@lucern/sdk 0.3.0-alpha.2 → 0.3.0-alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (163) hide show
  1. package/dist/adminClient.d.ts +2 -0
  2. package/dist/adminClient.js +194 -3
  3. package/dist/adminClient.js.map +1 -1
  4. package/dist/answersClient.d.ts +2 -0
  5. package/dist/answersClient.js +194 -3
  6. package/dist/answersClient.js.map +1 -1
  7. package/dist/audiencesClient.d.ts +2 -0
  8. package/dist/audiencesClient.js +194 -3
  9. package/dist/audiencesClient.js.map +1 -1
  10. package/dist/auditClient.d.ts +2 -0
  11. package/dist/auditClient.js +196 -5
  12. package/dist/auditClient.js.map +1 -1
  13. package/dist/authContext.d.ts +56 -0
  14. package/dist/authContext.js +169 -0
  15. package/dist/authContext.js.map +1 -0
  16. package/dist/authDeviceClient.d.ts +49 -0
  17. package/dist/authDeviceClient.js +108 -0
  18. package/dist/authDeviceClient.js.map +1 -0
  19. package/dist/beliefs/index.d.ts +19 -2
  20. package/dist/beliefs/index.js +2356 -329
  21. package/dist/beliefs/index.js.map +1 -1
  22. package/dist/beliefsClient.d.ts +2 -0
  23. package/dist/beliefsClient.js +198 -7
  24. package/dist/beliefsClient.js.map +1 -1
  25. package/dist/boundaryClientSurface.d.ts +20 -0
  26. package/dist/boundaryClientSurface.js +66 -0
  27. package/dist/boundaryClientSurface.js.map +1 -0
  28. package/dist/{client-B6aWUUwp.d.ts → client-EiG9nJOY.d.ts} +365 -6
  29. package/dist/client.d.ts +20 -3
  30. package/dist/client.js +2356 -329
  31. package/dist/client.js.map +1 -1
  32. package/dist/contextClient.d.ts +2 -0
  33. package/dist/contextClient.js +200 -9
  34. package/dist/contextClient.js.map +1 -1
  35. package/dist/contracts/index.d.ts +1 -0
  36. package/dist/contracts/index.js +104 -1
  37. package/dist/contracts/index.js.map +1 -1
  38. package/dist/contracts/mcpTools.d.ts +46 -1
  39. package/dist/contracts/mcpTools.js +102 -0
  40. package/dist/contracts/mcpTools.js.map +1 -1
  41. package/dist/contradictions/index.d.ts +19 -2
  42. package/dist/contradictions/index.js +2356 -329
  43. package/dist/contradictions/index.js.map +1 -1
  44. package/dist/coreClient.d.ts +9 -0
  45. package/dist/coreClient.js +194 -3
  46. package/dist/coreClient.js.map +1 -1
  47. package/dist/decisions/index.d.ts +19 -2
  48. package/dist/decisions/index.js +2356 -329
  49. package/dist/decisions/index.js.map +1 -1
  50. package/dist/decisionsClient.d.ts +2 -0
  51. package/dist/decisionsClient.js +197 -6
  52. package/dist/decisionsClient.js.map +1 -1
  53. package/dist/edges/index.d.ts +19 -2
  54. package/dist/edges/index.js +2356 -329
  55. package/dist/edges/index.js.map +1 -1
  56. package/dist/embeddingsClient.d.ts +106 -0
  57. package/dist/embeddingsClient.js +707 -0
  58. package/dist/embeddingsClient.js.map +1 -0
  59. package/dist/eventingClient.d.ts +96 -0
  60. package/dist/eventingClient.js +704 -0
  61. package/dist/eventingClient.js.map +1 -0
  62. package/dist/eventsCore.d.ts +2 -0
  63. package/dist/eventsCore.js +194 -3
  64. package/dist/eventsCore.js.map +1 -1
  65. package/dist/evidence/index.d.ts +19 -2
  66. package/dist/evidence/index.js +2356 -329
  67. package/dist/evidence/index.js.map +1 -1
