@cipherstash/stack 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/README.md +10 -12
  3. package/dist/bin/stash.js +27 -12
  4. package/dist/bin/stash.js.map +1 -1
  5. package/dist/{chunk-SJ7JO4ME.js → chunk-5G4F4JJG.js} +1 -1
  6. package/dist/{chunk-SJ7JO4ME.js.map → chunk-5G4F4JJG.js.map} +1 -1
  7. package/dist/{chunk-2GZMIJFO.js → chunk-LHZ6KZIG.js} +29 -14
  8. package/dist/chunk-LHZ6KZIG.js.map +1 -0
  9. package/dist/{client-DtGq9dJp.d.ts → client-BV9pXC-d.d.ts} +30 -15
  10. package/dist/{client-BxJG56Ey.d.cts → client-D-ZH8SB2.d.cts} +30 -15
  11. package/dist/client.d.cts +2 -2
  12. package/dist/client.d.ts +2 -2
  13. package/dist/drizzle/index.cjs.map +1 -1
  14. package/dist/drizzle/index.d.cts +2 -2
  15. package/dist/drizzle/index.d.ts +2 -2
  16. package/dist/drizzle/index.js +1 -1
  17. package/dist/dynamodb/index.d.cts +2 -2
  18. package/dist/dynamodb/index.d.ts +2 -2
  19. package/dist/index.cjs +27 -12
  20. package/dist/index.cjs.map +1 -1
  21. package/dist/index.d.cts +3 -3
  22. package/dist/index.d.ts +3 -3
  23. package/dist/index.js +2 -2
  24. package/dist/schema/index.d.cts +1 -1
  25. package/dist/schema/index.d.ts +1 -1
  26. package/dist/secrets/index.cjs +27 -12
  27. package/dist/secrets/index.cjs.map +1 -1
  28. package/dist/secrets/index.d.cts +1 -1
  29. package/dist/secrets/index.d.ts +1 -1
  30. package/dist/secrets/index.js +2 -2
  31. package/dist/supabase/index.d.cts +2 -2
  32. package/dist/supabase/index.d.ts +2 -2
  33. package/dist/{types-public-BCj1L4fi.d.ts → types-public-Dfg-hkuQ.d.cts} +35 -11
  34. package/dist/{types-public-BCj1L4fi.d.cts → types-public-Dfg-hkuQ.d.ts} +35 -11
  35. package/dist/types-public.cjs.map +1 -1
  36. package/dist/types-public.d.cts +1 -1
  37. package/dist/types-public.d.ts +1 -1
  38. package/dist/types-public.js +1 -1
  39. package/package.json +1 -1
  40. package/dist/chunk-2GZMIJFO.js.map +0 -1
package/dist/secrets/index.d.cts CHANGED
@@ -1,4 +1,4 @@
1
- import { h as Encrypted } from '../types-public-BCj1L4fi.cjs';
1
+ import { i as Encrypted } from '../types-public-Dfg-hkuQ.cjs';
2
2
  import { Result } from '@byteslice/result';
3
3
  import 'zod';
4
4
  import 'evlog';
package/dist/secrets/index.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { h as Encrypted } from '../types-public-BCj1L4fi.js';
1
+ import { i as Encrypted } from '../types-public-Dfg-hkuQ.js';
2
2
  import { Result } from '@byteslice/result';
3
3
  import 'zod';
4
4
  import 'evlog';
package/dist/secrets/index.js CHANGED
@@ -1,10 +1,10 @@
1
1
  import {
2
2
  Encryption
3
- } from "../chunk-2GZMIJFO.js";
3
+ } from "../chunk-LHZ6KZIG.js";
4
4
  import {
5
5
  encryptedToPgComposite
6
6
  } from "../chunk-SUYMGQBY.js";
7
- import "../chunk-SJ7JO4ME.js";
7
+ import "../chunk-5G4F4JJG.js";
8
8
  import {
9
9
  extractWorkspaceIdFromCrn
10
10
  } from "../chunk-5DCT6YU2.js";
package/dist/supabase/index.d.cts CHANGED
@@ -1,6 +1,6 @@
1
- import { E as EncryptionClient, A as AuditConfig } from '../client-BxJG56Ey.cjs';
1
+ import { E as EncryptionClient, A as AuditConfig } from '../client-D-ZH8SB2.cjs';
2
2
  import { a as EncryptionError, d as LockContext } from '../index-9-Ya3fDK.cjs';
3
- import { d as ProtectTable, f as ProtectTableColumn } from '../types-public-BCj1L4fi.cjs';
3
+ import { d as ProtectTable, f as ProtectTableColumn } from '../types-public-Dfg-hkuQ.cjs';
4
4
  import '@byteslice/result';
5
5
  import '@cipherstash/protect-ffi';
6
6
  import 'zod';
package/dist/supabase/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
- import { E as EncryptionClient, A as AuditConfig } from '../client-DtGq9dJp.js';
1
+ import { E as EncryptionClient, A as AuditConfig } from '../client-BV9pXC-d.js';
2
2
  import { a as EncryptionError, d as LockContext } from '../index-9-Ya3fDK.js';
3
- import { d as ProtectTable, f as ProtectTableColumn } from '../types-public-BCj1L4fi.js';
3
+ import { d as ProtectTable, f as ProtectTableColumn } from '../types-public-Dfg-hkuQ.js';
4
4
  import '@byteslice/result';
5
5
  import '@cipherstash/protect-ffi';
6
6
  import 'zod';
package/dist/{types-public-BCj1L4fi.d.ts → types-public-Dfg-hkuQ.d.cts} RENAMED
@@ -92,6 +92,30 @@ type DecryptedFields<T> = {
92
92
  };
93
93
  /** Model with encrypted fields replaced by plaintext (decrypted) values */
94
94
  type Decrypted<T> = OtherFields<T> & DecryptedFields<T>;
95
+ /**
96
+ * Maps a plaintext model type to its encrypted form using the table schema.
97
+ *
98
+ * Fields whose keys match columns defined in `S` become `Encrypted`;
99
+ * all other fields retain their original types from `T`.
100
+ *
101
+ * When `S` is the widened `ProtectTableColumn` (e.g. when a user passes an
102
+ * explicit `<User>` type argument without specifying `S`), the type degrades
103
+ * gracefully to `T` — preserving backward compatibility.
