@lucern/sdk 0.3.0-alpha.8 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (155) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/README.md +60 -1
  3. package/dist/accessControl.d.ts +79 -0
  4. package/dist/accessControl.js +1270 -0
  5. package/dist/accessControl.js.map +1 -0
  6. package/dist/adminClient.js +19 -1
  7. package/dist/adminClient.js.map +1 -1
  8. package/dist/answersClient.js +19 -1
  9. package/dist/answersClient.js.map +1 -1
  10. package/dist/audiencesClient.js +19 -1
  11. package/dist/audiencesClient.js.map +1 -1
  12. package/dist/auditClient.js +19 -1
  13. package/dist/auditClient.js.map +1 -1
  14. package/dist/authContext.d.ts +2 -2
  15. package/dist/authContext.js.map +1 -1
  16. package/dist/beliefs/index.d.ts +3 -0
  17. package/dist/beliefs/index.js +1212 -667
  18. package/dist/beliefs/index.js.map +1 -1
  19. package/dist/beliefsClient.js +19 -1
  20. package/dist/beliefsClient.js.map +1 -1
  21. package/dist/client.d.ts +147 -68
  22. package/dist/client.js +1212 -667
  23. package/dist/client.js.map +1 -1
  24. package/dist/clientHelpers.d.ts +21 -2
  25. package/dist/clientHelpers.js +16 -1
  26. package/dist/clientHelpers.js.map +1 -1
  27. package/dist/contextClient.js +19 -1
  28. package/dist/contextClient.js.map +1 -1
  29. package/dist/contracts/api-enums.contract.d.ts +1 -1
  30. package/dist/contracts/api-enums.contract.js +6 -1
  31. package/dist/contracts/api-enums.contract.js.map +1 -1
  32. package/dist/contracts/auth-session.contract.d.ts +1 -1
  33. package/dist/contracts/auth-session.contract.js +14 -2
  34. package/dist/contracts/auth-session.contract.js.map +1 -1
  35. package/dist/contracts/index.js +26 -3
  36. package/dist/contracts/index.js.map +1 -1
  37. package/dist/contracts/mcpTools.js +6 -0
  38. package/dist/contracts/mcpTools.js.map +1 -1
  39. package/dist/contradictions/index.d.ts +3 -0
  40. package/dist/contradictions/index.js +1212 -667
  41. package/dist/contradictions/index.js.map +1 -1
  42. package/dist/control-plane.d.ts +69 -0
  43. package/dist/control-plane.js +674 -0
  44. package/dist/control-plane.js.map +1 -0
  45. package/dist/coreClient.d.ts +17 -1
  46. package/dist/coreClient.js +19 -1
  47. package/dist/coreClient.js.map +1 -1
  48. package/dist/decisions/index.d.ts +3 -0
  49. package/dist/decisions/index.js +1212 -667
  50. package/dist/decisions/index.js.map +1 -1
  51. package/dist/decisionsClient.js +19 -1
  52. package/dist/decisionsClient.js.map +1 -1
  53. package/dist/edges/index.d.ts +27 -84
  54. package/dist/edges/index.js +1212 -667
  55. package/dist/edges/index.js.map +1 -1
  56. package/dist/embeddingsClient.js +19 -1
  57. package/dist/embeddingsClient.js.map +1 -1
  58. package/dist/eventingClient.js +19 -1
  59. package/dist/eventingClient.js.map +1 -1
  60. package/dist/eventsCore.js +19 -1
  61. package/dist/eventsCore.js.map +1 -1
  62. package/dist/evidence/index.d.ts +3 -0
  63. package/dist/evidence/index.js +1212 -667
  64. package/dist/evidence/index.js.map +1 -1
  65. package/dist/evidenceClient.js +19 -1
  66. package/dist/evidenceClient.js.map +1 -1
  67. package/dist/functionSurface.d.ts +16 -1
  68. package/dist/functionSurface.js +95 -2
  69. package/dist/functionSurface.js.map +1 -1
  70. package/dist/functionSurfaceClient.js +95 -2
  71. package/dist/functionSurfaceClient.js.map +1 -1
  72. package/dist/gatewayFacades.d.ts +29 -2
  73. package/dist/gatewayFacades.js +156 -8
  74. package/dist/gatewayFacades.js.map +1 -1
  75. package/dist/graphAnalysisClient.js +19 -1
  76. package/dist/graphAnalysisClient.js.map +1 -1
  77. package/dist/graphClient.d.ts +1 -0
  78. package/dist/graphClient.js +19 -1
  79. package/dist/graphClient.js.map +1 -1
  80. package/dist/graphIntel.d.ts +1 -0
  81. package/dist/graphRecommendationsClient.js +19 -1
  82. package/dist/graphRecommendationsClient.js.map +1 -1
  83. package/dist/graphStateClassifierClient.js +19 -1
  84. package/dist/graphStateClassifierClient.js.map +1 -1
  85. package/dist/harnessClient.js +19 -1
  86. package/dist/harnessClient.js.map +1 -1
  87. package/dist/identityClient.d.ts +19 -1
  88. package/dist/identityClient.js +152 -6
  89. package/dist/identityClient.js.map +1 -1
  90. package/dist/index.d.ts +5 -1
  91. package/dist/index.js +1428 -799
  92. package/dist/index.js.map +1 -1
  93. package/dist/infisicalRuntime.d.ts +1 -0
  94. package/dist/infisicalRuntime.js +64 -32
  95. package/dist/infisicalRuntime.js.map +1 -1
  96. package/dist/jobsClient.js +19 -1
  97. package/dist/jobsClient.js.map +1 -1
  98. package/dist/learningClient.js +19 -1
  99. package/dist/learningClient.js.map +1 -1
  100. package/dist/lenses/index.d.ts +3 -0
  101. package/dist/lenses/index.js +1212 -667
  102. package/dist/lenses/index.js.map +1 -1
  103. package/dist/mcpClient.js +21 -2
  104. package/dist/mcpClient.js.map +1 -1
  105. package/dist/modelRuntimeClient.js +19 -1
  106. package/dist/modelRuntimeClient.js.map +1 -1
  107. package/dist/nodes/index.d.ts +22 -15
  108. package/dist/nodes/index.js +1212 -667
  109. package/dist/nodes/index.js.map +1 -1
  110. package/dist/ontologies/index.d.ts +3 -0
  111. package/dist/ontologies/index.js +1212 -667
  112. package/dist/ontologies/index.js.map +1 -1
  113. package/dist/ontologyClient.js +19 -1
  114. package/dist/ontologyClient.js.map +1 -1
  115. package/dist/ontologyLinksClient.js +19 -1
  116. package/dist/ontologyLinksClient.js.map +1 -1
  117. package/dist/orgGraphSearchClient.js +19 -1
  118. package/dist/orgGraphSearchClient.js.map +1 -1
  119. package/dist/packsClient.js +19 -1
  120. package/dist/packsClient.js.map +1 -1
  121. package/dist/policyClient.js +19 -1
  122. package/dist/policyClient.js.map +1 -1
  123. package/dist/questions/index.d.ts +3 -0
  124. package/dist/questions/index.js +1212 -667
  125. package/dist/questions/index.js.map +1 -1
  126. package/dist/reportsClient.js +19 -1
  127. package/dist/reportsClient.js.map +1 -1
  128. package/dist/schemaClient.js +19 -1
  129. package/dist/schemaClient.js.map +1 -1
  130. package/dist/secrets.d.ts +1 -0
  131. package/dist/secrets.js +3 -0
  132. package/dist/secrets.js.map +1 -0
  133. package/dist/sourcesClient.js +19 -1
  134. package/dist/sourcesClient.js.map +1 -1
  135. package/dist/telemetryClient.js +19 -1
  136. package/dist/telemetryClient.js.map +1 -1
  137. package/dist/toolRegistryClient.js +19 -1
  138. package/dist/toolRegistryClient.js.map +1 -1
  139. package/dist/topics/index.d.ts +12 -3
  140. package/dist/topics/index.js +1214 -667
  141. package/dist/topics/index.js.map +1 -1
  142. package/dist/topicsClient.d.ts +2 -0
  143. package/dist/topicsClient.js +19 -1
  144. package/dist/topicsClient.js.map +1 -1
  145. package/dist/types.d.ts +17 -0
  146. package/dist/version.d.ts +1 -1
  147. package/dist/version.js +1 -1
  148. package/dist/version.js.map +1 -1
  149. package/dist/workflowClient.d.ts +2 -0
  150. package/dist/workflowClient.js +19 -1
  151. package/dist/workflowClient.js.map +1 -1
  152. package/dist/worktrees/index.d.ts +3 -0
  153. package/dist/worktrees/index.js +1212 -667
  154. package/dist/worktrees/index.js.map +1 -1
  155. package/package.json +9 -4
@@ -36,14 +36,14 @@ function requireString(value, reason, label) {
36
36
  }
37
37
  return normalized;
38
38
  }
39
- function requirePrincipalType(principalType) {
40
- if (!principalType) {
39
+ function requirePrincipalType(principalType2) {
40
+ if (!principalType2) {
41
41
  throw new LucernSdkAuthContextError(
42
42
  "principal_missing",
43
43
  "Canonical Lucern SDK auth context is missing principalType."
44
44
  );
45
45
  }
46
- return principalType;
46
+ return principalType2;
47
47
  }
48
48
  function requireAuthMode(authMode) {
49
49
  if (!authMode) {
@@ -89,7 +89,7 @@ function normalizeCanonicalLucernAuthContext(input) {
89
89
  );
90
90
  const roles = cleanStringList(input.roles);
91
91
  const scopes = cleanStringList(input.scopes);
92
- const principalType = requirePrincipalType(input.principalType);
92
+ const principalType2 = requirePrincipalType(input.principalType);
93
93
  const authMode = requireAuthMode(input.authMode);
94
94
  const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
95
95
  if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
@@ -118,7 +118,7 @@ function normalizeCanonicalLucernAuthContext(input) {
118
118
  principalId,
119
119
  tenantId,
120
120
  workspaceId,
121
- principalType,
121
+ principalType: principalType2,
122
122
  authMode,
123
123
  roles,
124
124
  scopes,
@@ -349,13 +349,31 @@ function mergeHeaderRecord(base, addition) {
349
349
  }
350
350
  return Object.fromEntries(headers.entries());
351
351
  }
352
+ function cleanHeaderValue(value) {
353
+ const normalized = value?.trim();
354
+ return normalized ? normalized : void 0;
355
+ }
352
356
  function createGatewayRequestClient(config = {}) {
353
357
  const fetchImpl = config.fetchImpl ?? fetch;
354
358
  const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
355
359
  const maxRetries = config.maxRetries ?? 2;
356
360
  const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
357
361
  async function resolveAuthHeaders() {
358
- const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
362
+ const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};
363
+ const headers = new Headers(provided);
364
+ const setIfAbsent = (name, value) => {
365
+ const normalized = cleanHeaderValue(value);
366
+ if (normalized && !headers.has(name)) {
367
+ headers.set(name, normalized);
368
+ }
369
+ };
370
+ setIfAbsent("x-lucern-key", config.apiKey);
371
+ setIfAbsent("x-lucern-session-token", config.userToken);
372
+ setIfAbsent("x-lucern-environment", config.environment);
373
+ setIfAbsent("x-lucern-clerk-id", config.clerkId);
374
+ setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
375
+ setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
376
+ const base = Object.fromEntries(headers.entries());
359
377
  const authContextInput = await resolveConfiguredAuthContext(
360
378
  config.authContext
361
379
  );
@@ -1052,208 +1070,929 @@ function createAdminClient(config = {}) {
1052
1070
  };
1053
1071
  }
1054
1072
 
1055
- // src/answersClient.ts
1056
- function createAnswersClient(config = {}) {
1057
- const gateway = createGatewayRequestClient(config);
1073
+ // src/boundaryClientSurface.ts
1074
+ function cleanOptionalString(value) {
1075
+ const normalized = value?.trim();
1076
+ return normalized ? normalized : void 0;
1077
+ }
1078
+ function isRecord3(value) {
1079
+ return Boolean(value) && typeof value === "object" && !Array.isArray(value);
1080
+ }
1081
+ function cleanRequiredString(value, label) {
1082
+ const normalized = cleanOptionalString(value);
1083
+ if (!normalized) {
1084
+ throw new Error(`${label} is required`);
1085
+ }
1086
+ return normalized;
1087
+ }
1088
+ function readTopicId(input) {
1089
+ return cleanOptionalString(input.topicId) ?? cleanOptionalString(input.projectId);
1090
+ }
1091
+ function requireTopicId(input) {
1092
+ const topicId = readTopicId(input);
1093
+ if (!topicId) {
1094
+ throw new Error("topicId is required");
1095
+ }
1096
+ return topicId;
1097
+ }
1098
+ function assertKnownKeys(input, allowed, operation) {
1099
+ const allowedSet = new Set(allowed);
1100
+ const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1101
+ if (unknownKeys.length > 0) {
1102
+ throw new Error(
1103
+ `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1104
+ );
1105
+ }
1106
+ }
1107
+ function knownPayload(input, allowed, operation) {
1108
+ assertKnownKeys(input, allowed, operation);
1109
+ return { ...input };
1110
+ }
1111
+ function topicPayload(input, allowed, operation) {
1112
+ assertKnownKeys(input, allowed, operation);
1058
1113
  return {
1059
- /**
1060
- * Get the current answer for a question.
1061
- * @param questionId - The question node identifier.
1062
- * @returns The answer record for the given question.
