@lucern/contracts 0.3.0-alpha.16 → 0.3.0-alpha.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +3 -0
- package/dist/auth-context.contract.js +1 -1
- package/dist/auth-context.contract.js.map +1 -1
- package/dist/auth-session.contract.js +1 -1
- package/dist/auth-session.contract.js.map +1 -1
- package/dist/auth.contract.js +1 -1
- package/dist/auth.contract.js.map +1 -1
- package/dist/function-registry/beliefs.js +4 -4
- package/dist/function-registry/beliefs.js.map +1 -1
- package/dist/function-registry/coding.js +4 -4
- package/dist/function-registry/coding.js.map +1 -1
- package/dist/function-registry/context.js +4 -4
- package/dist/function-registry/context.js.map +1 -1
- package/dist/function-registry/contracts.js +4 -4
- package/dist/function-registry/contracts.js.map +1 -1
- package/dist/function-registry/coordination.js +4 -4
- package/dist/function-registry/coordination.js.map +1 -1
- package/dist/function-registry/edges.js +4 -4
- package/dist/function-registry/edges.js.map +1 -1
- package/dist/function-registry/evidence.js +4 -4
- package/dist/function-registry/evidence.js.map +1 -1
- package/dist/function-registry/graph.js +4 -4
- package/dist/function-registry/graph.js.map +1 -1
- package/dist/function-registry/helpers.js +4 -4
- package/dist/function-registry/helpers.js.map +1 -1
- package/dist/function-registry/identity.js +4 -4
- package/dist/function-registry/identity.js.map +1 -1
- package/dist/function-registry/index.js +4 -4
- package/dist/function-registry/index.js.map +1 -1
- package/dist/function-registry/judgments.js +4 -4
- package/dist/function-registry/judgments.js.map +1 -1
- package/dist/function-registry/legacy.js +4 -4
- package/dist/function-registry/legacy.js.map +1 -1
- package/dist/function-registry/lenses.js +4 -4
- package/dist/function-registry/lenses.js.map +1 -1
- package/dist/function-registry/nodes.js +4 -4
- package/dist/function-registry/nodes.js.map +1 -1
- package/dist/function-registry/ontologies.js +4 -4
- package/dist/function-registry/ontologies.js.map +1 -1
- package/dist/function-registry/pipeline.js +4 -4
- package/dist/function-registry/pipeline.js.map +1 -1
- package/dist/function-registry/questions.js +4 -4
- package/dist/function-registry/questions.js.map +1 -1
- package/dist/function-registry/tasks.js +4 -4
- package/dist/function-registry/tasks.js.map +1 -1
- package/dist/function-registry/topics.js +4 -4
- package/dist/function-registry/topics.js.map +1 -1
- package/dist/function-registry/worktrees.js +20 -4
- package/dist/function-registry/worktrees.js.map +1 -1
- package/dist/gateway.contract.d.ts +1 -0
- package/dist/gateway.contract.js.map +1 -1
- package/dist/generated/convexSchemas.js +1 -1
- package/dist/generated/convexSchemas.js.map +1 -1
- package/dist/generated/infisicalRuntimeEnv.js +300 -6
- package/dist/generated/infisicalRuntimeEnv.js.map +1 -1
- package/dist/index.js +363 -16
- package/dist/index.js.map +1 -1
- package/dist/infisical-runtime.contract.d.ts +41 -3
- package/dist/infisical-runtime.contract.js +49 -3
- package/dist/infisical-runtime.contract.js.map +1 -1
- package/dist/manifests/infisical-runtime-manifest.d.ts +41 -3
- package/dist/manifests/infisical-runtime-manifest.js +49 -3
- package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
- package/dist/permit-principal-projection.contract.js +8 -1
