@lucern/contracts 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/dist/function-registry/worktrees.js +1 -1
  3. package/dist/function-registry/worktrees.js.map +1 -1
  4. package/dist/generated/infisicalRuntimeEnv.js +2815 -336
  5. package/dist/generated/infisicalRuntimeEnv.js.map +1 -1
  6. package/dist/index.js +3250 -510
  7. package/dist/index.js.map +1 -1
  8. package/dist/infisical-runtime.base.d.ts +1 -1
  9. package/dist/infisical-runtime.base.js +3 -0
  10. package/dist/infisical-runtime.base.js.map +1 -1
  11. package/dist/infisical-runtime.contract.d.ts +188 -2
  12. package/dist/infisical-runtime.contract.js +494 -233
  13. package/dist/infisical-runtime.contract.js.map +1 -1
  14. package/dist/infisical-runtime.platform-automation-secrets.d.ts +436 -0
  15. package/dist/infisical-runtime.platform-automation-secrets.js +596 -0
  16. package/dist/infisical-runtime.platform-automation-secrets.js.map +1 -0
  17. package/dist/infisical-runtime.platform-observability-secrets.d.ts +323 -0
  18. package/dist/infisical-runtime.platform-observability-secrets.js +417 -0
  19. package/dist/infisical-runtime.platform-observability-secrets.js.map +1 -0
  20. package/dist/infisical-runtime.platform-ops-secrets.d.ts +4 -569
  21. package/dist/infisical-runtime.platform-ops-secrets.js +440 -183
  22. package/dist/infisical-runtime.platform-ops-secrets.js.map +1 -1
  23. package/dist/infisical-runtime.tenant-secrets.js.map +1 -1
  24. package/dist/manifests/infisical-runtime-manifest.d.ts +188 -2
  25. package/dist/manifests/infisical-runtime-manifest.js +439 -181
  26. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  27. package/dist/proof-attestation.json +1 -1
  28. package/package.json +1 -1
@@ -610,8 +610,11 @@ var INFISICAL_SECRET_ENVIRONMENT_POLICIES = [
610
610
  var INFISICAL_SECRET_CONSUMERS = [
611
611
  "lucern-web",
612
612
  "lucern-gateway",
613
+ "lucern-sdk",
613
614
  "lucern-mcp",
614
615
  "lucern-cli",
616
+ "lucern-agent",
617
+ "lucern-railway-pdp",
615
618
  "lucern-ai-runtime",
616
619
  "lucern-graph-sync",
617
620
  "lucern-observability",
@@ -1358,214 +1361,7 @@ var PLATFORM_LANGFUSE_SECRET_DEFINITIONS = [
1358
1361
  }
1359
1362
  ];
1360
1363
 
1361
- // src/infisical-runtime.platform-ops-secrets.ts
1362
- var PLATFORM_GRAPH_STORE_SECRET_DEFINITIONS = [
1363
- {
1364
- id: "platform.neo4j.uri",
1365
- canonicalName: "NEO4J_URI",
1366
- owner: "lucern_platform",
1367
- scope: "environment",
1368
- sourcePath: "/platform/graph/neo4j",
1369
- environmentPolicy: "environment_specific",
1370
- required: false,
1371
- secret: false,
1372
- public: false,
1373
- consumers: ["lucern-graph-sync", "lucern-repo-ci"],
1374
- destinations: [
1375
- {
1376
- kind: "runtime_fetch",
1377
- target: "lucern-graph-sync",
1378
- environmentPolicy: "environment_specific"
1379
- },
1380
- {
1381
- kind: "github_actions",
1382
- target: "LucernAI/lucern",
1383
- environmentPolicy: "environment_specific"
1384
- }
1385
- ],
1386
- description: "Lucern-owned Neo4j URI for platform graph-sync surfaces."
1387
- },
1388
- {
1389
- id: "platform.neo4j.user",
1390
- canonicalName: "NEO4J_USER",
1391
- aliases: ["NEO4J_USERNAME"],
1392
- owner: "lucern_platform",
1393
- scope: "environment",
1394
- sourcePath: "/platform/graph/neo4j",
1395
- environmentPolicy: "environment_specific",
1396
- required: false,
1397
- secret: false,
1398
- public: false,
1399
- consumers: ["lucern-graph-sync", "lucern-repo-ci"],
1400
- destinations: [
1401
- {
1402
- kind: "runtime_fetch",
1403
- target: "lucern-graph-sync",
1404
- environmentPolicy: "environment_specific"
1405
- },
1406
- {
1407
- kind: "github_actions",
1408
- target: "LucernAI/lucern",
1409
- environmentPolicy: "environment_specific"
1410
- }
1411
- ],
1412
- description: "Lucern-owned Neo4j username for platform graph-sync surfaces."
