@lucern/sdk 0.3.0-alpha.2 → 0.3.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adminClient.d.ts +2 -0
- package/dist/adminClient.js +194 -3
- package/dist/adminClient.js.map +1 -1
- package/dist/answersClient.d.ts +2 -0
- package/dist/answersClient.js +194 -3
- package/dist/answersClient.js.map +1 -1
- package/dist/audiencesClient.d.ts +2 -0
- package/dist/audiencesClient.js +194 -3
- package/dist/audiencesClient.js.map +1 -1
- package/dist/auditClient.d.ts +2 -0
- package/dist/auditClient.js +196 -5
- package/dist/auditClient.js.map +1 -1
- package/dist/authContext.d.ts +56 -0
- package/dist/authContext.js +169 -0
- package/dist/authContext.js.map +1 -0
- package/dist/authDeviceClient.d.ts +49 -0
- package/dist/authDeviceClient.js +108 -0
- package/dist/authDeviceClient.js.map +1 -0
- package/dist/beliefs/index.d.ts +19 -2
- package/dist/beliefs/index.js +2356 -329
- package/dist/beliefs/index.js.map +1 -1
- package/dist/beliefsClient.d.ts +2 -0
- package/dist/beliefsClient.js +198 -7
- package/dist/beliefsClient.js.map +1 -1
- package/dist/boundaryClientSurface.d.ts +20 -0
- package/dist/boundaryClientSurface.js +66 -0
- package/dist/boundaryClientSurface.js.map +1 -0
- package/dist/{client-B6aWUUwp.d.ts → client-EiG9nJOY.d.ts} +365 -6
- package/dist/client.d.ts +20 -3
- package/dist/client.js +2356 -329
- package/dist/client.js.map +1 -1
- package/dist/contextClient.d.ts +2 -0
- package/dist/contextClient.js +200 -9
- package/dist/contextClient.js.map +1 -1
- package/dist/contracts/index.d.ts +1 -0
- package/dist/contracts/index.js +104 -1
- package/dist/contracts/index.js.map +1 -1
- package/dist/contracts/mcpTools.d.ts +46 -1
- package/dist/contracts/mcpTools.js +102 -0
- package/dist/contracts/mcpTools.js.map +1 -1
- package/dist/contradictions/index.d.ts +19 -2
- package/dist/contradictions/index.js +2356 -329
- package/dist/contradictions/index.js.map +1 -1
- package/dist/coreClient.d.ts +9 -0
- package/dist/coreClient.js +194 -3
- package/dist/coreClient.js.map +1 -1
- package/dist/decisions/index.d.ts +19 -2
- package/dist/decisions/index.js +2356 -329
- package/dist/decisions/index.js.map +1 -1
- package/dist/decisionsClient.d.ts +2 -0
- package/dist/decisionsClient.js +197 -6
- package/dist/decisionsClient.js.map +1 -1
- package/dist/edges/index.d.ts +19 -2
- package/dist/edges/index.js +2356 -329
- package/dist/edges/index.js.map +1 -1
- package/dist/embeddingsClient.d.ts +106 -0
- package/dist/embeddingsClient.js +707 -0
- package/dist/embeddingsClient.js.map +1 -0
- package/dist/eventingClient.d.ts +96 -0
- package/dist/eventingClient.js +704 -0
- package/dist/eventingClient.js.map +1 -0
- package/dist/eventsCore.d.ts +2 -0
- package/dist/eventsCore.js +194 -3
- package/dist/eventsCore.js.map +1 -1
- package/dist/evidence/index.d.ts +19 -2
- package/dist/evidence/index.js +2356 -329
- package/dist/evidence/index.js.map +1 -1
- package/dist/evidenceClient.d.ts +2 -0
- package/dist/evidenceClient.js +194 -3
- package/dist/evidenceClient.js.map +1 -1
- package/dist/gatewayFacades.d.ts +4 -2
- package/dist/gatewayFacades.js +370 -12
- package/dist/gatewayFacades.js.map +1 -1
