@lucern/contracts 1.0.1 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/dist/function-registry/worktrees.js +1 -1
- package/dist/function-registry/worktrees.js.map +1 -1
- package/dist/generated/infisicalRuntimeEnv.js +2815 -336
- package/dist/generated/infisicalRuntimeEnv.js.map +1 -1
- package/dist/index.js +3250 -510
- package/dist/index.js.map +1 -1
- package/dist/infisical-runtime.base.d.ts +1 -1
- package/dist/infisical-runtime.base.js +3 -0
- package/dist/infisical-runtime.base.js.map +1 -1
- package/dist/infisical-runtime.contract.d.ts +188 -2
- package/dist/infisical-runtime.contract.js +494 -233
- package/dist/infisical-runtime.contract.js.map +1 -1
- package/dist/infisical-runtime.platform-automation-secrets.d.ts +436 -0
- package/dist/infisical-runtime.platform-automation-secrets.js +596 -0
- package/dist/infisical-runtime.platform-automation-secrets.js.map +1 -0
- package/dist/infisical-runtime.platform-observability-secrets.d.ts +323 -0
- package/dist/infisical-runtime.platform-observability-secrets.js +417 -0
- package/dist/infisical-runtime.platform-observability-secrets.js.map +1 -0
- package/dist/infisical-runtime.platform-ops-secrets.d.ts +4 -569
- package/dist/infisical-runtime.platform-ops-secrets.js +440 -183
- package/dist/infisical-runtime.platform-ops-secrets.js.map +1 -1
- package/dist/infisical-runtime.tenant-secrets.js.map +1 -1
- package/dist/manifests/infisical-runtime-manifest.d.ts +188 -2
- package/dist/manifests/infisical-runtime-manifest.js +439 -181
- package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
- package/dist/proof-attestation.json +1 -1
- package/package.json +1 -1
|
@@ -610,8 +610,11 @@ var INFISICAL_SECRET_ENVIRONMENT_POLICIES = [
|
|
|
610
610
|
var INFISICAL_SECRET_CONSUMERS = [
|
|
611
611
|
"lucern-web",
|
|
612
612
|
"lucern-gateway",
|
|
613
|
+
"lucern-sdk",
|
|
613
614
|
"lucern-mcp",
|
|
614
615
|
"lucern-cli",
|
|
616
|
+
"lucern-agent",
|
|
617
|
+
"lucern-railway-pdp",
|
|
615
618
|
"lucern-ai-runtime",
|
|
616
619
|
"lucern-graph-sync",
|
|
617
620
|
"lucern-observability",
|
|
@@ -1358,214 +1361,7 @@ var PLATFORM_LANGFUSE_SECRET_DEFINITIONS = [
|
|
|
1358
1361
|
}
|
|
1359
1362
|
];
|
|
1360
1363
|
|
|
1361
|
-
// src/infisical-runtime.platform-
|
|
1362
|
-
var PLATFORM_GRAPH_STORE_SECRET_DEFINITIONS = [
|
|
1363
|
-
{
|
|
1364
|
-
id: "platform.neo4j.uri",
|
|
1365
|
-
canonicalName: "NEO4J_URI",
|
|
1366
|
-
owner: "lucern_platform",
|
|
1367
|
-
scope: "environment",
|
|
1368
|
-
sourcePath: "/platform/graph/neo4j",
|
|
1369
|
-
environmentPolicy: "environment_specific",
|
|
1370
|
-
required: false,
|
|
1371
|
-
secret: false,
|
|
1372
|
-
public: false,
|
|
1373
|
-
consumers: ["lucern-graph-sync", "lucern-repo-ci"],
|
|
1374
|
-
destinations: [
|
|
1375
|
-
{
|
|
1376
|
-
kind: "runtime_fetch",
|
|
1377
|
-
target: "lucern-graph-sync",
|
|
1378
|
-
environmentPolicy: "environment_specific"
|
|
1379
|
-
},
|
|
1380
|
-
{
|
|
1381
|
-
kind: "github_actions",
|
|
1382
|
-
target: "LucernAI/lucern",
|
|
1383
|
-
environmentPolicy: "environment_specific"
|
|
1384
|
-
}
|
|
1385
|
-
],
|
|
1386
|
-
description: "Lucern-owned Neo4j URI for platform graph-sync surfaces."
|
|
1387
|
-
},
|
|
1388
|
-
{
|
|
1389
|
-
id: "platform.neo4j.user",
|
|
1390
|
-
canonicalName: "NEO4J_USER",
|
|
1391
|
-
aliases: ["NEO4J_USERNAME"],
|
|
1392
|
-
owner: "lucern_platform",
|
|
1393
|
-
scope: "environment",
|
|
1394
|
-
sourcePath: "/platform/graph/neo4j",
|
|
1395
|
-
environmentPolicy: "environment_specific",
|
|
1396
|
-
required: false,
|
|
1397
|
-
secret: false,
|
|
1398
|
-
public: false,
|
|
1399
|
-
consumers: ["lucern-graph-sync", "lucern-repo-ci"],
|
|
1400
|
-
destinations: [
|
|
1401
|
-
{
|
|
1402
|
-
kind: "runtime_fetch",
|
|
1403
|
-
target: "lucern-graph-sync",
|
|
1404
|
-
environmentPolicy: "environment_specific"
|
|
1405
|
-
},
|
|
1406
|
-
{
|
|
1407
|
-
kind: "github_actions",
|
|
1408
|
-
target: "LucernAI/lucern",
|
|
1409
|
-
environmentPolicy: "environment_specific"
|
|
1410
|
-
}
|
|
1411
|
-
],
|
|
1412
|
-
description: "Lucern-owned Neo4j username for platform graph-sync surfaces."
