@lucern/sdk 1.0.11 → 1.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +3 -0
- package/dist/.generated +2 -0
- package/dist/accessControl.d.ts +19 -26
- package/dist/accessControl.js +195 -1423
- package/dist/adminClient.d.ts +52 -59
- package/dist/adminClient.js +364 -1142
- package/dist/answersClient.d.ts +5 -14
- package/dist/answersClient.js +19 -737
- package/dist/audience/index.d.ts +18 -18
- package/dist/audience/index.js +87 -90
- package/dist/audiencesClient.d.ts +19 -27
- package/dist/audiencesClient.js +107 -868
- package/dist/auditClient.d.ts +8 -15
- package/dist/auditClient.js +18 -791
- package/dist/authContext.d.ts +11 -16
- package/dist/authContext.js +122 -154
- package/dist/authDeviceClient.d.ts +8 -17
- package/dist/authDeviceClient.js +113 -102
- package/dist/beliefs/index.d.ts +15 -67
- package/dist/beliefs/index.js +17 -10181
- package/dist/beliefs/lifecycle.d.ts +10 -11
- package/dist/beliefs/lifecycle.js +78 -80
- package/dist/beliefsClient.d.ts +26 -32
- package/dist/beliefsClient.js +250 -990
- package/dist/boundaryClientSurface.d.ts +11 -16
- package/dist/boundaryClientSurface.js +49 -68
- package/dist/client.d.ts +64 -112
- package/dist/client.js +232 -10155
- package/dist/clientAssemblyTypes.d.ts +3 -3
- package/dist/clientAssemblyTypes.js +1 -2
- package/dist/clientConfig.d.ts +45 -59
- package/dist/clientConfig.js +1 -2
- package/dist/clientEvidenceCompat.d.ts +7 -14
- package/dist/clientEvidenceCompat.js +50 -64
- package/dist/clientGraphNamespaces.d.ts +3 -5
- package/dist/clientGraphNamespaces.js +170 -245
- package/dist/clientHelpers.d.ts +20 -25
- package/dist/clientHelpers.js +104 -127
- package/dist/clientKnowledgeNamespaces.d.ts +6 -53
- package/dist/clientKnowledgeNamespaces.js +502 -506
- package/dist/clientLocalHelpers.d.ts +11 -56
- package/dist/clientLocalHelpers.js +503 -732
- package/dist/clientPlatformNamespaces.d.ts +5 -53
- package/dist/clientPlatformNamespaces.js +229 -323
- package/dist/clientRuntime.d.ts +5 -53
- package/dist/clientRuntime.js +26 -30
- package/dist/clientWorkflowNamespaces.d.ts +6 -15
- package/dist/clientWorkflowNamespaces.js +529 -596
- package/dist/contextClient.d.ts +9 -17
- package/dist/contextClient.js +92 -805
- package/dist/contextFacade.d.ts +11 -2
- package/dist/contextFacade.js +10 -81
- package/dist/contextPackCompiler.d.ts +10 -11
- package/dist/contextPackCompiler.js +494 -1040
- package/dist/contextPackPolicy.d.ts +14 -15
- package/dist/contextPackPolicy.js +227 -305
- package/dist/contextPackSchema.d.ts +3 -3
- package/dist/contextPackSchema.js +169 -176
- package/dist/contextTypes.d.ts +14 -15
- package/dist/contextTypes.js +1 -2
- package/dist/contracts/api-enums.contract.d.ts +29 -30
- package/dist/contracts/api-enums.contract.js +162 -88
- package/dist/contracts/auth-session.contract.d.ts +13 -14
- package/dist/contracts/auth-session.contract.js +55 -52
- package/dist/contracts/context-pack.contract.d.ts +54 -55
- package/dist/contracts/context-pack.contract.js +160 -88
- package/dist/contracts/contextPack.d.ts +2 -1
- package/dist/contracts/contextPack.js +1 -97
- package/dist/contracts/index.d.ts +11 -12
- package/dist/contracts/index.js +10 -854
- package/dist/contracts/lens-filter.contract.d.ts +9 -10
- package/dist/contracts/lens-filter.contract.js +82 -58
- package/dist/contracts/lens-workflow.contract.d.ts +21 -23
- package/dist/contracts/lens-workflow.contract.js +48 -117
- package/dist/contracts/lensFilter.d.ts +2 -1
- package/dist/contracts/lensFilter.js +1 -71
- package/dist/contracts/lensWorkflow.d.ts +2 -2
- package/dist/contracts/lensWorkflow.js +1 -123
- package/dist/contracts/mcpTools.d.ts +16 -18
- package/dist/contracts/mcpTools.js +89 -123
- package/dist/contracts/prompt.contract.d.ts +4 -5
- package/dist/contracts/prompt.contract.js +23 -10
- package/dist/contracts/prompt.d.ts +2 -1
- package/dist/contracts/prompt.js +1 -11
- package/dist/contracts/sdk-tools.contract.d.ts +2 -1
- package/dist/contracts/sdk-tools.contract.js +1 -2
- package/dist/contracts/sdkTools.d.ts +2 -1
- package/dist/contracts/sdkTools.js +1 -26
- package/dist/contracts/tool-contracts.d.ts +2 -1
- package/dist/contracts/tool-contracts.js +1 -2
- package/dist/contracts/workflow-runtime.contract.d.ts +45 -46
- package/dist/contracts/workflow-runtime.contract.js +241 -228
- package/dist/contracts/workflowRuntime.d.ts +2 -1
- package/dist/contracts/workflowRuntime.js +1 -244
- package/dist/contradictions/index.d.ts +8 -60
- package/dist/contradictions/index.js +11 -10175
- package/dist/control-plane.d.ts +17 -24
- package/dist/control-plane.js +124 -840
- package/dist/controlObjectOwnership.d.ts +19 -20
- package/dist/controlObjectOwnership.js +207 -201
- package/dist/coreClient.d.ts +23 -28
- package/dist/coreClient.js +567 -692
- package/dist/customTools.d.ts +17 -21
- package/dist/customTools.js +221 -221
- package/dist/decisions/index.d.ts +7 -58
- package/dist/decisions/index.js +14 -10177
- package/dist/decisionsClient.d.ts +25 -32
- package/dist/decisionsClient.js +113 -913
- package/dist/domainContext.d.ts +2 -1
- package/dist/domainContext.js +1 -2
- package/dist/edges/index.d.ts +21 -73
- package/dist/edges/index.js +12 -10176
- package/dist/embeddingsClient.d.ts +22 -30
- package/dist/embeddingsClient.js +73 -922
- package/dist/eventingClient.d.ts +23 -31
- package/dist/eventingClient.js +89 -918
- package/dist/events.d.ts +48 -49
- package/dist/events.js +257 -241
- package/dist/eventsCore.d.ts +20 -29
- package/dist/eventsCore.js +86 -830
- package/dist/evidence/index.d.ts +9 -60
- package/dist/evidence/index.js +13 -10176
- package/dist/evidenceClient.d.ts +13 -22
- package/dist/evidenceClient.js +34 -751
- package/dist/facade/context.d.ts +7 -8
- package/dist/facade/context.js +73 -72
- package/dist/functionSurface.d.ts +2 -156
- package/dist/functionSurface.js +1 -1460
- package/dist/functionSurfaceClient.d.ts +2 -9
- package/dist/functionSurfaceClient.js +1 -1460
- package/dist/gatewayFacades.d.ts +79 -296
- package/dist/gatewayFacades.factories.d.ts +209 -14
- package/dist/gatewayFacades.factories.js +561 -2227
- package/dist/gatewayFacades.js +284 -2627
- package/dist/generated/functionSurface.d.ts +149 -0
- package/dist/generated/functionSurface.js +749 -0
- package/dist/graphAnalysisClient.d.ts +41 -49
- package/dist/graphAnalysisClient.js +185 -974
- package/dist/graphClient.d.ts +53 -60
- package/dist/graphClient.js +219 -1090
- package/dist/graphIntel.d.ts +2 -4
- package/dist/graphIntel.js +1 -2
- package/dist/graphIntelligence.d.ts +4 -2
- package/dist/graphIntelligence.js +2 -46
- package/dist/graphRecommendationsClient.d.ts +15 -23
- package/dist/graphRecommendationsClient.js +70 -849
- package/dist/graphStateClassifierClient.d.ts +17 -25
- package/dist/graphStateClassifierClient.js +67 -908
- package/dist/harnessClient.d.ts +40 -47
- package/dist/harnessClient.js +198 -993
- package/dist/identityClient.d.ts +25 -33
- package/dist/identityClient.js +245 -1186
- package/dist/index.d.ts +73 -69
- package/dist/index.js +72 -13313
- package/dist/infisicalRuntime.d.ts +12 -14
- package/dist/infisicalRuntime.js +290 -297
- package/dist/jobsClient.d.ts +24 -32
- package/dist/jobsClient.js +101 -916
- package/dist/learningClient.d.ts +8 -16
- package/dist/learningClient.js +45 -809
- package/dist/lenses/index.d.ts +13 -65
- package/dist/lenses/index.js +11 -10175
- package/dist/mcpClient.d.ts +14 -23
- package/dist/mcpClient.js +115 -856
- package/dist/modelRuntimeClient.d.ts +18 -26
- package/dist/modelRuntimeClient.js +74 -894
- package/dist/nodes/index.d.ts +7 -58
- package/dist/nodes/index.js +14 -10177
- package/dist/ontologies/index.d.ts +21 -73
- package/dist/ontologies/index.js +14 -10178
- package/dist/ontologyClient.d.ts +23 -31
- package/dist/ontologyClient.js +138 -924
- package/dist/ontologyLinksClient.d.ts +16 -24
- package/dist/ontologyLinksClient.js +76 -886
- package/dist/opinion.d.ts +5 -6
