@lucern/contracts 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -1
- package/dist/dsl.d.ts +75 -4
- package/dist/dsl.values-rhsroqi0.d.ts +21 -0
- package/dist/dsl.values.d.ts +5 -0
- package/dist/dsl.values.js +675 -0
- package/dist/dsl.values.js.map +1 -0
- package/dist/function-registry/beliefs.d.ts +1 -17
- package/dist/function-registry/beliefs.js +155 -117
- package/dist/function-registry/beliefs.js.map +1 -1
- package/dist/function-registry/coding.d.ts +1 -17
- package/dist/function-registry/coding.js +155 -117
- package/dist/function-registry/coding.js.map +1 -1
- package/dist/function-registry/context.d.ts +1 -17
- package/dist/function-registry/context.js +155 -117
- package/dist/function-registry/context.js.map +1 -1
- package/dist/function-registry/contracts.d.ts +1 -17
- package/dist/function-registry/contracts.js +155 -117
- package/dist/function-registry/contracts.js.map +1 -1
- package/dist/function-registry/coordination.d.ts +1 -17
- package/dist/function-registry/coordination.js +155 -117
- package/dist/function-registry/coordination.js.map +1 -1
- package/dist/function-registry/edges.d.ts +1 -17
- package/dist/function-registry/edges.js +155 -117
- package/dist/function-registry/edges.js.map +1 -1
- package/dist/function-registry/evidence.d.ts +1 -17
- package/dist/function-registry/evidence.js +155 -117
- package/dist/function-registry/evidence.js.map +1 -1
- package/dist/function-registry/graph.d.ts +1 -17
- package/dist/function-registry/graph.js +155 -117
- package/dist/function-registry/graph.js.map +1 -1
- package/dist/function-registry/helpers.d.ts +1 -1
- package/dist/function-registry/helpers.js +155 -117
- package/dist/function-registry/helpers.js.map +1 -1
- package/dist/function-registry/identity.d.ts +1 -17
- package/dist/function-registry/identity.js +155 -117
- package/dist/function-registry/identity.js.map +1 -1
- package/dist/function-registry/index.d.ts +1 -1
- package/dist/function-registry/index.js +158 -118
- package/dist/function-registry/index.js.map +1 -1
- package/dist/function-registry/judgments.d.ts +1 -17
- package/dist/function-registry/judgments.js +155 -117
- package/dist/function-registry/judgments.js.map +1 -1
- package/dist/function-registry/legacy.d.ts +1 -17
- package/dist/function-registry/legacy.js +155 -117
- package/dist/function-registry/legacy.js.map +1 -1
- package/dist/function-registry/lenses.d.ts +1 -17
- package/dist/function-registry/lenses.js +155 -117
- package/dist/function-registry/lenses.js.map +1 -1
- package/dist/function-registry/manifest.d.ts +3 -3
- package/dist/function-registry/manifest.js +1 -0
- package/dist/function-registry/manifest.js.map +1 -1
- package/dist/function-registry/nodes.d.ts +1 -17
- package/dist/function-registry/nodes.js +155 -117
- package/dist/function-registry/nodes.js.map +1 -1
- package/dist/function-registry/ontologies.d.ts +1 -17
- package/dist/function-registry/ontologies.js +155 -117
- package/dist/function-registry/ontologies.js.map +1 -1
- package/dist/function-registry/pipeline.d.ts +1 -17
- package/dist/function-registry/pipeline.js +155 -117
- package/dist/function-registry/pipeline.js.map +1 -1
- package/dist/function-registry/questions.d.ts +1 -17
- package/dist/function-registry/questions.js +155 -117
- package/dist/function-registry/questions.js.map +1 -1
- package/dist/function-registry/tasks.d.ts +1 -17
- package/dist/function-registry/tasks.js +155 -117
- package/dist/function-registry/tasks.js.map +1 -1
- package/dist/function-registry/topics.d.ts +1 -17
- package/dist/function-registry/topics.js +155 -117
- package/dist/function-registry/topics.js.map +1 -1
- package/dist/function-registry/types.d.ts +2 -2
- package/dist/function-registry/worktrees.d.ts +41 -17
- package/dist/function-registry/worktrees.js +174 -117
- package/dist/function-registry/worktrees.js.map +1 -1
- package/dist/generated/lucernWebPublicEnv.js.map +1 -1
- package/dist/generated/lucernWebServerEnv.js.map +1 -1
- package/dist/{idOf-DR8tkhQS.d.ts → idOf-BmkVDhD8.d.ts} +1 -1
- package/dist/index.d.ts +47 -8
- package/dist/index.js +45072 -45005
- package/dist/index.js.map +1 -1
- package/dist/infisical-runtime.base.d.ts +444 -0
- package/dist/infisical-runtime.base.js +640 -0
- package/dist/infisical-runtime.base.js.map +1 -0
- package/dist/infisical-runtime.contract.d.ts +9 -440
- package/dist/infisical-runtime.contract.js +14 -1
- package/dist/infisical-runtime.contract.js.map +1 -1
- package/dist/infisical-runtime.platform-ops-secrets.d.ts +743 -0
- package/dist/infisical-runtime.platform-ops-secrets.js +962 -0
- package/dist/infisical-runtime.platform-ops-secrets.js.map +1 -0
- package/dist/infisical-runtime.platform-secrets.d.ts +598 -0
- package/dist/infisical-runtime.platform-secrets.js +726 -0
- package/dist/infisical-runtime.platform-secrets.js.map +1 -0
- package/dist/infisical-runtime.tenant-secrets.d.ts +486 -0
- package/dist/infisical-runtime.tenant-secrets.js +1131 -0
- package/dist/infisical-runtime.tenant-secrets.js.map +1 -0
- package/dist/manifests/edge-policy-manifest.d.ts +1 -1
- package/dist/manifests/infisical-runtime-manifest.d.ts +1 -1
- package/dist/manifests/infisical-runtime-manifest.js +14 -1
- package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
- package/dist/manifests/tenant-client-manifest.d.ts +5 -1
- package/dist/manifests/tenant-client-manifest.js +5 -0
- package/dist/manifests/tenant-client-manifest.js.map +1 -1
- package/dist/proof-attestation.json +1 -1
- package/dist/schemas/index.d.ts +1 -1
- package/dist/schemas/index.js.map +1 -1
- package/dist/schemas/manifest.d.ts +61 -61
- package/dist/schemas/manifest.js.map +1 -1
- package/dist/schemas/tables/kernel/config.js.map +1 -1
- package/dist/schemas/tables/kernel/coordination.js.map +1 -1
- package/dist/schemas/tables/kernel/decision.d.ts +1 -1
- package/dist/schemas/tables/kernel/decision.js.map +1 -1
- package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
- package/dist/schemas/tables/kernel/embedding.js.map +1 -1
- package/dist/schemas/tables/kernel/epistemic.d.ts +1 -1
- package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
- package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
- package/dist/schemas/tables/kernel/infra.js.map +1 -1
- package/dist/schemas/tables/kernel/intelligence.d.ts +1 -1
- package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
- package/dist/schemas/tables/kernel/lens.d.ts +5 -5
- package/dist/schemas/tables/kernel/lens.js.map +1 -1
- package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
- package/dist/schemas/tables/kernel/ontology.js.map +1 -1
- package/dist/schemas/tables/kernel/platform.js.map +1 -1
- package/dist/schemas/tables/kernel/spine.d.ts +1 -1
- package/dist/schemas/tables/kernel/spine.js.map +1 -1
- package/dist/schemas/tables/kernel/task.d.ts +1 -1
- package/dist/schemas/tables/kernel/task.js.map +1 -1
- package/dist/schemas/tables/kernel/topic.d.ts +1 -1
- package/dist/schemas/tables/kernel/topic.js.map +1 -1
- package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
- package/dist/schemas/tables/kernel/workflow.js.map +1 -1
- package/dist/schemas/tables/kernel/worktree.d.ts +1 -1
- package/dist/schemas/tables/kernel/worktree.js.map +1 -1
- package/dist/schemas/tables/mc/identity.d.ts +1 -1
- package/dist/schemas/tables/mc/methodology.d.ts +1 -1
- package/dist/schemas/tables/mc/pack.d.ts +9 -9
- package/dist/schemas/tables/mc/policy.d.ts +1 -1
- package/dist/schemas/tables/mc/registry.d.ts +1 -1
- package/dist/schemas/tables/mc/runtime.d.ts +1 -1
- package/dist/schemas/tables/mc/tenant.d.ts +1 -1
- package/dist/schemas/tables/mc/workspace.d.ts +1 -1
- package/dist/schemas.values-5J5oIK7z.d.ts +26 -0
- package/dist/schemas.values.d.ts +7 -0
- package/dist/schemas.values.js +5324 -0
- package/dist/schemas.values.js.map +1 -0
- package/dist/sdk-tools.contract.analytics.d.ts +27 -0
- package/dist/sdk-tools.contract.analytics.js +616 -0
- package/dist/sdk-tools.contract.analytics.js.map +1 -0
- package/dist/sdk-tools.contract.d.ts +43 -2
- package/dist/sdk-tools.contract.graph.d.ts +11 -0
- package/dist/sdk-tools.contract.graph.js +156 -0
- package/dist/sdk-tools.contract.graph.js.map +1 -0
- package/dist/sdk-tools.contract.js +4107 -4062
- package/dist/sdk-tools.contract.js.map +1 -1
- package/dist/sdk-tools.contract.registry.d.ts +25 -0
- package/dist/sdk-tools.contract.registry.js +5504 -0
- package/dist/sdk-tools.contract.registry.js.map +1 -0
- package/dist/sdk-tools.contract.types.d.ts +15 -0
- package/dist/sdk-tools.contract.types.js +3 -0
- package/dist/sdk-tools.contract.types.js.map +1 -0
- package/dist/sdk-tools.contract.values-LuBh95zg.d.ts +58 -0
- package/dist/sdk-tools.contract.values.d.ts +7 -0
- package/dist/sdk-tools.contract.values.js +5581 -0
- package/dist/sdk-tools.contract.values.js.map +1 -0
- package/dist/sdk-tools.contract.workflow.d.ts +17 -0
- package/dist/sdk-tools.contract.workflow.js +287 -0
- package/dist/sdk-tools.contract.workflow.js.map +1 -0
- package/dist/tenant-client.contract.d.ts +5 -1
- package/dist/tenant-client.contract.js +5 -0
- package/dist/tenant-client.contract.js.map +1 -1
- package/dist/tool-contracts.d.ts +34 -1
- package/dist/tool-contracts.graph.d.ts +18 -0
- package/dist/tool-contracts.graph.js +378 -0
- package/dist/tool-contracts.graph.js.map +1 -0
- package/dist/tool-contracts.intelligence-evidence.d.ts +15 -0
- package/dist/tool-contracts.intelligence-evidence.js +303 -0
- package/dist/tool-contracts.intelligence-evidence.js.map +1 -0
- package/dist/tool-contracts.js +155 -118
- package/dist/tool-contracts.js.map +1 -1
- package/dist/tool-contracts.lifecycle.d.ts +13 -0
- package/dist/tool-contracts.lifecycle.js +410 -0
- package/dist/tool-contracts.lifecycle.js.map +1 -0
- package/dist/tool-contracts.nodes-lenses.d.ts +17 -0
- package/dist/tool-contracts.nodes-lenses.js +334 -0
- package/dist/tool-contracts.nodes-lenses.js.map +1 -0
- package/dist/tool-contracts.ontology.d.ts +16 -0
- package/dist/tool-contracts.ontology.js +344 -0
- package/dist/tool-contracts.ontology.js.map +1 -0
- package/dist/tool-contracts.pipeline-coordination.d.ts +25 -0
- package/dist/tool-contracts.pipeline-coordination.js +684 -0
- package/dist/tool-contracts.pipeline-coordination.js.map +1 -0
- package/dist/tool-contracts.policy-observation-task-topic.d.ts +25 -0
- package/dist/tool-contracts.policy-observation-task-topic.js +740 -0
- package/dist/tool-contracts.policy-observation-task-topic.js.map +1 -0
- package/dist/tool-contracts.questions-listing.d.ts +27 -0
- package/dist/tool-contracts.questions-listing.js +782 -0
- package/dist/tool-contracts.questions-listing.js.map +1 -0
- package/dist/tool-contracts.types.d.ts +34 -0
- package/dist/tool-contracts.types.js +3 -0
- package/dist/tool-contracts.types.js.map +1 -0
- package/dist/tool-contracts.values-DjctSW7S.d.ts +147 -0
- package/dist/tool-contracts.values.d.ts +11 -0
- package/dist/tool-contracts.values.js +4398 -0
- package/dist/tool-contracts.values.js.map +1 -0
- package/dist/tool-contracts.worktrees.d.ts +8 -0
- package/dist/tool-contracts.worktrees.js +280 -0
- package/dist/tool-contracts.worktrees.js.map +1 -0
- package/package.json +3 -11
- package/dist/dsl-DVPthQGY.d.ts +0 -110
- package/dist/index-CM1Pl_vI.d.ts +0 -28
- package/dist/sdk-tools.contract-CKmSsrZ2.d.ts +0 -146
- package/dist/tool-contracts-C_xvM9q2.d.ts +0 -326
- package/dist/{edge-policy-manifest-Dw5IhT1L.d.ts → edge-policy-manifest-4KOSP4nk.d.ts} +2 -2
