@lucern/sdk 1.0.11 → 1.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (331) hide show
  1. package/CHANGELOG.md +10 -0
  2. package/README.md +24 -27
  3. package/dist/.generated +2 -0
  4. package/dist/accessControl.d.ts +19 -26
  5. package/dist/accessControl.js +195 -1423
  6. package/dist/adminClient.d.ts +52 -59
  7. package/dist/adminClient.js +364 -1142
  8. package/dist/answersClient.d.ts +5 -14
  9. package/dist/answersClient.js +19 -737
  10. package/dist/audience/index.d.ts +18 -18
  11. package/dist/audience/index.js +87 -90
  12. package/dist/audiencesClient.d.ts +19 -27
  13. package/dist/audiencesClient.js +107 -868
  14. package/dist/auditClient.d.ts +8 -15
  15. package/dist/auditClient.js +18 -791
  16. package/dist/authContext.d.ts +11 -16
  17. package/dist/authContext.js +122 -154
  18. package/dist/authDeviceClient.d.ts +8 -17
  19. package/dist/authDeviceClient.js +113 -102
  20. package/dist/beliefs/index.d.ts +16 -67
  21. package/dist/beliefs/index.js +20 -10181
  22. package/dist/beliefs/lifecycle.d.ts +10 -11
  23. package/dist/beliefs/lifecycle.js +78 -80
  24. package/dist/beliefsClient.d.ts +30 -35
  25. package/dist/beliefsClient.js +238 -994
  26. package/dist/boundaryClientSurface.d.ts +11 -16
  27. package/dist/boundaryClientSurface.js +49 -68
  28. package/dist/client.d.ts +82 -113
  29. package/dist/client.js +232 -10155
  30. package/dist/clientAssemblyTypes.d.ts +3 -3
  31. package/dist/clientAssemblyTypes.js +1 -2
  32. package/dist/clientConfig.d.ts +45 -59
  33. package/dist/clientConfig.js +1 -2
  34. package/dist/clientEvidenceCompat.d.ts +24 -14
  35. package/dist/clientEvidenceCompat.js +56 -64
  36. package/dist/clientGraphNamespaces.d.ts +3 -5
  37. package/dist/clientGraphNamespaces.js +170 -245
  38. package/dist/clientHelpers.d.ts +20 -25
  39. package/dist/clientHelpers.js +104 -127
  40. package/dist/clientKnowledgeNamespaces.d.ts +24 -54
  41. package/dist/clientKnowledgeNamespaces.js +506 -506
  42. package/dist/clientLocalHelpers.d.ts +11 -56
  43. package/dist/clientLocalHelpers.js +503 -732
  44. package/dist/clientPlatformNamespaces.d.ts +5 -53
  45. package/dist/clientPlatformNamespaces.js +229 -323
  46. package/dist/clientRuntime.d.ts +5 -53
  47. package/dist/clientRuntime.js +26 -30
  48. package/dist/clientWorkflowNamespaces.d.ts +6 -15
  49. package/dist/clientWorkflowNamespaces.js +529 -596
  50. package/dist/contextClient.d.ts +9 -17
  51. package/dist/contextClient.js +92 -805
  52. package/dist/contextFacade.d.ts +11 -2
  53. package/dist/contextFacade.js +10 -81
  54. package/dist/contextPackCompiler.d.ts +10 -11
  55. package/dist/contextPackCompiler.js +494 -1040
  56. package/dist/contextPackPolicy.d.ts +14 -15
  57. package/dist/contextPackPolicy.js +227 -305
  58. package/dist/contextPackSchema.d.ts +3 -3
  59. package/dist/contextPackSchema.js +169 -176
  60. package/dist/contextTypes.d.ts +14 -15
  61. package/dist/contextTypes.js +1 -2
  62. package/dist/contracts/api-enums.contract.d.ts +29 -30
  63. package/dist/contracts/api-enums.contract.js +162 -88
  64. package/dist/contracts/auth-session.contract.d.ts +13 -14
  65. package/dist/contracts/auth-session.contract.js +55 -52
  66. package/dist/contracts/context-pack.contract.d.ts +54 -55
  67. package/dist/contracts/context-pack.contract.js +160 -88
  68. package/dist/contracts/contextPack.d.ts +2 -1
  69. package/dist/contracts/contextPack.js +1 -97
  70. package/dist/contracts/index.d.ts +11 -12
  71. package/dist/contracts/index.js +10 -854
  72. package/dist/contracts/lens-filter.contract.d.ts +9 -10
  73. package/dist/contracts/lens-filter.contract.js +82 -58
  74. package/dist/contracts/lens-workflow.contract.d.ts +21 -23
  75. package/dist/contracts/lens-workflow.contract.js +48 -117
  76. package/dist/contracts/lensFilter.d.ts +2 -1
  77. package/dist/contracts/lensFilter.js +1 -71
  78. package/dist/contracts/lensWorkflow.d.ts +2 -2
  79. package/dist/contracts/lensWorkflow.js +1 -123
  80. package/dist/contracts/mcpTools.d.ts +16 -18
  81. package/dist/contracts/mcpTools.js +89 -123
  82. package/dist/contracts/prompt.contract.d.ts +4 -5
  83. package/dist/contracts/prompt.contract.js +23 -10
  84. package/dist/contracts/prompt.d.ts +2 -1
  85. package/dist/contracts/prompt.js +1 -11
  86. package/dist/contracts/sdk-tools.contract.d.ts +2 -1
  87. package/dist/contracts/sdk-tools.contract.js +1 -2
  88. package/dist/contracts/sdkTools.d.ts +2 -1
  89. package/dist/contracts/sdkTools.js +1 -26
  90. package/dist/contracts/tool-contracts.d.ts +2 -1
  91. package/dist/contracts/tool-contracts.js +1 -2
  92. package/dist/contracts/workflow-runtime.contract.d.ts +45 -46
  93. package/dist/contracts/workflow-runtime.contract.js +241 -228