1063
- */
1064
- async get(questionId) {
1065
- return gateway.request({
1066
- path: `/api/platform/v1/questions/${encodeURIComponent(questionId)}/answer`
1067
- });
1068
- }
1114
+ ...input,
1115
+ topicId: requireTopicId(input),
1116
+ projectId: void 0
1069
1117
  };
1070
1118
  }
1119
+ function listResultFromEnvelope(data, legacyKey) {
1120
+ const record = isRecord3(data) ? data : {};
1121
+ const legacyItems = record[legacyKey];
1122
+ return createListResult(
1123
+ Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
1124
+ legacyKey
1125
+ );
1126
+ }
1071
1127
 
1072
- // src/audiencesClient.ts
1073
- function createAudiencesClient(config = {}) {
1074
- const gateway = createGatewayRequestClient(config);
1075
- const listRegistry = async (query5 = {}) => {
1076
- return gateway.request({
1077
- path: `/api/platform/v1/audiences/registry${toQueryString({
1078
- ...query5,
1079
- effective: typeof query5.effective === "boolean" ? query5.effective ? "true" : "false" : void 0,
1080
- status: query5.status
1081
- })}`
1082
- }).then(
1083
- (response) => mapGatewayData(
1084
- response,
1085
- (data) => createListResult(Array.isArray(data) ? data : [], "registryEntries")
1086
- )
1087
- );
1088
- };
1089
- const createRegistryEntry = async (input, idempotencyKey) => {
1090
- return gateway.request({
1091
- path: "/api/platform/v1/audiences/registry",
1092
- method: "POST",
1093
- body: input,
1094
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1095
- });
1096
- };
1097
- const updateRegistryEntry = createRegistryEntry;
1098
- const upsertRegistry = createRegistryEntry;
1099
- const getRegistry = listRegistry;
1100
- const listGrants = async (query5 = {}) => {
1101
- return gateway.request({
1102
- path: `/api/platform/v1/audiences/grants${toQueryString({
1103
- ...query5,
1104
- audienceKey: query5.audienceKey,
1105
- principalId: query5.principalId,
1106
- groupId: query5.groupId,
1107
- status: query5.status
1108
- })}`
1109
- }).then(
1110
- (response) => mapGatewayData(
1111
- response,
1112
- (data) => createListResult(Array.isArray(data) ? data : [], "grants")
1113
- )
1114
- );
1115
- };
1116
- const createGrant = async (input, idempotencyKey) => {
1117
- return gateway.request({
1118
- path: "/api/platform/v1/audiences/grants",
1119
- method: "POST",
1120
- body: input,
1121
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1122
- });
1123
- };
1124
- const getGrants = listGrants;
1125
- const grant = createGrant;
1126
- const deleteGrant = async (input, idempotencyKey) => {
1127
- return gateway.request({
1128
- path: "/api/platform/v1/audiences/grants/revoke",
1129
- method: "POST",
1130
- body: input,
1131
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1128
+ // src/control-plane.ts
1129
+ var LucernControlPlaneIdentityError = class extends Error {
1130
+ reason;
1131
+ principalStatus;
1132
+ tenantStatus;
1133
+ workspaceStatus;
1134
+ details;
1135
+ constructor(failure) {
1136
+ super(failure.message);
1137
+ this.name = "LucernControlPlaneIdentityError";
1138
+ this.reason = failure.reason;
1139
+ this.principalStatus = failure.principalStatus;
1140
+ this.tenantStatus = failure.tenantStatus;
1141
+ this.workspaceStatus = failure.workspaceStatus;
1142
+ this.details = failure.details;
1143
+ }
1144
+ };
1145
+ function cleanString3(value) {
1146
+ return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
1147
+ }
1148
+ function stringList(value) {
1149
+ if (!Array.isArray(value)) {
1150
+ return [];
1151
+ }
1152
+ return [
1153
+ ...new Set(
1154
+ value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
1155
+ )
1156
+ ];
1157
+ }
1158
+ function principalType(value) {
1159
+ switch (value) {
1160
+ case "service":
1161
+ case "service_principal":
1162
+ return "service";
1163
+ case "agent":
1164
+ return "agent";
1165
+ case "group":
1166
+ return "group";
1167
+ case "external_viewer":
1168
+ case "external_stakeholder":
1169
+ return "external_viewer";
1170
+ default:
1171
+ return "human";
1172
+ }
1173
+ }
1174
+ function adminFlags(roles) {
1175
+ const normalized = roles.map((role) => role.toLowerCase());
1176
+ const isPlatformAdmin = normalized.includes("platform_admin");
1177
+ const isTenantAdmin = isPlatformAdmin || normalized.includes("tenant_admin");
1178
+ const isWorkspaceAdmin = isTenantAdmin || normalized.includes("workspace_admin") || normalized.includes("workspace_owner");
1179
+ return { isPlatformAdmin, isTenantAdmin, isWorkspaceAdmin };
1180
+ }
1181
+ function normalizeResolvedInteractivePrincipal(payload) {
1182
+ if ("ok" in payload && payload.ok === false) {
1183
+ throw new LucernControlPlaneIdentityError(payload);
1184
+ }
1185
+ const principalId = cleanString3(payload.principalId);
1186
+ const clerkId = cleanString3(payload.clerkId);
1187
+ const tenantId = cleanString3(payload.tenantId);
1188
+ if (!principalId || !clerkId || !tenantId) {
1189
+ throw new LucernControlPlaneIdentityError({
1190
+ ok: false,
1191
+ reason: "resolver_unavailable",
1192
+ message: "Control-plane principal resolver returned an incomplete principal context.",
1193
+ principalStatus: payload.principalStatus ?? "missing",
1194
+ tenantStatus: payload.tenantStatus,
1195
+ workspaceStatus: payload.workspaceStatus
1132
1196
  });
1133
- };
1134
- const revokeGrant = deleteGrant;
1197
+ }
1198
+ const roles = stringList(payload.roles);
1199
+ const scopes = stringList(payload.scopes);
1200
+ const workspaceId = cleanString3(payload.workspaceId) ?? null;
1201
+ const flags = adminFlags(roles);
1135
1202
  return {
1136
- /**
1137
- * List audience registry entries.
1138
- */
1139
- listRegistry,
1140
- /**
1141
- * @deprecated Use listRegistry.
1142
- */
1143
- getRegistry,
1144
- /**
1145
- * Create an audience registry entry.
1146
- */
1147
- createRegistryEntry,
1148
- /**
1149
- * Update an audience registry entry.
1150
- */
1151
- updateRegistryEntry,
1152
- /**
1153
- * @deprecated Use createRegistryEntry or updateRegistryEntry.
1154
- */
1155
- upsertRegistry,
1156
- /**
1157
- * List audience grants.
1158
- */
1159
- listGrants,
1160
- /**
1161
- * @deprecated Use listGrants.
1162
- */
1163
- getGrants,
1164
- /**
1165
- * Create an audience grant.
1166
- */
1167
- createGrant,
1168
- /**
1169
- * @deprecated Use createGrant.
1170
- */
1171
- grant,
1172
- /**
1173
- * Delete an audience grant by revoking it.
1174
- */
1175
- deleteGrant,
1176
- /**
1177
- * @deprecated Use deleteGrant.
1178
- */
1179
- revokeGrant
1203
+ principalId,
1204
+ principalType: principalType(payload.principalType),
1205
+ clerkId,
1206
+ tenantId,
1207
+ workspaceId,
1208
+ roles,
1209
+ scopes,
1210
+ groupIds: stringList(payload.groupIds),
1211
+ permittedToolNames: stringList(payload.permittedToolNames),
1212
+ permittedPackKeys: stringList(payload.permittedPackKeys),
1213
+ principalStatus: cleanString3(payload.principalStatus) ?? "active",
1214
+ tenantStatus: cleanString3(payload.tenantStatus) ?? "active",
1215
+ workspaceStatus: cleanString3(payload.workspaceStatus) ?? (workspaceId ? "active" : "none"),
1216
+ isPlatformAdmin: typeof payload.isPlatformAdmin === "boolean" ? payload.isPlatformAdmin : flags.isPlatformAdmin,
1217
+ isTenantAdmin: typeof payload.isTenantAdmin === "boolean" ? payload.isTenantAdmin : flags.isTenantAdmin,
1218
+ isWorkspaceAdmin: typeof payload.isWorkspaceAdmin === "boolean" ? payload.isWorkspaceAdmin : flags.isWorkspaceAdmin,
1219
+ permit: {
1220
+ subject: cleanString3(payload.permit?.subject) ?? principalId,
1221
+ tenant: cleanString3(payload.permit?.tenant) ?? tenantId,
1222
+ ...workspaceId ? { workspace: cleanString3(payload.permit?.workspace) ?? workspaceId } : {}
1223
+ },
1224
+ authMode: "interactive_user",
1225
+ sessionId: payload.sessionId,
1226
+ delegatedBy: payload.delegatedBy,
1227
+ expiresAt: payload.expiresAt
1180
1228
  };
1181
1229
  }
1182
-
1183
- // src/auditClient.ts
1184
- function createAuditClient(config = {}) {
1230
+ function createControlPlaneIdentityClient(config = {}) {
1185
1231
  const gateway = createGatewayRequestClient(config);
1186
1232
  return {
1187
- /**
1188
- * List audit events for the current scope.
1189
- */
1190
- async listEvents(query5 = {}) {
1233
+ async resolveInteractivePrincipal(input) {
1191
1234
  return gateway.request({
1192
- path: `/api/platform/v1/audit/events${toQueryString(
1193
- normalizeTopicQuery(query5)
1194
- )}`
1235
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1236
+ method: "POST",
1237
+ body: input
1195
1238
  }).then(
1196
- (response) => mapGatewayData(
1197
- response,
1198
- (data) => createListResult(Array.isArray(data) ? data : [], "events")
1199
- )
1239
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1200
1240
  );
1201
1241
  }
1202
1242
  };
1203
1243
  }
1204
-
1205
- // src/authDeviceClient.ts
1206
- var DeviceAuthorizationError = class extends Error {
1207
- error;
1208
- interval;
1209
- constructor(args) {
1210
- super(args.description ?? args.error);
1211
- this.name = "DeviceAuthorizationError";
1212
- this.error = args.error;
1213
- this.interval = args.interval;
1214
- }
1215
- };
1216
- function authBaseUrl(config) {
1217
- return config.baseUrl?.replace(/\/+$/, "") ?? "";
1218
- }
1219
- async function readJson(response) {
1220
- try {
1221
- const payload = await response.json();
1222
- return isRecord3(payload) ? payload : {};
1223
- } catch (error) {
1224
- return unreadableJsonBodyFallback();
1225
- }
1226
- }
1227
- function unreadableJsonBodyFallback(_error) {
1228
- return {};
1229
- }
1230
- function isRecord3(value) {
1231
- return value !== null && typeof value === "object" && !Array.isArray(value);
1232
- }
1233
- function readString(value) {
1234
- const normalized = typeof value === "string" ? value.trim() : "";
1235
- return normalized || void 0;
1236
- }
1237
- function assertDeviceCodeResponse(payload) {
1238
- const deviceCode = readString(payload.device_code);
1239
- const userCode = readString(payload.user_code);
1240
- const verificationUri = readString(payload.verification_uri);
1241
- const verificationUriComplete = readString(payload.verification_uri_complete);
1242
- const expiresIn = payload.expires_in;
1243
- const interval = payload.interval;
1244
- if (!deviceCode || !userCode || !verificationUri || !verificationUriComplete || typeof expiresIn !== "number" || typeof interval !== "number") {
1245
- throw new Error("Gateway returned an invalid device-code response.");
1246
- }
1244
+ function createControlPlaneClient(config = {}) {
1247
1245
  return {
1248
- device_code: deviceCode,
1249
- user_code: userCode,
1250
- verification_uri: verificationUri,
1251
- verification_uri_complete: verificationUriComplete,
1252
- expires_in: expiresIn,
1253
- interval
1246
+ identity: createControlPlaneIdentityClient(config)
1254
1247
  };
1255
1248
  }
1256
- function assertDeviceTokenResponse(payload) {
1249
+
1250
+ // src/identityClient.ts
1251
+ function createIdentityWhoamiClient(config = {}) {
1252
+ const gateway = createGatewayRequestClient(config);
1253
+ return {
1254
+ async whoami() {
1255
+ return gateway.request({
1256
+ path: "/api/platform/v1/identity/whoami"
1257
+ });
1258
+ }
1259
+ };
1260
+ }
1261
+ var TENANT_IDENTITY_FIELDS = [
1262
+ "tenantId",
1263
+ "workspaceId",
1264
+ "principalId",
1265
+ "integrationKey",
1266
+ "secretRef",
1267
+ "policySubject",
1268
+ "policyAction",
1269
+ "policyResource",
1270
+ "decision",
1271
+ "config",
1272
+ "configKey",
1273
+ "configValue",
1274
+ "provider",
1275
+ "status",
1276
+ "metadata",
1277
+ "limit",
1278
+ "cursor"
1279
+ ];
1280
+ function tenantIdentityQuery(input) {
1281
+ return {
1282
+ tenantId: cleanRequiredString(input.tenantId, "tenantId"),
1283
+ workspaceId: input.workspaceId,
1284
+ principalId: input.principalId,
1285
+ limit: input.limit,
1286
+ cursor: input.cursor
1287
+ };
1288
+ }
1289
+ function tenantIdentityBody(input, operation) {
1290
+ return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
1291
+ }
1292
+ function createIdentityClient(config = {}) {
1293
+ const gateway = createGatewayRequestClient(config);
1294
+ const whoamiClient = createIdentityWhoamiClient(config);
1295
+ const requestPrincipalWrite = (method, input, idempotencyKey) => gateway.request({
1296
+ path: "/api/platform/v1/identity/principals",
1297
+ method,
1298
+ body: input,
1299
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1300
+ });
1301
+ const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
1302
+ const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
1303
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
1304
+ method: "POST",
1305
+ body: input,
1306
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1307
+ });
1308
+ return {
1309
+ /**
1310
+ * Resolve the current authenticated identity summary.
