qast 1.1.0 → 1.2.0

package/README.md

@@ -232,6 +232,11 @@ Parse a query string into an AST.
   - `allowedFields?: string[]` - Whitelist of allowed field names
   - `allowedOperators?: Operator[]` - Whitelist of allowed operators
   - `validate?: boolean` - Whether to validate against whitelists (default: true if whitelists are provided)
+  - `maxDepth?: number` - Maximum allowed AST depth (to limit nested logical expressions)
+  - `maxNodes?: number` - Maximum allowed number of AST nodes (to limit overall query complexity)
+  - `maxQueryLength?: number` - Maximum allowed length of the raw query string (checked before parsing)
+  - `maxArrayLength?: number` - Maximum allowed length of array values (for `in` operator)
+  - `maxStringLength?: number` - Maximum allowed length of string values
 
 **Returns:** The parsed AST node
 
@@ -241,6 +246,11 @@ const ast = parseQuery('age gt 25', {
   allowedFields: ['age', 'name'],
   allowedOperators: ['gt', 'eq'],
   validate: true,
+  maxDepth: 5,
+  maxNodes: 50,
+  maxQueryLength: 1000,
+  maxArrayLength: 100,
+  maxStringLength: 200,
 });
 ```
 
@@ -290,6 +300,33 @@ Extract all operators used in an AST.
 
 **Returns:** Array of unique operators
 
+### `validateQueryComplexity(ast: QastNode, options: ComplexityOptions): void`
+
+Validate an AST against complexity limits.
+
+**Parameters:**
+- `ast` - The AST to validate
+- `options` - Complexity options:
+  - `maxDepth?: number` - Maximum allowed AST depth
+  - `maxNodes?: number` - Maximum allowed number of nodes
+  - `maxArrayLength?: number` - Maximum allowed array length
+  - `maxStringLength?: number` - Maximum allowed string length
+
+**Throws:** `ValidationError` if any limit is exceeded
+
+**Example:**
+```typescript
+import { parseQuery, validateQueryComplexity } from 'qast';
+
+const ast = parseQuery('age in [1,2,3,4,5]');
+validateQueryComplexity(ast, {
+  maxDepth: 5,
+  maxNodes: 20,
+  maxArrayLength: 100,
+  maxStringLength: 200,
+});
+```
+
 ## Security Best Practices
 
 1. **Always use whitelists**: Restrict which fields and operators can be used in queries.
@@ -304,7 +341,21 @@ const ast = parseQuery(req.query.filter, {
 
 2. **Validate user input**: Don't trust user-provided query strings without validation.
 
-3. **Limit query complexity**: Consider limiting the depth of nested queries to prevent DoS attacks.
+3. **Limit query complexity**: Use complexity limits to prevent DoS attacks.
+
+```typescript
+const ast = parseQuery(req.query.filter, {
+  allowedFields: ['age', 'name', 'city'],
+  allowedOperators: ['gt', 'eq', 'lt', 'in'],
+  validate: true,
+  // Complexity limits
+  maxQueryLength: 1000,  // Reject queries longer than 1000 chars
+  maxDepth: 5,           // Max 5 levels of nesting
+  maxNodes: 20,          // Max 20 conditions
+  maxArrayLength: 100,   // Max 100 items in 'in' arrays
+  maxStringLength: 200,  // Max 200 chars per string value
+});
+```
 
 4. **Use type checking**: Ensure values match expected types for fields.
