db: Add encrypted Turso adapter with shared migration flow#50
Draft
stefanskoricdev wants to merge 4 commits into
Draft
db: Add encrypted Turso adapter with shared migration flow#50stefanskoricdev wants to merge 4 commits into
stefanskoricdev wants to merge 4 commits into
Conversation
- Add EncryptedTursoDb<M: DbSpec> alongside TursoDb<M> in the shared DB module - Require SCE_DB_ENCRYPTION_KEY, reject empty keys, and configure Turso encryption via EncryptionOpts with strict aegis256 - Reuse extracted shared helpers for parent directory setup, runtime creation, and migration execution to keep encrypted/non-encrypted paths consistent - Expose sync execute()/query() on encrypted adapter and keep __sce_migrations metadata behavior aligned - Update context memory files to reflect the current shared Turso DB architecture and glossary terms Co-authored-by: SCE <sce@crocoder.dev>
Add encrypted auth DB foundation: `AuthDb = EncryptedTursoDb<AuthDbSpec>` wrapper, ordered auth token migrations (table + email index), and `AuthDbLifecycle` provider registered in the shared lifecycle catalog. Wire the canonical `<state_root>/sce/auth.db` path resolver, module export, and lifecycle ordering (config → local_db → auth_db → agent_trace_db → hooks). Sync context files to reflect the new current-state DB surface. Plan: encrypted-auth-db Tasks: T01 (auth DB path + migrations), T02 (auth_db mod.rs), T03 (lifecycle integration) Co-authored-by: SCE <sce@crocoder.dev>
Replace baseline auth schema/table naming from auth_tokens to auth_credentials and store identity via user_id instead of email. Update embedded migration constants and migration IDs to match the new schema naming and index contract. Add focused auth DB tests covering baseline migration objects/constraints, applied migration ordering, and lifecycle provider inclusion/order. Sync context docs to reflect the implemented auth DB schema and lifecycle wiring state. Co-authored-by: SCE <sce@crocoder.dev>
Remove the UNIQUE constraint on user_id and its dedicated index migration. Add an updated_at column and an auto-update trigger to track credential modification timestamps. This prepares for supporting multiple credentials per user while retaining modification timestamps for cache-invalidation use cases. Drop 002_create_auth_tokens_email_index.sql, add 002_create_auth_credentials_updated_at_trigger.sql, and update the Rust module and test assertions accordingly. Co-authored-by: SCE <sce@crocoder.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.