@lucern/contracts 0.3.0-alpha.1 → 0.3.0-alpha.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/dist/api-enums.contract.d.ts +5 -3
- package/dist/api-enums.contract.js +14 -12
- package/dist/api-enums.contract.js.map +1 -1
- package/dist/component-boundary.contract.d.ts +14 -0
- package/dist/component-boundary.contract.js +174 -0
- package/dist/component-boundary.contract.js.map +1 -0
- package/dist/component-host-boundary.contract.d.ts +46 -0
- package/dist/component-host-boundary.contract.js +60 -0
- package/dist/component-host-boundary.contract.js.map +1 -0
- package/dist/context-pack.contract.d.ts +5 -3
- package/dist/context-pack.contract.js.map +1 -1
- package/dist/{defineTable-CBQ03FXl.d.ts → defineTable-t1wr5wgn.d.ts} +1 -1
- package/dist/{dsl-BgpoVOVQ.d.ts → dsl-DVPthQGY.d.ts} +2 -2
- package/dist/dsl.d.ts +2 -2
- package/dist/dsl.js +1 -4
- package/dist/dsl.js.map +1 -1
- package/dist/edge-policy-manifest-Dw5IhT1L.d.ts +133 -0
- package/dist/function-registry/beliefs.d.ts +54 -41
- package/dist/function-registry/beliefs.js +759 -38
- package/dist/function-registry/beliefs.js.map +1 -1
- package/dist/function-registry/coding.d.ts +9 -0
- package/dist/function-registry/coding.js +811 -39
- package/dist/function-registry/coding.js.map +1 -1
- package/dist/function-registry/context.d.ts +19 -13
- package/dist/function-registry/context.js +750 -42
- package/dist/function-registry/context.js.map +1 -1
- package/dist/function-registry/contracts.d.ts +6 -0
- package/dist/function-registry/contracts.js +715 -35
- package/dist/function-registry/contracts.js.map +1 -1
- package/dist/function-registry/coordination.d.ts +12 -0
- package/dist/function-registry/coordination.js +715 -35
- package/dist/function-registry/coordination.js.map +1 -1
- package/dist/function-registry/edges.d.ts +165 -0
- package/dist/function-registry/edges.js +923 -67
- package/dist/function-registry/edges.js.map +1 -1
- package/dist/function-registry/evidence.d.ts +44 -33
- package/dist/function-registry/evidence.js +769 -47
- package/dist/function-registry/evidence.js.map +1 -1
- package/dist/function-registry/graph.d.ts +149 -53
- package/dist/function-registry/graph.js +831 -42
- package/dist/function-registry/graph.js.map +1 -1
- package/dist/function-registry/helpers.d.ts +6 -3
- package/dist/function-registry/helpers.js +716 -36
- package/dist/function-registry/helpers.js.map +1 -1
- package/dist/function-registry/identity.d.ts +6 -0
- package/dist/function-registry/identity.js +715 -35
- package/dist/function-registry/identity.js.map +1 -1
- package/dist/function-registry/index.d.ts +5 -3
- package/dist/function-registry/index.js +722 -39
- package/dist/function-registry/index.js.map +1 -1
- package/dist/function-registry/judgments.d.ts +14 -9
- package/dist/function-registry/judgments.js +727 -38
- package/dist/function-registry/judgments.js.map +1 -1
- package/dist/function-registry/legacy.d.ts +4 -0
- package/dist/function-registry/legacy.js +715 -35
- package/dist/function-registry/legacy.js.map +1 -1
- package/dist/function-registry/lenses.d.ts +24 -17
- package/dist/function-registry/lenses.js +738 -38
- package/dist/function-registry/lenses.js.map +1 -1
- package/dist/function-registry/manifest.d.ts +6 -6
- package/dist/function-registry/manifest.js +18 -2
- package/dist/function-registry/manifest.js.map +1 -1
- package/dist/function-registry/nodes.d.ts +412 -0
- package/dist/function-registry/nodes.js +5303 -0
- package/dist/function-registry/nodes.js.map +1 -0
- package/dist/function-registry/ontologies.d.ts +59 -45
- package/dist/function-registry/ontologies.js +733 -41
- package/dist/function-registry/ontologies.js.map +1 -1
- package/dist/function-registry/pipeline.d.ts +19 -13
- package/dist/function-registry/pipeline.js +724 -38
- package/dist/function-registry/pipeline.js.map +1 -1
- package/dist/function-registry/questions.d.ts +64 -49
- package/dist/function-registry/questions.js +812 -43
- package/dist/function-registry/questions.js.map +1 -1
- package/dist/function-registry/tasks.d.ts +24 -17
- package/dist/function-registry/tasks.js +776 -44
- package/dist/function-registry/tasks.js.map +1 -1
- package/dist/function-registry/topics.d.ts +109 -21
- package/dist/function-registry/topics.js +797 -39
- package/dist/function-registry/topics.js.map +1 -1
- package/dist/function-registry/types.d.ts +6 -2
- package/dist/function-registry/worktrees.d.ts +94 -41
- package/dist/function-registry/worktrees.js +854 -47
- package/dist/function-registry/worktrees.js.map +1 -1
- package/dist/function-registry-input-audit.d.ts +13 -0
- package/dist/function-registry-input-audit.js +166 -0
- package/dist/function-registry-input-audit.js.map +1 -0
- package/dist/gateway.contract.d.ts +5 -0
- package/dist/gateway.contract.js.map +1 -1
- package/dist/generated/convexSchemas.d.ts +3 -3
- package/dist/generated/convexSchemas.js +38 -18
- package/dist/generated/convexSchemas.js.map +1 -1
- package/dist/generated/infisicalRuntimeEnv.d.ts +70 -0
- package/dist/generated/infisicalRuntimeEnv.js +26572 -0
- package/dist/generated/infisicalRuntimeEnv.js.map +1 -0
- package/dist/generated/lucernGatewayEnv.d.ts +17 -0
- package/dist/generated/lucernGatewayEnv.js +38 -0
- package/dist/generated/lucernGatewayEnv.js.map +1 -0
- package/dist/generated/lucernWebPublicEnv.d.ts +26 -0
- package/dist/generated/lucernWebPublicEnv.js +32 -0
- package/dist/generated/lucernWebPublicEnv.js.map +1 -0
- package/dist/generated/lucernWebServerEnv.d.ts +33 -0
- package/dist/generated/lucernWebServerEnv.js +51 -0
- package/dist/generated/lucernWebServerEnv.js.map +1 -0
- package/dist/generated/schema-manifest.json +1199 -138
- package/dist/generated/tableOwnership.d.ts +47 -27
- package/dist/generated/tableOwnership.js +66 -26
- package/dist/generated/tableOwnership.js.map +1 -1
- package/dist/generated/tier-expectations.json +62 -8
- package/dist/graph-intelligence.contract.d.ts +506 -0
- package/dist/graph-intelligence.contract.js +595 -0
- package/dist/graph-intelligence.contract.js.map +1 -0
- package/dist/graph-types/index.d.ts +5 -1
- package/dist/graph-types/index.js +15 -4
- package/dist/graph-types/index.js.map +1 -1
- package/dist/index-CM1Pl_vI.d.ts +28 -0
- package/dist/index.d.ts +29 -414
- package/dist/index.js +34791 -1088
- package/dist/index.js.map +1 -1
- package/dist/infisical-runtime.contract.d.ts +1768 -0
- package/dist/infisical-runtime.contract.js +3093 -0
- package/dist/infisical-runtime.contract.js.map +1 -0
- package/dist/lens-filter.contract.js +4 -3
- package/dist/lens-filter.contract.js.map +1 -1
- package/dist/lens-workflow.contract.js +4 -3
- package/dist/lens-workflow.contract.js.map +1 -1
- package/dist/manifests/edge-policy-manifest.d.ts +2 -0
- package/dist/manifests/edge-policy-manifest.data.d.ts +13 -0
- package/dist/manifests/edge-policy-manifest.data.js +26 -0
- package/dist/manifests/edge-policy-manifest.data.js.map +1 -0
- package/dist/manifests/edge-policy-manifest.js +92 -0
- package/dist/manifests/edge-policy-manifest.js.map +1 -0
- package/dist/manifests/infisical-runtime-manifest.d.ts +1672 -0
- package/dist/manifests/infisical-runtime-manifest.js +2948 -0
- package/dist/manifests/infisical-runtime-manifest.js.map +1 -0
- package/dist/manifests/invariant-manifest.d.ts +65 -0
- package/dist/manifests/invariant-manifest.js +18 -0
- package/dist/manifests/invariant-manifest.js.map +1 -0
- package/dist/manifests/invariants/ast-utils.d.ts +14 -0
- package/dist/manifests/invariants/ast-utils.js +54 -0
- package/dist/manifests/invariants/ast-utils.js.map +1 -0
- package/dist/manifests/invariants/index.d.ts +15 -0
- package/dist/manifests/invariants/index.js +183 -0
- package/dist/manifests/invariants/index.js.map +1 -0
- package/dist/manifests/invariants/inv-1-beliefs-append-only.d.ts +12 -0
- package/dist/manifests/invariants/inv-1-beliefs-append-only.js +94 -0
- package/dist/manifests/invariants/inv-1-beliefs-append-only.js.map +1 -0
- package/dist/manifests/invariants/inv-14-no-silent-transitions.d.ts +12 -0
- package/dist/manifests/invariants/inv-14-no-silent-transitions.js +99 -0
- package/dist/manifests/invariants/inv-14-no-silent-transitions.js.map +1 -0
- package/dist/manifests/invariants/manifest-1-projections-declare-audit.d.ts +12 -0
- package/dist/manifests/invariants/manifest-1-projections-declare-audit.js +42 -0
- package/dist/manifests/invariants/manifest-1-projections-declare-audit.js.map +1 -0
- package/dist/manifests/tenant-client-manifest.d.ts +322 -0
- package/dist/manifests/tenant-client-manifest.js +432 -0
- package/dist/manifests/tenant-client-manifest.js.map +1 -0
- package/dist/mcp-gateway-boundary.contract.d.ts +201 -0
- package/dist/mcp-gateway-boundary.contract.js +45 -0
- package/dist/mcp-gateway-boundary.contract.js.map +1 -0
- package/dist/projections/check-convex-args-shape.d.ts +3 -0
- package/dist/projections/check-convex-args-shape.js +403 -0
- package/dist/projections/check-convex-args-shape.js.map +1 -0
- package/dist/projections/create-evidence.projection.d.ts +176 -0
- package/dist/projections/create-evidence.projection.js +130 -0
- package/dist/projections/create-evidence.projection.js.map +1 -0
- package/dist/projections/index.d.ts +102 -0
- package/dist/projections/index.js +352 -0
- package/dist/projections/index.js.map +1 -0
- package/dist/projections/list-beliefs.projection.d.ts +36 -0
- package/dist/projections/list-beliefs.projection.js +54 -0
- package/dist/projections/list-beliefs.projection.js.map +1 -0
- package/dist/projections/list-tasks.projection.d.ts +44 -0
- package/dist/projections/list-tasks.projection.js +57 -0
- package/dist/projections/list-tasks.projection.js.map +1 -0
- package/dist/projections/modulate-confidence.projection.d.ts +219 -0
- package/dist/projections/modulate-confidence.projection.js +148 -0
- package/dist/projections/modulate-confidence.projection.js.map +1 -0
- package/dist/projections/projection-dsl.d.ts +11 -0
- package/dist/projections/projection-dsl.js +8 -0
- package/dist/projections/projection-dsl.js.map +1 -0
- package/dist/proof-attestation.json +45 -0
- package/dist/schema-helpers/enumValidation.js +2 -5
- package/dist/schema-helpers/enumValidation.js.map +1 -1
- package/dist/schema-helpers/spine/nodes/decision.js +2 -1
- package/dist/schema-helpers/spine/nodes/decision.js.map +1 -1
- package/dist/schema-helpers/spine/tables/epistemicNodes.js +27 -27
- package/dist/schema-helpers/spine/tables/epistemicNodes.js.map +1 -1
- package/dist/schemas/component-table-manifest.d.ts +6 -6
- package/dist/schemas/component-table-manifest.js +2 -2
- package/dist/schemas/component-table-manifest.js.map +1 -1
- package/dist/schemas/enums.d.ts +5 -2
- package/dist/schemas/enums.js +5 -2
- package/dist/schemas/enums.js.map +1 -1
- package/dist/schemas/index.d.ts +3 -3
- package/dist/schemas/index.js +1129 -139
- package/dist/schemas/index.js.map +1 -1
- package/dist/schemas/manifest.d.ts +2979 -949
- package/dist/schemas/manifest.js +1127 -137
- package/dist/schemas/manifest.js.map +1 -1
- package/dist/schemas/sl-opinion.d.ts +4 -4
- package/dist/schemas/tables/controlPlane/accessControl.d.ts +260 -0
- package/dist/schemas/tables/controlPlane/accessControl.js +653 -0
- package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/agent.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/agent.js +3 -3
- package/dist/schemas/tables/controlPlane/agent.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/epistemic.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/epistemic.js +3 -3
- package/dist/schemas/tables/controlPlane/epistemic.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/model.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/model.js +6 -6
- package/dist/schemas/tables/controlPlane/model.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/platform.d.ts +11 -11
- package/dist/schemas/tables/{identity → controlPlane}/platform.js +18 -18
- package/dist/schemas/tables/controlPlane/platform.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/project.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/project.js +3 -3
- package/dist/schemas/tables/controlPlane/project.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/user.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/user.js +3 -3
- package/dist/schemas/tables/controlPlane/user.js.map +1 -0
- package/dist/schemas/tables/kernel/config.d.ts +1 -1
- package/dist/schemas/tables/kernel/config.js.map +1 -1
- package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
- package/dist/schemas/tables/kernel/coordination.js.map +1 -1
- package/dist/schemas/tables/kernel/decision.d.ts +1 -1
- package/dist/schemas/tables/kernel/decision.js.map +1 -1
- package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
- package/dist/schemas/tables/kernel/embedding.js.map +1 -1
- package/dist/schemas/tables/kernel/epistemic.d.ts +7 -7
- package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
- package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
- package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
- package/dist/schemas/tables/kernel/infra.d.ts +5 -5
- package/dist/schemas/tables/kernel/infra.js.map +1 -1
- package/dist/schemas/tables/kernel/intelligence.d.ts +11 -11
- package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
- package/dist/schemas/tables/kernel/lens.d.ts +5 -5
- package/dist/schemas/tables/kernel/lens.js.map +1 -1
- package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
- package/dist/schemas/tables/kernel/ontology.js.map +1 -1
- package/dist/schemas/tables/kernel/platform.d.ts +13 -13
- package/dist/schemas/tables/kernel/platform.js.map +1 -1
- package/dist/schemas/tables/kernel/spine.d.ts +5 -4
- package/dist/schemas/tables/kernel/spine.js +6 -2
- package/dist/schemas/tables/kernel/spine.js.map +1 -1
- package/dist/schemas/tables/kernel/task.d.ts +43 -43
- package/dist/schemas/tables/kernel/task.js.map +1 -1
- package/dist/schemas/tables/kernel/topic.d.ts +1 -1
- package/dist/schemas/tables/kernel/topic.js +5 -1
- package/dist/schemas/tables/kernel/topic.js.map +1 -1
- package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
- package/dist/schemas/tables/kernel/workflow.js.map +1 -1
- package/dist/schemas/tables/kernel/worktree.d.ts +55 -55
- package/dist/schemas/tables/kernel/worktree.js.map +1 -1
- package/dist/schemas/tables/mc/identity.d.ts +44 -4
- package/dist/schemas/tables/mc/identity.js +66 -1
- package/dist/schemas/tables/mc/identity.js.map +1 -1
- package/dist/schemas/tables/mc/methodology.d.ts +1 -1
- package/dist/schemas/tables/mc/methodology.js.map +1 -1
- package/dist/schemas/tables/mc/pack.d.ts +21 -21
- package/dist/schemas/tables/mc/pack.js.map +1 -1
- package/dist/schemas/tables/mc/policy.d.ts +2 -2
- package/dist/schemas/tables/mc/policy.js +1 -1
- package/dist/schemas/tables/mc/policy.js.map +1 -1
- package/dist/schemas/tables/mc/registry.d.ts +5 -5
- package/dist/schemas/tables/mc/registry.js.map +1 -1
- package/dist/schemas/tables/mc/runtime.d.ts +109 -3
- package/dist/schemas/tables/mc/runtime.js +330 -104
- package/dist/schemas/tables/mc/runtime.js.map +1 -1
- package/dist/schemas/tables/mc/tenant.d.ts +3 -2
- package/dist/schemas/tables/mc/tenant.js +2 -1
- package/dist/schemas/tables/mc/tenant.js.map +1 -1
- package/dist/schemas/tables/mc/workspace.d.ts +28 -5
- package/dist/schemas/tables/mc/workspace.js +36 -2
- package/dist/schemas/tables/mc/workspace.js.map +1 -1
- package/dist/sdk-methods.contract.d.ts +2 -2
- package/dist/{sdk-tools.contract-S4ia0TTo.d.ts → sdk-tools.contract-BNklQDfB.d.ts} +2 -2
- package/dist/sdk-tools.contract.d.ts +2 -2
- package/dist/sdk-tools.contract.js +672 -24
- package/dist/sdk-tools.contract.js.map +1 -1
- package/dist/tenant-bootstrap-seed.contract.d.ts +1269 -0
- package/dist/tenant-bootstrap-seed.contract.js +751 -0
- package/dist/tenant-bootstrap-seed.contract.js.map +1 -0
- package/dist/tenant-bootstrap-seed.defaults.d.ts +16 -0
- package/dist/tenant-bootstrap-seed.defaults.js +303 -0
- package/dist/tenant-bootstrap-seed.defaults.js.map +1 -0
- package/dist/tenant-client.contract.d.ts +349 -0
- package/dist/tenant-client.contract.js +488 -0
- package/dist/tenant-client.contract.js.map +1 -0
- package/dist/{tool-contracts-C92-9ueT.d.ts → tool-contracts-BevD9Ho2.d.ts} +36 -2
- package/dist/tool-contracts.d.ts +1 -1
- package/dist/tool-contracts.js +673 -25
- package/dist/tool-contracts.js.map +1 -1
- package/package.json +30 -1
- package/dist/index-CV-0_VWJ.d.ts +0 -25
- package/dist/schemas/tables/identity/agent.js.map +0 -1
- package/dist/schemas/tables/identity/epistemic.js.map +0 -1
- package/dist/schemas/tables/identity/model.js.map +0 -1
- package/dist/schemas/tables/identity/platform.js.map +0 -1
- package/dist/schemas/tables/identity/project.js.map +0 -1
- package/dist/schemas/tables/identity/user.js.map +0 -1
|
@@ -0,0 +1,1768 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Infisical runtime contract
|
|
3
|
+
*
|
|
4
|
+
* Defines how Lucern runtime surfaces receive platform configuration and
|
|
5
|
+
* secrets. Vercel-owned apps consume Infisical through secret syncs. Server,
|
|
6
|
+
* CLI, MCP, and SDK operator contexts may hydrate runtime config directly from
|
|
7
|
+
* Infisical when they have a scoped machine identity. Tenant user auth still
|
|
8
|
+
* flows through Lucern device login; tenant tools never receive platform Clerk
|
|
9
|
+
* secrets.
