@lucern/contracts 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/dist/function-registry/worktrees.js +1 -1
  3. package/dist/function-registry/worktrees.js.map +1 -1
  4. package/dist/generated/infisicalRuntimeEnv.js +2815 -336
  5. package/dist/generated/infisicalRuntimeEnv.js.map +1 -1
  6. package/dist/index.js +3250 -510
  7. package/dist/index.js.map +1 -1
  8. package/dist/infisical-runtime.base.d.ts +1 -1
  9. package/dist/infisical-runtime.base.js +3 -0
  10. package/dist/infisical-runtime.base.js.map +1 -1
  11. package/dist/infisical-runtime.contract.d.ts +188 -2
  12. package/dist/infisical-runtime.contract.js +494 -233
  13. package/dist/infisical-runtime.contract.js.map +1 -1
  14. package/dist/infisical-runtime.platform-automation-secrets.d.ts +436 -0
  15. package/dist/infisical-runtime.platform-automation-secrets.js +596 -0
  16. package/dist/infisical-runtime.platform-automation-secrets.js.map +1 -0
  17. package/dist/infisical-runtime.platform-observability-secrets.d.ts +323 -0
  18. package/dist/infisical-runtime.platform-observability-secrets.js +417 -0
  19. package/dist/infisical-runtime.platform-observability-secrets.js.map +1 -0
  20. package/dist/infisical-runtime.platform-ops-secrets.d.ts +4 -569
  21. package/dist/infisical-runtime.platform-ops-secrets.js +440 -183
  22. package/dist/infisical-runtime.platform-ops-secrets.js.map +1 -1
  23. package/dist/infisical-runtime.tenant-secrets.js.map +1 -1
  24. package/dist/manifests/infisical-runtime-manifest.d.ts +188 -2
  25. package/dist/manifests/infisical-runtime-manifest.js +439 -181
  26. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  27. package/dist/proof-attestation.json +1 -1
  28. package/package.json +1 -1
@@ -1252,203 +1252,282 @@ var PLATFORM_LANGFUSE_SECRET_DEFINITIONS = [
1252
1252
  }
1253
1253
  ];
1254
1254
 
1255
- // src/infisical-runtime.platform-ops-secrets.ts
1256
- var PLATFORM_GRAPH_STORE_SECRET_DEFINITIONS = [
1255
+ // src/infisical-runtime.platform-observability-secrets.ts
1256
+ var PLATFORM_SENTRY_SECRET_DEFINITIONS = [
1257
1257
  {
1258
- id: "platform.neo4j.uri",
1259
- canonicalName: "NEO4J_URI",
1260
- owner: "lucern_platform",
1258
+ id: "platform.sentry.dsn",
1259
+ canonicalName: "NEXT_PUBLIC_SENTRY_DSN",
1260
+ aliases: ["SENTRY_DSN", "NEXT_PUBLIC_SENTRY_DSN_NEXTJS"],
1261
+ owner: "provider",
1261
1262
  scope: "environment",
1262
- sourcePath: "/platform/graph/neo4j",
1263
+ sourcePath: "/platform/observability/sentry",
1263
1264
  environmentPolicy: "environment_specific",
1264
1265
  required: false,
1265
1266
  secret: false,
1266
- public: false,
1267
- consumers: ["lucern-graph-sync", "lucern-repo-ci"],
1267
+ public: true,
1268
+ consumers: ["lucern-web", "lucern-gateway", "lucern-observability"],
1268
1269
  destinations: [
1269
1270
  {
1270
- kind: "runtime_fetch",
1271
- target: "lucern-graph-sync",
1271
+ kind: "vercel",
1272
+ target: "lucern",
1272
1273
  environmentPolicy: "environment_specific"
1273
1274
  },
1274
1275
  {
1275
- kind: "github_actions",
1276
- target: "LucernAI/lucern",
1276
+ kind: "vercel",
1277
+ target: "lucern-gateway",
1277
1278
  environmentPolicy: "environment_specific"
1278
1279
  }
1279
1280
  ],
1280
- description: "Lucern-owned Neo4j URI for platform graph-sync surfaces."
1281
+ description: "Lucern-owned Sentry DSN for browser/server error telemetry."
