@lucern/contracts 0.3.0-alpha.11 → 0.3.0-alpha.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth-context.contract.js +13 -1
- package/dist/auth-context.contract.js.map +1 -1
- package/dist/auth-session.contract.js +13 -1
- package/dist/auth-session.contract.js.map +1 -1
- package/dist/auth.contract.d.ts +1 -1
- package/dist/auth.contract.js +13 -1
- package/dist/auth.contract.js.map +1 -1
- package/dist/component-boundary.contract.js +1 -0
- package/dist/component-boundary.contract.js.map +1 -1
- package/dist/function-registry/beliefs.d.ts +10 -10
- package/dist/function-registry/beliefs.js +53 -2
- package/dist/function-registry/beliefs.js.map +1 -1
- package/dist/function-registry/coding.d.ts +6 -6
- package/dist/function-registry/coding.js +53 -2
- package/dist/function-registry/coding.js.map +1 -1
- package/dist/function-registry/context.d.ts +3 -3
- package/dist/function-registry/context.js +53 -2
- package/dist/function-registry/context.js.map +1 -1
- package/dist/function-registry/contracts.d.ts +3 -3
- package/dist/function-registry/contracts.js +53 -2
- package/dist/function-registry/contracts.js.map +1 -1
- package/dist/function-registry/coordination.d.ts +9 -9
- package/dist/function-registry/coordination.js +53 -2
- package/dist/function-registry/coordination.js.map +1 -1
- package/dist/function-registry/edges.d.ts +6 -6
- package/dist/function-registry/edges.js +53 -2
- package/dist/function-registry/edges.js.map +1 -1
- package/dist/function-registry/evidence.d.ts +8 -8
- package/dist/function-registry/evidence.js +53 -2
- package/dist/function-registry/evidence.js.map +1 -1
- package/dist/function-registry/graph.d.ts +15 -15
- package/dist/function-registry/graph.js +53 -2
- package/dist/function-registry/graph.js.map +1 -1
- package/dist/function-registry/helpers.d.ts +2 -2
- package/dist/function-registry/helpers.js +53 -2
- package/dist/function-registry/helpers.js.map +1 -1
- package/dist/function-registry/identity.d.ts +56 -16
- package/dist/function-registry/identity.js +75 -4
- package/dist/function-registry/identity.js.map +1 -1
- package/dist/function-registry/index.d.ts +1 -1
- package/dist/function-registry/index.js +53 -2
- package/dist/function-registry/index.js.map +1 -1
- package/dist/function-registry/judgments.d.ts +2 -2
- package/dist/function-registry/judgments.js +53 -2
- package/dist/function-registry/judgments.js.map +1 -1
- package/dist/function-registry/legacy.d.ts +1 -1
- package/dist/function-registry/legacy.js +53 -2
- package/dist/function-registry/legacy.js.map +1 -1
- package/dist/function-registry/lenses.d.ts +4 -4
- package/dist/function-registry/lenses.js +53 -2
- package/dist/function-registry/lenses.js.map +1 -1
- package/dist/function-registry/manifest.d.ts +3 -3
- package/dist/function-registry/manifest.js +1 -0
- package/dist/function-registry/manifest.js.map +1 -1
- package/dist/function-registry/nodes.d.ts +8 -8
- package/dist/function-registry/nodes.js +53 -2
- package/dist/function-registry/nodes.js.map +1 -1
- package/dist/function-registry/ontologies.d.ts +11 -11
- package/dist/function-registry/ontologies.js +53 -2
- package/dist/function-registry/ontologies.js.map +1 -1
- package/dist/function-registry/pipeline.d.ts +3 -3
- package/dist/function-registry/pipeline.js +53 -2
- package/dist/function-registry/pipeline.js.map +1 -1
- package/dist/function-registry/questions.d.ts +12 -12
- package/dist/function-registry/questions.js +53 -2
- package/dist/function-registry/questions.js.map +1 -1
- package/dist/function-registry/tasks.d.ts +4 -4
- package/dist/function-registry/tasks.js +53 -2
- package/dist/function-registry/tasks.js.map +1 -1
- package/dist/function-registry/topics.d.ts +7 -7
- package/dist/function-registry/topics.js +53 -2
- package/dist/function-registry/topics.js.map +1 -1
- package/dist/function-registry/types.d.ts +2 -2
- package/dist/function-registry/worktrees.d.ts +11 -11
- package/dist/function-registry/worktrees.js +53 -2
- package/dist/function-registry/worktrees.js.map +1 -1
- package/dist/generated/convexSchemas.js +4 -3
- package/dist/generated/convexSchemas.js.map +1 -1
- package/dist/generated/infisicalRuntimeEnv.js +357 -0
- package/dist/generated/infisicalRuntimeEnv.js.map +1 -1
- package/dist/generated/schema-manifest.json +88 -3
- package/dist/generated/tableOwnership.d.ts +2 -1
- package/dist/generated/tableOwnership.js +2 -0
- package/dist/generated/tableOwnership.js.map +1 -1
- package/dist/generated/tier-expectations.json +6 -3
- package/dist/index.d.ts +3 -2
- package/dist/index.js +726 -19
- package/dist/index.js.map +1 -1
- package/dist/infisical-runtime.contract.d.ts +44 -0
- package/dist/infisical-runtime.contract.js +52 -0
- package/dist/infisical-runtime.contract.js.map +1 -1
- package/dist/manifests/infisical-runtime-manifest.d.ts +44 -0
- package/dist/manifests/infisical-runtime-manifest.js +52 -0
- package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
- package/dist/manifests/tenant-client-manifest.d.ts +8 -3
- package/dist/manifests/tenant-client-manifest.js +18 -1
- package/dist/manifests/tenant-client-manifest.js.map +1 -1
- package/dist/permit-principal-projection.contract.d.ts +74 -0
- package/dist/permit-principal-projection.contract.js +160 -0
- package/dist/permit-principal-projection.contract.js.map +1 -0
- package/dist/proof-attestation.json +1 -1
- package/dist/schemas/index.js +36 -1
- package/dist/schemas/index.js.map +1 -1
- package/dist/schemas/manifest.d.ts +85 -10
- package/dist/schemas/manifest.js +36 -1
- package/dist/schemas/manifest.js.map +1 -1
- package/dist/schemas/tables/controlPlane/accessControl.d.ts +2 -2
- package/dist/schemas/tables/controlPlane/accessControl.js +6 -1
- package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -1
- package/dist/schemas/tables/kernel/events.d.ts +21 -0
- package/dist/schemas/tables/kernel/events.js +43 -0
- package/dist/schemas/tables/kernel/events.js.map +1 -0
- package/dist/{sdk-tools.contract-BNklQDfB.d.ts → sdk-tools.contract-CKmSsrZ2.d.ts} +1 -1
- package/dist/sdk-tools.contract.d.ts +2 -2
- package/dist/sdk-tools.contract.js +45 -1
- package/dist/sdk-tools.contract.js.map +1 -1
- package/dist/tenant-bootstrap-seed.contract.d.ts +22 -2
- package/dist/tenant-bootstrap-seed.contract.js +15 -2
- package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
- package/dist/tenant-bootstrap-seed.defaults.d.ts +1 -1
- package/dist/tenant-bootstrap-seed.defaults.js +30 -12
- package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
- package/dist/tenant-client.contract.d.ts +8 -3
- package/dist/tenant-client.contract.js +18 -1
- package/dist/tenant-client.contract.js.map +1 -1
- package/dist/{tool-contracts-BevD9Ho2.d.ts → tool-contracts-C_xvM9q2.d.ts} +4 -2
- package/dist/tool-contracts.d.ts +1 -1
- package/dist/tool-contracts.js +46 -2
- package/dist/tool-contracts.js.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -189,7 +189,13 @@ var SESSION_AUTH_MODES = [
|
|
|
189
189
|
"tenant_api_key",
|
|
190
190
|
"session_token"
|
|
191
191
|
];
|
|
192
|
-
var SESSION_PRINCIPAL_TYPES = [
|
|
192
|
+
var SESSION_PRINCIPAL_TYPES = [
|
|
193
|
+
"human",
|
|
194
|
+
"service",
|
|
195
|
+
"agent",
|
|
196
|
+
"group",
|
|
197
|
+
"external_viewer"
|
|
198
|
+
];
|
|
193
199
|
var SESSION_LIFECYCLE_STATUSES = [
|
|
194
200
|
"active",
|
|
195
201
|
"expired",
|
|
@@ -202,6 +208,12 @@ function inferSessionPrincipalType(principalId) {
|
|
|
202
208
|
if (principalId.startsWith("agent:")) {
|
|
203
209
|
return "agent";
|
|
204
210
|
}
|
|
211
|
+
if (principalId.startsWith("group:")) {
|
|
212
|
+
return "group";
|
|
213
|
+
}
|
|
214
|
+
if (principalId.startsWith("external:") || principalId.startsWith("external_viewer:")) {
|
|
215
|
+
return "external_viewer";
|
|
216
|
+
}
|
|
205
217
|
return "service";
|
|
206
218
|
}
|
|
207
219
|
function normalizeDelegationChain(args) {
|
|
@@ -262,6 +274,7 @@ var TABLE_OWNERSHIP = {
|
|
|
262
274
|
"deliberationContributions": "K",
|
|
263
275
|
"deliberationSessions": "K",
|
|
264
276
|
"deploymentHosts": "L",
|
|
277
|
+
"domainEvents": "K",
|
|
265
278
|
"epistemicAudit": "K",
|
|
266
279
|
"epistemicContracts": "K",
|
|
267
280
|
"epistemicEdges": "K",
|
|
@@ -2491,6 +2504,35 @@ var systemLogs = defineTable({
|
|
|
2491
2504
|
{ kind: "index", name: "by_source", columns: ["source"] }
|
|
2492
2505
|
]
|
|
2493
2506
|
});
|
|
2507
|
+
var domainEvents = defineTable({
|
|
2508
|
+
name: "domainEvents",
|
|
2509
|
+
component: "kernel",
|
|
2510
|
+
category: "events",
|
|
2511
|
+
shape: z.object({
|
|
2512
|
+
"eventId": z.string(),
|
|
2513
|
+
"type": z.string(),
|
|
2514
|
+
"version": z.string(),
|
|
2515
|
+
"timestamp": z.number(),
|
|
2516
|
+
"tenantId": z.string().optional(),
|
|
2517
|
+
"workspaceId": z.string().optional(),
|
|
2518
|
+
"topicId": z.string(),
|
|
2519
|
+
"resourceId": z.string(),
|
|
2520
|
+
"resourceType": z.string(),
|
|
2521
|
+
"actorId": z.string(),
|
|
2522
|
+
"actorType": z.enum(["human", "agent", "service"]),
|
|
2523
|
+
"data": z.record(z.any()),
|
|
2524
|
+
"correlationId": z.string().optional(),
|
|
2525
|
+
"expiresAt": z.number()
|
|
2526
|
+
}),
|
|
2527
|
+
indices: [
|
|
2528
|
+
{ kind: "index", name: "by_eventId", columns: ["eventId"] },
|
|
2529
|
+
{ kind: "index", name: "by_topic_timestamp", columns: ["topicId", "timestamp"] },
|
|
2530
|
+
{ kind: "index", name: "by_tenant_workspace_timestamp", columns: ["tenantId", "workspaceId", "timestamp"] },
|
|
2531
|
+
{ kind: "index", name: "by_type_timestamp", columns: ["type", "timestamp"] },
|
|
2532
