fix(cli, wizard): make stash db push opt-in for Proxy users only#448
fix(cli, wizard): make stash db push opt-in for Proxy users only#448auxesis wants to merge 1 commit into
stash db push opt-in for Proxy users only#448Conversation
🦋 Changeset detectedLatest commit: 13edf57 The changes in this PR will be included in the next version bump. This PR includes changesets to release 3 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
`stash db push` is only required when querying encrypted data via CipherStash Proxy. SDK users (Drizzle, Supabase, plain pg) have the encryption config in app code, so the database doesn't need a copy. Agents reading the rollout/cutover prompts and skills were insisting on running it anyway. This change: - Adds `--proxy` / `--no-proxy` flags and an interactive prompt to `stash init`. The choice persists to `.cipherstash/context.json` as `usesProxy`. Default is SDK-only (false). - Threads `usesProxy` through `stash plan` and `stash impl` so the setting survives re-runs, and into the wizard's `GatheredContext`. - Gates all `stash db push` (and `stash db activate`) steps in `setup-prompt.ts` renderers on `usesProxy`. SDK renderings drop the steps and renumber; Proxy renderings preserve the current text. - Reframes the four skills (`stash-cli`, `stash-encryption`, `stash-drizzle`, `stash-supabase`) so default walkthroughs are SDK-only, with `db push` moved into `> **Using CipherStash Proxy?**` callouts. - Gates the wizard's post-agent push step on `gathered.usesProxy`, with a visible skip log when off. - Documents a known gap: `stash encrypt cutover` currently requires a pending EQL config (set by `db push`), so SDK-only users running the migrate-existing-column flow hit "No pending EQL configuration" from cutover. Workaround: run `db push` once before cutover. Decoupling cutover from EQL config for SDK users is tracked as a follow-up. Fixes #447. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
auxesis
force-pushed
the
fix/make-agents-less-insistent-on-stash-db-push
branch
from
3d9cc22 to
13edf57
Compare
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (18)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
auxesis
changed the title
stash db push opt-in for Proxy users only
2 participants
Don't run
stash db pushunless the user explicitly states they're using CipherStash Proxy:stash plan/stash implprompts and skills were insisting on running it anyway.--proxy/--no-proxyflags and an interactive prompt onstash initcapture whether the user queries via CipherStash Proxy..cipherstash/context.jsonasusesProxy, and is honoured bystash plan,stash impl, and the wizard's post-agent step.stash-cli,stash-encryption,stash-drizzle,stash-supabase) updated to be SDK focuseddb pushmoves into> **Using CipherStash Proxy?**callouts. A "Known gap" callout warns SDK users about the cutover precondition before they hit it.Why
Background in #447.
The README already had the right framing — "Only required when using CipherStash Proxy" — but the agent-facing prompts and skills didn't.
Limitations
stash encrypt cutovercurrently requires a pending EQL config (registered viastash db push), so SDK-only users running the migrate-existing-column flow will hit aNo pending EQL configurationerror from cutover.The workaround is to run
stash db pushonce beforestash encrypt cutover.The longer term fix is to either:
encrypt cutoverfor SDK-only users at cutover time