@lucern/sdk 0.3.0-alpha.2 → 0.3.0-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (168) hide show
  1. package/dist/adminClient.d.ts +2 -0
  2. package/dist/adminClient.js +195 -3
  3. package/dist/adminClient.js.map +1 -1
  4. package/dist/answersClient.d.ts +2 -0
  5. package/dist/answersClient.js +195 -3
  6. package/dist/answersClient.js.map +1 -1
  7. package/dist/audiencesClient.d.ts +2 -0
  8. package/dist/audiencesClient.js +195 -3
  9. package/dist/audiencesClient.js.map +1 -1
  10. package/dist/auditClient.d.ts +2 -0
  11. package/dist/auditClient.js +197 -5
  12. package/dist/auditClient.js.map +1 -1
  13. package/dist/authContext.d.ts +56 -0
  14. package/dist/authContext.js +170 -0
  15. package/dist/authContext.js.map +1 -0
  16. package/dist/authDeviceClient.d.ts +49 -0
  17. package/dist/authDeviceClient.js +108 -0
  18. package/dist/authDeviceClient.js.map +1 -0
  19. package/dist/beliefs/index.d.ts +19 -2
  20. package/dist/beliefs/index.js +2648 -327
  21. package/dist/beliefs/index.js.map +1 -1
  22. package/dist/beliefsClient.d.ts +2 -0
  23. package/dist/beliefsClient.js +199 -7
  24. package/dist/beliefsClient.js.map +1 -1
  25. package/dist/boundaryClientSurface.d.ts +20 -0
  26. package/dist/boundaryClientSurface.js +66 -0
  27. package/dist/boundaryClientSurface.js.map +1 -0
  28. package/dist/{client-B6aWUUwp.d.ts → client-DOLqClbU.d.ts} +548 -9
  29. package/dist/client.d.ts +20 -3
  30. package/dist/client.js +2648 -327
  31. package/dist/client.js.map +1 -1
  32. package/dist/contextClient.d.ts +2 -0
  33. package/dist/contextClient.js +201 -9
  34. package/dist/contextClient.js.map +1 -1
  35. package/dist/contracts/api-enums.contract.d.ts +1 -1
  36. package/dist/contracts/api-enums.contract.js.map +1 -1
  37. package/dist/contracts/index.d.ts +1 -0
  38. package/dist/contracts/index.js +104 -1
  39. package/dist/contracts/index.js.map +1 -1
  40. package/dist/contracts/mcpTools.d.ts +46 -1
  41. package/dist/contracts/mcpTools.js +102 -0
  42. package/dist/contracts/mcpTools.js.map +1 -1
  43. package/dist/contradictions/index.d.ts +19 -2
  44. package/dist/contradictions/index.js +2648 -327
  45. package/dist/contradictions/index.js.map +1 -1
  46. package/dist/coreClient.d.ts +9 -0
  47. package/dist/coreClient.js +195 -3
  48. package/dist/coreClient.js.map +1 -1
  49. package/dist/decisions/index.d.ts +19 -2
  50. package/dist/decisions/index.js +2648 -327
  51. package/dist/decisions/index.js.map +1 -1
  52. package/dist/decisionsClient.d.ts +2 -0
  53. package/dist/decisionsClient.js +198 -6
  54. package/dist/decisionsClient.js.map +1 -1
  55. package/dist/edges/index.d.ts +19 -2
  56. package/dist/edges/index.js +2648 -327
  57. package/dist/edges/index.js.map +1 -1
  58. package/dist/embeddingsClient.d.ts +106 -0
  59. package/dist/embeddingsClient.js +708 -0
  60. package/dist/embeddingsClient.js.map +1 -0
  61. package/dist/eventingClient.d.ts +96 -0
  62. package/dist/eventingClient.js +705 -0
  63. package/dist/eventingClient.js.map +1 -0
  64. package/dist/eventsCore.d.ts +2 -0
  65. package/dist/eventsCore.js +195 -3
