@lucern/sdk 0.3.0-alpha.9 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (152) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/README.md +60 -1
  3. package/dist/accessControl.d.ts +79 -0
  4. package/dist/accessControl.js +1270 -0
  5. package/dist/accessControl.js.map +1 -0
  6. package/dist/adminClient.js +19 -1
  7. package/dist/adminClient.js.map +1 -1
  8. package/dist/answersClient.js +19 -1
  9. package/dist/answersClient.js.map +1 -1
  10. package/dist/audiencesClient.js +19 -1
  11. package/dist/audiencesClient.js.map +1 -1
  12. package/dist/auditClient.js +19 -1
  13. package/dist/auditClient.js.map +1 -1
  14. package/dist/authContext.d.ts +2 -2
  15. package/dist/authContext.js.map +1 -1
  16. package/dist/beliefs/index.d.ts +2 -0
  17. package/dist/beliefs/index.js +1196 -663
  18. package/dist/beliefs/index.js.map +1 -1
  19. package/dist/beliefsClient.js +19 -1
  20. package/dist/beliefsClient.js.map +1 -1
  21. package/dist/client.d.ts +146 -70
  22. package/dist/client.js +1196 -663
  23. package/dist/client.js.map +1 -1
  24. package/dist/contextClient.js +19 -1
  25. package/dist/contextClient.js.map +1 -1
  26. package/dist/contracts/api-enums.contract.d.ts +1 -1
  27. package/dist/contracts/api-enums.contract.js +6 -1
  28. package/dist/contracts/api-enums.contract.js.map +1 -1
  29. package/dist/contracts/auth-session.contract.d.ts +1 -1
  30. package/dist/contracts/auth-session.contract.js +14 -2
  31. package/dist/contracts/auth-session.contract.js.map +1 -1
  32. package/dist/contracts/index.js +26 -3
  33. package/dist/contracts/index.js.map +1 -1
  34. package/dist/contracts/mcpTools.js +6 -0
  35. package/dist/contracts/mcpTools.js.map +1 -1
  36. package/dist/contradictions/index.d.ts +2 -0
  37. package/dist/contradictions/index.js +1196 -663
  38. package/dist/contradictions/index.js.map +1 -1
  39. package/dist/control-plane.d.ts +69 -0
  40. package/dist/control-plane.js +674 -0
  41. package/dist/control-plane.js.map +1 -0
  42. package/dist/coreClient.d.ts +17 -1
  43. package/dist/coreClient.js +19 -1
  44. package/dist/coreClient.js.map +1 -1
  45. package/dist/decisions/index.d.ts +2 -0
  46. package/dist/decisions/index.js +1196 -663
  47. package/dist/decisions/index.js.map +1 -1
  48. package/dist/decisionsClient.js +19 -1
  49. package/dist/decisionsClient.js.map +1 -1
  50. package/dist/edges/index.d.ts +26 -84
  51. package/dist/edges/index.js +1196 -663
  52. package/dist/edges/index.js.map +1 -1
  53. package/dist/embeddingsClient.js +19 -1
  54. package/dist/embeddingsClient.js.map +1 -1
  55. package/dist/eventingClient.js +19 -1
  56. package/dist/eventingClient.js.map +1 -1
  57. package/dist/eventsCore.js +19 -1
  58. package/dist/eventsCore.js.map +1 -1
  59. package/dist/evidence/index.d.ts +2 -0
  60. package/dist/evidence/index.js +1196 -663
  61. package/dist/evidence/index.js.map +1 -1
  62. package/dist/evidenceClient.js +19 -1
  63. package/dist/evidenceClient.js.map +1 -1
  64. package/dist/functionSurface.d.ts +16 -1
  65. package/dist/functionSurface.js +95 -2
  66. package/dist/functionSurface.js.map +1 -1
  67. package/dist/functionSurfaceClient.js +95 -2
  68. package/dist/functionSurfaceClient.js.map +1 -1
  69. package/dist/gatewayFacades.d.ts +29 -2
  70. package/dist/gatewayFacades.js +156 -8
  71. package/dist/gatewayFacades.js.map +1 -1
  72. package/dist/graphAnalysisClient.js +19 -1
  73. package/dist/graphAnalysisClient.js.map +1 -1
  74. package/dist/graphClient.d.ts +1 -0
  75. package/dist/graphClient.js +19 -1
  76. package/dist/graphClient.js.map +1 -1
  77. package/dist/graphIntel.d.ts +1 -0
  78. package/dist/graphRecommendationsClient.js +19 -1
  79. package/dist/graphRecommendationsClient.js.map +1 -1
  80. package/dist/graphStateClassifierClient.js +19 -1
  81. package/dist/graphStateClassifierClient.js.map +1 -1
  82. package/dist/harnessClient.js +19 -1
  83. package/dist/harnessClient.js.map +1 -1
  84. package/dist/identityClient.d.ts +19 -1
  85. package/dist/identityClient.js +152 -6
  86. package/dist/identityClient.js.map +1 -1
  87. package/dist/index.d.ts +4 -1
  88. package/dist/index.js +1281 -664
  89. package/dist/index.js.map +1 -1
  90. package/dist/infisicalRuntime.d.ts +1 -0
  91. package/dist/infisicalRuntime.js +64 -32
  92. package/dist/infisicalRuntime.js.map +1 -1
  93. package/dist/jobsClient.js +19 -1
  94. package/dist/jobsClient.js.map +1 -1
  95. package/dist/learningClient.js +19 -1
  96. package/dist/learningClient.js.map +1 -1
  97. package/dist/lenses/index.d.ts +2 -0
  98. package/dist/lenses/index.js +1196 -663
  99. package/dist/lenses/index.js.map +1 -1
  100. package/dist/mcpClient.js +21 -2
  101. package/dist/mcpClient.js.map +1 -1
  102. package/dist/modelRuntimeClient.js +19 -1
  103. package/dist/modelRuntimeClient.js.map +1 -1
  104. package/dist/nodes/index.d.ts +21 -15
  105. package/dist/nodes/index.js +1196 -663
  106. package/dist/nodes/index.js.map +1 -1
  107. package/dist/ontologies/index.d.ts +2 -0
  108. package/dist/ontologies/index.js +1196 -663
  109. package/dist/ontologies/index.js.map +1 -1
  110. package/dist/ontologyClient.js +19 -1
  111. package/dist/ontologyClient.js.map +1 -1
  112. package/dist/ontologyLinksClient.js +19 -1
  113. package/dist/ontologyLinksClient.js.map +1 -1
  114. package/dist/orgGraphSearchClient.js +19 -1
  115. package/dist/orgGraphSearchClient.js.map +1 -1
  116. package/dist/packsClient.js +19 -1
  117. package/dist/packsClient.js.map +1 -1
  118. package/dist/policyClient.js +19 -1
  119. package/dist/policyClient.js.map +1 -1
  120. package/dist/questions/index.d.ts +2 -0
  121. package/dist/questions/index.js +1196 -663
  122. package/dist/questions/index.js.map +1 -1
  123. package/dist/reportsClient.js +19 -1
  124. package/dist/reportsClient.js.map +1 -1
  125. package/dist/schemaClient.js +19 -1
  126. package/dist/schemaClient.js.map +1 -1
  127. package/dist/secrets.d.ts +1 -0
  128. package/dist/secrets.js +3 -0
  129. package/dist/secrets.js.map +1 -0
  130. package/dist/sourcesClient.js +19 -1
  131. package/dist/sourcesClient.js.map +1 -1
  132. package/dist/telemetryClient.js +19 -1
  133. package/dist/telemetryClient.js.map +1 -1
  134. package/dist/toolRegistryClient.js +19 -1
  135. package/dist/toolRegistryClient.js.map +1 -1
  136. package/dist/topics/index.d.ts +11 -3
  137. package/dist/topics/index.js +1198 -663
  138. package/dist/topics/index.js.map +1 -1
  139. package/dist/topicsClient.d.ts +2 -0
  140. package/dist/topicsClient.js +19 -1
  141. package/dist/topicsClient.js.map +1 -1
  142. package/dist/types.d.ts +17 -0
  143. package/dist/version.d.ts +1 -1
  144. package/dist/version.js +1 -1
  145. package/dist/version.js.map +1 -1
  146. package/dist/workflowClient.d.ts +2 -0
  147. package/dist/workflowClient.js +19 -1
  148. package/dist/workflowClient.js.map +1 -1
  149. package/dist/worktrees/index.d.ts +2 -0
  150. package/dist/worktrees/index.js +1196 -663
  151. package/dist/worktrees/index.js.map +1 -1
  152. package/package.json +9 -4
package/dist/index.js CHANGED
@@ -5,7 +5,9 @@ import { LUCERN_OPERATION_MANIFEST } from '@lucern/contracts/function-registry/m
5
5
  import * as graphIntel_star from '@lucern/reasoning-kernel/graphIntel';
6
6
  import { listGraphIntelligenceQueries, isGraphIntelligenceQueryMode, getGraphIntelligenceQuery, fillGraphIntelligencePromptTemplate, GRAPH_INTELLIGENCE_QUICK_QUERIES, GRAPH_INTELLIGENCE_QUERY_MODES, GRAPH_INTELLIGENCE_QUERY_CATEGORIES, GRAPH_INTELLIGENCE_QUERY_CATALOG_VERSION, GRAPH_INTELLIGENCE_QUERIES_WITH_TOOLS, GRAPH_INTELLIGENCE_QUERIES, GRAPH_INTELLIGENCE_PUBLIC_TOOL_NAMES, GRAPH_INTELLIGENCE_MODE_TOOL_NAMES } from '@lucern/contracts/graph-intelligence.contract';
7
7
  export { GRAPH_INTELLIGENCE_MODE_TOOL_NAMES, GRAPH_INTELLIGENCE_PUBLIC_TOOL_NAMES, GRAPH_INTELLIGENCE_QUERIES, GRAPH_INTELLIGENCE_QUERIES_WITH_TOOLS, GRAPH_INTELLIGENCE_QUERY_CATALOG_VERSION, GRAPH_INTELLIGENCE_QUERY_CATEGORIES, GRAPH_INTELLIGENCE_QUERY_MODES, GRAPH_INTELLIGENCE_QUICK_QUERIES, fillGraphIntelligencePromptTemplate, getGraphIntelligenceQuery, isGraphIntelligenceQueryMode, listGraphIntelligenceQueries } from '@lucern/contracts/graph-intelligence.contract';
8
- import { INFISICAL_RUNTIME_MANIFEST, INFISICAL_RUNTIME_DEFAULT_PROJECT_ID, INFISICAL_RUNTIME_DEFAULT_API_URL, findInfisicalRuntimeSurface, findInfisicalRuntimePath } from '@lucern/contracts';
8
+ import { INFISICAL_RUNTIME_MANIFEST, INFISICAL_RUNTIME_DEFAULT_PROJECT_ID, INFISICAL_RUNTIME_DEFAULT_API_URL, findInfisicalRuntimeSurface, findInfisicalRuntimePath, GENERATED_INFISICAL_RUNTIME_ENV } from '@lucern/contracts';
9
+ import { resolveInfisicalSecretFromBinding, requestBrokeredInfisicalSecret, SecretResolverError } from '@lucern/secrets';
10
+ export { SecretResolverError, requestBrokeredInfisicalSecret, resolveInfisicalSecretFromBinding } from '@lucern/secrets';
9
11
 
10
12
  var __defProp = Object.defineProperty;
11
13
  var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
@@ -77,7 +79,9 @@ __export(src_exports, {
77
79
  LENS_STATUSES: () => LENS_STATUSES,
78
80
  LENS_TASK_TEMPLATE_PRIORITIES: () => LENS_TASK_TEMPLATE_PRIORITIES,
79
81
  LUCERN_SDK_VERSION: () => LUCERN_SDK_VERSION,
82
+ LucernAccessControlError: () => LucernAccessControlError,
80
83
  LucernApiError: () => LucernApiError,
84
+ LucernControlPlaneIdentityError: () => LucernControlPlaneIdentityError,
81
85
  LucernSdkAuthContextError: () => LucernSdkAuthContextError,
82
86
  MAX_ENTITY_LIMIT: () => MAX_ENTITY_LIMIT,
83
87
  MCP_ALWAYS_ALLOWED_TOOL_NAMES: () => MCP_ALWAYS_ALLOWED_TOOL_NAMES,
@@ -92,6 +96,7 @@ __export(src_exports, {
92
96
  SESSION_LIFECYCLE_STATUSES: () => SESSION_LIFECYCLE_STATUSES,
93
97
  SESSION_PRINCIPAL_TYPES: () => SESSION_PRINCIPAL_TYPES,
94
98
  STRUCTURAL_EDGE_TYPES: () => STRUCTURAL_EDGE_TYPES,
99
+ SecretResolverError: () => SecretResolverError,
95
100
  TELEMETRY_FIELDS: () => TELEMETRY_FIELDS,
96
101
  TENANT_IDENTITY_FIELDS: () => TENANT_IDENTITY_FIELDS,
97
102
  TOOL_REGISTRY_FIELDS: () => TOOL_REGISTRY_FIELDS,
@@ -113,6 +118,7 @@ __export(src_exports, {
113
118
  applyInfisicalRuntimeEnv: () => applyInfisicalRuntimeEnv,
114
119
  asListItems: () => asListItems,
115
120
  asRecord: () => asRecord,
121
+ assertPermitAllowed: () => assertPermitAllowed,
116
122
  assertValidWebhookSecret: () => assertValidWebhookSecret,
117
123
  assertValidWebhookUrl: () => assertValidWebhookUrl,
118
124
  buildDeprecatedBranchMetadata: () => buildDeprecatedBranchMetadata,
@@ -123,6 +129,7 @@ __export(src_exports, {
123
129
  compareEventCursor: () => compareEventCursor,
124
130
  compileContextPackFromSnapshot: () => compileContextPackFromSnapshot,
125
131
  computeWebhookSignature: () => computeWebhookSignature,
132
+ createAccessControlClient: () => createAccessControlClient,
126
133
  createAdminClient: () => createAdminClient,
127
134
  createAnswersClient: () => createAnswersClient,
128
135
  createAudiencesClient: () => createAudiencesClient,
@@ -132,6 +139,8 @@ __export(src_exports, {
132
139
  createCanonicalAuthHeaders: () => createCanonicalAuthHeaders,
133
140
  createContextClient: () => createContextClient,
134
141
  createContextFacade: () => createContextFacade,
142
+ createControlPlaneClient: () => createControlPlaneClient,
143
+ createControlPlaneIdentityClient: () => createControlPlaneIdentityClient,
135
144
  createDecisionsClient: () => createDecisionsClient,
136
145
  createEmbeddingsClient: () => createEmbeddingsClient,
137
146
  createEventId: () => createEventId,
@@ -169,6 +178,7 @@ __export(src_exports, {
169
178
  encodeEventCursor: () => encodeEventCursor,
170
179
  eventPatternToRegExp: () => eventPatternToRegExp,
171
180
  fillGraphIntelligencePromptTemplate: () => fillGraphIntelligencePromptTemplate,
181
+ formatPermitResource: () => formatPermitResource,
172
182
  getControlObjectOwnershipCase: () => getControlObjectOwnershipCase,
173
183
  getGraphIntelligenceQuery: () => getGraphIntelligenceQuery,
174
184
  getMcpToolExposure: () => getMcpToolExposure,
@@ -200,9 +210,11 @@ __export(src_exports, {
200
210
  migrateBranchToLens: () => migrateBranchToLens,
201
211
  nextDeliveryAttemptAt: () => nextDeliveryAttemptAt,
202
212
  normalizeCanonicalLucernAuthContext: () => normalizeCanonicalLucernAuthContext,
213
+ normalizeCanonicalPrincipalIdentity: () => normalizeCanonicalPrincipalIdentity,
203
214
  normalizeDelegationChain: () => normalizeDelegationChain,
204
215
  normalizeNodeVerificationStatus: () => normalizeNodeVerificationStatus,
205
216
  normalizeNodeWriteInput: () => normalizeNodeWriteInput,
217
+ normalizeResolvedInteractivePrincipal: () => normalizeResolvedInteractivePrincipal,
206
218
  normalizeRetentionDays: () => normalizeRetentionDays,
207
219
  normalizeTopicQuery: () => normalizeTopicQuery,
208
220
  normalizeWebhookPatterns: () => normalizeWebhookPatterns,
@@ -213,7 +225,9 @@ __export(src_exports, {
213
225
  randomIdempotencyKey: () => randomIdempotencyKey,
214
226
  readInfisicalRuntimeBootstrap: () => readInfisicalRuntimeBootstrap,
215
227
  registerCustomTool: () => registerCustomTool,
228
+ requestBrokeredInfisicalSecret: () => requestBrokeredInfisicalSecret,
216
229
  resolveDeliveryFailureStatus: () => resolveDeliveryFailureStatus,
230
+ resolveInfisicalSecretFromBinding: () => resolveInfisicalSecretFromBinding,
217
231
  resolveText: () => resolveText,
218
232
  resolveTopicId: () => resolveTopicId,
219
233
  sanitizeWebhookRecord: () => sanitizeWebhookRecord,
@@ -290,14 +304,14 @@ function requireString(value, reason, label) {
290
304
  }
291
305
  return normalized;
292
306
  }
293
- function requirePrincipalType(principalType) {
294
- if (!principalType) {
307
+ function requirePrincipalType(principalType2) {
308
+ if (!principalType2) {
295
309
  throw new LucernSdkAuthContextError(
296
310
  "principal_missing",
297
311
  "Canonical Lucern SDK auth context is missing principalType."