1413
- },
1414
- {
1415
- id: "platform.neo4j.password",
1416
- canonicalName: "NEO4J_PASSWORD",
1417
- owner: "lucern_platform",
1418
- scope: "environment",
1419
- sourcePath: "/platform/graph/neo4j",
1420
- environmentPolicy: "environment_specific",
1421
- required: false,
1422
- secret: true,
1423
- public: false,
1424
- consumers: ["lucern-graph-sync", "lucern-repo-ci"],
1425
- destinations: [
1426
- {
1427
- kind: "runtime_fetch",
1428
- target: "lucern-graph-sync",
1429
- environmentPolicy: "environment_specific"
1430
- },
1431
- {
1432
- kind: "github_actions",
1433
- target: "LucernAI/lucern",
1434
- environmentPolicy: "environment_specific"
1435
- }
1436
- ],
1437
- description: "Lucern-owned Neo4j password for platform graph-sync surfaces."
1438
- },
1439
- {
1440
- id: "platform.neo4j.sync-secret",
1441
- canonicalName: "NEO4J_SYNC_SECRET",
1442
- owner: "lucern_platform",
1443
- scope: "environment",
1444
- sourcePath: "/platform/graph/neo4j",
1445
- environmentPolicy: "environment_specific",
1446
- required: false,
1447
- secret: true,
1448
- public: false,
1449
- consumers: ["lucern-graph-sync", "lucern-repo-ci"],
1450
- destinations: [
1451
- {
1452
- kind: "runtime_fetch",
1453
- target: "lucern-graph-sync",
1454
- environmentPolicy: "environment_specific"
1455
- },
1456
- {
1457
- kind: "github_actions",
1458
- target: "LucernAI/lucern",
1459
- environmentPolicy: "environment_specific"
1460
- }
1461
- ],
1462
- description: "Shared secret protecting Lucern-owned graph-sync HTTP/query proxy calls."
1463
- },
1464
- {
1465
- id: "platform.neo4j.database",
1466
- canonicalName: "NEO4J_DATABASE",
1467
- owner: "lucern_platform",
1468
- scope: "environment",
1469
- sourcePath: "/platform/graph/neo4j",
1470
- environmentPolicy: "environment_specific",
1471
- required: false,
1472
- secret: false,
1473
- public: false,
1474
- consumers: ["lucern-graph-sync", "lucern-repo-ci"],
1475
- destinations: [
1476
- {
1477
- kind: "runtime_fetch",
1478
- target: "lucern-graph-sync",
1479
- environmentPolicy: "environment_specific"
1480
- },
1481
- {
1482
- kind: "github_actions",
1483
- target: "LucernAI/lucern",
1484
- environmentPolicy: "environment_specific"
1485
- }
1486
- ],
1487
- description: "Optional Neo4j database name for Lucern-owned graph-sync surfaces."
1488
- }
1489
- ];
1490
- var PLATFORM_VECTOR_STORE_SECRET_DEFINITIONS = [
1491
- {
1492
- id: "platform.pinecone.api-key",
1493
- canonicalName: "PINECONE_API_KEY",
1494
- owner: "lucern_platform",
1495
- scope: "environment",
1496
- sourcePath: "/platform/vector/pinecone",
1497
- environmentPolicy: "environment_specific",
1498
- required: false,
1499
- secret: true,
1500
- public: false,
1501
- consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
1502
- destinations: [
1503
- {
1504
- kind: "runtime_fetch",
1505
- target: "lucern-ai-runtime",
1506
- environmentPolicy: "environment_specific"
1507
- },
1508
- {
1509
- kind: "github_actions",
1510
- target: "LucernAI/lucern",
1511
- environmentPolicy: "environment_specific"
1512
- }
1513
- ],
1514
- description: "Lucern-owned Pinecone API key for platform vector search."