1281
1282
  },
1282
1283
  {
1283
- id: "platform.neo4j.user",
1284
- canonicalName: "NEO4J_USER",
1285
- aliases: ["NEO4J_USERNAME"],
1286
- owner: "lucern_platform",
1284
+ id: "platform.sentry.auth-token",
1285
+ canonicalName: "SENTRY_AUTH_TOKEN",
1286
+ owner: "provider",
1287
1287
  scope: "environment",
1288
- sourcePath: "/platform/graph/neo4j",
1289
- environmentPolicy: "environment_specific",
1288
+ sourcePath: "/platform/observability/sentry",
1289
+ environmentPolicy: "same_all_environments",
1290
1290
  required: false,
1291
- secret: false,
1291
+ secret: true,
1292
1292
  public: false,
1293
- consumers: ["lucern-graph-sync", "lucern-repo-ci"],
1293
+ consumers: ["lucern-repo-ci", "lucern-observability"],
1294
1294
  destinations: [
1295
- {
1296
- kind: "runtime_fetch",
1297
- target: "lucern-graph-sync",
1298
- environmentPolicy: "environment_specific"
1299
- },
1300
1295
  {
1301
1296
  kind: "github_actions",
1302
1297
  target: "LucernAI/lucern",
1303
- environmentPolicy: "environment_specific"
1298
+ environmentPolicy: "same_all_environments"
1299
+ },
1300
+ {
1301
+ kind: "vercel",
1302
+ target: "lucern",
1303
+ environmentPolicy: "same_all_environments"
1304
1304
  }
1305
1305
  ],
1306
- description: "Lucern-owned Neo4j username for platform graph-sync surfaces."
1306
+ description: "Sentry release-upload token. Runtime services must not use it for authorization."
1307
1307
  },
1308
1308
  {
1309
- id: "platform.neo4j.password",
1310
- canonicalName: "NEO4J_PASSWORD",
1311
- owner: "lucern_platform",
1312
- scope: "environment",
1313
- sourcePath: "/platform/graph/neo4j",
1314
- environmentPolicy: "environment_specific",
1309
+ id: "platform.sentry.org",
1310
+ canonicalName: "SENTRY_ORG",
1311
+ aliases: ["SENTRY_ORG_SLUG"],
1312
+ owner: "provider",
1313
+ scope: "global",
1314
+ sourcePath: "/platform/observability/sentry",
1315
+ environmentPolicy: "same_all_environments",
1315
1316
  required: false,
1316
- secret: true,
1317
+ secret: false,
1317
1318
  public: false,
1318
- consumers: ["lucern-graph-sync", "lucern-repo-ci"],
1319
+ consumers: ["lucern-repo-ci", "lucern-observability"],
1319
1320
  destinations: [
1320
1321
  {
1321
- kind: "runtime_fetch",
1322
- target: "lucern-graph-sync",
1323
- environmentPolicy: "environment_specific"
1322
+ kind: "github_actions",
1323
+ target: "LucernAI/lucern",
1324
+ environmentPolicy: "same_all_environments"
1324
1325
  },
1326
+ {
1327
+ kind: "vercel",
1328
+ target: "lucern",
1329
+ environmentPolicy: "same_all_environments"
1330
+ }
1331
+ ],
1332
+ description: "Sentry organization slug for Lucern release uploads."
1333
+ },
1334
+ {
1335
+ id: "platform.sentry.project",
1336
+ canonicalName: "SENTRY_PROJECT",
1337
+ aliases: ["SENTRY_PROJECT_NEXTJS"],
1338
+ owner: "provider",
1339
+ scope: "global",
1340
+ sourcePath: "/platform/observability/sentry",
1341
+ environmentPolicy: "same_all_environments",
1342
+ required: false,
1343
+ secret: false,
1344
+ public: false,
1345
+ consumers: ["lucern-repo-ci", "lucern-observability"],
1346
+ destinations: [
1325
1347
  {
1326
1348
  kind: "github_actions",
1327
1349
  target: "LucernAI/lucern",
1328
- environmentPolicy: "environment_specific"
1350
+ environmentPolicy: "same_all_environments"
1351
+ },
1352
+ {
1353
+ kind: "vercel",
1354
+ target: "lucern",
1355
+ environmentPolicy: "same_all_environments"
1329
1356
  }
1330
1357
  ],
1331
- description: "Lucern-owned Neo4j password for platform graph-sync surfaces."
1358
+ description: "Sentry project slug for Lucern release uploads."
1332
1359
  },
1333
1360
  {
1334
- id: "platform.neo4j.sync-secret",
1335
- canonicalName: "NEO4J_SYNC_SECRET",
1336
- owner: "lucern_platform",
1361
+ id: "platform.sentry.environment",
1362
+ canonicalName: "SENTRY_ENVIRONMENT",
1363
+ aliases: ["NEXT_PUBLIC_SENTRY_ENVIRONMENT"],
1364
+ owner: "provider",
1337
1365
  scope: "environment",
1338
- sourcePath: "/platform/graph/neo4j",
1366
+ sourcePath: "/platform/observability/sentry",
1339
1367
  environmentPolicy: "environment_specific",
1340
1368
  required: false,
1341
- secret: true,
1369
+ secret: false,
1342
1370
  public: false,
1343
- consumers: ["lucern-graph-sync", "lucern-repo-ci"],
1371
+ consumers: ["lucern-web", "lucern-gateway", "lucern-observability"],
1344
1372
  destinations: [
1345
1373
  {
1346
- kind: "runtime_fetch",
1347
- target: "lucern-graph-sync",
1348
- environmentPolicy: "environment_specific"
1374
+ kind: "vercel",
1375
+ target: "lucern",
1376
+ environmentPolicy: "environment_specific",
1377
+ writeNames: ["SENTRY_ENVIRONMENT", "NEXT_PUBLIC_SENTRY_ENVIRONMENT"]
1349
1378
  },
1350
1379
  {
1351
- kind: "github_actions",
1352
- target: "LucernAI/lucern",
1380
+ kind: "vercel",
1381
+ target: "lucern-gateway",
1353
1382
  environmentPolicy: "environment_specific"
1354
1383
  }
1355
1384
  ],
1356
- description: "Shared secret protecting Lucern-owned graph-sync HTTP/query proxy calls."
