@lucern/contracts 0.3.0-alpha.16 → 0.3.0-alpha.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/CHANGELOG.md +3 -0
  2. package/dist/auth-context.contract.js +1 -1
  3. package/dist/auth-context.contract.js.map +1 -1
  4. package/dist/auth-session.contract.js +1 -1
  5. package/dist/auth-session.contract.js.map +1 -1
  6. package/dist/auth.contract.js +1 -1
  7. package/dist/auth.contract.js.map +1 -1
  8. package/dist/function-registry/beliefs.js +4 -4
  9. package/dist/function-registry/beliefs.js.map +1 -1
  10. package/dist/function-registry/coding.js +4 -4
  11. package/dist/function-registry/coding.js.map +1 -1
  12. package/dist/function-registry/context.js +4 -4
  13. package/dist/function-registry/context.js.map +1 -1
  14. package/dist/function-registry/contracts.js +4 -4
  15. package/dist/function-registry/contracts.js.map +1 -1
  16. package/dist/function-registry/coordination.js +4 -4
  17. package/dist/function-registry/coordination.js.map +1 -1
  18. package/dist/function-registry/edges.js +4 -4
  19. package/dist/function-registry/edges.js.map +1 -1
  20. package/dist/function-registry/evidence.js +4 -4
  21. package/dist/function-registry/evidence.js.map +1 -1
  22. package/dist/function-registry/graph.js +4 -4
  23. package/dist/function-registry/graph.js.map +1 -1
  24. package/dist/function-registry/helpers.js +4 -4
  25. package/dist/function-registry/helpers.js.map +1 -1
  26. package/dist/function-registry/identity.js +4 -4
  27. package/dist/function-registry/identity.js.map +1 -1
  28. package/dist/function-registry/index.js +4 -4
  29. package/dist/function-registry/index.js.map +1 -1
  30. package/dist/function-registry/judgments.js +4 -4
  31. package/dist/function-registry/judgments.js.map +1 -1
  32. package/dist/function-registry/legacy.js +4 -4
  33. package/dist/function-registry/legacy.js.map +1 -1
  34. package/dist/function-registry/lenses.js +4 -4
  35. package/dist/function-registry/lenses.js.map +1 -1
  36. package/dist/function-registry/nodes.js +4 -4
  37. package/dist/function-registry/nodes.js.map +1 -1
  38. package/dist/function-registry/ontologies.js +4 -4
  39. package/dist/function-registry/ontologies.js.map +1 -1
  40. package/dist/function-registry/pipeline.js +4 -4
  41. package/dist/function-registry/pipeline.js.map +1 -1
  42. package/dist/function-registry/questions.js +4 -4
  43. package/dist/function-registry/questions.js.map +1 -1
  44. package/dist/function-registry/tasks.js +4 -4
  45. package/dist/function-registry/tasks.js.map +1 -1
  46. package/dist/function-registry/topics.js +4 -4
  47. package/dist/function-registry/topics.js.map +1 -1
  48. package/dist/function-registry/worktrees.js +20 -4
  49. package/dist/function-registry/worktrees.js.map +1 -1
  50. package/dist/gateway.contract.d.ts +1 -0
  51. package/dist/gateway.contract.js.map +1 -1
  52. package/dist/generated/convexSchemas.js +1 -1
  53. package/dist/generated/convexSchemas.js.map +1 -1
  54. package/dist/generated/infisicalRuntimeEnv.js +300 -6
  55. package/dist/generated/infisicalRuntimeEnv.js.map +1 -1
  56. package/dist/index.js +363 -16
  57. package/dist/index.js.map +1 -1
  58. package/dist/infisical-runtime.contract.d.ts +41 -3
  59. package/dist/infisical-runtime.contract.js +49 -3
  60. package/dist/infisical-runtime.contract.js.map +1 -1
  61. package/dist/manifests/infisical-runtime-manifest.d.ts +41 -3
  62. package/dist/manifests/infisical-runtime-manifest.js +49 -3
  63. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  64. package/dist/permit-principal-projection.contract.js +8 -1
  65. package/dist/permit-principal-projection.contract.js.map +1 -1
  66. package/dist/proof-attestation.json +1 -1
  67. package/dist/schemas/index.js +1 -1
  68. package/dist/schemas/index.js.map +1 -1
