@lucern/sdk 0.3.0-alpha.9 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (152) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/README.md +60 -1
  3. package/dist/accessControl.d.ts +79 -0
  4. package/dist/accessControl.js +1270 -0
  5. package/dist/accessControl.js.map +1 -0
  6. package/dist/adminClient.js +19 -1
  7. package/dist/adminClient.js.map +1 -1
  8. package/dist/answersClient.js +19 -1
  9. package/dist/answersClient.js.map +1 -1
  10. package/dist/audiencesClient.js +19 -1
  11. package/dist/audiencesClient.js.map +1 -1
  12. package/dist/auditClient.js +19 -1
  13. package/dist/auditClient.js.map +1 -1
  14. package/dist/authContext.d.ts +2 -2
  15. package/dist/authContext.js.map +1 -1
  16. package/dist/beliefs/index.d.ts +2 -0
  17. package/dist/beliefs/index.js +1196 -663
  18. package/dist/beliefs/index.js.map +1 -1
  19. package/dist/beliefsClient.js +19 -1
  20. package/dist/beliefsClient.js.map +1 -1
  21. package/dist/client.d.ts +146 -70
  22. package/dist/client.js +1196 -663
  23. package/dist/client.js.map +1 -1
  24. package/dist/contextClient.js +19 -1
  25. package/dist/contextClient.js.map +1 -1
  26. package/dist/contracts/api-enums.contract.d.ts +1 -1
  27. package/dist/contracts/api-enums.contract.js +6 -1
  28. package/dist/contracts/api-enums.contract.js.map +1 -1
  29. package/dist/contracts/auth-session.contract.d.ts +1 -1
  30. package/dist/contracts/auth-session.contract.js +14 -2
  31. package/dist/contracts/auth-session.contract.js.map +1 -1
  32. package/dist/contracts/index.js +26 -3
  33. package/dist/contracts/index.js.map +1 -1
  34. package/dist/contracts/mcpTools.js +6 -0
  35. package/dist/contracts/mcpTools.js.map +1 -1
  36. package/dist/contradictions/index.d.ts +2 -0
  37. package/dist/contradictions/index.js +1196 -663
  38. package/dist/contradictions/index.js.map +1 -1
  39. package/dist/control-plane.d.ts +69 -0
  40. package/dist/control-plane.js +674 -0
  41. package/dist/control-plane.js.map +1 -0
  42. package/dist/coreClient.d.ts +17 -1
  43. package/dist/coreClient.js +19 -1
  44. package/dist/coreClient.js.map +1 -1
  45. package/dist/decisions/index.d.ts +2 -0
  46. package/dist/decisions/index.js +1196 -663
  47. package/dist/decisions/index.js.map +1 -1
  48. package/dist/decisionsClient.js +19 -1
  49. package/dist/decisionsClient.js.map +1 -1
  50. package/dist/edges/index.d.ts +26 -84
  51. package/dist/edges/index.js +1196 -663
  52. package/dist/edges/index.js.map +1 -1
  53. package/dist/embeddingsClient.js +19 -1
  54. package/dist/embeddingsClient.js.map +1 -1
  55. package/dist/eventingClient.js +19 -1
  56. package/dist/eventingClient.js.map +1 -1
  57. package/dist/eventsCore.js +19 -1
  58. package/dist/eventsCore.js.map +1 -1
  59. package/dist/evidence/index.d.ts +2 -0
  60. package/dist/evidence/index.js +1196 -663
  61. package/dist/evidence/index.js.map +1 -1
  62. package/dist/evidenceClient.js +19 -1
  63. package/dist/evidenceClient.js.map +1 -1
  64. package/dist/functionSurface.d.ts +16 -1
  65. package/dist/functionSurface.js +95 -2
  66. package/dist/functionSurface.js.map +1 -1
  67. package/dist/functionSurfaceClient.js +95 -2
  68. package/dist/functionSurfaceClient.js.map +1 -1
  69. package/dist/gatewayFacades.d.ts +29 -2
  70. package/dist/gatewayFacades.js +156 -8
  71. package/dist/gatewayFacades.js.map +1 -1
  72. package/dist/graphAnalysisClient.js +19 -1
  73. package/dist/graphAnalysisClient.js.map +1 -1
  74. package/dist/graphClient.d.ts +1 -0
  75. package/dist/graphClient.js +19 -1
  76. package/dist/graphClient.js.map +1 -1
  77. package/dist/graphIntel.d.ts +1 -0
  78. package/dist/graphRecommendationsClient.js +19 -1
  79. package/dist/graphRecommendationsClient.js.map +1 -1
  80. package/dist/graphStateClassifierClient.js +19 -1
  81. package/dist/graphStateClassifierClient.js.map +1 -1
  82. package/dist/harnessClient.js +19 -1
  83. package/dist/harnessClient.js.map +1 -1
  84. package/dist/identityClient.d.ts +19 -1
  85. package/dist/identityClient.js +152 -6
  86. package/dist/identityClient.js.map +1 -1
  87. package/dist/index.d.ts +4 -1
  88. package/dist/index.js +1281 -664
  89. package/dist/index.js.map +1 -1
  90. package/dist/infisicalRuntime.d.ts +1 -0
  91. package/dist/infisicalRuntime.js +64 -32
  92. package/dist/infisicalRuntime.js.map +1 -1
  93. package/dist/jobsClient.js +19 -1
  94. package/dist/jobsClient.js.map +1 -1
  95. package/dist/learningClient.js +19 -1
  96. package/dist/learningClient.js.map +1 -1
  97. package/dist/lenses/index.d.ts +2 -0
  98. package/dist/lenses/index.js +1196 -663
  99. package/dist/lenses/index.js.map +1 -1
  100. package/dist/mcpClient.js +21 -2
  101. package/dist/mcpClient.js.map +1 -1
  102. package/dist/modelRuntimeClient.js +19 -1
  103. package/dist/modelRuntimeClient.js.map +1 -1
  104. package/dist/nodes/index.d.ts +21 -15
  105. package/dist/nodes/index.js +1196 -663
  106. package/dist/nodes/index.js.map +1 -1
  107. package/dist/ontologies/index.d.ts +2 -0
  108. package/dist/ontologies/index.js +1196 -663
  109. package/dist/ontologies/index.js.map +1 -1
  110. package/dist/ontologyClient.js +19 -1
  111. package/dist/ontologyClient.js.map +1 -1
  112. package/dist/ontologyLinksClient.js +19 -1
  113. package/dist/ontologyLinksClient.js.map +1 -1
  114. package/dist/orgGraphSearchClient.js +19 -1
  115. package/dist/orgGraphSearchClient.js.map +1 -1
  116. package/dist/packsClient.js +19 -1
  117. package/dist/packsClient.js.map +1 -1
  118. package/dist/policyClient.js +19 -1
  119. package/dist/policyClient.js.map +1 -1
  120. package/dist/questions/index.d.ts +2 -0
  121. package/dist/questions/index.js +1196 -663
  122. package/dist/questions/index.js.map +1 -1
  123. package/dist/reportsClient.js +19 -1
  124. package/dist/reportsClient.js.map +1 -1
  125. package/dist/schemaClient.js +19 -1
  126. package/dist/schemaClient.js.map +1 -1
  127. package/dist/secrets.d.ts +1 -0
  128. package/dist/secrets.js +3 -0
  129. package/dist/secrets.js.map +1 -0
  130. package/dist/sourcesClient.js +19 -1
  131. package/dist/sourcesClient.js.map +1 -1
  132. package/dist/telemetryClient.js +19 -1
  133. package/dist/telemetryClient.js.map +1 -1
  134. package/dist/toolRegistryClient.js +19 -1
  135. package/dist/toolRegistryClient.js.map +1 -1
  136. package/dist/topics/index.d.ts +11 -3
  137. package/dist/topics/index.js +1198 -663
  138. package/dist/topics/index.js.map +1 -1
  139. package/dist/topicsClient.d.ts +2 -0
  140. package/dist/topicsClient.js +19 -1
  141. package/dist/topicsClient.js.map +1 -1
  142. package/dist/types.d.ts +17 -0
  143. package/dist/version.d.ts +1 -1
  144. package/dist/version.js +1 -1
  145. package/dist/version.js.map +1 -1
  146. package/dist/workflowClient.d.ts +2 -0
  147. package/dist/workflowClient.js +19 -1
  148. package/dist/workflowClient.js.map +1 -1
  149. package/dist/worktrees/index.d.ts +2 -0
  150. package/dist/worktrees/index.js +1196 -663
  151. package/dist/worktrees/index.js.map +1 -1
  152. package/package.json +9 -4
@@ -36,14 +36,14 @@ function requireString(value, reason, label) {
36
36
  }
37
37
  return normalized;
38
38
  }
39
- function requirePrincipalType(principalType) {
40
- if (!principalType) {
39
+ function requirePrincipalType(principalType2) {
40
+ if (!principalType2) {
41
41
  throw new LucernSdkAuthContextError(
42
42
  "principal_missing",
43
43
  "Canonical Lucern SDK auth context is missing principalType."
44
44
  );
45
45
  }
46
- return principalType;
46
+ return principalType2;
47
47
  }
48
48
  function requireAuthMode(authMode) {
49
49
  if (!authMode) {
@@ -89,7 +89,7 @@ function normalizeCanonicalLucernAuthContext(input) {
89
89
  );
90
90
  const roles = cleanStringList(input.roles);
91
91
  const scopes = cleanStringList(input.scopes);
92
- const principalType = requirePrincipalType(input.principalType);
92
+ const principalType2 = requirePrincipalType(input.principalType);
93
93
  const authMode = requireAuthMode(input.authMode);
94
94
  const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
95
95
  if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
@@ -118,7 +118,7 @@ function normalizeCanonicalLucernAuthContext(input) {
118
118
  principalId,
119
119
  tenantId,
120
120
  workspaceId,
121
- principalType,
121
+ principalType: principalType2,
122
122
  authMode,
123
123
  roles,
124
124
  scopes,
@@ -349,13 +349,31 @@ function mergeHeaderRecord(base, addition) {
349
349
  }
350
350
  return Object.fromEntries(headers.entries());
351
351
  }
352
+ function cleanHeaderValue(value) {
353
+ const normalized = value?.trim();
354
+ return normalized ? normalized : void 0;
355
+ }
352
356
  function createGatewayRequestClient(config = {}) {
353
357
  const fetchImpl = config.fetchImpl ?? fetch;
354
358
  const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
355
359
  const maxRetries = config.maxRetries ?? 2;
356
360
  const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
357
361
  async function resolveAuthHeaders() {
358
- const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
362
+ const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};
363
+ const headers = new Headers(provided);
364
+ const setIfAbsent = (name, value) => {
365
+ const normalized = cleanHeaderValue(value);
366
+ if (normalized && !headers.has(name)) {
367
+ headers.set(name, normalized);
368
+ }
369
+ };
370
+ setIfAbsent("x-lucern-key", config.apiKey);
371
+ setIfAbsent("x-lucern-session-token", config.userToken);
372
+ setIfAbsent("x-lucern-environment", config.environment);
373
+ setIfAbsent("x-lucern-clerk-id", config.clerkId);
374
+ setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
375
+ setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
376
+ const base = Object.fromEntries(headers.entries());
359
377
  const authContextInput = await resolveConfiguredAuthContext(
360
378
  config.authContext
361
379
  );
@@ -1052,208 +1070,929 @@ function createAdminClient(config = {}) {
1052
1070
  };
1053
1071
  }
1054
1072
 
1055
- // src/answersClient.ts
1056
- function createAnswersClient(config = {}) {
1057
- const gateway = createGatewayRequestClient(config);
1073
+ // src/boundaryClientSurface.ts
1074
+ function cleanOptionalString(value) {
1075
+ const normalized = value?.trim();
1076
+ return normalized ? normalized : void 0;
1077
+ }
1078
+ function isRecord3(value) {
1079
+ return Boolean(value) && typeof value === "object" && !Array.isArray(value);
1080
+ }
1081
+ function cleanRequiredString(value, label) {
1082
+ const normalized = cleanOptionalString(value);
1083
+ if (!normalized) {
1084
+ throw new Error(`${label} is required`);
1085
+ }
1086
+ return normalized;
1087
+ }
1088
+ function readTopicId(input) {
1089
+ return cleanOptionalString(input.topicId) ?? cleanOptionalString(input.projectId);
1090
+ }
1091
+ function requireTopicId(input) {
1092
+ const topicId = readTopicId(input);
1093
+ if (!topicId) {
1094
+ throw new Error("topicId is required");
1095
+ }
1096
+ return topicId;
1097
+ }
1098
+ function assertKnownKeys(input, allowed, operation) {
1099
+ const allowedSet = new Set(allowed);
1100
+ const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1101
+ if (unknownKeys.length > 0) {
1102
+ throw new Error(
1103
+ `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1104
+ );
1105
+ }
1106
+ }
1107
+ function knownPayload(input, allowed, operation) {
1108
+ assertKnownKeys(input, allowed, operation);
1109
+ return { ...input };
1110
+ }
1111
+ function topicPayload(input, allowed, operation) {
1112
+ assertKnownKeys(input, allowed, operation);
1058
1113
  return {
1059
- /**
1060
- * Get the current answer for a question.
1061
- * @param questionId - The question node identifier.
1062
- * @returns The answer record for the given question.
