@edium/halifax 1.0.0 → 2.0.0

package/dist/adapters/orm/prisma/PrismaAdapter.js

@@ -1,6 +1,7 @@
-import { QueryBuilder } from '../../../classes/QueryBuilder.js';
 import { NotImplementedError } from '../../../errors/NotImplementedError.js';
+import { NotFoundError } from '../../../errors/NotFoundError.js';
 import { ServerError } from '../../../errors/ServerError.js';
+import { astToPrismaWhere, astToPrismaOrderBy } from './astToPrisma.js';
 /** Returns true for Prisma's P2025 "record not found" error. */
 function isNotFoundError(error) {
     return (typeof error === 'object' &&
@@ -10,50 +11,129 @@ function isNotFoundError(error) {
 }
 import { toSelect, toInclude, toOrderBy } from './helpers.js';
 /**
- * PrismaAdapter is a generic repository implementation that uses Prisma delegates to perform database operations.
- * It supports basic CRUD operations and can be extended to support more complex queries.
- * The adapter can optionally use a Prisma client for executing raw SQL queries when needed.
- * It also extracts field and relation definitions from a provided Prisma model schema to enhance query capabilities.
+ * PrismaAdapter is a generic repository implementation that uses Prisma delegates to perform
+ * database operations. It handles CRUD plus the query-builder/bulk paths by compiling the
+ * query AST to portable Prisma Client calls (no raw SQL), so it works on every Prisma
+ * provider. It also extracts field and relation definitions from a provided model schema.
  */
 export class PrismaAdapter {
-    /** Private properties to hold the Prisma delegate, client, and configuration options. */
+    /** Private properties to hold the Prisma delegate and configuration options. */
     delegate;
-    /**  Optional Prisma client for executing raw SQL queries, required for certain operations like updateMany and deleteMany. */
-    client;
     /** The field name used for the primary key in the model. */
     idField;
-    /** The name of the database table associated with the model. */
-    tableName;
     /** A flag indicating whether to return created records. */
     returnCreated;
+    /** The original construction options, used to build request-scoped clones. */
+    options;
+    /** Tenant constraint bound to this instance, or `undefined` for unscoped access. */
+    scope;
     /** A set of capabilities that the repository supports. */
     capabilities;
-    /** An array of field definitions for the model. */
+    /** An array of field definitions for the model (present when built with a `model`). */
     fields;
-    /** An array of relation definitions for the model. */
+    /** An array of relation definitions for the model (present when built with a `model`). */
     relations;
     /**
      * Constructs a new instance of PrismaAdapter with the provided options.
-     * @param options - An object containing the Prisma delegate, optional client, and configuration settings for the adapter.
+     * @param options - The Prisma delegate plus optional id field, return-created flag, and model schema.
      */
     constructor(options) {
+        this.options = options;
         this.delegate = options.delegate;
-        this.client = options.client;
         this.idField = options.idField ?? 'id';
-        this.tableName = options.tableName;
         this.returnCreated = options.returnCreated ?? false;
+        this.scope = options.scope;
         this.capabilities = {
-            supportsNativeSql: !!options.client,
             supportsIncludes: true,
-            supportsTransactions: false,
-            supportsCreateManyReturn: this.returnCreated,
-            supportsNoSqlQueryAst: false
+            supportsCreateManyReturn: this.returnCreated
         };
         if (options.model) {
             this.fields = PrismaAdapter.fieldsFromModel(options.model);
             this.relations = PrismaAdapter.relationsFromModel(options.model);
         }
     }
+    /**
+     * Returns a request-scoped clone of this adapter bound to `scope`. Every read is
+     * filtered by the scope, every write is stamped with it, and every bulk/SQL operation
+     * has the scope AND-ed into its WHERE clause. The original instance is never mutated.
+     * @param scope - The resolved tenant constraint for the current request.
+     * @returns A new {@link PrismaAdapter} that enforces `scope` on all operations.
+     */
+    withScope(scope) {
+        return new PrismaAdapter({ ...this.options, scope });
+    }
+    /**
+     * Merges the bound tenant constraint into a Prisma `where` object. The scope is spread
+     * last so it always wins over any caller-supplied value for the same key.
+     * @param where - The caller-derived where clause (may be undefined).
