@lucern/sdk 1.0.10 → 1.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/README.md +35 -0
- package/dist/.generated +2 -0
- package/dist/accessControl.d.ts +19 -26
- package/dist/accessControl.js +195 -1423
- package/dist/adminClient.d.ts +52 -59
- package/dist/adminClient.js +364 -1142
- package/dist/answersClient.d.ts +5 -14
- package/dist/answersClient.js +19 -737
- package/dist/audience/index.d.ts +18 -18
- package/dist/audience/index.js +87 -90
- package/dist/audiencesClient.d.ts +19 -27
- package/dist/audiencesClient.js +107 -868
- package/dist/auditClient.d.ts +8 -15
- package/dist/auditClient.js +18 -791
- package/dist/authContext.d.ts +11 -16
- package/dist/authContext.js +122 -154
- package/dist/authDeviceClient.d.ts +8 -17
- package/dist/authDeviceClient.js +113 -102
- package/dist/beliefs/index.d.ts +15 -67
- package/dist/beliefs/index.js +17 -10172
- package/dist/beliefs/lifecycle.d.ts +10 -11
- package/dist/beliefs/lifecycle.js +78 -80
- package/dist/beliefsClient.d.ts +26 -32
- package/dist/beliefsClient.js +250 -990
- package/dist/boundaryClientSurface.d.ts +11 -16
- package/dist/boundaryClientSurface.js +49 -68
- package/dist/client.d.ts +73 -112
- package/dist/client.js +232 -10146
- package/dist/clientAssemblyTypes.d.ts +3 -3
- package/dist/clientAssemblyTypes.js +1 -2
- package/dist/clientConfig.d.ts +45 -59
- package/dist/clientConfig.js +1 -2
- package/dist/clientEvidenceCompat.d.ts +7 -14
- package/dist/clientEvidenceCompat.js +50 -64
- package/dist/clientGraphNamespaces.d.ts +3 -5
- package/dist/clientGraphNamespaces.js +170 -245
- package/dist/clientHelpers.d.ts +20 -25
- package/dist/clientHelpers.js +104 -127
- package/dist/clientKnowledgeNamespaces.d.ts +6 -53
- package/dist/clientKnowledgeNamespaces.js +502 -506
- package/dist/clientLocalHelpers.d.ts +11 -56
- package/dist/clientLocalHelpers.js +503 -732
- package/dist/clientPlatformNamespaces.d.ts +14 -53
- package/dist/clientPlatformNamespaces.js +229 -314
- package/dist/clientRuntime.d.ts +5 -53
- package/dist/clientRuntime.js +26 -30
- package/dist/clientWorkflowNamespaces.d.ts +6 -15
- package/dist/clientWorkflowNamespaces.js +529 -596
- package/dist/contextClient.d.ts +9 -17
- package/dist/contextClient.js +92 -805
- package/dist/contextFacade.d.ts +11 -2
- package/dist/contextFacade.js +10 -81
- package/dist/contextPackCompiler.d.ts +10 -11
- package/dist/contextPackCompiler.js +494 -1040
- package/dist/contextPackPolicy.d.ts +14 -15
- package/dist/contextPackPolicy.js +227 -305
- package/dist/contextPackSchema.d.ts +3 -3
- package/dist/contextPackSchema.js +169 -176
- package/dist/contextTypes.d.ts +14 -15
- package/dist/contextTypes.js +1 -2
- package/dist/contracts/api-enums.contract.d.ts +29 -30
- package/dist/contracts/api-enums.contract.js +162 -88
- package/dist/contracts/auth-session.contract.d.ts +13 -14
- package/dist/contracts/auth-session.contract.js +55 -52
- package/dist/contracts/context-pack.contract.d.ts +54 -55
- package/dist/contracts/context-pack.contract.js +160 -88
- package/dist/contracts/contextPack.d.ts +2 -1
- package/dist/contracts/contextPack.js +1 -97
- package/dist/contracts/index.d.ts +11 -12
- package/dist/contracts/index.js +10 -854
- package/dist/contracts/lens-filter.contract.d.ts +9 -10
- package/dist/contracts/lens-filter.contract.js +82 -58
- package/dist/contracts/lens-workflow.contract.d.ts +21 -23
- package/dist/contracts/lens-workflow.contract.js +48 -117
- package/dist/contracts/lensFilter.d.ts +2 -1
- package/dist/contracts/lensFilter.js +1 -71
- package/dist/contracts/lensWorkflow.d.ts +2 -2
- package/dist/contracts/lensWorkflow.js +1 -123
- package/dist/contracts/mcpTools.d.ts +16 -18
- package/dist/contracts/mcpTools.js +89 -123
- package/dist/contracts/prompt.contract.d.ts +4 -5
- package/dist/contracts/prompt.contract.js +23 -10
- package/dist/contracts/prompt.d.ts +2 -1
- package/dist/contracts/prompt.js +1 -11
- package/dist/contracts/sdk-tools.contract.d.ts +2 -1
- package/dist/contracts/sdk-tools.contract.js +1 -2
- package/dist/contracts/sdkTools.d.ts +2 -1
- package/dist/contracts/sdkTools.js +1 -26
- package/dist/contracts/tool-contracts.d.ts +2 -1
- package/dist/contracts/tool-contracts.js +1 -2
- package/dist/contracts/workflow-runtime.contract.d.ts +45 -46
- package/dist/contracts/workflow-runtime.contract.js +241 -228
- package/dist/contracts/workflowRuntime.d.ts +2 -1
- package/dist/contracts/workflowRuntime.js +1 -244
- package/dist/contradictions/index.d.ts +8 -60
- package/dist/contradictions/index.js +11 -10166
- package/dist/control-plane.d.ts +17 -24
- package/dist/control-plane.js +124 -840
- package/dist/controlObjectOwnership.d.ts +19 -20
- package/dist/controlObjectOwnership.js +207 -201
- package/dist/coreClient.d.ts +23 -28
- package/dist/coreClient.js +567 -692
- package/dist/customTools.d.ts +17 -21
- package/dist/customTools.js +221 -221
- package/dist/decisions/index.d.ts +7 -58
- package/dist/decisions/index.js +14 -10168
- package/dist/decisionsClient.d.ts +25 -32
- package/dist/decisionsClient.js +113 -913
- package/dist/domainContext.d.ts +2 -1
- package/dist/domainContext.js +1 -2
- package/dist/edges/index.d.ts +21 -73
- package/dist/edges/index.js +12 -10167
- package/dist/embeddingsClient.d.ts +22 -30
- package/dist/embeddingsClient.js +73 -922
- package/dist/eventingClient.d.ts +23 -31
- package/dist/eventingClient.js +89 -918
- package/dist/events.d.ts +48 -49
- package/dist/events.js +257 -241
- package/dist/eventsCore.d.ts +20 -29
- package/dist/eventsCore.js +86 -830
- package/dist/evidence/index.d.ts +9 -60
- package/dist/evidence/index.js +13 -10167
- package/dist/evidenceClient.d.ts +13 -22
- package/dist/evidenceClient.js +34 -751
- package/dist/facade/context.d.ts +7 -8
- package/dist/facade/context.js +73 -72
- package/dist/functionSurface.d.ts +2 -156
- package/dist/functionSurface.js +1 -1460
- package/dist/functionSurfaceClient.d.ts +2 -9
- package/dist/functionSurfaceClient.js +1 -1460
- package/dist/gatewayFacades.d.ts +79 -296
