Skip to content

Version Packages (rc)#668

Merged
coderdan merged 1 commit into
mainfrom
changeset-release/main
Jul 16, 2026
Merged

Version Packages (rc)#668
coderdan merged 1 commit into
mainfrom
changeset-release/main

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

⚠️⚠️⚠️⚠️⚠️⚠️

main is currently in pre mode so this branch has prereleases rather than normal releases. If you want to exit prereleases, run changeset pre exit on main.

⚠️⚠️⚠️⚠️⚠️⚠️

Releases

@cipherstash/stack@1.0.0-rc.2

Minor Changes

  • b085f66: @cipherstash/stack/wasm-inline now exposes encryptQuery and
    encryptQueryBulk on WasmEncryptionClient (wasm-inline omits encryptQuery: no searchable encryption on Deno/edge runtimes #662) — searchable encryption
    is reachable on Deno/edge runtimes. Previously the WASM entry exposed only
    encrypt/decrypt/isEncrypted, so encrypted WHERE-clause search was
    architecturally impossible on the edge even though the underlying protect-ffi
    WASM build carries the capability.

    The new methods mint ciphertext-free EQL v3 query terms — equality,
    free-text match, ORE range, and JSON containment/selector — with the same
    index-type resolution as the native client (explicit queryType, or
    inference from the column's configured indexes). Cast the term to the
    column's eql_v3.query_<domain> type in SQL to reach the indexed operators.
    Errors throw, consistent with the WASM surface's encrypt/decrypt; the
    bulk form is position-stable (null values pass through as null).

stash@1.0.0-rc.2

Patch Changes

  • 6fcb967: stash init now pins the packages it installs (@cipherstash/stack, the
    integration adapter, and stash itself) to the exact versions this CLI
    release was built alongside, instead of installing bare package names that
    resolve through npm dist-tags (npm dist-tags deliver broken/stale packages: adapters' latest=0.0.0, stack latest=0.19.0; stash init installs unpinned #661). During a pre-release window dist-tags
    lag or point at placeholders, so an unpinned init could silently deliver a
    different release than the CLI driving the setup — stale @cipherstash/stack,
    or an empty placeholder adapter — breaking /v3 imports out of the box. The
    versions are embedded at build time from the release train itself
    (src/release-train.ts, the single source both the build and the runtime
    check against), so they can never disagree with what was published together.

    Init also now surfaces version skew on already-installed packages —
    unconditionally, before any prompt or early exit, including when the install
    is declined or partially fails. Interactively it offers to align the skewed
    packages in the same confirm as the missing installs (keeping stash a dev
    dependency); non-interactively it never mutates an existing install — it
    warns and prints the exact align commands. A package whose manifest exists
    but can't be read (an aborted install) is reported as skew, not treated as
    matching. All other install guidance is pinned the same way: the
    missing-package hints, .cipherstash/context.json's installCommand, the
    install-eql manual note, the native-module recovery hint (previously
    stash@latest), and the stash wizard one-shot spawn (previously an
    unpinned npx @cipherstash/wizard). The stash-cli skill documents the
    behaviour, and the other bundled skills' manual install commands now carry a
    verify-what-resolved note.

  • d803914: Two guards for the release-train version embed (npm dist-tags deliver broken/stale packages: adapters' latest=0.0.0, stack latest=0.19.0; stash init installs unpinned #661 follow-up):

    Direction-aware version skew. stash init now distinguishes an installed
    package that is behind this CLI release (offered alignment / the pinned
    install command, as before) from one that is newer than the release expects.
    A newer install no longer produces a downgrade command — init prints the exact
    stash update command instead (release-train lockstep guarantees that version
    exists), and when missing packages are about to be installed alongside newer
    ones it says the pairing may not match and to update stash first. Unreadable
    or malformed manifest versions always count as behind (a broken install should
    be offered the reinstall fix, never "looks newer, leave it").

    Version lockstep. The release-train packages (stash,
    @cipherstash/stack, @cipherstash/stack-drizzle,
    @cipherstash/stack-supabase, @cipherstash/prisma-next,
    @cipherstash/wizard) are now a Changesets fixed group: a release of any of
    them republishes all of them at the same version, so the CLI's embedded
    version map can never go stale against the packages it pins (previously a
    runtime-package-only release would have left the published CLI embedding —
    and recommending — outdated versions). A test now asserts the fixed group
    stays exactly equal to the release train.

