@lucern/sdk 0.3.0-alpha.2 → 0.3.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adminClient.d.ts +2 -0
- package/dist/adminClient.js +194 -3
- package/dist/adminClient.js.map +1 -1
- package/dist/answersClient.d.ts +2 -0
- package/dist/answersClient.js +194 -3
- package/dist/answersClient.js.map +1 -1
- package/dist/audiencesClient.d.ts +2 -0
- package/dist/audiencesClient.js +194 -3
- package/dist/audiencesClient.js.map +1 -1
- package/dist/auditClient.d.ts +2 -0
- package/dist/auditClient.js +196 -5
- package/dist/auditClient.js.map +1 -1
- package/dist/authContext.d.ts +56 -0
- package/dist/authContext.js +169 -0
- package/dist/authContext.js.map +1 -0
- package/dist/authDeviceClient.d.ts +49 -0
- package/dist/authDeviceClient.js +108 -0
- package/dist/authDeviceClient.js.map +1 -0
- package/dist/beliefs/index.d.ts +19 -2
- package/dist/beliefs/index.js +2356 -329
- package/dist/beliefs/index.js.map +1 -1
- package/dist/beliefsClient.d.ts +2 -0
- package/dist/beliefsClient.js +198 -7
- package/dist/beliefsClient.js.map +1 -1
- package/dist/boundaryClientSurface.d.ts +20 -0
- package/dist/boundaryClientSurface.js +66 -0
- package/dist/boundaryClientSurface.js.map +1 -0
- package/dist/{client-B6aWUUwp.d.ts → client-EiG9nJOY.d.ts} +365 -6
- package/dist/client.d.ts +20 -3
- package/dist/client.js +2356 -329
- package/dist/client.js.map +1 -1
- package/dist/contextClient.d.ts +2 -0
- package/dist/contextClient.js +200 -9
- package/dist/contextClient.js.map +1 -1
- package/dist/contracts/index.d.ts +1 -0
- package/dist/contracts/index.js +104 -1
- package/dist/contracts/index.js.map +1 -1
- package/dist/contracts/mcpTools.d.ts +46 -1
- package/dist/contracts/mcpTools.js +102 -0
- package/dist/contracts/mcpTools.js.map +1 -1
- package/dist/contradictions/index.d.ts +19 -2
- package/dist/contradictions/index.js +2356 -329
- package/dist/contradictions/index.js.map +1 -1
- package/dist/coreClient.d.ts +9 -0
- package/dist/coreClient.js +194 -3
- package/dist/coreClient.js.map +1 -1
- package/dist/decisions/index.d.ts +19 -2
- package/dist/decisions/index.js +2356 -329
- package/dist/decisions/index.js.map +1 -1
- package/dist/decisionsClient.d.ts +2 -0
- package/dist/decisionsClient.js +197 -6
- package/dist/decisionsClient.js.map +1 -1
- package/dist/edges/index.d.ts +19 -2
- package/dist/edges/index.js +2356 -329
- package/dist/edges/index.js.map +1 -1
- package/dist/embeddingsClient.d.ts +106 -0
- package/dist/embeddingsClient.js +707 -0
- package/dist/embeddingsClient.js.map +1 -0
- package/dist/eventingClient.d.ts +96 -0
- package/dist/eventingClient.js +704 -0
- package/dist/eventingClient.js.map +1 -0
- package/dist/eventsCore.d.ts +2 -0
- package/dist/eventsCore.js +194 -3
- package/dist/eventsCore.js.map +1 -1
- package/dist/evidence/index.d.ts +19 -2
- package/dist/evidence/index.js +2356 -329
- package/dist/evidence/index.js.map +1 -1
- package/dist/evidenceClient.d.ts +2 -0
- package/dist/evidenceClient.js +194 -3
- package/dist/evidenceClient.js.map +1 -1
- package/dist/gatewayFacades.d.ts +4 -2
- package/dist/gatewayFacades.js +370 -12
- package/dist/gatewayFacades.js.map +1 -1
