@lucern/sdk 0.3.0-alpha.8 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (155) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/README.md +60 -1
  3. package/dist/accessControl.d.ts +79 -0
  4. package/dist/accessControl.js +1270 -0
  5. package/dist/accessControl.js.map +1 -0
  6. package/dist/adminClient.js +19 -1
  7. package/dist/adminClient.js.map +1 -1
  8. package/dist/answersClient.js +19 -1
  9. package/dist/answersClient.js.map +1 -1
  10. package/dist/audiencesClient.js +19 -1
  11. package/dist/audiencesClient.js.map +1 -1
  12. package/dist/auditClient.js +19 -1
  13. package/dist/auditClient.js.map +1 -1
  14. package/dist/authContext.d.ts +2 -2
  15. package/dist/authContext.js.map +1 -1
  16. package/dist/beliefs/index.d.ts +3 -0
  17. package/dist/beliefs/index.js +1212 -667
  18. package/dist/beliefs/index.js.map +1 -1
  19. package/dist/beliefsClient.js +19 -1
  20. package/dist/beliefsClient.js.map +1 -1
  21. package/dist/client.d.ts +147 -68
  22. package/dist/client.js +1212 -667
  23. package/dist/client.js.map +1 -1
  24. package/dist/clientHelpers.d.ts +21 -2
  25. package/dist/clientHelpers.js +16 -1
  26. package/dist/clientHelpers.js.map +1 -1
  27. package/dist/contextClient.js +19 -1
  28. package/dist/contextClient.js.map +1 -1
  29. package/dist/contracts/api-enums.contract.d.ts +1 -1
  30. package/dist/contracts/api-enums.contract.js +6 -1
  31. package/dist/contracts/api-enums.contract.js.map +1 -1
  32. package/dist/contracts/auth-session.contract.d.ts +1 -1
  33. package/dist/contracts/auth-session.contract.js +14 -2
  34. package/dist/contracts/auth-session.contract.js.map +1 -1
  35. package/dist/contracts/index.js +26 -3
  36. package/dist/contracts/index.js.map +1 -1
  37. package/dist/contracts/mcpTools.js +6 -0
  38. package/dist/contracts/mcpTools.js.map +1 -1
  39. package/dist/contradictions/index.d.ts +3 -0
  40. package/dist/contradictions/index.js +1212 -667
  41. package/dist/contradictions/index.js.map +1 -1
  42. package/dist/control-plane.d.ts +69 -0
  43. package/dist/control-plane.js +674 -0
  44. package/dist/control-plane.js.map +1 -0
  45. package/dist/coreClient.d.ts +17 -1
  46. package/dist/coreClient.js +19 -1
  47. package/dist/coreClient.js.map +1 -1
  48. package/dist/decisions/index.d.ts +3 -0
  49. package/dist/decisions/index.js +1212 -667
  50. package/dist/decisions/index.js.map +1 -1
  51. package/dist/decisionsClient.js +19 -1
  52. package/dist/decisionsClient.js.map +1 -1
  53. package/dist/edges/index.d.ts +27 -84
  54. package/dist/edges/index.js +1212 -667
  55. package/dist/edges/index.js.map +1 -1
  56. package/dist/embeddingsClient.js +19 -1
  57. package/dist/embeddingsClient.js.map +1 -1
  58. package/dist/eventingClient.js +19 -1
  59. package/dist/eventingClient.js.map +1 -1
  60. package/dist/eventsCore.js +19 -1
  61. package/dist/eventsCore.js.map +1 -1
  62. package/dist/evidence/index.d.ts +3 -0
  63. package/dist/evidence/index.js +1212 -667
  64. package/dist/evidence/index.js.map +1 -1
  65. package/dist/evidenceClient.js +19 -1
  66. package/dist/evidenceClient.js.map +1 -1
  67. package/dist/functionSurface.d.ts +16 -1
  68. package/dist/functionSurface.js +95 -2
  69. package/dist/functionSurface.js.map +1 -1
  70. package/dist/functionSurfaceClient.js +95 -2
  71. package/dist/functionSurfaceClient.js.map +1 -1
  72. package/dist/gatewayFacades.d.ts +29 -2
  73. package/dist/gatewayFacades.js +156 -8
  74. package/dist/gatewayFacades.js.map +1 -1
  75. package/dist/graphAnalysisClient.js +19 -1
  76. package/dist/graphAnalysisClient.js.map +1 -1
  77. package/dist/graphClient.d.ts +1 -0
  78. package/dist/graphClient.js +19 -1
  79. package/dist/graphClient.js.map +1 -1
  80. package/dist/graphIntel.d.ts +1 -0
  81. package/dist/graphRecommendationsClient.js +19 -1
  82. package/dist/graphRecommendationsClient.js.map +1 -1
  83. package/dist/graphStateClassifierClient.js +19 -1
  84. package/dist/graphStateClassifierClient.js.map +1 -1
  85. package/dist/harnessClient.js +19 -1
  86. package/dist/harnessClient.js.map +1 -1
  87. package/dist/identityClient.d.ts +19 -1
  88. package/dist/identityClient.js +152 -6
  89. package/dist/identityClient.js.map +1 -1
  90. package/dist/index.d.ts +5 -1
  91. package/dist/index.js +1428 -799
  92. package/dist/index.js.map +1 -1
  93. package/dist/infisicalRuntime.d.ts +1 -0
  94. package/dist/infisicalRuntime.js +64 -32
  95. package/dist/infisicalRuntime.js.map +1 -1
  96. package/dist/jobsClient.js +19 -1
  97. package/dist/jobsClient.js.map +1 -1
  98. package/dist/learningClient.js +19 -1
  99. package/dist/learningClient.js.map +1 -1
  100. package/dist/lenses/index.d.ts +3 -0
  101. package/dist/lenses/index.js +1212 -667
  102. package/dist/lenses/index.js.map +1 -1
  103. package/dist/mcpClient.js +21 -2
  104. package/dist/mcpClient.js.map +1 -1
  105. package/dist/modelRuntimeClient.js +19 -1
  106. package/dist/modelRuntimeClient.js.map +1 -1
  107. package/dist/nodes/index.d.ts +22 -15
  108. package/dist/nodes/index.js +1212 -667
  109. package/dist/nodes/index.js.map +1 -1
  110. package/dist/ontologies/index.d.ts +3 -0
  111. package/dist/ontologies/index.js +1212 -667
  112. package/dist/ontologies/index.js.map +1 -1
  113. package/dist/ontologyClient.js +19 -1
  114. package/dist/ontologyClient.js.map +1 -1
  115. package/dist/ontologyLinksClient.js +19 -1
  116. package/dist/ontologyLinksClient.js.map +1 -1
  117. package/dist/orgGraphSearchClient.js +19 -1
  118. package/dist/orgGraphSearchClient.js.map +1 -1
  119. package/dist/packsClient.js +19 -1
  120. package/dist/packsClient.js.map +1 -1
  121. package/dist/policyClient.js +19 -1
  122. package/dist/policyClient.js.map +1 -1
  123. package/dist/questions/index.d.ts +3 -0
  124. package/dist/questions/index.js +1212 -667
  125. package/dist/questions/index.js.map +1 -1
  126. package/dist/reportsClient.js +19 -1
  127. package/dist/reportsClient.js.map +1 -1
  128. package/dist/schemaClient.js +19 -1
  129. package/dist/schemaClient.js.map +1 -1
  130. package/dist/secrets.d.ts +1 -0
  131. package/dist/secrets.js +3 -0
  132. package/dist/secrets.js.map +1 -0
  133. package/dist/sourcesClient.js +19 -1
  134. package/dist/sourcesClient.js.map +1 -1
  135. package/dist/telemetryClient.js +19 -1
  136. package/dist/telemetryClient.js.map +1 -1
  137. package/dist/toolRegistryClient.js +19 -1
  138. package/dist/toolRegistryClient.js.map +1 -1
  139. package/dist/topics/index.d.ts +12 -3
  140. package/dist/topics/index.js +1214 -667
  141. package/dist/topics/index.js.map +1 -1
  142. package/dist/topicsClient.d.ts +2 -0
  143. package/dist/topicsClient.js +19 -1
  144. package/dist/topicsClient.js.map +1 -1
  145. package/dist/types.d.ts +17 -0
  146. package/dist/version.d.ts +1 -1
  147. package/dist/version.js +1 -1
  148. package/dist/version.js.map +1 -1
  149. package/dist/workflowClient.d.ts +2 -0
  150. package/dist/workflowClient.js +19 -1
  151. package/dist/workflowClient.js.map +1 -1
  152. package/dist/worktrees/index.d.ts +3 -0
  153. package/dist/worktrees/index.js +1212 -667
  154. package/dist/worktrees/index.js.map +1 -1
  155. package/package.json +9 -4
package/dist/client.js CHANGED
@@ -32,14 +32,14 @@ function requireString(value, reason, label) {
32
32
  }
33
33
  return normalized;
34
34
  }
35
- function requirePrincipalType(principalType) {
36
- if (!principalType) {
35
+ function requirePrincipalType(principalType2) {
36
+ if (!principalType2) {
37
37
  throw new LucernSdkAuthContextError(
38
38
  "principal_missing",
39
39
  "Canonical Lucern SDK auth context is missing principalType."
40
40
  );
41
41
  }
42
- return principalType;
42
+ return principalType2;
43
43
  }
44
44
  function requireAuthMode(authMode) {
45
45
  if (!authMode) {
@@ -85,7 +85,7 @@ function normalizeCanonicalLucernAuthContext(input) {
85
85
  );
86
86
  const roles = cleanStringList(input.roles);
87
87
  const scopes = cleanStringList(input.scopes);
88
- const principalType = requirePrincipalType(input.principalType);
88
+ const principalType2 = requirePrincipalType(input.principalType);
89
89
  const authMode = requireAuthMode(input.authMode);
90
90
  const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
91
91
  if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
@@ -114,7 +114,7 @@ function normalizeCanonicalLucernAuthContext(input) {
114
114
  principalId,
115
115
  tenantId,
116
116
  workspaceId,
117
- principalType,
117
+ principalType: principalType2,
118
118
  authMode,
119
119
  roles,
120
120
  scopes,
@@ -345,13 +345,31 @@ function mergeHeaderRecord(base, addition) {
345
345
  }
346
346
  return Object.fromEntries(headers.entries());
347
347
  }
348
+ function cleanHeaderValue(value) {
349
+ const normalized = value?.trim();
350
+ return normalized ? normalized : void 0;
351
+ }
348
352
  function createGatewayRequestClient(config = {}) {
349
353
  const fetchImpl = config.fetchImpl ?? fetch;
350
354
  const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
351
355
  const maxRetries = config.maxRetries ?? 2;
352
356
  const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
353
357
  async function resolveAuthHeaders() {
354
- const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
358
+ const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};
359
+ const headers = new Headers(provided);
360
+ const setIfAbsent = (name, value) => {
361
+ const normalized = cleanHeaderValue(value);
362
+ if (normalized && !headers.has(name)) {
363
+ headers.set(name, normalized);
364
+ }
365
+ };
366
+ setIfAbsent("x-lucern-key", config.apiKey);
367
+ setIfAbsent("x-lucern-session-token", config.userToken);
368
+ setIfAbsent("x-lucern-environment", config.environment);
369
+ setIfAbsent("x-lucern-clerk-id", config.clerkId);
370
+ setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
371
+ setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
372
+ const base = Object.fromEntries(headers.entries());
355
373
  const authContextInput = await resolveConfiguredAuthContext(
356
374
  config.authContext
357
375
  );
@@ -1048,208 +1066,929 @@ function createAdminClient(config = {}) {
1048
1066
  };
1049
1067
  }
1050
1068
 
1051
- // src/answersClient.ts
1052
- function createAnswersClient(config = {}) {
1053
- const gateway = createGatewayRequestClient(config);
1069
+ // src/boundaryClientSurface.ts
1070
+ function cleanOptionalString(value) {
1071
+ const normalized = value?.trim();
1072
+ return normalized ? normalized : void 0;
1073
+ }
1074
+ function isRecord3(value) {
1075
+ return Boolean(value) && typeof value === "object" && !Array.isArray(value);
1076
+ }
1077
+ function cleanRequiredString(value, label) {
1078
+ const normalized = cleanOptionalString(value);
1079
+ if (!normalized) {
1080
+ throw new Error(`${label} is required`);
1081
+ }
1082
+ return normalized;
1083
+ }
1084
+ function readTopicId(input) {
1085
+ return cleanOptionalString(input.topicId) ?? cleanOptionalString(input.projectId);
1086
+ }
1087
+ function requireTopicId(input) {
1088
+ const topicId = readTopicId(input);
1089
+ if (!topicId) {
1090
+ throw new Error("topicId is required");
1091
+ }
1092
+ return topicId;
1093
+ }
1094
+ function assertKnownKeys(input, allowed, operation) {
1095
+ const allowedSet = new Set(allowed);
1096
+ const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1097
+ if (unknownKeys.length > 0) {
1098
+ throw new Error(
1099
+ `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1100
+ );
1101
+ }
1102
+ }
1103
+ function knownPayload(input, allowed, operation) {
1104
+ assertKnownKeys(input, allowed, operation);
1105
+ return { ...input };
1106
+ }
1107
+ function topicPayload(input, allowed, operation) {
1108
+ assertKnownKeys(input, allowed, operation);
1054
1109
  return {
1055
- /**
1056
- * Get the current answer for a question.
1057
- * @param questionId - The question node identifier.
1058
- * @returns The answer record for the given question.
