digital-objects 1.0.0

package/dist/ns.js

@@ -0,0 +1,818 @@
+/**
+ * NS - Namespace Durable Object
+ *
+ * SQLite-based implementation of DigitalObjectsProvider for Cloudflare Workers.
+ * Each NS instance represents a namespace (tenant) with isolated data.
+ */
+import { DEFAULT_LIMIT, MAX_LIMIT, validateDirection } from './types.js';
+import { deriveNoun, deriveVerb } from './linguistic.js';
+import { validateData } from './schema-validation.js';
+import { NotFoundError, ValidationError, errorToResponse } from './errors.js';
+import { ZodError } from 'zod';
+import { NounDefinitionSchema, VerbDefinitionSchema, CreateThingSchema, UpdateThingSchema, PerformActionSchema, BatchCreateThingsSchema, BatchUpdateThingsSchema, BatchDeleteThingsSchema, BatchPerformActionsSchema, } from './http-schemas.js';
+/**
+ * Convert a ZodError to a ValidationError
+ */
+function zodErrorToValidationError(error) {
+    const fieldErrors = error.errors.map((issue) => ({
+        field: issue.path.join('.') || 'root',
+        message: issue.message,
+    }));
+    return new ValidationError('Request validation failed', fieldErrors);
+}
+/**
+ * Calculate effective limit with safety bounds
+ */
+function effectiveLimit(requestedLimit) {
+    return Math.min(requestedLimit ?? DEFAULT_LIMIT, MAX_LIMIT);
+}
+// Whitelist of allowed orderBy fields for SQL injection prevention
+const ALLOWED_ORDER_FIELDS = [
+    'createdAt',
+    'updatedAt',
+    'id',
+    'noun',
+    'verb',
+    'status',
+    'name',
+    'title',
+];
+/**
+ * Validates an orderBy field name to prevent SQL injection.
+ * Allows whitelisted fields or simple alphanumeric field names.
+ */
+function validateOrderByField(field) {
+    // Allow whitelisted fields
+    if (ALLOWED_ORDER_FIELDS.includes(field))
+        return true;
+    // Only allow simple alphanumeric field names (letters, numbers, underscores)
+    // Must start with a letter or underscore
+    return /^[a-zA-Z_][a-zA-Z0-9_]*$/.test(field);
+}
+/**
+ * NS - Namespace Durable Object
+ */
+export class NS {
+    sql;
+    initialized = false;
+    // Caches for noun and verb definitions to reduce database lookups
+    nounCache = new Map();
+    verbCache = new Map();
+    constructor(ctx, _env) {
+        this.sql = ctx.storage.sql;
+    }
+    async ensureInitialized() {
+        if (this.initialized)
+            return;
+        // Create tables
+        this.sql.exec(`
+      CREATE TABLE IF NOT EXISTS nouns (
+        name TEXT PRIMARY KEY,
+        singular TEXT NOT NULL,
+        plural TEXT NOT NULL,
+        slug TEXT NOT NULL,
+        description TEXT,
+        schema TEXT,
+        created_at INTEGER NOT NULL
+      );
+
+      CREATE TABLE IF NOT EXISTS verbs (
+        name TEXT PRIMARY KEY,
+        action TEXT NOT NULL,
+        act TEXT NOT NULL,
+        activity TEXT NOT NULL,
+        event TEXT NOT NULL,
+        reverse_by TEXT,
+        reverse_at TEXT,
+        reverse_in TEXT,
+        inverse TEXT,
+        description TEXT,
+        created_at INTEGER NOT NULL
+      );
+
+      CREATE TABLE IF NOT EXISTS things (
+        id TEXT PRIMARY KEY,
+        noun TEXT NOT NULL,
+        data TEXT NOT NULL,
+        created_at INTEGER NOT NULL,
+        updated_at INTEGER NOT NULL
+      );
+      CREATE INDEX IF NOT EXISTS idx_things_noun ON things(noun);
+
+      CREATE TABLE IF NOT EXISTS actions (
+        id TEXT PRIMARY KEY,
+        verb TEXT NOT NULL,
+        subject TEXT,
+        object TEXT,
+        data TEXT,
+        status TEXT NOT NULL DEFAULT 'completed',
+        created_at INTEGER NOT NULL,
+        completed_at INTEGER
+      );
+      CREATE INDEX IF NOT EXISTS idx_actions_verb ON actions(verb);
+      CREATE INDEX IF NOT EXISTS idx_actions_subject ON actions(subject);
+      CREATE INDEX IF NOT EXISTS idx_actions_object ON actions(object);
+      CREATE INDEX IF NOT EXISTS idx_actions_status ON actions(status);
+    `);
+        this.initialized = true;
+    }
+    // HTTP API handler
+    async fetch(request) {
+        await this.ensureInitialized();
+        const url = new URL(request.url);
+        const path = url.pathname;
+        const method = request.method;
+        try {
+            // Route to appropriate handler
+            if (path === '/nouns' && method === 'POST') {
+                const rawBody = await request.json();
+                const body = NounDefinitionSchema.parse(rawBody);
+                const noun = await this.defineNoun(body);
+                return Response.json(noun);
+            }
+            if (path.startsWith('/nouns/') && method === 'GET') {
+                const name = decodeURIComponent(path.slice('/nouns/'.length));
+                const noun = await this.getNoun(name);
