@typicalday/firegraph 0.1.0 → 0.2.0

package/bin/firegraph.mjs

@@ -86,6 +86,45 @@ if (subcommand === 'editor') {
     console.error(`Error: ${err.message}`);
     process.exit(1);
   }
+} else if (subcommand === 'indexes') {
+  const args = parseArgs(process.argv.slice(3));
+  const entitiesDir = args.entities ? path.resolve(args.entities) : null;
+  const collection = args.collection || 'graph';
+  const outPath = args.out || null;
+
+  const distIndex = path.join(__dirname, '..', 'dist', 'index.js');
+  const { generateIndexConfig, discoverEntities } = await import(distIndex);
+
+  try {
+    let entities = undefined;
+    if (entitiesDir) {
+      const { result, warnings } = discoverEntities(entitiesDir);
+      for (const w of warnings) {
+        console.warn(`  warning: ${w.message}`);
+      }
+      entities = result;
+      const nodeCount = result.nodes.size;
+      const edgeCount = result.edges.size;
+      if (nodeCount > 0 || edgeCount > 0) {
+        console.error(`Discovered ${nodeCount} node type(s) + ${edgeCount} edge type(s)`);
+      }
+    }
+
+    const config = generateIndexConfig(collection, entities);
+    const output = JSON.stringify(config, null, 2) + '\n';
+
+    if (outPath) {
+      const resolved = path.resolve(outPath);
+      fs.mkdirSync(path.dirname(resolved), { recursive: true });
+      fs.writeFileSync(resolved, output, 'utf-8');
+      console.log(`Generated ${config.indexes.length} index(es) → ${resolved}`);
+    } else {
+      process.stdout.write(output);
+    }
+  } catch (err) {
+    console.error(`Error: ${err.message}`);
+    process.exit(1);
+  }
 } else if (subcommand === '--help' || subcommand === '-h' || !subcommand) {
   console.log('');
   console.log('  Usage: firegraph <command> [options]');
@@ -94,6 +133,7 @@ if (subcommand === 'editor') {
   console.log('    editor         Launch the Firegraph Editor UI');
   console.log('    query          Query the graph via the editor API');
   console.log('    codegen        Generate TypeScript types from entity schemas');
+  console.log('    indexes        Generate recommended Firestore index definitions');
   console.log('');
   console.log('  Editor options:');
   console.log('    --config <path>        Path to firegraph.config.ts (default: auto-discover in cwd)');
@@ -111,6 +151,11 @@ if (subcommand === 'editor') {
   console.log('    --entities <path>      Path to entities directory (default: ./entities)');
   console.log('    --out <path>           Output file path (default: stdout)');
   console.log('');
+  console.log('  Indexes options:');
+  console.log('    --entities <path>      Path to entities directory (adds per-entity data field indexes)');
+  console.log('    --collection <name>    Firestore collection name (default: graph)');
+  console.log('    --out <path>           Output file path (default: stdout)');
+  console.log('');
   console.log('  Config file:');
   console.log('    Create a firegraph.config.ts in your project root to avoid passing');
   console.log('    flags every time. CLI flags override config file values.');
@@ -121,6 +166,8 @@ if (subcommand === 'editor') {
   console.log('    npx firegraph editor --entities ./entities            # per-entity convention');
   console.log('    npx firegraph codegen --entities ./entities           # types to stdout');
   console.log('    npx firegraph codegen --entities ./entities --out src/generated/types.ts');
+  console.log('    npx firegraph indexes                                  # 4 base indexes to stdout');
+  console.log('    npx firegraph indexes --entities ./entities --out firestore.indexes.json');
