@cipherstash/protect-ffi 0.26.0 → 0.28.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.md +1 -1
- package/README.md +130 -14
- package/dist/wasm/protect_ffi_bg.js +53 -11
- package/dist/wasm/protect_ffi_bg.wasm +0 -0
- package/dist/wasm/protect_ffi_bg.wasm.d.ts +7 -7
- package/dist/wasm/protect_ffi_inline.js +1 -1
- package/lib/bigintWire.d.ts +56 -0
- package/lib/bigintWire.js +83 -0
- package/lib/eql-v3-types/Bigint.d.ts +13 -0
- package/lib/eql-v3-types/Bigint.js +2 -0
- package/lib/eql-v3-types/BigintEq.d.ts +15 -0
- package/lib/eql-v3-types/BigintEq.js +2 -0
- package/lib/eql-v3-types/BigintOrd.d.ts +15 -0
- package/lib/eql-v3-types/BigintOrd.js +2 -0
- package/lib/eql-v3-types/BigintOrdOpe.d.ts +15 -0
- package/lib/eql-v3-types/BigintOrdOpe.js +2 -0
- package/lib/eql-v3-types/BigintOrdOre.d.ts +15 -0
- package/lib/eql-v3-types/BigintOrdOre.js +2 -0
- package/lib/eql-v3-types/BloomFilter.d.ts +9 -0
- package/lib/eql-v3-types/BloomFilter.js +5 -0
- package/lib/eql-v3-types/Boolean.d.ts +13 -0
- package/lib/eql-v3-types/Boolean.js +2 -0
- package/lib/eql-v3-types/Ciphertext.d.ts +6 -0
- package/lib/eql-v3-types/Ciphertext.js +5 -0
- package/lib/eql-v3-types/Date.d.ts +13 -0
- package/lib/eql-v3-types/Date.js +2 -0
- package/lib/eql-v3-types/DateEq.d.ts +15 -0
- package/lib/eql-v3-types/DateEq.js +2 -0
- package/lib/eql-v3-types/DateOrd.d.ts +15 -0
- package/lib/eql-v3-types/DateOrd.js +2 -0
- package/lib/eql-v3-types/DateOrdOpe.d.ts +15 -0
- package/lib/eql-v3-types/DateOrdOpe.js +2 -0
- package/lib/eql-v3-types/DateOrdOre.d.ts +15 -0
- package/lib/eql-v3-types/DateOrdOre.js +2 -0
- package/lib/eql-v3-types/Double.d.ts +13 -0
- package/lib/eql-v3-types/Double.js +2 -0
- package/lib/eql-v3-types/DoubleEq.d.ts +15 -0
- package/lib/eql-v3-types/DoubleEq.js +2 -0
- package/lib/eql-v3-types/DoubleOrd.d.ts +15 -0
- package/lib/eql-v3-types/DoubleOrd.js +2 -0
- package/lib/eql-v3-types/DoubleOrdOpe.d.ts +15 -0
- package/lib/eql-v3-types/DoubleOrdOpe.js +2 -0
- package/lib/eql-v3-types/DoubleOrdOre.d.ts +15 -0
- package/lib/eql-v3-types/DoubleOrdOre.js +2 -0
- package/lib/eql-v3-types/Hmac256.d.ts +5 -0
- package/lib/eql-v3-types/Hmac256.js +5 -0
- package/lib/eql-v3-types/Identifier.d.ts +15 -0
- package/lib/eql-v3-types/Identifier.js +5 -0
- package/lib/eql-v3-types/Integer.d.ts +13 -0
- package/lib/eql-v3-types/Integer.js +2 -0
- package/lib/eql-v3-types/IntegerEq.d.ts +15 -0
- package/lib/eql-v3-types/IntegerEq.js +2 -0
- package/lib/eql-v3-types/IntegerOrd.d.ts +15 -0
- package/lib/eql-v3-types/IntegerOrd.js +2 -0
- package/lib/eql-v3-types/IntegerOrdOpe.d.ts +15 -0
- package/lib/eql-v3-types/IntegerOrdOpe.js +2 -0
- package/lib/eql-v3-types/IntegerOrdOre.d.ts +15 -0
- package/lib/eql-v3-types/IntegerOrdOre.js +2 -0
