@atscript/db 0.1.54 → 0.1.55

package/dist/{nested-writer-BIQ6EfaR.cjs → nested-writer-v_LPR1yJ.cjs}

@@ -1,16 +1,6 @@
+const require_db_error = require("./db-error-D8tQhNgM.cjs");
 const require_relation_helpers = require("./relation-helpers-BYvsE1tR.cjs");
 let _atscript_typescript_utils = require("@atscript/typescript/utils");
-//#region src/db-error.ts
-var DbError = class extends Error {
-	name = "DbError";
-	constructor(code, errors, message) {
-		super(message ?? errors[0]?.message ?? "Database error");
-		this.code = code;
-		this.errors = errors;
-		this.stack = void 0;
-	}
-};
-//#endregion
 //#region src/table/error-utils.ts
 /**
 * Prefixes error paths with a nav field context.
@@ -31,7 +21,7 @@ async function wrapNestedError(navField, fn) {
 		return await fn();
 	} catch (error) {
 		if (error instanceof _atscript_typescript_utils.ValidatorError) throw new _atscript_typescript_utils.ValidatorError(prefixErrorPaths(error.errors, navField));
-		if (error instanceof DbError) throw new DbError(error.code, prefixErrorPaths(error.errors, navField));
+		if (error instanceof require_db_error.DbError) throw new require_db_error.DbError(error.code, prefixErrorPaths(error.errors, navField));
 		throw error;
 	}
 }
@@ -44,14 +34,14 @@ async function enrichFkViolation(meta, fn) {
 	try {
 		return await fn();
 	} catch (error) {
-		if (error instanceof DbError && error.code === "FK_VIOLATION" && error.errors.every((err) => !err.path)) {
+		if (error instanceof require_db_error.DbError && error.code === "FK_VIOLATION" && error.errors.every((err) => !err.path)) {
 			const msg = error.errors[0]?.message ?? error.message;
 			const errors = [];
 			for (const [, fk] of meta.foreignKeys) for (const field of fk.fields) errors.push({
 				path: field,
 				message: msg
 			});
-			throw new DbError("FK_VIOLATION", errors.length > 0 ? errors : error.errors);
+			throw new require_db_error.DbError("FK_VIOLATION", errors.length > 0 ? errors : error.errors);
 		}
 		throw error;
 	}
@@ -64,7 +54,7 @@ async function remapDeleteFkViolation(tableName, fn) {
 	try {
 		return await fn();
 	} catch (error) {
-		if (error instanceof DbError && error.code === "FK_VIOLATION") throw new DbError("CONFLICT", [{
+		if (error instanceof require_db_error.DbError && error.code === "FK_VIOLATION") throw new require_db_error.DbError("CONFLICT", [{
 			path: tableName,
 			message: `Cannot delete from "${tableName}": referenced by child records (RESTRICT)`
 		}]);
@@ -89,10 +79,13 @@ function validateBatch(validator, items, ctx) {
 	for (let i = 0; i < items.length; i++) try {
 		validator.validate(items[i], false, ctx);
 	} catch (error) {
-		if (error instanceof _atscript_typescript_utils.ValidatorError && items.length > 1) throw new _atscript_typescript_utils.ValidatorError(error.errors.map((err) => ({
-			...err,
-			path: `[${i}].${err.path}`
-		})));
+		if (items.length > 1) {
+			if (error instanceof _atscript_typescript_utils.ValidatorError) throw new _atscript_typescript_utils.ValidatorError(error.errors.map((err) => ({
+				...err,
+				path: `[${i}].${err.path}`
+			})));
+			if (error instanceof require_db_error.DepthLimitExceededError) throw new require_db_error.DepthLimitExceededError(`[${i}].${error.field}`, error.declared, error.actual);
+		}
 		throw error;
 	}
 }
@@ -321,13 +314,13 @@ async function batchPatchNestedTo(host, items, maxDepth, depth) {
 					filter: pkFilter,
 					controls: {}
 				});
-				if (!current) throw new DbError("NOT_FOUND", [{
+				if (!current) throw new require_db_error.DbError("NOT_FOUND", [{
 					path: navField,
 					message: `Cannot patch relation '${navField}' — source record not found`
 				}]);
 				fkValue = fk.localFields.length === 1 ? current[fk.localFields[0]] : void 0;
 			}
-			if (fkValue === null || fkValue === void 0) throw new DbError("FK_VIOLATION", [{
+			if (fkValue === null || fkValue === void 0) throw new require_db_error.DbError("FK_VIOLATION", [{
 				path: fk.localFields[0],
 				message: `Cannot patch relation '${navField}' — foreign key '${fk.localFields[0]}' is null`
 			}]);
@@ -621,12 +614,6 @@ async function viaReplace(targetTable, junctionTable, targets, parentPK, targetP
 	}
 }
 //#endregion
-Object.defineProperty(exports, "DbError", {
-	enumerable: true,
-	get: function() {
-		return DbError;
-	}
-});
 Object.defineProperty(exports, "batchInsertNestedFrom", {
 	enumerable: true,
 	get: function() {

