@lucern/sdk 0.3.0-alpha.9 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (152) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/README.md +60 -1
  3. package/dist/accessControl.d.ts +79 -0
  4. package/dist/accessControl.js +1270 -0
  5. package/dist/accessControl.js.map +1 -0
  6. package/dist/adminClient.js +19 -1
  7. package/dist/adminClient.js.map +1 -1
  8. package/dist/answersClient.js +19 -1
  9. package/dist/answersClient.js.map +1 -1
  10. package/dist/audiencesClient.js +19 -1
  11. package/dist/audiencesClient.js.map +1 -1
  12. package/dist/auditClient.js +19 -1
  13. package/dist/auditClient.js.map +1 -1
  14. package/dist/authContext.d.ts +2 -2
  15. package/dist/authContext.js.map +1 -1
  16. package/dist/beliefs/index.d.ts +2 -0
  17. package/dist/beliefs/index.js +1196 -663
  18. package/dist/beliefs/index.js.map +1 -1
  19. package/dist/beliefsClient.js +19 -1
  20. package/dist/beliefsClient.js.map +1 -1
  21. package/dist/client.d.ts +146 -70
  22. package/dist/client.js +1196 -663
  23. package/dist/client.js.map +1 -1
  24. package/dist/contextClient.js +19 -1
  25. package/dist/contextClient.js.map +1 -1
  26. package/dist/contracts/api-enums.contract.d.ts +1 -1
  27. package/dist/contracts/api-enums.contract.js +6 -1
  28. package/dist/contracts/api-enums.contract.js.map +1 -1
  29. package/dist/contracts/auth-session.contract.d.ts +1 -1
  30. package/dist/contracts/auth-session.contract.js +14 -2
  31. package/dist/contracts/auth-session.contract.js.map +1 -1
  32. package/dist/contracts/index.js +26 -3
  33. package/dist/contracts/index.js.map +1 -1
  34. package/dist/contracts/mcpTools.js +6 -0
  35. package/dist/contracts/mcpTools.js.map +1 -1
  36. package/dist/contradictions/index.d.ts +2 -0
  37. package/dist/contradictions/index.js +1196 -663
  38. package/dist/contradictions/index.js.map +1 -1
  39. package/dist/control-plane.d.ts +69 -0
  40. package/dist/control-plane.js +674 -0
  41. package/dist/control-plane.js.map +1 -0
  42. package/dist/coreClient.d.ts +17 -1
  43. package/dist/coreClient.js +19 -1
  44. package/dist/coreClient.js.map +1 -1
  45. package/dist/decisions/index.d.ts +2 -0
  46. package/dist/decisions/index.js +1196 -663
  47. package/dist/decisions/index.js.map +1 -1
  48. package/dist/decisionsClient.js +19 -1
  49. package/dist/decisionsClient.js.map +1 -1
  50. package/dist/edges/index.d.ts +26 -84
  51. package/dist/edges/index.js +1196 -663
  52. package/dist/edges/index.js.map +1 -1
  53. package/dist/embeddingsClient.js +19 -1
  54. package/dist/embeddingsClient.js.map +1 -1
  55. package/dist/eventingClient.js +19 -1
  56. package/dist/eventingClient.js.map +1 -1
  57. package/dist/eventsCore.js +19 -1
  58. package/dist/eventsCore.js.map +1 -1
  59. package/dist/evidence/index.d.ts +2 -0
  60. package/dist/evidence/index.js +1196 -663
  61. package/dist/evidence/index.js.map +1 -1
  62. package/dist/evidenceClient.js +19 -1
  63. package/dist/evidenceClient.js.map +1 -1
  64. package/dist/functionSurface.d.ts +16 -1
  65. package/dist/functionSurface.js +95 -2
  66. package/dist/functionSurface.js.map +1 -1
  67. package/dist/functionSurfaceClient.js +95 -2
  68. package/dist/functionSurfaceClient.js.map +1 -1
  69. package/dist/gatewayFacades.d.ts +29 -2
  70. package/dist/gatewayFacades.js +156 -8
  71. package/dist/gatewayFacades.js.map +1 -1
