turbine-orm 0.7.0 → 0.7.1

package/dist/cjs/errors.js

@@ -6,7 +6,9 @@
  * All Turbine errors extend TurbineError which includes a `code` property.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CheckConstraintError = exports.NotNullViolationError = exports.ForeignKeyError = exports.UniqueConstraintError = exports.CircularRelationError = exports.MigrationError = exports.RelationError = exports.ConnectionError = exports.ValidationError = exports.TimeoutError = exports.NotFoundError = exports.TurbineError = exports.TurbineErrorCode = void 0;
+exports.CheckConstraintError = exports.SerializationFailureError = exports.DeadlockError = exports.NotNullViolationError = exports.ForeignKeyError = exports.UniqueConstraintError = exports.CircularRelationError = exports.MigrationError = exports.RelationError = exports.ConnectionError = exports.ValidationError = exports.TimeoutError = exports.NotFoundError = exports.TurbineError = exports.TurbineErrorCode = void 0;
+exports.setErrorMessageMode = setErrorMessageMode;
+exports.getErrorMessageMode = getErrorMessageMode;
 exports.wrapPgError = wrapPgError;
 /** Error codes for all Turbine errors */
 exports.TurbineErrorCode = {
@@ -21,6 +23,8 @@ exports.TurbineErrorCode = {
     FOREIGN_KEY_VIOLATION: 'TURBINE_E009',
     NOT_NULL_VIOLATION: 'TURBINE_E010',
     CHECK_VIOLATION: 'TURBINE_E011',
+    DEADLOCK_DETECTED: 'TURBINE_E012',
+    SERIALIZATION_FAILURE: 'TURBINE_E013',
 };
 /** Base error class for all Turbine errors */
 class TurbineError extends Error {
@@ -32,6 +36,47 @@ class TurbineError extends Error {
     }
 }
 exports.TurbineError = TurbineError;
+let errorMessageMode = 'safe';
+/**
+ * Set the global NotFoundError message mode. Called from the TurbineClient
+ * constructor when `TurbineConfig.errorMessages` is provided.
+ *
+ *   - `'safe'`    (default): the message includes only the keys of the where
+ *     clause (e.g. `where: { id, email }`). Values are redacted.
+ *   - `'verbose'`: the message includes the full JSON-serialized where
+ *     clause (e.g. `where: {"id":1,"email":"alice@x.com"}`).
+ */
+function setErrorMessageMode(mode) {
+    errorMessageMode = mode;
+}
+/** Returns the current NotFoundError message mode. Exported for tests. */
+function getErrorMessageMode() {
+    return errorMessageMode;
+}
+/**
+ * Render a `where` clause for error messages. In 'safe' mode (the default),
+ * only the keys are shown; values are stripped to avoid leaking PII into logs.
+ * Nested AND/OR/NOT combinators are recursively rendered.
+ */
+function renderWhereForMessage(where, mode) {
+    if (mode === 'verbose') {
+        try {
+            return JSON.stringify(where);
+        }
+        catch {
+            return '[unserializable]';
+        }
+    }
+    // safe mode: keys only
+    if (where === null || where === undefined)
+        return '';
+    if (typeof where !== 'object')
+        return '';
+    const keys = Object.keys(where);
+    if (keys.length === 0)
+        return '{}';
+    return `{ ${keys.join(', ')} }`;
+}
 /**
  * Thrown when a record is not found (findUniqueOrThrow, findFirstOrThrow,
  * update/delete against a non-matching row, etc.)
@@ -41,8 +86,16 @@ exports.TurbineError = TurbineError;
  *   - `new NotFoundError({ table, where, operation, cause, message })`
  *
  * When called with an options object and no explicit `message`, a Prisma-style
- * message is built automatically, e.g.:
+ * message is built automatically. By default, only the where-clause keys are
+ * shown to avoid leaking PII into logs:
+ *   `[turbine] findUniqueOrThrow on "users" found no record matching where: { id }`
+ *
+ * Set `setErrorMessageMode('verbose')` (or pass `errorMessages: 'verbose'` to
+ * the TurbineClient constructor) to include the full where values:
  *   `[turbine] findUniqueOrThrow on "users" found no record matching where: {"id":1}`
+ *
+ * The full `where` object, `table`, and `operation` are always available as
+ * structured properties on the error instance regardless of mode.
