@lucern/sdk 0.3.0-alpha.9 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (152) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/README.md +60 -1
  3. package/dist/accessControl.d.ts +79 -0
  4. package/dist/accessControl.js +1270 -0
  5. package/dist/accessControl.js.map +1 -0
  6. package/dist/adminClient.js +19 -1
  7. package/dist/adminClient.js.map +1 -1
  8. package/dist/answersClient.js +19 -1
  9. package/dist/answersClient.js.map +1 -1
  10. package/dist/audiencesClient.js +19 -1
  11. package/dist/audiencesClient.js.map +1 -1
  12. package/dist/auditClient.js +19 -1
  13. package/dist/auditClient.js.map +1 -1
  14. package/dist/authContext.d.ts +2 -2
  15. package/dist/authContext.js.map +1 -1
  16. package/dist/beliefs/index.d.ts +2 -0
  17. package/dist/beliefs/index.js +1196 -663
  18. package/dist/beliefs/index.js.map +1 -1
  19. package/dist/beliefsClient.js +19 -1
  20. package/dist/beliefsClient.js.map +1 -1
  21. package/dist/client.d.ts +146 -70
  22. package/dist/client.js +1196 -663
  23. package/dist/client.js.map +1 -1
  24. package/dist/contextClient.js +19 -1
  25. package/dist/contextClient.js.map +1 -1
  26. package/dist/contracts/api-enums.contract.d.ts +1 -1
  27. package/dist/contracts/api-enums.contract.js +6 -1
  28. package/dist/contracts/api-enums.contract.js.map +1 -1
  29. package/dist/contracts/auth-session.contract.d.ts +1 -1
  30. package/dist/contracts/auth-session.contract.js +14 -2
  31. package/dist/contracts/auth-session.contract.js.map +1 -1
  32. package/dist/contracts/index.js +26 -3
  33. package/dist/contracts/index.js.map +1 -1
  34. package/dist/contracts/mcpTools.js +6 -0
  35. package/dist/contracts/mcpTools.js.map +1 -1
  36. package/dist/contradictions/index.d.ts +2 -0
  37. package/dist/contradictions/index.js +1196 -663
  38. package/dist/contradictions/index.js.map +1 -1
  39. package/dist/control-plane.d.ts +69 -0
  40. package/dist/control-plane.js +674 -0
  41. package/dist/control-plane.js.map +1 -0
  42. package/dist/coreClient.d.ts +17 -1
  43. package/dist/coreClient.js +19 -1
  44. package/dist/coreClient.js.map +1 -1
  45. package/dist/decisions/index.d.ts +2 -0
  46. package/dist/decisions/index.js +1196 -663
  47. package/dist/decisions/index.js.map +1 -1
  48. package/dist/decisionsClient.js +19 -1
  49. package/dist/decisionsClient.js.map +1 -1
  50. package/dist/edges/index.d.ts +26 -84
  51. package/dist/edges/index.js +1196 -663
  52. package/dist/edges/index.js.map +1 -1
  53. package/dist/embeddingsClient.js +19 -1
  54. package/dist/embeddingsClient.js.map +1 -1
  55. package/dist/eventingClient.js +19 -1
  56. package/dist/eventingClient.js.map +1 -1
  57. package/dist/eventsCore.js +19 -1
  58. package/dist/eventsCore.js.map +1 -1
  59. package/dist/evidence/index.d.ts +2 -0
  60. package/dist/evidence/index.js +1196 -663
  61. package/dist/evidence/index.js.map +1 -1
  62. package/dist/evidenceClient.js +19 -1
  63. package/dist/evidenceClient.js.map +1 -1
  64. package/dist/functionSurface.d.ts +16 -1
  65. package/dist/functionSurface.js +95 -2
  66. package/dist/functionSurface.js.map +1 -1
  67. package/dist/functionSurfaceClient.js +95 -2
  68. package/dist/functionSurfaceClient.js.map +1 -1
  69. package/dist/gatewayFacades.d.ts +29 -2
  70. package/dist/gatewayFacades.js +156 -8
  71. package/dist/gatewayFacades.js.map +1 -1
  72. package/dist/graphAnalysisClient.js +19 -1
  73. package/dist/graphAnalysisClient.js.map +1 -1
  74. package/dist/graphClient.d.ts +1 -0
  75. package/dist/graphClient.js +19 -1
  76. package/dist/graphClient.js.map +1 -1
  77. package/dist/graphIntel.d.ts +1 -0
  78. package/dist/graphRecommendationsClient.js +19 -1
  79. package/dist/graphRecommendationsClient.js.map +1 -1
  80. package/dist/graphStateClassifierClient.js +19 -1
  81. package/dist/graphStateClassifierClient.js.map +1 -1
  82. package/dist/harnessClient.js +19 -1
  83. package/dist/harnessClient.js.map +1 -1
  84. package/dist/identityClient.d.ts +19 -1
  85. package/dist/identityClient.js +152 -6
  86. package/dist/identityClient.js.map +1 -1
  87. package/dist/index.d.ts +4 -1
  88. package/dist/index.js +1281 -664
  89. package/dist/index.js.map +1 -1
  90. package/dist/infisicalRuntime.d.ts +1 -0
  91. package/dist/infisicalRuntime.js +64 -32
  92. package/dist/infisicalRuntime.js.map +1 -1
  93. package/dist/jobsClient.js +19 -1
  94. package/dist/jobsClient.js.map +1 -1
  95. package/dist/learningClient.js +19 -1
  96. package/dist/learningClient.js.map +1 -1
  97. package/dist/lenses/index.d.ts +2 -0
  98. package/dist/lenses/index.js +1196 -663
  99. package/dist/lenses/index.js.map +1 -1
  100. package/dist/mcpClient.js +21 -2
  101. package/dist/mcpClient.js.map +1 -1
  102. package/dist/modelRuntimeClient.js +19 -1
  103. package/dist/modelRuntimeClient.js.map +1 -1
  104. package/dist/nodes/index.d.ts +21 -15
  105. package/dist/nodes/index.js +1196 -663
  106. package/dist/nodes/index.js.map +1 -1
  107. package/dist/ontologies/index.d.ts +2 -0
  108. package/dist/ontologies/index.js +1196 -663
  109. package/dist/ontologies/index.js.map +1 -1
  110. package/dist/ontologyClient.js +19 -1
  111. package/dist/ontologyClient.js.map +1 -1
  112. package/dist/ontologyLinksClient.js +19 -1
  113. package/dist/ontologyLinksClient.js.map +1 -1
  114. package/dist/orgGraphSearchClient.js +19 -1
  115. package/dist/orgGraphSearchClient.js.map +1 -1
  116. package/dist/packsClient.js +19 -1
  117. package/dist/packsClient.js.map +1 -1
  118. package/dist/policyClient.js +19 -1
  119. package/dist/policyClient.js.map +1 -1
  120. package/dist/questions/index.d.ts +2 -0
  121. package/dist/questions/index.js +1196 -663
  122. package/dist/questions/index.js.map +1 -1
  123. package/dist/reportsClient.js +19 -1
  124. package/dist/reportsClient.js.map +1 -1
  125. package/dist/schemaClient.js +19 -1
  126. package/dist/schemaClient.js.map +1 -1
  127. package/dist/secrets.d.ts +1 -0
  128. package/dist/secrets.js +3 -0
  129. package/dist/secrets.js.map +1 -0
  130. package/dist/sourcesClient.js +19 -1
  131. package/dist/sourcesClient.js.map +1 -1
  132. package/dist/telemetryClient.js +19 -1
  133. package/dist/telemetryClient.js.map +1 -1
  134. package/dist/toolRegistryClient.js +19 -1
  135. package/dist/toolRegistryClient.js.map +1 -1
  136. package/dist/topics/index.d.ts +11 -3
  137. package/dist/topics/index.js +1198 -663
  138. package/dist/topics/index.js.map +1 -1
  139. package/dist/topicsClient.d.ts +2 -0
  140. package/dist/topicsClient.js +19 -1
  141. package/dist/topicsClient.js.map +1 -1
  142. package/dist/types.d.ts +17 -0
  143. package/dist/version.d.ts +1 -1
  144. package/dist/version.js +1 -1
  145. package/dist/version.js.map +1 -1
  146. package/dist/workflowClient.d.ts +2 -0
  147. package/dist/workflowClient.js +19 -1
  148. package/dist/workflowClient.js.map +1 -1
  149. package/dist/worktrees/index.d.ts +2 -0
  150. package/dist/worktrees/index.js +1196 -663
  151. package/dist/worktrees/index.js.map +1 -1
  152. package/package.json +9 -4
@@ -38,14 +38,14 @@ function requireString(value, reason, label) {
38
38
  }
39
39
  return normalized;
40
40
  }
41
- function requirePrincipalType(principalType) {
42
- if (!principalType) {
41
+ function requirePrincipalType(principalType2) {
42
+ if (!principalType2) {
43
43
  throw new LucernSdkAuthContextError(
44
44
  "principal_missing",
45
45
  "Canonical Lucern SDK auth context is missing principalType."
46
46
  );
47
47
  }
48
- return principalType;
48
+ return principalType2;
49
49
  }
50
50
  function requireAuthMode(authMode) {
51
51
  if (!authMode) {
@@ -91,7 +91,7 @@ function normalizeCanonicalLucernAuthContext(input) {
91
91
  );
92
92
  const roles = cleanStringList(input.roles);
93
93
  const scopes = cleanStringList(input.scopes);
94
- const principalType = requirePrincipalType(input.principalType);
94
+ const principalType2 = requirePrincipalType(input.principalType);
95
95
  const authMode = requireAuthMode(input.authMode);
96
96
  const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
97
97
  if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
@@ -120,7 +120,7 @@ function normalizeCanonicalLucernAuthContext(input) {
120
120
  principalId,
121
121
  tenantId,
122
122
  workspaceId,
123
- principalType,
123
+ principalType: principalType2,
124
124
  authMode,
125
125
  roles,
126
126
  scopes,
@@ -351,13 +351,31 @@ function mergeHeaderRecord(base, addition) {
351
351
  }
352
352
  return Object.fromEntries(headers.entries());
353
353
  }
354
+ function cleanHeaderValue(value) {
355
+ const normalized = value?.trim();
356
+ return normalized ? normalized : void 0;
357
+ }
354
358
  function createGatewayRequestClient(config = {}) {
355
359
  const fetchImpl = config.fetchImpl ?? fetch;
356
360
  const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
357
361
  const maxRetries = config.maxRetries ?? 2;
358
362
  const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
359
363
  async function resolveAuthHeaders() {
360
- const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
364
+ const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};
365
+ const headers = new Headers(provided);
366
+ const setIfAbsent = (name, value) => {
367
+ const normalized = cleanHeaderValue(value);
368
+ if (normalized && !headers.has(name)) {
369
+ headers.set(name, normalized);
370
+ }
371
+ };
372
+ setIfAbsent("x-lucern-key", config.apiKey);
373
+ setIfAbsent("x-lucern-session-token", config.userToken);
374
+ setIfAbsent("x-lucern-environment", config.environment);
375
+ setIfAbsent("x-lucern-clerk-id", config.clerkId);
376
+ setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
377
+ setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
378
+ const base = Object.fromEntries(headers.entries());
361
379
  const authContextInput = await resolveConfiguredAuthContext(
362
380
  config.authContext
363
381
  );
@@ -1054,208 +1072,929 @@ function createAdminClient(config = {}) {
1054
1072
  };
1055
1073
  }
1056
1074
 
1057
- // src/answersClient.ts
1058
- function createAnswersClient(config = {}) {
1059
- const gateway = createGatewayRequestClient(config);
1075
+ // src/boundaryClientSurface.ts
1076
+ function cleanOptionalString(value) {
1077
+ const normalized = value?.trim();
1078
+ return normalized ? normalized : void 0;
1079
+ }
1080
+ function isRecord3(value) {
1081
+ return Boolean(value) && typeof value === "object" && !Array.isArray(value);
1082
+ }
1083
+ function cleanRequiredString(value, label) {
1084
+ const normalized = cleanOptionalString(value);
1085
+ if (!normalized) {
1086
+ throw new Error(`${label} is required`);
1087
+ }
1088
+ return normalized;
1089
+ }
1090
+ function readTopicId(input) {
1091
+ return cleanOptionalString(input.topicId) ?? cleanOptionalString(input.projectId);
1092
+ }
1093
+ function requireTopicId(input) {
1094
+ const topicId = readTopicId(input);
1095
+ if (!topicId) {
1096
+ throw new Error("topicId is required");
1097
+ }
1098
+ return topicId;
1099
+ }
1100
+ function assertKnownKeys(input, allowed, operation) {
1101
+ const allowedSet = new Set(allowed);
1102
+ const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1103
+ if (unknownKeys.length > 0) {
1104
+ throw new Error(
1105
+ `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1106
+ );
1107
+ }
1108
+ }
1109
+ function knownPayload(input, allowed, operation) {
1110
+ assertKnownKeys(input, allowed, operation);
1111
+ return { ...input };
1112
+ }
1113
+ function topicPayload(input, allowed, operation) {
1114
+ assertKnownKeys(input, allowed, operation);
1060
1115
  return {
1061
- /**
1062
- * Get the current answer for a question.
1063
- * @param questionId - The question node identifier.
1064
- * @returns The answer record for the given question.
