Server-side deciphering library for compiled s2client reads
npm install @compilers/s2decipherServer-side counterpart to s2client.
This package is responsible for deciphering compiled client intent into
SQL and parameters. It intentionally stops short of execution.
---
- Decodes and decrypts encrypted payloads produced at build time
- Restores the original SQL query and static metadata
- Re-attaches runtime parameters
- Applies minimal semantic guards (e.g. SELECT-only)
- Returns { sql, params, meta } for application-owned execution
This package does not execute SQL.
---
``bash``
npm install @compilers/s2decipher
---
`ts
import { decipherRead } from "@compilers/s2decipher"
app.post("/api/read", (req, res) => {
const { sql, params } = decipherRead(req.body)
const rows = db.query(sql, params)
res.json(rows)
})
`
---
`ts``
decipherRead(
body: {
payload: string
params?: Record
},
options?: {
dev?: boolean
}
): {
sql: string
params: Record
meta?: Record
}
* payload
Base64-encoded, AES-encrypted artifact generated by the compiler. Contains
SQL and static metadata.
* params
Runtime parameters supplied by the client.
* options.dev
Enables plaintext SQL and verbose inspection for development.
---
* Encryption protects SQL confidentiality in client bundles and transit
* Deciphering restores intent on the server
* Execution is owned by the application
* Authentication and authorization are explicitly out of scope
This package assumes outer layers (JWT, mTLS, API keys, etc.) handle authority.
---
* ❌ SQL execution
* ❌ Database drivers or pooling
* ❌ Authentication / authorization
* ❌ ORM or query builders
* ❌ Framework-specific adapters
---
> Intent is declared in JavaScript, sealed by the compiler, and deciphered on the server.
---
MIT