- package/dist/permit-principal-projection.contract.js.map +1 -1
- package/dist/proof-attestation.json +1 -1
- package/dist/schemas/index.js +1 -1
- package/dist/schemas/index.js.map +1 -1
- package/dist/schemas/manifest.d.ts +5 -5
- package/dist/schemas/manifest.js +1 -1
- package/dist/schemas/manifest.js.map +1 -1
- package/dist/schemas/tables/mc/tenant.d.ts +1 -1
- package/dist/schemas/tables/mc/tenant.js +1 -1
- package/dist/schemas/tables/mc/tenant.js.map +1 -1
- package/dist/sdk-tools.contract.js +4 -4
- package/dist/sdk-tools.contract.js.map +1 -1
- package/dist/tool-contracts.js +4 -4
- package/dist/tool-contracts.js.map +1 -1
- package/package.json +1 -1
|
@@ -216,6 +216,18 @@ declare const INFISICAL_RUNTIME_PATHS: readonly [{
|
|
|
216
216
|
readonly public: false;
|
|
217
217
|
readonly description: "Optional web-issued CLI login session lifetime override in milliseconds.";
|
|
218
218
|
}];
|
|
219
|
+
}, {
|
|
220
|
+
readonly id: "platform-operator-credentials";
|
|
221
|
+
readonly secretPath: "/platform/runtime";
|
|
222
|
+
readonly description: "Lucern-owned operator credential material for local CLI, MCP, and SDK sessions.";
|
|
223
|
+
readonly variables: readonly [{
|
|
224
|
+
readonly name: "LUCERN_API_KEY";
|
|
225
|
+
readonly required: false;
|
|
226
|
+
readonly secret: true;
|
|
227
|
+
readonly public: false;
|
|
228
|
+
readonly aliases: readonly ["LUCERN_KEY"];
|
|
229
|
+
readonly description: "Lucern-owned operator API key for gateway calls from trusted local tooling.";
|
|
230
|
+
}];
|
|
219
231
|
}, {
|
|
220
232
|
readonly id: "tenant-shared-install";
|
|
221
233
|
readonly secretPath: "tenants/shared";
|
|
@@ -256,7 +268,7 @@ declare const INFISICAL_RUNTIME_SURFACES: readonly [{
|
|
|
256
268
|
readonly id: "lucern-sdk";
|
|
257
269
|
readonly packageName: "@lucern/sdk";
|
|
258
270
|
readonly delivery: "runtime_fetch";
|
|
259
|
-
readonly sourcePathIds: readonly ["platform-runtime"];
|
|
271
|
+
readonly sourcePathIds: readonly ["platform-runtime", "platform-operator-credentials"];
|
|
260
272
|
readonly consumer: "server-side SDK operator contexts with a scoped Infisical identity";
|
|
261
273
|
readonly description: "SDK exposes the runtime Infisical resolver used by clients that have machine identity credentials.";
|
|
262
274
|
}, {
|
|
@@ -264,7 +276,7 @@ declare const INFISICAL_RUNTIME_SURFACES: readonly [{
|
|
|
264
276
|
readonly packageName: "@lucern/cli";
|
|
265
277
|
readonly delivery: "runtime_fetch";
|
|
266
278
|
readonly fallback: "device_auth";
|
|
267
|
-
readonly sourcePathIds: readonly ["platform-runtime"];
|
|
279
|
+
readonly sourcePathIds: readonly ["platform-runtime", "platform-operator-credentials"];
|
|
268
280
|
readonly consumer: "developer/operator CLI processes";
|
|
269
281
|
readonly description: "CLI hydrates runtime defaults from Infisical when configured, then authenticates users through Lucern device login.";
|
|
270
282
|
}, {
|
|
@@ -272,7 +284,7 @@ declare const INFISICAL_RUNTIME_SURFACES: readonly [{
|
|
|
272
284
|
readonly packageName: "@lucern/mcp";
|
|
273
285
|
readonly delivery: "runtime_fetch";
|
|
274
286
|
readonly fallback: "device_auth";
|
|
275
|
-
readonly sourcePathIds: readonly ["platform-runtime"];
|
|
287
|
+
readonly sourcePathIds: readonly ["platform-runtime", "platform-operator-credentials"];
|
|
276
288
|
