@lucern/sdk 0.3.0-alpha.17 → 0.3.0-alpha.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +0 -12
- package/README.md +4 -110
- package/dist/adminClient.d.ts +8 -10
- package/dist/adminClient.js +39 -260
- package/dist/adminClient.js.map +1 -1
- package/dist/answersClient.d.ts +0 -2
- package/dist/answersClient.js +11 -239
- package/dist/answersClient.js.map +1 -1
- package/dist/audience/index.d.ts +1 -2
- package/dist/audience/index.js +3 -1
- package/dist/audience/index.js.map +1 -1
- package/dist/audiencesClient.d.ts +16 -18
- package/dist/audiencesClient.js +90 -315
- package/dist/audiencesClient.js.map +1 -1
- package/dist/auditClient.d.ts +0 -2
- package/dist/auditClient.js +15 -245
- package/dist/auditClient.js.map +1 -1
- package/dist/beliefs/index.d.ts +5 -27
- package/dist/beliefs/index.js +1177 -3842
- package/dist/beliefs/index.js.map +1 -1
- package/dist/beliefsClient.d.ts +2 -4
- package/dist/beliefsClient.js +26 -248
- package/dist/beliefsClient.js.map +1 -1
- package/dist/client-B6aWUUwp.d.ts +2552 -0
- package/dist/client.d.ts +27 -3041
- package/dist/client.js +1177 -3842
- package/dist/client.js.map +1 -1
- package/dist/contextClient.d.ts +3 -6
- package/dist/contextClient.js +30 -270
- package/dist/contextClient.js.map +1 -1
- package/dist/contextFacade.js +16 -25
- package/dist/contextFacade.js.map +1 -1
- package/dist/contextPackCompiler.js +30 -19
- package/dist/contextPackCompiler.js.map +1 -1
- package/dist/contextPackPolicy.js +17 -7
- package/dist/contextPackPolicy.js.map +1 -1
- package/dist/contextTypes.d.ts +0 -2
- package/dist/contracts/api-enums.contract.d.ts +2 -2
- package/dist/contracts/api-enums.contract.js +1 -6
- package/dist/contracts/api-enums.contract.js.map +1 -1
- package/dist/contracts/auth-session.contract.d.ts +1 -1
- package/dist/contracts/auth-session.contract.js +2 -14
- package/dist/contracts/auth-session.contract.js.map +1 -1
- package/dist/contracts/index.d.ts +0 -1
- package/dist/contracts/index.js +7 -134
- package/dist/contracts/index.js.map +1 -1
- package/dist/contracts/lens-filter.contract.js +3 -4
- package/dist/contracts/lens-filter.contract.js.map +1 -1
- package/dist/contracts/lens-workflow.contract.js +3 -4
- package/dist/contracts/lens-workflow.contract.js.map +1 -1
- package/dist/contracts/lensFilter.js +3 -4
- package/dist/contracts/lensFilter.js.map +1 -1
- package/dist/contracts/lensWorkflow.js +3 -4
- package/dist/contracts/lensWorkflow.js.map +1 -1
- package/dist/contracts/mcpTools.d.ts +1 -46
- package/dist/contracts/mcpTools.js +0 -108
- package/dist/contracts/mcpTools.js.map +1 -1
- package/dist/contradictions/index.d.ts +4 -26
- package/dist/contradictions/index.js +1177 -3842
- package/dist/contradictions/index.js.map +1 -1
- package/dist/coreClient.d.ts +2 -28
- package/dist/coreClient.js +14 -240
- package/dist/coreClient.js.map +1 -1
- package/dist/decisions/index.d.ts +14 -36
- package/dist/decisions/index.js +1177 -3842
- package/dist/decisions/index.js.map +1 -1
- package/dist/decisionsClient.d.ts +12 -6
- package/dist/decisionsClient.js +37 -253
- package/dist/decisionsClient.js.map +1 -1
- package/dist/edges/index.d.ts +87 -49
- package/dist/edges/index.js +1177 -3842
- package/dist/edges/index.js.map +1 -1
- package/dist/events.js +3 -6
- package/dist/events.js.map +1 -1
- package/dist/eventsCore.d.ts +1 -3
- package/dist/eventsCore.js +14 -240
- package/dist/eventsCore.js.map +1 -1
- package/dist/evidence/index.d.ts +4 -26
- package/dist/evidence/index.js +1177 -3842
- package/dist/evidence/index.js.map +1 -1
- package/dist/evidenceClient.d.ts +0 -2
- package/dist/evidenceClient.js +14 -240
- package/dist/evidenceClient.js.map +1 -1
- package/dist/facade/context.d.ts +1 -2
- package/dist/facade/context.js +16 -25
- package/dist/facade/context.js.map +1 -1
- package/dist/gatewayFacades.d.ts +46 -90
- package/dist/gatewayFacades.js +128 -609
- package/dist/gatewayFacades.js.map +1 -1
- package/dist/graphClient.d.ts +13 -8
- package/dist/graphClient.js +45 -262
- package/dist/graphClient.js.map +1 -1
- package/dist/harnessClient.d.ts +24 -15
- package/dist/harnessClient.js +42 -253
- package/dist/harnessClient.js.map +1 -1
- package/dist/identityClient.d.ts +11 -115
- package/dist/identityClient.js +33 -555
- package/dist/identityClient.js.map +1 -1
- package/dist/index.d.ts +6 -32
