@lucern/sdk 1.0.11 → 1.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +3 -0
- package/dist/.generated +2 -0
- package/dist/accessControl.d.ts +19 -26
- package/dist/accessControl.js +195 -1423
- package/dist/adminClient.d.ts +52 -59
- package/dist/adminClient.js +364 -1142
- package/dist/answersClient.d.ts +5 -14
- package/dist/answersClient.js +19 -737
- package/dist/audience/index.d.ts +18 -18
- package/dist/audience/index.js +87 -90
- package/dist/audiencesClient.d.ts +19 -27
- package/dist/audiencesClient.js +107 -868
- package/dist/auditClient.d.ts +8 -15
- package/dist/auditClient.js +18 -791
- package/dist/authContext.d.ts +11 -16
- package/dist/authContext.js +122 -154
- package/dist/authDeviceClient.d.ts +8 -17
- package/dist/authDeviceClient.js +113 -102
- package/dist/beliefs/index.d.ts +15 -67
- package/dist/beliefs/index.js +17 -10181
- package/dist/beliefs/lifecycle.d.ts +10 -11
- package/dist/beliefs/lifecycle.js +78 -80
- package/dist/beliefsClient.d.ts +26 -32
- package/dist/beliefsClient.js +250 -990
- package/dist/boundaryClientSurface.d.ts +11 -16
- package/dist/boundaryClientSurface.js +49 -68
- package/dist/client.d.ts +64 -112
- package/dist/client.js +232 -10155
- package/dist/clientAssemblyTypes.d.ts +3 -3
- package/dist/clientAssemblyTypes.js +1 -2
- package/dist/clientConfig.d.ts +45 -59
- package/dist/clientConfig.js +1 -2
- package/dist/clientEvidenceCompat.d.ts +7 -14
- package/dist/clientEvidenceCompat.js +50 -64
- package/dist/clientGraphNamespaces.d.ts +3 -5
- package/dist/clientGraphNamespaces.js +170 -245
- package/dist/clientHelpers.d.ts +20 -25
- package/dist/clientHelpers.js +104 -127
- package/dist/clientKnowledgeNamespaces.d.ts +6 -53
- package/dist/clientKnowledgeNamespaces.js +502 -506
- package/dist/clientLocalHelpers.d.ts +11 -56
- package/dist/clientLocalHelpers.js +503 -732
- package/dist/clientPlatformNamespaces.d.ts +5 -53
- package/dist/clientPlatformNamespaces.js +229 -323
- package/dist/clientRuntime.d.ts +5 -53
- package/dist/clientRuntime.js +26 -30
- package/dist/clientWorkflowNamespaces.d.ts +6 -15
- package/dist/clientWorkflowNamespaces.js +529 -596
- package/dist/contextClient.d.ts +9 -17
- package/dist/contextClient.js +92 -805
- package/dist/contextFacade.d.ts +11 -2
- package/dist/contextFacade.js +10 -81
- package/dist/contextPackCompiler.d.ts +10 -11
- package/dist/contextPackCompiler.js +494 -1040
- package/dist/contextPackPolicy.d.ts +14 -15
- package/dist/contextPackPolicy.js +227 -305
- package/dist/contextPackSchema.d.ts +3 -3
- package/dist/contextPackSchema.js +169 -176
- package/dist/contextTypes.d.ts +14 -15
- package/dist/contextTypes.js +1 -2
- package/dist/contracts/api-enums.contract.d.ts +29 -30
- package/dist/contracts/api-enums.contract.js +162 -88
- package/dist/contracts/auth-session.contract.d.ts +13 -14
- package/dist/contracts/auth-session.contract.js +55 -52
- package/dist/contracts/context-pack.contract.d.ts +54 -55
- package/dist/contracts/context-pack.contract.js +160 -88
- package/dist/contracts/contextPack.d.ts +2 -1
- package/dist/contracts/contextPack.js +1 -97
- package/dist/contracts/index.d.ts +11 -12
- package/dist/contracts/index.js +10 -854
- package/dist/contracts/lens-filter.contract.d.ts +9 -10
- package/dist/contracts/lens-filter.contract.js +82 -58
- package/dist/contracts/lens-workflow.contract.d.ts +21 -23
- package/dist/contracts/lens-workflow.contract.js +48 -117
- package/dist/contracts/lensFilter.d.ts +2 -1
- package/dist/contracts/lensFilter.js +1 -71
- package/dist/contracts/lensWorkflow.d.ts +2 -2
- package/dist/contracts/lensWorkflow.js +1 -123
- package/dist/contracts/mcpTools.d.ts +16 -18
- package/dist/contracts/mcpTools.js +89 -123
- package/dist/contracts/prompt.contract.d.ts +4 -5
- package/dist/contracts/prompt.contract.js +23 -10
- package/dist/contracts/prompt.d.ts +2 -1
- package/dist/contracts/prompt.js +1 -11
- package/dist/contracts/sdk-tools.contract.d.ts +2 -1
- package/dist/contracts/sdk-tools.contract.js +1 -2
- package/dist/contracts/sdkTools.d.ts +2 -1
- package/dist/contracts/sdkTools.js +1 -26
- package/dist/contracts/tool-contracts.d.ts +2 -1
- package/dist/contracts/tool-contracts.js +1 -2
- package/dist/contracts/workflow-runtime.contract.d.ts +45 -46
- package/dist/contracts/workflow-runtime.contract.js +241 -228
- package/dist/contracts/workflowRuntime.d.ts +2 -1
- package/dist/contracts/workflowRuntime.js +1 -244
- package/dist/contradictions/index.d.ts +8 -60
- package/dist/contradictions/index.js +11 -10175
- package/dist/control-plane.d.ts +17 -24
- package/dist/control-plane.js +124 -840
- package/dist/controlObjectOwnership.d.ts +19 -20
- package/dist/controlObjectOwnership.js +207 -201
- package/dist/coreClient.d.ts +23 -28
- package/dist/coreClient.js +567 -692
- package/dist/customTools.d.ts +17 -21
- package/dist/customTools.js +221 -221
- package/dist/decisions/index.d.ts +7 -58
- package/dist/decisions/index.js +14 -10177
- package/dist/decisionsClient.d.ts +25 -32
- package/dist/decisionsClient.js +113 -913
- package/dist/domainContext.d.ts +2 -1
- package/dist/domainContext.js +1 -2
- package/dist/edges/index.d.ts +21 -73
- package/dist/edges/index.js +12 -10176
- package/dist/embeddingsClient.d.ts +22 -30
- package/dist/embeddingsClient.js +73 -922
- package/dist/eventingClient.d.ts +23 -31
- package/dist/eventingClient.js +89 -918
- package/dist/events.d.ts +48 -49
- package/dist/events.js +257 -241
- package/dist/eventsCore.d.ts +20 -29
- package/dist/eventsCore.js +86 -830
- package/dist/evidence/index.d.ts +9 -60
- package/dist/evidence/index.js +13 -10176
- package/dist/evidenceClient.d.ts +13 -22
- package/dist/evidenceClient.js +34 -751
- package/dist/facade/context.d.ts +7 -8
- package/dist/facade/context.js +73 -72
- package/dist/functionSurface.d.ts +2 -156
- package/dist/functionSurface.js +1 -1460
- package/dist/functionSurfaceClient.d.ts +2 -9
- package/dist/functionSurfaceClient.js +1 -1460
- package/dist/gatewayFacades.d.ts +79 -296
- package/dist/gatewayFacades.factories.d.ts +209 -14
- package/dist/gatewayFacades.factories.js +561 -2227
- package/dist/gatewayFacades.js +284 -2627
- package/dist/generated/functionSurface.d.ts +149 -0
- package/dist/generated/functionSurface.js +749 -0
- package/dist/graphAnalysisClient.d.ts +41 -49
- package/dist/graphAnalysisClient.js +185 -974
- package/dist/graphClient.d.ts +53 -60
- package/dist/graphClient.js +219 -1090
- package/dist/graphIntel.d.ts +2 -4
- package/dist/graphIntel.js +1 -2
- package/dist/graphIntelligence.d.ts +4 -2
- package/dist/graphIntelligence.js +2 -46
- package/dist/graphRecommendationsClient.d.ts +15 -23
- package/dist/graphRecommendationsClient.js +70 -849
- package/dist/graphStateClassifierClient.d.ts +17 -25
- package/dist/graphStateClassifierClient.js +67 -908
- package/dist/harnessClient.d.ts +40 -47
- package/dist/harnessClient.js +198 -993
- package/dist/identityClient.d.ts +25 -33
- package/dist/identityClient.js +245 -1186
- package/dist/index.d.ts +73 -69
- package/dist/index.js +72 -13313
- package/dist/infisicalRuntime.d.ts +12 -14
- package/dist/infisicalRuntime.js +290 -297
- package/dist/jobsClient.d.ts +24 -32
- package/dist/jobsClient.js +101 -916
- package/dist/learningClient.d.ts +8 -16
- package/dist/learningClient.js +45 -809
- package/dist/lenses/index.d.ts +13 -65
- package/dist/lenses/index.js +11 -10175
- package/dist/mcpClient.d.ts +14 -23
- package/dist/mcpClient.js +115 -856
- package/dist/modelRuntimeClient.d.ts +18 -26
- package/dist/modelRuntimeClient.js +74 -894
- package/dist/nodes/index.d.ts +7 -58
- package/dist/nodes/index.js +14 -10177
- package/dist/ontologies/index.d.ts +21 -73
- package/dist/ontologies/index.js +14 -10178
- package/dist/ontologyClient.d.ts +23 -31
- package/dist/ontologyClient.js +138 -924
- package/dist/ontologyLinksClient.d.ts +16 -24
- package/dist/ontologyLinksClient.js +76 -886
- package/dist/opinion.d.ts +5 -6
- package/dist/opinion.js +21 -25
- package/dist/orgGraphSearchClient.d.ts +19 -27
- package/dist/orgGraphSearchClient.js +89 -857
- package/dist/packRuntime.d.ts +2 -2
- package/dist/packRuntime.js +1 -2
- package/dist/packsClient.d.ts +30 -37
- package/dist/packsClient.js +131 -906
- package/dist/policyClient.d.ts +21 -29
- package/dist/policyClient.js +267 -1026
- package/dist/proof-attestation.json +1 -1
- package/dist/questions/index.d.ts +9 -60
- package/dist/questions/index.js +15 -10178
- package/dist/realtime/index.d.ts +20 -16
- package/dist/realtime/index.js +30 -19
- package/dist/realtime/refs.d.ts +4 -6
- package/dist/realtime/refs.js +12 -7
- package/dist/realtime-refs.d.ts +1 -0
- package/dist/realtime-refs.js +1 -0
- package/dist/realtime.d.ts +1 -0
- package/dist/realtime.js +1 -0
- package/dist/reportsClient.d.ts +10 -19
- package/dist/reportsClient.js +48 -836
- package/dist/schemaClient.d.ts +16 -23
- package/dist/schemaClient.js +62 -832
- package/dist/sdkSurface.d.ts +18 -25
- package/dist/sdkSurface.js +135 -106
- package/dist/secrets.d.ts +2 -1
- package/dist/secrets.js +1 -2
- package/dist/sourcesClient.d.ts +11 -18
