fix: final sweep — comments, env vars, db names, migration guide (round 4)

calvinbrewer · claude · calvinbrewer · commit 4c01c344a3ce · 2026-02-11T19:04:00.000-07:00
Comments:
- "protected table schema" → "encrypted table schema" in 6 dynamo example files + dynamodb README
- "protectjs" → "CipherStash" in nextjs-clerk schema comment
- eql_payload_created_by_protect → eql_payload_created_by_encryption in docs

Environment variables:
- PROTECT_LOG_LEVEL → CS_LOG_LEVEL in .env files and nest module
- AGENTS.md env var reference updated

Database/infrastructure:
- protect_example → encryption_example in next-drizzle-mysql (docker-compose, drizzle config, .env.example)
- protectNestedJson → encryptedNestedJson in dynamodb test

Documentation:
- protect-example → encryption-example in getting-started.md
- jsprotect.git → protectjs.git in hono-supabase README
- Updated product URLs in next-drizzle-mysql README
- MIGRATION.md: updated "after" examples with new function names
- Nest README: fixed src/protect/ → src/encryption/ path

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/AGENTS.md b/AGENTS.md
@@ -64,7 +64,7 @@ USER_JWT=
 USER_2_JWT=
 
 # Logging (plaintext is never logged by design)
-PROTECT_LOG_LEVEL=debug|info|error
+CS_LOG_LEVEL=debug|info|error
 ```
 
 If these variables are missing, tests that require live encryption will fail or be skipped; prefer filtering to specific packages and tests while developing.
diff --git a/MIGRATION.md b/MIGRATION.md
@@ -17,8 +17,8 @@ npm install @cipherstash/stack
 If you use the DynamoDB helpers, update the peer dependency:
 
 ```bash
-# @cipherstash/protect-dynamodb now expects @cipherstash/stack
-npm install @cipherstash/stack @cipherstash/protect-dynamodb
+# @cipherstash/dynamodb now expects @cipherstash/stack
+npm install @cipherstash/stack @cipherstash/dynamodb
 ```
 
 If you use the Drizzle integration, update the peer dependency:
@@ -118,22 +118,24 @@ npm install @cipherstash/stack @cipherstash/drizzle
 ```diff
 -import { protect } from '@cipherstash/protect'
 +import { Encryption } from '@cipherstash/stack'
- import { extractProtectSchema, createProtectOperators } from '@cipherstash/drizzle/pg'
+-import { extractProtectSchema, createProtectOperators } from '@cipherstash/drizzle/pg'
++import { extractEncryptionSchema, createEncryptionOperators } from '@cipherstash/drizzle/pg'
 
- const users = extractProtectSchema(usersTable)
+-const users = extractProtectSchema(usersTable)
++const users = extractEncryptionSchema(usersTable)
 -const client = await protect({ schemas: [users] })
 +const client = await Encryption({ schemas: [users] })
- const ops = createProtectOperators(client)
+-const ops = createProtectOperators(client)
++const ops = createEncryptionOperators(client)
 ```
 
-> Note: `extractProtectSchema` and `createProtectOperators` retain their names in the Drizzle package.
-
 ### DynamoDB integration
 
 ```diff
 -import { protect, csTable, csColumn } from '@cipherstash/protect'
 +import { Encryption, encryptedTable, encryptedColumn } from '@cipherstash/stack'
- import { protectDynamoDB } from '@cipherstash/protect-dynamodb'
+-import { protectDynamoDB } from '@cipherstash/protect-dynamodb'
++import { encryptedDynamoDB } from '@cipherstash/dynamodb'
 
 -const users = csTable('users', {
 -  email: csColumn('email').equality(),
@@ -143,7 +145,8 @@ npm install @cipherstash/stack @cipherstash/drizzle
 