1059
- */
1060
- async get(questionId) {
1061
- return gateway.request({
1062
- path: `/api/platform/v1/questions/${encodeURIComponent(questionId)}/answer`
1063
- });
1064
- }
1110
+ ...input,
1111
+ topicId: requireTopicId(input),
1112
+ projectId: void 0
1065
1113
  };
1066
1114
  }
1115
+ function listResultFromEnvelope(data, legacyKey) {
1116
+ const record = isRecord3(data) ? data : {};
1117
+ const legacyItems = record[legacyKey];
1118
+ return createListResult(
1119
+ Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
1120
+ legacyKey
1121
+ );
1122
+ }
1067
1123
 
1068
- // src/audiencesClient.ts
1069
- function createAudiencesClient(config = {}) {
1070
- const gateway = createGatewayRequestClient(config);
1071
- const listRegistry = async (query5 = {}) => {
1072
- return gateway.request({
1073
- path: `/api/platform/v1/audiences/registry${toQueryString({
1074
- ...query5,
1075
- effective: typeof query5.effective === "boolean" ? query5.effective ? "true" : "false" : void 0,
1076
- status: query5.status
1077
- })}`
1078
- }).then(
1079
- (response) => mapGatewayData(
1080
- response,
1081
- (data) => createListResult(Array.isArray(data) ? data : [], "registryEntries")
1082
- )
1083
- );
1084
- };
1085
- const createRegistryEntry = async (input, idempotencyKey) => {
1086
- return gateway.request({
1087
- path: "/api/platform/v1/audiences/registry",
1088
- method: "POST",
1089
- body: input,
1090
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1091
- });
1092
- };
1093
- const updateRegistryEntry = createRegistryEntry;
1094
- const upsertRegistry = createRegistryEntry;
1095
- const getRegistry = listRegistry;
1096
- const listGrants = async (query5 = {}) => {
1097
- return gateway.request({
1098
- path: `/api/platform/v1/audiences/grants${toQueryString({
1099
- ...query5,
1100
- audienceKey: query5.audienceKey,
1101
- principalId: query5.principalId,
1102
- groupId: query5.groupId,
1103
- status: query5.status
1104
- })}`
1105
- }).then(
1106
- (response) => mapGatewayData(
1107
- response,
1108
- (data) => createListResult(Array.isArray(data) ? data : [], "grants")
1109
- )
1110
- );
1111
- };
1112
- const createGrant = async (input, idempotencyKey) => {
1113
- return gateway.request({
1114
- path: "/api/platform/v1/audiences/grants",
1115
- method: "POST",
1116
- body: input,
1117
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1118
- });
1119
- };
1120
- const getGrants = listGrants;
1121
- const grant = createGrant;
1122
- const deleteGrant = async (input, idempotencyKey) => {
1123
- return gateway.request({
1124
- path: "/api/platform/v1/audiences/grants/revoke",
1125
- method: "POST",
1126
- body: input,
1127
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1124
+ // src/control-plane.ts
1125
+ var LucernControlPlaneIdentityError = class extends Error {
1126
+ reason;
1127
+ principalStatus;
1128
+ tenantStatus;
1129
+ workspaceStatus;
1130
+ details;
1131
+ constructor(failure) {
1132
+ super(failure.message);
1133
+ this.name = "LucernControlPlaneIdentityError";
1134
+ this.reason = failure.reason;
1135
+ this.principalStatus = failure.principalStatus;
1136
+ this.tenantStatus = failure.tenantStatus;
1137
+ this.workspaceStatus = failure.workspaceStatus;
1138
+ this.details = failure.details;
1139
+ }
1140
+ };
1141
+ function cleanString3(value) {
1142
+ return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
1143
+ }
1144
+ function stringList(value) {
1145
+ if (!Array.isArray(value)) {
1146
+ return [];
1147
+ }
1148
+ return [
1149
+ ...new Set(
1150
+ value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
1151
+ )
1152
+ ];
1153
+ }
1154
+ function principalType(value) {
1155
+ switch (value) {
1156
+ case "service":
1157
+ case "service_principal":
1158
+ return "service";
1159
+ case "agent":
1160
+ return "agent";
1161
+ case "group":
1162
+ return "group";
1163
+ case "external_viewer":
1164
+ case "external_stakeholder":
1165
+ return "external_viewer";
1166
+ default:
1167
+ return "human";
1168
+ }
1169
+ }
1170
+ function adminFlags(roles) {
1171
+ const normalized = roles.map((role) => role.toLowerCase());
1172
+ const isPlatformAdmin = normalized.includes("platform_admin");
1173
+ const isTenantAdmin = isPlatformAdmin || normalized.includes("tenant_admin");
1174
+ const isWorkspaceAdmin = isTenantAdmin || normalized.includes("workspace_admin") || normalized.includes("workspace_owner");
1175
+ return { isPlatformAdmin, isTenantAdmin, isWorkspaceAdmin };
1176
+ }
1177
+ function normalizeResolvedInteractivePrincipal(payload) {
1178
+ if ("ok" in payload && payload.ok === false) {
1179
+ throw new LucernControlPlaneIdentityError(payload);
1180
+ }
1181
+ const principalId = cleanString3(payload.principalId);
1182
+ const clerkId = cleanString3(payload.clerkId);
1183
+ const tenantId = cleanString3(payload.tenantId);
1184
+ if (!principalId || !clerkId || !tenantId) {
1185
+ throw new LucernControlPlaneIdentityError({
1186
+ ok: false,
1187
+ reason: "resolver_unavailable",
1188
+ message: "Control-plane principal resolver returned an incomplete principal context.",
1189
+ principalStatus: payload.principalStatus ?? "missing",
1190
+ tenantStatus: payload.tenantStatus,
1191
+ workspaceStatus: payload.workspaceStatus
1128
1192
  });
1129
- };
1130
- const revokeGrant = deleteGrant;
1193
+ }
1194
+ const roles = stringList(payload.roles);
1195
+ const scopes = stringList(payload.scopes);
1196
+ const workspaceId = cleanString3(payload.workspaceId) ?? null;
1197
+ const flags = adminFlags(roles);
1131
1198
  return {
1132
- /**
1133
- * List audience registry entries.
1134
- */
1135
- listRegistry,
1136
- /**
1137
- * @deprecated Use listRegistry.
1138
- */
1139
- getRegistry,
1140
- /**
1141
- * Create an audience registry entry.
1142
- */
1143
- createRegistryEntry,
1144
- /**
1145
- * Update an audience registry entry.
1146
- */
1147
- updateRegistryEntry,
1148
- /**
1149
- * @deprecated Use createRegistryEntry or updateRegistryEntry.
1150
- */
1151
- upsertRegistry,
1152
- /**
1153
- * List audience grants.
1154
- */
1155
- listGrants,
1156
- /**
1157
- * @deprecated Use listGrants.
1158
- */
1159
- getGrants,
1160
- /**
1161
- * Create an audience grant.
1162
- */
1163
- createGrant,
1164
- /**
1165
- * @deprecated Use createGrant.
1166
- */
1167
- grant,
1168
- /**
1169
- * Delete an audience grant by revoking it.
1170
- */
1171
- deleteGrant,
1172
- /**
1173
- * @deprecated Use deleteGrant.
1174
- */
1175
- revokeGrant
1199
+ principalId,
1200
+ principalType: principalType(payload.principalType),
1201
+ clerkId,
1202
+ tenantId,
1203
+ workspaceId,
1204
+ roles,
1205
+ scopes,
1206
+ groupIds: stringList(payload.groupIds),
1207
+ permittedToolNames: stringList(payload.permittedToolNames),
1208
+ permittedPackKeys: stringList(payload.permittedPackKeys),
1209
+ principalStatus: cleanString3(payload.principalStatus) ?? "active",
1210
+ tenantStatus: cleanString3(payload.tenantStatus) ?? "active",
1211
+ workspaceStatus: cleanString3(payload.workspaceStatus) ?? (workspaceId ? "active" : "none"),
1212
+ isPlatformAdmin: typeof payload.isPlatformAdmin === "boolean" ? payload.isPlatformAdmin : flags.isPlatformAdmin,
1213
+ isTenantAdmin: typeof payload.isTenantAdmin === "boolean" ? payload.isTenantAdmin : flags.isTenantAdmin,
1214
+ isWorkspaceAdmin: typeof payload.isWorkspaceAdmin === "boolean" ? payload.isWorkspaceAdmin : flags.isWorkspaceAdmin,
1215
+ permit: {
1216
+ subject: cleanString3(payload.permit?.subject) ?? principalId,
1217
+ tenant: cleanString3(payload.permit?.tenant) ?? tenantId,
1218
+ ...workspaceId ? { workspace: cleanString3(payload.permit?.workspace) ?? workspaceId } : {}
1219
+ },
1220
+ authMode: "interactive_user",
1221
+ sessionId: payload.sessionId,
1222
+ delegatedBy: payload.delegatedBy,
1223
+ expiresAt: payload.expiresAt
1176
1224
  };
1177
1225
  }
1178
-
1179
- // src/auditClient.ts
1180
- function createAuditClient(config = {}) {
1226
+ function createControlPlaneIdentityClient(config = {}) {
1181
1227
  const gateway = createGatewayRequestClient(config);
1182
1228
  return {
1183
- /**
1184
- * List audit events for the current scope.
1185
- */
1186
- async listEvents(query5 = {}) {
1229
+ async resolveInteractivePrincipal(input) {
1187
1230
  return gateway.request({
1188
- path: `/api/platform/v1/audit/events${toQueryString(
1189
- normalizeTopicQuery(query5)
1190
- )}`
1231
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1232
+ method: "POST",
1233
+ body: input
1191
1234
  }).then(
1192
- (response) => mapGatewayData(
1193
- response,
1194
- (data) => createListResult(Array.isArray(data) ? data : [], "events")
1195
- )
1235
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1196
1236
  );
1197
1237
  }
1198
1238
  };
1199
1239
  }
1200
-
1201
- // src/authDeviceClient.ts
1202
- var DeviceAuthorizationError = class extends Error {
1203
- error;
1204
- interval;
1205
- constructor(args) {
1206
- super(args.description ?? args.error);
1207
- this.name = "DeviceAuthorizationError";
1208
- this.error = args.error;
1209
- this.interval = args.interval;
1210
- }
1211
- };
1212
- function authBaseUrl(config) {
1213
- return config.baseUrl?.replace(/\/+$/, "") ?? "";
1214
- }
1215
- async function readJson(response) {
1216
- try {
1217
- const payload = await response.json();
1218
- return isRecord3(payload) ? payload : {};
1219
- } catch (error) {
1220
- return unreadableJsonBodyFallback();
1221
- }
1222
- }
1223
- function unreadableJsonBodyFallback(_error) {
1224
- return {};
1225
- }
1226
- function isRecord3(value) {
1227
- return value !== null && typeof value === "object" && !Array.isArray(value);
1228
- }
1229
- function readString(value) {
1230
- const normalized = typeof value === "string" ? value.trim() : "";
1231
- return normalized || void 0;
1232
- }
1233
- function assertDeviceCodeResponse(payload) {
1234
- const deviceCode = readString(payload.device_code);
1235
- const userCode = readString(payload.user_code);
1236
- const verificationUri = readString(payload.verification_uri);
1237
- const verificationUriComplete = readString(payload.verification_uri_complete);
1238
- const expiresIn = payload.expires_in;
1239
- const interval = payload.interval;
1240
- if (!deviceCode || !userCode || !verificationUri || !verificationUriComplete || typeof expiresIn !== "number" || typeof interval !== "number") {
1241
- throw new Error("Gateway returned an invalid device-code response.");
1242
- }
1240
+ function createControlPlaneClient(config = {}) {
1243
1241
  return {
1244
- device_code: deviceCode,
1245
- user_code: userCode,
1246
- verification_uri: verificationUri,
1247
- verification_uri_complete: verificationUriComplete,
1248
- expires_in: expiresIn,
1249
- interval
1242
+ identity: createControlPlaneIdentityClient(config)
1250
1243
  };
1251
1244
  }
1252
- function assertDeviceTokenResponse(payload) {
1245
+
1246
+ // src/identityClient.ts
1247
+ function createIdentityWhoamiClient(config = {}) {
1248
+ const gateway = createGatewayRequestClient(config);
1249
+ return {
1250
+ async whoami() {
1251
+ return gateway.request({
1252
+ path: "/api/platform/v1/identity/whoami"
1253
+ });
1254
+ }
1255
+ };
1256
+ }
1257
+ var TENANT_IDENTITY_FIELDS = [
1258
+ "tenantId",
1259
+ "workspaceId",
1260
+ "principalId",
1261
+ "integrationKey",
1262
+ "secretRef",
1263
+ "policySubject",
1264
+ "policyAction",
1265
+ "policyResource",
1266
+ "decision",
1267
+ "config",
1268
+ "configKey",
1269
+ "configValue",
1270
+ "provider",
1271
+ "status",
1272
+ "metadata",
1273
+ "limit",
1274
+ "cursor"
1275
+ ];
1276
+ function tenantIdentityQuery(input) {
1277
+ return {
1278
+ tenantId: cleanRequiredString(input.tenantId, "tenantId"),
1279
+ workspaceId: input.workspaceId,
1280
+ principalId: input.principalId,
1281
+ limit: input.limit,
1282
+ cursor: input.cursor
1283
+ };
1284
+ }
1285
+ function tenantIdentityBody(input, operation) {
1286
+ return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
1287
+ }
1288
+ function createIdentityClient(config = {}) {
1289
+ const gateway = createGatewayRequestClient(config);
1290
+ const whoamiClient = createIdentityWhoamiClient(config);
1291
+ const requestPrincipalWrite = (method, input, idempotencyKey) => gateway.request({
1292
+ path: "/api/platform/v1/identity/principals",
1293
+ method,
1294
+ body: input,
1295
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1296
+ });
1297
+ const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
1298
+ const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
1299
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
1300
+ method: "POST",
1301
+ body: input,
1302
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1303
+ });
1304
+ return {
1305
+ /**
1306
+ * Resolve the current authenticated identity summary.
