@typicalday/firegraph 0.12.0 → 0.13.0

package/dist/cloudflare/index.js

@@ -1,5 +1,20 @@
 import {
-  DEFAULT_CORE_INDEXES,
+  GraphTimestampImpl,
+  assertJsonSafePayload,
+  buildIndexDDL,
+  compileDataOpsExpr,
+  dedupeIndexSpecs,
+  isFirestoreSpecialType,
+  validateJsonPathKey
+} from "../chunk-4MMQ5W74.js";
+import {
+  DEFAULT_CORE_INDEXES
+} from "../chunk-2DHMNTV6.js";
+import {
+  createCapabilities,
+  intersectCapabilities
+} from "../chunk-N5HFDWQX.js";
+import {
   META_EDGE_TYPE,
   META_NODE_TYPE,
   NODE_RELATION,
@@ -10,287 +25,15 @@ import {
   createMergedRegistry,
   createRegistry,
   generateId
-} from "../chunk-HONQY4HF.js";
+} from "../chunk-WRTFC5NG.js";
 import {
+  CapabilityNotSupportedError,
   FiregraphError,
   assertUpdatePayloadExclusive,
   deleteField,
-  flattenPatch,
-  isDeleteSentinel
-} from "../chunk-AWW4MUJ5.js";
-import {
-  SERIALIZATION_TAG
-} from "../chunk-EQJUUVFG.js";
-
-// src/internal/sqlite-data-ops.ts
-var FIRESTORE_TYPE_NAMES = /* @__PURE__ */ new Set([
-  "Timestamp",
-  "GeoPoint",
-  "VectorValue",
-  "DocumentReference",
-  "FieldValue"
-]);
-function isFirestoreSpecialType(value) {
-  const ctorName = value.constructor?.name;
-  if (ctorName && FIRESTORE_TYPE_NAMES.has(ctorName)) return ctorName;
-  return null;
-}
-var JSON_PATH_KEY_RE = /^[A-Za-z_][A-Za-z0-9_-]*$/;
-function validateJsonPathKey(key, backendLabel) {
-  if (key.length === 0) {
-    throw new FiregraphError(
-      `${backendLabel}: empty JSON path component is not allowed`,
-      "INVALID_QUERY"
-    );
-  }
-  if (!JSON_PATH_KEY_RE.test(key)) {
-    throw new FiregraphError(
-      `${backendLabel}: data field path component "${key}" is not a safe JSON-path identifier. Allowed pattern: /^[A-Za-z_][A-Za-z0-9_-]*$/. Use replaceNode/replaceEdge (full-data overwrite) for keys with reserved characters (whitespace, dots, brackets, quotes, etc.).`,
-      "INVALID_QUERY"
-    );
-  }
-}
-function jsonBind(value, backendLabel) {
-  if (value === void 0) return "null";
-  if (value !== null && typeof value === "object") {
-    const firestoreType = isFirestoreSpecialType(value);
-    if (firestoreType) {
-      throw new FiregraphError(
-        `${backendLabel} cannot persist a Firestore ${firestoreType} value. Convert to a primitive before writing (e.g. \`ts.toMillis()\` for Timestamp).`,
-        "INVALID_ARGUMENT"
-      );
-    }
-  }
-  return JSON.stringify(value);
-}
-function compileDataOpsExpr(ops, base, params, backendLabel) {
-  if (ops.length === 0) return null;
-  const deletes = [];
-  const sets = [];
-  for (const op of ops) (op.delete ? deletes : sets).push(op);
-  let expr = base;
-  if (deletes.length > 0) {
-    const placeholders = deletes.map(() => "?").join(", ");
-    expr = `json_remove(${expr}, ${placeholders})`;
-    for (const op of deletes) {
-      for (const seg of op.path) validateJsonPathKey(seg, backendLabel);
-      params.push(`$.${op.path.join(".")}`);
-    }
-  }
-  if (sets.length > 0) {
-    const pieces = sets.map(() => "?, json(?)").join(", ");
-    expr = `json_set(${expr}, ${pieces})`;
-    for (const op of sets) {
-      for (const seg of op.path) validateJsonPathKey(seg, backendLabel);
-      params.push(`$.${op.path.join(".")}`);
-      params.push(jsonBind(op.value, backendLabel));
-    }
-  }
-  return expr;
-}
-
-// src/internal/sqlite-payload-guard.ts
-var FIRESTORE_TYPE_NAMES2 = /* @__PURE__ */ new Set([
-  "Timestamp",
-  "GeoPoint",
-  "VectorValue",
-  "DocumentReference",
-  "FieldValue"
-]);
-function assertJsonSafePayload(data, label) {
-  walk(data, [], label);
-}
-function walk(node, path, label) {
-  if (node === null || node === void 0) return;
-  if (isDeleteSentinel(node)) {
-    throw new FiregraphError(
-      `${label} backend cannot persist a deleteField() sentinel inside a full-data payload (replaceNode/replaceEdge or first-insert). The sentinel is only valid inside an updateNode/updateEdge dataOps patch. Path: ${formatPath(path)}.`,
-      "INVALID_ARGUMENT"
-    );
-  }
-  const t = typeof node;
-  if (t === "symbol" || t === "function") {
-    throw new FiregraphError(
-      `${label} backend cannot persist a value of type ${t}. JSON.stringify drops it silently. Path: ${formatPath(path)}.`,
-      "INVALID_ARGUMENT"
-    );
-  }
-  if (t === "bigint") {
-    throw new FiregraphError(
-      `${label} backend cannot persist a value of type bigint. JSON.stringify cannot serialize this type (throws TypeError). Path: ${formatPath(path)}.`,
-      "INVALID_ARGUMENT"
