Skip to content

feat: backport kv-store sqlite encryption (#22759) to v4-next#22927

Merged
mverzilli merged 3 commits intobackport-to-v4-next-stagingfrom
claudebox/backport-22759-kvstore-sqlite-v4next
May 4, 2026
Merged

feat: backport kv-store sqlite encryption (#22759) to v4-next#22927
mverzilli merged 3 commits intobackport-to-v4-next-stagingfrom
claudebox/backport-22759-kvstore-sqlite-v4next

Conversation

@AztecBot
Copy link
Copy Markdown
Collaborator

@AztecBot AztecBot commented May 4, 2026

Summary

Backport of #22759 (feat: kv-store sqlite backend with page level encryption) to backport-to-v4-next-staging.

The auto-cherry-pick failed on yarn-project/kv-store/src/sqlite-opfs/worker.ts. The conflict was localized to the ensurePool function: the v4-next branch already contains #22721 (kv-store browser test hangs fix), which added a poolDirectory = directory; assignment, while #22759 introduced a local s = sqlite3 alias and the sqlite3mc VFS registration call. Both changes are compatible and have been combined.

Commit structure

  1. 1944712b — original cherry-pick committed as-is with the conflict marker preserved in worker.ts, so reviewers can see exactly what conflicted.
  2. 0c397e2c — conflict resolution: keeps poolDirectory tracking from chore: fix kv-store browser tests hangs #22721 + the local s alias and sqlite3mc_vfs_create call from feat: kv-store sqlite backend with page level encryption #22759.

No build-fixes commit was needed — kv-store and sqlite3mc-wasm both typecheck clean against the resolved tree.

Verification

  • yarn install succeeded.
  • tsgo --noEmit is clean for both kv-store and sqlite3mc-wasm.
  • Diff stat matches the original PR: 26 files, +699/-14.

Original PR

ClaudeBox log: https://claudebox.work/s/6446d1f92380c25a?run=1

ClaudeBox log: https://claudebox.work/s/6446d1f92380c25a?run=1

mverzilli and others added 2 commits May 4, 2026 12:18
@mverzilli @AztecBot
feat: kv-store sqlite backend with page level encryption (#22759)
1944712 
Cherry-pick of #22759 with conflict markers preserved in worker.ts.
Conflict resolution and build fixes follow in subsequent commits.

Original PR: #22759
@AztecBot
fix: resolve cherry-pick conflicts in worker.ts
0c397e2 
Combines both sides of the merge in ensurePool():
- Keeps poolDirectory tracking from #22721 (kv-store browser test hangs fix)
- Adopts the local 's = sqlite3' alias and sqlite3mc_vfs_create call from #22759

The handleDeleteDb codepath inherited from #22721 (async + ensurePool with
remembered poolDirectory) is preserved as-is and is orthogonal to the
encryption wrapper, which only kicks in via MC_SAH_POOL_VFS_NAME in handleInit.
@AztecBot AztecBot added ci-draft Run CI on draft PRs. claudebox Owned by claudebox. it can push to this PR. labels May 4, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 4, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addednpm/​@​aztec/​sqlite3mc-wasm@​0.0.0-use.local100100100100100

View full report

@mverzilli mverzilli added the ci-full Run all master checks. label May 4, 2026
@mverzilli mverzilli marked this pull request as ready for review May 4, 2026 12:33
@mverzilli mverzilli enabled auto-merge May 4, 2026 12:34
@mverzilli @claude
fix(kv-store): exclude @aztec/sqlite3mc-wasm from vitest optimizeDeps
8c47ade 
The exclude entry was left as the previous package name
(@sqlite.org/sqlite-wasm) when worker.ts and package.json were updated
to use @aztec/sqlite3mc-wasm. With the new package not excluded, vite's
dep optimizer crawls into it during browser test setup and trips an
ENOENT race on `.vite/vitest/<hash>/deps` (two concurrent crawls under
playwright's server+browser dual-context model), causing
src/sqlite-opfs/array.test.ts to fail to import the test file.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@mverzilli mverzilli merged commit 7d968b2 into backport-to-v4-next-staging May 4, 2026
11 checks passed
@mverzilli mverzilli deleted the claudebox/backport-22759-kvstore-sqlite-v4next branch May 4, 2026 14:01
@AztecBot AztecBot mentioned this pull request May 4, 2026
Merged
AztecBot added a commit that referenced this pull request May 5, 2026
@AztecBot
chore: Accumulated backports to v4-next (#22924)
87af900 
BEGIN_COMMIT_OVERRIDE
docs: add map and state variable docs  (#22824)
fix: e2e compat should not fail for contracts added after legacy stables
(#22900)
chore: fix kv-store browser tests hangs (#22721)
feat: kv-store sqlite backend with page level encryption (#22759)
fix: install node 22 for aztec-cli acceptance test (#22917)
feat: backport kv-store sqlite encryption (#22759) to v4-next (#22927)
fix(docs): correct llms.txt links for versioned developer docs (#22819)
feat(docs): improve discoverability of Aztec.nr API reference docs
(#22861)
feat(docs): backport improve discoverability of Aztec.nr API reference
docs (#22861) to v4-next (#22931)
feat(aztec-nr): add call_self stubs for utility functions (#22885)
docs: add map and state variable docs (backport #22824) (#22880)
refactor: `getPackageVersion` fn cleanup (#22941)
fix(ci): skip acceptance test for canary -commit. tags (#22951)
fix: closing db, correct stub side effects (#22939)
END_COMMIT_OVERRIDE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mverzilli mverzilli mverzilli approved these changes

Assignees

No one assigned

Labels

ci-draft Run CI on draft PRs. ci-full Run all master checks. claudebox Owned by claudebox. it can push to this PR.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AztecBot @mverzilli