@graphorin/store-sqlite-encrypted 0.6.0 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +9 -0
- package/README.md +3 -3
- package/dist/index.d.ts +1 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +3 -2
- package/dist/index.js.map +1 -1
- package/dist/package.js +6 -0
- package/dist/package.js.map +1 -0
- package/package.json +3 -3
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,14 @@
|
|
|
1
1
|
# @graphorin/store-sqlite-encrypted
|
|
2
2
|
|
|
3
|
+
## 0.6.1
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- [#142](https://github.com/o-stepper/graphorin/pull/142) [`436d6ca`](https://github.com/o-stepper/graphorin/commit/436d6ca5ebbd16df094e915682d3915c279a8430) Thanks [@o-stepper](https://github.com/o-stepper)! - Version constants and version-bearing strings now derive from each package's manifest at build time (`VERSION = pkg.version`; writer ids, client/server info, OTLP framework attributes, build-info metrics interpolate it). No behavioral change at the current version: the rendered strings are byte-identical. A release bump no longer edits source; the new `check-version-consistency` gate fails any reintroduced hardcoded framework version.
|
|
8
|
+
|
|
9
|
+
- Updated dependencies [[`436d6ca`](https://github.com/o-stepper/graphorin/commit/436d6ca5ebbd16df094e915682d3915c279a8430)]:
|
|
10
|
+
- @graphorin/store-sqlite@0.6.1
|
|
11
|
+
|
|
3
12
|
## 0.6.0
|
|
4
13
|
|
|
5
14
|
### Patch Changes
|
package/README.md
CHANGED
|
@@ -7,14 +7,14 @@
|
|
|
7
7
|
> encrypt / rekey / integrity-check runners that back the `graphorin storage`
|
|
8
8
|
> CLI subcommand group.
|
|
9
9
|
>
|
|
10
|
-
> Project Graphorin · v0.6.
|
|
10
|
+
> Project Graphorin · v0.6.1 · MIT License · © 2026 Oleksiy Stepurenko ·
|
|
11
11
|
> <https://github.com/o-stepper/graphorin>
|
|
12
12
|
|
|
13
13
|
---
|
|
14
14
|
|
|
15
15
|
## Status
|
|
16
16
|
|
|
17
|
-
- **Published:** v0.6.
|
|
17
|
+
- **Published:** v0.6.1 (optional sub-pack)
|
|
18
18
|
- **Default cipher:** `sqlcipher` (SQLCipher v4 compatible, `legacy=4`)
|
|
19
19
|
- **Defaults:** encryption-at-rest is **OFF by default**. Opt in through
|
|
20
20
|
`graphorin init --encrypted`.
|
|
@@ -159,4 +159,4 @@ MIT © 2026 Oleksiy Stepurenko
|
|
|
159
159
|
|
|
160
160
|
---
|
|
161
161
|
|
|
162
|
-
**Project Graphorin** · v0.6.
|
|
162
|
+
**Project Graphorin** · v0.6.1 · MIT License · © 2026 Oleksiy Stepurenko · <https://github.com/o-stepper/graphorin>
|
package/dist/index.d.ts
CHANGED
|
@@ -44,8 +44,7 @@ import { RekeyDatabaseOptions, RekeyDatabaseResult, rekeyDatabase } from "./reke
|
|
|
44
44
|
*
|
|
45
45
|
* @packageDocumentation
|
|
46
46
|
*/
|
|
47
|
-
|
|
48
|
-
declare const VERSION = "0.6.0";
|
|
47
|
+
declare const VERSION: string;
|
|
49
48
|
//#endregion
|
|
50
49
|
export { type CipherIntegrityCheckResult, DEFAULT_CIPHER, type EncryptDatabaseOptions, type EncryptDatabaseResult, EncryptedStorePeerMissingError, type EncryptionCipher, type RekeyDatabaseOptions, type RekeyDatabaseResult, VERSION, _resetCipherPeerCacheForTesting, _setCipherPeerForTesting, cipherIntegrityCheck, createEncryptedConnection, encodePassphraseForPragma, encryptDatabase, loadCipherPeer, pragmaSequenceForCipher, rekeyDatabase };
|
|
51
50
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","names":[],"sources":["../src/index.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"index.d.ts","names":[],"sources":["../src/index.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;;;;;AAyCA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAAa"}
