@typicalday/firegraph 0.11.2 → 0.13.0

package/dist/cloudflare/index.cjs

@@ -30,6 +30,21 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 ));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
+// src/internal/serialization-tag.ts
+function isTaggedValue(value) {
+  if (value === null || typeof value !== "object") return false;
+  const tag = value[SERIALIZATION_TAG];
+  return typeof tag === "string" && KNOWN_TYPES.has(tag);
+}
+var SERIALIZATION_TAG, KNOWN_TYPES;
+var init_serialization_tag = __esm({
+  "src/internal/serialization-tag.ts"() {
+    "use strict";
+    SERIALIZATION_TAG = "__firegraph_ser__";
+    KNOWN_TYPES = /* @__PURE__ */ new Set(["Timestamp", "GeoPoint", "VectorValue", "DocumentReference"]);
+  }
+});
+
 // src/serialization.ts
 var serialization_exports = {};
 __export(serialization_exports, {
@@ -38,11 +53,6 @@ __export(serialization_exports, {
   isTaggedValue: () => isTaggedValue,
   serializeFirestoreTypes: () => serializeFirestoreTypes
 });
-function isTaggedValue(value) {
-  if (value === null || typeof value !== "object") return false;
-  const tag = value[SERIALIZATION_TAG];
-  return typeof tag === "string" && KNOWN_TYPES.has(tag);
-}
 function isTimestamp(value) {
   return value instanceof import_firestore.Timestamp;
 }
@@ -143,13 +153,13 @@ function deserializeValue(value, db) {
   }
   return result;
 }
-var import_firestore, SERIALIZATION_TAG, KNOWN_TYPES, _docRefWarned;
+var import_firestore, _docRefWarned;
 var init_serialization = __esm({
   "src/serialization.ts"() {
     "use strict";
     import_firestore = require("@google-cloud/firestore");
-    SERIALIZATION_TAG = "__firegraph_ser__";
-    KNOWN_TYPES = /* @__PURE__ */ new Set(["Timestamp", "GeoPoint", "VectorValue", "DocumentReference"]);
+    init_serialization_tag();
+    init_serialization_tag();
     _docRefWarned = false;
   }
 });
@@ -157,11 +167,20 @@ var init_serialization = __esm({
 // src/cloudflare/index.ts
 var cloudflare_exports = {};
 __export(cloudflare_exports, {
+  CapabilityNotSupportedError: () => CapabilityNotSupportedError,
   DORPCBackend: () => DORPCBackend,
   FiregraphDO: () => FiregraphDO,
+  META_EDGE_TYPE: () => META_EDGE_TYPE,
+  META_NODE_TYPE: () => META_NODE_TYPE,
   buildDOSchemaStatements: () => buildDOSchemaStatements,
+  createCapabilities: () => createCapabilities,
   createDOClient: () => createDOClient,
-  createSiblingClient: () => createSiblingClient
+  createMergedRegistry: () => createMergedRegistry,
+  createRegistry: () => createRegistry,
+  createSiblingClient: () => createSiblingClient,
+  deleteField: () => deleteField,
+  generateId: () => generateId,
+  intersectCapabilities: () => intersectCapabilities
 });
 module.exports = __toCommonJS(cloudflare_exports);
 
@@ -219,6 +238,34 @@ var MigrationError = class extends FiregraphError {
     this.name = "MigrationError";
   }
 };
+var CapabilityNotSupportedError = class extends FiregraphError {
+  constructor(capability, backendDescription) {
+    super(
+      `Capability "${capability}" is not supported by ${backendDescription}.`,
+      "CAPABILITY_NOT_SUPPORTED"
+    );
+    this.capability = capability;
+    this.name = "CapabilityNotSupportedError";
+  }
+};
+
+// src/internal/backend.ts
+function createCapabilities(caps) {
+  return {
+    has: (capability) => caps.has(capability),
+    values: () => caps.values()
+  };
+}
+function intersectCapabilities(parts) {
+  if (parts.length === 0) return createCapabilities(/* @__PURE__ */ new Set());
+  const sets = parts.map((p) => new Set(p.values()));
+  const [first, ...rest] = sets;
+  const intersection = /* @__PURE__ */ new Set();
+  for (const c of first) {
+    if (rest.every((s) => s.has(c))) intersection.add(c);
+  }
+  return createCapabilities(intersection);
+}
 
 // src/internal/constants.ts
 var NODE_RELATION = "is";
@@ -234,6 +281,296 @@ var BUILTIN_FIELDS = /* @__PURE__ */ new Set([
 ]);
 var SHARD_SEPARATOR = ":";
 
+// src/internal/sqlite-data-ops.ts
+var FIRESTORE_TYPE_NAMES = /* @__PURE__ */ new Set([
+  "Timestamp",
+  "GeoPoint",
+  "VectorValue",
+  "DocumentReference",
+  "FieldValue"
+]);
+function isFirestoreSpecialType(value) {
+  const ctorName = value.constructor?.name;
+  if (ctorName && FIRESTORE_TYPE_NAMES.has(ctorName)) return ctorName;
+  return null;
+}
+var JSON_PATH_KEY_RE = /^[A-Za-z_][A-Za-z0-9_-]*$/;
+function validateJsonPathKey(key, backendLabel) {
+  if (key.length === 0) {
+    throw new FiregraphError(
+      `${backendLabel}: empty JSON path component is not allowed`,
+      "INVALID_QUERY"
+    );
+  }
+  if (!JSON_PATH_KEY_RE.test(key)) {
+    throw new FiregraphError(
+      `${backendLabel}: data field path component "${key}" is not a safe JSON-path identifier. Allowed pattern: /^[A-Za-z_][A-Za-z0-9_-]*$/. Use replaceNode/replaceEdge (full-data overwrite) for keys with reserved characters (whitespace, dots, brackets, quotes, etc.).`,
+      "INVALID_QUERY"
+    );
+  }
+}
+function jsonBind(value, backendLabel) {
+  if (value === void 0) return "null";
+  if (value !== null && typeof value === "object") {
+    const firestoreType = isFirestoreSpecialType(value);
+    if (firestoreType) {
+      throw new FiregraphError(
+        `${backendLabel} cannot persist a Firestore ${firestoreType} value. Convert to a primitive before writing (e.g. \`ts.toMillis()\` for Timestamp).`,
+        "INVALID_ARGUMENT"
+      );
+    }
+  }
+  return JSON.stringify(value);
+}
+function compileDataOpsExpr(ops, base, params, backendLabel) {
+  if (ops.length === 0) return null;
+  const deletes = [];
+  const sets = [];
+  for (const op of ops) (op.delete ? deletes : sets).push(op);
+  let expr = base;
+  if (deletes.length > 0) {
+    const placeholders = deletes.map(() => "?").join(", ");
+    expr = `json_remove(${expr}, ${placeholders})`;
+    for (const op of deletes) {
+      for (const seg of op.path) validateJsonPathKey(seg, backendLabel);
+      params.push(`$.${op.path.join(".")}`);
+    }
+  }
+  if (sets.length > 0) {
+    const pieces = sets.map(() => "?, json(?)").join(", ");
+    expr = `json_set(${expr}, ${pieces})`;
+    for (const op of sets) {
+      for (const seg of op.path) validateJsonPathKey(seg, backendLabel);
+      params.push(`$.${op.path.join(".")}`);
+      params.push(jsonBind(op.value, backendLabel));
+    }
+  }
+  return expr;
+}
+
+// src/internal/sqlite-payload-guard.ts
+init_serialization_tag();
+
+// src/internal/write-plan.ts
+init_serialization_tag();
+var DELETE_FIELD = /* @__PURE__ */ Symbol.for("firegraph.deleteField");
+function deleteField() {
+  return DELETE_FIELD;
+}
+function isDeleteSentinel(value) {
+  return value === DELETE_FIELD;
+}
+var FIRESTORE_TERMINAL_CTOR = /* @__PURE__ */ new Set([
+  "Timestamp",
+  "GeoPoint",
+  "VectorValue",
+  "DocumentReference",
+  "FieldValue",
+  "NumericIncrementTransform",
+  "ArrayUnionTransform",
+  "ArrayRemoveTransform",
+  "ServerTimestampTransform",
+  "DeleteTransform"
+]);
+function isTerminalValue(value) {
+  if (value === null) return true;
+  const t = typeof value;
+  if (t !== "object") return true;
+  if (Array.isArray(value)) return true;
+  if (isTaggedValue(value)) return true;
+  const proto = Object.getPrototypeOf(value);
+  if (proto === null || proto === Object.prototype) return false;
+  const ctor = value.constructor;
+  if (ctor && typeof ctor.name === "string" && FIRESTORE_TERMINAL_CTOR.has(ctor.name)) return true;
+  return true;
+}
+var SAFE_KEY_RE = /^[A-Za-z_][A-Za-z0-9_-]*$/;
+function assertUpdatePayloadExclusive(update) {
+  if (update.replaceData !== void 0 && update.dataOps !== void 0) {
+    throw new Error(
+      "firegraph: UpdatePayload cannot specify both `replaceData` and `dataOps`. Use one or the other \u2014 `replaceData` is the migration-write-back form, `dataOps` is the standard partial-update form."
