ts +16 -18
  13. package/dist/audiencesClient.js +90 -315
  14. package/dist/audiencesClient.js.map +1 -1
  15. package/dist/auditClient.d.ts +0 -2
  16. package/dist/auditClient.js +15 -245
  17. package/dist/auditClient.js.map +1 -1
  18. package/dist/beliefs/index.d.ts +5 -27
  19. package/dist/beliefs/index.js +1177 -3842
  20. package/dist/beliefs/index.js.map +1 -1
  21. package/dist/beliefsClient.d.ts +2 -4
  22. package/dist/beliefsClient.js +26 -248
  23. package/dist/beliefsClient.js.map +1 -1
  24. package/dist/client-B6aWUUwp.d.ts +2552 -0
  25. package/dist/client.d.ts +27 -3041
  26. package/dist/client.js +1177 -3842
  27. package/dist/client.js.map +1 -1
  28. package/dist/contextClient.d.ts +3 -6
  29. package/dist/contextClient.js +30 -270
  30. package/dist/contextClient.js.map +1 -1
  31. package/dist/contextFacade.js +16 -25
  32. package/dist/contextFacade.js.map +1 -1
  33. package/dist/contextPackCompiler.js +30 -19
  34. package/dist/contextPackCompiler.js.map +1 -1
  35. package/dist/contextPackPolicy.js +17 -7
  36. package/dist/contextPackPolicy.js.map +1 -1
  37. package/dist/contextTypes.d.ts +0 -2
  38. package/dist/contracts/api-enums.contract.d.ts +2 -2
  39. package/dist/contracts/api-enums.contract.js +1 -6
  40. package/dist/contracts/api-enums.contract.js.map +1 -1
  41. package/dist/contracts/auth-session.contract.d.ts +1 -1
  42. package/dist/contracts/auth-session.contract.js +1 -13
  43. package/dist/contracts/auth-session.contract.js.map +1 -1
  44. package/dist/contracts/index.d.ts +0 -1
  45. package/dist/contracts/index.js +6 -133
  46. package/dist/contracts/index.js.map +1 -1
  47. package/dist/contracts/lens-filter.contract.js +3 -4
  48. package/dist/contracts/lens-filter.contract.js.map +1 -1
  49. package/dist/contracts/lens-workflow.contract.js +3 -4
  50. package/dist/contracts/lens-workflow.contract.js.map +1 -1
  51. package/dist/contracts/lensFilter.js +3 -4
  52. package/dist/contracts/lensFilter.js.map +1 -1
  53. package/dist/contracts/lensWorkflow.js +3 -4
  54. package/dist/contracts/lensWorkflow.js.map +1 -1
  55. package/dist/contracts/mcpTools.d.ts +1 -46
  56. package/dist/contracts/mcpTools.js +0 -108
  57. package/dist/contracts/mcpTools.js.map +1 -1
  58. package/dist/contradictions/index.d.ts +4 -26
  59. package/dist/contradictions/index.js +1177 -3842
  60. package/dist/contradictions/index.js.map +1 -1
  61. package/dist/coreClient.d.ts +2 -28
  62. package/dist/coreClient.js +14 -240
  63. package/dist/coreClient.js.map +1 -1
  64. package/dist/decisions/index.d.ts +14 -36
  65. package/dist/decisions/index.js +1177 -3842
  66. package/dist/decisions/index.js.map +1 -1
  67. package/dist/decisionsClient.d.ts +12 -6
  68. package/dist/decisionsClient.js +37 -253
  69. package/dist/decisionsClient.js.map +1 -1
  70. package/dist/edges/index.d.ts +87 -49
  71. package/dist/edges/index.js +1177 -3842
  72. package/dist/edges/index.js.map +1 -1
  73. package/dist/events.js +3 -6
  74. package/dist/events.js.map +1 -1
  75. package/dist/eventsCore.d.ts +1 -3
  76. package/dist/eventsCore.js +14 -240
  77. package/dist/eventsCore.js.map +1 -1
  78. package/dist/evidence/index.d.ts +4 -26
  79. package/dist/evidence/index.js +1177 -3842
  80. package/dist/evidence/index.js.map +1 -1
  81. package/dist/evidenceClient.d.ts +0 -2
  82. package/dist/evidenceClient.js +14 -240
  83. package/dist/evidenceClient.js.map +1 -1
  84. package/dist/facade/context.d.ts +1 -2
  85. package/dist/facade/context.js +16 -25
  86. package/dist/facade/context.js.map +1 -1
  87. package/dist/gatewayFacades.d.ts +46 -90
  88. package/dist/gatewayFacades.js +128 -609
  89. package/dist/gatewayFacades.js.map +1 -1
  90. package/dist/graphClient.d.ts +13 -8
  91. package/dist/graphClient.js +45 -262
  92. package/dist/graphClient.js.map +1 -1
  93. package/dist/harnessClient.d.ts +24 -15
  94. package/dist/harnessClient.js +42 -253
  95. package/dist/harnessClient.js.map +1 -1
  96. package/dist/identityClient.d.ts +11 -115
  97. package/dist/identityClient.js +33 -555
