@lucern/sdk 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (176) hide show
  1. package/CHANGELOG.md +7 -0
  2. package/dist/accessControl.d.ts +1 -0
  3. package/dist/accessControl.js +213 -26
  4. package/dist/accessControl.js.map +1 -1
  5. package/dist/adminClient.d.ts +1 -0
  6. package/dist/adminClient.js +213 -26
  7. package/dist/adminClient.js.map +1 -1
  8. package/dist/answersClient.d.ts +1 -0
  9. package/dist/answersClient.js +213 -26
  10. package/dist/answersClient.js.map +1 -1
  11. package/dist/audiencesClient.d.ts +1 -0
  12. package/dist/audiencesClient.js +213 -26
  13. package/dist/audiencesClient.js.map +1 -1
  14. package/dist/auditClient.d.ts +1 -0
  15. package/dist/auditClient.js +213 -26
  16. package/dist/auditClient.js.map +1 -1
  17. package/dist/authDeviceClient.d.ts +1 -0
  18. package/dist/beliefs/index.d.ts +1 -0
  19. package/dist/beliefs/index.js +214 -27
  20. package/dist/beliefs/index.js.map +1 -1
  21. package/dist/beliefsClient.d.ts +1 -0
  22. package/dist/beliefsClient.js +213 -26
  23. package/dist/beliefsClient.js.map +1 -1
  24. package/dist/client.d.ts +1 -0
  25. package/dist/client.js +214 -27
  26. package/dist/client.js.map +1 -1
  27. package/dist/clientConfig.d.ts +1 -0
  28. package/dist/clientEvidenceCompat.d.ts +1 -0
  29. package/dist/clientKnowledgeNamespaces.d.ts +1 -0
  30. package/dist/clientLocalHelpers.d.ts +1 -0
  31. package/dist/clientLocalHelpers.js +2 -0
  32. package/dist/clientLocalHelpers.js.map +1 -1
  33. package/dist/clientPlatformNamespaces.d.ts +1 -0
  34. package/dist/clientRuntime.d.ts +1 -0
  35. package/dist/clientWorkflowNamespaces.d.ts +1 -0
  36. package/dist/contextClient.d.ts +1 -0
  37. package/dist/contextClient.js +213 -26
  38. package/dist/contextClient.js.map +1 -1
  39. package/dist/contradictions/index.d.ts +1 -0
  40. package/dist/contradictions/index.js +214 -27
  41. package/dist/contradictions/index.js.map +1 -1
  42. package/dist/control-plane.d.ts +1 -0
  43. package/dist/control-plane.js +213 -26
  44. package/dist/control-plane.js.map +1 -1
  45. package/dist/coreClient.d.ts +25 -1
  46. package/dist/coreClient.js +217 -27
  47. package/dist/coreClient.js.map +1 -1
  48. package/dist/decisions/index.d.ts +1 -0
  49. package/dist/decisions/index.js +214 -27
  50. package/dist/decisions/index.js.map +1 -1
  51. package/dist/decisionsClient.d.ts +1 -0
  52. package/dist/decisionsClient.js +213 -26
  53. package/dist/decisionsClient.js.map +1 -1
  54. package/dist/edges/index.d.ts +1 -0
  55. package/dist/edges/index.js +214 -27
  56. package/dist/edges/index.js.map +1 -1
  57. package/dist/embeddingsClient.d.ts +1 -0
  58. package/dist/embeddingsClient.js +213 -26
  59. package/dist/embeddingsClient.js.map +1 -1
  60. package/dist/eventingClient.d.ts +1 -0
  61. package/dist/eventingClient.js +213 -26
  62. package/dist/eventingClient.js.map +1 -1
  63. package/dist/eventsCore.d.ts +1 -0
  64. package/dist/eventsCore.js +213 -26
  65. package/dist/eventsCore.js.map +1 -1
  66. package/dist/evidence/index.d.ts +1 -0
  67. package/dist/evidence/index.js +214 -27
  68. package/dist/evidence/index.js.map +1 -1
  69. package/dist/evidenceClient.d.ts +1 -0
  70. package/dist/evidenceClient.js +213 -26
  71. package/dist/evidenceClient.js.map +1 -1
  72. package/dist/functionSurface.d.ts +1 -0
  73. package/dist/functionSurface.js +213 -26
  74. package/dist/functionSurface.js.map +1 -1
  75. package/dist/functionSurfaceClient.d.ts +1 -0
  76. package/dist/functionSurfaceClient.js +213 -26
  77. package/dist/functionSurfaceClient.js.map +1 -1
  78. package/dist/gatewayFacades.d.ts +1 -0
  79. package/dist/gatewayFacades.factories.d.ts +1 -0
  80. package/dist/gatewayFacades.factories.js +213 -26
  81. package/dist/gatewayFacades.factories.js.map +1 -1
  82. package/dist/gatewayFacades.js +213 -26
  83. package/dist/gatewayFacades.js.map +1 -1
  84. package/dist/graphAnalysisClient.d.ts +1 -0
  85. package/dist/graphAnalysisClient.js +213 -26
  86. package/dist/graphAnalysisClient.js.map +1 -1
  87. package/dist/graphClient.d.ts +1 -0
  88. package/dist/graphClient.js +213 -26
  89. package/dist/graphClient.js.map +1 -1
  90. package/dist/graphRecommendationsClient.d.ts +1 -0
  91. package/dist/graphRecommendationsClient.js +213 -26
  92. package/dist/graphRecommendationsClient.js.map +1 -1
  93. package/dist/graphStateClassifierClient.d.ts +1 -0
  94. package/dist/graphStateClassifierClient.js +213 -26
  95. package/dist/graphStateClassifierClient.js.map +1 -1
  96. package/dist/harnessClient.d.ts +1 -0
  97. package/dist/harnessClient.js +213 -26
  98. package/dist/harnessClient.js.map +1 -1
  99. package/dist/identityClient.d.ts +1 -0
  100. package/dist/identityClient.js +213 -26
  101. package/dist/identityClient.js.map +1 -1
  102. package/dist/index.d.ts +2 -1
  103. package/dist/index.js +237 -28
  104. package/dist/index.js.map +1 -1
  105. package/dist/jobsClient.d.ts +1 -0
  106. package/dist/jobsClient.js +213 -26
  107. package/dist/jobsClient.js.map +1 -1
  108. package/dist/learningClient.d.ts +1 -0
  109. package/dist/learningClient.js +213 -26
  110. package/dist/learningClient.js.map +1 -1
  111. package/dist/lenses/index.d.ts +1 -0
  112. package/dist/lenses/index.js +214 -27
  113. package/dist/lenses/index.js.map +1 -1
  114. package/dist/mcpClient.d.ts +1 -0
  115. package/dist/mcpClient.js +213 -26
  116. package/dist/mcpClient.js.map +1 -1
  117. package/dist/modelRuntimeClient.d.ts +1 -0
  118. package/dist/modelRuntimeClient.js +213 -26
  119. package/dist/modelRuntimeClient.js.map +1 -1
  120. package/dist/nodes/index.d.ts +1 -0
  121. package/dist/nodes/index.js +214 -27
  122. package/dist/nodes/index.js.map +1 -1
  123. package/dist/ontologies/index.d.ts +1 -0
  124. package/dist/ontologies/index.js +214 -27
  125. package/dist/ontologies/index.js.map +1 -1
  126. package/dist/ontologyClient.d.ts +1 -0
  127. package/dist/ontologyClient.js +213 -26
  128. package/dist/ontologyClient.js.map +1 -1
  129. package/dist/ontologyLinksClient.d.ts +1 -0
  130. package/dist/ontologyLinksClient.js +213 -26
  131. package/dist/ontologyLinksClient.js.map +1 -1
  132. package/dist/orgGraphSearchClient.d.ts +1 -0
  133. package/dist/orgGraphSearchClient.js +213 -26
  134. package/dist/orgGraphSearchClient.js.map +1 -1
  135. package/dist/packsClient.d.ts +1 -0
  136. package/dist/packsClient.js +213 -26
  137. package/dist/packsClient.js.map +1 -1
  138. package/dist/policyClient.d.ts +1 -0
  139. package/dist/policyClient.js +213 -26
  140. package/dist/policyClient.js.map +1 -1
  141. package/dist/proof-attestation.json +45 -0
  142. package/dist/questions/index.d.ts +1 -0
  143. package/dist/questions/index.js +214 -27
  144. package/dist/questions/index.js.map +1 -1
  145. package/dist/reportsClient.d.ts +1 -0
  146. package/dist/reportsClient.js +213 -26
  147. package/dist/reportsClient.js.map +1 -1
  148. package/dist/schemaClient.d.ts +1 -0
  149. package/dist/schemaClient.js +213 -26
  150. package/dist/schemaClient.js.map +1 -1
  151. package/dist/sdkSurface.d.ts +1 -0
  152. package/dist/sourcesClient.d.ts +1 -0
  153. package/dist/sourcesClient.js +213 -26
  154. package/dist/sourcesClient.js.map +1 -1
  155. package/dist/telemetryClient.d.ts +1 -0
  156. package/dist/telemetryClient.js +213 -26
  157. package/dist/telemetryClient.js.map +1 -1
  158. package/dist/toolRegistryClient.d.ts +1 -0
  159. package/dist/toolRegistryClient.js +213 -26
  160. package/dist/toolRegistryClient.js.map +1 -1
  161. package/dist/topics/index.d.ts +1 -0
  162. package/dist/topics/index.js +214 -27
  163. package/dist/topics/index.js.map +1 -1
  164. package/dist/topicsClient.d.ts +1 -0
  165. package/dist/topicsClient.js +213 -26
  166. package/dist/topicsClient.js.map +1 -1
  167. package/dist/version.d.ts +1 -1
  168. package/dist/version.js +1 -1
  169. package/dist/version.js.map +1 -1
  170. package/dist/workflowClient.d.ts +1 -0
  171. package/dist/workflowClient.js +213 -26
  172. package/dist/workflowClient.js.map +1 -1
  173. package/dist/worktrees/index.d.ts +1 -0
  174. package/dist/worktrees/index.js +214 -27
  175. package/dist/worktrees/index.js.map +1 -1
  176. package/package.json +6 -5
@@ -1,5 +1,7 @@
1
+ import { createTelemetryExporterFromEnv, emitTelemetrySignal } from '@lucern/transport-core';
1
2
  import { redactDiagnosticValue } from '@lucern/transport-core/redaction';
2
3
  import { classifyRetry } from '@lucern/transport-core/transport';
4
+ import { Effect, Exit, Cause } from 'effect';
3
5
 
4
6
  // src/coreClient.ts
5
7
 
@@ -171,6 +173,36 @@ function createCanonicalAuthHeaders(authContext) {
171
173
  }
172
174
 
173
175
  // src/coreClient.ts
176
+ var DEFAULT_GATEWAY_TIMEOUT_MS = 15e3;
177
+ var DEFAULT_GATEWAY_MAX_RETRIES = 2;
178
+ var DEFAULT_ENV_TIMEOUT_MS = "LUCERN_REQUEST_TIMEOUT_MS";
179
+ var DEFAULT_ENV_MAX_RETRIES = "LUCERN_GATEWAY_MAX_RETRIES";
180
+ var ENV_TIMEOUT_BY_METHOD_PREFIX = "LUCERN_REQUEST_TIMEOUT_MS_";
181
+ var GatewayTimeoutError = class extends Error {
182
+ retryable = true;
183
+ timeoutMs;
184
+ constructor(timeoutMs) {
185
+ super(`Request timed out after ${timeoutMs}ms`);
186
+ this.name = "AbortError";
187
+ this.timeoutMs = timeoutMs;
188
+ }
189
+ };
190
+ var GatewayTransportError = class extends Error {
191
+ retryable;
192
+ cause;
193
+ constructor(message, options) {
194
+ super(message);
195
+ this.name = "GatewayTransportError";
196
+ this.retryable = options?.retryable ?? true;
197
+ this.cause = options?.cause;
198
+ }
199
+ };
200
+ function isGatewayRecoverableError(error) {
201
+ return error instanceof GatewayTimeoutError || error instanceof GatewayTransportError;
202
+ }
203
+ function isGatewayRetryableError(error) {
204
+ return error instanceof GatewayTimeoutError && error.retryable || error instanceof GatewayTransportError && error.retryable || false;
205
+ }
174
206
  var LucernApiError = class extends Error {
175
207
  code;
176
208
  status;
@@ -237,6 +269,99 @@ function generatePortableRequestId() {
237
269
  8
238
270
  ).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
239
271
  }
272
+ function resolveEnvironment() {
273
+ const processEnv = typeof globalThis === "object" && globalThis !== null && "process" in globalThis ? globalThis.process : void 0;
274
+ const env = processEnv !== void 0 && typeof processEnv === "object" && processEnv !== null && typeof processEnv.env === "object" ? processEnv.env : void 0;
275
+ return {
276
+ get: (name) => {
277
+ const value = env?.[name];
278
+ return typeof value === "string" && value.length > 0 ? value : void 0;
279
+ }
280
+ };
281
+ }
282
+ function telemetryEnvironmentRecord(environment) {
283
+ const names = [
284
+ "LUCERN_TELEMETRY_ENABLED",
285
+ "AXIOM_TELEMETRY_ENABLED",
286
+ "LUCERN_AXIOM_TOKEN",
287
+ "AXIOM_TOKEN",
288
+ "LUCERN_AXIOM_EVENTS_DATASET",
289
+ "LUCERN_AXIOM_DATASET",
290
+ "AXIOM_EVENTS_DATASET",
291
+ "AXIOM_DATASET",
292
+ "LUCERN_AXIOM_API_URL",
293
+ "AXIOM_URL",
294
+ "LUCERN_ENVIRONMENT",
295
+ "NODE_ENV",
296
+ "LUCERN_RELEASE",
297
+ "SENTRY_RELEASE",
298
+ "VERCEL_GIT_COMMIT_SHA"
299
+ ];
300
+ return Object.fromEntries(
301
+ names.map((name) => [name, environment.get(name)])
302
+ );
303
+ }
304
+ function resolveRequestProfile(config, environment) {
305
+ const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
306
+ const parsedMaxRetries = parseIntegerFromString(
307
+ config.maxRetries,
308
+ environment.get(DEFAULT_ENV_MAX_RETRIES)
309
+ );
310
+ const parsedTimeoutMs = parseIntegerFromString(
311
+ config.timeoutMs,
312
+ environment.get(DEFAULT_ENV_TIMEOUT_MS)
313
+ );
314
+ const methodTimeouts = {
315
+ ...config.timeoutMsByMethod
316
+ };
317
+ for (const method of ["GET", "POST", "PUT", "PATCH", "DELETE"]) {
318
+ const envKey = `${ENV_TIMEOUT_BY_METHOD_PREFIX}${method}`;
319
+ const raw = environment.get(envKey);
320
+ if (!raw || methodTimeouts[method] !== void 0) {
321
+ continue;
322
+ }
323
+ const parsed = parseIntegerFromString(void 0, raw);
324
+ if (typeof parsed === "number") {
325
+ methodTimeouts[method] = parsed;
326
+ }
327
+ }
328
+ return {
329
+ maxRetries: parsedMaxRetries ?? DEFAULT_GATEWAY_MAX_RETRIES,
330
+ timeoutMs: parsedTimeoutMs ?? DEFAULT_GATEWAY_TIMEOUT_MS,
331
+ timeoutMsByMethod: methodTimeouts,
332
+ requestIdFactory
333
+ };
334
+ }
335
+ function createGatewayRuntime(config, environment) {
336
+ return {
337
+ fetch: config.fetchImpl ?? fetch,
338
+ now: () => Date.now(),
339
+ sleep: (ms) => delay(ms),
340
+ env: environment,
341
+ redaction: resolveRequestRedactionValue,
342
+ profile: resolveRequestProfile(config, environment)
343
+ };
344
+ }
345
+ function parseIntegerFromString(value, rawValue) {
346
+ if (typeof value === "number" && Number.isInteger(value) && value >= 0) {
347
+ return value;
348
+ }
349
+ if (typeof rawValue !== "string" || !rawValue.trim()) {
350
+ return void 0;
351
+ }
352
+ const parsed = Number.parseInt(rawValue, 10);
353
+ return Number.isInteger(parsed) && parsed >= 0 ? parsed : void 0;
354
+ }
355
+ function resolveRequestRedactionValue(value) {
356
+ return redactDiagnosticValue(value);
357
+ }
358
+ function resolveGatewayBaseUrl(configBaseUrl, environment) {
359
+ const envBaseUrl = environment.get("LUCERN_API_URL") ?? environment.get("LUCERN_BASE_URL") ?? environment.get("LUCERN_GATEWAY_BASE_URL");
360
+ return (configBaseUrl ?? envBaseUrl ?? "").replace(/\/+$/, "");
361
+ }
362
+ function normalizeGatewayEnvironment(value) {
363
+ return value === "sandbox" || value === "production" ? value : void 0;
364
+ }
240
365
  var randomIdempotencyKey = generatePortableRequestId;
241
366
  function fallbackErrorCode(status) {
242
367
  if (status === 401) {
@@ -276,10 +401,8 @@ function computeRetryDelayMs(args) {
276
401
  const jitterWindow = Math.max(250, Math.round(baseDelay * 0.25));
277
402
  return baseDelay + Math.round(Math.random() * jitterWindow);
278
403
  }
279
- function timeoutError(timeoutMs) {
280
- const error = new Error(`Request timed out after ${timeoutMs}ms`);
281
- error.name = "AbortError";
282
- return error;
404
+ function classifyGatewayErrorForRetry(error) {
405
+ return isGatewayRetryableError(error) || classifyRetry({ error }).retryable;
283
406
  }
284
407
  function isRecord(value) {
285
408
  return value !== null && typeof value === "object" && !Array.isArray(value);
@@ -334,10 +457,18 @@ function cleanHeaderValue(value) {
334
457
  return normalized ? normalized : void 0;
335
458
  }
336
459
  function createGatewayRequestClient(config = {}) {
337
- const fetchImpl = config.fetchImpl ?? fetch;
338
- const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
339
- const maxRetries = config.maxRetries ?? 2;
340
- const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
460
+ const env = resolveEnvironment();
461
+ const runtime = createGatewayRuntime(config, env);
462
+ const baseUrl = resolveGatewayBaseUrl(config.baseUrl, env);
463
+ const maxRetries = runtime.profile.maxRetries;
464
+ const requestIdFactory = runtime.profile.requestIdFactory;
465
+ const requestTimeoutByMethod = runtime.profile.timeoutMsByMethod;
466
+ const defaultRequestTimeoutMs = runtime.profile.timeoutMs;
467
+ const normalizedEnvironment = normalizeGatewayEnvironment(config.environment);
468
+ const telemetryExporter = config.telemetryEnabled === false ? null : config.telemetryExporter ?? createTelemetryExporterFromEnv(telemetryEnvironmentRecord(env), {
469
+ service: "lucern-sdk",
470
+ environment: normalizedEnvironment
471
+ });
341
472
  async function resolveAuthHeaders() {
342
473
  const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};
343
474
  const headers = new Headers(provided);
@@ -349,7 +480,7 @@ function createGatewayRequestClient(config = {}) {
349
480
  };
350
481
  setIfAbsent("x-lucern-key", config.apiKey);
351
482
  setIfAbsent("x-lucern-session-token", config.userToken);
352
- setIfAbsent("x-lucern-environment", config.environment);
483
+ setIfAbsent("x-lucern-environment", normalizedEnvironment);
353
484
  setIfAbsent("x-lucern-clerk-id", config.clerkId);
354
485
  setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
355
486
  setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
@@ -364,19 +495,73 @@ function createGatewayRequestClient(config = {}) {
364
495
  return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));
365
496
  }
366
497