  94. package/dist/contracts/workflowRuntime.d.ts +2 -1
  95. package/dist/contracts/workflowRuntime.js +1 -244
  96. package/dist/contradictions/index.d.ts +8 -60
  97. package/dist/contradictions/index.js +11 -10175
  98. package/dist/control-plane.d.ts +17 -24
  99. package/dist/control-plane.js +124 -840
  100. package/dist/controlObjectOwnership.d.ts +19 -20
  101. package/dist/controlObjectOwnership.js +207 -201
  102. package/dist/coreClient.d.ts +23 -28
  103. package/dist/coreClient.js +567 -692
  104. package/dist/customTools.d.ts +17 -21
  105. package/dist/customTools.js +221 -221
  106. package/dist/decisions/index.d.ts +7 -58
  107. package/dist/decisions/index.js +14 -10177
  108. package/dist/decisionsClient.d.ts +25 -32
  109. package/dist/decisionsClient.js +113 -913
  110. package/dist/domainContext.d.ts +2 -1
  111. package/dist/domainContext.js +1 -2
  112. package/dist/edges/index.d.ts +21 -73
  113. package/dist/edges/index.js +12 -10176
  114. package/dist/embeddingsClient.d.ts +22 -30
  115. package/dist/embeddingsClient.js +73 -922
  116. package/dist/eventingClient.d.ts +23 -31
  117. package/dist/eventingClient.js +89 -918
  118. package/dist/events.d.ts +48 -49
  119. package/dist/events.js +257 -241
  120. package/dist/eventsCore.d.ts +20 -29
  121. package/dist/eventsCore.js +86 -830
  122. package/dist/evidence/index.d.ts +42 -61
  123. package/dist/evidence/index.js +13 -10176
  124. package/dist/evidenceClient.d.ts +13 -22
  125. package/dist/evidenceClient.js +34 -751
  126. package/dist/facade/context.d.ts +7 -8
  127. package/dist/facade/context.js +73 -72
  128. package/dist/functionSurface.d.ts +2 -156
  129. package/dist/functionSurface.js +1 -1460
  130. package/dist/functionSurfaceClient.d.ts +2 -9
  131. package/dist/functionSurfaceClient.js +1 -1460
  132. package/dist/gatewayFacades.d.ts +93 -296
  133. package/dist/gatewayFacades.factories.d.ts +209 -14
  134. package/dist/gatewayFacades.factories.js +545 -2228
  135. package/dist/gatewayFacades.js +284 -2627
  136. package/dist/generated/functionSurface.d.ts +149 -0
  137. package/dist/generated/functionSurface.js +749 -0
  138. package/dist/graphAnalysisClient.d.ts +41 -49
  139. package/dist/graphAnalysisClient.js +185 -974
  140. package/dist/graphClient.d.ts +53 -60
  141. package/dist/graphClient.js +219 -1090
  142. package/dist/graphIntel.d.ts +2 -4
  143. package/dist/graphIntel.js +1 -2
  144. package/dist/graphIntelligence.d.ts +4 -2
  145. package/dist/graphIntelligence.js +2 -46
  146. package/dist/graphRecommendationsClient.d.ts +15 -23
  147. package/dist/graphRecommendationsClient.js +70 -849
  148. package/dist/graphStateClassifierClient.d.ts +17 -25
  149. package/dist/graphStateClassifierClient.js +67 -908
  150. package/dist/harnessClient.d.ts +40 -47
  151. package/dist/harnessClient.js +198 -993
  152. package/dist/identityClient.d.ts +25 -33
  153. package/dist/identityClient.js +245 -1186
  154. package/dist/index.d.ts +73 -69
  155. package/dist/index.js +72 -13313
  156. package/dist/infisicalRuntime.d.ts +12 -14
  157. package/dist/infisicalRuntime.js +290 -297
  158. package/dist/jobsClient.d.ts +24 -32
  159. package/dist/jobsClient.js +101 -916
  160. package/dist/learningClient.d.ts +8 -16
  161. package/dist/learningClient.js +45 -809
  162. package/dist/lenses/index.d.ts +13 -65
  163. package/dist/lenses/index.js +11 -10175
  164. package/dist/mcpClient.d.ts +14 -23
  165. package/dist/mcpClient.js +115 -856
  166. package/dist/modelRuntimeClient.d.ts +18 -26
  167. package/dist/modelRuntimeClient.js +74 -894
  168. package/dist/nodes/index.d.ts +7 -58
  169. package/dist/nodes/index.js +14 -10177
  170. package/dist/ontologies/index.d.ts +21 -73
  171. package/dist/ontologies/index.js +14 -10178
  172. package/dist/ontologyClient.d.ts +23 -31
  173. package/dist/ontologyClient.js +138 -924
  174. package/dist/ontologyLinksClient.d.ts +16 -24
  175. package/dist/ontologyLinksClient.js +76 -886
  176. package/dist/opinion.d.ts +5 -6
  177. package/dist/opinion.js +21 -25
  178. package/dist/orgGraphSearchClient.d.ts +19 -27
  179. package/dist/orgGraphSearchClient.js +89 -857
  180. package/dist/packRuntime.d.ts +2 -2
  181. package/dist/packRuntime.js +1 -2
  182. package/dist/packsClient.d.ts +30 -37
  183. package/dist/packsClient.js +131 -906
  184. package/dist/policyClient.d.ts +21 -29
  185. package/dist/policyClient.js +267 -1026
  186. package/dist/proof-attestation.json +1 -1
  187. package/dist/questions/index.d.ts +9 -60
  188. package/dist/questions/index.js +15 -10178
  189. package/dist/realtime/index.d.ts +20 -16
  190. package/dist/realtime/index.js +30 -19
  191. package/dist/realtime/refs.d.ts +4 -6