- package/dist/graphAnalysisClient.d.ts +140 -0
- package/dist/graphAnalysisClient.js +753 -0
- package/dist/graphAnalysisClient.js.map +1 -0
- package/dist/graphClient.d.ts +2 -0
- package/dist/graphClient.js +201 -10
- package/dist/graphClient.js.map +1 -1
- package/dist/graphRecommendationsClient.d.ts +56 -0
- package/dist/graphRecommendationsClient.js +645 -0
- package/dist/graphRecommendationsClient.js.map +1 -0
- package/dist/graphStateClassifierClient.d.ts +73 -0
- package/dist/graphStateClassifierClient.js +693 -0
- package/dist/graphStateClassifierClient.js.map +1 -0
- package/dist/harnessClient.d.ts +2 -0
- package/dist/harnessClient.js +196 -5
- package/dist/harnessClient.js.map +1 -1
- package/dist/identityClient.d.ts +89 -3
- package/dist/identityClient.js +362 -4
- package/dist/identityClient.js.map +1 -1
- package/dist/index.d.ts +20 -3
- package/dist/index.js +2516 -356
- package/dist/index.js.map +1 -1
- package/dist/jobsClient.d.ts +98 -0
- package/dist/jobsClient.js +703 -0
- package/dist/jobsClient.js.map +1 -0
- package/dist/learningClient.d.ts +2 -0
- package/dist/learningClient.js +196 -5
- package/dist/learningClient.js.map +1 -1
- package/dist/lenses/index.d.ts +19 -2
- package/dist/lenses/index.js +2356 -329
- package/dist/lenses/index.js.map +1 -1
- package/dist/mcpClient.d.ts +28 -0
- package/dist/mcpClient.js +649 -0
- package/dist/mcpClient.js.map +1 -0
- package/dist/modelRuntimeClient.d.ts +72 -0
- package/dist/modelRuntimeClient.js +680 -0
- package/dist/modelRuntimeClient.js.map +1 -0
- package/dist/nodes/index.d.ts +19 -2
- package/dist/nodes/index.js +2356 -329
- package/dist/nodes/index.js.map +1 -1
- package/dist/ontologies/index.d.ts +19 -2
- package/dist/ontologies/index.js +2356 -329
- package/dist/ontologies/index.js.map +1 -1
- package/dist/ontologyClient.d.ts +2 -0
- package/dist/ontologyClient.js +194 -3
- package/dist/ontologyClient.js.map +1 -1
- package/dist/ontologyLinksClient.d.ts +71 -0
- package/dist/ontologyLinksClient.js +674 -0
- package/dist/ontologyLinksClient.js.map +1 -0
- package/dist/orgGraphSearchClient.d.ts +85 -0
- package/dist/orgGraphSearchClient.js +651 -0
- package/dist/orgGraphSearchClient.js.map +1 -0
- package/dist/packRuntime.d.ts +1 -2
- package/dist/packsClient.d.ts +2 -0
- package/dist/packsClient.js +194 -3
- package/dist/packsClient.js.map +1 -1
- package/dist/policyClient.d.ts +2 -0
- package/dist/policyClient.js +194 -3
- package/dist/policyClient.js.map +1 -1
- package/dist/questions/index.d.ts +19 -2
- package/dist/questions/index.js +2356 -329
- package/dist/questions/index.js.map +1 -1
- package/dist/reportsClient.d.ts +2 -0
- package/dist/reportsClient.js +196 -5
- package/dist/reportsClient.js.map +1 -1
- package/dist/schemaClient.d.ts +2 -0
- package/dist/schemaClient.js +194 -3
- package/dist/schemaClient.js.map +1 -1
- package/dist/sdkSurface.d.ts +2 -0
- package/dist/sourcesClient.d.ts +2 -0
- package/dist/sourcesClient.js +194 -3
- package/dist/sourcesClient.js.map +1 -1
- package/dist/telemetryClient.d.ts +94 -0
- package/dist/telemetryClient.js +718 -0
- package/dist/telemetryClient.js.map +1 -0
- package/dist/toolRegistryClient.d.ts +107 -0
