@lucern/contracts 0.3.0-alpha.15 → 0.3.0-alpha.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/dist/auth-context.contract.js +1 -1
- package/dist/auth-context.contract.js.map +1 -1
- package/dist/auth-session.contract.js +1 -1
- package/dist/auth-session.contract.js.map +1 -1
- package/dist/auth.contract.js +1 -1
- package/dist/auth.contract.js.map +1 -1
- package/dist/function-registry/beliefs.d.ts +1 -1
- package/dist/function-registry/beliefs.js +7 -19
- package/dist/function-registry/beliefs.js.map +1 -1
- package/dist/function-registry/coding.d.ts +1 -1
- package/dist/function-registry/coding.js +4 -4
- package/dist/function-registry/coding.js.map +1 -1
- package/dist/function-registry/context.d.ts +1 -1
- package/dist/function-registry/context.js +4 -4
- package/dist/function-registry/context.js.map +1 -1
- package/dist/function-registry/contracts.d.ts +1 -1
- package/dist/function-registry/contracts.js +4 -4
- package/dist/function-registry/contracts.js.map +1 -1
- package/dist/function-registry/coordination.d.ts +1 -1
- package/dist/function-registry/coordination.js +4 -4
- package/dist/function-registry/coordination.js.map +1 -1
- package/dist/function-registry/edges.d.ts +1 -1
- package/dist/function-registry/edges.js +4 -4
- package/dist/function-registry/edges.js.map +1 -1
- package/dist/function-registry/evidence.d.ts +1 -1
- package/dist/function-registry/evidence.js +6 -15
- package/dist/function-registry/evidence.js.map +1 -1
- package/dist/function-registry/graph.d.ts +1 -1
- package/dist/function-registry/graph.js +4 -4
- package/dist/function-registry/graph.js.map +1 -1
- package/dist/function-registry/helpers.js +4 -4
- package/dist/function-registry/helpers.js.map +1 -1
- package/dist/function-registry/identity.d.ts +1 -1
- package/dist/function-registry/identity.js +7 -10
- package/dist/function-registry/identity.js.map +1 -1
- package/dist/function-registry/index.js +4 -4
- package/dist/function-registry/index.js.map +1 -1
- package/dist/function-registry/judgments.d.ts +1 -1
- package/dist/function-registry/judgments.js +4 -4
- package/dist/function-registry/judgments.js.map +1 -1
- package/dist/function-registry/legacy.d.ts +1 -1
- package/dist/function-registry/legacy.js +4 -4
- package/dist/function-registry/legacy.js.map +1 -1
- package/dist/function-registry/lenses.d.ts +1 -1
- package/dist/function-registry/lenses.js +4 -4
- package/dist/function-registry/lenses.js.map +1 -1
- package/dist/function-registry/nodes.d.ts +1 -1
- package/dist/function-registry/nodes.js +4 -4
- package/dist/function-registry/nodes.js.map +1 -1
- package/dist/function-registry/ontologies.d.ts +1 -1
- package/dist/function-registry/ontologies.js +4 -4
- package/dist/function-registry/ontologies.js.map +1 -1
- package/dist/function-registry/pipeline.d.ts +1 -1
- package/dist/function-registry/pipeline.js +4 -4
- package/dist/function-registry/pipeline.js.map +1 -1
- package/dist/function-registry/questions.d.ts +1 -1
- package/dist/function-registry/questions.js +6 -9
- package/dist/function-registry/questions.js.map +1 -1
- package/dist/function-registry/tasks.d.ts +1 -1
- package/dist/function-registry/tasks.js +4 -4
- package/dist/function-registry/tasks.js.map +1 -1
- package/dist/function-registry/topics.d.ts +1 -1
- package/dist/function-registry/topics.js +4 -4
- package/dist/function-registry/topics.js.map +1 -1
- package/dist/function-registry/types.d.ts +1 -1