 

package/dist/index.d.ts

@@ -6,18 +6,18 @@
  */
 export { parseQueryString } from './parser/parser';
 export { Tokenizer, Token, TokenType } from './parser/tokenizer';
-export { validateQuery, extractFields, extractOperators } from './parser/validator';
+export { validateQuery, validateQueryComplexity, extractFields, extractOperators, } from './parser/validator';
 export { toPrismaFilter, PrismaFilter } from './adapters/prisma';
 export { toTypeORMFilter, TypeORMFilter } from './adapters/typeorm';
 export { toSequelizeFilter, SequelizeFilter } from './adapters/sequelize';
-export { QastNode, ComparisonNode, LogicalNode, LogicalOperator, Operator, QastValue, ParseOptions, WhitelistOptions, isComparisonNode, isLogicalNode, } from './types/ast';
+export { QastNode, ComparisonNode, LogicalNode, LogicalOperator, Operator, QastValue, ParseOptions, WhitelistOptions, ComplexityOptions, isComparisonNode, isLogicalNode, } from './types/ast';
 export { QastError, ParseError, ValidationError, TokenizationError, } from './errors';
 import { ParseOptions, QastNode } from './types/ast';
 /**
  * Parse a query string into an AST
  *
  * @param query - The query string to parse (e.g., 'age gt 25 and name eq "John"')
- * @param options - Optional parsing options (whitelisting, validation)
+ * @param options - Optional parsing options (whitelisting, validation, complexity limits)
  * @returns The parsed AST node
  *
  * @example
@@ -31,6 +31,11 @@ import { ParseOptions, QastNode } from './types/ast';
  *   allowedFields: ['age', 'name'],
  *   allowedOperators: ['gt', 'eq'],
  *   validate: true,
+ *   maxDepth: 5,
+ *   maxNodes: 50,
+ *   maxQueryLength: 1000,
+ *   maxArrayLength: 100,
+ *   maxStringLength: 200,
  * });
  * ```
  */

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAGjE,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAGpF,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAG1E,OAAO,EACL,QAAQ,EACR,cAAc,EACd,WAAW,EACX,eAAe,EACf,QAAQ,EACR,SAAS,EACT,YAAY,EACZ,gBAAgB,EAChB,gBAAgB,EAChB,aAAa,GACd,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,SAAS,EACT,UAAU,EACV,eAAe,EACf,iBAAiB,GAClB,MAAM,UAAU,CAAC;AAKlB,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAoB,MAAM,aAAa,CAAC;AAEvE;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,QAAQ,CAiB1E"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAGjE,OAAO,EACL,aAAa,EACb,uBAAuB,EACvB,aAAa,EACb,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAG1E,OAAO,EACL,QAAQ,EACR,cAAc,EACd,WAAW,EACX,eAAe,EACf,QAAQ,EACR,SAAS,EACT,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,EACjB,gBAAgB,EAChB,aAAa,GACd,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,SAAS,EACT,UAAU,EACV,eAAe,EACf,iBAAiB,GAClB,MAAM,UAAU,CAAC;AAKlB,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAoB,MAAM,aAAa,CAAC;AAGvE;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,QAAQ,CA0C1E"}

package/dist/index.js

@@ -6,7 +6,7 @@
  * and transforms them into ORM-compatible filter objects.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.TokenizationError = exports.ValidationError = exports.ParseError = exports.QastError = exports.isLogicalNode = exports.isComparisonNode = exports.toSequelizeFilter = exports.toTypeORMFilter = exports.toPrismaFilter = exports.extractOperators = exports.extractFields = exports.validateQuery = exports.TokenType = exports.Tokenizer = exports.parseQueryString = void 0;
+exports.TokenizationError = exports.ValidationError = exports.ParseError = exports.QastError = exports.isLogicalNode = exports.isComparisonNode = exports.toSequelizeFilter = exports.toTypeORMFilter = exports.toPrismaFilter = exports.extractOperators = exports.extractFields = exports.validateQueryComplexity = exports.validateQuery = exports.TokenType = exports.Tokenizer = exports.parseQueryString = void 0;
 exports.parseQuery = parseQuery;
 // Export parser
 var parser_1 = require("./parser/parser");
@@ -17,6 +17,7 @@ Object.defineProperty(exports, "TokenType", { enumerable: true, get: function ()
