Skip to content

encryptQuery API to support STE Vec operations #279

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tobyhede merged 7 commits into from
Feb 4, 2026
Merged

encryptQuery API to support STE Vec operations #279

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
4995ad5
feat(protect): add STE Vec query support to encryptQuery API
tobyhede Feb 3, 2026
0f6661b
test: steVecTerm requires JSON
tobyhede Feb 3, 2026
2e280ea
feat(protect): add queryOp inference from plaintext for searchableJson
tobyhede Feb 3, 2026
7543e0d
fix(protect): address code review feedback for queryOp inference
tobyhede Feb 4, 2026
5682e95
fix(protect): treat undefined plaintext same as null in encryptQuery
tobyhede Feb 4, 2026
cf03969
fix(protect): use public API imports in tests
tobyhede Feb 4, 2026
e769740
chore: add changeset for STE Vec query support
tobyhede Feb 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions .changeset/ste-vec-query-support.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
"@cipherstash/protect": minor
"@cipherstash/schema": minor
---

Add STE Vec query support to encryptQuery API for encrypted JSONB columns.

- New `searchableJson()` method on column schema enables encrypted JSONB queries
- Automatic query operation inference from plaintext shape (string → steVecSelector, object/array → steVecTerm)
- Supports explicit `queryType: 'steVecSelector'` and `queryType: 'steVecTerm'` options
- JSONB path utilities for building encrypted JSON column queries
59 changes: 59 additions & 0 deletions docs/reference/searchable-encryption-postgres.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,65 @@ console.log(term.data) // array of search terms

## Search capabilities

### JSONB queries with searchableJson

For columns storing JSON data, use `.searchableJson()` to enable encrypted JSONB queries:

```typescript
const schema = csTable('documents', {
metadata: csColumn('metadata_encrypted')
.searchableJson() // Enables JSONB path and containment queries
})
```

**Query types for JSONB columns:**

When using `encryptQuery` on a `searchableJson()` column, the query operation is automatically inferred from the plaintext type:

- **String plaintext** → `steVecSelector` (JSONPath queries like `'$.user.email'`)
- **Object/Array plaintext** → `steVecTerm` (containment queries like `{ role: 'admin' }`)

```typescript
// JSONPath selector query (string → steVecSelector inferred)
const pathTerm = await protectClient.encryptQuery('$.user.email', {
column: schema.metadata,
table: schema,
// queryType is automatically inferred as 'steVecSelector'
})

// Containment query (object → steVecTerm inferred)
const containmentTerm = await protectClient.encryptQuery({ role: 'admin' }, {
column: schema.metadata,
table: schema,
// queryType is automatically inferred as 'steVecTerm'
})
```

**Explicit query type:**

You can also specify `queryType` explicitly if needed:

```typescript
const term = await protectClient.encryptQuery('$.user.email', {
column: schema.metadata,
table: schema,
queryType: 'steVecSelector', // Explicit
})
```

> [!NOTE]
> When a column uses `searchableJson()`, string values passed to `encryptQuery` are treated as JSONPath selectors.
> If you need to query for a JSON string value itself, wrap it in an object or array:
>
> ```typescript
> // To find documents where a field contains the string "admin"
> const term = await protectClient.encryptQuery(['admin'], {
> column: schema.metadata,
> table: schema,
> queryType: 'steVecTerm', // Explicit for clarity
> })
> ```

### Exact matching

Use `.equality()` when you need to find exact matches:
Expand Down
Loading