package/dist/ops.d.mts

@@ -1,2 +1,2 @@
-import { a as $remove, c as $upsert, d as getDbFieldOp, f as isDbFieldOp, i as $mul, l as TDbFieldOp, n as $inc, o as $replace, p as separateFieldOps, r as $insert, s as $update, t as $dec, u as TFieldOps } from "./ops-DcHDxrjX.mjs";
+import { a as $remove, c as $upsert, d as getDbFieldOp, f as isDbFieldOp, i as $mul, l as TDbFieldOp, n as $inc, o as $replace, p as separateFieldOps, r as $insert, s as $update, t as $dec, u as TFieldOps } from "./ops-C61kelof.mjs";
 export { $dec, $inc, $insert, $mul, $remove, $replace, $update, $upsert, TDbFieldOp, TFieldOps, getDbFieldOp, isDbFieldOp, separateFieldOps };

package/dist/plugin.cjs

@@ -2,7 +2,7 @@ Object.defineProperties(exports, {
 	__esModule: { value: true },
 	[Symbol.toStringTag]: { value: "Module" }
 });
-const require_validation_utils = require("./validation-utils-BiG3pLP0.cjs");
+const require_validation_utils = require("./validation-utils-B9WJv9aH.cjs");
 let _atscript_core = require("@atscript/core");
 //#region src/plugin/annotations/agg.ts
 const dbAggAnnotations = { agg: {
@@ -155,7 +155,9 @@ const dbColumnAnnotations = {
 			validate(token, _args, doc) {
 				return require_validation_utils.validateFieldBaseType(token, doc, "@db.column.measure", ["number", "decimal"]);
 			}
-		})
+		}),
+		filterable: columnCapability("filterable", "filtering"),
+		sortable: columnCapability("sortable", "sorting")
 	},
 	default: {
 		$self: new _atscript_core.AnnotationSpec({
@@ -226,6 +228,30 @@ const dbColumnAnnotations = {
 		}
 	})
 };
+function columnCapability(capability, verb) {
+	const example = capability === "filterable" ? "  @db.column.filterable\n  email: string\n" : "  @db.column.sortable\n  createdAt: number.timestamp\n";
+	return new _atscript_core.AnnotationSpec({
+		description: `Marks a column as ${capability} in the readable controller's query/pages endpoints. Relevant only when the host \`@db.table\` interface opts into strict mode with \`@db.table.${capability} 'manual'\`; otherwise ${verb} is open on all columns (default-open, back-compat).
+
+**Example:**
+\`\`\`atscript
+@db.table "users"
+@db.table.${capability} "manual"\nexport interface User {
+` + example + "}\n```\n",
+		nodeType: ["prop"],
+		multiple: false,
+		validate(token, _args, _doc) {
+			const errors = [];
+			const owner = require_validation_utils.getDbTableOwner(token);
+			if (!owner || owner.countAnnotations("db.table") === 0) errors.push({
+				message: `@db.column.${capability} is only valid on fields of a @db.table interface`,
+				severity: 1,
+				range: token.range
+			});
+			return errors;
+		}
+	});
+}
 //#endregion
 //#region src/plugin/annotations/index-ann.ts
 const dbIndexAnnotations = { index: {
@@ -281,7 +307,7 @@ const dbIndexAnnotations = { index: {
 //#region src/plugin/annotations/rel.ts
 const dbRelAnnotations = { rel: {
 	FK: new _atscript_core.AnnotationSpec({
-		description: "Declares a foreign key constraint on this field. The field must use a chain reference type (e.g., `User.id`) to specify the FK target.\n\n**Example:**\n```atscript\n@db.rel.FK\nauthorId: User.id\n\n// With alias (required when multiple FKs point to the same type)\n@db.rel.FK \"author\"\nauthorId: User.id\n```\n",
+		description: "Declares a foreign key reference on this field. The field must use a chain reference type (e.g., `User.id`) whose target is a primary key (`@meta.id`) or unique (`@db.index.unique`) field.\n\n**Dual role:**\n- On a `@db.table` interface, `@db.rel.FK` additionally drives DB-relation semantics —   relation loading with `@db.rel.to` / `@db.rel.from`, junction pairing with `@db.rel.via`, etc.\n- On any other interface (value-help sources, WF forms, plain interfaces), `@db.rel.FK`   acts purely as the value-help indicator: the client-side picker resolver uses it to   decide which fields render a value-help picker. The target's `@db.http.path` (stamped   by its readable controller) supplies the picker URL.\n\n**Example:**\n```atscript\n@db.rel.FK\nauthorId: User.id\n\n// With alias (required when multiple FKs point to the same type)\n@db.rel.FK \"author\"\nauthorId: User.id\n```\n",
 		nodeType: ["prop"],
 		argument: {
 			optional: true,
@@ -293,12 +319,6 @@ const dbRelAnnotations = { rel: {
 			const errors = [];
 			const field = token.parentNode;
 			const alias = args[0]?.text;
-			const owner = require_validation_utils.getDbTableOwner(token);
-			if (!owner || owner.countAnnotations("db.table") === 0) errors.push({
-				message: "@db.rel.FK is only valid on fields of a @db.table interface",
-				severity: 1,
-				range: token.range
-			});
 			if (field.countAnnotations("db.rel.to") > 0 || field.countAnnotations("db.rel.from") > 0) errors.push({