   console.log('');
 } else {
   console.error(`Unknown command: ${subcommand}`);

package/dist/codegen/index.d.cts

@@ -1,2 +1,2 @@
-export { k as CodegenOptions, I as generateTypes } from '../index-CG3R68Hu.cjs';
+export { l as CodegenOptions, J as generateTypes } from '../index-wSlVH5Nv.cjs';
 import '@google-cloud/firestore';

package/dist/codegen/index.d.ts

@@ -1,2 +1,2 @@
-export { k as CodegenOptions, I as generateTypes } from '../index-CG3R68Hu.js';
+export { l as CodegenOptions, J as generateTypes } from '../index-wSlVH5Nv.js';
 import '@google-cloud/firestore';

package/dist/editor/server/index.mjs

@@ -29331,6 +29331,16 @@ import { createHash } from "node:crypto";
 
 // src/internal/constants.ts
 var NODE_RELATION = "is";
+var DEFAULT_QUERY_LIMIT = 500;
+var BUILTIN_FIELDS = /* @__PURE__ */ new Set([
+  "aType",
+  "aUid",
+  "axbType",
+  "bType",
+  "bUid",
+  "createdAt",
+  "updatedAt"
+]);
 var SHARD_SEPARATOR = ":";
 
 // src/docid.ts
@@ -29409,6 +29419,21 @@ var DynamicRegistryError = class extends FiregraphError {
     this.name = "DynamicRegistryError";
   }
 };
+var QuerySafetyError = class extends FiregraphError {
+  constructor(message) {
+    super(message, "QUERY_SAFETY");
+    this.name = "QuerySafetyError";
+  }
+};
+var RegistryScopeError = class extends FiregraphError {
+  constructor(aType, axbType, bType, scopePath, allowedIn) {
+    super(
+      `Type (${aType}) -[${axbType}]-> (${bType}) is not allowed at scope "${scopePath || "root"}". Allowed in: [${allowedIn.join(", ")}]`,
+      "REGISTRY_SCOPE"
+    );
+    this.name = "RegistryScopeError";
+  }
+};
 
 // src/query.ts
 function buildEdgeQueryPlan(params) {
@@ -29422,27 +29447,32 @@ function buildEdgeQueryPlan(params) {
   if (axbType) filters.push({ field: "axbType", op: "==", value: axbType });
   if (bType) filters.push({ field: "bType", op: "==", value: bType });
   if (bUid) filters.push({ field: "bUid", op: "==", value: bUid });
-  const builtinFields = ["aType", "aUid", "axbType", "bType", "bUid", "createdAt", "updatedAt"];
   if (params.where) {
     for (const clause of params.where) {
-      const field = builtinFields.includes(clause.field) ? clause.field : clause.field.startsWith("data.") ? clause.field : `data.${clause.field}`;
+      const field = BUILTIN_FIELDS.has(clause.field) ? clause.field : clause.field.startsWith("data.") ? clause.field : `data.${clause.field}`;
       filters.push({ field, op: clause.op, value: clause.value });
     }
   }
   if (filters.length === 0) {
     throw new InvalidQueryError("findEdges requires at least one filter parameter");
   }
-  const options = limit !== void 0 || orderBy ? { limit, orderBy } : void 0;
-  return { strategy: "query", filters, options };
+  const effectiveLimit = limit === void 0 ? DEFAULT_QUERY_LIMIT : limit || void 0;
+  return { strategy: "query", filters, options: { limit: effectiveLimit, orderBy } };
 }
 function buildNodeQueryPlan(params) {
-  return {
-    strategy: "query",
-    filters: [
-      { field: "aType", op: "==", value: params.aType },
-      { field: "axbType", op: "==", value: NODE_RELATION }
-    ]
-  };
+  const { aType, limit, orderBy } = params;
+  const filters = [
+    { field: "aType", op: "==", value: aType },
+    { field: "axbType", op: "==", value: NODE_RELATION }
+  ];
+  if (params.where) {
+    for (const clause of params.where) {
+      const field = BUILTIN_FIELDS.has(clause.field) ? clause.field : clause.field.startsWith("data.") ? clause.field : `data.${clause.field}`;
+      filters.push({ field, op: clause.op, value: clause.value });
