import * as _cipherstash_schema from '@cipherstash/schema'; import { ProtectColumn, ProtectValue, ProtectTable, ProtectTableColumn, EncryptConfig } from '@cipherstash/schema'; import { Result } from '@byteslice/result'; import * as _cipherstash_protect_ffi from '@cipherstash/protect-ffi'; import { JsPlaintext, Encrypted as Encrypted$1, EncryptedQuery, EncryptedScalarQuery, KeysetIdentifier as KeysetIdentifier$1 } from '@cipherstash/protect-ffi'; import { B as BulkEncryptedData, C as Client, a as BulkEncryptPayload, b as EncryptOptions, c as BulkDecryptedData, d as BulkDecryptPayload, D as Decrypted, E as Encrypted, e as EncryptedQueryResult, f as EncryptQueryOptions, Q as QueryTypeName, S as ScalarQueryTerm, F as FfiIndexTypeName, K as KeysetIdentifier, n as EncryptedSearchTerm, p as SearchTerm } from '../types-dR0dpG6-.cjs'; type AuditConfig = { metadata?: Record; }; type AuditData = { metadata?: Record; }; declare abstract class ProtectOperation { protected auditMetadata?: Record; /** * Attach audit metadata to this operation. Can be chained. * @param config Configuration for ZeroKMS audit logging * @param config.metadata Arbitrary JSON object for appending metadata to the audit log */ audit(config: AuditConfig): this; /** * Get the audit data for this operation. */ getAuditData(): AuditData; /** * Execute the operation and return a Result */ abstract execute(): Promise>; /** * Make the operation thenable */ then, TResult2 = never>(onfulfilled?: ((value: Result) => TResult1 | PromiseLike) | null, onrejected?: ((reason: unknown) => TResult2 | PromiseLike) | null): Promise; } type CtsRegions = 'ap-southeast-2'; type IdentifyOptions = { fetchFromCts?: boolean; }; type CtsToken = { accessToken: string; expiry: number; }; type Context = { identityClaim: string[]; }; type LockContextOptions = { context?: Context; ctsToken?: CtsToken; }; type GetLockContextResponse = { ctsToken: CtsToken; context: Context; }; declare class LockContext { private ctsToken; private workspaceId; private context; constructor({ context, ctsToken, }?: LockContextOptions); identify(jwtToken: string): Promise>; getLockContext(): Promise>; } declare class BulkEncryptOperation extends ProtectOperation { private client; private plaintexts; private column; private table; constructor(client: Client, plaintexts: BulkEncryptPayload, opts: EncryptOptions); withLockContext(lockContext: LockContext): BulkEncryptOperationWithLockContext; execute(): Promise>; getOperation(): { client: Client; plaintexts: BulkEncryptPayload; column: ProtectColumn | ProtectValue; table: ProtectTable; }; } declare class BulkEncryptOperationWithLockContext extends ProtectOperation { private operation; private lockContext; constructor(operation: BulkEncryptOperation, lockContext: LockContext); execute(): Promise>; } declare class BulkDecryptOperation extends ProtectOperation { private client; private encryptedPayloads; constructor(client: Client, encryptedPayloads: BulkDecryptPayload); withLockContext(lockContext: LockContext): BulkDecryptOperationWithLockContext; execute(): Promise>; getOperation(): { client: Client; encryptedPayloads: BulkDecryptPayload; }; } declare class BulkDecryptOperationWithLockContext extends ProtectOperation { private operation; private lockContext; constructor(operation: BulkDecryptOperation, lockContext: LockContext); execute(): Promise>; } declare class BulkEncryptModelsOperation> extends ProtectOperation { private client; private models; private table; constructor(client: Client, models: Decrypted[], table: ProtectTable); withLockContext(lockContext: LockContext): BulkEncryptModelsOperationWithLockContext; execute(): Promise>; getOperation(): { client: Client; models: Decrypted[]; table: ProtectTable; }; } declare class BulkEncryptModelsOperationWithLockContext> extends ProtectOperation { private operation; private lockContext; constructor(operation: BulkEncryptModelsOperation, lockContext: LockContext); execute(): Promise>; } declare class BulkDecryptModelsOperation> extends ProtectOperation[]> { private client; private models; constructor(client: Client, models: T[]); withLockContext(lockContext: LockContext): BulkDecryptModelsOperationWithLockContext; execute(): Promise[], ProtectError>>; getOperation(): { client: Client; models: T[]; }; } declare class BulkDecryptModelsOperationWithLockContext> extends ProtectOperation[]> { private operation; private lockContext; constructor(operation: BulkDecryptModelsOperation, lockContext: LockContext); execute(): Promise[], ProtectError>>; } /** * Decrypts an encrypted payload using the provided client. * This is the type returned by the {@link ProtectClient.decrypt | decrypt} method of the {@link ProtectClient}. */ declare class DecryptOperation extends ProtectOperation { private client; private encryptedData; constructor(client: Client, encryptedData: Encrypted); withLockContext(lockContext: LockContext): DecryptOperationWithLockContext; execute(): Promise>; getOperation(): { client: Client; encryptedData: Encrypted; auditData?: Record; }; } declare class DecryptOperationWithLockContext extends ProtectOperation { private operation; private lockContext; constructor(operation: DecryptOperation, lockContext: LockContext); execute(): Promise>; } declare class DecryptModelOperation> extends ProtectOperation> { private client; private model; constructor(client: Client, model: T); withLockContext(lockContext: LockContext): DecryptModelOperationWithLockContext; execute(): Promise, ProtectError>>; getOperation(): { client: Client; model: T; }; } declare class DecryptModelOperationWithLockContext> extends ProtectOperation> { private operation; private lockContext; constructor(operation: DecryptModelOperation, lockContext: LockContext); execute(): Promise, ProtectError>>; } declare class EncryptModelOperation> extends ProtectOperation { private client; private model; private table; constructor(client: Client, model: Decrypted, table: ProtectTable); withLockContext(lockContext: LockContext): EncryptModelOperationWithLockContext; execute(): Promise>; getOperation(): { client: Client; model: Decrypted; table: ProtectTable; }; } declare class EncryptModelOperationWithLockContext> extends ProtectOperation { private operation; private lockContext; constructor(operation: EncryptModelOperation, lockContext: LockContext); execute(): Promise>; } declare class EncryptOperation extends ProtectOperation { private client; private plaintext; private column; private table; constructor(client: Client, plaintext: JsPlaintext | null, opts: EncryptOptions); withLockContext(lockContext: LockContext): EncryptOperationWithLockContext; execute(): Promise>; getOperation(): { client: Client; plaintext: JsPlaintext | null; column: ProtectColumn | ProtectValue; table: ProtectTable; }; } declare class EncryptOperationWithLockContext extends ProtectOperation { private operation; private lockContext; constructor(operation: EncryptOperation, lockContext: LockContext); execute(): Promise>; } /** * @internal Use {@link ProtectClient.encryptQuery} instead. */ declare class EncryptQueryOperation extends ProtectOperation { private client; private plaintext; private opts; constructor(client: Client, plaintext: JsPlaintext | null, opts: EncryptQueryOptions); withLockContext(lockContext: LockContext): EncryptQueryOperationWithLockContext; execute(): Promise>; getOperation(): { column: _cipherstash_schema.ProtectColumn; table: _cipherstash_schema.ProtectTable<_cipherstash_schema.ProtectTableColumn>; queryType?: QueryTypeName; returnType?: "eql" | "composite-literal" | "escaped-composite-literal"; client: Client; plaintext: JsPlaintext | null; }; } /** * @internal Use {@link ProtectClient.encryptQuery} with `.withLockContext()` instead. */ declare class EncryptQueryOperationWithLockContext extends ProtectOperation { private client; private plaintext; private opts; private lockContext; constructor(client: Client, plaintext: JsPlaintext | null, opts: EncryptQueryOptions, lockContext: LockContext, auditMetadata?: Record); execute(): Promise>; } /** * @internal Use {@link ProtectClient.encryptQuery} with array input instead. */ declare class BatchEncryptQueryOperation extends ProtectOperation { private client; private terms; constructor(client: Client, terms: readonly ScalarQueryTerm[]); withLockContext(lockContext: LockContext): BatchEncryptQueryOperationWithLockContext; execute(): Promise>; } /** * @internal Use {@link ProtectClient.encryptQuery} with array input and `.withLockContext()` instead. */ declare class BatchEncryptQueryOperationWithLockContext extends ProtectOperation { private client; private terms; private lockContext; constructor(client: Client, terms: readonly ScalarQueryTerm[], lockContext: LockContext, auditMetadata?: Record); execute(): Promise>; } /** * Infer the primary index type from a column's configured indexes. * Priority: unique > match > ore > ste_vec (for scalar