1063
- */
1064
- async get(questionId) {
1065
- return gateway.request({
1066
- path: `/api/platform/v1/questions/${encodeURIComponent(questionId)}/answer`
1067
- });
1068
- }
1114
+ ...input,
1115
+ topicId: requireTopicId(input),
1116
+ projectId: void 0
1069
1117
  };
1070
1118
  }
1119
+ function listResultFromEnvelope(data, legacyKey) {
1120
+ const record = isRecord3(data) ? data : {};
1121
+ const legacyItems = record[legacyKey];
1122
+ return createListResult(
1123
+ Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
1124
+ legacyKey
1125
+ );
1126
+ }
1071
1127
 
1072
- // src/audiencesClient.ts
1073
- function createAudiencesClient(config = {}) {
1074
- const gateway = createGatewayRequestClient(config);
1075
- const listRegistry = async (query5 = {}) => {
1076
- return gateway.request({
1077
- path: `/api/platform/v1/audiences/registry${toQueryString({
1078
- ...query5,
1079
- effective: typeof query5.effective === "boolean" ? query5.effective ? "true" : "false" : void 0,
1080
- status: query5.status
1081
- })}`
1082
- }).then(
1083
- (response) => mapGatewayData(
1084
- response,
1085
- (data) => createListResult(Array.isArray(data) ? data : [], "registryEntries")
1086
- )
1087
- );
1088
- };
1089
- const createRegistryEntry = async (input, idempotencyKey) => {
1090
- return gateway.request({
1091
- path: "/api/platform/v1/audiences/registry",
1092
- method: "POST",
1093
- body: input,
1094
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1095
- });
1096
- };
1097
- const updateRegistryEntry = createRegistryEntry;
1098
- const upsertRegistry = createRegistryEntry;
1099
- const getRegistry = listRegistry;
1100
- const listGrants = async (query5 = {}) => {
1101
- return gateway.request({
1102
- path: `/api/platform/v1/audiences/grants${toQueryString({
1103
- ...query5,
1104
- audienceKey: query5.audienceKey,
1105
- principalId: query5.principalId,
1106
- groupId: query5.groupId,
1107
- status: query5.status
1108
- })}`
1109
- }).then(
1110
- (response) => mapGatewayData(
1111
- response,
1112
- (data) => createListResult(Array.isArray(data) ? data : [], "grants")
1113
- )
1114
- );
1115
- };
1116
- const createGrant = async (input, idempotencyKey) => {
1117
- return gateway.request({
1118
- path: "/api/platform/v1/audiences/grants",
1119
- method: "POST",
1120
- body: input,
1121
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1122
- });
1123
- };
1124
- const getGrants = listGrants;
1125
- const grant = createGrant;
1126
- const deleteGrant = async (input, idempotencyKey) => {
1127
- return gateway.request({
1128
- path: "/api/platform/v1/audiences/grants/revoke",
1129
- method: "POST",
1130
- body: input,
1131
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1128
+ // src/control-plane.ts
1129
+ var LucernControlPlaneIdentityError = class extends Error {
1130
+ reason;
1131
+ principalStatus;
1132
+ tenantStatus;
1133
+ workspaceStatus;
1134
+ details;
1135
+ constructor(failure) {
1136
+ super(failure.message);
1137
+ this.name = "LucernControlPlaneIdentityError";
1138
+ this.reason = failure.reason;
1139
+ this.principalStatus = failure.principalStatus;
1140
+ this.tenantStatus = failure.tenantStatus;
1141
+ this.workspaceStatus = failure.workspaceStatus;
1142
+ this.details = failure.details;
1143
+ }
1144
+ };
1145
+ function cleanString3(value) {
1146
+ return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
1147
+ }
1148
+ function stringList(value) {
1149
+ if (!Array.isArray(value)) {
1150
+ return [];
1151
+ }
1152
+ return [
1153
+ ...new Set(
1154
+ value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
1155
+ )
1156
+ ];
1157
+ }
1158
+ function principalType(value) {
1159
+ switch (value) {
1160
+ case "service":
1161
+ case "service_principal":
1162
+ return "service";
1163
+ case "agent":
1164
+ return "agent";
1165
+ case "group":
1166
+ return "group";
1167
+ case "external_viewer":
1168
+ case "external_stakeholder":
1169
+ return "external_viewer";
1170
+ default:
1171
+ return "human";
1172
+ }
1173
+ }
1174
+ function adminFlags(roles) {
1175
+ const normalized = roles.map((role) => role.toLowerCase());
1176
+ const isPlatformAdmin = normalized.includes("platform_admin");
1177
+ const isTenantAdmin = isPlatformAdmin || normalized.includes("tenant_admin");
1178
+ const isWorkspaceAdmin = isTenantAdmin || normalized.includes("workspace_admin") || normalized.includes("workspace_owner");
1179
+ return { isPlatformAdmin, isTenantAdmin, isWorkspaceAdmin };
1180
+ }
1181
+ function normalizeResolvedInteractivePrincipal(payload) {
1182
+ if ("ok" in payload && payload.ok === false) {
1183
+ throw new LucernControlPlaneIdentityError(payload);
1184
+ }
1185
+ const principalId = cleanString3(payload.principalId);
1186
+ const clerkId = cleanString3(payload.clerkId);
1187
+ const tenantId = cleanString3(payload.tenantId);
1188
+ if (!principalId || !clerkId || !tenantId) {
1189
+ throw new LucernControlPlaneIdentityError({
1190
+ ok: false,
1191
+ reason: "resolver_unavailable",
1192
+ message: "Control-plane principal resolver returned an incomplete principal context.",
1193
+ principalStatus: payload.principalStatus ?? "missing",
1194
+ tenantStatus: payload.tenantStatus,
1195
+ workspaceStatus: payload.workspaceStatus
1132
1196
  });
1133
- };
1134
- const revokeGrant = deleteGrant;
1197
+ }
1198
+ const roles = stringList(payload.roles);
1199
+ const scopes = stringList(payload.scopes);
1200
+ const workspaceId = cleanString3(payload.workspaceId) ?? null;
1201
+ const flags = adminFlags(roles);
1135
1202
  return {
1136
- /**
1137
- * List audience registry entries.
1138
- */
1139
- listRegistry,
1140
- /**
1141
- * @deprecated Use listRegistry.
1142
- */
1143
- getRegistry,
1144
- /**
1145
- * Create an audience registry entry.
1146
- */
1147
- createRegistryEntry,
1148
- /**
1149
- * Update an audience registry entry.
1150
- */
1151
- updateRegistryEntry,
1152
- /**
1153
- * @deprecated Use createRegistryEntry or updateRegistryEntry.
1154
- */
1155
- upsertRegistry,
1156
- /**
1157
- * List audience grants.
1158
- */
1159
- listGrants,
1160
- /**
1161
- * @deprecated Use listGrants.
1162
- */
1163
- getGrants,
1164
- /**
1165
- * Create an audience grant.
1166
- */
1167
- createGrant,
1168
- /**
1169
- * @deprecated Use createGrant.
1170
- */
1171
- grant,
1172
- /**
1173
- * Delete an audience grant by revoking it.
1174
- */
1175
- deleteGrant,
1176
- /**
1177
- * @deprecated Use deleteGrant.
1178
- */
1179
- revokeGrant
1203
+ principalId,
1204
+ principalType: principalType(payload.principalType),
1205
+ clerkId,
1206
+ tenantId,
1207
+ workspaceId,
1208
+ roles,
1209
+ scopes,
1210
+ groupIds: stringList(payload.groupIds),
1211
+ permittedToolNames: stringList(payload.permittedToolNames),
1212
+ permittedPackKeys: stringList(payload.permittedPackKeys),
1213
+ principalStatus: cleanString3(payload.principalStatus) ?? "active",
1214
+ tenantStatus: cleanString3(payload.tenantStatus) ?? "active",
1215
+ workspaceStatus: cleanString3(payload.workspaceStatus) ?? (workspaceId ? "active" : "none"),
1216
+ isPlatformAdmin: typeof payload.isPlatformAdmin === "boolean" ? payload.isPlatformAdmin : flags.isPlatformAdmin,
1217
+ isTenantAdmin: typeof payload.isTenantAdmin === "boolean" ? payload.isTenantAdmin : flags.isTenantAdmin,
1218
+ isWorkspaceAdmin: typeof payload.isWorkspaceAdmin === "boolean" ? payload.isWorkspaceAdmin : flags.isWorkspaceAdmin,
1219
+ permit: {
1220
+ subject: cleanString3(payload.permit?.subject) ?? principalId,
1221
+ tenant: cleanString3(payload.permit?.tenant) ?? tenantId,
1222
+ ...workspaceId ? { workspace: cleanString3(payload.permit?.workspace) ?? workspaceId } : {}
1223
+ },
1224
+ authMode: "interactive_user",
1225
+ sessionId: payload.sessionId,
1226
+ delegatedBy: payload.delegatedBy,
1227
+ expiresAt: payload.expiresAt
1180
1228
  };
1181
1229
  }
1182
-
1183
- // src/auditClient.ts
1184
- function createAuditClient(config = {}) {
1230
+ function createControlPlaneIdentityClient(config = {}) {
1185
1231
  const gateway = createGatewayRequestClient(config);
1186
1232
  return {
1187
- /**
1188
- * List audit events for the current scope.
1189
- */
1190
- async listEvents(query5 = {}) {
1233
+ async resolveInteractivePrincipal(input) {
1191
1234
  return gateway.request({
1192
- path: `/api/platform/v1/audit/events${toQueryString(
1193
- normalizeTopicQuery(query5)
1194
- )}`
1235
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1236
+ method: "POST",
1237
+ body: input
1195
1238
  }).then(
1196
- (response) => mapGatewayData(
1197
- response,
1198
- (data) => createListResult(Array.isArray(data) ? data : [], "events")
1199
- )
1239
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1200
1240
  );
1201
1241
  }
1202
1242
  };
1203
1243
  }
1204
-
1205
- // src/authDeviceClient.ts
1206
- var DeviceAuthorizationError = class extends Error {
1207
- error;
1208
- interval;
1209
- constructor(args) {
1210
- super(args.description ?? args.error);
1211
- this.name = "DeviceAuthorizationError";
1212
- this.error = args.error;
1213
- this.interval = args.interval;
1214
- }
1215
- };
1216
- function authBaseUrl(config) {
1217
- return config.baseUrl?.replace(/\/+$/, "") ?? "";
1218
- }
1219
- async function readJson(response) {
1220
- try {
1221
- const payload = await response.json();
1222
- return isRecord3(payload) ? payload : {};
1223
- } catch (error) {
1224
- return unreadableJsonBodyFallback();
1225
- }
1226
- }
1227
- function unreadableJsonBodyFallback(_error) {
1228
- return {};
1229
- }
1230
- function isRecord3(value) {
1231
- return value !== null && typeof value === "object" && !Array.isArray(value);
1232
- }
1233
- function readString(value) {
1234
- const normalized = typeof value === "string" ? value.trim() : "";
1235
- return normalized || void 0;
1236
- }
1237
- function assertDeviceCodeResponse(payload) {
1238
- const deviceCode = readString(payload.device_code);
1239
- const userCode = readString(payload.user_code);
1240
- const verificationUri = readString(payload.verification_uri);
1241
- const verificationUriComplete = readString(payload.verification_uri_complete);
1242
- const expiresIn = payload.expires_in;
1243
- const interval = payload.interval;
1244
- if (!deviceCode || !userCode || !verificationUri || !verificationUriComplete || typeof expiresIn !== "number" || typeof interval !== "number") {
1245
- throw new Error("Gateway returned an invalid device-code response.");
1246
- }
1244
+ function createControlPlaneClient(config = {}) {
1247
1245
  return {
1248
- device_code: deviceCode,
1249
- user_code: userCode,
1250
- verification_uri: verificationUri,
1251
- verification_uri_complete: verificationUriComplete,
1252
- expires_in: expiresIn,
1253
- interval
1246
+ identity: createControlPlaneIdentityClient(config)
1254
1247
  };
1255
1248
  }
1256
- function assertDeviceTokenResponse(payload) {
1249
+
1250
+ // src/identityClient.ts
1251
+ function createIdentityWhoamiClient(config = {}) {
1252
+ const gateway = createGatewayRequestClient(config);
1253
+ return {
1254
+ async whoami() {
1255
+ return gateway.request({
1256
+ path: "/api/platform/v1/identity/whoami"
1257
+ });
1258
+ }
1259
+ };
1260
+ }
1261
+ var TENANT_IDENTITY_FIELDS = [
1262
+ "tenantId",
1263
+ "workspaceId",
1264
+ "principalId",
1265
+ "integrationKey",
1266
+ "secretRef",
1267
+ "policySubject",
1268
+ "policyAction",
1269
+ "policyResource",
1270
+ "decision",
1271
+ "config",
1272
+ "configKey",
1273
+ "configValue",
1274
+ "provider",
1275
+ "status",
1276
+ "metadata",
1277
+ "limit",
1278
+ "cursor"
1279
+ ];
1280
+ function tenantIdentityQuery(input) {
1281
+ return {
1282
+ tenantId: cleanRequiredString(input.tenantId, "tenantId"),
1283
+ workspaceId: input.workspaceId,
1284
+ principalId: input.principalId,
1285
+ limit: input.limit,
1286
+ cursor: input.cursor
1287
+ };
1288
+ }
1289
+ function tenantIdentityBody(input, operation) {
1290
+ return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
1291
+ }
1292
+ function createIdentityClient(config = {}) {
1293
+ const gateway = createGatewayRequestClient(config);
1294
+ const whoamiClient = createIdentityWhoamiClient(config);
1295
+ const requestPrincipalWrite = (method, input, idempotencyKey) => gateway.request({
1296
+ path: "/api/platform/v1/identity/principals",
1297
+ method,
1298
+ body: input,
1299
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1300
+ });
1301
+ const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
1302
+ const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
1303
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
1304
+ method: "POST",
1305
+ body: input,
1306
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1307
+ });
1308
+ return {
1309
+ /**
1310
+ * Resolve the current authenticated identity summary.
