@lucern/sdk 1.0.11 → 1.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (330) hide show
  1. package/CHANGELOG.md +3 -0
  2. package/dist/.generated +2 -0
  3. package/dist/accessControl.d.ts +19 -26
  4. package/dist/accessControl.js +195 -1423
  5. package/dist/adminClient.d.ts +52 -59
  6. package/dist/adminClient.js +364 -1142
  7. package/dist/answersClient.d.ts +5 -14
  8. package/dist/answersClient.js +19 -737
  9. package/dist/audience/index.d.ts +18 -18
  10. package/dist/audience/index.js +87 -90
  11. package/dist/audiencesClient.d.ts +19 -27
  12. package/dist/audiencesClient.js +107 -868
  13. package/dist/auditClient.d.ts +8 -15
  14. package/dist/auditClient.js +18 -791
  15. package/dist/authContext.d.ts +11 -16
  16. package/dist/authContext.js +122 -154
  17. package/dist/authDeviceClient.d.ts +8 -17
  18. package/dist/authDeviceClient.js +113 -102
  19. package/dist/beliefs/index.d.ts +15 -67
  20. package/dist/beliefs/index.js +17 -10181
  21. package/dist/beliefs/lifecycle.d.ts +10 -11
  22. package/dist/beliefs/lifecycle.js +78 -80
  23. package/dist/beliefsClient.d.ts +26 -32
  24. package/dist/beliefsClient.js +250 -990
  25. package/dist/boundaryClientSurface.d.ts +11 -16
  26. package/dist/boundaryClientSurface.js +49 -68
  27. package/dist/client.d.ts +64 -112
  28. package/dist/client.js +232 -10155
  29. package/dist/clientAssemblyTypes.d.ts +3 -3
  30. package/dist/clientAssemblyTypes.js +1 -2
  31. package/dist/clientConfig.d.ts +45 -59
  32. package/dist/clientConfig.js +1 -2
  33. package/dist/clientEvidenceCompat.d.ts +7 -14
  34. package/dist/clientEvidenceCompat.js +50 -64
  35. package/dist/clientGraphNamespaces.d.ts +3 -5
  36. package/dist/clientGraphNamespaces.js +170 -245
  37. package/dist/clientHelpers.d.ts +20 -25
  38. package/dist/clientHelpers.js +104 -127
  39. package/dist/clientKnowledgeNamespaces.d.ts +6 -53
  40. package/dist/clientKnowledgeNamespaces.js +502 -506
  41. package/dist/clientLocalHelpers.d.ts +11 -56
  42. package/dist/clientLocalHelpers.js +503 -732
  43. package/dist/clientPlatformNamespaces.d.ts +5 -53
  44. package/dist/clientPlatformNamespaces.js +229 -323
  45. package/dist/clientRuntime.d.ts +5 -53
  46. package/dist/clientRuntime.js +26 -30
  47. package/dist/clientWorkflowNamespaces.d.ts +6 -15
  48. package/dist/clientWorkflowNamespaces.js +529 -596
  49. package/dist/contextClient.d.ts +9 -17
  50. package/dist/contextClient.js +92 -805
  51. package/dist/contextFacade.d.ts +11 -2
  52. package/dist/contextFacade.js +10 -81
  53. package/dist/contextPackCompiler.d.ts +10 -11
  54. package/dist/contextPackCompiler.js +494 -1040
  55. package/dist/contextPackPolicy.d.ts +14 -15
  56. package/dist/contextPackPolicy.js +227 -305
  57. package/dist/contextPackSchema.d.ts +3 -3
  58. package/dist/contextPackSchema.js +169 -176
  59. package/dist/contextTypes.d.ts +14 -15
  60. package/dist/contextTypes.js +1 -2
  61. package/dist/contracts/api-enums.contract.d.ts +29 -30
  62. package/dist/contracts/api-enums.contract.js +162 -88
  63. package/dist/contracts/auth-session.contract.d.ts +13 -14
  64. package/dist/contracts/auth-session.contract.js +55 -52
  65. package/dist/contracts/context-pack.contract.d.ts +54 -55
  66. package/dist/contracts/context-pack.contract.js +160 -88
  67. package/dist/contracts/contextPack.d.ts +2 -1
  68. package/dist/contracts/contextPack.js +1 -97
  69. package/dist/contracts/index.d.ts +11 -12
  70. package/dist/contracts/index.js +10 -854
  71. package/dist/contracts/lens-filter.contract.d.ts +9 -10
  72. package/dist/contracts/lens-filter.contract.js +82 -58
  73. package/dist/contracts/lens-workflow.contract.d.ts +21 -23
  74. package/dist/contracts/lens-workflow.contract.js +48 -117
  75. package/dist/contracts/lensFilter.d.ts +2 -1
  76. package/dist/contracts/lensFilter.js +1 -71
  77. package/dist/contracts/lensWorkflow.d.ts +2 -2
  78. package/dist/contracts/lensWorkflow.js +1 -123
  79. package/dist/contracts/mcpTools.d.ts +16 -18
  80. package/dist/contracts/mcpTools.js +89 -123
  81. package/dist/contracts/prompt.contract.d.ts +4 -5
  82. package/dist/contracts/prompt.contract.js +23 -10
  83. package/dist/contracts/prompt.d.ts +2 -1
  84. package/dist/contracts/prompt.js +1 -11
  85. package/dist/contracts/sdk-tools.contract.d.ts +2 -1
  86. package/dist/contracts/sdk-tools.contract.js +1 -2
  87. package/dist/contracts/sdkTools.d.ts +2 -1
  88. package/dist/contracts/sdkTools.js +1 -26
  89. package/dist/contracts/tool-contracts.d.ts +2 -1
  90. package/dist/contracts/tool-contracts.js +1 -2
  91. package/dist/contracts/workflow-runtime.contract.d.ts +45 -46
  92. package/dist/contracts/workflow-runtime.contract.js +241 -228