1311
+ */
1312
+ async whoami() {
1313
+ return whoamiClient.whoami().then(
1314
+ (response) => mapGatewayData(response, (data) => ({
1315
+ principalId: data.principalId,
1316
+ principalType: data.principalType,
1317
+ clerkId: data.clerkId,
1318
+ tenantId: data.tenantId ?? null,
1319
+ workspaceId: data.workspaceId ?? null,
1320
+ scopes: Array.isArray(data.scopes) ? data.scopes : [],
1321
+ roles: Array.isArray(data.roles) ? data.roles : [],
1322
+ groupIds: Array.isArray(data.groupIds) ? data.groupIds : [],
1323
+ permittedToolNames: Array.isArray(data.permittedToolNames) ? data.permittedToolNames : [],
1324
+ permittedPackKeys: Array.isArray(data.permittedPackKeys) ? data.permittedPackKeys : [],
1325
+ principalStatus: data.principalStatus,
1326
+ tenantStatus: data.tenantStatus,
1327
+ workspaceStatus: data.workspaceStatus,
1328
+ isPlatformAdmin: data.isPlatformAdmin === true,
1329
+ isTenantAdmin: data.isTenantAdmin === true,
1330
+ isWorkspaceAdmin: data.isWorkspaceAdmin === true,
1331
+ permit: data.permit ?? (data.tenantId ? {
1332
+ subject: data.principalId,
1333
+ tenant: data.tenantId,
1334
+ ...data.workspaceId ? { workspace: data.workspaceId } : {}
1335
+ } : void 0),
1336
+ authMode: data.authMode,
1337
+ sessionId: data.sessionId,
1338
+ delegatedBy: data.delegatedBy,
1339
+ expiresAt: data.expiresAt
1340
+ }))
1341
+ );
1342
+ },
1343
+ /**
1344
+ * Resolve a Clerk subject through the tenant control-plane Permit projection.
1345
+ * @deprecated Prefer lucern.controlPlane.identity.resolveInteractivePrincipal().
1346
+ */
1347
+ async resolveInteractivePrincipal(input) {
1348
+ return gateway.request({
1349
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1350
+ method: "POST",
1351
+ body: input
1352
+ }).then(
1353
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1354
+ );
1355
+ },
1356
+ /**
1357
+ * List principals in the current identity scope.
1358
+ */
1359
+ async listPrincipals(query5 = {}) {
1360
+ return gateway.request({
1361
+ path: `/api/platform/v1/identity/principals${toQueryString(query5)}`
1362
+ }).then(
1363
+ (response) => mapGatewayData(
1364
+ response,
1365
+ (data) => createListResult(
1366
+ Array.isArray(data) ? data : [],
1367
+ "principals"
1368
+ )
1369
+ )
1370
+ );
1371
+ },
1372
+ /**
1373
+ * Create a principal.
1374
+ */
1375
+ async createPrincipal(input, idempotencyKey) {
1376
+ return requestPrincipalWrite("POST", input, idempotencyKey);
1377
+ },
1378
+ /**
1379
+ * Update a principal.
1380
+ */
1381
+ updatePrincipal,
1382
+ /**
1383
+ * @deprecated Use createPrincipal or updatePrincipal.
1384
+ */
1385
+ upsertPrincipal: updatePrincipal,
1386
+ /**
1387
+ * List keys in the current identity scope.
1388
+ */
1389
+ async listKeys(query5 = {}) {
1390
+ return gateway.request({
1391
+ path: `/api/platform/v1/identity/keys${toQueryString(query5)}`
1392
+ }).then(
1393
+ (response) => mapGatewayData(
1394
+ response,
1395
+ (data) => createListResult(Array.isArray(data) ? data : [], "keys")
1396
+ )
1397
+ );
1398
+ },
1399
+ /**
1400
+ * Create an API key.
1401
+ */
1402
+ async createKey(input, idempotencyKey) {
1403
+ return gateway.request({
1404
+ path: "/api/platform/v1/identity/keys",
1405
+ method: "POST",
1406
+ body: input,
1407
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1408
+ });
1409
+ },
1410
+ /**
1411
+ * Rotate an API key.
1412
+ */
1413
+ async rotateKey(keyId, input = {}, idempotencyKey) {
1414
+ return gateway.request({
1415
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/rotate`,
1416
+ method: "POST",
1417
+ body: input,
1418
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1419
+ });
1420
+ },
1421
+ /**
1422
+ * Delete an API key by revoking it.
1423
+ */
1424
+ deleteKey,
1425
+ /**
1426
+ * @deprecated Use deleteKey.
1427
+ */
1428
+ revokeKey: deleteKey,
1429
+ /**
1430
+ * Search Clerk users by email or display attributes.
1431
+ */
1432
+ async searchClerkUsers(q) {
1433
+ return gateway.request({
1434
+ path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
1435
+ });
1436
+ },
1437
+ async getTenantConfig(input) {
1438
+ return gateway.request({
1439
+ path: `/api/platform/v1/identity/tenant-config${toQueryString(
1440
+ tenantIdentityQuery(input)
1441
+ )}`
1442
+ });
1443
+ },
1444
+ async updateTenantConfig(input, idempotencyKey) {
1445
+ cleanRequiredString(input.tenantId, "tenantId");
1446
+ return gateway.request({
1447
+ path: "/api/platform/v1/identity/tenant-config",
1448
+ method: "PATCH",
1449
+ body: tenantIdentityBody(
1450
+ input,
1451
+ "identity.updateTenantConfig"
1452
+ ),
1453
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1454
+ });
1455
+ },
1456
+ async listIntegrations(input) {
1457
+ return gateway.request({
1458
+ path: `/api/platform/v1/identity/integrations${toQueryString(
1459
+ tenantIdentityQuery(input)
1460
+ )}`
1461
+ }).then(
1462
+ (response) => mapGatewayData(
1463
+ response,
1464
+ (data) => listResultFromEnvelope(
1465
+ data,
1466
+ "integrations"
1467
+ )
1468
+ )
1469
+ );
1470
+ },
1471
+ async upsertIntegration(input, idempotencyKey) {
1472
+ cleanRequiredString(input.tenantId, "tenantId");
1473
+ cleanRequiredString(input.integrationKey, "integrationKey");
1474
+ return gateway.request({
1475
+ path: "/api/platform/v1/identity/integrations",
1476
+ method: "PUT",
1477
+ body: tenantIdentityBody(
1478
+ input,
1479
+ "identity.upsertIntegration"
1480
+ ),
1481
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1482
+ });
1483
+ },
1484
+ async listSecrets(input) {
1485
+ return gateway.request({
1486
+ path: `/api/platform/v1/identity/secrets${toQueryString(
1487
+ tenantIdentityQuery(input)
1488
+ )}`
1489
+ }).then(
1490
+ (response) => mapGatewayData(
1491
+ response,
1492
+ (data) => listResultFromEnvelope(
1493
+ data,
1494
+ "secrets"
1495
+ )
1496
+ )
1497
+ );
1498
+ },
1499
+ async putSecretReference(input, idempotencyKey) {
1500
+ cleanRequiredString(input.tenantId, "tenantId");
1501
+ cleanRequiredString(input.secretRef, "secretRef");
1502
+ return gateway.request({
1503
+ path: "/api/platform/v1/identity/secrets",
1504
+ method: "PUT",
1505
+ body: tenantIdentityBody(
1506
+ input,
1507
+ "identity.putSecretReference"
1508
+ ),
1509
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1510
+ });
1511
+ },
1512
+ async evaluatePolicy(input, idempotencyKey) {
1513
+ cleanRequiredString(input.tenantId, "tenantId");
1514
+ cleanRequiredString(input.policySubject, "policySubject");
1515
+ cleanRequiredString(input.policyAction, "policyAction");
1516
+ cleanRequiredString(input.policyResource, "policyResource");
1517
+ return gateway.request({
1518
+ path: "/api/platform/v1/identity/policy/evaluate",
1519
+ method: "POST",
1520
+ body: tenantIdentityBody(
1521
+ input,
1522
+ "identity.evaluatePolicy"
1523
+ ),
1524
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1525
+ });
1526
+ },
1527
+ async recordPolicyDecision(input, idempotencyKey) {
1528
+ cleanRequiredString(input.tenantId, "tenantId");
1529
+ cleanRequiredString(input.decision, "decision");
1530
+ return gateway.request({
1531
+ path: "/api/platform/v1/identity/policy/decisions",
1532
+ method: "POST",
1533
+ body: tenantIdentityBody(
1534
+ input,
1535
+ "identity.recordPolicyDecision"
1536
+ ),
1537
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1538
+ });
1539
+ }
1540
+ };
1541
+ }
1542
+
1543
+ // src/accessControl.ts
1544
+ var LucernAccessControlError = class extends LucernSdkAuthContextError {
1545
+ policyDecision;
1546
+ constructor(reason, message, policyDecision) {
1547
+ super(reason, message);
1548
+ this.name = "LucernAccessControlError";
1549
+ this.policyDecision = policyDecision;
1550
+ }
1551
+ };
1552
+ function cleanString4(value) {
1553
+ const normalized = value?.trim();
1554
+ return normalized ? normalized : void 0;
1555
+ }
1556
+ function cleanStringList2(values) {
1557
+ if (!values) {
1558
+ return [];
1559
+ }
1560
+ return [
1561
+ ...new Set(
1562
+ values.map((value) => value.trim()).filter((value) => value.length > 0)
1563
+ )
1564
+ ];
1565
+ }
1566
+ function requireString2(value, reason, label) {
1567
+ const normalized = cleanString4(value);
1568
+ if (!normalized) {
1569
+ throw new LucernAccessControlError(
1570
+ reason,
1571
+ `Lucern SDK access control requires ${label}.`
1572
+ );
1573
+ }
1574
+ return normalized;
1575
+ }
1576
+ function normalizePrincipalType(principalType2) {
1577
+ if (principalType2 === "agent") {
1578
+ return "agent";
1579
+ }
1580
+ if (principalType2 === "service") {
1581
+ return "service";
1582
+ }
1583
+ if (principalType2 === "group") {
1584
+ return "group";
1585
+ }
1586
+ if (principalType2 === "external_viewer") {
1587
+ return "external_viewer";
1588
+ }
1589
+ return "human";
1590
+ }
1591
+ function aliasKey(alias) {
1592
+ return `${alias.provider}:${alias.providerProjectId ?? ""}:${alias.externalSubjectId}`;
1593
+ }
1594
+ function normalizeAliases(input, canonicalClerkUserId) {
1595
+ const aliases = /* @__PURE__ */ new Map();
1596
+ for (const alias of input ?? []) {
1597
+ const externalSubjectId = cleanString4(alias.externalSubjectId);
1598
+ if (!externalSubjectId) {
1599
+ continue;
1600
+ }
1601
+ const normalized = {
1602
+ provider: cleanString4(alias.provider) ?? "clerk",
1603
+ providerProjectId: cleanString4(alias.providerProjectId),
1604
+ externalSubjectId,
1605
+ status: cleanString4(alias.status)
1606
+ };
1607
+ aliases.set(aliasKey(normalized), normalized);
1608
+ }
1609
+ if (canonicalClerkUserId) {
1610
+ const canonicalAlias = {
1611
+ provider: "clerk",
1612
+ externalSubjectId: canonicalClerkUserId,
1613
+ status: "active"
1614
+ };
1615
+ aliases.set(aliasKey(canonicalAlias), canonicalAlias);
1616
+ }
1617
+ return [...aliases.values()];
1618
+ }
1619
+ function isKnownClerkSubject(args) {
1620
+ if (args.clerkId === args.canonicalClerkUserId) {
1621
+ return true;
1622
+ }
1623
+ return args.aliases.some(
1624
+ (alias) => alias.provider === "clerk" && alias.externalSubjectId === args.clerkId
1625
+ );
1626
+ }
1627
+ function authContextToPrincipalInput(input) {
1628
+ const normalized = normalizeCanonicalLucernAuthContext(input);
1629
+ return {
1630
+ principalId: normalized.principalId,
1631
+ principalType: normalized.principalType,
1632
+ canonicalClerkUserId: normalized.clerkId,
1633
+ clerkId: normalized.clerkId,
1634
+ tenantId: normalized.tenantId,
1635
+ workspaceId: normalized.workspaceId,
1636
+ roles: normalized.roles,
1637
+ scopes: normalized.scopes
1638
+ };
1639
+ }
1640
+ function isAuthContextInput(input) {
1641
+ return "authMode" in input || "permit" in input || "delegationChain" in input;
1642
+ }
1643
+ function normalizeCanonicalPrincipalIdentity(input, options = {}) {
1644
+ const principalInput = isAuthContextInput(input) ? authContextToPrincipalInput(input) : input;
1645
+ const principalId = requireString2(
1646
+ principalInput.principalId,
1647
+ "principal_missing",
1648
+ "principalId"
1649
+ );
1650
+ const principalType2 = normalizePrincipalType(principalInput.principalType);
1651
+ const observedClerkId = cleanString4(options.observedClerkId);
1652
+ const canonicalClerkUserId = cleanString4(principalInput.canonicalClerkUserId) ?? cleanString4(principalInput.clerkId);
1653
+ if (principalType2 === "human" && !canonicalClerkUserId) {
1654
+ throw new LucernAccessControlError(
1655
+ "clerk_alias_missing",
1656
+ "Human principals require one canonical Clerk user id."
1657
+ );
1658
+ }
1659
+ const aliases = normalizeAliases(
1660
+ principalInput.clerkIdentityAliases,
1661
+ canonicalClerkUserId
1662
+ );
1663
+ if (observedClerkId && !isKnownClerkSubject({
1664
+ clerkId: observedClerkId,
1665
+ canonicalClerkUserId,
1666
+ aliases
1667
+ })) {
1668
+ throw new LucernAccessControlError(
1669
+ "clerk_alias_unrecognized",
1670
+ "Observed Clerk user id does not match the canonical human principal id."