- package/dist/index.js +2581 -5826
- package/dist/index.js.map +1 -1
- package/dist/learningClient.d.ts +6 -8
- package/dist/learningClient.js +44 -270
- package/dist/learningClient.js.map +1 -1
- package/dist/lenses/index.d.ts +38 -78
- package/dist/lenses/index.js +1177 -3842
- package/dist/lenses/index.js.map +1 -1
- package/dist/nodes/index.d.ts +21 -65
- package/dist/nodes/index.js +1177 -3842
- package/dist/nodes/index.js.map +1 -1
- package/dist/ontologies/index.d.ts +32 -55
- package/dist/ontologies/index.js +1177 -3842
- package/dist/ontologies/index.js.map +1 -1
- package/dist/ontologyClient.d.ts +25 -19
- package/dist/ontologyClient.js +40 -276
- package/dist/ontologyClient.js.map +1 -1
- package/dist/packsClient.d.ts +23 -11
- package/dist/packsClient.js +46 -252
- package/dist/packsClient.js.map +1 -1
- package/dist/policyClient.d.ts +10 -13
- package/dist/policyClient.js +25 -261
- package/dist/policyClient.js.map +1 -1
- package/dist/questions/index.d.ts +4 -26
- package/dist/questions/index.js +1177 -3842
- package/dist/questions/index.js.map +1 -1
- package/dist/realtime/index.d.ts +1 -1
- package/dist/reportsClient.d.ts +7 -9
- package/dist/reportsClient.js +53 -299
- package/dist/reportsClient.js.map +1 -1
- package/dist/schemaClient.d.ts +3 -5
- package/dist/schemaClient.js +29 -253
- package/dist/schemaClient.js.map +1 -1
- package/dist/sdkSurface.d.ts +3 -8
- package/dist/sdkSurface.js +6 -10
- package/dist/sdkSurface.js.map +1 -1
- package/dist/sourcesClient.d.ts +0 -2
- package/dist/sourcesClient.js +14 -240
- package/dist/sourcesClient.js.map +1 -1
- package/dist/topics/index.d.ts +9 -37
- package/dist/topics/index.js +1177 -3844
- package/dist/topics/index.js.map +1 -1
- package/dist/topicsClient.d.ts +0 -4
- package/dist/topicsClient.js +24 -255
- package/dist/topicsClient.js.map +1 -1
- package/dist/types.d.ts +0 -17
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/dist/version.js.map +1 -1
- package/dist/workflowClient.d.ts +40 -60
- package/dist/workflowClient.js +58 -261
- package/dist/workflowClient.js.map +1 -1
- package/dist/worktrees/index.d.ts +33 -71
- package/dist/worktrees/index.js +1177 -3842
- package/dist/worktrees/index.js.map +1 -1
- package/package.json +3 -17
- package/dist/accessControl.d.ts +0 -79
- package/dist/accessControl.js +0 -1270
- package/dist/accessControl.js.map +0 -1
- package/dist/authContext.d.ts +0 -56
- package/dist/authContext.js +0 -170
- package/dist/authContext.js.map +0 -1
- package/dist/authDeviceClient.d.ts +0 -49
- package/dist/authDeviceClient.js +0 -121
- package/dist/authDeviceClient.js.map +0 -1
- package/dist/boundaryClientSurface.d.ts +0 -20
- package/dist/boundaryClientSurface.js +0 -73
- package/dist/boundaryClientSurface.js.map +0 -1
- package/dist/clientHelpers.d.ts +0 -48
- package/dist/clientHelpers.js +0 -137
- package/dist/clientHelpers.js.map +0 -1
- package/dist/control-plane.d.ts +0 -69
- package/dist/control-plane.js +0 -674
- package/dist/control-plane.js.map +0 -1
- package/dist/embeddingsClient.d.ts +0 -106
- package/dist/embeddingsClient.js +0 -749
- package/dist/embeddingsClient.js.map +0 -1
- package/dist/eventingClient.d.ts +0 -96
- package/dist/eventingClient.js +0 -746
- package/dist/eventingClient.js.map +0 -1
- package/dist/functionSurface.d.ts +0 -144
- package/dist/functionSurface.js +0 -1227
- package/dist/functionSurface.js.map +0 -1
- package/dist/functionSurfaceClient.d.ts +0 -8
- package/dist/functionSurfaceClient.js +0 -1227
- package/dist/functionSurfaceClient.js.map +0 -1
- package/dist/graphAnalysisClient.d.ts +0 -192
- package/dist/graphAnalysisClient.js +0 -817
- package/dist/graphAnalysisClient.js.map +0 -1
- package/dist/graphIntel.d.ts +0 -4
- package/dist/graphIntel.js +0 -3
- package/dist/graphIntel.js.map +0 -1
- package/dist/graphIntelligence.d.ts +0 -2
- package/dist/graphIntelligence.js +0 -47
- package/dist/graphIntelligence.js.map +0 -1
- package/dist/graphRecommendationsClient.d.ts +0 -56
- package/dist/graphRecommendationsClient.js +0 -682
- package/dist/graphRecommendationsClient.js.map +0 -1
- package/dist/graphStateClassifierClient.d.ts +0 -73
- package/dist/graphStateClassifierClient.js +0 -734
- package/dist/graphStateClassifierClient.js.map +0 -1
- package/dist/infisicalRuntime.d.ts +0 -43