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId", "timestamp"] },
|
|
2533
|
+
{ kind: "index", name: "by_expiresAt", columns: ["expiresAt"] }
|
|
2534
|
+
]
|
|
2535
|
+
});
|
|
2494
2536
|
var beliefConfidence = defineTable({
|
|
2495
2537
|
name: "beliefConfidence",
|
|
2496
2538
|
component: "kernel",
|
|
@@ -5789,7 +5831,9 @@ var permitObjectType = z.enum([
|
|
|
5789
5831
|
"group",
|
|
5790
5832
|
"resource_instance",
|
|
5791
5833
|
"relationship_tuple",
|
|
5792
|
-
"role_assignment"
|
|
5834
|
+
"role_assignment",
|
|
5835
|
+
"attribute_binding",
|
|
5836
|
+
"policy_bundle"
|
|
5793
5837
|
]);
|
|
5794
5838
|
var permitOutboxOperation = z.enum([
|
|
5795
5839
|
"upsert",
|
|
@@ -5895,7 +5939,10 @@ var permitPrincipalAliases = defineTable({
|
|
|
5895
5939
|
}),
|
|
5896
5940
|
indices: [
|
|
5897
5941
|
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
5942
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "providerSubjectId"] },
|
|
5943
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "providerSubjectId"] },
|
|
5898
5944
|
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
|
|
5945
|
+
{ kind: "index", name: "by_tenant_provider_project_subject", columns: ["tenantId", "provider", "providerProjectId", "providerSubjectId"] },
|
|
5899
5946
|
{
|
|
5900
5947
|
kind: "index",
|
|
5901
5948
|
name: "by_tenant_provider_alias",
|
|
@@ -7104,6 +7151,7 @@ var KERNEL_TABLE_CONTRACTS = [
|
|
|
7104
7151
|
decisionParticipants,
|
|
7105
7152
|
decisionRiskLedger,
|
|
7106
7153
|
decisionSnapshots,
|
|
7154
|
+
domainEvents,
|
|
7107
7155
|
deliberationContributions,
|
|
7108
7156
|
deliberationSessions,
|
|
7109
7157
|
stakeholderGroups,
|
|
@@ -7387,7 +7435,9 @@ var TENANT_CLIENT_AUTH_MODES = [
|
|
|
7387
7435
|
var TENANT_CLIENT_PRINCIPAL_TYPES = [
|
|
7388
7436
|
"human",
|
|
7389
7437
|
"service",
|
|
7390
|
-
"agent"
|
|
7438
|
+
"agent",
|
|
7439
|
+
"group",
|
|
7440
|
+
"external_viewer"
|
|
7391
7441
|
];
|
|
7392
7442
|
var TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS = [
|
|
7393
7443
|
"tenantId",
|
|
@@ -7397,8 +7447,16 @@ var TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS = [
|
|
|
7397
7447
|
"scopes"
|
|
7398
7448
|
];
|
|
7399
7449
|
var TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS = [
|
|
7450
|
+
"clerkId",
|
|
7400
7451
|
"principalType",
|
|
7401
7452
|
"roles",
|
|
7453
|
+
"groupIds",
|
|
7454
|
+
"permittedToolNames",
|
|
7455
|
+
"permittedPackKeys",
|
|
7456
|
+
"principalStatus",
|
|
7457
|
+
"tenantStatus",
|
|
7458
|
+
"workspaceStatus",
|
|
7459
|
+
"permit",
|
|
7402
7460
|
"sessionId",
|
|
7403
7461
|
"delegationChain"
|
|
7404
7462
|
];
|
|
@@ -7676,6 +7734,7 @@ var TENANT_CLIENT_REQUIRED_SDK_NAMESPACES = [
|
|
|
7676
7734
|
"ontologyLinks",
|
|
7677
7735
|
"graphStateClassifier",
|
|
7678
7736
|
"tools",
|
|
7737
|
+
"controlPlane",
|
|
7679
7738
|
"identity",
|
|
7680
7739
|
"modelRuntime",
|
|
7681
7740
|
"events",
|
|
@@ -7683,6 +7742,12 @@ var TENANT_CLIENT_REQUIRED_SDK_NAMESPACES = [
|
|
|
7683
7742
|
"telemetry"
|
|
7684
7743
|
];
|
|
7685
7744
|
var TENANT_CLIENT_CAPABILITIES = [
|
|
7745
|
+
{
|
|
7746
|
+
id: "identity.resolve_interactive_principal",
|
|
7747
|
+
description: "Resolve a Clerk-authenticated user into a Permit-backed Lucern principal context.",
|
|
7748
|
+
surfaces: ["@lucern/sdk", "@lucern/cli", "@lucern/mcp"],
|
|
7749
|
+
requiredContextFields: ["principalId", "tenantId", "scopes"]
|
|
7750
|
+
},
|
|
7686
7751
|
{
|
|
7687
7752
|
id: "identity.bootstrap_session",
|
|
7688
7753
|
description: "Start a scoped Lucern session for a tenant principal.",
|
|
@@ -8433,6 +8498,27 @@ var PLATFORM_SECRET_DEFINITIONS = [
|
|
|
8433
8498
|
],
|
|
8434
8499
|
description: "Canonical Lucern Clerk project identifier used when MC resolves Clerk identities."
|
|
8435
8500
|
},
|
|
8501
|
+
{
|
|
8502
|
+
id: "platform.clerk.webhook-secret",
|
|
8503
|
+
canonicalName: "LUCERN_CLERK_WEBHOOK_SECRET",
|
|
8504
|
+
aliases: ["CLERK_WEBHOOK_SECRET", "CLERK_WEBHOOK_SIGNING_SECRET"],
|
|
8505
|
+
owner: "lucern_platform",
|
|
8506
|
+
scope: "environment",
|
|
8507
|
+
sourcePath: "/platform/auth",
|
|
8508
|
+
environmentPolicy: "environment_specific",
|
|
8509
|
+
required: true,
|
|
8510
|
+
secret: true,
|
|
8511
|
+
public: false,
|
|
8512
|
+
consumers: ["lucern-gateway"],
|
|
8513
|
+
destinations: [
|
|
8514
|
+
{
|
|
8515
|
+
kind: "vercel",
|
|
8516
|
+
target: "lucern-gateway",
|
|
8517
|
+
environmentPolicy: "environment_specific"
|
|
8518
|
+
}
|
|
8519
|
+
],
|
|
8520
|
+
description: "Lucern-owned Clerk/Svix webhook signing secret used by the gateway to verify Clerk identity and organization events before projecting them into Permit."
|
|
8521
|
+
},
|
|
8436
8522
|
{
|
|
8437
8523
|
id: "platform.clerk.jwks",
|
|
8438
8524
|
canonicalName: "CLERK_JWKS_URL",
|
|
@@ -8732,6 +8818,37 @@ var PLATFORM_SECRET_DEFINITIONS = [
|
|
|
8732
8818
|
],
|
|
8733
8819
|
description: "Permit.io API key used for MC sync and policy checks. Must fail closed if missing."
|
|
8734
8820
|
},
|
|
8821
|
+
{
|
|
8822
|
+
id: "platform.permit.webhook-secret",
|
|
8823
|
+
canonicalName: "LUCERN_PERMIT_WEBHOOK_SECRET",
|
|
8824
|
+
aliases: ["PERMIT_WEBHOOK_SECRET"],
|
|
8825
|
+
owner: "lucern_platform",
|
|
8826
|
+
scope: "environment",
|
|
8827
|
+
sourcePath: "/platform/permit",
|
|
8828
|
+
environmentPolicy: "environment_specific",
|
|
8829
|
+
required: true,
|
|
8830
|
+
secret: true,
|
|
8831
|
+
public: false,
|
|
8832
|
+
consumers: ["mc-convex", "lucern-gateway", "mc-operator-tooling"],
|
|
8833
|
+
destinations: [
|
|
8834
|
+
{
|
|
8835
|
+
kind: "convex",
|
|
8836
|
+
target: "master-control",
|
|
8837
|
+
environmentPolicy: "environment_specific"
|
|
8838
|
+
},
|
|
8839
|
+
{
|
|
8840
|
+
kind: "vercel",
|
|
8841
|
+
target: "lucern-gateway",
|
|
8842
|
+
environmentPolicy: "environment_specific"
|
|
8843
|
+
},
|
|
8844
|
+
{
|
|
8845
|
+
kind: "operator_local",
|
|
8846
|
+
target: "mc-credential-maintenance",
|
|
8847
|
+
environmentPolicy: "environment_specific"
|
|
8848
|
+
}
|
|
8849
|
+
],
|
|
8850
|
+
description: "Permit.io webhook secret used by gateway and MC webhook handlers. Must fail closed if missing."
|
|
8851
|
+
},
|
|
8735
8852
|
{
|
|
8736
8853
|
id: "platform.permit.pdp-url",
|
|
8737
8854
|
canonicalName: "LUCERN_PERMIT_PDP_URL",
|
|
@@ -11015,6 +11132,8 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
11015
11132
|
"CLERK_PROJECT_ID",
|
|
11016
11133
|
"CLERK_PUBLISHABLE_KEY",
|
|
11017
11134
|
"CLERK_SECRET_KEY",
|
|
11135
|
+
"CLERK_WEBHOOK_SECRET",
|
|
11136
|
+
"CLERK_WEBHOOK_SIGNING_SECRET",
|
|
11018
11137
|
"CONVEX_CLOUD_URL",
|
|
11019
11138
|
"CONVEX_DEPLOY_KEY",
|
|
11020
11139
|
"CONVEX_DEPLOYMENT",
|
|
@@ -11078,6 +11197,7 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
11078
11197
|
"LUCERN_AUTH_BASE_URL",
|
|
11079
11198
|
"LUCERN_BASE_URL",
|
|
11080
11199
|
"LUCERN_CLERK_PROJECT_ID",
|
|
11200
|
+
"LUCERN_CLERK_WEBHOOK_SECRET",
|
|
11081
11201
|
"LUCERN_CLI_SESSION_TTL_MS",
|
|
11082
11202
|
"LUCERN_CONTRACTS_SKIP_DTS",
|
|
11083
11203
|
"LUCERN_CONVEX_DEPLOY_KEY",
|
|
@@ -11127,6 +11247,7 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
11127
11247
|
"LUCERN_PERMIT_API_KEY",
|
|
11128
11248
|
"LUCERN_PERMIT_API_URL",
|
|
11129
11249
|
"LUCERN_PERMIT_PDP_URL",
|
|
11250
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET",
|
|
11130
11251
|
"LUCERN_PROD_DEPLOY_KEY",
|
|
11131
11252
|
"LUCERN_PROD_URL",
|
|
11132
11253
|
"LUCERN_PROFILE",
|
|
@@ -11197,6 +11318,7 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
11197
11318
|
"PERMIT_API_KEY",
|
|
11198
11319
|
"PERMIT_API_URL",
|
|
11199
11320
|
"PERMIT_PDP_URL",
|
|
11321
|
+
"PERMIT_WEBHOOK_SECRET",
|
|
11200
11322
|
"PINECONE_API_KEY",
|
|
11201
11323
|
"PINECONE_HOST",
|
|
11202
11324
|
"PINECONE_INDEX",
|
|
@@ -11248,6 +11370,8 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
11248
11370
|
"CLERK_PROJECT_ID",
|
|
11249
11371
|
"CLERK_PUBLISHABLE_KEY",
|
|
11250
11372
|
"CLERK_SECRET_KEY",
|
|
11373
|
+
"CLERK_WEBHOOK_SECRET",
|
|
11374
|
+
"CLERK_WEBHOOK_SIGNING_SECRET",
|
|
11251
11375
|
"CONVEX_CLOUD_URL",
|
|
11252
11376
|
"CONVEX_DEPLOY_KEY",
|
|
11253
11377
|
"CONVEX_DEPLOYMENT",
|
|
@@ -11325,6 +11449,7 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
11325
11449
|
"LUCERN_AUTH_BASE_URL",
|
|
11326
11450
|
"LUCERN_BASE_URL",
|
|
11327
11451
|
"LUCERN_CLERK_PROJECT_ID",
|
|
11452
|
+
"LUCERN_CLERK_WEBHOOK_SECRET",
|
|
11328
11453
|
"LUCERN_CLI_SESSION_TTL_MS",
|
|
11329
11454
|
"LUCERN_CONTRACTS_SKIP_DTS",
|
|
11330
11455
|
"LUCERN_CONVEX_DEPLOY_KEY",
|
|
@@ -11376,6 +11501,7 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
11376
11501
|
"LUCERN_PERMIT_API_KEY",
|
|
11377
11502
|
"LUCERN_PERMIT_API_URL",
|
|
11378
11503
|
"LUCERN_PERMIT_PDP_URL",
|
|
11504
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET",
|
|
11379
11505
|
"LUCERN_PROD_DEPLOY_KEY",
|
|
11380
11506
|
"LUCERN_PROD_URL",
|
|
11381
11507
|
"LUCERN_PROFILE",
|
|
@@ -11449,6 +11575,7 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
11449
11575
|
"PERMIT_API_KEY",
|
|
11450
11576
|
"PERMIT_API_URL",
|
|
11451
11577
|
"PERMIT_PDP_URL",
|
|
11578
|
+
"PERMIT_WEBHOOK_SECRET",
|
|
11452
11579
|
"PINECONE_API_KEY",
|
|
11453
11580
|
"PINECONE_HOST",
|
|
11454
11581
|
"PINECONE_INDEX",
|
|
@@ -13635,6 +13762,40 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
13635
13762
|
],
|
|
13636
13763
|
"description": "stack/frontend: Lucern/MC gateway base URL used by tenant product apps. stack/stackos: Lucern/MC gateway base URL used by tenant product apps."