1065
- */
1066
- async get(questionId) {
1067
- return gateway.request({
1068
- path: `/api/platform/v1/questions/${encodeURIComponent(questionId)}/answer`
1069
- });
1070
- }
1116
+ ...input,
1117
+ topicId: requireTopicId(input),
1118
+ projectId: void 0
1071
1119
  };
1072
1120
  }
1121
+ function listResultFromEnvelope(data, legacyKey) {
1122
+ const record = isRecord3(data) ? data : {};
1123
+ const legacyItems = record[legacyKey];
1124
+ return createListResult(
1125
+ Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
1126
+ legacyKey
1127
+ );
1128
+ }
1073
1129
 
1074
- // src/audiencesClient.ts
1075
- function createAudiencesClient(config = {}) {
1076
- const gateway = createGatewayRequestClient(config);
1077
- const listRegistry = async (query5 = {}) => {
1078
- return gateway.request({
1079
- path: `/api/platform/v1/audiences/registry${toQueryString({
1080
- ...query5,
1081
- effective: typeof query5.effective === "boolean" ? query5.effective ? "true" : "false" : void 0,
1082
- status: query5.status
1083
- })}`
1084
- }).then(
1085
- (response) => mapGatewayData(
1086
- response,
1087
- (data) => createListResult(Array.isArray(data) ? data : [], "registryEntries")
1088
- )
1089
- );
1090
- };
1091
- const createRegistryEntry = async (input, idempotencyKey) => {
1092
- return gateway.request({
1093
- path: "/api/platform/v1/audiences/registry",
1094
- method: "POST",
1095
- body: input,
1096
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1097
- });
1098
- };
1099
- const updateRegistryEntry = createRegistryEntry;
1100
- const upsertRegistry = createRegistryEntry;
1101
- const getRegistry = listRegistry;
1102
- const listGrants = async (query5 = {}) => {
1103
- return gateway.request({
1104
- path: `/api/platform/v1/audiences/grants${toQueryString({
1105
- ...query5,
1106
- audienceKey: query5.audienceKey,
1107
- principalId: query5.principalId,
1108
- groupId: query5.groupId,
1109
- status: query5.status
1110
- })}`
1111
- }).then(
1112
- (response) => mapGatewayData(
1113
- response,
1114
- (data) => createListResult(Array.isArray(data) ? data : [], "grants")
1115
- )
1116
- );
1117
- };
1118
- const createGrant = async (input, idempotencyKey) => {
1119
- return gateway.request({
1120
- path: "/api/platform/v1/audiences/grants",
1121
- method: "POST",
1122
- body: input,
1123
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1124
- });
1125
- };
1126
- const getGrants = listGrants;
1127
- const grant = createGrant;
1128
- const deleteGrant = async (input, idempotencyKey) => {
1129
- return gateway.request({
1130
- path: "/api/platform/v1/audiences/grants/revoke",
1131
- method: "POST",
1132
- body: input,
1133
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1130
+ // src/control-plane.ts
1131
+ var LucernControlPlaneIdentityError = class extends Error {
1132
+ reason;
1133
+ principalStatus;
1134
+ tenantStatus;
1135
+ workspaceStatus;
1136
+ details;
1137
+ constructor(failure) {
1138
+ super(failure.message);
1139
+ this.name = "LucernControlPlaneIdentityError";
1140
+ this.reason = failure.reason;
1141
+ this.principalStatus = failure.principalStatus;
1142
+ this.tenantStatus = failure.tenantStatus;
1143
+ this.workspaceStatus = failure.workspaceStatus;
1144
+ this.details = failure.details;
1145
+ }
1146
+ };
1147
+ function cleanString3(value) {
1148
+ return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
1149
+ }
1150
+ function stringList(value) {
1151
+ if (!Array.isArray(value)) {
1152
+ return [];
1153
+ }
1154
+ return [
1155
+ ...new Set(
1156
+ value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
1157
+ )
1158
+ ];
1159
+ }
1160
+ function principalType(value) {
1161
+ switch (value) {
1162
+ case "service":
1163
+ case "service_principal":
1164
+ return "service";
1165
+ case "agent":
1166
+ return "agent";
1167
+ case "group":
1168
+ return "group";
1169
+ case "external_viewer":
1170
+ case "external_stakeholder":
1171
+ return "external_viewer";
1172
+ default:
1173
+ return "human";
1174
+ }
1175
+ }
1176
+ function adminFlags(roles) {
1177
+ const normalized = roles.map((role) => role.toLowerCase());
1178
+ const isPlatformAdmin = normalized.includes("platform_admin");
1179
+ const isTenantAdmin = isPlatformAdmin || normalized.includes("tenant_admin");
1180
+ const isWorkspaceAdmin = isTenantAdmin || normalized.includes("workspace_admin") || normalized.includes("workspace_owner");
1181
+ return { isPlatformAdmin, isTenantAdmin, isWorkspaceAdmin };
1182
+ }
1183
+ function normalizeResolvedInteractivePrincipal(payload) {
1184
+ if ("ok" in payload && payload.ok === false) {
1185
+ throw new LucernControlPlaneIdentityError(payload);
1186
+ }
1187
+ const principalId = cleanString3(payload.principalId);
1188
+ const clerkId = cleanString3(payload.clerkId);
1189
+ const tenantId = cleanString3(payload.tenantId);
1190
+ if (!principalId || !clerkId || !tenantId) {
1191
+ throw new LucernControlPlaneIdentityError({
1192
+ ok: false,
1193
+ reason: "resolver_unavailable",
1194
+ message: "Control-plane principal resolver returned an incomplete principal context.",
1195
+ principalStatus: payload.principalStatus ?? "missing",
1196
+ tenantStatus: payload.tenantStatus,
1197
+ workspaceStatus: payload.workspaceStatus
1134
1198
  });
1135
- };
1136
- const revokeGrant = deleteGrant;
1199
+ }
1200
+ const roles = stringList(payload.roles);
1201
+ const scopes = stringList(payload.scopes);
1202
+ const workspaceId = cleanString3(payload.workspaceId) ?? null;
1203
+ const flags = adminFlags(roles);
1137
1204
  return {
1138
- /**
1139
- * List audience registry entries.
1140
- */
1141
- listRegistry,
1142
- /**
1143
- * @deprecated Use listRegistry.
1144
- */
1145
- getRegistry,
1146
- /**
1147
- * Create an audience registry entry.
1148
- */
1149
- createRegistryEntry,
1150
- /**
1151
- * Update an audience registry entry.
1152
- */
1153
- updateRegistryEntry,
1154
- /**
1155
- * @deprecated Use createRegistryEntry or updateRegistryEntry.
1156
- */
1157
- upsertRegistry,
1158
- /**
1159
- * List audience grants.
1160
- */
1161
- listGrants,
1162
- /**
1163
- * @deprecated Use listGrants.
1164
- */
1165
- getGrants,
1166
- /**
1167
- * Create an audience grant.
1168
- */
1169
- createGrant,
1170
- /**
1171
- * @deprecated Use createGrant.
1172
- */
1173
- grant,
1174
- /**
1175
- * Delete an audience grant by revoking it.
1176
- */
1177
- deleteGrant,
1178
- /**
1179
- * @deprecated Use deleteGrant.
1180
- */
1181
- revokeGrant
1205
+ principalId,
1206
+ principalType: principalType(payload.principalType),
1207
+ clerkId,
1208
+ tenantId,
1209
+ workspaceId,
1210
+ roles,
1211
+ scopes,
1212
+ groupIds: stringList(payload.groupIds),
1213
+ permittedToolNames: stringList(payload.permittedToolNames),
1214
+ permittedPackKeys: stringList(payload.permittedPackKeys),
1215
+ principalStatus: cleanString3(payload.principalStatus) ?? "active",
1216
+ tenantStatus: cleanString3(payload.tenantStatus) ?? "active",
1217
+ workspaceStatus: cleanString3(payload.workspaceStatus) ?? (workspaceId ? "active" : "none"),
1218
+ isPlatformAdmin: typeof payload.isPlatformAdmin === "boolean" ? payload.isPlatformAdmin : flags.isPlatformAdmin,
1219
+ isTenantAdmin: typeof payload.isTenantAdmin === "boolean" ? payload.isTenantAdmin : flags.isTenantAdmin,
1220
+ isWorkspaceAdmin: typeof payload.isWorkspaceAdmin === "boolean" ? payload.isWorkspaceAdmin : flags.isWorkspaceAdmin,
1221
+ permit: {
1222
+ subject: cleanString3(payload.permit?.subject) ?? principalId,
1223
+ tenant: cleanString3(payload.permit?.tenant) ?? tenantId,
1224
+ ...workspaceId ? { workspace: cleanString3(payload.permit?.workspace) ?? workspaceId } : {}
1225
+ },
1226
+ authMode: "interactive_user",
1227
+ sessionId: payload.sessionId,
1228
+ delegatedBy: payload.delegatedBy,
1229
+ expiresAt: payload.expiresAt
1182
1230
  };
1183
1231
  }
1184
-
1185
- // src/auditClient.ts
1186
- function createAuditClient(config = {}) {
1232
+ function createControlPlaneIdentityClient(config = {}) {
1187
1233
  const gateway = createGatewayRequestClient(config);
1188
1234
  return {
1189
- /**
1190
- * List audit events for the current scope.
1191
- */
1192
- async listEvents(query5 = {}) {
1235
+ async resolveInteractivePrincipal(input) {
1193
1236
  return gateway.request({
1194
- path: `/api/platform/v1/audit/events${toQueryString(
1195
- normalizeTopicQuery(query5)
1196
- )}`
1237
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1238
+ method: "POST",
1239
+ body: input
1197
1240
  }).then(
1198
- (response) => mapGatewayData(
1199
- response,
1200
- (data) => createListResult(Array.isArray(data) ? data : [], "events")
1201
- )
1241
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1202
1242
  );
1203
1243
  }
1204
1244
  };
1205
1245
  }
1206
-
1207
- // src/authDeviceClient.ts
1208
- var DeviceAuthorizationError = class extends Error {
1209
- error;
1210
- interval;
1211
- constructor(args) {
1212
- super(args.description ?? args.error);
1213
- this.name = "DeviceAuthorizationError";
1214
- this.error = args.error;
1215
- this.interval = args.interval;
1216
- }
1217
- };
1218
- function authBaseUrl(config) {
1219
- return config.baseUrl?.replace(/\/+$/, "") ?? "";
1220
- }
1221
- async function readJson(response) {
1222
- try {
1223
- const payload = await response.json();
1224
- return isRecord3(payload) ? payload : {};
1225
- } catch (error) {
1226
- return unreadableJsonBodyFallback();
1227
- }
1228
- }
1229
- function unreadableJsonBodyFallback(_error) {
1230
- return {};
1231
- }
1232
- function isRecord3(value) {
1233
- return value !== null && typeof value === "object" && !Array.isArray(value);
1234
- }
1235
- function readString(value) {
1236
- const normalized = typeof value === "string" ? value.trim() : "";
1237
- return normalized || void 0;
1238
- }
1239
- function assertDeviceCodeResponse(payload) {
1240
- const deviceCode = readString(payload.device_code);
1241
- const userCode = readString(payload.user_code);
1242
- const verificationUri = readString(payload.verification_uri);
1243
- const verificationUriComplete = readString(payload.verification_uri_complete);
1244
- const expiresIn = payload.expires_in;
1245
- const interval = payload.interval;
1246
- if (!deviceCode || !userCode || !verificationUri || !verificationUriComplete || typeof expiresIn !== "number" || typeof interval !== "number") {
1247
- throw new Error("Gateway returned an invalid device-code response.");
1248
- }
1246
+ function createControlPlaneClient(config = {}) {
1249
1247
  return {
1250
- device_code: deviceCode,
1251
- user_code: userCode,
1252
- verification_uri: verificationUri,
1253
- verification_uri_complete: verificationUriComplete,
1254
- expires_in: expiresIn,
1255
- interval
1248
+ identity: createControlPlaneIdentityClient(config)
1256
1249
  };
1257
1250
  }
1258
- function assertDeviceTokenResponse(payload) {
1251
+
1252
+ // src/identityClient.ts
1253
+ function createIdentityWhoamiClient(config = {}) {
1254
+ const gateway = createGatewayRequestClient(config);
1255
+ return {
1256
+ async whoami() {
1257
+ return gateway.request({
1258
+ path: "/api/platform/v1/identity/whoami"
1259
+ });
1260
+ }
1261
+ };
1262
+ }
1263
+ var TENANT_IDENTITY_FIELDS = [
1264
+ "tenantId",
1265
+ "workspaceId",
1266
+ "principalId",
1267
+ "integrationKey",
1268
+ "secretRef",
1269
+ "policySubject",
1270
+ "policyAction",
1271
+ "policyResource",
1272
+ "decision",
1273
+ "config",
1274
+ "configKey",
1275
+ "configValue",
1276
+ "provider",
1277
+ "status",
1278
+ "metadata",
1279
+ "limit",
1280
+ "cursor"
1281
+ ];
1282
+ function tenantIdentityQuery(input) {
1283
+ return {
1284
+ tenantId: cleanRequiredString(input.tenantId, "tenantId"),
1285
+ workspaceId: input.workspaceId,
1286
+ principalId: input.principalId,
1287
+ limit: input.limit,
1288
+ cursor: input.cursor
1289
+ };
1290
+ }
1291
+ function tenantIdentityBody(input, operation) {
1292
+ return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
1293
+ }
1294
+ function createIdentityClient(config = {}) {
1295
+ const gateway = createGatewayRequestClient(config);
1296
+ const whoamiClient = createIdentityWhoamiClient(config);
1297
+ const requestPrincipalWrite = (method, input, idempotencyKey) => gateway.request({
1298
+ path: "/api/platform/v1/identity/principals",
1299
+ method,
1300
+ body: input,
1301
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1302
+ });
1303
+ const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
1304
+ const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
1305
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
1306
+ method: "POST",
1307
+ body: input,
1308
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1309
+ });
1310
+ return {
1311
+ /**
1312
+ * Resolve the current authenticated identity summary.