-    );
-  }
-  if (t !== "object") return;
-  if (Array.isArray(node)) {
-    for (let i = 0; i < node.length; i++) {
-      walk(node[i], [...path, String(i)], label);
-    }
-    return;
-  }
-  const obj = node;
-  if (Object.prototype.hasOwnProperty.call(obj, SERIALIZATION_TAG)) {
-    const tagValue = obj[SERIALIZATION_TAG];
-    throw new FiregraphError(
-      `${label} backend cannot persist an object with a \`${SERIALIZATION_TAG}\` key (value: ${formatTagValue(tagValue)}). Recognised tags are valid only on the Firestore backend (migration-sandbox output); a literal \`${SERIALIZATION_TAG}\` field in user data is reserved and not allowed. Path: ${formatPath(path)}.`,
-      "INVALID_ARGUMENT"
-    );
-  }
-  const proto = Object.getPrototypeOf(node);
-  if (proto !== null && proto !== Object.prototype) {
-    const ctor = node.constructor;
-    const ctorName = ctor && typeof ctor.name === "string" ? ctor.name : "<anonymous>";
-    if (FIRESTORE_TYPE_NAMES2.has(ctorName)) {
-      throw new FiregraphError(
-        `${label} backend cannot persist a Firestore ${ctorName} value. Convert to a primitive before writing (e.g. \`ts.toMillis()\` for Timestamp, \`{lat,lng}\` for GeoPoint). Path: ${formatPath(path)}.`,
-        "INVALID_ARGUMENT"
-      );
-    }
-    if (node instanceof Date) return;
-    throw new FiregraphError(
-      `${label} backend cannot persist a class instance of type ${ctorName}. Only plain objects, arrays, and primitives round-trip safely through JSON storage. Path: ${formatPath(path)}.`,
-      "INVALID_ARGUMENT"
-    );
-  }
-  for (const key of Object.keys(obj)) {
-    walk(obj[key], [...path, key], label);
-  }
-}
-function formatPath(path) {
-  return path.length === 0 ? "<root>" : path.map((p) => JSON.stringify(p)).join(" > ");
-}
-function formatTagValue(value) {
-  if (value === null) return "null";
-  if (value === void 0) return "undefined";
-  if (typeof value === "string") return JSON.stringify(value);
-  if (typeof value === "number" || typeof value === "boolean" || typeof value === "bigint") {
-    return String(value);
-  }
-  return typeof value;
-}
-
-// src/timestamp.ts
-var GraphTimestampImpl = class _GraphTimestampImpl {
-  constructor(seconds, nanoseconds) {
-    this.seconds = seconds;
-    this.nanoseconds = nanoseconds;
-  }
-  toDate() {
-    return new Date(this.toMillis());
-  }
-  toMillis() {
-    return this.seconds * 1e3 + Math.floor(this.nanoseconds / 1e6);
-  }
-  toJSON() {
-    return { seconds: this.seconds, nanoseconds: this.nanoseconds };
-  }
-  static fromMillis(ms) {
-    const seconds = Math.floor(ms / 1e3);
-    const nanoseconds = (ms - seconds * 1e3) * 1e6;
-    return new _GraphTimestampImpl(seconds, nanoseconds);
-  }
-  static now() {
-    return _GraphTimestampImpl.fromMillis(Date.now());
-  }
-};
-
-// src/internal/sqlite-index-ddl.ts
-var IDENT_RE = /^[A-Za-z_][A-Za-z0-9_]*$/;
-var JSON_PATH_KEY_RE2 = /^[A-Za-z_][A-Za-z0-9_-]*$/;
-function quoteIdent(name) {
-  if (!IDENT_RE.test(name)) {
-    throw new FiregraphError(
-      `Invalid SQL identifier in index DDL: ${name}. Must match /^[A-Za-z_][A-Za-z0-9_]*$/.`,
-      "INVALID_INDEX"
-    );
-  }
-  return `"${name}"`;
-}
-function fnv1a32(str) {
-  let h = 2166136261;
-  for (let i = 0; i < str.length; i++) {
-    h ^= str.charCodeAt(i);
-    h = Math.imul(h, 16777619);
-  }
-  return (h >>> 0).toString(16).padStart(8, "0");
-}
-function normalizeFields(fields) {
-  return fields.map((f) => {
-    if (typeof f === "string") return { path: f, desc: false };
-    if (!f.path || typeof f.path !== "string") {
-      throw new FiregraphError(
-        `IndexSpec field must be a string or { path: string, desc?: boolean }; got ${JSON.stringify(f)}`,
-        "INVALID_INDEX"
-      );
-    }
-    return { path: f.path, desc: !!f.desc };
-  });
-}
-function specFingerprint(spec, leadingColumns) {
-  const normalized = {
-    lead: leadingColumns,
-    fields: normalizeFields(spec.fields),
-    where: spec.where ?? ""
-  };
-  return fnv1a32(JSON.stringify(normalized));
-}
-function compileFieldExpr(path, fieldToColumn) {
-  const col = fieldToColumn[path];
-  if (col) return quoteIdent(col);
-  if (path === "data") {
-    return `json_extract("data", '$')`;
-  }
-  if (path.startsWith("data.")) {
-    const suffix = path.slice(5);
-    const parts = suffix.split(".");
-    for (const part of parts) {
-      if (!JSON_PATH_KEY_RE2.test(part)) {
-        throw new FiregraphError(