|
|
1413
|
-
},
|
|
1414
|
-
{
|
|
1415
|
-
id: "platform.neo4j.password",
|
|
1416
|
-
canonicalName: "NEO4J_PASSWORD",
|
|
1417
|
-
owner: "lucern_platform",
|
|
1418
|
-
scope: "environment",
|
|
1419
|
-
sourcePath: "/platform/graph/neo4j",
|
|
1420
|
-
environmentPolicy: "environment_specific",
|
|
1421
|
-
required: false,
|
|
1422
|
-
secret: true,
|
|
1423
|
-
public: false,
|
|
1424
|
-
consumers: ["lucern-graph-sync", "lucern-repo-ci"],
|
|
1425
|
-
destinations: [
|
|
1426
|
-
{
|
|
1427
|
-
kind: "runtime_fetch",
|
|
1428
|
-
target: "lucern-graph-sync",
|
|
1429
|
-
environmentPolicy: "environment_specific"
|
|
1430
|
-
},
|
|
1431
|
-
{
|
|
1432
|
-
kind: "github_actions",
|
|
1433
|
-
target: "LucernAI/lucern",
|
|
1434
|
-
environmentPolicy: "environment_specific"
|
|
1435
|
-
}
|
|
1436
|
-
],
|
|
1437
|
-
description: "Lucern-owned Neo4j password for platform graph-sync surfaces."
|
|
1438
|
-
},
|
|
1439
|
-
{
|
|
1440
|
-
id: "platform.neo4j.sync-secret",
|
|
1441
|
-
canonicalName: "NEO4J_SYNC_SECRET",
|
|
1442
|
-
owner: "lucern_platform",
|
|
1443
|
-
scope: "environment",
|
|
1444
|
-
sourcePath: "/platform/graph/neo4j",
|
|
1445
|
-
environmentPolicy: "environment_specific",
|
|
1446
|
-
required: false,
|
|
1447
|
-
secret: true,
|
|
1448
|
-
public: false,
|
|
1449
|
-
consumers: ["lucern-graph-sync", "lucern-repo-ci"],
|
|
1450
|
-
destinations: [
|
|
1451
|
-
{
|
|
1452
|
-
kind: "runtime_fetch",
|
|
1453
|
-
target: "lucern-graph-sync",
|
|
1454
|
-
environmentPolicy: "environment_specific"
|
|
1455
|
-
},
|
|
1456
|
-
{
|
|
1457
|
-
kind: "github_actions",
|
|
1458
|
-
target: "LucernAI/lucern",
|
|
1459
|
-
environmentPolicy: "environment_specific"
|
|
1460
|
-
}
|
|
1461
|
-
],
|
|
1462
|
-
description: "Shared secret protecting Lucern-owned graph-sync HTTP/query proxy calls."
|
|
1463
|
-
},
|
|
1464
|
-
{
|
|
1465
|
-
id: "platform.neo4j.database",
|
|
1466
|
-
canonicalName: "NEO4J_DATABASE",
|
|
1467
|
-
owner: "lucern_platform",
|
|
1468
|
-
scope: "environment",
|
|
1469
|
-
sourcePath: "/platform/graph/neo4j",
|
|
1470
|
-
environmentPolicy: "environment_specific",
|
|
1471
|
-
required: false,
|
|
1472
|
-
secret: false,
|
|
1473
|
-
public: false,
|
|
1474
|
-
consumers: ["lucern-graph-sync", "lucern-repo-ci"],
|
|
1475
|
-
destinations: [
|
|
1476
|
-
{
|
|
1477
|
-
kind: "runtime_fetch",
|
|
1478
|
-
target: "lucern-graph-sync",
|
|
1479
|
-
environmentPolicy: "environment_specific"
|
|
1480
|
-
},
|
|
1481
|
-
{
|
|
1482
|
-
kind: "github_actions",
|
|
1483
|
-
target: "LucernAI/lucern",
|
|
1484
|
-
environmentPolicy: "environment_specific"
|
|
1485
|
-
}
|
|
1486
|
-
],
|
|
1487
|
-
description: "Optional Neo4j database name for Lucern-owned graph-sync surfaces."
|
|
1488
|
-
}
|
|
1489
|
-
];
|
|
1490
|
-
var PLATFORM_VECTOR_STORE_SECRET_DEFINITIONS = [
|
|
1491
|
-
{
|
|
1492
|
-
id: "platform.pinecone.api-key",
|
|
1493
|
-
canonicalName: "PINECONE_API_KEY",
|
|
1494
|
-
owner: "lucern_platform",
|
|
1495
|
-
scope: "environment",
|
|
1496
|
-
sourcePath: "/platform/vector/pinecone",
|
|
1497
|
-
environmentPolicy: "environment_specific",
|
|
1498
|
-
required: false,
|
|
1499
|
-
secret: true,
|
|
1500
|
-
public: false,
|
|
1501
|
-
consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
|
|
1502
|
-
destinations: [
|
|
1503
|
-
{
|
|
1504
|
-
kind: "runtime_fetch",
|
|
1505
|
-
target: "lucern-ai-runtime",
|
|
1506
|
-
environmentPolicy: "environment_specific"
|
|
1507
|
-
},
|
|
1508
|
-
{
|
|
1509
|
-
kind: "github_actions",
|
|
1510
|
-
target: "LucernAI/lucern",
|
|
1511
|
-
environmentPolicy: "environment_specific"
|
|
1512
|
-
}
|
|
1513
|
-
],
|
|
1514
|
-
description: "Lucern-owned Pinecone API key for platform vector search."