1313
+ */
1314
+ async whoami() {
1315
+ return whoamiClient.whoami().then(
1316
+ (response) => mapGatewayData(response, (data) => ({
1317
+ principalId: data.principalId,
1318
+ principalType: data.principalType,
1319
+ clerkId: data.clerkId,
1320
+ tenantId: data.tenantId ?? null,
1321
+ workspaceId: data.workspaceId ?? null,
1322
+ scopes: Array.isArray(data.scopes) ? data.scopes : [],
1323
+ roles: Array.isArray(data.roles) ? data.roles : [],
1324
+ groupIds: Array.isArray(data.groupIds) ? data.groupIds : [],
1325
+ permittedToolNames: Array.isArray(data.permittedToolNames) ? data.permittedToolNames : [],
1326
+ permittedPackKeys: Array.isArray(data.permittedPackKeys) ? data.permittedPackKeys : [],
1327
+ principalStatus: data.principalStatus,
1328
+ tenantStatus: data.tenantStatus,
1329
+ workspaceStatus: data.workspaceStatus,
1330
+ isPlatformAdmin: data.isPlatformAdmin === true,
1331
+ isTenantAdmin: data.isTenantAdmin === true,
1332
+ isWorkspaceAdmin: data.isWorkspaceAdmin === true,
1333
+ permit: data.permit ?? (data.tenantId ? {
1334
+ subject: data.principalId,
1335
+ tenant: data.tenantId,
1336
+ ...data.workspaceId ? { workspace: data.workspaceId } : {}
1337
+ } : void 0),
1338
+ authMode: data.authMode,
1339
+ sessionId: data.sessionId,
1340
+ delegatedBy: data.delegatedBy,
1341
+ expiresAt: data.expiresAt
1342
+ }))
1343
+ );
1344
+ },
1345
+ /**
1346
+ * Resolve a Clerk subject through the tenant control-plane Permit projection.
1347
+ * @deprecated Prefer lucern.controlPlane.identity.resolveInteractivePrincipal().
1348
+ */
1349
+ async resolveInteractivePrincipal(input) {
1350
+ return gateway.request({
1351
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1352
+ method: "POST",
1353
+ body: input
1354
+ }).then(
1355
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1356
+ );
1357
+ },
1358
+ /**
1359
+ * List principals in the current identity scope.
1360
+ */
1361
+ async listPrincipals(query5 = {}) {
1362
+ return gateway.request({
1363
+ path: `/api/platform/v1/identity/principals${toQueryString(query5)}`
1364
+ }).then(
1365
+ (response) => mapGatewayData(
1366
+ response,
1367
+ (data) => createListResult(
1368
+ Array.isArray(data) ? data : [],
1369
+ "principals"
1370
+ )
1371
+ )
1372
+ );
1373
+ },
1374
+ /**
1375
+ * Create a principal.
1376
+ */
1377
+ async createPrincipal(input, idempotencyKey) {
1378
+ return requestPrincipalWrite("POST", input, idempotencyKey);
1379
+ },
1380
+ /**
1381
+ * Update a principal.
1382
+ */
1383
+ updatePrincipal,
1384
+ /**
1385
+ * @deprecated Use createPrincipal or updatePrincipal.
1386
+ */
1387
+ upsertPrincipal: updatePrincipal,
1388
+ /**
1389
+ * List keys in the current identity scope.
1390
+ */
1391
+ async listKeys(query5 = {}) {
1392
+ return gateway.request({
1393
+ path: `/api/platform/v1/identity/keys${toQueryString(query5)}`
1394
+ }).then(
1395
+ (response) => mapGatewayData(
1396
+ response,
1397
+ (data) => createListResult(Array.isArray(data) ? data : [], "keys")
1398
+ )
1399
+ );
1400
+ },
1401
+ /**
1402
+ * Create an API key.
1403
+ */
1404
+ async createKey(input, idempotencyKey) {
1405
+ return gateway.request({
1406
+ path: "/api/platform/v1/identity/keys",
1407
+ method: "POST",
1408
+ body: input,
1409
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1410
+ });
1411
+ },
1412
+ /**
1413
+ * Rotate an API key.
1414
+ */
1415
+ async rotateKey(keyId, input = {}, idempotencyKey) {
1416
+ return gateway.request({
1417
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/rotate`,
1418
+ method: "POST",
1419
+ body: input,
1420
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1421
+ });
1422
+ },
1423
+ /**
1424
+ * Delete an API key by revoking it.
1425
+ */
1426
+ deleteKey,
1427
+ /**
1428
+ * @deprecated Use deleteKey.
1429
+ */
1430
+ revokeKey: deleteKey,
1431
+ /**
1432
+ * Search Clerk users by email or display attributes.
1433
+ */
1434
+ async searchClerkUsers(q) {
1435
+ return gateway.request({
1436
+ path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
1437
+ });
1438
+ },
1439
+ async getTenantConfig(input) {
1440
+ return gateway.request({
1441
+ path: `/api/platform/v1/identity/tenant-config${toQueryString(
1442
+ tenantIdentityQuery(input)
1443
+ )}`
1444
+ });
1445
+ },
1446
+ async updateTenantConfig(input, idempotencyKey) {
1447
+ cleanRequiredString(input.tenantId, "tenantId");
1448
+ return gateway.request({
1449
+ path: "/api/platform/v1/identity/tenant-config",
1450
+ method: "PATCH",
1451
+ body: tenantIdentityBody(
1452
+ input,
1453
+ "identity.updateTenantConfig"
1454
+ ),
1455
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1456
+ });
1457
+ },
1458
+ async listIntegrations(input) {
1459
+ return gateway.request({
1460
+ path: `/api/platform/v1/identity/integrations${toQueryString(
1461
+ tenantIdentityQuery(input)
1462
+ )}`
1463
+ }).then(
1464
+ (response) => mapGatewayData(
1465
+ response,
1466
+ (data) => listResultFromEnvelope(
1467
+ data,
1468
+ "integrations"
1469
+ )
1470
+ )
1471
+ );
1472
+ },
1473
+ async upsertIntegration(input, idempotencyKey) {
1474
+ cleanRequiredString(input.tenantId, "tenantId");
1475
+ cleanRequiredString(input.integrationKey, "integrationKey");
1476
+ return gateway.request({
1477
+ path: "/api/platform/v1/identity/integrations",
1478
+ method: "PUT",
1479
+ body: tenantIdentityBody(
1480
+ input,
1481
+ "identity.upsertIntegration"
1482
+ ),
1483
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1484
+ });
1485
+ },
1486
+ async listSecrets(input) {
1487
+ return gateway.request({
1488
+ path: `/api/platform/v1/identity/secrets${toQueryString(
1489
+ tenantIdentityQuery(input)
1490
+ )}`
1491
+ }).then(
1492
+ (response) => mapGatewayData(
1493
+ response,
1494
+ (data) => listResultFromEnvelope(
1495
+ data,
1496
+ "secrets"
1497
+ )
1498
+ )
1499
+ );
1500
+ },
1501
+ async putSecretReference(input, idempotencyKey) {
1502
+ cleanRequiredString(input.tenantId, "tenantId");
1503
+ cleanRequiredString(input.secretRef, "secretRef");
1504
+ return gateway.request({
1505
+ path: "/api/platform/v1/identity/secrets",
1506
+ method: "PUT",
1507
+ body: tenantIdentityBody(
1508
+ input,
1509
+ "identity.putSecretReference"
1510
+ ),
1511
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1512
+ });
1513
+ },
1514
+ async evaluatePolicy(input, idempotencyKey) {
1515
+ cleanRequiredString(input.tenantId, "tenantId");
1516
+ cleanRequiredString(input.policySubject, "policySubject");
1517
+ cleanRequiredString(input.policyAction, "policyAction");
1518
+ cleanRequiredString(input.policyResource, "policyResource");
1519
+ return gateway.request({
1520
+ path: "/api/platform/v1/identity/policy/evaluate",
1521
+ method: "POST",
1522
+ body: tenantIdentityBody(
1523
+ input,
1524
+ "identity.evaluatePolicy"
1525
+ ),
1526
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1527
+ });
1528
+ },
1529
+ async recordPolicyDecision(input, idempotencyKey) {
1530
+ cleanRequiredString(input.tenantId, "tenantId");
1531
+ cleanRequiredString(input.decision, "decision");
1532
+ return gateway.request({
1533
+ path: "/api/platform/v1/identity/policy/decisions",
1534
+ method: "POST",
1535
+ body: tenantIdentityBody(
1536
+ input,
1537
+ "identity.recordPolicyDecision"
1538
+ ),
1539
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1540
+ });
1541
+ }
1542
+ };
1543
+ }
1544
+
1545
+ // src/accessControl.ts
1546
+ var LucernAccessControlError = class extends LucernSdkAuthContextError {
1547
+ policyDecision;
1548
+ constructor(reason, message, policyDecision) {
1549
+ super(reason, message);
1550
+ this.name = "LucernAccessControlError";
1551
+ this.policyDecision = policyDecision;
1552
+ }
1553
+ };
1554
+ function cleanString4(value) {
1555
+ const normalized = value?.trim();
1556
+ return normalized ? normalized : void 0;
1557
+ }
1558
+ function cleanStringList2(values) {
1559
+ if (!values) {
1560
+ return [];
1561
+ }
1562
+ return [
1563
+ ...new Set(
1564
+ values.map((value) => value.trim()).filter((value) => value.length > 0)
1565
+ )
1566
+ ];
1567
+ }
1568
+ function requireString2(value, reason, label) {
1569
+ const normalized = cleanString4(value);
1570
+ if (!normalized) {
1571
+ throw new LucernAccessControlError(
1572
+ reason,
1573
+ `Lucern SDK access control requires ${label}.`
1574
+ );
1575
+ }
1576
+ return normalized;
1577
+ }
1578
+ function normalizePrincipalType(principalType2) {
1579
+ if (principalType2 === "agent") {
1580
+ return "agent";
1581
+ }
1582
+ if (principalType2 === "service") {
1583
+ return "service";
1584
+ }
1585
+ if (principalType2 === "group") {
1586
+ return "group";
1587
+ }
1588
+ if (principalType2 === "external_viewer") {
1589
+ return "external_viewer";
1590
+ }
1591
+ return "human";
1592
+ }
1593
+ function aliasKey(alias) {
1594
+ return `${alias.provider}:${alias.providerProjectId ?? ""}:${alias.externalSubjectId}`;
1595
+ }
1596
+ function normalizeAliases(input, canonicalClerkUserId) {
1597
+ const aliases = /* @__PURE__ */ new Map();
1598
+ for (const alias of input ?? []) {
1599
+ const externalSubjectId = cleanString4(alias.externalSubjectId);
1600
+ if (!externalSubjectId) {
1601
+ continue;
1602
+ }
1603
+ const normalized = {
1604
+ provider: cleanString4(alias.provider) ?? "clerk",
1605
+ providerProjectId: cleanString4(alias.providerProjectId),
1606
+ externalSubjectId,
1607
+ status: cleanString4(alias.status)
1608
+ };
1609
+ aliases.set(aliasKey(normalized), normalized);
1610
+ }
1611
+ if (canonicalClerkUserId) {
1612
+ const canonicalAlias = {
1613
+ provider: "clerk",
1614
+ externalSubjectId: canonicalClerkUserId,
1615
+ status: "active"
1616
+ };
1617
+ aliases.set(aliasKey(canonicalAlias), canonicalAlias);
1618
+ }
1619
+ return [...aliases.values()];
1620
+ }
1621
+ function isKnownClerkSubject(args) {
1622
+ if (args.clerkId === args.canonicalClerkUserId) {
1623
+ return true;
1624
+ }
1625
+ return args.aliases.some(
1626
+ (alias) => alias.provider === "clerk" && alias.externalSubjectId === args.clerkId
1627
+ );
1628
+ }
1629
+ function authContextToPrincipalInput(input) {
1630
+ const normalized = normalizeCanonicalLucernAuthContext(input);
1631
+ return {
1632
+ principalId: normalized.principalId,
1633
+ principalType: normalized.principalType,
1634
+ canonicalClerkUserId: normalized.clerkId,
1635
+ clerkId: normalized.clerkId,
1636
+ tenantId: normalized.tenantId,
1637
+ workspaceId: normalized.workspaceId,
1638
+ roles: normalized.roles,
1639
+ scopes: normalized.scopes
1640
+ };
1641
+ }
1642
+ function isAuthContextInput(input) {
1643
+ return "authMode" in input || "permit" in input || "delegationChain" in input;
1644
+ }
1645
+ function normalizeCanonicalPrincipalIdentity(input, options = {}) {
1646
+ const principalInput = isAuthContextInput(input) ? authContextToPrincipalInput(input) : input;
1647
+ const principalId = requireString2(
1648
+ principalInput.principalId,
1649
+ "principal_missing",
1650
+ "principalId"
1651
+ );
1652
+ const principalType2 = normalizePrincipalType(principalInput.principalType);
1653
+ const observedClerkId = cleanString4(options.observedClerkId);
1654
+ const canonicalClerkUserId = cleanString4(principalInput.canonicalClerkUserId) ?? cleanString4(principalInput.clerkId);
1655
+ if (principalType2 === "human" && !canonicalClerkUserId) {
1656
+ throw new LucernAccessControlError(
1657
+ "clerk_alias_missing",
1658
+ "Human principals require one canonical Clerk user id."