|
|
10
|
+
*/
|
|
11
|
+
declare const INFISICAL_RUNTIME_CONTRACT_VERSION: "2026-05-06";
|
|
12
|
+
declare const INFISICAL_RUNTIME_DEFAULT_API_URL: "https://app.infisical.com";
|
|
13
|
+
declare const INFISICAL_RUNTIME_DEFAULT_PROJECT_ID: "344b0526-90df-4606-ba50-22c647a36c65";
|
|
14
|
+
declare const INFISICAL_RUNTIME_ENVIRONMENTS: readonly ["dev", "staging", "prod"];
|
|
15
|
+
type InfisicalRuntimeEnvironment = (typeof INFISICAL_RUNTIME_ENVIRONMENTS)[number];
|
|
16
|
+
declare const INFISICAL_RUNTIME_DELIVERY_MODES: readonly ["vercel_sync", "runtime_fetch", "device_auth"];
|
|
17
|
+
type InfisicalRuntimeDeliveryMode = (typeof INFISICAL_RUNTIME_DELIVERY_MODES)[number];
|
|
18
|
+
declare const INFISICAL_VERCEL_DESTINATION_ENVIRONMENTS: readonly ["development", "preview", "staging", "production"];
|
|
19
|
+
type InfisicalVercelDestinationEnvironment = (typeof INFISICAL_VERCEL_DESTINATION_ENVIRONMENTS)[number];
|
|
20
|
+
declare const INFISICAL_VERCEL_TARGETS: readonly ["development", "preview", "production"];
|
|
21
|
+
type InfisicalVercelTarget = (typeof INFISICAL_VERCEL_TARGETS)[number];
|
|
22
|
+
declare const INFISICAL_CONVEX_TIERS: readonly ["preprod", "prod"];
|
|
23
|
+
type InfisicalConvexTier = (typeof INFISICAL_CONVEX_TIERS)[number];
|
|
24
|
+
declare const INFISICAL_CONVEX_TIER_BY_VERCEL_ENVIRONMENT: {
|
|
25
|
+
readonly development: "preprod";
|
|
26
|
+
readonly preview: "preprod";
|
|
27
|
+
readonly staging: "preprod";
|
|
28
|
+
readonly production: "prod";
|
|
29
|
+
};
|
|
30
|
+
type InfisicalVercelSyncDestination = {
|
|
31
|
+
readonly environment: InfisicalVercelDestinationEnvironment;
|
|
32
|
+
readonly vercelTarget: InfisicalVercelTarget;
|
|
33
|
+
readonly convexTier: InfisicalConvexTier;
|
|
34
|
+
readonly customEnvironmentSlug?: string;
|
|
35
|
+
readonly customEnvironmentIdsByProjectName?: Readonly<Record<string, string>>;
|
|
36
|
+
readonly domainsByProjectName?: Readonly<Record<string, string>>;
|
|
37
|
+
};
|
|
38
|
+
declare const INFISICAL_VERCEL_SYNC_RECONCILIATION: {
|
|
39
|
+
readonly sourceOfTruth: "infisical";
|
|
40
|
+
readonly writer: "vercel_api";
|
|
41
|
+
readonly disableSecretDeletion: false;
|
|
42
|
+
readonly pruneDestinationKeys: true;
|
|
43
|
+
};
|
|
44
|
+
declare const INFISICAL_VERCEL_SYNC_DESTINATIONS: readonly [{
|
|
45
|
+
readonly environment: "development";
|
|
46
|
+
readonly vercelTarget: "development";
|
|
47
|
+
readonly convexTier: "preprod";
|
|
48
|
+
}, {
|
|
49
|
+
readonly environment: "preview";
|
|
50
|
+
readonly vercelTarget: "preview";
|
|
51
|
+
readonly convexTier: "preprod";
|
|
52
|
+
}, {
|
|
53
|
+
readonly environment: "staging";
|
|
54
|
+
readonly vercelTarget: "preview";
|
|
55
|
+
readonly convexTier: "preprod";
|
|
56
|
+
readonly customEnvironmentSlug: "staging";
|
|
57
|
+
readonly customEnvironmentIdsByProjectName: {
|
|
58
|
+
readonly stackos: "env_RbS0TYRRvWISTje8qR4u2lRg7TC8";
|
|
59
|
+
};
|
|
60
|
+
readonly domainsByProjectName: {
|
|
61
|
+
readonly stackos: "staging.stack.vc";
|
|
62
|
+
};
|
|
63
|
+
}, {
|
|
64
|
+
readonly environment: "production";
|
|
65
|
+
readonly vercelTarget: "production";
|
|
66
|
+
readonly convexTier: "prod";
|
|
67
|
+
}];
|
|
68
|
+
declare const INFISICAL_RUNTIME_SURFACE_IDS: readonly ["lucern-web", "lucern-gateway", "lucern-sdk", "lucern-cli", "lucern-mcp", "tenant-client"];
|
|
69
|
+
type InfisicalRuntimeSurfaceId = (typeof INFISICAL_RUNTIME_SURFACE_IDS)[number];
|
|
70
|
+
declare const INFISICAL_RUNTIME_BOOTSTRAP_ENV: {
|
|
71
|
+
readonly apiUrl: readonly ["INFISICAL_API_URL", "INFISICAL_URL"];
|
|
72
|
+
readonly projectId: readonly ["INFISICAL_PROJECT_ID", "INFISICAL_WORKSPACE_ID"];
|
|
73
|
+
readonly clientId: readonly ["INFISICAL_CLIENT_ID", "INFISICAL_MACHINE_CLIENT_ID", "INFISICAL_UNIVERSAL_AUTH_CLIENT_ID"];
|
|
74
|
+
readonly clientSecret: readonly ["INFISICAL_CLIENT_SECRET", "INFISICAL_MACHINE_CLIENT_SECRET", "INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET"];
|
|
75
|
+
readonly environment: readonly ["INFISICAL_ENV", "LUCERN_INFISICAL_ENV"];
|
|
76
|
+
readonly organizationSlug: readonly ["INFISICAL_ORG_SLUG", "INFISICAL_ORGANIZATION_SLUG"];
|
|
77
|
+
readonly disabled: readonly ["LUCERN_INFISICAL_DISABLE", "INFISICAL_DISABLE"];
|
|
78
|
+
};
|
|
79
|
+
type InfisicalRuntimeBootstrapEnv = typeof INFISICAL_RUNTIME_BOOTSTRAP_ENV;
|
|
80
|
+
declare const INFISICAL_RUNTIME_CONTROL_ENV: readonly [{
|
|
81
|
+
readonly name: "NODE_ENV";
|
|
82
|
+
readonly category: "framework";
|
|
83
|
+
readonly description: "Node/Next runtime mode. Framework-owned, not written by Infisical.";
|
|
84
|
+
}, {
|
|
85
|
+
readonly name: "CI";
|
|
86
|
+
readonly category: "ci";
|
|
87
|
+
readonly description: "CI execution signal. Workflow-owned, not written by Infisical.";
|
|
88
|
+
}, {
|
|
89
|
+
readonly name: "VERCEL";
|
|
90
|
+
readonly category: "vercel";
|
|
91
|
+
readonly description: "Vercel runtime signal. Platform-owned, not written by Infisical.";
|
|
92
|
+
}, {
|
|
93
|
+
readonly name: "VERCEL_ENV";
|
|
94
|
+
readonly category: "vercel";
|
|
95
|
+
readonly description: "Vercel environment label used for build/runtime selection.";
|
|
96
|
+
}, {
|
|
97
|
+
readonly name: "VERCEL_URL";
|
|
98
|
+
readonly category: "vercel";
|
|
99
|
+
readonly description: "Vercel deployment URL supplied by Vercel for previews and builds.";
|
|
100
|
+
}, {
|
|
101
|
+
readonly name: "VERCEL_GIT_COMMIT_SHA";
|
|
102
|
+
readonly category: "vercel";
|
|
103
|
+
readonly description: "Vercel git metadata used for release labels. Platform-owned, not written by Infisical.";
|
|
104
|
+
}, {
|
|
105
|
+
readonly name: "NEXT_RUNTIME";
|
|
106
|
+
readonly category: "nextjs";
|
|
107
|
+
readonly description: "Next.js runtime selector for node/edge instrumentation modules.";
|
|
108
|
+
}, {
|
|
109
|
+
readonly name: "PORT";
|
|
110
|
+
readonly category: "framework";
|
|
111
|
+
readonly description: "Local/server port supplied by the runtime process manager.";
|
|
112
|
+
}, {
|
|
113
|
+
readonly name: "HOST";
|
|
114
|
+
readonly category: "framework";
|
|
115
|
+
readonly description: "Local/server host supplied by the runtime process manager.";
|
|
116
|
+
}, {
|
|
117
|
+
readonly name: "APP_URL";
|
|
118
|
+
readonly category: "compatibility";
|
|
119
|
+
readonly description: "Legacy local app URL fallback. Prefer LUCERN_LOGIN_BASE_URL or LUCERN_API_URL.";
|
|
120
|
+
}, {
|
|
121
|
+
readonly name: "NEXT_PUBLIC_APP_URL";
|
|
122
|
+
readonly category: "compatibility";
|
|
123
|
+
readonly description: "Legacy public app URL fallback. Prefer LUCERN_LOGIN_BASE_URL or LUCERN_API_URL.";
|
|
124
|
+
}, {
|
|
125
|
+
readonly name: "CLAUDE_PROJECT_DIR";
|
|
126
|
+
readonly category: "agent_local";
|
|
127
|
+
readonly description: "Local agent workspace hint. Agent-runtime-owned, not written by Infisical.";
|
|
128
|
+
}, {
|
|
129
|
+
readonly name: "HOME";
|
|
130
|
+
readonly category: "os";
|
|
131
|
+
readonly description: "Operating-system home directory used only for local credential discovery.";
|
|
132
|
+
}, {
|
|
133
|
+
readonly name: "USERPROFILE";
|
|
134
|
+
readonly category: "os";
|
|
135
|
+
readonly description: "Windows home directory used only for local credential discovery.";
|
|
136
|
+
}];
|
|
137
|
+
type InfisicalRuntimeControlEnv = (typeof INFISICAL_RUNTIME_CONTROL_ENV)[number];
|
|
138
|
+
type InfisicalRuntimeVariable = {
|
|
139
|
+
readonly name: string;
|
|
140
|
+
readonly required: boolean;
|
|
141
|
+
readonly secret: boolean;
|
|
142
|
+
readonly public: boolean;
|
|
143
|
+
readonly aliases?: readonly string[];
|
|
144
|
+
readonly description: string;
|
|
145
|
+
};
|
|
146
|
+
type InfisicalRuntimePathDefinition = {
|
|
147
|
+
readonly id: string;
|
|
148
|
+
readonly secretPath: string;
|
|
149
|
+
readonly description: string;
|
|
150
|
+
readonly variables: readonly InfisicalRuntimeVariable[];
|
|
151
|
+
};
|
|
152
|
+
declare const INFISICAL_RUNTIME_PATHS: readonly [{
|
|
153
|
+
readonly id: "platform-auth";
|
|
154
|
+
readonly secretPath: "/platform/auth";
|
|
155
|
+
readonly description: "Lucern platform authentication secrets. Synced into Vercel web/gateway projects; never distributed to tenant tools.";
|
|
156
|
+
readonly variables: readonly [{
|
|
157
|
+
readonly name: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY";
|
|
158
|
+
readonly required: true;
|
|
159
|
+
readonly secret: false;
|
|
160
|
+
readonly public: true;
|
|
161
|
+
readonly description: "Clerk publishable key for the Lucern web origin.";
|
|
162
|
+
}, {
|
|
163
|
+
readonly name: "CLERK_SECRET_KEY";
|
|
164
|
+
readonly required: true;
|
|
165
|
+
readonly secret: true;
|
|
166
|
+
readonly public: false;
|
|
167
|
+
readonly description: "Clerk backend secret key for Lucern server runtimes.";
|
|
168
|
+
}, {
|
|
169
|
+
readonly name: "CLERK_JWT_ISSUER_DOMAIN";
|
|
170
|
+
readonly required: false;
|
|
171
|
+
readonly secret: false;
|
|
172
|
+
readonly public: false;
|
|
173
|
+
readonly description: "Expected Clerk issuer/JWKS domain for JWT verification.";
|
|
174
|
+
}, {
|
|
175
|
+
readonly name: "NEXT_PUBLIC_CLERK_SIGN_IN_URL";
|
|
176
|
+
readonly required: false;
|
|
177
|
+
readonly secret: false;
|
|
178
|
+
readonly public: true;
|
|
179
|
+
readonly description: "Public sign-in URL for Lucern-owned web flows.";
|
|
180
|
+
}, {
|
|
181
|
+
readonly name: "NEXT_PUBLIC_CLERK_SIGN_UP_URL";
|
|
182
|
+
readonly required: false;
|
|
183
|
+
readonly secret: false;
|
|
184
|
+
readonly public: true;
|
|
185
|
+
readonly description: "Public sign-up URL for Lucern-owned web flows.";
|
|
186
|
+
}];
|
|
187
|
+
}, {
|
|
188
|
+
readonly id: "platform-runtime";
|
|
189
|
+
readonly secretPath: "/platform/runtime";
|
|
190
|
+
readonly description: "Runtime defaults shared by server-side Lucern clients and operator tooling.";
|
|
191
|
+
readonly variables: readonly [{
|
|
192
|
+
readonly name: "LUCERN_API_URL";
|
|
193
|
+
readonly required: true;
|
|
194
|
+
readonly secret: false;
|
|
195
|
+
readonly public: false;
|
|
196
|
+
readonly aliases: readonly ["LUCERN_API_BASE_URL", "LUCERN_BASE_URL"];
|
|
197
|
+
readonly description: "Canonical Lucern API gateway URL.";
|
|
198
|
+
}, {
|
|
199
|
+
readonly name: "LUCERN_LOGIN_BASE_URL";
|
|
200
|
+
readonly required: false;
|
|
201
|
+
readonly secret: false;
|
|
202
|
+
readonly public: false;
|
|
203
|
+
readonly aliases: readonly ["LUCERN_AUTH_BASE_URL"];
|
|
204
|
+
readonly description: "Browser login origin used when it differs from the API.";
|
|
205
|
+
}, {
|
|
206
|
+
readonly name: "LUCERN_ENVIRONMENT";
|
|
207
|
+
readonly required: false;
|
|
208
|
+
readonly secret: false;
|
|
209
|
+
readonly public: false;
|
|
210
|
+
readonly aliases: readonly ["LUCERN_ENV"];
|
|
211
|
+
readonly description: "Lucern environment label consumed by CLI profiles.";
|
|
212
|
+
}, {
|
|
213
|
+
readonly name: "LUCERN_CLI_SESSION_TTL_MS";
|
|
214
|
+
readonly required: false;
|
|
215
|
+
readonly secret: false;
|
|
216
|
+
readonly public: false;
|
|
217
|
+
readonly description: "Optional web-issued CLI login session lifetime override in milliseconds.";
|
|
218
|
+
}];
|
|
219
|
+
}, {
|
|
220
|
+
readonly id: "tenant-shared-install";
|
|
221
|
+
readonly secretPath: "tenants/shared";
|
|
222
|
+
readonly description: "Tenant package-install secrets. This is install-only and distinct from platform publish credentials.";
|
|
223
|
+
readonly variables: readonly [{
|
|
224
|
+
readonly name: "INSTALL_LUCERN_NPM";
|
|
225
|
+
readonly required: true;
|
|
226
|
+
readonly secret: true;
|
|
227
|
+
readonly public: false;
|
|
228
|
+
readonly description: "Read-only install token for the published @lucern/* suite.";
|
|
229
|
+
}];
|
|
230
|
+
}];
|
|
231
|
+
type InfisicalRuntimePath = (typeof INFISICAL_RUNTIME_PATHS)[number];
|
|
232
|
+
type InfisicalRuntimePathId = InfisicalRuntimePath["id"];
|
|
233
|
+
type InfisicalRuntimeSurfaceDefinition = {
|
|
234
|
+
readonly id: InfisicalRuntimeSurfaceId;
|
|
235
|
+
readonly packageName?: string;
|
|
236
|
+
readonly delivery: InfisicalRuntimeDeliveryMode;
|
|
237
|
+
readonly fallback?: InfisicalRuntimeDeliveryMode;
|
|
238
|
+
readonly sourcePathIds: readonly InfisicalRuntimePathId[];
|
|
239
|
+
readonly consumer: string;
|
|
240
|
+
readonly description: string;
|
|
241
|
+
};
|
|
242
|
+
declare const INFISICAL_RUNTIME_SURFACES: readonly [{
|
|
243
|
+
readonly id: "lucern-web";
|
|
244
|
+
readonly delivery: "vercel_sync";
|
|
245
|
+
readonly sourcePathIds: readonly ["platform-auth", "platform-runtime"];
|
|
246
|
+
readonly consumer: "apps/web on Vercel project lucern";
|
|
247
|
+
readonly description: "Lucern web consumes Clerk and runtime config via Infisical-to-Vercel syncs.";
|
|
248
|
+
}, {
|
|
249
|
+
readonly id: "lucern-gateway";
|
|
250
|
+
readonly delivery: "vercel_sync";
|
|
251
|
+
readonly fallback: "runtime_fetch";
|
|
252
|
+
readonly sourcePathIds: readonly ["platform-auth", "platform-runtime"];
|
|
253
|
+
readonly consumer: "apps/gateway on Vercel project lucern-gateway";
|
|
254
|
+
readonly description: "Lucern gateway consumes platform config via Infisical-to-Vercel syncs and may self-hydrate from Infisical when the host environment has scoped bootstrap credentials.";
|
|
255
|
+
}, {
|
|
256
|
+
readonly id: "lucern-sdk";
|
|
257
|
+
readonly packageName: "@lucern/sdk";
|
|
258
|
+
readonly delivery: "runtime_fetch";
|
|
259
|
+
readonly sourcePathIds: readonly ["platform-runtime"];
|
|
260
|
+
readonly consumer: "server-side SDK operator contexts with a scoped Infisical identity";
|
|
261
|
+
readonly description: "SDK exposes the runtime Infisical resolver used by clients that have machine identity credentials.";
|
|
262
|
+
}, {
|
|
263
|
+
readonly id: "lucern-cli";
|
|
264
|
+
readonly packageName: "@lucern/cli";
|
|
265
|
+
readonly delivery: "runtime_fetch";
|
|
266
|
+
readonly fallback: "device_auth";
|
|
267
|
+
readonly sourcePathIds: readonly ["platform-runtime"];
|
|
268
|
+
readonly consumer: "developer/operator CLI processes";
|
|
269
|
+
readonly description: "CLI hydrates runtime defaults from Infisical when configured, then authenticates users through Lucern device login.";
|
|
270
|
+
}, {
|
|
271
|
+
readonly id: "lucern-mcp";
|
|
272
|
+
readonly packageName: "@lucern/mcp";
|
|
273
|
+
readonly delivery: "runtime_fetch";
|
|
274
|
+
readonly fallback: "device_auth";
|
|
275
|
+
readonly sourcePathIds: readonly ["platform-runtime"];
|
|
276
|
+
readonly consumer: "MCP server/client processes";
|
|
277
|
+
readonly description: "MCP hydrates runtime defaults through the SDK resolver and remains a Lucern client, not a platform secret owner.";
|
|
278
|
+
}, {
|
|
279
|
+
readonly id: "tenant-client";
|
|
280
|
+
readonly delivery: "device_auth";
|
|
281
|
+
readonly sourcePathIds: readonly ["tenant-shared-install"];
|
|
282
|
+
readonly consumer: "tenant-owned apps and coding agents";
|
|
283
|
+
readonly description: "Tenant clients install the published packages and receive user/service credentials through Lucern auth surfaces.";
|
|
284
|
+
}];
|
|
285
|
+
type InfisicalRuntimeSurface = (typeof INFISICAL_RUNTIME_SURFACES)[number];
|
|
286
|
+
type InfisicalTenantSoftwareSystemDefinition = {
|
|
287
|
+
readonly id: string;
|
|
288
|
+
readonly tenantKey: string;
|
|
289
|
+
readonly workspaceKey: string;
|
|
290
|
+
readonly vercelProjectName: string;
|
|
291
|
+
