@lucern/sdk 0.3.0-alpha.17 → 0.3.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +0 -12
- package/README.md +4 -110
- package/dist/adminClient.d.ts +8 -8
- package/dist/adminClient.js +40 -70
- package/dist/adminClient.js.map +1 -1
- package/dist/answersClient.js +12 -49
- package/dist/answersClient.js.map +1 -1
- package/dist/audience/index.d.ts +1 -2
- package/dist/audience/index.js +3 -1
- package/dist/audience/index.js.map +1 -1
- package/dist/audiencesClient.d.ts +16 -16
- package/dist/audiencesClient.js +91 -125
- package/dist/audiencesClient.js.map +1 -1
- package/dist/auditClient.js +14 -53
- package/dist/auditClient.js.map +1 -1
- package/dist/authContext.d.ts +2 -2
- package/dist/authContext.js +3 -4
- package/dist/authContext.js.map +1 -1
- package/dist/authDeviceClient.js +3 -16
- package/dist/authDeviceClient.js.map +1 -1
- package/dist/beliefs/index.d.ts +4 -9
- package/dist/beliefs/index.js +1305 -1943
- package/dist/beliefs/index.js.map +1 -1
- package/dist/beliefsClient.d.ts +2 -2
- package/dist/beliefsClient.js +23 -54
- package/dist/beliefsClient.js.map +1 -1
- package/dist/boundaryClientSurface.js +3 -10
- package/dist/boundaryClientSurface.js.map +1 -1
- package/dist/client-EiG9nJOY.d.ts +2911 -0
- package/dist/client.d.ts +41 -3038
- package/dist/client.js +1305 -1943
- package/dist/client.js.map +1 -1
- package/dist/contextClient.d.ts +3 -4
- package/dist/contextClient.js +30 -79
- package/dist/contextClient.js.map +1 -1
- package/dist/contextFacade.js +16 -25
- package/dist/contextFacade.js.map +1 -1
- package/dist/contextPackCompiler.js +30 -19
- package/dist/contextPackCompiler.js.map +1 -1
- package/dist/contextPackPolicy.js +17 -7
- package/dist/contextPackPolicy.js.map +1 -1
- package/dist/contextTypes.d.ts +0 -2
- package/dist/contracts/api-enums.contract.d.ts +2 -2
- package/dist/contracts/api-enums.contract.js +1 -6
- package/dist/contracts/api-enums.contract.js.map +1 -1
- package/dist/contracts/auth-session.contract.d.ts +1 -1
- package/dist/contracts/auth-session.contract.js +2 -14
- package/dist/contracts/auth-session.contract.js.map +1 -1
- package/dist/contracts/index.js +6 -30
- package/dist/contracts/index.js.map +1 -1
- package/dist/contracts/lens-filter.contract.js +3 -4
- package/dist/contracts/lens-filter.contract.js.map +1 -1
- package/dist/contracts/lens-workflow.contract.js +3 -4
- package/dist/contracts/lens-workflow.contract.js.map +1 -1
- package/dist/contracts/lensFilter.js +3 -4
- package/dist/contracts/lensFilter.js.map +1 -1
- package/dist/contracts/lensWorkflow.js +3 -4
- package/dist/contracts/lensWorkflow.js.map +1 -1
- package/dist/contracts/mcpTools.js +0 -6
- package/dist/contracts/mcpTools.js.map +1 -1
- package/dist/contradictions/index.d.ts +3 -8
- package/dist/contradictions/index.js +1305 -1943
- package/dist/contradictions/index.js.map +1 -1
- package/dist/coreClient.d.ts +2 -19
- package/dist/coreClient.js +15 -50
- package/dist/coreClient.js.map +1 -1
- package/dist/decisions/index.d.ts +13 -18
- package/dist/decisions/index.js +1305 -1943
- package/dist/decisions/index.js.map +1 -1
- package/dist/decisionsClient.d.ts +12 -4
- package/dist/decisionsClient.js +35 -60
- package/dist/decisionsClient.js.map +1 -1
- package/dist/edges/index.d.ts +86 -31
- package/dist/edges/index.js +1305 -1943
- package/dist/edges/index.js.map +1 -1
- package/dist/embeddingsClient.js +18 -60