 -const client = await protect({ schemas: [users] })
 +const client = await Encryption({ schemas: [users] })
- const dynamo = protectDynamoDB({ protectClient: client })
+-const dynamo = protectDynamoDB({ protectClient: client })
++const dynamo = encryptedDynamoDB({ encryptionClient: client })
 ```
 
 ## 4. Deprecated aliases
@@ -183,6 +186,11 @@ ProtectColumn                  →  EncryptedColumn
 ProtectValue                   →  EncryptedValue
 ProtectTableColumn             →  EncryptedTableColumn
 ProtectOperation               →  EncryptionOperation
+extractProtectSchema           →  extractEncryptionSchema
+createProtectOperators         →  createEncryptionOperators
+@cipherstash/protect-dynamodb  →  @cipherstash/dynamodb
+protectDynamoDB                →  encryptedDynamoDB
+protectClient                  →  encryptionClient
 ```
 
 > **Important**: Run the more specific replacements first (e.g., `@cipherstash/protect/identify` before `@cipherstash/protect`) to avoid partial matches.
diff --git a/docs/concepts/searchable-encryption.md b/docs/concepts/searchable-encryption.md
@@ -98,7 +98,7 @@ Using the above approach, Stash Encryption is generating the EQL payloads and wh
 So does this solve the original problem of searching on encrypted data?
 
 ```sql
-# SELECT * FROM users WHERE WHERE cs_unique_v2(email) = cs_unique_v2(eql_payload_created_by_protect);
+# SELECT * FROM users WHERE WHERE cs_unique_v2(email) = cs_unique_v2(eql_payload_created_by_encryption);
  id |      name      |           email
 ----+----------------+----------------------------
   1 | Alice Johnson  | mBbKmsMMkbKBSN...
diff --git a/docs/getting-started.md b/docs/getting-started.md
@@ -47,8 +47,8 @@ If you're following this getting started guide with an existing app, skip to [th
 If you're following this getting started guide with a clean slate, create a basic structure by running:
 
 ```bash
-mkdir -p protect-example/src/encryption
-cd protect-example
+mkdir -p encryption-example/src/encryption
+cd encryption-example
 git init
 npm init -y
 ```
diff --git a/examples/dynamo/src/bulk-operations.ts b/examples/dynamo/src/bulk-operations.ts
@@ -34,9 +34,9 @@ const main = async () => {
 
   const items = [
     {
-      // `pk` won't be encrypted because it's not included in the `users` protected table schema.
+      // `pk` won't be encrypted because it's not included in the `users` encrypted table schema.
       pk: 'user#1',
-      // `email` will be encrypted because it's included in the `users` protected table schema.
+      // `email` will be encrypted because it's included in the `users` encrypted table schema.
       email: 'abc@example.com',
     },
     {
diff --git a/examples/dynamo/src/encrypted-key-in-gsi.ts b/examples/dynamo/src/encrypted-key-in-gsi.ts
@@ -49,9 +49,9 @@ const main = async () => {
   })
 
   const user = {
-    // `pk` won't be encrypted because it's not included in the `users` protected table schema.
+    // `pk` won't be encrypted because it's not included in the `users` encrypted table schema.
     pk: 'user#1',
-    // `email` will be encrypted because it's included in the `users` protected table schema.
+    // `email` will be encrypted because it's included in the `users` encrypted table schema.
     email: 'abc@example.com',
   }
 
diff --git a/examples/dynamo/src/encrypted-partition-key.ts b/examples/dynamo/src/encrypted-partition-key.ts
@@ -32,9 +32,9 @@ const main = async () => {
   })
 
   const user = {
-    // `email` will be encrypted because it's included in the `users` protected table schema.
+    // `email` will be encrypted because it's included in the `users` encrypted table schema.
     email: 'abc@example.com',
-    // `somePlaintextAttr` won't be encrypted because it's not in the protected table schema.
+    // `somePlaintextAttr` won't be encrypted because it's not in the encrypted table schema.
     somePlaintextAttr: 'abc',
   }
 
diff --git a/examples/dynamo/src/encrypted-sort-key.ts b/examples/dynamo/src/encrypted-sort-key.ts
@@ -41,9 +41,9 @@ const main = async () => {
   })
 
   const user = {
-    // `pk` won't be encrypted because it's not in the protected table schema.
+    // `pk` won't be encrypted because it's not in the encrypted table schema.
     pk: 'user#1',
-    // `email` will be encrypted because it's included in the `users` protected table schema.
+    // `email` will be encrypted because it's included in the `users` encrypted table schema.
     email: 'abc@example.com',
   }
 
diff --git a/examples/dynamo/src/export-to-pg.ts b/examples/dynamo/src/export-to-pg.ts
@@ -36,9 +36,9 @@ const main = async () => {
   })
 
   const user = {
-    // `pk` won't be encrypted because it's not included in the `users` protected table schema.
+    // `pk` won't be encrypted because it's not included in the `users` encrypted table schema.
     pk: 'user#1',
-    // `email` will be encrypted because it's included in the `users` protected table schema.
+    // `email` will be encrypted because it's included in the `users` encrypted table schema.
     email: 'abc@example.com',
   }
 
diff --git a/examples/dynamo/src/simple.ts b/examples/dynamo/src/simple.ts
@@ -33,9 +33,9 @@ const main = async () => {
   })
 
   const user = {
-    // `pk` won't be encrypted because it's not included in the `users` protected table schema.
+    // `pk` won't be encrypted because it's not included in the `users` encrypted table schema.
     pk: 'user#1',
-    // `email` will be encrypted because it's included in the `users` protected table schema.
+    // `email` will be encrypted because it's included in the `users` encrypted table schema.
     email: 'abc@example.com',
   }
 
diff --git a/examples/hono-supabase/README.md b/examples/hono-supabase/README.md
@@ -52,8 +52,8 @@ This project demonstrates how to encrypt data using [@cipherstash/stack](https:/
 ### 1. Clone the repository
 
