@lucern/contracts 1.0.1 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/dist/function-registry/worktrees.js +1 -1
- package/dist/function-registry/worktrees.js.map +1 -1
- package/dist/generated/infisicalRuntimeEnv.js +2815 -336
- package/dist/generated/infisicalRuntimeEnv.js.map +1 -1
- package/dist/index.js +3250 -510
- package/dist/index.js.map +1 -1
- package/dist/infisical-runtime.base.d.ts +1 -1
- package/dist/infisical-runtime.base.js +3 -0
- package/dist/infisical-runtime.base.js.map +1 -1
- package/dist/infisical-runtime.contract.d.ts +188 -2
- package/dist/infisical-runtime.contract.js +494 -233
- package/dist/infisical-runtime.contract.js.map +1 -1
- package/dist/infisical-runtime.platform-automation-secrets.d.ts +436 -0
- package/dist/infisical-runtime.platform-automation-secrets.js +596 -0
- package/dist/infisical-runtime.platform-automation-secrets.js.map +1 -0
- package/dist/infisical-runtime.platform-observability-secrets.d.ts +323 -0
- package/dist/infisical-runtime.platform-observability-secrets.js +417 -0
- package/dist/infisical-runtime.platform-observability-secrets.js.map +1 -0
- package/dist/infisical-runtime.platform-ops-secrets.d.ts +4 -569
- package/dist/infisical-runtime.platform-ops-secrets.js +440 -183
- package/dist/infisical-runtime.platform-ops-secrets.js.map +1 -1
- package/dist/infisical-runtime.tenant-secrets.js.map +1 -1
- package/dist/manifests/infisical-runtime-manifest.d.ts +188 -2
- package/dist/manifests/infisical-runtime-manifest.js +439 -181
- package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
- package/dist/proof-attestation.json +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,436 @@
|
|
|
1
|
+
declare const PLATFORM_DEPLOY_AUTOMATION_SECRET_DEFINITIONS: readonly [{
|
|
2
|
+
readonly id: "platform.deploy.vercel-token";
|
|
3
|
+
readonly canonicalName: "VERCEL_TOKEN";
|
|
4
|
+
readonly owner: "provider";
|
|
5
|
+
readonly scope: "global";
|
|
6
|
+
readonly sourcePath: "/platform/deploy/vercel";
|
|
7
|
+
readonly environmentPolicy: "same_all_environments";
|
|
8
|
+
readonly required: false;
|
|
9
|
+
readonly secret: true;
|
|
10
|
+
readonly public: false;
|
|
11
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
12
|
+
readonly destinations: readonly [{
|
|
13
|
+
readonly kind: "github_actions";
|
|
14
|
+
readonly target: "LucernAI/lucern";
|
|
15
|
+
readonly environmentPolicy: "same_all_environments";
|
|
16
|
+
}, {
|
|
17
|
+
readonly kind: "operator_local";
|
|
18
|
+
readonly target: "secret-sync-writer";
|
|
19
|
+
readonly environmentPolicy: "same_all_environments";
|
|
20
|
+
}];
|
|
21
|
+
readonly description: "Vercel API token for the future reviewed live writer. Never copy into tenant apps.";
|
|
22
|
+
}, {
|
|
23
|
+
readonly id: "platform.deploy.vercel-token.stack";
|
|
24
|
+
readonly canonicalName: "STACK_VERCEL_TOKEN";
|
|
25
|
+
readonly owner: "provider";
|
|
26
|
+
readonly scope: "global";
|
|
27
|
+
readonly sourcePath: "/platform/deploy/vercel";
|
|
28
|
+
readonly environmentPolicy: "same_all_environments";
|
|
29
|
+
readonly required: false;
|
|
30
|
+
readonly secret: true;
|
|
31
|
+
readonly public: false;
|
|
32
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
33
|
+
readonly destinations: readonly [{
|
|
34
|
+
readonly kind: "operator_local";
|
|
35
|
+
readonly target: "secret-sync-writer";
|
|
36
|
+
readonly environmentPolicy: "same_all_environments";
|
|
37
|
+
}];
|
|
38
|
+
readonly description: "Stack Vercel API token for manifest-scoped Stack tenant Vercel secret sync. Never copy into tenant apps.";
|
|
39
|
+
}, {
|
|
40
|
+
readonly id: "platform.deploy.vercel-token.lucern";
|
|
41
|
+
readonly canonicalName: "LUCERN_VERCEL_TOKEN";
|
|
42
|
+
readonly owner: "provider";
|
|
43
|
+
readonly scope: "global";
|
|
44
|
+
readonly sourcePath: "/platform/deploy/vercel";
|
|
45
|
+
readonly environmentPolicy: "same_all_environments";
|
|
46
|
+
readonly required: false;
|
|
47
|
+
readonly secret: true;
|
|
48
|
+
readonly public: false;
|
|
49
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
50
|
+
readonly destinations: readonly [{
|
|
51
|
+
readonly kind: "operator_local";
|
|
52
|
+
readonly target: "secret-sync-writer";
|
|
53
|
+
readonly environmentPolicy: "same_all_environments";
|
|
54
|
+
}];
|
|
55
|
+
readonly description: "Lucern Vercel API token for manifest-scoped Lucern tenant Vercel secret sync. Never copy into tenant apps.";
|
|
56
|
+
}, {
|
|
57
|
+
readonly id: "platform.deploy.vercel-org-id";
|
|
58
|
+
readonly canonicalName: "VERCEL_ORG_ID";
|
|
59
|
+
readonly owner: "provider";
|
|
60
|
+
readonly scope: "global";
|
|
61
|
+
readonly sourcePath: "/platform/deploy/vercel";
|
|
62
|
+
readonly environmentPolicy: "same_all_environments";
|
|
63
|
+
readonly required: false;
|
|
64
|
+
readonly secret: false;
|
|
65
|
+
readonly public: false;
|
|
66
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
67
|
+
readonly destinations: readonly [{
|
|
68
|
+
readonly kind: "github_actions";
|
|
69
|
+
readonly target: "LucernAI/lucern";
|
|
70
|
+
readonly environmentPolicy: "same_all_environments";
|
|
71
|
+
}, {
|
|
72
|
+
readonly kind: "operator_local";
|
|
73
|
+
readonly target: "secret-sync-writer";
|
|
74
|
+
readonly environmentPolicy: "same_all_environments";
|
|
75
|
+
}];
|
|
76
|
+
readonly description: "Vercel team/org id used by deployment and sync automation.";
|
|
77
|
+
}, {
|
|
78
|
+
readonly id: "platform.deploy.socket-api-key";
|
|
79
|
+
readonly canonicalName: "SOCKET_API_KEY";
|
|
80
|
+
readonly aliases: readonly ["socket_token", "SOCKET_SECURITY_API_KEY", "SOCKET_SECURITY_API_TOKEN"];
|
|
81
|
+
readonly owner: "provider";
|
|
82
|
+
readonly scope: "global";
|
|
83
|
+
readonly sourcePath: "/platform/deploy";
|
|
84
|
+
readonly environmentPolicy: "same_all_environments";
|
|
85
|
+
readonly required: false;
|
|
86
|
+
readonly secret: true;
|
|
87
|
+
readonly public: false;
|
|
88
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
89
|
+
readonly destinations: readonly [{
|
|
90
|
+
readonly kind: "github_actions";
|
|
91
|
+
readonly target: "LucernAI/lucern";
|
|
92
|
+
readonly environmentPolicy: "same_all_environments";
|
|
93
|
+
readonly writeNames: readonly ["SOCKET_API_KEY", "SOCKET_SECURITY_API_KEY", "SOCKET_SECURITY_API_TOKEN"];
|
|
94
|
+
}, {
|
|
95
|
+
readonly kind: "operator_local";
|
|
96
|
+
readonly target: "socket-firewall-wrapper";
|
|
97
|
+
readonly environmentPolicy: "same_all_environments";
|
|
98
|
+
readonly writeNames: readonly ["SOCKET_API_KEY", "SOCKET_SECURITY_API_KEY", "SOCKET_SECURITY_API_TOKEN"];
|
|
99
|
+
}];
|
|
100
|
+
readonly description: "Socket API token for authenticated Socket Firewall wrapper, CLI, and CI policy checks.";
|
|
101
|
+
}, {
|
|
102
|
+
readonly id: "platform.deploy.socket-token-hash";
|
|
103
|
+
readonly canonicalName: "SOCKET_TOKEN_HASH";
|
|
104
|
+
readonly aliases: readonly ["socket_token_hash", "SOCKET_API_KEY_HASH"];
|
|
105
|
+
readonly owner: "provider";
|
|
106
|
+
readonly scope: "global";
|
|
107
|
+
readonly sourcePath: "/platform/deploy";
|
|
108
|
+
readonly environmentPolicy: "same_all_environments";
|
|
109
|
+
readonly required: false;
|
|
110
|
+
readonly secret: true;
|
|
111
|
+
readonly public: false;
|
|
112
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
113
|
+
readonly destinations: readonly [{
|
|
114
|
+
readonly kind: "operator_local";
|
|
115
|
+
readonly target: "socket-token-audit";
|
|
116
|
+
readonly environmentPolicy: "same_all_environments";
|
|
117
|
+
}];
|
|
118
|
+
readonly description: "Socket token fingerprint retained for rotation evidence; not consumed by Socket tooling.";
|
|
119
|
+
}];
|
|
120
|
+
declare const PLATFORM_LOCAL_OPERATOR_CONFIG_SECRET_DEFINITIONS: readonly [{
|
|
121
|
+
readonly id: "platform.docs.gap-audit-api-key";
|
|
122
|
+
readonly canonicalName: "DOC_GAP_AUDIT_API_KEY";
|
|
123
|
+
readonly owner: "lucern_platform";
|
|
124
|
+
readonly scope: "environment";
|
|
125
|
+
readonly sourcePath: "/platform/docs";
|
|
126
|
+
readonly environmentPolicy: "environment_specific";
|
|
127
|
+
readonly required: false;
|
|
128
|
+
readonly secret: true;
|
|
129
|
+
readonly public: false;
|
|
130
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
131
|
+
readonly destinations: readonly [{
|
|
132
|
+
readonly kind: "github_actions";
|
|
133
|
+
readonly target: "LucernAI/lucern";
|
|
134
|
+
readonly environmentPolicy: "environment_specific";
|
|
135
|
+
}, {
|
|
136
|
+
readonly kind: "operator_local";
|
|
137
|
+
readonly target: "lucern-repo";
|
|
138
|
+
readonly environmentPolicy: "environment_specific";
|
|
139
|
+
}];
|
|
140
|
+
readonly description: "Optional model key for docs gap audits.";
|
|
141
|
+
}, {
|
|
142
|
+
readonly id: "platform.docs.gap-audit-provider";
|
|
143
|
+
readonly canonicalName: "DOC_GAP_AUDIT_PROVIDER";
|
|
144
|
+
readonly owner: "lucern_platform";
|
|
145
|
+
readonly scope: "environment";
|
|
146
|
+
readonly sourcePath: "/platform/docs";
|
|
147
|
+
readonly environmentPolicy: "environment_specific";
|
|
148
|
+
readonly required: false;
|
|
149
|
+
readonly secret: false;
|
|
150
|
+
readonly public: false;
|
|
151
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
152
|
+
readonly destinations: readonly [{
|
|
153
|
+
readonly kind: "github_actions";
|
|
154
|
+
