feat(scalars): add eql_v3.timestamptz encrypted-domain type (equality-only)

[tobyhede]

What

Add eql_v3.timestamptz as an equality-only encrypted-domain scalar (storage + _eq via HMAC; = / <>). Ordering is deferred: cipherstash encrypts Plaintext::Timestamp at 12-block ORE width but EQL's only ORE comparator is 8-block, so an ordered domain would silently mis-order.

Rides the generalized harness (#261)

Rebased onto v3-scalar-harness-reduction, the per-type surface is +259 / 5 files (was +671 / 10). The whole type is:

• catalog row (eql-scalars): ScalarKind::Timestamptz, Fixture::Timestamptz, EQ_ONLY_DOMAINS, the TIMESTAMPTZ spec + CATALOG append.
• one temporal_values! call (scalar_domains.rs):

temporal_values! {
    cell = TIMESTAMPTZ_VALUES_CELL, accessor = timestamptz_values,
    rust_type = chrono::DateTime<chrono::Utc>, spec = eql_scalars::TIMESTAMPTZ,
    variant = Timestamptz, pg_type = "timestamptz",
    parse = |s| DateTime::parse_from_rfc3339(s).unwrap().with_timezone(&Utc),
    min_pivot = .., max_pivot = .., sql_lit = |v| format!("'{}'", v.to_rfc3339()),
}

• one bare dispatch line (scalar_types.rs): timestamptz => chrono::DateTime<chrono::Utc>,
• cast wiring (eql_plaintext.rs) + CHANGELOG.

No marker, no second snapshot, no macro change — the catalog's eq-only domain shape drives everything: the emitter picks scalar_matrix! { caps = [eq] }, and the inventory derives its eq-only name subset from the single baseline.

Status / verification

• cargo test -p eql-scalars → 43 passed (incl. timestamptz_*)
• matrix inventory → timestamptz: eq_only (derived, no second snapshot)
• full matrix (target 895 passed) + release/*.sql identical to the pre-rebase commit — verification in progress
• base retarget to v3-scalar-harness-reduction + force-push (--force-with-lease) — pending (depends on refactor(scalars): generalize the test harness (catalog-driven shape, temporal_values!, unified scalar_matrix!) #261)

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c15e0882-70a0-48e4-a2b5-fa3a7f5b1016

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch v3-domain-type-timestamptz

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[auxesis]

Nice works, thanks @tobyhede.

[auxesis]

Claude identified two gaps, which are posted inline.

There are two other gaps not posted inline:

• to_sql_literal RFC3339 rendering is not unit-pinned. tests/sqlx/src/scalar_domains.rs:230 uses format!("'{}'", v.to_rfc3339()) — a new, timestamptz-specific path distinct from date's Display-based sql_lit. It's exercised transitively by the matrix (via fetch_fixture_payload), but no focused test pins the literal form. A one-liner — assert_eq!(<chrono::DateTime<chrono::Utc> as ScalarType>::to_sql_literal(Default::default()), "'1970-01-01T00:00:00+00:00'") — would lock it and catch a stray format change.
• to_plaintext roundtrip only covers the epoch. datetime_utc_to_plaintext_wraps_in_timestamp_variant (eql_plaintext.rs) uses DateTime::<Utc>::default(); a value carrying a time-of-day (e.g. one of the …T23:20:50Z fixtures) would be a marginally stronger roundtrip, though the existing assert_eq!(value, ts) is already value-generic. Low priority.

[auxesis]

Missing tests need addressing.