1515
- },
1516
- {
1517
- id: "platform.pinecone.index-name",
1518
- canonicalName: "PINECONE_INDEX_NAME",
1519
- aliases: ["PINECONE_INDEX"],
1520
- owner: "lucern_platform",
1521
- scope: "environment",
1522
- sourcePath: "/platform/vector/pinecone",
1523
- environmentPolicy: "environment_specific",
1524
- required: false,
1525
- secret: false,
1526
- public: false,
1527
- consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
1528
- destinations: [
1529
- {
1530
- kind: "runtime_fetch",
1531
- target: "lucern-ai-runtime",
1532
- environmentPolicy: "environment_specific"
1533
- },
1534
- {
1535
- kind: "github_actions",
1536
- target: "LucernAI/lucern",
1537
- environmentPolicy: "environment_specific"
1538
- }
1539
- ],
1540
- description: "Lucern-owned Pinecone index name."
1541
- },
1542
- {
1543
- id: "platform.pinecone.host",
1544
- canonicalName: "PINECONE_HOST",
1545
- aliases: ["PINECONE_INDEX_HOST"],
1546
- owner: "lucern_platform",
1547
- scope: "environment",
1548
- sourcePath: "/platform/vector/pinecone",
1549
- environmentPolicy: "environment_specific",
1550
- required: false,
1551
- secret: false,
1552
- public: false,
1553
- consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
1554
- destinations: [
1555
- {
1556
- kind: "runtime_fetch",
1557
- target: "lucern-ai-runtime",
1558
- environmentPolicy: "environment_specific"
1559
- },
1560
- {
1561
- kind: "github_actions",
1562
- target: "LucernAI/lucern",
1563
- environmentPolicy: "environment_specific"
1564
- }
1565
- ],
1566
- description: "Lucern-owned Pinecone host/index host."
1567
- }
1568
- ];
1364
+ // src/infisical-runtime.platform-observability-secrets.ts
1569
1365
  var PLATFORM_SENTRY_SECRET_DEFINITIONS = [
1570
1366
  {
1571
1367
  id: "platform.sentry.dsn",
@@ -1700,7 +1496,7 @@ var PLATFORM_SENTRY_SECRET_DEFINITIONS = [
1700
1496
  {
1701
1497
  id: "platform.sentry.release",
1702
1498
  canonicalName: "SENTRY_RELEASE",
1703
- aliases: ["NEXT_PUBLIC_SENTRY_RELEASE"],
1499
+ aliases: ["LUCERN_RELEASE", "NEXT_PUBLIC_SENTRY_RELEASE"],
1704
1500
  owner: "provider",
1705
1501
  scope: "environment",
1706
1502
  sourcePath: "/platform/observability/sentry",
@@ -1714,7 +1510,11 @@ var PLATFORM_SENTRY_SECRET_DEFINITIONS = [
1714
1510
  kind: "vercel",
1715
1511
  target: "lucern",
1716
1512
  environmentPolicy: "environment_specific",
1717
- writeNames: ["SENTRY_RELEASE", "NEXT_PUBLIC_SENTRY_RELEASE"]
1513
+ writeNames: [
1514
+ "LUCERN_RELEASE",
1515
+ "SENTRY_RELEASE",
1516
+ "NEXT_PUBLIC_SENTRY_RELEASE"
1517
+ ]
1718
1518
  },
1719
1519
  {
1720
1520
  kind: "vercel",
@@ -1725,50 +1525,301 @@ var PLATFORM_SENTRY_SECRET_DEFINITIONS = [
1725
1525
  description: "Lucern-owned Sentry release name."
