feat(drizzle): EQL v3 adapter (text scalar)

[tobyhede]

Summary

Adds an EQL v3 adapter to the Drizzle Postgres integration, alongside the existing v2 support. v3 columns are CREATE DOMAIN … AS jsonb types (eql_v3.text{,_eq,_match,_ord}); queries compare extracted index terms (eq_term/ord_term/match_term vs the hmac_256/ore_block_u64_8_256/bloom_filter jsonb helpers) rather than coercing search terms into the domain — which would fail the domain CHECK (SQLSTATE 23514). This milestone covers the text scalar.

The change is structured as 7 cohesive, layered commits (each builds + tests green):

1. refactor: SQL-dialect seam with v2 + v3 emitters — extracts a SqlDialect seam so operator factories share all lazy/batch plumbing and differ only by dialect. v2 behaviour unchanged.
2. feat: eql_v3 domain mapping + jsonb wire codec — pure (dataType, index) -> domain mapping; plain-jsonb codec (null/undefined bind as SQL NULL).
3. feat: eqlV3Type column builder + encrypted-column detection — single-capability column builder; shared isEncryptedSqlName; column-config registry anchored on a global Symbol so the ./pg and ./pg/v3 bundles share one map.
4. feat: ./pg/v3 export subpath + v3-bound operators — keyed tsup entry + exports map; createProtectOperators on the v3 subpath pre-binds the v3 dialect (no v2-default footgun).
5. test: v3 operator param-emission unit tests — eq/ne, gt/gte/lt/lte, between/notBetween, match, inArray/notInArray, asc/desc, lazy and() combine, native fallback.
6. chore: vendor eql_v3 SQL fixture + refresh doc — checked-in eql_v3 installer (EQL 035952e) + refresh process.
7. test: v3 DB integration suite — provisioning, text_eq round-trip, text domain matrix with an in-memory oracle and negative assertions.

Testing

• tsc --noEmit clean · biome clean on all touched files.
• 84 unit tests pass; 17 DB-gated tests describe.skipIf when DATABASE_URL is unset (run them against a Postgres with the v3 SQL installed).
• v2 operators.test.ts (31 tests) unchanged — no regression.

Notes for reviewers

• packages/drizzle/__tests__/fixtures/cipherstash-encrypt-v3.sql (~16k lines) is a vendored, codegen-produced EQL artifact, not hand-written — see scripts/refresh-eql-v3-sql.md. It dominates the diff line count.
• Design/walkthrough docs are intentionally not committed to this branch.
• The CJS cross-bundle registry fix (commit 3) is verified at source/test level; an end-to-end bundled-CJS smoke test against dist/ is a possible follow-up if desired.

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features
  • Added EQL v3 encrypted text columns with support for equality, free-text search, and order/range queries.
  • Added a new ./pg/v3 package subpath for v3-specific helpers.
  • Added v3 JSONB codec behavior: converts null/undefined to SQL NULL and round-trips plain JSON strings/objects.
• Improvements
  • Improved detection of encrypted column names to support both v2 and v3 domains, and ensured operators switch to native SQL for non-encrypted columns.
• Documentation
  • Added instructions to refresh and verify the v3 SQL fixture.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 47b4010

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 65539d27-f556-4214-9f52-4efc35f490ce

📥 Commits

Reviewing files that changed from the base of the PR and between d13a389 and 47b4010.

📒 Files selected for processing (2)

• packages/drizzle/__tests__/v3/extraction.test.ts
• packages/drizzle/__tests__/v3/provisioning.test.ts

---

📝 Walkthrough

Walkthrough

Introduces EQL v3 encrypted-column support for the Drizzle Postgres adapter. A new SqlDialect abstraction decouples operator SQL generation, enabling pluggable implementations: v2Dialect emits eql_v2.* SQL, while v3Dialect generates eql_v3.* SQL comparing extracted index terms (eq_term, ord_term, match_term). New modules provide v3 domain mapping, JSONB codec, and eqlV3Type column builder. A globalThis-backed column config registry replaces the per-module Map for cross-bundle state consistency. A new ./pg/v3 package subpath and updated tsup build expose all v3 APIs. Comprehensive unit and DB-gated integration tests validate codec, domain mapping, dialect rendering, operator SQL generation, and end-to-end encrypted semantics.