- package/dist/sourcesClient.js +18 -741
- package/dist/telemetryClient.d.ts +22 -30
- package/dist/telemetryClient.js +107 -931
- package/dist/toolRegistryClient.d.ts +27 -35
- package/dist/toolRegistryClient.js +116 -954
- package/dist/topics/index.d.ts +13 -64
- package/dist/topics/index.js +15 -10178
- package/dist/topicsClient.d.ts +19 -27
- package/dist/topicsClient.js +106 -894
- package/dist/types.d.ts +84 -87
- package/dist/types.js +1 -2
- package/dist/version.d.ts +2 -3
- package/dist/version.js +2 -5
- package/dist/workflowClient.d.ts +60 -65
- package/dist/workflowClient.js +343 -1219
- package/dist/worktrees/index.d.ts +16 -68
- package/dist/worktrees/index.js +14 -10178
- package/package.json +6 -6
- package/dist/accessControl.js.map +0 -1
- package/dist/adminClient.js.map +0 -1
- package/dist/answersClient.js.map +0 -1
- package/dist/audience/index.js.map +0 -1
- package/dist/audiencesClient.js.map +0 -1
- package/dist/auditClient.js.map +0 -1
- package/dist/authContext.js.map +0 -1
- package/dist/authDeviceClient.js.map +0 -1
- package/dist/beliefs/index.js.map +0 -1
- package/dist/beliefs/lifecycle.js.map +0 -1
- package/dist/beliefsClient.js.map +0 -1
- package/dist/boundaryClientSurface.js.map +0 -1
- package/dist/client.js.map +0 -1
- package/dist/clientAssemblyTypes.js.map +0 -1
- package/dist/clientConfig.js.map +0 -1
- package/dist/clientEvidenceCompat.js.map +0 -1
- package/dist/clientGraphNamespaces.js.map +0 -1
- package/dist/clientHelpers.js.map +0 -1
- package/dist/clientKnowledgeNamespaces.js.map +0 -1
- package/dist/clientLocalHelpers.js.map +0 -1
- package/dist/clientPlatformNamespaces.js.map +0 -1
- package/dist/clientRuntime.js.map +0 -1
- package/dist/clientWorkflowNamespaces.js.map +0 -1
- package/dist/contextClient.js.map +0 -1
- package/dist/contextFacade.js.map +0 -1
- package/dist/contextPackCompiler.js.map +0 -1
- package/dist/contextPackPolicy.js.map +0 -1
- package/dist/contextPackSchema.js.map +0 -1
- package/dist/contextTypes.js.map +0 -1
- package/dist/contracts/api-enums.contract.js.map +0 -1
- package/dist/contracts/auth-session.contract.js.map +0 -1
- package/dist/contracts/context-pack.contract.js.map +0 -1
- package/dist/contracts/contextPack.js.map +0 -1
- package/dist/contracts/index.js.map +0 -1
- package/dist/contracts/lens-filter.contract.js.map +0 -1
- package/dist/contracts/lens-workflow.contract.js.map +0 -1
- package/dist/contracts/lensFilter.js.map +0 -1
- package/dist/contracts/lensWorkflow.js.map +0 -1
- package/dist/contracts/mcpTools.js.map +0 -1
- package/dist/contracts/prompt.contract.js.map +0 -1
- package/dist/contracts/prompt.js.map +0 -1
- package/dist/contracts/sdk-tools.contract.js.map +0 -1
- package/dist/contracts/sdkTools.js.map +0 -1
- package/dist/contracts/tool-contracts.js.map +0 -1
- package/dist/contracts/workflow-runtime.contract.js.map +0 -1
- package/dist/contracts/workflowRuntime.js.map +0 -1
- package/dist/contradictions/index.js.map +0 -1
- package/dist/control-plane.js.map +0 -1
- package/dist/controlObjectOwnership.js.map +0 -1
- package/dist/coreClient.js.map +0 -1
- package/dist/customTools.js.map +0 -1
- package/dist/decisions/index.js.map +0 -1
- package/dist/decisionsClient.js.map +0 -1
- package/dist/domainContext.js.map +0 -1
- package/dist/edges/index.js.map +0 -1
- package/dist/embeddingsClient.js.map +0 -1
- package/dist/eventingClient.js.map +0 -1
- package/dist/events.js.map +0 -1
- package/dist/eventsCore.js.map +0 -1
- package/dist/evidence/index.js.map +0 -1
- package/dist/evidenceClient.js.map +0 -1
- package/dist/facade/context.js.map +0 -1
- package/dist/functionSurface.js.map +0 -1
- package/dist/functionSurfaceClient.js.map +0 -1
- package/dist/gatewayFacades.factories.js.map +0 -1
- package/dist/gatewayFacades.js.map +0 -1
- package/dist/graphAnalysisClient.js.map +0 -1
- package/dist/graphClient.js.map +0 -1
- package/dist/graphIntel.js.map +0 -1
- package/dist/graphIntelligence.js.map +0 -1
- package/dist/graphRecommendationsClient.js.map +0 -1
- package/dist/graphStateClassifierClient.js.map +0 -1
- package/dist/harnessClient.js.map +0 -1
- package/dist/identityClient.js.map +0 -1
- package/dist/index.js.map +0 -1
- package/dist/infisicalRuntime.js.map +0 -1
- package/dist/jobsClient.js.map +0 -1
- package/dist/learningClient.js.map +0 -1
- package/dist/lenses/index.js.map +0 -1
- package/dist/mcpClient.js.map +0 -1
- package/dist/modelRuntimeClient.js.map +0 -1
- package/dist/nodes/index.js.map +0 -1
- package/dist/ontologies/index.js.map +0 -1
- package/dist/ontologyClient.js.map +0 -1
- package/dist/ontologyLinksClient.js.map +0 -1
- package/dist/opinion.js.map +0 -1
- package/dist/orgGraphSearchClient.js.map +0 -1
- package/dist/packRuntime.js.map +0 -1
- package/dist/packsClient.js.map +0 -1
- package/dist/policyClient.js.map +0 -1
- package/dist/questions/index.js.map +0 -1
- package/dist/realtime/index.js.map +0 -1
- package/dist/realtime/refs.js.map +0 -1
- package/dist/reportsClient.js.map +0 -1
- package/dist/schemaClient.js.map +0 -1
- package/dist/sdk-tools.contract-B4c1Zr1o.d.ts +0 -22
- package/dist/sdkSurface.js.map +0 -1
- package/dist/secrets.js.map +0 -1
- package/dist/sourcesClient.js.map +0 -1
- package/dist/telemetryClient.js.map +0 -1
- package/dist/tool-contracts-BUiL9P6z.d.ts +0 -22
- package/dist/toolRegistryClient.js.map +0 -1
- package/dist/topics/index.js.map +0 -1
- package/dist/topicsClient.js.map +0 -1
- package/dist/types.js.map +0 -1
- package/dist/version.js.map +0 -1
- package/dist/workflowClient.js.map +0 -1
- package/dist/worktrees/index.js.map +0 -1
package/dist/adminClient.js
CHANGED
|
@@ -1,1155 +1,377 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
// src/authContext.ts
|
|
9
|
-
var LucernSdkAuthContextError = class extends Error {
|
|
10
|
-
reason;
|
|
11
|
-
constructor(reason, message) {
|
|
12
|
-
super(message);
|
|
13
|
-
this.name = "LucernSdkAuthContextError";
|
|
14
|
-
this.reason = reason;
|
|
15
|
-
}
|
|
16
|
-
};
|
|
17
|
-
function cleanString(value) {
|
|
18
|
-
const normalized = value?.trim();
|
|
19
|
-
return normalized ? normalized : void 0;
|
|
20
|
-
}
|
|
21
|
-
function cleanStringList(values) {
|
|
22
|
-
if (!values) {
|
|
23
|
-
return [];
|
|
24
|
-
}
|
|
25
|
-
return values.map((value) => value.trim()).filter(
|
|
26
|
-
(value, index, list) => value.length > 0 && list.indexOf(value) === index
|
|
27
|
-
);
|
|
28
|
-
}
|
|
29
|
-
function requireString(value, reason, label) {
|
|
30
|
-
const normalized = cleanString(value);
|
|
31
|
-
if (!normalized) {
|
|
32
|
-
throw new LucernSdkAuthContextError(
|
|
33
|
-
reason,
|
|
34
|
-
`Canonical Lucern SDK auth context is missing ${label}.`
|
|
35
|
-
);
|
|
36
|
-
}
|
|
37
|
-
return normalized;
|
|
38
|
-
}
|
|
39
|
-
function requirePrincipalType(principalType) {
|
|
40
|
-
if (!principalType) {
|
|
41
|
-
throw new LucernSdkAuthContextError(
|
|
42
|
-
"principal_missing",
|
|
43
|
-
"Canonical Lucern SDK auth context is missing principalType."
|
|
44
|
-
);
|
|
45
|
-
}
|
|
46
|
-
return principalType;
|
|
47
|
-
}
|
|
48
|
-
function requireAuthMode(authMode) {
|
|
49
|
-
if (!authMode) {
|
|
50
|
-
throw new LucernSdkAuthContextError(
|
|
51
|
-
"principal_missing",
|
|
52
|
-
"Canonical Lucern SDK auth context is missing authMode."
|
|
53
|
-
);
|
|
54
|
-
}
|
|
55
|
-
return authMode;
|
|
56
|
-
}
|
|
57
|
-
function ensurePermitMatch(args) {
|
|
58
|
-
const actual = cleanString(args.actual);
|
|
59
|
-
if (actual && actual !== args.expected) {
|
|
60
|
-
throw new LucernSdkAuthContextError(
|
|
61
|
-
"policy_denied",
|
|
62
|
-
`Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`
|
|
63
|
-
);
|
|
64
|
-
}
|
|
65
|
-
}
|
|
66
|
-
function normalizeCanonicalLucernAuthContext(input) {
|
|
67
|
-
if (!input) {
|
|
68
|
-
throw new LucernSdkAuthContextError(
|
|
69
|
-
"principal_missing",
|
|
70
|
-
"Canonical Lucern SDK auth context is required."
|
|
71
|
-
);
|
|
72
|
-
}
|
|
73
|
-
if (input.policyDecision === "deny") {
|
|
74
|
-
throw new LucernSdkAuthContextError(
|
|
75
|
-
"policy_denied",
|
|
76
|
-
"Canonical Lucern SDK auth context carries a denied policy decision."
|
|
77
|
-
);
|
|
78
|
-
}
|
|
79
|
-
const principalId = requireString(
|
|
80
|
-
input.principalId,
|
|
81
|
-
"principal_missing",
|
|
82
|
-
"principalId"
|
|
83
|
-
);
|
|
84
|
-
const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
|
|
85
|
-
const workspaceId = requireString(
|
|
86
|
-
input.workspaceId,
|
|
87
|
-
"workspace_missing",
|
|
88
|
-
"workspaceId"
|
|
89
|
-
);
|
|
90
|
-
const roles = cleanStringList(input.roles);
|
|
91
|
-
const scopes = cleanStringList(input.scopes);
|
|
92
|
-
const principalType = requirePrincipalType(input.principalType);
|
|
93
|
-
const authMode = requireAuthMode(input.authMode);
|
|
94
|
-
const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
|
|
95
|
-
if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
|
|
96
|
-
throw new LucernSdkAuthContextError(
|
|
97
|
-
"membership_missing",
|
|
98
|
-
"Canonical Lucern SDK auth context requires non-empty roles and scopes."
|
|
99
|
-
);
|
|
100
|
-
}
|
|
101
|
-
const subject = cleanString(input.permit?.subject) ?? principalId;
|
|
102
|
-
const tenant = cleanString(input.permit?.tenant) ?? tenantId;
|
|
103
|
-
const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
|
|
104
|
-
ensurePermitMatch({
|
|
105
|
-
field: "subject",
|
|
106
|
-
expected: principalId,
|
|
107
|
-
actual: subject
|
|
108
|
-
});
|
|
109
|
-
ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
|
|
110
|
-
ensurePermitMatch({
|
|
111
|
-
field: "workspace",
|
|
112
|
-
expected: workspaceId,
|
|
113
|
-
actual: workspace
|
|
114
|
-
});
|
|
115
|
-
const context = input.permit?.context ? { ...input.permit.context } : void 0;
|
|
116
|
-
return {
|
|
117
|
-
clerkId: cleanString(input.clerkId),
|
|
118
|
-
principalId,
|
|
119
|
-
tenantId,
|
|
120
|
-
workspaceId,
|
|
121
|
-
principalType,
|
|
122
|
-
authMode,
|
|
123
|
-
roles,
|
|
124
|
-
scopes,
|
|
125
|
-
delegationChain: input.delegationChain ? [...input.delegationChain] : [],
|
|
126
|
-
policyTraceId: cleanString(input.policyTraceId),
|
|
127
|
-
correlationId: cleanString(input.correlationId),
|
|
128
|
-
membershipId: cleanString(input.membershipId),
|
|
129
|
-
permit: {
|
|
130
|
-
subject,
|
|
131
|
-
tenant,
|
|
132
|
-
workspace,
|
|
133
|
-
resource: cleanString(input.permit?.resource),
|
|
134
|
-
action: cleanString(input.permit?.action),
|
|
135
|
-
relation: cleanString(input.permit?.relation),
|
|
136
|
-
context
|
|
137
|
-
}
|
|
138
|
-
};
|
|
139
|
-
}
|
|
140
|
-
function createCanonicalAuthHeaders(authContext) {
|
|
141
|
-
const headers = {
|
|
142
|
-
"x-lucern-principal-id": authContext.principalId,
|
|
143
|
-
"x-lucern-principal-type": authContext.principalType,
|
|
144
|
-
"x-lucern-tenant": authContext.tenantId,
|
|
145
|
-
"x-lucern-tenant-id": authContext.tenantId,
|
|
146
|
-
"x-lucern-workspace": authContext.workspaceId,
|
|
147
|
-
"x-lucern-workspace-id": authContext.workspaceId,
|
|
148
|
-
"x-lucern-auth-mode": authContext.authMode,
|
|
149
|
-
"x-lucern-roles": authContext.roles.join(","),
|
|
150
|
-
"x-lucern-scopes": authContext.scopes.join(","),
|
|
151
|
-
"x-lucern-permit-context": JSON.stringify(authContext.permit)
|
|
152
|
-
};
|
|
153
|
-
if (authContext.clerkId) {
|
|
154
|
-
headers["x-lucern-clerk-id"] = authContext.clerkId;
|
|
155
|
-
headers["x-lucern-user-id"] = authContext.clerkId;
|
|
156
|
-
}
|
|
157
|
-
if (authContext.delegationChain.length > 0) {
|
|
158
|
-
headers["x-lucern-delegation-chain"] = JSON.stringify(
|
|
159
|
-
authContext.delegationChain
|
|
160
|
-
);
|
|
161
|
-
}
|
|
162
|
-
if (authContext.policyTraceId) {
|
|
163
|
-
headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
|
|
164
|
-
}
|
|
165
|
-
if (authContext.correlationId) {
|
|
166
|
-
headers["x-correlation-id"] = authContext.correlationId;
|
|
167
|
-
headers["x-lucern-correlation-id"] = authContext.correlationId;
|
|
168
|
-
}
|
|
169
|
-
if (authContext.membershipId) {
|
|
170
|
-
headers["x-lucern-membership-id"] = authContext.membershipId;
|
|
171
|
-
}
|
|
172
|
-
return headers;
|
|
173
|
-
}
|
|
174
|
-
|
|
175
|
-
// src/coreClient.ts
|
|
176
|
-
var DEFAULT_GATEWAY_TIMEOUT_MS = 15e3;
|
|
177
|
-
var DEFAULT_GATEWAY_MAX_RETRIES = 2;
|
|
178
|
-
var DEFAULT_ENV_TIMEOUT_MS = "LUCERN_REQUEST_TIMEOUT_MS";
|
|
179
|
-
var DEFAULT_ENV_MAX_RETRIES = "LUCERN_GATEWAY_MAX_RETRIES";
|
|
180
|
-
var ENV_TIMEOUT_BY_METHOD_PREFIX = "LUCERN_REQUEST_TIMEOUT_MS_";
|
|
181
|
-
var GatewayTimeoutError = class extends Error {
|
|
182
|
-
retryable = true;
|
|
183
|
-
timeoutMs;
|
|
184
|
-
constructor(timeoutMs) {
|
|
185
|
-
super(`Request timed out after ${timeoutMs}ms`);
|
|
186
|
-
this.name = "AbortError";
|
|
187
|
-
this.timeoutMs = timeoutMs;
|
|
188
|
-
}
|
|
189
|
-
};
|
|
190
|
-
var GatewayTransportError = class extends Error {
|
|
191
|
-
retryable;
|
|
192
|
-
cause;
|
|
193
|
-
constructor(message, options) {
|
|
194
|
-
super(message);
|
|
195
|
-
this.name = "GatewayTransportError";
|
|
196
|
-
this.retryable = options?.retryable ?? true;
|
|
197
|
-
this.cause = options?.cause;
|
|
198
|
-
}
|
|
199
|
-
};
|
|
200
|
-
function isGatewayRetryableError(error) {
|
|
201
|
-
return error instanceof GatewayTimeoutError && error.retryable || error instanceof GatewayTransportError && error.retryable || false;
|
|
202
|
-
}
|
|
203
|
-
var LucernApiError = class extends Error {
|
|
204
|
-
code;
|
|
205
|
-
status;
|
|
206
|
-
invariant;
|
|
207
|
-
suggestion;
|
|
208
|
-
details;
|
|
209
|
-
requestId;
|
|
210
|
-
correlationId;
|
|
211
|
-
policyTraceId;
|
|
212
|
-
constructor(args) {
|
|
213
|
-
super(args.message);
|
|
214
|
-
this.name = "LucernApiError";
|
|
215
|
-
this.code = args.code;
|
|
216
|
-
this.status = args.status;
|
|
217
|
-
this.invariant = args.invariant;
|
|
218
|
-
this.suggestion = args.suggestion;
|
|
219
|
-
this.details = args.details;
|
|
220
|
-
this.requestId = args.requestId;
|
|
221
|
-
this.correlationId = args.correlationId;
|
|
222
|
-
this.policyTraceId = args.policyTraceId;
|
|
223
|
-
}
|
|
224
|
-
};
|
|
225
|
-
function toQueryString(scope) {
|
|
226
|
-
const params = new URLSearchParams();
|
|
227
|
-
if (scope.tenantId) {
|
|
228
|
-
params.set("tenantId", scope.tenantId);
|
|
229
|
-
}
|
|
230
|
-
if (scope.workspaceId) {
|
|
231
|
-
params.set("workspaceId", scope.workspaceId);
|
|
232
|
-
}
|
|
233
|
-
for (const [key, value] of Object.entries(scope)) {
|
|
234
|
-
if (key === "tenantId" || key === "workspaceId") {
|
|
235
|
-
continue;
|
|
236
|
-
}
|
|
237
|
-
if (value === void 0) {
|
|
238
|
-
continue;
|
|
239
|
-
}
|
|
240
|
-
params.set(key, String(value));
|
|
241
|
-
}
|
|
242
|
-
const serialized = params.toString();
|
|
243
|
-
return serialized.length > 0 ? `?${serialized}` : "";
|
|
244
|
-
}
|
|
245
|
-
function fillRandomBytes(length) {
|
|
246
|
-
const bytes = new Uint8Array(length);
|
|
247
|
-
if (typeof globalThis.crypto?.getRandomValues === "function") {
|
|
248
|
-
globalThis.crypto.getRandomValues(bytes);
|
|
249
|
-
return bytes;
|
|
250
|
-
}
|
|
251
|
-
for (let index = 0; index < length; index += 1) {
|
|
252
|
-
bytes[index] = Math.floor(Math.random() * 256);
|
|
253
|
-
}
|
|
254
|
-
return bytes;
|
|
255
|
-
}
|
|
256
|
-
function generatePortableRequestId() {
|
|
257
|
-
if (typeof globalThis.crypto?.randomUUID === "function") {
|
|
258
|
-
return globalThis.crypto.randomUUID();
|
|
259
|
-
}
|
|
260
|
-
const bytes = fillRandomBytes(16);
|
|
261
|
-
bytes[6] = bytes[6] & 15 | 64;
|
|
262
|
-
bytes[8] = bytes[8] & 63 | 128;
|
|
263
|
-
const hex = Array.from(bytes, (value) => value.toString(16).padStart(2, "0"));
|
|
264
|
-
return `${hex.slice(0, 4).join("")}-${hex.slice(4, 6).join("")}-${hex.slice(
|
|
265
|
-
6,
|
|
266
|
-
8
|
|
267
|
-
).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
|
|
268
|
-
}
|
|
269
|
-
function resolveEnvironment() {
|
|
270
|
-
const processEnv = typeof globalThis === "object" && globalThis !== null && "process" in globalThis ? globalThis.process : void 0;
|
|
271
|
-
const env = processEnv !== void 0 && typeof processEnv === "object" && processEnv !== null && typeof processEnv.env === "object" ? processEnv.env : void 0;
|
|
272
|
-
return {
|
|
273
|
-
get: (name) => {
|
|
274
|
-
const value = env?.[name];
|
|
275
|
-
return typeof value === "string" && value.length > 0 ? value : void 0;
|
|
1
|
+
import { createGatewayRequestClient, LucernApiError, randomIdempotencyKey, toQueryString, } from "./coreClient.js";
|
|
2
|
+
import { createListResult, mapGatewayData } from "./sdkSurface.js";
|
|
3
|
+
export { LucernApiError };
|
|
4
|
+
function asTenantApiKeyRecord(data) {
|
|
5
|
+
if (!data || typeof data !== "object") {
|
|
6
|
+
return null;
|
|
276
7
|
}
|
|
277
|
-
|
|
278
|
-
}
|
|
279
|
-
function telemetryEnvironmentRecord(environment) {
|
|
280
|
-
const names = [
|
|
281
|
-
"LUCERN_TELEMETRY_ENABLED",
|
|
282
|
-
"AXIOM_TELEMETRY_ENABLED",
|
|
283
|
-
"LUCERN_AXIOM_TOKEN",
|
|
284
|
-
"AXIOM_TOKEN",
|
|
285
|
-
"LUCERN_AXIOM_EVENTS_DATASET",
|
|
286
|
-
"LUCERN_AXIOM_DATASET",
|
|
287
|
-
"AXIOM_EVENTS_DATASET",
|
|
288
|
-
"AXIOM_DATASET",
|
|
289
|
-
"LUCERN_AXIOM_API_URL",
|
|
290
|
-
"AXIOM_URL",
|
|
291
|
-
"LUCERN_ENVIRONMENT",
|
|
292
|
-
"NODE_ENV",
|
|
293
|
-
"LUCERN_RELEASE",
|
|
294
|
-
"SENTRY_RELEASE",
|
|
295
|
-
"VERCEL_GIT_COMMIT_SHA"
|
|
296
|
-
];
|
|
297
|
-
return Object.fromEntries(
|
|
298
|
-
names.map((name) => [name, environment.get(name)])
|
|
299
|
-
);
|
|
8
|
+
return data;
|
|
300
9
|
}
|
|
301
|
-
function
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
config.maxRetries,
|
|
305
|
-
environment.get(DEFAULT_ENV_MAX_RETRIES)
|
|
306
|
-
);
|
|
307
|
-
const parsedTimeoutMs = parseIntegerFromString(
|
|
308
|
-
config.timeoutMs,
|
|
309
|
-
environment.get(DEFAULT_ENV_TIMEOUT_MS)
|
|
310
|
-
);
|
|
311
|
-
const methodTimeouts = {
|
|
312
|
-
...config.timeoutMsByMethod
|
|
313
|
-
};
|
|
314
|
-
for (const method of ["GET", "POST", "PUT", "PATCH", "DELETE"]) {
|
|
315
|
-
const envKey = `${ENV_TIMEOUT_BY_METHOD_PREFIX}${method}`;
|
|
316
|
-
const raw = environment.get(envKey);
|
|
317
|
-
if (!raw || methodTimeouts[method] !== void 0) {
|
|
318
|
-
continue;
|
|
319
|
-
}
|
|
320
|
-
const parsed = parseIntegerFromString(void 0, raw);
|
|
321
|
-
if (typeof parsed === "number") {
|
|
322
|
-
methodTimeouts[method] = parsed;
