@lucern/contracts 0.3.0-alpha.11 → 0.3.0-alpha.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (130) hide show
  1. package/dist/auth-context.contract.js +13 -1
  2. package/dist/auth-context.contract.js.map +1 -1
  3. package/dist/auth-session.contract.js +13 -1
  4. package/dist/auth-session.contract.js.map +1 -1
  5. package/dist/auth.contract.d.ts +1 -1
  6. package/dist/auth.contract.js +13 -1
  7. package/dist/auth.contract.js.map +1 -1
  8. package/dist/component-boundary.contract.js +1 -0
  9. package/dist/component-boundary.contract.js.map +1 -1
  10. package/dist/function-registry/beliefs.d.ts +10 -10
  11. package/dist/function-registry/beliefs.js +53 -2
  12. package/dist/function-registry/beliefs.js.map +1 -1
  13. package/dist/function-registry/coding.d.ts +6 -6
  14. package/dist/function-registry/coding.js +53 -2
  15. package/dist/function-registry/coding.js.map +1 -1
  16. package/dist/function-registry/context.d.ts +3 -3
  17. package/dist/function-registry/context.js +53 -2
  18. package/dist/function-registry/context.js.map +1 -1
  19. package/dist/function-registry/contracts.d.ts +3 -3
  20. package/dist/function-registry/contracts.js +53 -2
  21. package/dist/function-registry/contracts.js.map +1 -1
  22. package/dist/function-registry/coordination.d.ts +9 -9
  23. package/dist/function-registry/coordination.js +53 -2
  24. package/dist/function-registry/coordination.js.map +1 -1
  25. package/dist/function-registry/edges.d.ts +6 -6
  26. package/dist/function-registry/edges.js +53 -2
  27. package/dist/function-registry/edges.js.map +1 -1
  28. package/dist/function-registry/evidence.d.ts +8 -8
  29. package/dist/function-registry/evidence.js +53 -2
  30. package/dist/function-registry/evidence.js.map +1 -1
  31. package/dist/function-registry/graph.d.ts +15 -15
  32. package/dist/function-registry/graph.js +53 -2
  33. package/dist/function-registry/graph.js.map +1 -1
  34. package/dist/function-registry/helpers.d.ts +2 -2
  35. package/dist/function-registry/helpers.js +53 -2
  36. package/dist/function-registry/helpers.js.map +1 -1
  37. package/dist/function-registry/identity.d.ts +56 -16
  38. package/dist/function-registry/identity.js +75 -4
  39. package/dist/function-registry/identity.js.map +1 -1
  40. package/dist/function-registry/index.d.ts +1 -1
  41. package/dist/function-registry/index.js +53 -2
  42. package/dist/function-registry/index.js.map +1 -1
  43. package/dist/function-registry/judgments.d.ts +2 -2
  44. package/dist/function-registry/judgments.js +53 -2
  45. package/dist/function-registry/judgments.js.map +1 -1
  46. package/dist/function-registry/legacy.d.ts +1 -1
  47. package/dist/function-registry/legacy.js +53 -2
  48. package/dist/function-registry/legacy.js.map +1 -1
  49. package/dist/function-registry/lenses.d.ts +4 -4
  50. package/dist/function-registry/lenses.js +53 -2
  51. package/dist/function-registry/lenses.js.map +1 -1
  52. package/dist/function-registry/manifest.d.ts +3 -3
  53. package/dist/function-registry/manifest.js +1 -0
  54. package/dist/function-registry/manifest.js.map +1 -1
  55. package/dist/function-registry/nodes.d.ts +8 -8
  56. package/dist/function-registry/nodes.js +53 -2
  57. package/dist/function-registry/nodes.js.map +1 -1
  58. package/dist/function-registry/ontologies.d.ts +11 -11
  59. package/dist/function-registry/ontologies.js +53 -2
  60. package/dist/function-registry/ontologies.js.map +1 -1
  61. package/dist/function-registry/pipeline.d.ts +3 -3
  62. package/dist/function-registry/pipeline.js +53 -2
  63. package/dist/function-registry/pipeline.js.map +1 -1
  64. package/dist/function-registry/questions.d.ts +12 -12
  65. package/dist/function-registry/questions.js +53 -2
  66. package/dist/function-registry/questions.js.map +1 -1
  67. package/dist/function-registry/tasks.d.ts +4 -4
  68. package/dist/function-registry/tasks.js +53 -2
  69. package/dist/function-registry/tasks.js.map +1 -1
  70. package/dist/function-registry/topics.d.ts +7 -7
  71. package/dist/function-registry/topics.js +53 -2
  72. package/dist/function-registry/topics.js.map +1 -1
  73. package/dist/function-registry/types.d.ts +2 -2
