learning_ai_common_plat

bytelyst/learning_ai_common_plat

Fork 0

Commit Graph

Author	SHA1	Message	Date
saravanakumardb1	acace0cdc5	feat(field-encrypt): add CosmosDekStore for production DEK persistence (6 tests) - dek-store-cosmos.ts: Cosmos DB-backed DekStore implementation - Uses _encryption_keys container with dekId partition key - Upsert semantics, idempotent delete, query-based listIds - index.ts: export CosmosDekStore - index.test.ts: 6 new tests with mock container (56 total) This completes E2EE Phase 3 — production multi-instance DEK storage. Previously only MemoryDekStore was available, losing DEKs on restart.	2026-04-14 11:29:23 -07:00
saravanakumardb1	7613d6890f	feat(field-encrypt): admin-panel encryption toggle via feature flags - FieldEncryptorConfig.enabled: false returns NullFieldEncryptor (no-op) - NullFieldEncryptor stores plaintext as-is, decrypt returns ct directly - 7 new tests for toggle behavior (50/50 total) - encryption_enabled added to COMMON_FLAGS (seeded for all 10 products)	2026-03-21 15:24:19 -07:00
saravanakumardb1	bb3f5385fc	feat(field-encrypt): create @bytelyst/field-encrypt package with AES-256-GCM envelope encryption - 10 source files: types, aes-gcm, 3 key providers (memory/env/akv), envelope, key-cache, dek-store, guards, migration, factory - 42 Vitest tests: AES-GCM roundtrips, tamper detection, unicode, 100KB payloads, key providers, DEK cache TTL/LRU, envelope lifecycle, migration (dry-run + idempotent), config validation - AKV MEK creation script (scripts/create-encryption-keys.sh) for 10 product MEKs - .env.example updated with FIELD_ENCRYPT_* vars	2026-03-21 09:18:10 -07:00

Author

SHA1

Message

Date

saravanakumardb1

acace0cdc5

feat(field-encrypt): add CosmosDekStore for production DEK persistence (6 tests)

- dek-store-cosmos.ts: Cosmos DB-backed DekStore implementation
  - Uses _encryption_keys container with dekId partition key
  - Upsert semantics, idempotent delete, query-based listIds
- index.ts: export CosmosDekStore
- index.test.ts: 6 new tests with mock container (56 total)

This completes E2EE Phase 3 — production multi-instance DEK storage.
Previously only MemoryDekStore was available, losing DEKs on restart.

2026-04-14 11:29:23 -07:00

saravanakumardb1

7613d6890f

feat(field-encrypt): admin-panel encryption toggle via feature flags

- FieldEncryptorConfig.enabled: false returns NullFieldEncryptor (no-op)
- NullFieldEncryptor stores plaintext as-is, decrypt returns ct directly
- 7 new tests for toggle behavior (50/50 total)
- encryption_enabled added to COMMON_FLAGS (seeded for all 10 products)

2026-03-21 15:24:19 -07:00

saravanakumardb1

bb3f5385fc

feat(field-encrypt): create @bytelyst/field-encrypt package with AES-256-GCM envelope encryption

- 10 source files: types, aes-gcm, 3 key providers (memory/env/akv), envelope, key-cache, dek-store, guards, migration, factory
- 42 Vitest tests: AES-GCM roundtrips, tamper detection, unicode, 100KB payloads, key providers, DEK cache TTL/LRU, envelope lifecycle, migration (dry-run + idempotent), config validation
- AKV MEK creation script (scripts/create-encryption-keys.sh) for 10 product MEKs
- .env.example updated with FIELD_ENCRYPT_* vars

2026-03-21 09:18:10 -07:00

3 Commits