- package/dist/opinion.js +21 -25
- package/dist/orgGraphSearchClient.d.ts +19 -27
- package/dist/orgGraphSearchClient.js +89 -857
- package/dist/packRuntime.d.ts +2 -2
- package/dist/packRuntime.js +1 -2
- package/dist/packsClient.d.ts +30 -37
- package/dist/packsClient.js +131 -906
- package/dist/policyClient.d.ts +21 -29
- package/dist/policyClient.js +267 -1026
- package/dist/proof-attestation.json +1 -1
- package/dist/questions/index.d.ts +9 -60
- package/dist/questions/index.js +15 -10178
- package/dist/realtime/index.d.ts +20 -16
- package/dist/realtime/index.js +30 -19
- package/dist/realtime/refs.d.ts +4 -6
- package/dist/realtime/refs.js +12 -7
- package/dist/realtime-refs.d.ts +1 -0
- package/dist/realtime-refs.js +1 -0
- package/dist/realtime.d.ts +1 -0
- package/dist/realtime.js +1 -0
- package/dist/reportsClient.d.ts +10 -19
- package/dist/reportsClient.js +48 -836
- package/dist/schemaClient.d.ts +16 -23
- package/dist/schemaClient.js +62 -832
- package/dist/sdkSurface.d.ts +18 -25
- package/dist/sdkSurface.js +135 -106
- package/dist/secrets.d.ts +2 -1
- package/dist/secrets.js +1 -2
- package/dist/sourcesClient.d.ts +11 -18
- package/dist/sourcesClient.js +18 -741
- package/dist/telemetryClient.d.ts +22 -30
- package/dist/telemetryClient.js +107 -931
- package/dist/toolRegistryClient.d.ts +27 -35
- package/dist/toolRegistryClient.js +116 -954
- package/dist/topics/index.d.ts +13 -64
- package/dist/topics/index.js +15 -10178
- package/dist/topicsClient.d.ts +19 -27
- package/dist/topicsClient.js +106 -894
- package/dist/types.d.ts +84 -87
- package/dist/types.js +1 -2
- package/dist/version.d.ts +2 -3
- package/dist/version.js +2 -5
- package/dist/workflowClient.d.ts +60 -65
- package/dist/workflowClient.js +343 -1219
- package/dist/worktrees/index.d.ts +16 -68
- package/dist/worktrees/index.js +14 -10178
- package/package.json +6 -6
- package/dist/accessControl.js.map +0 -1
- package/dist/adminClient.js.map +0 -1
- package/dist/answersClient.js.map +0 -1
- package/dist/audience/index.js.map +0 -1
- package/dist/audiencesClient.js.map +0 -1
- package/dist/auditClient.js.map +0 -1
- package/dist/authContext.js.map +0 -1
- package/dist/authDeviceClient.js.map +0 -1
- package/dist/beliefs/index.js.map +0 -1
- package/dist/beliefs/lifecycle.js.map +0 -1
- package/dist/beliefsClient.js.map +0 -1
- package/dist/boundaryClientSurface.js.map +0 -1
- package/dist/client.js.map +0 -1
- package/dist/clientAssemblyTypes.js.map +0 -1
- package/dist/clientConfig.js.map +0 -1
- package/dist/clientEvidenceCompat.js.map +0 -1
- package/dist/clientGraphNamespaces.js.map +0 -1
- package/dist/clientHelpers.js.map +0 -1
- package/dist/clientKnowledgeNamespaces.js.map +0 -1
- package/dist/clientLocalHelpers.js.map +0 -1
- package/dist/clientPlatformNamespaces.js.map +0 -1
- package/dist/clientRuntime.js.map +0 -1
- package/dist/clientWorkflowNamespaces.js.map +0 -1
- package/dist/contextClient.js.map +0 -1
- package/dist/contextFacade.js.map +0 -1
- package/dist/contextPackCompiler.js.map +0 -1
- package/dist/contextPackPolicy.js.map +0 -1
- package/dist/contextPackSchema.js.map +0 -1
- package/dist/contextTypes.js.map +0 -1
- package/dist/contracts/api-enums.contract.js.map +0 -1
- package/dist/contracts/auth-session.contract.js.map +0 -1
- package/dist/contracts/context-pack.contract.js.map +0 -1
- package/dist/contracts/contextPack.js.map +0 -1
- package/dist/contracts/index.js.map +0 -1
- package/dist/contracts/lens-filter.contract.js.map +0 -1
- package/dist/contracts/lens-workflow.contract.js.map +0 -1
- package/dist/contracts/lensFilter.js.map +0 -1
- package/dist/contracts/lensWorkflow.js.map +0 -1
- package/dist/contracts/mcpTools.js.map +0 -1
- package/dist/contracts/prompt.contract.js.map +0 -1
- package/dist/contracts/prompt.js.map +0 -1
- package/dist/contracts/sdk-tools.contract.js.map +0 -1
- package/dist/contracts/sdkTools.js.map +0 -1
- package/dist/contracts/tool-contracts.js.map +0 -1
- package/dist/contracts/workflow-runtime.contract.js.map +0 -1
- package/dist/contracts/workflowRuntime.js.map +0 -1
- package/dist/contradictions/index.js.map +0 -1
- package/dist/control-plane.js.map +0 -1
- package/dist/controlObjectOwnership.js.map +0 -1
- package/dist/coreClient.js.map +0 -1
- package/dist/customTools.js.map +0 -1
- package/dist/decisions/index.js.map +0 -1
- package/dist/decisionsClient.js.map +0 -1
- package/dist/domainContext.js.map +0 -1
- package/dist/edges/index.js.map +0 -1
- package/dist/embeddingsClient.js.map +0 -1
- package/dist/eventingClient.js.map +0 -1
- package/dist/events.js.map +0 -1
- package/dist/eventsCore.js.map +0 -1
- package/dist/evidence/index.js.map +0 -1
- package/dist/evidenceClient.js.map +0 -1
- package/dist/facade/context.js.map +0 -1
- package/dist/functionSurface.js.map +0 -1
- package/dist/functionSurfaceClient.js.map +0 -1
- package/dist/gatewayFacades.factories.js.map +0 -1
- package/dist/gatewayFacades.js.map +0 -1
- package/dist/graphAnalysisClient.js.map +0 -1
- package/dist/graphClient.js.map +0 -1
- package/dist/graphIntel.js.map +0 -1
- package/dist/graphIntelligence.js.map +0 -1
- package/dist/graphRecommendationsClient.js.map +0 -1
- package/dist/graphStateClassifierClient.js.map +0 -1
- package/dist/harnessClient.js.map +0 -1
- package/dist/identityClient.js.map +0 -1
- package/dist/index.js.map +0 -1
- package/dist/infisicalRuntime.js.map +0 -1
- package/dist/jobsClient.js.map +0 -1
- package/dist/learningClient.js.map +0 -1
- package/dist/lenses/index.js.map +0 -1
- package/dist/mcpClient.js.map +0 -1
- package/dist/modelRuntimeClient.js.map +0 -1
- package/dist/nodes/index.js.map +0 -1
- package/dist/ontologies/index.js.map +0 -1
- package/dist/ontologyClient.js.map +0 -1
- package/dist/ontologyLinksClient.js.map +0 -1
- package/dist/opinion.js.map +0 -1
- package/dist/orgGraphSearchClient.js.map +0 -1
- package/dist/packRuntime.js.map +0 -1
- package/dist/packsClient.js.map +0 -1
- package/dist/policyClient.js.map +0 -1
- package/dist/questions/index.js.map +0 -1
- package/dist/realtime/index.js.map +0 -1
- package/dist/realtime/refs.js.map +0 -1
- package/dist/reportsClient.js.map +0 -1
- package/dist/schemaClient.js.map +0 -1
- package/dist/sdk-tools.contract-B4c1Zr1o.d.ts +0 -22
- package/dist/sdkSurface.js.map +0 -1
- package/dist/secrets.js.map +0 -1
- package/dist/sourcesClient.js.map +0 -1
- package/dist/telemetryClient.js.map +0 -1
- package/dist/tool-contracts-BUiL9P6z.d.ts +0 -22
- package/dist/toolRegistryClient.js.map +0 -1
- package/dist/topics/index.js.map +0 -1
- package/dist/topicsClient.js.map +0 -1
- package/dist/types.js.map +0 -1
- package/dist/version.js.map +0 -1
- package/dist/workflowClient.js.map +0 -1
- package/dist/worktrees/index.js.map +0 -1
|
@@ -1,901 +1,81 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
3
|
-
import {
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
};
|
|
17
|
-
function cleanString(value) {
|
|
18
|
-
const normalized = value?.trim();
|
|
19
|
-
return normalized ? normalized : void 0;
|
|
20
|
-
}
|
|
21
|
-
function cleanStringList(values) {
|
|
22
|
-
if (!values) {
|
|
23
|
-
return [];
|
|
24
|
-
}
|
|
25
|
-
return values.map((value) => value.trim()).filter(
|
|
26
|
-
(value, index, list) => value.length > 0 && list.indexOf(value) === index
|
|
27
|
-
);
|
|
28
|
-
}
|
|
29
|
-
function requireString(value, reason, label) {
|
|
30
|
-
const normalized = cleanString(value);
|
|
31
|
-
if (!normalized) {
|
|
32
|
-
throw new LucernSdkAuthContextError(
|
|
33
|
-
reason,
|
|
34
|
-
`Canonical Lucern SDK auth context is missing ${label}.`
|
|
35
|
-
);
|
|
36
|
-
}
|
|
37
|
-
return normalized;
|
|
38
|
-
}
|
|
39
|
-
function requirePrincipalType(principalType) {
|
|
40
|
-
if (!principalType) {
|
|
41
|
-
throw new LucernSdkAuthContextError(
|
|
42
|
-
"principal_missing",
|
|
43
|
-
"Canonical Lucern SDK auth context is missing principalType."