1385
+ description: "Lucern-owned Sentry environment label."
1357
1386
  },
1358
1387
  {
1359
- id: "platform.neo4j.database",
1360
- canonicalName: "NEO4J_DATABASE",
1361
- owner: "lucern_platform",
1388
+ id: "platform.sentry.release",
1389
+ canonicalName: "SENTRY_RELEASE",
1390
+ aliases: ["LUCERN_RELEASE", "NEXT_PUBLIC_SENTRY_RELEASE"],
1391
+ owner: "provider",
1362
1392
  scope: "environment",
1363
- sourcePath: "/platform/graph/neo4j",
1393
+ sourcePath: "/platform/observability/sentry",
1364
1394
  environmentPolicy: "environment_specific",
1365
1395
  required: false,
1366
1396
  secret: false,
1367
1397
  public: false,
1368
- consumers: ["lucern-graph-sync", "lucern-repo-ci"],
1398
+ consumers: ["lucern-web", "lucern-gateway", "lucern-observability"],
1369
1399
  destinations: [
1370
1400
  {
1371
- kind: "runtime_fetch",
1372
- target: "lucern-graph-sync",
1373
- environmentPolicy: "environment_specific"
1401
+ kind: "vercel",
1402
+ target: "lucern",
1403
+ environmentPolicy: "environment_specific",
1404
+ writeNames: [
1405
+ "LUCERN_RELEASE",
1406
+ "SENTRY_RELEASE",
1407
+ "NEXT_PUBLIC_SENTRY_RELEASE"
1408
+ ]
1374
1409
  },
1375
1410
  {
1376
- kind: "github_actions",
1377
- target: "LucernAI/lucern",
1411
+ kind: "vercel",
1412
+ target: "lucern-gateway",
1378
1413
  environmentPolicy: "environment_specific"
1379
1414
  }
1380
1415
  ],
1381
- description: "Optional Neo4j database name for Lucern-owned graph-sync surfaces."
1416
+ description: "Lucern-owned Sentry release name."
1382
1417
  }
1383
1418
  ];
1384
- var PLATFORM_VECTOR_STORE_SECRET_DEFINITIONS = [
1419
+ var PLATFORM_AXIOM_SECRET_DEFINITIONS = [
1385
1420
  {
1386
- id: "platform.pinecone.api-key",
1387
- canonicalName: "PINECONE_API_KEY",
1388
- owner: "lucern_platform",
1421
+ id: "platform.axiom.token",
1422
+ canonicalName: "AXIOM_TOKEN",
1423
+ aliases: ["LUCERN_AXIOM_TOKEN"],
1424
+ owner: "provider",
1389
1425
  scope: "environment",
1390
- sourcePath: "/platform/vector/pinecone",
1426
+ sourcePath: "/platform/observability",
1391
1427
  environmentPolicy: "environment_specific",
1392
1428
  required: false,
1393
1429
  secret: true,
1394
1430
  public: false,
1395
- consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
1431
+ consumers: [
1432
+ "lucern-cli",
1433
+ "lucern-gateway",
1434
+ "lucern-sdk",
1435
+ "lucern-mcp",
1436
+ "lucern-agent",
1437
+ "lucern-railway-pdp",
1438
+ "lucern-repo-ci",
1439
+ "lucern-observability"
1440
+ ],
1396
1441
  destinations: [
1397
1442
  {
1398
1443
  kind: "runtime_fetch",
1399
- target: "lucern-ai-runtime",
1444
+ target: "lucern-cli-mcp-sdk",
1445
+ environmentPolicy: "environment_specific"
1446
+ },
1447
+ {
1448
+ kind: "vercel",
1449
+ target: "lucern-gateway",
1400
1450
  environmentPolicy: "environment_specific"
1401
1451
  },
1402
1452
  {
1403
1453
  kind: "github_actions",
1404
1454
  target: "LucernAI/lucern",
1405
1455
  environmentPolicy: "environment_specific"
1456
+ },
1457
+ {
1458
+ kind: "operator_local",
1459
+ target: "lucern-repo",
1460
+ environmentPolicy: "environment_specific"
1406
1461
  }
1407
1462
  ],
1408
- description: "Lucern-owned Pinecone API key for platform vector search."