- package/lib/eql-v3-types/Numeric.d.ts +13 -0
- package/lib/eql-v3-types/Numeric.js +2 -0
- package/lib/eql-v3-types/NumericEq.d.ts +15 -0
- package/lib/eql-v3-types/NumericEq.js +2 -0
- package/lib/eql-v3-types/NumericOrd.d.ts +15 -0
- package/lib/eql-v3-types/NumericOrd.js +2 -0
- package/lib/eql-v3-types/NumericOrdOpe.d.ts +15 -0
- package/lib/eql-v3-types/NumericOrdOpe.js +2 -0
- package/lib/eql-v3-types/NumericOrdOre.d.ts +15 -0
- package/lib/eql-v3-types/NumericOrdOre.js +2 -0
- package/lib/eql-v3-types/OpeCllw.d.ts +9 -0
- package/lib/eql-v3-types/OpeCllw.js +5 -0
- package/lib/eql-v3-types/OreBlock256.d.ts +9 -0
- package/lib/eql-v3-types/OreBlock256.js +5 -0
- package/lib/eql-v3-types/OreCllw.d.ts +7 -0
- package/lib/eql-v3-types/OreCllw.js +5 -0
- package/lib/eql-v3-types/Real.d.ts +13 -0
- package/lib/eql-v3-types/Real.js +2 -0
- package/lib/eql-v3-types/RealEq.d.ts +15 -0
- package/lib/eql-v3-types/RealEq.js +2 -0
- package/lib/eql-v3-types/RealOrd.d.ts +15 -0
- package/lib/eql-v3-types/RealOrd.js +2 -0
- package/lib/eql-v3-types/RealOrdOpe.d.ts +15 -0
- package/lib/eql-v3-types/RealOrdOpe.js +2 -0
- package/lib/eql-v3-types/RealOrdOre.d.ts +15 -0
- package/lib/eql-v3-types/RealOrdOre.js +2 -0
- package/lib/eql-v3-types/SchemaVersion.d.ts +10 -0
- package/lib/eql-v3-types/SchemaVersion.js +5 -0
- package/lib/eql-v3-types/Selector.d.ts +5 -0
- package/lib/eql-v3-types/Selector.js +5 -0
- package/lib/eql-v3-types/Smallint.d.ts +13 -0
- package/lib/eql-v3-types/Smallint.js +2 -0
- package/lib/eql-v3-types/SmallintEq.d.ts +15 -0
- package/lib/eql-v3-types/SmallintEq.js +2 -0
- package/lib/eql-v3-types/SmallintOrd.d.ts +15 -0
- package/lib/eql-v3-types/SmallintOrd.js +2 -0
- package/lib/eql-v3-types/SmallintOrdOpe.d.ts +15 -0
- package/lib/eql-v3-types/SmallintOrdOpe.js +2 -0
- package/lib/eql-v3-types/SmallintOrdOre.d.ts +15 -0
- package/lib/eql-v3-types/SmallintOrdOre.js +2 -0
- package/lib/eql-v3-types/SteVecDocument.d.ts +15 -0
- package/lib/eql-v3-types/SteVecDocument.js +2 -0
- package/lib/eql-v3-types/SteVecEntry.d.ts +19 -0
- package/lib/eql-v3-types/SteVecEntry.js +2 -0
- package/lib/eql-v3-types/SteVecForm.d.ts +18 -0
- package/lib/eql-v3-types/SteVecForm.js +5 -0
- package/lib/eql-v3-types/SteVecQuery.d.ts +7 -0
- package/lib/eql-v3-types/SteVecQuery.js +2 -0
- package/lib/eql-v3-types/SteVecQueryEntry.d.ts +15 -0
- package/lib/eql-v3-types/SteVecQueryEntry.js +2 -0
- package/lib/eql-v3-types/SteVecTerm.d.ts +11 -0
- package/lib/eql-v3-types/SteVecTerm.js +2 -0
- package/lib/eql-v3-types/Text.d.ts +13 -0
- package/lib/eql-v3-types/Text.js +2 -0
- package/lib/eql-v3-types/TextEq.d.ts +15 -0
- package/lib/eql-v3-types/TextEq.js +2 -0
- package/lib/eql-v3-types/TextMatch.d.ts +15 -0
- package/lib/eql-v3-types/TextMatch.js +2 -0