 				message: "A field cannot be both a foreign key and a navigational property",
 				severity: 1,
@@ -705,6 +725,8 @@ const dbSearchAnnotations = { search: {
 //#region src/plugin/annotations/table.ts
 const dbTableAnnotations = {
 	table: {
+		filterable: tableCapability("filterable"),
+		sortable: tableCapability("sortable"),
 		$self: new _atscript_core.AnnotationSpec({
 			description: "Marks an interface as a database-persisted entity (table in SQL, collection in MongoDB). If the name argument is omitted, the adapter derives the table name from the interface name.\n\n**Example:**\n```atscript\n@db.table \"users\"\nexport interface User { ... }\n```\n",
 			nodeType: ["interface"],
@@ -771,8 +793,75 @@ const dbTableAnnotations = {
 			description: "Sync method: \"drop\" (lossy) or \"recreate\" (lossless with data copy).",
 			values: ["drop", "recreate"]
 		}
+	}) },
+	depth: { limit: new _atscript_core.AnnotationSpec({
+		description: "Security guard on nested-write payloads. `N` is a non-negative integer declaring the maximum depth a client may nest `@db.rel.from` children in insert, replace, or patch payloads. Writes deeper than `N` are rejected at the server boundary with HTTP 400 before any DB access.\n\n**Default when absent:** `0` — any nested-write payload is rejected. Authors opt in explicitly to `N >= 1` when they want the server to accept deep writes. This is a security / blast-radius control, not a performance knob.\n\n**Scope:** affects only write acceptance. Has no effect on `/meta` serialization, read/query paths, or wire shape — the meta endpoint always ships FK refs as the shallow `{ id, metadata }` shape regardless of this annotation.\n\n**Example:**\n```atscript\n@db.table \"authors\"\n@db.depth.limit 2\nexport interface Author { ... }\n```\n",
+		nodeType: ["interface"],
+		multiple: false,
+		argument: {
+			name: "depth",
+			type: "number",
+			description: "Non-negative integer: maximum nesting depth accepted for nested writes."
+		},
+		validate(token, args, _doc) {
+			const errors = [];
+			const owner = token.parentNode;
+			if (owner.countAnnotations("db.table") === 0) errors.push({
+				message: "@db.depth.limit is only valid on @db.table interfaces",
+				severity: 1,
+				range: token.range
+			});
+			if (owner.countAnnotations("db.depth.limit") > 1) errors.push({
+				message: "Multiple @db.depth.limit annotations on the same interface",
+				severity: 1,
+				range: token.range
+			});
+			const raw = args[0]?.text;
+			if (raw !== void 0) {
+				const num = Number(raw);
+				if (!Number.isFinite(num) || !Number.isInteger(num) || num < 0) errors.push({
+					message: `@db.depth.limit depth must be a non-negative integer, got '${raw}'`,
+					severity: 1,
+					range: args[0].range
+				});
+			}
+			return errors;
+		}
 	}) }
 };
+function tableCapability(capability) {
+	const example = capability === "filterable" ? "  @db.column.filterable\n  email: string\n  // other fields not filterable via the controller\n" : "  @db.column.sortable\n  createdAt: number.timestamp\n  // other fields not sortable via the controller\n";
+	const verb = capability === "filterable" ? "filter" : "sort";
+	return new _atscript_core.AnnotationSpec({
+		description: `Controls ${verb}-gating on the readable controller's \`/query\` and \`/pages\` endpoints.\n\n- **\`'auto'\`** (default when the annotation is absent) — every column is ${capability}.\n- **\`'manual'\`** — only fields annotated \`@db.column.${capability}\` are ${capability};   all others are rejected with HTTP 400.
+
+Writing the annotation explicitly as \`@db.table.${capability} 'auto'\` has the same runtime effect as omitting it; use it to document intent.
+
+**Example:**
+\`\`\`atscript
+@db.table "users"
+@db.table.${capability} "manual"\nexport interface User {
+` + example + "}\n```\n",
+		nodeType: ["interface"],
+		multiple: false,
+		argument: {
+			optional: true,
+			name: "mode",
+			type: "string",
+			description: `${verb[0].toUpperCase()}${verb.slice(1)}-gating mode: 'auto' (default) or 'manual'.`,
+			values: ["auto", "manual"]
+		},
+		validate(token, _args, _doc) {
+			const errors = [];
+			if (token.parentNode.countAnnotations("db.table") === 0) errors.push({
+				message: `@db.table.${capability} requires @db.table on the same interface`,
+				severity: 1,
+				range: token.range
+			});
+			return errors;
+		}
+	});
+}
 //#endregion
 //#region src/plugin/annotations/view.ts
 const dbViewAnnotations = { view: {
@@ -964,6 +1053,7 @@ const dbPlugin = () => ({
 				ignore: dbColumnAnnotations.ignore,
 				http: dbTableAnnotations.http,
 				sync: dbTableAnnotations.sync,
+				depth: dbTableAnnotations.depth,
 				rel: dbRelAnnotations.rel,
 				view: dbViewAnnotations.view,
 				agg: dbAggAnnotations.agg,