- package/dist/infisicalRuntime.js +0 -346
- package/dist/infisicalRuntime.js.map +0 -1
- package/dist/jobsClient.d.ts +0 -98
- package/dist/jobsClient.js +0 -744
- package/dist/jobsClient.js.map +0 -1
- package/dist/mcpClient.d.ts +0 -28
- package/dist/mcpClient.js +0 -687
- package/dist/mcpClient.js.map +0 -1
- package/dist/modelRuntimeClient.d.ts +0 -72
- package/dist/modelRuntimeClient.js +0 -722
- package/dist/modelRuntimeClient.js.map +0 -1
- package/dist/ontologyLinksClient.d.ts +0 -71
- package/dist/ontologyLinksClient.js +0 -715
- package/dist/ontologyLinksClient.js.map +0 -1
- package/dist/orgGraphSearchClient.d.ts +0 -85
- package/dist/orgGraphSearchClient.js +0 -690
- package/dist/orgGraphSearchClient.js.map +0 -1
- package/dist/secrets.d.ts +0 -1
- package/dist/secrets.js +0 -3
- package/dist/secrets.js.map +0 -1
- package/dist/telemetryClient.d.ts +0 -94
- package/dist/telemetryClient.js +0 -759
- package/dist/telemetryClient.js.map +0 -1
- package/dist/toolRegistryClient.d.ts +0 -115
- package/dist/toolRegistryClient.js +0 -785
- package/dist/toolRegistryClient.js.map +0 -1
|
@@ -1,7 +1,5 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { GatewayClientConfig, GatewayScope, PlatformGatewaySuccess } from './coreClient.js';
|
|
2
2
|
import { JsonObject, ListResult } from './types.js';
|
|
3
|
-
import './authContext.js';
|
|
4
|
-
import './contracts/auth-session.contract.js';
|
|
5
3
|
import './contracts/workflow-runtime.contract.js';
|
|
6
4
|
import './contracts/lens-workflow.contract.js';
|
|
7
5
|
import './contracts/lens-filter.contract.js';
|
|
@@ -39,63 +37,63 @@ declare function createAudiencesClient(config?: AudiencesClientConfig): {
|
|
|
39
37
|
/**
|
|
40
38
|
* List audience registry entries.
|
|
41
39
|
*/
|
|
42
|
-
listRegistry
|
|
40
|
+
listRegistry(query?: GatewayScope & {
|
|
43
41
|
effective?: boolean;
|
|
44
42
|
status?: "active" | "disabled" | "archived";
|
|
45
|
-
})
|
|
43
|
+
}): Promise<PlatformGatewaySuccess<ListResult<any, "registryEntries">>>;
|
|
46
44
|
/**
|
|
47
45
|
* @deprecated Use listRegistry.
|
|
48
46
|
*/
|
|
49
|
-
getRegistry
|
|
47
|
+
getRegistry(query?: GatewayScope & {
|
|
50
48
|
effective?: boolean;
|
|
51
49
|
status?: "active" | "disabled" | "archived";
|
|
52
|
-
})
|
|
50
|
+
}): Promise<PlatformGatewaySuccess<ListResult<any, "registryEntries">>>;
|
|
53
51
|
/**
|
|
54
52
|
* Create an audience registry entry.
|
|
55
53
|
*/
|
|
56
|
-
createRegistryEntry
|
|
54
|
+
createRegistryEntry(input: AudienceRegistryInput, idempotencyKey?: string): Promise<PlatformGatewaySuccess<unknown>>;
|
|
57
55
|
/**
|
|
58
56
|
* Update an audience registry entry.
|
|
59
57
|
*/
|
|
60
|
-
updateRegistryEntry
|
|
58
|
+
updateRegistryEntry(input: AudienceRegistryInput, idempotencyKey?: string): Promise<PlatformGatewaySuccess<unknown>>;
|
|
61
59
|
/**
|
|
62
60
|
* @deprecated Use createRegistryEntry or updateRegistryEntry.
|
|
63
61
|
*/
|
|
64
|
-
upsertRegistry
|
|
62
|
+
upsertRegistry(input: AudienceRegistryInput, idempotencyKey?: string): Promise<PlatformGatewaySuccess<unknown>>;
|
|
65
63
|
/**
|
|
66
64
|
* List audience grants.
|
|
67
65
|
*/
|
|
68
|
-
listGrants
|
|
66
|
+
listGrants(query?: GatewayScope & {
|
|
69
67
|
audienceKey?: string;
|
|
70
68
|
principalId?: string;
|
|
71
69
|
groupId?: string;
|
|
72
70
|
status?: "active" | "revoked" | "expired";
|
|
73
|
-
})
|
|
71
|
+
}): Promise<PlatformGatewaySuccess<ListResult<any, "grants">>>;
|
|
74
72
|
/**
|
|
75
73
|
* @deprecated Use listGrants.
|
|
76
74
|
*/
|
|
77
|
-
getGrants
|
|
75
|
+
getGrants(query?: GatewayScope & {
|
|
78
76
|
audienceKey?: string;
|
|
79
77
|
principalId?: string;
|
|
80
78
|
groupId?: string;
|
|
81
79
|
status?: "active" | "revoked" | "expired";
|
|
82
|
-
})
|
|
80
|
+
}): Promise<PlatformGatewaySuccess<ListResult<any, "grants">>>;
|
|
83
81
|
/**
|
|
84
82
|
* Create an audience grant.
|
|
85
83
|
*/
|
|
86
|
-
createGrant
|
|
84
|
+
createGrant(input: AudienceGrantInput, idempotencyKey?: string): Promise<PlatformGatewaySuccess<unknown>>;
|
|
87
85
|
/**
|
|
88
86
|
* @deprecated Use createGrant.
|
|
89
87
|
*/
|
|
90
|
-
grant
|
|
88
|
+
grant(input: AudienceGrantInput, idempotencyKey?: string): Promise<PlatformGatewaySuccess<unknown>>;
|
|
91
89
|
/**
|
|
92
90
|
* Delete an audience grant by revoking it.