  192. package/dist/realtime/refs.js +12 -7
  193. package/dist/realtime-refs.d.ts +1 -0
  194. package/dist/realtime-refs.js +1 -0
  195. package/dist/realtime.d.ts +1 -0
  196. package/dist/realtime.js +1 -0
  197. package/dist/reportsClient.d.ts +10 -19
  198. package/dist/reportsClient.js +48 -836
  199. package/dist/schemaClient.d.ts +16 -23
  200. package/dist/schemaClient.js +62 -832
  201. package/dist/sdkSurface.d.ts +18 -25
  202. package/dist/sdkSurface.js +135 -106
  203. package/dist/secrets.d.ts +2 -1
  204. package/dist/secrets.js +1 -2
  205. package/dist/sourcesClient.d.ts +11 -18
  206. package/dist/sourcesClient.js +18 -741
  207. package/dist/telemetryClient.d.ts +22 -30
  208. package/dist/telemetryClient.js +107 -931
  209. package/dist/toolRegistryClient.d.ts +27 -35
  210. package/dist/toolRegistryClient.js +116 -954
  211. package/dist/topics/index.d.ts +13 -64
  212. package/dist/topics/index.js +15 -10178
  213. package/dist/topicsClient.d.ts +19 -27
  214. package/dist/topicsClient.js +106 -894
  215. package/dist/types.d.ts +84 -87
  216. package/dist/types.js +1 -2
  217. package/dist/version.d.ts +2 -3
  218. package/dist/version.js +2 -5
  219. package/dist/workflowClient.d.ts +60 -65
  220. package/dist/workflowClient.js +343 -1219
  221. package/dist/worktrees/index.d.ts +16 -68
  222. package/dist/worktrees/index.js +14 -10178
  223. package/package.json +6 -6
  224. package/dist/accessControl.js.map +0 -1
  225. package/dist/adminClient.js.map +0 -1
  226. package/dist/answersClient.js.map +0 -1
  227. package/dist/audience/index.js.map +0 -1
  228. package/dist/audiencesClient.js.map +0 -1
  229. package/dist/auditClient.js.map +0 -1
  230. package/dist/authContext.js.map +0 -1
  231. package/dist/authDeviceClient.js.map +0 -1
  232. package/dist/beliefs/index.js.map +0 -1
  233. package/dist/beliefs/lifecycle.js.map +0 -1
  234. package/dist/beliefsClient.js.map +0 -1
  235. package/dist/boundaryClientSurface.js.map +0 -1
  236. package/dist/client.js.map +0 -1
  237. package/dist/clientAssemblyTypes.js.map +0 -1
  238. package/dist/clientConfig.js.map +0 -1
  239. package/dist/clientEvidenceCompat.js.map +0 -1
  240. package/dist/clientGraphNamespaces.js.map +0 -1
  241. package/dist/clientHelpers.js.map +0 -1
  242. package/dist/clientKnowledgeNamespaces.js.map +0 -1
  243. package/dist/clientLocalHelpers.js.map +0 -1
  244. package/dist/clientPlatformNamespaces.js.map +0 -1
  245. package/dist/clientRuntime.js.map +0 -1
  246. package/dist/clientWorkflowNamespaces.js.map +0 -1
  247. package/dist/contextClient.js.map +0 -1
  248. package/dist/contextFacade.js.map +0 -1
  249. package/dist/contextPackCompiler.js.map +0 -1
  250. package/dist/contextPackPolicy.js.map +0 -1
  251. package/dist/contextPackSchema.js.map +0 -1
  252. package/dist/contextTypes.js.map +0 -1
  253. package/dist/contracts/api-enums.contract.js.map +0 -1
  254. package/dist/contracts/auth-session.contract.js.map +0 -1
  255. package/dist/contracts/context-pack.contract.js.map +0 -1
  256. package/dist/contracts/contextPack.js.map +0 -1
  257. package/dist/contracts/index.js.map +0 -1
  258. package/dist/contracts/lens-filter.contract.js.map +0 -1
  259. package/dist/contracts/lens-workflow.contract.js.map +0 -1
  260. package/dist/contracts/lensFilter.js.map +0 -1
  261. package/dist/contracts/lensWorkflow.js.map +0 -1
  262. package/dist/contracts/mcpTools.js.map +0 -1
  263. package/dist/contracts/prompt.contract.js.map +0 -1
  264. package/dist/contracts/prompt.js.map +0 -1
  265. package/dist/contracts/sdk-tools.contract.js.map +0 -1
  266. package/dist/contracts/sdkTools.js.map +0 -1
  267. package/dist/contracts/tool-contracts.js.map +0 -1
  268. package/dist/contracts/workflow-runtime.contract.js.map +0 -1
  269. package/dist/contracts/workflowRuntime.js.map +0 -1
  270. package/dist/contradictions/index.js.map +0 -1
  271. package/dist/control-plane.js.map +0 -1
  272. package/dist/controlObjectOwnership.js.map +0 -1
  273. package/dist/coreClient.js.map +0 -1
  274. package/dist/customTools.js.map +0 -1
  275. package/dist/decisions/index.js.map +0 -1
  276. package/dist/decisionsClient.js.map +0 -1
  277. package/dist/domainContext.js.map +0 -1
  278. package/dist/edges/index.js.map +0 -1
  279. package/dist/embeddingsClient.js.map +0 -1
  280. package/dist/eventingClient.js.map +0 -1
  281. package/dist/events.js.map +0 -1
  282. package/dist/eventsCore.js.map +0 -1
  283. package/dist/evidence/index.js.map +0 -1
  284. package/dist/evidenceClient.js.map +0 -1
  285. package/dist/facade/context.js.map +0 -1
  286. package/dist/functionSurface.js.map +0 -1
  287. package/dist/functionSurfaceClient.js.map +0 -1