104
+ *
105
+ * @typeParam T - The plaintext model type (e.g. `{ id: string; email: string }`)
106
+ * @typeParam S - The table schema column definition, inferred from the `table` argument
107
+ *
108
+ * @example
109
+ * ```typescript
110
+ * type User = { id: string; email: string }
111
+ * // With a schema that defines `email`:
112
+ * type Encrypted = EncryptedFromSchema<User, { email: ProtectColumn }>
113
+ * // => { id: string; email: Encrypted }
114
+ * ```
115
+ */
116
+ type EncryptedFromSchema<T, S extends ProtectTableColumn> = {
117
+ [K in keyof T]: [K] extends [keyof S] ? [S[K & keyof S]] extends [ProtectColumn | ProtectValue] ? Encrypted : T[K] : T[K];
118
+ };
95
119
  type BulkEncryptPayload = Array<{
96
120
  id?: string;
97
121
  plaintext: JsPlaintext | null;
@@ -339,7 +363,6 @@ declare const columnSchema: z.ZodDefault<z.ZodObject<{
339
363
  prefix: string;
340
364
  }>>;
341
365
  }, "strip", z.ZodTypeAny, {
342
- ore?: {} | undefined;
343
366
  match?: {
344
367
  token_filters?: {
345
368
  kind: "downcase";
@@ -354,6 +377,7 @@ declare const columnSchema: z.ZodDefault<z.ZodObject<{
354
377
  m?: number | undefined;
355
378
  include_original?: boolean | undefined;
356
379
  } | undefined;
380
+ ore?: {} | undefined;
357
381
  unique?: {
358
382
  token_filters?: {
359
383
  kind: "downcase";
@@ -363,7 +387,6 @@ declare const columnSchema: z.ZodDefault<z.ZodObject<{
363
387
  prefix: string;
364
388
  } | undefined;
365
389
  }, {
366
- ore?: {} | undefined;
367
390
  match?: {
368
391
  token_filters?: {
369
392
  kind: "downcase";
@@ -378,6 +401,7 @@ declare const columnSchema: z.ZodDefault<z.ZodObject<{
378
401
  m?: number | undefined;
379
402
  include_original?: boolean | undefined;
380
403
  } | undefined;
404
+ ore?: {} | undefined;
381
405
  unique?: {
382
406
  token_filters?: {
383
407
  kind: "downcase";
@@ -390,7 +414,6 @@ declare const columnSchema: z.ZodDefault<z.ZodObject<{
390
414
  }, "strip", z.ZodTypeAny, {
391
415
  cast_as: "string" | "number" | "bigint" | "boolean" | "date" | "json";
392
416
  indexes: {
393
- ore?: {} | undefined;
394
417
  match?: {
395
418
  token_filters?: {
396
419
  kind: "downcase";
@@ -405,6 +428,7 @@ declare const columnSchema: z.ZodDefault<z.ZodObject<{
405
428
  m?: number | undefined;
406
429
  include_original?: boolean | undefined;
407
430
  } | undefined;
431
+ ore?: {} | undefined;
408
432
  unique?: {
409
433
  token_filters?: {
410
434
  kind: "downcase";
@@ -417,7 +441,6 @@ declare const columnSchema: z.ZodDefault<z.ZodObject<{
417
441
  }, {
418
442
  cast_as?: "string" | "number" | "bigint" | "boolean" | "date" | "json" | undefined;
419
443
  indexes?: {
420
- ore?: {} | undefined;
421
444
  match?: {
422
445
  token_filters?: {
423
446
  kind: "downcase";
@@ -432,6 +455,7 @@ declare const columnSchema: z.ZodDefault<z.ZodObject<{
432
455
  m?: number | undefined;
433
456
  include_original?: boolean | undefined;
434
457
  } | undefined;
458
+ ore?: {} | undefined;
435
459
  unique?: {
436
460
  token_filters?: {
437
461
  kind: "downcase";
@@ -528,7 +552,6 @@ declare const encryptConfigSchema: z.ZodObject<{
528
552
  prefix: string;
529
553
  }>>;
530
554
  }, "strip", z.ZodTypeAny, {
531
- ore?: {} | undefined;
532
555
  match?: {
533
556
  token_filters?: {
534
557
  kind: "downcase";
@@ -543,6 +566,7 @@ declare const encryptConfigSchema: z.ZodObject<{
543
566
  m?: number | undefined;
544
567
  include_original?: boolean | undefined;
545
568
  } | undefined;
569
+ ore?: {} | undefined;
546
570
  unique?: {
547
571
  token_filters?: {
548
572
  kind: "downcase";
@@ -552,7 +576,6 @@ declare const encryptConfigSchema: z.ZodObject<{
552
576
  prefix: string;
553
577
  } | undefined;
554
578
  }, {
555
- ore?: {} | undefined;
556
579
  match?: {
557
580
  token_filters?: {
558
581
  kind: "downcase";
@@ -567,6 +590,7 @@ declare const encryptConfigSchema: z.ZodObject<{
567
590
  m?: number | undefined;
568
591
  include_original?: boolean | undefined;
569
592
  } | undefined;
593
+ ore?: {} | undefined;
570
594
  unique?: {
571
595
  token_filters?: {
572
596
  kind: "downcase";
@@ -579,7 +603,6 @@ declare const encryptConfigSchema: z.ZodObject<{
579
603
  }, "strip", z.ZodTypeAny, {
580
604
  cast_as: "string" | "number" | "bigint" | "boolean" | "date" | "json";
581
605
  indexes: {
582
- ore?: {} | undefined;
583
606
  match?: {
584
607
  token_filters?: {
585
608
  kind: "downcase";
@@ -594,6 +617,7 @@ declare const encryptConfigSchema: z.ZodObject<{
594
617
  m?: number | undefined;
595
618
  include_original?: boolean | undefined;
596
619
  } | undefined;
620
+ ore?: {} | undefined;
597
621
  unique?: {
598
622
  token_filters?: {
599
623
  kind: "downcase";
@@ -606,7 +630,6 @@ declare const encryptConfigSchema: z.ZodObject<{
606
630
  }, {
607
631
  cast_as?: "string" | "number" | "bigint" | "boolean" | "date" | "json" | undefined;
608
632
  indexes?: {
609
- ore?: {} | undefined;
610
633
  match?: {
611
634
  token_filters?: {
612
635
  kind: "downcase";
@@ -621,6 +644,7 @@ declare const encryptConfigSchema: z.ZodObject<{
621
644
  m?: number | undefined;
622
645
  include_original?: boolean | undefined;
623
646
  } | undefined;
647
+ ore?: {} | undefined;
624
648
  unique?: {
625
649
  token_filters?: {
626
650
  kind: "downcase";
@@ -636,7 +660,6 @@ declare const encryptConfigSchema: z.ZodObject<{
636
660
  tables: Record<string, Record<string, {
637
661
  cast_as: "string" | "number" | "bigint" | "boolean" | "date" | "json";
638
662
  indexes: {
639
- ore?: {} | undefined;
640
663
  match?: {
641
664
  token_filters?: {
642
665
  kind: "downcase";
@@ -651,6 +674,7 @@ declare const encryptConfigSchema: z.ZodObject<{
651
674
  m?: number | undefined;
652
675
  include_original?: boolean | undefined;
653
676
  } | undefined;
677
+ ore?: {} | undefined;
654
678
  unique?: {
655
679
  token_filters?: {
656
680
  kind: "downcase";
@@ -666,7 +690,6 @@ declare const encryptConfigSchema: z.ZodObject<{
666
690
  tables?: Record<string, Record<string, {