298
312
  );
299
313
  }
300
- return principalType;
314
+ return principalType2;
301
315
  }
302
316
  function requireAuthMode(authMode) {
303
317
  if (!authMode) {
@@ -343,7 +357,7 @@ function normalizeCanonicalLucernAuthContext(input) {
343
357
  );
344
358
  const roles = cleanStringList(input.roles);
345
359
  const scopes = cleanStringList(input.scopes);
346
- const principalType = requirePrincipalType(input.principalType);
360
+ const principalType2 = requirePrincipalType(input.principalType);
347
361
  const authMode = requireAuthMode(input.authMode);
348
362
  const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
349
363
  if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
@@ -372,7 +386,7 @@ function normalizeCanonicalLucernAuthContext(input) {
372
386
  principalId,
373
387
  tenantId,
374
388
  workspaceId,
375
- principalType,
389
+ principalType: principalType2,
376
390
  authMode,
377
391
  roles,
378
392
  scopes,
@@ -603,13 +617,31 @@ function mergeHeaderRecord(base, addition) {
603
617
  }
604
618
  return Object.fromEntries(headers.entries());
605
619
  }
620
+ function cleanHeaderValue(value) {
621
+ const normalized = value?.trim();
622
+ return normalized ? normalized : void 0;
623
+ }
606
624
  function createGatewayRequestClient(config = {}) {
607
625
  const fetchImpl = config.fetchImpl ?? fetch;
608
626
  const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
609
627
  const maxRetries = config.maxRetries ?? 2;
610
628
  const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
611
629
  async function resolveAuthHeaders() {
612
- const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
630
+ const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};
631
+ const headers = new Headers(provided);
632
+ const setIfAbsent = (name, value) => {
633
+ const normalized = cleanHeaderValue(value);
634
+ if (normalized && !headers.has(name)) {
635
+ headers.set(name, normalized);
636
+ }
637
+ };
638
+ setIfAbsent("x-lucern-key", config.apiKey);
639
+ setIfAbsent("x-lucern-session-token", config.userToken);
640
+ setIfAbsent("x-lucern-environment", config.environment);
641
+ setIfAbsent("x-lucern-clerk-id", config.clerkId);
642
+ setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
643
+ setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
644
+ const base = Object.fromEntries(headers.entries());
613
645
  const authContextInput = await resolveConfiguredAuthContext(
614
646
  config.authContext
615
647
  );
@@ -1306,190 +1338,911 @@ function createAdminClient(config = {}) {
1306
1338
  };
1307
1339
  }
1308
1340
 
1309
- // src/answersClient.ts
1310
- function createAnswersClient(config = {}) {
1311
- const gateway = createGatewayRequestClient(config);
1341
+ // src/boundaryClientSurface.ts
1342
+ function cleanOptionalString(value) {
1343
+ const normalized = value?.trim();
1344
+ return normalized ? normalized : void 0;
1345
+ }
1346
+ function isRecord3(value) {
1347
+ return Boolean(value) && typeof value === "object" && !Array.isArray(value);
1348
+ }
1349
+ function cleanRequiredString(value, label) {
1350
+ const normalized = cleanOptionalString(value);
1351
+ if (!normalized) {
1352
+ throw new Error(`${label} is required`);
1353
+ }
1354
+ return normalized;
1355
+ }
1356
+ function readTopicId(input) {
1357
+ return cleanOptionalString(input.topicId) ?? cleanOptionalString(input.projectId);
1358
+ }
1359
+ function requireTopicId(input) {
1360
+ const topicId = readTopicId(input);
1361
+ if (!topicId) {
1362
+ throw new Error("topicId is required");
1363
+ }
1364
+ return topicId;
1365
+ }
1366
+ function assertKnownKeys(input, allowed, operation) {
1367
+ const allowedSet = new Set(allowed);
1368
+ const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1369
+ if (unknownKeys.length > 0) {
1370
+ throw new Error(
1371
+ `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1372
+ );
1373
+ }
1374
+ }
1375
+ function knownPayload(input, allowed, operation) {
1376
+ assertKnownKeys(input, allowed, operation);
1377
+ return { ...input };
1378
+ }
1379
+ function topicPayload(input, allowed, operation) {
1380
+ assertKnownKeys(input, allowed, operation);
1312
1381
  return {
1313
- /**
1314
- * Get the current answer for a question.
1315
- * @param questionId - The question node identifier.
1316
- * @returns The answer record for the given question.
1317
- */
1318
- async get(questionId) {
1319
- return gateway.request({
1320
- path: `/api/platform/v1/questions/${encodeURIComponent(questionId)}/answer`
1321
- });
1322
- }
1382
+ ...input,
1383
+ topicId: requireTopicId(input),
1384
+ projectId: void 0
1323
1385
  };
1324
1386
  }
1387
+ function listResultFromEnvelope(data, legacyKey) {
1388
+ const record = isRecord3(data) ? data : {};
1389
+ const legacyItems = record[legacyKey];
1390
+ return createListResult(
1391
+ Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
1392
+ legacyKey
1393
+ );
1394
+ }
1325
1395
 
1326
- // src/audiencesClient.ts
1327
- function createAudiencesClient(config = {}) {
1328
- const gateway = createGatewayRequestClient(config);
1329
- const listRegistry = async (query5 = {}) => {
1330
- return gateway.request({
1331
- path: `/api/platform/v1/audiences/registry${toQueryString({
1332
- ...query5,
1333
- effective: typeof query5.effective === "boolean" ? query5.effective ? "true" : "false" : void 0,
1334
- status: query5.status
1335
- })}`
1336
- }).then(
1337
- (response) => mapGatewayData(
1338
- response,
1339
- (data) => createListResult(Array.isArray(data) ? data : [], "registryEntries")
1340
- )
1341
- );
1342
- };
1343
- const createRegistryEntry = async (input, idempotencyKey) => {
1344
- return gateway.request({
1345
- path: "/api/platform/v1/audiences/registry",
1346
- method: "POST",
1347
- body: input,
1348
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1349
- });
1350
- };
1351
- const updateRegistryEntry = createRegistryEntry;
1352
- const upsertRegistry = createRegistryEntry;
1353
- const getRegistry = listRegistry;
1354
- const listGrants = async (query5 = {}) => {
1355
- return gateway.request({
1356
- path: `/api/platform/v1/audiences/grants${toQueryString({
1357
- ...query5,
1358
- audienceKey: query5.audienceKey,
1359
- principalId: query5.principalId,
1360
- groupId: query5.groupId,
1361
- status: query5.status
1362
- })}`
1363
- }).then(
1364
- (response) => mapGatewayData(
1365
- response,
1366
- (data) => createListResult(Array.isArray(data) ? data : [], "grants")
1367
- )
1368
- );
1369
- };
1370
- const createGrant = async (input, idempotencyKey) => {
1371
- return gateway.request({
1372
- path: "/api/platform/v1/audiences/grants",
1373
- method: "POST",
1374
- body: input,
1375
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1376
- });
1377
- };
1378
- const getGrants = listGrants;
1379
- const grant = createGrant;
1380
- const deleteGrant = async (input, idempotencyKey) => {
1381
- return gateway.request({
1382
- path: "/api/platform/v1/audiences/grants/revoke",
1383
- method: "POST",
1384
- body: input,
1385
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1396
+ // src/control-plane.ts
1397
+ var LucernControlPlaneIdentityError = class extends Error {
1398
+ reason;
1399
+ principalStatus;
1400
+ tenantStatus;
1401
+ workspaceStatus;
1402
+ details;
1403
+ constructor(failure) {
1404
+ super(failure.message);
1405
+ this.name = "LucernControlPlaneIdentityError";
1406
+ this.reason = failure.reason;
1407
+ this.principalStatus = failure.principalStatus;
1408
+ this.tenantStatus = failure.tenantStatus;
1409
+ this.workspaceStatus = failure.workspaceStatus;
1410
+ this.details = failure.details;
1411
+ }
1412
+ };
1413
+ function cleanString3(value) {
1414
+ return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
1415
+ }
1416
+ function stringList(value) {
1417
+ if (!Array.isArray(value)) {
1418
+ return [];
1419
+ }
1420
+ return [
1421
+ ...new Set(
1422
+ value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
1423
+ )
1424
+ ];
1425
+ }
1426
+ function principalType(value) {
1427
+ switch (value) {
1428
+ case "service":
1429
+ case "service_principal":
1430
+ return "service";
1431
+ case "agent":
1432
+ return "agent";
1433
+ case "group":
1434
+ return "group";
1435
+ case "external_viewer":
1436
+ case "external_stakeholder":
1437
+ return "external_viewer";
1438
+ default:
1439
+ return "human";
1440
+ }
1441
+ }
1442
+ function adminFlags(roles) {
1443
+ const normalized = roles.map((role) => role.toLowerCase());
1444
+ const isPlatformAdmin = normalized.includes("platform_admin");
1445
+ const isTenantAdmin = isPlatformAdmin || normalized.includes("tenant_admin");
1446
+ const isWorkspaceAdmin = isTenantAdmin || normalized.includes("workspace_admin") || normalized.includes("workspace_owner");
1447
+ return { isPlatformAdmin, isTenantAdmin, isWorkspaceAdmin };
1448
+ }
1449
+ function normalizeResolvedInteractivePrincipal(payload) {
1450
+ if ("ok" in payload && payload.ok === false) {
1451
+ throw new LucernControlPlaneIdentityError(payload);
1452
+ }
1453
+ const principalId = cleanString3(payload.principalId);
1454
+ const clerkId = cleanString3(payload.clerkId);
1455
+ const tenantId = cleanString3(payload.tenantId);
1456
+ if (!principalId || !clerkId || !tenantId) {
1457
+ throw new LucernControlPlaneIdentityError({
1458
+ ok: false,
1459
+ reason: "resolver_unavailable",
1460
+ message: "Control-plane principal resolver returned an incomplete principal context.",
1461
+ principalStatus: payload.principalStatus ?? "missing",
1462
+ tenantStatus: payload.tenantStatus,
1463
+ workspaceStatus: payload.workspaceStatus
1386
1464
  });
1387
- };
1388
- const revokeGrant = deleteGrant;
1465
+ }
1466
+ const roles = stringList(payload.roles);
1467
+ const scopes = stringList(payload.scopes);
1468
+ const workspaceId = cleanString3(payload.workspaceId) ?? null;
1469
+ const flags = adminFlags(roles);
1389
1470
  return {
1390
- /**
1391
- * List audience registry entries.
1392
- */
1393
- listRegistry,
1394
- /**
1395
- * @deprecated Use listRegistry.
1396
- */
1397
- getRegistry,
1398
- /**
1399
- * Create an audience registry entry.
1400
- */
1401
- createRegistryEntry,
1402
- /**
1403
- * Update an audience registry entry.
1404
- */
1405
- updateRegistryEntry,
1406
- /**
1407
- * @deprecated Use createRegistryEntry or updateRegistryEntry.
1408
- */
1409
- upsertRegistry,
1410
- /**
1411
- * List audience grants.
1412
- */
1413
- listGrants,
1414
- /**
1415
- * @deprecated Use listGrants.
1416
- */
1417
- getGrants,
1418
- /**
1419
- * Create an audience grant.
1420
- */
1421
- createGrant,
1422
- /**
1423
- * @deprecated Use createGrant.
1424
- */
1425
- grant,
1426
- /**
1427
- * Delete an audience grant by revoking it.
1428
- */
1429
- deleteGrant,
1430
- /**
1431
- * @deprecated Use deleteGrant.
1432
- */
1433
- revokeGrant
1471
+ principalId,
1472
+ principalType: principalType(payload.principalType),
1473
+ clerkId,
1474
+ tenantId,
1475
+ workspaceId,
1476
+ roles,
1477
+ scopes,
1478
+ groupIds: stringList(payload.groupIds),
1479
+ permittedToolNames: stringList(payload.permittedToolNames),
1480
+ permittedPackKeys: stringList(payload.permittedPackKeys),
1481
+ principalStatus: cleanString3(payload.principalStatus) ?? "active",
1482
+ tenantStatus: cleanString3(payload.tenantStatus) ?? "active",
1483
+ workspaceStatus: cleanString3(payload.workspaceStatus) ?? (workspaceId ? "active" : "none"),
1484
+ isPlatformAdmin: typeof payload.isPlatformAdmin === "boolean" ? payload.isPlatformAdmin : flags.isPlatformAdmin,
1485
+ isTenantAdmin: typeof payload.isTenantAdmin === "boolean" ? payload.isTenantAdmin : flags.isTenantAdmin,
1486
+ isWorkspaceAdmin: typeof payload.isWorkspaceAdmin === "boolean" ? payload.isWorkspaceAdmin : flags.isWorkspaceAdmin,
1487
+ permit: {
1488
+ subject: cleanString3(payload.permit?.subject) ?? principalId,
1489
+ tenant: cleanString3(payload.permit?.tenant) ?? tenantId,
1490
+ ...workspaceId ? { workspace: cleanString3(payload.permit?.workspace) ?? workspaceId } : {}
1491
+ },
1492
+ authMode: "interactive_user",
1493
+ sessionId: payload.sessionId,
1494
+ delegatedBy: payload.delegatedBy,
1495
+ expiresAt: payload.expiresAt
1434
1496
  };
1435
1497
  }
1436
-
1437
- // src/auditClient.ts
1438
- function createAuditClient(config = {}) {
1498
+ function createControlPlaneIdentityClient(config = {}) {
1439
1499
  const gateway = createGatewayRequestClient(config);
1440
1500
  return {
1441
- /**
1442
- * List audit events for the current scope.
1443
- */
1444
- async listEvents(query5 = {}) {
1501
+ async resolveInteractivePrincipal(input) {
1445
1502
  return gateway.request({
1446
- path: `/api/platform/v1/audit/events${toQueryString(
1447
- normalizeTopicQuery(query5)
1448
- )}`
1503
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1504
+ method: "POST",
1505
+ body: input
1449
1506
  }).then(
1450
- (response) => mapGatewayData(
1451
- response,
1452
- (data) => createListResult(Array.isArray(data) ? data : [], "events")
1453
- )
1507
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1454
1508
  );
1455
1509
  }
1456
1510
  };
1457
1511
  }
1458
-
1459
- // src/authDeviceClient.ts
1460
- var DeviceAuthorizationError = class extends Error {
1461
- error;
1462
- interval;
1463
- constructor(args) {
1464
- super(args.description ?? args.error);
1465
- this.name = "DeviceAuthorizationError";
1466
- this.error = args.error;
1467
- this.interval = args.interval;
1468
- }
1469
- };
1470
- function authBaseUrl(config) {
1471
- return config.baseUrl?.replace(/\/+$/, "") ?? "";
1472
- }
1473
- async function readJson(response) {
1474
- try {
1475
- const payload = await response.json();
1476
- return isRecord3(payload) ? payload : {};
1477
- } catch (error) {
1478
- return unreadableJsonBodyFallback();
1479
- }
1480
- }
1481
- function unreadableJsonBodyFallback(_error) {
1482
- return {};
1483
- }
1484
- function isRecord3(value) {
1485
- return value !== null && typeof value === "object" && !Array.isArray(value);
1512
+ function createControlPlaneClient(config = {}) {
1513
+ return {
1514
+ identity: createControlPlaneIdentityClient(config)
1515
+ };
1486
1516
  }
1487
- function readString(value) {
1488
- const normalized = typeof value === "string" ? value.trim() : "";
1489
- return normalized || void 0;
1517
+
1518
+ // src/identityClient.ts
1519
+ function createIdentityWhoamiClient(config = {}) {
1520
+ const gateway = createGatewayRequestClient(config);
1521
+ return {
1522
+ async whoami() {
1523
+ return gateway.request({
1524
+ path: "/api/platform/v1/identity/whoami"
1525
+ });
1526
+ }
1527
+ };
1490
1528
  }
1491
- function assertDeviceCodeResponse(payload) {
1492
- const deviceCode = readString(payload.device_code);
1529
+ var TENANT_IDENTITY_FIELDS = [
1530
+ "tenantId",
1531
+ "workspaceId",
1532
+ "principalId",
1533
+ "integrationKey",
1534
+ "secretRef",
1535
+ "policySubject",
1536
+ "policyAction",
1537
+ "policyResource",
1538
+ "decision",
1539
+ "config",
1540
+ "configKey",
1541
+ "configValue",
1542
+ "provider",
1543
+ "status",
1544
+ "metadata",
1545
+ "limit",
1546
+ "cursor"
1547
+ ];
1548
+ function tenantIdentityQuery(input) {
1549
+ return {
1550
+ tenantId: cleanRequiredString(input.tenantId, "tenantId"),
1551
+ workspaceId: input.workspaceId,
1552
+ principalId: input.principalId,
1553
+ limit: input.limit,
1554
+ cursor: input.cursor
1555
+ };
1556
+ }
1557
+ function tenantIdentityBody(input, operation) {
1558
+ return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
1559
+ }
1560
+ function createIdentityClient(config = {}) {
1561
+ const gateway = createGatewayRequestClient(config);
1562
+ const whoamiClient = createIdentityWhoamiClient(config);
1563
+ const requestPrincipalWrite = (method, input, idempotencyKey) => gateway.request({
1564
+ path: "/api/platform/v1/identity/principals",
1565
+ method,
1566
+ body: input,
1567
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1568
+ });
1569
+ const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
1570
+ const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
1571
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
1572
+ method: "POST",
1573
+ body: input,
1574
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1575
+ });
1576
+ return {
1577
+ /**
1578
+ * Resolve the current authenticated identity summary.