  288. package/dist/gatewayFacades.factories.js.map +0 -1
  289. package/dist/gatewayFacades.js.map +0 -1
  290. package/dist/graphAnalysisClient.js.map +0 -1
  291. package/dist/graphClient.js.map +0 -1
  292. package/dist/graphIntel.js.map +0 -1
  293. package/dist/graphIntelligence.js.map +0 -1
  294. package/dist/graphRecommendationsClient.js.map +0 -1
  295. package/dist/graphStateClassifierClient.js.map +0 -1
  296. package/dist/harnessClient.js.map +0 -1
  297. package/dist/identityClient.js.map +0 -1
  298. package/dist/index.js.map +0 -1
  299. package/dist/infisicalRuntime.js.map +0 -1
  300. package/dist/jobsClient.js.map +0 -1
  301. package/dist/learningClient.js.map +0 -1
  302. package/dist/lenses/index.js.map +0 -1
  303. package/dist/mcpClient.js.map +0 -1
  304. package/dist/modelRuntimeClient.js.map +0 -1
  305. package/dist/nodes/index.js.map +0 -1
  306. package/dist/ontologies/index.js.map +0 -1
  307. package/dist/ontologyClient.js.map +0 -1
  308. package/dist/ontologyLinksClient.js.map +0 -1
  309. package/dist/opinion.js.map +0 -1
  310. package/dist/orgGraphSearchClient.js.map +0 -1
  311. package/dist/packRuntime.js.map +0 -1
  312. package/dist/packsClient.js.map +0 -1
  313. package/dist/policyClient.js.map +0 -1
  314. package/dist/questions/index.js.map +0 -1
  315. package/dist/realtime/index.js.map +0 -1
  316. package/dist/realtime/refs.js.map +0 -1
  317. package/dist/reportsClient.js.map +0 -1
  318. package/dist/schemaClient.js.map +0 -1
  319. package/dist/sdk-tools.contract-B4c1Zr1o.d.ts +0 -22
  320. package/dist/sdkSurface.js.map +0 -1
  321. package/dist/secrets.js.map +0 -1
  322. package/dist/sourcesClient.js.map +0 -1
  323. package/dist/telemetryClient.js.map +0 -1
  324. package/dist/tool-contracts-BUiL9P6z.d.ts +0 -22
  325. package/dist/toolRegistryClient.js.map +0 -1
  326. package/dist/topics/index.js.map +0 -1
  327. package/dist/topicsClient.js.map +0 -1
  328. package/dist/types.js.map +0 -1
  329. package/dist/version.js.map +0 -1
  330. package/dist/workflowClient.js.map +0 -1
  331. package/dist/worktrees/index.js.map +0 -1
@@ -1,11 +1,7 @@
1
- import { SessionPrincipalType, SessionAuthMode, SessionDelegationHop } from './contracts/auth-session.contract.js';
2
- import { JsonObject } from './types.js';
3
- import './contracts/workflow-runtime.contract.js';
4
- import './contracts/lens-workflow.contract.js';
5
- import './contracts/lens-filter.contract.js';
6
-
7
- type LucernSdkAuthFailureReason = "principal_missing" | "tenant_missing" | "membership_missing" | "workspace_missing" | "clerk_alias_missing" | "clerk_alias_unrecognized" | "policy_denied" | "policy_unavailable" | "policy_unknown";
8
- type PermitReadyAuthContext = {
1
+ import type { SessionAuthMode, SessionDelegationHop, SessionPrincipalType } from "./contracts/auth-session.contract";
2
+ import type { JsonObject } from "./types";
3
+ export type LucernSdkAuthFailureReason = "principal_missing" | "tenant_missing" | "membership_missing" | "workspace_missing" | "clerk_alias_missing" | "clerk_alias_unrecognized" | "policy_denied" | "policy_unavailable" | "policy_unknown";
4
+ export type PermitReadyAuthContext = {
9
5
  subject: string;
10
6
  tenant: string;
11
7
  workspace: string;
@@ -14,8 +10,8 @@ type PermitReadyAuthContext = {
14
10
  relation?: string;
15
11
  context?: JsonObject;
16
12
  };
17
- type LucernSdkAuthPolicyDecision = "allow" | "deny" | "unknown";
18
- type LucernSdkAuthContextInput = {
13
+ export type LucernSdkAuthPolicyDecision = "allow" | "deny" | "unknown";
14
+ export type LucernSdkAuthContextInput = {
19
15
  clerkId?: string;
20
16
  principalId?: string;
21
17
  tenantId?: string;
@@ -31,7 +27,7 @@ type LucernSdkAuthContextInput = {
31
27
  policyDecision?: LucernSdkAuthPolicyDecision;
32
28
  permit?: Partial<PermitReadyAuthContext>;
33
29
  };
34
- type CanonicalLucernSdkAuthContext = {
30
+ export type CanonicalLucernSdkAuthContext = {
35
31
  clerkId?: string;
36
32
  principalId: string;
37
33
  tenantId: string;
@@ -46,11 +42,10 @@ type CanonicalLucernSdkAuthContext = {
46
42
  membershipId?: string;
47
43
  permit: PermitReadyAuthContext;
48
44
  };
49
- declare class LucernSdkAuthContextError extends Error {
45
+ export declare class LucernSdkAuthContextError extends Error {
50
46
  readonly reason: LucernSdkAuthFailureReason;
51
47
  constructor(reason: LucernSdkAuthFailureReason, message: string);
52
48
  }
53
- declare function normalizeCanonicalLucernAuthContext(input: LucernSdkAuthContextInput | undefined): CanonicalLucernSdkAuthContext;
54
- declare function createCanonicalAuthHeaders(authContext: CanonicalLucernSdkAuthContext): Record<string, string>;
55
-
56
