Skip to content

feat(eql-mapper): JSONB containment operator transformation (@> and <@) #339

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tobyhede merged 40 commits into from
Dec 15, 2025
Merged

feat(eql-mapper): JSONB containment operator transformation (@> and <@) #339

tobyhede merged 40 commits into from
Dec 15, 2025

Conversation

@tobyhede
Copy link
Contributor

@tobyhede tobyhede commented Dec 11, 2025
edited
Loading

Adds support for transforming JSONB containment operators (@> and <@) to EQL function calls, enabling GIN index usage with encrypted JSONB columns.

Key changes:

  • Add RewriteContainmentOps transformation rule that converts @> to eql_v2.jsonb_contains() and <@ to eql_v2.jsonb_contained_by()
  • Only rewrite when at least one operand is EQL-typed (preserves native JSONB operations)
  • Add EXPLAIN statement support for type checking
  • Comprehensive integration test coverage for all operand type combinations

Test Coverage Matrix

Test Pattern Protocol Result
encrypted_contains_param e @> $1 Extended 50 rows
encrypted_contains_literal e @> 'json' Simple 50 rows
param_contains_encrypted $1 @> e Extended 1 row (exact match)
literal_contains_encrypted 'json' @> e Simple 1 row (exact match)
jsonb_contains_function_works eql_v2.jsonb_contains() Extended 50 rows

Test plan

  • Unit tests for containment operator transformation
  • Integration tests for all operand combinations (param/literal × LHS/RHS)
  • Tests pass in parallel execution
  • Full integration test suite

@tobyhede tobyhede changed the title WIP proxy converts jsonb containment to eql function call feat(eql-mapper): JSONB containment operator transformation (@> and <@) Dec 12, 2025
freshtonic
freshtonic approved these changes Dec 12, 2025
View reviewed changes
Copy link
Contributor

@freshtonic freshtonic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is Very Good. Testing looks thorough too.

I'm glad that the bus factor on EQL Mapper is > 1.

@tobyhede
Copy link
Contributor Author

tobyhede commented Dec 13, 2025

NOTE: build failing because proxy needs to use the new version of EQL. Will fix once that is merged.

@tobyhede tobyhede force-pushed the feature/gin-jsonb-containment-tests branch from cf15b60 to 144d8fe Compare December 14, 2025 01:30
@tobyhede
fix(clippy): replace map_or_else with unwrap_or_else for identity clo…
5087f57 
…sure

The identity closure |t| t in map_or_else is unnecessary.
Using unwrap_or_else is more idiomatic when the Some value
doesn't need transformation.
@tobyhede tobyhede force-pushed the feature/gin-jsonb-containment-tests branch 5 times, most recently from 8e21923 to 3f7b5e8 Compare December 15, 2025 01:09
@tobyhede
test: add jsonb_containment_index module skeleton
d30cc4a
@tobyhede
test: add GIN index helper functions for containment tests
01b1748
@tobyhede
test: add baseline test verifying seq scan without GIN index
13562ae
@tobyhede
test: add @> operator GIN index usage test
101c503
@tobyhede
test: optimize bulk insert and fix SQL syntax in GIN index tests
e253142
@tobyhede
feat(eql-mapper): add jsonb_array, jsonb_contains, jsonb_contained_by…
45fb72c 
… function declarations
@tobyhede
test(eql-mapper): add tests for jsonb_array, jsonb_contains, jsonb_co…
868f52d 
…ntained_by functions
@tobyhede
feat(eql-mapper): add RewriteContainmentOps transformation rule
c113ca5
@tobyhede
feat(eql-mapper): wire RewriteContainmentOps into transformation pipe…
6182ca8 
…line
@tobyhede
test(eql-mapper): add unit tests for containment operator transformat…
8045668 
…ions
@tobyhede
test(integration): update tests to use direct @> operator
33c774a
@tobyhede
fix(eql-mapper): preserve NodeKey identity and fix transformation order
ebddfe2 
- Use mem::replace instead of clone() to preserve NodeKey identity
  for downstream casting rules in RewriteContainmentOps
- Move RewriteContainmentOps before CastLiteralsAsEncrypted in the
  transformation pipeline so literals are properly encrypted after
  operator rewriting
@tobyhede
feat(eql-mapper): add EXPLAIN statement support for type checking
4d375eb 
- Add Statement::Explain to requires_type_check() so EXPLAIN queries
  are processed through the type inference pipeline
- Handle EXPLAIN in statement type inference with empty projection
@tobyhede
test(eql-mapper): add test for EXPLAIN with containment operator
9ed4707
@tobyhede
test(integration): WIP - jsonb containment index tests with direct @>…
52f1f1b 
… operator

Work in progress integration tests for JSONB containment operations.
Tests use direct @> operator to verify GIN index usage with encrypted columns.
@tobyhede
fix(eql-mapper): check EQL types before rewriting containment operators
9be7681 
RewriteContainmentOps was unconditionally rewriting all @> and <@
operators without verifying that operands were EQL-typed. This caused
issues with native JSONB operations.