readonly vercelTeamId: string;
|
|
292
|
+
readonly vercelProjectId: string;
|
|
293
|
+
readonly repository: {
|
|
294
|
+
readonly owner: string;
|
|
295
|
+
readonly name: string;
|
|
296
|
+
};
|
|
297
|
+
readonly sharedSourcePath: string;
|
|
298
|
+
readonly sharedVariablePolicy: "tenant_shared_all_systems";
|
|
299
|
+
readonly convex: {
|
|
300
|
+
readonly urlEnv: string;
|
|
301
|
+
readonly deployKeyEnv: string;
|
|
302
|
+
readonly preprodDeployment: string;
|
|
303
|
+
readonly prodDeployment: string;
|
|
304
|
+
};
|
|
305
|
+
};
|
|
306
|
+
declare const INFISICAL_TENANT_SOFTWARE_SYSTEMS: readonly [{
|
|
307
|
+
readonly id: "stack-frontend";
|
|
308
|
+
readonly tenantKey: "stack";
|
|
309
|
+
readonly workspaceKey: "frontend";
|
|
310
|
+
readonly vercelProjectName: "ai-chatbot-diao";
|
|
311
|
+
readonly vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK";
|
|
312
|
+
readonly vercelProjectId: "prj_PihFw8kohSSw14nZs9YQV3xVo517";
|
|
313
|
+
readonly repository: {
|
|
314
|
+
readonly owner: "stack-vc";
|
|
315
|
+
readonly name: "front-end";
|
|
316
|
+
};
|
|
317
|
+
readonly sharedSourcePath: "/tenants/stack";
|
|
318
|
+
readonly sharedVariablePolicy: "tenant_shared_all_systems";
|
|
319
|
+
readonly convex: {
|
|
320
|
+
readonly urlEnv: "CONVEX_FRONTEND_URL";
|
|
321
|
+
readonly deployKeyEnv: "CONVEX_FRONTEND_DEPLOY_KEY";
|
|
322
|
+
readonly preprodDeployment: "rugged-lobster-664";
|
|
323
|
+
readonly prodDeployment: "wonderful-toucan-0";
|
|
324
|
+
};
|
|
325
|
+
}, {
|
|
326
|
+
readonly id: "stackos";
|
|
327
|
+
readonly tenantKey: "stack";
|
|
328
|
+
readonly workspaceKey: "stackos";
|
|
329
|
+
readonly vercelProjectName: "stackos";
|
|
330
|
+
readonly vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK";
|
|
331
|
+
readonly vercelProjectId: "prj_rXLAL0Z6v9p1fasKbomby6GI7kau";
|
|
332
|
+
readonly repository: {
|
|
333
|
+
readonly owner: "stack-vc";
|
|
334
|
+
readonly name: "stackos";
|
|
335
|
+
};
|
|
336
|
+
readonly sharedSourcePath: "/tenants/stack";
|
|
337
|
+
readonly sharedVariablePolicy: "tenant_shared_all_systems";
|
|
338
|
+
readonly convex: {
|
|
339
|
+
readonly urlEnv: "CONVEX_STACKOS_URL";
|
|
340
|
+
readonly deployKeyEnv: "CONVEX_STACKOS_DEPLOY_KEY";
|
|
341
|
+
readonly preprodDeployment: "giant-mandrill-761";
|
|
342
|
+
readonly prodDeployment: "good-snake-515";
|
|
343
|
+
};
|
|
344
|
+
}, {
|
|
345
|
+
readonly id: "stack-eng";
|
|
346
|
+
readonly tenantKey: "stack";
|
|
347
|
+
readonly workspaceKey: "engineering";
|
|
348
|
+
readonly vercelProjectName: "stackos-engineering-graph";
|
|
349
|
+
readonly vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK";
|
|
350
|
+
readonly vercelProjectId: "prj_zAU0Zn9GkbHjHI63dxW4vLpmoqTJ";
|
|
351
|
+
readonly repository: {
|
|
352
|
+
readonly owner: "stack-vc";
|
|
353
|
+
readonly name: "stackos-engineering-graph";
|
|
354
|
+
};
|
|
355
|
+
readonly sharedSourcePath: "/tenants/stack/engineering";
|
|
356
|
+
readonly sharedVariablePolicy: "tenant_shared_all_systems";
|
|
357
|
+
readonly convex: {
|
|
358
|
+
readonly urlEnv: "CONVEX_STACK_ENG_URL";
|
|
359
|
+
readonly deployKeyEnv: "CONVEX_STACK_ENG_DEPLOY_KEY";
|
|
360
|
+
readonly preprodDeployment: "small-oyster-270";
|
|
361
|
+
readonly prodDeployment: "bold-cuttlefish-804";
|
|
362
|
+
};
|
|
363
|
+
}, {
|
|
364
|
+
readonly id: "lucern-graph";
|
|
365
|
+
readonly tenantKey: "lucern";
|
|
366
|
+
readonly workspaceKey: "lucern";
|
|
367
|
+
readonly vercelProjectName: "lucern-graph";
|
|
368
|
+
readonly vercelTeamId: "team_vTHxxs8GAoAFUe6RWMlYt7fY";
|
|
369
|
+
readonly vercelProjectId: "prj_KJ8EKV8vGM5xURpqmwTwmECEGPgQ";
|
|
370
|
+
readonly repository: {
|
|
371
|
+
readonly owner: "LucernAI";
|
|
372
|
+
readonly name: "lucern-graph";
|
|
373
|
+
};
|
|
374
|
+
readonly sharedSourcePath: "/tenants/lucern/shared";
|
|
375
|
+
readonly sharedVariablePolicy: "tenant_shared_all_systems";
|
|
376
|
+
readonly convex: {
|
|
377
|
+
readonly urlEnv: "CONVEX_LUCERN_URL";
|
|
378
|
+
readonly deployKeyEnv: "CONVEX_LUCERN_DEPLOY_KEY";
|
|
379
|
+
readonly preprodDeployment: "good-blackbird-774";
|
|
380
|
+
readonly prodDeployment: "precious-dog-365";
|
|
381
|
+
};
|
|
382
|
+
}];
|
|
383
|
+
type InfisicalTenantSoftwareSystem = (typeof INFISICAL_TENANT_SOFTWARE_SYSTEMS)[number];
|
|
384
|
+
type InfisicalTenantSoftwareSystemId = InfisicalTenantSoftwareSystem["id"];
|
|
385
|
+
declare function findInfisicalTenantSoftwareSystem(systemId: InfisicalTenantSoftwareSystemId): InfisicalTenantSoftwareSystem | undefined;
|
|
386
|
+
declare function tenantSoftwareSystemConvexEnvNames(systemId: InfisicalTenantSoftwareSystemId): readonly [string, string];
|
|
387
|
+
declare function tenantSoftwareSystemOwnsConvexEnvName(systemId: InfisicalTenantSoftwareSystemId, envName: string): boolean;
|
|
388
|
+
declare function convexTierForVercelDestinationEnvironment(environment: InfisicalVercelDestinationEnvironment): InfisicalConvexTier;
|
|
389
|
+
declare function findInfisicalVercelSyncDestination(environment: InfisicalVercelDestinationEnvironment): InfisicalVercelSyncDestination | undefined;
|
|
390
|
+
declare function vercelCustomEnvironmentIdForTenantSoftwareSystem(systemId: InfisicalTenantSoftwareSystemId, environment: InfisicalVercelDestinationEnvironment): string | undefined;
|
|
391
|
+
declare function expectedTenantConvexDeploymentForVercelEnvironment(systemId: InfisicalTenantSoftwareSystemId, environment: InfisicalVercelDestinationEnvironment): string;
|
|
392
|
+
declare function findInfisicalRuntimePath(pathId: InfisicalRuntimePathId): InfisicalRuntimePath | undefined;
|
|
393
|
+
declare function findInfisicalRuntimeSurface(surfaceId: InfisicalRuntimeSurfaceId): InfisicalRuntimeSurface | undefined;
|
|
394
|
+
declare const INFISICAL_SECRET_OWNERS: readonly ["lucern_platform", "tenant", "provider", "operator_local"];
|
|
395
|
+
type InfisicalSecretOwner = (typeof INFISICAL_SECRET_OWNERS)[number];
|
|
396
|
+
declare const INFISICAL_SECRET_SCOPES: readonly ["global", "environment", "tenant", "workspace", "software_system", "deployment", "local"];
|
|
397
|
+
type InfisicalSecretScope = (typeof INFISICAL_SECRET_SCOPES)[number];
|
|
398
|
+
declare const INFISICAL_SECRET_ENVIRONMENT_POLICIES: readonly ["same_all_environments", "environment_specific", "preprod_staging_prod_prod", "local_only"];
|
|
399
|
+
type InfisicalSecretEnvironmentPolicy = (typeof INFISICAL_SECRET_ENVIRONMENT_POLICIES)[number];
|
|
400
|
+
declare const INFISICAL_SECRET_CONSUMERS: readonly ["lucern-web", "lucern-gateway", "lucern-mcp", "lucern-cli", "lucern-ai-runtime", "lucern-graph-sync", "lucern-observability", "lucern-repo-ci", "mc-convex", "mc-operator-tooling", "tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime", "tenant-graph-sync", "tenant-observability", "tenant-vector-store", "tenant-deploy-tooling", "tenant-agent-runtime"];
|
|
401
|
+
type InfisicalSecretConsumer = (typeof INFISICAL_SECRET_CONSUMERS)[number];
|
|
402
|
+
declare const INFISICAL_SECRET_DESTINATION_KINDS: readonly ["vercel", "convex", "github_actions", "runtime_fetch", "operator_local"];
|
|
403
|
+
type InfisicalSecretDestinationKind = (typeof INFISICAL_SECRET_DESTINATION_KINDS)[number];
|
|
404
|
+
type InfisicalSecretDestination = {
|
|
405
|
+
readonly kind: InfisicalSecretDestinationKind;
|
|
406
|
+
readonly target: string;
|
|
407
|
+
readonly environmentPolicy: InfisicalSecretEnvironmentPolicy;
|
|
408
|
+
readonly writeNames?: readonly string[];
|
|
409
|
+
readonly notes?: string;
|
|
410
|
+
};
|
|
411
|
+
type InfisicalSecretDefinition = {
|
|
412
|
+
readonly id: string;
|
|
413
|
+
readonly canonicalName: string;
|
|
414
|
+
readonly aliases?: readonly string[];
|
|
415
|
+
readonly owner: InfisicalSecretOwner;
|
|
416
|
+
readonly scope: InfisicalSecretScope;
|
|
417
|
+
readonly sourcePath: string;
|
|
418
|
+
readonly environmentPolicy: InfisicalSecretEnvironmentPolicy;
|
|
419
|
+
readonly required: boolean;
|
|
420
|
+
readonly secret: boolean;
|
|
421
|
+
readonly public: boolean;
|
|
422
|
+
readonly consumers: readonly InfisicalSecretConsumer[];
|
|
423
|
+
readonly destinations: readonly InfisicalSecretDestination[];
|
|
424
|
+
readonly description: string;
|
|
425
|
+
};
|
|
426
|
+
declare const INFISICAL_SECRET_DEFINITIONS: readonly [{
|
|
427
|
+
readonly id: "platform.clerk.publishable";
|
|
428
|
+
readonly canonicalName: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY";
|
|
429
|
+
readonly aliases: readonly ["CLERK_PUBLISHABLE_KEY"];
|
|
430
|
+
readonly owner: "lucern_platform";
|
|
431
|
+
readonly scope: "environment";
|
|
432
|
+
readonly sourcePath: "/platform/auth";
|
|
433
|
+
readonly environmentPolicy: "environment_specific";
|
|
434
|
+
readonly required: true;
|
|
435
|
+
readonly secret: false;
|
|
436
|
+
readonly public: true;
|
|
437
|
+
readonly consumers: readonly ["lucern-web", "lucern-gateway", "lucern-mcp"];
|
|
438
|
+
readonly destinations: readonly [{
|
|
439
|
+
readonly kind: "vercel";
|
|
440
|
+
readonly target: "lucern";
|
|
441
|
+
readonly environmentPolicy: "environment_specific";
|
|
442
|
+
}, {
|
|
443
|
+
readonly kind: "vercel";
|
|
444
|
+
readonly target: "lucern-gateway";
|
|
445
|
+
readonly environmentPolicy: "environment_specific";
|
|
446
|
+
}, {
|
|
447
|
+
readonly kind: "runtime_fetch";
|
|
448
|
+
readonly target: "hosted-mcp-oauth";
|
|
449
|
+
readonly environmentPolicy: "environment_specific";
|
|
450
|
+
}];
|
|
451
|
+
readonly description: "Lucern-owned Clerk browser key for platform web, gateway, and hosted MCP OAuth flows.";
|
|
452
|
+
}, {
|
|
453
|
+
readonly id: "platform.clerk.secret";
|
|
454
|
+
readonly canonicalName: "CLERK_SECRET_KEY";
|
|
455
|
+
readonly owner: "lucern_platform";
|
|
456
|
+
readonly scope: "environment";
|
|
457
|
+
readonly sourcePath: "/platform/auth";
|
|
458
|
+
readonly environmentPolicy: "environment_specific";
|
|
459
|
+
readonly required: true;
|
|
460
|
+
readonly secret: true;
|
|
461
|
+
readonly public: false;
|
|
462
|
+
readonly consumers: readonly ["lucern-web", "lucern-gateway", "lucern-mcp"];
|
|
463
|
+
readonly destinations: readonly [{
|
|
464
|
+
readonly kind: "vercel";
|
|
465
|
+
readonly target: "lucern";
|
|
466
|
+
readonly environmentPolicy: "environment_specific";
|
|
467
|
+
}, {
|
|
468
|
+
readonly kind: "vercel";
|
|
469
|
+
readonly target: "lucern-gateway";
|
|
470
|
+
readonly environmentPolicy: "environment_specific";
|
|
471
|
+
}, {
|
|
472
|
+
readonly kind: "runtime_fetch";
|
|
473
|
+
readonly target: "hosted-mcp-oauth";
|
|
474
|
+
readonly environmentPolicy: "environment_specific";
|
|
475
|
+
}];
|
|
476
|
+
readonly description: "Lucern-owned Clerk backend secret. Never route to tenant-owned apps unless that tenant is Lucern itself.";
|
|
477
|
+
}, {
|
|
478
|
+
readonly id: "platform.clerk.project";
|
|
479
|
+
readonly canonicalName: "CLERK_PROJECT_ID";
|
|
480
|
+
readonly aliases: readonly ["LUCERN_CLERK_PROJECT_ID"];
|
|
481
|
+
readonly owner: "lucern_platform";
|
|
482
|
+
readonly scope: "environment";
|
|
483
|
+
readonly sourcePath: "/platform/auth";
|
|
484
|
+
readonly environmentPolicy: "environment_specific";
|
|
485
|
+
readonly required: true;
|
|
486
|
+
readonly secret: false;
|
|
487
|
+
readonly public: false;
|
|
488
|
+
readonly consumers: readonly ["lucern-gateway", "mc-convex"];
|
|
489
|
+
readonly destinations: readonly [{
|
|
490
|
+
readonly kind: "vercel";
|
|
491
|
+
readonly target: "lucern-gateway";
|
|
492
|
+
readonly environmentPolicy: "environment_specific";
|
|
493
|
+
}, {
|
|
494
|
+
readonly kind: "convex";
|
|
495
|
+
readonly target: "master-control";
|
|
496
|
+
readonly environmentPolicy: "environment_specific";
|
|
497
|
+
}];
|
|
498
|
+
readonly description: "Canonical Lucern Clerk project identifier used when MC resolves Clerk identities.";
|
|
499
|
+
}, {
|
|
500
|
+
readonly id: "platform.clerk.jwks";
|
|
501
|
+
readonly canonicalName: "CLERK_JWKS_URL";
|
|
502
|
+
readonly aliases: readonly ["CLERK_JWT_ISSUER_DOMAIN"];
|
|
503
|
+
readonly owner: "lucern_platform";
|
|
504
|
+
readonly scope: "environment";
|
|
505
|
+
readonly sourcePath: "/platform/auth";
|
|
506
|
+
readonly environmentPolicy: "environment_specific";
|
|
507
|
+
readonly required: false;
|
|
508
|
+
readonly secret: false;
|
|
509
|
+
readonly public: false;
|
|
510
|
+
readonly consumers: readonly ["lucern-mcp", "lucern-gateway"];
|
|
511
|
+
readonly destinations: readonly [{
|
|
512
|
+
readonly kind: "runtime_fetch";
|
|
513
|
+
readonly target: "lucern-mcp";
|
|
514
|
+
readonly environmentPolicy: "environment_specific";
|
|
515
|
+
}, {
|
|
516
|
+
readonly kind: "vercel";
|
|
517
|
+
readonly target: "lucern-gateway";
|
|
518
|
+
readonly environmentPolicy: "environment_specific";
|
|
519
|
+
}];
|
|
520
|
+
readonly description: "Optional Clerk JWKS/issuer override for server-side token verification.";
|
|
521
|
+
}, {
|
|
522
|
+
readonly id: "platform.runtime.api-base-url";
|
|
523
|
+
readonly canonicalName: "LUCERN_API_URL";
|
|
524
|
+
readonly aliases: readonly ["LUCERN_API_BASE_URL", "LUCERN_BASE_URL"];
|
|
525
|
+
readonly owner: "lucern_platform";
|
|
526
|
+
readonly scope: "environment";
|
|
527
|
+
readonly sourcePath: "/platform/runtime";
|
|
528
|
+
readonly environmentPolicy: "environment_specific";
|
|
529
|
+
readonly required: true;
|
|
530
|
+
readonly secret: false;
|
|
531
|
+
readonly public: false;
|
|
532
|
+
readonly consumers: readonly ["lucern-web", "lucern-gateway", "lucern-mcp", "lucern-cli"];
|
|
533
|
+
readonly destinations: readonly [{
|
|
534
|
+
readonly kind: "vercel";
|
|
535
|
+
readonly target: "lucern";
|
|
536
|
+
readonly environmentPolicy: "environment_specific";
|
|
537
|
+
}, {
|
|
538
|
+
readonly kind: "vercel";
|
|
539
|
+
readonly target: "lucern-gateway";
|
|
540
|
+
readonly environmentPolicy: "environment_specific";
|
|
541
|
+
}, {
|
|
542
|
+
readonly kind: "runtime_fetch";
|
|
543
|
+
readonly target: "lucern-cli-mcp-sdk";
|
|
544
|
+
readonly environmentPolicy: "environment_specific";
|
|
545
|
+
}];
|
|
546
|
+
readonly description: "Canonical Lucern API gateway base URL. Older names remain aliases only.";
|
|
547
|
+
}, {
|
|
548
|
+
readonly id: "platform.runtime.login-base-url";
|
|
549
|
+
readonly canonicalName: "LUCERN_LOGIN_BASE_URL";
|
|
550
|
+
readonly aliases: readonly ["LUCERN_AUTH_BASE_URL", "LUCERN_WEB_BASE_URL"];
|
|
551
|
+
readonly owner: "lucern_platform";
|
|
552
|
+
readonly scope: "environment";
|
|
553
|
+
readonly sourcePath: "/platform/runtime";
|
|
554
|
+
readonly environmentPolicy: "environment_specific";
|
|
555
|
+
readonly required: false;
|
|
556
|
+
readonly secret: false;
|
|
557
|
+
readonly public: false;
|
|
558
|
+
readonly consumers: readonly ["lucern-gateway", "lucern-mcp", "lucern-cli"];
|
|
559
|
+
readonly destinations: readonly [{
|
|
560
|
+
readonly kind: "vercel";
|
|
561
|
+
readonly target: "lucern-gateway";
|
|
562
|
+
readonly environmentPolicy: "environment_specific";
|
|
563
|
+
}, {
|
|
564
|
+
readonly kind: "runtime_fetch";
|
|
565
|
+
readonly target: "lucern-cli-mcp-sdk";
|
|
566
|
+
readonly environmentPolicy: "environment_specific";
|
|
567
|
+
}];
|
|
568
|
+
readonly description: "Browser login origin used when device/OAuth login is not served by the API base URL.";
|
|
569
|
+
}, {
|
|
570
|
+
readonly id: "platform.runtime.environment";
|
|
571
|
+
