bun-query-builder 0.1.29 → 0.1.30

package/dist/bin/cli.js

@@ -12391,6 +12391,61 @@ function validateIdentifier(name, context) {
     throw new Error(`[query-builder] Invalid identifier${contextMsg}: '${name}'. Identifiers must start with a letter or underscore and contain only alphanumeric characters, underscores, and dots.`);
   }
 }
+function assertSafeWhereOperator(op, context) {
+  if (typeof op !== "string")
+    throw new TypeError(`[query-builder] ${context}: operator must be a string, got ${typeof op}`);
+  const lower = op.toLowerCase();
+  if (!SAFE_WHERE_OPERATORS.has(lower))
+    throw new TypeError(`[query-builder] ${context}: refusing to use '${op}' as a SQL operator \u2014 not in the allowed set (${[...SAFE_WHERE_OPERATORS].join(", ")})`);
+  return op;
+}
+function validateQualifiedIdentifier(value, context) {
+  if (typeof value !== "string" || value.length === 0)
+    throw new TypeError(`[query-builder] ${context}: identifier must be a non-empty string, got ${typeof value}`);
+  if (value.length > 129)
+    throw new TypeError(`[query-builder] ${context}: identifier '${value}' too long`);
+  const parts = value.split(".");
+  if (parts.length > 2)
+    throw new TypeError(`[query-builder] ${context}: identifier '${value}' has more than one dot \u2014 only \`table.column\` is allowed`);
+  for (const part of parts) {
+    if (!/^[A-Z_][A-Z0-9_]*$/i.test(part))
+      throw new TypeError(`[query-builder] ${context}: identifier segment '${part}' contains characters outside [A-Za-z0-9_]`);
+  }
+}
+function assertSqlFragment(fragment, context) {
+  if (fragment === null || fragment === undefined) {
+    throw new TypeError(`[query-builder] ${context}: fragment must be a SqlFragment, got ${fragment}`);
+  }
+  if (typeof fragment === "string") {
+    warnOnceBareSqlFragment(context);
+  }
+}
+function warnOnceBareSqlFragment(context) {
+  if (warnedSqlFragmentContexts.has(context))
+    return;
+  warnedSqlFragmentContexts.add(context);
+  console.warn(`[query-builder] ${context}: bare string passed to a *Raw method. ` + `Prefer \`sql\`...\`\` tagged-template fragments so values are parameterised ` + `instead of concatenated \u2014 concatenating request input into SQL is an ` + `injection vector. This will become a hard error in a future release.`);
+}
+function formatSubqueryValue(val) {
+  if (val === null)
+    return "NULL";
+  if (typeof val === "number" && Number.isFinite(val))
+    return String(val);
+  if (typeof val === "boolean")
+    return val ? "1" : "0";
+  if (typeof val === "string")
+    return `'${val.replace(/'/g, "''")}'`;
+  throw new TypeError(`[query-builder] subquery condition: refusing to interpolate value of type ${typeof val}`);
+}
+function buildOverClause(partitionBy, orderBy) {
+  const cols = Array.isArray(partitionBy) ? partitionBy : partitionBy ? [partitionBy] : [];
+  const parts = [];
+  if (cols.length)
+    parts.push(`PARTITION BY ${cols.join(", ")}`);
+  if (orderBy && orderBy.length)
+    parts.push(`ORDER BY ${orderBy.map(([c, d]) => `${c} ${d === "desc" ? "DESC" : "ASC"}`).join(", ")}`);
+  return parts.length ? `OVER (${parts.join(" ")})` : "OVER ()";
+}
 
 class QueryCache {
   cache = new Map;
@@ -12455,6 +12510,16 @@ function sleep(ms) {
   return new Promise((resolve13) => setTimeout(resolve13, ms));
 }
 function reorderSelectClauses(sql) {
+  const hit = reorderCache.get(sql);
+  if (hit !== undefined)
+    return hit;
+  const out = computeReorderedClauses(sql);
+  if (reorderCache.size >= REORDER_CACHE_MAX)
+    reorderCache.clear();
+  reorderCache.set(sql, out);
+  return out;
+}
+function computeReorderedClauses(sql) {
   const KEYWORDS = [
     { key: "GROUP_BY", tokens: /^GROUP\s+BY\b/i },
     { key: "ORDER_BY", tokens: /^ORDER\s+BY\b/i },
@@ -12540,6 +12605,7 @@ function createQueryBuilder(state) {
   const _sql = state?.sql ?? getOrCreateBunSql();
   const meta = state?.meta;
   const schema = state?.schema;