+                return noun ? Response.json(noun) : new Response('Not found', { status: 404 });
+            }
+            if (path === '/nouns' && method === 'GET') {
+                const nouns = await this.listNouns();
+                return Response.json(nouns);
+            }
+            if (path === '/verbs' && method === 'POST') {
+                const rawBody = await request.json();
+                const body = VerbDefinitionSchema.parse(rawBody);
+                const verb = await this.defineVerb(body);
+                return Response.json(verb);
+            }
+            if (path.startsWith('/verbs/') && method === 'GET') {
+                const name = decodeURIComponent(path.slice('/verbs/'.length));
+                const verb = await this.getVerb(name);
+                return verb ? Response.json(verb) : new Response('Not found', { status: 404 });
+            }
+            if (path === '/verbs' && method === 'GET') {
+                const verbs = await this.listVerbs();
+                return Response.json(verbs);
+            }
+            if (path === '/things' && method === 'POST') {
+                const rawBody = await request.json();
+                const { noun, data, id } = CreateThingSchema.parse(rawBody);
+                const thing = await this.create(noun, data, id);
+                return Response.json(thing);
+            }
+            if (path.startsWith('/things/') && method === 'GET') {
+                const id = decodeURIComponent(path.slice('/things/'.length));
+                const thing = await this.get(id);
+                return thing ? Response.json(thing) : new Response('Not found', { status: 404 });
+            }
+            if (path.startsWith('/things/') && method === 'PATCH') {
+                const id = decodeURIComponent(path.slice('/things/'.length));
+                const rawBody = await request.json();
+                const { data } = UpdateThingSchema.parse(rawBody);
+                const thing = await this.update(id, data);
+                return Response.json(thing);
+            }
+            if (path.startsWith('/things/') && method === 'DELETE') {
+                const id = decodeURIComponent(path.slice('/things/'.length));
+                const deleted = await this.delete(id);
+                return Response.json({ deleted });
+            }
+            if (path === '/things' && method === 'GET') {
+                const noun = url.searchParams.get('noun');
+                if (!noun) {
+                    return new Response('noun parameter required', { status: 400 });
+                }
+                const options = {};
+                const limit = url.searchParams.get('limit');
+                const offset = url.searchParams.get('offset');
+                const orderBy = url.searchParams.get('orderBy');
+                const order = url.searchParams.get('order');
+                if (limit)
+                    options.limit = parseInt(limit, 10);
+                if (offset)
+                    options.offset = parseInt(offset, 10);
+                if (orderBy)
+                    options.orderBy = orderBy;
+                if (order === 'asc' || order === 'desc')
+                    options.order = order;
+                const things = await this.list(noun, options);
+                return Response.json(things);
+            }
+            if (path === '/search' && method === 'GET') {
+                const query = url.searchParams.get('q') ?? '';
+                const options = {};
+                const limit = url.searchParams.get('limit');
+                if (limit)
+                    options.limit = parseInt(limit, 10);
+                const things = await this.search(query, options);
+                return Response.json(things);
+            }
+            if (path === '/actions' && method === 'POST') {
+                const rawBody = await request.json();
+                const { verb, subject, object, data } = PerformActionSchema.parse(rawBody);
+                const action = await this.perform(verb, subject, object, data);
+                return Response.json(action);
+            }
+            if (path.startsWith('/actions/') && method === 'GET') {
+                const id = decodeURIComponent(path.slice('/actions/'.length));
+                const action = await this.getAction(id);
+                return action ? Response.json(action) : new Response('Not found', { status: 404 });
+            }
+            if (path.startsWith('/actions/') && method === 'DELETE') {
+                const id = decodeURIComponent(path.slice('/actions/'.length));
+                const deleted = await this.deleteAction(id);
+                return Response.json({ deleted });
+            }