 // Export validators
 var validator_1 = require("./parser/validator");
 Object.defineProperty(exports, "validateQuery", { enumerable: true, get: function () { return validator_1.validateQuery; } });
+Object.defineProperty(exports, "validateQueryComplexity", { enumerable: true, get: function () { return validator_1.validateQueryComplexity; } });
 Object.defineProperty(exports, "extractFields", { enumerable: true, get: function () { return validator_1.extractFields; } });
 Object.defineProperty(exports, "extractOperators", { enumerable: true, get: function () { return validator_1.extractOperators; } });
 // Export adapters
@@ -39,11 +40,12 @@ Object.defineProperty(exports, "TokenizationError", { enumerable: true, get: fun
 // Main parse function with options
 const parser_2 = require("./parser/parser");
 const validator_2 = require("./parser/validator");
+const errors_2 = require("./errors");
 /**
  * Parse a query string into an AST
  *
  * @param query - The query string to parse (e.g., 'age gt 25 and name eq "John"')
- * @param options - Optional parsing options (whitelisting, validation)
+ * @param options - Optional parsing options (whitelisting, validation, complexity limits)
  * @returns The parsed AST node
  *
  * @example
@@ -57,20 +59,44 @@ const validator_2 = require("./parser/validator");
  *   allowedFields: ['age', 'name'],
  *   allowedOperators: ['gt', 'eq'],
  *   validate: true,
+ *   maxDepth: 5,
+ *   maxNodes: 50,
+ *   maxQueryLength: 1000,
+ *   maxArrayLength: 100,
+ *   maxStringLength: 200,
  * });
  * ```
  */
 function parseQuery(query, options) {
+    // Check query string length before parsing (early rejection)
+    if (options?.maxQueryLength !== undefined && query.length > options.maxQueryLength) {
+        throw new errors_2.ValidationError(`Query string is too long (${query.length} characters) - maximum allowed is ${options.maxQueryLength}`);
+    }
     const ast = (0, parser_2.parseQueryString)(query);
-    // Validate if options are provided and validation is enabled
-    if (options && options.validate !== false) {
-        const whitelist = {
-            allowedFields: options.allowedFields,
-            allowedOperators: options.allowedOperators,
-        };
-        // Only validate if whitelists are provided
-        if (whitelist.allowedFields || whitelist.allowedOperators) {
-            (0, validator_2.validateQuery)(ast, whitelist);
+    if (options) {
+        // Validate against whitelists if enabled
+        if (options.validate !== false) {
+            const whitelist = {
+                allowedFields: options.allowedFields,
+                allowedOperators: options.allowedOperators,
+            };
+            // Only validate if whitelists are provided
+            if (whitelist.allowedFields || whitelist.allowedOperators) {
+                (0, validator_2.validateQuery)(ast, whitelist);
+            }
+        }
+        // Enforce complexity limits if configured
+        const hasComplexityLimits = options.maxDepth !== undefined ||
+            options.maxNodes !== undefined ||
+            options.maxArrayLength !== undefined ||
+            options.maxStringLength !== undefined;
+        if (hasComplexityLimits) {
+            (0, validator_2.validateQueryComplexity)(ast, {
+                maxDepth: options.maxDepth,
+                maxNodes: options.maxNodes,
+                maxArrayLength: options.maxArrayLength,
+                maxStringLength: options.maxStringLength,
+            });
         }
     }
     return ast;

