asherah 4.0.0-beta.1 → 4.0.0-beta.10

package/README.md

@@ -1,19 +1,41 @@
-# asherah-node
+# asherah
 
-`asherah-node` packages the Asherah AppEncryption runtime as a Node.js native
-addon using `napi-rs`. The crate builds a `cdylib` that is published to npm via
-the accompanying workflow.
+Node.js bindings for the Asherah envelope encryption and key rotation library.
+
+Prebuilt native binaries are published to npm for Linux (x64/arm64, glibc and
+musl), macOS (x64/arm64), and Windows (x64/arm64). The correct binary is
+selected automatically at install time.
 
 ## Features
 
-- Provides synchronous and asynchronous session helpers mirroring the Go SDK.
-- Shares configuration parsing through the `asherah-config` crate.
-- Leverages the same Rust core (`asherah`) used by other language bindings.
+- Synchronous and asynchronous encrypt/decrypt APIs
+- Compatible with Go, Python, Ruby, Java, and .NET Asherah implementations
+- SQLite, MySQL, PostgreSQL, and DynamoDB metastore support
+- AWS KMS and static key management
+
+## Installation
+
+```bash
+npm install asherah
+```
+
+## Quick start
+
+```js
+const asherah = require('asherah');
+
+asherah.setup({
+  kms: 'static',
+  metastore: 'memory',
+  serviceName: 'myservice',
+  productId: 'myproduct',
+});
 
-## Building
+const encrypted = asherah.encrypt('partition', Buffer.from('hello world'));
+const decrypted = asherah.decrypt('partition', encrypted);
 
-Use `npm install` in `asherah-node/` to compile the addon locally. CI builds
-and publishes prebuilt binaries for supported targets.
+asherah.shutdown();
+```
 
 ## License
 

package/index.d.ts

@@ -7,6 +7,7 @@ export type AsherahConfig = {
   checkInterval?: number | null;
   metastore: 'memory' | 'rdbms' | 'dynamodb';
   connectionString?: string | null;
+  replicaReadConsistency?: string | null;
   dynamoDBEndpoint?: string | null;
   dynamoDBRegion?: string | null;
   dynamoDBTableName?: string | null;
@@ -18,10 +19,43 @@ export type AsherahConfig = {
   enableRegionSuffix?: boolean | null;
   enableSessionCaching?: boolean | null;
   verbose?: boolean | null;
+  sqlMetastoreDBType?: string | null;
+  disableZeroCopy?: boolean | null;
+  nullDataCheck?: boolean | null;
+  enableCanaries?: boolean | null;
 };
 
-export declare function setup(config: AsherahConfig): void;
-export declare function setupAsync(config: AsherahConfig): Promise<void>;
+/** Canonical godaddy/asherah-node PascalCase config format */
+export type AsherahConfigCompat = {
+  readonly ServiceName: string;
+  readonly ProductID: string;
+  readonly ExpireAfter?: number | null;
+  readonly CheckInterval?: number | null;
+  readonly Metastore: 'memory' | 'rdbms' | 'dynamodb' | 'test-debug-memory';
+  readonly ConnectionString?: string | null;
+  readonly DynamoDBEndpoint?: string | null;
+  readonly DynamoDBRegion?: string | null;
+  readonly DynamoDBTableName?: string | null;
+  readonly SessionCacheMaxSize?: number | null;
+  readonly SessionCacheDuration?: number | null;
+  readonly KMS?: 'aws' | 'static' | 'test-debug-static' | null;
+  readonly RegionMap?: Record<string, string> | null;
+  readonly PreferredRegion?: string | null;
+  readonly EnableRegionSuffix?: boolean | null;
+  readonly EnableSessionCaching?: boolean | null;
+  readonly Verbose?: boolean | null;
+  readonly SQLMetastoreDBType?: string | null;
+  readonly ReplicaReadConsistency?: 'eventual' | 'global' | 'session' | null;
+  readonly DisableZeroCopy?: boolean | null;
+  readonly NullDataCheck?: boolean | null;
+  readonly EnableCanaries?: boolean | null;
+};
+
+/** Canonical godaddy/asherah-node log hook callback: (level: number, message: string) => void */
+export type LogHookCallback = (level: number, message: string) => void;
+
+export declare function setup(config: AsherahConfig | AsherahConfigCompat): void;
+export declare function setupAsync(config: AsherahConfig | AsherahConfigCompat): Promise<void>;
 export declare function shutdown(): void;
 export declare function shutdownAsync(): Promise<void>;
 export declare function getSetupStatus(): boolean;
@@ -39,6 +73,7 @@ export declare function decryptStringAsync(partitionId: string, dataRowRecordJso
 