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/tenant-client.contract.ts","../src/infisical-runtime.base.ts"],"names":[],"mappings":";AA8DO,IAAM,0CAAA,GACX,gBAAA;AAUK,IAAM,kCAAA,GAAqC;AAAA,EAChD;AAAA,IACE,WAAA,EAAa,wBAAA;AAAA,IACb,IAAA,EAAM,oBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,eAAA;AAAA,IACb,IAAA,EAAM,kBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,cAAA;AAAA,IACb,IAAA,EAAM,gBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,aAAA;AAAA,IACb,IAAA,EAAM,gBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,qBAAA;AAAA,IACb,IAAA,EAAM,gBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,oBAAA;AAAA,IACb,IAAA,EAAM,gBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,gBAAA;AAAA,IACb,IAAA,EAAM,eAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,mBAAA;AAAA,IACb,IAAA,EAAM,qBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,uBAAA;AAAA,IACb,IAAA,EAAM,mBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,uBAAA;AAAA,IACb,IAAA,EAAM,gBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,gBAAA;AAAA,IACb,IAAA,EAAM,gBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,0BAAA;AAAA,IACb,IAAA,EAAM,gBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,oBAAA;AAAA,IACb,IAAA,EAAM,oBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,aAAA;AAAA,IACb,IAAA,EAAM,oBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,mBAAA;AAAA,IACb,IAAA,EAAM,kBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,wBAAA;AAAA,IACb,IAAA,EAAM,gBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,wBAAA;AAAA,IACb,IAAA,EAAM,gBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,eAAA;AAAA,IACb,IAAA,EAAM,oBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,0BAAA;AAAA,IACb,IAAA,EAAM,mBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,aAAA;AAAA,IACb,IAAA,EAAM,oBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,iBAAA;AAAA,IACb,IAAA,EAAM,gBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,qBAAA;AAAA,IACb,IAAA,EAAM,kBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,iBAAA;AAAA,IACb,IAAA,EAAM,cAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,wBAAA;AAAA,IACb,IAAA,EAAM,gBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA,GACtB;AAAA,EACA;AAAA,IACE,WAAA,EAAa,eAAA;AAAA,IACb,IAAA,EAAM,qBAAA;AAAA,IACN,kBAAA,EAAoB;AAAA;AAExB,CAAA;AAyBE,kCAAA,CAAmC,GAAA;AAAA,EACjC,CAAC,UAAU,KAAA,CAAM;AACnB;;;ACrNK,IAAM,kCAAA,GAAqC;AAE3C,IAAM,iCAAA,GACX;AACK,IAAM,oCAAA,GACX;AAEK,IAAM,8BAAA,GAAiC;AAAA,EAC5C,KAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AAIO,IAAM,gCAAA,GAAmC;AAAA,EAC9C,aAAA;AAAA,EACA,eAAA;AAAA,EACA;AACF;AAIO,IAAM,yCAAA,GAA4C;AAAA,EACvD,aAAA;AAAA,EACA,SAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AAIO,IAAM,wBAAA,GAA2B;AAAA,EACtC,aAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AAGO,IAAM,sBAAA,GAAyB,CAAC,SAAA,EAAW,MAAM;AAGjD,IAAM,2CAAA,GAA8C;AAAA,EACzD,WAAA,EAAa,SAAA;AAAA,EACb,OAAA,EAAS,SAAA;AAAA,EACT,OAAA,EAAS,SAAA;AAAA,EACT,UAAA,EAAY;AACd;AAcO,IAAM,oCAAA,GAAuC;AAAA,EAClD,aAAA,EAAe,WAAA;AAAA,EACf,MAAA,EAAQ,YAAA;AAAA,EACR,qBAAA,EAAuB,KAAA;AAAA,EACvB,oBAAA,EAAsB;AACxB;AAEO,IAAM,kCAAA,GAAqC;AAAA,EAChD;AAAA,IACE,WAAA,EAAa,aAAA;AAAA,IACb,YAAA,EAAc,aAAA;AAAA,IACd,UAAA,EAAY;AAAA,GACd;AAAA,EACA;AAAA,IACE,WAAA,EAAa,SAAA;AAAA,IACb,YAAA,EAAc,SAAA;AAAA,IACd,UAAA,EAAY;AAAA,GACd;AAAA,EACA;AAAA,IACE,WAAA,EAAa,SAAA;AAAA,IACb,YAAA,EAAc,SAAA;AAAA,IACd,UAAA,EAAY,SAAA;AAAA,IACZ,qBAAA,EAAuB,SAAA;AAAA,IACvB,iCAAA,EAAmC;AAAA,MACjC,OAAA,EAAS;AAAA,KACX;AAAA,IACA,oBAAA,EAAsB;AAAA,MACpB,OAAA,EAAS;AAAA;AACX,GACF;AAAA,EACA;AAAA,IACE,WAAA,EAAa,YAAA;AAAA,IACb,YAAA,EAAc,YAAA;AAAA,IACd,UAAA,EAAY;AAAA;AAEhB;AAEO,IAAM,6BAAA,GAAgC;AAAA,EAC3C,YAAA;AAAA,EACA,gBAAA;AAAA,EACA,YAAA;AAAA,EACA,YAAA;AAAA,EACA,YAAA;AAAA,EACA;AACF;AAIO,IAAM,+BAAA,GAAkC;AAAA,EAC7C,MAAA,EAAQ,CAAC,mBAAA,EAAqB,eAAe,CAAA;AAAA,EAC7C,SAAA,EAAW,CAAC,sBAAA,EAAwB,wBAAwB,CAAA;AAAA,EAC5D,QAAA,EAAU;AAAA,IACR,qBAAA;AAAA,IACA,6BAAA;AAAA,IACA;AAAA,GACF;AAAA,EACA,YAAA,EAAc;AAAA,IACZ,yBAAA;AAAA,IACA,iCAAA;AAAA,IACA;AAAA,GACF;AAAA,EACA,WAAA,EAAa,CAAC,eAAA,EAAiB,sBAAsB,CAAA;AAAA,EACrD,gBAAA,EAAkB,CAAC,oBAAA,EAAsB,6BAA6B,CAAA;AAAA,EACtE,QAAA,EAAU,CAAC,0BAAA,EAA4B,mBAAmB;AAC5D;AAIO,IAAM,6BAAA,GAAgC;AAAA,EAC3C;AAAA,IACE,IAAA,EAAM,UAAA;AAAA,IACN,QAAA,EAAU,WAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,IAAA,EAAM,IAAA;AAAA,IACN,QAAA,EAAU,IAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,IAAA,EAAM,QAAA;AAAA,IACN,QAAA,EAAU,QAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,IAAA,EAAM,YAAA;AAAA,IACN,QAAA,EAAU,QAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,IAAA,EAAM,YAAA;AAAA,IACN,QAAA,EAAU,QAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,IAAA,EAAM,uBAAA;AAAA,IACN,QAAA,EAAU,QAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,IAAA,EAAM,cAAA;AAAA,IACN,QAAA,EAAU,QAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,IAAA,EAAM,MAAA;AAAA,IACN,QAAA,EAAU,WAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,IAAA,EAAM,MAAA;AAAA,IACN,QAAA,EAAU,WAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,IAAA,EAAM,SAAA;AAAA,IACN,QAAA,EAAU,eAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,IAAA,EAAM,qBAAA;AAAA,IACN,QAAA,EAAU,eAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,IAAA,EAAM,oBAAA;AAAA,IACN,QAAA,EAAU,aAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,IAAA,EAAM,MAAA;AAAA,IACN,QAAA,EAAU,IAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,IAAA,EAAM,aAAA;AAAA,IACN,QAAA,EAAU,IAAA;AAAA,IACV,WAAA,EACE;AAAA;AAEN;AAoBO,IAAM,uBAAA,GAA0B;AAAA,EACrC;AAAA,IACE,EAAA,EAAI,eAAA;AAAA,IACJ,UAAA,EAAY,gBAAA;AAAA,IACZ,WAAA,EACE,qHAAA;AAAA,IACF,SAAA,EAAW;AAAA,MACT;AAAA,QACE,IAAA,EAAM,mCAAA;AAAA,QACN,QAAA,EAAU,IAAA;AAAA,QACV,MAAA,EAAQ,KAAA;AAAA,QACR,MAAA,EAAQ,IAAA;AAAA,QACR,WAAA,EAAa;AAAA,OACf;AAAA,MACA;AAAA,QACE,IAAA,EAAM,kBAAA;AAAA,QACN,QAAA,EAAU,IAAA;AAAA,QACV,MAAA,EAAQ,IAAA;AAAA,QACR,MAAA,EAAQ,KAAA;AAAA,QACR,WAAA,EAAa;AAAA,OACf;AAAA,MACA;AAAA,QACE,IAAA,EAAM,yBAAA;AAAA,QACN,QAAA,EAAU,KAAA;AAAA,QACV,MAAA,EAAQ,KAAA;AAAA,QACR,MAAA,EAAQ,KAAA;AAAA,QACR,WAAA,EAAa;AAAA,OACf;AAAA,MACA;AAAA,QACE,IAAA,EAAM,+BAAA;AAAA,QACN,QAAA,EAAU,KAAA;AAAA,QACV,MAAA,EAAQ,KAAA;AAAA,QACR,MAAA,EAAQ,IAAA;AAAA,QACR,WAAA,EAAa;AAAA,OACf;AAAA,MACA;AAAA,QACE,IAAA,EAAM,+BAAA;AAAA,QACN,QAAA,EAAU,KAAA;AAAA,QACV,MAAA,EAAQ,KAAA;AAAA,QACR,MAAA,EAAQ,IAAA;AAAA,QACR,WAAA,EAAa;AAAA;AACf;AACF,GACF;AAAA,EACA;AAAA,IACE,EAAA,EAAI,kBAAA;AAAA,IACJ,UAAA,EAAY,mBAAA;AAAA,IACZ,WAAA,EACE,6EAAA;AAAA,IACF,SAAA,EAAW;AAAA,MACT;AAAA,QACE,IAAA,EAAM,gBAAA;AAAA,QACN,QAAA,EAAU,IAAA;AAAA,QACV,MAAA,EAAQ,KAAA;AAAA,QACR,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS,CAAC,qBAAA,EAAuB,iBAAiB,CAAA;AAAA,QAClD,WAAA,EAAa;AAAA,OACf;AAAA,MACA;AAAA,QACE,IAAA,EAAM,uBAAA;AAAA,QACN,QAAA,EAAU,KAAA;AAAA,QACV,MAAA,EAAQ,KAAA;AAAA,QACR,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS,CAAC,sBAAsB,CAAA;AAAA,QAChC,WAAA,EAAa;AAAA,OACf;AAAA,MACA;AAAA,QACE,IAAA,EAAM,oBAAA;AAAA,QACN,QAAA,EAAU,KAAA;AAAA,QACV,MAAA,EAAQ,KAAA;AAAA,QACR,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS,CAAC,YAAY,CAAA;AAAA,QACtB,WAAA,EAAa;AAAA,OACf;AAAA,MACA;AAAA,QACE,IAAA,EAAM,2BAAA;AAAA,QACN,QAAA,EAAU,KAAA;AAAA,QACV,MAAA,EAAQ,KAAA;AAAA,QACR,MAAA,EAAQ,KAAA;AAAA,QACR,WAAA,EACE;AAAA;AACJ;AACF,GACF;AAAA,EACA;AAAA,IACE,EAAA,EAAI,+BAAA;AAAA,IACJ,UAAA,EAAY,mBAAA;AAAA,IACZ,WAAA,EACE,iFAAA;AAAA,IACF,SAAA,EAAW;AAAA,MACT;AAAA,QACE,IAAA,EAAM,gBAAA;AAAA,QACN,QAAA,EAAU,KAAA;AAAA,QACV,MAAA,EAAQ,IAAA;AAAA,QACR,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS,CAAC,YAAY,CAAA;AAAA,QACtB,WAAA,EACE;AAAA;AACJ;AACF,GACF;AAAA,EACA;AAAA,IACE,EAAA,EAAI,uBAAA;AAAA,IACJ,UAAA,EAAY,0CAAA;AAAA,IACZ,WAAA,EACE,sGAAA;AAAA,IACF,SAAA,EAAW;AAAA,MACT;AAAA,QACE,IAAA,EAAM,oBAAA;AAAA,QACN,QAAA,EAAU,IAAA;AAAA,QACV,MAAA,EAAQ,IAAA;AAAA,QACR,MAAA,EAAQ,KAAA;AAAA,QACR,WAAA,EACE;AAAA;AACJ;AACF;AAEJ;AAcO,IAAM,0BAAA,GAA6B;AAAA,EACxC;AAAA,IACE,EAAA,EAAI,YAAA;AAAA,IACJ,QAAA,EAAU,aAAA;AAAA,IACV,aAAA,EAAe,CAAC,eAAA,EAAiB,kBAAkB,CAAA;AAAA,IACnD,QAAA,EAAU,mCAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,EAAA,EAAI,gBAAA;AAAA,IACJ,QAAA,EAAU,aAAA;AAAA,IACV,QAAA,EAAU,eAAA;AAAA,IACV,aAAA,EAAe,CAAC,eAAA,EAAiB,kBAAkB,CAAA;AAAA,IACnD,QAAA,EAAU,+CAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,EAAA,EAAI,YAAA;AAAA,IACJ,WAAA,EAAa,aAAA;AAAA,IACb,QAAA,EAAU,eAAA;AAAA,IACV,aAAA,EAAe,CAAC,kBAAA,EAAoB,+BAA+B,CAAA;AAAA,IACnE,QAAA,EACE,oEAAA;AAAA,IACF,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,EAAA,EAAI,YAAA;AAAA,IACJ,WAAA,EAAa,aAAA;AAAA,IACb,QAAA,EAAU,eAAA;AAAA,IACV,QAAA,EAAU,aAAA;AAAA,IACV,aAAA,EAAe,CAAC,kBAAA,EAAoB,+BAA+B,CAAA;AAAA,IACnE,QAAA,EAAU,kCAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,EAAA,EAAI,YAAA;AAAA,IACJ,WAAA,EAAa,aAAA;AAAA,IACb,QAAA,EAAU,eAAA;AAAA,IACV,QAAA,EAAU,aAAA;AAAA,IACV,aAAA,EAAe,CAAC,kBAAA,EAAoB,+BAA+B,CAAA;AAAA,IACnE,QAAA,EAAU,6BAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,EAAA,EAAI,eAAA;AAAA,IACJ,QAAA,EAAU,aAAA;AAAA,IACV,aAAA,EAAe,CAAC,uBAAuB,CAAA;AAAA,IACvC,QAAA,EAAU,qCAAA;AAAA,IACV,WAAA,EACE;AAAA;AAEN;AA0BO,IAAM,iCAAA,GAAoC;AAAA,EAC/C;AAAA,IACE,EAAA,EAAI,gBAAA;AAAA,IACJ,SAAA,EAAW,OAAA;AAAA,IACX,YAAA,EAAc,UAAA;AAAA,IACd,iBAAA,EAAmB,iBAAA;AAAA,IACnB,YAAA,EAAc,+BAAA;AAAA,IACd,eAAA,EAAiB,kCAAA;AAAA,IACjB,oBAAA,EAAsB,oBAAA;AAAA,IACtB,UAAA,EAAY;AAAA,MACV,KAAA,EAAO,UAAA;AAAA,MACP,IAAA,EAAM;AAAA,KACR;AAAA,IACA,gBAAA,EAAkB,gBAAA;AAAA,IAClB,oBAAA,EAAsB,2BAAA;AAAA,IACtB,MAAA,EAAQ;AAAA,MACN,MAAA,EAAQ,qBAAA;AAAA,MACR,YAAA,EAAc,4BAAA;AAAA,MACd,iBAAA,EAAmB,oBAAA;AAAA,MACnB,cAAA,EAAgB;AAAA;AAClB,GACF;AAAA,EACA;AAAA,IACE,EAAA,EAAI,SAAA;AAAA,IACJ,SAAA,EAAW,OAAA;AAAA,IACX,YAAA,EAAc,SAAA;AAAA,IACd,iBAAA,EAAmB,SAAA;AAAA,IACnB,YAAA,EAAc,+BAAA;AAAA,IACd,eAAA,EAAiB,kCAAA;AAAA,IACjB,oBAAA,EAAsB,oBAAA;AAAA,IACtB,UAAA,EAAY;AAAA,MACV,KAAA,EAAO,UAAA;AAAA,MACP,IAAA,EAAM;AAAA,KACR;AAAA,IACA,gBAAA,EAAkB,gBAAA;AAAA,IAClB,oBAAA,EAAsB,2BAAA;AAAA,IACtB,MAAA,EAAQ;AAAA,MACN,MAAA,EAAQ,oBAAA;AAAA,MACR,YAAA,EAAc,2BAAA;AAAA,MACd,iBAAA,EAAmB,oBAAA;AAAA,MACnB,cAAA,EAAgB;AAAA;AAClB,GACF;AAAA,EACA;AAAA,IACE,EAAA,EAAI,WAAA;AAAA,IACJ,SAAA,EAAW,OAAA;AAAA,IACX,YAAA,EAAc,aAAA;AAAA,IACd,iBAAA,EAAmB,2BAAA;AAAA,IACnB,YAAA,EAAc,+BAAA;AAAA,IACd,eAAA,EAAiB,kCAAA;AAAA,IACjB,oBAAA,EAAsB,oBAAA;AAAA,IACtB,UAAA,EAAY;AAAA,MACV,KAAA,EAAO,UAAA;AAAA,MACP,IAAA,EAAM;AAAA,KACR;AAAA,IACA,gBAAA,EAAkB,4BAAA;AAAA,IAClB,oBAAA,EAAsB,2BAAA;AAAA,IACtB,MAAA,EAAQ;AAAA,MACN,MAAA,EAAQ,sBAAA;AAAA,MACR,YAAA,EAAc,6BAAA;AAAA,MACd,iBAAA,EAAmB,kBAAA;AAAA,MACnB,cAAA,EAAgB;AAAA;AAClB,GACF;AAAA,EACA;AAAA,IACE,EAAA,EAAI,cAAA;AAAA,IACJ,SAAA,EAAW,QAAA;AAAA,IACX,YAAA,EAAc,QAAA;AAAA,IACd,iBAAA,EAAmB,cAAA;AAAA,IACnB,YAAA,EAAc,+BAAA;AAAA,IACd,eAAA,EAAiB,kCAAA;AAAA,IACjB,oBAAA,EAAsB,qBAAA;AAAA,IACtB,UAAA,EAAY;AAAA,MACV,KAAA,EAAO,UAAA;AAAA,MACP,IAAA,EAAM;AAAA,KACR;AAAA,IACA,gBAAA,EAAkB,wBAAA;AAAA,IAClB,oBAAA,EAAsB,2BAAA;AAAA,IACtB,MAAA,EAAQ;AAAA,MACN,MAAA,EAAQ,mBAAA;AAAA,MACR,YAAA,EAAc,0BAAA;AAAA,MACd,iBAAA,EAAmB,oBAAA;AAAA,MACnB,cAAA,EAAgB;AAAA;AAClB;AAEJ;AAMO,SAAS,kCACd,QAAA,EAC2C;AAC3C,EAAA,OAAO,iCAAA,CAAkC,IAAA;AAAA,IACvC,CAAC,MAAA,KAAW,MAAA,CAAO,EAAA,KAAO;AAAA,GAC5B;AACF;AAEO,SAAS,mCACd,QAAA,EAC2B;AAC3B,EAAA,MAAM,MAAA,GAAS,kCAAkC,QAAQ,CAAA;AACzD,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,gCAAA,EAAmC,QAAQ,CAAA,CAAA,CAAG,CAAA;AAAA,EAChE;AACA,EAAA,OAAO,CAAC,MAAA,CAAO,MAAA,CAAO,MAAA,EAAQ,MAAA,CAAO,OAAO,YAAY,CAAA;AAC1D;AAEO,SAAS,qCAAA,CACd,UACA,OAAA,EACS;AACT,EAAA,OAAO,kCAAA,CAAmC,QAAQ,CAAA,CAAE,QAAA,CAAS,OAAO,CAAA;AACtE;AAEO,SAAS,0CACd,WAAA,EACqB;AACrB,EAAA,OAAO,4CAA4C,WAAW,CAAA;AAChE;AAEO,SAAS,mCACd,WAAA,EAC4C;AAC5C,EAAA,OAAO,kCAAA,CAAmC,IAAA;AAAA,IACxC,CAAC,WAAA,KAAgB,WAAA,CAAY,WAAA,KAAgB;AAAA,GAC/C;AACF;AAEO,SAAS,gDAAA,CACd,UACA,WAAA,EACoB;AACpB,EAAA,MAAM,MAAA,GAAS,kCAAkC,QAAQ,CAAA;AACzD,EAAA,MAAM,WAAA,GAAc,mCAAmC,WAAW,CAAA;AAClE,EAAA,IAAI,CAAC,MAAA,IAAU,CAAC,WAAA,EAAa;AAC3B,IAAA,OAAO,MAAA;AAAA,EACT;AACA,EAAA,OAAO,WAAA,CAAY,iCAAA,GACjB,MAAA,CAAO,iBACT,CAAA;AACF;AAEO,SAAS,kDAAA,CACd,UACA,WAAA,EACQ;AACR,EAAA,MAAM,MAAA,GAAS,kCAAkC,QAAQ,CAAA;AACzD,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,gCAAA,EAAmC,QAAQ,CAAA,CAAA,CAAG,CAAA;AAAA,EAChE;AACA,EAAA,OAAO,yCAAA,CAA0C,WAAW,CAAA,KAAM,MAAA,GAC9D,OAAO,MAAA,CAAO,cAAA,GACd,OAAO,MAAA,CAAO,iBAAA;AACpB;AAEO,SAAS,yBACd,MAAA,EACkC;AAClC,EAAA,OAAO,wBAAwB,IAAA,CAAK,CAAC,IAAA,KAAS,IAAA,CAAK,OAAO,MAAM,CAAA;AAClE;AAEO,SAAS,4BACd,SAAA,EACqC;AACrC,EAAA,OAAO,2BAA2B,IAAA,CAAK,CAAC,OAAA,KAAY,OAAA,CAAQ,OAAO,SAAS,CAAA;AAC9E;AAEO,IAAM,uBAAA,GAA0B;AAAA,EACrC,iBAAA;AAAA,EACA,QAAA;AAAA,EACA,UAAA;AAAA,EACA;AACF;AAGO,IAAM,uBAAA,GAA0B;AAAA,EACrC,QAAA;AAAA,EACA,aAAA;AAAA,EACA,QAAA;AAAA,EACA,WAAA;AAAA,EACA,iBAAA;AAAA,EACA,YAAA;AAAA,EACA;AACF;AAGO,IAAM,qCAAA,GAAwC;AAAA,EACnD,uBAAA;AAAA,EACA,sBAAA;AAAA,EACA,2BAAA;AAAA,EACA;AACF;AAIO,IAAM,0BAAA,GAA6B;AAAA,EACxC,YAAA;AAAA,EACA,gBAAA;AAAA,EACA,YAAA;AAAA,EACA,YAAA;AAAA,EACA,mBAAA;AAAA,EACA,mBAAA;AAAA,EACA,sBAAA;AAAA,EACA,gBAAA;AAAA,EACA,WAAA;AAAA,EACA,qBAAA;AAAA,EACA,mBAAA;AAAA,EACA,0BAAA;AAAA,EACA,mBAAA;AAAA,EACA,mBAAA;AAAA,EACA,sBAAA;AAAA,EACA,qBAAA;AAAA,EACA,uBAAA;AAAA,EACA;AACF;AAGO,IAAM,kCAAA,GAAqC;AAAA,EAChD,QAAA;AAAA,EACA,QAAA;AAAA,EACA,gBAAA;AAAA,EACA,eAAA;AAAA,EACA;AACF","file":"infisical-runtime.base.js","sourcesContent":["/**\n * Tenant client contract\n *\n * Defines the generic boundary for any customer-owned product that consumes\n * Lucern through the SDK, hosted API, or MCP server. Tenant clients may run\n * their own UI, auth provider, deployment, and data plane, but reasoning\n * operations must enter through the published packages below.\n */\n\nimport type {\n SessionAuthMode,\n SessionPrincipalType,\n} from \"./auth.contract\";\n\nexport const TENANT_CLIENT_CONTRACT_VERSION = \"2026-04-27\" as const;\n\nexport const TENANT_CLIENT_AUTH_MODES = [\n \"interactive_user\",\n \"service_principal\",\n \"tenant_api_key\",\n \"session_token\",\n] as const satisfies readonly SessionAuthMode[];\nexport type TenantClientAuthMode = (typeof TENANT_CLIENT_AUTH_MODES)[number];\n\nexport const TENANT_CLIENT_PRINCIPAL_TYPES = [\n \"human\",\n \"service\",\n \"agent\",\n \"group\",\n \"external_viewer\",\n] as const satisfies readonly SessionPrincipalType[];\nexport type TenantClientPrincipalType =\n (typeof TENANT_CLIENT_PRINCIPAL_TYPES)[number];\n\nexport const TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS = [\n \"tenantId\",\n \"workspaceId\",\n \"principalId\",\n \"authMode\",\n \"scopes\",\n] as const;\nexport type TenantClientRequiredContextField =\n (typeof TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS)[number];\n\nexport const TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS = [\n \"clerkId\",\n \"principalType\",\n \"roles\",\n \"groupIds\",\n \"permittedToolNames\",\n \"permittedPackKeys\",\n \"principalStatus\",\n \"tenantStatus\",\n \"workspaceStatus\",\n \"permit\",\n \"sessionId\",\n \"delegationChain\",\n] as const;\nexport type TenantClientOptionalContextField =\n (typeof TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS)[number];\n\nexport const TENANT_CLIENT_INSTALL_TOKEN_ENV = \"INSTALL_LUCERN_NPM\" as const;\nexport const TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH =\n \"tenants/shared\" as const;\nexport const TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS = [\n \"/platform/publish\",\n] as const;\nexport const TENANT_CLIENT_FORBIDDEN_SECRET_ENV = [\"NPM_TOKEN\"] as const;\nexport type TenantClientForbiddenInstallTokenInfisicalPath =\n (typeof TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS)[number];\nexport type TenantClientForbiddenSecretEnv =\n (typeof TENANT_CLIENT_FORBIDDEN_SECRET_ENV)[number];\n\nexport const TENANT_CLIENT_INSTALLABLE_PACKAGES = [\n {\n packageName: \"@lucern/access-control\",\n role: \"runtime_entrypoint\",\n directTenantImport: true,\n },\n {\n packageName: \"@lucern/agent\",\n role: \"platform_runtime\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/auth\",\n role: \"sdk_dependency\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/cli\",\n role: \"developer_tool\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/client-core\",\n role: \"sdk_dependency\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/confidence\",\n role: \"sdk_dependency\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/config\",\n role: \"configuration\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/contracts\",\n role: \"contract_entrypoint\",\n directTenantImport: true,\n },\n {\n packageName: \"@lucern/control-plane\",\n role: \"component_runtime\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/developer-kit\",\n role: \"developer_tool\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/events\",\n role: \"sdk_dependency\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/graph-primitives\",\n role: \"sdk_dependency\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/graph-sync\",\n role: \"host_addon_runtime\",\n directTenantImport: true,\n },\n {\n packageName: \"@lucern/mcp\",\n role: \"runtime_entrypoint\",\n directTenantImport: true,\n },\n {\n packageName: \"@lucern/pack-host\",\n role: \"platform_runtime\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/pack-installer\",\n role: \"developer_tool\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/proof-compiler\",\n role: \"developer_tool\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/react\",\n role: \"runtime_entrypoint\",\n directTenantImport: true,\n },\n {\n packageName: \"@lucern/reasoning-kernel\",\n role: \"component_runtime\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/sdk\",\n role: \"runtime_entrypoint\",\n directTenantImport: true,\n },\n {\n packageName: \"@lucern/secrets\",\n role: \"sdk_dependency\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/server-core\",\n role: \"platform_runtime\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/testing\",\n role: \"test_support\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/transport-core\",\n role: \"sdk_dependency\",\n directTenantImport: false,\n },\n {\n packageName: \"@lucern/types\",\n role: \"contract_entrypoint\",\n directTenantImport: true,\n },\n] as const;\nexport type TenantClientInstallablePackage =\n (typeof TENANT_CLIENT_INSTALLABLE_PACKAGES)[number];\nexport type TenantClientPackageRole = TenantClientInstallablePackage[\"role\"];\nexport type TenantClientInstallablePackageName =\n TenantClientInstallablePackage[\"packageName\"];\n\n/**\n * Direct package installs are package.json entries owned by the tenant repo.\n * Direct imports are source-code imports that tenant application code may use.\n *\n * These concepts intentionally differ: `@lucern/cli` is a direct install when a\n * tenant repo needs the `lucern` binary, but it is not a direct application\n * import. `@lucern/reasoning-kernel` and `@lucern/control-plane` are direct installs\n * for Convex component binding, while tenant app code should only import their\n * explicit component config subpaths.\n */\nexport type TenantClientInstallProfile = {\n id: string;\n description: string;\n packageNames: readonly TenantClientInstallablePackageName[];\n dependencyField: \"dependencies\" | \"devDependencies\" | \"mixed\";\n};\n\nexport const TENANT_CLIENT_FULL_SUITE_PACKAGE_NAMES =\n TENANT_CLIENT_INSTALLABLE_PACKAGES.map(\n (entry) => entry.packageName\n ) as readonly TenantClientInstallablePackageName[];\n\nexport const TENANT_CLIENT_INSTALL_PROFILES = [\n {\n id: \"core_app_runtime\",\n description:\n \"Smallest tenant app/runtime install for typed Lucern API calls plus tool-access policy helpers.\",\n packageNames: [\"@lucern/sdk\", \"@lucern/access-control\"],\n dependencyField: \"dependencies\",\n },\n {\n id: \"react_app_runtime\",\n description:\n \"React tenant app install for hooks, provider, curated graph components, and direct SDK calls.\",\n packageNames: [\"@lucern/react\", \"@lucern/sdk\", \"@lucern/access-control\"],\n dependencyField: \"dependencies\",\n },\n {\n id: \"convex_components\",\n description:\n \"Tenant Convex host install for binding the Lucern control-plane and reasoning-kernel components.\",\n packageNames: [\"@lucern/control-plane\", \"@lucern/reasoning-kernel\"],\n dependencyField: \"dependencies\",\n },\n {\n id: \"graph_mirroring_addon\",\n description:\n \"Optional tenant Convex host install for Neo4j graph projection, edge topology writes, backfill, health checks, and query proxy helpers.\",\n packageNames: [\"@lucern/graph-sync\"],\n dependencyField: \"dependencies\",\n },\n {\n id: \"operator_cli\",\n description:\n \"Developer/operator install for the `lucern` binary, including tenant bootstrap seed commands.\",\n packageNames: [\"@lucern/cli\"],\n dependencyField: \"devDependencies\",\n },\n {\n id: \"mcp_runtime\",\n description:\n \"Agent runtime install for the standalone Lucern MCP server and hosted route helpers.\",\n packageNames: [\"@lucern/mcp\"],\n dependencyField: \"dependencies\",\n },\n {\n id: \"contracts_and_types\",\n description:\n \"Compile-time contract/type install for codegen, audits, and tenant integration validation.\",\n packageNames: [\"@lucern/contracts\", \"@lucern/types\"],\n dependencyField: \"dependencies\",\n },\n {\n id: \"full_suite\",\n description:\n \"Full coherent Lucern package suite for design-partner repos that want every published runtime, tool, component, test, and config package pinned together.\",\n packageNames: TENANT_CLIENT_FULL_SUITE_PACKAGE_NAMES,\n dependencyField: \"mixed\",\n },\n] as const satisfies readonly TenantClientInstallProfile[];\nexport type TenantClientInstallProfileId =\n (typeof TENANT_CLIENT_INSTALL_PROFILES)[number][\"id\"];\n\n/**\n * Direct imports tenant-owned product code may use. This is intentionally\n * smaller than TENANT_CLIENT_INSTALLABLE_PACKAGES: several publishable packages\n * are installed as SDK dependencies, tooling, or platform runtimes but should\n * not become the application integration surface.\n */\nexport const TENANT_CLIENT_PUBLIC_IMPORTS = [\n {\n packageName: \"@lucern/sdk\",\n surface: \"runtime\",\n subpaths: \"published_exports\",\n description: \"TypeScript SDK runtime and generated operation namespaces.\",\n },\n {\n packageName: \"@lucern/react\",\n surface: \"runtime\",\n subpaths: \"published_exports\",\n description: \"React bindings for tenant-owned UI applications.\",\n },\n {\n packageName: \"@lucern/mcp\",\n surface: \"runtime\",\n subpaths: \"published_exports\",\n description: \"MCP client/server entry points and hosted route helpers.\",\n },\n {\n packageName: \"@lucern/graph-sync\",\n surface: \"runtime\",\n subpaths: \"published_exports\",\n description:\n \"Optional Neo4j graph mirroring host actions, edge API, query proxy, backfill, and health helpers.\",\n },\n {\n packageName: \"@lucern/contracts\",\n surface: \"contract\",\n subpaths: \"published_exports\",\n description: \"Published type and manifest contracts.\",\n },\n {\n packageName: \"@lucern/access-control\",\n surface: \"runtime\",\n subpaths: \"published_exports\",\n description:\n \"Tenant runtime access-control helpers, including effective tool access.\",\n },\n {\n packageName: \"@lucern/types\",\n surface: \"contract\",\n subpaths: \"published_exports\",\n description: \"Published type-only helpers for tenant integration code.