1311
+ */
1312
+ async whoami() {
1313
+ return whoamiClient.whoami().then(
1314
+ (response) => mapGatewayData(response, (data) => ({
1315
+ principalId: data.principalId,
1316
+ principalType: data.principalType,
1317
+ clerkId: data.clerkId,
1318
+ tenantId: data.tenantId ?? null,
1319
+ workspaceId: data.workspaceId ?? null,
1320
+ scopes: Array.isArray(data.scopes) ? data.scopes : [],
1321
+ roles: Array.isArray(data.roles) ? data.roles : [],
1322
+ groupIds: Array.isArray(data.groupIds) ? data.groupIds : [],
1323
+ permittedToolNames: Array.isArray(data.permittedToolNames) ? data.permittedToolNames : [],
1324
+ permittedPackKeys: Array.isArray(data.permittedPackKeys) ? data.permittedPackKeys : [],
1325
+ principalStatus: data.principalStatus,
1326
+ tenantStatus: data.tenantStatus,
1327
+ workspaceStatus: data.workspaceStatus,
1328
+ isPlatformAdmin: data.isPlatformAdmin === true,
1329
+ isTenantAdmin: data.isTenantAdmin === true,
1330
+ isWorkspaceAdmin: data.isWorkspaceAdmin === true,
1331
+ permit: data.permit ?? (data.tenantId ? {
1332
+ subject: data.principalId,
1333
+ tenant: data.tenantId,
1334
+ ...data.workspaceId ? { workspace: data.workspaceId } : {}
1335
+ } : void 0),
1336
+ authMode: data.authMode,
1337
+ sessionId: data.sessionId,
1338
+ delegatedBy: data.delegatedBy,
1339
+ expiresAt: data.expiresAt
1340
+ }))
1341
+ );
1342
+ },
1343
+ /**
1344
+ * Resolve a Clerk subject through the tenant control-plane Permit projection.
1345
+ * @deprecated Prefer lucern.controlPlane.identity.resolveInteractivePrincipal().
1346
+ */
1347
+ async resolveInteractivePrincipal(input) {
1348
+ return gateway.request({
1349
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1350
+ method: "POST",
1351
+ body: input
1352
+ }).then(
1353
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1354
+ );
1355
+ },
1356
+ /**
1357
+ * List principals in the current identity scope.
1358
+ */
1359
+ async listPrincipals(query5 = {}) {
1360
+ return gateway.request({
1361
+ path: `/api/platform/v1/identity/principals${toQueryString(query5)}`
1362
+ }).then(
1363
+ (response) => mapGatewayData(
1364
+ response,
1365
+ (data) => createListResult(
1366
+ Array.isArray(data) ? data : [],
1367
+ "principals"
1368
+ )
1369
+ )
1370
+ );
1371
+ },
1372
+ /**
1373
+ * Create a principal.
1374
+ */
1375
+ async createPrincipal(input, idempotencyKey) {
1376
+ return requestPrincipalWrite("POST", input, idempotencyKey);
1377
+ },
1378
+ /**
1379
+ * Update a principal.
1380
+ */
1381
+ updatePrincipal,
1382
+ /**
1383
+ * @deprecated Use createPrincipal or updatePrincipal.
1384
+ */
1385
+ upsertPrincipal: updatePrincipal,
1386
+ /**
1387
+ * List keys in the current identity scope.
1388
+ */
1389
+ async listKeys(query5 = {}) {
1390
+ return gateway.request({
1391
+ path: `/api/platform/v1/identity/keys${toQueryString(query5)}`
1392
+ }).then(
1393
+ (response) => mapGatewayData(
1394
+ response,
1395
+ (data) => createListResult(Array.isArray(data) ? data : [], "keys")
1396
+ )
1397
+ );
1398
+ },
1399
+ /**
1400
+ * Create an API key.
1401
+ */
1402
+ async createKey(input, idempotencyKey) {
1403
+ return gateway.request({
1404
+ path: "/api/platform/v1/identity/keys",
1405
+ method: "POST",
1406
+ body: input,
1407
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1408
+ });
1409
+ },
1410
+ /**
1411
+ * Rotate an API key.
1412
+ */
1413
+ async rotateKey(keyId, input = {}, idempotencyKey) {
1414
+ return gateway.request({
1415
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/rotate`,
1416
+ method: "POST",
1417
+ body: input,
1418
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1419
+ });
1420
+ },
1421
+ /**
1422
+ * Delete an API key by revoking it.
1423
+ */
1424
+ deleteKey,
1425
+ /**
1426
+ * @deprecated Use deleteKey.
1427
+ */
1428
+ revokeKey: deleteKey,
1429
+ /**
1430
+ * Search Clerk users by email or display attributes.
1431
+ */
1432
+ async searchClerkUsers(q) {
1433
+ return gateway.request({
1434
+ path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
1435
+ });
1436
+ },
1437
+ async getTenantConfig(input) {
1438
+ return gateway.request({
1439
+ path: `/api/platform/v1/identity/tenant-config${toQueryString(
1440
+ tenantIdentityQuery(input)
1441
+ )}`
1442
+ });
1443
+ },
1444
+ async updateTenantConfig(input, idempotencyKey) {
1445
+ cleanRequiredString(input.tenantId, "tenantId");
1446
+ return gateway.request({
1447
+ path: "/api/platform/v1/identity/tenant-config",
1448
+ method: "PATCH",
1449
+ body: tenantIdentityBody(
1450
+ input,
1451
+ "identity.updateTenantConfig"
1452
+ ),
1453
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1454
+ });
1455
+ },
1456
+ async listIntegrations(input) {
1457
+ return gateway.request({
1458
+ path: `/api/platform/v1/identity/integrations${toQueryString(
1459
+ tenantIdentityQuery(input)
1460
+ )}`
1461
+ }).then(
1462
+ (response) => mapGatewayData(
1463
+ response,
1464
+ (data) => listResultFromEnvelope(
1465
+ data,
1466
+ "integrations"
1467
+ )
1468
+ )
1469
+ );
1470
+ },
1471
+ async upsertIntegration(input, idempotencyKey) {
1472
+ cleanRequiredString(input.tenantId, "tenantId");
1473
+ cleanRequiredString(input.integrationKey, "integrationKey");
1474
+ return gateway.request({
1475
+ path: "/api/platform/v1/identity/integrations",
1476
+ method: "PUT",
1477
+ body: tenantIdentityBody(
1478
+ input,
1479
+ "identity.upsertIntegration"
1480
+ ),
1481
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1482
+ });
1483
+ },
1484
+ async listSecrets(input) {
1485
+ return gateway.request({
1486
+ path: `/api/platform/v1/identity/secrets${toQueryString(
1487
+ tenantIdentityQuery(input)
1488
+ )}`
1489
+ }).then(
1490
+ (response) => mapGatewayData(
1491
+ response,
1492
+ (data) => listResultFromEnvelope(
1493
+ data,
1494
+ "secrets"
1495
+ )
1496
+ )
1497
+ );
1498
+ },
1499
+ async putSecretReference(input, idempotencyKey) {
1500
+ cleanRequiredString(input.tenantId, "tenantId");
1501
+ cleanRequiredString(input.secretRef, "secretRef");
1502
+ return gateway.request({
1503
+ path: "/api/platform/v1/identity/secrets",
1504
+ method: "PUT",
1505
+ body: tenantIdentityBody(
1506
+ input,
1507
+ "identity.putSecretReference"
1508
+ ),
1509
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1510
+ });
1511
+ },
1512
+ async evaluatePolicy(input, idempotencyKey) {
1513
+ cleanRequiredString(input.tenantId, "tenantId");
1514
+ cleanRequiredString(input.policySubject, "policySubject");
1515
+ cleanRequiredString(input.policyAction, "policyAction");
1516
+ cleanRequiredString(input.policyResource, "policyResource");
1517
+ return gateway.request({
1518
+ path: "/api/platform/v1/identity/policy/evaluate",
1519
+ method: "POST",
1520
+ body: tenantIdentityBody(
1521
+ input,
1522
+ "identity.evaluatePolicy"
1523
+ ),
1524
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1525
+ });
1526
+ },
1527
+ async recordPolicyDecision(input, idempotencyKey) {
1528
+ cleanRequiredString(input.tenantId, "tenantId");
1529
+ cleanRequiredString(input.decision, "decision");
1530
+ return gateway.request({
1531
+ path: "/api/platform/v1/identity/policy/decisions",
1532
+ method: "POST",
1533
+ body: tenantIdentityBody(
1534
+ input,
1535
+ "identity.recordPolicyDecision"
1536
+ ),
1537
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1538
+ });
1539
+ }
1540
+ };
1541
+ }
1542
+
1543
+ // src/accessControl.ts
1544
+ var LucernAccessControlError = class extends LucernSdkAuthContextError {
1545
+ policyDecision;
1546
+ constructor(reason, message, policyDecision) {
1547
+ super(reason, message);
1548
+ this.name = "LucernAccessControlError";
1549
+ this.policyDecision = policyDecision;
1550
+ }
1551
+ };
1552
+ function cleanString4(value) {
1553
+ const normalized = value?.trim();
1554
+ return normalized ? normalized : void 0;
1555
+ }
1556
+ function cleanStringList2(values) {
1557
+ if (!values) {
1558
+ return [];
1559
+ }
1560
+ return [
1561
+ ...new Set(
1562
+ values.map((value) => value.trim()).filter((value) => value.length > 0)
1563
+ )
1564
+ ];
1565
+ }
1566
+ function requireString2(value, reason, label) {
1567
+ const normalized = cleanString4(value);
1568
+ if (!normalized) {
1569
+ throw new LucernAccessControlError(
1570
+ reason,
1571
+ `Lucern SDK access control requires ${label}.`
1572
+ );
1573
+ }
1574
+ return normalized;
1575
+ }
1576
+ function normalizePrincipalType(principalType2) {
1577
+ if (principalType2 === "agent") {
1578
+ return "agent";
1579
+ }
1580
+ if (principalType2 === "service") {
1581
+ return "service";
1582
+ }
1583
+ if (principalType2 === "group") {
1584
+ return "group";
1585
+ }
1586
+ if (principalType2 === "external_viewer") {
1587
+ return "external_viewer";
1588
+ }
1589
+ return "human";
1590
+ }
1591
+ function aliasKey(alias) {
1592
+ return `${alias.provider}:${alias.providerProjectId ?? ""}:${alias.externalSubjectId}`;
1593
+ }
1594
+ function normalizeAliases(input, canonicalClerkUserId) {
1595
+ const aliases = /* @__PURE__ */ new Map();
1596
+ for (const alias of input ?? []) {
1597
+ const externalSubjectId = cleanString4(alias.externalSubjectId);
1598
+ if (!externalSubjectId) {
1599
+ continue;
1600
+ }
1601
+ const normalized = {
1602
+ provider: cleanString4(alias.provider) ?? "clerk",
1603
+ providerProjectId: cleanString4(alias.providerProjectId),
1604
+ externalSubjectId,
1605
+ status: cleanString4(alias.status)
1606
+ };
1607
+ aliases.set(aliasKey(normalized), normalized);
1608
+ }
1609
+ if (canonicalClerkUserId) {
1610
+ const canonicalAlias = {
1611
+ provider: "clerk",
1612
+ externalSubjectId: canonicalClerkUserId,
1613
+ status: "active"
1614
+ };
1615
+ aliases.set(aliasKey(canonicalAlias), canonicalAlias);
1616
+ }
1617
+ return [...aliases.values()];
1618
+ }
1619
+ function isKnownClerkSubject(args) {
1620
+ if (args.clerkId === args.canonicalClerkUserId) {
1621
+ return true;
1622
+ }
1623
+ return args.aliases.some(
1624
+ (alias) => alias.provider === "clerk" && alias.externalSubjectId === args.clerkId
1625
+ );
1626
+ }
1627
+ function authContextToPrincipalInput(input) {
1628
+ const normalized = normalizeCanonicalLucernAuthContext(input);
1629
+ return {
1630
+ principalId: normalized.principalId,
1631
+ principalType: normalized.principalType,
1632
+ canonicalClerkUserId: normalized.clerkId,
1633
+ clerkId: normalized.clerkId,
1634
+ tenantId: normalized.tenantId,
1635
+ workspaceId: normalized.workspaceId,
1636
+ roles: normalized.roles,
1637
+ scopes: normalized.scopes
1638
+ };
1639
+ }
1640
+ function isAuthContextInput(input) {
1641
+ return "authMode" in input || "permit" in input || "delegationChain" in input;
1642
+ }
1643
+ function normalizeCanonicalPrincipalIdentity(input, options = {}) {
1644
+ const principalInput = isAuthContextInput(input) ? authContextToPrincipalInput(input) : input;
1645
+ const principalId = requireString2(
1646
+ principalInput.principalId,
1647
+ "principal_missing",
1648
+ "principalId"
1649
+ );
1650
+ const principalType2 = normalizePrincipalType(principalInput.principalType);
1651
+ const observedClerkId = cleanString4(options.observedClerkId);
1652
+ const canonicalClerkUserId = cleanString4(principalInput.canonicalClerkUserId) ?? cleanString4(principalInput.clerkId);
1653
+ if (principalType2 === "human" && !canonicalClerkUserId) {
1654
+ throw new LucernAccessControlError(
1655
+ "clerk_alias_missing",
1656
+ "Human principals require one canonical Clerk user id."