+    }
+  }
+  const effectiveLimit = limit === void 0 ? DEFAULT_QUERY_LIMIT : limit || void 0;
+  return { strategy: "query", filters, options: { limit: effectiveLimit, orderBy } };
 }
 
 // src/internal/firestore-adapter.ts
@@ -29595,10 +29625,62 @@ function createPipelineQueryAdapter(db2, collectionPath) {
 
 // src/transaction.ts
 import { FieldValue as FieldValue2 } from "@google-cloud/firestore";
+
+// src/query-safety.ts
+var SAFE_INDEX_PATTERNS = [
+  /* @__PURE__ */ new Set(["aUid", "axbType"]),
+  /* @__PURE__ */ new Set(["axbType", "bUid"]),
+  /* @__PURE__ */ new Set(["aType", "axbType"]),
+  /* @__PURE__ */ new Set(["axbType", "bType"])
+];
+function analyzeQuerySafety(filters) {
+  const builtinFieldsPresent = /* @__PURE__ */ new Set();
+  let hasDataFilters = false;
+  for (const f of filters) {
+    if (BUILTIN_FIELDS.has(f.field)) {
+      builtinFieldsPresent.add(f.field);
+    } else {
+      hasDataFilters = true;
+    }
+  }
+  for (const pattern of SAFE_INDEX_PATTERNS) {
+    let matched = true;
+    for (const field of pattern) {
+      if (!builtinFieldsPresent.has(field)) {
+        matched = false;
+        break;
+      }
+    }
+    if (matched) {
+      return { safe: true };
+    }
+  }
+  const presentFields = [...builtinFieldsPresent];
+  if (presentFields.length === 0 && hasDataFilters) {
+    return {
+      safe: false,
+      reason: "Query filters only use data.* fields with no builtin field constraints. This requires a full collection scan. Add aType, aUid, axbType, bType, or bUid filters, or set allowCollectionScan: true."
+    };
+  }
+  if (hasDataFilters) {
+    return {
+      safe: false,
+      reason: `Query filters on [${presentFields.join(", ")}] do not match any indexed pattern. data.* filters without an indexed base require a full collection scan. Safe patterns: (aUid + axbType), (axbType + bUid), (aType + axbType), (axbType + bType). Set allowCollectionScan: true to override.`
+    };
+  }
+  return {
+    safe: false,
+    reason: `Query filters on [${presentFields.join(", ")}] do not match any indexed pattern. This may cause a full collection scan on Firestore Enterprise. Safe patterns: (aUid + axbType), (axbType + bUid), (aType + axbType), (axbType + bType). Set allowCollectionScan: true to override.`
+  };
+}
+
+// src/transaction.ts
 var GraphTransactionImpl = class {
-  constructor(adapter, registry2) {
+  constructor(adapter, registry2, scanProtection = "error", scopePath = "") {
     this.adapter = adapter;
     this.registry = registry2;
+    this.scanProtection = scanProtection;
+    this.scopePath = scopePath;
   }
   async getNode(uid) {
     const docId = computeNodeDocId(uid);
@@ -29612,12 +29694,22 @@ var GraphTransactionImpl = class {
     const record2 = await this.getEdge(aUid, axbType, bUid);
     return record2 !== null;
   }
+  checkQuerySafety(filters, allowCollectionScan) {
+    if (allowCollectionScan || this.scanProtection === "off") return;
+    const result = analyzeQuerySafety(filters);
+    if (result.safe) return;
+    if (this.scanProtection === "error") {
+      throw new QuerySafetyError(result.reason);
+    }
+    console.warn(`[firegraph] Query safety warning: ${result.reason}`);
+  }
   async findEdges(params) {
     const plan = buildEdgeQueryPlan(params);
     if (plan.strategy === "get") {
       const record2 = await this.adapter.getDoc(plan.docId);
       return record2 ? [record2] : [];
     }
+    this.checkQuerySafety(plan.filters, params.allowCollectionScan);
     return this.adapter.query(plan.filters, plan.options);
