Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 0 additions & 56 deletions .changeset/eql-v3-supabase.md

This file was deleted.

18 changes: 0 additions & 18 deletions .changeset/eql-v3-text-search.md

This file was deleted.

29 changes: 0 additions & 29 deletions .changeset/eql-v3-typed-client.md

This file was deleted.

7 changes: 0 additions & 7 deletions .changeset/eql-v3-typed-schema.md

This file was deleted.

9 changes: 0 additions & 9 deletions .changeset/native-binary-guards.md

This file was deleted.

11 changes: 0 additions & 11 deletions .changeset/refresh-package-readmes.md

This file was deleted.

12 changes: 0 additions & 12 deletions .changeset/rename-db-install-to-eql-install.md

This file was deleted.

36 changes: 0 additions & 36 deletions .changeset/stack-protect-ffi-0-26-oidc-strategy.md

This file was deleted.

12 changes: 12 additions & 0 deletions examples/basic/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,17 @@
# @cipherstash/basic-example

## 1.2.13

### Patch Changes

- Updated dependencies [cc62407]
- Updated dependencies [5e4f354]
- Updated dependencies [4ceefed]
- Updated dependencies [cb34d71]
- Updated dependencies [aa9c4b1]
- Updated dependencies [35b9ed6]
- @cipherstash/stack@0.19.0

## 1.2.12

### Patch Changes
Expand Down
2 changes: 1 addition & 1 deletion examples/basic/package.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "@cipherstash/basic-example",
"private": true,
"version": "1.2.12",
"version": "1.2.13",
"type": "module",
"scripts": {
"start": "tsx index.ts"
Expand Down
13 changes: 13 additions & 0 deletions examples/prisma/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,18 @@
# @cipherstash/prisma-next-example

## 0.0.5

### Patch Changes

- Updated dependencies [cc62407]
- Updated dependencies [5e4f354]
- Updated dependencies [4ceefed]
- Updated dependencies [cb34d71]
- Updated dependencies [aa9c4b1]
- Updated dependencies [35b9ed6]
- @cipherstash/stack@0.19.0
- @cipherstash/prisma-next@0.3.2

## 0.0.4

### Patch Changes
Expand Down
2 changes: 1 addition & 1 deletion examples/prisma/package.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "@cipherstash/prisma-next-example",
"private": true,
"version": "0.0.4",
"version": "0.0.5",
"description": "End-to-end example of @cipherstash/prisma-next: searchable application-layer encryption for Postgres with Prisma Next, using @cipherstash/stack as the SDK.",
"type": "module",
"scripts": {
Expand Down
12 changes: 12 additions & 0 deletions packages/bench/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,17 @@
# @cipherstash/bench

## 0.0.4

### Patch Changes

- Updated dependencies [cc62407]
- Updated dependencies [5e4f354]
- Updated dependencies [4ceefed]
- Updated dependencies [cb34d71]
- Updated dependencies [aa9c4b1]
- Updated dependencies [35b9ed6]
- @cipherstash/stack@0.19.0

## 0.0.3

### Patch Changes
Expand Down
2 changes: 1 addition & 1 deletion packages/bench/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@cipherstash/bench",
"version": "0.0.3",
"version": "0.0.4",
"private": true,
"description": "Performance / index-engagement benchmarks for stack integrations (Drizzle, encryptedSupabase, Prisma).",
"type": "module",
Expand Down
74 changes: 74 additions & 0 deletions packages/cli/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,79 @@
# @cipherstash/cli

## 0.17.0

### Minor Changes

- cc62407: Add EQL v3 Supabase support, baselined on the `eql-3.0.0-alpha.2` release.

`@cipherstash/stack/supabase` gains `encryptedSupabaseV3` — the EQL v3
counterpart of `encryptedSupabase` for schemas authored with
`@cipherstash/stack/eql/v3`. The public surface and call shape are identical
to v2 (same filter methods, `withLockContext`, `audit`); only the schema type
and wire encoding differ.

**The v3 surface** is the `eql-3.0.0-alpha.2` release artifact: domains use
SQL-standard type names (`eql_v3.integer_ord`, `eql_v3.timestamp_ord`,
`eql_v3.boolean`, … mirrored by `types.IntegerOrd`, `types.TimestampOrd`,
`types.Boolean`, …), SEM internals live in a separate `eql_v3_internal`
schema (grant it roles, never expose it — only `eql_v3` goes in Supabase's
Exposed schemas), and envelopes are versioned `v: 3`. Envelope production
rides on `@cipherstash/protect-ffi` 0.27, which takes an `eqlVersion` so the
same client emits v2 or v3 payloads per schema.