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AA8DH,gCAiBC;AA7ED,gBAAgB;AAChB,0CAAmD;AAA1C,0GAAA,gBAAgB,OAAA;AACzB,gDAAiE;AAAxD,sGAAA,SAAS,OAAA;AAAS,sGAAA,SAAS,OAAA;AAEpC,oBAAoB;AACpB,gDAAoF;AAA3E,0GAAA,aAAa,OAAA;AAAE,0GAAA,aAAa,OAAA;AAAE,6GAAA,gBAAgB,OAAA;AAEvD,kBAAkB;AAClB,4CAAiE;AAAxD,wGAAA,cAAc,OAAA;AACvB,8CAAoE;AAA3D,0GAAA,eAAe,OAAA;AACxB,kDAA0E;AAAjE,8GAAA,iBAAiB,OAAA;AAE1B,eAAe;AACf,mCAWqB;AAFnB,uGAAA,gBAAgB,OAAA;AAChB,oGAAA,aAAa,OAAA;AAGf,gBAAgB;AAChB,mCAKkB;AAJhB,mGAAA,SAAS,OAAA;AACT,oGAAA,UAAU,OAAA;AACV,yGAAA,eAAe,OAAA;AACf,2GAAA,iBAAiB,OAAA;AAGnB,mCAAmC;AACnC,4CAAmD;AACnD,kDAAmD;AAGnD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAgB,UAAU,CAAC,KAAa,EAAE,OAAsB;IAC9D,MAAM,GAAG,GAAG,IAAA,yBAAgB,EAAC,KAAK,CAAC,CAAC;IAEpC,6DAA6D;IAC7D,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;QAC1C,MAAM,SAAS,GAAqB;YAClC,aAAa,EAAE,OAAO,CAAC,aAAa;YACpC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;SAC3C,CAAC;QAEF,2CAA2C;QAC3C,IAAI,SAAS,CAAC,aAAa,IAAI,SAAS,CAAC,gBAAgB,EAAE,CAAC;YAC1D,IAAA,yBAAa,EAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AA0EH,gCA0CC;AAlHD,gBAAgB;AAChB,0CAAmD;AAA1C,0GAAA,gBAAgB,OAAA;AACzB,gDAAiE;AAAxD,sGAAA,SAAS,OAAA;AAAS,sGAAA,SAAS,OAAA;AAEpC,oBAAoB;AACpB,gDAK4B;AAJ1B,0GAAA,aAAa,OAAA;AACb,oHAAA,uBAAuB,OAAA;AACvB,0GAAA,aAAa,OAAA;AACb,6GAAA,gBAAgB,OAAA;AAGlB,kBAAkB;AAClB,4CAAiE;AAAxD,wGAAA,cAAc,OAAA;AACvB,8CAAoE;AAA3D,0GAAA,eAAe,OAAA;AACxB,kDAA0E;AAAjE,8GAAA,iBAAiB,OAAA;AAE1B,eAAe;AACf,mCAYqB;AAFnB,uGAAA,gBAAgB,OAAA;AAChB,oGAAA,aAAa,OAAA;AAGf,gBAAgB;AAChB,mCAKkB;AAJhB,mGAAA,SAAS,OAAA;AACT,oGAAA,UAAU,OAAA;AACV,yGAAA,eAAe,OAAA;AACf,2GAAA,iBAAiB,OAAA;AAGnB,mCAAmC;AACnC,4CAAmD;AACnD,kDAA4E;AAE5E,qCAA2C;AAE3C;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,SAAgB,UAAU,CAAC,KAAa,EAAE,OAAsB;IAC9D,6DAA6D;IAC7D,IAAI,OAAO,EAAE,cAAc,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;QACnF,MAAM,IAAI,wBAAe,CACvB,6BAA6B,KAAK,CAAC,MAAM,qCAAqC,OAAO,CAAC,cAAc,EAAE,CACvG,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAA,yBAAgB,EAAC,KAAK,CAAC,CAAC;IAEpC,IAAI,OAAO,EAAE,CAAC;QACZ,yCAAyC;QACzC,IAAI,OAAO,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAqB;gBAClC,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;aAC3C,CAAC;YAEF,2CAA2C;YAC3C,IAAI,SAAS,CAAC,aAAa,IAAI,SAAS,CAAC,gBAAgB,EAAE,CAAC;gBAC1D,IAAA,yBAAa,EAAC,GAAG,EAAE,SAAS,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAED,0CAA0C;QAC1C,MAAM,mBAAmB,GACvB,OAAO,CAAC,QAAQ,KAAK,SAAS;YAC9B,OAAO,CAAC,QAAQ,KAAK,SAAS;YAC9B,OAAO,CAAC,cAAc,KAAK,SAAS;YACpC,OAAO,CAAC,eAAe,KAAK,SAAS,CAAC;QAExC,IAAI,mBAAmB,EAAE,CAAC;YACxB,IAAA,mCAAuB,EAAC,GAAG,EAAE;gBAC3B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,cAAc,EAAE,OAAO,CAAC,cAAc;gBACtC,eAAe,EAAE,OAAO,CAAC,eAAe;aACzC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/parser/validator.d.ts

@@ -1,8 +1,12 @@
-import { QastNode, WhitelistOptions, Operator } from '../types/ast';
+import { QastNode, WhitelistOptions, ComplexityOptions, Operator } from '../types/ast';
 /**
  * Validate an AST against whitelist options
  */
 export declare function validateQuery(ast: QastNode, whitelist: WhitelistOptions): void;
+/**
+ * Validate query complexity (depth, node count, array lengths, string lengths)
+ */
+export declare function validateQueryComplexity(ast: QastNode, options: ComplexityOptions): void;
 /**
  * Extract all fields used in an AST
  */

package/dist/parser/validator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"validator.d.ts","sourceRoot":"","sources":["../../src/parser/validator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAA+B,gBAAgB,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAIjG;;GAEG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,QAAQ,EAAE,SAAS,EAAE,gBAAgB,GAAG,IAAI,CAE9E;AAyDD;;GAEG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,QAAQ,GAAG,MAAM,EAAE,CAIrD;AAcD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,QAAQ,GAAG,QAAQ,EAAE,CAI1D"}
+{"version":3,"file":"validator.d.ts","sourceRoot":"","sources":["../../src/parser/validator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAA+B,gBAAgB,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAIpH;;GAEG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,QAAQ,EAAE,SAAS,EAAE,gBAAgB,GAAG,IAAI,CAE9E;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,iBAAiB,GAAG,IAAI,CAmBvF;AAqGD;;GAEG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,QAAQ,GAAG,MAAM,EAAE,CAIrD;AAcD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,QAAQ,GAAG,QAAQ,EAAE,CAI1D"}