readonly canonicalName: "LUCERN_ENVIRONMENT";
|
|
572
|
+
readonly aliases: readonly ["LUCERN_ENV"];
|
|
573
|
+
readonly owner: "lucern_platform";
|
|
574
|
+
readonly scope: "environment";
|
|
575
|
+
readonly sourcePath: "/platform/runtime";
|
|
576
|
+
readonly environmentPolicy: "environment_specific";
|
|
577
|
+
readonly required: false;
|
|
578
|
+
readonly secret: false;
|
|
579
|
+
readonly public: false;
|
|
580
|
+
readonly consumers: readonly ["lucern-web", "lucern-gateway", "lucern-mcp", "lucern-cli"];
|
|
581
|
+
readonly destinations: readonly [{
|
|
582
|
+
readonly kind: "vercel";
|
|
583
|
+
readonly target: "lucern";
|
|
584
|
+
readonly environmentPolicy: "environment_specific";
|
|
585
|
+
}, {
|
|
586
|
+
readonly kind: "vercel";
|
|
587
|
+
readonly target: "lucern-gateway";
|
|
588
|
+
readonly environmentPolicy: "environment_specific";
|
|
589
|
+
}, {
|
|
590
|
+
readonly kind: "runtime_fetch";
|
|
591
|
+
readonly target: "lucern-cli-mcp-sdk";
|
|
592
|
+
readonly environmentPolicy: "environment_specific";
|
|
593
|
+
}];
|
|
594
|
+
readonly description: "Lucern runtime environment label.";
|
|
595
|
+
}, {
|
|
596
|
+
readonly id: "platform.runtime.require-deployment-host-registry";
|
|
597
|
+
readonly canonicalName: "LUCERN_REQUIRE_DEPLOYMENT_HOST_REGISTRY";
|
|
598
|
+
readonly owner: "lucern_platform";
|
|
599
|
+
readonly scope: "environment";
|
|
600
|
+
readonly sourcePath: "/platform/runtime";
|
|
601
|
+
readonly environmentPolicy: "environment_specific";
|
|
602
|
+
readonly required: false;
|
|
603
|
+
readonly secret: false;
|
|
604
|
+
readonly public: false;
|
|
605
|
+
readonly consumers: readonly ["lucern-gateway"];
|
|
606
|
+
readonly destinations: readonly [{
|
|
607
|
+
readonly kind: "vercel";
|
|
608
|
+
readonly target: "lucern-gateway";
|
|
609
|
+
readonly environmentPolicy: "environment_specific";
|
|
610
|
+
}, {
|
|
611
|
+
readonly kind: "operator_local";
|
|
612
|
+
readonly target: "lucern-repo";
|
|
613
|
+
readonly environmentPolicy: "environment_specific";
|
|
614
|
+
}];
|
|
615
|
+
readonly description: "Fail-closed gateway toggle that requires MC deployment host registry resolution before routing.";
|
|
616
|
+
}, {
|
|
617
|
+
readonly id: "platform.mc.convex-url";
|
|
618
|
+
readonly canonicalName: "CONVEX_MC_URL";
|
|
619
|
+
readonly aliases: readonly ["CONVEX_MC_PROD_URL", "LUCERN_ADMIN_CONVEX_URL", "LUCERN_CONVEX_URL", "MC_CONVEX_URL"];
|
|
620
|
+
readonly owner: "lucern_platform";
|
|
621
|
+
readonly scope: "environment";
|
|
622
|
+
readonly sourcePath: "/platform/mc";
|
|
623
|
+
readonly environmentPolicy: "environment_specific";
|
|
624
|
+
readonly required: true;
|
|
625
|
+
readonly secret: false;
|
|
626
|
+
readonly public: false;
|
|
627
|
+
readonly consumers: readonly ["lucern-gateway", "mc-operator-tooling", "lucern-repo-ci"];
|
|
628
|
+
readonly destinations: readonly [{
|
|
629
|
+
readonly kind: "vercel";
|
|
630
|
+
readonly target: "lucern-gateway";
|
|
631
|
+
readonly environmentPolicy: "environment_specific";
|
|
632
|
+
}, {
|
|
633
|
+
readonly kind: "github_actions";
|
|
634
|
+
readonly target: "LucernAI/lucern";
|
|
635
|
+
readonly environmentPolicy: "environment_specific";
|
|
636
|
+
}, {
|
|
637
|
+
readonly kind: "operator_local";
|
|
638
|
+
readonly target: "lucern-repo";
|
|
639
|
+
readonly environmentPolicy: "environment_specific";
|
|
640
|
+
}];
|
|
641
|
+
readonly description: "Master Control Convex URL. Prod must point to successful-clam-833; dev/staging to utmost-ox-403.";
|
|
642
|
+
}, {
|
|
643
|
+
readonly id: "platform.mc.convex-deploy-key";
|
|
644
|
+
readonly canonicalName: "CONVEX_MC_DEPLOY_KEY";
|
|
645
|
+
readonly aliases: readonly ["CONVEX_MC_PROD_DEPLOY_KEY", "LUCERN_ADMIN_DEPLOY_KEY", "LUCERN_DEPLOY_KEY", "MC_DEPLOY_KEY", "MC_PROD_DEPLOY_KEY"];
|
|
646
|
+
readonly owner: "lucern_platform";
|
|
647
|
+
readonly scope: "environment";
|
|
648
|
+
readonly sourcePath: "/platform/mc";
|
|
649
|
+
readonly environmentPolicy: "environment_specific";
|
|
650
|
+
readonly required: true;
|
|
651
|
+
readonly secret: true;
|
|
652
|
+
readonly public: false;
|
|
653
|
+
readonly consumers: readonly ["lucern-gateway", "mc-operator-tooling", "lucern-repo-ci"];
|
|
654
|
+
readonly destinations: readonly [{
|
|
655
|
+
readonly kind: "vercel";
|
|
656
|
+
readonly target: "lucern-gateway";
|
|
657
|
+
readonly environmentPolicy: "environment_specific";
|
|
658
|
+
}, {
|
|
659
|
+
readonly kind: "github_actions";
|
|
660
|
+
readonly target: "LucernAI/lucern";
|
|
661
|
+
readonly environmentPolicy: "environment_specific";
|
|
662
|
+
}, {
|
|
663
|
+
readonly kind: "operator_local";
|
|
664
|
+
readonly target: "lucern-repo";
|
|
665
|
+
readonly environmentPolicy: "environment_specific";
|
|
666
|
+
}];
|
|
667
|
+
readonly description: "Master Control deploy/admin key. Never route to tenant Vercel projects or tenant Convex deployments.";
|
|
668
|
+
}, {
|
|
669
|
+
readonly id: "platform.mc.session-token-secret";
|
|
670
|
+
readonly canonicalName: "LUCERN_SESSION_TOKEN_SECRET";
|
|
671
|
+
readonly owner: "lucern_platform";
|
|
672
|
+
readonly scope: "environment";
|
|
673
|
+
readonly sourcePath: "/platform/mc";
|
|
674
|
+
readonly environmentPolicy: "environment_specific";
|
|
675
|
+
readonly required: true;
|
|
676
|
+
readonly secret: true;
|
|
677
|
+
readonly public: false;
|
|
678
|
+
readonly consumers: readonly ["lucern-mcp", "mc-convex", "lucern-gateway"];
|
|
679
|
+
readonly destinations: readonly [{
|
|
680
|
+
readonly kind: "convex";
|
|
681
|
+
readonly target: "master-control";
|
|
682
|
+
readonly environmentPolicy: "environment_specific";
|
|
683
|
+
}, {
|
|
684
|
+
readonly kind: "runtime_fetch";
|
|
685
|
+
readonly target: "hosted-mcp-oauth";
|
|
686
|
+
readonly environmentPolicy: "environment_specific";
|
|
687
|
+
}, {
|
|
688
|
+
readonly kind: "vercel";
|
|
689
|
+
readonly target: "lucern-gateway";
|
|
690
|
+
readonly environmentPolicy: "environment_specific";
|
|
691
|
+
}];
|
|
692
|
+
readonly description: "Signs Lucern platform session/delegation tokens. This is platform-owned, not tenant-owned.";
|
|
693
|
+
}, {
|
|
694
|
+
readonly id: "platform.mc.tenant-secret-encryption-key";
|
|
695
|
+
readonly canonicalName: "LUCERN_TENANT_SECRET_ENCRYPTION_KEY";
|
|
696
|
+
readonly aliases: readonly ["LUCERN_SESSION_TOKEN_SECRET"];
|
|
697
|
+
readonly owner: "lucern_platform";
|
|
698
|
+
readonly scope: "environment";
|
|
699
|
+
readonly sourcePath: "/platform/mc";
|
|
700
|
+
readonly environmentPolicy: "environment_specific";
|
|
701
|
+
readonly required: true;
|
|
702
|
+
readonly secret: true;
|
|
703
|
+
readonly public: false;
|
|
704
|
+
readonly consumers: readonly ["mc-convex", "mc-operator-tooling"];
|
|
705
|
+
readonly destinations: readonly [{
|
|
706
|
+
readonly kind: "convex";
|
|
707
|
+
readonly target: "master-control";
|
|
708
|
+
readonly environmentPolicy: "environment_specific";
|
|
709
|
+
}, {
|
|
710
|
+
readonly kind: "operator_local";
|
|
711
|
+
readonly target: "mc-credential-maintenance";
|
|
712
|
+
readonly environmentPolicy: "environment_specific";
|
|
713
|
+
}];
|
|
714
|
+
readonly description: "Encrypts tenant deployment credentials stored in MC. Session-token fallback is legacy only.";
|
|
715
|
+
}, {
|
|
716
|
+
readonly id: "platform.permit.api-key";
|
|
717
|
+
readonly canonicalName: "LUCERN_PERMIT_API_KEY";
|
|
718
|
+
readonly aliases: readonly ["PERMIT_API_KEY"];
|
|
719
|
+
readonly owner: "lucern_platform";
|
|
720
|
+
readonly scope: "environment";
|
|
721
|
+
readonly sourcePath: "/platform/permit";
|
|
722
|
+
readonly environmentPolicy: "environment_specific";
|
|
723
|
+
readonly required: true;
|
|
724
|
+
readonly secret: true;
|
|
725
|
+
readonly public: false;
|
|
726
|
+
readonly consumers: readonly ["mc-convex", "lucern-mcp", "lucern-gateway"];
|
|
727
|
+
readonly destinations: readonly [{
|
|
728
|
+
readonly kind: "convex";
|
|
729
|
+
readonly target: "master-control";
|
|
730
|
+
readonly environmentPolicy: "environment_specific";
|
|
731
|
+
}, {
|
|
732
|
+
readonly kind: "runtime_fetch";
|
|
733
|
+
readonly target: "hosted-mcp-oauth";
|
|
734
|
+
readonly environmentPolicy: "environment_specific";
|
|
735
|
+
}, {
|
|
736
|
+
readonly kind: "vercel";
|
|
737
|
+
readonly target: "lucern-gateway";
|
|
738
|
+
readonly environmentPolicy: "environment_specific";
|
|
739
|
+
}];
|
|
740
|
+
readonly description: "Permit.io API key used for MC sync and policy checks. Must fail closed if missing.";
|
|
741
|
+
}, {
|
|
742
|
+
readonly id: "platform.permit.pdp-url";
|
|
743
|
+
readonly canonicalName: "LUCERN_PERMIT_PDP_URL";
|
|
744
|
+
readonly aliases: readonly ["PERMIT_PDP_URL"];
|
|
745
|
+
readonly owner: "lucern_platform";
|
|
746
|
+
readonly scope: "environment";
|
|
747
|
+
readonly sourcePath: "/platform/permit";
|
|
748
|
+
readonly environmentPolicy: "environment_specific";
|
|
749
|
+
readonly required: false;
|
|
750
|
+
readonly secret: false;
|
|
751
|
+
readonly public: false;
|
|
752
|
+
readonly consumers: readonly ["mc-convex", "lucern-mcp", "lucern-gateway"];
|
|
753
|
+
readonly destinations: readonly [{
|
|
754
|
+
readonly kind: "convex";
|
|
755
|
+
readonly target: "master-control";
|
|
756
|
+
readonly environmentPolicy: "environment_specific";
|
|
757
|
+
}, {
|
|
758
|
+
readonly kind: "runtime_fetch";
|
|
759
|
+
readonly target: "hosted-mcp-oauth";
|
|
760
|
+
readonly environmentPolicy: "environment_specific";
|
|
761
|
+
}, {
|
|
762
|
+
readonly kind: "vercel";
|
|
763
|
+
readonly target: "lucern-gateway";
|
|
764
|
+
readonly environmentPolicy: "environment_specific";
|
|
765
|
+
}];
|
|
766
|
+
readonly description: "Optional Permit PDP URL override.";
|
|
767
|
+
}, {
|
|
768
|
+
readonly id: "platform.permit.api-url";
|
|
769
|
+
readonly canonicalName: "LUCERN_PERMIT_API_URL";
|
|
770
|
+
readonly aliases: readonly ["PERMIT_API_URL"];
|
|
771
|
+
readonly owner: "lucern_platform";
|
|
772
|
+
readonly scope: "environment";
|
|
773
|
+
readonly sourcePath: "/platform/permit";
|
|
774
|
+
readonly environmentPolicy: "environment_specific";
|
|
775
|
+
readonly required: false;
|
|
776
|
+
readonly secret: false;
|
|
777
|
+
readonly public: false;
|
|
778
|
+
readonly consumers: readonly ["mc-convex", "lucern-mcp", "lucern-gateway"];
|
|
779
|
+
readonly destinations: readonly [{
|
|
780
|
+
readonly kind: "convex";
|
|
781
|
+
readonly target: "master-control";
|
|
782
|
+
readonly environmentPolicy: "environment_specific";
|
|
783
|
+
}, {
|
|
784
|
+
readonly kind: "runtime_fetch";
|
|
785
|
+
readonly target: "hosted-mcp-oauth";
|
|
786
|
+
readonly environmentPolicy: "environment_specific";
|
|
787
|
+
}, {
|
|
788
|
+
readonly kind: "vercel";
|
|
789
|
+
readonly target: "lucern-gateway";
|
|
790
|
+
readonly environmentPolicy: "environment_specific";
|
|
791
|
+
}];
|
|
792
|
+
readonly description: "Optional Permit API URL override.";
|
|
793
|
+
}, {
|
|
794
|
+
readonly id: "platform.ci.infisical-bootstrap-client-id";
|
|
795
|
+
readonly canonicalName: "INFISICAL_BOOTSTRAP_CLIENT_ID";
|
|
796
|
+
readonly aliases: readonly ["INFISICAL_CI_CLIENT_ID"];
|
|
797
|
+
readonly owner: "provider";
|
|
798
|
+
readonly scope: "environment";
|
|
799
|
+
readonly sourcePath: "/platform/ci";
|
|
800
|
+
readonly environmentPolicy: "same_all_environments";
|
|
801
|
+
readonly required: true;
|
|
802
|
+
readonly secret: true;
|
|
803
|
+
readonly public: false;
|
|
804
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
805
|
+
readonly destinations: readonly [{
|
|
806
|
+
readonly kind: "github_actions";
|
|
807
|
+
readonly target: "LucernAI/lucern";
|
|
808
|
+
readonly environmentPolicy: "same_all_environments";
|
|
809
|
+
}];
|
|
810
|
+
readonly description: "Machine identity client id used by CI to reconcile Infisical desired state.";
|
|
811
|
+
}, {
|
|
812
|
+
readonly id: "platform.ci.infisical-bootstrap-client-secret";
|
|
813
|
+
readonly canonicalName: "INFISICAL_BOOTSTRAP_CLIENT_SECRET";
|
|
814
|
+
readonly aliases: readonly ["INFISICAL_CI_CLIENT_SECRET"];
|
|
815
|
+
readonly owner: "provider";
|
|
816
|
+
readonly scope: "environment";
|
|
817
|
+
readonly sourcePath: "/platform/ci";
|
|
818
|
+
readonly environmentPolicy: "same_all_environments";
|
|
819
|
+
readonly required: true;
|
|
820
|
+
readonly secret: true;
|
|
821
|
+
readonly public: false;
|
|
822
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
823
|
+
readonly destinations: readonly [{
|
|
824
|
+
readonly kind: "github_actions";
|
|
825
|
+
readonly target: "LucernAI/lucern";
|
|
826
|
+
readonly environmentPolicy: "same_all_environments";
|
|
827
|
+
}];
|
|
828
|
+
readonly description: "Machine identity client secret used by CI to reconcile Infisical desired state.";
|
|
829
|
+
}, {
|
|
830
|
+
readonly id: "platform.publish.npm-token";
|
|
831
|
+
readonly canonicalName: "NPM_TOKEN";
|
|
832
|
+
readonly aliases: readonly ["NODE_AUTH_TOKEN"];
|
|
833
|
+
readonly owner: "provider";
|
|
834
|
+
readonly scope: "environment";
|
|
835
|
+
readonly sourcePath: "/platform/publish";
|
|
836
|
+
readonly environmentPolicy: "same_all_environments";
|
|
837
|
+
readonly required: true;
|
|
838
|
+
readonly secret: true;
|
|
839
|
+
readonly public: false;
|
|
840
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
841
|
+
readonly destinations: readonly [{
|
|
842
|
+
readonly kind: "github_actions";
|
|
843
|
+
readonly target: "LucernAI/lucern";
|
|
844
|
+
readonly environmentPolicy: "same_all_environments";
|
|
845
|
+
}];
|
|
846
|
+
readonly description: "Package publish/install token for @lucern/* release automation.";
|
|
847
|
+
}, {
|
|
848
|
+
readonly id: "platform.ai.openai-api-key";
|
|
849
|
+
readonly canonicalName: "OPENAI_API_KEY";
|
|
850
|
+
readonly owner: "lucern_platform";
|
|
851
|
+
readonly scope: "environment";
|
|
852
|
+
readonly sourcePath: "/platform/ai";
|
|
853
|
+
readonly environmentPolicy: "environment_specific";
|
|
854
|
+
readonly required: false;
|
|
855
|
+
readonly secret: true;
|
|
856
|
+
readonly public: false;
|
|
857
|
+
readonly consumers: readonly ["lucern-ai-runtime", "lucern-repo-ci"];
|
|
858
|
+
readonly destinations: readonly [{
|
|
859
|
+
readonly kind: "runtime_fetch";
|
|
860
|
+
readonly target: "lucern-ai-runtime";
|
|
861
|
+
readonly environmentPolicy: "environment_specific";
|
|
862
|
+
}, {
|
|
863
|
+
readonly kind: "github_actions";
|
|
864
|
+
readonly target: "LucernAI/lucern";
|
|
865
|
+
readonly environmentPolicy: "environment_specific";
|
|
866
|
+
}];
|
|
867
|
+
readonly description: "Lucern-owned OpenAI key for platform AI jobs, benchmarks, and controlled operator automation.";
|
|
868
|
+
}, {
|
|
869
|
+
readonly id: "platform.ai.anthropic-api-key";
|
|
870
|
+
readonly canonicalName: "ANTHROPIC_API_KEY";
|
|
871
|
+
readonly owner: "lucern_platform";
|
|
872
|
+
readonly scope: "environment";
|
|
873
|
+
readonly sourcePath: "/platform/ai";
|
|
874
|
+
readonly environmentPolicy: "environment_specific";
|
|
875
|
+
readonly required: false;
|
|
876
|
+
readonly secret: true;
|
|
877
|
+
readonly public: false;
|
|
878
|
+
readonly consumers: readonly ["lucern-ai-runtime", "lucern-repo-ci"];
|
|
879
|
+
readonly destinations: readonly [{
|
|
880
|
+
readonly kind: "runtime_fetch";
|
|
881
|
+
readonly target: "lucern-ai-runtime";
|
|
882
|
+
readonly environmentPolicy: "environment_specific";
|
|
883
|
+