**Adapter behaviour:**

- columns are stored in their native `eql_v3.*` domains (raw jsonb payloads,
no composite wrap), with JS property → DB column name resolution and `Date`
reconstruction from `cast_as` on decrypted rows;
- **INTERIM:** filter operands are full storage envelopes — every `eql_v3.*`
domain CHECK requires the storage keys, and the SQL operators coerce their
operand into the domain, so a term-only operand is rejected today. This is
a tracked workaround (Linear CIP-3402), not the design: a full-envelope
operand carries a real decryptable ciphertext plus all of the column's
index terms, and PostgREST filters travel in GET query strings, so operands
can land in URL logs, proxies, and Supabase request logs (query terms are
index-terms-only by design). The fix is an EQL-side term-only scalar query
envelope (the scalar analog of `eql_v3.jsonb_query`);
- `like`/`ilike` on encrypted columns are emitted as PostgREST `cs`
(bloom-filter `@>`) — the v3 domains define no LIKE operator. Substring
search currently also requires `include_original: false` on the match
index; that requirement is a symptom of the same interim full-envelope
operand and goes away with CIP-3402;
- filters on storage-only columns (e.g. `types.Boolean`) and null filter
values are rejected at the type level and at runtime.

The v3 builder's default row type is exactly the table's inferred plaintext
shape (no index-signature widening — widening would disable the storage-only
filter guard). Filtering or inserting plaintext passthrough columns requires
an explicit row type: `es.from<typeof users, UserRow>('users', users)`.

The CLI gains an EQL v3 path: `stash eql install --eql-version 3` installs the
vendored `eql-3.0.0-alpha.2` bundle (`--supabase` selects the opclass-stripped
variant and applies the role grants for both `eql_v3` and `eql_v3_internal`);
`stash db upgrade` also accepts `--eql-version`, and `stash db status` reports
v2 and v3 installs independently. The v2 `SUPABASE_PERMISSIONS_SQL` block is
now generated from a shared `supabasePermissionsSql(schemaName)` helper, with
`SUPABASE_PERMISSIONS_SQL_V3` covering the v3 schemas.

- eb94ac8: Add guards for missing native binaries. When npm skips the platform-specific
optional dependency (a known npm bug), stash now prints actionable fix
guidance instead of a raw `MODULE_NOT_FOUND` stack trace. Adds a new
`stash doctor` command that diagnoses the runtime and native modules and works
even when a binary is missing.
- 64fdeb2: Rename `stash db install`, `stash db upgrade`, and `stash db status` to
`stash eql install`, `stash eql upgrade`, and `stash eql status`. These
commands manage the EQL extension itself, so they now live under a dedicated
`eql` command group. The old `db` spellings keep working as deprecated
aliases that print a warning pointing at the new names. All help text,
hints, generated migration headers, and wizard steps now reference the
`eql` commands.

### Patch Changes

- aa9c4b1: Documentation: refresh package READMEs after the protectjs → stack repository rename. Fixed repository and license links, replaced dead in-repo docs links with cipherstash.com/docs URLs, rewrote the incorrect @cipherstash/nextjs README, and added guidance pointing new projects to @cipherstash/stack.
- @cipherstash/migrate@0.2.0

## 0.16.0

### Minor Changes
Expand Down
2 changes: 1 addition & 1 deletion packages/cli/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "stash",
"version": "0.16.0",
"version": "0.17.0",
"description": "CipherStash CLI — the one stash command for auth, init, encryption schema, database setup, and secrets.",
"repository": {
"type": "git",
Expand Down
6 changes: 6 additions & 0 deletions packages/drizzle/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# @cipherstash/drizzle

## 3.0.3

### Patch Changes

- aa9c4b1: Documentation: refresh package READMEs after the protectjs → stack repository rename. Fixed repository and license links, replaced dead in-repo docs links with cipherstash.com/docs URLs, rewrote the incorrect @cipherstash/nextjs README, and added guidance pointing new projects to @cipherstash/stack.

## 3.0.2

### Patch Changes
Expand Down
2 changes: 1 addition & 1 deletion packages/drizzle/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@cipherstash/drizzle",
"version": "3.0.2",
"version": "3.0.3",
"description": "CipherStash Protect.js Drizzle ORM integration for TypeScript",
"keywords": [
"encrypted",
Expand Down
6 changes: 6 additions & 0 deletions packages/nextjs/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# @cipherstash/nextjs

## 4.1.1

### Patch Changes

- aa9c4b1: Documentation: refresh package READMEs after the protectjs → stack repository rename. Fixed repository and license links, replaced dead in-repo docs links with cipherstash.com/docs URLs, rewrote the incorrect @cipherstash/nextjs README, and added guidance pointing new projects to @cipherstash/stack.

## 4.1.0

### Minor Changes
Expand Down
2 changes: 1 addition & 1 deletion packages/nextjs/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@cipherstash/nextjs",
"version": "4.1.0",
"version": "4.1.1",
"description": "Nextjs package for use with @cipherstash/protect",
"keywords": [
"encrypted",
Expand Down
Loading