1579
+ */
1580
+ async whoami() {
1581
+ return whoamiClient.whoami().then(
1582
+ (response) => mapGatewayData(response, (data) => ({
1583
+ principalId: data.principalId,
1584
+ principalType: data.principalType,
1585
+ clerkId: data.clerkId,
1586
+ tenantId: data.tenantId ?? null,
1587
+ workspaceId: data.workspaceId ?? null,
1588
+ scopes: Array.isArray(data.scopes) ? data.scopes : [],
1589
+ roles: Array.isArray(data.roles) ? data.roles : [],
1590
+ groupIds: Array.isArray(data.groupIds) ? data.groupIds : [],
1591
+ permittedToolNames: Array.isArray(data.permittedToolNames) ? data.permittedToolNames : [],
1592
+ permittedPackKeys: Array.isArray(data.permittedPackKeys) ? data.permittedPackKeys : [],
1593
+ principalStatus: data.principalStatus,
1594
+ tenantStatus: data.tenantStatus,
1595
+ workspaceStatus: data.workspaceStatus,
1596
+ isPlatformAdmin: data.isPlatformAdmin === true,
1597
+ isTenantAdmin: data.isTenantAdmin === true,
1598
+ isWorkspaceAdmin: data.isWorkspaceAdmin === true,
1599
+ permit: data.permit ?? (data.tenantId ? {
1600
+ subject: data.principalId,
1601
+ tenant: data.tenantId,
1602
+ ...data.workspaceId ? { workspace: data.workspaceId } : {}
1603
+ } : void 0),
1604
+ authMode: data.authMode,
1605
+ sessionId: data.sessionId,
1606
+ delegatedBy: data.delegatedBy,
1607
+ expiresAt: data.expiresAt
1608
+ }))
1609
+ );
1610
+ },
1611
+ /**
1612
+ * Resolve a Clerk subject through the tenant control-plane Permit projection.
1613
+ * @deprecated Prefer lucern.controlPlane.identity.resolveInteractivePrincipal().
1614
+ */
1615
+ async resolveInteractivePrincipal(input) {
1616
+ return gateway.request({
1617
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1618
+ method: "POST",
1619
+ body: input
1620
+ }).then(
1621
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1622
+ );
1623
+ },
1624
+ /**
1625
+ * List principals in the current identity scope.
1626
+ */
1627
+ async listPrincipals(query5 = {}) {
1628
+ return gateway.request({
1629
+ path: `/api/platform/v1/identity/principals${toQueryString(query5)}`
1630
+ }).then(
1631
+ (response) => mapGatewayData(
1632
+ response,
1633
+ (data) => createListResult(
1634
+ Array.isArray(data) ? data : [],
1635
+ "principals"
1636
+ )
1637
+ )
1638
+ );
1639
+ },
1640
+ /**
1641
+ * Create a principal.
1642
+ */
1643
+ async createPrincipal(input, idempotencyKey) {
1644
+ return requestPrincipalWrite("POST", input, idempotencyKey);
1645
+ },
1646
+ /**
1647
+ * Update a principal.
1648
+ */
1649
+ updatePrincipal,
1650
+ /**
1651
+ * @deprecated Use createPrincipal or updatePrincipal.
1652
+ */
1653
+ upsertPrincipal: updatePrincipal,
1654
+ /**
1655
+ * List keys in the current identity scope.
1656
+ */
1657
+ async listKeys(query5 = {}) {
1658
+ return gateway.request({
1659
+ path: `/api/platform/v1/identity/keys${toQueryString(query5)}`
1660
+ }).then(
1661
+ (response) => mapGatewayData(
1662
+ response,
1663
+ (data) => createListResult(Array.isArray(data) ? data : [], "keys")
1664
+ )
1665
+ );
1666
+ },
1667
+ /**
1668
+ * Create an API key.
1669
+ */
1670
+ async createKey(input, idempotencyKey) {
1671
+ return gateway.request({
1672
+ path: "/api/platform/v1/identity/keys",
1673
+ method: "POST",
1674
+ body: input,
1675
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1676
+ });
1677
+ },
1678
+ /**
1679
+ * Rotate an API key.
1680
+ */
1681
+ async rotateKey(keyId, input = {}, idempotencyKey) {
1682
+ return gateway.request({
1683
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/rotate`,
1684
+ method: "POST",
1685
+ body: input,
1686
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1687
+ });
1688
+ },
1689
+ /**
1690
+ * Delete an API key by revoking it.
1691
+ */
1692
+ deleteKey,
1693
+ /**
1694
+ * @deprecated Use deleteKey.
1695
+ */
1696
+ revokeKey: deleteKey,
1697
+ /**
1698
+ * Search Clerk users by email or display attributes.
1699
+ */
1700
+ async searchClerkUsers(q) {
1701
+ return gateway.request({
1702
+ path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
1703
+ });
1704
+ },
1705
+ async getTenantConfig(input) {
1706
+ return gateway.request({
1707
+ path: `/api/platform/v1/identity/tenant-config${toQueryString(
1708
+ tenantIdentityQuery(input)
1709
+ )}`
1710
+ });
1711
+ },
1712
+ async updateTenantConfig(input, idempotencyKey) {
1713
+ cleanRequiredString(input.tenantId, "tenantId");
1714
+ return gateway.request({
1715
+ path: "/api/platform/v1/identity/tenant-config",
1716
+ method: "PATCH",
1717
+ body: tenantIdentityBody(
1718
+ input,
1719
+ "identity.updateTenantConfig"
1720
+ ),
1721
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1722
+ });
1723
+ },
1724
+ async listIntegrations(input) {
1725
+ return gateway.request({
1726
+ path: `/api/platform/v1/identity/integrations${toQueryString(
1727
+ tenantIdentityQuery(input)
1728
+ )}`
1729
+ }).then(
1730
+ (response) => mapGatewayData(
1731
+ response,
1732
+ (data) => listResultFromEnvelope(
1733
+ data,
1734
+ "integrations"
1735
+ )
1736
+ )
1737
+ );
1738
+ },
1739
+ async upsertIntegration(input, idempotencyKey) {
1740
+ cleanRequiredString(input.tenantId, "tenantId");
1741
+ cleanRequiredString(input.integrationKey, "integrationKey");
1742
+ return gateway.request({
1743
+ path: "/api/platform/v1/identity/integrations",
1744
+ method: "PUT",
1745
+ body: tenantIdentityBody(
1746
+ input,
1747
+ "identity.upsertIntegration"
1748
+ ),
1749
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1750
+ });
1751
+ },
1752
+ async listSecrets(input) {
1753
+ return gateway.request({
1754
+ path: `/api/platform/v1/identity/secrets${toQueryString(
1755
+ tenantIdentityQuery(input)
1756
+ )}`
1757
+ }).then(
1758
+ (response) => mapGatewayData(
1759
+ response,
1760
+ (data) => listResultFromEnvelope(
1761
+ data,
1762
+ "secrets"
1763
+ )
1764
+ )
1765
+ );
1766
+ },
1767
+ async putSecretReference(input, idempotencyKey) {
1768
+ cleanRequiredString(input.tenantId, "tenantId");
1769
+ cleanRequiredString(input.secretRef, "secretRef");
1770
+ return gateway.request({
1771
+ path: "/api/platform/v1/identity/secrets",
1772
+ method: "PUT",
1773
+ body: tenantIdentityBody(
1774
+ input,
1775
+ "identity.putSecretReference"
1776
+ ),
1777
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1778
+ });
1779
+ },
1780
+ async evaluatePolicy(input, idempotencyKey) {
1781
+ cleanRequiredString(input.tenantId, "tenantId");
1782
+ cleanRequiredString(input.policySubject, "policySubject");
1783
+ cleanRequiredString(input.policyAction, "policyAction");
1784
+ cleanRequiredString(input.policyResource, "policyResource");
1785
+ return gateway.request({
1786
+ path: "/api/platform/v1/identity/policy/evaluate",
1787
+ method: "POST",
1788
+ body: tenantIdentityBody(
1789
+ input,
1790
+ "identity.evaluatePolicy"
1791
+ ),
1792
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1793
+ });
1794
+ },
1795
+ async recordPolicyDecision(input, idempotencyKey) {
1796
+ cleanRequiredString(input.tenantId, "tenantId");
1797
+ cleanRequiredString(input.decision, "decision");
1798
+ return gateway.request({
1799
+ path: "/api/platform/v1/identity/policy/decisions",
1800
+ method: "POST",
1801
+ body: tenantIdentityBody(
1802
+ input,
1803
+ "identity.recordPolicyDecision"
1804
+ ),
1805
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1806
+ });
1807
+ }
1808
+ };
1809
+ }
1810
+
1811
+ // src/accessControl.ts
1812
+ var LucernAccessControlError = class extends LucernSdkAuthContextError {
1813
+ policyDecision;
1814
+ constructor(reason, message, policyDecision) {
1815
+ super(reason, message);
1816
+ this.name = "LucernAccessControlError";
1817
+ this.policyDecision = policyDecision;
1818
+ }
1819
+ };
1820
+ function cleanString4(value) {
1821
+ const normalized = value?.trim();
1822
+ return normalized ? normalized : void 0;
1823
+ }
1824
+ function cleanStringList2(values) {
1825
+ if (!values) {
1826
+ return [];
1827
+ }
1828
+ return [
1829
+ ...new Set(
1830
+ values.map((value) => value.trim()).filter((value) => value.length > 0)
1831
+ )
1832
+ ];
1833
+ }
1834
+ function requireString2(value, reason, label) {
1835
+ const normalized = cleanString4(value);
1836
+ if (!normalized) {
1837
+ throw new LucernAccessControlError(
1838
+ reason,
1839
+ `Lucern SDK access control requires ${label}.`
1840
+ );
1841
+ }
1842
+ return normalized;
1843
+ }
1844
+ function normalizePrincipalType(principalType2) {
1845
+ if (principalType2 === "agent") {
1846
+ return "agent";
1847
+ }
1848
+ if (principalType2 === "service") {
1849
+ return "service";
1850
+ }
1851
+ if (principalType2 === "group") {
1852
+ return "group";
1853
+ }
1854
+ if (principalType2 === "external_viewer") {
1855
+ return "external_viewer";
1856
+ }
1857
+ return "human";
1858
+ }
1859
+ function aliasKey(alias) {
1860
+ return `${alias.provider}:${alias.providerProjectId ?? ""}:${alias.externalSubjectId}`;
1861
+ }
1862
+ function normalizeAliases(input, canonicalClerkUserId) {
1863
+ const aliases = /* @__PURE__ */ new Map();
1864
+ for (const alias of input ?? []) {
1865
+ const externalSubjectId = cleanString4(alias.externalSubjectId);
1866
+ if (!externalSubjectId) {
1867
+ continue;
1868
+ }
1869
+ const normalized = {
1870
+ provider: cleanString4(alias.provider) ?? "clerk",
1871
+ providerProjectId: cleanString4(alias.providerProjectId),
1872
+ externalSubjectId,
1873
+ status: cleanString4(alias.status)
1874
+ };
1875
+ aliases.set(aliasKey(normalized), normalized);
1876
+ }
1877
+ if (canonicalClerkUserId) {
1878
+ const canonicalAlias = {
1879
+ provider: "clerk",
1880
+ externalSubjectId: canonicalClerkUserId,
1881
+ status: "active"
1882
+ };
1883
+ aliases.set(aliasKey(canonicalAlias), canonicalAlias);
1884
+ }
1885
+ return [...aliases.values()];
1886
+ }
1887
+ function isKnownClerkSubject(args) {
1888
+ if (args.clerkId === args.canonicalClerkUserId) {
1889
+ return true;
1890
+ }
1891
+ return args.aliases.some(
1892
+ (alias) => alias.provider === "clerk" && alias.externalSubjectId === args.clerkId
1893
+ );
1894
+ }
1895
+ function authContextToPrincipalInput(input) {
1896
+ const normalized = normalizeCanonicalLucernAuthContext(input);
1897
+ return {
1898
+ principalId: normalized.principalId,
1899
+ principalType: normalized.principalType,
1900
+ canonicalClerkUserId: normalized.clerkId,
1901
+ clerkId: normalized.clerkId,
1902
+ tenantId: normalized.tenantId,
1903
+ workspaceId: normalized.workspaceId,
1904
+ roles: normalized.roles,
1905
+ scopes: normalized.scopes
1906
+ };
1907
+ }
1908
+ function isAuthContextInput(input) {
1909
+ return "authMode" in input || "permit" in input || "delegationChain" in input;
1910
+ }
1911
+ function normalizeCanonicalPrincipalIdentity(input, options = {}) {
1912
+ const principalInput = isAuthContextInput(input) ? authContextToPrincipalInput(input) : input;
1913
+ const principalId = requireString2(
1914
+ principalInput.principalId,
1915
+ "principal_missing",
1916
+ "principalId"
1917
+ );
1918
+ const principalType2 = normalizePrincipalType(principalInput.principalType);
1919
+ const observedClerkId = cleanString4(options.observedClerkId);
1920
+ const canonicalClerkUserId = cleanString4(principalInput.canonicalClerkUserId) ?? cleanString4(principalInput.clerkId);
1921
+ if (principalType2 === "human" && !canonicalClerkUserId) {
1922
+ throw new LucernAccessControlError(
1923
+ "clerk_alias_missing",
1924
+ "Human principals require one canonical Clerk user id."
1925
+ );
1926
+ }
1927
+ const aliases = normalizeAliases(
1928
+ principalInput.clerkIdentityAliases,
1929
+ canonicalClerkUserId
1930
+ );
1931
+ if (observedClerkId && !isKnownClerkSubject({
1932
+ clerkId: observedClerkId,
1933
+ canonicalClerkUserId,
1934
+ aliases
1935
+ })) {
1936
+ throw new LucernAccessControlError(
1937
+ "clerk_alias_unrecognized",
1938
+ "Observed Clerk user id does not match the canonical human principal id."
1939
+ );
1940
+ }
1941
+ return {
1942
+ principalId,
1943
+ principalType: principalType2,
1944
+ canonicalClerkUserId,
1945
+ clerkIdentityAliases: aliases,
1946
+ tenantId: cleanString4(principalInput.tenantId),
1947
+ workspaceId: cleanString4(principalInput.workspaceId),
1948
+ roles: cleanStringList2(principalInput.roles),
1949
+ scopes: cleanStringList2(principalInput.scopes)
1950
+ };
1951
+ }
1952
+ function formatPermitResource(resource) {
1953
+ if (typeof resource === "string") {
1954
+ return requireString2(resource, "policy_denied", "policyResource");
1955
+ }
1956
+ const type = requireString2(resource.type, "policy_denied", "resource.type");
1957
+ const key = requireString2(resource.key, "policy_denied", "resource.key");
1958
+ return key.startsWith(`${type}:`) ? key : `${type}:${key}`;
1959
+ }
1960
+ function resourceRequiresWorkspace(resource) {
1961
+ if (typeof resource === "string") {
1962
+ return !resource.startsWith("tenant:");
1963
+ }
1964
+ return resource.type !== "tenant";
1965
+ }
1966
+ function buildPolicyInput(identity, input) {
1967
+ const tenantId = requireString2(
1968
+ input.tenantId ?? identity.tenantId,
1969
+ "tenant_missing",
1970
+ "tenantId"
1971
+ );
1972
+ const workspaceId = cleanString4(input.workspaceId ?? identity.workspaceId);
1973
+ if (resourceRequiresWorkspace(input.resource) && !workspaceId) {
1974
+ throw new LucernAccessControlError(
1975
+ "workspace_missing",
1976
+ "Workspace-scoped Permit checks require workspaceId."
1977
+ );
1978
+ }
1979
+ return {
1980
+ tenantId,
1981
+ workspaceId,
1982
+ principalId: identity.principalId,
1983
+ policySubject: identity.principalId,
1984
+ policyAction: requireString2(input.action, "policy_denied", "policyAction"),
1985
+ policyResource: formatPermitResource(input.resource),
1986
+ metadata: input.context
1987
+ };
1988
+ }
1989
+ async function resolveConfiguredPrincipalInput(authContext) {
1990
+ if (typeof authContext === "function") {
1991
+ return await authContext();
1992
+ }
1993
+ return authContext;
1994
+ }
1995
+ function assertPermitAllowed(decision) {
1996
+ if (decision.decision !== "allow") {
1997
+ throw new LucernAccessControlError(
1998
+ decision.decision === "deny" ? "policy_denied" : "policy_unknown",
1999
+ `Permit denied ${decision.policyAction} on ${decision.policyResource}.`,
2000
+ decision
2001
+ );
2002
+ }
2003
+ }
2004
+ function createAccessControlClient(config = {}) {
2005
+ const identityClient = createIdentityClient(config);
2006
+ async function resolveIdentity(input, observedClerkId) {
2007
+ const identityInput = input ?? await resolveConfiguredPrincipalInput(config.authContext);
2008
+ if (!identityInput) {
2009
+ throw new LucernAccessControlError(
2010
+ "principal_missing",
2011
+ "Lucern SDK access control requires a canonical principal identity."
