@lucern/contracts 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. package/CHANGELOG.md +3 -0
  2. package/dist/function-registry/worktrees.js +1 -1
  3. package/dist/function-registry/worktrees.js.map +1 -1
  4. package/dist/generated/infisicalRuntimeEnv.js +2815 -336
  5. package/dist/generated/infisicalRuntimeEnv.js.map +1 -1
  6. package/dist/index.js +3250 -510
  7. package/dist/index.js.map +1 -1
  8. package/dist/infisical-runtime.base.d.ts +1 -1
  9. package/dist/infisical-runtime.base.js +3 -0
  10. package/dist/infisical-runtime.base.js.map +1 -1
  11. package/dist/infisical-runtime.contract.d.ts +188 -2
  12. package/dist/infisical-runtime.contract.js +494 -233
  13. package/dist/infisical-runtime.contract.js.map +1 -1
  14. package/dist/infisical-runtime.platform-automation-secrets.d.ts +436 -0
  15. package/dist/infisical-runtime.platform-automation-secrets.js +596 -0
  16. package/dist/infisical-runtime.platform-automation-secrets.js.map +1 -0
  17. package/dist/infisical-runtime.platform-observability-secrets.d.ts +323 -0
  18. package/dist/infisical-runtime.platform-observability-secrets.js +417 -0
  19. package/dist/infisical-runtime.platform-observability-secrets.js.map +1 -0
  20. package/dist/infisical-runtime.platform-ops-secrets.d.ts +4 -569
  21. package/dist/infisical-runtime.platform-ops-secrets.js +440 -183
  22. package/dist/infisical-runtime.platform-ops-secrets.js.map +1 -1
  23. package/dist/infisical-runtime.tenant-secrets.js.map +1 -1
  24. package/dist/manifests/infisical-runtime-manifest.d.ts +188 -2
  25. package/dist/manifests/infisical-runtime-manifest.js +439 -181
  26. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  27. package/dist/proof-attestation.json +1 -1
  28. package/package.json +1 -1
@@ -1,200 +1,279 @@
1
- // src/infisical-runtime.platform-ops-secrets.ts
2
- var PLATFORM_GRAPH_STORE_SECRET_DEFINITIONS = [
1
+ // src/infisical-runtime.platform-observability-secrets.ts
2
+ var PLATFORM_SENTRY_SECRET_DEFINITIONS = [
3
3
  {
4
- id: "platform.neo4j.uri",
5
- canonicalName: "NEO4J_URI",
6
- owner: "lucern_platform",
4
+ id: "platform.sentry.dsn",
5
+ canonicalName: "NEXT_PUBLIC_SENTRY_DSN",
6
+ aliases: ["SENTRY_DSN", "NEXT_PUBLIC_SENTRY_DSN_NEXTJS"],
7
+ owner: "provider",
7
8
  scope: "environment",
8
- sourcePath: "/platform/graph/neo4j",
9
+ sourcePath: "/platform/observability/sentry",
9
10
  environmentPolicy: "environment_specific",
10
11
  required: false,
11
12
  secret: false,
12
- public: false,
13
- consumers: ["lucern-graph-sync", "lucern-repo-ci"],
13
+ public: true,
14
+ consumers: ["lucern-web", "lucern-gateway", "lucern-observability"],
14
15
  destinations: [
15
16
  {
16
- kind: "runtime_fetch",
17
- target: "lucern-graph-sync",
17
+ kind: "vercel",
18
+ target: "lucern",
18
19
  environmentPolicy: "environment_specific"
19
20
  },
20
21
  {
21
- kind: "github_actions",
22
- target: "LucernAI/lucern",
22
+ kind: "vercel",
23
+ target: "lucern-gateway",
23
24
  environmentPolicy: "environment_specific"
24
25
  }
25
26
  ],
26
- description: "Lucern-owned Neo4j URI for platform graph-sync surfaces."
27
+ description: "Lucern-owned Sentry DSN for browser/server error telemetry."
