docs: add Doxygen infrastructure and tooling

tobyhede · tobyhede · commit 91aba3eb464b · 2025-10-29T12:49:35.000+11:00
Add complete Doxygen generation and validation infrastructure: **Configuration:** - Doxyfile - Doxygen configuration for HTML/LaTeX output - CLAUDE.md - Documentation standards and guidelines **Validation Scripts:** - tasks/check-doc-coverage.sh - Verify documentation coverage - tasks/validate-required-tags.sh - Ensure required tags present - tasks/doxygen-filter.sh - SQL-to-C++ comment filter for Doxygen **Mise Tasks:** - docs:generate - Generate API documentation - docs:validate - Run coverage and tag validation Source: phase-4-doxygen branch (commits 2e53216, ee96e15, e8debb0, etc.)
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -0,0 +1,148 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Development Commands
+
+This project uses `mise` for task management. Common commands:
+
+- `mise run build` (alias: `mise r b`) - Build SQL into single release file
+- `mise run test` (alias: `mise r test`) - Build, reset and run tests
+- `mise run postgres:up` - Start PostgreSQL container
+- `mise run postgres:down` - Stop PostgreSQL containers
+- `mise run reset` - Reset database state
+- `mise run clean` (alias: `mise r k`) - Clean release files
+- `mise run docs:generate` - Generate API documentation (requires doxygen)
+- `mise run docs:validate` - Validate documentation coverage and tags
+
+### Testing
+- Run all tests: `mise run test`
+- Run specific test: `mise run test --test <test_name>`
+- Run tests against specific PostgreSQL version: `mise run test --postgres 14|15|16|17`
+- Tests are located in `*_test.sql` files alongside source code
+
+### Build System
+- Dependencies are resolved using `-- REQUIRE:` comments in SQL files
+- Build outputs to `release/` directory:
+  - `cipherstash-encrypt.sql` - Main installer
+  - `cipherstash-encrypt-supabase.sql` - Supabase-compatible installer
+  - `cipherstash-encrypt-uninstall.sql` - Uninstaller
+
+## Project Architecture
+
+This is the **Encrypt Query Language (EQL)** - a PostgreSQL extension for searchable encryption. Key architectural components:
+
+### Core Structure
+- **Schema**: All EQL functions/types are in `eql_v2` PostgreSQL schema
+- **Main Type**: `eql_v2_encrypted` - composite type for encrypted columns (stored as JSONB)
+- **Configuration**: `eql_v2_configuration` table tracks encryption configs
+- **Index Types**: Various encrypted index types (blake3, hmac_256, bloom_filter, ore variants)
+
+### Directory Structure
+- `src/` - Modular SQL components with dependency management
+- `src/encrypted/` - Core encrypted column type implementation
+- `src/operators/` - SQL operators for encrypted data comparisons
+- `src/config/` - Configuration management functions
+- `src/blake3/`, `src/hmac_256/`, `src/bloom_filter/`, `src/ore_*` - Index implementations
+- `tasks/` - mise task scripts
+- `tests/` - Test files (PostgreSQL 14-17 support)
+- `release/` - Generated SQL installation files
+
+### Key Concepts
+- **Dependency System**: SQL files declare dependencies via `-- REQUIRE:` comments
+- **Encrypted Data**: Stored as JSONB payloads with metadata
+- **Index Terms**: Transient types for search operations (blake3, hmac_256, etc.)
+- **Operators**: Support comparisons between encrypted and plain JSONB data
+- **CipherStash Proxy**: Required for encryption/decryption operations
+
+### Testing Infrastructure
+- Tests run against PostgreSQL 14, 15, 16, 17 using Docker containers
+- Container configuration in `tests/docker-compose.yml`
+- Test helpers in `tests/test_helpers.sql`
+- Database connection: `localhost:7432` (cipherstash/password)
+- **Rust/SQLx Tests**: Modern test framework in `tests/sqlx/` (see README there)
+
+## Project Learning & Retrospectives
+
+Valuable lessons and insights from completed work:
+
+- **SQLx Test Migration (2025-10-24)**: See `docs/retrospectives/2025-10-24-sqlx-migration-retrospective.md`
+  - Migrated 40 SQL assertions to Rust/SQLx (100% coverage)
+  - Key insights: Blake3 vs HMAC differences, batch-review pattern effectiveness, coverage metric definitions
+  - Lessons: TDD catches setup issues, infrastructure investment pays off, code review after each batch prevents compound errors
+
+## Documentation Standards
+
+### Doxygen Comments
+
+All SQL functions and types must be documented using Doxygen-style comments:
+
+- **Comment Style**: Use `--!` prefix for Doxygen comments (not `--`)
+- **Required Tags**:
+  - `@brief` - Short description (required for all functions/files)
+  - `@param` - Parameter description (required for functions with parameters)
+  - `@return` - Return value description (required for functions with non-void returns)
+- **Optional Tags**:
+  - `@throws` - Exception conditions
+  - `@note` - Important notes or caveats
+  - `@warning` - Warning messages (e.g., for DDL-executing functions)
+  - `@see` - Cross-references to related functions
+  - `@example` - Usage examples
+  - `@internal` - Mark internal/private functions
+  - `@file` - File-level documentation
+
+### Documentation Example
+
+```sql
+--! @brief Create encrypted index configuration
+--!