1307
+ */
1308
+ async whoami() {
1309
+ return whoamiClient.whoami().then(
1310
+ (response) => mapGatewayData(response, (data) => ({
1311
+ principalId: data.principalId,
1312
+ principalType: data.principalType,
1313
+ clerkId: data.clerkId,
1314
+ tenantId: data.tenantId ?? null,
1315
+ workspaceId: data.workspaceId ?? null,
1316
+ scopes: Array.isArray(data.scopes) ? data.scopes : [],
1317
+ roles: Array.isArray(data.roles) ? data.roles : [],
1318
+ groupIds: Array.isArray(data.groupIds) ? data.groupIds : [],
1319
+ permittedToolNames: Array.isArray(data.permittedToolNames) ? data.permittedToolNames : [],
1320
+ permittedPackKeys: Array.isArray(data.permittedPackKeys) ? data.permittedPackKeys : [],
1321
+ principalStatus: data.principalStatus,
1322
+ tenantStatus: data.tenantStatus,
1323
+ workspaceStatus: data.workspaceStatus,
1324
+ isPlatformAdmin: data.isPlatformAdmin === true,
1325
+ isTenantAdmin: data.isTenantAdmin === true,
1326
+ isWorkspaceAdmin: data.isWorkspaceAdmin === true,
1327
+ permit: data.permit ?? (data.tenantId ? {
1328
+ subject: data.principalId,
1329
+ tenant: data.tenantId,
1330
+ ...data.workspaceId ? { workspace: data.workspaceId } : {}
1331
+ } : void 0),
1332
+ authMode: data.authMode,
1333
+ sessionId: data.sessionId,
1334
+ delegatedBy: data.delegatedBy,
1335
+ expiresAt: data.expiresAt
1336
+ }))
1337
+ );
1338
+ },
1339
+ /**
1340
+ * Resolve a Clerk subject through the tenant control-plane Permit projection.
1341
+ * @deprecated Prefer lucern.controlPlane.identity.resolveInteractivePrincipal().
1342
+ */
1343
+ async resolveInteractivePrincipal(input) {
1344
+ return gateway.request({
1345
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1346
+ method: "POST",
1347
+ body: input
1348
+ }).then(
1349
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1350
+ );
1351
+ },
1352
+ /**
1353
+ * List principals in the current identity scope.
1354
+ */
1355
+ async listPrincipals(query5 = {}) {
1356
+ return gateway.request({
1357
+ path: `/api/platform/v1/identity/principals${toQueryString(query5)}`
1358
+ }).then(
1359
+ (response) => mapGatewayData(
1360
+ response,
1361
+ (data) => createListResult(
1362
+ Array.isArray(data) ? data : [],
1363
+ "principals"
1364
+ )
1365
+ )
1366
+ );
1367
+ },
1368
+ /**
1369
+ * Create a principal.
1370
+ */
1371
+ async createPrincipal(input, idempotencyKey) {
1372
+ return requestPrincipalWrite("POST", input, idempotencyKey);
1373
+ },
1374
+ /**
1375
+ * Update a principal.
1376
+ */
1377
+ updatePrincipal,
1378
+ /**
1379
+ * @deprecated Use createPrincipal or updatePrincipal.
1380
+ */
1381
+ upsertPrincipal: updatePrincipal,
1382
+ /**
1383
+ * List keys in the current identity scope.
1384
+ */
1385
+ async listKeys(query5 = {}) {
1386
+ return gateway.request({
1387
+ path: `/api/platform/v1/identity/keys${toQueryString(query5)}`
1388
+ }).then(
1389
+ (response) => mapGatewayData(
1390
+ response,
1391
+ (data) => createListResult(Array.isArray(data) ? data : [], "keys")
1392
+ )
1393
+ );
1394
+ },
1395
+ /**
1396
+ * Create an API key.
1397
+ */
1398
+ async createKey(input, idempotencyKey) {
1399
+ return gateway.request({
1400
+ path: "/api/platform/v1/identity/keys",
1401
+ method: "POST",
1402
+ body: input,
1403
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1404
+ });
1405
+ },
1406
+ /**
1407
+ * Rotate an API key.
1408
+ */
1409
+ async rotateKey(keyId, input = {}, idempotencyKey) {
1410
+ return gateway.request({
1411
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/rotate`,
1412
+ method: "POST",
1413
+ body: input,
1414
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1415
+ });
1416
+ },
1417
+ /**
1418
+ * Delete an API key by revoking it.
1419
+ */
1420
+ deleteKey,
1421
+ /**
1422
+ * @deprecated Use deleteKey.
1423
+ */
1424
+ revokeKey: deleteKey,
1425
+ /**
1426
+ * Search Clerk users by email or display attributes.
1427
+ */
1428
+ async searchClerkUsers(q) {
1429
+ return gateway.request({
1430
+ path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
1431
+ });
1432
+ },
1433
+ async getTenantConfig(input) {
1434
+ return gateway.request({
1435
+ path: `/api/platform/v1/identity/tenant-config${toQueryString(
1436
+ tenantIdentityQuery(input)
1437
+ )}`
1438
+ });
1439
+ },
1440
+ async updateTenantConfig(input, idempotencyKey) {
1441
+ cleanRequiredString(input.tenantId, "tenantId");
1442
+ return gateway.request({
1443
+ path: "/api/platform/v1/identity/tenant-config",
1444
+ method: "PATCH",
1445
+ body: tenantIdentityBody(
1446
+ input,
1447
+ "identity.updateTenantConfig"
1448
+ ),
1449
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1450
+ });
1451
+ },
1452
+ async listIntegrations(input) {
1453
+ return gateway.request({
1454
+ path: `/api/platform/v1/identity/integrations${toQueryString(
1455
+ tenantIdentityQuery(input)
1456
+ )}`
1457
+ }).then(
1458
+ (response) => mapGatewayData(
1459
+ response,
1460
+ (data) => listResultFromEnvelope(
1461
+ data,
1462
+ "integrations"
1463
+ )
1464
+ )
1465
+ );
1466
+ },
1467
+ async upsertIntegration(input, idempotencyKey) {
1468
+ cleanRequiredString(input.tenantId, "tenantId");
1469
+ cleanRequiredString(input.integrationKey, "integrationKey");
1470
+ return gateway.request({
1471
+ path: "/api/platform/v1/identity/integrations",
1472
+ method: "PUT",
1473
+ body: tenantIdentityBody(
1474
+ input,
1475
+ "identity.upsertIntegration"
1476
+ ),
1477
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1478
+ });
1479
+ },
1480
+ async listSecrets(input) {
1481
+ return gateway.request({
1482
+ path: `/api/platform/v1/identity/secrets${toQueryString(
1483
+ tenantIdentityQuery(input)
1484
+ )}`
1485
+ }).then(
1486
+ (response) => mapGatewayData(
1487
+ response,
1488
+ (data) => listResultFromEnvelope(
1489
+ data,
1490
+ "secrets"
1491
+ )
1492
+ )
1493
+ );
1494
+ },
1495
+ async putSecretReference(input, idempotencyKey) {
1496
+ cleanRequiredString(input.tenantId, "tenantId");
1497
+ cleanRequiredString(input.secretRef, "secretRef");
1498
+ return gateway.request({
1499
+ path: "/api/platform/v1/identity/secrets",
1500
+ method: "PUT",
1501
+ body: tenantIdentityBody(
1502
+ input,
1503
+ "identity.putSecretReference"
1504
+ ),
1505
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1506
+ });
1507
+ },
1508
+ async evaluatePolicy(input, idempotencyKey) {
1509
+ cleanRequiredString(input.tenantId, "tenantId");
1510
+ cleanRequiredString(input.policySubject, "policySubject");
1511
+ cleanRequiredString(input.policyAction, "policyAction");
1512
+ cleanRequiredString(input.policyResource, "policyResource");
1513
+ return gateway.request({
1514
+ path: "/api/platform/v1/identity/policy/evaluate",
1515
+ method: "POST",
1516
+ body: tenantIdentityBody(
1517
+ input,
1518
+ "identity.evaluatePolicy"
1519
+ ),
1520
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1521
+ });
1522
+ },
1523
+ async recordPolicyDecision(input, idempotencyKey) {
1524
+ cleanRequiredString(input.tenantId, "tenantId");
1525
+ cleanRequiredString(input.decision, "decision");
1526
+ return gateway.request({
1527
+ path: "/api/platform/v1/identity/policy/decisions",
1528
+ method: "POST",
1529
+ body: tenantIdentityBody(
1530
+ input,
1531
+ "identity.recordPolicyDecision"
1532
+ ),
1533
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1534
+ });
1535
+ }
1536
+ };
1537
+ }
1538
+
1539
+ // src/accessControl.ts
1540
+ var LucernAccessControlError = class extends LucernSdkAuthContextError {
1541
+ policyDecision;
1542
+ constructor(reason, message, policyDecision) {
1543
+ super(reason, message);
1544
+ this.name = "LucernAccessControlError";
1545
+ this.policyDecision = policyDecision;
1546
+ }
1547
+ };
1548
+ function cleanString4(value) {
1549
+ const normalized = value?.trim();
1550
+ return normalized ? normalized : void 0;
1551
+ }
1552
+ function cleanStringList2(values) {
1553
+ if (!values) {
1554
+ return [];
1555
+ }
1556
+ return [
1557
+ ...new Set(
1558
+ values.map((value) => value.trim()).filter((value) => value.length > 0)
1559
+ )
1560
+ ];
1561
+ }
1562
+ function requireString2(value, reason, label) {
1563
+ const normalized = cleanString4(value);
1564
+ if (!normalized) {
1565
+ throw new LucernAccessControlError(
1566
+ reason,
1567
+ `Lucern SDK access control requires ${label}.`
1568
+ );
1569
+ }
1570
+ return normalized;
1571
+ }
1572
+ function normalizePrincipalType(principalType2) {
1573
+ if (principalType2 === "agent") {
1574
+ return "agent";
1575
+ }
1576
+ if (principalType2 === "service") {
1577
+ return "service";
1578
+ }
1579
+ if (principalType2 === "group") {
1580
+ return "group";
1581
+ }
1582
+ if (principalType2 === "external_viewer") {
1583
+ return "external_viewer";
1584
+ }
1585
+ return "human";
1586
+ }
1587
+ function aliasKey(alias) {
1588
+ return `${alias.provider}:${alias.providerProjectId ?? ""}:${alias.externalSubjectId}`;
1589
+ }
1590
+ function normalizeAliases(input, canonicalClerkUserId) {
1591
+ const aliases = /* @__PURE__ */ new Map();
1592
+ for (const alias of input ?? []) {
1593
+ const externalSubjectId = cleanString4(alias.externalSubjectId);
1594
+ if (!externalSubjectId) {
1595
+ continue;
1596
+ }
1597
+ const normalized = {
1598
+ provider: cleanString4(alias.provider) ?? "clerk",
1599
+ providerProjectId: cleanString4(alias.providerProjectId),
1600
+ externalSubjectId,
1601
+ status: cleanString4(alias.status)
1602
+ };
1603
+ aliases.set(aliasKey(normalized), normalized);
1604
+ }
1605
+ if (canonicalClerkUserId) {
1606
+ const canonicalAlias = {
1607
+ provider: "clerk",
1608
+ externalSubjectId: canonicalClerkUserId,
1609
+ status: "active"
1610
+ };
1611
+ aliases.set(aliasKey(canonicalAlias), canonicalAlias);
1612
+ }
1613
+ return [...aliases.values()];
1614
+ }
1615
+ function isKnownClerkSubject(args) {
1616
+ if (args.clerkId === args.canonicalClerkUserId) {
1617
+ return true;
1618
+ }
1619
+ return args.aliases.some(
1620
+ (alias) => alias.provider === "clerk" && alias.externalSubjectId === args.clerkId
1621
+ );
1622
+ }
1623
+ function authContextToPrincipalInput(input) {
1624
+ const normalized = normalizeCanonicalLucernAuthContext(input);
1625
+ return {
1626
+ principalId: normalized.principalId,
1627
+ principalType: normalized.principalType,
1628
+ canonicalClerkUserId: normalized.clerkId,
1629
+ clerkId: normalized.clerkId,
1630
+ tenantId: normalized.tenantId,
1631
+ workspaceId: normalized.workspaceId,
1632
+ roles: normalized.roles,
1633
+ scopes: normalized.scopes
1634
+ };
1635
+ }
1636
+ function isAuthContextInput(input) {
1637
+ return "authMode" in input || "permit" in input || "delegationChain" in input;
1638
+ }
1639
+ function normalizeCanonicalPrincipalIdentity(input, options = {}) {
1640
+ const principalInput = isAuthContextInput(input) ? authContextToPrincipalInput(input) : input;
1641
+ const principalId = requireString2(
1642
+ principalInput.principalId,
1643
+ "principal_missing",
1644
+ "principalId"
1645
+ );
1646
+ const principalType2 = normalizePrincipalType(principalInput.principalType);
1647
+ const observedClerkId = cleanString4(options.observedClerkId);
1648
+ const canonicalClerkUserId = cleanString4(principalInput.canonicalClerkUserId) ?? cleanString4(principalInput.clerkId);
1649
+ if (principalType2 === "human" && !canonicalClerkUserId) {
1650
+ throw new LucernAccessControlError(
1651
+ "clerk_alias_missing",
1652
+ "Human principals require one canonical Clerk user id."
1653
+ );
1654
+ }
1655
+ const aliases = normalizeAliases(
1656
+ principalInput.clerkIdentityAliases,
1657
+ canonicalClerkUserId
1658
+ );
1659
+ if (observedClerkId && !isKnownClerkSubject({
1660
+ clerkId: observedClerkId,
1661
+ canonicalClerkUserId,
1662
+ aliases
1663
+ })) {
1664
+ throw new LucernAccessControlError(
1665
+ "clerk_alias_unrecognized",
1666
+ "Observed Clerk user id does not match the canonical human principal id."