- package/dist/graphAnalysisClient.d.ts +140 -0
- package/dist/graphAnalysisClient.js +753 -0
- package/dist/graphAnalysisClient.js.map +1 -0
- package/dist/graphClient.d.ts +2 -0
- package/dist/graphClient.js +201 -10
- package/dist/graphClient.js.map +1 -1
- package/dist/graphRecommendationsClient.d.ts +56 -0
- package/dist/graphRecommendationsClient.js +645 -0
- package/dist/graphRecommendationsClient.js.map +1 -0
- package/dist/graphStateClassifierClient.d.ts +73 -0
- package/dist/graphStateClassifierClient.js +693 -0
- package/dist/graphStateClassifierClient.js.map +1 -0
- package/dist/harnessClient.d.ts +2 -0
- package/dist/harnessClient.js +196 -5
- package/dist/harnessClient.js.map +1 -1
- package/dist/identityClient.d.ts +89 -3
- package/dist/identityClient.js +362 -4
- package/dist/identityClient.js.map +1 -1
- package/dist/index.d.ts +20 -3
- package/dist/index.js +2516 -356
- package/dist/index.js.map +1 -1
- package/dist/jobsClient.d.ts +98 -0
- package/dist/jobsClient.js +703 -0
- package/dist/jobsClient.js.map +1 -0
- package/dist/learningClient.d.ts +2 -0
- package/dist/learningClient.js +196 -5
- package/dist/learningClient.js.map +1 -1
- package/dist/lenses/index.d.ts +19 -2
- package/dist/lenses/index.js +2356 -329
- package/dist/lenses/index.js.map +1 -1
- package/dist/mcpClient.d.ts +28 -0
- package/dist/mcpClient.js +649 -0
- package/dist/mcpClient.js.map +1 -0
- package/dist/modelRuntimeClient.d.ts +72 -0
- package/dist/modelRuntimeClient.js +680 -0
- package/dist/modelRuntimeClient.js.map +1 -0
- package/dist/nodes/index.d.ts +19 -2
- package/dist/nodes/index.js +2356 -329
- package/dist/nodes/index.js.map +1 -1
- package/dist/ontologies/index.d.ts +19 -2
- package/dist/ontologies/index.js +2356 -329
- package/dist/ontologies/index.js.map +1 -1
- package/dist/ontologyClient.d.ts +2 -0
- package/dist/ontologyClient.js +194 -3
- package/dist/ontologyClient.js.map +1 -1
- package/dist/ontologyLinksClient.d.ts +71 -0
- package/dist/ontologyLinksClient.js +674 -0
- package/dist/ontologyLinksClient.js.map +1 -0
- package/dist/orgGraphSearchClient.d.ts +85 -0
- package/dist/orgGraphSearchClient.js +651 -0
- package/dist/orgGraphSearchClient.js.map +1 -0
- package/dist/packRuntime.d.ts +1 -2
- package/dist/packsClient.d.ts +2 -0
- package/dist/packsClient.js +194 -3
- package/dist/packsClient.js.map +1 -1
- package/dist/policyClient.d.ts +2 -0
- package/dist/policyClient.js +194 -3
- package/dist/policyClient.js.map +1 -1
- package/dist/questions/index.d.ts +19 -2
- package/dist/questions/index.js +2356 -329
- package/dist/questions/index.js.map +1 -1
- package/dist/reportsClient.d.ts +2 -0
- package/dist/reportsClient.js +196 -5
- package/dist/reportsClient.js.map +1 -1
- package/dist/schemaClient.d.ts +2 -0
- package/dist/schemaClient.js +194 -3
- package/dist/schemaClient.js.map +1 -1
- package/dist/sdkSurface.d.ts +2 -0
- package/dist/sourcesClient.d.ts +2 -0
- package/dist/sourcesClient.js +194 -3
- package/dist/sourcesClient.js.map +1 -1
- package/dist/telemetryClient.d.ts +94 -0
- package/dist/telemetryClient.js +718 -0
- package/dist/telemetryClient.js.map +1 -0
- package/dist/toolRegistryClient.d.ts +107 -0
