EQL using domain type

.github/workflows/test-eql.yml

@@ -41,6 +41,13 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      - uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: stable
+          components: rustfmt
+          cache: true
+          cache-all-crates: true
+
       - uses: jdx/mise-action@v2
         with:
           version: 2025.1.6 # [default: latest] mise version to install

.gitignore

@@ -2,6 +2,7 @@
 
 .DS_Store
 .mise.*
+.worktrees/
 
 deps.txt
 deps-ordered.txt
@@ -210,3 +211,6 @@ eql--*.sql
 
 # Generated SQLx migration (built from src/, never commit)
 tests/sqlx/migrations/001_install_eql.sql
+
+# Rust build artifacts (using sccache)
+tests/sqlx/target/

mise.toml

@@ -6,15 +6,23 @@
 #     "./tests/mise.tcp.toml",
 #     "./tests/mise.tls.toml",
 # ]
+
+[tools]
+rust = "latest"
+"cargo:cargo-binstall" = "latest"
+"cargo:sqlx-cli" = "latest"
+
+
 [task_config]
-includes = ["tasks", "tasks/postgres.toml", "tasks/rust.toml"]
+includes = ["tasks", "tasks/postgres.toml"]
 
 [env]
 POSTGRES_DB = "cipherstash"
 POSTGRES_USER = "cipherstash"
 POSTGRES_PASSWORD = "password"
 POSTGRES_HOST = "localhost"
 POSTGRES_PORT = "7432"
+DATABASE_URL = "postgresql://cipherstash:password@localhost:7432/cipherstash"
 
 [tasks."clean"]
 alias = 'k'
@@ -23,3 +31,27 @@ run = """
   rm -f release/cipherstash-encrypt-uninstall.sql
   rm -f release/cipherstash-encrypt.sql
 """
+
+[tasks."test:sqlx"]
+description = "Run SQLx tests with hybrid migration approach"
+dir = "{{config_root}}"
+run = """
+# Copy built SQL to SQLx migrations (EQL install is generated, not static)
+echo "Updating SQLx migrations with built EQL..."
+cp release/cipherstash-encrypt.sql tests/sqlx/migrations/001_install_eql.sql
+
+# Run SQLx migrations and tests
+echo "Running SQLx migrations..."
+cd tests/sqlx
+sqlx migrate run
+
+echo "Running Rust tests..."
+cargo test
+"""
+
+[tasks."test:sqlx:watch"]
+description = "Run SQLx tests in watch mode (rebuild EQL on changes)"
+dir = "{{config_root}}/tests/sqlx"
+run = """
+cargo watch -x test
+"""

src/blake3/functions.sql

@@ -47,7 +47,7 @@ CREATE FUNCTION eql_v2.blake3(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
   BEGIN
-    RETURN (SELECT eql_v2.blake3(val.data));
+    RETURN (SELECT eql_v2.blake3($1));
   END;
 $$ LANGUAGE plpgsql;
 
@@ -85,7 +85,7 @@ CREATE FUNCTION eql_v2.has_blake3(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
 	BEGIN
-    RETURN eql_v2.has_blake3(val.data);
+    RETURN eql_v2.has_blake3($1);
   END;
 $$ LANGUAGE plpgsql;
 

src/bloom_filter/functions.sql

@@ -44,7 +44,7 @@ CREATE FUNCTION eql_v2.bloom_filter(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
   BEGIN
-    RETURN (SELECT eql_v2.bloom_filter(val.data));
+    RETURN (SELECT eql_v2.bloom_filter($1));
   END;
 $$ LANGUAGE plpgsql;
 
@@ -82,6 +82,6 @@ CREATE FUNCTION eql_v2.has_bloom_filter(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
 	BEGIN
-    RETURN eql_v2.has_bloom_filter(val.data);
+    RETURN eql_v2.has_bloom_filter($1);
   END;
 $$ LANGUAGE plpgsql;

src/config/constraints.sql

@@ -41,7 +41,7 @@ AS $$
 	BEGIN
     -- If there are cast_as fields, validate them
     IF EXISTS (SELECT jsonb_array_elements_text(jsonb_path_query_array(val, '$.tables.*.*.cast_as'))) THEN
-      IF (SELECT bool_and(cast_as = ANY('{text, int, small_int, big_int, real, double, boolean, date, jsonb}')) 
+      IF (SELECT bool_and(cast_as = ANY('{text, int, small_int, big_int, real, double, boolean, date, jsonb}'))
           FROM (SELECT jsonb_array_elements_text(jsonb_path_query_array(val, '$.tables.*.*.cast_as')) AS cast_as) casts) THEN
         RETURN true;
       END IF;

src/config/functions.sql

@@ -472,7 +472,7 @@ BEGIN
       WITH tables AS (
           SELECT config.state, tables.key AS table, tables.value AS config
           FROM public.eql_v2_configuration config, jsonb_each(data->'tables') tables
-          WHERE config.data->>'v' = '1'
+          WHERE $1->>'v' = '1'
       )
       SELECT
           tables.state,

src/encrypted/casts.sql

@@ -15,7 +15,7 @@ BEGIN
         RETURN NULL;
     END IF;
 
-    RETURN ROW(data)::public.eql_v2_encrypted;
+    RETURN data;
 END;
 $$ LANGUAGE plpgsql;
 
@@ -68,7 +68,7 @@ BEGIN
         RETURN NULL;
     END IF;
 
-    RETURN e.data;
+    RETURN e;
 END;
 $$ LANGUAGE plpgsql;
 

src/encrypted/compare.sql

@@ -26,8 +26,8 @@ AS $$
       RETURN 1;
     END IF;
 
-    a_data := a.data;
-    b_data := b.data;
+    a_data := a;
+    b_data := b;
 
     IF a_data < b_data THEN
       RETURN -1;

src/encrypted/constraints.sql

@@ -77,6 +77,6 @@ CREATE FUNCTION eql_v2.check_encrypted(val eql_v2_encrypted)
   RETURNS BOOLEAN
 LANGUAGE sql IMMUTABLE STRICT PARALLEL SAFE
 BEGIN ATOMIC
-    RETURN eql_v2.check_encrypted(val.data);
+    RETURN eql_v2.check_encrypted(val);
 END;
 

src/encrypted/functions.sql

@@ -50,7 +50,7 @@ CREATE FUNCTION eql_v2.ciphertext(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
 	BEGIN
-    RETURN eql_v2.ciphertext(val.data);
+    RETURN eql_v2.ciphertext(val);
   END;
 $$ LANGUAGE plpgsql;
 
@@ -202,7 +202,7 @@ CREATE FUNCTION eql_v2.meta_data(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
   BEGIN
-     RETURN eql_v2.meta_data(val.data);
+     RETURN eql_v2.meta_data(val);
   END;
 $$ LANGUAGE plpgsql;
 

src/encrypted/types.sql

@@ -19,9 +19,7 @@
 DO $$
   BEGIN
     IF NOT EXISTS (SELECT 1 FROM pg_type WHERE typname = 'eql_v2_encrypted') THEN
-      CREATE TYPE public.eql_v2_encrypted AS (
-        data jsonb
-      );
+      CREATE DOMAIN public.eql_v2_encrypted AS jsonb;
     END IF;
   END
 $$;

src/hmac_256/functions.sql

@@ -62,7 +62,7 @@ CREATE FUNCTION eql_v2.has_hmac_256(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
 	BEGIN
-    RETURN eql_v2.has_hmac_256(val.data);
+    RETURN eql_v2.has_hmac_256($1);
   END;
 $$ LANGUAGE plpgsql;
 
@@ -82,7 +82,7 @@ CREATE FUNCTION eql_v2.hmac_256(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
   BEGIN
-    RETURN (SELECT eql_v2.hmac_256(val.data));
+    RETURN (SELECT eql_v2.hmac_256($1));
   END;
 $$ LANGUAGE plpgsql;
 

src/jsonb/functions.sql

@@ -82,7 +82,7 @@ CREATE FUNCTION eql_v2.jsonb_path_query(val eql_v2_encrypted, selector eql_v2_en
 AS $$
   BEGIN
     RETURN QUERY
-    SELECT * FROM eql_v2.jsonb_path_query(val.data, eql_v2.selector(selector));
+    SELECT * FROM eql_v2.jsonb_path_query($1, eql_v2.selector(selector));
   END;
 $$ LANGUAGE plpgsql;
 
@@ -93,7 +93,7 @@ CREATE FUNCTION eql_v2.jsonb_path_query(val eql_v2_encrypted, selector text)
 AS $$
   BEGIN
     RETURN QUERY
-    SELECT * FROM eql_v2.jsonb_path_query(val.data, selector);
+    SELECT * FROM eql_v2.jsonb_path_query($1, selector);
   END;
 $$ LANGUAGE plpgsql;
 
@@ -148,7 +148,7 @@ AS $$
     RETURN (
       SELECT (
         SELECT e
-        FROM eql_v2.jsonb_path_query(val.data, selector) AS e
+        FROM eql_v2.jsonb_path_query($1, selector) AS e
         LIMIT 1
       )
     );
@@ -163,7 +163,7 @@ AS $$
   BEGIN
     RETURN (
         SELECT e
-        FROM eql_v2.jsonb_path_query(val.data, eql_v2.selector(selector)) as e
+        FROM eql_v2.jsonb_path_query($1, eql_v2.selector(selector)) as e
         LIMIT 1
     );
   END;
@@ -177,7 +177,7 @@ AS $$
   BEGIN
     RETURN (
         SELECT e
-        FROM eql_v2.jsonb_path_query(val.data, selector) as e
+        FROM eql_v2.jsonb_path_query($1, selector) as e
         LIMIT 1
     );
   END;
@@ -225,7 +225,7 @@ CREATE FUNCTION eql_v2.jsonb_array_length(val eql_v2_encrypted)
 AS $$
   BEGIN
     RETURN (
-      SELECT eql_v2.jsonb_array_length(val.data)
+      SELECT eql_v2.jsonb_array_length($1)
     );
   END;
 $$ LANGUAGE plpgsql;
@@ -276,7 +276,7 @@ CREATE FUNCTION eql_v2.jsonb_array_elements(val eql_v2_encrypted)
 AS $$
   BEGIN
     RETURN QUERY
-      SELECT * FROM eql_v2.jsonb_array_elements(val.data);
+      SELECT * FROM eql_v2.jsonb_array_elements($1);
   END;
 $$ LANGUAGE plpgsql;
 
