@lucern/contracts 0.3.0-alpha.11 → 0.3.0-alpha.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (130) hide show
  1. package/dist/auth-context.contract.js +13 -1
  2. package/dist/auth-context.contract.js.map +1 -1
  3. package/dist/auth-session.contract.js +13 -1
  4. package/dist/auth-session.contract.js.map +1 -1
  5. package/dist/auth.contract.d.ts +1 -1
  6. package/dist/auth.contract.js +13 -1
  7. package/dist/auth.contract.js.map +1 -1
  8. package/dist/component-boundary.contract.js +1 -0
  9. package/dist/component-boundary.contract.js.map +1 -1
  10. package/dist/function-registry/beliefs.d.ts +10 -10
  11. package/dist/function-registry/beliefs.js +53 -2
  12. package/dist/function-registry/beliefs.js.map +1 -1
  13. package/dist/function-registry/coding.d.ts +6 -6
  14. package/dist/function-registry/coding.js +53 -2
  15. package/dist/function-registry/coding.js.map +1 -1
  16. package/dist/function-registry/context.d.ts +3 -3
  17. package/dist/function-registry/context.js +53 -2
  18. package/dist/function-registry/context.js.map +1 -1
  19. package/dist/function-registry/contracts.d.ts +3 -3
  20. package/dist/function-registry/contracts.js +53 -2
  21. package/dist/function-registry/contracts.js.map +1 -1
  22. package/dist/function-registry/coordination.d.ts +9 -9
  23. package/dist/function-registry/coordination.js +53 -2
  24. package/dist/function-registry/coordination.js.map +1 -1
  25. package/dist/function-registry/edges.d.ts +6 -6
  26. package/dist/function-registry/edges.js +53 -2
  27. package/dist/function-registry/edges.js.map +1 -1
  28. package/dist/function-registry/evidence.d.ts +8 -8
  29. package/dist/function-registry/evidence.js +53 -2
  30. package/dist/function-registry/evidence.js.map +1 -1
  31. package/dist/function-registry/graph.d.ts +15 -15
  32. package/dist/function-registry/graph.js +53 -2
  33. package/dist/function-registry/graph.js.map +1 -1
  34. package/dist/function-registry/helpers.d.ts +2 -2
  35. package/dist/function-registry/helpers.js +53 -2
  36. package/dist/function-registry/helpers.js.map +1 -1
  37. package/dist/function-registry/identity.d.ts +56 -16
  38. package/dist/function-registry/identity.js +75 -4
  39. package/dist/function-registry/identity.js.map +1 -1
  40. package/dist/function-registry/index.d.ts +1 -1
  41. package/dist/function-registry/index.js +53 -2
  42. package/dist/function-registry/index.js.map +1 -1
  43. package/dist/function-registry/judgments.d.ts +2 -2
  44. package/dist/function-registry/judgments.js +53 -2
  45. package/dist/function-registry/judgments.js.map +1 -1
  46. package/dist/function-registry/legacy.d.ts +1 -1
  47. package/dist/function-registry/legacy.js +53 -2
  48. package/dist/function-registry/legacy.js.map +1 -1
  49. package/dist/function-registry/lenses.d.ts +4 -4
  50. package/dist/function-registry/lenses.js +53 -2
  51. package/dist/function-registry/lenses.js.map +1 -1
  52. package/dist/function-registry/manifest.d.ts +3 -3
  53. package/dist/function-registry/manifest.js +1 -0
  54. package/dist/function-registry/manifest.js.map +1 -1
  55. package/dist/function-registry/nodes.d.ts +8 -8
  56. package/dist/function-registry/nodes.js +53 -2
  57. package/dist/function-registry/nodes.js.map +1 -1
  58. package/dist/function-registry/ontologies.d.ts +11 -11
  59. package/dist/function-registry/ontologies.js +53 -2
  60. package/dist/function-registry/ontologies.js.map +1 -1
  61. package/dist/function-registry/pipeline.d.ts +3 -3
  62. package/dist/function-registry/pipeline.js +53 -2
  63. package/dist/function-registry/pipeline.js.map +1 -1
  64. package/dist/function-registry/questions.d.ts +12 -12
  65. package/dist/function-registry/questions.js +53 -2
  66. package/dist/function-registry/questions.js.map +1 -1
  67. package/dist/function-registry/tasks.d.ts +4 -4
  68. package/dist/function-registry/tasks.js +53 -2
  69. package/dist/function-registry/tasks.js.map +1 -1
  70. package/dist/function-registry/topics.d.ts +7 -7
  71. package/dist/function-registry/topics.js +53 -2
  72. package/dist/function-registry/topics.js.map +1 -1
  73. package/dist/function-registry/types.d.ts +2 -2