|
|
10
|
+
function asTenantApiKeyArray(data) {
|
|
11
|
+
if (!Array.isArray(data)) {
|
|
12
|
+
return [];
|
|
323
13
|
}
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
timeoutMs: parsedTimeoutMs ?? DEFAULT_GATEWAY_TIMEOUT_MS,
|
|
328
|
-
timeoutMsByMethod: methodTimeouts,
|
|
329
|
-
requestIdFactory
|
|
330
|
-
};
|
|
331
|
-
}
|
|
332
|
-
function createGatewayRuntime(config, environment) {
|
|
333
|
-
return {
|
|
334
|
-
fetch: config.fetchImpl ?? fetch,
|
|
335
|
-
now: () => Date.now(),
|
|
336
|
-
sleep: (ms) => delay(ms),
|
|
337
|
-
env: environment,
|
|
338
|
-
redaction: resolveRequestRedactionValue,
|
|
339
|
-
profile: resolveRequestProfile(config, environment)
|
|
340
|
-
};
|
|
341
|
-
}
|
|
342
|
-
function parseIntegerFromString(value, rawValue) {
|
|
343
|
-
if (typeof value === "number" && Number.isInteger(value) && value >= 0) {
|
|
344
|
-
return value;
|
|
345
|
-
}
|
|
346
|
-
if (typeof rawValue !== "string" || !rawValue.trim()) {
|
|
347
|
-
return void 0;
|
|
348
|
-
}
|
|
349
|
-
const parsed = Number.parseInt(rawValue, 10);
|
|
350
|
-
return Number.isInteger(parsed) && parsed >= 0 ? parsed : void 0;
|
|
351
|
-
}
|
|
352
|
-
function resolveRequestRedactionValue(value) {
|
|
353
|
-
return redactDiagnosticValue(value);
|
|
354
|
-
}
|
|
355
|
-
function resolveGatewayBaseUrl(configBaseUrl, environment) {
|
|
356
|
-
const envBaseUrl = environment.get("LUCERN_API_URL") ?? environment.get("LUCERN_BASE_URL") ?? environment.get("LUCERN_GATEWAY_BASE_URL");
|
|
357
|
-
return (configBaseUrl ?? envBaseUrl ?? "").replace(/\/+$/, "");
|
|
14
|
+
return data
|
|
15
|
+
.map(asTenantApiKeyRecord)
|
|
16
|
+
.filter((row) => Boolean(row));
|
|
358
17
|
}
|
|
359
|
-
function
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
var randomIdempotencyKey = generatePortableRequestId;
|
|
363
|
-
function fallbackErrorCode(status) {
|
|
364
|
-
if (status === 401) {
|
|
365
|
-
return "AUTHENTICATION_REQUIRED";
|
|
366
|
-
}
|
|
367
|
-
if (status === 403) {
|
|
368
|
-
return "FORBIDDEN";
|
|
369
|
-
}
|
|
370
|
-
if (status === 404) {
|
|
371
|
-
return "NOT_FOUND";
|
|
372
|
-
}
|
|
373
|
-
if (status === 408) {
|
|
374
|
-
return "UPSTREAM_ERROR";
|
|
375
|
-
}
|
|
376
|
-
if (status === 409) {
|
|
377
|
-
return "CONFLICT";
|
|
378
|
-
}
|
|
379
|
-
if (status === 429) {
|
|
380
|
-
return "RATE_LIMIT_EXCEEDED";
|
|
381
|
-
}
|
|
382
|
-
if (status >= 500) {
|
|
383
|
-
return "UPSTREAM_ERROR";
|
|
384
|
-
}
|
|
385
|
-
return "INTERNAL_ERROR";
|
|
386
|
-
}
|
|
387
|
-
function delay(ms) {
|
|
388
|
-
return new Promise((resolve) => setTimeout(resolve, ms));
|
|
389
|
-
}
|
|
390
|
-
function computeRetryDelayMs(args) {
|
|
391
|
-
const baseDelay = args.status === 429 ? Math.max(
|
|
392
|
-
args.retryAfterMs ?? 0,
|
|
393
|
-
Math.min(1e3 * 2 ** args.attempt, 1e4)
|
|
394
|
-
) : Math.min(1e3 * 2 ** args.attempt, 4e3);
|
|
395
|
-
if (args.status !== 429) {
|
|
396
|
-
return baseDelay;
|
|
397
|
-
}
|
|
398
|
-
const jitterWindow = Math.max(250, Math.round(baseDelay * 0.25));
|
|
399
|
-
return baseDelay + Math.round(Math.random() * jitterWindow);
|
|
400
|
-
}
|
|
401
|
-
function classifyGatewayErrorForRetry(error) {
|
|
402
|
-
return isGatewayRetryableError(error) || classifyRetry({ error }).retryable;
|
|
403
|
-
}
|
|
404
|
-
function isRecord(value) {
|
|
405
|
-
return value !== null && typeof value === "object" && !Array.isArray(value);
|
|
406
|
-
}
|
|
407
|
-
function readPolicySummaryFromDetails(details) {
|
|
408
|
-
if (!isRecord(details)) {
|
|
409
|
-
return null;
|
|
410
|
-
}
|
|
411
|
-
const directSummary = details.summary;
|
|
412
|
-
if (typeof directSummary === "string" && directSummary.trim().length > 0) {
|
|
413
|
-
return directSummary.trim();
|
|
414
|
-
}
|
|
415
|
-
const policy = details.policy;
|
|
416
|
-
if (!isRecord(policy)) {
|
|
417
|
-
return null;
|
|
418
|
-
}
|
|
419
|
-
const explanation = policy.explanation;
|
|
420
|
-
if (!isRecord(explanation)) {
|
|
421
|
-
return null;
|
|
422
|
-
}
|
|
423
|
-
const nestedSummary = explanation.summary;
|
|
424
|
-
if (typeof nestedSummary === "string" && nestedSummary.trim().length > 0) {
|
|
425
|
-
return nestedSummary.trim();
|
|
426
|
-
}
|
|
427
|
-
return null;
|
|
428
|
-
}
|
|
429
|
-
function redactJsonDiagnosticValue(value) {
|
|
430
|
-
return value === void 0 ? void 0 : redactDiagnosticValue(value);
|
|
431
|
-
}
|
|
432
|
-
async function resolveConfiguredAuthContext(authContext) {
|
|
433
|
-
if (typeof authContext === "function") {
|
|
434
|
-
return await authContext();
|
|
435
|
-
}
|
|
436
|
-
return authContext;
|
|
437
|
-
}
|
|
438
|
-
function mergeHeaderRecord(base, addition) {
|
|
439
|
-
const headers = new Headers(base);
|
|
440
|
-
for (const [key, value] of Object.entries(addition)) {
|
|
441
|
-
const existing = headers.get(key);
|
|
442
|
-
if (existing !== null && existing !== value) {
|
|
443
|
-
throw new LucernSdkAuthContextError(
|
|
444
|
-
"policy_denied",
|
|
445
|
-
`Canonical Lucern SDK auth context conflicts with existing ${key} header.`
|
|
446
|
-
);
|
|
18
|
+
function asTenantVaultSecretRecord(data) {
|
|
19
|
+
if (!data || typeof data !== "object") {
|
|
20
|
+
return null;
|
|
447
21
|
}
|
|
448
|
-
|
|
449
|
-
}
|
|
450
|
-
return Object.fromEntries(headers.entries());
|
|
451
|
-
}
|
|
452
|
-
function cleanHeaderValue(value) {
|
|
453
|
-
const normalized = value?.trim();
|
|
454
|
-
return normalized ? normalized : void 0;
|
|
22
|
+
return data;
|
|
455
23
|
}
|
|
456
|
-
function
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
const baseUrl = resolveGatewayBaseUrl(config.baseUrl, env);
|
|
460
|
-
const maxRetries = runtime.profile.maxRetries;
|
|
461
|
-
const requestIdFactory = runtime.profile.requestIdFactory;
|
|
462
|
-
const requestTimeoutByMethod = runtime.profile.timeoutMsByMethod;
|
|
463
|
-
const defaultRequestTimeoutMs = runtime.profile.timeoutMs;
|
|
464
|
-
const normalizedEnvironment = normalizeGatewayEnvironment(config.environment);
|
|
465
|
-
const telemetryExporter = config.telemetryEnabled === false ? null : config.telemetryExporter ?? createTelemetryExporterFromEnv(telemetryEnvironmentRecord(env), {
|
|
466
|
-
service: "lucern-sdk",
|
|
467
|
-
environment: normalizedEnvironment
|
|
468
|
-
});
|
|
469
|
-
async function resolveAuthHeaders() {
|
|
470
|
-
const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};
|
|
471
|
-
const headers = new Headers(provided);
|
|
472
|
-
const setIfAbsent = (name, value) => {
|
|
473
|
-
const normalized = cleanHeaderValue(value);
|
|
474
|
-
if (normalized && !headers.has(name)) {
|
|
475
|
-
headers.set(name, normalized);
|
|
476
|
-
}
|
|
477
|
-
};
|
|
478
|
-
setIfAbsent("x-lucern-key", config.apiKey);
|
|
479
|
-
setIfAbsent("x-lucern-session-token", config.userToken);
|
|
480
|
-
setIfAbsent("x-lucern-environment", normalizedEnvironment);
|
|
481
|
-
setIfAbsent("x-lucern-clerk-id", config.clerkId);
|
|
482
|
-
setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
|
|
483
|
-
setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
|
|
484
|
-
const base = Object.fromEntries(headers.entries());
|
|
485
|
-
const authContextInput = await resolveConfiguredAuthContext(
|
|
486
|
-
config.authContext
|
|
487
|
-
);
|
|
488
|
-
if (!authContextInput && !config.requireCanonicalAuthContext) {
|
|
489
|
-
return base;
|
|
490
|
-
}
|
|
491
|
-
const authContext = normalizeCanonicalLucernAuthContext(authContextInput);
|
|
492
|
-
return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));
|
|
493
|
-
}
|
|
494
|
-
async function fetchWithTimeout(url, init, timeoutMs) {
|
|
495
|
-
const normalizeTransportError = (error, isTimeout) => {
|
|
496
|
-
if (isTimeout) {
|
|
497
|
-
return new GatewayTimeoutError(timeoutMs);
|
|
498
|
-
}
|
|
499
|
-
return error instanceof GatewayTimeoutError || error instanceof GatewayTransportError ? error : new GatewayTransportError(
|
|
500
|
-
error instanceof Error ? error.message : "Gateway transport error",
|
|
501
|
-
{
|
|
502
|
-
cause: error,
|
|
503
|
-
retryable: classifyGatewayErrorForRetry(error)
|
|
504
|
-
}
|
|
505
|
-
);
|
|
506
|
-
};
|
|
507
|
-
const controller = new AbortController();
|
|
508
|
-
const timer = setTimeout(() => controller.abort(), timeoutMs);
|
|
509
|
-
const requestEffect = Effect.tryPromise({
|
|
510
|
-
try: () => runtime.fetch(url, { ...init, signal: controller.signal }),
|
|
511
|
-
catch: (error) => normalizeTransportError(error, controller.signal.aborted)
|
|
512
|
-
});
|
|
513
|
-
try {
|
|
514
|
-
const exit = await Effect.runPromiseExit(requestEffect);
|
|
515
|
-
if (Exit.isSuccess(exit)) {
|
|
516
|
-
return exit.value;
|
|
517
|
-
}
|
|
518
|
-
const failure = Array.from(Cause.failures(exit.cause))[0];
|
|
519
|
-
if (failure !== void 0) {
|
|
520
|
-
throw failure;
|
|
521
|
-
}
|
|
522
|
-
throw Cause.squash(exit.cause);
|
|
523
|
-
} finally {
|
|
524
|
-
clearTimeout(timer);
|
|
525
|
-
}
|
|
526
|
-
}
|
|
527
|
-
async function emitSdkResponseTelemetry(context) {
|
|
528
|
-
const retry = classifyRetry({
|
|
529
|
-
status: context.status,
|
|
530
|
-
error: context.error,
|
|
531
|
-
retryAfter: context.retryAfterMs !== null && context.retryAfterMs !== void 0 ? String(context.retryAfterMs / 1e3) : void 0
|
|
532
|
-
});
|
|
533
|
-
await emitTelemetrySignal(telemetryExporter, {
|
|
534
|
-
signalType: "trace",
|
