@cipherstash/protect-ffi 0.12.0 → 0.13.0-1

package/README.md

@@ -76,7 +76,11 @@ Initiate a dry run of a patch release of this library via GitHub Actions. This p
 
 #### `npm test`
 
-Runs the unit tests by calling `cargo test`. You can learn more about [adding tests to your Rust code](https://doc.rust-lang.org/book/ch11-01-writing-tests.html) from the [Rust book](https://doc.rust-lang.org/book/).
+Formats and lints Rust and TypeScript code.
+Also runs Rust tests.
+
+Note: `npm test` at project root does not run integration tests.
+For integration tests, see [below](#integration-tests).
 
 ## Project Layout
 
@@ -86,6 +90,7 @@ The directory structure of this project is:
 protect-ffi/
 ├── Cargo.toml
 ├── README.md
+├── integration-tests/
 ├── lib/
 ├── src/
 |   ├── index.mts
@@ -99,19 +104,53 @@ protect-ffi/
 └── target/
 ```
 
-| Entry          | Purpose                                                                                                                                  |
-|----------------|------------------------------------------------------------------------------------------------------------------------------------------|
-| `Cargo.toml`   | The Cargo [manifest file](https://doc.rust-lang.org/cargo/reference/manifest.html), which informs the `cargo` command.                   |
-| `README.md`    | This file.                                                                                                                               |
-| `lib/`         | The directory containing the generated output from [tsc](https://typescriptlang.org).                                                    |
-| `src/`         | The directory containing the TypeScript source files.                                                                                    |
-| `index.mts`    | Entry point for when this library is loaded via [ESM `import`](https://nodejs.org/api/esm.html#modules-ecmascript-modules) syntax.       |
-| `index.cts`    | Entry point for when this library is loaded via [CJS `require`](https://nodejs.org/api/modules.html#requireid).                          |
-| `crates/`      | The directory tree containing the Rust source code for the project.                                                                      |
-| `lib.rs`       | Entry point for the Rust source code.                                                                                                          |
-| `platforms/`   | The directory containing distributions of the binary addon backend for each platform supported by this library.                          |
-| `package.json` | The npm [manifest file](https://docs.npmjs.com/cli/v7/configuring-npm/package-json), which informs the `npm` command.                    |
-| `target/`      | Binary artifacts generated by the Rust build.                                                                                            |
+| Entry                | Purpose                                                                                                                            |
+| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------- |
+| `Cargo.toml`         | The Cargo [manifest file](https://doc.rust-lang.org/cargo/reference/manifest.html), which informs the `cargo` command.             |
+| `README.md`          | This file.                                                                                                                         |
+| `integration-tests/` | The directory containing integration tests.                                              |
+| `lib/`               | The directory containing the generated output from [tsc](https://typescriptlang.org).                                              |
+| `src/`               | The directory containing the TypeScript source files.                                                                              |
+| `index.mts`          | Entry point for when this library is loaded via [ESM `import`](https://nodejs.org/api/esm.html#modules-ecmascript-modules) syntax. |
+| `index.cts`          | Entry point for when this library is loaded via [CJS `require`](https://nodejs.org/api/modules.html#requireid).                    |
+| `crates/`            | The directory tree containing the Rust source code for the project.                                                                |
+| `lib.rs`             | Entry point for the Rust source code.                                                                                              |
+| `platforms/`         | The directory containing distributions of the binary addon backend for each platform supported by this library.                    |
+| `package.json`       | The npm [manifest file](https://docs.npmjs.com/cli/v7/configuring-npm/package-json), which informs the `npm` command.              |
+| `target/`            | Binary artifacts generated by the Rust build.                                                                                      |
+
+## Integration tests
+
+Integration tests live in the `./integration-tests` directory.
+These tests use the local build of Rust and JavaScript artifacts to test `@cipherstash/protect-ffi` as API consumers would.
+
+These tests rely on:
+
+- CipherStash to be configured (via `.toml` config or environment variables), and 
+- Environment variables for Postgres to be set
+
+Example environment variables:
+```
+CS_CLIENT_ID=
+CS_CLIENT_KEY=
+CS_CLIENT_ACCESS_KEY=
+CS_WORKSPACE_ID=
+PGPORT=5432
+PGDATABASE=cipherstash
+PGUSER=cipherstash
+PGPASSWORD=password
+PGHOST=localhost
+```
+
+To run integration tests:
+```
+npm run debug
+cd integration-tests
+docker compose up --detach --wait
+npm run eql:download
+npm run eql:install
+npm run test
+```
 
 ## Releasing
 
@@ -119,20 +158,22 @@ Releases are handled by GitHub Actions using a `workflow_dispatch` event trigger
 The [release workflow](./.github/workflows/release.yml) was generated by [Neon](https://neon-rs.dev/).
 
 The release workflow is responsible for:
+
 - Building and publishing the main `@cipherstash/protect-ffi` package as well as the native packages for each platform (e.g. `@cipherstash/protect-ffi-darwin-arm64`).
 - Creating the GitHub release.
 - Creating a Git tag for the version.
 
 To perform a release:
+
 1. Navigate to the ["Release" workflow page](https://github.com/cipherstash/protect-ffi/actions/workflows/release.yml) in GitHub.
 1. Click on "Run workflow".
 1. Select the branch to release from.
-Use the default of "main" unless you want to do a pre-release version or dry run from a branch.
+   Use the default of `main` unless you want to do a pre-release version or dry run from a branch.
 1. Select whether or not to do a dry run.
-Dry runs are useful for verifying that the build will succeed for all platforms before doing a full run with a publish.
+   Dry runs are useful for verifying that the build will succeed for all platforms before doing a full run with a publish.
 1. Choose a version to publish.
-The options are similar to [`npm version`](https://docs.npmjs.com/cli/v11/commands/npm-version).
-Select "custom" in the dropdown and fill in the "Custom version" text box if you want to use a semver string instead of the shorthand (patch, minor, major, etc.).
+   The options are similar to [`npm version`](https://docs.npmjs.com/cli/v11/commands/npm-version).
+   Select "custom" in the dropdown and fill in the "Custom version" text box if you want to use a semver string instead of the shorthand (patch, minor, major, etc.).
 1. Click "Run workflow".
 
 Note that we currently don't have any automation around release notes or a changelog.

package/lib/index.cjs

@@ -1,76 +1,20 @@
 "use strict";
 // This module is the CJS entry point for the library.
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.newClient = newClient;
-exports.encrypt = encrypt;
+exports.decryptBulk = exports.newClient = exports.encryptBulk = exports.encrypt = void 0;
 exports.decrypt = decrypt;
-exports.encryptBulk = encryptBulk;
-exports.decryptBulk = decryptBulk;
-// The Rust addon.
-const addon = __importStar(require("./load.cjs"));
-function newClient(encryptSchema) {
-    return addon.newClient(encryptSchema);
-}
-function encrypt(client, plaintext, columnName, tableName, lockContext, ctsToken) {
-    if (ctsToken) {
-        return addon.encrypt(client, plaintext, columnName, tableName, lockContext, ctsToken);
-    }
-    if (lockContext) {
-        return addon.encrypt(client, plaintext, columnName, tableName, lockContext);
-    }
-    return addon.encrypt(client, plaintext, columnName, tableName);
-}
+var load_cjs_1 = require("./load.cjs");
+Object.defineProperty(exports, "encrypt", { enumerable: true, get: function () { return load_cjs_1.encrypt; } });
+Object.defineProperty(exports, "encryptBulk", { enumerable: true, get: function () { return load_cjs_1.encryptBulk; } });
+Object.defineProperty(exports, "newClient", { enumerable: true, get: function () { return load_cjs_1.newClient; } });
+Object.defineProperty(exports, "decryptBulk", { enumerable: true, get: function () { return load_cjs_1.decryptBulk; } });
+const load_cjs_2 = require("./load.cjs");
 function decrypt(client, ciphertext, lockContext, ctsToken) {
     if (ctsToken) {
-        return addon.decrypt(client, ciphertext, lockContext, ctsToken);
+        return (0, load_cjs_2.decrypt)(client, ciphertext, lockContext, ctsToken);
     }
     if (lockContext) {
-        return addon.decrypt(client, ciphertext, lockContext);
-    }
-    return addon.decrypt(client, ciphertext);
-}
-function encryptBulk(client, plaintextTargets, ctsToken) {
-    if (ctsToken) {
-        return addon.encryptBulk(client, plaintextTargets, ctsToken);
-    }
-    return addon.encryptBulk(client, plaintextTargets);