+  const dynamicWhereColumnCache = new Map;
   function applyCondition(expr) {
     if (Array.isArray(expr)) {
       const [col, op, val] = expr;
@@ -12858,65 +12924,9 @@ function createQueryBuilder(state) {
         }
       }
     };
-    const buildOverClause = (partitionBy, orderBy) => {
-      const cols = Array.isArray(partitionBy) ? partitionBy : partitionBy ? [partitionBy] : [];
-      const parts = [];
-      if (cols.length)
-        parts.push(`PARTITION BY ${cols.join(", ")}`);
-      if (orderBy && orderBy.length)
-        parts.push(`ORDER BY ${orderBy.map(([c, d]) => `${c} ${d === "desc" ? "DESC" : "ASC"}`).join(", ")}`);
-      return parts.length ? `OVER (${parts.join(" ")})` : "OVER ()";
-    };
     const addWindowFunction = (fnExpr, alias, partitionBy, orderBy) => {
       addToSelectClause(`${fnExpr} ${buildOverClause(partitionBy, orderBy)} AS ${alias}`);
     };
-    function assertSafeWhereOperator(op, context) {
-      if (typeof op !== "string")
-        throw new TypeError(`[query-builder] ${context}: operator must be a string, got ${typeof op}`);
-      const lower = op.toLowerCase();
-      if (!SAFE_WHERE_OPERATORS.has(lower))
-        throw new TypeError(`[query-builder] ${context}: refusing to use '${op}' as a SQL operator \u2014 not in the allowed set (${[...SAFE_WHERE_OPERATORS].join(", ")})`);
-      return op;
-    }
-    function validateQualifiedIdentifier(value, context) {
-      if (typeof value !== "string" || value.length === 0)
-        throw new TypeError(`[query-builder] ${context}: identifier must be a non-empty string, got ${typeof value}`);
-      if (value.length > 129)
-        throw new TypeError(`[query-builder] ${context}: identifier '${value}' too long`);
-      const parts = value.split(".");
-      if (parts.length > 2)
-        throw new TypeError(`[query-builder] ${context}: identifier '${value}' has more than one dot \u2014 only \`table.column\` is allowed`);
-      for (const part of parts) {
-        if (!/^[A-Z_][A-Z0-9_]*$/i.test(part))
-          throw new TypeError(`[query-builder] ${context}: identifier segment '${part}' contains characters outside [A-Za-z0-9_]`);
-      }
-    }
-    function assertSqlFragment(fragment, context) {
-      if (fragment === null || fragment === undefined) {
-        throw new TypeError(`[query-builder] ${context}: fragment must be a SqlFragment, got ${fragment}`);
-      }
-      if (typeof fragment === "string") {
-        warnOnceBareSqlFragment(context);
-      }
-    }
-    const warnedSqlFragmentContexts = new Set;
-    function warnOnceBareSqlFragment(context) {
-      if (warnedSqlFragmentContexts.has(context))
-        return;
-      warnedSqlFragmentContexts.add(context);
-      console.warn(`[query-builder] ${context}: bare string passed to a *Raw method. ` + `Prefer \`sql\`...\`\` tagged-template fragments so values are parameterised ` + `instead of concatenated \u2014 concatenating request input into SQL is an ` + `injection vector. This will become a hard error in a future release.`);
-    }
-    function formatSubqueryValue(val) {
-      if (val === null)
-        return "NULL";
-      if (typeof val === "number" && Number.isFinite(val))
-        return String(val);
-      if (typeof val === "boolean")
-        return val ? "1" : "0";
-      if (typeof val === "string")
-        return `'${val.replace(/'/g, "''")}'`;
-      throw new TypeError(`[query-builder] subquery condition: refusing to interpolate value of type ${typeof val}`);
-    }
     const buildHasSubquery = (parentTable, targetTable, pk, callback) => {
       validateIdentifier(parentTable, "relationship subquery (parent table)");
       validateIdentifier(targetTable, "relationship subquery (target table)");
@@ -12949,7 +12959,7 @@ function createQueryBuilder(state) {
         const subQb = {
           where: (col, op, val) => {
             validateIdentifier(col, "relationship subquery condition");