1671
+ );
1672
+ }
1673
+ return {
1674
+ principalId,
1675
+ principalType: principalType2,
1676
+ canonicalClerkUserId,
1677
+ clerkIdentityAliases: aliases,
1678
+ tenantId: cleanString4(principalInput.tenantId),
1679
+ workspaceId: cleanString4(principalInput.workspaceId),
1680
+ roles: cleanStringList2(principalInput.roles),
1681
+ scopes: cleanStringList2(principalInput.scopes)
1682
+ };
1683
+ }
1684
+ function formatPermitResource(resource) {
1685
+ if (typeof resource === "string") {
1686
+ return requireString2(resource, "policy_denied", "policyResource");
1687
+ }
1688
+ const type = requireString2(resource.type, "policy_denied", "resource.type");
1689
+ const key = requireString2(resource.key, "policy_denied", "resource.key");
1690
+ return key.startsWith(`${type}:`) ? key : `${type}:${key}`;
1691
+ }
1692
+ function resourceRequiresWorkspace(resource) {
1693
+ if (typeof resource === "string") {
1694
+ return !resource.startsWith("tenant:");
1695
+ }
1696
+ return resource.type !== "tenant";
1697
+ }
1698
+ function buildPolicyInput(identity, input) {
1699
+ const tenantId = requireString2(
1700
+ input.tenantId ?? identity.tenantId,
1701
+ "tenant_missing",
1702
+ "tenantId"
1703
+ );
1704
+ const workspaceId = cleanString4(input.workspaceId ?? identity.workspaceId);
1705
+ if (resourceRequiresWorkspace(input.resource) && !workspaceId) {
1706
+ throw new LucernAccessControlError(
1707
+ "workspace_missing",
1708
+ "Workspace-scoped Permit checks require workspaceId."
1709
+ );
1710
+ }
1711
+ return {
1712
+ tenantId,
1713
+ workspaceId,
1714
+ principalId: identity.principalId,
1715
+ policySubject: identity.principalId,
1716
+ policyAction: requireString2(input.action, "policy_denied", "policyAction"),
1717
+ policyResource: formatPermitResource(input.resource),
1718
+ metadata: input.context
1719
+ };
1720
+ }
1721
+ async function resolveConfiguredPrincipalInput(authContext) {
1722
+ if (typeof authContext === "function") {
1723
+ return await authContext();
1724
+ }
1725
+ return authContext;
1726
+ }
1727
+ function assertPermitAllowed(decision) {
1728
+ if (decision.decision !== "allow") {
1729
+ throw new LucernAccessControlError(
1730
+ decision.decision === "deny" ? "policy_denied" : "policy_unknown",
1731
+ `Permit denied ${decision.policyAction} on ${decision.policyResource}.`,
1732
+ decision
1733
+ );
1734
+ }
1735
+ }
1736
+ function createAccessControlClient(config = {}) {
1737
+ const identityClient = createIdentityClient(config);
1738
+ async function resolveIdentity(input, observedClerkId) {
1739
+ const identityInput = input ?? await resolveConfiguredPrincipalInput(config.authContext);
1740
+ if (!identityInput) {
1741
+ throw new LucernAccessControlError(
1742
+ "principal_missing",
1743
+ "Lucern SDK access control requires a canonical principal identity."
1744
+ );
1745
+ }
1746
+ return normalizeCanonicalPrincipalIdentity(identityInput, {
1747
+ observedClerkId
1748
+ });
1749
+ }
1750
+ async function checkAccess(input, idempotencyKey) {
1751
+ const identity = await resolveIdentity(input.identity, input.observedClerkId);
1752
+ const policyInput = buildPolicyInput(identity, input);
1753
+ try {
1754
+ const response = await identityClient.evaluatePolicy(
1755
+ policyInput,
1756
+ idempotencyKey
1757
+ );
1758
+ return {
1759
+ identity,
1760
+ policyInput,
1761
+ decision: response.data
1762
+ };
1763
+ } catch (error) {
1764
+ if (error instanceof LucernSdkAuthContextError) {
1765
+ throw error;
1766
+ }
1767
+ throw new LucernAccessControlError(
1768
+ "policy_unavailable",
1769
+ "Permit policy check failed closed before an allow decision was returned."
1770
+ );
1771
+ }
1772
+ }
1773
+ async function requireAccess(input, idempotencyKey) {
1774
+ const result = await checkAccess(input, idempotencyKey);
1775
+ assertPermitAllowed(result.decision);
1776
+ return result;
1777
+ }
1778
+ async function canAccess(input, idempotencyKey) {
1779
+ try {
1780
+ await requireAccess(input, idempotencyKey);
1781
+ return true;
1782
+ } catch {
1783
+ return false;
1784
+ }
1785
+ }
1786
+ return {
1787
+ normalizePrincipal: normalizeCanonicalPrincipalIdentity,
1788
+ checkAccess,
1789
+ requireAccess,
1790
+ canAccess
1791
+ };
1792
+ }
1793
+
1794
+ // src/answersClient.ts
1795
+ function createAnswersClient(config = {}) {
1796
+ const gateway = createGatewayRequestClient(config);
1797
+ return {
1798
+ /**
1799
+ * Get the current answer for a question.
1800
+ * @param questionId - The question node identifier.
1801
+ * @returns The answer record for the given question.
1802
+ */
1803
+ async get(questionId) {
1804
+ return gateway.request({
1805
+ path: `/api/platform/v1/questions/${encodeURIComponent(questionId)}/answer`
1806
+ });
1807
+ }
1808
+ };
1809
+ }
1810
+
1811
+ // src/audiencesClient.ts
1812
+ function createAudiencesClient(config = {}) {
1813
+ const gateway = createGatewayRequestClient(config);
1814
+ const listRegistry = async (query5 = {}) => {
1815
+ return gateway.request({
1816
+ path: `/api/platform/v1/audiences/registry${toQueryString({
1817
+ ...query5,
1818
+ effective: typeof query5.effective === "boolean" ? query5.effective ? "true" : "false" : void 0,
1819
+ status: query5.status
1820
+ })}`
1821
+ }).then(
1822
+ (response) => mapGatewayData(
1823
+ response,
1824
+ (data) => createListResult(Array.isArray(data) ? data : [], "registryEntries")
1825
+ )
1826
+ );
1827
+ };
1828
+ const createRegistryEntry = async (input, idempotencyKey) => {
1829
+ return gateway.request({
1830
+ path: "/api/platform/v1/audiences/registry",
1831
+ method: "POST",
1832
+ body: input,
1833
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1834
+ });
1835
+ };
1836
+ const updateRegistryEntry = createRegistryEntry;
1837
+ const upsertRegistry = createRegistryEntry;
1838
+ const getRegistry = listRegistry;
1839
+ const listGrants = async (query5 = {}) => {
1840
+ return gateway.request({
1841
+ path: `/api/platform/v1/audiences/grants${toQueryString({
1842
+ ...query5,
1843
+ audienceKey: query5.audienceKey,
1844
+ principalId: query5.principalId,
1845
+ groupId: query5.groupId,
1846
+ status: query5.status
1847
+ })}`
1848
+ }).then(
1849
+ (response) => mapGatewayData(
1850
+ response,
1851
+ (data) => createListResult(Array.isArray(data) ? data : [], "grants")
1852
+ )
1853
+ );
1854
+ };
1855
+ const createGrant = async (input, idempotencyKey) => {
1856
+ return gateway.request({
1857
+ path: "/api/platform/v1/audiences/grants",
1858
+ method: "POST",
1859
+ body: input,
1860
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1861
+ });
1862
+ };
1863
+ const getGrants = listGrants;
1864
+ const grant = createGrant;
1865
+ const deleteGrant = async (input, idempotencyKey) => {
1866
+ return gateway.request({
1867
+ path: "/api/platform/v1/audiences/grants/revoke",
1868
+ method: "POST",
1869
+ body: input,
1870
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1871
+ });
1872
+ };
1873
+ const revokeGrant = deleteGrant;
1874
+ return {
1875
+ /**
1876
+ * List audience registry entries.
1877
+ */
1878
+ listRegistry,
1879
+ /**
1880
+ * @deprecated Use listRegistry.
1881
+ */
1882
+ getRegistry,
1883
+ /**
1884
+ * Create an audience registry entry.
1885
+ */
1886
+ createRegistryEntry,
1887
+ /**
1888
+ * Update an audience registry entry.
1889
+ */
1890
+ updateRegistryEntry,
1891
+ /**
1892
+ * @deprecated Use createRegistryEntry or updateRegistryEntry.
1893
+ */
1894
+ upsertRegistry,
1895
+ /**
1896
+ * List audience grants.
1897
+ */
1898
+ listGrants,
1899
+ /**
1900
+ * @deprecated Use listGrants.
1901
+ */
1902
+ getGrants,
1903
+ /**
1904
+ * Create an audience grant.
1905
+ */
1906
+ createGrant,
1907
+ /**
1908
+ * @deprecated Use createGrant.
1909
+ */
1910
+ grant,
1911
+ /**
1912
+ * Delete an audience grant by revoking it.
1913
+ */
1914
+ deleteGrant,
1915
+ /**
1916
+ * @deprecated Use deleteGrant.
1917
+ */
1918
+ revokeGrant
1919
+ };
1920
+ }
1921
+
1922
+ // src/auditClient.ts
1923
+ function createAuditClient(config = {}) {
1924
+ const gateway = createGatewayRequestClient(config);
1925
+ return {
1926
+ /**
1927
+ * List audit events for the current scope.
1928
+ */
1929
+ async listEvents(query5 = {}) {
1930
+ return gateway.request({
1931
+ path: `/api/platform/v1/audit/events${toQueryString(
1932
+ normalizeTopicQuery(query5)
1933
+ )}`
1934
+ }).then(
1935
+ (response) => mapGatewayData(
1936
+ response,
1937
+ (data) => createListResult(Array.isArray(data) ? data : [], "events")
1938
+ )
1939
+ );
1940
+ }
1941
+ };
1942
+ }
1943
+
1944
+ // src/authDeviceClient.ts
1945
+ var DeviceAuthorizationError = class extends Error {
1946
+ error;
1947
+ interval;
1948
+ constructor(args) {
1949
+ super(args.description ?? args.error);
1950
+ this.name = "DeviceAuthorizationError";
1951
+ this.error = args.error;
1952
+ this.interval = args.interval;
1953
+ }
1954
+ };
1955
+ function authBaseUrl(config) {
1956
+ return config.baseUrl?.replace(/\/+$/, "") ?? "";
1957
+ }
1958
+ async function readJson(response) {
1959
+ try {
1960
+ const payload = await response.json();
1961
+ return isRecord4(payload) ? payload : {};
1962
+ } catch (error) {
1963
+ return unreadableJsonBodyFallback();
1964
+ }
1965
+ }
1966
+ function unreadableJsonBodyFallback(_error) {
1967
+ return {};
1968
+ }
1969
+ function isRecord4(value) {
1970
+ return value !== null && typeof value === "object" && !Array.isArray(value);
1971
+ }
1972
+ function readString(value) {
1973
+ const normalized = typeof value === "string" ? value.trim() : "";
1974
+ return normalized || void 0;
1975
+ }
1976
+ function assertDeviceCodeResponse(payload) {
1977
+ const deviceCode = readString(payload.device_code);
1978
+ const userCode = readString(payload.user_code);
1979
+ const verificationUri = readString(payload.verification_uri);
1980
+ const verificationUriComplete = readString(payload.verification_uri_complete);
1981
+ const expiresIn = payload.expires_in;
1982
+ const interval = payload.interval;
1983
+ if (!deviceCode || !userCode || !verificationUri || !verificationUriComplete || typeof expiresIn !== "number" || typeof interval !== "number") {
1984
+ throw new Error("Gateway returned an invalid device-code response.");
1985
+ }
1986
+ return {
1987
+ device_code: deviceCode,
1988
+ user_code: userCode,
1989
+ verification_uri: verificationUri,
1990
+ verification_uri_complete: verificationUriComplete,
1991
+ expires_in: expiresIn,
1992
+ interval
1993
+ };
1994
+ }
1995
+ function assertDeviceTokenResponse(payload) {
1257
1996
  const accessToken = readString(payload.access_token);
1258
1997
  const tokenType = readString(payload.token_type);
1259
1998
  const scope = readString(payload.scope);
@@ -1270,7 +2009,7 @@ function assertDeviceTokenResponse(payload) {
1270
2009
  tenant_id: tenantId,
1271
2010
  workspace_id: readString(payload.workspace_id),
1272
2011
  principal_id: principalId,
1273
- user: isRecord3(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
2012
+ user: isRecord4(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
1274
2013
  id: payload.user.id,
1275
2014
  principalId: payload.user.principalId
1276
2015
  } : void 0
@@ -1609,67 +2348,12 @@ function createEvidenceClient(config = {}) {
1609
2348
  beliefId,
1610
2349
  evidence,
1611
2350
  config: classificationConfig
1612
- },
1613
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1614
- });
1615
- }
1616
- };
1617
- }
1618
-
1619
- // src/boundaryClientSurface.ts
1620
- function cleanOptionalString(value) {
1621
- const normalized = value?.trim();
1622
- return normalized ? normalized : void 0;
1623
- }
1624
- function isRecord4(value) {
1625
- return Boolean(value) && typeof value === "object" && !Array.isArray(value);
1626
- }
1627
- function cleanRequiredString(value, label) {
1628
- const normalized = cleanOptionalString(value);
1629
- if (!normalized) {
1630
- throw new Error(`${label} is required`);
1631
- }
1632
- return normalized;
1633
- }
1634
- function readTopicId(input) {
1635
- return cleanOptionalString(input.topicId) ?? cleanOptionalString(input.projectId);
1636
- }
1637
- function requireTopicId(input) {
1638
- const topicId = readTopicId(input);
1639
- if (!topicId) {
1640
- throw new Error("topicId is required");
1641
- }
1642
- return topicId;
1643
- }
1644
- function assertKnownKeys(input, allowed, operation) {
1645
- const allowedSet = new Set(allowed);
1646
- const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1647
- if (unknownKeys.length > 0) {
1648
- throw new Error(
1649
- `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1650
- );
1651
- }
1652
- }
1653
- function knownPayload(input, allowed, operation) {
1654
- assertKnownKeys(input, allowed, operation);
1655
- return { ...input };
1656
- }
1657
- function topicPayload(input, allowed, operation) {
1658
- assertKnownKeys(input, allowed, operation);
1659
- return {
1660
- ...input,
1661
- topicId: requireTopicId(input),
1662
- projectId: void 0
2351
+ },
2352
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2353
+ });
2354
+ }
1663
2355
  };
1664
2356
  }
1665
- function listResultFromEnvelope(data, legacyKey) {
1666
- const record = isRecord4(data) ? data : {};
1667
- const legacyItems = record[legacyKey];
1668
- return createListResult(
1669
- Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
1670
- legacyKey
1671
- );
1672
- }
1673
2357
 
1674
2358
  // src/eventingClient.ts
1675
2359
  var EVENTING_FIELDS = [
@@ -2278,419 +2962,151 @@ function createGraphClient(config = {}) {
2278
2962
  },
2279
2963
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2280
2964
  });
2281
- },
2282
- /**
2283
- * Permanently delete a node via the admin-only hard-delete route.