  68. package/dist/evidenceClient.d.ts +2 -0
  69. package/dist/evidenceClient.js +194 -3
  70. package/dist/evidenceClient.js.map +1 -1
  71. package/dist/gatewayFacades.d.ts +4 -2
  72. package/dist/gatewayFacades.js +370 -12
  73. package/dist/gatewayFacades.js.map +1 -1
  74. package/dist/graphAnalysisClient.d.ts +140 -0
  75. package/dist/graphAnalysisClient.js +753 -0
  76. package/dist/graphAnalysisClient.js.map +1 -0
  77. package/dist/graphClient.d.ts +2 -0
  78. package/dist/graphClient.js +201 -10
  79. package/dist/graphClient.js.map +1 -1
  80. package/dist/graphRecommendationsClient.d.ts +56 -0
  81. package/dist/graphRecommendationsClient.js +645 -0
  82. package/dist/graphRecommendationsClient.js.map +1 -0
  83. package/dist/graphStateClassifierClient.d.ts +73 -0
  84. package/dist/graphStateClassifierClient.js +693 -0
  85. package/dist/graphStateClassifierClient.js.map +1 -0
  86. package/dist/harnessClient.d.ts +2 -0
  87. package/dist/harnessClient.js +196 -5
  88. package/dist/harnessClient.js.map +1 -1
  89. package/dist/identityClient.d.ts +89 -3
  90. package/dist/identityClient.js +362 -4
  91. package/dist/identityClient.js.map +1 -1
  92. package/dist/index.d.ts +20 -3
  93. package/dist/index.js +2516 -356
  94. package/dist/index.js.map +1 -1
  95. package/dist/jobsClient.d.ts +98 -0
  96. package/dist/jobsClient.js +703 -0
  97. package/dist/jobsClient.js.map +1 -0
  98. package/dist/learningClient.d.ts +2 -0
  99. package/dist/learningClient.js +196 -5
  100. package/dist/learningClient.js.map +1 -1
  101. package/dist/lenses/index.d.ts +19 -2
  102. package/dist/lenses/index.js +2356 -329
  103. package/dist/lenses/index.js.map +1 -1
  104. package/dist/mcpClient.d.ts +28 -0
  105. package/dist/mcpClient.js +649 -0
  106. package/dist/mcpClient.js.map +1 -0
  107. package/dist/modelRuntimeClient.d.ts +72 -0
  108. package/dist/modelRuntimeClient.js +680 -0
  109. package/dist/modelRuntimeClient.js.map +1 -0
  110. package/dist/nodes/index.d.ts +19 -2
  111. package/dist/nodes/index.js +2356 -329
  112. package/dist/nodes/index.js.map +1 -1
  113. package/dist/ontologies/index.d.ts +19 -2
  114. package/dist/ontologies/index.js +2356 -329
  115. package/dist/ontologies/index.js.map +1 -1
  116. package/dist/ontologyClient.d.ts +2 -0
  117. package/dist/ontologyClient.js +194 -3
  118. package/dist/ontologyClient.js.map +1 -1
  119. package/dist/ontologyLinksClient.d.ts +71 -0
  120. package/dist/ontologyLinksClient.js +674 -0
  121. package/dist/ontologyLinksClient.js.map +1 -0
  122. package/dist/orgGraphSearchClient.d.ts +85 -0
  123. package/dist/orgGraphSearchClient.js +651 -0
  124. package/dist/orgGraphSearchClient.js.map +1 -0
  125. package/dist/packRuntime.d.ts +1 -2
  126. package/dist/packsClient.d.ts +2 -0
  127. package/dist/packsClient.js +194 -3
  128. package/dist/packsClient.js.map +1 -1
  129. package/dist/policyClient.d.ts +2 -0
  130. package/dist/policyClient.js +194 -3
  131. package/dist/policyClient.js.map +1 -1
  132. package/dist/questions/index.d.ts +19 -2
  133. package/dist/questions/index.js +2356 -329
  134. package/dist/questions/index.js.map +1 -1
  135. package/dist/reportsClient.d.ts +2 -0