+     * @returns A where object with the tenant constraint applied, or `where` when unscoped.
+     */
+    scopedWhere(where) {
+        if (!this.scope)
+            return where;
+        return { ...(where ?? {}), [this.scope.field]: this.scope.value };
+    }
+    /**
+     * Removes the tenant field from a write payload so callers can never reassign a row
+     * to another tenant via create/update/upsert bodies. No-op when unscoped.
+     * @param data - The write payload to sanitise.
+     * @returns A copy of `data` without the tenant field, or `data` when unscoped.
+     */
+    stripTenant(data) {
+        if (!this.scope)
+            return data;
+        if (data === null || typeof data !== 'object')
+            return data;
+        const copy = { ...data };
+        delete copy[this.scope.field];
+        return copy;
+    }
+    /**
+     * Stamps the bound tenant value onto a create payload, overriding any caller-supplied
+     * value for the tenant field. No-op when unscoped.
+     * @param data - The create payload.
+     * @returns A copy of `data` with the tenant field forced to the scope value.
+     */
+    stampTenant(data) {
+        if (!this.scope)
+            return data;
+        return { ...data, [this.scope.field]: this.scope.value };
+    }
+    /**
+     * AND-s the bound tenant constraint into a query-builder WHERE clause. The caller's filters
+     * are nested as a child group beneath the tenant condition, so a caller-supplied `OR` can
+     * never break out of the tenant boundary once the AST is compiled to a Prisma `where`.
+     * @param where - The caller-supplied filter list (may be undefined/empty).
+     * @returns A new filter list with the tenant condition enforced, or `where` when unscoped.
+     */
+    scopedFilters(where) {
+        if (!this.scope)
+            return where;
+        const tenantNode = {
+            field: this.scope.field,
+            comparison: '=',
+            value1: this.scope.value
+        };
+        if (where?.length) {
+            tenantNode.operator = 'AND';
+            tenantNode.children = where;
+        }
+        return [tenantNode];
+    }
+    /**
+     * Resolves a query-builder AST for the tenant-scoped paths: applies the tenant constraint
+     * via {@link PrismaAdapter.scopedFilters}. The `where` key is only set when defined (to
+     * satisfy `exactOptionalPropertyTypes`).
+     * @param query - The incoming query AST.
+     * @returns A new AST with the tenant scope applied.
+     */
+    resolveScopedQuery(query) {
+        const resolved = { ...query };
+        const where = this.scopedFilters(query.where);
+        if (where)
+            resolved.where = where;
+        return resolved;
+    }
     /**
      * Extracts field definitions from a Prisma model schema.
      * @param model - The Prisma model schema.
@@ -89,11 +169,20 @@ export class PrismaAdapter {
     async getOne(id, options) {
         const select = toSelect(options?.fields);
         const include = toInclude(options?.include);
-        const args = { where: { [this.idField]: id } };
+        const args = { where: this.scopedWhere({ [this.idField]: id }) };
         if (select)
             args.select = select;
         else if (include)
             args.include = include;
+        // When scoped, the WHERE carries a non-unique tenant predicate, so we must use
+        // findFirst (findUnique only accepts unique fields). This is what enforces that a
+        // row outside the caller's tenant reads back as "not found".
+        if (this.scope) {
+            if (this.delegate.findFirst) {
+                return (await this.delegate.findFirst(args));
+            }
+            throw new ServerError('Prisma delegate does not support findFirst (required for tenant scoping).');
+        }
         if (this.delegate.findUnique) {
             return (await this.delegate.findUnique(args));
         }
@@ -111,8 +200,9 @@ export class PrismaAdapter {
     async getMany(options = {}) {
         const select = toSelect(options.fields);
         const include = toInclude(options.include);
+        const where = this.scopedWhere(options.where);
         const args = {
-            where: options.where,
+            where,
             orderBy: toOrderBy(options.orderBy),
             skip: options.offset,
             take: options.limit
@@ -122,7 +212,7 @@ export class PrismaAdapter {
         else if (include)
             args.include = include;
         const [count, results] = await Promise.all([
-            this.delegate.count({ where: options.where }),
+            this.delegate.count({ where }),
             this.delegate.findMany(args)
         ]);
         return { count, results: results };
@@ -134,7 +224,7 @@ export class PrismaAdapter {
      * @throws ServerError if the Prisma delegate does not support the create method.