+    );
+  }
+}
+function assertNoDeleteSentinels(data, callerLabel) {
+  walkForDeleteSentinels(data, [], { kind: "root" }, ({ path }) => {
+    const where = path.length === 0 ? "<root>" : path.map((p) => JSON.stringify(p)).join(" > ");
+    throw new Error(
+      `firegraph: ${callerLabel} payload contains a deleteField() sentinel at ${where}. deleteField() is only valid inside updateNode/updateEdge \u2014 full-data writes (put*, replace*) cannot delete individual fields. Use updateNode with a deleteField() value, or omit the field from the replace payload.`
+    );
+  });
+}
+function walkForDeleteSentinels(node, path, parent, visit) {
+  if (node === null || node === void 0) return;
+  if (isDeleteSentinel(node)) {
+    visit({ path, parent });
+    return;
+  }
+  if (typeof node !== "object") return;
+  if (isTaggedValue(node)) return;
+  if (Array.isArray(node)) {
+    for (let i = 0; i < node.length; i++) {
+      walkForDeleteSentinels(node[i], [...path, String(i)], { kind: "array", index: i }, visit);
+    }
+    return;
+  }
+  const proto = Object.getPrototypeOf(node);
+  if (proto !== null && proto !== Object.prototype) return;
+  const obj = node;
+  for (const key of Object.keys(obj)) {
+    walkForDeleteSentinels(obj[key], [...path, key], { kind: "object" }, visit);
+  }
+}
+function assertSafePath(path) {
+  for (const seg of path) {
+    if (!SAFE_KEY_RE.test(seg)) {
+      throw new Error(
+        `firegraph: unsafe object key ${JSON.stringify(seg)} at path ${path.map((p) => JSON.stringify(p)).join(" > ")}. Keys used inside update payloads must match /^[A-Za-z_][A-Za-z0-9_-]*$/ so they can be embedded safely in SQLite JSON paths.`
+      );
+    }
+  }
+}
+function flattenPatch(data) {
+  const ops = [];
+  walk(data, [], ops);
+  return ops;
+}
+function assertNoDeleteSentinelsInArrayValue(arr, arrayPath) {
+  walkForDeleteSentinels(arr, arrayPath, { kind: "root" }, ({ parent }) => {
+    const arrayPathStr = arrayPath.length === 0 ? "<root>" : arrayPath.map((p) => JSON.stringify(p)).join(" > ");
+    if (parent.kind === "array") {
+      throw new Error(
+        `firegraph: deleteField() sentinel at index ${parent.index} inside an array at path ${arrayPathStr}. Arrays are terminal in update payloads (replaced as a unit), so the sentinel would be silently dropped by JSON serialization. To remove the field entirely, pass deleteField() in place of the whole array.`
+      );
+    }
+    throw new Error(
+      `firegraph: deleteField() sentinel inside an array element at path ${arrayPathStr}. Arrays are terminal in update payloads \u2014 the sentinel would be silently dropped by JSON serialization.`
+    );
+  });
+}
+function walk(node, path, out) {
+  if (node === void 0) return;
+  if (isDeleteSentinel(node)) {
+    if (path.length === 0) {
+      throw new Error("firegraph: deleteField() cannot be the entire update payload.");
+    }
+    assertSafePath(path);
+    out.push({ path: [...path], value: void 0, delete: true });
+    return;
+  }
+  if (isTerminalValue(node)) {
+    if (path.length === 0) {
+      throw new Error(
+        "firegraph: update payload must be a plain object. Got " + (node === null ? "null" : Array.isArray(node) ? "array" : typeof node) + "."
+      );
+    }
+    if (Array.isArray(node)) {
+      assertNoDeleteSentinelsInArrayValue(node, path);
+    }
+    assertSafePath(path);
+    out.push({ path: [...path], value: node, delete: false });
+    return;
+  }
+  const obj = node;
+  const keys = Object.keys(obj);
+  if (keys.length === 0) {
+    if (path.length > 0) {
+      assertSafePath(path);
+      out.push({ path: [...path], value: {}, delete: false });
+    }
+    return;
+  }
+  for (const key of keys) {
+    if (key === SERIALIZATION_TAG) {
+      const where = path.length === 0 ? "<root>" : path.map((p) => JSON.stringify(p)).join(" > ");
+      throw new Error(
+        `firegraph: update payload contains a literal \`${SERIALIZATION_TAG}\` key at ${where}. That key is reserved for firegraph's serialization envelope and cannot appear on a plain object in user data. Use a different field name, or pass a recognized tagged value through replaceNode/replaceEdge instead.`
+      );
+    }
+    walk(obj[key], [...path, key], out);
+  }
+}
+
+// src/internal/sqlite-payload-guard.ts
+var FIRESTORE_TYPE_NAMES2 = /* @__PURE__ */ new Set([
+  "Timestamp",
+  "GeoPoint",
+  "VectorValue",
+  "DocumentReference",
+  "FieldValue"
+]);
+function assertJsonSafePayload(data, label) {
+  walk2(data, [], label);
+}
+function walk2(node, path, label) {
+  if (node === null || node === void 0) return;
+  if (isDeleteSentinel(node)) {
+    throw new FiregraphError(
+      `${label} backend cannot persist a deleteField() sentinel inside a full-data payload (replaceNode/replaceEdge or first-insert). The sentinel is only valid inside an updateNode/updateEdge dataOps patch. Path: ${formatPath(path)}.`,
+      "INVALID_ARGUMENT"
+    );
+  }
+  const t = typeof node;
+  if (t === "symbol" || t === "function") {
+    throw new FiregraphError(
+      `${label} backend cannot persist a value of type ${t}. JSON.stringify drops it silently. Path: ${formatPath(path)}.`,
+      "INVALID_ARGUMENT"
+    );
+  }
+  if (t === "bigint") {
+    throw new FiregraphError(
+      `${label} backend cannot persist a value of type bigint. JSON.stringify cannot serialize this type (throws TypeError). Path: ${formatPath(path)}.`,
+      "INVALID_ARGUMENT"
+    );
+  }
+  if (t !== "object") return;
+  if (Array.isArray(node)) {
+    for (let i = 0; i < node.length; i++) {
+      walk2(node[i], [...path, String(i)], label);
+    }
+    return;
+  }
+  const obj = node;
+  if (Object.prototype.hasOwnProperty.call(obj, SERIALIZATION_TAG)) {
+    const tagValue = obj[SERIALIZATION_TAG];
+    throw new FiregraphError(
+      `${label} backend cannot persist an object with a \`${SERIALIZATION_TAG}\` key (value: ${formatTagValue(tagValue)}). Recognised tags are valid only on the Firestore backend (migration-sandbox output); a literal \`${SERIALIZATION_TAG}\` field in user data is reserved and not allowed. Path: ${formatPath(path)}.`,
+      "INVALID_ARGUMENT"
+    );
+  }
+  const proto = Object.getPrototypeOf(node);
+  if (proto !== null && proto !== Object.prototype) {
+    const ctor = node.constructor;
+    const ctorName = ctor && typeof ctor.name === "string" ? ctor.name : "<anonymous>";
+    if (FIRESTORE_TYPE_NAMES2.has(ctorName)) {
+      throw new FiregraphError(
+        `${label} backend cannot persist a Firestore ${ctorName} value. Convert to a primitive before writing (e.g. \`ts.toMillis()\` for Timestamp, \`{lat,lng}\` for GeoPoint). Path: ${formatPath(path)}.`,
+        "INVALID_ARGUMENT"
+      );
+    }
+    if (node instanceof Date) return;
+    throw new FiregraphError(
+      `${label} backend cannot persist a class instance of type ${ctorName}. Only plain objects, arrays, and primitives round-trip safely through JSON storage. Path: ${formatPath(path)}.`,
+      "INVALID_ARGUMENT"
+    );
+  }
+  for (const key of Object.keys(obj)) {
+    walk2(obj[key], [...path, key], label);
+  }
+}
+function formatPath(path) {
+  return path.length === 0 ? "<root>" : path.map((p) => JSON.stringify(p)).join(" > ");
+}
+function formatTagValue(value) {
+  if (value === null) return "null";
+  if (value === void 0) return "undefined";
+  if (typeof value === "string") return JSON.stringify(value);
+  if (typeof value === "number" || typeof value === "boolean" || typeof value === "bigint") {
+    return String(value);
+  }
+  return typeof value;
+}
+
 // src/timestamp.ts
 var GraphTimestampImpl = class _GraphTimestampImpl {
   constructor(seconds, nanoseconds) {
@@ -273,7 +610,7 @@ var DEFAULT_CORE_INDEXES = Object.freeze([
 
 // src/internal/sqlite-index-ddl.ts
 var IDENT_RE = /^[A-Za-z_][A-Za-z0-9_]*$/;
-var JSON_PATH_KEY_RE = /^[A-Za-z_][A-Za-z0-9_-]*$/;
+var JSON_PATH_KEY_RE2 = /^[A-Za-z_][A-Za-z0-9_-]*$/;
 function quoteIdent(name) {
   if (!IDENT_RE.test(name)) {
     throw new FiregraphError(
@@ -321,7 +658,7 @@ function compileFieldExpr(path, fieldToColumn) {
     const suffix = path.slice(5);
     const parts = suffix.split(".");
     for (const part of parts) {
-      if (!JSON_PATH_KEY_RE.test(part)) {
+      if (!JSON_PATH_KEY_RE2.test(part)) {
         throw new FiregraphError(
           `IndexSpec data path "${path}" has invalid component "${part}". Each component must match /^[A-Za-z_][A-Za-z0-9_-]*$/.`,
           "INVALID_INDEX"
@@ -390,6 +727,9 @@ function quoteDOIdent(name) {
   validateDOTableName(name);
   return `"${name}"`;
 }
+function quoteDOColumnAlias(label) {
+  return `"${label.replace(/"/g, '""')}"`;
+}
 function buildDOSchemaStatements(table, options = {}) {
   const t = quoteDOIdent(table);
   const statements = [
@@ -416,6 +756,8 @@ function buildDOSchemaStatements(table, options = {}) {
 }
 
 // src/cloudflare/sql.ts
+var DO_BACKEND_LABEL = "DO SQLite";