  98. package/dist/identityClient.js.map +1 -1
  99. package/dist/index.d.ts +6 -32
  100. package/dist/index.js +2580 -5825
  101. package/dist/index.js.map +1 -1
  102. package/dist/learningClient.d.ts +6 -8
  103. package/dist/learningClient.js +44 -270
  104. package/dist/learningClient.js.map +1 -1
  105. package/dist/lenses/index.d.ts +38 -78
  106. package/dist/lenses/index.js +1177 -3842
  107. package/dist/lenses/index.js.map +1 -1
  108. package/dist/nodes/index.d.ts +21 -65
  109. package/dist/nodes/index.js +1177 -3842
  110. package/dist/nodes/index.js.map +1 -1
  111. package/dist/ontologies/index.d.ts +32 -55
  112. package/dist/ontologies/index.js +1177 -3842
  113. package/dist/ontologies/index.js.map +1 -1
  114. package/dist/ontologyClient.d.ts +25 -19
  115. package/dist/ontologyClient.js +40 -276
  116. package/dist/ontologyClient.js.map +1 -1
  117. package/dist/packsClient.d.ts +23 -11
  118. package/dist/packsClient.js +46 -252
  119. package/dist/packsClient.js.map +1 -1
  120. package/dist/policyClient.d.ts +10 -13
  121. package/dist/policyClient.js +25 -261
  122. package/dist/policyClient.js.map +1 -1
  123. package/dist/questions/index.d.ts +4 -26
  124. package/dist/questions/index.js +1177 -3842
  125. package/dist/questions/index.js.map +1 -1
  126. package/dist/realtime/index.d.ts +1 -1
  127. package/dist/reportsClient.d.ts +7 -9
  128. package/dist/reportsClient.js +53 -299
  129. package/dist/reportsClient.js.map +1 -1
  130. package/dist/schemaClient.d.ts +3 -5
  131. package/dist/schemaClient.js +29 -253
  132. package/dist/schemaClient.js.map +1 -1
  133. package/dist/sdkSurface.d.ts +3 -8
  134. package/dist/sdkSurface.js +6 -10
  135. package/dist/sdkSurface.js.map +1 -1
  136. package/dist/sourcesClient.d.ts +0 -2
  137. package/dist/sourcesClient.js +14 -240
  138. package/dist/sourcesClient.js.map +1 -1
  139. package/dist/topics/index.d.ts +9 -37
  140. package/dist/topics/index.js +1177 -3844
  141. package/dist/topics/index.js.map +1 -1
  142. package/dist/topicsClient.d.ts +0 -4
  143. package/dist/topicsClient.js +24 -255
  144. package/dist/topicsClient.js.map +1 -1
  145. package/dist/types.d.ts +0 -17
  146. package/dist/version.d.ts +1 -1
  147. package/dist/version.js +1 -1
  148. package/dist/version.js.map +1 -1
  149. package/dist/workflowClient.d.ts +40 -60
  150. package/dist/workflowClient.js +58 -261
  151. package/dist/workflowClient.js.map +1 -1
  152. package/dist/worktrees/index.d.ts +33 -71
  153. package/dist/worktrees/index.js +1177 -3842
  154. package/dist/worktrees/index.js.map +1 -1
  155. package/package.json +3 -17
  156. package/dist/accessControl.d.ts +0 -79
  157. package/dist/accessControl.js +0 -1270
  158. package/dist/accessControl.js.map +0 -1
  159. package/dist/authContext.d.ts +0 -56
  160. package/dist/authContext.js +0 -170
  161. package/dist/authContext.js.map +0 -1
  162. package/dist/authDeviceClient.d.ts +0 -49
  163. package/dist/authDeviceClient.js +0 -121
  164. package/dist/authDeviceClient.js.map +0 -1
  165. package/dist/boundaryClientSurface.d.ts +0 -20
  166. package/dist/boundaryClientSurface.js +0 -73
  167. package/dist/boundaryClientSurface.js.map +0 -1
  168. package/dist/clientHelpers.d.ts +0 -48
  169. package/dist/clientHelpers.js +0 -137
  170. package/dist/clientHelpers.js.map +0 -1
  171. package/dist/control-plane.d.ts +0 -69
  172. package/dist/control-plane.js +0 -674
  173. package/dist/control-plane.js.map +0 -1
  174. package/dist/embeddingsClient.d.ts +0 -106
  175. package/dist/embeddingsClient.js +0 -749
  176. package/dist/embeddingsClient.js.map +0 -1
  177. package/dist/eventingClient.d.ts +0 -96
  178. package/dist/eventingClient.js +0 -746
  179. package/dist/eventingClient.js.map +0 -1
  180. package/dist/functionSurface.d.ts +0 -144
  181. package/dist/functionSurface.js +0 -1227
  182. package/dist/functionSurface.js.map +0 -1
  183. package/dist/functionSurfaceClient.d.ts +0 -8
  184. package/dist/functionSurfaceClient.js +0 -1227
  185. package/dist/functionSurfaceClient.js.map +0 -1
  186. package/dist/graphAnalysisClient.d.ts +0 -192