 export declare function setMaxStackAllocItemSize(n: number): void;
 export declare function setSafetyPaddingOverhead(n: number): void;
+
 export type LogEvent = {
   level: 'trace' | 'debug' | 'info' | 'warn' | 'error';
   message: string;
@@ -49,5 +84,19 @@ export type MetricsEvent =
   | { type: 'encrypt' | 'decrypt' | 'store' | 'load'; durationNs: number }
   | { type: 'cache_hit' | 'cache_miss'; name: string };
 
-export declare function setLogHook(hook: ((event: LogEvent) => void) | null): void;
+export declare function setLogHook(hook: ((event: LogEvent) => void) | LogHookCallback | null): void;
 export declare function setMetricsHook(hook: ((event: MetricsEvent) => void) | null): void;
+
+// Canonical godaddy/asherah-node snake_case aliases
+export declare function setup_async(config: AsherahConfig | AsherahConfigCompat): Promise<void>;
+export declare function shutdown_async(): Promise<void>;
+export declare function encrypt_async(partitionId: string, data: Buffer): Promise<string>;
+export declare function encrypt_string(partitionId: string, data: string): string;
+export declare function encrypt_string_async(partitionId: string, data: string): Promise<string>;
+export declare function decrypt_async(partitionId: string, dataRowRecordJson: string): Promise<Buffer>;
+export declare function decrypt_string(partitionId: string, dataRowRecordJson: string): string;
+export declare function decrypt_string_async(partitionId: string, dataRowRecordJson: string): Promise<string>;
+export declare function set_max_stack_alloc_item_size(n: number): void;
+export declare function set_safety_padding_overhead(n: number): void;
+export declare function set_log_hook(hook: ((event: LogEvent) => void) | LogHookCallback | null): void;
+export declare function get_setup_status(): boolean;

package/npm/index.js

@@ -1,6 +1,24 @@
 const path = require('path');
 const os = require('os');
 
+// Detect musl libc (Alpine Linux, etc.)
+function isMusl() {
+  if (os.platform() !== 'linux') return false;
+  try {
+    // Node 18+: process.report.getReport() exposes glibc version
+    const report = process.report.getReport();
+    const header = typeof report === 'string' ? JSON.parse(report).header : report.header;
+    return !header.glibcVersionRuntime;
+  } catch {
+    // Fallback: check for musl dynamic linker
+    try {
+      return require('fs').readdirSync('/lib').some(f => f.startsWith('ld-musl-'));
+    } catch {
+      return false;
+    }
+  }
+}
+
 // Determine current platform
 function getPlatform() {
   const type = os.platform();
@@ -11,11 +29,13 @@ function getPlatform() {
     if (arch === 'arm64') return 'darwin-arm64';
   }
   if (type === 'linux') {
-    if (arch === 'x64') return 'linux-x64-gnu';
-    if (arch === 'arm64') return 'linux-arm64-gnu';
+    const libc = isMusl() ? 'musl' : 'gnu';
+    if (arch === 'x64') return `linux-x64-${libc}`;
+    if (arch === 'arm64') return `linux-arm64-${libc}`;
   }
   if (type === 'win32') {
     if (arch === 'x64') return 'win32-x64-msvc';
+    if (arch === 'arm64') return 'win32-arm64-msvc';
   }
 
   throw new Error(`Unsupported platform: ${type}-${arch}`);
@@ -23,21 +43,41 @@ function getPlatform() {
 
 const platform = getPlatform();
 