2012
+ );
2013
+ }
2014
+ return normalizeCanonicalPrincipalIdentity(identityInput, {
2015
+ observedClerkId
2016
+ });
2017
+ }
2018
+ async function checkAccess(input, idempotencyKey) {
2019
+ const identity = await resolveIdentity(input.identity, input.observedClerkId);
2020
+ const policyInput = buildPolicyInput(identity, input);
2021
+ try {
2022
+ const response = await identityClient.evaluatePolicy(
2023
+ policyInput,
2024
+ idempotencyKey
2025
+ );
2026
+ return {
2027
+ identity,
2028
+ policyInput,
2029
+ decision: response.data
2030
+ };
2031
+ } catch (error) {
2032
+ if (error instanceof LucernSdkAuthContextError) {
2033
+ throw error;
2034
+ }
2035
+ throw new LucernAccessControlError(
2036
+ "policy_unavailable",
2037
+ "Permit policy check failed closed before an allow decision was returned."
2038
+ );
2039
+ }
2040
+ }
2041
+ async function requireAccess(input, idempotencyKey) {
2042
+ const result = await checkAccess(input, idempotencyKey);
2043
+ assertPermitAllowed(result.decision);
2044
+ return result;
2045
+ }
2046
+ async function canAccess(input, idempotencyKey) {
2047
+ try {
2048
+ await requireAccess(input, idempotencyKey);
2049
+ return true;
2050
+ } catch {
2051
+ return false;
2052
+ }
2053
+ }
2054
+ return {
2055
+ normalizePrincipal: normalizeCanonicalPrincipalIdentity,
2056
+ checkAccess,
2057
+ requireAccess,
2058
+ canAccess
2059
+ };
2060
+ }
2061
+
2062
+ // src/answersClient.ts
2063
+ function createAnswersClient(config = {}) {
2064
+ const gateway = createGatewayRequestClient(config);
2065
+ return {
2066
+ /**
2067
+ * Get the current answer for a question.
2068
+ * @param questionId - The question node identifier.
2069
+ * @returns The answer record for the given question.
2070
+ */
2071
+ async get(questionId) {
2072
+ return gateway.request({
2073
+ path: `/api/platform/v1/questions/${encodeURIComponent(questionId)}/answer`
2074
+ });
2075
+ }
2076
+ };
2077
+ }
2078
+
2079
+ // src/audiencesClient.ts
2080
+ function createAudiencesClient(config = {}) {
2081
+ const gateway = createGatewayRequestClient(config);
2082
+ const listRegistry = async (query5 = {}) => {
2083
+ return gateway.request({
2084
+ path: `/api/platform/v1/audiences/registry${toQueryString({
2085
+ ...query5,
2086
+ effective: typeof query5.effective === "boolean" ? query5.effective ? "true" : "false" : void 0,
2087
+ status: query5.status
2088
+ })}`
2089
+ }).then(
2090
+ (response) => mapGatewayData(
2091
+ response,
2092
+ (data) => createListResult(Array.isArray(data) ? data : [], "registryEntries")
2093
+ )
2094
+ );
2095
+ };
2096
+ const createRegistryEntry = async (input, idempotencyKey) => {
2097
+ return gateway.request({
2098
+ path: "/api/platform/v1/audiences/registry",
2099
+ method: "POST",
2100
+ body: input,
2101
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2102
+ });
2103
+ };
2104
+ const updateRegistryEntry = createRegistryEntry;
2105
+ const upsertRegistry = createRegistryEntry;
2106
+ const getRegistry = listRegistry;
2107
+ const listGrants = async (query5 = {}) => {
2108
+ return gateway.request({
2109
+ path: `/api/platform/v1/audiences/grants${toQueryString({
2110
+ ...query5,
2111
+ audienceKey: query5.audienceKey,
2112
+ principalId: query5.principalId,
2113
+ groupId: query5.groupId,
2114
+ status: query5.status
2115
+ })}`
2116
+ }).then(
2117
+ (response) => mapGatewayData(
2118
+ response,
2119
+ (data) => createListResult(Array.isArray(data) ? data : [], "grants")
2120
+ )
2121
+ );
2122
+ };
2123
+ const createGrant = async (input, idempotencyKey) => {
2124
+ return gateway.request({
2125
+ path: "/api/platform/v1/audiences/grants",
2126
+ method: "POST",
2127
+ body: input,
2128
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2129
+ });
2130
+ };
2131
+ const getGrants = listGrants;
2132
+ const grant = createGrant;
2133
+ const deleteGrant = async (input, idempotencyKey) => {
2134
+ return gateway.request({
2135
+ path: "/api/platform/v1/audiences/grants/revoke",
2136
+ method: "POST",
2137
+ body: input,
2138
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2139
+ });
2140
+ };
2141
+ const revokeGrant = deleteGrant;
2142
+ return {
2143
+ /**
2144
+ * List audience registry entries.
2145
+ */
2146
+ listRegistry,
2147
+ /**
2148
+ * @deprecated Use listRegistry.
2149
+ */
2150
+ getRegistry,
2151
+ /**
2152
+ * Create an audience registry entry.
2153
+ */
2154
+ createRegistryEntry,
2155
+ /**
2156
+ * Update an audience registry entry.
2157
+ */
2158
+ updateRegistryEntry,
2159
+ /**
2160
+ * @deprecated Use createRegistryEntry or updateRegistryEntry.
2161
+ */
2162
+ upsertRegistry,
2163
+ /**
2164
+ * List audience grants.
2165
+ */
2166
+ listGrants,
2167
+ /**
2168
+ * @deprecated Use listGrants.
2169
+ */
2170
+ getGrants,
2171
+ /**
2172
+ * Create an audience grant.
2173
+ */
2174
+ createGrant,
2175
+ /**
2176
+ * @deprecated Use createGrant.
2177
+ */
2178
+ grant,
2179
+ /**
2180
+ * Delete an audience grant by revoking it.
2181
+ */
2182
+ deleteGrant,
2183
+ /**
2184
+ * @deprecated Use deleteGrant.
2185
+ */
2186
+ revokeGrant
2187
+ };
2188
+ }
2189
+
2190
+ // src/auditClient.ts
2191
+ function createAuditClient(config = {}) {
2192
+ const gateway = createGatewayRequestClient(config);
2193
+ return {
2194
+ /**
2195
+ * List audit events for the current scope.
2196
+ */
2197
+ async listEvents(query5 = {}) {
2198
+ return gateway.request({
2199
+ path: `/api/platform/v1/audit/events${toQueryString(
2200
+ normalizeTopicQuery(query5)
2201
+ )}`
2202
+ }).then(
2203
+ (response) => mapGatewayData(
2204
+ response,
2205
+ (data) => createListResult(Array.isArray(data) ? data : [], "events")
2206
+ )
2207
+ );
2208
+ }
2209
+ };
2210
+ }
2211
+
2212
+ // src/authDeviceClient.ts
2213
+ var DeviceAuthorizationError = class extends Error {
2214
+ error;
2215
+ interval;
2216
+ constructor(args) {
2217
+ super(args.description ?? args.error);
2218
+ this.name = "DeviceAuthorizationError";
2219
+ this.error = args.error;
2220
+ this.interval = args.interval;
2221
+ }
2222
+ };
2223
+ function authBaseUrl(config) {
2224
+ return config.baseUrl?.replace(/\/+$/, "") ?? "";
2225
+ }
2226
+ async function readJson(response) {
2227
+ try {
2228
+ const payload = await response.json();
2229
+ return isRecord4(payload) ? payload : {};
2230
+ } catch (error) {
2231
+ return unreadableJsonBodyFallback();
2232
+ }
2233
+ }
2234
+ function unreadableJsonBodyFallback(_error) {
2235
+ return {};
2236
+ }
2237
+ function isRecord4(value) {
2238
+ return value !== null && typeof value === "object" && !Array.isArray(value);
2239
+ }
2240
+ function readString(value) {
2241
+ const normalized = typeof value === "string" ? value.trim() : "";
2242
+ return normalized || void 0;
2243
+ }
2244
+ function assertDeviceCodeResponse(payload) {
2245
+ const deviceCode = readString(payload.device_code);
1493
2246
  const userCode = readString(payload.user_code);
1494
2247
  const verificationUri = readString(payload.verification_uri);
1495
2248
  const verificationUriComplete = readString(payload.verification_uri_complete);
@@ -1524,7 +2277,7 @@ function assertDeviceTokenResponse(payload) {
1524
2277
  tenant_id: tenantId,
1525
2278
  workspace_id: readString(payload.workspace_id),
1526
2279
  principal_id: principalId,
1527
- user: isRecord3(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
2280
+ user: isRecord4(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
1528
2281
  id: payload.user.id,
1529
2282
  principalId: payload.user.principalId
1530
2283
  } : void 0
@@ -1865,64 +2618,9 @@ function createEvidenceClient(config = {}) {
1865
2618
  config: classificationConfig
1866
2619
  },
1867
2620
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1868
- });
1869
- }
1870
- };
1871
- }
1872
-
1873
- // src/boundaryClientSurface.ts
1874
- function cleanOptionalString(value) {
1875
- const normalized = value?.trim();
1876
- return normalized ? normalized : void 0;
1877
- }
1878
- function isRecord4(value) {
1879
- return Boolean(value) && typeof value === "object" && !Array.isArray(value);
1880
- }
1881
- function cleanRequiredString(value, label) {
1882
- const normalized = cleanOptionalString(value);
1883
- if (!normalized) {
1884
- throw new Error(`${label} is required`);
1885
- }
1886
- return normalized;
1887
- }
1888
- function readTopicId(input) {
1889
- return cleanOptionalString(input.topicId) ?? cleanOptionalString(input.projectId);
1890
- }
1891
- function requireTopicId(input) {
1892
- const topicId = readTopicId(input);
1893
- if (!topicId) {
1894
- throw new Error("topicId is required");
1895
- }
1896
- return topicId;
1897
- }
1898
- function assertKnownKeys(input, allowed, operation) {
1899
- const allowedSet = new Set(allowed);
1900
- const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1901
- if (unknownKeys.length > 0) {
1902
- throw new Error(
1903
- `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1904
- );
1905
- }
1906
- }
1907
- function knownPayload(input, allowed, operation) {
1908
- assertKnownKeys(input, allowed, operation);
1909
- return { ...input };
1910
- }
1911
- function topicPayload(input, allowed, operation) {
1912
- assertKnownKeys(input, allowed, operation);
1913
- return {
1914
- ...input,
1915
- topicId: requireTopicId(input),
1916
- projectId: void 0
1917
- };
1918
- }
1919
- function listResultFromEnvelope(data, legacyKey) {
1920
- const record = isRecord4(data) ? data : {};
1921
- const legacyItems = record[legacyKey];
1922
- return createListResult(
1923
- Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
1924
- legacyKey
1925
- );
2621
+ });
2622
+ }
2623
+ };
1926
2624
  }
1927
2625
 
1928
2626
  // src/eventingClient.ts
@@ -2577,374 +3275,106 @@ function createGraphClient(config = {}) {
2577
3275
  return gateway.request({
2578
3276
  path: `/api/platform/v1/graph/edges${toQueryString(query5)}`,
2579
3277
  method: "DELETE",
2580
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2581
- });
2582
- },
2583
- /**
2584
- * Retrieve a graph neighborhood around a root node.
2585
- */
2586
- async neighborhood(query5) {
2587
- return gateway.request({
2588
- path: `/api/platform/v1/graph/neighborhood${toQueryString(query5)}`
2589
- });
2590
- },
2591
- /**
2592
- * Traverse the graph from a starting node.
2593
- */
2594
- async traverse(query5) {
2595
- return gateway.request({
2596
- path: "/api/platform/v1/graph/traverse",
2597
- method: "POST",
2598
- body: normalizeTopicQuery(query5)
2599
- });
2600
- },
2601
- /**
2602
- * Analyze graph structure for a topic.
2603
- */
2604
- async analyze(query5 = {}) {
2605
- const normalized = normalizeTopicQuery(query5);
2606
- return gateway.request({
2607
- path: `/api/platform/v1/graph/analyze${toQueryString({
2608
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2609
- metric: typeof normalized.metric === "string" ? normalized.metric : void 0,
2610
- limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2611
- })}`
2612
- });
2613
- },
2614
- /**
2615
- * Detect confirmation-bias patterns for a topic graph.
2616
- */
2617
- async bias(query5 = {}) {
2618
- const normalized = normalizeTopicQuery(query5);
2619
- return gateway.request({
2620
- path: `/api/platform/v1/graph/bias${toQueryString({
2621
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2622
- threshold: typeof normalized.threshold === "number" ? normalized.threshold : void 0,
2623
- limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2624
- })}`
2625
- });
2626
- },
2627
- /**
2628
- * Find graph gaps for beliefs that still need testing.
2629
- */
2630
- async gaps(query5) {
2631
- const normalized = normalizeTopicQuery(query5);
2632
- return gateway.request({
2633
- path: `/api/platform/v1/graph/gaps${toQueryString({
2634
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2635
- minConfidence: typeof normalized.minConfidence === "number" ? normalized.minConfidence : void 0
2636
- })}`
2637
- });
2638
- },
2639
- /**
2640
- * Search across graph resources within a topic.
2641
- */
2642
- async search(query5) {
2643
- return gateway.request({
2644
- path: "/api/platform/v1/search",
2645
- method: "POST",
2646
- body: normalizeTopicQuery(query5)
2647
- });
2648
- },
2649
- /**
2650
- * Retrieve the shortest known path between two graph nodes.
2651
- */
2652
- async getPath(query5) {
2653
- return gateway.request({
2654
- path: `/api/platform/v1/graph/path${toQueryString(query5)}`
2655
- });
2656
- },
2657
- /**
2658
- * Retrieve graph analytics for the requested metric.
2659
- */
2660
- async getAnalytics(query5 = {}) {
2661
- return gateway.request({
2662
- path: `/api/platform/v1/graph/analytics${toQueryString(query5)}`
2663
- });
2664
- }
2665
- };
2666
- return Object.assign(client, {
2667
- queryNodes: client.listNodes,
2668
- queryEdges: client.listEdges,
2669
- getNeighborhood: client.neighborhood
2670
- });
2671
- }
2672
-
2673
- // src/identityClient.ts
2674
- function createIdentityWhoamiClient(config = {}) {
2675
- const gateway = createGatewayRequestClient(config);
2676
- return {
2677
- async whoami() {
2678
- return gateway.request({
2679
- path: "/api/platform/v1/identity/whoami"
2680
- });
2681
- }
2682
- };
2683
- }
2684
- var TENANT_IDENTITY_FIELDS = [
2685
- "tenantId",
2686
- "workspaceId",
2687
- "principalId",
2688
- "integrationKey",
2689
- "secretRef",
2690
- "policySubject",
2691
- "policyAction",
2692
- "policyResource",
2693
- "decision",
2694
- "config",
2695
- "configKey",
2696
- "configValue",
2697
- "provider",
2698
- "status",
2699
- "metadata",
2700
- "limit",
2701
- "cursor"
2702
- ];
2703
- function tenantIdentityQuery(input) {
2704
- return {
2705
- tenantId: cleanRequiredString(input.tenantId, "tenantId"),
2706
- workspaceId: input.workspaceId,
2707
- principalId: input.principalId,
2708
- limit: input.limit,
2709
- cursor: input.cursor
2710
- };
2711
- }
2712
- function tenantIdentityBody(input, operation) {
2713
- return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
2714
- }
2715
- function createIdentityClient(config = {}) {
2716
- const gateway = createGatewayRequestClient(config);
2717
- const whoamiClient = createIdentityWhoamiClient(config);
2718
- const requestPrincipalWrite = (method, input, idempotencyKey) => gateway.request({
2719
- path: "/api/platform/v1/identity/principals",
2720
- method,
2721
- body: input,
2722
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2723
- });
2724
- const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
2725
- const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
2726
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
2727
- method: "POST",
2728
- body: input,
2729
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2730
- });
2731
- return {
2732
- /**
2733
- * Resolve the current authenticated identity summary.
2734
- */
2735
- async whoami() {
2736
- return whoamiClient.whoami().then(
2737
- (response) => mapGatewayData(response, (data) => ({
2738
- principalId: data.principalId,
2739
- principalType: data.principalType,
2740
- tenantId: data.tenantId ?? null,
2741
- workspaceId: data.workspaceId ?? null,
2742
- scopes: Array.isArray(data.scopes) ? data.scopes : [],
2743
- roles: Array.isArray(data.roles) ? data.roles : [],
2744
- isPlatformAdmin: data.isPlatformAdmin === true,
2745
- isTenantAdmin: data.isTenantAdmin === true,
2746
- isWorkspaceAdmin: data.isWorkspaceAdmin === true,
2747
- authMode: data.authMode,
2748
- sessionId: data.sessionId,
2749
- delegatedBy: data.delegatedBy,
2750
- expiresAt: data.expiresAt
2751
- }))
2752
- );
2753
- },
2754
- /**
2755
- * List principals in the current identity scope.
2756
- */
2757
- async listPrincipals(query5 = {}) {
2758
- return gateway.request({
2759
- path: `/api/platform/v1/identity/principals${toQueryString(query5)}`
2760
- }).then(
2761
- (response) => mapGatewayData(
2762
- response,
2763
- (data) => createListResult(
2764
- Array.isArray(data) ? data : [],
2765
- "principals"
2766
- )
2767
- )
2768
- );
2769
- },
2770
- /**
2771
- * Create a principal.
2772
- */
2773
- async createPrincipal(input, idempotencyKey) {
2774
- return requestPrincipalWrite("POST", input, idempotencyKey);
2775
- },
2776
- /**
2777
- * Update a principal.
2778
- */
2779
- updatePrincipal,
2780
- /**
2781
- * @deprecated Use createPrincipal or updatePrincipal.
2782
- */
2783
- upsertPrincipal: updatePrincipal,
2784
- /**
2785
- * List keys in the current identity scope.
2786
- */
2787
- async listKeys(query5 = {}) {
2788
- return gateway.request({
2789
- path: `/api/platform/v1/identity/keys${toQueryString(query5)}`
2790
- }).then(
2791
- (response) => mapGatewayData(
2792
- response,
2793
- (data) => createListResult(Array.isArray(data) ? data : [], "keys")
2794
- )
2795
- );
2796
- },
2797
- /**
2798
- * Create an API key.
2799
- */
2800
- async createKey(input, idempotencyKey) {
2801
- return gateway.request({
2802
- path: "/api/platform/v1/identity/keys",
2803
- method: "POST",
2804
- body: input,
2805
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2806
- });
2807
- },
2808
- /**
2809
- * Rotate an API key.
2810
- */
2811
- async rotateKey(keyId, input = {}, idempotencyKey) {
2812
- return gateway.request({
2813
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/rotate`,
2814
- method: "POST",
2815
- body: input,
2816
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2817
- });
2818
- },
2819
- /**
2820
- * Delete an API key by revoking it.
2821
- */
2822
- deleteKey,
2823
- /**
2824
- * @deprecated Use deleteKey.
2825
- */
2826
- revokeKey: deleteKey,
2827
- /**
2828
- * Search Clerk users by email or display attributes.
2829
- */
2830
- async searchClerkUsers(q) {
2831
- return gateway.request({
2832
- path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
3278
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2833
3279
  });
2834
3280
  },
2835
- async getTenantConfig(input) {
3281
+ /**
3282
+ * Retrieve a graph neighborhood around a root node.
3283
+ */
3284
+ async neighborhood(query5) {
2836
3285
  return gateway.request({
2837
- path: `/api/platform/v1/identity/tenant-config${toQueryString(
2838
- tenantIdentityQuery(input)
2839
- )}`
3286
+ path: `/api/platform/v1/graph/neighborhood${toQueryString(query5)}`
2840
3287
  });
2841
3288
  },
2842
- async updateTenantConfig(input, idempotencyKey) {
2843
- cleanRequiredString(input.tenantId, "tenantId");
3289
+ /**
3290
+ * Traverse the graph from a starting node.
3291
+ */
3292
+ async traverse(query5) {
2844
3293
  return gateway.request({
2845
- path: "/api/platform/v1/identity/tenant-config",
2846
- method: "PATCH",
2847
- body: tenantIdentityBody(
2848
- input,
2849
- "identity.updateTenantConfig"
2850
- ),
2851
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3294
+ path: "/api/platform/v1/graph/traverse",
3295
+ method: "POST",
3296
+ body: normalizeTopicQuery(query5)
2852
3297
  });
2853
3298
  },
2854
- async listIntegrations(input) {
3299
+ /**
3300
+ * Analyze graph structure for a topic.
3301
+ */
3302
+ async analyze(query5 = {}) {
3303
+ const normalized = normalizeTopicQuery(query5);
2855
3304
  return gateway.request({
2856
- path: `/api/platform/v1/identity/integrations${toQueryString(
2857
- tenantIdentityQuery(input)
2858
- )}`
2859
- }).then(
2860
- (response) => mapGatewayData(
2861
- response,
2862
- (data) => listResultFromEnvelope(
2863
- data,
2864
- "integrations"
2865
- )
2866
- )
2867
- );
3305
+ path: `/api/platform/v1/graph/analyze${toQueryString({
3306
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
3307
+ metric: typeof normalized.metric === "string" ? normalized.metric : void 0,
3308
+ limit: typeof normalized.limit === "number" ? normalized.limit : void 0
3309
+ })}`
3310
+ });
2868
3311
  },
2869
- async upsertIntegration(input, idempotencyKey) {
2870
- cleanRequiredString(input.tenantId, "tenantId");
2871
- cleanRequiredString(input.integrationKey, "integrationKey");
3312
+ /**
3313
+ * Detect confirmation-bias patterns for a topic graph.
3314
+ */
3315
+ async bias(query5 = {}) {
3316
+ const normalized = normalizeTopicQuery(query5);
2872
3317
  return gateway.request({
2873
- path: "/api/platform/v1/identity/integrations",
2874
- method: "PUT",
2875
- body: tenantIdentityBody(
2876
- input,
2877
- "identity.upsertIntegration"
2878
- ),
2879
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3318
+ path: `/api/platform/v1/graph/bias${toQueryString({
3319
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
3320
+ threshold: typeof normalized.threshold === "number" ? normalized.threshold : void 0,
3321
+ limit: typeof normalized.limit === "number" ? normalized.limit : void 0
3322
+ })}`
2880
3323
  });
2881
3324
  },
2882
- async listSecrets(input) {
3325
+ /**
3326
+ * Find graph gaps for beliefs that still need testing.
3327
+ */
3328
+ async gaps(query5) {
3329
+ const normalized = normalizeTopicQuery(query5);
2883
3330
  return gateway.request({
2884
- path: `/api/platform/v1/identity/secrets${toQueryString(
2885
- tenantIdentityQuery(input)
2886
- )}`
2887
- }).then(
2888
- (response) => mapGatewayData(
2889
- response,
2890
- (data) => listResultFromEnvelope(
2891
- data,
2892
- "secrets"
2893
- )
2894
- )
2895
- );
3331
+ path: `/api/platform/v1/graph/gaps${toQueryString({
3332
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
3333
+ minConfidence: typeof normalized.minConfidence === "number" ? normalized.minConfidence : void 0
3334
+ })}`
3335
+ });
2896
3336
  },
2897
- async putSecretReference(input, idempotencyKey) {
2898
- cleanRequiredString(input.tenantId, "tenantId");
2899
- cleanRequiredString(input.secretRef, "secretRef");
3337
+ /**
3338
+ * Search across graph resources within a topic.
3339
+ */
3340
+ async search(query5) {
2900
3341
  return gateway.request({
2901
- path: "/api/platform/v1/identity/secrets",
2902
- method: "PUT",
2903
- body: tenantIdentityBody(
2904
- input,
2905
- "identity.putSecretReference"
2906
- ),
2907
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3342
+ path: "/api/platform/v1/search",
3343
+ method: "POST",
3344
+ body: normalizeTopicQuery(query5)
2908
3345
  });
2909
3346
  },
2910
- async evaluatePolicy(input, idempotencyKey) {
2911
- cleanRequiredString(input.tenantId, "tenantId");
2912
- cleanRequiredString(input.policySubject, "policySubject");
2913
- cleanRequiredString(input.policyAction, "policyAction");
2914
- cleanRequiredString(input.policyResource, "policyResource");
3347
+ /**
3348
+ * Retrieve the shortest known path between two graph nodes.
3349
+ */
3350
+ async getPath(query5) {
2915
3351
  return gateway.request({
2916
- path: "/api/platform/v1/identity/policy/evaluate",
2917
- method: "POST",
2918
- body: tenantIdentityBody(
2919
- input,
2920
- "identity.evaluatePolicy"
2921
- ),
2922
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3352
+ path: `/api/platform/v1/graph/path${toQueryString(query5)}`
2923
3353
  });
2924
3354
  },
2925
- async recordPolicyDecision(input, idempotencyKey) {
2926
- cleanRequiredString(input.tenantId, "tenantId");
2927
- cleanRequiredString(input.decision, "decision");
3355
+ /**
3356
+ * Retrieve graph analytics for the requested metric.
3357
+ */
3358
+ async getAnalytics(query5 = {}) {
2928
3359
  return gateway.request({
2929
- path: "/api/platform/v1/identity/policy/decisions",
2930
- method: "POST",
2931
- body: tenantIdentityBody(
2932
- input,
2933
- "identity.recordPolicyDecision"
2934
- ),
2935
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
3360
+ path: `/api/platform/v1/graph/analytics${toQueryString(query5)}`
2936
3361
  });
2937
3362
  }
2938
3363
  };
3364
+ return Object.assign(client, {
3365
+ queryNodes: client.listNodes,
3366
+ queryEdges: client.listEdges,
3367
+ getNeighborhood: client.neighborhood
3368
+ });
2939
3369
  }
2940
3370
 
2941
3371
  // src/topicsClient.ts
2942
- function cleanString3(value) {
3372
+ function cleanString5(value) {
2943
3373
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
2944
3374
  }
2945
3375
  function normalizeTopicRecord(value) {
2946
3376
  const record = asRecord(value);
2947
- const topicId = cleanString3(record.topicId) ?? cleanString3(record.id) ?? cleanString3(record._id);
3377
+ const topicId = cleanString5(record.topicId) ?? cleanString5(record.id) ?? cleanString5(record._id);
2948
3378
  return withTopicAlias({
2949
3379
  ...record,
2950
3380
  ...topicId ? { topicId } : {}
@@ -3663,6 +4093,8 @@ function createTasksFacade(config = {}) {
3663
4093
  description: input.description,
3664
4094
  priority: input.priority,
3665
4095
  status: input.status,
4096
+ assigneeId: input.assigneeId,
4097
+ blockedReason: input.blockedReason,
3666
4098
  linkedBeliefId: input.linkedBeliefId,
3667
4099
  linkedQuestionId: input.linkedQuestionId,
3668
4100
  linkedWorktreeId: input.linkedWorktreeId,
@@ -4157,7 +4589,7 @@ function createEmbeddingsClient(config = {}) {
4157
4589
  }
4158
4590
 
4159
4591
  // src/contextClient.ts
4160
- function cleanString4(value) {
4592
+ function cleanString6(value) {
4161
4593
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
4162
4594
  }
4163
4595
  function cleanNumber(value) {
@@ -4169,11 +4601,11 @@ function cleanBoolean(value) {
4169
4601
  function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
4170
4602
  const effectiveInput = typeof topicIdOrInput === "string" ? input : topicIdOrInput;
4171
4603
  const payload = {};
4172
- const topicId = typeof topicIdOrInput === "string" ? cleanString4(topicIdOrInput) : cleanString4(effectiveInput.topicId);
4604
+ const topicId = typeof topicIdOrInput === "string" ? cleanString6(topicIdOrInput) : cleanString6(effectiveInput.topicId);
4173
4605
  if (topicId) {
4174
4606
  payload.topicId = topicId;
4175
4607
  }
4176
- const query5 = cleanString4(effectiveInput.query);
4608
+ const query5 = cleanString6(effectiveInput.query);
4177
4609
  if (query5) {
4178
4610
  payload.query = query5;
4179
4611
  }
@@ -4181,7 +4613,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
4181
4613
  if (budget !== void 0) {
4182
4614
  payload.budget = budget;
4183
4615
  }
4184
- const ranking = cleanString4(effectiveInput.ranking) ?? cleanString4(effectiveInput.rankingProfile);
4616
+ const ranking = cleanString6(effectiveInput.ranking) ?? cleanString6(effectiveInput.rankingProfile);
4185
4617
  if (ranking) {
4186
4618
  payload.ranking = ranking;
4187
4619
  }
@@ -4197,7 +4629,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
4197
4629
  if (includeEntities !== void 0) {
4198
4630
  payload.includeEntities = includeEntities;
4199
4631
  }
4200
- const mode = cleanString4(effectiveInput.mode);
4632
+ const mode = cleanString6(effectiveInput.mode);
4201
4633
  if (mode) {
4202
4634
  payload.mode = mode;
4203
4635
  }
@@ -4205,11 +4637,11 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
4205
4637
  if (includeFailures !== void 0) {
4206
4638
  payload.includeFailures = includeFailures;
4207
4639
  }
4208
- const worktreeId = cleanString4(effectiveInput.worktreeId);
4640
+ const worktreeId = cleanString6(effectiveInput.worktreeId);
4209
4641
  if (worktreeId) {
4210
4642
  payload.worktreeId = worktreeId;
4211
4643
  }
4212
- const sessionId = cleanString4(effectiveInput.sessionId);
4644
+ const sessionId = cleanString6(effectiveInput.sessionId);
4213
4645
  if (sessionId) {
4214
4646
  payload.sessionId = sessionId;
4215
4647
  }
@@ -5095,7 +5527,8 @@ function createMcpClient(config = {}) {
5095
5527
  transportKind: input.transportKind,
5096
5528
  sessionId: input.sessionId,
5097
5529
  agentIdentity: input.agentIdentity,
5098
- workspaceId: input.workspaceId
5530
+ workspaceId: input.workspaceId,
5531
+ worktreeId: input.worktreeId
5099
5532
  };
5100
5533
  return gateway.request({
5101
5534
  path: `${MCP_GATEWAY_BOOTSTRAP_ENDPOINT}${toQueryString(scope)}`,
@@ -5208,6 +5641,7 @@ var FUNCTION_SURFACE_METHOD_PATHS = [
5208
5641
  "contracts.evaluateContract",
5209
5642
  "contracts.getContractStatus",
5210
5643
  "contradictions.flagContradiction",
5644
+ "controlPlane.identity.resolveInteractivePrincipal",
5211
5645
  "coordination.broadcastMessage",
5212
5646
  "coordination.claimFiles",
5213
5647
  "coordination.endSession",
@@ -5216,8 +5650,12 @@ var FUNCTION_SURFACE_METHOD_PATHS = [
5216
5650
  "coordination.listActiveSessions",
5217
5651
  "coordination.registerSession",
5218
5652
  "coordination.sendAgentMessage",
5653
+ "edges.batchCreateEdges",
5219
5654
  "edges.createEdge",
5220
5655
  "edges.queryLineage",
5656
+ "edges.removeEdge",
5657
+ "edges.removeEdgesBetween",
5658
+ "edges.updateEdge",
5221
5659
  "evidence.addEvidence",
5222
5660
  "evidence.createEvidence",
5223
5661
  "evidence.getEvidence",
@@ -5245,6 +5683,14 @@ var FUNCTION_SURFACE_METHOD_PATHS = [
5245
5683
  "lenses.createLens",
5246
5684
  "lenses.listLenses",
5247
5685
  "lenses.removeLensFromTopic",
5686
+ "nodes.archiveEpistemicNode",
5687
+ "nodes.batchCreateEpistemicNodes",
5688
+ "nodes.createEpistemicNode",
5689
+ "nodes.getEpistemicNode",
5690
+ "nodes.listEpistemicNodes",
5691
+ "nodes.supersedeEpistemicNode",
5692
+ "nodes.updateEpistemicNode",
5693
+ "nodes.verifyEpistemicNode",
5248
5694
  "observations.getObservationContext",
5249
5695
  "observations.ingestObservation",
5250
5696
  "ontologies.applyOntology",
@@ -5274,8 +5720,10 @@ var FUNCTION_SURFACE_METHOD_PATHS = [
5274
5720
  "tasks.updateTask",
5275
5721
  "topics.createTopic",
5276
5722
  "topics.getTopic",
5723
+ "topics.getTopicGraphSpine",
5277
5724
  "topics.getTopicTree",
5278
5725
  "topics.listTopics",
5726
+ "topics.materializeTopicGraph",
5279
5727
  "topics.updateTopic",
5280
5728
  "worktrees.activateWorktree",
5281
5729
  "worktrees.addWorktree",
@@ -5300,8 +5748,11 @@ var CONTRACTS = {
5300
5748
  "apply_lens_to_topic": { method: "POST", path: "/lenses/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5301
5749
  "apply_ontology": { method: "POST", path: "/ontologies/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5302
5750
  "archive_belief": { method: "DELETE", path: "/beliefs", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5751
+ "archive_epistemic_node": { method: "POST", path: "/nodes/archive", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5303
5752
  "archive_ontology": { method: "DELETE", path: "/ontologies", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5304
5753
  "archive_question": { method: "DELETE", path: "/questions", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5754
+ "batch_create_edges": { method: "POST", path: "/edges/batch", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5755
+ "batch_create_epistemic_nodes": { method: "POST", path: "/nodes/batch", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5305
5756
  "begin_build_session": { method: "POST", path: "/mcp/build-session/begin", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5306
5757
  "bisect_confidence": { method: "POST", path: "/beliefs/confidence/bisect", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5307
5758
  "broadcast_message": { method: "POST", path: "/coordination/messages/broadcast", kind: "mutation", idempotent: true, surfaceIntent: "system" },