- package/dist/function-registry/worktrees.d.ts +1 -1
- package/dist/function-registry/worktrees.js +20 -4
- package/dist/function-registry/worktrees.js.map +1 -1
- package/dist/gateway.contract.d.ts +1 -0
- package/dist/gateway.contract.js.map +1 -1
- package/dist/generated/convexSchemas.js +2 -2
- package/dist/generated/convexSchemas.js.map +1 -1
- package/dist/generated/infisicalRuntimeEnv.js +300 -6
- package/dist/generated/infisicalRuntimeEnv.js.map +1 -1
- package/dist/index.js +364 -16
- package/dist/index.js.map +1 -1
- package/dist/infisical-runtime.contract.d.ts +41 -3
- package/dist/infisical-runtime.contract.js +49 -3
- package/dist/infisical-runtime.contract.js.map +1 -1
- package/dist/manifests/infisical-runtime-manifest.d.ts +41 -3
- package/dist/manifests/infisical-runtime-manifest.js +49 -3
- package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
- package/dist/permit-principal-projection.contract.js +8 -1
- package/dist/permit-principal-projection.contract.js.map +1 -1
- package/dist/proof-attestation.json +1 -1
- package/dist/schemas/index.js +2 -1
- package/dist/schemas/index.js.map +1 -1
- package/dist/schemas/manifest.d.ts +10 -5
- package/dist/schemas/manifest.js +2 -1
- package/dist/schemas/manifest.js.map +1 -1
- package/dist/schemas/tables/mc/tenant.d.ts +2 -1
- package/dist/schemas/tables/mc/tenant.js +2 -1
- package/dist/schemas/tables/mc/tenant.js.map +1 -1
- package/dist/sdk-tools.contract.js +4 -4
- package/dist/sdk-tools.contract.js.map +1 -1
- package/dist/tool-contracts.js +4 -4
- package/dist/tool-contracts.js.map +1 -1
- package/package.json +1 -1
|
@@ -162,6 +162,18 @@ declare const INFISICAL_RUNTIME_MANIFEST: {
|
|
|
162
162
|
readonly public: false;
|
|
163
163
|
readonly description: "Optional web-issued CLI login session lifetime override in milliseconds.";
|
|
164
164
|
}];
|
|
165
|
+
}, {
|
|
166
|
+
readonly id: "platform-operator-credentials";
|
|
167
|
+
readonly secretPath: "/platform/runtime";
|
|
168
|
+
readonly description: "Lucern-owned operator credential material for local CLI, MCP, and SDK sessions.";
|
|
169
|
+
readonly variables: readonly [{
|
|
170
|
+
readonly name: "LUCERN_API_KEY";
|
|
171
|
+
readonly required: false;
|
|
172
|
+
readonly secret: true;
|
|
173
|
+
readonly public: false;
|
|
174
|
+
readonly aliases: readonly ["LUCERN_KEY"];
|
|
175
|
+
readonly description: "Lucern-owned operator API key for gateway calls from trusted local tooling.";
|
|
176
|
+
}];
|
|
165
177
|
}, {
|
|
166
178
|
readonly id: "tenant-shared-install";
|
|
167
179
|
readonly secretPath: "tenants/shared";
|
|
@@ -191,7 +203,7 @@ declare const INFISICAL_RUNTIME_MANIFEST: {
|
|
|
191
203
|
readonly id: "lucern-sdk";
|
|
192
204
|
readonly packageName: "@lucern/sdk";
|
|
193
205
|
readonly delivery: "runtime_fetch";
|
|
194
|
-
readonly sourcePathIds: readonly ["platform-runtime"];
|
|
206
|
+
readonly sourcePathIds: readonly ["platform-runtime", "platform-operator-credentials"];
|
|
195
207
|
readonly consumer: "server-side SDK operator contexts with a scoped Infisical identity";
|
|
196
208
|
readonly description: "SDK exposes the runtime Infisical resolver used by clients that have machine identity credentials.";
|
|
197
209
|
}, {
|
|
@@ -199,7 +211,7 @@ declare const INFISICAL_RUNTIME_MANIFEST: {
|
|
|
199
211
|
readonly packageName: "@lucern/cli";
|
|
200
212
|
readonly delivery: "runtime_fetch";
|
|
201
213
|
readonly fallback: "device_auth";
|
|