-            return `${targetTable}.${col} ${op} ${typeof val === "string" ? `'${val}'` : val}`;
+            return `${targetTable}.${col} ${assertSafeWhereOperator(op, "whereHas callback")} ${formatSubqueryValue(val)}`;
           }
         };
         const condition = callback(subQb);
@@ -12978,7 +12988,7 @@ function createQueryBuilder(state) {
         const subQb = {
           where: (col, op, val) => {
             validateIdentifier(col, "relationship subquery condition");
-            return `${targetTable}.${col} ${op} ${typeof val === "string" ? `'${val}'` : val}`;
+            return `${targetTable}.${col} ${assertSafeWhereOperator(op, "whereHas callback")} ${formatSubqueryValue(val)}`;
           }
         };
         const condition = callback(subQb);
@@ -14493,7 +14503,14 @@ function createQueryBuilder(state) {
         return this;
       },
       toSQL() {
-        return makeExecutableQuery(ensureBuilt(), reorderSelectClauses(text));
+        const sqlText = reorderSelectClauses(text);
+        return {
+          sql: sqlText,
+          toString: () => sqlText,
+          execute: () => ensureBuilt().execute(),
+          values: () => ensureBuilt().values(),
+          raw: () => ensureBuilt().raw()
+        };
       },
       async value(column) {
         const q = sql`${ensureBuilt()} LIMIT 1`;
@@ -14947,20 +14964,36 @@ function createQueryBuilder(state) {
         if (typeof prop === "string" && (prop.startsWith("where") || prop.startsWith("orWhere") || prop.startsWith("andWhere"))) {
           const isOr = prop.startsWith("orWhere");
           const isAnd = prop.startsWith("andWhere");
-          const raw = prop.replace(/^or?where/i, "").replace(/^andwhere/i, "");
-          if (!raw)
+          const cacheKey = `${String(table)}|${prop}`;
+          let chosen = dynamicWhereColumnCache.get(cacheKey);
+          if (chosen === undefined) {
+            const raw = prop.replace(/^(?:or|and)?where/i, "");
+            if (!raw) {
+              dynamicWhereColumnCache.set(cacheKey, "");
+              chosen = "";
+            } else {
+              const lowerFirst = raw.charAt(0).toLowerCase() + raw.slice(1);
+              const snake = raw.replace(/([A-Z])/g, "_$1").toLowerCase().replace(/^_/, "");
+              const available = schema ? Object.keys(schema[String(table)]?.columns ?? {}) : [];
+              chosen = [snake, lowerFirst, lowerFirst.toLowerCase()].find((n) => available.includes(n)) ?? snake;
+              dynamicWhereColumnCache.set(cacheKey, chosen);
+            }
+          }
+          if (chosen === "")
             return () => receiver;
-          const lowerFirst = raw.charAt(0).toLowerCase() + raw.slice(1);
-          const toSnake = (s) => s.replace(/([A-Z])/g, "_$1").toLowerCase().replace(/^_/, "");
-          const snake = toSnake(raw);
-          const tbl = String(table);
-          const available = schema ? Object.keys(schema[tbl]?.columns ?? {}) : [];
-          const chosen = [snake, lowerFirst, lowerFirst.toLowerCase()].find((n) => available.includes(n)) ?? snake;
+          const column = chosen;
           return (value) => {
-            const expr = Array.isArray(value) ? sql`${sql(String(chosen))} IN ${sql(value)}` : sql`${sql(String(chosen))} = ${value}`;
+            const expr = Array.isArray(value) ? sql`${sql(column)} IN ${sql(value)}` : sql`${sql(column)} = ${value}`;
             built = isOr ? sql`${ensureBuilt()} OR ${expr}` : isAnd ? sql`${ensureBuilt()} AND ${expr}` : sql`${ensureBuilt()} WHERE ${expr}`;
-            const clause = Array.isArray(value) ? `${String(chosen)} IN (?)` : `${String(chosen)} = ?`;
-            addWhereText(isOr ? "OR" : isAnd ? "AND" : "WHERE", clause);
+            if (Array.isArray(value)) {
+              const phs = getPlaceholders(value.length, whereParams.length + 1);
+              addWhereText(isOr ? "OR" : isAnd ? "AND" : "WHERE", `${column} IN (${phs})`);
+              whereParams.push(...value);
