@lucern/sdk 0.3.0-alpha.17 → 0.3.0-alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (210) hide show
  1. package/CHANGELOG.md +0 -12
  2. package/README.md +4 -110
  3. package/dist/adminClient.d.ts +8 -8
  4. package/dist/adminClient.js +40 -70
  5. package/dist/adminClient.js.map +1 -1
  6. package/dist/answersClient.js +12 -49
  7. package/dist/answersClient.js.map +1 -1
  8. package/dist/audience/index.d.ts +1 -2
  9. package/dist/audience/index.js +3 -1
  10. package/dist/audience/index.js.map +1 -1
  11. package/dist/audiencesClient.d.ts +16 -16
  12. package/dist/audiencesClient.js +91 -125
  13. package/dist/audiencesClient.js.map +1 -1
  14. package/dist/auditClient.js +14 -53
  15. package/dist/auditClient.js.map +1 -1
  16. package/dist/authContext.d.ts +2 -2
  17. package/dist/authContext.js +3 -4
  18. package/dist/authContext.js.map +1 -1
  19. package/dist/authDeviceClient.js +3 -16
  20. package/dist/authDeviceClient.js.map +1 -1
  21. package/dist/beliefs/index.d.ts +4 -9
  22. package/dist/beliefs/index.js +1305 -1943
  23. package/dist/beliefs/index.js.map +1 -1
  24. package/dist/beliefsClient.d.ts +2 -2
  25. package/dist/beliefsClient.js +23 -54
  26. package/dist/beliefsClient.js.map +1 -1
  27. package/dist/boundaryClientSurface.js +3 -10
  28. package/dist/boundaryClientSurface.js.map +1 -1
  29. package/dist/client-EiG9nJOY.d.ts +2911 -0
  30. package/dist/client.d.ts +41 -3038
  31. package/dist/client.js +1305 -1943
  32. package/dist/client.js.map +1 -1
  33. package/dist/contextClient.d.ts +3 -4
  34. package/dist/contextClient.js +30 -79
  35. package/dist/contextClient.js.map +1 -1
  36. package/dist/contextFacade.js +16 -25
  37. package/dist/contextFacade.js.map +1 -1
  38. package/dist/contextPackCompiler.js +30 -19
  39. package/dist/contextPackCompiler.js.map +1 -1
  40. package/dist/contextPackPolicy.js +17 -7
  41. package/dist/contextPackPolicy.js.map +1 -1
  42. package/dist/contextTypes.d.ts +0 -2
  43. package/dist/contracts/api-enums.contract.d.ts +2 -2
  44. package/dist/contracts/api-enums.contract.js +1 -6
  45. package/dist/contracts/api-enums.contract.js.map +1 -1
  46. package/dist/contracts/auth-session.contract.d.ts +1 -1
  47. package/dist/contracts/auth-session.contract.js +2 -14
  48. package/dist/contracts/auth-session.contract.js.map +1 -1
  49. package/dist/contracts/index.js +6 -30
  50. package/dist/contracts/index.js.map +1 -1
  51. package/dist/contracts/lens-filter.contract.js +3 -4
  52. package/dist/contracts/lens-filter.contract.js.map +1 -1
  53. package/dist/contracts/lens-workflow.contract.js +3 -4
  54. package/dist/contracts/lens-workflow.contract.js.map +1 -1
  55. package/dist/contracts/lensFilter.js +3 -4
  56. package/dist/contracts/lensFilter.js.map +1 -1
  57. package/dist/contracts/lensWorkflow.js +3 -4
  58. package/dist/contracts/lensWorkflow.js.map +1 -1
  59. package/dist/contracts/mcpTools.js +0 -6
  60. package/dist/contracts/mcpTools.js.map +1 -1
  61. package/dist/contradictions/index.d.ts +3 -8
  62. package/dist/contradictions/index.js +1305 -1943
  63. package/dist/contradictions/index.js.map +1 -1
  64. package/dist/coreClient.d.ts +2 -19
  65. package/dist/coreClient.js +15 -50
  66. package/dist/coreClient.js.map +1 -1
  67. package/dist/decisions/index.d.ts +13 -18
  68. package/dist/decisions/index.js +1305 -1943
  69. package/dist/decisions/index.js.map +1 -1
  70. package/dist/decisionsClient.d.ts +12 -4