- package/lib/eql-v3-types/TextOrd.d.ts +17 -0
- package/lib/eql-v3-types/TextOrd.js +2 -0
- package/lib/eql-v3-types/TextOrdOpe.d.ts +17 -0
- package/lib/eql-v3-types/TextOrdOpe.js +2 -0
- package/lib/eql-v3-types/TextOrdOre.d.ts +17 -0
- package/lib/eql-v3-types/TextOrdOre.js +2 -0
- package/lib/eql-v3-types/TextSearch.d.ts +19 -0
- package/lib/eql-v3-types/TextSearch.js +2 -0
- package/lib/eql-v3-types/Timestamp.d.ts +13 -0
- package/lib/eql-v3-types/Timestamp.js +2 -0
- package/lib/eql-v3-types/TimestampEq.d.ts +15 -0
- package/lib/eql-v3-types/TimestampEq.js +2 -0
- package/lib/eql-v3-types/TimestampOrd.d.ts +15 -0
- package/lib/eql-v3-types/TimestampOrd.js +2 -0
- package/lib/eql-v3-types/TimestampOrdOpe.d.ts +15 -0
- package/lib/eql-v3-types/TimestampOrdOpe.js +2 -0
- package/lib/eql-v3-types/TimestampOrdOre.d.ts +15 -0
- package/lib/eql-v3-types/TimestampOrdOre.js +2 -0
- package/lib/eql-v3.d.ts +90 -0
- package/lib/eql-v3.js +6 -0
- package/lib/errors.d.ts +14 -0
- package/lib/errors.js +77 -0
- package/lib/index.cjs +43 -63
- package/lib/index.d.cts +86 -25
- package/lib/normalizeEncryptConfig.d.ts +1 -1
- package/package.json +12 -12
package/lib/index.d.cts
CHANGED
|
@@ -1,34 +1,26 @@
|
|
|
1
1
|
import { type CredentialOpts } from './credentials.js';
|
|
2
2
|
import { type NativeEncryptConfig } from './normalizeEncryptConfig.js';
|
|
3
3
|
export { withEnvCredentials, type EnvReader, type CredentialOpts, } from './credentials.js';
|
|
4
|
+
export * from './eql-v3.js';
|
|
5
|
+
import type { EncryptedV3, EncryptedV3Query } from './eql-v3.js';
|
|
6
|
+
import { type ProtectErrorCode } from './errors.js';
|
|
7
|
+
export { ProtectError, type ProtectErrorCode } from './errors.js';
|
|
4
8
|
declare const sym: unique symbol;
|
|
5
9
|
export type Client = {
|
|
6
10
|
readonly [sym]: unknown;
|
|
7
11
|
};
|
|
8
12
|
declare module './load.cjs' {
|
|
9
13
|
function newClient(opts: NativeNewClientOptions, strategy?: AuthStrategy): Promise<Client>;
|
|
10
|
-
function encrypt(client: Client, opts: EncryptOptions): Promise<
|
|
14
|
+
function encrypt(client: Client, opts: EncryptOptions): Promise<EncryptedPayload>;
|
|
11
15
|
function decrypt(client: Client, opts: DecryptOptions): Promise<JsPlaintext>;
|
|
12
16
|
function isEncrypted(encrypted: unknown): boolean;
|
|
13
|
-
function encryptBulk(client: Client, opts: EncryptBulkOptions): Promise<
|
|
17
|
+
function encryptBulk(client: Client, opts: EncryptBulkOptions): Promise<EncryptedPayload[]>;
|
|
14
18
|
function decryptBulk(client: Client, opts: DecryptBulkOptions): Promise<JsPlaintext[]>;
|
|
15
19
|
function decryptBulkFallible(client: Client, opts: DecryptBulkOptions): Promise<DecryptResult[]>;
|
|
16
|
-