- package/dist/embeddingsClient.js.map +1 -1
- package/dist/eventingClient.js +18 -60
- package/dist/eventingClient.js.map +1 -1
- package/dist/events.js +3 -6
- package/dist/events.js.map +1 -1
- package/dist/eventsCore.d.ts +1 -1
- package/dist/eventsCore.js +15 -50
- package/dist/eventsCore.js.map +1 -1
- package/dist/evidence/index.d.ts +3 -8
- package/dist/evidence/index.js +1305 -1943
- package/dist/evidence/index.js.map +1 -1
- package/dist/evidenceClient.js +15 -50
- package/dist/evidenceClient.js.map +1 -1
- package/dist/facade/context.d.ts +1 -2
- package/dist/facade/context.js +16 -25
- package/dist/facade/context.js.map +1 -1
- package/dist/gatewayFacades.d.ts +48 -90
- package/dist/gatewayFacades.js +128 -251
- package/dist/gatewayFacades.js.map +1 -1
- package/dist/graphAnalysisClient.d.ts +1 -53
- package/dist/graphAnalysisClient.js +17 -81
- package/dist/graphAnalysisClient.js.map +1 -1
- package/dist/graphClient.d.ts +13 -6
- package/dist/graphClient.js +39 -65
- package/dist/graphClient.js.map +1 -1
- package/dist/graphRecommendationsClient.js +17 -54
- package/dist/graphRecommendationsClient.js.map +1 -1
- package/dist/graphStateClassifierClient.js +19 -60
- package/dist/graphStateClassifierClient.js.map +1 -1
- package/dist/harnessClient.d.ts +24 -13
- package/dist/harnessClient.js +41 -61
- package/dist/harnessClient.js.map +1 -1
- package/dist/identityClient.d.ts +9 -27
- package/dist/identityClient.js +39 -203
- package/dist/identityClient.js.map +1 -1
- package/dist/index.d.ts +6 -15
- package/dist/index.js +1171 -2256
- package/dist/index.js.map +1 -1
- package/dist/jobsClient.js +19 -60
- package/dist/jobsClient.js.map +1 -1
- package/dist/learningClient.d.ts +6 -6
- package/dist/learningClient.js +43 -78
- package/dist/learningClient.js.map +1 -1
- package/dist/lenses/index.d.ts +37 -60
- package/dist/lenses/index.js +1305 -1943
- package/dist/lenses/index.js.map +1 -1
- package/dist/mcpClient.js +13 -51
- package/dist/mcpClient.js.map +1 -1
- package/dist/modelRuntimeClient.js +18 -60
- package/dist/modelRuntimeClient.js.map +1 -1
- package/dist/nodes/index.d.ts +22 -49
- package/dist/nodes/index.js +1305 -1943
- package/dist/nodes/index.js.map +1 -1
- package/dist/ontologies/index.d.ts +31 -37
- package/dist/ontologies/index.js +1305 -1943
- package/dist/ontologies/index.js.map +1 -1
- package/dist/ontologyClient.d.ts +25 -17
- package/dist/ontologyClient.js +41 -86
- package/dist/ontologyClient.js.map +1 -1
- package/dist/ontologyLinksClient.js +19 -60
- package/dist/ontologyLinksClient.js.map +1 -1
- package/dist/orgGraphSearchClient.js +14 -53
- package/dist/orgGraphSearchClient.js.map +1 -1
- package/dist/packRuntime.d.ts +1 -2
- package/dist/packsClient.d.ts +23 -9
- package/dist/packsClient.js +47 -62
- package/dist/packsClient.js.map +1 -1
- package/dist/policyClient.d.ts +10 -11
- package/dist/policyClient.js +26 -71
- package/dist/policyClient.js.map +1 -1
- package/dist/questions/index.d.ts +3 -8
- package/dist/questions/index.js +1305 -1943
- package/dist/questions/index.js.map +1 -1
- package/dist/realtime/index.d.ts +1 -1
- package/dist/reportsClient.d.ts +7 -7
- package/dist/reportsClient.js +52 -107
- package/dist/reportsClient.js.map +1 -1
- package/dist/schemaClient.d.ts +3 -3
- package/dist/schemaClient.js +30 -63
- package/dist/schemaClient.js.map +1 -1
- package/dist/sdkSurface.d.ts +3 -6
- package/dist/sdkSurface.js +6 -10