1726
1526
  }
1727
1527
  ];
1728
- var PLATFORM_DEPLOY_AUTOMATION_SECRET_DEFINITIONS = [
1528
+ var PLATFORM_AXIOM_SECRET_DEFINITIONS = [
1729
1529
  {
1730
- id: "platform.deploy.vercel-token",
1731
- canonicalName: "VERCEL_TOKEN",
1530
+ id: "platform.axiom.token",
1531
+ canonicalName: "AXIOM_TOKEN",
1532
+ aliases: ["LUCERN_AXIOM_TOKEN"],
1732
1533
  owner: "provider",
1733
- scope: "global",
1734
- sourcePath: "/platform/deploy/vercel",
1735
- environmentPolicy: "same_all_environments",
1534
+ scope: "environment",
1535
+ sourcePath: "/platform/observability",
1536
+ environmentPolicy: "environment_specific",
1736
1537
  required: false,
1737
1538
  secret: true,
1738
1539
  public: false,
1739
- consumers: ["lucern-repo-ci"],
1540
+ consumers: [
1541
+ "lucern-cli",
1542
+ "lucern-gateway",
1543
+ "lucern-sdk",
1544
+ "lucern-mcp",
1545
+ "lucern-agent",
1546
+ "lucern-railway-pdp",
1547
+ "lucern-repo-ci",
1548
+ "lucern-observability"
1549
+ ],
1740
1550
  destinations: [
1551
+ {
1552
+ kind: "runtime_fetch",
1553
+ target: "lucern-cli-mcp-sdk",
1554
+ environmentPolicy: "environment_specific"
1555
+ },
1556
+ {
1557
+ kind: "vercel",
1558
+ target: "lucern-gateway",
1559
+ environmentPolicy: "environment_specific"
1560
+ },
1741
1561
  {
1742
1562
  kind: "github_actions",
1743
1563
  target: "LucernAI/lucern",
1744
- environmentPolicy: "same_all_environments"
1564
+ environmentPolicy: "environment_specific"
1745
1565
  },
1746
1566
  {
1747
1567
  kind: "operator_local",
1748
- target: "secret-sync-writer",
1749
- environmentPolicy: "same_all_environments"
1568
+ target: "lucern-repo",
1569
+ environmentPolicy: "environment_specific"
1750
1570
  }
1751
1571
  ],
1752
- description: "Vercel API token for the future reviewed live writer. Never copy into tenant apps."
1572
+ description: "Axiom ingest/query token for Lucern operational telemetry. Runtime code must treat it as write/query telemetry authority, not graph-state authority."
1753
1573
  },
1754
1574
  {
1755
- id: "platform.deploy.vercel-token.stack",
1756
- canonicalName: "STACK_VERCEL_TOKEN",
1575
+ id: "platform.axiom.events-dataset",
1576
+ canonicalName: "LUCERN_AXIOM_EVENTS_DATASET",
1577
+ aliases: ["AXIOM_DATASET", "AXIOM_EVENTS_DATASET", "LUCERN_AXIOM_DATASET"],
1757
1578
  owner: "provider",
1758
- scope: "global",
1759
- sourcePath: "/platform/deploy/vercel",
1760
- environmentPolicy: "same_all_environments",
1579
+ scope: "environment",
1580
+ sourcePath: "/platform/observability",
1581
+ environmentPolicy: "environment_specific",
1761
1582
  required: false,
1762
- secret: true,
1583
+ secret: false,
1763
1584
  public: false,
1764
- consumers: ["lucern-repo-ci"],
1585
+ consumers: [
1586
+ "lucern-cli",
1587
+ "lucern-gateway",
1588
+ "lucern-sdk",
1589
+ "lucern-mcp",
1590
+ "lucern-agent",
1591
+ "lucern-railway-pdp",
1592
+ "lucern-repo-ci",
1593
+ "lucern-observability"
1594
+ ],
1765
1595
  destinations: [
1766
1596
  {
1767
- kind: "operator_local",
1768
- target: "secret-sync-writer",
1769
- environmentPolicy: "same_all_environments"
1770
- }
1771
- ],
1597
+ kind: "runtime_fetch",
1598
+ target: "lucern-cli-mcp-sdk",
1599
+ environmentPolicy: "environment_specific"
1600
+ },
1601
+ {
1602
+ kind: "vercel",
1603
+ target: "lucern-gateway",
1604
+ environmentPolicy: "environment_specific"
1605
+ },
1606
+ {
1607
+ kind: "github_actions",
1608
+ target: "LucernAI/lucern",
1609
+ environmentPolicy: "environment_specific"
1610
+ },
1611
+ {
1612
+ kind: "operator_local",
1613
+ target: "lucern-repo",
1614
+ environmentPolicy: "environment_specific"
1615
+ }
1616
+ ],
1617
+ description: "Primary Axiom event dataset for non-sensitive CLI, gateway, SDK retry, PDP, deploy, and agent-run telemetry."