|
535
|
-
surface: "sdk-retry",
|
|
536
|
-
eventName: context.willRetry ? "sdk.retry" : context.error ? "sdk.request.error" : "sdk.request.complete",
|
|
537
|
-
severity: context.error ? context.willRetry ? "warn" : "error" : "info",
|
|
538
|
-
durationMs: context.durationMs,
|
|
539
|
-
metricName: "sdk.request.duration_ms",
|
|
540
|
-
metricValue: context.durationMs,
|
|
541
|
-
correlationId: context.correlationId ?? context.requestId,
|
|
542
|
-
policyTraceId: context.policyTraceId ?? null,
|
|
543
|
-
tenantId: context.headers.get("x-lucern-tenant-id") ?? context.headers.get("x-lucern-tenant") ?? void 0,
|
|
544
|
-
workspaceId: context.headers.get("x-lucern-workspace-id") ?? context.headers.get("x-lucern-workspace") ?? void 0,
|
|
545
|
-
attributes: {
|
|
546
|
-
service: "lucern-sdk",
|
|
547
|
-
operation: "gateway.request",
|
|
548
|
-
path: context.path,
|
|
549
|
-
httpMethod: context.method,
|
|
550
|
-
httpStatus: context.status,
|
|
551
|
-
attempt: context.attempt,
|
|
552
|
-
maxRetries: context.maxRetries,
|
|
553
|
-
retryReason: retry.reason,
|
|
554
|
-
retryAfterMs: context.retryAfterMs ?? retry.retryAfterMs,
|
|
555
|
-
willRetry: context.willRetry,
|
|
556
|
-
retryable: retry.retryable,
|
|
557
|
-
errorName: context.error instanceof Error ? context.error.name : void 0,
|
|
558
|
-
errorMessage: context.error instanceof Error ? context.error.message : void 0
|
|
559
|
-
}
|
|
560
|
-
});
|
|
561
|
-
}
|
|
562
|
-
async function parsePayload(response) {
|
|
563
|
-
const text = await response.text();
|
|
564
|
-
if (!text) {
|
|
565
|
-
return null;
|
|
566
|
-
}
|
|
567
|
-
const parsed = tryParseGatewayEnvelopeJson(text);
|
|
568
|
-
if (!parsed.ok) {
|
|
569
|
-
return null;
|
|
570
|
-
}
|
|
571
|
-
return isRecord(parsed.value) ? parsed.value : null;
|
|
572
|
-
}
|
|
573
|
-
function resolveTimeoutMs(method, requestTimeoutMs) {
|
|
574
|
-
if (typeof requestTimeoutMs === "number") {
|
|
575
|
-
return requestTimeoutMs;
|
|
576
|
-
}
|
|
577
|
-
const methodTimeoutMs = requestTimeoutByMethod?.[method];
|
|
578
|
-
if (typeof methodTimeoutMs === "number") {
|
|
579
|
-
return methodTimeoutMs;
|
|
580
|
-
}
|
|
581
|
-
return defaultRequestTimeoutMs;
|
|
582
|
-
}
|
|
583
|
-
function tryParseGatewayEnvelopeJson(text) {
|
|
584
|
-
const trimmed = text.trim();
|
|
585
|
-
if (!trimmed.startsWith("{") && !trimmed.startsWith("[")) {
|
|
586
|
-
return { ok: false, reason: "non-json" };
|
|
587
|
-
}
|
|
588
|
-
try {
|
|
589
|
-
return { ok: true, value: JSON.parse(trimmed) };
|
|
590
|
-
} catch (error) {
|
|
591
|
-
if (error instanceof SyntaxError) {
|
|
592
|
-
return { ok: false, reason: "invalid-json", error };
|
|
593
|
-
}
|
|
594
|
-
throw error;
|
|
24
|
+
function asTenantVaultSecretArray(data) {
|
|
25
|
+
if (!Array.isArray(data)) {
|
|
26
|
+
return [];
|
|
595
27
|
}
|
|
596
|
-
|
|
597
|
-
|
|
598
|
-
|
|
599
|
-
|
|
600
|
-
|
|
601
|
-
|
|
602
|
-
|
|
603
|
-
|
|
604
|
-
|
|
605
|
-
|
|
606
|
-
const
|
|
607
|
-
|
|
608
|
-
|
|
609
|
-
message: policySummary ?? failureMessage ?? (args.response.ok ? "Platform API returned an invalid success payload." : "Platform API request failed."),
|
|
610
|
-
status: args.response.status,
|
|
611
|
-
invariant: failure?.invariant,
|
|
612
|
-
suggestion: failure?.suggestion,
|
|
613
|
-
details,
|
|
614
|
-
requestId: args.requestId,
|
|
615
|
-
correlationId,
|
|
616
|
-
policyTraceId
|
|
28
|
+
return data
|
|
29
|
+
.map(asTenantVaultSecretRecord)
|
|
30
|
+
.filter((row) => Boolean(row));
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Create the admin client for tenant, workspace, and membership administration.
|
|
34
|
+
* @param config - Gateway transport configuration.
|
|
35
|
+
* @returns An object with methods to manage tenants, workspaces, and memberships.
|
|
36
|
+
*/
|
|
37
|
+
export function createAdminClient(config = {}) {
|
|
38
|
+
const gateway = createGatewayRequestClient(config);
|
|
39
|
+
const getControlObjectOwnership = async () => gateway.request({
|
|
40
|
+
path: "/api/platform/v1/admin/control-ownership",
|
|
617
41
|
});
|
|
618
|
-
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
const headers = new Headers({
|
|
624
|
-
"content-type": "application/json",
|
|
625
|
-
...authHeaders
|
|
42
|
+
const createMembership = async (input, idempotencyKey) => gateway.request({
|
|
43
|
+
path: "/api/platform/v1/memberships",
|
|
44
|
+
method: "POST",
|
|
45
|
+
body: input,
|
|
46
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
626
47
|
});
|
|
627
|
-
|
|
628
|
-
|
|
629
|
-
}
|
|
630
|
-
const requestId = headers.get("x-correlation-id")?.trim() || headers.get("x-request-id")?.trim() || args.requestId || requestIdFactory();
|
|
631
|
-
if (!headers.has("x-correlation-id") && !headers.has("x-request-id")) {
|
|
632
|
-
headers.set("x-correlation-id", requestId);
|
|
633
|
-
}
|
|
634
|
-
const url = `${baseUrl}${args.path}`;
|
|
635
|
-
const serializedBody = args.body ? JSON.stringify(args.body) : void 0;
|
|
636
|
-
const init = {
|
|
637
|
-
method,
|
|
638
|
-
headers,
|
|
639
|
-
body: serializedBody
|
|
640
|
-
};
|
|
641
|
-
let lastError;
|
|
642
|
-
for (let attempt = 0; attempt <= maxRetries; attempt++) {
|
|
643
|
-
const hookRequestContext = {
|
|
644
|
-
requestId,
|
|
645
|
-
attempt,
|
|
646
|
-
maxRetries,
|
|
647
|
-
method,
|
|
648
|
-
path: args.path,
|
|
649
|
-
url,
|
|
650
|
-
headers: new Headers(headers),
|
|
651
|
-
body: serializedBody,
|
|
652
|
-
timeoutMs
|
|
653
|
-
};
|
|
654
|
-
await config.onRequest?.(hookRequestContext);
|
|
655
|
-
const startedAt = Date.now();
|
|
656
|
-
try {
|
|
657
|
-
const response = await fetchWithTimeout(url, init, timeoutMs);
|
|
658
|
-
const responseClone = response.clone();
|
|
659
|
-
const payload = await parsePayload(response);
|
|
660
|
-
const retry = classifyRetry({
|
|
661
|
-
status: response.status,
|
|
662
|
-
retryAfter: response.headers.get("Retry-After")
|
|
663
|
-
});
|
|
664
|
-
const retryAfterMs = retry.retryAfterMs ?? null;
|
|
665
|
-
if (!response.ok || !payload?.success) {
|
|
666
|
-
const failure = payload && !payload.success ? payload : null;
|
|
667
|
-
const apiError = buildApiError({
|
|
668
|
-
requestId,
|
|
669
|
-
response,
|
|
670
|
-
failure
|
|
671
|
-
});
|
|
672
|
-
const willRetry = attempt < maxRetries && retry.retryable;
|
|
673
|
-
const responseContext2 = {
|
|
674
|
-
...hookRequestContext,
|
|
675
|
-
durationMs: Date.now() - startedAt,
|
|
676
|
-
status: response.status,
|
|
677
|
-
response: responseClone,
|
|
678
|
-
error: apiError,
|
|
679
|
-
correlationId: apiError.correlationId ?? requestId,
|
|
680
|
-
policyTraceId: apiError.policyTraceId ?? null,
|
|
681
|
-
retryAfterMs,
|
|
682
|
-
willRetry
|
|
683
|
-
};
|
|
684
|
-
await config.onResponse?.(responseContext2);
|
|
685
|
-
await emitSdkResponseTelemetry(responseContext2);
|
|
686
|
-
if (willRetry) {
|
|
687
|
-
lastError = apiError;
|
|
688
|
-
await delay(
|
|
689
|
-
computeRetryDelayMs({
|
|
690
|
-
attempt,
|
|
691
|
-
status: response.status,
|
|
692
|
-
retryAfterMs
|
|
693
|
-
})
|
|
694
|
-
);
|
|
695
|
-
continue;
|
|
696
|
-
}
|
|
697
|
-
throw apiError;
|
|
698
|
-
}
|
|
699
|
-
const successPayload = payload;
|
|
700
|
-
const responseContext = {
|
|
701
|
-
...hookRequestContext,
|
|
702
|
-
durationMs: Date.now() - startedAt,
|
|
703
|
-
status: response.status,
|
|
704
|
-
response: responseClone,
|
|
705
|
-
correlationId: successPayload.correlationId ?? response.headers.get("x-lucern-correlation-id")?.trim() ?? requestId,
|
|
706
|
-
policyTraceId: successPayload.policyTraceId ?? response.headers.get("x-lucern-policy-trace-id")?.trim() ?? null,
|
|
707
|
-
idempotentReplay: successPayload.idempotentReplay,
|
|
708
|
-
retryAfterMs,
|
|
709
|
-
willRetry: false
|
|
710
|
-
};
|
|
711
|
-
await config.onResponse?.(responseContext);
|
|
712
|
-
await emitSdkResponseTelemetry(responseContext);
|
|
713
|
-
return successPayload;
|
|
714
|
-
} catch (fetchError) {
|
|
715
|
-
if (fetchError instanceof LucernApiError) {
|
|
716
|
-
throw fetchError;
|
|
717
|
-
}
|
|
718
|
-
const willRetry = attempt < maxRetries && classifyGatewayErrorForRetry(fetchError);
|
|
719
|
-
const responseContext = {
|
|
720
|
-
...hookRequestContext,
|
|
721
|
-
durationMs: Date.now() - startedAt,
|
|
722
|
-
error: fetchError,
|
|
723
|
-
correlationId: requestId,
|
|
724
|
-
policyTraceId: null,
|
|
725
|
-
willRetry
|
|
726
|
-
};
|
|
727
|
-
await config.onResponse?.(responseContext);
|
|
728
|
-
await emitSdkResponseTelemetry(responseContext);
|
|
729
|
-
lastError = fetchError;
|
|
730
|
-
if (willRetry) {
|
|
731
|
-
await delay(computeRetryDelayMs({ attempt }));
|
|
732
|
-
}
|
|
733
|
-
}
|
|
734
|
-
}
|
|
735
|
-
throw lastError instanceof Error ? lastError : new Error("Platform API request failed after retries.");
|
|
736
|
-
}
|
|
737
|
-
return {
|
|
738
|
-
request
|
|
739
|
-
};
|
|
740
|
-
}
|
|
741
|
-
|
|
742
|
-
// src/sdkSurface.ts
|
|
743
|
-
function createListResult(items, legacyKey) {
|
|
744
|
-
const result = {
|
|
745
|
-
items,
|
|
746
|
-
total: items.length
|
|
747
|
-
};
|
|
748
|
-
if (legacyKey) {
|
|
48
|
+
const updateMembership = createMembership;
|
|
49
|
+
const upsertMembership = createMembership;
|
|
749
50
|
return {
|
|
750
|
-
|
|
751
|
-
|
|
51
|
+
/**
|
|
52
|
+
* List tenants visible to the current principal.