  93. package/dist/contracts/workflowRuntime.d.ts +2 -1
  94. package/dist/contracts/workflowRuntime.js +1 -244
  95. package/dist/contradictions/index.d.ts +8 -60
  96. package/dist/contradictions/index.js +11 -10175
  97. package/dist/control-plane.d.ts +17 -24
  98. package/dist/control-plane.js +124 -840
  99. package/dist/controlObjectOwnership.d.ts +19 -20
  100. package/dist/controlObjectOwnership.js +207 -201
  101. package/dist/coreClient.d.ts +23 -28
  102. package/dist/coreClient.js +567 -692
  103. package/dist/customTools.d.ts +17 -21
  104. package/dist/customTools.js +221 -221
  105. package/dist/decisions/index.d.ts +7 -58
  106. package/dist/decisions/index.js +14 -10177
  107. package/dist/decisionsClient.d.ts +25 -32
  108. package/dist/decisionsClient.js +113 -913
  109. package/dist/domainContext.d.ts +2 -1
  110. package/dist/domainContext.js +1 -2
  111. package/dist/edges/index.d.ts +21 -73
  112. package/dist/edges/index.js +12 -10176
  113. package/dist/embeddingsClient.d.ts +22 -30
  114. package/dist/embeddingsClient.js +73 -922
  115. package/dist/eventingClient.d.ts +23 -31
  116. package/dist/eventingClient.js +89 -918
  117. package/dist/events.d.ts +48 -49
  118. package/dist/events.js +257 -241
  119. package/dist/eventsCore.d.ts +20 -29
  120. package/dist/eventsCore.js +86 -830
  121. package/dist/evidence/index.d.ts +9 -60
  122. package/dist/evidence/index.js +13 -10176
  123. package/dist/evidenceClient.d.ts +13 -22
  124. package/dist/evidenceClient.js +34 -751
  125. package/dist/facade/context.d.ts +7 -8
  126. package/dist/facade/context.js +73 -72
  127. package/dist/functionSurface.d.ts +2 -156
  128. package/dist/functionSurface.js +1 -1460
  129. package/dist/functionSurfaceClient.d.ts +2 -9
  130. package/dist/functionSurfaceClient.js +1 -1460
  131. package/dist/gatewayFacades.d.ts +79 -296
  132. package/dist/gatewayFacades.factories.d.ts +209 -14
  133. package/dist/gatewayFacades.factories.js +561 -2227
  134. package/dist/gatewayFacades.js +284 -2627
  135. package/dist/generated/functionSurface.d.ts +149 -0
  136. package/dist/generated/functionSurface.js +749 -0
  137. package/dist/graphAnalysisClient.d.ts +41 -49
  138. package/dist/graphAnalysisClient.js +185 -974
  139. package/dist/graphClient.d.ts +53 -60
  140. package/dist/graphClient.js +219 -1090
  141. package/dist/graphIntel.d.ts +2 -4
  142. package/dist/graphIntel.js +1 -2
  143. package/dist/graphIntelligence.d.ts +4 -2
  144. package/dist/graphIntelligence.js +2 -46
  145. package/dist/graphRecommendationsClient.d.ts +15 -23
  146. package/dist/graphRecommendationsClient.js +70 -849
  147. package/dist/graphStateClassifierClient.d.ts +17 -25
  148. package/dist/graphStateClassifierClient.js +67 -908
  149. package/dist/harnessClient.d.ts +40 -47
  150. package/dist/harnessClient.js +198 -993
  151. package/dist/identityClient.d.ts +25 -33
  152. package/dist/identityClient.js +245 -1186
  153. package/dist/index.d.ts +73 -69
  154. package/dist/index.js +72 -13313
  155. package/dist/infisicalRuntime.d.ts +12 -14
  156. package/dist/infisicalRuntime.js +290 -297
  157. package/dist/jobsClient.d.ts +24 -32
  158. package/dist/jobsClient.js +101 -916
  159. package/dist/learningClient.d.ts +8 -16
  160. package/dist/learningClient.js +45 -809
  161. package/dist/lenses/index.d.ts +13 -65
  162. package/dist/lenses/index.js +11 -10175
  163. package/dist/mcpClient.d.ts +14 -23
  164. package/dist/mcpClient.js +115 -856
  165. package/dist/modelRuntimeClient.d.ts +18 -26
  166. package/dist/modelRuntimeClient.js +74 -894
  167. package/dist/nodes/index.d.ts +7 -58
  168. package/dist/nodes/index.js +14 -10177
  169. package/dist/ontologies/index.d.ts +21 -73
  170. package/dist/ontologies/index.js +14 -10178
  171. package/dist/ontologyClient.d.ts +23 -31
  172. package/dist/ontologyClient.js +138 -924
  173. package/dist/ontologyLinksClient.d.ts +16 -24
  174. package/dist/ontologyLinksClient.js +76 -886
  175. package/dist/opinion.d.ts +5 -6
  176. package/dist/opinion.js +21 -25
  177. package/dist/orgGraphSearchClient.d.ts +19 -27
  178. package/dist/orgGraphSearchClient.js +89 -857
  179. package/dist/packRuntime.d.ts +2 -2
  180. package/dist/packRuntime.js +1 -2
  181. package/dist/packsClient.d.ts +30 -37
  182. package/dist/packsClient.js +131 -906
  183. package/dist/policyClient.d.ts +21 -29
  184. package/dist/policyClient.js +267 -1026
  185. package/dist/proof-attestation.json +1 -1
  186. package/dist/questions/index.d.ts +9 -60
  187. package/dist/questions/index.js +15 -10178
  188. package/dist/realtime/index.d.ts +20 -16
  189. package/dist/realtime/index.js +30 -19
  190. package/dist/realtime/refs.d.ts +4 -6