|
|
1515
|
-
},
|
|
1516
|
-
{
|
|
1517
|
-
id: "platform.pinecone.index-name",
|
|
1518
|
-
canonicalName: "PINECONE_INDEX_NAME",
|
|
1519
|
-
aliases: ["PINECONE_INDEX"],
|
|
1520
|
-
owner: "lucern_platform",
|
|
1521
|
-
scope: "environment",
|
|
1522
|
-
sourcePath: "/platform/vector/pinecone",
|
|
1523
|
-
environmentPolicy: "environment_specific",
|
|
1524
|
-
required: false,
|
|
1525
|
-
secret: false,
|
|
1526
|
-
public: false,
|
|
1527
|
-
consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
|
|
1528
|
-
destinations: [
|
|
1529
|
-
{
|
|
1530
|
-
kind: "runtime_fetch",
|
|
1531
|
-
target: "lucern-ai-runtime",
|
|
1532
|
-
environmentPolicy: "environment_specific"
|
|
1533
|
-
},
|
|
1534
|
-
{
|
|
1535
|
-
kind: "github_actions",
|
|
1536
|
-
target: "LucernAI/lucern",
|
|
1537
|
-
environmentPolicy: "environment_specific"
|
|
1538
|
-
}
|
|
1539
|
-
],
|
|
1540
|
-
description: "Lucern-owned Pinecone index name."
|
|
1541
|
-
},
|
|
1542
|
-
{
|
|
1543
|
-
id: "platform.pinecone.host",
|
|
1544
|
-
canonicalName: "PINECONE_HOST",
|
|
1545
|
-
aliases: ["PINECONE_INDEX_HOST"],
|
|
1546
|
-
owner: "lucern_platform",
|
|
1547
|
-
scope: "environment",
|
|
1548
|
-
sourcePath: "/platform/vector/pinecone",
|
|
1549
|
-
environmentPolicy: "environment_specific",
|
|
1550
|
-
required: false,
|
|
1551
|
-
secret: false,
|
|
1552
|
-
public: false,
|
|
1553
|
-
consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
|
|
1554
|
-
destinations: [
|
|
1555
|
-
{
|
|
1556
|
-
kind: "runtime_fetch",
|
|
1557
|
-
target: "lucern-ai-runtime",
|
|
1558
|
-
environmentPolicy: "environment_specific"
|
|
1559
|
-
},
|
|
1560
|
-
{
|
|
1561
|
-
kind: "github_actions",
|
|
1562
|
-
target: "LucernAI/lucern",
|
|
1563
|
-
environmentPolicy: "environment_specific"
|
|
1564
|
-
}
|
|
1565
|
-
],
|
|
1566
|
-
description: "Lucern-owned Pinecone host/index host."
|
|
1567
|
-
}
|
|
1568
|
-
];
|
|
1364
|
+
// src/infisical-runtime.platform-observability-secrets.ts
|
|
1569
1365
|
var PLATFORM_SENTRY_SECRET_DEFINITIONS = [
|
|
1570
1366
|
{
|
|
1571
1367
|
id: "platform.sentry.dsn",
|
|
@@ -1700,7 +1496,7 @@ var PLATFORM_SENTRY_SECRET_DEFINITIONS = [
|
|
|
1700
1496
|
{
|
|
1701
1497
|
id: "platform.sentry.release",
|
|
1702
1498
|
canonicalName: "SENTRY_RELEASE",
|
|
1703
|
-
aliases: ["NEXT_PUBLIC_SENTRY_RELEASE"],
|
|
1499
|
+
aliases: ["LUCERN_RELEASE", "NEXT_PUBLIC_SENTRY_RELEASE"],
|
|
1704
1500
|
owner: "provider",
|
|
1705
1501
|
scope: "environment",
|
|
1706
1502
|
sourcePath: "/platform/observability/sentry",
|
|
@@ -1714,7 +1510,11 @@ var PLATFORM_SENTRY_SECRET_DEFINITIONS = [
|
|
|
1714
1510
|
kind: "vercel",
|
|
1715
1511
|
target: "lucern",
|
|
1716
1512
|
environmentPolicy: "environment_specific",
|
|
1717
|
-
writeNames: [
|
|
1513
|
+
writeNames: [
|
|
1514
|
+
"LUCERN_RELEASE",
|
|
1515
|
+
"SENTRY_RELEASE",
|
|
1516
|
+
"NEXT_PUBLIC_SENTRY_RELEASE"
|
|
1517
|
+
]
|
|
1718
1518
|
},
|
|
1719
1519
|
{
|
|
1720
1520
|
kind: "vercel",
|
|
@@ -1725,50 +1525,301 @@ var PLATFORM_SENTRY_SECRET_DEFINITIONS = [
|
|
|
1725
1525
|
description: "Lucern-owned Sentry release name."
|
|
1726
1526
|
}
|
|
1727
1527
|
];
|
|
1728
|
-
var
|
|
1528
|
+
var PLATFORM_AXIOM_SECRET_DEFINITIONS = [
|
|
1729
1529
|
{
|
|
1730
|
-
id: "platform.