1657
+ );
1658
+ }
1659
+ const aliases = normalizeAliases(
1660
+ principalInput.clerkIdentityAliases,
1661
+ canonicalClerkUserId
1662
+ );
1663
+ if (observedClerkId && !isKnownClerkSubject({
1664
+ clerkId: observedClerkId,
1665
+ canonicalClerkUserId,
1666
+ aliases
1667
+ })) {
1668
+ throw new LucernAccessControlError(
1669
+ "clerk_alias_unrecognized",
1670
+ "Observed Clerk user id does not match the canonical human principal id."
1671
+ );
1672
+ }
1673
+ return {
1674
+ principalId,
1675
+ principalType: principalType2,
1676
+ canonicalClerkUserId,
1677
+ clerkIdentityAliases: aliases,
1678
+ tenantId: cleanString4(principalInput.tenantId),
1679
+ workspaceId: cleanString4(principalInput.workspaceId),
1680
+ roles: cleanStringList2(principalInput.roles),
1681
+ scopes: cleanStringList2(principalInput.scopes)
1682
+ };
1683
+ }
1684
+ function formatPermitResource(resource) {
1685
+ if (typeof resource === "string") {
1686
+ return requireString2(resource, "policy_denied", "policyResource");
1687
+ }
1688
+ const type = requireString2(resource.type, "policy_denied", "resource.type");
1689
+ const key = requireString2(resource.key, "policy_denied", "resource.key");
1690
+ return key.startsWith(`${type}:`) ? key : `${type}:${key}`;
1691
+ }
1692
+ function resourceRequiresWorkspace(resource) {
1693
+ if (typeof resource === "string") {
1694
+ return !resource.startsWith("tenant:");
1695
+ }
1696
+ return resource.type !== "tenant";
1697
+ }
1698
+ function buildPolicyInput(identity, input) {
1699
+ const tenantId = requireString2(
1700
+ input.tenantId ?? identity.tenantId,
1701
+ "tenant_missing",
1702
+ "tenantId"
1703
+ );
1704
+ const workspaceId = cleanString4(input.workspaceId ?? identity.workspaceId);
1705
+ if (resourceRequiresWorkspace(input.resource) && !workspaceId) {
1706
+ throw new LucernAccessControlError(
1707
+ "workspace_missing",
1708
+ "Workspace-scoped Permit checks require workspaceId."
1709
+ );
1710
+ }
1711
+ return {
1712
+ tenantId,
1713
+ workspaceId,
1714
+ principalId: identity.principalId,
1715
+ policySubject: identity.principalId,
1716
+ policyAction: requireString2(input.action, "policy_denied", "policyAction"),
1717
+ policyResource: formatPermitResource(input.resource),
1718
+ metadata: input.context
1719
+ };
1720
+ }
1721
+ async function resolveConfiguredPrincipalInput(authContext) {
1722
+ if (typeof authContext === "function") {
1723
+ return await authContext();
1724
+ }
1725
+ return authContext;
1726
+ }
1727
+ function assertPermitAllowed(decision) {
1728
+ if (decision.decision !== "allow") {
1729
+ throw new LucernAccessControlError(
1730
+ decision.decision === "deny" ? "policy_denied" : "policy_unknown",
1731
+ `Permit denied ${decision.policyAction} on ${decision.policyResource}.`,
1732
+ decision
1733
+ );
1734
+ }
1735
+ }
1736
+ function createAccessControlClient(config = {}) {
1737
+ const identityClient = createIdentityClient(config);
1738
+ async function resolveIdentity(input, observedClerkId) {
1739
+ const identityInput = input ?? await resolveConfiguredPrincipalInput(config.authContext);
1740
+ if (!identityInput) {
1741
+ throw new LucernAccessControlError(
1742
+ "principal_missing",
1743
+ "Lucern SDK access control requires a canonical principal identity."
1744
+ );
1745
+ }
1746
+ return normalizeCanonicalPrincipalIdentity(identityInput, {
1747
+ observedClerkId
1748
+ });
1749
+ }
1750
+ async function checkAccess(input, idempotencyKey) {
1751
+ const identity = await resolveIdentity(input.identity, input.observedClerkId);
1752
+ const policyInput = buildPolicyInput(identity, input);
1753
+ try {
1754
+ const response = await identityClient.evaluatePolicy(
1755
+ policyInput,
1756
+ idempotencyKey
1757
+ );
1758
+ return {
1759
+ identity,
1760
+ policyInput,
1761
+ decision: response.data
1762
+ };
1763
+ } catch (error) {
1764
+ if (error instanceof LucernSdkAuthContextError) {
1765
+ throw error;
1766
+ }
1767
+ throw new LucernAccessControlError(
1768
+ "policy_unavailable",
1769
+ "Permit policy check failed closed before an allow decision was returned."
1770
+ );
1771
+ }
1772
+ }
1773
+ async function requireAccess(input, idempotencyKey) {
1774
+ const result = await checkAccess(input, idempotencyKey);
1775
+ assertPermitAllowed(result.decision);
1776
+ return result;
1777
+ }
1778
+ async function canAccess(input, idempotencyKey) {
1779
+ try {
1780
+ await requireAccess(input, idempotencyKey);
1781
+ return true;
1782
+ } catch {
1783
+ return false;
1784
+ }
1785
+ }
1786
+ return {
1787
+ normalizePrincipal: normalizeCanonicalPrincipalIdentity,
1788
+ checkAccess,
1789
+ requireAccess,
1790
+ canAccess
1791
+ };
1792
+ }
1793
+
1794
+ // src/answersClient.ts
1795
+ function createAnswersClient(config = {}) {
1796
+ const gateway = createGatewayRequestClient(config);
1797
+ return {
1798
+ /**
1799
+ * Get the current answer for a question.
1800
+ * @param questionId - The question node identifier.
1801
+ * @returns The answer record for the given question.
1802
+ */
1803
+ async get(questionId) {
1804
+ return gateway.request({
1805
+ path: `/api/platform/v1/questions/${encodeURIComponent(questionId)}/answer`
1806
+ });
1807
+ }
1808
+ };
1809
+ }
1810
+
1811
+ // src/audiencesClient.ts
1812
+ function createAudiencesClient(config = {}) {
1813
+ const gateway = createGatewayRequestClient(config);
1814
+ const listRegistry = async (query5 = {}) => {
1815
+ return gateway.request({
1816
+ path: `/api/platform/v1/audiences/registry${toQueryString({
1817
+ ...query5,
1818
+ effective: typeof query5.effective === "boolean" ? query5.effective ? "true" : "false" : void 0,
1819
+ status: query5.status
1820
+ })}`
1821
+ }).then(
1822
+ (response) => mapGatewayData(
1823
+ response,
1824
+ (data) => createListResult(Array.isArray(data) ? data : [], "registryEntries")
1825
+ )
1826
+ );
1827
+ };
1828
+ const createRegistryEntry = async (input, idempotencyKey) => {
1829
+ return gateway.request({
1830
+ path: "/api/platform/v1/audiences/registry",
1831
+ method: "POST",
1832
+ body: input,
1833
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1834
+ });
1835
+ };
1836
+ const updateRegistryEntry = createRegistryEntry;
1837
+ const upsertRegistry = createRegistryEntry;
1838
+ const getRegistry = listRegistry;
1839
+ const listGrants = async (query5 = {}) => {
1840
+ return gateway.request({
1841
+ path: `/api/platform/v1/audiences/grants${toQueryString({
1842
+ ...query5,
1843
+ audienceKey: query5.audienceKey,
1844
+ principalId: query5.principalId,
1845
+ groupId: query5.groupId,
1846
+ status: query5.status
1847
+ })}`
1848
+ }).then(
1849
+ (response) => mapGatewayData(
1850
+ response,
1851
+ (data) => createListResult(Array.isArray(data) ? data : [], "grants")
1852
+ )
1853
+ );
1854
+ };
1855
+ const createGrant = async (input, idempotencyKey) => {
1856
+ return gateway.request({
1857
+ path: "/api/platform/v1/audiences/grants",
1858
+ method: "POST",
1859
+ body: input,
1860
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1861
+ });
1862
+ };
1863
+ const getGrants = listGrants;
1864
+ const grant = createGrant;
1865
+ const deleteGrant = async (input, idempotencyKey) => {
1866
+ return gateway.request({
1867
+ path: "/api/platform/v1/audiences/grants/revoke",
1868
+ method: "POST",
1869
+ body: input,
1870
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1871
+ });
1872
+ };
1873
+ const revokeGrant = deleteGrant;
1874
+ return {
1875
+ /**
1876
+ * List audience registry entries.
1877
+ */
1878
+ listRegistry,
1879
+ /**
1880
+ * @deprecated Use listRegistry.
1881
+ */
1882
+ getRegistry,
1883
+ /**
1884
+ * Create an audience registry entry.
1885
+ */
1886
+ createRegistryEntry,
1887
+ /**
1888
+ * Update an audience registry entry.
1889
+ */
1890
+ updateRegistryEntry,
1891
+ /**
1892
+ * @deprecated Use createRegistryEntry or updateRegistryEntry.
1893
+ */
1894
+ upsertRegistry,
1895
+ /**
1896
+ * List audience grants.
1897
+ */
1898
+ listGrants,
1899
+ /**
1900
+ * @deprecated Use listGrants.
1901
+ */
1902
+ getGrants,
1903
+ /**
1904
+ * Create an audience grant.
1905
+ */
1906
+ createGrant,
1907
+ /**
1908
+ * @deprecated Use createGrant.
1909
+ */
1910
+ grant,
1911
+ /**
1912
+ * Delete an audience grant by revoking it.
1913
+ */
1914
+ deleteGrant,
1915
+ /**
1916
+ * @deprecated Use deleteGrant.
1917
+ */
1918
+ revokeGrant
1919
+ };
1920
+ }
1921
+
1922
+ // src/auditClient.ts
1923
+ function createAuditClient(config = {}) {
1924
+ const gateway = createGatewayRequestClient(config);
1925
+ return {
1926
+ /**
1927
+ * List audit events for the current scope.
1928
+ */
1929
+ async listEvents(query5 = {}) {
1930
+ return gateway.request({
1931
+ path: `/api/platform/v1/audit/events${toQueryString(
1932
+ normalizeTopicQuery(query5)
1933
+ )}`
1934
+ }).then(
1935
+ (response) => mapGatewayData(
1936
+ response,
1937
+ (data) => createListResult(Array.isArray(data) ? data : [], "events")
1938
+ )
1939
+ );
1940
+ }
1941
+ };
1942
+ }
1943
+
1944
+ // src/authDeviceClient.ts
1945
+ var DeviceAuthorizationError = class extends Error {
1946
+ error;
1947
+ interval;
1948
+ constructor(args) {
1949
+ super(args.description ?? args.error);
1950
+ this.name = "DeviceAuthorizationError";
1951
+ this.error = args.error;
1952
+ this.interval = args.interval;
1953
+ }
1954
+ };
1955
+ function authBaseUrl(config) {
1956
+ return config.baseUrl?.replace(/\/+$/, "") ?? "";
1957
+ }
1958
+ async function readJson(response) {
1959
+ try {
1960
+ const payload = await response.json();
1961
+ return isRecord4(payload) ? payload : {};
1962
+ } catch (error) {
1963
+ return unreadableJsonBodyFallback();
1964
+ }
1965
+ }
1966
+ function unreadableJsonBodyFallback(_error) {
1967
+ return {};
1968
+ }
1969
+ function isRecord4(value) {
1970
+ return value !== null && typeof value === "object" && !Array.isArray(value);
1971
+ }
1972
+ function readString(value) {
1973
+ const normalized = typeof value === "string" ? value.trim() : "";
1974
+ return normalized || void 0;
1975
+ }
1976
+ function assertDeviceCodeResponse(payload) {
1977
+ const deviceCode = readString(payload.device_code);
1978
+ const userCode = readString(payload.user_code);
1979
+ const verificationUri = readString(payload.verification_uri);
1980
+ const verificationUriComplete = readString(payload.verification_uri_complete);
1981
+ const expiresIn = payload.expires_in;
1982
+ const interval = payload.interval;
1983
+ if (!deviceCode || !userCode || !verificationUri || !verificationUriComplete || typeof expiresIn !== "number" || typeof interval !== "number") {
1984
+ throw new Error("Gateway returned an invalid device-code response.");
1985
+ }
1986
+ return {
1987
+ device_code: deviceCode,
1988
+ user_code: userCode,
1989
+ verification_uri: verificationUri,
1990
+ verification_uri_complete: verificationUriComplete,
1991
+ expires_in: expiresIn,
1992
+ interval
1993
+ };
1994
+ }
1995
+ function assertDeviceTokenResponse(payload) {
1257
1996
  const accessToken = readString(payload.access_token);
1258
1997
  const tokenType = readString(payload.token_type);
1259
1998
  const scope = readString(payload.scope);
@@ -1270,7 +2009,7 @@ function assertDeviceTokenResponse(payload) {
1270
2009
  tenant_id: tenantId,
1271
2010
  workspace_id: readString(payload.workspace_id),
1272
2011
  principal_id: principalId,
1273
- user: isRecord3(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
2012
+ user: isRecord4(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
1274
2013
  id: payload.user.id,
1275
2014
  principalId: payload.user.principalId
1276
2015
  } : void 0
@@ -1606,70 +2345,15 @@ function createEvidenceClient(config = {}) {
1606
2345
  path: "/api/platform/v1/evidence/classify-batch",
1607
2346
  method: "POST",
1608
2347
  body: {
1609
- beliefId,
1610
- evidence,
1611
- config: classificationConfig
1612
- },
1613
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1614
- });
1615
- }
1616
- };
1617
- }
1618
-
1619
- // src/boundaryClientSurface.ts
1620
- function cleanOptionalString(value) {
1621
- const normalized = value?.trim();
1622
- return normalized ? normalized : void 0;
1623
- }
1624
- function isRecord4(value) {
1625
- return Boolean(value) && typeof value === "object" && !Array.isArray(value);
1626
- }
1627
- function cleanRequiredString(value, label) {
1628
- const normalized = cleanOptionalString(value);
1629
- if (!normalized) {
1630
- throw new Error(`${label} is required`);
1631
- }
1632
- return normalized;
1633
- }
1634
- function readTopicId(input) {
1635
- return cleanOptionalString(input.topicId) ?? cleanOptionalString(input.projectId);
1636
- }
1637
- function requireTopicId(input) {
1638
- const topicId = readTopicId(input);
1639
- if (!topicId) {
1640
- throw new Error("topicId is required");
1641
- }
1642
- return topicId;
1643
- }
1644
- function assertKnownKeys(input, allowed, operation) {
1645
- const allowedSet = new Set(allowed);
1646
- const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1647
- if (unknownKeys.length > 0) {
1648
- throw new Error(
1649
- `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1650
- );
1651
- }
1652
- }
1653
- function knownPayload(input, allowed, operation) {
1654
- assertKnownKeys(input, allowed, operation);
1655
- return { ...input };
1656
- }
1657
- function topicPayload(input, allowed, operation) {
1658
- assertKnownKeys(input, allowed, operation);
1659
- return {
1660
- ...input,
1661
- topicId: requireTopicId(input),
1662
- projectId: void 0
2348
+ beliefId,
2349
+ evidence,
2350
+ config: classificationConfig
2351
+ },
2352
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2353
+ });
2354
+ }
1663
2355
  };
1664
2356
  }
1665
- function listResultFromEnvelope(data, legacyKey) {
1666
- const record = isRecord4(data) ? data : {};
1667
- const legacyItems = record[legacyKey];
1668
- return createListResult(
1669
- Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
1670
- legacyKey
1671
- );
1672
- }
1673
2357
 
1674
2358
  // src/eventingClient.ts
1675
2359
  var EVENTING_FIELDS = [
@@ -2276,421 +2960,153 @@ function createGraphClient(config = {}) {
2276
2960
  ...input,
2277
2961
  verificationStatus
2278
2962
  },
2279
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2280
- });
2281
- },
2282
- /**
2283
- * Permanently delete a node via the admin-only hard-delete route.