 ```bash
-git clone https://github.com/cipherstash/jsprotect.git
-cd jsprotect/examples/hono-supabase
+git clone https://github.com/cipherstash/protectjs.git
+cd protectjs/examples/hono-supabase
 ```
 
 ### 2. Install dependencies
diff --git a/examples/nest/README.md b/examples/nest/README.md
@@ -24,7 +24,7 @@ CS_CLIENT_ACCESS_KEY=
 ```
 
 ### How encryption works here
-- `src/protect/schema.ts` defines tables with `.equality()`, `.orderAndRange()`, `.freeTextSearch()` for searchable encryption on Postgres.
+- `src/encryption/schema.ts` defines tables with `.equality()`, `.orderAndRange()`, `.freeTextSearch()` for searchable encryption on Postgres.
 - `EncryptionModule` initializes an `EncryptionClient` with those schemas and injects an `EncryptionService`.
 - `AppService` uses `encryptModel`/`decryptModel` and bulk variants to demonstrate single and bulk flows.
 
diff --git a/examples/nest/src/encryption/encryption.module.ts b/examples/nest/src/encryption/encryption.module.ts
@@ -37,7 +37,7 @@ export class EncryptionModule {
               clientKey: clientKey ?? '',
               clientAccessKey: clientAccessKey ?? '',
               logLevel: configService.get<'debug' | 'info' | 'error'>(
-                'PROTECT_LOG_LEVEL',
+                'CS_LOG_LEVEL',
                 'info',
               ),
               ...config,
diff --git a/examples/next-drizzle-mysql/.env.example b/examples/next-drizzle-mysql/.env.example
@@ -1,4 +1,4 @@
-DATABASE_URL=mysql://protect_example:password@127.0.0.1:3306/protect_example
+DATABASE_URL=mysql://encryption_example:password@127.0.0.1:3306/encryption_example
 CS_CLIENT_ID=
 CS_CLIENT_KEY=
 CS_CLIENT_ACCESS_KEY=
diff --git a/examples/next-drizzle-mysql/README.md b/examples/next-drizzle-mysql/README.md
@@ -4,7 +4,7 @@ This example demonstrates how to build a modern web application using:
 - [Next.js](https://nextjs.org/) - React framework for production
 - [Drizzle ORM](https://orm.drizzle.team/) - TypeScript ORM for SQL databases
 - [MySQL](https://www.mysql.com/) - Popular open-source relational database
-- [Stash Encryption](https://cipherstash.com/protect) - Data protection and encryption library
+- [Stash Encryption](https://github.com/cipherstash/protectjs) - Data protection and encryption library
 
 ## Features
 
@@ -73,5 +73,5 @@ The application will be available at `http://localhost:3000`.
 