- package/dist/gatewayFacades.factories.d.ts +209 -14
- package/dist/gatewayFacades.factories.js +561 -2227
- package/dist/gatewayFacades.js +284 -2627
- package/dist/generated/functionSurface.d.ts +149 -0
- package/dist/generated/functionSurface.js +749 -0
- package/dist/graphAnalysisClient.d.ts +41 -49
- package/dist/graphAnalysisClient.js +185 -974
- package/dist/graphClient.d.ts +53 -60
- package/dist/graphClient.js +219 -1090
- package/dist/graphIntel.d.ts +2 -4
- package/dist/graphIntel.js +1 -2
- package/dist/graphIntelligence.d.ts +4 -2
- package/dist/graphIntelligence.js +2 -46
- package/dist/graphRecommendationsClient.d.ts +15 -23
- package/dist/graphRecommendationsClient.js +70 -849
- package/dist/graphStateClassifierClient.d.ts +17 -25
- package/dist/graphStateClassifierClient.js +67 -908
- package/dist/harnessClient.d.ts +40 -47
- package/dist/harnessClient.js +198 -993
- package/dist/identityClient.d.ts +25 -33
- package/dist/identityClient.js +245 -1186
- package/dist/index.d.ts +73 -69
- package/dist/index.js +72 -13304
- package/dist/infisicalRuntime.d.ts +12 -14
- package/dist/infisicalRuntime.js +290 -297
- package/dist/jobsClient.d.ts +24 -32
- package/dist/jobsClient.js +101 -916
- package/dist/learningClient.d.ts +8 -16
- package/dist/learningClient.js +45 -809
- package/dist/lenses/index.d.ts +13 -65
- package/dist/lenses/index.js +11 -10166
- package/dist/mcpClient.d.ts +14 -23
- package/dist/mcpClient.js +115 -856
- package/dist/modelRuntimeClient.d.ts +18 -26
- package/dist/modelRuntimeClient.js +74 -894
- package/dist/nodes/index.d.ts +7 -58
- package/dist/nodes/index.js +14 -10168
- package/dist/ontologies/index.d.ts +21 -73
- package/dist/ontologies/index.js +14 -10169
- package/dist/ontologyClient.d.ts +23 -31
- package/dist/ontologyClient.js +138 -924
- package/dist/ontologyLinksClient.d.ts +16 -24
- package/dist/ontologyLinksClient.js +76 -886
- package/dist/opinion.d.ts +5 -6
- package/dist/opinion.js +21 -25
- package/dist/orgGraphSearchClient.d.ts +19 -27
- package/dist/orgGraphSearchClient.js +89 -857
- package/dist/packRuntime.d.ts +2 -2
- package/dist/packRuntime.js +1 -2
- package/dist/packsClient.d.ts +30 -37
- package/dist/packsClient.js +131 -906
- package/dist/policyClient.d.ts +21 -29
- package/dist/policyClient.js +267 -1026
- package/dist/proof-attestation.json +1 -1
- package/dist/questions/index.d.ts +9 -60
- package/dist/questions/index.js +15 -10169
- package/dist/realtime/index.d.ts +20 -16
- package/dist/realtime/index.js +30 -19
- package/dist/realtime/refs.d.ts +4 -6
- package/dist/realtime/refs.js +12 -7
- package/dist/realtime-refs.d.ts +1 -0
- package/dist/realtime-refs.js +1 -0
- package/dist/realtime.d.ts +1 -0
- package/dist/realtime.js +1 -0
- package/dist/reportsClient.d.ts +10 -19
- package/dist/reportsClient.js +48 -836
- package/dist/schemaClient.d.ts +16 -23
- package/dist/schemaClient.js +62 -832
- package/dist/sdkSurface.d.ts +18 -25
- package/dist/sdkSurface.js +135 -106
- package/dist/secrets.d.ts +2 -1
- package/dist/secrets.js +1 -2
- package/dist/sourcesClient.d.ts +11 -18
- package/dist/sourcesClient.js +18 -741
- package/dist/telemetryClient.d.ts +22 -30
- package/dist/telemetryClient.js +107 -931
- package/dist/toolRegistryClient.d.ts +27 -35
- package/dist/toolRegistryClient.js +116 -954
- package/dist/topics/index.d.ts +13 -64
- package/dist/topics/index.js +15 -10169
- package/dist/topicsClient.d.ts +19 -27
- package/dist/topicsClient.js +106 -894
- package/dist/types.d.ts +84 -87
- package/dist/types.js +1 -2
- package/dist/version.d.ts +2 -3
- package/dist/version.js +2 -5
- package/dist/workflowClient.d.ts +60 -65
- package/dist/workflowClient.js +343 -1219
- package/dist/worktrees/index.d.ts +16 -68
- package/dist/worktrees/index.js +14 -10169
- package/package.json +6 -6
- package/dist/accessControl.js.map +0 -1
- package/dist/adminClient.js.map +0 -1
- package/dist/answersClient.js.map +0 -1
- package/dist/audience/index.js.map +0 -1
- package/dist/audiencesClient.js.map +0 -1
- package/dist/auditClient.js.map +0 -1
- package/dist/authContext.js.map +0 -1
- package/dist/authDeviceClient.js.map +0 -1
- package/dist/beliefs/index.js.map +0 -1
- package/dist/beliefs/lifecycle.js.map +0 -1
- package/dist/beliefsClient.js.map +0 -1
- package/dist/boundaryClientSurface.js.map +0 -1
- package/dist/client.js.map +0 -1
- package/dist/clientAssemblyTypes.js.map +0 -1
- package/dist/clientConfig.js.map +0 -1
- package/dist/clientEvidenceCompat.js.map +0 -1
- package/dist/clientGraphNamespaces.js.map +0 -1
- package/dist/clientHelpers.js.map +0 -1
- package/dist/clientKnowledgeNamespaces.js.map +0 -1
- package/dist/clientLocalHelpers.js.map +0 -1
- package/dist/clientPlatformNamespaces.js.map +0 -1
- package/dist/clientRuntime.js.map +0 -1
- package/dist/clientWorkflowNamespaces.js.map +0 -1
- package/dist/contextClient.js.map +0 -1
- package/dist/contextFacade.js.map +0 -1
- package/dist/contextPackCompiler.js.map +0 -1
- package/dist/contextPackPolicy.js.map +0 -1
- package/dist/contextPackSchema.js.map +0 -1
- package/dist/contextTypes.js.map +0 -1
- package/dist/contracts/api-enums.contract.js.map +0 -1
- package/dist/contracts/auth-session.contract.js.map +0 -1
- package/dist/contracts/context-pack.contract.js.map +0 -1
- package/dist/contracts/contextPack.js.map +0 -1
- package/dist/contracts/index.js.map +0 -1
- package/dist/contracts/lens-filter.contract.js.map +0 -1
- package/dist/contracts/lens-workflow.contract.js.map +0 -1
- package/dist/contracts/lensFilter.js.map +0 -1
- package/dist/contracts/lensWorkflow.js.map +0 -1
- package/dist/contracts/mcpTools.js.map +0 -1
- package/dist/contracts/prompt.contract.js.map +0 -1
- package/dist/contracts/prompt.js.map +0 -1
- package/dist/contracts/sdk-tools.contract.js.map +0 -1
- package/dist/contracts/sdkTools.js.map +0 -1
- package/dist/contracts/tool-contracts.js.map +0 -1
- package/dist/contracts/workflow-runtime.contract.js.map +0 -1
- package/dist/contracts/workflowRuntime.js.map +0 -1
- package/dist/contradictions/index.js.map +0 -1
