feat(cli): tighten column-selection UX in init / schema build

[coderdan]

Closes #396.

Stacked on #395 — review #395 first.

Summary

Three closely related fixes to the per-table column picker used by stash init and stash schema build:

• No more silent skip-throughs. Drops required: true on the multiselect and handles the empty case explicitly: warn-and-reprompt if no other tables have been configured this run, or offer "Skip encryption for the <x> table" as an explicit escape if priors exist.
• Already-encrypted columns are no longer toggleable. Columns whose Postgres type is eql_v2_encrypted are surfaced above the prompt as a "will be kept as-is" note and merged into the schema automatically. clack has no disabled-row affordance, so this is the closest we get to "displayed but not selectable". If every column in a table is already encrypted, the multiselect is skipped and we just confirm "keep as-is?".
• EQL-managed tables are filtered at the SQL level. eql_v2_* (e.g. eql_v2_configuration) is excluded from introspection so it never appears as a candidate — encrypting EQL's own configuration store would brick EQL.

Plus a small UX win: after a user picks ≥1 column, init reads back the selection (Encrypt 3 columns in "users" (email, name, and ssn)?) and lets them back out into the picker if they misclicked.

API change

selectTableColumns now returns a discriminated { kind: 'schema' | 'skip' | 'cancel' } so buildSchemasFromDatabase can tell "user skipped this one table" from "user cancelled the whole flow". The outer return shape (SchemaDef[] | undefined) is unchanged.

Out of scope

introspectDatabase still only scans the public schema. Filed #397 to track the broader question of multi-schema support — would expand the surface here meaningfully and is better as its own change.

Test plan

• Unit tests cover the new pure helpers (buildColumnDefs, joinNames, pgTypeToDataType, allSearchOps) — 18 new tests in lib/__tests__/introspect.test.ts.
• Full CLI suite green: 172 / 172.
• Build + biome clean.
• Smoke test: re-run stash init against a project that already has one EQL column on a re-run; confirm pre-encrypted columns appear as a "kept as-is" note (not in the picker), the multiselect requires ≥1 new pick, and the confirmation summary fires before moving on.
• Smoke test: configure one table, then on the next iteration submit the multiselect with nothing selected; confirm the "Skip encryption for the <x> table?" prompt appears.
• Smoke test: against a DB with EQL installed, confirm eql_v2_configuration does not appear in the table list.

[changeset-bot]

🦋 Changeset detected

Latest commit: 76e37c0

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

Name	Type
stash	Patch
@cipherstash/e2e	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 537ac798-5eb1-4ed5-bc20-cf96c4bd5ff9

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dan/init-column-selection-ux

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get your free trial and get 200 agent minutes per Slack user (a $50 value).

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}