|
|
93
91
|
*/
|
|
94
|
-
deleteGrant
|
|
92
|
+
deleteGrant(input: AudienceGrantRevokeInput, idempotencyKey?: string): Promise<PlatformGatewaySuccess<unknown>>;
|
|
95
93
|
/**
|
|
96
94
|
* @deprecated Use deleteGrant.
|
|
97
95
|
*/
|
|
98
|
-
revokeGrant
|
|
96
|
+
revokeGrant(input: AudienceGrantRevokeInput, idempotencyKey?: string): Promise<PlatformGatewaySuccess<unknown>>;
|
|
99
97
|
};
|
|
100
98
|
|
|
101
99
|
export { type AudienceGrantInput, type AudienceGrantRevokeInput, type AudienceRegistryInput, type AudiencesClientConfig, createAudiencesClient };
|
package/dist/audiencesClient.js
CHANGED
|
@@ -1,170 +1,3 @@
|
|
|
1
|
-
// src/authContext.ts
|
|
2
|
-
var LucernSdkAuthContextError = class extends Error {
|
|
3
|
-
reason;
|
|
4
|
-
constructor(reason, message) {
|
|
5
|
-
super(message);
|
|
6
|
-
this.name = "LucernSdkAuthContextError";
|
|
7
|
-
this.reason = reason;
|
|
8
|
-
}
|
|
9
|
-
};
|
|
10
|
-
function cleanString(value) {
|
|
11
|
-
const normalized = value?.trim();
|
|
12
|
-
return normalized ? normalized : void 0;
|
|
13
|
-
}
|
|
14
|
-
function cleanStringList(values) {
|
|
15
|
-
if (!values) {
|
|
16
|
-
return [];
|
|
17
|
-
}
|
|
18
|
-
return values.map((value) => value.trim()).filter(
|
|
19
|
-
(value, index, list) => value.length > 0 && list.indexOf(value) === index
|
|
20
|
-
);
|
|
21
|
-
}
|
|
22
|
-
function requireString(value, reason, label) {
|
|
23
|
-
const normalized = cleanString(value);
|
|
24
|
-
if (!normalized) {
|
|
25
|
-
throw new LucernSdkAuthContextError(
|
|
26
|
-
reason,
|
|
27
|
-
`Canonical Lucern SDK auth context is missing ${label}.`
|
|
28
|
-
);
|
|
29
|
-
}
|
|
30
|
-
return normalized;
|
|
31
|
-
}
|
|
32
|
-
function requirePrincipalType(principalType) {
|
|
33
|
-
if (!principalType) {
|
|
34
|
-
throw new LucernSdkAuthContextError(
|
|
35
|
-
"principal_missing",
|
|
36
|
-
"Canonical Lucern SDK auth context is missing principalType."
|
|
37
|
-
);
|
|
38
|
-
}
|
|
39
|
-
return principalType;
|
|
40
|
-
}
|
|
41
|
-
function requireAuthMode(authMode) {
|
|
42
|
-
if (!authMode) {
|
|
43
|
-
throw new LucernSdkAuthContextError(
|
|
44
|
-
"principal_missing",
|
|
45
|
-
"Canonical Lucern SDK auth context is missing authMode."
|
|
46
|
-
);
|
|
47
|
-
}
|
|
48
|
-
return authMode;
|
|
49
|
-
}
|
|
50
|
-
function ensurePermitMatch(args) {
|
|
51
|
-
const actual = cleanString(args.actual);
|
|
52
|
-
if (actual && actual !== args.expected) {
|
|
53
|
-
throw new LucernSdkAuthContextError(
|
|
54
|
-
"policy_denied",
|
|
55
|
-
`Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`
|
|
56
|
-
);
|
|
57
|
-
}
|
|
58
|
-
}
|
|
59
|
-
function normalizeCanonicalLucernAuthContext(input) {
|
|
60
|
-
if (!input) {
|
|
61
|
-
throw new LucernSdkAuthContextError(
|
|
62
|
-
"principal_missing",
|
|
63
|
-
"Canonical Lucern SDK auth context is required."
|
|
64
|
-
);
|
|
65
|
-
}
|
|
66
|
-
if (input.policyDecision === "deny") {
|
|
67
|
-
throw new LucernSdkAuthContextError(
|
|
68
|
-
"policy_denied",
|
|
69
|
-
"Canonical Lucern SDK auth context carries a denied policy decision."
|
|
70
|
-
);
|
|
71
|
-
}
|
|
72
|
-
const principalId = requireString(
|
|
73
|
-
input.principalId,
|
|
74
|
-
"principal_missing",
|
|
75
|
-
"principalId"
|
|
76
|
-
);
|
|
77
|
-
const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
|
|
78
|
-
const workspaceId = requireString(
|
|
79
|
-
input.workspaceId,
|
|
80
|
-
"workspace_missing",
|
|
81
|
-
"workspaceId"
|
|
82
|
-
);
|
|
83
|
-
const roles = cleanStringList(input.roles);
|
|
84
|
-
const scopes = cleanStringList(input.scopes);
|
|
85
|
-
const principalType = requirePrincipalType(input.principalType);
|
|
86
|
-
const authMode = requireAuthMode(input.authMode);
|
|
87
|
-
const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
|
|
88
|
-
if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
|
|
89
|
-
throw new LucernSdkAuthContextError(
|
|
90
|
-
"membership_missing",
|
|
91
|
-
"Canonical Lucern SDK auth context requires non-empty roles and scopes."