|
|
1731
|
-
canonicalName: "
|
|
1530
|
+
id: "platform.axiom.token",
|
|
1531
|
+
canonicalName: "AXIOM_TOKEN",
|
|
1532
|
+
aliases: ["LUCERN_AXIOM_TOKEN"],
|
|
1732
1533
|
owner: "provider",
|
|
1733
|
-
scope: "
|
|
1734
|
-
sourcePath: "/platform/
|
|
1735
|
-
environmentPolicy: "
|
|
1534
|
+
scope: "environment",
|
|
1535
|
+
sourcePath: "/platform/observability",
|
|
1536
|
+
environmentPolicy: "environment_specific",
|
|
1736
1537
|
required: false,
|
|
1737
1538
|
secret: true,
|
|
1738
1539
|
public: false,
|
|
1739
|
-
consumers: [
|
|
1540
|
+
consumers: [
|
|
1541
|
+
"lucern-cli",
|
|
1542
|
+
"lucern-gateway",
|
|
1543
|
+
"lucern-sdk",
|
|
1544
|
+
"lucern-mcp",
|
|
1545
|
+
"lucern-agent",
|
|
1546
|
+
"lucern-railway-pdp",
|
|
1547
|
+
"lucern-repo-ci",
|
|
1548
|
+
"lucern-observability"
|
|
1549
|
+
],
|
|
1740
1550
|
destinations: [
|
|
1551
|
+
{
|
|
1552
|
+
kind: "runtime_fetch",
|
|
1553
|
+
target: "lucern-cli-mcp-sdk",
|
|
1554
|
+
environmentPolicy: "environment_specific"
|
|
1555
|
+
},
|
|
1556
|
+
{
|
|
1557
|
+
kind: "vercel",
|
|
1558
|
+
target: "lucern-gateway",
|
|
1559
|
+
environmentPolicy: "environment_specific"
|
|
1560
|
+
},
|
|
1741
1561
|
{
|
|
1742
1562
|
kind: "github_actions",
|
|
1743
1563
|
target: "LucernAI/lucern",
|
|
1744
|
-
environmentPolicy: "
|
|
1564
|
+
environmentPolicy: "environment_specific"
|
|
1745
1565
|
},
|
|
1746
1566
|
{
|
|
1747
1567
|
kind: "operator_local",
|
|
1748
|
-
target: "
|
|
1749
|
-
environmentPolicy: "
|
|
1568
|
+
target: "lucern-repo",
|
|
1569
|
+
environmentPolicy: "environment_specific"
|
|
1750
1570
|
}
|
|
1751
1571
|
],
|
|
1752
|
-
description: "
|
|
1572
|
+
description: "Axiom ingest/query token for Lucern operational telemetry. Runtime code must treat it as write/query telemetry authority, not graph-state authority."
|
|
1753
1573
|
},
|
|
1754
1574
|
{
|
|
1755
|
-
id: "platform.
|
|
1756
|
-
canonicalName: "
|
|
1575
|
+
id: "platform.axiom.events-dataset",
|
|
1576
|
+
canonicalName: "LUCERN_AXIOM_EVENTS_DATASET",
|
|
1577
|
+
aliases: ["AXIOM_DATASET", "AXIOM_EVENTS_DATASET", "LUCERN_AXIOM_DATASET"],
|
|
1757
1578
|
owner: "provider",
|
|
1758
|
-
scope: "
|
|
1759
|
-
sourcePath: "/platform/
|
|
1760
|
-
environmentPolicy: "
|
|
1579
|
+
scope: "environment",
|
|
1580
|
+
sourcePath: "/platform/observability",
|
|
1581
|
+
environmentPolicy: "environment_specific",
|
|
1761
1582
|
required: false,
|
|
1762
|
-
secret:
|
|
1583
|
+
secret: false,
|
|
1763
1584
|
public: false,
|
|
1764
|
-
consumers: [
|
|
1585
|
+
consumers: [
|
|
1586
|
+
"lucern-cli",
|
|
1587
|
+
"lucern-gateway",
|
|
1588
|
+
"lucern-sdk",
|
|
1589
|
+
"lucern-mcp",
|
|
1590
|
+
"lucern-agent",
|
|
1591
|
+
"lucern-railway-pdp",
|
|
1592
|
+
"lucern-repo-ci",
|
|
1593
|
+
"lucern-observability"
|
|
1594
|
+
],
|
|
1765
1595
|
destinations: [
|
|
1766
1596
|
{
|
|
1767
|
-
kind: "
|
|
1768
|
-
target: "
|
|
1769
|
-
environmentPolicy: "
|
|
1770
|
-
}
|
|
1771
|
-
|
|
1597
|
+
kind: "runtime_fetch",
|
|
1598
|
+
target: "lucern-cli-mcp-sdk",
|
|
1599
|
+
environmentPolicy: "environment_specific"
|
|
1600
|
+
},
|
|
1601
|
+
{
|
|
1602
|
+
kind: "vercel",
|
|
1603
|
+
target: "lucern-gateway",
|
|
1604
|
+
environmentPolicy: "environment_specific"
|
|
1605
|
+
},
|
|
1606
|
+
{
|
|
1607
|
+
kind: "github_actions",
|
|
1608
|
+
target: "LucernAI/lucern",
|
|
1609
|
+
environmentPolicy: "environment_specific"
|
|
1610
|
+
},
|
|
1611
|
+
{
|
|
1612
|
+
kind: "operator_local",
|
|
1613
|
+
target: "lucern-repo",
|
|
1614
|
+
environmentPolicy: "environment_specific"
|
|
1615
|
+
}
|
|
1616
|
+
],
|
|
1617
|
+
description: "Primary Axiom event dataset for non-sensitive CLI, gateway, SDK retry, PDP, deploy, and agent-run telemetry."
|
|
1618
|
+
},
|
|
1619
|
+
{
|
|
1620
|
+
id: "platform.axiom.logs-dataset",
|
|
1621
|
+
canonicalName: "LUCERN_AXIOM_LOGS_DATASET",
|
|
1622
|
+
aliases: ["AXIOM_LOGS_DATASET"],
|
|
1623
|
+
owner: "provider",
|
|
1624
|
+
scope: "environment",
|
|
1625
|
+
sourcePath: "/platform/observability",
|
|
1626
|
+
environmentPolicy: "environment_specific",
|
|
1627
|
+
required: false,
|
|
1628
|
+
secret: false,
|
|
1629
|
+
public: false,
|
|
1630
|
+
consumers: ["lucern-observability", "lucern-gateway", "lucern-repo-ci"],
|
|
1631
|
+
destinations: [
|
|
1632
|
+
{
|
|
1633
|
+
kind: "runtime_fetch",
|
|
1634
|
+
target: "lucern-cli-mcp-sdk",
|
|
1635
|
+
environmentPolicy: "environment_specific"
|
|
1636
|
+
},
|
|
1637
|
+
{
|
|
1638
|
+
kind: "vercel",
|
|
1639
|
+
target: "lucern-gateway",
|
|
1640
|
+
environmentPolicy: "environment_specific"
|
|
1641
|
+
},
|
|
1642
|
+
{
|
|
1643
|
+
kind: "github_actions",
|
|
1644
|
+
target: "LucernAI/lucern",
|
|
1645
|
+
environmentPolicy: "environment_specific"
|
|
1646
|
+
}
|
|
1647
|
+
],
|
|
1648
|
+
description: "Axiom OpenTelemetry log dataset for Lucern services."