- package/dist/control-plane.js.map +0 -1
- package/dist/controlObjectOwnership.js.map +0 -1
- package/dist/coreClient.js.map +0 -1
- package/dist/customTools.js.map +0 -1
- package/dist/decisions/index.js.map +0 -1
- package/dist/decisionsClient.js.map +0 -1
- package/dist/domainContext.js.map +0 -1
- package/dist/edges/index.js.map +0 -1
- package/dist/embeddingsClient.js.map +0 -1
- package/dist/eventingClient.js.map +0 -1
- package/dist/events.js.map +0 -1
- package/dist/eventsCore.js.map +0 -1
- package/dist/evidence/index.js.map +0 -1
- package/dist/evidenceClient.js.map +0 -1
- package/dist/facade/context.js.map +0 -1
- package/dist/functionSurface.js.map +0 -1
- package/dist/functionSurfaceClient.js.map +0 -1
- package/dist/gatewayFacades.factories.js.map +0 -1
- package/dist/gatewayFacades.js.map +0 -1
- package/dist/graphAnalysisClient.js.map +0 -1
- package/dist/graphClient.js.map +0 -1
- package/dist/graphIntel.js.map +0 -1
- package/dist/graphIntelligence.js.map +0 -1
- package/dist/graphRecommendationsClient.js.map +0 -1
- package/dist/graphStateClassifierClient.js.map +0 -1
- package/dist/harnessClient.js.map +0 -1
- package/dist/identityClient.js.map +0 -1
- package/dist/index.js.map +0 -1
- package/dist/infisicalRuntime.js.map +0 -1
- package/dist/jobsClient.js.map +0 -1
- package/dist/learningClient.js.map +0 -1
- package/dist/lenses/index.js.map +0 -1
- package/dist/mcpClient.js.map +0 -1
- package/dist/modelRuntimeClient.js.map +0 -1
- package/dist/nodes/index.js.map +0 -1
- package/dist/ontologies/index.js.map +0 -1
- package/dist/ontologyClient.js.map +0 -1
- package/dist/ontologyLinksClient.js.map +0 -1
- package/dist/opinion.js.map +0 -1
- package/dist/orgGraphSearchClient.js.map +0 -1
- package/dist/packRuntime.js.map +0 -1
- package/dist/packsClient.js.map +0 -1
- package/dist/policyClient.js.map +0 -1
- package/dist/questions/index.js.map +0 -1
- package/dist/realtime/index.js.map +0 -1
- package/dist/realtime/refs.js.map +0 -1
- package/dist/reportsClient.js.map +0 -1
- package/dist/schemaClient.js.map +0 -1
- package/dist/sdk-tools.contract-B4c1Zr1o.d.ts +0 -22
- package/dist/sdkSurface.js.map +0 -1
- package/dist/secrets.js.map +0 -1
- package/dist/sourcesClient.js.map +0 -1
- package/dist/telemetryClient.js.map +0 -1
- package/dist/tool-contracts-BUiL9P6z.d.ts +0 -22
- package/dist/toolRegistryClient.js.map +0 -1
- package/dist/topics/index.js.map +0 -1
- package/dist/topicsClient.js.map +0 -1
- package/dist/types.js.map +0 -1
- package/dist/version.js.map +0 -1
- package/dist/workflowClient.js.map +0 -1
- package/dist/worktrees/index.js.map +0 -1
package/dist/auditClient.js
CHANGED
|
@@ -1,795 +1,22 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
constructor(reason, message) {
|
|
12
|
-
super(message);
|
|
13
|
-
this.name = "LucernSdkAuthContextError";
|
|
14
|
-
this.reason = reason;
|
|
15
|
-
}
|
|
16
|
-
};
|
|
17
|
-
function cleanString(value) {
|
|
18
|
-
const normalized = value?.trim();
|
|
19
|
-
return normalized ? normalized : void 0;
|
|
20
|
-
}
|
|
21
|
-
function cleanStringList(values) {
|
|
22
|
-
if (!values) {
|
|
23
|
-
return [];
|
|
24
|
-
}
|
|
25
|
-
return values.map((value) => value.trim()).filter(
|
|
26
|
-
(value, index, list) => value.length > 0 && list.indexOf(value) === index
|
|
27
|
-
);
|
|
28
|
-
}
|
|
29
|
-
function requireString(value, reason, label) {
|
|
30
|
-
const normalized = cleanString(value);
|
|
31
|
-
if (!normalized) {
|
|
32
|
-
throw new LucernSdkAuthContextError(
|
|
33
|
-
reason,
|
|
34
|
-
`Canonical Lucern SDK auth context is missing ${label}.`
|
|
35
|
-
);
|
|
36
|
-
}
|
|
37
|
-
return normalized;
|
|
38
|
-
}
|
|
39
|
-
function requirePrincipalType(principalType) {
|
|
40
|
-
if (!principalType) {
|
|
41
|
-
throw new LucernSdkAuthContextError(
|
|
42
|
-
"principal_missing",
|
|
43
|
-
"Canonical Lucern SDK auth context is missing principalType."
|
|
44
|
-
);
|
|
45
|
-
}
|
|
46
|
-
return principalType;
|
|
47
|
-
}
|
|
48
|
-
function requireAuthMode(authMode) {
|
|
49
|
-
if (!authMode) {
|
|
50
|
-
throw new LucernSdkAuthContextError(
|
|
51
|
-
"principal_missing",
|
|
52
|
-
"Canonical Lucern SDK auth context is missing authMode."
|
|
53
|
-
);
|
|
54
|
-
}
|
|
55
|
-
return authMode;
|
|
56
|
-
}
|
|
57
|
-
function ensurePermitMatch(args) {
|
|
58
|
-
const actual = cleanString(args.actual);
|
|
59
|
-
if (actual && actual !== args.expected) {
|
|
60
|
-
throw new LucernSdkAuthContextError(
|
|
61
|
-
"policy_denied",
|
|
62
|
-
`Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`
|
|
63
|
-
);
|
|
64
|
-
}
|
|
65
|
-
}
|
|
66
|
-
function normalizeCanonicalLucernAuthContext(input) {
|
|
67
|
-
if (!input) {
|
|
68
|
-
throw new LucernSdkAuthContextError(
|
|
69
|
-
"principal_missing",
|
|
70
|
-
"Canonical Lucern SDK auth context is required."
|
|
71
|
-
);
|
|
72
|
-
}
|
|
73
|
-
if (input.policyDecision === "deny") {
|
|
74
|
-
throw new LucernSdkAuthContextError(
|
|
75
|
-
"policy_denied",
|
|
76
|
-
"Canonical Lucern SDK auth context carries a denied policy decision."
|
|
77
|
-
);
|
|
78
|
-
}
|
|
79
|
-
const principalId = requireString(
|
|
80
|
-
input.principalId,
|
|
81
|
-
"principal_missing",
|
|
82
|
-
"principalId"
|
|
83
|
-
);
|
|
84
|
-
const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
|
|
85
|
-
const workspaceId = requireString(
|
|
86
|
-
input.workspaceId,
|
|
87
|
-
"workspace_missing",
|
|
88
|
-
"workspaceId"
|
|
89
|
-
);
|
|
90
|
-
const roles = cleanStringList(input.roles);
|
|
91
|
-
const scopes = cleanStringList(input.scopes);
|
|
92
|
-
const principalType = requirePrincipalType(input.principalType);
|
|
93
|
-
const authMode = requireAuthMode(input.authMode);
|
|
94
|
-
const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
|
|
95
|
-
if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
|
|
96
|
-
throw new LucernSdkAuthContextError(
|
|
97
|
-
"membership_missing",
|
|
98
|
-
"Canonical Lucern SDK auth context requires non-empty roles and scopes."