|
|
13637
13764
|
},
|
|
13765
|
+
"LUCERN_CLERK_WEBHOOK_SECRET": {
|
|
13766
|
+
"secretId": "platform.clerk.webhook-secret",
|
|
13767
|
+
"canonicalName": "LUCERN_CLERK_WEBHOOK_SECRET",
|
|
13768
|
+
"envNames": [
|
|
13769
|
+
"CLERK_WEBHOOK_SECRET",
|
|
13770
|
+
"CLERK_WEBHOOK_SIGNING_SECRET",
|
|
13771
|
+
"LUCERN_CLERK_WEBHOOK_SECRET"
|
|
13772
|
+
],
|
|
13773
|
+
"aliases": [
|
|
13774
|
+
"CLERK_WEBHOOK_SECRET",
|
|
13775
|
+
"CLERK_WEBHOOK_SIGNING_SECRET"
|
|
13776
|
+
],
|
|
13777
|
+
"writeNames": [
|
|
13778
|
+
"LUCERN_CLERK_WEBHOOK_SECRET"
|
|
13779
|
+
],
|
|
13780
|
+
"required": true,
|
|
13781
|
+
"secret": true,
|
|
13782
|
+
"public": false,
|
|
13783
|
+
"sourcePath": "/platform/auth",
|
|
13784
|
+
"environmentPolicy": "environment_specific",
|
|
13785
|
+
"consumers": [
|
|
13786
|
+
"lucern-gateway"
|
|
13787
|
+
],
|
|
13788
|
+
"destinations": [
|
|
13789
|
+
{
|
|
13790
|
+
"kind": "vercel",
|
|
13791
|
+
"target": "lucern-gateway",
|
|
13792
|
+
"writeNames": [
|
|
13793
|
+
"LUCERN_CLERK_WEBHOOK_SECRET"
|
|
13794
|
+
]
|
|
13795
|
+
}
|
|
13796
|
+
],
|
|
13797
|
+
"description": "Lucern-owned Clerk/Svix webhook signing secret used by the gateway to verify Clerk identity and organization events before projecting them into Permit."
|
|
13798
|
+
},
|
|
13638
13799
|
"LUCERN_CLI_SESSION_TTL_MS": {
|
|
13639
13800
|
"canonicalName": "LUCERN_CLI_SESSION_TTL_MS",
|
|
13640
13801
|
"envNames": [
|
|
@@ -14209,6 +14370,54 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
14209
14370
|
],
|
|
14210
14371
|
"description": "Optional Permit PDP URL override."
|
|
14211
14372
|
},
|
|
14373
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET": {
|
|
14374
|
+
"secretId": "platform.permit.webhook-secret",
|
|
14375
|
+
"canonicalName": "LUCERN_PERMIT_WEBHOOK_SECRET",
|
|
14376
|
+
"envNames": [
|
|
14377
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET",
|
|
14378
|
+
"PERMIT_WEBHOOK_SECRET"
|
|
14379
|
+
],
|
|
14380
|
+
"aliases": [
|
|
14381
|
+
"PERMIT_WEBHOOK_SECRET"
|
|
14382
|
+
],
|
|
14383
|
+
"writeNames": [
|
|
14384
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
14385
|
+
],
|
|
14386
|
+
"required": true,
|
|
14387
|
+
"secret": true,
|
|
14388
|
+
"public": false,
|
|
14389
|
+
"sourcePath": "/platform/permit",
|
|
14390
|
+
"environmentPolicy": "environment_specific",
|
|
14391
|
+
"consumers": [
|
|
14392
|
+
"mc-convex",
|
|
14393
|
+
"lucern-gateway",
|
|
14394
|
+
"mc-operator-tooling"
|
|
14395
|
+
],
|
|
14396
|
+
"destinations": [
|
|
14397
|
+
{
|
|
14398
|
+
"kind": "convex",
|
|
14399
|
+
"target": "master-control",
|
|
14400
|
+
"writeNames": [
|
|
14401
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
14402
|
+
]
|
|
14403
|
+
},
|
|
14404
|
+
{
|
|
14405
|
+
"kind": "vercel",
|
|
14406
|
+
"target": "lucern-gateway",
|
|
14407
|
+
"writeNames": [
|
|
14408
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
14409
|
+
]
|
|
14410
|
+
},
|
|
14411
|
+
{
|
|
14412
|
+
"kind": "operator_local",
|
|
14413
|
+
"target": "mc-credential-maintenance",
|
|
14414
|
+
"writeNames": [
|
|
14415
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
14416
|
+
]
|
|
14417
|
+
}
|
|
14418
|
+
],
|
|
14419
|
+
"description": "Permit.io webhook secret used by gateway and MC webhook handlers. Must fail closed if missing."
|
|
14420
|
+
},
|
|
14212
14421
|
"LUCERN_PROXY_TOKEN_SECRET": {
|
|
14213
14422
|
"secretId": "tenant.stack-frontend.lucern.proxy-token-secret",
|
|
14214
14423
|
"canonicalName": "LUCERN_PROXY_TOKEN_SECRET",
|
|
@@ -16855,6 +17064,9 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
16855
17064
|
"LUCERN_API_URL": "LUCERN_API_URL",
|
|
16856
17065
|
"LUCERN_BASE_URL": "LUCERN_BASE_URL",
|
|
16857
17066
|
"LUCERN_GATEWAY_BASE_URL": "LUCERN_BASE_URL",
|
|
17067
|
+
"CLERK_WEBHOOK_SECRET": "LUCERN_CLERK_WEBHOOK_SECRET",
|
|
17068
|
+
"CLERK_WEBHOOK_SIGNING_SECRET": "LUCERN_CLERK_WEBHOOK_SECRET",
|
|
17069
|
+
"LUCERN_CLERK_WEBHOOK_SECRET": "LUCERN_CLERK_WEBHOOK_SECRET",
|
|
16858
17070
|
"LUCERN_CLI_SESSION_TTL_MS": "LUCERN_CLI_SESSION_TTL_MS",
|
|
16859
17071
|
"CONVEX_DEPLOYMENT": "LUCERN_CONVEX_DEPLOYMENT_NAME",
|
|
16860
17072
|
"CONVEX_DEV_DEPLOYMENT_NAME": "LUCERN_CONVEX_DEPLOYMENT_NAME",
|
|
@@ -16907,6 +17119,8 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
16907
17119
|
"PERMIT_API_URL": "LUCERN_PERMIT_API_URL",
|
|
16908
17120
|
"LUCERN_PERMIT_PDP_URL": "LUCERN_PERMIT_PDP_URL",
|
|
16909
17121
|
"PERMIT_PDP_URL": "LUCERN_PERMIT_PDP_URL",
|
|
17122
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET": "LUCERN_PERMIT_WEBHOOK_SECRET",
|
|
17123
|
+
"PERMIT_WEBHOOK_SECRET": "LUCERN_PERMIT_WEBHOOK_SECRET",
|
|
16910
17124
|
"LUCERN_PROXY_TOKEN_SECRET": "LUCERN_PROXY_TOKEN_SECRET",
|
|
16911
17125
|
"LUCERN_REQUIRE_DEPLOYMENT_HOST_REGISTRY": "LUCERN_REQUIRE_DEPLOYMENT_HOST_REGISTRY",
|
|
16912
17126
|
"LUCERN_KERNEL_INSTALL_SPEC": "LUCERN_SDK_NPM_TOKEN",
|
|
@@ -17867,6 +18081,40 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
17867
18081
|
],
|
|
17868
18082
|
"description": "Canonical Lucern API gateway URL. Canonical Lucern API gateway base URL. Older names remain aliases only."
|
|
17869
18083
|
},
|
|
18084
|
+
{
|
|
18085
|
+
"secretId": "platform.clerk.webhook-secret",
|
|
18086
|
+
"canonicalName": "LUCERN_CLERK_WEBHOOK_SECRET",
|
|
18087
|
+
"envNames": [
|
|
18088
|
+
"CLERK_WEBHOOK_SECRET",
|
|
18089
|
+
"CLERK_WEBHOOK_SIGNING_SECRET",
|
|
18090
|
+
"LUCERN_CLERK_WEBHOOK_SECRET"
|
|
18091
|
+
],
|
|
18092
|
+
"aliases": [
|
|
18093
|
+
"CLERK_WEBHOOK_SECRET",
|
|
18094
|
+
"CLERK_WEBHOOK_SIGNING_SECRET"
|
|
18095
|
+
],
|
|
18096
|
+
"writeNames": [
|
|
18097
|
+
"LUCERN_CLERK_WEBHOOK_SECRET"
|
|
18098
|
+
],
|
|
18099
|
+
"required": true,
|
|
18100
|
+
"secret": true,
|
|
18101
|
+
"public": false,
|
|
18102
|
+
"sourcePath": "/platform/auth",
|
|
18103
|
+
"environmentPolicy": "environment_specific",
|
|
18104
|
+
"consumers": [
|
|
18105
|
+
"lucern-gateway"
|
|
18106
|
+
],
|
|
18107
|
+
"destinations": [
|
|
18108
|
+
{
|
|
18109
|
+
"kind": "vercel",
|
|
18110
|
+
"target": "lucern-gateway",
|
|
18111
|
+
"writeNames": [
|
|
18112
|
+
"LUCERN_CLERK_WEBHOOK_SECRET"
|
|
18113
|
+
]
|
|
18114
|
+
}
|
|
18115
|
+
],
|
|
18116
|
+
"description": "Lucern-owned Clerk/Svix webhook signing secret used by the gateway to verify Clerk identity and organization events before projecting them into Permit."
|
|
18117
|
+
},
|
|
17870
18118
|
{
|
|
17871
18119
|
"canonicalName": "LUCERN_CLI_SESSION_TTL_MS",
|
|
17872
18120
|
"envNames": [
|
|
@@ -18190,6 +18438,54 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
18190
18438
|
],
|
|
18191
18439
|
"description": "Optional Permit PDP URL override."
|
|
18192
18440
|
},
|
|
18441
|
+
{
|
|
18442
|
+
"secretId": "platform.permit.webhook-secret",
|
|
18443
|
+
"canonicalName": "LUCERN_PERMIT_WEBHOOK_SECRET",
|
|
18444
|
+
"envNames": [
|
|
18445
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET",
|
|
18446
|
+
"PERMIT_WEBHOOK_SECRET"
|
|
18447
|
+
],
|
|
18448
|
+
"aliases": [
|
|
18449
|
+
"PERMIT_WEBHOOK_SECRET"
|
|
18450
|
+
],
|
|
18451
|
+
"writeNames": [
|
|
18452
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
18453
|
+
],
|
|
18454
|
+
"required": true,
|
|
18455
|
+
"secret": true,
|
|
18456
|
+
"public": false,
|
|
18457
|
+
"sourcePath": "/platform/permit",
|
|
18458
|
+
"environmentPolicy": "environment_specific",
|
|
18459
|
+
"consumers": [
|
|
18460
|
+
"mc-convex",
|
|
18461
|
+
"lucern-gateway",
|
|
18462
|
+
"mc-operator-tooling"
|
|
18463
|
+
],
|
|
18464
|
+
"destinations": [
|
|
18465
|
+
{
|
|
18466
|
+
"kind": "convex",
|
|
18467
|
+
"target": "master-control",
|
|
18468
|
+
"writeNames": [
|
|
18469
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
18470
|
+
]
|
|
18471
|
+
},
|
|
18472
|
+
{
|
|
18473
|
+
"kind": "vercel",
|
|
18474
|
+
"target": "lucern-gateway",
|
|
18475
|
+
"writeNames": [
|
|
18476
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
18477
|
+
]
|
|
18478
|
+
},
|
|
18479
|
+
{
|
|
18480
|
+
"kind": "operator_local",
|
|
18481
|
+
"target": "mc-credential-maintenance",
|
|
18482
|
+
"writeNames": [
|
|
18483
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
18484
|
+
]
|
|
18485
|
+
}
|
|
18486
|
+
],
|
|
18487
|
+
"description": "Permit.io webhook secret used by gateway and MC webhook handlers. Must fail closed if missing."