      */
     async createOne(data) {
-        return (await this.delegate.create({ data }));
+        return (await this.delegate.create({ data: this.stampTenant(data) }));
     }
     /**
      * Creates multiple records in the database using the provided array of data objects.
@@ -147,7 +237,7 @@ export class PrismaAdapter {
         if (!this.delegate.createMany || this.returnCreated) {
             return await Promise.all(data.map((item) => this.createOne(item)));
         }
-        await this.delegate.createMany({ data });
+        await this.delegate.createMany({ data: data.map((item) => this.stampTenant(item)) });
         return [];
     }
     /**
@@ -158,6 +248,20 @@ export class PrismaAdapter {
      * @throws ServerError if the Prisma delegate does not support the update method.
      */
     async updateOne(id, data) {
+        // When scoped, confirm the row belongs to the caller's tenant before touching it,
+        // and strip the tenant field from the payload so the row can't be moved tenants.
+        if (this.scope) {
+            if (!this.delegate.findFirst) {
+                throw new ServerError('Prisma delegate does not support findFirst (required for tenant scoping).');
+            }
+            const owned = await this.delegate.findFirst({
+                where: this.scopedWhere({ [this.idField]: id }),
+                select: { [this.idField]: true }
+            });
+            if (!owned)
+                return null;
+            data = this.stripTenant(data);
+        }
         try {
             return (await this.delegate.update({ where: { [this.idField]: id }, data }));
         }
@@ -168,29 +272,31 @@ export class PrismaAdapter {
         }
     }
     /**
-     * Updates multiple records that match the provided query options with the given data.
-     * This method requires a Prisma client for executing raw SQL queries, as Prisma does not
-     * natively support bulk updates with return values. It first selects the IDs of the records
-     * to be updated based on the query options, then executes an update query, and finally returns
-     * the IDs of the updated records.
+     * Updates every record matching the query and returns the IDs of the affected rows.
      *
-     * **Note:** The SELECT and UPDATE are issued as two separate queries without a transaction.
-     * Under concurrent writes, rows inserted or deleted between the two queries may cause the
-     * returned `updated` IDs to differ from the rows actually modified.
+     * The query AST is compiled to a portable Prisma `where` (no raw SQL), so this works on
+     * every Prisma provider. Because Prisma's `updateMany` only returns a count, the matching
+     * IDs are selected first and then the bulk update is applied.
      *
-     * @param query - An object containing query options to filter the records that should be updated, such as where conditions, sorting, and pagination.
-     * @param data - An object containing the data to update the matching records with.
-     * @returns A promise that resolves to an object containing an array of the IDs of the updated records.
-     * @throws NotImplementedError if the Prisma client or tableName is not provided, as they are required for executing raw SQL queries.
-     * @throws ServerError if the Prisma client does not support the required methods for executing raw SQL queries.
+     * **Note:** the SELECT and UPDATE are two separate statements without a transaction; under
+     * concurrent writes the returned `updated` IDs may differ from the rows actually modified.
+     *
+     * @param query - Query AST describing which rows to update (filtered, tenant-scoped).
+     * @param data - Fields to apply to all matching rows (the tenant field is stripped).
+     * @returns The IDs of the updated rows.
+     * @throws NotImplementedError when the delegate does not support `updateMany`.
      */
     async updateMany(query, data) {
-        if (!this.client?.$queryRawUnsafe || !this.tableName) {
-            throw new NotImplementedError('Native SQL updateMany requires a Prisma client and tableName.');
+        if (!this.delegate.updateMany) {
+            throw new NotImplementedError('This repository does not support updateMany.');
         }
-        const updateQuery = QueryBuilder.buildUpdateQuery({ ...query, tableName: query.tableName || this.tableName }, data, [this.idField], this.idField);
-        const updated = await this.client.$queryRawUnsafe(updateQuery.statement, ...updateQuery.parameters);
-        return { updated: updated.map((item) => item[this.idField]) };
+        const where = astToPrismaWhere(this.resolveScopedQuery(query).where);
+        const rows = (await this.delegate.findMany({
+            where,
+            select: { [this.idField]: true }
+        }));
+        await this.delegate.updateMany({ where, data: this.stripTenant(data) });
+        return { updated: rows.map((item) => item[this.idField]) };
     }
     /**
      * Upserts a single record identified by its ID with the provided data. If the record does not exist, it creates a new one.