+var DO_BACKEND_ERR_LABEL = "DO SQLite backend";
 function compileFieldRef(field) {
   const column = DO_FIELD_TO_COLUMN[field];
   if (column) {
@@ -424,7 +766,7 @@ function compileFieldRef(field) {
   if (field.startsWith("data.")) {
     const suffix = field.slice(5);
     for (const part of suffix.split(".")) {
-      validateJsonPathKey(part);
+      validateJsonPathKey(part, DO_BACKEND_ERR_LABEL);
     }
     return { expr: `json_extract("data", '$.${suffix}')` };
   }
@@ -436,18 +778,6 @@ function compileFieldRef(field) {
     "INVALID_QUERY"
   );
 }
-var FIRESTORE_TYPE_NAMES = /* @__PURE__ */ new Set([
-  "Timestamp",
-  "GeoPoint",
-  "VectorValue",
-  "DocumentReference",
-  "FieldValue"
-]);
-function isFirestoreSpecialType(value) {
-  const ctorName = value.constructor?.name;
-  if (ctorName && FIRESTORE_TYPE_NAMES.has(ctorName)) return ctorName;
-  return null;
-}
 function bindValue(value) {
   if (value === null || value === void 0) return null;
   if (typeof value === "string" || typeof value === "number" || typeof value === "bigint" || typeof value === "boolean") {
@@ -466,21 +796,6 @@ function bindValue(value) {
   }
   return String(value);
 }
-var JSON_PATH_KEY_RE2 = /^[A-Za-z_][A-Za-z0-9_-]*$/;
-function validateJsonPathKey(key) {
-  if (key.length === 0) {
-    throw new FiregraphError(
-      "DO SQLite backend: empty JSON path component is not allowed",
-      "INVALID_QUERY"
-    );
-  }
-  if (!JSON_PATH_KEY_RE2.test(key)) {
-    throw new FiregraphError(
-      `DO SQLite backend: data field path component "${key}" is not a safe JSON-path identifier. Allowed pattern: /^[A-Za-z_][A-Za-z0-9_-]*$/. Use replaceData (full-data overwrite) for keys with reserved characters (whitespace, dots, brackets, quotes, etc.).`,
-      "INVALID_QUERY"
-    );
-  }
-}
 function compileFilter(filter, params) {
   const { expr } = compileFieldRef(filter.field);
   switch (filter.op) {
@@ -561,17 +876,244 @@ function compileDOSelect(table, filters, options) {
   sql += compileLimit(options, params);
   return { sql, params };
 }
+function compileDOExpand(table, params) {
+  if (params.sources.length === 0) {
+    throw new FiregraphError(
+      "compileDOExpand requires a non-empty sources list \u2014 empty IN () is invalid SQL.",
+      "INVALID_QUERY"
+    );
+  }
+  const direction = params.direction ?? "forward";
+  const aUidCol = compileFieldRef("aUid").expr;
+  const bUidCol = compileFieldRef("bUid").expr;
+  const aTypeCol = compileFieldRef("aType").expr;
+  const bTypeCol = compileFieldRef("bType").expr;
+  const axbTypeCol = compileFieldRef("axbType").expr;
+  const sourceColumn = direction === "forward" ? aUidCol : bUidCol;
+  const sqlParams = [params.axbType];
+  const conditions = [`${axbTypeCol} = ?`];
+  const placeholders = params.sources.map(() => "?").join(", ");
+  conditions.push(`${sourceColumn} IN (${placeholders})`);
+  for (const uid of params.sources) sqlParams.push(uid);
+  if (params.aType !== void 0) {
+    conditions.push(`${aTypeCol} = ?`);
+    sqlParams.push(params.aType);
+  }
+  if (params.bType !== void 0) {
+    conditions.push(`${bTypeCol} = ?`);
+    sqlParams.push(params.bType);
+  }
+  if (params.axbType === NODE_RELATION) {
+    conditions.push(`${aUidCol} != ${bUidCol}`);
+  }
+  let sql = `SELECT * FROM ${quoteDOIdent(table)} WHERE ${conditions.join(" AND ")}`;
+  if (params.orderBy) {
+    sql += compileOrderBy({ orderBy: params.orderBy }, sqlParams);
+  }
+  if (params.limitPerSource !== void 0) {
+    const totalLimit = params.sources.length * params.limitPerSource;
+    sql += ` LIMIT ?`;
+    sqlParams.push(totalLimit);
+  }
+  return { sql, params: sqlParams };
+}
+function compileDOExpandHydrate(table, targetUids) {
+  if (targetUids.length === 0) {
+    throw new FiregraphError(
+      "compileDOExpandHydrate requires a non-empty target list \u2014 empty IN () is invalid SQL.",
+      "INVALID_QUERY"
+    );
+  }
+  const placeholders = targetUids.map(() => "?").join(", ");
+  const sqlParams = [NODE_RELATION];
+  for (const uid of targetUids) sqlParams.push(uid);
+  const aUidCol = compileFieldRef("aUid").expr;
+  const bUidCol = compileFieldRef("bUid").expr;
+  const axbTypeCol = compileFieldRef("axbType").expr;
+  return {
+    sql: `SELECT * FROM ${quoteDOIdent(table)} WHERE ${axbTypeCol} = ? AND ${aUidCol} = ${bUidCol} AND ${bUidCol} IN (${placeholders})`,
+    params: sqlParams
+  };
+}
 function compileDOSelectByDocId(table, docId) {
   return {
     sql: `SELECT * FROM ${quoteDOIdent(table)} WHERE "doc_id" = ? LIMIT 1`,
     params: [docId]
   };
 }
-function compileDOSet(table, docId, record, nowMillis) {
-  const sql = `INSERT OR REPLACE INTO ${quoteDOIdent(table)} (
-    doc_id, a_type, a_uid, axb_type, b_type, b_uid, data, v, created_at, updated_at
-  ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`;
-  const params = [
+function normalizeDOProjectionField(field) {
+  if (field in DO_FIELD_TO_COLUMN) return field;
+  if (field === "data" || field.startsWith("data.")) return field;
+  return `data.${field}`;
+}
+function compileDOFindEdgesProjected(table, select, filters, options) {
+  if (select.length === 0) {
+    throw new FiregraphError(
+      "compileDOFindEdgesProjected requires a non-empty select list \u2014 an empty projection has no SQL representation distinct from `findEdges`.",
+      "INVALID_QUERY"
+    );
+  }
+  const seen = /* @__PURE__ */ new Set();
+  const uniqueFields = [];
+  for (const f of select) {
+    if (!seen.has(f)) {
+      seen.add(f);
+      uniqueFields.push(f);
+    }
+  }
+  const projections = [];
+  const columns = [];
+  for (let idx = 0; idx < uniqueFields.length; idx++) {
+    const field = uniqueFields[idx];
+    const canonical = normalizeDOProjectionField(field);
+    const { expr } = compileFieldRef(canonical);
+    const alias = quoteDOColumnAlias(field);
+    projections.push(`${expr} AS ${alias}`);
+    let kind;
+    let typeAliasName;
+    if (canonical === "data") {
+      kind = "data";
+    } else if (canonical.startsWith("data.")) {
+      kind = "json";
+      typeAliasName = `__fg_t_${idx}`;
+      const typeAlias = quoteDOColumnAlias(typeAliasName);
+      projections.push(`json_type("data", '$.${canonical.slice(5)}') AS ${typeAlias}`);
+    } else {
+      if (canonical === "v") kind = "builtin-int";
+      else if (canonical === "createdAt" || canonical === "updatedAt") kind = "builtin-timestamp";
+      else kind = "builtin-text";
+    }
+    columns.push({ field, kind, typeAlias: typeAliasName });
+  }
+  const params = [];
+  const conditions = [];
+  for (const f of filters) {
+    conditions.push(compileFilter(f, params));
+  }
+  const where = conditions.length > 0 ? ` WHERE ${conditions.join(" AND ")}` : "";
+  let sql = `SELECT ${projections.join(", ")} FROM ${quoteDOIdent(table)}${where}`;
+  sql += compileOrderBy(options, params);
+  sql += compileLimit(options, params);
+  return { stmt: { sql, params }, columns };
+}
+function decodeDOProjectedRow(row, columns) {
+  const out = {};
+  for (const c of columns) {
+    const raw = row[c.field];
+    switch (c.kind) {
+      case "builtin-text":
+        out[c.field] = raw === null || raw === void 0 ? null : String(raw);
+        break;
+      case "builtin-int":
+        if (raw === null || raw === void 0) {
+          out[c.field] = null;
+        } else if (typeof raw === "bigint") {
+          out[c.field] = Number(raw);
+        } else if (typeof raw === "number") {
+          out[c.field] = raw;
+        } else {
+          out[c.field] = Number(raw);
+        }
+        break;
+      case "builtin-timestamp": {
+        const ms = toMillis(raw);
+        out[c.field] = GraphTimestampImpl.fromMillis(ms);
+        break;
+      }
+      case "data":
+        if (raw === null || raw === void 0 || raw === "") {
+          out[c.field] = {};
+        } else {
+          out[c.field] = JSON.parse(raw);
+        }
+        break;
+      case "json": {
+        const t = row[c.typeAlias];
+        if (raw === null || raw === void 0) {
+          out[c.field] = null;
+        } else if (t === "object" || t === "array") {
+          out[c.field] = typeof raw === "string" ? JSON.parse(raw) : raw;
+        } else if (t === "integer" && typeof raw === "bigint") {
+          out[c.field] = Number(raw);
+        } else {
+          out[c.field] = raw;
+        }
+        break;
+      }
+    }
+  }
+  return out;
+}
+function compileDOAggregate(table, spec, filters) {
+  const aliases = Object.keys(spec);
+  if (aliases.length === 0) {
+    throw new FiregraphError(
+      "aggregate() requires at least one aggregation in the `aggregates` map.",
+      "INVALID_QUERY"
+    );
+  }
+  const projections = [];
+  for (const alias of aliases) {
+    const { op, field } = spec[alias];
+    validateJsonPathKey(alias, DO_BACKEND_ERR_LABEL);
+    if (op === "count") {
+      if (field !== void 0) {
+        throw new FiregraphError(