- package/dist/toolRegistryClient.js +732 -0
- package/dist/toolRegistryClient.js.map +1 -0
- package/dist/topics/index.d.ts +19 -2
- package/dist/topics/index.js +2356 -329
- package/dist/topics/index.js.map +1 -1
- package/dist/topicsClient.d.ts +2 -0
- package/dist/topicsClient.js +199 -8
- package/dist/topicsClient.js.map +1 -1
- package/dist/workflowClient.d.ts +2 -0
- package/dist/workflowClient.js +199 -8
- package/dist/workflowClient.js.map +1 -1
- package/dist/worktrees/index.d.ts +19 -2
- package/dist/worktrees/index.js +2356 -329
- package/dist/worktrees/index.js.map +1 -1
- package/package.json +3 -3
package/dist/gatewayFacades.js
CHANGED
|
@@ -1,3 +1,169 @@
|
|
|
1
|
+
// src/authContext.ts
|
|
2
|
+
var LucernSdkAuthContextError = class extends Error {
|
|
3
|
+
reason;
|
|
4
|
+
constructor(reason, message) {
|
|
5
|
+
super(message);
|
|
6
|
+
this.name = "LucernSdkAuthContextError";
|
|
7
|
+
this.reason = reason;
|
|
8
|
+
}
|
|
9
|
+
};
|
|
10
|
+
function cleanString(value) {
|
|
11
|
+
const normalized = value?.trim();
|
|
12
|
+
return normalized ? normalized : void 0;
|
|
13
|
+
}
|
|
14
|
+
function cleanStringList(values) {
|
|
15
|
+
if (!values) {
|
|
16
|
+
return [];
|
|
17
|
+
}
|
|
18
|
+
return values.map((value) => value.trim()).filter(
|
|
19
|
+
(value, index, list) => value.length > 0 && list.indexOf(value) === index
|
|
20
|
+
);
|
|
21
|
+
}
|
|
22
|
+
function requireString(value, reason, label) {
|
|
23
|
+
const normalized = cleanString(value);
|
|
24
|
+
if (!normalized) {
|
|
25
|
+
throw new LucernSdkAuthContextError(
|
|
26
|
+
reason,
|
|
27
|
+
`Canonical Lucern SDK auth context is missing ${label}.`
|
|
28
|
+
);
|
|
29
|
+
}
|
|
30
|
+
return normalized;
|
|
31
|
+
}
|
|
32
|
+
function requirePrincipalType(principalType) {
|
|
33
|
+
if (!principalType) {
|
|
34
|
+
throw new LucernSdkAuthContextError(
|
|
35
|
+
"principal_missing",
|
|
36
|
+
"Canonical Lucern SDK auth context is missing principalType."
|
|
37
|
+
);
|
|
38
|
+
}
|
|
39
|
+
return principalType;
|
|
40
|
+
}
|
|
41
|
+
function requireAuthMode(authMode) {
|
|
42
|
+
if (!authMode) {
|
|
43
|
+
throw new LucernSdkAuthContextError(
|
|
44
|
+
"principal_missing",
|
|
45
|
+
"Canonical Lucern SDK auth context is missing authMode."
|
|
46
|
+
);
|
|
47
|
+
}
|
|
48
|
+
return authMode;
|
|
49
|
+
}
|
|
50
|
+
function ensurePermitMatch(args) {
|
|
51
|
+
const actual = cleanString(args.actual);
|
|
52
|
+
if (actual && actual !== args.expected) {
|
|
53
|
+
throw new LucernSdkAuthContextError(
|
|
54
|
+
"policy_denied",
|
|
55
|
+
`Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`
|
|
56
|
+
);
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
function normalizeCanonicalLucernAuthContext(input) {
|
|
60
|
+
if (!input) {
|
|
61
|
+
throw new LucernSdkAuthContextError(
|
|
62
|
+
"principal_missing",
|
|
63
|
+
"Canonical Lucern SDK auth context is required."
|
|
64
|
+
);
|
|
65
|
+
}
|
|
66
|
+
if (input.policyDecision === "deny") {
|
|
67
|
+
throw new LucernSdkAuthContextError(
|
|
68
|
+
"policy_denied",
|
|
69
|
+
"Canonical Lucern SDK auth context carries a denied policy decision."