package/dist/parser/validator.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.validateQuery = validateQuery;
+exports.validateQueryComplexity = validateQueryComplexity;
 exports.extractFields = extractFields;
 exports.extractOperators = extractOperators;
 const errors_1 = require("../errors");
@@ -11,6 +12,54 @@ const ast_1 = require("../types/ast");
 function validateQuery(ast, whitelist) {
     validateNode(ast, whitelist);
 }
+/**
+ * Validate query complexity (depth, node count, array lengths, string lengths)
+ */
+function validateQueryComplexity(ast, options) {
+    const { depth, nodes } = computeComplexity(ast);
+    if (options.maxDepth !== undefined && depth > options.maxDepth) {
+        throw new errors_1.ValidationError(`Query is too deeply nested (depth ${depth}) - maximum allowed depth is ${options.maxDepth}`);
+    }
+    if (options.maxNodes !== undefined && nodes > options.maxNodes) {
+        throw new errors_1.ValidationError(`Query is too complex (node count ${nodes}) - maximum allowed nodes is ${options.maxNodes}`);
+    }
+    // Validate array and string lengths in values
+    if (options.maxArrayLength !== undefined || options.maxStringLength !== undefined) {
+        validateValueLimits(ast, options);
+    }
+}
+/**
+ * Recursively validate value limits (array lengths, string lengths)
+ */
+function validateValueLimits(node, options) {
+    if ((0, ast_1.isComparisonNode)(node)) {
+        const { value, field } = node;
+        // Check array length
+        if (options.maxArrayLength !== undefined && Array.isArray(value)) {
+            if (value.length > options.maxArrayLength) {
+                throw new errors_1.ValidationError(`Array value for field '${field}' has ${value.length} items - maximum allowed is ${options.maxArrayLength}`, field);
+            }
+        }
+        // Check string length
+        if (options.maxStringLength !== undefined && typeof value === 'string') {
+            if (value.length > options.maxStringLength) {
+                throw new errors_1.ValidationError(`String value for field '${field}' has ${value.length} characters - maximum allowed is ${options.maxStringLength}`, field);
+            }
+        }
+        // Check string lengths inside arrays
+        if (options.maxStringLength !== undefined && Array.isArray(value)) {
+            for (const item of value) {
+                if (typeof item === 'string' && item.length > options.maxStringLength) {
+                    throw new errors_1.ValidationError(`String value in array for field '${field}' has ${item.length} characters - maximum allowed is ${options.maxStringLength}`, field);
+                }
+            }
+        }
+    }
+    else if ((0, ast_1.isLogicalNode)(node)) {
+        validateValueLimits(node.left, options);
+        validateValueLimits(node.right, options);
+    }
+}
 /**
  * Recursively validate a node
  */
@@ -91,4 +140,22 @@ function extractOperatorsRecursive(node, operators) {
         extractOperatorsRecursive(node.right, operators);
     }
 }
+/**
+ * Compute depth and node count for a query AST
+ */
+function computeComplexity(node) {
+    if ((0, ast_1.isComparisonNode)(node)) {
+        return { depth: 1, nodes: 1 };
+    }
+    if ((0, ast_1.isLogicalNode)(node)) {
+        const left = computeComplexity(node.left);
+        const right = computeComplexity(node.right);
+        return {
+            depth: 1 + Math.max(left.depth, right.depth),
+            nodes: 1 + left.nodes + right.nodes,
+        };
+    }
+    // Fallback (should not happen with current QastNode types)
+    return { depth: 1, nodes: 1 };
+}
 //# sourceMappingURL=validator.js.map

package/dist/parser/validator.js.map

@@ -1 +1 @@