}, {
|
|
884
|
+
readonly kind: "github_actions";
|
|
885
|
+
readonly target: "LucernAI/lucern";
|
|
886
|
+
readonly environmentPolicy: "environment_specific";
|
|
887
|
+
}];
|
|
888
|
+
readonly description: "Lucern-owned Anthropic key for platform AI jobs, benchmarks, and controlled operator automation.";
|
|
889
|
+
}, {
|
|
890
|
+
readonly id: "platform.ai.gemini-api-key";
|
|
891
|
+
readonly canonicalName: "GEMINI_API_KEY";
|
|
892
|
+
readonly aliases: readonly ["GOOGLE_AI_API_KEY", "GOOGLE_GENERATIVE_AI_API_KEY"];
|
|
893
|
+
readonly owner: "lucern_platform";
|
|
894
|
+
readonly scope: "environment";
|
|
895
|
+
readonly sourcePath: "/platform/ai";
|
|
896
|
+
readonly environmentPolicy: "environment_specific";
|
|
897
|
+
readonly required: false;
|
|
898
|
+
readonly secret: true;
|
|
899
|
+
readonly public: false;
|
|
900
|
+
readonly consumers: readonly ["lucern-ai-runtime", "lucern-repo-ci"];
|
|
901
|
+
readonly destinations: readonly [{
|
|
902
|
+
readonly kind: "runtime_fetch";
|
|
903
|
+
readonly target: "lucern-ai-runtime";
|
|
904
|
+
readonly environmentPolicy: "environment_specific";
|
|
905
|
+
}, {
|
|
906
|
+
readonly kind: "github_actions";
|
|
907
|
+
readonly target: "LucernAI/lucern";
|
|
908
|
+
readonly environmentPolicy: "environment_specific";
|
|
909
|
+
}];
|
|
910
|
+
readonly description: "Lucern-owned Google/Gemini key. Google alias names are read compatibility only.";
|
|
911
|
+
}, {
|
|
912
|
+
readonly id: "platform.langfuse.secret-key";
|
|
913
|
+
readonly canonicalName: "LANGFUSE_SECRET_KEY";
|
|
914
|
+
readonly owner: "lucern_platform";
|
|
915
|
+
readonly scope: "environment";
|
|
916
|
+
readonly sourcePath: "/platform/observability/langfuse";
|
|
917
|
+
readonly environmentPolicy: "environment_specific";
|
|
918
|
+
readonly required: false;
|
|
919
|
+
readonly secret: true;
|
|
920
|
+
readonly public: false;
|
|
921
|
+
readonly consumers: readonly ["lucern-ai-runtime", "lucern-observability", "lucern-repo-ci"];
|
|
922
|
+
readonly destinations: readonly [{
|
|
923
|
+
readonly kind: "runtime_fetch";
|
|
924
|
+
readonly target: "lucern-ai-runtime";
|
|
925
|
+
readonly environmentPolicy: "environment_specific";
|
|
926
|
+
}, {
|
|
927
|
+
readonly kind: "github_actions";
|
|
928
|
+
readonly target: "LucernAI/lucern";
|
|
929
|
+
readonly environmentPolicy: "environment_specific";
|
|
930
|
+
}];
|
|
931
|
+
readonly description: "Lucern-owned Langfuse secret key for prompt sync, prompt reads, and AI tracing.";
|
|
932
|
+
}, {
|
|
933
|
+
readonly id: "platform.langfuse.public-key";
|
|
934
|
+
readonly canonicalName: "LANGFUSE_PUBLIC_KEY";
|
|
935
|
+
readonly owner: "lucern_platform";
|
|
936
|
+
readonly scope: "environment";
|
|
937
|
+
readonly sourcePath: "/platform/observability/langfuse";
|
|
938
|
+
readonly environmentPolicy: "environment_specific";
|
|
939
|
+
readonly required: false;
|
|
940
|
+
readonly secret: false;
|
|
941
|
+
readonly public: false;
|
|
942
|
+
readonly consumers: readonly ["lucern-ai-runtime", "lucern-observability", "lucern-repo-ci"];
|
|
943
|
+
readonly destinations: readonly [{
|
|
944
|
+
readonly kind: "runtime_fetch";
|
|
945
|
+
readonly target: "lucern-ai-runtime";
|
|
946
|
+
readonly environmentPolicy: "environment_specific";
|
|
947
|
+
}, {
|
|
948
|
+
readonly kind: "github_actions";
|
|
949
|
+
readonly target: "LucernAI/lucern";
|
|
950
|
+
readonly environmentPolicy: "environment_specific";
|
|
951
|
+
}];
|
|
952
|
+
readonly description: "Lucern-owned Langfuse public key paired with LANGFUSE_SECRET_KEY.";
|
|
953
|
+
}, {
|
|
954
|
+
readonly id: "platform.langfuse.base-url";
|
|
955
|
+
readonly canonicalName: "LANGFUSE_BASE_URL";
|
|
956
|
+
readonly aliases: readonly ["LANGFUSE_BASEURL", "LANGFUSE_HOST"];
|
|
957
|
+
readonly owner: "lucern_platform";
|
|
958
|
+
readonly scope: "environment";
|
|
959
|
+
readonly sourcePath: "/platform/observability/langfuse";
|
|
960
|
+
readonly environmentPolicy: "environment_specific";
|
|
961
|
+
readonly required: false;
|
|
962
|
+
readonly secret: false;
|
|
963
|
+
readonly public: false;
|
|
964
|
+
readonly consumers: readonly ["lucern-ai-runtime", "lucern-observability", "lucern-repo-ci"];
|
|
965
|
+
readonly destinations: readonly [{
|
|
966
|
+
readonly kind: "runtime_fetch";
|
|
967
|
+
readonly target: "lucern-ai-runtime";
|
|
968
|
+
readonly environmentPolicy: "environment_specific";
|
|
969
|
+
}, {
|
|
970
|
+
readonly kind: "github_actions";
|
|
971
|
+
readonly target: "LucernAI/lucern";
|
|
972
|
+
readonly environmentPolicy: "environment_specific";
|
|
973
|
+
}];
|
|
974
|
+
readonly description: "Canonical Langfuse API origin. BASEURL/HOST are compatibility aliases.";
|
|
975
|
+
}, {
|
|
976
|
+
readonly id: "platform.neo4j.uri";
|
|
977
|
+
readonly canonicalName: "NEO4J_URI";
|
|
978
|
+
readonly owner: "lucern_platform";
|
|
979
|
+
readonly scope: "environment";
|
|
980
|
+
readonly sourcePath: "/platform/graph/neo4j";
|
|
981
|
+
readonly environmentPolicy: "environment_specific";
|
|
982
|
+
readonly required: false;
|
|
983
|
+
readonly secret: false;
|
|
984
|
+
readonly public: false;
|
|
985
|
+
readonly consumers: readonly ["lucern-graph-sync", "lucern-repo-ci"];
|
|
986
|
+
readonly destinations: readonly [{
|
|
987
|
+
readonly kind: "runtime_fetch";
|
|
988
|
+
readonly target: "lucern-graph-sync";
|
|
989
|
+
readonly environmentPolicy: "environment_specific";
|
|
990
|
+
}, {
|
|
991
|
+
readonly kind: "github_actions";
|
|
992
|
+
readonly target: "LucernAI/lucern";
|
|
993
|
+
readonly environmentPolicy: "environment_specific";
|
|
994
|
+
}];
|
|
995
|
+
readonly description: "Lucern-owned Neo4j URI for platform graph-sync surfaces.";
|
|
996
|
+
}, {
|
|
997
|
+
readonly id: "platform.neo4j.user";
|
|
998
|
+
readonly canonicalName: "NEO4J_USER";
|
|
999
|
+
readonly aliases: readonly ["NEO4J_USERNAME"];
|
|
1000
|
+
readonly owner: "lucern_platform";
|
|
1001
|
+
readonly scope: "environment";
|
|
1002
|
+
readonly sourcePath: "/platform/graph/neo4j";
|
|
1003
|
+
readonly environmentPolicy: "environment_specific";
|
|
1004
|
+
readonly required: false;
|
|
1005
|
+
readonly secret: false;
|
|
1006
|
+
readonly public: false;
|
|
1007
|
+
readonly consumers: readonly ["lucern-graph-sync", "lucern-repo-ci"];
|
|
1008
|
+
readonly destinations: readonly [{
|
|
1009
|
+
readonly kind: "runtime_fetch";
|
|
1010
|
+
readonly target: "lucern-graph-sync";
|
|
1011
|
+
readonly environmentPolicy: "environment_specific";
|
|
1012
|
+
}, {
|
|
1013
|
+
readonly kind: "github_actions";
|
|
1014
|
+
readonly target: "LucernAI/lucern";
|
|
1015
|
+
readonly environmentPolicy: "environment_specific";
|
|
1016
|
+
}];
|
|
1017
|
+
readonly description: "Lucern-owned Neo4j username for platform graph-sync surfaces.";
|
|
1018
|
+
}, {
|
|
1019
|
+
readonly id: "platform.neo4j.password";
|
|
1020
|
+
readonly canonicalName: "NEO4J_PASSWORD";
|
|
1021
|
+
readonly owner: "lucern_platform";
|
|
1022
|
+
readonly scope: "environment";
|
|
1023
|
+
readonly sourcePath: "/platform/graph/neo4j";
|
|
1024
|
+
readonly environmentPolicy: "environment_specific";
|
|
1025
|
+
readonly required: false;
|
|
1026
|
+
readonly secret: true;
|
|
1027
|
+
readonly public: false;
|
|
1028
|
+
readonly consumers: readonly ["lucern-graph-sync", "lucern-repo-ci"];
|
|
1029
|
+
readonly destinations: readonly [{
|
|
1030
|
+
readonly kind: "runtime_fetch";
|
|
1031
|
+
readonly target: "lucern-graph-sync";
|
|
1032
|
+
readonly environmentPolicy: "environment_specific";
|
|
1033
|
+
}, {
|
|
1034
|
+
readonly kind: "github_actions";
|
|
1035
|
+
readonly target: "LucernAI/lucern";
|
|
1036
|
+
readonly environmentPolicy: "environment_specific";
|
|
1037
|
+
}];
|
|
1038
|
+
readonly description: "Lucern-owned Neo4j password for platform graph-sync surfaces.";
|
|
1039
|
+
}, {
|
|
1040
|
+
readonly id: "platform.neo4j.sync-secret";
|
|
1041
|
+
readonly canonicalName: "NEO4J_SYNC_SECRET";
|
|
1042
|
+
readonly owner: "lucern_platform";
|
|
1043
|
+
readonly scope: "environment";
|
|
1044
|
+
readonly sourcePath: "/platform/graph/neo4j";
|
|
1045
|
+
readonly environmentPolicy: "environment_specific";
|
|
1046
|
+
readonly required: false;
|
|
1047
|
+
readonly secret: true;
|
|
1048
|
+
readonly public: false;
|
|
1049
|
+
readonly consumers: readonly ["lucern-graph-sync", "lucern-repo-ci"];
|
|
1050
|
+
readonly destinations: readonly [{
|
|
1051
|
+
readonly kind: "runtime_fetch";
|
|
1052
|
+
readonly target: "lucern-graph-sync";
|
|
1053
|
+
readonly environmentPolicy: "environment_specific";
|
|
1054
|
+
}, {
|
|
1055
|
+
readonly kind: "github_actions";
|
|
1056
|
+
readonly target: "LucernAI/lucern";
|
|
1057
|
+
readonly environmentPolicy: "environment_specific";
|
|
1058
|
+
}];
|
|
1059
|
+
readonly description: "Shared secret protecting Lucern-owned graph-sync HTTP/query proxy calls.";
|
|
1060
|
+
}, {
|
|
1061
|
+
readonly id: "platform.neo4j.database";
|
|
1062
|
+
readonly canonicalName: "NEO4J_DATABASE";
|
|
1063
|
+
readonly owner: "lucern_platform";
|
|
1064
|
+
readonly scope: "environment";
|
|
1065
|
+
readonly sourcePath: "/platform/graph/neo4j";
|
|
1066
|
+
readonly environmentPolicy: "environment_specific";
|
|
1067
|
+
readonly required: false;
|
|
1068
|
+
readonly secret: false;
|
|
1069
|
+
readonly public: false;
|
|
1070
|
+
readonly consumers: readonly ["lucern-graph-sync", "lucern-repo-ci"];
|
|
1071
|
+
readonly destinations: readonly [{
|
|
1072
|
+
readonly kind: "runtime_fetch";
|
|
1073
|
+
readonly target: "lucern-graph-sync";
|
|
1074
|
+
readonly environmentPolicy: "environment_specific";
|
|
1075
|
+
}, {
|
|
1076
|
+
readonly kind: "github_actions";
|
|
1077
|
+
readonly target: "LucernAI/lucern";
|
|
1078
|
+
readonly environmentPolicy: "environment_specific";
|
|
1079
|
+
}];
|
|
1080
|
+
readonly description: "Optional Neo4j database name for Lucern-owned graph-sync surfaces.";
|
|
1081
|
+
}, {
|
|
1082
|
+
readonly id: "platform.pinecone.api-key";
|
|
1083
|
+
readonly canonicalName: "PINECONE_API_KEY";
|
|
1084
|
+
readonly owner: "lucern_platform";
|
|
1085
|
+
readonly scope: "environment";
|
|
1086
|
+
readonly sourcePath: "/platform/vector/pinecone";
|
|
1087
|
+
readonly environmentPolicy: "environment_specific";
|
|
1088
|
+
readonly required: false;
|
|
1089
|
+
readonly secret: true;
|
|
1090
|
+
readonly public: false;
|
|
1091
|
+
readonly consumers: readonly ["lucern-ai-runtime", "lucern-repo-ci"];
|
|
1092
|
+
readonly destinations: readonly [{
|
|
1093
|
+
readonly kind: "runtime_fetch";
|
|
1094
|
+
readonly target: "lucern-ai-runtime";
|
|
1095
|
+
readonly environmentPolicy: "environment_specific";
|
|
1096
|
+
}, {
|
|
1097
|
+
readonly kind: "github_actions";
|
|
1098
|
+
readonly target: "LucernAI/lucern";
|
|
1099
|
+
readonly environmentPolicy: "environment_specific";
|
|
1100
|
+
}];
|
|
1101
|
+
readonly description: "Lucern-owned Pinecone API key for platform vector search.";
|
|
1102
|
+
}, {
|
|
1103
|
+
readonly id: "platform.pinecone.index-name";
|
|
1104
|
+
readonly canonicalName: "PINECONE_INDEX_NAME";
|
|
1105
|
+
readonly aliases: readonly ["PINECONE_INDEX"];
|
|
1106
|
+
readonly owner: "lucern_platform";
|
|
1107
|
+
readonly scope: "environment";
|
|
1108
|
+
readonly sourcePath: "/platform/vector/pinecone";
|
|
1109
|
+
readonly environmentPolicy: "environment_specific";
|
|
1110
|
+
readonly required: false;
|
|
1111
|
+
readonly secret: false;
|
|
1112
|
+
readonly public: false;
|
|
1113
|
+
readonly consumers: readonly ["lucern-ai-runtime", "lucern-repo-ci"];
|
|
1114
|
+
readonly destinations: readonly [{
|
|
1115
|
+
readonly kind: "runtime_fetch";
|
|
1116
|
+
readonly target: "lucern-ai-runtime";
|
|
1117
|
+
readonly environmentPolicy: "environment_specific";
|
|
1118
|
+
}, {
|
|
1119
|
+
readonly kind: "github_actions";
|
|
1120
|
+
readonly target: "LucernAI/lucern";
|
|
1121
|
+
readonly environmentPolicy: "environment_specific";
|
|
1122
|
+
}];
|
|
1123
|
+
readonly description: "Lucern-owned Pinecone index name.";
|
|
1124
|
+
}, {
|
|
1125
|
+
readonly id: "platform.pinecone.host";
|
|
1126
|
+
readonly canonicalName: "PINECONE_HOST";
|
|
1127
|
+
readonly aliases: readonly ["PINECONE_INDEX_HOST"];
|
|
1128
|
+
readonly owner: "lucern_platform";
|
|
1129
|
+
readonly scope: "environment";
|
|
1130
|
+
readonly sourcePath: "/platform/vector/pinecone";
|
|
1131
|
+
readonly environmentPolicy: "environment_specific";
|
|
1132
|
+
readonly required: false;
|
|
1133
|
+
readonly secret: false;
|
|
1134
|
+
readonly public: false;
|
|
1135
|
+
readonly consumers: readonly ["lucern-ai-runtime", "lucern-repo-ci"];
|
|
1136
|
+
readonly destinations: readonly [{
|
|
1137
|
+
readonly kind: "runtime_fetch";
|
|
1138
|
+
readonly target: "lucern-ai-runtime";
|
|
1139
|
+
readonly environmentPolicy: "environment_specific";
|
|
1140
|
+
}, {
|
|
1141
|
+
readonly kind: "github_actions";
|
|
1142
|
+
readonly target: "LucernAI/lucern";
|
|
1143
|
+
readonly environmentPolicy: "environment_specific";
|
|
1144
|
+
}];
|
|
1145
|
+
readonly description: "Lucern-owned Pinecone host/index host.";
|
|
1146
|
+
}, {
|
|
1147
|
+
readonly id: "platform.sentry.dsn";
|
|
1148
|
+
readonly canonicalName: "NEXT_PUBLIC_SENTRY_DSN";
|
|
1149
|
+
readonly aliases: readonly ["SENTRY_DSN", "NEXT_PUBLIC_SENTRY_DSN_NEXTJS"];
|
|
1150
|
+
readonly owner: "provider";
|
|
1151
|
+
readonly scope: "environment";
|
|
1152
|
+
readonly sourcePath: "/platform/observability/sentry";
|
|
1153
|
+
readonly environmentPolicy: "environment_specific";
|
|
1154
|
+
readonly required: false;
|
|
1155
|
+
readonly secret: false;
|
|
1156
|
+
readonly public: true;
|
|
1157
|
+
readonly consumers: readonly ["lucern-web", "lucern-gateway", "lucern-observability"];
|
|
1158
|
+
readonly destinations: readonly [{
|
|
1159
|
+
readonly kind: "vercel";
|
|
1160
|
+
readonly target: "lucern";
|
|
1161
|
+
readonly environmentPolicy: "environment_specific";
|
|
1162
|
+
}, {
|
|
1163
|
+
readonly kind: "vercel";
|
|
1164
|
+
readonly target: "lucern-gateway";
|
|
1165
|
+
readonly environmentPolicy: "environment_specific";
|
|
1166
|
+
}];
|
|
1167
|
+
readonly description: "Lucern-owned Sentry DSN for browser/server error telemetry.";
|
|
1168
|
+
}, {
|
|
1169
|
+
readonly id: "platform.sentry.auth-token";
|
|
1170
|
+
readonly canonicalName: "SENTRY_AUTH_TOKEN";
|
|
1171
|
+
readonly owner: "provider";
|
|
1172
|
+
readonly scope: "environment";
|
|
1173
|
+
readonly sourcePath: "/platform/observability/sentry";
|
|
1174
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1175
|
+
readonly required: false;
|
|
1176
|
+
readonly secret: true;
|
|
1177
|
+
readonly public: false;
|
|
1178
|
+
readonly consumers: readonly ["lucern-repo-ci", "lucern-observability"];
|
|
1179
|
+
readonly destinations: readonly [{
|
|
1180
|
+
readonly kind: "github_actions";
|
|
1181
|
+
readonly target: "LucernAI/lucern";
|
|
1182
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1183
|
+
}, {
|
|
1184
|
+
readonly kind: "vercel";
|
|
1185
|
+
readonly target: "lucern";
|
|
1186
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1187
|
+
}];
|
|
1188
|
+
readonly description: "Sentry release-upload token. Runtime services must not use it for authorization.";
|
|
1189
|
+
}, {
|
|
1190
|
+
readonly id: "platform.sentry.org";
|
|
1191
|
+
readonly canonicalName: "SENTRY_ORG";
|
|
1192
|
+
