@cipherstash/stack 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/README.md +10 -12
- package/dist/bin/stash.js +27 -12
- package/dist/bin/stash.js.map +1 -1
- package/dist/{chunk-SJ7JO4ME.js → chunk-5G4F4JJG.js} +1 -1
- package/dist/{chunk-SJ7JO4ME.js.map → chunk-5G4F4JJG.js.map} +1 -1
- package/dist/{chunk-2GZMIJFO.js → chunk-LHZ6KZIG.js} +29 -14
- package/dist/chunk-LHZ6KZIG.js.map +1 -0
- package/dist/{client-DtGq9dJp.d.ts → client-BV9pXC-d.d.ts} +30 -15
- package/dist/{client-BxJG56Ey.d.cts → client-D-ZH8SB2.d.cts} +30 -15
- package/dist/client.d.cts +2 -2
- package/dist/client.d.ts +2 -2
- package/dist/drizzle/index.cjs.map +1 -1
- package/dist/drizzle/index.d.cts +2 -2
- package/dist/drizzle/index.d.ts +2 -2
- package/dist/drizzle/index.js +1 -1
- package/dist/dynamodb/index.d.cts +2 -2
- package/dist/dynamodb/index.d.ts +2 -2
- package/dist/index.cjs +27 -12
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +3 -3
- package/dist/index.d.ts +3 -3
- package/dist/index.js +2 -2
- package/dist/schema/index.d.cts +1 -1
- package/dist/schema/index.d.ts +1 -1
- package/dist/secrets/index.cjs +27 -12
- package/dist/secrets/index.cjs.map +1 -1
- package/dist/secrets/index.d.cts +1 -1
- package/dist/secrets/index.d.ts +1 -1
- package/dist/secrets/index.js +2 -2
- package/dist/supabase/index.d.cts +2 -2
- package/dist/supabase/index.d.ts +2 -2
- package/dist/{types-public-BCj1L4fi.d.ts → types-public-Dfg-hkuQ.d.cts} +35 -11
- package/dist/{types-public-BCj1L4fi.d.cts → types-public-Dfg-hkuQ.d.ts} +35 -11
- package/dist/types-public.cjs.map +1 -1
- package/dist/types-public.d.cts +1 -1
- package/dist/types-public.d.ts +1 -1
- package/dist/types-public.js +1 -1
- package/package.json +1 -1
- package/dist/chunk-2GZMIJFO.js.map +0 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { k as EncryptedQueryResult, l as Client, S as ScalarQueryTerm, B as BulkDecryptedData, m as BulkDecryptPayload, D as Decrypted, n as BulkEncryptedData, o as BulkEncryptPayload, p as EncryptOptions, P as ProtectColumn, g as ProtectValue, d as ProtectTable, f as ProtectTableColumn, i as Encrypted, q as EncryptQueryOptions, Q as QueryTypeName, r as EncryptedReturnType, s as EncryptConfig, K as KeysetIdentifier, h as EncryptedFromSchema } from './types-public-Dfg-hkuQ.js';
|
|
2
2
|
import { a as EncryptionError, d as LockContext } from './index-9-Ya3fDK.js';
|
|
3
3
|
import { Result } from '@byteslice/result';
|
|
4
4
|
import { JsPlaintext } from '@cipherstash/protect-ffi';
|
|
@@ -114,12 +114,12 @@ declare class BulkEncryptModelsOperation<T extends Record<string, unknown>> exte
|
|
|
114
114
|
private client;
|
|
115
115
|
private models;
|
|
116
116
|
private table;
|
|
117
|
-
constructor(client: Client, models:
|
|
117
|
+
constructor(client: Client, models: Record<string, unknown>[], table: ProtectTable<ProtectTableColumn>);
|
|
118
118
|
withLockContext(lockContext: LockContext): BulkEncryptModelsOperationWithLockContext<T>;
|
|
119
119
|
execute(): Promise<Result<T[], EncryptionError>>;
|
|
120
120
|
getOperation(): {
|
|
121
121
|
client: Client;
|
|
122
|
-
models:
|
|
122
|
+
models: Record<string, unknown>[];
|
|
123
123
|
table: ProtectTable<ProtectTableColumn>;
|
|
124
124
|
};
|
|
125
125
|
}
|
|
@@ -197,12 +197,12 @@ declare class EncryptModelOperation<T extends Record<string, unknown>> extends E