+            } else {
+              const ph = getPlaceholder(whereParams.length + 1);
+              addWhereText(isOr ? "OR" : isAnd ? "AND" : "WHERE", `${column} = ${ph}`);
+              whereParams.push(value);
+            }
             return receiver;
           };
         }
@@ -16208,7 +16241,7 @@ function clearQueryCache() {
 function setQueryCacheMaxSize(size) {
   queryCache.setMaxSize(size);
 }
-var SQL_PATTERNS, SAFE_WHERE_OPERATORS, queryCache;
+var SQL_PATTERNS, SAFE_WHERE_OPERATORS, warnedSqlFragmentContexts, queryCache, reorderCache, REORDER_CACHE_MAX = 500;
 var init_client = __esm(() => {
   init_config();
   init_db();
@@ -16243,7 +16276,9 @@ var init_client = __esm(() => {
     "between",
     "not between"
   ]);
+  warnedSqlFragmentContexts = new Set;
   queryCache = new QueryCache;
+  reorderCache = new Map;
 });
 
 // src/actions/cache.ts
@@ -23821,8 +23856,15 @@ function getModelFromRegistry(name) {
   return _getModel(name);
 }
 function toPostgresPlaceholders(sql2) {
+  const hit = pgPlaceholderCache.get(sql2);
+  if (hit !== undefined)
+    return hit;
   let i2 = 0;
-  return sql2.replace(/\?/g, () => `$${++i2}`);
+  const out = sql2.replace(/\?/g, () => `$${++i2}`);
+  if (pgPlaceholderCache.size >= PG_PLACEHOLDER_CACHE_MAX)
+    pgPlaceholderCache.clear();
+  pgPlaceholderCache.set(sql2, out);
+  return out;
 }
 function extractChanges(res) {
   if (res == null)
@@ -23954,21 +23996,25 @@ function timestampsEnabled(definition) {
   return Boolean(t2?.useTimestamps || t2?.timestampable);
 }
 function collectBelongsToManyKeys(definition) {
+  const cached = btmKeysCache.get(definition);
+  if (cached)
+    return cached;
   const keys = new Set;
   const rel = definition.belongsToMany;
-  if (!rel)
-    return keys;
-  if (Array.isArray(rel)) {
-    for (const item of rel) {
-      if (typeof item === "string")
-        keys.add(item.toLowerCase());
-      else if (item && typeof item === "object" && item.model)
-        keys.add(item.model.toLowerCase());
-    }
-  } else if (typeof rel === "object") {
-    for (const k2 of Object.keys(rel))
-      keys.add(k2);
+  if (rel) {
+    if (Array.isArray(rel)) {
+      for (const item of rel) {
+        if (typeof item === "string")
+          keys.add(item.toLowerCase());
+        else if (item && typeof item === "object" && item.model)
+          keys.add(item.model.toLowerCase());
+      }
+    } else if (typeof rel === "object") {
+      for (const k2 of Object.keys(rel))
+        keys.add(k2);
+    }
   }
+  btmKeysCache.set(definition, keys);
   return keys;
 }
 
@@ -25480,11 +25526,13 @@ async function seedModel(definition, count, faker) {
     await exec.run(`INSERT INTO ${definition.table} (${columns.join(", ")}) VALUES (${columns.map(() => "?").join(", ")})`, Object.values(data));
   }
 }
-var SAFE_SQL_IDENTIFIER, _getModel = null, globalDb = null, _executor = null, _executorForDb = null, _executorDialect = null, _executorDatabase = null, SOFT_DELETE_COLUMN = "deleted_at", BTM_RELATED_ALIAS = "__btm_rel__", snakeCaseCache, tableNameCache, relationCache, RELATION_CACHE_MAX = 1000;
+var SAFE_SQL_IDENTIFIER, _getModel = null, pgPlaceholderCache, PG_PLACEHOLDER_CACHE_MAX = 500, globalDb = null, _executor = null, _executorForDb = null, _executorDialect = null, _executorDatabase = null, SOFT_DELETE_COLUMN = "deleted_at", BTM_RELATED_ALIAS = "__btm_rel__", btmKeysCache, snakeCaseCache, tableNameCache, relationCache, RELATION_CACHE_MAX = 1000;
 var init_orm = __esm(() => {
   init_config();
   init_db();
   SAFE_SQL_IDENTIFIER = /^[A-Z_][A-Z0-9_]*$/i;
+  pgPlaceholderCache = new Map;
+  btmKeysCache = new WeakMap;
   snakeCaseCache = new Map;
   tableNameCache = new Map;
   relationCache = new Map;
@@ -29936,7 +29984,7 @@ function getPrefix() {
 }
 var prefix = getPrefix();
 // package.json
-var version2 = "0.1.29";
+var version2 = "0.1.30";
 
 // bin/cli.ts
 init_actions();

package/dist/src/index.js