|
|
1649
|
+
},
|
|
1650
|
+
{
|
|
1651
|
+
id: "platform.axiom.traces-dataset",
|
|
1652
|
+
canonicalName: "LUCERN_AXIOM_TRACES_DATASET",
|
|
1653
|
+
aliases: ["AXIOM_TRACES_DATASET"],
|
|
1654
|
+
owner: "provider",
|
|
1655
|
+
scope: "environment",
|
|
1656
|
+
sourcePath: "/platform/observability",
|
|
1657
|
+
environmentPolicy: "environment_specific",
|
|
1658
|
+
required: false,
|
|
1659
|
+
secret: false,
|
|
1660
|
+
public: false,
|
|
1661
|
+
consumers: ["lucern-observability", "lucern-gateway", "lucern-repo-ci"],
|
|
1662
|
+
destinations: [
|
|
1663
|
+
{
|
|
1664
|
+
kind: "runtime_fetch",
|
|
1665
|
+
target: "lucern-cli-mcp-sdk",
|
|
1666
|
+
environmentPolicy: "environment_specific"
|
|
1667
|
+
},
|
|
1668
|
+
{
|
|
1669
|
+
kind: "vercel",
|
|
1670
|
+
target: "lucern-gateway",
|
|
1671
|
+
environmentPolicy: "environment_specific"
|
|
1672
|
+
},
|
|
1673
|
+
{
|
|
1674
|
+
kind: "github_actions",
|
|
1675
|
+
target: "LucernAI/lucern",
|
|
1676
|
+
environmentPolicy: "environment_specific"
|
|
1677
|
+
}
|
|
1678
|
+
],
|
|
1679
|
+
description: "Axiom OpenTelemetry trace dataset for Lucern services."
|
|
1680
|
+
},
|
|
1681
|
+
{
|
|
1682
|
+
id: "platform.axiom.metrics-dataset",
|
|
1683
|
+
canonicalName: "LUCERN_AXIOM_METRICS_DATASET",
|
|
1684
|
+
aliases: ["AXIOM_METRICS_DATASET"],
|
|
1685
|
+
owner: "provider",
|
|
1686
|
+
scope: "environment",
|
|
1687
|
+
sourcePath: "/platform/observability",
|
|
1688
|
+
environmentPolicy: "environment_specific",
|
|
1689
|
+
required: false,
|
|
1690
|
+
secret: false,
|
|
1691
|
+
public: false,
|
|
1692
|
+
consumers: ["lucern-observability", "lucern-gateway", "lucern-repo-ci"],
|
|
1693
|
+
destinations: [
|
|
1694
|
+
{
|
|
1695
|
+
kind: "runtime_fetch",
|
|
1696
|
+
target: "lucern-cli-mcp-sdk",
|
|
1697
|
+
environmentPolicy: "environment_specific"
|
|
1698
|
+
},
|
|
1699
|
+
{
|
|
1700
|
+
kind: "vercel",
|
|
1701
|
+
target: "lucern-gateway",
|
|
1702
|
+
environmentPolicy: "environment_specific"
|
|
1703
|
+
},
|
|
1704
|
+
{
|
|
1705
|
+
kind: "github_actions",
|
|
1706
|
+
target: "LucernAI/lucern",
|
|
1707
|
+
environmentPolicy: "environment_specific"
|
|
1708
|
+
}
|
|
1709
|
+
],
|
|
1710
|
+
description: "Axiom OpenTelemetry metric dataset for Lucern services."
|
|
1711
|
+
},
|
|
1712
|
+
{
|
|
1713
|
+
id: "platform.axiom.api-url",
|
|
1714
|
+
canonicalName: "LUCERN_AXIOM_API_URL",
|
|
1715
|
+
aliases: ["AXIOM_URL"],
|
|
1716
|
+
owner: "provider",
|
|
1717
|
+
scope: "environment",
|
|
1718
|
+
sourcePath: "/platform/observability",
|
|
1719
|
+
environmentPolicy: "environment_specific",
|
|
1720
|
+
required: false,
|
|
1721
|
+
secret: false,
|
|
1722
|
+
public: false,
|
|
1723
|
+
consumers: [
|
|
1724
|
+
"lucern-cli",
|
|
1725
|
+
"lucern-gateway",
|
|
1726
|
+
"lucern-sdk",
|
|
1727
|
+
"lucern-mcp",
|
|
1728
|
+
"lucern-agent",
|
|
1729
|
+
"lucern-repo-ci"
|
|
1730
|
+
],
|
|
1731
|
+
destinations: [
|
|
1732
|
+
{
|
|
1733
|
+
kind: "runtime_fetch",
|
|
1734
|
+
target: "lucern-cli-mcp-sdk",
|
|
1735
|
+
environmentPolicy: "environment_specific"
|
|
1736
|
+
},
|
|
1737
|
+
{
|
|
1738
|
+
kind: "vercel",
|
|
1739
|
+
target: "lucern-gateway",
|
|
1740
|
+
environmentPolicy: "environment_specific"
|
|
1741
|
+
},
|
|
1742
|
+
{
|
|
1743
|
+
kind: "operator_local",
|
|
1744
|
+
target: "lucern-repo",
|
|
1745
|
+
environmentPolicy: "environment_specific"
|
|
1746
|
+
}
|
|
1747
|
+
],
|
|
1748
|
+
description: "Axiom API URL. Defaults to https://api.axiom.co when unset."