  */
 class NotFoundError extends TurbineError {
     table;
@@ -59,11 +112,11 @@ class NotFoundError extends TurbineError {
         let message = input.message;
         if (!message) {
             if (operation && table) {
-                const wherePart = where !== undefined ? ` matching where: ${JSON.stringify(where)}` : '';
+                const wherePart = where !== undefined ? ` matching where: ${renderWhereForMessage(where, errorMessageMode)}` : '';
                 message = `[turbine] ${operation} on "${table}" found no record${wherePart}`;
             }
             else if (table) {
-                const wherePart = where !== undefined ? ` matching where ${JSON.stringify(where)}` : '';
+                const wherePart = where !== undefined ? ` matching where ${renderWhereForMessage(where, errorMessageMode)}` : '';
                 message = `[turbine] No record found in "${table}"${wherePart}`;
             }
             else {
@@ -209,6 +262,73 @@ class NotNullViolationError extends TurbineError {
     }
 }
 exports.NotNullViolationError = NotNullViolationError;
+/**
+ * Thrown when Postgres detects a deadlock (pg code 40P01).
+ *
+ * This error is **retryable** — when caught, callers can safely retry the
+ * transaction (typically with backoff). Catch it explicitly:
+ *
+ * ```ts
+ * try {
+ *   await db.$transaction(async (tx) => { ... });
+ * } catch (err) {
+ *   if (err instanceof DeadlockError) {
+ *     // safe to retry
+ *   }
+ * }
+ * ```
+ */
+class DeadlockError extends TurbineError {
+    /** Marks this error as safe to retry */
+    isRetryable = true;
+    constraint;
+    constructor(opts = {}) {
+        const { constraint, cause } = opts;
+        let message = opts.message;
+        if (!message) {
+            const pgMessage = cause?.message;
+            message = pgMessage ? `[turbine] Deadlock detected: ${pgMessage}` : '[turbine] Deadlock detected';
+        }
+        super(exports.TurbineErrorCode.DEADLOCK_DETECTED, message, { cause });
+        this.name = 'DeadlockError';
+        this.constraint = constraint;
+    }
+}
+exports.DeadlockError = DeadlockError;
+/**
+ * Thrown when a Serializable transaction fails due to a serialization
+ * conflict (pg code 40001 — `could not serialize access due to ...`).
+ *
+ * This error is **retryable** — by Postgres documentation, the recommended
+ * response is to re-run the entire transaction. Catch it explicitly:
+ *
+ * ```ts
+ * try {
+ *   await db.$transaction(async (tx) => { ... }, { isolationLevel: 'Serializable' });
+ * } catch (err) {
+ *   if (err instanceof SerializationFailureError) {
+ *     // safe to retry the whole transaction
+ *   }
+ * }
+ * ```
+ */
+class SerializationFailureError extends TurbineError {
+    /** Marks this error as safe to retry */
+    isRetryable = true;
+    constructor(opts = {}) {
+        const { cause } = opts;
+        let message = opts.message;
+        if (!message) {
+            const pgMessage = cause?.message;
+            message = pgMessage
+                ? `[turbine] Serializable transaction conflict: ${pgMessage}`
+                : '[turbine] Serializable transaction conflict';
+        }
+        super(exports.TurbineErrorCode.SERIALIZATION_FAILURE, message, { cause });
+        this.name = 'SerializationFailureError';
+    }
+}
+exports.SerializationFailureError = SerializationFailureError;
 /** Thrown when a CHECK constraint is violated (pg code 23514) */
 class CheckConstraintError extends TurbineError {
     constraint;
@@ -250,6 +370,8 @@ function parseColumnsFromDetail(detail) {
  *   23503 (foreign_key_violation) -> ForeignKeyError
  *   23502 (not_null_violation)    -> NotNullViolationError
  *   23514 (check_violation)       -> CheckConstraintError
+ *   40P01 (deadlock_detected)     -> DeadlockError       (retryable)
+ *   40001 (serialization_failure) -> SerializationFailureError (retryable)
  *
  * The original pg error is preserved as `.cause` on the wrapped error.