- package/dist/sdkSurface.js.map +1 -1
- package/dist/sourcesClient.js +15 -50
- package/dist/sourcesClient.js.map +1 -1
- package/dist/telemetryClient.js +19 -60
- package/dist/telemetryClient.js.map +1 -1
- package/dist/toolRegistryClient.d.ts +2 -10
- package/dist/toolRegistryClient.js +20 -73
- package/dist/toolRegistryClient.js.map +1 -1
- package/dist/topics/index.d.ts +8 -19
- package/dist/topics/index.js +1305 -1945
- package/dist/topics/index.js.map +1 -1
- package/dist/topicsClient.d.ts +0 -2
- package/dist/topicsClient.js +20 -60
- package/dist/topicsClient.js.map +1 -1
- package/dist/types.d.ts +0 -17
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/dist/version.js.map +1 -1
- package/dist/workflowClient.d.ts +40 -58
- package/dist/workflowClient.js +54 -66
- package/dist/workflowClient.js.map +1 -1
- package/dist/worktrees/index.d.ts +33 -54
- package/dist/worktrees/index.js +1305 -1943
- package/dist/worktrees/index.js.map +1 -1
- package/package.json +3 -17
- package/dist/accessControl.d.ts +0 -79
- package/dist/accessControl.js +0 -1270
- package/dist/accessControl.js.map +0 -1
- package/dist/clientHelpers.d.ts +0 -48
- package/dist/clientHelpers.js +0 -137
- package/dist/clientHelpers.js.map +0 -1
- package/dist/control-plane.d.ts +0 -69
- package/dist/control-plane.js +0 -674
- package/dist/control-plane.js.map +0 -1
- package/dist/functionSurface.d.ts +0 -144
- package/dist/functionSurface.js +0 -1227
- package/dist/functionSurface.js.map +0 -1
- package/dist/functionSurfaceClient.d.ts +0 -8
- package/dist/functionSurfaceClient.js +0 -1227
- package/dist/functionSurfaceClient.js.map +0 -1
- package/dist/graphIntel.d.ts +0 -4
- package/dist/graphIntel.js +0 -3
- package/dist/graphIntel.js.map +0 -1
- package/dist/graphIntelligence.d.ts +0 -2
- package/dist/graphIntelligence.js +0 -47
- package/dist/graphIntelligence.js.map +0 -1
- package/dist/infisicalRuntime.d.ts +0 -43
- package/dist/infisicalRuntime.js +0 -346
- package/dist/infisicalRuntime.js.map +0 -1
- package/dist/secrets.d.ts +0 -1
- package/dist/secrets.js +0 -3
- package/dist/secrets.js.map +0 -1
package/dist/identityClient.js
CHANGED
|
@@ -29,14 +29,14 @@ function requireString(value, reason, label) {
|
|
|
29
29
|
}
|
|
30
30
|
return normalized;
|
|
31
31
|
}
|
|
32
|
-
function requirePrincipalType(
|
|
33
|
-
if (!
|
|
32
|
+
function requirePrincipalType(principalType) {
|
|
33
|
+
if (!principalType) {
|
|
34
34
|
throw new LucernSdkAuthContextError(
|
|
35
35
|
"principal_missing",
|
|
36
36
|
"Canonical Lucern SDK auth context is missing principalType."
|
|
37
37
|
);
|
|
38
38
|
}
|
|
39
|
-
return
|
|
39
|
+
return principalType;
|
|
40
40
|
}
|
|
41
41
|
function requireAuthMode(authMode) {
|
|
42
42
|
if (!authMode) {
|
|
@@ -82,15 +82,14 @@ function normalizeCanonicalLucernAuthContext(input) {
|
|
|
82
82
|
);
|
|
83
83
|
const roles = cleanStringList(input.roles);
|
|
84
84
|
const scopes = cleanStringList(input.scopes);
|
|
85
|
-
|
|
86
|
-
const authMode = requireAuthMode(input.authMode);
|
|
87
|
-
const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
|
|
88
|
-
if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
|
|
85
|
+
if (roles.length === 0 || scopes.length === 0) {
|
|
89
86
|
throw new LucernSdkAuthContextError(
|
|
90
87
|
"membership_missing",
|
|
91
88
|
"Canonical Lucern SDK auth context requires non-empty roles and scopes."