@@ -12391,6 +12391,61 @@ function validateIdentifier(name, context) {
     throw new Error(`[query-builder] Invalid identifier${contextMsg}: '${name}'. Identifiers must start with a letter or underscore and contain only alphanumeric characters, underscores, and dots.`);
   }
 }
+function assertSafeWhereOperator(op, context) {
+  if (typeof op !== "string")
+    throw new TypeError(`[query-builder] ${context}: operator must be a string, got ${typeof op}`);
+  const lower = op.toLowerCase();
+  if (!SAFE_WHERE_OPERATORS.has(lower))
+    throw new TypeError(`[query-builder] ${context}: refusing to use '${op}' as a SQL operator \u2014 not in the allowed set (${[...SAFE_WHERE_OPERATORS].join(", ")})`);
+  return op;
+}
+function validateQualifiedIdentifier(value, context) {
+  if (typeof value !== "string" || value.length === 0)
+    throw new TypeError(`[query-builder] ${context}: identifier must be a non-empty string, got ${typeof value}`);
+  if (value.length > 129)
+    throw new TypeError(`[query-builder] ${context}: identifier '${value}' too long`);
+  const parts = value.split(".");
+  if (parts.length > 2)
+    throw new TypeError(`[query-builder] ${context}: identifier '${value}' has more than one dot \u2014 only \`table.column\` is allowed`);
+  for (const part of parts) {
+    if (!/^[A-Z_][A-Z0-9_]*$/i.test(part))
+      throw new TypeError(`[query-builder] ${context}: identifier segment '${part}' contains characters outside [A-Za-z0-9_]`);
+  }
+}
+function assertSqlFragment(fragment, context) {
+  if (fragment === null || fragment === undefined) {
+    throw new TypeError(`[query-builder] ${context}: fragment must be a SqlFragment, got ${fragment}`);
+  }
+  if (typeof fragment === "string") {
+    warnOnceBareSqlFragment(context);
+  }
+}
+function warnOnceBareSqlFragment(context) {
+  if (warnedSqlFragmentContexts.has(context))
+    return;
+  warnedSqlFragmentContexts.add(context);
+  console.warn(`[query-builder] ${context}: bare string passed to a *Raw method. ` + `Prefer \`sql\`...\`\` tagged-template fragments so values are parameterised ` + `instead of concatenated \u2014 concatenating request input into SQL is an ` + `injection vector. This will become a hard error in a future release.`);
+}
+function formatSubqueryValue(val) {
+  if (val === null)
+    return "NULL";
+  if (typeof val === "number" && Number.isFinite(val))
+    return String(val);
+  if (typeof val === "boolean")
+    return val ? "1" : "0";
+  if (typeof val === "string")
+    return `'${val.replace(/'/g, "''")}'`;
+  throw new TypeError(`[query-builder] subquery condition: refusing to interpolate value of type ${typeof val}`);
+}
+function buildOverClause(partitionBy, orderBy) {
+  const cols = Array.isArray(partitionBy) ? partitionBy : partitionBy ? [partitionBy] : [];
+  const parts = [];
+  if (cols.length)
+    parts.push(`PARTITION BY ${cols.join(", ")}`);
+  if (orderBy && orderBy.length)
+    parts.push(`ORDER BY ${orderBy.map(([c, d]) => `${c} ${d === "desc" ? "DESC" : "ASC"}`).join(", ")}`);
+  return parts.length ? `OVER (${parts.join(" ")})` : "OVER ()";
+}
 
 class QueryCache {
   cache = new Map;
@@ -12455,6 +12510,16 @@ function sleep(ms) {
   return new Promise((resolve13) => setTimeout(resolve13, ms));
 }
 function reorderSelectClauses(sql) {
+  const hit = reorderCache.get(sql);
+  if (hit !== undefined)
+    return hit;
+  const out = computeReorderedClauses(sql);
+  if (reorderCache.size >= REORDER_CACHE_MAX)
+    reorderCache.clear();
+  reorderCache.set(sql, out);
+  return out;
+}
+function computeReorderedClauses(sql) {
   const KEYWORDS = [
     { key: "GROUP_BY", tokens: /^GROUP\s+BY\b/i },
     { key: "ORDER_BY", tokens: /^ORDER\s+BY\b/i },
@@ -12540,6 +12605,7 @@ function createQueryBuilder(state) {
   const _sql = state?.sql ?? getOrCreateBunSql();
   const meta = state?.meta;
   const schema = state?.schema;
+  const dynamicWhereColumnCache = new Map;
   function applyCondition(expr) {