2284
- */
2285
- async hardDeleteNode(input, idempotencyKey) {
2286
- return gateway.request({
2287
- path: "/api/platform/v1/graph/nodes/hard-delete",
2288
- method: "POST",
2289
- body: input,
2290
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2291
- });
2292
- },
2293
- /**
2294
- * List graph edges matching the provided filters.
2295
- */
2296
- async listEdges(query5) {
2297
- return gateway.request({
2298
- path: `/api/platform/v1/graph/edges${toQueryString(
2299
- normalizeTopicQuery(query5)
2300
- )}`
2301
- }).then(
2302
- (response) => mapGatewayData(
2303
- response,
2304
- (data) => mapAliasedList(data, "edges")
2305
- )
2306
- );
2307
- },
2308
- /**
2309
- * Create a graph edge.
2310
- */
2311
- async createEdge(input, idempotencyKey) {
2312
- return gateway.request({
2313
- path: "/api/platform/v1/graph/edges",
2314
- method: "POST",
2315
- body: normalizeTopicQuery(input),
2316
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2317
- });
2318
- },
2319
- /**
2320
- * Delete one or more edges matching the provided filter.
2321
- */
2322
- async deleteEdge(query5, idempotencyKey) {
2323
- return gateway.request({
2324
- path: `/api/platform/v1/graph/edges${toQueryString(query5)}`,
2325
- method: "DELETE",
2326
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2327
- });
2328
- },
2329
- /**
2330
- * Retrieve a graph neighborhood around a root node.
2331
- */
2332
- async neighborhood(query5) {
2333
- return gateway.request({
2334
- path: `/api/platform/v1/graph/neighborhood${toQueryString(query5)}`
2335
- });
2336
- },
2337
- /**
2338
- * Traverse the graph from a starting node.
2339
- */
2340
- async traverse(query5) {
2341
- return gateway.request({
2342
- path: "/api/platform/v1/graph/traverse",
2343
- method: "POST",
2344
- body: normalizeTopicQuery(query5)
2345
- });
2346
- },
2347
- /**
2348
- * Analyze graph structure for a topic.
2349
- */
2350
- async analyze(query5 = {}) {
2351
- const normalized = normalizeTopicQuery(query5);
2352
- return gateway.request({
2353
- path: `/api/platform/v1/graph/analyze${toQueryString({
2354
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2355
- metric: typeof normalized.metric === "string" ? normalized.metric : void 0,
2356
- limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2357
- })}`
2358
- });
2359
- },
2360
- /**
2361
- * Detect confirmation-bias patterns for a topic graph.
2362
- */
2363
- async bias(query5 = {}) {
2364
- const normalized = normalizeTopicQuery(query5);
2365
- return gateway.request({
2366
- path: `/api/platform/v1/graph/bias${toQueryString({
2367
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2368
- threshold: typeof normalized.threshold === "number" ? normalized.threshold : void 0,
2369
- limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2370
- })}`
2371
- });
2372
- },
2373
- /**
2374
- * Find graph gaps for beliefs that still need testing.
2375
- */
2376
- async gaps(query5) {
2377
- const normalized = normalizeTopicQuery(query5);
2378
- return gateway.request({
2379
- path: `/api/platform/v1/graph/gaps${toQueryString({
2380
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2381
- minConfidence: typeof normalized.minConfidence === "number" ? normalized.minConfidence : void 0
2382
- })}`
2383
- });
2384
- },
2385
- /**
2386
- * Search across graph resources within a topic.
2387
- */
2388
- async search(query5) {
2389
- return gateway.request({
2390
- path: "/api/platform/v1/search",
2391
- method: "POST",
2392
- body: normalizeTopicQuery(query5)
2393
- });
2394
- },
2395
- /**
2396
- * Retrieve the shortest known path between two graph nodes.
2397
- */
2398
- async getPath(query5) {
2399
- return gateway.request({
2400
- path: `/api/platform/v1/graph/path${toQueryString(query5)}`
2401
- });
2402
- },
2403
- /**
2404
- * Retrieve graph analytics for the requested metric.
2405
- */
2406
- async getAnalytics(query5 = {}) {
2407
- return gateway.request({
2408
- path: `/api/platform/v1/graph/analytics${toQueryString(query5)}`
2409
- });
2410
- }
2411
- };
2412
- return Object.assign(client, {
2413
- queryNodes: client.listNodes,
2414
- queryEdges: client.listEdges,
2415
- getNeighborhood: client.neighborhood
2416
- });
2417
- }
2418
-
2419
- // src/identityClient.ts
2420
- function createIdentityWhoamiClient(config = {}) {
2421
- const gateway = createGatewayRequestClient(config);
2422
- return {
2423
- async whoami() {
2424
- return gateway.request({
2425
- path: "/api/platform/v1/identity/whoami"
2426
- });
2427
- }
2428
- };
2429
- }
2430
- var TENANT_IDENTITY_FIELDS = [
2431
- "tenantId",
2432
- "workspaceId",
2433
- "principalId",
2434
- "integrationKey",
2435
- "secretRef",
2436
- "policySubject",
2437
- "policyAction",
2438
- "policyResource",
2439
- "decision",
2440
- "config",
2441
- "configKey",
2442
- "configValue",
2443
- "provider",
2444
- "status",
2445
- "metadata",
2446
- "limit",
2447
- "cursor"
2448
- ];
2449
- function tenantIdentityQuery(input) {
2450
- return {
2451
- tenantId: cleanRequiredString(input.tenantId, "tenantId"),
2452
- workspaceId: input.workspaceId,
2453
- principalId: input.principalId,
2454
- limit: input.limit,
2455
- cursor: input.cursor
2456
- };
2457
- }
2458
- function tenantIdentityBody(input, operation) {
2459
- return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
2460
- }
2461
- function createIdentityClient(config = {}) {
2462
- const gateway = createGatewayRequestClient(config);
2463
- const whoamiClient = createIdentityWhoamiClient(config);
2464
- const requestPrincipalWrite = (method, input, idempotencyKey) => gateway.request({
2465
- path: "/api/platform/v1/identity/principals",
2466
- method,
2467
- body: input,
2468
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2469
- });
2470
- const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
2471
- const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
2472
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
2473
- method: "POST",
2474
- body: input,
2475
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2476
- });
2477
- return {
2478
- /**
2479
- * Resolve the current authenticated identity summary.
2480
- */
2481
- async whoami() {
2482
- return whoamiClient.whoami().then(
2483
- (response) => mapGatewayData(response, (data) => ({
2484
- principalId: data.principalId,
2485
- principalType: data.principalType,
2486
- tenantId: data.tenantId ?? null,
2487
- workspaceId: data.workspaceId ?? null,
2488
- scopes: Array.isArray(data.scopes) ? data.scopes : [],
2489
- roles: Array.isArray(data.roles) ? data.roles : [],
2490
- isPlatformAdmin: data.isPlatformAdmin === true,
2491
- isTenantAdmin: data.isTenantAdmin === true,
2492
- isWorkspaceAdmin: data.isWorkspaceAdmin === true,
2493
- authMode: data.authMode,
2494
- sessionId: data.sessionId,
2495
- delegatedBy: data.delegatedBy,
2496
- expiresAt: data.expiresAt
2497
- }))
2498
- );
2499
- },
2500
- /**
2501
- * List principals in the current identity scope.
2502
- */
2503
- async listPrincipals(query5 = {}) {
2504
- return gateway.request({
2505
- path: `/api/platform/v1/identity/principals${toQueryString(query5)}`
2506
- }).then(
2507
- (response) => mapGatewayData(
2508
- response,
2509
- (data) => createListResult(
2510
- Array.isArray(data) ? data : [],
2511
- "principals"
2512
- )
2513
- )
2514
- );
2515
- },
2516
- /**
2517
- * Create a principal.
2518
- */
2519
- async createPrincipal(input, idempotencyKey) {
2520
- return requestPrincipalWrite("POST", input, idempotencyKey);
2521
- },
2522
- /**
2523
- * Update a principal.
2524
- */
2525
- updatePrincipal,
2965
+ },
2526
2966
  /**
2527
- * @deprecated Use createPrincipal or updatePrincipal.
2967
+ * Permanently delete a node via the admin-only hard-delete route.
2528
2968
  */
2529
- upsertPrincipal: updatePrincipal,
2969
+ async hardDeleteNode(input, idempotencyKey) {
2970
+ return gateway.request({
2971
+ path: "/api/platform/v1/graph/nodes/hard-delete",
2972
+ method: "POST",
2973
+ body: input,
2974
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2975
+ });
2976
+ },
2530
2977
  /**
2531
- * List keys in the current identity scope.
2978
+ * List graph edges matching the provided filters.
2532
2979
  */
2533
- async listKeys(query5 = {}) {
2980
+ async listEdges(query5) {
2534
2981
  return gateway.request({
2535
- path: `/api/platform/v1/identity/keys${toQueryString(query5)}`
2982
+ path: `/api/platform/v1/graph/edges${toQueryString(
2983
+ normalizeTopicQuery(query5)
2984
+ )}`
2536
2985
  }).then(
2537
2986
  (response) => mapGatewayData(
2538
2987
  response,
2539
- (data) => createListResult(Array.isArray(data) ? data : [], "keys")
2988
+ (data) => mapAliasedList(data, "edges")
2540
2989
  )
2541
2990
  );
2542
2991
  },
2543
2992
  /**
2544
- * Create an API key.
2993
+ * Create a graph edge.
2545
2994
  */
2546
- async createKey(input, idempotencyKey) {
2995
+ async createEdge(input, idempotencyKey) {
2547
2996
  return gateway.request({
2548
- path: "/api/platform/v1/identity/keys",
2997
+ path: "/api/platform/v1/graph/edges",
2549
2998
  method: "POST",
2550
- body: input,
2999
+ body: normalizeTopicQuery(input),
2551
3000
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2552
3001
  });
2553
3002
  },
2554
3003
  /**
2555
- * Rotate an API key.
3004
+ * Delete one or more edges matching the provided filter.
2556
3005
  */
2557
- async rotateKey(keyId, input = {}, idempotencyKey) {
3006
+ async deleteEdge(query5, idempotencyKey) {
2558
3007
  return gateway.request({
2559
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/rotate`,
2560
- method: "POST",
2561
- body: input,
3008
+ path: `/api/platform/v1/graph/edges${toQueryString(query5)}`,
3009
+ method: "DELETE",
2562
3010
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2563
3011
  });
2564
3012
  },
2565
3013
  /**
2566
- * Delete an API key by revoking it.
2567
- */
2568
- deleteKey,
2569
- /**
2570
- * @deprecated Use deleteKey.
2571
- */
2572
- revokeKey: deleteKey,
2573
- /**
2574
- * Search Clerk users by email or display attributes.
3014
+ * Retrieve a graph neighborhood around a root node.
2575
3015
  */
2576
- async searchClerkUsers(q) {
3016
+ async neighborhood(query5) {
2577
3017
  return gateway.request({
2578
- path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
3018
+ path: `/api/platform/v1/graph/neighborhood${toQueryString(query5)}`
2579
3019
  });
2580
3020
  },
2581
- async getTenantConfig(input) {
3021
+ /**
3022
+ * Traverse the graph from a starting node.
3023
+ */
3024
+ async traverse(query5) {
2582
3025
  return gateway.request({
2583
- path: `/api/platform/v1/identity/tenant-config${toQueryString(
2584
- tenantIdentityQuery(input)
2585
- )}`
3026
+ path: "/api/platform/v1/graph/traverse",
3027
+ method: "POST",
3028
+ body: normalizeTopicQuery(query5)
2586
3029
  });
2587
3030
  },
2588
- async updateTenantConfig(input, idempotencyKey) {
2589
- cleanRequiredString(input.tenantId, "tenantId");
3031
+ /**
3032
+ * Analyze graph structure for a topic.
3033
+ */
3034
+ async analyze(query5 = {}) {
3035
+ const normalized = normalizeTopicQuery(query5);
2590
3036
  return gateway.request({
2591
- path: "/api/platform/v1/identity/tenant-config",
2592
- method: "PATCH",
2593
- body: tenantIdentityBody(
2594
- input,
2595
- "identity.updateTenantConfig"
2596
- ),
2597
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3037
+ path: `/api/platform/v1/graph/analyze${toQueryString({
3038
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
3039
+ metric: typeof normalized.metric === "string" ? normalized.metric : void 0,
3040
+ limit: typeof normalized.limit === "number" ? normalized.limit : void 0
3041
+ })}`
2598
3042
  });
2599
3043
  },
2600
- async listIntegrations(input) {
2601
- return gateway.request({
2602
- path: `/api/platform/v1/identity/integrations${toQueryString(
2603
- tenantIdentityQuery(input)
2604
- )}`
2605
- }).then(
2606
- (response) => mapGatewayData(
2607
- response,
2608
- (data) => listResultFromEnvelope(
2609
- data,
2610
- "integrations"
2611
- )
2612
- )
2613
- );
2614
- },
2615
- async upsertIntegration(input, idempotencyKey) {
2616
- cleanRequiredString(input.tenantId, "tenantId");
2617
- cleanRequiredString(input.integrationKey, "integrationKey");
3044
+ /**
3045
+ * Detect confirmation-bias patterns for a topic graph.
