prisma-sql 1.44.0 → 1.46.0

package/dist/generator.js

@@ -54,7 +54,7 @@ var require_package = __commonJS({
   "package.json"(exports$1, module) {
     module.exports = {
       name: "prisma-sql",
-      version: "1.44.0",
+      version: "1.46.0",
       description: "Convert Prisma queries to optimized SQL with type safety. 2-7x faster than Prisma Client.",
       main: "dist/index.cjs",
       module: "dist/index.js",
@@ -157,20 +157,13 @@ var SQL_SEPARATORS = Object.freeze({
   CONDITION_OR: " OR ",
   ORDER_BY: ", "
 });
-var SQL_RESERVED_WORDS = /* @__PURE__ */ new Set([
+var ALIAS_FORBIDDEN_KEYWORDS = /* @__PURE__ */ new Set([
   "select",
   "from",
   "where",
-  "and",
-  "or",
-  "not",
-  "in",
-  "like",
-  "between",
+  "having",
   "order",
-  "by",
   "group",
-  "having",
   "limit",
   "offset",
   "join",
@@ -178,14 +171,42 @@ var SQL_RESERVED_WORDS = /* @__PURE__ */ new Set([
   "left",
   "right",
   "outer",
-  "on",
+  "cross",
+  "full",
+  "and",
+  "or",
+  "not",
+  "by",
   "as",
+  "on",
+  "union",
+  "intersect",
+  "except",
+  "case",
+  "when",
+  "then",
+  "else",
+  "end"
+]);
+var SQL_KEYWORDS = /* @__PURE__ */ new Set([
+  ...ALIAS_FORBIDDEN_KEYWORDS,
+  "user",
+  "users",
   "table",
   "column",
   "index",
-  "user",
-  "users",
   "values",
+  "in",
+  "like",
+  "between",
+  "is",
+  "exists",
+  "null",
+  "true",
+  "false",
+  "all",
+  "any",
+  "some",
   "update",
   "insert",
   "delete",
@@ -196,25 +217,9 @@ var SQL_RESERVED_WORDS = /* @__PURE__ */ new Set([
   "grant",
   "revoke",
   "exec",
-  "execute",
-  "union",
-  "intersect",
-  "except",
-  "case",
-  "when",
-  "then",
-  "else",
-  "end",
-  "null",
-  "true",
-  "false",
-  "is",
-  "exists",
-  "all",
-  "any",
-  "some"
+  "execute"
 ]);
-var SQL_KEYWORDS = SQL_RESERVED_WORDS;
+var SQL_RESERVED_WORDS = SQL_KEYWORDS;
 var DEFAULT_WHERE_CLAUSE = "1=1";
 var SPECIAL_FIELDS = Object.freeze({
   ID: "id"
@@ -293,12 +298,48 @@ var LIMITS = Object.freeze({
 });
 
 // src/utils/normalize-value.ts
-function normalizeValue(value) {
+var MAX_DEPTH = 20;
+function normalizeValue(value, seen = /* @__PURE__ */ new WeakSet(), depth = 0) {
+  if (depth > MAX_DEPTH) {
+    throw new Error(`Max normalization depth exceeded (${MAX_DEPTH} levels)`);
+  }
   if (value instanceof Date) {
+    const t = value.getTime();
+    if (!Number.isFinite(t)) {
+      throw new Error("Invalid Date value in SQL params");
+    }
     return value.toISOString();
   }
+  if (typeof value === "bigint") {
+    return value.toString();
+  }
   if (Array.isArray(value)) {
-    return value.map(normalizeValue);
+    const arrRef = value;
+    if (seen.has(arrRef)) {
+      throw new Error("Circular reference in SQL params");
+    }
+    seen.add(arrRef);
+    const out = value.map((v) => normalizeValue(v, seen, depth + 1));
+    seen.delete(arrRef);
+    return out;
+  }
+  if (value && typeof value === "object") {
+    if (value instanceof Uint8Array) return value;
+    if (typeof Buffer !== "undefined" && Buffer.isBuffer(value)) return value;
+    const proto = Object.getPrototypeOf(value);
+    const isPlain = proto === Object.prototype || proto === null;
+    if (!isPlain) return value;
+    const obj = value;
+    if (seen.has(obj)) {
+      throw new Error("Circular reference in SQL params");
+    }
+    seen.add(obj);
+    const out = {};
+    for (const [k, v] of Object.entries(obj)) {
+      out[k] = normalizeValue(v, seen, depth + 1);
+    }
+    seen.delete(obj);
+    return out;
   }
   return value;
 }
@@ -479,7 +520,7 @@ function prepareArrayParam(value, dialect) {
     throw new Error("prepareArrayParam requires array value");
   }
   if (dialect === "postgres") {
-    return value.map(normalizeValue);
+    return value.map((v) => normalizeValue(v));
   }
   return JSON.stringify(value);
 }
@@ -551,36 +592,46 @@ function createError(message, ctx, code = "VALIDATION_ERROR") {
 }
 
 // src/builder/shared/model-field-cache.ts
-var SCALAR_SET_CACHE = /* @__PURE__ */ new WeakMap();
-var RELATION_SET_CACHE = /* @__PURE__ */ new WeakMap();
+var MODEL_CACHE = /* @__PURE__ */ new WeakMap();
+function ensureFullCache(model) {
+  let cache = MODEL_CACHE.get(model);
+  if (!cache) {
+    const fieldInfo = /* @__PURE__ */ new Map();
+    const scalarFields = /* @__PURE__ */ new Set();
+    const relationFields = /* @__PURE__ */ new Set();
+    const columnMap = /* @__PURE__ */ new Map();
+    for (const f of model.fields) {
+      const info = {
+        name: f.name,
+        dbName: f.dbName || f.name,
+        type: f.type,
+        isRelation: !!f.isRelation,
+        isRequired: !!f.isRequired
+      };
+      fieldInfo.set(f.name, info);
+      if (info.isRelation) {
+        relationFields.add(f.name);
+      } else {
+        scalarFields.add(f.name);
+        columnMap.set(f.name, info.dbName);
+      }
+    }
+    cache = { fieldInfo, scalarFields, relationFields, columnMap };
+    MODEL_CACHE.set(model, cache);
+  }
+  return cache;
+}
+function getFieldInfo(model, fieldName) {
+  return ensureFullCache(model).fieldInfo.get(fieldName);
+}
 function getScalarFieldSet(model) {
-  const cached = SCALAR_SET_CACHE.get(model);
-  if (cached) return cached;
-  const s = /* @__PURE__ */ new Set();
-  for (const f of model.fields) if (!f.isRelation) s.add(f.name);
-  SCALAR_SET_CACHE.set(model, s);
-  return s;
+  return ensureFullCache(model).scalarFields;
 }
 function getRelationFieldSet(model) {
-  const cached = RELATION_SET_CACHE.get(model);
-  if (cached) return cached;
-  const s = /* @__PURE__ */ new Set();
-  for (const f of model.fields) if (f.isRelation) s.add(f.name);
-  RELATION_SET_CACHE.set(model, s);
-  return s;
-}
-var COLUMN_MAP_CACHE = /* @__PURE__ */ new WeakMap();
+  return ensureFullCache(model).relationFields;
+}
 function getColumnMap(model) {
-  const cached = COLUMN_MAP_CACHE.get(model);
-  if (cached) return cached;
-  const map = /* @__PURE__ */ new Map();
-  for (const f of model.fields) {
-    if (!f.isRelation) {
-      map.set(f.name, f.dbName || f.name);
-    }
-  }
-  COLUMN_MAP_CACHE.set(model, map);
-  return map;
+  return ensureFullCache(model).columnMap;
 }
 
 // src/builder/shared/validators/sql-validators.ts
@@ -591,20 +642,21 @@ function isEmptyWhere(where) {
   if (!isNotNullish(where)) return true;
   return Object.keys(where).length === 0;
 }
+function sqlPreview(sql) {
+  const s = String(sql);
+  if (s.length <= 160) return s;
+  return `${s.slice(0, 160)}...`;
+}
 function validateSelectQuery(sql) {
   if (!hasValidContent(sql)) {
     throw new Error("CRITICAL: Generated empty SQL query");
   }
   if (!hasRequiredKeywords(sql)) {
-    throw new Error(
-      `CRITICAL: Invalid SQL structure. SQL: ${sql.substring(0, 100)}...`
-    );
+    throw new Error(`CRITICAL: Invalid SQL structure. SQL: ${sqlPreview(sql)}`);
   }
 }
-function sqlPreview(sql) {
-  return `${sql.substring(0, 100)}...`;
-}
-function parseDollarNumber(sql, start, n) {
+function parseDollarNumber(sql, start) {
+  const n = sql.length;
   let i = start;
   let num = 0;
   let hasDigit = false;
@@ -615,14 +667,14 @@ function parseDollarNumber(sql, start, n) {
     num = num * 10 + (c - 48);
     i++;
   }
-  if (!hasDigit || num <= 0) return { next: i, num: 0, ok: false };
-  return { next: i, num, ok: true };
+  if (!hasDigit || num <= 0) return { next: i, num: 0 };
+  return { next: i, num };
 }
 function scanDollarPlaceholders(sql, markUpTo) {
   const seen = new Uint8Array(markUpTo + 1);
-  let count = 0;
   let min = Number.POSITIVE_INFINITY;
   let max = 0;
+  let sawAny = false;
   const n = sql.length;
   let i = 0;
   while (i < n) {
@@ -630,17 +682,21 @@ function scanDollarPlaceholders(sql, markUpTo) {
       i++;
       continue;
     }
-    const { next, num, ok } = parseDollarNumber(sql, i + 1, n);
-    i = next;
-    if (!ok) continue;
-    count++;
+    const parsed = parseDollarNumber(sql, i + 1);
+    i = parsed.next;
+    const num = parsed.num;
+    if (num === 0) continue;
+    sawAny = true;
     if (num < min) min = num;
     if (num > max) max = num;
     if (num <= markUpTo) seen[num] = 1;
   }
-  return { count, min, max, seen };
+  if (!sawAny) {
+    return { min: 0, max: 0, seen, sawAny: false };
+  }
+  return { min, max, seen, sawAny: true };
 }
-function assertNoGaps(scan, rangeMin, rangeMax, sql) {
+function assertNoGapsDollar(scan, rangeMin, rangeMax, sql) {
   for (let k = rangeMin; k <= rangeMax; k++) {
     if (scan.seen[k] !== 1) {
       throw new Error(
@@ -651,174 +707,75 @@ function assertNoGaps(scan, rangeMin, rangeMax, sql) {
 }
 function validateParamConsistency(sql, params) {
   const paramLen = params.length;
-  if (paramLen === 0) {
-    if (sql.indexOf("$") === -1) return;
-  }
   const scan = scanDollarPlaceholders(sql, paramLen);
-  if (scan.count === 0) {
-    if (paramLen !== 0) {
+  if (paramLen === 0) {
+    if (scan.sawAny) {
       throw new Error(
-        `CRITICAL: Parameter mismatch - SQL has no placeholders but ${paramLen} params provided.`
+        `CRITICAL: SQL contains placeholders but params is empty. SQL: ${sqlPreview(sql)}`
       );
     }
     return;
   }
-  if (scan.max !== paramLen) {
+  if (!scan.sawAny) {
     throw new Error(
-      `CRITICAL: Parameter mismatch - SQL max placeholder is $${scan.max} but ${paramLen} params provided. This will cause SQL execution to fail. SQL: ${sqlPreview(sql)}`
+      `CRITICAL: SQL is missing placeholders ($1..$${paramLen}) but params has length ${paramLen}. SQL: ${sqlPreview(sql)}`
     );
   }
-  assertNoGaps(scan, 1, scan.max, sql);
-}
-function needsQuoting(id) {
-  if (!isNonEmptyString(id)) return true;
-  const isKeyword = SQL_KEYWORDS.has(id.toLowerCase());
-  if (isKeyword) return true;
-  const isValidIdentifier = REGEX_CACHE.VALID_IDENTIFIER.test(id);
-  return !isValidIdentifier;
-}
-function validateParamConsistencyFragment(sql, params) {
-  const paramLen = params.length;
-  const scan = scanDollarPlaceholders(sql, paramLen);
-  if (scan.max === 0) return;
-  if (scan.max > paramLen) {
+  if (scan.min !== 1) {
     throw new Error(
-      `CRITICAL: Parameter mismatch - SQL references $${scan.max} but only ${paramLen} params provided. SQL: ${sqlPreview(sql)}`
+      `CRITICAL: Placeholder range must start at $1, got min=$${scan.min}. SQL: ${sqlPreview(sql)}`
     );
   }
-  assertNoGaps(scan, scan.min, scan.max, sql);
-}
-function assertOrThrow(condition, message) {
-  if (!condition) throw new Error(message);
-}
-function dialectPlaceholderPrefix(dialect) {
-  return dialect === "sqlite" ? "?" : "$";
-}
-function parseSqlitePlaceholderIndices(sql) {
-  const re = /\?(?:(\d+))?/g;
-  const indices = [];
-  let anonCount = 0;
-  let sawNumbered = false;
-  let sawAnonymous = false;
-  for (const m of sql.matchAll(re)) {
-    const n = m[1];
-    if (n) {
-      sawNumbered = true;
-      indices.push(parseInt(n, 10));
-    } else {
-      sawAnonymous = true;
-      anonCount += 1;
-      indices.push(anonCount);
-    }
-  }
-  return { indices, sawNumbered, sawAnonymous };
-}
-function parseDollarPlaceholderIndices(sql) {
-  const re = /\$(\d+)/g;
-  const indices = [];
-  for (const m of sql.matchAll(re)) indices.push(parseInt(m[1], 10));
-  return indices;
-}
-function getPlaceholderIndices(sql, dialect) {
-  if (dialect === "sqlite") return parseSqlitePlaceholderIndices(sql);
-  return {
-    indices: parseDollarPlaceholderIndices(sql),
-    sawNumbered: false,
-    sawAnonymous: false
-  };
-}
-function maxIndex(indices) {
-  return indices.length > 0 ? Math.max(...indices) : 0;
-}
-function ensureNoMixedSqlitePlaceholders(sawNumbered, sawAnonymous) {
-  assertOrThrow(
-    !(sawNumbered && sawAnonymous),
-    `CRITICAL: Mixed sqlite placeholders ('?' and '?NNN') are not supported.`
-  );
-}
-function ensurePlaceholderMaxMatchesMappingsLength(max, mappingsLength, dialect) {
-  assertOrThrow(
-    max === mappingsLength,
-    `CRITICAL: SQL placeholder max mismatch - max is ${dialectPlaceholderPrefix(dialect)}${max}, but mappings length is ${mappingsLength}.`
-  );
-}
-function ensureSequentialPlaceholders(placeholders, max, dialect) {
-  const prefix = dialectPlaceholderPrefix(dialect);
-  for (let i = 1; i <= max; i++) {
-    assertOrThrow(
-      placeholders.has(i),
-      `CRITICAL: Missing SQL placeholder ${prefix}${i} - placeholders must be sequential 1..${max}.`
+  if (scan.max !== paramLen) {
+    throw new Error(
+      `CRITICAL: Placeholder max must match params length. max=$${scan.max}, params=${paramLen}. SQL: ${sqlPreview(sql)}`
     );
   }
+  assertNoGapsDollar(scan, 1, paramLen, sql);
 }
-function validateMappingIndex(mapping, max) {
-  assertOrThrow(
-    Number.isInteger(mapping.index) && mapping.index >= 1 && mapping.index <= max,
-    `CRITICAL: ParamMapping index ${mapping.index} out of range 1..${max}.`
-  );
-}
-function ensureUniqueMappingIndex(mappingIndices, index, dialect) {
-  assertOrThrow(
-    !mappingIndices.has(index),
-    `CRITICAL: Duplicate ParamMapping index ${index} - each placeholder index must map to exactly one ParamMap.`
-  );
-  mappingIndices.add(index);
-}
-function ensureMappingIndexExistsInSql(placeholders, index) {
-  assertOrThrow(
-    placeholders.has(index),
-    `CRITICAL: ParamMapping index ${index} not found in SQL placeholders.`
-  );
-}
-function validateMappingValueShape(mapping) {
-  assertOrThrow(
-    !(mapping.dynamicName !== void 0 && mapping.value !== void 0),
-    `CRITICAL: ParamMap ${mapping.index} has both dynamicName and value`
-  );
-  assertOrThrow(
-    !(mapping.dynamicName === void 0 && mapping.value === void 0),
-    `CRITICAL: ParamMap ${mapping.index} has neither dynamicName nor value`
-  );
+function countQuestionMarkPlaceholders(sql) {
+  const s = String(sql);
+  let count = 0;
+  for (let i = 0; i < s.length; i++) {
+    if (s.charCodeAt(i) === 63) count++;
+  }
+  return count;
 }
-function ensureMappingsCoverAllIndices(mappingIndices, max, dialect) {
-  const prefix = dialectPlaceholderPrefix(dialect);
-  for (let i = 1; i <= max; i++) {
-    assertOrThrow(
-      mappingIndices.has(i),
-      `CRITICAL: Missing ParamMap for placeholder ${prefix}${i} - mappings must cover 1..${max} with no gaps.`
+function validateQuestionMarkConsistency(sql, params) {
+  const expected = params.length;
+  const found = countQuestionMarkPlaceholders(sql);
+  if (expected !== found) {
+    throw new Error(
+      `CRITICAL: Parameter mismatch - expected ${expected} '?' placeholders, found ${found}. SQL: ${sqlPreview(sql)}`
     );
   }
 }
-function validateMappingsAgainstPlaceholders(mappings, placeholders, max, dialect) {
-  const mappingIndices = /* @__PURE__ */ new Set();
-  for (const mapping of mappings) {
-    validateMappingIndex(mapping, max);
-    ensureUniqueMappingIndex(mappingIndices, mapping.index);
-    ensureMappingIndexExistsInSql(placeholders, mapping.index);
-    validateMappingValueShape(mapping);
+function validateParamConsistencyByDialect(sql, params, dialect) {
+  if (dialect === "postgres") {
+    validateParamConsistency(sql, params);
+    return;
   }
-  ensureMappingsCoverAllIndices(mappingIndices, max, dialect);
-}
-function validateSqlPositions(sql, mappings, dialect) {
-  const { indices, sawNumbered, sawAnonymous } = getPlaceholderIndices(
-    sql,
-    dialect
-  );
   if (dialect === "sqlite") {
-    ensureNoMixedSqlitePlaceholders(sawNumbered, sawAnonymous);
+    validateQuestionMarkConsistency(sql, params);
+    return;
+  }
+  if (dialect === "mysql" || dialect === "mariadb") {
+    validateQuestionMarkConsistency(sql, params);
+    return;
   }
-  const placeholders = new Set(indices);
-  if (placeholders.size === 0 && mappings.length === 0) return;
-  const max = maxIndex(indices);
-  ensurePlaceholderMaxMatchesMappingsLength(max, mappings.length, dialect);
-  ensureSequentialPlaceholders(placeholders, max, dialect);
-  validateMappingsAgainstPlaceholders(mappings, placeholders, max, dialect);
+  validateParamConsistency(sql, params);
+}
+function needsQuoting(identifier) {
+  const s = String(identifier);
+  if (!REGEX_CACHE.VALID_IDENTIFIER.test(s)) return true;
+  const lowered = s.toLowerCase();
+  if (SQL_KEYWORDS.has(lowered)) return true;
+  return false;
 }
 