  async function fetchWithTimeout(url, init, timeoutMs) {
498
+ const normalizeTransportError = (error, isTimeout) => {
499
+ if (isTimeout) {
500
+ return new GatewayTimeoutError(timeoutMs);
501
+ }
502
+ return error instanceof GatewayTimeoutError || error instanceof GatewayTransportError ? error : new GatewayTransportError(
503
+ error instanceof Error ? error.message : "Gateway transport error",
504
+ {
505
+ cause: error,
506
+ retryable: classifyGatewayErrorForRetry(error)
507
+ }
508
+ );
509
+ };
367
510
  const controller = new AbortController();
368
511
  const timer = setTimeout(() => controller.abort(), timeoutMs);
512
+ const requestEffect = Effect.tryPromise({
513
+ try: () => runtime.fetch(url, { ...init, signal: controller.signal }),
514
+ catch: (error) => normalizeTransportError(error, controller.signal.aborted)
515
+ });
369
516
  try {
370
- return await fetchImpl(url, { ...init, signal: controller.signal });
371
- } catch (error) {
372
- if (controller.signal.aborted) {
373
- throw timeoutError(timeoutMs);
517
+ const exit = await Effect.runPromiseExit(requestEffect);
518
+ if (Exit.isSuccess(exit)) {
519
+ return exit.value;
374
520
  }
375
- throw error;
521
+ const failure = Array.from(Cause.failures(exit.cause))[0];
522
+ if (failure !== void 0) {
523
+ throw failure;
524
+ }
525
+ throw Cause.squash(exit.cause);
376
526
  } finally {
377
527
  clearTimeout(timer);
378
528
  }
379
529
  }
530
+ async function emitSdkResponseTelemetry(context) {
531
+ const retry = classifyRetry({
532
+ status: context.status,
533
+ error: context.error,
534
+ retryAfter: context.retryAfterMs !== null && context.retryAfterMs !== void 0 ? String(context.retryAfterMs / 1e3) : void 0
535
+ });
536
+ await emitTelemetrySignal(telemetryExporter, {
537
+ signalType: "trace",
538
+ surface: "sdk-retry",
539
+ eventName: context.willRetry ? "sdk.retry" : context.error ? "sdk.request.error" : "sdk.request.complete",
540
+ severity: context.error ? context.willRetry ? "warn" : "error" : "info",
541
+ durationMs: context.durationMs,
542
+ metricName: "sdk.request.duration_ms",
543
+ metricValue: context.durationMs,
544
+ correlationId: context.correlationId ?? context.requestId,
545
+ policyTraceId: context.policyTraceId ?? null,
546
+ tenantId: context.headers.get("x-lucern-tenant-id") ?? context.headers.get("x-lucern-tenant") ?? void 0,
547
+ workspaceId: context.headers.get("x-lucern-workspace-id") ?? context.headers.get("x-lucern-workspace") ?? void 0,
548
+ attributes: {
549
+ service: "lucern-sdk",
550
+ operation: "gateway.request",
551
+ path: context.path,
552
+ httpMethod: context.method,
553
+ httpStatus: context.status,
554
+ attempt: context.attempt,
555
+ maxRetries: context.maxRetries,
556
+ retryReason: retry.reason,
557
+ retryAfterMs: context.retryAfterMs ?? retry.retryAfterMs,
558
+ willRetry: context.willRetry,
559
+ retryable: retry.retryable,
560
+ errorName: context.error instanceof Error ? context.error.name : void 0,
561
+ errorMessage: context.error instanceof Error ? context.error.message : void 0
562
+ }
563
+ });
564
+ }
380
565
  async function parsePayload(response) {
381
566
  const text = await response.text();
382
567
  if (!text) {
@@ -392,11 +577,11 @@ function createGatewayRequestClient(config = {}) {
392
577
  if (typeof requestTimeoutMs === "number") {
393
578
  return requestTimeoutMs;
394
579
  }
395
- const methodTimeoutMs = config.timeoutMsByMethod?.[method];
580
+ const methodTimeoutMs = requestTimeoutByMethod?.[method];
396
581
  if (typeof methodTimeoutMs === "number") {
397
582
  return methodTimeoutMs;
398
583
  }
399
- return config.timeoutMs ?? 15e3;
584
+ return defaultRequestTimeoutMs;
400
585
  }
401
586
  function tryParseGatewayEnvelopeJson(text) {
402
587
  const trimmed = text.trim();
@@ -417,8 +602,8 @@ function createGatewayRequestClient(config = {}) {
417
602
  const legacyError = failure && isRecord(failure.error) ? failure.error : failure?.legacyError;
418
603
  const correlationId = failure?.correlationId ?? args.response.headers.get("x-lucern-correlation-id")?.trim() ?? args.requestId;
419
604
  const policyTraceId = failure?.policyTraceId ?? args.response.headers.get("x-lucern-policy-trace-id")?.trim() ?? null;
420
- const details = redactJsonDiagnosticValue(
421
- failure?.details ?? legacyError?.details
605
+ const details = runtime.redaction(
606
+ redactJsonDiagnosticValue(failure?.details ?? legacyError?.details)
422
607
  );
423
608
  const policySummary = readPolicySummaryFromDetails(details);
424
609
  const failureMessage = typeof failure?.error === "string" ? failure.error : legacyError?.message;
@@ -488,7 +673,7 @@ function createGatewayRequestClient(config = {}) {
488
673
  failure
489
674
  });
490
675
  const willRetry = attempt < maxRetries && retry.retryable;
491
- await config.onResponse?.({
676
+ const responseContext2 = {
492
677
  ...hookRequestContext,
493
678
  durationMs: Date.now() - startedAt,
494
679
  status: response.status,
@@ -498,7 +683,9 @@ function createGatewayRequestClient(config = {}) {
498
683
  policyTraceId: apiError.policyTraceId ?? null,
499
684
  retryAfterMs,
500
685
  willRetry
501
- });
686
+ };
687
+ await config.onResponse?.(responseContext2);
688
+ await emitSdkResponseTelemetry(responseContext2);
502
689
  if (willRetry) {
503
690
  lastError = apiError;
504
691
  await delay(
@@ -513,7 +700,7 @@ function createGatewayRequestClient(config = {}) {
513
700
  throw apiError;
514
701
  }
515
702
  const successPayload = payload;
516
- await config.onResponse?.({
703
+ const responseContext = {
517
704
  ...hookRequestContext,
518
705
  durationMs: Date.now() - startedAt,
519
706
  status: response.status,
@@ -523,22 +710,25 @@ function createGatewayRequestClient(config = {}) {
523
710
  idempotentReplay: successPayload.idempotentReplay,
524
711
  retryAfterMs,
525
712
  willRetry: false
526
- });
713
+ };
714
+ await config.onResponse?.(responseContext);
715
+ await emitSdkResponseTelemetry(responseContext);
527
716
  return successPayload;
528
717
  } catch (fetchError) {
529
718
  if (fetchError instanceof LucernApiError) {
530
719
  throw fetchError;
531
720
  }
532
- const retry = classifyRetry({ error: fetchError });
533
- const willRetry = attempt < maxRetries && retry.retryable;
534
- await config.onResponse?.({
721
+ const willRetry = attempt < maxRetries && classifyGatewayErrorForRetry(fetchError);
722
+ const responseContext = {
535
723
  ...hookRequestContext,
536
724
  durationMs: Date.now() - startedAt,
537
725
  error: fetchError,
538
726
  correlationId: requestId,
539
727
  policyTraceId: null,
540
728
  willRetry
541
- });
729
+ };
730
+ await config.onResponse?.(responseContext);
731
+ await emitSdkResponseTelemetry(responseContext);
542
732
  lastError = fetchError;
543
733
  if (willRetry) {
544
734
  await delay(computeRetryDelayMs({ attempt }));
@@ -552,6 +742,6 @@ function createGatewayRequestClient(config = {}) {
552
742
  };
553
743
  }
554
744
 
555
- export { LucernApiError, createGatewayRequestClient, randomIdempotencyKey, toQueryString };
745
+ export { GatewayTimeoutError, GatewayTransportError, LucernApiError, createGatewayRequestClient, isGatewayRecoverableError, isGatewayRetryableError, randomIdempotencyKey, toQueryString };
556
746
  //# sourceMappingURL=coreClient.js.map
557
747
  //# sourceMappingURL=coreClient.js.map
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/authContext.ts","../src/coreClient.ts"],"names":[],"mappings":";;;;;;AA+DO,IAAM,yBAAA,GAAN,cAAwC,KAAA,CAAM;AAAA,EAC1C,MAAA;AAAA,EAET,WAAA,CAAY,QAAoC,OAAA,EAAiB;AAC/D,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,2BAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AACF,CAAA;AAEA,SAAS,YAAY,KAAA,EAAsD;AACzE,EAAA,MAAM,UAAA,GAAa,OAAO,IAAA,EAAK;AAC/B,EAAA,OAAO,aAAa,UAAA,GAAa,MAAA;AACnC;AAEA,SAAS,gBAAgB,MAAA,EAAiD;AACxE,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO,EAAC;AAAA,EACV;AACA,EAAA,OAAO,OACJ,GAAA,CAAI,CAAC,UAAU,KAAA,CAAM,IAAA,EAAM,CAAA,CAC3B,MAAA;AAAA,IACC,CAAC,KAAA,EAAO,KAAA,EAAO,IAAA,KACb,KAAA,CAAM,SAAS,CAAA,IAAK,IAAA,CAAK,OAAA,CAAQ,KAAK,CAAA,KAAM;AAAA,GAChD;AACJ;AAEA,SAAS,aAAA,CACP,KAAA,EACA,MAAA,EACA,KAAA,EACQ;AACR,EAAA,MAAM,UAAA,GAAa,YAAY,KAAK,CAAA;AACpC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,MAAA;AAAA,MACA,gDAAgD,KAAK,CAAA,CAAA;AAAA,KACvD;AAAA,EACF;AACA,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,qBACP,aAAA,EACsB;AACtB,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,mBAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACA,EAAA,OAAO,aAAA;AACT;AAEA,SAAS,gBAAgB,QAAA,EAAwD;AAC/E,EAAA,IAAI,CAAC,QAAA,EAAU;AACb,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,mBAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACA,EAAA,OAAO,QAAA;AACT;AAEA,SAAS,kBAAkB,IAAA,EAIxB;AACD,EAAA,MAAM,MAAA,GAAS,WAAA,CAAY,IAAA,CAAK,MAAM,CAAA;AACtC,EAAA,IAAI,MAAA,IAAU,MAAA,KAAW,IAAA,CAAK,QAAA,EAAU;AACtC,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,eAAA;AAAA,MACA,CAAA,yDAAA,EAA4D,KAAK,KAAK,CAAA,CAAA;AAAA,KACxE;AAAA,EACF;AACF;AAEO,SAAS,oCACd,KAAA,EAC+B;AAC/B,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,mBAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,KAAA,CAAM,mBAAmB,MAAA,EAAQ;AACnC,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,eAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,WAAA,GAAc,aAAA;AAAA,IAClB,KAAA,CAAM,WAAA;AAAA,IACN,mBAAA;AAAA,IACA;AAAA,GACF;AACA,EAAA,MAAM,QAAA,GAAW,aAAA,CAAc,KAAA,CAAM,QAAA,EAAU,kBAAkB,UAAU,CAAA;AAC3E,EAAA,MAAM,WAAA,GAAc,aAAA;AAAA,IAClB,KAAA,CAAM,WAAA;AAAA,IACN,mBAAA;AAAA,IACA;AAAA,GACF;AACA,EAAA,MAAM,KAAA,GAAQ,eAAA,CAAgB,KAAA,CAAM,KAAK,CAAA;AACzC,EAAA,MAAM,MAAA,GAAS,eAAA,CAAgB,KAAA,CAAM,MAAM,CAAA;AAC3C,EAAA,MAAM,aAAA,GAAgB,oBAAA,CAAqB,KAAA,CAAM,aAAa,CAAA;AAC9D,EAAA,MAAM,QAAA,GAAW,eAAA,CAAgB,KAAA,CAAM,QAAQ,CAAA;AAC/C,EAAA,MAAM,wBAAA,GACJ,QAAA,KAAa,kBAAA,IAAsB,KAAA,CAAM,MAAA,GAAS,CAAA;AACpD,EAAA,IACE,MAAM,MAAA,KAAW,CAAA,IAChB,OAAO,MAAA,KAAW,CAAA,IAAK,CAAC,wBAAA,EACzB;AACA,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,oBAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,OAAO,CAAA,IAAK,WAAA;AACtD,EAAA,MAAM,MAAA,GAAS,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,MAAM,CAAA,IAAK,QAAA;AACpD,EAAA,MAAM,SAAA,GAAY,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,SAAS,CAAA,IAAK,WAAA;AAE1D,EAAA,iBAAA,CAAkB;AAAA,IAChB,KAAA,EAAO,SAAA;AAAA,IACP,QAAA,EAAU,WAAA;AAAA,IACV,MAAA,EAAQ;AAAA,GACT,CAAA;AACD,EAAA,iBAAA,CAAkB,EAAE,KAAA,EAAO,QAAA,EAAU,UAAU,QAAA,EAAU,MAAA,EAAQ,QAAQ,CAAA;AACzE,EAAA,iBAAA,CAAkB;AAAA,IAChB,KAAA,EAAO,WAAA;AAAA,IACP,QAAA,EAAU,WAAA;AAAA,IACV,MAAA,EAAQ;AAAA,GACT,CAAA;AAED,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,EAAQ,OAAA,GACzB,EAAE,GAAG,KAAA,CAAM,MAAA,CAAO,OAAA,EAAQ,GAC3B,MAAA;AAEJ,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,WAAA,CAAY,KAAA,CAAM,OAAO,CAAA;AAAA,IAClC,WAAA;AAAA,IACA,QAAA;AAAA,IACA,WAAA;AAAA,IACA,aAAA;AAAA,IACA,QAAA;AAAA,IACA,KAAA;AAAA,IACA,MAAA;AAAA,IACA,eAAA,EAAiB,MAAM,eAAA,GAAkB,CAAC,GAAG,KAAA,CAAM,eAAe,IAAI,EAAC;AAAA,IACvE,aAAA,EAAe,WAAA,CAAY,KAAA,CAAM,aAAa,CAAA;AAAA,IAC9C,aAAA,EAAe,WAAA,CAAY,KAAA,CAAM,aAAa,CAAA;AAAA,IAC9C,YAAA,EAAc,WAAA,CAAY,KAAA,CAAM,YAAY,CAAA;AAAA,IAC5C,MAAA,EAAQ;AAAA,MACN,OAAA;AAAA,MACA,MAAA;AAAA,MACA,SAAA;AAAA,MACA,QAAA,EAAU,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,QAAQ,CAAA;AAAA,MAC5C,MAAA,EAAQ,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,MAAM,CAAA;AAAA,MACxC,QAAA,EAAU,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,QAAQ,CAAA;AAAA,MAC5C;AAAA;AACF,GACF;AACF;AAEO,SAAS,2BACd,WAAA,EACwB;AACxB,EAAA,MAAM,OAAA,GAAkC;AAAA,IACtC,yBAAyB,WAAA,CAAY,WAAA;AAAA,IACrC,2BAA2B,WAAA,CAAY,aAAA;AAAA,IACvC,mBAAmB,WAAA,CAAY,QAAA;AAAA,IAC/B,sBAAsB,WAAA,CAAY,QAAA;AAAA,IAClC,sBAAsB,WAAA,CAAY,WAAA;AAAA,IAClC,yBAAyB,WAAA,CAAY,WAAA;AAAA,IACrC,sBAAsB,WAAA,CAAY,QAAA;AAAA,IAClC,gBAAA,EAAkB,WAAA,CAAY,KAAA,CAAM,IAAA,CAAK,GAAG,CAAA;AAAA,IAC5C,iBAAA,EAAmB,WAAA,CAAY,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAAA,IAC9C,yBAAA,EAA2B,IAAA,CAAK,SAAA,CAAU,WAAA,CAAY,MAAM;AAAA,GAC9D;AAEA,EAAA,IAAI,YAAY,OAAA,EAAS;AACvB,IAAA,OAAA,CAAQ,mBAAmB,IAAI,WAAA,CAAY,OAAA;AAC3C,IAAA,OAAA,CAAQ,kBAAkB,IAAI,WAAA,CAAY,OAAA;AAAA,EAC5C;AACA,EAAA,IAAI,WAAA,CAAY,eAAA,CAAgB,MAAA,GAAS,CAAA,EAAG;AAC1C,IAAA,OAAA,CAAQ,2BAA2B,IAAI,IAAA,CAAK,SAAA;AAAA,MAC1C,WAAA,CAAY;AAAA,KACd;AAAA,EACF;AACA,EAAA,IAAI,YAAY,aAAA,EAAe;AAC7B,IAAA,OAAA,CAAQ,0BAA0B,IAAI,WAAA,CAAY,aAAA;AAAA,EACpD;AACA,EAAA,IAAI,YAAY,aAAA,EAAe;AAC7B,IAAA,OAAA,CAAQ,kBAAkB,IAAI,WAAA,CAAY,aAAA;AAC1C,IAAA,OAAA,CAAQ,yBAAyB,IAAI,WAAA,CAAY,aAAA;AAAA,EACnD;AACA,EAAA,IAAI,YAAY,YAAA,EAAc;AAC5B,IAAA,OAAA,CAAQ,wBAAwB,IAAI,WAAA,CAAY,YAAA;AAAA,EAClD;AAEA,EAAA,OAAO,OAAA;AACT;;;AC3MO,IAAM,cAAA,GAAN,cAA6B,KAAA,CAAM;AAAA,EACxB,IAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,OAAA;AAAA,EACA,SAAA;AAAA,EACA,aAAA;AAAA,EACA,aAAA;AAAA,EAEhB,YAAY,IAAA,EAUT;AACD,IAAA,KAAA,CAAM,KAAK,OAAO,CAAA;AAClB,IAAA,IAAA,CAAK,IAAA,GAAO,gBAAA;AACZ,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,IAAA;AACjB,IAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACnB,IAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACtB,IAAA,IAAA,CAAK,aAAa,IAAA,CAAK,UAAA;AACvB,IAAA,IAAA,CAAK,UAAU,IAAA,CAAK,OAAA;AACpB,IAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACtB,IAAA,IAAA,CAAK,gBAAgB,IAAA,CAAK,aAAA;AAC1B,IAAA,IAAA,CAAK,gBAAgB,IAAA,CAAK,aAAA;AAAA,EAC5B;AACF;AAoGO,SAAS,cACd,KAAA,EACQ;AACR,EAAA,MAAM,MAAA,GAAS,IAAI,eAAA,EAAgB;AACnC,EAAA,IAAI,MAAM,QAAA,EAAU;AAClB,IAAA,MAAA,CAAO,GAAA,CAAI,UAAA,EAAY,KAAA,CAAM,QAAQ,CAAA;AAAA,EACvC;AACA,EAAA,IAAI,MAAM,WAAA,EAAa;AACrB,IAAA,MAAA,CAAO,GAAA,CAAI,aAAA,EAAe,KAAA,CAAM,WAAW,CAAA;AAAA,EAC7C;AACA,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AAChD,IAAA,IAAI,GAAA,KAAQ,UAAA,IAAc,GAAA,KAAQ,aAAA,EAAe;AAC/C,MAAA;AAAA,IACF;AACA,IAAA,IAAI,UAAU,MAAA,EAAW;AACvB,MAAA;AAAA,IACF;AACA,IAAA,MAAA,CAAO,GAAA,CAAI,GAAA,EAAK,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,EAC/B;AACA,EAAA,MAAM,UAAA,GAAa,OAAO,QAAA,EAAS;AACnC,EAAA,OAAO,UAAA,CAAW,MAAA,GAAS,CAAA,GAAI,CAAA,CAAA,EAAI,UAAU,CAAA,CAAA,GAAK,EAAA;AACpD;AAEA,SAAS,gBAAgB,MAAA,EAA4B;AACnD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,OAAO,UAAA,CAAW,MAAA,EAAQ,eAAA,KAAoB,UAAA,EAAY;AAC5D,IAAA,UAAA,CAAW,MAAA,CAAO,gBAAgB,KAAK,CAAA;AACvC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,KAAA,IAAS,KAAA,GAAQ,CAAA,EAAG,KAAA,GAAQ,MAAA,EAAQ,SAAS,CAAA,EAAG;AAC9C,IAAA,KAAA,CAAM,KAAK,CAAA,GAAI,IAAA,CAAK,MAAM,IAAA,CAAK,MAAA,KAAW,GAAG,CAAA;AAAA,EAC/C;AACA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,yBAAA,GAAoC;AAC3C,EAAA,IAAI,OAAO,UAAA,CAAW,MAAA,EAAQ,UAAA,KAAe,UAAA,EAAY;AACvD,IAAA,OAAO,UAAA,CAAW,OAAO,UAAA,EAAW;AAAA,EACtC;AAEA,EAAA,MAAM,KAAA,GAAQ,gBAAgB,EAAE,CAAA;AAChC,EAAA,KAAA,CAAM,CAAC,CAAA,GAAK,KAAA,CAAM,CAAC,IAAI,EAAA,GAAQ,EAAA;AAC/B,EAAA,KAAA,CAAM,CAAC,CAAA,GAAK,KAAA,CAAM,CAAC,IAAI,EAAA,GAAQ,GAAA;AAC/B,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAC,KAAA,KAAU,KAAA,CAAM,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA;AAC5E,EAAA,OAAO,GAAG,GAAA,CAAI,KAAA,CAAM,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAC,IAAI,GAAA,CAAI,KAAA,CAAM,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAC,IAAI,GAAA,CAAI,KAAA;AAAA,IACpE,CAAA;AAAA,IACA;AAAA,GACF,CAAE,KAAK,EAAE,CAAC,IAAI,GAAA,CAAI,KAAA,CAAM,GAAG,EAAE,CAAA,CAAE,KAAK,EAAE,CAAC,IAAI,GAAA,CAAI,KAAA,CAAM,EAAE,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC,CAAA,CAAA;AACnE;AAKO,IAAM,oBAAA,GAAuB;AAEpC,SAAS,kBAAkB,MAAA,EAAwB;AACjD,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,yBAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,WAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,WAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,gBAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,UAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,qBAAA;AAAA,EACT;AACA,EAAA,IAAI,UAAU,GAAA,EAAK;AACjB,IAAA,OAAO,gBAAA;AAAA,EACT;AACA,EAAA,OAAO,gBAAA;AACT;AAEA,SAAS,MAAM,EAAA,EAA2B;AACxC,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,EAAE,CAAC,CAAA;AACzD;AAEA,SAAS,oBAAoB,IAAA,EAIlB;AACT,EAAA,MAAM,SAAA,GACJ,IAAA,CAAK,MAAA,KAAW,GAAA,GACZ,IAAA,CAAK,GAAA;AAAA,IACH,KAAK,YAAA,IAAgB,CAAA;AAAA,IACrB,KAAK,GAAA,CAAI,GAAA,GAAO,CAAA,IAAK,IAAA,CAAK,SAAS,GAAM;AAAA,MAE3C,IAAA,CAAK,GAAA,CAAI,MAAO,CAAA,IAAK,IAAA,CAAK,SAAS,GAAI,CAAA;AAE7C,EAAA,IAAI,IAAA,CAAK,WAAW,GAAA,EAAK;AACvB,IAAA,OAAO,SAAA;AAAA,EACT;AAEA,EAAA,MAAM,YAAA,GAAe,KAAK,GAAA,CAAI,GAAA,EAAK,KAAK,KAAA,CAAM,SAAA,GAAY,IAAI,CAAC,CAAA;AAC/D,EAAA,OAAO,YAAY,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,MAAA,KAAW,YAAY,CAAA;AAC5D;AAEA,SAAS,aAAa,SAAA,EAA0B;AAC9C,EAAA,MAAM,KAAA,GAAQ,IAAI,KAAA,CAAM,CAAA,wBAAA,EAA2B,SAAS,CAAA,EAAA,CAAI,CAAA;AAChE,EAAA,KAAA,CAAM,IAAA,GAAO,YAAA;AACb,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,SAAS,KAAA,EAAkD;AAClE,EAAA,OAAO,KAAA,KAAU,QAAQ,OAAO,KAAA,KAAU,YAAY,CAAC,KAAA,CAAM,QAAQ,KAAK,CAAA;AAC5E;AAEA,SAAS,6BAA6B,OAAA,EAAoC;AACxE,EAAA,IAAI,CAAC,QAAA,CAAS,OAAO,CAAA,EAAG;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,gBAAgB,OAAA,CAAQ,OAAA;AAC9B,EAAA,IAAI,OAAO,aAAA,KAAkB,QAAA,IAAY,cAAc,IAAA,EAAK,CAAE,SAAS,CAAA,EAAG;AACxE,IAAA,OAAO,cAAc,IAAA,EAAK;AAAA,EAC5B;AAEA,EAAA,MAAM,SAAS,OAAA,CAAQ,MAAA;AACvB,EAAA,IAAI,CAAC,QAAA,CAAS,MAAM,CAAA,EAAG;AACrB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,cAAc,MAAA,CAAO,WAAA;AAC3B,EAAA,IAAI,CAAC,QAAA,CAAS,WAAW,CAAA,EAAG;AAC1B,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,gBAAgB,WAAA,CAAY,OAAA;AAClC,EAAA,IAAI,OAAO,aAAA,KAAkB,QAAA,IAAY,cAAc,IAAA,EAAK,CAAE,SAAS,CAAA,EAAG;AACxE,IAAA,OAAO,cAAc,IAAA,EAAK;AAAA,EAC5B;AAEA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,0BAA0B,KAAA,EAAqD;AACtF,EAAA,OAAO,KAAA,KAAU,MAAA,GACb,MAAA,GACC,qBAAA,CAAsB,KAAK,CAAA;AAClC;AAEA,eAAe,6BACb,WAAA,EACgD;AAChD,EAAA,IAAI,OAAO,gBAAgB,UAAA,EAAY;AACrC,IAAA,OAAO,MAAM,WAAA,EAAY;AAAA,EAC3B;AACA,EAAA,OAAO,WAAA;AACT;AAEA,SAAS,iBAAA,CACP,MACA,QAAA,EACwB;AACxB,EAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,IAAI,CAAA;AAChC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,QAAQ,CAAA,EAAG;AACnD,IAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAChC,IAAA,IAAI,QAAA,KAAa,IAAA,IAAQ,QAAA,KAAa,KAAA,EAAO;AAC3C,MAAA,MAAM,IAAI,yBAAA;AAAA,QACR,eAAA;AAAA,QACA,6DAA6D,GAAG,CAAA,QAAA;AAAA,OAClE;AAAA,IACF;AACA,IAAA,OAAA,CAAQ,GAAA,CAAI,KAAK,KAAK,CAAA;AAAA,EACxB;AACA,EAAA,OAAO,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,EAAS,CAAA;AAC7C;AAEA,SAAS,iBAAiB,KAAA,EAAsD;AAC9E,EAAA,MAAM,UAAA,GAAa,OAAO,IAAA,EAAK;AAC/B,EAAA,OAAO,aAAa,UAAA,GAAa,MAAA;AACnC;AAKO,SAAS,0BAAA,CAA2B,MAAA,GAA8B,EAAC,EAAG;AAC3E,EAAA,MAAM,SAAA,GAAY,OAAO,SAAA,IAAa,KAAA;AACtC,EAAA,MAAM,UAAU,MAAA,CAAO,OAAA,EAAS,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAA,IAAK,EAAA;AACvD,EAAA,MAAM,UAAA,GAAa,OAAO,UAAA,IAAc,CAAA;AACxC,EAAA,MAAM,gBAAA,GAAmB,MAAA,CAAO,gBAAA,KAAqB,MAAM,yBAAA,EAA0B,CAAA;AAErF,EAAA,eAAe,kBAAA,GAAsD;AACnE,IAAA,MAAM,WAAW,MAAA,CAAO,cAAA,GAAiB,MAAM,MAAA,CAAO,cAAA,KAAmB,EAAC;AAC1E,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,QAAQ,CAAA;AACpC,IAAA,MAAM,WAAA,GAAc,CAAC,IAAA,EAAc,KAAA,KAA8B;AAC/D,MAAA,MAAM,UAAA,GAAa,iBAAiB,KAAK,CAAA;AACzC,MAAA,IAAI,UAAA,IAAc,CAAC,OAAA,CAAQ,GAAA,CAAI,IAAI,CAAA,EAAG;AACpC,QAAA,OAAA,CAAQ,GAAA,CAAI,MAAM,UAAU,CAAA;AAAA,MAC9B;AAAA,IACF,CAAA;AAEA,IAAA,WAAA,CAAY,cAAA,EAAgB,OAAO,MAAM,CAAA;AACzC,IAAA,WAAA,CAAY,wBAAA,EAA0B,OAAO,SAAS,CAAA;AACtD,IAAA,WAAA,CAAY,sBAAA,EAAwB,OAAO,WAAW,CAAA;AACtD,IAAA,WAAA,CAAY,mBAAA,EAAqB,OAAO,OAAO,CAAA;AAC/C,IAAA,WAAA,CAAY,kBAAA,EAAoB,MAAA,CAAO,MAAA,IAAU,MAAA,CAAO,OAAO,CAAA;AAC/D,IAAA,WAAA,CAAY,0BAAA,EAA4B,OAAO,cAAc,CAAA;AAE7D,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,SAAS,CAAA;AACjD,IAAA,MAAM,mBAAmB,MAAM,4BAAA;AAAA,MAC7B,MAAA,CAAO;AAAA,KACT;AACA,IAAA,IAAI,CAAC,gBAAA,IAAoB,CAAC,MAAA,CAAO,2BAAA,EAA6B;AAC5D,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,MAAM,WAAA,GAAc,oCAAoC,gBAAgB,CAAA;AACxE,IAAA,OAAO,iBAAA,CAAkB,IAAA,EAAM,0BAAA,CAA2B,WAAW,CAAC,CAAA;AAAA,EACxE;AAEA,EAAA,eAAe,gBAAA,CACb,GAAA,EACA,IAAA,EACA,SAAA,EACmB;AACnB,IAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,SAAS,CAAA;AAC5D,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,UAAU,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,UAAA,CAAW,MAAA,EAAQ,CAAA;AAAA,IACpE,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,UAAA,CAAW,OAAO,OAAA,EAAS;AAC7B,QAAA,MAAM,aAAa,SAAS,CAAA;AAAA,MAC9B;AACA,MAAA,MAAM,KAAA;AAAA,IACR,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAEA,EAAA,eAAe,aACb,QAAA,EAC4C;AAC5C,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,MAAM,MAAA,GAAS,4BAA4B,IAAI,CAAA;AAC/C,IAAA,IAAI,CAAC,OAAO,EAAA,EAAI;AACd,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,OAAO,QAAA,CAAS,MAAA,CAAO,KAAK,CAAA,GACvB,OAAO,KAAA,GACR,IAAA;AAAA,EACN;AAEA,EAAA,SAAS,gBAAA,CACP,QACA,gBAAA,EACQ;AACR,IAAA,IAAI,OAAO,qBAAqB,QAAA,EAAU;AACxC,MAAA,OAAO,gBAAA;AAAA,IACT;AACA,IAAA,MAAM,eAAA,GAAkB,MAAA,CAAO,iBAAA,GAAoB,MAAM,CAAA;AACzD,IAAA,IAAI,OAAO,oBAAoB,QAAA,EAAU;AACvC,MAAA,OAAO,eAAA;AAAA,IACT;AACA,IAAA,OAAO,OAAO,SAAA,IAAa,IAAA;AAAA,EAC7B;AAEA,EAAA,SAAS,4BAA4B,IAAA,EAAgC;AACnE,IAAA,MAAM,OAAA,GAAU,KAAK,IAAA,EAAK;AAC1B,IAAA,IAAI,CAAC,QAAQ,UAAA,CAAW,GAAG,KAAK,CAAC,OAAA,CAAQ,UAAA,CAAW,GAAG,CAAA,EAAG;AACxD,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,UAAA,EAAW;AAAA,IACzC;AACA,IAAA,IAAI;AACF,MAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,OAAO,IAAA,CAAK,KAAA,CAAM,OAAO,CAAA,EAAE;AAAA,IAChD,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,iBAAiB,WAAA,EAAa;AAChC,QAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,gBAAgB,KAAA,EAAM;AAAA,MACpD;AACA,MAAA,MAAM,KAAA;AAAA,IACR;AAAA,EACF;AAEA,EAAA,SAAS,cAAc,IAAA,EAIJ;AACjB,IAAA,MAAM,UAAU,IAAA,CAAK,OAAA;AACrB,IAAA,MAAM,WAAA,GACJ,WAAW,QAAA,CAAS,OAAA,CAAQ,KAAK,CAAA,GAAI,OAAA,CAAQ,QAAQ,OAAA,EAAS,WAAA;AAChE,IAAA,MAAM,aAAA,GACJ,OAAA,EAAS,aAAA,IACT,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,yBAAyB,CAAA,EAAG,IAAA,EAAK,IAC3D,IAAA,CAAK,SAAA;AACP,IAAA,MAAM,aAAA,GACJ,OAAA,EAAS,aAAA,IACT,IAAA,CAAK,QAAA,CAAS,QAAQ,GAAA,CAAI,0BAA0B,CAAA,EAAG,IAAA,EAAK,IAC5D,IAAA;AACF,IAAA,MAAM,OAAA,GAAU,yBAAA;AAAA,MACd,OAAA,EAAS,WAAW,WAAA,EAAa;AAAA,KACnC;AACA,IAAA,MAAM,aAAA,GAAgB,6BAA6B,OAAO,CAAA;AAC1D,IAAA,MAAM,iBACJ,OAAO,OAAA,EAAS,UAAU,QAAA,GACtB,OAAA,CAAQ,QACR,WAAA,EAAa,OAAA;AAEnB,IAAA,OAAO,IAAI,cAAA,CAAe;AAAA,MACxB,IAAA,EACE,SAAS,IAAA,IACT,WAAA,EAAa,QACb,iBAAA,CAAkB,IAAA,CAAK,SAAS,MAAM,CAAA;AAAA,MACxC,SACE,aAAA,IACA,cAAA,KACC,IAAA,CAAK,QAAA,CAAS,KACX,mDAAA,GACA,8BAAA,CAAA;AAAA,MACN,MAAA,EAAQ,KAAK,QAAA,CAAS,MAAA;AAAA,MACtB,WAAW,OAAA,EAAS,SAAA;AAAA,MACpB,YAAY,OAAA,EAAS,UAAA;AAAA,MACrB,OAAA;AAAA,MACA,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,aAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA,EACH;AAEA,EAAA,eAAe,QAAW,IAAA,EAOa;AACrC,IAAA,MAAM,WAAA,GAAc,MAAM,kBAAA,EAAmB;AAC7C,IAAA,MAAM,MAAA,GAAS,KAAK,MAAA,IAAU,KAAA;AAC9B,IAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA;AACzD,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,MAC1B,cAAA,EAAgB,kBAAA;AAAA,MAChB,GAAG;AAAA,KACJ,CAAA;AACD,IAAA,IAAI,KAAK,cAAA,EAAgB;AACvB,MAAA,OAAA,CAAQ,GAAA,CAAI,iBAAA,EAAmB,IAAA,CAAK,cAAc,CAAA;AAAA,IACpD;AACA,IAAA,MAAM,SAAA,GACJ,OAAA,CAAQ,GAAA,CAAI,kBAAkB,GAAG,IAAA,EAAK,IACtC,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,EAAG,IAAA,EAAK,IAClC,IAAA,CAAK,aACL,gBAAA,EAAiB;AACnB,IAAA,IAAI,CAAC,QAAQ,GAAA,CAAI,kBAAkB,KAAK,CAAC,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,EAAG;AACpE,MAAA,OAAA,CAAQ,GAAA,CAAI,oBAAoB,SAAS,CAAA;AAAA,IAC3C;AAEA,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,OAAO,CAAA,EAAG,KAAK,IAAI,CAAA,CAAA;AAClC,IAAA,MAAM,iBAAiB,IAAA,CAAK,IAAA,GAAO,KAAK,SAAA,CAAU,IAAA,CAAK,IAAI,CAAA,GAAI,MAAA;AAC/D,IAAA,MAAM,IAAA,GAAoB;AAAA,MACxB,MAAA;AAAA,MACA,OAAA;AAAA,MACA,IAAA,EAAM;AAAA,KACR;AAEA,IAAA,IAAI,SAAA;AAEJ,IAAA,KAAA,IAAS,OAAA,GAAU,CAAA,EAAG,OAAA,IAAW,UAAA,EAAY,OAAA,EAAA,EAAW;AACtD,MAAA,MAAM,kBAAA,GAAgD;AAAA,QACpD,SAAA;AAAA,QACA,OAAA;AAAA,QACA,UAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,GAAA;AAAA,QACA,OAAA,EAAS,IAAI,OAAA,CAAQ,OAAO,CAAA;AAAA,QAC5B,IAAA,EAAM,cAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,MAAM,MAAA,CAAO,YAAY,kBAAkB,CAAA;AAC3C,MAAA,MAAM,SAAA,GAAY,KAAK,GAAA,EAAI;AAC3B,MAAA,IAAI;AACF,QAAA,MAAM,QAAA,GAAW,MAAM,gBAAA,CAAiB,GAAA,EAAK,MAAM,SAAS,CAAA;AAC5D,QAAA,MAAM,aAAA,GAAgB,SAAS,KAAA,EAAM;AACrC,QAAA,MAAM,OAAA,GAAU,MAAM,YAAA,CAAgB,QAAQ,CAAA;AAC9C,QAAA,MAAM,QAAQ,aAAA,CAAc;AAAA,UAC1B,QAAQ,QAAA,CAAS,MAAA;AAAA,UACjB,UAAA,EAAY,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,aAAa;AAAA,SAC/C,CAAA;AACD,QAAA,MAAM,YAAA,GAAe,MAAM,YAAA,IAAgB,IAAA;AAE3C,QAAA,IAAI,CAAC,QAAA,CAAS,EAAA,IAAM,CAAC,SAAS,OAAA,EAAS;AACrC,UAAA,MAAM,OAAA,GACJ,OAAA,IAAW,CAAC,OAAA,CAAQ,UAAW,OAAA,GAAqC,IAAA;AACtE,UAAA,MAAM,WAAW,aAAA,CAAc;AAAA,YAC7B,SAAA;AAAA,YACA,QAAA;AAAA,YACA;AAAA,WACD,CAAA;AACD,UAAA,MAAM,SAAA,GAAY,OAAA,GAAU,UAAA,IAAc,KAAA,CAAM,SAAA;AAEhD,UAAA,MAAM,OAAO,UAAA,GAAa;AAAA,YACxB,GAAG,kBAAA;AAAA,YACH,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA;AAAA,YACzB,QAAQ,QAAA,CAAS,MAAA;AAAA,YACjB,QAAA,EAAU,aAAA;AAAA,YACV,KAAA,EAAO,QAAA;AAAA,YACP,aAAA,EAAe,SAAS,aAAA,IAAiB,SAAA;AAAA,YACzC,aAAA,EAAe,SAAS,aAAA,IAAiB,IAAA;AAAA,YACzC,YAAA;AAAA,YACA;AAAA,WACD,CAAA;AAED,UAAA,IAAI,SAAA,EAAW;AACb,YAAA,SAAA,GAAY,QAAA;AACZ,YAAA,MAAM,KAAA;AAAA,cACJ,mBAAA,CAAoB;AAAA,gBAClB,OAAA;AAAA,gBACA,QAAQ,QAAA,CAAS,MAAA;AAAA,gBACjB;AAAA,eACD;AAAA,aACH;AACA,YAAA;AAAA,UACF;AAEA,UAAA,MAAM,QAAA;AAAA,QACR;AAEA,QAAA,MAAM,cAAA,GAAiB,OAAA;AACvB,QAAA,MAAM,OAAO,UAAA,GAAa;AAAA,UACxB,GAAG,kBAAA;AAAA,UACH,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA;AAAA,UACzB,QAAQ,QAAA,CAAS,MAAA;AAAA,UACjB,QAAA,EAAU,aAAA;AAAA,UACV,aAAA,EACE,eAAe,aAAA,IACf,QAAA,CAAS,QAAQ,GAAA,CAAI,yBAAyB,CAAA,EAAG,IAAA,EAAK,IACtD,SAAA;AAAA,UACF,aAAA,EACE,eAAe,aAAA,IACf,QAAA,CAAS,QAAQ,GAAA,CAAI,0BAA0B,CAAA,EAAG,IAAA,EAAK,IACvD,IAAA;AAAA,UACF,kBAAkB,cAAA,CAAe,gBAAA;AAAA,UACjC,YAAA;AAAA,UACA,SAAA,EAAW;AAAA,SACZ,CAAA;AAED,QAAA,OAAO,cAAA;AAAA,MACT,SAAS,UAAA,EAAY;AACnB,QAAA,IAAI,sBAAsB,cAAA,EAAgB;AACxC,UAAA,MAAM,UAAA;AAAA,QACR;AACA,QAAA,MAAM,KAAA,GAAQ,aAAA,CAAc,EAAE,KAAA,EAAO,YAAY,CAAA;AACjD,QAAA,MAAM,SAAA,GAAY,OAAA,GAAU,UAAA,IAAc,KAAA,CAAM,SAAA;AAChD,QAAA,MAAM,OAAO,UAAA,GAAa;AAAA,UACxB,GAAG,kBAAA;AAAA,UACH,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA;AAAA,UACzB,KAAA,EAAO,UAAA;AAAA,UACP,aAAA,EAAe,SAAA;AAAA,UACf,aAAA,EAAe,IAAA;AAAA,UACf;AAAA,SACD,CAAA;AACD,QAAA,SAAA,GAAY,UAAA;AACZ,QAAA,IAAI,SAAA,EAAW;AACb,UAAA,MAAM,KAAA,CAAM,mBAAA,CAAoB,EAAE,OAAA,EAAS,CAAC,CAAA;AAAA,QAC9C;AAAA,MACF;AAAA,IACF;AAEA,IAAA,MAAM,SAAA,YAAqB,KAAA,GACvB,SAAA,GACA,IAAI,MAAM,4CAA4C,CAAA;AAAA,EAC5D;AAEA,EAAA,OAAO;AAAA,IACL;AAAA,GACF;AACF","file":"coreClient.js","sourcesContent":["import type {\n SessionAuthMode,\n SessionDelegationHop,\n SessionPrincipalType,\n} from \"./contracts/auth-session.contract\";\nimport type { JsonObject } from \"./types\";\n\nexport type LucernSdkAuthFailureReason =\n | \"principal_missing\"\n | \"tenant_missing\"\n | \"membership_missing\"\n | \"workspace_missing\"\n | \"clerk_alias_missing\"\n | \"clerk_alias_unrecognized\"\n | \"policy_denied\"\n | \"policy_unavailable\"\n | \"policy_unknown\";\n\nexport type PermitReadyAuthContext = {\n subject: string;\n tenant: string;\n workspace: string;\n resource?: string;\n action?: string;\n relation?: string;\n context?: JsonObject;\n};\n\nexport type LucernSdkAuthPolicyDecision = \"allow\" | \"deny\" | \"unknown\";\n\nexport type LucernSdkAuthContextInput = {\n clerkId?: string;\n principalId?: string;\n tenantId?: string;\n workspaceId?: string | null;\n principalType?: SessionPrincipalType;\n authMode?: SessionAuthMode;\n roles?: readonly string[];\n scopes?: readonly string[];\n delegationChain?: readonly SessionDelegationHop[];\n policyTraceId?: string;\n correlationId?: string;\n membershipId?: string;\n policyDecision?: LucernSdkAuthPolicyDecision;\n permit?: Partial<PermitReadyAuthContext>;\n};\n\nexport type CanonicalLucernSdkAuthContext = {\n clerkId?: string;\n principalId: string;\n tenantId: string;\n workspaceId: string;\n principalType: SessionPrincipalType;\n authMode: SessionAuthMode;\n roles: string[];\n scopes: string[];\n delegationChain: SessionDelegationHop[];\n policyTraceId?: string;\n correlationId?: string;\n membershipId?: string;\n permit: PermitReadyAuthContext;\n};\n\nexport class LucernSdkAuthContextError extends Error {\n readonly reason: LucernSdkAuthFailureReason;\n\n constructor(reason: LucernSdkAuthFailureReason, message: string) {\n super(message);\n this.name = \"LucernSdkAuthContextError\";\n this.reason = reason;\n }\n}\n\nfunction cleanString(value: string | null | undefined): string | undefined {\n const normalized = value?.trim();\n return normalized ? normalized : undefined;\n}\n\nfunction cleanStringList(values: readonly string[] | undefined): string[] {\n if (!values) {\n return [];\n }\n return values\n .map((value) => value.trim())\n .filter(\n (value, index, list) =>\n value.length > 0 && list.indexOf(value) === index\n );\n}\n\nfunction requireString(\n value: string | null | undefined,\n reason: LucernSdkAuthFailureReason,\n label: string\n): string {\n const normalized = cleanString(value);\n if (!normalized) {\n throw new LucernSdkAuthContextError(\n reason,\n `Canonical Lucern SDK auth context is missing ${label}.`\n );\n }\n return normalized;\n}\n\nfunction requirePrincipalType(\n principalType: SessionPrincipalType | undefined\n): SessionPrincipalType {\n if (!principalType) {\n throw new LucernSdkAuthContextError(\n \"principal_missing\",\n \"Canonical Lucern SDK auth context is missing principalType.\"\n );\n }\n return principalType;\n}\n\nfunction requireAuthMode(authMode: SessionAuthMode | undefined): SessionAuthMode {\n if (!authMode) {\n throw new LucernSdkAuthContextError(\n \"principal_missing\",\n \"Canonical Lucern SDK auth context is missing authMode.\"\n );\n }\n return authMode;\n}\n\nfunction ensurePermitMatch(args: {\n field: keyof PermitReadyAuthContext;\n expected: string;\n actual?: string;\n}) {\n const actual = cleanString(args.actual);\n if (actual && actual !== args.expected) {\n throw new LucernSdkAuthContextError(\n \"policy_denied\",\n `Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`\n );\n }\n}\n\nexport function normalizeCanonicalLucernAuthContext(\n input: LucernSdkAuthContextInput | undefined\n): CanonicalLucernSdkAuthContext {\n if (!input) {\n throw new LucernSdkAuthContextError(\n \"principal_missing\",\n \"Canonical Lucern SDK auth context is required.\"\n );\n }\n\n if (input.policyDecision === \"deny\") {\n throw new LucernSdkAuthContextError(\n \"policy_denied\",\n \"Canonical Lucern SDK auth context carries a denied policy decision.\"\n );\n }\n\n const principalId = requireString(\n input.principalId,\n \"principal_missing\",\n \"principalId\"\n );\n const tenantId = requireString(input.tenantId, \"tenant_missing\", \"tenantId\");\n const workspaceId = requireString(\n input.workspaceId,\n \"workspace_missing\",\n \"workspaceId\"\n );\n const roles = cleanStringList(input.roles);\n const scopes = cleanStringList(input.scopes);\n const principalType = requirePrincipalType(input.principalType);\n const authMode = requireAuthMode(input.authMode);\n const roleBasedInteractiveAuth =\n authMode === \"interactive_user\" && roles.length > 0;\n if (\n roles.length === 0 ||\n (scopes.length === 0 && !roleBasedInteractiveAuth)\n ) {\n throw new LucernSdkAuthContextError(\n \"membership_missing\",\n \"Canonical Lucern SDK auth context requires non-empty roles and scopes.