-{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/parser/validator.ts"],"names":[],"mappings":";;AAOA,sCAEC;AA4DD,sCAIC;AAiBD,4CAIC;AA7FD,sCAA4C;AAC5C,sCAA+D;AAE/D;;GAEG;AACH,SAAgB,aAAa,CAAC,GAAa,EAAE,SAA2B;IACtE,YAAY,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,IAAc,EAAE,SAA2B;IAC/D,IAAI,IAAA,sBAAgB,EAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,sBAAsB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAC1C,CAAC;SAAM,IAAI,IAAA,mBAAa,EAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,mBAAmB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,IAAoB,EAAE,SAA2B;IAC/E,iBAAiB;IACjB,IAAI,SAAS,CAAC,aAAa,IAAI,SAAS,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,wBAAe,CACvB,UAAU,IAAI,CAAC,KAAK,qCAAqC,SAAS,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAC7F,IAAI,CAAC,KAAK,CACX,CAAC;QACJ,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,IAAI,SAAS,CAAC,gBAAgB,IAAI,SAAS,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxE,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,wBAAe,CACvB,aAAa,IAAI,CAAC,EAAE,wCAAwC,SAAS,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EACnG,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,EAAE,CACR,CAAC;QACJ,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,IAAI,IAAI,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,wBAAe,CACvB,8CAA8C,OAAO,IAAI,CAAC,KAAK,EAAE,EACjE,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,EAAE,CACR,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,IAAiB,EAAE,SAA2B;IACzE,+CAA+C;IAC/C,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACnC,YAAY,CAAC,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAAC,GAAa;IACzC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,sBAAsB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACpC,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,uBAAuB;AACtD,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,IAAc,EAAE,MAAgB;IAC9D,IAAI,IAAA,sBAAgB,EAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1B,CAAC;SAAM,IAAI,IAAA,mBAAa,EAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,sBAAsB,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC1C,sBAAsB,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC7C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,GAAa;IAC5C,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yBAAyB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,0BAA0B;AAC5D,CAAC;AAED;;GAEG;AACH,SAAS,yBAAyB,CAAC,IAAc,EAAE,SAAqB;IACtE,IAAI,IAAA,sBAAgB,EAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1B,CAAC;SAAM,IAAI,IAAA,mBAAa,EAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,yBAAyB,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAChD,yBAAyB,CAAC,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC;AACH,CAAC"}
+{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/parser/validator.ts"],"names":[],"mappings":";;AAOA,sCAEC;AAKD,0DAmBC;AAwGD,sCAIC;AAiBD,4CAIC;AAjKD,sCAA4C;AAC5C,sCAA+D;AAE/D;;GAEG;AACH,SAAgB,aAAa,CAAC,GAAa,EAAE,SAA2B;IACtE,YAAY,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,SAAgB,uBAAuB,CAAC,GAAa,EAAE,OAA0B;IAC/E,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAEhD,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,IAAI,KAAK,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;QAC/D,MAAM,IAAI,wBAAe,CACvB,qCAAqC,KAAK,gCAAgC,OAAO,CAAC,QAAQ,EAAE,CAC7F,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,IAAI,KAAK,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;QAC/D,MAAM,IAAI,wBAAe,CACvB,oCAAoC,KAAK,gCAAgC,OAAO,CAAC,QAAQ,EAAE,CAC5F,CAAC;IACJ,CAAC;IAED,8CAA8C;IAC9C,IAAI,OAAO,CAAC,cAAc,KAAK,SAAS,IAAI,OAAO,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;QAClF,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,IAAc,EAAE,OAA0B;IACrE,IAAI,IAAA,sBAAgB,EAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;QAE9B,qBAAqB;QACrB,IAAI,OAAO,CAAC,cAAc,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACjE,IAAI,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;gBAC1C,MAAM,IAAI,wBAAe,CACvB,0BAA0B,KAAK,SAAS,KAAK,CAAC,MAAM,+BAA+B,OAAO,CAAC,cAAc,EAAE,EAC3G,KAAK,CACN,CAAC;YACJ,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,OAAO,CAAC,eAAe,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACvE,IAAI,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