docs: refresh root README around the three Stack pillars#526
Conversation
|
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
- Lead with a searchable-encryption value prop and zero-knowledge trust line - Account-first quick start; show encrypt + search-without-decrypt + decrypt - Cover all three pillars early: searchable encryption, ORM integrations (Supabase/Drizzle/Prisma Next/DynamoDB), identity-aware encryption - Add a 'How it works' section linking the security architecture docs - Use reference-style links with all URLs centralised at the bottom (CipherStash links carry README UTM params) - Mark @cipherstash/protect (Protect.js) as legacy in its README - Spec the architecture diagram + type-safety GIF in docs/plans
Reflects the auth changes in #497: replace the deprecated LockContext.identify() ceremony with client-level OidcFederationStrategy + .withLockContext({ identityClaim }), which makes every OIDC provider (Clerk, Supabase, Auth0, Okta) first-class.
20e13ae to
88c9aec
Compare
Add the four architecture SVG variants (desktop/mobile x light/dark) and embed them in the How it works section via a single <picture> element. Sources select on both prefers-color-scheme and max-width:600px; the desktop-light <img> is the universal fallback for npm and older renderers.
Temporary: switch the architecture <picture> srcset/src to relative paths so they render on the PR branch. Must be restored to absolute raw.githubusercontent.com/.../main/ URLs before merge (relative paths break on the npm package page). TODO noted inline and in the visual-assets spec.
- Lead with three short searchable-encryption examples (Supabase, Prisma Next, Drizzle) and a Quick starts table - EQL v3 framing: CREATE TABLE with domain types replaces per-column SEM config; auth gains device auth; keysets replace BYOK under Advanced features - Add performance table (benches-attributed), FAQ from the Supabase listing, and a Start free CTA; drop the Protect.js migration section - Spec a purpose-built flat-latency chart as Asset 3 in the visual assets plan
- Drizzle example uses the types namespace (types.TextMatch) instead of the SEM-style options object, matching the v3 authoring surface - Add docs/plans/readme-go-live-checklist.md consolidating every doc-driven claim to confirm before merging to main, referenced from a comment at the top of the README
Make the "only raw pg needs a client-side schema" claim concrete with an encryptedTable + types example mirroring the CREATE TABLE domain types above it; sharpen the matching go-live checklist item.
og:image via repo Settings → Social preview (1280×640 dark-brand card, export kept in-repo), About description doubling as og:description; add the upload/verify step to the go-live checklist.
What
A conversion-focused rewrite of the root
README.md, benchmarked against 8 company-backed, high-star OSS READMEs (Supabase, Clerk, Infisical, Vault, Trigger.dev, Prisma, Drizzle, React Email).The README now:
npx stash init, then a snippet that shows encrypt → search without decrypting → decrypt.?utm_source=github&utm_medium=stack_readmefor attribution.Also in this PR:
@cipherstash/protect(Protect.js) as legacy with a warning banner at the top of its README.docs/images/(desktop/mobile × light/dark), selected by a single<picture>element that switches on bothprefers-color-schemeandmax-width(viewport). The desktop-light<img>is the universal fallback for npm and older renderers.docs/plans/readme-visual-assets.md— specs for the visual assets, including a ship-today Mermaid version of the diagram.Auth section — reflects #497 (
OidcFederationStrategy), now mergedThe identity-aware encryption pillar uses the strategy-based API from #497 (now merged): client-level
OidcFederationStrategy(config.strategy, re-exported from@cipherstash/stack) +.withLockContext({ identityClaim }), replacing the deprecatednew LockContext()→identify()→.withLockContext(lc)ceremony. This makes every OIDC provider (Clerk, Supabase, Auth0, Okta) first-class.✅ Signature verified against the merged code —
OidcFederationStrategy.create(workspaceCrn, () => getJwt())(2-arg form,getJwtreturns aPromise<jwt>), matchingpackages/stack/__tests__/lock-context.test.ts. The branch has been rebased ontomain(post-#497).Follow-ups
<picture>paths are temporarily relative (docs/images/…) so they preview on this branch — they must be switched back tohttps://raw.githubusercontent.com/cipherstash/stack/main/docs/images/…before merge, or they break on the npm package page. (TODO noted inline in the README and in the spec doc.)npm deprecate @cipherstash/protect— being handled separately (npm not authed in the build env).Notes for reviewers
cipherstash.comlinks) matches what analytics expects — easy to dial back since they're all in one block.