  191. package/dist/realtime/refs.js +12 -7
  192. package/dist/realtime-refs.d.ts +1 -0
  193. package/dist/realtime-refs.js +1 -0
  194. package/dist/realtime.d.ts +1 -0
  195. package/dist/realtime.js +1 -0
  196. package/dist/reportsClient.d.ts +10 -19
  197. package/dist/reportsClient.js +48 -836
  198. package/dist/schemaClient.d.ts +16 -23
  199. package/dist/schemaClient.js +62 -832
  200. package/dist/sdkSurface.d.ts +18 -25
  201. package/dist/sdkSurface.js +135 -106
  202. package/dist/secrets.d.ts +2 -1
  203. package/dist/secrets.js +1 -2
  204. package/dist/sourcesClient.d.ts +11 -18
  205. package/dist/sourcesClient.js +18 -741
  206. package/dist/telemetryClient.d.ts +22 -30
  207. package/dist/telemetryClient.js +107 -931
  208. package/dist/toolRegistryClient.d.ts +27 -35
  209. package/dist/toolRegistryClient.js +116 -954
  210. package/dist/topics/index.d.ts +13 -64
  211. package/dist/topics/index.js +15 -10178
  212. package/dist/topicsClient.d.ts +19 -27
  213. package/dist/topicsClient.js +106 -894
  214. package/dist/types.d.ts +84 -87
  215. package/dist/types.js +1 -2
  216. package/dist/version.d.ts +2 -3
  217. package/dist/version.js +2 -5
  218. package/dist/workflowClient.d.ts +60 -65
  219. package/dist/workflowClient.js +343 -1219
  220. package/dist/worktrees/index.d.ts +16 -68
  221. package/dist/worktrees/index.js +14 -10178
  222. package/package.json +6 -6
  223. package/dist/accessControl.js.map +0 -1
  224. package/dist/adminClient.js.map +0 -1
  225. package/dist/answersClient.js.map +0 -1
  226. package/dist/audience/index.js.map +0 -1
  227. package/dist/audiencesClient.js.map +0 -1
  228. package/dist/auditClient.js.map +0 -1
  229. package/dist/authContext.js.map +0 -1
  230. package/dist/authDeviceClient.js.map +0 -1
  231. package/dist/beliefs/index.js.map +0 -1
  232. package/dist/beliefs/lifecycle.js.map +0 -1
  233. package/dist/beliefsClient.js.map +0 -1
  234. package/dist/boundaryClientSurface.js.map +0 -1
  235. package/dist/client.js.map +0 -1
  236. package/dist/clientAssemblyTypes.js.map +0 -1
  237. package/dist/clientConfig.js.map +0 -1
  238. package/dist/clientEvidenceCompat.js.map +0 -1
  239. package/dist/clientGraphNamespaces.js.map +0 -1
  240. package/dist/clientHelpers.js.map +0 -1
  241. package/dist/clientKnowledgeNamespaces.js.map +0 -1
  242. package/dist/clientLocalHelpers.js.map +0 -1
  243. package/dist/clientPlatformNamespaces.js.map +0 -1
  244. package/dist/clientRuntime.js.map +0 -1
  245. package/dist/clientWorkflowNamespaces.js.map +0 -1
  246. package/dist/contextClient.js.map +0 -1
  247. package/dist/contextFacade.js.map +0 -1
  248. package/dist/contextPackCompiler.js.map +0 -1
  249. package/dist/contextPackPolicy.js.map +0 -1
  250. package/dist/contextPackSchema.js.map +0 -1
  251. package/dist/contextTypes.js.map +0 -1
  252. package/dist/contracts/api-enums.contract.js.map +0 -1
  253. package/dist/contracts/auth-session.contract.js.map +0 -1
  254. package/dist/contracts/context-pack.contract.js.map +0 -1
  255. package/dist/contracts/contextPack.js.map +0 -1
  256. package/dist/contracts/index.js.map +0 -1
  257. package/dist/contracts/lens-filter.contract.js.map +0 -1
  258. package/dist/contracts/lens-workflow.contract.js.map +0 -1
  259. package/dist/contracts/lensFilter.js.map +0 -1
  260. package/dist/contracts/lensWorkflow.js.map +0 -1
  261. package/dist/contracts/mcpTools.js.map +0 -1
  262. package/dist/contracts/prompt.contract.js.map +0 -1
  263. package/dist/contracts/prompt.js.map +0 -1
  264. package/dist/contracts/sdk-tools.contract.js.map +0 -1
  265. package/dist/contracts/sdkTools.js.map +0 -1
  266. package/dist/contracts/tool-contracts.js.map +0 -1
  267. package/dist/contracts/workflow-runtime.contract.js.map +0 -1
  268. package/dist/contracts/workflowRuntime.js.map +0 -1
  269. package/dist/contradictions/index.js.map +0 -1
  270. package/dist/control-plane.js.map +0 -1
  271. package/dist/controlObjectOwnership.js.map +0 -1
  272. package/dist/coreClient.js.map +0 -1
  273. package/dist/customTools.js.map +0 -1
  274. package/dist/decisions/index.js.map +0 -1
  275. package/dist/decisionsClient.js.map +0 -1
  276. package/dist/domainContext.js.map +0 -1
  277. package/dist/edges/index.js.map +0 -1
  278. package/dist/embeddingsClient.js.map +0 -1
  279. package/dist/eventingClient.js.map +0 -1
  280. package/dist/events.js.map +0 -1
  281. package/dist/eventsCore.js.map +0 -1
  282. package/dist/evidence/index.js.map +0 -1
  283. package/dist/evidenceClient.js.map +0 -1
  284. package/dist/facade/context.js.map +0 -1
  285. package/dist/functionSurface.js.map +0 -1
  286. package/dist/functionSurfaceClient.js.map +0 -1