  */
@@ -287,6 +409,15 @@ function wrapPgError(err) {
                 table: e.table,
                 cause: err,
             });
+        case '40P01':
+            return new DeadlockError({
+                constraint: e.constraint,
+                cause: err,
+            });
+        case '40001':
+            return new SerializationFailureError({
+                cause: err,
+            });
         default:
             return err;
     }

package/dist/cjs/generate.js

@@ -11,6 +11,7 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.generate = generate;
+exports.generateTypes = generateTypes;
 const node_fs_1 = require("node:fs");
 const node_path_1 = require("node:path");
 const schema_js_1 = require("./schema.js");
@@ -63,8 +64,33 @@ function generatedFileHeader() {
         '',
     ];
 }
+/**
+ * Generate the contents of `types.ts` (entity interfaces, *Create / *Update,
+ * and *Relations brand-field interfaces). Exported so tests can pin the
+ * generator output without writing files to disk.
+ */
 function generateTypes(schema) {
     const lines = [...generatedFileHeader()];
+    // We import UpdateOperatorInput so generated *Update types can express
+    // atomic increment / decrement / multiply / divide / set operators on
+    // numeric columns (TASK-3.4).
+    //
+    // RelationDescriptor is the brand-field interface that lets `WithResult`
+    // recurse through nested `with` clauses at any depth. The generator emits
+    // each `*Relations` member as a `RelationDescriptor<Target, Cardinality,
+    // TargetRelations>` so users get full deep `with`-clause type inference
+    // out of the box (TASK-2.1).
+    lines.push("import type { RelationDescriptor, UpdateOperatorInput } from 'turbine-orm';");
+    lines.push('');
+    // Pre-compute which tables have relations so we know whether to thread
+    // `${TargetType}Relations` (for deep inference) or `{}` (the no-relations
+    // default) into each `RelationDescriptor`. Built once up-front because
+    // relations can point at tables we haven't iterated to yet.
+    const tablesWithRelations = new Set();
+    for (const t of Object.values(schema.tables)) {
+        if (Object.keys(t.relations).length > 0)
+            tablesWithRelations.add(t.name);
+    }
     // Generate enum types
     for (const [enumName, labels] of Object.entries(schema.enums)) {
         const typeName = (0, schema_js_1.snakeToPascal)(enumName);
@@ -106,27 +132,33 @@ function generateTypes(schema) {
         lines.push('};');
         lines.push('');
         // --- Update input type (all fields optional except PK) ---
+        // Numeric columns additionally accept `UpdateOperatorInput<number>` so
+        // users can write `{ viewCount: { increment: 1 } }` without an `as any`.
         const nonPkCols = table.columns.filter((c) => !table.primaryKey.includes(c.name));
         lines.push(`/** Input type for updating a row in \`${table.name}\` */`);
         lines.push(`export type ${typeName}Update = {`);
         for (const col of nonPkCols) {
-            lines.push(`  ${col.field}?: ${col.tsType};`);
+            lines.push(`  ${col.field}?: ${updateFieldType(col.tsType)};`);
         }
         lines.push('};');
         lines.push('');
         // --- Relations map (for type-safe `with` clauses) ---
+        //
+        // Each relation is emitted as a `RelationDescriptor<Target, Cardinality,
+        // TargetRelations>` brand-field interface. This is what enables the
+        // recursive `WithResult` type to walk through nested `with` clauses at
+        // any depth — `RelationRelations<R[K]>` reads the third type parameter
+        // and threads it into the next recursion step. If the target table has
+        // no relations of its own, the descriptor uses `{}` (the default).