  66. package/dist/eventsCore.js.map +1 -1
  67. package/dist/evidence/index.d.ts +19 -2
  68. package/dist/evidence/index.js +2648 -327
  69. package/dist/evidence/index.js.map +1 -1
  70. package/dist/evidenceClient.d.ts +2 -0
  71. package/dist/evidenceClient.js +195 -3
  72. package/dist/evidenceClient.js.map +1 -1
  73. package/dist/gatewayFacades.d.ts +38 -3
  74. package/dist/gatewayFacades.js +371 -12
  75. package/dist/gatewayFacades.js.map +1 -1
  76. package/dist/graphAnalysisClient.d.ts +147 -0
  77. package/dist/graphAnalysisClient.js +756 -0
  78. package/dist/graphAnalysisClient.js.map +1 -0
  79. package/dist/graphClient.d.ts +2 -0
  80. package/dist/graphClient.js +202 -10
  81. package/dist/graphClient.js.map +1 -1
  82. package/dist/graphRecommendationsClient.d.ts +56 -0
  83. package/dist/graphRecommendationsClient.js +646 -0
  84. package/dist/graphRecommendationsClient.js.map +1 -0
  85. package/dist/graphStateClassifierClient.d.ts +73 -0
  86. package/dist/graphStateClassifierClient.js +694 -0
  87. package/dist/graphStateClassifierClient.js.map +1 -0
  88. package/dist/harnessClient.d.ts +2 -0
  89. package/dist/harnessClient.js +197 -5
  90. package/dist/harnessClient.js.map +1 -1
  91. package/dist/identityClient.d.ts +89 -3
  92. package/dist/identityClient.js +363 -4
  93. package/dist/identityClient.js.map +1 -1
  94. package/dist/index.d.ts +23 -4
  95. package/dist/index.js +3098 -353
  96. package/dist/index.js.map +1 -1
  97. package/dist/infisicalRuntime.d.ts +42 -0
  98. package/dist/infisicalRuntime.js +291 -0
  99. package/dist/infisicalRuntime.js.map +1 -0
  100. package/dist/jobsClient.d.ts +98 -0
  101. package/dist/jobsClient.js +704 -0
  102. package/dist/jobsClient.js.map +1 -0
  103. package/dist/learningClient.d.ts +2 -0
  104. package/dist/learningClient.js +197 -5
  105. package/dist/learningClient.js.map +1 -1
  106. package/dist/lenses/index.d.ts +43 -2
  107. package/dist/lenses/index.js +2648 -327
  108. package/dist/lenses/index.js.map +1 -1
  109. package/dist/mcpClient.d.ts +28 -0
  110. package/dist/mcpClient.js +650 -0
  111. package/dist/mcpClient.js.map +1 -0
  112. package/dist/modelRuntimeClient.d.ts +72 -0
  113. package/dist/modelRuntimeClient.js +681 -0
  114. package/dist/modelRuntimeClient.js.map +1 -0
  115. package/dist/nodes/index.d.ts +37 -2
  116. package/dist/nodes/index.js +2648 -327
  117. package/dist/nodes/index.js.map +1 -1
  118. package/dist/ontologies/index.d.ts +19 -2
  119. package/dist/ontologies/index.js +2648 -327
  120. package/dist/ontologies/index.js.map +1 -1
  121. package/dist/ontologyClient.d.ts +2 -0
  122. package/dist/ontologyClient.js +195 -3
  123. package/dist/ontologyClient.js.map +1 -1
  124. package/dist/ontologyLinksClient.d.ts +71 -0
  125. package/dist/ontologyLinksClient.js +675 -0
  126. package/dist/ontologyLinksClient.js.map +1 -0
  127. package/dist/orgGraphSearchClient.d.ts +85 -0
  128. package/dist/orgGraphSearchClient.js +652 -0
  129. package/dist/orgGraphSearchClient.js.map +1 -0
  130. package/dist/packRuntime.d.ts +1 -2