667
691
  cast_as?: "string" | "number" | "bigint" | "boolean" | "date" | "json" | undefined;
668
692
  indexes?: {
669
- ore?: {} | undefined;
670
693
  match?: {
671
694
  token_filters?: {
672
695
  kind: "downcase";
@@ -681,6 +704,7 @@ declare const encryptConfigSchema: z.ZodObject<{
681
704
  m?: number | undefined;
682
705
  include_original?: boolean | undefined;
683
706
  } | undefined;
707
+ ore?: {} | undefined;
684
708
  unique?: {
685
709
  token_filters?: {
686
710
  kind: "downcase";
@@ -1010,4 +1034,4 @@ declare function encryptedValue(valueName: string): ProtectValue;
1010
1034
  /** @internal */
1011
1035
  declare function buildEncryptConfig(...protectTables: Array<ProtectTable<ProtectTableColumn>>): EncryptConfig;
1012
1036
 
1013
- export { type EncryptedSearchTerm as A, type BulkDecryptedData as B, type CastAs as C, type Decrypted as D, type EncryptionClientConfig as E, type EncryptedFields as F, type OtherFields as G, type DecryptedFields as H, type InferPlaintext as I, type DecryptionResult as J, type KeysetIdentifier as K, type LoggingConfig as L, type MatchIndexOpts as M, queryTypes as N, type OreIndexOpts as O, ProtectColumn as P, type QueryTypeName as Q, type ScalarQueryTerm as S, type TokenFilter as T, type UniqueIndexOpts as U, encryptedColumn as a, encryptedValue as b, type InferEncrypted as c, ProtectTable as d, encryptedTable as e, type ProtectTableColumn as f, ProtectValue as g, type Encrypted as h, type EncryptedValue as i, type EncryptedQueryResult as j, type Client as k, type BulkDecryptPayload as l, type BulkEncryptedData as m, type BulkEncryptPayload as n, type EncryptOptions as o, type EncryptQueryOptions as p, type EncryptedReturnType as q, type EncryptConfig as r, castAsEnum as s, encryptConfigSchema as t, type SteVecIndexOpts as u, type ColumnSchema as v, buildEncryptConfig as w, type EncryptPayload as x, type ClientConfig as y, type SearchTerm as z };
1037
+ export { type SearchTerm as A, type BulkDecryptedData as B, type CastAs as C, type Decrypted as D, type EncryptionClientConfig as E, type EncryptedSearchTerm as F, type EncryptedFields as G, type OtherFields as H, type InferPlaintext as I, type DecryptedFields as J, type KeysetIdentifier as K, type DecryptionResult as L, type MatchIndexOpts as M, type LoggingConfig as N, type OreIndexOpts as O, ProtectColumn as P, type QueryTypeName as Q, queryTypes as R, type ScalarQueryTerm as S, type TokenFilter as T, type UniqueIndexOpts as U, encryptedColumn as a, encryptedValue as b, type InferEncrypted as c, ProtectTable as d, encryptedTable as e, type ProtectTableColumn as f, ProtectValue as g, type EncryptedFromSchema as h, type Encrypted as i, type EncryptedValue as j, type EncryptedQueryResult as k, type Client as l, type BulkDecryptPayload as m, type BulkEncryptedData as n, type BulkEncryptPayload as o, type EncryptOptions as p, type EncryptQueryOptions as q, type EncryptedReturnType as r, type EncryptConfig as s, castAsEnum as t, encryptConfigSchema as u, type SteVecIndexOpts as v, type ColumnSchema as w, buildEncryptConfig as x, type EncryptPayload as y, type ClientConfig as z };
package/dist/{types-public-BCj1L4fi.d.cts → types-public-Dfg-hkuQ.d.ts} RENAMED
@@ -92,6 +92,30 @@ type DecryptedFields<T> = {
92
92
  };
93
93
  /** Model with encrypted fields replaced by plaintext (decrypted) values */
94
94
  type Decrypted<T> = OtherFields<T> & DecryptedFields<T>;
95
+ /**
96
+ * Maps a plaintext model type to its encrypted form using the table schema.
97
+ *
98
+ * Fields whose keys match columns defined in `S` become `Encrypted`;
99
+ * all other fields retain their original types from `T`.
100
+ *
101
+ * When `S` is the widened `ProtectTableColumn` (e.g. when a user passes an
102
+ * explicit `<User>` type argument without specifying `S`), the type degrades
103
+ * gracefully to `T` — preserving backward compatibility.
104
+ *
105
+ * @typeParam T - The plaintext model type (e.g. `{ id: string; email: string }`)
106
+ * @typeParam S - The table schema column definition, inferred from the `table` argument
107
+ *
108
+ * @example
109
+ * ```typescript
110
+ * type User = { id: string; email: string }
111
+ * // With a schema that defines `email`:
112
+ * type Encrypted = EncryptedFromSchema<User, { email: ProtectColumn }>
113
+ * // => { id: string; email: Encrypted }
114
+ * ```
115
+ */
116
+ type EncryptedFromSchema<T, S extends ProtectTableColumn> = {
117
+ [K in keyof T]: [K] extends [keyof S] ? [S[K & keyof S]] extends [ProtectColumn | ProtectValue] ? Encrypted : T[K] : T[K];
118
+ };
95
119
  type BulkEncryptPayload = Array<{
96
120
  id?: string;
97
121
  plaintext: JsPlaintext | null;
@@ -339,7 +363,6 @@ declare const columnSchema: z.ZodDefault<z.ZodObject<{
339
363
  prefix: string;
340
364
  }>>;
341
365
  }, "strip", z.ZodTypeAny, {
342
- ore?: {} | undefined;
343
366
  match?: {
344
367
  token_filters?: {
345
368
  kind: "downcase";
@@ -354,6 +377,7 @@ declare const columnSchema: z.ZodDefault<z.ZodObject<{
354
377
  m?: number | undefined;
355
378
  include_original?: boolean | undefined;
356
379
  } | undefined;
380
+ ore?: {} | undefined;
357
381
  unique?: {
358
382
  token_filters?: {
359
383
  kind: "downcase";
@@ -363,7 +387,6 @@ declare const columnSchema: z.ZodDefault<z.ZodObject<{
363
387
  prefix: string;
364
388
  } | undefined;
365
389
  }, {
366
- ore?: {} | undefined;
367
390
  match?: {
368
391
  token_filters?: {
369
392
  kind: "downcase";
@@ -378,6 +401,7 @@ declare const columnSchema: z.ZodDefault<z.ZodObject<{
378
401
  m?: number | undefined;
379
402
  include_original?: boolean | undefined;
380
403
  } | undefined;
404
+ ore?: {} | undefined;
381
405
  unique?: {
382
406
  token_filters?: {
383
407
  kind: "downcase";
@@ -390,7 +414,6 @@ declare const columnSchema: z.ZodDefault<z.ZodObject<{
390
414
  }, "strip", z.ZodTypeAny, {
391
415
  cast_as: "string" | "number" | "bigint" | "boolean" | "date" | "json";
392
416
  indexes: {
393
- ore?: {} | undefined;
394
417
  match?: {
395