\"\n );\n }\n\n const subject = cleanString(input.permit?.subject) ?? principalId;\n const tenant = cleanString(input.permit?.tenant) ?? tenantId;\n const workspace = cleanString(input.permit?.workspace) ?? workspaceId;\n\n ensurePermitMatch({\n field: \"subject\",\n expected: principalId,\n actual: subject,\n });\n ensurePermitMatch({ field: \"tenant\", expected: tenantId, actual: tenant });\n ensurePermitMatch({\n field: \"workspace\",\n expected: workspaceId,\n actual: workspace,\n });\n\n const context = input.permit?.context\n ? ({ ...input.permit.context } as JsonObject)\n : undefined;\n\n return {\n clerkId: cleanString(input.clerkId),\n principalId,\n tenantId,\n workspaceId,\n principalType,\n authMode,\n roles,\n scopes,\n delegationChain: input.delegationChain ? [...input.delegationChain] : [],\n policyTraceId: cleanString(input.policyTraceId),\n correlationId: cleanString(input.correlationId),\n membershipId: cleanString(input.membershipId),\n permit: {\n subject,\n tenant,\n workspace,\n resource: cleanString(input.permit?.resource),\n action: cleanString(input.permit?.action),\n relation: cleanString(input.permit?.relation),\n context,\n },\n };\n}\n\nexport function createCanonicalAuthHeaders(\n authContext: CanonicalLucernSdkAuthContext\n): Record<string, string> {\n const headers: Record<string, string> = {\n \"x-lucern-principal-id\": authContext.principalId,\n \"x-lucern-principal-type\": authContext.principalType,\n \"x-lucern-tenant\": authContext.tenantId,\n \"x-lucern-tenant-id\": authContext.tenantId,\n \"x-lucern-workspace\": authContext.workspaceId,\n \"x-lucern-workspace-id\": authContext.workspaceId,\n \"x-lucern-auth-mode\": authContext.authMode,\n \"x-lucern-roles\": authContext.roles.join(\",\"),\n \"x-lucern-scopes\": authContext.scopes.join(\",\"),\n \"x-lucern-permit-context\": JSON.stringify(authContext.permit),\n };\n\n if (authContext.clerkId) {\n headers[\"x-lucern-clerk-id\"] = authContext.clerkId;\n headers[\"x-lucern-user-id\"] = authContext.clerkId;\n }\n if (authContext.delegationChain.length > 0) {\n headers[\"x-lucern-delegation-chain\"] = JSON.stringify(\n authContext.delegationChain\n );\n }\n if (authContext.policyTraceId) {\n headers[\"x-lucern-policy-trace-id\"] = authContext.policyTraceId;\n }\n if (authContext.correlationId) {\n headers[\"x-correlation-id\"] = authContext.correlationId;\n headers[\"x-lucern-correlation-id\"] = authContext.correlationId;\n }\n if (authContext.membershipId) {\n headers[\"x-lucern-membership-id\"] = authContext.membershipId;\n }\n\n return headers;\n}\n","import { redactDiagnosticValue } from \"@lucern/transport-core/redaction\";\nimport { classifyRetry } from \"@lucern/transport-core/transport\";\n\nimport {\n createCanonicalAuthHeaders,\n LucernSdkAuthContextError,\n normalizeCanonicalLucernAuthContext,\n type LucernSdkAuthContextInput,\n} from \"./authContext\";\nimport type { JsonObject, JsonValue } from \"./types\";\n\n/** Tenant and workspace identifiers used to scope gateway requests. */\nexport type GatewayScope = {\n tenantId?: string;\n workspaceId?: string;\n};\n\n/** Successful response envelope from the platform gateway with correlation metadata. */\nexport type PlatformGatewaySuccess<T> = {\n success: true;\n data: T;\n correlationId: string;\n policyTraceId: string | null;\n idempotentReplay: boolean;\n};\n\n/** Failed response envelope with structured error codes and optional invariant references. */\nexport type PlatformGatewayFailure = {\n success: false;\n /**\n * Error string is the canonical envelope field.\n * Object form is legacy-only compatibility for older gateway responses.\n */\n error:\n | string\n | {\n code: string;\n message: string;\n details?: JsonValue;\n };\n code?: string;\n invariant?: string | null;\n suggestion?: string | null;\n details?: JsonValue;\n legacyError?: {\n code: string;\n message: string;\n details?: JsonValue;\n };\n correlationId: string;\n policyTraceId: string | null;\n};\n\n/** Discriminated union of success and failure gateway responses. */\nexport type PlatformGatewayEnvelope<T> =\n | PlatformGatewaySuccess<T>\n | PlatformGatewayFailure;\n\n/**\n * Structured error thrown when a platform API request fails.\n *\n * Includes HTTP status, machine-readable error code, optional invariant\n * reference, and actionable suggestions for common failure modes.\n */\nexport class LucernApiError extends Error {\n public readonly code: string;\n public readonly status: number;\n public readonly invariant?: string | null;\n public readonly suggestion?: string | null;\n public readonly details?: JsonValue;\n public readonly requestId?: string;\n public readonly correlationId?: string;\n public readonly policyTraceId?: string | null;\n\n constructor(args: {\n code: string;\n message: string;\n status: number;\n invariant?: string | null;\n suggestion?: string | null;\n details?: JsonValue;\n requestId?: string;\n correlationId?: string;\n policyTraceId?: string | null;\n }) {\n super(args.message);\n this.name = \"LucernApiError\";\n this.code = args.code;\n this.status = args.status;\n this.invariant = args.invariant;\n this.suggestion = args.suggestion;\n this.details = args.details;\n this.requestId = args.requestId;\n this.correlationId = args.correlationId;\n this.policyTraceId = args.policyTraceId;\n }\n}\n\n/** Supported HTTP methods for gateway requests. */\nexport type GatewayHttpMethod = \"GET\" | \"POST\" | \"PUT\" | \"PATCH\" | \"DELETE\";\n\ntype FetchLike = (\n input: RequestInfo | URL,\n init?: RequestInit\n) => Promise<Response>;\n\ntype JsonParseAttempt =\n | { ok: true; value: unknown }\n | { ok: false; reason: \"non-json\" | \"invalid-json\"; error?: SyntaxError };\n\n/** Context passed to the `onRequest` hook before each gateway request attempt. */\nexport type GatewayRequestHookContext = {\n requestId: string;\n attempt: number;\n maxRetries: number;\n method: GatewayHttpMethod;\n path: string;\n url: string;\n headers: Headers;\n body?: string;\n timeoutMs: number;\n};\n\n/** Context passed to the `onResponse` hook after each gateway request attempt (including retries and failures). */\nexport type GatewayResponseHookContext = GatewayRequestHookContext & {\n durationMs: number;\n status?: number;\n response?: Response;\n error?: unknown;\n correlationId?: string;\n policyTraceId?: string | null;\n idempotentReplay?: boolean;\n retryAfterMs?: number | null;\n willRetry: boolean;\n};\n\nexport type GatewayClientEnvironment = \"sandbox\" | \"production\";\n\n/**\n * Low-level transport configuration for the platform gateway client.\n *\n * Most developers should use {@link createLucernClient} instead, which wraps\n * this config with higher-level conveniences like `apiKey` and `environment`.\n */\nexport type GatewayClientConfig = {\n baseUrl?: string;\n fetchImpl?: FetchLike;\n /** Lucern tenant API key or service API key. Sent as `x-lucern-key`. */\n apiKey?: string;\n /**\n * Lucern platform session token. This is not a Clerk JWT.\n * Server-side tenant proxies should normally send `apiKey` plus `clerkId`.\n */\n userToken?: string;\n /** Gateway environment label for legacy sandbox/production routing. */\n environment?: GatewayClientEnvironment;\n /** Clerk subject for the current end user. */\n clerkId?: string;\n /** Optional explicit user subject. Defaults to `clerkId` when omitted. */\n userId?: string;\n /** Optional deployment host hint for front-door routing. */\n deploymentHost?: string;\n getAuthHeaders?:\n | (() => Promise<Record<string, string>>)\n | (() => Record<string, string>);\n /**\n * Canonical Master Control identity tuple applied to every SDK request.\n * Use this for tenant/workspace-scoped graph and identity operations.\n */\n authContext?:\n | LucernSdkAuthContextInput\n | (() => Promise<LucernSdkAuthContextInput | undefined>)\n | (() => LucernSdkAuthContextInput | undefined);\n /** When true, requests fail before fetch if `authContext` is absent. */\n requireCanonicalAuthContext?: boolean;\n /** Max retries for transient errors (5xx, network). Defaults to 2. */\n maxRetries?: number;\n /** Request timeout in ms. Defaults to 15000. */\n timeoutMs?: number;\n /** Optional timeout overrides by HTTP method. */\n timeoutMsByMethod?: Partial<Record<GatewayHttpMethod, number>>;\n /** Optional request ID factory used for correlation headers. */\n requestIdFactory?: () => string;\n /** Invoked before each request attempt, including retries. */\n onRequest?:\n | ((context: GatewayRequestHookContext) => void)\n | ((context: GatewayRequestHookContext) => Promise<void>);\n /** Invoked after each request attempt, including retries and failures. */\n onResponse?:\n | ((context: GatewayResponseHookContext) => void)\n | ((context: GatewayResponseHookContext) => Promise<void>);\n};\n\n/**\n * Serialize a gateway query object into a URL query string.\n */\nexport function toQueryString(\n scope: GatewayScope & Record<string, string | number | boolean | undefined>\n): string {\n const params = new URLSearchParams();\n if (scope.tenantId) {\n params.set(\"tenantId\", scope.tenantId);\n }\n if (scope.workspaceId) {\n params.set(\"workspaceId\", scope.workspaceId);\n }\n for (const [key, value] of Object.entries(scope)) {\n if (key === \"tenantId\" || key === \"workspaceId\") {\n continue;\n }\n if (value === undefined) {\n continue;\n }\n params.set(key, String(value));\n }\n const serialized = params.toString();\n return serialized.length > 0 ? `?${serialized}` : \"\";\n}\n\nfunction fillRandomBytes(length: number): Uint8Array {\n const bytes = new Uint8Array(length);\n if (typeof globalThis.crypto?.getRandomValues === \"function\") {\n globalThis.crypto.getRandomValues(bytes);\n return bytes;\n }\n\n for (let index = 0; index < length; index += 1) {\n bytes[index] = Math.floor(Math.random() * 256);\n }\n return bytes;\n}\n\nfunction generatePortableRequestId(): string {\n if (typeof globalThis.crypto?.randomUUID === \"function\") {\n return globalThis.crypto.randomUUID();\n }\n\n const bytes = fillRandomBytes(16);\n bytes[6] = (bytes[6] & 0x0f) | 0x40;\n bytes[8] = (bytes[8] & 0x3f) | 0x80;\n const hex = Array.from(bytes, (value) => value.toString(16).padStart(2, \"0\"));\n return `${hex.slice(0, 4).join(\"\")}-${hex.slice(4, 6).join(\"\")}-${hex.slice(\n 6,\n 8\n ).join(\"\")}-${hex.slice(8, 10).join(\"\")}-${hex.slice(10).join(\"\")}`;\n}\n\n/**\n * Generate a random idempotency key for retry-safe writes.\n */\nexport const randomIdempotencyKey = generatePortableRequestId;\n\nfunction fallbackErrorCode(status: number): string {\n if (status === 401) {\n return \"AUTHENTICATION_REQUIRED\";\n }\n if (status === 403) {\n return \"FORBIDDEN\";\n }\n if (status === 404) {\n return \"NOT_FOUND\";\n }\n if (status === 408) {\n return \"UPSTREAM_ERROR\";\n }\n if (status === 409) {\n return \"CONFLICT\";\n }\n if (status === 429) {\n return \"RATE_LIMIT_EXCEEDED\";\n }\n if (status >= 500) {\n return \"UPSTREAM_ERROR\";\n }\n return \"INTERNAL_ERROR\";\n}\n\nfunction delay(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\nfunction computeRetryDelayMs(args: {\n attempt: number;\n status?: number;\n retryAfterMs?: number | null;\n}): number {\n const baseDelay =\n args.status === 429\n ? Math.max(\n args.retryAfterMs ?? 0,\n Math.min(1000 * 2 ** args.attempt, 10_000)\n )\n : Math.min(1000 * 2 ** args.attempt, 4000);\n\n if (args.status !== 429) {\n return baseDelay;\n }\n\n const jitterWindow = Math.max(250, Math.round(baseDelay * 0.25));\n return baseDelay + Math.round(Math.random() * jitterWindow);\n}\n\nfunction timeoutError(timeoutMs: number): Error {\n const error = new Error(`Request timed out after ${timeoutMs}ms`);\n error.name = \"AbortError\";\n return error;\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return value !== null && typeof value === \"object\" && !Array.isArray(value);\n}\n\nfunction readPolicySummaryFromDetails(details?: JsonValue): string | null {\n if (!isRecord(details)) {\n return null;\n }\n\n const directSummary = details.summary;\n if (typeof directSummary === \"string\" && directSummary.trim().length > 0) {\n return directSummary.trim();\n }\n\n const policy = details.policy;\n if (!isRecord(policy)) {\n return null;\n }\n\n const explanation = policy.explanation;\n if (!isRecord(explanation)) {\n return null;\n }\n\n const nestedSummary = explanation.summary;\n if (typeof nestedSummary === \"string\" && nestedSummary.trim().length > 0) {\n return nestedSummary.trim();\n }\n\n return null;\n}\n\nfunction redactJsonDiagnosticValue(value: JsonValue | undefined): JsonValue | undefined {\n return value === undefined\n ? undefined\n : (redactDiagnosticValue(value) as JsonValue);\n}\n\nasync function resolveConfiguredAuthContext(\n authContext: GatewayClientConfig[\"authContext\"]\n): Promise<LucernSdkAuthContextInput | undefined> {\n if (typeof authContext === \"function\") {\n return await authContext();\n }\n return authContext;\n}\n\nfunction mergeHeaderRecord(\n base: Record<string, string>,\n addition: Record<string, string>\n): Record<string, string> {\n const headers = new Headers(base);\n for (const [key, value] of Object.entries(addition)) {\n const existing = headers.get(key);\n if (existing !== null && existing !== value) {\n throw new LucernSdkAuthContextError(\n \"policy_denied\",\n `Canonical Lucern SDK auth context conflicts with existing ${key} header.`\n );\n }\n headers.set(key, value);\n }\n return Object.fromEntries(headers.entries());\n}\n\nfunction cleanHeaderValue(value: string | null | undefined): string | undefined {\n const normalized = value?.trim();\n return normalized ? normalized : undefined;\n}\n\n/**\n * Create the transport client used by all SDK modules.\n */\nexport function createGatewayRequestClient(config: GatewayClientConfig = {}) {\n const fetchImpl = config.fetchImpl ?? fetch;\n const baseUrl = config.baseUrl?.replace(/\\/+$/, \"\") ?? \"\";\n const maxRetries = config.maxRetries ?? 2;\n const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());\n\n async function resolveAuthHeaders(): Promise<Record<string, string>> {\n const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};\n const headers = new Headers(provided);\n const setIfAbsent = (name: string, value: string | undefined) => {\n const normalized = cleanHeaderValue(value);\n if (normalized && !headers.has(name)) {\n headers.set(name, normalized);\n }\n };\n\n setIfAbsent(\"x-lucern-key\", config.apiKey);\n setIfAbsent(\"x-lucern-session-token\", config.userToken);\n setIfAbsent(\"x-lucern-environment\", config.environment);\n setIfAbsent(\"x-lucern-clerk-id\", config.clerkId);\n setIfAbsent(\"x-lucern-user-id\", config.userId ?? config.clerkId);\n setIfAbsent(\"x-lucern-deployment-host\", config.deploymentHost);\n\n const base = Object.fromEntries(headers.entries());\n const authContextInput = await resolveConfiguredAuthContext(\n config.authContext\n );\n if (!authContextInput && !config.requireCanonicalAuthContext) {\n return base;\n }\n const authContext = normalizeCanonicalLucernAuthContext(authContextInput);\n return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));\n }\n\n async function fetchWithTimeout(\n url: string,\n init: RequestInit,\n timeoutMs: number\n ): Promise<Response> {\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), timeoutMs);\n try {\n return await fetchImpl(url, { ...init, signal: controller.signal });\n } catch (error) {\n if (controller.signal.aborted) {\n throw timeoutError(timeoutMs);\n }\n throw error;\n } finally {\n clearTimeout(timer);\n }\n }\n\n async function parsePayload<T>(\n response: Response\n ): Promise<PlatformGatewayEnvelope<T> | null> {\n const text = await response.text();\n if (!text) {\n return null;\n }\n const parsed = tryParseGatewayEnvelopeJson(text);\n if (!parsed.ok) {\n return null;\n }\n return isRecord(parsed.value)\n ? (parsed.value as PlatformGatewayEnvelope<T>)\n : null;\n }\n\n function resolveTimeoutMs(\n method: GatewayHttpMethod,\n requestTimeoutMs?: number\n ): number {\n if (typeof requestTimeoutMs === \"number\") {\n return requestTimeoutMs;\n }\n const methodTimeoutMs = config.timeoutMsByMethod?.[method];\n if (typeof methodTimeoutMs === \"number\") {\n return methodTimeoutMs;\n }\n return config.timeoutMs ?? 15_000;\n }\n\n function tryParseGatewayEnvelopeJson(text: string): JsonParseAttempt {\n const trimmed = text.trim();\n if (!trimmed.startsWith(\"{\") && !trimmed.startsWith(\"[\")) {\n return { ok: false, reason: \"non-json\" };\n }\n try {\n return { ok: true, value: JSON.parse(trimmed) };\n } catch (error) {\n if (error instanceof SyntaxError) {\n return { ok: false, reason: \"invalid-json\", error };\n }\n throw error;\n }\n }\n\n function buildApiError(args: {\n requestId: string;\n response: Response;\n failure?: PlatformGatewayFailure | null;\n }): LucernApiError {\n const failure = args.failure;\n const legacyError =\n failure && isRecord(failure.error) ? failure.error : failure?.legacyError;\n const correlationId =\n failure?.correlationId ??\n args.response.headers.get(\"x-lucern-correlation-id\")?.trim() ??\n args.requestId;\n const policyTraceId =\n failure?.policyTraceId ??\n args.response.headers.get(\"x-lucern-policy-trace-id\")?.trim() ??\n null;\n const details = redactJsonDiagnosticValue(\n failure?.details ?? legacyError?.details\n );\n const policySummary = readPolicySummaryFromDetails(details);\n const failureMessage =\n typeof failure?.error === \"string\"\n ? failure.error\n : legacyError?.message;\n\n return new LucernApiError({\n code:\n failure?.code ??\n legacyError?.code ??\n fallbackErrorCode(args.response.status),\n message:\n policySummary ??\n failureMessage ??\n (args.response.ok\n ? \"Platform API returned an invalid success payload.\"\n : \"Platform API request failed.