-          `IndexSpec data path "${path}" has invalid component "${part}". Each component must match /^[A-Za-z_][A-Za-z0-9_-]*$/.`,
-          "INVALID_INDEX"
-        );
-      }
-    }
-    return `json_extract("data", '$.${suffix}')`;
-  }
-  throw new FiregraphError(
-    `IndexSpec field "${path}" is not a known firegraph field. Use a top-level field (aType, aUid, axbType, bType, bUid, createdAt, updatedAt, v) or a dotted data path like 'data.status'.`,
-    "INVALID_INDEX"
-  );
-}
-function buildIndexDDL(spec, options) {
-  const { table, fieldToColumn, leadingColumns = [] } = options;
-  if (!spec.fields || spec.fields.length === 0) {
-    throw new FiregraphError("IndexSpec.fields must be a non-empty array", "INVALID_INDEX");
-  }
-  const normalized = normalizeFields(spec.fields);
-  const hash = specFingerprint(spec, leadingColumns);
-  const indexName = `${table}_idx_${hash}`;
-  const cols = [];
-  for (const col of leadingColumns) {
-    cols.push(quoteIdent(col));
-  }
-  for (const f of normalized) {
-    const expr = compileFieldExpr(f.path, fieldToColumn);
-    cols.push(f.desc ? `${expr} DESC` : expr);
-  }
-  let ddl = `CREATE INDEX IF NOT EXISTS ${quoteIdent(indexName)} ON ${quoteIdent(table)}(${cols.join(", ")})`;
-  if (spec.where) {
-    ddl += ` WHERE ${spec.where}`;
-  }
-  return ddl;
-}
-function dedupeIndexSpecs(specs, leadingColumns = []) {
-  const seen = /* @__PURE__ */ new Set();
-  const out = [];
-  for (const spec of specs) {
-    const fp = specFingerprint(spec, leadingColumns);
-    if (seen.has(fp)) continue;
-    seen.add(fp);
-    out.push(spec);
-  }
-  return out;
-}
+  flattenPatch
+} from "../chunk-TK64DNVK.js";
+import "../chunk-EQJUUVFG.js";
 
 // src/cloudflare/schema.ts
 var DO_FIELD_TO_COLUMN = {
@@ -303,9 +46,9 @@ var DO_FIELD_TO_COLUMN = {
   createdAt: "created_at",
   updatedAt: "updated_at"
 };
-var IDENT_RE2 = /^[A-Za-z_][A-Za-z0-9_]*$/;
+var IDENT_RE = /^[A-Za-z_][A-Za-z0-9_]*$/;
 function validateDOTableName(name) {
-  if (!IDENT_RE2.test(name)) {
+  if (!IDENT_RE.test(name)) {
     throw new Error(`Invalid SQL identifier: ${name}. Must match /^[A-Za-z_][A-Za-z0-9_]*$/.`);
   }
 }
@@ -313,6 +56,9 @@ function quoteDOIdent(name) {
   validateDOTableName(name);
   return `"${name}"`;
 }
+function quoteDOColumnAlias(label) {
+  return `"${label.replace(/"/g, '""')}"`;
+}
 function buildDOSchemaStatements(table, options = {}) {
   const t = quoteDOIdent(table);
   const statements = [
@@ -459,12 +205,223 @@ function compileDOSelect(table, filters, options) {
   sql += compileLimit(options, params);
   return { sql, params };
 }
+function compileDOExpand(table, params) {
+  if (params.sources.length === 0) {
+    throw new FiregraphError(
+      "compileDOExpand requires a non-empty sources list \u2014 empty IN () is invalid SQL.",
+      "INVALID_QUERY"
+    );
+  }
+  const direction = params.direction ?? "forward";
+  const aUidCol = compileFieldRef("aUid").expr;
+  const bUidCol = compileFieldRef("bUid").expr;
+  const aTypeCol = compileFieldRef("aType").expr;
+  const bTypeCol = compileFieldRef("bType").expr;
+  const axbTypeCol = compileFieldRef("axbType").expr;
+  const sourceColumn = direction === "forward" ? aUidCol : bUidCol;
+  const sqlParams = [params.axbType];
+  const conditions = [`${axbTypeCol} = ?`];
+  const placeholders = params.sources.map(() => "?").join(", ");
+  conditions.push(`${sourceColumn} IN (${placeholders})`);
+  for (const uid of params.sources) sqlParams.push(uid);
+  if (params.aType !== void 0) {
+    conditions.push(`${aTypeCol} = ?`);
+    sqlParams.push(params.aType);
+  }
+  if (params.bType !== void 0) {
+    conditions.push(`${bTypeCol} = ?`);
+    sqlParams.push(params.bType);
+  }
+  if (params.axbType === NODE_RELATION) {
+    conditions.push(`${aUidCol} != ${bUidCol}`);
+  }
+  let sql = `SELECT * FROM ${quoteDOIdent(table)} WHERE ${conditions.join(" AND ")}`;
+  if (params.orderBy) {
+    sql += compileOrderBy({ orderBy: params.orderBy }, sqlParams);
+  }
+  if (params.limitPerSource !== void 0) {
+    const totalLimit = params.sources.length * params.limitPerSource;
+    sql += ` LIMIT ?`;
+    sqlParams.push(totalLimit);
+  }
+  return { sql, params: sqlParams };
+}
+function compileDOExpandHydrate(table, targetUids) {
+  if (targetUids.length === 0) {
+    throw new FiregraphError(
+      "compileDOExpandHydrate requires a non-empty target list \u2014 empty IN () is invalid SQL.",
+      "INVALID_QUERY"
+    );
+  }
+  const placeholders = targetUids.map(() => "?").join(", ");
+  const sqlParams = [NODE_RELATION];