  131. package/dist/packsClient.d.ts +2 -0
  132. package/dist/packsClient.js +195 -3
  133. package/dist/packsClient.js.map +1 -1
  134. package/dist/policyClient.d.ts +2 -0
  135. package/dist/policyClient.js +195 -3
  136. package/dist/policyClient.js.map +1 -1
  137. package/dist/questions/index.d.ts +19 -2
  138. package/dist/questions/index.js +2648 -327
  139. package/dist/questions/index.js.map +1 -1
  140. package/dist/reportsClient.d.ts +2 -0
  141. package/dist/reportsClient.js +197 -5
  142. package/dist/reportsClient.js.map +1 -1
  143. package/dist/schemaClient.d.ts +2 -0
  144. package/dist/schemaClient.js +195 -3
  145. package/dist/schemaClient.js.map +1 -1
  146. package/dist/sdkSurface.d.ts +2 -0
  147. package/dist/sourcesClient.d.ts +2 -0
  148. package/dist/sourcesClient.js +195 -3
  149. package/dist/sourcesClient.js.map +1 -1
  150. package/dist/telemetryClient.d.ts +94 -0
  151. package/dist/telemetryClient.js +719 -0
  152. package/dist/telemetryClient.js.map +1 -0
  153. package/dist/toolRegistryClient.d.ts +107 -0
  154. package/dist/toolRegistryClient.js +733 -0
  155. package/dist/toolRegistryClient.js.map +1 -0
  156. package/dist/topics/index.d.ts +19 -2
  157. package/dist/topics/index.js +2648 -327
  158. package/dist/topics/index.js.map +1 -1
  159. package/dist/topicsClient.d.ts +2 -0
  160. package/dist/topicsClient.js +200 -8
  161. package/dist/topicsClient.js.map +1 -1
  162. package/dist/workflowClient.d.ts +43 -7
  163. package/dist/workflowClient.js +200 -8
  164. package/dist/workflowClient.js.map +1 -1
  165. package/dist/worktrees/index.d.ts +43 -2
  166. package/dist/worktrees/index.js +2648 -327
  167. package/dist/worktrees/index.js.map +1 -1
  168. package/package.json +3 -3
@@ -1,3 +1,170 @@
1
+ // src/authContext.ts
2
+ var LucernSdkAuthContextError = class extends Error {
3
+ reason;
4
+ constructor(reason, message) {
5
+ super(message);
6
+ this.name = "LucernSdkAuthContextError";
7
+ this.reason = reason;
8
+ }
9
+ };
10
+ function cleanString(value) {
11
+ const normalized = value?.trim();
12
+ return normalized ? normalized : void 0;
13
+ }
14
+ function cleanStringList(values) {
15
+ if (!values) {
16
+ return [];
17
+ }
18
+ return values.map((value) => value.trim()).filter(
19
+ (value, index, list) => value.length > 0 && list.indexOf(value) === index
20
+ );
21
+ }
22
+ function requireString(value, reason, label) {
23
+ const normalized = cleanString(value);
24
+ if (!normalized) {
25
+ throw new LucernSdkAuthContextError(
26
+ reason,
27
+ `Canonical Lucern SDK auth context is missing ${label}.`
28
+ );
29
+ }
30
+ return normalized;
31
+ }
32
+ function requirePrincipalType(principalType) {
33
+ if (!principalType) {
34
+ throw new LucernSdkAuthContextError(
35
+ "principal_missing",
36
+ "Canonical Lucern SDK auth context is missing principalType."
37
+ );
38
+ }
39
+ return principalType;
40
+ }
41
+ function requireAuthMode(authMode) {
42
+ if (!authMode) {
43
+ throw new LucernSdkAuthContextError(
44
+ "principal_missing",
45
+ "Canonical Lucern SDK auth context is missing authMode."