|
|
92
|
-
);
|
|
93
|
-
}
|
|
94
|
-
const subject = cleanString(input.permit?.subject) ?? principalId;
|
|
95
|
-
const tenant = cleanString(input.permit?.tenant) ?? tenantId;
|
|
96
|
-
const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
|
|
97
|
-
ensurePermitMatch({
|
|
98
|
-
field: "subject",
|
|
99
|
-
expected: principalId,
|
|
100
|
-
actual: subject
|
|
101
|
-
});
|
|
102
|
-
ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
|
|
103
|
-
ensurePermitMatch({
|
|
104
|
-
field: "workspace",
|
|
105
|
-
expected: workspaceId,
|
|
106
|
-
actual: workspace
|
|
107
|
-
});
|
|
108
|
-
const context = input.permit?.context ? { ...input.permit.context } : void 0;
|
|
109
|
-
return {
|
|
110
|
-
clerkId: cleanString(input.clerkId),
|
|
111
|
-
principalId,
|
|
112
|
-
tenantId,
|
|
113
|
-
workspaceId,
|
|
114
|
-
principalType,
|
|
115
|
-
authMode,
|
|
116
|
-
roles,
|
|
117
|
-
scopes,
|
|
118
|
-
delegationChain: input.delegationChain ? [...input.delegationChain] : [],
|
|
119
|
-
policyTraceId: cleanString(input.policyTraceId),
|
|
120
|
-
correlationId: cleanString(input.correlationId),
|
|
121
|
-
membershipId: cleanString(input.membershipId),
|
|
122
|
-
permit: {
|
|
123
|
-
subject,
|
|
124
|
-
tenant,
|
|
125
|
-
workspace,
|
|
126
|
-
resource: cleanString(input.permit?.resource),
|
|
127
|
-
action: cleanString(input.permit?.action),
|
|
128
|
-
relation: cleanString(input.permit?.relation),
|
|
129
|
-
context
|
|
130
|
-
}
|
|
131
|
-
};
|
|
132
|
-
}
|
|
133
|
-
function createCanonicalAuthHeaders(authContext) {
|
|
134
|
-
const headers = {
|
|
135
|
-
"x-lucern-principal-id": authContext.principalId,
|
|
136
|
-
"x-lucern-principal-type": authContext.principalType,
|
|
137
|
-
"x-lucern-tenant": authContext.tenantId,
|
|
138
|
-
"x-lucern-tenant-id": authContext.tenantId,
|
|
139
|
-
"x-lucern-workspace": authContext.workspaceId,
|
|
140
|
-
"x-lucern-workspace-id": authContext.workspaceId,
|
|
141
|
-
"x-lucern-auth-mode": authContext.authMode,
|
|
142
|
-
"x-lucern-roles": authContext.roles.join(","),
|
|
143
|
-
"x-lucern-scopes": authContext.scopes.join(","),
|
|
144
|
-
"x-lucern-permit-context": JSON.stringify(authContext.permit)
|
|
145
|
-
};
|
|
146
|
-
if (authContext.clerkId) {
|
|
147
|
-
headers["x-lucern-clerk-id"] = authContext.clerkId;
|
|
148
|
-
headers["x-lucern-user-id"] = authContext.clerkId;
|
|
149
|
-
}
|
|
150
|
-
if (authContext.delegationChain.length > 0) {
|
|
151
|
-
headers["x-lucern-delegation-chain"] = JSON.stringify(
|
|
152
|
-
authContext.delegationChain
|
|
153
|
-
);
|
|
154
|
-
}
|
|
155
|
-
if (authContext.policyTraceId) {
|
|
156
|
-
headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
|
|
157
|
-
}
|
|
158
|
-
if (authContext.correlationId) {
|
|
159
|
-
headers["x-correlation-id"] = authContext.correlationId;
|
|
160
|
-
headers["x-lucern-correlation-id"] = authContext.correlationId;
|
|
161
|
-
}
|
|
162
|
-
if (authContext.membershipId) {
|
|
163
|
-
headers["x-lucern-membership-id"] = authContext.membershipId;
|
|
164
|
-
}
|
|
165
|
-
return headers;
|
|
166
|
-
}
|
|
167
|
-
|
|
168
1
|
// src/coreClient.ts
|
|
169
2
|
var LucernApiError = class extends Error {
|
|
170
3
|
code;
|
|
@@ -232,7 +65,9 @@ function generatePortableRequestId() {
|
|
|
232
65
|
8
|
|
233
66
|
).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
|
|
234
67
|
}
|
|
235
|
-
|
|
68
|
+
function randomIdempotencyKey() {
|
|
69
|
+
return generatePortableRequestId();
|
|
70
|
+
}
|
|
236
71
|
function isRetryableStatus(status) {
|
|
237
72
|
return status >= 500 || status === 408 || status === 429;
|
|
238
73
|
}
|
|
@@ -297,11 +132,8 @@ function timeoutError(timeoutMs) {
|
|
|
297
132
|
error.name = "AbortError";
|
|
298
133
|
return error;
|
|
299
134
|
}
|
|
300
|
-
function isRecord(value) {
|
|
301
|
-
return value !== null && typeof value === "object" && !Array.isArray(value);
|
|
302
|
-
}
|
|
303
135
|
function readPolicySummaryFromDetails(details) {
|
|
304
|
-
if (!
|
|
136
|
+
if (!details || typeof details !== "object" || Array.isArray(details)) {
|
|
305
137
|
return null;
|
|
306
138
|
}
|
|
307
139
|
const directSummary = details.summary;
|
|
@@ -309,11 +141,11 @@ function readPolicySummaryFromDetails(details) {
|
|
|
309
141
|
return directSummary.trim();
|
|
310
142
|
}
|
|
311
143
|
const policy = details.policy;
|
|
312
|
-
if (!