package/dist/plugin.mjs

@@ -1,4 +1,4 @@
-import { a as getAnnotationAlias, c as getParentStruct, d as validateFieldBaseType, i as validateRefArgument, l as getParentTypeName, n as hasAnyViewAnnotation, o as getDbTableOwner, r as validateQueryScope, s as getNavTargetTypeName, t as findFKFieldsPointingTo, u as refActionAnnotation } from "./validation-utils-aNrgK-cj.mjs";
+import { a as getAnnotationAlias, c as getParentStruct, d as validateFieldBaseType, i as validateRefArgument, l as getParentTypeName, n as hasAnyViewAnnotation, o as getDbTableOwner, r as validateQueryScope, s as getNavTargetTypeName, t as findFKFieldsPointingTo, u as refActionAnnotation } from "./validation-utils-Bh7RVrVl.mjs";
 import { AnnotationSpec, isArray, isInterface, isPrimitive, isRef, isStructure } from "@atscript/core";
 //#region src/plugin/annotations/agg.ts
 const dbAggAnnotations = { agg: {
@@ -151,7 +151,9 @@ const dbColumnAnnotations = {
 			validate(token, _args, doc) {
 				return validateFieldBaseType(token, doc, "@db.column.measure", ["number", "decimal"]);
 			}
-		})
+		}),
+		filterable: columnCapability("filterable", "filtering"),
+		sortable: columnCapability("sortable", "sorting")
 	},
 	default: {
 		$self: new AnnotationSpec({
@@ -222,6 +224,30 @@ const dbColumnAnnotations = {
 		}
 	})
 };
+function columnCapability(capability, verb) {
+	const example = capability === "filterable" ? "  @db.column.filterable\n  email: string\n" : "  @db.column.sortable\n  createdAt: number.timestamp\n";
+	return new AnnotationSpec({
+		description: `Marks a column as ${capability} in the readable controller's query/pages endpoints. Relevant only when the host \`@db.table\` interface opts into strict mode with \`@db.table.${capability} 'manual'\`; otherwise ${verb} is open on all columns (default-open, back-compat).
+
+**Example:**
+\`\`\`atscript
+@db.table "users"
+@db.table.${capability} "manual"\nexport interface User {
+` + example + "}\n```\n",
+		nodeType: ["prop"],
+		multiple: false,
+		validate(token, _args, _doc) {
+			const errors = [];
+			const owner = getDbTableOwner(token);
+			if (!owner || owner.countAnnotations("db.table") === 0) errors.push({
+				message: `@db.column.${capability} is only valid on fields of a @db.table interface`,
+				severity: 1,
+				range: token.range
+			});
+			return errors;
+		}
+	});
+}
 //#endregion
 //#region src/plugin/annotations/index-ann.ts
 const dbIndexAnnotations = { index: {
@@ -277,7 +303,7 @@ const dbIndexAnnotations = { index: {
 //#region src/plugin/annotations/rel.ts
 const dbRelAnnotations = { rel: {
 	FK: new AnnotationSpec({
-		description: "Declares a foreign key constraint on this field. The field must use a chain reference type (e.g., `User.id`) to specify the FK target.\n\n**Example:**\n```atscript\n@db.rel.FK\nauthorId: User.id\n\n// With alias (required when multiple FKs point to the same type)\n@db.rel.FK \"author\"\nauthorId: User.id\n```\n",
+		description: "Declares a foreign key reference on this field. The field must use a chain reference type (e.g., `User.id`) whose target is a primary key (`@meta.id`) or unique (`@db.index.unique`) field.\n\n**Dual role:**\n- On a `@db.table` interface, `@db.rel.FK` additionally drives DB-relation semantics —   relation loading with `@db.rel.to` / `@db.rel.from`, junction pairing with `@db.rel.via`, etc.\n- On any other interface (value-help sources, WF forms, plain interfaces), `@db.rel.FK`   acts purely as the value-help indicator: the client-side picker resolver uses it to   decide which fields render a value-help picker. The target's `@db.http.path` (stamped   by its readable controller) supplies the picker URL.\n\n**Example:**\n```atscript\n@db.rel.FK\nauthorId: User.id\n\n// With alias (required when multiple FKs point to the same type)\n@db.rel.FK \"author\"\nauthorId: User.id\n```\n",
 		nodeType: ["prop"],
 		argument: {
 			optional: true,
@@ -289,12 +315,6 @@ const dbRelAnnotations = { rel: {
 			const errors = [];
 			const field = token.parentNode;
 			const alias = args[0]?.text;
-			const owner = getDbTableOwner(token);
-			if (!owner || owner.countAnnotations("db.table") === 0) errors.push({
-				message: "@db.rel.FK is only valid on fields of a @db.table interface",
-				severity: 1,
-				range: token.range
-			});
 			if (field.countAnnotations("db.rel.to") > 0 || field.countAnnotations("db.rel.from") > 0) errors.push({
 				message: "A field cannot be both a foreign key and a navigational property",
 				severity: 1,
@@ -701,6 +721,8 @@ const dbSearchAnnotations = { search: {