46
+ );
47
+ }
48
+ return authMode;
49
+ }
50
+ function ensurePermitMatch(args) {
51
+ const actual = cleanString(args.actual);
52
+ if (actual && actual !== args.expected) {
53
+ throw new LucernSdkAuthContextError(
54
+ "policy_denied",
55
+ `Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`
56
+ );
57
+ }
58
+ }
59
+ function normalizeCanonicalLucernAuthContext(input) {
60
+ if (!input) {
61
+ throw new LucernSdkAuthContextError(
62
+ "principal_missing",
63
+ "Canonical Lucern SDK auth context is required."
64
+ );
65
+ }
66
+ if (input.policyDecision === "deny") {
67
+ throw new LucernSdkAuthContextError(
68
+ "policy_denied",
69
+ "Canonical Lucern SDK auth context carries a denied policy decision."
70
+ );
71
+ }
72
+ const principalId = requireString(
73
+ input.principalId,
74
+ "principal_missing",
75
+ "principalId"
76
+ );
77
+ const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
78
+ const workspaceId = requireString(
79
+ input.workspaceId,
80
+ "workspace_missing",
81
+ "workspaceId"
82
+ );
83
+ const roles = cleanStringList(input.roles);
84
+ const scopes = cleanStringList(input.scopes);
85
+ const principalType = requirePrincipalType(input.principalType);
86
+ const authMode = requireAuthMode(input.authMode);
87
+ const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
88
+ if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
89
+ throw new LucernSdkAuthContextError(
90
+ "membership_missing",
91
+ "Canonical Lucern SDK auth context requires non-empty roles and scopes."
92
+ );
93
+ }
94
+ const subject = cleanString(input.permit?.subject) ?? principalId;
95
+ const tenant = cleanString(input.permit?.tenant) ?? tenantId;
96
+ const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
97
+ ensurePermitMatch({
98
+ field: "subject",
99
+ expected: principalId,
100
+ actual: subject
101
+ });
102
+ ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
103
+ ensurePermitMatch({
104
+ field: "workspace",
105
+ expected: workspaceId,
106
+ actual: workspace
107
+ });
108
+ const context = input.permit?.context ? { ...input.permit.context } : void 0;
109
+ return {
110
+ clerkId: cleanString(input.clerkId),
111
+ principalId,
112
+ tenantId,
113
+ workspaceId,
114
+ principalType,
115
+ authMode,
116
+ roles,
117
+ scopes,
118
+ delegationChain: input.delegationChain ? [...input.delegationChain] : [],
119
+ policyTraceId: cleanString(input.policyTraceId),
120
+ correlationId: cleanString(input.correlationId),
121
+ membershipId: cleanString(input.membershipId),
122
+ permit: {
123
+ subject,
124
+ tenant,
125
+ workspace,
126
+ resource: cleanString(input.permit?.resource),
127
+ action: cleanString(input.permit?.action),
128
+ relation: cleanString(input.permit?.relation),
129
+ context
130
+ }
131
+ };
132
+ }
133
+ function createCanonicalAuthHeaders(authContext) {
134
+ const headers = {
135
+ "x-lucern-principal-id": authContext.principalId,
136
+ "x-lucern-principal-type": authContext.principalType,
137
+ "x-lucern-tenant": authContext.tenantId,
138
+ "x-lucern-tenant-id": authContext.tenantId,
139
+ "x-lucern-workspace": authContext.workspaceId,
140
+ "x-lucern-workspace-id": authContext.workspaceId,
141
+ "x-lucern-auth-mode": authContext.authMode,
142
+ "x-lucern-roles": authContext.roles.join(","),
143
+ "x-lucern-scopes": authContext.scopes.join(","),
144
+ "x-lucern-permit-context": JSON.stringify(authContext.permit)
145
+ };
146
+ if (authContext.clerkId) {
147
+ headers["x-lucern-clerk-id"] = authContext.clerkId;
148
+ headers["x-lucern-user-id"] = authContext.clerkId;
149
+ }
150
+ if (authContext.delegationChain.length > 0) {
151
+ headers["x-lucern-delegation-chain"] = JSON.stringify(
152
+ authContext.delegationChain
153
+ );
154
+ }
155
+ if (authContext.policyTraceId) {