- export { type CanonicalLucernSdkAuthContext, LucernSdkAuthContextError, type LucernSdkAuthContextInput, type LucernSdkAuthFailureReason, type LucernSdkAuthPolicyDecision, type PermitReadyAuthContext, createCanonicalAuthHeaders, normalizeCanonicalLucernAuthContext };
49
+ export declare function normalizeCanonicalLucernAuthContext(input: LucernSdkAuthContextInput | undefined): CanonicalLucernSdkAuthContext;
50
+ export declare function createCanonicalAuthHeaders(authContext: CanonicalLucernSdkAuthContext): Record<string, string>;
51
+ //# sourceMappingURL=authContext.d.ts.map
@@ -1,170 +1,138 @@
1
- // src/authContext.ts
2
- var LucernSdkAuthContextError = class extends Error {
3
- reason;
4
- constructor(reason, message) {
5
- super(message);
6
- this.name = "LucernSdkAuthContextError";
7
- this.reason = reason;
8
- }
9
- };
1
+ export class LucernSdkAuthContextError extends Error {
2
+ reason;
3
+ constructor(reason, message) {
4
+ super(message);
5
+ this.name = "LucernSdkAuthContextError";
6
+ this.reason = reason;
7
+ }
8
+ }
10
9
  function cleanString(value) {
11
- const normalized = value?.trim();
12
- return normalized ? normalized : void 0;
10
+ const normalized = value?.trim();
11
+ return normalized ? normalized : undefined;
13
12
  }
14
13
  function cleanStringList(values) {
15
- if (!values) {
16
- return [];
17
- }
18
- return values.map((value) => value.trim()).filter(
19
- (value, index, list) => value.length > 0 && list.indexOf(value) === index
20
- );
14
+ if (!values) {
15
+ return [];
16
+ }
17
+ return values
18
+ .map((value) => value.trim())
19
+ .filter((value, index, list) => value.length > 0 && list.indexOf(value) === index);
21
20
  }
22
21
  function requireString(value, reason, label) {
23
- const normalized = cleanString(value);
24
- if (!normalized) {
25
- throw new LucernSdkAuthContextError(
26
- reason,
27
- `Canonical Lucern SDK auth context is missing ${label}.`
28
- );
29
- }
30
- return normalized;
22
+ const normalized = cleanString(value);
23
+ if (!normalized) {
24
+ throw new LucernSdkAuthContextError(reason, `Canonical Lucern SDK auth context is missing ${label}.`);
25
+ }
26
+ return normalized;
31
27
  }
32
28
  function requirePrincipalType(principalType) {
33
- if (!principalType) {
34
- throw new LucernSdkAuthContextError(
35
- "principal_missing",
36
- "Canonical Lucern SDK auth context is missing principalType."
37
- );
38
- }
39
- return principalType;
29
+ if (!principalType) {
30
+ throw new LucernSdkAuthContextError("principal_missing", "Canonical Lucern SDK auth context is missing principalType.");
31
+ }
32
+ return principalType;
40
33
  }
41
34
  function requireAuthMode(authMode) {
42
- if (!authMode) {
43
- throw new LucernSdkAuthContextError(
44
- "principal_missing",
45
- "Canonical Lucern SDK auth context is missing authMode."
46
- );
47
- }
48
- return authMode;
35
+ if (!authMode) {
36
+ throw new LucernSdkAuthContextError("principal_missing", "Canonical Lucern SDK auth context is missing authMode.");
37
+ }
38
+ return authMode;
49
39
  }
50
40
  function ensurePermitMatch(args) {
51
- const actual = cleanString(args.actual);
52
- if (actual && actual !== args.expected) {
53
- throw new LucernSdkAuthContextError(
54
- "policy_denied",
55
- `Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`
56
- );
57
- }
41
+ const actual = cleanString(args.actual);
42
+ if (actual && actual !== args.expected) {
43
+ throw new LucernSdkAuthContextError("policy_denied", `Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`);
44
+ }
58
45
  }
59
- function normalizeCanonicalLucernAuthContext(input) {
60
- if (!input) {
61
- throw new LucernSdkAuthContextError(
62
- "principal_missing",
63
- "Canonical Lucern SDK auth context is required."
64
- );
65
- }
66
- if (input.policyDecision === "deny") {
67
- throw new LucernSdkAuthContextError(
68
- "policy_denied",
69
- "Canonical Lucern SDK auth context carries a denied policy decision."
70
- );
71
- }
72
- const principalId = requireString(
73
- input.principalId,
74
- "principal_missing",
75
- "principalId"
76
- );
77
- const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
78
- const workspaceId = requireString(
79
- input.workspaceId,
80
- "workspace_missing",
81
- "workspaceId"
82
- );
83
- const roles = cleanStringList(input.roles);
84
- const scopes = cleanStringList(input.scopes);
85
- const principalType = requirePrincipalType(input.principalType);
86
- const authMode = requireAuthMode(input.authMode);
87
- const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
88
- if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
89
- throw new LucernSdkAuthContextError(
90
- "membership_missing",
91
- "Canonical Lucern SDK auth context requires non-empty roles and scopes."