 //#region src/plugin/annotations/table.ts
 const dbTableAnnotations = {
 	table: {
+		filterable: tableCapability("filterable"),
+		sortable: tableCapability("sortable"),
 		$self: new AnnotationSpec({
 			description: "Marks an interface as a database-persisted entity (table in SQL, collection in MongoDB). If the name argument is omitted, the adapter derives the table name from the interface name.\n\n**Example:**\n```atscript\n@db.table \"users\"\nexport interface User { ... }\n```\n",
 			nodeType: ["interface"],
@@ -767,8 +789,75 @@ const dbTableAnnotations = {
 			description: "Sync method: \"drop\" (lossy) or \"recreate\" (lossless with data copy).",
 			values: ["drop", "recreate"]
 		}
+	}) },
+	depth: { limit: new AnnotationSpec({
+		description: "Security guard on nested-write payloads. `N` is a non-negative integer declaring the maximum depth a client may nest `@db.rel.from` children in insert, replace, or patch payloads. Writes deeper than `N` are rejected at the server boundary with HTTP 400 before any DB access.\n\n**Default when absent:** `0` — any nested-write payload is rejected. Authors opt in explicitly to `N >= 1` when they want the server to accept deep writes. This is a security / blast-radius control, not a performance knob.\n\n**Scope:** affects only write acceptance. Has no effect on `/meta` serialization, read/query paths, or wire shape — the meta endpoint always ships FK refs as the shallow `{ id, metadata }` shape regardless of this annotation.\n\n**Example:**\n```atscript\n@db.table \"authors\"\n@db.depth.limit 2\nexport interface Author { ... }\n```\n",
+		nodeType: ["interface"],
+		multiple: false,
+		argument: {
+			name: "depth",
+			type: "number",
+			description: "Non-negative integer: maximum nesting depth accepted for nested writes."
+		},
+		validate(token, args, _doc) {
+			const errors = [];
+			const owner = token.parentNode;
+			if (owner.countAnnotations("db.table") === 0) errors.push({
+				message: "@db.depth.limit is only valid on @db.table interfaces",
+				severity: 1,
+				range: token.range
+			});
+			if (owner.countAnnotations("db.depth.limit") > 1) errors.push({
+				message: "Multiple @db.depth.limit annotations on the same interface",
+				severity: 1,
+				range: token.range
+			});
+			const raw = args[0]?.text;
+			if (raw !== void 0) {
+				const num = Number(raw);
+				if (!Number.isFinite(num) || !Number.isInteger(num) || num < 0) errors.push({
+					message: `@db.depth.limit depth must be a non-negative integer, got '${raw}'`,
+					severity: 1,
+					range: args[0].range
+				});
+			}
+			return errors;
+		}
 	}) }
 };
+function tableCapability(capability) {
+	const example = capability === "filterable" ? "  @db.column.filterable\n  email: string\n  // other fields not filterable via the controller\n" : "  @db.column.sortable\n  createdAt: number.timestamp\n  // other fields not sortable via the controller\n";
+	const verb = capability === "filterable" ? "filter" : "sort";
+	return new AnnotationSpec({
+		description: `Controls ${verb}-gating on the readable controller's \`/query\` and \`/pages\` endpoints.\n\n- **\`'auto'\`** (default when the annotation is absent) — every column is ${capability}.\n- **\`'manual'\`** — only fields annotated \`@db.column.${capability}\` are ${capability};   all others are rejected with HTTP 400.
+
+Writing the annotation explicitly as \`@db.table.${capability} 'auto'\` has the same runtime effect as omitting it; use it to document intent.
+
+**Example:**
+\`\`\`atscript
+@db.table "users"
+@db.table.${capability} "manual"\nexport interface User {
+` + example + "}\n```\n",
+		nodeType: ["interface"],
+		multiple: false,
+		argument: {
+			optional: true,
+			name: "mode",
+			type: "string",
+			description: `${verb[0].toUpperCase()}${verb.slice(1)}-gating mode: 'auto' (default) or 'manual'.`,
+			values: ["auto", "manual"]
+		},
+		validate(token, _args, _doc) {
+			const errors = [];
+			if (token.parentNode.countAnnotations("db.table") === 0) errors.push({
+				message: `@db.table.${capability} requires @db.table on the same interface`,
+				severity: 1,
+				range: token.range
+			});
+			return errors;
+		}
+	});
+}
 //#endregion
 //#region src/plugin/annotations/view.ts
 const dbViewAnnotations = { view: {
@@ -960,6 +1049,7 @@ const dbPlugin = () => ({
 				ignore: dbColumnAnnotations.ignore,
 				http: dbTableAnnotations.http,
 				sync: dbTableAnnotations.sync,
+				depth: dbTableAnnotations.depth,
 				rel: dbRelAnnotations.rel,
 				view: dbViewAnnotations.view,
 				agg: dbAggAnnotations.agg,