|
|
99
|
-
);
|
|
100
|
-
}
|
|
101
|
-
const subject = cleanString(input.permit?.subject) ?? principalId;
|
|
102
|
-
const tenant = cleanString(input.permit?.tenant) ?? tenantId;
|
|
103
|
-
const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
|
|
104
|
-
ensurePermitMatch({
|
|
105
|
-
field: "subject",
|
|
106
|
-
expected: principalId,
|
|
107
|
-
actual: subject
|
|
108
|
-
});
|
|
109
|
-
ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
|
|
110
|
-
ensurePermitMatch({
|
|
111
|
-
field: "workspace",
|
|
112
|
-
expected: workspaceId,
|
|
113
|
-
actual: workspace
|
|
114
|
-
});
|
|
115
|
-
const context = input.permit?.context ? { ...input.permit.context } : void 0;
|
|
116
|
-
return {
|
|
117
|
-
clerkId: cleanString(input.clerkId),
|
|
118
|
-
principalId,
|
|
119
|
-
tenantId,
|
|
120
|
-
workspaceId,
|
|
121
|
-
principalType,
|
|
122
|
-
authMode,
|
|
123
|
-
roles,
|
|
124
|
-
scopes,
|
|
125
|
-
delegationChain: input.delegationChain ? [...input.delegationChain] : [],
|
|
126
|
-
policyTraceId: cleanString(input.policyTraceId),
|
|
127
|
-
correlationId: cleanString(input.correlationId),
|
|
128
|
-
membershipId: cleanString(input.membershipId),
|
|
129
|
-
permit: {
|
|
130
|
-
subject,
|
|
131
|
-
tenant,
|
|
132
|
-
workspace,
|
|
133
|
-
resource: cleanString(input.permit?.resource),
|
|
134
|
-
action: cleanString(input.permit?.action),
|
|
135
|
-
relation: cleanString(input.permit?.relation),
|
|
136
|
-
context
|
|
137
|
-
}
|
|
138
|
-
};
|
|
139
|
-
}
|
|
140
|
-
function createCanonicalAuthHeaders(authContext) {
|
|
141
|
-
const headers = {
|
|
142
|
-
"x-lucern-principal-id": authContext.principalId,
|
|
143
|
-
"x-lucern-principal-type": authContext.principalType,
|
|
144
|
-
"x-lucern-tenant": authContext.tenantId,
|
|
145
|
-
"x-lucern-tenant-id": authContext.tenantId,
|
|
146
|
-
"x-lucern-workspace": authContext.workspaceId,
|
|
147
|
-
"x-lucern-workspace-id": authContext.workspaceId,
|
|
148
|
-
"x-lucern-auth-mode": authContext.authMode,
|
|
149
|
-
"x-lucern-roles": authContext.roles.join(","),
|
|
150
|
-
"x-lucern-scopes": authContext.scopes.join(","),
|
|
151
|
-
"x-lucern-permit-context": JSON.stringify(authContext.permit)
|
|
152
|
-
};
|
|
153
|
-
if (authContext.clerkId) {
|
|
154
|
-
headers["x-lucern-clerk-id"] = authContext.clerkId;
|
|
155
|
-
headers["x-lucern-user-id"] = authContext.clerkId;
|
|
156
|
-
}
|
|
157
|
-
if (authContext.delegationChain.length > 0) {
|
|
158
|
-
headers["x-lucern-delegation-chain"] = JSON.stringify(
|
|
159
|
-
authContext.delegationChain
|
|
160
|
-
);
|
|
161
|
-
}
|
|
162
|
-
if (authContext.policyTraceId) {
|
|
163
|
-
headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
|
|
164
|
-
}
|
|
165
|
-
if (authContext.correlationId) {
|
|
166
|
-
headers["x-correlation-id"] = authContext.correlationId;
|
|
167
|
-
headers["x-lucern-correlation-id"] = authContext.correlationId;
|
|
168
|
-
}
|
|
169
|
-
if (authContext.membershipId) {
|
|
170
|
-
headers["x-lucern-membership-id"] = authContext.membershipId;
|
|
171
|
-
}
|
|
172
|
-
return headers;
|
|
173
|
-
}
|
|
174
|
-
|
|
175
|
-
// src/coreClient.ts
|
|
176
|
-
var DEFAULT_GATEWAY_TIMEOUT_MS = 15e3;
|
|
177
|
-
var DEFAULT_GATEWAY_MAX_RETRIES = 2;
|
|
178
|
-
var DEFAULT_ENV_TIMEOUT_MS = "LUCERN_REQUEST_TIMEOUT_MS";
|
|
179
|
-
var DEFAULT_ENV_MAX_RETRIES = "LUCERN_GATEWAY_MAX_RETRIES";
|
|
180
|
-
var ENV_TIMEOUT_BY_METHOD_PREFIX = "LUCERN_REQUEST_TIMEOUT_MS_";
|
|
181
|
-
var GatewayTimeoutError = class extends Error {
|
|
182
|
-
retryable = true;
|
|
183
|
-
timeoutMs;
|
|
184
|
-
constructor(timeoutMs) {
|
|
185
|
-
super(`Request timed out after ${timeoutMs}ms`);
|
|
186
|
-
this.name = "AbortError";
|
|
187
|
-
this.timeoutMs = timeoutMs;
|
|
188
|
-
}
|
|
189
|
-
};
|
|
190
|
-
var GatewayTransportError = class extends Error {
|
|
191
|
-
retryable;
|
|
192
|
-
cause;
|
|
193
|
-
constructor(message, options) {
|
|
194
|
-
super(message);
|
|
195
|
-
this.name = "GatewayTransportError";
|
|
196
|
-
this.retryable = options?.retryable ?? true;
|
|
197
|
-
this.cause = options?.cause;
|
|
198
|
-
}
|
|
199
|
-
};
|
|
200
|
-
function isGatewayRetryableError(error) {
|
|
201
|
-
return error instanceof GatewayTimeoutError && error.retryable || error instanceof GatewayTransportError && error.retryable || false;
|
|
202
|
-
}
|
|
203
|
-
var LucernApiError = class extends Error {
|
|
204
|
-
code;
|
|
205
|
-
status;
|
|
206
|
-
invariant;
|
|
207
|
-
suggestion;
|
|
208
|
-
details;
|
|
209
|
-
requestId;
|
|
210
|
-
correlationId;
|
|
211
|
-
policyTraceId;
|
|
212
|
-
constructor(args) {
|
|
213
|
-
super(args.message);
|
|
214
|
-
this.name = "LucernApiError";
|
|
215
|
-
this.code = args.code;
|
|
216
|
-
this.status = args.status;
|
|
217
|
-
this.invariant = args.invariant;
|
|
218
|
-
this.suggestion = args.suggestion;
|
|
219
|
-
this.details = args.details;
|
|
220
|
-
this.requestId = args.requestId;
|
|
221
|
-
this.correlationId = args.correlationId;
|
|
222
|
-
this.policyTraceId = args.policyTraceId;
|
|
223
|
-
}
|
|
224
|
-
};
|
|
225
|
-
function toQueryString(scope) {
|
|
226
|
-
const params = new URLSearchParams();
|
|
227
|
-
if (scope.tenantId) {
|
|
228
|
-
params.set("tenantId", scope.tenantId);
|
|
229
|
-
}
|
|
230
|
-
if (scope.workspaceId) {
|
|
231
|
-
params.set("workspaceId", scope.workspaceId);
|
|
232
|
-
}
|
|
233
|
-
for (const [key, value] of Object.entries(scope)) {
|
|
234
|
-
if (key === "tenantId" || key === "workspaceId") {
|
|
235
|
-
continue;
|
|
236
|
-
}
|
|
237
|
-
if (value === void 0) {
|
|
238
|
-
continue;
|
|
239
|
-
}
|
|
240
|
-
params.set(key, String(value));
|
|
241
|
-
}
|
|
242
|
-
const serialized = params.toString();
|
|
243
|
-
return serialized.length > 0 ? `?${serialized}` : "";
|
|
244
|
-
}
|
|
245
|
-
function fillRandomBytes(length) {
|
|
246
|
-
const bytes = new Uint8Array(length);
|
|
247
|
-
if (typeof globalThis.crypto?.getRandomValues === "function") {
|
|
248
|
-
globalThis.crypto.getRandomValues(bytes);
