@lucern/contracts 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (213) hide show
  1. package/CHANGELOG.md +4 -1
  2. package/dist/dsl.d.ts +75 -4
  3. package/dist/dsl.values-rhsroqi0.d.ts +21 -0
  4. package/dist/dsl.values.d.ts +5 -0
  5. package/dist/dsl.values.js +675 -0
  6. package/dist/dsl.values.js.map +1 -0
  7. package/dist/function-registry/beliefs.d.ts +1 -17
  8. package/dist/function-registry/beliefs.js +155 -117
  9. package/dist/function-registry/beliefs.js.map +1 -1
  10. package/dist/function-registry/coding.d.ts +1 -17
  11. package/dist/function-registry/coding.js +155 -117
  12. package/dist/function-registry/coding.js.map +1 -1
  13. package/dist/function-registry/context.d.ts +1 -17
  14. package/dist/function-registry/context.js +155 -117
  15. package/dist/function-registry/context.js.map +1 -1
  16. package/dist/function-registry/contracts.d.ts +1 -17
  17. package/dist/function-registry/contracts.js +155 -117
  18. package/dist/function-registry/contracts.js.map +1 -1
  19. package/dist/function-registry/coordination.d.ts +1 -17
  20. package/dist/function-registry/coordination.js +155 -117
  21. package/dist/function-registry/coordination.js.map +1 -1
  22. package/dist/function-registry/edges.d.ts +1 -17
  23. package/dist/function-registry/edges.js +155 -117
  24. package/dist/function-registry/edges.js.map +1 -1
  25. package/dist/function-registry/evidence.d.ts +1 -17
  26. package/dist/function-registry/evidence.js +155 -117
  27. package/dist/function-registry/evidence.js.map +1 -1
  28. package/dist/function-registry/graph.d.ts +1 -17
  29. package/dist/function-registry/graph.js +155 -117
  30. package/dist/function-registry/graph.js.map +1 -1
  31. package/dist/function-registry/helpers.d.ts +1 -1
  32. package/dist/function-registry/helpers.js +155 -117
  33. package/dist/function-registry/helpers.js.map +1 -1
  34. package/dist/function-registry/identity.d.ts +1 -17
  35. package/dist/function-registry/identity.js +155 -117
  36. package/dist/function-registry/identity.js.map +1 -1
  37. package/dist/function-registry/index.d.ts +1 -1
  38. package/dist/function-registry/index.js +158 -118
  39. package/dist/function-registry/index.js.map +1 -1
  40. package/dist/function-registry/judgments.d.ts +1 -17
  41. package/dist/function-registry/judgments.js +155 -117
  42. package/dist/function-registry/judgments.js.map +1 -1
  43. package/dist/function-registry/legacy.d.ts +1 -17
  44. package/dist/function-registry/legacy.js +155 -117
  45. package/dist/function-registry/legacy.js.map +1 -1
  46. package/dist/function-registry/lenses.d.ts +1 -17
  47. package/dist/function-registry/lenses.js +155 -117
  48. package/dist/function-registry/lenses.js.map +1 -1
  49. package/dist/function-registry/manifest.d.ts +3 -3
  50. package/dist/function-registry/manifest.js +1 -0
  51. package/dist/function-registry/manifest.js.map +1 -1
  52. package/dist/function-registry/nodes.d.ts +1 -17
  53. package/dist/function-registry/nodes.js +155 -117
  54. package/dist/function-registry/nodes.js.map +1 -1
  55. package/dist/function-registry/ontologies.d.ts +1 -17
  56. package/dist/function-registry/ontologies.js +155 -117
  57. package/dist/function-registry/ontologies.js.map +1 -1
  58. package/dist/function-registry/pipeline.d.ts +1 -17
  59. package/dist/function-registry/pipeline.js +155 -117
  60. package/dist/function-registry/pipeline.js.map +1 -1
  61. package/dist/function-registry/questions.d.ts +1 -17
  62. package/dist/function-registry/questions.js +155 -117
  63. package/dist/function-registry/questions.js.map +1 -1
  64. package/dist/function-registry/tasks.d.ts +1 -17
  65. package/dist/function-registry/tasks.js +155 -117
  66. package/dist/function-registry/tasks.js.map +1 -1
  67. package/dist/function-registry/topics.d.ts +1 -17
  68. package/dist/function-registry/topics.js +155 -117
  69. package/dist/function-registry/topics.js.map +1 -1
  70. package/dist/function-registry/types.d.ts +2 -2
  71. package/dist/function-registry/worktrees.d.ts +41 -17
  72. package/dist/function-registry/worktrees.js +174 -117
  73. package/dist/function-registry/worktrees.js.map +1 -1
  74. package/dist/generated/lucernWebPublicEnv.js.map +1 -1
  75. package/dist/generated/lucernWebServerEnv.js.map +1 -1
  76. package/dist/{idOf-DR8tkhQS.d.ts → idOf-BmkVDhD8.d.ts} +1 -1
  77. package/dist/index.d.ts +47 -8
  78. package/dist/index.js +45072 -45005
  79. package/dist/index.js.map +1 -1
  80. package/dist/infisical-runtime.base.d.ts +444 -0
  81. package/dist/infisical-runtime.base.js +640 -0
  82. package/dist/infisical-runtime.base.js.map +1 -0
  83. package/dist/infisical-runtime.contract.d.ts +9 -440
  84. package/dist/infisical-runtime.contract.js +14 -1
  85. package/dist/infisical-runtime.contract.js.map +1 -1
  86. package/dist/infisical-runtime.platform-ops-secrets.d.ts +743 -0
  87. package/dist/infisical-runtime.platform-ops-secrets.js +962 -0
  88. package/dist/infisical-runtime.platform-ops-secrets.js.map +1 -0
  89. package/dist/infisical-runtime.platform-secrets.d.ts +598 -0
  90. package/dist/infisical-runtime.platform-secrets.js +726 -0
  91. package/dist/infisical-runtime.platform-secrets.js.map +1 -0
  92. package/dist/infisical-runtime.tenant-secrets.d.ts +486 -0
  93. package/dist/infisical-runtime.tenant-secrets.js +1131 -0
  94. package/dist/infisical-runtime.tenant-secrets.js.map +1 -0
  95. package/dist/manifests/edge-policy-manifest.d.ts +1 -1
  96. package/dist/manifests/infisical-runtime-manifest.d.ts +1 -1
  97. package/dist/manifests/infisical-runtime-manifest.js +14 -1
  98. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  99. package/dist/manifests/tenant-client-manifest.d.ts +5 -1
  100. package/dist/manifests/tenant-client-manifest.js +5 -0
  101. package/dist/manifests/tenant-client-manifest.js.map +1 -1
  102. package/dist/proof-attestation.json +1 -1
  103. package/dist/schemas/index.d.ts +1 -1
  104. package/dist/schemas/index.js.map +1 -1
  105. package/dist/schemas/manifest.d.ts +61 -61
  106. package/dist/schemas/manifest.js.map +1 -1
  107. package/dist/schemas/tables/kernel/config.js.map +1 -1
  108. package/dist/schemas/tables/kernel/coordination.js.map +1 -1
  109. package/dist/schemas/tables/kernel/decision.d.ts +1 -1
