@prisma-next/extension-cipherstash 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +153 -0
- package/dist/call-classes-CSvD7w8U.mjs +206 -0
- package/dist/call-classes-CSvD7w8U.mjs.map +1 -0
- package/dist/column-types.d.mts +33 -0
- package/dist/column-types.d.mts.map +1 -0
- package/dist/column-types.mjs +42 -0
- package/dist/column-types.mjs.map +1 -0
- package/dist/constants-BDxL9Pe3.d.mts +22 -0
- package/dist/constants-BDxL9Pe3.d.mts.map +1 -0
- package/dist/constants-B_2TNvUi.mjs +46 -0
- package/dist/constants-B_2TNvUi.mjs.map +1 -0
- package/dist/control.d.mts +7 -0
- package/dist/control.d.mts.map +1 -0
- package/dist/control.mjs +430 -0
- package/dist/control.mjs.map +1 -0
- package/dist/descriptor-meta-BgQfZTAF.mjs +129 -0
- package/dist/descriptor-meta-BgQfZTAF.mjs.map +1 -0
- package/dist/envelope-P9BxfJNr.mjs +271 -0
- package/dist/envelope-P9BxfJNr.mjs.map +1 -0
- package/dist/middleware.d.mts +13 -0
- package/dist/middleware.d.mts.map +1 -0
- package/dist/middleware.mjs +129 -0
- package/dist/middleware.mjs.map +1 -0
- package/dist/migration.d.mts +141 -0
- package/dist/migration.d.mts.map +1 -0
- package/dist/migration.mjs +2 -0
- package/dist/operation-types.d.mts +49 -0
- package/dist/operation-types.d.mts.map +1 -0
- package/dist/operation-types.mjs +1 -0
- package/dist/pack.d.mts +86 -0
- package/dist/pack.d.mts.map +1 -0
- package/dist/pack.mjs +2 -0
- package/dist/runtime.d.mts +207 -0
- package/dist/runtime.d.mts.map +1 -0
- package/dist/runtime.mjs +429 -0
- package/dist/runtime.mjs.map +1 -0
- package/dist/sdk-D5FTGyzp.d.mts +67 -0
- package/dist/sdk-D5FTGyzp.d.mts.map +1 -0
- package/package.json +69 -0
- package/src/contract/authoring.ts +62 -0
- package/src/contract/contract.d.ts +149 -0
- package/src/contract/contract.json +104 -0
- package/src/contract/contract.prisma +46 -0
- package/src/execution/abort.ts +143 -0
- package/src/execution/codec-runtime.ts +209 -0
- package/src/execution/decrypt-all.ts +217 -0
- package/src/execution/envelope.ts +263 -0
- package/src/execution/operators.ts +211 -0
- package/src/execution/parameterized.ts +71 -0
- package/src/execution/routing.ts +93 -0
- package/src/execution/sdk.ts +68 -0
- package/src/exports/column-types.ts +62 -0
- package/src/exports/contract-space-typing.ts +86 -0
- package/src/exports/control.ts +120 -0
- package/src/exports/middleware.ts +24 -0
- package/src/exports/migration.ts +43 -0
- package/src/exports/operation-types.ts +16 -0
- package/src/exports/pack.ts +13 -0
- package/src/exports/runtime.ts +110 -0
- package/src/extension-metadata/codec-metadata.ts +81 -0
- package/src/extension-metadata/constants.ts +70 -0
- package/src/extension-metadata/descriptor-meta.ts +76 -0
- package/src/middleware/bulk-encrypt.ts +192 -0
- package/src/migration/call-classes.ts +350 -0
- package/src/migration/cipherstash-codec.ts +157 -0
- package/src/migration/eql-bundle.ts +29 -0
- package/src/migration/eql-install.generated.ts +5751 -0
- package/src/types/operation-types.ts +81 -0
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Operation type definitions for the cipherstash extension.
|
|
3
|
+
*
|
|
4
|
+
* Mirrors `packages/3-extensions/pgvector/src/types/operation-types.ts` —
|
|
5
|
+
* the type-only counterpart to `cipherstashQueryOperations()` in
|
|
6
|
+
* `../execution/operators.ts`. Where pgvector projects `cosineDistance` /
|
|
7
|
+
* `cosineSimilarity` onto `pg/vector@1` columns, cipherstash projects
|
|
8
|
+
* `cipherstashEq` / `cipherstashIlike` onto `cipherstash/string@1`
|
|
9
|
+
* columns.
|
|
10
|
+
*
|
|
11
|
+
* Both surfaces (codec-keyed `OperationTypes` and flat
|
|
12
|
+
* `QueryOperationTypes`) get composed into the consuming application's
|
|
13
|
+
* generated `contract.d.ts` by the contract emitter, via the
|
|
14
|
+
* `types.operationTypes` / `types.queryOperationTypes` import
|
|
15
|
+
* declarations on the cipherstash pack-meta (`../extension-metadata/descriptor-meta.ts`).