|
|
18488
|
+
},
|
|
18193
18489
|
{
|
|
18194
18490
|
"secretId": "platform.runtime.require-deployment-host-registry",
|
|
18195
18491
|
"canonicalName": "LUCERN_REQUIRE_DEPLOYMENT_HOST_REGISTRY",
|
|
@@ -21882,6 +22178,54 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
21882
22178
|
],
|
|
21883
22179
|
"description": "Optional Permit PDP URL override."
|
|
21884
22180
|
},
|
|
22181
|
+
{
|
|
22182
|
+
"secretId": "platform.permit.webhook-secret",
|
|
22183
|
+
"canonicalName": "LUCERN_PERMIT_WEBHOOK_SECRET",
|
|
22184
|
+
"envNames": [
|
|
22185
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET",
|
|
22186
|
+
"PERMIT_WEBHOOK_SECRET"
|
|
22187
|
+
],
|
|
22188
|
+
"aliases": [
|
|
22189
|
+
"PERMIT_WEBHOOK_SECRET"
|
|
22190
|
+
],
|
|
22191
|
+
"writeNames": [
|
|
22192
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
22193
|
+
],
|
|
22194
|
+
"required": true,
|
|
22195
|
+
"secret": true,
|
|
22196
|
+
"public": false,
|
|
22197
|
+
"sourcePath": "/platform/permit",
|
|
22198
|
+
"environmentPolicy": "environment_specific",
|
|
22199
|
+
"consumers": [
|
|
22200
|
+
"mc-convex",
|
|
22201
|
+
"lucern-gateway",
|
|
22202
|
+
"mc-operator-tooling"
|
|
22203
|
+
],
|
|
22204
|
+
"destinations": [
|
|
22205
|
+
{
|
|
22206
|
+
"kind": "convex",
|
|
22207
|
+
"target": "master-control",
|
|
22208
|
+
"writeNames": [
|
|
22209
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
22210
|
+
]
|
|
22211
|
+
},
|
|
22212
|
+
{
|
|
22213
|
+
"kind": "vercel",
|
|
22214
|
+
"target": "lucern-gateway",
|
|
22215
|
+
"writeNames": [
|
|
22216
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
22217
|
+
]
|
|
22218
|
+
},
|
|
22219
|
+
{
|
|
22220
|
+
"kind": "operator_local",
|
|
22221
|
+
"target": "mc-credential-maintenance",
|
|
22222
|
+
"writeNames": [
|
|
22223
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
22224
|
+
]
|
|
22225
|
+
}
|
|
22226
|
+
],
|
|
22227
|
+
"description": "Permit.io webhook secret used by gateway and MC webhook handlers. Must fail closed if missing."
|
|
22228
|
+
},
|
|
21885
22229
|
{
|
|
21886
22230
|
"secretId": "platform.mc.session-token-secret",
|
|
21887
22231
|
"canonicalName": "LUCERN_SESSION_TOKEN_SECRET",
|
|
@@ -29694,6 +30038,54 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
29694
30038
|
}
|
|
29695
30039
|
],
|
|
29696
30040
|
"operator_local:mc-credential-maintenance": [
|
|
30041
|
+
{
|
|
30042
|
+
"secretId": "platform.permit.webhook-secret",
|
|
30043
|
+
"canonicalName": "LUCERN_PERMIT_WEBHOOK_SECRET",
|
|
30044
|
+
"envNames": [
|
|
30045
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET",
|
|
30046
|
+
"PERMIT_WEBHOOK_SECRET"
|
|
30047
|
+
],
|
|
30048
|
+
"aliases": [
|
|
30049
|
+
"PERMIT_WEBHOOK_SECRET"
|
|
30050
|
+
],
|
|
30051
|
+
"writeNames": [
|
|
30052
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
30053
|
+
],
|
|
30054
|
+
"required": true,
|
|
30055
|
+
"secret": true,
|
|
30056
|
+
"public": false,
|
|
30057
|
+
"sourcePath": "/platform/permit",
|
|
30058
|
+
"environmentPolicy": "environment_specific",
|
|
30059
|
+
"consumers": [
|
|
30060
|
+
"mc-convex",
|
|
30061
|
+
"lucern-gateway",
|
|
30062
|
+
"mc-operator-tooling"
|
|
30063
|
+
],
|
|
30064
|
+
"destinations": [
|
|
30065
|
+
{
|
|
30066
|
+
"kind": "convex",
|
|
30067
|
+
"target": "master-control",
|
|
30068
|
+
"writeNames": [
|
|
30069
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
30070
|
+
]
|
|
30071
|
+
},
|
|
30072
|
+
{
|
|
30073
|
+
"kind": "vercel",
|
|
30074
|
+
"target": "lucern-gateway",
|
|
30075
|
+
"writeNames": [
|
|
30076
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
30077
|
+
]
|
|
30078
|
+
},
|
|
30079
|
+
{
|
|
30080
|
+
"kind": "operator_local",
|
|
30081
|
+
"target": "mc-credential-maintenance",
|
|
30082
|
+
"writeNames": [
|
|
30083
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
30084
|
+
]
|
|
30085
|
+
}
|
|
30086
|
+
],
|
|
30087
|
+
"description": "Permit.io webhook secret used by gateway and MC webhook handlers. Must fail closed if missing."
|
|
30088
|
+
},
|
|
29697
30089
|
{
|
|
29698
30090
|
"secretId": "platform.mc.tenant-secret-encryption-key",
|
|
29699
30091
|
"canonicalName": "LUCERN_TENANT_SECRET_ENCRYPTION_KEY",
|
|
@@ -33711,6 +34103,40 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
33711
34103
|
],
|
|
33712
34104
|
"description": "Canonical Lucern API gateway base URL. Older names remain aliases only."
|
|
33713
34105
|
},
|
|
34106
|
+
{
|
|
34107
|
+
"secretId": "platform.clerk.webhook-secret",
|
|
34108
|
+
"canonicalName": "LUCERN_CLERK_WEBHOOK_SECRET",
|
|
34109
|
+
"envNames": [
|
|
34110
|
+
"CLERK_WEBHOOK_SECRET",
|
|
34111
|
+
"CLERK_WEBHOOK_SIGNING_SECRET",
|
|
34112
|
+
"LUCERN_CLERK_WEBHOOK_SECRET"
|
|
34113
|
+
],
|
|
34114
|
+
"aliases": [
|
|
34115
|
+
"CLERK_WEBHOOK_SECRET",
|
|
34116
|
+
"CLERK_WEBHOOK_SIGNING_SECRET"
|
|
34117
|
+
],
|
|
34118
|
+
"writeNames": [
|
|
34119
|
+
"LUCERN_CLERK_WEBHOOK_SECRET"
|
|
34120
|
+
],
|
|
34121
|
+
"required": true,
|
|
34122
|
+
"secret": true,
|
|
34123
|
+
"public": false,
|
|
34124
|
+
"sourcePath": "/platform/auth",
|
|
34125
|
+
"environmentPolicy": "environment_specific",
|
|
34126
|
+
"consumers": [
|
|
34127
|
+
"lucern-gateway"
|
|
34128
|
+
],
|
|
34129
|
+
"destinations": [
|
|
34130
|
+
{
|
|
34131
|
+
"kind": "vercel",
|
|
34132
|
+
"target": "lucern-gateway",
|
|
34133
|
+
"writeNames": [
|
|
34134
|
+
"LUCERN_CLERK_WEBHOOK_SECRET"
|
|
34135
|
+
]
|
|
34136
|
+
}
|
|
34137
|
+
],
|
|
34138
|
+
"description": "Lucern-owned Clerk/Svix webhook signing secret used by the gateway to verify Clerk identity and organization events before projecting them into Permit."
|
|
34139
|
+
},
|
|
33714
34140
|
{
|
|
33715
34141
|
"secretId": "platform.gateway.device-verification-base-url",
|
|
33716
34142
|
"canonicalName": "LUCERN_DEVICE_VERIFICATION_BASE_URL",
|
|
@@ -34016,6 +34442,54 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
34016
34442
|
],
|
|
34017
34443
|
"description": "Optional Permit PDP URL override."
|
|
34018
34444
|
},
|
|
34445
|
+
{
|
|
34446
|
+
"secretId": "platform.permit.webhook-secret",
|
|
34447
|
+
"canonicalName": "LUCERN_PERMIT_WEBHOOK_SECRET",
|
|
34448
|
+
"envNames": [
|
|
34449
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET",
|
|
34450
|
+
"PERMIT_WEBHOOK_SECRET"
|
|
34451
|
+
],
|
|
34452
|
+
"aliases": [
|
|
34453
|
+
"PERMIT_WEBHOOK_SECRET"
|
|
34454
|
+
],
|
|
34455
|
+
"writeNames": [
|
|
34456
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
34457
|
+
],
|
|
34458
|
+
"required": true,
|
|
34459
|
+
"secret": true,
|
|
34460
|
+
"public": false,
|
|
34461
|
+
"sourcePath": "/platform/permit",
|
|
34462
|
+
"environmentPolicy": "environment_specific",
|
|
34463
|
+
"consumers": [
|
|
34464
|
+
"mc-convex",
|
|
34465
|
+
"lucern-gateway",
|
|
34466
|
+
"mc-operator-tooling"
|
|
34467
|
+
],
|
|
34468
|
+
"destinations": [
|
|
34469
|
+
{
|
|
34470
|
+
"kind": "convex",
|
|
34471
|
+
"target": "master-control",
|
|
34472
|
+
"writeNames": [
|
|
34473
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
34474
|
+
]
|
|
34475
|
+
},
|
|
34476
|
+
{
|
|
34477
|
+
"kind": "vercel",
|
|
34478
|
+
"target": "lucern-gateway",
|
|
34479
|
+
"writeNames": [
|
|
34480
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
34481
|
+
]
|
|
34482
|
+
},
|
|
34483
|
+
{
|
|
34484
|
+
"kind": "operator_local",
|
|
34485
|
+
"target": "mc-credential-maintenance",
|
|
34486
|
+
"writeNames": [
|
|
34487
|
+
"LUCERN_PERMIT_WEBHOOK_SECRET"
|
|
34488
|
+
]
|
|
34489
|
+
}
|
|
34490
|
+
],
|
|
34491
|
+
"description": "Permit.io webhook secret used by gateway and MC webhook handlers. Must fail closed if missing."
|
|
34492
|
+
},
|
|
34019
34493
|
{
|
|
34020
34494
|
"secretId": "platform.runtime.require-deployment-host-registry",
|
|
34021
34495
|
"canonicalName": "LUCERN_REQUIRE_DEPLOYMENT_HOST_REGISTRY",
|
|
@@ -38024,6 +38498,7 @@ __export(tool_contracts_exports, {
|
|
|
38024
38498
|
REMOVE_EDGES_BETWEEN: () => REMOVE_EDGES_BETWEEN,
|
|
38025
38499
|
REMOVE_LENS_FROM_TOPIC: () => REMOVE_LENS_FROM_TOPIC,
|
|
38026
38500
|
RESOLVE_EFFECTIVE_ONTOLOGY: () => RESOLVE_EFFECTIVE_ONTOLOGY,
|
|
38501
|
+
RESOLVE_INTERACTIVE_PRINCIPAL: () => RESOLVE_INTERACTIVE_PRINCIPAL,
|
|
38027
38502
|
RUN_GRAPH_INTELLIGENCE_QUERY: () => RUN_GRAPH_INTELLIGENCE_QUERY,
|
|
38028
38503
|
SEARCH_BELIEFS: () => SEARCH_BELIEFS,
|
|
38029
38504
|
SEARCH_EVIDENCE: () => SEARCH_EVIDENCE,
|
|
@@ -40357,7 +40832,7 @@ var IDENTITY_WHOAMI = {
|
|
|
40357
40832
|
description: "Canonical identity summary for the current session",
|
|
40358
40833
|
fields: {
|
|
40359
40834
|
principalId: "string \u2014 canonical federated principal identifier",
|
|
40360
|
-
principalType: "string \u2014 human, service, or
|
|
40835
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
40361
40836
|
tenantId: "string | undefined \u2014 resolved tenant scope",
|
|
40362
40837
|
workspaceId: "string | undefined \u2014 resolved workspace scope",
|
|
40363
40838
|
scopes: "string[] | undefined \u2014 granted scopes for this session",
|
|
@@ -40368,6 +40843,49 @@ var IDENTITY_WHOAMI = {
|
|
|
40368
40843
|
ontologyPrimitive: "identity",
|
|
40369
40844
|
tier: "workhorse"
|
|
40370
40845
|
};
|
|
40846
|
+
var RESOLVE_INTERACTIVE_PRINCIPAL = {
|
|
40847
|
+
name: "resolve_interactive_principal",
|
|
40848
|
+
description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the identity alias into the canonical authorization subject.",
|
|
40849
|
+
parameters: {
|
|
40850
|
+
clerkId: {
|
|
40851
|
+
type: "string",
|
|
40852
|
+
description: "Authenticated Clerk subject (`sub`). Clerk proves identity only; it is not the authorization record."