1463
+ description: "Axiom ingest/query token for Lucern operational telemetry. Runtime code must treat it as write/query telemetry authority, not graph-state authority."
1409
1464
  },
1410
1465
  {
1411
- id: "platform.pinecone.index-name",
1412
- canonicalName: "PINECONE_INDEX_NAME",
1413
- aliases: ["PINECONE_INDEX"],
1414
- owner: "lucern_platform",
1466
+ id: "platform.axiom.events-dataset",
1467
+ canonicalName: "LUCERN_AXIOM_EVENTS_DATASET",
1468
+ aliases: ["AXIOM_DATASET", "AXIOM_EVENTS_DATASET", "LUCERN_AXIOM_DATASET"],
1469
+ owner: "provider",
1415
1470
  scope: "environment",
1416
- sourcePath: "/platform/vector/pinecone",
1471
+ sourcePath: "/platform/observability",
1417
1472
  environmentPolicy: "environment_specific",
1418
1473
  required: false,
1419
1474
  secret: false,
1420
1475
  public: false,
1421
- consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
1476
+ consumers: [
1477
+ "lucern-cli",
1478
+ "lucern-gateway",
1479
+ "lucern-sdk",
1480
+ "lucern-mcp",
1481
+ "lucern-agent",
1482
+ "lucern-railway-pdp",
1483
+ "lucern-repo-ci",
1484
+ "lucern-observability"
1485
+ ],
1422
1486
  destinations: [
1423
1487
  {
1424
1488
  kind: "runtime_fetch",
1425
- target: "lucern-ai-runtime",
1489
+ target: "lucern-cli-mcp-sdk",
1490
+ environmentPolicy: "environment_specific"
1491
+ },
1492
+ {
1493
+ kind: "vercel",
1494
+ target: "lucern-gateway",
1426
1495
  environmentPolicy: "environment_specific"
1427
1496
  },
1428
1497
  {
1429
1498
  kind: "github_actions",
1430
1499
  target: "LucernAI/lucern",
1431
1500
  environmentPolicy: "environment_specific"
1501
+ },
1502
+ {
1503
+ kind: "operator_local",
1504
+ target: "lucern-repo",
1505
+ environmentPolicy: "environment_specific"
1432
1506
  }
1433
1507
  ],
1434
- description: "Lucern-owned Pinecone index name."
1508
+ description: "Primary Axiom event dataset for non-sensitive CLI, gateway, SDK retry, PDP, deploy, and agent-run telemetry."
1435
1509
  },
1436
1510
  {
1437
- id: "platform.pinecone.host",
1438
- canonicalName: "PINECONE_HOST",
1439
- aliases: ["PINECONE_INDEX_HOST"],
1440
- owner: "lucern_platform",
1511
+ id: "platform.axiom.logs-dataset",
1512
+ canonicalName: "LUCERN_AXIOM_LOGS_DATASET",
1513
+ aliases: ["AXIOM_LOGS_DATASET"],
1514
+ owner: "provider",
1441
1515
  scope: "environment",
1442
- sourcePath: "/platform/vector/pinecone",
1516
+ sourcePath: "/platform/observability",
1443
1517
  environmentPolicy: "environment_specific",
1444
1518
  required: false,
1445
1519
  secret: false,
1446
1520
  public: false,
1447
- consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
1521
+ consumers: ["lucern-observability", "lucern-gateway", "lucern-repo-ci"],
1448
1522
  destinations: [
1449
1523
  {
1450
1524
  kind: "runtime_fetch",
1451
- target: "lucern-ai-runtime",
1525
+ target: "lucern-cli-mcp-sdk",
1526
+ environmentPolicy: "environment_specific"
1527
+ },
1528
+ {
1529
+ kind: "vercel",
1530
+ target: "lucern-gateway",
1452
1531
  environmentPolicy: "environment_specific"
1453
1532
  },
1454
1533
  {
@@ -1457,168 +1536,137 @@ var PLATFORM_VECTOR_STORE_SECRET_DEFINITIONS = [
1457
1536
  environmentPolicy: "environment_specific"
1458
1537
  }
1459
1538
  ],
1460
- description: "Lucern-owned Pinecone host/index host."
1461
- }
1462
- ];
1463
- var PLATFORM_SENTRY_SECRET_DEFINITIONS = [
1539
+ description: "Axiom OpenTelemetry log dataset for Lucern services."