1618
+ },
1619
+ {
1620
+ id: "platform.axiom.logs-dataset",
1621
+ canonicalName: "LUCERN_AXIOM_LOGS_DATASET",
1622
+ aliases: ["AXIOM_LOGS_DATASET"],
1623
+ owner: "provider",
1624
+ scope: "environment",
1625
+ sourcePath: "/platform/observability",
1626
+ environmentPolicy: "environment_specific",
1627
+ required: false,
1628
+ secret: false,
1629
+ public: false,
1630
+ consumers: ["lucern-observability", "lucern-gateway", "lucern-repo-ci"],
1631
+ destinations: [
1632
+ {
1633
+ kind: "runtime_fetch",
1634
+ target: "lucern-cli-mcp-sdk",
1635
+ environmentPolicy: "environment_specific"
1636
+ },
1637
+ {
1638
+ kind: "vercel",
1639
+ target: "lucern-gateway",
1640
+ environmentPolicy: "environment_specific"
1641
+ },
1642
+ {
1643
+ kind: "github_actions",
1644
+ target: "LucernAI/lucern",
1645
+ environmentPolicy: "environment_specific"
1646
+ }
1647
+ ],
1648
+ description: "Axiom OpenTelemetry log dataset for Lucern services."
1649
+ },
1650
+ {
1651
+ id: "platform.axiom.traces-dataset",
1652
+ canonicalName: "LUCERN_AXIOM_TRACES_DATASET",
1653
+ aliases: ["AXIOM_TRACES_DATASET"],
1654
+ owner: "provider",
1655
+ scope: "environment",
1656
+ sourcePath: "/platform/observability",
1657
+ environmentPolicy: "environment_specific",
1658
+ required: false,
1659
+ secret: false,
1660
+ public: false,
1661
+ consumers: ["lucern-observability", "lucern-gateway", "lucern-repo-ci"],
1662
+ destinations: [
1663
+ {
1664
+ kind: "runtime_fetch",
1665
+ target: "lucern-cli-mcp-sdk",
1666
+ environmentPolicy: "environment_specific"
1667
+ },
1668
+ {
1669
+ kind: "vercel",
1670
+ target: "lucern-gateway",
1671
+ environmentPolicy: "environment_specific"
1672
+ },
1673
+ {
1674
+ kind: "github_actions",
1675
+ target: "LucernAI/lucern",
1676
+ environmentPolicy: "environment_specific"
1677
+ }
1678
+ ],
1679
+ description: "Axiom OpenTelemetry trace dataset for Lucern services."
1680
+ },
1681
+ {
1682
+ id: "platform.axiom.metrics-dataset",
1683
+ canonicalName: "LUCERN_AXIOM_METRICS_DATASET",
1684
+ aliases: ["AXIOM_METRICS_DATASET"],
1685
+ owner: "provider",
1686
+ scope: "environment",
1687
+ sourcePath: "/platform/observability",
1688
+ environmentPolicy: "environment_specific",
1689
+ required: false,
1690
+ secret: false,
1691
+ public: false,
1692
+ consumers: ["lucern-observability", "lucern-gateway", "lucern-repo-ci"],
1693
+ destinations: [
1694
+ {
1695
+ kind: "runtime_fetch",
1696
+ target: "lucern-cli-mcp-sdk",
1697
+ environmentPolicy: "environment_specific"
1698
+ },
1699
+ {
1700
+ kind: "vercel",
1701
+ target: "lucern-gateway",
1702
+ environmentPolicy: "environment_specific"
1703
+ },
1704
+ {
1705
+ kind: "github_actions",
1706
+ target: "LucernAI/lucern",
1707
+ environmentPolicy: "environment_specific"
1708
+ }
1709
+ ],
1710
+ description: "Axiom OpenTelemetry metric dataset for Lucern services."
1711
+ },
1712
+ {
1713
+ id: "platform.axiom.api-url",
1714
+ canonicalName: "LUCERN_AXIOM_API_URL",
1715
+ aliases: ["AXIOM_URL"],
1716
+ owner: "provider",
1717
+ scope: "environment",
1718
+ sourcePath: "/platform/observability",
1719
+ environmentPolicy: "environment_specific",
1720
+ required: false,
1721
+ secret: false,
1722
+ public: false,
1723
+ consumers: [
1724
+ "lucern-cli",
1725
+ "lucern-gateway",
1726
+ "lucern-sdk",
1727
+ "lucern-mcp",
1728
+ "lucern-agent",
1729
+ "lucern-repo-ci"
1730
+ ],
1731
+ destinations: [
1732
+ {
1733
+ kind: "runtime_fetch",
1734
+ target: "lucern-cli-mcp-sdk",
1735
+ environmentPolicy: "environment_specific"
1736
+ },
1737
+ {
1738
+ kind: "vercel",
1739
+ target: "lucern-gateway",
1740
+ environmentPolicy: "environment_specific"
1741
+ },
1742
+ {
1743
+ kind: "operator_local",
1744
+ target: "lucern-repo",
1745
+ environmentPolicy: "environment_specific"
1746
+ }
1747
+ ],
1748
+ description: "Axiom API URL. Defaults to https://api.axiom.co when unset."
