npm - @cipherstash/protect-ffi - Versions diffs - 0.24.0 → 0.26.0 - Mend

@cipherstash/protect-ffi 0.24.0 → 0.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/wasm/protect_ffi.d.ts +4 -3
package/dist/wasm/protect_ffi_bg.js +20 -16
package/dist/wasm/protect_ffi_bg.wasm +0 -0
package/dist/wasm/protect_ffi_bg.wasm.d.ts +10 -10
package/dist/wasm/protect_ffi_inline.js +1 -1
package/lib/index.cjs +1 -1
package/lib/index.d.cts +17 -11
package/package.json +16 -8

package/lib/index.cjs CHANGED Viewed

@@ -126,7 +126,7 @@ function newClient(opts) {
     return wrapAsync(() => native.newClient({
         encryptConfig: (0, normalizeEncryptConfig_js_1.normalizeEncryptConfig)(opts.encryptConfig),
         clientOpts: (0, credentials_js_1.withEnvCredentials)(opts.clientOpts),
-    }));
+    }, opts.strategy));
 }
 function encrypt(client, opts) {
     return wrapAsync(() => native.encrypt(client, opts));

package/lib/index.d.cts CHANGED Viewed

@@ -6,7 +6,7 @@ export type Client = {
     readonly [sym]: unknown;
 };
 declare module './load.cjs' {
-    function newClient(opts: NativeNewClientOptions): Promise<Client>;
+    function newClient(opts: NativeNewClientOptions, strategy?: AuthStrategy): Promise<Client>;
     function encrypt(client: Client, opts: EncryptOptions): Promise<Encrypted>;
     function decrypt(client: Client, opts: DecryptOptions): Promise<JsPlaintext>;
     function isEncrypted(encrypted: unknown): boolean;
@@ -60,10 +60,6 @@ export type BulkDecryptPayload = {
     ciphertext: Encrypted;
     lockContext?: Context;
 };
-export type CtsToken = {
-    accessToken: string;
-    expiry: number;
-};
 export type Context = {
     identityClaim: string[];
 };
@@ -254,6 +250,22 @@ export type TokenFilter = {
 export type NewClientOptions = {
     encryptConfig: EncryptConfig;
     clientOpts?: ClientOpts;
+    /**
+     * Caller-supplied auth strategy. When provided, `getToken()` is invoked on
+     * every ZeroKMS request and `clientOpts.creds` is ignored for auth (the
+     * client key is still required). Without this, the native side builds an
+     * AutoStrategy from env / profile / `clientOpts.creds`.
+     */
+    strategy?: AuthStrategy;
+};
+/**
+ * Auth strategy shape compatible with `@cipherstash/auth` strategies (e.g.
+ * `AccessKeyStrategy`). Only `getToken` is required.
+ */
+export type AuthStrategy = {
+    getToken: () => Promise<{
+        token: string;
+    }>;
 };
 /** Options passed to the native `newClient` after vocabulary normalization. */
 type NativeNewClientOptions = {
@@ -281,23 +293,19 @@ export type EncryptOptions = {
     column: string;
     table: string;
     lockContext?: Context;
-    serviceToken?: CtsToken;
     unverifiedContext?: Record<string, unknown>;
 };
 export type EncryptBulkOptions = {
     plaintexts: EncryptPayload[];
-    serviceToken?: CtsToken;
     unverifiedContext?: Record<string, unknown>;
 };
 export type DecryptOptions = {
     ciphertext: Encrypted;
     lockContext?: Context;
-    serviceToken?: CtsToken;
     unverifiedContext?: Record<string, unknown>;
 };
 export type DecryptBulkOptions = {
     ciphertexts: BulkDecryptPayload[];
-    serviceToken?: CtsToken;
     unverifiedContext?: Record<string, unknown>;
 };
 export type IndexTypeName = 'ste_vec' | 'match' | 'ore' | 'unique';
@@ -309,7 +317,6 @@ export type EncryptQueryOptions = {
     indexType: IndexTypeName;
     queryOp?: QueryOpName;
     lockContext?: Context;
-    serviceToken?: CtsToken;
     unverifiedContext?: Record<string, unknown>;
 };
 export type QueryPayload = {
@@ -322,6 +329,5 @@ export type QueryPayload = {
 };
 export type EncryptQueryBulkOptions = {
     queries: QueryPayload[];
-    serviceToken?: CtsToken;
     unverifiedContext?: Record<string, unknown>;
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,14 @@
 {
   "name": "@cipherstash/protect-ffi",
-  "version": "0.24.0",
+  "version": "0.26.0",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/cipherstash/protectjs-ffi.git"
+  },
+  "bugs": {
+    "url": "https://github.com/cipherstash/protectjs-ffi/issues"
+  },
+  "homepage": "https://github.com/cipherstash/protectjs-ffi#readme",
   "description": "",
   "main": "./lib/index.cjs",
   "scripts": {
@@ -26,7 +34,7 @@
     "prepack": "tsc &&neon update",
     "version": "neon bump --binaries platforms && git add .",
     "release": "gh workflow run release.yml -f dryrun=false -f version=patch",
-    "dryrun": "gh workflow run publish.yml -f dryrun=true",
+    "dryrun": "gh workflow run release.yml -f dryrun=true -f version=patch",
     "build:wasm": "wasm-pack build crates/protect-ffi --target bundler --out-dir ../../dist/wasm --no-pack",
     "postbuild:wasm": "node scripts/inline-wasm.mjs"
   },
@@ -95,11 +103,11 @@
     "vite": "^8.0.5"
   },
   "optionalDependencies": {
-    "@cipherstash/protect-ffi-darwin-x64": "0.24.0",
-    "@cipherstash/protect-ffi-darwin-arm64": "0.24.0",
-    "@cipherstash/protect-ffi-win32-x64-msvc": "0.24.0",
-    "@cipherstash/protect-ffi-linux-x64-gnu": "0.24.0",
-    "@cipherstash/protect-ffi-linux-arm64-gnu": "0.24.0",
-    "@cipherstash/protect-ffi-linux-x64-musl": "0.24.0"
+    "@cipherstash/protect-ffi-darwin-x64": "0.26.0",
+    "@cipherstash/protect-ffi-darwin-arm64": "0.26.0",
+    "@cipherstash/protect-ffi-win32-x64-msvc": "0.26.0",
+    "@cipherstash/protect-ffi-linux-x64-gnu": "0.26.0",
+    "@cipherstash/protect-ffi-linux-arm64-gnu": "0.26.0",
+    "@cipherstash/protect-ffi-linux-x64-musl": "0.26.0"
   }
 }