  187. package/dist/graphAnalysisClient.js +0 -817
  188. package/dist/graphAnalysisClient.js.map +0 -1
  189. package/dist/graphIntel.d.ts +0 -4
  190. package/dist/graphIntel.js +0 -3
  191. package/dist/graphIntel.js.map +0 -1
  192. package/dist/graphIntelligence.d.ts +0 -2
  193. package/dist/graphIntelligence.js +0 -47
  194. package/dist/graphIntelligence.js.map +0 -1
  195. package/dist/graphRecommendationsClient.d.ts +0 -56
  196. package/dist/graphRecommendationsClient.js +0 -682
  197. package/dist/graphRecommendationsClient.js.map +0 -1
  198. package/dist/graphStateClassifierClient.d.ts +0 -73
  199. package/dist/graphStateClassifierClient.js +0 -734
  200. package/dist/graphStateClassifierClient.js.map +0 -1
  201. package/dist/infisicalRuntime.d.ts +0 -43
  202. package/dist/infisicalRuntime.js +0 -346
  203. package/dist/infisicalRuntime.js.map +0 -1
  204. package/dist/jobsClient.d.ts +0 -98
  205. package/dist/jobsClient.js +0 -744
  206. package/dist/jobsClient.js.map +0 -1
  207. package/dist/mcpClient.d.ts +0 -28
  208. package/dist/mcpClient.js +0 -687
  209. package/dist/mcpClient.js.map +0 -1
  210. package/dist/modelRuntimeClient.d.ts +0 -72
  211. package/dist/modelRuntimeClient.js +0 -722
  212. package/dist/modelRuntimeClient.js.map +0 -1
  213. package/dist/ontologyLinksClient.d.ts +0 -71
  214. package/dist/ontologyLinksClient.js +0 -715
  215. package/dist/ontologyLinksClient.js.map +0 -1
  216. package/dist/orgGraphSearchClient.d.ts +0 -85
  217. package/dist/orgGraphSearchClient.js +0 -690
  218. package/dist/orgGraphSearchClient.js.map +0 -1
  219. package/dist/secrets.d.ts +0 -1
  220. package/dist/secrets.js +0 -3
  221. package/dist/secrets.js.map +0 -1
  222. package/dist/telemetryClient.d.ts +0 -94
  223. package/dist/telemetryClient.js +0 -759
  224. package/dist/telemetryClient.js.map +0 -1
  225. package/dist/toolRegistryClient.d.ts +0 -115
  226. package/dist/toolRegistryClient.js +0 -785
  227. package/dist/toolRegistryClient.js.map +0 -1
@@ -1,170 +1,3 @@
1
- // src/authContext.ts
2
- var LucernSdkAuthContextError = class extends Error {
3
- reason;
4
- constructor(reason, message) {
5
- super(message);
6
- this.name = "LucernSdkAuthContextError";
7
- this.reason = reason;
8
- }
9
- };
10
- function cleanString(value) {
11
- const normalized = value?.trim();
12
- return normalized ? normalized : void 0;
13
- }
14
- function cleanStringList(values) {
15
- if (!values) {
16
- return [];
17
- }
18
- return values.map((value) => value.trim()).filter(
19
- (value, index, list) => value.length > 0 && list.indexOf(value) === index
20
- );
21
- }
22
- function requireString(value, reason, label) {
23
- const normalized = cleanString(value);
24
- if (!normalized) {
25
- throw new LucernSdkAuthContextError(
26
- reason,
27
- `Canonical Lucern SDK auth context is missing ${label}.`
28
- );
29
- }
30
- return normalized;
31
- }
32
- function requirePrincipalType(principalType2) {
33
- if (!principalType2) {
34
- throw new LucernSdkAuthContextError(
35
- "principal_missing",
36
- "Canonical Lucern SDK auth context is missing principalType."
37
- );
38
- }
39
- return principalType2;
40
- }
41
- function requireAuthMode(authMode) {
42
- if (!authMode) {
43
- throw new LucernSdkAuthContextError(
44
- "principal_missing",
45
- "Canonical Lucern SDK auth context is missing authMode."
46
- );
47
- }
48
- return authMode;
49
- }
50
- function ensurePermitMatch(args) {
51
- const actual = cleanString(args.actual);
52
- if (actual && actual !== args.expected) {
53
- throw new LucernSdkAuthContextError(
54
- "policy_denied",
55
- `Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`
56
- );
57
- }
58
- }
59
- function normalizeCanonicalLucernAuthContext(input) {
60
- if (!input) {
61
- throw new LucernSdkAuthContextError(
62
- "principal_missing",
63
- "Canonical Lucern SDK auth context is required."
64
- );
65
- }
66
- if (input.policyDecision === "deny") {
67
- throw new LucernSdkAuthContextError(
68
- "policy_denied",
69
- "Canonical Lucern SDK auth context carries a denied policy decision."