|
|
249
|
-
return bytes;
|
|
250
|
-
}
|
|
251
|
-
for (let index = 0; index < length; index += 1) {
|
|
252
|
-
bytes[index] = Math.floor(Math.random() * 256);
|
|
253
|
-
}
|
|
254
|
-
return bytes;
|
|
255
|
-
}
|
|
256
|
-
function generatePortableRequestId() {
|
|
257
|
-
if (typeof globalThis.crypto?.randomUUID === "function") {
|
|
258
|
-
return globalThis.crypto.randomUUID();
|
|
259
|
-
}
|
|
260
|
-
const bytes = fillRandomBytes(16);
|
|
261
|
-
bytes[6] = bytes[6] & 15 | 64;
|
|
262
|
-
bytes[8] = bytes[8] & 63 | 128;
|
|
263
|
-
const hex = Array.from(bytes, (value) => value.toString(16).padStart(2, "0"));
|
|
264
|
-
return `${hex.slice(0, 4).join("")}-${hex.slice(4, 6).join("")}-${hex.slice(
|
|
265
|
-
6,
|
|
266
|
-
8
|
|
267
|
-
).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
|
|
268
|
-
}
|
|
269
|
-
function resolveEnvironment() {
|
|
270
|
-
const processEnv = typeof globalThis === "object" && globalThis !== null && "process" in globalThis ? globalThis.process : void 0;
|
|
271
|
-
const env = processEnv !== void 0 && typeof processEnv === "object" && processEnv !== null && typeof processEnv.env === "object" ? processEnv.env : void 0;
|
|
272
|
-
return {
|
|
273
|
-
get: (name) => {
|
|
274
|
-
const value = env?.[name];
|
|
275
|
-
return typeof value === "string" && value.length > 0 ? value : void 0;
|
|
276
|
-
}
|
|
277
|
-
};
|
|
278
|
-
}
|
|
279
|
-
function telemetryEnvironmentRecord(environment) {
|
|
280
|
-
const names = [
|
|
281
|
-
"LUCERN_TELEMETRY_ENABLED",
|
|
282
|
-
"AXIOM_TELEMETRY_ENABLED",
|
|
283
|
-
"LUCERN_AXIOM_TOKEN",
|
|
284
|
-
"AXIOM_TOKEN",
|
|
285
|
-
"LUCERN_AXIOM_EVENTS_DATASET",
|
|
286
|
-
"LUCERN_AXIOM_DATASET",
|
|
287
|
-
"AXIOM_EVENTS_DATASET",
|
|
288
|
-
"AXIOM_DATASET",
|
|
289
|
-
"LUCERN_AXIOM_API_URL",
|
|
290
|
-
"AXIOM_URL",
|
|
291
|
-
"LUCERN_ENVIRONMENT",
|
|
292
|
-
"NODE_ENV",
|
|
293
|
-
"LUCERN_RELEASE",
|
|
294
|
-
"SENTRY_RELEASE",
|
|
295
|
-
"VERCEL_GIT_COMMIT_SHA"
|
|
296
|
-
];
|
|
297
|
-
return Object.fromEntries(
|
|
298
|
-
names.map((name) => [name, environment.get(name)])
|
|
299
|
-
);
|
|
300
|
-
}
|
|
301
|
-
function resolveRequestProfile(config, environment) {
|
|
302
|
-
const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
|
|
303
|
-
const parsedMaxRetries = parseIntegerFromString(
|
|
304
|
-
config.maxRetries,
|
|
305
|
-
environment.get(DEFAULT_ENV_MAX_RETRIES)
|
|
306
|
-
);
|
|
307
|
-
const parsedTimeoutMs = parseIntegerFromString(
|
|
308
|
-
config.timeoutMs,
|
|
309
|
-
environment.get(DEFAULT_ENV_TIMEOUT_MS)
|
|
310
|
-
);
|
|
311
|
-
const methodTimeouts = {
|
|
312
|
-
...config.timeoutMsByMethod
|
|
313
|
-
};
|
|
314
|
-
for (const method of ["GET", "POST", "PUT", "PATCH", "DELETE"]) {
|
|
315
|
-
const envKey = `${ENV_TIMEOUT_BY_METHOD_PREFIX}${method}`;
|
|
316
|
-
const raw = environment.get(envKey);
|
|
317
|
-
if (!raw || methodTimeouts[method] !== void 0) {
|
|
318
|
-
continue;
|
|
319
|
-
}
|
|
320
|
-
const parsed = parseIntegerFromString(void 0, raw);
|
|
321
|
-
if (typeof parsed === "number") {
|
|
322
|
-
methodTimeouts[method] = parsed;
|
|
323
|
-
}
|
|
324
|
-
}
|
|
325
|
-
return {
|
|
326
|
-
maxRetries: parsedMaxRetries ?? DEFAULT_GATEWAY_MAX_RETRIES,
|
|
327
|
-
timeoutMs: parsedTimeoutMs ?? DEFAULT_GATEWAY_TIMEOUT_MS,
|
|
328
|
-
timeoutMsByMethod: methodTimeouts,
|
|
329
|
-
requestIdFactory
|
|
330
|
-
};
|
|
331
|
-
}
|
|
332
|
-
function createGatewayRuntime(config, environment) {
|
|
333
|
-
return {
|
|
334
|
-
fetch: config.fetchImpl ?? fetch,
|
|
335
|
-
now: () => Date.now(),
|
|
336
|
-
sleep: (ms) => delay(ms),
|
|
337
|
-
env: environment,
|
|
338
|
-
redaction: resolveRequestRedactionValue,
|
|
339
|
-
profile: resolveRequestProfile(config, environment)
|
|
340
|
-
};
|
|
341
|
-
}
|
|
342
|
-
function parseIntegerFromString(value, rawValue) {
|
|
343
|
-
if (typeof value === "number" && Number.isInteger(value) && value >= 0) {
|
|
344
|
-
return value;
|
|
345
|
-
}
|
|
346
|
-
if (typeof rawValue !== "string" || !rawValue.trim()) {
|
|
347
|
-
return void 0;
|
|
348
|
-
}
|
|
349
|
-
const parsed = Number.parseInt(rawValue, 10);
|
|
350
|
-
return Number.isInteger(parsed) && parsed >= 0 ? parsed : void 0;
|
|
351
|
-
}
|
|
352
|
-
function resolveRequestRedactionValue(value) {
|
|
353
|
-
return redactDiagnosticValue(value);
|
|
354
|
-
}
|
|
355
|
-
function resolveGatewayBaseUrl(configBaseUrl, environment) {
|
|
356
|
-
const envBaseUrl = environment.get("LUCERN_API_URL") ?? environment.get("LUCERN_BASE_URL") ?? environment.get("LUCERN_GATEWAY_BASE_URL");
|
|
357
|
-
return (configBaseUrl ?? envBaseUrl ?? "").replace(/\/+$/, "");
|
|
358
|
-
}
|
|
359
|
-
function normalizeGatewayEnvironment(value) {
|
|
360
|
-
return value === "sandbox" || value === "production" ? value : void 0;
|
|
361
|
-
}
|
|
362
|
-
function fallbackErrorCode(status) {
|
|
363
|
-
if (status === 401) {
|
|
364
|
-
return "AUTHENTICATION_REQUIRED";
|
|
365
|
-
}
|
|
366
|
-
if (status === 403) {
|
|
367
|
-
return "FORBIDDEN";
|
|
368
|
-
}
|
|
369
|
-
if (status === 404) {
|
|
370
|
-
return "NOT_FOUND";
|
|
371
|
-
}
|
|
372
|
-
if (status === 408) {
|
|
373
|
-
return "UPSTREAM_ERROR";
|
|
374
|
-
}
|
|
375
|
-
if (status === 409) {
|
|
376
|
-
return "CONFLICT";
|
|
377
|
-
}
|
|
378
|
-
if (status === 429) {
|
|
379
|
-
return "RATE_LIMIT_EXCEEDED";
|
|
380
|
-
}
|
|
381
|
-
if (status >= 500) {
|
|
382
|
-
return "UPSTREAM_ERROR";
|
|
383
|
-
}
|
|
384
|
-
return "INTERNAL_ERROR";
|
|
385
|
-
}
|
|
386
|
-
function delay(ms) {
|
|
387
|
-
return new Promise((resolve) => setTimeout(resolve, ms));
|
|
388
|
-
}
|
|
389
|
-
function computeRetryDelayMs(args) {
|
|
390
|
-
const baseDelay = args.status === 429 ? Math.max(
|
|
391
|
-
args.retryAfterMs ?? 0,
|
|
392
|
-
Math.min(1e3 * 2 ** args.attempt, 1e4)
|
|
393
|
-
) : Math.min(1e3 * 2 ** args.attempt, 4e3);
|
|
394
|
-
if (args.status !== 429) {
|
|
395
|
-
return baseDelay;
|
|
396
|
-
}
|
|
397
|
-