  72. package/dist/graphAnalysisClient.js +19 -1
  73. package/dist/graphAnalysisClient.js.map +1 -1
  74. package/dist/graphClient.d.ts +1 -0
  75. package/dist/graphClient.js +19 -1
  76. package/dist/graphClient.js.map +1 -1
  77. package/dist/graphIntel.d.ts +1 -0
  78. package/dist/graphRecommendationsClient.js +19 -1
  79. package/dist/graphRecommendationsClient.js.map +1 -1
  80. package/dist/graphStateClassifierClient.js +19 -1
  81. package/dist/graphStateClassifierClient.js.map +1 -1
  82. package/dist/harnessClient.js +19 -1
  83. package/dist/harnessClient.js.map +1 -1
  84. package/dist/identityClient.d.ts +19 -1
  85. package/dist/identityClient.js +152 -6
  86. package/dist/identityClient.js.map +1 -1
  87. package/dist/index.d.ts +4 -1
  88. package/dist/index.js +1281 -664
  89. package/dist/index.js.map +1 -1
  90. package/dist/infisicalRuntime.d.ts +1 -0
  91. package/dist/infisicalRuntime.js +64 -32
  92. package/dist/infisicalRuntime.js.map +1 -1
  93. package/dist/jobsClient.js +19 -1
  94. package/dist/jobsClient.js.map +1 -1
  95. package/dist/learningClient.js +19 -1
  96. package/dist/learningClient.js.map +1 -1
  97. package/dist/lenses/index.d.ts +2 -0
  98. package/dist/lenses/index.js +1196 -663
  99. package/dist/lenses/index.js.map +1 -1
  100. package/dist/mcpClient.js +21 -2
  101. package/dist/mcpClient.js.map +1 -1
  102. package/dist/modelRuntimeClient.js +19 -1
  103. package/dist/modelRuntimeClient.js.map +1 -1
  104. package/dist/nodes/index.d.ts +21 -15
  105. package/dist/nodes/index.js +1196 -663
  106. package/dist/nodes/index.js.map +1 -1
  107. package/dist/ontologies/index.d.ts +2 -0
  108. package/dist/ontologies/index.js +1196 -663
  109. package/dist/ontologies/index.js.map +1 -1
  110. package/dist/ontologyClient.js +19 -1
  111. package/dist/ontologyClient.js.map +1 -1
  112. package/dist/ontologyLinksClient.js +19 -1
  113. package/dist/ontologyLinksClient.js.map +1 -1
  114. package/dist/orgGraphSearchClient.js +19 -1
  115. package/dist/orgGraphSearchClient.js.map +1 -1
  116. package/dist/packsClient.js +19 -1
  117. package/dist/packsClient.js.map +1 -1
  118. package/dist/policyClient.js +19 -1
  119. package/dist/policyClient.js.map +1 -1
  120. package/dist/questions/index.d.ts +2 -0
  121. package/dist/questions/index.js +1196 -663
  122. package/dist/questions/index.js.map +1 -1
  123. package/dist/reportsClient.js +19 -1
  124. package/dist/reportsClient.js.map +1 -1
  125. package/dist/schemaClient.js +19 -1
  126. package/dist/schemaClient.js.map +1 -1
  127. package/dist/secrets.d.ts +1 -0
  128. package/dist/secrets.js +3 -0
  129. package/dist/secrets.js.map +1 -0
  130. package/dist/sourcesClient.js +19 -1
  131. package/dist/sourcesClient.js.map +1 -1
  132. package/dist/telemetryClient.js +19 -1
  133. package/dist/telemetryClient.js.map +1 -1
  134. package/dist/toolRegistryClient.js +19 -1
  135. package/dist/toolRegistryClient.js.map +1 -1
  136. package/dist/topics/index.d.ts +11 -3
  137. package/dist/topics/index.js +1198 -663
  138. package/dist/topics/index.js.map +1 -1
  139. package/dist/topicsClient.d.ts +2 -0
  140. package/dist/topicsClient.js +19 -1
  141. package/dist/topicsClient.js.map +1 -1
  142. package/dist/types.d.ts +17 -0
  143. package/dist/version.d.ts +1 -1
  144. package/dist/version.js +1 -1
  145. package/dist/version.js.map +1 -1
  146. package/dist/workflowClient.d.ts +2 -0