|
|
|
197
197
|
private client;
|
|
198
198
|
private model;
|
|
199
199
|
private table;
|
|
200
|
-
constructor(client: Client, model:
|
|
200
|
+
constructor(client: Client, model: Record<string, unknown>, table: ProtectTable<ProtectTableColumn>);
|
|
201
201
|
withLockContext(lockContext: LockContext): EncryptModelOperationWithLockContext<T>;
|
|
202
202
|
execute(): Promise<Result<T, EncryptionError>>;
|
|
203
203
|
getOperation(): {
|
|
204
204
|
client: Client;
|
|
205
|
-
model:
|
|
205
|
+
model: Record<string, unknown>;
|
|
206
206
|
table: ProtectTable<ProtectTableColumn>;
|
|
207
207
|
};
|
|
208
208
|
}
|
|
@@ -440,10 +440,16 @@ declare class EncryptionClient {
|
|
|
440
440
|
* All other fields are passed through unchanged. Returns a thenable operation
|
|
441
441
|
* that supports `.withLockContext()` for identity-aware encryption.
|
|
442
442
|
*
|
|
443
|
+
* The return type is **schema-aware**: fields matching the table schema are
|
|
444
|
+
* typed as `Encrypted`, while other fields retain their original types. For
|
|
445
|
+
* best results, let TypeScript infer the type parameters from the arguments
|
|
446
|
+
* rather than providing an explicit type argument.
|
|
447
|
+
*
|
|
443
448
|
* @param input - The model object with plaintext values to encrypt.
|
|
444
449
|
* @param table - The table schema defining which fields to encrypt.
|
|
445
|
-
* @returns An `EncryptModelOperation
|
|
446
|
-
* containing the model with
|
|
450
|
+
* @returns An `EncryptModelOperation` that can be awaited to get a `Result`
|
|
451
|
+
* containing the model with schema-defined fields typed as `Encrypted`,
|
|
452
|
+
* or an `EncryptionError`.
|
|
447
453
|
*
|
|
448
454
|
* @example
|
|
449
455
|
* ```typescript
|
|
@@ -458,7 +464,9 @@ declare class EncryptionClient {
|
|
|
458
464
|
*
|
|
459
465
|
* const client = await Encryption({ schemas: [usersSchema] })
|
|
460
466
|
*
|
|
461
|
-
*
|
|
467
|
+
* // Let TypeScript infer the return type from the schema.
|
|
468
|
+
* // result.data.email is typed as `Encrypted`, result.data.id stays `string`.
|
|
469
|
+
* const result = await client.encryptModel(
|
|
462
470
|
* { id: "user_123", email: "alice@example.com", createdAt: new Date() },
|
|
463
471
|
* usersSchema,
|
|
464
472
|
* )
|
|
@@ -466,12 +474,12 @@ declare class EncryptionClient {
|
|
|
466
474
|
* if (result.failure) {
|
|
467
475
|
* console.error(result.failure.message)
|
|
468
476
|
* } else {
|
|
469
|
-
*
|
|
470
|
-
* console.log(result.data)
|
|
477
|
+
* console.log(result.data.id) // string
|
|
478
|
+
* console.log(result.data.email) // Encrypted
|
|
471
479
|
* }
|
|
472
480
|
* ```
|
|
473
481
|
*/
|
|
474
|
-
encryptModel<T extends Record<string, unknown
|
|
482
|
+
encryptModel<T extends Record<string, unknown>, S extends ProtectTableColumn = ProtectTableColumn>(input: T, table: ProtectTable<S>): EncryptModelOperation<EncryptedFromSchema<T, S>>;
|
|
475
483
|
/**
|
|
476
484
|
* Decrypt a model (object) whose fields contain encrypted values.
|
|
477
485
|
*
|
|
@@ -508,10 +516,15 @@ declare class EncryptionClient {
|
|
|
508
516
|
* while still using a unique key for each encrypted value. Only fields
|
|
509
517
|
* matching the table schema are encrypted; other fields pass through unchanged.