readonly target: "LucernAI/lucern";
|
|
155
|
+
readonly environmentPolicy: "environment_specific";
|
|
156
|
+
}, {
|
|
157
|
+
readonly kind: "operator_local";
|
|
158
|
+
readonly target: "lucern-repo";
|
|
159
|
+
readonly environmentPolicy: "environment_specific";
|
|
160
|
+
}];
|
|
161
|
+
readonly description: "Optional docs gap audit provider selector.";
|
|
162
|
+
}, {
|
|
163
|
+
readonly id: "platform.docs.gap-audit-model";
|
|
164
|
+
readonly canonicalName: "DOC_GAP_AUDIT_MODEL";
|
|
165
|
+
readonly owner: "lucern_platform";
|
|
166
|
+
readonly scope: "environment";
|
|
167
|
+
readonly sourcePath: "/platform/docs";
|
|
168
|
+
readonly environmentPolicy: "environment_specific";
|
|
169
|
+
readonly required: false;
|
|
170
|
+
readonly secret: false;
|
|
171
|
+
readonly public: false;
|
|
172
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
173
|
+
readonly destinations: readonly [{
|
|
174
|
+
readonly kind: "github_actions";
|
|
175
|
+
readonly target: "LucernAI/lucern";
|
|
176
|
+
readonly environmentPolicy: "environment_specific";
|
|
177
|
+
}, {
|
|
178
|
+
readonly kind: "operator_local";
|
|
179
|
+
readonly target: "lucern-repo";
|
|
180
|
+
readonly environmentPolicy: "environment_specific";
|
|
181
|
+
}];
|
|
182
|
+
readonly description: "Optional docs gap audit model selector.";
|
|
183
|
+
}, {
|
|
184
|
+
readonly id: "platform.infisical.local-cli";
|
|
185
|
+
readonly canonicalName: "INFISICAL_BIN";
|
|
186
|
+
readonly aliases: readonly ["INFISICAL_API_URL", "INFISICAL_URL"];
|
|
187
|
+
readonly owner: "lucern_platform";
|
|
188
|
+
readonly scope: "global";
|
|
189
|
+
readonly sourcePath: "/platform/infisical";
|
|
190
|
+
readonly environmentPolicy: "same_all_environments";
|
|
191
|
+
readonly required: false;
|
|
192
|
+
readonly secret: false;
|
|
193
|
+
readonly public: false;
|
|
194
|
+
readonly consumers: readonly ["mc-operator-tooling", "lucern-repo-ci"];
|
|
195
|
+
readonly destinations: readonly [{
|
|
196
|
+
readonly kind: "operator_local";
|
|
197
|
+
readonly target: "lucern-repo";
|
|
198
|
+
readonly environmentPolicy: "same_all_environments";
|
|
199
|
+
}];
|
|
200
|
+
readonly description: "Operator-only Infisical CLI/API location knobs. Machine credentials are handled by the bootstrap contract.";
|
|
201
|
+
}, {
|
|
202
|
+
readonly id: "platform.gateway.device-verification-base-url";
|
|
203
|
+
readonly canonicalName: "LUCERN_DEVICE_VERIFICATION_BASE_URL";
|
|
204
|
+
readonly owner: "lucern_platform";
|
|
205
|
+
readonly scope: "environment";
|
|
206
|
+
readonly sourcePath: "/platform/runtime";
|
|
207
|
+
readonly environmentPolicy: "environment_specific";
|
|
208
|
+
readonly required: false;
|
|
209
|
+
readonly secret: false;
|
|
210
|
+
readonly public: false;
|
|
211
|
+
readonly consumers: readonly ["lucern-gateway"];
|
|
212
|
+
readonly destinations: readonly [{
|
|
213
|
+
readonly kind: "vercel";
|
|
214
|
+
readonly target: "lucern-gateway";
|
|
215
|
+
readonly environmentPolicy: "environment_specific";
|
|
216
|
+
}];
|
|
217
|
+
readonly description: "Base URL shown during Lucern CLI/device authentication.";