70
- );
71
- }
72
- const principalId = requireString(
73
- input.principalId,
74
- "principal_missing",
75
- "principalId"
76
- );
77
- const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
78
- const workspaceId = requireString(
79
- input.workspaceId,
80
- "workspace_missing",
81
- "workspaceId"
82
- );
83
- const roles = cleanStringList(input.roles);
84
- const scopes = cleanStringList(input.scopes);
85
- const principalType2 = requirePrincipalType(input.principalType);
86
- const authMode = requireAuthMode(input.authMode);
87
- const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
88
- if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
89
- throw new LucernSdkAuthContextError(
90
- "membership_missing",
91
- "Canonical Lucern SDK auth context requires non-empty roles and scopes."
92
- );
93
- }
94
- const subject = cleanString(input.permit?.subject) ?? principalId;
95
- const tenant = cleanString(input.permit?.tenant) ?? tenantId;
96
- const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
97
- ensurePermitMatch({
98
- field: "subject",
99
- expected: principalId,
100
- actual: subject
101
- });
102
- ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
103
- ensurePermitMatch({
104
- field: "workspace",
105
- expected: workspaceId,
106
- actual: workspace
107
- });
108
- const context = input.permit?.context ? { ...input.permit.context } : void 0;
109
- return {
110
- clerkId: cleanString(input.clerkId),
111
- principalId,
112
- tenantId,
113
- workspaceId,
114
- principalType: principalType2,
115
- authMode,
116
- roles,
117
- scopes,
118
- delegationChain: input.delegationChain ? [...input.delegationChain] : [],
119
- policyTraceId: cleanString(input.policyTraceId),
120
- correlationId: cleanString(input.correlationId),
121
- membershipId: cleanString(input.membershipId),
122
- permit: {
123
- subject,
124
- tenant,
125
- workspace,
126
- resource: cleanString(input.permit?.resource),
127
- action: cleanString(input.permit?.action),
128
- relation: cleanString(input.permit?.relation),
129
- context
130
- }
131
- };
132
- }
133
- function createCanonicalAuthHeaders(authContext) {
134
- const headers = {
135
- "x-lucern-principal-id": authContext.principalId,
136
- "x-lucern-principal-type": authContext.principalType,
137
- "x-lucern-tenant": authContext.tenantId,
138
- "x-lucern-tenant-id": authContext.tenantId,
139
- "x-lucern-workspace": authContext.workspaceId,
140
- "x-lucern-workspace-id": authContext.workspaceId,
141
- "x-lucern-auth-mode": authContext.authMode,
142
- "x-lucern-roles": authContext.roles.join(","),
143
- "x-lucern-scopes": authContext.scopes.join(","),
144
- "x-lucern-permit-context": JSON.stringify(authContext.permit)
145
- };
146
- if (authContext.clerkId) {
147
- headers["x-lucern-clerk-id"] = authContext.clerkId;
148
- headers["x-lucern-user-id"] = authContext.clerkId;
149
- }
150
- if (authContext.delegationChain.length > 0) {
151
- headers["x-lucern-delegation-chain"] = JSON.stringify(
152
- authContext.delegationChain
153
- );
154
- }
155
- if (authContext.policyTraceId) {
156
- headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
157
- }
158
- if (authContext.correlationId) {
159
- headers["x-correlation-id"] = authContext.correlationId;
160
- headers["x-lucern-correlation-id"] = authContext.correlationId;
161
- }
162
- if (authContext.membershipId) {
163
- headers["x-lucern-membership-id"] = authContext.membershipId;
164
- }
165
- return headers;
166
- }
167
-
168
1
  // src/coreClient.ts
169
2
  var LucernApiError = class extends Error {
170
3
  code;
@@ -232,7 +65,9 @@ function generatePortableRequestId() {
232
65
  8
233
66
  ).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
234
67
  }
235
- var randomIdempotencyKey = generatePortableRequestId;
68
+ function randomIdempotencyKey() {
69
+ return generatePortableRequestId();
70
+ }
236
71
  function isRetryableStatus(status) {
237
72
  return status >= 500 || status === 408 || status === 429;
238
73
  }
@@ -297,11 +132,8 @@ function timeoutError(timeoutMs) {
297
132
  error.name = "AbortError";
298
133
  return error;
299
134
  }
300
- function isRecord(value) {
301
- return value !== null && typeof value === "object" && !Array.isArray(value);
302
- }
303
135
  function readPolicySummaryFromDetails(details) {
304
- if (!isRecord(details)) {
136
+ if (!details || typeof details !== "object" || Array.isArray(details)) {
305
137
  return null;
306
138
  }
307
139
  const directSummary = details.summary;
@@ -309,11 +141,11 @@ function readPolicySummaryFromDetails(details) {
309
141
  return directSummary.trim();
310
142
  }
311
143
  const policy = details.policy;
312
- if (!isRecord(policy)) {
144
+ if (!policy || typeof policy !== "object" || Array.isArray(policy)) {
313
145
  return null;
314
146
  }
315
147
  const explanation = policy.explanation;
316
- if (!isRecord(explanation)) {
148
+ if (!explanation || typeof explanation !== "object" || Array.isArray(explanation)) {
317
149
  return null;