  74. package/dist/function-registry/worktrees.d.ts +11 -11
  75. package/dist/function-registry/worktrees.js +53 -2
  76. package/dist/function-registry/worktrees.js.map +1 -1
  77. package/dist/generated/convexSchemas.js +4 -3
  78. package/dist/generated/convexSchemas.js.map +1 -1
  79. package/dist/generated/infisicalRuntimeEnv.js +357 -0
  80. package/dist/generated/infisicalRuntimeEnv.js.map +1 -1
  81. package/dist/generated/schema-manifest.json +88 -3
  82. package/dist/generated/tableOwnership.d.ts +2 -1
  83. package/dist/generated/tableOwnership.js +2 -0
  84. package/dist/generated/tableOwnership.js.map +1 -1
  85. package/dist/generated/tier-expectations.json +6 -3
  86. package/dist/index.d.ts +3 -2
  87. package/dist/index.js +726 -19
  88. package/dist/index.js.map +1 -1
  89. package/dist/infisical-runtime.contract.d.ts +44 -0
  90. package/dist/infisical-runtime.contract.js +52 -0
  91. package/dist/infisical-runtime.contract.js.map +1 -1
  92. package/dist/manifests/infisical-runtime-manifest.d.ts +44 -0
  93. package/dist/manifests/infisical-runtime-manifest.js +52 -0
  94. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  95. package/dist/manifests/tenant-client-manifest.d.ts +8 -3
  96. package/dist/manifests/tenant-client-manifest.js +18 -1
  97. package/dist/manifests/tenant-client-manifest.js.map +1 -1
  98. package/dist/permit-principal-projection.contract.d.ts +74 -0
  99. package/dist/permit-principal-projection.contract.js +160 -0
  100. package/dist/permit-principal-projection.contract.js.map +1 -0
  101. package/dist/proof-attestation.json +1 -1
  102. package/dist/schemas/index.js +36 -1
  103. package/dist/schemas/index.js.map +1 -1
  104. package/dist/schemas/manifest.d.ts +85 -10
  105. package/dist/schemas/manifest.js +36 -1
  106. package/dist/schemas/manifest.js.map +1 -1
  107. package/dist/schemas/tables/controlPlane/accessControl.d.ts +2 -2
  108. package/dist/schemas/tables/controlPlane/accessControl.js +6 -1
  109. package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -1
  110. package/dist/schemas/tables/kernel/events.d.ts +21 -0
  111. package/dist/schemas/tables/kernel/events.js +43 -0
  112. package/dist/schemas/tables/kernel/events.js.map +1 -0
  113. package/dist/{sdk-tools.contract-BNklQDfB.d.ts → sdk-tools.contract-CKmSsrZ2.d.ts} +1 -1
  114. package/dist/sdk-tools.contract.d.ts +2 -2
  115. package/dist/sdk-tools.contract.js +45 -1
  116. package/dist/sdk-tools.contract.js.map +1 -1
  117. package/dist/tenant-bootstrap-seed.contract.d.ts +22 -2
  118. package/dist/tenant-bootstrap-seed.contract.js +15 -2
  119. package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
  120. package/dist/tenant-bootstrap-seed.defaults.d.ts +1 -1
  121. package/dist/tenant-bootstrap-seed.defaults.js +30 -12
  122. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
  123. package/dist/tenant-client.contract.d.ts +8 -3
  124. package/dist/tenant-client.contract.js +18 -1
  125. package/dist/tenant-client.contract.js.map +1 -1
  126. package/dist/{tool-contracts-BevD9Ho2.d.ts → tool-contracts-C_xvM9q2.d.ts} +4 -2
  127. package/dist/tool-contracts.d.ts +1 -1
  128. package/dist/tool-contracts.js +46 -2
  129. package/dist/tool-contracts.js.map +1 -1
  130. package/package.json +1 -1
@@ -290,6 +290,24 @@ declare const INFISICAL_RUNTIME_MANIFEST: {
290
290
  readonly environmentPolicy: "environment_specific";
291
291
  }];
292
292
  readonly description: "Canonical Lucern Clerk project identifier used when MC resolves Clerk identities.";
293
+ }, {
294
+ readonly id: "platform.clerk.webhook-secret";
295
+ readonly canonicalName: "LUCERN_CLERK_WEBHOOK_SECRET";
296
+ readonly aliases: readonly ["CLERK_WEBHOOK_SECRET", "CLERK_WEBHOOK_SIGNING_SECRET"];
297
+ readonly owner: "lucern_platform";
298
+ readonly scope: "environment";
299
+ readonly sourcePath: "/platform/auth";
300
+ readonly environmentPolicy: "environment_specific";
301
+ readonly required: true;
302
+ readonly secret: true;
303
+ readonly public: false;
304
+ readonly consumers: readonly ["lucern-gateway"];
305
+ readonly destinations: readonly [{
306
+ readonly kind: "vercel";
307
+ readonly target: "lucern-gateway";