2284
- */
2285
- async hardDeleteNode(input, idempotencyKey) {
2286
- return gateway.request({
2287
- path: "/api/platform/v1/graph/nodes/hard-delete",
2288
- method: "POST",
2289
- body: input,
2290
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2291
- });
2292
- },
2293
- /**
2294
- * List graph edges matching the provided filters.
2295
- */
2296
- async listEdges(query5) {
2297
- return gateway.request({
2298
- path: `/api/platform/v1/graph/edges${toQueryString(
2299
- normalizeTopicQuery(query5)
2300
- )}`
2301
- }).then(
2302
- (response) => mapGatewayData(
2303
- response,
2304
- (data) => mapAliasedList(data, "edges")
2305
- )
2306
- );
2307
- },
2308
- /**
2309
- * Create a graph edge.
2310
- */
2311
- async createEdge(input, idempotencyKey) {
2312
- return gateway.request({
2313
- path: "/api/platform/v1/graph/edges",
2314
- method: "POST",
2315
- body: normalizeTopicQuery(input),
2316
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2317
- });
2318
- },
2319
- /**
2320
- * Delete one or more edges matching the provided filter.
2321
- */
2322
- async deleteEdge(query5, idempotencyKey) {
2323
- return gateway.request({
2324
- path: `/api/platform/v1/graph/edges${toQueryString(query5)}`,
2325
- method: "DELETE",
2326
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2327
- });
2328
- },
2329
- /**
2330
- * Retrieve a graph neighborhood around a root node.
2331
- */
2332
- async neighborhood(query5) {
2333
- return gateway.request({
2334
- path: `/api/platform/v1/graph/neighborhood${toQueryString(query5)}`
2335
- });
2336
- },
2337
- /**
2338
- * Traverse the graph from a starting node.
2339
- */
2340
- async traverse(query5) {
2341
- return gateway.request({
2342
- path: "/api/platform/v1/graph/traverse",
2343
- method: "POST",
2344
- body: normalizeTopicQuery(query5)
2345
- });
2346
- },
2347
- /**
2348
- * Analyze graph structure for a topic.
2349
- */
2350
- async analyze(query5 = {}) {
2351
- const normalized = normalizeTopicQuery(query5);
2352
- return gateway.request({
2353
- path: `/api/platform/v1/graph/analyze${toQueryString({
2354
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2355
- metric: typeof normalized.metric === "string" ? normalized.metric : void 0,
2356
- limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2357
- })}`
2358
- });
2359
- },
2360
- /**
2361
- * Detect confirmation-bias patterns for a topic graph.
2362
- */
2363
- async bias(query5 = {}) {
2364
- const normalized = normalizeTopicQuery(query5);
2365
- return gateway.request({
2366
- path: `/api/platform/v1/graph/bias${toQueryString({
2367
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2368
- threshold: typeof normalized.threshold === "number" ? normalized.threshold : void 0,
2369
- limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2370
- })}`
2371
- });
2372
- },
2373
- /**
2374
- * Find graph gaps for beliefs that still need testing.
2375
- */
2376
- async gaps(query5) {
2377
- const normalized = normalizeTopicQuery(query5);
2378
- return gateway.request({
2379
- path: `/api/platform/v1/graph/gaps${toQueryString({
2380
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2381
- minConfidence: typeof normalized.minConfidence === "number" ? normalized.minConfidence : void 0
2382
- })}`
2383
- });
2384
- },
2385
- /**
2386
- * Search across graph resources within a topic.
2387
- */
2388
- async search(query5) {
2389
- return gateway.request({
2390
- path: "/api/platform/v1/search",
2391
- method: "POST",
2392
- body: normalizeTopicQuery(query5)
2393
- });
2394
- },
2395
- /**
2396
- * Retrieve the shortest known path between two graph nodes.
2397
- */
2398
- async getPath(query5) {
2399
- return gateway.request({
2400
- path: `/api/platform/v1/graph/path${toQueryString(query5)}`
2401
- });
2402
- },
2403
- /**
2404
- * Retrieve graph analytics for the requested metric.
2405
- */
2406
- async getAnalytics(query5 = {}) {
2407
- return gateway.request({
2408
- path: `/api/platform/v1/graph/analytics${toQueryString(query5)}`
2409
- });
2410
- }
2411
- };
2412
- return Object.assign(client, {
2413
- queryNodes: client.listNodes,
2414
- queryEdges: client.listEdges,
2415
- getNeighborhood: client.neighborhood
2416
- });
2417
- }
2418
-
2419
- // src/identityClient.ts
2420
- function createIdentityWhoamiClient(config = {}) {
2421
- const gateway = createGatewayRequestClient(config);
2422
- return {
2423
- async whoami() {
2424
- return gateway.request({
2425
- path: "/api/platform/v1/identity/whoami"
2426
- });
2427
- }
2428
- };
2429
- }
2430
- var TENANT_IDENTITY_FIELDS = [
2431
- "tenantId",
2432
- "workspaceId",
2433
- "principalId",
2434
- "integrationKey",
2435
- "secretRef",
2436
- "policySubject",
2437
- "policyAction",
2438
- "policyResource",
2439
- "decision",
2440
- "config",
2441
- "configKey",
2442
- "configValue",
2443
- "provider",
2444
- "status",
2445
- "metadata",
2446
- "limit",
2447
- "cursor"
2448
- ];
2449
- function tenantIdentityQuery(input) {
2450
- return {
2451
- tenantId: cleanRequiredString(input.tenantId, "tenantId"),
2452
- workspaceId: input.workspaceId,
2453
- principalId: input.principalId,
2454
- limit: input.limit,
2455
- cursor: input.cursor
2456
- };
2457
- }
2458
- function tenantIdentityBody(input, operation) {
2459
- return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
2460
- }
2461
- function createIdentityClient(config = {}) {
2462
- const gateway = createGatewayRequestClient(config);
2463
- const whoamiClient = createIdentityWhoamiClient(config);
2464
- const requestPrincipalWrite = (method, input, idempotencyKey) => gateway.request({
2465
- path: "/api/platform/v1/identity/principals",
2466
- method,
2467
- body: input,
2468
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2469
- });
2470
- const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
2471
- const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
2472
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
2473
- method: "POST",
2474
- body: input,
2475
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2476
- });
2477
- return {
2478
- /**
2479
- * Resolve the current authenticated identity summary.
2480
- */
2481
- async whoami() {
2482
- return whoamiClient.whoami().then(
2483
- (response) => mapGatewayData(response, (data) => ({
2484
- principalId: data.principalId,
2485
- principalType: data.principalType,
2486
- tenantId: data.tenantId ?? null,
2487
- workspaceId: data.workspaceId ?? null,
2488
- scopes: Array.isArray(data.scopes) ? data.scopes : [],
2489
- roles: Array.isArray(data.roles) ? data.roles : [],
2490
- isPlatformAdmin: data.isPlatformAdmin === true,
2491
- isTenantAdmin: data.isTenantAdmin === true,
2492
- isWorkspaceAdmin: data.isWorkspaceAdmin === true,
2493
- authMode: data.authMode,
2494
- sessionId: data.sessionId,
2495
- delegatedBy: data.delegatedBy,
2496
- expiresAt: data.expiresAt
2497
- }))
2498
- );
2499
- },
2500
- /**
2501
- * List principals in the current identity scope.
2502
- */
2503
- async listPrincipals(query5 = {}) {
2504
- return gateway.request({
2505
- path: `/api/platform/v1/identity/principals${toQueryString(query5)}`
2506
- }).then(
2507
- (response) => mapGatewayData(
2508
- response,
2509
- (data) => createListResult(
2510
- Array.isArray(data) ? data : [],
2511
- "principals"
2512
- )
2513
- )
2514
- );
2515
- },
2516
- /**
2517
- * Create a principal.
2518
- */
2519
- async createPrincipal(input, idempotencyKey) {
2520
- return requestPrincipalWrite("POST", input, idempotencyKey);
2963
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2964
+ });
2521
2965
  },
2522
2966
  /**
2523
- * Update a principal.
2524
- */
2525
- updatePrincipal,
2526
- /**
2527
- * @deprecated Use createPrincipal or updatePrincipal.
2967
+ * Permanently delete a node via the admin-only hard-delete route.
2528
2968
  */
2529
- upsertPrincipal: updatePrincipal,
2969
+ async hardDeleteNode(input, idempotencyKey) {
2970
+ return gateway.request({
2971
+ path: "/api/platform/v1/graph/nodes/hard-delete",
2972
+ method: "POST",
2973
+ body: input,
2974
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2975
+ });
2976
+ },
2530
2977
  /**
2531
- * List keys in the current identity scope.
2978
+ * List graph edges matching the provided filters.
2532
2979
  */
2533
- async listKeys(query5 = {}) {
2980
+ async listEdges(query5) {
2534
2981
  return gateway.request({
2535
- path: `/api/platform/v1/identity/keys${toQueryString(query5)}`
2982
+ path: `/api/platform/v1/graph/edges${toQueryString(
2983
+ normalizeTopicQuery(query5)
2984
+ )}`
2536
2985
  }).then(
2537
2986
  (response) => mapGatewayData(
2538
2987
  response,
2539
- (data) => createListResult(Array.isArray(data) ? data : [], "keys")
2988
+ (data) => mapAliasedList(data, "edges")
2540
2989
  )
2541
2990
  );
2542
2991
  },
2543
2992
  /**
2544
- * Create an API key.
2993
+ * Create a graph edge.
2545
2994
  */
2546
- async createKey(input, idempotencyKey) {
2995
+ async createEdge(input, idempotencyKey) {
2547
2996
  return gateway.request({
2548
- path: "/api/platform/v1/identity/keys",
2997
+ path: "/api/platform/v1/graph/edges",
2549
2998
  method: "POST",
2550
- body: input,
2999
+ body: normalizeTopicQuery(input),
2551
3000
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2552
3001
  });
2553
3002
  },
2554
3003
  /**
2555
- * Rotate an API key.
3004
+ * Delete one or more edges matching the provided filter.
2556
3005
  */
2557
- async rotateKey(keyId, input = {}, idempotencyKey) {
3006
+ async deleteEdge(query5, idempotencyKey) {
2558
3007
  return gateway.request({
2559
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/rotate`,
2560
- method: "POST",
2561
- body: input,
3008
+ path: `/api/platform/v1/graph/edges${toQueryString(query5)}`,
3009
+ method: "DELETE",
2562
3010
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2563
3011
  });
2564
3012
  },
2565
3013
  /**
2566
- * Delete an API key by revoking it.
2567
- */
2568
- deleteKey,
2569
- /**
2570
- * @deprecated Use deleteKey.