|
|
44
|
-
);
|
|
45
|
-
}
|
|
46
|
-
return principalType;
|
|
47
|
-
}
|
|
48
|
-
function requireAuthMode(authMode) {
|
|
49
|
-
if (!authMode) {
|
|
50
|
-
throw new LucernSdkAuthContextError(
|
|
51
|
-
"principal_missing",
|
|
52
|
-
"Canonical Lucern SDK auth context is missing authMode."
|
|
53
|
-
);
|
|
54
|
-
}
|
|
55
|
-
return authMode;
|
|
56
|
-
}
|
|
57
|
-
function ensurePermitMatch(args) {
|
|
58
|
-
const actual = cleanString(args.actual);
|
|
59
|
-
if (actual && actual !== args.expected) {
|
|
60
|
-
throw new LucernSdkAuthContextError(
|
|
61
|
-
"policy_denied",
|
|
62
|
-
`Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`
|
|
63
|
-
);
|
|
64
|
-
}
|
|
65
|
-
}
|
|
66
|
-
function normalizeCanonicalLucernAuthContext(input) {
|
|
67
|
-
if (!input) {
|
|
68
|
-
throw new LucernSdkAuthContextError(
|
|
69
|
-
"principal_missing",
|
|
70
|
-
"Canonical Lucern SDK auth context is required."
|
|
71
|
-
);
|
|
72
|
-
}
|
|
73
|
-
if (input.policyDecision === "deny") {
|
|
74
|
-
throw new LucernSdkAuthContextError(
|
|
75
|
-
"policy_denied",
|
|
76
|
-
"Canonical Lucern SDK auth context carries a denied policy decision."
|
|
77
|
-
);
|
|
78
|
-
}
|
|
79
|
-
const principalId = requireString(
|
|
80
|
-
input.principalId,
|
|
81
|
-
"principal_missing",
|
|
82
|
-
"principalId"
|
|
83
|
-
);
|
|
84
|
-
const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
|
|
85
|
-
const workspaceId = requireString(
|
|
86
|
-
input.workspaceId,
|
|
87
|
-
"workspace_missing",
|
|
88
|
-
"workspaceId"
|
|
89
|
-
);
|
|
90
|
-
const roles = cleanStringList(input.roles);
|
|
91
|
-
const scopes = cleanStringList(input.scopes);
|
|
92
|
-
const principalType = requirePrincipalType(input.principalType);
|
|
93
|
-
const authMode = requireAuthMode(input.authMode);
|
|
94
|
-
const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
|
|
95
|
-
if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
|
|
96
|
-
throw new LucernSdkAuthContextError(
|
|
97
|
-
"membership_missing",
|
|
98
|
-
"Canonical Lucern SDK auth context requires non-empty roles and scopes."
|
|
99
|
-
);
|
|
100
|
-
}
|
|
101
|
-
const subject = cleanString(input.permit?.subject) ?? principalId;
|
|
102
|
-
const tenant = cleanString(input.permit?.tenant) ?? tenantId;
|
|
103
|
-
const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
|
|
104
|
-
ensurePermitMatch({
|
|
105
|
-
field: "subject",
|
|
106
|
-
expected: principalId,
|
|
107
|
-
actual: subject
|
|
108
|
-
});
|
|
109
|
-
ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
|
|
110
|
-
ensurePermitMatch({
|
|
111
|
-
field: "workspace",
|
|
112
|
-
expected: workspaceId,
|
|
113
|
-
actual: workspace
|
|
114
|
-
});
|
|
115
|
-
const context = input.permit?.context ? { ...input.permit.context } : void 0;
|
|
116
|
-
return {
|
|
117
|
-
clerkId: cleanString(input.clerkId),
|
|
118
|
-
principalId,
|
|
119
|
-
tenantId,
|
|
120
|
-
workspaceId,
|
|
121
|
-
principalType,
|
|
122
|
-
authMode,
|
|
123
|
-
roles,
|
|
124
|
-
scopes,
|
|
125
|
-
delegationChain: input.delegationChain ? [...input.delegationChain] : [],
|
|
126
|
-
policyTraceId: cleanString(input.policyTraceId),
|
|
127
|
-
correlationId: cleanString(input.correlationId),
|
|
128
|
-
membershipId: cleanString(input.membershipId),
|
|
129
|
-
permit: {
|
|
130
|
-
subject,
|
|
131
|
-
tenant,
|
|
132
|
-
workspace,
|
|
133
|
-
resource: cleanString(input.permit?.resource),
|
|
134
|
-
action: cleanString(input.permit?.action),
|
|
135
|
-
relation: cleanString(input.permit?.relation),
|
|
136
|
-
context
|
|
137
|
-
}
|
|
138
|
-
};
|
|
139
|
-
}
|
|
140
|
-
function createCanonicalAuthHeaders(authContext) {
|
|
141
|
-
const headers = {
|
|
142
|
-
"x-lucern-principal-id": authContext.principalId,
|
|
143
|
-
"x-lucern-principal-type": authContext.principalType,
|
|
144
|
-
"x-lucern-tenant": authContext.tenantId,
|
|
145
|
-
"x-lucern-tenant-id": authContext.tenantId,
|
|
146
|
-
"x-lucern-workspace": authContext.workspaceId,
|
|
147
|
-
"x-lucern-workspace-id": authContext.workspaceId,
|
|
148
|
-
"x-lucern-auth-mode": authContext.authMode,
|
|
149
|
-
"x-lucern-roles": authContext.roles.join(","),
|
|
150
|
-
"x-lucern-scopes": authContext.scopes.join(","),
|
|
151
|
-
"x-lucern-permit-context": JSON.stringify(authContext.permit)
|
|
152
|
-
};
|
|
153
|
-
if (authContext.clerkId) {
|
|
154
|
-
headers["x-lucern-clerk-id"] = authContext.clerkId;
|
|
155
|
-
headers["x-lucern-user-id"] = authContext.clerkId;
|
|
156
|
-
}
|
|
157
|
-
if (authContext.delegationChain.length > 0) {
|
|
158
|
-
headers["x-lucern-delegation-chain"] = JSON.stringify(
|
|
159
|
-
authContext.delegationChain
|
|
160
|
-
);
|
|
161
|
-
}
|
|
162
|
-
if (authContext.policyTraceId) {
|
|
163
|
-
headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
|
|
164
|
-
}
|
|
165
|
-
if (authContext.correlationId) {
|
|
166
|
-
headers["x-correlation-id"] = authContext.correlationId;
|
|
167
|
-
headers["x-lucern-correlation-id"] = authContext.correlationId;
|
|
168
|
-
}
|
|
169
|
-
if (authContext.membershipId) {
|
|
170
|
-
headers["x-lucern-membership-id"] = authContext.membershipId;
|
|
171
|
-
}
|
|
172
|
-
return headers;
|
|
173
|
-
}
|
|
174
|
-
|
|
175
|
-
// src/coreClient.ts
|
|
176
|
-
var DEFAULT_GATEWAY_TIMEOUT_MS = 15e3;
|
|
177
|
-
var DEFAULT_GATEWAY_MAX_RETRIES = 2;
|
|
178
|
-
var DEFAULT_ENV_TIMEOUT_MS = "LUCERN_REQUEST_TIMEOUT_MS";
|
|
179
|
-
var DEFAULT_ENV_MAX_RETRIES = "LUCERN_GATEWAY_MAX_RETRIES";
|
|
180
|
-
var ENV_TIMEOUT_BY_METHOD_PREFIX = "LUCERN_REQUEST_TIMEOUT_MS_";
|
|
181
|
-
var GatewayTimeoutError = class extends Error {
|
|
182
|
-
retryable = true;
|
|
183
|
-
timeoutMs;
|
|
184
|
-
constructor(timeoutMs) {
|
|
185
|
-
super(`Request timed out after ${timeoutMs}ms`);
|
|
186
|
-
this.name = "AbortError";
|
|
187
|
-
this.timeoutMs = timeoutMs;
|
|
188
|
-
}
|
|
189
|
-
};
|
|
190
|
-
var GatewayTransportError = class extends Error {
|
|
191
|
-
retryable;
|
|
192
|
-
cause;
|
|
193
|
-
constructor(message, options) {
|
|
194
|
-
super(message);
|
|
195
|
-
this.name = "GatewayTransportError";
|
|
196
|
-
this.retryable = options?.retryable ?? true;
|
|
197
|
-