- package/dist/toolRegistryClient.js +732 -0
- package/dist/toolRegistryClient.js.map +1 -0
- package/dist/topics/index.d.ts +19 -2
- package/dist/topics/index.js +2356 -329
- package/dist/topics/index.js.map +1 -1
- package/dist/topicsClient.d.ts +2 -0
- package/dist/topicsClient.js +199 -8
- package/dist/topicsClient.js.map +1 -1
- package/dist/workflowClient.d.ts +2 -0
- package/dist/workflowClient.js +199 -8
- package/dist/workflowClient.js.map +1 -1
- package/dist/worktrees/index.d.ts +19 -2
- package/dist/worktrees/index.js +2356 -329
- package/dist/worktrees/index.js.map +1 -1
- package/package.json +3 -3
package/dist/identityClient.js
CHANGED
|
@@ -1,3 +1,169 @@
|
|
|
1
|
+
// src/authContext.ts
|
|
2
|
+
var LucernSdkAuthContextError = class extends Error {
|
|
3
|
+
reason;
|
|
4
|
+
constructor(reason, message) {
|
|
5
|
+
super(message);
|
|
6
|
+
this.name = "LucernSdkAuthContextError";
|
|
7
|
+
this.reason = reason;
|
|
8
|
+
}
|
|
9
|
+
};
|
|
10
|
+
function cleanString(value) {
|
|
11
|
+
const normalized = value?.trim();
|
|
12
|
+
return normalized ? normalized : void 0;
|
|
13
|
+
}
|
|
14
|
+
function cleanStringList(values) {
|
|
15
|
+
if (!values) {
|
|
16
|
+
return [];
|
|
17
|
+
}
|
|
18
|
+
return values.map((value) => value.trim()).filter(
|
|
19
|
+
(value, index, list) => value.length > 0 && list.indexOf(value) === index
|
|
20
|
+
);
|
|
21
|
+
}
|
|
22
|
+
function requireString(value, reason, label) {
|
|
23
|
+
const normalized = cleanString(value);
|
|
24
|
+
if (!normalized) {
|
|
25
|
+
throw new LucernSdkAuthContextError(
|
|
26
|
+
reason,
|
|
27
|
+
`Canonical Lucern SDK auth context is missing ${label}.`
|
|
28
|
+
);
|
|
29
|
+
}
|
|
30
|
+
return normalized;
|
|
31
|
+
}
|
|
32
|
+
function requirePrincipalType(principalType) {
|
|
33
|
+
if (!principalType) {
|
|
34
|
+
throw new LucernSdkAuthContextError(
|
|
35
|
+
"principal_missing",
|
|
36
|
+
"Canonical Lucern SDK auth context is missing principalType."
|
|
37
|
+
);
|
|
38
|
+
}
|
|
39
|
+
return principalType;
|
|
40
|
+
}
|
|
41
|
+
function requireAuthMode(authMode) {
|
|
42
|
+
if (!authMode) {
|
|
43
|
+
throw new LucernSdkAuthContextError(
|
|
44
|
+
"principal_missing",
|
|
45
|
+
"Canonical Lucern SDK auth context is missing authMode."
|
|
46
|
+
);
|
|
47
|
+
}
|
|
48
|
+
return authMode;
|
|
49
|
+
}
|
|
50
|
+
function ensurePermitMatch(args) {
|
|
51
|
+
const actual = cleanString(args.actual);
|
|
52
|
+
if (actual && actual !== args.expected) {
|
|
53
|
+
throw new LucernSdkAuthContextError(
|
|
54
|
+
"policy_denied",
|
|
55
|
+
`Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`
|
|
56
|
+
);
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
function normalizeCanonicalLucernAuthContext(input) {
|
|
60
|
+
if (!input) {
|
|
61
|
+
throw new LucernSdkAuthContextError(
|
|
62
|
+
"principal_missing",
|
|
63
|
+
"Canonical Lucern SDK auth context is required."
|
|
64
|
+
);
|
|
65
|
+
}
|
|
66
|
+
if (input.policyDecision === "deny") {
|
|
67
|
+
throw new LucernSdkAuthContextError(
|
|
68
|
+
"policy_denied",
|
|
69
|
+
"Canonical Lucern SDK auth context carries a denied policy decision."