27
28
  },
28
29
  {
29
- id: "platform.neo4j.user",
30
- canonicalName: "NEO4J_USER",
31
- aliases: ["NEO4J_USERNAME"],
32
- owner: "lucern_platform",
30
+ id: "platform.sentry.auth-token",
31
+ canonicalName: "SENTRY_AUTH_TOKEN",
32
+ owner: "provider",
33
33
  scope: "environment",
34
- sourcePath: "/platform/graph/neo4j",
35
- environmentPolicy: "environment_specific",
34
+ sourcePath: "/platform/observability/sentry",
35
+ environmentPolicy: "same_all_environments",
36
36
  required: false,
37
- secret: false,
37
+ secret: true,
38
38
  public: false,
39
- consumers: ["lucern-graph-sync", "lucern-repo-ci"],
39
+ consumers: ["lucern-repo-ci", "lucern-observability"],
40
40
  destinations: [
41
- {
42
- kind: "runtime_fetch",
43
- target: "lucern-graph-sync",
44
- environmentPolicy: "environment_specific"
45
- },
46
41
  {
47
42
  kind: "github_actions",
48
43
  target: "LucernAI/lucern",
49
- environmentPolicy: "environment_specific"
44
+ environmentPolicy: "same_all_environments"
45
+ },
46
+ {
47
+ kind: "vercel",
48
+ target: "lucern",
49
+ environmentPolicy: "same_all_environments"
50
50
  }
51
51
  ],
52
- description: "Lucern-owned Neo4j username for platform graph-sync surfaces."
52
+ description: "Sentry release-upload token. Runtime services must not use it for authorization."
53
53
  },
54
54
  {
55
- id: "platform.neo4j.password",
56
- canonicalName: "NEO4J_PASSWORD",
57
- owner: "lucern_platform",
58
- scope: "environment",
59
- sourcePath: "/platform/graph/neo4j",
60
- environmentPolicy: "environment_specific",
55
+ id: "platform.sentry.org",
56
+ canonicalName: "SENTRY_ORG",
57
+ aliases: ["SENTRY_ORG_SLUG"],
58
+ owner: "provider",
59
+ scope: "global",
60
+ sourcePath: "/platform/observability/sentry",
61
+ environmentPolicy: "same_all_environments",
61
62
  required: false,
62
- secret: true,
63
+ secret: false,
63
64
  public: false,
64
- consumers: ["lucern-graph-sync", "lucern-repo-ci"],
65
+ consumers: ["lucern-repo-ci", "lucern-observability"],
65
66
  destinations: [
66
67
  {
67
- kind: "runtime_fetch",
68
- target: "lucern-graph-sync",
69
- environmentPolicy: "environment_specific"
68
+ kind: "github_actions",
69
+ target: "LucernAI/lucern",
70
+ environmentPolicy: "same_all_environments"
70
71
  },
72
+ {
73
+ kind: "vercel",
74
+ target: "lucern",
75
+ environmentPolicy: "same_all_environments"
76
+ }
77
+ ],
78
+ description: "Sentry organization slug for Lucern release uploads."
79
+ },
80
+ {
81
+ id: "platform.sentry.project",
82
+ canonicalName: "SENTRY_PROJECT",
83
+ aliases: ["SENTRY_PROJECT_NEXTJS"],
84
+ owner: "provider",
85
+ scope: "global",
86
+ sourcePath: "/platform/observability/sentry",
87
+ environmentPolicy: "same_all_environments",
88
+ required: false,
89
+ secret: false,
90
+ public: false,
91
+ consumers: ["lucern-repo-ci", "lucern-observability"],
92
+ destinations: [
71
93
  {
72
94
  kind: "github_actions",
73
95
  target: "LucernAI/lucern",
74
- environmentPolicy: "environment_specific"
96
+ environmentPolicy: "same_all_environments"
97
+ },
98
+ {
99
+ kind: "vercel",
100
+ target: "lucern",
101
+ environmentPolicy: "same_all_environments"
75
102
  }
76
103
  ],
77
- description: "Lucern-owned Neo4j password for platform graph-sync surfaces."
104
+ description: "Sentry project slug for Lucern release uploads."
78
105
  },
79
106
  {
80
- id: "platform.neo4j.sync-secret",
81
- canonicalName: "NEO4J_SYNC_SECRET",
82
- owner: "lucern_platform",
107
+ id: "platform.sentry.environment",
108
+ canonicalName: "SENTRY_ENVIRONMENT",
109
+ aliases: ["NEXT_PUBLIC_SENTRY_ENVIRONMENT"],
110
+ owner: "provider",
83
111
  scope: "environment",
84
- sourcePath: "/platform/graph/neo4j",
112
+ sourcePath: "/platform/observability/sentry",
85
113
  environmentPolicy: "environment_specific",
86
114
  required: false,
87
- secret: true,
115
+ secret: false,
88
116
  public: false,
89
- consumers: ["lucern-graph-sync", "lucern-repo-ci"],
117
+ consumers: ["lucern-web", "lucern-gateway", "lucern-observability"],
90
118
  destinations: [
91
119
  {
92
- kind: "runtime_fetch",
93
- target: "lucern-graph-sync",
94
- environmentPolicy: "environment_specific"
120
+ kind: "vercel",
121
+ target: "lucern",
122
+ environmentPolicy: "environment_specific",
123
+ writeNames: ["SENTRY_ENVIRONMENT", "NEXT_PUBLIC_SENTRY_ENVIRONMENT"]
95
124
  },
96
125
  {
97
- kind: "github_actions",
98
- target: "LucernAI/lucern",
126
+ kind: "vercel",
127
+ target: "lucern-gateway",
99
128
  environmentPolicy: "environment_specific"
100
129
  }
101
130
  ],
102
- description: "Shared secret protecting Lucern-owned graph-sync HTTP/query proxy calls."