1749
+ },
1750
+ {
1751
+ id: "platform.axiom.otlp-endpoint",
1752
+ canonicalName: "OTEL_EXPORTER_OTLP_ENDPOINT",
1753
+ aliases: ["LUCERN_AXIOM_OTLP_ENDPOINT"],
1754
+ owner: "provider",
1755
+ scope: "environment",
1756
+ sourcePath: "/platform/observability",
1757
+ environmentPolicy: "environment_specific",
1758
+ required: false,
1759
+ secret: false,
1760
+ public: false,
1761
+ consumers: ["lucern-gateway", "lucern-railway-pdp", "lucern-observability"],
1762
+ destinations: [
1763
+ {
1764
+ kind: "vercel",
1765
+ target: "lucern-gateway",
1766
+ environmentPolicy: "environment_specific"
1767
+ },
1768
+ {
1769
+ kind: "operator_local",
1770
+ target: "lucern-repo",
1771
+ environmentPolicy: "environment_specific"
1772
+ }
1773
+ ],
1774
+ description: "OTLP endpoint used by services that emit OpenTelemetry logs, metrics, and traces to Axiom."
1775
+ }
1776
+ ];
1777
+
1778
+ // src/infisical-runtime.platform-automation-secrets.ts
1779
+ var PLATFORM_DEPLOY_AUTOMATION_SECRET_DEFINITIONS = [
1780
+ {
1781
+ id: "platform.deploy.vercel-token",
1782
+ canonicalName: "VERCEL_TOKEN",
1783
+ owner: "provider",
1784
+ scope: "global",
1785
+ sourcePath: "/platform/deploy/vercel",
1786
+ environmentPolicy: "same_all_environments",
1787
+ required: false,
1788
+ secret: true,
1789
+ public: false,
1790
+ consumers: ["lucern-repo-ci"],
1791
+ destinations: [
1792
+ {
1793
+ kind: "github_actions",
1794
+ target: "LucernAI/lucern",
1795
+ environmentPolicy: "same_all_environments"
1796
+ },
1797
+ {
1798
+ kind: "operator_local",
1799
+ target: "secret-sync-writer",
1800
+ environmentPolicy: "same_all_environments"
1801
+ }
1802
+ ],
1803
+ description: "Vercel API token for the future reviewed live writer. Never copy into tenant apps."
1804
+ },
1805
+ {
1806
+ id: "platform.deploy.vercel-token.stack",
1807
+ canonicalName: "STACK_VERCEL_TOKEN",
1808
+ owner: "provider",
1809
+ scope: "global",
1810
+ sourcePath: "/platform/deploy/vercel",
1811
+ environmentPolicy: "same_all_environments",
1812
+ required: false,
1813
+ secret: true,
1814
+ public: false,
1815
+ consumers: ["lucern-repo-ci"],
1816
+ destinations: [
1817
+ {
1818
+ kind: "operator_local",
1819
+ target: "secret-sync-writer",
1820
+ environmentPolicy: "same_all_environments"
1821
+ }
1822
+ ],
1772
1823
  description: "Stack Vercel API token for manifest-scoped Stack tenant Vercel secret sync. Never copy into tenant apps."
1773
1824
  },
1774
1825
  {
@@ -2317,6 +2368,215 @@ var PLATFORM_LOCAL_OPERATOR_CONFIG_SECRET_DEFINITIONS = [
2317
2368
  }
2318
2369
  ];
2319
2370
 
2371
+ // src/infisical-runtime.platform-ops-secrets.ts
2372
+ var PLATFORM_GRAPH_STORE_SECRET_DEFINITIONS = [
2373
+ {
2374
+ id: "platform.neo4j.uri",
2375
+ canonicalName: "NEO4J_URI",
2376
+ owner: "lucern_platform",
2377
+ scope: "environment",
2378
+ sourcePath: "/platform/graph/neo4j",
2379
+ environmentPolicy: "environment_specific",
2380
+ required: false,
2381
+ secret: false,
2382
+ public: false,
2383
+ consumers: ["lucern-graph-sync", "lucern-repo-ci"],
2384
+ destinations: [
2385
+ {
2386
+ kind: "runtime_fetch",
2387
+ target: "lucern-graph-sync",
2388
+ environmentPolicy: "environment_specific"
2389
+ },
2390
+ {
2391
+ kind: "github_actions",
2392
+ target: "LucernAI/lucern",
2393
+ environmentPolicy: "environment_specific"
2394
+ }
2395
+ ],
2396
+ description: "Lucern-owned Neo4j URI for platform graph-sync surfaces."
