sqlrite 1.0.2

RAG-oriented SQLite wrapper for AI agent workloads
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

// Run:
// cargo run --example security_rotation_workflow -- <db-path> <registry-path> <audit-path>
//
// Seeds an encrypted tenant chunk and two tenant keys so rotation and
// verification workflows can be exercised against a file-backed database.

use serde_json::json;
use sqlrite::{
    AccessContext, AllowAllPolicy, ChunkInput, InMemoryTenantKeyRegistry, JsonlAuditLogger, Result,
    RuntimeConfig, SecureSqlRite, SqlRite, TenantKey,
};
use std::path::PathBuf;

fn main() -> Result<()> {
    let args = std::env::args().skip(1).collect::<Vec<_>>();
    let db_path = args
        .first()
        .map(PathBuf::from)
        .unwrap_or_else(|| PathBuf::from("sqlrite_rotation_demo.db"));
    let registry_path = args
        .get(1)
        .map(PathBuf::from)
        .unwrap_or_else(|| PathBuf::from("sqlrite_rotation_keys.json"));
    let audit_path = args
        .get(2)
        .map(PathBuf::from)
        .unwrap_or_else(|| PathBuf::from("sqlrite_rotation_audit.jsonl"));

    let db = SqlRite::open_with_config(&db_path, RuntimeConfig::default())?;
    let audit = JsonlAuditLogger::new(audit_path, vec!["secret_payload".to_string()])?;
    let secure = SecureSqlRite::from_db(db, AllowAllPolicy, audit);

    let keys = InMemoryTenantKeyRegistry::load_from_json_file(&registry_path)?;
    keys.set_key("demo", TenantKey::new("k1", b"secret-key-00001")?, true)?;
    keys.set_key("demo", TenantKey::new("k2", b"secret-key-00002")?, false)?;
    keys.save_to_json_file(&registry_path)?;

    let actor = AccessContext::new("seed-user", "demo");
    secure.ingest_chunks_with_encryption(
        &actor,
        &[ChunkInput::new(
            "rotation-demo-1",
            "rotation-doc-1",
            "Rotation workflow demo content for tenant demo.",
            vec![1.0, 0.0, 0.0],
        )
        .with_metadata(json!({
            "tenant": "demo",
            "secret_payload": "rotatable-secret",
            "compliance_tag": "internal"
        }))],
        &keys,
        &["secret_payload"],
    )?;

    println!("seeded encrypted tenant chunk into {}", db_path.display());
    println!("registry saved to {}", registry_path.display());
    Ok(())
}