|
|
70
|
+
);
|
|
71
|
+
}
|
|
72
|
+
const principalId = requireString(
|
|
73
|
+
input.principalId,
|
|
74
|
+
"principal_missing",
|
|
75
|
+
"principalId"
|
|
76
|
+
);
|
|
77
|
+
const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
|
|
78
|
+
const workspaceId = requireString(
|
|
79
|
+
input.workspaceId,
|
|
80
|
+
"workspace_missing",
|
|
81
|
+
"workspaceId"
|
|
82
|
+
);
|
|
83
|
+
const roles = cleanStringList(input.roles);
|
|
84
|
+
const scopes = cleanStringList(input.scopes);
|
|
85
|
+
if (roles.length === 0 || scopes.length === 0) {
|
|
86
|
+
throw new LucernSdkAuthContextError(
|
|
87
|
+
"membership_missing",
|
|
88
|
+
"Canonical Lucern SDK auth context requires non-empty roles and scopes."
|
|
89
|
+
);
|
|
90
|
+
}
|
|
91
|
+
const principalType = requirePrincipalType(input.principalType);
|
|
92
|
+
const authMode = requireAuthMode(input.authMode);
|
|
93
|
+
const subject = cleanString(input.permit?.subject) ?? principalId;
|
|
94
|
+
const tenant = cleanString(input.permit?.tenant) ?? tenantId;
|
|
95
|
+
const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
|
|
96
|
+
ensurePermitMatch({
|
|
97
|
+
field: "subject",
|
|
98
|
+
expected: principalId,
|
|
99
|
+
actual: subject
|
|
100
|
+
});
|
|
101
|
+
ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
|
|
102
|
+
ensurePermitMatch({
|
|
103
|
+
field: "workspace",
|
|
104
|
+
expected: workspaceId,
|
|
105
|
+
actual: workspace
|
|
106
|
+
});
|
|
107
|
+
const context = input.permit?.context ? { ...input.permit.context } : void 0;
|
|
108
|
+
return {
|
|
109
|
+
clerkId: cleanString(input.clerkId),
|
|
110
|
+
principalId,
|
|
111
|
+
tenantId,
|
|
112
|
+
workspaceId,
|
|
113
|
+
principalType,
|
|
114
|
+
authMode,
|
|
115
|
+
roles,
|
|
116
|
+
scopes,
|
|
117
|
+
delegationChain: input.delegationChain ? [...input.delegationChain] : [],
|
|
118
|
+
policyTraceId: cleanString(input.policyTraceId),
|
|
119
|
+
correlationId: cleanString(input.correlationId),
|
|
120
|
+
membershipId: cleanString(input.membershipId),
|
|
121
|
+
permit: {
|
|
122
|
+
subject,
|
|
123
|
+
tenant,
|
|
124
|
+
workspace,
|
|
125
|
+
resource: cleanString(input.permit?.resource),
|
|
126
|
+
action: cleanString(input.permit?.action),
|
|
127
|
+
relation: cleanString(input.permit?.relation),
|
|
128
|
+
context
|
|
129
|
+
}
|
|
130
|
+
};
|
|
131
|
+
}
|
|
132
|
+
function createCanonicalAuthHeaders(authContext) {
|
|
133
|
+
const headers = {
|
|
134
|
+
"x-lucern-principal-id": authContext.principalId,
|
|
135
|
+
"x-lucern-principal-type": authContext.principalType,
|
|
136
|
+
"x-lucern-tenant": authContext.tenantId,
|
|
137
|
+
"x-lucern-tenant-id": authContext.tenantId,
|
|
138
|
+
"x-lucern-workspace": authContext.workspaceId,
|
|
139
|
+
"x-lucern-workspace-id": authContext.workspaceId,
|
|
140
|
+
"x-lucern-auth-mode": authContext.authMode,
|
|
141
|
+
"x-lucern-roles": authContext.roles.join(","),
|
|
142
|
+
"x-lucern-scopes": authContext.scopes.join(","),
|
|
143
|
+
"x-lucern-permit-context": JSON.stringify(authContext.permit)
|
|
144
|
+
};
|
|
145
|
+
if (authContext.clerkId) {
|
|
146
|
+
headers["x-lucern-clerk-id"] = authContext.clerkId;
|
|
147
|
+
headers["x-lucern-user-id"] = authContext.clerkId;
|
|
148
|
+
}
|
|
149
|
+
if (authContext.delegationChain.length > 0) {