   }
   async findNodes(params) {
@@ -29626,11 +29718,12 @@ var GraphTransactionImpl = class {
       const record2 = await this.adapter.getDoc(plan.docId);
       return record2 ? [record2] : [];
     }
+    this.checkQuerySafety(plan.filters, params.allowCollectionScan);
     return this.adapter.query(plan.filters, plan.options);
   }
   async putNode(aType, uid, data) {
     if (this.registry) {
-      this.registry.validate(aType, NODE_RELATION, aType, data);
+      this.registry.validate(aType, NODE_RELATION, aType, data, this.scopePath);
     }
     const docId = computeNodeDocId(uid);
     const record2 = buildNodeRecord(aType, uid, data);
@@ -29638,7 +29731,7 @@ var GraphTransactionImpl = class {
   }
   async putEdge(aType, aUid, axbType, bType, bUid, data) {
     if (this.registry) {
-      this.registry.validate(aType, axbType, bType, data);
+      this.registry.validate(aType, axbType, bType, data, this.scopePath);
     }
     const docId = computeEdgeDocId(aUid, axbType, bUid);
     const record2 = buildEdgeRecord(aType, aUid, axbType, bType, bUid, data);
@@ -29664,13 +29757,14 @@ var GraphTransactionImpl = class {
 // src/batch.ts
 import { FieldValue as FieldValue3 } from "@google-cloud/firestore";
 var GraphBatchImpl = class {
-  constructor(adapter, registry2) {
+  constructor(adapter, registry2, scopePath = "") {
     this.adapter = adapter;
     this.registry = registry2;
+    this.scopePath = scopePath;
   }
   async putNode(aType, uid, data) {
     if (this.registry) {
-      this.registry.validate(aType, NODE_RELATION, aType, data);
+      this.registry.validate(aType, NODE_RELATION, aType, data, this.scopePath);
     }
     const docId = computeNodeDocId(uid);
     const record2 = buildNodeRecord(aType, uid, data);
@@ -29678,7 +29772,7 @@ var GraphBatchImpl = class {
   }
   async putEdge(aType, aUid, axbType, bType, bUid, data) {
     if (this.registry) {
-      this.registry.validate(aType, axbType, bType, data);
+      this.registry.validate(aType, axbType, bType, data, this.scopePath);
     }
     const docId = computeEdgeDocId(aUid, axbType, bUid);
     const record2 = buildEdgeRecord(aType, aUid, axbType, bType, bUid, data);
@@ -29770,14 +29864,39 @@ async function bulkDeleteDocIds(db2, collectionPath, docIds, options) {
   return { deleted, batches: completedBatches, errors };
 }
 async function bulkRemoveEdges(db2, collectionPath, reader, params, options) {
-  const edges = await reader.findEdges(params);
+  const effectiveParams = params.limit !== void 0 ? { ...params, allowCollectionScan: params.allowCollectionScan ?? true } : { ...params, limit: 0, allowCollectionScan: params.allowCollectionScan ?? true };
+  const edges = await reader.findEdges(effectiveParams);
   const docIds = edges.map((e) => computeEdgeDocId(e.aUid, e.axbType, e.bUid));
   return bulkDeleteDocIds(db2, collectionPath, docIds, options);
 }
+async function deleteSubcollectionsRecursive(db2, collectionPath, docId, options) {
+  const docRef = db2.collection(collectionPath).doc(docId);
+  const subcollections = await docRef.listCollections();
+  if (subcollections.length === 0) return { deleted: 0, errors: [] };
+  let totalDeleted = 0;
+  const allErrors = [];
+  const subOptions = options ? { batchSize: options.batchSize, maxRetries: options.maxRetries } : void 0;
+  for (const subCollRef of subcollections) {
+    const subCollPath = subCollRef.path;
+    const snapshot = await subCollRef.select().get();
+    const subDocIds = snapshot.docs.map((d) => d.id);
+    for (const subDocId of subDocIds) {