1659
+ );
1660
+ }
1661
+ const aliases = normalizeAliases(
1662
+ principalInput.clerkIdentityAliases,
1663
+ canonicalClerkUserId
1664
+ );
1665
+ if (observedClerkId && !isKnownClerkSubject({
1666
+ clerkId: observedClerkId,
1667
+ canonicalClerkUserId,
1668
+ aliases
1669
+ })) {
1670
+ throw new LucernAccessControlError(
1671
+ "clerk_alias_unrecognized",
1672
+ "Observed Clerk user id does not match the canonical human principal id."
1673
+ );
1674
+ }
1675
+ return {
1676
+ principalId,
1677
+ principalType: principalType2,
1678
+ canonicalClerkUserId,
1679
+ clerkIdentityAliases: aliases,
1680
+ tenantId: cleanString4(principalInput.tenantId),
1681
+ workspaceId: cleanString4(principalInput.workspaceId),
1682
+ roles: cleanStringList2(principalInput.roles),
1683
+ scopes: cleanStringList2(principalInput.scopes)
1684
+ };
1685
+ }
1686
+ function formatPermitResource(resource) {
1687
+ if (typeof resource === "string") {
1688
+ return requireString2(resource, "policy_denied", "policyResource");
1689
+ }
1690
+ const type = requireString2(resource.type, "policy_denied", "resource.type");
1691
+ const key = requireString2(resource.key, "policy_denied", "resource.key");
1692
+ return key.startsWith(`${type}:`) ? key : `${type}:${key}`;
1693
+ }
1694
+ function resourceRequiresWorkspace(resource) {
1695
+ if (typeof resource === "string") {
1696
+ return !resource.startsWith("tenant:");
1697
+ }
1698
+ return resource.type !== "tenant";
1699
+ }
1700
+ function buildPolicyInput(identity, input) {
1701
+ const tenantId = requireString2(
1702
+ input.tenantId ?? identity.tenantId,
1703
+ "tenant_missing",
1704
+ "tenantId"
1705
+ );
1706
+ const workspaceId = cleanString4(input.workspaceId ?? identity.workspaceId);
1707
+ if (resourceRequiresWorkspace(input.resource) && !workspaceId) {
1708
+ throw new LucernAccessControlError(
1709
+ "workspace_missing",
1710
+ "Workspace-scoped Permit checks require workspaceId."
1711
+ );
1712
+ }
1713
+ return {
1714
+ tenantId,
1715
+ workspaceId,
1716
+ principalId: identity.principalId,
1717
+ policySubject: identity.principalId,
1718
+ policyAction: requireString2(input.action, "policy_denied", "policyAction"),
1719
+ policyResource: formatPermitResource(input.resource),
1720
+ metadata: input.context
1721
+ };
1722
+ }
1723
+ async function resolveConfiguredPrincipalInput(authContext) {
1724
+ if (typeof authContext === "function") {
1725
+ return await authContext();
1726
+ }
1727
+ return authContext;
1728
+ }
1729
+ function assertPermitAllowed(decision) {
1730
+ if (decision.decision !== "allow") {
1731
+ throw new LucernAccessControlError(
1732
+ decision.decision === "deny" ? "policy_denied" : "policy_unknown",
1733
+ `Permit denied ${decision.policyAction} on ${decision.policyResource}.`,
1734
+ decision
1735
+ );
1736
+ }
1737
+ }
1738
+ function createAccessControlClient(config = {}) {
1739
+ const identityClient = createIdentityClient(config);
1740
+ async function resolveIdentity(input, observedClerkId) {
1741
+ const identityInput = input ?? await resolveConfiguredPrincipalInput(config.authContext);
1742
+ if (!identityInput) {
1743
+ throw new LucernAccessControlError(
1744
+ "principal_missing",
1745
+ "Lucern SDK access control requires a canonical principal identity."
1746
+ );
1747
+ }
1748
+ return normalizeCanonicalPrincipalIdentity(identityInput, {
1749
+ observedClerkId
1750
+ });
1751
+ }
1752
+ async function checkAccess(input, idempotencyKey) {
1753
+ const identity = await resolveIdentity(input.identity, input.observedClerkId);
1754
+ const policyInput = buildPolicyInput(identity, input);
1755
+ try {
1756
+ const response = await identityClient.evaluatePolicy(
1757
+ policyInput,
1758
+ idempotencyKey
1759
+ );
1760
+ return {
1761
+ identity,
1762
+ policyInput,
1763
+ decision: response.data
1764
+ };
1765
+ } catch (error) {
1766
+ if (error instanceof LucernSdkAuthContextError) {
1767
+ throw error;
1768
+ }
1769
+ throw new LucernAccessControlError(
1770
+ "policy_unavailable",
1771
+ "Permit policy check failed closed before an allow decision was returned."
1772
+ );
1773
+ }
1774
+ }
1775
+ async function requireAccess(input, idempotencyKey) {
1776
+ const result = await checkAccess(input, idempotencyKey);
1777
+ assertPermitAllowed(result.decision);
1778
+ return result;
1779
+ }
1780
+ async function canAccess(input, idempotencyKey) {
1781
+ try {
1782
+ await requireAccess(input, idempotencyKey);
1783
+ return true;
1784
+ } catch {
1785
+ return false;
1786
+ }
1787
+ }
1788
+ return {
1789
+ normalizePrincipal: normalizeCanonicalPrincipalIdentity,
1790
+ checkAccess,
1791
+ requireAccess,
1792
+ canAccess
1793
+ };
1794
+ }
1795
+
1796
+ // src/answersClient.ts
1797
+ function createAnswersClient(config = {}) {
1798
+ const gateway = createGatewayRequestClient(config);
1799
+ return {
1800
+ /**
1801
+ * Get the current answer for a question.
1802
+ * @param questionId - The question node identifier.
1803
+ * @returns The answer record for the given question.
1804
+ */
1805
+ async get(questionId) {
1806
+ return gateway.request({
1807
+ path: `/api/platform/v1/questions/${encodeURIComponent(questionId)}/answer`
1808
+ });
1809
+ }
1810
+ };
1811
+ }
1812
+
1813
+ // src/audiencesClient.ts
1814
+ function createAudiencesClient(config = {}) {
1815
+ const gateway = createGatewayRequestClient(config);
1816
+ const listRegistry = async (query5 = {}) => {
1817
+ return gateway.request({
1818
+ path: `/api/platform/v1/audiences/registry${toQueryString({
1819
+ ...query5,
1820
+ effective: typeof query5.effective === "boolean" ? query5.effective ? "true" : "false" : void 0,
1821
+ status: query5.status
1822
+ })}`
1823
+ }).then(
1824
+ (response) => mapGatewayData(
1825
+ response,
1826
+ (data) => createListResult(Array.isArray(data) ? data : [], "registryEntries")
1827
+ )
1828
+ );
1829
+ };
1830
+ const createRegistryEntry = async (input, idempotencyKey) => {
1831
+ return gateway.request({
1832
+ path: "/api/platform/v1/audiences/registry",
1833
+ method: "POST",
1834
+ body: input,
1835
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1836
+ });
1837
+ };
1838
+ const updateRegistryEntry = createRegistryEntry;
1839
+ const upsertRegistry = createRegistryEntry;
1840
+ const getRegistry = listRegistry;
1841
+ const listGrants = async (query5 = {}) => {
1842
+ return gateway.request({
1843
+ path: `/api/platform/v1/audiences/grants${toQueryString({
1844
+ ...query5,
1845
+ audienceKey: query5.audienceKey,
1846
+ principalId: query5.principalId,
1847
+ groupId: query5.groupId,
1848
+ status: query5.status
1849
+ })}`
1850
+ }).then(
1851
+ (response) => mapGatewayData(
1852
+ response,
1853
+ (data) => createListResult(Array.isArray(data) ? data : [], "grants")
1854
+ )
1855
+ );
1856
+ };
1857
+ const createGrant = async (input, idempotencyKey) => {
1858
+ return gateway.request({
1859
+ path: "/api/platform/v1/audiences/grants",
1860
+ method: "POST",
1861
+ body: input,
1862
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1863
+ });
1864
+ };
1865
+ const getGrants = listGrants;
1866
+ const grant = createGrant;
1867
+ const deleteGrant = async (input, idempotencyKey) => {
1868
+ return gateway.request({
1869
+ path: "/api/platform/v1/audiences/grants/revoke",
1870
+ method: "POST",
1871
+ body: input,
1872
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1873
+ });
1874
+ };
1875
+ const revokeGrant = deleteGrant;
1876
+ return {
1877
+ /**
1878
+ * List audience registry entries.
1879
+ */
1880
+ listRegistry,
1881
+ /**
1882
+ * @deprecated Use listRegistry.
1883
+ */
1884
+ getRegistry,
1885
+ /**
1886
+ * Create an audience registry entry.
1887
+ */
1888
+ createRegistryEntry,
1889
+ /**
1890
+ * Update an audience registry entry.
1891
+ */
1892
+ updateRegistryEntry,
1893
+ /**
1894
+ * @deprecated Use createRegistryEntry or updateRegistryEntry.
1895
+ */
1896
+ upsertRegistry,
1897
+ /**
1898
+ * List audience grants.
1899
+ */
1900
+ listGrants,
1901
+ /**
1902
+ * @deprecated Use listGrants.
1903
+ */
1904
+ getGrants,
1905
+ /**
1906
+ * Create an audience grant.
1907
+ */
1908
+ createGrant,
1909
+ /**
1910
+ * @deprecated Use createGrant.
1911
+ */
1912
+ grant,
1913
+ /**
1914
+ * Delete an audience grant by revoking it.
1915
+ */
1916
+ deleteGrant,
1917
+ /**
1918
+ * @deprecated Use deleteGrant.
1919
+ */
1920
+ revokeGrant
1921
+ };
1922
+ }
1923
+
1924
+ // src/auditClient.ts
1925
+ function createAuditClient(config = {}) {
1926
+ const gateway = createGatewayRequestClient(config);
1927
+ return {
1928
+ /**
1929
+ * List audit events for the current scope.
1930
+ */
1931
+ async listEvents(query5 = {}) {
1932
+ return gateway.request({
1933
+ path: `/api/platform/v1/audit/events${toQueryString(
1934
+ normalizeTopicQuery(query5)
1935
+ )}`
1936
+ }).then(
1937
+ (response) => mapGatewayData(
1938
+ response,
1939
+ (data) => createListResult(Array.isArray(data) ? data : [], "events")
1940
+ )
1941
+ );
1942
+ }
1943
+ };
1944
+ }
1945
+
1946
+ // src/authDeviceClient.ts
1947
+ var DeviceAuthorizationError = class extends Error {
1948
+ error;
1949
+ interval;
1950
+ constructor(args) {
1951
+ super(args.description ?? args.error);
1952
+ this.name = "DeviceAuthorizationError";
1953
+ this.error = args.error;
1954
+ this.interval = args.interval;
1955
+ }
1956
+ };
1957
+ function authBaseUrl(config) {
1958
+ return config.baseUrl?.replace(/\/+$/, "") ?? "";
1959
+ }
1960
+ async function readJson(response) {
1961
+ try {
1962
+ const payload = await response.json();
1963
+ return isRecord4(payload) ? payload : {};
1964
+ } catch (error) {
1965
+ return unreadableJsonBodyFallback();
1966
+ }
1967
+ }
1968
+ function unreadableJsonBodyFallback(_error) {
1969
+ return {};
1970
+ }
1971
+ function isRecord4(value) {
1972
+ return value !== null && typeof value === "object" && !Array.isArray(value);
1973
+ }
1974
+ function readString(value) {
1975
+ const normalized = typeof value === "string" ? value.trim() : "";
1976
+ return normalized || void 0;
1977
+ }
1978
+ function assertDeviceCodeResponse(payload) {
1979
+ const deviceCode = readString(payload.device_code);
1980
+ const userCode = readString(payload.user_code);
1981
+ const verificationUri = readString(payload.verification_uri);
1982
+ const verificationUriComplete = readString(payload.verification_uri_complete);
1983
+ const expiresIn = payload.expires_in;
1984
+ const interval = payload.interval;
1985
+ if (!deviceCode || !userCode || !verificationUri || !verificationUriComplete || typeof expiresIn !== "number" || typeof interval !== "number") {
1986
+ throw new Error("Gateway returned an invalid device-code response.");
1987
+ }
1988
+ return {
1989
+ device_code: deviceCode,
1990
+ user_code: userCode,
1991
+ verification_uri: verificationUri,
1992
+ verification_uri_complete: verificationUriComplete,
1993
+ expires_in: expiresIn,
1994
+ interval
1995
+ };
1996
+ }
1997
+ function assertDeviceTokenResponse(payload) {
1259
1998
  const accessToken = readString(payload.access_token);
1260
1999
  const tokenType = readString(payload.token_type);
1261
2000
  const scope = readString(payload.scope);
@@ -1272,7 +2011,7 @@ function assertDeviceTokenResponse(payload) {
1272
2011
  tenant_id: tenantId,
1273
2012
  workspace_id: readString(payload.workspace_id),
1274
2013
  principal_id: principalId,
1275
- user: isRecord3(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
2014
+ user: isRecord4(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
1276
2015
  id: payload.user.id,
1277
2016
  principalId: payload.user.principalId
1278
2017
  } : void 0
@@ -1608,70 +2347,15 @@ function createEvidenceClient(config = {}) {
1608
2347
  path: "/api/platform/v1/evidence/classify-batch",
1609
2348
  method: "POST",
1610
2349
  body: {
1611
- beliefId,
1612
- evidence,
1613
- config: classificationConfig
1614
- },
1615
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1616
- });
1617
- }
1618
- };
1619
- }
1620
-
1621
- // src/boundaryClientSurface.ts
1622
- function cleanOptionalString(value) {
1623
- const normalized = value?.trim();
1624
- return normalized ? normalized : void 0;
1625
- }
1626
- function isRecord4(value) {
1627
- return Boolean(value) && typeof value === "object" && !Array.isArray(value);
1628
- }
1629
- function cleanRequiredString(value, label) {
1630
- const normalized = cleanOptionalString(value);
1631
- if (!normalized) {
1632
- throw new Error(`${label} is required`);
1633
- }
1634
- return normalized;
1635
- }
1636
- function readTopicId(input) {
1637
- return cleanOptionalString(input.topicId) ?? cleanOptionalString(input.projectId);
1638
- }
1639
- function requireTopicId(input) {
1640
- const topicId = readTopicId(input);
1641
- if (!topicId) {
1642
- throw new Error("topicId is required");
1643
- }
1644
- return topicId;
1645
- }
1646
- function assertKnownKeys(input, allowed, operation) {
1647
- const allowedSet = new Set(allowed);
1648
- const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1649
- if (unknownKeys.length > 0) {
1650
- throw new Error(
1651
- `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1652
- );
1653
- }
1654
- }
1655
- function knownPayload(input, allowed, operation) {
1656
- assertKnownKeys(input, allowed, operation);
1657
- return { ...input };
1658
- }
1659
- function topicPayload(input, allowed, operation) {
1660
- assertKnownKeys(input, allowed, operation);
1661
- return {
1662
- ...input,
1663
- topicId: requireTopicId(input),
1664
- projectId: void 0
2350
+ beliefId,
2351
+ evidence,
2352
+ config: classificationConfig
2353
+ },
2354
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2355
+ });
2356
+ }
1665
2357
  };
1666
2358
  }
1667
- function listResultFromEnvelope(data, legacyKey) {
1668
- const record = isRecord4(data) ? data : {};
1669
- const legacyItems = record[legacyKey];
1670
- return createListResult(
1671
- Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
1672
- legacyKey
1673
- );
1674
- }
1675
2359
 
1676
2360
  // src/eventingClient.ts
1677
2361
  var EVENTING_FIELDS = [
@@ -2278,421 +2962,153 @@ function createGraphClient(config = {}) {
2278
2962
  ...input,
2279
2963
  verificationStatus
2280
2964
  },
2281
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2282
- });
2283
- },
2284
- /**
2285
- * Permanently delete a node via the admin-only hard-delete route.