  110. package/dist/schemas/tables/kernel/decision.js.map +1 -1
  111. package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
  112. package/dist/schemas/tables/kernel/embedding.js.map +1 -1
  113. package/dist/schemas/tables/kernel/epistemic.d.ts +1 -1
  114. package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
  115. package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
  116. package/dist/schemas/tables/kernel/infra.js.map +1 -1
  117. package/dist/schemas/tables/kernel/intelligence.d.ts +1 -1
  118. package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
  119. package/dist/schemas/tables/kernel/lens.d.ts +5 -5
  120. package/dist/schemas/tables/kernel/lens.js.map +1 -1
  121. package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
  122. package/dist/schemas/tables/kernel/ontology.js.map +1 -1
  123. package/dist/schemas/tables/kernel/platform.js.map +1 -1
  124. package/dist/schemas/tables/kernel/spine.d.ts +1 -1
  125. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  126. package/dist/schemas/tables/kernel/task.d.ts +1 -1
  127. package/dist/schemas/tables/kernel/task.js.map +1 -1
  128. package/dist/schemas/tables/kernel/topic.d.ts +1 -1
  129. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  130. package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
  131. package/dist/schemas/tables/kernel/workflow.js.map +1 -1
  132. package/dist/schemas/tables/kernel/worktree.d.ts +1 -1
  133. package/dist/schemas/tables/kernel/worktree.js.map +1 -1
  134. package/dist/schemas/tables/mc/identity.d.ts +1 -1
  135. package/dist/schemas/tables/mc/methodology.d.ts +1 -1
  136. package/dist/schemas/tables/mc/pack.d.ts +9 -9
  137. package/dist/schemas/tables/mc/policy.d.ts +1 -1
  138. package/dist/schemas/tables/mc/registry.d.ts +1 -1
  139. package/dist/schemas/tables/mc/runtime.d.ts +1 -1
  140. package/dist/schemas/tables/mc/tenant.d.ts +1 -1
  141. package/dist/schemas/tables/mc/workspace.d.ts +1 -1
  142. package/dist/schemas.values-5J5oIK7z.d.ts +26 -0
  143. package/dist/schemas.values.d.ts +7 -0
  144. package/dist/schemas.values.js +5324 -0
  145. package/dist/schemas.values.js.map +1 -0
  146. package/dist/sdk-tools.contract.analytics.d.ts +27 -0
  147. package/dist/sdk-tools.contract.analytics.js +616 -0
  148. package/dist/sdk-tools.contract.analytics.js.map +1 -0
  149. package/dist/sdk-tools.contract.d.ts +43 -2
  150. package/dist/sdk-tools.contract.graph.d.ts +11 -0
  151. package/dist/sdk-tools.contract.graph.js +156 -0
  152. package/dist/sdk-tools.contract.graph.js.map +1 -0
  153. package/dist/sdk-tools.contract.js +4107 -4062
  154. package/dist/sdk-tools.contract.js.map +1 -1
  155. package/dist/sdk-tools.contract.registry.d.ts +25 -0
  156. package/dist/sdk-tools.contract.registry.js +5504 -0
  157. package/dist/sdk-tools.contract.registry.js.map +1 -0
  158. package/dist/sdk-tools.contract.types.d.ts +15 -0
  159. package/dist/sdk-tools.contract.types.js +3 -0
  160. package/dist/sdk-tools.contract.types.js.map +1 -0
  161. package/dist/sdk-tools.contract.values-LuBh95zg.d.ts +58 -0
  162. package/dist/sdk-tools.contract.values.d.ts +7 -0
  163. package/dist/sdk-tools.contract.values.js +5581 -0
  164. package/dist/sdk-tools.contract.values.js.map +1 -0
  165. package/dist/sdk-tools.contract.workflow.d.ts +17 -0
  166. package/dist/sdk-tools.contract.workflow.js +287 -0
  167. package/dist/sdk-tools.contract.workflow.js.map +1 -0
  168. package/dist/tenant-client.contract.d.ts +5 -1
  169. package/dist/tenant-client.contract.js +5 -0
  170. package/dist/tenant-client.contract.js.map +1 -1
  171. package/dist/tool-contracts.d.ts +34 -1
  172. package/dist/tool-contracts.graph.d.ts +18 -0
  173. package/dist/tool-contracts.graph.js +378 -0
  174. package/dist/tool-contracts.graph.js.map +1 -0
  175. package/dist/tool-contracts.intelligence-evidence.d.ts +15 -0
  176. package/dist/tool-contracts.intelligence-evidence.js +303 -0
  177. package/dist/tool-contracts.intelligence-evidence.js.map +1 -0
  178. package/dist/tool-contracts.js +155 -118
  179. package/dist/tool-contracts.js.map +1 -1
  180. package/dist/tool-contracts.lifecycle.d.ts +13 -0
  181. package/dist/tool-contracts.lifecycle.js +410 -0
  182. package/dist/tool-contracts.lifecycle.js.map +1 -0
  183. package/dist/tool-contracts.nodes-lenses.d.ts +17 -0
  184. package/dist/tool-contracts.nodes-lenses.js +334 -0
  185. package/dist/tool-contracts.nodes-lenses.js.map +1 -0
  186. package/dist/tool-contracts.ontology.d.ts +16 -0
  187. package/dist/tool-contracts.ontology.js +344 -0
  188. package/dist/tool-contracts.ontology.js.map +1 -0
  189. package/dist/tool-contracts.pipeline-coordination.d.ts +25 -0
  190. package/dist/tool-contracts.pipeline-coordination.js +684 -0
  191. package/dist/tool-contracts.pipeline-coordination.js.map +1 -0
  192. package/dist/tool-contracts.policy-observation-task-topic.d.ts +25 -0
  193. package/dist/tool-contracts.policy-observation-task-topic.js +740 -0
  194. package/dist/tool-contracts.policy-observation-task-topic.js.map +1 -0
  195. package/dist/tool-contracts.questions-listing.d.ts +27 -0
  196. package/dist/tool-contracts.questions-listing.js +782 -0
  197. package/dist/tool-contracts.questions-listing.js.map +1 -0
  198. package/dist/tool-contracts.types.d.ts +34 -0
  199. package/dist/tool-contracts.types.js +3 -0
  200. package/dist/tool-contracts.types.js.map +1 -0
  201. package/dist/tool-contracts.values-DjctSW7S.d.ts +147 -0
  202. package/dist/tool-contracts.values.d.ts +11 -0
  203. package/dist/tool-contracts.values.js +4398 -0
  204. package/dist/tool-contracts.values.js.map +1 -0
  205. package/dist/tool-contracts.worktrees.d.ts +8 -0
  206. package/dist/tool-contracts.worktrees.js +280 -0
  207. package/dist/tool-contracts.worktrees.js.map +1 -0
  208. package/package.json +3 -11
  209. package/dist/dsl-DVPthQGY.d.ts +0 -110
  210. package/dist/index-CM1Pl_vI.d.ts +0 -28
  211. package/dist/sdk-tools.contract-CKmSsrZ2.d.ts +0 -146
  212. package/dist/tool-contracts-C_xvM9q2.d.ts +0 -326
  213. package/dist/{edge-policy-manifest-Dw5IhT1L.d.ts → edge-policy-manifest-4KOSP4nk.d.ts} +2 -2
@@ -0,0 +1,1131 @@
1
+ // src/tenant-client.contract.ts
2
+ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
3
+ {
4
+ packageName: "@lucern/access-control",
5
+ role: "runtime_entrypoint",