|
|
510
518
|
*
|
|
519
|
+
* The return type is **schema-aware**: fields matching the table schema are
|
|
520
|
+
* typed as `Encrypted`, while other fields retain their original types. For
|
|
521
|
+
* best results, let TypeScript infer the type parameters from the arguments.
|
|
522
|
+
*
|
|
511
523
|
* @param input - An array of model objects with plaintext values to encrypt.
|
|
512
524
|
* @param table - The table schema defining which fields to encrypt.
|
|
513
|
-
* @returns A `BulkEncryptModelsOperation
|
|
514
|
-
* containing an array of models with
|
|
525
|
+
* @returns A `BulkEncryptModelsOperation` that can be awaited to get a `Result`
|
|
526
|
+
* containing an array of models with schema-defined fields typed as `Encrypted`,
|
|
527
|
+
* or an `EncryptionError`.
|
|
515
528
|
*
|
|
516
529
|
* @example
|
|
517
530
|
* ```typescript
|
|
@@ -526,7 +539,9 @@ declare class EncryptionClient {
|
|
|
526
539
|
*
|
|
527
540
|
* const client = await Encryption({ schemas: [usersSchema] })
|
|
528
541
|
*
|
|
529
|
-
*
|
|
542
|
+
* // Let TypeScript infer the return type from the schema.
|
|
543
|
+
* // Each item's email is typed as `Encrypted`, id stays `string`.
|
|
544
|
+
* const result = await client.bulkEncryptModels(
|
|
530
545
|
* [
|
|
531
546
|
* { id: "1", email: "alice@example.com" },
|
|
532
547
|
* { id: "2", email: "bob@example.com" },
|
|
@@ -539,7 +554,7 @@ declare class EncryptionClient {
|
|
|
539
554
|
* }
|
|
540
555
|
* ```
|
|
541
556
|
*/
|
|
542
|
-
bulkEncryptModels<T extends Record<string, unknown
|
|
557
|
+
bulkEncryptModels<T extends Record<string, unknown>, S extends ProtectTableColumn = ProtectTableColumn>(input: Array<T>, table: ProtectTable<S>): BulkEncryptModelsOperation<EncryptedFromSchema<T, S>>;
|
|
543
558
|
/**
|
|
544
559
|
* Decrypt multiple models (objects) in a single bulk operation.
|
|
545
560
|
*
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { k as EncryptedQueryResult, l as Client, S as ScalarQueryTerm, B as BulkDecryptedData, m as BulkDecryptPayload, D as Decrypted, n as BulkEncryptedData, o as BulkEncryptPayload, p as EncryptOptions, P as ProtectColumn, g as ProtectValue, d as ProtectTable, f as ProtectTableColumn, i as Encrypted, q as EncryptQueryOptions, Q as QueryTypeName, r as EncryptedReturnType, s as EncryptConfig, K as KeysetIdentifier, h as EncryptedFromSchema } from './types-public-Dfg-hkuQ.cjs';
|
|
2
2
|
import { a as EncryptionError, d as LockContext } from './index-9-Ya3fDK.cjs';
|
|
3
3
|
import { Result } from '@byteslice/result';
|
|
4
4
|
import { JsPlaintext } from '@cipherstash/protect-ffi';
|
|
@@ -114,12 +114,12 @@ declare class BulkEncryptModelsOperation<T extends Record<string, unknown>> exte
|
|
|
114
114
|
private client;
|
|
115
115
|
private models;
|
|
116
116
|
private table;
|
|
117
|
-
constructor(client: Client, models:
|
|
117
|
+
constructor(client: Client, models: Record<string, unknown>[], table: ProtectTable<ProtectTableColumn>);
|
|
118
118
|
withLockContext(lockContext: LockContext): BulkEncryptModelsOperationWithLockContext<T>;
|
|
119
119
|
execute(): Promise<Result<T[], EncryptionError>>;
|
|
120
120
|
getOperation(): {
|
|
121
121
|
client: Client;
|
|
122
|
-
models:
|
|
122
|
+
models: Record<string, unknown>[];
|
|
123
123
|
table: ProtectTable<ProtectTableColumn>;
|
|
124
124
|
};
|
|
125
125
|
}
|
|