queries) */ declare function inferIndexType(column: ProtectColumn): FfiIndexTypeName; /** * Validate that the specified index type is configured on the column */ declare function validateIndexType(column: ProtectColumn, indexType: FfiIndexTypeName): void; /** * JSONB path utilities for converting between path formats. * * These utilities support dot-notation and basic JSONPath-style array indices (e.g., "[0]"). * Only limited validation is performed (forbidden prototype keys); callers should still * ensure segments are valid property names. */ /** * Convert a dot-notation path to JSONPath selector format. * * @example * toJsonPath("user.email") // "$.user.email" * toJsonPath("$.user.email") // "$.user.email" (unchanged) * toJsonPath(".user.email") // "$.user.email" * toJsonPath("name") // "$.name" */ declare function toJsonPath(path: string): string; /** * Parse a JSONB path string into segments. * Handles both dot notation and JSONPath format. * * Returns an empty array for empty, null, or undefined input (defensive for JS consumers). * * @example * parseJsonbPath("user.email") // ["user", "email"] * parseJsonbPath("$.user.email") // ["user", "email"] * parseJsonbPath("name") // ["name"] * parseJsonbPath("$.name") // ["name"] */ declare function parseJsonbPath(path: string): string[]; declare function buildNestedObject(path: string, value: unknown): Record; /** * The shape `encryptQuery` / `encryptQueryBulk` can return: a full storage * payload (`Encrypted`, returned for `ste_vec_term` containment queries) or a * query-only payload with no ciphertext (`EncryptedQuery`, returned for * scalar `unique`/`match`/`ore` lookups and `ste_vec_selector` path queries). * * TODO: duplicated in `@cipherstash/stack` — see * `packages/stack/src/encryption/helpers/index.ts`. Both copies should be * removed once `@cipherstash/protect-ffi` exports a named alias for the * `encryptQuery` return type (https://github.com/cipherstash/stack/pull/473). */ type EncryptedQueryTerm = Encrypted$1 | EncryptedQuery; type EncryptedPgComposite = { data: Encrypted; }; /** * Helper function to transform an encrypted payload into a PostgreSQL composite type. * Use this when inserting data via Supabase or similar clients. */ declare function encryptedToPgComposite(obj: Encrypted): EncryptedPgComposite; /** * Helper function to transform an encrypted payload into a PostgreSQL composite literal string. * Use this when querying with `.eq()` or similar equality operations in Supabase. * * @deprecated Use `encryptQuery()` with `returnType: 'composite-literal'` instead. * @example * ```typescript * // Before (deprecated): * const [encrypted] = await protectClient.encryptQuery([ * { value: searchValue, column, table, queryType: 'equality' } * ]) * const literal = encryptedToCompositeLiteral(encrypted) * await supabase.from('table').select().eq('column', literal) * * // After (recommended): * const [searchTerm] = await protectClient.encryptQuery([ * { value: searchValue, column, table, queryType: 'equality', returnType: 'composite-literal' } * ]) * await supabase.from('table').select().eq('column', searchTerm) * ``` */ declare function encryptedToCompositeLiteral(obj: EncryptedQueryTerm): string; /** * Helper function to transform an encrypted payload into an escaped PostgreSQL composite literal string. * Use this when you need the composite literal format to be escaped as a string value. * * @deprecated Use `encryptQuery()` with `returnType: 'escaped-composite-literal'` instead. * See also: `encryptedToCompositeLiteral` for parallel deprecation guidance. * @example * ```typescript * // Before (deprecated): * const [encrypted] = await protectClient.encryptQuery([ * { value: searchValue, column, table, queryType: 'equality' } * ]) * const escapedLiteral = encryptedToEscapedCompositeLiteral(encrypted) * * // After (recommended): * const [searchTerm] = await protectClient.encryptQuery([ * { value: searchValue, column, table, queryType: 'equality', returnType: 'escaped-composite-literal' } * ]) * ``` */ declare function encryptedToEscapedCompositeLiteral(obj: EncryptedQueryTerm): string; declare function formatEncryptedResult(encrypted: EncryptedQueryTerm, returnType?: string): EncryptedQueryResult; /** * Helper function to transform a model's encrypted fields into PostgreSQL composite types */ declare function modelToEncryptedPgComposites>(model: T): T; /** * Helper function to transform multiple models' encrypted fields