2571
- */
2572
- revokeKey: deleteKey,
2573
- /**
2574
- * Search Clerk users by email or display attributes.
3014
+ * Retrieve a graph neighborhood around a root node.
2575
3015
  */
2576
- async searchClerkUsers(q) {
3016
+ async neighborhood(query5) {
2577
3017
  return gateway.request({
2578
- path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
3018
+ path: `/api/platform/v1/graph/neighborhood${toQueryString(query5)}`
2579
3019
  });
2580
3020
  },
2581
- async getTenantConfig(input) {
3021
+ /**
3022
+ * Traverse the graph from a starting node.
3023
+ */
3024
+ async traverse(query5) {
2582
3025
  return gateway.request({
2583
- path: `/api/platform/v1/identity/tenant-config${toQueryString(
2584
- tenantIdentityQuery(input)
2585
- )}`
3026
+ path: "/api/platform/v1/graph/traverse",
3027
+ method: "POST",
3028
+ body: normalizeTopicQuery(query5)
2586
3029
  });
2587
3030
  },
2588
- async updateTenantConfig(input, idempotencyKey) {
2589
- cleanRequiredString(input.tenantId, "tenantId");
3031
+ /**
3032
+ * Analyze graph structure for a topic.
3033
+ */
3034
+ async analyze(query5 = {}) {
3035
+ const normalized = normalizeTopicQuery(query5);
2590
3036
  return gateway.request({
2591
- path: "/api/platform/v1/identity/tenant-config",
2592
- method: "PATCH",
2593
- body: tenantIdentityBody(
2594
- input,
2595
- "identity.updateTenantConfig"
2596
- ),
2597
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3037
+ path: `/api/platform/v1/graph/analyze${toQueryString({
3038
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
3039
+ metric: typeof normalized.metric === "string" ? normalized.metric : void 0,
3040
+ limit: typeof normalized.limit === "number" ? normalized.limit : void 0
3041
+ })}`
2598
3042
  });
2599
3043
  },
2600
- async listIntegrations(input) {
2601
- return gateway.request({
2602
- path: `/api/platform/v1/identity/integrations${toQueryString(
2603
- tenantIdentityQuery(input)
2604
- )}`
2605
- }).then(
2606
- (response) => mapGatewayData(
2607
- response,
2608
- (data) => listResultFromEnvelope(
2609
- data,
2610
- "integrations"
2611
- )
2612
- )
2613
- );
2614
- },
2615
- async upsertIntegration(input, idempotencyKey) {
2616
- cleanRequiredString(input.tenantId, "tenantId");
2617
- cleanRequiredString(input.integrationKey, "integrationKey");
3044
+ /**
3045
+ * Detect confirmation-bias patterns for a topic graph.
3046
+ */
3047
+ async bias(query5 = {}) {
3048
+ const normalized = normalizeTopicQuery(query5);
2618
3049
  return gateway.request({
2619
- path: "/api/platform/v1/identity/integrations",
2620
- method: "PUT",
2621
- body: tenantIdentityBody(
2622
- input,
2623
- "identity.upsertIntegration"
2624
- ),
2625
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3050
+ path: `/api/platform/v1/graph/bias${toQueryString({
3051
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
3052
+ threshold: typeof normalized.threshold === "number" ? normalized.threshold : void 0,
3053
+ limit: typeof normalized.limit === "number" ? normalized.limit : void 0
3054
+ })}`
2626
3055
  });
2627
3056
  },
2628
- async listSecrets(input) {
3057
+ /**
3058
+ * Find graph gaps for beliefs that still need testing.
3059
+ */
3060
+ async gaps(query5) {
3061
+ const normalized = normalizeTopicQuery(query5);
2629
3062
  return gateway.request({
2630
- path: `/api/platform/v1/identity/secrets${toQueryString(
2631
- tenantIdentityQuery(input)
2632
- )}`
2633
- }).then(
2634
- (response) => mapGatewayData(
2635
- response,
2636
- (data) => listResultFromEnvelope(
2637
- data,
2638
- "secrets"
2639
- )
2640
- )
2641
- );
3063
+ path: `/api/platform/v1/graph/gaps${toQueryString({
3064
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
3065
+ minConfidence: typeof normalized.minConfidence === "number" ? normalized.minConfidence : void 0
3066
+ })}`
3067
+ });
2642
3068
  },
2643
- async putSecretReference(input, idempotencyKey) {
2644
- cleanRequiredString(input.tenantId, "tenantId");
2645
- cleanRequiredString(input.secretRef, "secretRef");
3069
+ /**
3070
+ * Search across graph resources within a topic.
3071
+ */
3072
+ async search(query5) {
2646
3073
  return gateway.request({
2647
- path: "/api/platform/v1/identity/secrets",
2648
- method: "PUT",
2649
- body: tenantIdentityBody(
2650
- input,
2651
- "identity.putSecretReference"
2652
- ),
2653
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3074
+ path: "/api/platform/v1/search",
3075
+ method: "POST",
3076
+ body: normalizeTopicQuery(query5)
2654
3077
  });
2655
3078
  },
2656
- async evaluatePolicy(input, idempotencyKey) {
2657
- cleanRequiredString(input.tenantId, "tenantId");
2658
- cleanRequiredString(input.policySubject, "policySubject");
2659
- cleanRequiredString(input.policyAction, "policyAction");
2660
- cleanRequiredString(input.policyResource, "policyResource");
3079
+ /**
3080
+ * Retrieve the shortest known path between two graph nodes.
3081
+ */
3082
+ async getPath(query5) {
2661
3083
  return gateway.request({
2662
- path: "/api/platform/v1/identity/policy/evaluate",
2663
- method: "POST",
2664
- body: tenantIdentityBody(
2665
- input,
2666
- "identity.evaluatePolicy"
2667
- ),
2668
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3084
+ path: `/api/platform/v1/graph/path${toQueryString(query5)}`
2669
3085
  });
2670
3086
  },
2671
- async recordPolicyDecision(input, idempotencyKey) {
2672
- cleanRequiredString(input.tenantId, "tenantId");
2673
- cleanRequiredString(input.decision, "decision");
3087
+ /**
3088
+ * Retrieve graph analytics for the requested metric.
3089
+ */
3090
+ async getAnalytics(query5 = {}) {
2674
3091
  return gateway.request({
2675
- path: "/api/platform/v1/identity/policy/decisions",
2676
- method: "POST",
2677
- body: tenantIdentityBody(
2678
- input,
2679
- "identity.recordPolicyDecision"
2680
- ),
2681
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3092
+ path: `/api/platform/v1/graph/analytics${toQueryString(query5)}`
2682
3093
  });
2683
3094
  }
2684
3095
  };
3096
+ return Object.assign(client, {
3097
+ queryNodes: client.listNodes,
3098
+ queryEdges: client.listEdges,
3099
+ getNeighborhood: client.neighborhood
3100
+ });
2685
3101
  }
2686
3102
 
2687
3103
  // src/topicsClient.ts
2688
- function cleanString3(value) {
3104
+ function cleanString5(value) {
2689
3105
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
2690
3106
  }
2691
3107
  function normalizeTopicRecord(value) {
2692
3108
  const record = asRecord(value);
2693
- const topicId = cleanString3(record.topicId) ?? cleanString3(record.id) ?? cleanString3(record._id);
3109
+ const topicId = cleanString5(record.topicId) ?? cleanString5(record.id) ?? cleanString5(record._id);
2694
3110
  return withTopicAlias({
2695
3111
  ...record,
2696
3112
  ...topicId ? { topicId } : {}
@@ -3409,6 +3825,8 @@ function createTasksFacade(config = {}) {
3409
3825
  description: input.description,
3410
3826
  priority: input.priority,
3411
3827
  status: input.status,
3828
+ assigneeId: input.assigneeId,
3829
+ blockedReason: input.blockedReason,
3412
3830
  linkedBeliefId: input.linkedBeliefId,
3413
3831
  linkedQuestionId: input.linkedQuestionId,
3414
3832
  linkedWorktreeId: input.linkedWorktreeId,
@@ -3903,7 +4321,7 @@ function createEmbeddingsClient(config = {}) {
3903
4321
  }
3904
4322
 
3905
4323
  // src/contextClient.ts
3906
- function cleanString4(value) {
4324
+ function cleanString6(value) {
3907
4325
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
3908
4326
  }
3909
4327
  function cleanNumber(value) {
@@ -3915,11 +4333,11 @@ function cleanBoolean(value) {
3915
4333
  function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3916
4334
  const effectiveInput = typeof topicIdOrInput === "string" ? input : topicIdOrInput;
3917
4335
  const payload = {};
3918
- const topicId = typeof topicIdOrInput === "string" ? cleanString4(topicIdOrInput) : cleanString4(effectiveInput.topicId);
4336
+ const topicId = typeof topicIdOrInput === "string" ? cleanString6(topicIdOrInput) : cleanString6(effectiveInput.topicId);
3919
4337
  if (topicId) {
3920
4338
  payload.topicId = topicId;
3921
4339
  }
3922
- const query5 = cleanString4(effectiveInput.query);
4340
+ const query5 = cleanString6(effectiveInput.query);
3923
4341
  if (query5) {
3924
4342
  payload.query = query5;
3925
4343
  }
@@ -3927,7 +4345,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3927
4345
  if (budget !== void 0) {
3928
4346
  payload.budget = budget;
3929
4347
  }
3930
- const ranking = cleanString4(effectiveInput.ranking) ?? cleanString4(effectiveInput.rankingProfile);
4348
+ const ranking = cleanString6(effectiveInput.ranking) ?? cleanString6(effectiveInput.rankingProfile);
3931
4349
  if (ranking) {
3932
4350
  payload.ranking = ranking;
3933
4351
  }
@@ -3943,7 +4361,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3943
4361
  if (includeEntities !== void 0) {
3944
4362
  payload.includeEntities = includeEntities;
3945
4363
  }
3946
- const mode = cleanString4(effectiveInput.mode);
4364
+ const mode = cleanString6(effectiveInput.mode);
3947
4365
  if (mode) {
3948
4366
  payload.mode = mode;
3949
4367
  }
@@ -3951,11 +4369,11 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3951
4369
  if (includeFailures !== void 0) {
3952
4370
  payload.includeFailures = includeFailures;
3953
4371
  }
3954
- const worktreeId = cleanString4(effectiveInput.worktreeId);
4372
+ const worktreeId = cleanString6(effectiveInput.worktreeId);
3955
4373
  if (worktreeId) {
3956
4374
  payload.worktreeId = worktreeId;
3957
4375
  }
3958
- const sessionId = cleanString4(effectiveInput.sessionId);
4376
+ const sessionId = cleanString6(effectiveInput.sessionId);
3959
4377
  if (sessionId) {
3960
4378
  payload.sessionId = sessionId;
3961
4379
  }
@@ -4841,7 +5259,8 @@ function createMcpClient(config = {}) {
4841
5259
  transportKind: input.transportKind,
4842
5260
  sessionId: input.sessionId,
4843
5261
  agentIdentity: input.agentIdentity,
4844
- workspaceId: input.workspaceId
5262
+ workspaceId: input.workspaceId,
5263
+ worktreeId: input.worktreeId
4845
5264
  };
4846
5265
  return gateway.request({
4847
5266
  path: `${MCP_GATEWAY_BOOTSTRAP_ENDPOINT}${toQueryString(scope)}`,
@@ -4932,8 +5351,11 @@ var CONTRACTS = {
4932
5351
  "apply_lens_to_topic": { method: "POST", path: "/lenses/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
4933
5352
  "apply_ontology": { method: "POST", path: "/ontologies/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
4934
5353
  "archive_belief": { method: "DELETE", path: "/beliefs", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5354
+ "archive_epistemic_node": { method: "POST", path: "/nodes/archive", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4935
5355
  "archive_ontology": { method: "DELETE", path: "/ontologies", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
4936
5356
  "archive_question": { method: "DELETE", path: "/questions", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5357
+ "batch_create_edges": { method: "POST", path: "/edges/batch", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5358
+ "batch_create_epistemic_nodes": { method: "POST", path: "/nodes/batch", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4937
5359
  "begin_build_session": { method: "POST", path: "/mcp/build-session/begin", kind: "mutation", idempotent: true, surfaceIntent: "system" },
4938
5360
  "bisect_confidence": { method: "POST", path: "/beliefs/confidence/bisect", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4939
5361
  "broadcast_message": { method: "POST", path: "/coordination/messages/broadcast", kind: "mutation", idempotent: true, surfaceIntent: "system" },
@@ -4945,6 +5367,7 @@ var CONTRACTS = {
4945
5367
  "create_belief": { method: "POST", path: "/beliefs", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4946
5368
  "create_edge": { method: "POST", path: "/edges", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
4947
5369
  "create_epistemic_contract": { method: "POST", path: "/contracts", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5370
+ "create_epistemic_node": { method: "POST", path: "/nodes", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4948
5371
  "create_evidence": { method: "POST", path: "/evidence", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
4949
5372
  "create_lens": { method: "POST", path: "/lenses", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
4950
5373
  "create_ontology": { method: "POST", path: "/ontologies", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
@@ -4972,6 +5395,7 @@ var CONTRACTS = {
4972
5395
  "get_code_context": { method: "POST", path: "/coding/context", kind: "query", idempotent: false, surfaceIntent: "system" },
4973
5396
  "get_confidence_history": { method: "POST", path: "/beliefs/confidence-history", kind: "query", idempotent: false, surfaceIntent: "compatibility" },
4974
5397
  "get_contract_status": { method: "POST", path: "/contracts/status", kind: "query", idempotent: false, surfaceIntent: "mcp_governance" },