  287. package/dist/gatewayFacades.factories.js.map +0 -1
  288. package/dist/gatewayFacades.js.map +0 -1
  289. package/dist/graphAnalysisClient.js.map +0 -1
  290. package/dist/graphClient.js.map +0 -1
  291. package/dist/graphIntel.js.map +0 -1
  292. package/dist/graphIntelligence.js.map +0 -1
  293. package/dist/graphRecommendationsClient.js.map +0 -1
  294. package/dist/graphStateClassifierClient.js.map +0 -1
  295. package/dist/harnessClient.js.map +0 -1
  296. package/dist/identityClient.js.map +0 -1
  297. package/dist/index.js.map +0 -1
  298. package/dist/infisicalRuntime.js.map +0 -1
  299. package/dist/jobsClient.js.map +0 -1
  300. package/dist/learningClient.js.map +0 -1
  301. package/dist/lenses/index.js.map +0 -1
  302. package/dist/mcpClient.js.map +0 -1
  303. package/dist/modelRuntimeClient.js.map +0 -1
  304. package/dist/nodes/index.js.map +0 -1
  305. package/dist/ontologies/index.js.map +0 -1
  306. package/dist/ontologyClient.js.map +0 -1
  307. package/dist/ontologyLinksClient.js.map +0 -1
  308. package/dist/opinion.js.map +0 -1
  309. package/dist/orgGraphSearchClient.js.map +0 -1
  310. package/dist/packRuntime.js.map +0 -1
  311. package/dist/packsClient.js.map +0 -1
  312. package/dist/policyClient.js.map +0 -1
  313. package/dist/questions/index.js.map +0 -1
  314. package/dist/realtime/index.js.map +0 -1
  315. package/dist/realtime/refs.js.map +0 -1
  316. package/dist/reportsClient.js.map +0 -1
  317. package/dist/schemaClient.js.map +0 -1
  318. package/dist/sdk-tools.contract-B4c1Zr1o.d.ts +0 -22
  319. package/dist/sdkSurface.js.map +0 -1
  320. package/dist/secrets.js.map +0 -1
  321. package/dist/sourcesClient.js.map +0 -1
  322. package/dist/telemetryClient.js.map +0 -1
  323. package/dist/tool-contracts-BUiL9P6z.d.ts +0 -22
  324. package/dist/toolRegistryClient.js.map +0 -1
  325. package/dist/topics/index.js.map +0 -1
  326. package/dist/topicsClient.js.map +0 -1
  327. package/dist/types.js.map +0 -1
  328. package/dist/version.js.map +0 -1
  329. package/dist/workflowClient.js.map +0 -1
  330. package/dist/worktrees/index.js.map +0 -1
@@ -1,11 +1,7 @@
1
- import { SessionPrincipalType, SessionAuthMode, SessionDelegationHop } from './contracts/auth-session.contract.js';
2
- import { JsonObject } from './types.js';
3
- import './contracts/workflow-runtime.contract.js';
4
- import './contracts/lens-workflow.contract.js';
5
- import './contracts/lens-filter.contract.js';
6
-
7
- type LucernSdkAuthFailureReason = "principal_missing" | "tenant_missing" | "membership_missing" | "workspace_missing" | "clerk_alias_missing" | "clerk_alias_unrecognized" | "policy_denied" | "policy_unavailable" | "policy_unknown";
8
- type PermitReadyAuthContext = {
1
+ import type { SessionAuthMode, SessionDelegationHop, SessionPrincipalType } from "./contracts/auth-session.contract";
2
+ import type { JsonObject } from "./types";
3
+ export type LucernSdkAuthFailureReason = "principal_missing" | "tenant_missing" | "membership_missing" | "workspace_missing" | "clerk_alias_missing" | "clerk_alias_unrecognized" | "policy_denied" | "policy_unavailable" | "policy_unknown";
4
+ export type PermitReadyAuthContext = {
9
5
  subject: string;
10
6
  tenant: string;
11
7
  workspace: string;
@@ -14,8 +10,8 @@ type PermitReadyAuthContext = {
14
10
  relation?: string;
15
11
  context?: JsonObject;
16
12
  };
17
- type LucernSdkAuthPolicyDecision = "allow" | "deny" | "unknown";
18
- type LucernSdkAuthContextInput = {
13
+ export type LucernSdkAuthPolicyDecision = "allow" | "deny" | "unknown";
14
+ export type LucernSdkAuthContextInput = {
19
15
  clerkId?: string;
20
16
  principalId?: string;
21
17
  tenantId?: string;
@@ -31,7 +27,7 @@ type LucernSdkAuthContextInput = {
31
27
  policyDecision?: LucernSdkAuthPolicyDecision;
32
28
  permit?: Partial<PermitReadyAuthContext>;
33
29
  };
34
- type CanonicalLucernSdkAuthContext = {
30
+ export type CanonicalLucernSdkAuthContext = {
35
31
  clerkId?: string;
36
32
  principalId: string;
37
33
  tenantId: string;
@@ -46,11 +42,10 @@ type CanonicalLucernSdkAuthContext = {
46
42
  membershipId?: string;
47
43
  permit: PermitReadyAuthContext;
48
44
  };
49
- declare class LucernSdkAuthContextError extends Error {
45
+ export declare class LucernSdkAuthContextError extends Error {
50
46
  readonly reason: LucernSdkAuthFailureReason;
51
47
  constructor(reason: LucernSdkAuthFailureReason, message: string);
52
48
  }
53
- declare function normalizeCanonicalLucernAuthContext(input: LucernSdkAuthContextInput | undefined): CanonicalLucernSdkAuthContext;
54
- declare function createCanonicalAuthHeaders(authContext: CanonicalLucernSdkAuthContext): Record<string, string>;
55
-
56