\",\n },\n] as const;\nexport type TenantClientPublicImport =\n (typeof TENANT_CLIENT_PUBLIC_IMPORTS)[number];\nexport type TenantClientPublicPackage =\n TenantClientPublicImport[\"packageName\"];\nexport type TenantClientPublicSurface = TenantClientPublicImport[\"surface\"];\n\nexport const TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS = [\n {\n packageName: \"@lucern/control-plane\",\n importPath: \"@lucern/control-plane/convex.config\",\n surface: \"component_config\",\n description:\n \"Convex component binding config for tenant deployments that install the Lucern control plane.\",\n },\n {\n packageName: \"@lucern/reasoning-kernel\",\n importPath: \"@lucern/reasoning-kernel/convex.config\",\n surface: \"component_config\",\n description:\n \"Convex component binding config for tenant deployments that install the Lucern reasoning kernel.\",\n },\n {\n packageName: \"@lucern/reasoning-kernel\",\n importPath: \"@lucern/reasoning-kernel/runtime.config\",\n surface: \"component_config\",\n description:\n \"Runtime config alias for tenant deployments that install the Lucern reasoning kernel.\",\n },\n] as const;\nexport type TenantClientComponentConfigImport =\n (typeof TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS)[number];\nexport type TenantClientAllowedImport =\n | TenantClientPublicImport\n | TenantClientComponentConfigImport;\n\nexport function findTenantClientInstallablePackage(\n packageName: string\n): TenantClientInstallablePackage | undefined {\n return TENANT_CLIENT_INSTALLABLE_PACKAGES.find(\n (entry) => entry.packageName === packageName\n );\n}\n\nexport function isTenantClientInstallablePackage(packageName: string): boolean {\n return Boolean(findTenantClientInstallablePackage(packageName));\n}\n\nexport const TENANT_CLIENT_REQUIRED_SDK_NAMESPACES = [\n \"bootstrap\",\n \"context\",\n \"beliefs\",\n \"evidence\",\n \"questions\",\n \"graph\",\n \"worktrees\",\n \"topics\",\n \"edges\",\n \"contradictions\",\n \"contracts\",\n \"graphIntel\",\n \"graphIntelligence\",\n \"graphAnalysis\",\n \"graphRecommendations\",\n \"orgGraphSearch\",\n \"embeddings\",\n \"ontologyLinks\",\n \"graphStateClassifier\",\n \"tools\",\n \"controlPlane\",\n \"identity\",\n \"modelRuntime\",\n \"events\",\n \"jobs\",\n \"telemetry\",\n] as const;\nexport type TenantClientRequiredSdkNamespace =\n (typeof TENANT_CLIENT_REQUIRED_SDK_NAMESPACES)[number];\n\nexport const TENANT_CLIENT_CAPABILITIES = [\n {\n id: \"identity.resolve_interactive_principal\",\n description:\n \"Resolve a Clerk-authenticated user into a Permit-backed Lucern principal context.\",\n surfaces: [\"@lucern/sdk\", \"@lucern/cli\", \"@lucern/mcp\"],\n requiredContextFields: [\"principalId\", \"tenantId\", \"scopes\"],\n },\n {\n id: \"identity.bootstrap_session\",\n description: \"Start a scoped Lucern session for a tenant principal.\",\n surfaces: [\"@lucern/sdk\", \"@lucern/mcp\"],\n requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS,\n },\n {\n id: \"reasoning.context.compile\",\n description: \"Compile tenant and workspace scoped reasoning context.\",\n surfaces: [\"@lucern/sdk\", \"@lucern/react\", \"@lucern/mcp\"],\n requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS,\n },\n {\n id: \"reasoning.graph.read\",\n description: \"Read beliefs, evidence, questions, topics, graph edges, and lineage.\",\n surfaces: [\"@lucern/sdk\", \"@lucern/react\", \"@lucern/mcp\"],\n requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS,\n },\n {\n id: \"reasoning.graph.write\",\n description: \"Create and update graph objects through authorized APIs.\",\n surfaces: [\"@lucern/sdk\", \"@lucern/mcp\"],\n requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS,\n },\n {\n id: \"reasoning.graph_intelligence.run\",\n description:\n \"Discover and run Graph Intelligence query recipes for structural graph analysis.\",\n surfaces: [\"@lucern/sdk\", \"@lucern/cli\", \"@lucern/mcp\"],\n requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS,\n },\n {\n id: \"reasoning.graph_mirroring.install\",\n description:\n \"Install and run the optional Neo4j graph mirror for paid or enterprise tenant deployments.\",\n surfaces: [\"@lucern/graph-sync\", \"@lucern/cli\"],\n requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS,\n },\n {\n id: \"workflow.worktree_lifecycle\",\n description: \"Create, review, merge, and close scoped worktrees.\",\n surfaces: [\"@lucern/sdk\", \"@lucern/react\", \"@lucern/mcp\"],\n requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS,\n },\n] as const;\nexport type TenantClientCapability =\n (typeof TENANT_CLIENT_CAPABILITIES)[number];\nexport type TenantClientCapabilityId = TenantClientCapability[\"id\"];\n\nexport const TENANT_CLIENT_ISOLATION_RULES = [\n {\n id: \"tenant_workspace_scope_required\",\n description:\n \"Runtime operations must resolve both tenantId and workspaceId before reaching Lucern reasoning state.\",\n },\n {\n id: \"principal_audit_required\",\n description:\n \"Runtime operations must carry principalId, authMode, and scopes for audit attribution.\",\n },\n {\n id: \"no_private_lucern_imports\",\n description:\n \"Tenant code must not import Lucern source, Convex internals, generated adapters, or unpublished package internals.\",\n },\n] as const;\nexport type TenantClientIsolationRule =\n (typeof TENANT_CLIENT_ISOLATION_RULES)[number];\n\nexport const TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS = [\n {\n id: \"deep_src_import\",\n pattern: \"^@lucern/[^/]+/src(?:/|$)\",\n description: \"Published packages must not be bypassed through src paths.\",\n },\n {\n id: \"deep_dist_import\",\n pattern: \"^@lucern/[^/]+/dist(?:/|$)\",\n description:\n \"Published package exports must be used instead of dist file paths.\",\n },\n {\n id: \"generated_adapter_import\",\n pattern: \"^@lucern/[^/]+/(?:adapters/)?_generated(?:/|$)\",\n description:\n \"Generated Lucern adapters are internal deployment artifacts.\",\n },\n {\n id: \"private_runtime_import\",\n pattern: \"^@lucern/[^/]+/(?:internal|private)(?:/|$)\",\n description: \"Internal and private package subpaths are not public SDK API.\",\n },\n {\n id: \"workspace_source_import\",\n pattern: \"^(?:packages|modules|services|lucern|apps)/(?:.+/)?src(?:/|$)\",\n description:\n \"Tenant clients must not import source files from the Lucern monorepo.\",\n },\n {\n id: \"root_alias_lucern_import\",\n pattern: \"^@/(?:lucern|packages|modules|services|apps)(?:/|$)\",\n description:\n \"Tenant clients must not depend on Lucern repo-local path aliases.\",\n },\n {\n id: \"relative_lucern_source_import\",\n pattern: \"^\\\\.\\\\.?/(?:.+/)?(?:packages|modules|services|lucern|apps)(?:/|$)\",\n description:\n \"Tenant clients must not reach back into Lucern source through relative paths.\",\n },\n {\n id: \"monorepo_path_import\",\n pattern: \"lucern-repo\",\n description:\n \"Absolute imports that name the Lucern repository are not portable tenant code.\",\n },\n] as const;\nexport type TenantClientForbiddenImportPattern =\n (typeof TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS)[number];\nexport type TenantClientForbiddenImportPatternId =\n TenantClientForbiddenImportPattern[\"id\"];\n\nexport type TenantClientImportDecision =\n | \"public\"\n | \"forbidden\"\n | \"local\"\n | \"external\";\n\nexport type TenantClientImportClassification = {\n importPath: string;\n decision: TenantClientImportDecision;\n publicImport?: TenantClientAllowedImport;\n pattern?: TenantClientForbiddenImportPattern;\n reason: string;\n};\n\nfunction matchesPublicImport(\n importPath: string\n): TenantClientAllowedImport | undefined {\n const componentConfig = TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS.find(\n (entry) => importPath === entry.importPath\n );\n if (componentConfig) {\n return componentConfig;\n }\n\n return TENANT_CLIENT_PUBLIC_IMPORTS.find(\n (entry) =>\n importPath === entry.packageName ||\n importPath.startsWith(`${entry.packageName}/`)\n );\n}\n\nfunction matchesForbiddenPattern(\n importPath: string\n): TenantClientForbiddenImportPattern | undefined {\n return TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS.find((entry) =>\n new RegExp(entry.pattern, \"u\").test(importPath)\n );\n}\n\nexport function classifyTenantClientImport(\n importPath: string\n): TenantClientImportClassification {\n const normalizedImportPath = importPath.trim();\n const pattern = matchesForbiddenPattern(normalizedImportPath);\n\n if (pattern) {\n return {\n importPath: normalizedImportPath,\n decision: \"forbidden\",\n pattern,\n reason: pattern.description,\n };\n }\n\n const publicImport = matchesPublicImport(normalizedImportPath);\n if (publicImport) {\n return {\n importPath: normalizedImportPath,\n decision: \"public\",\n publicImport,\n reason: publicImport.description,\n };\n }\n\n if (normalizedImportPath.startsWith(\"@lucern/\")) {\n return {\n importPath: normalizedImportPath,\n decision: \"forbidden\",\n reason:\n \"This @lucern package is not part of the tenant client public surface.\",\n };\n }\n\n if (\n normalizedImportPath.startsWith(\"./\") ||\n normalizedImportPath.startsWith(\"../\")\n ) {\n return {\n importPath: normalizedImportPath,\n decision: \"local\",\n reason: \"Local tenant-owned import.\",\n };\n }\n\n return {\n importPath: normalizedImportPath,\n decision: \"external\",\n reason: \"External dependency outside the Lucern package namespace.\",\n };\n}\n\nexport function isTenantClientPublicImport(importPath: string): boolean {\n return classifyTenantClientImport(importPath).decision === \"public\";\n}\n\nexport function isTenantClientComponentConfigImport(\n importPath: string\n): boolean {\n return TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS.some(\n (entry) => importPath === entry.importPath\n );\n}\n\nexport function isTenantClientAllowedImport(importPath: string): boolean {\n return classifyTenantClientImport(importPath).decision === \"public\";\n}\n\nexport function assertTenantClientImportAllowed(importPath: string): void {\n const classification = classifyTenantClientImport(importPath);\n if (classification.decision !== \"forbidden\") {\n return;\n }\n\n throw new Error(formatTenantClientImportViolation(classification));\n}\n\nexport function formatTenantClientImportViolation(\n classification: TenantClientImportClassification\n): string {\n const patternId = classification.pattern\n ? ` [${classification.pattern.id}]`\n : \"\";\n return `Tenant client import is not allowed${patternId}: ${classification.importPath}. ${classification.reason}`;\n}\n","/**\n * Infisical runtime contract\n *\n * Defines how Lucern runtime surfaces receive platform configuration and\n * secrets. Vercel-owned apps consume Infisical through secret syncs. Server,\n * CLI, MCP, and SDK operator contexts may hydrate runtime config directly from\n * Infisical when they have a scoped machine identity. Tenant user auth still\n * flows through Lucern device login; tenant tools never receive platform Clerk\n * secrets.