|
|
53
|
+
*/
|
|
54
|
+
async listTenants(query = {}) {
|
|
55
|
+
return gateway.request({
|
|
56
|
+
path: `/api/platform/v1/tenants${toQueryString(query)}`,
|
|
57
|
+
}).then((response) => mapGatewayData(response, (data) => createListResult(Array.isArray(data) ? data : [], "tenants")));
|
|
58
|
+
},
|
|
59
|
+
/**
|
|
60
|
+
* Create a tenant.
|
|
61
|
+
*/
|
|
62
|
+
async createTenant(input, idempotencyKey) {
|
|
63
|
+
return gateway.request({
|
|
64
|
+
path: "/api/platform/v1/tenants",
|
|
65
|
+
method: "POST",
|
|
66
|
+
body: input,
|
|
67
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
68
|
+
});
|
|
69
|
+
},
|
|
70
|
+
/**
|
|
71
|
+
* Get the control-object ownership contract.
|
|
72
|
+
*/
|
|
73
|
+
getControlObjectOwnership,
|
|
74
|
+
/**
|
|
75
|
+
* @deprecated Use getControlObjectOwnership.
|
|
76
|
+
*/
|
|
77
|
+
getControlObjectOwnershipContract: getControlObjectOwnership,
|
|
78
|
+
/**
|
|
79
|
+
* List workspaces for the current admin scope.
|
|
80
|
+
*/
|
|
81
|
+
async listWorkspaces(query = {}) {
|
|
82
|
+
return gateway.request({
|
|
83
|
+
path: `/api/platform/v1/workspaces${toQueryString(query)}`,
|
|
84
|
+
}).then((response) => mapGatewayData(response, (data) => createListResult(Array.isArray(data) ? data : [], "workspaces")));
|
|
85
|
+
},
|
|
86
|
+
/**
|
|
87
|
+
* Create a workspace.
|
|
88
|
+
*/
|
|
89
|
+
async createWorkspace(input, idempotencyKey) {
|
|
90
|
+
return gateway.request({
|
|
91
|
+
path: "/api/platform/v1/workspaces",
|
|
92
|
+
method: "POST",
|
|
93
|
+
body: input,
|
|
94
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
95
|
+
});
|
|
96
|
+
},
|
|
97
|
+
/**
|
|
98
|
+
* List memberships for the current admin scope.
|
|
99
|
+
*/
|
|
100
|
+
async listMemberships(query = {}) {
|
|
101
|
+
return gateway.request({
|
|
102
|
+
path: `/api/platform/v1/memberships${toQueryString(query)}`,
|
|
103
|
+
}).then((response) => mapGatewayData(response, (data) => createListResult(Array.isArray(data) ? data : [], "memberships")));
|
|
104
|
+
},
|
|
105
|
+
/**
|
|
106
|
+
* Create a membership.
|
|
107
|
+
*/
|
|
108
|
+
createMembership,
|
|
109
|
+
/**
|
|
110
|
+
* Update a membership.
|
|
111
|
+
*/
|
|
112
|
+
updateMembership,
|
|
113
|
+
/**
|
|
114
|
+
* @deprecated Use createMembership or updateMembership.
|
|
115
|
+
*/
|
|
116
|
+
upsertMembership,
|
|
117
|
+
/**
|
|
118
|
+
* List tenant API keys in the current admin scope.
|
|
119
|
+
*/
|
|
120
|
+
async listTenantApiKeys(scope) {
|
|
121
|
+
const response = await gateway.request({
|
|
122
|
+
path: `/api/platform/v1/tenant-api-keys${toQueryString(scope)}`,
|
|
123
|
+
});
|
|
124
|
+
return {
|
|
125
|
+
...response,
|
|
126
|
+
data: {
|
|
127
|
+
keys: asTenantApiKeyArray(response.data?.keys),
|
|
128
|
+
},
|
|
129
|
+
};
|
|
130
|
+
},
|
|
131
|
+
/**
|
|
132
|
+
* Create a tenant API key.
|
|
133
|
+
*/
|
|
134
|
+
async createTenantApiKey(input, idempotencyKey) {
|
|
135
|
+
const response = await gateway.request({
|
|
136
|
+
path: "/api/platform/v1/tenant-api-keys",
|
|
137
|
+
method: "POST",
|
|
138
|
+
body: input,
|
|
139
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
140
|
+
});
|
|
141
|
+
return {
|
|
142
|
+
...response,
|
|
143
|
+
data: {
|
|
144
|
+
key: asTenantApiKeyRecord(response.data?.key),
|
|
145
|
+
plaintextKey: typeof response.data?.plaintextKey === "string"
|
|
146
|
+
? response.data.plaintextKey
|
|
147
|
+
: undefined,
|
|
148
|
+
},
|
|
149
|
+
};
|
|
150
|
+
},
|
|
151
|
+
/**
|
|
152
|
+
* Revoke a tenant API key.
|
|
153
|
+
*/
|
|
154
|
+
async revokeTenantApiKey(keyId, input = {}, idempotencyKey) {
|
|
155
|
+
return gateway.request({
|
|
156
|
+
path: `/api/platform/v1/tenant-api-keys/${encodeURIComponent(keyId)}/revoke`,
|
|
157
|
+
method: "POST",
|
|
158
|
+
body: input,
|
|
159
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
160
|
+
});
|
|
161
|
+
},
|
|
162
|
+
/**
|
|
163
|
+
* List tenant vault secrets.
|
|
164
|
+
*/
|
|
165
|
+
async listTenantVaultSecrets(scope) {
|
|
166
|
+
const response = await gateway.request({
|
|
167
|
+
path: `/api/platform/v1/tenant-vault-secrets${toQueryString(scope)}`,
|
|
168
|
+
});
|
|
169
|
+
return {
|
|
170
|
+
...response,
|
|
171
|
+
data: {
|
|
172
|
+
secrets: asTenantVaultSecretArray(response.data?.secrets),
|
|
173
|
+
},
|
|
174
|
+
};
|
|
175
|
+
},
|
|
176
|
+
/**
|
|
177
|
+
* Create a tenant vault secret.
|
|
178
|
+
*/
|
|
179
|
+
async createTenantVaultSecret(input, idempotencyKey) {
|
|
180
|
+
const response = await gateway.request({
|
|
181
|
+
path: "/api/platform/v1/tenant-vault-secrets",
|
|
182
|
+
method: "POST",
|
|
183
|
+
body: input,
|
|
184
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
185
|
+
});
|
|
186
|
+
return {
|
|
187
|
+
...response,
|
|
188
|
+
data: {
|
|
189
|
+
secret: asTenantVaultSecretRecord(response.data?.secret),
|
|
190
|
+
},
|
|
191
|
+
};
|
|
192
|
+
},
|
|
193
|
+
/**
|
|
194
|
+
* Update a tenant vault secret.
|
|
195
|
+
*/
|
|
196
|
+
async updateTenantVaultSecret(secretId, input, idempotencyKey) {
|
|
197
|
+
const response = await gateway.request({
|
|
198
|
+
path: `/api/platform/v1/tenant-vault-secrets/${encodeURIComponent(secretId)}`,
|
|
199
|
+
method: "PATCH",
|
|
200
|
+
body: input,
|
|
201
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
202
|
+
});
|
|
203
|
+
return {
|
|
204
|
+
...response,
|
|
205
|
+
data: {
|
|
206
|
+
secret: asTenantVaultSecretRecord(response.data?.secret),
|
|
207
|
+
},
|
|
208
|
+
};
|
|
209
|
+
},
|
|
210
|
+
/**
|
|
211
|
+
* Delete a tenant vault secret.
|
|
212
|
+
*/
|
|
213
|
+
async deleteTenantVaultSecret(secretId, scope, idempotencyKey) {
|
|
214
|
+
return gateway.request({
|
|
215
|
+
path: `/api/platform/v1/tenant-vault-secrets/${encodeURIComponent(secretId)}${toQueryString(scope)}`,
|
|
216
|
+
method: "DELETE",
|
|
217
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
218
|
+
});
|
|
219
|
+
},
|
|
220
|
+
/**
|
|
221
|
+
* List tenant provider secrets.
|
|
222
|
+
*/
|
|
223
|
+
async listTenantSecrets(scope) {
|
|
224
|
+
return gateway.request({
|
|
225
|
+
path: `/api/platform/v1/tenant-secrets${toQueryString(scope)}`,
|
|
226
|
+
});
|
|
227
|
+
},
|
|
228
|
+
/**
|
|
229
|
+
* Upsert a tenant provider secret.
|
|
230
|
+
*/
|
|
231
|
+
async upsertTenantSecret(input, idempotencyKey) {
|
|
232
|
+
return gateway.request({
|
|
233
|
+
path: "/api/platform/v1/tenant-secrets",
|
|
234
|
+
method: "POST",
|
|
235
|
+
body: input,
|
|
236
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
237
|
+
});
|
|
238
|
+
},
|
|
239
|
+
/**
|
|
240
|
+
* Revoke a tenant provider secret.
|
|
241
|
+
*/
|
|
242
|
+
async revokeTenantSecret(secretRef, input, idempotencyKey) {
|
|
243
|
+
return gateway.request({
|
|
244
|
+
path: `/api/platform/v1/tenant-secrets/${encodeURIComponent(secretRef)}/revoke`,
|
|
245
|
+
method: "POST",
|
|
246
|
+
body: input,
|
|
247
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
248
|
+
});
|
|
249
|
+
},
|
|
250
|
+
/**
|
|
251
|
+
* Get tenant configuration.
|
|
252
|
+
*/
|
|
253
|
+
async getTenantConfig(scope) {
|
|
254
|
+
return gateway.request({
|
|
255
|
+
path: `/api/platform/v1/tenant-config${toQueryString(scope)}`,
|
|
256
|
+
});
|
|
257
|
+
},
|
|
258
|
+
/**
|
|
259
|
+
* Get tenant model routing.
|
|
260
|
+
*/
|
|
261
|
+
async getTenantModelRouting(scope) {
|
|
262
|
+
return gateway.request({
|
|
263
|
+
path: `/api/platform/v1/tenant-config/model-routing${toQueryString(scope)}`,
|
|
264
|
+
});
|
|
265
|
+
},
|
|
266
|
+
/**
|
|
267
|
+
* Upsert tenant configuration.