+--! Initializes a new encrypted index configuration for a table column.
+--! The configuration tracks encryption settings and index types.
+--!
+--! @param p_table_name text Table name (schema-qualified)
+--! @param p_column_name text Column name to encrypt
+--! @param p_index_type text Type of encrypted index (blake3, hmac_256, etc.)
+--!
+--! @return uuid Configuration ID for the created index
+--!
+--! @throws unique_violation If configuration already exists for this column
+--!
+--! @note This function executes DDL and modifies database schema
+--! @see eql_v2.activate_encrypted_index
+--!
+--! @example
+--! -- Create blake3 index configuration
+--! SELECT eql_v2.create_encrypted_index(
+--!   'public.users',
+--!   'email',
+--!   'blake3'
+--! );
+CREATE FUNCTION eql_v2.create_encrypted_index(...)
+```
+
+### Validation Tools
+
+Verify documentation quality:
+
+```bash
+# Using mise (recommended - validates coverage and tags)
+mise run docs:validate
+
+# Or run individual scripts directly
+tasks/check-doc-coverage.sh      # Check 100% coverage
+tasks/validate-required-tags.sh  # Verify @brief, @param, @return tags
+tasks/validate-documented-sql.sh # Validate SQL syntax (requires database)
+```
+
+### Template Files
+
+Template files (e.g., `version.template`) must be documented. The Doxygen comments are automatically included in generated files during build.
+
+## Development Notes
+
+- SQL files are modular - put operator wrappers in `operators.sql`, implementation in `functions.sql`
+- All SQL files must have `-- REQUIRE:` dependency declarations
+- Test files end with `_test.sql` and live alongside source files
+- Build system uses `tsort` to resolve dependency order
+- Supabase build excludes operator classes (not supported)
+- **Documentation**: All functions/types must have Doxygen comments (see Documentation Standards above)
diff --git a/Doxyfile b/Doxyfile
@@ -0,0 +1,95 @@
+# Doxyfile for Encrypt Query Language (EQL)
+# PostgreSQL extension for searchable encryption
+
+#---------------------------------------------------------------------------
+# Project Settings
+#---------------------------------------------------------------------------
+
+PROJECT_NAME           = "Encrypt Query Language (EQL)"
+PROJECT_NUMBER         = "2.x"
+PROJECT_BRIEF          = "PostgreSQL extension for searchable encryption"
+
+OUTPUT_DIRECTORY       = docs/api
+CREATE_SUBDIRS         = NO
+
+#---------------------------------------------------------------------------
+# Build Settings
+#---------------------------------------------------------------------------
+
+GENERATE_HTML          = YES
+GENERATE_LATEX         = NO
+GENERATE_XML           = NO
+GENERATE_MAN           = NO
+
+HTML_OUTPUT            = html
+HTML_FILE_EXTENSION    = .html
+HTML_DYNAMIC_SECTIONS  = YES
+
+#---------------------------------------------------------------------------
+# Input Settings
+#---------------------------------------------------------------------------
+
+INPUT                  = src/
+FILE_PATTERNS          = *.sql *.template
+RECURSIVE              = YES
+EXCLUDE_PATTERNS       = *_test.sql
+
+# Treat SQL files as C++ for parsing
+EXTENSION_MAPPING      = sql=C++ template=C++
+
+# CRITICAL: Input filter to convert SQL comments (--!) to C++ style (//!)