|
|
144
|
+
if (!policy || typeof policy !== "object" || Array.isArray(policy)) {
|
|
313
145
|
return null;
|
|
314
146
|
}
|
|
315
147
|
const explanation = policy.explanation;
|
|
316
|
-
if (!
|
|
148
|
+
if (!explanation || typeof explanation !== "object" || Array.isArray(explanation)) {
|
|
317
149
|
return null;
|
|
318
150
|
}
|
|
319
151
|
const nestedSummary = explanation.summary;
|
|
@@ -322,59 +154,16 @@ function readPolicySummaryFromDetails(details) {
|
|
|
322
154
|
}
|
|
323
155
|
return null;
|
|
324
156
|
}
|
|
325
|
-
async function resolveConfiguredAuthContext(authContext) {
|
|
326
|
-
if (typeof authContext === "function") {
|
|
327
|
-
return await authContext();
|
|
328
|
-
}
|
|
329
|
-
return authContext;
|
|
330
|
-
}
|
|
331
|
-
function mergeHeaderRecord(base, addition) {
|
|
332
|
-
const headers = new Headers(base);
|
|
333
|
-
for (const [key, value] of Object.entries(addition)) {
|
|
334
|
-
const existing = headers.get(key);
|
|
335
|
-
if (existing !== null && existing !== value) {
|
|
336
|
-
throw new LucernSdkAuthContextError(
|
|
337
|
-
"policy_denied",
|
|
338
|
-
`Canonical Lucern SDK auth context conflicts with existing ${key} header.`
|
|
339
|
-
);
|
|
340
|
-
}
|
|
341
|
-
headers.set(key, value);
|
|
342
|
-
}
|
|
343
|
-
return Object.fromEntries(headers.entries());
|
|
344
|
-
}
|
|
345
|
-
function cleanHeaderValue(value) {
|
|
346
|
-
const normalized = value?.trim();
|
|
347
|
-
return normalized ? normalized : void 0;
|
|
348
|
-
}
|
|
349
157
|
function createGatewayRequestClient(config = {}) {
|
|
350
158
|
const fetchImpl = config.fetchImpl ?? fetch;
|
|
351
159
|
const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
|
|
352
160
|
const maxRetries = config.maxRetries ?? 2;
|
|
353
161
|
const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
|
|
354
162
|
async function resolveAuthHeaders() {
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
const setIfAbsent = (name, value) => {
|
|
358
|
-
const normalized = cleanHeaderValue(value);
|
|
359
|
-
if (normalized && !headers.has(name)) {
|
|
360
|
-
headers.set(name, normalized);
|
|
361
|
-
}
|
|
362
|
-
};
|
|
363
|
-
setIfAbsent("x-lucern-key", config.apiKey);
|
|
364
|
-
setIfAbsent("x-lucern-session-token", config.userToken);
|
|
365
|
-
setIfAbsent("x-lucern-environment", config.environment);
|
|
366
|
-
setIfAbsent("x-lucern-clerk-id", config.clerkId);
|
|
367
|
-
setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
|
|
368
|
-
setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
|
|
369
|
-
const base = Object.fromEntries(headers.entries());
|
|
370
|
-
const authContextInput = await resolveConfiguredAuthContext(
|
|
371
|
-
config.authContext
|
|
372
|
-
);
|
|
373
|
-
if (!authContextInput && !config.requireCanonicalAuthContext) {
|
|
374
|
-
return base;
|
|
163
|
+
if (!config.getAuthHeaders) {
|
|
164
|
+
return {};
|
|
375
165
|
}
|
|
376
|
-
|
|
377
|
-
return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));
|
|
166
|
+
return await config.getAuthHeaders();
|
|
378
167
|
}
|
|
379
168
|
async function fetchWithTimeout(url, init, timeoutMs) {
|
|
380
169
|
const controller = new AbortController();
|
|
@@ -395,11 +184,11 @@ function createGatewayRequestClient(config = {}) {
|
|
|
395
184
|
if (!text) {
|
|
396
185
|
return null;
|
|
397
186
|
}
|
|
398
|
-
|
|
399
|
-
|
|
187
|
+
try {
|
|
188
|
+
return JSON.parse(text);
|
|
189
|
+
} catch {
|
|
400
190
|
return null;
|
|
401
191
|
}
|
|
402
|
-
return isRecord(parsed.value) ? parsed.value : null;
|
|
403
192
|
}
|
|
404
193
|
function resolveTimeoutMs(method, requestTimeoutMs) {
|
|
405
194
|
if (typeof requestTimeoutMs === "number") {
|
|
@@ -411,31 +200,16 @@ function createGatewayRequestClient(config = {}) {
|
|
|
411
200
|
}
|
|
412
201
|
return config.timeoutMs ?? 15e3;
|
|
413
202
|
}
|
|
414
|
-
function tryParseGatewayEnvelopeJson(text) {
|
|
415
|
-
const trimmed = text.trim();
|
|
416
|
-
if (!trimmed.startsWith("{") && !trimmed.startsWith("[")) {
|
|
417
|
-
return { ok: false, reason: "non-json" };
|
|
418
|
-
}
|
|
419
|
-
try {
|
|
420
|
-
return { ok: true, value: JSON.parse(trimmed) };
|
|
421
|
-
} catch (error) {
|
|
422
|
-
if (error instanceof SyntaxError) {
|
|
423
|
-
return { ok: false, reason: "invalid-json", error };
|
|
424
|
-
}
|
|
425
|
-
throw error;
|
|
426
|
-
}
|
|
427
|
-
}
|
|
428
203
|
function buildApiError(args) {
|
|
429
204
|
const failure = args.failure;
|
|
430
|
-
const legacyError = failure &&
|
|
205
|
+
const legacyError = failure && typeof failure.error === "object" && failure.error !== null ? failure.error : failure?.legacyError;
|
|
431
206
|
const correlationId = failure?.correlationId ?? args.response.headers.get("x-lucern-correlation-id")?.trim() ?? args.requestId;
|
|
432
207
|
const policyTraceId = failure?.policyTraceId ?? args.response.headers.get("x-lucern-policy-trace-id")?.trim() ?? null;
|
|
433
208
|
const details = failure?.details ?? legacyError?.details;
|
|
434
209
|
const policySummary = readPolicySummaryFromDetails(details);
|
|
435
|
-
const failureMessage = typeof failure?.error === "string" ? failure.error : legacyError?.message;
|
|
436
210
|
return new LucernApiError({
|
|
437
211
|
code: failure?.code ?? legacyError?.code ?? fallbackErrorCode(args.response.status),
|
|
438
|
-
message: policySummary ??