|
|
1749
|
+
},
|
|
1750
|
+
{
|
|
1751
|
+
id: "platform.axiom.otlp-endpoint",
|
|
1752
|
+
canonicalName: "OTEL_EXPORTER_OTLP_ENDPOINT",
|
|
1753
|
+
aliases: ["LUCERN_AXIOM_OTLP_ENDPOINT"],
|
|
1754
|
+
owner: "provider",
|
|
1755
|
+
scope: "environment",
|
|
1756
|
+
sourcePath: "/platform/observability",
|
|
1757
|
+
environmentPolicy: "environment_specific",
|
|
1758
|
+
required: false,
|
|
1759
|
+
secret: false,
|
|
1760
|
+
public: false,
|
|
1761
|
+
consumers: ["lucern-gateway", "lucern-railway-pdp", "lucern-observability"],
|
|
1762
|
+
destinations: [
|
|
1763
|
+
{
|
|
1764
|
+
kind: "vercel",
|
|
1765
|
+
target: "lucern-gateway",
|
|
1766
|
+
environmentPolicy: "environment_specific"
|
|
1767
|
+
},
|
|
1768
|
+
{
|
|
1769
|
+
kind: "operator_local",
|
|
1770
|
+
target: "lucern-repo",
|
|
1771
|
+
environmentPolicy: "environment_specific"
|
|
1772
|
+
}
|
|
1773
|
+
],
|
|
1774
|
+
description: "OTLP endpoint used by services that emit OpenTelemetry logs, metrics, and traces to Axiom."
|
|
1775
|
+
}
|
|
1776
|
+
];
|
|
1777
|
+
|
|
1778
|
+
// src/infisical-runtime.platform-automation-secrets.ts
|
|
1779
|
+
var PLATFORM_DEPLOY_AUTOMATION_SECRET_DEFINITIONS = [
|
|
1780
|
+
{
|
|
1781
|
+
id: "platform.deploy.vercel-token",
|
|
1782
|
+
canonicalName: "VERCEL_TOKEN",
|
|
1783
|
+
owner: "provider",
|
|
1784
|
+
scope: "global",
|
|
1785
|
+
sourcePath: "/platform/deploy/vercel",
|
|
1786
|
+
environmentPolicy: "same_all_environments",
|
|
1787
|
+
required: false,
|
|
1788
|
+
secret: true,
|
|
1789
|
+
public: false,
|
|
1790
|
+
consumers: ["lucern-repo-ci"],
|
|
1791
|
+
destinations: [
|
|
1792
|
+
{
|
|
1793
|
+
kind: "github_actions",
|
|
1794
|
+
target: "LucernAI/lucern",
|
|
1795
|
+
environmentPolicy: "same_all_environments"
|
|
1796
|
+
},
|
|
1797
|
+
{
|
|
1798
|
+
kind: "operator_local",
|
|
1799
|
+
target: "secret-sync-writer",
|
|
1800
|
+
environmentPolicy: "same_all_environments"
|
|
1801
|
+
}
|
|
1802
|
+
],
|
|
1803
|
+
description: "Vercel API token for the future reviewed live writer. Never copy into tenant apps."
|
|
1804
|
+
},
|
|
1805
|
+
{
|
|
1806
|
+
id: "platform.deploy.vercel-token.stack",
|
|
1807
|
+
canonicalName: "STACK_VERCEL_TOKEN",
|
|
1808
|
+
owner: "provider",
|
|
1809
|
+
scope: "global",
|
|
1810
|
+
sourcePath: "/platform/deploy/vercel",
|
|
1811
|
+
environmentPolicy: "same_all_environments",
|
|
1812
|
+
required: false,
|
|
1813
|
+
secret: true,
|
|
1814
|
+
public: false,
|
|
1815
|
+
consumers: ["lucern-repo-ci"],
|
|
1816
|
+
destinations: [
|
|
1817
|
+
{
|
|
1818
|
+
kind: "operator_local",
|
|
1819
|
+
target: "secret-sync-writer",
|
|
1820
|
+
environmentPolicy: "same_all_environments"
|
|
1821
|
+
}
|
|
1822
|
+
],
|
|
1772
1823
|
description: "Stack Vercel API token for manifest-scoped Stack tenant Vercel secret sync. Never copy into tenant apps."
|
|
1773
1824
|
},
|
|
1774
1825
|
{
|
|
@@ -2317,6 +2368,215 @@ var PLATFORM_LOCAL_OPERATOR_CONFIG_SECRET_DEFINITIONS = [
|
|
|
2317
2368
|
}
|
|
2318
2369
|
];
|
|
2319
2370
|
|
|
2371
|
+
// src/infisical-runtime.platform-ops-secrets.ts
|
|
2372
|
+
var PLATFORM_GRAPH_STORE_SECRET_DEFINITIONS = [
|
|
2373
|
+
{
|
|
2374
|
+
id: "platform.neo4j.uri",
|
|
2375
|
+
canonicalName: "NEO4J_URI",
|
|
2376
|
+
owner: "lucern_platform",
|
|
2377
|
+
scope: "environment",
|
|
2378
|
+
sourcePath: "/platform/graph/neo4j",
|
|
2379
|
+
environmentPolicy: "environment_specific",
|
|
2380
|
+
required: false,
|
|
2381
|
+
secret: false,
|
|
2382
|
+
public: false,
|
|
2383
|
+
consumers: ["lucern-graph-sync", "lucern-repo-ci"],
|
|
2384
|
+
destinations: [
|
|
2385
|
+
{
|
|
2386
|
+
kind: "runtime_fetch",
|
|
2387
|
+
target: "lucern-graph-sync",
|
|
2388
|
+
environmentPolicy: "environment_specific"
|
|
2389
|
+
},
|
|
2390
|
+
{
|
|
2391
|
+
kind: "github_actions",
|
|
2392
|
+
target: "LucernAI/lucern",
|
|
2393
|
+
environmentPolicy: "environment_specific"
|
|
2394
|
+
}
|
|
2395
|
+
],
|
|
2396
|
+
description: "Lucern-owned Neo4j URI for platform graph-sync surfaces."