+  for (const uid of targetUids) sqlParams.push(uid);
+  const aUidCol = compileFieldRef("aUid").expr;
+  const bUidCol = compileFieldRef("bUid").expr;
+  const axbTypeCol = compileFieldRef("axbType").expr;
+  return {
+    sql: `SELECT * FROM ${quoteDOIdent(table)} WHERE ${axbTypeCol} = ? AND ${aUidCol} = ${bUidCol} AND ${bUidCol} IN (${placeholders})`,
+    params: sqlParams
+  };
+}
 function compileDOSelectByDocId(table, docId) {
   return {
     sql: `SELECT * FROM ${quoteDOIdent(table)} WHERE "doc_id" = ? LIMIT 1`,
     params: [docId]
   };
 }
+function normalizeDOProjectionField(field) {
+  if (field in DO_FIELD_TO_COLUMN) return field;
+  if (field === "data" || field.startsWith("data.")) return field;
+  return `data.${field}`;
+}
+function compileDOFindEdgesProjected(table, select, filters, options) {
+  if (select.length === 0) {
+    throw new FiregraphError(
+      "compileDOFindEdgesProjected requires a non-empty select list \u2014 an empty projection has no SQL representation distinct from `findEdges`.",
+      "INVALID_QUERY"
+    );
+  }
+  const seen = /* @__PURE__ */ new Set();
+  const uniqueFields = [];
+  for (const f of select) {
+    if (!seen.has(f)) {
+      seen.add(f);
+      uniqueFields.push(f);
+    }
+  }
+  const projections = [];
+  const columns = [];
+  for (let idx = 0; idx < uniqueFields.length; idx++) {
+    const field = uniqueFields[idx];
+    const canonical = normalizeDOProjectionField(field);
+    const { expr } = compileFieldRef(canonical);
+    const alias = quoteDOColumnAlias(field);
+    projections.push(`${expr} AS ${alias}`);
+    let kind;
+    let typeAliasName;
+    if (canonical === "data") {
+      kind = "data";
+    } else if (canonical.startsWith("data.")) {
+      kind = "json";
+      typeAliasName = `__fg_t_${idx}`;
+      const typeAlias = quoteDOColumnAlias(typeAliasName);
+      projections.push(`json_type("data", '$.${canonical.slice(5)}') AS ${typeAlias}`);
+    } else {
+      if (canonical === "v") kind = "builtin-int";
+      else if (canonical === "createdAt" || canonical === "updatedAt") kind = "builtin-timestamp";
+      else kind = "builtin-text";
+    }
+    columns.push({ field, kind, typeAlias: typeAliasName });
+  }
+  const params = [];
+  const conditions = [];
+  for (const f of filters) {
+    conditions.push(compileFilter(f, params));
+  }
+  const where = conditions.length > 0 ? ` WHERE ${conditions.join(" AND ")}` : "";
+  let sql = `SELECT ${projections.join(", ")} FROM ${quoteDOIdent(table)}${where}`;
+  sql += compileOrderBy(options, params);
+  sql += compileLimit(options, params);
+  return { stmt: { sql, params }, columns };
+}
+function decodeDOProjectedRow(row, columns) {
+  const out = {};
+  for (const c of columns) {
+    const raw = row[c.field];
+    switch (c.kind) {
+      case "builtin-text":
+        out[c.field] = raw === null || raw === void 0 ? null : String(raw);
+        break;
+      case "builtin-int":
+        if (raw === null || raw === void 0) {
+          out[c.field] = null;
+        } else if (typeof raw === "bigint") {
+          out[c.field] = Number(raw);
+        } else if (typeof raw === "number") {
+          out[c.field] = raw;
+        } else {
+          out[c.field] = Number(raw);
+        }
+        break;
+      case "builtin-timestamp": {
+        const ms = toMillis(raw);
+        out[c.field] = GraphTimestampImpl.fromMillis(ms);
+        break;
+      }
+      case "data":
+        if (raw === null || raw === void 0 || raw === "") {
+          out[c.field] = {};
+        } else {
+          out[c.field] = JSON.parse(raw);
+        }
+        break;
+      case "json": {
+        const t = row[c.typeAlias];
+        if (raw === null || raw === void 0) {
+          out[c.field] = null;
+        } else if (t === "object" || t === "array") {
+          out[c.field] = typeof raw === "string" ? JSON.parse(raw) : raw;
+        } else if (t === "integer" && typeof raw === "bigint") {
+          out[c.field] = Number(raw);
+        } else {
+          out[c.field] = raw;
+        }
+        break;
+      }
+    }
+  }
+  return out;
+}
+function compileDOAggregate(table, spec, filters) {
+  const aliases = Object.keys(spec);
+  if (aliases.length === 0) {
+    throw new FiregraphError(
+      "aggregate() requires at least one aggregation in the `aggregates` map.",
+      "INVALID_QUERY"
+    );
+  }
+  const projections = [];
+  for (const alias of aliases) {
+    const { op, field } = spec[alias];