@@ -205,6 +311,25 @@ export class PrismaAdapter {
         if (!this.delegate.upsert) {
             throw new NotImplementedError('Prisma delegate does not support upsert.');
         }
+        // When scoped, an upsert keyed on a unique id could otherwise overwrite a row owned
+        // by another tenant. Reject that case (hidden as "not found"), stamp the tenant on
+        // create, and forbid reassigning the tenant on update.
+        if (this.scope) {
+            if (!this.delegate.findFirst) {
+                throw new ServerError('Prisma delegate does not support findFirst (required for tenant scoping).');
+            }
+            const existing = (await this.delegate.findFirst({
+                where: { [this.idField]: id }
+            }));
+            if (existing && existing[this.scope.field] !== this.scope.value) {
+                throw new NotFoundError();
+            }
+            return (await this.delegate.upsert({
+                where: { [this.idField]: id },
+                create: this.stampTenant(data),
+                update: this.stripTenant(data)
+            }));
+        }
         return (await this.delegate.upsert({
             where: { [this.idField]: id },
             create: data,
@@ -220,6 +345,26 @@ export class PrismaAdapter {
      * @throws ServerError if the Prisma delegate does not support the required methods for deleting records.
      */
     async deleteOne(id) {
+        // When scoped, delete through deleteMany with the tenant predicate so the ownership
+        // check and the delete are a single atomic statement (no TOCTOU window). A row in
+        // another tenant simply matches nothing and reports as "not found".
+        if (this.scope) {
+            if (this.delegate.deleteMany) {
+                const result = await this.delegate.deleteMany({
+                    where: this.scopedWhere({ [this.idField]: id })
+                });
+                return (result?.count ?? 0) > 0;
+            }
+            if (!this.delegate.findFirst) {
+                throw new ServerError('Prisma delegate does not support deleteMany or findFirst (required for tenant scoping).');
+            }
+            const owned = await this.delegate.findFirst({
+                where: this.scopedWhere({ [this.idField]: id }),
+                select: { [this.idField]: true }
+            });
+            if (!owned)
+                return false;
+        }
         try {
             await this.delegate.delete({ where: { [this.idField]: id } });
             return true;
@@ -238,40 +383,57 @@ export class PrismaAdapter {
      * Under concurrent writes, rows inserted or deleted between the two queries may cause the
      * returned `deleted` IDs to differ from the rows actually removed.
      *
-     * @param query - An object containing query options to filter the records that should be deleted, such as where conditions, sorting, and pagination.
-     * @returns A promise that resolves to an object containing an array of the IDs of the deleted records.
-     * @throws NotImplementedError if the Prisma client or tableName is not provided, as they are required for executing raw SQL queries.
-     * @throws ServerError if the Prisma client does not support the required methods for executing raw SQL queries.
+     * @param query - Query AST describing which rows to delete (filtered, tenant-scoped).
+     * @returns The IDs of the deleted rows.
+     * @throws NotImplementedError when the delegate does not support `deleteMany`.
      */
     async deleteMany(query) {
-        if (!this.client?.$queryRawUnsafe || !this.tableName) {
-            throw new NotImplementedError('Native SQL deleteMany requires a Prisma client and tableName.');
+        if (!this.delegate.deleteMany) {
+            throw new NotImplementedError('This repository does not support deleteMany.');
         }
-        const resolvedQuery = { ...query, tableName: query.tableName || this.tableName };
-        const deleteQuery = QueryBuilder.buildDeleteQuery(resolvedQuery, [this.idField]);
-        const deleted = await this.client.$queryRawUnsafe(deleteQuery.statement, ...deleteQuery.parameters);
-        return { deleted: deleted.map((item) => item[this.idField]) };
+        const where = astToPrismaWhere(this.resolveScopedQuery(query).where);
+        const rows = (await this.delegate.findMany({
+            where,
+            select: { [this.idField]: true }
+        }));
+        await this.delegate.deleteMany({ where });
+        return { deleted: rows.map((item) => item[this.idField]) };
     }
     /**
-     * Executes a query built using the QueryBuilder, which allows for complex filtering, sorting, pagination, and field selection. This method requires a Prisma client for executing raw SQL queries, as it relies on the QueryBuilder to generate SQL statements. It first builds a count query to get the total number of matching records and then builds a select query to retrieve the actual records based on the provided query options.