|
|
92
89
|
);
|
|
93
90
|
}
|
|
91
|
+
const principalType = requirePrincipalType(input.principalType);
|
|
92
|
+
const authMode = requireAuthMode(input.authMode);
|
|
94
93
|
const subject = cleanString(input.permit?.subject) ?? principalId;
|
|
95
94
|
const tenant = cleanString(input.permit?.tenant) ?? tenantId;
|
|
96
95
|
const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
|
|
@@ -111,7 +110,7 @@ function normalizeCanonicalLucernAuthContext(input) {
|
|
|
111
110
|
principalId,
|
|
112
111
|
tenantId,
|
|
113
112
|
workspaceId,
|
|
114
|
-
principalType
|
|
113
|
+
principalType,
|
|
115
114
|
authMode,
|
|
116
115
|
roles,
|
|
117
116
|
scopes,
|
|
@@ -232,7 +231,9 @@ function generatePortableRequestId() {
|
|
|
232
231
|
8
|
|
233
232
|
).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
|
|
234
233
|
}
|
|
235
|
-
|
|
234
|
+
function randomIdempotencyKey() {
|
|
235
|
+
return generatePortableRequestId();
|
|
236
|
+
}
|
|
236
237
|
function isRetryableStatus(status) {
|
|
237
238
|
return status >= 500 || status === 408 || status === 429;
|
|
238
239
|
}
|
|
@@ -297,11 +298,8 @@ function timeoutError(timeoutMs) {
|
|
|
297
298
|
error.name = "AbortError";
|
|
298
299
|
return error;
|
|
299
300
|
}
|
|
300
|
-
function isRecord(value) {
|
|
301
|
-
return value !== null && typeof value === "object" && !Array.isArray(value);
|
|
302
|
-
}
|
|
303
301
|
function readPolicySummaryFromDetails(details) {
|
|
304
|
-
if (!
|
|
302
|
+
if (!details || typeof details !== "object" || Array.isArray(details)) {
|
|
305
303
|
return null;
|
|
306
304
|
}
|
|
307
305
|
const directSummary = details.summary;
|
|
@@ -309,11 +307,11 @@ function readPolicySummaryFromDetails(details) {
|
|
|
309
307
|
return directSummary.trim();
|
|
310
308
|
}
|
|
311
309
|
const policy = details.policy;
|
|
312
|
-
if (!
|
|
310
|
+
if (!policy || typeof policy !== "object" || Array.isArray(policy)) {
|
|
313
311
|
return null;
|
|
314
312
|
}
|
|
315
313
|
const explanation = policy.explanation;
|
|
316
|
-
if (!
|
|
314
|
+
if (!explanation || typeof explanation !== "object" || Array.isArray(explanation)) {
|
|
317
315
|
return null;
|
|
318
316
|
}
|
|
319
317
|
const nestedSummary = explanation.summary;
|
|
@@ -342,31 +340,13 @@ function mergeHeaderRecord(base, addition) {
|
|
|
342
340
|
}
|
|
343
341
|
return Object.fromEntries(headers.entries());
|
|
344
342
|
}
|
|
345
|
-
function cleanHeaderValue(value) {
|
|
346
|
-
const normalized = value?.trim();
|
|
347
|
-
return normalized ? normalized : void 0;
|
|
348
|
-
}
|
|
349
343
|
function createGatewayRequestClient(config = {}) {
|
|
350
344
|
const fetchImpl = config.fetchImpl ?? fetch;
|
|
351
345
|
const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
|
|
352
346
|
const maxRetries = config.maxRetries ?? 2;
|
|
353
347
|
const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
|
|
354
348
|
async function resolveAuthHeaders() {
|
|
355
|
-
const
|
|
356
|
-
const headers = new Headers(provided);
|
|
357
|
-