|
|
70
|
+
);
|
|
71
|
+
}
|
|
72
|
+
const principalId = requireString(
|
|
73
|
+
input.principalId,
|
|
74
|
+
"principal_missing",
|
|
75
|
+
"principalId"
|
|
76
|
+
);
|
|
77
|
+
const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
|
|
78
|
+
const workspaceId = requireString(
|
|
79
|
+
input.workspaceId,
|
|
80
|
+
"workspace_missing",
|
|
81
|
+
"workspaceId"
|
|
82
|
+
);
|
|
83
|
+
const roles = cleanStringList(input.roles);
|
|
84
|
+
const scopes = cleanStringList(input.scopes);
|
|
85
|
+
if (roles.length === 0 || scopes.length === 0) {
|
|
86
|
+
throw new LucernSdkAuthContextError(
|
|
87
|
+
"membership_missing",
|
|
88
|
+
"Canonical Lucern SDK auth context requires non-empty roles and scopes."
|
|
89
|
+
);
|
|
90
|
+
}
|
|
91
|
+
const principalType = requirePrincipalType(input.principalType);
|
|
92
|
+
const authMode = requireAuthMode(input.authMode);
|
|
93
|
+
const subject = cleanString(input.permit?.subject) ?? principalId;
|
|
94
|
+
const tenant = cleanString(input.permit?.tenant) ?? tenantId;
|
|
95
|
+
const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
|
|
96
|
+
ensurePermitMatch({
|
|
97
|
+
field: "subject",
|
|
98
|
+
expected: principalId,
|
|
99
|
+
actual: subject
|
|
100
|
+
});
|
|
101
|
+
ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
|
|
102
|
+
ensurePermitMatch({
|
|
103
|
+
field: "workspace",
|
|
104
|
+
expected: workspaceId,
|
|
105
|
+
actual: workspace
|
|
106
|
+
});
|
|
107
|
+
const context = input.permit?.context ? { ...input.permit.context } : void 0;
|
|
108
|
+
return {
|
|
109
|
+
clerkId: cleanString(input.clerkId),
|
|
110
|
+
principalId,
|
|
111
|
+
tenantId,
|
|
112
|
+
workspaceId,
|
|
113
|
+
principalType,
|
|
114
|
+
authMode,
|
|
115
|
+
roles,
|
|
116
|
+
scopes,
|
|
117
|
+
delegationChain: input.delegationChain ? [...input.delegationChain] : [],
|
|
118
|
+
policyTraceId: cleanString(input.policyTraceId),
|
|
119
|
+
correlationId: cleanString(input.correlationId),
|
|
120
|
+
membershipId: cleanString(input.membershipId),
|
|
121
|
+
permit: {
|
|
122
|
+
subject,
|
|
123
|
+
tenant,
|
|
124
|
+
workspace,
|
|
125
|
+
resource: cleanString(input.permit?.resource),
|
|
126
|
+
action: cleanString(input.permit?.action),
|
|
127
|
+
relation: cleanString(input.permit?.relation),
|
|
128
|
+
context
|
|
129
|
+
}
|
|
130
|
+
};
|
|
131
|
+
}
|
|
132
|
+
function createCanonicalAuthHeaders(authContext) {
|
|
133
|
+
const headers = {
|
|
134
|
+
"x-lucern-principal-id": authContext.principalId,
|
|
135
|
+
"x-lucern-principal-type": authContext.principalType,
|
|
136
|
+
"x-lucern-tenant": authContext.tenantId,
|
|
137
|
+
"x-lucern-tenant-id": authContext.tenantId,
|
|
138
|
+
"x-lucern-workspace": authContext.workspaceId,
|
|
139
|
+
"x-lucern-workspace-id": authContext.workspaceId,
|
|
140
|
+
"x-lucern-auth-mode": authContext.authMode,
|
|
141
|
+
"x-lucern-roles": authContext.roles.join(","),
|
|
142
|
+
"x-lucern-scopes": authContext.scopes.join(","),
|
|
143
|
+
"x-lucern-permit-context": JSON.stringify(authContext.permit)
|
|
144
|
+
};
|
|
145
|
+
if (authContext.clerkId) {
|
|
146
|
+