  69. package/dist/schemas/manifest.d.ts +5 -5
  70. package/dist/schemas/manifest.js +1 -1
  71. package/dist/schemas/manifest.js.map +1 -1
  72. package/dist/schemas/tables/mc/tenant.d.ts +1 -1
  73. package/dist/schemas/tables/mc/tenant.js +1 -1
  74. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  75. package/dist/sdk-tools.contract.js +4 -4
  76. package/dist/sdk-tools.contract.js.map +1 -1
  77. package/dist/tool-contracts.js +4 -4
  78. package/dist/tool-contracts.js.map +1 -1
  79. package/package.json +1 -1
@@ -223,6 +223,7 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
223
223
  "LUCERN_KERNEL_NPM_TOKEN",
224
224
  "LUCERN_KERNEL_SCOPE_REGISTRY",
225
225
  "LUCERN_KERNEL_SKIP_CONVEX",
226
+ "LUCERN_KEY",
226
227
  "LUCERN_LOGIN_BASE_URL",
227
228
  "LUCERN_MCP_ALLOW_API_KEY_PASSTHROUGH",
228
229
  "LUCERN_MCP_DEBUG",
@@ -479,6 +480,7 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
479
480
  "LUCERN_KERNEL_NPM_TOKEN",
480
481
  "LUCERN_KERNEL_SCOPE_REGISTRY",
481
482
  "LUCERN_KERNEL_SKIP_CONVEX",
483
+ "LUCERN_KEY",
482
484
  "LUCERN_LOGIN_BASE_URL",
483
485
  "LUCERN_MCP_ALLOW_API_KEY_PASSTHROUGH",
484
486
  "LUCERN_MCP_DEBUG",
@@ -2572,13 +2574,15 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
2572
2574
  "description": "stack/frontend: Tenant-owned Linear API key for support/slash-command flows. stack/stackos: Tenant-owned Linear API key for support/slash-command flows."
2573
2575
  },
2574
2576
  "LUCERN_API_KEY": {
2575
- "secretId": "tenant.stack-frontend.lucern.gateway-api-key",
2577
+ "secretId": "platform.operator.api-key",
2576
2578
  "canonicalName": "LUCERN_API_KEY",
2577
2579
  "envNames": [
2578
2580
  "LUCERN_API_KEY",
2581
+ "LUCERN_KEY",
2579
2582
  "STACK_API_KEY"
2580
2583
  ],
2581
2584
  "aliases": [
2585
+ "LUCERN_KEY",
2582
2586
  "STACK_API_KEY"
2583
2587
  ],
2584
2588
  "writeNames": [
@@ -2587,13 +2591,38 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
2587
2591
  "required": false,
2588
2592
  "secret": true,
2589
2593
  "public": false,
2590
- "sourcePath": "/tenants/stack",
2594
+ "sourcePath": "/platform/runtime",
2591
2595
  "environmentPolicy": "environment_specific",
2592
2596
  "consumers": [
2597
+ "lucern-cli",
2598
+ "lucern-mcp",
2599
+ "lucern-repo-ci",
2600
+ "lucern-sdk",
2593
2601
  "tenant-agent-runtime",
2594
2602
  "tenant-vercel-app"
2595
2603
  ],
2596
2604
  "destinations": [
2605
+ {
2606
+ "kind": "runtime_fetch",
2607
+ "target": "lucern-cli-mcp-sdk",
2608
+ "writeNames": [
2609
+ "LUCERN_API_KEY"
2610
+ ]
2611
+ },
2612
+ {
2613
+ "kind": "operator_local",
2614
+ "target": "lucern-repo",
2615
+ "writeNames": [
2616
+ "LUCERN_API_KEY"
2617
+ ]
2618
+ },
2619
+ {
2620
+ "kind": "github_actions",
2621
+ "target": "LucernAI/lucern",
2622
+ "writeNames": [
2623
+ "LUCERN_API_KEY"
2624
+ ]
2625
+ },
2597
2626
  {
2598
2627
  "kind": "vercel",
2599
2628
  "target": "ai-chatbot-diao",
@@ -2637,7 +2666,7 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
2637
2666
  ]
2638
2667
  }
2639
2668
  ],
2640
- "description": "stack/frontend: Tenant-scoped Lucern/MC gateway API key for product front-door calls. stack/stackos: Tenant-scoped Lucern/MC gateway API key for product front-door calls."
2669
+ "description": "Lucern-owned operator API key for trusted CLI/MCP/CI calls. Source it from /platform/runtime; do not persist it into local user credential files. stack/frontend: Tenant-scoped Lucern/MC gateway API key for product front-door calls. stack/stackos: Tenant-scoped Lucern/MC gateway API key for product front-door calls. Lucern-owned operator API key for gateway calls from trusted local tooling. Lucern-owned operator API key for gateway calls from trusted local tooling. Lucern-owned operator API key for gateway calls from trusted local tooling."