  71. package/dist/decisionsClient.js +35 -60
  72. package/dist/decisionsClient.js.map +1 -1
  73. package/dist/edges/index.d.ts +86 -31
  74. package/dist/edges/index.js +1305 -1943
  75. package/dist/edges/index.js.map +1 -1
  76. package/dist/embeddingsClient.js +18 -60
  77. package/dist/embeddingsClient.js.map +1 -1
  78. package/dist/eventingClient.js +18 -60
  79. package/dist/eventingClient.js.map +1 -1
  80. package/dist/events.js +3 -6
  81. package/dist/events.js.map +1 -1
  82. package/dist/eventsCore.d.ts +1 -1
  83. package/dist/eventsCore.js +15 -50
  84. package/dist/eventsCore.js.map +1 -1
  85. package/dist/evidence/index.d.ts +3 -8
  86. package/dist/evidence/index.js +1305 -1943
  87. package/dist/evidence/index.js.map +1 -1
  88. package/dist/evidenceClient.js +15 -50
  89. package/dist/evidenceClient.js.map +1 -1
  90. package/dist/facade/context.d.ts +1 -2
  91. package/dist/facade/context.js +16 -25
  92. package/dist/facade/context.js.map +1 -1
  93. package/dist/gatewayFacades.d.ts +48 -90
  94. package/dist/gatewayFacades.js +128 -251
  95. package/dist/gatewayFacades.js.map +1 -1
  96. package/dist/graphAnalysisClient.d.ts +1 -53
  97. package/dist/graphAnalysisClient.js +17 -81
  98. package/dist/graphAnalysisClient.js.map +1 -1
  99. package/dist/graphClient.d.ts +13 -6
  100. package/dist/graphClient.js +39 -65
  101. package/dist/graphClient.js.map +1 -1
  102. package/dist/graphRecommendationsClient.js +17 -54
  103. package/dist/graphRecommendationsClient.js.map +1 -1
  104. package/dist/graphStateClassifierClient.js +19 -60
  105. package/dist/graphStateClassifierClient.js.map +1 -1
  106. package/dist/harnessClient.d.ts +24 -13
  107. package/dist/harnessClient.js +41 -61
  108. package/dist/harnessClient.js.map +1 -1
  109. package/dist/identityClient.d.ts +9 -27
  110. package/dist/identityClient.js +39 -203
  111. package/dist/identityClient.js.map +1 -1
  112. package/dist/index.d.ts +6 -15
  113. package/dist/index.js +1171 -2256
  114. package/dist/index.js.map +1 -1
  115. package/dist/jobsClient.js +19 -60
  116. package/dist/jobsClient.js.map +1 -1
  117. package/dist/learningClient.d.ts +6 -6
  118. package/dist/learningClient.js +43 -78
  119. package/dist/learningClient.js.map +1 -1
  120. package/dist/lenses/index.d.ts +37 -60
  121. package/dist/lenses/index.js +1305 -1943
  122. package/dist/lenses/index.js.map +1 -1
  123. package/dist/mcpClient.js +13 -51
  124. package/dist/mcpClient.js.map +1 -1
  125. package/dist/modelRuntimeClient.js +18 -60
  126. package/dist/modelRuntimeClient.js.map +1 -1
  127. package/dist/nodes/index.d.ts +22 -49
  128. package/dist/nodes/index.js +1305 -1943
  129. package/dist/nodes/index.js.map +1 -1
  130. package/dist/ontologies/index.d.ts +31 -37
  131. package/dist/ontologies/index.js +1305 -1943
  132. package/dist/ontologies/index.js.map +1 -1
  133. package/dist/ontologyClient.d.ts +25 -17
  134. package/dist/ontologyClient.js +41 -86
  135. package/dist/ontologyClient.js.map +1 -1
  136. package/dist/ontologyLinksClient.js +19 -60
  137. package/dist/ontologyLinksClient.js.map +1 -1
  138. package/dist/orgGraphSearchClient.js +14 -53
  139. package/dist/orgGraphSearchClient.js.map +1 -1
  140. package/dist/packRuntime.d.ts +1 -2
  141. package/dist/packsClient.d.ts +23 -9
  142. package/dist/packsClient.js +47 -62
  143. package/dist/packsClient.js.map +1 -1
  144. package/dist/policyClient.d.ts +10 -11