|
|
218
|
+
}, {
|
|
219
|
+
readonly id: "platform.gateway.mode";
|
|
220
|
+
readonly canonicalName: "LUCERN_GATEWAY_MODE";
|
|
221
|
+
readonly aliases: readonly ["LUCERN_GATEWAY_ENV"];
|
|
222
|
+
readonly owner: "lucern_platform";
|
|
223
|
+
readonly scope: "environment";
|
|
224
|
+
readonly sourcePath: "/platform/runtime";
|
|
225
|
+
readonly environmentPolicy: "environment_specific";
|
|
226
|
+
readonly required: false;
|
|
227
|
+
readonly secret: false;
|
|
228
|
+
readonly public: false;
|
|
229
|
+
readonly consumers: readonly ["lucern-gateway", "lucern-repo-ci"];
|
|
230
|
+
readonly destinations: readonly [{
|
|
231
|
+
readonly kind: "vercel";
|
|
232
|
+
readonly target: "lucern-gateway";
|
|
233
|
+
readonly environmentPolicy: "environment_specific";
|
|
234
|
+
}, {
|
|
235
|
+
readonly kind: "github_actions";
|
|
236
|
+
readonly target: "LucernAI/lucern";
|
|
237
|
+
readonly environmentPolicy: "environment_specific";
|
|
238
|
+
}];
|
|
239
|
+
readonly description: "Gateway runtime mode/environment label.";
|
|
240
|
+
}, {
|
|
241
|
+
readonly id: "platform.mcp.runtime";
|
|
242
|
+
readonly canonicalName: "LUCERN_MCP_URL";
|
|
243
|
+
readonly aliases: readonly ["LUCERN_AGENT_IDENTITY", "LUCERN_HTTP_HOST", "LUCERN_HTTP_PORT", "LUCERN_MCP_ALLOW_API_KEY_PASSTHROUGH", "LUCERN_MCP_DEBUG", "LUCERN_MCP_DIAGNOSTICS_FILE", "LUCERN_MCP_HEALTH_PATH", "LUCERN_MCP_HEALTH_URL", "LUCERN_MCP_HOST", "LUCERN_MCP_PATH", "LUCERN_MCP_PORT", "LUCERN_MCP_QUIET", "LUCERN_MCP_TRANSPORT", "LUCERN_PROFILE", "LUCERN_PUBLIC_URL", "MCP_SERVER_URL"];
|
|
244
|
+
readonly owner: "lucern_platform";
|
|
245
|
+
readonly scope: "environment";
|
|
246
|
+
readonly sourcePath: "/platform/runtime";
|
|
247
|
+
readonly environmentPolicy: "environment_specific";
|
|
248
|
+
readonly required: false;
|
|
249
|
+
readonly secret: false;
|
|
250
|
+
readonly public: false;
|
|
251
|
+
readonly consumers: readonly ["lucern-mcp", "lucern-cli", "lucern-repo-ci"];
|
|
252
|
+
readonly destinations: readonly [{
|
|
253
|
+
readonly kind: "runtime_fetch";
|
|
254
|
+
readonly target: "lucern-cli-mcp-sdk";
|
|
255
|
+
readonly environmentPolicy: "environment_specific";
|
|
256
|
+
}, {
|
|
257
|
+
readonly kind: "operator_local";
|
|
258
|
+
readonly target: "lucern-repo";
|
|
259
|
+
readonly environmentPolicy: "environment_specific";
|
|
260
|
+
}];
|
|
261
|
+
readonly description: "Lucern MCP/CLI runtime knobs. Aliases are compatibility names and not Vercel write names.";
|
|
262
|
+
}, {
|
|
263
|
+
readonly id: "platform.mcp.auth-token";
|
|
264
|
+
readonly canonicalName: "LUCERN_MCP_SERVER_AUTH_TOKEN";
|
|
265
|
+
readonly aliases: readonly ["LUCERN_USER_TOKEN", "MCP_SERVER_TOKEN"];
|
|
266
|
+
readonly owner: "lucern_platform";
|
|
267
|
+
readonly scope: "environment";
|
|
268
|
+
readonly sourcePath: "/platform/runtime";
|
|
269
|
+
readonly environmentPolicy: "environment_specific";
|
|
270
|
+
readonly required: false;
|
|
271
|
+
readonly secret: true;
|
|
272
|
+
readonly public: false;
|
|
273
|
+
readonly consumers: readonly ["lucern-mcp", "lucern-cli", "lucern-repo-ci"];