\"),\n status: args.response.status,\n invariant: failure?.invariant,\n suggestion: failure?.suggestion,\n details,\n requestId: args.requestId,\n correlationId,\n policyTraceId,\n });\n }\n\n async function request<T>(args: {\n path: string;\n method?: GatewayHttpMethod;\n body?: JsonObject;\n idempotencyKey?: string;\n requestId?: string;\n timeoutMs?: number;\n }): Promise<PlatformGatewaySuccess<T>> {\n const authHeaders = await resolveAuthHeaders();\n const method = args.method ?? \"GET\";\n const timeoutMs = resolveTimeoutMs(method, args.timeoutMs);\n const headers = new Headers({\n \"content-type\": \"application/json\",\n ...authHeaders,\n });\n if (args.idempotencyKey) {\n headers.set(\"idempotency-key\", args.idempotencyKey);\n }\n const requestId =\n headers.get(\"x-correlation-id\")?.trim() ||\n headers.get(\"x-request-id\")?.trim() ||\n args.requestId ||\n requestIdFactory();\n if (!headers.has(\"x-correlation-id\") && !headers.has(\"x-request-id\")) {\n headers.set(\"x-correlation-id\", requestId);\n }\n\n const url = `${baseUrl}${args.path}`;\n const serializedBody = args.body ? JSON.stringify(args.body) : undefined;\n const init: RequestInit = {\n method,\n headers,\n body: serializedBody,\n };\n\n let lastError: unknown;\n\n for (let attempt = 0; attempt <= maxRetries; attempt++) {\n const hookRequestContext: GatewayRequestHookContext = {\n requestId,\n attempt,\n maxRetries,\n method,\n path: args.path,\n url,\n headers: new Headers(headers),\n body: serializedBody,\n timeoutMs,\n };\n await config.onRequest?.(hookRequestContext);\n const startedAt = Date.now();\n try {\n const response = await fetchWithTimeout(url, init, timeoutMs);\n const responseClone = response.clone();\n const payload = await parsePayload<T>(response);\n const retry = classifyRetry({\n status: response.status,\n retryAfter: response.headers.get(\"Retry-After\"),\n });\n const retryAfterMs = retry.retryAfterMs ?? null;\n\n if (!response.ok || !payload?.success) {\n const failure =\n payload && !payload.success ? (payload as PlatformGatewayFailure) : null;\n const apiError = buildApiError({\n requestId,\n response,\n failure,\n });\n const willRetry = attempt < maxRetries && retry.retryable;\n\n await config.onResponse?.({\n ...hookRequestContext,\n durationMs: Date.now() - startedAt,\n status: response.status,\n response: responseClone,\n error: apiError,\n correlationId: apiError.correlationId ?? requestId,\n policyTraceId: apiError.policyTraceId ?? null,\n retryAfterMs,\n willRetry,\n });\n\n if (willRetry) {\n lastError = apiError;\n await delay(\n computeRetryDelayMs({\n attempt,\n status: response.status,\n retryAfterMs,\n })\n );\n continue;\n }\n\n throw apiError;\n }\n\n const successPayload = payload as PlatformGatewaySuccess<T>;\n await config.onResponse?.({\n ...hookRequestContext,\n durationMs: Date.now() - startedAt,\n status: response.status,\n response: responseClone,\n correlationId:\n successPayload.correlationId ??\n response.headers.get(\"x-lucern-correlation-id\")?.trim() ??\n requestId,\n policyTraceId:\n successPayload.policyTraceId ??\n response.headers.get(\"x-lucern-policy-trace-id\")?.trim() ??\n null,\n idempotentReplay: successPayload.idempotentReplay,\n retryAfterMs,\n willRetry: false,\n });\n\n return successPayload;\n } catch (fetchError) {\n if (fetchError instanceof LucernApiError) {\n throw fetchError;\n }\n const retry = classifyRetry({ error: fetchError });\n const willRetry = attempt < maxRetries && retry.retryable;\n await config.onResponse?.({\n ...hookRequestContext,\n durationMs: Date.now() - startedAt,\n error: fetchError,\n correlationId: requestId,\n policyTraceId: null,\n willRetry,\n });\n lastError = fetchError;\n if (willRetry) {\n await delay(computeRetryDelayMs({ attempt }));\n }\n }\n }\n\n throw lastError instanceof Error\n ? lastError\n : new Error(\"Platform API request failed after retries.\");\n }\n\n return {\n request,\n };\n}\n"]}
1
+ {"version":3,"sources":["../src/authContext.ts","../src/coreClient.ts"],"names":["responseContext"],"mappings":";;;;;;;;AA+DO,IAAM,yBAAA,GAAN,cAAwC,KAAA,CAAM;AAAA,EAC1C,MAAA;AAAA,EAET,WAAA,CAAY,QAAoC,OAAA,EAAiB;AAC/D,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,2BAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AACF,CAAA;AAEA,SAAS,YAAY,KAAA,EAAsD;AACzE,EAAA,MAAM,UAAA,GAAa,OAAO,IAAA,EAAK;AAC/B,EAAA,OAAO,aAAa,UAAA,GAAa,MAAA;AACnC;AAEA,SAAS,gBAAgB,MAAA,EAAiD;AACxE,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO,EAAC;AAAA,EACV;AACA,EAAA,OAAO,OACJ,GAAA,CAAI,CAAC,UAAU,KAAA,CAAM,IAAA,EAAM,CAAA,CAC3B,MAAA;AAAA,IACC,CAAC,KAAA,EAAO,KAAA,EAAO,IAAA,KACb,KAAA,CAAM,SAAS,CAAA,IAAK,IAAA,CAAK,OAAA,CAAQ,KAAK,CAAA,KAAM;AAAA,GAChD;AACJ;AAEA,SAAS,aAAA,CACP,KAAA,EACA,MAAA,EACA,KAAA,EACQ;AACR,EAAA,MAAM,UAAA,GAAa,YAAY,KAAK,CAAA;AACpC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,MAAA;AAAA,MACA,gDAAgD,KAAK,CAAA,CAAA;AAAA,KACvD;AAAA,EACF;AACA,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,qBACP,aAAA,EACsB;AACtB,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,mBAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACA,EAAA,OAAO,aAAA;AACT;AAEA,SAAS,gBAAgB,QAAA,EAAwD;AAC/E,EAAA,IAAI,CAAC,QAAA,EAAU;AACb,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,mBAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACA,EAAA,OAAO,QAAA;AACT;AAEA,SAAS,kBAAkB,IAAA,EAIxB;AACD,EAAA,MAAM,MAAA,GAAS,WAAA,CAAY,IAAA,CAAK,MAAM,CAAA;AACtC,EAAA,IAAI,MAAA,IAAU,MAAA,KAAW,IAAA,CAAK,QAAA,EAAU;AACtC,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,eAAA;AAAA,MACA,CAAA,yDAAA,EAA4D,KAAK,KAAK,CAAA,CAAA;AAAA,KACxE;AAAA,EACF;AACF;AAEO,SAAS,oCACd,KAAA,EAC+B;AAC/B,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,mBAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,KAAA,CAAM,mBAAmB,MAAA,EAAQ;AACnC,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,eAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,WAAA,GAAc,aAAA;AAAA,IAClB,KAAA,CAAM,WAAA;AAAA,IACN,mBAAA;AAAA,IACA;AAAA,GACF;AACA,EAAA,MAAM,QAAA,GAAW,aAAA,CAAc,KAAA,CAAM,QAAA,EAAU,kBAAkB,UAAU,CAAA;AAC3E,EAAA,MAAM,WAAA,GAAc,aAAA;AAAA,IAClB,KAAA,CAAM,WAAA;AAAA,IACN,mBAAA;AAAA,IACA;AAAA,GACF;AACA,EAAA,MAAM,KAAA,GAAQ,eAAA,CAAgB,KAAA,CAAM,KAAK,CAAA;AACzC,EAAA,MAAM,MAAA,GAAS,eAAA,CAAgB,KAAA,CAAM,MAAM,CAAA;AAC3C,EAAA,MAAM,aAAA,GAAgB,oBAAA,CAAqB,KAAA,CAAM,aAAa,CAAA;AAC9D,EAAA,MAAM,QAAA,GAAW,eAAA,CAAgB,KAAA,CAAM,QAAQ,CAAA;AAC/C,EAAA,MAAM,wBAAA,GACJ,QAAA,KAAa,kBAAA,IAAsB,KAAA,CAAM,MAAA,GAAS,CAAA;AACpD,EAAA,IACE,MAAM,MAAA,KAAW,CAAA,IAChB,OAAO,MAAA,KAAW,CAAA,IAAK,CAAC,wBAAA,EACzB;AACA,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,oBAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,OAAO,CAAA,IAAK,WAAA;AACtD,EAAA,MAAM,MAAA,GAAS,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,MAAM,CAAA,IAAK,QAAA;AACpD,EAAA,MAAM,SAAA,GAAY,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,SAAS,CAAA,IAAK,WAAA;AAE1D,EAAA,iBAAA,CAAkB;AAAA,IAChB,KAAA,EAAO,SAAA;AAAA,IACP,QAAA,EAAU,WAAA;AAAA,IACV,MAAA,EAAQ;AAAA,GACT,CAAA;AACD,EAAA,iBAAA,CAAkB,EAAE,KAAA,EAAO,QAAA,EAAU,UAAU,QAAA,EAAU,MAAA,EAAQ,QAAQ,CAAA;AACzE,EAAA,iBAAA,CAAkB;AAAA,IAChB,KAAA,EAAO,WAAA;AAAA,IACP,QAAA,EAAU,WAAA;AAAA,IACV,MAAA,EAAQ;AAAA,GACT,CAAA;AAED,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,EAAQ,OAAA,GACzB,EAAE,GAAG,KAAA,CAAM,MAAA,CAAO,OAAA,EAAQ,GAC3B,MAAA;AAEJ,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,WAAA,CAAY,KAAA,CAAM,OAAO,CAAA;AAAA,IAClC,WAAA;AAAA,IACA,QAAA;AAAA,IACA,WAAA;AAAA,IACA,aAAA;AAAA,IACA,QAAA;AAAA,IACA,KAAA;AAAA,IACA,MAAA;AAAA,IACA,eAAA,EAAiB,MAAM,eAAA,GAAkB,CAAC,GAAG,KAAA,CAAM,eAAe,IAAI,EAAC;AAAA,IACvE,aAAA,EAAe,WAAA,CAAY,KAAA,CAAM,aAAa,CAAA;AAAA,IAC9C,aAAA,EAAe,WAAA,CAAY,KAAA,CAAM,aAAa,CAAA;AAAA,IAC9C,YAAA,EAAc,WAAA,CAAY,KAAA,CAAM,YAAY,CAAA;AAAA,IAC5C,MAAA,EAAQ;AAAA,MACN,OAAA;AAAA,MACA,MAAA;AAAA,MACA,SAAA;AAAA,MACA,QAAA,EAAU,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,QAAQ,CAAA;AAAA,MAC5C,MAAA,EAAQ,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,MAAM,CAAA;AAAA,MACxC,QAAA,EAAU,WAAA,CAAY,KAAA,CAAM,MAAA,EAAQ,QAAQ,CAAA;AAAA,MAC5C;AAAA;AACF,GACF;AACF;AAEO,SAAS,2BACd,WAAA,EACwB;AACxB,EAAA,MAAM,OAAA,GAAkC;AAAA,IACtC,yBAAyB,WAAA,CAAY,WAAA;AAAA,IACrC,2BAA2B,WAAA,CAAY,aAAA;AAAA,IACvC,mBAAmB,WAAA,CAAY,QAAA;AAAA,IAC/B,sBAAsB,WAAA,CAAY,QAAA;AAAA,IAClC,sBAAsB,WAAA,CAAY,WAAA;AAAA,IAClC,yBAAyB,WAAA,CAAY,WAAA;AAAA,IACrC,sBAAsB,WAAA,CAAY,QAAA;AAAA,IAClC,gBAAA,EAAkB,WAAA,CAAY,KAAA,CAAM,IAAA,CAAK,GAAG,CAAA;AAAA,IAC5C,iBAAA,EAAmB,WAAA,CAAY,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAAA,IAC9C,yBAAA,EAA2B,IAAA,CAAK,SAAA,CAAU,WAAA,CAAY,MAAM;AAAA,GAC9D;AAEA,EAAA,IAAI,YAAY,OAAA,EAAS;AACvB,IAAA,OAAA,CAAQ,mBAAmB,IAAI,WAAA,CAAY,OAAA;AAC3C,IAAA,OAAA,CAAQ,kBAAkB,IAAI,WAAA,CAAY,OAAA;AAAA,EAC5C;AACA,EAAA,IAAI,WAAA,CAAY,eAAA,CAAgB,MAAA,GAAS,CAAA,EAAG;AAC1C,IAAA,OAAA,CAAQ,2BAA2B,IAAI,IAAA,CAAK,SAAA;AAAA,MAC1C,WAAA,CAAY;AAAA,KACd;AAAA,EACF;AACA,EAAA,IAAI,YAAY,aAAA,EAAe;AAC7B,IAAA,OAAA,CAAQ,0BAA0B,IAAI,WAAA,CAAY,aAAA;AAAA,EACpD;AACA,EAAA,IAAI,YAAY,aAAA,EAAe;AAC7B,IAAA,OAAA,CAAQ,kBAAkB,IAAI,WAAA,CAAY,aAAA;AAC1C,IAAA,OAAA,CAAQ,yBAAyB,IAAI,WAAA,CAAY,aAAA;AAAA,EACnD;AACA,EAAA,IAAI,YAAY,YAAA,EAAc;AAC5B,IAAA,OAAA,CAAQ,wBAAwB,IAAI,WAAA,CAAY,YAAA;AAAA,EAClD;AAEA,EAAA,OAAO,OAAA;AACT;;;AChOA,IAAM,0BAAA,GAA6B,IAAA;AACnC,IAAM,2BAAA,GAA8B,CAAA;AACpC,IAAM,sBAAA,GAAyB,2BAAA;AAC/B,IAAM,uBAAA,GAA0B,4BAAA;AAChC,IAAM,4BAAA,GAA+B,4BAAA;AA2C9B,IAAM,mBAAA,GAAN,cAAkC,KAAA,CAAM;AAAA,EAC7B,SAAA,GAAY,IAAA;AAAA,EACZ,SAAA;AAAA,EAEhB,YAAY,SAAA,EAAmB;AAC7B,IAAA,KAAA,CAAM,CAAA,wBAAA,EAA2B,SAAS,CAAA,EAAA,CAAI,CAAA;AAC9C,IAAA,IAAA,CAAK,IAAA,GAAO,YAAA;AACZ,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAAA,EACnB;AACF;AAEO,IAAM,qBAAA,GAAN,cAAoC,KAAA,CAAM;AAAA,EAC/B,SAAA;AAAA,EACA,KAAA;AAAA,EAEhB,WAAA,CAAY,SAAiB,OAAA,EAAoD;AAC/E,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,uBAAA;AACZ,IAAA,IAAA,CAAK,SAAA,GAAY,SAAS,SAAA,IAAa,IAAA;AACvC,IAAA,IAAA,CAAK,QAAQ,OAAA,EAAS,KAAA;AAAA,EACxB;AACF;AAMO,SAAS,0BACd,KAAA,EACkC;AAClC,EAAA,OAAO,KAAA,YAAiB,uBAAuB,KAAA,YAAiB,qBAAA;AAClE;AAEO,SAAS,wBAAwB,KAAA,EAAyB;AAC/D,EAAA,OACG,iBAAiB,mBAAA,IAAuB,KAAA,CAAM,aAC9C,KAAA,YAAiB,qBAAA,IAAyB,MAAM,SAAA,IACjD,KAAA;AAEJ;AAQO,IAAM,cAAA,GAAN,cAA6B,KAAA,CAAM;AAAA,EACxB,IAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,OAAA;AAAA,EACA,SAAA;AAAA,EACA,aAAA;AAAA,EACA,aAAA;AAAA,EAEhB,YAAY,IAAA,EAUT;AACD,IAAA,KAAA,CAAM,KAAK,OAAO,CAAA;AAClB,IAAA,IAAA,CAAK,IAAA,GAAO,gBAAA;AACZ,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,IAAA;AACjB,IAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACnB,IAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACtB,IAAA,IAAA,CAAK,aAAa,IAAA,CAAK,UAAA;AACvB,IAAA,IAAA,CAAK,UAAU,IAAA,CAAK,OAAA;AACpB,IAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACtB,IAAA,IAAA,CAAK,gBAAgB,IAAA,CAAK,aAAA;AAC1B,IAAA,IAAA,CAAK,gBAAgB,IAAA,CAAK,aAAA;AAAA,EAC5B;AACF;AA2GO,SAAS,cACd,KAAA,EACQ;AACR,EAAA,MAAM,MAAA,GAAS,IAAI,eAAA,EAAgB;AACnC,EAAA,IAAI,MAAM,QAAA,EAAU;AAClB,IAAA,MAAA,CAAO,GAAA,CAAI,UAAA,EAAY,KAAA,CAAM,QAAQ,CAAA;AAAA,EACvC;AACA,EAAA,IAAI,MAAM,WAAA,EAAa;AACrB,IAAA,MAAA,CAAO,GAAA,CAAI,aAAA,EAAe,KAAA,CAAM,WAAW,CAAA;AAAA,EAC7C;AACA,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AAChD,IAAA,IAAI,GAAA,KAAQ,UAAA,IAAc,GAAA,KAAQ,aAAA,EAAe;AAC/C,MAAA;AAAA,IACF;AACA,IAAA,IAAI,UAAU,MAAA,EAAW;AACvB,MAAA;AAAA,IACF;AACA,IAAA,MAAA,CAAO,GAAA,CAAI,GAAA,EAAK,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,EAC/B;AACA,EAAA,MAAM,UAAA,GAAa,OAAO,QAAA,EAAS;AACnC,EAAA,OAAO,UAAA,CAAW,MAAA,GAAS,CAAA,GAAI,CAAA,CAAA,EAAI,UAAU,CAAA,CAAA,GAAK,EAAA;AACpD;AAEA,SAAS,gBAAgB,MAAA,EAA4B;AACnD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,OAAO,UAAA,CAAW,MAAA,EAAQ,eAAA,KAAoB,UAAA,EAAY;AAC5D,IAAA,UAAA,CAAW,MAAA,CAAO,gBAAgB,KAAK,CAAA;AACvC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,KAAA,IAAS,KAAA,GAAQ,CAAA,EAAG,KAAA,GAAQ,MAAA,EAAQ,SAAS,CAAA,EAAG;AAC9C,IAAA,KAAA,CAAM,KAAK,CAAA,GAAI,IAAA,CAAK,MAAM,IAAA,CAAK,MAAA,KAAW,GAAG,CAAA;AAAA,EAC/C;AACA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,yBAAA,GAAoC;AAC3C,EAAA,IAAI,OAAO,UAAA,CAAW,MAAA,EAAQ,UAAA,KAAe,UAAA,EAAY;AACvD,IAAA,OAAO,UAAA,CAAW,OAAO,UAAA,EAAW;AAAA,EACtC;AAEA,EAAA,MAAM,KAAA,GAAQ,gBAAgB,EAAE,CAAA;AAChC,EAAA,KAAA,CAAM,CAAC,CAAA,GAAK,KAAA,CAAM,CAAC,IAAI,EAAA,GAAQ,EAAA;AAC/B,EAAA,KAAA,CAAM,CAAC,CAAA,GAAK,KAAA,CAAM,CAAC,IAAI,EAAA,GAAQ,GAAA;AAC/B,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAC,KAAA,KAAU,KAAA,CAAM,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA;AAC5E,EAAA,OAAO,GAAG,GAAA,CAAI,KAAA,CAAM,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAC,IAAI,GAAA,CAAI,KAAA,CAAM,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAC,IAAI,GAAA,CAAI,KAAA;AAAA,IACpE,CAAA;AAAA,IACA;AAAA,GACF,CAAE,KAAK,EAAE,CAAC,IAAI,GAAA,CAAI,KAAA,CAAM,GAAG,EAAE,CAAA,CAAE,KAAK,EAAE,CAAC,IAAI,GAAA,CAAI,KAAA,CAAM,EAAE,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC,CAAA,CAAA;AACnE;AAEA,SAAS,kBAAA,GAAyC;AAChD,EAAA,MAAM,UAAA,GACJ,OAAO,UAAA,KAAe,QAAA,IACtB,eAAe,IAAA,IACf,SAAA,IAAa,UAAA,GACR,UAAA,CAA8D,OAAA,GAC/D,MAAA;AACN,EAAA,MAAM,GAAA,GACJ,UAAA,KAAe,MAAA,IACf,OAAO,UAAA,KAAe,QAAA,IACtB,UAAA,KAAe,IAAA,IACf,OAAO,UAAA,CAAW,GAAA,KAAQ,QAAA,GACtB,WAAW,GAAA,GACX,MAAA;AAEN,EAAA,OAAO;AAAA,IACL,GAAA,EAAK,CAAC,IAAA,KAAS;AACb,MAAA,MAAM,KAAA,GAAQ,MAAM,IAAI,CAAA;AACxB,MAAA,OAAO,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,MAAA,GAAS,IAAI,KAAA,GAAQ,MAAA;AAAA,IACjE;AAAA,GACF;AACF;AAEA,SAAS,2BACP,WAAA,EACoC;AACpC,EAAA,MAAM,KAAA,GAAQ;AAAA,IACZ,0BAAA;AAAA,IACA,yBAAA;AAAA,IACA,oBAAA;AAAA,IACA,aAAA;AAAA,IACA,6BAAA;AAAA,IACA,sBAAA;AAAA,IACA,sBAAA;AAAA,IACA,eAAA;AAAA,IACA,sBAAA;AAAA,IACA,WAAA;AAAA,IACA,oBAAA;AAAA,IACA,UAAA;AAAA,IACA,gBAAA;AAAA,IACA,gBAAA;AAAA,IACA;AAAA,GACF;AACA,EAAA,OAAO,MAAA,CAAO,WAAA;AAAA,IACZ,KAAA,CAAM,GAAA,CAAI,CAAC,IAAA,KAAS,CAAC,MAAM,WAAA,CAAY,GAAA,CAAI,IAAI,CAAC,CAAC;AAAA,GACnD;AACF;AAEA,SAAS,qBAAA,CACP,QAIA,WAAA,EACuB;AACvB,EAAA,MAAM,gBAAA,GAAmB,MAAA,CAAO,gBAAA,KAAqB,MAAM,yBAAA,EAA0B,CAAA;AACrF,EAAA,MAAM,gBAAA,GAAmB,sBAAA;AAAA,IACvB,MAAA,CAAO,UAAA;AAAA,IACP,WAAA,CAAY,IAAI,uBAAuB;AAAA,GACzC;AACA,EAAA,MAAM,eAAA,GAAkB,sBAAA;AAAA,IACtB,MAAA,CAAO,SAAA;AAAA,IACP,WAAA,CAAY,IAAI,sBAAsB;AAAA,GACxC;AAEA,EAAA,MAAM,cAAA,GAA6D;AAAA,IACjE,GAAG,MAAA,CAAO;AAAA,GACZ;AACA,EAAA,KAAA,MAAW,UAAU,CAAC,KAAA,EAAO,QAAQ,KAAA,EAAO,OAAA,EAAS,QAAQ,CAAA,EAAY;AACvE,IAAA,MAAM,MAAA,GAAS,CAAA,EAAG,4BAA4B,CAAA,EAAG,MAAM,CAAA,CAAA;AACvD,IAAA,MAAM,GAAA,GAAM,WAAA,CAAY,GAAA,CAAI,MAAM,CAAA;AAClC,IAAA,IAAI,CAAC,GAAA,IAAO,cAAA,CAAe,MAAM,MAAM,MAAA,EAAW;AAChD,MAAA;AAAA,IACF;AACA,IAAA,MAAM,MAAA,GAAS,sBAAA,CAAuB,MAAA,EAAW,GAAG,CAAA;AACpD,IAAA,IAAI,OAAO,WAAW,QAAA,EAAU;AAC9B,MAAA,cAAA,CAAe,MAAM,CAAA,GAAI,MAAA;AAAA,IAC3B;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,YAAY,gBAAA,IAAoB,2BAAA;AAAA,IAChC,WAAW,eAAA,IAAmB,0BAAA;AAAA,IAC9B,iBAAA,EAAmB,cAAA;AAAA,IACnB;AAAA,GACF;AACF;AAEA,SAAS,oBAAA,CACP,QACA,WAAA,EACwB;AACxB,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,OAAO,SAAA,IAAa,KAAA;AAAA,IAC3B,GAAA,EAAK,MAAM,IAAA,CAAK,GAAA,EAAI;AAAA,IACpB,KAAA,EAAO,CAAC,EAAA,KAAO,KAAA,CAAM,EAAE,CAAA;AAAA,IACvB,GAAA,EAAK,WAAA;AAAA,IACL,SAAA,EAAW,4BAAA;AAAA,IACX,OAAA,EAAS,qBAAA,CAAsB,MAAA,EAAQ,WAAW;AAAA,GACpD;AACF;AAEA,SAAS,sBAAA,CACP,OACA,QAAA,EACoB;AACpB,EAAA,IAAI,OAAO,UAAU,QAAA,IAAY,MAAA,CAAO,UAAU,KAAK,CAAA,IAAK,SAAS,CAAA,EAAG;AACtE,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,QAAA,KAAa,QAAA,IAAY,CAAC,QAAA,CAAS,MAAK,EAAG;AACpD,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,MAAA,GAAS,MAAA,CAAO,QAAA,CAAS,QAAA,EAAU,EAAE,CAAA;AAC3C,EAAA,OAAO,OAAO,SAAA,CAAU,MAAM,CAAA,IAAK,MAAA,IAAU,IAAI,MAAA,GAAS,MAAA;AAC5D;AAEA,SAAS,6BAAgC,KAAA,EAAa;AACpD,EAAA,OAAO,sBAAsB,KAAK,CAAA;AACpC;AAEA,SAAS,qBAAA,CACP,eACA,WAAA,EACQ;AACR,EAAA,MAAM,UAAA,GACJ,WAAA,CAAY,GAAA,CAAI,gBAAgB,CAAA,IAChC,WAAA,CAAY,GAAA,CAAI,iBAAiB,CAAA,IACjC,WAAA,CAAY,GAAA,CAAI,yBAAyB,CAAA;AAE3C,EAAA,OAAA,CAAQ,aAAA,IAAiB,UAAA,IAAc,EAAA,EAAI,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAC/D;AAEA,SAAS,4BAA4B,KAAA,EAEvB;AACZ,EAAA,OAAO,KAAA,KAAU,SAAA,IAAa,KAAA,KAAU,YAAA,GAAe,KAAA,GAAQ,MAAA;AACjE;AAKO,IAAM,oBAAA,GAAuB;AAEpC,SAAS,kBAAkB,MAAA,EAAwB;AACjD,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,yBAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,WAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,WAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,gBAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,UAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAW,GAAA,EAAK;AAClB,IAAA,OAAO,qBAAA;AAAA,EACT;AACA,EAAA,IAAI,UAAU,GAAA,EAAK;AACjB,IAAA,OAAO,gBAAA;AAAA,EACT;AACA,EAAA,OAAO,gBAAA;AACT;AAEA,SAAS,MAAM,EAAA,EAA2B;AACxC,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,EAAE,CAAC,CAAA;AACzD;AAEA,SAAS,oBAAoB,IAAA,EAIlB;AACT,EAAA,MAAM,SAAA,GACJ,IAAA,CAAK,MAAA,KAAW,GAAA,GACZ,IAAA,CAAK,GAAA;AAAA,IACH,KAAK,YAAA,IAAgB,CAAA;AAAA,IACrB,KAAK,GAAA,CAAI,GAAA,GAAO,CAAA,IAAK,IAAA,CAAK,SAAS,GAAM;AAAA,MAE3C,IAAA,CAAK,GAAA,CAAI,MAAO,CAAA,IAAK,IAAA,CAAK,SAAS,GAAI,CAAA;AAE7C,EAAA,IAAI,IAAA,CAAK,WAAW,GAAA,EAAK;AACvB,IAAA,OAAO,SAAA;AAAA,EACT;AAEA,EAAA,MAAM,YAAA,GAAe,KAAK,