|
|
40853
|
+
},
|
|
40854
|
+
tenantId: {
|
|
40855
|
+
type: "string",
|
|
40856
|
+
description: "Optional tenant scope. Omit only when the Clerk alias is globally unambiguous."
|
|
40857
|
+
},
|
|
40858
|
+
workspaceId: {
|
|
40859
|
+
type: "string",
|
|
40860
|
+
description: "Optional workspace scope. Required when the principal has access to multiple workspaces and no default can be inferred."
|
|
40861
|
+
},
|
|
40862
|
+
providerProjectId: {
|
|
40863
|
+
type: "string",
|
|
40864
|
+
description: "Optional Clerk project or provider instance id for tenants with multiple identity providers."
|
|
40865
|
+
}
|
|
40866
|
+
},
|
|
40867
|
+
required: ["clerkId"],
|
|
40868
|
+
response: {
|
|
40869
|
+
description: "Permit-backed Lucern principal context for tenant SDK bootstrap",
|
|
40870
|
+
fields: {
|
|
40871
|
+
principalId: "string \u2014 canonical Lucern principal identifier",
|
|
40872
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
40873
|
+
clerkId: "string \u2014 authenticated Clerk subject alias",
|
|
40874
|
+
tenantId: "string \u2014 resolved tenant scope",
|
|
40875
|
+
workspaceId: "string | null \u2014 resolved workspace scope",
|
|
40876
|
+
roles: "string[] \u2014 effective Permit roles",
|
|
40877
|
+
scopes: "string[] \u2014 effective scopes derived from Permit/control-plane projection",
|
|
40878
|
+
groupIds: "string[] \u2014 active Permit group memberships",
|
|
40879
|
+
principalStatus: "string \u2014 active, invited, suspended, disabled, revoked, or missing",
|
|
40880
|
+
tenantStatus: "string \u2014 projected tenant resource status",
|
|
40881
|
+
workspaceStatus: "string \u2014 projected workspace resource status",
|
|
40882
|
+
permit: "object \u2014 Permit subject, tenant, and optional workspace tuple"
|
|
40883
|
+
}
|
|
40884
|
+
},
|
|
40885
|
+
ownerModule: "control-plane",
|
|
40886
|
+
ontologyPrimitive: "identity",
|
|
40887
|
+
tier: "workhorse"
|
|
40888
|
+
};
|
|
40371
40889
|
var COMPILE_CONTEXT = {
|
|
40372
40890
|
name: "compile_context",
|
|
40373
40891
|
description: "Compile a focused reasoning context. If topicId is omitted, Lucern resolves the best topic from the query. Like `git log --graph --decorate` for the reasoning substrate \u2014 returns the canonical Pillar 3 context pack through the public API shape.",
|
|
@@ -42270,6 +42788,7 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
42270
42788
|
update_worktree_targets: UPDATE_WORKTREE_TARGETS,
|
|
42271
42789
|
update_worktree_metadata: UPDATE_WORKTREE_METADATA,
|
|
42272
42790
|
identity_whoami: IDENTITY_WHOAMI,
|
|
42791
|
+
resolve_interactive_principal: RESOLVE_INTERACTIVE_PRINCIPAL,
|
|
42273
42792
|
compile_context: COMPILE_CONTEXT,
|
|
42274
42793
|
record_scope_learning: RECORD_SCOPE_LEARNING,
|
|
42275
42794
|
pipeline_snapshot: PIPELINE_SNAPSHOT,
|
|
@@ -42713,6 +43232,163 @@ function rankEntityConnections(nodeText, candidates, options) {
|
|
|
42713
43232
|
).filter((m) => m.score >= minScore).sort((a, b) => b.score - a.score).slice(0, limit);
|
|
42714
43233
|
}
|
|
42715
43234
|
|
|
43235
|
+
// src/permit-principal-projection.contract.ts
|
|
43236
|
+
var PLATFORM_ROLE_PRIORITY = {
|
|
43237
|
+
platform_admin: 70,
|
|
43238
|
+
tenant_admin: 60,
|
|
43239
|
+
workspace_admin: 50,
|
|
43240
|
+
editor: 40,
|
|
43241
|
+
auditor: 30,
|
|
43242
|
+
viewer: 20,
|
|
43243
|
+
service_agent: 10
|
|
43244
|
+
};
|
|
43245
|
+
function readPermitProjectionString(value) {
|
|
43246
|
+
return typeof value === "string" && value.trim() ? value.trim() : void 0;
|
|
43247
|
+
}
|
|
43248
|
+
function isActivePermitProjectionStatus(value) {
|
|
43249
|
+
const status = readPermitProjectionString(value)?.toLowerCase();
|
|
43250
|
+
return !status || status === "active" || status === "synced";
|
|
43251
|
+
}
|
|
43252
|
+
function mapPermitRoleToPlatformRole(role) {
|
|
43253
|
+
switch (readPermitProjectionString(role)?.toLowerCase()) {
|
|
43254
|
+
case "platform_admin":
|
|
43255
|
+
return "platform_admin";
|
|
43256
|
+
case "tenant_admin":
|
|
43257
|
+
return "tenant_admin";
|
|
43258
|
+
case "workspace_admin":
|
|
43259
|
+
case "deployment_admin":
|
|
43260
|
+
case "graph_admin":
|
|
43261
|
+
return "workspace_admin";
|
|
43262
|
+
case "editor":
|
|
43263
|
+
case "workspace_member":
|
|
43264
|
+
case "graph_editor":
|
|
43265
|
+
case "evidence_contributor":
|
|
43266
|
+
case "question_resolver":
|
|
43267
|
+
case "theme_promoter":
|
|
43268
|
+
case "topic_promoter":
|
|
43269
|
+
return "editor";
|
|
43270
|
+
case "auditor":
|
|
43271
|
+
return "auditor";
|
|
43272
|
+
case "viewer":
|
|
43273
|
+
case "graph_viewer":
|
|
43274
|
+
case "stakeholder_viewer":
|
|
43275
|
+
case "stakeholder_summarizer":
|
|
43276
|
+
case "source_drilldown_viewer":
|
|
43277
|
+
case "restricted_data_viewer":
|
|
43278
|
+
case "proprietary_data_viewer":
|
|
43279
|
+
return "viewer";
|
|
43280
|
+
case "service_agent":
|
|
43281
|
+
case "agent_runner":
|
|
43282
|
+
return "service_agent";
|
|
43283
|
+
default:
|
|
43284
|
+
return void 0;
|
|
43285
|
+
}
|
|
43286
|
+
}
|
|
43287
|
+
function highestPlatformRole(roles) {
|
|
43288
|
+
return roles.reduce(
|
|
43289
|
+
(best, role) => PLATFORM_ROLE_PRIORITY[role] > PLATFORM_ROLE_PRIORITY[best] ? role : best,
|
|
43290
|
+
"viewer"
|
|
43291
|
+
);
|
|
43292
|
+
}
|
|
43293
|
+
function isClerkAliasFor(alias, clerkId) {
|
|
43294
|
+
return isActivePermitProjectionStatus(alias.status) && readPermitProjectionString(alias.provider)?.toLowerCase() === "clerk" && (readPermitProjectionString(alias.providerSubjectId) === clerkId || readPermitProjectionString(alias.alias) === clerkId);
|
|
43295
|
+
}
|
|
43296
|
+
function emailFromAlias(aliases, principal) {
|
|
43297
|
+
return aliases.find(
|
|
43298
|
+
(alias) => readPermitProjectionString(alias.aliasKind)?.toLowerCase() === "email"
|
|
43299
|
+
)?.alias ?? readPermitProjectionString(principal.metadata?.email);
|
|
43300
|
+
}
|
|
43301
|
+
function groupIdsForPrincipal(memberships2, principal) {
|
|
43302
|
+
const principalId = readPermitProjectionString(principal.principalId);
|
|
43303
|
+
if (!principalId) return [];
|
|
43304
|
+
return [
|
|
43305
|
+
...new Set(
|
|
43306
|
+
memberships2.filter(
|
|
43307
|
+
(membership) => isActivePermitProjectionStatus(membership.status) && readPermitProjectionString(membership.tenantId) === readPermitProjectionString(principal.tenantId) && readPermitProjectionString(membership.memberType) === "principal" && (readPermitProjectionString(membership.memberId) === principalId || readPermitProjectionString(membership.principalId) === principalId)
|
|
43308
|
+
).map((membership) => readPermitProjectionString(membership.groupId)).filter((groupId) => Boolean(groupId))
|
|
43309
|
+
)
|
|
43310
|
+
];
|
|
43311
|
+
}
|
|
43312
|
+
function rolesForPrincipal(assignments, principal, groupIds) {
|
|
43313
|
+
const principalId = readPermitProjectionString(principal.principalId);
|
|
43314
|
+
const tenantId = readPermitProjectionString(principal.tenantId);
|
|
43315
|
+
const roles = assignments.filter(
|
|
43316
|
+
(assignment) => isActivePermitProjectionStatus(assignment.status) && readPermitProjectionString(assignment.tenantId) === tenantId && (readPermitProjectionString(assignment.targetType) === "principal" && readPermitProjectionString(assignment.targetId) === principalId || readPermitProjectionString(assignment.targetType) === "group" && groupIds.includes(
|
|
43317
|
+
readPermitProjectionString(assignment.targetId) ?? ""
|
|
43318
|
+
))
|
|
43319
|
+
).map((assignment) => mapPermitRoleToPlatformRole(assignment.role)).filter((role) => Boolean(role));
|
|
43320
|
+
if (readPermitProjectionString(principal.principalType) === "agent" || readPermitProjectionString(principal.principalType) === "service_principal") {
|
|
43321
|
+
roles.push("service_agent");
|
|
43322
|
+
}
|
|
43323
|
+
return [...new Set(roles)];
|
|
43324
|
+
}
|
|
43325
|
+
function workspaceFromPermitProjection(principal, alias, assignments) {
|
|
43326
|
+
return readPermitProjectionString(principal.workspaceId) ?? readPermitProjectionString(alias?.workspaceId) ?? readPermitProjectionString(
|
|
43327
|
+
assignments.find(
|
|
43328
|
+
(assignment) => readPermitProjectionString(assignment.targetId) === readPermitProjectionString(principal.principalId) && readPermitProjectionString(assignment.resourceType) === "workspace"
|
|
43329
|
+
)?.resourceKey
|
|
43330
|
+
) ?? readPermitProjectionString(
|
|
43331
|
+
assignments.find((assignment) => assignment.workspaceId)?.workspaceId
|
|
43332
|
+
);
|
|
43333
|
+
}
|
|
43334
|
+
function buildProjectedUserFromPermitPrincipal(rows, principal, matchingAlias, now = Date.now()) {
|
|
43335
|
+
const principalId = readPermitProjectionString(principal.principalId);
|
|
43336
|
+
const tenantId = readPermitProjectionString(principal.tenantId);
|
|
43337
|
+
if (!principalId || !tenantId || !isActivePermitProjectionStatus(principal.status)) {
|
|
43338
|
+
return null;
|