+            if (path === '/actions' && method === 'GET') {
+                const options = {};
+                const verb = url.searchParams.get('verb');
+                const subject = url.searchParams.get('subject');
+                const object = url.searchParams.get('object');
+                const limit = url.searchParams.get('limit');
+                const status = url.searchParams.get('status');
+                if (verb)
+                    options.verb = verb;
+                if (subject)
+                    options.subject = subject;
+                if (object)
+                    options.object = object;
+                if (limit)
+                    options.limit = parseInt(limit, 10);
+                if (status)
+                    options.status = status;
+                const actions = await this.listActions(options);
+                return Response.json(actions);
+            }
+            if (path.startsWith('/edges/') && method === 'GET') {
+                const id = decodeURIComponent(path.slice('/edges/'.length));
+                const verb = url.searchParams.get('verb') ?? undefined;
+                const directionParam = url.searchParams.get('direction') ?? 'out';
+                const direction = validateDirection(directionParam);
+                const edges = await this.edges(id, verb, direction);
+                return Response.json(edges);
+            }
+            if (path.startsWith('/related/') && method === 'GET') {
+                const id = decodeURIComponent(path.slice('/related/'.length));
+                const verb = url.searchParams.get('verb') ?? undefined;
+                const directionParam = url.searchParams.get('direction') ?? 'out';
+                const direction = validateDirection(directionParam);
+                const things = await this.related(id, verb, direction);
+                return Response.json(things);
+            }
+            // Batch operations
+            if (path === '/batch/things' && method === 'POST') {
+                const rawBody = await request.json();
+                const { noun, items } = BatchCreateThingsSchema.parse(rawBody);
+                const things = await this.createMany(noun, items);
+                return Response.json(things);
+            }
+            if (path === '/batch/things' && method === 'PATCH') {
+                const rawBody = await request.json();
+                const { updates } = BatchUpdateThingsSchema.parse(rawBody);
+                const things = await this.updateMany(updates);
+                return Response.json(things);
+            }
+            if (path === '/batch/things' && method === 'DELETE') {
+                const rawBody = await request.json();
+                const { ids } = BatchDeleteThingsSchema.parse(rawBody);
+                const results = await this.deleteMany(ids);
+                return Response.json(results);
+            }
+            if (path === '/batch/actions' && method === 'POST') {
+                const rawBody = await request.json();
+                const { actions } = BatchPerformActionsSchema.parse(rawBody);
+                const results = await this.performMany(actions);
+                return Response.json(results);
+            }
+            return Response.json({ error: 'NOT_FOUND', message: 'Endpoint not found' }, { status: 404 });
+        }
+        catch (error) {
+            // Convert ZodError to ValidationError for consistent error handling
+            const normalizedError = error instanceof ZodError ? zodErrorToValidationError(error) : error;
+            const { body, status } = errorToResponse(normalizedError);
+            return Response.json(body, { status });
+        }
+    }
+    // ==================== Nouns ====================
+    async defineNoun(def) {
+        await this.ensureInitialized();
+        const derived = deriveNoun(def.name);
+        const now = Date.now();
+        this.sql.exec(`INSERT OR REPLACE INTO nouns (name, singular, plural, slug, description, schema, created_at)
+       VALUES (?, ?, ?, ?, ?, ?, ?)`, def.name, def.singular ?? derived.singular, def.plural ?? derived.plural, derived.slug, def.description ?? null, def.schema ? JSON.stringify(def.schema) : null, now);
+        const noun = {
+            name: def.name,
+            singular: def.singular ?? derived.singular,
+            plural: def.plural ?? derived.plural,
+            slug: derived.slug,
+            description: def.description,
+            schema: def.schema,
+            createdAt: new Date(now),
+        };
+        // Update cache
+        this.nounCache.set(def.name, noun);
+        return noun;
+    }
+    async getNoun(name) {
+        await this.ensureInitialized();