headers["x-lucern-clerk-id"] = authContext.clerkId;
|
|
147
|
+
headers["x-lucern-user-id"] = authContext.clerkId;
|
|
148
|
+
}
|
|
149
|
+
if (authContext.delegationChain.length > 0) {
|
|
150
|
+
headers["x-lucern-delegation-chain"] = JSON.stringify(
|
|
151
|
+
authContext.delegationChain
|
|
152
|
+
);
|
|
153
|
+
}
|
|
154
|
+
if (authContext.policyTraceId) {
|
|
155
|
+
headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
|
|
156
|
+
}
|
|
157
|
+
if (authContext.correlationId) {
|
|
158
|
+
headers["x-correlation-id"] = authContext.correlationId;
|
|
159
|
+
headers["x-lucern-correlation-id"] = authContext.correlationId;
|
|
160
|
+
}
|
|
161
|
+
if (authContext.membershipId) {
|
|
162
|
+
headers["x-lucern-membership-id"] = authContext.membershipId;
|
|
163
|
+
}
|
|
164
|
+
return headers;
|
|
165
|
+
}
|
|
166
|
+
|
|
1
167
|
// src/coreClient.ts
|
|
2
168
|
var LucernApiError = class extends Error {
|
|
3
169
|
code;
|
|
@@ -154,16 +320,41 @@ function readPolicySummaryFromDetails(details) {
|
|
|
154
320
|
}
|
|
155
321
|
return null;
|
|
156
322
|
}
|
|
323
|
+
async function resolveConfiguredAuthContext(authContext) {
|
|
324
|
+
if (typeof authContext === "function") {
|
|
325
|
+
return await authContext();
|
|
326
|
+
}
|
|
327
|
+
return authContext;
|
|
328
|
+
}
|
|
329
|
+
function mergeHeaderRecord(base, addition) {
|
|
330
|
+
const headers = new Headers(base);
|
|
331
|
+
for (const [key, value] of Object.entries(addition)) {
|
|
332
|
+
const existing = headers.get(key);
|
|
333
|
+
if (existing !== null && existing !== value) {
|
|
334
|
+
throw new LucernSdkAuthContextError(
|
|
335
|
+
"policy_denied",
|
|
336
|
+
`Canonical Lucern SDK auth context conflicts with existing ${key} header.`
|
|
337
|
+
);
|
|
338
|
+
}
|
|
339
|
+
headers.set(key, value);
|
|
340
|
+
}
|
|
341
|
+
return Object.fromEntries(headers.entries());
|
|
342
|
+
}
|
|
157
343
|
function createGatewayRequestClient(config = {}) {
|
|
158
344
|
const fetchImpl = config.fetchImpl ?? fetch;
|
|
159
345
|
const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
|
|
160
346
|
const maxRetries = config.maxRetries ?? 2;
|
|
161
347
|
const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
|
|
162
348
|
async function resolveAuthHeaders() {
|
|
163
|
-
|
|
164
|
-
|
|
349
|
+
const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
|
|
350
|
+
const authContextInput = await resolveConfiguredAuthContext(
|
|
351
|
+
config.authContext
|
|
352
|
+
);
|
|
353
|
+
if (!authContextInput && !config.requireCanonicalAuthContext) {
|
|
354
|
+
return base;
|
|
165
355
|
}
|
|
166
|
-
|
|
356
|
+
const authContext = normalizeCanonicalLucernAuthContext(authContextInput);
|
|
357
|
+
return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));
|
|
167
358
|
}
|
|
168
359
|
async function fetchWithTimeout(url, init, timeoutMs) {
|
|
169
360
|
const controller = new AbortController();
|
|
@@ -338,11 +529,11 @@ function createGatewayRequestClient(config = {}) {
|
|
|
338
529
|
function asRecord(value) {
|
|
339
530
|
return value && typeof value === "object" ? value : {};
|
|
340
531
|
}
|
|
341
|
-
function
|
|
532
|
+