+      const subResult = await deleteSubcollectionsRecursive(db2, subCollPath, subDocId, subOptions);
+      totalDeleted += subResult.deleted;
+      allErrors.push(...subResult.errors);
+    }
+    if (subDocIds.length > 0) {
+      const result = await bulkDeleteDocIds(db2, subCollPath, subDocIds, subOptions);
+      totalDeleted += result.deleted;
+      allErrors.push(...result.errors);
+    }
+  }
+  return { deleted: totalDeleted, errors: allErrors };
+}
 async function removeNodeCascade(db2, collectionPath, reader, uid, options) {
   const [outgoingRaw, incomingRaw] = await Promise.all([
-    reader.findEdges({ aUid: uid }),
-    reader.findEdges({ bUid: uid })
+    reader.findEdges({ aUid: uid, allowCollectionScan: true, limit: 0 }),
+    reader.findEdges({ bUid: uid, allowCollectionScan: true, limit: 0 })
   ]);
   const outgoing = outgoingRaw.filter((e) => e.axbType !== NODE_RELATION);
   const incoming = incomingRaw.filter((e) => e.axbType !== NODE_RELATION);
@@ -29790,8 +29909,18 @@ async function removeNodeCascade(db2, collectionPath, reader, uid, options) {
       allEdges.push(edge);
     }
   }
-  const edgeDocIds = allEdges.map((e) => computeEdgeDocId(e.aUid, e.axbType, e.bUid));
+  const shouldDeleteSubcollections = options?.deleteSubcollections !== false;
   const nodeDocId = computeNodeDocId(uid);
+  let subcollectionResult = { deleted: 0, errors: [] };
+  if (shouldDeleteSubcollections) {
+    subcollectionResult = await deleteSubcollectionsRecursive(
+      db2,
+      collectionPath,
+      nodeDocId,
+      options
+    );
+  }
+  const edgeDocIds = allEdges.map((e) => computeEdgeDocId(e.aUid, e.axbType, e.bUid));
   const allDocIds = [...edgeDocIds, nodeDocId];
   const batchSize = Math.min(options?.batchSize ?? MAX_BATCH_SIZE, MAX_BATCH_SIZE);
   const result = await bulkDeleteDocIds(db2, collectionPath, allDocIds, {
@@ -29801,9 +29930,12 @@ async function removeNodeCascade(db2, collectionPath, reader, uid, options) {
   const totalChunks = Math.ceil(allDocIds.length / batchSize);
   const nodeChunkIndex = totalChunks - 1;
   const nodeDeleted = !result.errors.some((e) => e.batchIndex === nodeChunkIndex);
+  const topLevelEdgesDeleted = nodeDeleted ? result.deleted - 1 : result.deleted;
   return {
-    ...result,
-    edgesDeleted: nodeDeleted ? result.deleted - 1 : result.deleted,
+    deleted: result.deleted + subcollectionResult.deleted,
+    batches: result.batches,
+    errors: [...result.errors, ...subcollectionResult.errors],
+    edgesDeleted: topLevelEdgesDeleted,
     nodeDeleted
   };
 }
@@ -29903,6 +30035,39 @@ function propertyToFieldMeta(name, prop, required2) {
   return { name, type: "unknown", required: required2, description: prop.description };
 }
 
+// src/scope.ts
+function matchScope(scopePath, pattern) {
+  if (pattern === "root") return scopePath === "";
+  if (pattern === "**") return true;
+  const pathSegments = scopePath === "" ? [] : scopePath.split("/");
+  const patternSegments = pattern.split("/");
+  return matchSegments(pathSegments, 0, patternSegments, 0);
+}
+function matchScopeAny(scopePath, patterns) {
+  if (!patterns || patterns.length === 0) return true;
+  return patterns.some((p) => matchScope(scopePath, p));
+}
+function matchSegments(path4, pi, pattern, qi) {
+  if (pi === path4.length && qi === pattern.length) return true;
+  if (qi === pattern.length) return false;
+  const seg = pattern[qi];
+  if (seg === "**") {
+    if (qi === pattern.length - 1) return true;
+    for (let skip = 0; skip <= path4.length - pi; skip++) {
+      if (matchSegments(path4, pi + skip, pattern, qi + 1)) return true;
+    }