|
43339
|
+
}
|
|
43340
|
+
const aliases = rows.aliases.filter(
|
|
43341
|
+
(alias2) => readPermitProjectionString(alias2.tenantId) === tenantId && readPermitProjectionString(alias2.principalId) === principalId && isActivePermitProjectionStatus(alias2.status)
|
|
43342
|
+
);
|
|
43343
|
+
const groupIds = groupIdsForPrincipal(rows.groupMemberships, principal);
|
|
43344
|
+
const roles = rolesForPrincipal(rows.roleAssignments, principal, groupIds);
|
|
43345
|
+
if (roles.length === 0) {
|
|
43346
|
+
return null;
|
|
43347
|
+
}
|
|
43348
|
+
const alias = matchingAlias ?? aliases[0];
|
|
43349
|
+
const clerkId = readPermitProjectionString(
|
|
43350
|
+
aliases.find(
|
|
43351
|
+
(entry) => readPermitProjectionString(entry.provider)?.toLowerCase() === "clerk"
|
|
43352
|
+
)?.providerSubjectId
|
|
43353
|
+
) ?? principalId;
|
|
43354
|
+
return {
|
|
43355
|
+
clerkId,
|
|
43356
|
+
email: emailFromAlias(aliases, principal) ?? `${principalId}@permit.local`,
|
|
43357
|
+
name: readPermitProjectionString(principal.displayName),
|
|
43358
|
+
lastSeenAt: principal.lastSeenAt ?? principal.updatedAt ?? now,
|
|
43359
|
+
chatCount: 0,
|
|
43360
|
+
messageCount: 0,
|
|
43361
|
+
mcRole: highestPlatformRole(roles),
|
|
43362
|
+
mcRoleSyncedAt: principal.updatedAt ?? now,
|
|
43363
|
+
defaultTenantId: tenantId,
|
|
43364
|
+
defaultWorkspaceId: workspaceFromPermitProjection(principal, alias, rows.roleAssignments) ?? tenantId,
|
|
43365
|
+
defaultPrincipalId: principalId,
|
|
43366
|
+
principalGroupIds: groupIds,
|
|
43367
|
+
governanceGrantsSyncedAt: principal.updatedAt ?? now,
|
|
43368
|
+
createdAt: principal.createdAt ?? now,
|
|
43369
|
+
updatedAt: principal.updatedAt ?? now
|
|
43370
|
+
};
|
|
43371
|
+
}
|
|
43372
|
+
function findProjectedUserByPermitPrincipalId(rows, principalId, now = Date.now()) {
|
|
43373
|
+
const normalizedPrincipalId = principalId.trim();
|
|
43374
|
+
const principal = rows.principals.find(
|
|
43375
|
+
(row) => isActivePermitProjectionStatus(row.status) && readPermitProjectionString(row.principalId) === normalizedPrincipalId
|
|
43376
|
+
);
|
|
43377
|
+
return principal ? buildProjectedUserFromPermitPrincipal(rows, principal, void 0, now) : null;
|
|
43378
|
+
}
|
|
43379
|
+
function findProjectedUserByPermitClerkId(rows, clerkId, now = Date.now()) {
|
|
43380
|
+
const normalizedClerkId = clerkId.trim();
|
|
43381
|
+
const matchingAlias = rows.aliases.find(
|
|
43382
|
+
(alias) => isClerkAliasFor(alias, normalizedClerkId)
|
|
43383
|
+
);
|
|
43384
|
+
const principal = matchingAlias ? rows.principals.find(
|
|
43385
|
+
(row) => readPermitProjectionString(row.tenantId) === readPermitProjectionString(matchingAlias.tenantId) && readPermitProjectionString(row.principalId) === readPermitProjectionString(matchingAlias.principalId)
|
|
43386
|
+
) : rows.principals.find(
|
|
43387
|
+
(row) => readPermitProjectionString(row.principalId) === normalizedClerkId || readPermitProjectionString(row.principalId) === `user:${normalizedClerkId}`
|
|
43388
|
+
);
|
|
43389
|
+
return principal ? buildProjectedUserFromPermitPrincipal(rows, principal, matchingAlias, now) : null;
|
|
43390
|
+
}
|
|
43391
|
+
|
|
42716
43392
|
// src/prompt.contract.ts
|
|
42717
43393
|
function isLucernPrompt(value) {
|
|
42718
43394
|
if (!value || typeof value !== "object") {
|
|
@@ -43974,6 +44650,8 @@ var TENANT_BOOTSTRAP_SEED_COMPONENTS = {
|
|
|
43974
44650
|
kernel: {
|
|
43975
44651
|
componentName: "lucern",
|
|
43976
44652
|
migrationModule: "adapters/migration",
|
|
44653
|
+
templateMigrationModule: "dist/adapters/migration",
|
|
44654
|
+
tenantMigrationModule: "adapters/migration",
|
|
43977
44655
|
templateService: "services/kernel-template",
|
|
43978
44656
|
templateDeployments: {
|
|
43979
44657
|
staging: "kindly-goldfish-162",
|
|
@@ -43982,7 +44660,9 @@ var TENANT_BOOTSTRAP_SEED_COMPONENTS = {
|
|
|
43982
44660
|
},
|
|
43983
44661
|
"control-plane": {
|
|
43984
44662
|
componentName: "controlPlane",
|
|
43985
|
-
migrationModule: "
|
|
44663
|
+
migrationModule: "migration",
|
|
44664
|
+
templateMigrationModule: "dist/migration",
|
|
44665
|
+
tenantMigrationModule: "migration",
|
|
43986
44666
|
templateService: "services/control-plane-template",
|
|
43987
44667
|
templateDeployments: {
|
|
43988
44668
|
staging: "industrious-cheetah-864",
|
|
@@ -44143,6 +44823,13 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
44143
44823
|
copyMode: "none",
|
|
44144
44824
|
description: "Deliberation sessions are created by tenant workflows."
|
|
44145
44825
|
},
|
|
44826
|
+
{
|
|
44827
|
+
component: "kernel",
|
|
44828
|
+
table: "domainEvents",
|
|
44829
|
+
prepopulation: "runtime_log",
|
|
44830
|
+
copyMode: "none",
|
|
44831
|
+
description: "Domain event rows are append-only runtime audit/exhaust data."
|
|
44832
|
+
},
|
|
44146
44833
|
{
|
|
44147
44834
|
component: "kernel",
|
|
44148
44835
|
table: "epistemicAudit",
|
|
@@ -44704,12 +45391,15 @@ function isTenantBootstrapSeedTable(table) {
|
|
|
44704
45391
|
return Boolean(findTenantBootstrapSeedTable(table));
|
|
44705
45392
|
}
|
|
44706
45393
|
function isTenantBootstrapForbiddenSeedTable(table) {
|
|
44707
|
-
return TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES.some(
|
|
45394
|
+
return TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES.some(
|
|
45395
|
+
(entry) => entry === table
|
|
45396
|
+
);
|
|
44708
45397
|
}
|
|
44709
|
-
var TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION = "2026-
|
|
45398
|
+
var TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION = "2026-05-11";
|
|
44710
45399
|
var TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID = "tenant_template";
|
|
44711
45400
|
var TENANT_BOOTSTRAP_TEMPLATE_ACTOR = "system:lucern-template-seed";
|
|
44712
45401
|
var DEFAULT_SEED_TIME = Date.UTC(2026, 3, 30);
|
|
45402
|
+
var TEMPLATE_SEED_METADATA_SOURCE = "lucern-template";
|
|
44713
45403
|
var ROLE_GRANTS = {
|
|
44714
45404
|
viewer: ["viewer", "auditor", "editor", "workspace_admin", "tenant_admin", "platform_admin", "service_agent"],
|
|
44715
45405
|
auditor: ["auditor", "tenant_admin", "platform_admin", "service_agent"],
|
|
@@ -44720,7 +45410,7 @@ var ROLE_GRANTS = {
|
|
|
44720
45410
|
service_agent: ["service_agent"]
|
|
44721
45411
|
};
|
|
44722
45412
|
var ENUM_VALUES = {
|
|
44723
|
-
topic_type: ["
|
|
45413
|
+
topic_type: ["generic"],
|
|
44724
45414
|
branch_schema: ["pillar", "track", "dimension", "axis", "phase"],
|
|
44725
45415
|
belief_type: ["belief", "hypothesis", "principle", "invariant", "assumption", "tenet", "prior", "preference", "goal", "forecast", "decision", "constraint", "tradeoff", "policy", "implementation_choice", "implementation_decision", "interface_contract", "migration_state", "code_pattern", "deprecation_notice"],
|
|
44726
45416
|
edge_type: ["supports", "informs", "depends_on", "derived_from", "contains", "tests", "supersedes", "responds_to", "belongs_to", "relates_to_thesis", "works_at", "invested_in", "competes_with", "participates_in", "founded_by", "evaluates", "performs", "function_in", "impacts", "raised_from", "mentioned_in", "perspective_on", "plays_theme"],
|
|
@@ -44764,6 +45454,13 @@ var MODEL_SLOTS = [
|
|
|
44764
45454
|
function labelFor(value) {
|
|
44765
45455
|
return value.split(/[_-]/).map((part) => part.charAt(0).toUpperCase() + part.slice(1)).join(" ");
|
|
44766
45456
|
}
|
|
45457
|
+
function templateSeedMetadata(version) {
|
|
45458
|
+
return {
|
|
45459
|
+
seedSource: TEMPLATE_SEED_METADATA_SOURCE,
|
|
45460
|
+
seedVersion: version,
|
|
45461
|
+
seedType: "template-default"
|
|
45462
|
+
};
|
|
45463
|
+
}
|
|
44767
45464
|
function seedContext(options) {
|
|
44768
45465
|
return {
|
|
44769
45466
|
now: options.now ?? DEFAULT_SEED_TIME,
|
|
@@ -44903,7 +45600,7 @@ function modelRegistryRows(now) {
|
|
|
44903
45600
|
updatedAt: now
|
|
44904
45601
|
}));
|
|
44905
45602
|
}
|
|
44906
|
-
function modelFunctionSlotRows(now) {
|
|
45603
|
+
function modelFunctionSlotRows(now, version) {
|
|
44907
45604
|
return MODEL_SLOTS.map(([slot, category, description, modelKey, promptName, temperature, maxTokens, requiredCapabilities]) => ({
|
|
44908
45605
|
slot,
|
|
44909
45606
|
category,
|
|
@@ -44915,24 +45612,24 @@ function modelFunctionSlotRows(now) {
|
|
|
44915
45612
|
requiredCapabilities,
|
|
44916
45613
|
enabled: true,
|
|
44917
45614
|
isDefault: true,
|
|
44918
|
-
notes: `Seeded by ${
|
|
45615
|
+
notes: `Seeded by ${version}.`,
|
|
44919
45616
|
createdAt: now,
|
|
44920
45617
|
updatedAt: now
|
|
44921
45618
|
}));
|
|
44922
45619
|
}
|
|
44923
|
-
function modelSlotConfigRows(now) {
|
|
45620
|
+
function modelSlotConfigRows(now, version) {
|
|
44924
45621
|
return MODEL_SLOTS.map(([slot, , , modelKey, , temperature, maxTokens]) => ({
|
|
44925
45622
|
slot,
|
|
44926
45623
|
modelKey,
|
|
44927
45624
|
temperature,
|
|
44928
45625
|
maxTokens,
|
|
44929
45626
|
enabled: true,
|
|
44930
|
-
notes: `Default routing for ${slot}.`,