this.cause = options?.cause;
|
|
198
|
-
}
|
|
199
|
-
};
|
|
200
|
-
function isGatewayRetryableError(error) {
|
|
201
|
-
return error instanceof GatewayTimeoutError && error.retryable || error instanceof GatewayTransportError && error.retryable || false;
|
|
202
|
-
}
|
|
203
|
-
var LucernApiError = class extends Error {
|
|
204
|
-
code;
|
|
205
|
-
status;
|
|
206
|
-
invariant;
|
|
207
|
-
suggestion;
|
|
208
|
-
details;
|
|
209
|
-
requestId;
|
|
210
|
-
correlationId;
|
|
211
|
-
policyTraceId;
|
|
212
|
-
constructor(args) {
|
|
213
|
-
super(args.message);
|
|
214
|
-
this.name = "LucernApiError";
|
|
215
|
-
this.code = args.code;
|
|
216
|
-
this.status = args.status;
|
|
217
|
-
this.invariant = args.invariant;
|
|
218
|
-
this.suggestion = args.suggestion;
|
|
219
|
-
this.details = args.details;
|
|
220
|
-
this.requestId = args.requestId;
|
|
221
|
-
this.correlationId = args.correlationId;
|
|
222
|
-
this.policyTraceId = args.policyTraceId;
|
|
223
|
-
}
|
|
224
|
-
};
|
|
225
|
-
function toQueryString(scope) {
|
|
226
|
-
const params = new URLSearchParams();
|
|
227
|
-
if (scope.tenantId) {
|
|
228
|
-
params.set("tenantId", scope.tenantId);
|
|
229
|
-
}
|
|
230
|
-
if (scope.workspaceId) {
|
|
231
|
-
params.set("workspaceId", scope.workspaceId);
|
|
232
|
-
}
|
|
233
|
-
for (const [key, value] of Object.entries(scope)) {
|
|
234
|
-
if (key === "tenantId" || key === "workspaceId") {
|
|
235
|
-
continue;
|
|
236
|
-
}
|
|
237
|
-
if (value === void 0) {
|
|
238
|
-
continue;
|
|
239
|
-
}
|
|
240
|
-
params.set(key, String(value));
|
|
241
|
-
}
|
|
242
|
-
const serialized = params.toString();
|
|
243
|
-
return serialized.length > 0 ? `?${serialized}` : "";
|
|
244
|
-
}
|
|
245
|
-
function fillRandomBytes(length) {
|
|
246
|
-
const bytes = new Uint8Array(length);
|
|
247
|
-
if (typeof globalThis.crypto?.getRandomValues === "function") {
|
|
248
|
-
globalThis.crypto.getRandomValues(bytes);
|
|
249
|
-
return bytes;
|
|
250
|
-
}
|
|
251
|
-
for (let index = 0; index < length; index += 1) {
|
|
252
|
-
bytes[index] = Math.floor(Math.random() * 256);
|
|
253
|
-
}
|
|
254
|
-
return bytes;
|
|
255
|
-
}
|
|
256
|
-
function generatePortableRequestId() {
|
|
257
|
-
if (typeof globalThis.crypto?.randomUUID === "function") {
|
|
258
|
-
return globalThis.crypto.randomUUID();
|
|
259
|
-
}
|
|
260
|
-
const bytes = fillRandomBytes(16);
|
|
261
|
-
bytes[6] = bytes[6] & 15 | 64;
|
|
262
|
-
bytes[8] = bytes[8] & 63 | 128;
|
|
263
|
-
const hex = Array.from(bytes, (value) => value.toString(16).padStart(2, "0"));
|
|
264
|
-
return `${hex.slice(0, 4).join("")}-${hex.slice(4, 6).join("")}-${hex.slice(
|
|
265
|
-
6,
|
|
266
|
-
8
|
|
267
|
-
).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
|
|
268
|
-
}
|
|
269
|
-
function resolveEnvironment() {
|
|
270
|
-
const processEnv = typeof globalThis === "object" && globalThis !== null && "process" in globalThis ? globalThis.process : void 0;
|
|
271
|
-
const env = processEnv !== void 0 && typeof processEnv === "object" && processEnv !== null && typeof processEnv.env === "object" ? processEnv.env : void 0;
|
|
272
|
-
return {
|
|
273
|
-
get: (name) => {
|
|
274
|
-
const value = env?.[name];
|
|
275
|
-
return typeof value === "string" && value.length > 0 ? value : void 0;
|
|
276
|
-
}
|
|
277
|
-
};
|
|
278
|
-
}
|
|
279
|
-
function telemetryEnvironmentRecord(environment) {
|
|
280
|
-
const names = [
|
|
281
|
-
"LUCERN_TELEMETRY_ENABLED",
|
|
282
|
-
"AXIOM_TELEMETRY_ENABLED",
|
|
283
|
-
"LUCERN_AXIOM_TOKEN",
|
|
284
|
-
"AXIOM_TOKEN",
|
|
285
|
-
"LUCERN_AXIOM_EVENTS_DATASET",
|
|
286
|
-
"LUCERN_AXIOM_DATASET",
|
|
287
|
-
"AXIOM_EVENTS_DATASET",
|
|
288
|
-
"AXIOM_DATASET",
|
|
289
|
-
"LUCERN_AXIOM_API_URL",
|
|
290
|
-
"AXIOM_URL",
|
|
291
|
-
"LUCERN_ENVIRONMENT",
|
|
292
|
-
"NODE_ENV",
|
|
293
|
-
"LUCERN_RELEASE",
|
|
294
|
-
"SENTRY_RELEASE",
|
|
295
|
-
"VERCEL_GIT_COMMIT_SHA"
|
|
296
|
-
];
|
|
297
|
-
return Object.fromEntries(
|
|
298
|
-
names.map((name) => [name, environment.get(name)])
|
|
299
|
-
);
|
|
300
|
-
}
|
|
301
|
-
function resolveRequestProfile(config, environment) {
|
|
302
|
-
const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
|
|
303
|
-
const parsedMaxRetries = parseIntegerFromString(
|
|
304
|
-
config.maxRetries,
|
|
305
|
-
environment.get(DEFAULT_ENV_MAX_RETRIES)
|
|
306
|
-
);
|
|
307
|
-
const parsedTimeoutMs = parseIntegerFromString(
|
|
308
|
-
config.timeoutMs,
|
|
309
|
-
environment.get(DEFAULT_ENV_TIMEOUT_MS)
|
|
310
|
-
);
|
|
311
|
-
const methodTimeouts = {
|
|
312
|
-
...config.timeoutMsByMethod
|
|
313
|
-
};
|
|
314
|
-
for (const method of ["GET", "POST", "PUT", "PATCH", "DELETE"]) {
|
|
315
|
-
const envKey = `${ENV_TIMEOUT_BY_METHOD_PREFIX}${method}`;
|
|
316
|
-
const raw = environment.get(envKey);
|
|
317
|
-
if (!raw || methodTimeouts[method] !== void 0) {
|
|
318
|
-
continue;
|
|
319
|
-
}
|
|
320
|
-
const parsed = parseIntegerFromString(void 0, raw);
|
|
321
|
-
if (typeof parsed === "number") {
|
|
322
|
-
methodTimeouts[method] = parsed;
|
|
323
|
-
}
|
|
324
|
-
}
|
|
325
|
-
return {
|
|
326
|
-
maxRetries: parsedMaxRetries ?? DEFAULT_GATEWAY_MAX_RETRIES,
|
|
327
|
-
timeoutMs: parsedTimeoutMs ?? DEFAULT_GATEWAY_TIMEOUT_MS,
|
|
328
|
-
timeoutMsByMethod: methodTimeouts,
|
|
329
|
-
requestIdFactory
|
|
330
|
-
};
|
|
331
|
-
}
|
|
332
|
-
function createGatewayRuntime(config, environment) {
|
|
333
|
-
return {
|
|
334
|
-
fetch: config.fetchImpl ?? fetch,
|
|
335
|
-
now: () => Date.now(),
|
|
336
|
-
sleep: (ms) => delay(ms),
|
|
337
|
-
env: environment,
|
|
338
|
-
redaction: resolveRequestRedactionValue,
|
|
339
|
-
profile: resolveRequestProfile(config, environment)
|
|
340
|
-
};
|
|
341
|
-
}
|
|
342
|
-
function parseIntegerFromString(value, rawValue) {
|
|
343
|
-
if (typeof value === "number" && Number.isInteger(value) && value >= 0) {
|
|
344
|
-
return value;
|
|
345
|
-
}
|
|
346
|
-
if (typeof rawValue !== "string" || !rawValue.trim()) {
|
|
347
|
-
return void 0;
|
|
348
|
-
}
|
|
349
|
-
const parsed = Number.parseInt(rawValue, 10);
|
|
350
|
-
return Number.isInteger(parsed) && parsed >= 0 ? parsed : void 0;