+        // Check cache first
+        const cached = this.nounCache.get(name);
+        if (cached)
+            return cached;
+        const rows = [...this.sql.exec('SELECT * FROM nouns WHERE name = ?', name)];
+        if (rows.length === 0)
+            return null;
+        const row = rows[0];
+        const noun = {
+            name: row.name,
+            singular: row.singular,
+            plural: row.plural,
+            slug: row.slug,
+            description: row.description,
+            schema: row.schema ? JSON.parse(row.schema) : undefined,
+            createdAt: new Date(row.created_at),
+        };
+        // Populate cache
+        this.nounCache.set(name, noun);
+        return noun;
+    }
+    async listNouns() {
+        await this.ensureInitialized();
+        const rows = [...this.sql.exec('SELECT * FROM nouns')];
+        return rows.map((row) => {
+            const r = row;
+            return {
+                name: r.name,
+                singular: r.singular,
+                plural: r.plural,
+                slug: r.slug,
+                description: r.description,
+                schema: r.schema ? JSON.parse(r.schema) : undefined,
+                createdAt: new Date(r.created_at),
+            };
+        });
+    }
+    // ==================== Verbs ====================
+    async defineVerb(def) {
+        await this.ensureInitialized();
+        const derived = deriveVerb(def.name);
+        const now = Date.now();
+        this.sql.exec(`INSERT OR REPLACE INTO verbs
+       (name, action, act, activity, event, reverse_by, reverse_at, reverse_in, inverse, description, created_at)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`, def.name, def.action ?? derived.action, def.act ?? derived.act, def.activity ?? derived.activity, def.event ?? derived.event, def.reverseBy ?? derived.reverseBy, derived.reverseAt, def.reverseIn ?? derived.reverseIn, def.inverse ?? null, def.description ?? null, now);
+        const verb = {
+            name: def.name,
+            action: def.action ?? derived.action,
+            act: def.act ?? derived.act,
+            activity: def.activity ?? derived.activity,
+            event: def.event ?? derived.event,
+            reverseBy: def.reverseBy ?? derived.reverseBy,
+            reverseAt: derived.reverseAt,
+            reverseIn: def.reverseIn ?? derived.reverseIn,
+            inverse: def.inverse,
+            description: def.description,
+            createdAt: new Date(now),
+        };
+        // Update cache
+        this.verbCache.set(def.name, verb);
+        return verb;
+    }
+    async getVerb(name) {
+        await this.ensureInitialized();
+        // Check cache first
+        const cached = this.verbCache.get(name);
+        if (cached)
+            return cached;
+        const rows = [...this.sql.exec('SELECT * FROM verbs WHERE name = ?', name)];
+        if (rows.length === 0)
+            return null;
+        const row = rows[0];
+        const verb = {
+            name: row.name,
+            action: row.action,
+            act: row.act,
+            activity: row.activity,
+            event: row.event,
+            reverseBy: row.reverse_by,
+            reverseAt: row.reverse_at,
+            reverseIn: row.reverse_in,
+            inverse: row.inverse,
+            description: row.description,
+            createdAt: new Date(row.created_at),
+        };
+        // Populate cache
+        this.verbCache.set(name, verb);
+        return verb;
+    }
+    async listVerbs() {
+        await this.ensureInitialized();
+        const rows = [...this.sql.exec('SELECT * FROM verbs')];
+        return rows.map((row) => {
+            const r = row;
+            return {
+                name: r.name,
+                action: r.action,
+                act: r.act,
+                activity: r.activity,
+                event: r.event,
+                reverseBy: r.reverse_by,
+                reverseAt: r.reverse_at,
+                reverseIn: r.reverse_in,
+                inverse: r.inverse,
+                description: r.description,
+                createdAt: new Date(r.created_at),
+            };
+        });
+    }
+    // ==================== Things ====================
+    async create(noun, data, id, options) {
+        await this.ensureInitialized();
+        // Validate data against noun schema if validation is enabled
+        if (options?.validate) {
+            const nounDef = await this.getNoun(noun);
+            validateData(data, nounDef?.schema, options);
+        }
+        const thingId = id ?? crypto.randomUUID();
+        const now = Date.now();
+        this.sql.exec(`INSERT INTO things (id, noun, data, created_at, updated_at)