     if (Array.isArray(expr)) {
       const [col, op, val] = expr;
@@ -12858,65 +12924,9 @@ function createQueryBuilder(state) {
         }
       }
     };
-    const buildOverClause = (partitionBy, orderBy) => {
-      const cols = Array.isArray(partitionBy) ? partitionBy : partitionBy ? [partitionBy] : [];
-      const parts = [];
-      if (cols.length)
-        parts.push(`PARTITION BY ${cols.join(", ")}`);
-      if (orderBy && orderBy.length)
-        parts.push(`ORDER BY ${orderBy.map(([c, d]) => `${c} ${d === "desc" ? "DESC" : "ASC"}`).join(", ")}`);
-      return parts.length ? `OVER (${parts.join(" ")})` : "OVER ()";
-    };
     const addWindowFunction = (fnExpr, alias, partitionBy, orderBy) => {
       addToSelectClause(`${fnExpr} ${buildOverClause(partitionBy, orderBy)} AS ${alias}`);
     };
-    function assertSafeWhereOperator(op, context) {
-      if (typeof op !== "string")
-        throw new TypeError(`[query-builder] ${context}: operator must be a string, got ${typeof op}`);
-      const lower = op.toLowerCase();
-      if (!SAFE_WHERE_OPERATORS.has(lower))
-        throw new TypeError(`[query-builder] ${context}: refusing to use '${op}' as a SQL operator \u2014 not in the allowed set (${[...SAFE_WHERE_OPERATORS].join(", ")})`);
-      return op;
-    }
-    function validateQualifiedIdentifier(value, context) {
-      if (typeof value !== "string" || value.length === 0)
-        throw new TypeError(`[query-builder] ${context}: identifier must be a non-empty string, got ${typeof value}`);
-      if (value.length > 129)
-        throw new TypeError(`[query-builder] ${context}: identifier '${value}' too long`);
-      const parts = value.split(".");
-      if (parts.length > 2)
-        throw new TypeError(`[query-builder] ${context}: identifier '${value}' has more than one dot \u2014 only \`table.column\` is allowed`);
-      for (const part of parts) {
-        if (!/^[A-Z_][A-Z0-9_]*$/i.test(part))
-          throw new TypeError(`[query-builder] ${context}: identifier segment '${part}' contains characters outside [A-Za-z0-9_]`);
-      }
-    }
-    function assertSqlFragment(fragment, context) {
-      if (fragment === null || fragment === undefined) {
-        throw new TypeError(`[query-builder] ${context}: fragment must be a SqlFragment, got ${fragment}`);
-      }
-      if (typeof fragment === "string") {
-        warnOnceBareSqlFragment(context);
-      }
-    }
-    const warnedSqlFragmentContexts = new Set;
-    function warnOnceBareSqlFragment(context) {
-      if (warnedSqlFragmentContexts.has(context))
-        return;
-      warnedSqlFragmentContexts.add(context);
-      console.warn(`[query-builder] ${context}: bare string passed to a *Raw method. ` + `Prefer \`sql\`...\`\` tagged-template fragments so values are parameterised ` + `instead of concatenated \u2014 concatenating request input into SQL is an ` + `injection vector. This will become a hard error in a future release.`);
-    }
-    function formatSubqueryValue(val) {
-      if (val === null)
-        return "NULL";
-      if (typeof val === "number" && Number.isFinite(val))
-        return String(val);
-      if (typeof val === "boolean")
-        return val ? "1" : "0";
-      if (typeof val === "string")
-        return `'${val.replace(/'/g, "''")}'`;
-      throw new TypeError(`[query-builder] subquery condition: refusing to interpolate value of type ${typeof val}`);
-    }
     const buildHasSubquery = (parentTable, targetTable, pk, callback) => {
       validateIdentifier(parentTable, "relationship subquery (parent table)");
       validateIdentifier(targetTable, "relationship subquery (target table)");
@@ -12949,7 +12959,7 @@ function createQueryBuilder(state) {
         const subQb = {
           where: (col, op, val) => {
             validateIdentifier(col, "relationship subquery condition");
-            return `${targetTable}.${col} ${op} ${typeof val === "string" ? `'${val}'` : val}`;