readonly aliases: readonly ["SENTRY_ORG_SLUG"];
|
|
1193
|
+
readonly owner: "provider";
|
|
1194
|
+
readonly scope: "global";
|
|
1195
|
+
readonly sourcePath: "/platform/observability/sentry";
|
|
1196
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1197
|
+
readonly required: false;
|
|
1198
|
+
readonly secret: false;
|
|
1199
|
+
readonly public: false;
|
|
1200
|
+
readonly consumers: readonly ["lucern-repo-ci", "lucern-observability"];
|
|
1201
|
+
readonly destinations: readonly [{
|
|
1202
|
+
readonly kind: "github_actions";
|
|
1203
|
+
readonly target: "LucernAI/lucern";
|
|
1204
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1205
|
+
}, {
|
|
1206
|
+
readonly kind: "vercel";
|
|
1207
|
+
readonly target: "lucern";
|
|
1208
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1209
|
+
}];
|
|
1210
|
+
readonly description: "Sentry organization slug for Lucern release uploads.";
|
|
1211
|
+
}, {
|
|
1212
|
+
readonly id: "platform.sentry.project";
|
|
1213
|
+
readonly canonicalName: "SENTRY_PROJECT";
|
|
1214
|
+
readonly aliases: readonly ["SENTRY_PROJECT_NEXTJS"];
|
|
1215
|
+
readonly owner: "provider";
|
|
1216
|
+
readonly scope: "global";
|
|
1217
|
+
readonly sourcePath: "/platform/observability/sentry";
|
|
1218
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1219
|
+
readonly required: false;
|
|
1220
|
+
readonly secret: false;
|
|
1221
|
+
readonly public: false;
|
|
1222
|
+
readonly consumers: readonly ["lucern-repo-ci", "lucern-observability"];
|
|
1223
|
+
readonly destinations: readonly [{
|
|
1224
|
+
readonly kind: "github_actions";
|
|
1225
|
+
readonly target: "LucernAI/lucern";
|
|
1226
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1227
|
+
}, {
|
|
1228
|
+
readonly kind: "vercel";
|
|
1229
|
+
readonly target: "lucern";
|
|
1230
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1231
|
+
}];
|
|
1232
|
+
readonly description: "Sentry project slug for Lucern release uploads.";
|
|
1233
|
+
}, {
|
|
1234
|
+
readonly id: "platform.sentry.environment";
|
|
1235
|
+
readonly canonicalName: "SENTRY_ENVIRONMENT";
|
|
1236
|
+
readonly aliases: readonly ["NEXT_PUBLIC_SENTRY_ENVIRONMENT"];
|
|
1237
|
+
readonly owner: "provider";
|
|
1238
|
+
readonly scope: "environment";
|
|
1239
|
+
readonly sourcePath: "/platform/observability/sentry";
|
|
1240
|
+
readonly environmentPolicy: "environment_specific";
|
|
1241
|
+
readonly required: false;
|
|
1242
|
+
readonly secret: false;
|
|
1243
|
+
readonly public: false;
|
|
1244
|
+
readonly consumers: readonly ["lucern-web", "lucern-gateway", "lucern-observability"];
|
|
1245
|
+
readonly destinations: readonly [{
|
|
1246
|
+
readonly kind: "vercel";
|
|
1247
|
+
readonly target: "lucern";
|
|
1248
|
+
readonly environmentPolicy: "environment_specific";
|
|
1249
|
+
readonly writeNames: readonly ["SENTRY_ENVIRONMENT", "NEXT_PUBLIC_SENTRY_ENVIRONMENT"];
|
|
1250
|
+
}, {
|
|
1251
|
+
readonly kind: "vercel";
|
|
1252
|
+
readonly target: "lucern-gateway";
|
|
1253
|
+
readonly environmentPolicy: "environment_specific";
|
|
1254
|
+
}];
|
|
1255
|
+
readonly description: "Lucern-owned Sentry environment label.";
|
|
1256
|
+
}, {
|
|
1257
|
+
readonly id: "platform.sentry.release";
|
|
1258
|
+
readonly canonicalName: "SENTRY_RELEASE";
|
|
1259
|
+
readonly aliases: readonly ["NEXT_PUBLIC_SENTRY_RELEASE"];
|
|
1260
|
+
readonly owner: "provider";
|
|
1261
|
+
readonly scope: "environment";
|
|
1262
|
+
readonly sourcePath: "/platform/observability/sentry";
|
|
1263
|
+
readonly environmentPolicy: "environment_specific";
|
|
1264
|
+
readonly required: false;
|
|
1265
|
+
readonly secret: false;
|
|
1266
|
+
readonly public: false;
|
|
1267
|
+
readonly consumers: readonly ["lucern-web", "lucern-gateway", "lucern-observability"];
|
|
1268
|
+
readonly destinations: readonly [{
|
|
1269
|
+
readonly kind: "vercel";
|
|
1270
|
+
readonly target: "lucern";
|
|
1271
|
+
readonly environmentPolicy: "environment_specific";
|
|
1272
|
+
readonly writeNames: readonly ["SENTRY_RELEASE", "NEXT_PUBLIC_SENTRY_RELEASE"];
|
|
1273
|
+
}, {
|
|
1274
|
+
readonly kind: "vercel";
|
|
1275
|
+
readonly target: "lucern-gateway";
|
|
1276
|
+
readonly environmentPolicy: "environment_specific";
|
|
1277
|
+
}];
|
|
1278
|
+
readonly description: "Lucern-owned Sentry release name.";
|
|
1279
|
+
}, {
|
|
1280
|
+
readonly id: "platform.deploy.vercel-token";
|
|
1281
|
+
readonly canonicalName: "VERCEL_TOKEN";
|
|
1282
|
+
readonly owner: "provider";
|
|
1283
|
+
readonly scope: "global";
|
|
1284
|
+
readonly sourcePath: "/platform/deploy/vercel";
|
|
1285
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1286
|
+
readonly required: false;
|
|
1287
|
+
readonly secret: true;
|
|
1288
|
+
readonly public: false;
|
|
1289
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
1290
|
+
readonly destinations: readonly [{
|
|
1291
|
+
readonly kind: "github_actions";
|
|
1292
|
+
readonly target: "LucernAI/lucern";
|
|
1293
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1294
|
+
}, {
|
|
1295
|
+
readonly kind: "operator_local";
|
|
1296
|
+
readonly target: "secret-sync-writer";
|
|
1297
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1298
|
+
}];
|
|
1299
|
+
readonly description: "Vercel API token for the future reviewed live writer. Never copy into tenant apps.";
|
|
1300
|
+
}, {
|
|
1301
|
+
readonly id: "platform.deploy.vercel-org-id";
|
|
1302
|
+
readonly canonicalName: "VERCEL_ORG_ID";
|
|
1303
|
+
readonly owner: "provider";
|
|
1304
|
+
readonly scope: "global";
|
|
1305
|
+
readonly sourcePath: "/platform/deploy/vercel";
|
|
1306
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1307
|
+
readonly required: false;
|
|
1308
|
+
readonly secret: false;
|
|
1309
|
+
readonly public: false;
|
|
1310
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
1311
|
+
readonly destinations: readonly [{
|
|
1312
|
+
readonly kind: "github_actions";
|
|
1313
|
+
readonly target: "LucernAI/lucern";
|
|
1314
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1315
|
+
}, {
|
|
1316
|
+
readonly kind: "operator_local";
|
|
1317
|
+
readonly target: "secret-sync-writer";
|
|
1318
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1319
|
+
}];
|
|
1320
|
+
readonly description: "Vercel team/org id used by deployment and sync automation.";
|
|
1321
|
+
}, {
|
|
1322
|
+
readonly id: "platform.docs.gap-audit-api-key";
|
|
1323
|
+
readonly canonicalName: "DOC_GAP_AUDIT_API_KEY";
|
|
1324
|
+
readonly owner: "lucern_platform";
|
|
1325
|
+
readonly scope: "environment";
|
|
1326
|
+
readonly sourcePath: "/platform/docs";
|
|
1327
|
+
readonly environmentPolicy: "environment_specific";
|
|
1328
|
+
readonly required: false;
|
|
1329
|
+
readonly secret: true;
|
|
1330
|
+
readonly public: false;
|
|
1331
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
1332
|
+
readonly destinations: readonly [{
|
|
1333
|
+
readonly kind: "github_actions";
|
|
1334
|
+
readonly target: "LucernAI/lucern";
|
|
1335
|
+
readonly environmentPolicy: "environment_specific";
|
|
1336
|
+
}, {
|
|
1337
|
+
readonly kind: "operator_local";
|
|
1338
|
+
readonly target: "lucern-repo";
|
|
1339
|
+
readonly environmentPolicy: "environment_specific";
|
|
1340
|
+
}];
|
|
1341
|
+
readonly description: "Optional model key for docs gap audits.";
|
|
1342
|
+
}, {
|
|
1343
|
+
readonly id: "platform.docs.gap-audit-provider";
|
|
1344
|
+
readonly canonicalName: "DOC_GAP_AUDIT_PROVIDER";
|
|
1345
|
+
readonly owner: "lucern_platform";
|
|
1346
|
+
readonly scope: "environment";
|
|
1347
|
+
readonly sourcePath: "/platform/docs";
|
|
1348
|
+
readonly environmentPolicy: "environment_specific";
|
|
1349
|
+
readonly required: false;
|
|
1350
|
+
readonly secret: false;
|
|
1351
|
+
readonly public: false;
|
|
1352
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
1353
|
+
readonly destinations: readonly [{
|
|
1354
|
+
readonly kind: "github_actions";
|
|
1355
|
+
readonly target: "LucernAI/lucern";
|
|
1356
|
+
readonly environmentPolicy: "environment_specific";
|
|
1357
|
+
}, {
|
|
1358
|
+
readonly kind: "operator_local";
|
|
1359
|
+
readonly target: "lucern-repo";
|
|
1360
|
+
readonly environmentPolicy: "environment_specific";
|
|
1361
|
+
}];
|
|
1362
|
+
readonly description: "Optional docs gap audit provider selector.";
|
|
1363
|
+
}, {
|
|
1364
|
+
readonly id: "platform.docs.gap-audit-model";
|
|
1365
|
+
readonly canonicalName: "DOC_GAP_AUDIT_MODEL";
|
|
1366
|
+
readonly owner: "lucern_platform";
|
|
1367
|
+
readonly scope: "environment";
|
|
1368
|
+
readonly sourcePath: "/platform/docs";
|
|
1369
|
+
readonly environmentPolicy: "environment_specific";
|
|
1370
|
+
readonly required: false;
|
|
1371
|
+
readonly secret: false;
|
|
1372
|
+
readonly public: false;
|
|
1373
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
1374
|
+
readonly destinations: readonly [{
|
|
1375
|
+
readonly kind: "github_actions";
|
|
1376
|
+
readonly target: "LucernAI/lucern";
|
|
1377
|
+
readonly environmentPolicy: "environment_specific";
|
|
1378
|
+
}, {
|
|
1379
|
+
readonly kind: "operator_local";
|
|
1380
|
+
readonly target: "lucern-repo";
|
|
1381
|
+
readonly environmentPolicy: "environment_specific";
|
|
1382
|
+
}];
|
|
1383
|
+
readonly description: "Optional docs gap audit model selector.";
|
|
1384
|
+
}, {
|
|
1385
|
+
readonly id: "platform.infisical.local-cli";
|
|
1386
|
+
readonly canonicalName: "INFISICAL_BIN";
|
|
1387
|
+
readonly aliases: readonly ["INFISICAL_API_URL", "INFISICAL_URL"];
|
|
1388
|
+
readonly owner: "lucern_platform";
|
|
1389
|
+
readonly scope: "global";
|
|
1390
|
+
readonly sourcePath: "/platform/infisical";
|
|
1391
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1392
|
+
readonly required: false;
|
|
1393
|
+
readonly secret: false;
|
|
1394
|
+
readonly public: false;
|
|
1395
|
+
readonly consumers: readonly ["mc-operator-tooling", "lucern-repo-ci"];
|
|
1396
|
+
readonly destinations: readonly [{
|
|
1397
|
+
readonly kind: "operator_local";
|
|
1398
|
+
readonly target: "lucern-repo";
|
|
1399
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1400
|
+
}];
|
|
1401
|
+
readonly description: "Operator-only Infisical CLI/API location knobs. Machine credentials are handled by the bootstrap contract.";
|
|
1402
|
+
}, {
|
|
1403
|
+
readonly id: "platform.gateway.device-verification-base-url";
|
|
1404
|
+
readonly canonicalName: "LUCERN_DEVICE_VERIFICATION_BASE_URL";
|
|
1405
|
+
readonly owner: "lucern_platform";
|
|
1406
|
+
readonly scope: "environment";
|
|
1407
|
+
readonly sourcePath: "/platform/runtime";
|
|
1408
|
+
readonly environmentPolicy: "environment_specific";
|
|
1409
|
+
readonly required: false;
|
|
1410
|
+
readonly secret: false;
|
|
1411
|
+
readonly public: false;
|
|
1412
|
+
readonly consumers: readonly ["lucern-gateway"];
|
|
1413
|
+
readonly destinations: readonly [{
|
|
1414
|
+
readonly kind: "vercel";
|
|
1415
|
+
readonly target: "lucern-gateway";
|
|
1416
|
+
readonly environmentPolicy: "environment_specific";
|
|
1417
|
+
}];
|
|
1418
|
+
readonly description: "Base URL shown during Lucern CLI/device authentication.";
|
|
1419
|
+
}, {
|
|
1420
|
+
readonly id: "platform.gateway.mode";
|
|
1421
|
+
readonly canonicalName: "LUCERN_GATEWAY_MODE";
|
|
1422
|
+
readonly aliases: readonly ["LUCERN_GATEWAY_ENV"];
|
|
1423
|
+
readonly owner: "lucern_platform";
|
|
1424
|
+
readonly scope: "environment";
|
|
1425
|
+
readonly sourcePath: "/platform/runtime";
|
|
1426
|
+
readonly environmentPolicy: "environment_specific";
|
|
1427
|
+
readonly required: false;
|
|
1428
|
+
readonly secret: false;
|
|
1429
|
+
readonly public: false;
|
|
1430
|
+
readonly consumers: readonly ["lucern-gateway", "lucern-repo-ci"];
|
|
1431
|
+
readonly destinations: readonly [{
|
|
1432
|
+
readonly kind: "vercel";
|
|
1433
|
+
readonly target: "lucern-gateway";
|
|
1434
|
+
readonly environmentPolicy: "environment_specific";
|
|
1435
|
+
}, {
|
|
1436
|
+
readonly kind: "github_actions";
|
|
1437
|
+
readonly target: "LucernAI/lucern";
|
|
1438
|
+
readonly environmentPolicy: "environment_specific";
|
|
1439
|
+
}];
|
|
1440
|
+
readonly description: "Gateway runtime mode/environment label.";
|
|
1441
|
+
}, {
|
|
1442
|
+
readonly id: "platform.mcp.runtime";
|
|
1443
|
+
readonly canonicalName: "LUCERN_MCP_URL";
|
|
1444
|
+
readonly aliases: readonly ["LUCERN_AGENT_IDENTITY", "LUCERN_HTTP_HOST", "LUCERN_HTTP_PORT", "LUCERN_MCP_ALLOW_API_KEY_PASSTHROUGH", "LUCERN_MCP_DEBUG", "LUCERN_MCP_DIAGNOSTICS_FILE", "LUCERN_MCP_HEALTH_PATH", "LUCERN_MCP_HEALTH_URL", "LUCERN_MCP_HOST", "LUCERN_MCP_PATH", "LUCERN_MCP_PORT", "LUCERN_MCP_QUIET", "LUCERN_MCP_TRANSPORT", "LUCERN_PROFILE", "LUCERN_PUBLIC_URL", "MCP_SERVER_URL"];
|
|
1445
|
+
readonly owner: "lucern_platform";
|
|
1446
|
+
readonly scope: "environment";
|
|
1447
|
+
readonly sourcePath: "/platform/runtime";
|
|
1448
|
+
readonly environmentPolicy: "environment_specific";
|
|
1449
|
+
readonly required: false;
|
|
1450
|
+
readonly secret: false;
|
|
1451
|
+
readonly public: false;
|
|
1452
|
+
readonly consumers: readonly ["lucern-mcp", "lucern-cli", "lucern-repo-ci"];
|
|
1453
|
+
readonly destinations: readonly [{
|
|
1454
|
+
readonly kind: "runtime_fetch";
|
|
1455
|
+
readonly target: "lucern-cli-mcp-sdk";
|
|
1456
|
+
readonly environmentPolicy: "environment_specific";
|
|
1457
|
+
}, {
|
|
1458
|
+
readonly kind: "operator_local";
|
|
1459
|
+
readonly target: "lucern-repo";
|
|
1460
|
+
readonly environmentPolicy: "environment_specific";
|
|
1461
|
+
}];
|
|
1462
|
+
readonly description: "Lucern MCP/CLI runtime knobs. Aliases are compatibility names and not Vercel write names.";
|
|
1463
|
+
}, {
|
|
1464
|
+
readonly id: "platform.mcp.auth-token";
|
|
1465
|
+
readonly canonicalName: "LUCERN_MCP_SERVER_AUTH_TOKEN";
|
|
1466
|
+
readonly aliases: readonly ["LUCERN_USER_TOKEN", "MCP_SERVER_TOKEN"];
|
|
1467
|
+
readonly owner: "lucern_platform";
|
|
1468
|
+
readonly scope: "environment";
|
|
1469
|
+
readonly sourcePath: "/platform/runtime";
|
|
1470
|
+
readonly environmentPolicy: "environment_specific";
|
|
1471
|
+
readonly required: false;
|
|
1472
|
+
readonly secret: true;
|
|
1473
|
+
readonly public: false;
|
|
1474
|
+
readonly consumers: readonly ["lucern-mcp", "lucern-cli", "lucern-repo-ci"];
|
|
1475
|
+
readonly destinations: readonly [{
|
|
1476
|
+
readonly kind: "runtime_fetch";
|
|
1477
|
+
readonly target: "lucern-cli-mcp-sdk";
|
|
1478
|
+
readonly environmentPolicy: "environment_specific";
|
|
1479
|
+
}, {
|
|
1480
|
+
readonly kind: "operator_local";
|
|
1481
|
+
readonly target: "lucern-repo";
|
|
1482
|
+
readonly environmentPolicy: "environment_specific";
|
|
1483
|
+
}];
|
|
1484
|
+
readonly description: "Local/hosted MCP auth token material. Tenant apps must use MC/API-key sessions instead.";
|
|
1485
|
+
}, {
|
|
1486
|
+
readonly id: "platform.graph-sync.proxy";
|
|
1487
|
+
readonly canonicalName: "LUCERN_GRAPH_SYNC_QUERY_BASE_URL";
|
|
1488
|
+
readonly aliases: readonly ["LUCERN_DEFAULT_TENANT_ID", "LUCERN_GRAPH_SYNC_ALLOWED_PROXY_HOSTS"];
|
|
1489
|
+
readonly owner: "lucern_platform";
|
|
1490
|
+
readonly scope: "environment";
|
|
1491
|
+
readonly sourcePath: "/platform/graph/neo4j";
|
|
1492
|
+
readonly environmentPolicy: "environment_specific";
|
|
1493
|
+
readonly required: false;
|
|
1494
|
+
readonly secret: false;
|
|
1495
|
+
readonly public: false;
|
|
1496
|
+
readonly consumers: readonly ["lucern-graph-sync", "lucern-repo-ci"];