92
- );
93
- }
94
- const subject = cleanString(input.permit?.subject) ?? principalId;
95
- const tenant = cleanString(input.permit?.tenant) ?? tenantId;
96
- const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
97
- ensurePermitMatch({
98
- field: "subject",
99
- expected: principalId,
100
- actual: subject
101
- });
102
- ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
103
- ensurePermitMatch({
104
- field: "workspace",
105
- expected: workspaceId,
106
- actual: workspace
107
- });
108
- const context = input.permit?.context ? { ...input.permit.context } : void 0;
109
- return {
110
- clerkId: cleanString(input.clerkId),
111
- principalId,
112
- tenantId,
113
- workspaceId,
114
- principalType,
115
- authMode,
116
- roles,
117
- scopes,
118
- delegationChain: input.delegationChain ? [...input.delegationChain] : [],
119
- policyTraceId: cleanString(input.policyTraceId),
120
- correlationId: cleanString(input.correlationId),
121
- membershipId: cleanString(input.membershipId),
122
- permit: {
123
- subject,
124
- tenant,
125
- workspace,
126
- resource: cleanString(input.permit?.resource),
127
- action: cleanString(input.permit?.action),
128
- relation: cleanString(input.permit?.relation),
129
- context
46
+ export function normalizeCanonicalLucernAuthContext(input) {
47
+ if (!input) {
48
+ throw new LucernSdkAuthContextError("principal_missing", "Canonical Lucern SDK auth context is required.");
130
49
  }
131
- };
50
+ if (input.policyDecision === "deny") {
51
+ throw new LucernSdkAuthContextError("policy_denied", "Canonical Lucern SDK auth context carries a denied policy decision.");
52
+ }
53
+ const principalId = requireString(input.principalId, "principal_missing", "principalId");
54
+ const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
55
+ const workspaceId = requireString(input.workspaceId, "workspace_missing", "workspaceId");
56
+ const roles = cleanStringList(input.roles);
57
+ const scopes = cleanStringList(input.scopes);
58
+ const principalType = requirePrincipalType(input.principalType);
59
+ const authMode = requireAuthMode(input.authMode);
60
+ const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
61
+ if (roles.length === 0 ||
62
+ (scopes.length === 0 && !roleBasedInteractiveAuth)) {
63
+ throw new LucernSdkAuthContextError("membership_missing", "Canonical Lucern SDK auth context requires non-empty roles and scopes.");
64
+ }
65
+ const subject = cleanString(input.permit?.subject) ?? principalId;
66
+ const tenant = cleanString(input.permit?.tenant) ?? tenantId;
67
+ const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
68
+ ensurePermitMatch({
69
+ field: "subject",
70
+ expected: principalId,
71
+ actual: subject,
72
+ });
73
+ ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
74
+ ensurePermitMatch({
75
+ field: "workspace",
76
+ expected: workspaceId,
77
+ actual: workspace,
78
+ });
79
+ const context = input.permit?.context
80
+ ? { ...input.permit.context }
81
+ : undefined;
82
+ return {
83
+ clerkId: cleanString(input.clerkId),
84
+ principalId,
85
+ tenantId,
86
+ workspaceId,
87
+ principalType,
88
+ authMode,
89
+ roles,
90
+ scopes,
91
+ delegationChain: input.delegationChain ? [...input.delegationChain] : [],
92
+ policyTraceId: cleanString(input.policyTraceId),
93
+ correlationId: cleanString(input.correlationId),
94
+ membershipId: cleanString(input.membershipId),
95
+ permit: {
96
+ subject,
97
+ tenant,
98
+ workspace,
99
+ resource: cleanString(input.permit?.resource),
100
+ action: cleanString(input.permit?.action),
101
+ relation: cleanString(input.permit?.relation),
102
+ context,
103
+ },
104
+ };
132
105
  }
133
- function createCanonicalAuthHeaders(authContext) {
134
- const headers = {
135
- "x-lucern-principal-id": authContext.principalId,
136
- "x-lucern-principal-type": authContext.principalType,
137
- "x-lucern-tenant": authContext.tenantId,
138
- "x-lucern-tenant-id": authContext.tenantId,
139
- "x-lucern-workspace": authContext.workspaceId,
140
- "x-lucern-workspace-id": authContext.workspaceId,
141
- "x-lucern-auth-mode": authContext.authMode,
142
- "x-lucern-roles": authContext.roles.join(","),
143
- "x-lucern-scopes": authContext.scopes.join(","),
144
- "x-lucern-permit-context": JSON.stringify(authContext.permit)
145
- };
146
- if (authContext.clerkId) {
147
- headers["x-lucern-clerk-id"] = authContext.clerkId;
148
- headers["x-lucern-user-id"] = authContext.clerkId;
149
- }
150
- if (authContext.delegationChain.length > 0) {
151
- headers["x-lucern-delegation-chain"] = JSON.stringify(
152
- authContext.delegationChain
153
- );
154
- }
155
- if (authContext.policyTraceId) {
156
- headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
157
- }
158
- if (authContext.correlationId) {
159
- headers["x-correlation-id"] = authContext.correlationId;
160
- headers["x-lucern-correlation-id"] = authContext.correlationId;
161
- }
162
- if (authContext.membershipId) {
163
- headers["x-lucern-membership-id"] = authContext.membershipId;
164
- }
165
- return headers;
106
+ export function createCanonicalAuthHeaders(authContext) {
107
+ const headers = {
108
+ "x-lucern-principal-id": authContext.principalId,
109
+ "x-lucern-principal-type": authContext.principalType,
110
+ "x-lucern-tenant": authContext.tenantId,
111
+ "x-lucern-tenant-id": authContext.tenantId,
112
+ "x-lucern-workspace": authContext.workspaceId,
113
+ "x-lucern-workspace-id": authContext.workspaceId,
114
+ "x-lucern-auth-mode": authContext.authMode,
115
+ "x-lucern-roles": authContext.roles.join(","),
116
+ "x-lucern-scopes": authContext.scopes.join(","),
117
+ "x-lucern-permit-context": JSON.stringify(authContext.permit),
118
+ };
119
+ if (authContext.clerkId) {
120
+ headers["x-lucern-clerk-id"] = authContext.clerkId;
121
+ headers["x-lucern-user-id"] = authContext.clerkId;