318
150
  }
319
151
  const nestedSummary = explanation.summary;
@@ -322,59 +154,16 @@ function readPolicySummaryFromDetails(details) {
322
154
  }
323
155
  return null;
324
156
  }
325
- async function resolveConfiguredAuthContext(authContext) {
326
- if (typeof authContext === "function") {
327
- return await authContext();
328
- }
329
- return authContext;
330
- }
331
- function mergeHeaderRecord(base, addition) {
332
- const headers = new Headers(base);
333
- for (const [key, value] of Object.entries(addition)) {
334
- const existing = headers.get(key);
335
- if (existing !== null && existing !== value) {
336
- throw new LucernSdkAuthContextError(
337
- "policy_denied",
338
- `Canonical Lucern SDK auth context conflicts with existing ${key} header.`
339
- );
340
- }
341
- headers.set(key, value);
342
- }
343
- return Object.fromEntries(headers.entries());
344
- }
345
- function cleanHeaderValue(value) {
346
- const normalized = value?.trim();
347
- return normalized ? normalized : void 0;
348
- }
349
157
  function createGatewayRequestClient(config = {}) {
350
158
  const fetchImpl = config.fetchImpl ?? fetch;
351
159
  const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
352
160
  const maxRetries = config.maxRetries ?? 2;
353
161
  const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
354
162
  async function resolveAuthHeaders() {
355
- const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};
356
- const headers = new Headers(provided);
357
- const setIfAbsent = (name, value) => {
358
- const normalized = cleanHeaderValue(value);
359
- if (normalized && !headers.has(name)) {
360
- headers.set(name, normalized);
361
- }
362
- };
363
- setIfAbsent("x-lucern-key", config.apiKey);
364
- setIfAbsent("x-lucern-session-token", config.userToken);
365
- setIfAbsent("x-lucern-environment", config.environment);
366
- setIfAbsent("x-lucern-clerk-id", config.clerkId);
367
- setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
368
- setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
369
- const base = Object.fromEntries(headers.entries());
370
- const authContextInput = await resolveConfiguredAuthContext(
371
- config.authContext
372
- );
373
- if (!authContextInput && !config.requireCanonicalAuthContext) {
374
- return base;
163
+ if (!config.getAuthHeaders) {
164
+ return {};
375
165
  }
376
- const authContext = normalizeCanonicalLucernAuthContext(authContextInput);
377
- return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));
166
+ return await config.getAuthHeaders();
378
167
  }
379
168
  async function fetchWithTimeout(url, init, timeoutMs) {
380
169
  const controller = new AbortController();
@@ -395,11 +184,11 @@ function createGatewayRequestClient(config = {}) {
395
184
  if (!text) {
396
185
  return null;
397
186
  }
398
- const parsed = tryParseGatewayEnvelopeJson(text);
399
- if (!parsed.ok) {
187
+ try {
188
+ return JSON.parse(text);
189
+ } catch {
400
190
  return null;
401
191
  }
402
- return isRecord(parsed.value) ? parsed.value : null;
403
192
  }
404
193
  function resolveTimeoutMs(method, requestTimeoutMs) {
405
194
  if (typeof requestTimeoutMs === "number") {
@@ -411,31 +200,16 @@ function createGatewayRequestClient(config = {}) {
411
200
  }
412
201
  return config.timeoutMs ?? 15e3;
413
202
  }
414
- function tryParseGatewayEnvelopeJson(text) {
415
- const trimmed = text.trim();
416
- if (!trimmed.startsWith("{") && !trimmed.startsWith("[")) {
417
- return { ok: false, reason: "non-json" };
418
- }
419
- try {
420
- return { ok: true, value: JSON.parse(trimmed) };
421
- } catch (error) {
422
- if (error instanceof SyntaxError) {
423
- return { ok: false, reason: "invalid-json", error };
424
- }
425
- throw error;
426
- }
427
- }
428
203
  function buildApiError(args) {
429
204
  const failure = args.failure;
430
- const legacyError = failure && isRecord(failure.error) ? failure.error : failure?.legacyError;
205
+ const legacyError = failure && typeof failure.error === "object" && failure.error !== null ? failure.error : failure?.legacyError;
431
206
  const correlationId = failure?.correlationId ?? args.response.headers.get("x-lucern-correlation-id")?.trim() ?? args.requestId;
432
207
  const policyTraceId = failure?.policyTraceId ?? args.response.headers.get("x-lucern-policy-trace-id")?.trim() ?? null;
433
208
  const details = failure?.details ?? legacyError?.details;
434
209
  const policySummary = readPolicySummaryFromDetails(details);
435
- const failureMessage = typeof failure?.error === "string" ? failure.error : legacyError?.message;
436
210
  return new LucernApiError({
437
211
  code: failure?.code ?? legacyError?.code ?? fallbackErrorCode(args.response.status),
438
- message: policySummary ?? failureMessage ?? (args.response.ok ? "Platform API returned an invalid success payload." : "Platform API request failed."),
212
+ message: policySummary ?? (typeof failure?.error === "string" ? failure.error : legacyError?.message ?? (args.response.ok ? "Platform API returned an invalid success payload." : "Platform API request failed.")),