GAAA,CAAI,GAAA,EAAK,KAAK,KAAA,CAAM,SAAA,GAAY,IAAI,CAAC,CAAA;AAC/D,EAAA,OAAO,YAAY,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,MAAA,KAAW,YAAY,CAAA;AAC5D;AAEA,SAAS,6BAA6B,KAAA,EAAyB;AAC7D,EAAA,OAAO,wBAAwB,KAAK,CAAA,IAAK,cAAc,EAAE,KAAA,EAAO,CAAA,CAAE,SAAA;AACpE;AAEA,SAAS,SAAS,KAAA,EAAkD;AAClE,EAAA,OAAO,KAAA,KAAU,QAAQ,OAAO,KAAA,KAAU,YAAY,CAAC,KAAA,CAAM,QAAQ,KAAK,CAAA;AAC5E;AAEA,SAAS,6BAA6B,OAAA,EAAoC;AACxE,EAAA,IAAI,CAAC,QAAA,CAAS,OAAO,CAAA,EAAG;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,gBAAgB,OAAA,CAAQ,OAAA;AAC9B,EAAA,IAAI,OAAO,aAAA,KAAkB,QAAA,IAAY,cAAc,IAAA,EAAK,CAAE,SAAS,CAAA,EAAG;AACxE,IAAA,OAAO,cAAc,IAAA,EAAK;AAAA,EAC5B;AAEA,EAAA,MAAM,SAAS,OAAA,CAAQ,MAAA;AACvB,EAAA,IAAI,CAAC,QAAA,CAAS,MAAM,CAAA,EAAG;AACrB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,cAAc,MAAA,CAAO,WAAA;AAC3B,EAAA,IAAI,CAAC,QAAA,CAAS,WAAW,CAAA,EAAG;AAC1B,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,gBAAgB,WAAA,CAAY,OAAA;AAClC,EAAA,IAAI,OAAO,aAAA,KAAkB,QAAA,IAAY,cAAc,IAAA,EAAK,CAAE,SAAS,CAAA,EAAG;AACxE,IAAA,OAAO,cAAc,IAAA,EAAK;AAAA,EAC5B;AAEA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,0BAA0B,KAAA,EAAqD;AACtF,EAAA,OAAO,KAAA,KAAU,MAAA,GACb,MAAA,GACC,qBAAA,CAAsB,KAAK,CAAA;AAClC;AAEA,eAAe,6BACb,WAAA,EACgD;AAChD,EAAA,IAAI,OAAO,gBAAgB,UAAA,EAAY;AACrC,IAAA,OAAO,MAAM,WAAA,EAAY;AAAA,EAC3B;AACA,EAAA,OAAO,WAAA;AACT;AAEA,SAAS,iBAAA,CACP,MACA,QAAA,EACwB;AACxB,EAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,IAAI,CAAA;AAChC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,QAAQ,CAAA,EAAG;AACnD,IAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAChC,IAAA,IAAI,QAAA,KAAa,IAAA,IAAQ,QAAA,KAAa,KAAA,EAAO;AAC3C,MAAA,MAAM,IAAI,yBAAA;AAAA,QACR,eAAA;AAAA,QACA,6DAA6D,GAAG,CAAA,QAAA;AAAA,OAClE;AAAA,IACF;AACA,IAAA,OAAA,CAAQ,GAAA,CAAI,KAAK,KAAK,CAAA;AAAA,EACxB;AACA,EAAA,OAAO,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,EAAS,CAAA;AAC7C;AAEA,SAAS,iBAAiB,KAAA,EAAsD;AAC9E,EAAA,MAAM,UAAA,GAAa,OAAO,IAAA,EAAK;AAC/B,EAAA,OAAO,aAAa,UAAA,GAAa,MAAA;AACnC;AAKO,SAAS,0BAAA,CAA2B,MAAA,GAA8B,EAAC,EAAG;AAC3E,EAAA,MAAM,MAAM,kBAAA,EAAmB;AAC/B,EAAA,MAAM,OAAA,GAAU,oBAAA,CAAqB,MAAA,EAAQ,GAAG,CAAA;AAChD,EAAA,MAAM,OAAA,GAAU,qBAAA,CAAsB,MAAA,CAAO,OAAA,EAAS,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,QAAQ,OAAA,CAAQ,UAAA;AACnC,EAAA,MAAM,gBAAA,GAAmB,QAAQ,OAAA,CAAQ,gBAAA;AACzC,EAAA,MAAM,sBAAA,GAAyB,QAAQ,OAAA,CAAQ,iBAAA;AAC/C,EAAA,MAAM,uBAAA,GAA0B,QAAQ,OAAA,CAAQ,SAAA;AAChD,EAAA,MAAM,qBAAA,GAAwB,2BAAA,CAA4B,MAAA,CAAO,WAAW,CAAA;AAC5E,EAAA,MAAM,iBAAA,GACJ,MAAA,CAAO,gBAAA,KAAqB,KAAA,GACxB,IAAA,GACC,OAAO,iBAAA,IACR,8BAAA,CAA+B,0BAAA,CAA2B,GAAG,CAAA,EAAG;AAAA,IAC9D,OAAA,EAAS,YAAA;AAAA,IACT,WAAA,EAAa;AAAA,GACd,CAAA;AAEP,EAAA,eAAe,kBAAA,GAAsD;AACnE,IAAA,MAAM,WAAW,MAAA,CAAO,cAAA,GAAiB,MAAM,MAAA,CAAO,cAAA,KAAmB,EAAC;AAC1E,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,QAAQ,CAAA;AACpC,IAAA,MAAM,WAAA,GAAc,CAAC,IAAA,EAAc,KAAA,KAA8B;AAC/D,MAAA,MAAM,UAAA,GAAa,iBAAiB,KAAK,CAAA;AACzC,MAAA,IAAI,UAAA,IAAc,CAAC,OAAA,CAAQ,GAAA,CAAI,IAAI,CAAA,EAAG;AACpC,QAAA,OAAA,CAAQ,GAAA,CAAI,MAAM,UAAU,CAAA;AAAA,MAC9B;AAAA,IACF,CAAA;AAEA,IAAA,WAAA,CAAY,cAAA,EAAgB,OAAO,MAAM,CAAA;AACzC,IAAA,WAAA,CAAY,wBAAA,EAA0B,OAAO,SAAS,CAAA;AACtD,IAAA,WAAA,CAAY,wBAAwB,qBAAqB,CAAA;AACzD,IAAA,WAAA,CAAY,mBAAA,EAAqB,OAAO,OAAO,CAAA;AAC/C,IAAA,WAAA,CAAY,kBAAA,EAAoB,MAAA,CAAO,MAAA,IAAU,MAAA,CAAO,OAAO,CAAA;AAC/D,IAAA,WAAA,CAAY,0BAAA,EAA4B,OAAO,cAAc,CAAA;AAE7D,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,SAAS,CAAA;AACjD,IAAA,MAAM,mBAAmB,MAAM,4BAAA;AAAA,MAC7B,MAAA,CAAO;AAAA,KACT;AACA,IAAA,IAAI,CAAC,gBAAA,IAAoB,CAAC,MAAA,CAAO,2BAAA,EAA6B;AAC5D,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,MAAM,WAAA,GAAc,oCAAoC,gBAAgB,CAAA;AACxE,IAAA,OAAO,iBAAA,CAAkB,IAAA,EAAM,0BAAA,CAA2B,WAAW,CAAC,CAAA;AAAA,EACxE;AAEA,EAAA,eAAe,gBAAA,CACb,GAAA,EACA,IAAA,EACA,SAAA,EACmB;AACnB,IAAA,MAAM,uBAAA,GAA0B,CAC9B,KAAA,EACA,SAAA,KAC4B;AAC5B,MAAA,IAAI,SAAA,EAAW;AACb,QAAA,OAAO,IAAI,oBAAoB,SAAS,CAAA;AAAA,MAC1C;AACA,MAAA,OAAO,KAAA,YAAiB,mBAAA,IACtB,KAAA,YAAiB,qBAAA,GACf,QACA,IAAI,qBAAA;AAAA,QACF,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,yBAAA;AAAA,QACzC;AAAA,UACE,KAAA,EAAO,KAAA;AAAA,UACP,SAAA,EAAW,6BAA6B,KAAK;AAAA;AAC/C,OACF;AAAA,IACN,CAAA;AAEA,IAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,SAAS,CAAA;AAC5D,IAAA,MAAM,aAAA,GAAgB,OAAO,UAAA,CAAW;AAAA,MACtC,GAAA,EAAK,MAAM,OAAA,CAAQ,KAAA,CAAM,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,UAAA,CAAW,MAAA,EAAQ,CAAA;AAAA,MACpE,OAAO,CAAC,KAAA,KAAU,wBAAwB,KAAA,EAAO,UAAA,CAAW,OAAO,OAAO;AAAA,KAC3E,CAAA;AACD,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,cAAA,CAAe,aAAa,CAAA;AACtD,MAAA,IAAI,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,EAAG;AACxB,QAAA,OAAO,IAAA,CAAK,KAAA;AAAA,MACd;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,KAAA,CAAM,SAAS,IAAA,CAAK,KAAK,CAAC,CAAA,CAAE,CAAC,CAAA;AACxD,MAAA,IAAI,YAAY,KAAA,CAAA,EAAW;AACzB,QAAA,MAAM,OAAA;AAAA,MACR;AACA,MAAA,MAAM,KAAA,CAAM,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA;AAAA,IAC/B,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAEA,EAAA,eAAe,yBACb,OAAA,EACe;AACf,IAAA,MAAM,QAAQ,aAAA,CAAc;AAAA,MAC1B,QAAQ,OAAA,CAAQ,MAAA;AAAA,MAChB,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,UAAA,EACE,OAAA,CAAQ,YAAA,KAAiB,IAAA,IAAQ,OAAA,CAAQ,YAAA,KAAiB,MAAA,GACtD,MAAA,CAAO,OAAA,CAAQ,YAAA,GAAe,GAAI,CAAA,GAClC;AAAA,KACP,CAAA;AACD,IAAA,MAAM,oBAAoB,iBAAA,EAAmB;AAAA,MAC3C,UAAA,EAAY,OAAA;AAAA,MACZ,OAAA,EAAS,WAAA;AAAA,MACT,WAAW,OAAA,CAAQ,SAAA,GACf,WAAA,GACA,OAAA,CAAQ,QACN,mBAAA,GACA,sBAAA;AAAA,MACN,UAAU,OAAA,CAAQ,KAAA,GAAS,OAAA,CAAQ,SAAA,GAAY,SAAS,OAAA,GAAW,MAAA;AAAA,MACnE,YAAY,OAAA,CAAQ,UAAA;AAAA,MACpB,UAAA,EAAY,yBAAA;AAAA,MACZ,aAAa,OAAA,CAAQ,UAAA;AAAA,MACrB,aAAA,EAAe,OAAA,CAAQ,aAAA,IAAiB,OAAA,CAAQ,SAAA;AAAA,MAChD,aAAA,EAAe,QAAQ,aAAA,IAAiB,IAAA;AAAA,MACxC,QAAA,EACE,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,oBAAoB,KACxC,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,iBAAiB,CAAA,IACrC,MAAA;AAAA,MACF,WAAA,EACE,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,uBAAuB,KAC3C,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,oBAAoB,CAAA,IACxC,MAAA;AAAA,MACF,UAAA,EAAY;AAAA,QACV,OAAA,EAAS,YAAA;AAAA,QACT,SAAA,EAAW,iBAAA;AAAA,QACX,MAAM,OAAA,CAAQ,IAAA;AAAA,QACd,YAAY,OAAA,CAAQ,MAAA;AAAA,QACpB,YAAY,OAAA,CAAQ,MAAA;AAAA,QACpB,SAAS,OAAA,CAAQ,OAAA;AAAA,QACjB,YAAY,OAAA,CAAQ,UAAA;AAAA,QACpB,aAAa,KAAA,CAAM,MAAA;AAAA,QACnB,YAAA,EAAc,OAAA,CAAQ,YAAA,IAAgB,KAAA,CAAM,YAAA;AAAA,QAC5C,WAAW,OAAA,CAAQ,SAAA;AAAA,QACnB,WAAW,KAAA,CAAM,SAAA;AAAA,QACjB,WACE,OAAA,CAAQ,KAAA,YAAiB,KAAA,GAAQ,OAAA,CAAQ,MAAM,IAAA,GAAO,MAAA;AAAA,QACxD,cACE,OAAA,CAAQ,KAAA,YAAiB,KAAA,GAAQ,OAAA,CAAQ,MAAM,OAAA,GAAU;AAAA;AAC7D,KACD,CAAA;AAAA,EACH;AAEA,EAAA,eAAe,aACb,QAAA,EAC4C;AAC5C,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,MAAM,MAAA,GAAS,4BAA4B,IAAI,CAAA;AAC/C,IAAA,IAAI,CAAC,OAAO,EAAA,EAAI;AACd,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,OAAO,QAAA,CAAS,MAAA,CAAO,KAAK,CAAA,GACvB,OAAO,KAAA,GACR,IAAA;AAAA,EACN;AAEA,EAAA,SAAS,gBAAA,CACP,QACA,gBAAA,EACQ;AACR,IAAA,IAAI,OAAO,qBAAqB,QAAA,EAAU;AACxC,MAAA,OAAO,gBAAA;AAAA,IACT;AACA,IAAA,MAAM,eAAA,GAAkB,yBAAyB,MAAM,CAAA;AACvD,IAAA,IAAI,OAAO,oBAAoB,QAAA,EAAU;AACvC,MAAA,OAAO,eAAA;AAAA,IACT;AACA,IAAA,OAAO,uBAAA;AAAA,EACT;AAEA,EAAA,SAAS,4BAA4B,IAAA,EAAgC;AACnE,IAAA,MAAM,OAAA,GAAU,KAAK,IAAA,EAAK;AAC1B,IAAA,IAAI,CAAC,QAAQ,UAAA,CAAW,GAAG,KAAK,CAAC,OAAA,CAAQ,UAAA,CAAW,GAAG,CAAA,EAAG;AACxD,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,UAAA,EAAW;AAAA,IACzC;AACA,IAAA,IAAI;AACF,MAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,OAAO,IAAA,CAAK,KAAA,CAAM,OAAO,CAAA,EAAE;AAAA,IAChD,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,iBAAiB,WAAA,EAAa;AAChC,QAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,gBAAgB,KAAA,EAAM;AAAA,MACpD;AACA,MAAA,MAAM,KAAA;AAAA,IACR;AAAA,EACF;AAEA,EAAA,SAAS,cAAc,IAAA,EAIJ;AACjB,IAAA,MAAM,UAAU,IAAA,CAAK,OAAA;AACrB,IAAA,MAAM,WAAA,GACJ,WAAW,QAAA,CAAS,OAAA,CAAQ,KAAK,CAAA,GAAI,OAAA,CAAQ,QAAQ,OAAA,EAAS,WAAA;AAChE,IAAA,MAAM,aAAA,GACJ,OAAA,EAAS,aAAA,IACT,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,yBAAyB,CAAA,EAAG,IAAA,EAAK,IAC3D,IAAA,CAAK,SAAA;AACP,IAAA,MAAM,aAAA,GACJ,OAAA,EAAS,aAAA,IACT,IAAA,CAAK,QAAA,CAAS,QAAQ,GAAA,CAAI,0BAA0B,CAAA,EAAG,IAAA,EAAK,IAC5D,IAAA;AACF,IAAA,MAAM,UAAU,OAAA,CAAQ,SAAA;AAAA,MACtB,yBAAA,CAA0B,OAAA,EAAS,OAAA,IAAW,WAAA,EAAa,OAAO;AAAA,KACpE;AACA,IAAA,MAAM,aAAA,GAAgB,6BAA6B,OAAO,CAAA;AAC1D,IAAA,MAAM,iBACJ,OAAO,OAAA,EAAS,UAAU,QAAA,GACtB,OAAA,CAAQ,QACR,WAAA,EAAa,OAAA;AAEnB,IAAA,OAAO,IAAI,cAAA,CAAe;AAAA,MACxB,IAAA,EACE,SAAS,IAAA,IACT,WAAA,EAAa,QACb,iBAAA,CAAkB,IAAA,CAAK,SAAS,MAAM,CAAA;AAAA,MACxC,SACE,aAAA,IACA,cAAA,KACC,IAAA,CAAK,QAAA,CAAS,KACX,mDAAA,GACA,8BAAA,CAAA;AAAA,MACN,MAAA,EAAQ,KAAK,QAAA,CAAS,MAAA;AAAA,MACtB,WAAW,OAAA,EAAS,SAAA;AAAA,MACpB,YAAY,OAAA,EAAS,UAAA;AAAA,MACrB,OAAA;AAAA,MACA,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,aAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA,EACH;AAEA,EAAA,eAAe,QAAW,IAAA,EAOa;AACrC,IAAA,MAAM,WAAA,GAAc,MAAM,kBAAA,EAAmB;AAC7C,IAAA,MAAM,MAAA,GAAS,KAAK,MAAA,IAAU,KAAA;AAC9B,IAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA;AACzD,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,MAC1B,cAAA,EAAgB,kBAAA;AAAA,MAChB,GAAG;AAAA,KACJ,CAAA;AACD,IAAA,IAAI,KAAK,cAAA,EAAgB;AACvB,MAAA,OAAA,CAAQ,GAAA,CAAI,iBAAA,EAAmB,IAAA,CAAK,cAAc,CAAA;AAAA,IACpD;AACA,IAAA,MAAM,SAAA,GACJ,OAAA,CAAQ,GAAA,CAAI,kBAAkB,GAAG,IAAA,EAAK,IACtC,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,EAAG,IAAA,EAAK,IAClC,IAAA,CAAK,aACL,gBAAA,EAAiB;AACnB,IAAA,IAAI,CAAC,QAAQ,GAAA,CAAI,kBAAkB,KAAK,CAAC,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,EAAG;AACpE,MAAA,OAAA,CAAQ,GAAA,CAAI,oBAAoB,SAAS,CAAA;AAAA,IAC3C;AAEA,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,OAAO,CAAA,EAAG,KAAK,IAAI,CAAA,CAAA;AAClC,IAAA,MAAM,iBAAiB,IAAA,CAAK,IAAA,GAAO,KAAK,SAAA,CAAU,IAAA,CAAK,IAAI,CAAA,GAAI,MAAA;AAC/D,IAAA,MAAM,IAAA,GAAoB;AAAA,MACxB,MAAA;AAAA,MACA,OAAA;AAAA,MACA,IAAA,EAAM;AAAA,KACR;AAEA,IAAA,IAAI,SAAA;AAEJ,IAAA,KAAA,IAAS,OAAA,GAAU,CAAA,EAAG,OAAA,IAAW,UAAA,EAAY,OAAA,EAAA,EAAW;AACtD,MAAA,MAAM,kBAAA,GAAgD;AAAA,QACpD,SAAA;AAAA,QACA,OAAA;AAAA,QACA,UAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,GAAA;AAAA,QACA,OAAA,EAAS,IAAI,OAAA,CAAQ,OAAO,CAAA;AAAA,QAC5B,IAAA,EAAM,cAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,MAAM,MAAA,CAAO,YAAY,kBAAkB,CAAA;AAC3C,MAAA,MAAM,SAAA,GAAY,KAAK,GAAA,EAAI;AAC3B,MAAA,IAAI;AACF,QAAA,MAAM,QAAA,GAAW,MAAM,gBAAA,CAAiB,GAAA,EAAK,MAAM,SAAS,CAAA;AAC5D,QAAA,MAAM,aAAA,GAAgB,SAAS,KAAA,EAAM;AACrC,QAAA,MAAM,OAAA,GAAU,MAAM,YAAA,CAAgB,QAAQ,CAAA;AAC9C,QAAA,MAAM,QAAQ,aAAA,CAAc;AAAA,UAC1B,QAAQ,QAAA,CAAS,MAAA;AAAA,UACjB,UAAA,EAAY,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,aAAa;AAAA,SAC/C,CAAA;AACD,QAAA,MAAM,YAAA,GAAe,MAAM,YAAA,IAAgB,IAAA;AAE3C,QAAA,IAAI,CAAC,QAAA,CAAS,EAAA,IAAM,CAAC,SAAS,OAAA,EAAS;AACrC,UAAA,MAAM,OAAA,GACJ,OAAA,IAAW,CAAC,OAAA,CAAQ,UAAW,OAAA,GAAqC,IAAA;AACtE,UAAA,MAAM,WAAW,aAAA,CAAc;AAAA,YAC7B,SAAA;AAAA,YACA,QAAA;AAAA,YACA;AAAA,WACD,CAAA;AACD,UAAA,MAAM,SAAA,GAAY,OAAA,GAAU,UAAA,IAAc,KAAA,CAAM,SAAA;AAChD,UAAA,MAAMA,gBAAAA,GAA8C;AAAA,YAClD,GAAG,kBAAA;AAAA,YACH,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA;AAAA,YACzB,QAAQ,QAAA,CAAS,MAAA;AAAA,YACjB,QAAA,EAAU,aAAA;AAAA,YACV,KAAA,EAAO,QAAA;AAAA,YACP,aAAA,EAAe,SAAS,aAAA,IAAiB,SAAA;AAAA,YACzC,aAAA,EAAe,SAAS,aAAA,IAAiB,IAAA;AAAA,YACzC,YAAA;AAAA,YACA;AAAA,WACF;AAEA,UAAA,MAAM,MAAA,CAAO,aAAaA,gBAAe,CAAA;AACzC,UAAA,MAAM,yBAAyBA,gBAAe,CAAA;AAE9C,UAAA,IAAI,SAAA,EAAW;AACb,YAAA,SAAA,GAAY,QAAA;AACZ,YAAA,MAAM,KAAA;AAAA,cACJ,mBAAA,CAAoB;AAAA,gBAClB,OAAA;AAAA,gBACA,QAAQ,QAAA,CAAS,MAAA;AAAA,gBACjB;AAAA,eACD;AAAA,aACH;AACA,YAAA;AAAA,UACF;AAEA,UAAA,MAAM,QAAA;AAAA,QACR;AAEA,QAAA,MAAM,cAAA,GAAiB,OAAA;AACvB,QAAA,MAAM,eAAA,GAA8C;AAAA,UAClD,GAAG,kBAAA;AAAA,UACH,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA;AAAA,UACzB,QAAQ,QAAA,CAAS,MAAA;AAAA,UACjB,QAAA,EAAU,aAAA;AAAA,UACV,aAAA,EACE,eAAe,aAAA,IACf,QAAA,CAAS,QAAQ,GAAA,CAAI,yBAAyB,CAAA,EAAG,IAAA,EAAK,IACtD,SAAA;AAAA,UACF,aAAA,EACE,eAAe,aAAA,IACf,QAAA,CAAS,QAAQ,GAAA,CAAI,0BAA0B,CAAA,EAAG,IAAA,EAAK,IACvD,IAAA;AAAA,UACF,kBAAkB,cAAA,CAAe,gBAAA;AAAA,UACjC,YAAA;AAAA,UACA,SAAA,EAAW;AAAA,SACb;AACA,QAAA,MAAM,MAAA,CAAO,aAAa,eAAe,CAAA;AACzC,QAAA,MAAM,yBAAyB,eAAe,CAAA;AAE9C,QAAA,OAAO,cAAA;AAAA,MACT,SAAS,UAAA,EAAY;AACnB,QAAA,IAAI,sBAAsB,cAAA,EAAgB;AACxC,UAAA,MAAM,UAAA;AAAA,QACR;AACA,QAAA,MAAM,SAAA,GACJ,OAAA,GAAU,UAAA,IAAc,4BAAA,CAA6B,UAAU,CAAA;AACjE,QAAA,MAAM,eAAA,GAA8C;AAAA,UAClD,GAAG,kBAAA;AAAA,UACH,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA;AAAA,UACzB,KAAA,EAAO,UAAA;AAAA,UACP,aAAA,EAAe,SAAA;AAAA,UACf,aAAA,EAAe,IAAA;AAAA,UACf;AAAA,SACF;AACA,QAAA,MAAM,MAAA,CAAO,aAAa,eAAe,CAAA;AACzC,QAAA,MAAM,yBAAyB,eAAe,CAAA;AAC9C,QAAA,SAAA,GAAY,UAAA;AACZ,QAAA,IAAI,SAAA,EAAW;AACb,UAAA,MAAM,KAAA,CAAM,mBAAA,CAAoB,EAAE,OAAA,EAAS,CAAC,CAAA;AAAA,QAC9C;AAAA,MACF;AAAA,IACF;AAEA,IAAA,MAAM,SAAA,YAAqB,KAAA,GACvB,SAAA,GACA,IAAI,MAAM,4CAA4C,CAAA;AAAA,EAC5D;AAEA,EAAA,OAAO;AAAA,IACL;AAAA,GACF;AACF","file":"coreClient.js","sourcesContent":["import type {\n SessionAuthMode,\n SessionDelegationHop,\n SessionPrincipalType,\n} from \"./contracts/auth-session.contract\";\nimport type { JsonObject } from \"./types\";\n\nexport type LucernSdkAuthFailureReason =\n | \"principal_missing\"\n | \"tenant_missing\"\n | \"membership_missing\"\n | \"workspace_missing\"\n | \"clerk_alias_missing\"\n | \"clerk_alias_unrecognized\"\n | \"policy_denied\"\n | \"policy_unavailable\"\n | \"policy_unknown\";\n\nexport type PermitReadyAuthContext = {\n subject: string;\n tenant: string;\n workspace: string;\n resource?: string;\n action?: string;\n relation?: string;\n context?: JsonObject;\n};\n\nexport type LucernSdkAuthPolicyDecision = \"allow\" | \"deny\" | \"unknown\";\n\nexport type LucernSdkAuthContextInput = {\n clerkId?: string;\n principalId?: string;\n tenantId?: string;\n workspaceId?: string | null;\n principalType?: SessionPrincipalType;\n authMode?: SessionAuthMode;\n roles?: readonly string[];\n scopes?: readonly string[];\n delegationChain?: readonly SessionDelegationHop[];\n policyTraceId?: string;\n correlationId?: string;\n membershipId?: string;\n policyDecision?: LucernSdkAuthPolicyDecision;\n permit?: Partial<PermitReadyAuthContext>;\n};\n\nexport type CanonicalLucernSdkAuthContext = {\n clerkId?: string;\n principalId: string;\n tenantId: string;\n workspaceId: string;\n principalType: SessionPrincipalType;\n authMode: SessionAuthMode;\n roles: string[];\n scopes: string[];\n delegationChain: SessionDelegationHop[];\n policyTraceId?: string;\n correlationId?: string;\n membershipId?: string;\n permit: PermitReadyAuthContext;\n};\n\nexport class LucernSdkAuthContextError extends Error {\n readonly reason: LucernSdkAuthFailureReason;\n\n constructor(reason: LucernSdkAuthFailureReason, message: string) {\n super(message);\n this.name = \"LucernSdkAuthContextError\";\n this.reason = reason;\n }\n}\n\nfunction cleanString(value: string | null | undefined): string | undefined {\n const normalized = value?.trim();\n return normalized ? normalized : undefined;\n}\n\nfunction cleanStringList(values: readonly string[] | undefined): string[] {\n if (!values) {\n return [];\n }\n return values\n .map((value) => value.trim())\n .filter(\n (value, index, list) =>\n value.length > 0 && list.indexOf(value) === index\n );\n}\n\nfunction requireString(\n value: string | null | undefined,\n reason: LucernSdkAuthFailureReason,\n label: string\n): string {\n const normalized = cleanString(value);\n if (!normalized) {\n throw new LucernSdkAuthContextError(\n reason,\n `Canonical Lucern SDK auth context is missing ${label}.`\n );\n }\n return normalized;\n}\n\nfunction requirePrincipalType(\n principalType: SessionPrincipalType | undefined\n): SessionPrincipalType {\n if (!principalType) {\n throw new LucernSdkAuthContextError(\n \"principal_missing\",\n \"Canonical Lucern SDK auth context is missing principalType.\"\n );\n }\n return principalType;\n}\n\nfunction requireAuthMode(authMode: SessionAuthMode | undefined): SessionAuthMode {\n if (!authMode) {\n throw new LucernSdkAuthContextError(\n \"principal_missing\",\n \"Canonical Lucern SDK auth context is missing authMode.\"\n );\n }\n return authMode;\n}\n\nfunction ensurePermitMatch(args: {\n field: keyof PermitReadyAuthContext;\n expected: string;\n actual?: string;\n}) {\n const actual = cleanString(args.actual);\n if (actual && actual !== args.expected) {\n throw new LucernSdkAuthContextError(\n \"policy_denied\",\n `Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`\n );\n }\n}\n\nexport function normalizeCanonicalLucernAuthContext(\n input: LucernSdkAuthContextInput | undefined\n): CanonicalLucernSdkAuthContext {\n if (!input) {\n throw new LucernSdkAuthContextError(\n \"principal_missing\",\n \"Canonical Lucern SDK auth context is required.