+       VALUES (?, ?, ?, ?, ?)`, thingId, noun, JSON.stringify(data), now, now);
+        return {
+            id: thingId,
+            noun,
+            data,
+            createdAt: new Date(now),
+            updatedAt: new Date(now),
+        };
+    }
+    async get(id) {
+        await this.ensureInitialized();
+        const rows = [...this.sql.exec('SELECT * FROM things WHERE id = ?', id)];
+        if (rows.length === 0)
+            return null;
+        const row = rows[0];
+        return {
+            id: row.id,
+            noun: row.noun,
+            data: JSON.parse(row.data),
+            createdAt: new Date(row.created_at),
+            updatedAt: new Date(row.updated_at),
+        };
+    }
+    async list(noun, options) {
+        await this.ensureInitialized();
+        let sql = 'SELECT * FROM things WHERE noun = ?';
+        const params = [noun];
+        // Apply where filter in SQL using json_extract for better performance
+        if (options?.where) {
+            for (const [key, value] of Object.entries(options.where)) {
+                // Validate field name to prevent SQL injection
+                if (!validateOrderByField(key)) {
+                    throw new Error(`Invalid where field: ${key}`);
+                }
+                sql += ` AND json_extract(data, '$.${key}') = ?`;
+                // json_extract returns strings unquoted, numbers as numbers, booleans as 0/1, null as NULL
+                params.push(value);
+            }
+        }
+        if (options?.orderBy) {
+            // Validate orderBy field to prevent SQL injection
+            if (!validateOrderByField(options.orderBy)) {
+                throw new Error(`Invalid orderBy field: ${options.orderBy}`);
+            }
+            sql += ` ORDER BY json_extract(data, '$.${options.orderBy}')`;
+            sql += options.order === 'desc' ? ' DESC' : ' ASC';
+        }
+        // Apply limit with safety bounds
+        const limit = effectiveLimit(options?.limit);
+        sql += ` LIMIT ?`;
+        params.push(limit);
+        if (options?.offset) {
+            sql += ` OFFSET ?`;
+            params.push(options.offset);
+        }
+        const rows = [...this.sql.exec(sql, ...params)];
+        const results = rows.map((row) => {
+            const r = row;
+            return {
+                id: r.id,
+                noun: r.noun,
+                data: JSON.parse(r.data),
+                createdAt: new Date(r.created_at),
+                updatedAt: new Date(r.updated_at),
+            };
+        });
+        return results;
+    }
+    async find(noun, where) {
+        return this.list(noun, { where: where });
+    }
+    async update(id, data, options) {
+        await this.ensureInitialized();
+        const existing = await this.get(id);
+        if (!existing)
+            throw new NotFoundError('Thing', id);
+        const updated = { ...existing.data, ...data };
+        // Validate merged data against noun schema if validation is enabled
+        if (options?.validate) {
+            const nounDef = await this.getNoun(existing.noun);
+            validateData(updated, nounDef?.schema, options);
+        }
+        const now = Date.now();
+        this.sql.exec(`UPDATE things SET data = ?, updated_at = ? WHERE id = ?`, JSON.stringify(updated), now, id);
+        return {
+            ...existing,
+            data: updated,
+            updatedAt: new Date(now),
+        };
+    }
+    async delete(id) {
+        await this.ensureInitialized();
+        const result = this.sql.exec('DELETE FROM things WHERE id = ?', id);
+        return result.rowsWritten > 0;
+    }
+    async search(query, options) {
+        await this.ensureInitialized();
+        const q = `%${query.toLowerCase()}%`;
+        let sql = `SELECT * FROM things WHERE LOWER(data) LIKE ?`;
+        const params = [q];
+        // Apply limit with safety bounds
+        const limit = effectiveLimit(options?.limit);
+        sql += ` LIMIT ?`;
+        params.push(limit);
+        const rows = [...this.sql.exec(sql, ...params)];
+        return rows.map((row) => {
+            const r = row;
+            return {
+                id: r.id,
+                noun: r.noun,
+                data: JSON.parse(r.data),
+                createdAt: new Date(r.created_at),
+                updatedAt: new Date(r.updated_at),
+            };
+        });
+    }
+    // ==================== Actions ====================
+    async perform(verb, subject, object, data) {
+        await this.ensureInitialized();
+        const id = crypto.randomUUID();
+        const now = Date.now();
+        this.sql.exec(`INSERT INTO actions (id, verb, subject, object, data, status, created_at, completed_at)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?)`, id, verb, subject ?? null, object ?? null, data ? JSON.stringify(data) : null, 'completed', now, now);