  74. package/dist/function-registry/worktrees.d.ts +11 -11
  75. package/dist/function-registry/worktrees.js +53 -2
  76. package/dist/function-registry/worktrees.js.map +1 -1
  77. package/dist/generated/convexSchemas.js +4 -3
  78. package/dist/generated/convexSchemas.js.map +1 -1
  79. package/dist/generated/infisicalRuntimeEnv.js +357 -0
  80. package/dist/generated/infisicalRuntimeEnv.js.map +1 -1
  81. package/dist/generated/schema-manifest.json +88 -3
  82. package/dist/generated/tableOwnership.d.ts +2 -1
  83. package/dist/generated/tableOwnership.js +2 -0
  84. package/dist/generated/tableOwnership.js.map +1 -1
  85. package/dist/generated/tier-expectations.json +6 -3
  86. package/dist/index.d.ts +3 -2
  87. package/dist/index.js +726 -19
  88. package/dist/index.js.map +1 -1
  89. package/dist/infisical-runtime.contract.d.ts +44 -0
  90. package/dist/infisical-runtime.contract.js +52 -0
  91. package/dist/infisical-runtime.contract.js.map +1 -1
  92. package/dist/manifests/infisical-runtime-manifest.d.ts +44 -0
  93. package/dist/manifests/infisical-runtime-manifest.js +52 -0
  94. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  95. package/dist/manifests/tenant-client-manifest.d.ts +8 -3
  96. package/dist/manifests/tenant-client-manifest.js +18 -1
  97. package/dist/manifests/tenant-client-manifest.js.map +1 -1
  98. package/dist/permit-principal-projection.contract.d.ts +74 -0
  99. package/dist/permit-principal-projection.contract.js +160 -0
  100. package/dist/permit-principal-projection.contract.js.map +1 -0
  101. package/dist/proof-attestation.json +1 -1
  102. package/dist/schemas/index.js +36 -1
  103. package/dist/schemas/index.js.map +1 -1
  104. package/dist/schemas/manifest.d.ts +85 -10
  105. package/dist/schemas/manifest.js +36 -1
  106. package/dist/schemas/manifest.js.map +1 -1
  107. package/dist/schemas/tables/controlPlane/accessControl.d.ts +2 -2
  108. package/dist/schemas/tables/controlPlane/accessControl.js +6 -1
  109. package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -1
  110. package/dist/schemas/tables/kernel/events.d.ts +21 -0
  111. package/dist/schemas/tables/kernel/events.js +43 -0
  112. package/dist/schemas/tables/kernel/events.js.map +1 -0
  113. package/dist/{sdk-tools.contract-BNklQDfB.d.ts → sdk-tools.contract-CKmSsrZ2.d.ts} +1 -1
  114. package/dist/sdk-tools.contract.d.ts +2 -2
  115. package/dist/sdk-tools.contract.js +45 -1
  116. package/dist/sdk-tools.contract.js.map +1 -1
  117. package/dist/tenant-bootstrap-seed.contract.d.ts +22 -2
  118. package/dist/tenant-bootstrap-seed.contract.js +15 -2
  119. package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
  120. package/dist/tenant-bootstrap-seed.defaults.d.ts +1 -1
  121. package/dist/tenant-bootstrap-seed.defaults.js +30 -12
  122. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
  123. package/dist/tenant-client.contract.d.ts +8 -3
  124. package/dist/tenant-client.contract.js +18 -1
  125. package/dist/tenant-client.contract.js.map +1 -1
  126. package/dist/{tool-contracts-BevD9Ho2.d.ts → tool-contracts-C_xvM9q2.d.ts} +4 -2
  127. package/dist/tool-contracts.d.ts +1 -1
  128. package/dist/tool-contracts.js +46 -2
  129. package/dist/tool-contracts.js.map +1 -1
  130. package/package.json +1 -1
@@ -496,6 +496,24 @@ declare const INFISICAL_SECRET_DEFINITIONS: readonly [{
496
496
  readonly environmentPolicy: "environment_specific";
497
497
  }];
498
498
  readonly description: "Canonical Lucern Clerk project identifier used when MC resolves Clerk identities.";
499
+ }, {
500
+ readonly id: "platform.clerk.webhook-secret";
501
+ readonly canonicalName: "LUCERN_CLERK_WEBHOOK_SECRET";
502
+ readonly aliases: readonly ["CLERK_WEBHOOK_SECRET", "CLERK_WEBHOOK_SIGNING_SECRET"];
503
+ readonly owner: "lucern_platform";
504
+ readonly scope: "environment";
505
+ readonly sourcePath: "/platform/auth";
506
+ readonly environmentPolicy: "environment_specific";
507
+ readonly required: true;
508
+ readonly secret: true;
509
+ readonly public: false;
510
+ readonly consumers: readonly ["lucern-gateway"];
511
+ readonly destinations: readonly [{
512
+ readonly kind: "vercel";
513
+ readonly target: "lucern-gateway";
514