- export { type CanonicalLucernSdkAuthContext, LucernSdkAuthContextError, type LucernSdkAuthContextInput, type LucernSdkAuthFailureReason, type LucernSdkAuthPolicyDecision, type PermitReadyAuthContext, createCanonicalAuthHeaders, normalizeCanonicalLucernAuthContext };
49
+ export declare function normalizeCanonicalLucernAuthContext(input: LucernSdkAuthContextInput | undefined): CanonicalLucernSdkAuthContext;
50
+ export declare function createCanonicalAuthHeaders(authContext: CanonicalLucernSdkAuthContext): Record<string, string>;
51
+ //# sourceMappingURL=authContext.d.ts.map
@@ -1,170 +1,138 @@
1
- // src/authContext.ts
2
- var LucernSdkAuthContextError = class extends Error {
3
- reason;
4
- constructor(reason, message) {
5
- super(message);
6
- this.name = "LucernSdkAuthContextError";
7
- this.reason = reason;
8
- }
9
- };
1
+ export class LucernSdkAuthContextError extends Error {
2
+ reason;
3
+ constructor(reason, message) {
4
+ super(message);
5
+ this.name = "LucernSdkAuthContextError";
6
+ this.reason = reason;
7
+ }
8
+ }
10
9
  function cleanString(value) {
11
- const normalized = value?.trim();
12
- return normalized ? normalized : void 0;
10
+ const normalized = value?.trim();
11
+ return normalized ? normalized : undefined;
13
12
  }
14
13
  function cleanStringList(values) {
15
- if (!values) {
16
- return [];
17
- }
18
- return values.map((value) => value.trim()).filter(
19
- (value, index, list) => value.length > 0 && list.indexOf(value) === index
20
- );
14
+ if (!values) {
15
+ return [];
16
+ }
17
+ return values
18
+ .map((value) => value.trim())
19
+ .filter((value, index, list) => value.length > 0 && list.indexOf(value) === index);
21
20
  }
22
21
  function requireString(value, reason, label) {
23
- const normalized = cleanString(value);
24
- if (!normalized) {
25
- throw new LucernSdkAuthContextError(
26
- reason,
27
- `Canonical Lucern SDK auth context is missing ${label}.`
28
- );
29
- }
30
- return normalized;
22
+ const normalized = cleanString(value);
23
+ if (!normalized) {
24
+ throw new LucernSdkAuthContextError(reason, `Canonical Lucern SDK auth context is missing ${label}.`);
25
+ }
26
+ return normalized;
31
27
  }
32
28
  function requirePrincipalType(principalType) {
33
- if (!principalType) {
34
- throw new LucernSdkAuthContextError(
35
- "principal_missing",
36
- "Canonical Lucern SDK auth context is missing principalType."
37
- );
38
- }
39
- return principalType;
29
+ if (!principalType) {
30
+ throw new LucernSdkAuthContextError("principal_missing", "Canonical Lucern SDK auth context is missing principalType.");
31
+ }
32
+ return principalType;
40
33
  }
41
34
  function requireAuthMode(authMode) {
42
- if (!authMode) {
43
- throw new LucernSdkAuthContextError(
44
- "principal_missing",
45
- "Canonical Lucern SDK auth context is missing authMode."
46
- );
47
- }
48
- return authMode;
35
+ if (!authMode) {
36
+ throw new LucernSdkAuthContextError("principal_missing", "Canonical Lucern SDK auth context is missing authMode.");
37
+ }
38
+ return authMode;
49
39
  }
50
40
  function ensurePermitMatch(args) {
51
- const actual = cleanString(args.actual);
52
- if (actual && actual !== args.expected) {
53
- throw new LucernSdkAuthContextError(
54
- "policy_denied",
55
- `Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`
56
- );
57
- }
41
+ const actual = cleanString(args.actual);
42
+ if (actual && actual !== args.expected) {
43
+ throw new LucernSdkAuthContextError("policy_denied", `Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`);
44
+ }
58
45
  }
59
- function normalizeCanonicalLucernAuthContext(input) {
60
- if (!input) {
61
- throw new LucernSdkAuthContextError(
62
- "principal_missing",
63
- "Canonical Lucern SDK auth context is required."
64
- );
65
- }
66
- if (input.policyDecision === "deny") {
67
- throw new LucernSdkAuthContextError(
68
- "policy_denied",
69
- "Canonical Lucern SDK auth context carries a denied policy decision."
70
- );
71
- }
72
- const principalId = requireString(
73
- input.principalId,
74
- "principal_missing",
75
- "principalId"
76
- );
77
- const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
78
- const workspaceId = requireString(
79
- input.workspaceId,
80
- "workspace_missing",
81
- "workspaceId"
82
- );
83
- const roles = cleanStringList(input.roles);
84
- const scopes = cleanStringList(input.scopes);
85
- const principalType = requirePrincipalType(input.principalType);
86
- const authMode = requireAuthMode(input.authMode);
87
- const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
88
- if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
89
- throw new LucernSdkAuthContextError(
90
- "membership_missing",
91
- "Canonical Lucern SDK auth context requires non-empty roles and scopes."