|
|
212
|
+
message: policySummary ?? (typeof failure?.error === "string" ? failure.error : legacyError?.message ?? (args.response.ok ? "Platform API returned an invalid success payload." : "Platform API request failed.")),
|
|
439
213
|
status: args.response.status,
|
|
440
214
|
invariant: failure?.invariant,
|
|
441
215
|
suggestion: failure?.suggestion,
|
|
@@ -567,10 +341,7 @@ function createListResult(items, legacyKey) {
|
|
|
567
341
|
total: items.length
|
|
568
342
|
};
|
|
569
343
|
if (legacyKey) {
|
|
570
|
-
|
|
571
|
-
...result,
|
|
572
|
-
[legacyKey]: items
|
|
573
|
-
};
|
|
344
|
+
result[legacyKey] = items;
|
|
574
345
|
}
|
|
575
346
|
return result;
|
|
576
347
|
}
|
|
@@ -584,111 +355,115 @@ function mapGatewayData(response, mapper) {
|
|
|
584
355
|
// src/audiencesClient.ts
|
|
585
356
|
function createAudiencesClient(config = {}) {
|
|
586
357
|
const gateway = createGatewayRequestClient(config);
|
|
587
|
-
const listRegistry = async (query = {}) => {
|
|
588
|
-
return gateway.request({
|
|
589
|
-
path: `/api/platform/v1/audiences/registry${toQueryString({
|
|
590
|
-
...query,
|
|
591
|
-
effective: typeof query.effective === "boolean" ? query.effective ? "true" : "false" : void 0,
|
|
592
|
-
status: query.status
|
|
593
|
-
})}`
|
|
594
|
-
}).then(
|
|
595
|
-
(response) => mapGatewayData(
|
|
596
|
-
response,
|
|
597
|
-
(data) => createListResult(Array.isArray(data) ? data : [], "registryEntries")
|
|
598
|
-
)
|
|
599
|
-
);
|
|
600
|
-
};
|
|
601
|
-
const createRegistryEntry = async (input, idempotencyKey) => {
|
|
602
|
-
return gateway.request({
|
|
603
|
-
path: "/api/platform/v1/audiences/registry",
|
|
604
|
-
method: "POST",
|
|
605
|
-
body: input,
|
|
606
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
607
|
-
});
|
|
608
|
-
};
|
|
609
|
-
const updateRegistryEntry = createRegistryEntry;
|
|
610
|
-
const upsertRegistry = createRegistryEntry;
|
|
611
|
-
const getRegistry = listRegistry;
|
|
612
|
-
const listGrants = async (query = {}) => {
|
|
613
|
-
return gateway.request({
|
|
614
|
-
path: `/api/platform/v1/audiences/grants${toQueryString({
|
|
615
|
-
...query,
|
|
616
|
-
audienceKey: query.audienceKey,
|
|
617
|
-
principalId: query.principalId,
|
|
618
|
-
groupId: query.groupId,
|
|
619
|
-
status: query.status
|
|
620
|
-
})}`
|
|
621
|
-
}).then(
|
|
622
|
-
(response) => mapGatewayData(
|
|
623
|
-
response,
|
|
624
|
-
(data) => createListResult(Array.isArray(data) ? data : [], "grants")
|
|
625
|
-
)
|
|
626
|
-
);
|
|
627
|
-
};
|
|
628
|
-
const createGrant = async (input, idempotencyKey) => {
|
|
629
|
-
return gateway.request({
|
|
630
|
-
path: "/api/platform/v1/audiences/grants",
|
|
631
|
-
method: "POST",
|
|
632
|
-
body: input,
|
|
633
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
634
|
-
});
|
|
635
|
-
};
|
|
636
|
-
const getGrants = listGrants;
|
|
637
|
-
const grant = createGrant;
|
|
638
|
-
const deleteGrant = async (input, idempotencyKey) => {
|
|
639
|
-
return gateway.request({
|
|
640
|
-
path: "/api/platform/v1/audiences/grants/revoke",
|
|
641
|
-
method: "POST",
|
|
642
|
-
body: input,
|
|
643
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
644
|
-
});
|
|
645
|
-
};
|
|
646
|
-
const revokeGrant = deleteGrant;
|
|
647
358
|
return {
|
|
648
359
|
/**
|
|
649
360
|
* List audience registry entries.