418
  token_filters?: {
396
419
  kind: "downcase";
@@ -405,6 +428,7 @@ declare const columnSchema: z.ZodDefault<z.ZodObject<{
405
428
  m?: number | undefined;
406
429
  include_original?: boolean | undefined;
407
430
  } | undefined;
431
+ ore?: {} | undefined;
408
432
  unique?: {
409
433
  token_filters?: {
410
434
  kind: "downcase";
@@ -417,7 +441,6 @@ declare const columnSchema: z.ZodDefault<z.ZodObject<{
417
441
  }, {
418
442
  cast_as?: "string" | "number" | "bigint" | "boolean" | "date" | "json" | undefined;
419
443
  indexes?: {
420
- ore?: {} | undefined;
421
444
  match?: {
422
445
  token_filters?: {
423
446
  kind: "downcase";
@@ -432,6 +455,7 @@ declare const columnSchema: z.ZodDefault<z.ZodObject<{
432
455
  m?: number | undefined;
433
456
  include_original?: boolean | undefined;
434
457
  } | undefined;
458
+ ore?: {} | undefined;
435
459
  unique?: {
436
460
  token_filters?: {
437
461
  kind: "downcase";
@@ -528,7 +552,6 @@ declare const encryptConfigSchema: z.ZodObject<{
528
552
  prefix: string;
529
553
  }>>;
530
554
  }, "strip", z.ZodTypeAny, {
531
- ore?: {} | undefined;
532
555
  match?: {
533
556
  token_filters?: {
534
557
  kind: "downcase";
@@ -543,6 +566,7 @@ declare const encryptConfigSchema: z.ZodObject<{
543
566
  m?: number | undefined;
544
567
  include_original?: boolean | undefined;
545
568
  } | undefined;
569
+ ore?: {} | undefined;
546
570
  unique?: {
547
571
  token_filters?: {
548
572
  kind: "downcase";
@@ -552,7 +576,6 @@ declare const encryptConfigSchema: z.ZodObject<{
552
576
  prefix: string;
553
577
  } | undefined;
554
578
  }, {
555
- ore?: {} | undefined;
556
579
  match?: {
557
580
  token_filters?: {
558
581
  kind: "downcase";
@@ -567,6 +590,7 @@ declare const encryptConfigSchema: z.ZodObject<{
567
590
  m?: number | undefined;
568
591
  include_original?: boolean | undefined;
569
592
  } | undefined;
593
+ ore?: {} | undefined;
570
594
  unique?: {
571
595
  token_filters?: {
572
596
  kind: "downcase";
@@ -579,7 +603,6 @@ declare const encryptConfigSchema: z.ZodObject<{
579
603
  }, "strip", z.ZodTypeAny, {
580
604
  cast_as: "string" | "number" | "bigint" | "boolean" | "date" | "json";
581
605
  indexes: {
582
- ore?: {} | undefined;
583
606
  match?: {
584
607
  token_filters?: {
585
608
  kind: "downcase";
@@ -594,6 +617,7 @@ declare const encryptConfigSchema: z.ZodObject<{
594
617
  m?: number | undefined;
595
618
  include_original?: boolean | undefined;
596
619
  } | undefined;
620
+ ore?: {} | undefined;
597
621
  unique?: {
598
622
  token_filters?: {
599
623
  kind: "downcase";
@@ -606,7 +630,6 @@ declare const encryptConfigSchema: z.ZodObject<{
606
630
  }, {
607
631
  cast_as?: "string" | "number" | "bigint" | "boolean" | "date" | "json" | undefined;
608
632
  indexes?: {
609
- ore?: {} | undefined;
610
633
  match?: {
611
634
  token_filters?: {
612
635
  kind: "downcase";
@@ -621,6 +644,7 @@ declare const encryptConfigSchema: z.ZodObject<{
621
644
  m?: number | undefined;
622
645
  include_original?: boolean | undefined;
623
646
  } | undefined;
647
+ ore?: {} | undefined;
624
648
  unique?: {
625
649
  token_filters?: {
626
650
  kind: "downcase";
@@ -636,7 +660,6 @@ declare const encryptConfigSchema: z.ZodObject<{
636
660
  tables: Record<string, Record<string, {
637
661
  cast_as: "string" | "number" | "bigint" | "boolean" | "date" | "json";
638
662
  indexes: {
639
- ore?: {} | undefined;
640
663
  match?: {
641
664
  token_filters?: {
642
665
  kind: "downcase";
@@ -651,6 +674,7 @@ declare const encryptConfigSchema: z.ZodObject<{
651
674
  m?: number | undefined;
652
675
  include_original?: boolean | undefined;
653
676
  } | undefined;
677
+ ore?: {} | undefined;
654
678
  unique?: {
655
679
  token_filters?: {
656
680
  kind: "downcase";
@@ -666,7 +690,6 @@ declare const encryptConfigSchema: z.ZodObject<{
666
690
  tables?: Record<string, Record<string, {
667
691
  cast_as?: "string" | "number" | "bigint" | "boolean" | "date" | "json" | undefined;
668
692
  indexes?: {
669
- ore?: {} | undefined;
670
693
  match?: {
671
694
  token_filters?: {
672
695
  kind: "downcase";
@@ -681,6 +704,7 @@ declare const encryptConfigSchema: z.ZodObject<{
681
704
  m?: number | undefined;
682
705
  include_original?: boolean | undefined;
683
706
  } | undefined;
707
+ ore?: {} | undefined;
684
708
  unique?: {
685
709
  token_filters?: {
686
710
  kind: "downcase";
@@ -1010,4 +1034,4 @@ declare function encryptedValue(valueName: string): ProtectValue;
1010
1034
  /** @internal */
1011
1035
  declare function buildEncryptConfig(...protectTables: Array<ProtectTable<ProtectTableColumn>>): EncryptConfig;
1012
1036
 
1013
- export { type EncryptedSearchTerm as A, type BulkDecryptedData as B, type CastAs as C, type Decrypted as D, type EncryptionClientConfig as E, type EncryptedFields as F, type OtherFields as G, type DecryptedFields as H, type InferPlaintext as I, type DecryptionResult as J, type KeysetIdentifier as K, type LoggingConfig as L, type MatchIndexOpts as M, queryTypes as N, type OreIndexOpts as O, ProtectColumn as P, type QueryTypeName as Q, type ScalarQueryTerm as S, type TokenFilter as T, type UniqueIndexOpts as U, encryptedColumn as a, encryptedValue as b, type InferEncrypted as c, ProtectTable as d, encryptedTable as e, type ProtectTableColumn as f, ProtectValue as g, type Encrypted as h, type EncryptedValue as i, type EncryptedQueryResult as j, type Client as k, type BulkDecryptPayload as l, type BulkEncryptedData as m, type BulkEncryptPayload as n, type EncryptOptions as o, type EncryptQueryOptions as p, type EncryptedReturnType as q, type EncryptConfig as r, castAsEnum as s, encryptConfigSchema as t, type SteVecIndexOpts as u, type ColumnSchema as v, buildEncryptConfig as w, type EncryptPayload as x, type ClientConfig as y, type SearchTerm as z };
1037