function encryptQuery(client: Client, opts: EncryptQueryOptions): Promise<Encrypted | EncryptedQuery>;
|
|
17
|
-
function encryptQueryBulk(client: Client, opts: EncryptQueryBulkOptions): Promise<(Encrypted | EncryptedQuery)[]>;
|
|
20
|
+
function encryptQuery(client: Client, opts: EncryptQueryOptions): Promise<Encrypted | EncryptedQuery | EncryptedV3Query>;
|
|
21
|
+
function encryptQueryBulk(client: Client, opts: EncryptQueryBulkOptions): Promise<(Encrypted | EncryptedQuery | EncryptedV3Query)[]>;
|
|
18
22
|
function ensureKeyset(opts: EnsureKeysetOpts): Promise<EnsureKeysetResult>;
|
|
19
23
|
}
|
|
20
|
-
export type ProtectErrorCode = 'INVARIANT_VIOLATION' | 'UNKNOWN_QUERY_OP' | 'UNKNOWN_COLUMN' | 'MISSING_INDEX' | 'INVALID_QUERY_INPUT' | 'INVALID_JSON_PATH' | 'STE_VEC_REQUIRES_JSON_CAST_AS' | 'MATCH_REQUIRES_TEXT' | 'UNSUPPORTED_CONFIG_VERSION' | 'UNKNOWN';
|
|
21
|
-
export declare class ProtectError extends Error {
|
|
22
|
-
code: ProtectErrorCode;
|
|
23
|
-
details?: unknown;
|
|
24
|
-
cause?: unknown;
|
|
25
|
-
constructor(opts: {
|
|
26
|
-
code: ProtectErrorCode;
|
|
27
|
-
message: string;
|
|
28
|
-
details?: unknown;
|
|
29
|
-
cause?: unknown;
|
|
30
|
-
});
|
|
31
|
-
}
|
|
32
24
|
export type DecryptResult = {
|
|
33
25
|
data: JsPlaintext;
|
|
34
26
|
} | {
|
|
@@ -36,14 +28,35 @@ export type DecryptResult = {
|
|
|
36
28
|
code?: ProtectErrorCode;
|
|
37
29
|
};
|
|
38
30
|
export declare function newClient(opts: NewClientOptions): Promise<Client>;
|
|
39
|
-
export declare function encrypt(client: Client, opts: EncryptOptions): Promise<
|
|
31
|
+
export declare function encrypt(client: Client, opts: EncryptOptions): Promise<EncryptedPayload>;
|
|
40
32
|
export declare function decrypt(client: Client, opts: DecryptOptions): Promise<JsPlaintext>;
|
|
33
|
+
/**
|
|
34
|
+
* True when `encrypted` is a stored EQL payload in EITHER wire format:
|
|
35
|
+
* an EQL v2.3 payload (`k: "ct"` / `k: "sv"`) or an EQL v3 payload
|
|
36
|
+
* (`{v: 3, i, c}` scalar or `{v: 3, k: "sv", i, sv}` SteVec document).
|
|
37
|
+
* Query payloads (including the v3 containment needle) are not stored
|
|
38
|
+
* payloads and return false.
|
|
39
|
+
*/
|
|
41
40
|
export declare function isEncrypted(encrypted: unknown): boolean;
|
|
42
|
-
export declare function encryptBulk(client: Client, opts: EncryptBulkOptions): Promise<
|
|
41
|
+
export declare function encryptBulk(client: Client, opts: EncryptBulkOptions): Promise<EncryptedPayload[]>;
|
|
43
42
|
export declare function decryptBulk(client: Client, opts: DecryptBulkOptions): Promise<JsPlaintext[]>;
|
|
44
43
|
export declare function decryptBulkFallible(client: Client, opts: DecryptBulkOptions): Promise<DecryptResult[]>;
|
|
45
|
-
|
|
46
|
-
|
|
44
|
+
/**
|
|
45
|
+
* Encrypt a query term.