3046
+ */
3047
+ async bias(query5 = {}) {
3048
+ const normalized = normalizeTopicQuery(query5);
2618
3049
  return gateway.request({
2619
- path: "/api/platform/v1/identity/integrations",
2620
- method: "PUT",
2621
- body: tenantIdentityBody(
2622
- input,
2623
- "identity.upsertIntegration"
2624
- ),
2625
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3050
+ path: `/api/platform/v1/graph/bias${toQueryString({
3051
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
3052
+ threshold: typeof normalized.threshold === "number" ? normalized.threshold : void 0,
3053
+ limit: typeof normalized.limit === "number" ? normalized.limit : void 0
3054
+ })}`
2626
3055
  });
2627
3056
  },
2628
- async listSecrets(input) {
3057
+ /**
3058
+ * Find graph gaps for beliefs that still need testing.
3059
+ */
3060
+ async gaps(query5) {
3061
+ const normalized = normalizeTopicQuery(query5);
2629
3062
  return gateway.request({
2630
- path: `/api/platform/v1/identity/secrets${toQueryString(
2631
- tenantIdentityQuery(input)
2632
- )}`
2633
- }).then(
2634
- (response) => mapGatewayData(
2635
- response,
2636
- (data) => listResultFromEnvelope(
2637
- data,
2638
- "secrets"
2639
- )
2640
- )
2641
- );
3063
+ path: `/api/platform/v1/graph/gaps${toQueryString({
3064
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
3065
+ minConfidence: typeof normalized.minConfidence === "number" ? normalized.minConfidence : void 0
3066
+ })}`
3067
+ });
2642
3068
  },
2643
- async putSecretReference(input, idempotencyKey) {
2644
- cleanRequiredString(input.tenantId, "tenantId");
2645
- cleanRequiredString(input.secretRef, "secretRef");
3069
+ /**
3070
+ * Search across graph resources within a topic.
3071
+ */
3072
+ async search(query5) {
2646
3073
  return gateway.request({
2647
- path: "/api/platform/v1/identity/secrets",
2648
- method: "PUT",
2649
- body: tenantIdentityBody(
2650
- input,
2651
- "identity.putSecretReference"
2652
- ),
2653
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3074
+ path: "/api/platform/v1/search",
3075
+ method: "POST",
3076
+ body: normalizeTopicQuery(query5)
2654
3077
  });
2655
3078
  },
2656
- async evaluatePolicy(input, idempotencyKey) {
2657
- cleanRequiredString(input.tenantId, "tenantId");
2658
- cleanRequiredString(input.policySubject, "policySubject");
2659
- cleanRequiredString(input.policyAction, "policyAction");
2660
- cleanRequiredString(input.policyResource, "policyResource");
3079
+ /**
3080
+ * Retrieve the shortest known path between two graph nodes.
3081
+ */
3082
+ async getPath(query5) {
2661
3083
  return gateway.request({
2662
- path: "/api/platform/v1/identity/policy/evaluate",
2663
- method: "POST",
2664
- body: tenantIdentityBody(
2665
- input,
2666
- "identity.evaluatePolicy"
2667
- ),
2668
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3084
+ path: `/api/platform/v1/graph/path${toQueryString(query5)}`
2669
3085
  });
2670
3086
  },
2671
- async recordPolicyDecision(input, idempotencyKey) {
2672
- cleanRequiredString(input.tenantId, "tenantId");
2673
- cleanRequiredString(input.decision, "decision");
3087
+ /**
3088
+ * Retrieve graph analytics for the requested metric.
3089
+ */
3090
+ async getAnalytics(query5 = {}) {
2674
3091
  return gateway.request({
2675
- path: "/api/platform/v1/identity/policy/decisions",
2676
- method: "POST",
2677
- body: tenantIdentityBody(
2678
- input,
2679
- "identity.recordPolicyDecision"
2680
- ),
2681
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3092
+ path: `/api/platform/v1/graph/analytics${toQueryString(query5)}`
2682
3093
  });
2683
3094
  }
2684
3095
  };
3096
+ return Object.assign(client, {
3097
+ queryNodes: client.listNodes,
3098
+ queryEdges: client.listEdges,
3099
+ getNeighborhood: client.neighborhood
3100
+ });
2685
3101
  }
2686
3102
 
2687
3103
  // src/topicsClient.ts
2688
- function cleanString3(value) {
3104
+ function cleanString5(value) {
2689
3105
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
2690
3106
  }
2691
3107
  function normalizeTopicRecord(value) {
2692
3108
  const record = asRecord(value);
2693
- const topicId = cleanString3(record.topicId) ?? cleanString3(record.id) ?? cleanString3(record._id);
3109
+ const topicId = cleanString5(record.topicId) ?? cleanString5(record.id) ?? cleanString5(record._id);
2694
3110
  return withTopicAlias({
2695
3111
  ...record,
2696
3112
  ...topicId ? { topicId } : {}
@@ -3409,6 +3825,8 @@ function createTasksFacade(config = {}) {
3409
3825
  description: input.description,
3410
3826
  priority: input.priority,
3411
3827
  status: input.status,
3828
+ assigneeId: input.assigneeId,
3829
+ blockedReason: input.blockedReason,
3412
3830
  linkedBeliefId: input.linkedBeliefId,
3413
3831
  linkedQuestionId: input.linkedQuestionId,
3414
3832
  linkedWorktreeId: input.linkedWorktreeId,
@@ -3903,7 +4321,7 @@ function createEmbeddingsClient(config = {}) {
3903
4321
  }
3904
4322
 
3905
4323
  // src/contextClient.ts
3906
- function cleanString4(value) {
4324
+ function cleanString6(value) {
3907
4325
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
3908
4326
  }
3909
4327
  function cleanNumber(value) {
@@ -3915,11 +4333,11 @@ function cleanBoolean(value) {
3915
4333
  function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3916
4334
  const effectiveInput = typeof topicIdOrInput === "string" ? input : topicIdOrInput;
3917
4335
  const payload = {};
3918
- const topicId = typeof topicIdOrInput === "string" ? cleanString4(topicIdOrInput) : cleanString4(effectiveInput.topicId);
4336
+ const topicId = typeof topicIdOrInput === "string" ? cleanString6(topicIdOrInput) : cleanString6(effectiveInput.topicId);
3919
4337
  if (topicId) {
3920
4338
  payload.topicId = topicId;
3921
4339
  }
3922
- const query5 = cleanString4(effectiveInput.query);
4340
+ const query5 = cleanString6(effectiveInput.query);
3923
4341
  if (query5) {
3924
4342
  payload.query = query5;
3925
4343
  }
@@ -3927,7 +4345,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3927
4345
  if (budget !== void 0) {
3928
4346
  payload.budget = budget;
3929
4347
  }
3930
- const ranking = cleanString4(effectiveInput.ranking) ?? cleanString4(effectiveInput.rankingProfile);
4348
+ const ranking = cleanString6(effectiveInput.ranking) ?? cleanString6(effectiveInput.rankingProfile);
3931
4349
  if (ranking) {
3932
4350
  payload.ranking = ranking;
3933
4351
  }
@@ -3943,7 +4361,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3943
4361
  if (includeEntities !== void 0) {
3944
4362
  payload.includeEntities = includeEntities;
3945
4363
  }
3946
- const mode = cleanString4(effectiveInput.mode);
4364
+ const mode = cleanString6(effectiveInput.mode);
3947
4365
  if (mode) {
3948
4366
  payload.mode = mode;
3949
4367
  }
@@ -3951,11 +4369,11 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3951
4369
  if (includeFailures !== void 0) {
3952
4370
  payload.includeFailures = includeFailures;
3953
4371
  }
3954
- const worktreeId = cleanString4(effectiveInput.worktreeId);
4372
+ const worktreeId = cleanString6(effectiveInput.worktreeId);
3955
4373
  if (worktreeId) {
3956
4374
  payload.worktreeId = worktreeId;
3957
4375
  }
3958
- const sessionId = cleanString4(effectiveInput.sessionId);
4376
+ const sessionId = cleanString6(effectiveInput.sessionId);
3959
4377
  if (sessionId) {
3960
4378
  payload.sessionId = sessionId;
3961
4379
  }
@@ -4841,7 +5259,8 @@ function createMcpClient(config = {}) {
4841
5259
  transportKind: input.transportKind,
4842
5260
  sessionId: input.sessionId,
4843
5261
  agentIdentity: input.agentIdentity,
4844
- workspaceId: input.workspaceId
5262
+ workspaceId: input.workspaceId,
5263
+ worktreeId: input.worktreeId
4845
5264
  };
4846
5265
  return gateway.request({
4847
5266
  path: `${MCP_GATEWAY_BOOTSTRAP_ENDPOINT}${toQueryString(scope)}`,
@@ -4932,8 +5351,11 @@ var CONTRACTS = {
4932
5351
  "apply_lens_to_topic": { method: "POST", path: "/lenses/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
4933
5352
  "apply_ontology": { method: "POST", path: "/ontologies/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
4934
5353
  "archive_belief": { method: "DELETE", path: "/beliefs", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5354
+ "archive_epistemic_node": { method: "POST", path: "/nodes/archive", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4935
5355
  "archive_ontology": { method: "DELETE", path: "/ontologies", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
4936
5356
  "archive_question": { method: "DELETE", path: "/questions", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5357
+ "batch_create_edges": { method: "POST", path: "/edges/batch", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5358
+ "batch_create_epistemic_nodes": { method: "POST", path: "/nodes/batch", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4937
5359
  "begin_build_session": { method: "POST", path: "/mcp/build-session/begin", kind: "mutation", idempotent: true, surfaceIntent: "system" },
4938
5360
  "bisect_confidence": { method: "POST", path: "/beliefs/confidence/bisect", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4939
5361
  "broadcast_message": { method: "POST", path: "/coordination/messages/broadcast", kind: "mutation", idempotent: true, surfaceIntent: "system" },
@@ -4945,6 +5367,7 @@ var CONTRACTS = {
4945
5367
  "create_belief": { method: "POST", path: "/beliefs", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4946
5368
  "create_edge": { method: "POST", path: "/edges", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
4947
5369
  "create_epistemic_contract": { method: "POST", path: "/contracts", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5370
+ "create_epistemic_node": { method: "POST", path: "/nodes", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4948
5371
  "create_evidence": { method: "POST", path: "/evidence", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4949
5372
  "create_lens": { method: "POST", path: "/lenses", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
4950
5373
  "create_ontology": { method: "POST", path: "/ontologies", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
@@ -4972,6 +5395,7 @@ var CONTRACTS = {
4972
5395
  "get_code_context": { method: "POST", path: "/coding/context", kind: "query", idempotent: false, surfaceIntent: "system" },
4973
5396
  "get_confidence_history": { method: "POST", path: "/beliefs/confidence-history", kind: "query", idempotent: false, surfaceIntent: "compatibility" },
4974
5397
  "get_contract_status": { method: "POST", path: "/contracts/status", kind: "query", idempotent: false, surfaceIntent: "mcp_governance" },
5398
+ "get_epistemic_node": { method: "GET", path: "/nodes/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4975
5399
  "get_evidence": { method: "GET", path: "/evidence/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4976
5400
  "get_failure_log": { method: "POST", path: "/coding/failure-log", kind: "query", idempotent: false, surfaceIntent: "system" },
4977
5401
  "get_falsification_questions": { method: "POST", path: "/questions/falsification", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
@@ -4985,6 +5409,7 @@ var CONTRACTS = {
4985
5409
  "get_question": { method: "GET", path: "/questions/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4986
5410
  "get_topic": { method: "GET", path: "/topics/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4987
5411
  "get_topic_coverage": { method: "POST", path: "/graph/topic-coverage", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5412
+ "get_topic_graph_spine": { method: "GET", path: "/topics/graph-spine", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4988
5413
  "get_topic_tree": { method: "GET", path: "/topics/tree", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4989
5414
  "heartbeat_session": { method: "POST", path: "/coordination/heartbeat-session", kind: "mutation", idempotent: true, surfaceIntent: "system" },
4990
5415
  "identity_whoami": { method: "GET", path: "/identity/whoami", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
@@ -4996,6 +5421,7 @@ var CONTRACTS = {
4996
5421
  "list_all_worktrees": { method: "GET", path: "/worktrees/all", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
4997
5422
  "list_beliefs": { method: "GET", path: "/beliefs", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4998
5423
  "list_campaigns": { method: "GET", path: "/worktrees/campaigns", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5424
+ "list_epistemic_nodes": { method: "GET", path: "/nodes", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4999
5425
  "list_evidence": { method: "GET", path: "/evidence", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5000
5426
  "list_graph_intelligence_queries": { method: "POST", path: "/graph-intelligence/queries", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5001
5427
  "list_lenses": { method: "GET", path: "/lenses", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
@@ -5006,6 +5432,7 @@ var CONTRACTS = {
5006
5432
  "list_worktrees": { method: "GET", path: "/worktrees", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5007
5433
  "manage_write_policy": { method: "POST", path: "/policy/write-policy/manage", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5008