readonly consumer: "MCP server/client processes";
|
|
277
289
|
readonly description: "MCP hydrates runtime defaults through the SDK resolver and remains a Lucern client, not a platform secret owner.";
|
|
278
290
|
}, {
|
|
@@ -1565,6 +1577,32 @@ declare const INFISICAL_SECRET_DEFINITIONS: readonly [{
|
|
|
1565
1577
|
readonly environmentPolicy: "environment_specific";
|
|
1566
1578
|
}];
|
|
1567
1579
|
readonly description: "Local/hosted MCP auth token material. Tenant apps must use MC/API-key sessions instead.";
|
|
1580
|
+
}, {
|
|
1581
|
+
readonly id: "platform.operator.api-key";
|
|
1582
|
+
readonly canonicalName: "LUCERN_API_KEY";
|
|
1583
|
+
readonly aliases: readonly ["LUCERN_KEY"];
|
|
1584
|
+
readonly owner: "lucern_platform";
|
|
1585
|
+
readonly scope: "environment";
|
|
1586
|
+
readonly sourcePath: "/platform/runtime";
|
|
1587
|
+
readonly environmentPolicy: "environment_specific";
|
|
1588
|
+
readonly required: false;
|
|
1589
|
+
readonly secret: true;
|
|
1590
|
+
readonly public: false;
|
|
1591
|
+
readonly consumers: readonly ["lucern-cli", "lucern-mcp", "lucern-repo-ci"];
|
|
1592
|
+
readonly destinations: readonly [{
|
|
1593
|
+
readonly kind: "runtime_fetch";
|
|
1594
|
+
readonly target: "lucern-cli-mcp-sdk";
|
|
1595
|
+
readonly environmentPolicy: "environment_specific";
|
|
1596
|
+
}, {
|
|
1597
|
+
readonly kind: "operator_local";
|
|
1598
|
+
readonly target: "lucern-repo";
|
|
1599
|
+
readonly environmentPolicy: "environment_specific";
|
|
1600
|
+
}, {
|
|
1601
|
+
readonly kind: "github_actions";
|
|
1602
|
+
readonly target: "LucernAI/lucern";
|
|
1603
|
+
readonly environmentPolicy: "environment_specific";
|
|
1604
|
+
}];
|
|
1605
|
+
readonly description: "Lucern-owned operator API key for trusted CLI/MCP/CI calls. Source it from /platform/runtime; do not persist it into local user credential files.";
|
|
1568
1606
|
}, {
|
|
1569
1607
|
readonly id: "platform.graph-sync.proxy";
|
|
1570
1608
|
readonly canonicalName: "LUCERN_GRAPH_SYNC_QUERY_BASE_URL";
|
|
@@ -371,6 +371,21 @@ var INFISICAL_RUNTIME_PATHS = [
|
|
|
371
371
|
}
|
|
372
372
|
]
|
|
373
373
|
},
|
|
374
|
+
{
|
|
375
|
+
id: "platform-operator-credentials",
|
|
376
|
+
secretPath: "/platform/runtime",
|
|
377
|
+
description: "Lucern-owned operator credential material for local CLI, MCP, and SDK sessions.",
|
|
378
|
+
variables: [
|
|
379
|
+
{
|
|
380
|
+
name: "LUCERN_API_KEY",
|
|
381
|
+
required: false,
|
|
382
|
+
secret: true,
|
|
383
|
+
public: false,
|
|
384
|
+
aliases: ["LUCERN_KEY"],
|
|
385
|
+
description: "Lucern-owned operator API key for gateway calls from trusted local tooling."
|
|
386
|
+
}
|
|
387
|
+
]
|
|
388
|
+
},
|
|
374
389
|
{
|
|
375
390
|
id: "tenant-shared-install",
|
|
376
391
|
secretPath: TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH,
|
|
@@ -406,7 +421,7 @@ var INFISICAL_RUNTIME_SURFACES = [
|
|
|
406
421
|
id: "lucern-sdk",
|
|
407
422
|
packageName: "@lucern/sdk",
|
|
408
423
|
delivery: "runtime_fetch",
|
|
409
|
-
sourcePathIds: ["platform-runtime"],
|
|
424
|
+
sourcePathIds: ["platform-runtime", "platform-operator-credentials"],
|
|
410
425
|
consumer: "server-side SDK operator contexts with a scoped Infisical identity",
|
|
411
426
|
description: "SDK exposes the runtime Infisical resolver used by clients that have machine identity credentials."