-// Try to load the native module
+// Map platform to npm package name (win32 needed a different name to avoid npm spam filter)
+const PLATFORM_PACKAGES = {
+  'darwin-arm64': 'asherah-darwin-arm64',
+  'darwin-x64': 'asherah-darwin-x64',
+  'linux-x64-gnu': 'asherah-linux-x64-gnu',
+  'linux-arm64-gnu': 'asherah-linux-arm64-gnu',
+  'linux-x64-musl': 'asherah-linux-x64-musl',
+  'linux-arm64-musl': 'asherah-linux-arm64-musl',
+  'win32-x64-msvc': 'asherah-windows-x64',
+  'win32-arm64-msvc': 'asherah-windows-arm64',
+};
+const packageName = PLATFORM_PACKAGES[platform] || `asherah-${platform}`;
+
+// Try to load the native module:
+// 1. Installed platform package (optionalDependency) — normal npm install
+// 2. Bundled in platform subdirectory — development / CI builds
+// 3. Legacy single-binary fallback
+let native = null;
+let lastErr = null;
+
 const attempts = [
-  // Platform-specific directory (for universal package)
+  // Platform package installed as optionalDependency (e.g., asherah-darwin-arm64)
+  packageName,
+  // Bundled in platform subdirectory (development builds)
   path.join(__dirname, platform, `index.${platform}.node`),
-  // Fallback to old single-binary location
+  // Fallback to old single-binary locations
   path.join(__dirname, 'asherah.node'),
   path.join(__dirname, '..', 'index.node'),
 ];
 
-let lastErr = null;
 for (const candidate of attempts) {
   try {
-    module.exports = require(candidate);
-    module.exports.__binary = candidate;
-    return;
+    native = require(candidate);
+    native.__binary = candidate;
+    break;
   } catch (err) {
     lastErr = err;
     if (
@@ -50,5 +90,141 @@ for (const candidate of attempts) {
   }
 }
 
-const detail = lastErr ? `: ${lastErr.message || String(lastErr)}` : '';
-throw new Error(`Failed to load Asherah native addon for ${platform}${detail}`);
+if (!native) {
+  const detail = lastErr ? `: ${lastErr.message || String(lastErr)}` : '';
+  throw new Error(
+    `Failed to load Asherah native addon for ${platform}. ` +
+    `Ensure the platform package '${packageName}' is installed${detail}`
+  );
+}
+
+// --- Canonical godaddy/asherah-node compatibility layer ---
+
+// PascalCase → camelCase config field mapping
+const CONFIG_MAP = {
+  ServiceName: 'serviceName',
+  ProductID: 'productId',
+  ExpireAfter: 'expireAfter',
+  CheckInterval: 'checkInterval',
+  Metastore: 'metastore',
+  ConnectionString: 'connectionString',
+  DynamoDBEndpoint: 'dynamoDBEndpoint',
+  DynamoDBRegion: 'dynamoDBRegion',
+  DynamoDBTableName: 'dynamoDBTableName',
+  SessionCacheMaxSize: 'sessionCacheMaxSize',
+  SessionCacheDuration: 'sessionCacheDuration',
+  KMS: 'kms',
+  RegionMap: 'regionMap',
+  PreferredRegion: 'preferredRegion',
+  EnableRegionSuffix: 'enableRegionSuffix',
+  EnableSessionCaching: 'enableSessionCaching',
+  Verbose: 'verbose',
+  SQLMetastoreDBType: 'sqlMetastoreDBType',
+  ReplicaReadConsistency: 'replicaReadConsistency',
+  DisableZeroCopy: 'disableZeroCopy',
+  NullDataCheck: 'nullDataCheck',
+  EnableCanaries: 'enableCanaries',
+};
+
+// Legacy/debug metastore aliases (match Go behavior)
+const METASTORE_ALIASES = {
+  'test-debug-memory': 'memory',
+  'test-debug-sqlite': 'sqlite',
+  'test-debug-static': 'static',
+};
+
+// Legacy/debug KMS aliases
+const KMS_ALIASES = {
+  'test-debug-static': 'static',
+};
+
+function normalizeConfig(config) {
+  // Detect PascalCase format by checking for ServiceName (capital S)
+  if (!config || typeof config !== 'object' || !('ServiceName' in config)) {
+    return config;
+  }
+
+  const out = {};
+  for (const [key, value] of Object.entries(config)) {
+    const mapped = CONFIG_MAP[key];
+    if (mapped === undefined) {
+      // Unknown field — pass through as-is (may be a camelCase field mixed in)
+      out[key] = value;
+    } else if (mapped !== null) {
+      out[mapped] = value;
+    }
+    // mapped === null means ignored (Go-specific)
+  }
+
+  // Normalize metastore aliases
+  if (typeof out.metastore === 'string') {
+    const lower = out.metastore.toLowerCase();
+    out.metastore = METASTORE_ALIASES[lower] || lower;
+  }
+
+  // Normalize KMS aliases
+  if (typeof out.kms === 'string') {
+    const lower = out.kms.toLowerCase();
+    out.kms = KMS_ALIASES[lower] || lower;
+  }
+
+  return out;
+}
+
+// Log level mapping: Rust level string → zerolog numeric (used by Go asherah)
+const LEVEL_TO_NUMBER = {
+  trace: -1,
+  debug: 0,
+  info: 1,
+  warn: 2,
+  error: 3,
+};
+
+// Wrap setup to normalize config
+function setup(config) {
+  return native.setup(normalizeConfig(config));
+}
+
+function setupAsync(config) {
+  return native.setupAsync(normalizeConfig(config));
+}
+
+// set_log_hook: accept canonical (level, message) callback or native (event) callback
+function set_log_hook(callback) {
+  if (callback == null) {
+    return native.setLogHook(null);
+  }
+  // Canonical callback: (level: number, message: string) => void (arity 2)
+  // Native callback: (event: {level, message, target}) => void (arity 1)
+  if (callback.length >= 2) {
+    return native.setLogHook(function (event) {
+      const numLevel =
+        LEVEL_TO_NUMBER[event.level] !== undefined
+          ? LEVEL_TO_NUMBER[event.level]
+          : 1;
+      callback(numLevel, event.message);
+    });
+  }
+  return native.setLogHook(callback);
+}
+
+// Export everything from native addon
+Object.assign(module.exports, native);
+
+// Override setup/setupAsync with normalizing versions
+module.exports.setup = setup;
+module.exports.setupAsync = setupAsync;
+
+// snake_case aliases for canonical API compatibility
+module.exports.setup_async = setupAsync;
+module.exports.shutdown_async = native.shutdownAsync;
+module.exports.encrypt_async = native.encryptAsync;
+module.exports.encrypt_string = native.encryptString;
+module.exports.encrypt_string_async = native.encryptStringAsync;
+module.exports.decrypt_async = native.decryptAsync;
+module.exports.decrypt_string = native.decryptString;
+module.exports.decrypt_string_async = native.decryptStringAsync;
+module.exports.set_max_stack_alloc_item_size = native.setMaxStackAllocItemSize;
+module.exports.set_safety_padding_overhead = native.setSafetyPaddingOverhead;
+module.exports.set_log_hook = set_log_hook;
+module.exports.get_setup_status = native.getSetupStatus;