+ export { type SearchTerm as A, type BulkDecryptedData as B, type CastAs as C, type Decrypted as D, type EncryptionClientConfig as E, type EncryptedSearchTerm as F, type EncryptedFields as G, type OtherFields as H, type InferPlaintext as I, type DecryptedFields as J, type KeysetIdentifier as K, type DecryptionResult as L, type MatchIndexOpts as M, type LoggingConfig as N, type OreIndexOpts as O, ProtectColumn as P, type QueryTypeName as Q, queryTypes as R, type ScalarQueryTerm as S, type TokenFilter as T, type UniqueIndexOpts as U, encryptedColumn as a, encryptedValue as b, type InferEncrypted as c, ProtectTable as d, encryptedTable as e, type ProtectTableColumn as f, ProtectValue as g, type EncryptedFromSchema as h, type Encrypted as i, type EncryptedValue as j, type EncryptedQueryResult as k, type Client as l, type BulkDecryptPayload as m, type BulkEncryptedData as n, type BulkEncryptPayload as o, type EncryptOptions as p, type EncryptQueryOptions as q, type EncryptedReturnType as r, type EncryptConfig as s, castAsEnum as t, encryptConfigSchema as u, type SteVecIndexOpts as v, type ColumnSchema as w, buildEncryptConfig as x, type EncryptPayload as y, type ClientConfig as z };
package/dist/types-public.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/types-public.ts","../src/types.ts"],"sourcesContent":["/**\n * Public type re-exports for `@cipherstash/stack/types`.\n *\n * This module exposes only the public types from the internal types module.\n * Internal helpers (`queryTypeToFfi`, `queryTypeToQueryOp`, `FfiIndexTypeName`,\n * `QueryTermBase`) are excluded.\n */\n\n// Core types\nexport type {\n Client,\n EncryptedValue,\n Encrypted,\n EncryptPayload,\n} from '@/types'\n\n// Client configuration\nexport type {\n KeysetIdentifier,\n ClientConfig,\n EncryptionClientConfig,\n} from '@/types'\n\n// Encrypt / decrypt operation options and results\nexport type {\n EncryptOptions,\n EncryptedReturnType,\n SearchTerm,\n EncryptedSearchTerm,\n EncryptedQueryResult,\n} from '@/types'\n\n// Model field types\nexport type {\n EncryptedFields,\n OtherFields,\n DecryptedFields,\n Decrypted,\n} from '@/types'\n\n// Bulk operations\nexport type {\n BulkEncryptPayload,\n BulkEncryptedData,\n BulkDecryptPayload,\n BulkDecryptedData,\n DecryptionResult,\n} from '@/types'\n\n// Query types (public only)\nexport type {\n QueryTypeName,\n EncryptQueryOptions,\n ScalarQueryTerm,\n} from '@/types'\n\n// Logging\nexport type { LoggingConfig } from '@/utils/logger'\n\n// Runtime values\nexport { queryTypes } from '@/types'\n","import type {\n ProtectColumn,\n ProtectTable,\n ProtectTableColumn,\n ProtectValue,\n} from '@/schema'\nimport type { LoggingConfig } from '@/utils/logger'\nimport type {\n Encrypted as CipherStashEncrypted,\n JsPlaintext,\n QueryOpName,\n newClient,\n} from '@cipherstash/protect-ffi'\n\n// ---------------------------------------------------------------------------\n// Branded type utilities\n// ---------------------------------------------------------------------------\n\n/** Brand symbol for nominal typing */\ndeclare const __brand: unique symbol\n\n/** Creates a branded type that is structurally incompatible with the base type */\ntype Brand<T, B extends string> = T & { readonly [__brand]: B }\n\n// ---------------------------------------------------------------------------\n// Core types\n// ---------------------------------------------------------------------------\n\nexport type Client = Awaited<ReturnType<typeof newClient>> | undefined\n\n/** A branded type representing encrypted data. Cannot be accidentally used as plaintext. */\nexport type EncryptedValue = Brand<CipherStashEncrypted, 'encrypted'> | null\n\n/** Structural type representing encrypted data. See also `EncryptedValue` for branded nominal typing. */\nexport type Encrypted = CipherStashEncrypted | null\n\nexport type EncryptPayload = JsPlaintext | null\n\n// ---------------------------------------------------------------------------\n// Client configuration\n// ---------------------------------------------------------------------------\n\nexport type KeysetIdentifier = { name: string } | { id: string }\n\nexport type ClientConfig = {\n /**\n * The CipherStash workspace CRN (Cloud Resource Name).\n * Format: `crn:<region>.aws:<workspace-id>`.\n * Can also be set via the `CS_WORKSPACE_CRN` environment variable.\n * If omitted, the SDK reads from the environment or TOML config files.\n */\n workspaceCrn?: string\n\n /**\n * The API access key used for authenticating with the CipherStash API.\n * Can also be set via the `CS_CLIENT_ACCESS_KEY` environment variable.\n * Obtain this from the CipherStash dashboard after creating a workspace.\n */\n accessKey?: string\n\n /**\n * The client identifier used to authenticate with CipherStash services.\n * Can also be set via the `CS_CLIENT_ID` environment variable.\n * Generated during workspace onboarding in the CipherStash dashboard.\n */\n clientId?: string\n\n /**\n * The client key material used in combination with ZeroKMS for encryption operations.\n * Can also be set via the `CS_CLIENT_KEY` environment variable.\n * Generated during workspace onboarding in the CipherStash dashboard.\n */\n clientKey?: string\n\n /**\n * An optional keyset identifier for multi-tenant encryption.\n * Each keyset provides cryptographic isolation, giving each tenant its own keyspace.\n * Specify by name (`{ name: \"tenant-a\" }`) or UUID (`{ id: \"...\" }`).\n * Keysets are created and managed in the CipherStash dashboard.