202
|
-
readonly sourcePathIds: readonly ["platform-runtime"];
|
|
214
|
+
readonly sourcePathIds: readonly ["platform-runtime", "platform-operator-credentials"];
|
|
203
215
|
readonly consumer: "developer/operator CLI processes";
|
|
204
216
|
readonly description: "CLI hydrates runtime defaults from Infisical when configured, then authenticates users through Lucern device login.";
|
|
205
217
|
}, {
|
|
@@ -207,7 +219,7 @@ declare const INFISICAL_RUNTIME_MANIFEST: {
|
|
|
207
219
|
readonly packageName: "@lucern/mcp";
|
|
208
220
|
readonly delivery: "runtime_fetch";
|
|
209
221
|
readonly fallback: "device_auth";
|
|
210
|
-
readonly sourcePathIds: readonly ["platform-runtime"];
|
|
222
|
+
readonly sourcePathIds: readonly ["platform-runtime", "platform-operator-credentials"];
|
|
211
223
|
readonly consumer: "MCP server/client processes";
|
|
212
224
|
readonly description: "MCP hydrates runtime defaults through the SDK resolver and remains a Lucern client, not a platform secret owner.";
|
|
213
225
|
}, {
|
|
@@ -1354,6 +1366,32 @@ declare const INFISICAL_RUNTIME_MANIFEST: {
|
|
|
1354
1366
|
readonly environmentPolicy: "environment_specific";
|
|
1355
1367
|
}];
|
|
1356
1368
|
readonly description: "Local/hosted MCP auth token material. Tenant apps must use MC/API-key sessions instead.";
|
|
1369
|
+
}, {
|
|
1370
|
+
readonly id: "platform.operator.api-key";
|
|
1371
|
+
readonly canonicalName: "LUCERN_API_KEY";
|
|
1372
|
+
readonly aliases: readonly ["LUCERN_KEY"];
|
|
1373
|
+
readonly owner: "lucern_platform";
|
|
1374
|
+
readonly scope: "environment";
|
|
1375
|
+
readonly sourcePath: "/platform/runtime";
|
|
1376
|
+
readonly environmentPolicy: "environment_specific";
|
|
1377
|
+
readonly required: false;
|
|
1378
|
+
readonly secret: true;
|
|
1379
|
+
readonly public: false;
|
|
1380
|
+
readonly consumers: readonly ["lucern-cli", "lucern-mcp", "lucern-repo-ci"];
|
|
1381
|
+
readonly destinations: readonly [{
|
|
1382
|
+
readonly kind: "runtime_fetch";
|
|
1383
|
+
readonly target: "lucern-cli-mcp-sdk";
|
|
1384
|
+
readonly environmentPolicy: "environment_specific";
|
|
1385
|
+
}, {
|
|
1386
|
+
readonly kind: "operator_local";
|
|
1387
|
+
readonly target: "lucern-repo";
|
|
1388
|
+
readonly environmentPolicy: "environment_specific";
|
|
1389
|
+
}, {
|
|
1390
|
+
readonly kind: "github_actions";
|
|
1391
|
+
readonly target: "LucernAI/lucern";
|
|
1392
|
+
readonly environmentPolicy: "environment_specific";
|
|
1393
|
+
}];
|
|
1394
|
+
readonly description: "Lucern-owned operator API key for trusted CLI/MCP/CI calls. Source it from /platform/runtime; do not persist it into local user credential files.";
|
|
1357
1395
|
}, {
|
|
1358
1396
|
readonly id: "platform.graph-sync.proxy";
|
|
1359
1397
|
readonly canonicalName: "LUCERN_GRAPH_SYNC_QUERY_BASE_URL";
|
|
@@ -357,6 +357,21 @@ var INFISICAL_RUNTIME_PATHS = [
|
|
|
357
357
|
}
|
|
358
358
|
]
|
|
359
359
|
},
|
|
360
|
+
{
|
|
361
|
+
id: "platform-operator-credentials",
|
|
362
|
+
secretPath: "/platform/runtime",
|
|
363
|
+
description: "Lucern-owned operator credential material for local CLI, MCP, and SDK sessions.",
|
|
364
|
+
variables: [
|
|
365
|
+
{
|
|
366
|
+
name: "LUCERN_API_KEY",
|
|
367
|
+
required: false,
|
|
368
|
+
secret: true,
|
|
369
|
+
public: false,
|
|
370
|
+
aliases: ["LUCERN_KEY"],
|
|
371
|
+
description: "Lucern-owned operator API key for gateway calls from trusted local tooling."