  147. package/dist/workflowClient.js +19 -1
  148. package/dist/workflowClient.js.map +1 -1
  149. package/dist/worktrees/index.d.ts +2 -0
  150. package/dist/worktrees/index.js +1196 -663
  151. package/dist/worktrees/index.js.map +1 -1
  152. package/package.json +9 -4
@@ -122,6 +122,7 @@ type EdgeCreateInput = {
122
122
  weight?: number;
123
123
  context?: string;
124
124
  reasoning?: string;
125
+ reasoningMethod?: string;
125
126
  };
126
127
  type EdgeListQuery = {
127
128
  sourceId?: string;
@@ -228,6 +229,8 @@ type TaskUpdateInput = {
228
229
  description?: string;
229
230
  priority?: string;
230
231
  status?: string;
232
+ assigneeId?: string;
233
+ blockedReason?: string;
231
234
  linkedBeliefId?: string;
232
235
  linkedQuestionId?: string;
233
236
  linkedWorktreeId?: string;
@@ -485,28 +488,52 @@ declare function createGraphFacade(config?: GatewayClientConfig): {
485
488
  declare function createIdentityFacade(config?: GatewayClientConfig): {
486
489
  whoami(): Promise<PlatformGatewaySuccess<{
487
490
  principalId: string;
488
- principalType: "human" | "service" | "agent" | "user" | "group" | "external_viewer";
491
+ principalType: "human" | "service" | "agent" | "group" | "external_viewer" | "user";
492
+ clerkId: string | undefined;
489
493
  tenantId: string | null;
490
494
  workspaceId: string | null;
491
495
  scopes: string[];
492
496
  roles: string[];
497
+ groupIds: string[];
498
+ permittedToolNames: string[];
499
+ permittedPackKeys: string[];
500
+ principalStatus: string | undefined;
501
+ tenantStatus: string | undefined;
502
+ workspaceStatus: string | undefined;
493
503
  isPlatformAdmin: boolean;
494
504
  isTenantAdmin: boolean;
495
505
  isWorkspaceAdmin: boolean;
506
+ permit: {
507
+ subject: string;
508
+ tenant: string;
509
+ workspace?: string;
510
+ } | undefined;
496
511
  authMode: string | undefined;
497
512
  sessionId: string | undefined;
498
513
  delegatedBy: string | undefined;
499
514
  expiresAt: number | undefined;
500
515
  }> & {
501
516
  principalId: string;
502
- principalType: "human" | "service" | "agent" | "user" | "group" | "external_viewer";
517
+ principalType: "human" | "service" | "agent" | "group" | "external_viewer" | "user";
518
+ clerkId: string | undefined;
503
519
  tenantId: string | null;
504
520
  workspaceId: string | null;
505
521
  scopes: string[];
506
522
  roles: string[];
523
+ groupIds: string[];
524
+ permittedToolNames: string[];
525
+ permittedPackKeys: string[];
526
+ principalStatus: string | undefined;
527
+ tenantStatus: string | undefined;
528
+ workspaceStatus: string | undefined;
507
529
  isPlatformAdmin: boolean;
508
530
  isTenantAdmin: boolean;
509
531
  isWorkspaceAdmin: boolean;
532
+ permit: {
533
+ subject: string;
534
+ tenant: string;
535
+ workspace?: string;
536
+ } | undefined;
510
537
  authMode: string | undefined;
511
538
  sessionId: string | undefined;
512
539
  delegatedBy: string | undefined;
@@ -29,14 +29,14 @@ function requireString(value, reason, label) {
29
29
  }
30
30
  return normalized;
31
31
  }
32
- function requirePrincipalType(principalType) {
33
- if (!principalType) {
32
+ function requirePrincipalType(principalType2) {
33
+ if (!principalType2) {
34
34
  throw new LucernSdkAuthContextError(
35
35
  "principal_missing",
36
36
  "Canonical Lucern SDK auth context is missing principalType."