+    validateJsonPathKey(alias, DO_BACKEND_ERR_LABEL);
+    if (op === "count") {
+      if (field !== void 0) {
+        throw new FiregraphError(
+          `Aggregate '${alias}' op 'count' must not specify a field \u2014 count operates on rows, not a column expression.`,
+          "INVALID_QUERY"
+        );
+      }
+      projections.push(`COUNT(*) AS ${quoteDOIdent(alias)}`);
+      continue;
+    }
+    if (!field) {
+      throw new FiregraphError(
+        `Aggregate '${alias}' op '${op}' requires a field.`,
+        "INVALID_QUERY"
+      );
+    }
+    const { expr } = compileFieldRef(field);
+    const numeric = `CAST(${expr} AS REAL)`;
+    if (op === "sum") projections.push(`SUM(${numeric}) AS ${quoteDOIdent(alias)}`);
+    else if (op === "avg") projections.push(`AVG(${numeric}) AS ${quoteDOIdent(alias)}`);
+    else if (op === "min") projections.push(`MIN(${numeric}) AS ${quoteDOIdent(alias)}`);
+    else if (op === "max") projections.push(`MAX(${numeric}) AS ${quoteDOIdent(alias)}`);
+    else
+      throw new FiregraphError(
+        `DO SQLite backend does not support aggregate op: ${String(op)}`,
+        "INVALID_QUERY"
+      );
+  }
+  const params = [];
+  const conditions = [];
+  for (const f of filters) {
+    conditions.push(compileFilter(f, params));
+  }
+  const where = conditions.length > 0 ? ` WHERE ${conditions.join(" AND ")}` : "";
+  const sql = `SELECT ${projections.join(", ")} FROM ${quoteDOIdent(table)}${where}`;
+  return { stmt: { sql, params }, aliases };
+}
 function compileDOSet(table, docId, record, nowMillis, mode) {
   assertJsonSafePayload(record.data, DO_BACKEND_LABEL);
   if (mode === "replace") {
@@ -555,6 +512,55 @@ function compileDODelete(table, docId) {
     params: [docId]
   };
 }
+function compileDOBulkDelete(table, filters) {
+  const params = [];
+  const conditions = [];
+  for (const f of filters) {
+    conditions.push(compileFilter(f, params));
+  }
+  const where = conditions.length > 0 ? ` WHERE ${conditions.join(" AND ")}` : "";
+  return {
+    sql: `DELETE FROM ${quoteDOIdent(table)}${where}`,
+    params
+  };
+}
+function compileDOBulkUpdate(table, filters, patchData, nowMillis) {
+  const dataOps = flattenPatch(patchData);
+  if (dataOps.length === 0) {
+    throw new FiregraphError(
+      "bulkUpdate() patch.data must contain at least one leaf \u2014 an empty patch would only rewrite `updated_at`, which is almost certainly a bug. Use `setDoc` with merge mode if you want to stamp without editing data.",
+      "INVALID_QUERY"
+    );
+  }
+  for (const op of dataOps) {
+    if (!op.delete) assertJsonSafePayload(op.value, DO_BACKEND_LABEL);
+  }
+  const setParams = [];
+  const expr = compileDataOpsExpr(
+    dataOps,
+    `COALESCE("data", '{}')`,
+    setParams,
+    DO_BACKEND_ERR_LABEL
+  );
+  if (expr === null) {
+    throw new FiregraphError(
+      "bulkUpdate() patch produced no SQL operations \u2014 internal invariant violated.",
+      "INVALID_ARGUMENT"
+    );
+  }
+  const setClauses = [`"data" = ${expr}`, `"updated_at" = ?`];
+  setParams.push(nowMillis);
+  const whereParams = [];
+  const conditions = [];
+  for (const f of filters) {
+    conditions.push(compileFilter(f, whereParams));
+  }
+  const where = conditions.length > 0 ? ` WHERE ${conditions.join(" AND ")}` : "";
+  return {
+    sql: `UPDATE ${quoteDOIdent(table)} SET ${setClauses.join(", ")}${where}`,
+    params: [...setParams, ...whereParams]
+  };
+}
 function compileDODeleteAll(table) {
   return {
     sql: `DELETE FROM ${quoteDOIdent(table)}`,
@@ -646,7 +652,18 @@ var DORPCBatchBackend = class {
     await this.getStub()._fgBatch(ops);
   }
 };
+var DO_CAPS = /* @__PURE__ */ new Set([
+  "core.read",
+  "core.write",
+  "core.batch",
+  "core.subgraph",
+  "query.aggregate",
+  "query.dml",
+  "query.join",
+  "query.select"
+]);
 var DORPCBackend = class _DORPCBackend {
+  capabilities = createCapabilities(DO_CAPS);
   collectionPath = "firegraph";
   scopePath;
   /** @internal */
@@ -680,6 +697,34 @@ var DORPCBackend = class _DORPCBackend {
     const wires = await this.stub._fgQuery(filters, options);
     return wires.map(hydrateDORecord);
   }
+  // --- Aggregate ---
+  /**
+   * Run an aggregate query inside the backing DO. The DO returns a row of
+   * `{ alias: number | null }` (null = SQLite NULL for SUM/MIN/MAX over an
+   * empty set, or the count being literally 0); this method resolves NULL
+   * to 0 for SUM/MIN/MAX and to NaN for AVG, matching the SQLite backend
+   * and the Firestore Standard helper.