 // src/builder/shared/sql-utils.ts
-var NUL = String.fromCharCode(0);
 function containsControlChars(s) {
-  return s.includes(NUL) || s.includes("\n") || s.includes("\r");
+  return /[\u0000-\u001F\u007F]/.test(s);
 }
 function assertNoControlChars(label, s) {
   if (containsControlChars(s)) {
@@ -1037,16 +994,46 @@ function buildTableReference(schemaName, tableName, dialect) {
   return `"${safeSchema}"."${safeTable}"`;
 }
 function assertSafeAlias(alias) {
-  const a = String(alias);
-  if (a.trim().length === 0) {
-    throw new Error("alias is required and cannot be empty");
+  if (typeof alias !== "string") {
+    throw new Error(`Invalid alias: expected string, got ${typeof alias}`);
+  }
+  const a = alias.trim();
+  if (a.length === 0) {
+    throw new Error("Invalid alias: required and cannot be empty");
+  }
+  if (a !== alias) {
+    throw new Error("Invalid alias: leading/trailing whitespace");
   }
-  if (containsControlChars(a) || a.includes(";")) {
-    throw new Error(`alias contains unsafe characters: ${JSON.stringify(a)}`);
+  if (/[\u0000-\u001F\u007F]/.test(a)) {
+    throw new Error(
+      "Invalid alias: contains unsafe characters (control characters)"
+    );
+  }
+  if (a.includes('"') || a.includes("'") || a.includes("`")) {
+    throw new Error("Invalid alias: contains unsafe characters (quotes)");
+  }
+  if (a.includes(";")) {
+    throw new Error("Invalid alias: contains unsafe characters (semicolon)");
+  }
+  if (a.includes("--") || a.includes("/*") || a.includes("*/")) {
+    throw new Error(
+      "Invalid alias: contains unsafe characters (SQL comment tokens)"
+    );
+  }
+  if (/\s/.test(a)) {
+    throw new Error(
+      "Invalid alias: must be a simple identifier without whitespace"
+    );
+  }
+  if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(a)) {
+    throw new Error(
+      `Invalid alias: must be a simple identifier (alphanumeric with underscores): "${alias}"`
+    );
   }
-  if (!/^[A-Za-z_]\w*$/.test(a)) {
+  const lowered = a.toLowerCase();
+  if (ALIAS_FORBIDDEN_KEYWORDS.has(lowered)) {
     throw new Error(
-      `alias must be a simple identifier, got: ${JSON.stringify(a)}`
+      `Invalid alias: '${alias}' is a SQL keyword that would break query parsing. Forbidden aliases: ${[...ALIAS_FORBIDDEN_KEYWORDS].join(", ")}`
     );
   }
 }
@@ -1088,7 +1075,9 @@ function isValidRelationField(field) {
   if (fk.length === 0) return false;
   const refsRaw = field.references;
   const refs = normalizeKeyList(refsRaw);
-  if (refs.length === 0) return false;
+  if (refs.length === 0) {
+    return fk.length === 1;
+  }
   if (refs.length !== fk.length) return false;
   return true;
 }
@@ -1103,6 +1092,8 @@ function getReferenceFieldNames(field, foreignKeyCount) {
   return refs;
 }
 function joinCondition(field, parentModel, childModel, parentAlias, childAlias) {
+  assertSafeAlias(parentAlias);
+  assertSafeAlias(childAlias);
   const fkFields = normalizeKeyList(field.foreignKey);
   if (fkFields.length === 0) {
     throw createError(
@@ -1252,6 +1243,66 @@ function normalizeOrderByInput(orderBy, parseValue) {
   throw new Error("orderBy must be an object or array of objects");
 }
 