439
213
  status: args.response.status,
440
214
  invariant: failure?.invariant,
441
215
  suggestion: failure?.suggestion,
@@ -567,10 +341,7 @@ function createListResult(items, legacyKey) {
567
341
  total: items.length
568
342
  };
569
343
  if (legacyKey) {
570
- return {
571
- ...result,
572
- [legacyKey]: items
573
- };
344
+ result[legacyKey] = items;
574
345
  }
575
346
  return result;
576
347
  }
@@ -581,146 +352,6 @@ function mapGatewayData(response, mapper) {
581
352
  };
582
353
  }
583
354
 
584
- // src/boundaryClientSurface.ts
585
- function cleanOptionalString(value) {
586
- const normalized = value?.trim();
587
- return normalized ? normalized : void 0;
588
- }
589
- function isRecord2(value) {
590
- return Boolean(value) && typeof value === "object" && !Array.isArray(value);
591
- }
592
- function cleanRequiredString(value, label) {
593
- const normalized = cleanOptionalString(value);
594
- if (!normalized) {
595
- throw new Error(`${label} is required`);
596
- }
597
- return normalized;
598
- }
599
- function assertKnownKeys(input, allowed, operation) {
600
- const allowedSet = new Set(allowed);
601
- const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
602
- if (unknownKeys.length > 0) {
603
- throw new Error(
604
- `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
605
- );
606
- }
607
- }
608
- function knownPayload(input, allowed, operation) {
609
- assertKnownKeys(input, allowed, operation);
610
- return { ...input };
611
- }
612
- function listResultFromEnvelope(data, legacyKey) {
613
- const record = isRecord2(data) ? data : {};
614
- const legacyItems = record[legacyKey];
615
- return createListResult(
616
- Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
617
- legacyKey
618
- );
619
- }
620
-
621
- // src/control-plane.ts
622
- var LucernControlPlaneIdentityError = class extends Error {
623
- reason;
624
- principalStatus;
625
- tenantStatus;
626
- workspaceStatus;
627
- details;
628
- constructor(failure) {
629
- super(failure.message);
630
- this.name = "LucernControlPlaneIdentityError";
631
- this.reason = failure.reason;
632
- this.principalStatus = failure.principalStatus;
633
- this.tenantStatus = failure.tenantStatus;
634
- this.workspaceStatus = failure.workspaceStatus;
635
- this.details = failure.details;
636
- }
637
- };
638
- function cleanString2(value) {
639
- return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
640
- }
641
- function stringList(value) {
642
- if (!Array.isArray(value)) {
643
- return [];
644
- }
645
- return [
646
- ...new Set(
647
- value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
648
- )
649
- ];
650
- }
651
- function principalType(value) {
652
- switch (value) {
653
- case "service":
654
- case "service_principal":
655
- return "service";
656
- case "agent":
657
- return "agent";
658
- case "group":
659
- return "group";
660
- case "external_viewer":
661
- case "external_stakeholder":
662
- return "external_viewer";
663
- default:
664
- return "human";
665
- }
666
- }
667
- function adminFlags(roles) {
668
- const normalized = roles.map((role) => role.toLowerCase());
669
- const isPlatformAdmin = normalized.includes("platform_admin");
670
- const isTenantAdmin = isPlatformAdmin || normalized.includes("tenant_admin");
671
- const isWorkspaceAdmin = isTenantAdmin || normalized.includes("workspace_admin") || normalized.includes("workspace_owner");
672
- return { isPlatformAdmin, isTenantAdmin, isWorkspaceAdmin };
673
- }
674
- function normalizeResolvedInteractivePrincipal(payload) {
675
- if ("ok" in payload && payload.ok === false) {
676
- throw new LucernControlPlaneIdentityError(payload);
677
- }
678
- const principalId = cleanString2(payload.principalId);
679
- const clerkId = cleanString2(payload.clerkId);
680
- const tenantId = cleanString2(payload.tenantId);
681
- if (!principalId || !clerkId || !tenantId) {
682
- throw new LucernControlPlaneIdentityError({
683
- ok: false,
684
- reason: "resolver_unavailable",
685
- message: "Control-plane principal resolver returned an incomplete principal context.",
686
- principalStatus: payload.principalStatus ?? "missing",
687
- tenantStatus: payload.tenantStatus,
688
- workspaceStatus: payload.workspaceStatus
689
- });
690
- }
691
- const roles = stringList(payload.roles);
692
- const scopes = stringList(payload.scopes);
693
- const workspaceId = cleanString2(payload.workspaceId) ?? null;
694
- const flags = adminFlags(roles);
695
- return {
696
- principalId,
697
- principalType: principalType(payload.principalType),
698
- clerkId,
699
- tenantId,
700
- workspaceId,
701
- roles,
702
- scopes,
703
- groupIds: stringList(payload.groupIds),
704
- permittedToolNames: stringList(payload.permittedToolNames),
705
- permittedPackKeys: stringList(payload.permittedPackKeys),
706
- principalStatus: cleanString2(payload.principalStatus) ?? "active",
707
- tenantStatus: cleanString2(payload.tenantStatus) ?? "active",