|
|
351
|
-
}
|
|
352
|
-
function resolveRequestRedactionValue(value) {
|
|
353
|
-
return redactDiagnosticValue(value);
|
|
354
|
-
}
|
|
355
|
-
function resolveGatewayBaseUrl(configBaseUrl, environment) {
|
|
356
|
-
const envBaseUrl = environment.get("LUCERN_API_URL") ?? environment.get("LUCERN_BASE_URL") ?? environment.get("LUCERN_GATEWAY_BASE_URL");
|
|
357
|
-
return (configBaseUrl ?? envBaseUrl ?? "").replace(/\/+$/, "");
|
|
358
|
-
}
|
|
359
|
-
function normalizeGatewayEnvironment(value) {
|
|
360
|
-
return value === "sandbox" || value === "production" ? value : void 0;
|
|
361
|
-
}
|
|
362
|
-
var randomIdempotencyKey = generatePortableRequestId;
|
|
363
|
-
function fallbackErrorCode(status) {
|
|
364
|
-
if (status === 401) {
|
|
365
|
-
return "AUTHENTICATION_REQUIRED";
|
|
366
|
-
}
|
|
367
|
-
if (status === 403) {
|
|
368
|
-
return "FORBIDDEN";
|
|
369
|
-
}
|
|
370
|
-
if (status === 404) {
|
|
371
|
-
return "NOT_FOUND";
|
|
372
|
-
}
|
|
373
|
-
if (status === 408) {
|
|
374
|
-
return "UPSTREAM_ERROR";
|
|
375
|
-
}
|
|
376
|
-
if (status === 409) {
|
|
377
|
-
return "CONFLICT";
|
|
378
|
-
}
|
|
379
|
-
if (status === 429) {
|
|
380
|
-
return "RATE_LIMIT_EXCEEDED";
|
|
381
|
-
}
|
|
382
|
-
if (status >= 500) {
|
|
383
|
-
return "UPSTREAM_ERROR";
|
|
384
|
-
}
|
|
385
|
-
return "INTERNAL_ERROR";
|
|
386
|
-
}
|
|
387
|
-
function delay(ms) {
|
|
388
|
-
return new Promise((resolve) => setTimeout(resolve, ms));
|
|
389
|
-
}
|
|
390
|
-
function computeRetryDelayMs(args) {
|
|
391
|
-
const baseDelay = args.status === 429 ? Math.max(
|
|
392
|
-
args.retryAfterMs ?? 0,
|
|
393
|
-
Math.min(1e3 * 2 ** args.attempt, 1e4)
|
|
394
|
-
) : Math.min(1e3 * 2 ** args.attempt, 4e3);
|
|
395
|
-
if (args.status !== 429) {
|
|
396
|
-
return baseDelay;
|
|
397
|
-
}
|
|
398
|
-
const jitterWindow = Math.max(250, Math.round(baseDelay * 0.25));
|
|
399
|
-
return baseDelay + Math.round(Math.random() * jitterWindow);
|
|
400
|
-
}
|
|
401
|
-
function classifyGatewayErrorForRetry(error) {
|
|
402
|
-
return isGatewayRetryableError(error) || classifyRetry({ error }).retryable;
|
|
403
|
-
}
|
|
404
|
-
function isRecord(value) {
|
|
405
|
-
return value !== null && typeof value === "object" && !Array.isArray(value);
|
|
406
|
-
}
|
|
407
|
-
function readPolicySummaryFromDetails(details) {
|
|
408
|
-
if (!isRecord(details)) {
|
|
409
|
-
return null;
|
|
410
|
-
}
|
|
411
|
-
const directSummary = details.summary;
|
|
412
|
-
if (typeof directSummary === "string" && directSummary.trim().length > 0) {
|
|
413
|
-
return directSummary.trim();
|
|
414
|
-
}
|
|
415
|
-
const policy = details.policy;
|
|
416
|
-
if (!isRecord(policy)) {
|
|
417
|
-
return null;
|
|
418
|
-
}
|
|
419
|
-
const explanation = policy.explanation;
|
|
420
|
-
if (!isRecord(explanation)) {
|
|
421
|
-
return null;
|
|
422
|
-
}
|
|
423
|
-
const nestedSummary = explanation.summary;
|
|
424
|
-
if (typeof nestedSummary === "string" && nestedSummary.trim().length > 0) {
|
|
425
|
-
return nestedSummary.trim();
|
|
426
|
-
}
|
|
427
|
-
return null;
|
|
428
|
-
}
|
|
429
|
-
function redactJsonDiagnosticValue(value) {
|
|
430
|
-
return value === void 0 ? void 0 : redactDiagnosticValue(value);
|
|
431
|
-
}
|
|
432
|
-
async function resolveConfiguredAuthContext(authContext) {
|
|
433
|
-
if (typeof authContext === "function") {
|
|
434
|
-
return await authContext();
|
|
435
|
-
}
|
|
436
|
-
return authContext;
|
|
437
|
-
}
|
|
438
|
-
function mergeHeaderRecord(base, addition) {
|
|
439
|
-
const headers = new Headers(base);
|
|
440
|
-
for (const [key, value] of Object.entries(addition)) {
|
|
441
|
-
const existing = headers.get(key);
|
|
442
|
-
if (existing !== null && existing !== value) {
|
|
443
|
-
throw new LucernSdkAuthContextError(
|
|
444
|
-
"policy_denied",
|
|
445
|
-
`Canonical Lucern SDK auth context conflicts with existing ${key} header.`
|
|
446
|
-
);
|
|
447
|
-
}
|
|
448
|
-
headers.set(key, value);
|
|
449
|
-
}
|
|
450
|
-
return Object.fromEntries(headers.entries());
|
|
451
|
-
}
|
|
452
|
-
function cleanHeaderValue(value) {
|
|
453
|
-
const normalized = value?.trim();
|
|
454
|
-
return normalized ? normalized : void 0;
|
|
455
|
-
}
|
|
456
|
-
function createGatewayRequestClient(config = {}) {
|
|
457
|
-
const env = resolveEnvironment();
|
|
458
|
-
const runtime = createGatewayRuntime(config, env);
|
|
459
|
-
const baseUrl = resolveGatewayBaseUrl(config.baseUrl, env);
|
|
460
|
-
const maxRetries = runtime.profile.maxRetries;
|
|
461
|
-
const requestIdFactory = runtime.profile.requestIdFactory;
|
|
462
|
-
const requestTimeoutByMethod = runtime.profile.timeoutMsByMethod;
|
|
463
|
-
const defaultRequestTimeoutMs = runtime.profile.timeoutMs;
|
|
464
|
-
const normalizedEnvironment = normalizeGatewayEnvironment(config.environment);
|
|
465
|
-
const telemetryExporter = config.telemetryEnabled === false ? null : config.telemetryExporter ?? createTelemetryExporterFromEnv(telemetryEnvironmentRecord(env), {
|
|
466
|
-
service: "lucern-sdk",
|
|
467
|
-
environment: normalizedEnvironment
|
|
468
|
-
});
|
|
469
|
-
async function resolveAuthHeaders() {
|
|
470
|
-
const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};
|
|
471
|
-
const headers = new Headers(provided);
|
|
472
|
-
const setIfAbsent = (name, value) => {
|
|
473
|
-
const normalized = cleanHeaderValue(value);
|
|
474
|
-
if (normalized && !headers.has(name)) {
|
|
475
|
-
headers.set(name, normalized);
|
|
476
|
-
}
|
|
477
|
-
};
|
|
478
|
-
setIfAbsent("x-lucern-key", config.apiKey);
|
|
479
|
-
setIfAbsent("x-lucern-session-token", config.userToken);
|
|
480
|
-
setIfAbsent("x-lucern-environment", normalizedEnvironment);
|
|
481
|
-
setIfAbsent("x-lucern-clerk-id", config.clerkId);
|
|
482
|
-
setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
|
|
483
|
-
setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
|
|
484
|
-
const base = Object.fromEntries(headers.entries());
|
|
485
|
-
const authContextInput = await resolveConfiguredAuthContext(
|
|
486
|
-
config.authContext
|
|
487
|
-
);
|
|
488
|
-
if (!authContextInput && !config.requireCanonicalAuthContext) {
|
|
489
|
-