2641
2670
  },
2642
2671
  "LUCERN_API_URL": {
2643
2672
  "secretId": "platform.runtime.api-base-url",
@@ -6116,6 +6145,7 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
6116
6145
  "LANGFUSE_SECRET_KEY": "LANGFUSE_SECRET_KEY",
6117
6146
  "LINEAR_API_KEY": "LINEAR_API_KEY",
6118
6147
  "LUCERN_API_KEY": "LUCERN_API_KEY",
6148
+ "LUCERN_KEY": "LUCERN_API_KEY",
6119
6149
  "STACK_API_KEY": "LUCERN_API_KEY",
6120
6150
  "LUCERN_API_BASE_URL": "LUCERN_BASE_URL",
6121
6151
  "LUCERN_API_URL": "LUCERN_API_URL",
@@ -7851,9 +7881,33 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
7851
7881
  "consumer": "server-side SDK operator contexts with a scoped Infisical identity",
7852
7882
  "description": "SDK exposes the runtime Infisical resolver used by clients that have machine identity credentials.",
7853
7883
  "sourcePathIds": [
7854
- "platform-runtime"
7884
+ "platform-runtime",
7885
+ "platform-operator-credentials"
7855
7886
  ],
7856
7887
  "variables": [
7888
+ {
7889
+ "canonicalName": "LUCERN_API_KEY",
7890
+ "envNames": [
7891
+ "LUCERN_API_KEY",
7892
+ "LUCERN_KEY"
7893
+ ],
7894
+ "aliases": [
7895
+ "LUCERN_KEY"
7896
+ ],
7897
+ "writeNames": [
7898
+ "LUCERN_API_KEY"
7899
+ ],
7900
+ "required": false,
7901
+ "secret": true,
7902
+ "public": false,
7903
+ "sourcePath": "/platform/runtime",
7904
+ "environmentPolicy": "environment_specific",
7905
+ "consumers": [
7906
+ "lucern-sdk"
7907
+ ],
7908
+ "destinations": [],
7909
+ "description": "Lucern-owned operator API key for gateway calls from trusted local tooling."
7910
+ },
7857
7911
  {
7858
7912
  "canonicalName": "LUCERN_API_URL",
7859
7913
  "envNames": [
@@ -7954,9 +8008,57 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
7954
8008
  "consumer": "developer/operator CLI processes",
7955
8009
  "description": "CLI hydrates runtime defaults from Infisical when configured, then authenticates users through Lucern device login.",
7956
8010
  "sourcePathIds": [
7957
- "platform-runtime"
8011
+ "platform-runtime",
8012
+ "platform-operator-credentials"
7958
8013
  ],
7959
8014
  "variables": [
8015
+ {
8016
+ "canonicalName": "LUCERN_API_KEY",
8017
+ "envNames": [
8018
+ "LUCERN_API_KEY",
8019
+ "LUCERN_KEY"
8020
+ ],
8021
+ "aliases": [
8022
+ "LUCERN_KEY"
8023
+ ],
8024
+ "writeNames": [
8025
+ "LUCERN_API_KEY"
8026
+ ],
8027
+ "required": false,
8028
+ "secret": true,
8029
+ "public": false,
8030
+ "sourcePath": "/platform/runtime",
8031
+ "environmentPolicy": "environment_specific",
8032
+ "consumers": [
8033
+ "lucern-cli",
8034
+ "lucern-mcp",
8035
+ "lucern-repo-ci"
8036
+ ],
8037
+ "destinations": [
8038
+ {
8039
+ "kind": "runtime_fetch",
8040
+ "target": "lucern-cli-mcp-sdk",
8041
+ "writeNames": [
8042
+ "LUCERN_API_KEY"
8043
+ ]
8044
+ },
8045
+ {
8046
+ "kind": "operator_local",
8047
+ "target": "lucern-repo",
8048
+ "writeNames": [
8049
+ "LUCERN_API_KEY"
8050
+ ]
8051
+ },
8052
+ {
8053
+ "kind": "github_actions",
8054
+ "target": "LucernAI/lucern",
8055
+ "writeNames": [
8056
+ "LUCERN_API_KEY"
8057
+ ]
8058
+ }
8059
+ ],
8060
+ "description": "Lucern-owned operator API key for gateway calls from trusted local tooling. Lucern-owned operator API key for trusted CLI/MCP/CI calls. Source it from /platform/runtime; do not persist it into local user credential files."