         const hasRelations = Object.keys(table.relations).length > 0;
         if (hasRelations) {
             lines.push(`/** Available relations for the \`${table.name}\` table */`);
             lines.push(`export interface ${typeName}Relations {`);
             for (const [relName, rel] of Object.entries(table.relations)) {
                 const targetType = entityName(rel.to);
-                if (rel.type === 'hasMany') {
-                    lines.push(`  ${relName}: ${targetType}[];`);
-                }
-                else {
-                    lines.push(`  ${relName}: ${targetType} | null;`);
-                }
+                const cardinality = rel.type === 'hasMany' ? "'many'" : "'one'";
+                const targetRelations = tablesWithRelations.has(rel.to) ? `${targetType}Relations` : '{}';
+                lines.push(`  ${relName}: RelationDescriptor<${targetType}, ${cardinality}, ${targetRelations}>;`);
             }
             lines.push('}');
             lines.push('');
@@ -230,8 +262,8 @@ function generateIndex(schema) {
     const tableEntries = Object.values(schema.tables);
     const lines = [
         ...generatedFileHeader(),
-        "import { TurbineClient as BaseTurbineClient, QueryInterface } from 'turbine-orm';",
-        "import type { TurbineConfig } from 'turbine-orm';",
+        "import { TurbineClient as BaseTurbineClient, TransactionClient as BaseTransactionClient, QueryInterface } from 'turbine-orm';",
+        "import type { TurbineConfig, TransactionOptions } from 'turbine-orm';",
         "import { SCHEMA } from './metadata.js';",
     ];
     // Import all entity types and relations maps
@@ -244,6 +276,41 @@ function generateIndex(schema) {
     }
     lines.push(`import type { ${typeImports.join(', ')} } from './types.js';`);
     lines.push('');
+    // -------------------------------------------------------------------------
+    // TypedTransactionClient — same typed table accessors as TurbineClient,
+    // but scoped to a single transaction connection. The runtime instance is
+    // an ordinary `TransactionClient` from turbine-orm; this declaration just
+    // teaches TypeScript about the auto-attached accessors so users get
+    // autocomplete inside `db.$transaction(async (tx) => tx.users.create(...))`.
+    // -------------------------------------------------------------------------
+    lines.push('/**');
+    lines.push(' * Transaction-scoped client with the same typed table accessors as TurbineClient.');
+    lines.push(' * Created automatically by `db.$transaction(async (tx) => ...)` — never instantiate');
+    lines.push(' * directly. All queries run on a dedicated connection within a BEGIN/COMMIT block.');
+    lines.push(' */');
+    lines.push('export class TypedTransactionClient extends BaseTransactionClient {');
+    for (const table of tableEntries) {
+        const typeName = entityName(table.name);
+        const accessor = snakeToCamelStr(table.name);
+        const hasRelations = Object.keys(table.relations).length > 0;
+        const genericArgs = hasRelations ? `${typeName}, ${typeName}Relations` : typeName;
+        lines.push(`  /** Query interface for the \`${table.name}\` table (transaction-scoped) */`);
+        lines.push(`  declare readonly ${accessor}: QueryInterface<${genericArgs}>;`);
+    }
+    lines.push('}');
+    lines.push('');
+    // Augment the class with a typed `$transaction` overload via interface
+    // merging. This adds an additional callable signature whose callback
+    // parameter is narrowed to `TypedTransactionClient`, while the base
+    // signature (callback parameter `BaseTransactionClient`) remains valid.