+            return `${targetTable}.${col} ${assertSafeWhereOperator(op, "whereHas callback")} ${formatSubqueryValue(val)}`;
           }
         };
         const condition = callback(subQb);
@@ -12978,7 +12988,7 @@ function createQueryBuilder(state) {
         const subQb = {
           where: (col, op, val) => {
             validateIdentifier(col, "relationship subquery condition");
-            return `${targetTable}.${col} ${op} ${typeof val === "string" ? `'${val}'` : val}`;
+            return `${targetTable}.${col} ${assertSafeWhereOperator(op, "whereHas callback")} ${formatSubqueryValue(val)}`;
           }
         };
         const condition = callback(subQb);
@@ -14493,7 +14503,14 @@ function createQueryBuilder(state) {
         return this;
       },
       toSQL() {
-        return makeExecutableQuery(ensureBuilt(), reorderSelectClauses(text));
+        const sqlText = reorderSelectClauses(text);
+        return {
+          sql: sqlText,
+          toString: () => sqlText,
+          execute: () => ensureBuilt().execute(),
+          values: () => ensureBuilt().values(),
+          raw: () => ensureBuilt().raw()
+        };
       },
       async value(column) {
         const q = sql`${ensureBuilt()} LIMIT 1`;
@@ -14947,20 +14964,36 @@ function createQueryBuilder(state) {
         if (typeof prop === "string" && (prop.startsWith("where") || prop.startsWith("orWhere") || prop.startsWith("andWhere"))) {
           const isOr = prop.startsWith("orWhere");
           const isAnd = prop.startsWith("andWhere");
-          const raw = prop.replace(/^or?where/i, "").replace(/^andwhere/i, "");
-          if (!raw)
+          const cacheKey = `${String(table)}|${prop}`;
+          let chosen = dynamicWhereColumnCache.get(cacheKey);
+          if (chosen === undefined) {
+            const raw = prop.replace(/^(?:or|and)?where/i, "");
+            if (!raw) {
+              dynamicWhereColumnCache.set(cacheKey, "");
+              chosen = "";
+            } else {
+              const lowerFirst = raw.charAt(0).toLowerCase() + raw.slice(1);
+              const snake = raw.replace(/([A-Z])/g, "_$1").toLowerCase().replace(/^_/, "");
+              const available = schema ? Object.keys(schema[String(table)]?.columns ?? {}) : [];
+              chosen = [snake, lowerFirst, lowerFirst.toLowerCase()].find((n) => available.includes(n)) ?? snake;
+              dynamicWhereColumnCache.set(cacheKey, chosen);
+            }
+          }
+          if (chosen === "")
             return () => receiver;
-          const lowerFirst = raw.charAt(0).toLowerCase() + raw.slice(1);
-          const toSnake = (s) => s.replace(/([A-Z])/g, "_$1").toLowerCase().replace(/^_/, "");
-          const snake = toSnake(raw);
-          const tbl = String(table);
-          const available = schema ? Object.keys(schema[tbl]?.columns ?? {}) : [];
-          const chosen = [snake, lowerFirst, lowerFirst.toLowerCase()].find((n) => available.includes(n)) ?? snake;
+          const column = chosen;
           return (value) => {
-            const expr = Array.isArray(value) ? sql`${sql(String(chosen))} IN ${sql(value)}` : sql`${sql(String(chosen))} = ${value}`;
+            const expr = Array.isArray(value) ? sql`${sql(column)} IN ${sql(value)}` : sql`${sql(column)} = ${value}`;
             built = isOr ? sql`${ensureBuilt()} OR ${expr}` : isAnd ? sql`${ensureBuilt()} AND ${expr}` : sql`${ensureBuilt()} WHERE ${expr}`;
-            const clause = Array.isArray(value) ? `${String(chosen)} IN (?)` : `${String(chosen)} = ?`;
-            addWhereText(isOr ? "OR" : isAnd ? "AND" : "WHERE", clause);
+            if (Array.isArray(value)) {
+              const phs = getPlaceholders(value.length, whereParams.length + 1);
+              addWhereText(isOr ? "OR" : isAnd ? "AND" : "WHERE", `${column} IN (${phs})`);
+              whereParams.push(...value);
+            } else {
+              const ph = getPlaceholder(whereParams.length + 1);