122
+ }
123
+ if (authContext.delegationChain.length > 0) {
124
+ headers["x-lucern-delegation-chain"] = JSON.stringify(authContext.delegationChain);
125
+ }
126
+ if (authContext.policyTraceId) {
127
+ headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
128
+ }
129
+ if (authContext.correlationId) {
130
+ headers["x-correlation-id"] = authContext.correlationId;
131
+ headers["x-lucern-correlation-id"] = authContext.correlationId;
132
+ }
133
+ if (authContext.membershipId) {
134
+ headers["x-lucern-membership-id"] = authContext.membershipId;
135
+ }
136
+ return headers;
166
137
  }
167
-
168
- export { LucernSdkAuthContextError, createCanonicalAuthHeaders, normalizeCanonicalLucernAuthContext };
169
- //# sourceMappingURL=authContext.js.map
170
138
  //# sourceMappingURL=authContext.js.map
@@ -1,17 +1,9 @@
1
- import { GatewayClientConfig } from './coreClient.js';
2
- import '@lucern/transport-core';
3
- import './authContext.js';
4
- import './contracts/auth-session.contract.js';
5
- import './types.js';
6
- import './contracts/workflow-runtime.contract.js';
7
- import './contracts/lens-workflow.contract.js';
8
- import './contracts/lens-filter.contract.js';
9
-
10
- type DeviceCodeInput = {
1
+ import type { GatewayClientConfig } from "./coreClient";
2
+ export type DeviceCodeInput = {
11
3
  clientId?: string;
12
4
  scope?: string;
13
5
  };
14
- type DeviceCodeResponse = {
6
+ export type DeviceCodeResponse = {
15
7
  device_code: string;
16
8
  user_code: string;
17
9
  verification_uri: string;
@@ -19,7 +11,7 @@ type DeviceCodeResponse = {
19
11
  expires_in: number;
20
12
  interval: number;
21
13
  };
22
- type DeviceTokenResponse = {
14
+ export type DeviceTokenResponse = {
23
15
  access_token: string;
24
16
  token_type: "Bearer";
25
17
  expires_in: number;
@@ -32,8 +24,8 @@ type DeviceTokenResponse = {
32
24
  principalId: string;
33
25
  };
34
26
  };
35
- type DeviceTokenErrorCode = "authorization_pending" | "slow_down" | "access_denied" | "expired_token" | "invalid_grant" | "invalid_request";
36
- declare class DeviceAuthorizationError extends Error {
27
+ export type DeviceTokenErrorCode = "authorization_pending" | "slow_down" | "access_denied" | "expired_token" | "invalid_grant" | "invalid_request";
28
+ export declare class DeviceAuthorizationError extends Error {
37
29
  readonly error: DeviceTokenErrorCode;
38
30
  readonly interval?: number;
39
31
  constructor(args: {
@@ -42,9 +34,8 @@ declare class DeviceAuthorizationError extends Error {
42
34
  interval?: number;
43
35
  });
44
36
  }
45
- declare function createAuthDeviceClient(config?: GatewayClientConfig): {
37
+ export declare function createAuthDeviceClient(config?: GatewayClientConfig): {
46
38
  createDeviceCode(input?: DeviceCodeInput): Promise<DeviceCodeResponse>;
47
39
  pollDeviceToken(deviceCode: string): Promise<DeviceTokenResponse>;
48
40
  };
49
-
50
- export { DeviceAuthorizationError, type DeviceCodeInput, type DeviceCodeResponse, type DeviceTokenErrorCode, type DeviceTokenResponse, createAuthDeviceClient };
41
+ //# sourceMappingURL=authDeviceClient.d.ts.map
@@ -1,121 +1,132 @@
1
- // src/authDeviceClient.ts
2
- var DeviceAuthorizationError = class extends Error {
3
- error;
4
- interval;
5
- constructor(args) {
6
- super(args.description ?? args.error);
7
- this.name = "DeviceAuthorizationError";
8
- this.error = args.error;
9
- this.interval = args.interval;
10
- }
11
- };
1
+ export class DeviceAuthorizationError extends Error {
2
+ error;
3
+ interval;
4
+ constructor(args) {
5
+ super(args.description ?? args.error);
6
+ this.name = "DeviceAuthorizationError";
7
+ this.error = args.error;
8
+ this.interval = args.interval;
9
+ }
10
+ }
12
11
  function authBaseUrl(config) {
13
- return config.baseUrl?.replace(/\/+$/, "") ?? "";
12
+ return config.baseUrl?.replace(/\/+$/, "") ?? "";
14
13
  }
15
14
  async function readJson(response) {
16
- try {
17
- const payload = await response.json();
18
- return isRecord(payload) ? payload : {};
19
- } catch (error) {
20
- return unreadableJsonBodyFallback();
21
- }
15
+ try {
16
+ const payload = (await response.json());
17
+ return isRecord(payload) ? payload : {};
18
+ }
19
+ catch (error) {
20
+ return unreadableJsonBodyFallback(error);
21
+ }
22
22
  }
23
23
  function unreadableJsonBodyFallback(_error) {
24
- return {};
24
+ return {};
25
25
  }
26
26
  function isRecord(value) {
27
- return value !== null && typeof value === "object" && !Array.isArray(value);
27
+ return value !== null && typeof value === "object" && !Array.isArray(value);
28
28
  }
29
29
  function readString(value) {
30
- const normalized = typeof value === "string" ? value.trim() : "";
31
- return normalized || void 0;
30
+ const normalized = typeof value === "string" ? value.trim() : "";
31
+ return normalized || undefined;
32
32
  }
33
33
  function assertDeviceCodeResponse(payload) {
34
- const deviceCode = readString(payload.device_code);
35
- const userCode = readString(payload.user_code);
36
- const verificationUri = readString(payload.verification_uri);
37
- const verificationUriComplete = readString(payload.verification_uri_complete);
38
- const expiresIn = payload.expires_in;
39
- const interval = payload.interval;
40
- if (!deviceCode || !userCode || !verificationUri || !verificationUriComplete || typeof expiresIn !== "number" || typeof interval !== "number") {
41
- throw new Error("Gateway returned an invalid device-code response.");
42
- }
43
- return {
44
- device_code: deviceCode,
45
- user_code: userCode,
46
- verification_uri: verificationUri,
47
- verification_uri_complete: verificationUriComplete,
48
- expires_in: expiresIn,
49
- interval
50
- };
34
+ const deviceCode = readString(payload.device_code);
35
+ const userCode = readString(payload.user_code);
36