package/dist/rel.cjs

@@ -1,7 +1,7 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const require_relation_loader = require("./relation-loader-CRC5LcqM.cjs");
-const require_nested_writer = require("./nested-writer-BIQ6EfaR.cjs");
 const require_relation_helpers = require("./relation-helpers-BYvsE1tR.cjs");
+const require_nested_writer = require("./nested-writer-v_LPR1yJ.cjs");
 exports.batchInsertNestedFrom = require_nested_writer.batchInsertNestedFrom;
 exports.batchInsertNestedTo = require_nested_writer.batchInsertNestedTo;
 exports.batchInsertNestedVia = require_nested_writer.batchInsertNestedVia;

package/dist/rel.d.cts

@@ -1,5 +1,5 @@
-import { A as TDbForeignKey, L as TDbRelation, Q as TTableResolver, et as TWriteTableResolver, l as TGenericLogger, o as BaseDbAdapter, s as TableMetadata } from "./db-readable-ktHqF277.cjs";
-import { t as DbValidationContext } from "./db-validator-plugin-Cz4QoDWg.cjs";
+import { D as TDbForeignKey, P as TDbRelation, Y as TTableResolver, Z as TWriteTableResolver, it as TGenericLogger, nt as TableMetadata, o as BaseDbAdapter } from "./db-readable-DtrC0BGF.cjs";
+import { t as DbValidationContext } from "./db-validator-plugin-DRGMCEn3.cjs";
 import { FilterExpr, WithRelation } from "@uniqu/core";
 import { Validator } from "@atscript/typescript/utils";
 

package/dist/rel.d.mts

@@ -1,5 +1,5 @@
-import { A as TDbForeignKey, L as TDbRelation, Q as TTableResolver, et as TWriteTableResolver, l as TGenericLogger, o as BaseDbAdapter, s as TableMetadata } from "./db-readable-GBjlsJXR.mjs";
-import { t as DbValidationContext } from "./db-validator-plugin-KC4aNIQq.mjs";
+import { D as TDbForeignKey, P as TDbRelation, Y as TTableResolver, Z as TWriteTableResolver, it as TGenericLogger, nt as TableMetadata, o as BaseDbAdapter } from "./db-readable-RTtqL7H4.mjs";
+import { t as DbValidationContext } from "./db-validator-plugin-DDvYyv5t.mjs";
 import { Validator } from "@atscript/typescript/utils";
 import { FilterExpr, WithRelation } from "@uniqu/core";
 

package/dist/rel.mjs

@@ -1,4 +1,4 @@
 import { t as loadRelationsImpl } from "./relation-loader-BEOTXNcq.mjs";
-import { a as batchPatchNestedTo, c as batchReplaceNestedTo, d as preValidateNestedFrom, f as validateBatch, i as batchPatchNestedFrom, l as batchReplaceNestedVia, n as batchInsertNestedTo, o as batchPatchNestedVia, r as batchInsertNestedVia, s as batchReplaceNestedFrom, t as batchInsertNestedFrom, u as checkDepthOverflow } from "./nested-writer-CNDyhg2L.mjs";
 import { n as findRemoteFK, r as resolveRelationTargetTable, t as findFKForRelation } from "./relation-helpers-CLasawQq.mjs";
+import { a as batchPatchNestedTo, c as batchReplaceNestedTo, d as preValidateNestedFrom, f as validateBatch, i as batchPatchNestedFrom, l as batchReplaceNestedVia, n as batchInsertNestedTo, o as batchPatchNestedVia, r as batchInsertNestedVia, s as batchReplaceNestedFrom, t as batchInsertNestedFrom, u as checkDepthOverflow } from "./nested-writer-CT2rLURx.mjs";
 export { batchInsertNestedFrom, batchInsertNestedTo, batchInsertNestedVia, batchPatchNestedFrom, batchPatchNestedTo, batchPatchNestedVia, batchReplaceNestedFrom, batchReplaceNestedTo, batchReplaceNestedVia, checkDepthOverflow, findFKForRelation, findRemoteFK, loadRelationsImpl, preValidateNestedFrom, resolveRelationTargetTable, validateBatch };