|
|
150
|
+
headers["x-lucern-delegation-chain"] = JSON.stringify(
|
|
151
|
+
authContext.delegationChain
|
|
152
|
+
);
|
|
153
|
+
}
|
|
154
|
+
if (authContext.policyTraceId) {
|
|
155
|
+
headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
|
|
156
|
+
}
|
|
157
|
+
if (authContext.correlationId) {
|
|
158
|
+
headers["x-correlation-id"] = authContext.correlationId;
|
|
159
|
+
headers["x-lucern-correlation-id"] = authContext.correlationId;
|
|
160
|
+
}
|
|
161
|
+
if (authContext.membershipId) {
|
|
162
|
+
headers["x-lucern-membership-id"] = authContext.membershipId;
|
|
163
|
+
}
|
|
164
|
+
return headers;
|
|
165
|
+
}
|
|
166
|
+
|
|
1
167
|
// src/coreClient.ts
|
|
2
168
|
var LucernApiError = class extends Error {
|
|
3
169
|
code;
|
|
@@ -154,16 +320,41 @@ function readPolicySummaryFromDetails(details) {
|
|
|
154
320
|
}
|
|
155
321
|
return null;
|
|
156
322
|
}
|
|
323
|
+
async function resolveConfiguredAuthContext(authContext) {
|
|
324
|
+
if (typeof authContext === "function") {
|
|
325
|
+
return await authContext();
|
|
326
|
+
}
|
|
327
|
+
return authContext;
|
|
328
|
+
}
|
|
329
|
+
function mergeHeaderRecord(base, addition) {
|
|
330
|
+
const headers = new Headers(base);
|
|
331
|
+
for (const [key, value] of Object.entries(addition)) {
|
|
332
|
+
const existing = headers.get(key);
|
|
333
|
+
if (existing !== null && existing !== value) {
|
|
334
|
+
throw new LucernSdkAuthContextError(
|
|
335
|
+
"policy_denied",
|
|
336
|
+
`Canonical Lucern SDK auth context conflicts with existing ${key} header.`
|
|
337
|
+
);
|
|
338
|
+
}
|
|
339
|
+
headers.set(key, value);
|
|
340
|
+
}
|
|
341
|
+
return Object.fromEntries(headers.entries());
|
|
342
|
+
}
|
|
157
343
|
function createGatewayRequestClient(config = {}) {
|
|
158
344
|
const fetchImpl = config.fetchImpl ?? fetch;
|
|
159
345
|
const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
|
|
160
346
|
const maxRetries = config.maxRetries ?? 2;
|
|
161
347
|
const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
|
|
162
348
|
async function resolveAuthHeaders() {
|
|
163
|
-
|
|
164
|
-
|
|
349
|
+
const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
|
|
350
|
+
const authContextInput = await resolveConfiguredAuthContext(
|
|
351
|
+
config.authContext
|
|
352
|
+
);
|
|
353
|
+
if (!authContextInput && !config.requireCanonicalAuthContext) {
|
|
354
|
+
return base;
|
|
165
355
|
}
|
|
166
|
-
|
|
356
|
+
const authContext = normalizeCanonicalLucernAuthContext(authContextInput);
|
|
357
|
+
return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));
|
|
167
358
|
}
|
|
168
359
|
async function fetchWithTimeout(url, init, timeoutMs) {
|
|
169
360
|
const controller = new AbortController();
|
|
@@ -352,6 +543,39 @@ function mapGatewayData(response, mapper) {
|
|
|
352
543
|
};
|
|
353
544
|
}
|
|
354
545
|
|
|
546
|
+
// src/boundaryClientSurface.ts
|
|
547
|
+
function cleanOptionalString(value) {
|
|
548
|
+
const normalized = value?.trim();
|
|
549
|
+
return normalized ? normalized : void 0;
|
|
550
|
+
}
|
|
551
|
+
function cleanRequiredString(value, label) {
|
|
552
|
+
const normalized = cleanOptionalString(value);
|
|
553
|
+
if (!normalized) {
|
|
554
|
+
throw new Error(`${label} is required`);
|
|
555
|
+
}
|
|
556
|
+
return normalized;
|