708
- workspaceStatus: cleanString2(payload.workspaceStatus) ?? (workspaceId ? "active" : "none"),
709
- isPlatformAdmin: typeof payload.isPlatformAdmin === "boolean" ? payload.isPlatformAdmin : flags.isPlatformAdmin,
710
- isTenantAdmin: typeof payload.isTenantAdmin === "boolean" ? payload.isTenantAdmin : flags.isTenantAdmin,
711
- isWorkspaceAdmin: typeof payload.isWorkspaceAdmin === "boolean" ? payload.isWorkspaceAdmin : flags.isWorkspaceAdmin,
712
- permit: {
713
- subject: cleanString2(payload.permit?.subject) ?? principalId,
714
- tenant: cleanString2(payload.permit?.tenant) ?? tenantId,
715
- ...workspaceId ? { workspace: cleanString2(payload.permit?.workspace) ?? workspaceId } : {}
716
- },
717
- authMode: "interactive_user",
718
- sessionId: payload.sessionId,
719
- delegatedBy: payload.delegatedBy,
720
- expiresAt: payload.expiresAt
721
- };
722
- }
723
-
724
355
  // src/identityClient.ts
725
356
  function createIdentityWhoamiClient(config = {}) {
726
357
  const gateway = createGatewayRequestClient(config);
@@ -732,37 +363,6 @@ function createIdentityWhoamiClient(config = {}) {
732
363
  }
733
364
  };
734
365
  }
735
- var TENANT_IDENTITY_FIELDS = [
736
- "tenantId",
737
- "workspaceId",
738
- "principalId",
739
- "integrationKey",
740
- "secretRef",
741
- "policySubject",
742
- "policyAction",
743
- "policyResource",
744
- "decision",
745
- "config",
746
- "configKey",
747
- "configValue",
748
- "provider",
749
- "status",
750
- "metadata",
751
- "limit",
752
- "cursor"
753
- ];
754
- function tenantIdentityQuery(input) {
755
- return {
756
- tenantId: cleanRequiredString(input.tenantId, "tenantId"),
757
- workspaceId: input.workspaceId,
758
- principalId: input.principalId,
759
- limit: input.limit,
760
- cursor: input.cursor
761
- };
762
- }
763
- function tenantIdentityBody(input, operation) {
764
- return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
765
- }
766
366
  function createIdentityClient(config = {}) {
767
367
  const gateway = createGatewayRequestClient(config);
768
368
  const whoamiClient = createIdentityWhoamiClient(config);
@@ -772,13 +372,6 @@ function createIdentityClient(config = {}) {
772
372
  body: input,
773
373
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
774
374
  });
775
- const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
776
- const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
777
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
778
- method: "POST",
779
- body: input,
780
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
781
- });
782
375
  return {
783
376
  /**
784
377
  * Resolve the current authenticated identity summary.
@@ -788,25 +381,13 @@ function createIdentityClient(config = {}) {
788
381
  (response) => mapGatewayData(response, (data) => ({
789
382
  principalId: data.principalId,
790
383
  principalType: data.principalType,
791
- clerkId: data.clerkId,
792
384
  tenantId: data.tenantId ?? null,
793
385
  workspaceId: data.workspaceId ?? null,
794
386
  scopes: Array.isArray(data.scopes) ? data.scopes : [],
795
387
  roles: Array.isArray(data.roles) ? data.roles : [],
796
- groupIds: Array.isArray(data.groupIds) ? data.groupIds : [],
797
- permittedToolNames: Array.isArray(data.permittedToolNames) ? data.permittedToolNames : [],
798
- permittedPackKeys: Array.isArray(data.permittedPackKeys) ? data.permittedPackKeys : [],
799
- principalStatus: data.principalStatus,
800
- tenantStatus: data.tenantStatus,
801
- workspaceStatus: data.workspaceStatus,
802
388
  isPlatformAdmin: data.isPlatformAdmin === true,
803
389
  isTenantAdmin: data.isTenantAdmin === true,
804
390
  isWorkspaceAdmin: data.isWorkspaceAdmin === true,
805
- permit: data.permit ?? (data.tenantId ? {
806
- subject: data.principalId,
807
- tenant: data.tenantId,
808
- ...data.workspaceId ? { workspace: data.workspaceId } : {}
809
- } : void 0),
810
391
  authMode: data.authMode,
811
392
  sessionId: data.sessionId,
812
393
  delegatedBy: data.delegatedBy,
@@ -814,19 +395,6 @@ function createIdentityClient(config = {}) {
814
395
  }))
815
396
  );
816
397
  },
817
- /**
818
- * Resolve a Clerk subject through the tenant control-plane Permit projection.
819
- * @deprecated Prefer lucern.controlPlane.identity.resolveInteractivePrincipal().
820
- */
821
- async resolveInteractivePrincipal(input) {
822
- return gateway.request({
823
- path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
824
- method: "POST",
825
- body: input
826
- }).then(
827
- (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
828
- );
829
- },
830
398
  /**
831
399
  * List principals in the current identity scope.
832
400
  */
@@ -852,11 +420,15 @@ function createIdentityClient(config = {}) {
852
420
  /**
853
421
  * Update a principal.
854
422
  */
855
- updatePrincipal,
423
+ async updatePrincipal(input, idempotencyKey) {
424
+ return requestPrincipalWrite("PATCH", input, idempotencyKey);
425
+ },
856
426
  /**
857
427
  * @deprecated Use createPrincipal or updatePrincipal.