131
+ description: "Lucern-owned Sentry environment label."
103
132
  },
104
133
  {
105
- id: "platform.neo4j.database",
106
- canonicalName: "NEO4J_DATABASE",
107
- owner: "lucern_platform",
134
+ id: "platform.sentry.release",
135
+ canonicalName: "SENTRY_RELEASE",
136
+ aliases: ["LUCERN_RELEASE", "NEXT_PUBLIC_SENTRY_RELEASE"],
137
+ owner: "provider",
108
138
  scope: "environment",
109
- sourcePath: "/platform/graph/neo4j",
139
+ sourcePath: "/platform/observability/sentry",
110
140
  environmentPolicy: "environment_specific",
111
141
  required: false,
112
142
  secret: false,
113
143
  public: false,
114
- consumers: ["lucern-graph-sync", "lucern-repo-ci"],
144
+ consumers: ["lucern-web", "lucern-gateway", "lucern-observability"],
115
145
  destinations: [
116
146
  {
117
- kind: "runtime_fetch",
118
- target: "lucern-graph-sync",
119
- environmentPolicy: "environment_specific"
147
+ kind: "vercel",
148
+ target: "lucern",
149
+ environmentPolicy: "environment_specific",
150
+ writeNames: [
151
+ "LUCERN_RELEASE",
152
+ "SENTRY_RELEASE",
153
+ "NEXT_PUBLIC_SENTRY_RELEASE"
154
+ ]
120
155
  },
121
156
  {
122
- kind: "github_actions",
123
- target: "LucernAI/lucern",
157
+ kind: "vercel",
158
+ target: "lucern-gateway",
124
159
  environmentPolicy: "environment_specific"
125
160
  }
126
161
  ],
127
- description: "Optional Neo4j database name for Lucern-owned graph-sync surfaces."
162
+ description: "Lucern-owned Sentry release name."
128
163
  }
129
164
  ];
130
- var PLATFORM_VECTOR_STORE_SECRET_DEFINITIONS = [
165
+ var PLATFORM_AXIOM_SECRET_DEFINITIONS = [
131
166
  {
132
- id: "platform.pinecone.api-key",
133
- canonicalName: "PINECONE_API_KEY",
134
- owner: "lucern_platform",
167
+ id: "platform.axiom.token",
168
+ canonicalName: "AXIOM_TOKEN",
169
+ aliases: ["LUCERN_AXIOM_TOKEN"],
170
+ owner: "provider",
135
171
  scope: "environment",
136
- sourcePath: "/platform/vector/pinecone",
172
+ sourcePath: "/platform/observability",
137
173
  environmentPolicy: "environment_specific",
138
174
  required: false,
139
175
  secret: true,
140
176
  public: false,
141
- consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
177
+ consumers: [
178
+ "lucern-cli",
179
+ "lucern-gateway",
180
+ "lucern-sdk",
181
+ "lucern-mcp",
182
+ "lucern-agent",
183
+ "lucern-railway-pdp",
184
+ "lucern-repo-ci",
185
+ "lucern-observability"
186
+ ],
142
187
  destinations: [
143
188
  {
144
189
  kind: "runtime_fetch",
145
- target: "lucern-ai-runtime",
190
+ target: "lucern-cli-mcp-sdk",
191
+ environmentPolicy: "environment_specific"
192
+ },
193
+ {
194
+ kind: "vercel",
195
+ target: "lucern-gateway",
146
196
  environmentPolicy: "environment_specific"
147
197
  },
148
198
  {
149
199
  kind: "github_actions",
150
200
  target: "LucernAI/lucern",
151
201
  environmentPolicy: "environment_specific"
202
+ },
203
+ {
204
+ kind: "operator_local",
205
+ target: "lucern-repo",
206
+ environmentPolicy: "environment_specific"
152
207
  }
153
208
  ],
154
- description: "Lucern-owned Pinecone API key for platform vector search."
209
+ description: "Axiom ingest/query token for Lucern operational telemetry. Runtime code must treat it as write/query telemetry authority, not graph-state authority."
155
210
  },
156
211
  {
157
- id: "platform.pinecone.index-name",
158
- canonicalName: "PINECONE_INDEX_NAME",
159
- aliases: ["PINECONE_INDEX"],
160
- owner: "lucern_platform",
212
+ id: "platform.axiom.events-dataset",
213
+ canonicalName: "LUCERN_AXIOM_EVENTS_DATASET",
214
+ aliases: ["AXIOM_DATASET", "AXIOM_EVENTS_DATASET", "LUCERN_AXIOM_DATASET"],
215
+ owner: "provider",
161
216
  scope: "environment",
162
- sourcePath: "/platform/vector/pinecone",
217
+ sourcePath: "/platform/observability",
163
218
  environmentPolicy: "environment_specific",
164
219
  required: false,
165
220
  secret: false,
166
221
  public: false,
167
- consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
222
+ consumers: [
223
+ "lucern-cli",
224
+ "lucern-gateway",
225
+ "lucern-sdk",
226
+ "lucern-mcp",
227
+ "lucern-agent",
228
+ "lucern-railway-pdp",
229
+ "lucern-repo-ci",
230
+ "lucern-observability"
231
+ ],
168
232
  destinations: [
169
233
  {
170
234
  kind: "runtime_fetch",
171
- target: "lucern-ai-runtime",
235
+ target: "lucern-cli-mcp-sdk",
236
+ environmentPolicy: "environment_specific"
237
+ },
238
+ {
239
+ kind: "vercel",
240
+ target: "lucern-gateway",
172
241
  environmentPolicy: "environment_specific"
173
242
  },
174
243
  {
175
244
  kind: "github_actions",
176
245
  target: "LucernAI/lucern",
177
246
  environmentPolicy: "environment_specific"
247
+ },
248
+ {
249
+ kind: "operator_local",
250
+ target: "lucern-repo",
251
+ environmentPolicy: "environment_specific"
178
252
  }
179
253
  ],
180
- description: "Lucern-owned Pinecone index name."
254
+ description: "Primary Axiom event dataset for non-sensitive CLI, gateway, SDK retry, PDP, deploy, and agent-run telemetry."
181
255
  },
182
256
  {
183
- id: "platform.pinecone.host",
184
- canonicalName: "PINECONE_HOST",
185
- aliases: ["PINECONE_INDEX_HOST"],
186
- owner: "lucern_platform",
257
+ id: "platform.axiom.logs-dataset",
258
+ canonicalName: "LUCERN_AXIOM_LOGS_DATASET",
259
+ aliases: ["AXIOM_LOGS_DATASET"],
260
+ owner: "provider",
187
261
  scope: "environment",
188
- sourcePath: "/platform/vector/pinecone",
262
+ sourcePath: "/platform/observability",
189
263
  environmentPolicy: "environment_specific",
190
264
  required: false,
191
265
  secret: false,
192
266
  public: false,
193
- consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
267
+ consumers: ["lucern-observability", "lucern-gateway", "lucern-repo-ci"],
194
268
  destinations: [
195
269
  {
196
270
  kind: "runtime_fetch",
197
- target: "lucern-ai-runtime",
271
+ target: "lucern-cli-mcp-sdk",
272
+ environmentPolicy: "environment_specific"
273
+ },
274
+ {
275
+ kind: "vercel",
276
+ target: "lucern-gateway",
198
277
  environmentPolicy: "environment_specific"
199
278
  },
200
279
  {
@@ -203,168 +282,137 @@ var PLATFORM_VECTOR_STORE_SECRET_DEFINITIONS = [
203
282
  environmentPolicy: "environment_specific"
204
283
  }
205
284
  ],
206
- description: "Lucern-owned Pinecone host/index host."
207
- }
208
- ];
209
- var PLATFORM_SENTRY_SECRET_DEFINITIONS = [
285
+ description: "Axiom OpenTelemetry log dataset for Lucern services."
286
+ },
210
287
  {
211
- id: "platform.sentry.dsn",
212
- canonicalName: "NEXT_PUBLIC_SENTRY_DSN",
213
- aliases: ["SENTRY_DSN", "NEXT_PUBLIC_SENTRY_DSN_NEXTJS"],
288
+ id: "platform.axiom.traces-dataset",
289
+ canonicalName: "LUCERN_AXIOM_TRACES_DATASET",
290
+ aliases: ["AXIOM_TRACES_DATASET"],
214
291
  owner: "provider",
215
292
  scope: "environment",
216
- sourcePath: "/platform/observability/sentry",
293
+ sourcePath: "/platform/observability",
217
294
  environmentPolicy: "environment_specific",
218
295
  required: false,
219
296
  secret: false,
220
- public: true,
221
- consumers: ["lucern-web", "lucern-gateway", "lucern-observability"],
297
+ public: false,
298
+ consumers: ["lucern-observability", "lucern-gateway", "lucern-repo-ci"],
222
299
  destinations: [
223
300
  {
224
- kind: "vercel",
225
- target: "lucern",
301
+ kind: "runtime_fetch",
302
+ target: "lucern-cli-mcp-sdk",
226
303
  environmentPolicy: "environment_specific"
227
304
  },
228
305
  {
229
306
  kind: "vercel",
230
307
  target: "lucern-gateway",
231
308
  environmentPolicy: "environment_specific"
232
- }
233
- ],
234
- description: "Lucern-owned Sentry DSN for browser/server error telemetry."
235
- },
236
- {
237
- id: "platform.sentry.auth-token",
238
- canonicalName: "SENTRY_AUTH_TOKEN",
239
- owner: "provider",
240
- scope: "environment",
241
- sourcePath: "/platform/observability/sentry",
242
- environmentPolicy: "same_all_environments",
243
- required: false,
244
- secret: true,
245
- public: false,
246
- consumers: ["lucern-repo-ci", "lucern-observability"],
247
- destinations: [
248
- {
249
- kind: "github_actions",
250
- target: "LucernAI/lucern",
251
- environmentPolicy: "same_all_environments"
252
309
  },
253
- {
254
- kind: "vercel",
255
- target: "lucern",
256
- environmentPolicy: "same_all_environments"
257
- }
258
- ],
259
- description: "Sentry release-upload token. Runtime services must not use it for authorization."
260
- },
261
- {
262
- id: "platform.sentry.org",
263
- canonicalName: "SENTRY_ORG",
264
- aliases: ["SENTRY_ORG_SLUG"],
265
- owner: "provider",
266
- scope: "global",
267
- sourcePath: "/platform/observability/sentry",
268
- environmentPolicy: "same_all_environments",
269
- required: false,
270
- secret: false,
271
- public: false,
272
- consumers: ["lucern-repo-ci", "lucern-observability"],
273
- destinations: [
274
310
  {
275
311
  kind: "github_actions",
276
312
  target: "LucernAI/lucern",
277
- environmentPolicy: "same_all_environments"
278
- },
279
- {
280
- kind: "vercel",
281
- target: "lucern",
282
- environmentPolicy: "same_all_environments"
313
+ environmentPolicy: "environment_specific"
283
314
  }
284
315
  ],
285
- description: "Sentry organization slug for Lucern release uploads."
316
+ description: "Axiom OpenTelemetry trace dataset for Lucern services."
286
317
  },
287
318
  {
288
- id: "platform.sentry.project",
289
- canonicalName: "SENTRY_PROJECT",
290
- aliases: ["SENTRY_PROJECT_NEXTJS"],
319
+ id: "platform.axiom.metrics-dataset",
320
+ canonicalName: "LUCERN_AXIOM_METRICS_DATASET",
321
+ aliases: ["AXIOM_METRICS_DATASET"],
291
322
  owner: "provider",
292
- scope: "global",
293
- sourcePath: "/platform/observability/sentry",
294
- environmentPolicy: "same_all_environments",
323
+ scope: "environment",
324
+ sourcePath: "/platform/observability",
325
+ environmentPolicy: "environment_specific",
295
326
  required: false,
296
327
  secret: false,
297
328
  public: false,
298
- consumers: ["lucern-repo-ci", "lucern-observability"],
329
+ consumers: ["lucern-observability", "lucern-gateway", "lucern-repo-ci"],
299
330
  destinations: [
300
- {
301
- kind: "github_actions",
302
- target: "LucernAI/lucern",
303
- environmentPolicy: "same_all_environments"
331
+ {
332
+ kind: "runtime_fetch",
333
+ target: "lucern-cli-mcp-sdk",
334
+ environmentPolicy: "environment_specific"
304
335
  },
305
336
  {
306
337
  kind: "vercel",
307
- target: "lucern",
308
- environmentPolicy: "same_all_environments"
338
+ target: "lucern-gateway",
339
+ environmentPolicy: "environment_specific"
340
+ },
341
+ {
342
+ kind: "github_actions",
343
+ target: "LucernAI/lucern",
344
+ environmentPolicy: "environment_specific"
309
345
  }
310
346
  ],
311
- description: "Sentry project slug for Lucern release uploads."
347
+ description: "Axiom OpenTelemetry metric dataset for Lucern services."
312
348
  },
313
349
  {
314
- id: "platform.sentry.environment",
315
- canonicalName: "SENTRY_ENVIRONMENT",
316
- aliases: ["NEXT_PUBLIC_SENTRY_ENVIRONMENT"],
350
+ id: "platform.axiom.api-url",
351
+ canonicalName: "LUCERN_AXIOM_API_URL",
352
+ aliases: ["AXIOM_URL"],
317
353
  owner: "provider",
318
354
  scope: "environment",
319
- sourcePath: "/platform/observability/sentry",
355
+ sourcePath: "/platform/observability",
320
356
  environmentPolicy: "environment_specific",
321
357
  required: false,
322
358
  secret: false,
323
359
  public: false,
324
- consumers: ["lucern-web", "lucern-gateway", "lucern-observability"],
360
+ consumers: [
361
+ "lucern-cli",
362
+ "lucern-gateway",
363
+ "lucern-sdk",
364
+ "lucern-mcp",
365
+ "lucern-agent",
366
+ "lucern-repo-ci"
367
+ ],
325
368
  destinations: [
326
369
  {
327
- kind: "vercel",
328
- target: "lucern",
329
- environmentPolicy: "environment_specific",
330
- writeNames: ["SENTRY_ENVIRONMENT", "NEXT_PUBLIC_SENTRY_ENVIRONMENT"]
370
+ kind: "runtime_fetch",
371
+ target: "lucern-cli-mcp-sdk",
372
+ environmentPolicy: "environment_specific"
331
373
  },
332
374
  {
333
375
  kind: "vercel",
334
376
  target: "lucern-gateway",
335
377
  environmentPolicy: "environment_specific"
378
+ },
379
+ {
380
+ kind: "operator_local",
381
+ target: "lucern-repo",
382
+ environmentPolicy: "environment_specific"
336
383
  }
337
384
  ],
338
- description: "Lucern-owned Sentry environment label."
385
+ description: "Axiom API URL. Defaults to https://api.axiom.co when unset."
339
386
  },
340
387
  {
341
- id: "platform.sentry.release",
342
- canonicalName: "SENTRY_RELEASE",
343
- aliases: ["NEXT_PUBLIC_SENTRY_RELEASE"],
388
+ id: "platform.axiom.otlp-endpoint",
389
+ canonicalName: "OTEL_EXPORTER_OTLP_ENDPOINT",
390
+ aliases: ["LUCERN_AXIOM_OTLP_ENDPOINT"],
344
391
  owner: "provider",
345
392
  scope: "environment",
346
- sourcePath: "/platform/observability/sentry",
393
+ sourcePath: "/platform/observability",
347
394
  environmentPolicy: "environment_specific",
348
395
  required: false,
349
396
  secret: false,
350
397
  public: false,
351
- consumers: ["lucern-web", "lucern-gateway", "lucern-observability"],
398
+ consumers: ["lucern-gateway", "lucern-railway-pdp", "lucern-observability"],
352
399
  destinations: [
353
400
  {
354
401
  kind: "vercel",
355
- target: "lucern",
356
- environmentPolicy: "environment_specific",
357
- writeNames: ["SENTRY_RELEASE", "NEXT_PUBLIC_SENTRY_RELEASE"]
402
+ target: "lucern-gateway",
403
+ environmentPolicy: "environment_specific"
358
404
  },
359
405
  {
360
- kind: "vercel",
361
- target: "lucern-gateway",
406
+ kind: "operator_local",
407
+ target: "lucern-repo",
362
408
  environmentPolicy: "environment_specific"
363
409
  }
364
410
  ],
365
- description: "Lucern-owned Sentry release name."
411
+ description: "OTLP endpoint used by services that emit OpenTelemetry logs, metrics, and traces to Axiom."
366
412
  }
367
413
  ];
414
+
415
+ // src/infisical-runtime.platform-automation-secrets.ts
368
416
  var PLATFORM_DEPLOY_AUTOMATION_SECRET_DEFINITIONS = [
369
417
  {
370
418
  id: "platform.deploy.vercel-token",
@@ -957,6 +1005,215 @@ var PLATFORM_LOCAL_OPERATOR_CONFIG_SECRET_DEFINITIONS = [
957
1005
  }
958
1006
  ];
959
1007
 
960
- export { PLATFORM_DEPLOY_AUTOMATION_SECRET_DEFINITIONS, PLATFORM_GRAPH_STORE_SECRET_DEFINITIONS, PLATFORM_LOCAL_OPERATOR_CONFIG_SECRET_DEFINITIONS, PLATFORM_SENTRY_SECRET_DEFINITIONS, PLATFORM_VECTOR_STORE_SECRET_DEFINITIONS };
1008
+ // src/infisical-runtime.platform-ops-secrets.ts
1009
+ var PLATFORM_GRAPH_STORE_SECRET_DEFINITIONS = [
1010
+ {
1011
+ id: "platform.neo4j.uri",
1012
+ canonicalName: "NEO4J_URI",
1013
+ owner: "lucern_platform",
1014
+ scope: "environment",
1015
+ sourcePath: "/platform/graph/neo4j",
1016
+ environmentPolicy: "environment_specific",
1017
+ required: false,
1018
+ secret: false,
1019
+ public: false,
1020
+ consumers: ["lucern-graph-sync", "lucern-repo-ci"],
1021
+ destinations: [
1022
+ {
1023
+ kind: "runtime_fetch",
1024
+ target: "lucern-graph-sync",
1025
+ environmentPolicy: "environment_specific"
1026
+ },
1027
+ {
1028
+ kind: "github_actions",
1029
+ target: "LucernAI/lucern",
1030
+ environmentPolicy: "environment_specific"
1031
+ }
1032
+ ],
1033
+ description: "Lucern-owned Neo4j URI for platform graph-sync surfaces."
1034
+ },
1035
+ {
1036
+ id: "platform.neo4j.user",
1037
+ canonicalName: "NEO4J_USER",
1038
+ aliases: ["NEO4J_USERNAME"],
1039
+ owner: "lucern_platform",
1040
+ scope: "environment",
1041
+ sourcePath: "/platform/graph/neo4j",
1042
+ environmentPolicy: "environment_specific",
1043
+ required: false,
1044
+ secret: false,
1045
+ public: false,
1046
+ consumers: ["lucern-graph-sync", "lucern-repo-ci"],
1047
+ destinations: [
1048
+ {
1049
+ kind: "runtime_fetch",
1050
+ target: "lucern-graph-sync",
1051
+ environmentPolicy: "environment_specific"
1052
+ },
1053
+ {
1054
+ kind: "github_actions",
1055
+ target: "LucernAI/lucern",
1056
+ environmentPolicy: "environment_specific"
1057
+ }
1058
+ ],
1059
+ description: "Lucern-owned Neo4j username for platform graph-sync surfaces."
1060
+ },
1061
+ {
1062
+ id: "platform.neo4j.password",
1063
+ canonicalName: "NEO4J_PASSWORD",
1064
+ owner: "lucern_platform",
1065
+ scope: "environment",
1066
+ sourcePath: "/platform/graph/neo4j",
1067
+ environmentPolicy: "environment_specific",
1068
+ required: false,
1069
+ secret: true,
1070
+ public: false,
1071
+ consumers: ["lucern-graph-sync", "lucern-repo-ci"],
1072
+ destinations: [
1073
+ {
1074
+ kind: "runtime_fetch",
1075
+ target: "lucern-graph-sync",
1076
+ environmentPolicy: "environment_specific"
1077
+ },
1078
+ {
1079
+ kind: "github_actions",
1080
+ target: "LucernAI/lucern",
1081
+ environmentPolicy: "environment_specific"
1082
+ }
1083
+ ],
1084
+ description: "Lucern-owned Neo4j password for platform graph-sync surfaces."
1085
+ },
1086
+ {
1087
+ id: "platform.neo4j.sync-secret",
1088
+ canonicalName: "NEO4J_SYNC_SECRET",
1089
+ owner: "lucern_platform",
1090
+ scope: "environment",
1091
+ sourcePath: "/platform/graph/neo4j",
1092
+ environmentPolicy: "environment_specific",
1093
+ required: false,
1094
+ secret: true,
1095
+ public: false,
1096
+ consumers: ["lucern-graph-sync", "lucern-repo-ci"],
1097
+ destinations: [
1098
+ {
1099
+ kind: "runtime_fetch",
1100
+ target: "lucern-graph-sync",
1101
+ environmentPolicy: "environment_specific"
1102
+ },
1103
+ {
1104
+ kind: "github_actions",
1105
+ target: "LucernAI/lucern",
1106
+ environmentPolicy: "environment_specific"
1107
+ }
1108
+ ],
1109
+ description: "Shared secret protecting Lucern-owned graph-sync HTTP/query proxy calls."