6
+ directTenantImport: true
7
+ },
8
+ {
9
+ packageName: "@lucern/agent",
10
+ role: "platform_runtime",
11
+ directTenantImport: false
12
+ },
13
+ {
14
+ packageName: "@lucern/auth",
15
+ role: "sdk_dependency",
16
+ directTenantImport: false
17
+ },
18
+ {
19
+ packageName: "@lucern/cli",
20
+ role: "developer_tool",
21
+ directTenantImport: false
22
+ },
23
+ {
24
+ packageName: "@lucern/client-core",
25
+ role: "sdk_dependency",
26
+ directTenantImport: false
27
+ },
28
+ {
29
+ packageName: "@lucern/confidence",
30
+ role: "sdk_dependency",
31
+ directTenantImport: false
32
+ },
33
+ {
34
+ packageName: "@lucern/config",
35
+ role: "configuration",
36
+ directTenantImport: false
37
+ },
38
+ {
39
+ packageName: "@lucern/contracts",
40
+ role: "contract_entrypoint",
41
+ directTenantImport: true
42
+ },
43
+ {
44
+ packageName: "@lucern/control-plane",
45
+ role: "component_runtime",
46
+ directTenantImport: false
47
+ },
48
+ {
49
+ packageName: "@lucern/developer-kit",
50
+ role: "developer_tool",
51
+ directTenantImport: false
52
+ },
53
+ {
54
+ packageName: "@lucern/events",
55
+ role: "sdk_dependency",
56
+ directTenantImport: false
57
+ },
58
+ {
59
+ packageName: "@lucern/graph-primitives",
60
+ role: "sdk_dependency",
61
+ directTenantImport: false
62
+ },
63
+ {
64
+ packageName: "@lucern/graph-sync",
65
+ role: "host_addon_runtime",
66
+ directTenantImport: true
67
+ },
68
+ {
69
+ packageName: "@lucern/mcp",
70
+ role: "runtime_entrypoint",
71
+ directTenantImport: true
72
+ },
73
+ {
74
+ packageName: "@lucern/pack-host",
75
+ role: "platform_runtime",
76
+ directTenantImport: false
77
+ },
78
+ {
79
+ packageName: "@lucern/pack-installer",
80
+ role: "developer_tool",
81
+ directTenantImport: false
82
+ },
83
+ {
84
+ packageName: "@lucern/proof-compiler",
85
+ role: "developer_tool",
86
+ directTenantImport: false
87
+ },
88
+ {
89
+ packageName: "@lucern/react",
90
+ role: "runtime_entrypoint",
91
+ directTenantImport: true
92
+ },
93
+ {
94
+ packageName: "@lucern/reasoning-kernel",
95
+ role: "component_runtime",
96
+ directTenantImport: false
97
+ },
98
+ {
99
+ packageName: "@lucern/sdk",
100
+ role: "runtime_entrypoint",
101
+ directTenantImport: true
102
+ },
103
+ {
104
+ packageName: "@lucern/secrets",
105
+ role: "sdk_dependency",
106
+ directTenantImport: false
107
+ },
108
+ {
109
+ packageName: "@lucern/server-core",
110
+ role: "platform_runtime",
111
+ directTenantImport: false
112
+ },
113
+ {
114
+ packageName: "@lucern/testing",
115
+ role: "test_support",
116
+ directTenantImport: false
117
+ },
118
+ {
119
+ packageName: "@lucern/transport-core",
120
+ role: "sdk_dependency",
121
+ directTenantImport: false
122
+ },
123
+ {
124
+ packageName: "@lucern/types",
125
+ role: "contract_entrypoint",
126
+ directTenantImport: true
127
+ }
128
+ ];
129
+ TENANT_CLIENT_INSTALLABLE_PACKAGES.map(
130
+ (entry) => entry.packageName
131
+ );
132
+
133
+ // src/infisical-runtime.base.ts
134
+ var INFISICAL_TENANT_SOFTWARE_SYSTEMS = [
135
+ {
136
+ id: "stack-frontend",
137
+ tenantKey: "stack",
138
+ workspaceKey: "frontend",
139
+ vercelProjectName: "ai-chatbot-diao",
140
+ vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
141
+ vercelProjectId: "prj_PihFw8kohSSw14nZs9YQV3xVo517",
142
+ vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
143
+ repository: {
144
+ owner: "stack-vc",
145
+ name: "front-end"
146
+ },
147
+ sharedSourcePath: "/tenants/stack",
148
+ sharedVariablePolicy: "tenant_shared_all_systems",
149
+ convex: {
150
+ urlEnv: "CONVEX_FRONTEND_URL",
151
+ deployKeyEnv: "CONVEX_FRONTEND_DEPLOY_KEY",
152
+ preprodDeployment: "rugged-lobster-664",
153
+ prodDeployment: "wonderful-toucan-0"
154
+ }
155
+ },
156
+ {
157
+ id: "stackos",
158
+ tenantKey: "stack",
159
+ workspaceKey: "stackos",
160
+ vercelProjectName: "stackos",
161
+ vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
162
+ vercelProjectId: "prj_rXLAL0Z6v9p1fasKbomby6GI7kau",
163
+ vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
164
+ repository: {
165
+ owner: "stack-vc",
166
+ name: "stackos"
167
+ },
168
+ sharedSourcePath: "/tenants/stack",
169
+ sharedVariablePolicy: "tenant_shared_all_systems",
170
+ convex: {
171
+ urlEnv: "CONVEX_STACKOS_URL",
172
+ deployKeyEnv: "CONVEX_STACKOS_DEPLOY_KEY",
173
+ preprodDeployment: "giant-mandrill-761",
174
+ prodDeployment: "good-snake-515"
175
+ }
176
+ },
177
+ {
178
+ id: "stack-eng",
179
+ tenantKey: "stack",
180
+ workspaceKey: "engineering",
181
+ vercelProjectName: "stackos-engineering-graph",
182
+ vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
183
+ vercelProjectId: "prj_zAU0Zn9GkbHjHI63dxW4vLpmoqTJ",
184
+ vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
185
+ repository: {
186
+ owner: "stack-vc",
187
+ name: "stackos-engineering-graph"
188
+ },
189
+ sharedSourcePath: "/tenants/stack/engineering",
190
+ sharedVariablePolicy: "tenant_shared_all_systems",
191
+ convex: {
192
+ urlEnv: "CONVEX_STACK_ENG_URL",
193
+ deployKeyEnv: "CONVEX_STACK_ENG_DEPLOY_KEY",
194
+ preprodDeployment: "small-oyster-270",
195
+ prodDeployment: "bold-cuttlefish-804"
196
+ }
197
+ },
198
+ {
199
+ id: "lucern-graph",
200
+ tenantKey: "lucern",
201
+ workspaceKey: "lucern",
202
+ vercelProjectName: "lucern-graph",
203
+ vercelTeamId: "team_vTHxxs8GAoAFUe6RWMlYt7fY",
204
+ vercelProjectId: "prj_KJ8EKV8vGM5xURpqmwTwmECEGPgQ",
205
+ vercelWriterTokenEnv: "LUCERN_VERCEL_TOKEN",
206
+ repository: {
207
+ owner: "LucernAI",
208
+ name: "lucern-graph"
209
+ },
210
+ sharedSourcePath: "/tenants/lucern/shared",
211
+ sharedVariablePolicy: "tenant_shared_all_systems",
212
+ convex: {
213
+ urlEnv: "CONVEX_LUCERN_URL",
214
+ deployKeyEnv: "CONVEX_LUCERN_DEPLOY_KEY",
215
+ preprodDeployment: "good-blackbird-774",
216
+ prodDeployment: "precious-dog-365"
217
+ }
218
+ }
219
+ ];
220
+
221
+ // src/infisical-runtime.tenant-secrets.ts
222
+ var TENANT_SHARED_SECRET_DEFINITION_TEMPLATES = [
223
+ {
224
+ idSuffix: "clerk.publishable",
225
+ canonicalName: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY",
226
+ aliases: ["CLERK_PUBLISHABLE_KEY"],
227
+ required: true,
228
+ secret: false,
229
+ public: true,
230
+ description: "Tenant-owned Clerk browser key. For Stack this is the master clerk.stack.vc project shared by front-end, StackOS, and the engineering workspace."