  145. package/dist/policyClient.js +26 -71
  146. package/dist/policyClient.js.map +1 -1
  147. package/dist/questions/index.d.ts +3 -8
  148. package/dist/questions/index.js +1305 -1943
  149. package/dist/questions/index.js.map +1 -1
  150. package/dist/realtime/index.d.ts +1 -1
  151. package/dist/reportsClient.d.ts +7 -7
  152. package/dist/reportsClient.js +52 -107
  153. package/dist/reportsClient.js.map +1 -1
  154. package/dist/schemaClient.d.ts +3 -3
  155. package/dist/schemaClient.js +30 -63
  156. package/dist/schemaClient.js.map +1 -1
  157. package/dist/sdkSurface.d.ts +3 -6
  158. package/dist/sdkSurface.js +6 -10
  159. package/dist/sdkSurface.js.map +1 -1
  160. package/dist/sourcesClient.js +15 -50
  161. package/dist/sourcesClient.js.map +1 -1
  162. package/dist/telemetryClient.js +19 -60
  163. package/dist/telemetryClient.js.map +1 -1
  164. package/dist/toolRegistryClient.d.ts +2 -10
  165. package/dist/toolRegistryClient.js +20 -73
  166. package/dist/toolRegistryClient.js.map +1 -1
  167. package/dist/topics/index.d.ts +8 -19
  168. package/dist/topics/index.js +1305 -1945
  169. package/dist/topics/index.js.map +1 -1
  170. package/dist/topicsClient.d.ts +0 -2
  171. package/dist/topicsClient.js +20 -60
  172. package/dist/topicsClient.js.map +1 -1
  173. package/dist/types.d.ts +0 -17
  174. package/dist/version.d.ts +1 -1
  175. package/dist/version.js +1 -1
  176. package/dist/version.js.map +1 -1
  177. package/dist/workflowClient.d.ts +40 -58
  178. package/dist/workflowClient.js +54 -66
  179. package/dist/workflowClient.js.map +1 -1
  180. package/dist/worktrees/index.d.ts +33 -54
  181. package/dist/worktrees/index.js +1305 -1943
  182. package/dist/worktrees/index.js.map +1 -1
  183. package/package.json +3 -17
  184. package/dist/accessControl.d.ts +0 -79
  185. package/dist/accessControl.js +0 -1270
  186. package/dist/accessControl.js.map +0 -1
  187. package/dist/clientHelpers.d.ts +0 -48
  188. package/dist/clientHelpers.js +0 -137
  189. package/dist/clientHelpers.js.map +0 -1
  190. package/dist/control-plane.d.ts +0 -69
  191. package/dist/control-plane.js +0 -674
  192. package/dist/control-plane.js.map +0 -1
  193. package/dist/functionSurface.d.ts +0 -144
  194. package/dist/functionSurface.js +0 -1227
  195. package/dist/functionSurface.js.map +0 -1
  196. package/dist/functionSurfaceClient.d.ts +0 -8
  197. package/dist/functionSurfaceClient.js +0 -1227
  198. package/dist/functionSurfaceClient.js.map +0 -1
  199. package/dist/graphIntel.d.ts +0 -4
  200. package/dist/graphIntel.js +0 -3
  201. package/dist/graphIntel.js.map +0 -1
  202. package/dist/graphIntelligence.d.ts +0 -2
  203. package/dist/graphIntelligence.js +0 -47
  204. package/dist/graphIntelligence.js.map +0 -1
  205. package/dist/infisicalRuntime.d.ts +0 -43
  206. package/dist/infisicalRuntime.js +0 -346
  207. package/dist/infisicalRuntime.js.map +0 -1
  208. package/dist/secrets.d.ts +0 -1
  209. package/dist/secrets.js +0 -3
  210. package/dist/secrets.js.map +0 -1
@@ -29,14 +29,14 @@ function requireString(value, reason, label) {
29
29
  }
30
30
  return normalized;
31
31
  }
32
- function requirePrincipalType(principalType2) {
33
- if (!principalType2) {
32
+ function requirePrincipalType(principalType) {
33
+ if (!principalType) {
34
34
  throw new LucernSdkAuthContextError(
35
35
  "principal_missing",
36
36
  "Canonical Lucern SDK auth context is missing principalType."