|
|
45627
|
+
notes: `Default routing for ${slot}. Seeded by ${version}.`,
|
|
44931
45628
|
createdAt: now,
|
|
44932
45629
|
updatedAt: now
|
|
44933
45630
|
}));
|
|
44934
45631
|
}
|
|
44935
|
-
function schemaEnumRows(now) {
|
|
45632
|
+
function schemaEnumRows(now, version) {
|
|
44936
45633
|
return Object.entries(ENUM_VALUES).flatMap(
|
|
44937
45634
|
([category, values]) => values.map((value, index) => ({
|
|
44938
45635
|
category,
|
|
@@ -44940,7 +45637,7 @@ function schemaEnumRows(now) {
|
|
|
44940
45637
|
label: labelFor(value),
|
|
44941
45638
|
description: `${labelFor(value)} ${category} value.`,
|
|
44942
45639
|
tier: "platform",
|
|
44943
|
-
metadata:
|
|
45640
|
+
metadata: templateSeedMetadata(version),
|
|
44944
45641
|
isDefault: index === 0,
|
|
44945
45642
|
sortOrder: index + 1,
|
|
44946
45643
|
status: "active",
|
|
@@ -44978,18 +45675,28 @@ function buildTenantBootstrapTemplateSeedRows(options = {}) {
|
|
|
44978
45675
|
publicationRules: [
|
|
44979
45676
|
{ tenantId: ctx.templateTenantId, name: "publish-high-confidence-beliefs", description: "Publish high-confidence beliefs to tenant-level consumers.", conditionType: "confidence_threshold", conditions: { minConfidence: 0.85 }, enabled: true, priority: 100, createdBy: ctx.actor, createdAt: ctx.now, updatedAt: ctx.now }
|
|
44980
45677
|
],
|
|
44981
|
-
schemaEnumConfig: schemaEnumRows(ctx.now)
|
|
45678
|
+
schemaEnumConfig: schemaEnumRows(ctx.now, ctx.version)
|
|
44982
45679
|
},
|
|
44983
45680
|
"control-plane": {
|
|
44984
45681
|
mcpWritePolicy: buildMcpWritePolicy(ctx.now, ctx.actor),
|
|
44985
|
-
modelFunctionSlots: modelFunctionSlotRows(ctx.now),
|
|
45682
|
+
modelFunctionSlots: modelFunctionSlotRows(ctx.now, ctx.version),
|
|
44986
45683
|
modelRegistry: modelRegistryRows(ctx.now),
|
|
44987
|
-
modelSlotConfigs: modelSlotConfigRows(ctx.now),
|
|
45684
|
+
modelSlotConfigs: modelSlotConfigRows(ctx.now, ctx.version),
|
|
44988
45685
|
platformAudiences: [
|
|
44989
45686
|
["internal", "Internal", "internal"],
|
|
44990
45687
|
["lp", "Limited Partners", "restricted_external"],
|
|
44991
45688
|
["public", "Public", "public"]
|
|
44992
|
-
].map(([audienceKey, audienceLabel, audienceClass]) => ({
|
|
45689
|
+
].map(([audienceKey, audienceLabel, audienceClass]) => ({
|
|
45690
|
+
tenantId: ctx.templateTenantId,
|
|
45691
|
+
audienceKey,
|
|
45692
|
+
audienceLabel,
|
|
45693
|
+
audienceClass,
|
|
45694
|
+
status: "active",
|
|
45695
|
+
metadata: templateSeedMetadata(ctx.version),
|
|
45696
|
+
createdBy: ctx.actor,
|
|
45697
|
+
createdAt: ctx.now,
|
|
45698
|
+
updatedAt: ctx.now
|
|
45699
|
+
})),
|
|
44993
45700
|
tenantConfig: [
|
|
44994
45701
|
{ tenantId: ctx.templateTenantId, authPolicyMode: "open", defaultSessionTTL: 28800, defaultTopicVisibility: "tenant", featureFlags: { sdkBootstrapSeeds: true, interactiveRoleAuth: true }, maxWorkspaceCount: 25, defaultModelSlotOverrides: {}, updatedAt: ctx.now, updatedBy: ctx.actor }
|
|
44995
45702
|
],
|
|
@@ -45296,6 +46003,6 @@ var CANONICAL_WORKFLOW_DEFINITIONS = [
|
|
|
45296
46003
|
}
|
|
45297
46004
|
];
|
|
45298
46005
|
|
|
45299
|
-
export { BELIEF_STATUSES, BELIEF_TYPE_BONUS, BRANCH_STATUSES, CANONICAL_WORKFLOW_DEFINITIONS, COMPONENT_BOUNDARY_COMPONENT_LAYERS, COMPONENT_BOUNDARY_CONTRACT_VERSION, COMPONENT_BOUNDARY_DIRECT_DB_METHODS, COMPONENT_BOUNDARY_HIGH_RISK_TABLES, COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS, COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION, COMPONENT_HOST_DB_READ_OPERATIONS, COMPONENT_HOST_DB_WRITE_OPERATIONS, COMPONENT_HOST_PROTECTED_TABLES, COMPONENT_HOST_PROTECTED_TABLE_OWNERS, COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS, COMPONENT_HOST_WRITE_AUDIT_ROOTS, CONFIDENCE_TRIGGERS, CONTEXT_PACK_SCHEMA_VERSION, CONTEXT_PACK_SECTION_KEYS, CONTEXT_RANKING_PROFILES, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, ComponentTableManifestSchema, DEFAULT_BELIEF_TYPE_BONUS, DEFAULT_COMPILATION_MODE, DEFAULT_ENTITY_LIMIT, DEFAULT_PRIORITY_SCORE, DEFAULT_RANKING_PROFILE, DEFAULT_SECTION_LIMIT, DEFAULT_SEVERITY_SCORE, DEFAULT_TIER_APPROVAL_MODE, DEFAULT_TOKEN_BUDGET, DEFAULT_WORKFLOW_AUTO_FIX_POLICY, DEFEAT_TYPES, DOMAIN_EVENT_TYPES, DOMAIN_EVENT_VERSION, ENTITY_RANKING_WEIGHTS, EPISTEMIC_LAYERS, EVENT_RETENTION_DEFAULT_DAYS, EdgePolicyEntrySchema, EdgePolicyManifestSchema, EpistemicNodeTypeSchema, FORK_REASONS, GENERATED_INFISICAL_BOOTSTRAP_ENV_NAMES, GENERATED_INFISICAL_CONTROL_ENV_NAMES, GENERATED_INFISICAL_KNOWN_ENV_NAMES, GENERATED_INFISICAL_MANAGED_ENV_NAMES, GENERATED_INFISICAL_RUNTIME_ENV, GENERATED_LUCERN_GATEWAY_ENV_NAMES, GENERATED_LUCERN_WEB_PUBLIC_ENV_NAMES, GENERATED_LUCERN_WEB_SERVER_ENV_NAMES, GRAPH_INTELLIGENCE_MODE_TOOL_NAMES, GRAPH_INTELLIGENCE_PUBLIC_TOOL_NAMES, GRAPH_INTELLIGENCE_QUERIES, GRAPH_INTELLIGENCE_QUERIES_WITH_TOOLS, GRAPH_INTELLIGENCE_QUERY_CATALOG_VERSION, GRAPH_INTELLIGENCE_QUERY_CATEGORIES, GRAPH_INTELLIGENCE_QUERY_MODES, GRAPH_INTELLIGENCE_QUICK_QUERIES, GRAPH_REF_NODE_TYPES, GraphRefSchema, INFISICAL_CONVEX_TIERS, INFISICAL_CONVEX_TIER_BY_VERCEL_ENVIRONMENT, INFISICAL_RUNTIME_BOOTSTRAP_ENV, INFISICAL_RUNTIME_CONTRACT_VERSION, INFISICAL_RUNTIME_CONTROL_ENV, INFISICAL_RUNTIME_DEFAULT_API_URL, INFISICAL_RUNTIME_DEFAULT_PROJECT_ID, INFISICAL_RUNTIME_DELIVERY_MODES, INFISICAL_RUNTIME_ENVIRONMENTS, INFISICAL_RUNTIME_MANIFEST, INFISICAL_RUNTIME_PATHS, INFISICAL_RUNTIME_SURFACES, INFISICAL_RUNTIME_SURFACE_IDS, INFISICAL_SECRET_CONSUMERS, INFISICAL_SECRET_DEFINITIONS, INFISICAL_SECRET_DESTINATION_KINDS, INFISICAL_SECRET_ENVIRONMENT_POLICIES, INFISICAL_SECRET_OWNERS, INFISICAL_SECRET_SCOPES, INFISICAL_TENANT_SOFTWARE_SYSTEMS, INFISICAL_VERCEL_DESTINATION_ENVIRONMENTS, INFISICAL_VERCEL_SYNC_DESTINATIONS, INFISICAL_VERCEL_SYNC_RECONCILIATION, INFISICAL_VERCEL_TARGETS, INTEGRATION_EDGE_TYPES, InvariantManifestSchema, JUDGMENT_TYPES, MAX_ENTITY_LIMIT, MAX_SECTION_LIMIT, MAX_TOKEN_BUDGET, MERGE_OUTCOMES, MIN_CONTRADICTION_BUDGET, MIN_TOKEN_BUDGET, MIN_TOKEN_ESTIMATE, MORNING_BRIEF_WORKFLOW_ID, NIGHTLY_RECONCILIATION_WORKFLOW_ID, PRIORITY_SCORES, PULL_REQUEST_STATUSES, RANKING_WEIGHTS, REASONING_METHODS, RECENCY_HALF_LIFE_DAYS, RESOLVED_QUESTION_STATUSES, ROOT_TOPIC_ID, SECTION_BUDGET_RATIOS, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SEVERITY_SCORES, SLOpinionInputSchema, TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES, TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS, TENANT_BOOTSTRAP_SEED_COMPONENTS, TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION, TENANT_BOOTSTRAP_SEED_MANIFEST, TENANT_BOOTSTRAP_SEED_TABLES, TENANT_BOOTSTRAP_TABLE_REQUIREMENTS, TENANT_BOOTSTRAP_TEMPLATE_ACTOR, TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION, TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID, TENANT_CLIENT_AUTH_MODES, TENANT_CLIENT_CAPABILITIES, TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS, TENANT_CLIENT_CONTRACT_VERSION, TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS, TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS, TENANT_CLIENT_FORBIDDEN_SECRET_ENV, TENANT_CLIENT_FULL_SUITE_PACKAGE_NAMES, TENANT_CLIENT_INSTALLABLE_PACKAGES, TENANT_CLIENT_INSTALL_PROFILES, TENANT_CLIENT_INSTALL_TOKEN_ENV, TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH, TENANT_CLIENT_ISOLATION_RULES, TENANT_CLIENT_MANIFEST, TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS, TENANT_CLIENT_PRINCIPAL_TYPES, TENANT_CLIENT_PUBLIC_IMPORTS, TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS, TENANT_CLIENT_REQUIRED_SDK_NAMESPACES, TOKENS_PER_WORD, WEBHOOK_MAX_ATTEMPTS, WEBHOOK_RETRY_DELAYS_MS, WORKFLOW_ACTION_KINDS, WORKFLOW_APPROVAL_MODES, WORKFLOW_AUTO_FIX_MODES, WORKFLOW_HOOK_EVENTS, WORKFLOW_INTEGRITY_CHECKS, WORKFLOW_MUTATION_TIERS, WORKFLOW_OUTPUT_KINDS, WORKFLOW_PROOF_ARTIFACT_KINDS, WORKFLOW_RUNTIME_SCHEMA_VERSION, WORKFLOW_RUN_STATUSES, WORKFLOW_STAFFING_HINTS, WORKFLOW_TRIGGER_KINDS, WORKTREE_PHASES, assertEdgePolicyAllowed, assertTenantClientImportAllowed, bigramTokenize, buildDomainEvent, buildTenantBootstrapTemplateSeedRows, canonicalGeneratedInfisicalEnvName, classifyTenantClientImport, collectTopicNeighborhood, compareEventCursor, dsl_exports as contractDsl, convexTierForVercelDestinationEnvironment, createEventId, createEvidenceProjection, decodeEventCursor, decodePrefixedId, defineProjection, edgePolicyManifest, emitDomainEvent, encodeEventCursor, encodePrefixedId, expectedTenantConvexDeploymentForVercelEnvironment, fillGraphIntelligencePromptTemplate, findEdgePolicy, findInfisicalRuntimePath, findInfisicalRuntimeSurface, findInfisicalSecretDefinition, findInfisicalTenantSoftwareSystem, findInfisicalVercelSyncDestination, findTenantBootstrapSeedTable, findTenantBootstrapTableRequirement, findTenantClientInstallablePackage, formatTenantClientImportViolation, generatedInfisicalVariableForName, getComponentBoundaryTableLayer, getGraphIntelligenceQuery, hasPrefixedIdPrefix, inferActorType, inferSessionPrincipalType, infisicalSecretDefinitionsForConsumer, infisicalSecretDefinitionsForDestination, isAfterCursor, isComponentBoundaryComponentOwnedTable, isGeneratedInfisicalKnownEnvName, isGeneratedInfisicalManagedEnvName, isGraphIntelligenceQueryMode, isLucernPrompt, isTenantBootstrapForbiddenSeedTable, isTenantBootstrapSeedTable, isTenantClientAllowedImport, isTenantClientComponentConfigImport, isTenantClientInstallablePackage, isTenantClientPublicImport, jaccardSimilarity, lastDelegator, listBeliefsProjection, listGraphIntelligenceQueries, listTasksProjection, tool_contracts_exports