@gabrielbryk/json-schema-to-zod 2.11.1 → 2.12.1

package/CHANGELOG.md

@@ -1,5 +1,26 @@
 # @gabrielbryk/json-schema-to-zod
 
+## 2.12.1
+
+### Patch Changes
+
+- e8cbafc: Fix `unevaluatedProperties: false` with `oneOf` by avoiding strict union branches, allowing base properties through, and enforcing unknown-key rejection after composition.
+
+## 2.12.0
+
+### Minor Changes
+
+- 719e761: Add `typeExports` option to export TypeScript types for all generated schemas
+
+  When `typeExports: true` is set (along with `exportRefs: true`), each generated schema will have a corresponding type export:
+
+  ```typescript
+  export const MySchema = z.object({...});
+  export type MySchema = z.infer<typeof MySchema>;
+  ```
+
+  This makes it easier to use the generated types throughout your codebase without manually creating type aliases.
+
 ## 2.11.1
 
 ### Patch Changes

package/check-types.sh

@@ -8,7 +8,7 @@ import { readFileSync, writeFileSync } from 'fs';
 import { jsonSchemaToZod } from './src/jsonSchemaToZod.js';
 
 const schema = yaml.load(readFileSync('test/fixtures/workflow.yaml', 'utf8'));
-const output = jsonSchemaToZod(schema, { name: 'workflowSchema' });
+const output = jsonSchemaToZod(schema, { name: 'workflowSchema', typeExports: true });
 writeFileSync('.tmp-workflow-schema-output.ts', output);
 console.log('Generated .tmp-workflow-schema-output.ts');
 EOF

package/dist/core/emitZod.js

@@ -149,7 +149,7 @@ const orderDeclarations = (entries, dependencies) => {
 };
 export const emitZod = (analysis) => {
     const { schema, options, refNameByPointer, cycleRefNames, cycleComponentByName, } = analysis;
-    const { name, type, noImport, exportRefs, withMeta, ...rest } = options;
+    const { name, type, noImport, exportRefs, typeExports, withMeta, ...rest } = options;
     const declarations = new Map();
     const dependencies = new Map();
     // Fresh name registry for the emission pass.
@@ -227,6 +227,13 @@ export const emitZod = (analysis) => {
                         expression: `${baseName}${methodChain}`,
                         exported: exportRefs,
                     });
+                    // Export type for this declaration if typeExports is enabled
+                    if (typeExports && exportRefs) {
+                        emitter.addTypeExport({
+                            name: refName,
+                            type: `z.infer<typeof ${refName}>`,
+                        });
+                    }
                     continue;
                 }
             }
@@ -236,6 +243,13 @@ export const emitZod = (analysis) => {
                 exported: exportRefs,
                 typeAnnotation: storedType !== "z.ZodTypeAny" ? storedType : undefined,
             });
+            // Export type for this declaration if typeExports is enabled
+            if (typeExports && exportRefs) {
+                emitter.addTypeExport({
+                    name: refName,
+                    type: `z.infer<typeof ${refName}>`,
+                });
+            }
         }
     }
     if (name) {
@@ -252,7 +266,8 @@ export const emitZod = (analysis) => {
             jsdoc: jsdocs,
         });
     }
-    if (type && name) {
+    // Export type for root schema if type option is set, or if typeExports is enabled
+    if (name && (type || typeExports)) {
         const typeName = typeof type === "string" ? type : `${name[0].toUpperCase()}${name.substring(1)}`;
         emitter.addTypeExport({
             name: typeName,

package/dist/parsers/parseObject.js

@@ -6,6 +6,25 @@ import { parseIfThenElse } from "./parseIfThenElse.js";
 import { addJsdocs } from "../utils/jsdocs.js";
 import { anyOrUnknown } from "../utils/anyOrUnknown.js";
 import { containsRecursiveRef, inferTypeFromExpression } from "../utils/schemaRepresentation.js";
+const collectKnownPropertyKeys = (schema) => {
+    const keys = new Set();
+    const visit = (node) => {
+        if (typeof node !== "object" || node === null)
+            return;
+        const obj = node;
+        if (obj.properties && typeof obj.properties === "object") {
+            Object.keys(obj.properties).forEach((key) => keys.add(key));
+        }
+    };
+    visit(schema);
+    if (Array.isArray(schema.oneOf))
+        schema.oneOf.forEach(visit);
+    if (Array.isArray(schema.anyOf))
+        schema.anyOf.forEach(visit);
+    if (Array.isArray(schema.allOf))
+        schema.allOf.forEach(visit);
+    return Array.from(keys);
+};
 export function parseObject(objectSchema, refs) {
     // Optimization: if we have composition keywords (allOf/anyOf/oneOf) but no direct properties,
     // delegate entirely to the composition parser to avoid generating z.object({}).and(...)
@@ -230,28 +249,40 @@ export function parseObject(objectSchema, refs) {
     // we should NOT default to z.record(z.string(), z.any()) because that would allow any properties.
     // Instead, use z.object({}) and let the .and() call add properties from the composition.
     // This is especially important when unevaluatedProperties: false is set.
+    const shouldPassthroughForUnevaluated = unevaluated === false && hasCompositionKeywords;
+    const passthroughProperties = shouldPassthroughForUnevaluated && properties && !patternProperties
+        ? `${properties}.passthrough()`
+        : properties;
     const fallback = anyOrUnknown(refs);
-    let output = properties
-        ? patternProperties
-            ? properties + patternProperties
-            : additionalProperties
-                ? additionalProperties.expression === "z.never()"
-                    // Don't use .strict() if there are composition keywords that add properties
-                    ? hasCompositionKeywords
-                        ? properties
-                        : properties + ".strict()"
-                    : properties + `.catchall(${additionalProperties.expression})`
-                : properties
-        : patternProperties
-            ? patternProperties
-            : additionalProperties
-                ? `z.record(z.string(), ${additionalProperties.expression})`
-                // If we have composition keywords, start with empty object instead of z.record()
-                // The composition will provide the actual schema via .and()
-                : hasCompositionKeywords
-                    ? "z.object({})"
-                    // No constraints = any object. Use z.record() which is cleaner than z.object({}).catchall()
-                    : `z.record(z.string(), ${fallback.expression})`;
+    let output;
+    if (properties) {
+        if (patternProperties) {
+            output = properties + patternProperties;
+        }
+        else if (additionalProperties) {
+            if (additionalProperties.expression === "z.never()") {
+                // Don't use .strict() if there are composition keywords that add properties
+                output = hasCompositionKeywords ? passthroughProperties : properties + ".strict()";
+            }
+            else {
+                output = properties + `.catchall(${additionalProperties.expression})`;
+            }
+        }
+        else {
+            output = passthroughProperties;
+        }
+    }
+    else if (patternProperties) {
+        output = patternProperties;
+    }
+    else if (additionalProperties) {
+        output = `z.record(z.string(), ${additionalProperties.expression})`;
+    }
+    else {
+        // If we have composition keywords, start with empty object instead of z.record()
+        // The composition will provide the actual schema via .and()
+        output = hasCompositionKeywords ? "z.object({})" : `z.record(z.string(), ${fallback.expression})`;
+    }
     if (unevaluated === false && properties && !hasCompositionKeywords) {
         output += ".strict()";
     }
@@ -328,6 +359,27 @@ export function parseObject(objectSchema, refs) {
         output += `.and(${conditionalResult.expression})`;
         intersectionTypes.push(conditionalResult.type);
     }
+    if (unevaluated === false && hasCompositionKeywords) {
+        const knownKeys = collectKnownPropertyKeys(objectSchema);
+        const patternRegexps = objectSchema.patternProperties
+            ? Object.keys(objectSchema.patternProperties).map((pattern) => new RegExp(pattern))
+            : [];
+        const patternRegexpsLiteral = patternRegexps.length
+            ? `[${patternRegexps.map((r) => r.toString()).join(", ")}]`
+            : "[new RegExp(\"$^\")]";
+        output += `.superRefine((value, ctx) => {
+  if (!value || typeof value !== "object") return;
+  const knownKeys = ${JSON.stringify(knownKeys)};
+  const patternRegexps = ${patternRegexpsLiteral};
+  for (const key in value) {
+    const isKnown = knownKeys.includes(key);
+    const matchesPattern = patternRegexps.length ? patternRegexps.some((r) => r.test(key)) : false;
+    if (!isKnown && !matchesPattern) {
+      ctx.addIssue({ code: "unrecognized_keys", keys: [key], path: [key], message: "Unknown property" });
+    }
+  }
+})`;
+    }
     // Only add required validation for missing keys when there are no composition keywords
     // When allOf/anyOf/oneOf exist, they should define the properties and handle required validation
     if (missingRequiredKeys.length > 0 && !hasCompositionKeywords) {

package/dist/parsers/parseOneOf.js

@@ -297,6 +297,14 @@ export const parseOneOf = (schema, refs) => {
     // in Zod v4 because ZodDiscriminatedUnion cannot be nested inside ZodUnion at the type level.
     // The runtime would work, but the types wouldn't match, causing compile errors.
     // So we fall through to the regular union handling below.
+    // If the parent object has its own shape (properties/patternProperties/additionalProperties)
+    // or explicitly forbids unevaluated properties, we shouldn't make the oneOf branches strict.
+    // Otherwise, the intersection with the parent schema would reject the parent's properties
+    // before the union gets a chance to validate.
+    const parentHasDirectObjectShape = Boolean(schema.properties ||
+        schema.patternProperties ||
+        schema.additionalProperties);
+    const parentForbidsUnevaluated = schema.unevaluatedProperties === false;
     // Fallback: Standard z.union
     const parsedSchemas = schema.oneOf.map((s, i) => {
         const extracted = extractInlineObject(s, refs, [...refs.path, "oneOf", i]);
@@ -317,6 +325,8 @@ export const parseOneOf = (schema, refs) => {
             parsed.expression.startsWith("z.object(") && // Critical check: Must be a Zod object
             !parsed.expression.includes(".and(") &&
             !parsed.expression.includes(".intersection(") &&
+            !parentHasDirectObjectShape &&
+            !parentForbidsUnevaluated &&
             !parsed.expression.includes(".strict()") &&
             !parsed.expression.includes(".catchall") &&
             !parsed.expression.includes(".passthrough")) {

package/dist/types/Types.d.ts

@@ -84,6 +84,18 @@ export type Options = {
     noImport?: boolean;
     /** Export all generated reference schemas (for $refs) when using ESM */
     exportRefs?: boolean;
+    /**
+     * Export TypeScript types for all generated schemas using z.infer.
+     * When true, exports a type for each schema (including lifted/ref schemas when exportRefs is true).
+     * Type names match their corresponding schema const names.
+     * @example
+     * // With typeExports: true, exportRefs: true, and name: "MySchema"
+     * export const SubSchema = z.object({...});
+     * export type SubSchema = z.infer<typeof SubSchema>;
+     * export const MySchema = z.object({ sub: SubSchema });
+     * export type MySchema = z.infer<typeof MySchema>;
+     */
+    typeExports?: boolean;
     /**
      * Store original JSON Schema constructs in .meta({ __jsonSchema: {...} })
      * for features that can't be natively represented in Zod (patternProperties,

package/docs/proposals/allof-required-merging.md

@@ -0,0 +1,53 @@
+# Proposal: Strengthen `allOf` required handling
+
+## Problem
+- Required keys are dropped when properties live in a different `allOf` member than the `required` array (e.g., workflow schema `call`/`with`).
+- Spread path only looks at each member’s own `required`, ignoring parent + sibling required-only members.
+- Intersection fallback also skips parent required enforcement because `parseObject` disables missing-key checks when composition keywords exist.
+- `$ref` members with required lists don’t inform optionality of sibling properties.
+- Conflicting property definitions across `allOf` members fail silently (often ending up as permissive intersections).
+
+## Goals
+1) Preserve required semantics across `allOf`, even when properties and `required` are split across members.
+2) Keep spread optimization where safe; otherwise, enforce required keys in the intersection path.
+3) Respect `unevaluatedProperties`/`additionalProperties` constraints from stricter members.
+4) Surface conflicts clearly instead of silently widening to `z.any()`.
+
+## Proposed changes
+- **Normalize `allOf` members up front (done partially):**
+  - Add `type: "object"` when shape hints exist and merge parent+member required into any member that actually declares those properties (already implemented for the spread path; extend to intersection path and `$ref` resolution).
+
+- **Intersection required enforcement:**
+  - When spread is not possible, compute a combined required set (parent + all member `required` + required-only members) and add a `superRefine` that checks presence of those keys on the final intersection result.
+  - Skip keys that none of the members define (avoid false positives).
+
+- **Required-only + properties-only pattern:**
+  - Detect an `allOf` where one member has only `required` and another has the properties; merge those required keys into the properties member before parsing.
+
+- **$ref-aware required merge:**
+  - When an `allOf` member is a `$ref`, resolve its schema shape/required (using existing ref resolution) and merge required keys that match properties provided by other members.
+
+- **Policy reconciliation:**
+  - When merging shapes, intersect `unevaluatedProperties`/`additionalProperties` so a member that disallows extras keeps that restriction after spread/intersection.
+
+- **Conflict detection:**
+  - If multiple members define the same property with incompatible primitive types (e.g., `string` vs `number`), emit a `superRefine` that fails with a clear message instead of silently widening.
+
+## Testing
+- Unit tests in `test/parsers/parseAllOf.test.ts` and `parseObject.test.ts` covering:
+  - properties-only + required-only split (current workflow pattern).
+  - Overlapping required across multiple members (including parent required).
+  - `$ref` member with required + sibling properties.
+  - Spread eligible vs. ineligible `allOf` and intersection fallback enforcing required.
+  - `unevaluatedProperties` interactions where one member disallows extras.
+  - Conflict detection on incompatible property types.
+
+## Risks & mitigations
+- **Over-enforcement**: Ensure required keys are only checked when at least one member defines the property. Filter combined required sets accordingly.
+- **Ref resolution cost**: Cache resolved `$ref` shapes when harvesting required sets to avoid repeated work.
+- **False conflicts**: Limit conflict detection to clear primitive mismatches; avoid flagging unions/anyOf/any as conflicts.
+
+## Rollout
+- Implement normalization + intersection required enforcement first, add tests for workflow fixture regression.
+- Follow with `$ref`-aware required merge and policy reconciliation tests.
+- Add conflict detection last (guarded behind a clear error message) to avoid unexpected breakage.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gabrielbryk/json-schema-to-zod",
-  "version": "2.11.1",
+  "version": "2.12.1",
   "description": "Converts JSON schema objects or files into Zod schemas",
   "type": "module",
   "types": "./dist/types/index.d.ts",