 - [Next.js Documentation](https://nextjs.org/docs)
 - [Drizzle ORM Documentation](https://orm.drizzle.team/docs/overview)
-- [Stash Encryption Documentation](https://cipherstash.com/protect/docs)
+- [Stash Encryption Documentation](https://github.com/cipherstash/protectjs#documentation)
 - [MySQL Documentation](https://dev.mysql.com/doc/)
diff --git a/examples/next-drizzle-mysql/docker-compose.yml b/examples/next-drizzle-mysql/docker-compose.yml
@@ -4,8 +4,8 @@ services:
     image: mysql:latest
     environment:
       MYSQL_ROOT_PASSWORD: password
-      MYSQL_DATABASE: protect_example
-      MYSQL_USER: protect_example
+      MYSQL_DATABASE: encryption_example
+      MYSQL_USER: encryption_example
       MYSQL_PASSWORD: password
     ports:
       - "3306:3306"
diff --git a/examples/next-drizzle-mysql/drizzle.config.ts b/examples/next-drizzle-mysql/drizzle.config.ts
@@ -6,10 +6,10 @@ export default defineConfig({
   dbCredentials: {
     host: '127.0.0.1',
     port: 3306,
-    user: 'protect_example',
+    user: 'encryption_example',
     password: 'password',
-    database: 'protect_example',
+    database: 'encryption_example',
   },
 })
 
-// mysql://protect_example:password@127.0.0.1:3306/protect_example
+// mysql://encryption_example:password@127.0.0.1:3306/encryption_example
diff --git a/examples/nextjs-clerk/src/core/db/schema.ts b/examples/nextjs-clerk/src/core/db/schema.ts
@@ -1,6 +1,6 @@
 import { jsonb, pgTable, serial, varchar } from 'drizzle-orm/pg-core'
 
-// Data that is encrypted using protectjs is stored as jsonb in postgres
+// Data that is encrypted using CipherStash is stored as jsonb in postgres
 // ---
 // This example does not include any searchable encrypted fields
 // If you want to search on encrypted fields, you will need to install EQL.
diff --git a/packages/dynamodb/README.md b/packages/dynamodb/README.md
@@ -26,7 +26,7 @@ import { encryptedDynamoDB } from '@cipherstash/protect-dynamodb'
 import { Encryption, encryptedColumn, encryptedTable } from '@cipherstash/stack'
 import { PutCommand, GetCommand } from '@aws-sdk/lib-dynamodb'
 
-// Define your protected table schema
+// Define your encrypted table schema
 const users = encryptedTable('users', {
   email: encryptedColumn('email').equality(),
 })
diff --git a/packages/dynamodb/__tests__/dynamodb.test.ts b/packages/dynamodb/__tests__/dynamodb.test.ts
@@ -21,8 +21,8 @@ const schema = encryptedTable('dynamo_cipherstash_test', {
     protected: encryptedValue('example.protected'),
     deep: {
       protected: encryptedValue('example.deep.protected'),
-      protectNestedJson: encryptedValue(
-        'example.deep.protectNestedJson',
+      encryptedNestedJson: encryptedValue(
+        'example.deep.encryptedNestedJson',
       ).dataType('json'),
     },
   },
@@ -76,7 +76,7 @@ describe('dynamodb helpers', () => {
         deep: {
           protected: 'deep protected',
           notProtected: 'deep not protected',
-          protectNestedJson: {
+          encryptedNestedJson: {
             hello: 'world',
           },
         },

Original file line number	Diff line number	Diff line change
`@@ -34,9 +34,9 @@ const main = async () => {`
`34`	`34`
`35`	`35`	`const items = [`
`36`	`36`	`{`
`37`		- // `pk` won't be encrypted because it's not included in the `users` protected table schema.
	`37`	+ // `pk` won't be encrypted because it's not included in the `users` encrypted table schema.
`38`	`38`	`pk: 'user#1',`
`39`		- // `email` will be encrypted because it's included in the `users` protected table schema.
	`39`	+ // `email` will be encrypted because it's included in the `users` encrypted table schema.
`40`	`40`	`email: 'abc@example.com',`
`41`	`41`	`},`
`42`	`42`	`{`