Changes

EQL v3 encrypted domain support

Layer / File(s)	Summary
SqlDialect interface and v2/v3 implementations src/pg/sql-dialect.ts	Defines EqualityOp, ComparisonOp, MatchOp operator domain types and the SqlDialect interface with factory methods (equality, comparison, range, match, orderBy). Implements v2Dialect mapping to eql_v2.* SQL functions and order_by, and v3Dialect generating eql_v3.* extracted-term SQL with hmac_256, ore_block_u64_8_256, and bloom-filter containment. Adds internal ORD_SYMBOL operator-to-token map.
v3 domain mapping and JSONB codec src/pg/v3/domain-map.ts, src/pg/v3/codec.ts	Adds V3DataType/V3Index types, DOMAINS canonical mapping, ALL_V3_DOMAINS set, eqlV3Domain, and v3CastAs functions for scalar-to-domain and scalar-to-cast translation with error throwing for unsupported inputs. Implements v3ToDriver (JSON serialization, null/undefined→SQL NULL) and v3FromDriver (JSON.parse with object pass-through, null/undefined identity, malformed-JSON errors).
globalThis column config registry and eqlV3Type builder src/pg/index.ts, src/pg/v3/eql-v3-type.ts	Migrates columnConfigMap to globalThis Symbol.for-keyed shared registry; exports isEncryptedSqlName (v2+v3 domain detection) and registerColumnConfig; updates getEncryptedColumnConfig to use isEncryptedSqlName. Adds EqlV3Config and eqlV3Type builder wiring domain, codec, capability flags, global registration, and _protectConfig attachment.
Operator factories threaded with SqlDialect src/pg/operators.ts	Adds dialect imports; updates createComparisonOperator, createRangeOperator, createTextSearchOperator to accept and delegate to dialect parameter; routes inArray/notInArray through dialect.equality; routes asc/desc through dialect.orderBy; extends createProtectOperators signature with optional dialect defaulting to v2Dialect and threads it through all operator wrappers.
v3 entry point, package subpath, build config, and docs src/pg/v3/index.ts, package.json, tsup.config.ts, scripts/refresh-eql-v3-sql.md, .gitattributes	Adds src/pg/v3/index.ts re-exporting all v3 types and v3-bound createProtectOperators/createProtectOperatorsV3 alias; adds ./pg/v3 exports field; switches tsup entry to keyed object for collision-free dist/pg/v3 emission; marks EQL artifacts as linguist-vendored; adds fixture-refresh documentation.
Unit tests for v3 core modules __tests__/test-utils.ts, __tests__/v3/codec.test.ts, __tests__/v3/detection.test.ts, __tests__/v3/dialect.test.ts, __tests__/v3/domain-map.test.ts, __tests__/v3/eql-v3-type.test.ts, __tests__/v3/exports.test.ts, __tests__/v3/extraction.test.ts	Adds setupV3() helper; unit suites for codec edge cases, isEncryptedSqlName detection, v2/v3 dialect SQL rendering, domain mapping, eqlV3Type data-type and capability flags, ./pg/v3 export surface and dialect pre-binding, and extractProtectSchema schema building with globalThis registry resolution.
DB-gated integration tests __tests__/v3/helpers/install-v3.ts, __tests__/v3/provisioning.test.ts, __tests__/v3/operators-v3.test.ts, __tests__/v3/roundtrip-eq.test.ts, __tests__/fixtures/eql-v3-seed-data.ts, __tests__/eql-v3.test.ts	Adds installEqlV3 helper with advisory locking; provisioning tests for domain type and extractor function presence; encrypted operator SQL generation tests and plaintext fallback assertions; text-equality round-trip test; seed data and oracle helpers; full matrix suite covering null round-trip, equality/ne, HMAC determinism, containment, ordering, negative assertions, and functional index presence.

Sequence Diagram(s)

sequenceDiagram
    participant App
    participant createProtectOperators
    participant v3Dialect
    participant eqlV3Type
    participant registerColumnConfig
    participant globalThis_map
    participant PostgreSQL

    App->>eqlV3Type: eqlV3Type('t_eq', { dataType: 'text', index: 'equality' })
    eqlV3Type->>registerColumnConfig: register EncryptedColumnConfig
    registerColumnConfig->>globalThis_map: set(Symbol.for key, config)
    eqlV3Type-->>App: customType column with _protectConfig

    App->>createProtectOperators: createProtectOperators(client, v3Dialect)
    createProtectOperators-->>App: protectOps { eq, gt, ilike, inArray, asc, ... }

    App->>createProtectOperators: ops.eq(column, 'alice')
    createProtectOperators->>v3Dialect: equality('eq', column, encryptedValue)
    v3Dialect-->>createProtectOperators: eql_v3.eq_term(col) = eql_v3.hmac_256(enc::jsonb)
    createProtectOperators-->>App: SQL predicate