@@ -5313,6 +5764,7 @@ var CONTRACTS = {
5313
5764
  "create_belief": { method: "POST", path: "/beliefs", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5314
5765
  "create_edge": { method: "POST", path: "/edges", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5315
5766
  "create_epistemic_contract": { method: "POST", path: "/contracts", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5767
+ "create_epistemic_node": { method: "POST", path: "/nodes", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5316
5768
  "create_evidence": { method: "POST", path: "/evidence", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5317
5769
  "create_lens": { method: "POST", path: "/lenses", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5318
5770
  "create_ontology": { method: "POST", path: "/ontologies", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
@@ -5340,6 +5792,7 @@ var CONTRACTS = {
5340
5792
  "get_code_context": { method: "POST", path: "/coding/context", kind: "query", idempotent: false, surfaceIntent: "system" },
5341
5793
  "get_confidence_history": { method: "POST", path: "/beliefs/confidence-history", kind: "query", idempotent: false, surfaceIntent: "compatibility" },
5342
5794
  "get_contract_status": { method: "POST", path: "/contracts/status", kind: "query", idempotent: false, surfaceIntent: "mcp_governance" },
5795
+ "get_epistemic_node": { method: "GET", path: "/nodes/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5343
5796
  "get_evidence": { method: "GET", path: "/evidence/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5344
5797
  "get_failure_log": { method: "POST", path: "/coding/failure-log", kind: "query", idempotent: false, surfaceIntent: "system" },
5345
5798
  "get_falsification_questions": { method: "POST", path: "/questions/falsification", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
@@ -5353,6 +5806,7 @@ var CONTRACTS = {
5353
5806
  "get_question": { method: "GET", path: "/questions/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5354
5807
  "get_topic": { method: "GET", path: "/topics/get", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5355
5808
  "get_topic_coverage": { method: "POST", path: "/graph/topic-coverage", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5809
+ "get_topic_graph_spine": { method: "GET", path: "/topics/graph-spine", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5356
5810
  "get_topic_tree": { method: "GET", path: "/topics/tree", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5357
5811
  "heartbeat_session": { method: "POST", path: "/coordination/heartbeat-session", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5358
5812
  "identity_whoami": { method: "GET", path: "/identity/whoami", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
@@ -5364,6 +5818,7 @@ var CONTRACTS = {
5364
5818
  "list_all_worktrees": { method: "GET", path: "/worktrees/all", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5365
5819
  "list_beliefs": { method: "GET", path: "/beliefs", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5366
5820
  "list_campaigns": { method: "GET", path: "/worktrees/campaigns", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5821
+ "list_epistemic_nodes": { method: "GET", path: "/nodes", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5367
5822
  "list_evidence": { method: "GET", path: "/evidence", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5368
5823
  "list_graph_intelligence_queries": { method: "POST", path: "/graph-intelligence/queries", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5369
5824
  "list_lenses": { method: "GET", path: "/lenses", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
@@ -5374,6 +5829,7 @@ var CONTRACTS = {
5374
5829
  "list_worktrees": { method: "GET", path: "/worktrees", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5375
5830
  "manage_write_policy": { method: "POST", path: "/policy/write-policy/manage", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5376
5831
  "match_entity_type": { method: "POST", path: "/ontologies/match-entity-type", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5832
+ "materialize_topic_graph": { method: "POST", path: "/topics/materialize-graph", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5377
5833
  "merge": { method: "POST", path: "/worktrees/merge", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5378
5834
  "modulate_confidence": { method: "POST", path: "/beliefs/confidence", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5379
5835
  "open_pull_request": { method: "POST", path: "/worktrees/open-pull-request", kind: "mutation", idempotent: true, surfaceIntent: "system" },
@@ -5387,22 +5843,29 @@ var CONTRACTS = {
5387
5843
  "refine_belief": { method: "PATCH", path: "/beliefs/refine", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5388
5844
  "refine_question": { method: "PATCH", path: "/questions/refine", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5389
5845
  "register_session": { method: "POST", path: "/coordination/register-session", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5846
+ "remove_edge": { method: "DELETE", path: "/edges", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5847
+ "remove_edges_between": { method: "DELETE", path: "/edges/between", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5390
5848
  "remove_lens_from_topic": { method: "DELETE", path: "/lenses/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5391
5849
  "resolve_effective_ontology": { method: "POST", path: "/ontologies/effective", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5850
+ "resolve_interactive_principal": { method: "POST", path: "/control-plane/identity/resolve-interactive-principal", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5392
5851
  "run_graph_intelligence_query": { method: "POST", path: "/graph-intelligence/run", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5393
5852
  "search_beliefs": { method: "POST", path: "/beliefs/search", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5394
5853
  "search_evidence": { method: "POST", path: "/evidence/search", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5395
5854
  "seed_belief_lattice": { method: "POST", path: "/scope/belief-lattice/seed", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5396
5855
  "send_agent_message": { method: "POST", path: "/coordination/messages/send", kind: "mutation", idempotent: true, surfaceIntent: "system" },
5856
+ "supersede_epistemic_node": { method: "POST", path: "/nodes/supersede", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5397
5857
  "trace_entity_impact": { method: "POST", path: "/graph/trace-entity-impact", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5398
5858
  "traverse_graph": { method: "POST", path: "/graph/traverse", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5399
5859
  "trigger_belief_review": { method: "POST", path: "/context/belief-review", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5860
+ "update_edge": { method: "PATCH", path: "/edges", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5861
+ "update_epistemic_node": { method: "PATCH", path: "/nodes", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5400
5862
  "update_ontology": { method: "PATCH", path: "/ontologies", kind: "mutation", idempotent: true, surfaceIntent: "mcp_governance" },
5401
5863
  "update_question_status": { method: "PATCH", path: "/questions/status", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5402
5864
  "update_task": { method: "PATCH", path: "/tasks", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5403
5865
  "update_topic": { method: "PATCH", path: "/topics", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" },
5404
5866
  "update_worktree_metadata": { method: "PATCH", path: "/worktrees/metadata", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5405
- "update_worktree_targets": { method: "PATCH", path: "/worktrees/targets", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" }
5867
+ "update_worktree_targets": { method: "PATCH", path: "/worktrees/targets", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5868
+ "verify_epistemic_node": { method: "POST", path: "/nodes/verify", kind: "mutation", idempotent: true, surfaceIntent: "mcp_core" }
5406
5869
  };
5407
5870
  function createSessionId() {
5408
5871
  return typeof crypto !== "undefined" && typeof crypto.randomUUID === "function" ? crypto.randomUUID() : randomIdempotencyKey();
@@ -5470,12 +5933,21 @@ function createFunctionSurfaceClient(config = {}) {
5470
5933
  archiveBelief(input = {}, idempotencyKey) {
5471
5934
  return execute("archive_belief", input, idempotencyKey);
5472
5935
  },
5936
+ archiveEpistemicNode(input = {}, idempotencyKey) {
5937
+ return execute("archive_epistemic_node", input, idempotencyKey);
5938
+ },
5473
5939
  archiveOntology(input = {}, idempotencyKey) {
5474
5940
  return execute("archive_ontology", input, idempotencyKey);
5475
5941
  },
5476
5942
  archiveQuestion(input = {}, idempotencyKey) {
5477
5943
  return execute("archive_question", input, idempotencyKey);
5478
5944
  },
5945
+ batchCreateEdges(input = {}, idempotencyKey) {
5946
+ return execute("batch_create_edges", input, idempotencyKey);
5947
+ },
5948
+ batchCreateEpistemicNodes(input = {}, idempotencyKey) {
5949
+ return execute("batch_create_epistemic_nodes", input, idempotencyKey);
5950
+ },
5479
5951
  beginBuildSession(input = {}, idempotencyKey) {
5480
5952
  return execute("begin_build_session", input, idempotencyKey);
5481
5953
  },
@@ -5509,6 +5981,9 @@ function createFunctionSurfaceClient(config = {}) {
5509
5981
  createEpistemicContract(input = {}, idempotencyKey) {
5510
5982
  return execute("create_epistemic_contract", input, idempotencyKey);
5511
5983
  },
5984
+ createEpistemicNode(input = {}, idempotencyKey) {
5985
+ return execute("create_epistemic_node", input, idempotencyKey);
5986
+ },
5512
5987
  createEvidence(input = {}, idempotencyKey) {
5513
5988
  return execute("create_evidence", input, idempotencyKey);
5514
5989
  },
@@ -5590,6 +6065,9 @@ function createFunctionSurfaceClient(config = {}) {
5590
6065
  getContractStatus(input = {}, idempotencyKey) {
5591
6066
  return execute("get_contract_status", input, idempotencyKey);
5592
6067
  },
6068
+ getEpistemicNode(input = {}, idempotencyKey) {
6069
+ return execute("get_epistemic_node", input, idempotencyKey);
6070
+ },
5593
6071
  getEvidence(input = {}, idempotencyKey) {
5594
6072
  return execute("get_evidence", input, idempotencyKey);
5595
6073
  },
@@ -5629,6 +6107,9 @@ function createFunctionSurfaceClient(config = {}) {
5629
6107
  getTopicCoverage(input = {}, idempotencyKey) {
5630
6108
  return execute("get_topic_coverage", input, idempotencyKey);
5631
6109
  },
6110
+ getTopicGraphSpine(input = {}, idempotencyKey) {
6111
+ return execute("get_topic_graph_spine", input, idempotencyKey);
6112
+ },
5632
6113
  getTopicTree(input = {}, idempotencyKey) {
5633
6114
  return execute("get_topic_tree", input, idempotencyKey);
5634
6115
  },
@@ -5662,6 +6143,9 @@ function createFunctionSurfaceClient(config = {}) {
5662
6143
  listCampaigns(input = {}, idempotencyKey) {
5663
6144
  return execute("list_campaigns", input, idempotencyKey);
5664
6145
  },
6146
+ listEpistemicNodes(input = {}, idempotencyKey) {
6147
+ return execute("list_epistemic_nodes", input, idempotencyKey);
6148
+ },
5665
6149
  listEvidence(input = {}, idempotencyKey) {
5666
6150
  return execute("list_evidence", input, idempotencyKey);
5667
6151
  },
@@ -5692,6 +6176,9 @@ function createFunctionSurfaceClient(config = {}) {
5692
6176
  matchEntityType(input = {}, idempotencyKey) {
5693
6177
  return execute("match_entity_type", input, idempotencyKey);
5694
6178
  },
6179
+ materializeTopicGraph(input = {}, idempotencyKey) {
6180
+ return execute("materialize_topic_graph", input, idempotencyKey);
6181
+ },
5695
6182
  merge(input = {}, idempotencyKey) {
5696
6183
  return execute("merge", input, idempotencyKey);
5697
6184
  },
@@ -5731,12 +6218,21 @@ function createFunctionSurfaceClient(config = {}) {
5731
6218
  registerSession(input = {}, idempotencyKey) {
5732
6219
  return execute("register_session", input, idempotencyKey);
5733
6220
  },
6221
+ removeEdge(input = {}, idempotencyKey) {
6222
+ return execute("remove_edge", input, idempotencyKey);
6223
+ },
6224
+ removeEdgesBetween(input = {}, idempotencyKey) {
6225
+ return execute("remove_edges_between", input, idempotencyKey);
6226
+ },
5734
6227
  removeLensFromTopic(input = {}, idempotencyKey) {
5735
6228
  return execute("remove_lens_from_topic", input, idempotencyKey);
5736
6229
  },
5737
6230
  resolveEffectiveOntology(input = {}, idempotencyKey) {
5738
6231
  return execute("resolve_effective_ontology", input, idempotencyKey);
5739
6232
  },
6233
+ resolveInteractivePrincipal(input = {}, idempotencyKey) {
6234
+ return execute("resolve_interactive_principal", input, idempotencyKey);
6235
+ },
5740
6236
  runGraphIntelligenceQuery(input = {}, idempotencyKey) {
5741
6237
  return execute("run_graph_intelligence_query", input, idempotencyKey);
5742
6238
  },
@@ -5752,6 +6248,9 @@ function createFunctionSurfaceClient(config = {}) {
5752
6248
  sendAgentMessage(input = {}, idempotencyKey) {
5753
6249
  return execute("send_agent_message", input, idempotencyKey);
5754
6250
  },
6251
+ supersedeEpistemicNode(input = {}, idempotencyKey) {
6252
+ return execute("supersede_epistemic_node", input, idempotencyKey);
6253
+ },
5755
6254
  traceEntityImpact(input = {}, idempotencyKey) {
5756
6255
  return execute("trace_entity_impact", input, idempotencyKey);
5757
6256
  },
@@ -5761,6 +6260,12 @@ function createFunctionSurfaceClient(config = {}) {
5761
6260
  triggerBeliefReview(input = {}, idempotencyKey) {
5762
6261
  return execute("trigger_belief_review", input, idempotencyKey);
5763
6262
  },
6263
+ updateEdge(input = {}, idempotencyKey) {
6264
+ return execute("update_edge", input, idempotencyKey);
6265
+ },
6266
+ updateEpistemicNode(input = {}, idempotencyKey) {
6267
+ return execute("update_epistemic_node", input, idempotencyKey);
6268
+ },
5764
6269
  updateOntology(input = {}, idempotencyKey) {
5765
6270
  return execute("update_ontology", input, idempotencyKey);
5766
6271
  },
@@ -5778,6 +6283,9 @@ function createFunctionSurfaceClient(config = {}) {
5778
6283
  },
5779
6284
  updateWorktreeTargets(input = {}, idempotencyKey) {
5780
6285
  return execute("update_worktree_targets", input, idempotencyKey);
6286
+ },
6287
+ verifyEpistemicNode(input = {}, idempotencyKey) {
6288
+ return execute("verify_epistemic_node", input, idempotencyKey);
5781
6289
  }
5782
6290
  };
5783
6291
  }
@@ -5985,7 +6493,7 @@ var ORG_GRAPH_SEARCH_FIELDS = [
5985
6493
  "cursor",
5986
6494
  "provenanceScope"
5987
6495
  ];
5988
- function cleanString5(value, label) {
6496
+ function cleanString7(value, label) {
5989
6497
  const normalized = value?.trim();
5990
6498
  if (!normalized) {
5991
6499
  throw new Error(`${label} is required`);
@@ -6007,9 +6515,9 @@ function searchBody(input) {
6007
6515
  "orgGraphSearch.search"
6008
6516
  );
6009
6517
  return {
6010
- tenantId: cleanString5(input.tenantId, "tenantId"),
6011
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
6012
- query: cleanString5(input.query, "query"),
6518
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6519
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
6520