+          `Aggregate '${alias}' op 'count' must not specify a field \u2014 count operates on rows, not a column expression.`,
+          "INVALID_QUERY"
+        );
+      }
+      projections.push(`COUNT(*) AS ${quoteDOIdent(alias)}`);
+      continue;
+    }
+    if (!field) {
+      throw new FiregraphError(
+        `Aggregate '${alias}' op '${op}' requires a field.`,
+        "INVALID_QUERY"
+      );
+    }
+    const { expr } = compileFieldRef(field);
+    const numeric = `CAST(${expr} AS REAL)`;
+    if (op === "sum") projections.push(`SUM(${numeric}) AS ${quoteDOIdent(alias)}`);
+    else if (op === "avg") projections.push(`AVG(${numeric}) AS ${quoteDOIdent(alias)}`);
+    else if (op === "min") projections.push(`MIN(${numeric}) AS ${quoteDOIdent(alias)}`);
+    else if (op === "max") projections.push(`MAX(${numeric}) AS ${quoteDOIdent(alias)}`);
+    else
+      throw new FiregraphError(
+        `DO SQLite backend does not support aggregate op: ${String(op)}`,
+        "INVALID_QUERY"
+      );
+  }
+  const params = [];
+  const conditions = [];
+  for (const f of filters) {
+    conditions.push(compileFilter(f, params));
+  }
+  const where = conditions.length > 0 ? ` WHERE ${conditions.join(" AND ")}` : "";
+  const sql = `SELECT ${projections.join(", ")} FROM ${quoteDOIdent(table)}${where}`;
+  return { stmt: { sql, params }, aliases };
+}
+function compileDOSet(table, docId, record, nowMillis, mode) {
+  assertJsonSafePayload(record.data, DO_BACKEND_LABEL);
+  if (mode === "replace") {
+    const sql2 = `INSERT OR REPLACE INTO ${quoteDOIdent(table)} (
+      doc_id, a_type, a_uid, axb_type, b_type, b_uid, data, v, created_at, updated_at
+    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`;
+    const params = [
+      docId,
+      record.aType,
+      record.aUid,
+      record.axbType,
+      record.bType,
+      record.bUid,
+      JSON.stringify(record.data ?? {}),
+      record.v ?? null,
+      nowMillis,
+      nowMillis
+    ];
+    return { sql: sql2, params };
+  }
+  const insertParams = [
     docId,
     record.aType,
     record.aUid,
@@ -583,22 +1125,44 @@ function compileDOSet(table, docId, record, nowMillis) {
     nowMillis,
     nowMillis
   ];
-  return { sql, params };
+  const ops = flattenPatch(record.data ?? {});
+  const updateParams = [];
+  const dataExpr = compileDataOpsExpr(ops, `COALESCE("data", '{}')`, updateParams, DO_BACKEND_ERR_LABEL) ?? `COALESCE("data", '{}')`;
+  const sql = `INSERT INTO ${quoteDOIdent(table)} (
+      doc_id, a_type, a_uid, axb_type, b_type, b_uid, data, v, created_at, updated_at
+    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    ON CONFLICT(doc_id) DO UPDATE SET
+      "a_type" = excluded."a_type",
+      "a_uid" = excluded."a_uid",
+      "axb_type" = excluded."axb_type",
+      "b_type" = excluded."b_type",
+      "b_uid" = excluded."b_uid",
+      "data" = ${dataExpr},
+      "v" = COALESCE(excluded."v", "v"),
+      "created_at" = excluded."created_at",
+      "updated_at" = excluded."updated_at"`;
+  return { sql, params: [...insertParams, ...updateParams] };
 }
 function compileDOUpdate(table, docId, update, nowMillis) {
+  assertUpdatePayloadExclusive(update);
   const setClauses = [];
   const params = [];
   if (update.replaceData) {
+    assertJsonSafePayload(update.replaceData, DO_BACKEND_LABEL);
     setClauses.push(`"data" = ?`);
     params.push(JSON.stringify(update.replaceData));
-  } else if (update.dataFields && Object.keys(update.dataFields).length > 0) {
-    const entries = Object.entries(update.dataFields);
-    const pathArgs = entries.map(() => `?, ?`).join(", ");
-    setClauses.push(`"data" = json_set(COALESCE("data", '{}'), ${pathArgs})`);
-    for (const [k, v] of entries) {
-      validateJsonPathKey(k);
-      params.push(`$.${k}`);
-      params.push(bindValue(v));
+  } else if (update.dataOps && update.dataOps.length > 0) {
+    for (const op of update.dataOps) {
+      if (!op.delete) assertJsonSafePayload(op.value, DO_BACKEND_LABEL);
+    }
+    const expr = compileDataOpsExpr(
+      update.dataOps,
+      `COALESCE("data", '{}')`,
+      params,
+      DO_BACKEND_ERR_LABEL
+    );
+    if (expr !== null) {
+      setClauses.push(`"data" = ${expr}`);
     }
   }
   if (update.v !== void 0) {
@@ -619,6 +1183,55 @@ function compileDODelete(table, docId) {
     params: [docId]
   };
 }
+function compileDOBulkDelete(table, filters) {
+  const params = [];
+  const conditions = [];
+  for (const f of filters) {
+    conditions.push(compileFilter(f, params));
+  }
+  const where = conditions.length > 0 ? ` WHERE ${conditions.join(" AND ")}` : "";
+  return {
+    sql: `DELETE FROM ${quoteDOIdent(table)}${where}`,
+    params
+  };
+}
+function compileDOBulkUpdate(table, filters, patchData, nowMillis) {
+  const dataOps = flattenPatch(patchData);
+  if (dataOps.length === 0) {
+    throw new FiregraphError(
+      "bulkUpdate() patch.data must contain at least one leaf \u2014 an empty patch would only rewrite `updated_at`, which is almost certainly a bug. Use `setDoc` with merge mode if you want to stamp without editing data.",
+      "INVALID_QUERY"
+    );
+  }
+  for (const op of dataOps) {
+    if (!op.delete) assertJsonSafePayload(op.value, DO_BACKEND_LABEL);
+  }
+  const setParams = [];
+  const expr = compileDataOpsExpr(
+    dataOps,
+    `COALESCE("data", '{}')`,
+    setParams,
+    DO_BACKEND_ERR_LABEL
+  );
+  if (expr === null) {
+    throw new FiregraphError(
+      "bulkUpdate() patch produced no SQL operations \u2014 internal invariant violated.",
+      "INVALID_ARGUMENT"
+    );
+  }
+  const setClauses = [`"data" = ${expr}`, `"updated_at" = ?`];
+  setParams.push(nowMillis);
+  const whereParams = [];
+  const conditions = [];
+  for (const f of filters) {
+    conditions.push(compileFilter(f, whereParams));
+  }
+  const where = conditions.length > 0 ? ` WHERE ${conditions.join(" AND ")}` : "";
+  return {
+    sql: `UPDATE ${quoteDOIdent(table)} SET ${setClauses.join(", ")}${where}`,
+    params: [...setParams, ...whereParams]
+  };
+}
 function compileDODeleteAll(table) {
   return {
     sql: `DELETE FROM ${quoteDOIdent(table)}`,
@@ -694,8 +1307,8 @@ var DORPCBatchBackend = class {
     this.getStub = getStub;
   }
   ops = [];
-  setDoc(docId, record) {
-    this.ops.push({ kind: "set", docId, record });
+  setDoc(docId, record, mode) {
+    this.ops.push({ kind: "set", docId, record, mode });
   }
   updateDoc(docId, update) {
     this.ops.push({ kind: "update", docId, update });
@@ -710,7 +1323,18 @@ var DORPCBatchBackend = class {
     await this.getStub()._fgBatch(ops);
   }
 };
+var DO_CAPS = /* @__PURE__ */ new Set([
+  "core.read",
+  "core.write",
+  "core.batch",
+  "core.subgraph",
+  "query.aggregate",
+  "query.dml",
+  "query.join",
+  "query.select"
+]);
 var DORPCBackend = class _DORPCBackend {
+  capabilities = createCapabilities(DO_CAPS);
   collectionPath = "firegraph";
   scopePath;
   /** @internal */
@@ -744,9 +1368,37 @@ var DORPCBackend = class _DORPCBackend {
     const wires = await this.stub._fgQuery(filters, options);
     return wires.map(hydrateDORecord);
   }
+  // --- Aggregate ---
+  /**
+   * Run an aggregate query inside the backing DO. The DO returns a row of
+   * `{ alias: number | null }` (null = SQLite NULL for SUM/MIN/MAX over an
+   * empty set, or the count being literally 0); this method resolves NULL
+   * to 0 for SUM/MIN/MAX and to NaN for AVG, matching the SQLite backend
+   * and the Firestore Standard helper.
+   */
+  async aggregate(spec, filters) {
+    const stub = this.stub;
+    if (!stub._fgAggregate) {
+      throw new FiregraphError(
+        "aggregate() not supported by this Durable Object stub. The wrapped stub does not implement `_fgAggregate`. If you control the stub wrapper, forward `_fgAggregate` to the underlying DO.",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    const wire = await stub._fgAggregate(spec, filters);
+    const out = {};
+    for (const [alias, { op }] of Object.entries(spec)) {
+      const v = wire[alias];
+      if (v === null || v === void 0) {
+        out[alias] = op === "avg" ? Number.NaN : 0;
+      } else {
+        out[alias] = v;
+      }
+    }
+    return out;
+  }
   // --- Writes ---
-  async setDoc(docId, record) {
-    return this.stub._fgSetDoc(docId, record);
+  async setDoc(docId, record, mode) {
+    return this.stub._fgSetDoc(docId, record, mode);
   }
   async updateDoc(docId, update) {
     return this.stub._fgUpdateDoc(docId, update);
@@ -800,6 +1452,105 @@ var DORPCBackend = class _DORPCBackend {
     void _reader;
     return this.stub._fgBulkRemoveEdges(params, options);
   }
+  // --- Server-side DML (capability: query.dml) ---
+  /**
+   * Single-statement bulk DELETE inside the backing DO. The DO compiles
+   * the filter list to one `DELETE … WHERE …` statement and returns a
+   * `BulkResult` whose `deleted` is the affected-row count.