-     * @param query - An object containing query options such as filtering conditions, sorting, pagination, and field selection, which will be used to build the SQL queries.
-     * @returns A promise that resolves to an object containing the total count of matching records and an array of the retrieved records.
-     * @throws NotImplementedError if the Prisma client or tableName is not provided, as they are required for executing raw SQL queries.
-     * @throws ServerError if the Prisma client does not support the required methods for executing raw SQL queries.
+     * Executes a query-builder AST as a portable Prisma query: the WHERE tree is compiled to a
+     * Prisma `where`, and field projection, ordering, pagination, and `distinct` are mapped to
+     * `findMany` arguments. No raw SQL is generated, so the same query runs identically on every
+     * Prisma provider (PostgreSQL, MySQL, SQLite, SQL Server, CockroachDB, MongoDB).
+     *
+     * Validation (field/comparison/depth checks → 4xx) happens in the router *before* this
+     * method, so malformed queries never reach Prisma.
+     *
+     * **Note:** the COUNT and SELECT are two separate statements without a transaction; under
+     * concurrent writes the returned `count` may differ from the number of rows in `results`.
+     *
+     * @param query - The validated query AST (filters, sort, pagination, projection, distinct).
+     * @returns A count-and-results envelope for the matching rows.
      */
-    async executeQueryBuilder(query) {
-        if (!this.client?.$queryRawUnsafe || !this.tableName) {
-            throw new NotImplementedError('Native SQL query-builder requires a Prisma client and tableName.');
-        }
-        const resolvedQuery = { ...query, tableName: query.tableName || this.tableName };
-        const countQuery = QueryBuilder.buildCountQuery(resolvedQuery);
-        const selectQuery = QueryBuilder.buildSelectQuery(resolvedQuery);
-        const countRows = await this.client.$queryRawUnsafe(countQuery.statement, ...countQuery.parameters);
-        const results = await this.client.$queryRawUnsafe(selectQuery.statement, ...selectQuery.parameters);
-        return {
-            count: Number(countRows[0]?.count ?? 0),
-            results
-        };
+    async executeQuery(query) {
+        const resolved = this.resolveScopedQuery(query);
+        const where = astToPrismaWhere(resolved.where);
+        const args = { where };
+        const select = toSelect(resolved.fields);
+        if (select)
+            args.select = select;
+        const orderBy = astToPrismaOrderBy(resolved.orderBy);
+        if (orderBy)
+            args.orderBy = orderBy;
+        if (resolved.limit !== undefined)
+            args.take = resolved.limit;
+        if (resolved.offset !== undefined)
+            args.skip = resolved.offset;
+        if (resolved.distinct?.length)
+            args.distinct = resolved.distinct;
+        const [count, results] = await Promise.all([
+            this.delegate.count({ where }),
+            this.delegate.findMany(args)
+        ]);
+        return { count, results: results };
     }
 }
-//# sourceMappingURL=PrismaAdapter.js.map

package/dist/adapters/orm/prisma/astToPrisma.d.ts

@@ -0,0 +1,26 @@
+import type { IQueryFilter } from '../../../interfaces/IQueryFilter.js';
+import type { ISort } from '../../../interfaces/ISort.js';
+/** A Prisma `where` fragment — an arbitrary nested object of field conditions and AND/OR/NOT groups. */
+export type PrismaWhere = Record<string, unknown>;
+/**
+ * Translates a validated query-builder WHERE tree ({@link IQueryFilter}[]) into a Prisma
+ * `where` object.
+ *
+ * Logical precedence matches SQL: each filter's `operator` joins it to the *next* sibling,
+ * `AND` binds tighter than `OR`, so the list is split into OR-separated groups of AND-runs.
+ * A single condition is returned bare; an all-AND list as `{ AND: [...] }`; mixed operators
+ * as `{ OR: [{ AND: [...] }, ...] }`.
+ *
+ * This runs **after** {@link validateAdvancedQuery}, so every field name and comparison has
+ * already been checked — the 4xx errors are raised there, never inside Prisma.