37
37
  );
38
38
  }
39
- return principalType2;
39
+ return principalType;
40
40
  }
41
41
  function requireAuthMode(authMode) {
42
42
  if (!authMode) {
@@ -82,15 +82,14 @@ function normalizeCanonicalLucernAuthContext(input) {
82
82
  );
83
83
  const roles = cleanStringList(input.roles);
84
84
  const scopes = cleanStringList(input.scopes);
85
- const principalType2 = requirePrincipalType(input.principalType);
86
- const authMode = requireAuthMode(input.authMode);
87
- const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
88
- if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
85
+ if (roles.length === 0 || scopes.length === 0) {
89
86
  throw new LucernSdkAuthContextError(
90
87
  "membership_missing",
91
88
  "Canonical Lucern SDK auth context requires non-empty roles and scopes."
92
89
  );
93
90
  }
91
+ const principalType = requirePrincipalType(input.principalType);
92
+ const authMode = requireAuthMode(input.authMode);
94
93
  const subject = cleanString(input.permit?.subject) ?? principalId;
95
94
  const tenant = cleanString(input.permit?.tenant) ?? tenantId;
96
95
  const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
@@ -111,7 +110,7 @@ function normalizeCanonicalLucernAuthContext(input) {
111
110
  principalId,
112
111
  tenantId,
113
112
  workspaceId,
114
- principalType: principalType2,
113
+ principalType,
115
114
  authMode,
116
115
  roles,
117
116
  scopes,
@@ -232,7 +231,9 @@ function generatePortableRequestId() {
232
231
  8
233
232
  ).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
234
233
  }
235
- var randomIdempotencyKey = generatePortableRequestId;
234
+ function randomIdempotencyKey() {
235
+ return generatePortableRequestId();
236
+ }
236
237
  function isRetryableStatus(status) {
237
238
  return status >= 500 || status === 408 || status === 429;
238
239
  }
@@ -297,11 +298,8 @@ function timeoutError(timeoutMs) {
297
298
  error.name = "AbortError";
298
299
  return error;
299
300
  }
300
- function isRecord(value) {
301
- return value !== null && typeof value === "object" && !Array.isArray(value);
302
- }
303
301
  function readPolicySummaryFromDetails(details) {
304
- if (!isRecord(details)) {
302
+ if (!details || typeof details !== "object" || Array.isArray(details)) {
305
303
  return null;
306
304
  }
307
305
  const directSummary = details.summary;
@@ -309,11 +307,11 @@ function readPolicySummaryFromDetails(details) {
309
307
  return directSummary.trim();
310
308
  }
311
309
  const policy = details.policy;
312
- if (!isRecord(policy)) {
310
+ if (!policy || typeof policy !== "object" || Array.isArray(policy)) {
313
311
  return null;
314
312
  }
315
313
  const explanation = policy.explanation;
316
- if (!isRecord(explanation)) {
314
+ if (!explanation || typeof explanation !== "object" || Array.isArray(explanation)) {
317
315
  return null;
318
316
  }
319
317
  const nestedSummary = explanation.summary;
@@ -342,31 +340,13 @@ function mergeHeaderRecord(base, addition) {
342
340
  }
343
341
  return Object.fromEntries(headers.entries());
344
342
  }
345
- function cleanHeaderValue(value) {
346
- const normalized = value?.trim();
347
- return normalized ? normalized : void 0;
348
- }
349
343
  function createGatewayRequestClient(config = {}) {
350
344
  const fetchImpl = config.fetchImpl ?? fetch;
351
345
  const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
352
346
  const maxRetries = config.maxRetries ?? 2;
353
347
  const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
354
348
  async function resolveAuthHeaders() {
355
- const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};
356
- const headers = new Headers(provided);
357
- const setIfAbsent = (name, value) => {
358
- const normalized = cleanHeaderValue(value);
359
- if (normalized && !headers.has(name)) {
360
- headers.set(name, normalized);
361
- }
362
- };
363
- setIfAbsent("x-lucern-key", config.apiKey);
364
- setIfAbsent("x-lucern-session-token", config.userToken);
365
- setIfAbsent("x-lucern-environment", config.environment);
366
- setIfAbsent("x-lucern-clerk-id", config.clerkId);
367
- setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
368
- setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
369
- const base = Object.fromEntries(headers.entries());
349
+ const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
370
350