5434
  "match_entity_type": { method: "POST", path: "/ontologies/match-entity-type", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5435
+ "materialize_topic_graph": { method: "POST", path: "/topics/materialize-graph", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5009
5436
  "merge": { method: "POST", path: "/worktrees/merge", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5010
5437
  "modulate_confidence": { method: "POST", path: "/beliefs/confidence", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5011
5438
  "open_pull_request": { method: "POST", path: "/worktrees/open-pull-request", kind: "mutation", idempotent: true, surfaceIntent: "system" },
@@ -5019,22 +5446,29 @@ var CONTRACTS = {
5019
5446
  "refine_belief": { method: "PATCH", path: "/beliefs/refine", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5020
5447
  "refine_question": { method: "PATCH", path: "/questions/refine", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5021
5448
  "register_session": { method: "POST", path: "/coordination/register-session", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5449
+ "remove_edge": { method: "DELETE", path: "/edges", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5450
+ "remove_edges_between": { method: "DELETE", path: "/edges/between", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5022
5451
  "remove_lens_from_topic": { method: "DELETE", path: "/lenses/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5023
5452
  "resolve_effective_ontology": { method: "POST", path: "/ontologies/effective", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5453
+ "resolve_interactive_principal": { method: "POST", path: "/control-plane/identity/resolve-interactive-principal", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5024
5454
  "run_graph_intelligence_query": { method: "POST", path: "/graph-intelligence/run", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5025
5455
  "search_beliefs": { method: "POST", path: "/beliefs/search", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5026
5456
  "search_evidence": { method: "POST", path: "/evidence/search", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5027
5457
  "seed_belief_lattice": { method: "POST", path: "/scope/belief-lattice/seed", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5028
5458
  "send_agent_message": { method: "POST", path: "/coordination/messages/send", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5459
+ "supersede_epistemic_node": { method: "POST", path: "/nodes/supersede", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5029
5460
  "trace_entity_impact": { method: "POST", path: "/graph/trace-entity-impact", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5030
5461
  "traverse_graph": { method: "POST", path: "/graph/traverse", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5031
5462
  "trigger_belief_review": { method: "POST", path: "/context/belief-review", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5463
+ "update_edge": { method: "PATCH", path: "/edges", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5464
+ "update_epistemic_node": { method: "PATCH", path: "/nodes", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5032
5465
  "update_ontology": { method: "PATCH", path: "/ontologies", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5033
5466
  "update_question_status": { method: "PATCH", path: "/questions/status", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5034
5467
  "update_task": { method: "PATCH", path: "/tasks", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5035
5468
  "update_topic": { method: "PATCH", path: "/topics", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5036
5469
  "update_worktree_metadata": { method: "PATCH", path: "/worktrees/metadata", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5037
- "update_worktree_targets": { method: "PATCH", path: "/worktrees/targets", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" }
5470
+ "update_worktree_targets": { method: "PATCH", path: "/worktrees/targets", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5471
+ "verify_epistemic_node": { method: "POST", path: "/nodes/verify", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" }
5038
5472
  };
5039
5473
  function createSessionId() {
5040
5474
  return typeof crypto !== "undefined" && typeof crypto.randomUUID === "function" ? crypto.randomUUID() : randomIdempotencyKey();
@@ -5102,12 +5536,21 @@ function createFunctionSurfaceClient(config = {}) {
5102
5536
  archiveBelief(input = {}, idempotencyKey) {
5103
5537
  return execute("archive_belief", input, idempotencyKey);
5104
5538
  },
5539
+ archiveEpistemicNode(input = {}, idempotencyKey) {
5540
+ return execute("archive_epistemic_node", input, idempotencyKey);
5541
+ },
5105
5542
  archiveOntology(input = {}, idempotencyKey) {
5106
5543
  return execute("archive_ontology", input, idempotencyKey);
5107
5544
  },
5108
5545
  archiveQuestion(input = {}, idempotencyKey) {
5109
5546
  return execute("archive_question", input, idempotencyKey);
5110
5547
  },
5548
+ batchCreateEdges(input = {}, idempotencyKey) {
5549
+ return execute("batch_create_edges", input, idempotencyKey);
5550
+ },
5551
+ batchCreateEpistemicNodes(input = {}, idempotencyKey) {
5552
+ return execute("batch_create_epistemic_nodes", input, idempotencyKey);
5553
+ },
5111
5554
  beginBuildSession(input = {}, idempotencyKey) {
5112
5555
  return execute("begin_build_session", input, idempotencyKey);
5113
5556
  },
@@ -5141,6 +5584,9 @@ function createFunctionSurfaceClient(config = {}) {
5141
5584
  createEpistemicContract(input = {}, idempotencyKey) {
5142
5585
  return execute("create_epistemic_contract", input, idempotencyKey);
5143
5586
  },
5587
+ createEpistemicNode(input = {}, idempotencyKey) {
5588
+ return execute("create_epistemic_node", input, idempotencyKey);
5589
+ },
5144
5590
  createEvidence(input = {}, idempotencyKey) {
5145
5591
  return execute("create_evidence", input, idempotencyKey);
5146
5592
  },
@@ -5222,6 +5668,9 @@ function createFunctionSurfaceClient(config = {}) {
5222
5668
  getContractStatus(input = {}, idempotencyKey) {
5223
5669
  return execute("get_contract_status", input, idempotencyKey);
5224
5670
  },
5671
+ getEpistemicNode(input = {}, idempotencyKey) {
5672
+ return execute("get_epistemic_node", input, idempotencyKey);
5673
+ },
5225
5674
  getEvidence(input = {}, idempotencyKey) {
5226
5675
  return execute("get_evidence", input, idempotencyKey);
5227
5676
  },
@@ -5261,6 +5710,9 @@ function createFunctionSurfaceClient(config = {}) {
5261
5710
  getTopicCoverage(input = {}, idempotencyKey) {
5262
5711
  return execute("get_topic_coverage", input, idempotencyKey);
5263
5712
  },
5713
+ getTopicGraphSpine(input = {}, idempotencyKey) {
5714
+ return execute("get_topic_graph_spine", input, idempotencyKey);
5715
+ },
5264
5716
  getTopicTree(input = {}, idempotencyKey) {
5265
5717
  return execute("get_topic_tree", input, idempotencyKey);
5266
5718
  },
@@ -5294,6 +5746,9 @@ function createFunctionSurfaceClient(config = {}) {
5294
5746
  listCampaigns(input = {}, idempotencyKey) {
5295
5747
  return execute("list_campaigns", input, idempotencyKey);
5296
5748
  },
5749
+ listEpistemicNodes(input = {}, idempotencyKey) {
5750
+ return execute("list_epistemic_nodes", input, idempotencyKey);
5751
+ },
5297
5752
  listEvidence(input = {}, idempotencyKey) {
5298
5753
  return execute("list_evidence", input, idempotencyKey);
5299
5754
  },
@@ -5324,6 +5779,9 @@ function createFunctionSurfaceClient(config = {}) {
5324
5779
  matchEntityType(input = {}, idempotencyKey) {
5325
5780
  return execute("match_entity_type", input, idempotencyKey);
5326
5781
  },
5782
+ materializeTopicGraph(input = {}, idempotencyKey) {
5783
+ return execute("materialize_topic_graph", input, idempotencyKey);
5784
+ },
5327
5785
  merge(input = {}, idempotencyKey) {
5328
5786
  return execute("merge", input, idempotencyKey);
5329
5787
  },
@@ -5363,12 +5821,21 @@ function createFunctionSurfaceClient(config = {}) {
5363
5821
  registerSession(input = {}, idempotencyKey) {
5364
5822
  return execute("register_session", input, idempotencyKey);
5365
5823
  },
5824
+ removeEdge(input = {}, idempotencyKey) {
5825
+ return execute("remove_edge", input, idempotencyKey);
5826
+ },
5827
+ removeEdgesBetween(input = {}, idempotencyKey) {
5828
+ return execute("remove_edges_between", input, idempotencyKey);
5829
+ },
5366
5830
  removeLensFromTopic(input = {}, idempotencyKey) {
5367
5831
  return execute("remove_lens_from_topic", input, idempotencyKey);
5368
5832
  },
5369
5833
  resolveEffectiveOntology(input = {}, idempotencyKey) {
5370
5834
  return execute("resolve_effective_ontology", input, idempotencyKey);
5371
5835
  },
5836
+ resolveInteractivePrincipal(input = {}, idempotencyKey) {
5837
+ return execute("resolve_interactive_principal", input, idempotencyKey);
5838
+ },
5372
5839
  runGraphIntelligenceQuery(input = {}, idempotencyKey) {
5373
5840
  return execute("run_graph_intelligence_query", input, idempotencyKey);
5374
5841
  },
@@ -5384,6 +5851,9 @@ function createFunctionSurfaceClient(config = {}) {
5384
5851
  sendAgentMessage(input = {}, idempotencyKey) {
5385
5852
  return execute("send_agent_message", input, idempotencyKey);
5386
5853
  },
5854
+ supersedeEpistemicNode(input = {}, idempotencyKey) {
5855
+ return execute("supersede_epistemic_node", input, idempotencyKey);
5856
+ },
5387
5857
  traceEntityImpact(input = {}, idempotencyKey) {
5388
5858
  return execute("trace_entity_impact", input, idempotencyKey);
5389
5859
  },
@@ -5393,6 +5863,12 @@ function createFunctionSurfaceClient(config = {}) {
5393
5863
  triggerBeliefReview(input = {}, idempotencyKey) {
5394
5864
  return execute("trigger_belief_review", input, idempotencyKey);
5395
5865
  },
5866
+ updateEdge(input = {}, idempotencyKey) {
5867
+ return execute("update_edge", input, idempotencyKey);
5868
+ },
5869
+ updateEpistemicNode(input = {}, idempotencyKey) {
5870
+ return execute("update_epistemic_node", input, idempotencyKey);
5871
+ },
5396
5872
  updateOntology(input = {}, idempotencyKey) {
5397
5873
  return execute("update_ontology", input, idempotencyKey);
5398
5874
  },
@@ -5410,6 +5886,9 @@ function createFunctionSurfaceClient(config = {}) {
5410
5886
  },
5411
5887
  updateWorktreeTargets(input = {}, idempotencyKey) {
5412
5888
  return execute("update_worktree_targets", input, idempotencyKey);
5889
+ },
5890
+ verifyEpistemicNode(input = {}, idempotencyKey) {
5891
+ return execute("verify_epistemic_node", input, idempotencyKey);
5413
5892
  }
5414
5893
  };
5415
5894
  }
@@ -5617,7 +6096,7 @@ var ORG_GRAPH_SEARCH_FIELDS = [
5617
6096
  "cursor",
5618
6097
  "provenanceScope"
5619
6098
  ];
5620
- function cleanString5(value, label) {
6099
+ function cleanString7(value, label) {
5621
6100
  const normalized = value?.trim();
5622
6101
  if (!normalized) {
5623
6102
  throw new Error(`${label} is required`);
@@ -5639,9 +6118,9 @@ function searchBody(input) {
5639
6118
  "orgGraphSearch.search"
5640
6119
  );
5641
6120
  return {
5642
- tenantId: cleanString5(input.tenantId, "tenantId"),
5643
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
5644
- query: cleanString5(input.query, "query"),
6121
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6122
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
6123
+ query: cleanString7(input.query, "query"),
5645
6124
  nodeTypes: input.nodeTypes,
5646
6125
  minConfidence: input.minConfidence,
5647
6126
  limit: input.limit,
@@ -5651,8 +6130,8 @@ function searchBody(input) {
5651
6130
  }
5652
6131
  function listQuery2(input) {
5653
6132
  return {
5654
- tenantId: cleanString5(input.tenantId, "tenantId"),
5655
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
6133
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6134
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
5656
6135
  nodeTypes: input.nodeTypes?.join(","),
5657
6136
  minConfidence: input.minConfidence,
5658
6137
  limit: input.limit,
@@ -5686,8 +6165,8 @@ function createOrgGraphSearchClient(config = {}) {
5686
6165
  return gateway.request({
5687
6166
  path: `/api/platform/v1/org-graph-search/nodes/${nodePath}${toQueryString(
5688
6167
  {
5689
- tenantId: cleanString5(input.tenantId, "tenantId"),
5690
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
6168
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6169
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
5691
6170
  globalId: nodeId ? void 0 : globalId
5692
6171
  }
5693
6172
  )}`
@@ -6260,6 +6739,21 @@ function createSchemaClient(config = {}) {
6260
6739
  }
6261
6740
 
6262
6741
  // src/clientHelpers.ts
6742
+ function normalizeCustomNamespace(namespace) {
6743
+ return namespace.trim() || "custom";
6744
+ }
6745
+ function normalizeCustomToolPayload(input) {
6746
+ return input && typeof input === "object" && !Array.isArray(input) ? input : {};
6747
+ }
6748
+ function resolveCustomToolFullName(name) {
6749
+ return name.includes(".") ? name : `custom.${name}`;
6750
+ }
6751
+ function buildBeliefsRefinePayload(textOrInput, rationale) {
6752
+ return typeof textOrInput === "string" ? { text: textOrInput, rationale } : { text: textOrInput.text, rationale: textOrInput.rationale };