@@ -197,12 +197,12 @@ declare class EncryptModelOperation<T extends Record<string, unknown>> extends E
|
|
|
197
197
|
private client;
|
|
198
198
|
private model;
|
|
199
199
|
private table;
|
|
200
|
-
constructor(client: Client, model:
|
|
200
|
+
constructor(client: Client, model: Record<string, unknown>, table: ProtectTable<ProtectTableColumn>);
|
|
201
201
|
withLockContext(lockContext: LockContext): EncryptModelOperationWithLockContext<T>;
|
|
202
202
|
execute(): Promise<Result<T, EncryptionError>>;
|
|
203
203
|
getOperation(): {
|
|
204
204
|
client: Client;
|
|
205
|
-
model:
|
|
205
|
+
model: Record<string, unknown>;
|
|
206
206
|
table: ProtectTable<ProtectTableColumn>;
|
|
207
207
|
};
|
|
208
208
|
}
|
|
@@ -440,10 +440,16 @@ declare class EncryptionClient {
|
|
|
440
440
|
* All other fields are passed through unchanged. Returns a thenable operation
|
|
441
441
|
* that supports `.withLockContext()` for identity-aware encryption.
|
|
442
442
|
*
|
|
443
|
+
* The return type is **schema-aware**: fields matching the table schema are
|
|
444
|
+
* typed as `Encrypted`, while other fields retain their original types. For
|
|
445
|
+
* best results, let TypeScript infer the type parameters from the arguments
|
|
446
|
+
* rather than providing an explicit type argument.
|
|
447
|
+
*
|
|
443
448
|
* @param input - The model object with plaintext values to encrypt.
|
|
444
449
|
* @param table - The table schema defining which fields to encrypt.
|
|
445
|
-
* @returns An `EncryptModelOperation
|
|
446
|
-
* containing the model with
|
|
450
|
+
* @returns An `EncryptModelOperation` that can be awaited to get a `Result`
|
|
451
|
+
* containing the model with schema-defined fields typed as `Encrypted`,
|
|
452
|
+
* or an `EncryptionError`.
|
|
447
453
|
*
|
|
448
454
|
* @example
|
|
449
455
|
* ```typescript
|
|
@@ -458,7 +464,9 @@ declare class EncryptionClient {
|
|
|
458
464
|
*
|
|
459
465
|
* const client = await Encryption({ schemas: [usersSchema] })
|
|
460
466
|
*
|
|
461
|
-
*
|
|
467
|
+
* // Let TypeScript infer the return type from the schema.
|
|
468
|
+
* // result.data.email is typed as `Encrypted`, result.data.id stays `string`.
|
|
469
|
+
* const result = await client.encryptModel(
|
|
462
470
|
* { id: "user_123", email: "alice@example.com", createdAt: new Date() },
|
|
463
471
|
* usersSchema,
|
|
464
472
|
* )
|
|
@@ -466,12 +474,12 @@ declare class EncryptionClient {
|
|
|
466
474
|
* if (result.failure) {
|
|
467
475
|
* console.error(result.failure.message)
|
|
468
476
|
* } else {
|
|
469
|
-
*
|
|
470
|
-
* console.log(result.data)
|
|
477
|
+
* console.log(result.data.id) // string
|
|
478
|
+
* console.log(result.data.email) // Encrypted
|
|
471
479
|
* }
|
|
472
480
|
* ```
|
|
473
481
|
*/
|
|
474
|
-
encryptModel<T extends Record<string, unknown
|
|
482
|
+
encryptModel<T extends Record<string, unknown>, S extends ProtectTableColumn = ProtectTableColumn>(input: T, table: ProtectTable<S>): EncryptModelOperation<EncryptedFromSchema<T, S>>;
|
|
475
483
|
/**
|
|
476
484
|
* Decrypt a model (object) whose fields contain encrypted values.
|
|
477
485
|
*
|
|
@@ -508,10 +516,15 @@ declare class EncryptionClient {
|
|
|
508
516
|
* while still using a unique key for each encrypted value. Only fields
|
|
509
517
|
* matching the table schema are encrypted; other fields pass through unchanged.