package/package.json

@@ -1,21 +1,34 @@
 {
   "name": "asherah",
-  "version": "4.0.0-beta.1",
+  "version": "4.0.0-beta.10",
   "private": false,
   "description": "Asherah envelope encryption and key rotation library",
   "main": "npm/index.js",
   "types": "index.d.ts",
   "files": [
-    "npm/**/*",
+    "npm/index.js",
     "index.d.ts",
     "README.md",
     "LICENSE"
   ],
+  "napi": {
+    "binaryName": "index",
+    "targets": [
+      "x86_64-apple-darwin",
+      "aarch64-apple-darwin",
+      "x86_64-unknown-linux-gnu",
+      "aarch64-unknown-linux-gnu",
+      "x86_64-unknown-linux-musl",
+      "aarch64-unknown-linux-musl",
+      "x86_64-pc-windows-msvc",
+      "aarch64-pc-windows-msvc"
+    ]
+  },
   "scripts": {
     "build": "napi build",
     "build:release": "napi build --release",
-    "prepublishOnly": "napi prepublish -t npm",
-    "test": "node test/roundtrip.js"
+    "test": "node test/roundtrip.js",
+    "test:bun": "bun test/roundtrip.js"
   },
   "devDependencies": {
     "@napi-rs/cli": "^2.18.0"
@@ -24,9 +37,13 @@
     "node": ">= 18"
   },
   "optionalDependencies": {
-    "asherah-win32-x64-msvc": "4.0.0",
-    "asherah-darwin-x64": "4.0.0",
-    "asherah-linux-x64-gnu": "4.0.0",
-    "asherah-linux-arm64-gnu": "4.0.0"
+    "asherah-darwin-arm64": "4.0.0-beta.10",
+    "asherah-darwin-x64": "4.0.0-beta.10",
+    "asherah-linux-x64-gnu": "4.0.0-beta.10",
+    "asherah-linux-arm64-gnu": "4.0.0-beta.10",
+    "asherah-linux-x64-musl": "4.0.0-beta.10",
+    "asherah-linux-arm64-musl": "4.0.0-beta.10",
+    "asherah-windows-x64": "4.0.0-beta.10",
+    "asherah-windows-arm64": "4.0.0-beta.10"
   }
 }