+        return {
+            id,
+            verb,
+            subject,
+            object,
+            data,
+            status: 'completed',
+            createdAt: new Date(now),
+            completedAt: new Date(now),
+        };
+    }
+    async getAction(id) {
+        await this.ensureInitialized();
+        const rows = [...this.sql.exec('SELECT * FROM actions WHERE id = ?', id)];
+        if (rows.length === 0)
+            return null;
+        const row = rows[0];
+        return {
+            id: row.id,
+            verb: row.verb,
+            subject: row.subject,
+            object: row.object,
+            data: row.data ? JSON.parse(row.data) : undefined,
+            status: row.status,
+            createdAt: new Date(row.created_at),
+            completedAt: row.completed_at ? new Date(row.completed_at) : undefined,
+        };
+    }
+    async listActions(options) {
+        await this.ensureInitialized();
+        let sql = 'SELECT * FROM actions WHERE 1=1';
+        const params = [];
+        if (options?.verb) {
+            sql += ' AND verb = ?';
+            params.push(options.verb);
+        }
+        if (options?.subject) {
+            sql += ' AND subject = ?';
+            params.push(options.subject);
+        }
+        if (options?.object) {
+            sql += ' AND object = ?';
+            params.push(options.object);
+        }
+        if (options?.status) {
+            const statuses = Array.isArray(options.status) ? options.status : [options.status];
+            sql += ` AND status IN (${statuses.map(() => '?').join(', ')})`;
+            params.push(...statuses);
+        }
+        // Apply limit with safety bounds
+        const limit = effectiveLimit(options?.limit);
+        sql += ' LIMIT ?';
+        params.push(limit);
+        const rows = [...this.sql.exec(sql, ...params)];
+        return rows.map((row) => {
+            const r = row;
+            return {
+                id: r.id,
+                verb: r.verb,
+                subject: r.subject,
+                object: r.object,
+                data: r.data ? JSON.parse(r.data) : undefined,
+                status: r.status,
+                createdAt: new Date(r.created_at),
+                completedAt: r.completed_at ? new Date(r.completed_at) : undefined,
+            };
+        });
+    }
+    async deleteAction(id) {
+        await this.ensureInitialized();
+        const result = this.sql.exec('DELETE FROM actions WHERE id = ?', id);
+        return result.rowsWritten > 0;
+    }
+    // ==================== Graph Traversal ====================
+    async related(id, verb, direction = 'out', options) {
+        const validDirection = validateDirection(direction);
+        const edgesList = await this.edges(id, verb, validDirection);
+        const relatedIds = new Set();
+        for (const edge of edgesList) {
+            if (direction === 'out' || direction === 'both') {
+                if (edge.subject === id && edge.object) {
+                    relatedIds.add(edge.object);
+                }
+            }
+            if (direction === 'in' || direction === 'both') {
+                if (edge.object === id && edge.subject) {
+                    relatedIds.add(edge.subject);
+                }
+            }
+        }
+        let results = [];
+        for (const relatedId of relatedIds) {
+            const thing = await this.get(relatedId);
+            if (thing)
+                results.push(thing);
+        }
+        // Apply limit with safety bounds
+        const limit = effectiveLimit(options?.limit);
+        results = results.slice(0, limit);
+        return results;
+    }
+    async edges(id, verb, direction = 'out', options) {
+        const validDirection = validateDirection(direction);
+        await this.ensureInitialized();
+        let sql;
+        const params = [];
+        if (validDirection === 'out') {
+            sql = 'SELECT * FROM actions WHERE subject = ?';
+            params.push(id);
+        }
+        else if (validDirection === 'in') {
+            sql = 'SELECT * FROM actions WHERE object = ?';
+            params.push(id);
+        }
+        else {
+            sql = 'SELECT * FROM actions WHERE subject = ? OR object = ?';
+            params.push(id, id);
+        }
+        if (verb) {
+            sql += ' AND verb = ?';
+            params.push(verb);
+        }
+        // Apply limit with safety bounds
+        const limit = effectiveLimit(options?.limit);
+        sql += ' LIMIT ?';
+        params.push(limit);
+        const rows = [...this.sql.exec(sql, ...params)];