\n */\n keyset?: KeysetIdentifier\n}\n\ntype AtLeastOneCsTable<T> = [T, ...T[]]\n\nexport type EncryptionClientConfig = {\n schemas: AtLeastOneCsTable<ProtectTable<ProtectTableColumn>>\n config?: ClientConfig\n logging?: LoggingConfig\n}\n\n// ---------------------------------------------------------------------------\n// Encrypt / decrypt operation options and results\n// ---------------------------------------------------------------------------\n\nexport type EncryptOptions = {\n column: ProtectColumn | ProtectValue\n table: ProtectTable<ProtectTableColumn>\n}\n\n/** Format for encrypted query/search term return values */\nexport type EncryptedReturnType =\n | 'eql'\n | 'composite-literal'\n | 'escaped-composite-literal'\n\nexport type SearchTerm = {\n value: JsPlaintext\n column: ProtectColumn\n table: ProtectTable<ProtectTableColumn>\n returnType?: EncryptedReturnType\n}\n\n/** Encrypted search term result: EQL object or composite literal string */\nexport type EncryptedSearchTerm = Encrypted | string\n\n/** Result of encryptQuery (single or batch): EQL, composite literal string, or null */\nexport type EncryptedQueryResult = Encrypted | string | null\n\n// ---------------------------------------------------------------------------\n// Model field types (encrypted vs decrypted views)\n// ---------------------------------------------------------------------------\n\nexport type EncryptedFields<T> = {\n [K in keyof T as T[K] extends Encrypted ? K : never]: T[K]\n}\n\nexport type OtherFields<T> = {\n [K in keyof T as T[K] extends Encrypted ? never : K]: T[K]\n}\n\nexport type DecryptedFields<T> = {\n [K in keyof T as T[K] extends Encrypted ? K : never]: string\n}\n\n/** Model with encrypted fields replaced by plaintext (decrypted) values */\nexport type Decrypted<T> = OtherFields<T> & DecryptedFields<T>\n\n// ---------------------------------------------------------------------------\n// Bulk operations\n// ---------------------------------------------------------------------------\n\nexport type BulkEncryptPayload = Array<{\n id?: string\n plaintext: JsPlaintext | null\n}>\n\nexport type BulkEncryptedData = Array<{ id?: string; data: Encrypted }>\nexport type BulkDecryptPayload = Array<{ id?: string; data: Encrypted }>\nexport type BulkDecryptedData = Array<DecryptionResult<JsPlaintext | null>>\n\ntype DecryptionSuccess<T> = { error?: never; data: T; id?: string }\ntype DecryptionError<T> = { error: T; id?: string; data?: never }\n\n/**\n * Result type for individual items in bulk decrypt operations.\n * Uses `error`/`data` fields (not `failure`/`data`) since bulk operations\n * can have per-item failures.\n */\nexport type DecryptionResult<T> = DecryptionSuccess<T> | DecryptionError<T>\n\n// ---------------------------------------------------------------------------\n// Query types (for searchable encryption / encryptQuery)\n// ---------------------------------------------------------------------------\n\n/**\n * User-facing query type names for encrypting query values.\n *\n * - `'equality'`: Exact match. [Exact Queries](https://cipherstash.com/docs/platform/searchable-encryption/supported-queries/exact)\n * - `'freeTextSearch'`: Text search. [Match Queries](https://cipherstash.com/docs/platform/searchable-encryption/supported-queries/match)\n * - `'orderAndRange'`: Comparison and range. [Range Queries](https://cipherstash.com/docs/platform/searchable-encryption/supported-queries/range)\n * - `'steVecSelector'`: JSONPath selector (e.g. `'$.user.email'`)\n * - `'steVecTerm'`: Containment (e.g. `{ role: 'admin' }`)\n * - `'searchableJson'`: Auto-infers selector or term from plaintext type (recommended)\n */\nexport type QueryTypeName =\n | 'orderAndRange'\n | 'freeTextSearch'\n | 'equality'\n | 'steVecSelector'\n | 'steVecTerm'\n | 'searchableJson'\n\n/** @internal */\nexport type FfiIndexTypeName = 'ore' | 'match' | 'unique' | 'ste_vec'\n\nexport const queryTypes = {\n orderAndRange: 'orderAndRange',\n freeTextSearch: 'freeTextSearch',\n equality: 'equality',\n steVecSelector: 'steVecSelector',\n steVecTerm: 'steVecTerm',\n searchableJson: 'searchableJson',\n} as const satisfies Record<string, QueryTypeName>\n\n/** @internal */\nexport const queryTypeToFfi: Record<QueryTypeName, FfiIndexTypeName> = {\n orderAndRange: 'ore',\n freeTextSearch: 'match',\n equality: 'unique',\n steVecSelector: 'ste_vec',\n steVecTerm: 'ste_vec',\n searchableJson: 'ste_vec',\n}\n\n/** @internal */\nexport const queryTypeToQueryOp: Partial<Record<QueryTypeName, QueryOpName>> = {\n steVecSelector: 'ste_vec_selector',\n steVecTerm: 'ste_vec_term',\n}\n\n/** @internal */\nexport type QueryTermBase = {\n column: ProtectColumn\n table: ProtectTable<ProtectTableColumn>\n queryType?: QueryTypeName\n returnType?: EncryptedReturnType\n}\n\nexport type EncryptQueryOptions = QueryTermBase\n\nexport type ScalarQueryTerm = QueryTermBase & {\n value: JsPlaintext | null\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;AC0LO,IAAM,aAAa;AAAA,EACxB,eAAe;AAAA,EACf,gBAAgB;AAAA,EAChB,UAAU;AAAA,EACV,gBAAgB;AAAA,EAChB,YAAY;AAAA,EACZ,gBAAgB;AAClB;","names":[]}
1
+ {"version":3,"sources":["../src/types-public.ts","../src/types.ts"],"sourcesContent":["/**\n * Public type re-exports for `@cipherstash/stack/types`.\n *\n * This module exposes only the public types from the internal types module.\n * Internal helpers (`queryTypeToFfi`, `queryTypeToQueryOp`, `FfiIndexTypeName`,\n * `QueryTermBase`) are excluded.\n */\n\n// Core types\nexport type {\n Client,\n EncryptedValue,\n Encrypted,\n EncryptPayload,\n} from '@/types'\n\n// Client configuration\nexport type {\n KeysetIdentifier,\n ClientConfig,\n EncryptionClientConfig,\n} from '@/types'\n\n// Encrypt / decrypt operation options and results\nexport type {\n EncryptOptions,\n EncryptedReturnType,\n SearchTerm,\n EncryptedSearchTerm,\n EncryptedQueryResult,\n} from '@/types'\n\n// Model field types\nexport type {\n EncryptedFields,\n OtherFields,\n DecryptedFields,\n Decrypted,\n} from '@/types'\n\n// Bulk operations\nexport type {\n BulkEncryptPayload,\n BulkEncryptedData,\n BulkDecryptPayload,\n BulkDecryptedData,\n DecryptionResult,\n} from '@/types'\n\n// Query types (public only)\nexport type {\n QueryTypeName,\n EncryptQueryOptions,\n ScalarQueryTerm,\n} from '@/types'\n\n// Logging\nexport type { LoggingConfig } from '@/utils/logger'\n\n// Runtime values\nexport { queryTypes } from '@/types'\n","import type {\n ProtectColumn,\n ProtectTable,\n ProtectTableColumn,\n ProtectValue,\n} from '@/schema'\nimport type { LoggingConfig } from '@/utils/logger'\nimport type {\n Encrypted as CipherStashEncrypted,\n JsPlaintext,\n QueryOpName,\n newClient,\n} from '@cipherstash/protect-ffi'\n\n// ---------------------------------------------------------------------------\n// Branded type utilities\n// ---------------------------------------------------------------------------\n\n/** Brand symbol for nominal typing */\ndeclare const __brand: unique symbol\n\n/** Creates a branded type that is structurally incompatible with the base type */\ntype Brand<T, B extends string> = T & { readonly [__brand]: B }\n\n// ---------------------------------------------------------------------------\n// Core types\n// ---------------------------------------------------------------------------\n\nexport type Client = Awaited<ReturnType<typeof newClient>> | undefined\n\n/** A branded type representing encrypted data. Cannot be accidentally used as plaintext. */\nexport type EncryptedValue = Brand<CipherStashEncrypted, 'encrypted'> | null\n\n/** Structural type representing encrypted data. See also `EncryptedValue` for branded nominal typing. */\nexport type Encrypted = CipherStashEncrypted | null\n\nexport type EncryptPayload = JsPlaintext | null\n\n// ---------------------------------------------------------------------------\n// Client configuration\n// ---------------------------------------------------------------------------\n\nexport type KeysetIdentifier = { name: string } | { id: string }\n\nexport type ClientConfig = {\n /**\n * The CipherStash workspace CRN (Cloud Resource Name).\n * Format: `crn:<region>.aws:<workspace-id>`.\n * Can also be set via the `CS_WORKSPACE_CRN` environment variable.\n * If omitted, the SDK reads from the environment or TOML config files.\n */\n workspaceCrn?: string\n\n /**\n * The API access key used for authenticating with the CipherStash API.\n * Can also be set via the `CS_CLIENT_ACCESS_KEY` environment variable.\n * Obtain this from the CipherStash dashboard after creating a workspace.\n */\n accessKey?: string\n\n /**\n * The client identifier used to authenticate with CipherStash services.\n * Can also be set via the `CS_CLIENT_ID` environment variable.\n * Generated during workspace onboarding in the CipherStash dashboard.\n */\n clientId?: string\n\n /**\n * The client key material used in combination with ZeroKMS for encryption operations.\n * Can also be set via the `CS_CLIENT_KEY` environment variable.\n * Generated during workspace onboarding in the CipherStash dashboard.\n */\n clientKey?: string\n\n /**\n * An optional keyset identifier for multi-tenant encryption.\n * Each keyset provides cryptographic isolation, giving each tenant its own keyspace.\n * Specify by name (`{ name: \"tenant-a\" }`) or UUID (`{ id: \"...\" }`).\n * Keysets are created and managed in the CipherStash dashboard.\n */\n keyset?: KeysetIdentifier\n}\n\ntype AtLeastOneCsTable<T> = [T, ...T[]]\n\nexport type EncryptionClientConfig = {\n schemas: AtLeastOneCsTable<ProtectTable<ProtectTableColumn>>\n config?: ClientConfig\n logging?: LoggingConfig\n}\n\n// ---------------------------------------------------------------------------\n// Encrypt / decrypt operation options and results\n// ---------------------------------------------------------------------------\n\nexport type EncryptOptions = {\n column: ProtectColumn | ProtectValue\n table: ProtectTable<ProtectTableColumn>\n}\n\n/** Format for encrypted query/search term return values */\nexport type EncryptedReturnType =\n | 'eql'\n | 'composite-literal'\n | 'escaped-composite-literal'\n\nexport type SearchTerm = {\n value: JsPlaintext\n column: ProtectColumn\n table: ProtectTable<ProtectTableColumn>\n returnType?: EncryptedReturnType\n}\n\n/** Encrypted search term result: EQL object or composite literal string */\nexport type EncryptedSearchTerm = Encrypted | string\n\n/** Result of encryptQuery (single or batch): EQL, composite literal string, or null */\nexport type EncryptedQueryResult = Encrypted | string | null\n\n// ---------------------------------------------------------------------------\n// Model field types (encrypted vs decrypted views)\n// ---------------------------------------------------------------------------\n\nexport type EncryptedFields<T> = {\n [K in keyof T as T[K] extends Encrypted ? K : never]: T[K]\n}\n\nexport type OtherFields<T> = {\n [K in keyof T as T[K] extends Encrypted ? never : K]: T[K]\n}\n\nexport type DecryptedFields<T> = {\n [K in keyof T as T[K] extends Encrypted ? K : never]: string\n}\n\n/** Model with encrypted fields replaced by plaintext (decrypted) values */\nexport type Decrypted<T> = OtherFields<T> & DecryptedFields<T>\n\n/**\n * Maps a plaintext model type to its encrypted form using the table schema.\n *\n * Fields whose keys match columns defined in `S` become `Encrypted`;\n * all other fields retain their original types from `T`.\n *\n * When `S` is the widened `ProtectTableColumn` (e.g. when a user passes an\n * explicit `<User>` type argument without specifying `S`), the type degrades\n * gracefully to `T` — preserving backward compatibility.\n *\n * @typeParam T - The plaintext model type (e.g. `{ id: string; email: string }`)\n * @typeParam S - The table schema column definition, inferred from the `table` argument\n *\n * @example\n * ```typescript\n * type User = { id: string; email: string }\n * // With a schema that defines `email`:\n * type Encrypted = EncryptedFromSchema<User, { email: ProtectColumn }>\n * // => { id: string; email: Encrypted }\n * ```\n */\nexport type EncryptedFromSchema<\n T,\n S extends ProtectTableColumn,\n> = {\n [K in keyof T]: [K] extends [keyof S]\n ? [S[K & keyof S]] extends [ProtectColumn | ProtectValue]\n ? Encrypted\n : T[K]\n : T[K]\n}\n\n// ---------------------------------------------------------------------------\n// Bulk operations\n// ---------------------------------------------------------------------------\n\nexport type BulkEncryptPayload = Array<{\n id?: string\n plaintext: JsPlaintext | null\n}>\n\nexport type BulkEncryptedData = Array<{ id?: string; data: Encrypted }>\nexport type BulkDecryptPayload = Array<{ id?: string; data: Encrypted }>\nexport type BulkDecryptedData = Array<DecryptionResult<JsPlaintext | null>>\n\ntype DecryptionSuccess<T> = { error?: never; data: T; id?: string }\ntype DecryptionError<T> = { error: T; id?: string; data?: never }\n\n/**\n * Result type for individual items in bulk decrypt operations.