package/dist/shared.cjs

@@ -1,5 +1,5 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const require_validation_utils = require("./validation-utils-BiG3pLP0.cjs");
+const require_validation_utils = require("./validation-utils-B9WJv9aH.cjs");
 exports.findFKFieldsPointingTo = require_validation_utils.findFKFieldsPointingTo;
 exports.getAnnotationAlias = require_validation_utils.getAnnotationAlias;
 exports.getDbTableOwner = require_validation_utils.getDbTableOwner;

package/dist/shared.mjs

@@ -1,2 +1,2 @@
-import { a as getAnnotationAlias, c as getParentStruct, d as validateFieldBaseType, i as validateRefArgument, l as getParentTypeName, n as hasAnyViewAnnotation, o as getDbTableOwner, r as validateQueryScope, s as getNavTargetTypeName, t as findFKFieldsPointingTo, u as refActionAnnotation } from "./validation-utils-aNrgK-cj.mjs";
+import { a as getAnnotationAlias, c as getParentStruct, d as validateFieldBaseType, i as validateRefArgument, l as getParentTypeName, n as hasAnyViewAnnotation, o as getDbTableOwner, r as validateQueryScope, s as getNavTargetTypeName, t as findFKFieldsPointingTo, u as refActionAnnotation } from "./validation-utils-Bh7RVrVl.mjs";
 export { findFKFieldsPointingTo, getAnnotationAlias, getDbTableOwner, getNavTargetTypeName, getParentStruct, getParentTypeName, hasAnyViewAnnotation, refActionAnnotation, validateFieldBaseType, validateQueryScope, validateRefArgument };

package/dist/sync.cjs

@@ -1,7 +1,7 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-require("./nested-writer-BIQ6EfaR.cjs");
-const require_db_view = require("./db-view-DjDKgytJ.cjs");
-require("./validator-0iGuvGOD.cjs");
+const require_db_view = require("./db-view-DIGN4079.cjs");
+require("./validator-BIuw_T0k.cjs");
+require("./nested-writer-v_LPR1yJ.cjs");
 //#region src/schema/schema-hash.ts
 /** Extracts sorted field snapshots from a readable's field descriptors. */
 function extractFieldSnapshots(fields, typeMapper) {
@@ -285,7 +285,7 @@ var SyncStore = class {
 	}
 	async ensureControlTable() {
 		if (!this.controlTable) {
-			const { AtscriptControl } = await Promise.resolve().then(() => require("./control-D1QdBO21.cjs"));
+			const { AtscriptControl } = await Promise.resolve().then(() => require("./control-CDnwVj4q.cjs"));
 			this.controlTable = this.space.getTable(AtscriptControl);
 		}
 		await this.controlTable.ensureTable();
@@ -421,7 +421,7 @@ var SyncStore = class {
 	}
 };
 async function readStoredSnapshot(space, tableName, _asView) {
-	const { AtscriptControl } = await Promise.resolve().then(() => require("./control-D1QdBO21.cjs"));
+	const { AtscriptControl } = await Promise.resolve().then(() => require("./control-CDnwVj4q.cjs"));
 	const table = space.getTable(AtscriptControl);
 	await table.ensureTable();
 	const value = (await table.findOne({

package/dist/sync.d.cts

@@ -1,5 +1,5 @@
-import { A as TDbForeignKey, B as TExistingColumn, D as TDbDefaultValue, R as TDbStorageType, V as TExistingTableOption, Z as TTableOptionDiff, k as TDbFieldMeta, l as TGenericLogger, t as AtscriptDbReadable, w as TColumnDiff } from "./db-readable-ktHqF277.cjs";
-import { r as AtscriptDbView, t as DbSpace } from "./db-space-DB0MT6B3.cjs";
+import { D as TDbForeignKey, E as TDbFieldMeta, F as TDbStorageType, J as TTableOptionDiff, L as TExistingColumn, R as TExistingTableOption, it as TGenericLogger, t as AtscriptDbReadable, w as TDbDefaultValue, x as TColumnDiff } from "./db-readable-DtrC0BGF.cjs";
+import { r as AtscriptDbView, t as DbSpace } from "./db-space-BqVLHVq7.cjs";
 import { TAtscriptAnnotatedType } from "@atscript/typescript/utils";
 