|
|
2397
|
+
},
|
|
2398
|
+
{
|
|
2399
|
+
id: "platform.neo4j.user",
|
|
2400
|
+
canonicalName: "NEO4J_USER",
|
|
2401
|
+
aliases: ["NEO4J_USERNAME"],
|
|
2402
|
+
owner: "lucern_platform",
|
|
2403
|
+
scope: "environment",
|
|
2404
|
+
sourcePath: "/platform/graph/neo4j",
|
|
2405
|
+
environmentPolicy: "environment_specific",
|
|
2406
|
+
required: false,
|
|
2407
|
+
secret: false,
|
|
2408
|
+
public: false,
|
|
2409
|
+
consumers: ["lucern-graph-sync", "lucern-repo-ci"],
|
|
2410
|
+
destinations: [
|
|
2411
|
+
{
|
|
2412
|
+
kind: "runtime_fetch",
|
|
2413
|
+
target: "lucern-graph-sync",
|
|
2414
|
+
environmentPolicy: "environment_specific"
|
|
2415
|
+
},
|
|
2416
|
+
{
|
|
2417
|
+
kind: "github_actions",
|
|
2418
|
+
target: "LucernAI/lucern",
|
|
2419
|
+
environmentPolicy: "environment_specific"
|
|
2420
|
+
}
|
|
2421
|
+
],
|
|
2422
|
+
description: "Lucern-owned Neo4j username for platform graph-sync surfaces."
|
|
2423
|
+
},
|
|
2424
|
+
{
|
|
2425
|
+
id: "platform.neo4j.password",
|
|
2426
|
+
canonicalName: "NEO4J_PASSWORD",
|
|
2427
|
+
owner: "lucern_platform",
|
|
2428
|
+
scope: "environment",
|
|
2429
|
+
sourcePath: "/platform/graph/neo4j",
|
|
2430
|
+
environmentPolicy: "environment_specific",
|
|
2431
|
+
required: false,
|
|
2432
|
+
secret: true,
|
|
2433
|
+
public: false,
|
|
2434
|
+
consumers: ["lucern-graph-sync", "lucern-repo-ci"],
|
|
2435
|
+
destinations: [
|
|
2436
|
+
{
|
|
2437
|
+
kind: "runtime_fetch",
|
|
2438
|
+
target: "lucern-graph-sync",
|
|
2439
|
+
environmentPolicy: "environment_specific"
|
|
2440
|
+
},
|
|
2441
|
+
{
|
|
2442
|
+
kind: "github_actions",
|
|
2443
|
+
target: "LucernAI/lucern",
|
|
2444
|
+
environmentPolicy: "environment_specific"
|
|
2445
|
+
}
|
|
2446
|
+
],
|
|
2447
|
+
description: "Lucern-owned Neo4j password for platform graph-sync surfaces."
|
|
2448
|
+
},
|
|
2449
|
+
{
|
|
2450
|
+
id: "platform.neo4j.sync-secret",
|
|
2451
|
+
canonicalName: "NEO4J_SYNC_SECRET",
|
|
2452
|
+
owner: "lucern_platform",
|
|
2453
|
+
scope: "environment",
|
|
2454
|
+
sourcePath: "/platform/graph/neo4j",
|
|
2455
|
+
environmentPolicy: "environment_specific",
|
|
2456
|
+
required: false,
|
|
2457
|
+
secret: true,
|
|
2458
|
+
public: false,
|
|
2459
|
+
consumers: ["lucern-graph-sync", "lucern-repo-ci"],
|
|
2460
|
+
destinations: [
|
|
2461
|
+
{
|
|
2462
|
+
kind: "runtime_fetch",
|
|
2463
|
+
target: "lucern-graph-sync",
|
|
2464
|
+
environmentPolicy: "environment_specific"
|
|
2465
|
+
},
|
|
2466
|
+
{
|
|
2467
|
+
kind: "github_actions",
|
|
2468
|
+
target: "LucernAI/lucern",
|
|
2469
|
+
environmentPolicy: "environment_specific"
|
|
2470
|
+
}
|
|
2471
|
+
],
|
|
2472
|
+
description: "Shared secret protecting Lucern-owned graph-sync HTTP/query proxy calls."
|
|
2473
|
+
},
|
|
2474
|
+
{
|
|
2475
|
+
id: "platform.neo4j.database",
|
|
2476
|
+
canonicalName: "NEO4J_DATABASE",
|
|
2477
|
+
owner: "lucern_platform",
|
|
2478
|
+
scope: "environment",
|
|
2479
|
+
sourcePath: "/platform/graph/neo4j",
|
|
2480
|
+
environmentPolicy: "environment_specific",
|
|
2481
|
+
required: false,
|
|
2482
|
+
secret: false,
|
|
2483
|
+
public: false,
|
|
2484
|
+
consumers: ["lucern-graph-sync", "lucern-repo-ci"],
|
|
2485
|
+
destinations: [
|
|
2486
|
+
{
|
|
2487
|
+
kind: "runtime_fetch",
|
|
2488
|
+
target: "lucern-graph-sync",
|
|
2489
|
+
environmentPolicy: "environment_specific"
|
|
2490
|
+
},
|
|
2491
|
+
{
|
|
2492
|
+
kind: "github_actions",
|
|
2493
|
+
target: "LucernAI/lucern",
|
|
2494
|
+
environmentPolicy: "environment_specific"
|
|
2495
|
+
}
|
|
2496
|
+
],
|
|
2497
|
+
description: "Optional Neo4j database name for Lucern-owned graph-sync surfaces."