-}
-function decryptBulk(client, ciphertexts, ctsToken) {
-    if (ctsToken) {
-        return addon.decryptBulk(client, ciphertexts, ctsToken);
+        return (0, load_cjs_2.decrypt)(client, ciphertext, lockContext);
     }
-    return addon.decryptBulk(client, ciphertexts);
+    return (0, load_cjs_2.decrypt)(client, ciphertext);
 }

package/lib/index.d.cts

@@ -1,22 +1,20 @@
-import * as addon from './load.cjs';
+export { encrypt, encryptBulk, newClient, decryptBulk } from './load.cjs';
+declare const sym: unique symbol;
+export type Client = {
+    readonly [sym]: unknown;
+};
 declare module './load.cjs' {
-    interface Client {
-    }
-    function newClient(encryptSchema?: string): Promise<Client>;
-    function encrypt(client: Client, plaintext: string, columnName: string, tableName?: string, context?: Context, ctsToken?: CtsToken): Promise<string>;
+    function newClient(encryptSchema: string): Promise<Client>;
+    function encrypt(client: Client, plaintext: EncryptPayload, ctsToken?: CtsToken): Promise<Encrypted>;
     function decrypt(client: Client, ciphertext: string, context?: Context, ctsToken?: CtsToken): Promise<string>;
-    function encryptBulk(client: Client, plaintextTargets: BulkEncryptPayload[], ctsToken?: CtsToken): Promise<string[]>;
+    function encryptBulk(client: Client, plaintextTargets: EncryptPayload[], ctsToken?: CtsToken): Promise<Encrypted[]>;
     function decryptBulk(client: Client, ciphertexts: BulkDecryptPayload[], ctsToken?: CtsToken): Promise<string[]>;
 }
-export declare function newClient(encryptSchema?: string): Promise<addon.Client>;
-export declare function encrypt(client: addon.Client, plaintext: string, columnName: string, tableName?: string, lockContext?: Context, ctsToken?: CtsToken): Promise<string>;
-export declare function decrypt(client: addon.Client, ciphertext: string, lockContext?: Context, ctsToken?: CtsToken): Promise<string>;
-export declare function encryptBulk(client: addon.Client, plaintextTargets: BulkEncryptPayload[], ctsToken?: CtsToken): Promise<string[]>;
-export declare function decryptBulk(client: addon.Client, ciphertexts: BulkDecryptPayload[], ctsToken?: CtsToken): Promise<string[]>;
-export type BulkEncryptPayload = {
+export declare function decrypt(client: Client, ciphertext: string, lockContext?: Context, ctsToken?: CtsToken): Promise<string>;
+export type EncryptPayload = {
     plaintext: string;
     column: string;
-    table?: string;
+    table: string;
     lockContext?: Context;
 };
 export type BulkDecryptPayload = {
@@ -30,10 +28,15 @@ export type CtsToken = {
 export type Context = {
     identityClaim: string[];
 };
-export type EncryptedEqlPayload = {
+export type Encrypted = {
+    k: string;
     c: string;
+    o: string[] | null;
+    m: number[] | null;
+    u: string | null;
+    i: {
+        c: string;
+        t: string;
+    };
+    v: number;
 };
-export type BulkEncryptedEqlPayload = {
-    c: string;
-    id: string;
-}[];

package/package.json

@@ -1,10 +1,18 @@
 {
   "name": "@cipherstash/protect-ffi",
-  "version": "0.12.0",
+  "version": "0.13.0-1",
   "description": "",
   "main": "./lib/index.cjs",
   "scripts": {
-    "test": "tsc &&cargo test",
+    "test": "npm run test:typecheck && npm run test:lint && npm run test:format && npm run test:rust",
+    "test:typecheck": "tsc",
+    "test:rust": "cargo test",
+    "test:lint": "npm run test:lint:rust && npm run test:lint:ts",
+    "test:lint:ts": "biome lint",
+    "test:lint:rust": "cargo clippy --all --no-deps --all-targets --all-features -- -D warnings",
+    "test:format": "npm run test:format:rust && npm run test:format:ts",
+    "test:format:ts": "biome format",
+    "test:format:rust": "cargo fmt --check",
     "cargo-build": "tsc &&cargo build --message-format=json-render-diagnostics > cargo.log",
     "cross-build": "tsc &&cross build --message-format=json-render-diagnostics > cross.log",
     "postcargo-build": "neon dist < cargo.log",
@@ -43,6 +51,7 @@
     "prefix": "protect-ffi-"
   },
   "devDependencies": {
+    "@biomejs/biome": "1.9.4",
     "@neon-rs/cli": "^0.1.82",
     "@tsconfig/node20": "^20.1.4",
     "@types/node": "^20.11.16",
@@ -52,10 +61,10 @@
     "@neon-rs/load": "^0.1.82"
   },
   "optionalDependencies": {
-    "@cipherstash/protect-ffi-win32-x64-msvc": "0.12.0",
-    "@cipherstash/protect-ffi-darwin-x64": "0.12.0",
-    "@cipherstash/protect-ffi-darwin-arm64": "0.12.0",
-    "@cipherstash/protect-ffi-linux-x64-gnu": "0.12.0",
-    "@cipherstash/protect-ffi-linux-arm64-gnu": "0.12.0"
+    "@cipherstash/protect-ffi-win32-x64-msvc": "0.13.0-1",
+    "@cipherstash/protect-ffi-darwin-x64": "0.13.0-1",
+    "@cipherstash/protect-ffi-darwin-arm64": "0.13.0-1",
+    "@cipherstash/protect-ffi-linux-x64-gnu": "0.13.0-1",
+    "@cipherstash/protect-ffi-linux-arm64-gnu": "0.13.0-1"
   }
 }