+   */
+  async aggregate(spec, filters) {
+    const stub = this.stub;
+    if (!stub._fgAggregate) {
+      throw new FiregraphError(
+        "aggregate() not supported by this Durable Object stub. The wrapped stub does not implement `_fgAggregate`. If you control the stub wrapper, forward `_fgAggregate` to the underlying DO.",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    const wire = await stub._fgAggregate(spec, filters);
+    const out = {};
+    for (const [alias, { op }] of Object.entries(spec)) {
+      const v = wire[alias];
+      if (v === null || v === void 0) {
+        out[alias] = op === "avg" ? Number.NaN : 0;
+      } else {
+        out[alias] = v;
+      }
+    }
+    return out;
+  }
   // --- Writes ---
   async setDoc(docId, record, mode) {
     return this.stub._fgSetDoc(docId, record, mode);
@@ -736,6 +781,105 @@ var DORPCBackend = class _DORPCBackend {
     void _reader;
     return this.stub._fgBulkRemoveEdges(params, options);
   }
+  // --- Server-side DML (capability: query.dml) ---
+  /**
+   * Single-statement bulk DELETE inside the backing DO. The DO compiles
+   * the filter list to one `DELETE … WHERE …` statement and returns a
+   * `BulkResult` whose `deleted` is the affected-row count.
+   *
+   * Defensive `_fgBulkDelete` presence check mirrors `aggregate()`: the
+   * RPC method is optional on `FiregraphStub` so external worker code with
+   * a hand-rolled stub wrapper still type-checks. Surface a clear
+   * `UNSUPPORTED_OPERATION` rather than `TypeError: stub._fgBulkDelete is
+   * not a function` when the wrapper hasn't forwarded the method.
+   */
+  async bulkDelete(filters, options) {
+    const stub = this.stub;
+    if (!stub._fgBulkDelete) {
+      throw new FiregraphError(
+        "bulkDelete() not supported by this Durable Object stub. The wrapped stub does not implement `_fgBulkDelete`. If you control the stub wrapper, forward `_fgBulkDelete` to the underlying DO.",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    return stub._fgBulkDelete(filters, options);
+  }
+  /**
+   * Single-statement bulk UPDATE inside the backing DO. Same contract as
+   * `bulkDelete` for the missing-method case; the DO compiles the patch to
+   * one `UPDATE … SET data = json_patch(...) WHERE …` statement.
+   */
+  async bulkUpdate(filters, patch, options) {
+    const stub = this.stub;
+    if (!stub._fgBulkUpdate) {
+      throw new FiregraphError(
+        "bulkUpdate() not supported by this Durable Object stub. The wrapped stub does not implement `_fgBulkUpdate`. If you control the stub wrapper, forward `_fgBulkUpdate` to the underlying DO.",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    return stub._fgBulkUpdate(filters, patch, options);
+  }
+  /**
+   * Multi-source fan-out — `query.join` capability. Routes the call through
+   * the DO's `_fgExpand` RPC, which compiles to one `SELECT … WHERE
+   * "aUid" IN (?, …)` statement (plus, when `params.hydrate === true`, a
+   * second IN-clause statement against the node rows).
+   *
+   * Defensive `_fgExpand` presence check matches the bulk-DML pattern: the
+   * RPC method is optional on `FiregraphStub` so external worker code with
+   * a hand-rolled stub wrapper still type-checks. We surface a clear
+   * `UNSUPPORTED_OPERATION` rather than `TypeError: stub._fgExpand is not a
+   * function` if the wrapper hasn't forwarded the method.