  const authContextInput = await resolveConfiguredAuthContext(
371
351
  config.authContext
372
352
  );
@@ -395,11 +375,11 @@ function createGatewayRequestClient(config = {}) {
395
375
  if (!text) {
396
376
  return null;
397
377
  }
398
- const parsed = tryParseGatewayEnvelopeJson(text);
399
- if (!parsed.ok) {
378
+ try {
379
+ return JSON.parse(text);
380
+ } catch {
400
381
  return null;
401
382
  }
402
- return isRecord(parsed.value) ? parsed.value : null;
403
383
  }
404
384
  function resolveTimeoutMs(method, requestTimeoutMs) {
405
385
  if (typeof requestTimeoutMs === "number") {
@@ -411,31 +391,16 @@ function createGatewayRequestClient(config = {}) {
411
391
  }
412
392
  return config.timeoutMs ?? 15e3;
413
393
  }
414
- function tryParseGatewayEnvelopeJson(text) {
415
- const trimmed = text.trim();
416
- if (!trimmed.startsWith("{") && !trimmed.startsWith("[")) {
417
- return { ok: false, reason: "non-json" };
418
- }
419
- try {
420
- return { ok: true, value: JSON.parse(trimmed) };
421
- } catch (error) {
422
- if (error instanceof SyntaxError) {
423
- return { ok: false, reason: "invalid-json", error };
424
- }
425
- throw error;
426
- }
427
- }
428
394
  function buildApiError(args) {
429
395
  const failure = args.failure;
430
- const legacyError = failure && isRecord(failure.error) ? failure.error : failure?.legacyError;
396
+ const legacyError = failure && typeof failure.error === "object" && failure.error !== null ? failure.error : failure?.legacyError;
431
397
  const correlationId = failure?.correlationId ?? args.response.headers.get("x-lucern-correlation-id")?.trim() ?? args.requestId;
432
398
  const policyTraceId = failure?.policyTraceId ?? args.response.headers.get("x-lucern-policy-trace-id")?.trim() ?? null;
433
399
  const details = failure?.details ?? legacyError?.details;
434
400
  const policySummary = readPolicySummaryFromDetails(details);
435
- const failureMessage = typeof failure?.error === "string" ? failure.error : legacyError?.message;
436
401
  return new LucernApiError({
437
402
  code: failure?.code ?? legacyError?.code ?? fallbackErrorCode(args.response.status),
438
- message: policySummary ?? failureMessage ?? (args.response.ok ? "Platform API returned an invalid success payload." : "Platform API request failed."),
403
+ message: policySummary ?? (typeof failure?.error === "string" ? failure.error : legacyError?.message ?? (args.response.ok ? "Platform API returned an invalid success payload." : "Platform API request failed.")),
439
404
  status: args.response.status,
440
405
  invariant: failure?.invariant,
441
406
  suggestion: failure?.suggestion,
@@ -567,10 +532,7 @@ function createListResult(items, legacyKey) {
567
532
  total: items.length
568
533
  };
569
534
  if (legacyKey) {
570
- return {
571
- ...result,
572
- [legacyKey]: items
573
- };
535
+ result[legacyKey] = items;
574
536
  }
575
537
  return result;
576
538
  }
@@ -586,9 +548,6 @@ function cleanOptionalString(value) {
586
548
  const normalized = value?.trim();
587
549
  return normalized ? normalized : void 0;
588
550
  }
589
- function isRecord2(value) {
590
- return Boolean(value) && typeof value === "object" && !Array.isArray(value);
591
- }
592
551
  function cleanRequiredString(value, label) {
593
552
  const normalized = cleanOptionalString(value);
594
553
  if (!normalized) {
@@ -610,117 +569,13 @@ function knownPayload(input, allowed, operation) {
610
569
  return { ...input };
611
570
  }
612
571
  function listResultFromEnvelope(data, legacyKey) {
613
- const record = isRecord2(data) ? data : {};
614
- const legacyItems = record[legacyKey];
572
+ const record = data && typeof data === "object" ? data : {};
615
573
  return createListResult(
616
- Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
574
+ Array.isArray(record[legacyKey]) ? record[legacyKey] : Array.isArray(data) ? data : [],
617
575
  legacyKey
618
576
  );
619
577
  }
620
578
 
621
- // src/control-plane.ts
622
- var LucernControlPlaneIdentityError = class extends Error {
623
- reason;
624
- principalStatus;
625
- tenantStatus;
626
- workspaceStatus;
627
- details;
628
- constructor(failure) {
629
- super(failure.message);
630
- this.name = "LucernControlPlaneIdentityError";
631
- this.reason = failure.reason;
632
- this.principalStatus = failure.principalStatus;
633