\n */\n\nimport { TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH } from \"./tenant-client.contract\";\n\nexport const INFISICAL_RUNTIME_CONTRACT_VERSION = \"2026-05-06\" as const;\n\nexport const INFISICAL_RUNTIME_DEFAULT_API_URL =\n \"https://app.infisical.com\" as const;\nexport const INFISICAL_RUNTIME_DEFAULT_PROJECT_ID =\n \"344b0526-90df-4606-ba50-22c647a36c65\" as const;\n\nexport const INFISICAL_RUNTIME_ENVIRONMENTS = [\n \"dev\",\n \"staging\",\n \"prod\",\n] as const;\nexport type InfisicalRuntimeEnvironment =\n (typeof INFISICAL_RUNTIME_ENVIRONMENTS)[number];\n\nexport const INFISICAL_RUNTIME_DELIVERY_MODES = [\n \"vercel_sync\",\n \"runtime_fetch\",\n \"device_auth\",\n] as const;\nexport type InfisicalRuntimeDeliveryMode =\n (typeof INFISICAL_RUNTIME_DELIVERY_MODES)[number];\n\nexport const INFISICAL_VERCEL_DESTINATION_ENVIRONMENTS = [\n \"development\",\n \"preview\",\n \"staging\",\n \"production\",\n] as const;\nexport type InfisicalVercelDestinationEnvironment =\n (typeof INFISICAL_VERCEL_DESTINATION_ENVIRONMENTS)[number];\n\nexport const INFISICAL_VERCEL_TARGETS = [\n \"development\",\n \"preview\",\n \"production\",\n] as const;\nexport type InfisicalVercelTarget = (typeof INFISICAL_VERCEL_TARGETS)[number];\n\nexport const INFISICAL_CONVEX_TIERS = [\"preprod\", \"prod\"] as const;\nexport type InfisicalConvexTier = (typeof INFISICAL_CONVEX_TIERS)[number];\n\nexport const INFISICAL_CONVEX_TIER_BY_VERCEL_ENVIRONMENT = {\n development: \"preprod\",\n preview: \"preprod\",\n staging: \"preprod\",\n production: \"prod\",\n} as const satisfies Record<\n InfisicalVercelDestinationEnvironment,\n InfisicalConvexTier\n>;\n\nexport type InfisicalVercelSyncDestination = {\n readonly environment: InfisicalVercelDestinationEnvironment;\n readonly vercelTarget: InfisicalVercelTarget;\n readonly convexTier: InfisicalConvexTier;\n readonly customEnvironmentSlug?: string;\n readonly customEnvironmentIdsByProjectName?: Readonly<Record<string, string>>;\n readonly domainsByProjectName?: Readonly<Record<string, string>>;\n};\n\nexport const INFISICAL_VERCEL_SYNC_RECONCILIATION = {\n sourceOfTruth: \"infisical\",\n writer: \"vercel_api\",\n disableSecretDeletion: false,\n pruneDestinationKeys: true,\n} as const;\n\nexport const INFISICAL_VERCEL_SYNC_DESTINATIONS = [\n {\n environment: \"development\",\n vercelTarget: \"development\",\n convexTier: \"preprod\",\n },\n {\n environment: \"preview\",\n vercelTarget: \"preview\",\n convexTier: \"preprod\",\n },\n {\n environment: \"staging\",\n vercelTarget: \"preview\",\n convexTier: \"preprod\",\n customEnvironmentSlug: \"staging\",\n customEnvironmentIdsByProjectName: {\n stackos: \"env_RbS0TYRRvWISTje8qR4u2lRg7TC8\",\n },\n domainsByProjectName: {\n stackos: \"staging.stack.vc\",\n },\n },\n {\n environment: \"production\",\n vercelTarget: \"production\",\n convexTier: \"prod\",\n },\n] as const satisfies readonly InfisicalVercelSyncDestination[];\n\nexport const INFISICAL_RUNTIME_SURFACE_IDS = [\n \"lucern-web\",\n \"lucern-gateway\",\n \"lucern-sdk\",\n \"lucern-cli\",\n \"lucern-mcp\",\n \"tenant-client\",\n] as const;\nexport type InfisicalRuntimeSurfaceId =\n (typeof INFISICAL_RUNTIME_SURFACE_IDS)[number];\n\nexport const INFISICAL_RUNTIME_BOOTSTRAP_ENV = {\n apiUrl: [\"INFISICAL_API_URL\", \"INFISICAL_URL\"],\n projectId: [\"INFISICAL_PROJECT_ID\", \"INFISICAL_WORKSPACE_ID\"],\n clientId: [\n \"INFISICAL_CLIENT_ID\",\n \"INFISICAL_MACHINE_CLIENT_ID\",\n \"INFISICAL_UNIVERSAL_AUTH_CLIENT_ID\",\n ],\n clientSecret: [\n \"INFISICAL_CLIENT_SECRET\",\n \"INFISICAL_MACHINE_CLIENT_SECRET\",\n \"INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET\",\n ],\n environment: [\"INFISICAL_ENV\", \"LUCERN_INFISICAL_ENV\"],\n organizationSlug: [\"INFISICAL_ORG_SLUG\", \"INFISICAL_ORGANIZATION_SLUG\"],\n disabled: [\"LUCERN_INFISICAL_DISABLE\", \"INFISICAL_DISABLE\"],\n} as const;\nexport type InfisicalRuntimeBootstrapEnv =\n typeof INFISICAL_RUNTIME_BOOTSTRAP_ENV;\n\nexport const INFISICAL_RUNTIME_CONTROL_ENV = [\n {\n name: \"NODE_ENV\",\n category: \"framework\",\n description:\n \"Node/Next runtime mode. Framework-owned, not written by Infisical.\",\n },\n {\n name: \"CI\",\n category: \"ci\",\n description:\n \"CI execution signal. Workflow-owned, not written by Infisical.\",\n },\n {\n name: \"VERCEL\",\n category: \"vercel\",\n description:\n \"Vercel runtime signal. Platform-owned, not written by Infisical.\",\n },\n {\n name: \"VERCEL_ENV\",\n category: \"vercel\",\n description:\n \"Vercel environment label used for build/runtime selection.\",\n },\n {\n name: \"VERCEL_URL\",\n category: \"vercel\",\n description:\n \"Vercel deployment URL supplied by Vercel for previews and builds.\",\n },\n {\n name: \"VERCEL_GIT_COMMIT_SHA\",\n category: \"vercel\",\n description:\n \"Vercel git metadata used for release labels. Platform-owned, not written by Infisical.\",\n },\n {\n name: \"NEXT_RUNTIME\",\n category: \"nextjs\",\n description:\n \"Next.js runtime selector for node/edge instrumentation modules.\",\n },\n {\n name: \"PORT\",\n category: \"framework\",\n description:\n \"Local/server port supplied by the runtime process manager.\",\n },\n {\n name: \"HOST\",\n category: \"framework\",\n description:\n \"Local/server host supplied by the runtime process manager.\",\n },\n {\n name: \"APP_URL\",\n category: \"compatibility\",\n description:\n \"Legacy local app URL fallback. Prefer LUCERN_LOGIN_BASE_URL or LUCERN_API_URL.\",\n },\n {\n name: \"NEXT_PUBLIC_APP_URL\",\n category: \"compatibility\",\n description:\n \"Legacy public app URL fallback. Prefer LUCERN_LOGIN_BASE_URL or LUCERN_API_URL.\",\n },\n {\n name: \"CLAUDE_PROJECT_DIR\",\n category: \"agent_local\",\n description:\n \"Local agent workspace hint. Agent-runtime-owned, not written by Infisical.\",\n },\n {\n name: \"HOME\",\n category: \"os\",\n description:\n \"Operating-system home directory used only for local credential discovery.\",\n },\n {\n name: \"USERPROFILE\",\n category: \"os\",\n description:\n \"Windows home directory used only for local credential discovery.\",\n },\n] as const;\nexport type InfisicalRuntimeControlEnv =\n (typeof INFISICAL_RUNTIME_CONTROL_ENV)[number];\n\nexport type InfisicalRuntimeVariable = {\n readonly name: string;\n readonly required: boolean;\n readonly secret: boolean;\n readonly public: boolean;\n readonly aliases?: readonly string[];\n readonly description: string;\n};\n\nexport type InfisicalRuntimePathDefinition = {\n readonly id: string;\n readonly secretPath: string;\n readonly description: string;\n readonly variables: readonly InfisicalRuntimeVariable[];\n};\n\nexport const INFISICAL_RUNTIME_PATHS = [\n {\n id: \"platform-auth\",\n secretPath: \"/platform/auth\",\n description:\n \"Lucern platform authentication secrets. Synced into Vercel web/gateway projects; never distributed to tenant tools.\",\n variables: [\n {\n name: \"NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY\",\n required: true,\n secret: false,\n public: true,\n description: \"Clerk publishable key for the Lucern web origin.\",\n },\n {\n name: \"CLERK_SECRET_KEY\",\n required: true,\n secret: true,\n public: false,\n description: \"Clerk backend secret key for Lucern server runtimes.\",\n },\n {\n name: \"CLERK_JWT_ISSUER_DOMAIN\",\n required: false,\n secret: false,\n public: false,\n description: \"Expected Clerk issuer/JWKS domain for JWT verification.\",\n },\n {\n name: \"NEXT_PUBLIC_CLERK_SIGN_IN_URL\",\n required: false,\n secret: false,\n public: true,\n description: \"Public sign-in URL for Lucern-owned web flows.\",\n },\n {\n name: \"NEXT_PUBLIC_CLERK_SIGN_UP_URL\",\n required: false,\n secret: false,\n public: true,\n description: \"Public sign-up URL for Lucern-owned web flows.\",\n },\n ],\n },\n {\n id: \"platform-runtime\",\n secretPath: \"/platform/runtime\",\n description:\n \"Runtime defaults shared by server-side Lucern clients and operator tooling.\",\n variables: [\n {\n name: \"LUCERN_API_URL\",\n required: true,\n secret: false,\n public: false,\n aliases: [\"LUCERN_API_BASE_URL\", \"LUCERN_BASE_URL\"],\n description: \"Canonical Lucern API gateway URL.\",\n },\n {\n name: \"LUCERN_LOGIN_BASE_URL\",\n required: false,\n secret: false,\n public: false,\n aliases: [\"LUCERN_AUTH_BASE_URL\"],\n description: \"Browser login origin used when it differs from the API.\",\n },\n {\n name: \"LUCERN_ENVIRONMENT\",\n required: false,\n secret: false,\n public: false,\n aliases: [\"LUCERN_ENV\"],\n description: \"Lucern environment label consumed by CLI profiles.\",\n },\n {\n name: \"LUCERN_CLI_SESSION_TTL_MS\",\n required: false,\n secret: false,\n public: false,\n description:\n \"Optional web-issued CLI login session lifetime override in milliseconds.\",\n },\n ],\n },\n {\n id: \"platform-operator-credentials\",\n secretPath: \"/platform/runtime\",\n description:\n \"Lucern-owned operator credential material for local CLI, MCP, and SDK sessions.\",\n variables: [\n {\n name: \"LUCERN_API_KEY\",\n required: false,\n secret: true,\n public: false,\n aliases: [\"LUCERN_KEY\"],\n description:\n \"Lucern-owned operator API key for gateway calls from trusted local tooling.\",\n },\n ],\n },\n {\n id: \"tenant-shared-install\",\n secretPath: TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH,\n description:\n \"Tenant package-install secrets. This is install-only and distinct from platform publish credentials.\",\n variables: [\n {\n name: \"INSTALL_LUCERN_NPM\",\n required: true,\n secret: true,\n public: false,\n description:\n \"Read-only install token for the published @lucern/* suite.\",\n },\n ],\n },\n] as const satisfies readonly InfisicalRuntimePathDefinition[];\nexport type InfisicalRuntimePath = (typeof INFISICAL_RUNTIME_PATHS)[number];\nexport type InfisicalRuntimePathId = InfisicalRuntimePath[\"id\"];\n\nexport type InfisicalRuntimeSurfaceDefinition = {\n readonly id: InfisicalRuntimeSurfaceId;\n readonly packageName?: string;\n readonly delivery: InfisicalRuntimeDeliveryMode;\n readonly fallback?: InfisicalRuntimeDeliveryMode;\n readonly sourcePathIds: readonly InfisicalRuntimePathId[];\n readonly consumer: string;\n readonly description: string;\n};\n\nexport const INFISICAL_RUNTIME_SURFACES = [\n {\n id: \"lucern-web\",\n delivery: \"vercel_sync\",\n sourcePathIds: [\"platform-auth\", \"platform-runtime\"],\n consumer: \"apps/web on Vercel project lucern\",\n description:\n \"Lucern web consumes Clerk and runtime config via Infisical-to-Vercel syncs.\",\n },\n {\n id: \"lucern-gateway\",\n delivery: \"vercel_sync\",\n fallback: \"runtime_fetch\",\n sourcePathIds: [\"platform-auth\", \"platform-runtime\"],\n consumer: \"apps/gateway on Vercel project lucern-gateway\",\n description:\n \"Lucern gateway consumes platform config via Infisical-to-Vercel syncs and may self-hydrate from Infisical when the host environment has scoped bootstrap credentials.\",\n },\n {\n id: \"lucern-sdk\",\n packageName: \"@lucern/sdk\",\n delivery: \"runtime_fetch\",\n sourcePathIds: [\"platform-runtime\", \"platform-operator-credentials\"],\n consumer:\n \"server-side SDK operator contexts with a scoped Infisical identity\",\n description:\n \"SDK exposes the runtime Infisical resolver used by clients that have machine identity credentials.\",\n },\n {\n id: \"lucern-cli\",\n packageName: \"@lucern/cli\",\n delivery: \"runtime_fetch\",\n fallback: \"device_auth\",\n sourcePathIds: [\"platform-runtime\", \"platform-operator-credentials\"],\n consumer: \"developer/operator CLI processes\",\n description:\n \"CLI hydrates runtime defaults from Infisical when configured, then authenticates users through Lucern device login.\",\n },\n {\n id: \"lucern-mcp\",\n packageName: \"@lucern/mcp\",\n delivery: \"runtime_fetch\",\n fallback: \"device_auth\",\n sourcePathIds: [\"platform-runtime\", \"platform-operator-credentials\"],\n consumer: \"MCP server/client processes\",\n description:\n \"MCP hydrates runtime defaults through the SDK resolver and remains a Lucern client, not a platform secret owner.