1667
+ );
1668
+ }
1669
+ return {
1670
+ principalId,
1671
+ principalType: principalType2,
1672
+ canonicalClerkUserId,
1673
+ clerkIdentityAliases: aliases,
1674
+ tenantId: cleanString4(principalInput.tenantId),
1675
+ workspaceId: cleanString4(principalInput.workspaceId),
1676
+ roles: cleanStringList2(principalInput.roles),
1677
+ scopes: cleanStringList2(principalInput.scopes)
1678
+ };
1679
+ }
1680
+ function formatPermitResource(resource) {
1681
+ if (typeof resource === "string") {
1682
+ return requireString2(resource, "policy_denied", "policyResource");
1683
+ }
1684
+ const type = requireString2(resource.type, "policy_denied", "resource.type");
1685
+ const key = requireString2(resource.key, "policy_denied", "resource.key");
1686
+ return key.startsWith(`${type}:`) ? key : `${type}:${key}`;
1687
+ }
1688
+ function resourceRequiresWorkspace(resource) {
1689
+ if (typeof resource === "string") {
1690
+ return !resource.startsWith("tenant:");
1691
+ }
1692
+ return resource.type !== "tenant";
1693
+ }
1694
+ function buildPolicyInput(identity, input) {
1695
+ const tenantId = requireString2(
1696
+ input.tenantId ?? identity.tenantId,
1697
+ "tenant_missing",
1698
+ "tenantId"
1699
+ );
1700
+ const workspaceId = cleanString4(input.workspaceId ?? identity.workspaceId);
1701
+ if (resourceRequiresWorkspace(input.resource) && !workspaceId) {
1702
+ throw new LucernAccessControlError(
1703
+ "workspace_missing",
1704
+ "Workspace-scoped Permit checks require workspaceId."
1705
+ );
1706
+ }
1707
+ return {
1708
+ tenantId,
1709
+ workspaceId,
1710
+ principalId: identity.principalId,
1711
+ policySubject: identity.principalId,
1712
+ policyAction: requireString2(input.action, "policy_denied", "policyAction"),
1713
+ policyResource: formatPermitResource(input.resource),
1714
+ metadata: input.context
1715
+ };
1716
+ }
1717
+ async function resolveConfiguredPrincipalInput(authContext) {
1718
+ if (typeof authContext === "function") {
1719
+ return await authContext();
1720
+ }
1721
+ return authContext;
1722
+ }
1723
+ function assertPermitAllowed(decision) {
1724
+ if (decision.decision !== "allow") {
1725
+ throw new LucernAccessControlError(
1726
+ decision.decision === "deny" ? "policy_denied" : "policy_unknown",
1727
+ `Permit denied ${decision.policyAction} on ${decision.policyResource}.`,
1728
+ decision
1729
+ );
1730
+ }
1731
+ }
1732
+ function createAccessControlClient(config = {}) {
1733
+ const identityClient = createIdentityClient(config);
1734
+ async function resolveIdentity(input, observedClerkId) {
1735
+ const identityInput = input ?? await resolveConfiguredPrincipalInput(config.authContext);
1736
+ if (!identityInput) {
1737
+ throw new LucernAccessControlError(
1738
+ "principal_missing",
1739
+ "Lucern SDK access control requires a canonical principal identity."
1740
+ );
1741
+ }
1742
+ return normalizeCanonicalPrincipalIdentity(identityInput, {
1743
+ observedClerkId
1744
+ });
1745
+ }
1746
+ async function checkAccess(input, idempotencyKey) {
1747
+ const identity = await resolveIdentity(input.identity, input.observedClerkId);
1748
+ const policyInput = buildPolicyInput(identity, input);
1749
+ try {
1750
+ const response = await identityClient.evaluatePolicy(
1751
+ policyInput,
1752
+ idempotencyKey
1753
+ );
1754
+ return {
1755
+ identity,
1756
+ policyInput,
1757
+ decision: response.data
1758
+ };
1759
+ } catch (error) {
1760
+ if (error instanceof LucernSdkAuthContextError) {
1761
+ throw error;
1762
+ }
1763
+ throw new LucernAccessControlError(
1764
+ "policy_unavailable",
1765
+ "Permit policy check failed closed before an allow decision was returned."
1766
+ );
1767
+ }
1768
+ }
1769
+ async function requireAccess(input, idempotencyKey) {
1770
+ const result = await checkAccess(input, idempotencyKey);
1771
+ assertPermitAllowed(result.decision);
1772
+ return result;
1773
+ }
1774
+ async function canAccess(input, idempotencyKey) {
1775
+ try {
1776
+ await requireAccess(input, idempotencyKey);
1777
+ return true;
1778
+ } catch {
1779
+ return false;
1780
+ }
1781
+ }
1782
+ return {
1783
+ normalizePrincipal: normalizeCanonicalPrincipalIdentity,
1784
+ checkAccess,
1785
+ requireAccess,
1786
+ canAccess
1787
+ };
1788
+ }
1789
+
1790
+ // src/answersClient.ts
1791
+ function createAnswersClient(config = {}) {
1792
+ const gateway = createGatewayRequestClient(config);
1793
+ return {
1794
+ /**
1795
+ * Get the current answer for a question.
1796
+ * @param questionId - The question node identifier.
1797
+ * @returns The answer record for the given question.
1798
+ */
1799
+ async get(questionId) {
1800
+ return gateway.request({
1801
+ path: `/api/platform/v1/questions/${encodeURIComponent(questionId)}/answer`
1802
+ });
1803
+ }
1804
+ };
1805
+ }
1806
+
1807
+ // src/audiencesClient.ts
1808
+ function createAudiencesClient(config = {}) {
1809
+ const gateway = createGatewayRequestClient(config);
1810
+ const listRegistry = async (query5 = {}) => {
1811
+ return gateway.request({
1812
+ path: `/api/platform/v1/audiences/registry${toQueryString({
1813
+ ...query5,
1814
+ effective: typeof query5.effective === "boolean" ? query5.effective ? "true" : "false" : void 0,
1815
+ status: query5.status
1816
+ })}`
1817
+ }).then(
1818
+ (response) => mapGatewayData(
1819
+ response,
1820
+ (data) => createListResult(Array.isArray(data) ? data : [], "registryEntries")
1821
+ )
1822
+ );
1823
+ };
1824
+ const createRegistryEntry = async (input, idempotencyKey) => {
1825
+ return gateway.request({
1826
+ path: "/api/platform/v1/audiences/registry",
1827
+ method: "POST",
1828
+ body: input,
1829
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1830
+ });
1831
+ };
1832
+ const updateRegistryEntry = createRegistryEntry;
1833
+ const upsertRegistry = createRegistryEntry;
1834
+ const getRegistry = listRegistry;
1835
+ const listGrants = async (query5 = {}) => {
1836
+ return gateway.request({
1837
+ path: `/api/platform/v1/audiences/grants${toQueryString({
1838
+ ...query5,
1839
+ audienceKey: query5.audienceKey,
1840
+ principalId: query5.principalId,
1841
+ groupId: query5.groupId,
1842
+ status: query5.status
1843
+ })}`
1844
+ }).then(
1845
+ (response) => mapGatewayData(
1846
+ response,
1847
+ (data) => createListResult(Array.isArray(data) ? data : [], "grants")
1848
+ )
1849
+ );
1850
+ };
1851
+ const createGrant = async (input, idempotencyKey) => {
1852
+ return gateway.request({
1853
+ path: "/api/platform/v1/audiences/grants",
1854
+ method: "POST",
1855
+ body: input,
1856
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1857
+ });
1858
+ };
1859
+ const getGrants = listGrants;
1860
+ const grant = createGrant;
1861
+ const deleteGrant = async (input, idempotencyKey) => {
1862
+ return gateway.request({
1863
+ path: "/api/platform/v1/audiences/grants/revoke",
1864
+ method: "POST",
1865
+ body: input,
1866
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1867
+ });
1868
+ };
1869
+ const revokeGrant = deleteGrant;
1870
+ return {
1871
+ /**
1872
+ * List audience registry entries.
1873
+ */
1874
+ listRegistry,
1875
+ /**
1876
+ * @deprecated Use listRegistry.
1877
+ */
1878
+ getRegistry,
1879
+ /**
1880
+ * Create an audience registry entry.
1881
+ */
1882
+ createRegistryEntry,
1883
+ /**
1884
+ * Update an audience registry entry.
1885
+ */
1886
+ updateRegistryEntry,
1887
+ /**
1888
+ * @deprecated Use createRegistryEntry or updateRegistryEntry.
1889
+ */
1890
+ upsertRegistry,
1891
+ /**
1892
+ * List audience grants.
1893
+ */
1894
+ listGrants,
1895
+ /**
1896
+ * @deprecated Use listGrants.
1897
+ */
1898
+ getGrants,
1899
+ /**
1900
+ * Create an audience grant.
1901
+ */
1902
+ createGrant,
1903
+ /**
1904
+ * @deprecated Use createGrant.
1905
+ */
1906
+ grant,
1907
+ /**
1908
+ * Delete an audience grant by revoking it.
1909
+ */
1910
+ deleteGrant,
1911
+ /**
1912
+ * @deprecated Use deleteGrant.
1913
+ */
1914
+ revokeGrant
1915
+ };
1916
+ }
1917
+
1918
+ // src/auditClient.ts
1919
+ function createAuditClient(config = {}) {
1920
+ const gateway = createGatewayRequestClient(config);
1921
+ return {
1922
+ /**
1923
+ * List audit events for the current scope.
1924
+ */
1925
+ async listEvents(query5 = {}) {
1926
+ return gateway.request({
1927
+ path: `/api/platform/v1/audit/events${toQueryString(
1928
+ normalizeTopicQuery(query5)
1929
+ )}`
1930
+ }).then(
1931
+ (response) => mapGatewayData(
1932
+ response,
1933
+ (data) => createListResult(Array.isArray(data) ? data : [], "events")
1934
+ )
1935
+ );
1936
+ }
1937
+ };
1938
+ }
1939
+
1940
+ // src/authDeviceClient.ts
1941
+ var DeviceAuthorizationError = class extends Error {
1942
+ error;
1943
+ interval;
1944
+ constructor(args) {
1945
+ super(args.description ?? args.error);
1946
+ this.name = "DeviceAuthorizationError";
1947
+ this.error = args.error;
1948
+ this.interval = args.interval;
1949
+ }
1950
+ };
1951
+ function authBaseUrl(config) {
1952
+ return config.baseUrl?.replace(/\/+$/, "") ?? "";
1953
+ }
1954
+ async function readJson(response) {
1955
+ try {
1956
+ const payload = await response.json();
1957
+ return isRecord4(payload) ? payload : {};
1958
+ } catch (error) {
1959
+ return unreadableJsonBodyFallback();
1960
+ }
1961
+ }
1962
+ function unreadableJsonBodyFallback(_error) {
1963
+ return {};
1964
+ }
1965
+ function isRecord4(value) {
1966
+ return value !== null && typeof value === "object" && !Array.isArray(value);
1967
+ }
1968
+ function readString(value) {
1969
+ const normalized = typeof value === "string" ? value.trim() : "";
1970
+ return normalized || void 0;
1971
+ }
1972
+ function assertDeviceCodeResponse(payload) {
1973
+ const deviceCode = readString(payload.device_code);
1974
+ const userCode = readString(payload.user_code);
1975
+ const verificationUri = readString(payload.verification_uri);
1976
+ const verificationUriComplete = readString(payload.verification_uri_complete);
1977
+ const expiresIn = payload.expires_in;
1978
+ const interval = payload.interval;
1979
+ if (!deviceCode || !userCode || !verificationUri || !verificationUriComplete || typeof expiresIn !== "number" || typeof interval !== "number") {
1980
+ throw new Error("Gateway returned an invalid device-code response.");
1981
+ }
1982
+ return {
1983
+ device_code: deviceCode,
1984
+ user_code: userCode,
1985
+ verification_uri: verificationUri,
1986
+ verification_uri_complete: verificationUriComplete,
1987
+ expires_in: expiresIn,
1988
+ interval
1989
+ };
1990
+ }
1991
+ function assertDeviceTokenResponse(payload) {
1253
1992
  const accessToken = readString(payload.access_token);
1254
1993
  const tokenType = readString(payload.token_type);
1255
1994
  const scope = readString(payload.scope);
@@ -1266,7 +2005,7 @@ function assertDeviceTokenResponse(payload) {
1266
2005
  tenant_id: tenantId,
1267
2006
  workspace_id: readString(payload.workspace_id),
1268
2007
  principal_id: principalId,
1269
- user: isRecord3(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
2008
+ user: isRecord4(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
1270
2009
  id: payload.user.id,
1271
2010
  principalId: payload.user.principalId
1272
2011
  } : void 0
@@ -1605,67 +2344,12 @@ function createEvidenceClient(config = {}) {
1605
2344
  beliefId,
1606
2345
  evidence,
1607
2346
  config: classificationConfig
1608
- },
1609
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1610
- });
1611
- }
1612
- };
1613
- }
1614
-
1615
- // src/boundaryClientSurface.ts
1616
- function cleanOptionalString(value) {
1617
- const normalized = value?.trim();
1618
- return normalized ? normalized : void 0;
1619
- }
1620
- function isRecord4(value) {
1621
- return Boolean(value) && typeof value === "object" && !Array.isArray(value);
1622
- }
1623
- function cleanRequiredString(value, label) {
1624
- const normalized = cleanOptionalString(value);
1625
- if (!normalized) {
1626
- throw new Error(`${label} is required`);
1627
- }
1628
- return normalized;
1629
- }
1630
- function readTopicId(input) {
1631
- return cleanOptionalString(input.topicId) ?? cleanOptionalString(input.projectId);
1632
- }
1633
- function requireTopicId(input) {
1634
- const topicId = readTopicId(input);
1635
- if (!topicId) {
1636
- throw new Error("topicId is required");
1637
- }
1638
- return topicId;
1639
- }
1640
- function assertKnownKeys(input, allowed, operation) {
1641
- const allowedSet = new Set(allowed);
1642
- const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1643
- if (unknownKeys.length > 0) {
1644
- throw new Error(
1645
- `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1646
- );
1647
- }
1648
- }
1649
- function knownPayload(input, allowed, operation) {
1650
- assertKnownKeys(input, allowed, operation);
1651
- return { ...input };
1652
- }
1653
- function topicPayload(input, allowed, operation) {
1654
- assertKnownKeys(input, allowed, operation);
1655
- return {
1656
- ...input,
1657
- topicId: requireTopicId(input),
1658
- projectId: void 0
2347
+ },
2348
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2349
+ });
2350
+ }
1659
2351
  };
1660
2352
  }
1661
- function listResultFromEnvelope(data, legacyKey) {
1662
- const record = isRecord4(data) ? data : {};
1663
- const legacyItems = record[legacyKey];
1664
- return createListResult(
1665
- Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
1666
- legacyKey
1667
- );
1668
- }
1669
2353
 
1670
2354
  // src/eventingClient.ts
1671
2355
  var EVENTING_FIELDS = [
@@ -2274,419 +2958,151 @@ function createGraphClient(config = {}) {
2274
2958
  },
2275
2959
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2276
2960
  });
2277
- },
2278
- /**
2279
- * Permanently delete a node via the admin-only hard-delete route.