function cleanString2(value) {
|
|
342
533
|
return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
|
|
343
534
|
}
|
|
344
535
|
function normalizeVerificationStatus(value) {
|
|
345
|
-
const status =
|
|
536
|
+
const status = cleanString2(value);
|
|
346
537
|
if (!status) {
|
|
347
538
|
return void 0;
|
|
348
539
|
}
|
|
@@ -358,20 +549,20 @@ function cloneWith(value, patch) {
|
|
|
358
549
|
return { ...value, ...patch };
|
|
359
550
|
}
|
|
360
551
|
function resolveTopicId(value) {
|
|
361
|
-
return
|
|
552
|
+
return cleanString2(value.topicId);
|
|
362
553
|
}
|
|
363
554
|
function resolveText(value) {
|
|
364
|
-
return
|
|
555
|
+
return cleanString2(value.text) ?? cleanString2(value.canonicalText);
|
|
365
556
|
}
|
|
366
557
|
function withTopicAlias(value) {
|
|
367
|
-
const topicId =
|
|
558
|
+
const topicId = cleanString2(value.topicId) ?? void 0;
|
|
368
559
|
if (!topicId) {
|
|
369
560
|
return value;
|
|
370
561
|
}
|
|
371
562
|
return cloneWith(value, { topicId });
|
|
372
563
|
}
|
|
373
564
|
function withTextAlias(value) {
|
|
374
|
-
const text =
|
|
565
|
+
const text = cleanString2(value.text) ?? cleanString2(value.canonicalText) ?? void 0;
|
|
375
566
|
if (!text) {
|
|
376
567
|
return value;
|
|
377
568
|
}
|
|
@@ -401,7 +592,7 @@ function normalizeNodeVerificationStatus(value) {
|
|
|
401
592
|
return normalizeVerificationStatus(value);
|
|
402
593
|
}
|
|
403
594
|
function normalizeTopicQuery(value) {
|
|
404
|
-
const topicId =
|
|
595
|
+
const topicId = cleanString2(value.topicId);
|
|
405
596
|
if (!topicId) {
|
|
406
597
|
return value;
|
|
407
598
|
}
|
|
@@ -849,6 +1040,39 @@ function createGraphClient(config = {}) {
|
|
|
849
1040
|
};
|
|
850
1041
|
}
|
|
851
1042
|
|
|
1043
|
+
// src/boundaryClientSurface.ts
|
|
1044
|
+
function cleanOptionalString(value) {
|
|
1045
|
+
const normalized = value?.trim();
|
|
1046
|
+
return normalized ? normalized : void 0;
|
|
1047
|
+
}
|
|
1048
|
+
function cleanRequiredString(value, label) {
|
|
1049
|
+
const normalized = cleanOptionalString(value);
|
|
1050
|
+
if (!normalized) {
|
|
1051
|
+
throw new Error(`${label} is required`);
|
|
1052
|
+
}
|
|
1053
|
+
return normalized;
|
|
1054
|
+
}
|
|
1055
|
+
function assertKnownKeys(input, allowed, operation) {
|
|
1056
|
+
const allowedSet = new Set(allowed);
|
|
1057
|
+
const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
|
|
1058
|
+
if (unknownKeys.length > 0) {
|
|
1059
|
+
throw new Error(
|
|
1060
|
+
`${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
|
|
1061
|
+
);
|
|
1062
|
+
}
|
|
1063
|
+
}
|
|
1064
|
+
function knownPayload(input, allowed, operation) {
|
|
1065
|
+
assertKnownKeys(input, allowed, operation);
|
|
1066
|
+
return { ...input };
|
|
1067
|
+
}
|
|
1068
|
+
function listResultFromEnvelope(data, legacyKey) {
|
|
1069
|
+
const record = data && typeof data === "object" ? data : {};
|
|
1070
|
+
return createListResult(
|
|
1071
|
+
Array.isArray(record[legacyKey]) ? record[legacyKey] : Array.isArray(data) ? data : [],
|
|
1072
|
+
legacyKey
|
|
1073
|
+
);
|
|
1074
|
+
}
|
|
1075
|
+
|
|
852
1076
|
// src/identityClient.ts