\",\n },\n {\n id: \"tenant-client\",\n delivery: \"device_auth\",\n sourcePathIds: [\"tenant-shared-install\"],\n consumer: \"tenant-owned apps and coding agents\",\n description:\n \"Tenant clients install the published packages and receive user/service credentials through Lucern auth surfaces.\",\n },\n] as const satisfies readonly InfisicalRuntimeSurfaceDefinition[];\nexport type InfisicalRuntimeSurface =\n (typeof INFISICAL_RUNTIME_SURFACES)[number];\n\nexport type InfisicalTenantSoftwareSystemDefinition = {\n readonly id: string;\n readonly tenantKey: string;\n readonly workspaceKey: string;\n readonly vercelProjectName: string;\n readonly vercelTeamId: string;\n readonly vercelProjectId: string;\n readonly vercelWriterTokenEnv: string;\n readonly repository: {\n readonly owner: string;\n readonly name: string;\n };\n readonly sharedSourcePath: string;\n readonly sharedVariablePolicy: \"tenant_shared_all_systems\";\n readonly convex: {\n readonly urlEnv: string;\n readonly deployKeyEnv: string;\n readonly preprodDeployment: string;\n readonly prodDeployment: string;\n };\n};\n\nexport const INFISICAL_TENANT_SOFTWARE_SYSTEMS = [\n {\n id: \"stack-frontend\",\n tenantKey: \"stack\",\n workspaceKey: \"frontend\",\n vercelProjectName: \"ai-chatbot-diao\",\n vercelTeamId: \"team_mZBKwvXSSu7qxrWdg2go29sK\",\n vercelProjectId: \"prj_PihFw8kohSSw14nZs9YQV3xVo517\",\n vercelWriterTokenEnv: \"STACK_VERCEL_TOKEN\",\n repository: {\n owner: \"stack-vc\",\n name: \"front-end\",\n },\n sharedSourcePath: \"/tenants/stack\",\n sharedVariablePolicy: \"tenant_shared_all_systems\",\n convex: {\n urlEnv: \"CONVEX_FRONTEND_URL\",\n deployKeyEnv: \"CONVEX_FRONTEND_DEPLOY_KEY\",\n preprodDeployment: \"rugged-lobster-664\",\n prodDeployment: \"wonderful-toucan-0\",\n },\n },\n {\n id: \"stackos\",\n tenantKey: \"stack\",\n workspaceKey: \"stackos\",\n vercelProjectName: \"stackos\",\n vercelTeamId: \"team_mZBKwvXSSu7qxrWdg2go29sK\",\n vercelProjectId: \"prj_rXLAL0Z6v9p1fasKbomby6GI7kau\",\n vercelWriterTokenEnv: \"STACK_VERCEL_TOKEN\",\n repository: {\n owner: \"stack-vc\",\n name: \"stackos\",\n },\n sharedSourcePath: \"/tenants/stack\",\n sharedVariablePolicy: \"tenant_shared_all_systems\",\n convex: {\n urlEnv: \"CONVEX_STACKOS_URL\",\n deployKeyEnv: \"CONVEX_STACKOS_DEPLOY_KEY\",\n preprodDeployment: \"giant-mandrill-761\",\n prodDeployment: \"good-snake-515\",\n },\n },\n {\n id: \"stack-eng\",\n tenantKey: \"stack\",\n workspaceKey: \"engineering\",\n vercelProjectName: \"stackos-engineering-graph\",\n vercelTeamId: \"team_mZBKwvXSSu7qxrWdg2go29sK\",\n vercelProjectId: \"prj_zAU0Zn9GkbHjHI63dxW4vLpmoqTJ\",\n vercelWriterTokenEnv: \"STACK_VERCEL_TOKEN\",\n repository: {\n owner: \"stack-vc\",\n name: \"stackos-engineering-graph\",\n },\n sharedSourcePath: \"/tenants/stack/engineering\",\n sharedVariablePolicy: \"tenant_shared_all_systems\",\n convex: {\n urlEnv: \"CONVEX_STACK_ENG_URL\",\n deployKeyEnv: \"CONVEX_STACK_ENG_DEPLOY_KEY\",\n preprodDeployment: \"small-oyster-270\",\n prodDeployment: \"bold-cuttlefish-804\",\n },\n },\n {\n id: \"lucern-graph\",\n tenantKey: \"lucern\",\n workspaceKey: \"lucern\",\n vercelProjectName: \"lucern-graph\",\n vercelTeamId: \"team_vTHxxs8GAoAFUe6RWMlYt7fY\",\n vercelProjectId: \"prj_KJ8EKV8vGM5xURpqmwTwmECEGPgQ\",\n vercelWriterTokenEnv: \"LUCERN_VERCEL_TOKEN\",\n repository: {\n owner: \"LucernAI\",\n name: \"lucern-graph\",\n },\n sharedSourcePath: \"/tenants/lucern/shared\",\n sharedVariablePolicy: \"tenant_shared_all_systems\",\n convex: {\n urlEnv: \"CONVEX_LUCERN_URL\",\n deployKeyEnv: \"CONVEX_LUCERN_DEPLOY_KEY\",\n preprodDeployment: \"good-blackbird-774\",\n prodDeployment: \"precious-dog-365\",\n },\n },\n] as const satisfies readonly InfisicalTenantSoftwareSystemDefinition[];\nexport type InfisicalTenantSoftwareSystem =\n (typeof INFISICAL_TENANT_SOFTWARE_SYSTEMS)[number];\nexport type InfisicalTenantSoftwareSystemId =\n InfisicalTenantSoftwareSystem[\"id\"];\n\nexport function findInfisicalTenantSoftwareSystem(\n systemId: InfisicalTenantSoftwareSystemId,\n): InfisicalTenantSoftwareSystem | undefined {\n return INFISICAL_TENANT_SOFTWARE_SYSTEMS.find(\n (system) => system.id === systemId,\n );\n}\n\nexport function tenantSoftwareSystemConvexEnvNames(\n systemId: InfisicalTenantSoftwareSystemId,\n): readonly [string, string] {\n const system = findInfisicalTenantSoftwareSystem(systemId);\n if (!system) {\n throw new Error(`Unknown tenant software system: ${systemId}.`);\n }\n return [system.convex.urlEnv, system.convex.deployKeyEnv] as const;\n}\n\nexport function tenantSoftwareSystemOwnsConvexEnvName(\n systemId: InfisicalTenantSoftwareSystemId,\n envName: string,\n): boolean {\n return tenantSoftwareSystemConvexEnvNames(systemId).includes(envName);\n}\n\nexport function convexTierForVercelDestinationEnvironment(\n environment: InfisicalVercelDestinationEnvironment,\n): InfisicalConvexTier {\n return INFISICAL_CONVEX_TIER_BY_VERCEL_ENVIRONMENT[environment];\n}\n\nexport function findInfisicalVercelSyncDestination(\n environment: InfisicalVercelDestinationEnvironment,\n): InfisicalVercelSyncDestination | undefined {\n return INFISICAL_VERCEL_SYNC_DESTINATIONS.find(\n (destination) => destination.environment === environment,\n );\n}\n\nexport function vercelCustomEnvironmentIdForTenantSoftwareSystem(\n systemId: InfisicalTenantSoftwareSystemId,\n environment: InfisicalVercelDestinationEnvironment,\n): string | undefined {\n const system = findInfisicalTenantSoftwareSystem(systemId);\n const destination = findInfisicalVercelSyncDestination(environment);\n if (!system || !destination) {\n return undefined;\n }\n return destination.customEnvironmentIdsByProjectName?.[\n system.vercelProjectName\n ];\n}\n\nexport function expectedTenantConvexDeploymentForVercelEnvironment(\n systemId: InfisicalTenantSoftwareSystemId,\n environment: InfisicalVercelDestinationEnvironment,\n): string {\n const system = findInfisicalTenantSoftwareSystem(systemId);\n if (!system) {\n throw new Error(`Unknown tenant software system: ${systemId}.`);\n }\n return convexTierForVercelDestinationEnvironment(environment) === \"prod\"\n ? system.convex.prodDeployment\n : system.convex.preprodDeployment;\n}\n\nexport function findInfisicalRuntimePath(\n pathId: InfisicalRuntimePathId,\n): InfisicalRuntimePath | undefined {\n return INFISICAL_RUNTIME_PATHS.find((path) => path.id === pathId);\n}\n\nexport function findInfisicalRuntimeSurface(\n surfaceId: InfisicalRuntimeSurfaceId,\n): InfisicalRuntimeSurface | undefined {\n return INFISICAL_RUNTIME_SURFACES.find((surface) => surface.id === surfaceId);\n}\n\nexport const INFISICAL_SECRET_OWNERS = [\n \"lucern_platform\",\n \"tenant\",\n \"provider\",\n \"operator_local\",\n] as const;\nexport type InfisicalSecretOwner = (typeof INFISICAL_SECRET_OWNERS)[number];\n\nexport const INFISICAL_SECRET_SCOPES = [\n \"global\",\n \"environment\",\n \"tenant\",\n \"workspace\",\n \"software_system\",\n \"deployment\",\n \"local\",\n] as const;\nexport type InfisicalSecretScope = (typeof INFISICAL_SECRET_SCOPES)[number];\n\nexport const INFISICAL_SECRET_ENVIRONMENT_POLICIES = [\n \"same_all_environments\",\n \"environment_specific\",\n \"preprod_staging_prod_prod\",\n \"local_only\",\n] as const;\nexport type InfisicalSecretEnvironmentPolicy =\n (typeof INFISICAL_SECRET_ENVIRONMENT_POLICIES)[number];\n\nexport const INFISICAL_SECRET_CONSUMERS = [\n \"lucern-web\",\n \"lucern-gateway\",\n \"lucern-mcp\",\n \"lucern-cli\",\n \"lucern-ai-runtime\",\n \"lucern-graph-sync\",\n \"lucern-observability\",\n \"lucern-repo-ci\",\n \"mc-convex\",\n \"mc-operator-tooling\",\n \"tenant-vercel-app\",\n \"tenant-convex-deployment\",\n \"tenant-ai-runtime\",\n \"tenant-graph-sync\",\n \"tenant-observability\",\n \"tenant-vector-store\",\n \"tenant-deploy-tooling\",\n \"tenant-agent-runtime\",\n] as const;\nexport type InfisicalSecretConsumer = (typeof INFISICAL_SECRET_CONSUMERS)[number];\n\nexport const INFISICAL_SECRET_DESTINATION_KINDS = [\n \"vercel\",\n \"convex\",\n \"github_actions\",\n \"runtime_fetch\",\n \"operator_local\",\n] as const;\nexport type InfisicalSecretDestinationKind =\n (typeof INFISICAL_SECRET_DESTINATION_KINDS)[number];\n\nexport type InfisicalSecretDestination = {\n readonly kind: InfisicalSecretDestinationKind;\n readonly target: string;\n readonly environmentPolicy: InfisicalSecretEnvironmentPolicy;\n readonly writeNames?: readonly string[];\n readonly notes?: string;\n};\n\nexport type InfisicalSecretDefinition = {\n readonly id: string;\n readonly canonicalName: string;\n readonly aliases?: readonly string[];\n readonly owner: InfisicalSecretOwner;\n readonly scope: InfisicalSecretScope;\n readonly sourcePath: string;\n readonly environmentPolicy: InfisicalSecretEnvironmentPolicy;\n readonly required: boolean;\n readonly secret: boolean;\n readonly public: boolean;\n readonly consumers: readonly InfisicalSecretConsumer[];\n readonly destinations: readonly InfisicalSecretDestination[];\n readonly description: string;\n};\n"]}
|
|
@@ -1,445 +1,14 @@
|
|
|
1
|
+
import { InfisicalSecretDefinition, InfisicalSecretConsumer, InfisicalSecretDestinationKind } from './infisical-runtime.base.js';
|
|
2
|
+
export { INFISICAL_CONVEX_TIERS, INFISICAL_CONVEX_TIER_BY_VERCEL_ENVIRONMENT, INFISICAL_RUNTIME_BOOTSTRAP_ENV, INFISICAL_RUNTIME_CONTRACT_VERSION, INFISICAL_RUNTIME_CONTROL_ENV, INFISICAL_RUNTIME_DEFAULT_API_URL, INFISICAL_RUNTIME_DEFAULT_PROJECT_ID, INFISICAL_RUNTIME_DELIVERY_MODES, INFISICAL_RUNTIME_ENVIRONMENTS, INFISICAL_RUNTIME_PATHS, INFISICAL_RUNTIME_SURFACES, INFISICAL_RUNTIME_SURFACE_IDS, INFISICAL_SECRET_CONSUMERS, INFISICAL_SECRET_DESTINATION_KINDS, INFISICAL_SECRET_ENVIRONMENT_POLICIES, INFISICAL_SECRET_OWNERS, INFISICAL_SECRET_SCOPES, INFISICAL_TENANT_SOFTWARE_SYSTEMS, INFISICAL_VERCEL_DESTINATION_ENVIRONMENTS, INFISICAL_VERCEL_SYNC_DESTINATIONS, INFISICAL_VERCEL_SYNC_RECONCILIATION, INFISICAL_VERCEL_TARGETS, InfisicalConvexTier, InfisicalRuntimeBootstrapEnv, InfisicalRuntimeControlEnv, InfisicalRuntimeDeliveryMode, InfisicalRuntimeEnvironment, InfisicalRuntimePath, InfisicalRuntimePathDefinition, InfisicalRuntimePathId, InfisicalRuntimeSurface, InfisicalRuntimeSurfaceDefinition, InfisicalRuntimeSurfaceId, InfisicalRuntimeVariable, InfisicalSecretDestination, InfisicalSecretEnvironmentPolicy, InfisicalSecretOwner, InfisicalSecretScope, InfisicalTenantSoftwareSystem, InfisicalTenantSoftwareSystemDefinition, InfisicalTenantSoftwareSystemId, InfisicalVercelDestinationEnvironment, InfisicalVercelSyncDestination, InfisicalVercelTarget, convexTierForVercelDestinationEnvironment, expectedTenantConvexDeploymentForVercelEnvironment, findInfisicalRuntimePath, findInfisicalRuntimeSurface, findInfisicalTenantSoftwareSystem, findInfisicalVercelSyncDestination, tenantSoftwareSystemConvexEnvNames, tenantSoftwareSystemOwnsConvexEnvName, vercelCustomEnvironmentIdForTenantSoftwareSystem } from './infisical-runtime.base.js';
|
|
3
|
+
|
|
1
4
|
/**
|
|
2
|
-
* Infisical runtime contract
|
|
5
|
+
* Infisical runtime contract.
|
|
3
6
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
* Infisical when they have a scoped machine identity. Tenant user auth still
|
|
8
|
-
* flows through Lucern device login; tenant tools never receive platform Clerk
|
|
9
|
-
* secrets.
|
|
7
|
+
* Stable facade for runtime and secret-definition contracts. Large secret
|
|
8
|
+
* definition catalogs live in focused infisical-runtime.* modules; this file
|
|
9
|
+
* preserves the public import path and aggregate helpers.
