@cipherstash/stack 0.1.0 → 0.2.0

package/dist/{client-DtGq9dJp.d.ts → client-BV9pXC-d.d.ts}

@@ -1,4 +1,4 @@
-import { j as EncryptedQueryResult, k as Client, S as ScalarQueryTerm, B as BulkDecryptedData, l as BulkDecryptPayload, D as Decrypted, m as BulkEncryptedData, n as BulkEncryptPayload, o as EncryptOptions, P as ProtectColumn, g as ProtectValue, d as ProtectTable, f as ProtectTableColumn, h as Encrypted, p as EncryptQueryOptions, Q as QueryTypeName, q as EncryptedReturnType, r as EncryptConfig, K as KeysetIdentifier } from './types-public-BCj1L4fi.js';
+import { k as EncryptedQueryResult, l as Client, S as ScalarQueryTerm, B as BulkDecryptedData, m as BulkDecryptPayload, D as Decrypted, n as BulkEncryptedData, o as BulkEncryptPayload, p as EncryptOptions, P as ProtectColumn, g as ProtectValue, d as ProtectTable, f as ProtectTableColumn, i as Encrypted, q as EncryptQueryOptions, Q as QueryTypeName, r as EncryptedReturnType, s as EncryptConfig, K as KeysetIdentifier, h as EncryptedFromSchema } from './types-public-Dfg-hkuQ.js';
 import { a as EncryptionError, d as LockContext } from './index-9-Ya3fDK.js';
 import { Result } from '@byteslice/result';
 import { JsPlaintext } from '@cipherstash/protect-ffi';
@@ -114,12 +114,12 @@ declare class BulkEncryptModelsOperation<T extends Record<string, unknown>> exte
     private client;
     private models;
     private table;
-    constructor(client: Client, models: Decrypted<T>[], table: ProtectTable<ProtectTableColumn>);
+    constructor(client: Client, models: Record<string, unknown>[], table: ProtectTable<ProtectTableColumn>);
     withLockContext(lockContext: LockContext): BulkEncryptModelsOperationWithLockContext<T>;
     execute(): Promise<Result<T[], EncryptionError>>;
     getOperation(): {
         client: Client;
-        models: Decrypted<T>[];
+        models: Record<string, unknown>[];
         table: ProtectTable<ProtectTableColumn>;
     };
 }
@@ -197,12 +197,12 @@ declare class EncryptModelOperation<T extends Record<string, unknown>> extends E
     private client;
     private model;
     private table;
-    constructor(client: Client, model: Decrypted<T>, table: ProtectTable<ProtectTableColumn>);
+    constructor(client: Client, model: Record<string, unknown>, table: ProtectTable<ProtectTableColumn>);
     withLockContext(lockContext: LockContext): EncryptModelOperationWithLockContext<T>;
     execute(): Promise<Result<T, EncryptionError>>;
     getOperation(): {
         client: Client;
-        model: Decrypted<T>;
+        model: Record<string, unknown>;
         table: ProtectTable<ProtectTableColumn>;
     };
 }
@@ -440,10 +440,16 @@ declare class EncryptionClient {
      * All other fields are passed through unchanged. Returns a thenable operation
      * that supports `.withLockContext()` for identity-aware encryption.
      *
+     * The return type is **schema-aware**: fields matching the table schema are
+     * typed as `Encrypted`, while other fields retain their original types. For
+     * best results, let TypeScript infer the type parameters from the arguments
+     * rather than providing an explicit type argument.
+     *
      * @param input - The model object with plaintext values to encrypt.
      * @param table - The table schema defining which fields to encrypt.
-     * @returns An `EncryptModelOperation<T>` that can be awaited to get a `Result`
-     *   containing the model with encrypted fields, or an `EncryptionError`.
+     * @returns An `EncryptModelOperation` that can be awaited to get a `Result`