2280
- */
2281
- async hardDeleteNode(input, idempotencyKey) {
2282
- return gateway.request({
2283
- path: "/api/platform/v1/graph/nodes/hard-delete",
2284
- method: "POST",
2285
- body: input,
2286
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2287
- });
2288
- },
2289
- /**
2290
- * List graph edges matching the provided filters.
2291
- */
2292
- async listEdges(query5) {
2293
- return gateway.request({
2294
- path: `/api/platform/v1/graph/edges${toQueryString(
2295
- normalizeTopicQuery(query5)
2296
- )}`
2297
- }).then(
2298
- (response) => mapGatewayData(
2299
- response,
2300
- (data) => mapAliasedList(data, "edges")
2301
- )
2302
- );
2303
- },
2304
- /**
2305
- * Create a graph edge.
2306
- */
2307
- async createEdge(input, idempotencyKey) {
2308
- return gateway.request({
2309
- path: "/api/platform/v1/graph/edges",
2310
- method: "POST",
2311
- body: normalizeTopicQuery(input),
2312
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2313
- });
2314
- },
2315
- /**
2316
- * Delete one or more edges matching the provided filter.
2317
- */
2318
- async deleteEdge(query5, idempotencyKey) {
2319
- return gateway.request({
2320
- path: `/api/platform/v1/graph/edges${toQueryString(query5)}`,
2321
- method: "DELETE",
2322
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2323
- });
2324
- },
2325
- /**
2326
- * Retrieve a graph neighborhood around a root node.
2327
- */
2328
- async neighborhood(query5) {
2329
- return gateway.request({
2330
- path: `/api/platform/v1/graph/neighborhood${toQueryString(query5)}`
2331
- });
2332
- },
2333
- /**
2334
- * Traverse the graph from a starting node.
2335
- */
2336
- async traverse(query5) {
2337
- return gateway.request({
2338
- path: "/api/platform/v1/graph/traverse",
2339
- method: "POST",
2340
- body: normalizeTopicQuery(query5)
2341
- });
2342
- },
2343
- /**
2344
- * Analyze graph structure for a topic.
2345
- */
2346
- async analyze(query5 = {}) {
2347
- const normalized = normalizeTopicQuery(query5);
2348
- return gateway.request({
2349
- path: `/api/platform/v1/graph/analyze${toQueryString({
2350
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2351
- metric: typeof normalized.metric === "string" ? normalized.metric : void 0,
2352
- limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2353
- })}`
2354
- });
2355
- },
2356
- /**
2357
- * Detect confirmation-bias patterns for a topic graph.
2358
- */
2359
- async bias(query5 = {}) {
2360
- const normalized = normalizeTopicQuery(query5);
2361
- return gateway.request({
2362
- path: `/api/platform/v1/graph/bias${toQueryString({
2363
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2364
- threshold: typeof normalized.threshold === "number" ? normalized.threshold : void 0,
2365
- limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2366
- })}`
2367
- });
2368
- },
2369
- /**
2370
- * Find graph gaps for beliefs that still need testing.
2371
- */
2372
- async gaps(query5) {
2373
- const normalized = normalizeTopicQuery(query5);
2374
- return gateway.request({
2375
- path: `/api/platform/v1/graph/gaps${toQueryString({
2376
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2377
- minConfidence: typeof normalized.minConfidence === "number" ? normalized.minConfidence : void 0
2378
- })}`
2379
- });
2380
- },
2381
- /**
2382
- * Search across graph resources within a topic.
2383
- */
2384
- async search(query5) {
2385
- return gateway.request({
2386
- path: "/api/platform/v1/search",
2387
- method: "POST",
2388
- body: normalizeTopicQuery(query5)
2389
- });
2390
- },
2391
- /**
2392
- * Retrieve the shortest known path between two graph nodes.
2393
- */
2394
- async getPath(query5) {
2395
- return gateway.request({
2396
- path: `/api/platform/v1/graph/path${toQueryString(query5)}`
2397
- });
2398
- },
2399
- /**
2400
- * Retrieve graph analytics for the requested metric.
2401
- */
2402
- async getAnalytics(query5 = {}) {
2403
- return gateway.request({
2404
- path: `/api/platform/v1/graph/analytics${toQueryString(query5)}`
2405
- });
2406
- }
2407
- };
2408
- return Object.assign(client, {
2409
- queryNodes: client.listNodes,
2410
- queryEdges: client.listEdges,
2411
- getNeighborhood: client.neighborhood
2412
- });
2413
- }
2414
-
2415
- // src/identityClient.ts
2416
- function createIdentityWhoamiClient(config = {}) {
2417
- const gateway = createGatewayRequestClient(config);
2418
- return {
2419
- async whoami() {
2420
- return gateway.request({
2421
- path: "/api/platform/v1/identity/whoami"
2422
- });
2423
- }
2424
- };
2425
- }
2426
- var TENANT_IDENTITY_FIELDS = [
2427
- "tenantId",
2428
- "workspaceId",
2429
- "principalId",
2430
- "integrationKey",
2431
- "secretRef",
2432
- "policySubject",
2433
- "policyAction",
2434
- "policyResource",
2435
- "decision",
2436
- "config",
2437
- "configKey",
2438
- "configValue",
2439
- "provider",
2440
- "status",
2441
- "metadata",
2442
- "limit",
2443
- "cursor"
2444
- ];
2445
- function tenantIdentityQuery(input) {
2446
- return {
2447
- tenantId: cleanRequiredString(input.tenantId, "tenantId"),
2448
- workspaceId: input.workspaceId,
2449
- principalId: input.principalId,
2450
- limit: input.limit,
2451
- cursor: input.cursor
2452
- };
2453
- }
2454
- function tenantIdentityBody(input, operation) {
2455
- return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
2456
- }
2457
- function createIdentityClient(config = {}) {
2458
- const gateway = createGatewayRequestClient(config);
2459
- const whoamiClient = createIdentityWhoamiClient(config);
2460
- const requestPrincipalWrite = (method, input, idempotencyKey) => gateway.request({
2461
- path: "/api/platform/v1/identity/principals",
2462
- method,
2463
- body: input,
2464
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2465
- });
2466
- const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
2467
- const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
2468
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
2469
- method: "POST",
2470
- body: input,
2471
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2472
- });
2473
- return {
2474
- /**
2475
- * Resolve the current authenticated identity summary.
2476
- */
2477
- async whoami() {
2478
- return whoamiClient.whoami().then(
2479
- (response) => mapGatewayData(response, (data) => ({
2480
- principalId: data.principalId,
2481
- principalType: data.principalType,
2482
- tenantId: data.tenantId ?? null,
2483
- workspaceId: data.workspaceId ?? null,
2484
- scopes: Array.isArray(data.scopes) ? data.scopes : [],
2485
- roles: Array.isArray(data.roles) ? data.roles : [],
2486
- isPlatformAdmin: data.isPlatformAdmin === true,
2487
- isTenantAdmin: data.isTenantAdmin === true,
2488
- isWorkspaceAdmin: data.isWorkspaceAdmin === true,
2489
- authMode: data.authMode,
2490
- sessionId: data.sessionId,
2491
- delegatedBy: data.delegatedBy,
2492
- expiresAt: data.expiresAt
2493
- }))
2494
- );
2495
- },
2496
- /**
2497
- * List principals in the current identity scope.
2498
- */
2499
- async listPrincipals(query5 = {}) {
2500
- return gateway.request({
2501
- path: `/api/platform/v1/identity/principals${toQueryString(query5)}`
2502
- }).then(
2503
- (response) => mapGatewayData(
2504
- response,
2505
- (data) => createListResult(
2506
- Array.isArray(data) ? data : [],
2507
- "principals"
2508
- )
2509
- )
2510
- );
2511
- },
2512
- /**
2513
- * Create a principal.
2514
- */
2515
- async createPrincipal(input, idempotencyKey) {
2516
- return requestPrincipalWrite("POST", input, idempotencyKey);
2517
- },
2518
- /**
2519
- * Update a principal.
2520
- */
2521
- updatePrincipal,
2961
+ },
2522
2962
  /**
2523
- * @deprecated Use createPrincipal or updatePrincipal.
2963
+ * Permanently delete a node via the admin-only hard-delete route.
2524
2964
  */
2525
- upsertPrincipal: updatePrincipal,
2965
+ async hardDeleteNode(input, idempotencyKey) {
2966
+ return gateway.request({
2967
+ path: "/api/platform/v1/graph/nodes/hard-delete",
2968
+ method: "POST",
2969
+ body: input,
2970
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2971
+ });
2972
+ },
2526
2973
  /**
2527
- * List keys in the current identity scope.
2974
+ * List graph edges matching the provided filters.
2528
2975
  */
2529
- async listKeys(query5 = {}) {
2976
+ async listEdges(query5) {
2530
2977
  return gateway.request({
2531
- path: `/api/platform/v1/identity/keys${toQueryString(query5)}`
2978
+ path: `/api/platform/v1/graph/edges${toQueryString(
2979
+ normalizeTopicQuery(query5)
2980
+ )}`
2532
2981
  }).then(
2533
2982
  (response) => mapGatewayData(
2534
2983
  response,
2535
- (data) => createListResult(Array.isArray(data) ? data : [], "keys")
2984
+ (data) => mapAliasedList(data, "edges")
2536
2985
  )
2537
2986
  );
2538
2987
  },
2539
2988
  /**
2540
- * Create an API key.
2989
+ * Create a graph edge.
2541
2990
  */
2542
- async createKey(input, idempotencyKey) {
2991
+ async createEdge(input, idempotencyKey) {
2543
2992
  return gateway.request({
2544
- path: "/api/platform/v1/identity/keys",
2993
+ path: "/api/platform/v1/graph/edges",
2545
2994
  method: "POST",
2546
- body: input,
2995
+ body: normalizeTopicQuery(input),
2547
2996
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2548
2997
  });
2549
2998
  },
2550
2999
  /**
2551
- * Rotate an API key.
3000
+ * Delete one or more edges matching the provided filter.
2552
3001
  */
2553
- async rotateKey(keyId, input = {}, idempotencyKey) {
3002
+ async deleteEdge(query5, idempotencyKey) {
2554
3003
  return gateway.request({
2555
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/rotate`,
2556
- method: "POST",
2557
- body: input,
3004
+ path: `/api/platform/v1/graph/edges${toQueryString(query5)}`,
3005
+ method: "DELETE",
2558
3006
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2559
3007
  });
2560
3008
  },
2561
3009
  /**
2562
- * Delete an API key by revoking it.
2563
- */
2564
- deleteKey,
2565
- /**
2566
- * @deprecated Use deleteKey.
2567
- */
2568
- revokeKey: deleteKey,
2569
- /**
2570
- * Search Clerk users by email or display attributes.
3010
+ * Retrieve a graph neighborhood around a root node.
2571
3011
  */
2572
- async searchClerkUsers(q) {
3012
+ async neighborhood(query5) {
2573
3013
  return gateway.request({
2574
- path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
3014
+ path: `/api/platform/v1/graph/neighborhood${toQueryString(query5)}`
2575
3015
  });
2576
3016
  },
2577
- async getTenantConfig(input) {
3017
+ /**
3018
+ * Traverse the graph from a starting node.
3019
+ */
3020
+ async traverse(query5) {
2578
3021
  return gateway.request({
2579
- path: `/api/platform/v1/identity/tenant-config${toQueryString(
2580
- tenantIdentityQuery(input)
2581
- )}`
3022
+ path: "/api/platform/v1/graph/traverse",
3023
+ method: "POST",
3024
+ body: normalizeTopicQuery(query5)
2582
3025
  });
2583
3026
  },
2584
- async updateTenantConfig(input, idempotencyKey) {
2585
- cleanRequiredString(input.tenantId, "tenantId");
3027
+ /**
3028
+ * Analyze graph structure for a topic.
3029
+ */
3030
+ async analyze(query5 = {}) {
3031
+ const normalized = normalizeTopicQuery(query5);
2586
3032
  return gateway.request({
2587
- path: "/api/platform/v1/identity/tenant-config",
2588
- method: "PATCH",
2589
- body: tenantIdentityBody(
2590
- input,
2591
- "identity.updateTenantConfig"
2592
- ),
2593
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3033
+ path: `/api/platform/v1/graph/analyze${toQueryString({
3034
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
3035
+ metric: typeof normalized.metric === "string" ? normalized.metric : void 0,
3036
+ limit: typeof normalized.limit === "number" ? normalized.limit : void 0
3037
+ })}`
2594
3038
  });
2595
3039
  },
2596
- async listIntegrations(input) {
2597
- return gateway.request({
2598
- path: `/api/platform/v1/identity/integrations${toQueryString(
2599
- tenantIdentityQuery(input)
2600
- )}`
2601
- }).then(
2602
- (response) => mapGatewayData(
2603
- response,
2604
- (data) => listResultFromEnvelope(
2605
- data,
2606
- "integrations"
2607
- )
2608
- )
2609
- );
2610
- },
2611
- async upsertIntegration(input, idempotencyKey) {
2612
- cleanRequiredString(input.tenantId, "tenantId");
2613
- cleanRequiredString(input.integrationKey, "integrationKey");
3040
+ /**
3041
+ * Detect confirmation-bias patterns for a topic graph.