into PostgreSQL composite types */ declare function bulkModelsToEncryptedPgComposites>(models: T[]): T[]; declare function toFfiKeysetIdentifier(keyset: KeysetIdentifier | undefined): KeysetIdentifier$1 | undefined; /** * Helper function to check if a value is an encrypted payload */ declare function isEncryptedPayload(value: unknown): value is Encrypted; /** * Type guard narrowing a value to {@link EncryptedScalarQuery} — the scalar * query term (`unique` / `match` / `ore` lookup) returned by `encryptQuery` / * `encryptQueryBulk`. Unlike a storage payload it carries no ciphertext (`c`); * it carries exactly one lookup term: `hm`, `bf`, or `ob`. * * Use this to discriminate a scalar query term from a storage payload * (`EncryptedScalar`/`EncryptedSteVec`) or a `ste_vec_selector` query. */ declare function isEncryptedScalarQuery(value: unknown): value is EncryptedScalarQuery; declare const ProtectErrorTypes: { ClientInitError: string; EncryptionError: string; DecryptionError: string; LockContextError: string; CtsTokenError: string; }; interface ProtectError { type: (typeof ProtectErrorTypes)[keyof typeof ProtectErrorTypes]; message: string; code?: _cipherstash_protect_ffi.ProtectErrorCode; } type AtLeastOneCsTable = [T, ...T[]]; type ProtectClientConfig = { schemas: AtLeastOneCsTable>; /** * The CipherStash workspace CRN (Cloud Resource Name). * Format: `crn:.aws:`. * Can also be set via the `CS_WORKSPACE_CRN` environment variable. */ workspaceCrn?: string; /** * The API access key used for authenticating with the CipherStash API. * Can also be set via the `CS_CLIENT_ACCESS_KEY` environment variable. * Obtain this from the CipherStash dashboard after creating a workspace. */ accessKey?: string; /** * The client identifier used to authenticate with CipherStash services. * Can also be set via the `CS_CLIENT_ID` environment variable. * Generated during workspace onboarding in the CipherStash dashboard. */ clientId?: string; /** * The client key material used in combination with ZeroKMS for encryption operations. * Can also be set via the `CS_CLIENT_KEY` environment variable. * Generated during workspace onboarding in the CipherStash dashboard. */ clientKey?: string; /** * An optional keyset identifier for multi-tenant encryption. * Each keyset provides cryptographic isolation, giving each tenant its own keyspace. * Specify by name (`{ name: "tenant-a" }`) or UUID (`{ id: "..." }`). * Keysets are created and managed in the CipherStash dashboard. */ keyset?: KeysetIdentifier; }; declare const protect: (config: ProtectClientConfig) => Promise; /** * @deprecated Use `BatchEncryptQueryOperation` instead. * This class is maintained for backward compatibility only. */ declare class SearchTermsOperation extends ProtectOperation { private client; private terms; constructor(client: Client, terms: SearchTerm[]); withLockContext(lockContext: LockContext): SearchTermsOperationWithLockContext; execute(): Promise>; } declare class SearchTermsOperationWithLockContext extends ProtectOperation { private operation; private lockContext; constructor(operation: SearchTermsOperation, lockContext: LockContext); execute(): Promise>; } /** The ProtectClient is the main entry point for interacting with the CipherStash Protect.js library. * It provides methods for encrypting and decrypting individual values, as well as models (objects) and bulk operations. * * The client must be initialized using the {@link protect} function before it can be used. */ declare class ProtectClient { private client; private encryptConfig; /** * Initializes the ProtectClient with the provided configuration. * @internal * @param config - The configuration object for initializing the client. * @returns A promise that resolves to a {@link Result} containing the initialized ProtectClient or a {@link ProtectError}. **/ init(config: { encryptConfig: EncryptConfig; workspaceCrn?: string; accessKey?: string; clientId?: string; clientKey?: string; keyset?: KeysetIdentifier; }): Promise>; /** * Encrypt a value - returns a promise which resolves to an encrypted value. * * @param plaintext - The plaintext value to be encrypted. Can be null. * @param opts - Options specifying the column and table for encryption. * @returns An EncryptOperation that can be awaited or chained with additional methods. * * @example * The following example demonstrates how to encrypt a value using the Protect client. * It includes defining an encryption schema with {@link csTable} and {@link csColumn}, * initializing the client with {@link protect}, and performing the encryption. * * `encrypt` returns an {@link EncryptOperation} which can be awaited to get a {@link Result} * which can either be the encrypted value or a {@link ProtectError}. * * ```typescript * // Define encryption schema * import { csTable, csColumn } from "@cipherstash/protect" * const userSchema = csTable("users", { * email: csColumn("email"), * }); * * // Initialize Protect client * const protectClient = await protect({ schemas: [userSchema] }) * * // Encrypt a value * const encryptedResult = await protectClient.encrypt( * "person@example.com", * { column: userSchema.email, table: userSchema } * ) * * // Handle encryption result * if (encryptedResult.failure) { * throw new Error(`Encryption failed: ${encryptedResult.failure.message}`); * } * * console.log("Encrypted data:", encryptedResult.data); * ``` * * @example * When encrypting data, a {@link LockContext} can be provided to tie the encryption to a specific user or session. * This ensures that the same lock context is required for decryption. * * The following example demonstrates how to create a lock context using a user's JWT token * and use it during encryption. * * ```typescript * // Define encryption schema and initialize client as above * * // Create a lock for the user's `sub` claim from their JWT * const lc = new LockContext(); * const lockContext = await lc.identify(userJwt); * * if (lockContext.failure) { * // Handle the failure * } * * // Encrypt a value with the lock context * // Decryption will then require the same lock context * const encryptedResult = await protectClient.encrypt( * "person@example.com", * { column: userSchema.email, table: userSchema } * ) * .withLockContext(lockContext) * ``` * * @see {@link Result} * @see {@link csTable} * @see {@link LockContext} * @see {@link EncryptOperation} */ encrypt(plaintext: JsPlaintext | null, opts: EncryptOptions): EncryptOperation; /** * Encrypt a query value - returns a promise which resolves to an encrypted query value. * * @param plaintext - The plaintext value to be encrypted for querying. Can be null. * @param opts - Options specifying the column, table, and optional queryType for encryption. * @returns An EncryptQueryOperation that can be awaited or chained with additional methods. * * @example * The following example demonstrates how to encrypt a query value using the Protect client. * * ```typescript * // Define encryption schema * import { csTable, csColumn } from "@cipherstash/protect" * const userSchema = csTable("users", { * email: csColumn("email").equality(), * }); * * // Initialize Protect client * const protectClient = await protect({ schemas: [userSchema] }) * * // Encrypt a query value * const encryptedResult = await protectClient.encryptQuery( * "person@example.com", * { column: userSchema.email, table: userSchema, queryType: 'equality' } * ) * * // Handle encryption result * if (encryptedResult.failure) { * throw new Error(`Encryption failed: ${encryptedResult.failure.message}`); * } * * console.log("Encrypted query:", encryptedResult.data); * ``` * * @example * The queryType can be auto-inferred from the column's configured indexes: * * ```typescript * // When queryType is omitted, it will be inferred from the column's indexes * const encryptedResult = await protectClient.encryptQuery( * "person@example.com", * { column: userSchema.email, table: userSchema } * ) * ``` * * @see {@link EncryptQueryOperation} * * **JSONB columns (searchableJson):** * When `queryType` is omitted on a `searchableJson()` column, the query operation is inferred: * - String plaintext → `steVecSelector` (JSONPath queries like `'$.user.email'`) * - Object/Array plaintext → `steVecTerm` (containment queries like `{ role: 'admin' }`) */ encryptQuery(plaintext: JsPlaintext | null, opts: EncryptQueryOptions): EncryptQueryOperation; /** * Encrypt multiple values for use in queries (batch operation). * @param terms - Array of query terms to encrypt */ encryptQuery(terms: readonly ScalarQueryTerm[]): BatchEncryptQueryOperation; /** * Decryption - returns a promise which resolves to a decrypted value. * * @param encryptedData - The encrypted data to be decrypted. * @returns A DecryptOperation that can be awaited or chained with additional methods. * * @example * The following example demonstrates how to decrypt a value that was previously encrypted using {@link