+     *   containing the model with schema-defined fields typed as `Encrypted`,
+     *   or an `EncryptionError`.
      *
      * @example
      * ```typescript
@@ -458,7 +464,9 @@ declare class EncryptionClient {
      *
      * const client = await Encryption({ schemas: [usersSchema] })
      *
-     * const result = await client.encryptModel<User>(
+     * // Let TypeScript infer the return type from the schema.
+     * // result.data.email is typed as `Encrypted`, result.data.id stays `string`.
+     * const result = await client.encryptModel(
      *   { id: "user_123", email: "alice@example.com", createdAt: new Date() },
      *   usersSchema,
      * )
@@ -466,12 +474,12 @@ declare class EncryptionClient {
      * if (result.failure) {
      *   console.error(result.failure.message)
      * } else {
-     *   // result.data.id is unchanged, result.data.email is encrypted
-     *   console.log(result.data)
+     *   console.log(result.data.id)    // string
+     *   console.log(result.data.email) // Encrypted
      * }
      * ```
      */
-    encryptModel<T extends Record<string, unknown>>(input: Decrypted<T>, table: ProtectTable<ProtectTableColumn>): EncryptModelOperation<T>;
+    encryptModel<T extends Record<string, unknown>, S extends ProtectTableColumn = ProtectTableColumn>(input: T, table: ProtectTable<S>): EncryptModelOperation<EncryptedFromSchema<T, S>>;
     /**
      * Decrypt a model (object) whose fields contain encrypted values.
      *
@@ -508,10 +516,15 @@ declare class EncryptionClient {
      * while still using a unique key for each encrypted value. Only fields
      * matching the table schema are encrypted; other fields pass through unchanged.
      *
+     * The return type is **schema-aware**: fields matching the table schema are
+     * typed as `Encrypted`, while other fields retain their original types. For
+     * best results, let TypeScript infer the type parameters from the arguments.
+     *
      * @param input - An array of model objects with plaintext values to encrypt.
      * @param table - The table schema defining which fields to encrypt.
-     * @returns A `BulkEncryptModelsOperation<T>` that can be awaited to get a `Result`
-     *   containing an array of models with encrypted fields, or an `EncryptionError`.
+     * @returns A `BulkEncryptModelsOperation` that can be awaited to get a `Result`
+     *   containing an array of models with schema-defined fields typed as `Encrypted`,
+     *   or an `EncryptionError`.
      *
      * @example
      * ```typescript
@@ -526,7 +539,9 @@ declare class EncryptionClient {
      *
      * const client = await Encryption({ schemas: [usersSchema] })
      *
-     * const result = await client.bulkEncryptModels<User>(
+     * // Let TypeScript infer the return type from the schema.
+     * // Each item's email is typed as `Encrypted`, id stays `string`.
+     * const result = await client.bulkEncryptModels(
      *   [
      *     { id: "1", email: "alice@example.com" },
      *     { id: "2", email: "bob@example.com" },
@@ -539,7 +554,7 @@ declare class EncryptionClient {
      * }
      * ```
      */
-    bulkEncryptModels<T extends Record<string, unknown>>(input: Array<Decrypted<T>>, table: ProtectTable<ProtectTableColumn>): BulkEncryptModelsOperation<T>;
+    bulkEncryptModels<T extends Record<string, unknown>, S extends ProtectTableColumn = ProtectTableColumn>(input: Array<T>, table: ProtectTable<S>): BulkEncryptModelsOperation<EncryptedFromSchema<T, S>>;
     /**
      * Decrypt multiple models (objects) in a single bulk operation.
      *