+ query: cleanString7(input.query, "query"),
6013
6521
  nodeTypes: input.nodeTypes,
6014
6522
  minConfidence: input.minConfidence,
6015
6523
  limit: input.limit,
@@ -6019,8 +6527,8 @@ function searchBody(input) {
6019
6527
  }
6020
6528
  function listQuery2(input) {
6021
6529
  return {
6022
- tenantId: cleanString5(input.tenantId, "tenantId"),
6023
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
6530
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6531
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
6024
6532
  nodeTypes: input.nodeTypes?.join(","),
6025
6533
  minConfidence: input.minConfidence,
6026
6534
  limit: input.limit,
@@ -6054,8 +6562,8 @@ function createOrgGraphSearchClient(config = {}) {
6054
6562
  return gateway.request({
6055
6563
  path: `/api/platform/v1/org-graph-search/nodes/${nodePath}${toQueryString(
6056
6564
  {
6057
- tenantId: cleanString5(input.tenantId, "tenantId"),
6058
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
6565
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6566
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
6059
6567
  globalId: nodeId ? void 0 : globalId
6060
6568
  }
6061
6569
  )}`
@@ -7020,7 +7528,7 @@ function createToolRegistryClient(config = {}) {
7020
7528
  }
7021
7529
 
7022
7530
  // src/version.ts
7023
- var LUCERN_SDK_VERSION = "0.3.0-alpha.9";
7531
+ var LUCERN_SDK_VERSION = "1.0.0";
7024
7532
 
7025
7533
  // src/workflowClient.ts
7026
7534
  function normalizeLensQuery(value) {
@@ -7428,6 +7936,12 @@ function toGatewayConfig(config) {
7428
7936
  return {
7429
7937
  baseUrl: config.baseUrl,
7430
7938
  fetchImpl: config.fetchImpl,
7939
+ apiKey: config.apiKey,
7940
+ userToken: config.userToken,
7941
+ environment: config.environment,
7942
+ clerkId: config.clerkId,
7943
+ userId: config.userId,
7944
+ deploymentHost: config.deploymentHost,
7431
7945
  maxRetries: config.maxRetries,
7432
7946
  timeoutMs: config.timeoutMs,
7433
7947
  timeoutMsByMethod: config.timeoutMsByMethod,
@@ -7436,23 +7950,15 @@ function toGatewayConfig(config) {
7436
7950
  onResponse: config.onResponse,
7437
7951
  authContext: config.authContext,
7438
7952
  requireCanonicalAuthContext: config.requireCanonicalAuthContext,
7439
- getAuthHeaders: async () => {
7440
- const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
7441
- if (config.apiKey && !base["x-lucern-key"] && !base.Authorization) {
7442
- base["x-lucern-key"] = config.apiKey;
7443
- }
7444
- if (config.userToken && !base["x-lucern-session-token"]) {
7445
- base["x-lucern-session-token"] = config.userToken;
7446
- }
7447
- if (config.environment && !base["x-lucern-environment"]) {
7448
- base["x-lucern-environment"] = config.environment;
7449
- }
7450
- return base;
7451
- }
7953
+ getAuthHeaders: config.getAuthHeaders
7452
7954
  };
7453
7955
  }
7454
7956
  function exposeGatewayData(response) {
7455
- return Object.assign({}, response, response.data);
7957
+ const data = response.data;
7958
+ if (data !== null && typeof data === "object" && !Array.isArray(data)) {
7959
+ return Object.assign({}, response, data);
7960
+ }
7961
+ return { ...response };
7456
7962
  }
7457
7963
  function createLucernClient(config = {}) {
7458
7964
  const gatewayConfig = toGatewayConfig(config);
@@ -7473,6 +7979,7 @@ function createLucernClient(config = {}) {
7473
7979
  const auditClient = createAuditClient(gatewayConfig);
7474
7980
  const authDeviceClient = createAuthDeviceClient(gatewayConfig);
7475
7981
  const adminClient = createAdminClient(gatewayConfig);
7982
+ const accessControlClient = createAccessControlClient(gatewayConfig);
7476
7983
  const answersClient = createAnswersClient(gatewayConfig);
7477
7984
  const contradictionsFacade = createContradictionsFacade(gatewayConfig);
7478
7985
  const edgesFacade = createEdgesFacade(gatewayConfig);
@@ -7492,6 +7999,7 @@ function createLucernClient(config = {}) {
7492
7999
  const ontologyLinksClient = createOntologyLinksClient(gatewayConfig);
7493
8000
  const orgGraphSearchClient = createOrgGraphSearchClient(gatewayConfig);
7494
8001
  const functionSurfaceClient = createFunctionSurfaceClient(gatewayConfig);
8002
+ const controlPlaneClient = createControlPlaneClient(gatewayConfig);
7495
8003
  const toolRegistryClient = createToolRegistryClient(gatewayConfig);
7496
8004
  const modelRuntimeClient = createModelRuntimeClient(gatewayConfig);
7497
8005
  const packsClient = createPacksClient(gatewayConfig);
@@ -7863,9 +8371,24 @@ function createLucernClient(config = {}) {
7863
8371
  typeof input === "string" ? { nodeId: input } : input
7864
8372
  );
7865
8373
  },
7866
- create: graphClient.createNode,
7867
- update: graphClient.updateNode,
7868
- batchCreate: graphClient.batchCreateNodes,
8374
+ create(input, idempotencyKey) {
8375
+ return functionSurfaceClient.createEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8376
+ },
8377
+ createEpistemicNode(input, idempotencyKey) {
8378
+ return functionSurfaceClient.createEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8379
+ },
8380
+ update(input, idempotencyKey) {
8381
+ return functionSurfaceClient.updateEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8382
+ },
8383
+ updateEpistemicNode(input, idempotencyKey) {
8384
+ return functionSurfaceClient.updateEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8385
+ },
8386
+ batchCreate(input, idempotencyKey) {
8387
+ return functionSurfaceClient.batchCreateEpistemicNodes(input, idempotencyKey).then(exposeGatewayData);
8388
+ },
8389
+ batchCreateEpistemicNodes(input, idempotencyKey) {
8390
+ return functionSurfaceClient.batchCreateEpistemicNodes(input, idempotencyKey).then(exposeGatewayData);
8391
+ },
7869
8392
  listByTopicAndType(input) {
7870
8393
  return gateway.request({
7871
8394
  path: `/api/platform/v1/nodes${sdkQueryString({
@@ -7890,8 +8413,15 @@ function createLucernClient(config = {}) {
7890
8413
  })}`
7891
8414
  }).then(exposeGatewayData);
7892
8415
  },
7893
- supersede: graphClient.supersedeNode,
7894
- verify: graphClient.verifyNode,
8416
+ supersede(input, idempotencyKey) {
8417
+ return functionSurfaceClient.supersedeEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8418
+ },
8419
+ verify(input, idempotencyKey) {
8420
+ return functionSurfaceClient.verifyEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8421
+ },
8422
+ archive(input, idempotencyKey) {
8423
+ return functionSurfaceClient.archiveEpistemicNode(input, idempotencyKey).then(exposeGatewayData);
8424
+ },
7895
8425
  hardDelete: graphClient.hardDeleteNode
7896
8426
  };
7897
8427
  const publicationNamespace = {
@@ -8098,7 +8628,13 @@ function createLucernClient(config = {}) {
8098
8628
  }
8099
8629
  },
8100
8630
  edges: {
8101
- create(args) {
8631
+ create(args, idempotencyKey) {
8632
+ if (args.from && args.to) {
8633
+ return functionSurfaceClient.createEdge(args, idempotencyKey).then(exposeGatewayData);
8634
+ }
8635
+ if (!args.sourceId || !args.targetId) {
8636
+ throw new Error("from/to graph refs or sourceId/targetId are required");
8637
+ }
8102
8638
  return edgesFacade.create({
8103
8639
  sourceId: args.sourceId,
8104
8640
  targetId: args.targetId,
@@ -8109,17 +8645,32 @@ function createLucernClient(config = {}) {
8109
8645
  context: args.context ?? args.reasoning
8110
8646
  }).then(exposeGatewayData);
8111
8647
  },
8648
+ createEdge(input, idempotencyKey) {
8649
+ return functionSurfaceClient.createEdge(input, idempotencyKey).then(exposeGatewayData);
8650
+ },
8112
8651
  update(input, idempotencyKey) {
8113
- return edgesFacade.update(input, idempotencyKey).then(exposeGatewayData);
8652
+ return functionSurfaceClient.updateEdge(input, idempotencyKey).then(exposeGatewayData);
8653
+ },
8654
+ updateEdge(input, idempotencyKey) {
8655
+ return functionSurfaceClient.updateEdge(input, idempotencyKey).then(exposeGatewayData);
8114
8656
  },
8115
8657
  remove(input, idempotencyKey) {
8116
- return edgesFacade.remove(input, idempotencyKey).then(exposeGatewayData);
8658
+ return functionSurfaceClient.removeEdge(input, idempotencyKey).then(exposeGatewayData);
8659
+ },
8660
+ removeEdge(input, idempotencyKey) {
8661
+ return functionSurfaceClient.removeEdge(input, idempotencyKey).then(exposeGatewayData);
8117
8662
  },
8118
8663
  removeBetween(input, idempotencyKey) {
8119
- return edgesFacade.removeBetween(input, idempotencyKey).then(exposeGatewayData);
8664
+ return functionSurfaceClient.removeEdgesBetween(input, idempotencyKey).then(exposeGatewayData);
8665
+ },
8666
+ removeEdgesBetween(input, idempotencyKey) {
8667
+ return functionSurfaceClient.removeEdgesBetween(input, idempotencyKey).then(exposeGatewayData);
8120
8668
  },
8121
8669
  batchCreate(input, idempotencyKey) {
8122
- return edgesFacade.batchCreate(input, idempotencyKey).then(exposeGatewayData);
8670
+ return functionSurfaceClient.batchCreateEdges(input, idempotencyKey).then(exposeGatewayData);
8671
+ },
8672
+ batchCreateEdges(input, idempotencyKey) {
8673
+ return functionSurfaceClient.batchCreateEdges(input, idempotencyKey).then(exposeGatewayData);
8123
8674
  },
8124
8675
  delete(input, idempotencyKey) {
8125
8676
  return edgesFacade.delete(input, idempotencyKey).then(exposeGatewayData);
@@ -8831,17 +9382,7 @@ function createLucernClient(config = {}) {
8831
9382
  },
8832
9383
  get: topicsFacade.get,
8833
9384
  create(input) {
8834
- return topicsFacade.create({
8835
- name: input.name,
8836
- description: input.description,
8837
- type: input.type,
8838
- parentTopicId: input.parentTopicId,
8839
- ontologyId: input.ontologyId,
8840
- tenantId: input.tenantId,
8841
- workspaceId: input.workspaceId,
8842
- visibility: input.visibility,
8843
- createdBy: input.createdBy
8844
- });
9385
+ return functionSurfaceClient.createTopic(input).then(exposeGatewayData);
8845
9386
  },
8846
9387
  update(topicId, input) {
8847
9388
  return topicsFacade.update({
@@ -8875,7 +9416,19 @@ function createLucernClient(config = {}) {
8875
9416
  });
8876
9417
  },
8877
9418
  remove: topicsFacade.remove,
8878
- bulkCreate: topicsFacade.bulkCreate
9419
+ bulkCreate: topicsFacade.bulkCreate,
9420
+ materializeGraph(input = {}, idempotencyKey) {
9421
+ return functionSurfaceClient.materializeTopicGraph(input, idempotencyKey).then(exposeGatewayData);
9422
+ },
9423
+ materializeTopicGraph(input = {}, idempotencyKey) {
9424
+ return functionSurfaceClient.materializeTopicGraph(input, idempotencyKey).then(exposeGatewayData);
9425
+ },
9426
+ graphSpine(input = {}) {
9427
+ return functionSurfaceClient.getTopicGraphSpine(input).then(exposeGatewayData);
9428
+ },
9429
+ getTopicGraphSpine(input = {}) {
9430
+ return functionSurfaceClient.getTopicGraphSpine(input).then(exposeGatewayData);
9431
+ }
8879
9432
  },
8880
9433
  answers: {
8881
9434
  create(input) {
@@ -9110,8 +9663,16 @@ function createLucernClient(config = {}) {
9110
9663
  disable: packsClient.disable
9111
9664
  },
9112
9665
  nodes: nodesNamespace,
9666
+ controlPlane: {
9667
+ identity: {
9668
+ resolveInteractivePrincipal: controlPlaneClient.identity.resolveInteractivePrincipal
9669
+ },
9670
+ raw: controlPlaneClient
9671
+ },
9113
9672
  identity: {
9114
9673
  ...identityFacade,
9674
+ access: accessControlClient,
9675
+ resolveInteractivePrincipal: identityClient.resolveInteractivePrincipal,
9115
9676
  evaluatePolicy: identityClient.evaluatePolicy,
9116
9677
  recordPolicyDecision: identityClient.recordPolicyDecision,
9117
9678
  putSecretReference: identityClient.putSecretReference,
@@ -9156,6 +9717,7 @@ function createLucernClient(config = {}) {
9156
9717
  ontologyLinks: ontologyLinksClient,
9157
9718
  orgGraphSearch: orgGraphSearchClient,
9158
9719
  functionSurface: functionSurfaceClient,
9720
+ controlPlane: controlPlaneClient,
9159
9721
  toolRegistry: toolRegistryClient,
9160
9722
  modelRuntime: modelRuntimeClient,
9161
9723
  packs: packsClient,
@@ -9173,7 +9735,7 @@ function createLucernClient(config = {}) {
9173
9735
  }
9174
9736
 
9175
9737
  // src/facade/context.ts
9176
- function cleanString6(value) {
9738
+ function cleanString8(value) {
9177
9739
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
9178
9740
  }
9179
9741
  function cleanNumber2(value) {
@@ -9185,11 +9747,11 @@ function cleanBoolean2(value) {
9185
9747
  function buildCompileContextRequest2(topicIdOrInput = {}, input = {}) {
9186
9748
  const effectiveInput = typeof topicIdOrInput === "string" ? input : topicIdOrInput;
9187
9749
  const payload = {};
9188
- const topicId = typeof topicIdOrInput === "string" ? cleanString6(topicIdOrInput) : cleanString6(effectiveInput.topicId);
9750
+ const topicId = typeof topicIdOrInput === "string" ? cleanString8(topicIdOrInput) : cleanString8(effectiveInput.topicId);
9189
9751
  if (topicId) {
9190
9752
  payload.topicId = topicId;
9191
9753
  }
9192
- const query5 = cleanString6(effectiveInput.query);
9754
+ const query5 = cleanString8(effectiveInput.query);
9193
9755
  if (query5) {
9194
9756
  payload.query = query5;
9195
9757
  }
@@ -9197,7 +9759,7 @@ function buildCompileContextRequest2(topicIdOrInput = {}, input = {}) {
9197
9759
  if (budget !== void 0) {
9198
9760
  payload.budget = budget;
9199
9761
  }
9200
- const ranking = cleanString6(effectiveInput.ranking) ?? cleanString6(effectiveInput.rankingProfile);
9762
+ const ranking = cleanString8(effectiveInput.ranking) ?? cleanString8(effectiveInput.rankingProfile);
9201
9763
  if (ranking) {
9202
9764
  payload.ranking = ranking;
9203
9765
  }
@@ -9213,7 +9775,7 @@ function buildCompileContextRequest2(topicIdOrInput = {}, input = {}) {
9213
9775
  if (includeEntities !== void 0) {
9214
9776
  payload.includeEntities = includeEntities;
9215
9777
  }
9216
- const mode = cleanString6(effectiveInput.mode);
9778
+ const mode = cleanString8(effectiveInput.mode);
9217
9779
  if (mode) {
9218
9780
  payload.mode = mode;
9219
9781
  }
@@ -9221,11 +9783,11 @@ function buildCompileContextRequest2(topicIdOrInput = {}, input = {}) {
9221
9783
  if (includeFailures !== void 0) {
9222
9784
  payload.includeFailures = includeFailures;
9223
9785
  }
9224
- const worktreeId = cleanString6(effectiveInput.worktreeId);
9786
+ const worktreeId = cleanString8(effectiveInput.worktreeId);
9225
9787
  if (worktreeId) {
9226
9788
  payload.worktreeId = worktreeId;
9227
9789
  }
9228
- const sessionId = cleanString6(effectiveInput.sessionId);
9790
+ const sessionId = cleanString8(effectiveInput.sessionId);
9229
9791
  if (sessionId) {
9230
9792
  payload.sessionId = sessionId;
9231
9793
  }
@@ -10591,7 +11153,12 @@ var REASONING_METHODS = [
10591
11153
  "inductive",
10592
11154
  "abductive",
10593
11155
  "analogical",
10594
- "empirical"
11156
+ "causal",
11157
+ "correlational",
11158
+ "testimonial",
11159
+ "statistical",
11160
+ "implicit",
11161
+ "pattern_match"
10595
11162
  ];
10596
11163
  var DEFEAT_TYPES = [
10597
11164
  "rebuts",
@@ -10642,19 +11209,31 @@ var SESSION_AUTH_MODES = [
10642
11209
  "tenant_api_key",
10643
11210
  "session_token"
10644
11211
  ];
10645
- var SESSION_PRINCIPAL_TYPES = ["human", "service", "agent"];
11212
+ var SESSION_PRINCIPAL_TYPES = [
11213
+ "human",
11214
+ "service",
11215
+ "agent",
11216
+ "group",
11217
+ "external_viewer"
11218
+ ];
10646
11219
  var SESSION_LIFECYCLE_STATUSES = [
10647
11220
  "active",
10648
11221
  "expired",
10649
11222
  "revoked"
10650
11223
  ];
10651
11224
  function inferSessionPrincipalType(principalId) {
10652
- if (principalId.startsWith("user:")) {
11225
+ if (/^user_[A-Za-z0-9]+$/.test(principalId)) {