+   */
+  async expand(params) {
+    const stub = this.stub;
+    if (!stub._fgExpand) {
+      throw new FiregraphError(
+        "expand() not supported by this Durable Object stub. The wrapped stub does not implement `_fgExpand`. If you control the stub wrapper, forward `_fgExpand` to the underlying DO.",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    if (params.sources.length === 0) {
+      return params.hydrate ? { edges: [], targets: [] } : { edges: [] };
+    }
+    const wire = await stub._fgExpand(params);
+    const edges = wire.edges.map(hydrateDORecord);
+    if (!params.hydrate) {
+      return { edges };
+    }
+    const targets = (wire.targets ?? []).map((row) => row ? hydrateDORecord(row) : null);
+    return { edges, targets };
+  }
+  // --- Server-side projection (capability: query.select) ---
+  /**
+   * Server-side projection — `query.select` capability. Forwards the call to
+   * the DO's `_fgFindEdgesProjected` RPC, which compiles to a single
+   * `SELECT json_extract(...) AS …, json_type(...) AS …__t FROM <table>
+   * WHERE …` statement. The DO returns raw rows + per-column metadata; this
+   * method decodes each row locally via `decodeDOProjectedRow`.
+   *
+   * Decoding lives on this side (not inside the DO) because
+   * `GraphTimestampImpl` is a class — its prototype does not survive
+   * workerd's structured-clone boundary — so timestamp rehydration must
+   * happen wherever the rows are consumed by the GraphClient.
+   *
+   * Defensive `_fgFindEdgesProjected` presence check matches the `expand` /
+   * bulk-DML / aggregate pattern: the RPC method is optional on
+   * `FiregraphStub` so external worker code with a hand-rolled stub wrapper
+   * still type-checks. Surface a clear `UNSUPPORTED_OPERATION` rather than
+   * `TypeError: stub._fgFindEdgesProjected is not a function` if the
+   * wrapper hasn't forwarded the method.
+   */
+  async findEdgesProjected(select, filters, options) {
+    const stub = this.stub;
+    if (!stub._fgFindEdgesProjected) {
+      throw new FiregraphError(
+        "findEdgesProjected() not supported by this Durable Object stub. The wrapped stub does not implement `_fgFindEdgesProjected`. If you control the stub wrapper, forward `_fgFindEdgesProjected` to the underlying DO.",
+        "UNSUPPORTED_OPERATION"
+      );
+    }
+    const { rows, columns } = await stub._fgFindEdgesProjected(select, filters, options);
+    return rows.map((row) => decodeDOProjectedRow(row, columns));
+  }
   // --- Cross-scope queries ---
   //
   // `findEdgesGlobal` is deliberately NOT defined on this class. The
@@ -929,6 +1073,27 @@ var FiregraphDO = class extends DurableObject {
     const rows = this.execAll(stmt);
     return rows.map(rowToDORecord);
   }
+  /**
+   * Aggregate query (capability `query.aggregate`). Compiles a single
+   * `SELECT` projecting one column per alias; SQLite handles count, sum,
+   * avg, min, max natively. Empty-set fix-ups (NULL → 0 for sum/min/max,
+   * NaN for avg) happen on the client side in `DORPCBackend.aggregate` so
+   * the wire payload stays a plain row of (alias → number | null).
+   */
+  async _fgAggregate(spec, filters) {
+    const { stmt, aliases } = compileDOAggregate(this.table, spec, filters);
+    const rows = this.execAll(stmt);
+    const row = rows[0] ?? {};
+    const out = {};
+    for (const alias of aliases) {
+      const v = row[alias];
+      if (v === null || v === void 0) out[alias] = null;
+      else if (typeof v === "bigint") out[alias] = Number(v);
+      else if (typeof v === "number") out[alias] = v;
+      else out[alias] = Number(v);
+    }
+    return out;
+  }
   // ---------------------------------------------------------------------------
   // RPC: writes
   // ---------------------------------------------------------------------------
@@ -1079,6 +1244,119 @@ var FiregraphDO = class extends DurableObject {
     }
   }
   // ---------------------------------------------------------------------------
+  // RPC: server-side DML (capability `query.dml`)
+  //
+  // Single-statement DELETE/UPDATE WHERE that the SQLite engine handles in
+  // one shot — the cap-less alternative is `_fgBulkRemoveEdges` which fetches
+  // doc IDs first, then deletes them one-by-one inside a transaction. The
+  // DML path skips the round-trip and lets SQLite optimize the WHERE.
+  //
+  // RETURNING "doc_id" gives us an authoritative affected-row count; SQLite
+  // ≥3.35 supports it for both DELETE and UPDATE and DO SQLite is always
+  // recent enough.
+  //
+  // Retry policy: unlike `SqliteBackendImpl.bulkDelete` / `bulkUpdate`, which
+  // wrap a chunked retry/backoff loop around each batch (D1's 1000-statement
+  // cap forces chunking, so a single transient failure shouldn't kill the
+  // whole job), the DO path runs a single un-chunked statement against
+  // `state.storage.sql` synchronously. There's nothing to retry inside the
+  // DO — the engine commits or it doesn't. If a caller wants retry semantics
+  // on the wire, they wrap the `bulkDelete` / `bulkUpdate` call themselves.