@@ -319,6 +319,6 @@ CREATE FUNCTION eql_v2.jsonb_array_elements_text(val eql_v2_encrypted)
 AS $$
   BEGIN
     RETURN QUERY
-      SELECT * FROM eql_v2.jsonb_array_elements_text(val.data);
+      SELECT * FROM eql_v2.jsonb_array_elements_text($1);
   END;
 $$ LANGUAGE plpgsql;

src/ore_block_u64_8_256/functions.sql

@@ -75,7 +75,7 @@ CREATE FUNCTION eql_v2.ore_block_u64_8_256(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
 	BEGIN
-    RETURN eql_v2.ore_block_u64_8_256(val.data);
+    RETURN eql_v2.ore_block_u64_8_256($1);
   END;
 $$ LANGUAGE plpgsql;
 
@@ -113,7 +113,7 @@ CREATE FUNCTION eql_v2.has_ore_block_u64_8_256(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
 	BEGIN
-    RETURN eql_v2.has_ore_block_u64_8_256(val.data);
+    RETURN eql_v2.has_ore_block_u64_8_256($1);
   END;
 $$ LANGUAGE plpgsql;
 

src/ore_cllw_u64_8/functions.sql

@@ -46,7 +46,7 @@ CREATE FUNCTION eql_v2.ore_cllw_u64_8(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
   BEGIN
-    RETURN (SELECT eql_v2.ore_cllw_u64_8(val.data));
+    RETURN (SELECT eql_v2.ore_cllw_u64_8($1));
   END;
 $$ LANGUAGE plpgsql;
 
@@ -84,7 +84,7 @@ CREATE FUNCTION eql_v2.has_ore_cllw_u64_8(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
 	BEGIN
-    RETURN eql_v2.has_ore_cllw_u64_8(val.data);
+    RETURN eql_v2.has_ore_cllw_u64_8($1);
   END;
 $$ LANGUAGE plpgsql;
 

src/ore_cllw_var_8/functions.sql

@@ -48,7 +48,7 @@ CREATE FUNCTION eql_v2.ore_cllw_var_8(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
   BEGIN
-    RETURN (SELECT eql_v2.ore_cllw_var_8(val.data));
+    RETURN (SELECT eql_v2.ore_cllw_var_8($1));
   END;
 $$ LANGUAGE plpgsql;
 
@@ -86,7 +86,7 @@ CREATE FUNCTION eql_v2.has_ore_cllw_var_8(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
 	BEGIN
-    RETURN eql_v2.has_ore_cllw_var_8(val.data);
+    RETURN eql_v2.has_ore_cllw_var_8($1);
   END;
 $$ LANGUAGE plpgsql;
 

src/ste_vec/functions.sql

@@ -54,7 +54,7 @@ CREATE FUNCTION eql_v2.ste_vec(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
   BEGIN
-    RETURN (SELECT eql_v2.ste_vec(val.data));
+    RETURN (SELECT eql_v2.ste_vec($1));
   END;
 $$ LANGUAGE plpgsql;
 
@@ -94,7 +94,7 @@ CREATE FUNCTION eql_v2.is_ste_vec_value(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
 	BEGIN
-    RETURN eql_v2.is_ste_vec_value(val.data);
+    RETURN eql_v2.is_ste_vec_value($1);
   END;
 $$ LANGUAGE plpgsql;
 
@@ -147,7 +147,7 @@ CREATE FUNCTION eql_v2.to_ste_vec_value(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
 	BEGIN
-    RETURN eql_v2.to_ste_vec_value(val.data);
+    RETURN eql_v2.to_ste_vec_value($1);
   END;
 $$ LANGUAGE plpgsql;
 
@@ -192,7 +192,7 @@ CREATE FUNCTION eql_v2.selector(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
   BEGIN
-    RETURN (SELECT eql_v2.selector(val.data));
+    RETURN (SELECT eql_v2.selector($1));
   END;
 $$ LANGUAGE plpgsql;
 
@@ -235,7 +235,7 @@ CREATE FUNCTION eql_v2.is_ste_vec_array(val eql_v2_encrypted)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
   BEGIN
-    RETURN (SELECT eql_v2.is_ste_vec_array(val.data));
+    RETURN (SELECT eql_v2.is_ste_vec_array($1));
   END;
 $$ LANGUAGE plpgsql;