  136. package/dist/reportsClient.js +196 -5
  137. package/dist/reportsClient.js.map +1 -1
  138. package/dist/schemaClient.d.ts +2 -0
  139. package/dist/schemaClient.js +194 -3
  140. package/dist/schemaClient.js.map +1 -1
  141. package/dist/sdkSurface.d.ts +2 -0
  142. package/dist/sourcesClient.d.ts +2 -0
  143. package/dist/sourcesClient.js +194 -3
  144. package/dist/sourcesClient.js.map +1 -1
  145. package/dist/telemetryClient.d.ts +94 -0
  146. package/dist/telemetryClient.js +718 -0
  147. package/dist/telemetryClient.js.map +1 -0
  148. package/dist/toolRegistryClient.d.ts +107 -0
  149. package/dist/toolRegistryClient.js +732 -0
  150. package/dist/toolRegistryClient.js.map +1 -0
  151. package/dist/topics/index.d.ts +19 -2
  152. package/dist/topics/index.js +2356 -329
  153. package/dist/topics/index.js.map +1 -1
  154. package/dist/topicsClient.d.ts +2 -0
  155. package/dist/topicsClient.js +199 -8
  156. package/dist/topicsClient.js.map +1 -1
  157. package/dist/workflowClient.d.ts +2 -0
  158. package/dist/workflowClient.js +199 -8
  159. package/dist/workflowClient.js.map +1 -1
  160. package/dist/worktrees/index.d.ts +19 -2
  161. package/dist/worktrees/index.js +2356 -329
  162. package/dist/worktrees/index.js.map +1 -1
  163. package/package.json +3 -3
@@ -1,3 +1,169 @@
1
+ // src/authContext.ts
2
+ var LucernSdkAuthContextError = class extends Error {
3
+ reason;
4
+ constructor(reason, message) {
5
+ super(message);
6
+ this.name = "LucernSdkAuthContextError";
7
+ this.reason = reason;
8
+ }
9
+ };
10
+ function cleanString(value) {
11
+ const normalized = value?.trim();
12
+ return normalized ? normalized : void 0;
13
+ }
14
+ function cleanStringList(values) {
15
+ if (!values) {
16
+ return [];
17
+ }
18
+ return values.map((value) => value.trim()).filter(
19
+ (value, index, list) => value.length > 0 && list.indexOf(value) === index
20
+ );
21
+ }
22
+ function requireString(value, reason, label) {
23
+ const normalized = cleanString(value);
24
+ if (!normalized) {
25
+ throw new LucernSdkAuthContextError(
26
+ reason,
27
+ `Canonical Lucern SDK auth context is missing ${label}.`
28
+ );
29
+ }
30
+ return normalized;
31
+ }
32
+ function requirePrincipalType(principalType) {
33
+ if (!principalType) {
34
+ throw new LucernSdkAuthContextError(
35
+ "principal_missing",
36
+ "Canonical Lucern SDK auth context is missing principalType."
37
+ );
38
+ }
39
+ return principalType;
40
+ }
41
+ function requireAuthMode(authMode) {
42
+ if (!authMode) {
43
+ throw new LucernSdkAuthContextError(
44
+ "principal_missing",
45
+ "Canonical Lucern SDK auth context is missing authMode."
46
+ );
47
+ }
48
+ return authMode;
49
+ }
50
+ function ensurePermitMatch(args) {
51
+ const actual = cleanString(args.actual);
52
+ if (actual && actual !== args.expected) {
53
+ throw new LucernSdkAuthContextError(
54
+ "policy_denied",
55
+ `Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`
56
+ );
57
+ }
58
+ }
59
+ function normalizeCanonicalLucernAuthContext(input) {
60
+ if (!input) {
61
+ throw new LucernSdkAuthContextError(
62
+ "principal_missing",
63
+ "Canonical Lucern SDK auth context is required."