1540
+ },
1464
1541
  {
1465
- id: "platform.sentry.dsn",
1466
- canonicalName: "NEXT_PUBLIC_SENTRY_DSN",
1467
- aliases: ["SENTRY_DSN", "NEXT_PUBLIC_SENTRY_DSN_NEXTJS"],
1542
+ id: "platform.axiom.traces-dataset",
1543
+ canonicalName: "LUCERN_AXIOM_TRACES_DATASET",
1544
+ aliases: ["AXIOM_TRACES_DATASET"],
1468
1545
  owner: "provider",
1469
1546
  scope: "environment",
1470
- sourcePath: "/platform/observability/sentry",
1547
+ sourcePath: "/platform/observability",
1471
1548
  environmentPolicy: "environment_specific",
1472
1549
  required: false,
1473
1550
  secret: false,
1474
- public: true,
1475
- consumers: ["lucern-web", "lucern-gateway", "lucern-observability"],
1551
+ public: false,
1552
+ consumers: ["lucern-observability", "lucern-gateway", "lucern-repo-ci"],
1476
1553
  destinations: [
1477
1554
  {
1478
- kind: "vercel",
1479
- target: "lucern",
1555
+ kind: "runtime_fetch",
1556
+ target: "lucern-cli-mcp-sdk",
1480
1557
  environmentPolicy: "environment_specific"
1481
1558
  },
1482
1559
  {
1483
1560
  kind: "vercel",
1484
1561
  target: "lucern-gateway",
1485
1562
  environmentPolicy: "environment_specific"
1486
- }
1487
- ],
1488
- description: "Lucern-owned Sentry DSN for browser/server error telemetry."
1489
- },
1490
- {
1491
- id: "platform.sentry.auth-token",
1492
- canonicalName: "SENTRY_AUTH_TOKEN",
1493
- owner: "provider",
1494
- scope: "environment",
1495
- sourcePath: "/platform/observability/sentry",
1496
- environmentPolicy: "same_all_environments",
1497
- required: false,
1498
- secret: true,
1499
- public: false,
1500
- consumers: ["lucern-repo-ci", "lucern-observability"],
1501
- destinations: [
1502
- {
1503
- kind: "github_actions",
1504
- target: "LucernAI/lucern",
1505
- environmentPolicy: "same_all_environments"
1506
1563
  },
1507
- {
1508
- kind: "vercel",
1509
- target: "lucern",
1510
- environmentPolicy: "same_all_environments"
1511
- }
1512
- ],
1513
- description: "Sentry release-upload token. Runtime services must not use it for authorization."
1514
- },
1515
- {
1516
- id: "platform.sentry.org",
1517
- canonicalName: "SENTRY_ORG",
1518
- aliases: ["SENTRY_ORG_SLUG"],
1519
- owner: "provider",
1520
- scope: "global",
1521
- sourcePath: "/platform/observability/sentry",
1522
- environmentPolicy: "same_all_environments",
1523
- required: false,
1524
- secret: false,
1525
- public: false,
1526
- consumers: ["lucern-repo-ci", "lucern-observability"],
1527
- destinations: [
1528
1564
  {
1529
1565
  kind: "github_actions",
1530
1566
  target: "LucernAI/lucern",
1531
- environmentPolicy: "same_all_environments"
1532
- },
1533
- {
1534
- kind: "vercel",
1535
- target: "lucern",
1536
- environmentPolicy: "same_all_environments"
1567
+ environmentPolicy: "environment_specific"
1537
1568
  }
1538
1569
  ],
1539
- description: "Sentry organization slug for Lucern release uploads."
1570
+ description: "Axiom OpenTelemetry trace dataset for Lucern services."
1540
1571
  },
1541
1572
  {
1542
- id: "platform.sentry.project",
1543
- canonicalName: "SENTRY_PROJECT",
1544
- aliases: ["SENTRY_PROJECT_NEXTJS"],
1573
+ id: "platform.axiom.metrics-dataset",
1574
+ canonicalName: "LUCERN_AXIOM_METRICS_DATASET",
1575
+ aliases: ["AXIOM_METRICS_DATASET"],
1545
1576
  owner: "provider",
1546
- scope: "global",
1547
- sourcePath: "/platform/observability/sentry",
1548
- environmentPolicy: "same_all_environments",
1577
+ scope: "environment",
1578
+ sourcePath: "/platform/observability",
1579
+ environmentPolicy: "environment_specific",
1549
1580
  required: false,
1550
1581
  secret: false,
1551
1582
  public: false,
1552
- consumers: ["lucern-repo-ci", "lucern-observability"],
1583
+ consumers: ["lucern-observability", "lucern-gateway", "lucern-repo-ci"],
1553
1584
  destinations: [
1554
1585
  {
1555
- kind: "github_actions",
1556
- target: "LucernAI/lucern",
1557
- environmentPolicy: "same_all_environments"
1586
+ kind: "runtime_fetch",
1587
+ target: "lucern-cli-mcp-sdk",
1588
+ environmentPolicy: "environment_specific"
1558
1589
  },
1559
1590
  {
1560
1591
  kind: "vercel",
1561
- target: "lucern",
1562
- environmentPolicy: "same_all_environments"
1592
+ target: "lucern-gateway",
1593
+ environmentPolicy: "environment_specific"
1594
+ },
1595
+ {
1596
+ kind: "github_actions",
1597
+ target: "LucernAI/lucern",
1598
+ environmentPolicy: "environment_specific"
1563
1599
  }
1564
1600
  ],
1565
- description: "Sentry project slug for Lucern release uploads."
1601
+ description: "Axiom OpenTelemetry metric dataset for Lucern services."
1566
1602
  },
1567
1603
  {
1568
- id: "platform.sentry.environment",
1569
- canonicalName: "SENTRY_ENVIRONMENT",
1570
- aliases: ["NEXT_PUBLIC_SENTRY_ENVIRONMENT"],
1604
+ id: "platform.axiom.api-url",
1605
+ canonicalName: "LUCERN_AXIOM_API_URL",
1606
+ aliases: ["AXIOM_URL"],
1571
1607
  owner: "provider",
1572
1608
  scope: "environment",
1573
- sourcePath: "/platform/observability/sentry",
1609
+ sourcePath: "/platform/observability",
1574
1610
  environmentPolicy: "environment_specific",
1575
1611
  required: false,
1576
1612
  secret: false,
1577
1613
  public: false,
1578
- consumers: ["lucern-web", "lucern-gateway", "lucern-observability"],
1614
+ consumers: [
1615
+ "lucern-cli",
1616
+ "lucern-gateway",
1617
+ "lucern-sdk",
1618
+ "lucern-mcp",
1619
+ "lucern-agent",
1620
+ "lucern-repo-ci"
1621
+ ],
1579
1622
  destinations: [
1580
1623
  {
1581
- kind: "vercel",
1582
- target: "lucern",
1583
- environmentPolicy: "environment_specific",
1584
- writeNames: ["SENTRY_ENVIRONMENT", "NEXT_PUBLIC_SENTRY_ENVIRONMENT"]
1624
+ kind: "runtime_fetch",
1625
+ target: "lucern-cli-mcp-sdk",
1626
+ environmentPolicy: "environment_specific"
1585
1627
  },
1586
1628
  {
1587
1629
  kind: "vercel",
1588
1630
  target: "lucern-gateway",
1589
1631
  environmentPolicy: "environment_specific"
1632
+ },
1633
+ {
1634
+ kind: "operator_local",
1635
+ target: "lucern-repo",
1636
+ environmentPolicy: "environment_specific"
1590
1637
  }
1591
1638
  ],
1592
- description: "Lucern-owned Sentry environment label."
1639
+ description: "Axiom API URL. Defaults to https://api.axiom.co when unset."
1593
1640
  },
1594
1641
  {
1595
- id: "platform.sentry.release",
1596
- canonicalName: "SENTRY_RELEASE",
1597
- aliases: ["NEXT_PUBLIC_SENTRY_RELEASE"],
1642
+ id: "platform.axiom.otlp-endpoint",
1643
+ canonicalName: "OTEL_EXPORTER_OTLP_ENDPOINT",
1644
+ aliases: ["LUCERN_AXIOM_OTLP_ENDPOINT"],
1598
1645
  owner: "provider",
1599
1646
  scope: "environment",
1600
- sourcePath: "/platform/observability/sentry",
1647
+ sourcePath: "/platform/observability",
1601
1648
  environmentPolicy: "environment_specific",
1602
1649
  required: false,
1603
1650
  secret: false,
1604
1651
  public: false,
1605
- consumers: ["lucern-web", "lucern-gateway", "lucern-observability"],
1652
+ consumers: ["lucern-gateway", "lucern-railway-pdp", "lucern-observability"],
1606
1653
  destinations: [
1607
1654
  {
1608
1655
  kind: "vercel",
1609
- target: "lucern",
1610
- environmentPolicy: "environment_specific",
1611
- writeNames: ["SENTRY_RELEASE", "NEXT_PUBLIC_SENTRY_RELEASE"]
1656
+ target: "lucern-gateway",
1657
+ environmentPolicy: "environment_specific"
1612
1658
  },
1613
1659
  {
1614
- kind: "vercel",
1615
- target: "lucern-gateway",
1660
+ kind: "operator_local",
1661
+ target: "lucern-repo",
1616
1662
  environmentPolicy: "environment_specific"
1617
1663
  }
1618
1664
  ],
1619
- description: "Lucern-owned Sentry release name."
1665
+ description: "OTLP endpoint used by services that emit OpenTelemetry logs, metrics, and traces to Axiom."