5398
+ "get_epistemic_node": { method: "GET", path: "/nodes/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4975
5399
  "get_evidence": { method: "GET", path: "/evidence/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4976
5400
  "get_failure_log": { method: "POST", path: "/coding/failure-log", kind: "query", idempotent: false, surfaceIntent: "system" },
4977
5401
  "get_falsification_questions": { method: "POST", path: "/questions/falsification", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
@@ -4985,6 +5409,7 @@ var CONTRACTS = {
4985
5409
  "get_question": { method: "GET", path: "/questions/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4986
5410
  "get_topic": { method: "GET", path: "/topics/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4987
5411
  "get_topic_coverage": { method: "POST", path: "/graph/topic-coverage", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5412
+ "get_topic_graph_spine": { method: "GET", path: "/topics/graph-spine", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4988
5413
  "get_topic_tree": { method: "GET", path: "/topics/tree", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4989
5414
  "heartbeat_session": { method: "POST", path: "/coordination/heartbeat-session", kind: "mutation", idempotent: true, surfaceIntent: "system" },
4990
5415
  "identity_whoami": { method: "GET", path: "/identity/whoami", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
@@ -4996,6 +5421,7 @@ var CONTRACTS = {
4996
5421
  "list_all_worktrees": { method: "GET", path: "/worktrees/all", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
4997
5422
  "list_beliefs": { method: "GET", path: "/beliefs", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4998
5423
  "list_campaigns": { method: "GET", path: "/worktrees/campaigns", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5424
+ "list_epistemic_nodes": { method: "GET", path: "/nodes", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
4999
5425
  "list_evidence": { method: "GET", path: "/evidence", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5000
5426
  "list_graph_intelligence_queries": { method: "POST", path: "/graph-intelligence/queries", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5001
5427
  "list_lenses": { method: "GET", path: "/lenses", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
@@ -5006,6 +5432,7 @@ var CONTRACTS = {
5006
5432
  "list_worktrees": { method: "GET", path: "/worktrees", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5007
5433
  "manage_write_policy": { method: "POST", path: "/policy/write-policy/manage", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5008
5434
  "match_entity_type": { method: "POST", path: "/ontologies/match-entity-type", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5435
+ "materialize_topic_graph": { method: "POST", path: "/topics/materialize-graph", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5009
5436
  "merge": { method: "POST", path: "/worktrees/merge", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5010
5437
  "modulate_confidence": { method: "POST", path: "/beliefs/confidence", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5011
5438
  "open_pull_request": { method: "POST", path: "/worktrees/open-pull-request", kind: "mutation", idempotent: true, surfaceIntent: "system" },
@@ -5019,22 +5446,29 @@ var CONTRACTS = {
5019
5446
  "refine_belief": { method: "PATCH", path: "/beliefs/refine", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5020
5447
  "refine_question": { method: "PATCH", path: "/questions/refine", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5021
5448
  "register_session": { method: "POST", path: "/coordination/register-session", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5449
+ "remove_edge": { method: "DELETE", path: "/edges", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5450
+ "remove_edges_between": { method: "DELETE", path: "/edges/between", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5022
5451
  "remove_lens_from_topic": { method: "DELETE", path: "/lenses/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5023
5452
  "resolve_effective_ontology": { method: "POST", path: "/ontologies/effective", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5453
+ "resolve_interactive_principal": { method: "POST", path: "/control-plane/identity/resolve-interactive-principal", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5024
5454
  "run_graph_intelligence_query": { method: "POST", path: "/graph-intelligence/run", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5025
5455
  "search_beliefs": { method: "POST", path: "/beliefs/search", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5026
5456
  "search_evidence": { method: "POST", path: "/evidence/search", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5027
5457
  "seed_belief_lattice": { method: "POST", path: "/scope/belief-lattice/seed", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5028
5458
  "send_agent_message": { method: "POST", path: "/coordination/messages/send", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5459
+ "supersede_epistemic_node": { method: "POST", path: "/nodes/supersede", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5029
5460
  "trace_entity_impact": { method: "POST", path: "/graph/trace-entity-impact", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5030
5461
  "traverse_graph": { method: "POST", path: "/graph/traverse", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5031
5462
  "trigger_belief_review": { method: "POST", path: "/context/belief-review", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5463
+ "update_edge": { method: "PATCH", path: "/edges", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5464
+ "update_epistemic_node": { method: "PATCH", path: "/nodes", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5032
5465
  "update_ontology": { method: "PATCH", path: "/ontologies", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5033
5466
  "update_question_status": { method: "PATCH", path: "/questions/status", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5034
5467
  "update_task": { method: "PATCH", path: "/tasks", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5035
5468
  "update_topic": { method: "PATCH", path: "/topics", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5036
5469
  "update_worktree_metadata": { method: "PATCH", path: "/worktrees/metadata", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5037
- "update_worktree_targets": { method: "PATCH", path: "/worktrees/targets", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" }
5470
+ "update_worktree_targets": { method: "PATCH", path: "/worktrees/targets", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5471
+ "verify_epistemic_node": { method: "POST", path: "/nodes/verify", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" }
5038
5472
  };
5039
5473
  function createSessionId() {
5040
5474
  return typeof crypto !== "undefined" && typeof crypto.randomUUID === "function" ? crypto.randomUUID() : randomIdempotencyKey();
@@ -5102,12 +5536,21 @@ function createFunctionSurfaceClient(config = {}) {
5102
5536
  archiveBelief(input = {}, idempotencyKey) {
5103
5537
  return execute("archive_belief", input, idempotencyKey);
5104
5538
  },
5539
+ archiveEpistemicNode(input = {}, idempotencyKey) {
5540
+ return execute("archive_epistemic_node", input, idempotencyKey);
5541
+ },
5105
5542
  archiveOntology(input = {}, idempotencyKey) {
5106
5543
  return execute("archive_ontology", input, idempotencyKey);
5107
5544
  },
5108
5545
  archiveQuestion(input = {}, idempotencyKey) {
5109
5546
  return execute("archive_question", input, idempotencyKey);
5110
5547
  },
5548
+ batchCreateEdges(input = {}, idempotencyKey) {
5549
+ return execute("batch_create_edges", input, idempotencyKey);
5550
+ },
5551
+ batchCreateEpistemicNodes(input = {}, idempotencyKey) {
5552
+ return execute("batch_create_epistemic_nodes", input, idempotencyKey);
5553
+ },
5111
5554
  beginBuildSession(input = {}, idempotencyKey) {
5112
5555
  return execute("begin_build_session", input, idempotencyKey);
5113
5556
  },
@@ -5141,6 +5584,9 @@ function createFunctionSurfaceClient(config = {}) {
5141
5584
  createEpistemicContract(input = {}, idempotencyKey) {
5142
5585
  return execute("create_epistemic_contract", input, idempotencyKey);
5143
5586
  },
5587
+ createEpistemicNode(input = {}, idempotencyKey) {
5588
+ return execute("create_epistemic_node", input, idempotencyKey);
5589
+ },
5144
5590
  createEvidence(input = {}, idempotencyKey) {
5145
5591
  return execute("create_evidence", input, idempotencyKey);
5146
5592
  },
@@ -5222,6 +5668,9 @@ function createFunctionSurfaceClient(config = {}) {
5222
5668
  getContractStatus(input = {}, idempotencyKey) {
5223
5669
  return execute("get_contract_status", input, idempotencyKey);
5224
5670
  },
5671
+ getEpistemicNode(input = {}, idempotencyKey) {
5672
+ return execute("get_epistemic_node", input, idempotencyKey);
5673
+ },
5225
5674
  getEvidence(input = {}, idempotencyKey) {
5226
5675
  return execute("get_evidence", input, idempotencyKey);
5227
5676
  },
@@ -5261,6 +5710,9 @@ function createFunctionSurfaceClient(config = {}) {
5261
5710
  getTopicCoverage(input = {}, idempotencyKey) {
5262
5711
  return execute("get_topic_coverage", input, idempotencyKey);
5263
5712
  },
5713
+ getTopicGraphSpine(input = {}, idempotencyKey) {
5714
+ return execute("get_topic_graph_spine", input, idempotencyKey);
5715
+ },
5264
5716
  getTopicTree(input = {}, idempotencyKey) {
5265
5717
  return execute("get_topic_tree", input, idempotencyKey);
5266
5718
  },
@@ -5294,6 +5746,9 @@ function createFunctionSurfaceClient(config = {}) {
5294
5746
  listCampaigns(input = {}, idempotencyKey) {
5295
5747
  return execute("list_campaigns", input, idempotencyKey);
5296
5748
  },
5749
+ listEpistemicNodes(input = {}, idempotencyKey) {
5750
+ return execute("list_epistemic_nodes", input, idempotencyKey);
5751
+ },
5297
5752
  listEvidence(input = {}, idempotencyKey) {
5298
5753
  return execute("list_evidence", input, idempotencyKey);
5299
5754
  },
@@ -5324,6 +5779,9 @@ function createFunctionSurfaceClient(config = {}) {
5324
5779
  matchEntityType(input = {}, idempotencyKey) {
5325
5780
  return execute("match_entity_type", input, idempotencyKey);
5326
5781
  },
5782
+ materializeTopicGraph(input = {}, idempotencyKey) {
5783
+ return execute("materialize_topic_graph", input, idempotencyKey);
5784
+ },
5327
5785
  merge(input = {}, idempotencyKey) {
5328
5786
  return execute("merge", input, idempotencyKey);
5329
5787
  },
@@ -5363,12 +5821,21 @@ function createFunctionSurfaceClient(config = {}) {
5363
5821
  registerSession(input = {}, idempotencyKey) {
5364
5822
  return execute("register_session", input, idempotencyKey);
5365
5823
  },
5824
+ removeEdge(input = {}, idempotencyKey) {
5825
+ return execute("remove_edge", input, idempotencyKey);
5826
+ },
5827
+ removeEdgesBetween(input = {}, idempotencyKey) {
5828
+ return execute("remove_edges_between", input, idempotencyKey);
5829
+ },
5366
5830
  removeLensFromTopic(input = {}, idempotencyKey) {
5367
5831
  return execute("remove_lens_from_topic", input, idempotencyKey);
5368
5832
  },
5369
5833
  resolveEffectiveOntology(input = {}, idempotencyKey) {
5370
5834
  return execute("resolve_effective_ontology", input, idempotencyKey);
5371
5835
  },
5836
+ resolveInteractivePrincipal(input = {}, idempotencyKey) {
5837
+ return execute("resolve_interactive_principal", input, idempotencyKey);
5838
+ },
5372
5839
  runGraphIntelligenceQuery(input = {}, idempotencyKey) {
5373
5840
  return execute("run_graph_intelligence_query", input, idempotencyKey);
5374
5841
  },
@@ -5384,6 +5851,9 @@ function createFunctionSurfaceClient(config = {}) {
5384
5851
  sendAgentMessage(input = {}, idempotencyKey) {
5385
5852
  return execute("send_agent_message", input, idempotencyKey);
5386
5853
  },
5854
+ supersedeEpistemicNode(input = {}, idempotencyKey) {
5855
+ return execute("supersede_epistemic_node", input, idempotencyKey);
5856
+ },
5387
5857
  traceEntityImpact(input = {}, idempotencyKey) {
5388
5858
  return execute("trace_entity_impact", input, idempotencyKey);
5389
5859
  },
@@ -5393,6 +5863,12 @@ function createFunctionSurfaceClient(config = {}) {
5393
5863
  triggerBeliefReview(input = {}, idempotencyKey) {
5394
5864
  return execute("trigger_belief_review", input, idempotencyKey);
5395
5865
  },
5866
+ updateEdge(input = {}, idempotencyKey) {
5867
+ return execute("update_edge", input, idempotencyKey);
5868
+ },
5869
+ updateEpistemicNode(input = {}, idempotencyKey) {
5870
+ return execute("update_epistemic_node", input, idempotencyKey);
5871
+ },
5396
5872
  updateOntology(input = {}, idempotencyKey) {
5397
5873
  return execute("update_ontology", input, idempotencyKey);
5398
5874
  },
@@ -5410,6 +5886,9 @@ function createFunctionSurfaceClient(config = {}) {