+    lines.push('export interface TypedTransactionClient {');
+    lines.push('  /**');
+    lines.push('   * Nested transaction via SAVEPOINT. The callback receives a typed');
+    lines.push('   * `TypedTransactionClient` so all table accessors auto-complete.');
+    lines.push('   */');
+    lines.push('  $transaction<R>(fn: (tx: TypedTransactionClient) => Promise<R>): Promise<R>;');
+    lines.push('}');
+    lines.push('');
     // Generate the client class with JSDoc
     lines.push('/**');
     lines.push(' * Generated Turbine client with typed table accessors.');
@@ -278,6 +345,22 @@ function generateIndex(schema) {
     lines.push('  }');
     lines.push('}');
     lines.push('');
+    // Augment TurbineClient via interface merging with a typed $transaction
+    // overload. The callback parameter is narrowed to `TypedTransactionClient`
+    // so users get autocomplete on `tx.users`, `tx.posts`, etc. The base
+    // signature (callback parameter `BaseTransactionClient`) remains valid as
+    // an overload, so prior usage continues to typecheck.
+    lines.push('export interface TurbineClient {');
+    lines.push('  /**');
+    lines.push('   * Run a callback inside a transaction. The callback receives a typed');
+    lines.push('   * `TypedTransactionClient` with autocompletion for every table accessor.');
+    lines.push('   */');
+    lines.push('  $transaction<R>(');
+    lines.push('    fn: (tx: TypedTransactionClient) => Promise<R>,');
+    lines.push('    options?: TransactionOptions,');
+    lines.push('  ): Promise<R>;');
+    lines.push('}');
+    lines.push('');
     // Factory function with JSDoc
     lines.push('/**');
     lines.push(' * Create a new Turbine client instance.');
@@ -319,3 +402,31 @@ function quoteIfNeeded(s) {
 function snakeToCamelStr(s) {
     return s.replace(/_([a-z])/g, (_, c) => c.toUpperCase());
 }
+/**
+ * Build the update-input field type for a column. Numeric columns become
+ * `T | UpdateOperatorInput<number> | null?` so users can write atomic
+ * operators (`{ increment: 1 }`, `{ multiply: 2 }`, etc.) without casts.
+ *
+ * The check is purely structural — if the column's TS type contains
+ * `'number'` (e.g. `number`, `number | null`), it's eligible. Other
+ * scalar types (`string`, `boolean`, `Date`, `unknown`, `Buffer`,
+ * `Date | null`, etc.) pass through unchanged.
+ */
+function updateFieldType(tsType) {
+    // Strip parens for the regex check; preserve the original string in the output.
+    if (containsNumberType(tsType)) {
+        return `${tsType} | UpdateOperatorInput<number>`;
+    }
+    return tsType;
+}
+/**
+ * Detect whether a TypeScript type expression contains the `number` primitive
+ * as a top-level union member. Conservative on purpose — only matches
+ * `number`, `number | null`, `null | number`, etc., not `number[]` or
+ * `Record<string, number>`.
+ */
+function containsNumberType(tsType) {
+    // Tokenize on `|` and check each member.
+    const parts = tsType.split('|').map((p) => p.trim());
+    return parts.some((p) => p === 'number');
+}

package/dist/cjs/index.js

@@ -34,7 +34,7 @@
  * ```
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.turbineHttp = exports.schemaToSQLString = exports.schemaToSQL = exports.schemaPush = exports.schemaDiff = exports.table = exports.defineSchema = exports.column = exports.ColumnBuilder = exports.snakeToPascal = exports.snakeToCamel = exports.singularize = exports.pgTypeToTs = exports.pgArrayType = exports.isDateType = exports.camelToSnake = exports.QueryInterface = exports.executePipeline = exports.introspect = exports.generate = exports.wrapPgError = exports.ValidationError = exports.UniqueConstraintError = exports.TurbineErrorCode = exports.TurbineError = exports.TimeoutError = exports.RelationError = exports.NotNullViolationError = exports.NotFoundError = exports.MigrationError = exports.ForeignKeyError = exports.ConnectionError = exports.CircularRelationError = exports.CheckConstraintError = exports.TurbineClient = exports.TransactionClient = void 0;