const jitterWindow = Math.max(250, Math.round(baseDelay * 0.25));
|
|
398
|
-
return baseDelay + Math.round(Math.random() * jitterWindow);
|
|
399
|
-
}
|
|
400
|
-
function classifyGatewayErrorForRetry(error) {
|
|
401
|
-
return isGatewayRetryableError(error) || classifyRetry({ error }).retryable;
|
|
402
|
-
}
|
|
403
|
-
function isRecord(value) {
|
|
404
|
-
return value !== null && typeof value === "object" && !Array.isArray(value);
|
|
405
|
-
}
|
|
406
|
-
function readPolicySummaryFromDetails(details) {
|
|
407
|
-
if (!isRecord(details)) {
|
|
408
|
-
return null;
|
|
409
|
-
}
|
|
410
|
-
const directSummary = details.summary;
|
|
411
|
-
if (typeof directSummary === "string" && directSummary.trim().length > 0) {
|
|
412
|
-
return directSummary.trim();
|
|
413
|
-
}
|
|
414
|
-
const policy = details.policy;
|
|
415
|
-
if (!isRecord(policy)) {
|
|
416
|
-
return null;
|
|
417
|
-
}
|
|
418
|
-
const explanation = policy.explanation;
|
|
419
|
-
if (!isRecord(explanation)) {
|
|
420
|
-
return null;
|
|
421
|
-
}
|
|
422
|
-
const nestedSummary = explanation.summary;
|
|
423
|
-
if (typeof nestedSummary === "string" && nestedSummary.trim().length > 0) {
|
|
424
|
-
return nestedSummary.trim();
|
|
425
|
-
}
|
|
426
|
-
return null;
|
|
427
|
-
}
|
|
428
|
-
function redactJsonDiagnosticValue(value) {
|
|
429
|
-
return value === void 0 ? void 0 : redactDiagnosticValue(value);
|
|
430
|
-
}
|
|
431
|
-
async function resolveConfiguredAuthContext(authContext) {
|
|
432
|
-
if (typeof authContext === "function") {
|
|
433
|
-
return await authContext();
|
|
434
|
-
}
|
|
435
|
-
return authContext;
|
|
436
|
-
}
|
|
437
|
-
function mergeHeaderRecord(base, addition) {
|
|
438
|
-
const headers = new Headers(base);
|
|
439
|
-
for (const [key, value] of Object.entries(addition)) {
|
|
440
|
-
const existing = headers.get(key);
|
|
441
|
-
if (existing !== null && existing !== value) {
|
|
442
|
-
throw new LucernSdkAuthContextError(
|
|
443
|
-
"policy_denied",
|
|
444
|
-
`Canonical Lucern SDK auth context conflicts with existing ${key} header.`
|
|
445
|
-
);
|
|
446
|
-
}
|
|
447
|
-
headers.set(key, value);
|
|
448
|
-
}
|
|
449
|
-
return Object.fromEntries(headers.entries());
|
|
450
|
-
}
|
|
451
|
-
function cleanHeaderValue(value) {
|
|
452
|
-
const normalized = value?.trim();
|
|
453
|
-
return normalized ? normalized : void 0;
|
|
454
|
-
}
|
|
455
|
-
function createGatewayRequestClient(config = {}) {
|
|
456
|
-
const env = resolveEnvironment();
|
|
457
|
-
const runtime = createGatewayRuntime(config, env);
|
|
458
|
-
const baseUrl = resolveGatewayBaseUrl(config.baseUrl, env);
|
|
459
|
-
const maxRetries = runtime.profile.maxRetries;
|
|
460
|
-
const requestIdFactory = runtime.profile.requestIdFactory;
|
|
461
|
-
const requestTimeoutByMethod = runtime.profile.timeoutMsByMethod;
|
|
462
|
-
const defaultRequestTimeoutMs = runtime.profile.timeoutMs;
|
|
463
|
-
const normalizedEnvironment = normalizeGatewayEnvironment(config.environment);
|
|
464
|
-
const telemetryExporter = config.telemetryEnabled === false ? null : config.telemetryExporter ?? createTelemetryExporterFromEnv(telemetryEnvironmentRecord(env), {
|
|
465
|
-
service: "lucern-sdk",
|
|
466
|
-
environment: normalizedEnvironment
|
|
467
|
-
});
|
|
468
|
-
async function resolveAuthHeaders() {
|
|
469
|
-
const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};
|
|
470
|
-
const headers = new Headers(provided);
|
|
471
|
-
const setIfAbsent = (name, value) => {
|
|
472
|
-
const normalized = cleanHeaderValue(value);
|
|
473
|
-
if (normalized && !headers.has(name)) {
|
|
474
|
-
headers.set(name, normalized);
|
|
475
|
-
}
|
|
476
|
-
};
|
|
477
|
-
setIfAbsent("x-lucern-key", config.apiKey);
|
|
478
|
-
setIfAbsent("x-lucern-session-token", config.userToken);
|
|
479
|
-
setIfAbsent("x-lucern-environment", normalizedEnvironment);
|
|
480
|
-
setIfAbsent("x-lucern-clerk-id", config.clerkId);
|
|
481
|
-
setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
|
|
482
|
-
setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
|
|
483
|
-
const base = Object.fromEntries(headers.entries());
|
|
484
|
-
const authContextInput = await resolveConfiguredAuthContext(
|
|
485
|
-
config.authContext
|
|
486
|
-
);
|
|
487
|
-
if (!authContextInput && !config.requireCanonicalAuthContext) {
|
|
488
|
-
return base;
|
|
489
|
-
}
|
|
490
|
-
const authContext = normalizeCanonicalLucernAuthContext(authContextInput);
|
|
491
|
-
return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));
|
|
492
|
-
}
|
|
493
|
-
async function fetchWithTimeout(url, init, timeoutMs) {
|
|
494
|
-
const normalizeTransportError = (error, isTimeout) => {
|
|
495
|
-
if (isTimeout) {
|
|
496
|
-
return new GatewayTimeoutError(timeoutMs);
|
|
497
|
-
}
|
|
498
|
-
return error instanceof GatewayTimeoutError || error instanceof GatewayTransportError ? error : new GatewayTransportError(
|
|
499
|
-
error instanceof Error ? error.message : "Gateway transport error",
|
|
500
|
-
{
|
|
501
|
-
cause: error,
|
|
502
|
-
retryable: classifyGatewayErrorForRetry(error)
|
|
503
|
-
}
|
|
504
|
-
);
|
|
505
|
-
};
|
|
506
|
-
const controller = new AbortController();
|
|
507
|
-
const timer = setTimeout(() => controller.abort(), timeoutMs);
|
|
508
|
-
const requestEffect = Effect.tryPromise({
|
|
509
|
-
try: () => runtime.fetch(url, { ...init, signal: controller.signal }),
|
|
510
|
-
catch: (error) => normalizeTransportError(error, controller.signal.aborted)
|
|
511
|
-
});
|
|
512
|
-
try {
|
|
513
|
-
const exit = await Effect.runPromiseExit(requestEffect);
|
|
514
|
-
if (Exit.isSuccess(exit)) {
|
|
515
|
-
return exit.value;
|
|
516
|
-
}
|
|
517
|
-
const failure = Array.from(Cause.failures(exit.cause))[0];
|
|
518
|
-
if (failure !== void 0) {
|
|
519
|
-
throw failure;
|
|
520
|
-
}
|
|
521
|
-
throw Cause.squash(exit.cause);
|
|
522
|
-
} finally {
|
|
523
|
-
clearTimeout(timer);
|
|
524
|
-
}
|
|
525
|
-
}
|
|
526
|
-
async function emitSdkResponseTelemetry(context) {