|
|
412
427
|
},
|
|
@@ -415,7 +430,7 @@ var INFISICAL_RUNTIME_SURFACES = [
|
|
|
415
430
|
packageName: "@lucern/cli",
|
|
416
431
|
delivery: "runtime_fetch",
|
|
417
432
|
fallback: "device_auth",
|
|
418
|
-
sourcePathIds: ["platform-runtime"],
|
|
433
|
+
sourcePathIds: ["platform-runtime", "platform-operator-credentials"],
|
|
419
434
|
consumer: "developer/operator CLI processes",
|
|
420
435
|
description: "CLI hydrates runtime defaults from Infisical when configured, then authenticates users through Lucern device login."
|
|
421
436
|
},
|
|
@@ -424,7 +439,7 @@ var INFISICAL_RUNTIME_SURFACES = [
|
|
|
424
439
|
packageName: "@lucern/mcp",
|
|
425
440
|
delivery: "runtime_fetch",
|
|
426
441
|
fallback: "device_auth",
|
|
427
|
-
sourcePathIds: ["platform-runtime"],
|
|
442
|
+
sourcePathIds: ["platform-runtime", "platform-operator-credentials"],
|
|
428
443
|
consumer: "MCP server/client processes",
|
|
429
444
|
description: "MCP hydrates runtime defaults through the SDK resolver and remains a Lucern client, not a platform secret owner."
|
|
430
445
|
},
|
|
@@ -2005,6 +2020,37 @@ var PLATFORM_LOCAL_OPERATOR_CONFIG_SECRET_DEFINITIONS = [
|
|
|
2005
2020
|
],
|
|
2006
2021
|
description: "Local/hosted MCP auth token material. Tenant apps must use MC/API-key sessions instead."
|
|
2007
2022
|
},
|
|
2023
|
+
{
|
|
2024
|
+
id: "platform.operator.api-key",
|
|
2025
|
+
canonicalName: "LUCERN_API_KEY",
|
|
2026
|
+
aliases: ["LUCERN_KEY"],
|
|
2027
|
+
owner: "lucern_platform",
|
|
2028
|
+
scope: "environment",
|
|
2029
|
+
sourcePath: "/platform/runtime",
|
|
2030
|
+
environmentPolicy: "environment_specific",
|
|
2031
|
+
required: false,
|
|
2032
|
+
secret: true,
|
|
2033
|
+
public: false,
|
|
2034
|
+
consumers: ["lucern-cli", "lucern-mcp", "lucern-repo-ci"],
|
|
2035
|
+
destinations: [
|
|
2036
|
+
{
|
|
2037
|
+
kind: "runtime_fetch",
|
|
2038
|
+
target: "lucern-cli-mcp-sdk",
|
|
2039
|
+
environmentPolicy: "environment_specific"
|
|
2040
|
+
},
|
|
2041
|
+
{
|
|
2042
|
+
kind: "operator_local",
|
|
2043
|
+
target: "lucern-repo",
|
|
2044
|
+
environmentPolicy: "environment_specific"
|
|
2045
|
+
},
|
|
2046
|
+
{
|
|
2047
|
+
kind: "github_actions",
|
|
2048
|
+
target: "LucernAI/lucern",
|
|
2049
|
+
environmentPolicy: "environment_specific"
|
|
2050
|
+
}
|
|
2051
|
+
],
|
|
2052
|
+
description: "Lucern-owned operator API key for trusted CLI/MCP/CI calls. Source it from /platform/runtime; do not persist it into local user credential files."
|
|
2053
|
+
},
|
|
2008
2054
|
{
|
|
2009
2055
|
id: "platform.graph-sync.proxy",
|
|
2010
2056
|
canonicalName: "LUCERN_GRAPH_SYNC_QUERY_BASE_URL",
|