+exports.turbineHttp = exports.schemaToSQLString = exports.schemaToSQL = exports.schemaPush = exports.schemaDiff = exports.table = exports.defineSchema = exports.column = exports.ColumnBuilder = exports.snakeToPascal = exports.snakeToCamel = exports.singularize = exports.pgTypeToTs = exports.pgArrayType = exports.isDateType = exports.camelToSnake = exports.QueryInterface = exports.executePipeline = exports.introspect = exports.generate = exports.wrapPgError = exports.ValidationError = exports.UniqueConstraintError = exports.TurbineErrorCode = exports.TurbineError = exports.TimeoutError = exports.setErrorMessageMode = exports.SerializationFailureError = exports.RelationError = exports.NotNullViolationError = exports.NotFoundError = exports.MigrationError = exports.getErrorMessageMode = exports.ForeignKeyError = exports.DeadlockError = exports.ConnectionError = exports.CircularRelationError = exports.CheckConstraintError = exports.TurbineClient = exports.TransactionClient = void 0;
 // Client
 var client_js_1 = require("./client.js");
 Object.defineProperty(exports, "TransactionClient", { enumerable: true, get: function () { return client_js_1.TransactionClient; } });
@@ -44,11 +44,15 @@ var errors_js_1 = require("./errors.js");
 Object.defineProperty(exports, "CheckConstraintError", { enumerable: true, get: function () { return errors_js_1.CheckConstraintError; } });
 Object.defineProperty(exports, "CircularRelationError", { enumerable: true, get: function () { return errors_js_1.CircularRelationError; } });
 Object.defineProperty(exports, "ConnectionError", { enumerable: true, get: function () { return errors_js_1.ConnectionError; } });
+Object.defineProperty(exports, "DeadlockError", { enumerable: true, get: function () { return errors_js_1.DeadlockError; } });
 Object.defineProperty(exports, "ForeignKeyError", { enumerable: true, get: function () { return errors_js_1.ForeignKeyError; } });
+Object.defineProperty(exports, "getErrorMessageMode", { enumerable: true, get: function () { return errors_js_1.getErrorMessageMode; } });
 Object.defineProperty(exports, "MigrationError", { enumerable: true, get: function () { return errors_js_1.MigrationError; } });
 Object.defineProperty(exports, "NotFoundError", { enumerable: true, get: function () { return errors_js_1.NotFoundError; } });
 Object.defineProperty(exports, "NotNullViolationError", { enumerable: true, get: function () { return errors_js_1.NotNullViolationError; } });
 Object.defineProperty(exports, "RelationError", { enumerable: true, get: function () { return errors_js_1.RelationError; } });
+Object.defineProperty(exports, "SerializationFailureError", { enumerable: true, get: function () { return errors_js_1.SerializationFailureError; } });
+Object.defineProperty(exports, "setErrorMessageMode", { enumerable: true, get: function () { return errors_js_1.setErrorMessageMode; } });
 Object.defineProperty(exports, "TimeoutError", { enumerable: true, get: function () { return errors_js_1.TimeoutError; } });
 Object.defineProperty(exports, "TurbineError", { enumerable: true, get: function () { return errors_js_1.TurbineError; } });
 Object.defineProperty(exports, "TurbineErrorCode", { enumerable: true, get: function () { return errors_js_1.TurbineErrorCode; } });

package/dist/cjs/query.js

@@ -75,6 +75,14 @@ function isWhereOperator(value) {
 const UPDATE_OPERATOR_KEYS = new Set(['set', 'increment', 'decrement', 'multiply', 'divide']);
 /** Known JSONB operator keys */
 const JSONB_OPERATOR_KEYS = new Set(['path', 'equals', 'contains', 'hasKey']);
+/**
+ * JSONB operator keys that are *unique* to {@link JsonFilter} — they cannot
+ * appear in any other where-filter shape, so the presence of one of these is
+ * an unambiguous signal that the user meant a JSON filter. Used by the
+ * strict-validation path so that `{ contains: 'foo' }` (which is also a valid
+ * `WhereOperator` for LIKE) is not misclassified.
