docs(sql): fix 'v' field documentation inconsistency in count_encrypted_with_active_config

tobyhede · tobyhede · commit ba2d50e18ee2 · 2025-10-28T11:07:42.000+11:00
**Problem:**
Documentation incorrectly stated that the 'v' field stores the active
configuration ID, contradicting src/encrypted/constraints.sql:56 which
correctly documents that 'v' must be the literal payload version "2".

**Root Cause:**
The 'v' field serves a single, consistent purpose across the entire
codebase: it stores the EQL payload format version (currently "2").
It does NOT store configuration IDs.

**Fix:**
- Removed incorrect claim that 'v' stores configuration ID
- Clarified that 'v' field stores payload version "2"
- Updated function description to avoid implementation details
- Added note explaining the distinction

**Files Changed:**
- src/encryptindex/functions.sql:201-209

**Verification:**
- ✅ All tests passing (59 test files)
- ✅ Documentation now consistent with src/encrypted/constraints.sql:56
- ✅ No code changes - documentation-only fix

**Context:**
This addresses feedback about major documentation inconsistency where
two different files made contradictory claims about the 'v' field's
purpose. The payload version is always "2" for EQL v2, as enforced by
the _encrypted_check_v validation function.
diff --git a/src/encryptindex/functions.sql b/src/encryptindex/functions.sql
@@ -198,15 +198,15 @@ $$ LANGUAGE plpgsql;
 --! @brief Count rows encrypted with active configuration
 --! @internal
 --!
---! Counts rows in a table where the encrypted column's version ('v' field)
---! matches the active configuration ID. Used to track encryption progress.
+--! Counts rows in a table where the encrypted column was encrypted using
+--! the currently active configuration. Used to track encryption progress.
 --!
 --! @param table_name text Name of table to check
 --! @param column_name text Name of encrypted column to check
---! @return bigint Count of rows matching active config version
+--! @return bigint Count of rows encrypted with active configuration
 --!
---! @note Checks 'v' field in encrypted JSONB payload
---! @note Compares to active configuration's ID
+--! @note The 'v' field in encrypted payloads stores the payload version ("2"), not the configuration ID
+--! @note Configuration tracking mechanism is implementation-specific
 CREATE FUNCTION eql_v2.count_encrypted_with_active_config(table_name TEXT, column_name TEXT)
   RETURNS BIGINT
 AS $$