231
+ },
232
+ {
233
+ idSuffix: "clerk.secret",
234
+ canonicalName: "CLERK_SECRET_KEY",
235
+ required: true,
236
+ secret: true,
237
+ public: false,
238
+ description: "Tenant-owned Clerk backend secret used only by that tenant's server runtimes."
239
+ },
240
+ {
241
+ idSuffix: "clerk.project",
242
+ canonicalName: "CLERK_PROJECT_ID",
243
+ required: true,
244
+ secret: false,
245
+ public: false,
246
+ description: "Tenant-owned Clerk project id used to resolve canonical Clerk aliases."
247
+ },
248
+ {
249
+ idSuffix: "clerk.jwks",
250
+ canonicalName: "CLERK_JWT_ISSUER_DOMAIN",
251
+ aliases: ["CLERK_ISSUER_URL", "CLERK_JWKS_URL"],
252
+ required: false,
253
+ secret: false,
254
+ public: false,
255
+ description: "Tenant Clerk issuer/JWKS URL consumed by Convex auth.config.ts."
256
+ },
257
+ {
258
+ idSuffix: "clerk.jwt-key",
259
+ canonicalName: "CLERK_JWT_KEY",
260
+ required: false,
261
+ secret: true,
262
+ public: false,
263
+ description: "Tenant Clerk JWT public verification key used by bearer-token API routes."
264
+ },
265
+ {
266
+ idSuffix: "clerk.authorized-parties",
267
+ canonicalName: "CLERK_AUTHORIZED_PARTIES",
268
+ aliases: ["CLERK_MOBILE_AUTHORIZED_PARTIES"],
269
+ required: false,
270
+ secret: false,
271
+ public: false,
272
+ description: "Comma-separated Clerk authorized parties for browser and mobile bearer-token validation."
273
+ },
274
+ {
275
+ idSuffix: "clerk.sign-in-url",
276
+ canonicalName: "NEXT_PUBLIC_CLERK_SIGN_IN_URL",
277
+ required: false,
278
+ secret: false,
279
+ public: true,
280
+ description: "Tenant Clerk sign-in route for custom app login surfaces."
281
+ },
282
+ {
283
+ idSuffix: "clerk.sign-up-url",
284
+ canonicalName: "NEXT_PUBLIC_CLERK_SIGN_UP_URL",
285
+ required: false,
286
+ secret: false,
287
+ public: true,
288
+ description: "Tenant Clerk sign-up route for custom app login surfaces."
289
+ }
290
+ ];
291
+ var TENANT_SHARED_SECRET_DEFINITIONS = INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
292
+ (system) => TENANT_SHARED_SECRET_DEFINITION_TEMPLATES.map(
293
+ (template) => ({
294
+ id: `tenant.${system.id}.${template.idSuffix}`,
295
+ canonicalName: template.canonicalName,
296
+ aliases: "aliases" in template ? template.aliases : void 0,
297
+ owner: "tenant",
298
+ scope: "tenant",
299
+ sourcePath: system.sharedSourcePath,
300
+ environmentPolicy: "environment_specific",
301
+ required: template.required,
302
+ secret: template.secret,
303
+ public: template.public,
304
+ consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
305
+ destinations: [
306
+ {
307
+ kind: "vercel",
308
+ target: system.vercelProjectName,
309
+ environmentPolicy: "preprod_staging_prod_prod"
310
+ },
311
+ {
312
+ kind: "convex",
313
+ target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
314
+ environmentPolicy: "preprod_staging_prod_prod"
315
+ }
316
+ ],
317
+ description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
318
+ })
319
+ )
320
+ );
321
+ var TENANT_INSTALL_SECRET_DEFINITIONS = INFISICAL_TENANT_SOFTWARE_SYSTEMS.map(
322
+ (system) => ({
323
+ id: `tenant.${system.id}.install-lucern-npm`,
324
+ canonicalName: "INSTALL_LUCERN_NPM",
325
+ owner: "provider",
326
+ scope: "global",
327
+ sourcePath: "/tenants/shared",
328
+ environmentPolicy: "same_all_environments",
329
+ required: true,
330
+ secret: true,
331
+ public: false,
332
+ consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
333
+ destinations: [
334
+ {
335
+ kind: "vercel",
336
+ target: system.vercelProjectName,
337
+ environmentPolicy: "same_all_environments"
338
+ },
339
+ {
340
+ kind: "github_actions",
341
+ target: `${system.repository.owner}/${system.repository.name}`,
342
+ environmentPolicy: "same_all_environments"
343
+ }
344
+ ],
345
+ description: `${system.tenantKey}/${system.workspaceKey}: read-only npm install token for published @lucern/* packages.`
346
+ })
347
+ );
348
+ var TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS = ["stack-frontend", "stackos"];
349
+ var TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES = [
350
+ {
351
+ idSuffix: "ai.openai-api-key",
352
+ canonicalName: "OPENAI_API_KEY",
353
+ required: false,
354
+ secret: true,
355
+ public: false,
356
+ consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
357
+ description: "Tenant-owned OpenAI key for product runtime LLM calls."
358
+ },
359
+ {
360
+ idSuffix: "ai.anthropic-api-key",
361
+ canonicalName: "ANTHROPIC_API_KEY",
362
+ required: false,
363
+ secret: true,
364
+ public: false,
365
+ consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
366
+ description: "Tenant-owned Anthropic key for product runtime LLM calls."
367
+ },
368
+ {
369
+ idSuffix: "ai.gemini-api-key",
370
+ canonicalName: "GEMINI_API_KEY",
371
+ aliases: ["GOOGLE_AI_API_KEY", "GOOGLE_GENERATIVE_AI_API_KEY"],
372
+ required: false,
373
+ secret: true,
374
+ public: false,
375
+ consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
376
+ description: "Tenant-owned Google/Gemini key for product runtime LLM calls."
377
+ },
378
+ {
379
+ idSuffix: "langfuse.secret-key",
380
+ canonicalName: "LANGFUSE_SECRET_KEY",
381
+ required: false,
382
+ secret: true,
383
+ public: false,
384
+ consumers: [
385
+ "tenant-vercel-app",
386
+ "tenant-convex-deployment",
387
+ "tenant-observability"
388
+ ],
389
+ description: "Tenant-owned Langfuse secret key for product AI tracing."
390
+ },
391
+ {
392
+ idSuffix: "langfuse.public-key",
393
+ canonicalName: "LANGFUSE_PUBLIC_KEY",
394
+ required: false,
395
+ secret: false,
396
+ public: false,
397
+ consumers: [
398
+ "tenant-vercel-app",
399
+ "tenant-convex-deployment",
400
+ "tenant-observability"
401
+ ],
402
+ description: "Tenant-owned Langfuse public key for product AI tracing."
403
+ },
404
+ {
405
+ idSuffix: "langfuse.base-url",
406
+ canonicalName: "LANGFUSE_BASE_URL",
407
+ aliases: ["LANGFUSE_BASEURL", "LANGFUSE_HOST"],
408
+ required: false,
409
+ secret: false,
410
+ public: false,
411
+ consumers: [
412
+ "tenant-vercel-app",
413
+ "tenant-convex-deployment",
414
+ "tenant-observability"
415
+ ],
416
+ description: "Tenant-owned Langfuse API origin."
417
+ },
418
+ {
419
+ idSuffix: "graph.neo4j-uri",
420
+ canonicalName: "NEO4J_URI",
421
+ required: false,
422
+ secret: false,
423
+ public: false,
424
+ consumers: [
425
+ "tenant-vercel-app",
426
+ "tenant-convex-deployment",
427
+ "tenant-graph-sync"
428
+ ],
429
+ description: "Tenant-owned Neo4j URI for product graph-sync."
430
+ },
431
+ {
432
+ idSuffix: "graph.neo4j-user",
433
+ canonicalName: "NEO4J_USER",
434
+ aliases: ["NEO4J_USERNAME"],
435
+ required: false,
436
+ secret: false,
437
+ public: false,
438
+ consumers: [
439
+ "tenant-vercel-app",
440
+ "tenant-convex-deployment",
441
+ "tenant-graph-sync"
442
+ ],
443
+ description: "Tenant-owned Neo4j user for product graph-sync."
444
+ },
445
+ {
446
+ idSuffix: "graph.neo4j-password",
447
+ canonicalName: "NEO4J_PASSWORD",
448
+ required: false,
449
+ secret: true,
450
+ public: false,
451
+ consumers: [
452
+ "tenant-vercel-app",
453
+ "tenant-convex-deployment",
454
+ "tenant-graph-sync"
455
+ ],
456
+ description: "Tenant-owned Neo4j password for product graph-sync."
457
+ },
458
+ {
459
+ idSuffix: "graph.neo4j-sync-secret",
460
+ canonicalName: "NEO4J_SYNC_SECRET",
461
+ required: false,
462
+ secret: true,
463
+ public: false,
464
+ consumers: [
465
+ "tenant-vercel-app",
466
+ "tenant-convex-deployment",
467
+ "tenant-graph-sync"
468
+ ],
469
+ description: "Tenant-owned shared secret for product Convex-to-HTTP graph-sync calls."
470
+ },
471
+ {
472
+ idSuffix: "graph.neo4j-database",
473
+ canonicalName: "NEO4J_DATABASE",
474
+ required: false,
475
+ secret: false,
476
+ public: false,
477
+ consumers: [
478
+ "tenant-vercel-app",
479
+ "tenant-convex-deployment",
480
+ "tenant-graph-sync"
481
+ ],
482
+ description: "Tenant-owned Neo4j database name for product graph-sync."
483
+ },
484
+ {
485
+ idSuffix: "vector.pinecone-api-key",
486
+ canonicalName: "PINECONE_API_KEY",
487
+ required: false,
488
+ secret: true,
489
+ public: false,
490
+ consumers: [
491
+ "tenant-vercel-app",
492
+ "tenant-convex-deployment",
493
+ "tenant-vector-store"
494
+ ],
495
+ description: "Tenant-owned Pinecone API key for product vector search."
496
+ },
497
+ {
498
+ idSuffix: "vector.pinecone-index-name",
499
+ canonicalName: "PINECONE_INDEX_NAME",
500
+ aliases: ["PINECONE_INDEX"],
501
+ required: false,
502
+ secret: false,
503
+ public: false,
504
+ consumers: [
505
+ "tenant-vercel-app",
506
+ "tenant-convex-deployment",
507
+ "tenant-vector-store"
508
+ ],
509
+ description: "Tenant-owned Pinecone index name for product vector search."
510
+ },
511
+ {
512
+ idSuffix: "vector.pinecone-host",
513
+ canonicalName: "PINECONE_HOST",
514
+ aliases: ["PINECONE_INDEX_HOST"],
515
+ required: false,
516
+ secret: false,
517
+ public: false,
518
+ consumers: [
519
+ "tenant-vercel-app",
520
+ "tenant-convex-deployment",
521
+ "tenant-vector-store"
522
+ ],
523
+ description: "Tenant-owned Pinecone host for product vector search."
524
+ },
525
+ {
526
+ idSuffix: "vector.pinecone-namespace",
527
+ canonicalName: "PINECONE_NAMESPACE",
528
+ required: false,
529
+ secret: false,
530
+ public: false,
531
+ consumers: [
532
+ "tenant-vercel-app",
533
+ "tenant-convex-deployment",
534
+ "tenant-vector-store"
535
+ ],
536
+ description: "Tenant-owned Pinecone namespace for product vector search isolation."
537
+ },
538
+ {
539
+ idSuffix: "storage.aws-access-key-id",
540
+ canonicalName: "AWS_ACCESS_KEY_ID",
541
+ required: false,
542
+ secret: true,
543
+ public: false,
544
+ consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
545
+ description: "Tenant-owned AWS access key id for document/file ingestion."
546
+ },
547
+ {
548
+ idSuffix: "storage.aws-secret-access-key",
549
+ canonicalName: "AWS_SECRET_ACCESS_KEY",
550
+ required: false,
551
+ secret: true,
552
+ public: false,
553
+ consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
554
+ description: "Tenant-owned AWS secret access key for document/file ingestion."
555
+ },
556
+ {
557
+ idSuffix: "storage.aws-region",
558
+ canonicalName: "AWS_REGION",
559
+ required: false,
560
+ secret: false,
561
+ public: false,
562
+ consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
563
+ description: "Tenant-owned AWS region for document/file ingestion."
564
+ },
565
+ {
566
+ idSuffix: "observability.sentry-dsn",
567
+ canonicalName: "NEXT_PUBLIC_SENTRY_DSN",
568
+ aliases: ["NEXT_PUBLIC_SENTRY_DSN_NEXTJS", "SENTRY_DSN"],
569
+ required: false,
570
+ secret: false,
571
+ public: true,
572
+ consumers: ["tenant-vercel-app", "tenant-observability"],
573
+ description: "Tenant-owned Sentry DSN for app telemetry."
574
+ },
575
+ {
576
+ idSuffix: "observability.sentry-auth-token",
577
+ canonicalName: "SENTRY_AUTH_TOKEN",
578
+ required: false,
579
+ secret: true,
580
+ public: false,
581
+ consumers: ["tenant-deploy-tooling", "tenant-observability"],
582
+ description: "Tenant-owned Sentry release token for app deployments."
583
+ },
584
+ {
585
+ idSuffix: "observability.sentry-org",
586
+ canonicalName: "SENTRY_ORG",
587
+ aliases: ["SENTRY_ORG_SLUG"],
588
+ required: false,
589
+ secret: false,
590
+ public: false,
591
+ consumers: ["tenant-deploy-tooling", "tenant-observability"],
592
+ description: "Tenant-owned Sentry org slug for release uploads."
593
+ },
594
+ {
595
+ idSuffix: "observability.sentry-project",
596
+ canonicalName: "SENTRY_PROJECT",
597
+ aliases: ["SENTRY_PROJECT_NEXTJS"],
598
+ required: false,
599
+ secret: false,
600
+ public: false,
601
+ consumers: ["tenant-deploy-tooling", "tenant-observability"],
602
+ description: "Tenant-owned Sentry project slug for release uploads."
603
+ },
604
+ {
605
+ idSuffix: "observability.sentry-environment",
606
+ canonicalName: "NEXT_PUBLIC_SENTRY_ENVIRONMENT",
607
+ aliases: ["SENTRY_ENVIRONMENT"],
608
+ required: false,
609
+ secret: false,
610
+ public: true,
611
+ consumers: ["tenant-vercel-app", "tenant-observability"],
612
+ description: "Tenant-owned Sentry environment label."
613
+ },
614
+ {
615
+ idSuffix: "observability.sentry-release",
616
+ canonicalName: "NEXT_PUBLIC_SENTRY_RELEASE",
617
+ aliases: ["SENTRY_RELEASE"],
618
+ required: false,
619
+ secret: false,
620
+ public: true,
621
+ consumers: ["tenant-vercel-app", "tenant-observability"],
622
+ description: "Tenant-owned Sentry release label."
623
+ },
624
+ {
625
+ idSuffix: "observability.sentry-client-options",
626
+ canonicalName: "NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE",
627
+ aliases: [
628
+ "NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS",
629
+ "NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS_NEXTJS",
630
+ "NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS",
631
+ "NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS_NEXTJS",
632
+ "NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS",
633
+ "NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS_NEXTJS",
634
+ "NEXT_PUBLIC_SENTRY_ENABLE_LOGS",
635
+ "NEXT_PUBLIC_SENTRY_REPLAYS_ON_ERROR_SAMPLE_RATE",
636
+ "NEXT_PUBLIC_SENTRY_REPLAYS_SESSION_SAMPLE_RATE",
637
+ "NEXT_PUBLIC_SENTRY_SEND_DEFAULT_PII",
638
+ "NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE_NEXTJS"
639
+ ],
640
+ required: false,
641
+ secret: false,
642
+ public: true,
643
+ consumers: ["tenant-vercel-app", "tenant-observability"],
644
+ description: "Tenant-owned public Sentry tuning values for Next.js client instrumentation."
645
+ },
646
+ {
647
+ idSuffix: "observability.sentry-webhook-secret",
648
+ canonicalName: "SENTRY_WEBHOOK_SECRET",
649
+ required: false,
650
+ secret: true,
651
+ public: false,
652
+ consumers: ["tenant-convex-deployment", "tenant-observability"],
653
+ description: "Tenant-owned Sentry webhook verification secret."
654
+ },
655
+ {
656
+ idSuffix: "lucern.gateway-api-key",
657
+ canonicalName: "LUCERN_API_KEY",
658
+ aliases: ["STACK_API_KEY"],
659
+ required: false,
660
+ secret: true,
661
+ public: false,
662
+ consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
663
+ description: "Tenant-scoped Lucern/MC gateway API key for product front-door calls."
664
+ },
665
+ {
666
+ idSuffix: "lucern.gateway-base-url",
667
+ canonicalName: "LUCERN_BASE_URL",
668
+ aliases: ["LUCERN_API_BASE_URL", "LUCERN_GATEWAY_BASE_URL"],
669
+ required: false,
670
+ secret: false,
671
+ public: false,
672
+ consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
673
+ description: "Lucern/MC gateway base URL used by tenant product apps."
674
+ },
675
+ {
676
+ idSuffix: "lucern.proxy-token-secret",
677
+ canonicalName: "LUCERN_PROXY_TOKEN_SECRET",
678
+ required: false,
679
+ secret: true,
680
+ public: false,
681
+ consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
682
+ description: "Tenant-owned secret for signing internal proxy/session tokens in product apps."
683
+ },
684
+ {
685
+ idSuffix: "tenant.integrations.linear-api-key",
686
+ canonicalName: "LINEAR_API_KEY",
687
+ required: false,
688
+ secret: true,
689
+ public: false,
690
+ consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
691
+ description: "Tenant-owned Linear API key for support/slash-command flows."
692
+ },
693
+ {
694
+ idSuffix: "tenant.vercel.bypass-token",
695
+ canonicalName: "VERCEL_AUTOMATION_BYPASS_SECRET",
696
+ aliases: ["NEXT_PUBLIC_VERCEL_BYPASS_TOKEN"],
697
+ required: false,
698
+ secret: true,
699
+ public: false,
700
+ consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
701
+ description: "Tenant-owned Vercel automation bypass token. Public alias is legacy and should be removed from app code."
702
+ }
703
+ ];
704
+ var TENANT_PRODUCT_RUNTIME_SECRET_DEFINITIONS = INFISICAL_TENANT_SOFTWARE_SYSTEMS.filter(
705
+ (system) => TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS.includes(system.id)
706
+ ).flatMap(
707
+ (system) => TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES.map(
708
+ (template) => ({
709
+ id: `tenant.${system.id}.${template.idSuffix}`,
710
+ canonicalName: template.canonicalName,
711
+ aliases: "aliases" in template ? template.aliases : void 0,
712
+ owner: "tenant",
713
+ scope: "tenant",
714
+ sourcePath: system.sharedSourcePath,
715
+ environmentPolicy: "environment_specific",
716
+ required: template.required,
717
+ secret: template.secret,
718
+ public: template.public,
719
+ consumers: template.consumers,
720
+ destinations: [
721
+ {
722
+ kind: "vercel",
723
+ target: system.vercelProjectName,
724
+ environmentPolicy: "preprod_staging_prod_prod"
725
+ },
726
+ {
727
+ kind: "convex",
728
+ target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
729
+ environmentPolicy: "preprod_staging_prod_prod"
730
+ },
731
+ {
732
+ kind: "github_actions",
733
+ target: `${system.repository.owner}/${system.repository.name}`,
734
+ environmentPolicy: "preprod_staging_prod_prod"
735
+ }
736
+ ],
737
+ description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
738
+ })
739
+ )
740
+ );
741
+ function tenantVercelConvexUrlWriteNames(system) {
742
+ const names = [system.convex.urlEnv, "NEXT_PUBLIC_CONVEX_URL"];
743
+ if (system.id === "stack-eng") {
744
+ return [...names, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
745
+ }
746
+ return names;
747
+ }
748
+ function tenantRepositoryConvexUrlWriteNames(system) {
749
+ if (system.id === "stack-eng") {
750
+ return [system.convex.urlEnv, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
751
+ }
752
+ return [system.convex.urlEnv];
753
+ }
754
+ function tenantRepositoryConvexDeployKeyWriteNames(system) {
755
+ if (system.id === "stack-eng") {
756
+ return [system.convex.deployKeyEnv, "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
757
+ }
758
+ return [system.convex.deployKeyEnv];
759
+ }
760
+ function tenantConvexUrlAliases(system) {
761
+ if (system.id === "stack-frontend") {
762