+  // ---------------------------------------------------------------------------
+  async _fgBulkDelete(filters, _options) {
+    void _options;
+    if (filters.length === 0) {
+      throw new FiregraphError(
+        "bulkDelete() requires at least one filter when targeting a Durable Object backend. An empty filter list would wipe every row in the DO. To wipe a routed subgraph DO, use `removeNodeCascade` on the parent node or `_fgDestroy` directly on the stub.",
+        "INVALID_ARGUMENT"
+      );
+    }
+    const stmt = compileDOBulkDelete(this.table, filters);
+    return this.execDmlWithReturning(stmt);
+  }
+  async _fgBulkUpdate(filters, patch, _options) {
+    void _options;
+    const stmt = compileDOBulkUpdate(this.table, filters, patch.data, Date.now());
+    return this.execDmlWithReturning(stmt);
+  }
+  // ---------------------------------------------------------------------------
+  // RPC: multi-source fan-out (`query.join`)
+  //
+  // One `SELECT … WHERE "aUid" IN (?, ?, …)` (or `"bUid"` for reverse)
+  // collapses N per-source `findEdges` round trips into one. When the
+  // caller asks for hydration, a second IN-clause statement fetches the
+  // target node rows; the DO does the alignment in JS so the wire payload
+  // is two `DORecordWire[]` arrays instead of a JOIN-shaped row that
+  // would force a custom client-side decoder.
+  // ---------------------------------------------------------------------------
+  async _fgExpand(params) {
+    if (params.sources.length === 0) {
+      return params.hydrate ? { edges: [], targets: [] } : { edges: [] };
+    }
+    const stmt = compileDOExpand(this.table, params);
+    const rows = this.state.storage.sql.exec(stmt.sql, ...stmt.params).toArray();
+    const edges = rows.map((row) => rowToDORecord(row));
+    if (!params.hydrate) {
+      return { edges };
+    }
+    const direction = params.direction ?? "forward";
+    const targetUids = edges.map((e) => direction === "forward" ? e.bUid : e.aUid);
+    const uniqueTargets = [...new Set(targetUids)];
+    if (uniqueTargets.length === 0) {
+      return { edges, targets: [] };
+    }
+    const hydrateStmt = compileDOExpandHydrate(this.table, uniqueTargets);
+    const hydrateRows = this.state.storage.sql.exec(hydrateStmt.sql, ...hydrateStmt.params).toArray();
+    const byUid = /* @__PURE__ */ new Map();
+    for (const row of hydrateRows) {
+      const node = rowToDORecord(row);
+      byUid.set(node.bUid, node);
+    }
+    const targets = targetUids.map((uid) => byUid.get(uid) ?? null);
+    return { edges, targets };
+  }
+  // ---------------------------------------------------------------------------
+  // RPC: server-side projection (`query.select`)
+  //
+  // One `SELECT json_extract(data, '$.f1'), …` returns the projected fields.
+  // The DO leaves decoding to the client because timestamp values need to
+  // rewrap as `GraphTimestampImpl` (a class instance, lost by structured
+  // clone) — instead of inventing per-field timestamp sentinels, we send the
+  // raw rows and the column spec, and let `DORPCBackend.findEdgesProjected`
+  // call `decodeDOProjectedRow` once. The spec is small (≤ ~100 bytes for
+  // a typical projection); structured clone copes happily.
+  // ---------------------------------------------------------------------------
+  async _fgFindEdgesProjected(select, filters, options) {
+    const { stmt, columns } = compileDOFindEdgesProjected(this.table, select, filters, options);
+    const rows = this.state.storage.sql.exec(stmt.sql, ...stmt.params).toArray();
+    return { rows, columns };
+  }
+  /**
+   * Run a DML statement with `RETURNING "doc_id"` so the affected-row count
+   * comes back authoritatively. Errors are caught and surfaced via the
+   * `BulkResult.errors` array (single batch, batchIndex 0) so the wire
+   * payload stays a regular `BulkResult` and the client doesn't have to
+   * differentiate "RPC threw" from "single-statement failure."
+   */
+  execDmlWithReturning(stmt) {
+    const sqlWithReturning = `${stmt.sql} RETURNING "doc_id"`;
+    try {
+      const rows = this.state.storage.sql.exec(sqlWithReturning, ...stmt.params).toArray();
+      return { deleted: rows.length, batches: 1, errors: [] };
+    } catch (err) {
+      const error = err instanceof Error ? err : new Error(String(err));
+      return {
+        deleted: 0,
+        batches: 0,
+        // Like `_fgBulkRemoveEdges`'s catch arm: a single failed statement
+        // is one batch, and the operationCount is "unknown" for a server-
+        // side DML — we report 0 as the lower bound. Callers that care
+        // about partial state should re-query and reconcile.
+        errors: [{ batchIndex: 0, error, operationCount: 0 }]
+      };
+    }
+  }
+  // ---------------------------------------------------------------------------
   // RPC: admin
   // ---------------------------------------------------------------------------
   /**
@@ -1110,16 +1388,19 @@ var FiregraphDO = class extends DurableObject {
   }
 };
 export {
+  CapabilityNotSupportedError,
   DORPCBackend,
   FiregraphDO,
   META_EDGE_TYPE,
   META_NODE_TYPE,
   buildDOSchemaStatements,
+  createCapabilities,
   createDOClient,
   createMergedRegistry,
   createRegistry,
   createSiblingClient,
   deleteField,
-  generateId
+  generateId,
+  intersectCapabilities
 };
 //# sourceMappingURL=index.js.map