\"\n );\n }\n\n if (input.policyDecision === \"deny\") {\n throw new LucernSdkAuthContextError(\n \"policy_denied\",\n \"Canonical Lucern SDK auth context carries a denied policy decision.\"\n );\n }\n\n const principalId = requireString(\n input.principalId,\n \"principal_missing\",\n \"principalId\"\n );\n const tenantId = requireString(input.tenantId, \"tenant_missing\", \"tenantId\");\n const workspaceId = requireString(\n input.workspaceId,\n \"workspace_missing\",\n \"workspaceId\"\n );\n const roles = cleanStringList(input.roles);\n const scopes = cleanStringList(input.scopes);\n const principalType = requirePrincipalType(input.principalType);\n const authMode = requireAuthMode(input.authMode);\n const roleBasedInteractiveAuth =\n authMode === \"interactive_user\" && roles.length > 0;\n if (\n roles.length === 0 ||\n (scopes.length === 0 && !roleBasedInteractiveAuth)\n ) {\n throw new LucernSdkAuthContextError(\n \"membership_missing\",\n \"Canonical Lucern SDK auth context requires non-empty roles and scopes.\"\n );\n }\n\n const subject = cleanString(input.permit?.subject) ?? principalId;\n const tenant = cleanString(input.permit?.tenant) ?? tenantId;\n const workspace = cleanString(input.permit?.workspace) ?? workspaceId;\n\n ensurePermitMatch({\n field: \"subject\",\n expected: principalId,\n actual: subject,\n });\n ensurePermitMatch({ field: \"tenant\", expected: tenantId, actual: tenant });\n ensurePermitMatch({\n field: \"workspace\",\n expected: workspaceId,\n actual: workspace,\n });\n\n const context = input.permit?.context\n ? ({ ...input.permit.context } as JsonObject)\n : undefined;\n\n return {\n clerkId: cleanString(input.clerkId),\n principalId,\n tenantId,\n workspaceId,\n principalType,\n authMode,\n roles,\n scopes,\n delegationChain: input.delegationChain ? [...input.delegationChain] : [],\n policyTraceId: cleanString(input.policyTraceId),\n correlationId: cleanString(input.correlationId),\n membershipId: cleanString(input.membershipId),\n permit: {\n subject,\n tenant,\n workspace,\n resource: cleanString(input.permit?.resource),\n action: cleanString(input.permit?.action),\n relation: cleanString(input.permit?.relation),\n context,\n },\n };\n}\n\nexport function createCanonicalAuthHeaders(\n authContext: CanonicalLucernSdkAuthContext\n): Record<string, string> {\n const headers: Record<string, string> = {\n \"x-lucern-principal-id\": authContext.principalId,\n \"x-lucern-principal-type\": authContext.principalType,\n \"x-lucern-tenant\": authContext.tenantId,\n \"x-lucern-tenant-id\": authContext.tenantId,\n \"x-lucern-workspace\": authContext.workspaceId,\n \"x-lucern-workspace-id\": authContext.workspaceId,\n \"x-lucern-auth-mode\": authContext.authMode,\n \"x-lucern-roles\": authContext.roles.join(\",\"),\n \"x-lucern-scopes\": authContext.scopes.join(\",\"),\n \"x-lucern-permit-context\": JSON.stringify(authContext.permit),\n };\n\n if (authContext.clerkId) {\n headers[\"x-lucern-clerk-id\"] = authContext.clerkId;\n headers[\"x-lucern-user-id\"] = authContext.clerkId;\n }\n if (authContext.delegationChain.length > 0) {\n headers[\"x-lucern-delegation-chain\"] = JSON.stringify(\n authContext.delegationChain\n );\n }\n if (authContext.policyTraceId) {\n headers[\"x-lucern-policy-trace-id\"] = authContext.policyTraceId;\n }\n if (authContext.correlationId) {\n headers[\"x-correlation-id\"] = authContext.correlationId;\n headers[\"x-lucern-correlation-id\"] = authContext.correlationId;\n }\n if (authContext.membershipId) {\n headers[\"x-lucern-membership-id\"] = authContext.membershipId;\n }\n\n return headers;\n}\n","import {\n createTelemetryExporterFromEnv,\n emitTelemetrySignal,\n type LucernTelemetryExporter,\n} from \"@lucern/transport-core\";\nimport { redactDiagnosticValue } from \"@lucern/transport-core/redaction\";\nimport { classifyRetry } from \"@lucern/transport-core/transport\";\nimport { Cause, Effect, Exit } from \"effect\";\n\nimport {\n createCanonicalAuthHeaders,\n LucernSdkAuthContextError,\n normalizeCanonicalLucernAuthContext,\n type LucernSdkAuthContextInput,\n} from \"./authContext\";\nimport type { JsonObject, JsonValue } from \"./types\";\n\n/** Tenant and workspace identifiers used to scope gateway requests. */\nexport type GatewayScope = {\n tenantId?: string;\n workspaceId?: string;\n};\n\ntype GatewayEnvironment = {\n get: (name: string) => string | undefined;\n};\n\ntype GatewayRequestProfile = {\n readonly maxRetries: number;\n readonly timeoutMs: number;\n readonly timeoutMsByMethod?: Partial<Record<GatewayHttpMethod, number>>;\n readonly requestIdFactory: () => string;\n};\n\ntype GatewayRuntimeServices = {\n fetch: FetchLike;\n now: () => number;\n sleep: (ms: number) => Promise<void>;\n env: GatewayEnvironment;\n redaction: <T>(value: T) => T;\n profile: GatewayRequestProfile;\n};\n\nconst DEFAULT_GATEWAY_TIMEOUT_MS = 15_000;\nconst DEFAULT_GATEWAY_MAX_RETRIES = 2;\nconst DEFAULT_ENV_TIMEOUT_MS = \"LUCERN_REQUEST_TIMEOUT_MS\";\nconst DEFAULT_ENV_MAX_RETRIES = \"LUCERN_GATEWAY_MAX_RETRIES\";\nconst ENV_TIMEOUT_BY_METHOD_PREFIX = \"LUCERN_REQUEST_TIMEOUT_MS_\";\n\n/** Successful response envelope from the platform gateway with correlation metadata. */\nexport type PlatformGatewaySuccess<T> = {\n success: true;\n data: T;\n correlationId: string;\n policyTraceId: string | null;\n idempotentReplay: boolean;\n};\n\n/** Failed response envelope with structured error codes and optional invariant references. */\nexport type PlatformGatewayFailure = {\n success: false;\n /**\n * Error string is the canonical envelope field.\n * Object form is legacy-only compatibility for older gateway responses.\n */\n error:\n | string\n | {\n code: string;\n message: string;\n details?: JsonValue;\n };\n code?: string;\n invariant?: string | null;\n suggestion?: string | null;\n details?: JsonValue;\n legacyError?: {\n code: string;\n message: string;\n details?: JsonValue;\n };\n correlationId: string;\n policyTraceId: string | null;\n};\n\n/** Discriminated union of success and failure gateway responses. */\nexport type PlatformGatewayEnvelope<T> =\n | PlatformGatewaySuccess<T>\n | PlatformGatewayFailure;\n\nexport class GatewayTimeoutError extends Error {\n public readonly retryable = true;\n public readonly timeoutMs: number;\n\n constructor(timeoutMs: number) {\n super(`Request timed out after ${timeoutMs}ms`);\n this.name = \"AbortError\";\n this.timeoutMs = timeoutMs;\n }\n}\n\nexport class GatewayTransportError extends Error {\n public readonly retryable: boolean;\n public readonly cause?: unknown;\n\n constructor(message: string, options?: { cause?: unknown; retryable?: boolean }) {\n super(message);\n this.name = \"GatewayTransportError\";\n this.retryable = options?.retryable ?? true;\n this.cause = options?.cause;\n }\n}\n\nexport type GatewayRecoverableError =\n | GatewayTimeoutError\n | GatewayTransportError;\n\nexport function isGatewayRecoverableError(\n error: unknown,\n): error is GatewayRecoverableError {\n return error instanceof GatewayTimeoutError || error instanceof GatewayTransportError;\n}\n\nexport function isGatewayRetryableError(error: unknown): boolean {\n return (\n (error instanceof GatewayTimeoutError && error.retryable) ||\n (error instanceof GatewayTransportError && error.retryable) ||\n false\n );\n}\n\n/**\n * Structured error thrown when a platform API request fails.\n *\n * Includes HTTP status, machine-readable error code, optional invariant\n * reference, and actionable suggestions for common failure modes.\n */\nexport class LucernApiError extends Error {\n public readonly code: string;\n public readonly status: number;\n public readonly invariant?: string | null;\n public readonly suggestion?: string | null;\n public readonly details?: JsonValue;\n public readonly requestId?: string;\n public readonly correlationId?: string;\n public readonly policyTraceId?: string | null;\n\n constructor(args: {\n code: string;\n message: string;\n status: number;\n invariant?: string | null;\n suggestion?: string | null;\n details?: JsonValue;\n requestId?: string;\n correlationId?: string;\n policyTraceId?: string | null;\n }) {\n super(args.message);\n this.name = \"LucernApiError\";\n this.code = args.code;\n this.status = args.status;\n this.invariant = args.invariant;\n this.suggestion = args.suggestion;\n this.details = args.details;\n this.requestId = args.requestId;\n this.correlationId = args.correlationId;\n this.policyTraceId = args.policyTraceId;\n }\n}\n\n/** Supported HTTP methods for gateway requests. */\nexport type GatewayHttpMethod = \"GET\" | \"POST\" | \"PUT\" | \"PATCH\" | \"DELETE\";\n\ntype FetchLike = (\n input: RequestInfo | URL,\n init?: RequestInit\n) => Promise<Response>;\n\ntype JsonParseAttempt =\n | { ok: true; value: unknown }\n | { ok: false; reason: \"non-json\" | \"invalid-json\"; error?: SyntaxError };\n\n/** Context passed to the `onRequest` hook before each gateway request attempt. */\nexport type GatewayRequestHookContext = {\n requestId: string;\n attempt: number;\n maxRetries: number;\n method: GatewayHttpMethod;\n path: string;\n url: string;\n headers: Headers;\n body?: string;\n timeoutMs: number;\n};\n\n/** Context passed to the `onResponse` hook after each gateway request attempt (including retries and failures). */\nexport type GatewayResponseHookContext = GatewayRequestHookContext & {\n durationMs: number;\n status?: number;\n response?: Response;\n error?: unknown;\n correlationId?: string;\n policyTraceId?: string | null;\n idempotentReplay?: boolean;\n retryAfterMs?: number | null;\n willRetry: boolean;\n};\n\nexport type GatewayClientEnvironment = \"sandbox\" | \"production\";\n\n/**\n * Low-level transport configuration for the platform gateway client.\n *\n * Most developers should use {@link createLucernClient} instead, which wraps\n * this config with higher-level conveniences like `apiKey` and `environment`.\n */\nexport type GatewayClientConfig = {\n baseUrl?: string;\n fetchImpl?: FetchLike;\n /** Lucern tenant API key or service API key. Sent as `x-lucern-key`. */\n apiKey?: string;\n /**\n * Lucern platform session token. This is not a Clerk JWT.\n * Server-side tenant proxies should normally send `apiKey` plus `clerkId`.\n */\n userToken?: string;\n /** Gateway environment label for legacy sandbox/production routing. */\n environment?: GatewayClientEnvironment;\n /** Clerk subject for the current end user. */\n clerkId?: string;\n /** Optional explicit user subject. Defaults to `clerkId` when omitted. */\n userId?: string;\n /** Optional deployment host hint for front-door routing. */\n deploymentHost?: string;\n getAuthHeaders?:\n | (() => Promise<Record<string, string>>)\n | (() => Record<string, string>);\n /**\n * Canonical Master Control identity tuple applied to every SDK request.\n * Use this for tenant/workspace-scoped graph and identity operations.\n */\n authContext?:\n | LucernSdkAuthContextInput\n | (() => Promise<LucernSdkAuthContextInput | undefined>)\n | (() => LucernSdkAuthContextInput | undefined);\n /** When true, requests fail before fetch if `authContext` is absent. */\n requireCanonicalAuthContext?: boolean;\n /** Max retries for transient errors (5xx, network). Defaults to 2. */\n maxRetries?: number;\n /** Request timeout in ms. Defaults to 15000. */\n timeoutMs?: number;\n /** Optional timeout overrides by HTTP method. */\n timeoutMsByMethod?: Partial<Record<GatewayHttpMethod, number>>;\n /** Optional request ID factory used for correlation headers. */\n requestIdFactory?: () => string;\n /**\n * Optional operational telemetry sink. When omitted, the SDK resolves an\n * Axiom exporter from Infisical-injected environment variables if present.\n */\n telemetryExporter?: LucernTelemetryExporter | null;\n /** Set false to disable SDK operational telemetry even when env is present. */\n telemetryEnabled?: boolean;\n /** Invoked before each request attempt, including retries. */\n onRequest?:\n | ((context: GatewayRequestHookContext) => void)\n | ((context: GatewayRequestHookContext) => Promise<void>);\n /** Invoked after each request attempt, including retries and failures. */\n onResponse?:\n | ((context: GatewayResponseHookContext) => void)\n | ((context: GatewayResponseHookContext) => Promise<void>);\n};\n\n/**\n * Serialize a gateway query object into a URL query string.\n */\nexport function toQueryString(\n scope: GatewayScope & Record<string, string | number | boolean | undefined>\n): string {\n const params = new URLSearchParams();\n if (scope.tenantId) {\n params.set(\"tenantId\", scope.tenantId);\n }\n if (scope.workspaceId) {\n params.set(\"workspaceId\", scope.workspaceId);\n }\n for (const [key, value] of Object.entries(scope)) {\n if (key === \"tenantId\" || key === \"workspaceId\") {\n continue;\n }\n if (value === undefined) {\n continue;\n }\n params.set(key, String(value));\n }\n const serialized = params.toString();\n return serialized.length > 0 ? `?${serialized}` : \"\";\n}\n\nfunction fillRandomBytes(length: number): Uint8Array {\n const bytes = new Uint8Array(length);\n if (typeof globalThis.crypto?.getRandomValues === \"function\") {\n globalThis.crypto.getRandomValues(bytes);\n return bytes;\n }\n\n for (let index = 0; index < length; index += 1) {\n bytes[index] = Math.floor(Math.random() * 256);\n }\n return bytes;\n}\n\nfunction generatePortableRequestId(): string {\n if (typeof globalThis.crypto?.randomUUID === \"function\") {\n return globalThis.crypto.randomUUID();\n }\n\n const bytes = fillRandomBytes(16);\n bytes[6] = (bytes[6] & 0x0f) | 0x40;\n bytes[8] = (bytes[8] & 0x3f) | 0x80;\n const hex = Array.from(bytes, (value) => value.toString(16).padStart(2, \"0\"));\n return `${hex.slice(0, 4).join(\"\")}-${hex.slice(4, 6).join(\"\")}-${hex.slice(\n 6,\n 8\n ).join(\"\")}-${hex.slice(8, 10).join(\"\")}-${hex.slice(10).join(\"\")}`;\n}\n\nfunction resolveEnvironment(): GatewayEnvironment {\n const processEnv =\n typeof globalThis === \"object\" &&\n globalThis !== null &&\n \"process\" in globalThis\n ? (globalThis as { process?: { env?: Record<string, string> } }).process\n : undefined;\n const env =\n processEnv !== undefined &&\n typeof processEnv === \"object\" &&\n processEnv !== null &&\n typeof processEnv.env === \"object\"\n ? processEnv.env\n : undefined;\n\n return {\n get: (name) => {\n const value = env?.[name];\n return typeof value === \"string\" && value.length > 0 ? value : undefined;\n },\n };\n}\n\nfunction telemetryEnvironmentRecord(\n environment: GatewayEnvironment,\n): Record<string, string | undefined> {\n const names = [\n \"LUCERN_TELEMETRY_ENABLED\",\n \"AXIOM_TELEMETRY_ENABLED\",\n \"LUCERN_AXIOM_TOKEN\",\n \"AXIOM_TOKEN\",\n \"LUCERN_AXIOM_EVENTS_DATASET\",\n \"LUCERN_AXIOM_DATASET\",\n \"AXIOM_EVENTS_DATASET\",\n \"AXIOM_DATASET\",\n \"LUCERN_AXIOM_API_URL\",\n \"AXIOM_URL\",\n \"LUCERN_ENVIRONMENT\",\n \"NODE_ENV\",\n \"LUCERN_RELEASE\",\n \"SENTRY_RELEASE\",\n \"VERCEL_GIT_COMMIT_SHA\",\n ];\n return Object.fromEntries(\n names.map((name) => [name, environment.get(name)]),\n );\n}\n\nfunction resolveRequestProfile(\n config: Pick<\n GatewayClientConfig,\n \"maxRetries\" | \"timeoutMs\" | \"timeoutMsByMethod\" | \"requestIdFactory\"\n >,\n environment: GatewayEnvironment,\n): GatewayRequestProfile {\n const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());\n const parsedMaxRetries = parseIntegerFromString(\n config.maxRetries,\n environment.get(DEFAULT_ENV_MAX_RETRIES),\n );\n const parsedTimeoutMs = parseIntegerFromString(\n config.timeoutMs,\n environment.get(DEFAULT_ENV_TIMEOUT_MS),\n );\n\n const methodTimeouts: Partial<Record<GatewayHttpMethod, number>> = {\n ...config.timeoutMsByMethod,\n };\n for (const method of [\"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\"] as const) {\n const envKey = `${ENV_TIMEOUT_BY_METHOD_PREFIX}${method}`;\n const raw = environment.get(envKey);\n if (!raw || methodTimeouts[method] !