6753
+ }
6754
+ function buildBeliefsArchivePayload(input) {
6755
+ return typeof input === "string" ? { reason: input } : input ? { reason: input.reason ?? input.rationale } : void 0;
6756
+ }
6263
6757
  function asNodeArray(data) {
6264
6758
  const rows = asListItems(data, "nodes");
6265
6759
  if (rows.length > 0) {
@@ -6637,7 +7131,7 @@ function createToolRegistryClient(config = {}) {
6637
7131
  }
6638
7132
 
6639
7133
  // src/version.ts
6640
- var LUCERN_SDK_VERSION = "0.3.0-alpha.8";
7134
+ var LUCERN_SDK_VERSION = "1.0.0";
6641
7135
 
6642
7136
  // src/workflowClient.ts
6643
7137
  function normalizeLensQuery(value) {
@@ -7045,6 +7539,12 @@ function toGatewayConfig(config) {
7045
7539
  return {
7046
7540
  baseUrl: config.baseUrl,
7047
7541
  fetchImpl: config.fetchImpl,
7542
+ apiKey: config.apiKey,
7543
+ userToken: config.userToken,
7544
+ environment: config.environment,
7545
+ clerkId: config.clerkId,
7546
+ userId: config.userId,
7547
+ deploymentHost: config.deploymentHost,
7048
7548
  maxRetries: config.maxRetries,
7049
7549
  timeoutMs: config.timeoutMs,
7050
7550
  timeoutMsByMethod: config.timeoutMsByMethod,
@@ -7053,23 +7553,15 @@ function toGatewayConfig(config) {
7053
7553
  onResponse: config.onResponse,
7054
7554
  authContext: config.authContext,
7055
7555
  requireCanonicalAuthContext: config.requireCanonicalAuthContext,
7056
- getAuthHeaders: async () => {
7057
- const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
7058
- if (config.apiKey && !base["x-lucern-key"] && !base.Authorization) {
7059
- base["x-lucern-key"] = config.apiKey;
7060
- }
7061
- if (config.userToken && !base["x-lucern-session-token"]) {
7062
- base["x-lucern-session-token"] = config.userToken;
7063
- }
7064
- if (config.environment && !base["x-lucern-environment"]) {
7065
- base["x-lucern-environment"] = config.environment;
7066
- }
7067
- return base;
7068
- }
7556
+ getAuthHeaders: config.getAuthHeaders
7069
7557
  };
7070
7558
  }
7071
7559
  function exposeGatewayData(response) {
7072
- return Object.assign({}, response, response.data);
7560
+ const data = response.data;
7561
+ if (data !== null && typeof data === "object" && !Array.isArray(data)) {
7562
+ return Object.assign({}, response, data);
7563
+ }
7564
+ return { ...response };
7073
7565
  }
7074
7566
  function createLucernClient(config = {}) {
7075
7567
  const gatewayConfig = toGatewayConfig(config);
@@ -7090,6 +7582,7 @@ function createLucernClient(config = {}) {
7090
7582
  const auditClient = createAuditClient(gatewayConfig);
7091
7583
  const authDeviceClient = createAuthDeviceClient(gatewayConfig);
7092
7584
  const adminClient = createAdminClient(gatewayConfig);
7585
+ const accessControlClient = createAccessControlClient(gatewayConfig);
7093
7586
  const answersClient = createAnswersClient(gatewayConfig);
7094
7587
  const contradictionsFacade = createContradictionsFacade(gatewayConfig);
7095
7588
  const edgesFacade = createEdgesFacade(gatewayConfig);
@@ -7109,6 +7602,7 @@ function createLucernClient(config = {}) {
7109
7602
  const ontologyLinksClient = createOntologyLinksClient(gatewayConfig);
7110
7603
  const orgGraphSearchClient = createOrgGraphSearchClient(gatewayConfig);
7111
7604
  const functionSurfaceClient = createFunctionSurfaceClient(gatewayConfig);
7605
+ const controlPlaneClient = createControlPlaneClient(gatewayConfig);
7112
7606
  const toolRegistryClient = createToolRegistryClient(gatewayConfig);
7113
7607
  const modelRuntimeClient = createModelRuntimeClient(gatewayConfig);
7114
7608
  const packsClient = createPacksClient(gatewayConfig);
@@ -7158,11 +7652,11 @@ function createLucernClient(config = {}) {
7158
7652
  }
7159
7653
  }
7160
7654
  const invokeCustomTool = async (fullName, input = {}) => {
7161
- const payload = input && typeof input === "object" && !Array.isArray(input) ? input : {};
7655
+ const payload = normalizeCustomToolPayload(input);
7162
7656
  return invokeRegisteredCustomTool(fullName, payload, { source: "sdk" });
7163
7657
  };
7164
7658
  const getCustomNamespace = (namespace) => {
7165
- const normalized = namespace.trim() || "custom";
7659
+ const normalized = normalizeCustomNamespace(namespace);
7166
7660
  const cached = customNamespaceCache.get(normalized);
7167
7661
  if (cached) {
7168
7662
  return cached;
@@ -7480,9 +7974,24 @@ function createLucernClient(config = {}) {
7480
7974
  typeof input === "string" ? { nodeId: input } : input
7481
7975
  );
7482
7976
  },
7483
- create: graphClient.createNode,
7484
- update: graphClient.updateNode,
7485
- batchCreate: graphClient.batchCreateNodes,
7977
+ create(input, idempotencyKey) {
7978
+ return functionSurfaceClient.createEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
7979
+ },
7980
+ createEpistemicNode(input, idempotencyKey) {
7981
+ return functionSurfaceClient.createEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
7982
+ },
7983
+ update(input, idempotencyKey) {
7984
+ return functionSurfaceClient.updateEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
7985
+ },
7986
+ updateEpistemicNode(input, idempotencyKey) {
7987
+ return functionSurfaceClient.updateEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
7988
+ },
7989
+ batchCreate(input, idempotencyKey) {
7990
+ return functionSurfaceClient.batchCreateEpistemicNodes(input, idempotencyKey).then(exposeGatewayData);
7991
+ },
7992
+ batchCreateEpistemicNodes(input, idempotencyKey) {
7993
+ return functionSurfaceClient.batchCreateEpistemicNodes(input, idempotencyKey).then(exposeGatewayData);
7994
+ },
7486
7995
  listByTopicAndType(input) {
7487
7996
  return gateway.request({
7488
7997
  path: `/api/platform/v1/nodes${sdkQueryString({
@@ -7507,8 +8016,15 @@ function createLucernClient(config = {}) {
7507
8016
  })}`
7508
8017
  }).then(exposeGatewayData);
7509
8018
  },
7510
- supersede: graphClient.supersedeNode,
7511
- verify: graphClient.verifyNode,
8019
+ supersede(input, idempotencyKey) {
8020
+ return functionSurfaceClient.supersedeEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8021
+ },
8022
+ verify(input, idempotencyKey) {
8023
+ return functionSurfaceClient.verifyEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8024
+ },
8025
+ archive(input, idempotencyKey) {
8026
+ return functionSurfaceClient.archiveEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8027
+ },
7512
8028
  hardDelete: graphClient.hardDeleteNode
7513
8029
  };
7514
8030
  const publicationNamespace = {
@@ -7622,10 +8138,7 @@ function createLucernClient(config = {}) {
7622
8138
  return beliefsFacade.get(nodeId).then(exposeGatewayData);
7623
8139
  },
7624
8140
  refine(nodeId, textOrInput, rationale) {
7625
- const payload = typeof textOrInput === "string" ? { text: textOrInput, rationale } : {
7626
- text: textOrInput.text,
7627
- rationale: textOrInput.rationale
7628
- };
8141
+ const payload = buildBeliefsRefinePayload(textOrInput, rationale);
7629
8142
  return beliefsFacade.refine(nodeId, payload).then(exposeGatewayData);
7630
8143
  },
7631
8144
  updateConfidence(nodeId, input) {
@@ -7663,7 +8176,7 @@ function createLucernClient(config = {}) {
7663
8176
  }).then(exposeGatewayData);
7664
8177
  },
7665
8178
  archive(nodeId, input) {
7666
- const payload = typeof input === "string" ? { reason: input } : input ? { reason: input.reason ?? input.rationale } : void 0;
8179
+ const payload = buildBeliefsArchivePayload(input);
7667
8180
  return beliefsFacade.archive(nodeId, payload).then(exposeGatewayData);
7668
8181
  },
7669
8182
  list(args) {
@@ -7718,7 +8231,13 @@ function createLucernClient(config = {}) {
7718
8231
  }
7719
8232
  },
7720
8233
  edges: {
7721
- create(args) {
8234
+ create(args, idempotencyKey) {
8235
+ if (args.from && args.to) {
8236
+ return functionSurfaceClient.createEdge(args, idempotencyKey).then(exposeGatewayData);
8237
+ }
8238
+ if (!args.sourceId || !args.targetId) {
8239
+ throw new Error("from/to graph refs or sourceId/targetId are required");
8240
+ }
7722
8241
  return edgesFacade.create({
7723
8242
  sourceId: args.sourceId,
7724
8243
  targetId: args.targetId,
@@ -7729,17 +8248,32 @@ function createLucernClient(config = {}) {
7729
8248
  context: args.context ?? args.reasoning
7730
8249
  }).then(exposeGatewayData);
7731
8250
  },
8251
+ createEdge(input, idempotencyKey) {
8252
+ return functionSurfaceClient.createEdge(input, idempotencyKey).then(exposeGatewayData);
8253
+ },
7732
8254
  update(input, idempotencyKey) {
7733
- return edgesFacade.update(input, idempotencyKey).then(exposeGatewayData);
8255
+ return functionSurfaceClient.updateEdge(input, idempotencyKey).then(exposeGatewayData);
8256
+ },
8257
+ updateEdge(input, idempotencyKey) {
8258
+ return functionSurfaceClient.updateEdge(input, idempotencyKey).then(exposeGatewayData);
7734
8259
  },
7735
8260
  remove(input, idempotencyKey) {
7736
- return edgesFacade.remove(input, idempotencyKey).then(exposeGatewayData);
8261
+ return functionSurfaceClient.removeEdge(input, idempotencyKey).then(exposeGatewayData);
8262
+ },
8263
+ removeEdge(input, idempotencyKey) {
8264
+ return functionSurfaceClient.removeEdge(input, idempotencyKey).then(exposeGatewayData);
7737
8265
  },
7738
8266
  removeBetween(input, idempotencyKey) {
7739
- return edgesFacade.removeBetween(input, idempotencyKey).then(exposeGatewayData);
8267
+ return functionSurfaceClient.removeEdgesBetween(input, idempotencyKey).then(exposeGatewayData);
8268
+ },
8269
+ removeEdgesBetween(input, idempotencyKey) {
8270
+ return functionSurfaceClient.removeEdgesBetween(input, idempotencyKey).then(exposeGatewayData);
7740
8271
  },
7741
8272
  batchCreate(input, idempotencyKey) {
7742
- return edgesFacade.batchCreate(input, idempotencyKey).then(exposeGatewayData);
8273
+ return functionSurfaceClient.batchCreateEdges(input, idempotencyKey).then(exposeGatewayData);
8274
+ },
8275
+ batchCreateEdges(input, idempotencyKey) {
8276
+ return functionSurfaceClient.batchCreateEdges(input, idempotencyKey).then(exposeGatewayData);
7743
8277
  },
7744
8278
  delete(input, idempotencyKey) {
7745
8279
  return edgesFacade.delete(input, idempotencyKey).then(exposeGatewayData);
@@ -8451,17 +8985,7 @@ function createLucernClient(config = {}) {
8451
8985
  },
8452
8986
  get: topicsFacade.get,
8453
8987
  create(input) {
8454
- return topicsFacade.create({
8455
- name: input.name,
8456
- description: input.description,
8457
- type: input.type,
8458
- parentTopicId: input.parentTopicId,
8459
- ontologyId: input.ontologyId,
8460
- tenantId: input.tenantId,
8461
- workspaceId: input.workspaceId,
8462
- visibility: input.visibility,
8463
- createdBy: input.createdBy
8464
- });
8988
+ return functionSurfaceClient.createTopic(input).then(exposeGatewayData);
8465
8989
  },
8466
8990
  update(topicId, input) {
8467
8991
  return topicsFacade.update({
@@ -8495,7 +9019,19 @@ function createLucernClient(config = {}) {
8495
9019
  });
8496
9020
  },
8497
9021
  remove: topicsFacade.remove,
8498
- bulkCreate: topicsFacade.bulkCreate
9022
+ bulkCreate: topicsFacade.bulkCreate,
9023
+ materializeGraph(input = {}, idempotencyKey) {
9024
+ return functionSurfaceClient.materializeTopicGraph(input, idempotencyKey).then(exposeGatewayData);
9025
+ },
9026
+ materializeTopicGraph(input = {}, idempotencyKey) {
9027
+ return functionSurfaceClient.materializeTopicGraph(input, idempotencyKey).then(exposeGatewayData);
9028
+ },
9029
+ graphSpine(input = {}) {
9030
+ return functionSurfaceClient.getTopicGraphSpine(input).then(exposeGatewayData);
9031
+ },
9032
+ getTopicGraphSpine(input = {}) {
9033
+ return functionSurfaceClient.getTopicGraphSpine(input).then(exposeGatewayData);
9034
+ }
8499
9035
  },
8500
9036
  answers: {
8501
9037
  create(input) {
@@ -8703,7 +9239,7 @@ function createLucernClient(config = {}) {
8703
9239
  list: listRegisteredCustomTools,
8704
9240
  clear: clearRegisteredCustomTools,
8705
9241
  invoke(name, input = {}) {
8706
- const fullName = name.includes(".") ? name : `custom.${name}`;
9242
+ const fullName = resolveCustomToolFullName(name);
8707
9243
  return invokeCustomTool(fullName, input);
8708
9244
  },
8709
9245
  namespace: getCustomNamespace
@@ -8730,8 +9266,16 @@ function createLucernClient(config = {}) {
8730
9266
  disable: packsClient.disable
8731
9267
  },
8732
9268
  nodes: nodesNamespace,
9269
+ controlPlane: {
9270
+ identity: {
9271
+ resolveInteractivePrincipal: controlPlaneClient.identity.resolveInteractivePrincipal
9272
+ },
9273
+ raw: controlPlaneClient
9274
+ },
8733
9275
  identity: {
8734
9276
  ...identityFacade,
9277
+ access: accessControlClient,
9278
+ resolveInteractivePrincipal: identityClient.resolveInteractivePrincipal,
8735
9279
  evaluatePolicy: identityClient.evaluatePolicy,
8736
9280
  recordPolicyDecision: identityClient.recordPolicyDecision,
8737
9281
  putSecretReference: identityClient.putSecretReference,
@@ -8776,6 +9320,7 @@ function createLucernClient(config = {}) {
8776
9320
  ontologyLinks: ontologyLinksClient,
8777
9321
  orgGraphSearch: orgGraphSearchClient,
8778
9322
  functionSurface: functionSurfaceClient,
9323
+ controlPlane: controlPlaneClient,
8779
9324
  toolRegistry: toolRegistryClient,
8780
9325
  modelRuntime: modelRuntimeClient,
8781
9326
  packs: packsClient,