92
- );
93
- }
94
- const subject = cleanString(input.permit?.subject) ?? principalId;
95
- const tenant = cleanString(input.permit?.tenant) ?? tenantId;
96
- const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
97
- ensurePermitMatch({
98
- field: "subject",
99
- expected: principalId,
100
- actual: subject
101
- });
102
- ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
103
- ensurePermitMatch({
104
- field: "workspace",
105
- expected: workspaceId,
106
- actual: workspace
107
- });
108
- const context = input.permit?.context ? { ...input.permit.context } : void 0;
109
- return {
110
- clerkId: cleanString(input.clerkId),
111
- principalId,
112
- tenantId,
113
- workspaceId,
114
- principalType,
115
- authMode,
116
- roles,
117
- scopes,
118
- delegationChain: input.delegationChain ? [...input.delegationChain] : [],
119
- policyTraceId: cleanString(input.policyTraceId),
120
- correlationId: cleanString(input.correlationId),
121
- membershipId: cleanString(input.membershipId),
122
- permit: {
123
- subject,
124
- tenant,
125
- workspace,
126
- resource: cleanString(input.permit?.resource),
127
- action: cleanString(input.permit?.action),
128
- relation: cleanString(input.permit?.relation),
129
- context
46
+ export function normalizeCanonicalLucernAuthContext(input) {
47
+ if (!input) {
48
+ throw new LucernSdkAuthContextError("principal_missing", "Canonical Lucern SDK auth context is required.");
130
49
  }
131
- };
50
+ if (input.policyDecision === "deny") {
51
+ throw new LucernSdkAuthContextError("policy_denied", "Canonical Lucern SDK auth context carries a denied policy decision.");
52
+ }
53
+ const principalId = requireString(input.principalId, "principal_missing", "principalId");
54
+ const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
55
+ const workspaceId = requireString(input.workspaceId, "workspace_missing", "workspaceId");
56
+ const roles = cleanStringList(input.roles);
57
+ const scopes = cleanStringList(input.scopes);
58
+ const principalType = requirePrincipalType(input.principalType);
59
+ const authMode = requireAuthMode(input.authMode);
60
+ const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
61
+ if (roles.length === 0 ||
62
+ (scopes.length === 0 && !roleBasedInteractiveAuth)) {
63
+ throw new LucernSdkAuthContextError("membership_missing", "Canonical Lucern SDK auth context requires non-empty roles and scopes.");
64
+ }
65
+ const subject = cleanString(input.permit?.subject) ?? principalId;
66
+ const tenant = cleanString(input.permit?.tenant) ?? tenantId;
67
+ const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
68
+ ensurePermitMatch({
69
+ field: "subject",
70
+ expected: principalId,
71
+ actual: subject,
72
+ });
73
+ ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
74
+ ensurePermitMatch({
75
+ field: "workspace",
76
+ expected: workspaceId,
77
+ actual: workspace,
78
+ });
79
+ const context = input.permit?.context
80
+ ? { ...input.permit.context }
81
+ : undefined;
82
+ return {
83
+ clerkId: cleanString(input.clerkId),
84
+ principalId,
85
+ tenantId,
86
+ workspaceId,
87
+ principalType,
88
+ authMode,
89
+ roles,
90
+ scopes,
91
+ delegationChain: input.delegationChain ? [...input.delegationChain] : [],
92
+ policyTraceId: cleanString(input.policyTraceId),
93
+ correlationId: cleanString(input.correlationId),
94
+ membershipId: cleanString(input.membershipId),
95
+ permit: {
96
+ subject,
97
+ tenant,
98
+ workspace,
99
+ resource: cleanString(input.permit?.resource),
100
+ action: cleanString(input.permit?.action),
101
+ relation: cleanString(input.permit?.relation),
102
+ context,
103
+ },
104
+ };
132
105
  }
133
- function createCanonicalAuthHeaders(authContext) {
134
- const headers = {
135
- "x-lucern-principal-id": authContext.principalId,
136
- "x-lucern-principal-type": authContext.principalType,
137
- "x-lucern-tenant": authContext.tenantId,
138
- "x-lucern-tenant-id": authContext.tenantId,
139
- "x-lucern-workspace": authContext.workspaceId,
140
- "x-lucern-workspace-id": authContext.workspaceId,
141
- "x-lucern-auth-mode": authContext.authMode,
142
- "x-lucern-roles": authContext.roles.join(","),
143
- "x-lucern-scopes": authContext.scopes.join(","),
144
- "x-lucern-permit-context": JSON.stringify(authContext.permit)
145
- };
146
- if (authContext.clerkId) {
147
- headers["x-lucern-clerk-id"] = authContext.clerkId;
148
- headers["x-lucern-user-id"] = authContext.clerkId;
149
- }
150
- if (authContext.delegationChain.length > 0) {
151
- headers["x-lucern-delegation-chain"] = JSON.stringify(
152
- authContext.delegationChain
153
- );
154
- }
155
- if (authContext.policyTraceId) {
156
- headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
157
- }
158
- if (authContext.correlationId) {
159
- headers["x-correlation-id"] = authContext.correlationId;
160
- headers["x-lucern-correlation-id"] = authContext.correlationId;
161
- }
162
- if (authContext.membershipId) {
163
- headers["x-lucern-membership-id"] = authContext.membershipId;
164
- }
165
- return headers;
106
+ export function createCanonicalAuthHeaders(authContext) {
107
+ const headers = {
108
+ "x-lucern-principal-id": authContext.principalId,
109
+ "x-lucern-principal-type": authContext.principalType,
110
+ "x-lucern-tenant": authContext.tenantId,
111
+ "x-lucern-tenant-id": authContext.tenantId,
112
+ "x-lucern-workspace": authContext.workspaceId,
113
+ "x-lucern-workspace-id": authContext.workspaceId,
114
+ "x-lucern-auth-mode": authContext.authMode,
115
+ "x-lucern-roles": authContext.roles.join(","),
116
+ "x-lucern-scopes": authContext.scopes.join(","),
117
+ "x-lucern-permit-context": JSON.stringify(authContext.permit),
118
+ };
119
+ if (authContext.clerkId) {
120
+ headers["x-lucern-clerk-id"] = authContext.clerkId;
121
+ headers["x-lucern-user-id"] = authContext.clerkId;