|
|
16
|
+
*
|
|
17
|
+
* Return-codec id is `pg/bool@1` — pinned to what `eqlOperator` actually
|
|
18
|
+
* builds at runtime (`../execution/operators.ts:170-183`, `PG_BOOL_CODEC_ID`
|
|
19
|
+
* constant). Both operators are non-nullable predicates suitable for a
|
|
20
|
+
* WHERE clause.
|
|
21
|
+
*/
|
|
22
|
+
|
|
23
|
+
import type { SqlQueryOperationTypes } from '@prisma-next/sql-contract/types';
|
|
24
|
+
import type { CodecExpression, Expression } from '@prisma-next/sql-relational-core/expression';
|
|
25
|
+
|
|
26
|
+
type CodecTypesBase = Record<string, { readonly input: unknown; readonly output: unknown }>;
|
|
27
|
+
|
|
28
|
+
const CIPHERSTASH_STRING_CODEC = 'cipherstash/string@1';
|
|
29
|
+
type CipherstashStringCodec = typeof CIPHERSTASH_STRING_CODEC;
|
|
30
|
+
|
|
31
|
+
/**
|
|
32
|
+
* Flat operation signatures consumed by the SQL query builder. Read
|
|
33
|
+
* via the `queryOperations` slot on the runtime context to project
|
|
34
|
+
* `t.email.cipherstashEq(...)` onto `cipherstash/string@1` column
|
|
35
|
+
* accessors inside `sql(t).where(...)` callbacks.
|
|
36
|
+
*
|
|
37
|
+
* Both operators take an encrypted-string `self` and a plaintext-or-
|
|
38
|
+
* envelope `other`/`pattern`; the runtime implementation
|
|
39
|
+
* (`eqlOperator` in `../execution/operators.ts`) wraps the user-supplied
|
|
40
|
+
* second argument in an `EncryptedString` envelope, stamps the
|
|
41
|
+
* column's routing context, and lowers to `eql_v2.eq` / `eql_v2.ilike`.
|
|
42
|
+
*
|
|
43
|
+
* Return type is the postgres `pg/bool@1` codec — that's the codec
|
|
44
|
+
* the framework's predicate machinery looks at via the `'boolean'`
|
|
45
|
+
* trait to decide a value is suitable for a WHERE clause.
|
|
46
|
+
*/
|
|
47
|
+
export type QueryOperationTypes<CT extends CodecTypesBase> = SqlQueryOperationTypes<
|
|
48
|
+
CT,
|
|
49
|
+
{
|
|
50
|
+
readonly cipherstashEq: {
|
|
51
|
+
readonly self: { readonly codecId: CipherstashStringCodec };
|
|
52
|
+
readonly impl: (
|
|
53
|
+
self: CodecExpression<CipherstashStringCodec, boolean, CT>,
|
|
54
|
+
// The runtime wraps the second argument in an `EncryptedString`
|
|
55
|
+
// envelope at lowering time (`asEncryptedParam` in
|
|
56
|
+
// `../execution/operators.ts`); plain strings and pre-built
|
|
57
|
+
// envelopes both work. We type it as `pg/text@1` so callers
|
|
58
|
+
// can pass a plain string literal — the cipherstash extension
|
|
59
|
+
// doesn`t ship a `codec-types` surface declaring an `input`
|
|
60
|
+
// type for `cipherstash/string@1`, so the symmetric
|
|
61
|
+
// `cipherstash/string@1`-typed shape pgvector uses for its
|
|
62
|
+
// `other` arg would only accept full `Expression` values, not
|
|
63
|
+
// raw strings. The asymmetry mirrors the runtime: the column
|
|
64
|
+
// `self` is the encrypted column; the comparand is a value the
|
|
65
|
+
// operator encrypts on the user`s behalf.
|
|
66
|
+
other: CodecExpression<'pg/text@1', boolean, CT>,
|
|
67
|
+
) => Expression<{ codecId: 'pg/bool@1'; nullable: false }>;
|
|
68
|
+
};
|
|
69
|
+
readonly cipherstashIlike: {
|
|
70
|
+
readonly self: { readonly codecId: CipherstashStringCodec };
|
|
71
|
+
readonly impl: (
|
|
72
|
+
self: CodecExpression<CipherstashStringCodec, boolean, CT>,
|
|
73
|
+
// ILIKE pattern is a plain SQL pattern (`%x%`) the runtime
|
|
74
|
+
// wraps in an `EncryptedString` envelope at lowering time.
|
|
75
|
+
// Typed as `pg/text@1` for the same reason as
|
|
76
|
+
// `cipherstashEq`s `other` arg (see comment above).
|
|
77
|
+
pattern: CodecExpression<'pg/text@1', boolean, CT>,
|
|
78
|
+
) => Expression<{ codecId: 'pg/bool@1'; nullable: false }>;
|
|
79
|
+
};
|
|
80
|
+
}
|
|
81
|
+
>;
|