+ *
+ * @param where - The validated filter list (may be empty/undefined).
+ * @returns A Prisma `where` object (empty `{}` when there are no filters).
+ */
+export declare function astToPrismaWhere(where?: IQueryFilter[]): PrismaWhere;
+/**
+ * Converts the AST `orderBy` ({@link ISort}[]) into a Prisma `orderBy` array.
+ * @param orderBy - Sort expressions from the query AST.
+ * @returns A Prisma `orderBy` array, or `undefined` when there are no sorts.
+ */
+export declare function astToPrismaOrderBy(orderBy?: ISort[]): Array<Record<string, 'asc' | 'desc'>> | undefined;

package/dist/adapters/orm/prisma/astToPrisma.js

@@ -0,0 +1,140 @@
+import { SqlComparison } from '../../../enums/SqlComparison.js';
+import { SqlOperator } from '../../../enums/SqlOperator.js';
+import { SqlOrder } from '../../../enums/SqlOrder.js';
+/**
+ * Splits a `LIKE` pattern into a Prisma string operator based on its `%` wildcards.
+ * `%x%` → `contains`, `x%` → `startsWith`, `%x` → `endsWith`, and a wildcard-free value
+ * collapses to `equals` (matching SQL `LIKE 'x'` semantics).
+ * @param value - The raw LIKE pattern.
+ * @returns A Prisma string-filter object.
+ */
+function likeToPrisma(value) {
+    const text = String(value ?? '');
+    const lead = text.startsWith('%');
+    const trail = text.endsWith('%');
+    const inner = text.replace(/^%/, '').replace(/%$/, '');
+    if (lead && trail)
+        return { contains: inner };
+    if (trail)
+        return { startsWith: inner };
+    if (lead)
+        return { endsWith: inner };
+    return { equals: text };
+}
+/**
+ * Converts a single {@link IQueryFilter} comparison into a Prisma `where` fragment for one field.
+ *
+ * Most comparisons map to `{ [field]: { <op>: value } }`; `NOT BETWEEN` and `NOT LIKE`
+ * expand to `OR` / `NOT` groups. This is the only place comparison semantics live, so the
+ * delegate query path and the (validated) AST stay in lockstep.
+ *
+ * @param filter - The filter whose `field`, `comparison`, `value1`, and `value2` are read.
+ * @returns A Prisma `where` fragment expressing the comparison.
+ */
+function comparisonToPrisma(filter) {
+    const field = filter.field;
+    const v1 = filter.value1;
+    const v2 = filter.value2;
+    const comparison = (filter.comparison?.toUpperCase() ?? '=');
+    switch (comparison) {
+        case SqlComparison.Equal:
+            return { [field]: { equals: v1 } };
+        case SqlComparison.NotEqual:
+            return { [field]: { not: v1 } };
+        case SqlComparison.GreaterThan:
+            return { [field]: { gt: v1 } };
+        case SqlComparison.GreaterThanOrEqual:
+            return { [field]: { gte: v1 } };
+        case SqlComparison.LessThan:
+            return { [field]: { lt: v1 } };
+        case SqlComparison.LessThanOrEqual:
+            return { [field]: { lte: v1 } };
+        case SqlComparison.In:
+            return { [field]: { in: Array.isArray(v1) ? v1 : [v1] } };
+        case SqlComparison.NotIn:
+            return { [field]: { notIn: Array.isArray(v1) ? v1 : [v1] } };
+        case SqlComparison.Between:
+            return { [field]: { gte: v1, lte: v2 } };
+        case SqlComparison.NotBetween:
+            return { OR: [{ [field]: { lt: v1 } }, { [field]: { gt: v2 } }] };
+        case SqlComparison.IsNull:
+            return { [field]: null };
+        case SqlComparison.IsNotNull:
+            return { [field]: { not: null } };
+        case SqlComparison.Contains:
+            return { [field]: { contains: String(v1 ?? '') } };
+        case SqlComparison.StartsWith:
+            return { [field]: { startsWith: String(v1 ?? '') } };
+        case SqlComparison.EndsWith:
+            return { [field]: { endsWith: String(v1 ?? '') } };
+        case SqlComparison.Like:
+            return { [field]: likeToPrisma(v1) };
+        case SqlComparison.NotLike:
+            return { NOT: { [field]: likeToPrisma(v1) } };
+        default:
+            return { [field]: { equals: v1 } };
+    }
+}
+/**
+ * Translates one filter node into a Prisma fragment. When the node has nested `children`,
+ * its own condition is combined with the (parenthesised) children group using the node's
+ * `operator` — so `{ ...cond, operator: 'OR', children }` becomes `cond OR (children)` and
+ * `operator: 'AND'` (or omitted) becomes `cond AND (children)`, exactly as the original SQL
+ * builder rendered it.