const setIfAbsent = (name, value) => {
|
|
358
|
-
const normalized = cleanHeaderValue(value);
|
|
359
|
-
if (normalized && !headers.has(name)) {
|
|
360
|
-
headers.set(name, normalized);
|
|
361
|
-
}
|
|
362
|
-
};
|
|
363
|
-
setIfAbsent("x-lucern-key", config.apiKey);
|
|
364
|
-
setIfAbsent("x-lucern-session-token", config.userToken);
|
|
365
|
-
setIfAbsent("x-lucern-environment", config.environment);
|
|
366
|
-
setIfAbsent("x-lucern-clerk-id", config.clerkId);
|
|
367
|
-
setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
|
|
368
|
-
setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
|
|
369
|
-
const base = Object.fromEntries(headers.entries());
|
|
349
|
+
const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
|
|
370
350
|
const authContextInput = await resolveConfiguredAuthContext(
|
|
371
351
|
config.authContext
|
|
372
352
|
);
|
|
@@ -395,11 +375,11 @@ function createGatewayRequestClient(config = {}) {
|
|
|
395
375
|
if (!text) {
|
|
396
376
|
return null;
|
|
397
377
|
}
|
|
398
|
-
|
|
399
|
-
|
|
378
|
+
try {
|
|
379
|
+
return JSON.parse(text);
|
|
380
|
+
} catch {
|
|
400
381
|
return null;
|
|
401
382
|
}
|
|
402
|
-
return isRecord(parsed.value) ? parsed.value : null;
|
|
403
383
|
}
|
|
404
384
|
function resolveTimeoutMs(method, requestTimeoutMs) {
|
|
405
385
|
if (typeof requestTimeoutMs === "number") {
|
|
@@ -411,31 +391,16 @@ function createGatewayRequestClient(config = {}) {
|
|
|
411
391
|
}
|
|
412
392
|
return config.timeoutMs ?? 15e3;
|
|
413
393
|
}
|
|
414
|
-
function tryParseGatewayEnvelopeJson(text) {
|
|
415
|
-
const trimmed = text.trim();
|
|
416
|
-
if (!trimmed.startsWith("{") && !trimmed.startsWith("[")) {
|
|
417
|
-
return { ok: false, reason: "non-json" };
|
|
418
|
-
}
|
|
419
|
-
try {
|
|
420
|
-
return { ok: true, value: JSON.parse(trimmed) };
|
|
421
|
-
} catch (error) {
|
|
422
|
-
if (error instanceof SyntaxError) {
|
|
423
|
-
return { ok: false, reason: "invalid-json", error };
|
|
424
|
-
}
|
|
425
|
-
throw error;
|
|
426
|
-
}
|
|
427
|
-
}
|
|
428
394
|
function buildApiError(args) {
|
|
429
395
|
const failure = args.failure;
|
|
430
|
-
const legacyError = failure &&
|
|
396
|
+
const legacyError = failure && typeof failure.error === "object" && failure.error !== null ? failure.error : failure?.legacyError;
|
|
431
397
|
const correlationId = failure?.correlationId ?? args.response.headers.get("x-lucern-correlation-id")?.trim() ?? args.requestId;
|
|
432
398
|
const policyTraceId = failure?.policyTraceId ?? args.response.headers.get("x-lucern-policy-trace-id")?.trim() ?? null;
|
|
433
399
|
const details = failure?.details ?? legacyError?.details;
|
|
434
400
|
const policySummary = readPolicySummaryFromDetails(details);
|
|
435
|
-
const failureMessage = typeof failure?.error === "string" ? failure.error : legacyError?.message;
|
|
436
401
|
return new LucernApiError({
|
|
437
402
|
code: failure?.code ?? legacyError?.code ?? fallbackErrorCode(args.response.status),
|
|
438
|
-
message: policySummary ??