\n * Uses `error`/`data` fields (not `failure`/`data`) since bulk operations\n * can have per-item failures.\n */\nexport type DecryptionResult<T> = DecryptionSuccess<T> | DecryptionError<T>\n\n// ---------------------------------------------------------------------------\n// Query types (for searchable encryption / encryptQuery)\n// ---------------------------------------------------------------------------\n\n/**\n * User-facing query type names for encrypting query values.\n *\n * - `'equality'`: Exact match. [Exact Queries](https://cipherstash.com/docs/platform/searchable-encryption/supported-queries/exact)\n * - `'freeTextSearch'`: Text search. [Match Queries](https://cipherstash.com/docs/platform/searchable-encryption/supported-queries/match)\n * - `'orderAndRange'`: Comparison and range. [Range Queries](https://cipherstash.com/docs/platform/searchable-encryption/supported-queries/range)\n * - `'steVecSelector'`: JSONPath selector (e.g. `'$.user.email'`)\n * - `'steVecTerm'`: Containment (e.g. `{ role: 'admin' }`)\n * - `'searchableJson'`: Auto-infers selector or term from plaintext type (recommended)\n */\nexport type QueryTypeName =\n | 'orderAndRange'\n | 'freeTextSearch'\n | 'equality'\n | 'steVecSelector'\n | 'steVecTerm'\n | 'searchableJson'\n\n/** @internal */\nexport type FfiIndexTypeName = 'ore' | 'match' | 'unique' | 'ste_vec'\n\nexport const queryTypes = {\n orderAndRange: 'orderAndRange',\n freeTextSearch: 'freeTextSearch',\n equality: 'equality',\n steVecSelector: 'steVecSelector',\n steVecTerm: 'steVecTerm',\n searchableJson: 'searchableJson',\n} as const satisfies Record<string, QueryTypeName>\n\n/** @internal */\nexport const queryTypeToFfi: Record<QueryTypeName, FfiIndexTypeName> = {\n orderAndRange: 'ore',\n freeTextSearch: 'match',\n equality: 'unique',\n steVecSelector: 'ste_vec',\n steVecTerm: 'ste_vec',\n searchableJson: 'ste_vec',\n}\n\n/** @internal */\nexport const queryTypeToQueryOp: Partial<Record<QueryTypeName, QueryOpName>> = {\n steVecSelector: 'ste_vec_selector',\n steVecTerm: 'ste_vec_term',\n}\n\n/** @internal */\nexport type QueryTermBase = {\n column: ProtectColumn\n table: ProtectTable<ProtectTableColumn>\n queryType?: QueryTypeName\n returnType?: EncryptedReturnType\n}\n\nexport type EncryptQueryOptions = QueryTermBase\n\nexport type ScalarQueryTerm = QueryTermBase & {\n value: JsPlaintext | null\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;AC0NO,IAAM,aAAa;AAAA,EACxB,eAAe;AAAA,EACf,gBAAgB;AAAA,EAChB,UAAU;AAAA,EACV,gBAAgB;AAAA,EAChB,YAAY;AAAA,EACZ,gBAAgB;AAClB;","names":[]}
package/dist/types-public.d.cts CHANGED
@@ -1,4 +1,4 @@
1
- export { l as BulkDecryptPayload, B as BulkDecryptedData, n as BulkEncryptPayload, m as BulkEncryptedData, k as Client, y as ClientConfig, D as Decrypted, H as DecryptedFields, J as DecryptionResult, o as EncryptOptions, x as EncryptPayload, p as EncryptQueryOptions, h as Encrypted, F as EncryptedFields, j as EncryptedQueryResult, q as EncryptedReturnType, A as EncryptedSearchTerm, i as EncryptedValue, E as EncryptionClientConfig, K as KeysetIdentifier, L as LoggingConfig, G as OtherFields, Q as QueryTypeName, S as ScalarQueryTerm, z as SearchTerm, N as queryTypes } from './types-public-BCj1L4fi.cjs';
1
+ export { m as BulkDecryptPayload, B as BulkDecryptedData, o as BulkEncryptPayload, n as BulkEncryptedData, l as Client, z as ClientConfig, D as Decrypted, J as DecryptedFields, L as DecryptionResult, p as EncryptOptions, y as EncryptPayload, q as EncryptQueryOptions, i as Encrypted, G as EncryptedFields, k as EncryptedQueryResult, r as EncryptedReturnType, F as EncryptedSearchTerm, j as EncryptedValue, E as EncryptionClientConfig, K as KeysetIdentifier, N as LoggingConfig, H as OtherFields, Q as QueryTypeName, S as ScalarQueryTerm, A as SearchTerm, R as queryTypes } from './types-public-Dfg-hkuQ.cjs';
2
2
  import 'zod';
3
3
  import 'evlog';
4
4
  import '@cipherstash/protect-ffi';
package/dist/types-public.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- export { l as BulkDecryptPayload, B as BulkDecryptedData, n as BulkEncryptPayload, m as BulkEncryptedData, k as Client, y as ClientConfig, D as Decrypted, H as DecryptedFields, J as DecryptionResult, o as EncryptOptions, x as EncryptPayload, p as EncryptQueryOptions, h as Encrypted, F as EncryptedFields, j as EncryptedQueryResult, q as EncryptedReturnType, A as EncryptedSearchTerm, i as EncryptedValue, E as EncryptionClientConfig, K as KeysetIdentifier, L as LoggingConfig, G as OtherFields, Q as QueryTypeName, S as ScalarQueryTerm, z as SearchTerm, N as queryTypes } from './types-public-BCj1L4fi.js';
1
+ export { m as BulkDecryptPayload, B as BulkDecryptedData, o as BulkEncryptPayload, n as BulkEncryptedData, l as Client, z as ClientConfig, D as Decrypted, J as DecryptedFields, L as DecryptionResult, p as EncryptOptions, y as EncryptPayload, q as EncryptQueryOptions, i as Encrypted, G as EncryptedFields, k as EncryptedQueryResult, r as EncryptedReturnType, F as EncryptedSearchTerm, j as EncryptedValue, E as EncryptionClientConfig, K as KeysetIdentifier, N as LoggingConfig, H as OtherFields, Q as QueryTypeName, S as ScalarQueryTerm, A as SearchTerm, R as queryTypes } from './types-public-Dfg-hkuQ.js';
2
2
  import 'zod';
3
3
  import 'evlog';
4
4
  import '@cipherstash/protect-ffi';
package/dist/types-public.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import {
2
2
  queryTypes
3
- } from "./chunk-SJ7JO4ME.js";
3
+ } from "./chunk-5G4F4JJG.js";
4
4
  export {
5
5
  queryTypes
6
6
  };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@cipherstash/stack",
3
- "version": "0.1.0",
3
+ "version": "0.2.0",
4
4
  "description": "CipherStash Stack for TypeScript and JavaScript",
5
5
  "keywords": [
6
6
  "encrypted",