|
|
10
10
|
*/
|
|
11
|
-
|
|
12
|
-
declare const INFISICAL_RUNTIME_DEFAULT_API_URL: "https://app.infisical.com";
|
|
13
|
-
declare const INFISICAL_RUNTIME_DEFAULT_PROJECT_ID: "344b0526-90df-4606-ba50-22c647a36c65";
|
|
14
|
-
declare const INFISICAL_RUNTIME_ENVIRONMENTS: readonly ["dev", "staging", "prod"];
|
|
15
|
-
type InfisicalRuntimeEnvironment = (typeof INFISICAL_RUNTIME_ENVIRONMENTS)[number];
|
|
16
|
-
declare const INFISICAL_RUNTIME_DELIVERY_MODES: readonly ["vercel_sync", "runtime_fetch", "device_auth"];
|
|
17
|
-
type InfisicalRuntimeDeliveryMode = (typeof INFISICAL_RUNTIME_DELIVERY_MODES)[number];
|
|
18
|
-
declare const INFISICAL_VERCEL_DESTINATION_ENVIRONMENTS: readonly ["development", "preview", "staging", "production"];
|
|
19
|
-
type InfisicalVercelDestinationEnvironment = (typeof INFISICAL_VERCEL_DESTINATION_ENVIRONMENTS)[number];
|
|
20
|
-
declare const INFISICAL_VERCEL_TARGETS: readonly ["development", "preview", "production"];
|
|
21
|
-
type InfisicalVercelTarget = (typeof INFISICAL_VERCEL_TARGETS)[number];
|
|
22
|
-
declare const INFISICAL_CONVEX_TIERS: readonly ["preprod", "prod"];
|
|
23
|
-
type InfisicalConvexTier = (typeof INFISICAL_CONVEX_TIERS)[number];
|
|
24
|
-
declare const INFISICAL_CONVEX_TIER_BY_VERCEL_ENVIRONMENT: {
|
|
25
|
-
readonly development: "preprod";
|
|
26
|
-
readonly preview: "preprod";
|
|
27
|
-
readonly staging: "preprod";
|
|
28
|
-
readonly production: "prod";
|
|
29
|
-
};
|
|
30
|
-
type InfisicalVercelSyncDestination = {
|
|
31
|
-
readonly environment: InfisicalVercelDestinationEnvironment;
|
|
32
|
-
readonly vercelTarget: InfisicalVercelTarget;
|
|
33
|
-
readonly convexTier: InfisicalConvexTier;
|
|
34
|
-
readonly customEnvironmentSlug?: string;
|
|
35
|
-
readonly customEnvironmentIdsByProjectName?: Readonly<Record<string, string>>;
|
|
36
|
-
readonly domainsByProjectName?: Readonly<Record<string, string>>;
|
|
37
|
-
};
|
|
38
|
-
declare const INFISICAL_VERCEL_SYNC_RECONCILIATION: {
|
|
39
|
-
readonly sourceOfTruth: "infisical";
|
|
40
|
-
readonly writer: "vercel_api";
|
|
41
|
-
readonly disableSecretDeletion: false;
|
|
42
|
-
readonly pruneDestinationKeys: true;
|
|
43
|
-
};
|
|
44
|
-
declare const INFISICAL_VERCEL_SYNC_DESTINATIONS: readonly [{
|
|
45
|
-
readonly environment: "development";
|
|
46
|
-
readonly vercelTarget: "development";
|
|
47
|
-
readonly convexTier: "preprod";
|
|
48
|
-
}, {
|
|
49
|
-
readonly environment: "preview";
|
|
50
|
-
readonly vercelTarget: "preview";
|
|
51
|
-
readonly convexTier: "preprod";
|
|
52
|
-
}, {
|
|
53
|
-
readonly environment: "staging";
|
|
54
|
-
readonly vercelTarget: "preview";
|
|
55
|
-
readonly convexTier: "preprod";
|
|
56
|
-
readonly customEnvironmentSlug: "staging";
|
|
57
|
-
readonly customEnvironmentIdsByProjectName: {
|
|
58
|
-
readonly stackos: "env_RbS0TYRRvWISTje8qR4u2lRg7TC8";
|
|
59
|
-
};
|
|
60
|
-
readonly domainsByProjectName: {
|
|
61
|
-
readonly stackos: "staging.stack.vc";
|
|
62
|
-
};
|
|
63
|
-
}, {
|
|
64
|
-
readonly environment: "production";
|
|
65
|
-
readonly vercelTarget: "production";
|
|
66
|
-
readonly convexTier: "prod";
|
|
67
|
-
}];
|
|
68
|
-
declare const INFISICAL_RUNTIME_SURFACE_IDS: readonly ["lucern-web", "lucern-gateway", "lucern-sdk", "lucern-cli", "lucern-mcp", "tenant-client"];
|
|
69
|
-
type InfisicalRuntimeSurfaceId = (typeof INFISICAL_RUNTIME_SURFACE_IDS)[number];
|
|
70
|
-
declare const INFISICAL_RUNTIME_BOOTSTRAP_ENV: {
|
|
71
|
-
readonly apiUrl: readonly ["INFISICAL_API_URL", "INFISICAL_URL"];
|
|
72
|
-
readonly projectId: readonly ["INFISICAL_PROJECT_ID", "INFISICAL_WORKSPACE_ID"];
|
|
73
|
-
readonly clientId: readonly ["INFISICAL_CLIENT_ID", "INFISICAL_MACHINE_CLIENT_ID", "INFISICAL_UNIVERSAL_AUTH_CLIENT_ID"];
|
|
74
|
-
readonly clientSecret: readonly ["INFISICAL_CLIENT_SECRET", "INFISICAL_MACHINE_CLIENT_SECRET", "INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET"];
|
|
75
|
-
readonly environment: readonly ["INFISICAL_ENV", "LUCERN_INFISICAL_ENV"];
|
|
76
|
-
readonly organizationSlug: readonly ["INFISICAL_ORG_SLUG", "INFISICAL_ORGANIZATION_SLUG"];
|
|
77
|
-
readonly disabled: readonly ["LUCERN_INFISICAL_DISABLE", "INFISICAL_DISABLE"];
|
|
78
|
-
};
|
|
79
|
-
type InfisicalRuntimeBootstrapEnv = typeof INFISICAL_RUNTIME_BOOTSTRAP_ENV;
|
|
80
|
-
declare const INFISICAL_RUNTIME_CONTROL_ENV: readonly [{
|
|
81
|
-
readonly name: "NODE_ENV";
|
|
82
|
-
readonly category: "framework";
|
|
83
|
-
readonly description: "Node/Next runtime mode. Framework-owned, not written by Infisical.";
|
|
84
|
-
}, {
|
|
85
|
-
readonly name: "CI";
|
|
86
|
-
readonly category: "ci";
|
|
87
|
-
readonly description: "CI execution signal. Workflow-owned, not written by Infisical.";
|
|
88
|
-
}, {
|
|
89
|
-
readonly name: "VERCEL";
|
|
90
|
-
readonly category: "vercel";
|
|
91
|
-
readonly description: "Vercel runtime signal. Platform-owned, not written by Infisical.";
|
|
92
|
-
}, {
|
|
93
|
-
readonly name: "VERCEL_ENV";
|
|
94
|
-
readonly category: "vercel";
|
|
95
|
-
readonly description: "Vercel environment label used for build/runtime selection.";
|
|
96
|
-
}, {
|
|
97
|
-
readonly name: "VERCEL_URL";
|
|
98
|
-
readonly category: "vercel";
|
|
99
|
-
readonly description: "Vercel deployment URL supplied by Vercel for previews and builds.";
|
|
100
|
-
}, {
|
|
101
|
-
readonly name: "VERCEL_GIT_COMMIT_SHA";
|
|
102
|
-
readonly category: "vercel";
|
|
103
|
-
readonly description: "Vercel git metadata used for release labels. Platform-owned, not written by Infisical.";
|
|
104
|
-
}, {
|
|
105
|
-
readonly name: "NEXT_RUNTIME";
|
|
106
|
-
readonly category: "nextjs";
|
|
107
|
-
readonly description: "Next.js runtime selector for node/edge instrumentation modules.";
|
|
108
|
-
}, {
|
|
109
|
-
readonly name: "PORT";
|
|
110
|
-
readonly category: "framework";
|
|
111
|
-
readonly description: "Local/server port supplied by the runtime process manager.";
|
|
112
|
-
}, {
|
|
113
|
-
readonly name: "HOST";
|
|
114
|
-
readonly category: "framework";
|
|
115
|
-
readonly description: "Local/server host supplied by the runtime process manager.";
|
|
116
|
-
}, {
|
|
117
|
-
readonly name: "APP_URL";
|
|
118
|
-
readonly category: "compatibility";
|
|
119
|
-
readonly description: "Legacy local app URL fallback. Prefer LUCERN_LOGIN_BASE_URL or LUCERN_API_URL.";
|
|
120
|
-
}, {
|
|
121
|
-
readonly name: "NEXT_PUBLIC_APP_URL";
|
|
122
|
-
readonly category: "compatibility";
|
|
123
|
-
readonly description: "Legacy public app URL fallback. Prefer LUCERN_LOGIN_BASE_URL or LUCERN_API_URL.";
|
|
124
|
-
}, {
|
|
125
|
-
readonly name: "CLAUDE_PROJECT_DIR";
|
|
126
|
-
readonly category: "agent_local";
|
|
127
|
-
readonly description: "Local agent workspace hint. Agent-runtime-owned, not written by Infisical.";
|
|
128
|
-
}, {
|
|
129
|
-
readonly name: "HOME";
|
|
130
|
-
readonly category: "os";
|
|
131
|
-
readonly description: "Operating-system home directory used only for local credential discovery.";
|
|
132
|
-
}, {
|
|
133
|
-
readonly name: "USERPROFILE";
|
|
134
|
-
readonly category: "os";
|
|
135
|
-
readonly description: "Windows home directory used only for local credential discovery.";
|
|
136
|
-
}];
|
|
137
|
-
type InfisicalRuntimeControlEnv = (typeof INFISICAL_RUNTIME_CONTROL_ENV)[number];
|
|
138
|
-
type InfisicalRuntimeVariable = {
|
|
139
|
-
readonly name: string;
|
|
140
|
-
readonly required: boolean;
|
|
141
|
-
readonly secret: boolean;
|
|
142
|
-
readonly public: boolean;
|
|
143
|
-
readonly aliases?: readonly string[];
|
|
144
|
-
readonly description: string;
|
|
145
|
-
};
|
|
146
|
-
type InfisicalRuntimePathDefinition = {
|
|
147
|
-
readonly id: string;
|
|
148
|
-
readonly secretPath: string;
|
|
149
|
-
readonly description: string;
|
|
150
|
-
readonly variables: readonly InfisicalRuntimeVariable[];
|
|
151
|
-
};
|
|
152
|
-
declare const INFISICAL_RUNTIME_PATHS: readonly [{
|
|
153
|
-
readonly id: "platform-auth";
|
|
154
|
-
readonly secretPath: "/platform/auth";
|
|
155
|
-
readonly description: "Lucern platform authentication secrets. Synced into Vercel web/gateway projects; never distributed to tenant tools.";
|
|
156
|
-
readonly variables: readonly [{
|
|
157
|
-
readonly name: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY";
|
|
158
|
-
readonly required: true;
|
|
159
|
-
readonly secret: false;
|
|
160
|
-
readonly public: true;
|
|
161
|
-
readonly description: "Clerk publishable key for the Lucern web origin.";
|
|
162
|
-
}, {
|
|
163
|
-
readonly name: "CLERK_SECRET_KEY";
|
|
164
|
-
readonly required: true;
|
|
165
|
-
readonly secret: true;
|
|
166
|
-
readonly public: false;
|
|
167
|
-
readonly description: "Clerk backend secret key for Lucern server runtimes.";
|
|
168
|
-
}, {
|
|
169
|
-
readonly name: "CLERK_JWT_ISSUER_DOMAIN";
|
|
170
|
-
readonly required: false;
|
|
171
|
-
readonly secret: false;
|
|
172
|
-
readonly public: false;
|
|
173
|
-
readonly description: "Expected Clerk issuer/JWKS domain for JWT verification.";
|
|
174
|
-
}, {
|
|
175
|
-
readonly name: "NEXT_PUBLIC_CLERK_SIGN_IN_URL";
|
|
176
|
-
readonly required: false;
|
|
177
|
-
readonly secret: false;
|
|
178
|
-
readonly public: true;
|
|
179
|
-
readonly description: "Public sign-in URL for Lucern-owned web flows.";
|
|
180
|
-
}, {
|
|
181
|
-
readonly name: "NEXT_PUBLIC_CLERK_SIGN_UP_URL";
|
|
182
|
-
readonly required: false;
|
|
183
|
-
readonly secret: false;
|
|
184
|
-
readonly public: true;
|
|
185
|
-
readonly description: "Public sign-up URL for Lucern-owned web flows.";
|
|
186
|
-
}];
|
|
187
|
-
}, {
|
|
188
|
-
readonly id: "platform-runtime";
|
|
189
|
-
readonly secretPath: "/platform/runtime";
|
|
190
|
-
readonly description: "Runtime defaults shared by server-side Lucern clients and operator tooling.";
|
|
191
|
-
readonly variables: readonly [{
|
|
192
|
-
readonly name: "LUCERN_API_URL";
|
|
193
|
-
readonly required: true;
|
|
194
|
-
readonly secret: false;
|
|
195
|
-
readonly public: false;
|
|
196
|
-
readonly aliases: readonly ["LUCERN_API_BASE_URL", "LUCERN_BASE_URL"];
|
|
197
|
-
readonly description: "Canonical Lucern API gateway URL.";
|
|
198
|
-
}, {
|
|
199
|
-
readonly name: "LUCERN_LOGIN_BASE_URL";
|
|
200
|
-
readonly required: false;
|
|
201
|
-
readonly secret: false;
|
|
202
|
-
readonly public: false;
|
|
203
|
-
readonly aliases: readonly ["LUCERN_AUTH_BASE_URL"];
|
|
204
|
-
readonly description: "Browser login origin used when it differs from the API.";
|
|
205
|
-
}, {
|
|
206
|
-
readonly name: "LUCERN_ENVIRONMENT";
|
|
207
|
-
readonly required: false;
|
|
208
|
-
readonly secret: false;
|
|
209
|
-
readonly public: false;
|
|
210
|
-
readonly aliases: readonly ["LUCERN_ENV"];
|
|
211
|
-
readonly description: "Lucern environment label consumed by CLI profiles.";
|
|
212
|
-
}, {
|
|
213
|
-
readonly name: "LUCERN_CLI_SESSION_TTL_MS";
|
|
214
|
-
readonly required: false;
|
|
215
|
-
readonly secret: false;
|
|
216
|
-
readonly public: false;
|
|
217
|
-
readonly description: "Optional web-issued CLI login session lifetime override in milliseconds.";
|
|
218
|
-
}];
|
|
219
|
-
}, {
|
|
220
|
-
readonly id: "platform-operator-credentials";
|
|
221
|
-
readonly secretPath: "/platform/runtime";
|
|
222
|
-
readonly description: "Lucern-owned operator credential material for local CLI, MCP, and SDK sessions.";
|
|
223
|
-
readonly variables: readonly [{
|
|
224
|
-
readonly name: "LUCERN_API_KEY";
|
|
225
|
-
readonly required: false;
|
|
226
|
-
readonly secret: true;
|
|
227
|
-
readonly public: false;
|
|
228
|
-
readonly aliases: readonly ["LUCERN_KEY"];
|
|
229
|
-
readonly description: "Lucern-owned operator API key for gateway calls from trusted local tooling.";
|
|
230
|
-
}];
|
|
231
|
-
}, {
|
|
232
|
-
readonly id: "tenant-shared-install";
|
|
233
|
-
readonly secretPath: "tenants/shared";
|
|
234
|
-
readonly description: "Tenant package-install secrets. This is install-only and distinct from platform publish credentials.";
|
|
235
|
-
readonly variables: readonly [{
|
|
236
|
-
readonly name: "INSTALL_LUCERN_NPM";
|
|
237
|
-
readonly required: true;
|
|
238
|
-
readonly secret: true;
|
|
239
|
-
readonly public: false;
|
|
240
|
-
readonly description: "Read-only install token for the published @lucern/* suite.";
|
|
241
|
-
}];
|
|
242
|
-
}];
|
|
243
|
-
type InfisicalRuntimePath = (typeof INFISICAL_RUNTIME_PATHS)[number];
|
|
244
|
-
type InfisicalRuntimePathId = InfisicalRuntimePath["id"];
|
|
245
|
-
type InfisicalRuntimeSurfaceDefinition = {
|
|
246
|
-
readonly id: InfisicalRuntimeSurfaceId;
|
|
247
|
-
readonly packageName?: string;
|
|
248
|
-
readonly delivery: InfisicalRuntimeDeliveryMode;
|
|
249
|
-
readonly fallback?: InfisicalRuntimeDeliveryMode;
|
|
250
|
-
readonly sourcePathIds: readonly InfisicalRuntimePathId[];
|