+// src/builder/shared/order-by-determinism.ts
+function modelHasScalarId(model) {
+  if (!model) return false;
+  return getScalarFieldSet(model).has("id");
+}
+function hasIdTiebreaker(orderBy, parse) {
+  if (!isNotNullish(orderBy)) return false;
+  const normalized = normalizeOrderByInput(orderBy, parse);
+  return normalized.some(
+    (obj) => Object.prototype.hasOwnProperty.call(obj, "id")
+  );
+}
+function addIdTiebreaker(orderBy) {
+  if (Array.isArray(orderBy)) return [...orderBy, { id: "asc" }];
+  return [orderBy, { id: "asc" }];
+}
+function ensureDeterministicOrderByInput(args) {
+  const { orderBy, model, parseValue } = args;
+  if (!modelHasScalarId(model)) return orderBy;
+  if (!isNotNullish(orderBy)) {
+    return { id: "asc" };
+  }
+  if (hasIdTiebreaker(orderBy, parseValue)) return orderBy;
+  return addIdTiebreaker(orderBy);
+}
+
+// src/builder/shared/validators/field-assertions.ts
+var NUMERIC_TYPES = /* @__PURE__ */ new Set(["Int", "Float", "Decimal", "BigInt"]);
+function assertScalarField(model, fieldName, context) {
+  const field = getFieldInfo(model, fieldName);
+  if (!field) {
+    throw createError(
+      `${context} references unknown field '${fieldName}' on model ${model.name}`,
+      {
+        field: fieldName,
+        modelName: model.name,
+        availableFields: model.fields.map((f) => f.name)
+      }
+    );
+  }
+  if (field.isRelation) {
+    throw createError(
+      `${context} does not support relation field '${fieldName}'`,
+      { field: fieldName, modelName: model.name }
+    );
+  }
+  return field;
+}
+function assertNumericField(model, fieldName, context) {
+  const field = assertScalarField(model, fieldName, context);
+  const baseType = field.type.replace(/\[\]|\?/g, "");
+  if (!NUMERIC_TYPES.has(baseType)) {
+    throw createError(
+      `${context} requires numeric field, got '${field.type}'`,
+      { field: fieldName, modelName: model.name }
+    );
+  }
+  return field;
+}
+
 // src/builder/pagination.ts
 var MAX_LIMIT_OFFSET = 2147483647;
 function parseDirectionRaw(raw, errorLabel) {
@@ -1292,30 +1343,31 @@ function parseOrderByValue(v, fieldName) {
   assertAllowedOrderByKeys(obj, fieldName);
   return { direction, nulls };
 }
-function normalizeFiniteInteger(name, v) {
-  if (typeof v !== "number" || !Number.isFinite(v) || !Number.isInteger(v)) {
-    throw new Error(`${name} must be an integer`);
-  }
-  return v;
-}
 function normalizeNonNegativeInt(name, v) {
   if (isDynamicParameter(v)) return v;
-  const n = normalizeFiniteInteger(name, v);
-  if (n < 0) {
-    throw new Error(`${name} must be >= 0`);
-  }
-  if (n > MAX_LIMIT_OFFSET) {
-    throw new Error(`${name} must be <= ${MAX_LIMIT_OFFSET}`);
-  }
-  return n;
+  const result = normalizeIntLike(name, v, {
+    min: 0,
+    max: MAX_LIMIT_OFFSET,
+    allowZero: true
+  });
+  if (result === void 0)
+    throw new Error(`${name} normalization returned undefined`);
+  return result;
+}
+function normalizeIntAllowNegative(name, v) {
+  if (isDynamicParameter(v)) return v;
+  const result = normalizeIntLike(name, v, {
+    min: Number.MIN_SAFE_INTEGER,
+    max: MAX_LIMIT_OFFSET,
+    allowZero: true
+  });
+  if (result === void 0)
+    throw new Error(`${name} normalization returned undefined`);
+  return result;
 }
 function hasNonNullishProp(v, key) {
   return isPlainObject(v) && key in v && isNotNullish(v[key]);
 }
-function normalizeIntegerOrDynamic(name, v) {
-  if (isDynamicParameter(v)) return v;
-  return normalizeFiniteInteger(name, v);
-}
 function readSkipTake(relArgs) {
   const hasSkip = hasNonNullishProp(relArgs, "skip");
   const hasTake = hasNonNullishProp(relArgs, "take");
@@ -1329,7 +1381,7 @@ function readSkipTake(relArgs) {
   }
   const obj = relArgs;
   const skipVal = hasSkip ? normalizeNonNegativeInt("skip", obj.skip) : void 0;
-  const takeVal = hasTake ? normalizeIntegerOrDynamic("take", obj.take) : void 0;
+  const takeVal = hasTake ? normalizeIntAllowNegative("take", obj.take) : void 0;
   return { hasSkip, hasTake, skipVal, takeVal };
 }
 function buildOrderByFragment(entries, alias, dialect, model) {
@@ -1355,9 +1407,7 @@ function buildOrderByFragment(entries, alias, dialect, model) {
   return out.join(SQL_SEPARATORS.ORDER_BY);
 }
 function defaultNullsFor(dialect, direction) {
-  if (dialect === "postgres") {
-    return direction === "asc" ? "last" : "first";
-  }
+  if (dialect === "postgres") return direction === "asc" ? "last" : "first";
   return direction === "asc" ? "first" : "last";
 }
 function ensureCursorFieldsInOrder(orderEntries, cursorEntries) {
@@ -1374,13 +1424,12 @@ function ensureCursorFieldsInOrder(orderEntries, cursorEntries) {
 }
 function buildCursorFilterParts(cursor, cursorAlias, params, model) {
   const entries = Object.entries(cursor);
-  if (entries.length === 0) {
+  if (entries.length === 0)
     throw new Error("cursor must have at least one field");
-  }
   const placeholdersByField = /* @__PURE__ */ new Map();
   const parts = [];
   for (const [field, value] of entries) {
-    const c = `${cursorAlias}.${quote(field)}`;
+    const c = `${cursorAlias}.${quoteColumn(model, field)}`;
     if (value === null) {
       parts.push(`${c} IS NULL`);
       continue;
@@ -1394,13 +1443,6 @@ function buildCursorFilterParts(cursor, cursorAlias, params, model) {
     placeholdersByField
   };
 }
-function cursorValueExpr(tableName, cursorAlias, cursorWhereSql, field, model) {
-  const colName = quote(field);
-  return `(SELECT ${cursorAlias}.${colName} ${SQL_TEMPLATES.FROM} ${tableName} ${cursorAlias} ${SQL_TEMPLATES.WHERE} ${cursorWhereSql} ${SQL_TEMPLATES.LIMIT} 1)`;
-}
-function buildCursorRowExistsExpr(tableName, cursorAlias, cursorWhereSql) {
-  return `EXISTS (${SQL_TEMPLATES.SELECT} 1 ${SQL_TEMPLATES.FROM} ${tableName} ${cursorAlias} ${SQL_TEMPLATES.WHERE} ${cursorWhereSql} ${SQL_TEMPLATES.LIMIT} 1)`;
-}
 function buildCursorEqualityExpr(columnExpr, valueExpr) {
   return `((${valueExpr} IS NULL AND ${columnExpr} IS NULL) OR (${valueExpr} IS NOT NULL AND ${columnExpr} = ${valueExpr}))`;
 }
@@ -1437,26 +1479,70 @@ function buildOrderEntries(orderBy) {
       if (typeof value === "string") {
         entries.push({ field, direction: value });
       } else {
-        entries.push({
-          field,
-          direction: value.sort,
-          nulls: value.nulls
-        });
+        entries.push({ field, direction: value.direction, nulls: value.nulls });
       }
     }
   }
   return entries;
 }
+function buildCursorCteSelectList(cursorEntries, orderEntries, model) {
+  const seen = /* @__PURE__ */ new Set();
+  const ordered = [];
+  for (const [f] of cursorEntries) {
+    if (!seen.has(f)) {
+      seen.add(f);
+      ordered.push(f);
+    }
+  }
+  for (const e of orderEntries) {
+    if (!seen.has(e.field)) {
+      seen.add(e.field);
+      ordered.push(e.field);
+    }
+  }
+  if (ordered.length === 0) throw new Error("cursor cte select list is empty");
+  return ordered.map((f) => quoteColumn(model, f)).join(SQL_SEPARATORS.FIELD_LIST);
+}
+function truncateIdent(name, maxLen) {
+  const s = String(name);
+  if (s.length <= maxLen) return s;
+  return s.slice(0, maxLen);
+}
+function buildCursorNames(outerAlias) {
+  const maxLen = 63;
+  const base = outerAlias.toLowerCase();
+  const cteName = truncateIdent(`__tp_cursor_${base}`, maxLen);
+  const srcAlias = truncateIdent(`__tp_cursor_src_${base}`, maxLen);
+  if (cteName === outerAlias || srcAlias === outerAlias) {
+    return {
+      cteName: truncateIdent(`__tp_cursor_${base}_x`, maxLen),
+      srcAlias: truncateIdent(`__tp_cursor_src_${base}_x`, maxLen)
+    };
+  }
+  return { cteName, srcAlias };
+}
+function assertCursorAndOrderFieldsScalar(model, cursor, orderEntries) {
+  if (!model) return;
+  for (const k of Object.keys(cursor)) assertScalarField(model, k, "cursor");
+  for (const e of orderEntries) assertScalarField(model, e.field, "orderBy");
+}
 function buildCursorCondition(cursor, orderBy, tableName, alias, params, dialect, model) {
   var _a;
+  assertSafeTableRef(tableName);
+  assertSafeAlias(alias);
   const d = dialect != null ? dialect : getGlobalDialect();
   const cursorEntries = Object.entries(cursor);
-  if (cursorEntries.length === 0) {
+  if (cursorEntries.length === 0)
     throw new Error("cursor must have at least one field");
-  }
-  const cursorAlias = "__tp_cursor_src";
-  const { whereSql: cursorWhereSql, placeholdersByField } = buildCursorFilterParts(cursor, cursorAlias, params);
-  let orderEntries = buildOrderEntries(orderBy);
+  const { cteName, srcAlias } = buildCursorNames(alias);
+  assertSafeAlias(cteName);
+  assertSafeAlias(srcAlias);
+  const deterministicOrderBy = ensureDeterministicOrderByInput({
+    orderBy,
+    model,
+    parseValue: parseOrderByValue
+  });
+  let orderEntries = buildOrderEntries(deterministicOrderBy);
   if (orderEntries.length === 0) {
     orderEntries = cursorEntries.map(([field]) => ({
       field,
@@ -1465,11 +1551,23 @@ function buildCursorCondition(cursor, orderBy, tableName, alias, params, dialect
   } else {
     orderEntries = ensureCursorFieldsInOrder(orderEntries, cursorEntries);
   }
-  const existsExpr = buildCursorRowExistsExpr(
-    tableName,
-    cursorAlias,
-    cursorWhereSql
+  assertCursorAndOrderFieldsScalar(model, cursor, orderEntries);
+  const { whereSql: cursorWhereSql, placeholdersByField } = buildCursorFilterParts(cursor, srcAlias, params, model);
+  const cursorOrderBy = orderEntries.map(
+    (e) => `${srcAlias}.${quoteColumn(model, e.field)} ${e.direction.toUpperCase()}`
+  ).join(", ");
+  const selectList = buildCursorCteSelectList(
+    cursorEntries,
+    orderEntries,
+    model
   );
+  const cte = `${cteName} AS (
+    SELECT ${selectList} FROM ${tableName} ${srcAlias}
+    WHERE ${cursorWhereSql}
+    ORDER BY ${cursorOrderBy}
+    LIMIT 1
+  )`;
+  const existsExpr = `EXISTS (SELECT 1 FROM ${cteName})`;
   const outerCursorMatch = buildOuterCursorMatch(
     cursor,
     alias,
@@ -1477,34 +1575,29 @@ function buildCursorCondition(cursor, orderBy, tableName, alias, params, dialect
     params,
     model
   );
+  const getValueExpr = (field) => `(SELECT ${quoteColumn(model, field)} FROM ${cteName})`;
   const orClauses = [];
   for (let level = 0; level < orderEntries.length; level++) {
     const andParts = [];
     for (let i = 0; i < level; i++) {
       const e2 = orderEntries[i];
       const c2 = col(alias, e2.field, model);
-      const v2 = cursorValueExpr(
-        tableName,
-        cursorAlias,
-        cursorWhereSql,
-        e2.field);
+      const v2 = getValueExpr(e2.field);
       andParts.push(buildCursorEqualityExpr(c2, v2));
     }
     const e = orderEntries[level];
     const c = col(alias, e.field, model);
-    const v = cursorValueExpr(
-      tableName,
-      cursorAlias,
-      cursorWhereSql,
-      e.field);
+    const v = getValueExpr(e.field);
     const nulls = (_a = e.nulls) != null ? _a : defaultNullsFor(d, e.direction);
     andParts.push(buildCursorInequalityExpr(c, e.direction, nulls, v));
     orClauses.push(`(${andParts.join(SQL_SEPARATORS.CONDITION_AND)})`);
   }
   const exclusive = orClauses.join(SQL_SEPARATORS.CONDITION_OR);
-  return `(${existsExpr} ${SQL_SEPARATORS.CONDITION_AND} ((${exclusive})${SQL_SEPARATORS.CONDITION_OR}(${outerCursorMatch})))`;
+  const condition = `(${existsExpr} ${SQL_SEPARATORS.CONDITION_AND} ((${exclusive})${SQL_SEPARATORS.CONDITION_OR}(${outerCursorMatch})))`;
+  return { cte, condition };
 }
 function buildOrderBy(orderBy, alias, dialect, model) {
+  assertSafeAlias(alias);
   const entries = buildOrderEntries(orderBy);
   if (entries.length === 0) return "";
   const d = dialect != null ? dialect : getGlobalDialect();
@@ -1526,9 +1619,7 @@ function normalizeTakeLike(v) {
     max: MAX_LIMIT_OFFSET,
     allowZero: true
   });
-  if (typeof n === "number") {
-    if (n === 0) return 0;
-  }
+  if (typeof n === "number" && n === 0) return 0;
   return n;
 }
 function normalizeSkipLike(v) {
@@ -1604,6 +1695,11 @@ function buildScalarOperator(expr, op, val, params, mode, fieldType, dialect) {
     }
     return handleInOperator(expr, op, val, params, dialect);
   }
+  if (op === Ops.EQUALS && mode === Modes.INSENSITIVE && !isNotNullish(dialect)) {
+    throw createError(`Insensitive equals requires a SQL dialect`, {
+      operator: op
+    });
+  }
   return handleComparisonOperator(expr, op, val, params);
 }
 function handleNullValue(expr, op) {
@@ -1619,6 +1715,28 @@ function normalizeMode(v) {
 function handleNotOperator(expr, val, params, outerMode, fieldType, dialect) {
   const innerMode = normalizeMode(val.mode);
   const effectiveMode = innerMode != null ? innerMode : outerMode;
+  const entries = Object.entries(val).filter(
+    ([k, v]) => k !== "mode" && v !== void 0
+  );
+  if (entries.length === 0) return "";
+  if (!isNotNullish(dialect)) {
+    const clauses = [];
+    for (const [subOp, subVal] of entries) {
+      const sub = buildScalarOperator(
+        expr,
+        subOp,
+        subVal,
+        params,
+        effectiveMode,
+        fieldType,
+        void 0
+      );
+      if (sub && sub.trim().length > 0) clauses.push(`(${sub})`);
+    }
+    if (clauses.length === 0) return "";
+    if (clauses.length === 1) return `${SQL_TEMPLATES.NOT} ${clauses[0]}`;
+    return `${SQL_TEMPLATES.NOT} (${clauses.join(` ${SQL_TEMPLATES.AND} `)})`;
+  }
   return buildNotComposite(
     expr,
     val,
@@ -1833,6 +1951,7 @@ function handleArrayIsEmpty(expr, val, dialect) {
 
 // src/builder/where/operators-json.ts
 var SAFE_JSON_PATH_SEGMENT = /^[a-zA-Z_]\w*$/;
+var MAX_PATH_SEGMENT_LENGTH = 255;
 function validateJsonPathSegments(segments) {
   for (const segment of segments) {
     if (typeof segment !== "string") {
@@ -1841,6 +1960,12 @@ function validateJsonPathSegments(segments) {
         value: segment
       });
     }
+    if (segment.length > MAX_PATH_SEGMENT_LENGTH) {
+      throw createError(
+        `JSON path segment too long: max ${MAX_PATH_SEGMENT_LENGTH} characters`,
+        { operator: Ops.PATH, value: `[${segment.length} chars]` }
+      );
+    }
     if (!SAFE_JSON_PATH_SEGMENT.test(segment)) {
       throw createError(
         `Invalid JSON path segment: '${segment}'. Must be alphanumeric with underscores, starting with letter or underscore.`,
@@ -1929,6 +2054,9 @@ function handleJsonWildcard(expr, op, val, params, wildcards, dialect) {
 
 // src/builder/where/relations.ts
 var NO_JOINS = Object.freeze([]);
+function freezeJoins(items) {
+  return Object.freeze([...items]);
+}
 function isListRelation(fieldType) {
   return typeof fieldType === "string" && fieldType.endsWith("[]");
 }
@@ -1991,7 +2119,7 @@ function buildListRelationFilters(args) {
         const whereClause = `${relAlias}.${quote(checkField.name)} IS NULL`;
         return Object.freeze({
           clause: whereClause,
-          joins: [leftJoinSql]
+          joins: freezeJoins([leftJoinSql])
         });
       }
     }
@@ -2196,7 +2324,7 @@ function assertValidOperator(fieldName, op, fieldType, path, modelName) {
     Ops.HAS_EVERY,
     Ops.IS_EMPTY
   ]);
-  const JSON_OPS = /* @__PURE__ */ new Set([
+  const JSON_OPS2 = /* @__PURE__ */ new Set([
     Ops.PATH,
     Ops.STRING_CONTAINS,
     Ops.STRING_STARTS_WITH,
@@ -2213,7 +2341,7 @@ function assertValidOperator(fieldName, op, fieldType, path, modelName) {
       modelName
     });
   }
-  const isJsonOp = JSON_OPS.has(op);
+  const isJsonOp = JSON_OPS2.has(op);
   const isFieldJson = isJsonType(fieldType);
   const jsonOpMismatch = isJsonOp && !isFieldJson;
   if (jsonOpMismatch) {
@@ -2227,6 +2355,14 @@ function assertValidOperator(fieldName, op, fieldType, path, modelName) {
 }
 