- this.tenantStatus = failure.tenantStatus;
634
- this.workspaceStatus = failure.workspaceStatus;
635
- this.details = failure.details;
636
- }
637
- };
638
- function cleanString2(value) {
639
- return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
640
- }
641
- function stringList(value) {
642
- if (!Array.isArray(value)) {
643
- return [];
644
- }
645
- return [
646
- ...new Set(
647
- value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
648
- )
649
- ];
650
- }
651
- function principalType(value) {
652
- switch (value) {
653
- case "service":
654
- case "service_principal":
655
- return "service";
656
- case "agent":
657
- return "agent";
658
- case "group":
659
- return "group";
660
- case "external_viewer":
661
- case "external_stakeholder":
662
- return "external_viewer";
663
- default:
664
- return "human";
665
- }
666
- }
667
- function adminFlags(roles) {
668
- const normalized = roles.map((role) => role.toLowerCase());
669
- const isPlatformAdmin = normalized.includes("platform_admin");
670
- const isTenantAdmin = isPlatformAdmin || normalized.includes("tenant_admin");
671
- const isWorkspaceAdmin = isTenantAdmin || normalized.includes("workspace_admin") || normalized.includes("workspace_owner");
672
- return { isPlatformAdmin, isTenantAdmin, isWorkspaceAdmin };
673
- }
674
- function normalizeResolvedInteractivePrincipal(payload) {
675
- if ("ok" in payload && payload.ok === false) {
676
- throw new LucernControlPlaneIdentityError(payload);
677
- }
678
- const principalId = cleanString2(payload.principalId);
679
- const clerkId = cleanString2(payload.clerkId);
680
- const tenantId = cleanString2(payload.tenantId);
681
- if (!principalId || !clerkId || !tenantId) {
682
- throw new LucernControlPlaneIdentityError({
683
- ok: false,
684
- reason: "resolver_unavailable",
685
- message: "Control-plane principal resolver returned an incomplete principal context.",
686
- principalStatus: payload.principalStatus ?? "missing",
687
- tenantStatus: payload.tenantStatus,
688
- workspaceStatus: payload.workspaceStatus
689
- });
690
- }
691
- const roles = stringList(payload.roles);
692
- const scopes = stringList(payload.scopes);
693
- const workspaceId = cleanString2(payload.workspaceId) ?? null;
694
- const flags = adminFlags(roles);
695
- return {
696
- principalId,
697
- principalType: principalType(payload.principalType),
698
- clerkId,
699
- tenantId,
700
- workspaceId,
701
- roles,
702
- scopes,
703
- groupIds: stringList(payload.groupIds),
704
- permittedToolNames: stringList(payload.permittedToolNames),
705
- permittedPackKeys: stringList(payload.permittedPackKeys),
706
- principalStatus: cleanString2(payload.principalStatus) ?? "active",
707
- tenantStatus: cleanString2(payload.tenantStatus) ?? "active",
708
- workspaceStatus: cleanString2(payload.workspaceStatus) ?? (workspaceId ? "active" : "none"),
709
- isPlatformAdmin: typeof payload.isPlatformAdmin === "boolean" ? payload.isPlatformAdmin : flags.isPlatformAdmin,
710
- isTenantAdmin: typeof payload.isTenantAdmin === "boolean" ? payload.isTenantAdmin : flags.isTenantAdmin,
711
- isWorkspaceAdmin: typeof payload.isWorkspaceAdmin === "boolean" ? payload.isWorkspaceAdmin : flags.isWorkspaceAdmin,
712
- permit: {
713
- subject: cleanString2(payload.permit?.subject) ?? principalId,
714
- tenant: cleanString2(payload.permit?.tenant) ?? tenantId,
715
- ...workspaceId ? { workspace: cleanString2(payload.permit?.workspace) ?? workspaceId } : {}
716
- },
717
- authMode: "interactive_user",
718
- sessionId: payload.sessionId,
719
- delegatedBy: payload.delegatedBy,
720
- expiresAt: payload.expiresAt
721
- };
722
- }
723
-
724
579
  // src/identityClient.ts
725
580
  function createIdentityWhoamiClient(config = {}) {
726
581
  const gateway = createGatewayRequestClient(config);
@@ -772,13 +627,6 @@ function createIdentityClient(config = {}) {
772
627
  body: input,
773
628
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
774
629
  });
775
- const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
776
- const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
777
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
778
- method: "POST",
779
- body: input,
780
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
781
- });
782
630
  return {
783
631
  /**
784
632
  * Resolve the current authenticated identity summary.