64
+ );
65
+ }
66
+ if (input.policyDecision === "deny") {
67
+ throw new LucernSdkAuthContextError(
68
+ "policy_denied",
69
+ "Canonical Lucern SDK auth context carries a denied policy decision."
70
+ );
71
+ }
72
+ const principalId = requireString(
73
+ input.principalId,
74
+ "principal_missing",
75
+ "principalId"
76
+ );
77
+ const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
78
+ const workspaceId = requireString(
79
+ input.workspaceId,
80
+ "workspace_missing",
81
+ "workspaceId"
82
+ );
83
+ const roles = cleanStringList(input.roles);
84
+ const scopes = cleanStringList(input.scopes);
85
+ if (roles.length === 0 || scopes.length === 0) {
86
+ throw new LucernSdkAuthContextError(
87
+ "membership_missing",
88
+ "Canonical Lucern SDK auth context requires non-empty roles and scopes."
89
+ );
90
+ }
91
+ const principalType = requirePrincipalType(input.principalType);
92
+ const authMode = requireAuthMode(input.authMode);
93
+ const subject = cleanString(input.permit?.subject) ?? principalId;
94
+ const tenant = cleanString(input.permit?.tenant) ?? tenantId;
95
+ const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
96
+ ensurePermitMatch({
97
+ field: "subject",
98
+ expected: principalId,
99
+ actual: subject
100
+ });
101
+ ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
102
+ ensurePermitMatch({
103
+ field: "workspace",
104
+ expected: workspaceId,
105
+ actual: workspace
106
+ });
107
+ const context = input.permit?.context ? { ...input.permit.context } : void 0;
108
+ return {
109
+ clerkId: cleanString(input.clerkId),
110
+ principalId,
111
+ tenantId,
112
+ workspaceId,
113
+ principalType,
114
+ authMode,
115
+ roles,
116
+ scopes,
117
+ delegationChain: input.delegationChain ? [...input.delegationChain] : [],
118
+ policyTraceId: cleanString(input.policyTraceId),
119
+ correlationId: cleanString(input.correlationId),
120
+ membershipId: cleanString(input.membershipId),
121
+ permit: {
122
+ subject,
123
+ tenant,
124
+ workspace,
125
+ resource: cleanString(input.permit?.resource),
126
+ action: cleanString(input.permit?.action),
127
+ relation: cleanString(input.permit?.relation),
128
+ context
129
+ }
130
+ };
131
+ }
132
+ function createCanonicalAuthHeaders(authContext) {
133
+ const headers = {
134
+ "x-lucern-principal-id": authContext.principalId,
135
+ "x-lucern-principal-type": authContext.principalType,
136
+ "x-lucern-tenant": authContext.tenantId,
137
+ "x-lucern-tenant-id": authContext.tenantId,
138
+ "x-lucern-workspace": authContext.workspaceId,
139
+ "x-lucern-workspace-id": authContext.workspaceId,
140
+ "x-lucern-auth-mode": authContext.authMode,
141
+ "x-lucern-roles": authContext.roles.join(","),
142
+ "x-lucern-scopes": authContext.scopes.join(","),
143
+ "x-lucern-permit-context": JSON.stringify(authContext.permit)
144
+ };
145
+ if (authContext.clerkId) {
146
+ headers["x-lucern-clerk-id"] = authContext.clerkId;
147
+ headers["x-lucern-user-id"] = authContext.clerkId;
148
+ }
149
+ if (authContext.delegationChain.length > 0) {
150
+ headers["x-lucern-delegation-chain"] = JSON.stringify(
151
+ authContext.delegationChain
152
+ );
153
+ }
154
+ if (authContext.policyTraceId) {
155
+ headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
156
+ }
157
+ if (authContext.correlationId) {
158
+ headers["x-correlation-id"] = authContext.correlationId;
159
+ headers["x-lucern-correlation-id"] = authContext.correlationId;
160
+ }
161
+ if (authContext.membershipId) {
162
+ headers["x-lucern-membership-id"] = authContext.membershipId;