2286
- */
2287
- async hardDeleteNode(input, idempotencyKey) {
2288
- return gateway.request({
2289
- path: "/api/platform/v1/graph/nodes/hard-delete",
2290
- method: "POST",
2291
- body: input,
2292
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2293
- });
2294
- },
2295
- /**
2296
- * List graph edges matching the provided filters.
2297
- */
2298
- async listEdges(query5) {
2299
- return gateway.request({
2300
- path: `/api/platform/v1/graph/edges${toQueryString(
2301
- normalizeTopicQuery(query5)
2302
- )}`
2303
- }).then(
2304
- (response) => mapGatewayData(
2305
- response,
2306
- (data) => mapAliasedList(data, "edges")
2307
- )
2308
- );
2309
- },
2310
- /**
2311
- * Create a graph edge.
2312
- */
2313
- async createEdge(input, idempotencyKey) {
2314
- return gateway.request({
2315
- path: "/api/platform/v1/graph/edges",
2316
- method: "POST",
2317
- body: normalizeTopicQuery(input),
2318
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2319
- });
2320
- },
2321
- /**
2322
- * Delete one or more edges matching the provided filter.
2323
- */
2324
- async deleteEdge(query5, idempotencyKey) {
2325
- return gateway.request({
2326
- path: `/api/platform/v1/graph/edges${toQueryString(query5)}`,
2327
- method: "DELETE",
2328
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2329
- });
2330
- },
2331
- /**
2332
- * Retrieve a graph neighborhood around a root node.
2333
- */
2334
- async neighborhood(query5) {
2335
- return gateway.request({
2336
- path: `/api/platform/v1/graph/neighborhood${toQueryString(query5)}`
2337
- });
2338
- },
2339
- /**
2340
- * Traverse the graph from a starting node.
2341
- */
2342
- async traverse(query5) {
2343
- return gateway.request({
2344
- path: "/api/platform/v1/graph/traverse",
2345
- method: "POST",
2346
- body: normalizeTopicQuery(query5)
2347
- });
2348
- },
2349
- /**
2350
- * Analyze graph structure for a topic.
2351
- */
2352
- async analyze(query5 = {}) {
2353
- const normalized = normalizeTopicQuery(query5);
2354
- return gateway.request({
2355
- path: `/api/platform/v1/graph/analyze${toQueryString({
2356
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2357
- metric: typeof normalized.metric === "string" ? normalized.metric : void 0,
2358
- limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2359
- })}`
2360
- });
2361
- },
2362
- /**
2363
- * Detect confirmation-bias patterns for a topic graph.
2364
- */
2365
- async bias(query5 = {}) {
2366
- const normalized = normalizeTopicQuery(query5);
2367
- return gateway.request({
2368
- path: `/api/platform/v1/graph/bias${toQueryString({
2369
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2370
- threshold: typeof normalized.threshold === "number" ? normalized.threshold : void 0,
2371
- limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2372
- })}`
2373
- });
2374
- },
2375
- /**
2376
- * Find graph gaps for beliefs that still need testing.
2377
- */
2378
- async gaps(query5) {
2379
- const normalized = normalizeTopicQuery(query5);
2380
- return gateway.request({
2381
- path: `/api/platform/v1/graph/gaps${toQueryString({
2382
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2383
- minConfidence: typeof normalized.minConfidence === "number" ? normalized.minConfidence : void 0
2384
- })}`
2385
- });
2386
- },
2387
- /**
2388
- * Search across graph resources within a topic.
2389
- */
2390
- async search(query5) {
2391
- return gateway.request({
2392
- path: "/api/platform/v1/search",
2393
- method: "POST",
2394
- body: normalizeTopicQuery(query5)
2395
- });
2396
- },
2397
- /**
2398
- * Retrieve the shortest known path between two graph nodes.
2399
- */
2400
- async getPath(query5) {
2401
- return gateway.request({
2402
- path: `/api/platform/v1/graph/path${toQueryString(query5)}`
2403
- });
2404
- },
2405
- /**
2406
- * Retrieve graph analytics for the requested metric.
2407
- */
2408
- async getAnalytics(query5 = {}) {
2409
- return gateway.request({
2410
- path: `/api/platform/v1/graph/analytics${toQueryString(query5)}`
2411
- });
2412
- }
2413
- };
2414
- return Object.assign(client, {
2415
- queryNodes: client.listNodes,
2416
- queryEdges: client.listEdges,
2417
- getNeighborhood: client.neighborhood
2418
- });
2419
- }
2420
-
2421
- // src/identityClient.ts
2422
- function createIdentityWhoamiClient(config = {}) {
2423
- const gateway = createGatewayRequestClient(config);
2424
- return {
2425
- async whoami() {
2426
- return gateway.request({
2427
- path: "/api/platform/v1/identity/whoami"
2428
- });
2429
- }
2430
- };
2431
- }
2432
- var TENANT_IDENTITY_FIELDS = [
2433
- "tenantId",
2434
- "workspaceId",
2435
- "principalId",
2436
- "integrationKey",
2437
- "secretRef",
2438
- "policySubject",
2439
- "policyAction",
2440
- "policyResource",
2441
- "decision",
2442
- "config",
2443
- "configKey",
2444
- "configValue",
2445
- "provider",
2446
- "status",
2447
- "metadata",
2448
- "limit",
2449
- "cursor"
2450
- ];
2451
- function tenantIdentityQuery(input) {
2452
- return {
2453
- tenantId: cleanRequiredString(input.tenantId, "tenantId"),
2454
- workspaceId: input.workspaceId,
2455
- principalId: input.principalId,
2456
- limit: input.limit,
2457
- cursor: input.cursor
2458
- };
2459
- }
2460
- function tenantIdentityBody(input, operation) {
2461
- return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
2462
- }
2463
- function createIdentityClient(config = {}) {
2464
- const gateway = createGatewayRequestClient(config);
2465
- const whoamiClient = createIdentityWhoamiClient(config);
2466
- const requestPrincipalWrite = (method, input, idempotencyKey) => gateway.request({
2467
- path: "/api/platform/v1/identity/principals",
2468
- method,
2469
- body: input,
2470
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2471
- });
2472
- const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
2473
- const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
2474
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
2475
- method: "POST",
2476
- body: input,
2477
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2478
- });
2479
- return {
2480
- /**
2481
- * Resolve the current authenticated identity summary.
2482
- */
2483
- async whoami() {
2484
- return whoamiClient.whoami().then(
2485
- (response) => mapGatewayData(response, (data) => ({
2486
- principalId: data.principalId,
2487
- principalType: data.principalType,
2488
- tenantId: data.tenantId ?? null,
2489
- workspaceId: data.workspaceId ?? null,
2490
- scopes: Array.isArray(data.scopes) ? data.scopes : [],
2491
- roles: Array.isArray(data.roles) ? data.roles : [],
2492
- isPlatformAdmin: data.isPlatformAdmin === true,
2493
- isTenantAdmin: data.isTenantAdmin === true,
2494
- isWorkspaceAdmin: data.isWorkspaceAdmin === true,
2495
- authMode: data.authMode,
2496
- sessionId: data.sessionId,
2497
- delegatedBy: data.delegatedBy,
2498
- expiresAt: data.expiresAt
2499
- }))
2500
- );
2501
- },
2502
- /**
2503
- * List principals in the current identity scope.
2504
- */
2505
- async listPrincipals(query5 = {}) {
2506
- return gateway.request({
2507
- path: `/api/platform/v1/identity/principals${toQueryString(query5)}`
2508
- }).then(
2509
- (response) => mapGatewayData(
2510
- response,
2511
- (data) => createListResult(
2512
- Array.isArray(data) ? data : [],
2513
- "principals"
2514
- )
2515
- )
2516
- );
2517
- },
2518
- /**
2519
- * Create a principal.
2520
- */
2521
- async createPrincipal(input, idempotencyKey) {
2522
- return requestPrincipalWrite("POST", input, idempotencyKey);
2965
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2966
+ });
2523
2967
  },
2524
2968
  /**
2525
- * Update a principal.
2526
- */
2527
- updatePrincipal,
2528
- /**
2529
- * @deprecated Use createPrincipal or updatePrincipal.
2969
+ * Permanently delete a node via the admin-only hard-delete route.
2530
2970
  */
2531
- upsertPrincipal: updatePrincipal,
2971
+ async hardDeleteNode(input, idempotencyKey) {
2972
+ return gateway.request({
2973
+ path: "/api/platform/v1/graph/nodes/hard-delete",
2974
+ method: "POST",
2975
+ body: input,
2976
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2977
+ });
2978
+ },
2532
2979
  /**
2533
- * List keys in the current identity scope.
2980
+ * List graph edges matching the provided filters.
2534
2981
  */
2535
- async listKeys(query5 = {}) {
2982
+ async listEdges(query5) {
2536
2983
  return gateway.request({
2537
- path: `/api/platform/v1/identity/keys${toQueryString(query5)}`
2984
+ path: `/api/platform/v1/graph/edges${toQueryString(
2985
+ normalizeTopicQuery(query5)
2986
+ )}`
2538
2987
  }).then(
2539
2988
  (response) => mapGatewayData(
2540
2989
  response,
2541
- (data) => createListResult(Array.isArray(data) ? data : [], "keys")
2990
+ (data) => mapAliasedList(data, "edges")
2542
2991
  )
2543
2992
  );
2544
2993
  },
2545
2994
  /**
2546
- * Create an API key.
2995
+ * Create a graph edge.
2547
2996
  */
2548
- async createKey(input, idempotencyKey) {
2997
+ async createEdge(input, idempotencyKey) {
2549
2998
  return gateway.request({
2550
- path: "/api/platform/v1/identity/keys",
2999
+ path: "/api/platform/v1/graph/edges",
2551
3000
  method: "POST",
2552
- body: input,
3001
+ body: normalizeTopicQuery(input),
2553
3002
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2554
3003
  });
2555
3004
  },
2556
3005
  /**
2557
- * Rotate an API key.
3006
+ * Delete one or more edges matching the provided filter.
2558
3007
  */
2559
- async rotateKey(keyId, input = {}, idempotencyKey) {
3008
+ async deleteEdge(query5, idempotencyKey) {
2560
3009
  return gateway.request({
2561
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/rotate`,
2562
- method: "POST",
2563
- body: input,
3010
+ path: `/api/platform/v1/graph/edges${toQueryString(query5)}`,
3011
+ method: "DELETE",
2564
3012
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2565
3013
  });
2566
3014
  },
2567
3015
  /**
2568
- * Delete an API key by revoking it.
2569
- */
2570
- deleteKey,
2571
- /**
2572
- * @deprecated Use deleteKey.