 // src/builder/where/builder.ts
+var MAX_QUERY_DEPTH = 50;
+var EMPTY_JOINS = Object.freeze([]);
+var JSON_OPS = /* @__PURE__ */ new Set([
+  Ops.PATH,
+  Ops.STRING_CONTAINS,
+  Ops.STRING_STARTS_WITH,
+  Ops.STRING_ENDS_WITH
+]);
 var WhereBuilder = class {
   build(where, ctx) {
     if (!isPlainObject(where)) {
@@ -2238,8 +2374,6 @@ var WhereBuilder = class {
     return buildWhereInternal(where, ctx, this);
   }
 };
-var MAX_QUERY_DEPTH = 50;
-var EMPTY_JOINS = Object.freeze([]);
 var whereBuilderInstance = new WhereBuilder();
 function freezeResult(clause, joins = EMPTY_JOINS) {
   return Object.freeze({ clause, joins });
@@ -2416,16 +2550,8 @@ function buildOperator(expr, op, val, ctx, mode, fieldType) {
   if (fieldType && isArrayType(fieldType)) {
     return buildArrayOperator(expr, op, val, ctx.params, fieldType, ctx.dialect);
   }
-  if (fieldType && isJsonType(fieldType)) {
-    const JSON_OPS = /* @__PURE__ */ new Set([
-      Ops.PATH,
-      Ops.STRING_CONTAINS,
-      Ops.STRING_STARTS_WITH,
-      Ops.STRING_ENDS_WITH
-    ]);
-    if (JSON_OPS.has(op)) {
-      return buildJsonOperator(expr, op, val, ctx.params, ctx.dialect);
-    }
+  if (fieldType && isJsonType(fieldType) && JSON_OPS.has(op)) {
+    return buildJsonOperator(expr, op, val, ctx.params, ctx.dialect);
   }
   return buildScalarOperator(
     expr,
@@ -2446,7 +2572,7 @@ function toSafeSqlIdentifier(input) {
   const base = startsOk ? cleaned : `_${cleaned}`;
   const fallback = base.length > 0 ? base : "_t";
   const lowered = fallback.toLowerCase();
-  return SQL_KEYWORDS.has(lowered) ? `_${lowered}` : lowered;
+  return ALIAS_FORBIDDEN_KEYWORDS.has(lowered) ? `_${lowered}` : lowered;
 }
 function createAliasGenerator(maxAliases = 1e4) {
   let counter = 0;
@@ -2656,6 +2782,7 @@ function toPublicResult(clause, joins, params) {
 // src/builder/where.ts
 function buildWhereClause(where, options) {
   var _a, _b, _c, _d, _e;
+  assertSafeAlias(options.alias);
   const dialect = options.dialect || getGlobalDialect();
   const params = (_a = options.params) != null ? _a : createParamStore();
   const ctx = {
@@ -2671,22 +2798,6 @@ function buildWhereClause(where, options) {
   };
   const result = whereBuilderInstance.build(where, ctx);
   const publicResult = toPublicResult(result.clause, result.joins, params);
-  if (!options.isSubquery) {
-    const nums = [...publicResult.clause.matchAll(/\$(\d+)/g)].map(
-      (m) => parseInt(m[1], 10)
-    );
-    if (nums.length > 0) {
-      const min = Math.min(...nums);
-      if (min === 1) {
-        validateParamConsistency(publicResult.clause, publicResult.params);
-      } else {
-        validateParamConsistencyFragment(
-          publicResult.clause,
-          publicResult.params
-        );
-      }
-    }
-  }
   return publicResult;
 }
 
@@ -2824,6 +2935,9 @@ function buildRelationSelect(relArgs, relModel, relAlias) {
 }
 