163
+ }
164
+ return headers;
165
+ }
166
+
1
167
  // src/coreClient.ts
2
168
  var LucernApiError = class extends Error {
3
169
  code;
@@ -154,16 +320,41 @@ function readPolicySummaryFromDetails(details) {
154
320
  }
155
321
  return null;
156
322
  }
323
+ async function resolveConfiguredAuthContext(authContext) {
324
+ if (typeof authContext === "function") {
325
+ return await authContext();
326
+ }
327
+ return authContext;
328
+ }
329
+ function mergeHeaderRecord(base, addition) {
330
+ const headers = new Headers(base);
331
+ for (const [key, value] of Object.entries(addition)) {
332
+ const existing = headers.get(key);
333
+ if (existing !== null && existing !== value) {
334
+ throw new LucernSdkAuthContextError(
335
+ "policy_denied",
336
+ `Canonical Lucern SDK auth context conflicts with existing ${key} header.`
337
+ );
338
+ }
339
+ headers.set(key, value);
340
+ }
341
+ return Object.fromEntries(headers.entries());
342
+ }
157
343
  function createGatewayRequestClient(config = {}) {
158
344
  const fetchImpl = config.fetchImpl ?? fetch;
159
345
  const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
160
346
  const maxRetries = config.maxRetries ?? 2;
161
347
  const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
162
348
  async function resolveAuthHeaders() {
163
- if (!config.getAuthHeaders) {
164
- return {};
349
+ const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
350
+ const authContextInput = await resolveConfiguredAuthContext(
351
+ config.authContext
352
+ );
353
+ if (!authContextInput && !config.requireCanonicalAuthContext) {
354
+ return base;
165
355
  }
166
- return await config.getAuthHeaders();
356
+ const authContext = normalizeCanonicalLucernAuthContext(authContextInput);
357
+ return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));
167
358
  }
168
359
  async function fetchWithTimeout(url, init, timeoutMs) {
169
360
  const controller = new AbortController();
@@ -338,11 +529,11 @@ function createGatewayRequestClient(config = {}) {
338
529
  function asRecord(value) {
339
530
  return value && typeof value === "object" ? value : {};
340
531
  }
341
- function cleanString(value) {
532
+ function cleanString2(value) {
342
533
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
343
534
  }
344
535
  function normalizeVerificationStatus(value) {
345
- const status = cleanString(value);
536
+ const status = cleanString2(value);
346
537
  if (!status) {
347
538
  return void 0;
348
539
  }
@@ -358,20 +549,20 @@ function cloneWith(value, patch) {
358
549
  return { ...value, ...patch };
359
550
  }
360
551
  function resolveTopicId(value) {
361
- return cleanString(value.topicId);
552
+ return cleanString2(value.topicId);
362
553
  }
363
554
  function resolveText(value) {
364
- return cleanString(value.text) ?? cleanString(value.canonicalText);
555
+ return cleanString2(value.text) ?? cleanString2(value.canonicalText);
365
556
  }
366
557
  function withTopicAlias(value) {
367
- const topicId = cleanString(value.topicId) ?? void 0;
558
+ const topicId = cleanString2(value.topicId) ?? void 0;
368
559
  if (!topicId) {
369
560
  return value;
370
561
  }
371
562
  return cloneWith(value, { topicId });
372
563
  }
373
564
  function withTextAlias(value) {
374
- const text = cleanString(value.text) ?? cleanString(value.canonicalText) ?? void 0;
565
+ const text = cleanString2(value.text) ?? cleanString2(value.canonicalText) ?? void 0;
375
566
  if (!text) {
376
567
  return value;
377
568
  }
@@ -401,7 +592,7 @@ function normalizeNodeVerificationStatus(value) {