+ return [
763
+ "CONVEX_PROD_URL",
764
+ "CONVEX_STACK_V2_PROD_URL",
765
+ "CONVEX_STACK_V2_STAGING_URL",
766
+ "STACK_CONVEX_URL"
767
+ ];
768
+ }
769
+ if (system.id === "stackos") {
770
+ return [
771
+ "CONVEX_CLOUD_URL",
772
+ "CONVEX_STACK_URL",
773
+ "CONVEX_URL",
774
+ "CONVEX_URL_DEVELOPMENT",
775
+ "CONVEX_URL_PRODUCTION",
776
+ "STACK_CONVEX_URL"
777
+ ];
778
+ }
779
+ if (system.id === "stack-eng") {
780
+ return ["STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
781
+ }
782
+ if (system.id === "lucern-graph") {
783
+ return [
784
+ "CONVEX_GRAPH_URL",
785
+ "LUCERN_PROD_URL",
786
+ "NEXT_PUBLIC_LUCERN_GRAPH_URL"
787
+ ];
788
+ }
789
+ return void 0;
790
+ }
791
+ function tenantConvexDeployKeyAliases(system) {
792
+ if (system.id === "stack-frontend") {
793
+ return [
794
+ "CONVEX_STACK_V2_PROD_DEPLOY_KEY",
795
+ "CONVEX_STACK_V2_STAGING_DEPLOY_KEY",
796
+ "STACK_DEPLOY_KEY"
797
+ ];
798
+ }
799
+ if (system.id === "stackos") {
800
+ return [
801
+ "CONVEX_DEPLOY_KEY",
802
+ "CONVEX_DEV_DEPLOY_KEY",
803
+ "CONVEX_PROD_DEPLOY_KEY",
804
+ "CONVEX_STACK_DEPLOY_KEY",
805
+ "STACK_DEPLOY_KEY"
806
+ ];
807
+ }
808
+ if (system.id === "stack-eng") {
809
+ return ["CONVEX_DEPLOY_KEY", "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
810
+ }
811
+ if (system.id === "lucern-graph") {
812
+ return [
813
+ "CONVEX_DEPLOY_KEY",
814
+ "CONVEX_GRAPH_DEPLOY_KEY",
815
+ "LUCERN_CONVEX_DEPLOY_KEY",
816
+ "LUCERN_DEV_DEPLOY_KEY",
817
+ "LUCERN_PROD_DEPLOY_KEY"
818
+ ];
819
+ }
820
+ return void 0;
821
+ }
822
+ var TENANT_GRAPH_PUBLIC_CONFIG_SECRET_DEFINITIONS = INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
823
+ (system) => {
824
+ if (system.id === "lucern-graph") {
825
+ return [
826
+ {
827
+ id: "tenant.lucern-graph.public.tenant-id",
828
+ canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_ID",
829
+ aliases: ["NEXT_PUBLIC_LUCERN_TENANT_ID"],
830
+ owner: "tenant",
831
+ scope: "workspace",
832
+ sourcePath: system.sharedSourcePath,
833
+ environmentPolicy: "environment_specific",
834
+ required: false,
835
+ secret: false,
836
+ public: true,
837
+ consumers: ["tenant-vercel-app"],
838
+ destinations: [
839
+ {
840
+ kind: "vercel",
841
+ target: system.vercelProjectName,
842
+ environmentPolicy: "preprod_staging_prod_prod"
843
+ }
844
+ ],
845
+ description: "Lucern graph public tenant id used by the standalone graph explorer."
846
+ },
847
+ {
848
+ id: "tenant.lucern-graph.public.tenant-label",
849
+ canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_LABEL",
850
+ owner: "tenant",
851
+ scope: "workspace",
852
+ sourcePath: system.sharedSourcePath,
853
+ environmentPolicy: "environment_specific",
854
+ required: false,
855
+ secret: false,
856
+ public: true,
857
+ consumers: ["tenant-vercel-app"],
858
+ destinations: [
859
+ {
860
+ kind: "vercel",
861
+ target: system.vercelProjectName,
862
+ environmentPolicy: "preprod_staging_prod_prod"
863
+ }
864
+ ],
865
+ description: "Lucern graph public tenant label used by the standalone graph explorer."
866
+ }
867
+ ];
868
+ }
869
+ if (system.id === "stack-eng") {
870
+ return [
871
+ {
872
+ id: "tenant.stack-eng.public.tenant-id",
873
+ canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_ID",
874
+ owner: "tenant",
875
+ scope: "workspace",
876
+ sourcePath: system.sharedSourcePath,
877
+ environmentPolicy: "environment_specific",
878
+ required: false,
879
+ secret: false,
880
+ public: true,
881
+ consumers: ["tenant-vercel-app"],
882
+ destinations: [
883
+ {
884
+ kind: "vercel",
885
+ target: system.vercelProjectName,
886
+ environmentPolicy: "preprod_staging_prod_prod"
887
+ }
888
+ ],
889
+ description: "Stack engineering graph public tenant id used by the graph explorer."
890
+ },
891
+ {
892
+ id: "tenant.stack-eng.public.tenant-label",
893
+ canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_LABEL",
894
+ owner: "tenant",
895
+ scope: "workspace",
896
+ sourcePath: system.sharedSourcePath,
897
+ environmentPolicy: "environment_specific",
898
+ required: false,
899
+ secret: false,
900
+ public: true,
901
+ consumers: ["tenant-vercel-app"],
902
+ destinations: [
903
+ {
904
+ kind: "vercel",
905
+ target: system.vercelProjectName,
906
+ environmentPolicy: "preprod_staging_prod_prod"
907
+ }
908
+ ],
909
+ description: "Stack engineering graph public tenant label used by the graph explorer."
910
+ },
911
+ {
912
+ id: "tenant.stack-eng.public.environment",
913
+ canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_ENV",
914
+ owner: "tenant",
915
+ scope: "workspace",
916
+ sourcePath: system.sharedSourcePath,
917
+ environmentPolicy: "environment_specific",
918
+ required: false,
919
+ secret: false,
920
+ public: true,
921
+ consumers: ["tenant-vercel-app"],
922
+ destinations: [
923
+ {
924
+ kind: "vercel",
925
+ target: system.vercelProjectName,
926
+ environmentPolicy: "preprod_staging_prod_prod"
927
+ }
928
+ ],
929
+ description: "Stack engineering graph public environment label used by the graph explorer."
930
+ }
931
+ ];
932
+ }
933
+ return [];
934
+ }
935
+ );
936
+ var STACK_ENG_GRAPH_STORE_SECRET_DEFINITIONS = [
937
+ {
938
+ id: "tenant.stack-eng.neo4j.uri",
939
+ canonicalName: "NEO4J_URI",
940
+ aliases: ["NEO4J_ENG_URI"],
941
+ owner: "tenant",
942
+ scope: "workspace",
943
+ sourcePath: "/tenants/stack/engineering",
944
+ environmentPolicy: "environment_specific",
945
+ required: false,
946
+ secret: false,
947
+ public: false,
948
+ consumers: ["tenant-graph-sync", "tenant-convex-deployment"],
949
+ destinations: [
950
+ {
951
+ kind: "convex",
952
+ target: "small-oyster-270|bold-cuttlefish-804",
953
+ environmentPolicy: "preprod_staging_prod_prod"
954
+ },
955
+ {
956
+ kind: "vercel",
957
+ target: "stackos-engineering-graph",
958
+ environmentPolicy: "preprod_staging_prod_prod"
959
+ },
960
+ {
961
+ kind: "github_actions",
962
+ target: "stack-vc/stackos-engineering-graph",
963
+ environmentPolicy: "preprod_staging_prod_prod"
964
+ }
965
+ ],
966
+ description: "Stack engineering graph Neo4j runtime URI. NEO4J_ENG_URI is the source alias used to avoid StackOS front-office collisions."
