chore: update to cipherstash-client 0.32.0#58
Merged
Conversation
Contributor
tobyhede
commented
Jan 8, 2026
tobyhede
commented
- Migrate encrypt/decrypt to use new EQL API (encrypt_eql)
- Update SteVec format to match EQL ciphertext structure
- Add per-payload lock_context support in encrypt_bulk
- Group payloads by lock_context for batch processing
- Update TypeScript types for new SteVec format
- Temporarily disable Windows builds in CI
- Migrate encrypt/decrypt to use new EQL API (encrypt_eql) - Update SteVec format to match EQL ciphertext structure - Add per-payload lock_context support in encrypt_bulk - Group payloads by lock_context for batch processing - Update TypeScript types for new SteVec format - Temporarily disable Windows builds in CI
…, and blake3 Tests verify that SteVec automatically generates: - ocf (ORE fixed) for numeric values - ocv (ORE variable) for string values - b3 (blake3) hash for both string and numeric values - selector (s) field for entries - array flag (a) for array elements
- Remove local Encrypted enum and SteVecEntry struct - Add type alias: pub type Encrypted = EqlCiphertext - Remove eql_ciphertext_to_encrypted conversion function - Update encrypt/encrypt_bulk to return EqlCiphertext directly - Update encrypted_record_from_mp_base85 to extract ciphertext from body - Update is_encrypted to validate against EqlCiphertext structure - Update unit tests for new structure BREAKING CHANGE: Encrypted type no longer uses 'k' discriminant tag. The structure is now unified with all fields at the top level.
- Replace discriminated union with unified structure - Add EqlCiphertextBody type for recursive SteVec entries - Deprecate SteVecEntry (alias to EqlCiphertextBody) - Remove 'k' discriminant field BREAKING CHANGE: Encrypted type no longer has 'k' field for variant discrimination.
- Remove all ciphertext.k discriminant checks (8 occurrences) - Use sv field presence to identify SteVec payloads - Update type assertions to use unified Encrypted type
- Add TypeScript documentation explaining Rust type hierarchy relationship - Clarify why old format rejection test exists (migration detection)
- Add biome-ignore directives for intentional any casts in isEncrypted validation tests - Replace non-null assertions (!) with optional chaining (?.) in SEM field and JSON tests
- Add tests verifying old format data with "k" discriminant can be decrypted - Add tests verifying new encrypted output does not contain "k" field - Update Rust tests to verify "k" field is silently ignored by serde - Remove misleading test that claimed to reject "k" field (actually failed on invalid "c" data) The old format used "k": "ct" or "k": "sv" as a serde discriminant tag. The new EqlCiphertext format ignores unknown fields, so old data remains decryptable.
Also re-enable Windows CI builds with OpenSSL support
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.