|
|
46
|
+
*
|
|
47
|
+
* Under `eqlVersion: 2` (default) this returns the v2 shapes ({@link
|
|
48
|
+
* Encrypted} for JSON containment, {@link EncryptedQuery} otherwise).
|
|
49
|
+
*
|
|
50
|
+
* Under `eqlVersion: 3` only JSON containment queries are supported and
|
|
51
|
+
* return the `eql_v3.jsonb_query` needle ({@link EncryptedV3Query}). Scalar
|
|
52
|
+
* index queries (`unique` / `ore` / `ope` / `match`) and `ste_vec_selector`
|
|
53
|
+
* queries
|
|
54
|
+
* throw `EQL_V3_QUERY_UNSUPPORTED` — no EQL v3 scalar/selector query wire
|
|
55
|
+
* shape exists yet, so those queries require an `eqlVersion: 2` client.
|
|
56
|
+
*/
|
|
57
|
+
export declare function encryptQuery(client: Client, opts: EncryptQueryOptions): Promise<Encrypted | EncryptedQuery | EncryptedV3Query>;
|
|
58
|
+
/** Bulk variant of {@link encryptQuery} — same EQL v3 restrictions apply. */
|
|
59
|
+
export declare function encryptQueryBulk(client: Client, opts: EncryptQueryBulkOptions): Promise<(Encrypted | EncryptedQuery | EncryptedV3Query)[]>;
|
|
47
60
|
/**
|
|
48
61
|
* Test-only helper: ensures a keyset with the given name exists, creating it if necessary,
|
|
49
62
|
* and grants the current client access. Not safe for concurrent use — intended for
|
|
@@ -57,7 +70,7 @@ export type EncryptPayload = {
|
|
|
57
70
|
lockContext?: Context;
|
|
58
71
|
};
|
|
59
72
|
export type BulkDecryptPayload = {
|
|
60
|
-
ciphertext:
|
|
73
|
+
ciphertext: EncryptedPayload;
|
|
61
74
|
lockContext?: Context;
|
|
62
75
|
};
|
|
63
76
|
export type Context = {
|
|
@@ -79,6 +92,13 @@ export type Context = {
|
|
|
79
92
|
* ```
|
|
80
93
|
*/
|
|
81
94
|
export type Encrypted = EncryptedScalar | EncryptedSteVec;
|
|
95
|
+
/**
|
|
96
|
+
* A stored payload in EITHER wire format: EQL v2.3 ({@link Encrypted}) or
|
|
97
|
+
* EQL v3 ({@link EncryptedV3}). {@link encrypt} / {@link encryptBulk} return
|
|
98
|
+
* the format selected by the client's `eqlVersion`; {@link decrypt} accepts
|
|
99
|
+
* both regardless of `eqlVersion` (data-migration scenarios).