as mcpToolsContract, modulateConfidenceProjection, normalizeDelegationChain, normalizeRetentionDays, prepareLexicalQuery, projections, rankEntityConnections, rankEntityTypeMatches, rankWindowScore, readGeneratedInfisicalDestinationEnv, readGeneratedInfisicalEnvValue, readGeneratedInfisicalRuntimeEnvSurface, readGeneratedLucernGatewayEnv, readGeneratedLucernWebPublicEnv, readGeneratedLucernWebServerEnv, requireActorPrincipalId, rerankLexicalWindow, schemas_exports as schemaContracts, scoreEntityConnection, scoreEntityTypeMatch, scoreLexicalSignal, scoreLexicalSignals, sdk_tools_contract_exports as sdkToolsContract, sortEventsByCursor, stemToken, tenantSoftwareSystemConvexEnvNames, tenantSoftwareSystemOwnsConvexEnvName, tokenOverlapScore, tokenizeSearchText, validateInfisicalSecretDefinitions, vercelCustomEnvironmentIdForTenantSoftwareSystem, wordOverlapScore, wordTokenize };
|
|
46006
|
+
export { BELIEF_STATUSES, BELIEF_TYPE_BONUS, BRANCH_STATUSES, CANONICAL_WORKFLOW_DEFINITIONS, COMPONENT_BOUNDARY_COMPONENT_LAYERS, COMPONENT_BOUNDARY_CONTRACT_VERSION, COMPONENT_BOUNDARY_DIRECT_DB_METHODS, COMPONENT_BOUNDARY_HIGH_RISK_TABLES, COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS, COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION, COMPONENT_HOST_DB_READ_OPERATIONS, COMPONENT_HOST_DB_WRITE_OPERATIONS, COMPONENT_HOST_PROTECTED_TABLES, COMPONENT_HOST_PROTECTED_TABLE_OWNERS, COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS, COMPONENT_HOST_WRITE_AUDIT_ROOTS, CONFIDENCE_TRIGGERS, CONTEXT_PACK_SCHEMA_VERSION, CONTEXT_PACK_SECTION_KEYS, CONTEXT_RANKING_PROFILES, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, ComponentTableManifestSchema, DEFAULT_BELIEF_TYPE_BONUS, DEFAULT_COMPILATION_MODE, DEFAULT_ENTITY_LIMIT, DEFAULT_PRIORITY_SCORE, DEFAULT_RANKING_PROFILE, DEFAULT_SECTION_LIMIT, DEFAULT_SEVERITY_SCORE, DEFAULT_TIER_APPROVAL_MODE, DEFAULT_TOKEN_BUDGET, DEFAULT_WORKFLOW_AUTO_FIX_POLICY, DEFEAT_TYPES, DOMAIN_EVENT_TYPES, DOMAIN_EVENT_VERSION, ENTITY_RANKING_WEIGHTS, EPISTEMIC_LAYERS, EVENT_RETENTION_DEFAULT_DAYS, EdgePolicyEntrySchema, EdgePolicyManifestSchema, EpistemicNodeTypeSchema, FORK_REASONS, GENERATED_INFISICAL_BOOTSTRAP_ENV_NAMES, GENERATED_INFISICAL_CONTROL_ENV_NAMES, GENERATED_INFISICAL_KNOWN_ENV_NAMES, GENERATED_INFISICAL_MANAGED_ENV_NAMES, GENERATED_INFISICAL_RUNTIME_ENV, GENERATED_LUCERN_GATEWAY_ENV_NAMES, GENERATED_LUCERN_WEB_PUBLIC_ENV_NAMES, GENERATED_LUCERN_WEB_SERVER_ENV_NAMES, GRAPH_INTELLIGENCE_MODE_TOOL_NAMES, GRAPH_INTELLIGENCE_PUBLIC_TOOL_NAMES, GRAPH_INTELLIGENCE_QUERIES, GRAPH_INTELLIGENCE_QUERIES_WITH_TOOLS, GRAPH_INTELLIGENCE_QUERY_CATALOG_VERSION, GRAPH_INTELLIGENCE_QUERY_CATEGORIES, GRAPH_INTELLIGENCE_QUERY_MODES, GRAPH_INTELLIGENCE_QUICK_QUERIES, GRAPH_REF_NODE_TYPES, GraphRefSchema, INFISICAL_CONVEX_TIERS, INFISICAL_CONVEX_TIER_BY_VERCEL_ENVIRONMENT, INFISICAL_RUNTIME_BOOTSTRAP_ENV, INFISICAL_RUNTIME_CONTRACT_VERSION, INFISICAL_RUNTIME_CONTROL_ENV, INFISICAL_RUNTIME_DEFAULT_API_URL, INFISICAL_RUNTIME_DEFAULT_PROJECT_ID, INFISICAL_RUNTIME_DELIVERY_MODES, INFISICAL_RUNTIME_ENVIRONMENTS, INFISICAL_RUNTIME_MANIFEST, INFISICAL_RUNTIME_PATHS, INFISICAL_RUNTIME_SURFACES, INFISICAL_RUNTIME_SURFACE_IDS, INFISICAL_SECRET_CONSUMERS, INFISICAL_SECRET_DEFINITIONS, INFISICAL_SECRET_DESTINATION_KINDS, INFISICAL_SECRET_ENVIRONMENT_POLICIES, INFISICAL_SECRET_OWNERS, INFISICAL_SECRET_SCOPES, INFISICAL_TENANT_SOFTWARE_SYSTEMS, INFISICAL_VERCEL_DESTINATION_ENVIRONMENTS, INFISICAL_VERCEL_SYNC_DESTINATIONS, INFISICAL_VERCEL_SYNC_RECONCILIATION, INFISICAL_VERCEL_TARGETS, INTEGRATION_EDGE_TYPES, InvariantManifestSchema, JUDGMENT_TYPES, MAX_ENTITY_LIMIT, MAX_SECTION_LIMIT, MAX_TOKEN_BUDGET, MERGE_OUTCOMES, MIN_CONTRADICTION_BUDGET, MIN_TOKEN_BUDGET, MIN_TOKEN_ESTIMATE, MORNING_BRIEF_WORKFLOW_ID, NIGHTLY_RECONCILIATION_WORKFLOW_ID, PRIORITY_SCORES, PULL_REQUEST_STATUSES, RANKING_WEIGHTS, REASONING_METHODS, RECENCY_HALF_LIFE_DAYS, RESOLVED_QUESTION_STATUSES, ROOT_TOPIC_ID, SECTION_BUDGET_RATIOS, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SEVERITY_SCORES, SLOpinionInputSchema, TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES, TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS, TENANT_BOOTSTRAP_SEED_COMPONENTS, TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION, TENANT_BOOTSTRAP_SEED_MANIFEST, TENANT_BOOTSTRAP_SEED_TABLES, TENANT_BOOTSTRAP_TABLE_REQUIREMENTS, TENANT_BOOTSTRAP_TEMPLATE_ACTOR, TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION, TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID, TENANT_CLIENT_AUTH_MODES, TENANT_CLIENT_CAPABILITIES, TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS, TENANT_CLIENT_CONTRACT_VERSION, TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS, TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS, TENANT_CLIENT_FORBIDDEN_SECRET_ENV, TENANT_CLIENT_FULL_SUITE_PACKAGE_NAMES, TENANT_CLIENT_INSTALLABLE_PACKAGES, TENANT_CLIENT_INSTALL_PROFILES, TENANT_CLIENT_INSTALL_TOKEN_ENV, TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH, TENANT_CLIENT_ISOLATION_RULES, TENANT_CLIENT_MANIFEST, TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS, TENANT_CLIENT_PRINCIPAL_TYPES, TENANT_CLIENT_PUBLIC_IMPORTS, TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS, TENANT_CLIENT_REQUIRED_SDK_NAMESPACES, TOKENS_PER_WORD, WEBHOOK_MAX_ATTEMPTS, WEBHOOK_RETRY_DELAYS_MS, WORKFLOW_ACTION_KINDS, WORKFLOW_APPROVAL_MODES, WORKFLOW_AUTO_FIX_MODES, WORKFLOW_HOOK_EVENTS, WORKFLOW_INTEGRITY_CHECKS, WORKFLOW_MUTATION_TIERS, WORKFLOW_OUTPUT_KINDS, WORKFLOW_PROOF_ARTIFACT_KINDS, WORKFLOW_RUNTIME_SCHEMA_VERSION, WORKFLOW_RUN_STATUSES, WORKFLOW_STAFFING_HINTS, WORKFLOW_TRIGGER_KINDS, WORKTREE_PHASES, assertEdgePolicyAllowed, assertTenantClientImportAllowed, bigramTokenize, buildDomainEvent, buildProjectedUserFromPermitPrincipal, buildTenantBootstrapTemplateSeedRows, canonicalGeneratedInfisicalEnvName, classifyTenantClientImport, collectTopicNeighborhood, compareEventCursor, dsl_exports as contractDsl, convexTierForVercelDestinationEnvironment, createEventId, createEvidenceProjection, decodeEventCursor, decodePrefixedId, defineProjection, edgePolicyManifest, emitDomainEvent, encodeEventCursor, encodePrefixedId, expectedTenantConvexDeploymentForVercelEnvironment, fillGraphIntelligencePromptTemplate, findEdgePolicy, findInfisicalRuntimePath, findInfisicalRuntimeSurface, findInfisicalSecretDefinition, findInfisicalTenantSoftwareSystem, findInfisicalVercelSyncDestination, findProjectedUserByPermitClerkId, findProjectedUserByPermitPrincipalId, findTenantBootstrapSeedTable, findTenantBootstrapTableRequirement, findTenantClientInstallablePackage, formatTenantClientImportViolation, generatedInfisicalVariableForName, getComponentBoundaryTableLayer, getGraphIntelligenceQuery, hasPrefixedIdPrefix, inferActorType, inferSessionPrincipalType, infisicalSecretDefinitionsForConsumer, infisicalSecretDefinitionsForDestination, isActivePermitProjectionStatus, isAfterCursor, isComponentBoundaryComponentOwnedTable, isGeneratedInfisicalKnownEnvName, isGeneratedInfisicalManagedEnvName, isGraphIntelligenceQueryMode, isLucernPrompt, isTenantBootstrapForbiddenSeedTable, isTenantBootstrapSeedTable, isTenantClientAllowedImport, isTenantClientComponentConfigImport, isTenantClientInstallablePackage, isTenantClientPublicImport, jaccardSimilarity, lastDelegator, listBeliefsProjection, listGraphIntelligenceQueries, listTasksProjection, mapPermitRoleToPlatformRole, tool_contracts_exports as mcpToolsContract, modulateConfidenceProjection, normalizeDelegationChain, normalizeRetentionDays, prepareLexicalQuery, projections, rankEntityConnections, rankEntityTypeMatches, rankWindowScore, readGeneratedInfisicalDestinationEnv, readGeneratedInfisicalEnvValue, readGeneratedInfisicalRuntimeEnvSurface, readGeneratedLucernGatewayEnv, readGeneratedLucernWebPublicEnv, readGeneratedLucernWebServerEnv, readPermitProjectionString, requireActorPrincipalId, rerankLexicalWindow, schemas_exports as schemaContracts, scoreEntityConnection, scoreEntityTypeMatch, scoreLexicalSignal, scoreLexicalSignals, sdk_tools_contract_exports as sdkToolsContract, sortEventsByCursor, stemToken, tenantSoftwareSystemConvexEnvNames, tenantSoftwareSystemOwnsConvexEnvName, tokenOverlapScore, tokenizeSearchText, validateInfisicalSecretDefinitions, vercelCustomEnvironmentIdForTenantSoftwareSystem, wordOverlapScore, wordTokenize };
|
|
45300
46007
|
//# sourceMappingURL=index.js.map
|
|
45301
46008
|
//# sourceMappingURL=index.js.map
|