+   *
+   * Defensive `_fgBulkDelete` presence check mirrors `aggregate()`: the
+   * RPC method is optional on `FiregraphStub` so external worker code with
+   * a hand-rolled stub wrapper still type-checks. Surface a clear
+   * `UNSUPPORTED_OPERATION` rather than `TypeError: stub._fgBulkDelete is
+   * not a function` when the wrapper hasn't forwarded the method.
+   */
+  async bulkDelete(filters, options) {
+    const stub = this.stub;
+    if (!stub._fgBulkDelete) {
+      throw new FiregraphError(
+        "bulkDelete() not supported by this Durable Object stub. The wrapped stub does not implement `_fgBulkDelete`. If you control the stub wrapper, forward `_fgBulkDelete` to the underlying DO.",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    return stub._fgBulkDelete(filters, options);
+  }
+  /**
+   * Single-statement bulk UPDATE inside the backing DO. Same contract as
+   * `bulkDelete` for the missing-method case; the DO compiles the patch to
+   * one `UPDATE … SET data = json_patch(...) WHERE …` statement.
+   */
+  async bulkUpdate(filters, patch, options) {
+    const stub = this.stub;
+    if (!stub._fgBulkUpdate) {
+      throw new FiregraphError(
+        "bulkUpdate() not supported by this Durable Object stub. The wrapped stub does not implement `_fgBulkUpdate`. If you control the stub wrapper, forward `_fgBulkUpdate` to the underlying DO.",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    return stub._fgBulkUpdate(filters, patch, options);
+  }
+  /**
+   * Multi-source fan-out — `query.join` capability. Routes the call through
+   * the DO's `_fgExpand` RPC, which compiles to one `SELECT … WHERE
+   * "aUid" IN (?, …)` statement (plus, when `params.hydrate === true`, a
+   * second IN-clause statement against the node rows).
+   *
+   * Defensive `_fgExpand` presence check matches the bulk-DML pattern: the
+   * RPC method is optional on `FiregraphStub` so external worker code with
+   * a hand-rolled stub wrapper still type-checks. We surface a clear
+   * `UNSUPPORTED_OPERATION` rather than `TypeError: stub._fgExpand is not a
+   * function` if the wrapper hasn't forwarded the method.
+   */
+  async expand(params) {
+    const stub = this.stub;
+    if (!stub._fgExpand) {
+      throw new FiregraphError(
+        "expand() not supported by this Durable Object stub. The wrapped stub does not implement `_fgExpand`. If you control the stub wrapper, forward `_fgExpand` to the underlying DO.",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    if (params.sources.length === 0) {
+      return params.hydrate ? { edges: [], targets: [] } : { edges: [] };
+    }
+    const wire = await stub._fgExpand(params);
+    const edges = wire.edges.map(hydrateDORecord);
+    if (!params.hydrate) {
+      return { edges };
+    }
+    const targets = (wire.targets ?? []).map((row) => row ? hydrateDORecord(row) : null);
+    return { edges, targets };
+  }
+  // --- Server-side projection (capability: query.select) ---
+  /**
+   * Server-side projection — `query.select` capability. Forwards the call to
+   * the DO's `_fgFindEdgesProjected` RPC, which compiles to a single
+   * `SELECT json_extract(...) AS …, json_type(...) AS …__t FROM <table>
+   * WHERE …` statement. The DO returns raw rows + per-column metadata; this
+   * method decodes each row locally via `decodeDOProjectedRow`.
+   *
+   * Decoding lives on this side (not inside the DO) because
+   * `GraphTimestampImpl` is a class — its prototype does not survive
+   * workerd's structured-clone boundary — so timestamp rehydration must
+   * happen wherever the rows are consumed by the GraphClient.
+   *
+   * Defensive `_fgFindEdgesProjected` presence check matches the `expand` /
+   * bulk-DML / aggregate pattern: the RPC method is optional on
+   * `FiregraphStub` so external worker code with a hand-rolled stub wrapper
+   * still type-checks. Surface a clear `UNSUPPORTED_OPERATION` rather than
+   * `TypeError: stub._fgFindEdgesProjected is not a function` if the
+   * wrapper hasn't forwarded the method.
+   */
+  async findEdgesProjected(select, filters, options) {
+    const stub = this.stub;
+    if (!stub._fgFindEdgesProjected) {
+      throw new FiregraphError(
+        "findEdgesProjected() not supported by this Durable Object stub. The wrapped stub does not implement `_fgFindEdgesProjected`. If you control the stub wrapper, forward `_fgFindEdgesProjected` to the underlying DO.",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    const { rows, columns } = await stub._fgFindEdgesProjected(select, filters, options);
+    return rows.map((row) => decodeDOProjectedRow(row, columns));
+  }
   // --- Cross-scope queries ---
   //
   // `findEdgesGlobal` is deliberately NOT defined on this class. The
@@ -875,6 +1626,19 @@ var GraphBatchImpl = class {
     this.scopePath = scopePath;
   }
   async putNode(aType, uid, data) {
+    this.writeNode(aType, uid, data, "merge");
+  }
+  async putEdge(aType, aUid, axbType, bType, bUid, data) {
+    this.writeEdge(aType, aUid, axbType, bType, bUid, data, "merge");
+  }
+  async replaceNode(aType, uid, data) {
+    this.writeNode(aType, uid, data, "replace");
+  }
+  async replaceEdge(aType, aUid, axbType, bType, bUid, data) {
+    this.writeEdge(aType, aUid, axbType, bType, bUid, data, "replace");
+  }
+  writeNode(aType, uid, data, mode) {
+    assertNoDeleteSentinels(data, mode === "replace" ? "replaceNode" : "putNode");
     if (this.registry) {
       this.registry.validate(aType, NODE_RELATION, aType, data, this.scopePath);
     }
@@ -886,9 +1650,10 @@ var GraphBatchImpl = class {
         record.v = entry.schemaVersion;
       }
     }
-    this.backend.setDoc(docId, record);
+    this.backend.setDoc(docId, record, mode);
   }
-  async putEdge(aType, aUid, axbType, bType, bUid, data) {
+  writeEdge(aType, aUid, axbType, bType, bUid, data, mode) {
+    assertNoDeleteSentinels(data, mode === "replace" ? "replaceEdge" : "putEdge");
     if (this.registry) {
       this.registry.validate(aType, axbType, bType, data, this.scopePath);
     }
@@ -900,11 +1665,15 @@ var GraphBatchImpl = class {
         record.v = entry.schemaVersion;
       }
     }
-    this.backend.setDoc(docId, record);
+    this.backend.setDoc(docId, record, mode);
   }
   async updateNode(uid, data) {
     const docId = computeNodeDocId(uid);
-    this.backend.updateDoc(docId, { dataFields: data });
+    this.backend.updateDoc(docId, { dataOps: flattenPatch(data) });
+  }
+  async updateEdge(aUid, axbType, bUid, data) {
+    const docId = computeEdgeDocId(aUid, axbType, bUid);
+    this.backend.updateDoc(docId, { dataOps: flattenPatch(data) });
   }
   async removeNode(uid) {
     const docId = computeNodeDocId(uid);
@@ -1853,6 +2622,19 @@ var GraphTransactionImpl = class {
     return results.map((r) => r.record);
   }
   async putNode(aType, uid, data) {
+    await this.writeNode(aType, uid, data, "merge");
+  }
+  async putEdge(aType, aUid, axbType, bType, bUid, data) {
+    await this.writeEdge(aType, aUid, axbType, bType, bUid, data, "merge");
+  }
+  async replaceNode(aType, uid, data) {
+    await this.writeNode(aType, uid, data, "replace");
+  }
+  async replaceEdge(aType, aUid, axbType, bType, bUid, data) {
+    await this.writeEdge(aType, aUid, axbType, bType, bUid, data, "replace");
+  }
+  async writeNode(aType, uid, data, mode) {
+    assertNoDeleteSentinels(data, mode === "replace" ? "replaceNode" : "putNode");
     if (this.registry) {
       this.registry.validate(aType, NODE_RELATION, aType, data, this.scopePath);
     }
@@ -1864,9 +2646,10 @@ var GraphTransactionImpl = class {
         record.v = entry.schemaVersion;
       }
     }
-    await this.backend.setDoc(docId, record);
+    await this.backend.setDoc(docId, record, mode);
   }
-  async putEdge(aType, aUid, axbType, bType, bUid, data) {
+  async writeEdge(aType, aUid, axbType, bType, bUid, data, mode) {
+    assertNoDeleteSentinels(data, mode === "replace" ? "replaceEdge" : "putEdge");
     if (this.registry) {
       this.registry.validate(aType, axbType, bType, data, this.scopePath);
     }
@@ -1878,11 +2661,15 @@ var GraphTransactionImpl = class {
         record.v = entry.schemaVersion;
       }
     }
-    await this.backend.setDoc(docId, record);
+    await this.backend.setDoc(docId, record, mode);
   }
   async updateNode(uid, data) {
     const docId = computeNodeDocId(uid);
-    await this.backend.updateDoc(docId, { dataFields: data });
+    await this.backend.updateDoc(docId, { dataOps: flattenPatch(data) });
+  }
+  async updateEdge(aUid, axbType, bUid, data) {
+    const docId = computeEdgeDocId(aUid, axbType, bUid);
+    await this.backend.updateDoc(docId, { dataOps: flattenPatch(data) });
   }
   async removeNode(uid) {
     const docId = computeNodeDocId(uid);
@@ -1920,6 +2707,15 @@ var GraphClientImpl = class _GraphClientImpl {
     this.scanProtection = options?.scanProtection ?? "error";
   }
   scanProtection;
+  /**
+   * Capability set of the underlying backend. Mirrors `backend.capabilities`
+   * verbatim so callers can portability-check (`client.capabilities.has(
+   * 'query.join')`) without reaching for the backend handle. Static for the
+   * lifetime of the client.