|
|
268
|
+
*/
|
|
269
|
+
async upsertTenantConfig(input, idempotencyKey) {
|
|
270
|
+
return gateway.request({
|
|
271
|
+
path: "/api/platform/v1/tenant-config",
|
|
272
|
+
method: "POST",
|
|
273
|
+
body: input,
|
|
274
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
275
|
+
});
|
|
276
|
+
},
|
|
277
|
+
/**
|
|
278
|
+
* List groups.
|
|
279
|
+
*/
|
|
280
|
+
async listGroups(scope = {}) {
|
|
281
|
+
return gateway.request({
|
|
282
|
+
path: `/api/platform/v1/groups${toQueryString(scope)}`,
|
|
283
|
+
});
|
|
284
|
+
},
|
|
285
|
+
/**
|
|
286
|
+
* Create a group.
|
|
287
|
+
*/
|
|
288
|
+
async createGroup(input, idempotencyKey) {
|
|
289
|
+
return gateway.request({
|
|
290
|
+
path: "/api/platform/v1/groups",
|
|
291
|
+
method: "POST",
|
|
292
|
+
body: input,
|
|
293
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
294
|
+
});
|
|
295
|
+
},
|
|
296
|
+
/**
|
|
297
|
+
* Update a group.
|
|
298
|
+
*/
|
|
299
|
+
async updateGroup(groupId, input, idempotencyKey) {
|
|
300
|
+
return gateway.request({
|
|
301
|
+
path: `/api/platform/v1/groups/${encodeURIComponent(groupId)}`,
|
|
302
|
+
method: "PATCH",
|
|
303
|
+
body: input,
|
|
304
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
305
|
+
});
|
|
306
|
+
},
|
|
307
|
+
/**
|
|
308
|
+
* Delete a group.
|
|
309
|
+
*/
|
|
310
|
+
async deleteGroup(groupId, input = {}, idempotencyKey) {
|
|
311
|
+
return gateway.request({
|
|
312
|
+
path: `/api/platform/v1/groups/${encodeURIComponent(groupId)}${toQueryString(input)}`,
|
|
313
|
+
method: "DELETE",
|
|
314
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
315
|
+
});
|
|
316
|
+
},
|
|
317
|
+
/**
|
|
318
|
+
* List group members.
|
|
319
|
+
*/
|
|
320
|
+
async listGroupMembers(query) {
|
|
321
|
+
return gateway.request({
|
|
322
|
+
path: `/api/platform/v1/groups/members${toQueryString(query)}`,
|
|
323
|
+
});
|
|
324
|
+
},
|
|
325
|
+
/**
|
|
326
|
+
* Add a group member.
|
|
327
|
+
*/
|
|
328
|
+
async addGroupMember(input, idempotencyKey) {
|
|
329
|
+
return gateway.request({
|
|
330
|
+
path: "/api/platform/v1/groups/members",
|
|
331
|
+
method: "POST",
|
|
332
|
+
body: input,
|
|
333
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
334
|
+
});
|
|
335
|
+
},
|
|
336
|
+
/**
|
|
337
|
+
* Remove a group member.
|
|
338
|
+
*/
|
|
339
|
+
async removeGroupMember(input, idempotencyKey) {
|
|
340
|
+
return gateway.request({
|
|
341
|
+
path: `/api/platform/v1/groups/members${toQueryString(input)}`,
|
|
342
|
+
method: "DELETE",
|
|
343
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
344
|
+
});
|
|
345
|
+
},
|
|
346
|
+
/**
|
|
347
|
+
* List pack-to-group assignments.
|
|
348
|
+
*/
|
|
349
|
+
async listPackGroupAssignments(query = {}) {
|
|
350
|
+
return gateway.request({
|
|
351
|
+
path: `/api/platform/v1/groups/packs${toQueryString(query)}`,
|
|
352
|
+
});
|
|
353
|
+
},
|
|
354
|
+
/**
|
|
355
|
+
* Assign a pack to a group.
|
|
356
|
+
*/
|
|
357
|
+
async assignPackToGroup(input, idempotencyKey) {
|
|
358
|
+
return gateway.request({
|
|
359
|
+
path: "/api/platform/v1/groups/packs",
|
|
360
|
+
method: "POST",
|
|
361
|
+
body: input,
|
|
362
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
363
|
+
});
|
|
364
|
+
},
|
|
365
|
+
/**
|
|
366
|
+
* Remove a pack from a group.
|
|
367
|
+
*/
|
|
368
|
+
async removePackFromGroup(input, idempotencyKey) {
|
|
369
|
+
return gateway.request({
|
|
370
|
+
path: `/api/platform/v1/groups/packs${toQueryString(input)}`,
|
|
371
|
+
method: "DELETE",
|
|
372
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
373
|
+
});
|
|
374
|
+
},
|
|
752
375
|
};
|
|
753
|
-
}
|
|
754
|
-
return result;
|
|
755
|
-
}
|
|
756
|
-
function mapGatewayData(response, mapper) {
|
|
757
|
-
return {
|
|
758
|
-
...response,
|
|
759
|
-
data: mapper(response.data)
|
|
760
|
-
};
|
|
761
|
-
}
|
|
762
|
-
|
|
763
|
-
// src/adminClient.ts
|
|
764
|
-
function asTenantApiKeyRecord(data) {
|
|
765
|
-
if (!data || typeof data !== "object") {
|
|
766
|
-
return null;
|
|
767
|
-
}
|
|
768
|
-
return data;
|
|
769
|
-
}
|
|
770
|
-
function asTenantApiKeyArray(data) {
|
|
771
|
-
if (!Array.isArray(data)) {
|
|
772
|
-
return [];
|
|
773
|
-
}
|
|
774
|
-
return data.map(asTenantApiKeyRecord).filter((row) => Boolean(row));
|
|
775
|
-
}
|
|
776
|
-
function asTenantVaultSecretRecord(data) {
|
|
777
|
-
if (!data || typeof data !== "object") {
|
|
778
|
-
return null;
|
|
779
|
-
}
|
|
780
|
-
return data;
|
|
781
|
-
}
|
|
782
|
-
function asTenantVaultSecretArray(data) {
|
|
783
|
-
if (!Array.isArray(data)) {
|
|
784
|
-
return [];
|
|
785
|
-
}
|
|
786
|
-
return data.map(asTenantVaultSecretRecord).filter((row) => Boolean(row));
|
|
787
|
-
}
|
|
788
|
-
function createAdminClient(config = {}) {
|
|
789
|
-
const gateway = createGatewayRequestClient(config);
|
|
790
|
-
const getControlObjectOwnership = async () => gateway.request({
|
|
791
|
-
path: "/api/platform/v1/admin/control-ownership"
|
|
792
|
-
});
|
|
793
|
-
const createMembership = async (input, idempotencyKey) => gateway.request({
|
|
794
|
-
path: "/api/platform/v1/memberships",
|
|
795
|
-
method: "POST",
|
|
796
|
-
body: input,
|
|
797
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
798
|
-
});
|
|
799
|
-
const updateMembership = createMembership;
|
|
800
|
-
const upsertMembership = createMembership;
|
|
801
|
-
return {
|
|
802
|
-
/**
|
|
803
|
-
* List tenants visible to the current principal.
|
|
804
|
-
*/
|
|
805
|
-
async listTenants(query = {}) {
|
|
806
|
-
return gateway.request({
|
|
807
|
-
path: `/api/platform/v1/tenants${toQueryString(query)}`
|
|
808
|
-
}).then(
|
|
809
|
-
(response) => mapGatewayData(
|
|
810
|
-
response,
|
|
811
|
-
(data) => createListResult(
|
|
812
|
-
Array.isArray(data) ? data : [],
|
|
813
|
-
"tenants"
|
|
814
|
-
)
|
|
815
|
-
)
|
|
816
|
-
);
|
|
817
|
-
},
|
|
818
|
-
/**
|
|
819
|
-
* Create a tenant.
|
|
820
|
-
*/
|
|
821
|
-
async createTenant(input, idempotencyKey) {
|
|
822
|
-
return gateway.request({
|
|
823
|
-
path: "/api/platform/v1/tenants",
|
|
824
|
-
method: "POST",
|
|
825
|
-
body: input,
|
|
826
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
827
|
-
});
|
|
828
|
-
},
|
|
829
|
-
/**
|
|
830
|
-
* Get the control-object ownership contract.
|
|
831
|
-
*/
|
|
832
|
-
getControlObjectOwnership,
|
|
833
|
-
/**
|
|
834
|
-
* @deprecated Use getControlObjectOwnership.
|
|
835
|
-
*/
|
|
836
|
-
getControlObjectOwnershipContract: getControlObjectOwnership,
|
|
837
|
-
/**
|
|
838
|
-
* List workspaces for the current admin scope.
|
|
839
|
-
*/
|
|
840
|
-
async listWorkspaces(query = {}) {
|
|
841
|
-
return gateway.request({
|
|
842
|
-
path: `/api/platform/v1/workspaces${toQueryString(query)}`
|
|
843
|
-
}).then(
|
|
844
|
-
(response) => mapGatewayData(
|
|
845
|
-
response,
|
|
846
|
-
(data) => createListResult(
|
|
847
|
-
Array.isArray(data) ? data : [],
|
|
848
|
-
"workspaces"
|
|
849
|
-
)
|
|
850
|
-
)
|
|
851
|
-
);
|
|
852
|
-
},
|
|
853
|
-
/**
|
|
854
|
-
* Create a workspace.
|
|
855
|
-
*/
|
|
856
|
-
async createWorkspace(input, idempotencyKey) {
|
|
857
|
-
return gateway.request({
|
|
858
|
-
path: "/api/platform/v1/workspaces",
|
|
859
|
-
method: "POST",
|
|
860
|
-
body: input,
|
|
861
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
862
|
-
});
|
|
863
|
-
},
|
|
864
|
-
/**
|
|
865
|
-
* List memberships for the current admin scope.
|
|
866
|
-
*/
|
|
867
|
-
async listMemberships(query = {}) {
|
|
868
|
-
return gateway.request({
|
|
869
|
-
path: `/api/platform/v1/memberships${toQueryString(query)}`
|
|
870
|
-
}).then(
|
|
871
|
-
(response) => mapGatewayData(
|
|
872
|
-
response,
|
|
873
|
-
(data) => createListResult(
|
|
874
|
-
Array.isArray(data) ? data : [],
|
|
875
|
-
"memberships"
|
|
876
|
-
)
|
|
877
|
-
)
|
|
878
|
-
);
|
|
879
|
-
},
|
|
880
|
-
/**
|
|
881
|
-
* Create a membership.
|
|
882
|
-
*/
|
|
883
|
-
createMembership,
|
|
884
|
-
/**
|
|
885
|
-
* Update a membership.
|
|
886
|
-
*/
|
|
887
|
-
updateMembership,
|
|
888
|
-
/**
|
|
889
|
-
* @deprecated Use createMembership or updateMembership.
|
|
890
|
-
*/
|
|
891
|
-
upsertMembership,
|
|
892
|
-
/**
|
|
893
|
-
* List tenant API keys in the current admin scope.
|
|
894
|
-
*/
|
|
895
|
-
async listTenantApiKeys(scope) {
|
|
896
|
-
const response = await gateway.request({
|
|
897
|
-
path: `/api/platform/v1/tenant-api-keys${toQueryString(scope)}`
|
|
898
|
-
});
|
|
899
|
-
return {
|
|
900
|
-
...response,
|
|
901
|
-
data: {
|
|
902
|
-
keys: asTenantApiKeyArray(response.data?.keys)
|
|
903
|
-
}
|
|
904
|
-
};
|
|
905
|
-
},
|
|
906
|
-
/**
|
|
907
|
-
* Create a tenant API key.