    App->>PostgreSQL: SELECT WHERE eql_v3.eq_term(col) = eql_v3.hmac_256(...)
    PostgreSQL-->>App: matched rows

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Suggested reviewers

• coderdan

Poem

🐇 A new domain named v3 arrived today,
With eq_term and bloom filters leading the way.
The dialect seam keeps v2 safe and sound,
While ore-block extractors make order abound.
This bunny encrypts labels with HMAC delight—
No plaintext escapes when the index is right! 🔐

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 52.17% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: adding EQL v3 adapter support for text scalar to the Drizzle Postgres integration.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch eql-v3-drizzle-adapter

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

packages/drizzle/__tests__/v3/eql-v3-type.test.ts (1)

22-39: ⚡ Quick win

Avoid asserting Drizzle private internals in this test.

These expectations depend on config.customTypeParams, which is internal and brittle. Prefer asserting the SQL type through the public column API after pgTable construction.

Suggested refactor

-    // biome-ignore lint/suspicious/noExplicitAny: reading Drizzle internals in test
-    expect((storage as any).config.customTypeParams.dataType()).toBe(
-      'eql_v3.text',
-    )
-    // biome-ignore lint/suspicious/noExplicitAny: reading Drizzle internals in test
-    expect((eqCol as any).config.customTypeParams.dataType()).toBe(
-      'eql_v3.text_eq',
-    )
-    // biome-ignore lint/suspicious/noExplicitAny: reading Drizzle internals in test
-    expect((matchCol as any).config.customTypeParams.dataType()).toBe(
-      'eql_v3.text_match',
-    )
-    // biome-ignore lint/suspicious/noExplicitAny: reading Drizzle internals in test
-    expect((ordCol as any).config.customTypeParams.dataType()).toBe(
-      'eql_v3.text_ord',
-    )
+    const t = pgTable('v3_types_sql', {
+      storage,
+      eqCol,
+      matchCol,
+      ordCol,
+    })
+    expect(t.storage.getSQLType()).toBe('eql_v3.text')
+    expect(t.eqCol.getSQLType()).toBe('eql_v3.text_eq')
+    expect(t.matchCol.getSQLType()).toBe('eql_v3.text_match')
+    expect(t.ordCol.getSQLType()).toBe('eql_v3.text_ord')

As per coding guidelines, "Prefer testing via public API; avoid reaching into private internals in tests".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/drizzle/__tests__/v3/eql-v3-type.test.ts` around lines 22 - 39,
Replace the private Drizzle internals assertions in the test expectations for
storage, eqCol, matchCol, and ordCol variables. Instead of accessing (variable
as any).config.customTypeParams.dataType(), use the public column API method
getSQLType() which provides the same information post-pgTable construction.
Update all four expect() calls to use the getSQLType() method and remove the
biome-ignore comments since you will no longer be accessing internal properties.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/drizzle/__tests__/eql-v3.test.ts`:
- Line 26: The SKIP_ORDER_BY constant at line 26 is hardcoded to true,
permanently disabling ORDER BY/MIN-MAX test coverage and preventing detection of
regressions in the ordering path. Replace the hardcoded true value with logic
that checks an environment flag (such as process.env.SKIP_ORDER_BY or a similar
CI capability flag) so these tests run by default but can be optionally skipped
when needed. Apply the same environment-based gating pattern to the related code
at lines 190-206 that also controls skip behavior based on this constant.

In `@packages/drizzle/__tests__/v3/extraction.test.ts`:
- Around line 40-57: The test uses a hardcoded column name 't_eq' which is
registered in a global map keyed by column name, creating the risk of false
positives if another test has already registered the same 't_eq' name. Replace
the column name 't_eq' with a unique identifier (such as 'v3_shared_t_eq' or
similar) throughout the test in three places: in the column definition passed to
eqlV3Type in the pgTable call, in the sharedMap.get() assertion, and in the
getEncryptedColumnConfig() call to ensure this test specifically validates its
own registration and fallback path without depending on prior test state.

In `@packages/drizzle/__tests__/v3/provisioning.test.ts`:
- Around line 34-44: The test in 'the v3 extractor functions were installed
(eq_term, ord_term, match_term)' currently only validates that at least 3 rows
are returned, which is insufficient because a single extractor function with
multiple overloads could satisfy that condition. Instead, extract the distinct
proname values from the fns result and explicitly assert that the set contains
all three required function names: eq_term, ord_term, and match_term. Replace
the toBeGreaterThanOrEqual(3) assertion with explicit checks that each of these
three names is present in the query results.