package/dist/{client-BxJG56Ey.d.cts → client-D-ZH8SB2.d.cts}

@@ -1,4 +1,4 @@
-import { j as EncryptedQueryResult, k as Client, S as ScalarQueryTerm, B as BulkDecryptedData, l as BulkDecryptPayload, D as Decrypted, m as BulkEncryptedData, n as BulkEncryptPayload, o as EncryptOptions, P as ProtectColumn, g as ProtectValue, d as ProtectTable, f as ProtectTableColumn, h as Encrypted, p as EncryptQueryOptions, Q as QueryTypeName, q as EncryptedReturnType, r as EncryptConfig, K as KeysetIdentifier } from './types-public-BCj1L4fi.cjs';
+import { k as EncryptedQueryResult, l as Client, S as ScalarQueryTerm, B as BulkDecryptedData, m as BulkDecryptPayload, D as Decrypted, n as BulkEncryptedData, o as BulkEncryptPayload, p as EncryptOptions, P as ProtectColumn, g as ProtectValue, d as ProtectTable, f as ProtectTableColumn, i as Encrypted, q as EncryptQueryOptions, Q as QueryTypeName, r as EncryptedReturnType, s as EncryptConfig, K as KeysetIdentifier, h as EncryptedFromSchema } from './types-public-Dfg-hkuQ.cjs';
 import { a as EncryptionError, d as LockContext } from './index-9-Ya3fDK.cjs';
 import { Result } from '@byteslice/result';
 import { JsPlaintext } from '@cipherstash/protect-ffi';
@@ -114,12 +114,12 @@ declare class BulkEncryptModelsOperation<T extends Record<string, unknown>> exte
     private client;
     private models;
     private table;
-    constructor(client: Client, models: Decrypted<T>[], table: ProtectTable<ProtectTableColumn>);
+    constructor(client: Client, models: Record<string, unknown>[], table: ProtectTable<ProtectTableColumn>);
     withLockContext(lockContext: LockContext): BulkEncryptModelsOperationWithLockContext<T>;
     execute(): Promise<Result<T[], EncryptionError>>;
     getOperation(): {
         client: Client;
-        models: Decrypted<T>[];
+        models: Record<string, unknown>[];
         table: ProtectTable<ProtectTableColumn>;
     };
 }
@@ -197,12 +197,12 @@ declare class EncryptModelOperation<T extends Record<string, unknown>> extends E
     private client;
     private model;
     private table;
-    constructor(client: Client, model: Decrypted<T>, table: ProtectTable<ProtectTableColumn>);
+    constructor(client: Client, model: Record<string, unknown>, table: ProtectTable<ProtectTableColumn>);
     withLockContext(lockContext: LockContext): EncryptModelOperationWithLockContext<T>;
     execute(): Promise<Result<T, EncryptionError>>;
     getOperation(): {
         client: Client;
-        model: Decrypted<T>;
+        model: Record<string, unknown>;
         table: ProtectTable<ProtectTableColumn>;
     };
 }
@@ -440,10 +440,16 @@ declare class EncryptionClient {
      * All other fields are passed through unchanged. Returns a thenable operation
      * that supports `.withLockContext()` for identity-aware encryption.
      *
+     * The return type is **schema-aware**: fields matching the table schema are
+     * typed as `Encrypted`, while other fields retain their original types. For
+     * best results, let TypeScript infer the type parameters from the arguments
+     * rather than providing an explicit type argument.
+     *
      * @param input - The model object with plaintext values to encrypt.
      * @param table - The table schema defining which fields to encrypt.
-     * @returns An `EncryptModelOperation<T>` that can be awaited to get a `Result`
-     *   containing the model with encrypted fields, or an `EncryptionError`.
+     * @returns An `EncryptModelOperation` that can be awaited to get a `Result`
+     *   containing the model with schema-defined fields typed as `Encrypted`,
+     *   or an `EncryptionError`.
      *
      * @example
      * ```typescript
@@ -458,7 +464,9 @@ declare class EncryptionClient {
      *
      * const client = await Encryption({ schemas: [usersSchema] })
      *
-     * const result = await client.encryptModel<User>(
+     * // Let TypeScript infer the return type from the schema.
+     * // result.data.email is typed as `Encrypted`, result.data.id stays `string`.
+     * const result = await client.encryptModel(
      *   { id: "user_123", email: "alice@example.com", createdAt: new Date() },
      *   usersSchema,
      * )
@@ -466,12 +474,12 @@ declare class EncryptionClient {
      * if (result.failure) {
      *   console.error(result.failure.message)
      * } else {
-     *   // result.data.id is unchanged, result.data.email is encrypted
-     *   console.log(result.data)
+     *   console.log(result.data.id)    // string
+     *   console.log(result.data.email) // Encrypted
      * }
      * ```
      */
-    encryptModel<T extends Record<string, unknown>>(input: Decrypted<T>, table: ProtectTable<ProtectTableColumn>): EncryptModelOperation<T>;
+    encryptModel<T extends Record<string, unknown>, S extends ProtectTableColumn = ProtectTableColumn>(input: T, table: ProtectTable<S>): EncryptModelOperation<EncryptedFromSchema<T, S>>;
     /**
      * Decrypt a model (object) whose fields contain encrypted values.
      *
@@ -508,10 +516,15 @@ declare class EncryptionClient {
      * while still using a unique key for each encrypted value. Only fields
      * matching the table schema are encrypted; other fields pass through unchanged.
      *
+     * The return type is **schema-aware**: fields matching the table schema are
+     * typed as `Encrypted`, while other fields retain their original types. For
+     * best results, let TypeScript infer the type parameters from the arguments.
+     *
      * @param input - An array of model objects with plaintext values to encrypt.
      * @param table - The table schema defining which fields to encrypt.
-     * @returns A `BulkEncryptModelsOperation<T>` that can be awaited to get a `Result`
-     *   containing an array of models with encrypted fields, or an `EncryptionError`.
+     * @returns A `BulkEncryptModelsOperation` that can be awaited to get a `Result`
+     *   containing an array of models with schema-defined fields typed as `Encrypted`,
+     *   or an `EncryptionError`.
      *
      * @example
      * ```typescript
@@ -526,7 +539,9 @@ declare class EncryptionClient {
      *
      * const client = await Encryption({ schemas: [usersSchema] })
      *
-     * const result = await client.bulkEncryptModels<User>(
+     * // Let TypeScript infer the return type from the schema.
+     * // Each item's email is typed as `Encrypted`, id stays `string`.
+     * const result = await client.bulkEncryptModels(
      *   [
      *     { id: "1", email: "alice@example.com" },
      *     { id: "2", email: "bob@example.com" },
@@ -539,7 +554,7 @@ declare class EncryptionClient {
      * }
      * ```
      */
-    bulkEncryptModels<T extends Record<string, unknown>>(input: Array<Decrypted<T>>, table: ProtectTable<ProtectTableColumn>): BulkEncryptModelsOperation<T>;
+    bulkEncryptModels<T extends Record<string, unknown>, S extends ProtectTableColumn = ProtectTableColumn>(input: Array<T>, table: ProtectTable<S>): BulkEncryptModelsOperation<EncryptedFromSchema<T, S>>;
     /**
      * Decrypt multiple models (objects) in a single bulk operation.
      *