|
|
908
|
-
*/
|
|
909
|
-
async createTenantApiKey(input, idempotencyKey) {
|
|
910
|
-
const response = await gateway.request({
|
|
911
|
-
path: "/api/platform/v1/tenant-api-keys",
|
|
912
|
-
method: "POST",
|
|
913
|
-
body: input,
|
|
914
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
915
|
-
});
|
|
916
|
-
return {
|
|
917
|
-
...response,
|
|
918
|
-
data: {
|
|
919
|
-
key: asTenantApiKeyRecord(response.data?.key),
|
|
920
|
-
plaintextKey: typeof response.data?.plaintextKey === "string" ? response.data.plaintextKey : void 0
|
|
921
|
-
}
|
|
922
|
-
};
|
|
923
|
-
},
|
|
924
|
-
/**
|
|
925
|
-
* Revoke a tenant API key.
|
|
926
|
-
*/
|
|
927
|
-
async revokeTenantApiKey(keyId, input = {}, idempotencyKey) {
|
|
928
|
-
return gateway.request({
|
|
929
|
-
path: `/api/platform/v1/tenant-api-keys/${encodeURIComponent(keyId)}/revoke`,
|
|
930
|
-
method: "POST",
|
|
931
|
-
body: input,
|
|
932
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
933
|
-
});
|
|
934
|
-
},
|
|
935
|
-
/**
|
|
936
|
-
* List tenant vault secrets.
|
|
937
|
-
*/
|
|
938
|
-
async listTenantVaultSecrets(scope) {
|
|
939
|
-
const response = await gateway.request({
|
|
940
|
-
path: `/api/platform/v1/tenant-vault-secrets${toQueryString(scope)}`
|
|
941
|
-
});
|
|
942
|
-
return {
|
|
943
|
-
...response,
|
|
944
|
-
data: {
|
|
945
|
-
secrets: asTenantVaultSecretArray(response.data?.secrets)
|
|
946
|
-
}
|
|
947
|
-
};
|
|
948
|
-
},
|
|
949
|
-
/**
|
|
950
|
-
* Create a tenant vault secret.
|
|
951
|
-
*/
|
|
952
|
-
async createTenantVaultSecret(input, idempotencyKey) {
|
|
953
|
-
const response = await gateway.request({
|
|
954
|
-
path: "/api/platform/v1/tenant-vault-secrets",
|
|
955
|
-
method: "POST",
|
|
956
|
-
body: input,
|
|
957
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
958
|
-
});
|
|
959
|
-
return {
|
|
960
|
-
...response,
|
|
961
|
-
data: {
|
|
962
|
-
secret: asTenantVaultSecretRecord(response.data?.secret)
|
|
963
|
-
}
|
|
964
|
-
};
|
|
965
|
-
},
|
|
966
|
-
/**
|
|
967
|
-
* Update a tenant vault secret.
|
|
968
|
-
*/
|
|
969
|
-
async updateTenantVaultSecret(secretId, input, idempotencyKey) {
|
|
970
|
-
const response = await gateway.request({
|
|
971
|
-
path: `/api/platform/v1/tenant-vault-secrets/${encodeURIComponent(secretId)}`,
|
|
972
|
-
method: "PATCH",
|
|
973
|
-
body: input,
|
|
974
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
975
|
-
});
|
|
976
|
-
return {
|
|
977
|
-
...response,
|
|
978
|
-
data: {
|
|
979
|
-
secret: asTenantVaultSecretRecord(response.data?.secret)
|
|
980
|
-
}
|
|
981
|
-
};
|
|
982
|
-
},
|
|
983
|
-
/**
|
|
984
|
-
* Delete a tenant vault secret.
|
|
985
|
-
*/
|
|
986
|
-
async deleteTenantVaultSecret(secretId, scope, idempotencyKey) {
|
|
987
|
-
return gateway.request({
|
|
988
|
-
path: `/api/platform/v1/tenant-vault-secrets/${encodeURIComponent(
|
|
989
|
-
secretId
|
|
990
|
-
)}${toQueryString(scope)}`,
|
|
991
|
-
method: "DELETE",
|
|
992
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
993
|
-
});
|
|
994
|
-
},
|
|
995
|
-
/**
|
|
996
|
-
* List tenant provider secrets.
|
|
997
|
-
*/
|
|
998
|
-
async listTenantSecrets(scope) {
|
|
999
|
-
return gateway.request({
|
|
1000
|
-
path: `/api/platform/v1/tenant-secrets${toQueryString(scope)}`
|
|
1001
|
-
});
|
|
1002
|
-
},
|
|
1003
|
-
/**
|
|
1004
|
-
* Upsert a tenant provider secret.
|
|
1005
|
-
*/
|
|
1006
|
-
async upsertTenantSecret(input, idempotencyKey) {
|
|
1007
|
-
return gateway.request({
|
|
1008
|
-
path: "/api/platform/v1/tenant-secrets",
|
|
1009
|
-
method: "POST",
|
|
1010
|
-
body: input,
|
|
1011
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
1012
|
-
});
|
|
1013
|
-
},
|
|
1014
|
-
/**
|
|
1015
|
-
* Revoke a tenant provider secret.
|
|
1016
|
-
*/
|
|
1017
|
-
async revokeTenantSecret(secretRef, input, idempotencyKey) {
|
|
1018
|
-
return gateway.request({
|
|
1019
|
-
path: `/api/platform/v1/tenant-secrets/${encodeURIComponent(secretRef)}/revoke`,
|
|
1020
|
-
method: "POST",
|
|
1021
|
-
body: input,
|
|
1022
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
1023
|
-
});
|
|
1024
|
-
},
|
|
1025
|
-
/**
|
|
1026
|
-
* Get tenant configuration.
|
|
1027
|
-
*/
|
|
1028
|
-
async getTenantConfig(scope) {
|
|
1029
|
-
return gateway.request({
|
|
1030
|
-
path: `/api/platform/v1/tenant-config${toQueryString(scope)}`
|
|
1031
|
-
});
|
|
1032
|
-
},
|
|
1033
|
-
/**
|
|
1034
|
-
* Get tenant model routing.
|
|
1035
|
-
*/
|
|
1036
|
-
async getTenantModelRouting(scope) {
|
|
1037
|
-
return gateway.request({
|
|
1038
|
-
path: `/api/platform/v1/tenant-config/model-routing${toQueryString(scope)}`
|
|
1039
|
-
});
|
|
1040
|
-
},
|
|
1041
|
-
/**
|
|
1042
|
-
* Upsert tenant configuration.
|
|
1043
|
-
*/
|
|
1044
|
-
async upsertTenantConfig(input, idempotencyKey) {
|
|
1045
|
-
return gateway.request({
|
|
1046
|
-
path: "/api/platform/v1/tenant-config",
|
|
1047
|
-
method: "POST",
|
|
1048
|
-
body: input,
|
|
1049
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
1050
|
-
});
|
|
1051
|
-
},
|
|
1052
|
-
/**
|
|
1053
|
-
* List groups.
|
|
1054
|
-
*/
|
|
1055
|
-
async listGroups(scope = {}) {
|
|
1056
|
-
return gateway.request({
|
|
1057
|
-
path: `/api/platform/v1/groups${toQueryString(scope)}`
|
|
1058
|
-
});
|
|
1059
|
-
},
|
|
1060
|
-
/**
|
|
1061
|
-
* Create a group.
|
|
1062
|
-
*/
|
|
1063
|
-
async createGroup(input, idempotencyKey) {
|
|
1064
|
-
return gateway.request({
|
|
1065
|
-
path: "/api/platform/v1/groups",
|
|
1066
|
-
method: "POST",
|
|
1067
|
-
body: input,
|
|
1068
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
1069
|
-
});
|
|
1070
|
-
},
|
|
1071
|
-
/**
|
|
1072
|
-
* Update a group.
|
|
1073
|
-
*/
|
|
1074
|
-
async updateGroup(groupId, input, idempotencyKey) {
|
|
1075
|
-
return gateway.request({
|
|
1076
|
-
path: `/api/platform/v1/groups/${encodeURIComponent(groupId)}`,
|
|
1077
|
-
method: "PATCH",
|
|
1078
|
-
body: input,
|
|
1079
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
1080
|
-
});
|
|
1081
|
-
},
|
|
1082
|
-
/**
|
|
1083
|
-
* Delete a group.
|
|
1084
|
-
*/
|
|
1085
|
-
async deleteGroup(groupId, input = {}, idempotencyKey) {
|
|
1086
|
-
return gateway.request({
|
|
1087
|
-
path: `/api/platform/v1/groups/${encodeURIComponent(groupId)}${toQueryString(input)}`,
|
|
1088
|
-
method: "DELETE",
|
|
1089
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
1090
|
-
});
|
|
1091
|
-
},
|
|
1092
|
-
/**
|
|
1093
|
-
* List group members.
|
|
1094
|
-
*/
|
|
1095
|
-
async listGroupMembers(query) {
|
|
1096
|
-
return gateway.request({
|
|
1097
|
-
path: `/api/platform/v1/groups/members${toQueryString(query)}`
|
|
1098
|
-
});
|
|
1099
|
-
},
|
|
1100
|
-
/**
|
|
1101
|
-
* Add a group member.
|
|
1102
|
-
*/
|
|
1103
|
-
async addGroupMember(input, idempotencyKey) {
|
|
1104
|
-
return gateway.request({
|
|
1105
|
-
path: "/api/platform/v1/groups/members",
|
|
1106
|
-
method: "POST",
|
|
1107
|
-
body: input,
|
|
1108
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
1109
|
-
});
|
|
1110
|
-
},
|
|
1111
|
-
/**
|
|
1112
|
-
* Remove a group member.
|
|
1113
|
-
*/
|
|
1114
|
-
async removeGroupMember(input, idempotencyKey) {
|
|
1115
|
-
return gateway.request({
|
|
1116
|
-
path: `/api/platform/v1/groups/members${toQueryString(input)}`,
|
|
1117
|
-
method: "DELETE",
|
|
1118
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
1119
|
-
});
|
|
1120
|
-
},
|
|
1121
|
-
/**
|
|
1122
|
-
* List pack-to-group assignments.
|
|
1123
|
-
*/
|
|
1124
|
-
async listPackGroupAssignments(query = {}) {
|
|
1125
|
-
return gateway.request({
|
|
1126
|
-
path: `/api/platform/v1/groups/packs${toQueryString(query)}`
|
|
1127
|
-
});
|
|
1128
|
-
},
|
|
1129
|
-
/**
|
|
1130
|
-
* Assign a pack to a group.
|
|
1131
|
-
*/
|
|
1132
|
-
async assignPackToGroup(input, idempotencyKey) {
|
|
1133
|
-
return gateway.request({
|
|
1134
|
-
path: "/api/platform/v1/groups/packs",
|
|
1135
|
-
method: "POST",
|
|
1136
|
-
body: input,
|
|
1137
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
1138
|
-
});
|
|
1139
|
-
},
|
|
1140
|
-
/**
|
|
1141
|
-
* Remove a pack from a group.
|
|
1142
|
-
*/
|
|
1143
|
-
async removePackFromGroup(input, idempotencyKey) {
|
|
1144
|
-
return gateway.request({
|
|
1145
|
-
path: `/api/platform/v1/groups/packs${toQueryString(input)}`,
|
|
1146
|
-
method: "DELETE",
|
|
1147
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
1148
|
-
});
|
|
1149
|
-
}
|
|
1150
|
-
};
|
|
1151
376
|
}
|
|
1152
|
-
|
|
1153
|
-
export { LucernApiError, createAdminClient };
|
|
1154
|
-
//# sourceMappingURL=adminClient.js.map
|
|
1155
377
|
//# sourceMappingURL=adminClient.js.map
|