|
|
100
|
+
*/
|
|
101
|
+
export type EncryptedPayload = Encrypted | EncryptedV3;
|
|
82
102
|
/** Scalar EQL v2.3 storage payload (`k: "ct"`). */
|
|
83
103
|
export type EncryptedScalar = {
|
|
84
104
|
k: 'ct';
|
|
@@ -192,7 +212,7 @@ export type Column = {
|
|
|
192
212
|
cast_as?: CastAs;
|
|
193
213
|
indexes?: Indexes;
|
|
194
214
|
};
|
|
195
|
-
export type CastAs = 'bigint' | 'boolean' | 'date' | 'number' | 'string' | 'text' | 'timestamp' | 'json';
|
|
215
|
+
export type CastAs = 'bigint' | 'boolean' | 'date' | 'decimal' | 'int' | 'number' | 'small_int' | 'string' | 'text' | 'timestamp' | 'json';
|
|
196
216
|
type TablesOf<C extends EncryptConfig> = C['tables'];
|
|
197
217
|
export type Identifier<C extends EncryptConfig> = {
|
|
198
218
|
[T in keyof TablesOf<C>]: {
|
|
@@ -204,11 +224,13 @@ export type Identifier<C extends EncryptConfig> = {
|
|
|
204
224
|
}[keyof TablesOf<C>];
|
|
205
225
|
export type Indexes = {
|
|
206
226
|
ore?: OreIndexOpts;
|
|
227
|
+
ope?: OpeIndexOpts;
|
|
207
228
|
unique?: UniqueIndexOpts;
|
|
208
229
|
match?: MatchIndexOpts;
|
|
209
230
|
ste_vec?: SteVecIndexOpts;
|
|
210
231
|
};
|
|
211
232
|
export type OreIndexOpts = Record<string, never>;
|
|
233
|
+
export type OpeIndexOpts = Record<string, never>;
|
|
212
234
|
export type UniqueIndexOpts = {
|
|
213
235
|
token_filters?: TokenFilter[];
|
|
214
236
|
};
|
|
@@ -257,6 +279,21 @@ export type NewClientOptions = {
|
|
|
257
279
|
* AutoStrategy from env / profile / `clientOpts.creds`.
|
|
258
280
|
*/
|
|
259
281
|
strategy?: AuthStrategy;
|
|
282
|
+
/**
|
|
283
|
+
* EQL wire version this client emits. Defaults to `2` (the
|
|
284
|
+
* `eql_v2_encrypted` payload format).
|
|
285
|
+
*
|
|
286
|
+
* With `3`, {@link encrypt} / {@link encryptBulk} return {@link
|
|
287
|
+
* EncryptedV3} payloads for the `eql_v3` per-capability domains
|
|
288
|
+
* (`eql_v3.text_eq`, `eql_v3.integer_ord_ore`, `eql_v3.json`, …), derived
|
|
289
|
+
* from each column's `cast_as` + indexes. {@link decrypt} accepts BOTH
|
|
290
|
+
* formats regardless of this setting.
|
|
291
|
+
*
|
|
292
|
+
* v3 limitation: {@link encryptQuery} supports only JSON containment
|
|
293
|
+
* queries — scalar-index and selector queries throw
|
|
294
|
+
* `EQL_V3_QUERY_UNSUPPORTED` until a v3 scalar query wire shape exists.
|
|
295
|
+
*/
|
|
296
|
+
eqlVersion?: 2 | 3;
|
|
260
297
|
};
|
|
261
298
|
/**
|
|
262
299
|
* Auth strategy shape compatible with `@cipherstash/auth` strategies (e.g.
|
|
@@ -271,6 +308,7 @@ export type AuthStrategy = {
|
|
|
271
308
|
type NativeNewClientOptions = {
|
|
272
309
|
encryptConfig: NativeEncryptConfig;
|
|
273
310
|
clientOpts?: ClientOpts;
|
|
311
|
+
eqlVersion?: 2 | 3;
|
|
274
312
|
};
|
|
275
313
|
export type ClientOpts = CredentialOpts & {
|
|
276
314
|
keyset?: KeysetIdentifier;
|
|
@@ -287,7 +325,29 @@ export type EnsureKeysetResult = {
|
|
|
287
325
|
id: string;
|
|
288
326
|
name: string;
|
|
289
327
|
};
|
|
290
|
-
|
|
328
|
+
/**
|
|
329
|
+
* A plaintext value accepted by {@link encrypt} / {@link encryptBulk} /
|
|
330
|
+
* {@link encryptQuery} and returned by {@link decrypt} / {@link decryptBulk} /
|
|
331
|
+
* {@link decryptBulkFallible} (in the `data` arm of each result).