3042
+ */
3043
+ async bias(query5 = {}) {
3044
+ const normalized = normalizeTopicQuery(query5);
2614
3045
  return gateway.request({
2615
- path: "/api/platform/v1/identity/integrations",
2616
- method: "PUT",
2617
- body: tenantIdentityBody(
2618
- input,
2619
- "identity.upsertIntegration"
2620
- ),
2621
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3046
+ path: `/api/platform/v1/graph/bias${toQueryString({
3047
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
3048
+ threshold: typeof normalized.threshold === "number" ? normalized.threshold : void 0,
3049
+ limit: typeof normalized.limit === "number" ? normalized.limit : void 0
3050
+ })}`
2622
3051
  });
2623
3052
  },
2624
- async listSecrets(input) {
3053
+ /**
3054
+ * Find graph gaps for beliefs that still need testing.
3055
+ */
3056
+ async gaps(query5) {
3057
+ const normalized = normalizeTopicQuery(query5);
2625
3058
  return gateway.request({
2626
- path: `/api/platform/v1/identity/secrets${toQueryString(
2627
- tenantIdentityQuery(input)
2628
- )}`
2629
- }).then(
2630
- (response) => mapGatewayData(
2631
- response,
2632
- (data) => listResultFromEnvelope(
2633
- data,
2634
- "secrets"
2635
- )
2636
- )
2637
- );
3059
+ path: `/api/platform/v1/graph/gaps${toQueryString({
3060
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
3061
+ minConfidence: typeof normalized.minConfidence === "number" ? normalized.minConfidence : void 0
3062
+ })}`
3063
+ });
2638
3064
  },
2639
- async putSecretReference(input, idempotencyKey) {
2640
- cleanRequiredString(input.tenantId, "tenantId");
2641
- cleanRequiredString(input.secretRef, "secretRef");
3065
+ /**
3066
+ * Search across graph resources within a topic.
3067
+ */
3068
+ async search(query5) {
2642
3069
  return gateway.request({
2643
- path: "/api/platform/v1/identity/secrets",
2644
- method: "PUT",
2645
- body: tenantIdentityBody(
2646
- input,
2647
- "identity.putSecretReference"
2648
- ),
2649
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3070
+ path: "/api/platform/v1/search",
3071
+ method: "POST",
3072
+ body: normalizeTopicQuery(query5)
2650
3073
  });
2651
3074
  },
2652
- async evaluatePolicy(input, idempotencyKey) {
2653
- cleanRequiredString(input.tenantId, "tenantId");
2654
- cleanRequiredString(input.policySubject, "policySubject");
2655
- cleanRequiredString(input.policyAction, "policyAction");
2656
- cleanRequiredString(input.policyResource, "policyResource");
3075
+ /**
3076
+ * Retrieve the shortest known path between two graph nodes.
3077
+ */
3078
+ async getPath(query5) {
2657
3079
  return gateway.request({
2658
- path: "/api/platform/v1/identity/policy/evaluate",
2659
- method: "POST",
2660
- body: tenantIdentityBody(
2661
- input,
2662
- "identity.evaluatePolicy"
2663
- ),
2664
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3080
+ path: `/api/platform/v1/graph/path${toQueryString(query5)}`
2665
3081
  });
2666
3082
  },
2667
- async recordPolicyDecision(input, idempotencyKey) {
2668
- cleanRequiredString(input.tenantId, "tenantId");
2669
- cleanRequiredString(input.decision, "decision");
3083
+ /**
3084
+ * Retrieve graph analytics for the requested metric.
3085
+ */
3086
+ async getAnalytics(query5 = {}) {
2670
3087
  return gateway.request({
2671
- path: "/api/platform/v1/identity/policy/decisions",
2672
- method: "POST",
2673
- body: tenantIdentityBody(
2674
- input,
2675
- "identity.recordPolicyDecision"
2676
- ),
2677
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3088
+ path: `/api/platform/v1/graph/analytics${toQueryString(query5)}`
2678
3089
  });
2679
3090
  }
2680
3091
  };
3092
+ return Object.assign(client, {
3093
+ queryNodes: client.listNodes,
3094
+ queryEdges: client.listEdges,
3095
+ getNeighborhood: client.neighborhood
3096
+ });
2681
3097
  }
2682
3098
 
2683
3099
  // src/topicsClient.ts
2684
- function cleanString3(value) {
3100
+ function cleanString5(value) {
2685
3101
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
2686
3102
  }
2687
3103
  function normalizeTopicRecord(value) {
2688
3104
  const record = asRecord(value);
2689
- const topicId = cleanString3(record.topicId) ?? cleanString3(record.id) ?? cleanString3(record._id);
3105
+ const topicId = cleanString5(record.topicId) ?? cleanString5(record.id) ?? cleanString5(record._id);
2690
3106
  return withTopicAlias({
2691
3107
  ...record,
2692
3108
  ...topicId ? { topicId } : {}
@@ -3405,6 +3821,8 @@ function createTasksFacade(config = {}) {
3405
3821
  description: input.description,
3406
3822
  priority: input.priority,
3407
3823
  status: input.status,
3824
+ assigneeId: input.assigneeId,
3825
+ blockedReason: input.blockedReason,
3408
3826
  linkedBeliefId: input.linkedBeliefId,
3409
3827
  linkedQuestionId: input.linkedQuestionId,
3410
3828
  linkedWorktreeId: input.linkedWorktreeId,
@@ -3899,7 +4317,7 @@ function createEmbeddingsClient(config = {}) {
3899
4317
  }
3900
4318
 
3901
4319
  // src/contextClient.ts
3902
- function cleanString4(value) {
4320
+ function cleanString6(value) {
3903
4321
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
3904
4322
  }
3905
4323
  function cleanNumber(value) {
@@ -3911,11 +4329,11 @@ function cleanBoolean(value) {
3911
4329
  function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3912
4330
  const effectiveInput = typeof topicIdOrInput === "string" ? input : topicIdOrInput;
3913
4331
  const payload = {};
3914
- const topicId = typeof topicIdOrInput === "string" ? cleanString4(topicIdOrInput) : cleanString4(effectiveInput.topicId);
4332
+ const topicId = typeof topicIdOrInput === "string" ? cleanString6(topicIdOrInput) : cleanString6(effectiveInput.topicId);
3915
4333
  if (topicId) {
3916
4334
  payload.topicId = topicId;
3917
4335
  }
3918
- const query5 = cleanString4(effectiveInput.query);
4336
+ const query5 = cleanString6(effectiveInput.query);
3919
4337
  if (query5) {
3920
4338
  payload.query = query5;
3921
4339
  }
@@ -3923,7 +4341,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3923
4341
  if (budget !== void 0) {
3924
4342
  payload.budget = budget;
3925
4343
  }
3926
- const ranking = cleanString4(effectiveInput.ranking) ?? cleanString4(effectiveInput.rankingProfile);
4344
+ const ranking = cleanString6(effectiveInput.ranking) ?? cleanString6(effectiveInput.rankingProfile);
3927
4345
  if (ranking) {
3928
4346
  payload.ranking = ranking;
3929
4347
  }
@@ -3939,7 +4357,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3939
4357
  if (includeEntities !== void 0) {
3940
4358
  payload.includeEntities = includeEntities;
3941
4359
  }
3942
- const mode = cleanString4(effectiveInput.mode);
4360
+ const mode = cleanString6(effectiveInput.mode);
3943
4361
  if (mode) {
3944
4362
  payload.mode = mode;
3945
4363
  }
@@ -3947,11 +4365,11 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3947
4365
  if (includeFailures !== void 0) {
3948
4366
  payload.includeFailures = includeFailures;
3949
4367
  }
3950
- const worktreeId = cleanString4(effectiveInput.worktreeId);
4368
+ const worktreeId = cleanString6(effectiveInput.worktreeId);
3951
4369
  if (worktreeId) {
3952
4370
  payload.worktreeId = worktreeId;
3953
4371
  }
3954
- const sessionId = cleanString4(effectiveInput.sessionId);
4372
+ const sessionId = cleanString6(effectiveInput.sessionId);
3955
4373
  if (sessionId) {
3956
4374
  payload.sessionId = sessionId;
3957
4375
  }
@@ -4837,7 +5255,8 @@ function createMcpClient(config = {}) {
4837
5255
  transportKind: input.transportKind,
4838
5256
  sessionId: input.sessionId,
4839
5257
  agentIdentity: input.agentIdentity,
4840
- workspaceId: input.workspaceId
5258
+ workspaceId: input.workspaceId,
5259
+ worktreeId: input.worktreeId
4841
5260
  };
4842
5261
  return gateway.request({
4843
5262
  path: `${MCP_GATEWAY_BOOTSTRAP_ENDPOINT}${toQueryString(scope)}`,
@@ -4928,8 +5347,11 @@ var CONTRACTS = {
4928
5347
  "apply_lens_to_topic": { method: "POST", path: "/lenses/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
4929
5348
  "apply_ontology": { method: "POST", path: "/ontologies/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
4930
5349
  "archive_belief": { method: "DELETE", path: "/beliefs", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5350
+ "archive_epistemic_node": { method: "POST", path: "/nodes/archive", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4931
5351
  "archive_ontology": { method: "DELETE", path: "/ontologies", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
4932
5352
  "archive_question": { method: "DELETE", path: "/questions", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5353
+ "batch_create_edges": { method: "POST", path: "/edges/batch", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5354
+ "batch_create_epistemic_nodes": { method: "POST", path: "/nodes/batch", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4933
5355
  "begin_build_session": { method: "POST", path: "/mcp/build-session/begin", kind: "mutation", idempotent: true, surfaceIntent: "system" },
4934
5356
  "bisect_confidence": { method: "POST", path: "/beliefs/confidence/bisect", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4935
5357
  "broadcast_message": { method: "POST", path: "/coordination/messages/broadcast", kind: "mutation", idempotent: true, surfaceIntent: "system" },
@@ -4941,6 +5363,7 @@ var CONTRACTS = {
4941
5363
  "create_belief": { method: "POST", path: "/beliefs", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4942
5364
  "create_edge": { method: "POST", path: "/edges", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
4943
5365
  "create_epistemic_contract": { method: "POST", path: "/contracts", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5366
+ "create_epistemic_node": { method: "POST", path: "/nodes", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4944
5367
  "create_evidence": { method: "POST", path: "/evidence", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4945
5368
  "create_lens": { method: "POST", path: "/lenses", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
4946
5369
  "create_ontology": { method: "POST", path: "/ontologies", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
@@ -4968,6 +5391,7 @@ var CONTRACTS = {
4968
5391
  "get_code_context": { method: "POST", path: "/coding/context", kind: "query", idempotent: false, surfaceIntent: "system" },
4969
5392
  "get_confidence_history": { method: "POST", path: "/beliefs/confidence-history", kind: "query", idempotent: false, surfaceIntent: "compatibility" },
4970
5393
  "get_contract_status": { method: "POST", path: "/contracts/status", kind: "query", idempotent: false, surfaceIntent: "mcp_governance" },
5394
+ "get_epistemic_node": { method: "GET", path: "/nodes/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4971
5395
  "get_evidence": { method: "GET", path: "/evidence/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4972
5396
  "get_failure_log": { method: "POST", path: "/coding/failure-log", kind: "query", idempotent: false, surfaceIntent: "system" },
4973
5397
  "get_falsification_questions": { method: "POST", path: "/questions/falsification", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
@@ -4981,6 +5405,7 @@ var CONTRACTS = {
4981
5405
  "get_question": { method: "GET", path: "/questions/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4982
5406
  "get_topic": { method: "GET", path: "/topics/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4983
5407
  "get_topic_coverage": { method: "POST", path: "/graph/topic-coverage", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5408
+ "get_topic_graph_spine": { method: "GET", path: "/topics/graph-spine", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4984
5409
  "get_topic_tree": { method: "GET", path: "/topics/tree", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4985
5410
  "heartbeat_session": { method: "POST", path: "/coordination/heartbeat-session", kind: "mutation", idempotent: true, surfaceIntent: "system" },
4986
5411
  "identity_whoami": { method: "GET", path: "/identity/whoami", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
@@ -4992,6 +5417,7 @@ var CONTRACTS = {
4992
5417
  "list_all_worktrees": { method: "GET", path: "/worktrees/all", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
4993
5418
  "list_beliefs": { method: "GET", path: "/beliefs", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4994
5419
  "list_campaigns": { method: "GET", path: "/worktrees/campaigns", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5420
+ "list_epistemic_nodes": { method: "GET", path: "/nodes", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4995
5421
  "list_evidence": { method: "GET", path: "/evidence", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4996
5422
  "list_graph_intelligence_queries": { method: "POST", path: "/graph-intelligence/queries", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
4997
5423
  "list_lenses": { method: "GET", path: "/lenses", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
@@ -5002,6 +5428,7 @@ var CONTRACTS = {
5002
5428
  "list_worktrees": { method: "GET", path: "/worktrees", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5003
5429
  "manage_write_policy": { method: "POST", path: "/policy/write-policy/manage", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5004