|
|
403
|
+
message: policySummary ?? (typeof failure?.error === "string" ? failure.error : legacyError?.message ?? (args.response.ok ? "Platform API returned an invalid success payload." : "Platform API request failed.")),
|
|
439
404
|
status: args.response.status,
|
|
440
405
|
invariant: failure?.invariant,
|
|
441
406
|
suggestion: failure?.suggestion,
|
|
@@ -567,10 +532,7 @@ function createListResult(items, legacyKey) {
|
|
|
567
532
|
total: items.length
|
|
568
533
|
};
|
|
569
534
|
if (legacyKey) {
|
|
570
|
-
|
|
571
|
-
...result,
|
|
572
|
-
[legacyKey]: items
|
|
573
|
-
};
|
|
535
|
+
result[legacyKey] = items;
|
|
574
536
|
}
|
|
575
537
|
return result;
|
|
576
538
|
}
|
|
@@ -586,9 +548,6 @@ function cleanOptionalString(value) {
|
|
|
586
548
|
const normalized = value?.trim();
|
|
587
549
|
return normalized ? normalized : void 0;
|
|
588
550
|
}
|
|
589
|
-
function isRecord2(value) {
|
|
590
|
-
return Boolean(value) && typeof value === "object" && !Array.isArray(value);
|
|
591
|
-
}
|
|
592
551
|
function cleanRequiredString(value, label) {
|
|
593
552
|
const normalized = cleanOptionalString(value);
|
|
594
553
|
if (!normalized) {
|
|
@@ -610,117 +569,13 @@ function knownPayload(input, allowed, operation) {
|
|
|
610
569
|
return { ...input };
|
|
611
570
|
}
|
|
612
571
|
function listResultFromEnvelope(data, legacyKey) {
|
|
613
|
-
const record =
|
|
614
|
-
const legacyItems = record[legacyKey];
|
|
572
|
+
const record = data && typeof data === "object" ? data : {};
|
|
615
573
|
return createListResult(
|
|
616
|
-
Array.isArray(
|
|
574
|
+
Array.isArray(record[legacyKey]) ? record[legacyKey] : Array.isArray(data) ? data : [],
|
|
617
575
|
legacyKey
|
|
618
576
|
);
|
|
619
577
|
}
|
|
620
578
|
|
|
621
|
-
// src/control-plane.ts
|
|
622
|
-
var LucernControlPlaneIdentityError = class extends Error {
|
|
623
|
-
reason;
|
|
624
|
-
principalStatus;
|
|
625
|
-
tenantStatus;
|
|
626
|
-
workspaceStatus;
|
|
627
|
-
details;
|
|
628
|
-
constructor(failure) {
|
|
629
|
-
super(failure.message);
|
|
630
|
-
this.name = "LucernControlPlaneIdentityError";
|
|
631
|
-
this.reason = failure.reason;
|
|
632
|
-
this.principalStatus = failure.principalStatus;
|
|
633
|
-
this.tenantStatus = failure.tenantStatus;
|
|
634
|
-
this.workspaceStatus = failure.workspaceStatus;
|
|
635
|
-
this.details = failure.details;
|
|
636
|
-
}
|
|
637
|
-
};
|
|
638
|
-
function cleanString2(value) {
|
|
639
|
-
return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
|
|
640
|
-
}
|
|
641
|
-
function stringList(value) {
|
|
642
|
-
if (!Array.isArray(value)) {
|
|
643
|
-
return [];
|
|
644
|
-
}
|
|
645
|
-
return [
|
|
646
|
-
...new Set(
|
|
647
|
-
value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
|
|
648
|
-
)
|
|
649
|
-
];
|
|
650
|
-
}
|
|
651
|
-
function principalType(value) {
|
|
652
|
-
switch (value) {
|
|
653
|
-
case "service":
|
|
654
|
-
case "service_principal":
|
|
655
|
-
return "service";
|
|
656
|
-
case "agent":
|
|
657
|
-
return "agent";
|
|
658
|
-
case "group":
|
|
659
|
-
return "group";
|
|
660
|
-
case "external_viewer":
|
|
661
|
-
case "external_stakeholder":
|
|
662
|
-
return "external_viewer";
|
|
663
|
-
default:
|
|
664
|
-
return "human";
|
|
665
|
-
}
|
|
666
|
-
}
|
|
667
|
-
function adminFlags(roles) {
|
|
668
|
-
const normalized = roles.map((role) => role.toLowerCase());
|
|
669
|
-
const isPlatformAdmin = normalized.includes("platform_admin");
|
|
670
|
-
const isTenantAdmin = isPlatformAdmin || normalized.includes("tenant_admin");
|
|
671
|
-