|
|
510
518
|
*
|
|
519
|
+
* The return type is **schema-aware**: fields matching the table schema are
|
|
520
|
+
* typed as `Encrypted`, while other fields retain their original types. For
|
|
521
|
+
* best results, let TypeScript infer the type parameters from the arguments.
|
|
522
|
+
*
|
|
511
523
|
* @param input - An array of model objects with plaintext values to encrypt.
|
|
512
524
|
* @param table - The table schema defining which fields to encrypt.
|
|
513
|
-
* @returns A `BulkEncryptModelsOperation
|
|
514
|
-
* containing an array of models with
|
|
525
|
+
* @returns A `BulkEncryptModelsOperation` that can be awaited to get a `Result`
|
|
526
|
+
* containing an array of models with schema-defined fields typed as `Encrypted`,
|
|
527
|
+
* or an `EncryptionError`.
|
|
515
528
|
*
|
|
516
529
|
* @example
|
|
517
530
|
* ```typescript
|
|
@@ -526,7 +539,9 @@ declare class EncryptionClient {
|
|
|
526
539
|
*
|
|
527
540
|
* const client = await Encryption({ schemas: [usersSchema] })
|
|
528
541
|
*
|
|
529
|
-
*
|
|
542
|
+
* // Let TypeScript infer the return type from the schema.
|
|
543
|
+
* // Each item's email is typed as `Encrypted`, id stays `string`.
|
|
544
|
+
* const result = await client.bulkEncryptModels(
|
|
530
545
|
* [
|
|
531
546
|
* { id: "1", email: "alice@example.com" },
|
|
532
547
|
* { id: "2", email: "bob@example.com" },
|
|
@@ -539,7 +554,7 @@ declare class EncryptionClient {
|
|
|
539
554
|
* }
|
|
540
555
|
* ```
|
|
541
556
|
*/
|
|
542
|
-
bulkEncryptModels<T extends Record<string, unknown
|
|
557
|
+
bulkEncryptModels<T extends Record<string, unknown>, S extends ProtectTableColumn = ProtectTableColumn>(input: Array<T>, table: ProtectTable<S>): BulkEncryptModelsOperation<EncryptedFromSchema<T, S>>;
|
|
543
558
|
/**
|
|
544
559
|
* Decrypt multiple models (objects) in a single bulk operation.
|
|
545
560
|
*
|
package/dist/client.d.cts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
export { c as InferEncrypted, I as InferPlaintext, P as ProtectColumn, d as ProtectTable, f as ProtectTableColumn, g as ProtectValue, a as encryptedColumn, e as encryptedTable, b as encryptedValue } from './types-public-
|
|
2
|
-
export { E as EncryptionClient } from './client-
|
|
1
|
+
export { c as InferEncrypted, I as InferPlaintext, P as ProtectColumn, d as ProtectTable, f as ProtectTableColumn, g as ProtectValue, a as encryptedColumn, e as encryptedTable, b as encryptedValue } from './types-public-Dfg-hkuQ.cjs';
|
|
2
|
+
export { E as EncryptionClient } from './client-D-ZH8SB2.cjs';
|
|
3
3
|
import 'zod';
|
|
4
4
|
import 'evlog';
|
|
5
5
|
import '@cipherstash/protect-ffi';
|
package/dist/client.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
export { c as InferEncrypted, I as InferPlaintext, P as ProtectColumn, d as ProtectTable, f as ProtectTableColumn, g as ProtectValue, a as encryptedColumn, e as encryptedTable, b as encryptedValue } from './types-public-
|
|
2
|
-
export { E as EncryptionClient } from './client-
|
|
1
|
+
export { c as InferEncrypted, I as InferPlaintext, P as ProtectColumn, d as ProtectTable, f as ProtectTableColumn, g as ProtectValue, a as encryptedColumn, e as encryptedTable, b as encryptedValue } from './types-public-Dfg-hkuQ.js';
|
|
2
|
+
export { E as EncryptionClient } from './client-BV9pXC-d.js';
|
|
3
3
|
import 'zod';
|
|
4
4
|
import 'evlog';
|
|
5
5
|
import '@cipherstash/protect-ffi';
|