You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
chore(stack): EQL v3 concrete types via protect-ffi 0.28
Squashes the concrete-type domain work and the protect-ffi 0.24 -> 0.28
bump into a single commit, removing the intermediate 0.27 -> 0.28 rename
and re-bump churn (package.json, pnpm-lock.yaml, changeset).
Upgrade `@cipherstash/protect-ffi` to 0.28.0 and update EQL v3 concrete Postgres domain names to match the SQL fixture (`integer*`, `smallint*`, `bool`, `real*`, and `double*`). The public factories remain semantic (`Integer`, `Smallint`, `Boolean`, `Real`, `Double`) while their concrete domains change, so this is a minor release.
Copy file name to clipboardExpand all lines: .changeset/eql-v3-typed-schema.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,6 +2,6 @@
2
2
'@cipherstash/stack': minor
3
3
---
4
4
5
-
Add EQL v3 schema builders for all generated SQL domains under `@cipherstash/stack/eql/v3`, exposed as the `types` namespace (one member per EQL v3 domain, e.g. `types.TextEq` / `types.Int4Ord` / `types.Timestamp`), including explicit query capability metadata (`getQueryCapabilities()` / `isQueryable()`) and v3 table support in model encryption helpers (`encryptModel` / `bulkEncryptModels`).
5
+
Add EQL v3 schema builders for supported generated SQL domains under `@cipherstash/stack/eql/v3`, exposed as the `types` namespace (one member per supported EQL v3 domain, e.g. `types.TextEq` / `types.IntegerOrd` / `types.Timestamp`), including explicit query capability metadata (`getQueryCapabilities()` / `isQueryable()`) and v3 table support in model encryption helpers (`encryptModel` / `bulkEncryptModels`).
6
6
7
-
Also widen the accepted plaintext input type for `encrypt` / `encryptQuery` to include `Date`and `bigint`(via the new `Plaintext` type), so v3 `date` / `timestamp` / `int8` domains can be encrypted and queried with their natural JavaScript values.
7
+
Also widen the accepted plaintext input type for `encrypt` / `encryptQuery` to include `Date` (via the new `Plaintext` type), so v3 `date` / `timestamp` domains can be encrypted and queried with their natural JavaScript values.
Copy file name to clipboardExpand all lines: e2e/wasm/deno.json
+22-1Lines changed: 22 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -3,13 +3,34 @@
3
3
"//2": "stack is imported via a file URL because the wasm-inline subpath isn't on a published version yet — once stack ships with /wasm-inline this can switch to a plain npm: specifier. protect-ffi and auth resolve via npm: against the workspace's installed versions (Deno's nodeModulesDir: auto lets it use what pnpm fetched).",
4
4
"//3": "No --allow-ffi grant. If protect-ffi ever silently fell back to a native binding under Deno, the test would fail on missing FFI permission — this is the WASM guarantee.",
5
5
"nodeModulesDir": "auto",
6
+
"//4": "Deno 2.9+ enforces a 24h minimumDependencyAge cooldown by default. Mirror pnpm-workspace.yaml's supply-chain policy (minimumReleaseAge: 7d + minimumReleaseAgeExclude) so the two toolchains agree: keep the 7-day cooldown for third-party deps, but exempt the first-party CipherStash packages this test imports — they ship on their own cadence and are bumped in lockstep. Without the exclude, a just-published protect-ffi/auth (e.g. 0.28.0) fails resolution until it ages past the window.",
7
+
"//5": "Deno's exclude does not support globs, so the per-platform native binary sub-packages (optional deps published in lockstep at the same version) are enumerated explicitly — mirrors pnpm-workspace.yaml's protect-ffi-* / auth-* wildcards.",
8
+
"minimumDependencyAge": {
9
+
"age": "P7D",
10
+
"exclude": [
11
+
"npm:@cipherstash/protect-ffi",
12
+
"npm:@cipherstash/protect-ffi-darwin-arm64",
13
+
"npm:@cipherstash/protect-ffi-darwin-x64",
14
+
"npm:@cipherstash/protect-ffi-linux-arm64-gnu",
15
+
"npm:@cipherstash/protect-ffi-linux-x64-gnu",
16
+
"npm:@cipherstash/protect-ffi-linux-x64-musl",
17
+
"npm:@cipherstash/protect-ffi-win32-x64-msvc",
18
+
"npm:@cipherstash/auth",
19
+
"npm:@cipherstash/auth-darwin-arm64",
20
+
"npm:@cipherstash/auth-darwin-x64",
21
+
"npm:@cipherstash/auth-linux-arm64-gnu",
22
+
"npm:@cipherstash/auth-linux-x64-gnu",
23
+
"npm:@cipherstash/auth-linux-x64-musl",
24
+
"npm:@cipherstash/auth-win32-x64-msvc"
25
+
]
26
+
},
6
27
"tasks": {
7
28
"//task": "--no-check because TypeScript can't infer the column-on-table intersection types when stack is loaded via file URL (the dist .d.ts strips brand info). This test exists to verify RUNTIME WASM round-trips — type narrowing is covered by the package's own vitest suite.",
8
29
"test": "deno test --no-check --allow-env --allow-net --allow-read --allow-sys --no-prompt"
0 commit comments