const isWorkspaceAdmin = isTenantAdmin || normalized.includes("workspace_admin") || normalized.includes("workspace_owner");
|
|
672
|
-
return { isPlatformAdmin, isTenantAdmin, isWorkspaceAdmin };
|
|
673
|
-
}
|
|
674
|
-
function normalizeResolvedInteractivePrincipal(payload) {
|
|
675
|
-
if ("ok" in payload && payload.ok === false) {
|
|
676
|
-
throw new LucernControlPlaneIdentityError(payload);
|
|
677
|
-
}
|
|
678
|
-
const principalId = cleanString2(payload.principalId);
|
|
679
|
-
const clerkId = cleanString2(payload.clerkId);
|
|
680
|
-
const tenantId = cleanString2(payload.tenantId);
|
|
681
|
-
if (!principalId || !clerkId || !tenantId) {
|
|
682
|
-
throw new LucernControlPlaneIdentityError({
|
|
683
|
-
ok: false,
|
|
684
|
-
reason: "resolver_unavailable",
|
|
685
|
-
message: "Control-plane principal resolver returned an incomplete principal context.",
|
|
686
|
-
principalStatus: payload.principalStatus ?? "missing",
|
|
687
|
-
tenantStatus: payload.tenantStatus,
|
|
688
|
-
workspaceStatus: payload.workspaceStatus
|
|
689
|
-
});
|
|
690
|
-
}
|
|
691
|
-
const roles = stringList(payload.roles);
|
|
692
|
-
const scopes = stringList(payload.scopes);
|
|
693
|
-
const workspaceId = cleanString2(payload.workspaceId) ?? null;
|
|
694
|
-
const flags = adminFlags(roles);
|
|
695
|
-
return {
|
|
696
|
-
principalId,
|
|
697
|
-
principalType: principalType(payload.principalType),
|
|
698
|
-
clerkId,
|
|
699
|
-
tenantId,
|
|
700
|
-
workspaceId,
|
|
701
|
-
roles,
|
|
702
|
-
scopes,
|
|
703
|
-
groupIds: stringList(payload.groupIds),
|
|
704
|
-
permittedToolNames: stringList(payload.permittedToolNames),
|
|
705
|
-
permittedPackKeys: stringList(payload.permittedPackKeys),
|
|
706
|
-
principalStatus: cleanString2(payload.principalStatus) ?? "active",
|
|
707
|
-
tenantStatus: cleanString2(payload.tenantStatus) ?? "active",
|
|
708
|
-
workspaceStatus: cleanString2(payload.workspaceStatus) ?? (workspaceId ? "active" : "none"),
|
|
709
|
-
isPlatformAdmin: typeof payload.isPlatformAdmin === "boolean" ? payload.isPlatformAdmin : flags.isPlatformAdmin,
|
|
710
|
-
isTenantAdmin: typeof payload.isTenantAdmin === "boolean" ? payload.isTenantAdmin : flags.isTenantAdmin,
|
|
711
|
-
isWorkspaceAdmin: typeof payload.isWorkspaceAdmin === "boolean" ? payload.isWorkspaceAdmin : flags.isWorkspaceAdmin,
|
|
712
|
-
permit: {
|
|
713
|
-
subject: cleanString2(payload.permit?.subject) ?? principalId,
|
|
714
|
-
tenant: cleanString2(payload.permit?.tenant) ?? tenantId,
|
|
715
|
-
...workspaceId ? { workspace: cleanString2(payload.permit?.workspace) ?? workspaceId } : {}
|
|
716
|
-
},
|
|
717
|
-
authMode: "interactive_user",
|
|
718
|
-
sessionId: payload.sessionId,
|
|
719
|
-
delegatedBy: payload.delegatedBy,
|
|
720
|
-
expiresAt: payload.expiresAt
|
|
721
|
-
};
|
|
722
|
-
}
|
|
723
|
-
|
|
724
579
|
// src/identityClient.ts
|
|
725
580
|
function createIdentityWhoamiClient(config = {}) {
|
|
726
581
|
const gateway = createGatewayRequestClient(config);
|
|
@@ -772,13 +627,6 @@ function createIdentityClient(config = {}) {
|
|
|
772
627
|
body: input,
|
|
773
628
|
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
774
629
|
});
|
|
775
|
-
const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
|
|
776
|
-
const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
|
|
777
|
-
path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
|
|
778
|
-
method: "POST",
|
|
779
|
-
body: input,
|
|
780
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
781
|
-
});
|
|
782
630
|
return {
|
|
783
631
|
/**
|
|
784
632
|
* Resolve the current authenticated identity summary.