+ * @param filter - The filter node.
+ * @returns The Prisma fragment for this node (and its children, if any).
+ */
+function nodeToPrisma(filter) {
+    const self = comparisonToPrisma(filter);
+    if (filter.children?.length) {
+        const childWhere = astToPrismaWhere(filter.children);
+        return filter.operator?.toUpperCase() === SqlOperator.Or
+            ? { OR: [self, childWhere] }
+            : { AND: [self, childWhere] };
+    }
+    return self;
+}
+/**
+ * Translates a validated query-builder WHERE tree ({@link IQueryFilter}[]) into a Prisma
+ * `where` object.
+ *
+ * Logical precedence matches SQL: each filter's `operator` joins it to the *next* sibling,
+ * `AND` binds tighter than `OR`, so the list is split into OR-separated groups of AND-runs.
+ * A single condition is returned bare; an all-AND list as `{ AND: [...] }`; mixed operators
+ * as `{ OR: [{ AND: [...] }, ...] }`.
+ *
+ * This runs **after** {@link validateAdvancedQuery}, so every field name and comparison has
+ * already been checked — the 4xx errors are raised there, never inside Prisma.
+ *
+ * @param where - The validated filter list (may be empty/undefined).
+ * @returns A Prisma `where` object (empty `{}` when there are no filters).
+ */
+export function astToPrismaWhere(where) {
+    if (!where?.length)
+        return {};
+    const groups = [[]];
+    where.forEach((filter, index) => {
+        groups[groups.length - 1].push(nodeToPrisma(filter));
+        // A node with children has consumed its operator to join self↔children, so it does not
+        // also split sibling groups; only a childless node's `OR` starts a new OR-group.
+        const joinsWithOr = !filter.children?.length && filter.operator?.toUpperCase() === SqlOperator.Or;
+        if (joinsWithOr && index < where.length - 1)
+            groups.push([]);
+    });
+    const andify = (group) => group.length === 1 ? group[0] : { AND: group };
+    if (groups.length === 1)
+        return andify(groups[0]);
+    return { OR: groups.map(andify) };
+}
+/**
+ * Converts the AST `orderBy` ({@link ISort}[]) into a Prisma `orderBy` array.
+ * @param orderBy - Sort expressions from the query AST.
+ * @returns A Prisma `orderBy` array, or `undefined` when there are no sorts.
+ */
+export function astToPrismaOrderBy(orderBy) {
+    if (!orderBy?.length)
+        return undefined;
+    return orderBy.map((sort) => ({
+        [sort.field]: sort.order.toUpperCase() === SqlOrder.DESC ? 'desc' : 'asc'
+    }));
+}

package/dist/adapters/orm/prisma/createPrismaResources.d.ts

@@ -3,7 +3,7 @@ import type { CreatePrismaResourcesOptions } from './types.js';
 /**
  * Creates resource definitions for Prisma models based on the provided schema and options.
  * @param prismaClient An instance of the Prisma client to be used for database operations.
- * @param schema  An array of model definitions, where each model includes its name, optional database name, and fields.
+ * @param schema  An array of model definitions, where each model includes its name and fields.
  * @param options An optional configuration object that allows customization of the generated resources, including model-specific options, default limits, and permissions.
  * @returns An array of resource definitions that can be used to set up API endpoints or other data access layers based on the Prisma models.
  */
@@ -12,4 +12,3 @@ export declare function createPrismaResources(prismaClient: object, schema: Read
     dbName?: string | null;
     fields: ModelField[];
 }>, options?: CreatePrismaResourcesOptions): ResourceDefinition[];
-//# sourceMappingURL=createPrismaResources.d.ts.map