|
|
372
|
+
}
|
|
373
|
+
]
|
|
374
|
+
},
|
|
360
375
|
{
|
|
361
376
|
id: "tenant-shared-install",
|
|
362
377
|
secretPath: TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH,
|
|
@@ -392,7 +407,7 @@ var INFISICAL_RUNTIME_SURFACES = [
|
|
|
392
407
|
id: "lucern-sdk",
|
|
393
408
|
packageName: "@lucern/sdk",
|
|
394
409
|
delivery: "runtime_fetch",
|
|
395
|
-
sourcePathIds: ["platform-runtime"],
|
|
410
|
+
sourcePathIds: ["platform-runtime", "platform-operator-credentials"],
|
|
396
411
|
consumer: "server-side SDK operator contexts with a scoped Infisical identity",
|
|
397
412
|
description: "SDK exposes the runtime Infisical resolver used by clients that have machine identity credentials."
|
|
398
413
|
},
|
|
@@ -401,7 +416,7 @@ var INFISICAL_RUNTIME_SURFACES = [
|
|
|
401
416
|
packageName: "@lucern/cli",
|
|
402
417
|
delivery: "runtime_fetch",
|
|
403
418
|
fallback: "device_auth",
|
|
404
|
-
sourcePathIds: ["platform-runtime"],
|
|
419
|
+
sourcePathIds: ["platform-runtime", "platform-operator-credentials"],
|
|
405
420
|
consumer: "developer/operator CLI processes",
|
|
406
421
|
description: "CLI hydrates runtime defaults from Infisical when configured, then authenticates users through Lucern device login."
|
|
407
422
|
},
|
|
@@ -410,7 +425,7 @@ var INFISICAL_RUNTIME_SURFACES = [
|
|
|
410
425
|
packageName: "@lucern/mcp",
|
|
411
426
|
delivery: "runtime_fetch",
|
|
412
427
|
fallback: "device_auth",
|
|
413
|
-
sourcePathIds: ["platform-runtime"],
|
|
428
|
+
sourcePathIds: ["platform-runtime", "platform-operator-credentials"],
|
|
414
429
|
consumer: "MCP server/client processes",
|
|
415
430
|
description: "MCP hydrates runtime defaults through the SDK resolver and remains a Lucern client, not a platform secret owner."
|
|
416
431
|
},
|
|
@@ -1899,6 +1914,37 @@ var PLATFORM_LOCAL_OPERATOR_CONFIG_SECRET_DEFINITIONS = [
|
|
|
1899
1914
|
],
|
|
1900
1915
|
description: "Local/hosted MCP auth token material. Tenant apps must use MC/API-key sessions instead."
|
|
1901
1916
|
},
|
|
1917
|
+
{
|
|
1918
|
+
id: "platform.operator.api-key",
|
|
1919
|
+
canonicalName: "LUCERN_API_KEY",
|
|
1920
|
+
aliases: ["LUCERN_KEY"],
|
|
1921
|
+
owner: "lucern_platform",
|
|
1922
|
+
scope: "environment",
|
|
1923
|
+
sourcePath: "/platform/runtime",
|
|
1924
|
+
environmentPolicy: "environment_specific",
|
|
1925
|
+
required: false,
|
|
1926
|
+
secret: true,
|
|
1927
|
+
public: false,
|
|
1928
|
+
consumers: ["lucern-cli", "lucern-mcp", "lucern-repo-ci"],
|
|
1929
|
+
destinations: [
|
|
1930
|
+
{
|
|
1931
|
+
kind: "runtime_fetch",
|
|
1932
|
+
target: "lucern-cli-mcp-sdk",
|
|
1933
|
+
environmentPolicy: "environment_specific"
|
|
1934
|
+
},
|
|
1935
|
+
{
|
|
1936
|
+
kind: "operator_local",
|
|
1937
|
+
target: "lucern-repo",
|
|
1938
|
+
environmentPolicy: "environment_specific"
|
|
1939
|
+
},
|
|
1940
|
+
{
|
|
1941
|
+
kind: "github_actions",
|
|
1942
|
+
target: "LucernAI/lucern",
|
|
1943
|
+
environmentPolicy: "environment_specific"
|
|
1944
|
+
}
|
|
1945
|
+
],
|
|
1946
|
+
description: "Lucern-owned operator API key for trusted CLI/MCP/CI calls. Source it from /platform/runtime; do not persist it into local user credential files."
|
|
1947
|
+
},
|
|
1902
1948
|
{
|
|
1903
1949
|
id: "platform.graph-sync.proxy",
|
|
1904
1950
|
canonicalName: "LUCERN_GRAPH_SYNC_QUERY_BASE_URL",
|