|
|
853
1077
|
function createIdentityWhoamiClient(config = {}) {
|
|
854
1078
|
const gateway = createGatewayRequestClient(config);
|
|
@@ -860,6 +1084,37 @@ function createIdentityWhoamiClient(config = {}) {
|
|
|
860
1084
|
}
|
|
861
1085
|
};
|
|
862
1086
|
}
|
|
1087
|
+
var TENANT_IDENTITY_FIELDS = [
|
|
1088
|
+
"tenantId",
|
|
1089
|
+
"workspaceId",
|
|
1090
|
+
"principalId",
|
|
1091
|
+
"integrationKey",
|
|
1092
|
+
"secretRef",
|
|
1093
|
+
"policySubject",
|
|
1094
|
+
"policyAction",
|
|
1095
|
+
"policyResource",
|
|
1096
|
+
"decision",
|
|
1097
|
+
"config",
|
|
1098
|
+
"configKey",
|
|
1099
|
+
"configValue",
|
|
1100
|
+
"provider",
|
|
1101
|
+
"status",
|
|
1102
|
+
"metadata",
|
|
1103
|
+
"limit",
|
|
1104
|
+
"cursor"
|
|
1105
|
+
];
|
|
1106
|
+
function tenantIdentityQuery(input) {
|
|
1107
|
+
return {
|
|
1108
|
+
tenantId: cleanRequiredString(input.tenantId, "tenantId"),
|
|
1109
|
+
workspaceId: input.workspaceId,
|
|
1110
|
+
principalId: input.principalId,
|
|
1111
|
+
limit: input.limit,
|
|
1112
|
+
cursor: input.cursor
|
|
1113
|
+
};
|
|
1114
|
+
}
|
|
1115
|
+
function tenantIdentityBody(input, operation) {
|
|
1116
|
+
return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
|
|
1117
|
+
}
|
|
863
1118
|
function createIdentityClient(config = {}) {
|
|
864
1119
|
const gateway = createGatewayRequestClient(config);
|
|
865
1120
|
const whoamiClient = createIdentityWhoamiClient(config);
|
|
@@ -985,6 +1240,109 @@ function createIdentityClient(config = {}) {
|
|
|
985
1240
|
return gateway.request({
|
|
986
1241
|
path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
|
|
987
1242
|
});
|
|
1243
|
+
},
|
|
1244
|
+
async getTenantConfig(input) {
|
|
1245
|
+
return gateway.request({
|
|
1246
|
+
path: `/api/platform/v1/identity/tenant-config${toQueryString(
|
|
1247
|
+
tenantIdentityQuery(input)
|
|
1248
|
+
)}`
|
|
1249
|
+
});
|
|
1250
|
+
},
|
|
1251
|
+
async updateTenantConfig(input, idempotencyKey) {
|
|
1252
|
+
cleanRequiredString(input.tenantId, "tenantId");
|
|
1253
|
+
return gateway.request({
|
|
1254
|
+
path: "/api/platform/v1/identity/tenant-config",
|
|
1255
|
+
method: "PATCH",
|
|
1256
|
+
body: tenantIdentityBody(
|
|
1257
|
+
input,
|
|
1258
|
+
"identity.updateTenantConfig"
|
|
1259
|
+
),
|
|
1260
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
1261
|
+
});
|
|
1262
|
+
},
|
|
1263
|
+
async listIntegrations(input) {
|
|
1264
|
+
return gateway.request({
|
|
1265
|
+
path: `/api/platform/v1/identity/integrations${toQueryString(
|
|
1266
|
+
tenantIdentityQuery(input)
|
|
1267
|
+
)}`
|
|
1268
|
+
}).then(
|
|
1269
|
+
(response) => mapGatewayData(
|
|
1270
|
+
response,
|
|
1271
|
+
(data) => listResultFromEnvelope(
|
|
1272
|
+
data,
|
|
1273
|
+
"integrations"
|
|
1274
|
+
)
|
|
1275
|
+
)
|
|
1276
|
+
);
|
|
1277
|
+
},
|
|
1278
|
+
async upsertIntegration(input, idempotencyKey) {
|
|
1279
|
+
cleanRequiredString(input.tenantId, "tenantId");
|
|
1280
|
+
cleanRequiredString(input.integrationKey, "integrationKey");
|
|
1281
|
+
return gateway.request({
|
|
1282
|
+
path: "/api/platform/v1/identity/integrations",
|
|
1283
|
+