10653
11226
  return "human";
10654
11227
  }
10655
11228
  if (principalId.startsWith("agent:")) {
10656
11229
  return "agent";
10657
11230
  }
11231
+ if (principalId.startsWith("group:")) {
11232
+ return "group";
11233
+ }
11234
+ if (principalId.startsWith("external:") || principalId.startsWith("external_viewer:")) {
11235
+ return "external_viewer";
11236
+ }
10658
11237
  return "service";
10659
11238
  }
10660
11239
  function normalizeDelegationChain(args) {
@@ -10888,6 +11467,12 @@ function isMcpToolAllowed(toolName, options = {}) {
10888
11467
  if (options.permittedTools !== void 0 && options.permittedTools !== null) {
10889
11468
  return options.permittedTools.some((tool) => tool.toolName === toolName);
10890
11469
  }
11470
+ if (options.sessionType === "agent") {
11471
+ if (options.allowedTools === null || options.allowedTools === void 0) {
11472
+ return false;
11473
+ }
11474
+ return options.allowedTools.includes(toolName);
11475
+ }
10891
11476
  if (options.allowedTools === null || options.allowedTools === void 0) {
10892
11477
  return true;
10893
11478
  }
@@ -11600,10 +12185,11 @@ async function hydrateInfisicalRuntimeEnv(options) {
11600
12185
  message: `Unknown Lucern Infisical runtime surface: ${options.surfaceId}.`
11601
12186
  });
11602
12187
  }
11603
- if (surface.delivery !== "runtime_fetch") {
12188
+ const fallbackDelivery = surface.fallback;
12189
+ if (surface.delivery !== "runtime_fetch" && fallbackDelivery !== "runtime_fetch") {
11604
12190
  throw new InfisicalRuntimeError({
11605
12191
  code: "INFISICAL_UNSUPPORTED_SURFACE_DELIVERY",
11606
- message: `${surface.id} uses ${surface.delivery}; runtime fetch is only valid for runtime_fetch surfaces.`
12192
+ message: `${surface.id} uses ${surface.delivery}; runtime fetch is only valid for runtime_fetch surfaces or surfaces with a runtime_fetch fallback.`
11607
12193
  });
11608
12194
  }
11609
12195
  const fetchImpl = options.fetchImpl ?? globalThis.fetch;
@@ -11616,35 +12202,26 @@ async function hydrateInfisicalRuntimeEnv(options) {
11616
12202
  const token = await loginWithUniversalAuth(bootstrap, fetchImpl);
11617
12203
  const values = {};
11618
12204
  const missingRequired = [];
11619
- const sourcePaths = [];
11620
- for (const pathId of surface.sourcePathIds) {
11621
- const path = findInfisicalRuntimePath(pathId);
11622
- if (!path) {
11623
- throw new InfisicalRuntimeError({
11624
- code: "INFISICAL_UNKNOWN_PATH",
11625
- message: `Unknown Lucern Infisical runtime path: ${pathId}.`
11626
- });
11627
- }
11628
- sourcePaths.push(path.secretPath);
11629
- for (const variable of path.variables) {
11630
- const runtimeVariable = variable;
11631
- const secretValue = await readVariableSecret({
11632
- bootstrap,
11633
- fetchImpl,
11634
- token,
11635
- secretPath: path.secretPath,
11636
- variable: runtimeVariable
11637
- });
11638
- if (!secretValue) {
11639
- if (runtimeVariable.required) {
11640
- missingRequired.push(runtimeVariable.name);
11641
- }
11642
- continue;
11643
- }
11644
- values[runtimeVariable.name] = secretValue.value;
11645
- for (const alias of runtimeVariable.aliases ?? []) {
11646
- values[alias] = secretValue.value;
12205
+ const sourcePaths = /* @__PURE__ */ new Set();
12206
+ const variables = options.includeGeneratedSurfaceVariables ? generatedSurfaceVariables(options.surfaceId) : contractSurfaceVariables(surface.sourcePathIds);
12207
+ for (const runtimeVariable of variables) {
12208
+ sourcePaths.add(runtimeVariable.secretPath);
12209
+ const secretValue = await readVariableSecret({
12210
+ bootstrap,
12211
+ fetchImpl,
12212
+ token,
12213
+ secretPath: runtimeVariable.secretPath,
12214
+ variable: runtimeVariable
12215
+ });
12216
+ if (!secretValue) {
12217
+ if (runtimeVariable.required) {
12218
+ missingRequired.push(runtimeVariable.name);
11647
12219
  }
12220
+ continue;
12221
+ }
12222
+ values[runtimeVariable.name] = secretValue.value;
12223
+ for (const alias of runtimeVariable.aliases ?? []) {
12224
+ values[alias] = secretValue.value;
11648
12225
  }
11649
12226
  }
11650
12227
  if (missingRequired.length > 0) {
@@ -11658,7 +12235,7 @@ async function hydrateInfisicalRuntimeEnv(options) {
11658
12235
  surfaceId: options.surfaceId,
11659
12236
  environment: bootstrap.environment,
11660
12237
  values,
11661
- sourcePaths
12238
+ sourcePaths: [...sourcePaths]
11662
12239
  };
11663
12240
  }
11664
12241
  function applyInfisicalRuntimeEnv(result, targetEnv, options = {}) {
@@ -11729,6 +12306,46 @@ async function readVariableSecret(args) {
11729
12306
  }
11730
12307
  return null;
11731
12308
  }
12309
+ function contractSurfaceVariables(sourcePathIds) {
12310
+ return sourcePathIds.flatMap((pathId) => {
12311
+ const path = findInfisicalRuntimePath(pathId);
12312
+ if (!path) {
12313
+ throw new InfisicalRuntimeError({
12314
+ code: "INFISICAL_UNKNOWN_PATH",
12315
+ message: `Unknown Lucern Infisical runtime path: ${pathId}.`
12316
+ });
12317
+ }
12318
+ return path.variables.map((variable) => ({
12319
+ ...variable,
12320
+ secretPath: path.secretPath
12321
+ }));
12322
+ });
12323
+ }
12324
+ function generatedSurfaceVariables(surfaceId) {
12325
+ const surface = GENERATED_INFISICAL_RUNTIME_ENV.surfaces[surfaceId];
12326
+ if (!surface) {
12327
+ throw new InfisicalRuntimeError({
12328
+ code: "INFISICAL_UNKNOWN_SURFACE",
12329
+ message: `Unknown generated Lucern Infisical runtime surface: ${surfaceId}.`
12330
+ });
12331
+ }
12332
+ return surface.variables.map(generatedVariableToRuntimeVariable);
12333
+ }
12334
+ function generatedVariableToRuntimeVariable(variable) {
12335
+ const aliases = /* @__PURE__ */ new Set([
12336
+ ...variable.envNames.filter((name) => name !== variable.canonicalName),
12337
+ ...variable.aliases
12338
+ ]);
12339
+ return {
12340
+ name: variable.canonicalName,
12341
+ required: variable.required,
12342
+ secret: variable.secret,
12343
+ public: variable.public,
12344
+ aliases: [...aliases],
12345
+ description: variable.description,
12346
+ secretPath: variable.sourcePath
12347
+ };
12348
+ }
11732
12349
  async function readSecretValue(args) {
11733
12350
  const params = new URLSearchParams({
11734
12351
  projectId: args.bootstrap.projectId,
@@ -11836,6 +12453,6 @@ function formatInfisicalRuntimeError(error) {
11836
12453
  return "Unknown Infisical runtime error shape";
11837
12454
  }
11838
12455
 
11839
- export { BELIEF_STATUSES, BRANCH_DEPRECATION_MESSAGE, CANONICAL_WORKFLOW_DEFINITIONS, CONFIDENCE_TRIGGERS, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, CONTROL_OBJECT_BLAST_RADII, CONTROL_OBJECT_EDIT_SURFACES, CONTROL_OBJECT_INHERITANCE_RULES, CONTROL_OBJECT_KINDS, CONTROL_OBJECT_OWNERSHIP_CONTRACT, CONTROL_OBJECT_OWNERSHIP_MATRIX, CONTROL_OBJECT_OWNERSHIP_ROWS, CONTROL_OBJECT_OWNER_SCOPES, CustomToolRegistryError, DEFAULT_TIER_APPROVAL_MODE, DEFAULT_WORKFLOW_AUTO_FIX_POLICY, DEFEAT_TYPES, DOMAIN_EVENT_TYPES, DOMAIN_EVENT_VERSION, DeviceAuthorizationError, EDGE_TYPES, EMBEDDINGS_FIELDS, EPISTEMIC_EDGE_TYPES, EPISTEMIC_LAYERS, EVENTING_FIELDS, EVENT_RETENTION_DEFAULT_DAYS, FORK_REASONS, FUNCTION_SURFACE_METHOD_PATHS, GRAPH_ANALYSIS_ANALYSIS_FIELDS, GRAPH_ANALYSIS_COMPUTE_FIELDS, GRAPH_ANALYSIS_SUGGESTION_FIELDS, GRAPH_RECOMMENDATION_FIELDS, GRAPH_STATE_CLASSIFIER_FIELDS, InfisicalRuntimeError, JOBS_FIELDS, JUDGMENT_TYPES, LENS_PERSPECTIVE_TYPES, LENS_STATUSES, LENS_TASK_TEMPLATE_PRIORITIES, LUCERN_SDK_VERSION, LucernApiError, LucernSdkAuthContextError, MAX_ENTITY_LIMIT, MCP_ALWAYS_ALLOWED_TOOL_NAMES, MERGE_OUTCOMES, MODEL_RUNTIME_FIELDS, MORNING_BRIEF_WORKFLOW_ID, NIGHTLY_RECONCILIATION_WORKFLOW_ID, ONTOLOGY_LINK_FIELDS, ORG_GRAPH_SEARCH_FIELDS, REASONING_METHODS, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, STRUCTURAL_EDGE_TYPES, TELEMETRY_FIELDS, TENANT_IDENTITY_FIELDS, TOOL_REGISTRY_FIELDS, WEBHOOK_MAX_ATTEMPTS, WEBHOOK_RETRY_DELAYS_MS, WORKFLOW_ACTION_KINDS, WORKFLOW_APPROVAL_MODES, WORKFLOW_AUTO_FIX_MODES, WORKFLOW_HOOK_EVENTS, WORKFLOW_INTEGRITY_CHECKS, WORKFLOW_MUTATION_TIERS, WORKFLOW_OUTPUT_KINDS, WORKFLOW_PROOF_ARTIFACT_KINDS, WORKFLOW_RUNTIME_SCHEMA_VERSION, WORKFLOW_RUN_STATUSES, WORKFLOW_STAFFING_HINTS, WORKFLOW_TRIGGER_KINDS, WORKTREE_PHASES, applyInfisicalRuntimeEnv, asListItems, asRecord, assertValidWebhookSecret, assertValidWebhookUrl, buildDeprecatedBranchMetadata, buildDomainEvent, buildMcpToolContracts, buildMcpToolManifest, clearRegisteredCustomTools, compareEventCursor, compileContextPackFromSnapshot, computeWebhookSignature, createAdminClient, createAnswersClient, createAudiencesClient, createAuditClient, createAuthDeviceClient, createBeliefsClient, createCanonicalAuthHeaders, createContextClient, createContextFacade, createDecisionsClient, createEmbeddingsClient, createEventId, createEventingClient, createEventsClientCore, createEvidenceClient, createFunctionSurfaceClient, createGatewayRequestClient, createGraphAnalysisClient, createGraphClient, createGraphRecommendationsClient, createGraphStateClassifierClient, createHarnessClient, createIdentityClient, createJobsClient, createLearningClient, createListResult, createLucernClient, createModelRuntimeClient, createOntologyClient, createOntologyLinksClient, createOrgGraphSearchClient, createPacksClient, createPolicyClient, createReportsClient, createSchemaClient, createSourcesClient, createTelemetryClient, createToolRegistryClient, createTopicsClient, createWebhooksClientCore, createWorkflowClient, decodeEventCursor, emitDomainEvent, encodeEventCursor, eventPatternToRegExp, getControlObjectOwnershipCase, getMcpToolExposure, getRegisteredCustomTool, hydrateInfisicalRuntimeEnv, inferActorType, inferLensPerspectiveTypeFromBranchSchema, inferSessionPrincipalType, invokeRegisteredCustomTool, isAfterCursor, isInfisicalRuntimeDisabled, isLensFilterCriteria, isLucernPrompt, isMcpToolAllowed, isRecord2 as isRecord, isTaxonomyFilterCriteriaV1, lastDelegator, listControlObjectOwnershipCases, listRegisteredCustomTools, mapAliasedList, mapGatewayData, mapOpinionHistoryEntriesFromGatewayData, matchesAnyEventPattern, matchesEventPattern, mcpContractToInputSchema, mcpContractToManifestEntry, migrateBranchToLens, nextDeliveryAttemptAt, normalizeCanonicalLucernAuthContext, normalizeDelegationChain, normalizeNodeVerificationStatus, normalizeNodeWriteInput, normalizeRetentionDays, normalizeTopicQuery, normalizeWebhookPatterns, opinionFromBaseRate, opinionFromDogmatic, opinionFromProjected, planContextPackCompilation, randomIdempotencyKey, readInfisicalRuntimeBootstrap, registerCustomTool, resolveDeliveryFailureStatus, resolveText, resolveTopicId, sanitizeWebhookRecord, sortEventsByCursor, toQueryString, truncateWebhookResponseBody, unregisterCustomTool, validateFilterCriteria, withSdkAliases, withTextAlias, withTopicAlias };
12456
+ export { BELIEF_STATUSES, BRANCH_DEPRECATION_MESSAGE, CANONICAL_WORKFLOW_DEFINITIONS, CONFIDENCE_TRIGGERS, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, CONTROL_OBJECT_BLAST_RADII, CONTROL_OBJECT_EDIT_SURFACES, CONTROL_OBJECT_INHERITANCE_RULES, CONTROL_OBJECT_KINDS, CONTROL_OBJECT_OWNERSHIP_CONTRACT, CONTROL_OBJECT_OWNERSHIP_MATRIX, CONTROL_OBJECT_OWNERSHIP_ROWS, CONTROL_OBJECT_OWNER_SCOPES, CustomToolRegistryError, DEFAULT_TIER_APPROVAL_MODE, DEFAULT_WORKFLOW_AUTO_FIX_POLICY, DEFEAT_TYPES, DOMAIN_EVENT_TYPES, DOMAIN_EVENT_VERSION, DeviceAuthorizationError, EDGE_TYPES, EMBEDDINGS_FIELDS, EPISTEMIC_EDGE_TYPES, EPISTEMIC_LAYERS, EVENTING_FIELDS, EVENT_RETENTION_DEFAULT_DAYS, FORK_REASONS, FUNCTION_SURFACE_METHOD_PATHS, GRAPH_ANALYSIS_ANALYSIS_FIELDS, GRAPH_ANALYSIS_COMPUTE_FIELDS, GRAPH_ANALYSIS_SUGGESTION_FIELDS, GRAPH_RECOMMENDATION_FIELDS, GRAPH_STATE_CLASSIFIER_FIELDS, InfisicalRuntimeError, JOBS_FIELDS, JUDGMENT_TYPES, LENS_PERSPECTIVE_TYPES, LENS_STATUSES, LENS_TASK_TEMPLATE_PRIORITIES, LUCERN_SDK_VERSION, LucernAccessControlError, LucernApiError, LucernControlPlaneIdentityError, LucernSdkAuthContextError, MAX_ENTITY_LIMIT, MCP_ALWAYS_ALLOWED_TOOL_NAMES, MERGE_OUTCOMES, MODEL_RUNTIME_FIELDS, MORNING_BRIEF_WORKFLOW_ID, NIGHTLY_RECONCILIATION_WORKFLOW_ID, ONTOLOGY_LINK_FIELDS, ORG_GRAPH_SEARCH_FIELDS, REASONING_METHODS, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, STRUCTURAL_EDGE_TYPES, TELEMETRY_FIELDS, TENANT_IDENTITY_FIELDS, TOOL_REGISTRY_FIELDS, WEBHOOK_MAX_ATTEMPTS, WEBHOOK_RETRY_DELAYS_MS, WORKFLOW_ACTION_KINDS, WORKFLOW_APPROVAL_MODES, WORKFLOW_AUTO_FIX_MODES, WORKFLOW_HOOK_EVENTS, WORKFLOW_INTEGRITY_CHECKS, WORKFLOW_MUTATION_TIERS, WORKFLOW_OUTPUT_KINDS, WORKFLOW_PROOF_ARTIFACT_KINDS, WORKFLOW_RUNTIME_SCHEMA_VERSION, WORKFLOW_RUN_STATUSES, WORKFLOW_STAFFING_HINTS, WORKFLOW_TRIGGER_KINDS, WORKTREE_PHASES, applyInfisicalRuntimeEnv, asListItems, asRecord, assertPermitAllowed, assertValidWebhookSecret, assertValidWebhookUrl, buildDeprecatedBranchMetadata, buildDomainEvent, buildMcpToolContracts, buildMcpToolManifest, clearRegisteredCustomTools, compareEventCursor, compileContextPackFromSnapshot, computeWebhookSignature, createAccessControlClient, createAdminClient, createAnswersClient, createAudiencesClient, createAuditClient, createAuthDeviceClient, createBeliefsClient, createCanonicalAuthHeaders, createContextClient, createContextFacade, createControlPlaneClient, createControlPlaneIdentityClient, createDecisionsClient, createEmbeddingsClient, createEventId, createEventingClient, createEventsClientCore, createEvidenceClient, createFunctionSurfaceClient, createGatewayRequestClient, createGraphAnalysisClient, createGraphClient, createGraphRecommendationsClient, createGraphStateClassifierClient, createHarnessClient, createIdentityClient, createJobsClient, createLearningClient, createListResult, createLucernClient, createModelRuntimeClient, createOntologyClient, createOntologyLinksClient, createOrgGraphSearchClient, createPacksClient, createPolicyClient, createReportsClient, createSchemaClient, createSourcesClient, createTelemetryClient, createToolRegistryClient, createTopicsClient, createWebhooksClientCore, createWorkflowClient, decodeEventCursor, emitDomainEvent, encodeEventCursor, eventPatternToRegExp, formatPermitResource, getControlObjectOwnershipCase, getMcpToolExposure, getRegisteredCustomTool, hydrateInfisicalRuntimeEnv, inferActorType, inferLensPerspectiveTypeFromBranchSchema, inferSessionPrincipalType, invokeRegisteredCustomTool, isAfterCursor, isInfisicalRuntimeDisabled, isLensFilterCriteria, isLucernPrompt, isMcpToolAllowed, isRecord2 as isRecord, isTaxonomyFilterCriteriaV1, lastDelegator, listControlObjectOwnershipCases, listRegisteredCustomTools, mapAliasedList, mapGatewayData, mapOpinionHistoryEntriesFromGatewayData, matchesAnyEventPattern, matchesEventPattern, mcpContractToInputSchema, mcpContractToManifestEntry, migrateBranchToLens, nextDeliveryAttemptAt, normalizeCanonicalLucernAuthContext, normalizeCanonicalPrincipalIdentity, normalizeDelegationChain, normalizeNodeVerificationStatus, normalizeNodeWriteInput, normalizeResolvedInteractivePrincipal, normalizeRetentionDays, normalizeTopicQuery, normalizeWebhookPatterns, opinionFromBaseRate, opinionFromDogmatic, opinionFromProjected, planContextPackCompilation, randomIdempotencyKey, readInfisicalRuntimeBootstrap, registerCustomTool, resolveDeliveryFailureStatus, resolveText, resolveTopicId, sanitizeWebhookRecord, sortEventsByCursor, toQueryString, truncateWebhookResponseBody, unregisterCustomTool, validateFilterCriteria, withSdkAliases, withTextAlias, withTopicAlias };
11840
12457
  //# sourceMappingURL=index.js.map
11841
12458
  //# sourceMappingURL=index.js.map