122
+ }
123
+ if (authContext.delegationChain.length > 0) {
124
+ headers["x-lucern-delegation-chain"] = JSON.stringify(authContext.delegationChain);
125
+ }
126
+ if (authContext.policyTraceId) {
127
+ headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
128
+ }
129
+ if (authContext.correlationId) {
130
+ headers["x-correlation-id"] = authContext.correlationId;
131
+ headers["x-lucern-correlation-id"] = authContext.correlationId;
132
+ }
133
+ if (authContext.membershipId) {
134
+ headers["x-lucern-membership-id"] = authContext.membershipId;
135
+ }
136
+ return headers;
166
137
  }
167
-
168
- export { LucernSdkAuthContextError, createCanonicalAuthHeaders, normalizeCanonicalLucernAuthContext };
169
- //# sourceMappingURL=authContext.js.map
170
138
  //# sourceMappingURL=authContext.js.map
@@ -1,17 +1,9 @@
1
- import { GatewayClientConfig } from './coreClient.js';
2
- import '@lucern/transport-core';
3
- import './authContext.js';
4
- import './contracts/auth-session.contract.js';
5
- import './types.js';
6
- import './contracts/workflow-runtime.contract.js';
7
- import './contracts/lens-workflow.contract.js';
8
- import './contracts/lens-filter.contract.js';
9
-
10
- type DeviceCodeInput = {
1
+ import type { GatewayClientConfig } from "./coreClient";
2
+ export type DeviceCodeInput = {
11
3
  clientId?: string;
12
4
  scope?: string;
13
5
  };
14
- type DeviceCodeResponse = {
6
+ export type DeviceCodeResponse = {
15
7
  device_code: string;
16
8
  user_code: string;
17
9
  verification_uri: string;
@@ -19,7 +11,7 @@ type DeviceCodeResponse = {
19
11
  expires_in: number;
20
12
  interval: number;
21
13
  };
22
- type DeviceTokenResponse = {
14
+ export type DeviceTokenResponse = {
23
15
  access_token: string;
24
16
  token_type: "Bearer";
25
17
  expires_in: number;
@@ -32,8 +24,8 @@ type DeviceTokenResponse = {
32
24
  principalId: string;
33
25
  };
34
26
  };
35
- type DeviceTokenErrorCode = "authorization_pending" | "slow_down" | "access_denied" | "expired_token" | "invalid_grant" | "invalid_request";
36
- declare class DeviceAuthorizationError extends Error {
27
+ export type DeviceTokenErrorCode = "authorization_pending" | "slow_down" | "access_denied" | "expired_token" | "invalid_grant" | "invalid_request";
28
+ export declare class DeviceAuthorizationError extends Error {
37
29
  readonly error: DeviceTokenErrorCode;
38
30
  readonly interval?: number;
39
31
  constructor(args: {
@@ -42,9 +34,8 @@ declare class DeviceAuthorizationError extends Error {
42
34
  interval?: number;
43
35
  });
44
36
  }
45
- declare function createAuthDeviceClient(config?: GatewayClientConfig): {
37
+ export declare function createAuthDeviceClient(config?: GatewayClientConfig): {
46
38
  createDeviceCode(input?: DeviceCodeInput): Promise<DeviceCodeResponse>;
47
39
  pollDeviceToken(deviceCode: string): Promise<DeviceTokenResponse>;
48
40
  };
49
-
50
- export { DeviceAuthorizationError, type DeviceCodeInput, type DeviceCodeResponse, type DeviceTokenErrorCode, type DeviceTokenResponse, createAuthDeviceClient };
41
+ //# sourceMappingURL=authDeviceClient.d.ts.map
@@ -1,121 +1,132 @@
1
- // src/authDeviceClient.ts
2
- var DeviceAuthorizationError = class extends Error {
3
- error;
4
- interval;
5
- constructor(args) {
6
- super(args.description ?? args.error);
7
- this.name = "DeviceAuthorizationError";
8
- this.error = args.error;
9
- this.interval = args.interval;
10
- }
11
- };
1
+ export class DeviceAuthorizationError extends Error {
2
+ error;
3
+ interval;
4
+ constructor(args) {
5
+ super(args.description ?? args.error);
6
+ this.name = "DeviceAuthorizationError";
7
+ this.error = args.error;
8
+ this.interval = args.interval;
9
+ }
10
+ }
12
11
  function authBaseUrl(config) {
13
- return config.baseUrl?.replace(/\/+$/, "") ?? "";
12
+ return config.baseUrl?.replace(/\/+$/, "") ?? "";
14
13
  }
15
14
  async function readJson(response) {
16
- try {
17
- const payload = await response.json();
18
- return isRecord(payload) ? payload : {};
19
- } catch (error) {
20
- return unreadableJsonBodyFallback();
21
- }
15
+ try {
16
+ const payload = (await response.json());
17
+ return isRecord(payload) ? payload : {};
18
+ }
19
+ catch (error) {
20
+ return unreadableJsonBodyFallback(error);
21
+ }
22
22
  }
23
23
  function unreadableJsonBodyFallback(_error) {
24
- return {};
24
+ return {};
25
25
  }
26
26
  function isRecord(value) {
27
- return value !== null && typeof value === "object" && !Array.isArray(value);
27
+ return value !== null && typeof value === "object" && !Array.isArray(value);
28
28
  }
29
29
  function readString(value) {
30
- const normalized = typeof value === "string" ? value.trim() : "";
31
- return normalized || void 0;
30
+ const normalized = typeof value === "string" ? value.trim() : "";
31
+ return normalized || undefined;
32
32
  }
33
33
  function assertDeviceCodeResponse(payload) {
34
- const deviceCode = readString(payload.device_code);
35
- const userCode = readString(payload.user_code);
36
- const verificationUri = readString(payload.verification_uri);
37
- const verificationUriComplete = readString(payload.verification_uri_complete);
38
- const expiresIn = payload.expires_in;
39
- const interval = payload.interval;
40
- if (!deviceCode || !userCode || !verificationUri || !verificationUriComplete || typeof expiresIn !== "number" || typeof interval !== "number") {
41
- throw new Error("Gateway returned an invalid device-code response.");
42
- }
43
- return {
44
- device_code: deviceCode,
45
- user_code: userCode,
46
- verification_uri: verificationUri,
47
- verification_uri_complete: verificationUriComplete,
48
- expires_in: expiresIn,
49
- interval
50
- };
34
+ const deviceCode = readString(payload.device_code);
35
+ const userCode = readString(payload.user_code);
36