method: "PUT",
|
|
1284
|
+
body: tenantIdentityBody(
|
|
1285
|
+
input,
|
|
1286
|
+
"identity.upsertIntegration"
|
|
1287
|
+
),
|
|
1288
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
1289
|
+
});
|
|
1290
|
+
},
|
|
1291
|
+
async listSecrets(input) {
|
|
1292
|
+
return gateway.request({
|
|
1293
|
+
path: `/api/platform/v1/identity/secrets${toQueryString(
|
|
1294
|
+
tenantIdentityQuery(input)
|
|
1295
|
+
)}`
|
|
1296
|
+
}).then(
|
|
1297
|
+
(response) => mapGatewayData(
|
|
1298
|
+
response,
|
|
1299
|
+
(data) => listResultFromEnvelope(
|
|
1300
|
+
data,
|
|
1301
|
+
"secrets"
|
|
1302
|
+
)
|
|
1303
|
+
)
|
|
1304
|
+
);
|
|
1305
|
+
},
|
|
1306
|
+
async putSecretReference(input, idempotencyKey) {
|
|
1307
|
+
cleanRequiredString(input.tenantId, "tenantId");
|
|
1308
|
+
cleanRequiredString(input.secretRef, "secretRef");
|
|
1309
|
+
return gateway.request({
|
|
1310
|
+
path: "/api/platform/v1/identity/secrets",
|
|
1311
|
+
method: "PUT",
|
|
1312
|
+
body: tenantIdentityBody(
|
|
1313
|
+
input,
|
|
1314
|
+
"identity.putSecretReference"
|
|
1315
|
+
),
|
|
1316
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
1317
|
+
});
|
|
1318
|
+
},
|
|
1319
|
+
async evaluatePolicy(input, idempotencyKey) {
|
|
1320
|
+
cleanRequiredString(input.tenantId, "tenantId");
|
|
1321
|
+
cleanRequiredString(input.policySubject, "policySubject");
|
|
1322
|
+
cleanRequiredString(input.policyAction, "policyAction");
|
|
1323
|
+
cleanRequiredString(input.policyResource, "policyResource");
|
|
1324
|
+
return gateway.request({
|
|
1325
|
+
path: "/api/platform/v1/identity/policy/evaluate",
|
|
1326
|
+
method: "POST",
|
|
1327
|
+
body: tenantIdentityBody(
|
|
1328
|
+
input,
|
|
1329
|
+
"identity.evaluatePolicy"
|
|
1330
|
+
),
|
|
1331
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
1332
|
+
});
|
|
1333
|
+
},
|
|
1334
|
+
async recordPolicyDecision(input, idempotencyKey) {
|
|
1335
|
+
cleanRequiredString(input.tenantId, "tenantId");
|
|
1336
|
+
cleanRequiredString(input.decision, "decision");
|
|
1337
|
+
return gateway.request({
|
|
1338
|
+
path: "/api/platform/v1/identity/policy/decisions",
|
|
1339
|
+
method: "POST",
|
|
1340
|
+
body: tenantIdentityBody(
|
|
1341
|
+
input,
|
|
1342
|
+
"identity.recordPolicyDecision"
|
|
1343
|
+
),
|
|
1344
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
1345
|
+
});
|
|
988
1346
|
}
|
|
989
1347
|
};
|
|
990
1348
|
}
|
|
@@ -993,12 +1351,12 @@ function createIdentityClient(config = {}) {
|
|
|
993
1351
|
function asRecord2(value) {
|
|
994
1352
|
return value && typeof value === "object" ? value : {};
|
|
995
1353
|
}
|
|
996
|
-
function
|
|
1354
|
+
function cleanString3(value) {
|
|
997
1355
|
return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
|
|
998
1356
|
}
|
|
999
1357
|
function normalizeTopicRecord(value) {
|
|
1000
1358
|
const record = asRecord2(value);
|
|
1001
|
-
const topicId =
|
|
1359
|
+
const topicId = cleanString3(record.topicId) ?? cleanString3(record.id) ?? cleanString3(record._id);
|
|
1002
1360
|
return withTopicAlias({
|
|
1003
1361
|
...record,
|
|
1004
1362
|
...topicId ? { topicId } : {}
|