@@ -788,25 +636,13 @@ function createIdentityClient(config = {}) {
788
636
  (response) => mapGatewayData(response, (data) => ({
789
637
  principalId: data.principalId,
790
638
  principalType: data.principalType,
791
- clerkId: data.clerkId,
792
639
  tenantId: data.tenantId ?? null,
793
640
  workspaceId: data.workspaceId ?? null,
794
641
  scopes: Array.isArray(data.scopes) ? data.scopes : [],
795
642
  roles: Array.isArray(data.roles) ? data.roles : [],
796
- groupIds: Array.isArray(data.groupIds) ? data.groupIds : [],
797
- permittedToolNames: Array.isArray(data.permittedToolNames) ? data.permittedToolNames : [],
798
- permittedPackKeys: Array.isArray(data.permittedPackKeys) ? data.permittedPackKeys : [],
799
- principalStatus: data.principalStatus,
800
- tenantStatus: data.tenantStatus,
801
- workspaceStatus: data.workspaceStatus,
802
643
  isPlatformAdmin: data.isPlatformAdmin === true,
803
644
  isTenantAdmin: data.isTenantAdmin === true,
804
645
  isWorkspaceAdmin: data.isWorkspaceAdmin === true,
805
- permit: data.permit ?? (data.tenantId ? {
806
- subject: data.principalId,
807
- tenant: data.tenantId,
808
- ...data.workspaceId ? { workspace: data.workspaceId } : {}
809
- } : void 0),
810
646
  authMode: data.authMode,
811
647
  sessionId: data.sessionId,
812
648
  delegatedBy: data.delegatedBy,
@@ -814,19 +650,6 @@ function createIdentityClient(config = {}) {
814
650
  }))
815
651
  );
816
652
  },
817
- /**
818
- * Resolve a Clerk subject through the tenant control-plane Permit projection.
819
- * @deprecated Prefer lucern.controlPlane.identity.resolveInteractivePrincipal().
820
- */
821
- async resolveInteractivePrincipal(input) {
822
- return gateway.request({
823
- path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
824
- method: "POST",
825
- body: input
826
- }).then(
827
- (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
828
- );
829
- },
830
653
  /**
831
654
  * List principals in the current identity scope.
832
655
  */
@@ -852,11 +675,15 @@ function createIdentityClient(config = {}) {
852
675
  /**
853
676
  * Update a principal.
854
677
  */
855
- updatePrincipal,
678
+ async updatePrincipal(input, idempotencyKey) {
679
+ return requestPrincipalWrite("PATCH", input, idempotencyKey);
680
+ },
856
681
  /**
857
682
  * @deprecated Use createPrincipal or updatePrincipal.
858
683
  */
859
- upsertPrincipal: updatePrincipal,
684
+ async upsertPrincipal(input, idempotencyKey) {
685
+ return requestPrincipalWrite("PATCH", input, idempotencyKey);
686
+ },
860
687
  /**
861
688
  * List keys in the current identity scope.
862
689
  */
@@ -895,11 +722,20 @@ function createIdentityClient(config = {}) {
895
722
  /**
896
723
  * Delete an API key by revoking it.
897
724
  */
898
- deleteKey,
725
+ async deleteKey(keyId, input = {}, idempotencyKey) {
726
+ return gateway.request({
727
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
728
+ method: "POST",
729
+ body: input,
730
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
731
+ });
732
+ },
899
733
  /**
900
734
  * @deprecated Use deleteKey.
901
735
  */
902
- revokeKey: deleteKey,
736
+ async revokeKey(keyId, input = {}, idempotencyKey) {
737
+ return this.deleteKey(keyId, input, idempotencyKey);
738
+ },
903
739
  /**
904
740
  * Search Clerk users by email or display attributes.
905
741
  */