|
|
274
|
+
readonly destinations: readonly [{
|
|
275
|
+
readonly kind: "runtime_fetch";
|
|
276
|
+
readonly target: "lucern-cli-mcp-sdk";
|
|
277
|
+
readonly environmentPolicy: "environment_specific";
|
|
278
|
+
}, {
|
|
279
|
+
readonly kind: "operator_local";
|
|
280
|
+
readonly target: "lucern-repo";
|
|
281
|
+
readonly environmentPolicy: "environment_specific";
|
|
282
|
+
}];
|
|
283
|
+
readonly description: "Local/hosted MCP auth token material. Tenant apps must use MC/API-key sessions instead.";
|
|
284
|
+
}, {
|
|
285
|
+
readonly id: "platform.operator.api-key";
|
|
286
|
+
readonly canonicalName: "LUCERN_API_KEY";
|
|
287
|
+
readonly aliases: readonly ["LUCERN_KEY"];
|
|
288
|
+
readonly owner: "lucern_platform";
|
|
289
|
+
readonly scope: "environment";
|
|
290
|
+
readonly sourcePath: "/platform/runtime";
|
|
291
|
+
readonly environmentPolicy: "environment_specific";
|
|
292
|
+
readonly required: false;
|
|
293
|
+
readonly secret: true;
|
|
294
|
+
readonly public: false;
|
|
295
|
+
readonly consumers: readonly ["lucern-cli", "lucern-mcp", "lucern-repo-ci"];
|
|
296
|
+
readonly destinations: readonly [{
|
|
297
|
+
readonly kind: "runtime_fetch";
|
|
298
|
+
readonly target: "lucern-cli-mcp-sdk";
|
|
299
|
+
readonly environmentPolicy: "environment_specific";
|
|
300
|
+
}, {
|
|
301
|
+
readonly kind: "operator_local";
|
|
302
|
+
readonly target: "lucern-repo";
|
|
303
|
+
readonly environmentPolicy: "environment_specific";
|
|
304
|
+
}, {
|
|
305
|
+
readonly kind: "github_actions";
|
|
306
|
+
readonly target: "LucernAI/lucern";
|
|
307
|
+
readonly environmentPolicy: "environment_specific";
|
|
308
|
+
}];
|
|
309
|
+
readonly description: "Lucern-owned operator API key for trusted CLI/MCP/CI calls. Source it from /platform/runtime; do not persist it into local user credential files.";
|
|
310
|
+
}, {
|
|
311
|
+
readonly id: "platform.graph-sync.proxy";
|
|
312
|
+
readonly canonicalName: "LUCERN_GRAPH_SYNC_QUERY_BASE_URL";
|
|
313
|
+
readonly aliases: readonly ["LUCERN_DEFAULT_TENANT_ID", "LUCERN_GRAPH_SYNC_ALLOWED_PROXY_HOSTS"];
|
|
314
|
+
readonly owner: "lucern_platform";
|
|
315
|
+
readonly scope: "environment";
|
|
316
|
+
readonly sourcePath: "/platform/graph/neo4j";
|
|
317
|
+
readonly environmentPolicy: "environment_specific";
|
|
318
|
+
readonly required: false;
|
|
319
|
+
readonly secret: false;
|
|
320
|
+
readonly public: false;
|
|
321
|
+
readonly consumers: readonly ["lucern-graph-sync", "lucern-repo-ci"];
|
|
322
|
+
readonly destinations: readonly [{
|
|
323
|
+
readonly kind: "runtime_fetch";
|
|
324
|
+
readonly target: "lucern-graph-sync";
|
|
325
|
+
readonly environmentPolicy: "environment_specific";
|
|
326
|
+
}, {
|
|
327
|
+
readonly kind: "github_actions";
|
|
328
|
+
readonly target: "LucernAI/lucern";
|
|
329
|
+
readonly environmentPolicy: "environment_specific";
|
|
330
|
+
}];
|
|
331
|
+
readonly description: "Graph-sync proxy URL, tenant filter, and allowed host list.";
|
|
332
|
+
}, {
|
|
333
|
+
readonly id: "platform.package-smoke.local";
|
|
334
|
+
readonly canonicalName: "LUCERN_SDK_NPM_TOKEN";