+    return false;
+  }
+  if (pi === path4.length) return false;
+  if (seg === "*") {
+    return matchSegments(path4, pi + 1, pattern, qi + 1);
+  }
+  if (path4[pi] === seg) {
+    return matchSegments(path4, pi + 1, pattern, qi + 1);
+  }
+  return false;
+}
+
 // src/registry.ts
 function tripleKey(aType, axbType, bType) {
   return `${aType}:${axbType}:${bType}`;
@@ -29925,11 +30090,16 @@ function createRegistry(input) {
     lookup(aType, axbType, bType) {
       return map2.get(tripleKey(aType, axbType, bType))?.entry;
     },
-    validate(aType, axbType, bType, data) {
+    validate(aType, axbType, bType, data, scopePath) {
       const rec = map2.get(tripleKey(aType, axbType, bType));
       if (!rec) {
         throw new RegistryViolationError(aType, axbType, bType);
       }
+      if (scopePath !== void 0 && rec.entry.allowedIn && rec.entry.allowedIn.length > 0) {
+        if (!matchScopeAny(scopePath, rec.entry.allowedIn)) {
+          throw new RegistryScopeError(aType, axbType, bType, scopePath, rec.entry.allowedIn);
+        }
+      }
       if (rec.validate) {
         try {
           rec.validate(data);
@@ -29957,7 +30127,8 @@ function discoveryToEntries(discovery) {
       jsonSchema: entity.schema,
       description: entity.description,
       titleField: entity.titleField,
-      subtitleField: entity.subtitleField
+      subtitleField: entity.subtitleField,
+      allowedIn: entity.allowedIn
     });
   }
   for (const [axbType, entity] of discovery.edges) {
@@ -29975,7 +30146,8 @@ function discoveryToEntries(discovery) {
           description: entity.description,
           inverseLabel: topology.inverseLabel,
           titleField: entity.titleField,
-          subtitleField: entity.subtitleField
+          subtitleField: entity.subtitleField,
+          allowedIn: entity.allowedIn
         });
       }
     }
@@ -29996,7 +30168,8 @@ var NODE_TYPE_SCHEMA = {
     titleField: { type: "string" },
     subtitleField: { type: "string" },
     viewTemplate: { type: "string" },
-    viewCss: { type: "string" }
+    viewCss: { type: "string" },
+    allowedIn: { type: "array", items: { type: "string", minLength: 1 } }
   },
   additionalProperties: false
 };
@@ -30023,7 +30196,8 @@ var EDGE_TYPE_SCHEMA = {
     titleField: { type: "string" },
     subtitleField: { type: "string" },
     viewTemplate: { type: "string" },
-    viewCss: { type: "string" }
+    viewCss: { type: "string" },
+    allowedIn: { type: "array", items: { type: "string", minLength: 1 } }
   },
   additionalProperties: false
 };
@@ -30065,7 +30239,8 @@ async function createRegistryFromGraph(reader) {
       jsonSchema: data.jsonSchema,
       description: data.description,
       titleField: data.titleField,
-      subtitleField: data.subtitleField
+      subtitleField: data.subtitleField,
+      allowedIn: data.allowedIn
     });
   }
   for (const record2 of edgeTypes) {
@@ -30082,7 +30257,8 @@ async function createRegistryFromGraph(reader) {
           description: data.description,
           inverseLabel: data.inverseLabel,
           titleField: data.titleField,
-          subtitleField: data.subtitleField
+          subtitleField: data.subtitleField,
+          allowedIn: data.allowedIn
         });
       }
     }
@@ -30093,9 +30269,10 @@ async function createRegistryFromGraph(reader) {
 // src/client.ts
 var _standardModeWarned = false;
 var RESERVED_TYPE_NAMES = /* @__PURE__ */ new Set([META_NODE_TYPE, META_EDGE_TYPE]);
-var GraphClientImpl = class {
-  constructor(db2, collectionPath, options) {
+var GraphClientImpl = class _GraphClientImpl {