+# This is REQUIRED for Doxygen to recognize SQL comments
+INPUT_FILTER           = "tasks/doxygen-filter.sh"
+FILTER_SOURCE_FILES    = YES
+
+#---------------------------------------------------------------------------
+# Extraction Settings
+#---------------------------------------------------------------------------
+
+EXTRACT_ALL            = YES
+EXTRACT_PRIVATE        = YES
+EXTRACT_STATIC         = YES
+
+HIDE_UNDOC_MEMBERS     = NO
+HIDE_UNDOC_CLASSES     = NO
+
+SHOW_FILES             = YES
+SHOW_NAMESPACES        = YES
+
+#---------------------------------------------------------------------------
+# Documentation Settings
+#---------------------------------------------------------------------------
+
+JAVADOC_AUTOBRIEF      = YES
+OPTIMIZE_OUTPUT_FOR_C  = YES
+
+#---------------------------------------------------------------------------
+# Warning Settings
+#---------------------------------------------------------------------------
+
+QUIET                  = NO
+WARNINGS               = YES
+WARN_IF_UNDOCUMENTED   = NO
+WARN_IF_DOC_ERROR      = YES
+WARN_NO_PARAMDOC       = NO
+
+#---------------------------------------------------------------------------
+# Source Browsing
+#---------------------------------------------------------------------------
+
+SOURCE_BROWSER         = YES
+INLINE_SOURCES         = NO
+REFERENCED_BY_RELATION = YES
+REFERENCES_RELATION    = YES
+
+#---------------------------------------------------------------------------
+# Alphabetical Index
+#---------------------------------------------------------------------------
+
+ALPHABETICAL_INDEX     = YES
+
+#---------------------------------------------------------------------------
+# Search Engine
+#---------------------------------------------------------------------------
+
+SEARCHENGINE           = YES
diff --git a/mise.toml b/mise.toml
@@ -23,3 +23,21 @@ run = """
   rm -f release/cipherstash-encrypt-uninstall.sql
   rm -f release/cipherstash-encrypt.sql
 """
+
+[tasks."docs:generate"]
+description = "Generate API documentation with Doxygen"
+run = """
+  echo "Generating API documentation..."
+  doxygen Doxyfile
+  echo "Documentation generated at docs/api/html/index.html"
+"""
+
+[tasks."docs:validate"]
+description = "Validate SQL documentation"
+run = """
+  echo "Checking documentation coverage..."
+  ./tasks/check-doc-coverage.sh
+  echo ""
+  echo "Validating required tags..."
+  ./tasks/validate-required-tags.sh
+"""
diff --git a/tasks/check-doc-coverage.sh b/tasks/check-doc-coverage.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+# tasks/check-doc-coverage.sh
+# Checks documentation coverage for SQL files
+
+set -e
+
+cd "$(dirname "$0")/.."
+
+echo "# SQL Documentation Coverage Report"
+echo ""
+echo "Generated: $(date)"
+echo ""
+
+total_sql_files=0
+documented_sql_files=0
+
+# Check .sql files
+for file in $(find src -name "*.sql" -not -name "*_test.sql" | sort); do
+  # Skip auto-generated files
+  if grep -q "^-- AUTOMATICALLY GENERATED FILE" "$file" 2>/dev/null; then
+    echo "- $file: ⊘ Auto-generated (skipped)"
+    continue
+  fi
+
+  total_sql_files=$((total_sql_files + 1))
+
+  if grep -q "^--! @brief" "$file" 2>/dev/null; then
+    echo "- $file: ✓ Documented"
+    documented_sql_files=$((documented_sql_files + 1))
+  else
+    echo "- $file: ✗ No documentation"
+  fi
+done
+
+# Check .template files
+total_template_files=0
+documented_template_files=0
+
+for file in $(find src -name "*.template" | sort); do
+  total_template_files=$((total_template_files + 1))
+
+  if grep -q "^--! @brief" "$file" 2>/dev/null; then
+    echo "- $file: ✓ Documented"
+    documented_template_files=$((documented_template_files + 1))
+  else
+    echo "- $file: ✗ No documentation"
+  fi
+done
+
+total_files=$((total_sql_files + total_template_files))
+documented_files=$((documented_sql_files + documented_template_files))
+
+echo ""
+echo "## Summary"
+echo ""
+echo "- SQL files: $documented_sql_files/$total_sql_files"
+echo "- Template files: $documented_template_files/$total_template_files"
+echo "- Total files: $documented_files/$total_files"
+
+if [ $total_files -gt 0 ]; then
+  coverage=$((documented_files * 100 / total_files))
+  echo "- Coverage: ${coverage}%"
+else
+  coverage=0
+fi
+
+echo ""
+
+if [ $coverage -eq 100 ]; then
+  echo "✅ 100% documentation coverage achieved!"
+  exit 0
+else
+  echo "⚠️  Documentation coverage: ${coverage}%"
+  exit 1
+fi
diff --git a/tasks/doxygen-filter.sh b/tasks/doxygen-filter.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+# Doxygen input filter for SQL files
+# Converts SQL-style comments (--!) to C++-style comments (//!)
+
+sed 's/^--!/\/\/!/g' "$1"
diff --git a/tasks/validate-required-tags.sh b/tasks/validate-required-tags.sh