37
37
  );
38
38
  }
39
- return principalType;
39
+ return principalType2;
40
40
  }
41
41
  function requireAuthMode(authMode) {
42
42
  if (!authMode) {
@@ -82,7 +82,7 @@ function normalizeCanonicalLucernAuthContext(input) {
82
82
  );
83
83
  const roles = cleanStringList(input.roles);
84
84
  const scopes = cleanStringList(input.scopes);
85
- const principalType = requirePrincipalType(input.principalType);
85
+ const principalType2 = requirePrincipalType(input.principalType);
86
86
  const authMode = requireAuthMode(input.authMode);
87
87
  const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
88
88
  if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
@@ -111,7 +111,7 @@ function normalizeCanonicalLucernAuthContext(input) {
111
111
  principalId,
112
112
  tenantId,
113
113
  workspaceId,
114
- principalType,
114
+ principalType: principalType2,
115
115
  authMode,
116
116
  roles,
117
117
  scopes,
@@ -342,13 +342,31 @@ function mergeHeaderRecord(base, addition) {
342
342
  }
343
343
  return Object.fromEntries(headers.entries());
344
344
  }
345
+ function cleanHeaderValue(value) {
346
+ const normalized = value?.trim();
347
+ return normalized ? normalized : void 0;
348
+ }
345
349
  function createGatewayRequestClient(config = {}) {
346
350
  const fetchImpl = config.fetchImpl ?? fetch;
347
351
  const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
348
352
  const maxRetries = config.maxRetries ?? 2;
349
353
  const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
350
354
  async function resolveAuthHeaders() {
351
- const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
355
+ const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};
356
+ const headers = new Headers(provided);
357
+ const setIfAbsent = (name, value) => {
358
+ const normalized = cleanHeaderValue(value);
359
+ if (normalized && !headers.has(name)) {
360
+ headers.set(name, normalized);
361
+ }
362
+ };
363
+ setIfAbsent("x-lucern-key", config.apiKey);
364
+ setIfAbsent("x-lucern-session-token", config.userToken);
365
+ setIfAbsent("x-lucern-environment", config.environment);
366
+ setIfAbsent("x-lucern-clerk-id", config.clerkId);
367
+ setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
368
+ setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
369
+ const base = Object.fromEntries(headers.entries());
352
370
  const authContextInput = await resolveConfiguredAuthContext(
353
371
  config.authContext
354
372
  );
@@ -1073,6 +1091,109 @@ function listResultFromEnvelope(data, legacyKey) {
1073
1091
  );
1074
1092
  }
1075
1093
 
1094
+ // src/control-plane.ts
1095
+ var LucernControlPlaneIdentityError = class extends Error {
1096
+ reason;
1097
+ principalStatus;
1098
+ tenantStatus;
1099
+ workspaceStatus;
1100
+ details;
1101
+ constructor(failure) {
1102
+ super(failure.message);
1103
+ this.name = "LucernControlPlaneIdentityError";
1104
+ this.reason = failure.reason;
1105
+ this.principalStatus = failure.principalStatus;
1106
+ this.tenantStatus = failure.tenantStatus;
1107
+ this.workspaceStatus = failure.workspaceStatus;
1108
+ this.details = failure.details;
1109
+ }
1110
+ };
1111
+ function cleanString3(value) {
1112
+ return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
1113
+ }
1114
+ function stringList(value) {
1115
+ if (!Array.isArray(value)) {
1116
+ return [];
1117
+ }
1118
+ return [
1119
+ ...new Set(
1120
+ value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
1121
+ )
1122
+ ];
1123
+ }
1124
+ function principalType(value) {
1125
+ switch (value) {
1126
+ case "service":
1127
+ case "service_principal":
1128
+ return "service";
1129
+ case "agent":
1130
+ return "agent";
1131
+ case "group":
1132
+ return "group";
1133
+ case "external_viewer":
1134
+ case "external_stakeholder":
1135
+ return "external_viewer";
1136
+ default:
1137
+ return "human";
1138
+ }
1139
+ }
1140
+ function adminFlags(roles) {
1141
+ const normalized = roles.map((role) => role.toLowerCase());
1142
+ const isPlatformAdmin = normalized.includes("platform_admin");
1143
+ const isTenantAdmin = isPlatformAdmin || normalized.includes("tenant_admin");
1144
+ const isWorkspaceAdmin = isTenantAdmin || normalized.includes("workspace_admin") || normalized.includes("workspace_owner");
1145
+ return { isPlatformAdmin, isTenantAdmin, isWorkspaceAdmin };
1146
+ }
1147
+ function normalizeResolvedInteractivePrincipal(payload) {
1148
+ if ("ok" in payload && payload.ok === false) {
1149
+ throw new LucernControlPlaneIdentityError(payload);
1150
+ }
1151
+ const principalId = cleanString3(payload.principalId);
1152
+ const clerkId = cleanString3(payload.clerkId);
1153
+ const tenantId = cleanString3(payload.tenantId);
1154
+ if (!principalId || !clerkId || !tenantId) {
1155
+ throw new LucernControlPlaneIdentityError({
1156
+ ok: false,
1157
+ reason: "resolver_unavailable",
1158
+ message: "Control-plane principal resolver returned an incomplete principal context.",
1159
+ principalStatus: payload.principalStatus ?? "missing",
1160
+ tenantStatus: payload.tenantStatus,
1161
+ workspaceStatus: payload.workspaceStatus
1162
+ });
1163
+ }
1164
+ const roles = stringList(payload.roles);
1165
+ const scopes = stringList(payload.scopes);
1166
+ const workspaceId = cleanString3(payload.workspaceId) ?? null;
1167
+ const flags = adminFlags(roles);
1168
+ return {
1169
+ principalId,
1170
+ principalType: principalType(payload.principalType),
1171
+ clerkId,
1172
+ tenantId,
1173
+ workspaceId,
1174
+ roles,
1175
+ scopes,
1176
+ groupIds: stringList(payload.groupIds),
1177
+ permittedToolNames: stringList(payload.permittedToolNames),
1178
+ permittedPackKeys: stringList(payload.permittedPackKeys),
1179
+ principalStatus: cleanString3(payload.principalStatus) ?? "active",
1180
+ tenantStatus: cleanString3(payload.tenantStatus) ?? "active",
1181
+ workspaceStatus: cleanString3(payload.workspaceStatus) ?? (workspaceId ? "active" : "none"),
1182
+ isPlatformAdmin: typeof payload.isPlatformAdmin === "boolean" ? payload.isPlatformAdmin : flags.isPlatformAdmin,
1183
+ isTenantAdmin: typeof payload.isTenantAdmin === "boolean" ? payload.isTenantAdmin : flags.isTenantAdmin,
1184
+ isWorkspaceAdmin: typeof payload.isWorkspaceAdmin === "boolean" ? payload.isWorkspaceAdmin : flags.isWorkspaceAdmin,
1185
+ permit: {
1186
+ subject: cleanString3(payload.permit?.subject) ?? principalId,
1187
+ tenant: cleanString3(payload.permit?.tenant) ?? tenantId,
1188
+ ...workspaceId ? { workspace: cleanString3(payload.permit?.workspace) ?? workspaceId } : {}
1189
+ },
1190
+ authMode: "interactive_user",
1191
+ sessionId: payload.sessionId,
1192
+ delegatedBy: payload.delegatedBy,
1193
+ expiresAt: payload.expiresAt