2573
- */
2574
- revokeKey: deleteKey,
2575
- /**
2576
- * Search Clerk users by email or display attributes.
3016
+ * Retrieve a graph neighborhood around a root node.
2577
3017
  */
2578
- async searchClerkUsers(q) {
3018
+ async neighborhood(query5) {
2579
3019
  return gateway.request({
2580
- path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
3020
+ path: `/api/platform/v1/graph/neighborhood${toQueryString(query5)}`
2581
3021
  });
2582
3022
  },
2583
- async getTenantConfig(input) {
3023
+ /**
3024
+ * Traverse the graph from a starting node.
3025
+ */
3026
+ async traverse(query5) {
2584
3027
  return gateway.request({
2585
- path: `/api/platform/v1/identity/tenant-config${toQueryString(
2586
- tenantIdentityQuery(input)
2587
- )}`
3028
+ path: "/api/platform/v1/graph/traverse",
3029
+ method: "POST",
3030
+ body: normalizeTopicQuery(query5)
2588
3031
  });
2589
3032
  },
2590
- async updateTenantConfig(input, idempotencyKey) {
2591
- cleanRequiredString(input.tenantId, "tenantId");
3033
+ /**
3034
+ * Analyze graph structure for a topic.
3035
+ */
3036
+ async analyze(query5 = {}) {
3037
+ const normalized = normalizeTopicQuery(query5);
2592
3038
  return gateway.request({
2593
- path: "/api/platform/v1/identity/tenant-config",
2594
- method: "PATCH",
2595
- body: tenantIdentityBody(
2596
- input,
2597
- "identity.updateTenantConfig"
2598
- ),
2599
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3039
+ path: `/api/platform/v1/graph/analyze${toQueryString({
3040
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
3041
+ metric: typeof normalized.metric === "string" ? normalized.metric : void 0,
3042
+ limit: typeof normalized.limit === "number" ? normalized.limit : void 0
3043
+ })}`
2600
3044
  });
2601
3045
  },
2602
- async listIntegrations(input) {
2603
- return gateway.request({
2604
- path: `/api/platform/v1/identity/integrations${toQueryString(
2605
- tenantIdentityQuery(input)
2606
- )}`
2607
- }).then(
2608
- (response) => mapGatewayData(
2609
- response,
2610
- (data) => listResultFromEnvelope(
2611
- data,
2612
- "integrations"
2613
- )
2614
- )
2615
- );
2616
- },
2617
- async upsertIntegration(input, idempotencyKey) {
2618
- cleanRequiredString(input.tenantId, "tenantId");
2619
- cleanRequiredString(input.integrationKey, "integrationKey");
3046
+ /**
3047
+ * Detect confirmation-bias patterns for a topic graph.
3048
+ */
3049
+ async bias(query5 = {}) {
3050
+ const normalized = normalizeTopicQuery(query5);
2620
3051
  return gateway.request({
2621
- path: "/api/platform/v1/identity/integrations",
2622
- method: "PUT",
2623
- body: tenantIdentityBody(
2624
- input,
2625
- "identity.upsertIntegration"
2626
- ),
2627
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3052
+ path: `/api/platform/v1/graph/bias${toQueryString({
3053
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
3054
+ threshold: typeof normalized.threshold === "number" ? normalized.threshold : void 0,
3055
+ limit: typeof normalized.limit === "number" ? normalized.limit : void 0
3056
+ })}`
2628
3057
  });
2629
3058
  },
2630
- async listSecrets(input) {
3059
+ /**
3060
+ * Find graph gaps for beliefs that still need testing.
3061
+ */
3062
+ async gaps(query5) {
3063
+ const normalized = normalizeTopicQuery(query5);
2631
3064
  return gateway.request({
2632
- path: `/api/platform/v1/identity/secrets${toQueryString(
2633
- tenantIdentityQuery(input)
2634
- )}`
2635
- }).then(
2636
- (response) => mapGatewayData(
2637
- response,
2638
- (data) => listResultFromEnvelope(
2639
- data,
2640
- "secrets"
2641
- )
2642
- )
2643
- );
3065
+ path: `/api/platform/v1/graph/gaps${toQueryString({
3066
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
3067
+ minConfidence: typeof normalized.minConfidence === "number" ? normalized.minConfidence : void 0
3068
+ })}`
3069
+ });
2644
3070
  },
2645
- async putSecretReference(input, idempotencyKey) {
2646
- cleanRequiredString(input.tenantId, "tenantId");
2647
- cleanRequiredString(input.secretRef, "secretRef");
3071
+ /**
3072
+ * Search across graph resources within a topic.
3073
+ */
3074
+ async search(query5) {
2648
3075
  return gateway.request({
2649
- path: "/api/platform/v1/identity/secrets",
2650
- method: "PUT",
2651
- body: tenantIdentityBody(
2652
- input,
2653
- "identity.putSecretReference"
2654
- ),
2655
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3076
+ path: "/api/platform/v1/search",
3077
+ method: "POST",
3078
+ body: normalizeTopicQuery(query5)
2656
3079
  });
2657
3080
  },
2658
- async evaluatePolicy(input, idempotencyKey) {
2659
- cleanRequiredString(input.tenantId, "tenantId");
2660
- cleanRequiredString(input.policySubject, "policySubject");
2661
- cleanRequiredString(input.policyAction, "policyAction");
2662
- cleanRequiredString(input.policyResource, "policyResource");
3081
+ /**
3082
+ * Retrieve the shortest known path between two graph nodes.
3083
+ */
3084
+ async getPath(query5) {
2663
3085
  return gateway.request({
2664
- path: "/api/platform/v1/identity/policy/evaluate",
2665
- method: "POST",
2666
- body: tenantIdentityBody(
2667
- input,
2668
- "identity.evaluatePolicy"
2669
- ),
2670
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3086
+ path: `/api/platform/v1/graph/path${toQueryString(query5)}`
2671
3087
  });
2672
3088
  },
2673
- async recordPolicyDecision(input, idempotencyKey) {
2674
- cleanRequiredString(input.tenantId, "tenantId");
2675
- cleanRequiredString(input.decision, "decision");
3089
+ /**
3090
+ * Retrieve graph analytics for the requested metric.
3091
+ */
3092
+ async getAnalytics(query5 = {}) {
2676
3093
  return gateway.request({
2677
- path: "/api/platform/v1/identity/policy/decisions",
2678
- method: "POST",
2679
- body: tenantIdentityBody(
2680
- input,
2681
- "identity.recordPolicyDecision"
2682
- ),
2683
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3094
+ path: `/api/platform/v1/graph/analytics${toQueryString(query5)}`
2684
3095
  });
2685
3096
  }
2686
3097
  };
3098
+ return Object.assign(client, {
3099
+ queryNodes: client.listNodes,
3100
+ queryEdges: client.listEdges,
3101
+ getNeighborhood: client.neighborhood
3102
+ });
2687
3103
  }
2688
3104
 
2689
3105
  // src/topicsClient.ts
2690
- function cleanString3(value) {
3106
+ function cleanString5(value) {
2691
3107
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
2692
3108
  }
2693
3109
  function normalizeTopicRecord(value) {
2694
3110
  const record = asRecord(value);
2695
- const topicId = cleanString3(record.topicId) ?? cleanString3(record.id) ?? cleanString3(record._id);
3111
+ const topicId = cleanString5(record.topicId) ?? cleanString5(record.id) ?? cleanString5(record._id);
2696
3112
  return withTopicAlias({
2697
3113
  ...record,
2698
3114
  ...topicId ? { topicId } : {}
@@ -3411,6 +3827,8 @@ function createTasksFacade(config = {}) {
3411
3827
  description: input.description,
3412
3828
  priority: input.priority,
3413
3829
  status: input.status,
3830
+ assigneeId: input.assigneeId,
3831
+ blockedReason: input.blockedReason,
3414
3832
  linkedBeliefId: input.linkedBeliefId,
3415
3833
  linkedQuestionId: input.linkedQuestionId,
3416
3834
  linkedWorktreeId: input.linkedWorktreeId,
@@ -3905,7 +4323,7 @@ function createEmbeddingsClient(config = {}) {
3905
4323
  }
3906
4324
 
3907
4325
  // src/contextClient.ts
3908
- function cleanString4(value) {
4326
+ function cleanString6(value) {
3909
4327
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
3910
4328
  }
3911
4329
  function cleanNumber(value) {
@@ -3917,11 +4335,11 @@ function cleanBoolean(value) {
3917
4335
  function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3918
4336
  const effectiveInput = typeof topicIdOrInput === "string" ? input : topicIdOrInput;
3919
4337
  const payload = {};
3920
- const topicId = typeof topicIdOrInput === "string" ? cleanString4(topicIdOrInput) : cleanString4(effectiveInput.topicId);
4338
+ const topicId = typeof topicIdOrInput === "string" ? cleanString6(topicIdOrInput) : cleanString6(effectiveInput.topicId);
3921
4339
  if (topicId) {
3922
4340
  payload.topicId = topicId;
3923
4341
  }
3924
- const query5 = cleanString4(effectiveInput.query);
4342
+ const query5 = cleanString6(effectiveInput.query);
3925
4343
  if (query5) {
3926
4344
  payload.query = query5;
3927
4345
  }
@@ -3929,7 +4347,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3929
4347
  if (budget !== void 0) {
3930
4348
  payload.budget = budget;
3931
4349
  }
3932
- const ranking = cleanString4(effectiveInput.ranking) ?? cleanString4(effectiveInput.rankingProfile);
4350
+ const ranking = cleanString6(effectiveInput.ranking) ?? cleanString6(effectiveInput.rankingProfile);
3933
4351
  if (ranking) {
3934
4352
  payload.ranking = ranking;
3935
4353
  }
@@ -3945,7 +4363,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3945
4363
  if (includeEntities !== void 0) {
3946
4364
  payload.includeEntities = includeEntities;
3947
4365
  }
3948
- const mode = cleanString4(effectiveInput.mode);
4366
+ const mode = cleanString6(effectiveInput.mode);
3949
4367
  if (mode) {
3950
4368
  payload.mode = mode;
3951
4369
  }
@@ -3953,11 +4371,11 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3953
4371
  if (includeFailures !== void 0) {
3954
4372
  payload.includeFailures = includeFailures;
3955
4373
  }
3956
- const worktreeId = cleanString4(effectiveInput.worktreeId);
4374
+ const worktreeId = cleanString6(effectiveInput.worktreeId);
3957
4375
  if (worktreeId) {
3958
4376
  payload.worktreeId = worktreeId;
3959
4377
  }
3960
- const sessionId = cleanString4(effectiveInput.sessionId);
4378
+ const sessionId = cleanString6(effectiveInput.sessionId);
3961
4379
  if (sessionId) {
3962
4380
  payload.sessionId = sessionId;
3963
4381
  }
@@ -4843,7 +5261,8 @@ function createMcpClient(config = {}) {
4843
5261
  transportKind: input.transportKind,
4844
5262
  sessionId: input.sessionId,
4845
5263
  agentIdentity: input.agentIdentity,
4846
- workspaceId: input.workspaceId
5264
+ workspaceId: input.workspaceId,
5265
+ worktreeId: input.worktreeId
4847
5266
  };
4848
5267
  return gateway.request({
4849
5268
  path: `${MCP_GATEWAY_BOOTSTRAP_ENDPOINT}${toQueryString(scope)}`,
@@ -4934,8 +5353,11 @@ var CONTRACTS = {
4934
5353
  "apply_lens_to_topic": { method: "POST", path: "/lenses/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
4935
5354
  "apply_ontology": { method: "POST", path: "/ontologies/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
4936
5355
  "archive_belief": { method: "DELETE", path: "/beliefs", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5356
+ "archive_epistemic_node": { method: "POST", path: "/nodes/archive", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4937
5357
  "archive_ontology": { method: "DELETE", path: "/ontologies", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
4938
5358
  "archive_question": { method: "DELETE", path: "/questions", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5359
+ "batch_create_edges": { method: "POST", path: "/edges/batch", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5360
+ "batch_create_epistemic_nodes": { method: "POST", path: "/nodes/batch", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4939
5361
  "begin_build_session": { method: "POST", path: "/mcp/build-session/begin", kind: "mutation", idempotent: true, surfaceIntent: "system" },
4940
5362
  "bisect_confidence": { method: "POST", path: "/beliefs/confidence/bisect", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4941
5363
  "broadcast_message": { method: "POST", path: "/coordination/messages/broadcast", kind: "mutation", idempotent: true, surfaceIntent: "system" },
@@ -4947,6 +5369,7 @@ var CONTRACTS = {
4947
5369
  "create_belief": { method: "POST", path: "/beliefs", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4948
5370
  "create_edge": { method: "POST", path: "/edges", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
4949
5371
  "create_epistemic_contract": { method: "POST", path: "/contracts", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5372
+ "create_epistemic_node": { method: "POST", path: "/nodes", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4950
5373
  "create_evidence": { method: "POST", path: "/evidence", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4951
5374
  "create_lens": { method: "POST", path: "/lenses", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
4952
5375
  "create_ontology": { method: "POST", path: "/ontologies", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
@@ -4974,6 +5397,7 @@ var CONTRACTS = {
4974
5397
  "get_code_context": { method: "POST", path: "/coding/context", kind: "query", idempotent: false, surfaceIntent: "system" },
4975
5398
  "get_confidence_history": { method: "POST", path: "/beliefs/confidence-history", kind: "query", idempotent: false, surfaceIntent: "compatibility" },
4976
5399
  "get_contract_status": { method: "POST", path: "/contracts/status", kind: "query", idempotent: false, surfaceIntent: "mcp_governance" },