+  constructor(db2, collectionPath, options, scopePath = "") {
     this.db = db2;
+    this.scopePath = scopePath;
     this.adapter = createFirestoreAdapter(db2, collectionPath);
     if (options?.registry && options?.registryMode) {
       throw new DynamicRegistryError(
@@ -30125,6 +30302,7 @@ var GraphClientImpl = class {
         "[firegraph] Standard query mode enabled. This is NOT recommended for production:\n  - Enterprise Firestore: data.* filters cause full collection scans (high billing)\n  - Standard Firestore: data.* filters without composite indexes will fail\n  See: https://github.com/typicalday/firegraph#query-modes"
       );
     }
+    this.scanProtection = options?.scanProtection ?? "error";
     if (this.queryMode === "pipeline") {
       this.pipelineAdapter = createPipelineQueryAdapter(db2, collectionPath);
       if (this.metaAdapter) {
@@ -30138,6 +30316,7 @@ var GraphClientImpl = class {
   adapter;
   pipelineAdapter;
   queryMode;
+  scanProtection;
   // Static mode
   staticRegistry;
   // Dynamic mode
@@ -30146,6 +30325,8 @@ var GraphClientImpl = class {
   dynamicRegistry;
   metaAdapter;
   metaPipelineAdapter;
+  // Subgraph scope tracking
+  scopePath;
   // ---------------------------------------------------------------------------
   // Registry routing
   // ---------------------------------------------------------------------------
@@ -30199,6 +30380,19 @@ var GraphClientImpl = class {
     }
     return this.adapter.query(filters, options);
   }
+  /**
+   * Check whether a query's filter set is safe (matches a known index pattern).
+   * Throws QuerySafetyError or logs a warning depending on scanProtection config.
+   */
+  checkQuerySafety(filters, allowCollectionScan) {
+    if (allowCollectionScan || this.scanProtection === "off") return;
+    const result = analyzeQuerySafety(filters);
+    if (result.safe) return;
+    if (this.scanProtection === "error") {
+      throw new QuerySafetyError(result.reason);
+    }
+    console.warn(`[firegraph] Query safety warning: ${result.reason}`);
+  }
   // ---------------------------------------------------------------------------
   // GraphReader
   // ---------------------------------------------------------------------------
@@ -30220,6 +30414,7 @@ var GraphClientImpl = class {
       const record2 = await this.adapter.getDoc(plan.docId);
       return record2 ? [record2] : [];
     }
+    this.checkQuerySafety(plan.filters, params.allowCollectionScan);
     return this.executeQuery(plan.filters, plan.options);
   }
   async findNodes(params) {
@@ -30228,6 +30423,7 @@ var GraphClientImpl = class {
       const record2 = await this.adapter.getDoc(plan.docId);
       return record2 ? [record2] : [];
     }
+    this.checkQuerySafety(plan.filters, params.allowCollectionScan);
     return this.executeQuery(plan.filters, plan.options);
   }
   // ---------------------------------------------------------------------------
@@ -30236,7 +30432,7 @@ var GraphClientImpl = class {
   async putNode(aType, uid, data) {
     const registry2 = this.getRegistryForType(aType);
     if (registry2) {
-      registry2.validate(aType, NODE_RELATION, aType, data);
+      registry2.validate(aType, NODE_RELATION, aType, data, this.scopePath);
     }
     const adapter = this.getAdapterForType(aType);
     const docId = computeNodeDocId(uid);
@@ -30246,7 +30442,7 @@ var GraphClientImpl = class {
   async putEdge(aType, aUid, axbType, bType, bUid, data) {
     const registry2 = this.getRegistryForType(aType);
     if (registry2) {
-      registry2.validate(aType, axbType, bType, data);