|
|
2498
|
+
}
|
|
2499
|
+
];
|
|
2500
|
+
var PLATFORM_VECTOR_STORE_SECRET_DEFINITIONS = [
|
|
2501
|
+
{
|
|
2502
|
+
id: "platform.pinecone.api-key",
|
|
2503
|
+
canonicalName: "PINECONE_API_KEY",
|
|
2504
|
+
owner: "lucern_platform",
|
|
2505
|
+
scope: "environment",
|
|
2506
|
+
sourcePath: "/platform/vector/pinecone",
|
|
2507
|
+
environmentPolicy: "environment_specific",
|
|
2508
|
+
required: false,
|
|
2509
|
+
secret: true,
|
|
2510
|
+
public: false,
|
|
2511
|
+
consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
|
|
2512
|
+
destinations: [
|
|
2513
|
+
{
|
|
2514
|
+
kind: "runtime_fetch",
|
|
2515
|
+
target: "lucern-ai-runtime",
|
|
2516
|
+
environmentPolicy: "environment_specific"
|
|
2517
|
+
},
|
|
2518
|
+
{
|
|
2519
|
+
kind: "github_actions",
|
|
2520
|
+
target: "LucernAI/lucern",
|
|
2521
|
+
environmentPolicy: "environment_specific"
|
|
2522
|
+
}
|
|
2523
|
+
],
|
|
2524
|
+
description: "Lucern-owned Pinecone API key for platform vector search."
|
|
2525
|
+
},
|
|
2526
|
+
{
|
|
2527
|
+
id: "platform.pinecone.index-name",
|
|
2528
|
+
canonicalName: "PINECONE_INDEX_NAME",
|
|
2529
|
+
aliases: ["PINECONE_INDEX"],
|
|
2530
|
+
owner: "lucern_platform",
|
|
2531
|
+
scope: "environment",
|
|
2532
|
+
sourcePath: "/platform/vector/pinecone",
|
|
2533
|
+
environmentPolicy: "environment_specific",
|
|
2534
|
+
required: false,
|
|
2535
|
+
secret: false,
|
|
2536
|
+
public: false,
|
|
2537
|
+
consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
|
|
2538
|
+
destinations: [
|
|
2539
|
+
{
|
|
2540
|
+
kind: "runtime_fetch",
|
|
2541
|
+
target: "lucern-ai-runtime",
|
|
2542
|
+
environmentPolicy: "environment_specific"
|
|
2543
|
+
},
|
|
2544
|
+
{
|
|
2545
|
+
kind: "github_actions",
|
|
2546
|
+
target: "LucernAI/lucern",
|
|
2547
|
+
environmentPolicy: "environment_specific"
|
|
2548
|
+
}
|
|
2549
|
+
],
|
|
2550
|
+
description: "Lucern-owned Pinecone index name."
|
|
2551
|
+
},
|
|
2552
|
+
{
|
|
2553
|
+
id: "platform.pinecone.host",
|
|
2554
|
+
canonicalName: "PINECONE_HOST",
|
|
2555
|
+
aliases: ["PINECONE_INDEX_HOST"],
|
|
2556
|
+
owner: "lucern_platform",
|
|
2557
|
+
scope: "environment",
|
|
2558
|
+
sourcePath: "/platform/vector/pinecone",
|
|
2559
|
+
environmentPolicy: "environment_specific",
|
|
2560
|
+
required: false,
|
|
2561
|
+
secret: false,
|
|
2562
|
+
public: false,
|
|
2563
|
+
consumers: ["lucern-ai-runtime", "lucern-repo-ci"],
|
|
2564
|
+
destinations: [
|
|
2565
|
+
{
|
|
2566
|
+
kind: "runtime_fetch",
|
|
2567
|
+
target: "lucern-ai-runtime",
|
|
2568
|
+
environmentPolicy: "environment_specific"
|
|
2569
|
+
},
|
|
2570
|
+
{
|
|
2571
|
+
kind: "github_actions",
|
|
2572
|
+
target: "LucernAI/lucern",
|
|
2573
|
+
environmentPolicy: "environment_specific"
|
|
2574
|
+
}
|
|
2575
|
+
],
|
|
2576
|
+
description: "Lucern-owned Pinecone host/index host."
|
|
2577
|
+
}
|
|
2578
|
+
];
|
|
2579
|
+
|
|
2320
2580
|
// src/infisical-runtime.tenant-secrets.ts
|
|
2321
2581
|
var TENANT_SHARED_SECRET_DEFINITION_TEMPLATES = [
|
|
2322
2582
|
{
|
|
@@ -3233,6 +3493,7 @@ var INFISICAL_SECRET_DEFINITIONS = [
|
|
|
3233
3493
|
...PLATFORM_GRAPH_STORE_SECRET_DEFINITIONS,
|
|
3234
3494
|
...PLATFORM_VECTOR_STORE_SECRET_DEFINITIONS,
|
|
3235
3495
|
...PLATFORM_SENTRY_SECRET_DEFINITIONS,
|
|
3496
|
+
...PLATFORM_AXIOM_SECRET_DEFINITIONS,
|
|
3236
3497
|
...PLATFORM_DEPLOY_AUTOMATION_SECRET_DEFINITIONS,
|
|
3237
3498
|
...PLATFORM_LOCAL_OPERATOR_CONFIG_SECRET_DEFINITIONS,
|
|
3238
3499
|
...TENANT_SHARED_SECRET_DEFINITIONS,
|