156
+ headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
157
+ }
158
+ if (authContext.correlationId) {
159
+ headers["x-correlation-id"] = authContext.correlationId;
160
+ headers["x-lucern-correlation-id"] = authContext.correlationId;
161
+ }
162
+ if (authContext.membershipId) {
163
+ headers["x-lucern-membership-id"] = authContext.membershipId;
164
+ }
165
+ return headers;
166
+ }
167
+
1
168
  // src/coreClient.ts
2
169
  var LucernApiError = class extends Error {
3
170
  code;
@@ -154,16 +321,41 @@ function readPolicySummaryFromDetails(details) {
154
321
  }
155
322
  return null;
156
323
  }
324
+ async function resolveConfiguredAuthContext(authContext) {
325
+ if (typeof authContext === "function") {
326
+ return await authContext();
327
+ }
328
+ return authContext;
329
+ }
330
+ function mergeHeaderRecord(base, addition) {
331
+ const headers = new Headers(base);
332
+ for (const [key, value] of Object.entries(addition)) {
333
+ const existing = headers.get(key);
334
+ if (existing !== null && existing !== value) {
335
+ throw new LucernSdkAuthContextError(
336
+ "policy_denied",
337
+ `Canonical Lucern SDK auth context conflicts with existing ${key} header.`
338
+ );
339
+ }
340
+ headers.set(key, value);
341
+ }
342
+ return Object.fromEntries(headers.entries());
343
+ }
157
344
  function createGatewayRequestClient(config = {}) {
158
345
  const fetchImpl = config.fetchImpl ?? fetch;
159
346
  const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
160
347
  const maxRetries = config.maxRetries ?? 2;
161
348
  const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
162
349
  async function resolveAuthHeaders() {
163
- if (!config.getAuthHeaders) {
164
- return {};
350
+ const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
351
+ const authContextInput = await resolveConfiguredAuthContext(
352
+ config.authContext
353
+ );
354
+ if (!authContextInput && !config.requireCanonicalAuthContext) {
355
+ return base;
165
356
  }
166
- return await config.getAuthHeaders();
357
+ const authContext = normalizeCanonicalLucernAuthContext(authContextInput);
358
+ return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));
167
359
  }
168
360
  async function fetchWithTimeout(url, init, timeoutMs) {
169
361
  const controller = new AbortController();
@@ -338,24 +530,24 @@ function createGatewayRequestClient(config = {}) {
338
530
  function asRecord(value) {
339
531
  return value && typeof value === "object" ? value : {};
340
532
  }
341
- function cleanString(value) {
533
+ function cleanString2(value) {
342
534
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
343
535
  }
344
536
  function cloneWith(value, patch) {
345
537
  return { ...value, ...patch };
346
538
  }
347
539
  function resolveTopicId(value) {
348
- return cleanString(value.topicId);
540
+ return cleanString2(value.topicId);
349
541
  }
350
542
  function withTopicAlias(value) {
351
- const topicId = cleanString(value.topicId) ?? void 0;
543
+ const topicId = cleanString2(value.topicId) ?? void 0;
352
544
  if (!topicId) {
353
545
  return value;
354
546
  }
355
547
  return cloneWith(value, { topicId });
356
548
  }
357
549
  function withTextAlias(value) {
358
- const text = cleanString(value.text) ?? cleanString(value.canonicalText) ?? void 0;
550
+ const text = cleanString2(value.text) ?? cleanString2(value.canonicalText) ?? void 0;
359
551
  if (!text) {
360
552
  return value;
361
553
  }
@@ -365,7 +557,7 @@ function withSdkAliases(value) {
365
557
  return withTopicAlias(withTextAlias(value));
366
558
  }
367
559
  function normalizeTopicQuery(value) {
368
- const topicId = cleanString(value.topicId);
560
+ const topicId = cleanString2(value.topicId);
369
561
  if (!topicId) {
370
562
  return value;
371
563
  }