== undefined) {\n continue;\n }\n const parsed = parseIntegerFromString(undefined, raw);\n if (typeof parsed === \"number\") {\n methodTimeouts[method] = parsed;\n }\n }\n\n return {\n maxRetries: parsedMaxRetries ?? DEFAULT_GATEWAY_MAX_RETRIES,\n timeoutMs: parsedTimeoutMs ?? DEFAULT_GATEWAY_TIMEOUT_MS,\n timeoutMsByMethod: methodTimeouts,\n requestIdFactory,\n };\n}\n\nfunction createGatewayRuntime(\n config: GatewayClientConfig,\n environment: GatewayEnvironment,\n): GatewayRuntimeServices {\n return {\n fetch: config.fetchImpl ?? fetch,\n now: () => Date.now(),\n sleep: (ms) => delay(ms),\n env: environment,\n redaction: resolveRequestRedactionValue,\n profile: resolveRequestProfile(config, environment),\n };\n}\n\nfunction parseIntegerFromString(\n value?: number,\n rawValue?: string,\n): number | undefined {\n if (typeof value === \"number\" && Number.isInteger(value) && value >= 0) {\n return value;\n }\n\n if (typeof rawValue !== \"string\" || !rawValue.trim()) {\n return undefined;\n }\n\n const parsed = Number.parseInt(rawValue, 10);\n return Number.isInteger(parsed) && parsed >= 0 ? parsed : undefined;\n}\n\nfunction resolveRequestRedactionValue<T>(value: T): T {\n return redactDiagnosticValue(value) as T;\n}\n\nfunction resolveGatewayBaseUrl(\n configBaseUrl: string | undefined,\n environment: GatewayEnvironment,\n): string {\n const envBaseUrl =\n environment.get(\"LUCERN_API_URL\") ??\n environment.get(\"LUCERN_BASE_URL\") ??\n environment.get(\"LUCERN_GATEWAY_BASE_URL\");\n\n return (configBaseUrl ?? envBaseUrl ?? \"\").replace(/\\/+$/, \"\");\n}\n\nfunction normalizeGatewayEnvironment(value: GatewayClientEnvironment | undefined):\n | GatewayClientEnvironment\n | undefined {\n return value === \"sandbox\" || value === \"production\" ? value : undefined;\n}\n\n/**\n * Generate a random idempotency key for retry-safe writes.\n */\nexport const randomIdempotencyKey = generatePortableRequestId;\n\nfunction fallbackErrorCode(status: number): string {\n if (status === 401) {\n return \"AUTHENTICATION_REQUIRED\";\n }\n if (status === 403) {\n return \"FORBIDDEN\";\n }\n if (status === 404) {\n return \"NOT_FOUND\";\n }\n if (status === 408) {\n return \"UPSTREAM_ERROR\";\n }\n if (status === 409) {\n return \"CONFLICT\";\n }\n if (status === 429) {\n return \"RATE_LIMIT_EXCEEDED\";\n }\n if (status >= 500) {\n return \"UPSTREAM_ERROR\";\n }\n return \"INTERNAL_ERROR\";\n}\n\nfunction delay(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\nfunction computeRetryDelayMs(args: {\n attempt: number;\n status?: number;\n retryAfterMs?: number | null;\n}): number {\n const baseDelay =\n args.status === 429\n ? Math.max(\n args.retryAfterMs ?? 0,\n Math.min(1000 * 2 ** args.attempt, 10_000)\n )\n : Math.min(1000 * 2 ** args.attempt, 4000);\n\n if (args.status !== 429) {\n return baseDelay;\n }\n\n const jitterWindow = Math.max(250, Math.round(baseDelay * 0.25));\n return baseDelay + Math.round(Math.random() * jitterWindow);\n}\n\nfunction classifyGatewayErrorForRetry(error: unknown): boolean {\n return isGatewayRetryableError(error) || classifyRetry({ error }).retryable;\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return value !== null && typeof value === \"object\" && !Array.isArray(value);\n}\n\nfunction readPolicySummaryFromDetails(details?: JsonValue): string | null {\n if (!isRecord(details)) {\n return null;\n }\n\n const directSummary = details.summary;\n if (typeof directSummary === \"string\" && directSummary.trim().length > 0) {\n return directSummary.trim();\n }\n\n const policy = details.policy;\n if (!isRecord(policy)) {\n return null;\n }\n\n const explanation = policy.explanation;\n if (!isRecord(explanation)) {\n return null;\n }\n\n const nestedSummary = explanation.summary;\n if (typeof nestedSummary === \"string\" && nestedSummary.trim().length > 0) {\n return nestedSummary.trim();\n }\n\n return null;\n}\n\nfunction redactJsonDiagnosticValue(value: JsonValue | undefined): JsonValue | undefined {\n return value === undefined\n ? undefined\n : (redactDiagnosticValue(value) as JsonValue);\n}\n\nasync function resolveConfiguredAuthContext(\n authContext: GatewayClientConfig[\"authContext\"]\n): Promise<LucernSdkAuthContextInput | undefined> {\n if (typeof authContext === \"function\") {\n return await authContext();\n }\n return authContext;\n}\n\nfunction mergeHeaderRecord(\n base: Record<string, string>,\n addition: Record<string, string>\n): Record<string, string> {\n const headers = new Headers(base);\n for (const [key, value] of Object.entries(addition)) {\n const existing = headers.get(key);\n if (existing !== null && existing !== value) {\n throw new LucernSdkAuthContextError(\n \"policy_denied\",\n `Canonical Lucern SDK auth context conflicts with existing ${key} header.`\n );\n }\n headers.set(key, value);\n }\n return Object.fromEntries(headers.entries());\n}\n\nfunction cleanHeaderValue(value: string | null | undefined): string | undefined {\n const normalized = value?.trim();\n return normalized ? normalized : undefined;\n}\n\n/**\n * Create the transport client used by all SDK modules.\n */\nexport function createGatewayRequestClient(config: GatewayClientConfig = {}) {\n const env = resolveEnvironment();\n const runtime = createGatewayRuntime(config, env);\n const baseUrl = resolveGatewayBaseUrl(config.baseUrl, env);\n const maxRetries = runtime.profile.maxRetries;\n const requestIdFactory = runtime.profile.requestIdFactory;\n const requestTimeoutByMethod = runtime.profile.timeoutMsByMethod;\n const defaultRequestTimeoutMs = runtime.profile.timeoutMs;\n const normalizedEnvironment = normalizeGatewayEnvironment(config.environment);\n const telemetryExporter =\n config.telemetryEnabled === false\n ? null\n : (config.telemetryExporter ??\n createTelemetryExporterFromEnv(telemetryEnvironmentRecord(env), {\n service: \"lucern-sdk\",\n environment: normalizedEnvironment,\n }));\n\n async function resolveAuthHeaders(): Promise<Record<string, string>> {\n const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};\n const headers = new Headers(provided);\n const setIfAbsent = (name: string, value: string | undefined) => {\n const normalized = cleanHeaderValue(value);\n if (normalized && !headers.has(name)) {\n headers.set(name, normalized);\n }\n };\n\n setIfAbsent(\"x-lucern-key\", config.apiKey);\n setIfAbsent(\"x-lucern-session-token\", config.userToken);\n setIfAbsent(\"x-lucern-environment\", normalizedEnvironment);\n setIfAbsent(\"x-lucern-clerk-id\", config.clerkId);\n setIfAbsent(\"x-lucern-user-id\", config.userId ?? config.clerkId);\n setIfAbsent(\"x-lucern-deployment-host\", config.deploymentHost);\n\n const base = Object.fromEntries(headers.entries());\n const authContextInput = await resolveConfiguredAuthContext(\n config.authContext\n );\n if (!authContextInput && !config.requireCanonicalAuthContext) {\n return base;\n }\n const authContext = normalizeCanonicalLucernAuthContext(authContextInput);\n return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));\n }\n\n async function fetchWithTimeout(\n url: string,\n init: RequestInit,\n timeoutMs: number\n ): Promise<Response> {\n const normalizeTransportError = (\n error: unknown,\n isTimeout: boolean,\n ): GatewayRecoverableError => {\n if (isTimeout) {\n return new GatewayTimeoutError(timeoutMs);\n }\n return error instanceof GatewayTimeoutError ||\n error instanceof GatewayTransportError\n ? error\n : new GatewayTransportError(\n error instanceof Error ? error.message : \"Gateway transport error\",\n {\n cause: error,\n retryable: classifyGatewayErrorForRetry(error),\n }\n );\n };\n\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), timeoutMs);\n const requestEffect = Effect.tryPromise({\n try: () => runtime.fetch(url, { ...init, signal: controller.signal }),\n catch: (error) => normalizeTransportError(error, controller.signal.aborted),\n });\n try {\n const exit = await Effect.runPromiseExit(requestEffect);\n if (Exit.isSuccess(exit)) {\n return exit.value;\n }\n const failure = Array.from(Cause.failures(exit.cause))[0];\n if (failure !== undefined) {\n throw failure;\n }\n throw Cause.squash(exit.cause);\n } finally {\n clearTimeout(timer);\n }\n }\n\n async function emitSdkResponseTelemetry(\n context: GatewayResponseHookContext,\n ): Promise<void> {\n const retry = classifyRetry({\n status: context.status,\n error: context.error,\n retryAfter:\n context.retryAfterMs !== null && context.retryAfterMs !== undefined\n ? String(context.retryAfterMs / 1000)\n : undefined,\n });\n await emitTelemetrySignal(telemetryExporter, {\n signalType: \"trace\",\n surface: \"sdk-retry\",\n eventName: context.willRetry\n ? \"sdk.retry\"\n : context.error\n ? \"sdk.request.error\"\n : \"sdk.request.complete\",\n severity: context.error ? (context.willRetry ? \"warn\" : \"error\") : \"info\",\n durationMs: context.durationMs,\n metricName: \"sdk.request.duration_ms\",\n metricValue: context.durationMs,\n correlationId: context.correlationId ?? context.requestId,\n policyTraceId: context.policyTraceId ?? null,\n tenantId:\n context.headers.get(\"x-lucern-tenant-id\") ??\n context.headers.get(\"x-lucern-tenant\") ??\n undefined,\n workspaceId:\n context.headers.get(\"x-lucern-workspace-id\") ??\n context.headers.get(\"x-lucern-workspace\") ??\n undefined,\n attributes: {\n service: \"lucern-sdk\",\n operation: \"gateway.request\",\n path: context.path,\n httpMethod: context.method,\n httpStatus: context.status,\n attempt: context.attempt,\n maxRetries: context.maxRetries,\n retryReason: retry.reason,\n retryAfterMs: context.retryAfterMs ?? retry.retryAfterMs,\n willRetry: context.willRetry,\n retryable: retry.retryable,\n errorName:\n context.error instanceof Error ? context.error.name : undefined,\n errorMessage:\n context.error instanceof Error ? context.error.message : undefined,\n },\n });\n }\n\n async function parsePayload<T>(\n response: Response\n ): Promise<PlatformGatewayEnvelope<T> | null> {\n const text = await response.text();\n if (!text) {\n return null;\n }\n const parsed = tryParseGatewayEnvelopeJson(text);\n if (!parsed.ok) {\n return null;\n }\n return isRecord(parsed.value)\n ? (parsed.value as PlatformGatewayEnvelope<T>)\n : null;\n }\n\n function resolveTimeoutMs(\n method: GatewayHttpMethod,\n requestTimeoutMs?: number\n ): number {\n if (typeof requestTimeoutMs === \"number\") {\n return requestTimeoutMs;\n }\n const methodTimeoutMs = requestTimeoutByMethod?.[method];\n if (typeof methodTimeoutMs === \"number\") {\n return methodTimeoutMs;\n }\n return defaultRequestTimeoutMs;\n }\n\n function tryParseGatewayEnvelopeJson(text: string): JsonParseAttempt {\n const trimmed = text.trim();\n if (!trimmed.startsWith(\"{\") && !trimmed.startsWith(\"[\")) {\n return { ok: false, reason: \"non-json\" };\n }\n try {\n return { ok: true, value: JSON.parse(trimmed) };\n } catch (error) {\n if (error instanceof SyntaxError) {\n return { ok: false, reason: \"invalid-json\", error };\n }\n throw error;\n }\n }\n\n function buildApiError(args: {\n requestId: string;\n response: Response;\n failure?: PlatformGatewayFailure | null;\n }): LucernApiError {\n const failure = args.failure;\n const legacyError =\n failure && isRecord(failure.error) ? failure.error : failure?.legacyError;\n const correlationId =\n failure?.correlationId ??\n args.response.headers.get(\"x-lucern-correlation-id\")?.trim() ??\n args.requestId;\n const policyTraceId =\n failure?.policyTraceId ??\n args.response.headers.get(\"x-lucern-policy-trace-id\")?.trim() ??\n null;\n const details = runtime.redaction(\n redactJsonDiagnosticValue(failure?.details ?? legacyError?.details)\n );\n const policySummary = readPolicySummaryFromDetails(details);\n const failureMessage =\n typeof failure?.error === \"string\"\n ? failure.error\n : legacyError?.message;\n\n return new LucernApiError({\n code:\n failure?.code ??\n legacyError?.code ??\n fallbackErrorCode(args.response.status),\n message:\n policySummary ??\n failureMessage ??\n (args.response.ok\n ? \"Platform API returned an invalid success payload.\"\n : \"Platform API request failed.\"),\n status: args.response.status,\n invariant: failure?.invariant,\n suggestion: failure?.suggestion,\n details,\n requestId: args.requestId,\n correlationId,\n policyTraceId,\n });\n }\n\n async function request<T>(args: {\n path: string;\n method?: GatewayHttpMethod;\n body?: JsonObject;\n idempotencyKey?: string;\n requestId?: string;\n timeoutMs?: number;\n }): Promise<PlatformGatewaySuccess<T>> {\n const authHeaders = await resolveAuthHeaders();\n const method = args.method ?? \"GET\";\n const timeoutMs = resolveTimeoutMs(method, args.timeoutMs);\n const headers = new Headers({\n \"content-type\": \"application/json\",\n ...authHeaders,\n });\n if (args.idempotencyKey) {\n headers.set(\"idempotency-key\", args.idempotencyKey);\n }\n const requestId =\n headers.get(\"x-correlation-id\")?.trim() ||\n headers.get(\"x-request-id\")?.trim() ||\n args.requestId ||\n requestIdFactory();\n if (!headers.has(\"x-correlation-id\") && !headers.has(\"x-request-id\")) {\n headers.set(\"x-correlation-id\", requestId);\n }\n\n const url = `${baseUrl}${args.path}`;\n const serializedBody = args.body ? JSON.stringify(args.body) : undefined;\n const init: RequestInit = {\n method,\n headers,\n body: serializedBody,\n };\n\n let lastError: unknown;\n\n for (let attempt = 0; attempt <= maxRetries; attempt++) {\n const hookRequestContext: GatewayRequestHookContext = {\n requestId,\n attempt,\n maxRetries,\n method,\n path: args.path,\n url,\n headers: new Headers(headers),\n body: serializedBody,\n timeoutMs,\n };\n await config.onRequest?.(hookRequestContext);\n const startedAt = Date.now();\n try {\n const response = await fetchWithTimeout(url, init, timeoutMs);\n const responseClone = response.clone();\n const payload = await parsePayload<T>(response);\n const retry = classifyRetry({\n status: response.status,\n retryAfter: response.headers.get(\"Retry-After\"),\n });\n const retryAfterMs = retry.retryAfterMs ?? null;\n\n if (!response.ok || !payload?.success) {\n const failure =\n payload && !payload.success ? (payload as PlatformGatewayFailure) : null;\n const apiError = buildApiError({\n requestId,\n response,\n failure,\n });\n const willRetry = attempt < maxRetries && retry.retryable;\n const responseContext: GatewayResponseHookContext = {\n ...hookRequestContext,\n durationMs: Date.now() - startedAt,\n status: response.status,\n response: responseClone,\n error: apiError,\n correlationId: apiError.correlationId ?? requestId,\n policyTraceId: apiError.policyTraceId ?? null,\n retryAfterMs,\n willRetry,\n };\n\n await config.onResponse?.(responseContext);\n await emitSdkResponseTelemetry(responseContext);\n\n if (willRetry) {\n lastError = apiError;\n await delay(\n computeRetryDelayMs({\n attempt,\n status: response.status,\n retryAfterMs,\n })\n );\n continue;\n }\n\n throw apiError;\n }\n\n const successPayload = payload as PlatformGatewaySuccess<T>;\n const responseContext: GatewayResponseHookContext = {\n ...hookRequestContext,\n durationMs: Date.now() - startedAt,\n status: response.status,\n response: responseClone,\n correlationId:\n successPayload.correlationId ??\n response.headers.get(\"x-lucern-correlation-id\")?.trim() ??\n requestId,\n policyTraceId:\n successPayload.policyTraceId ??\n response.headers.get(\"x-lucern-policy-trace-id\")?.trim() ??\n null,\n idempotentReplay: successPayload.idempotentReplay,\n retryAfterMs,\n willRetry: false,\n };\n await config.onResponse?.(responseContext);\n await emitSdkResponseTelemetry(responseContext);\n\n return successPayload;\n } catch (fetchError) {\n if (fetchError instanceof LucernApiError) {\n throw fetchError;\n }\n const willRetry =\n attempt < maxRetries && classifyGatewayErrorForRetry(fetchError);\n const responseContext: GatewayResponseHookContext = {\n ...hookRequestContext,\n durationMs: Date.now() - startedAt,\n error: fetchError,\n correlationId: requestId,\n policyTraceId: null,\n willRetry,\n };\n await config.onResponse?.(responseContext);\n await emitSdkResponseTelemetry(responseContext);\n lastError = fetchError;\n if (willRetry) {\n await delay(computeRetryDelayMs({ attempt }));\n }\n }\n }\n\n throw lastError instanceof Error\n ? lastError\n : new Error(\"Platform API request failed after retries.\");\n }\n\n return {\n request,\n };\n}\n"]}
@@ -10,6 +10,7 @@ import '../contracts/lens-workflow.contract.js';
10
10
  import '../contracts/lens-filter.contract.js';
11
11
  import '../adminClient.js';
12
12
  import '../coreClient.js';
13
+ import '@lucern/transport-core';
13
14
  import '../authContext.js';
14
15
  import '../contracts/auth-session.contract.js';
15
16
  import '../controlObjectOwnership.js';