5430
  "match_entity_type": { method: "POST", path: "/ontologies/match-entity-type", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5431
+ "materialize_topic_graph": { method: "POST", path: "/topics/materialize-graph", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5005
5432
  "merge": { method: "POST", path: "/worktrees/merge", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5006
5433
  "modulate_confidence": { method: "POST", path: "/beliefs/confidence", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5007
5434
  "open_pull_request": { method: "POST", path: "/worktrees/open-pull-request", kind: "mutation", idempotent: true, surfaceIntent: "system" },
@@ -5015,22 +5442,29 @@ var CONTRACTS = {
5015
5442
  "refine_belief": { method: "PATCH", path: "/beliefs/refine", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5016
5443
  "refine_question": { method: "PATCH", path: "/questions/refine", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5017
5444
  "register_session": { method: "POST", path: "/coordination/register-session", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5445
+ "remove_edge": { method: "DELETE", path: "/edges", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5446
+ "remove_edges_between": { method: "DELETE", path: "/edges/between", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5018
5447
  "remove_lens_from_topic": { method: "DELETE", path: "/lenses/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5019
5448
  "resolve_effective_ontology": { method: "POST", path: "/ontologies/effective", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5449
+ "resolve_interactive_principal": { method: "POST", path: "/control-plane/identity/resolve-interactive-principal", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5020
5450
  "run_graph_intelligence_query": { method: "POST", path: "/graph-intelligence/run", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5021
5451
  "search_beliefs": { method: "POST", path: "/beliefs/search", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5022
5452
  "search_evidence": { method: "POST", path: "/evidence/search", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5023
5453
  "seed_belief_lattice": { method: "POST", path: "/scope/belief-lattice/seed", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5024
5454
  "send_agent_message": { method: "POST", path: "/coordination/messages/send", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5455
+ "supersede_epistemic_node": { method: "POST", path: "/nodes/supersede", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5025
5456
  "trace_entity_impact": { method: "POST", path: "/graph/trace-entity-impact", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5026
5457
  "traverse_graph": { method: "POST", path: "/graph/traverse", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5027
5458
  "trigger_belief_review": { method: "POST", path: "/context/belief-review", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5459
+ "update_edge": { method: "PATCH", path: "/edges", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5460
+ "update_epistemic_node": { method: "PATCH", path: "/nodes", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5028
5461
  "update_ontology": { method: "PATCH", path: "/ontologies", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5029
5462
  "update_question_status": { method: "PATCH", path: "/questions/status", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5030
5463
  "update_task": { method: "PATCH", path: "/tasks", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5031
5464
  "update_topic": { method: "PATCH", path: "/topics", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5032
5465
  "update_worktree_metadata": { method: "PATCH", path: "/worktrees/metadata", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5033
- "update_worktree_targets": { method: "PATCH", path: "/worktrees/targets", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" }
5466
+ "update_worktree_targets": { method: "PATCH", path: "/worktrees/targets", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5467
+ "verify_epistemic_node": { method: "POST", path: "/nodes/verify", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" }
5034
5468
  };
5035
5469
  function createSessionId() {
5036
5470
  return typeof crypto !== "undefined" && typeof crypto.randomUUID === "function" ? crypto.randomUUID() : randomIdempotencyKey();
@@ -5098,12 +5532,21 @@ function createFunctionSurfaceClient(config = {}) {
5098
5532
  archiveBelief(input = {}, idempotencyKey) {
5099
5533
  return execute("archive_belief", input, idempotencyKey);
5100
5534
  },
5535
+ archiveEpistemicNode(input = {}, idempotencyKey) {
5536
+ return execute("archive_epistemic_node", input, idempotencyKey);
5537
+ },
5101
5538
  archiveOntology(input = {}, idempotencyKey) {
5102
5539
  return execute("archive_ontology", input, idempotencyKey);
5103
5540
  },
5104
5541
  archiveQuestion(input = {}, idempotencyKey) {
5105
5542
  return execute("archive_question", input, idempotencyKey);
5106
5543
  },
5544
+ batchCreateEdges(input = {}, idempotencyKey) {
5545
+ return execute("batch_create_edges", input, idempotencyKey);
5546
+ },
5547
+ batchCreateEpistemicNodes(input = {}, idempotencyKey) {
5548
+ return execute("batch_create_epistemic_nodes", input, idempotencyKey);
5549
+ },
5107
5550
  beginBuildSession(input = {}, idempotencyKey) {
5108
5551
  return execute("begin_build_session", input, idempotencyKey);
5109
5552
  },
@@ -5137,6 +5580,9 @@ function createFunctionSurfaceClient(config = {}) {
5137
5580
  createEpistemicContract(input = {}, idempotencyKey) {
5138
5581
  return execute("create_epistemic_contract", input, idempotencyKey);
5139
5582
  },
5583
+ createEpistemicNode(input = {}, idempotencyKey) {
5584
+ return execute("create_epistemic_node", input, idempotencyKey);
5585
+ },
5140
5586
  createEvidence(input = {}, idempotencyKey) {
5141
5587
  return execute("create_evidence", input, idempotencyKey);
5142
5588
  },
@@ -5218,6 +5664,9 @@ function createFunctionSurfaceClient(config = {}) {
5218
5664
  getContractStatus(input = {}, idempotencyKey) {
5219
5665
  return execute("get_contract_status", input, idempotencyKey);
5220
5666
  },
5667
+ getEpistemicNode(input = {}, idempotencyKey) {
5668
+ return execute("get_epistemic_node", input, idempotencyKey);
5669
+ },
5221
5670
  getEvidence(input = {}, idempotencyKey) {
5222
5671
  return execute("get_evidence", input, idempotencyKey);
5223
5672
  },
@@ -5257,6 +5706,9 @@ function createFunctionSurfaceClient(config = {}) {
5257
5706
  getTopicCoverage(input = {}, idempotencyKey) {
5258
5707
  return execute("get_topic_coverage", input, idempotencyKey);
5259
5708
  },
5709
+ getTopicGraphSpine(input = {}, idempotencyKey) {
5710
+ return execute("get_topic_graph_spine", input, idempotencyKey);
5711
+ },
5260
5712
  getTopicTree(input = {}, idempotencyKey) {
5261
5713
  return execute("get_topic_tree", input, idempotencyKey);
5262
5714
  },
@@ -5290,6 +5742,9 @@ function createFunctionSurfaceClient(config = {}) {
5290
5742
  listCampaigns(input = {}, idempotencyKey) {
5291
5743
  return execute("list_campaigns", input, idempotencyKey);
5292
5744
  },
5745
+ listEpistemicNodes(input = {}, idempotencyKey) {
5746
+ return execute("list_epistemic_nodes", input, idempotencyKey);
5747
+ },
5293
5748
  listEvidence(input = {}, idempotencyKey) {
5294
5749
  return execute("list_evidence", input, idempotencyKey);
5295
5750
  },
@@ -5320,6 +5775,9 @@ function createFunctionSurfaceClient(config = {}) {
5320
5775
  matchEntityType(input = {}, idempotencyKey) {
5321
5776
  return execute("match_entity_type", input, idempotencyKey);
5322
5777
  },
5778
+ materializeTopicGraph(input = {}, idempotencyKey) {
5779
+ return execute("materialize_topic_graph", input, idempotencyKey);
5780
+ },
5323
5781
  merge(input = {}, idempotencyKey) {
5324
5782
  return execute("merge", input, idempotencyKey);
5325
5783
  },
@@ -5359,12 +5817,21 @@ function createFunctionSurfaceClient(config = {}) {
5359
5817
  registerSession(input = {}, idempotencyKey) {
5360
5818
  return execute("register_session", input, idempotencyKey);
5361
5819
  },
5820
+ removeEdge(input = {}, idempotencyKey) {
5821
+ return execute("remove_edge", input, idempotencyKey);
5822
+ },
5823
+ removeEdgesBetween(input = {}, idempotencyKey) {
5824
+ return execute("remove_edges_between", input, idempotencyKey);
5825
+ },
5362
5826
  removeLensFromTopic(input = {}, idempotencyKey) {
5363
5827
  return execute("remove_lens_from_topic", input, idempotencyKey);
5364
5828
  },
5365
5829
  resolveEffectiveOntology(input = {}, idempotencyKey) {
5366
5830
  return execute("resolve_effective_ontology", input, idempotencyKey);
5367
5831
  },
5832
+ resolveInteractivePrincipal(input = {}, idempotencyKey) {
5833
+ return execute("resolve_interactive_principal", input, idempotencyKey);
5834
+ },
5368
5835
  runGraphIntelligenceQuery(input = {}, idempotencyKey) {
5369
5836
  return execute("run_graph_intelligence_query", input, idempotencyKey);
5370
5837
  },
@@ -5380,6 +5847,9 @@ function createFunctionSurfaceClient(config = {}) {
5380
5847
  sendAgentMessage(input = {}, idempotencyKey) {
5381
5848
  return execute("send_agent_message", input, idempotencyKey);
5382
5849
  },
5850
+ supersedeEpistemicNode(input = {}, idempotencyKey) {
5851
+ return execute("supersede_epistemic_node", input, idempotencyKey);
5852
+ },
5383
5853
  traceEntityImpact(input = {}, idempotencyKey) {
5384
5854
  return execute("trace_entity_impact", input, idempotencyKey);
5385
5855
  },
@@ -5389,6 +5859,12 @@ function createFunctionSurfaceClient(config = {}) {
5389
5859
  triggerBeliefReview(input = {}, idempotencyKey) {
5390
5860
  return execute("trigger_belief_review", input, idempotencyKey);
5391
5861
  },
5862
+ updateEdge(input = {}, idempotencyKey) {
5863
+ return execute("update_edge", input, idempotencyKey);
5864
+ },
5865
+ updateEpistemicNode(input = {}, idempotencyKey) {
5866
+ return execute("update_epistemic_node", input, idempotencyKey);
5867
+ },
5392
5868
  updateOntology(input = {}, idempotencyKey) {
5393
5869
  return execute("update_ontology", input, idempotencyKey);
5394
5870
  },
@@ -5406,6 +5882,9 @@ function createFunctionSurfaceClient(config = {}) {
5406
5882
  },
5407
5883
  updateWorktreeTargets(input = {}, idempotencyKey) {
5408
5884
  return execute("update_worktree_targets", input, idempotencyKey);
5885
+ },
5886
+ verifyEpistemicNode(input = {}, idempotencyKey) {
5887
+ return execute("verify_epistemic_node", input, idempotencyKey);
5409
5888
  }
5410
5889
  };
5411
5890
  }
@@ -5613,7 +6092,7 @@ var ORG_GRAPH_SEARCH_FIELDS = [
5613
6092
  "cursor",
5614
6093
  "provenanceScope"
5615
6094
  ];
5616
- function cleanString5(value, label) {
6095
+ function cleanString7(value, label) {
5617
6096
  const normalized = value?.trim();
5618
6097
  if (!normalized) {
5619
6098
  throw new Error(`${label} is required`);
@@ -5635,9 +6114,9 @@ function searchBody(input) {
5635
6114
  "orgGraphSearch.search"
5636
6115
  );
5637
6116
  return {
5638
- tenantId: cleanString5(input.tenantId, "tenantId"),
5639
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
5640
- query: cleanString5(input.query, "query"),
6117
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6118
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
6119
+ query: cleanString7(input.query, "query"),
5641
6120
  nodeTypes: input.nodeTypes,
5642
6121
  minConfidence: input.minConfidence,
5643
6122
  limit: input.limit,
@@ -5647,8 +6126,8 @@ function searchBody(input) {
5647
6126
  }
5648
6127
  function listQuery2(input) {
5649
6128
  return {
5650
- tenantId: cleanString5(input.tenantId, "tenantId"),
5651
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
6129
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6130
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
5652
6131
  nodeTypes: input.nodeTypes?.join(","),
5653
6132
  minConfidence: input.minConfidence,
5654
6133
  limit: input.limit,
@@ -5682,8 +6161,8 @@ function createOrgGraphSearchClient(config = {}) {
5682
6161
  return gateway.request({
5683
6162
  path: `/api/platform/v1/org-graph-search/nodes/${nodePath}${toQueryString(
5684
6163
  {
5685
- tenantId: cleanString5(input.tenantId, "tenantId"),
5686
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
6164
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6165
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
5687
6166
  globalId: nodeId ? void 0 : globalId
5688
6167
  }
5689
6168
  )}`
@@ -6256,6 +6735,21 @@ function createSchemaClient(config = {}) {
6256
6735
  }
6257
6736
 
6258
6737
  // src/clientHelpers.ts
6738
+ function normalizeCustomNamespace(namespace) {
6739
+ return namespace.trim() || "custom";
6740
+ }
6741
+ function normalizeCustomToolPayload(input) {
6742
+ return input && typeof input === "object" && !Array.isArray(input) ? input : {};
6743
+ }
6744
+ function resolveCustomToolFullName(name) {
6745
+ return name.includes(".") ? name : `custom.${name}`;
6746
+ }
6747
+ function buildBeliefsRefinePayload(textOrInput, rationale) {
6748
+ return typeof textOrInput === "string" ? { text: textOrInput, rationale } : { text: textOrInput.text, rationale: textOrInput.rationale };