+      registry2.validate(aType, axbType, bType, data, this.scopePath);
     }
     const adapter = this.getAdapterForType(aType);
     const docId = computeEdgeDocId(aUid, axbType, bUid);
@@ -30278,13 +30474,42 @@ var GraphClientImpl = class {
         this.adapter.collectionPath,
         firestoreTx
       );
-      const graphTx = new GraphTransactionImpl(adapter, this.getCombinedRegistry());
+      const graphTx = new GraphTransactionImpl(adapter, this.getCombinedRegistry(), this.scanProtection, this.scopePath);
       return fn(graphTx);
     });
   }
   batch() {
     const adapter = createBatchAdapter(this.db, this.adapter.collectionPath);
-    return new GraphBatchImpl(adapter, this.getCombinedRegistry());
+    return new GraphBatchImpl(adapter, this.getCombinedRegistry(), this.scopePath);
+  }
+  // ---------------------------------------------------------------------------
+  // Subgraph
+  // ---------------------------------------------------------------------------
+  subgraph(parentNodeUid, name = "graph") {
+    if (!parentNodeUid || parentNodeUid.includes("/")) {
+      throw new FiregraphError(
+        `Invalid parentNodeUid for subgraph: "${parentNodeUid}". Must be a non-empty string without "/".`,
+        "INVALID_SUBGRAPH"
+      );
+    }
+    if (name.includes("/")) {
+      throw new FiregraphError(
+        `Subgraph name must not contain "/": got "${name}". Use chained .subgraph() calls for nested subgraphs.`,
+        "INVALID_SUBGRAPH"
+      );
+    }
+    const subCollectionPath = `${this.adapter.collectionPath}/${parentNodeUid}/${name}`;
+    const newScopePath = this.scopePath ? `${this.scopePath}/${name}` : name;
+    return new _GraphClientImpl(
+      this.db,
+      subCollectionPath,
+      {
+        registry: this.getCombinedRegistry(),
+        queryMode: this.queryMode === "pipeline" ? "pipeline" : "standard",
+        scanProtection: this.scanProtection
+      },
+      newScopePath
+    );
   }
   // ---------------------------------------------------------------------------
   // Bulk operations
@@ -30316,6 +30541,7 @@ var GraphClientImpl = class {
     if (options?.subtitleField !== void 0) data.subtitleField = options.subtitleField;
     if (options?.viewTemplate !== void 0) data.viewTemplate = options.viewTemplate;
     if (options?.viewCss !== void 0) data.viewCss = options.viewCss;
+    if (options?.allowedIn !== void 0) data.allowedIn = options.allowedIn;
     await this.putNode(META_NODE_TYPE, uid, data);
   }
   async defineEdgeType(name, topology, jsonSchema, description, options) {
@@ -30342,6 +30568,7 @@ var GraphClientImpl = class {
     if (options?.subtitleField !== void 0) data.subtitleField = options.subtitleField;
     if (options?.viewTemplate !== void 0) data.viewTemplate = options.viewTemplate;
     if (options?.viewCss !== void 0) data.viewCss = options.viewCss;
+    if (options?.allowedIn !== void 0) data.allowedIn = options.allowedIn;
     await this.putNode(META_EDGE_TYPE, uid, data);
   }
   async reloadRegistry() {
@@ -30524,7 +30751,8 @@ function loadNodeEntity(dir, name) {
     subtitleField: meta3?.subtitleField,
     viewDefaults: meta3?.viewDefaults,
     viewsPath,
-    sampleData
+    sampleData,
+    allowedIn: meta3?.allowedIn
   };
 }
 function loadEdgeEntity(dir, name) {
@@ -30559,7 +30787,8 @@ function loadEdgeEntity(dir, name) {
     subtitleField: meta3?.subtitleField,
     viewDefaults: meta3?.viewDefaults,
     viewsPath,
-    sampleData
+    sampleData,
+    allowedIn: meta3?.allowedIn
   };
 }
 function getSubdirectories(dir) {