967
+ },
968
+ {
969
+ id: "tenant.stack-eng.neo4j.user",
970
+ canonicalName: "NEO4J_USER",
971
+ aliases: ["NEO4J_ENG_USER"],
972
+ owner: "tenant",
973
+ scope: "workspace",
974
+ sourcePath: "/tenants/stack/engineering",
975
+ environmentPolicy: "environment_specific",
976
+ required: false,
977
+ secret: false,
978
+ public: false,
979
+ consumers: ["tenant-graph-sync", "tenant-convex-deployment"],
980
+ destinations: [
981
+ {
982
+ kind: "convex",
983
+ target: "small-oyster-270|bold-cuttlefish-804",
984
+ environmentPolicy: "preprod_staging_prod_prod"
985
+ },
986
+ {
987
+ kind: "vercel",
988
+ target: "stackos-engineering-graph",
989
+ environmentPolicy: "preprod_staging_prod_prod"
990
+ },
991
+ {
992
+ kind: "github_actions",
993
+ target: "stack-vc/stackos-engineering-graph",
994
+ environmentPolicy: "preprod_staging_prod_prod"
995
+ }
996
+ ],
997
+ description: "Stack engineering graph Neo4j runtime user."
998
+ },
999
+ {
1000
+ id: "tenant.stack-eng.neo4j.password",
1001
+ canonicalName: "NEO4J_PASSWORD",
1002
+ aliases: ["NEO4J_ENG_PASSWORD"],
1003
+ owner: "tenant",
1004
+ scope: "workspace",
1005
+ sourcePath: "/tenants/stack/engineering",
1006
+ environmentPolicy: "environment_specific",
1007
+ required: false,
1008
+ secret: true,
1009
+ public: false,
1010
+ consumers: ["tenant-graph-sync", "tenant-convex-deployment"],
1011
+ destinations: [
1012
+ {
1013
+ kind: "convex",
1014
+ target: "small-oyster-270|bold-cuttlefish-804",
1015
+ environmentPolicy: "preprod_staging_prod_prod"
1016
+ },
1017
+ {
1018
+ kind: "vercel",
1019
+ target: "stackos-engineering-graph",
1020
+ environmentPolicy: "preprod_staging_prod_prod"
1021
+ },
1022
+ {
1023
+ kind: "github_actions",
1024
+ target: "stack-vc/stackos-engineering-graph",
1025
+ environmentPolicy: "preprod_staging_prod_prod"
1026
+ }
1027
+ ],
1028
+ description: "Stack engineering graph Neo4j runtime password."
1029
+ },
1030
+ {
1031
+ id: "tenant.stack-eng.neo4j.sync-secret",
1032
+ canonicalName: "NEO4J_SYNC_SECRET",
1033
+ owner: "tenant",
1034
+ scope: "workspace",
1035
+ sourcePath: "/tenants/stack/engineering",
1036
+ environmentPolicy: "environment_specific",
1037
+ required: false,
1038
+ secret: true,
1039
+ public: false,
1040
+ consumers: ["tenant-graph-sync", "tenant-convex-deployment"],
1041
+ destinations: [
1042
+ {
1043
+ kind: "convex",
1044
+ target: "small-oyster-270|bold-cuttlefish-804",
1045
+ environmentPolicy: "preprod_staging_prod_prod"
1046
+ },
1047
+ {
1048
+ kind: "vercel",
1049
+ target: "stackos-engineering-graph",
1050
+ environmentPolicy: "preprod_staging_prod_prod"
1051
+ },
1052
+ {
1053
+ kind: "github_actions",
1054
+ target: "stack-vc/stackos-engineering-graph",
1055
+ environmentPolicy: "preprod_staging_prod_prod"
1056
+ }
1057
+ ],
1058
+ description: "Stack engineering graph sync secret for Convex-to-HTTP graph query/sync calls."
1059
+ }
1060
+ ];
1061
+ var TENANT_CONVEX_SECRET_DEFINITIONS = INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap((system) => [
1062
+ {
1063
+ id: `tenant.${system.id}.convex.url`,
1064
+ canonicalName: system.convex.urlEnv,
1065
+ aliases: tenantConvexUrlAliases(system),
1066
+ owner: "tenant",
1067
+ scope: "software_system",
1068
+ sourcePath: system.sharedSourcePath,
1069
+ environmentPolicy: "preprod_staging_prod_prod",
1070
+ required: true,
1071
+ secret: false,
1072
+ public: false,
1073
+ consumers: [
1074
+ "tenant-vercel-app",
1075
+ "tenant-agent-runtime",
1076
+ "mc-operator-tooling"
1077
+ ],
1078
+ destinations: [
1079
+ {
1080
+ kind: "vercel",
1081
+ target: system.vercelProjectName,
1082
+ environmentPolicy: "preprod_staging_prod_prod",
1083
+ writeNames: tenantVercelConvexUrlWriteNames(system)
1084
+ },
1085
+ {
1086
+ kind: "github_actions",
1087
+ target: `${system.repository.owner}/${system.repository.name}`,
1088
+ environmentPolicy: "preprod_staging_prod_prod",
1089
+ writeNames: tenantRepositoryConvexUrlWriteNames(system),
1090
+ notes: "Only if that repository deploy/test workflow owns this software system."
1091
+ }
1092
+ ],
1093
+ description: `${system.tenantKey}/${system.workspaceKey} Convex URL. Pre-prod resolves to ${system.convex.preprodDeployment}; prod resolves to ${system.convex.prodDeployment}.`
1094
+ },
1095
+ {
1096
+ id: `tenant.${system.id}.convex.deploy-key`,
1097
+ canonicalName: system.convex.deployKeyEnv,
1098
+ aliases: tenantConvexDeployKeyAliases(system),
1099
+ owner: "tenant",
1100
+ scope: "software_system",
1101
+ sourcePath: system.sharedSourcePath,
1102
+ environmentPolicy: "preprod_staging_prod_prod",
1103
+ required: true,
1104
+ secret: true,
1105
+ public: false,
1106
+ consumers: [
1107
+ "tenant-vercel-app",
1108
+ "tenant-agent-runtime",
1109
+ "mc-operator-tooling"
1110
+ ],
1111
+ destinations: [
1112
+ {
1113
+ kind: "vercel",
1114
+ target: system.vercelProjectName,
1115
+ environmentPolicy: "preprod_staging_prod_prod"
1116
+ },
1117
+ {
1118
+ kind: "github_actions",
1119
+ target: `${system.repository.owner}/${system.repository.name}`,
1120
+ environmentPolicy: "preprod_staging_prod_prod",
1121
+ writeNames: tenantRepositoryConvexDeployKeyWriteNames(system),
1122
+ notes: "Only if that repository deploy/test workflow owns this software system."
1123
+ }
1124
+ ],
1125
+ description: `${system.tenantKey}/${system.workspaceKey} Convex deploy/admin key. Never route to sibling workspaces.`
1126
+ }
1127
+ ]);
1128
+
1129
+ export { STACK_ENG_GRAPH_STORE_SECRET_DEFINITIONS, TENANT_CONVEX_SECRET_DEFINITIONS, TENANT_GRAPH_PUBLIC_CONFIG_SECRET_DEFINITIONS, TENANT_INSTALL_SECRET_DEFINITIONS, TENANT_PRODUCT_RUNTIME_SECRET_DEFINITIONS, TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES, TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS, TENANT_SHARED_SECRET_DEFINITIONS, TENANT_SHARED_SECRET_DEFINITION_TEMPLATES };
1130
+ //# sourceMappingURL=infisical-runtime.tenant-secrets.js.map
1131
+ //# sourceMappingURL=infisical-runtime.tenant-secrets.js.map