1110
+ },
1111
+ {
1112
+ id: "platform.neo4j.database",
1113
+ canonicalName: "NEO4J_DATABASE",
1114
+ owner: "lucern_platform",
1115
+ scope: "environment",
1116
+ sourcePath: "/platform/graph/neo4j",
1117
+ environmentPolicy: "environment_specific",
1118
+ required: false,
1119
+ secret: false,
1120
+ public: false,
1121
+ consumers: ["lucern-graph-sync", "lucern-repo-ci"],
1122
+ destinations: [
1123
+ {
1124
+ kind: "runtime_fetch",
1125
+ target: "lucern-graph-sync",
1126
+ environmentPolicy: "environment_specific"
1127
+ },
1128
+ {
1129
+ kind: "github_actions",
1130
+ target: "LucernAI/lucern",
1131
+ environmentPolicy: "environment_specific"
1132
+ }
1133
+ ],
1134
+ description: "Optional Neo4j database name for Lucern-owned graph-sync surfaces."
1135
+ }
1136
+ ];
1137
+ var PLATFORM_VECTOR_STORE_SECRET_DEFINITIONS = [
1138
+ {
1139
+ id: "platform.pinecone.api-key",
1140
+ canonicalName: "PINECONE_API_KEY",
1141
+ owner: "lucern_platform",
1142
+ scope: "environment",
1143
+ sourcePath: "/platform/vector/pinecone",
1144
+ environmentPolicy: "environment_specific",
1145
+ required: false,
1146
+ secret: true,
1147
+ public: false,
1148
+ consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
1149
+ destinations: [
1150
+ {
1151
+ kind: "runtime_fetch",
1152
+ target: "lucern-ai-runtime",
1153
+ environmentPolicy: "environment_specific"
1154
+ },
1155
+ {
1156
+ kind: "github_actions",
1157
+ target: "LucernAI/lucern",
1158
+ environmentPolicy: "environment_specific"
1159
+ }
1160
+ ],
1161
+ description: "Lucern-owned Pinecone API key for platform vector search."
1162
+ },
1163
+ {
1164
+ id: "platform.pinecone.index-name",
1165
+ canonicalName: "PINECONE_INDEX_NAME",
1166
+ aliases: ["PINECONE_INDEX"],
1167
+ owner: "lucern_platform",
1168
+ scope: "environment",
1169
+ sourcePath: "/platform/vector/pinecone",
1170
+ environmentPolicy: "environment_specific",
1171
+ required: false,
1172
+ secret: false,
1173
+ public: false,
1174
+ consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
1175
+ destinations: [
1176
+ {
1177
+ kind: "runtime_fetch",
1178
+ target: "lucern-ai-runtime",
1179
+ environmentPolicy: "environment_specific"
1180
+ },
1181
+ {
1182
+ kind: "github_actions",
1183
+ target: "LucernAI/lucern",
1184
+ environmentPolicy: "environment_specific"
1185
+ }
1186
+ ],
1187
+ description: "Lucern-owned Pinecone index name."
1188
+ },
1189
+ {
1190
+ id: "platform.pinecone.host",
1191
+ canonicalName: "PINECONE_HOST",
1192
+ aliases: ["PINECONE_INDEX_HOST"],
1193
+ owner: "lucern_platform",
1194
+ scope: "environment",
1195
+ sourcePath: "/platform/vector/pinecone",
1196
+ environmentPolicy: "environment_specific",
1197
+ required: false,
1198
+ secret: false,
1199
+ public: false,
1200
+ consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
1201
+ destinations: [
1202
+ {
1203
+ kind: "runtime_fetch",
1204
+ target: "lucern-ai-runtime",
1205
+ environmentPolicy: "environment_specific"
1206
+ },
1207
+ {
1208
+ kind: "github_actions",
1209
+ target: "LucernAI/lucern",
1210
+ environmentPolicy: "environment_specific"
1211
+ }
1212
+ ],
1213
+ description: "Lucern-owned Pinecone host/index host."
1214
+ }
1215
+ ];
1216
+
1217
+ export { PLATFORM_AXIOM_SECRET_DEFINITIONS, PLATFORM_DEPLOY_AUTOMATION_SECRET_DEFINITIONS, PLATFORM_GRAPH_STORE_SECRET_DEFINITIONS, PLATFORM_LOCAL_OPERATOR_CONFIG_SECRET_DEFINITIONS, PLATFORM_SENTRY_SECRET_DEFINITIONS, PLATFORM_VECTOR_STORE_SECRET_DEFINITIONS };
961
1218
  //# sourceMappingURL=infisical-runtime.platform-ops-secrets.js.map
962
1219
  //# sourceMappingURL=infisical-runtime.platform-ops-secrets.js.map