+ */
+const JSONB_UNIQUE_KEYS = new Set(['path', 'equals', 'hasKey']);
 /** Check if a value is a JSONB filter object */
 function isJsonFilter(value) {
     if (value === null ||
@@ -87,8 +95,27 @@ function isJsonFilter(value) {
     const keys = Object.keys(value);
     return keys.length > 0 && keys.some((k) => JSONB_OPERATOR_KEYS.has(k));
 }
+/**
+ * Returns the first JSON-unique key found in `value`, or `null` if none.
+ * Used to drive the strict-validation error message.
+ */
+function findJsonUniqueKey(value) {
+    for (const k of Object.keys(value)) {
+        if (JSONB_UNIQUE_KEYS.has(k))
+            return k;
+    }
+    return null;
+}
 /** Known Array operator keys */
 const ARRAY_OPERATOR_KEYS = new Set(['has', 'hasEvery', 'hasSome', 'isEmpty']);
+/**
+ * Array operator keys that are *unique* to {@link ArrayFilter}. None of the
+ * array operators currently overlap with `WhereOperator` or `JsonFilter`, so
+ * this set equals {@link ARRAY_OPERATOR_KEYS}; it is kept as a separate
+ * constant so a future overlap (e.g. a `contains` for arrays) is easy to
+ * carve out.
+ */
+const ARRAY_UNIQUE_KEYS = new Set(['has', 'hasEvery', 'hasSome', 'isEmpty']);
 /** Check if a value is an Array filter object */
 function isArrayFilter(value) {
     if (value === null ||
@@ -101,6 +128,17 @@ function isArrayFilter(value) {
     const keys = Object.keys(value);
     return keys.length > 0 && keys.some((k) => ARRAY_OPERATOR_KEYS.has(k));
 }
+/**
+ * Returns the first array-unique key found in `value`, or `null` if none.
+ * Used to drive the strict-validation error message.
+ */
+function findArrayUniqueKey(value) {
+    for (const k of Object.keys(value)) {
+        if (ARRAY_UNIQUE_KEYS.has(k))
+            return k;
+    }
+    return null;
+}
 // ---------------------------------------------------------------------------
 // LRU cache — bounded SQL template cache to prevent memory leaks
 // ---------------------------------------------------------------------------
@@ -150,6 +188,15 @@ class QueryInterface {
     middlewares;
     defaultLimit;
     warnOnUnlimited;
+    /**
+     * Tracks tables that have already triggered an unlimited-query warning so
+     * the user is not spammed once per row. Per-instance state — each
+     * QueryInterface is bound to a single table, so this set will only ever
+     * contain at most one entry, but using a Set keeps the API consistent with
+     * the audit's "Set<string>" guidance and leaves room for future
+     * cross-table sharing.
+     */
+    warnedTables = new Set();
     /** Pre-computed column type lookups (avoids linear scans per query) */
     columnPgTypeMap;
     columnArrayTypeMap;
@@ -164,7 +211,10 @@ class QueryInterface {
         this.tableMeta = meta;
         this.middlewares = middlewares ?? [];
         this.defaultLimit = options?.defaultLimit;
-        this.warnOnUnlimited = options?.warnOnUnlimited ?? false;
+        // Default to ON: surfacing accidental full-table scans is more valuable
+        // than the (small) risk of noisy logs. Callers explicitly opt out with
+        // `warnOnUnlimited: false`.
+        this.warnOnUnlimited = options?.warnOnUnlimited !== false;
         // Pre-compute column type lookup maps (TASK-26)
         this.columnPgTypeMap = new Map();
         this.columnArrayTypeMap = new Map();
@@ -173,6 +223,14 @@ class QueryInterface {
             this.columnArrayTypeMap.set(col.name, col.pgArrayType);
         }
     }
+    /**
+     * Reset the per-instance unlimited-query warning dedupe set.
+     * Exposed for tests so a single test process can verify the warning fires
+     * exactly once per table without bleeding state between assertions.
+     */
+    resetUnlimitedWarnings() {
+        this.warnedTables.clear();
+    }
     /**
      * Execute a pool.query with an optional timeout.