|
|
650
361
|
*/
|
|
651
|
-
listRegistry
|
|
362
|
+
async listRegistry(query = {}) {
|
|
363
|
+
return gateway.request({
|
|
364
|
+
path: `/api/platform/v1/audiences/registry${toQueryString({
|
|
365
|
+
...query,
|
|
366
|
+
effective: typeof query.effective === "boolean" ? query.effective ? "true" : "false" : void 0,
|
|
367
|
+
status: query.status
|
|
368
|
+
})}`
|
|
369
|
+
}).then(
|
|
370
|
+
(response) => mapGatewayData(
|
|
371
|
+
response,
|
|
372
|
+
(data) => createListResult(
|
|
373
|
+
Array.isArray(data) ? data : [],
|
|
374
|
+
"registryEntries"
|
|
375
|
+
)
|
|
376
|
+
)
|
|
377
|
+
);
|
|
378
|
+
},
|
|
652
379
|
/**
|
|
653
380
|
* @deprecated Use listRegistry.
|
|
654
381
|
*/
|
|
655
|
-
getRegistry
|
|
382
|
+
async getRegistry(query = {}) {
|
|
383
|
+
return this.listRegistry(query);
|
|
384
|
+
},
|
|
656
385
|
/**
|
|
657
386
|
* Create an audience registry entry.
|
|
658
387
|
*/
|
|
659
|
-
createRegistryEntry,
|
|
388
|
+
async createRegistryEntry(input, idempotencyKey) {
|
|
389
|
+
return gateway.request({
|
|
390
|
+
path: "/api/platform/v1/audiences/registry",
|
|
391
|
+
method: "POST",
|
|
392
|
+
body: input,
|
|
393
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
394
|
+
});
|
|
395
|
+
},
|
|
660
396
|
/**
|
|
661
397
|
* Update an audience registry entry.
|
|
662
398
|
*/
|
|
663
|
-
updateRegistryEntry,
|
|
399
|
+
async updateRegistryEntry(input, idempotencyKey) {
|
|
400
|
+
return this.createRegistryEntry(input, idempotencyKey);
|
|
401
|
+
},
|
|
664
402
|
/**
|
|
665
403
|
* @deprecated Use createRegistryEntry or updateRegistryEntry.
|
|
666
404
|
*/
|
|
667
|
-
upsertRegistry,
|
|
405
|
+
async upsertRegistry(input, idempotencyKey) {
|
|
406
|
+
return this.createRegistryEntry(input, idempotencyKey);
|
|
407
|
+
},
|
|
668
408
|
/**
|
|
669
409
|
* List audience grants.
|
|
670
410
|
*/
|
|
671
|
-
listGrants
|
|
411
|
+
async listGrants(query = {}) {
|
|
412
|
+
return gateway.request({
|
|
413
|
+
path: `/api/platform/v1/audiences/grants${toQueryString({
|
|
414
|
+
...query,
|
|
415
|
+
audienceKey: query.audienceKey,
|
|
416
|
+
principalId: query.principalId,
|
|
417
|
+
groupId: query.groupId,
|
|
418
|
+
status: query.status
|
|
419
|
+
})}`
|
|
420
|
+
}).then(
|
|
421
|
+
(response) => mapGatewayData(
|
|
422
|
+
response,
|
|
423
|
+
(data) => createListResult(Array.isArray(data) ? data : [], "grants")
|
|
424
|
+
)
|
|
425
|
+
);
|
|
426
|
+
},
|
|
672
427
|
/**
|
|
673
428
|
* @deprecated Use listGrants.
|
|
674
429
|
*/
|
|
675
|
-
getGrants
|
|
430
|
+
async getGrants(query = {}) {
|
|
431
|
+
return this.listGrants(query);
|
|
432
|
+
},
|
|
676
433
|
/**
|
|
677
434
|
* Create an audience grant.
|
|
678
435
|
*/
|
|
679
|
-
createGrant,
|
|
436
|
+
async createGrant(input, idempotencyKey) {
|
|
437
|
+
return gateway.request({
|
|
438
|
+
path: "/api/platform/v1/audiences/grants",
|
|
439
|
+
method: "POST",
|
|
440
|
+
body: input,
|
|
441
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
442
|
+
});
|
|
443
|
+
},
|
|
680
444
|
/**
|
|
681
445
|
* @deprecated Use createGrant.
|
|
682
446
|
*/
|
|
683
|
-
grant,
|
|
447
|
+
async grant(input, idempotencyKey) {
|
|
448
|
+
return this.createGrant(input, idempotencyKey);
|
|
449
|
+
},
|
|
684
450
|
/**
|
|
685
451
|
* Delete an audience grant by revoking it.
|
|
686
452
|
*/
|
|
687
|
-
deleteGrant,
|
|
453
|
+
async deleteGrant(input, idempotencyKey) {
|
|
454
|
+
return gateway.request({
|
|
455
|
+
path: "/api/platform/v1/audiences/grants/revoke",
|
|
456
|
+
method: "POST",
|
|
457
|
+
body: input,
|
|
458
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
459
|
+
});
|
|
460
|
+
},
|
|
688
461
|
/**
|
|
689
462
|
* @deprecated Use deleteGrant.
|
|
690
463
|
*/
|
|
691
|
-
revokeGrant
|
|
464
|
+
async revokeGrant(input, idempotencyKey) {
|
|
465
|
+
return this.deleteGrant(input, idempotencyKey);
|
|
466
|
+
}
|
|
692
467
|
};
|
|
693
468
|
}
|
|
694
469
|
|