return base;
|
|
490
|
-
}
|
|
491
|
-
const authContext = normalizeCanonicalLucernAuthContext(authContextInput);
|
|
492
|
-
return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));
|
|
493
|
-
}
|
|
494
|
-
async function fetchWithTimeout(url, init, timeoutMs) {
|
|
495
|
-
const normalizeTransportError = (error, isTimeout) => {
|
|
496
|
-
if (isTimeout) {
|
|
497
|
-
return new GatewayTimeoutError(timeoutMs);
|
|
498
|
-
}
|
|
499
|
-
return error instanceof GatewayTimeoutError || error instanceof GatewayTransportError ? error : new GatewayTransportError(
|
|
500
|
-
error instanceof Error ? error.message : "Gateway transport error",
|
|
501
|
-
{
|
|
502
|
-
cause: error,
|
|
503
|
-
retryable: classifyGatewayErrorForRetry(error)
|
|
504
|
-
}
|
|
505
|
-
);
|
|
506
|
-
};
|
|
507
|
-
const controller = new AbortController();
|
|
508
|
-
const timer = setTimeout(() => controller.abort(), timeoutMs);
|
|
509
|
-
const requestEffect = Effect.tryPromise({
|
|
510
|
-
try: () => runtime.fetch(url, { ...init, signal: controller.signal }),
|
|
511
|
-
catch: (error) => normalizeTransportError(error, controller.signal.aborted)
|
|
512
|
-
});
|
|
513
|
-
try {
|
|
514
|
-
const exit = await Effect.runPromiseExit(requestEffect);
|
|
515
|
-
if (Exit.isSuccess(exit)) {
|
|
516
|
-
return exit.value;
|
|
517
|
-
}
|
|
518
|
-
const failure = Array.from(Cause.failures(exit.cause))[0];
|
|
519
|
-
if (failure !== void 0) {
|
|
520
|
-
throw failure;
|
|
521
|
-
}
|
|
522
|
-
throw Cause.squash(exit.cause);
|
|
523
|
-
} finally {
|
|
524
|
-
clearTimeout(timer);
|
|
525
|
-
}
|
|
526
|
-
}
|
|
527
|
-
async function emitSdkResponseTelemetry(context) {
|
|
528
|
-
const retry = classifyRetry({
|
|
529
|
-
status: context.status,
|
|
530
|
-
error: context.error,
|
|
531
|
-
retryAfter: context.retryAfterMs !== null && context.retryAfterMs !== void 0 ? String(context.retryAfterMs / 1e3) : void 0
|
|
532
|
-
});
|
|
533
|
-
await emitTelemetrySignal(telemetryExporter, {
|
|
534
|
-
signalType: "trace",
|
|
535
|
-
surface: "sdk-retry",
|
|
536
|
-
eventName: context.willRetry ? "sdk.retry" : context.error ? "sdk.request.error" : "sdk.request.complete",
|
|
537
|
-
severity: context.error ? context.willRetry ? "warn" : "error" : "info",
|
|
538
|
-
durationMs: context.durationMs,
|
|
539
|
-
metricName: "sdk.request.duration_ms",
|
|
540
|
-
metricValue: context.durationMs,
|
|
541
|
-
correlationId: context.correlationId ?? context.requestId,
|
|
542
|
-
policyTraceId: context.policyTraceId ?? null,
|
|
543
|
-
tenantId: context.headers.get("x-lucern-tenant-id") ?? context.headers.get("x-lucern-tenant") ?? void 0,
|
|
544
|
-
workspaceId: context.headers.get("x-lucern-workspace-id") ?? context.headers.get("x-lucern-workspace") ?? void 0,
|
|
545
|
-
attributes: {
|
|
546
|
-
service: "lucern-sdk",
|
|
547
|
-
operation: "gateway.request",
|
|
548
|
-
path: context.path,
|
|
549
|
-
httpMethod: context.method,
|
|
550
|
-
httpStatus: context.status,
|
|
551
|
-
attempt: context.attempt,
|
|
552
|
-
maxRetries: context.maxRetries,
|
|
553
|
-
retryReason: retry.reason,
|
|
554
|
-
retryAfterMs: context.retryAfterMs ?? retry.retryAfterMs,
|
|
555
|
-
willRetry: context.willRetry,
|
|
556
|
-
retryable: retry.retryable,
|
|
557
|
-
errorName: context.error instanceof Error ? context.error.name : void 0,
|
|
558
|
-
errorMessage: context.error instanceof Error ? context.error.message : void 0
|
|
559
|
-
}
|
|
560
|
-
});
|
|
561
|
-
}
|
|
562
|
-
async function parsePayload(response) {
|
|
563
|
-
const text = await response.text();
|
|
564
|
-
if (!text) {
|
|
565
|
-
return null;
|
|
566
|
-
}
|
|
567
|
-
const parsed = tryParseGatewayEnvelopeJson(text);
|
|
568
|
-
if (!parsed.ok) {
|
|
569
|
-
return null;
|
|
570
|
-
}
|
|
571
|
-
return isRecord(parsed.value) ? parsed.value : null;
|
|
572
|
-
}
|
|
573
|
-
function resolveTimeoutMs(method, requestTimeoutMs) {
|
|
574
|
-
if (typeof requestTimeoutMs === "number") {
|
|
575
|
-
return requestTimeoutMs;
|
|
576
|
-
}
|
|
577
|
-
const methodTimeoutMs = requestTimeoutByMethod?.[method];
|
|
578
|
-
if (typeof methodTimeoutMs === "number") {
|
|
579
|
-
return methodTimeoutMs;
|
|
580
|
-
}
|
|
581
|
-
return defaultRequestTimeoutMs;
|
|
582
|
-
}
|
|
583
|
-
function tryParseGatewayEnvelopeJson(text) {
|
|
584
|
-
const trimmed = text.trim();
|
|
585
|
-
if (!trimmed.startsWith("{") && !trimmed.startsWith("[")) {
|
|
586
|
-
return { ok: false, reason: "non-json" };
|
|
587
|
-
}
|
|
588
|
-
try {
|
|
589
|
-
return { ok: true, value: JSON.parse(trimmed) };
|
|
590
|
-
} catch (error) {
|
|
591
|
-
if (error instanceof SyntaxError) {
|
|
592
|
-
return { ok: false, reason: "invalid-json", error };
|
|
593
|
-
}
|
|
594
|
-
throw error;
|
|
595
|
-
}
|
|
596
|
-
}
|
|
597
|
-
function buildApiError(args) {
|
|
598
|
-
const failure = args.failure;
|
|
599
|
-
const legacyError = failure && isRecord(failure.error) ? failure.error : failure?.legacyError;
|
|
600
|
-
const correlationId = failure?.correlationId ?? args.response.headers.get("x-lucern-correlation-id")?.trim() ?? args.requestId;
|
|
601
|
-
const policyTraceId = failure?.policyTraceId ?? args.response.headers.get("x-lucern-policy-trace-id")?.trim() ?? null;
|
|
602
|
-
const details = runtime.redaction(
|
|
603
|
-
redactJsonDiagnosticValue(failure?.details ?? legacyError?.details)
|
|
604
|
-
);
|
|
605
|
-
const policySummary = readPolicySummaryFromDetails(details);
|
|
606
|
-
const failureMessage = typeof failure?.error === "string" ? failure.error : legacyError?.message;
|
|
607
|
-
return new LucernApiError({
|
|
608
|
-
code: failure?.code ?? legacyError?.code ?? fallbackErrorCode(args.response.status),
|
|
609
|
-
message: policySummary ?? failureMessage ?? (args.response.ok ? "Platform API returned an invalid success payload." : "Platform API request failed."),
|
|
610
|
-
status: args.response.status,
|
|
611
|
-
invariant: failure?.invariant,
|
|
612
|
-
suggestion: failure?.suggestion,
|
|
613
|
-
details,
|
|
614
|
-
requestId: args.requestId,
|
|
615
|
-
correlationId,
|
|
616
|
-
policyTraceId
|
|
617
|
-
});
|
|
618
|
-
}
|
|
619
|
-
async function request(args) {