 // src/builder/select/includes.ts
+var MAX_INCLUDE_DEPTH = 10;
+var MAX_TOTAL_SUBQUERIES = 100;
+var MAX_TOTAL_INCLUDES = 50;
 function getRelationTableReference(relModel, dialect) {
   return buildTableReference(
     SQL_TEMPLATES.PUBLIC_SCHEMA,
@@ -2869,107 +2983,23 @@ function relationEntriesFromArgs(args, model) {
   pushFrom(args.select);
   return out;
 }
-function assertScalarField(model, fieldName) {
-  const f = model.fields.find((x) => x.name === fieldName);
-  if (!f) {
-    throw new Error(
-      `orderBy references unknown field '${fieldName}' on model ${model.name}`
-    );
-  }
-  if (f.isRelation) {
-    throw new Error(
-      `orderBy does not support relation field '${fieldName}' on model ${model.name}`
-    );
-  }
-}
-function validateOrderByDirection(fieldName, v) {
-  const s = String(v).toLowerCase();
-  if (s !== "asc" && s !== "desc") {
-    throw new Error(
-      `Invalid orderBy direction for '${fieldName}': ${String(v)}`
-    );
-  }
-}
-function validateOrderByObject(fieldName, v) {
-  if (!("sort" in v)) {
-    throw new Error(
-      `orderBy for '${fieldName}' must be 'asc' | 'desc' or { sort, nulls? }`
-    );
-  }
-  validateOrderByDirection(fieldName, v.sort);
-  if ("nulls" in v && isNotNullish(v.nulls)) {
-    const n = String(v.nulls).toLowerCase();
-    if (n !== "first" && n !== "last") {
-      throw new Error(
-        `Invalid orderBy.nulls for '${fieldName}': ${String(v.nulls)}`
-      );
-    }
-  }
-  const allowed = /* @__PURE__ */ new Set(["sort", "nulls"]);
-  for (const k of Object.keys(v)) {
-    if (!allowed.has(k)) {
-      throw new Error(`Unsupported orderBy key '${k}' for field '${fieldName}'`);
-    }
-  }
-}
-function normalizeOrderByFieldName(name) {
-  const fieldName = String(name).trim();
-  if (fieldName.length === 0) {
-    throw new Error("orderBy field name cannot be empty");
-  }
-  return fieldName;
-}
-function requirePlainObjectForOrderByEntry(v) {
-  if (typeof v !== "object" || v === null || Array.isArray(v)) {
-    throw new Error("orderBy array entries must be objects");
-  }
-  return v;
-}
-function parseSingleFieldOrderByObject(obj) {
-  const entries = Object.entries(obj);
-  if (entries.length !== 1) {
-    throw new Error("orderBy array entries must have exactly one field");
-  }
-  const fieldName = normalizeOrderByFieldName(entries[0][0]);
-  return [fieldName, entries[0][1]];
-}
-function parseOrderByArray(orderBy) {
-  return orderBy.map(
-    (item) => parseSingleFieldOrderByObject(requirePlainObjectForOrderByEntry(item))
-  );
-}
-function parseOrderByObject(orderBy) {
-  const out = [];
-  for (const [k, v] of Object.entries(orderBy)) {
-    out.push([normalizeOrderByFieldName(k), v]);
-  }
-  return out;
-}
-function getOrderByEntries(orderBy) {
-  if (!isNotNullish(orderBy)) return [];
-  if (Array.isArray(orderBy)) {
-    return parseOrderByArray(orderBy);
-  }
-  if (typeof orderBy === "object" && orderBy !== null) {
-    return parseOrderByObject(orderBy);
-  }
-  throw new Error("orderBy must be an object or array of objects");
-}
 function validateOrderByForModel(model, orderBy) {
-  const entries = getOrderByEntries(orderBy);
-  for (const [fieldName, v] of entries) {
-    assertScalarField(model, fieldName);
-    if (typeof v === "string") {
-      validateOrderByDirection(fieldName, v);
-      continue;
+  if (!isNotNullish(orderBy)) return;
+  const scalarSet = getScalarFieldSet(model);
+  const normalized = normalizeOrderByInput(orderBy, parseOrderByValue);
+  for (const item of normalized) {
+    const entries = Object.entries(item);
+    if (entries.length !== 1) {
+      throw new Error("orderBy array entries must have exactly one field");
     }
-    if (isPlainObject(v)) {
-      validateOrderByObject(fieldName, v);
-      continue;
+    const fieldName = String(entries[0][0]).trim();
+    if (fieldName.length === 0)
+      throw new Error("orderBy field name cannot be empty");
+    if (!scalarSet.has(fieldName)) {
+      throw new Error(
+        `orderBy references unknown or non-scalar field '${fieldName}' on model ${model.name}`
+      );
     }
-    throw new Error(
-      `orderBy for '${fieldName}' must be 'asc' | 'desc' or { sort, nulls? }`
-    );
   }
 }
 function appendLimitOffset(sql, dialect, params, takeVal, skipVal, scope) {
@@ -2998,7 +3028,10 @@ function readWhereInput(relArgs) {
 function readOrderByInput(relArgs) {
   if (!isPlainObject(relArgs)) return { hasOrderBy: false, orderBy: void 0 };
   if (!("orderBy" in relArgs)) return { hasOrderBy: false, orderBy: void 0 };
-  return { hasOrderBy: true, orderBy: relArgs.orderBy };
+  return {
+    hasOrderBy: true,
+    orderBy: relArgs.orderBy
+  };
 }
 function extractRelationPaginationConfig(relArgs) {
   const { hasOrderBy, orderBy: rawOrderByInput } = readOrderByInput(relArgs);
@@ -3020,44 +3053,25 @@ function extractRelationPaginationConfig(relArgs) {
 function maybeReverseNegativeTake(takeVal, hasOrderBy, orderByInput) {
   if (typeof takeVal !== "number") return { takeVal, orderByInput };
   if (takeVal >= 0) return { takeVal, orderByInput };
-  if (!hasOrderBy) {
+  if (!hasOrderBy)
     throw new Error("Negative take requires orderBy for deterministic results");
-  }
   return {
     takeVal: Math.abs(takeVal),
     orderByInput: reverseOrderByInput(orderByInput)
   };
 }
-function hasIdTiebreaker(orderByInput) {
-  const entries = Array.isArray(orderByInput) ? orderByInput : [orderByInput];
-  return entries.some(
-    (entry) => isPlainObject(entry) ? Object.prototype.hasOwnProperty.call(entry, "id") : false
-  );
-}
-function modelHasScalarId(relModel) {
-  const idField = relModel.fields.find((f) => f.name === "id");
-  return Boolean(idField && !idField.isRelation);
-}
-function addIdTiebreaker(orderByInput) {
-  if (Array.isArray(orderByInput)) return [...orderByInput, { id: "asc" }];
-  return [orderByInput, { id: "asc" }];
-}
-function ensureDeterministicOrderBy(relModel, hasOrderBy, orderByInput, hasPagination) {
-  if (!hasPagination) {
-    if (hasOrderBy && isNotNullish(orderByInput)) {
-      validateOrderByForModel(relModel, orderByInput);
-    }
-    return orderByInput;
-  }
-  if (!hasOrderBy) {
-    return modelHasScalarId(relModel) ? { id: "asc" } : orderByInput;
+function finalizeOrderByForInclude(args) {
+  if (args.hasOrderBy && isNotNullish(args.orderByInput)) {
+    validateOrderByForModel(args.relModel, args.orderByInput);
   }
-  if (isNotNullish(orderByInput)) {
-    validateOrderByForModel(relModel, orderByInput);
+  if (!args.hasPagination) {
+    return args.orderByInput;
   }
-  if (!modelHasScalarId(relModel)) return orderByInput;
-  if (hasIdTiebreaker(orderByInput)) return orderByInput;
-  return addIdTiebreaker(orderByInput);
+  return ensureDeterministicOrderByInput({
+    orderBy: args.hasOrderBy ? args.orderByInput : void 0,
+    model: args.relModel,
+    parseValue: parseOrderByValue
+  });
 }
 function buildSelectWithNestedIncludes(relArgs, relModel, relAlias, ctx) {
   let relSelect = buildRelationSelect(relArgs, relModel, relAlias);
@@ -3068,7 +3082,10 @@ function buildSelectWithNestedIncludes(relArgs, relModel, relAlias, ctx) {
     relAlias,
     ctx.aliasGen,
     ctx.params,
-    ctx.dialect
+    ctx.dialect,
+    ctx.visitPath || [],
+    (ctx.depth || 0) + 1,
+    ctx.stats
   ) : [];
   if (isNonEmptyArray(nestedIncludes)) {
     const emptyJson = ctx.dialect === "postgres" ? `'[]'::json` : `json('[]')`;
@@ -3155,11 +3172,7 @@ function buildListIncludeSpec(args) {
       joinPredicate: args.joinPredicate,
       whereClause: args.whereClause
     });
-    return Object.freeze({
-      name: args.relName,
-      sql: sql2,
-      isOneToOne: false
-    });
+    return Object.freeze({ name: args.relName, sql: sql2, isOneToOne: false });
   }
   const rowAlias = args.ctx.aliasGen.next(`${args.relName}_row`);
   let base = buildBaseSql({
@@ -3170,9 +3183,7 @@ function buildListIncludeSpec(args) {
     joinPredicate: args.joinPredicate,
     whereClause: args.whereClause
   });
-  if (args.orderBySql) {
-    base += ` ${SQL_TEMPLATES.ORDER_BY} ${args.orderBySql}`;
-  }
+  if (args.orderBySql) base += ` ${SQL_TEMPLATES.ORDER_BY} ${args.orderBySql}`;
   base = appendLimitOffset(
     base,
     args.ctx.dialect,
@@ -3183,11 +3194,7 @@ function buildListIncludeSpec(args) {
   );
   const selectExpr = jsonAgg("row", args.ctx.dialect);
   const sql = `${SQL_TEMPLATES.SELECT} ${selectExpr} ${SQL_TEMPLATES.FROM} (${base}) ${rowAlias}`;
-  return Object.freeze({
-    name: args.relName,
-    sql,
-    isOneToOne: false
-  });
+  return Object.freeze({ name: args.relName, sql, isOneToOne: false });
 }
 function buildSingleInclude(relName, relArgs, field, relModel, ctx) {
   const relTable = getRelationTableReference(relModel, ctx.dialect);
@@ -3218,12 +3225,12 @@ function buildSingleInclude(relName, relArgs, field, relModel, ctx) {
     paginationConfig.orderBy
   );
   const hasPagination = paginationConfig.hasSkip || paginationConfig.hasTake;
-  const finalOrderByInput = ensureDeterministicOrderBy(
+  const finalOrderByInput = finalizeOrderByForInclude({
     relModel,
-    paginationConfig.hasOrderBy,
-    adjusted.orderByInput,
+    hasOrderBy: paginationConfig.hasOrderBy,
+    orderByInput: adjusted.orderByInput,
     hasPagination
-  );
+  });
   const orderBySql = buildOrderBySql(
     finalOrderByInput,
     relAlias,
@@ -3244,11 +3251,7 @@ function buildSingleInclude(relName, relArgs, field, relModel, ctx) {
       skipVal: paginationConfig.skipVal,
       ctx
     });
-    return Object.freeze({
-      name: relName,
-      sql,
-      isOneToOne: true
-    });
+    return Object.freeze({ name: relName, sql, isOneToOne: true });
   }
   return buildListIncludeSpec({
     relName,
@@ -3264,32 +3267,69 @@ function buildSingleInclude(relName, relArgs, field, relModel, ctx) {
     ctx
   });
 }
-function buildIncludeSqlInternal(args, model, schemas, parentAlias, aliasGen, params, dialect) {
+function buildIncludeSqlInternal(args, model, schemas, parentAlias, aliasGen, params, dialect, visitPath = [], depth = 0, stats) {
+  if (!stats) stats = { totalIncludes: 0, totalSubqueries: 0, maxDepth: 0 };
+  if (depth > MAX_INCLUDE_DEPTH) {
+    throw new Error(
+      `Maximum include depth of ${MAX_INCLUDE_DEPTH} exceeded. Path: ${visitPath.join(" -> ")}. Deep includes cause exponential SQL complexity and performance issues.`
+    );
+  }
+  stats.maxDepth = Math.max(stats.maxDepth, depth);
   const includes = [];
   const entries = relationEntriesFromArgs(args, model);
   for (const [relName, relArgs] of entries) {
     if (relArgs === false) continue;
+    stats.totalIncludes++;
+    if (stats.totalIncludes > MAX_TOTAL_INCLUDES) {
+      throw new Error(
+        `Maximum total includes (${MAX_TOTAL_INCLUDES}) exceeded. Current: ${stats.totalIncludes} includes. Query has ${stats.maxDepth} levels deep. Simplify your query structure or use multiple queries.`
+      );
+    }
+    stats.totalSubqueries++;
+    if (stats.totalSubqueries > MAX_TOTAL_SUBQUERIES) {
+      throw new Error(
+        `Query complexity limit exceeded: ${stats.totalSubqueries} subqueries generated. Maximum allowed: ${MAX_TOTAL_SUBQUERIES}. This indicates exponential include nesting. Stats: depth=${stats.maxDepth}, includes=${stats.totalIncludes}. Path: ${visitPath.join(" -> ")}. Simplify your include structure or split into multiple queries.`
+      );
+    }
     const resolved = resolveRelationOrThrow(model, schemas, relName);
-    const include = buildSingleInclude(
-      relName,
-      relArgs,
-      resolved.field,
-      resolved.relModel,
-      {
+    const relationPath = `${model.name}.${relName}`;
+    const currentPath = [...visitPath, relationPath];
+    if (visitPath.includes(relationPath)) {
+      throw new Error(
+        `Circular include detected: ${currentPath.join(" -> ")}. Relation '${relationPath}' creates an infinite loop.`
+      );
+    }
+    const modelOccurrences = currentPath.filter(
+      (p) => p.startsWith(`${resolved.relModel.name}.`)
+    ).length;
+    if (modelOccurrences > 2) {
+      throw new Error(
+        `Include too deeply nested: model '${resolved.relModel.name}' appears ${modelOccurrences} times in path: ${currentPath.join(" -> ")}`
+      );
+    }
+    includes.push(
+      buildSingleInclude(relName, relArgs, resolved.field, resolved.relModel, {
         model,
         schemas,
         parentAlias,
         aliasGen,
         dialect,
-        params
-      }
+        params,
+        visitPath: currentPath,
+        depth: depth + 1,
+        stats
+      })
     );
-    includes.push(include);
   }
   return includes;
 }
 function buildIncludeSql(args, model, schemas, parentAlias, params, dialect) {
   const aliasGen = createAliasGenerator();
+  const stats = {
+    totalIncludes: 0,
+    totalSubqueries: 0,
+    maxDepth: 0
+  };
   return buildIncludeSqlInternal(
     args,
     model,
@@ -3297,7 +3337,10 @@ function buildIncludeSql(args, model, schemas, parentAlias, params, dialect) {
     parentAlias,
     aliasGen,
     params,
-    dialect
+    dialect,
+    [],
+    0,
+    stats
   );
 }
 function resolveCountRelationOrThrow(relName, model, schemas) {
@@ -3308,10 +3351,14 @@ function resolveCountRelationOrThrow(relName, model, schemas) {
     );
   }
   const field = model.fields.find((f) => f.name === relName);
-  if (!field) {
+  if (!field)
     throw new Error(
       `_count.${relName} references unknown relation on model ${model.name}`
     );
+  if (!isValidRelationField(field)) {
+    throw new Error(
+      `_count.${relName} has invalid relation metadata on model ${model.name}`
+    );
   }
   const relModel = schemas.find((m) => m.name === field.relatedModel);
   if (!relModel) {
@@ -3321,31 +3368,78 @@ function resolveCountRelationOrThrow(relName, model, schemas) {
   }
   return { field, relModel };
 }
-function groupByColForCount(field, countAlias) {
-  const fkFields = normalizeKeyList(field.foreignKey);
-  const refFields = normalizeKeyList(field.references);
-  return field.isForeignKeyLocal ? `${countAlias}.${quote(refFields[0] || "id")}` : `${countAlias}.${quote(fkFields[0])}`;
+function defaultReferencesForCount(fkCount) {
+  if (fkCount === 1) return ["id"];
+  throw new Error(
+    "Relation count for composite keys requires explicit references matching foreignKey length"
+  );
 }
-function leftJoinOnForCount(field, parentAlias, joinAlias) {
+function resolveCountKeyPairs(field) {
   const fkFields = normalizeKeyList(field.foreignKey);
-  const refFields = normalizeKeyList(field.references);
-  return field.isForeignKeyLocal ? `${joinAlias}.__fk = ${parentAlias}.${quote(fkFields[0])}` : `${joinAlias}.__fk = ${parentAlias}.${quote(refFields[0] || "id")}`;
+  if (fkFields.length === 0)
+    throw new Error("Relation count requires foreignKey");
+  const refsRaw = field.references;
+  const refs = normalizeKeyList(refsRaw);
+  const refFields = refs.length > 0 ? refs : defaultReferencesForCount(fkFields.length);
+  if (refFields.length !== fkFields.length) {
+    throw new Error(
+      "Relation count requires references count to match foreignKey count"
+    );
+  }
+  const relKeyFields = field.isForeignKeyLocal ? refFields : fkFields;
+  const parentKeyFields = field.isForeignKeyLocal ? fkFields : refFields;
+  return { relKeyFields, parentKeyFields };
+}
+function aliasQualifiedColumn(alias, model, field) {
+  return `${alias}.${quoteColumn(model, field)}`;
+}
+function subqueryForCount(args) {
+  const selectKeys = args.relKeyFields.map(
+    (f, i) => `${aliasQualifiedColumn(args.countAlias, args.relModel, f)} AS "__fk${i}"`
+  ).join(SQL_SEPARATORS.FIELD_LIST);
+  const groupByKeys = args.relKeyFields.map((f) => aliasQualifiedColumn(args.countAlias, args.relModel, f)).join(SQL_SEPARATORS.FIELD_LIST);
+  const cntExpr = args.dialect === "postgres" ? "COUNT(*)::int AS __cnt" : "COUNT(*) AS __cnt";
+  return `(SELECT ${selectKeys}${SQL_SEPARATORS.FIELD_LIST}${cntExpr} FROM ${args.relTable} ${args.countAlias} GROUP BY ${groupByKeys})`;
+}
+function leftJoinOnForCount(args) {
+  const parts = args.parentKeyFields.map(
+    (f, i) => `${args.joinAlias}."__fk${i}" = ${aliasQualifiedColumn(args.parentAlias, args.parentModel, f)}`
+  );
+  return parts.length === 1 ? parts[0] : `(${parts.join(" AND ")})`;
 }
-function subqueryForCount(dialect, relTable, countAlias, groupByCol) {
-  return dialect === "postgres" ? `(SELECT ${groupByCol} AS __fk, COUNT(*)::int AS __cnt FROM ${relTable} ${countAlias} GROUP BY ${groupByCol})` : `(SELECT ${groupByCol} AS __fk, COUNT(*) AS __cnt FROM ${relTable} ${countAlias} GROUP BY ${groupByCol})`;
+function nextAliasAvoiding(aliasGen, base, forbidden) {
+  let a = aliasGen.next(base);
+  while (forbidden.has(a)) a = aliasGen.next(base);
+  return a;
 }
 function buildCountJoinAndPair(args) {
   const relTable = getRelationTableReference(args.relModel, args.dialect);
-  const countAlias = `__tp_cnt_${args.relName}`;
-  const groupByCol = groupByColForCount(args.field, countAlias);
-  const subquery = subqueryForCount(
-    args.dialect,
+  const { relKeyFields, parentKeyFields } = resolveCountKeyPairs(args.field);
+  const forbidden = /* @__PURE__ */ new Set([args.parentAlias]);
+  const countAlias = nextAliasAvoiding(
+    args.aliasGen,
+    `__tp_cnt_${args.relName}`,
+    forbidden
+  );
+  forbidden.add(countAlias);
+  const subquery = subqueryForCount({
+    dialect: args.dialect,
     relTable,
     countAlias,
-    groupByCol
+    relModel: args.relModel,
+    relKeyFields
+  });
+  const joinAlias = nextAliasAvoiding(
+    args.aliasGen,
+    `__tp_cnt_j_${args.relName}`,
+    forbidden
   );
-  const joinAlias = `__tp_cnt_j_${args.relName}`;
-  const leftJoinOn = leftJoinOnForCount(args.field, args.parentAlias, joinAlias);
+  const leftJoinOn = leftJoinOnForCount({
+    joinAlias,
+    parentAlias: args.parentAlias,
+    parentModel: args.parentModel,
+    parentKeyFields
+  });
   return {
     joinSql: `LEFT JOIN ${subquery} ${joinAlias} ON ${leftJoinOn}`,
     pairSql: `${sqlStringLiteral(args.relName)}, COALESCE(${joinAlias}.__cnt, 0)`
@@ -3354,6 +3448,7 @@ function buildCountJoinAndPair(args) {
 function buildRelationCountSql(countSelect, model, schemas, parentAlias, _params, dialect) {
   const joins = [];
   const pairs = [];
+  const aliasGen = createAliasGenerator();
   for (const [relName, shouldCount] of Object.entries(countSelect)) {
     if (!shouldCount) continue;
     const resolved = resolveCountRelationOrThrow(relName, model, schemas);
@@ -3361,29 +3456,33 @@ function buildRelationCountSql(countSelect, model, schemas, parentAlias, _params
       relName,
       field: resolved.field,
       relModel: resolved.relModel,
+      parentModel: model,
       parentAlias,
-      dialect
+      dialect,
+      aliasGen
     });
     joins.push(built.joinSql);
     pairs.push(built.pairSql);
   }
-  return {
-    joins,
-    jsonPairs: pairs.join(SQL_SEPARATORS.FIELD_LIST)
-  };
+  return { joins, jsonPairs: pairs.join(SQL_SEPARATORS.FIELD_LIST) };
 }
 