 //#region src/schema/sync-entry.d.ts

package/dist/sync.d.mts

@@ -1,5 +1,5 @@
-import { A as TDbForeignKey, B as TExistingColumn, D as TDbDefaultValue, R as TDbStorageType, V as TExistingTableOption, Z as TTableOptionDiff, k as TDbFieldMeta, l as TGenericLogger, t as AtscriptDbReadable, w as TColumnDiff } from "./db-readable-GBjlsJXR.mjs";
-import { r as AtscriptDbView, t as DbSpace } from "./db-space-DpaXOdRp.mjs";
+import { D as TDbForeignKey, E as TDbFieldMeta, F as TDbStorageType, J as TTableOptionDiff, L as TExistingColumn, R as TExistingTableOption, it as TGenericLogger, t as AtscriptDbReadable, w as TDbDefaultValue, x as TColumnDiff } from "./db-readable-RTtqL7H4.mjs";
+import { r as AtscriptDbView, t as DbSpace } from "./db-space-D3QSKx2B.mjs";
 import { TAtscriptAnnotatedType } from "@atscript/typescript/utils";
 
 //#region src/schema/sync-entry.d.ts

package/dist/sync.mjs

@@ -1,6 +1,6 @@
-import "./nested-writer-CNDyhg2L.mjs";
-import { h as NoopLogger } from "./db-view-B1j_IKSf.mjs";
-import "./validator-D_7Fqzs4.mjs";
+import { h as NoopLogger } from "./db-view-DNwX6_4x.mjs";
+import "./validator-BB5h1Le3.mjs";
+import "./nested-writer-CT2rLURx.mjs";
 //#region src/schema/schema-hash.ts
 /** Extracts sorted field snapshots from a readable's field descriptors. */
 function extractFieldSnapshots(fields, typeMapper) {
@@ -284,7 +284,7 @@ var SyncStore = class {
 	}
 	async ensureControlTable() {
 		if (!this.controlTable) {
-			const { AtscriptControl } = await import("./control-DBd_ff5-.mjs");
+			const { AtscriptControl } = await import("./control-ExEKWYBE.mjs");
 			this.controlTable = this.space.getTable(AtscriptControl);
 		}
 		await this.controlTable.ensureTable();
@@ -420,7 +420,7 @@ var SyncStore = class {
 	}
 };
 async function readStoredSnapshot(space, tableName, _asView) {
-	const { AtscriptControl } = await import("./control-DBd_ff5-.mjs");
+	const { AtscriptControl } = await import("./control-ExEKWYBE.mjs");
 	const table = space.getTable(AtscriptControl);
 	await table.ensureTable();
 	const value = (await table.findOne({

package/dist/{validator-D_7Fqzs4.mjs → validator-BB5h1Le3.mjs}

@@ -1,3 +1,4 @@
+import { n as DepthLimitExceededError } from "./db-error-Cepx-RsQ.mjs";
 import { isDbFieldOp } from "./ops.mjs";
 import { flattenAnnotatedType } from "@atscript/typescript/utils";
 //#region src/patch/patch-types.ts
@@ -124,6 +125,11 @@ function handleNavField(ctx, def, value, dbCtx, isTo, isFrom, isVia) {
 		return false;
 	}
 	if (value === void 0) return true;
+	if (isFrom && dbCtx.depthCheck) {
+		const { limit, fromDepthMap } = dbCtx.depthCheck;
+		const depth = fromDepthMap.get(stripNumericSegments(ctx.path));
+		if (depth !== void 0 && depth > limit) throw new DepthLimitExceededError(dotPathToBracket(ctx.path), limit, depth);
+	}
 	if (dbCtx.mode === "patch") {
 		if (isFrom || isVia) {
 			if (isPatchOperatorObject(value)) return validateNavPatchOps(ctx, def, value, fieldName);
@@ -233,6 +239,42 @@ function validatePartialItems(ctx, arrayDef, items, op, isMerge) {
 	}
 	return true;
 }
+/**
+* Returns `true` when every char in `[start, end)` is an ASCII digit.
+* Matches segments that represent array indices in dot-notation paths.
+*/
+function isNumericSegment(path, start, end) {
+	if (start >= end) return false;
+	for (let i = start; i < end; i++) {
+		const c = path.charCodeAt(i);
+		if (c < 48 || c > 57) return false;
+	}
+	return true;
+}
+/**
+* Strips numeric (array-index) segments from a dot-notation path.
+* `"children.0.grandchildren.10.foo"` → `"children.grandchildren.foo"`.
+*/
+function stripNumericSegments(path) {
+	if (!path) return path;
+	let out = "";
+	let segStart = 0;
+	for (let i = 0; i <= path.length; i++) if (i === path.length || path.charCodeAt(i) === 46) {
+		if (!isNumericSegment(path, segStart, i)) {
+			if (out) out += ".";
+			out += path.slice(segStart, i);
+		}
+		segStart = i + 1;
+	}
+	return out;
+}
+/**
+* Converts dot-notation array-index paths to bracket notation:
+* `"children.0.grandchildren.1.foo"` → `"children[0].grandchildren[1].foo"`.
+*/
+function dotPathToBracket(path) {
+	return path.replace(/\.(\d+)/g, "[$1]");
+}
 //#endregion
 //#region src/validator.ts
 /** Singleton db validator plugin — stateless, safe to share across all validators. */