5410
5886
  },
5411
5887
  updateWorktreeTargets(input = {}, idempotencyKey) {
5412
5888
  return execute("update_worktree_targets", input, idempotencyKey);
5889
+ },
5890
+ verifyEpistemicNode(input = {}, idempotencyKey) {
5891
+ return execute("verify_epistemic_node", input, idempotencyKey);
5413
5892
  }
5414
5893
  };
5415
5894
  }
@@ -5617,7 +6096,7 @@ var ORG_GRAPH_SEARCH_FIELDS = [
5617
6096
  "cursor",
5618
6097
  "provenanceScope"
5619
6098
  ];
5620
- function cleanString5(value, label) {
6099
+ function cleanString7(value, label) {
5621
6100
  const normalized = value?.trim();
5622
6101
  if (!normalized) {
5623
6102
  throw new Error(`${label} is required`);
@@ -5639,9 +6118,9 @@ function searchBody(input) {
5639
6118
  "orgGraphSearch.search"
5640
6119
  );
5641
6120
  return {
5642
- tenantId: cleanString5(input.tenantId, "tenantId"),
5643
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
5644
- query: cleanString5(input.query, "query"),
6121
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6122
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
6123
+ query: cleanString7(input.query, "query"),
5645
6124
  nodeTypes: input.nodeTypes,
5646
6125
  minConfidence: input.minConfidence,
5647
6126
  limit: input.limit,
@@ -5651,8 +6130,8 @@ function searchBody(input) {
5651
6130
  }
5652
6131
  function listQuery2(input) {
5653
6132
  return {
5654
- tenantId: cleanString5(input.tenantId, "tenantId"),
5655
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
6133
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6134
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
5656
6135
  nodeTypes: input.nodeTypes?.join(","),
5657
6136
  minConfidence: input.minConfidence,
5658
6137
  limit: input.limit,
@@ -5686,8 +6165,8 @@ function createOrgGraphSearchClient(config = {}) {
5686
6165
  return gateway.request({
5687
6166
  path: `/api/platform/v1/org-graph-search/nodes/${nodePath}${toQueryString(
5688
6167
  {
5689
- tenantId: cleanString5(input.tenantId, "tenantId"),
5690
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
6168
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6169
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
5691
6170
  globalId: nodeId ? void 0 : globalId
5692
6171
  }
5693
6172
  )}`
@@ -6652,7 +7131,7 @@ function createToolRegistryClient(config = {}) {
6652
7131
  }
6653
7132
 
6654
7133
  // src/version.ts
6655
- var LUCERN_SDK_VERSION = "0.3.0-alpha.9";
7134
+ var LUCERN_SDK_VERSION = "1.0.0";
6656
7135
 
6657
7136
  // src/workflowClient.ts
6658
7137
  function normalizeLensQuery(value) {
@@ -7060,6 +7539,12 @@ function toGatewayConfig(config) {
7060
7539
  return {
7061
7540
  baseUrl: config.baseUrl,
7062
7541
  fetchImpl: config.fetchImpl,
7542
+ apiKey: config.apiKey,
7543
+ userToken: config.userToken,
7544
+ environment: config.environment,
7545
+ clerkId: config.clerkId,
7546
+ userId: config.userId,
7547
+ deploymentHost: config.deploymentHost,
7063
7548
  maxRetries: config.maxRetries,
7064
7549
  timeoutMs: config.timeoutMs,
7065
7550
  timeoutMsByMethod: config.timeoutMsByMethod,
@@ -7068,23 +7553,15 @@ function toGatewayConfig(config) {
7068
7553
  onResponse: config.onResponse,
7069
7554
  authContext: config.authContext,
7070
7555
  requireCanonicalAuthContext: config.requireCanonicalAuthContext,
7071
- getAuthHeaders: async () => {
7072
- const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
7073
- if (config.apiKey && !base["x-lucern-key"] && !base.Authorization) {
7074
- base["x-lucern-key"] = config.apiKey;
7075
- }
7076
- if (config.userToken && !base["x-lucern-session-token"]) {
7077
- base["x-lucern-session-token"] = config.userToken;
7078
- }
7079
- if (config.environment && !base["x-lucern-environment"]) {
7080
- base["x-lucern-environment"] = config.environment;
7081
- }
7082
- return base;
7083
- }
7556
+ getAuthHeaders: config.getAuthHeaders
7084
7557
  };
7085
7558
  }
7086
7559
  function exposeGatewayData(response) {
7087
- return Object.assign({}, response, response.data);
7560
+ const data = response.data;
7561
+ if (data !== null && typeof data === "object" && !Array.isArray(data)) {
7562
+ return Object.assign({}, response, data);
7563
+ }
7564
+ return { ...response };
7088
7565
  }
7089
7566
  function createLucernClient(config = {}) {
7090
7567
  const gatewayConfig = toGatewayConfig(config);
@@ -7105,6 +7582,7 @@ function createLucernClient(config = {}) {
7105
7582
  const auditClient = createAuditClient(gatewayConfig);
7106
7583
  const authDeviceClient = createAuthDeviceClient(gatewayConfig);
7107
7584
  const adminClient = createAdminClient(gatewayConfig);
7585
+ const accessControlClient = createAccessControlClient(gatewayConfig);
7108
7586
  const answersClient = createAnswersClient(gatewayConfig);
7109
7587
  const contradictionsFacade = createContradictionsFacade(gatewayConfig);
7110
7588
  const edgesFacade = createEdgesFacade(gatewayConfig);
@@ -7124,6 +7602,7 @@ function createLucernClient(config = {}) {
7124
7602
  const ontologyLinksClient = createOntologyLinksClient(gatewayConfig);
7125
7603
  const orgGraphSearchClient = createOrgGraphSearchClient(gatewayConfig);
7126
7604
  const functionSurfaceClient = createFunctionSurfaceClient(gatewayConfig);
7605
+ const controlPlaneClient = createControlPlaneClient(gatewayConfig);
7127
7606
  const toolRegistryClient = createToolRegistryClient(gatewayConfig);
7128
7607
  const modelRuntimeClient = createModelRuntimeClient(gatewayConfig);
7129
7608
  const packsClient = createPacksClient(gatewayConfig);
@@ -7495,9 +7974,24 @@ function createLucernClient(config = {}) {
7495
7974
  typeof input === "string" ? { nodeId: input } : input
7496
7975
  );
7497
7976
  },
7498
- create: graphClient.createNode,
7499
- update: graphClient.updateNode,
7500
- batchCreate: graphClient.batchCreateNodes,
7977
+ create(input, idempotencyKey) {
7978
+ return functionSurfaceClient.createEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
7979
+ },
7980
+ createEpistemicNode(input, idempotencyKey) {
7981
+ return functionSurfaceClient.createEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
7982
+ },
7983
+ update(input, idempotencyKey) {
7984
+ return functionSurfaceClient.updateEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
7985
+ },
7986
+ updateEpistemicNode(input, idempotencyKey) {
7987
+ return functionSurfaceClient.updateEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
7988
+ },
7989
+ batchCreate(input, idempotencyKey) {
7990
+ return functionSurfaceClient.batchCreateEpistemicNodes(input, idempotencyKey).then(exposeGatewayData);
7991
+ },
7992
+ batchCreateEpistemicNodes(input, idempotencyKey) {
7993
+ return functionSurfaceClient.batchCreateEpistemicNodes(input, idempotencyKey).then(exposeGatewayData);
7994
+ },
7501
7995
  listByTopicAndType(input) {
7502
7996
  return gateway.request({
7503
7997
  path: `/api/platform/v1/nodes${sdkQueryString({
@@ -7522,8 +8016,15 @@ function createLucernClient(config = {}) {
7522
8016
  })}`
7523
8017
  }).then(exposeGatewayData);
7524
8018
  },
7525
- supersede: graphClient.supersedeNode,
7526
- verify: graphClient.verifyNode,
8019
+ supersede(input, idempotencyKey) {
8020
+ return functionSurfaceClient.supersedeEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8021
+ },
8022
+ verify(input, idempotencyKey) {
8023
+ return functionSurfaceClient.verifyEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8024
+ },
8025
+ archive(input, idempotencyKey) {
8026
+ return functionSurfaceClient.archiveEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8027
+ },
7527
8028
  hardDelete: graphClient.hardDeleteNode
7528
8029
  };
7529
8030
  const publicationNamespace = {
@@ -7730,7 +8231,13 @@ function createLucernClient(config = {}) {
7730
8231
  }
7731
8232
  },
7732
8233
  edges: {
7733
- create(args) {
8234
+ create(args, idempotencyKey) {
8235
+ if (args.from && args.to) {
8236
+ return functionSurfaceClient.createEdge(args, idempotencyKey).then(exposeGatewayData);
8237
+ }
8238
+ if (!args.sourceId || !args.targetId) {
8239
+ throw new Error("from/to graph refs or sourceId/targetId are required");
8240
+ }
7734
8241
  return edgesFacade.create({
7735
8242
  sourceId: args.sourceId,
7736
8243
  targetId: args.targetId,
@@ -7741,17 +8248,32 @@ function createLucernClient(config = {}) {
7741
8248
  context: args.context ?? args.reasoning
7742
8249
  }).then(exposeGatewayData);
7743
8250
  },
8251
+ createEdge(input, idempotencyKey) {
8252
+ return functionSurfaceClient.createEdge(input, idempotencyKey).then(exposeGatewayData);
8253
+ },
7744
8254
  update(input, idempotencyKey) {
7745
- return edgesFacade.update(input, idempotencyKey).then(exposeGatewayData);
8255
+ return functionSurfaceClient.updateEdge(input, idempotencyKey).then(exposeGatewayData);
8256
+ },
8257
+ updateEdge(input, idempotencyKey) {
8258
+ return functionSurfaceClient.updateEdge(input, idempotencyKey).then(exposeGatewayData);
7746
8259
  },
7747
8260
  remove(input, idempotencyKey) {
7748
- return edgesFacade.remove(input, idempotencyKey).then(exposeGatewayData);
8261
+ return functionSurfaceClient.removeEdge(input, idempotencyKey).then(exposeGatewayData);
8262
+ },
8263
+ removeEdge(input, idempotencyKey) {
8264
+ return functionSurfaceClient.removeEdge(input, idempotencyKey).then(exposeGatewayData);
7749
8265
  },
7750
8266
  removeBetween(input, idempotencyKey) {
7751
- return edgesFacade.removeBetween(input, idempotencyKey).then(exposeGatewayData);
8267
+ return functionSurfaceClient.removeEdgesBetween(input, idempotencyKey).then(exposeGatewayData);
8268
+ },
8269
+ removeEdgesBetween(input, idempotencyKey) {
8270
+ return functionSurfaceClient.removeEdgesBetween(input, idempotencyKey).then(exposeGatewayData);
7752
8271
  },
7753
8272
  batchCreate(input, idempotencyKey) {
7754
- return edgesFacade.batchCreate(input, idempotencyKey).then(exposeGatewayData);
8273
+ return functionSurfaceClient.batchCreateEdges(input, idempotencyKey).then(exposeGatewayData);
8274
+ },
8275
+ batchCreateEdges(input, idempotencyKey) {
8276
+ return functionSurfaceClient.batchCreateEdges(input, idempotencyKey).then(exposeGatewayData);
7755
8277
  },
7756
8278
  delete(input, idempotencyKey) {
7757
8279
  return edgesFacade.delete(input, idempotencyKey).then(exposeGatewayData);
@@ -8463,17 +8985,7 @@ function createLucernClient(config = {}) {
8463
8985
  },
8464
8986
  get: topicsFacade.get,
8465
8987
  create(input) {
8466
- return topicsFacade.create({
8467
- name: input.name,
8468
- description: input.description,
8469
- type: input.type,
8470
- parentTopicId: input.parentTopicId,
8471
- ontologyId: input.ontologyId,
8472
- tenantId: input.tenantId,
8473
- workspaceId: input.workspaceId,
8474
- visibility: input.visibility,
8475
- createdBy: input.createdBy
8476
- });
8988
+ return functionSurfaceClient.createTopic(input).then(exposeGatewayData);
8477
8989
  },
8478
8990
  update(topicId, input) {
8479
8991
  return topicsFacade.update({
@@ -8507,7 +9019,19 @@ function createLucernClient(config = {}) {
8507
9019
  });
8508
9020
  },
8509
9021
  remove: topicsFacade.remove,
8510
- bulkCreate: topicsFacade.bulkCreate
9022
+ bulkCreate: topicsFacade.bulkCreate,
9023
+ materializeGraph(input = {}, idempotencyKey) {
9024
+ return functionSurfaceClient.materializeTopicGraph(input, idempotencyKey).then(exposeGatewayData);
9025
+ },
9026
+ materializeTopicGraph(input = {}, idempotencyKey) {
9027
+ return functionSurfaceClient.materializeTopicGraph(input, idempotencyKey).then(exposeGatewayData);
9028
+ },
9029
+ graphSpine(input = {}) {
9030
+ return functionSurfaceClient.getTopicGraphSpine(input).then(exposeGatewayData);
9031
+ },
9032
+ getTopicGraphSpine(input = {}) {
9033
+ return functionSurfaceClient.getTopicGraphSpine(input).then(exposeGatewayData);
9034
+ }
8511
9035
  },
8512
9036
  answers: {
8513
9037
  create(input) {
@@ -8742,8 +9266,16 @@ function createLucernClient(config = {}) {
8742
9266
  disable: packsClient.disable
8743
9267
  },
8744
9268
  nodes: nodesNamespace,
9269
+ controlPlane: {
9270
+ identity: {
9271
+ resolveInteractivePrincipal: controlPlaneClient.identity.resolveInteractivePrincipal
9272
+ },
9273
+ raw: controlPlaneClient
9274
+ },
8745
9275
  identity: {
8746
9276
  ...identityFacade,
9277
+ access: accessControlClient,
9278
+ resolveInteractivePrincipal: identityClient.resolveInteractivePrincipal,
8747
9279
  evaluatePolicy: identityClient.evaluatePolicy,
8748
9280
  recordPolicyDecision: identityClient.recordPolicyDecision,
8749
9281
  putSecretReference: identityClient.putSecretReference,
@@ -8788,6 +9320,7 @@ function createLucernClient(config = {}) {
8788
9320
  ontologyLinks: ontologyLinksClient,
8789
9321
  orgGraphSearch: orgGraphSearchClient,
8790
9322
  functionSurface: functionSurfaceClient,
9323
+ controlPlane: controlPlaneClient,
8791
9324
  toolRegistry: toolRegistryClient,
8792
9325
  modelRuntime: modelRuntimeClient,
8793
9326
  packs: packsClient,