encrypt} client. * It includes encrypting a value first, then decrypting it, and handling the result. * * ```typescript * const encryptedData = await eqlClient.encrypt( * "person@example.com", * { column: "email", table: "users" } * ) * const decryptResult = await eqlClient.decrypt(encryptedData) * if (decryptResult.failure) { * throw new Error(`Decryption failed: ${decryptResult.failure.message}`); * } * console.log("Decrypted data:", decryptResult.data); * ``` * * @example * Provide a lock context when decrypting: * ```typescript * await eqlClient.decrypt(encryptedData) * .withLockContext(lockContext) * ``` * * @see {@link LockContext} * @see {@link DecryptOperation} */ decrypt(encryptedData: Encrypted): DecryptOperation; /** * Encrypt a model based on its encryptConfig. * * @example * ```typescript * type User = { * id: string; * email: string; // encrypted * } * * // Define the schema for the users table * const usersSchema = csTable('users', { * email: csColumn('email').freeTextSearch().equality().orderAndRange(), * }) * * // Initialize the Protect client * const protectClient = await protect({ schemas: [usersSchema] }) * * // Encrypt a user model * const encryptedModel = await protectClient.encryptModel( * { id: 'user_123', email: 'person@example.com' }, * usersSchema, * ) * ``` */ encryptModel>(input: Decrypted, table: ProtectTable): EncryptModelOperation; /** * Decrypt a model with encrypted values * Usage: * await eqlClient.decryptModel(encryptedModel) * await eqlClient.decryptModel(encryptedModel).withLockContext(lockContext) */ decryptModel>(input: T): DecryptModelOperation; /** * Bulk encrypt models with decrypted values * Usage: * await eqlClient.bulkEncryptModels(decryptedModels, table) * await eqlClient.bulkEncryptModels(decryptedModels, table).withLockContext(lockContext) */ bulkEncryptModels>(input: Array>, table: ProtectTable): BulkEncryptModelsOperation; /** * Bulk decrypt models with encrypted values * Usage: * await eqlClient.bulkDecryptModels(encryptedModels) * await eqlClient.bulkDecryptModels(encryptedModels).withLockContext(lockContext) */ bulkDecryptModels>(input: Array): BulkDecryptModelsOperation; /** * Bulk encryption - returns a thenable object. * Usage: * await eqlClient.bulkEncrypt(plaintexts, { column, table }) * await eqlClient.bulkEncrypt(plaintexts, { column, table }).withLockContext(lockContext) */ bulkEncrypt(plaintexts: BulkEncryptPayload, opts: EncryptOptions): BulkEncryptOperation; /** * Bulk decryption - returns a thenable object. * Usage: * await eqlClient.bulkDecrypt(encryptedPayloads) * await eqlClient.bulkDecrypt(encryptedPayloads).withLockContext(lockContext) */ bulkDecrypt(encryptedPayloads: BulkDecryptPayload): BulkDecryptOperation; /** * Create search terms to use in a query searching encrypted data * * @deprecated Use `encryptQuery(terms)` instead. * * Migration example: * ```typescript * // Before (deprecated) * const result = await client.createSearchTerms([ * { value: 'test', column: users.email, table: users } * ]) * * // After * const result = await client.encryptQuery([ * { value: 'test', column: users.email, table: users, queryType: 'equality' } * ]) * ``` * * Usage: * await eqlClient.createSearchTerms(searchTerms) * await eqlClient.createSearchTerms(searchTerms).withLockContext(lockContext) */ createSearchTerms(terms: SearchTerm[]): SearchTermsOperation; } export { toFfiKeysetIdentifier as A, BatchEncryptQueryOperation as B, toJsonPath as C, type Context, type CtsRegions, type CtsToken, DecryptModelOperation as D, EncryptModelOperation as E, validateIndexType as F, type GetLockContextResponse, type IdentifyOptions, LockContext, type LockContextOptions, ProtectClient as P, BatchEncryptQueryOperationWithLockContext as a, BulkDecryptModelsOperation as b, BulkDecryptOperation as c, BulkEncryptModelsOperation as d, BulkEncryptOperation as e, DecryptOperation as f, EncryptOperation as g, EncryptQueryOperation as h, EncryptQueryOperationWithLockContext as i, type EncryptedPgComposite as j, type ProtectClientConfig as k, type ProtectError as l, ProtectErrorTypes as m, ProtectOperation as n, buildNestedObject as o, bulkModelsToEncryptedPgComposites as p, encryptedToCompositeLiteral as q, encryptedToEscapedCompositeLiteral as r, encryptedToPgComposite as s, formatEncryptedResult as t, inferIndexType as u, isEncryptedPayload as v, isEncryptedScalarQuery as w, modelToEncryptedPgComposites as x, parseJsonbPath as y, protect as z };