1620
1666
  }
1621
1667
  ];
1668
+
1669
+ // src/infisical-runtime.platform-automation-secrets.ts
1622
1670
  var PLATFORM_DEPLOY_AUTOMATION_SECRET_DEFINITIONS = [
1623
1671
  {
1624
1672
  id: "platform.deploy.vercel-token",
@@ -2211,6 +2259,215 @@ var PLATFORM_LOCAL_OPERATOR_CONFIG_SECRET_DEFINITIONS = [
2211
2259
  }
2212
2260
  ];
2213
2261
 
2262
+ // src/infisical-runtime.platform-ops-secrets.ts
2263
+ var PLATFORM_GRAPH_STORE_SECRET_DEFINITIONS = [
2264
+ {
2265
+ id: "platform.neo4j.uri",
2266
+ canonicalName: "NEO4J_URI",
2267
+ owner: "lucern_platform",
2268
+ scope: "environment",
2269
+ sourcePath: "/platform/graph/neo4j",
2270
+ environmentPolicy: "environment_specific",
2271
+ required: false,
2272
+ secret: false,
2273
+ public: false,
2274
+ consumers: ["lucern-graph-sync", "lucern-repo-ci"],
2275
+ destinations: [
2276
+ {
2277
+ kind: "runtime_fetch",
2278
+ target: "lucern-graph-sync",
2279
+ environmentPolicy: "environment_specific"
2280
+ },
2281
+ {
2282
+ kind: "github_actions",
2283
+ target: "LucernAI/lucern",
2284
+ environmentPolicy: "environment_specific"
2285
+ }
2286
+ ],
2287
+ description: "Lucern-owned Neo4j URI for platform graph-sync surfaces."
2288
+ },
2289
+ {
2290
+ id: "platform.neo4j.user",
2291
+ canonicalName: "NEO4J_USER",
2292
+ aliases: ["NEO4J_USERNAME"],
2293
+ owner: "lucern_platform",
2294
+ scope: "environment",
2295
+ sourcePath: "/platform/graph/neo4j",
2296
+ environmentPolicy: "environment_specific",
2297
+ required: false,
2298
+ secret: false,
2299
+ public: false,
2300
+ consumers: ["lucern-graph-sync", "lucern-repo-ci"],
2301
+ destinations: [
2302
+ {
2303
+ kind: "runtime_fetch",
2304
+ target: "lucern-graph-sync",
2305
+ environmentPolicy: "environment_specific"
2306
+ },
2307
+ {
2308
+ kind: "github_actions",
2309
+ target: "LucernAI/lucern",
2310
+ environmentPolicy: "environment_specific"
2311
+ }
2312
+ ],
2313
+ description: "Lucern-owned Neo4j username for platform graph-sync surfaces."
2314
+ },
2315
+ {
2316
+ id: "platform.neo4j.password",
2317
+ canonicalName: "NEO4J_PASSWORD",
2318
+ owner: "lucern_platform",
2319
+ scope: "environment",
2320
+ sourcePath: "/platform/graph/neo4j",
2321
+ environmentPolicy: "environment_specific",
2322
+ required: false,
2323
+ secret: true,
2324
+ public: false,
2325
+ consumers: ["lucern-graph-sync", "lucern-repo-ci"],
2326
+ destinations: [
2327
+ {
2328
+ kind: "runtime_fetch",
2329
+ target: "lucern-graph-sync",
2330
+ environmentPolicy: "environment_specific"
2331
+ },
2332
+ {
2333
+ kind: "github_actions",
2334
+ target: "LucernAI/lucern",
2335
+ environmentPolicy: "environment_specific"
2336
+ }
2337
+ ],
2338
+ description: "Lucern-owned Neo4j password for platform graph-sync surfaces."
2339
+ },
2340
+ {
2341
+ id: "platform.neo4j.sync-secret",
2342
+ canonicalName: "NEO4J_SYNC_SECRET",
2343
+ owner: "lucern_platform",
2344
+ scope: "environment",
2345
+ sourcePath: "/platform/graph/neo4j",
2346
+ environmentPolicy: "environment_specific",
2347
+ required: false,
2348
+ secret: true,
2349
+ public: false,
2350
+ consumers: ["lucern-graph-sync", "lucern-repo-ci"],
2351
+ destinations: [
2352
+ {
2353
+ kind: "runtime_fetch",
2354
+ target: "lucern-graph-sync",
2355
+ environmentPolicy: "environment_specific"
2356
+ },
2357
+ {
2358
+ kind: "github_actions",
2359
+ target: "LucernAI/lucern",
2360
+ environmentPolicy: "environment_specific"
2361
+ }
2362
+ ],
2363
+ description: "Shared secret protecting Lucern-owned graph-sync HTTP/query proxy calls."
2364
+ },
2365
+ {
2366
+ id: "platform.neo4j.database",
2367
+ canonicalName: "NEO4J_DATABASE",
2368
+ owner: "lucern_platform",
2369
+ scope: "environment",
2370
+ sourcePath: "/platform/graph/neo4j",
2371
+ environmentPolicy: "environment_specific",
2372
+ required: false,
2373
+ secret: false,
2374
+ public: false,
2375
+ consumers: ["lucern-graph-sync", "lucern-repo-ci"],
2376
+ destinations: [
2377
+ {
2378
+ kind: "runtime_fetch",
2379
+ target: "lucern-graph-sync",
2380
+ environmentPolicy: "environment_specific"
2381
+ },
2382
+ {
2383
+ kind: "github_actions",
2384
+ target: "LucernAI/lucern",
2385
+ environmentPolicy: "environment_specific"
2386
+ }
2387
+ ],
2388
+ description: "Optional Neo4j database name for Lucern-owned graph-sync surfaces."
2389
+ }
2390
+ ];
2391
+ var PLATFORM_VECTOR_STORE_SECRET_DEFINITIONS = [
2392
+ {
2393
+ id: "platform.pinecone.api-key",
2394
+ canonicalName: "PINECONE_API_KEY",
2395
+ owner: "lucern_platform",
2396
+ scope: "environment",
2397
+ sourcePath: "/platform/vector/pinecone",
2398
+ environmentPolicy: "environment_specific",
2399
+ required: false,
2400
+ secret: true,
2401
+ public: false,
2402
+ consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
2403
+ destinations: [
2404
+ {
2405
+ kind: "runtime_fetch",
2406
+ target: "lucern-ai-runtime",
2407
+ environmentPolicy: "environment_specific"
2408
+ },
2409
+ {
2410
+ kind: "github_actions",
2411
+ target: "LucernAI/lucern",
2412
+ environmentPolicy: "environment_specific"
2413
+ }
2414
+ ],
2415
+ description: "Lucern-owned Pinecone API key for platform vector search."
2416
+ },
2417
+ {
2418
+ id: "platform.pinecone.index-name",
2419
+ canonicalName: "PINECONE_INDEX_NAME",
2420
+ aliases: ["PINECONE_INDEX"],
2421
+ owner: "lucern_platform",
2422
+ scope: "environment",
2423
+ sourcePath: "/platform/vector/pinecone",
2424
+ environmentPolicy: "environment_specific",
2425
+ required: false,
2426
+ secret: false,
2427
+ public: false,
2428
+ consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
2429
+ destinations: [
2430
+ {
2431
+ kind: "runtime_fetch",
2432
+ target: "lucern-ai-runtime",
2433
+ environmentPolicy: "environment_specific"
2434
+ },
2435
+ {
2436
+ kind: "github_actions",
2437
+ target: "LucernAI/lucern",
2438
+ environmentPolicy: "environment_specific"
2439
+ }
2440
+ ],
2441
+ description: "Lucern-owned Pinecone index name."
2442
+ },
2443
+ {
2444
+ id: "platform.pinecone.host",
2445
+ canonicalName: "PINECONE_HOST",
2446
+ aliases: ["PINECONE_INDEX_HOST"],
2447
+ owner: "lucern_platform",
2448
+ scope: "environment",
2449
+ sourcePath: "/platform/vector/pinecone",
2450
+ environmentPolicy: "environment_specific",
2451
+ required: false,
2452
+ secret: false,
2453
+ public: false,
2454
+ consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
2455
+ destinations: [
2456
+ {
2457
+ kind: "runtime_fetch",
2458
+ target: "lucern-ai-runtime",
2459
+ environmentPolicy: "environment_specific"
2460
+ },
2461
+ {
2462
+ kind: "github_actions",
2463
+ target: "LucernAI/lucern",
2464
+ environmentPolicy: "environment_specific"
2465
+ }
2466
+ ],
2467
+ description: "Lucern-owned Pinecone host/index host."
2468
+ }
2469
+ ];
2470
+
2214
2471
  // src/infisical-runtime.tenant-secrets.ts
2215
2472
  var TENANT_SHARED_SECRET_DEFINITION_TEMPLATES = [
2216
2473
  {
@@ -3127,6 +3384,7 @@ var INFISICAL_SECRET_DEFINITIONS = [
3127
3384
  ...PLATFORM_GRAPH_STORE_SECRET_DEFINITIONS,
3128
3385
  ...PLATFORM_VECTOR_STORE_SECRET_DEFINITIONS,
3129
3386
  ...PLATFORM_SENTRY_SECRET_DEFINITIONS,
3387
+ ...PLATFORM_AXIOM_SECRET_DEFINITIONS,
3130
3388
  ...PLATFORM_DEPLOY_AUTOMATION_SECRET_DEFINITIONS,
3131
3389
  ...PLATFORM_LOCAL_OPERATOR_CONFIG_SECRET_DEFINITIONS,
3132
3390
  ...TENANT_SHARED_SECRET_DEFINITIONS,