|
|
527
|
-
const retry = classifyRetry({
|
|
528
|
-
status: context.status,
|
|
529
|
-
error: context.error,
|
|
530
|
-
retryAfter: context.retryAfterMs !== null && context.retryAfterMs !== void 0 ? String(context.retryAfterMs / 1e3) : void 0
|
|
531
|
-
});
|
|
532
|
-
await emitTelemetrySignal(telemetryExporter, {
|
|
533
|
-
signalType: "trace",
|
|
534
|
-
surface: "sdk-retry",
|
|
535
|
-
eventName: context.willRetry ? "sdk.retry" : context.error ? "sdk.request.error" : "sdk.request.complete",
|
|
536
|
-
severity: context.error ? context.willRetry ? "warn" : "error" : "info",
|
|
537
|
-
durationMs: context.durationMs,
|
|
538
|
-
metricName: "sdk.request.duration_ms",
|
|
539
|
-
metricValue: context.durationMs,
|
|
540
|
-
correlationId: context.correlationId ?? context.requestId,
|
|
541
|
-
policyTraceId: context.policyTraceId ?? null,
|
|
542
|
-
tenantId: context.headers.get("x-lucern-tenant-id") ?? context.headers.get("x-lucern-tenant") ?? void 0,
|
|
543
|
-
workspaceId: context.headers.get("x-lucern-workspace-id") ?? context.headers.get("x-lucern-workspace") ?? void 0,
|
|
544
|
-
attributes: {
|
|
545
|
-
service: "lucern-sdk",
|
|
546
|
-
operation: "gateway.request",
|
|
547
|
-
path: context.path,
|
|
548
|
-
httpMethod: context.method,
|
|
549
|
-
httpStatus: context.status,
|
|
550
|
-
attempt: context.attempt,
|
|
551
|
-
maxRetries: context.maxRetries,
|
|
552
|
-
retryReason: retry.reason,
|
|
553
|
-
retryAfterMs: context.retryAfterMs ?? retry.retryAfterMs,
|
|
554
|
-
willRetry: context.willRetry,
|
|
555
|
-
retryable: retry.retryable,
|
|
556
|
-
errorName: context.error instanceof Error ? context.error.name : void 0,
|
|
557
|
-
errorMessage: context.error instanceof Error ? context.error.message : void 0
|
|
558
|
-
}
|
|
559
|
-
});
|
|
560
|
-
}
|
|
561
|
-
async function parsePayload(response) {
|
|
562
|
-
const text = await response.text();
|
|
563
|
-
if (!text) {
|
|
564
|
-
return null;
|
|
565
|
-
}
|
|
566
|
-
const parsed = tryParseGatewayEnvelopeJson(text);
|
|
567
|
-
if (!parsed.ok) {
|
|
568
|
-
return null;
|
|
569
|
-
}
|
|
570
|
-
return isRecord(parsed.value) ? parsed.value : null;
|
|
571
|
-
}
|
|
572
|
-
function resolveTimeoutMs(method, requestTimeoutMs) {
|
|
573
|
-
if (typeof requestTimeoutMs === "number") {
|
|
574
|
-
return requestTimeoutMs;
|
|
575
|
-
}
|
|
576
|
-
const methodTimeoutMs = requestTimeoutByMethod?.[method];
|
|
577
|
-
if (typeof methodTimeoutMs === "number") {
|
|
578
|
-
return methodTimeoutMs;
|
|
579
|
-
}
|
|
580
|
-
return defaultRequestTimeoutMs;
|
|
581
|
-
}
|
|
582
|
-
function tryParseGatewayEnvelopeJson(text) {
|
|
583
|
-
const trimmed = text.trim();
|
|
584
|
-
if (!trimmed.startsWith("{") && !trimmed.startsWith("[")) {
|
|
585
|
-
return { ok: false, reason: "non-json" };
|
|
586
|
-
}
|
|
587
|
-
try {
|
|
588
|
-
return { ok: true, value: JSON.parse(trimmed) };
|
|
589
|
-
} catch (error) {
|
|
590
|
-
if (error instanceof SyntaxError) {
|
|
591
|
-
return { ok: false, reason: "invalid-json", error };
|
|
592
|
-
}
|
|
593
|
-
throw error;
|
|
594
|
-
}
|
|
595
|
-
}
|
|
596
|
-
function buildApiError(args) {
|
|
597
|
-
const failure = args.failure;
|
|
598
|
-
const legacyError = failure && isRecord(failure.error) ? failure.error : failure?.legacyError;
|
|
599
|
-
const correlationId = failure?.correlationId ?? args.response.headers.get("x-lucern-correlation-id")?.trim() ?? args.requestId;
|
|
600
|
-
const policyTraceId = failure?.policyTraceId ?? args.response.headers.get("x-lucern-policy-trace-id")?.trim() ?? null;
|
|
601
|
-
const details = runtime.redaction(
|
|
602
|
-
redactJsonDiagnosticValue(failure?.details ?? legacyError?.details)
|
|
603
|
-
);
|
|
604
|
-
const policySummary = readPolicySummaryFromDetails(details);
|
|
605
|
-
const failureMessage = typeof failure?.error === "string" ? failure.error : legacyError?.message;
|
|
606
|
-
return new LucernApiError({
|
|
607
|
-
code: failure?.code ?? legacyError?.code ?? fallbackErrorCode(args.response.status),
|
|
608
|
-
message: policySummary ?? failureMessage ?? (args.response.ok ? "Platform API returned an invalid success payload." : "Platform API request failed."),
|
|
609
|
-
status: args.response.status,
|
|
610
|
-
invariant: failure?.invariant,
|
|
611
|
-
suggestion: failure?.suggestion,
|
|
612
|
-
details,
|
|
613
|
-
requestId: args.requestId,
|
|
614
|
-
correlationId,
|
|
615
|
-
policyTraceId
|
|
616
|
-
});
|
|
617
|
-
}
|
|
618
|
-
async function request(args) {
|
|
619
|
-
const authHeaders = await resolveAuthHeaders();
|
|
620
|
-
const method = args.method ?? "GET";
|
|
621
|
-
const timeoutMs = resolveTimeoutMs(method, args.timeoutMs);
|
|
622
|
-
const headers = new Headers({
|
|
623
|
-
"content-type": "application/json",
|
|
624
|
-
...authHeaders
|
|
625
|
-
});
|
|
626
|
-
if (args.idempotencyKey) {
|
|
627
|
-
headers.set("idempotency-key", args.idempotencyKey);
|
|
628
|
-
}
|
|
629
|
-
const requestId = headers.get("x-correlation-id")?.trim() || headers.get("x-request-id")?.trim() || args.requestId || requestIdFactory();
|
|
630
|
-
if (!headers.has("x-correlation-id") && !headers.has("x-request-id")) {
|
|
631
|
-
headers.set("x-correlation-id", requestId);
|
|
632
|
-
}
|
|
633
|
-
const url = `${baseUrl}${args.path}`;
|
|
634
|
-
const serializedBody = args.body ? JSON.stringify(args.body) : void 0;
|
|
635
|
-
const init = {
|
|
636
|
-
method,
|
|
637
|
-
headers,
|
|
638
|
-
body: serializedBody
|
|
639
|
-
};
|
|
640
|
-
let lastError;
|
|
641
|
-
for (let attempt = 0; attempt <= maxRetries; attempt++) {
|
|
642
|
-
const hookRequestContext = {
|
|
643
|
-
requestId,
|
|
644
|
-
attempt,
|
|
645
|
-
maxRetries,
|
|
646
|
-
method,
|
|
647
|
-
path: args.path,
|
|
648
|
-
url,
|
|
649
|
-
headers: new Headers(headers),
|
|
650
|
-
body: serializedBody,
|
|
651
|
-
timeoutMs
|
|
652
|
-
};
|
|
653
|
-
await config.onRequest?.(hookRequestContext);
|
|
654
|
-
const startedAt = Date.now();
|
|
655
|
-
try {
|
|