1194
+ };
1195
+ }
1196
+
1076
1197
  // src/identityClient.ts
1077
1198
  function createIdentityWhoamiClient(config = {}) {
1078
1199
  const gateway = createGatewayRequestClient(config);
@@ -1140,13 +1261,25 @@ function createIdentityClient(config = {}) {
1140
1261
  (response) => mapGatewayData(response, (data) => ({
1141
1262
  principalId: data.principalId,
1142
1263
  principalType: data.principalType,
1264
+ clerkId: data.clerkId,
1143
1265
  tenantId: data.tenantId ?? null,
1144
1266
  workspaceId: data.workspaceId ?? null,
1145
1267
  scopes: Array.isArray(data.scopes) ? data.scopes : [],
1146
1268
  roles: Array.isArray(data.roles) ? data.roles : [],
1269
+ groupIds: Array.isArray(data.groupIds) ? data.groupIds : [],
1270
+ permittedToolNames: Array.isArray(data.permittedToolNames) ? data.permittedToolNames : [],
1271
+ permittedPackKeys: Array.isArray(data.permittedPackKeys) ? data.permittedPackKeys : [],
1272
+ principalStatus: data.principalStatus,
1273
+ tenantStatus: data.tenantStatus,
1274
+ workspaceStatus: data.workspaceStatus,
1147
1275
  isPlatformAdmin: data.isPlatformAdmin === true,
1148
1276
  isTenantAdmin: data.isTenantAdmin === true,
1149
1277
  isWorkspaceAdmin: data.isWorkspaceAdmin === true,
1278
+ permit: data.permit ?? (data.tenantId ? {
1279
+ subject: data.principalId,
1280
+ tenant: data.tenantId,
1281
+ ...data.workspaceId ? { workspace: data.workspaceId } : {}
1282
+ } : void 0),
1150
1283
  authMode: data.authMode,
1151
1284
  sessionId: data.sessionId,
1152
1285
  delegatedBy: data.delegatedBy,
@@ -1154,6 +1287,19 @@ function createIdentityClient(config = {}) {
1154
1287
  }))
1155
1288
  );
1156
1289
  },
1290
+ /**
1291
+ * Resolve a Clerk subject through the tenant control-plane Permit projection.
1292
+ * @deprecated Prefer lucern.controlPlane.identity.resolveInteractivePrincipal().
1293
+ */
1294
+ async resolveInteractivePrincipal(input) {
1295
+ return gateway.request({
1296
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1297
+ method: "POST",
1298
+ body: input
1299
+ }).then(
1300
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1301
+ );
1302
+ },
1157
1303
  /**
1158
1304
  * List principals in the current identity scope.
1159
1305
  */
@@ -1342,12 +1488,12 @@ function createIdentityClient(config = {}) {
1342
1488
  }
1343
1489
 
1344
1490
  // src/topicsClient.ts
1345
- function cleanString3(value) {
1491
+ function cleanString4(value) {
1346
1492
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
1347
1493
  }
1348
1494
  function normalizeTopicRecord(value) {
1349
1495
  const record = asRecord(value);
1350
- const topicId = cleanString3(record.topicId) ?? cleanString3(record.id) ?? cleanString3(record._id);
1496
+ const topicId = cleanString4(record.topicId) ?? cleanString4(record.id) ?? cleanString4(record._id);
1351
1497
  return withTopicAlias({
1352
1498
  ...record,
1353
1499
  ...topicId ? { topicId } : {}
@@ -2066,6 +2212,8 @@ function createTasksFacade(config = {}) {
2066
2212
  description: input.description,
2067
2213
  priority: input.priority,
2068
2214
  status: input.status,
2215
+ assigneeId: input.assigneeId,
2216
+ blockedReason: input.blockedReason,
2069
2217
  linkedBeliefId: input.linkedBeliefId,
2070
2218
  linkedQuestionId: input.linkedQuestionId,
2071
2219
  linkedWorktreeId: input.linkedWorktreeId,