Merge pull request #170 from cipherstash/refactor/canonical-config

Canonical shared encryption config

Author: freshtonic

.github/workflows/release-eql.yml

@@ -12,6 +12,10 @@ on:
   # Useful for debugging
   workflow_dispatch:
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
+  MISE_VERBOSE: "1"
+
 defaults:
   run:
     shell: bash -l {0}
@@ -29,9 +33,9 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: jdx/mise-action@v2
+      - uses: jdx/mise-action@v3
         with:
-          version: 2025.1.6 # [default: latest] mise version to install
+          version: 2026.4.0 # [default: latest] mise version to install
           install: true # [default: true] run `mise install`
           cache: true # [default: true] cache mise using GitHub's cache
 
@@ -76,9 +80,9 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: jdx/mise-action@v2
+      - uses: jdx/mise-action@v3
         with:
-          version: 2025.1.6 # [default: latest] mise version to install
+          version: 2026.4.0 # [default: latest] mise version to install
           install: true # [default: true] run `mise install`
           cache: true # [default: true] cache mise using GitHub's cache
 

.github/workflows/test-eql.yml

@@ -21,6 +21,10 @@ on:
 
   workflow_dispatch:
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
+  MISE_VERBOSE: "1"
+
 defaults:
   run:
     shell: bash -l {0}

docs/reference/index-config.md

@@ -35,17 +35,22 @@ SELECT eql_v2.add_search_config(
 
 #### Option (`cast_as`)
 
+The type field can be specified as either `plaintext_type` (preferred) or `cast_as` (deprecated alias retained for backwards compatibility).
+When both are present, `plaintext_type` takes precedence.
+
 Supported types:
 
 - `text`
 - `int`
 - `small_int`
 - `big_int`
-- `real`
+- `real` (also accepts `float`)
 - `double`
 - `boolean`
 - `date`
-- `jsonb`
+- `json` (also accepts `jsonb`)
+- `decimal`
+- `timestamp`
 
 #### Options for match indexes (`opts`)
 

src/config/constraints.sql

@@ -61,29 +61,40 @@ $$ LANGUAGE plpgsql;
 --! @brief Validate cast types in configuration
 --! @internal
 --!
---! Checks that all 'cast_as' types specified in the configuration are valid.
---! Valid cast types are: text, int, small_int, big_int, real, double, boolean, date, jsonb.
+--! Checks that all 'cast_as' and 'plaintext_type' types specified in the configuration are valid.
+--! Valid cast types are: text, int, small_int, big_int, real, double, boolean, date, jsonb, json, float, decimal, timestamp.
 --!
 --! @param jsonb Configuration data to validate
 --! @return boolean True if all cast types are valid or no cast types specified
 --! @throws Exception if any invalid cast type found
 --!
 --! @note Used in CHECK constraint on eql_v2_configuration table
---! @note Empty configurations (no cast_as fields) are valid
+--! @note Empty configurations (no cast_as/plaintext_type fields) are valid
 --! @note Cast type names are EQL's internal representations, not PostgreSQL native types
+--! @note 'plaintext_type' is accepted as a canonical alias for 'cast_as'
 CREATE FUNCTION eql_v2.config_check_cast(val jsonb)
   RETURNS BOOLEAN
+  IMMUTABLE STRICT PARALLEL SAFE
 AS $$
+  DECLARE
+    _valid_types text[] := '{text, int, small_int, big_int, real, double, boolean, date, jsonb, json, float, decimal, timestamp}';
 	BEGIN
-    -- If there are cast_as fields, validate them
+    -- Validate cast_as fields
     IF EXISTS (SELECT jsonb_array_elements_text(jsonb_path_query_array(val, '$.tables.*.*.cast_as'))) THEN
-      IF (SELECT bool_and(cast_as = ANY('{text, int, small_int, big_int, real, double, boolean, date, jsonb}')) 
+      IF NOT (SELECT bool_and(cast_as = ANY(_valid_types))
           FROM (SELECT jsonb_array_elements_text(jsonb_path_query_array(val, '$.tables.*.*.cast_as')) AS cast_as) casts) THEN
-        RETURN true;
+        RAISE 'Configuration has an invalid cast_as (%). Cast should be one of %', val, _valid_types;
+      END IF;
+    END IF;
+
+    -- Validate plaintext_type fields (canonical alias for cast_as)
+    IF EXISTS (SELECT jsonb_array_elements_text(jsonb_path_query_array(val, '$.tables.*.*.plaintext_type'))) THEN
+      IF NOT (SELECT bool_and(pt = ANY(_valid_types))
+          FROM (SELECT jsonb_array_elements_text(jsonb_path_query_array(val, '$.tables.*.*.plaintext_type')) AS pt) types) THEN
+        RAISE 'Configuration has an invalid plaintext_type (%). Type should be one of %', val, _valid_types;
       END IF;
-      RAISE 'Configuration has an invalid cast_as (%). Cast should be one of {text, int, small_int, big_int, real, double, boolean, date, jsonb}', val;
     END IF;
-    -- If no cast_as fields exist (empty config), that's valid
+
     RETURN true;
   END;
 $$ LANGUAGE plpgsql;

src/config/functions.sql

@@ -46,7 +46,7 @@ AS $$
       RAISE EXCEPTION '% index exists for column: % %', index_name, table_name, column_name;
     END IF;
 
-    IF NOT cast_as = ANY('{text, int, small_int, big_int, real, double, boolean, date, jsonb}') THEN
+    IF NOT cast_as = ANY('{text, int, small_int, big_int, real, double, boolean, date, jsonb, json, float, decimal, timestamp}') THEN
       RAISE EXCEPTION '% is not a valid cast type', cast_as;
     END IF;
 
@@ -470,16 +470,16 @@ AS $$
 BEGIN
     RETURN QUERY
       WITH tables AS (
-          SELECT config.state, tables.key AS table, tables.value AS config
-          FROM public.eql_v2_configuration config, jsonb_each(data->'tables') tables
-          WHERE config.data->>'v' = '1'
+          SELECT cfg.state, tables.key AS table, tables.value AS tbl_config
+          FROM public.eql_v2_configuration cfg, jsonb_each(data->'tables') tables
+          WHERE cfg.data->>'v' = '1'
       )
       SELECT
           tables.state,
           tables.table,
           column_config.key,
-          column_config.value->>'cast_as',
+          COALESCE(column_config.value->>'plaintext_type', column_config.value->>'cast_as'),
           column_config.value->'indexes'
-      FROM tables, jsonb_each(tables.config) column_config;
+      FROM tables, jsonb_each(tables.tbl_config) column_config;
 END;
 $$ LANGUAGE plpgsql;