858
428
  */
859
- upsertPrincipal: updatePrincipal,
429
+ async upsertPrincipal(input, idempotencyKey) {
430
+ return requestPrincipalWrite("PATCH", input, idempotencyKey);
431
+ },
860
432
  /**
861
433
  * List keys in the current identity scope.
862
434
  */
@@ -895,11 +467,20 @@ function createIdentityClient(config = {}) {
895
467
  /**
896
468
  * Delete an API key by revoking it.
897
469
  */
898
- deleteKey,
470
+ async deleteKey(keyId, input = {}, idempotencyKey) {
471
+ return gateway.request({
472
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
473
+ method: "POST",
474
+ body: input,
475
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
476
+ });
477
+ },
899
478
  /**
900
479
  * @deprecated Use deleteKey.
901
480
  */
902
- revokeKey: deleteKey,
481
+ async revokeKey(keyId, input = {}, idempotencyKey) {
482
+ return this.deleteKey(keyId, input, idempotencyKey);
483
+ },
903
484
  /**
904
485
  * Search Clerk users by email or display attributes.
905
486
  */
@@ -907,113 +488,10 @@ function createIdentityClient(config = {}) {
907
488
  return gateway.request({
908
489
  path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
909
490
  });
910
- },
911
- async getTenantConfig(input) {
912
- return gateway.request({
913
- path: `/api/platform/v1/identity/tenant-config${toQueryString(
914
- tenantIdentityQuery(input)
915
- )}`
916
- });
917
- },
918
- async updateTenantConfig(input, idempotencyKey) {
919
- cleanRequiredString(input.tenantId, "tenantId");
920
- return gateway.request({
921
- path: "/api/platform/v1/identity/tenant-config",
922
- method: "PATCH",
923
- body: tenantIdentityBody(
924
- input,
925
- "identity.updateTenantConfig"
926
- ),
927
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
928
- });
929
- },
930
- async listIntegrations(input) {
931
- return gateway.request({
932
- path: `/api/platform/v1/identity/integrations${toQueryString(
933
- tenantIdentityQuery(input)
934
- )}`
935
- }).then(
936
- (response) => mapGatewayData(
937
- response,
938
- (data) => listResultFromEnvelope(
939
- data,
940
- "integrations"
941
- )
942
- )
943
- );
944
- },
945
- async upsertIntegration(input, idempotencyKey) {
946
- cleanRequiredString(input.tenantId, "tenantId");
947
- cleanRequiredString(input.integrationKey, "integrationKey");
948
- return gateway.request({
949
- path: "/api/platform/v1/identity/integrations",
950
- method: "PUT",
951
- body: tenantIdentityBody(
952
- input,
953
- "identity.upsertIntegration"
954
- ),
955
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
956
- });
957
- },
958
- async listSecrets(input) {
959
- return gateway.request({
960
- path: `/api/platform/v1/identity/secrets${toQueryString(
961
- tenantIdentityQuery(input)
962
- )}`
963
- }).then(
964
- (response) => mapGatewayData(
965
- response,
966
- (data) => listResultFromEnvelope(
967
- data,
968
- "secrets"
969
- )
970
- )
971
- );
972
- },
973
- async putSecretReference(input, idempotencyKey) {
974
- cleanRequiredString(input.tenantId, "tenantId");
975
- cleanRequiredString(input.secretRef, "secretRef");
976
- return gateway.request({
977
- path: "/api/platform/v1/identity/secrets",
978
- method: "PUT",
979
- body: tenantIdentityBody(
980
- input,
981
- "identity.putSecretReference"
982
- ),
983
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
984
- });
985
- },
986
- async evaluatePolicy(input, idempotencyKey) {
987
- cleanRequiredString(input.tenantId, "tenantId");
988
- cleanRequiredString(input.policySubject, "policySubject");
989
- cleanRequiredString(input.policyAction, "policyAction");
990
- cleanRequiredString(input.policyResource, "policyResource");
991
- return gateway.request({
992
- path: "/api/platform/v1/identity/policy/evaluate",
993
- method: "POST",
994
- body: tenantIdentityBody(
995
- input,
996
- "identity.evaluatePolicy"
997
- ),
998
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
999
- });
1000
- },
1001
- async recordPolicyDecision(input, idempotencyKey) {
1002
- cleanRequiredString(input.tenantId, "tenantId");
1003
- cleanRequiredString(input.decision, "decision");
1004
- return gateway.request({
1005
- path: "/api/platform/v1/identity/policy/decisions",
1006
- method: "POST",
1007
- body: tenantIdentityBody(
1008
- input,
1009
- "identity.recordPolicyDecision"
1010
- ),
1011
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1012
- });
1013
491
  }
1014
492
  };
1015
493
  }
1016
494
 
1017
- export { LucernApiError, TENANT_IDENTITY_FIELDS, createIdentityClient };
495
+ export { LucernApiError, createIdentityClient };
1018
496
  //# sourceMappingURL=identityClient.js.map
1019
497
  //# sourceMappingURL=identityClient.js.map