|
|
1497
|
+
readonly destinations: readonly [{
|
|
1498
|
+
readonly kind: "runtime_fetch";
|
|
1499
|
+
readonly target: "lucern-graph-sync";
|
|
1500
|
+
readonly environmentPolicy: "environment_specific";
|
|
1501
|
+
}, {
|
|
1502
|
+
readonly kind: "github_actions";
|
|
1503
|
+
readonly target: "LucernAI/lucern";
|
|
1504
|
+
readonly environmentPolicy: "environment_specific";
|
|
1505
|
+
}];
|
|
1506
|
+
readonly description: "Graph-sync proxy URL, tenant filter, and allowed host list.";
|
|
1507
|
+
}, {
|
|
1508
|
+
readonly id: "platform.package-smoke.local";
|
|
1509
|
+
readonly canonicalName: "LUCERN_SDK_NPM_TOKEN";
|
|
1510
|
+
readonly aliases: readonly ["LUCERN_KERNEL_INSTALL_SPEC", "LUCERN_KERNEL_KEEP_CLEANROOM", "LUCERN_KERNEL_LOCAL_TARBALL", "LUCERN_KERNEL_NPM_TOKEN", "LUCERN_KERNEL_SCOPE_REGISTRY", "LUCERN_KERNEL_SKIP_CONVEX", "LUCERN_SDK_INSTALL_SPEC", "LUCERN_SDK_KEEP_CLEANROOM", "LUCERN_SDK_LOCAL_TARBALL", "LUCERN_SDK_SCOPE_REGISTRY", "LUCERN_SDK_SKIP_LIVE"];
|
|
1511
|
+
readonly owner: "lucern_platform";
|
|
1512
|
+
readonly scope: "global";
|
|
1513
|
+
readonly sourcePath: "/platform/package-publish";
|
|
1514
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1515
|
+
readonly required: false;
|
|
1516
|
+
readonly secret: true;
|
|
1517
|
+
readonly public: false;
|
|
1518
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
1519
|
+
readonly destinations: readonly [{
|
|
1520
|
+
readonly kind: "github_actions";
|
|
1521
|
+
readonly target: "LucernAI/lucern";
|
|
1522
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1523
|
+
}, {
|
|
1524
|
+
readonly kind: "operator_local";
|
|
1525
|
+
readonly target: "lucern-repo";
|
|
1526
|
+
readonly environmentPolicy: "same_all_environments";
|
|
1527
|
+
}];
|
|
1528
|
+
readonly description: "Private package install smoke-test knobs. Values are not tenant runtime variables.";
|
|
1529
|
+
}, {
|
|
1530
|
+
readonly id: "platform.convex-deploy.local-names";
|
|
1531
|
+
readonly canonicalName: "LUCERN_CONVEX_DEPLOYMENT_NAME";
|
|
1532
|
+
readonly aliases: readonly ["CONVEX_DEPLOYMENT", "CONVEX_DEV_DEPLOYMENT_NAME", "CONVEX_PROD_DEPLOYMENT_NAME"];
|
|
1533
|
+
readonly owner: "lucern_platform";
|
|
1534
|
+
readonly scope: "environment";
|
|
1535
|
+
readonly sourcePath: "/platform/deploy/convex";
|
|
1536
|
+
readonly environmentPolicy: "environment_specific";
|
|
1537
|
+
readonly required: false;
|
|
1538
|
+
readonly secret: false;
|
|
1539
|
+
readonly public: false;
|
|
1540
|
+
readonly consumers: readonly ["mc-operator-tooling", "lucern-repo-ci"];
|
|
1541
|
+
readonly destinations: readonly [{
|
|
1542
|
+
readonly kind: "operator_local";
|
|
1543
|
+
readonly target: "lucern-repo";
|
|
1544
|
+
readonly environmentPolicy: "environment_specific";
|
|
1545
|
+
}];
|
|
1546
|
+
readonly description: "Operator-only Convex deployment name hints. Deploy keys and URLs remain separately scoped.";
|
|
1547
|
+
}, {
|
|
1548
|
+
readonly id: "platform.sdk.local-context";
|
|
1549
|
+
readonly canonicalName: "LUCERN_TENANT_ID";
|
|
1550
|
+
readonly aliases: readonly ["LUCERN_AGENT_DISPLAY_NAME", "LUCERN_AGENT_ID", "LUCERN_API_ENVIRONMENT", "LUCERN_PACK_KEY", "LUCERN_PROJECT_ID", "LUCERN_TOPIC_ID", "LUCERN_WORKSPACE_ID", "LUCERN_WORKTREE_ID"];
|
|
1551
|
+
readonly owner: "lucern_platform";
|
|
1552
|
+
readonly scope: "environment";
|
|
1553
|
+
readonly sourcePath: "/platform/runtime";
|
|
1554
|
+
readonly environmentPolicy: "environment_specific";
|
|
1555
|
+
readonly required: false;
|
|
1556
|
+
readonly secret: false;
|
|
1557
|
+
readonly public: false;
|
|
1558
|
+
readonly consumers: readonly ["lucern-cli", "lucern-mcp", "tenant-agent-runtime"];
|
|
1559
|
+
readonly destinations: readonly [{
|
|
1560
|
+
readonly kind: "runtime_fetch";
|
|
1561
|
+
readonly target: "lucern-cli-mcp-sdk";
|
|
1562
|
+
readonly environmentPolicy: "environment_specific";
|
|
1563
|
+
}, {
|
|
1564
|
+
readonly kind: "operator_local";
|
|
1565
|
+
readonly target: "lucern-repo";
|
|
1566
|
+
readonly environmentPolicy: "environment_specific";
|
|
1567
|
+
}];
|
|
1568
|
+
readonly description: "SDK, CLI, and agent context selectors. These identify scope and must not grant access by themselves.";
|
|
1569
|
+
}, {
|
|
1570
|
+
readonly id: "platform.debug.local-flags";
|
|
1571
|
+
readonly canonicalName: "LUCERN_FUNCTIONAL_DEBUG";
|
|
1572
|
+
readonly aliases: readonly ["LUCERN_CONTRACTS_SKIP_DTS", "LUCERN_DEPLOY_RECONCILIATION_DEBUG", "LUCERN_ENABLE_ADAPTIVE_LEARNING", "LUCERN_ENV_FILE", "LUCERN_EXAMPLE_DEBUG", "LUCERN_HTTP_SMOKE_DEBUG", "LUCERN_MULTI_TENANT", "LUCERN_PACK_ACTION_DEBUG", "LUCERN_RUN_LIVE_MCP"];
|
|
1573
|
+
readonly owner: "lucern_platform";
|
|
1574
|
+
readonly scope: "environment";
|
|
1575
|
+
readonly sourcePath: "/platform/runtime/debug";
|
|
1576
|
+
readonly environmentPolicy: "environment_specific";
|
|
1577
|
+
readonly required: false;
|
|
1578
|
+
readonly secret: false;
|
|
1579
|
+
readonly public: false;
|
|
1580
|
+
readonly consumers: readonly ["lucern-repo-ci", "mc-operator-tooling"];
|
|
1581
|
+
readonly destinations: readonly [{
|
|
1582
|
+
readonly kind: "operator_local";
|
|
1583
|
+
readonly target: "lucern-repo";
|
|
1584
|
+
readonly environmentPolicy: "environment_specific";
|
|
1585
|
+
}];
|
|
1586
|
+
readonly description: "Local or CI debug toggles. They are manifest-known but not tenant runtime secrets.";
|
|
1587
|
+
}, {
|
|
1588
|
+
readonly id: "tenant.stackos.deploy-guard.local";
|
|
1589
|
+
readonly canonicalName: "STACKOS_DEPLOY_TARGET";
|
|
1590
|
+
readonly aliases: readonly ["STACKOS_DEPLOY_ENTRYPOINT", "STACKOS_EXPECTED_STAGING_COMMIT", "STACKOS_PROD_CUTOVER_APPROVED", "STACKOS_REPO_PATH", "STACKOS_REQUIRE_CHAT_RUNTIME", "STACKOS_SLOP_SCAN_BASELINE", "STACKOS_STAGING_API_KEY", "STACKOS_STAGING_BASE_URL", "STACK_DEPLOY_RECONCILIATION_SCHEMA_JSON"];
|
|
1591
|
+
readonly owner: "tenant";
|
|
1592
|
+
readonly scope: "software_system";
|
|
1593
|
+
readonly sourcePath: "/tenants/stack";
|
|
1594
|
+
readonly environmentPolicy: "environment_specific";
|
|
1595
|
+
readonly required: false;
|
|
1596
|
+
readonly secret: true;
|
|
1597
|
+
readonly public: false;
|
|
1598
|
+
readonly consumers: readonly ["tenant-deploy-tooling", "lucern-repo-ci"];
|
|
1599
|
+
readonly destinations: readonly [{
|
|
1600
|
+
readonly kind: "operator_local";
|
|
1601
|
+
readonly target: "stackos-deploy-guard";
|
|
1602
|
+
readonly environmentPolicy: "environment_specific";
|
|
1603
|
+
}, {
|
|
1604
|
+
readonly kind: "github_actions";
|
|
1605
|
+
readonly target: "stack-vc/stackos";
|
|
1606
|
+
readonly environmentPolicy: "environment_specific";
|
|
1607
|
+
}];
|
|
1608
|
+
readonly description: "StackOS deploy/test guard variables. These are not written into the StackOS Vercel runtime.";
|
|
1609
|
+
}, ...(InfisicalSecretDefinition | {
|
|
1610
|
+
readonly id: "tenant.stack-eng.neo4j.uri";
|
|
1611
|
+
readonly canonicalName: "NEO4J_URI";
|
|
1612
|
+
readonly aliases: readonly ["NEO4J_ENG_URI"];
|
|
1613
|
+
readonly owner: "tenant";
|
|
1614
|
+
readonly scope: "workspace";
|
|
1615
|
+
readonly sourcePath: "/tenants/stack/engineering";
|
|
1616
|
+
readonly environmentPolicy: "environment_specific";
|
|
1617
|
+
readonly required: false;
|
|
1618
|
+
readonly secret: false;
|
|
1619
|
+
readonly public: false;
|
|
1620
|
+
readonly consumers: readonly ["tenant-graph-sync", "tenant-convex-deployment"];
|
|
1621
|
+
readonly destinations: readonly [{
|
|
1622
|
+
readonly kind: "convex";
|
|
1623
|
+
readonly target: "small-oyster-270|bold-cuttlefish-804";
|
|
1624
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1625
|
+
}, {
|
|
1626
|
+
readonly kind: "vercel";
|
|
1627
|
+
readonly target: "stackos-engineering-graph";
|
|
1628
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1629
|
+
}, {
|
|
1630
|
+
readonly kind: "github_actions";
|
|
1631
|
+
readonly target: "stack-vc/stackos-engineering-graph";
|
|
1632
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1633
|
+
}];
|
|
1634
|
+
readonly description: "Stack engineering graph Neo4j runtime URI. NEO4J_ENG_URI is the source alias used to avoid StackOS front-office collisions.";
|
|
1635
|
+
} | {
|
|
1636
|
+
readonly id: "tenant.stack-eng.neo4j.user";
|
|
1637
|
+
readonly canonicalName: "NEO4J_USER";
|
|
1638
|
+
readonly aliases: readonly ["NEO4J_ENG_USER"];
|
|
1639
|
+
readonly owner: "tenant";
|
|
1640
|
+
readonly scope: "workspace";
|
|
1641
|
+
readonly sourcePath: "/tenants/stack/engineering";
|
|
1642
|
+
readonly environmentPolicy: "environment_specific";
|
|
1643
|
+
readonly required: false;
|
|
1644
|
+
readonly secret: false;
|
|
1645
|
+
readonly public: false;
|
|
1646
|
+
readonly consumers: readonly ["tenant-graph-sync", "tenant-convex-deployment"];
|
|
1647
|
+
readonly destinations: readonly [{
|
|
1648
|
+
readonly kind: "convex";
|
|
1649
|
+
readonly target: "small-oyster-270|bold-cuttlefish-804";
|
|
1650
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1651
|
+
}, {
|
|
1652
|
+
readonly kind: "vercel";
|
|
1653
|
+
readonly target: "stackos-engineering-graph";
|
|
1654
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1655
|
+
}, {
|
|
1656
|
+
readonly kind: "github_actions";
|
|
1657
|
+
readonly target: "stack-vc/stackos-engineering-graph";
|
|
1658
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1659
|
+
}];
|
|
1660
|
+
readonly description: "Stack engineering graph Neo4j runtime user.";
|
|
1661
|
+
} | {
|
|
1662
|
+
readonly id: "tenant.stack-eng.neo4j.password";
|
|
1663
|
+
readonly canonicalName: "NEO4J_PASSWORD";
|
|
1664
|
+
readonly aliases: readonly ["NEO4J_ENG_PASSWORD"];
|
|
1665
|
+
readonly owner: "tenant";
|
|
1666
|
+
readonly scope: "workspace";
|
|
1667
|
+
readonly sourcePath: "/tenants/stack/engineering";
|
|
1668
|
+
readonly environmentPolicy: "environment_specific";
|
|
1669
|
+
readonly required: false;
|
|
1670
|
+
readonly secret: true;
|
|
1671
|
+
readonly public: false;
|
|
1672
|
+
readonly consumers: readonly ["tenant-graph-sync", "tenant-convex-deployment"];
|
|
1673
|
+
readonly destinations: readonly [{
|
|
1674
|
+
readonly kind: "convex";
|
|
1675
|
+
readonly target: "small-oyster-270|bold-cuttlefish-804";
|
|
1676
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1677
|
+
}, {
|
|
1678
|
+
readonly kind: "vercel";
|
|
1679
|
+
readonly target: "stackos-engineering-graph";
|
|
1680
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1681
|
+
}, {
|
|
1682
|
+
readonly kind: "github_actions";
|
|
1683
|
+
readonly target: "stack-vc/stackos-engineering-graph";
|
|
1684
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1685
|
+
}];
|
|
1686
|
+
readonly description: "Stack engineering graph Neo4j runtime password.";
|
|
1687
|
+
} | {
|
|
1688
|
+
readonly id: "tenant.stack-eng.neo4j.sync-secret";
|
|
1689
|
+
readonly canonicalName: "NEO4J_SYNC_SECRET";
|
|
1690
|
+
readonly owner: "tenant";
|
|
1691
|
+
readonly scope: "workspace";
|
|
1692
|
+
readonly sourcePath: "/tenants/stack/engineering";
|
|
1693
|
+
readonly environmentPolicy: "environment_specific";
|
|
1694
|
+
readonly required: false;
|
|
1695
|
+
readonly secret: true;
|
|
1696
|
+
readonly public: false;
|
|
1697
|
+
readonly consumers: readonly ["tenant-graph-sync", "tenant-convex-deployment"];
|
|
1698
|
+
readonly destinations: readonly [{
|
|
1699
|
+
readonly kind: "convex";
|
|
1700
|
+
readonly target: "small-oyster-270|bold-cuttlefish-804";
|
|
1701
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1702
|
+
}, {
|
|
1703
|
+
readonly kind: "vercel";
|
|
1704
|
+
readonly target: "stackos-engineering-graph";
|
|
1705
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1706
|
+
}, {
|
|
1707
|
+
readonly kind: "github_actions";
|
|
1708
|
+
readonly target: "stack-vc/stackos-engineering-graph";
|
|
1709
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1710
|
+
}];
|
|
1711
|
+
readonly description: "Stack engineering graph sync secret for Convex-to-HTTP graph query/sync calls.";
|
|
1712
|
+
} | {
|
|
1713
|
+
readonly id: "tenant.stackos.convex.url" | "tenant.stack-frontend.convex.url" | "tenant.stack-eng.convex.url" | "tenant.lucern-graph.convex.url";
|
|
1714
|
+
readonly canonicalName: "CONVEX_FRONTEND_URL" | "CONVEX_STACKOS_URL" | "CONVEX_STACK_ENG_URL" | "CONVEX_LUCERN_URL";
|
|
1715
|
+
readonly aliases: readonly string[] | undefined;
|
|
1716
|
+
readonly owner: "tenant";
|
|
1717
|
+
readonly scope: "software_system";
|
|
1718
|
+
readonly sourcePath: "/tenants/stack" | "/tenants/stack/engineering" | "/tenants/lucern/shared";
|
|
1719
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1720
|
+
readonly required: true;
|
|
1721
|
+
readonly secret: false;
|
|
1722
|
+
readonly public: false;
|
|
1723
|
+
readonly consumers: readonly ["tenant-vercel-app", "tenant-agent-runtime", "mc-operator-tooling"];
|
|
1724
|
+
readonly destinations: readonly [{
|
|
1725
|
+
readonly kind: "vercel";
|
|
1726
|
+
readonly target: "stackos" | "ai-chatbot-diao" | "stackos-engineering-graph" | "lucern-graph";
|
|
1727
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1728
|
+
readonly writeNames: readonly string[];
|
|
1729
|
+
}, {
|
|
1730
|
+
readonly kind: "github_actions";
|
|
1731
|
+
readonly target: "stack-vc/stackos" | "stack-vc/stackos-engineering-graph" | "stack-vc/front-end" | "stack-vc/lucern-graph" | "LucernAI/stackos" | "LucernAI/front-end" | "LucernAI/stackos-engineering-graph" | "LucernAI/lucern-graph";
|
|
1732
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1733
|
+
readonly writeNames: readonly string[];
|
|
1734
|
+
readonly notes: "Only if that repository deploy/test workflow owns this software system.";
|
|
1735
|
+
}];
|
|
1736
|
+