+ const verificationUri = readString(payload.verification_uri);
37
+ const verificationUriComplete = readString(payload.verification_uri_complete);
38
+ const expiresIn = payload.expires_in;
39
+ const interval = payload.interval;
40
+ if (!deviceCode ||
41
+ !userCode ||
42
+ !verificationUri ||
43
+ !verificationUriComplete ||
44
+ typeof expiresIn !== "number" ||
45
+ typeof interval !== "number") {
46
+ throw new Error("Gateway returned an invalid device-code response.");
47
+ }
48
+ return {
49
+ device_code: deviceCode,
50
+ user_code: userCode,
51
+ verification_uri: verificationUri,
52
+ verification_uri_complete: verificationUriComplete,
53
+ expires_in: expiresIn,
54
+ interval,
55
+ };
51
56
  }
52
57
  function assertDeviceTokenResponse(payload) {
53
- const accessToken = readString(payload.access_token);
54
- const tokenType = readString(payload.token_type);
55
- const scope = readString(payload.scope);
56
- const tenantId = readString(payload.tenant_id);
57
- const principalId = readString(payload.principal_id);
58
- if (!accessToken || tokenType !== "Bearer" || typeof payload.expires_in !== "number" || !scope || !tenantId || !principalId) {
59
- throw new Error("Gateway returned an invalid device token response.");
60
- }
61
- return {
62
- access_token: accessToken,
63
- token_type: "Bearer",
64
- expires_in: payload.expires_in,
65
- scope,
66
- tenant_id: tenantId,
67
- workspace_id: readString(payload.workspace_id),
68
- principal_id: principalId,
69
- user: isRecord(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
70
- id: payload.user.id,
71
- principalId: payload.user.principalId
72
- } : void 0
73
- };
58
+ const accessToken = readString(payload.access_token);
59
+ const tokenType = readString(payload.token_type);
60
+ const scope = readString(payload.scope);
61
+ const tenantId = readString(payload.tenant_id);
62
+ const principalId = readString(payload.principal_id);
63
+ if (!accessToken ||
64
+ tokenType !== "Bearer" ||
65
+ typeof payload.expires_in !== "number" ||
66
+ !scope ||
67
+ !tenantId ||
68
+ !principalId) {
69
+ throw new Error("Gateway returned an invalid device token response.");
70
+ }
71
+ return {
72
+ access_token: accessToken,
73
+ token_type: "Bearer",
74
+ expires_in: payload.expires_in,
75
+ scope,
76
+ tenant_id: tenantId,
77
+ workspace_id: readString(payload.workspace_id),
78
+ principal_id: principalId,
79
+ user: isRecord(payload.user) &&
80
+ typeof payload.user.id === "string" &&
81
+ typeof payload.user.principalId === "string"
82
+ ? {
83
+ id: payload.user.id,
84
+ principalId: payload.user.principalId,
85
+ }
86
+ : undefined,
87
+ };
74
88
  }
75
89
  function maybeThrowDeviceError(payload) {
76
- const error = readString(payload.error);
77
- throw new DeviceAuthorizationError({
78
- error: error ?? "invalid_request",
79
- description: readString(payload.error_description),
80
- interval: typeof payload.interval === "number" ? payload.interval : void 0
81
- });
82
- }
83
- function createAuthDeviceClient(config = {}) {
84
- const fetchImpl = config.fetchImpl ?? fetch;
85
- const baseUrl = authBaseUrl(config);
86
- async function post(path, body) {
87
- return fetchImpl(`${baseUrl}${path}`, {
88
- method: "POST",
89
- headers: { "content-type": "application/json" },
90
- body: JSON.stringify(body)
90
+ const error = readString(payload.error);
91
+ throw new DeviceAuthorizationError({
92
+ error: error ?? "invalid_request",
93
+ description: readString(payload.error_description),
94
+ interval: typeof payload.interval === "number" ? payload.interval : undefined,
91
95
  });
92
- }
93
- return {
94
- async createDeviceCode(input = {}) {
95
- const response = await post("/api/platform/v1/auth/device/code", {
96
- client_id: input.clientId ?? "lucern-cli",
97
- scope: input.scope ?? "graph.read graph.write"
98
- });
99
- const payload = await readJson(response);
100
- if (!response.ok) {
101
- maybeThrowDeviceError(payload);
102
- }
103
- return assertDeviceCodeResponse(payload);
104
- },
105
- async pollDeviceToken(deviceCode) {
106
- const response = await post("/api/platform/v1/auth/device/token", {
107
- grant_type: "urn:ietf:params:oauth:grant-type:device_code",
108
- device_code: deviceCode
109
- });
110
- const payload = await readJson(response);
111
- if (!response.ok) {
112
- maybeThrowDeviceError(payload);
113
- }
114
- return assertDeviceTokenResponse(payload);
96
+ }
97
+ export function createAuthDeviceClient(config = {}) {
98
+ const fetchImpl = config.fetchImpl ?? fetch;
99
+ const baseUrl = authBaseUrl(config);
100
+ async function post(path, body) {
101
+ return fetchImpl(`${baseUrl}${path}`, {
102
+ method: "POST",
103
+ headers: { "content-type": "application/json" },
104
+ body: JSON.stringify(body),
105
+ });
115
106
  }
116
- };
107
+ return {
108
+ async createDeviceCode(input = {}) {
109
+ const response = await post("/api/platform/v1/auth/device/code", {
110
+ client_id: input.clientId ?? "lucern-cli",
111
+ scope: input.scope ?? "graph.read graph.write",
112
+ });
113
+ const payload = await readJson(response);
114
+ if (!response.ok) {
115
+ maybeThrowDeviceError(payload);
116
+ }
117
+ return assertDeviceCodeResponse(payload);
118
+ },
119
+ async pollDeviceToken(deviceCode) {
120
+ const response = await post("/api/platform/v1/auth/device/token", {
121
+ grant_type: "urn:ietf:params:oauth:grant-type:device_code",
122
+ device_code: deviceCode,
123
+ });
124
+ const payload = await readJson(response);
125
+ if (!response.ok) {
126
+ maybeThrowDeviceError(payload);
127
+ }
128
+ return assertDeviceTokenResponse(payload);
129
+ },
130
+ };
117
131
  }
118
-
119
- export { DeviceAuthorizationError, createAuthDeviceClient };
120
- //# sourceMappingURL=authDeviceClient.js.map
121
132
  //# sourceMappingURL=authDeviceClient.js.map