|
|
335
|
+
readonly aliases: readonly ["LUCERN_KERNEL_INSTALL_SPEC", "LUCERN_KERNEL_KEEP_CLEANROOM", "LUCERN_KERNEL_LOCAL_TARBALL", "LUCERN_KERNEL_NPM_TOKEN", "LUCERN_KERNEL_SCOPE_REGISTRY", "LUCERN_KERNEL_SKIP_CONVEX", "LUCERN_SDK_INSTALL_SPEC", "LUCERN_SDK_KEEP_CLEANROOM", "LUCERN_SDK_LOCAL_TARBALL", "LUCERN_SDK_SCOPE_REGISTRY", "LUCERN_SDK_SKIP_LIVE"];
|
|
336
|
+
readonly owner: "lucern_platform";
|
|
337
|
+
readonly scope: "global";
|
|
338
|
+
readonly sourcePath: "/platform/package-publish";
|
|
339
|
+
readonly environmentPolicy: "same_all_environments";
|
|
340
|
+
readonly required: false;
|
|
341
|
+
readonly secret: true;
|
|
342
|
+
readonly public: false;
|
|
343
|
+
readonly consumers: readonly ["lucern-repo-ci"];
|
|
344
|
+
readonly destinations: readonly [{
|
|
345
|
+
readonly kind: "github_actions";
|
|
346
|
+
readonly target: "LucernAI/lucern";
|
|
347
|
+
readonly environmentPolicy: "same_all_environments";
|
|
348
|
+
}, {
|
|
349
|
+
readonly kind: "operator_local";
|
|
350
|
+
readonly target: "lucern-repo";
|
|
351
|
+
readonly environmentPolicy: "same_all_environments";
|
|
352
|
+
}];
|
|
353
|
+
readonly description: "Private package install smoke-test knobs. Values are not tenant runtime variables.";
|
|
354
|
+
}, {
|
|
355
|
+
readonly id: "platform.convex-deploy.local-names";
|
|
356
|
+
readonly canonicalName: "LUCERN_CONVEX_DEPLOYMENT_NAME";
|
|
357
|
+
readonly aliases: readonly ["CONVEX_DEPLOYMENT", "CONVEX_DEV_DEPLOYMENT_NAME", "CONVEX_PROD_DEPLOYMENT_NAME"];
|
|
358
|
+
readonly owner: "lucern_platform";
|
|
359
|
+
readonly scope: "environment";
|
|
360
|
+
readonly sourcePath: "/platform/deploy/convex";
|
|
361
|
+
readonly environmentPolicy: "environment_specific";
|
|
362
|
+
readonly required: false;
|
|
363
|
+
readonly secret: false;
|
|
364
|
+
readonly public: false;
|
|
365
|
+
readonly consumers: readonly ["mc-operator-tooling", "lucern-repo-ci"];
|
|
366
|
+
readonly destinations: readonly [{
|
|
367
|
+
readonly kind: "operator_local";
|
|
368
|
+
readonly target: "lucern-repo";
|
|
369
|
+
readonly environmentPolicy: "environment_specific";
|
|
370
|
+
}];
|
|
371
|
+
readonly description: "Operator-only Convex deployment name hints. Deploy keys and URLs remain separately scoped.";
|
|
372
|
+
}, {
|
|
373
|
+
readonly id: "platform.sdk.local-context";
|
|
374
|
+
readonly canonicalName: "LUCERN_TENANT_ID";
|
|
375
|
+
readonly aliases: readonly ["LUCERN_AGENT_DISPLAY_NAME", "LUCERN_AGENT_ID", "LUCERN_API_ENVIRONMENT", "LUCERN_PACK_KEY", "LUCERN_PROJECT_ID", "LUCERN_TOPIC_ID", "LUCERN_WORKSPACE_ID", "LUCERN_WORKTREE_ID"];
|
|
376
|
+
readonly owner: "lucern_platform";
|
|
377
|
+
readonly scope: "environment";
|
|
378
|
+
readonly sourcePath: "/platform/runtime";
|
|
379
|
+
readonly environmentPolicy: "environment_specific";
|
|
380
|
+
readonly required: false;
|
|
381
|
+
readonly secret: false;
|
|
382
|
+
readonly public: false;
|
|
383
|
+
readonly consumers: readonly ["lucern-cli", "lucern-mcp", "tenant-agent-runtime"];
|
|
384
|
+
readonly destinations: readonly [{
|
|
385
|
+
readonly kind: "runtime_fetch";
|
|