|
557
|
+
}
|
|
558
|
+
function assertKnownKeys(input, allowed, operation) {
|
|
559
|
+
const allowedSet = new Set(allowed);
|
|
560
|
+
const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
|
|
561
|
+
if (unknownKeys.length > 0) {
|
|
562
|
+
throw new Error(
|
|
563
|
+
`${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
|
|
564
|
+
);
|
|
565
|
+
}
|
|
566
|
+
}
|
|
567
|
+
function knownPayload(input, allowed, operation) {
|
|
568
|
+
assertKnownKeys(input, allowed, operation);
|
|
569
|
+
return { ...input };
|
|
570
|
+
}
|
|
571
|
+
function listResultFromEnvelope(data, legacyKey) {
|
|
572
|
+
const record = data && typeof data === "object" ? data : {};
|
|
573
|
+
return createListResult(
|
|
574
|
+
Array.isArray(record[legacyKey]) ? record[legacyKey] : Array.isArray(data) ? data : [],
|
|
575
|
+
legacyKey
|
|
576
|
+
);
|
|
577
|
+
}
|
|
578
|
+
|
|
355
579
|
// src/identityClient.ts
|
|
356
580
|
function createIdentityWhoamiClient(config = {}) {
|
|
357
581
|
const gateway = createGatewayRequestClient(config);
|
|
@@ -363,6 +587,37 @@ function createIdentityWhoamiClient(config = {}) {
|
|
|
363
587
|
}
|
|
364
588
|
};
|
|
365
589
|
}
|
|
590
|
+
var TENANT_IDENTITY_FIELDS = [
|
|
591
|
+
"tenantId",
|
|
592
|
+
"workspaceId",
|
|
593
|
+
"principalId",
|
|
594
|
+
"integrationKey",
|
|
595
|
+
"secretRef",
|
|
596
|
+
"policySubject",
|
|
597
|
+
"policyAction",
|
|
598
|
+
"policyResource",
|
|
599
|
+
"decision",
|
|
600
|
+
"config",
|
|
601
|
+
"configKey",
|
|
602
|
+
"configValue",
|
|
603
|
+
"provider",
|
|
604
|
+
"status",
|
|
605
|
+
"metadata",
|
|
606
|
+
"limit",
|
|
607
|
+
"cursor"
|
|
608
|
+
];
|
|
609
|
+
function tenantIdentityQuery(input) {
|
|
610
|
+
return {
|
|
611
|
+
tenantId: cleanRequiredString(input.tenantId, "tenantId"),
|
|
612
|
+
workspaceId: input.workspaceId,
|
|
613
|
+
principalId: input.principalId,
|
|
614
|
+
limit: input.limit,
|
|
615
|
+
cursor: input.cursor
|
|
616
|
+
};
|
|
617
|
+
}
|
|
618
|
+
function tenantIdentityBody(input, operation) {
|
|
619
|
+
return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
|
|
620
|
+
}
|
|
366
621
|
function createIdentityClient(config = {}) {
|
|
367
622
|
const gateway = createGatewayRequestClient(config);
|
|
368
623
|
const whoamiClient = createIdentityWhoamiClient(config);
|
|
@@ -488,10 +743,113 @@ function createIdentityClient(config = {}) {
|
|
|
488
743
|
return gateway.request({
|
|
489
744
|
path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
|
|
490
745
|
});
|
|
746
|
+
},
|
|
747
|
+
async getTenantConfig(input) {
|
|
748
|
+
return gateway.request({
|
|
749
|
+
path: `/api/platform/v1/identity/tenant-config${toQueryString(
|
|
750
|
+
tenantIdentityQuery(input)
|
|
751
|
+
)}`
|
|
752
|
+
});
|
|
753
|
+
},
|
|
754
|
+
async updateTenantConfig(input, idempotencyKey) {
|
|
755
|
+
cleanRequiredString(input.tenantId, "tenantId");
|
|
756
|
+
return gateway.request({
|
|
757
|
+
path: "/api/platform/v1/identity/tenant-config",
|
|
758
|
+
method: "PATCH",
|
|
759
|
+
body: tenantIdentityBody(
|
|
760
|
+
input,
|
|
761
|
+
"identity.updateTenantConfig"
|
|
762
|
+
),
|
|
763
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
764
|
+
});
|
|
765
|
+
},
|
|
766
|
+
async listIntegrations(input) {
|
|
767
|
+
return gateway.request({