+   */
+  get capabilities() {
+    return this.backend.capabilities;
+  }
   // Static mode
   staticRegistry;
   // Dynamic mode
@@ -2081,6 +2877,19 @@ var GraphClientImpl = class _GraphClientImpl {
   // GraphWriter
   // ---------------------------------------------------------------------------
   async putNode(aType, uid, data) {
+    await this.writeNode(aType, uid, data, "merge");
+  }
+  async putEdge(aType, aUid, axbType, bType, bUid, data) {
+    await this.writeEdge(aType, aUid, axbType, bType, bUid, data, "merge");
+  }
+  async replaceNode(aType, uid, data) {
+    await this.writeNode(aType, uid, data, "replace");
+  }
+  async replaceEdge(aType, aUid, axbType, bType, bUid, data) {
+    await this.writeEdge(aType, aUid, axbType, bType, bUid, data, "replace");
+  }
+  async writeNode(aType, uid, data, mode) {
+    assertNoDeleteSentinels(data, mode === "replace" ? "replaceNode" : "putNode");
     const registry = this.getRegistryForType(aType);
     if (registry) {
       registry.validate(aType, NODE_RELATION, aType, data, this.backend.scopePath);
@@ -2094,9 +2903,10 @@ var GraphClientImpl = class _GraphClientImpl {
         record.v = entry.schemaVersion;
       }
     }
-    await backend.setDoc(docId, record);
+    await backend.setDoc(docId, record, mode);
   }
-  async putEdge(aType, aUid, axbType, bType, bUid, data) {
+  async writeEdge(aType, aUid, axbType, bType, bUid, data, mode) {
+    assertNoDeleteSentinels(data, mode === "replace" ? "replaceEdge" : "putEdge");
     const registry = this.getRegistryForType(aType);
     if (registry) {
       registry.validate(aType, axbType, bType, data, this.backend.scopePath);
@@ -2110,11 +2920,15 @@ var GraphClientImpl = class _GraphClientImpl {
         record.v = entry.schemaVersion;
       }
     }
-    await backend.setDoc(docId, record);
+    await backend.setDoc(docId, record, mode);
   }
   async updateNode(uid, data) {
     const docId = computeNodeDocId(uid);
-    await this.backend.updateDoc(docId, { dataFields: data });
+    await this.backend.updateDoc(docId, { dataOps: flattenPatch(data) });
+  }
+  async updateEdge(aUid, axbType, bUid, data) {
+    const docId = computeEdgeDocId(aUid, axbType, bUid);
+    await this.backend.updateDoc(docId, { dataOps: flattenPatch(data) });
   }
   async removeNode(uid) {
     const docId = computeNodeDocId(uid);
@@ -2196,6 +3010,33 @@ var GraphClientImpl = class _GraphClientImpl {
     return this.applyMigrations(records);
   }
   // ---------------------------------------------------------------------------
+  // Aggregate query (capability: query.aggregate)
+  // ---------------------------------------------------------------------------
+  async aggregate(params) {
+    if (!this.backend.aggregate) {
+      throw new FiregraphError(
+        "aggregate() is not supported by the current storage backend.",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    const hasAnyFilter = params.aType || params.aUid || params.axbType || params.bType || params.bUid || params.where && params.where.length > 0;
+    if (!hasAnyFilter) {
+      this.checkQuerySafety([], params.allowCollectionScan);
+      const result2 = await this.backend.aggregate(params.aggregates, []);
+      return result2;
+    }
+    const plan = buildEdgeQueryPlan(params);
+    if (plan.strategy === "get") {
+      throw new FiregraphError(
+        "aggregate() requires a query, not a direct document lookup. Omit one of aUid/axbType/bUid to force a query strategy.",
+        "INVALID_QUERY"
+      );
+    }
+    this.checkQuerySafety(plan.filters, params.allowCollectionScan);
+    const result = await this.backend.aggregate(params.aggregates, plan.filters);
+    return result;
+  }
+  // ---------------------------------------------------------------------------
   // Bulk operations
   // ---------------------------------------------------------------------------
   async removeNodeCascade(uid, options) {
@@ -2205,6 +3046,327 @@ var GraphClientImpl = class _GraphClientImpl {
     return this.backend.bulkRemoveEdges(params, this, options);
   }
   // ---------------------------------------------------------------------------
+  // Server-side DML (capability: query.dml)
+  // ---------------------------------------------------------------------------
+  /**
+   * Single-statement bulk DELETE. Translates `params` to a filter list via
+   * `buildEdgeQueryPlan` (the same plan `findEdges` uses) and dispatches to
+   * `backend.bulkDelete`. The fetch-then-delete loop in `bulkRemoveEdges`
+   * is the cap-less fallback; this method is the fast path on backends
+   * declaring `query.dml`.
+   *
+   * Scan-protection rules match `findEdges`: a query with no identifying
+   * fields requires `allowCollectionScan: true` to pass. A bare-empty
+   * filter set (no `aType`, `aUid`, etc., no `where`) is allowed at this
+   * layer — shared SQLite bounds the blast radius via its leading `scope`
+   * predicate — but the DO RPC backend rejects empty filters at the wire
+   * boundary as defense-in-depth. To wipe a routed subgraph DO, use
+   * `removeNodeCascade` on the parent node instead.
+   */
+  async bulkDelete(params, options) {
+    if (!this.backend.bulkDelete) {
+      throw new FiregraphError(
+        "bulkDelete() is not supported by the current storage backend. Fall back to bulkRemoveEdges() for backends without query.dml (e.g. Firestore Standard).",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    const filters = this.buildDmlFilters(params);
+    return this.backend.bulkDelete(filters, options);
+  }
+  /**
+   * Single-statement bulk UPDATE. Same translation path as `bulkDelete`,
+   * but the patch is deep-merged into each matching row's `data` via the
+   * shared `flattenPatch` pipeline. Identifying columns are immutable
+   * through this path (see `BulkUpdatePatch` JSDoc).
+   *
+   * Empty-patch rejection happens inside the backend (`compileBulkUpdate`)
+   * — a `data: {}` payload would only rewrite `updated_at`, which is
+   * almost certainly a bug.
+   */
+  async bulkUpdate(params, patch, options) {
+    if (!this.backend.bulkUpdate) {
+      throw new FiregraphError(
+        "bulkUpdate() is not supported by the current storage backend.",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    const filters = this.buildDmlFilters(params);
+    return this.backend.bulkUpdate(filters, patch, options);
+  }
+  // ---------------------------------------------------------------------------
+  // Multi-source fan-out (capability: query.join)
+  // ---------------------------------------------------------------------------
+  /**
+   * Fan out from `params.sources` over a single edge type in one round trip.
+   * On backends without `query.join`, throws `UNSUPPORTED_OPERATION` — the
+   * cap-less fallback is the per-source `findEdges` loop, which lives in
+   * `traverse.ts` (the higher-level traversal walker) rather than here.
+   *
+   * `expand()` is intentionally edge-type-only — the source set is a flat
+   * UID list and the hop matches one `axbType`. Multi-axbType expansions
+   * become multiple `expand()` calls, one per relation.
+   *
+   * `params.sources.length === 0` short-circuits to an empty result. The
+   * backend never sees the call. (`compileExpand` itself rejects empty
+   * because `IN ()` is not valid SQL.)
+   */
+  async expand(params) {
+    if (!this.backend.expand) {
+      throw new FiregraphError(
+        "expand() is not supported by the current storage backend. Backends without `query.join` can use createTraversal() instead \u2014 the per-hop loop is functionally equivalent (just slower).",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    if (params.sources.length === 0) {
+      return params.hydrate ? { edges: [], targets: [] } : { edges: [] };
+    }
+    return this.backend.expand(params);
+  }
+  // ---------------------------------------------------------------------------
+  // Engine-level multi-hop traversal (capability: traversal.serverSide)
+  // ---------------------------------------------------------------------------
+  /**
+   * Compile a multi-hop traversal spec into one server-side nested
+   * Pipeline and dispatch a single round trip.
+   *
+   * Backends declaring `traversal.serverSide` (Firestore Enterprise
+   * today) install this method; everywhere else, it throws
+   * `UNSUPPORTED_OPERATION`. The capability gate matches the type-level
+   * surface — `GraphClient<C>` only exposes `runEngineTraversal` when
+   * `'traversal.serverSide' extends C`.
+   *
+   * Most callers should not invoke this method directly; the
+   * `createTraversal(...).run()` builder routes through it
+   * automatically when `engineTraversal: 'auto'` (the default) and
+   * the spec is eligible per `firestore-traverse-compiler.ts`. Calling
+   * directly is appropriate for benchmarking or for callers that have
+   * already shaped their hop chain into the strict
+   * `EngineTraversalParams` shape.
+   *
+   * `params.sources.length === 0` short-circuits to empty per-hop
+   * arrays. The backend never sees the call.
+   */
+  async runEngineTraversal(params) {
+    if (!this.backend.runEngineTraversal) {
+      throw new FiregraphError(
+        "runEngineTraversal() is not supported by the current storage backend. Backends without `traversal.serverSide` can use createTraversal() instead \u2014 the per-hop loop is functionally equivalent for in-graph specs (different round-trip profile).",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    if (params.sources.length === 0) {
+      return {
+        hops: params.hops.map(() => ({ edges: [], sourceCount: 0 })),
+        totalReads: 0
+      };
+    }
+    return this.backend.runEngineTraversal(params);
+  }
+  // ---------------------------------------------------------------------------
+  // Server-side projection (capability: query.select)
+  // ---------------------------------------------------------------------------
+  /**
+   * Server-side projection — fetch only the requested fields from each
+   * matching edge. The backend translates the call into a projecting query
+   * (`SELECT json_extract(...)` on SQLite/DO, `Query.select(...)` on
+   * Firestore Standard, classic projection on Enterprise) so the wire
+   * payload is reduced to just the requested fields.