|
package/dist/index.js
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { version } from "./package.js";
|
|
1
2
|
import { DEFAULT_CIPHER, encodePassphraseForPragma, pragmaSequenceForCipher } from "./cipher-config.js";
|
|
2
3
|
import { EncryptedStorePeerMissingError, _resetCipherPeerCacheForTesting, _setCipherPeerForTesting, loadCipherPeer } from "./cipher-peer.js";
|
|
3
4
|
import { createEncryptedConnection } from "./connection.js";
|
|
@@ -43,8 +44,8 @@ import { rekeyDatabase } from "./rekey.js";
|
|
|
43
44
|
*
|
|
44
45
|
* @packageDocumentation
|
|
45
46
|
*/
|
|
46
|
-
/** Canonical version constant
|
|
47
|
-
const VERSION =
|
|
47
|
+
/** Canonical version constant, derived from `package.json` at build time. */
|
|
48
|
+
const VERSION = version;
|
|
48
49
|
|
|
49
50
|
//#endregion
|
|
50
51
|
export { DEFAULT_CIPHER, EncryptedStorePeerMissingError, VERSION, _resetCipherPeerCacheForTesting, _setCipherPeerForTesting, cipherIntegrityCheck, createEncryptedConnection, encodePassphraseForPragma, encryptDatabase, loadCipherPeer, pragmaSequenceForCipher, rekeyDatabase };
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","names":[],"sources":["../src/index.ts"],"sourcesContent":["/**\n * @graphorin/store-sqlite-encrypted - optional encryption-at-rest\n * sub-pack for the Graphorin framework's default SQLite store.\n *\n * Installing this package pulls in the cipher peer driver\n * (`better-sqlite3-multiple-ciphers@^12.9.0`), which is a drop-in fork\n * of `better-sqlite3` that bundles the SQLite3MultipleCiphers\n * extension (SQLCipher v4 / wxSQLite3 / AES-256-CBC / AES-128-CBC /\n * RC4 cipher modes).\n *\n * The package exposes:\n *\n * - {@link createEncryptedConnection} - convenience wrapper around\n * `openConnection` from `@graphorin/store-sqlite/connection` that\n * pre-loads the cipher peer.\n * - {@link encryptDatabase} - converts an unencrypted SQLite file\n * into an encrypted one. Backs `graphorin storage encrypt`.\n * - {@link rekeyDatabase} - re-keys an already encrypted file. Backs\n * `graphorin storage rekey`.\n * - {@link cipherIntegrityCheck} - runs `PRAGMA cipher_integrity_\n * check`. Used by the triggers daemon's daily verification cron\n * and the `/v1/health/storage` endpoint.\n * - {@link DEFAULT_CIPHER}, {@link pragmaSequenceForCipher},\n * {@link encodePassphraseForPragma} - cipher-config helpers shared\n * by the runners and consumable for advanced setups.\n * - {@link loadCipherPeer} / {@link EncryptedStorePeerMissingError} -\n * explicit peer-loader surface for callers that want to fail-fast\n * at startup before opening the DB.\n *\n * Defaults follow ADR-030 / DEC-129:\n * - Cipher: `'sqlcipher'` (SQLCipher v4 compatible, `legacy=4`).\n * - Default OFF; opt-in through `graphorin init --encrypted`.\n * - audit.db is ALWAYS encrypted regardless of this opt-in\n * (DEC-124); this package satisfies that requirement too.\n *\n * @packageDocumentation\n */\n\n/** Canonical version constant
|
|
1
|
+