|
|
768
|
+
path: `/api/platform/v1/identity/integrations${toQueryString(
|
|
769
|
+
tenantIdentityQuery(input)
|
|
770
|
+
)}`
|
|
771
|
+
}).then(
|
|
772
|
+
(response) => mapGatewayData(
|
|
773
|
+
response,
|
|
774
|
+
(data) => listResultFromEnvelope(
|
|
775
|
+
data,
|
|
776
|
+
"integrations"
|
|
777
|
+
)
|
|
778
|
+
)
|
|
779
|
+
);
|
|
780
|
+
},
|
|
781
|
+
async upsertIntegration(input, idempotencyKey) {
|
|
782
|
+
cleanRequiredString(input.tenantId, "tenantId");
|
|
783
|
+
cleanRequiredString(input.integrationKey, "integrationKey");
|
|
784
|
+
return gateway.request({
|
|
785
|
+
path: "/api/platform/v1/identity/integrations",
|
|
786
|
+
method: "PUT",
|
|
787
|
+
body: tenantIdentityBody(
|
|
788
|
+
input,
|
|
789
|
+
"identity.upsertIntegration"
|
|
790
|
+
),
|
|
791
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
792
|
+
});
|
|
793
|
+
},
|
|
794
|
+
async listSecrets(input) {
|
|
795
|
+
return gateway.request({
|
|
796
|
+
path: `/api/platform/v1/identity/secrets${toQueryString(
|
|
797
|
+
tenantIdentityQuery(input)
|
|
798
|
+
)}`
|
|
799
|
+
}).then(
|
|
800
|
+
(response) => mapGatewayData(
|
|
801
|
+
response,
|
|
802
|
+
(data) => listResultFromEnvelope(
|
|
803
|
+
data,
|
|
804
|
+
"secrets"
|
|
805
|
+
)
|
|
806
|
+
)
|
|
807
|
+
);
|
|
808
|
+
},
|
|
809
|
+
async putSecretReference(input, idempotencyKey) {
|
|
810
|
+
cleanRequiredString(input.tenantId, "tenantId");
|
|
811
|
+
cleanRequiredString(input.secretRef, "secretRef");
|
|
812
|
+
return gateway.request({
|
|
813
|
+
path: "/api/platform/v1/identity/secrets",
|
|
814
|
+
method: "PUT",
|
|
815
|
+
body: tenantIdentityBody(
|
|
816
|
+
input,
|
|
817
|
+
"identity.putSecretReference"
|
|
818
|
+
),
|
|
819
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
820
|
+
});
|
|
821
|
+
},
|
|
822
|
+
async evaluatePolicy(input, idempotencyKey) {
|
|
823
|
+
cleanRequiredString(input.tenantId, "tenantId");
|
|
824
|
+
cleanRequiredString(input.policySubject, "policySubject");
|
|
825
|
+
cleanRequiredString(input.policyAction, "policyAction");
|
|
826
|
+
cleanRequiredString(input.policyResource, "policyResource");
|
|
827
|
+
return gateway.request({
|
|
828
|
+
path: "/api/platform/v1/identity/policy/evaluate",
|
|
829
|
+
method: "POST",
|
|
830
|
+
body: tenantIdentityBody(
|
|
831
|
+
input,
|
|
832
|
+
"identity.evaluatePolicy"
|
|
833
|
+
),
|
|
834
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
835
|
+
});
|
|
836
|
+
},
|
|
837
|
+
async recordPolicyDecision(input, idempotencyKey) {
|
|
838
|
+
cleanRequiredString(input.tenantId, "tenantId");
|
|
839
|
+
cleanRequiredString(input.decision, "decision");
|
|
840
|
+
return gateway.request({
|
|
841
|
+
path: "/api/platform/v1/identity/policy/decisions",
|
|
842
|
+
method: "POST",
|
|
843
|
+
body: tenantIdentityBody(
|
|
844
|
+
input,
|
|
845
|
+
"identity.recordPolicyDecision"
|
|
846
|
+
),
|
|
847
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
848
|
+
});
|
|
491
849
|
}
|
|
492
850
|
};
|
|
493
851
|
}
|
|
494
852
|
|
|
495
|
-
export { LucernApiError, createIdentityClient };
|
|
853
|
+
export { LucernApiError, TENANT_IDENTITY_FIELDS, createIdentityClient };
|
|
496
854
|
//# sourceMappingURL=identityClient.js.map
|
|
497
855
|
//# sourceMappingURL=identityClient.js.map
|