+        return rows.map((row) => {
+            const r = row;
+            return {
+                id: r.id,
+                verb: r.verb,
+                subject: r.subject,
+                object: r.object,
+                data: r.data ? JSON.parse(r.data) : undefined,
+                status: r.status,
+                createdAt: new Date(r.created_at),
+                completedAt: r.completed_at ? new Date(r.completed_at) : undefined,
+            };
+        });
+    }
+    // ==================== Batch Operations ====================
+    async createMany(noun, items) {
+        await this.ensureInitialized();
+        const now = Date.now();
+        const results = [];
+        // Use a transaction for atomic batch insert
+        this.sql.exec('BEGIN TRANSACTION');
+        try {
+            for (const item of items) {
+                const thingId = crypto.randomUUID();
+                this.sql.exec(`INSERT INTO things (id, noun, data, created_at, updated_at)
+           VALUES (?, ?, ?, ?, ?)`, thingId, noun, JSON.stringify(item), now, now);
+                results.push({
+                    id: thingId,
+                    noun,
+                    data: item,
+                    createdAt: new Date(now),
+                    updatedAt: new Date(now),
+                });
+            }
+            this.sql.exec('COMMIT');
+        }
+        catch (error) {
+            this.sql.exec('ROLLBACK');
+            throw error;
+        }
+        return results;
+    }
+    async updateMany(updates) {
+        await this.ensureInitialized();
+        const now = Date.now();
+        const results = [];
+        // Use a transaction for atomic batch update
+        this.sql.exec('BEGIN TRANSACTION');
+        try {
+            for (const { id, data } of updates) {
+                const existing = await this.get(id);
+                if (!existing)
+                    throw new NotFoundError('Thing', id);
+                const updated = { ...existing.data, ...data };
+                this.sql.exec(`UPDATE things SET data = ?, updated_at = ? WHERE id = ?`, JSON.stringify(updated), now, id);
+                results.push({
+                    ...existing,
+                    data: updated,
+                    updatedAt: new Date(now),
+                });
+            }
+            this.sql.exec('COMMIT');
+        }
+        catch (error) {
+            this.sql.exec('ROLLBACK');
+            throw error;
+        }
+        return results;
+    }
+    async deleteMany(ids) {
+        await this.ensureInitialized();
+        const results = [];
+        // Use a transaction for atomic batch delete
+        this.sql.exec('BEGIN TRANSACTION');
+        try {
+            for (const id of ids) {
+                const result = this.sql.exec('DELETE FROM things WHERE id = ?', id);
+                results.push(result.rowsWritten > 0);
+            }
+            this.sql.exec('COMMIT');
+        }
+        catch (error) {
+            this.sql.exec('ROLLBACK');
+            throw error;
+        }
+        return results;
+    }
+    async performMany(actions) {
+        await this.ensureInitialized();
+        const now = Date.now();
+        const results = [];
+        // Use a transaction for atomic batch insert
+        this.sql.exec('BEGIN TRANSACTION');
+        try {
+            for (const action of actions) {
+                const id = crypto.randomUUID();
+                this.sql.exec(`INSERT INTO actions (id, verb, subject, object, data, status, created_at, completed_at)
+           VALUES (?, ?, ?, ?, ?, ?, ?, ?)`, id, action.verb, action.subject ?? null, action.object ?? null, action.data ? JSON.stringify(action.data) : null, 'completed', now, now);
+                results.push({
+                    id,
+                    verb: action.verb,
+                    subject: action.subject,
+                    object: action.object,
+                    data: action.data,
+                    status: 'completed',
+                    createdAt: new Date(now),
+                    completedAt: new Date(now),
+                });
+            }
+            this.sql.exec('COMMIT');
+        }
+        catch (error) {
+            this.sql.exec('ROLLBACK');
+            throw error;
+        }
+        return results;
+    }
+    async close() {
+        // No-op for Durable Objects (SQLite persists automatically)
+    }
+}
+export default {
+    async fetch(request, env) {
+        const url = new URL(request.url);
+        const namespaceId = url.searchParams.get('ns') ?? 'default';
+        const id = env.NS.idFromName(namespaceId);
+        const stub = env.NS.get(id);
+        return stub.fetch(request);
+    },
+};
+//# sourceMappingURL=ns.js.map