{"version":3,"file":"index.js","names":["VERSION: string","pkg.version"],"sources":["../src/index.ts"],"sourcesContent":["/**\n * @graphorin/store-sqlite-encrypted - optional encryption-at-rest\n * sub-pack for the Graphorin framework's default SQLite store.\n *\n * Installing this package pulls in the cipher peer driver\n * (`better-sqlite3-multiple-ciphers@^12.9.0`), which is a drop-in fork\n * of `better-sqlite3` that bundles the SQLite3MultipleCiphers\n * extension (SQLCipher v4 / wxSQLite3 / AES-256-CBC / AES-128-CBC /\n * RC4 cipher modes).\n *\n * The package exposes:\n *\n * - {@link createEncryptedConnection} - convenience wrapper around\n * `openConnection` from `@graphorin/store-sqlite/connection` that\n * pre-loads the cipher peer.\n * - {@link encryptDatabase} - converts an unencrypted SQLite file\n * into an encrypted one. Backs `graphorin storage encrypt`.\n * - {@link rekeyDatabase} - re-keys an already encrypted file. Backs\n * `graphorin storage rekey`.\n * - {@link cipherIntegrityCheck} - runs `PRAGMA cipher_integrity_\n * check`. Used by the triggers daemon's daily verification cron\n * and the `/v1/health/storage` endpoint.\n * - {@link DEFAULT_CIPHER}, {@link pragmaSequenceForCipher},\n * {@link encodePassphraseForPragma} - cipher-config helpers shared\n * by the runners and consumable for advanced setups.\n * - {@link loadCipherPeer} / {@link EncryptedStorePeerMissingError} -\n * explicit peer-loader surface for callers that want to fail-fast\n * at startup before opening the DB.\n *\n * Defaults follow ADR-030 / DEC-129:\n * - Cipher: `'sqlcipher'` (SQLCipher v4 compatible, `legacy=4`).\n * - Default OFF; opt-in through `graphorin init --encrypted`.\n * - audit.db is ALWAYS encrypted regardless of this opt-in\n * (DEC-124); this package satisfies that requirement too.\n *\n * @packageDocumentation\n */\n\n/** Canonical version constant, derived from `package.json` at build time. */\nimport pkg from '../package.json' with { type: 'json' };\n\nexport const VERSION: string = pkg.version;\n\nexport {\n DEFAULT_CIPHER,\n type EncryptionCipher,\n encodePassphraseForPragma,\n pragmaSequenceForCipher,\n} from './cipher-config.js';\nexport {\n _resetCipherPeerCacheForTesting,\n _setCipherPeerForTesting,\n EncryptedStorePeerMissingError,\n loadCipherPeer,\n} from './cipher-peer.js';\nexport { createEncryptedConnection } from './connection.js';\nexport {\n type EncryptDatabaseOptions,\n type EncryptDatabaseResult,\n encryptDatabase,\n} from './encrypt.js';\nexport { type CipherIntegrityCheckResult, cipherIntegrityCheck } from './integrity-check.js';\nexport {\n type RekeyDatabaseOptions,\n type RekeyDatabaseResult,\n rekeyDatabase,\n} from './rekey.js';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyCA,MAAaA,UAAkBC"}
|
package/dist/package.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"package.js","names":[],"sources":["../package.json"],"sourcesContent":["{\n \"name\": \"@graphorin/store-sqlite-encrypted\",\n \"version\": \"0.6.1\",\n \"description\": \"Optional encryption-at-rest sub-pack for the Graphorin framework's default SQLite store. Pulls in `better-sqlite3-multiple-ciphers@^12.9.0` (a drop-in fork of `better-sqlite3` that bundles SQLite3MultipleCiphers / SQLCipher v4), exposes the `encryptDatabase` / `rekeyDatabase` / `cipherIntegrityCheck` runners that back `graphorin storage encrypt` / `graphorin storage rekey` / `graphorin storage status`, and provides a `createEncryptedConnection` convenience wrapper around `@graphorin/store-sqlite/connection` for callers that bypass the CLI. Default cipher: `sqlcipher` (SQLCipher v4 compatible). Opt-in alternatives: `chacha20` (the peer default), `aes256cbc`, `aes128cbc`, `rc4`. Default OFF; opt-in through `graphorin init --encrypted` per ADR-030 / DEC-129. Created and maintained by Oleksiy Stepurenko.