feat(ci): add tests and md files#7
Merged
calvinbrewer merged 1 commit intomainfrom Nov 19, 2024
Merged
Conversation
calvinbrewer
pushed a commit
that referenced
this pull request
Feb 10, 2025
…ncrypt-decrypt-opt Add service token as encrypt and decrypt opt
coderdan
added a commit
that referenced
this pull request
May 4, 2026
…invariant Two fixes from a smoke-test run on the supatest spike project. Fix 1: backfill / drop never wrote `.cipherstash/migrations.json` The manifest was modelled as the *intent* leg of the three-source state model (intent in repo, EQL config in DB, runtime state in cs_migrations) but no CLI command actually wrote the file — `writeManifest` was exported from @cipherstash/migrate but never called from the CLI. Plan and status emitted "no manifest" forever and the drift-detection features were dead code. Wired: - New `upsertManifestColumn(table, column, cwd?)` in @cipherstash/migrate. Reads the existing manifest (or starts fresh), replaces the matching column entry under the named table, writes back. Preserves entries for other columns / other tables. - New `setManifestTargetPhase(table, columnName, phase, cwd?)` — no-op when the column isn't tracked yet, used by `drop` to bump intent forward. - `backfill.ts` calls `upsertManifestColumn` after the dual-write confirmation. The entry is derived from the encryption client's EncryptedTable schema (cast_as → manifest.castAs, configured index kinds → manifest.indexes); pkColumn flows through when the user passed `--pk-column`. targetPhase defaults to `cut-over`. Idempotent — re-runs replace the same entry. - `drop.ts` calls `setManifestTargetPhase(... 'dropped')` after the migration file is written, so the manifest reflects the user's commitment to fully removing the plaintext column. Cutover doesn't touch the manifest (current state lives in cs_migrations; the manifest is only intent). 10 new tests in @cipherstash/migrate covering upsert idempotence, target-phase update, and the no-op-when-untracked path. Fix 2: bundler-exclusion invariant promoted The skill mentioned that `@cipherstash/stack` must be excluded from bundling (it wraps a native FFI module) but in a single line buried in Installation. Claude missed it on the smoke test, then hit the runtime crash. - AGENTS-doctrine.md gains it as invariant #7 — the seventh "never break this" rule, alongside never-log-plaintext and jsonb-null-on-creation. Concrete config snippets for Next.js, webpack, esbuild, and Vite SSR included so the agent doesn't have to guess the field names. - stash-encryption skill's Installation section gets a more prominent callout (`> [!IMPORTANT]`) plus the same per-bundler snippets. - setup-prompt.ts adds it to path 1 step 1 ("if this is the first encrypted column in the project, configure the bundler exclusion first") and to path 3 schema-add as the same precondition. The exclusion now appears at every layer the agent reads: doctrine, skill, and project-specific action prompt. Test asserts `serverExternalPackages` and `@cipherstash/protect-ffi` appear in the rendered prompt.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.