656
|
-
const response = await fetchWithTimeout(url, init, timeoutMs);
|
|
657
|
-
const responseClone = response.clone();
|
|
658
|
-
const payload = await parsePayload(response);
|
|
659
|
-
const retry = classifyRetry({
|
|
660
|
-
status: response.status,
|
|
661
|
-
retryAfter: response.headers.get("Retry-After")
|
|
662
|
-
});
|
|
663
|
-
const retryAfterMs = retry.retryAfterMs ?? null;
|
|
664
|
-
if (!response.ok || !payload?.success) {
|
|
665
|
-
const failure = payload && !payload.success ? payload : null;
|
|
666
|
-
const apiError = buildApiError({
|
|
667
|
-
requestId,
|
|
668
|
-
response,
|
|
669
|
-
failure
|
|
670
|
-
});
|
|
671
|
-
const willRetry = attempt < maxRetries && retry.retryable;
|
|
672
|
-
const responseContext2 = {
|
|
673
|
-
...hookRequestContext,
|
|
674
|
-
durationMs: Date.now() - startedAt,
|
|
675
|
-
status: response.status,
|
|
676
|
-
response: responseClone,
|
|
677
|
-
error: apiError,
|
|
678
|
-
correlationId: apiError.correlationId ?? requestId,
|
|
679
|
-
policyTraceId: apiError.policyTraceId ?? null,
|
|
680
|
-
retryAfterMs,
|
|
681
|
-
willRetry
|
|
682
|
-
};
|
|
683
|
-
await config.onResponse?.(responseContext2);
|
|
684
|
-
await emitSdkResponseTelemetry(responseContext2);
|
|
685
|
-
if (willRetry) {
|
|
686
|
-
lastError = apiError;
|
|
687
|
-
await delay(
|
|
688
|
-
computeRetryDelayMs({
|
|
689
|
-
attempt,
|
|
690
|
-
status: response.status,
|
|
691
|
-
retryAfterMs
|
|
692
|
-
})
|
|
693
|
-
);
|
|
694
|
-
continue;
|
|
695
|
-
}
|
|
696
|
-
throw apiError;
|
|
697
|
-
}
|
|
698
|
-
const successPayload = payload;
|
|
699
|
-
const responseContext = {
|
|
700
|
-
...hookRequestContext,
|
|
701
|
-
durationMs: Date.now() - startedAt,
|
|
702
|
-
status: response.status,
|
|
703
|
-
response: responseClone,
|
|
704
|
-
correlationId: successPayload.correlationId ?? response.headers.get("x-lucern-correlation-id")?.trim() ?? requestId,
|
|
705
|
-
policyTraceId: successPayload.policyTraceId ?? response.headers.get("x-lucern-policy-trace-id")?.trim() ?? null,
|
|
706
|
-
idempotentReplay: successPayload.idempotentReplay,
|
|
707
|
-
retryAfterMs,
|
|
708
|
-
willRetry: false
|
|
709
|
-
};
|
|
710
|
-
await config.onResponse?.(responseContext);
|
|
711
|
-
await emitSdkResponseTelemetry(responseContext);
|
|
712
|
-
return successPayload;
|
|
713
|
-
} catch (fetchError) {
|
|
714
|
-
if (fetchError instanceof LucernApiError) {
|
|
715
|
-
throw fetchError;
|
|
716
|
-
}
|
|
717
|
-
const willRetry = attempt < maxRetries && classifyGatewayErrorForRetry(fetchError);
|
|
718
|
-
const responseContext = {
|
|
719
|
-
...hookRequestContext,
|
|
720
|
-
durationMs: Date.now() - startedAt,
|
|
721
|
-
error: fetchError,
|
|
722
|
-
correlationId: requestId,
|
|
723
|
-
policyTraceId: null,
|
|
724
|
-
willRetry
|
|
725
|
-
};
|
|
726
|
-
await config.onResponse?.(responseContext);
|
|
727
|
-
await emitSdkResponseTelemetry(responseContext);
|
|
728
|
-
lastError = fetchError;
|
|
729
|
-
if (willRetry) {
|
|
730
|
-
await delay(computeRetryDelayMs({ attempt }));
|
|
731
|
-
}
|
|
732
|
-
}
|
|
733
|
-
}
|
|
734
|
-
throw lastError instanceof Error ? lastError : new Error("Platform API request failed after retries.");
|
|
735
|
-
}
|
|
736
|
-
return {
|
|
737
|
-
request
|
|
738
|
-
};
|
|
739
|
-
}
|
|
740
|
-
|
|
741
|
-
// src/sdkSurface.ts
|
|
742
|
-
function cleanString2(value) {
|
|
743
|
-
return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
|
|
744
|
-
}
|
|
745
|
-
function normalizeTopicQuery(value) {
|
|
746
|
-
const topicId = cleanString2(value.topicId);
|
|
747
|
-
if (!topicId) {
|
|
748
|
-
return value;
|
|
749
|
-
}
|
|
750
|
-
return { ...value, topicId };
|
|
751
|
-
}
|
|
752
|
-
function createListResult(items, legacyKey) {
|
|
753
|
-
const result = {
|
|
754
|
-
items,
|
|
755
|
-
total: items.length
|
|
756
|
-
};
|
|
757
|
-
{
|
|
1
|
+
import { createGatewayRequestClient, LucernApiError, toQueryString, } from "./coreClient.js";
|
|
2
|
+
import { createListResult, mapGatewayData, normalizeTopicQuery } from "./sdkSurface.js";
|
|
3
|
+
export { LucernApiError };
|
|
4
|
+
/**
|
|
5
|
+
* Create the audit client for transport-level audit event reads.
|
|
6
|
+
* @param config - Gateway transport configuration.
|
|
7
|
+
* @returns An object with methods to list audit events.
|
|
8
|
+
*/
|
|
9
|
+
export function createAuditClient(config = {}) {
|
|
10
|
+
const gateway = createGatewayRequestClient(config);
|
|
758
11
|
return {
|
|
759
|
-
|
|
760
|
-
|
|
12
|
+
/**
|
|
13
|
+
* List audit events for the current scope.
|
|
14
|
+
*/
|
|
15
|
+
async listEvents(query = {}) {
|
|
16
|
+
return gateway.request({
|
|
17
|
+
path: `/api/platform/v1/audit/events${toQueryString(normalizeTopicQuery(query))}`,
|
|
18
|
+
}).then((response) => mapGatewayData(response, (data) => createListResult(Array.isArray(data) ? data : [], "events")));
|
|
19
|
+
},
|
|
761
20
|
};
|
|
762
|
-
}
|
|
763
|
-
}
|
|
764
|
-
function mapGatewayData(response, mapper) {
|
|
765
|
-
return {
|
|
766
|
-
...response,
|
|
767
|
-
data: mapper(response.data)
|
|
768
|
-
};
|
|
769
|
-
}
|
|
770
|
-
|
|
771
|
-
// src/auditClient.ts
|
|
772
|
-
function createAuditClient(config = {}) {
|
|
773
|
-
const gateway = createGatewayRequestClient(config);
|
|
774
|
-
return {
|
|
775
|
-
/**
|
|
776
|
-
* List audit events for the current scope.
|
|
777
|
-
*/
|
|
778
|
-
async listEvents(query = {}) {
|
|
779
|
-
return gateway.request({
|
|
780
|
-
path: `/api/platform/v1/audit/events${toQueryString(
|
|
781
|
-
normalizeTopicQuery(query)
|
|
782
|
-
)}`
|
|
783
|
-
}).then(
|
|
784
|
-
(response) => mapGatewayData(
|
|
785
|
-
response,
|
|
786
|
-
(data) => createListResult(Array.isArray(data) ? data : [], "events")
|
|
787
|
-
)
|
|
788
|
-
);
|
|
789
|
-
}
|
|
790
|
-
};
|
|
791
21
|
}
|
|
792
|
-
|
|
793
|
-
export { LucernApiError, createAuditClient };
|
|
794
|
-
//# sourceMappingURL=auditClient.js.map
|
|
795
22
|
//# sourceMappingURL=auditClient.js.map
|