\",\n \"license\": \"MIT\",\n \"author\": \"Oleksiy Stepurenko\",\n \"homepage\": \"https://github.com/o-stepper/graphorin/tree/main/packages/store-sqlite-encrypted\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/o-stepper/graphorin.git\",\n \"directory\": \"packages/store-sqlite-encrypted\"\n },\n \"bugs\": {\n \"url\": \"https://github.com/o-stepper/graphorin/issues\"\n },\n \"keywords\": [\n \"graphorin\",\n \"ai\",\n \"agents\",\n \"framework\",\n \"sqlite\",\n \"sqlcipher\",\n \"encryption\",\n \"encryption-at-rest\",\n \"better-sqlite3-multiple-ciphers\",\n \"rekey\",\n \"vacuum-into\"\n ],\n \"type\": \"module\",\n \"engines\": {\n \"node\": \">=22.0.0\"\n },\n \"main\": \"./dist/index.js\",\n \"module\": \"./dist/index.js\",\n \"types\": \"./dist/index.d.ts\",\n \"sideEffects\": false,\n \"exports\": {\n \".\": {\n \"types\": \"./dist/index.d.ts\",\n \"import\": \"./dist/index.js\"\n },\n \"./package.json\": \"./package.json\"\n },\n \"files\": [\n \"dist\",\n \"README.md\",\n \"CHANGELOG.md\",\n \"LICENSE\"\n ],\n \"scripts\": {\n \"build\": \"tsdown\",\n \"typecheck\": \"tsc --noEmit && tsc -p tsconfig.tests.json\",\n \"test\": \"vitest run\",\n \"lint\": \"biome check .\",\n \"clean\": \"rimraf dist .turbo *.tsbuildinfo\"\n },\n \"dependencies\": {\n \"@graphorin/store-sqlite\": \"workspace:*\"\n },\n \"peerDependencies\": {\n \"better-sqlite3-multiple-ciphers\": \"^12.9.0\"\n },\n \"peerDependenciesMeta\": {\n \"better-sqlite3-multiple-ciphers\": {\n \"optional\": false\n }\n },\n \"publishConfig\": {\n \"access\": \"public\",\n \"provenance\": true\n },\n \"devDependencies\": {\n \"@graphorin/security\": \"workspace:*\",\n \"@types/better-sqlite3\": \"^7.6.13\"\n }\n}\n"],"mappings":";cAEa"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@graphorin/store-sqlite-encrypted",
|
|
3
|
-
"version": "0.6.
|
|
3
|
+
"version": "0.6.1",
|
|
4
4
|
"description": "Optional encryption-at-rest sub-pack for the Graphorin framework's default SQLite store. Pulls in `better-sqlite3-multiple-ciphers@^12.9.0` (a drop-in fork of `better-sqlite3` that bundles SQLite3MultipleCiphers / SQLCipher v4), exposes the `encryptDatabase` / `rekeyDatabase` / `cipherIntegrityCheck` runners that back `graphorin storage encrypt` / `graphorin storage rekey` / `graphorin storage status`, and provides a `createEncryptedConnection` convenience wrapper around `@graphorin/store-sqlite/connection` for callers that bypass the CLI. Default cipher: `sqlcipher` (SQLCipher v4 compatible). Opt-in alternatives: `chacha20` (the peer default), `aes256cbc`, `aes128cbc`, `rc4`. Default OFF; opt-in through `graphorin init --encrypted` per ADR-030 / DEC-129. Created and maintained by Oleksiy Stepurenko.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "Oleksiy Stepurenko",
|
|
@@ -48,7 +48,7 @@
|
|
|
48
48
|
"LICENSE"
|
|
49
49
|
],
|
|
50
50
|
"dependencies": {
|
|
51
|
-
"@graphorin/store-sqlite": "0.6.
|
|
51
|
+
"@graphorin/store-sqlite": "0.6.1"
|
|
52
52
|
},
|
|
53
53
|
"peerDependencies": {
|
|
54
54
|
"better-sqlite3-multiple-ciphers": "^12.9.0"
|
|
@@ -64,7 +64,7 @@
|
|
|
64
64
|
},
|
|
65
65
|
"devDependencies": {
|
|
66
66
|
"@types/better-sqlite3": "^7.6.13",
|
|
67
|
-
"@graphorin/security": "0.6.
|
|
67
|
+
"@graphorin/security": "0.6.1"
|
|
68
68
|
},
|
|
69
69
|
"scripts": {
|
|
70
70
|
"build": "tsdown",
|