+              addWhereText(isOr ? "OR" : isAnd ? "AND" : "WHERE", `${column} = ${ph}`);
+              whereParams.push(value);
+            }
             return receiver;
           };
         }
@@ -16208,7 +16241,7 @@ function clearQueryCache() {
 function setQueryCacheMaxSize(size) {
   queryCache.setMaxSize(size);
 }
-var SQL_PATTERNS, SAFE_WHERE_OPERATORS, queryCache;
+var SQL_PATTERNS, SAFE_WHERE_OPERATORS, warnedSqlFragmentContexts, queryCache, reorderCache, REORDER_CACHE_MAX = 500;
 var init_client = __esm(() => {
   init_config();
   init_db();
@@ -16243,7 +16276,9 @@ var init_client = __esm(() => {
     "between",
     "not between"
   ]);
+  warnedSqlFragmentContexts = new Set;
   queryCache = new QueryCache;
+  reorderCache = new Map;
 });
 
 // src/actions/cache.ts
@@ -23821,8 +23856,15 @@ function getModelFromRegistry(name) {
   return _getModel(name);
 }
 function toPostgresPlaceholders(sql2) {
+  const hit = pgPlaceholderCache.get(sql2);
+  if (hit !== undefined)
+    return hit;
   let i2 = 0;
-  return sql2.replace(/\?/g, () => `$${++i2}`);
+  const out = sql2.replace(/\?/g, () => `$${++i2}`);
+  if (pgPlaceholderCache.size >= PG_PLACEHOLDER_CACHE_MAX)
+    pgPlaceholderCache.clear();
+  pgPlaceholderCache.set(sql2, out);
+  return out;
 }
 function extractChanges(res) {
   if (res == null)
@@ -23954,21 +23996,25 @@ function timestampsEnabled(definition) {
   return Boolean(t2?.useTimestamps || t2?.timestampable);
 }
 function collectBelongsToManyKeys(definition) {
+  const cached = btmKeysCache.get(definition);
+  if (cached)
+    return cached;
   const keys = new Set;
   const rel = definition.belongsToMany;
-  if (!rel)
-    return keys;
-  if (Array.isArray(rel)) {
-    for (const item of rel) {
-      if (typeof item === "string")
-        keys.add(item.toLowerCase());
-      else if (item && typeof item === "object" && item.model)
-        keys.add(item.model.toLowerCase());
-    }
-  } else if (typeof rel === "object") {
-    for (const k2 of Object.keys(rel))
-      keys.add(k2);
+  if (rel) {
+    if (Array.isArray(rel)) {
+      for (const item of rel) {
+        if (typeof item === "string")
+          keys.add(item.toLowerCase());
+        else if (item && typeof item === "object" && item.model)
+          keys.add(item.model.toLowerCase());
+      }
+    } else if (typeof rel === "object") {
+      for (const k2 of Object.keys(rel))
+        keys.add(k2);
+    }
   }
+  btmKeysCache.set(definition, keys);
   return keys;
 }
 
@@ -25480,11 +25526,13 @@ async function seedModel(definition, count, faker) {
     await exec.run(`INSERT INTO ${definition.table} (${columns.join(", ")}) VALUES (${columns.map(() => "?").join(", ")})`, Object.values(data));
   }
 }
-var SAFE_SQL_IDENTIFIER, _getModel = null, globalDb = null, _executor = null, _executorForDb = null, _executorDialect = null, _executorDatabase = null, SOFT_DELETE_COLUMN = "deleted_at", BTM_RELATED_ALIAS = "__btm_rel__", snakeCaseCache, tableNameCache, relationCache, RELATION_CACHE_MAX = 1000;
+var SAFE_SQL_IDENTIFIER, _getModel = null, pgPlaceholderCache, PG_PLACEHOLDER_CACHE_MAX = 500, globalDb = null, _executor = null, _executorForDb = null, _executorDialect = null, _executorDatabase = null, SOFT_DELETE_COLUMN = "deleted_at", BTM_RELATED_ALIAS = "__btm_rel__", btmKeysCache, snakeCaseCache, tableNameCache, relationCache, RELATION_CACHE_MAX = 1000;
 var init_orm = __esm(() => {
   init_config();
   init_db();
   SAFE_SQL_IDENTIFIER = /^[A-Z_][A-Z0-9_]*$/i;
+  pgPlaceholderCache = new Map;
+  btmKeysCache = new WeakMap;
   snakeCaseCache = new Map;
   tableNameCache = new Map;
   relationCache = new Map;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "bun-query-builder",
   "type": "module",
-  "version": "0.1.29",
+  "version": "0.1.30",
   "description": "A simple yet performant query builder for TypeScript. Built with Bun.",
   "author": "Chris Breuer <chris@stacksjs.org>",
   "license": "MIT",