;gBAC3C,MAAM,IAAI,wBAAe,CACvB,2BAA2B,KAAK,SAAS,KAAK,CAAC,MAAM,oCAAoC,OAAO,CAAC,eAAe,EAAE,EAClH,KAAK,CACN,CAAC;YACJ,CAAC;QACH,CAAC;QAED,qCAAqC;QACrC,IAAI,OAAO,CAAC,eAAe,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAClE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;oBACtE,MAAM,IAAI,wBAAe,CACvB,oCAAoC,KAAK,SAAS,IAAI,CAAC,MAAM,oCAAoC,OAAO,CAAC,eAAe,EAAE,EAC1H,KAAK,CACN,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;SAAM,IAAI,IAAA,mBAAa,EAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACxC,mBAAmB,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,IAAc,EAAE,SAA2B;IAC/D,IAAI,IAAA,sBAAgB,EAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,sBAAsB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAC1C,CAAC;SAAM,IAAI,IAAA,mBAAa,EAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,mBAAmB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,IAAoB,EAAE,SAA2B;IAC/E,iBAAiB;IACjB,IAAI,SAAS,CAAC,aAAa,IAAI,SAAS,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,wBAAe,CACvB,UAAU,IAAI,CAAC,KAAK,qCAAqC,SAAS,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAC7F,IAAI,CAAC,KAAK,CACX,CAAC;QACJ,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,IAAI,SAAS,CAAC,gBAAgB,IAAI,SAAS,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxE,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,wBAAe,CACvB,aAAa,IAAI,CAAC,EAAE,wCAAwC,SAAS,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EACnG,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,EAAE,CACR,CAAC;QACJ,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,IAAI,IAAI,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,wBAAe,CACvB,8CAA8C,OAAO,IAAI,CAAC,KAAK,EAAE,EACjE,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,EAAE,CACR,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,IAAiB,EAAE,SAA2B;IACzE,+CAA+C;IAC/C,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACnC,YAAY,CAAC,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAAC,GAAa;IACzC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,sBAAsB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACpC,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,uBAAuB;AACtD,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,IAAc,EAAE,MAAgB;IAC9D,IAAI,IAAA,sBAAgB,EAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1B,CAAC;SAAM,IAAI,IAAA,mBAAa,EAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,sBAAsB,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC1C,sBAAsB,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC7C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,GAAa;IAC5C,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yBAAyB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,0BAA0B;AAC5D,CAAC;AAED;;GAEG;AACH,SAAS,yBAAyB,CAAC,IAAc,EAAE,SAAqB;IACtE,IAAI,IAAA,sBAAgB,EAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1B,CAAC;SAAM,IAAI,IAAA,mBAAa,EAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,yBAAyB,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAChD,yBAAyB,CAAC,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,IAAc;IACvC,IAAI,IAAA,sBAAgB,EAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IAChC,CAAC;IAED,IAAI,IAAA,mBAAa,EAAC,IAAI,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5C,OAAO;YACL,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC;YAC5C,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK;SACpC,CAAC;IACJ,CAAC;IAED,2DAA2D;IAC3D,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;AAChC,CAAC"}

package/dist/types/ast.d.ts

@@ -55,6 +55,28 @@ export interface ParseOptions {
      * Whether to validate the query against whitelists after parsing
      */
     validate?: boolean;
+    /**
+     * Maximum allowed depth of the AST (to limit nested logical expressions)
+     * e.g. a simple comparison has depth 1, `(a and b) or c` has depth 2.
+     */
+    maxDepth?: number;
+    /**
+     * Maximum allowed number of nodes in the AST (to limit overall complexity)
+     * Each comparison or logical node counts as 1.