8061
+ },
7960
8062
  {
7961
8063
  "canonicalName": "LUCERN_API_URL",
7962
8064
  "envNames": [
@@ -8295,7 +8397,8 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
8295
8397
  "consumer": "MCP server/client processes",
8296
8398
  "description": "MCP hydrates runtime defaults through the SDK resolver and remains a Lucern client, not a platform secret owner.",
8297
8399
  "sourcePathIds": [
8298
- "platform-runtime"
8400
+ "platform-runtime",
8401
+ "platform-operator-credentials"
8299
8402
  ],
8300
8403
  "variables": [
8301
8404
  {
@@ -8383,6 +8486,53 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
8383
8486
  ],
8384
8487
  "description": "Lucern-owned Clerk backend secret. Never route to tenant-owned apps unless that tenant is Lucern itself."
8385
8488
  },
8489
+ {
8490
+ "canonicalName": "LUCERN_API_KEY",
8491
+ "envNames": [
8492
+ "LUCERN_API_KEY",
8493
+ "LUCERN_KEY"
8494
+ ],
8495
+ "aliases": [
8496
+ "LUCERN_KEY"
8497
+ ],
8498
+ "writeNames": [
8499
+ "LUCERN_API_KEY"
8500
+ ],
8501
+ "required": false,
8502
+ "secret": true,
8503
+ "public": false,
8504
+ "sourcePath": "/platform/runtime",
8505
+ "environmentPolicy": "environment_specific",
8506
+ "consumers": [
8507
+ "lucern-cli",
8508
+ "lucern-mcp",
8509
+ "lucern-repo-ci"
8510
+ ],
8511
+ "destinations": [
8512
+ {
8513
+ "kind": "runtime_fetch",
8514
+ "target": "lucern-cli-mcp-sdk",
8515
+ "writeNames": [
8516
+ "LUCERN_API_KEY"
8517
+ ]
8518
+ },
8519
+ {
8520
+ "kind": "operator_local",
8521
+ "target": "lucern-repo",
8522
+ "writeNames": [
8523
+ "LUCERN_API_KEY"
8524
+ ]
8525
+ },
8526
+ {
8527
+ "kind": "github_actions",
8528
+ "target": "LucernAI/lucern",
8529
+ "writeNames": [
8530
+ "LUCERN_API_KEY"
8531
+ ]
8532
+ }
8533
+ ],
8534
+ "description": "Lucern-owned operator API key for gateway calls from trusted local tooling. Lucern-owned operator API key for trusted CLI/MCP/CI calls. Source it from /platform/runtime; do not persist it into local user credential files."
8535
+ },
8386
8536
  {
8387
8537
  "canonicalName": "LUCERN_API_URL",
8388
8538
  "envNames": [
@@ -14104,6 +14254,54 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
14104
14254
  ],
14105
14255
  "description": "Lucern-owned Langfuse secret key for prompt sync, prompt reads, and AI tracing."
14106
14256
  },
14257
+ {
14258
+ "secretId": "platform.operator.api-key",
14259
+ "canonicalName": "LUCERN_API_KEY",
14260
+ "envNames": [
14261
+ "LUCERN_API_KEY",
14262
+ "LUCERN_KEY"
14263
+ ],
14264
+ "aliases": [
14265
+ "LUCERN_KEY"
14266
+ ],
14267
+ "writeNames": [
14268
+ "LUCERN_API_KEY"
14269
+ ],
14270
+ "required": false,
14271
+ "secret": true,
14272
+ "public": false,
14273
+ "sourcePath": "/platform/runtime",
14274
+ "environmentPolicy": "environment_specific",
14275
+ "consumers": [
14276
+ "lucern-cli",
14277
+ "lucern-mcp",
14278
+ "lucern-repo-ci"
14279
+ ],
14280
+ "destinations": [
14281
+ {
14282
+ "kind": "runtime_fetch",
14283
+ "target": "lucern-cli-mcp-sdk",
14284
+ "writeNames": [
14285
+ "LUCERN_API_KEY"
14286
+ ]
14287
+ },
14288
+ {
14289
+ "kind": "operator_local",
14290
+ "target": "lucern-repo",
14291
+ "writeNames": [
14292
+ "LUCERN_API_KEY"
14293
+ ]
14294
+ },
14295
+ {
14296
+ "kind": "github_actions",
14297
+ "target": "LucernAI/lucern",
14298
+ "writeNames": [
14299
+ "LUCERN_API_KEY"
14300
+ ]
14301
+ }
14302
+ ],
14303
+ "description": "Lucern-owned operator API key for trusted CLI/MCP/CI calls. Source it from /platform/runtime; do not persist it into local user credential files."