6749
+ }
6750
+ function buildBeliefsArchivePayload(input) {
6751
+ return typeof input === "string" ? { reason: input } : input ? { reason: input.reason ?? input.rationale } : void 0;
6752
+ }
6259
6753
  function asNodeArray(data) {
6260
6754
  const rows = asListItems(data, "nodes");
6261
6755
  if (rows.length > 0) {
@@ -6633,7 +7127,7 @@ function createToolRegistryClient(config = {}) {
6633
7127
  }
6634
7128
 
6635
7129
  // src/version.ts
6636
- var LUCERN_SDK_VERSION = "0.3.0-alpha.8";
7130
+ var LUCERN_SDK_VERSION = "1.0.0";
6637
7131
 
6638
7132
  // src/workflowClient.ts
6639
7133
  function normalizeLensQuery(value) {
@@ -7041,6 +7535,12 @@ function toGatewayConfig(config) {
7041
7535
  return {
7042
7536
  baseUrl: config.baseUrl,
7043
7537
  fetchImpl: config.fetchImpl,
7538
+ apiKey: config.apiKey,
7539
+ userToken: config.userToken,
7540
+ environment: config.environment,
7541
+ clerkId: config.clerkId,
7542
+ userId: config.userId,
7543
+ deploymentHost: config.deploymentHost,
7044
7544
  maxRetries: config.maxRetries,
7045
7545
  timeoutMs: config.timeoutMs,
7046
7546
  timeoutMsByMethod: config.timeoutMsByMethod,
@@ -7049,23 +7549,15 @@ function toGatewayConfig(config) {
7049
7549
  onResponse: config.onResponse,
7050
7550
  authContext: config.authContext,
7051
7551
  requireCanonicalAuthContext: config.requireCanonicalAuthContext,
7052
- getAuthHeaders: async () => {
7053
- const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
7054
- if (config.apiKey && !base["x-lucern-key"] && !base.Authorization) {
7055
- base["x-lucern-key"] = config.apiKey;
7056
- }
7057
- if (config.userToken && !base["x-lucern-session-token"]) {
7058
- base["x-lucern-session-token"] = config.userToken;
7059
- }
7060
- if (config.environment && !base["x-lucern-environment"]) {
7061
- base["x-lucern-environment"] = config.environment;
7062
- }
7063
- return base;
7064
- }
7552
+ getAuthHeaders: config.getAuthHeaders
7065
7553
  };
7066
7554
  }
7067
7555
  function exposeGatewayData(response) {
7068
- return Object.assign({}, response, response.data);
7556
+ const data = response.data;
7557
+ if (data !== null && typeof data === "object" && !Array.isArray(data)) {
7558
+ return Object.assign({}, response, data);
7559
+ }
7560
+ return { ...response };
7069
7561
  }
7070
7562
  function createLucernClient(config = {}) {
7071
7563
  const gatewayConfig = toGatewayConfig(config);
@@ -7086,6 +7578,7 @@ function createLucernClient(config = {}) {
7086
7578
  const auditClient = createAuditClient(gatewayConfig);
7087
7579
  const authDeviceClient = createAuthDeviceClient(gatewayConfig);
7088
7580
  const adminClient = createAdminClient(gatewayConfig);
7581
+ const accessControlClient = createAccessControlClient(gatewayConfig);
7089
7582
  const answersClient = createAnswersClient(gatewayConfig);
7090
7583
  const contradictionsFacade = createContradictionsFacade(gatewayConfig);
7091
7584
  const edgesFacade = createEdgesFacade(gatewayConfig);
@@ -7105,6 +7598,7 @@ function createLucernClient(config = {}) {
7105
7598
  const ontologyLinksClient = createOntologyLinksClient(gatewayConfig);
7106
7599
  const orgGraphSearchClient = createOrgGraphSearchClient(gatewayConfig);
7107
7600
  const functionSurfaceClient = createFunctionSurfaceClient(gatewayConfig);
7601
+ const controlPlaneClient = createControlPlaneClient(gatewayConfig);
7108
7602
  const toolRegistryClient = createToolRegistryClient(gatewayConfig);
7109
7603
  const modelRuntimeClient = createModelRuntimeClient(gatewayConfig);
7110
7604
  const packsClient = createPacksClient(gatewayConfig);
@@ -7154,11 +7648,11 @@ function createLucernClient(config = {}) {
7154
7648
  }
7155
7649
  }
7156
7650
  const invokeCustomTool = async (fullName, input = {}) => {
7157
- const payload = input && typeof input === "object" && !Array.isArray(input) ? input : {};
7651
+ const payload = normalizeCustomToolPayload(input);
7158
7652
  return invokeRegisteredCustomTool(fullName, payload, { source: "sdk" });
7159
7653
  };
7160
7654
  const getCustomNamespace = (namespace) => {
7161
- const normalized = namespace.trim() || "custom";
7655
+ const normalized = normalizeCustomNamespace(namespace);
7162
7656
  const cached = customNamespaceCache.get(normalized);
7163
7657
  if (cached) {
7164
7658
  return cached;
@@ -7476,9 +7970,24 @@ function createLucernClient(config = {}) {
7476
7970
  typeof input === "string" ? { nodeId: input } : input
7477
7971
  );
7478
7972
  },
7479
- create: graphClient.createNode,
7480
- update: graphClient.updateNode,
7481
- batchCreate: graphClient.batchCreateNodes,
7973
+ create(input, idempotencyKey) {
7974
+ return functionSurfaceClient.createEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
7975
+ },
7976
+ createEpistemicNode(input, idempotencyKey) {
7977
+ return functionSurfaceClient.createEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
7978
+ },
7979
+ update(input, idempotencyKey) {
7980
+ return functionSurfaceClient.updateEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
7981
+ },
7982
+ updateEpistemicNode(input, idempotencyKey) {
7983
+ return functionSurfaceClient.updateEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
7984
+ },
7985
+ batchCreate(input, idempotencyKey) {
7986
+ return functionSurfaceClient.batchCreateEpistemicNodes(input, idempotencyKey).then(exposeGatewayData);
7987
+ },
7988
+ batchCreateEpistemicNodes(input, idempotencyKey) {
7989
+ return functionSurfaceClient.batchCreateEpistemicNodes(input, idempotencyKey).then(exposeGatewayData);
7990
+ },
7482
7991
  listByTopicAndType(input) {
7483
7992
  return gateway.request({
7484
7993
  path: `/api/platform/v1/nodes${sdkQueryString({
@@ -7503,8 +8012,15 @@ function createLucernClient(config = {}) {
7503
8012
  })}`
7504
8013
  }).then(exposeGatewayData);
7505
8014
  },
7506
- supersede: graphClient.supersedeNode,
7507
- verify: graphClient.verifyNode,
8015
+ supersede(input, idempotencyKey) {
8016
+ return functionSurfaceClient.supersedeEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8017
+ },
8018
+ verify(input, idempotencyKey) {
8019
+ return functionSurfaceClient.verifyEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8020
+ },
8021
+ archive(input, idempotencyKey) {
8022
+ return functionSurfaceClient.archiveEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8023
+ },
7508
8024
  hardDelete: graphClient.hardDeleteNode
7509
8025
  };
7510
8026
  const publicationNamespace = {
@@ -7618,10 +8134,7 @@ function createLucernClient(config = {}) {
7618
8134
  return beliefsFacade.get(nodeId).then(exposeGatewayData);
7619
8135
  },
7620
8136
  refine(nodeId, textOrInput, rationale) {
7621
- const payload = typeof textOrInput === "string" ? { text: textOrInput, rationale } : {
7622
- text: textOrInput.text,
7623
- rationale: textOrInput.rationale
7624
- };
8137
+ const payload = buildBeliefsRefinePayload(textOrInput, rationale);
7625
8138
  return beliefsFacade.refine(nodeId, payload).then(exposeGatewayData);
7626
8139
  },
7627
8140
  updateConfidence(nodeId, input) {
@@ -7659,7 +8172,7 @@ function createLucernClient(config = {}) {
7659
8172
  }).then(exposeGatewayData);
7660
8173
  },
7661
8174
  archive(nodeId, input) {
7662
- const payload = typeof input === "string" ? { reason: input } : input ? { reason: input.reason ?? input.rationale } : void 0;
8175
+ const payload = buildBeliefsArchivePayload(input);
7663
8176
  return beliefsFacade.archive(nodeId, payload).then(exposeGatewayData);
7664
8177
  },
7665
8178
  list(args) {
@@ -7714,7 +8227,13 @@ function createLucernClient(config = {}) {
7714
8227
  }
7715
8228
  },
7716
8229
  edges: {
7717
- create(args) {
8230
+ create(args, idempotencyKey) {
8231
+ if (args.from && args.to) {
8232
+ return functionSurfaceClient.createEdge(args, idempotencyKey).then(exposeGatewayData);
8233
+ }
8234
+ if (!args.sourceId || !args.targetId) {
8235
+ throw new Error("from/to graph refs or sourceId/targetId are required");
8236
+ }
7718
8237
  return edgesFacade.create({
7719
8238
  sourceId: args.sourceId,
7720
8239
  targetId: args.targetId,
@@ -7725,17 +8244,32 @@ function createLucernClient(config = {}) {
7725
8244
  context: args.context ?? args.reasoning
7726
8245
  }).then(exposeGatewayData);
7727
8246
  },
8247
+ createEdge(input, idempotencyKey) {
8248
+ return functionSurfaceClient.createEdge(input, idempotencyKey).then(exposeGatewayData);
8249
+ },
7728
8250
  update(input, idempotencyKey) {
7729
- return edgesFacade.update(input, idempotencyKey).then(exposeGatewayData);
8251
+ return functionSurfaceClient.updateEdge(input, idempotencyKey).then(exposeGatewayData);
8252
+ },
8253
+ updateEdge(input, idempotencyKey) {
8254
+ return functionSurfaceClient.updateEdge(input, idempotencyKey).then(exposeGatewayData);
7730
8255
  },
7731
8256
  remove(input, idempotencyKey) {
7732
- return edgesFacade.remove(input, idempotencyKey).then(exposeGatewayData);
8257
+ return functionSurfaceClient.removeEdge(input, idempotencyKey).then(exposeGatewayData);
8258
+ },
8259
+ removeEdge(input, idempotencyKey) {
8260
+ return functionSurfaceClient.removeEdge(input, idempotencyKey).then(exposeGatewayData);
7733
8261
  },
7734
8262
  removeBetween(input, idempotencyKey) {
7735
- return edgesFacade.removeBetween(input, idempotencyKey).then(exposeGatewayData);
8263
+ return functionSurfaceClient.removeEdgesBetween(input, idempotencyKey).then(exposeGatewayData);
8264
+ },
8265
+ removeEdgesBetween(input, idempotencyKey) {
8266
+ return functionSurfaceClient.removeEdgesBetween(input, idempotencyKey).then(exposeGatewayData);
7736
8267
  },
7737
8268
  batchCreate(input, idempotencyKey) {
7738
- return edgesFacade.batchCreate(input, idempotencyKey).then(exposeGatewayData);
8269
+ return functionSurfaceClient.batchCreateEdges(input, idempotencyKey).then(exposeGatewayData);
8270
+ },
8271
+ batchCreateEdges(input, idempotencyKey) {
8272
+ return functionSurfaceClient.batchCreateEdges(input, idempotencyKey).then(exposeGatewayData);
7739
8273
  },
7740
8274
  delete(input, idempotencyKey) {
7741
8275
  return edgesFacade.delete(input, idempotencyKey).then(exposeGatewayData);
@@ -8447,17 +8981,7 @@ function createLucernClient(config = {}) {
8447
8981
  },
8448
8982
  get: topicsFacade.get,
8449
8983
  create(input) {
8450
- return topicsFacade.create({
8451
- name: input.name,
8452
- description: input.description,
8453
- type: input.type,
8454
- parentTopicId: input.parentTopicId,
8455
- ontologyId: input.ontologyId,
8456
- tenantId: input.tenantId,
8457
- workspaceId: input.workspaceId,
8458
- visibility: input.visibility,
8459
- createdBy: input.createdBy
8460
- });
8984
+ return functionSurfaceClient.createTopic(input).then(exposeGatewayData);
8461
8985
  },
8462
8986
  update(topicId, input) {
8463
8987
  return topicsFacade.update({
@@ -8491,7 +9015,19 @@ function createLucernClient(config = {}) {
8491
9015
  });
8492
9016
  },
8493
9017
  remove: topicsFacade.remove,
8494
- bulkCreate: topicsFacade.bulkCreate
9018
+ bulkCreate: topicsFacade.bulkCreate,
9019
+ materializeGraph(input = {}, idempotencyKey) {
9020
+ return functionSurfaceClient.materializeTopicGraph(input, idempotencyKey).then(exposeGatewayData);
9021
+ },
9022
+ materializeTopicGraph(input = {}, idempotencyKey) {
9023
+ return functionSurfaceClient.materializeTopicGraph(input, idempotencyKey).then(exposeGatewayData);
9024
+ },
9025
+ graphSpine(input = {}) {
9026
+ return functionSurfaceClient.getTopicGraphSpine(input).then(exposeGatewayData);
9027
+ },
9028
+ getTopicGraphSpine(input = {}) {
9029
+ return functionSurfaceClient.getTopicGraphSpine(input).then(exposeGatewayData);
9030
+ }
8495
9031
  },
8496
9032
  answers: {
8497
9033
  create(input) {
@@ -8699,7 +9235,7 @@ function createLucernClient(config = {}) {
8699
9235
  list: listRegisteredCustomTools,
8700
9236
  clear: clearRegisteredCustomTools,
8701
9237
  invoke(name, input = {}) {
8702
- const fullName = name.includes(".") ? name : `custom.${name}`;
9238
+ const fullName = resolveCustomToolFullName(name);
8703
9239
  return invokeCustomTool(fullName, input);
8704
9240
  },
8705
9241
  namespace: getCustomNamespace
@@ -8726,8 +9262,16 @@ function createLucernClient(config = {}) {
8726
9262
  disable: packsClient.disable
8727
9263
  },
8728
9264
  nodes: nodesNamespace,
9265
+ controlPlane: {
9266
+ identity: {
9267
+ resolveInteractivePrincipal: controlPlaneClient.identity.resolveInteractivePrincipal
9268
+ },
9269
+ raw: controlPlaneClient
9270
+ },
8729
9271
  identity: {
8730
9272
  ...identityFacade,
9273
+ access: accessControlClient,
9274
+ resolveInteractivePrincipal: identityClient.resolveInteractivePrincipal,
8731
9275
  evaluatePolicy: identityClient.evaluatePolicy,
8732
9276
  recordPolicyDecision: identityClient.recordPolicyDecision,
8733
9277
  putSecretReference: identityClient.putSecretReference,
@@ -8772,6 +9316,7 @@ function createLucernClient(config = {}) {
8772
9316
  ontologyLinks: ontologyLinksClient,
8773
9317
  orgGraphSearch: orgGraphSearchClient,
8774
9318
  functionSurface: functionSurfaceClient,
9319
+ controlPlane: controlPlaneClient,
8775
9320
  toolRegistry: toolRegistryClient,
8776
9321
  modelRuntime: modelRuntimeClient,
8777
9322
  packs: packsClient,