+     */
+    maxNodes?: number;
+    /**
+     * Maximum allowed length of the raw query string (checked before parsing)
+     */
+    maxQueryLength?: number;
+    /**
+     * Maximum allowed length of array values (for 'in' operator)
+     */
+    maxArrayLength?: number;
+    /**
+     * Maximum allowed length of string values
+     */
+    maxStringLength?: number;
 }
 /**
  * Options for query validation
@@ -69,4 +91,25 @@ export interface WhitelistOptions {
      */
     allowedOperators?: Operator[];
 }
+/**
+ * Options for query complexity validation
+ */
+export interface ComplexityOptions {
+    /**
+     * Maximum allowed depth of the AST.
+     */
+    maxDepth?: number;
+    /**
+     * Maximum allowed number of nodes in the AST.
+     */
+    maxNodes?: number;
+    /**
+     * Maximum allowed length of array values (for 'in' operator).
+     */
+    maxArrayLength?: number;
+    /**
+     * Maximum allowed length of string values.
+     */
+    maxStringLength?: number;
+}
 //# sourceMappingURL=ast.d.ts.map

package/dist/types/ast.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ast.d.ts","sourceRoot":"","sources":["../../src/types/ast.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,KAAK,GAAG,KAAK,GAAG,IAAI,GAAG,UAAU,GAAG,YAAY,GAAG,UAAU,CAAC;AAEjH;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,GAAG,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;AAE/E;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,IAAI,CAAC;AAE3C;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,YAAY,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,EAAE,EAAE,QAAQ,CAAC;IACb,KAAK,EAAE,SAAS,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,eAAe,CAAC;IACtB,IAAI,EAAE,QAAQ,CAAC;IACf,KAAK,EAAE,QAAQ,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,WAAW,GAAG,cAAc,CAAC;AAEpD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,QAAQ,GAAG,IAAI,IAAI,cAAc,CAEvE;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,QAAQ,GAAG,IAAI,IAAI,WAAW,CAEjE;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;OAEG;IACH,gBAAgB,CAAC,EAAE,QAAQ,EAAE,CAAC;IAE9B;;OAEG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;OAEG;IACH,gBAAgB,CAAC,EAAE,QAAQ,EAAE,CAAC;CAC/B"}
+{"version":3,"file":"ast.d.ts","sourceRoot":"","sources":["../../src/types/ast.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,KAAK,GAAG,KAAK,GAAG,IAAI,GAAG,UAAU,GAAG,YAAY,GAAG,UAAU,CAAC;AAEjH;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,GAAG,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;AAE/E;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,IAAI,CAAC;AAE3C;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,YAAY,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,EAAE,EAAE,QAAQ,CAAC;IACb,KAAK,EAAE,SAAS,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,eAAe,CAAC;IACtB,IAAI,EAAE,QAAQ,CAAC;IACf,KAAK,EAAE,QAAQ,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,WAAW,GAAG,cAAc,CAAC;AAEpD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,QAAQ,GAAG,IAAI,IAAI,cAAc,CAEvE;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,QAAQ,GAAG,IAAI,IAAI,WAAW,CAEjE;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;OAEG;IACH,gBAAgB,CAAC,EAAE,QAAQ,EAAE,CAAC;IAE9B;;OAEG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;IAEnB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB;;OAEG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;OAEG;IACH,gBAAgB,CAAC,EAAE,QAAQ,EAAE,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB;;OAEG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "qast",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "Query to AST to ORM - Parse human-readable query strings into AST and transform them into ORM-compatible filters",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -59,16 +59,15 @@
   },
   "devDependencies": {
     "@types/jest": "^29.5.0",
-    "@types/node": "^20.0.0",
-    "jest": "^29.5.0",
+    "@types/node": "^24.10.1",
+    "jest": "^30.2.0",
     "ts-jest": "^29.1.0",
     "typescript": "^5.0.0"
   },
-  "dependencies": {},
   "peerDependencies": {
     "@prisma/client": "*",
-    "typeorm": "*",
-    "sequelize": "*"
+    "sequelize": "*",
+    "typeorm": "*"
   },
   "peerDependenciesMeta": {
     "@prisma/client": {
@@ -80,6 +79,6 @@
     "sequelize": {
       "optional": true
     }
-  }
+  },
+  "dependencies": {}
 }
-