Skip to content

docs(concepts): comparison and concept pages#72

Open
coderdan wants to merge 4 commits into
v2from
docs/concepts-comparisons
Open

docs(concepts): comparison and concept pages#72
coderdan wants to merge 4 commits into
v2from
docs/concepts-comparisons

Conversation

@coderdan

Copy link
Copy Markdown
Contributor

Content work that's independent of the Stack 1.0 final API. Building up the Comparisons and Concepts sections while API-exact pages are blocked.

In this PR so far

  • concepts/compare/rls-and-tde — how CipherStash relates to Postgres Row-Level Security (access control) and Transparent Data Encryption (at-rest, on disk). Three layers, different threats, and how they compose. Includes threat-coverage tables and a "choosing" matrix. Written against the shipped v3 story, no em-dashes.

More comparison and concept pages will land on this branch.

Notes for reviewers

  • The FHE comparison is on hold. The draft (cipherstash-vs-fhe.md, untracked in the repo root) is strong but written against EQL v2, and two claims contradict the shipped v3 reference: Paillier-backed SUM/AVG (v3 numbers.mdx says arithmetic aggregates are unsupported), and "static order is not leaked" (true for block-ORE, but the v3 default is order-preserving OPE). Landing it needs those two product-truth questions settled first (they overlap with the searchable-encryption leakage decision). It also carries marketing-style frontmatter, so it may belong on the marketing site.

Verification

  • bun run build compiles with 0 errors; no broken links.

https://claude.ai/code/session_01NkxKebM3qffTB7FayXsfxP

First real page in the Comparisons section. Explains how CipherStash relates to
Postgres Row-Level Security (access control) and Transparent Data Encryption
(at-rest, on disk): three different layers closing different threats, and how
they compose. Written against the shipped v3 story; no em-dashes.
@vercel

vercel Bot commented Jul 15, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
public-docs Ready Ready Preview, Comment Jul 15, 2026 5:51am

Request Review

Reframe the RLS section around its real limitation: policies enforce on the
connecting database identity, but apps connect as a shared service principal
(especially through ORMs like Drizzle/Prisma, and on RDS/Aurora), so per-user
RLS is not in effect for most real connection patterns. Supabase via supabase-js
is the exception. CipherStash's guarantee is independent of how you connect and
can bind to the end user.
…S page

Two-lane Mermaid diagram: three users sharing one pooled service-principal
connection (DB sees one role) vs a user identity carried through a data API
(DB sees the actual user).
Switch the Mermaid component from the stock default/dark themes to the
customisable base theme with CipherStash themeVariables (warm near-black /
off-white grounds, lime accent for subgraph titles), for both light and dark.
Applied globally, so every diagram on the site is branded from one place.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant