@moostjs/swagger 0.5.33 → 0.6.0

package/dist/index.cjs

@@ -29,34 +29,50 @@ const path = __toESM(require("path"));
 const swagger_ui_dist = __toESM(require("swagger-ui-dist"));
 
 //#region packages/swagger/src/swagger.mate.ts
-function getSwaggerMate() {
+/** Returns the shared `Mate` instance extended with Swagger/OpenAPI metadata fields. */ function getSwaggerMate() {
 	return (0, moost.getMoostMate)();
 }
 
 //#endregion
 //#region packages/swagger/src/decorators.ts
-const SwaggerTag = (tag) => getSwaggerMate().decorate("swaggerTags", tag, true);
-const SwaggerExclude = () => getSwaggerMate().decorate("swaggerExclude", true);
-const SwaggerDescription = (descr) => getSwaggerMate().decorate("swaggerDescription", descr);
+/** Adds an OpenAPI tag to a controller or handler for grouping in the Swagger UI. */ const SwaggerTag = (tag) => getSwaggerMate().decorate("swaggerTags", tag, true);
+/** Excludes a controller or handler from the generated OpenAPI spec. */ const SwaggerExclude = () => getSwaggerMate().decorate("swaggerExclude", true);
+/** Sets the OpenAPI description for a handler. */ const SwaggerDescription = (descr) => getSwaggerMate().decorate("swaggerDescription", descr);
 function SwaggerResponse(code, opts, example) {
 	return getSwaggerMate().decorate((meta) => {
 		let ex;
 		if (example) ex = example;
 		if (typeof code !== "number" && opts) ex = opts;
+		if (ex === void 0) {
+			ex = typeof code === "number" ? opts : code;
+			ex = ex?.example;
+		}
 		meta.swaggerResponses = meta.swaggerResponses || {};
 		const keyCode = typeof code === "number" ? code : 0;
 		const opt = typeof code === "number" ? opts : code;
 		const contentType = typeof opt.contentType === "string" ? opt.contentType : "*/*";
+		const description = typeof opt.description === "string" ? opt.description : void 0;
+		const headers = opt.headers;
 		const response = ["object", "function"].includes(typeof opt.response) ? opt.response : opt;
-		meta.swaggerResponses[keyCode] = meta.swaggerResponses[keyCode] || {};
-		meta.swaggerResponses[keyCode][contentType] = {
+		meta.swaggerResponses[keyCode] = meta.swaggerResponses[keyCode] || { content: {} };
+		meta.swaggerResponses[keyCode].content[contentType] = {
 			response,
 			example: ex
 		};
+		if (description) meta.swaggerResponses[keyCode].description = description;
+		if (headers) meta.swaggerResponses[keyCode].headers = {
+			...meta.swaggerResponses[keyCode].headers,
+			...headers
+		};
 		return meta;
 	});
 }
-function SwaggerRequestBody(opt) {
+/**
+* Defines the request body schema in the OpenAPI spec.
+*
+* @param opt - Schema definition. Use `{ response: MyDto }` for a typed schema,
+*   or `{ response: MyDto, contentType: 'multipart/form-data' }` for a specific content type.
+*/ function SwaggerRequestBody(opt) {
 	return getSwaggerMate().decorate((meta) => {
 		meta.swaggerRequestBody = meta.swaggerRequestBody || {};
 		const contentType = typeof opt.contentType === "string" ? opt.contentType : "application/json";
@@ -65,12 +81,127 @@ function SwaggerRequestBody(opt) {
 		return meta;
 	});
 }
-function SwaggerParam(opts) {
+/** Defines a parameter (query, path, header, cookie) in the OpenAPI spec. */ function SwaggerParam(opts) {
 	return getSwaggerMate().decorate("swaggerParams", opts, true);
 }
-function SwaggerExample(example) {
+/** Attaches an example value to a handler's OpenAPI documentation. */ function SwaggerExample(example) {
 	return getSwaggerMate().decorate("swaggerExample", example);
 }
+/** Marks a handler or controller as public, opting out of inherited security requirements. */ const SwaggerPublic = () => getSwaggerMate().decorate("swaggerPublic", true);
+/** Marks a handler or controller as deprecated in the OpenAPI spec. */ const SwaggerDeprecated = () => getSwaggerMate().decorate("swaggerDeprecated", true);
+/** Overrides the auto-generated operationId for an endpoint. */ const SwaggerOperationId = (id) => getSwaggerMate().decorate("swaggerOperationId", id);
+/** Links an operation to external documentation. */ const SwaggerExternalDocs = (url, description) => getSwaggerMate().decorate("swaggerExternalDocs", {
+	url,
+	...description ? { description } : {}
+});
+/**
+* Attaches a security requirement to a handler or controller (OR semantics).
+* Multiple calls add alternative requirements — any one suffices.
+*
+* @param schemeName - The name of the security scheme (must match a key in securitySchemes)
+* @param scopes - OAuth2/OIDC scopes required (default: [])
+*/ function SwaggerSecurity(schemeName, scopes = []) {
+	return getSwaggerMate().decorate("swaggerSecurity", { [schemeName]: scopes }, true);
+}
+/**
+* Attaches a combined security requirement (AND semantics).
+* All schemes in the requirement must be satisfied simultaneously.
+*/ function SwaggerSecurityAll(requirement) {
+	return getSwaggerMate().decorate("swaggerSecurity", requirement, true);
+}
+function SwaggerLink(codeOrName, nameOrOptions, maybeOptions) {
+	const statusCode = typeof codeOrName === "number" ? codeOrName : 0;
+	const name = typeof codeOrName === "string" ? codeOrName : nameOrOptions;
+	const options = typeof codeOrName === "string" ? nameOrOptions : maybeOptions;
+	const config = {
+		statusCode,
+		name,
+		..."operationId" in options && options.operationId ? { operationId: options.operationId } : {},
+		..."operationRef" in options && options.operationRef ? { operationRef: options.operationRef } : {},
+		..."handler" in options && options.handler ? { handler: options.handler } : {},
+		...options.parameters ? { parameters: options.parameters } : {},
+		...options.requestBody ? { requestBody: options.requestBody } : {},
+		...options.description ? { description: options.description } : {},
+		...options.server ? { server: options.server } : {}
+	};
+	return getSwaggerMate().decorate("swaggerLinks", config, true);
+}
+/**
+* Documents an OpenAPI callback (webhook) on an operation.
+* Describes a request your server sends to a client-provided URL.
+*
+* @example
+* ```ts
+* @SwaggerCallback('onEvent', {
+*   expression: '{$request.body#/callbackUrl}',
+*   requestBody: EventPayloadDto,
+*   description: 'Event notification sent to subscriber',
+* })
+* @Post('subscribe')
+* subscribe() { ... }
+* ```
+*/ function SwaggerCallback(name, options) {
+	const config = {
+		name,
+		expression: options.expression,
+		...options.method ? { method: options.method } : {},
+		...options.requestBody ? { requestBody: options.requestBody } : {},
+		...options.contentType ? { contentType: options.contentType } : {},
+		...options.description ? { description: options.description } : {},
+		...options.responseStatus ? { responseStatus: options.responseStatus } : {},
+		...options.responseDescription ? { responseDescription: options.responseDescription } : {}
+	};
+	return getSwaggerMate().decorate("swaggerCallbacks", config, true);
+}
+
+//#endregion
+//#region packages/swagger/src/json-to-yaml.ts
+const YAML_SPECIAL = /^[\s#!&*|>'{}[\],?:@`-]|[:#]\s|[\n\r]|\s$/;
+function quoteString(str) {
+	if (str === "") return "''";
+	if (YAML_SPECIAL.test(str) || str === "true" || str === "false" || str === "null") return JSON.stringify(str);
+	const num = Number(str);
+	if (str.length > 0 && !Number.isNaN(num) && String(num) === str) return JSON.stringify(str);
+	return str;
+}
+function serializeValue(value, indent) {
+	if (value === null || value === void 0) return "null";
+	if (typeof value === "boolean") return value ? "true" : "false";
+	if (typeof value === "number") return Number.isFinite(value) ? String(value) : "null";
+	if (typeof value === "string") return quoteString(value);
+	const pad = "  ".repeat(indent);
+	const childPad = "  ".repeat(indent + 1);
+	if (Array.isArray(value)) {
+		if (value.length === 0) return "[]";
+		const lines = [];
+		for (const item of value) if (isObject(item) || Array.isArray(item)) {
+			const nested = serializeValue(item, indent + 1);
+			lines.push(`${pad}- ${nested.slice(childPad.length)}`);
+		} else lines.push(`${pad}- ${serializeValue(item, 0)}`);
+		return lines.join("\n");
+	}
+	if (isObject(value)) {
+		const entries = Object.entries(value);
+		if (entries.length === 0) return "{}";
+		const lines = [];
+		for (const [key, val] of entries) {
+			const yamlKey = quoteString(key);
+			if (isObject(val) || Array.isArray(val)) {
+				const nested = serializeValue(val, indent + 1);
+				if (nested === "[]" || nested === "{}") lines.push(`${pad}${yamlKey}: ${nested}`);
+				else lines.push(`${pad}${yamlKey}:\n${nested}`);
+			} else lines.push(`${pad}${yamlKey}: ${serializeValue(val, 0)}`);
+		}
+		return lines.join("\n");
+	}
+	return String(value);
+}
+function isObject(value) {
+	return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function jsonToYaml(value) {
+	return `${serializeValue(value, 0)}\n`;
+}
 
 //#endregion
 //#region packages/swagger/src/mapping.ts
@@ -79,16 +210,26 @@ let schemaRefs = /* @__PURE__ */ new WeakMap();
 const nameToType = /* @__PURE__ */ new Map();
 function mapToSwaggerSpec(metadata, options, logger) {
 	resetSchemaRegistry();
+	const is31 = options?.openapiVersion === "3.1";
+	const collectedSecuritySchemes = { ...options?.securitySchemes };
 	const swaggerSpec = {
-		openapi: "3.0.0",
+		openapi: is31 ? "3.1.0" : "3.0.0",
 		info: {
 			title: options?.title || "API Documentation",
-			version: options?.version || "1.0.0"
+			...options?.description ? { description: options.description } : {},
+			version: options?.version || "1.0.0",
+			...options?.contact ? { contact: options.contact } : {},
+			...options?.license ? { license: options.license } : {},
+			...options?.termsOfService ? { termsOfService: options.termsOfService } : {}
 		},
 		paths: {},
 		tags: [],
+		...options?.servers?.length ? { servers: options.servers } : {},
+		...options?.externalDocs ? { externalDocs: options.externalDocs } : {},
+		...options?.security ? { security: options.security } : {},
 		components: { schemas: globalSchemas }
 	};
+	const deferredLinks = [];
 	for (const controller of metadata) {
 		const cmeta = controller.meta;
 		if (cmeta?.swaggerExclude) continue;
@@ -100,13 +241,14 @@ function mapToSwaggerSpec(metadata, options, logger) {
 			const uniqueParams = {};
 			const handlerPath = handler.registeredAs[0].path;
 			const handlerMethod = hh.method?.toLowerCase() || "get";
-			const handlerDescription = hmeta?.description;
+			const handlerSummary = hmeta?.label;
+			const handlerDescription = hmeta?.swaggerDescription || hmeta?.description;
 			const handlerTags = [...controllerTags, ...hmeta?.swaggerTags || []];
 			if (!swaggerSpec.paths[handlerPath]) swaggerSpec.paths[handlerPath] = {};
 			let responses;
-			if (hmeta?.swaggerResponses) for (const [code, responseConfigs] of Object.entries(hmeta.swaggerResponses)) {
+			if (hmeta?.swaggerResponses) for (const [code, responseEntry] of Object.entries(hmeta.swaggerResponses)) {
 				const newCode = code === "0" ? getDefaultStatusCode(handlerMethod) : code;
-				for (const [contentType, conf] of Object.entries(responseConfigs)) {
+				for (const [contentType, conf] of Object.entries(responseEntry.content)) {
 					const { response, example } = conf;
 					const schema = resolveSwaggerSchemaFromConfig(response);
 					if (schema) {
@@ -115,16 +257,35 @@ function mapToSwaggerSpec(metadata, options, logger) {
 							...schema,
 							example
 						} : schema;
-						responses[newCode] = { content: { [contentType]: { schema: schemaWithExample } } };
+						if (!responses[newCode]) responses[newCode] = {
+							description: responseEntry.description || defaultStatusDescription(Number(newCode)),
+							content: {}
+						};
+						responses[newCode].content[contentType] = { schema: schemaWithExample };
+					}
+				}
+				if (responseEntry.headers) {
+					const resolvedHeaders = resolveResponseHeaders(responseEntry.headers);
+					if (resolvedHeaders) {
+						responses = responses || {};
+						if (!responses[newCode]) responses[newCode] = {
+							description: defaultStatusDescription(Number(newCode)),
+							content: {}
+						};
+						responses[newCode].headers = resolvedHeaders;
 					}
 				}
 			}
-			else if (hmeta?.returnType) {
+			const defaultCode = getDefaultStatusCode(handlerMethod);
+			if (!responses?.[defaultCode] && hmeta?.returnType) {
 				const ensured = ensureSchema(hmeta.returnType);
 				const schema = toSchemaOrRef(ensured);
 				if (schema) {
 					responses = responses || {};
-					responses[getDefaultStatusCode(handlerMethod)] = { content: { "*/*": { schema } } };
+					responses[defaultCode] = {
+						description: defaultStatusDescription(Number(defaultCode)),
+						content: { "*/*": { schema } }
+					};
 				}
 			}
 			let reqBodyRequired = true;
@@ -134,13 +295,39 @@ function mapToSwaggerSpec(metadata, options, logger) {
 				if (schema) bodyContent[contentType] = { schema };
 			}
 			swaggerSpec.paths[handlerPath][handlerMethod] = {
-				summary: handlerDescription,
-				operationId: `${handlerMethod.toUpperCase()}_${handlerPath.replace(/\//g, "_").replace(/[{}]/g, "__").replace(/[^\dA-Za-z]/g, "_")}`,
+				summary: handlerSummary,
+				description: handlerDescription,
+				operationId: hmeta?.swaggerOperationId || hmeta?.id || `${handlerMethod.toUpperCase()}_${handlerPath.replaceAll(/\//g, "_").replaceAll(/[{}]/g, "__").replaceAll(/[^\dA-Za-z]/g, "_")}`,
 				tags: handlerTags,
 				parameters: [],
 				responses
 			};
 			const endpointSpec = swaggerSpec.paths[handlerPath][handlerMethod];
+			if (hmeta?.swaggerDeprecated || cmeta?.swaggerDeprecated) endpointSpec.deprecated = true;
+			if (hmeta?.swaggerExternalDocs) endpointSpec.externalDocs = hmeta.swaggerExternalDocs;
+			const opSecurity = resolveOperationSecurity(cmeta, hmeta, collectedSecuritySchemes);
+			if (opSecurity !== void 0) endpointSpec.security = opSecurity;
+			if (hmeta?.swaggerLinks?.length) for (const linkConfig of hmeta.swaggerLinks) deferredLinks.push({
+				endpointSpec,
+				httpMethod: handlerMethod,
+				config: linkConfig
+			});
+			if (hmeta?.swaggerCallbacks?.length) {
+				endpointSpec.callbacks = endpointSpec.callbacks || {};
+				for (const cb of hmeta.swaggerCallbacks) {
+					const method = (cb.method || "post").toLowerCase();
+					const contentType = cb.contentType || "application/json";
+					const status = String(cb.responseStatus || 200);
+					const responseDesc = cb.responseDescription || "OK";
+					const pathItem = { responses: { [status]: { description: responseDesc } } };
+					if (cb.description) pathItem.description = cb.description;
+					if (cb.requestBody) {
+						const schema = resolveSwaggerSchemaFromConfig(cb.requestBody);
+						if (schema) pathItem.requestBody = { content: { [contentType]: { schema } } };
+					}
+					endpointSpec.callbacks[cb.name] = { [cb.expression]: { [method]: pathItem } };
+				}
+			}
 			function addParam(param) {
 				const key = `${param.in}//${param.name}`;
 				if (uniqueParams[key]) {
@@ -179,8 +366,7 @@ function mapToSwaggerSpec(metadata, options, logger) {
 					schema
 				});
 			}
-			for (let i = 0; i < handler.meta.params.length; i++) {
-				const paramMeta = handler.meta.params[i];
+			for (const paramMeta of handler.meta.params) {
 				if (paramMeta.paramSource && ["QUERY_ITEM", "QUERY"].includes(paramMeta.paramSource)) {
 					const ensured = ensureSchema(paramMeta.type);
 					if (paramMeta.paramSource === "QUERY_ITEM") {
@@ -232,7 +418,7 @@ function mapToSwaggerSpec(metadata, options, logger) {
 				}
 			}
 			const bodyEntries = Object.entries(bodyContent).filter((entry) => entry[1] && entry[1].schema !== void 0);
-			if (bodyEntries.length) {
+			if (bodyEntries.length > 0) {
 				const content = {};
 				for (const [contentType, { schema }] of bodyEntries) content[contentType] = { schema };
 				endpointSpec.requestBody = {
@@ -242,6 +428,54 @@ function mapToSwaggerSpec(metadata, options, logger) {
 			}
 		}
 	}
+	if (deferredLinks.length > 0) {
+		const handlerOpIds = /* @__PURE__ */ new Map();
+		for (const controller of metadata) for (const handler of controller.handlers) {
+			const hh = handler.handler;
+			if (hh.type !== "HTTP" || handler.registeredAs.length === 0) continue;
+			const path$1 = handler.registeredAs[0].path;
+			const method = hh.method?.toLowerCase() || "get";
+			const opId = swaggerSpec.paths[path$1]?.[method]?.operationId;
+			if (opId) {
+				if (!handlerOpIds.has(controller.type)) handlerOpIds.set(controller.type, /* @__PURE__ */ new Map());
+				const methodMap = handlerOpIds.get(controller.type);
+				methodMap?.set(handler.method, opId);
+			}
+		}
+		for (const { endpointSpec, httpMethod, config } of deferredLinks) {
+			const statusCode = config.statusCode === 0 ? String(getDefaultStatusCode(httpMethod)) : String(config.statusCode);
+			const link = {};
+			if (config.handler) {
+				const [ctrlClass, methodName] = config.handler;
+				const resolvedId = handlerOpIds.get(ctrlClass)?.get(methodName);
+				if (!resolvedId) continue;
+				link.operationId = resolvedId;
+			} else if (config.operationId) link.operationId = config.operationId;
+			else if (config.operationRef) link.operationRef = config.operationRef;
+			if (config.parameters) link.parameters = config.parameters;
+			if (config.requestBody) link.requestBody = config.requestBody;
+			if (config.description) link.description = config.description;
+			if (config.server) link.server = config.server;
+			if (!endpointSpec.responses) endpointSpec.responses = {};
+			if (!endpointSpec.responses[statusCode]) endpointSpec.responses[statusCode] = {
+				description: defaultStatusDescription(Number(statusCode)),
+				content: {}
+			};
+			const responseEntry = endpointSpec.responses[statusCode];
+			if (!responseEntry.links) responseEntry.links = {};
+			responseEntry.links[config.name] = link;
+		}
+	}
+	const manualTags = new Map((options?.tags || []).map((t) => [t.name, t]));
+	const discoveredNames = /* @__PURE__ */ new Set();
+	for (const methods of Object.values(swaggerSpec.paths)) for (const endpoint of Object.values(methods)) for (const tag of endpoint.tags) discoveredNames.add(tag);
+	for (const tag of manualTags.values()) swaggerSpec.tags.push(tag);
+	for (const name of discoveredNames) if (!manualTags.has(name)) swaggerSpec.tags.push({ name });
+	const ownedSchemas = {};
+	for (const [key, value] of Object.entries(globalSchemas)) ownedSchemas[key] = cloneSchema(value);
+	swaggerSpec.components.schemas = ownedSchemas;
+	if (Object.keys(collectedSecuritySchemes).length > 0) swaggerSpec.components.securitySchemes = collectedSecuritySchemes;
+	if (is31) transformSpecTo31(swaggerSpec);
 	return swaggerSpec;
 }
 function resolveSwaggerSchemaFromConfig(type) {
@@ -249,6 +483,20 @@ function resolveSwaggerSchemaFromConfig(type) {
 	const ensured = ensureSchema(type);
 	return toSchemaOrRef(ensured);
 }
+function resolveResponseHeaders(headers) {
+	const resolved = {};
+	let hasAny = false;
+	for (const [name, header] of Object.entries(headers)) {
+		const schema = resolveSwaggerSchemaFromConfig(header.type) || { type: "string" };
+		const entry = { schema };
+		if (header.description) entry.description = header.description;
+		if (header.required !== void 0) entry.required = header.required;
+		if (header.example !== void 0) entry.example = header.example;
+		resolved[name] = entry;
+		hasAny = true;
+	}
+	return hasAny ? resolved : void 0;
+}
 function toSchemaOrRef(result) {
 	if (!result) return void 0;
 	if (result.ref) return { $ref: result.ref };
@@ -257,7 +505,7 @@ function toSchemaOrRef(result) {
 function inferBodyContentType(schema, resolved) {
 	const target = resolved ?? resolveSchemaFromRef(schema);
 	const schemaType = target?.type ?? schema.type;
-	if (schemaType && [
+	if (typeof schemaType === "string" && [
 		"string",
 		"number",
 		"integer",
@@ -423,22 +671,60 @@ function ensureComponentName(typeRef, schema, suggestedName) {
 	schemaRefs.set(typeRef, candidate);
 	applySwaggerMetadata(typeRef, schema);
 	globalSchemas[candidate] = cloneSchema(schema);
+	hoistDefs(globalSchemas[candidate]);
 	return candidate;
 }
+/**
+* When a schema has `$defs`, hoist each definition into `globalSchemas`
+* (i.e. `#/components/schemas/`) and rewrite all `#/$defs/X` references
+* throughout the schema tree to `#/components/schemas/X`.
+* Removes the `$defs` property from the schema after hoisting.
+*/ function hoistDefs(schema) {
+	if (!schema.$defs) return;
+	for (const [name, def] of Object.entries(schema.$defs)) if (!globalSchemas[name]) {
+		globalSchemas[name] = cloneSchema(def);
+		hoistDefs(globalSchemas[name]);
+	}
+	delete schema.$defs;
+	rewriteDefsRefs(schema);
+}
+/** Recursively rewrite `$ref: '#/$defs/X'` → `$ref: '#/components/schemas/X'` */ function rewriteDefsRefs(schema) {
+	if (schema.$ref?.startsWith("#/$defs/")) schema.$ref = schema.$ref.replace("#/$defs/", "#/components/schemas/");
+	if (schema.discriminator?.mapping) {
+		for (const [key, value] of Object.entries(schema.discriminator.mapping)) if (value.startsWith("#/$defs/")) schema.discriminator.mapping[key] = value.replace("#/$defs/", "#/components/schemas/");
+	}
+	if (schema.items && !Array.isArray(schema.items)) rewriteDefsRefs(schema.items);
+	if (schema.properties) for (const prop of Object.values(schema.properties)) rewriteDefsRefs(prop);
+	for (const list of [
+		schema.allOf,
+		schema.anyOf,
+		schema.oneOf
+	]) if (list) for (const item of list) rewriteDefsRefs(item);
+	if (typeof schema.additionalProperties === "object" && schema.additionalProperties) rewriteDefsRefs(schema.additionalProperties);
+	if (schema.not) rewriteDefsRefs(schema.not);
+}
 function applySwaggerMetadata(typeRef, schema) {
 	try {
 		const mate = getSwaggerMate();
 		const meta = mate.read(typeRef);
-		if (!meta) return;
-		if (meta.swaggerExample !== void 0 && schema.example === void 0) schema.example = meta.swaggerExample;
-		const title = meta.label || meta.id;
-		if (title && !schema.title) schema.title = title;
-		if (meta.swaggerDescription && !schema.description) schema.description = meta.swaggerDescription;
-		else if (meta.description && !schema.description) schema.description = meta.description;
+		if (meta) {
+			if (meta.swaggerExample !== void 0 && schema.example === void 0) schema.example = meta.swaggerExample;
+			const title = meta.label || meta.id;
+			if (title && !schema.title) schema.title = title;
+			if (meta.swaggerDescription && !schema.description) schema.description = meta.swaggerDescription;
+			else if (meta.description && !schema.description) schema.description = meta.description;
+		}
 	} catch {}
+	if (schema.example === void 0) {
+		const exampleFn = typeRef.toExampleData;
+		if (typeof exampleFn === "function") {
+			const example = exampleFn.call(typeRef);
+			if (example !== void 0) schema.example = example;
+		}
+	}
 }
 function sanitizeComponentName(name) {
-	const sanitized = name.replace(/[^A-Za-z0-9_.-]/g, "_");
+	const sanitized = name.replaceAll(/[^A-Za-z0-9_.-]/g, "_");
 	return sanitized || "Schema";
 }
 function getTypeName(typeRef) {
@@ -521,6 +807,107 @@ function getDefaultStatusCode(httpMethod) {
 	};
 	return defaultStatusCodes[httpMethod.toUpperCase()] || 200;
 }
+const STATUS_DESCRIPTIONS = {
+	200: "OK",
+	201: "Created",
+	202: "Accepted",
+	204: "No Content",
+	301: "Moved Permanently",
+	302: "Found",
+	304: "Not Modified",
+	400: "Bad Request",
+	401: "Unauthorized",
+	403: "Forbidden",
+	404: "Not Found",
+	405: "Method Not Allowed",
+	409: "Conflict",
+	410: "Gone",
+	415: "Unsupported Media Type",
+	422: "Unprocessable Entity",
+	429: "Too Many Requests",
+	500: "Internal Server Error",
+	502: "Bad Gateway",
+	503: "Service Unavailable"
+};
+function defaultStatusDescription(code) {
+	return STATUS_DESCRIPTIONS[code] || "Response";
+}
+function transformSpecTo31(spec) {
+	for (const schema of Object.values(spec.components.schemas)) convertSchemaTo31(schema);
+	for (const methods of Object.values(spec.paths)) for (const endpoint of Object.values(methods)) {
+		for (const param of endpoint.parameters) convertSchemaTo31(param.schema);
+		if (endpoint.responses) for (const response of Object.values(endpoint.responses)) {
+			for (const media of Object.values(response.content)) convertSchemaTo31(media.schema);
+			if (response.headers) for (const header of Object.values(response.headers)) convertSchemaTo31(header.schema);
+		}
+		if (endpoint.requestBody) for (const media of Object.values(endpoint.requestBody.content)) convertSchemaTo31(media.schema);
+	}
+}
+function convertSchemaTo31(schema) {
+	if (schema.nullable) {
+		delete schema.nullable;
+		if (typeof schema.type === "string") schema.type = [schema.type, "null"];
+		else if (Array.isArray(schema.type)) {
+			if (!schema.type.includes("null")) schema.type.push("null");
+		} else schema.type = "null";
+	}
+	if (schema.properties) for (const prop of Object.values(schema.properties)) convertSchemaTo31(prop);
+	if (schema.items) if (Array.isArray(schema.items)) for (const item of schema.items) convertSchemaTo31(item);
+	else convertSchemaTo31(schema.items);
+	if (schema.allOf) for (const sub of schema.allOf) convertSchemaTo31(sub);
+	if (schema.anyOf) for (const sub of schema.anyOf) convertSchemaTo31(sub);
+	if (schema.oneOf) for (const sub of schema.oneOf) convertSchemaTo31(sub);
+	if (schema.not) convertSchemaTo31(schema.not);
+	if (typeof schema.additionalProperties === "object" && schema.additionalProperties) convertSchemaTo31(schema.additionalProperties);
+}
+function collectSchemesFromTransports(transports, schemes) {
+	if (transports.bearer) schemes.bearerAuth = {
+		type: "http",
+		scheme: "bearer",
+		...transports.bearer.format ? { bearerFormat: transports.bearer.format } : {},
+		...transports.bearer.description ? { description: transports.bearer.description } : {}
+	};
+	if (transports.basic) schemes.basicAuth = {
+		type: "http",
+		scheme: "basic",
+		...transports.basic.description ? { description: transports.basic.description } : {}
+	};
+	if (transports.apiKey) schemes.apiKeyAuth = {
+		type: "apiKey",
+		name: transports.apiKey.name,
+		in: transports.apiKey.in,
+		...transports.apiKey.description ? { description: transports.apiKey.description } : {}
+	};
+	if (transports.cookie) schemes.cookieAuth = {
+		type: "apiKey",
+		name: transports.cookie.name,
+		in: "cookie",
+		...transports.cookie.description ? { description: transports.cookie.description } : {}
+	};
+}
+function transportsToSecurityRequirement(transports) {
+	const requirements = [];
+	if (transports.bearer) requirements.push({ bearerAuth: [] });
+	if (transports.basic) requirements.push({ basicAuth: [] });
+	if (transports.apiKey) requirements.push({ apiKeyAuth: [] });
+	if (transports.cookie) requirements.push({ cookieAuth: [] });
+	return requirements;
+}
+function resolveOperationSecurity(cmeta, hmeta, schemes) {
+	if (hmeta?.swaggerPublic) return [];
+	if (hmeta?.swaggerSecurity?.length) return hmeta.swaggerSecurity;
+	if (hmeta?.authTransports) {
+		collectSchemesFromTransports(hmeta.authTransports, schemes);
+		return transportsToSecurityRequirement(hmeta.authTransports);
+	}
+	if (cmeta?.swaggerPublic) return [];
+	if (cmeta?.swaggerSecurity?.length) return cmeta.swaggerSecurity;
+	if (cmeta?.authTransports) {
+		collectSchemesFromTransports(cmeta.authTransports, schemes);
+		return transportsToSecurityRequirement(cmeta.authTransports);
+	}
+	return void 0;
+}
 
 //#endregion
 //#region packages/swagger/src/swagger.controller.ts
@@ -549,13 +936,10 @@ function _ts_param(paramIndex, decorator) {
 	};
 }
 var SwaggerController = class {
-	"processCors"() {
-		if (this.opts.cors) {
-			const { enableCors } = (0, __wooksjs_event_http.useSetHeaders)();
-			enableCors(this.opts.cors === true ? void 0 : this.opts.cors);
-		}
+	processCors() {
+		if (this.opts.cors) (0, __wooksjs_event_http.useResponse)().enableCors(this.opts.cors === true ? void 0 : this.opts.cors);
 	}
-	"serveIndex"(url, location, status) {
+	serveIndex(url, location, status) {
 		this.processCors();
 		if (!url.endsWith("index.html") && !url.endsWith("/")) {
 			status.value = 302;
@@ -599,21 +983,30 @@ var SwaggerController = class {
   });
 };`;
 	}
-	async "spec.json"() {
-		this.processCors();
-		const logger = (0, moost.useEventLogger)("@moostjs/zod");
+	async resolveSpec() {
 		if (!this.spec) {
-			const { instantiate } = (0, moost.useControllerContext)();
+			const ctx = (0, moost.current)();
+			const l = (0, moost.useLogger)(ctx);
+			const logger = typeof l.topic === "function" ? l.topic("@moostjs/swagger") : l;
+			const { instantiate } = (0, moost.useControllerContext)(ctx);
 			const moost$1 = await instantiate(moost.Moost);
 			this.spec = mapToSwaggerSpec(moost$1.getControllersOverview(), this.opts, logger);
 		}
 		return this.spec;
 	}
-	"files"(url) {
+	async "spec.json"() {
+		this.processCors();
+		return this.resolveSpec();
+	}
+	async "spec.yaml"() {
+		this.processCors();
+		return jsonToYaml(await this.resolveSpec());
+	}
+	files(url) {
 		this.processCors();
 		return this.serve(url.split("/").pop());
 	}
-	"serve"(path$1) {
+	serve(path$1) {
 		return (0, __wooksjs_http_static.serveFile)(path$1, {
 			baseDir: this.assetPath,
 			cacheControl: {
@@ -641,7 +1034,7 @@ _ts_decorate([
 	_ts_metadata("design:type", Function),
 	_ts_metadata("design:paramtypes", [
 		String,
-		typeof __wooksjs_event_http.THeaderHook === "undefined" ? Object : __wooksjs_event_http.THeaderHook,
+		typeof THeaderHook === "undefined" ? Object : THeaderHook,
 		typeof TStatusHook === "undefined" ? Object : TStatusHook
 	]),
 	_ts_metadata("design:returntype", void 0)
@@ -659,6 +1052,13 @@ _ts_decorate([
 	_ts_metadata("design:paramtypes", []),
 	_ts_metadata("design:returntype", Promise)
 ], SwaggerController.prototype, "spec.json", null);
+_ts_decorate([
+	(0, __moostjs_event_http.Get)(),
+	(0, __moostjs_event_http.SetHeader)("content-type", "text/yaml"),
+	_ts_metadata("design:type", Function),
+	_ts_metadata("design:paramtypes", []),
+	_ts_metadata("design:returntype", Promise)
+], SwaggerController.prototype, "spec.yaml", null);
 _ts_decorate([
 	(0, __moostjs_event_http.Get)("swagger-ui-bundle.*(js|js\\.map)"),
 	(0, __moostjs_event_http.Get)("swagger-ui-standalone-preset.*(js|js\\.map)"),
@@ -678,17 +1078,25 @@ SwaggerController = _ts_decorate([
 ], SwaggerController);
 
 //#endregion
+exports.SwaggerCallback = SwaggerCallback;
 Object.defineProperty(exports, 'SwaggerController', {
   enumerable: true,
   get: function () {
     return SwaggerController;
   }
 });
+exports.SwaggerDeprecated = SwaggerDeprecated;
 exports.SwaggerDescription = SwaggerDescription;
 exports.SwaggerExample = SwaggerExample;
 exports.SwaggerExclude = SwaggerExclude;
+exports.SwaggerExternalDocs = SwaggerExternalDocs;
+exports.SwaggerLink = SwaggerLink;
+exports.SwaggerOperationId = SwaggerOperationId;
 exports.SwaggerParam = SwaggerParam;
+exports.SwaggerPublic = SwaggerPublic;
 exports.SwaggerRequestBody = SwaggerRequestBody;
 exports.SwaggerResponse = SwaggerResponse;
+exports.SwaggerSecurity = SwaggerSecurity;
+exports.SwaggerSecurityAll = SwaggerSecurityAll;
 exports.SwaggerTag = SwaggerTag;
 exports.getSwaggerMate = getSwaggerMate;