|
|
@@ -788,25 +636,13 @@ function createIdentityClient(config = {}) {
|
|
|
788
636
|
(response) => mapGatewayData(response, (data) => ({
|
|
789
637
|
principalId: data.principalId,
|
|
790
638
|
principalType: data.principalType,
|
|
791
|
-
clerkId: data.clerkId,
|
|
792
639
|
tenantId: data.tenantId ?? null,
|
|
793
640
|
workspaceId: data.workspaceId ?? null,
|
|
794
641
|
scopes: Array.isArray(data.scopes) ? data.scopes : [],
|
|
795
642
|
roles: Array.isArray(data.roles) ? data.roles : [],
|
|
796
|
-
groupIds: Array.isArray(data.groupIds) ? data.groupIds : [],
|
|
797
|
-
permittedToolNames: Array.isArray(data.permittedToolNames) ? data.permittedToolNames : [],
|
|
798
|
-
permittedPackKeys: Array.isArray(data.permittedPackKeys) ? data.permittedPackKeys : [],
|
|
799
|
-
principalStatus: data.principalStatus,
|
|
800
|
-
tenantStatus: data.tenantStatus,
|
|
801
|
-
workspaceStatus: data.workspaceStatus,
|
|
802
643
|
isPlatformAdmin: data.isPlatformAdmin === true,
|
|
803
644
|
isTenantAdmin: data.isTenantAdmin === true,
|
|
804
645
|
isWorkspaceAdmin: data.isWorkspaceAdmin === true,
|
|
805
|
-
permit: data.permit ?? (data.tenantId ? {
|
|
806
|
-
subject: data.principalId,
|
|
807
|
-
tenant: data.tenantId,
|
|
808
|
-
...data.workspaceId ? { workspace: data.workspaceId } : {}
|
|
809
|
-
} : void 0),
|
|
810
646
|
authMode: data.authMode,
|
|
811
647
|
sessionId: data.sessionId,
|
|
812
648
|
delegatedBy: data.delegatedBy,
|
|
@@ -814,19 +650,6 @@ function createIdentityClient(config = {}) {
|
|
|
814
650
|
}))
|
|
815
651
|
);
|
|
816
652
|
},
|
|
817
|
-
/**
|
|
818
|
-
* Resolve a Clerk subject through the tenant control-plane Permit projection.
|
|
819
|
-
* @deprecated Prefer lucern.controlPlane.identity.resolveInteractivePrincipal().
|
|
820
|
-
*/
|
|
821
|
-
async resolveInteractivePrincipal(input) {
|
|
822
|
-
return gateway.request({
|
|
823
|
-
path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
|
|
824
|
-
method: "POST",
|
|
825
|
-
body: input
|
|
826
|
-
}).then(
|
|
827
|
-
(response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
|
|
828
|
-
);
|
|
829
|
-
},
|
|
830
653
|
/**
|
|
831
654
|
* List principals in the current identity scope.
|
|
832
655
|
*/
|
|
@@ -852,11 +675,15 @@ function createIdentityClient(config = {}) {
|
|
|
852
675
|
/**
|
|
853
676
|
* Update a principal.
|
|
854
677
|
*/
|
|
855
|
-
updatePrincipal,
|
|
678
|
+
async updatePrincipal(input, idempotencyKey) {
|
|
679
|
+
return requestPrincipalWrite("PATCH", input, idempotencyKey);
|
|
680
|
+
},
|
|
856
681
|
/**
|
|
857
682
|
* @deprecated Use createPrincipal or updatePrincipal.
|
|
858
683
|
*/
|
|
859
|
-
upsertPrincipal
|
|
684
|
+
async upsertPrincipal(input, idempotencyKey) {
|
|
685
|
+
return requestPrincipalWrite("PATCH", input, idempotencyKey);
|
|
686
|
+
},
|
|
860
687
|
/**
|
|
861
688
|
* List keys in the current identity scope.
|
|
862
689
|
*/
|
|
@@ -895,11 +722,20 @@ function createIdentityClient(config = {}) {
|
|
|
895
722
|
/**
|
|
896
723
|
* Delete an API key by revoking it.
|
|
897
724
|
*/
|
|
898
|
-
deleteKey,
|
|
725
|
+
async deleteKey(keyId, input = {}, idempotencyKey) {
|
|
726
|
+
return gateway.request({
|
|
727
|
+
path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
|
|
728
|
+
method: "POST",
|
|
729
|
+
body: input,
|
|
730
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
731
|
+
});
|
|
732
|
+
},
|
|
899
733
|
/**
|
|
900
734
|
* @deprecated Use deleteKey.
|
|
901
735
|
*/
|
|
902
|
-
revokeKey
|
|
736
|
+
async revokeKey(keyId, input = {}, idempotencyKey) {
|
|
737
|
+
return this.deleteKey(keyId, input, idempotencyKey);
|
|
738
|
+
},
|
|
903
739
|
/**
|
|
904
740
|
* Search Clerk users by email or display attributes.
|
|
905
741
|
*/
|