+   *
+   * Resolution rules for `select` (mirrored across all backends):
+   *
+   *   - Built-in envelope fields (`aType`, `aUid`, `axbType`, `bType`,
+   *     `bUid`, `createdAt`, `updatedAt`, `v`) → resolve to the typed
+   *     column / Firestore field directly.
+   *   - `'data'` literal → returns the whole user payload.
+   *   - `'data.<x>'` → explicit nested path, returned at the same shape.
+   *   - bare name → rewritten to `data.<name>` (the canonical "give me a
+   *     few keys out of the JSON payload" shape).
+   *
+   * Empty `select: []` is rejected with `INVALID_QUERY`. Duplicate entries
+   * are de-duped (first-occurrence order preserved); the result row carries
+   * one slot per unique field.
+   *
+   * Migrations are *not* applied to the result. The caller asked for a
+   * partial shape, and rehydrating it through the migration pipeline would
+   * require synthesising every absent field — see
+   * `StorageBackend.findEdgesProjected` for the rationale.
+   *
+   * Scan protection follows the `findEdges` rules: a query with no
+   * identifying fields requires `allowCollectionScan: true` to pass. The
+   * cap-less fallback would be `findEdges` + JS-side projection, but that
+   * defeats the wire-payload reduction; backends without `query.select`
+   * throw `UNSUPPORTED_OPERATION` rather than silently materialising full
+   * rows.
+   */
+  async findEdgesProjected(params) {
+    if (!this.backend.findEdgesProjected) {
+      throw new FiregraphError(
+        "findEdgesProjected() is not supported by the current storage backend. There is no client-side fallback because the wire-payload reduction is the entire point of the API \u2014 use findEdges() and project in JS if the backend does not declare `query.select`.",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    if (params.select.length === 0) {
+      throw new FiregraphError(
+        "findEdgesProjected() requires a non-empty `select` list.",
+        "INVALID_QUERY"
+      );
+    }
+    const plan = buildEdgeQueryPlan(params);
+    let filters;
+    let options;
+    if (plan.strategy === "get") {
+      filters = [
+        { field: "aUid", op: "==", value: params.aUid },
+        { field: "axbType", op: "==", value: params.axbType },
+        { field: "bUid", op: "==", value: params.bUid }
+      ];
+      if (params.aType) filters.push({ field: "aType", op: "==", value: params.aType });
+      if (params.bType) filters.push({ field: "bType", op: "==", value: params.bType });
+      options = void 0;
+    } else {
+      filters = plan.filters;
+      options = plan.options;
+    }
+    this.checkQuerySafety(filters, params.allowCollectionScan);
+    const rows = await this.backend.findEdgesProjected(params.select, filters, options);
+    return rows;
+  }
+  /**
+   * Native vector / nearest-neighbour search (capability `search.vector`).
+   *
+   * Resolves to the top-K records by similarity, sorted nearest-first
+   * (`EUCLIDEAN` / `COSINE`) or highest-first (`DOT_PRODUCT`). The wrapper
+   * is intentionally thin: capability check, scan-protection, then forward
+   * `params` verbatim to the backend. All field-path normalisation and
+   * SDK-shape validation lives in the shared
+   * `runFirestoreFindNearest` helper that both Firestore editions call —
+   * keeping it there means the validation surface stays in lockstep with
+   * the SDK call site, regardless of which backend is plugged in.
+   *
+   * Migrations are NOT applied. The vector index walked the raw stored
+   * shape; rehydrating each row through the migration pipeline would
+   * change the candidate set the index already chose. If you need
+   * migrated shape, follow up with `getNode` / `findEdges` on the
+   * returned UIDs — those paths apply migrations normally.
+   *
+   * Scan-protection mirrors `findEdges`: if no identifying filters
+   * (`aType` / `axbType` / `bType`) and no `where` clauses are supplied,
+   * the request must opt in via `allowCollectionScan: true`. The ANN
+   * query still walks the candidate set the WHERE clause produces, so
+   * an unfiltered nearest-neighbour search over a million-row collection
+   * is the same scan trap as an unfiltered `findEdges`.
+   *
+   * Backends without `search.vector` throw `UNSUPPORTED_OPERATION` —
+   * there is no client-side fallback because emulating ANN over the
+   * generic backend surface (`findEdges` + JS-side cosine) doesn't scale
+   * past trivial datasets and would give callers the wrong mental model
+   * about cost.
+   */
+  async findNearest(params) {
+    if (!this.backend.findNearest) {
+      throw new FiregraphError(
+        "findNearest() is not supported by the current storage backend. Vector search requires a backend that declares `search.vector` (currently Firestore Standard and Enterprise). There is no client-side fallback because emulating ANN on top of the generic backend surface does not scale beyond toy datasets.",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    const filters = [];
+    if (params.aType) filters.push({ field: "aType", op: "==", value: params.aType });
+    if (params.axbType) filters.push({ field: "axbType", op: "==", value: params.axbType });
+    if (params.bType) filters.push({ field: "bType", op: "==", value: params.bType });
+    if (params.where) filters.push(...params.where);
+    this.checkQuerySafety(filters, params.allowCollectionScan);
+    return this.backend.findNearest(params);
+  }
+  /**
+   * Native full-text search (capability `search.fullText`).
+   *
+   * Returns the top-N records by relevance, ordered by the search
+   * index's score. Only Firestore Enterprise declares this capability
+   * today — the underlying Pipelines `search({ query: documentMatches(...) })`
+   * stage requires Enterprise's FTS index. Standard does not declare
+   * the cap (FTS is an Enterprise-only product feature, not a
+   * typed-API gap), and the SQLite-shaped backends have no native
+   * FTS index. Backends without `search.fullText` throw
+   * `UNSUPPORTED_OPERATION` from this wrapper.
+   *
+   * Scan-protection mirrors `findNearest`: a search with no
+   * identifying filters (`aType` / `axbType` / `bType`) walks every
+   * row the index scored, so the request must opt in via
+   * `allowCollectionScan: true`.
+   *
+   * Migrations are NOT applied. The FTS index walked the raw stored
+   * shape; rehydrating each row through the migration pipeline would
+   * change the candidate set the index already scored. If you need
+   * migrated shape, follow up with `getNode` / `findEdges` on the
+   * returned UIDs.
+   */
+  async fullTextSearch(params) {
+    if (!this.backend.fullTextSearch) {
+      throw new FiregraphError(
+        "fullTextSearch() is not supported by the current storage backend. Full-text search requires a backend that declares `search.fullText` (currently Firestore Enterprise only \u2014 FTS is an Enterprise product feature). There is no client-side fallback because emulating FTS over the generic backend surface would not scale beyond toy datasets.",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    const filters = [];
+    if (params.aType) filters.push({ field: "aType", op: "==", value: params.aType });
+    if (params.axbType) filters.push({ field: "axbType", op: "==", value: params.axbType });
+    if (params.bType) filters.push({ field: "bType", op: "==", value: params.bType });
+    this.checkQuerySafety(filters, params.allowCollectionScan);
+    return this.backend.fullTextSearch(params);
+  }
+  /**
+   * Native geospatial distance search (capability `search.geo`).
+   *
+   * Returns rows whose `geoField` lies within `radiusMeters` of
+   * `point`, ordered nearest-first by default. Only Firestore
+   * Enterprise declares this capability — same Enterprise-only
+   * gating as `fullTextSearch`. Backends without `search.geo` throw
+   * `UNSUPPORTED_OPERATION` from this wrapper.
+   *
+   * Scan-protection mirrors `findNearest` and `fullTextSearch`.
+   *
+   * Migrations are NOT applied — same rationale as the other search
+   * extensions.
+   */
+  async geoSearch(params) {
+    if (!this.backend.geoSearch) {
+      throw new FiregraphError(
+        "geoSearch() is not supported by the current storage backend. Geospatial search requires a backend that declares `search.geo` (currently Firestore Enterprise only \u2014 geo queries are an Enterprise product feature). There is no client-side fallback because emulating geo over the generic backend surface (haversine over `findEdges`) would not scale beyond trivial datasets.",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    const filters = [];
+    if (params.aType) filters.push({ field: "aType", op: "==", value: params.aType });
+    if (params.axbType) filters.push({ field: "axbType", op: "==", value: params.axbType });
+    if (params.bType) filters.push({ field: "bType", op: "==", value: params.bType });
+    this.checkQuerySafety(filters, params.allowCollectionScan);
+    return this.backend.geoSearch(params);
+  }
+  /**
+   * Translate a `FindEdgesParams` into the `QueryFilter[]` shape the
+   * backend `bulkDelete` / `bulkUpdate` methods expect. Mirrors the
+   * `aggregate()` plan: a bare-empty params object becomes an empty
+   * filter list (after a scan-protection check); a GET-shape (all three
+   * identifiers) is rejected so we never silently turn a single-row
+   * lookup into a server-side DML; otherwise we run `buildEdgeQueryPlan`
+   * and surface its filters.