401
592
  return normalizeVerificationStatus(value);
402
593
  }
403
594
  function normalizeTopicQuery(value) {
404
- const topicId = cleanString(value.topicId);
595
+ const topicId = cleanString2(value.topicId);
405
596
  if (!topicId) {
406
597
  return value;
407
598
  }
@@ -849,6 +1040,39 @@ function createGraphClient(config = {}) {
849
1040
  };
850
1041
  }
851
1042
 
1043
+ // src/boundaryClientSurface.ts
1044
+ function cleanOptionalString(value) {
1045
+ const normalized = value?.trim();
1046
+ return normalized ? normalized : void 0;
1047
+ }
1048
+ function cleanRequiredString(value, label) {
1049
+ const normalized = cleanOptionalString(value);
1050
+ if (!normalized) {
1051
+ throw new Error(`${label} is required`);
1052
+ }
1053
+ return normalized;
1054
+ }
1055
+ function assertKnownKeys(input, allowed, operation) {
1056
+ const allowedSet = new Set(allowed);
1057
+ const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1058
+ if (unknownKeys.length > 0) {
1059
+ throw new Error(
1060
+ `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1061
+ );
1062
+ }
1063
+ }
1064
+ function knownPayload(input, allowed, operation) {
1065
+ assertKnownKeys(input, allowed, operation);
1066
+ return { ...input };
1067
+ }
1068
+ function listResultFromEnvelope(data, legacyKey) {
1069
+ const record = data && typeof data === "object" ? data : {};
1070
+ return createListResult(
1071
+ Array.isArray(record[legacyKey]) ? record[legacyKey] : Array.isArray(data) ? data : [],
1072
+ legacyKey
1073
+ );
1074
+ }
1075
+
852
1076
  // src/identityClient.ts
853
1077
  function createIdentityWhoamiClient(config = {}) {
854
1078
  const gateway = createGatewayRequestClient(config);
@@ -860,6 +1084,37 @@ function createIdentityWhoamiClient(config = {}) {
860
1084
  }
861
1085
  };
862
1086
  }
1087
+ var TENANT_IDENTITY_FIELDS = [
1088
+ "tenantId",
1089
+ "workspaceId",
1090
+ "principalId",
1091
+ "integrationKey",
1092
+ "secretRef",
1093
+ "policySubject",
1094
+ "policyAction",
1095
+ "policyResource",
1096
+ "decision",
1097
+ "config",
1098
+ "configKey",
1099
+ "configValue",
1100
+ "provider",
1101
+ "status",
1102
+ "metadata",
1103
+ "limit",
1104
+ "cursor"
1105
+ ];
1106
+ function tenantIdentityQuery(input) {
1107
+ return {
1108
+ tenantId: cleanRequiredString(input.tenantId, "tenantId"),
1109
+ workspaceId: input.workspaceId,
1110
+ principalId: input.principalId,
1111
+ limit: input.limit,
1112
+ cursor: input.cursor
1113
+ };
1114
+ }
1115
+ function tenantIdentityBody(input, operation) {
1116
+ return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
1117
+ }
863
1118
  function createIdentityClient(config = {}) {
864
1119
  const gateway = createGatewayRequestClient(config);
865
1120
  const whoamiClient = createIdentityWhoamiClient(config);
@@ -985,6 +1240,109 @@ function createIdentityClient(config = {}) {
985
1240
  return gateway.request({
986
1241
  path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
987
1242
  });
1243
+ },
1244
+ async getTenantConfig(input) {
1245
+ return gateway.request({
1246
+ path: `/api/platform/v1/identity/tenant-config${toQueryString(
1247
+ tenantIdentityQuery(input)
1248
+ )}`
1249
+ });
1250
+ },
1251
+ async updateTenantConfig(input, idempotencyKey) {
1252
+ cleanRequiredString(input.tenantId, "tenantId");
1253
+ return gateway.request({
1254
+ path: "/api/platform/v1/identity/tenant-config",
1255
+ method: "PATCH",
1256
+ body: tenantIdentityBody(
1257
+ input,
1258
+ "identity.updateTenantConfig"