|
|
620
|
-
const authHeaders = await resolveAuthHeaders();
|
|
621
|
-
const method = args.method ?? "GET";
|
|
622
|
-
const timeoutMs = resolveTimeoutMs(method, args.timeoutMs);
|
|
623
|
-
const headers = new Headers({
|
|
624
|
-
"content-type": "application/json",
|
|
625
|
-
...authHeaders
|
|
626
|
-
});
|
|
627
|
-
if (args.idempotencyKey) {
|
|
628
|
-
headers.set("idempotency-key", args.idempotencyKey);
|
|
629
|
-
}
|
|
630
|
-
const requestId = headers.get("x-correlation-id")?.trim() || headers.get("x-request-id")?.trim() || args.requestId || requestIdFactory();
|
|
631
|
-
if (!headers.has("x-correlation-id") && !headers.has("x-request-id")) {
|
|
632
|
-
headers.set("x-correlation-id", requestId);
|
|
633
|
-
}
|
|
634
|
-
const url = `${baseUrl}${args.path}`;
|
|
635
|
-
const serializedBody = args.body ? JSON.stringify(args.body) : void 0;
|
|
636
|
-
const init = {
|
|
637
|
-
method,
|
|
638
|
-
headers,
|
|
639
|
-
body: serializedBody
|
|
640
|
-
};
|
|
641
|
-
let lastError;
|
|
642
|
-
for (let attempt = 0; attempt <= maxRetries; attempt++) {
|
|
643
|
-
const hookRequestContext = {
|
|
644
|
-
requestId,
|
|
645
|
-
attempt,
|
|
646
|
-
maxRetries,
|
|
647
|
-
method,
|
|
648
|
-
path: args.path,
|
|
649
|
-
url,
|
|
650
|
-
headers: new Headers(headers),
|
|
651
|
-
body: serializedBody,
|
|
652
|
-
timeoutMs
|
|
653
|
-
};
|
|
654
|
-
await config.onRequest?.(hookRequestContext);
|
|
655
|
-
const startedAt = Date.now();
|
|
656
|
-
try {
|
|
657
|
-
const response = await fetchWithTimeout(url, init, timeoutMs);
|
|
658
|
-
const responseClone = response.clone();
|
|
659
|
-
const payload = await parsePayload(response);
|
|
660
|
-
const retry = classifyRetry({
|
|
661
|
-
status: response.status,
|
|
662
|
-
retryAfter: response.headers.get("Retry-After")
|
|
663
|
-
});
|
|
664
|
-
const retryAfterMs = retry.retryAfterMs ?? null;
|
|
665
|
-
if (!response.ok || !payload?.success) {
|
|
666
|
-
const failure = payload && !payload.success ? payload : null;
|
|
667
|
-
const apiError = buildApiError({
|
|
668
|
-
requestId,
|
|
669
|
-
response,
|
|
670
|
-
failure
|
|
671
|
-
});
|
|
672
|
-
const willRetry = attempt < maxRetries && retry.retryable;
|
|
673
|
-
const responseContext2 = {
|
|
674
|
-
...hookRequestContext,
|
|
675
|
-
durationMs: Date.now() - startedAt,
|
|
676
|
-
status: response.status,
|
|
677
|
-
response: responseClone,
|
|
678
|
-
error: apiError,
|
|
679
|
-
correlationId: apiError.correlationId ?? requestId,
|
|
680
|
-
policyTraceId: apiError.policyTraceId ?? null,
|
|
681
|
-
retryAfterMs,
|
|
682
|
-
willRetry
|
|
683
|
-
};
|
|
684
|
-
await config.onResponse?.(responseContext2);
|
|
685
|
-
await emitSdkResponseTelemetry(responseContext2);
|
|
686
|
-
if (willRetry) {
|
|
687
|
-
lastError = apiError;
|
|
688
|
-
await delay(
|
|
689
|
-
computeRetryDelayMs({
|
|
690
|
-
attempt,
|
|
691
|
-
status: response.status,
|
|
692
|
-
retryAfterMs
|
|
693
|
-
})
|
|
694
|
-
);
|
|
695
|
-
continue;
|
|
696
|
-
}
|
|
697
|
-
throw apiError;
|
|
698
|
-
}
|
|
699
|
-
const successPayload = payload;
|
|
700
|
-
const responseContext = {
|
|
701
|
-
...hookRequestContext,
|
|
702
|
-
durationMs: Date.now() - startedAt,
|
|
703
|
-
status: response.status,
|
|
704
|
-
response: responseClone,
|
|
705
|
-
correlationId: successPayload.correlationId ?? response.headers.get("x-lucern-correlation-id")?.trim() ?? requestId,
|
|
706
|
-
policyTraceId: successPayload.policyTraceId ?? response.headers.get("x-lucern-policy-trace-id")?.trim() ?? null,
|
|
707
|
-
idempotentReplay: successPayload.idempotentReplay,
|
|
708
|
-
retryAfterMs,
|
|
709
|
-
willRetry: false
|
|
710
|
-
};
|
|
711
|
-
await config.onResponse?.(responseContext);
|
|
712
|
-
await emitSdkResponseTelemetry(responseContext);
|
|
713
|
-
return successPayload;
|
|
714
|
-
} catch (fetchError) {
|
|
715
|
-
if (fetchError instanceof LucernApiError) {
|
|
716
|
-
throw fetchError;
|
|
717
|
-
}
|
|
718
|
-
const willRetry = attempt < maxRetries && classifyGatewayErrorForRetry(fetchError);
|
|
719
|
-
const responseContext = {
|
|
720
|
-
...hookRequestContext,
|
|
721
|
-
durationMs: Date.now() - startedAt,
|
|
722
|
-
error: fetchError,
|
|
723
|
-
correlationId: requestId,
|
|
724
|
-
policyTraceId: null,
|
|
725
|
-
willRetry
|
|
726
|
-
};
|
|
727
|
-
await config.onResponse?.(responseContext);
|
|
728
|
-
await emitSdkResponseTelemetry(responseContext);
|
|
729
|
-
lastError = fetchError;
|
|
730
|
-
if (willRetry) {
|
|
731
|
-
await delay(computeRetryDelayMs({ attempt }));
|
|
732
|
-
}
|
|
733
|
-
}
|
|
734
|
-
}
|
|
735
|
-
throw lastError instanceof Error ? lastError : new Error("Platform API request failed after retries.");
|
|
736
|
-
}
|
|
737
|
-
return {
|
|
738
|
-
request
|
|
739
|
-
};
|
|
740
|
-
}
|
|
741
|
-
|
|
742
|
-
// src/sdkSurface.ts
|
|
743
|
-
function createListResult(items, legacyKey) {
|
|
744
|
-
const result = {
|
|
745
|
-
items,
|
|
746
|
-
total: items.length
|
|
747
|
-
};
|
|
748
|
-
if (legacyKey) {
|
|
749
|
-
return {
|
|
750
|
-
...result,
|
|
751
|
-
[legacyKey]: items
|
|
752
|
-
};
|
|
753
|
-
}
|
|
754
|
-
return result;
|
|
755
|
-
}
|
|
756
|
-
function mapGatewayData(response, mapper) {
|
|
757
|
-
return {
|
|
758
|
-
...response,
|
|
759
|
-
data: mapper(response.data)
|
|
760
|
-
};
|
|
761
|
-
}
|
|
762
|
-
|
|
763
|
-
// src/boundaryClientSurface.ts
|
|
764
|
-
function cleanOptionalString(value) {
|
|
765
|
-
const normalized = value?.trim();
|
|
766
|
-
return normalized ? normalized : void 0;
|
|
767
|
-
}
|
|
768
|
-
function isRecord2(value) {
|
|
769
|
-
return Boolean(value) && typeof value === "object" && !Array.isArray(value);
|
|
770
|
-
}
|
|
771
|
-
function cleanRequiredString(value, label) {
|
|
772
|
-
const normalized = cleanOptionalString(value);
|
|
773
|
-
if (!normalized) {
|
|
774
|
-
throw new Error(`${label} is required`);
|
|
775
|
-
}
|
|
776
|
-
return normalized;
|
|
777
|
-
}
|
|
778
|
-
function assertKnownKeys(input, allowed, operation) {
|
|
779
|
-
const allowedSet = new Set(allowed);
|
|
780
|
-
const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
|
|
781
|
-
if (unknownKeys.length > 0) {