Key changes:
- Added uses_eql_type() and is_eql_typed() methods to check node_types
- would_edit() now uses node_path.last_1_as() to get original AST nodes
  with correct NodeKey identity (matching type inference)
- Only rewrites when at least one operand is EQL-typed
- Removed #[allow(dead_code)] since node_types is now used

The fix uses node_path instead of target_node because the transformation
framework clones nodes, causing different memory addresses. The node_path
preserves the original AST node references used during type inference.
@tobyhede
feat(integration): add OperandType and QueryProtocol enums for contai…
e7ce483 
…nment tests
@tobyhede
feat(integration): add ContainmentTestCase struct for containment tests
b532646
@tobyhede
feat(integration): add build_sql method to ContainmentTestCase
2d2229d
@tobyhede
feat(integration): add run method to ContainmentTestCase
3161dc8
@tobyhede
feat(integration): add containment_test! macro
f2dcdc9
@tobyhede
refactor(integration): replace manual test with containment_test! macro
1304db0
@tobyhede
test(integration): add encrypted_contains_literal containment test
b7b7bc7
@tobyhede
test(integration): add param_contains_encrypted containment test
e3f90fe
@tobyhede
test(integration): fix parallel test isolation for JSONB containment …
000ec50 
…tests

- Use dedicated ID range (1000000-1000499) for fixture data
- Remove clear() call to avoid data race with parallel tests
- Add ensure_fixture_data() that inserts with ON CONFLICT DO NOTHING
- Filter queries by fixture ID range for test isolation
- All 5 containment tests now pass in parallel execution

Coverage matrix:
- encrypted_contains_param: e @> $1 (extended protocol)
- encrypted_contains_literal: e @> 'json' (simple protocol)
- param_contains_encrypted: $1 @> e (extended protocol)
- literal_contains_encrypted: 'json' @> e (simple protocol)
- jsonb_contains_function_works: eql_v2.jsonb_contains()
@tobyhede
test(integration): use exact match for param/literal @> encrypted tests
41cecc8 
For param_contains_encrypted and literal_contains_encrypted tests:
- Use exact match search value {"string": "value_1", "number": 1}
- This matches exactly 1 row (where the search value equals the stored value)
- Previously these tests returned 0 rows using subset search

Search value now varies by test type:
- column @> search: subset {"string": "value_1"} matches ~50 rows
- search @> column: exact {"string": "value_1", "number": 1} matches 1 row
@tobyhede
refactor(eql-mapper): apply code review suggestions
c30ed7d 
- Add #[inline] hint to uses_eql_type method
- Fix unused variable naming convention (_inner_statement)
@tobyhede
style: apply cargo fmt formatting
a246ee7
@tobyhede
refactor(integration): add FIXTURE_COUNT constant and document variance
40816fb 
- Replace magic number 500 with FIXTURE_COUNT constant
- Add comments explaining variance tolerances for test assertions
@tobyhede
style: fix clippy lints for Rust 1.92
f9bee70 
- Use matches! macro instead of match expression returning bool
- Replace format!() with .to_string() for static strings
- Use unwrap_or_else instead of map_or_else with identity closure
@tobyhede
style: fix manual range contains clippy lint
f8cb73e 
Use (40..=60).contains(&count) instead of count >= 40 && count <= 60
@tobyhede
style(eql-mapper): simplify unused variable binding in EXPLAIN handler
9502e04 
Move comment and underscore prefix into pattern destructuring rather
than using a separate let binding to suppress the unused variable warning.
@tobyhede
deps: eql-2.2.1
ec6fee8
@tobyhede
test(integration): remove jsonb type casting from literal tests
4453ea5 
Simplify integration tests by removing unnecessary ::jsonb type casts
from INSERT and SELECT statements. The test macros no longer require
the $cast parameter since jsonb columns don't need explicit casting.
@tobyhede
test(integration): add JSONB encryption sanity check
63631d0 
Add test that detects silent encryption failures by:
- Inserting via proxy (should encrypt)
- Querying directly from PostgreSQL (bypassing proxy)
- Verifying stored value differs from plaintext
- Round-trip verification through proxy

Includes query_direct helpers in common.rs for direct database access.
@tobyhede
docs: document JSONB literals work without explicit type casts
0a33b74 
Add notes to searchable-json.md clarifying that JSONB literals in INSERT,
UPDATE, and containment operations work directly without ::jsonb type
annotations. The proxy infers the JSONB type from the target column.

Also adds docstring to map_jsonb integration test explaining the
intentional absence of type casts.
@tobyhede tobyhede force-pushed the feature/gin-jsonb-containment-tests branch from 3f7b5e8 to 0a33b74 Compare December 15, 2025 01:12
@tobyhede tobyhede force-pushed the feature/gin-jsonb-containment-tests branch from 686eeb1 to 393bbc2 Compare December 15, 2025 01:24
@tobyhede tobyhede force-pushed the feature/gin-jsonb-containment-tests branch 3 times, most recently from 2386818 to 2430fe6 Compare December 15, 2025 02:19
@tobyhede tobyhede force-pushed the feature/gin-jsonb-containment-tests branch from 2430fe6 to 6d5d45c Compare December 15, 2025 02:27
@tobyhede tobyhede merged commit 88c5450 into main Dec 15, 2025
5 checks passed
@tobyhede tobyhede deleted the feature/gin-jsonb-containment-tests branch December 15, 2025 03:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@freshtonic freshtonic freshtonic approved these changes

@coderdan coderdan coderdan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tobyhede @freshtonic @coderdan