package/dist/client.d.cts

@@ -1,5 +1,5 @@
-export { c as InferEncrypted, I as InferPlaintext, P as ProtectColumn, d as ProtectTable, f as ProtectTableColumn, g as ProtectValue, a as encryptedColumn, e as encryptedTable, b as encryptedValue } from './types-public-BCj1L4fi.cjs';
-export { E as EncryptionClient } from './client-BxJG56Ey.cjs';
+export { c as InferEncrypted, I as InferPlaintext, P as ProtectColumn, d as ProtectTable, f as ProtectTableColumn, g as ProtectValue, a as encryptedColumn, e as encryptedTable, b as encryptedValue } from './types-public-Dfg-hkuQ.cjs';
+export { E as EncryptionClient } from './client-D-ZH8SB2.cjs';
 import 'zod';
 import 'evlog';
 import '@cipherstash/protect-ffi';

package/dist/client.d.ts

@@ -1,5 +1,5 @@
-export { c as InferEncrypted, I as InferPlaintext, P as ProtectColumn, d as ProtectTable, f as ProtectTableColumn, g as ProtectValue, a as encryptedColumn, e as encryptedTable, b as encryptedValue } from './types-public-BCj1L4fi.js';
-export { E as EncryptionClient } from './client-DtGq9dJp.js';
+export { c as InferEncrypted, I as InferPlaintext, P as ProtectColumn, d as ProtectTable, f as ProtectTableColumn, g as ProtectValue, a as encryptedColumn, e as encryptedTable, b as encryptedValue } from './types-public-Dfg-hkuQ.js';
+export { E as EncryptionClient } from './client-BV9pXC-d.js';
 import 'zod';
 import 'evlog';
 import '@cipherstash/protect-ffi';