|
|
782
|
-
throw new Error(
|
|
783
|
-
`${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
|
|
784
|
-
);
|
|
785
|
-
}
|
|
786
|
-
}
|
|
787
|
-
function knownPayload(input, allowed, operation) {
|
|
788
|
-
assertKnownKeys(input, allowed, operation);
|
|
789
|
-
return { ...input };
|
|
790
|
-
}
|
|
791
|
-
function listResultFromEnvelope(data, legacyKey) {
|
|
792
|
-
const record = isRecord2(data) ? data : {};
|
|
793
|
-
const legacyItems = record[legacyKey];
|
|
794
|
-
return createListResult(
|
|
795
|
-
Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
|
|
796
|
-
legacyKey
|
|
797
|
-
);
|
|
798
|
-
}
|
|
799
|
-
|
|
800
|
-
// src/modelRuntimeClient.ts
|
|
801
|
-
var MODEL_RUNTIME_FIELDS = [
|
|
802
|
-
"tenantId",
|
|
803
|
-
"workspaceId",
|
|
804
|
-
"principalId",
|
|
805
|
-
"functionName",
|
|
806
|
-
"slotKey",
|
|
807
|
-
"modelId",
|
|
808
|
-
"provider",
|
|
809
|
-
"routingPolicy",
|
|
810
|
-
"metadata",
|
|
811
|
-
"limit",
|
|
812
|
-
"cursor"
|
|
1
|
+
import { createGatewayRequestClient, randomIdempotencyKey, toQueryString, } from "./coreClient.js";
|
|
2
|
+
import { cleanRequiredString, knownPayload, listResultFromEnvelope, } from "./boundaryClientSurface.js";
|
|
3
|
+
import { mapGatewayData } from "./sdkSurface.js";
|
|
4
|
+
export const MODEL_RUNTIME_FIELDS = [
|
|
5
|
+
"tenantId",
|
|
6
|
+
"workspaceId",
|
|
7
|
+
"principalId",
|
|
8
|
+
"functionName",
|
|
9
|
+
"slotKey",
|
|
10
|
+
"modelId",
|
|
11
|
+
"provider",
|
|
12
|
+
"routingPolicy",
|
|
13
|
+
"metadata",
|
|
14
|
+
"limit",
|
|
15
|
+
"cursor",
|
|
813
16
|
];
|
|
814
17
|
function scopeQuery(input) {
|
|
815
|
-
|
|
816
|
-
|
|
817
|
-
|
|
818
|
-
|
|
819
|
-
|
|
820
|
-
|
|
821
|
-
|
|
822
|
-
|
|
18
|
+
return {
|
|
19
|
+
tenantId: cleanRequiredString(input.tenantId, "tenantId"),
|
|
20
|
+
workspaceId: input.workspaceId,
|
|
21
|
+
principalId: input.principalId,
|
|
22
|
+
provider: input.provider,
|
|
23
|
+
limit: input.limit,
|
|
24
|
+
cursor: input.cursor,
|
|
25
|
+
};
|
|
823
26
|
}
|
|
824
27
|
function modelRuntimeBody(input, operation) {
|
|
825
|
-
|
|
28
|
+
return knownPayload(input, MODEL_RUNTIME_FIELDS, operation);
|
|
826
29
|
}
|
|
827
|
-
function createModelRuntimeClient(config = {}) {
|
|
828
|
-
|
|
829
|
-
|
|
830
|
-
|
|
831
|
-
|
|
832
|
-
|
|
833
|
-
|
|
834
|
-
|
|
835
|
-
|
|
836
|
-
|
|
837
|
-
|
|
838
|
-
|
|
839
|
-
|
|
840
|
-
|
|
841
|
-
|
|
842
|
-
|
|
843
|
-
|
|
844
|
-
|
|
845
|
-
|
|
846
|
-
|
|
847
|
-
|
|
848
|
-
|
|
849
|
-
|
|
850
|
-
|
|
851
|
-
|
|
852
|
-
|
|
853
|
-
|
|
854
|
-
|
|
855
|
-
|
|
856
|
-
|
|
857
|
-
|
|
858
|
-
|
|
859
|
-
|
|
860
|
-
|
|
861
|
-
|
|
862
|
-
|
|
863
|
-
|
|
864
|
-
|
|
865
|
-
|
|
866
|
-
|
|
867
|
-
|
|
868
|
-
|
|
869
|
-
|
|
870
|
-
|
|
871
|
-
|
|
872
|
-
|
|
873
|
-
|
|
874
|
-
|
|
875
|
-
|
|
876
|
-
|
|
877
|
-
),
|
|
878
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
879
|
-
});
|
|
880
|
-
},
|
|
881
|
-
updateSlotConfig(input, idempotencyKey) {
|
|
882
|
-
cleanRequiredString(input.tenantId, "tenantId");
|
|
883
|
-
cleanRequiredString(input.functionName, "functionName");
|
|
884
|
-
cleanRequiredString(input.slotKey, "slotKey");
|
|
885
|
-
cleanRequiredString(input.modelId, "modelId");
|
|
886
|
-
return gateway.request({
|
|
887
|
-
path: "/api/platform/v1/model-runtime/slot-configs",
|
|
888
|
-
method: "PUT",
|
|
889
|
-
body: modelRuntimeBody(
|
|
890
|
-
input,
|
|
891
|
-
"modelRuntime.updateSlotConfig"
|
|
892
|
-
),
|
|
893
|
-
idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
|
|
894
|
-
});
|
|
895
|
-
}
|
|
896
|
-
};
|
|
30
|
+
export function createModelRuntimeClient(config = {}) {
|
|
31
|
+
const gateway = createGatewayRequestClient(config);
|
|
32
|
+
return {
|
|
33
|
+
listModels(input) {
|
|
34
|
+
return gateway.request({
|
|
35
|
+
path: `/api/platform/v1/model-runtime/models${toQueryString(scopeQuery(input))}`,
|
|
36
|
+
}).then((response) => mapGatewayData(response, (data) => listResultFromEnvelope(data, "models")));
|
|
37
|
+
},
|
|
38
|
+
getModel(input) {
|
|
39
|
+
cleanRequiredString(input.tenantId, "tenantId");
|
|
40
|
+
cleanRequiredString(input.modelId, "modelId");
|
|
41
|
+
return gateway.request({
|
|
42
|
+
path: `/api/platform/v1/model-runtime/models/${encodeURIComponent(input.modelId)}${toQueryString({
|
|
43
|
+
tenantId: input.tenantId,
|
|
44
|
+
workspaceId: input.workspaceId,
|
|
45
|
+
principalId: input.principalId,
|
|
46
|
+
})}`,
|
|
47
|
+
});
|
|
48
|
+
},
|
|
49
|
+
listFunctionSlots(input) {
|
|
50
|
+
return gateway.request({
|
|
51
|
+
path: `/api/platform/v1/model-runtime/function-slots${toQueryString({
|
|
52
|
+
...scopeQuery(input),
|
|
53
|
+
functionName: input.functionName,
|
|
54
|
+
})}`,
|
|
55
|
+
}).then((response) => mapGatewayData(response, (data) => listResultFromEnvelope(data, "slots")));
|
|
56
|
+
},
|
|
57
|
+
resolveSlot(input, idempotencyKey) {
|
|
58
|
+
cleanRequiredString(input.tenantId, "tenantId");
|
|
59
|
+
cleanRequiredString(input.functionName, "functionName");
|
|
60
|
+
return gateway.request({
|
|
61
|
+
path: "/api/platform/v1/model-runtime/function-slots/resolve",
|
|
62
|
+
method: "POST",
|
|
63
|
+
body: modelRuntimeBody(input, "modelRuntime.resolveSlot"),
|
|
64
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
65
|
+
});
|
|
66
|
+
},
|
|
67
|
+
updateSlotConfig(input, idempotencyKey) {
|
|
68
|
+
cleanRequiredString(input.tenantId, "tenantId");
|
|
69
|
+
cleanRequiredString(input.functionName, "functionName");
|
|
70
|
+
cleanRequiredString(input.slotKey, "slotKey");
|
|
71
|
+
cleanRequiredString(input.modelId, "modelId");
|
|
72
|
+
return gateway.request({
|
|
73
|
+
path: "/api/platform/v1/model-runtime/slot-configs",
|
|
74
|
+
method: "PUT",
|
|
75
|
+
body: modelRuntimeBody(input, "modelRuntime.updateSlotConfig"),
|
|
76
|
+
idempotencyKey: idempotencyKey ?? randomIdempotencyKey(),
|
|
77
|
+
});
|
|
78
|
+
},
|
|
79
|
+
};
|
|
897
80
|
}
|
|
898
|
-
|
|
899
|
-
export { MODEL_RUNTIME_FIELDS, createModelRuntimeClient };
|
|
900
|
-
//# sourceMappingURL=modelRuntimeClient.js.map
|
|
901
81
|
//# sourceMappingURL=modelRuntimeClient.js.map
|