 // src/builder/select/assembly.ts
-var SIMPLE_SELECT_RE_CACHE = /* @__PURE__ */ new Map();
-function normalizeFinalParams(params) {
-  return params.map(normalizeValue);
-}
+var ALIAS_CAPTURE = "([A-Za-z_][A-Za-z0-9_]*)";
+var COLUMN_PART = '(?:"([^"]+)"|([a-z_][a-z0-9_]*))';
+var AS_PART = `(?:\\s+AS\\s+${COLUMN_PART})?`;
+var SIMPLE_COLUMN_PATTERN = `^${ALIAS_CAPTURE}\\.${COLUMN_PART}${AS_PART}$`;
+var SIMPLE_COLUMN_RE = new RegExp(SIMPLE_COLUMN_PATTERN, "i");
 function joinNonEmpty(parts, sep) {
   return parts.filter((s) => s.trim().length > 0).join(sep);
 }
 function buildWhereSql(conditions) {
   if (!isNonEmptyArray(conditions)) return "";
-  return ` ${SQL_TEMPLATES.WHERE} ${conditions.join(SQL_SEPARATORS.CONDITION_AND)}`;
+  const parts = [
+    SQL_TEMPLATES.WHERE,
+    conditions.join(SQL_SEPARATORS.CONDITION_AND)
+  ];
+  return ` ${parts.join(" ")}`;
 }
 function buildJoinsSql(...joinGroups) {
   const all = [];
@@ -3398,37 +3497,43 @@ function buildSelectList(baseSelect, extraCols) {
   if (base && extra) return `${base}${SQL_SEPARATORS.FIELD_LIST}${extra}`;
   return base || extra;
 }
-function finalizeSql(sql, params) {
+function finalizeSql(sql, params, dialect) {
   const snapshot = params.snapshot();
   validateSelectQuery(sql);
-  validateParamConsistency(sql, snapshot.params);
+  validateParamConsistencyByDialect(
+    sql,
+    snapshot.params,
+    dialect === "sqlite" ? "postgres" : dialect
+  );
   return Object.freeze({
     sql,
-    params: normalizeFinalParams(snapshot.params),
+    params: snapshot.params,
     paramMappings: Object.freeze(snapshot.mappings)
   });
 }
-function parseSimpleScalarSelect(select, alias) {
-  var _a, _b;
+function parseSimpleScalarSelect(select, fromAlias) {
+  var _a, _b, _c, _d;
   const raw = select.trim();
   if (raw.length === 0) return [];
-  let re = SIMPLE_SELECT_RE_CACHE.get(alias);
-  if (!re) {
-    const safeAlias2 = alias.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-    re = new RegExp(`^${safeAlias2}\\.(?:"([^"]+)"|([a-z_][a-z0-9_]*))$`, "i");
-    SIMPLE_SELECT_RE_CACHE.set(alias, re);
-  }
   const parts = raw.split(SQL_SEPARATORS.FIELD_LIST);
   const names = [];
   for (const part of parts) {
     const p = part.trim();
-    const m = p.match(re);
+    const m = p.match(SIMPLE_COLUMN_RE);
     if (!m) {
       throw new Error(
-        `sqlite distinct emulation requires scalar select fields to be simple columns. Got: ${p}`
+        `sqlite distinct emulation requires scalar select fields to be simple columns (optionally with AS). Got: ${p}`
+      );
+    }
+    const actualAlias = m[1];
+    if (actualAlias.toLowerCase() !== fromAlias.toLowerCase()) {
+      throw new Error(
+        `Expected alias '${fromAlias}', got '${actualAlias}' in: ${p}`
       );
     }
-    const name = ((_b = (_a = m[1]) != null ? _a : m[2]) != null ? _b : "").trim();
+    const columnName = ((_b = (_a = m[2]) != null ? _a : m[3]) != null ? _b : "").trim();
+    const outAlias = ((_d = (_c = m[4]) != null ? _c : m[5]) != null ? _d : "").trim();
+    const name = outAlias.length > 0 ? outAlias : columnName;
     if (name.length === 0) {
       throw new Error(`Failed to parse selected column name from: ${p}`);
     }
@@ -3437,18 +3542,18 @@ function parseSimpleScalarSelect(select, alias) {
   return names;
 }
 function replaceOrderByAlias(orderBy, fromAlias, outerAlias) {
-  const needle = `${fromAlias}.`;
-  const replacement = `${outerAlias}.`;
-  return orderBy.split(needle).join(replacement);
+  const src = String(fromAlias);
+  if (src.length === 0) return orderBy;
+  const escaped = src.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+  const re = new RegExp(`\\b${escaped}\\.`, "gi");
+  return orderBy.replace(re, `${outerAlias}.`);
 }
 function buildDistinctColumns(distinct, fromAlias, model) {
   return distinct.map((f) => col(fromAlias, f, model)).join(SQL_SEPARATORS.FIELD_LIST);
 }
 function buildOutputColumns(scalarNames, includeNames, hasCount) {
   const outputCols = [...scalarNames, ...includeNames];
-  if (hasCount) {
-    outputCols.push("_count");
-  }
+  if (hasCount) outputCols.push("_count");
   const formatted = outputCols.map((n) => quote(n)).join(SQL_SEPARATORS.FIELD_LIST);
   if (!isNonEmptyString(formatted)) {
     throw new Error("distinct emulation requires at least one output column");
@@ -3457,9 +3562,10 @@ function buildOutputColumns(scalarNames, includeNames, hasCount) {
 }
 function buildWindowOrder(args) {
   const { baseOrder, idField, fromAlias, model } = args;
+  const fromLower = String(fromAlias).toLowerCase();
   const orderFields = baseOrder.split(SQL_SEPARATORS.ORDER_BY).map((s) => s.trim().toLowerCase());
   const hasIdInOrder = orderFields.some(
-    (f) => f.startsWith(`${fromAlias}.id `) || f.startsWith(`${fromAlias}."id" `)
+    (f) => f.startsWith(`${fromLower}.id `) || f.startsWith(`${fromLower}."id" `)
   );
   if (hasIdInOrder) return baseOrder;
   const idTiebreaker = idField ? `, ${col(fromAlias, "id", model)} ASC` : "";
@@ -3494,15 +3600,37 @@ function buildSqliteDistinctQuery(spec, selectWithIncludes, countJoins) {
   const outerOrder = isNonEmptyString(orderBy) ? replaceOrderByAlias(orderBy, from.alias, `"__tp_distinct"`) : replaceOrderByAlias(fallbackOrder, from.alias, `"__tp_distinct"`);
   const joins = buildJoinsSql(whereJoins, countJoins);
   const conditions = [];
-  if (whereClause && whereClause !== "1=1") {
-    conditions.push(whereClause);
-  }
+  if (whereClause && whereClause !== "1=1") conditions.push(whereClause);
   const whereSql = buildWhereSql(conditions);
   const innerSelectList = selectWithIncludes.trim();
   const innerComma = innerSelectList.length > 0 ? SQL_SEPARATORS.FIELD_LIST : "";
-  const inner = `${SQL_TEMPLATES.SELECT} ${innerSelectList}${innerComma}ROW_NUMBER() OVER (PARTITION BY ${distinctCols} ORDER BY ${windowOrder}) ${SQL_TEMPLATES.AS} "__tp_rn" ${SQL_TEMPLATES.FROM} ${from.table} ${from.alias}${joins}${whereSql}`;
-  const outer = `${SQL_TEMPLATES.SELECT} ${outerSelectCols} ${SQL_TEMPLATES.FROM} (${inner}) ${SQL_TEMPLATES.AS} "__tp_distinct" ${SQL_TEMPLATES.WHERE} "__tp_rn" = 1` + (isNonEmptyString(outerOrder) ? ` ${SQL_TEMPLATES.ORDER_BY} ${outerOrder}` : "");
-  return outer;
+  const innerParts = [
+    SQL_TEMPLATES.SELECT,
+    innerSelectList + innerComma,
+    `ROW_NUMBER() OVER (PARTITION BY ${distinctCols} ORDER BY ${windowOrder})`,
+    SQL_TEMPLATES.AS,
+    '"__tp_rn"',
+    SQL_TEMPLATES.FROM,
+    from.table,
+    from.alias
+  ];
+  if (joins) innerParts.push(joins);
+  if (whereSql) innerParts.push(whereSql);
+  const inner = innerParts.filter(Boolean).join(" ");
+  const outerParts = [
+    SQL_TEMPLATES.SELECT,
+    outerSelectCols,
+    SQL_TEMPLATES.FROM,
+    `(${inner})`,
+    SQL_TEMPLATES.AS,
+    '"__tp_distinct"',
+    SQL_TEMPLATES.WHERE,
+    '"__tp_rn" = 1'
+  ];
+  if (isNonEmptyString(outerOrder)) {
+    outerParts.push(SQL_TEMPLATES.ORDER_BY, outerOrder);
+  }
+  return outerParts.filter(Boolean).join(" ");
 }
 function buildIncludeColumns(spec) {
   var _a, _b;
@@ -3630,6 +3758,7 @@ function constructFinalSql(spec) {
     orderBy,
     distinct,
     method,
+    cursorCte,
     cursorClause,
     params,
     dialect,
@@ -3644,9 +3773,13 @@ function constructFinalSql(spec) {
     const spec2 = withCountJoins(spec, countJoins, whereJoins);
     let sql2 = buildSqliteDistinctQuery(spec2, selectWithIncludes).trim();
     sql2 = appendPagination(sql2, spec);
-    return finalizeSql(sql2, params);
+    return finalizeSql(sql2, params, dialect);
+  }
+  const parts = [];
+  if (cursorCte) {
+    parts.push(`WITH ${cursorCte}`);
   }
-  const parts = [SQL_TEMPLATES.SELECT];
+  parts.push(SQL_TEMPLATES.SELECT);
   const distinctOn = dialect === "postgres" ? buildPostgresDistinctOnClause(from.alias, distinct, model) : null;
   if (distinctOn) parts.push(distinctOn);
   const baseSelect = (select != null ? select : "").trim();
@@ -3662,7 +3795,7 @@ function constructFinalSql(spec) {
   if (isNonEmptyString(orderBy)) parts.push(SQL_TEMPLATES.ORDER_BY, orderBy);
   let sql = parts.join(" ").trim();
   sql = appendPagination(sql, spec);
-  return finalizeSql(sql, params);
+  return finalizeSql(sql, params, dialect);
 }
 