386
|
+
readonly target: "lucern-cli-mcp-sdk";
|
|
387
|
+
readonly environmentPolicy: "environment_specific";
|
|
388
|
+
}, {
|
|
389
|
+
readonly kind: "operator_local";
|
|
390
|
+
readonly target: "lucern-repo";
|
|
391
|
+
readonly environmentPolicy: "environment_specific";
|
|
392
|
+
}];
|
|
393
|
+
readonly description: "SDK, CLI, and agent context selectors. These identify scope and must not grant access by themselves.";
|
|
394
|
+
}, {
|
|
395
|
+
readonly id: "platform.debug.local-flags";
|
|
396
|
+
readonly canonicalName: "LUCERN_FUNCTIONAL_DEBUG";
|
|
397
|
+
readonly aliases: readonly ["LUCERN_CONTRACTS_SKIP_DTS", "LUCERN_DEPLOY_RECONCILIATION_DEBUG", "LUCERN_ENABLE_ADAPTIVE_LEARNING", "LUCERN_ENV_FILE", "LUCERN_EXAMPLE_DEBUG", "LUCERN_HTTP_SMOKE_DEBUG", "LUCERN_MULTI_TENANT", "LUCERN_PACK_ACTION_DEBUG", "LUCERN_RUN_LIVE_MCP"];
|
|
398
|
+
readonly owner: "lucern_platform";
|
|
399
|
+
readonly scope: "environment";
|
|
400
|
+
readonly sourcePath: "/platform/runtime/debug";
|
|
401
|
+
readonly environmentPolicy: "environment_specific";
|
|
402
|
+
readonly required: false;
|
|
403
|
+
readonly secret: false;
|
|
404
|
+
readonly public: false;
|
|
405
|
+
readonly consumers: readonly ["lucern-repo-ci", "mc-operator-tooling"];
|
|
406
|
+
readonly destinations: readonly [{
|
|
407
|
+
readonly kind: "operator_local";
|
|
408
|
+
readonly target: "lucern-repo";
|
|
409
|
+
readonly environmentPolicy: "environment_specific";
|
|
410
|
+
}];
|
|
411
|
+
readonly description: "Local or CI debug toggles. They are manifest-known but not tenant runtime secrets.";
|
|
412
|
+
}, {
|
|
413
|
+
readonly id: "tenant.stackos.deploy-guard.local";
|
|
414
|
+
readonly canonicalName: "STACKOS_DEPLOY_TARGET";
|
|
415
|
+
readonly aliases: readonly ["STACKOS_DEPLOY_ENTRYPOINT", "STACKOS_EXPECTED_STAGING_COMMIT", "STACKOS_PROD_CUTOVER_APPROVED", "STACKOS_REPO_PATH", "STACKOS_REQUIRE_CHAT_RUNTIME", "STACKOS_SLOP_SCAN_BASELINE", "STACKOS_STAGING_API_KEY", "STACKOS_STAGING_BASE_URL", "STACK_DEPLOY_RECONCILIATION_SCHEMA_JSON"];
|
|
416
|
+
readonly owner: "tenant";
|
|
417
|
+
readonly scope: "software_system";
|
|
418
|
+
readonly sourcePath: "/tenants/stack";
|
|
419
|
+
readonly environmentPolicy: "environment_specific";
|
|
420
|
+
readonly required: false;
|
|
421
|
+
readonly secret: true;
|
|
422
|
+
readonly public: false;
|
|
423
|
+
readonly consumers: readonly ["tenant-deploy-tooling", "lucern-repo-ci"];
|
|
424
|
+
readonly destinations: readonly [{
|
|
425
|
+
readonly kind: "operator_local";
|
|
426
|
+
readonly target: "stackos-deploy-guard";
|
|
427
|
+
readonly environmentPolicy: "environment_specific";
|
|
428
|
+
}, {
|
|
429
|
+
readonly kind: "github_actions";
|
|
430
|
+
readonly target: "stack-vc/stackos";
|
|
431
|
+
readonly environmentPolicy: "environment_specific";
|
|
432
|
+
}];
|
|
433
|
+
readonly description: "StackOS deploy/test guard variables. These are not written into the StackOS Vercel runtime.";
|
|
434
|
+
}];
|
|
435
|
+
|
|
436
|
+
export { PLATFORM_DEPLOY_AUTOMATION_SECRET_DEFINITIONS, PLATFORM_LOCAL_OPERATOR_CONFIG_SECRET_DEFINITIONS };
|