readonly description: "stack/stackos Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to wonderful-toucan-0." | "stack/stackos Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to good-snake-515." | "stack/stackos Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to bold-cuttlefish-804." | "stack/stackos Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to precious-dog-365." | "stack/stackos Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to wonderful-toucan-0." | "stack/stackos Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to good-snake-515." | "stack/stackos Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to bold-cuttlefish-804." | "stack/stackos Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to precious-dog-365." | "stack/stackos Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to wonderful-toucan-0." | "stack/stackos Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to good-snake-515." | "stack/stackos Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to bold-cuttlefish-804." | "stack/stackos Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to precious-dog-365." | "stack/stackos Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to wonderful-toucan-0." | "stack/stackos Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to good-snake-515." | "stack/stackos Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to bold-cuttlefish-804." | "stack/stackos Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to precious-dog-365." | "stack/frontend Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to wonderful-toucan-0." | "stack/frontend Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to good-snake-515." | "stack/frontend Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to bold-cuttlefish-804." | "stack/frontend Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to precious-dog-365." | "stack/frontend Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to wonderful-toucan-0." | "stack/frontend Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to good-snake-515." | "stack/frontend Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to bold-cuttlefish-804." | "stack/frontend Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to precious-dog-365." | "stack/frontend Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to wonderful-toucan-0." | "stack/frontend Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to good-snake-515." | "stack/frontend Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to bold-cuttlefish-804." | "stack/frontend Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to precious-dog-365." | "stack/frontend Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to wonderful-toucan-0." | "stack/frontend Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to good-snake-515." | "stack/frontend Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to bold-cuttlefish-804." | "stack/frontend Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to precious-dog-365." | "stack/engineering Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to wonderful-toucan-0." | "stack/engineering Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to good-snake-515." | "stack/engineering Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to bold-cuttlefish-804." | "stack/engineering Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to precious-dog-365." | "stack/engineering Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to wonderful-toucan-0." | "stack/engineering Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to good-snake-515." | "stack/engineering Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to bold-cuttlefish-804." | "stack/engineering Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to precious-dog-365." | "stack/engineering Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to wonderful-toucan-0." | "stack/engineering Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to good-snake-515." | "stack/engineering Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to bold-cuttlefish-804." | "stack/engineering Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to precious-dog-365." | "stack/engineering Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to wonderful-toucan-0." | "stack/engineering Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to good-snake-515." | "stack/engineering Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to bold-cuttlefish-804." | "stack/engineering Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to precious-dog-365." | "stack/lucern Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to wonderful-toucan-0." | "stack/lucern Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to good-snake-515." | "stack/lucern Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to bold-cuttlefish-804." | "stack/lucern Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to precious-dog-365." | "stack/lucern Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to wonderful-toucan-0." | "stack/lucern Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to good-snake-515." | "stack/lucern Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to bold-cuttlefish-804." | "stack/lucern Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to precious-dog-365." | "stack/lucern Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to wonderful-toucan-0." | "stack/lucern Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to good-snake-515." | "stack/lucern Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to bold-cuttlefish-804." | "stack/lucern Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to precious-dog-365." | "stack/lucern Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to wonderful-toucan-0." | "stack/lucern Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to good-snake-515." | "stack/lucern Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to bold-cuttlefish-804." | "stack/lucern Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to precious-dog-365." | "lucern/stackos Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to wonderful-toucan-0." | "lucern/stackos Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to good-snake-515." | "lucern/stackos Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to bold-cuttlefish-804." | "lucern/stackos Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to precious-dog-365." | "lucern/stackos Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to wonderful-toucan-0." | "lucern/stackos Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to good-snake-515." | "lucern/stackos Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to bold-cuttlefish-804." | "lucern/stackos Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to precious-dog-365." | "lucern/stackos Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to wonderful-toucan-0." | "lucern/stackos Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to good-snake-515." | "lucern/stackos Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to bold-cuttlefish-804." | "lucern/stackos Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to precious-dog-365." | "lucern/stackos Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to wonderful-toucan-0." | "lucern/stackos Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to good-snake-515." | "lucern/stackos Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to bold-cuttlefish-804." | "lucern/stackos Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to precious-dog-365." | "lucern/frontend Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to wonderful-toucan-0." | "lucern/frontend Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to good-snake-515." | "lucern/frontend Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to bold-cuttlefish-804." | "lucern/frontend Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to precious-dog-365." | "lucern/frontend Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to wonderful-toucan-0." | "lucern/frontend Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to good-snake-515." | "lucern/frontend Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to bold-cuttlefish-804." | "lucern/frontend Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to precious-dog-365." | "lucern/frontend Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to wonderful-toucan-0." | "lucern/frontend Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to good-snake-515." | "lucern/frontend Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to bold-cuttlefish-804." | "lucern/frontend Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to precious-dog-365." | "lucern/frontend Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to wonderful-toucan-0." | "lucern/frontend Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to good-snake-515." | "lucern/frontend Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to bold-cuttlefish-804." | "lucern/frontend Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to precious-dog-365." | "lucern/engineering Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to wonderful-toucan-0." | "lucern/engineering Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to good-snake-515." | "lucern/engineering Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to bold-cuttlefish-804." | "lucern/engineering Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to precious-dog-365." | "lucern/engineering Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to wonderful-toucan-0." | "lucern/engineering Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to good-snake-515." | "lucern/engineering Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to bold-cuttlefish-804." | "lucern/engineering Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to precious-dog-365." | "lucern/engineering Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to wonderful-toucan-0." | "lucern/engineering Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to good-snake-515." | "lucern/engineering Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to bold-cuttlefish-804." | "lucern/engineering Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to precious-dog-365." | "lucern/engineering Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to wonderful-toucan-0." | "lucern/engineering Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to good-snake-515." | "lucern/engineering Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to bold-cuttlefish-804." | "lucern/engineering Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to precious-dog-365." | "lucern/lucern Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to wonderful-toucan-0." | "lucern/lucern Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to good-snake-515." | "lucern/lucern Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to bold-cuttlefish-804." | "lucern/lucern Convex URL. Pre-prod resolves to rugged-lobster-664; prod resolves to precious-dog-365." | "lucern/lucern Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to wonderful-toucan-0." | "lucern/lucern Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to good-snake-515." | "lucern/lucern Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to bold-cuttlefish-804." | "lucern/lucern Convex URL. Pre-prod resolves to giant-mandrill-761; prod resolves to precious-dog-365." | "lucern/lucern Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to wonderful-toucan-0." | "lucern/lucern Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to good-snake-515." | "lucern/lucern Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to bold-cuttlefish-804." | "lucern/lucern Convex URL. Pre-prod resolves to small-oyster-270; prod resolves to precious-dog-365." | "lucern/lucern Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to wonderful-toucan-0." | "lucern/lucern Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to good-snake-515." | "lucern/lucern Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to bold-cuttlefish-804." | "lucern/lucern Convex URL. Pre-prod resolves to good-blackbird-774; prod resolves to precious-dog-365.";
|
|
1737
|
+
} | {
|
|
1738
|
+
readonly id: "tenant.stackos.convex.deploy-key" | "tenant.stack-frontend.convex.deploy-key" | "tenant.stack-eng.convex.deploy-key" | "tenant.lucern-graph.convex.deploy-key";
|
|
1739
|
+
readonly canonicalName: "CONVEX_FRONTEND_DEPLOY_KEY" | "CONVEX_STACKOS_DEPLOY_KEY" | "CONVEX_STACK_ENG_DEPLOY_KEY" | "CONVEX_LUCERN_DEPLOY_KEY";
|
|
1740
|
+
readonly aliases: readonly string[] | undefined;
|
|
1741
|
+
readonly owner: "tenant";
|
|
1742
|
+
readonly scope: "software_system";
|
|
1743
|
+
readonly sourcePath: "/tenants/stack" | "/tenants/stack/engineering" | "/tenants/lucern/shared";
|
|
1744
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1745
|
+
readonly required: true;
|
|
1746
|
+
readonly secret: true;
|
|
1747
|
+
readonly public: false;
|
|
1748
|
+
readonly consumers: readonly ["tenant-vercel-app", "tenant-agent-runtime", "mc-operator-tooling"];
|
|
1749
|
+
readonly destinations: readonly [{
|
|
1750
|
+
readonly kind: "vercel";
|
|
1751
|
+
readonly target: "stackos" | "ai-chatbot-diao" | "stackos-engineering-graph" | "lucern-graph";
|
|
1752
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1753
|
+
}, {
|
|
1754
|
+
readonly kind: "github_actions";
|
|
1755
|
+
readonly target: "stack-vc/stackos" | "stack-vc/stackos-engineering-graph" | "stack-vc/front-end" | "stack-vc/lucern-graph" | "LucernAI/stackos" | "LucernAI/front-end" | "LucernAI/stackos-engineering-graph" | "LucernAI/lucern-graph";
|
|
1756
|
+
readonly environmentPolicy: "preprod_staging_prod_prod";
|
|
1757
|
+
readonly writeNames: readonly string[];
|
|
1758
|
+
readonly notes: "Only if that repository deploy/test workflow owns this software system.";
|
|
1759
|
+
}];
|
|
1760
|
+
readonly description: "stack/stackos Convex deploy/admin key. Never route to sibling workspaces." | "stack/frontend Convex deploy/admin key. Never route to sibling workspaces." | "stack/engineering Convex deploy/admin key. Never route to sibling workspaces." | "stack/lucern Convex deploy/admin key. Never route to sibling workspaces." | "lucern/stackos Convex deploy/admin key. Never route to sibling workspaces." | "lucern/frontend Convex deploy/admin key. Never route to sibling workspaces." | "lucern/engineering Convex deploy/admin key. Never route to sibling workspaces." | "lucern/lucern Convex deploy/admin key. Never route to sibling workspaces.";
|
|
1761
|
+
})[]];
|
|
1762
|
+
type InfisicalSecretId = (typeof INFISICAL_SECRET_DEFINITIONS)[number]["id"];
|
|
1763
|
+
declare function findInfisicalSecretDefinition(secretId: InfisicalSecretId): InfisicalSecretDefinition | undefined;
|
|
1764
|
+
declare function infisicalSecretDefinitionsForConsumer(consumer: InfisicalSecretConsumer): readonly InfisicalSecretDefinition[];
|
|
1765
|
+
declare function infisicalSecretDefinitionsForDestination(kind: InfisicalSecretDestinationKind, target: string): readonly InfisicalSecretDefinition[];
|
|
1766
|
+
declare function validateInfisicalSecretDefinitions(definitions?: readonly InfisicalSecretDefinition[]): readonly string[];
|
|
1767
|
+
|
|
1768
|
+
export { INFISICAL_CONVEX_TIERS, INFISICAL_CONVEX_TIER_BY_VERCEL_ENVIRONMENT, INFISICAL_RUNTIME_BOOTSTRAP_ENV, INFISICAL_RUNTIME_CONTRACT_VERSION, INFISICAL_RUNTIME_CONTROL_ENV, INFISICAL_RUNTIME_DEFAULT_API_URL, INFISICAL_RUNTIME_DEFAULT_PROJECT_ID, INFISICAL_RUNTIME_DELIVERY_MODES, INFISICAL_RUNTIME_ENVIRONMENTS, INFISICAL_RUNTIME_PATHS, INFISICAL_RUNTIME_SURFACES, INFISICAL_RUNTIME_SURFACE_IDS, INFISICAL_SECRET_CONSUMERS, INFISICAL_SECRET_DEFINITIONS, INFISICAL_SECRET_DESTINATION_KINDS, INFISICAL_SECRET_ENVIRONMENT_POLICIES, INFISICAL_SECRET_OWNERS, INFISICAL_SECRET_SCOPES, INFISICAL_TENANT_SOFTWARE_SYSTEMS, INFISICAL_VERCEL_DESTINATION_ENVIRONMENTS, INFISICAL_VERCEL_SYNC_DESTINATIONS, INFISICAL_VERCEL_SYNC_RECONCILIATION, INFISICAL_VERCEL_TARGETS, type InfisicalConvexTier, type InfisicalRuntimeBootstrapEnv, type InfisicalRuntimeControlEnv, type InfisicalRuntimeDeliveryMode, type InfisicalRuntimeEnvironment, type InfisicalRuntimePath, type InfisicalRuntimePathDefinition, type InfisicalRuntimePathId, type InfisicalRuntimeSurface, type InfisicalRuntimeSurfaceDefinition, type InfisicalRuntimeSurfaceId, type InfisicalRuntimeVariable, type InfisicalSecretConsumer, type InfisicalSecretDefinition, type InfisicalSecretDestination, type InfisicalSecretDestinationKind, type InfisicalSecretEnvironmentPolicy, type InfisicalSecretId, type InfisicalSecretOwner, type InfisicalSecretScope, type InfisicalTenantSoftwareSystem, type InfisicalTenantSoftwareSystemDefinition, type InfisicalTenantSoftwareSystemId, type InfisicalVercelDestinationEnvironment, type InfisicalVercelSyncDestination, type InfisicalVercelTarget, convexTierForVercelDestinationEnvironment, expectedTenantConvexDeploymentForVercelEnvironment, findInfisicalRuntimePath, findInfisicalRuntimeSurface, findInfisicalSecretDefinition, findInfisicalTenantSoftwareSystem, findInfisicalVercelSyncDestination, infisicalSecretDefinitionsForConsumer, infisicalSecretDefinitionsForDestination, tenantSoftwareSystemConvexEnvNames, tenantSoftwareSystemOwnsConvexEnvName, validateInfisicalSecretDefinitions, vercelCustomEnvironmentIdForTenantSoftwareSystem };
|