 // src/builder/select.ts
@@ -3695,7 +3828,7 @@ function buildPostgresDistinctOrderBy(distinctFields, existing) {
   }
   return next;
 }
-function applyPostgresDistinctOrderBy(args, _model) {
+function applyPostgresDistinctOrderBy(args) {
   const distinctFields = normalizeDistinctFields(args.distinct);
   if (distinctFields.length === 0) return args;
   if (!isNotNullish(args.orderBy)) return args;
@@ -3705,19 +3838,6 @@ function applyPostgresDistinctOrderBy(args, _model) {
     orderBy: buildPostgresDistinctOrderBy(distinctFields, existing)
   });
 }
-function assertScalarFieldOnModel(model, fieldName, ctx) {
-  const f = model.fields.find((x) => x.name === fieldName);
-  if (!f) {
-    throw new Error(
-      `${ctx} references unknown field '${fieldName}' on model ${model.name}`
-    );
-  }
-  if (f.isRelation) {
-    throw new Error(
-      `${ctx} does not support relation field '${fieldName}' on model ${model.name}`
-    );
-  }
-}
 function validateDistinct(model, distinct) {
   if (!isNotNullish(distinct) || !isNonEmptyArray(distinct)) return;
   const seen = /* @__PURE__ */ new Set();
@@ -3728,24 +3848,24 @@ function validateDistinct(model, distinct) {
       throw new Error(`distinct must not contain duplicates (field: '${f}')`);
     }
     seen.add(f);
-    assertScalarFieldOnModel(model, f, "distinct");
+    assertScalarField(model, f, "distinct");
   }
 }
-function validateOrderByValue(fieldName, v) {
-  parseOrderByValue(v, fieldName);
-}
 function validateOrderBy(model, orderBy) {
   if (!isNotNullish(orderBy)) return;
   const items = normalizeOrderByInput2(orderBy);
   if (items.length === 0) return;
   for (const it of items) {
     const entries = Object.entries(it);
+    if (entries.length !== 1) {
+      throw new Error("orderBy array entries must have exactly one field");
+    }
     const fieldName = String(entries[0][0]).trim();
     if (fieldName.length === 0) {
       throw new Error("orderBy field name cannot be empty");
     }
-    assertScalarFieldOnModel(model, fieldName, "orderBy");
-    validateOrderByValue(fieldName, entries[0][1]);
+    assertScalarField(model, fieldName, "orderBy");
+    parseOrderByValue(entries[0][1], fieldName);
   }
 }
 function validateCursor(model, cursor) {
@@ -3762,7 +3882,7 @@ function validateCursor(model, cursor) {
     if (f.length === 0) {
       throw new Error("cursor field name cannot be empty");
     }
-    assertScalarFieldOnModel(model, f, "cursor");
+    assertScalarField(model, f, "cursor");
   }
 }
 function resolveDialect(dialect) {
@@ -3781,20 +3901,21 @@ function normalizeArgsForNegativeTake(method, args) {
     orderBy: reverseOrderByInput(args.orderBy)
   });
 }
-function normalizeArgsForDialect(dialect, args, model) {
+function normalizeArgsForDialect(dialect, args) {
   if (dialect !== "postgres") return args;
   return applyPostgresDistinctOrderBy(args);
 }
 function buildCursorClauseIfAny(input) {
-  const { cursor, orderBy, tableName, alias, params, dialect } = input;
-  if (!isNotNullish(cursor)) return void 0;
+  const { cursor, orderBy, tableName, alias, params, dialect, model } = input;
+  if (!isNotNullish(cursor)) return {};
   return buildCursorCondition(
     cursor,
     orderBy,
     tableName,
     alias,
     params,
-    dialect
+    dialect,
+    model
   );
 }
 function buildSelectSpec(input) {
@@ -3833,14 +3954,20 @@ function buildSelectSpec(input) {
     params,
     dialect
   );
-  const cursorClause = buildCursorClauseIfAny({
+  const cursorResult = buildCursorClauseIfAny({
     cursor,
     orderBy: normalizedArgs.orderBy,
     tableName,
     alias,
     params,
-    dialect
+    dialect,
+    model
   });
+  if (dialect === "sqlite" && isNonEmptyArray(normalizedArgs.distinct) && cursorResult.condition) {
+    throw new Error(
+      "Cursor pagination with distinct is not supported in SQLite due to window function limitations. Use findMany with skip/take instead, or remove distinct."
+    );
+  }
   return {
     select: selectFields,
     includes,
@@ -3851,7 +3978,8 @@ function buildSelectSpec(input) {
     pagination: { take, skip },
     distinct: normalizedArgs.distinct,
     method,
-    cursorClause,
+    cursorCte: cursorResult.cte,
+    cursorClause: cursorResult.condition,
     params,
     dialect,
     model,
@@ -3865,9 +3993,7 @@ function buildSelectSql(input) {
   assertSafeTableRef(from.tableName);
   const dialectToUse = resolveDialect(dialect);
   const argsForSql = normalizeArgsForNegativeTake(method, args);
-  const normalizedArgs = normalizeArgsForDialect(
-    dialectToUse,
-    argsForSql);
+  const normalizedArgs = normalizeArgsForDialect(dialectToUse, argsForSql);
   validateDistinct(model, normalizedArgs.distinct);
   validateOrderBy(model, normalizedArgs.orderBy);
   validateCursor(model, normalizedArgs.cursor);
@@ -3883,8 +4009,21 @@ function buildSelectSql(input) {
   });
   return constructFinalSql(spec);
 }
-var MODEL_FIELD_CACHE = /* @__PURE__ */ new WeakMap();
-var NUMERIC_TYPES = /* @__PURE__ */ new Set(["Int", "Float", "Decimal", "BigInt"]);
+
+// src/builder/shared/comparison-builder.ts
+function buildComparisons(expr, filter, params, dialect, builder, excludeKeys = /* @__PURE__ */ new Set(["mode"])) {
+  const out = [];
+  for (const [op, val] of Object.entries(filter)) {
+    if (excludeKeys.has(op) || val === void 0) continue;
+    const built = builder(expr, op, val, params, dialect);
+    if (built && built.trim().length > 0) {
+      out.push(built);
+    }
+  }
+  return out;
+}
+
+// src/builder/aggregates.ts
 var AGGREGATES = [
   ["_sum", "SUM"],
   ["_avg", "AVG"],
@@ -3899,22 +4038,32 @@ var COMPARISON_OPS = {
   [Ops.LT]: "<",
   [Ops.LTE]: "<="
 };
-function normalizeFinalParams2(params) {
-  return params.map(normalizeValue);
-}
-function getModelFieldMap(model) {
-  const cached = MODEL_FIELD_CACHE.get(model);
-  if (cached) return cached;
-  const m = /* @__PURE__ */ new Map();
-  for (const f of model.fields) {
-    m.set(f.name, { name: f.name, type: f.type, isRelation: !!f.isRelation });
-  }
-  MODEL_FIELD_CACHE.set(model, m);
-  return m;
-}
+var HAVING_ALLOWED_OPS = /* @__PURE__ */ new Set([
+  Ops.EQUALS,
+  Ops.NOT,
+  Ops.GT,
+  Ops.GTE,
+  Ops.LT,
+  Ops.LTE,
+  Ops.IN,
+  Ops.NOT_IN
+]);
 function isTruthySelection(v) {
   return v === true;
 }
+function isLogicalKey(key) {
+  return key === LogicalOps.AND || key === LogicalOps.OR || key === LogicalOps.NOT;
+}
+function isAggregateKey(key) {
+  return key === "_count" || key === "_sum" || key === "_avg" || key === "_min" || key === "_max";
+}
+function assertHavingOp(op) {
+  if (!HAVING_ALLOWED_OPS.has(op)) {
+    throw new Error(
+      `Unsupported HAVING operator '${op}'. Allowed: ${[...HAVING_ALLOWED_OPS].join(", ")}`
+    );
+  }
+}
 function aggExprForField(aggKey, field, alias, model) {
   if (aggKey === "_count") {
     return field === "_all" ? `COUNT(*)` : `COUNT(${col(alias, field, model)})`;
@@ -3948,32 +4097,9 @@ function normalizeLogicalValue2(operator, value) {
     }
     return out;
   }
-  if (isPlainObject(value)) {
-    return [value];
-  }
+  if (isPlainObject(value)) return [value];
   throw new Error(`${operator} must be an object or array of objects in HAVING`);
 }
-function assertScalarField2(model, fieldName, ctx) {
-  const m = getModelFieldMap(model);
-  const field = m.get(fieldName);
-  if (!field) {
-    throw new Error(
-      `${ctx} references unknown field '${fieldName}' on model ${model.name}. Available fields: ${model.fields.map((f) => f.name).join(", ")}`
-    );
-  }
-  if (field.isRelation) {
-    throw new Error(`${ctx} does not support relation field '${fieldName}'`);
-  }
-  return { name: field.name, type: field.type };
-}
-function assertAggregateFieldType(aggKey, fieldType, fieldName, modelName) {
-  const baseType = fieldType.replace(/\[\]|\?/g, "");
-  if ((aggKey === "_sum" || aggKey === "_avg") && !NUMERIC_TYPES.has(baseType)) {
-    throw new Error(
-      `Cannot use ${aggKey} on non-numeric field '${fieldName}' (type: ${fieldType}) on model ${modelName}`
-    );
-  }
-}
 function buildNullComparison(expr, op) {
   if (op === Ops.EQUALS) return `${expr} ${SQL_TEMPLATES.IS_NULL}`;
   if (op === Ops.NOT) return `${expr} ${SQL_TEMPLATES.IS_NOT_NULL}`;
@@ -4000,6 +4126,7 @@ function buildBinaryComparison(expr, op, val, params) {
   return `${expr} ${sqlOp} ${placeholder}`;
 }
 function buildSimpleComparison(expr, op, val, params, dialect) {
+  assertHavingOp(op);
   if (val === null) return buildNullComparison(expr, op);
   if (op === Ops.NOT && isPlainObject(val)) {
     return buildNotComposite(
@@ -4016,12 +4143,6 @@ function buildSimpleComparison(expr, op, val, params, dialect) {
   }
   return buildBinaryComparison(expr, op, val, params);
 }
-function isLogicalKey(key) {
-  return key === LogicalOps.AND || key === LogicalOps.OR || key === LogicalOps.NOT;
-}
-function isAggregateKey(key) {
-  return key === "_count" || key === "_sum" || key === "_avg" || key === "_min" || key === "_max";
-}
 function negateClauses(subClauses) {
   if (subClauses.length === 1) return `${SQL_TEMPLATES.NOT} ${subClauses[0]}`;
   return `${SQL_TEMPLATES.NOT} (${subClauses.join(SQL_SEPARATORS.CONDITION_AND)})`;
@@ -4030,16 +4151,75 @@ function combineLogical(key, subClauses) {
   if (key === LogicalOps.NOT) return negateClauses(subClauses);
   return subClauses.join(` ${key} `);
 }
+function buildHavingNode(node, alias, params, dialect, model) {
+  const clauses = [];
+  const entries = Object.entries(node);
+  for (const [key, value] of entries) {
+    const built = buildHavingEntry(key, value, alias, params, dialect, model);
+    for (const c of built) {
+      if (c && c.trim().length > 0) clauses.push(c);
+    }
+  }
+  return clauses.join(SQL_SEPARATORS.CONDITION_AND);
+}
 function buildLogicalClause2(key, value, alias, params, dialect, model) {
   const items = normalizeLogicalValue2(key, value);
   const subClauses = [];
   for (const it of items) {
     const c = buildHavingNode(it, alias, params, dialect, model);
-    if (c && c !== "") subClauses.push(`(${c})`);
+    if (c && c.trim().length > 0) subClauses.push(`(${c})`);
   }
   if (subClauses.length === 0) return "";
   return combineLogical(key, subClauses);
 }
+function assertHavingAggTarget(aggKey, field, model) {
+  if (field === "_all") {
+    if (aggKey !== "_count")
+      throw new Error(`HAVING '${aggKey}' does not support '_all'`);
+    return;
+  }
+  if (aggKey === "_sum" || aggKey === "_avg") {
+    assertNumericField(model, field, "HAVING");
+  } else {
+    assertScalarField(model, field, "HAVING");
+  }
+}
+function buildHavingOpsForExpr(expr, filter, params, dialect) {
+  return buildComparisons(expr, filter, params, dialect, buildSimpleComparison);
+}
+function buildHavingForAggregateFirstShape(aggKey, target, alias, params, dialect, model) {
+  if (!isPlainObject(target)) {
+    throw new Error(`HAVING '${aggKey}' must be an object`);
+  }
+  const out = [];
+  for (const [field, filter] of Object.entries(target)) {
+    assertHavingAggTarget(aggKey, field, model);
+    if (!isPlainObject(filter) || Object.keys(filter).length === 0) continue;
+    const expr = aggExprForField(aggKey, field, alias, model);
+    out.push(...buildHavingOpsForExpr(expr, filter, params, dialect));
+  }
+  return out;
+}
+function buildHavingForFieldFirstShape(fieldName, target, alias, params, dialect, model) {
+  if (!isPlainObject(target)) {
+    throw new Error(`HAVING '${fieldName}' must be an object`);
+  }
+  assertScalarField(model, fieldName, "HAVING");
+  const out = [];
+  const obj = target;
+  const keys = ["_count", "_sum", "_avg", "_min", "_max"];
+  for (const aggKey of keys) {
+    const aggFilter = obj[aggKey];
+    if (!isPlainObject(aggFilter)) continue;
+    if (Object.keys(aggFilter).length === 0) continue;
+    if (aggKey === "_sum" || aggKey === "_avg") {
+      assertNumericField(model, fieldName, "HAVING");
+    }
+    const expr = aggExprForField(aggKey, fieldName, alias, model);
+    out.push(...buildHavingOpsForExpr(expr, aggFilter, params, dialect));
+  }
+  return out;
+}
 function buildHavingEntry(key, value, alias, params, dialect, model) {
   if (isLogicalKey(key)) {
     const logical = buildLogicalClause2(
@@ -4071,71 +4251,10 @@ function buildHavingEntry(key, value, alias, params, dialect, model) {
     model
   );
 }
-function buildHavingNode(node, alias, params, dialect, model) {
-  const clauses = [];
-  for (const [key, value] of Object.entries(node)) {
-    const built = buildHavingEntry(key, value, alias, params, dialect, model);
-    for (const c of built) {
-      if (c && c.trim().length > 0) clauses.push(c);
-    }
-  }
-  return clauses.join(SQL_SEPARATORS.CONDITION_AND);
-}
-function assertHavingAggTarget(aggKey, field, model) {
-  if (field === "_all") {
-    if (aggKey !== "_count") {
-      throw new Error(`HAVING '${aggKey}' does not support '_all'`);
-    }
-    return;
-  }
-  const f = assertScalarField2(model, field, "HAVING");
-  assertAggregateFieldType(aggKey, f.type, f.name, model.name);
-}
-function buildHavingOpsForExpr(expr, filter, params, dialect) {
-  const out = [];
-  for (const [op, val] of Object.entries(filter)) {
-    if (op === "mode") continue;
-    const built = buildSimpleComparison(expr, op, val, params, dialect);
-    if (built && built.trim().length > 0) out.push(built);
-  }
-  return out;
-}
-function buildHavingForAggregateFirstShape(aggKey, target, alias, params, dialect, model) {
-  if (!isPlainObject(target)) return [];
-  const out = [];
-  for (const [field, filter] of Object.entries(target)) {
-    assertHavingAggTarget(aggKey, field, model);
-    if (!isPlainObject(filter) || Object.keys(filter).length === 0) continue;
-    const expr = aggExprForField(aggKey, field, alias, model);
-    out.push(...buildHavingOpsForExpr(expr, filter, params, dialect));
-  }
-  return out;
-}
-function buildHavingForFieldFirstShape(fieldName, target, alias, params, dialect, model) {
-  if (!isPlainObject(target)) return [];
-  const field = assertScalarField2(model, fieldName, "HAVING");
-  const out = [];
-  const obj = target;
-  const keys = ["_count", "_sum", "_avg", "_min", "_max"];
-  for (const aggKey of keys) {
-    const aggFilter = obj[aggKey];
-    if (!isPlainObject(aggFilter)) continue;
-    assertAggregateFieldType(aggKey, field.type, field.name, model.name);
-    const entries = Object.entries(aggFilter);
-    if (entries.length === 0) continue;
-    const expr = aggExprForField(aggKey, fieldName, alias, model);
-    for (const [op, val] of entries) {
-      if (op === "mode") continue;
-      const built = buildSimpleComparison(expr, op, val, params, dialect);
-      if (built && built.trim().length > 0) out.push(built);
-    }
-  }
-  return out;
-}
 function buildHavingClause(having, alias, params, model, dialect) {
   if (!isNotNullish(having)) return "";
   const d = dialect != null ? dialect : getGlobalDialect();
-  if (!isPlainObject(having)) return "";
+  if (!isPlainObject(having)) throw new Error("having must be an object");
   return buildHavingNode(having, alias, params, d, model);
 }
 function normalizeCountArg(v) {
@@ -4149,26 +4268,13 @@ function pushCountAllField(fields) {
     `${SQL_TEMPLATES.COUNT_ALL} ${SQL_TEMPLATES.AS} ${quote("_count._all")}`
   );
 }
-function assertCountableScalarField(fieldMap, model, fieldName) {
-  const field = fieldMap.get(fieldName);
-  if (!field) {
-    throw new Error(
-      `Field '${fieldName}' does not exist on model ${model.name}`
-    );
-  }
-  if (field.isRelation) {
-    throw new Error(
-      `Cannot use _count on relation field '${fieldName}' on model ${model.name}`
-    );
-  }
-}
 function pushCountField(fields, alias, fieldName, model) {
   const outAlias = `_count.${fieldName}`;
   fields.push(
     `COUNT(${col(alias, fieldName, model)}) ${SQL_TEMPLATES.AS} ${quote(outAlias)}`
   );
 }
-function addCountFields(fields, countArg, alias, model, fieldMap) {
+function addCountFields(fields, countArg, alias, model) {
   if (!isNotNullish(countArg)) return;
   if (countArg === true) {
     pushCountAllField(fields);
@@ -4182,7 +4288,7 @@ function addCountFields(fields, countArg, alias, model, fieldMap) {
     ([f, v]) => f !== "_all" && isTruthySelection(v)
   );
   for (const [f] of selected) {
-    assertCountableScalarField(fieldMap, model, f);
+    assertScalarField(model, f, "_count");
     pushCountField(fields, alias, f, model);
   }
 }
@@ -4190,19 +4296,12 @@ function getAggregateSelectionObject(args, agg) {
   const obj = args[agg];
   return isPlainObject(obj) ? obj : void 0;
 }
-function assertAggregatableScalarField(fieldMap, model, agg, fieldName) {
-  const field = fieldMap.get(fieldName);
-  if (!field) {
-    throw new Error(
-      `Field '${fieldName}' does not exist on model ${model.name}`
-    );
-  }
-  if (field.isRelation) {
-    throw new Error(
-      `Cannot use ${agg} on relation field '${fieldName}' on model ${model.name}`
-    );
+function assertAggregatableScalarField(model, agg, fieldName) {
+  if (agg === "_sum" || agg === "_avg") {
+    assertNumericField(model, fieldName, agg);
+  } else {
+    assertScalarField(model, fieldName, agg);
   }
-  return field;
 }
 function pushAggregateFieldSql(fields, aggFn, alias, agg, fieldName, model) {
   const outAlias = `${agg}.${fieldName}`;
@@ -4210,7 +4309,7 @@ function pushAggregateFieldSql(fields, aggFn, alias, agg, fieldName, model) {
     `${aggFn}(${col(alias, fieldName, model)}) ${SQL_TEMPLATES.AS} ${quote(outAlias)}`
   );
 }
-function addAggregateFields(fields, args, alias, model, fieldMap) {
+function addAggregateFields(fields, args, alias, model) {
   for (const [agg, aggFn] of AGGREGATES) {
     const obj = getAggregateSelectionObject(args, agg);
     if (!obj) continue;
@@ -4218,23 +4317,16 @@ function addAggregateFields(fields, args, alias, model, fieldMap) {
       if (fieldName === "_all")
         throw new Error(`'${agg}' does not support '_all'`);
       if (!isTruthySelection(selection)) continue;
-      const field = assertAggregatableScalarField(
-        fieldMap,
-        model,
-        agg,
-        fieldName
-      );
-      assertAggregateFieldType(agg, field.type, fieldName, model.name);
+      assertAggregatableScalarField(model, agg, fieldName);
       pushAggregateFieldSql(fields, aggFn, alias, agg, fieldName, model);
     }
   }
 }
 function buildAggregateFields(args, alias, model) {
   const fields = [];
-  const fieldMap = getModelFieldMap(model);
   const countArg = normalizeCountArg(args._count);
-  addCountFields(fields, countArg, alias, model, fieldMap);
-  addAggregateFields(fields, args, alias, model, fieldMap);
+  addCountFields(fields, countArg, alias, model);
+  addAggregateFields(fields, args, alias, model);
   return fields;
 }
 function buildAggregateSql(args, whereResult, tableName, alias, model) {
@@ -4258,7 +4350,7 @@ function buildAggregateSql(args, whereResult, tableName, alias, model) {
   validateParamConsistency(sql, whereResult.params);
   return Object.freeze({
     sql,
-    params: Object.freeze(normalizeFinalParams2([...whereResult.params])),
+    params: Object.freeze([...whereResult.params]),
     paramMappings: Object.freeze([...whereResult.paramMappings])
   });
 }
@@ -4271,32 +4363,22 @@ function assertGroupByBy(args, model) {
   if (bySet.size !== byFields.length) {
     throw new Error("buildGroupBySql: by must not contain duplicates");
   }
-  const modelFieldMap = getModelFieldMap(model);
   for (const f of byFields) {
-    const field = modelFieldMap.get(f);
-    if (!field) {
-      throw new Error(
-        `groupBy.by references unknown field '${f}' on model ${model.name}`
-      );
-    }
-    if (field.isRelation) {
-      throw new Error(
-        `groupBy.by does not support relation field '${f}' on model ${model.name}`
-      );
-    }
+    assertScalarField(model, f, "groupBy.by");
   }
   return byFields;
 }
 function buildGroupBySelectParts(args, alias, model, byFields) {
   const groupCols = byFields.map((f) => col(alias, f, model));
+  const selectCols = byFields.map((f) => colWithAlias(alias, f, model));
   const groupFields = groupCols.join(SQL_SEPARATORS.FIELD_LIST);
   const aggFields = buildAggregateFields(args, alias, model);
-  const selectFields = isNonEmptyArray(aggFields) ? groupCols.concat(aggFields).join(SQL_SEPARATORS.FIELD_LIST) : groupCols.join(SQL_SEPARATORS.FIELD_LIST);
+  const selectFields = isNonEmptyArray(aggFields) ? selectCols.concat(aggFields).join(SQL_SEPARATORS.FIELD_LIST) : selectCols.join(SQL_SEPARATORS.FIELD_LIST);
   return { groupCols, groupFields, selectFields };
 }
 function buildGroupByHaving(args, alias, params, model, dialect) {
   if (!isNotNullish(args.having)) return "";
-  if (!isPlainObject(args.having)) return "";
+  if (!isPlainObject(args.having)) throw new Error("having must be an object");
   const h = buildHavingClause(args.having, alias, params, model, dialect);
   if (!h || h.trim().length === 0) return "";
   return `${SQL_TEMPLATES.HAVING} ${h}`;
@@ -4329,64 +4411,60 @@ function buildGroupBySql(args, whereResult, tableName, alias, model, dialect) {
   const snapshot = params.snapshot();
   validateSelectQuery(sql);
   validateParamConsistency(sql, [...whereResult.params, ...snapshot.params]);
-  const mergedParams = [...whereResult.params, ...snapshot.params];
   return Object.freeze({
     sql,
-    params: Object.freeze(normalizeFinalParams2(mergedParams)),
+    params: Object.freeze([...whereResult.params, ...snapshot.params]),
     paramMappings: Object.freeze([
       ...whereResult.paramMappings,
       ...snapshot.mappings
     ])
   });
 }
-function buildCountSql(whereResult, tableName, alias, skip, dialect) {
+function buildCountSql(whereResult, tableName, alias, skip, _dialect) {
   assertSafeAlias(alias);
   assertSafeTableRef(tableName);
-  const d = getGlobalDialect();
+  if (skip !== void 0 && skip !== null) {
+    if (isDynamicParameter(skip)) {
+      throw new Error(
+        "count() with skip is not supported because it produces nondeterministic results. Dynamic skip cannot be validated at build time. Use findMany().length or add explicit orderBy + cursor/skip logic in a deterministic query."
+      );
+    }
+    if (typeof skip === "string") {
+      const s = skip.trim();
+      if (s.length > 0) {
+        const n = Number(s);
+        if (Number.isFinite(n) && Number.isInteger(n) && n > 0) {
+          throw new Error(
+            "count() with skip is not supported because it produces nondeterministic results. Use findMany().length or add explicit orderBy to ensure deterministic behavior."
+          );
+        }
+      }
+    }
+    if (typeof skip === "number" && Number.isFinite(skip) && Number.isInteger(skip) && skip > 0) {
+      throw new Error(
+        "count() with skip is not supported because it produces nondeterministic results. Use findMany().length or add explicit orderBy to ensure deterministic behavior."
+      );
+    }
+  }
   const whereClause = isValidWhereClause(whereResult.clause) ? `${SQL_TEMPLATES.WHERE} ${whereResult.clause}` : "";
-  const params = createParamStore(whereResult.nextParamIndex);
-  const baseSubSelect = [
-    SQL_TEMPLATES.SELECT,
-    "1",
-    SQL_TEMPLATES.FROM,
-    tableName,
-    alias,
-    whereClause
-  ].filter((x) => x && String(x).trim().length > 0).join(" ").trim();
-  const normalizedSkip = normalizeSkipLike(skip);
-  const subSelect = applyCountSkip(baseSubSelect, normalizedSkip, params, d);
   const sql = [
     SQL_TEMPLATES.SELECT,
     SQL_TEMPLATES.COUNT_ALL,
     SQL_TEMPLATES.AS,
     quote("_count._all"),
     SQL_TEMPLATES.FROM,
-    `(${subSelect})`,
-    SQL_TEMPLATES.AS,
-    `"sub"`
+    tableName,
+    alias,
+    whereClause
   ].filter((x) => x && String(x).trim().length > 0).join(" ").trim();
   validateSelectQuery(sql);
-  const snapshot = params.snapshot();
-  const mergedParams = [...whereResult.params, ...snapshot.params];
-  validateParamConsistency(sql, mergedParams);
+  validateParamConsistency(sql, whereResult.params);
   return Object.freeze({
     sql,
-    params: Object.freeze(normalizeFinalParams2(mergedParams)),
-    paramMappings: Object.freeze([
-      ...whereResult.paramMappings,
-      ...snapshot.mappings
-    ])
+    params: Object.freeze([...whereResult.params]),
+    paramMappings: Object.freeze([...whereResult.paramMappings])
   });
 }
-function applyCountSkip(subSelect, normalizedSkip, params, dialect) {
-  const shouldApply = isDynamicParameter(normalizedSkip) || typeof normalizedSkip === "number" && normalizedSkip > 0;
-  if (!shouldApply) return subSelect;
-  const placeholder = addAutoScoped(params, normalizedSkip, "count.skip");
-  if (dialect === "sqlite") {
-    return `${subSelect} ${SQL_TEMPLATES.LIMIT} -1 ${SQL_TEMPLATES.OFFSET} ${placeholder}`;
-  }
-  return `${subSelect} ${SQL_TEMPLATES.OFFSET} ${placeholder}`;
-}
 function safeAlias(input) {
   const raw = String(input).toLowerCase();
   const cleaned = raw.replace(/[^a-z0-9_]/g, "_");
@@ -4536,8 +4614,12 @@ function buildAndNormalizeSql(args) {
   );
 }
 function finalizeDirective(args) {
-  const { directive, normalizedSql, normalizedMappings } = args;
-  validateSqlPositions(normalizedSql, normalizedMappings, getGlobalDialect());
+  const { directive, normalizedSql, normalizedMappings, dialect } = args;
+  const params = normalizedMappings.map((m) => {
+    var _a;
+    return (_a = m.value) != null ? _a : void 0;
+  });
+  validateParamConsistencyByDialect(normalizedSql, params, dialect);
   const { staticParams, dynamicKeys } = buildParamsFromMappings(normalizedMappings);
   return {
     method: directive.method,
@@ -4574,7 +4656,8 @@ function generateSQL(directive) {
   return finalizeDirective({
     directive,
     normalizedSql: normalized.sql,
-    normalizedMappings: normalized.paramMappings
+    normalizedMappings: normalized.paramMappings,
+    dialect
   });
 }
 function generateSQL2(directive) {
@@ -4682,18 +4765,57 @@ function generateCode(models, queries, dialect, datamodel) {
   return `// Generated by @prisma-sql/generator - DO NOT EDIT
 import { buildSQL, transformQueryResults, type PrismaMethod, type Model } from 'prisma-sql'
 