|
251
|
-
readonly consumer: string;
|
|
252
|
-
readonly description: string;
|
|
253
|
-
};
|
|
254
|
-
declare const INFISICAL_RUNTIME_SURFACES: readonly [{
|
|
255
|
-
readonly id: "lucern-web";
|
|
256
|
-
readonly delivery: "vercel_sync";
|
|
257
|
-
readonly sourcePathIds: readonly ["platform-auth", "platform-runtime"];
|
|
258
|
-
readonly consumer: "apps/web on Vercel project lucern";
|
|
259
|
-
readonly description: "Lucern web consumes Clerk and runtime config via Infisical-to-Vercel syncs.";
|
|
260
|
-
}, {
|
|
261
|
-
readonly id: "lucern-gateway";
|
|
262
|
-
readonly delivery: "vercel_sync";
|
|
263
|
-
readonly fallback: "runtime_fetch";
|
|
264
|
-
readonly sourcePathIds: readonly ["platform-auth", "platform-runtime"];
|
|
265
|
-
readonly consumer: "apps/gateway on Vercel project lucern-gateway";
|
|
266
|
-
readonly description: "Lucern gateway consumes platform config via Infisical-to-Vercel syncs and may self-hydrate from Infisical when the host environment has scoped bootstrap credentials.";
|
|
267
|
-
}, {
|
|
268
|
-
readonly id: "lucern-sdk";
|
|
269
|
-
readonly packageName: "@lucern/sdk";
|
|
270
|
-
readonly delivery: "runtime_fetch";
|
|
271
|
-
readonly sourcePathIds: readonly ["platform-runtime", "platform-operator-credentials"];
|
|
272
|
-
readonly consumer: "server-side SDK operator contexts with a scoped Infisical identity";
|
|
273
|
-
readonly description: "SDK exposes the runtime Infisical resolver used by clients that have machine identity credentials.";
|
|
274
|
-
}, {
|
|
275
|
-
readonly id: "lucern-cli";
|
|
276
|
-
readonly packageName: "@lucern/cli";
|
|
277
|
-
readonly delivery: "runtime_fetch";
|
|
278
|
-
readonly fallback: "device_auth";
|
|
279
|
-
readonly sourcePathIds: readonly ["platform-runtime", "platform-operator-credentials"];
|
|
280
|
-
readonly consumer: "developer/operator CLI processes";
|
|
281
|
-
readonly description: "CLI hydrates runtime defaults from Infisical when configured, then authenticates users through Lucern device login.";
|
|
282
|
-
}, {
|
|
283
|
-
readonly id: "lucern-mcp";
|
|
284
|
-
readonly packageName: "@lucern/mcp";
|
|
285
|
-
readonly delivery: "runtime_fetch";
|
|
286
|
-
readonly fallback: "device_auth";
|
|
287
|
-
readonly sourcePathIds: readonly ["platform-runtime", "platform-operator-credentials"];
|
|
288
|
-
readonly consumer: "MCP server/client processes";
|
|
289
|
-
readonly description: "MCP hydrates runtime defaults through the SDK resolver and remains a Lucern client, not a platform secret owner.";
|
|
290
|
-
}, {
|
|
291
|
-
readonly id: "tenant-client";
|
|
292
|
-
readonly delivery: "device_auth";
|
|
293
|
-
readonly sourcePathIds: readonly ["tenant-shared-install"];
|
|
294
|
-
readonly consumer: "tenant-owned apps and coding agents";
|
|
295
|
-
readonly description: "Tenant clients install the published packages and receive user/service credentials through Lucern auth surfaces.";
|
|
296
|
-
}];
|
|
297
|
-
type InfisicalRuntimeSurface = (typeof INFISICAL_RUNTIME_SURFACES)[number];
|
|
298
|
-
type InfisicalTenantSoftwareSystemDefinition = {
|
|
299
|
-
readonly id: string;
|
|
300
|
-
readonly tenantKey: string;
|
|
301
|
-
readonly workspaceKey: string;
|
|
302
|
-
readonly vercelProjectName: string;
|
|
303
|
-
readonly vercelTeamId: string;
|
|
304
|
-
readonly vercelProjectId: string;
|
|
305
|
-
readonly vercelWriterTokenEnv: string;
|
|
306
|
-
readonly repository: {
|
|
307
|
-
readonly owner: string;
|
|
308
|
-
readonly name: string;
|
|
309
|
-
};
|
|
310
|
-
readonly sharedSourcePath: string;
|
|
311
|
-
readonly sharedVariablePolicy: "tenant_shared_all_systems";
|
|
312
|
-
readonly convex: {
|
|
313
|
-
readonly urlEnv: string;
|
|
314
|
-
readonly deployKeyEnv: string;
|
|
315
|
-
readonly preprodDeployment: string;
|
|
316
|
-
readonly prodDeployment: string;
|
|
317
|
-
};
|
|
318
|
-
};
|
|
319
|
-
declare const INFISICAL_TENANT_SOFTWARE_SYSTEMS: readonly [{
|
|
320
|
-
readonly id: "stack-frontend";
|
|
321
|
-
readonly tenantKey: "stack";
|
|
322
|
-
readonly workspaceKey: "frontend";
|
|
323
|
-
readonly vercelProjectName: "ai-chatbot-diao";
|
|
324
|
-
readonly vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK";
|
|
325
|
-
readonly vercelProjectId: "prj_PihFw8kohSSw14nZs9YQV3xVo517";
|
|
326
|
-
readonly vercelWriterTokenEnv: "STACK_VERCEL_TOKEN";
|
|
327
|
-
readonly repository: {
|
|
328
|
-
readonly owner: "stack-vc";
|
|
329
|
-
readonly name: "front-end";
|
|
330
|
-
};
|
|
331
|
-
readonly sharedSourcePath: "/tenants/stack";
|
|
332
|
-
readonly sharedVariablePolicy: "tenant_shared_all_systems";
|
|
333
|
-
readonly convex: {
|
|
334
|
-
readonly urlEnv: "CONVEX_FRONTEND_URL";
|
|
335
|
-
readonly deployKeyEnv: "CONVEX_FRONTEND_DEPLOY_KEY";
|
|
336
|
-
readonly preprodDeployment: "rugged-lobster-664";
|
|
337
|
-
readonly prodDeployment: "wonderful-toucan-0";
|
|
338
|
-
};
|
|
339
|
-
}, {
|
|
340
|
-
readonly id: "stackos";
|
|
341
|
-
readonly tenantKey: "stack";
|
|
342
|
-
readonly workspaceKey: "stackos";
|
|
343
|
-
readonly vercelProjectName: "stackos";
|
|
344
|
-
readonly vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK";
|
|
345
|
-
readonly vercelProjectId: "prj_rXLAL0Z6v9p1fasKbomby6GI7kau";
|
|
346
|
-
readonly vercelWriterTokenEnv: "STACK_VERCEL_TOKEN";
|
|
347
|
-
readonly repository: {
|
|
348
|
-
readonly owner: "stack-vc";
|
|
349
|
-
readonly name: "stackos";
|
|
350
|
-
};
|
|
351
|
-
readonly sharedSourcePath: "/tenants/stack";
|
|
352
|
-
readonly sharedVariablePolicy: "tenant_shared_all_systems";
|
|
353
|
-
readonly convex: {
|
|
354
|
-
readonly urlEnv: "CONVEX_STACKOS_URL";
|
|
355
|
-
readonly deployKeyEnv: "CONVEX_STACKOS_DEPLOY_KEY";
|
|
356
|
-
readonly preprodDeployment: "giant-mandrill-761";
|
|
357
|
-
readonly prodDeployment: "good-snake-515";
|
|
358
|
-
};
|
|
359
|
-
}, {
|
|
360
|
-
readonly id: "stack-eng";
|
|
361
|
-
readonly tenantKey: "stack";
|
|
362
|
-
readonly workspaceKey: "engineering";
|
|
363
|
-
readonly vercelProjectName: "stackos-engineering-graph";
|
|
364
|
-
readonly vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK";
|
|
365
|
-
readonly vercelProjectId: "prj_zAU0Zn9GkbHjHI63dxW4vLpmoqTJ";
|
|
366
|
-
readonly vercelWriterTokenEnv: "STACK_VERCEL_TOKEN";
|
|
367
|
-
readonly repository: {
|
|
368
|
-
readonly owner: "stack-vc";
|
|
369
|
-
readonly name: "stackos-engineering-graph";
|
|
370
|
-
};
|
|
371
|
-
readonly sharedSourcePath: "/tenants/stack/engineering";
|
|
372
|
-
readonly sharedVariablePolicy: "tenant_shared_all_systems";
|
|
373
|
-
readonly convex: {
|
|
374
|
-
readonly urlEnv: "CONVEX_STACK_ENG_URL";
|
|
375
|
-
readonly deployKeyEnv: "CONVEX_STACK_ENG_DEPLOY_KEY";
|
|
376
|
-
readonly preprodDeployment: "small-oyster-270";
|
|
377
|
-
readonly prodDeployment: "bold-cuttlefish-804";
|
|
378
|
-
};
|
|
379
|
-
}, {
|
|
380
|
-
readonly id: "lucern-graph";
|
|
381
|
-
readonly tenantKey: "lucern";
|
|
382
|
-
readonly workspaceKey: "lucern";
|
|
383
|
-
readonly vercelProjectName: "lucern-graph";
|
|
384
|
-
readonly vercelTeamId: "team_vTHxxs8GAoAFUe6RWMlYt7fY";
|
|
385
|
-
readonly vercelProjectId: "prj_KJ8EKV8vGM5xURpqmwTwmECEGPgQ";
|
|
386
|
-
readonly vercelWriterTokenEnv: "LUCERN_VERCEL_TOKEN";
|
|
387
|
-
readonly repository: {
|
|
388
|
-
readonly owner: "LucernAI";
|
|
389
|
-
readonly name: "lucern-graph";
|
|
390
|
-
};
|
|
391
|
-
readonly sharedSourcePath: "/tenants/lucern/shared";
|
|
392
|
-
readonly sharedVariablePolicy: "tenant_shared_all_systems";
|
|
393
|
-
readonly convex: {
|
|
394
|
-
readonly urlEnv: "CONVEX_LUCERN_URL";
|
|
395
|
-
readonly deployKeyEnv: "CONVEX_LUCERN_DEPLOY_KEY";
|
|
396
|
-
readonly preprodDeployment: "good-blackbird-774";
|
|
397
|
-
readonly prodDeployment: "precious-dog-365";
|
|
398
|
-
};
|
|
399
|
-
}];
|
|
400
|
-
type InfisicalTenantSoftwareSystem = (typeof INFISICAL_TENANT_SOFTWARE_SYSTEMS)[number];
|
|
401
|
-
type InfisicalTenantSoftwareSystemId = InfisicalTenantSoftwareSystem["id"];
|
|
402
|
-
declare function findInfisicalTenantSoftwareSystem(systemId: InfisicalTenantSoftwareSystemId): InfisicalTenantSoftwareSystem | undefined;
|
|
403
|
-
declare function tenantSoftwareSystemConvexEnvNames(systemId: InfisicalTenantSoftwareSystemId): readonly [string, string];
|
|
404
|
-
declare function tenantSoftwareSystemOwnsConvexEnvName(systemId: InfisicalTenantSoftwareSystemId, envName: string): boolean;
|
|
405
|
-
declare function convexTierForVercelDestinationEnvironment(environment: InfisicalVercelDestinationEnvironment): InfisicalConvexTier;
|
|
406
|
-
declare function findInfisicalVercelSyncDestination(environment: InfisicalVercelDestinationEnvironment): InfisicalVercelSyncDestination | undefined;
|
|
407
|
-
declare function vercelCustomEnvironmentIdForTenantSoftwareSystem(systemId: InfisicalTenantSoftwareSystemId, environment: InfisicalVercelDestinationEnvironment): string | undefined;
|
|
408
|
-
declare function expectedTenantConvexDeploymentForVercelEnvironment(systemId: InfisicalTenantSoftwareSystemId, environment: InfisicalVercelDestinationEnvironment): string;
|
|
409
|
-
declare function findInfisicalRuntimePath(pathId: InfisicalRuntimePathId): InfisicalRuntimePath | undefined;
|
|
410
|
-
declare function findInfisicalRuntimeSurface(surfaceId: InfisicalRuntimeSurfaceId): InfisicalRuntimeSurface | undefined;
|
|
411
|
-
declare const INFISICAL_SECRET_OWNERS: readonly ["lucern_platform", "tenant", "provider", "operator_local"];
|
|
412
|
-
type InfisicalSecretOwner = (typeof INFISICAL_SECRET_OWNERS)[number];
|
|
413
|
-
declare const INFISICAL_SECRET_SCOPES: readonly ["global", "environment", "tenant", "workspace", "software_system", "deployment", "local"];
|
|
414
|
-
type InfisicalSecretScope = (typeof INFISICAL_SECRET_SCOPES)[number];
|
|
415
|
-
declare const INFISICAL_SECRET_ENVIRONMENT_POLICIES: readonly ["same_all_environments", "environment_specific", "preprod_staging_prod_prod", "local_only"];
|
|
416
|
-
type InfisicalSecretEnvironmentPolicy = (typeof INFISICAL_SECRET_ENVIRONMENT_POLICIES)[number];
|
|
417
|
-
declare const INFISICAL_SECRET_CONSUMERS: readonly ["lucern-web", "lucern-gateway", "lucern-mcp", "lucern-cli", "lucern-ai-runtime", "lucern-graph-sync", "lucern-observability", "lucern-repo-ci", "mc-convex", "mc-operator-tooling", "tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime", "tenant-graph-sync", "tenant-observability", "tenant-vector-store", "tenant-deploy-tooling", "tenant-agent-runtime"];
|
|
418
|
-
type InfisicalSecretConsumer = (typeof INFISICAL_SECRET_CONSUMERS)[number];
|
|
419
|
-
declare const INFISICAL_SECRET_DESTINATION_KINDS: readonly ["vercel", "convex", "github_actions", "runtime_fetch", "operator_local"];
|
|
420
|
-
type InfisicalSecretDestinationKind = (typeof INFISICAL_SECRET_DESTINATION_KINDS)[number];
|
|
421
|
-
type InfisicalSecretDestination = {
|
|
422
|
-
readonly kind: InfisicalSecretDestinationKind;
|
|
423
|
-
readonly target: string;
|
|
424
|
-
readonly environmentPolicy: InfisicalSecretEnvironmentPolicy;
|
|
425
|
-
readonly writeNames?: readonly string[];
|
|
426
|
-
readonly notes?: string;
|
|
427
|
-
};
|
|
428
|
-
type InfisicalSecretDefinition = {
|
|
429
|
-
readonly id: string;
|
|
430
|
-
readonly canonicalName: string;
|
|
431
|
-
readonly aliases?: readonly string[];
|
|
432
|
-
readonly owner: InfisicalSecretOwner;
|
|
433
|
-
readonly scope: InfisicalSecretScope;
|
|
434
|
-
readonly sourcePath: string;
|
|
435
|
-
readonly environmentPolicy: InfisicalSecretEnvironmentPolicy;
|
|
436
|
-
readonly required: boolean;
|
|
437
|
-
readonly secret: boolean;
|
|
438
|
-
readonly public: boolean;
|
|
439
|
-
readonly consumers: readonly InfisicalSecretConsumer[];
|
|
440
|
-
readonly destinations: readonly InfisicalSecretDestination[];
|
|
441
|
-
readonly description: string;
|
|
442
|
-
};
|
|
11
|
+
|
|
443
12
|
declare const INFISICAL_SECRET_DEFINITIONS: readonly [{
|
|
444
13
|
readonly id: "platform.clerk.publishable";
|
|
445
14
|
readonly canonicalName: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY";
|
|
@@ -1928,4 +1497,4 @@ declare function infisicalSecretDefinitionsForConsumer(consumer: InfisicalSecret
|
|
|
1928
1497
|
declare function infisicalSecretDefinitionsForDestination(kind: InfisicalSecretDestinationKind, target: string): readonly InfisicalSecretDefinition[];
|
|
1929
1498
|
declare function validateInfisicalSecretDefinitions(definitions?: readonly InfisicalSecretDefinition[]): readonly string[];
|
|
1930
1499
|
|
|
1931
|
-
export {
|
|
1500
|
+
export { INFISICAL_SECRET_DEFINITIONS, InfisicalSecretConsumer, InfisicalSecretDefinition, InfisicalSecretDestinationKind, type InfisicalSecretId, findInfisicalSecretDefinition, infisicalSecretDefinitionsForConsumer, infisicalSecretDefinitionsForDestination, validateInfisicalSecretDefinitions };
|