+ readonly environmentPolicy: "environment_specific";
515
+ }];
516
+ readonly description: "Lucern-owned Clerk/Svix webhook signing secret used by the gateway to verify Clerk identity and organization events before projecting them into Permit.";
499
517
  }, {
500
518
  readonly id: "platform.clerk.jwks";
501
519
  readonly canonicalName: "CLERK_JWKS_URL";
@@ -738,6 +756,32 @@ declare const INFISICAL_SECRET_DEFINITIONS: readonly [{
738
756
  readonly environmentPolicy: "environment_specific";
739
757
  }];
740
758
  readonly description: "Permit.io API key used for MC sync and policy checks. Must fail closed if missing.";
759
+ }, {
760
+ readonly id: "platform.permit.webhook-secret";
761
+ readonly canonicalName: "LUCERN_PERMIT_WEBHOOK_SECRET";
762
+ readonly aliases: readonly ["PERMIT_WEBHOOK_SECRET"];
763
+ readonly owner: "lucern_platform";
764
+ readonly scope: "environment";
765
+ readonly sourcePath: "/platform/permit";
766
+ readonly environmentPolicy: "environment_specific";
767
+ readonly required: true;
768
+ readonly secret: true;
769
+ readonly public: false;
770
+ readonly consumers: readonly ["mc-convex", "lucern-gateway", "mc-operator-tooling"];
771
+ readonly destinations: readonly [{
772
+ readonly kind: "convex";
773
+ readonly target: "master-control";
774
+ readonly environmentPolicy: "environment_specific";
775
+ }, {
776
+ readonly kind: "vercel";
777
+ readonly target: "lucern-gateway";
778
+ readonly environmentPolicy: "environment_specific";
779
+ }, {
780
+ readonly kind: "operator_local";
781
+ readonly target: "mc-credential-maintenance";
782
+ readonly environmentPolicy: "environment_specific";
783
+ }];
784
+ readonly description: "Permit.io webhook secret used by gateway and MC webhook handlers. Must fail closed if missing.";
741
785
  }, {
742
786
  readonly id: "platform.permit.pdp-url";
743
787
  readonly canonicalName: "LUCERN_PERMIT_PDP_URL";
@@ -698,6 +698,27 @@ var PLATFORM_SECRET_DEFINITIONS = [
698
698
  ],
699
699
  description: "Canonical Lucern Clerk project identifier used when MC resolves Clerk identities."
700
700
  },
701
+ {
702
+ id: "platform.clerk.webhook-secret",
703
+ canonicalName: "LUCERN_CLERK_WEBHOOK_SECRET",
704
+ aliases: ["CLERK_WEBHOOK_SECRET", "CLERK_WEBHOOK_SIGNING_SECRET"],
705
+ owner: "lucern_platform",
706
+ scope: "environment",
707
+ sourcePath: "/platform/auth",
708
+ environmentPolicy: "environment_specific",
709
+ required: true,
710
+ secret: true,
711
+ public: false,
712
+ consumers: ["lucern-gateway"],
713
+ destinations: [
714
+ {
715
+ kind: "vercel",
716
+ target: "lucern-gateway",
717
+ environmentPolicy: "environment_specific"
718
+ }
719
+ ],
720
+ description: "Lucern-owned Clerk/Svix webhook signing secret used by the gateway to verify Clerk identity and organization events before projecting them into Permit."
721
+ },
701
722
  {
702
723
  id: "platform.clerk.jwks",
703
724
  canonicalName: "CLERK_JWKS_URL",
@@ -997,6 +1018,37 @@ var PLATFORM_SECRET_DEFINITIONS = [
997
1018
  ],
998
1019
  description: "Permit.io API key used for MC sync and policy checks. Must fail closed if missing."
999
1020
  },
1021
+ {
1022
+ id: "platform.permit.webhook-secret",
1023
+ canonicalName: "LUCERN_PERMIT_WEBHOOK_SECRET",
1024
+ aliases: ["PERMIT_WEBHOOK_SECRET"],
1025
+ owner: "lucern_platform",
1026
+ scope: "environment",
1027
+ sourcePath: "/platform/permit",
1028
+ environmentPolicy: "environment_specific",
1029
+ required: true,
1030
+ secret: true,
1031
+ public: false,
1032
+ consumers: ["mc-convex", "lucern-gateway", "mc-operator-tooling"],
1033
+ destinations: [
1034
+ {
1035
+ kind: "convex",
1036
+ target: "master-control",
1037
+ environmentPolicy: "environment_specific"
1038
+ },
1039
+ {
1040
+ kind: "vercel",
1041
+ target: "lucern-gateway",
1042
+ environmentPolicy: "environment_specific"
1043
+ },
1044
+ {
1045
+ kind: "operator_local",
1046
+ target: "mc-credential-maintenance",
1047
+ environmentPolicy: "environment_specific"
1048
+ }
1049
+ ],
1050
+ description: "Permit.io webhook secret used by gateway and MC webhook handlers. Must fail closed if missing."
1051
+ },
1000
1052
  {
1001
1053
  id: "platform.permit.pdp-url",
1002
1054
  canonicalName: "LUCERN_PERMIT_PDP_URL",