---

Nitpick comments:
In `@packages/drizzle/__tests__/v3/eql-v3-type.test.ts`:
- Around line 22-39: Replace the private Drizzle internals assertions in the
test expectations for storage, eqCol, matchCol, and ordCol variables. Instead of
accessing (variable as any).config.customTypeParams.dataType(), use the public
column API method getSQLType() which provides the same information post-pgTable
construction. Update all four expect() calls to use the getSQLType() method and
remove the biome-ignore comments since you will no longer be accessing internal
properties.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f90efbe7-2c43-47bc-82c6-996971a07fde

📥 Commits

Reviewing files that changed from the base of the PR and between 917b5c0 and da1c57a.

📒 Files selected for processing (25)

• packages/drizzle/__tests__/eql-v3.test.ts
• packages/drizzle/__tests__/fixtures/cipherstash-encrypt-v3.sql
• packages/drizzle/__tests__/fixtures/eql-v3-seed-data.ts
• packages/drizzle/__tests__/test-utils.ts
• packages/drizzle/__tests__/v3/codec.test.ts
• packages/drizzle/__tests__/v3/detection.test.ts
• packages/drizzle/__tests__/v3/dialect.test.ts
• packages/drizzle/__tests__/v3/domain-map.test.ts
• packages/drizzle/__tests__/v3/eql-v3-type.test.ts
• packages/drizzle/__tests__/v3/exports.test.ts
• packages/drizzle/__tests__/v3/extraction.test.ts
• packages/drizzle/__tests__/v3/helpers/install-v3.ts
• packages/drizzle/__tests__/v3/operators-v3.test.ts
• packages/drizzle/__tests__/v3/provisioning.test.ts
• packages/drizzle/__tests__/v3/roundtrip-eq.test.ts
• packages/drizzle/package.json
• packages/drizzle/scripts/refresh-eql-v3-sql.md
• packages/drizzle/src/pg/index.ts
• packages/drizzle/src/pg/operators.ts
• packages/drizzle/src/pg/sql-dialect.ts
• packages/drizzle/src/pg/v3/codec.ts
• packages/drizzle/src/pg/v3/domain-map.ts
• packages/drizzle/src/pg/v3/eql-v3-type.ts
• packages/drizzle/src/pg/v3/index.ts
• packages/drizzle/tsup.config.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

SKIP_ORDER_BY is hardcoded to true, so ORDER BY/MIN-MAX coverage never runs.

This permanently disables validation of the ordering path and can hide regressions. Gate skip behavior with an environment flag (or CI capability detection) so these tests execute by default when supported.

Suggested fix

-const SKIP_ORDER_BY = true // shared CI DB, mirrors drizzle.test.ts:61
+const SKIP_ORDER_BY = process.env.SKIP_ORDER_BY === '1'

Also applies to: 190-206

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/drizzle/__tests__/eql-v3.test.ts` at line 26, The SKIP_ORDER_BY
constant at line 26 is hardcoded to true, permanently disabling ORDER BY/MIN-MAX
test coverage and preventing detection of regressions in the ordering path.
Replace the hardcoded true value with logic that checks an environment flag
(such as process.env.SKIP_ORDER_BY or a similar CI capability flag) so these
tests run by default but can be optionally skipped when needed. Apply the same
environment-based gating pattern to the related code at lines 190-206 that also
controls skip behavior based on this constant.

[tobyhede]

Fixes Applied Successfully

Applied 2 of 3 CodeRabbit feedback items based on local review.

Files modified:

• packages/drizzle/__tests__/v3/extraction.test.ts — use a unique column key (v3_shared_t_eq) and pre-delete it from the global registry so the cross-bundle test can't pass on another test's stale state.
• packages/drizzle/__tests__/v3/provisioning.test.ts — assert the distinct extractor-name set {eq_term, ord_term, match_term} instead of a bare row count (>= 3 could pass with a single overloaded name).

Deferred (1):

• eql-v3.test.ts SKIP_ORDER_BY — intentionally hardcoded true, mirroring the repo-wide convention (drizzle.test.ts:61: the CI database does not support ORDER BY on encrypted columns). The suggested run-by-default fix would break CI.

Commit: 47b4010

The latest autofix changes are on the eql-v3-drizzle-adapter branch.

[coderdan]

Shouldn't this be using the EQL TS types from eql-types?

[coderdan]

I'm a bit confused by this PR because it takes quite a different approach to what was discussed. I thought the whole idea of the eql-types crate and TS bindings was to use those types in consumers to avoid duplication, drift and bugs due to inconsistency.