1259
+ ),
1260
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1261
+ });
1262
+ },
1263
+ async listIntegrations(input) {
1264
+ return gateway.request({
1265
+ path: `/api/platform/v1/identity/integrations${toQueryString(
1266
+ tenantIdentityQuery(input)
1267
+ )}`
1268
+ }).then(
1269
+ (response) => mapGatewayData(
1270
+ response,
1271
+ (data) => listResultFromEnvelope(
1272
+ data,
1273
+ "integrations"
1274
+ )
1275
+ )
1276
+ );
1277
+ },
1278
+ async upsertIntegration(input, idempotencyKey) {
1279
+ cleanRequiredString(input.tenantId, "tenantId");
1280
+ cleanRequiredString(input.integrationKey, "integrationKey");
1281
+ return gateway.request({
1282
+ path: "/api/platform/v1/identity/integrations",
1283
+ method: "PUT",
1284
+ body: tenantIdentityBody(
1285
+ input,
1286
+ "identity.upsertIntegration"
1287
+ ),
1288
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1289
+ });
1290
+ },
1291
+ async listSecrets(input) {
1292
+ return gateway.request({
1293
+ path: `/api/platform/v1/identity/secrets${toQueryString(
1294
+ tenantIdentityQuery(input)
1295
+ )}`
1296
+ }).then(
1297
+ (response) => mapGatewayData(
1298
+ response,
1299
+ (data) => listResultFromEnvelope(
1300
+ data,
1301
+ "secrets"
1302
+ )
1303
+ )
1304
+ );
1305
+ },
1306
+ async putSecretReference(input, idempotencyKey) {
1307
+ cleanRequiredString(input.tenantId, "tenantId");
1308
+ cleanRequiredString(input.secretRef, "secretRef");
1309
+ return gateway.request({
1310
+ path: "/api/platform/v1/identity/secrets",
1311
+ method: "PUT",
1312
+ body: tenantIdentityBody(
1313
+ input,
1314
+ "identity.putSecretReference"
1315
+ ),
1316
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1317
+ });
1318
+ },
1319
+ async evaluatePolicy(input, idempotencyKey) {
1320
+ cleanRequiredString(input.tenantId, "tenantId");
1321
+ cleanRequiredString(input.policySubject, "policySubject");
1322
+ cleanRequiredString(input.policyAction, "policyAction");
1323
+ cleanRequiredString(input.policyResource, "policyResource");
1324
+ return gateway.request({
1325
+ path: "/api/platform/v1/identity/policy/evaluate",
1326
+ method: "POST",
1327
+ body: tenantIdentityBody(
1328
+ input,
1329
+ "identity.evaluatePolicy"
1330
+ ),
1331
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1332
+ });
1333
+ },
1334
+ async recordPolicyDecision(input, idempotencyKey) {
1335
+ cleanRequiredString(input.tenantId, "tenantId");
1336
+ cleanRequiredString(input.decision, "decision");
1337
+ return gateway.request({
1338
+ path: "/api/platform/v1/identity/policy/decisions",
1339
+ method: "POST",
1340
+ body: tenantIdentityBody(
1341
+ input,
1342
+ "identity.recordPolicyDecision"
1343
+ ),
1344
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1345
+ });
988
1346
  }
989
1347
  };
990
1348
  }
@@ -993,12 +1351,12 @@ function createIdentityClient(config = {}) {
993
1351
  function asRecord2(value) {
994
1352
  return value && typeof value === "object" ? value : {};
995
1353
  }
996
- function cleanString2(value) {
1354
+ function cleanString3(value) {
997
1355
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
998
1356
  }
999
1357
  function normalizeTopicRecord(value) {
1000
1358
  const record = asRecord2(value);
1001
- const topicId = cleanString2(record.topicId) ?? cleanString2(record.id) ?? cleanString2(record._id);
1359
+ const topicId = cleanString3(record.topicId) ?? cleanString3(record.id) ?? cleanString3(record._id);
1002
1360
  return withTopicAlias({
1003
1361
  ...record,
1004
1362
  ...topicId ? { topicId } : {}