5400
+ "get_epistemic_node": { method: "GET", path: "/nodes/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4977
5401
  "get_evidence": { method: "GET", path: "/evidence/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4978
5402
  "get_failure_log": { method: "POST", path: "/coding/failure-log", kind: "query", idempotent: false, surfaceIntent: "system" },
4979
5403
  "get_falsification_questions": { method: "POST", path: "/questions/falsification", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
@@ -4987,6 +5411,7 @@ var CONTRACTS = {
4987
5411
  "get_question": { method: "GET", path: "/questions/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4988
5412
  "get_topic": { method: "GET", path: "/topics/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4989
5413
  "get_topic_coverage": { method: "POST", path: "/graph/topic-coverage", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5414
+ "get_topic_graph_spine": { method: "GET", path: "/topics/graph-spine", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4990
5415
  "get_topic_tree": { method: "GET", path: "/topics/tree", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4991
5416
  "heartbeat_session": { method: "POST", path: "/coordination/heartbeat-session", kind: "mutation", idempotent: true, surfaceIntent: "system" },
4992
5417
  "identity_whoami": { method: "GET", path: "/identity/whoami", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
@@ -4998,6 +5423,7 @@ var CONTRACTS = {
4998
5423
  "list_all_worktrees": { method: "GET", path: "/worktrees/all", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
4999
5424
  "list_beliefs": { method: "GET", path: "/beliefs", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5000
5425
  "list_campaigns": { method: "GET", path: "/worktrees/campaigns", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5426
+ "list_epistemic_nodes": { method: "GET", path: "/nodes", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5001
5427
  "list_evidence": { method: "GET", path: "/evidence", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5002
5428
  "list_graph_intelligence_queries": { method: "POST", path: "/graph-intelligence/queries", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5003
5429
  "list_lenses": { method: "GET", path: "/lenses", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
@@ -5008,6 +5434,7 @@ var CONTRACTS = {
5008
5434
  "list_worktrees": { method: "GET", path: "/worktrees", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5009
5435
  "manage_write_policy": { method: "POST", path: "/policy/write-policy/manage", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5010
5436
  "match_entity_type": { method: "POST", path: "/ontologies/match-entity-type", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5437
+ "materialize_topic_graph": { method: "POST", path: "/topics/materialize-graph", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5011
5438
  "merge": { method: "POST", path: "/worktrees/merge", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5012
5439
  "modulate_confidence": { method: "POST", path: "/beliefs/confidence", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5013
5440
  "open_pull_request": { method: "POST", path: "/worktrees/open-pull-request", kind: "mutation", idempotent: true, surfaceIntent: "system" },
@@ -5021,22 +5448,29 @@ var CONTRACTS = {
5021
5448
  "refine_belief": { method: "PATCH", path: "/beliefs/refine", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5022
5449
  "refine_question": { method: "PATCH", path: "/questions/refine", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5023
5450
  "register_session": { method: "POST", path: "/coordination/register-session", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5451
+ "remove_edge": { method: "DELETE", path: "/edges", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5452
+ "remove_edges_between": { method: "DELETE", path: "/edges/between", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5024
5453
  "remove_lens_from_topic": { method: "DELETE", path: "/lenses/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5025
5454
  "resolve_effective_ontology": { method: "POST", path: "/ontologies/effective", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5455
+ "resolve_interactive_principal": { method: "POST", path: "/control-plane/identity/resolve-interactive-principal", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5026
5456
  "run_graph_intelligence_query": { method: "POST", path: "/graph-intelligence/run", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5027
5457
  "search_beliefs": { method: "POST", path: "/beliefs/search", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5028
5458
  "search_evidence": { method: "POST", path: "/evidence/search", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5029
5459
  "seed_belief_lattice": { method: "POST", path: "/scope/belief-lattice/seed", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5030
5460
  "send_agent_message": { method: "POST", path: "/coordination/messages/send", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5461
+ "supersede_epistemic_node": { method: "POST", path: "/nodes/supersede", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5031
5462
  "trace_entity_impact": { method: "POST", path: "/graph/trace-entity-impact", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5032
5463
  "traverse_graph": { method: "POST", path: "/graph/traverse", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5033
5464
  "trigger_belief_review": { method: "POST", path: "/context/belief-review", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5465
+ "update_edge": { method: "PATCH", path: "/edges", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5466
+ "update_epistemic_node": { method: "PATCH", path: "/nodes", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5034
5467
  "update_ontology": { method: "PATCH", path: "/ontologies", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5035
5468
  "update_question_status": { method: "PATCH", path: "/questions/status", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5036
5469
  "update_task": { method: "PATCH", path: "/tasks", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5037
5470
  "update_topic": { method: "PATCH", path: "/topics", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5038
5471
  "update_worktree_metadata": { method: "PATCH", path: "/worktrees/metadata", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5039
- "update_worktree_targets": { method: "PATCH", path: "/worktrees/targets", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" }
5472
+ "update_worktree_targets": { method: "PATCH", path: "/worktrees/targets", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5473
+ "verify_epistemic_node": { method: "POST", path: "/nodes/verify", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" }
5040
5474
  };
5041
5475
  function createSessionId() {
5042
5476
  return typeof crypto !== "undefined" && typeof crypto.randomUUID === "function" ? crypto.randomUUID() : randomIdempotencyKey();
@@ -5104,12 +5538,21 @@ function createFunctionSurfaceClient(config = {}) {
5104
5538
  archiveBelief(input = {}, idempotencyKey) {
5105
5539
  return execute("archive_belief", input, idempotencyKey);
5106
5540
  },
5541
+ archiveEpistemicNode(input = {}, idempotencyKey) {
5542
+ return execute("archive_epistemic_node", input, idempotencyKey);
5543
+ },
5107
5544
  archiveOntology(input = {}, idempotencyKey) {
5108
5545
  return execute("archive_ontology", input, idempotencyKey);
5109
5546
  },
5110
5547
  archiveQuestion(input = {}, idempotencyKey) {
5111
5548
  return execute("archive_question", input, idempotencyKey);
5112
5549
  },
5550
+ batchCreateEdges(input = {}, idempotencyKey) {
5551
+ return execute("batch_create_edges", input, idempotencyKey);
5552
+ },
5553
+ batchCreateEpistemicNodes(input = {}, idempotencyKey) {
5554
+ return execute("batch_create_epistemic_nodes", input, idempotencyKey);
5555
+ },
5113
5556
  beginBuildSession(input = {}, idempotencyKey) {
5114
5557
  return execute("begin_build_session", input, idempotencyKey);
5115
5558
  },
@@ -5143,6 +5586,9 @@ function createFunctionSurfaceClient(config = {}) {
5143
5586
  createEpistemicContract(input = {}, idempotencyKey) {
5144
5587
  return execute("create_epistemic_contract", input, idempotencyKey);
5145
5588
  },
5589
+ createEpistemicNode(input = {}, idempotencyKey) {
5590
+ return execute("create_epistemic_node", input, idempotencyKey);
5591
+ },
5146
5592
  createEvidence(input = {}, idempotencyKey) {
5147
5593
  return execute("create_evidence", input, idempotencyKey);
5148
5594
  },
@@ -5224,6 +5670,9 @@ function createFunctionSurfaceClient(config = {}) {
5224
5670
  getContractStatus(input = {}, idempotencyKey) {
5225
5671
  return execute("get_contract_status", input, idempotencyKey);
5226
5672
  },
5673
+ getEpistemicNode(input = {}, idempotencyKey) {
5674
+ return execute("get_epistemic_node", input, idempotencyKey);
5675
+ },
5227
5676
  getEvidence(input = {}, idempotencyKey) {
5228
5677
  return execute("get_evidence", input, idempotencyKey);
5229
5678
  },
@@ -5263,6 +5712,9 @@ function createFunctionSurfaceClient(config = {}) {
5263
5712
  getTopicCoverage(input = {}, idempotencyKey) {
5264
5713
  return execute("get_topic_coverage", input, idempotencyKey);
5265
5714
  },
5715
+ getTopicGraphSpine(input = {}, idempotencyKey) {
5716
+ return execute("get_topic_graph_spine", input, idempotencyKey);
5717
+ },
5266
5718
  getTopicTree(input = {}, idempotencyKey) {
5267
5719
  return execute("get_topic_tree", input, idempotencyKey);
5268
5720
  },
@@ -5296,6 +5748,9 @@ function createFunctionSurfaceClient(config = {}) {
5296
5748
  listCampaigns(input = {}, idempotencyKey) {
5297
5749
  return execute("list_campaigns", input, idempotencyKey);
5298
5750
  },
5751
+ listEpistemicNodes(input = {}, idempotencyKey) {
5752
+ return execute("list_epistemic_nodes", input, idempotencyKey);
5753
+ },
5299
5754
  listEvidence(input = {}, idempotencyKey) {
5300
5755
  return execute("list_evidence", input, idempotencyKey);
5301
5756
  },
@@ -5326,6 +5781,9 @@ function createFunctionSurfaceClient(config = {}) {
5326
5781
  matchEntityType(input = {}, idempotencyKey) {
5327
5782
  return execute("match_entity_type", input, idempotencyKey);
5328
5783
  },
5784
+ materializeTopicGraph(input = {}, idempotencyKey) {
5785
+ return execute("materialize_topic_graph", input, idempotencyKey);
5786
+ },
5329
5787
  merge(input = {}, idempotencyKey) {
5330
5788
  return execute("merge", input, idempotencyKey);
5331
5789
  },
@@ -5365,12 +5823,21 @@ function createFunctionSurfaceClient(config = {}) {
5365
5823
  registerSession(input = {}, idempotencyKey) {
5366
5824
  return execute("register_session", input, idempotencyKey);
5367
5825
  },
5826
+ removeEdge(input = {}, idempotencyKey) {
5827
+ return execute("remove_edge", input, idempotencyKey);
5828
+ },
5829
+ removeEdgesBetween(input = {}, idempotencyKey) {
5830
+ return execute("remove_edges_between", input, idempotencyKey);
5831
+ },
5368
5832
  removeLensFromTopic(input = {}, idempotencyKey) {
5369
5833
  return execute("remove_lens_from_topic", input, idempotencyKey);
5370
5834
  },
5371
5835
  resolveEffectiveOntology(input = {}, idempotencyKey) {
5372
5836
  return execute("resolve_effective_ontology", input, idempotencyKey);
5373
5837
  },
5838
+ resolveInteractivePrincipal(input = {}, idempotencyKey) {
5839
+ return execute("resolve_interactive_principal", input, idempotencyKey);
5840
+ },
5374
5841
  runGraphIntelligenceQuery(input = {}, idempotencyKey) {
5375
5842
  return execute("run_graph_intelligence_query", input, idempotencyKey);
5376
5843
  },
@@ -5386,6 +5853,9 @@ function createFunctionSurfaceClient(config = {}) {
5386
5853
  sendAgentMessage(input = {}, idempotencyKey) {
5387
5854
  return execute("send_agent_message", input, idempotencyKey);
5388
5855
  },
5856
+ supersedeEpistemicNode(input = {}, idempotencyKey) {
5857
+ return execute("supersede_epistemic_node", input, idempotencyKey);
5858
+ },
5389
5859
  traceEntityImpact(input = {}, idempotencyKey) {
5390
5860
  return execute("trace_entity_impact", input, idempotencyKey);
5391
5861
  },
@@ -5395,6 +5865,12 @@ function createFunctionSurfaceClient(config = {}) {
5395
5865
  triggerBeliefReview(input = {}, idempotencyKey) {
5396
5866
  return execute("trigger_belief_review", input, idempotencyKey);
5397
5867
  },
5868
+ updateEdge(input = {}, idempotencyKey) {
5869
+ return execute("update_edge", input, idempotencyKey);
5870
+ },
5871
+ updateEpistemicNode(input = {}, idempotencyKey) {
5872
+ return execute("update_epistemic_node", input, idempotencyKey);
5873
+ },
5398
5874
  updateOntology(input = {}, idempotencyKey) {
5399
5875
  return execute("update_ontology", input, idempotencyKey);
5400
5876
  },
@@ -5412,6 +5888,9 @@ function createFunctionSurfaceClient(config = {}) {