|
|
332
|
+
*
|
|
333
|
+
* `bigint` support (encrypted `cast_as: 'bigint'` columns store signed
|
|
334
|
+
* 64-bit integers):
|
|
335
|
+
*
|
|
336
|
+
* - **Input**: a top-level `bigint` plaintext is accepted alongside
|
|
337
|
+
* `number`. Values outside the i64 range (-2^63 to 2^63 - 1) throw a
|
|
338
|
+
* `RangeError` at the boundary — this covers index-term generation too,
|
|
339
|
+
* since terms derive from the same value. `number` inputs keep the
|
|
340
|
+
* existing exact-integer guard (fractional, non-finite, or beyond-2^53
|
|
341
|
+
* inexact values are rejected). `bigint` values nested inside JSON
|
|
342
|
+
* objects/arrays are NOT supported (JSON has no bigint) and throw a
|
|
343
|
+
* `TypeError` on both Neon and wasm — plaintexts follow
|
|
344
|
+
* `JSON.stringify` semantics on both platforms.
|
|
345
|
+
* - **Output** (BREAKING since the introduction of bigint support):
|
|
346
|
+
* decrypting a `cast_as: 'bigint'` column ALWAYS returns a `bigint`,
|
|
347
|
+
* even for values that fit in a JS number. Previous releases returned a
|
|
348
|
+
* `number`, silently losing precision beyond `Number.MAX_SAFE_INTEGER`.
|
|
349
|
+
*/
|
|
350
|
+
export type JsPlaintext = string | number | boolean | bigint | Record<string, unknown> | JsPlaintext[];
|
|
291
351
|
export type EncryptOptions = {
|
|
292
352
|
plaintext: JsPlaintext;
|
|
293
353
|
column: string;
|
|
@@ -300,7 +360,8 @@ export type EncryptBulkOptions = {
|
|
|
300
360
|
unverifiedContext?: Record<string, unknown>;
|
|
301
361
|
};
|
|
302
362
|
export type DecryptOptions = {
|
|
303
|
-
|
|
363
|
+
/** A stored payload in either wire format (EQL v2.3 or EQL v3). */
|
|
364
|
+
ciphertext: EncryptedPayload;
|
|
304
365
|
lockContext?: Context;
|
|
305
366
|
unverifiedContext?: Record<string, unknown>;
|
|
306
367
|
};
|
|
@@ -308,7 +369,7 @@ export type DecryptBulkOptions = {
|
|
|
308
369
|
ciphertexts: BulkDecryptPayload[];
|
|
309
370
|
unverifiedContext?: Record<string, unknown>;
|
|
310
371
|
};
|
|
311
|
-
export type IndexTypeName = 'ste_vec' | 'match' | 'ore' | 'unique';
|
|
372
|
+
export type IndexTypeName = 'ste_vec' | 'match' | 'ore' | 'ope' | 'unique';
|
|
312
373
|
export type QueryOpName = 'default' | 'ste_vec_selector' | 'ste_vec_term';
|
|
313
374
|
export type EncryptQueryOptions = {
|
|
314
375
|
plaintext: JsPlaintext;
|
|
@@ -6,7 +6,7 @@ import type { Column, EncryptConfig } from './index.cjs';
|
|
|
6
6
|
* their canonical equivalents (`text`, `float`, `big_int`) before being
|
|
7
7
|
* handed to the native side.
|
|
8
8
|
*/
|
|
9
|
-
export type NativeCastAs = 'text' | 'float' | 'big_int' | 'boolean' | 'date' | 'json' | 'timestamp';
|
|
9
|
+
export type NativeCastAs = 'text' | 'float' | 'big_int' | 'boolean' | 'date' | 'decimal' | 'int' | 'json' | 'small_int' | 'timestamp';
|
|
10
10
|
/** A column after normalization — `cast_as` is in the canonical vocabulary. */
|
|
11
11
|
export type NativeColumn = Omit<Column, 'cast_as'> & {
|
|
12
12
|
cast_as?: NativeCastAs;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cipherstash/protect-ffi",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.28.0",
|
|
4
4
|
"repository": {
|
|
5
5
|
"type": "git",
|
|
6
6
|
"url": "git+https://github.com/cipherstash/protectjs-ffi.git"
|
|
@@ -9,11 +9,11 @@
|
|
|
9
9
|
"url": "https://github.com/cipherstash/protectjs-ffi/issues"
|
|
10
10
|
},
|
|
11
11
|
"homepage": "https://github.com/cipherstash/protectjs-ffi#readme",
|
|
12
|
-
"description": "",
|
|
12
|
+
"description": "Native FFI bindings to the CipherStash Client SDK — powers @cipherstash/stack",
|
|
13
13
|
"main": "./lib/index.cjs",
|
|
14
14
|
"scripts": {
|
|
15
15
|
"test": "npm run test:typecheck && npm run test:unit && npm run test:lint && npm run test:format && npm run test:rust",
|
|
16
|
-
"test:typecheck": "tsc",
|
|
16
|
+
"test:typecheck": "tsc && tsc -p tsconfig.test.json",
|
|
17
17
|
"test:unit": "vitest run",
|
|
18
18
|
"test:rust": "cargo test",
|
|
19
19
|
"test:lint": "npm run test:lint:ts",
|
|
@@ -32,14 +32,14 @@
|
|
|
32
32
|
"cross": "npm run cross-build -- --release",
|
|
33
33
|
"zigbuild": "npm run zig-build -- --release",
|
|
34
34
|
"prepack": "tsc &&neon update",
|
|
35
|
-
"version": "neon bump --binaries platforms && git add .",
|
|
35
|
+
"version": "neon bump --binaries platforms && node scripts/changelog-release.mjs && git add .",
|
|
36
36
|
"release": "gh workflow run release.yml -f dryrun=false -f version=patch",
|
|
37
37
|
"dryrun": "gh workflow run release.yml -f dryrun=true -f version=patch",
|
|
38
38
|
"build:wasm": "wasm-pack build crates/protect-ffi --target bundler --out-dir ../../dist/wasm --no-pack",
|
|
39
39
|
"postbuild:wasm": "node scripts/inline-wasm.mjs"
|
|
40
40
|
},
|
|
41
|
-
"author": "",
|
|
42
|
-
"license": "
|
|
41
|
+
"author": "CipherStash <humans@cipherstash.com>",
|
|
42
|
+
"license": "MIT",
|
|
43
43
|
"exports": {
|
|
44
44
|
".": {
|
|
45
45
|
"node": {
|
|
@@ -103,11 +103,11 @@
|
|
|
103
103
|
"vite": "^8.0.5"
|
|
104
104
|
},
|
|
105
105
|
"optionalDependencies": {
|
|
106
|
-
"@cipherstash/protect-ffi-darwin-x64": "0.
|
|
107
|
-
"@cipherstash/protect-ffi-darwin-arm64": "0.
|
|
108
|
-
"@cipherstash/protect-ffi-win32-x64-msvc": "0.
|
|
109
|
-
"@cipherstash/protect-ffi-linux-x64-gnu": "0.
|
|
110
|
-
"@cipherstash/protect-ffi-linux-arm64-gnu": "0.
|
|
111
|
-
"@cipherstash/protect-ffi-linux-x64-musl": "0.
|
|
106
|
+
"@cipherstash/protect-ffi-darwin-x64": "0.28.0",
|
|
107
|
+
"@cipherstash/protect-ffi-darwin-arm64": "0.28.0",
|
|
108
|
+
"@cipherstash/protect-ffi-win32-x64-msvc": "0.28.0",
|
|
109
|
+
"@cipherstash/protect-ffi-linux-x64-gnu": "0.28.0",
|
|
110
|
+
"@cipherstash/protect-ffi-linux-arm64-gnu": "0.28.0",
|
|
111
|
+
"@cipherstash/protect-ffi-linux-x64-musl": "0.28.0"
|
|
112
112
|
}
|
|
113
113
|
}
|