14304
+ },
14107
14305
  {
14108
14306
  "secretId": "platform.gateway.mode",
14109
14307
  "canonicalName": "LUCERN_GATEWAY_MODE",
@@ -18745,6 +18943,54 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
18745
18943
  ],
18746
18944
  "description": "Operator-only Infisical CLI/API location knobs. Machine credentials are handled by the bootstrap contract."
18747
18945
  },
18946
+ {
18947
+ "secretId": "platform.operator.api-key",
18948
+ "canonicalName": "LUCERN_API_KEY",
18949
+ "envNames": [
18950
+ "LUCERN_API_KEY",
18951
+ "LUCERN_KEY"
18952
+ ],
18953
+ "aliases": [
18954
+ "LUCERN_KEY"
18955
+ ],
18956
+ "writeNames": [
18957
+ "LUCERN_API_KEY"
18958
+ ],
18959
+ "required": false,
18960
+ "secret": true,
18961
+ "public": false,
18962
+ "sourcePath": "/platform/runtime",
18963
+ "environmentPolicy": "environment_specific",
18964
+ "consumers": [
18965
+ "lucern-cli",
18966
+ "lucern-mcp",
18967
+ "lucern-repo-ci"
18968
+ ],
18969
+ "destinations": [
18970
+ {
18971
+ "kind": "runtime_fetch",
18972
+ "target": "lucern-cli-mcp-sdk",
18973
+ "writeNames": [
18974
+ "LUCERN_API_KEY"
18975
+ ]
18976
+ },
18977
+ {
18978
+ "kind": "operator_local",
18979
+ "target": "lucern-repo",
18980
+ "writeNames": [
18981
+ "LUCERN_API_KEY"
18982
+ ]
18983
+ },
18984
+ {
18985
+ "kind": "github_actions",
18986
+ "target": "LucernAI/lucern",
18987
+ "writeNames": [
18988
+ "LUCERN_API_KEY"
18989
+ ]
18990
+ }
18991
+ ],
18992
+ "description": "Lucern-owned operator API key for trusted CLI/MCP/CI calls. Source it from /platform/runtime; do not persist it into local user credential files."
18993
+ },
18748
18994
  {
18749
18995
  "secretId": "platform.convex-deploy.local-names",
18750
18996
  "canonicalName": "LUCERN_CONVEX_DEPLOYMENT_NAME",
@@ -20015,6 +20261,54 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
20015
20261
  }
20016
20262
  ],
20017
20263
  "runtime_fetch:lucern-cli-mcp-sdk": [
20264
+ {
20265
+ "secretId": "platform.operator.api-key",
20266
+ "canonicalName": "LUCERN_API_KEY",
20267
+ "envNames": [
20268
+ "LUCERN_API_KEY",
20269
+ "LUCERN_KEY"
20270
+ ],
20271
+ "aliases": [
20272
+ "LUCERN_KEY"
20273
+ ],
20274
+ "writeNames": [
20275
+ "LUCERN_API_KEY"
20276
+ ],
20277
+ "required": false,
20278
+ "secret": true,
20279
+ "public": false,
20280
+ "sourcePath": "/platform/runtime",
20281
+ "environmentPolicy": "environment_specific",
20282
+ "consumers": [
20283
+ "lucern-cli",
20284
+ "lucern-mcp",
20285
+ "lucern-repo-ci"
20286
+ ],
20287
+ "destinations": [
20288
+ {
20289
+ "kind": "runtime_fetch",
20290
+ "target": "lucern-cli-mcp-sdk",
20291
+ "writeNames": [
20292
+ "LUCERN_API_KEY"
20293
+ ]
20294
+ },
20295
+ {
20296
+ "kind": "operator_local",
20297
+ "target": "lucern-repo",
20298
+ "writeNames": [
20299
+ "LUCERN_API_KEY"
20300
+ ]
20301
+ },
20302
+ {
20303
+ "kind": "github_actions",
20304
+ "target": "LucernAI/lucern",
20305
+ "writeNames": [
20306
+ "LUCERN_API_KEY"
20307
+ ]
20308
+ }
20309
+ ],
20310
+ "description": "Lucern-owned operator API key for trusted CLI/MCP/CI calls. Source it from /platform/runtime; do not persist it into local user credential files."
20311
+ },
20018
20312
  {
20019
20313
  "secretId": "platform.runtime.api-base-url",
20020
20314
  "canonicalName": "LUCERN_API_URL",