5412
5888
  },
5413
5889
  updateWorktreeTargets(input = {}, idempotencyKey) {
5414
5890
  return execute("update_worktree_targets", input, idempotencyKey);
5891
+ },
5892
+ verifyEpistemicNode(input = {}, idempotencyKey) {
5893
+ return execute("verify_epistemic_node", input, idempotencyKey);
5415
5894
  }
5416
5895
  };
5417
5896
  }
@@ -5619,7 +6098,7 @@ var ORG_GRAPH_SEARCH_FIELDS = [
5619
6098
  "cursor",
5620
6099
  "provenanceScope"
5621
6100
  ];
5622
- function cleanString5(value, label) {
6101
+ function cleanString7(value, label) {
5623
6102
  const normalized = value?.trim();
5624
6103
  if (!normalized) {
5625
6104
  throw new Error(`${label} is required`);
@@ -5641,9 +6120,9 @@ function searchBody(input) {
5641
6120
  "orgGraphSearch.search"
5642
6121
  );
5643
6122
  return {
5644
- tenantId: cleanString5(input.tenantId, "tenantId"),
5645
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
5646
- query: cleanString5(input.query, "query"),
6123
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6124
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
6125
+ query: cleanString7(input.query, "query"),
5647
6126
  nodeTypes: input.nodeTypes,
5648
6127
  minConfidence: input.minConfidence,
5649
6128
  limit: input.limit,
@@ -5653,8 +6132,8 @@ function searchBody(input) {
5653
6132
  }
5654
6133
  function listQuery2(input) {
5655
6134
  return {
5656
- tenantId: cleanString5(input.tenantId, "tenantId"),
5657
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
6135
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6136
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
5658
6137
  nodeTypes: input.nodeTypes?.join(","),
5659
6138
  minConfidence: input.minConfidence,
5660
6139
  limit: input.limit,
@@ -5688,8 +6167,8 @@ function createOrgGraphSearchClient(config = {}) {
5688
6167
  return gateway.request({
5689
6168
  path: `/api/platform/v1/org-graph-search/nodes/${nodePath}${toQueryString(
5690
6169
  {
5691
- tenantId: cleanString5(input.tenantId, "tenantId"),
5692
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
6170
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6171
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
5693
6172
  globalId: nodeId ? void 0 : globalId
5694
6173
  }
5695
6174
  )}`
@@ -6654,7 +7133,7 @@ function createToolRegistryClient(config = {}) {
6654
7133
  }
6655
7134
 
6656
7135
  // src/version.ts
6657
- var LUCERN_SDK_VERSION = "0.3.0-alpha.9";
7136
+ var LUCERN_SDK_VERSION = "1.0.0";
6658
7137
 
6659
7138
  // src/workflowClient.ts
6660
7139
  function normalizeLensQuery(value) {
@@ -7062,6 +7541,12 @@ function toGatewayConfig(config) {
7062
7541
  return {
7063
7542
  baseUrl: config.baseUrl,
7064
7543
  fetchImpl: config.fetchImpl,
7544
+ apiKey: config.apiKey,
7545
+ userToken: config.userToken,
7546
+ environment: config.environment,
7547
+ clerkId: config.clerkId,
7548
+ userId: config.userId,
7549
+ deploymentHost: config.deploymentHost,
7065
7550
  maxRetries: config.maxRetries,
7066
7551
  timeoutMs: config.timeoutMs,
7067
7552
  timeoutMsByMethod: config.timeoutMsByMethod,
@@ -7070,23 +7555,15 @@ function toGatewayConfig(config) {
7070
7555
  onResponse: config.onResponse,
7071
7556
  authContext: config.authContext,
7072
7557
  requireCanonicalAuthContext: config.requireCanonicalAuthContext,
7073
- getAuthHeaders: async () => {
7074
- const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
7075
- if (config.apiKey && !base["x-lucern-key"] && !base.Authorization) {
7076
- base["x-lucern-key"] = config.apiKey;
7077
- }
7078
- if (config.userToken && !base["x-lucern-session-token"]) {
7079
- base["x-lucern-session-token"] = config.userToken;
7080
- }
7081
- if (config.environment && !base["x-lucern-environment"]) {
7082
- base["x-lucern-environment"] = config.environment;
7083
- }
7084
- return base;
7085
- }
7558
+ getAuthHeaders: config.getAuthHeaders
7086
7559
  };
7087
7560
  }
7088
7561
  function exposeGatewayData(response) {
7089
- return Object.assign({}, response, response.data);
7562
+ const data = response.data;
7563
+ if (data !== null && typeof data === "object" && !Array.isArray(data)) {
7564
+ return Object.assign({}, response, data);
7565
+ }
7566
+ return { ...response };
7090
7567
  }
7091
7568
  function createLucernClient(config = {}) {
7092
7569
  const gatewayConfig = toGatewayConfig(config);
@@ -7107,6 +7584,7 @@ function createLucernClient(config = {}) {
7107
7584
  const auditClient = createAuditClient(gatewayConfig);
7108
7585
  const authDeviceClient = createAuthDeviceClient(gatewayConfig);
7109
7586
  const adminClient = createAdminClient(gatewayConfig);
7587
+ const accessControlClient = createAccessControlClient(gatewayConfig);
7110
7588
  const answersClient = createAnswersClient(gatewayConfig);
7111
7589
  const contradictionsFacade = createContradictionsFacade(gatewayConfig);
7112
7590
  const edgesFacade = createEdgesFacade(gatewayConfig);
@@ -7126,6 +7604,7 @@ function createLucernClient(config = {}) {
7126
7604
  const ontologyLinksClient = createOntologyLinksClient(gatewayConfig);
7127
7605
  const orgGraphSearchClient = createOrgGraphSearchClient(gatewayConfig);
7128
7606
  const functionSurfaceClient = createFunctionSurfaceClient(gatewayConfig);
7607
+ const controlPlaneClient = createControlPlaneClient(gatewayConfig);
7129
7608
  const toolRegistryClient = createToolRegistryClient(gatewayConfig);
7130
7609
  const modelRuntimeClient = createModelRuntimeClient(gatewayConfig);
7131
7610
  const packsClient = createPacksClient(gatewayConfig);
@@ -7497,9 +7976,24 @@ function createLucernClient(config = {}) {
7497
7976
  typeof input === "string" ? { nodeId: input } : input
7498
7977
  );
7499
7978
  },
7500
- create: graphClient.createNode,
7501
- update: graphClient.updateNode,
7502
- batchCreate: graphClient.batchCreateNodes,
7979
+ create(input, idempotencyKey) {
7980
+ return functionSurfaceClient.createEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
7981
+ },
7982
+ createEpistemicNode(input, idempotencyKey) {
7983
+ return functionSurfaceClient.createEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
7984
+ },
7985
+ update(input, idempotencyKey) {
7986
+ return functionSurfaceClient.updateEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
7987
+ },
7988
+ updateEpistemicNode(input, idempotencyKey) {
7989
+ return functionSurfaceClient.updateEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
7990
+ },
7991
+ batchCreate(input, idempotencyKey) {
7992
+ return functionSurfaceClient.batchCreateEpistemicNodes(input, idempotencyKey).then(exposeGatewayData);
7993
+ },
7994
+ batchCreateEpistemicNodes(input, idempotencyKey) {
7995
+ return functionSurfaceClient.batchCreateEpistemicNodes(input, idempotencyKey).then(exposeGatewayData);
7996
+ },
7503
7997
  listByTopicAndType(input) {
7504
7998
  return gateway.request({
7505
7999
  path: `/api/platform/v1/nodes${sdkQueryString({
@@ -7524,8 +8018,15 @@ function createLucernClient(config = {}) {
7524
8018
  })}`
7525
8019
  }).then(exposeGatewayData);
7526
8020
  },
7527
- supersede: graphClient.supersedeNode,
7528
- verify: graphClient.verifyNode,
8021
+ supersede(input, idempotencyKey) {
8022
+ return functionSurfaceClient.supersedeEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8023
+ },
8024
+ verify(input, idempotencyKey) {
8025
+ return functionSurfaceClient.verifyEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8026
+ },
8027
+ archive(input, idempotencyKey) {
8028
+ return functionSurfaceClient.archiveEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8029
+ },
7529
8030
  hardDelete: graphClient.hardDeleteNode
7530
8031
  };
7531
8032
  const publicationNamespace = {
@@ -7732,7 +8233,13 @@ function createLucernClient(config = {}) {
7732
8233
  }
7733
8234
  },
7734
8235
  edges: {
7735
- create(args) {
8236
+ create(args, idempotencyKey) {
8237
+ if (args.from && args.to) {
8238
+ return functionSurfaceClient.createEdge(args, idempotencyKey).then(exposeGatewayData);
8239
+ }
8240
+ if (!args.sourceId || !args.targetId) {
8241
+ throw new Error("from/to graph refs or sourceId/targetId are required");
8242
+ }
7736
8243
  return edgesFacade.create({
7737
8244
  sourceId: args.sourceId,
7738
8245
  targetId: args.targetId,
@@ -7743,17 +8250,32 @@ function createLucernClient(config = {}) {
7743
8250
  context: args.context ?? args.reasoning
7744
8251
  }).then(exposeGatewayData);
7745
8252
  },
8253
+ createEdge(input, idempotencyKey) {
8254
+ return functionSurfaceClient.createEdge(input, idempotencyKey).then(exposeGatewayData);
8255
+ },
7746
8256
  update(input, idempotencyKey) {
7747
- return edgesFacade.update(input, idempotencyKey).then(exposeGatewayData);
8257
+ return functionSurfaceClient.updateEdge(input, idempotencyKey).then(exposeGatewayData);
8258
+ },
8259
+ updateEdge(input, idempotencyKey) {
8260
+ return functionSurfaceClient.updateEdge(input, idempotencyKey).then(exposeGatewayData);
7748
8261
  },
7749
8262
  remove(input, idempotencyKey) {
7750
- return edgesFacade.remove(input, idempotencyKey).then(exposeGatewayData);
8263
+ return functionSurfaceClient.removeEdge(input, idempotencyKey).then(exposeGatewayData);
8264
+ },
8265
+ removeEdge(input, idempotencyKey) {
8266
+ return functionSurfaceClient.removeEdge(input, idempotencyKey).then(exposeGatewayData);
7751
8267
  },
7752
8268
  removeBetween(input, idempotencyKey) {
7753
- return edgesFacade.removeBetween(input, idempotencyKey).then(exposeGatewayData);
8269
+ return functionSurfaceClient.removeEdgesBetween(input, idempotencyKey).then(exposeGatewayData);
8270
+ },
8271
+ removeEdgesBetween(input, idempotencyKey) {
8272
+ return functionSurfaceClient.removeEdgesBetween(input, idempotencyKey).then(exposeGatewayData);
7754
8273
  },
7755
8274
  batchCreate(input, idempotencyKey) {
7756
- return edgesFacade.batchCreate(input, idempotencyKey).then(exposeGatewayData);
8275
+ return functionSurfaceClient.batchCreateEdges(input, idempotencyKey).then(exposeGatewayData);
8276
+ },
8277
+ batchCreateEdges(input, idempotencyKey) {
8278
+ return functionSurfaceClient.batchCreateEdges(input, idempotencyKey).then(exposeGatewayData);
7757
8279
  },
7758
8280
  delete(input, idempotencyKey) {
7759
8281
  return edgesFacade.delete(input, idempotencyKey).then(exposeGatewayData);
@@ -8465,17 +8987,7 @@ function createLucernClient(config = {}) {
8465
8987
  },
8466
8988
  get: topicsFacade.get,
8467
8989
  create(input) {
8468
- return topicsFacade.create({
8469
- name: input.name,
8470
- description: input.description,
8471
- type: input.type,
8472
- parentTopicId: input.parentTopicId,
8473
- ontologyId: input.ontologyId,
8474
- tenantId: input.tenantId,
8475
- workspaceId: input.workspaceId,
8476
- visibility: input.visibility,
8477
- createdBy: input.createdBy
8478
- });
8990
+ return functionSurfaceClient.createTopic(input).then(exposeGatewayData);
8479
8991
  },
8480
8992
  update(topicId, input) {
8481
8993
  return topicsFacade.update({
@@ -8509,7 +9021,19 @@ function createLucernClient(config = {}) {
8509
9021
  });
8510
9022
  },
8511
9023
  remove: topicsFacade.remove,
8512
- bulkCreate: topicsFacade.bulkCreate
9024
+ bulkCreate: topicsFacade.bulkCreate,
9025
+ materializeGraph(input = {}, idempotencyKey) {
9026
+ return functionSurfaceClient.materializeTopicGraph(input, idempotencyKey).then(exposeGatewayData);
9027
+ },
9028
+ materializeTopicGraph(input = {}, idempotencyKey) {
9029
+ return functionSurfaceClient.materializeTopicGraph(input, idempotencyKey).then(exposeGatewayData);
9030
+ },
9031
+ graphSpine(input = {}) {
9032
+ return functionSurfaceClient.getTopicGraphSpine(input).then(exposeGatewayData);
9033
+ },
9034
+ getTopicGraphSpine(input = {}) {
9035
+ return functionSurfaceClient.getTopicGraphSpine(input).then(exposeGatewayData);
9036
+ }
8513
9037
  },
8514
9038
  answers: {
8515
9039
  create(input) {
@@ -8744,8 +9268,16 @@ function createLucernClient(config = {}) {
8744
9268
  disable: packsClient.disable
8745
9269
  },
8746
9270
  nodes: nodesNamespace,
9271
+ controlPlane: {
9272
+ identity: {
9273
+ resolveInteractivePrincipal: controlPlaneClient.identity.resolveInteractivePrincipal
9274
+ },
9275
+ raw: controlPlaneClient
9276
+ },
8747
9277
  identity: {
8748
9278
  ...identityFacade,
9279
+ access: accessControlClient,
9280
+ resolveInteractivePrincipal: identityClient.resolveInteractivePrincipal,
8749
9281
  evaluatePolicy: identityClient.evaluatePolicy,
8750
9282
  recordPolicyDecision: identityClient.recordPolicyDecision,
8751
9283
  putSecretReference: identityClient.putSecretReference,
@@ -8790,6 +9322,7 @@ function createLucernClient(config = {}) {
8790
9322
  ontologyLinks: ontologyLinksClient,
8791
9323
  orgGraphSearch: orgGraphSearchClient,
8792
9324
  functionSurface: functionSurfaceClient,
9325
+ controlPlane: controlPlaneClient,
8793
9326
  toolRegistry: toolRegistryClient,
8794
9327
  modelRuntime: modelRuntimeClient,
8795
9328
  packs: packsClient,