  • 413ca39: The legacy @cipherstash/drizzle package (the @cipherstash/protect-based
    Drizzle integration) is removed from the repository and the release train —
    @cipherstash/protect is sunsetting at Stack 1.0, and the package's successor
    is @cipherstash/stack-drizzle. Already-published versions remain installable
    from npm (deprecated, pointing here); the git history preserves the source for
    any emergency maintenance. The stash-drizzle skill and the
    @cipherstash/stack-drizzle README now state the deprecation explicitly so
    nobody (human or agent) installs the legacy package by mistake.

    • @cipherstash/migrate@1.0.0-rc.0

@cipherstash/prisma-next@1.0.0-rc.2

Patch Changes

  • daa25b8: @cipherstash/prisma-next now versions in lockstep with the Stack release
    train (stash, @cipherstash/stack, and the other adapters) via a Changesets
    fixed group — stash init installs it pinned by exact version, so the two
    must always release together. This moves the package from its previous 0.4.x
    line onto the shared train version; no API changes.
  • Updated dependencies [b085f66]
    • @cipherstash/stack@1.0.0-rc.2

@cipherstash/stack-drizzle@1.0.0-rc.2

Patch Changes

  • 413ca39: The legacy @cipherstash/drizzle package (the @cipherstash/protect-based
    Drizzle integration) is removed from the repository and the release train —
    @cipherstash/protect is sunsetting at Stack 1.0, and the package's successor
    is @cipherstash/stack-drizzle. Already-published versions remain installable
    from npm (deprecated, pointing here); the git history preserves the source for
    any emergency maintenance. The stash-drizzle skill and the
    @cipherstash/stack-drizzle README now state the deprecation explicitly so
    nobody (human or agent) installs the legacy package by mistake.
  • Updated dependencies [b085f66]
    • @cipherstash/stack@1.0.0-rc.2

@cipherstash/stack-supabase@1.0.0-rc.2

Patch Changes

  • Updated dependencies [b085f66]
    • @cipherstash/stack@1.0.0-rc.2

@cipherstash/wizard@1.0.0-rc.2

Patch Changes

  • daa25b8: @cipherstash/wizard now versions in lockstep with the Stack release train
    (stash, @cipherstash/stack, and the adapters) via a Changesets fixed
    group — the stash CLI executes the wizard by exact version, so the two must
    always release together. This moves the package from its previous 0.5.x
    line onto the shared train version; no API changes.

@cipherstash/e2e@0.0.3-rc.2

Patch Changes

  • Updated dependencies [6fcb967]
  • Updated dependencies [d803914]
  • Updated dependencies [413ca39]
  • Updated dependencies [b085f66]
  • Updated dependencies [daa25b8]
    • stash@1.0.0-rc.2
    • @cipherstash/stack@1.0.0-rc.2
    • @cipherstash/wizard@1.0.0-rc.2

@cipherstash/basic-example@1.2.14-rc.2

Patch Changes

  • Updated dependencies [413ca39]
  • Updated dependencies [b085f66]
    • @cipherstash/stack-drizzle@1.0.0-rc.2
    • @cipherstash/stack@1.0.0-rc.2
    • @cipherstash/stack-supabase@1.0.0-rc.2

@cipherstash/prisma-next-example@0.0.6-rc.2

Patch Changes

  • Updated dependencies [daa25b8]
  • Updated dependencies [b085f66]
    • @cipherstash/prisma-next@1.0.0-rc.2
    • @cipherstash/stack@1.0.0-rc.2

@cipherstash/bench@0.0.5-rc.2

Patch Changes

  • Updated dependencies [413ca39]
  • Updated dependencies [b085f66]
    • @cipherstash/stack-drizzle@1.0.0-rc.2
    • @cipherstash/stack@1.0.0-rc.2

@cipherstash/test-kit@0.0.1-rc.2

Patch Changes

  • Updated dependencies [b085f66]
    • @cipherstash/stack@1.0.0-rc.2

@github-actions github-actions Bot requested a review from a team as a code owner July 16, 2026 06:47
@github-actions github-actions Bot force-pushed the changeset-release/main branch 7 times, most recently from 6b595c0 to 3771c45 Compare July 16, 2026 07:56
@github-actions github-actions Bot force-pushed the changeset-release/main branch from 3771c45 to 6bbdd83 Compare July 16, 2026 11:30
@coderdan coderdan merged commit d5b2d5b into main Jul 16, 2026
16 of 22 checks passed
@coderdan coderdan deleted the changeset-release/main branch July 16, 2026 13:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant