Add a db:reset command only for dev mode

Optimize db queries limit use of transactions
Added support for multi-root queries
2019-11-22 00:07:06 -05:00 · 2019-11-21 02:14:12 -05:00 · 2019-11-19 00:47:55 -05:00 · 2019-11-15 01:35:19 -05:00 · 2019-11-10 01:41:58 -05:00 · 2019-11-10 01:39:24 -05:00
37 changed files with 749 additions and 500 deletions
--- a/config/allow.list
+++ b/config/allow.list
@ -287,4 +287,18 @@ query {
  }
 }
 variables {
 	"data": {
 		"name": "WOOO",
 		"price": 50.5
 	}
 }
 mutation {
  products(insert: $data) {
    id
    name
  }
 }
--- a/config/dev.yml
+++ b/config/dev.yml
@ -5,11 +5,11 @@ web_ui: true
 # debug, info, warn, error, fatal, panic
 log_level: "debug"
-# Disable this in development to get a list of 
+# When production mode is 'true' only queries 
-# queries used. When enabled super graph
+# from the allow list are permitted.
-# will only allow queries from this list
+# When it's 'false' all queries are saved to the
-# List saved to ./config/allow.list
+# the allow list in ./config/allow.list
-use_allow_list: false
+production: false
 # Throw a 401 on auth failure for queries that need auth
 auth_fail_block: false
@ -97,10 +97,9 @@ database:
  # Enable this if you need the user id in triggers, etc
  set_user_id: false
-  # Define variables here that you want to use in filters
+  # Define additional variables here to be used with filters
  # sub-queries must be wrapped in ()
  variables:
-    account_id: "(select account_id from users where id = $user_id)"
+    admin_account_id: "5"
  # Define defaults to for the field key and values below
  defaults:
@ -174,7 +173,9 @@ roles:
          filters: ["{ user_id: { eq: $user_id } }"]
          columns: ["id", "name", "description" ]
          presets:
            - user_id: "$user_id"
            - created_at: "now"
            - updated_at: "now"
        update:
          filters: ["{ user_id: { eq: $user_id } }"]
@ -188,8 +189,7 @@ roles:
          block: true
  - name: admin
-    match: id = 1
+    match: id = 1000
    tables:
      - name: users
-        # query:
+        filters: []
        #   filters: ["{ account_id: { _eq: $account_id } }"]
--- a/config/prod.yml
+++ b/config/prod.yml
@ -9,11 +9,11 @@ web_ui: false
 # debug, info, warn, error, fatal, panic, disable
 log_level: "info"
-# Disable this in development to get a list of 
+# When production mode is 'true' only queries 
-# queries used. When enabled super graph
+# from the allow list are permitted.
-# will only allow queries from this list
+# When it's 'false' all queries are saved to the
-# List saved to ./config/allow.list
+# the allow list in ./config/allow.list
-use_allow_list: true
+production: true
 # Throw a 401 on auth failure for queries that need auth
 auth_fail_block: true
@ -41,40 +41,6 @@ enable_tracing: true
 # SG_AUTH_RAILS_REDIS_PASSWORD
 # SG_AUTH_JWT_PUBLIC_KEY_FILE
 # inflections:
 #   person: people
 #   sheep: sheep
 auth: 
  # Can be 'rails' or 'jwt'
  type: rails
  cookie: _app_session
  rails:
    # Rails version this is used for reading the
    # various cookies formats.
    version: 5.2
    # Found in 'Rails.application.config.secret_key_base'
    secret_key_base: 0a248500a64c01184edb4d7ad3a805488f8097ac761b76aaa6c17c01dcb7af03a2f18ba61b2868134b9c7b79a122bc0dadff4367414a2d173297bfea92be5566
    # Remote cookie store. (memcache or redis)
    # url: redis://127.0.0.1:6379
    # password: test
    # max_idle: 80,
    # max_active: 12000,
    # In most cases you don't need these
    # salt: "encrypted cookie"
    # sign_salt: "signed encrypted cookie"
    # auth_salt: "authenticated encrypted cookie"
  # jwt:
  #   provider: auth0
  #   secret: abc335bfcfdb04e50db5bb0a4d67ab9
  #   public_key_file: /secrets/public_key.pem
  #   public_key_type: ecdsa #rsa
 database:
  type: postgres
  host: db
--- a/config/seed.js
+++ b/config/seed.js
@ -46,10 +46,10 @@ for (i = 0; i < product_count; i++) {
  var data = {
    name: fake.beer_name(),
    description: desc,
-    price: fake.price(),
+    price: fake.price()
-    user_id: user.id,
+    //user_id: user.id,
-    created_at: "now",
+    //created_at: "now",
-    updated_at: "now"
+    //updated_at: "now"
  }
  var res = graphql(" \
@ -57,7 +57,9 @@ for (i = 0; i < product_count; i++) {
      product(insert: $data) { \
        id \
      } \
-    }", { data: data })
+    }", { data: data }, {
      user_id: 5
    })
  products.push(res.product)
 }
--- a/docs/.vuepress/components/HomeLayout.vue
+++ b/docs/.vuepress/components/HomeLayout.vue
@ -24,6 +24,12 @@
              :item="actionLink"
            />
            <a
              class="px-4 py-3 my-8 border-2 border-gray-500 text-gray-600 font-bold rounded"
              href="https://github.com/dosco/super-graph"
              target="_blank"
            >Github</a>
          </div>
        </div>
--- a/docs/.vuepress/config.js
+++ b/docs/.vuepress/config.js
@ -1,6 +1,11 @@
 let ogprefix = 'og: http://ogp.me/ns#'
 let title = 'Super Graph'
 let description = 'An instant GraphQL API for your app. No code needed.'
 let color = '#f42525'
 module.exports = {
-  title: 'Super Graph',
+  title: title,
-  description: 'Get an instant GraphQL API for your Rails apps.',
+  description: description,
  themeConfig: {
    logo: '/hologram.svg',
@ -15,6 +20,22 @@ module.exports = {
    serviceWorker: {
      updatePopup: true
    },
    head: [
      //['link', { rel: 'icon', href: `/assets/favicon.ico` }],
      ['meta', { prefix: ogprefix, property: 'og:title', content: title }],
      ['meta', { prefix: ogprefix, property: 'twitter:title', content: title }],
      ['meta', { prefix: ogprefix, property: 'og:type', content: 'website' }],
      ['meta', { prefix: ogprefix, property: 'og:url', content: 'https://supergraph.dev' }],
      ['meta', { prefix: ogprefix, property: 'og:description', content: description }],
      //['meta', { prefix: ogprefix, property: 'og:image', content: 'https://wireupyourfrontend.com/assets/logo.png' }],
      // ['meta', { name: 'apple-mobile-web-app-capable', content: 'yes' }],
      // ['meta', { name: 'apple-mobile-web-app-status-bar-style', content: 'black' }],
      // ['link', { rel: 'apple-touch-icon', href: `/assets/apple-touch-icon.png` }],
      // ['link', { rel: 'mask-icon', href: '/assets/safari-pinned-tab.svg', color: color }],
      // ['meta', { name: 'msapplication-TileImage', content: '/assets/mstile-150x150.png' }],
      // ['meta', { name: 'msapplication-TileColor', content: color }],
  ],
  },
  postcss: {
--- a/docs/guide.md
+++ b/docs/guide.md
@ -276,7 +276,7 @@ transmission_gear_type
 // Text
 word
 sentence
-paragrph
+paragraph
 question
 quote
@ -476,6 +476,21 @@ query {
 }
 ```
 Multiple tables can also be fetched using a single GraphQL query. This is very fast since the entire query is converted into a single SQL query which the database can efficiently run.
 ```graphql
 query {
  user {
    full_name
    email
  }
  products {
    name
    description
  }
 }
 ```
 ### Fetching data
 To fetch a specific `product` by it's ID you can use the `id` argument. The real name id field will be resolved automatically so this query will work even if your id column is named something like `product_id`.
@ -908,6 +923,40 @@ class AddSearchColumn < ActiveRecord::Migration[5.1]
 end
 ```
 ## GraphQL with React
 This is a quick simple example using `graphql.js` [https://github.com/f/graphql.js/](https://github.com/f/graphql.js/)
 ```js
 import React, { useState, useEffect } from 'react'
 import graphql from 'graphql.js'
 // Create a GraphQL client pointing to Super Graph
 var graph = graphql("http://localhost:3000/api/v1/graphql", { asJSON: true })
 const App = () => {
  const [user, setUser] = useState(null)
  useEffect(() => {
    async function action() {
      // Use the GraphQL client to execute a graphQL query
      // The second argument to the client are the variables you need to pass
      const result = await graph(`{ user { id first_name last_name picture_url } }`)()
      setUser(result)
    }
    action()
  }, []);
  return (
    <div className="App">
      <h1>{ JSON.stringify(user) }</h1>
    </div>
  );
 }
 ```
 export default App;
 ## Authentication
 You can only have one type of auth enabled. You can either pick Rails or JWT. 
@ -1034,25 +1083,6 @@ must be run to help figure out a users role. This query can be as complex as you
 The individual roles are defined under the `roles` parameter and this includes each table the role has a custom setting for. The role is dynamically matched using the `match` parameter for example in the above case `users.id = 1` means that when the `roles_query` is executed a user with the id `1` willbe assigned the admin role and those that don't match get the `user` role if authenticated successfully or the `anon` role.
 This below example would work for SAAS apps where an account (tenant) is usually the top parent table to everything else.
 ```yaml
 roles_query: "SELECT * FROM users JOIN accounts on accounts.id = users.account_id WHERE users.id = $user_id"
 roles:
  - name: user
    tables:
      - name: users
      ...
  - name: admin
    match: accounts.admin_id = $user_id
    tables:
      - name: users
        query:
          filters: [{ accounts: { id: { eq: $account_id } } }]
 ```
 ## Remote Joins
 It often happens that after fetching some data from the DB we need to call another API to fetch some more data and all this combined into a single JSON response. For example along with a list of users you need their last 5 payments from Stripe. This requires you to query your DB for the users and Stripe for the payments. Super Graph handles all this for you also only the fields you requested from the Stripe API are returned. 
@ -1149,11 +1179,11 @@ web_ui: true
 # debug, info, warn, error, fatal, panic
 log_level: "debug"
-# Disable this in development to get a list of 
+# When production mode is 'true' only queries 
-# queries used. When enabled super graph
+# from the allow list are permitted.
-# will only allow queries from this list
+# When it's 'false' all queries are saved to the
-# List saved to ./config/allow.list
+# the allow list in ./config/allow.list
-use_allow_list: false
+production: false
 # Throw a 401 on auth failure for queries that need auth
 auth_fail_block: false
@ -1241,10 +1271,9 @@ database:
  # Enable this if you need the user id in triggers, etc
  set_user_id: false
-  # Define variables here that you want to use in filters
+  # Define additional variables here to be used with filters
  # sub-queries must be wrapped in ()
  variables:
-    account_id: "(select account_id from users where id = $user_id)"
+    admin_account_id: "5"
  # Define defaults to for the field key and values below
  defaults:
@ -1329,14 +1358,13 @@ roles:
            - updated_at: "now"
        delete:
-          deny: true
+          block: true
  - name: admin
-    match: id = 1
+    match: id = 1000
    tables:
      - name: users
-        # query:
+        filters: []
        #   filters: ["{ account_id: { _eq: $account_id } }"]
 ```
--- a/jsn/json_test.go
+++ b/jsn/json_test.go
@ -374,10 +374,6 @@ func TestKeys2(t *testing.T) {
 		"id", "posts", "title", "description", "full_name", "email", "books", "name", "description",
 	}
 	// for i := range fields {
 	// 	fmt.Println("-->", string(fields[i]))
 	// }
 	if len(exp) != len(fields) {
 		t.Errorf("Expected %d fields %d", len(exp), len(fields))
 	}
--- a/migrate/migrate.go
+++ b/migrate/migrate.go
@ -16,7 +16,7 @@ import (
 	"github.com/pkg/errors"
 )
-var migrationPattern = regexp.MustCompile(`\A(\d+)_.+\.sql\z`)
+var migrationPattern = regexp.MustCompile(`\A(\d+)_[^\.]+\.sql\z`)
 var ErrNoFwMigration = errors.Errorf("no sql in forward migration step")
@ -127,7 +127,7 @@ func FindMigrationsEx(path string, fs MigratorFS) ([]string, error) {
 			return nil, err
 		}
-		mcount := len(paths) + 100
+		mcount := len(paths)
 		if n < int64(mcount) {
 			return nil, fmt.Errorf("Duplicate migration %d", n)
--- a/psql/mutate.go
+++ b/psql/mutate.go
@ -77,9 +77,9 @@ func (c *compilerContext) renderInsert(qc *qcode.QCode, w io.Writer,
 		return 0, err
 	}
-	io.WriteString(c.w, `(WITH "input" AS (SELECT {{`)
+	io.WriteString(c.w, `(WITH "input" AS (SELECT '{{`)
 	io.WriteString(c.w, qc.ActionVar)
-	io.WriteString(c.w, `}}::json AS j) INSERT INTO `)
+	io.WriteString(c.w, `}}' :: json AS j) INSERT INTO `)
 	quoted(c.w, ti.Name)
 	io.WriteString(c.w, ` (`)
 	c.renderInsertUpdateColumns(qc, w, jt, ti, false)
@ -137,16 +137,23 @@ func (c *compilerContext) renderInsertUpdateColumns(qc *qcode.QCode, w io.Writer
 	}
 	for i := range root.PresetList {
 		cn := root.PresetList[i]
 		col, ok := ti.Columns[cn]
 		if !ok {
 			continue
 		}
 		if i != 0 {
 			io.WriteString(c.w, `, `)
 		}
 		if values {
 			io.WriteString(c.w, `'`)
-			io.WriteString(c.w, root.PresetMap[root.PresetList[i]])
+			io.WriteString(c.w, root.PresetMap[cn])
-			io.WriteString(c.w, `'`)
+			io.WriteString(c.w, `' :: `)
 			io.WriteString(c.w, col.Type)
 		} else {
 			io.WriteString(c.w, `"`)
-			io.WriteString(c.w, root.PresetList[i])
+			io.WriteString(c.w, cn)
 			io.WriteString(c.w, `"`)
 		}
 	}
@ -167,9 +174,9 @@ func (c *compilerContext) renderUpdate(qc *qcode.QCode, w io.Writer,
 		return 0, err
 	}
-	io.WriteString(c.w, `(WITH "input" AS (SELECT {{`)
+	io.WriteString(c.w, `(WITH "input" AS (SELECT '{{`)
 	io.WriteString(c.w, qc.ActionVar)
-	io.WriteString(c.w, `}}::json AS j) UPDATE `)
+	io.WriteString(c.w, `}}' :: json AS j) UPDATE `)
 	quoted(c.w, ti.Name)
 	io.WriteString(c.w, ` SET (`)
 	c.renderInsertUpdateColumns(qc, w, jt, ti, false)
--- a/psql/mutate_test.go
+++ b/psql/mutate_test.go
@ -12,7 +12,7 @@ func simpleInsert(t *testing.T) {
 		}
 	}`
-	sql := `WITH "users" AS (WITH "input" AS (SELECT {{data}}::json AS j) INSERT INTO "users" ("full_name", "email") SELECT "full_name", "email" FROM input i, json_populate_record(NULL::users, i.j) t RETURNING *) SELECT json_object_agg('user', sel_json_0) FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "users_0"."id" AS "id") AS "sel_0")) AS "sel_json_0" FROM (SELECT "users"."id" FROM "users") AS "users_0") AS "done_1337"`
+	sql := `WITH "users" AS (WITH "input" AS (SELECT '{{data}}' :: json AS j) INSERT INTO "users" ("full_name", "email") SELECT "full_name", "email" FROM input i, json_populate_record(NULL::users, i.j) t RETURNING *) SELECT json_object_agg('user', json_0) FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "users_0"."id" AS "id") AS "json_row_0")) AS "json_0" FROM (SELECT "users"."id" FROM "users" LIMIT ('1') :: integer) AS "users_0" LIMIT ('1') :: integer) AS "sel_0"`
 	vars := map[string]json.RawMessage{
 		"data": json.RawMessage(`{"email": "reannagreenholt@orn.com", "full_name": "Flo Barton"}`),
@ -36,7 +36,7 @@ func singleInsert(t *testing.T) {
 		}
 	}`
-	sql := `WITH "products" AS (WITH "input" AS (SELECT {{insert}}::json AS j) INSERT INTO "products" ("name", "description", "user_id") SELECT "name", "description", "user_id" FROM input i, json_populate_record(NULL::products, i.j) t RETURNING *) SELECT json_object_agg('product', sel_json_0) FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."id", "products"."name" FROM "products") AS "products_0") AS "done_1337"`
+	sql := `WITH "products" AS (WITH "input" AS (SELECT '{{insert}}' :: json AS j) INSERT INTO "products" ("name", "description", "user_id") SELECT "name", "description", "user_id" FROM input i, json_populate_record(NULL::products, i.j) t RETURNING *) SELECT json_object_agg('product', json_0) FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."id", "products"."name" FROM "products" LIMIT ('1') :: integer) AS "products_0" LIMIT ('1') :: integer) AS "sel_0"`
 	vars := map[string]json.RawMessage{
 		"insert": json.RawMessage(` { "name": "my_name", "woo": { "hoo": "goo" }, "description": "my_desc", "user_id": 5 }`),
@ -60,7 +60,7 @@ func bulkInsert(t *testing.T) {
 		}
 	}`
-	sql := `WITH "products" AS (WITH "input" AS (SELECT {{insert}}::json AS j) INSERT INTO "products" ("name", "description") SELECT "name", "description" FROM input i, json_populate_recordset(NULL::products, i.j) t RETURNING *) SELECT json_object_agg('product', sel_json_0) FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."id", "products"."name" FROM "products") AS "products_0") AS "done_1337"`
+	sql := `WITH "products" AS (WITH "input" AS (SELECT '{{insert}}' :: json AS j) INSERT INTO "products" ("name", "description") SELECT "name", "description" FROM input i, json_populate_recordset(NULL::products, i.j) t RETURNING *) SELECT json_object_agg('product', json_0) FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."id", "products"."name" FROM "products" LIMIT ('1') :: integer) AS "products_0" LIMIT ('1') :: integer) AS "sel_0"`
 	vars := map[string]json.RawMessage{
 		"insert": json.RawMessage(` [{ "name": "my_name", "woo": { "hoo": "goo" }, "description": "my_desc"  }]`),
@ -84,7 +84,7 @@ func singleUpsert(t *testing.T) {
 		}
 	}`
-	sql := `WITH "products" AS (WITH "input" AS (SELECT {{upsert}}::json AS j) INSERT INTO "products" ("name", "description") SELECT "name", "description" FROM input i, json_populate_record(NULL::products, i.j) t ON CONFLICT (id) DO UPDATE SET name = EXCLUDED.name, description = EXCLUDED.description RETURNING *) SELECT json_object_agg('product', sel_json_0) FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."id", "products"."name" FROM "products") AS "products_0") AS "done_1337"`
+	sql := `WITH "products" AS (WITH "input" AS (SELECT '{{upsert}}' :: json AS j) INSERT INTO "products" ("name", "description") SELECT "name", "description" FROM input i, json_populate_record(NULL::products, i.j) t ON CONFLICT (id) DO UPDATE SET name = EXCLUDED.name, description = EXCLUDED.description RETURNING *) SELECT json_object_agg('product', json_0) FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."id", "products"."name" FROM "products" LIMIT ('1') :: integer) AS "products_0" LIMIT ('1') :: integer) AS "sel_0"`
 	vars := map[string]json.RawMessage{
 		"upsert": json.RawMessage(` { "name": "my_name", "woo": { "hoo": "goo" }, "description": "my_desc"  }`),
@ -108,7 +108,7 @@ func singleUpsertWhere(t *testing.T) {
 		}
 	}`
-	sql := `WITH "products" AS (WITH "input" AS (SELECT {{upsert}}::json AS j) INSERT INTO "products" ("name", "description") SELECT "name", "description" FROM input i, json_populate_record(NULL::products, i.j) t ON CONFLICT (id) WHERE (("products"."price") > 3) DO UPDATE SET name = EXCLUDED.name, description = EXCLUDED.description RETURNING *) SELECT json_object_agg('product', sel_json_0) FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."id", "products"."name" FROM "products") AS "products_0") AS "done_1337"`
+	sql := `WITH "products" AS (WITH "input" AS (SELECT '{{upsert}}' :: json AS j) INSERT INTO "products" ("name", "description") SELECT "name", "description" FROM input i, json_populate_record(NULL::products, i.j) t ON CONFLICT (id) WHERE (("products"."price") > 3) DO UPDATE SET name = EXCLUDED.name, description = EXCLUDED.description RETURNING *) SELECT json_object_agg('product', json_0) FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."id", "products"."name" FROM "products" LIMIT ('1') :: integer) AS "products_0" LIMIT ('1') :: integer) AS "sel_0"`
 	vars := map[string]json.RawMessage{
 		"upsert": json.RawMessage(` { "name": "my_name", "woo": { "hoo": "goo" }, "description": "my_desc"  }`),
@ -132,7 +132,7 @@ func bulkUpsert(t *testing.T) {
 		}
 	}`
-	sql := `WITH "products" AS (WITH "input" AS (SELECT {{upsert}}::json AS j) INSERT INTO "products" ("name", "description") SELECT "name", "description" FROM input i, json_populate_recordset(NULL::products, i.j) t ON CONFLICT (id) DO UPDATE SET name = EXCLUDED.name, description = EXCLUDED.description RETURNING *) SELECT json_object_agg('product', sel_json_0) FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."id", "products"."name" FROM "products") AS "products_0") AS "done_1337"`
+	sql := `WITH "products" AS (WITH "input" AS (SELECT '{{upsert}}' :: json AS j) INSERT INTO "products" ("name", "description") SELECT "name", "description" FROM input i, json_populate_recordset(NULL::products, i.j) t ON CONFLICT (id) DO UPDATE SET name = EXCLUDED.name, description = EXCLUDED.description RETURNING *) SELECT json_object_agg('product', json_0) FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."id", "products"."name" FROM "products" LIMIT ('1') :: integer) AS "products_0" LIMIT ('1') :: integer) AS "sel_0"`
 	vars := map[string]json.RawMessage{
 		"upsert": json.RawMessage(` [{ "name": "my_name", "woo": { "hoo": "goo" }, "description": "my_desc"  }]`),
@ -156,7 +156,7 @@ func singleUpdate(t *testing.T) {
 		}
 	}`
-	sql := `WITH "products" AS (WITH "input" AS (SELECT {{update}}::json AS j) UPDATE "products" SET ("name", "description") = (SELECT "name", "description" FROM input i, json_populate_record(NULL::products, i.j) t) WHERE (("products"."id") = 1) AND (("products"."id") = 15) RETURNING *) SELECT json_object_agg('product', sel_json_0) FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."id", "products"."name" FROM "products") AS "products_0") AS "done_1337"`
+	sql := `WITH "products" AS (WITH "input" AS (SELECT '{{update}}' :: json AS j) UPDATE "products" SET ("name", "description") = (SELECT "name", "description" FROM input i, json_populate_record(NULL::products, i.j) t) WHERE (("products"."id") = 1) AND (("products"."id") = 15) RETURNING *) SELECT json_object_agg('product', json_0) FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."id", "products"."name" FROM "products" LIMIT ('1') :: integer) AS "products_0" LIMIT ('1') :: integer) AS "sel_0"`
 	vars := map[string]json.RawMessage{
 		"update": json.RawMessage(` { "name": "my_name", "woo": { "hoo": "goo" }, "description": "my_desc"  }`),
@ -180,7 +180,7 @@ func delete(t *testing.T) {
 		}
 	}`
-	sql := `WITH "products" AS (DELETE FROM "products" WHERE (("products"."price") > 0) AND (("products"."price") < 8) AND (("products"."id") = 1) RETURNING *) SELECT json_object_agg('product', sel_json_0) FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."id", "products"."name" FROM "products") AS "products_0") AS "done_1337"`
+	sql := `WITH "products" AS (DELETE FROM "products" WHERE (("products"."price") > 0) AND (("products"."price") < 8) AND (("products"."id") = 1) RETURNING *) SELECT json_object_agg('product', json_0) FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."id", "products"."name" FROM "products" LIMIT ('1') :: integer) AS "products_0" LIMIT ('1') :: integer) AS "sel_0"`
 	vars := map[string]json.RawMessage{
 		"update": json.RawMessage(` { "name": "my_name", "woo": { "hoo": "goo" }, "description": "my_desc"  }`),
@ -203,7 +203,7 @@ func blockedInsert(t *testing.T) {
 		}
 	}`
-	sql := `WITH "users" AS (WITH "input" AS (SELECT {{data}}::json AS j) INSERT INTO "users" ("full_name", "email") SELECT "full_name", "email" FROM input i, json_populate_record(NULL::users, i.j) t WHERE false RETURNING *) SELECT json_object_agg('user', sel_json_0) FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "users_0"."id" AS "id") AS "sel_0")) AS "sel_json_0" FROM (SELECT "users"."id" FROM "users") AS "users_0") AS "done_1337"`
+	sql := `WITH "users" AS (WITH "input" AS (SELECT '{{data}}' :: json AS j) INSERT INTO "users" ("full_name", "email") SELECT "full_name", "email" FROM input i, json_populate_record(NULL::users, i.j) t WHERE false RETURNING *) SELECT json_object_agg('user', json_0) FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "users_0"."id" AS "id") AS "json_row_0")) AS "json_0" FROM (SELECT "users"."id" FROM "users" LIMIT ('1') :: integer) AS "users_0" LIMIT ('1') :: integer) AS "sel_0"`
 	vars := map[string]json.RawMessage{
 		"data": json.RawMessage(`{"email": "reannagreenholt@orn.com", "full_name": "Flo Barton"}`),
@ -227,7 +227,7 @@ func blockedUpdate(t *testing.T) {
 		}
 	}`
-	sql := `WITH "users" AS (WITH "input" AS (SELECT {{data}}::json AS j) UPDATE "users" SET ("full_name", "email") = (SELECT "full_name", "email" FROM input i, json_populate_record(NULL::users, i.j) t) WHERE false RETURNING *) SELECT json_object_agg('user', sel_json_0) FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "users_0"."id" AS "id", "users_0"."email" AS "email") AS "sel_0")) AS "sel_json_0" FROM (SELECT "users"."id", "users"."email" FROM "users") AS "users_0") AS "done_1337"`
+	sql := `WITH "users" AS (WITH "input" AS (SELECT '{{data}}' :: json AS j) UPDATE "users" SET ("full_name", "email") = (SELECT "full_name", "email" FROM input i, json_populate_record(NULL::users, i.j) t) WHERE false RETURNING *) SELECT json_object_agg('user', json_0) FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "users_0"."id" AS "id", "users_0"."email" AS "email") AS "json_row_0")) AS "json_0" FROM (SELECT "users"."id", "users"."email" FROM "users" LIMIT ('1') :: integer) AS "users_0" LIMIT ('1') :: integer) AS "sel_0"`
 	vars := map[string]json.RawMessage{
 		"data": json.RawMessage(`{"email": "reannagreenholt@orn.com", "full_name": "Flo Barton"}`),
@ -250,7 +250,7 @@ func simpleInsertWithPresets(t *testing.T) {
 		}
 	}`
-	sql := `WITH "products" AS (WITH "input" AS (SELECT {{data}}::json AS j) INSERT INTO "products" ("name", "price", "created_at", "updated_at", "user_id") SELECT "name", "price", 'now', 'now', '$user_id' FROM input i, json_populate_record(NULL::products, i.j) t RETURNING *) SELECT json_object_agg('product', sel_json_0) FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."id" FROM "products") AS "products_0") AS "done_1337"`
+	sql := `WITH "products" AS (WITH "input" AS (SELECT '{{data}}' :: json AS j) INSERT INTO "products" ("name", "price", "created_at", "updated_at", "user_id") SELECT "name", "price", 'now' :: timestamp without time zone, 'now' :: timestamp without time zone, '{{user_id}}' :: bigint FROM input i, json_populate_record(NULL::products, i.j) t RETURNING *) SELECT json_object_agg('product', json_0) FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."id" FROM "products" LIMIT ('1') :: integer) AS "products_0" LIMIT ('1') :: integer) AS "sel_0"`
 	vars := map[string]json.RawMessage{
 		"data": json.RawMessage(`{"name": "Tomato", "price": 5.76}`),
@ -273,7 +273,7 @@ func simpleUpdateWithPresets(t *testing.T) {
 		}
 	}`
-	sql := `WITH "products" AS (WITH "input" AS (SELECT {{data}}::json AS j) UPDATE "products" SET ("name", "price", "updated_at") = (SELECT "name", "price", 'now' FROM input i, json_populate_record(NULL::products, i.j) t) WHERE (("products"."user_id") = {{user_id}}) RETURNING *) SELECT json_object_agg('product', sel_json_0) FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."id" FROM "products") AS "products_0") AS "done_1337"`
+	sql := `WITH "products" AS (WITH "input" AS (SELECT '{{data}}' :: json AS j) UPDATE "products" SET ("name", "price", "updated_at") = (SELECT "name", "price", 'now' :: timestamp without time zone FROM input i, json_populate_record(NULL::products, i.j) t) WHERE (("products"."user_id") = '{{user_id}}' :: bigint) RETURNING *) SELECT json_object_agg('product', json_0) FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."id" FROM "products" LIMIT ('1') :: integer) AS "products_0" LIMIT ('1') :: integer) AS "sel_0"`
 	vars := map[string]json.RawMessage{
 		"data": json.RawMessage(`{"name": "Apple", "price": 1.25}`),
--- a/psql/psql_test.go
+++ b/psql/psql_test.go
@ -171,7 +171,7 @@ func TestMain(m *testing.M) {
 	}
 	vars := NewVariables(map[string]string{
-		"account_id": "select account_id from users where id = $user_id",
+		"admin_account_id": "5",
 	})
 	pcompile = NewCompiler(Config{
--- a/psql/query.go
+++ b/psql/query.go
@ -77,30 +77,49 @@ func (co *Compiler) compileQuery(qc *qcode.QCode, w io.Writer) (uint32, error) {
 	}
 	c := &compilerContext{w, qc.Selects, co}
-	root := &qc.Selects[0]
+	multiRoot := (len(qc.Roots) > 1)
 	ti, err := c.schema.GetTable(root.Table)
 	if err != nil {
 		return 0, err
 	}
 	st := NewStack()
 	if multiRoot {
 		io.WriteString(c.w, `SELECT row_to_json("json_root") FROM (SELECT `)
 		for i, id := range qc.Roots {
 			root := qc.Selects[id]
 			st.Push(root.ID + closeBlock)
 			st.Push(root.ID)
-	//fmt.Fprintf(w, `SELECT json_object_agg('%s', %s) FROM (`,
+			if i != 0 {
-	//root.FieldName, root.Table)
+				io.WriteString(c.w, `, `)
-	io.WriteString(c.w, `SELECT json_object_agg('`)
+			}
 			io.WriteString(c.w, `"sel_`)
 			int2string(c.w, root.ID)
 			io.WriteString(c.w, `"."json_`)
 			int2string(c.w, root.ID)
 			io.WriteString(c.w, `"`)
 			alias(c.w, root.FieldName)
 		}
 		io.WriteString(c.w, ` FROM `)
 	} else {
 		root := qc.Selects[0]
 		io.WriteString(c.w, `SELECT json_object_agg(`)
 		io.WriteString(c.w, `'`)
 		io.WriteString(c.w, root.FieldName)
 		io.WriteString(c.w, `', `)
-
+		io.WriteString(c.w, `json_`)
 	if ti.Singular == false {
 		io.WriteString(c.w, root.Table)
 	} else {
 		io.WriteString(c.w, "sel_json_")
 		int2string(c.w, root.ID)
 		st.Push(root.ID + closeBlock)
 		st.Push(root.ID)
 		io.WriteString(c.w, `) FROM `)
 	}
 	io.WriteString(c.w, `) FROM (`)
 	var ignored uint32
@ -114,16 +133,21 @@ func (co *Compiler) compileQuery(qc *qcode.QCode, w io.Writer) (uint32, error) {
 		if id < closeBlock {
 			sel := &c.s[id]
 			if sel.ParentID == -1 {
 				io.WriteString(c.w, `(`)
 			}
 			ti, err := c.schema.GetTable(sel.Table)
 			if err != nil {
 				return 0, err
 			}
-			if sel.ID != 0 {
+			if sel.ParentID != -1 {
 				if err = c.renderLateralJoin(sel); err != nil {
 					return 0, err
 				}
 			}
 			skipped, err := c.renderSelect(sel, ti)
 			if err != nil {
 				return 0, err
@ -153,16 +177,25 @@ func (co *Compiler) compileQuery(qc *qcode.QCode, w io.Writer) (uint32, error) {
 				return 0, err
 			}
-			if sel.ID != 0 {
+			if sel.ParentID != -1 {
 				if err = c.renderLateralJoinClose(sel); err != nil {
 					return 0, err
 				}
-			}
+			} else {
 				io.WriteString(c.w, `)`)
 				aliasWithID(c.w, `sel`, sel.ID)
 				if st.Len() != 0 {
 					io.WriteString(c.w, `, `)
 				}
 			}
-	io.WriteString(c.w, `)`)
+		}
-	alias(c.w, `done_1337`)
+	}
 	if multiRoot {
 		io.WriteString(c.w, `) AS "json_root"`)
 	}
 	return ignored, nil
 }
@ -191,15 +224,15 @@ func (c *compilerContext) processChildren(sel *qcode.Select, ti *DBTableInfo) (u
 			fallthrough
 		case RelBelongTo:
 			if _, ok := colmap[rel.Col2]; !ok {
-				cols = append(cols, &qcode.Column{ti.Name, rel.Col2, rel.Col2})
+				cols = append(cols, &qcode.Column{Table: ti.Name, Name: rel.Col2, FieldName: rel.Col2})
 			}
 		case RelOneToManyThrough:
 			if _, ok := colmap[rel.Col1]; !ok {
-				cols = append(cols, &qcode.Column{ti.Name, rel.Col1, rel.Col1})
+				cols = append(cols, &qcode.Column{Table: ti.Name, Name: rel.Col1, FieldName: rel.Col1})
 			}
 		case RelRemote:
 			if _, ok := colmap[rel.Col1]; !ok {
-				cols = append(cols, &qcode.Column{ti.Name, rel.Col1, rel.Col2})
+				cols = append(cols, &qcode.Column{Table: ti.Name, Name: rel.Col1, FieldName: rel.Col2})
 			}
 			skipped |= (1 << uint(id))
@ -219,7 +252,7 @@ func (c *compilerContext) renderSelect(sel *qcode.Select, ti *DBTableInfo) (uint
 	if ti.Singular == false {
 		//fmt.Fprintf(w, `SELECT coalesce(json_agg("%s"`, c.sel.Table)
 		io.WriteString(c.w, `SELECT coalesce(json_agg("`)
-		io.WriteString(c.w, "sel_json_")
+		io.WriteString(c.w, "json_")
 		int2string(c.w, sel.ID)
 		io.WriteString(c.w, `"`)
@ -232,7 +265,7 @@ func (c *compilerContext) renderSelect(sel *qcode.Select, ti *DBTableInfo) (uint
 		//fmt.Fprintf(w, `), '[]') AS "%s" FROM (`, c.sel.Table)
 		io.WriteString(c.w, `), '[]')`)
-		alias(c.w, sel.Table)
+		aliasWithID(c.w, "json", sel.ID)
 		io.WriteString(c.w, ` FROM (`)
 	}
@ -245,8 +278,8 @@ func (c *compilerContext) renderSelect(sel *qcode.Select, ti *DBTableInfo) (uint
 	io.WriteString(c.w, `row_to_json((`)
-	//fmt.Fprintf(w, `SELECT "sel_%d" FROM (SELECT `, c.sel.ID)
+	//fmt.Fprintf(w, `SELECT "%d" FROM (SELECT `, c.sel.ID)
-	io.WriteString(c.w, `SELECT "sel_`)
+	io.WriteString(c.w, `SELECT "json_row_`)
 	int2string(c.w, sel.ID)
 	io.WriteString(c.w, `" FROM (SELECT `)
@ -260,13 +293,13 @@ func (c *compilerContext) renderSelect(sel *qcode.Select, ti *DBTableInfo) (uint
 		return skipped, err
 	}
-	//fmt.Fprintf(w, `) AS "sel_%d"`, c.sel.ID)
+	//fmt.Fprintf(w, `) AS "%d"`, c.sel.ID)
 	io.WriteString(c.w, `)`)
-	aliasWithID(c.w, "sel", sel.ID)
+	aliasWithID(c.w, "json_row", sel.ID)
 	//fmt.Fprintf(w, `)) AS "%s"`, c.sel.Table)
 	io.WriteString(c.w, `))`)
-	aliasWithID(c.w, "sel_json", sel.ID)
+	aliasWithID(c.w, "json", sel.ID)
 	// END-ROW-TO-JSON
 	if hasOrder {
@ -295,8 +328,8 @@ func (c *compilerContext) renderSelectClose(sel *qcode.Select, ti *DBTableInfo)
 	}
 	switch {
-	case sel.Paging.NoLimit:
+	case ti.Singular:
-		break
+		io.WriteString(c.w, ` LIMIT ('1') :: integer`)
 	case len(sel.Paging.Limit) != 0:
 		//fmt.Fprintf(w, ` LIMIT ('%s') :: integer`, c.sel.Paging.Limit)
@ -304,8 +337,8 @@ func (c *compilerContext) renderSelectClose(sel *qcode.Select, ti *DBTableInfo)
 		io.WriteString(c.w, sel.Paging.Limit)
 		io.WriteString(c.w, `') :: integer`)
-	case ti.Singular:
+	case sel.Paging.NoLimit:
-		io.WriteString(c.w, ` LIMIT ('1') :: integer`)
+		break
 	default:
 		io.WriteString(c.w, ` LIMIT ('20') :: integer`)
@ -319,9 +352,9 @@ func (c *compilerContext) renderSelectClose(sel *qcode.Select, ti *DBTableInfo)
 	}
 	if ti.Singular == false {
-		//fmt.Fprintf(w, `) AS "sel_json_agg_%d"`, c.sel.ID)
+		//fmt.Fprintf(w, `) AS "json_agg_%d"`, c.sel.ID)
 		io.WriteString(c.w, `)`)
-		aliasWithID(c.w, "sel_json_agg", sel.ID)
+		aliasWithID(c.w, "json_agg", sel.ID)
 	}
 	return nil
@ -340,9 +373,9 @@ func (c *compilerContext) renderLateralJoinClose(sel *qcode.Select) error {
 	return nil
 }
-func (c *compilerContext) renderJoin(sel *qcode.Select) error {
+func (c *compilerContext) renderJoin(sel *qcode.Select, ti *DBTableInfo) error {
 	parent := &c.s[sel.ParentID]
-	return c.renderJoinByName(sel.Table, parent.Table, parent.ID)
+	return c.renderJoinByName(ti.Name, parent.Table, parent.ID)
 }
 func (c *compilerContext) renderJoinByName(table, parent string, id int32) error {
@ -445,24 +478,18 @@ func (c *compilerContext) renderJoinedColumns(sel *qcode.Select, ti *DBTableInfo
 		}
 		childSel := &c.s[id]
 		cti, err := c.schema.GetTable(childSel.Table)
 		if err != nil {
 			return err
 		}
 		//fmt.Fprintf(w, `"%s_%d_join"."%s" AS "%s"`,
 		//s.Table, s.ID, s.Table, s.FieldName)
-		if cti.Singular {
+		//if cti.Singular {
-			io.WriteString(c.w, `"sel_json_`)
+		io.WriteString(c.w, `"`)
 		io.WriteString(c.w, childSel.Table)
 		io.WriteString(c.w, `_`)
 		int2string(c.w, childSel.ID)
 		io.WriteString(c.w, `_join"."json_`)
 		int2string(c.w, childSel.ID)
 		io.WriteString(c.w, `" AS "`)
 		io.WriteString(c.w, childSel.FieldName)
 		io.WriteString(c.w, `"`)
 		} else {
 			colWithTableIDSuffixAlias(c.w, childSel.Table, childSel.ID,
 				"_join", childSel.Table, childSel.FieldName)
 		}
 	}
 	return nil
@ -472,7 +499,7 @@ func (c *compilerContext) renderBaseSelect(sel *qcode.Select, ti *DBTableInfo,
 	childCols []*qcode.Column, skipped uint32) error {
 	var groupBy []int
-	isRoot := sel.ID == 0
+	isRoot := sel.ParentID == -1
 	isFil := sel.Where != nil
 	isSearch := sel.Args["search"] != nil
 	isAgg := false
@ -607,7 +634,7 @@ func (c *compilerContext) renderBaseSelect(sel *qcode.Select, ti *DBTableInfo,
 	}
 	if !isRoot {
-		if err := c.renderJoin(sel); err != nil {
+		if err := c.renderJoin(sel, ti); err != nil {
 			return err
 		}
@ -641,8 +668,8 @@ func (c *compilerContext) renderBaseSelect(sel *qcode.Select, ti *DBTableInfo,
 	}
 	switch {
-	case sel.Paging.NoLimit:
+	case ti.Singular:
-		break
+		io.WriteString(c.w, ` LIMIT ('1') :: integer`)
 	case len(sel.Paging.Limit) != 0:
 		//fmt.Fprintf(w, ` LIMIT ('%s') :: integer`, c.sel.Paging.Limit)
@ -650,8 +677,8 @@ func (c *compilerContext) renderBaseSelect(sel *qcode.Select, ti *DBTableInfo,
 		io.WriteString(c.w, sel.Paging.Limit)
 		io.WriteString(c.w, `') :: integer`)
-	case ti.Singular:
+	case sel.Paging.NoLimit:
-		io.WriteString(c.w, ` LIMIT ('1') :: integer`)
+		break
 	default:
 		io.WriteString(c.w, ` LIMIT ('20') :: integer`)
@ -691,7 +718,7 @@ func (c *compilerContext) renderOrderByColumns(sel *qcode.Select, ti *DBTableInf
 func (c *compilerContext) renderRelationship(sel *qcode.Select, ti *DBTableInfo) error {
 	parent := c.s[sel.ParentID]
-	return c.renderRelationshipByName(sel.Table, parent.Table, parent.ID)
+	return c.renderRelationshipByName(ti.Name, parent.Table, parent.ID)
 }
 func (c *compilerContext) renderRelationshipByName(table, parent string, id int32) error {
@ -817,7 +844,6 @@ func (c *compilerContext) renderWhere(sel *qcode.Select, ti *DBTableInfo) error
 }
 func (c *compilerContext) renderNestedWhere(ex *qcode.Exp, sel *qcode.Select, ti *DBTableInfo) error {
 	for i := 0; i < len(ex.NestedCols)-1; i++ {
 		cti, err := c.schema.GetTable(ex.NestedCols[i])
 		if err != nil {
@ -851,7 +877,14 @@ func (c *compilerContext) renderNestedWhere(ex *qcode.Exp, sel *qcode.Select, ti
 }
 func (c *compilerContext) renderOp(ex *qcode.Exp, sel *qcode.Select, ti *DBTableInfo) error {
 	var col *DBColumn
 	var ok bool
 	if len(ex.Col) != 0 {
 		if col, ok = ti.Columns[ex.Col]; !ok {
 			return fmt.Errorf("no column '%s' found ", ex.Col)
 		}
 		io.WriteString(c.w, `((`)
 		colWithTable(c.w, ti.Name, ex.Col)
 		io.WriteString(c.w, `) `)
@ -907,6 +940,9 @@ func (c *compilerContext) renderOp(ex *qcode.Exp, sel *qcode.Select, ti *DBTable
 		if len(ti.PrimaryCol) == 0 {
 			return fmt.Errorf("no primary key column defined for %s", ti.Name)
 		}
 		if col, ok = ti.Columns[ti.PrimaryCol]; !ok {
 			return fmt.Errorf("no primary key column '%s' found ", ti.PrimaryCol)
 		}
 		//fmt.Fprintf(w, `(("%s") =`, c.ti.PrimaryCol)
 		io.WriteString(c.w, `((`)
 		colWithTable(c.w, ti.Name, ti.PrimaryCol)
@ -916,6 +952,9 @@ func (c *compilerContext) renderOp(ex *qcode.Exp, sel *qcode.Select, ti *DBTable
 		if len(ti.TSVCol) == 0 {
 			return fmt.Errorf("no tsv column defined for %s", ti.Name)
 		}
 		if col, ok = ti.Columns[ti.TSVCol]; !ok {
 			return fmt.Errorf("no tsv column '%s' found ", ti.TSVCol)
 		}
 		//fmt.Fprintf(w, `(("%s") @@ to_tsquery('%s'))`, c.ti.TSVCol, val.Val)
 		io.WriteString(c.w, `(("`)
 		io.WriteString(c.w, ti.TSVCol)
@ -931,7 +970,7 @@ func (c *compilerContext) renderOp(ex *qcode.Exp, sel *qcode.Select, ti *DBTable
 	if ex.Type == qcode.ValList {
 		c.renderList(ex)
 	} else {
-		c.renderVal(ex, c.vars)
+		c.renderVal(ex, c.vars, col)
 	}
 	io.WriteString(c.w, `)`)
@ -1008,7 +1047,7 @@ func (c *compilerContext) renderList(ex *qcode.Exp) {
 	io.WriteString(c.w, `)`)
 }
-func (c *compilerContext) renderVal(ex *qcode.Exp, vars map[string]string) {
+func (c *compilerContext) renderVal(ex *qcode.Exp, vars map[string]string, col *DBColumn) {
 	io.WriteString(c.w, ` `)
 	switch ex.Type {
@ -1025,6 +1064,7 @@ func (c *compilerContext) renderVal(ex *qcode.Exp, vars map[string]string) {
 		io.WriteString(c.w, `'`)
 	case qcode.ValVar:
 		io.WriteString(c.w, `'`)
 		if val, ok := vars[ex.Val]; ok {
 			io.WriteString(c.w, val)
 		} else {
@ -1033,6 +1073,8 @@ func (c *compilerContext) renderVal(ex *qcode.Exp, vars map[string]string) {
 			io.WriteString(c.w, ex.Val)
 			io.WriteString(c.w, `}}`)
 		}
 		io.WriteString(c.w, `' :: `)
 		io.WriteString(c.w, col.Type)
 	}
 	//io.WriteString(c.w, `)`)
 }
--- a/psql/query_test.go
+++ b/psql/query_test.go
@ -28,7 +28,7 @@ func withComplexArgs(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('products', products) FROM (SELECT coalesce(json_agg("sel_json_0" ORDER BY "products_0_price_ob" DESC), '[]') AS "products" FROM (SELECT DISTINCT ON ("products_0_price_ob") row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name", "products_0"."price" AS "price") AS "sel_0")) AS "sel_json_0", "products_0"."price" AS "products_0_price_ob" FROM (SELECT "products"."id", "products"."name", "products"."price" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8) AND (("products"."id") < 28) AND (("products"."id") >= 20)) LIMIT ('30') :: integer) AS "products_0" ORDER BY "products_0_price_ob" DESC LIMIT ('30') :: integer) AS "sel_json_agg_0") AS "done_1337"`
+	sql := `SELECT json_object_agg('products', json_0) FROM (SELECT coalesce(json_agg("json_0" ORDER BY "products_0_price_ob" DESC), '[]') AS "json_0" FROM (SELECT DISTINCT ON ("products_0_price_ob") row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name", "products_0"."price" AS "price") AS "json_row_0")) AS "json_0", "products_0"."price" AS "products_0_price_ob" FROM (SELECT "products"."id", "products"."name", "products"."price" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8) AND (("products"."id") < 28) AND (("products"."id") >= 20)) LIMIT ('30') :: integer) AS "products_0" ORDER BY "products_0_price_ob" DESC LIMIT ('30') :: integer) AS "json_agg_0") AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "user")
 	if err != nil {
@ -56,7 +56,7 @@ func withWhereMultiOr(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('products', products) FROM (SELECT coalesce(json_agg("sel_json_0"), '[]') AS "products" FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name", "products_0"."price" AS "price") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."id", "products"."name", "products"."price" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8) AND (("products"."price") < 20) OR (("products"."price") > 10) OR NOT (("products"."id") IS NULL)) LIMIT ('20') :: integer) AS "products_0" LIMIT ('20') :: integer) AS "sel_json_agg_0") AS "done_1337"`
+	sql := `SELECT json_object_agg('products', json_0) FROM (SELECT coalesce(json_agg("json_0"), '[]') AS "json_0" FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name", "products_0"."price" AS "price") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."id", "products"."name", "products"."price" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8) AND (("products"."price") < 20) OR (("products"."price") > 10) OR NOT (("products"."id") IS NULL)) LIMIT ('20') :: integer) AS "products_0" LIMIT ('20') :: integer) AS "json_agg_0") AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "user")
 	if err != nil {
@ -82,7 +82,7 @@ func withWhereIsNull(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('products', products) FROM (SELECT coalesce(json_agg("sel_json_0"), '[]') AS "products" FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name", "products_0"."price" AS "price") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."id", "products"."name", "products"."price" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8) AND (("products"."price") > 10) AND NOT (("products"."id") IS NULL)) LIMIT ('20') :: integer) AS "products_0" LIMIT ('20') :: integer) AS "sel_json_agg_0") AS "done_1337"`
+	sql := `SELECT json_object_agg('products', json_0) FROM (SELECT coalesce(json_agg("json_0"), '[]') AS "json_0" FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name", "products_0"."price" AS "price") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."id", "products"."name", "products"."price" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8) AND (("products"."price") > 10) AND NOT (("products"."id") IS NULL)) LIMIT ('20') :: integer) AS "products_0" LIMIT ('20') :: integer) AS "json_agg_0") AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "user")
 	if err != nil {
@ -108,7 +108,7 @@ func withWhereAndList(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('products', products) FROM (SELECT coalesce(json_agg("sel_json_0"), '[]') AS "products" FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name", "products_0"."price" AS "price") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."id", "products"."name", "products"."price" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8) AND (("products"."price") > 10) AND NOT (("products"."id") IS NULL)) LIMIT ('20') :: integer) AS "products_0" LIMIT ('20') :: integer) AS "sel_json_agg_0") AS "done_1337"`
+	sql := `SELECT json_object_agg('products', json_0) FROM (SELECT coalesce(json_agg("json_0"), '[]') AS "json_0" FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name", "products_0"."price" AS "price") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."id", "products"."name", "products"."price" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8) AND (("products"."price") > 10) AND NOT (("products"."id") IS NULL)) LIMIT ('20') :: integer) AS "products_0" LIMIT ('20') :: integer) AS "json_agg_0") AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "user")
 	if err != nil {
@ -128,7 +128,7 @@ func fetchByID(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('product', sel_json_0) FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."id", "products"."name" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8) AND (("products"."id") = 15)) LIMIT ('1') :: integer) AS "products_0" LIMIT ('1') :: integer) AS "done_1337"`
+	sql := `SELECT json_object_agg('product', json_0) FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."id", "products"."name" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8) AND (("products"."id") = 15)) LIMIT ('1') :: integer) AS "products_0" LIMIT ('1') :: integer) AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "user")
 	if err != nil {
@ -148,7 +148,7 @@ func searchQuery(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('products', products) FROM (SELECT coalesce(json_agg("sel_json_0"), '[]') AS "products" FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."id", "products"."name" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8) AND (("tsv") @@ to_tsquery('Imperial'))) LIMIT ('20') :: integer) AS "products_0" LIMIT ('20') :: integer) AS "sel_json_agg_0") AS "done_1337"`
+	sql := `SELECT json_object_agg('products', json_0) FROM (SELECT coalesce(json_agg("json_0"), '[]') AS "json_0" FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."id", "products"."name" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8) AND (("tsv") @@ to_tsquery('Imperial'))) LIMIT ('20') :: integer) AS "products_0" LIMIT ('20') :: integer) AS "json_agg_0") AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "user")
 	if err != nil {
@ -171,7 +171,7 @@ func oneToMany(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('users', users) FROM (SELECT coalesce(json_agg("sel_json_0"), '[]') AS "users" FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "users_0"."email" AS "email", "products_1_join"."products" AS "products") AS "sel_0")) AS "sel_json_0" FROM (SELECT "users"."email", "users"."id" FROM "users" LIMIT ('20') :: integer) AS "users_0" LEFT OUTER JOIN LATERAL (SELECT coalesce(json_agg("sel_json_1"), '[]') AS "products" FROM (SELECT row_to_json((SELECT "sel_1" FROM (SELECT "products_1"."name" AS "name", "products_1"."price" AS "price") AS "sel_1")) AS "sel_json_1" FROM (SELECT "products"."name", "products"."price" FROM "products" WHERE ((("products"."user_id") = ("users_0"."id"))) LIMIT ('20') :: integer) AS "products_1" LIMIT ('20') :: integer) AS "sel_json_agg_1") AS "products_1_join" ON ('true') LIMIT ('20') :: integer) AS "sel_json_agg_0") AS "done_1337"`
+	sql := `SELECT json_object_agg('users', json_0) FROM (SELECT coalesce(json_agg("json_0"), '[]') AS "json_0" FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "users_0"."email" AS "email", "products_1_join"."json_1" AS "products") AS "json_row_0")) AS "json_0" FROM (SELECT "users"."email", "users"."id" FROM "users" LIMIT ('20') :: integer) AS "users_0" LEFT OUTER JOIN LATERAL (SELECT coalesce(json_agg("json_1"), '[]') AS "json_1" FROM (SELECT row_to_json((SELECT "json_row_1" FROM (SELECT "products_1"."name" AS "name", "products_1"."price" AS "price") AS "json_row_1")) AS "json_1" FROM (SELECT "products"."name", "products"."price" FROM "products" WHERE ((("products"."user_id") = ("users_0"."id"))) LIMIT ('20') :: integer) AS "products_1" LIMIT ('20') :: integer) AS "json_agg_1") AS "products_1_join" ON ('true') LIMIT ('20') :: integer) AS "json_agg_0") AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "user")
 	if err != nil {
@ -194,7 +194,7 @@ func belongsTo(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('products', products) FROM (SELECT coalesce(json_agg("sel_json_0"), '[]') AS "products" FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."name" AS "name", "products_0"."price" AS "price", "users_1_join"."users" AS "users") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."name", "products"."price", "products"."user_id" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8)) LIMIT ('20') :: integer) AS "products_0" LEFT OUTER JOIN LATERAL (SELECT coalesce(json_agg("sel_json_1"), '[]') AS "users" FROM (SELECT row_to_json((SELECT "sel_1" FROM (SELECT "users_1"."email" AS "email") AS "sel_1")) AS "sel_json_1" FROM (SELECT "users"."email" FROM "users" WHERE ((("users"."id") = ("products_0"."user_id"))) LIMIT ('20') :: integer) AS "users_1" LIMIT ('20') :: integer) AS "sel_json_agg_1") AS "users_1_join" ON ('true') LIMIT ('20') :: integer) AS "sel_json_agg_0") AS "done_1337"`
+	sql := `SELECT json_object_agg('products', json_0) FROM (SELECT coalesce(json_agg("json_0"), '[]') AS "json_0" FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."name" AS "name", "products_0"."price" AS "price", "users_1_join"."json_1" AS "users") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."name", "products"."price", "products"."user_id" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8)) LIMIT ('20') :: integer) AS "products_0" LEFT OUTER JOIN LATERAL (SELECT coalesce(json_agg("json_1"), '[]') AS "json_1" FROM (SELECT row_to_json((SELECT "json_row_1" FROM (SELECT "users_1"."email" AS "email") AS "json_row_1")) AS "json_1" FROM (SELECT "users"."email" FROM "users" WHERE ((("users"."id") = ("products_0"."user_id"))) LIMIT ('20') :: integer) AS "users_1" LIMIT ('20') :: integer) AS "json_agg_1") AS "users_1_join" ON ('true') LIMIT ('20') :: integer) AS "json_agg_0") AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "user")
 	if err != nil {
@ -217,7 +217,7 @@ func manyToMany(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('products', products) FROM (SELECT coalesce(json_agg("sel_json_0"), '[]') AS "products" FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."name" AS "name", "customers_1_join"."customers" AS "customers") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."name", "products"."id" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8)) LIMIT ('20') :: integer) AS "products_0" LEFT OUTER JOIN LATERAL (SELECT coalesce(json_agg("sel_json_1"), '[]') AS "customers" FROM (SELECT row_to_json((SELECT "sel_1" FROM (SELECT "customers_1"."email" AS "email", "customers_1"."full_name" AS "full_name") AS "sel_1")) AS "sel_json_1" FROM (SELECT "customers"."email", "customers"."full_name" FROM "customers" LEFT OUTER JOIN "purchases" ON (("purchases"."product_id") = ("products_0"."id")) WHERE ((("customers"."id") = ("purchases"."customer_id"))) LIMIT ('20') :: integer) AS "customers_1" LIMIT ('20') :: integer) AS "sel_json_agg_1") AS "customers_1_join" ON ('true') LIMIT ('20') :: integer) AS "sel_json_agg_0") AS "done_1337"`
+	sql := `SELECT json_object_agg('products', json_0) FROM (SELECT coalesce(json_agg("json_0"), '[]') AS "json_0" FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."name" AS "name", "customers_1_join"."json_1" AS "customers") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."name", "products"."id" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8)) LIMIT ('20') :: integer) AS "products_0" LEFT OUTER JOIN LATERAL (SELECT coalesce(json_agg("json_1"), '[]') AS "json_1" FROM (SELECT row_to_json((SELECT "json_row_1" FROM (SELECT "customers_1"."email" AS "email", "customers_1"."full_name" AS "full_name") AS "json_row_1")) AS "json_1" FROM (SELECT "customers"."email", "customers"."full_name" FROM "customers" LEFT OUTER JOIN "purchases" ON (("purchases"."product_id") = ("products_0"."id")) WHERE ((("customers"."id") = ("purchases"."customer_id"))) LIMIT ('20') :: integer) AS "customers_1" LIMIT ('20') :: integer) AS "json_agg_1") AS "customers_1_join" ON ('true') LIMIT ('20') :: integer) AS "json_agg_0") AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "user")
 	if err != nil {
@ -240,7 +240,7 @@ func manyToManyReverse(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('customers', customers) FROM (SELECT coalesce(json_agg("sel_json_0"), '[]') AS "customers" FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "customers_0"."email" AS "email", "customers_0"."full_name" AS "full_name", "products_1_join"."products" AS "products") AS "sel_0")) AS "sel_json_0" FROM (SELECT "customers"."email", "customers"."full_name", "customers"."id" FROM "customers" LIMIT ('20') :: integer) AS "customers_0" LEFT OUTER JOIN LATERAL (SELECT coalesce(json_agg("sel_json_1"), '[]') AS "products" FROM (SELECT row_to_json((SELECT "sel_1" FROM (SELECT "products_1"."name" AS "name") AS "sel_1")) AS "sel_json_1" FROM (SELECT "products"."name" FROM "products" LEFT OUTER JOIN "purchases" ON (("purchases"."customer_id") = ("customers_0"."id")) WHERE ((("products"."id") = ("purchases"."product_id"))) LIMIT ('20') :: integer) AS "products_1" LIMIT ('20') :: integer) AS "sel_json_agg_1") AS "products_1_join" ON ('true') LIMIT ('20') :: integer) AS "sel_json_agg_0") AS "done_1337"`
+	sql := `SELECT json_object_agg('customers', json_0) FROM (SELECT coalesce(json_agg("json_0"), '[]') AS "json_0" FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "customers_0"."email" AS "email", "customers_0"."full_name" AS "full_name", "products_1_join"."json_1" AS "products") AS "json_row_0")) AS "json_0" FROM (SELECT "customers"."email", "customers"."full_name", "customers"."id" FROM "customers" LIMIT ('20') :: integer) AS "customers_0" LEFT OUTER JOIN LATERAL (SELECT coalesce(json_agg("json_1"), '[]') AS "json_1" FROM (SELECT row_to_json((SELECT "json_row_1" FROM (SELECT "products_1"."name" AS "name") AS "json_row_1")) AS "json_1" FROM (SELECT "products"."name" FROM "products" LEFT OUTER JOIN "purchases" ON (("purchases"."customer_id") = ("customers_0"."id")) WHERE ((("products"."id") = ("purchases"."product_id"))) LIMIT ('20') :: integer) AS "products_1" LIMIT ('20') :: integer) AS "json_agg_1") AS "products_1_join" ON ('true') LIMIT ('20') :: integer) AS "json_agg_0") AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "user")
 	if err != nil {
@ -260,7 +260,7 @@ func aggFunction(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('products', products) FROM (SELECT coalesce(json_agg("sel_json_0"), '[]') AS "products" FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."name" AS "name", "products_0"."count_price" AS "count_price") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."name", count("products"."price") AS "count_price" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8)) GROUP BY "products"."name" LIMIT ('20') :: integer) AS "products_0" LIMIT ('20') :: integer) AS "sel_json_agg_0") AS "done_1337"`
+	sql := `SELECT json_object_agg('products', json_0) FROM (SELECT coalesce(json_agg("json_0"), '[]') AS "json_0" FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."name" AS "name", "products_0"."count_price" AS "count_price") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."name", count("products"."price") AS "count_price" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8)) GROUP BY "products"."name" LIMIT ('20') :: integer) AS "products_0" LIMIT ('20') :: integer) AS "json_agg_0") AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "user")
 	if err != nil {
@ -280,7 +280,7 @@ func aggFunctionBlockedByCol(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('products', products) FROM (SELECT coalesce(json_agg("sel_json_0"), '[]') AS "products" FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."name" AS "name") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."name" FROM "products" LIMIT ('20') :: integer) AS "products_0" LIMIT ('20') :: integer) AS "sel_json_agg_0") AS "done_1337"`
+	sql := `SELECT json_object_agg('products', json_0) FROM (SELECT coalesce(json_agg("json_0"), '[]') AS "json_0" FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."name" AS "name") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."name" FROM "products" LIMIT ('20') :: integer) AS "products_0" LIMIT ('20') :: integer) AS "json_agg_0") AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "anon")
 	if err != nil {
@ -300,7 +300,7 @@ func aggFunctionDisabled(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('products', products) FROM (SELECT coalesce(json_agg("sel_json_0"), '[]') AS "products" FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."name" AS "name") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."name" FROM "products" LIMIT ('20') :: integer) AS "products_0" LIMIT ('20') :: integer) AS "sel_json_agg_0") AS "done_1337"`
+	sql := `SELECT json_object_agg('products', json_0) FROM (SELECT coalesce(json_agg("json_0"), '[]') AS "json_0" FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."name" AS "name") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."name" FROM "products" LIMIT ('20') :: integer) AS "products_0" LIMIT ('20') :: integer) AS "json_agg_0") AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "anon1")
 	if err != nil {
@ -320,7 +320,7 @@ func aggFunctionWithFilter(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('products', products) FROM (SELECT coalesce(json_agg("sel_json_0"), '[]') AS "products" FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."max_price" AS "max_price") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."id", max("products"."price") AS "max_price" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8) AND (("products"."id") > 10)) GROUP BY "products"."id" LIMIT ('20') :: integer) AS "products_0" LIMIT ('20') :: integer) AS "sel_json_agg_0") AS "done_1337"`
+	sql := `SELECT json_object_agg('products', json_0) FROM (SELECT coalesce(json_agg("json_0"), '[]') AS "json_0" FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."max_price" AS "max_price") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."id", max("products"."price") AS "max_price" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8) AND (("products"."id") > 10)) GROUP BY "products"."id" LIMIT ('20') :: integer) AS "products_0" LIMIT ('20') :: integer) AS "json_agg_0") AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "user")
 	if err != nil {
@ -339,7 +339,7 @@ func syntheticTables(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('me', sel_json_0) FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT ) AS "sel_0")) AS "sel_json_0" FROM (SELECT "users"."email" FROM "users" WHERE ((("users"."id") = {{user_id}})) LIMIT ('1') :: integer) AS "users_0" LIMIT ('1') :: integer) AS "done_1337"`
+	sql := `SELECT json_object_agg('me', json_0) FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT ) AS "json_row_0")) AS "json_0" FROM (SELECT "users"."email" FROM "users" WHERE ((("users"."id") = '{{user_id}}' :: bigint)) LIMIT ('1') :: integer) AS "users_0" LIMIT ('1') :: integer) AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "user")
 	if err != nil {
@ -359,7 +359,7 @@ func queryWithVariables(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('product', sel_json_0) FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "sel_0")) AS "sel_json_0" FROM (SELECT "products"."id", "products"."name" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8) AND (("products"."price") = {{product_price}}) AND (("products"."id") = {{product_id}})) LIMIT ('1') :: integer) AS "products_0" LIMIT ('1') :: integer) AS "done_1337"`
+	sql := `SELECT json_object_agg('product', json_0) FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "products_0"."id" AS "id", "products_0"."name" AS "name") AS "json_row_0")) AS "json_0" FROM (SELECT "products"."id", "products"."name" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8) AND (("products"."price") = '{{product_price}}' :: numeric(7,2)) AND (("products"."id") = '{{product_id}}' :: bigint)) LIMIT ('1') :: integer) AS "products_0" LIMIT ('1') :: integer) AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "user")
 	if err != nil {
@ -385,7 +385,40 @@ func withWhereOnRelations(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('users', users) FROM (SELECT coalesce(json_agg("sel_json_0"), '[]') AS "users" FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "users_0"."id" AS "id", "users_0"."email" AS "email") AS "sel_0")) AS "sel_json_0" FROM (SELECT "users"."id", "users"."email" FROM "users" WHERE (NOT EXISTS (SELECT 1 FROM products WHERE (("products"."user_id") = ("users"."id")))) LIMIT ('20') :: integer) AS "users_0" LIMIT ('20') :: integer) AS "sel_json_agg_0") AS "done_1337"`
+	sql := `SELECT json_object_agg('users', json_0) FROM (SELECT coalesce(json_agg("json_0"), '[]') AS "json_0" FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "users_0"."id" AS "id", "users_0"."email" AS "email") AS "json_row_0")) AS "json_0" FROM (SELECT "users"."id", "users"."email" FROM "users" WHERE (NOT EXISTS (SELECT 1 FROM products WHERE (("products"."user_id") = ("users"."id")))) LIMIT ('20') :: integer) AS "users_0" LIMIT ('20') :: integer) AS "json_agg_0") AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "user")
 	if err != nil {
 		t.Fatal(err)
 	}
 	if string(resSQL) != sql {
 		t.Fatal(errNotExpected)
 	}
 }
 func multiRoot(t *testing.T) {
 	gql := `query {
 		product {
 			id
 			name
 			customer {
 				email
 			}
 			customers {
 				email
 			}
 		}
 		user {
 			id
 			email
 		}
 		customer {
 			id
 		}
 	}`
 	sql := `SELECT row_to_json("json_root") FROM (SELECT "sel_0"."json_0" AS "customer", "sel_1"."json_1" AS "user", "sel_2"."json_2" AS "product" FROM (SELECT row_to_json((SELECT "json_row_2" FROM (SELECT "products_2"."id" AS "id", "products_2"."name" AS "name", "customers_3_join"."json_3" AS "customers", "customer_4_join"."json_4" AS "customer") AS "json_row_2")) AS "json_2" FROM (SELECT "products"."id", "products"."name" FROM "products" WHERE ((("products"."price") > 0) AND (("products"."price") < 8)) LIMIT ('1') :: integer) AS "products_2" LEFT OUTER JOIN LATERAL (SELECT row_to_json((SELECT "json_row_4" FROM (SELECT "customers_4"."email" AS "email") AS "json_row_4")) AS "json_4" FROM (SELECT "customers"."email" FROM "customers" LEFT OUTER JOIN "purchases" ON (("purchases"."product_id") = ("products_2"."id")) WHERE ((("customers"."id") = ("purchases"."customer_id"))) LIMIT ('1') :: integer) AS "customers_4" LIMIT ('1') :: integer) AS "customer_4_join" ON ('true') LEFT OUTER JOIN LATERAL (SELECT coalesce(json_agg("json_3"), '[]') AS "json_3" FROM (SELECT row_to_json((SELECT "json_row_3" FROM (SELECT "customers_3"."email" AS "email") AS "json_row_3")) AS "json_3" FROM (SELECT "customers"."email" FROM "customers" LEFT OUTER JOIN "purchases" ON (("purchases"."product_id") = ("products_2"."id")) WHERE ((("customers"."id") = ("purchases"."customer_id"))) LIMIT ('20') :: integer) AS "customers_3" LIMIT ('20') :: integer) AS "json_agg_3") AS "customers_3_join" ON ('true') LIMIT ('1') :: integer) AS "sel_2", (SELECT row_to_json((SELECT "json_row_1" FROM (SELECT "users_1"."id" AS "id", "users_1"."email" AS "email") AS "json_row_1")) AS "json_1" FROM (SELECT "users"."id", "users"."email" FROM "users" LIMIT ('1') :: integer) AS "users_1" LIMIT ('1') :: integer) AS "sel_1", (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "customers_0"."id" AS "id") AS "json_row_0")) AS "json_0" FROM (SELECT "customers"."id" FROM "customers" LIMIT ('1') :: integer) AS "customers_0" LIMIT ('1') :: integer) AS "sel_0") AS "json_root"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "user")
 	if err != nil {
@ -406,7 +439,7 @@ func blockedQuery(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('user', sel_json_0) FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "users_0"."id" AS "id", "users_0"."full_name" AS "full_name", "users_0"."email" AS "email") AS "sel_0")) AS "sel_json_0" FROM (SELECT "users"."id", "users"."full_name", "users"."email" FROM "users" WHERE (false) LIMIT ('1') :: integer) AS "users_0" LIMIT ('1') :: integer) AS "done_1337"`
+	sql := `SELECT json_object_agg('user', json_0) FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "users_0"."id" AS "id", "users_0"."full_name" AS "full_name", "users_0"."email" AS "email") AS "json_row_0")) AS "json_0" FROM (SELECT "users"."id", "users"."full_name", "users"."email" FROM "users" WHERE (false) LIMIT ('1') :: integer) AS "users_0" LIMIT ('1') :: integer) AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "bad_dude")
 	if err != nil {
@ -426,7 +459,7 @@ func blockedFunctions(t *testing.T) {
 		}
 	}`
-	sql := `SELECT json_object_agg('users', users) FROM (SELECT coalesce(json_agg("sel_json_0"), '[]') AS "users" FROM (SELECT row_to_json((SELECT "sel_0" FROM (SELECT "users_0"."email" AS "email") AS "sel_0")) AS "sel_json_0" FROM (SELECT "users"."email" FROM "users" WHERE (false) LIMIT ('20') :: integer) AS "users_0" LIMIT ('20') :: integer) AS "sel_json_agg_0") AS "done_1337"`
+	sql := `SELECT json_object_agg('users', json_0) FROM (SELECT coalesce(json_agg("json_0"), '[]') AS "json_0" FROM (SELECT row_to_json((SELECT "json_row_0" FROM (SELECT "users_0"."email" AS "email") AS "json_row_0")) AS "json_0" FROM (SELECT "users"."email" FROM "users" WHERE (false) LIMIT ('20') :: integer) AS "users_0" LIMIT ('20') :: integer) AS "json_agg_0") AS "sel_0"`
 	resSQL, err := compileGQLToPSQL(gql, nil, "bad_dude")
 	if err != nil {
@ -456,6 +489,7 @@ func TestCompileQuery(t *testing.T) {
 	t.Run("syntheticTables", syntheticTables)
 	t.Run("queryWithVariables", queryWithVariables)
 	t.Run("withWhereOnRelations", withWhereOnRelations)
 	t.Run("multiRoot", multiRoot)
 	t.Run("blockedQuery", blockedQuery)
 	t.Run("blockedFunctions", blockedFunctions)
 }
--- a/qcode/cleanup.sh
+++ b/qcode/cleanup.sh
@ -0,0 +1,2 @@
 #!/bin/sh
 cd corpus && rm -rf $(find . ! -name '00?.gql')
--- a/qcode/config.go
+++ b/qcode/config.go
@ -1,6 +1,7 @@
 package qcode
 import (
 	"regexp"
 	"sort"
 	"strings"
 )
@ -121,3 +122,12 @@ func mapToList(m map[string]string) []string {
 	sort.Strings(list)
 	return list
 }
 var varRe = regexp.MustCompile(`\$([a-zA-Z0-9_]+)`)
 func parsePresets(m map[string]string) map[string]string {
 	for k, v := range m {
 		m[k] = varRe.ReplaceAllString(v, `{{$1}}`)
 	}
 	return m
 }
--- a/qcode/parse.go
+++ b/qcode/parse.go
@ -148,25 +148,14 @@ func parseSelectionSet(gql []byte) (*Operation, error) {
 	if p.peek(itemObjOpen) {
 		p.ignore()
-	}
+		op, err = p.parseQueryOp()
 	if p.peek(itemName) {
 		op = opPool.Get().(*Operation)
 		op.Reset()
 		op.Type = opQuery
 		op.Name = ""
 		op.Fields = op.fieldsA[:0]
 		op.Args = op.argsA[:0]
 		op.Fields, err = p.parseFields(op.Fields)
 	} else {
 		op, err = p.parseOp()
 	}
 	if err != nil {
 		return nil, err
 	}
 	}
 	lexPool.Put(l)
@ -259,6 +248,37 @@ func (p *Parser) parseOp() (*Operation, error) {
 	if p.peek(itemObjOpen) {
 		p.ignore()
 		for n := 0; n < 10; n++ {
 			if p.peek(itemName) == false {
 				break
 			}
 			op.Fields, err = p.parseFields(op.Fields)
 			if err != nil {
 				return nil, err
 			}
 		}
 	}
 	return op, nil
 }
 func (p *Parser) parseQueryOp() (*Operation, error) {
 	op := opPool.Get().(*Operation)
 	op.Reset()
 	op.Type = opQuery
 	op.Fields = op.fieldsA[:0]
 	op.Args = op.argsA[:0]
 	var err error
 	for n := 0; n < 10; n++ {
 		if p.peek(itemName) == false {
 			break
 		}
 		op.Fields, err = p.parseFields(op.Fields)
 		if err != nil {
 			return nil, err
@ -300,16 +320,12 @@ func (p *Parser) parseFields(fields []Field) ([]Field, error) {
 			return nil, err
 		}
 		if f.ID != 0 {
 		intf := st.Peek()
-			pid, ok := intf.(int32)
+		if pid, ok := intf.(int32); ok {
 			if !ok {
 				return nil, fmt.Errorf("14: unexpected value %v (%t)", intf, intf)
 			}
 			f.ParentID = pid
 			fields[pid].Children = append(fields[pid].Children, f.ID)
 		} else {
 			f.ParentID = -1
 		}
 		if p.peek(itemObjOpen) {
--- a/qcode/parse_test.go
+++ b/qcode/parse_test.go
@ -14,10 +14,10 @@ func TestCompile1(t *testing.T) {
 	})
 	_, err := qc.Compile([]byte(`
-	product(id: 15) {
+	{ product(id: 15) {
 			id
 			name
-		}`), "user")
+		} }`), "user")
 	if err != nil {
 		t.Fatal(err)
--- a/qcode/qcode.go
+++ b/qcode/qcode.go
@ -30,6 +30,8 @@ type QCode struct {
 	Type      QType
 	ActionVar string
 	Selects   []Select
 	Roots     []int32
 	rootsA    [5]int32
 }
 type Select struct {
@ -200,7 +202,7 @@ func (com *Compiler) AddRole(role, table string, trc TRConfig) error {
 		return err
 	}
 	trv.insert.cols = listToMap(trc.Insert.Columns)
-	trv.insert.psmap = trc.Insert.Presets
+	trv.insert.psmap = parsePresets(trc.Insert.Presets)
 	trv.insert.pslist = mapToList(trv.insert.psmap)
 	// update config
@ -208,7 +210,7 @@ func (com *Compiler) AddRole(role, table string, trc TRConfig) error {
 		return err
 	}
 	trv.update.cols = listToMap(trc.Update.Columns)
-	trv.update.psmap = trc.Update.Presets
+	trv.update.psmap = parsePresets(trc.Update.Presets)
 	trv.update.pslist = mapToList(trv.update.psmap)
 	// delete config
@ -233,6 +235,7 @@ func (com *Compiler) Compile(query []byte, role string) (*QCode, error) {
 	var err error
 	qc := QCode{Type: QTQuery}
 	qc.Roots = qc.rootsA[:0]
 	op, err := Parse(query)
 	if err != nil {
@ -250,7 +253,7 @@ func (com *Compiler) Compile(query []byte, role string) (*QCode, error) {
 func (com *Compiler) compileQuery(qc *QCode, op *Operation, role string) error {
 	id := int32(0)
-	parentID := int32(0)
+	parentID := int32(-1)
 	if len(op.Fields) == 0 {
 		return errors.New("invalid graphql no query found")
@ -269,7 +272,12 @@ func (com *Compiler) compileQuery(qc *QCode, op *Operation, role string) error {
 	if len(op.Fields) == 0 {
 		return errors.New("empty query")
 	}
-	st.Push(op.Fields[0].ID)
+
 	for i := range op.Fields {
 		if op.Fields[i].ParentID == -1 {
 			st.Push(op.Fields[i].ID)
 		}
 	}
 	for {
 		if st.Len() == 0 {
@ -313,11 +321,6 @@ func (com *Compiler) compileQuery(qc *QCode, op *Operation, role string) error {
 			s.PresetList = trv.update.pslist
 		}
 		if s.ID != 0 {
 			p := &selects[s.ParentID]
 			p.Children = append(p.Children, s.ID)
 		}
 		if len(field.Alias) != 0 {
 			s.FieldName = field.Alias
 		} else {
@ -329,6 +332,15 @@ func (com *Compiler) compileQuery(qc *QCode, op *Operation, role string) error {
 			return err
 		}
 		// Order is important addFilters must come after compileArgs
 		if s.ParentID == -1 {
 			qc.Roots = append(qc.Roots, s.ID)
 			com.addFilters(qc, s, role)
 		} else {
 			p := &selects[s.ParentID]
 			p.Children = append(p.Children, s.ID)
 		}
 		s.Cols = make([]Column, 0, len(field.Children))
 		action = QTQuery
@ -362,18 +374,26 @@ func (com *Compiler) compileQuery(qc *QCode, op *Operation, role string) error {
 		return errors.New("invalid query")
 	}
-	var fil *Exp
+	qc.Selects = selects[:id]
-	root := &selects[0]
+	return nil
 }
-	if trv, ok := com.tr[role][op.Fields[0].Name]; ok {
+func (com *Compiler) addFilters(qc *QCode, root *Select, role string) {
 	var fil *Exp
 	if trv, ok := com.tr[role][root.Table]; ok {
 		fil = trv.filter(qc.Type)
 	}
-	if fil != nil {
+	if fil == nil {
 		return
 	}
 	switch fil.Op {
 	case OpNop:
 	case OpFalse:
 		root.Where = fil
 	default:
 		if root.Where != nil {
 			ow := root.Where
@ -390,10 +410,6 @@ func (com *Compiler) compileQuery(qc *QCode, op *Operation, role string) error {
 	}
 }
 	qc.Selects = selects[:id]
 	return nil
 }
 func (com *Compiler) compileArgs(qc *QCode, sel *Select, args []Arg) error {
 	var err error
@ -577,7 +593,7 @@ func (com *Compiler) compileArgID(sel *Select, arg *Arg) error {
 	case nodeVar:
 		ex.Type = ValVar
 	default:
-		fmt.Errorf("expecting a string, int, float or variable")
+		return fmt.Errorf("expecting a string, int, float or variable")
 	}
 	sel.Where = ex
--- a/serv/allow.go
+++ b/serv/allow.go
@ -71,7 +71,7 @@ func initAllowList(cpath string) {
 	}
 	if len(_allowList.filepath) == 0 {
-		if conf.UseAllowList {
+		if conf.Production {
 			logger.Fatal().Msg("allow.list not found")
 		}
--- a/serv/args.go
+++ b/serv/args.go
@ -13,25 +13,21 @@ func argMap(ctx *coreContext) func(w io.Writer, tag string) (int, error) {
 		switch tag {
 		case "user_id_provider":
 			if v := ctx.Value(userIDProviderKey); v != nil {
-				return stringArg(w, v.(string))
+				return io.WriteString(w, v.(string))
 			}
-			io.WriteString(w, "null")
+			return io.WriteString(w, "null")
 			return 0, nil
 		case "user_id":
 			if v := ctx.Value(userIDKey); v != nil {
-				return stringArg(w, v.(string))
+				return io.WriteString(w, v.(string))
 			}
-
+			return io.WriteString(w, "null")
 			io.WriteString(w, "null")
 			return 0, nil
 		case "user_role":
 			if v := ctx.Value(userRoleKey); v != nil {
-				return stringArg(w, v.(string))
+				return io.WriteString(w, v.(string))
 			}
-			io.WriteString(w, "null")
+			return io.WriteString(w, "null")
 			return 0, nil
 		}
 		fields := jsn.Get(ctx.req.Vars, [][]byte{[]byte(tag)})
@ -39,22 +35,7 @@ func argMap(ctx *coreContext) func(w io.Writer, tag string) (int, error) {
 			return 0, fmt.Errorf("variable '%s' not found", tag)
 		}
-		is := false
+		return w.Write(fields[0].Value)
 		for i := range fields[0].Value {
 			c := fields[0].Value[i]
 			if c != ' ' {
 				is = (c == '"') || (c == '{') || (c == '[')
 				break
 			}
 		}
 		if is {
 			return stringArgB(w, fields[0].Value)
 		}
 		w.Write(fields[0].Value)
 		return 0, nil
 	}
 }
@ -100,23 +81,3 @@ func argList(ctx *coreContext, args [][]byte) []interface{} {
 	return vars
 }
 func stringArg(w io.Writer, v string) (int, error) {
 	if n, err := w.Write([]byte(`'`)); err != nil {
 		return n, err
 	}
 	if n, err := w.Write([]byte(v)); err != nil {
 		return n, err
 	}
 	return w.Write([]byte(`'`))
 }
 func stringArgB(w io.Writer, v []byte) (int, error) {
 	if n, err := w.Write([]byte(`'`)); err != nil {
 		return n, err
 	}
 	if n, err := w.Write(v); err != nil {
 		return n, err
 	}
 	return w.Write([]byte(`'`))
 }
--- a/serv/auth_jwt.go
+++ b/serv/auth_jwt.go
@ -95,8 +95,11 @@ func jwtHandler(next http.HandlerFunc) http.HandlerFunc {
 			} else {
 				ctx = context.WithValue(ctx, userIDKey, claims.Subject)
 			}
 			next.ServeHTTP(w, r.WithContext(ctx))
 			return
 		}
 		next.ServeHTTP(w, r)
 	}
 }
--- a/serv/cmd.go
+++ b/serv/cmd.go
@ -110,6 +110,13 @@ e.g. db:migrate -+1
 		Run:   cmdDBSetup,
 	})
 	rootCmd.AddCommand(&cobra.Command{
 		Use:   "db:reset",
 		Short: "Reset database",
 		Long:  "This command will drop, create, migrate and seed the database (won't run in production)",
 		Run:   cmdDBReset,
 	})
 	rootCmd.AddCommand(&cobra.Command{
 		Use:   "new APP-NAME",
 		Short: "Create a new application",
@ -276,3 +283,13 @@ func initCompiler() {
 		logger.Fatal().Err(err).Msg("failed to initialized resolvers")
 	}
 }
 func initConfOnce() {
 	var err error
 	if conf == nil {
 		if conf, err = initConf(); err != nil {
 			logger.Fatal().Err(err).Msg("failed to read config")
 		}
 	}
 }
--- a/serv/cmd_migrate.go
+++ b/serv/cmd_migrate.go
@ -36,6 +36,7 @@ var newMigrationText = `-- Write your migrate up statements here
 `
 func cmdDBSetup(cmd *cobra.Command, args []string) {
 	initConfOnce()
 	cmdDBCreate(cmd, []string{})
 	cmdDBMigrate(cmd, []string{"up"})
@ -54,13 +55,19 @@ func cmdDBSetup(cmd *cobra.Command, args []string) {
 	logger.Warn().Msgf("failed to read seed file '%s'", sfile)
 }
-func cmdDBCreate(cmd *cobra.Command, args []string) {
+func cmdDBReset(cmd *cobra.Command, args []string) {
-	var err error
+	initConfOnce()
-	if conf, err = initConf(); err != nil {
+	if conf.Production {
-		logger.Fatal().Err(err).Msg("failed to read config")
+		logger.Fatal().Msg("db:reset does not work in production")
 		return
 	}
 	cmdDBDrop(cmd, []string{})
 	cmdDBSetup(cmd, []string{})
 }
 func cmdDBCreate(cmd *cobra.Command, args []string) {
 	initConfOnce()
 	ctx := context.Background()
 	conn, err := initDB(conf, false)
@ -80,12 +87,7 @@ func cmdDBCreate(cmd *cobra.Command, args []string) {
 }
 func cmdDBDrop(cmd *cobra.Command, args []string) {
-	var err error
+	initConfOnce()
 	if conf, err = initConf(); err != nil {
 		logger.Fatal().Err(err).Msg("failed to read config")
 	}
 	ctx := context.Background()
 	conn, err := initDB(conf, false)
@ -110,12 +112,7 @@ func cmdDBNew(cmd *cobra.Command, args []string) {
 		os.Exit(1)
 	}
-	var err error
+	initConfOnce()
 	if conf, err = initConf(); err != nil {
 		logger.Fatal().Err(err).Msg("failed to read config")
 	}
 	name := args[0]
 	m, err := migrate.FindMigrations(conf.MigrationsPath)
@ -124,7 +121,7 @@ func cmdDBNew(cmd *cobra.Command, args []string) {
 		os.Exit(1)
 	}
-	mname := fmt.Sprintf("%03d_%s.sql", len(m)+100, name)
+	mname := fmt.Sprintf("%d_%s.sql", len(m), name)
 	// Write new migration
 	mpath := filepath.Join(conf.MigrationsPath, mname)
@ -144,19 +141,14 @@ func cmdDBNew(cmd *cobra.Command, args []string) {
 }
 func cmdDBMigrate(cmd *cobra.Command, args []string) {
 	var err error
 	if len(args) == 0 {
 		cmd.Help()
 		os.Exit(1)
 	}
 	initConfOnce()
 	dest := args[0]
 	if conf, err = initConf(); err != nil {
 		logger.Fatal().Err(err).Msg("failed to read config")
 	}
 	conn, err := initDB(conf, true)
 	if err != nil {
 		logger.Fatal().Err(err).Msg("failed to connect to database")
@ -251,11 +243,7 @@ func cmdDBMigrate(cmd *cobra.Command, args []string) {
 }
 func cmdDBStatus(cmd *cobra.Command, args []string) {
-	var err error
+	initConfOnce()
 	if conf, err = initConf(); err != nil {
 		logger.Fatal().Err(err).Msg("failed to read config")
 	}
 	conn, err := initDB(conf, true)
 	if err != nil {
--- a/serv/cmd_seed.go
+++ b/serv/cmd_seed.go
@ -1,6 +1,7 @@
 package serv
 import (
 	"bytes"
 	"context"
 	"encoding/json"
 	"fmt"
@ -12,6 +13,7 @@ import (
 	"github.com/brianvoe/gofakeit"
 	"github.com/dop251/goja"
 	"github.com/spf13/cobra"
 	"github.com/valyala/fasttemplate"
 )
 func cmdDBSeed(cmd *cobra.Command, args []string) {
@ -21,7 +23,7 @@ func cmdDBSeed(cmd *cobra.Command, args []string) {
 		logger.Fatal().Err(err).Msg("failed to read config")
 	}
-	conf.UseAllowList = false
+	conf.Production = false
 	db, err = initDBPool(conf)
 	if err != nil {
@ -57,27 +59,82 @@ func cmdDBSeed(cmd *cobra.Command, args []string) {
 }
 //func runFunc(call goja.FunctionCall) {
-func graphQLFunc(query string, data interface{}) map[string]interface{} {
+func graphQLFunc(query string, data interface{}, opt map[string]string) map[string]interface{} {
 	b, err := json.Marshal(data)
 	if err != nil {
-		logger.Fatal().Err(err).Msg("failed to json serialize")
+		panic(err)
 	}
-	c := &coreContext{Context: context.Background()}
+	ctx := context.Background()
 	if v, ok := opt["user_id"]; ok && len(v) != 0 {
 		ctx = context.WithValue(ctx, userIDKey, v)
 	}
 	var role string
 	if v, ok := opt["role"]; ok && len(v) != 0 {
 		role = v
 	} else {
 		role = "user"
 	}
 	c := &coreContext{Context: ctx}
 	c.req.Query = query
 	c.req.Vars = b
 	c.req.role = "user"
-	res, err := c.execQuery()
+	st, err := c.buildStmtByRole(role)
 	if err != nil {
-		logger.Fatal().Err(err).Msg("graphql query failed")
+		panic(fmt.Errorf("graphql query failed: %s", err))
 	}
 	buf := &bytes.Buffer{}
 	t := fasttemplate.New(st.sql, openVar, closeVar)
 	_, err = t.ExecuteFunc(buf, argMap(c))
 	if err == errNoUserID {
 		panic(fmt.Errorf("query requires a user_id"))
 	}
 	if err != nil {
 		panic(err)
 	}
 	finalSQL := buf.String()
 	tx, err := db.Begin(c)
 	if err != nil {
 		panic(err)
 	}
 	defer tx.Rollback(c)
 	if conf.DB.SetUserID {
 		if err := c.setLocalUserID(tx); err != nil {
 			panic(err)
 		}
 	}
 	var root []byte
 	if err = tx.QueryRow(c, finalSQL).Scan(&root); err != nil {
 		panic(fmt.Errorf("sql query failed: %s", err))
 	}
 	if err := tx.Commit(c); err != nil {
 		panic(err)
 	}
 	res, err := c.execRemoteJoin(st.qc, st.skipped, root)
 	if err != nil {
 		panic(err)
 	}
 	val := make(map[string]interface{})
 	err = json.Unmarshal(res, &val)
 	if err != nil {
-		logger.Fatal().Err(err).Msg("failed to deserialize json")
+		panic(fmt.Errorf("failed to deserialize json: %s", err))
 	}
 	return val
@ -156,10 +213,9 @@ func setFakeFuncs(f *goja.Object) {
 	f.Set("transmission_gear_type", gofakeit.TransmissionGearType)
 	// Text
 	f.Set("word", gofakeit.Word)
 	f.Set("sentence", gofakeit.Sentence)
-	f.Set("paragrph", gofakeit.Paragraph)
+	f.Set("paragraph", gofakeit.Paragraph)
 	f.Set("question", gofakeit.Question)
 	f.Set("quote", gofakeit.Quote)
--- a/serv/config.go
+++ b/serv/config.go
@ -23,6 +23,7 @@ type config struct {
 	LogLevel       string `mapstructure:"log_level"`
 	EnableTracing  bool   `mapstructure:"enable_tracing"`
 	UseAllowList   bool   `mapstructure:"use_allow_list"`
 	Production     bool
 	WatchAndReload bool   `mapstructure:"reload_on_config_change"`
 	AuthFailBlock  bool   `mapstructure:"auth_fail_block"`
 	SeedFile       string `mapstructure:"seed_file"`
@ -145,6 +146,7 @@ type configRole struct {
 	Name      string
 	Match     string
 	Tables    []configRoleTable
 	tablesMap map[string]*configRoleTable
 }
 func newConfig(name string) *viper.Viper {
@ -195,6 +197,10 @@ func (c *config) Init(vi *viper.Viper) error {
 		c.Tables = c.DB.Tables
 	}
 	if c.UseAllowList {
 		c.Production = true
 	}
 	for k, v := range c.Inflections {
 		flect.AddPlural(k, v)
 	}
@ -219,13 +225,19 @@ func (c *config) Init(vi *viper.Viper) error {
 	rolesMap := make(map[string]struct{})
 	for i := range c.Roles {
-		role := c.Roles[i]
+		role := &c.Roles[i]
 		if _, ok := rolesMap[role.Name]; ok {
 			logger.Fatal().Msgf("duplicate role '%s' found", role.Name)
 		}
 		role.Name = sanitize(role.Name)
 		role.Match = sanitize(role.Match)
 		role.tablesMap = make(map[string]*configRoleTable)
 		for n, table := range role.Tables {
 			role.tablesMap[table.Name] = &role.Tables[n]
 		}
 		rolesMap[role.Name] = struct{}{}
 	}
--- a/serv/core.go
+++ b/serv/core.go
@ -52,9 +52,7 @@ func (c *coreContext) execQuery() ([]byte, error) {
 	var qc *qcode.QCode
 	var data []byte
-	logger.Debug().Str("role", c.req.role).Msg(c.req.Query)
+	if conf.Production {
 	if conf.UseAllowList {
 		var ps *preparedItem
 		data, ps, err = c.resolvePreparedSQL()
@ -73,6 +71,12 @@ func (c *coreContext) execQuery() ([]byte, error) {
 		}
 	}
 	return c.execRemoteJoin(qc, skipped, data)
 }
 func (c *coreContext) execRemoteJoin(qc *qcode.QCode, skipped uint32, data []byte) ([]byte, error) {
 	var err error
 	if len(data) == 0 || skipped == 0 {
 		return data, nil
 	}
@ -116,11 +120,19 @@ func (c *coreContext) execQuery() ([]byte, error) {
 }
 func (c *coreContext) resolvePreparedSQL() ([]byte, *preparedItem, error) {
-	tx, err := db.Begin(c)
+	var tx pgx.Tx
-	if err != nil {
+	var err error
 	mutation := isMutation(c.req.Query)
 	useRoleQuery := len(conf.RolesQuery) != 0 && mutation
 	useTx := useRoleQuery || conf.DB.SetUserID
 	if useTx {
 		if tx, err = db.Begin(c); err != nil {
 			return nil, nil, err
 		}
 		defer tx.Rollback(c)
 	}
 	if conf.DB.SetUserID {
 		if err := c.setLocalUserID(tx); err != nil {
@ -129,8 +141,6 @@ func (c *coreContext) resolvePreparedSQL() ([]byte, *preparedItem, error) {
 	}
 	var role string
 	mutation := isMutation(c.req.Query)
 	useRoleQuery := len(conf.RolesQuery) != 0 && mutation
 	if useRoleQuery {
 		if role, err = c.executeRoleQuery(tx); err != nil {
@ -151,33 +161,58 @@ func (c *coreContext) resolvePreparedSQL() ([]byte, *preparedItem, error) {
 	}
 	var root []byte
 	var row pgx.Row
 	vars := argList(c, ps.args)
-	if mutation {
+	if useTx {
-		err = tx.QueryRow(c, ps.stmt.SQL, vars...).Scan(&root)
+		row = tx.QueryRow(c, ps.stmt.SQL, vars...)
 	} else {
-		err = tx.QueryRow(c, ps.stmt.SQL, vars...).Scan(&c.req.role, &root)
+		row = db.QueryRow(c, ps.stmt.SQL, vars...)
 	}
 	if mutation {
 		err = row.Scan(&root)
 	} else {
 		err = row.Scan(&role, &root)
 	}
 	logger.Debug().Str("default_role", c.req.role).Str("role", role).Msg(c.req.Query)
 	if err != nil {
 		return nil, nil, err
 	}
 	c.req.role = role
 	if useTx {
 		if err := tx.Commit(c); err != nil {
 			return nil, nil, err
 		}
 	}
 	return root, ps, nil
 }
 func (c *coreContext) resolveSQL() ([]byte, uint32, error) {
-	tx, err := db.Begin(c)
+	var tx pgx.Tx
-	if err != nil {
+	var err error
 		return nil, 0, err
 	}
 	defer tx.Rollback(c)
 	mutation := isMutation(c.req.Query)
 	useRoleQuery := len(conf.RolesQuery) != 0 && mutation
 	useTx := useRoleQuery || conf.DB.SetUserID
 	if useTx {
 		if tx, err = db.Begin(c); err != nil {
 			return nil, 0, err
 		}
 		defer tx.Rollback(c)
 	}
 	if conf.DB.SetUserID {
 		if err := c.setLocalUserID(tx); err != nil {
 			return nil, 0, err
 		}
 	}
 	if useRoleQuery {
 		if c.req.role, err = c.executeRoleQuery(tx); err != nil {
@ -222,41 +257,45 @@ func (c *coreContext) resolveSQL() ([]byte, uint32, error) {
 		stime = time.Now()
 	}
 	if conf.DB.SetUserID {
 		if err := c.setLocalUserID(tx); err != nil {
 			return nil, 0, err
 		}
 	}
 	var root []byte
 	var role, defaultRole string
 	var row pgx.Row
 	if useTx {
 		row = tx.QueryRow(c, finalSQL)
 	} else {
 		row = db.QueryRow(c, finalSQL)
 	}
 	if mutation {
-		err = tx.QueryRow(c, finalSQL).Scan(&root)
+		err = row.Scan(&root)
 	} else {
-		err = tx.QueryRow(c, finalSQL).Scan(&c.req.role, &root)
+		err = row.Scan(&role, &root)
 		defaultRole = c.req.role
 		c.req.role = role
 	}
 	logger.Debug().Str("default_role", defaultRole).Str("role", role).Msg(c.req.Query)
 	if err != nil {
 		return nil, 0, err
 	}
 	if useTx {
 		if err := tx.Commit(c); err != nil {
 			return nil, 0, err
 		}
 	if mutation {
 		st = findStmt(c.req.role, stmts)
 	} else {
 		st = &stmts[0]
 	}
 	if conf.EnableTracing && len(st.qc.Selects) != 0 {
-		c.addTrace(
+		for _, id := range st.qc.Roots {
-			st.qc.Selects,
+			c.addTrace(st.qc.Selects, id, stime)
-			st.qc.Selects[0].ID,
+		}
 			stime)
 	}
-	if conf.UseAllowList == false {
+	if conf.Production == false {
 		_allowList.add(&c.req)
 	}
@ -325,7 +364,7 @@ func (c *coreContext) resolveRemote(
 		ob.WriteString("null")
 	}
-	to[0] = jsn.Field{[]byte(s.FieldName), ob.Bytes()}
+	to[0] = jsn.Field{Key: []byte(s.FieldName), Value: ob.Bytes()}
 	return to, nil
 }
@ -402,7 +441,7 @@ func (c *coreContext) resolveRemotes(
 				ob.WriteString("null")
 			}
-			to[n] = jsn.Field{[]byte(s.FieldName), ob.Bytes()}
+			to[n] = jsn.Field{Key: []byte(s.FieldName), Value: ob.Bytes()}
 		}(i, id, s)
 	}
 	wg.Wait()
@ -451,7 +490,7 @@ func (c *coreContext) addTrace(sel []qcode.Select, id int32, st time.Time) {
 	c.res.Extensions.Tracing.Duration = du
 	n := 1
-	for i := id; i != 0; i = sel[i].ParentID {
+	for i := id; i != -1; i = sel[i].ParentID {
 		n++
 	}
 	path := make([]string, n)
@ -459,7 +498,7 @@ func (c *coreContext) addTrace(sel []qcode.Select, id int32, st time.Time) {
 	n--
 	for i := id; ; i = sel[i].ParentID {
 		path[n] = sel[i].Table
-		if sel[i].ID == 0 {
+		if sel[i].ParentID == -1 {
 			break
 		}
 		n--
--- a/serv/core_build.go
+++ b/serv/core_build.go
@ -41,18 +41,26 @@ func (c *coreContext) buildStmt() ([]stmt, error) {
 	mutation := (qc.Type != qcode.QTQuery)
 	w := &bytes.Buffer{}
-	for i := range conf.Roles {
+	for i := 1; i < len(conf.Roles); i++ {
 		role := &conf.Roles[i]
 		// For mutations only render sql for a single role from the request
 		if mutation && len(c.req.role) != 0 && role.Name != c.req.role {
 			continue
 		}
 		if i > 0 {
 		qc, err = qcompile.Compile(gql, role.Name)
 		if err != nil {
 			return nil, err
 		}
 		if conf.Production && role.Name == "anon" {
 			for _, id := range qc.Roots {
 				root := qc.Selects[id]
 				if _, ok := role.tablesMap[root.Table]; !ok {
 					continue
 				}
 			}
 		}
 		stmts = append(stmts, stmt{role: role, qc: qc})
@ -142,3 +150,39 @@ func (c *coreContext) buildStmt() ([]stmt, error) {
 	return stmts, nil
 }
 func (c *coreContext) buildStmtByRole(role string) (stmt, error) {
 	var st stmt
 	var err error
 	if len(role) == 0 {
 		return st, errors.New(`no role defined`)
 	}
 	var vars map[string]json.RawMessage
 	if len(c.req.Vars) != 0 {
 		if err := json.Unmarshal(c.req.Vars, &vars); err != nil {
 			return st, err
 		}
 	}
 	gql := []byte(c.req.Query)
 	st.qc, err = qcompile.Compile(gql, role)
 	if err != nil {
 		return st, err
 	}
 	w := &bytes.Buffer{}
 	st.skipped, err = pcompile.Compile(st.qc, w, psql.Variables(vars))
 	if err != nil {
 		return st, err
 	}
 	st.sql = w.String()
 	return st, nil
 }
--- a/serv/http.go
+++ b/serv/http.go
@ -77,16 +77,14 @@ func apiv1Http(w http.ResponseWriter, r *http.Request) {
 	}
 	b, err := ioutil.ReadAll(io.LimitReader(r.Body, maxReadBytes))
 	defer r.Body.Close()
 	if err != nil {
 		logger.Err(err).Msg("failed to read request body")
 		errorResp(w, err)
 		return
 	}
 	defer r.Body.Close()
 	err = json.Unmarshal(b, &ctx.req)
 	if err != nil {
 		logger.Err(err).Msg("failed to decode json request body")
 		errorResp(w, err)
@ -109,10 +107,10 @@ func apiv1Http(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		logger.Err(err).Msg("failed to handle request")
 		errorResp(w, err)
 		return
 	}
 }
 func errorResp(w http.ResponseWriter, err error) {
 	w.WriteHeader(http.StatusBadRequest)
 	json.NewEncoder(w).Encode(gqlResp{Error: err.Error()})
 }
--- a/serv/prepare.go
+++ b/serv/prepare.go
@ -9,6 +9,7 @@ import (
 	"github.com/dosco/super-graph/qcode"
 	"github.com/jackc/pgconn"
 	"github.com/jackc/pgx/v4"
 	"github.com/valyala/fasttemplate"
 )
@ -24,22 +25,35 @@ var (
 )
 func initPreparedList() {
 	ctx := context.Background()
 	tx, err := db.Begin(ctx)
 	if err != nil {
 		logger.Fatal().Err(err).Send()
 	}
 	defer tx.Rollback(ctx)
 	_preparedList = make(map[string]*preparedItem)
-	if err := prepareRoleStmt(); err != nil {
+	if err := prepareRoleStmt(ctx, tx); err != nil {
 		logger.Fatal().Err(err).Msg("failed to prepare get role statement")
 	}
 	for _, v := range _allowList.list {
-
+		err := prepareStmt(ctx, tx, v.gql, v.vars)
 		err := prepareStmt(v.gql, v.vars)
 		if err != nil {
 			logger.Warn().Str("gql", v.gql).Err(err).Send()
 		}
 	}
 	if err := tx.Commit(ctx); err != nil {
 		logger.Fatal().Err(err).Send()
 	}
-func prepareStmt(gql string, varBytes json.RawMessage) error {
+	logger.Info().Msgf("Registered %d queries from allow.list as prepared statements", len(_allowList.list))
 }
 func prepareStmt(ctx context.Context, tx pgx.Tx, gql string, varBytes json.RawMessage) error {
 	if len(gql) == 0 {
 		return nil
 	}
@ -64,15 +78,7 @@ func prepareStmt(gql string, varBytes json.RawMessage) error {
 		finalSQL, am := processTemplate(s.sql)
-		ctx := context.Background()
+		pstmt, err := tx.Prepare(c.Context, "", finalSQL)
 		tx, err := db.Begin(ctx)
 		if err != nil {
 			return err
 		}
 		defer tx.Rollback(ctx)
 		pstmt, err := tx.Prepare(ctx, "", finalSQL)
 		if err != nil {
 			return err
 		}
@ -92,15 +98,12 @@ func prepareStmt(gql string, varBytes json.RawMessage) error {
 			qc:      s.qc,
 		}
 		if err := tx.Commit(ctx); err != nil {
 			return err
 		}
 	}
 	return nil
 }
-func prepareRoleStmt() error {
+func prepareRoleStmt(ctx context.Context, tx pgx.Tx) error {
 	if len(conf.RolesQuery) == 0 {
 		return nil
 	}
@ -125,15 +128,7 @@ func prepareRoleStmt() error {
 	roleSQL, _ := processTemplate(w.String())
-	ctx := context.Background()
+	_, err := tx.Prepare(ctx, "_sg_get_role", roleSQL)
 	tx, err := db.Begin(ctx)
 	if err != nil {
 		return err
 	}
 	defer tx.Rollback(ctx)
 	_, err = tx.Prepare(ctx, "_sg_get_role", roleSQL)
 	if err != nil {
 		return err
 	}
@ -142,19 +137,31 @@ func prepareRoleStmt() error {
 }
 func processTemplate(tmpl string) (string, [][]byte) {
-	t := fasttemplate.New(tmpl, `{{`, `}}`)
+	st := struct {
-	am := make([][]byte, 0, 5)
+		vmap map[string]int
-	i := 0
+		am   [][]byte
 		i    int
 	}{
 		vmap: make(map[string]int),
 		am:   make([][]byte, 0, 5),
 		i:    0,
 	}
-	vmap := make(map[string]int)
+	execFunc := func(w io.Writer, tag string) (int, error) {
-
+		if n, ok := st.vmap[tag]; ok {
 	return t.ExecuteFuncString(func(w io.Writer, tag string) (int, error) {
 		if n, ok := vmap[tag]; ok {
 			return w.Write([]byte(fmt.Sprintf("$%d", n)))
 		}
-		am = append(am, []byte(tag))
+		st.am = append(st.am, []byte(tag))
-		i++
+		st.i++
-		vmap[tag] = i
+		st.vmap[tag] = st.i
-		return w.Write([]byte(fmt.Sprintf("$%d", i)))
+		return w.Write([]byte(fmt.Sprintf("$%d", st.i)))
-	}), am
+	}
 	t1 := fasttemplate.New(tmpl, `'{{`, `}}'`)
 	ts1 := t1.ExecuteFuncString(execFunc)
 	t2 := fasttemplate.New(ts1, `{{`, `}}`)
 	ts2 := t2.ExecuteFuncString(execFunc)
 	return ts2, st.am
 }
--- a/serv/reload.go
+++ b/serv/reload.go
@ -108,7 +108,7 @@ func Do(log func(string, ...interface{}), additional ...dir) error {
 				// Ensure that we use the correct events, as they are not uniform across
 				// platforms. See https://github.com/fsnotify/fsnotify/issues/74
-				if conf.UseAllowList == false && strings.HasSuffix(event.Name, "/allow.list") {
+				if conf.Production == false && strings.HasSuffix(event.Name, "/allow.list") {
 					continue
 				}
--- a/serv/serv.go
+++ b/serv/serv.go
@ -169,6 +169,7 @@ func routeHandler() http.Handler {
 	mux := http.NewServeMux()
 	mux.Handle("/api/v1/graphql", withAuth(apiv1Http))
 	if conf.WebUI {
 		mux.Handle("/", http.FileServer(rice.MustFindBox("../web/build").HTTPBox()))
 	}
--- a/slides/overview.slide
+++ b/slides/overview.slide
@ -77,7 +77,7 @@ SQL Output
  database:
    variables:
-      account_id: "select account_id from users where id = $user_id"
+      admin_account_id: "5"
    defaults:
      Filters: ["{ user_id: { eq: $user_id } }"]
--- a/tmpl/100_init.sql
+++ b/tmpl/100_init.sql
--- a/tmpl/dev.yml
+++ b/tmpl/dev.yml
@ -1,15 +1,15 @@
-app_name: "{{app_name}} Development"
+app_name: "{% app_name %} Development"
 host_port: 0.0.0.0:8080
 web_ui: true
 # debug, info, warn, error, fatal, panic
-log_level: "debug"
+log_level: "info"
-# Disable this in development to get a list of 
+# When production mode is 'true' only queries 
-# queries used. When enabled super graph
+# from the allow list are permitted.
-# will only allow queries from this list
+# When it's 'false' all queries are saved to the
-# List saved to ./config/allow.list
+# the allow list in ./config/allow.list
-use_allow_list: false
+production: false
 # Throw a 401 on auth failure for queries that need auth
 auth_fail_block: false
@ -48,7 +48,7 @@ migrations_path: ./config/migrations
 auth:
  # Can be 'rails' or 'jwt'
  type: rails
-  cookie: _{{app_name_slug}}_session
+  cookie: _{% app_name_slug %}_session
  # Comment this out if you want to disable setting
  # the user_id via a header for testing. 
@ -84,7 +84,7 @@ database:
  type: postgres
  host: db
  port: 5432
-  dbname: {{app_name_slug}}_development
+  dbname: {% app_name_slug %}_development
  user: postgres
  password: ''
@ -97,10 +97,9 @@ database:
  # Enable this if you need the user id in triggers, etc
  set_user_id: false
-  # Define variables here that you want to use in filters
+  # Define additional variables here to be used with filters
  # sub-queries must be wrapped in ()
  variables:
-    account_id: "(select account_id from users where id = $user_id)"
+    admin_account_id: "5"
  # Define defaults to for the field key and values below
  defaults:
@ -185,11 +184,10 @@ roles:
            - updated_at: "now"
        delete:
-          deny: true
+          block: true
  - name: admin
-    match: id = 1
+    match: id = 1000
    tables:
      - name: users
-        # query:
+        filters: []
        #   filters: ["{ account_id: { _eq: $account_id } }"]
--- a/tmpl/docker-compose.yml
+++ b/tmpl/docker-compose.yml
@ -1,4 +1,4 @@
-version: '3'
+version: '3.4'
 services:
  db:
    image: postgres
--- a/tmpl/prod.yml
+++ b/tmpl/prod.yml
@ -2,18 +2,17 @@
 # so I only need to overwrite some values
 inherits: dev
-app_name: "{{app_name}} Production"
+app_name: "{% app_name %} Production"
 host_port: 0.0.0.0:8080
 web_ui: false
 # debug, info, warn, error, fatal, panic, disable
 log_level: "info"
-
+# When production mode is 'true' only queries 
-# Disable this in development to get a list of 
+# from the allow list are permitted.
-# queries used. When enabled super graph
+# When it's 'false' all queries are saved to the
-# will only allow queries from this list
+# the allow list in ./config/allow.list
-# List saved to ./config/allow.list
+production: true
 use_allow_list: true
 # Throw a 401 on auth failure for queries that need auth
 auth_fail_block: true
@ -41,45 +40,11 @@ enable_tracing: true
 # SG_AUTH_RAILS_REDIS_PASSWORD
 # SG_AUTH_JWT_PUBLIC_KEY_FILE
 # inflections:
 #   person: people
 #   sheep: sheep
 auth: 
  # Can be 'rails' or 'jwt'
  type: rails
  cookie: _{{app_name_slug}}_session
  rails:
    # Rails version this is used for reading the
    # various cookies formats.
    version: 5.2
    # Found in 'Rails.application.config.secret_key_base'
    secret_key_base: 0a248500a64c01184edb4d7ad3a805488f8097ac761b76aaa6c17c01dcb7af03a2f18ba61b2868134b9c7b79a122bc0dadff4367414a2d173297bfea92be5566
    # Remote cookie store. (memcache or redis)
    # url: redis://127.0.0.1:6379
    # password: test
    # max_idle: 80,
    # max_active: 12000,
    # In most cases you don't need these
    # salt: "encrypted cookie"
    # sign_salt: "signed encrypted cookie"
    # auth_salt: "authenticated encrypted cookie"
  # jwt:
  #   provider: auth0
  #   secret: abc335bfcfdb04e50db5bb0a4d67ab9
  #   public_key_file: /secrets/public_key.pem
  #   public_key_type: ecdsa #rsa
 database:
  type: postgres
  host: db
  port: 5432
-  dbname: {{app_name_slug}}_development
+  dbname: {% app_name_slug %}_development
  user: postgres
  password: ''
  #pool_size: 10
Author	SHA1	Message	Date
Vikram Rangnekar	6bd27d7c79	Add a db:reset command only for dev mode	2019-11-22 00:07:06 -05:00
Vikram Rangnekar	a4c09dedd5	Optimize db queries limit use of transactions	2019-11-21 02:14:12 -05:00
Vikram Rangnekar	176514b5f1	Added support for multi-root queries	2019-11-19 00:47:55 -05:00
Vikram Rangnekar	396f4bcfd8	Fix issues with JWT auth	2019-11-15 01:35:19 -05:00
Vikram Rangnekar	51c5f037f4	Fix bug with migration filename generation	2019-11-10 01:41:58 -05:00
Vikram Rangnekar	c576f1ae16	Fix bug with migration file name	2019-11-10 01:39:24 -05:00
Vikram Rangnekar	0a6995eaca	Fix bug with migration template name	2019-11-10 01:35:06 -05:00
Vikram Rangnekar	06ed823a51	Fix bug with creating new migrations	2019-11-10 01:33:06 -05:00
Vikram Rangnekar	3438c3efb9	Fix macro syntax bug in app templates	2019-11-09 21:53:26 -05:00
Vikram Rangnekar	605ec63466	Fix bugs and add new production mode	2019-11-07 02:37:24 -05:00
		`@ -0,0 +1,2 @@`
							`#!/bin/sh`
							`cd corpus && rm -rf $(find . ! -name '00?.gql')`