2397
+ },
2398
+ {
2399
+ id: "platform.neo4j.user",
2400
+ canonicalName: "NEO4J_USER",
2401
+ aliases: ["NEO4J_USERNAME"],
2402
+ owner: "lucern_platform",
2403
+ scope: "environment",
2404
+ sourcePath: "/platform/graph/neo4j",
2405
+ environmentPolicy: "environment_specific",
2406
+ required: false,
2407
+ secret: false,
2408
+ public: false,
2409
+ consumers: ["lucern-graph-sync", "lucern-repo-ci"],
2410
+ destinations: [
2411
+ {
2412
+ kind: "runtime_fetch",
2413
+ target: "lucern-graph-sync",
2414
+ environmentPolicy: "environment_specific"
2415
+ },
2416
+ {
2417
+ kind: "github_actions",
2418
+ target: "LucernAI/lucern",
2419
+ environmentPolicy: "environment_specific"
2420
+ }
2421
+ ],
2422
+ description: "Lucern-owned Neo4j username for platform graph-sync surfaces."
2423
+ },
2424
+ {
2425
+ id: "platform.neo4j.password",
2426
+ canonicalName: "NEO4J_PASSWORD",
2427
+ owner: "lucern_platform",
2428
+ scope: "environment",
2429
+ sourcePath: "/platform/graph/neo4j",
2430
+ environmentPolicy: "environment_specific",
2431
+ required: false,
2432
+ secret: true,
2433
+ public: false,
2434
+ consumers: ["lucern-graph-sync", "lucern-repo-ci"],
2435
+ destinations: [
2436
+ {
2437
+ kind: "runtime_fetch",
2438
+ target: "lucern-graph-sync",
2439
+ environmentPolicy: "environment_specific"
2440
+ },
2441
+ {
2442
+ kind: "github_actions",
2443
+ target: "LucernAI/lucern",
2444
+ environmentPolicy: "environment_specific"
2445
+ }
2446
+ ],
2447
+ description: "Lucern-owned Neo4j password for platform graph-sync surfaces."
2448
+ },
2449
+ {
2450
+ id: "platform.neo4j.sync-secret",
2451
+ canonicalName: "NEO4J_SYNC_SECRET",
2452
+ owner: "lucern_platform",
2453
+ scope: "environment",
2454
+ sourcePath: "/platform/graph/neo4j",
2455
+ environmentPolicy: "environment_specific",
2456
+ required: false,
2457
+ secret: true,
2458
+ public: false,
2459
+ consumers: ["lucern-graph-sync", "lucern-repo-ci"],
2460
+ destinations: [
2461
+ {
2462
+ kind: "runtime_fetch",
2463
+ target: "lucern-graph-sync",
2464
+ environmentPolicy: "environment_specific"
2465
+ },
2466
+ {
2467
+ kind: "github_actions",
2468
+ target: "LucernAI/lucern",
2469
+ environmentPolicy: "environment_specific"
2470
+ }
2471
+ ],
2472
+ description: "Shared secret protecting Lucern-owned graph-sync HTTP/query proxy calls."
2473
+ },
2474
+ {
2475
+ id: "platform.neo4j.database",
2476
+ canonicalName: "NEO4J_DATABASE",
2477
+ owner: "lucern_platform",
2478
+ scope: "environment",
2479
+ sourcePath: "/platform/graph/neo4j",
2480
+ environmentPolicy: "environment_specific",
2481
+ required: false,
2482
+ secret: false,
2483
+ public: false,
2484
+ consumers: ["lucern-graph-sync", "lucern-repo-ci"],
2485
+ destinations: [
2486
+ {
2487
+ kind: "runtime_fetch",
2488
+ target: "lucern-graph-sync",
2489
+ environmentPolicy: "environment_specific"
2490
+ },
2491
+ {
2492
+ kind: "github_actions",
2493
+ target: "LucernAI/lucern",
2494
+ environmentPolicy: "environment_specific"
2495
+ }
2496
+ ],
2497
+ description: "Optional Neo4j database name for Lucern-owned graph-sync surfaces."