      * If timeout is set, races the query against a timer and rejects on expiry.
@@ -304,17 +362,37 @@ class QueryInterface {
     // findMany
     // -------------------------------------------------------------------------
     async findMany(args) {
-        // Warn if no limit specified and warnOnUnlimited is enabled
-        const hasExplicitLimit = args?.limit !== undefined || args?.take !== undefined;
-        if (this.warnOnUnlimited && !hasExplicitLimit) {
-            console.warn(`[turbine] findMany() called without limit on table "${this.table}". Set defaultLimit in config to prevent unbounded queries.`);
-        }
+        this.maybeWarnUnlimited(args);
         return this.executeWithMiddleware('findMany', (args ?? {}), async () => {
             const deferred = this.buildFindMany(args);
             const result = await this.queryWithTimeout(deferred.sql, deferred.params, args?.timeout);
             return deferred.transform(result);
         });
     }
+    /**
+     * Emit a one-time `console.warn` when {@link findMany} is called without an
+     * explicit `limit`/`take` and `warnOnUnlimited` has not been disabled.
+     *
+     * Deduped per QueryInterface instance via {@link warnedTables} so a busy
+     * loop calling `db.users.findMany()` thousands of times only logs once.
+     * Suppressed when `defaultLimit` is configured (the caller has already
+     * opted in to a bounded query) and when the user passed an explicit
+     * `limit`, `take`, or `cursor`.
+     */
+    maybeWarnUnlimited(args) {
+        if (!this.warnOnUnlimited)
+            return;
+        if (this.defaultLimit !== undefined)
+            return;
+        const hasExplicitLimit = args?.limit !== undefined || args?.take !== undefined || args?.cursor !== undefined;
+        if (hasExplicitLimit)
+            return;
+        if (this.warnedTables.has(this.table))
+            return;
+        this.warnedTables.add(this.table);
+        console.warn(`[turbine] warning: findMany on "${this.table}" has no limit — this will fetch every row. ` +
+            'Pass `limit` or set `warnOnUnlimited: false` in config to silence.');
+    }
     buildFindMany(args) {
         const { sql: whereSql, params } = args?.where ? this.buildWhere(args.where) : { sql: '', params: [] };
         const columnsList = this.resolveColumns(args?.select, args?.omit);
@@ -1265,6 +1343,16 @@ class QueryInterface {
                     andClauses.push(...jsonClauses);
                     continue;
                 }
+                // Strict validation: a JSON-only operator on a non-JSON column was almost
+                // certainly a typo or schema mismatch. Silently falling through to plain
+                // equality (the previous behaviour) wasted hours of debugging time. Only
+                // throw when the operator is unambiguously JSON-specific — `contains` is
+                // shared with WhereOperator's LIKE so it must continue to fall through.
+                const jsonKey = findJsonUniqueKey(value);
+                if (jsonKey) {
+                    throw new errors_js_1.ValidationError(`[turbine] Column "${rawColumn}" on table "${this.table}" is not a JSON column ` +
+                        `(actual type: ${colType}); cannot apply JSON operator '${jsonKey}'.`);
+                }
             }
             // Handle Array filter operators (for array columns)
             if (typeof value === 'object' && !Array.isArray(value) && isArrayFilter(value)) {
@@ -1274,6 +1362,14 @@ class QueryInterface {
                     andClauses.push(...arrayClauses);
                     continue;
                 }
+                // Strict validation: array operators (`has`, `hasEvery`, ...) on a
+                // non-array column always indicate a mistake. None of these keys
+                // overlap with other filter shapes so we can throw unconditionally.
+                const arrayKey = findArrayUniqueKey(value);
+                if (arrayKey) {
+                    throw new errors_js_1.ValidationError(`[turbine] Column "${rawColumn}" on table "${this.table}" is not an array column ` +
+                        `(actual type: ${colType}); cannot apply array operator '${arrayKey}'.`);
+                }
             }
             // Handle operator objects
             if (isWhereOperator(value)) {