+   */
+  buildDmlFilters(params) {
+    const hasAnyFilter = params.aType || params.aUid || params.axbType || params.bType || params.bUid || params.where && params.where.length > 0;
+    if (!hasAnyFilter) {
+      this.checkQuerySafety([], params.allowCollectionScan);
+      return [];
+    }
+    const plan = buildEdgeQueryPlan(params);
+    if (plan.strategy === "get") {
+      throw new FiregraphError(
+        "bulkDelete() / bulkUpdate() require a query, not a direct document lookup. Use removeEdge() / updateEdge() for single-row operations, or omit one of aUid/axbType/bUid to force a query strategy.",
+        "INVALID_QUERY"
+      );
+    }
+    this.checkQuerySafety(plan.filters, params.allowCollectionScan);
+    return plan.filters;
+  }
+  // ---------------------------------------------------------------------------
   // Dynamic registry methods
   // ---------------------------------------------------------------------------
   async defineNodeType(name, jsonSchema, description, options) {
@@ -2344,9 +3506,10 @@ var GraphClientImpl = class _GraphClientImpl {
     };
   }
 };
-function createGraphClientFromBackend(backend, options, metaBackend) {
+function createGraphClient(backend, options, metaBackend) {
   return new GraphClientImpl(backend, options, metaBackend);
 }
+var createGraphClientFromBackend = createGraphClient;
 
 // src/cloudflare/client.ts
 function createDOClient(namespace, rootKey, options = {}) {
@@ -2492,11 +3655,32 @@ var FiregraphDO = class extends import_cloudflare_workers.DurableObject {
     const rows = this.execAll(stmt);
     return rows.map(rowToDORecord);
   }
+  /**
+   * Aggregate query (capability `query.aggregate`). Compiles a single
+   * `SELECT` projecting one column per alias; SQLite handles count, sum,
+   * avg, min, max natively. Empty-set fix-ups (NULL → 0 for sum/min/max,
+   * NaN for avg) happen on the client side in `DORPCBackend.aggregate` so
+   * the wire payload stays a plain row of (alias → number | null).
+   */
+  async _fgAggregate(spec, filters) {
+    const { stmt, aliases } = compileDOAggregate(this.table, spec, filters);
+    const rows = this.execAll(stmt);
+    const row = rows[0] ?? {};
+    const out = {};
+    for (const alias of aliases) {
+      const v = row[alias];
+      if (v === null || v === void 0) out[alias] = null;
+      else if (typeof v === "bigint") out[alias] = Number(v);
+      else if (typeof v === "number") out[alias] = v;
+      else out[alias] = Number(v);
+    }
+    return out;
+  }
   // ---------------------------------------------------------------------------
   // RPC: writes
   // ---------------------------------------------------------------------------
-  async _fgSetDoc(docId, record) {
-    const stmt = compileDOSet(this.table, docId, record, Date.now());
+  async _fgSetDoc(docId, record, mode) {
+    const stmt = compileDOSet(this.table, docId, record, Date.now(), mode);
     this.execRun(stmt);
   }
   async _fgUpdateDoc(docId, update) {
@@ -2526,7 +3710,7 @@ var FiregraphDO = class extends import_cloudflare_workers.DurableObject {
     const statements = ops.map((op) => {
       switch (op.kind) {
         case "set":
-          return compileDOSet(this.table, op.docId, op.record, now);
+          return compileDOSet(this.table, op.docId, op.record, now, op.mode);
         case "update":
           return compileDOUpdate(this.table, op.docId, op.update, now);
         case "delete":
@@ -2642,6 +3826,119 @@ var FiregraphDO = class extends import_cloudflare_workers.DurableObject {
     }
   }
   // ---------------------------------------------------------------------------
+  // RPC: server-side DML (capability `query.dml`)
+  //
+  // Single-statement DELETE/UPDATE WHERE that the SQLite engine handles in
+  // one shot — the cap-less alternative is `_fgBulkRemoveEdges` which fetches
+  // doc IDs first, then deletes them one-by-one inside a transaction. The
+  // DML path skips the round-trip and lets SQLite optimize the WHERE.
+  //
+  // RETURNING "doc_id" gives us an authoritative affected-row count; SQLite
+  // ≥3.35 supports it for both DELETE and UPDATE and DO SQLite is always
+  // recent enough.
+  //
+  // Retry policy: unlike `SqliteBackendImpl.bulkDelete` / `bulkUpdate`, which
+  // wrap a chunked retry/backoff loop around each batch (D1's 1000-statement
+  // cap forces chunking, so a single transient failure shouldn't kill the
+  // whole job), the DO path runs a single un-chunked statement against
+  // `state.storage.sql` synchronously. There's nothing to retry inside the
+  // DO — the engine commits or it doesn't. If a caller wants retry semantics
+  // on the wire, they wrap the `bulkDelete` / `bulkUpdate` call themselves.
+  // ---------------------------------------------------------------------------
+  async _fgBulkDelete(filters, _options) {
+    void _options;
+    if (filters.length === 0) {
+      throw new FiregraphError(
+        "bulkDelete() requires at least one filter when targeting a Durable Object backend. An empty filter list would wipe every row in the DO. To wipe a routed subgraph DO, use `removeNodeCascade` on the parent node or `_fgDestroy` directly on the stub.",
+        "INVALID_ARGUMENT"
+      );
+    }
+    const stmt = compileDOBulkDelete(this.table, filters);
+    return this.execDmlWithReturning(stmt);
+  }
+  async _fgBulkUpdate(filters, patch, _options) {
+    void _options;
+    const stmt = compileDOBulkUpdate(this.table, filters, patch.data, Date.now());
+    return this.execDmlWithReturning(stmt);
+  }
+  // ---------------------------------------------------------------------------
+  // RPC: multi-source fan-out (`query.join`)
+  //
+  // One `SELECT … WHERE "aUid" IN (?, ?, …)` (or `"bUid"` for reverse)
+  // collapses N per-source `findEdges` round trips into one. When the
+  // caller asks for hydration, a second IN-clause statement fetches the
+  // target node rows; the DO does the alignment in JS so the wire payload
+  // is two `DORecordWire[]` arrays instead of a JOIN-shaped row that
+  // would force a custom client-side decoder.
+  // ---------------------------------------------------------------------------
+  async _fgExpand(params) {
+    if (params.sources.length === 0) {
+      return params.hydrate ? { edges: [], targets: [] } : { edges: [] };
+    }
+    const stmt = compileDOExpand(this.table, params);
+    const rows = this.state.storage.sql.exec(stmt.sql, ...stmt.params).toArray();
+    const edges = rows.map((row) => rowToDORecord(row));
+    if (!params.hydrate) {
+      return { edges };
+    }
+    const direction = params.direction ?? "forward";
+    const targetUids = edges.map((e) => direction === "forward" ? e.bUid : e.aUid);
+    const uniqueTargets = [...new Set(targetUids)];
+    if (uniqueTargets.length === 0) {
+      return { edges, targets: [] };
+    }
+    const hydrateStmt = compileDOExpandHydrate(this.table, uniqueTargets);
+    const hydrateRows = this.state.storage.sql.exec(hydrateStmt.sql, ...hydrateStmt.params).toArray();
+    const byUid = /* @__PURE__ */ new Map();
+    for (const row of hydrateRows) {
+      const node = rowToDORecord(row);
+      byUid.set(node.bUid, node);
+    }
+    const targets = targetUids.map((uid) => byUid.get(uid) ?? null);
+    return { edges, targets };
+  }
+  // ---------------------------------------------------------------------------
+  // RPC: server-side projection (`query.select`)
+  //
+  // One `SELECT json_extract(data, '$.f1'), …` returns the projected fields.
+  // The DO leaves decoding to the client because timestamp values need to
+  // rewrap as `GraphTimestampImpl` (a class instance, lost by structured
+  // clone) — instead of inventing per-field timestamp sentinels, we send the
+  // raw rows and the column spec, and let `DORPCBackend.findEdgesProjected`
+  // call `decodeDOProjectedRow` once. The spec is small (≤ ~100 bytes for
+  // a typical projection); structured clone copes happily.
+  // ---------------------------------------------------------------------------
+  async _fgFindEdgesProjected(select, filters, options) {
+    const { stmt, columns } = compileDOFindEdgesProjected(this.table, select, filters, options);
+    const rows = this.state.storage.sql.exec(stmt.sql, ...stmt.params).toArray();
+    return { rows, columns };
+  }
+  /**
+   * Run a DML statement with `RETURNING "doc_id"` so the affected-row count
+   * comes back authoritatively. Errors are caught and surfaced via the
+   * `BulkResult.errors` array (single batch, batchIndex 0) so the wire
+   * payload stays a regular `BulkResult` and the client doesn't have to
+   * differentiate "RPC threw" from "single-statement failure."
+   */
+  execDmlWithReturning(stmt) {
+    const sqlWithReturning = `${stmt.sql} RETURNING "doc_id"`;
+    try {
+      const rows = this.state.storage.sql.exec(sqlWithReturning, ...stmt.params).toArray();
+      return { deleted: rows.length, batches: 1, errors: [] };
+    } catch (err) {
+      const error = err instanceof Error ? err : new Error(String(err));
+      return {
+        deleted: 0,
+        batches: 0,
+        // Like `_fgBulkRemoveEdges`'s catch arm: a single failed statement
+        // is one batch, and the operationCount is "unknown" for a server-
+        // side DML — we report 0 as the lower bound. Callers that care
+        // about partial state should re-query and reconcile.
+        errors: [{ batchIndex: 0, error, operationCount: 0 }]
+      };
+    }
+  }
+  // ---------------------------------------------------------------------------
   // RPC: admin
   // ---------------------------------------------------------------------------
   /**
@@ -2672,12 +3969,27 @@ var FiregraphDO = class extends import_cloudflare_workers.DurableObject {
     this.state.storage.sql.exec(stmt.sql, ...stmt.params).toArray();
   }
 };
+
+// src/id.ts
+var import_nanoid = require("nanoid");
+function generateId() {
+  return (0, import_nanoid.nanoid)();
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  CapabilityNotSupportedError,
   DORPCBackend,
   FiregraphDO,
+  META_EDGE_TYPE,
+  META_NODE_TYPE,
   buildDOSchemaStatements,
+  createCapabilities,
   createDOClient,
-  createSiblingClient
+  createMergedRegistry,
+  createRegistry,
+  createSiblingClient,
+  deleteField,
+  generateId,
+  intersectCapabilities
 });
 //# sourceMappingURL=index.cjs.map