-function normalizeValue(value: unknown): unknown {
+/**
+ * Normalize values for SQL params.
+ * Synced from src/utils/normalize-value.ts
+ */
+function normalizeValue(value: unknown, seen = new WeakSet<object>(), depth = 0): unknown {
+  const MAX_DEPTH = 20
+  if (depth > MAX_DEPTH) {
+    throw new Error(\`Max normalization depth exceeded (\${MAX_DEPTH} levels)\`)
+  }
   if (value instanceof Date) {
+    const t = value.getTime()
+    if (!Number.isFinite(t)) {
+      throw new Error('Invalid Date value in SQL params')
+    }
     return value.toISOString()
   }
-  
+  if (typeof value === 'bigint') {
+    return value.toString()
+  }
   if (Array.isArray(value)) {
-    return value.map(normalizeValue)
+    const arrRef = value as unknown as object
+    if (seen.has(arrRef)) {
+      throw new Error('Circular reference in SQL params')
+    }
+    seen.add(arrRef)
+    const out = value.map((v) => normalizeValue(v, seen, depth + 1))
+    seen.delete(arrRef)
+    return out
+  }
+  if (value && typeof value === 'object') {
+    if (value instanceof Uint8Array) return value
+    if (typeof Buffer !== 'undefined' && Buffer.isBuffer(value)) return value
+    const proto = Object.getPrototypeOf(value)
+    const isPlain = proto === Object.prototype || proto === null
+    if (!isPlain) return value
+    const obj = value as Record<string, unknown>
+    if (seen.has(obj)) {
+      throw new Error('Circular reference in SQL params')
+    }
+    seen.add(obj)
+    const out: Record<string, unknown> = {}
+    for (const [k, v] of Object.entries(obj)) {
+      out[k] = normalizeValue(v, seen, depth + 1)
+    }
+    seen.delete(obj)
+    return out
   }
-  
   return value
 }
 
+
 export const MODELS: Model[] = ${JSON.stringify(cleanModels, null, 2)}
 
 const ENUM_MAPPINGS: Record<string, Record<string, string>> = ${JSON.stringify(mappings, null, 2)}
@@ -4833,34 +4955,39 @@ function normalizeQuery(args: any): string {
 
 function extractDynamicParams(args: any, dynamicKeys: string[]): unknown[] {
   const params: unknown[] = []
-  
+
   for (const key of dynamicKeys) {
     const parts = key.split(':')
     const lookupKey = parts.length === 2 ? parts[1] : key
-    const value = args[lookupKey]
-    
+
+    const value =
+      lookupKey.includes('.') ? getByPath(args, lookupKey) : args?.[lookupKey]
+
     if (value === undefined) {
       throw new Error(\`Missing required parameter: \${key}\`)
     }
-    
+
     params.push(normalizeValue(value))
   }
-  
+
   return params
 }
 
+
 async function executeQuery(client: any, sql: string, params: unknown[]): Promise<unknown[]> {
+  const normalizedParams = normalizeParams(params)
+
   if (DIALECT === 'postgres') {
-    return await client.unsafe(sql, params)
+    return await client.unsafe(sql, normalizedParams)
   }
-  
+
   const stmt = client.prepare(sql)
-  
+
   if (sql.toUpperCase().includes('COUNT(*) AS')) {
-    return [stmt.get(...params)]
+    return [stmt.get(...normalizedParams)]
   }
-  
-  return stmt.all(...params)
+
+  return stmt.all(...normalizedParams)
 }
 
 export function speedExtension(config: {
@@ -4905,18 +5032,21 @@ export function speedExtension(config: {
 
       if (prebakedQuery) {
         sql = prebakedQuery.sql
-        params = [...prebakedQuery.params, ...extractDynamicParams(transformedArgs, prebakedQuery.dynamicKeys)]
+        params = normalizeParams([
+          ...prebakedQuery.params,
+          ...extractDynamicParams(transformedArgs, prebakedQuery.dynamicKeys),
+        ])
         prebaked = true
       } else {
         const model = MODELS.find((m) => m.name === modelName)
-        
+
         if (!model) {
           return this.$parent[modelName][method](args)
         }
 
         const result = buildSQL(model, MODELS, method, transformedArgs, DIALECT)
         sql = result.sql
-        params = result.params
+        params = normalizeParams(result.params as unknown[])
       }
 
       if (debug) {