+ const verificationUri = readString(payload.verification_uri);
37
+ const verificationUriComplete = readString(payload.verification_uri_complete);
38
+ const expiresIn = payload.expires_in;
39
+ const interval = payload.interval;
40
+ if (!deviceCode ||
41
+ !userCode ||
42
+ !verificationUri ||
43
+ !verificationUriComplete ||
44
+ typeof expiresIn !== "number" ||
45
+ typeof interval !== "number") {
46
+ throw new Error("Gateway returned an invalid device-code response.");
47
+ }
48
+ return {
49
+ device_code: deviceCode,
50
+ user_code: userCode,
51
+ verification_uri: verificationUri,
52
+ verification_uri_complete: verificationUriComplete,
53
+ expires_in: expiresIn,
54
+ interval,
55
+ };
51
56
  }
52
57
  function assertDeviceTokenResponse(payload) {
53
- const accessToken = readString(payload.access_token);
54
- const tokenType = readString(payload.token_type);
55
- const scope = readString(payload.scope);
56
- const tenantId = readString(payload.tenant_id);
57
- const principalId = readString(payload.principal_id);
58
- if (!accessToken || tokenType !== "Bearer" || typeof payload.expires_in !== "number" || !scope || !tenantId || !principalId) {
59
- throw new Error("Gateway returned an invalid device token response.");
60
- }
61
- return {
62
- access_token: accessToken,
63
- token_type: "Bearer",
64
- expires_in: payload.expires_in,
65
- scope,
66
- tenant_id: tenantId,
67
- workspace_id: readString(payload.workspace_id),
68
- principal_id: principalId,
69
- user: isRecord(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
70
- id: payload.user.id,
71
- principalId: payload.user.principalId
72
- } : void 0
73
- };
58
+ const accessToken = readString(payload.access_token);
59
+ const tokenType = readString(payload.token_type);
60
+ const scope = readString(payload.scope);
61
+ const tenantId = readString(payload.tenant_id);
62
+ const principalId = readString(payload.principal_id);
63
+ if (!accessToken ||
64
+ tokenType !== "Bearer" ||
65
+ typeof payload.expires_in !== "number" ||
66
+ !scope ||
67
+ !tenantId ||
68
+ !principalId) {
69
+ throw new Error("Gateway returned an invalid device token response.");
70
+ }
71
+ return {
72
+ access_token: accessToken,
73
+ token_type: "Bearer",
74
+ expires_in: payload.expires_in,
75
+ scope,
76
+ tenant_id: tenantId,
77
+ workspace_id: readString(payload.workspace_id),
78
+ principal_id: principalId,
79
+ user: isRecord(payload.user) &&
80
+ typeof payload.user.id === "string" &&
81
+ typeof payload.user.principalId === "string"
82
+ ? {
83
+ id: payload.user.id,
84
+ principalId: payload.user.principalId,
85
+ }
86
+ : undefined,
87
+ };
74
88
  }
75
89
  function maybeThrowDeviceError(payload) {
76
- const error = readString(payload.error);
77
- throw new DeviceAuthorizationError({
78
- error: error ?? "invalid_request",
79
- description: readString(payload.error_description),
80
- interval: typeof payload.interval === "number" ? payload.interval : void 0
81
- });
82
- }
83
- function createAuthDeviceClient(config = {}) {
84
- const fetchImpl = config.fetchImpl ?? fetch;
85
- const baseUrl = authBaseUrl(config);
86
- async function post(path, body) {
87
- return fetchImpl(`${baseUrl}${path}`, {
88
- method: "POST",
89
- headers: { "content-type": "application/json" },
90
- body: JSON.stringify(body)
90
+ const error = readString(payload.error);
91
+ throw new DeviceAuthorizationError({
92
+ error: error ?? "invalid_request",
93
+ description: readString(payload.error_description),
94
+ interval: typeof payload.interval === "number" ? payload.interval : undefined,
91
95
  });
92
- }
93
- return {
94
- async createDeviceCode(input = {}) {
95
- const response = await post("/api/platform/v1/auth/device/code", {
96
- client_id: input.clientId ?? "lucern-cli",
97
- scope: input.scope ?? "graph.read graph.write"
98
- });
99
- const payload = await readJson(response);
100
- if (!response.ok) {
101
- maybeThrowDeviceError(payload);
102
- }
103
- return assertDeviceCodeResponse(payload);
104
- },
105
- async pollDeviceToken(deviceCode) {
106
- const response = await post("/api/platform/v1/auth/device/token", {
107
- grant_type: "urn:ietf:params:oauth:grant-type:device_code",
108
- device_code: deviceCode
109
- });
110
- const payload = await readJson(response);
111
- if (!response.ok) {
112
- maybeThrowDeviceError(payload);
113
- }
114
- return assertDeviceTokenResponse(payload);
96
+ }
97
+ export function createAuthDeviceClient(config = {}) {
98
+ const fetchImpl = config.fetchImpl ?? fetch;
99
+ const baseUrl = authBaseUrl(config);
100
+ async function post(path, body) {
101
+ return fetchImpl(`${baseUrl}${path}`, {
102
+ method: "POST",
103
+ headers: { "content-type": "application/json" },
104
+ body: JSON.stringify(body),
105
+ });
115
106
  }
116
- };
107
+ return {
108
+ async createDeviceCode(input = {}) {
109
+ const response = await post("/api/platform/v1/auth/device/code", {
110
+ client_id: input.clientId ?? "lucern-cli",
111
+ scope: input.scope ?? "graph.read graph.write",
112
+ });
113
+ const payload = await readJson(response);
114
+ if (!response.ok) {
115
+ maybeThrowDeviceError(payload);
116
+ }
117
+ return assertDeviceCodeResponse(payload);
118
+ },
119
+ async pollDeviceToken(deviceCode) {
120
+ const response = await post("/api/platform/v1/auth/device/token", {
121
+ grant_type: "urn:ietf:params:oauth:grant-type:device_code",
122
+ device_code: deviceCode,
123
+ });
124
+ const payload = await readJson(response);
125
+ if (!response.ok) {
126
+ maybeThrowDeviceError(payload);
127
+ }
128
+ return assertDeviceTokenResponse(payload);
129
+ },
130
+ };
117
131
  }
118
-
119
- export { DeviceAuthorizationError, createAuthDeviceClient };
120
- //# sourceMappingURL=authDeviceClient.js.map
121
132
  //# sourceMappingURL=authDeviceClient.js.map