308
+ readonly environmentPolicy: "environment_specific";
309
+ }];
310
+ readonly description: "Lucern-owned Clerk/Svix webhook signing secret used by the gateway to verify Clerk identity and organization events before projecting them into Permit.";
293
311
  }, {
294
312
  readonly id: "platform.clerk.jwks";
295
313
  readonly canonicalName: "CLERK_JWKS_URL";
@@ -532,6 +550,32 @@ declare const INFISICAL_RUNTIME_MANIFEST: {
532
550
  readonly environmentPolicy: "environment_specific";
533
551
  }];
534
552
  readonly description: "Permit.io API key used for MC sync and policy checks. Must fail closed if missing.";
553
+ }, {
554
+ readonly id: "platform.permit.webhook-secret";
555
+ readonly canonicalName: "LUCERN_PERMIT_WEBHOOK_SECRET";
556
+ readonly aliases: readonly ["PERMIT_WEBHOOK_SECRET"];
557
+ readonly owner: "lucern_platform";
558
+ readonly scope: "environment";
559
+ readonly sourcePath: "/platform/permit";
560
+ readonly environmentPolicy: "environment_specific";
561
+ readonly required: true;
562
+ readonly secret: true;
563
+ readonly public: false;
564
+ readonly consumers: readonly ["mc-convex", "lucern-gateway", "mc-operator-tooling"];
565
+ readonly destinations: readonly [{
566
+ readonly kind: "convex";
567
+ readonly target: "master-control";
568
+ readonly environmentPolicy: "environment_specific";
569
+ }, {
570
+ readonly kind: "vercel";
571
+ readonly target: "lucern-gateway";
572
+ readonly environmentPolicy: "environment_specific";
573
+ }, {
574
+ readonly kind: "operator_local";
575
+ readonly target: "mc-credential-maintenance";
576
+ readonly environmentPolicy: "environment_specific";
577
+ }];
578
+ readonly description: "Permit.io webhook secret used by gateway and MC webhook handlers. Must fail closed if missing.";
535
579
  }, {
536
580
  readonly id: "platform.permit.pdp-url";
537
581
  readonly canonicalName: "LUCERN_PERMIT_PDP_URL";
@@ -592,6 +592,27 @@ var PLATFORM_SECRET_DEFINITIONS = [
592
592
  ],
593
593
  description: "Canonical Lucern Clerk project identifier used when MC resolves Clerk identities."
594
594
  },
595
+ {
596
+ id: "platform.clerk.webhook-secret",
597
+ canonicalName: "LUCERN_CLERK_WEBHOOK_SECRET",
598
+ aliases: ["CLERK_WEBHOOK_SECRET", "CLERK_WEBHOOK_SIGNING_SECRET"],
599
+ owner: "lucern_platform",
600
+ scope: "environment",
601
+ sourcePath: "/platform/auth",
602
+ environmentPolicy: "environment_specific",
603
+ required: true,
604
+ secret: true,
605
+ public: false,
606
+ consumers: ["lucern-gateway"],
607
+ destinations: [
608
+ {
609
+ kind: "vercel",
610
+ target: "lucern-gateway",
611
+ environmentPolicy: "environment_specific"
612
+ }
613
+ ],
614
+ description: "Lucern-owned Clerk/Svix webhook signing secret used by the gateway to verify Clerk identity and organization events before projecting them into Permit."
615
+ },
595
616
  {
596
617
  id: "platform.clerk.jwks",
597
618
  canonicalName: "CLERK_JWKS_URL",
@@ -891,6 +912,37 @@ var PLATFORM_SECRET_DEFINITIONS = [
891
912
  ],
892
913
  description: "Permit.io API key used for MC sync and policy checks. Must fail closed if missing."
893
914
  },
915
+ {
916
+ id: "platform.permit.webhook-secret",
917
+ canonicalName: "LUCERN_PERMIT_WEBHOOK_SECRET",
918
+ aliases: ["PERMIT_WEBHOOK_SECRET"],
919
+ owner: "lucern_platform",
920
+ scope: "environment",
921
+ sourcePath: "/platform/permit",
922
+ environmentPolicy: "environment_specific",
923
+ required: true,
924
+ secret: true,
925
+ public: false,
926
+ consumers: ["mc-convex", "lucern-gateway", "mc-operator-tooling"],
927
+ destinations: [
928
+ {
929
+ kind: "convex",
930
+ target: "master-control",
931
+ environmentPolicy: "environment_specific"
932
+ },
933
+ {
934
+ kind: "vercel",
935
+ target: "lucern-gateway",
936
+ environmentPolicy: "environment_specific"
937
+ },
938
+ {
939
+ kind: "operator_local",
940
+ target: "mc-credential-maintenance",
941
+ environmentPolicy: "environment_specific"
942
+ }
943
+ ],
944
+ description: "Permit.io webhook secret used by gateway and MC webhook handlers. Must fail closed if missing."
945
+ },
894
946
  {
895
947
  id: "platform.permit.pdp-url",
896
948
  canonicalName: "LUCERN_PERMIT_PDP_URL",