2498
+ }
2499
+ ];
2500
+ var PLATFORM_VECTOR_STORE_SECRET_DEFINITIONS = [
2501
+ {
2502
+ id: "platform.pinecone.api-key",
2503
+ canonicalName: "PINECONE_API_KEY",
2504
+ owner: "lucern_platform",
2505
+ scope: "environment",
2506
+ sourcePath: "/platform/vector/pinecone",
2507
+ environmentPolicy: "environment_specific",
2508
+ required: false,
2509
+ secret: true,
2510
+ public: false,
2511
+ consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
2512
+ destinations: [
2513
+ {
2514
+ kind: "runtime_fetch",
2515
+ target: "lucern-ai-runtime",
2516
+ environmentPolicy: "environment_specific"
2517
+ },
2518
+ {
2519
+ kind: "github_actions",
2520
+ target: "LucernAI/lucern",
2521
+ environmentPolicy: "environment_specific"
2522
+ }
2523
+ ],
2524
+ description: "Lucern-owned Pinecone API key for platform vector search."
2525
+ },
2526
+ {
2527
+ id: "platform.pinecone.index-name",
2528
+ canonicalName: "PINECONE_INDEX_NAME",
2529
+ aliases: ["PINECONE_INDEX"],
2530
+ owner: "lucern_platform",
2531
+ scope: "environment",
2532
+ sourcePath: "/platform/vector/pinecone",
2533
+ environmentPolicy: "environment_specific",
2534
+ required: false,
2535
+ secret: false,
2536
+ public: false,
2537
+ consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
2538
+ destinations: [
2539
+ {
2540
+ kind: "runtime_fetch",
2541
+ target: "lucern-ai-runtime",
2542
+ environmentPolicy: "environment_specific"
2543
+ },
2544
+ {
2545
+ kind: "github_actions",
2546
+ target: "LucernAI/lucern",
2547
+ environmentPolicy: "environment_specific"
2548
+ }
2549
+ ],
2550
+ description: "Lucern-owned Pinecone index name."
2551
+ },
2552
+ {
2553
+ id: "platform.pinecone.host",
2554
+ canonicalName: "PINECONE_HOST",
2555
+ aliases: ["PINECONE_INDEX_HOST"],
2556
+ owner: "lucern_platform",
2557
+ scope: "environment",
2558
+ sourcePath: "/platform/vector/pinecone",
2559
+ environmentPolicy: "environment_specific",
2560
+ required: false,
2561
+ secret: false,
2562
+ public: false,
2563
+ consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
2564
+ destinations: [
2565
+ {
2566
+ kind: "runtime_fetch",
2567
+ target: "lucern-ai-runtime",
2568
+ environmentPolicy: "environment_specific"
2569
+ },
2570
+ {
2571
+ kind: "github_actions",
2572
+ target: "LucernAI/lucern",
2573
+ environmentPolicy: "environment_specific"
2574
+ }
2575
+ ],
2576
+ description: "Lucern-owned Pinecone host/index host."
2577
+ }
2578
+ ];
2579
+
2320
2580
  // src/infisical-runtime.tenant-secrets.ts
2321
2581
  var TENANT_SHARED_SECRET_DEFINITION_TEMPLATES = [
2322
2582
  {
@@ -3233,6 +3493,7 @@ var INFISICAL_SECRET_DEFINITIONS = [
3233
3493
  ...PLATFORM_GRAPH_STORE_SECRET_DEFINITIONS,
3234
3494
  ...PLATFORM_VECTOR_STORE_SECRET_DEFINITIONS,
3235
3495
  ...PLATFORM_SENTRY_SECRET_DEFINITIONS,
3496
+ ...PLATFORM_AXIOM_SECRET_DEFINITIONS,
3236
3497
  ...PLATFORM_DEPLOY_AUTOMATION_SECRET_DEFINITIONS,
3237
3498
  ...PLATFORM_LOCAL_OPERATOR_CONFIG_SECRET_DEFINITIONS,
3238
3499
  ...TENANT_SHARED_SECRET_DEFINITIONS,