@safeaccess/inline 0.1.1 → 0.1.3

package/.gitattributes

@@ -1,4 +1,4 @@
-# Distribution archive ignore — files excluded from npm/archive downloads
+# Distribution archive ignore - files excluded from npm/archive downloads
 # Note: npm uses the `files` field in package.json for publish filtering.
 # These export-ignore rules apply to git archive and the split repo.
 

package/CHANGELOG.md

@@ -2,17 +2,35 @@
 
 All notable changes to the `@safeaccess/inline` JavaScript/TypeScript package are documented in this file.
 
-## [0.1.1](https://github.com/felipesauer/safeaccess-inline/compare/js-v0.1.0...js-v0.1.1) (2026-04-07)
+## [0.1.3](https://github.com/felipesauer/safeaccess-inline/compare/js-v0.1.2...js-v0.1.3) (2026-04-09)
 
 
-### Features
+### Bug Fixes
+
+* **js:** expose readonly extraForbiddenKeys on SecurityGuard for PHP parity ([2b428f6](https://github.com/felipesauer/safeaccess-inline/commit/2b428f6a1fef3607cb968ff18b52d8281158cc92))
+* **php:** correct array<string,mixed> type annotations and NdjsonAccessor integer key coercion ([7849f89](https://github.com/felipesauer/safeaccess-inline/commit/7849f89365bd5970738105ed3be9d2b58a15cd93))
+
+## [0.1.2](https://github.com/felipesauer/safeaccess-inline/compare/js-v0.1.1...js-v0.1.2) (2026-04-08)
+
+### Bug Fixes
 
-* **js:** bootstrap release tracking for rebranded package ([5fc07d7](https://github.com/felipesauer/safeaccess-inline/commit/5fc07d7126870d72145bbfc80609370c9d1509c7))
+- **js:** fix logo image URL in README ([16f4fc5](https://github.com/felipesauer/safeaccess-inline/commit/16f4fc5d69fa7ce86e3017bbbfc9f393925a5c37))
+
+### Internal Changes
+
+- **js:** expose `readonly extraForbiddenKeys` on `SecurityGuard` for parity with PHP (`public readonly array $extraForbiddenKeys`)
+- **js:** extract `ValidatableParserInterface` from `DotNotationParser` — `AbstractAccessor` now types its parser dependency against this contract instead of the concrete class
+- **js:** `SecurityGuard.sanitize()` handles nested arrays via a dedicated `sanitizeArray()` private method, matching the PHP `sanitizeRecursive` pattern
+
+## [0.1.1](https://github.com/felipesauer/safeaccess-inline/compare/js-v0.1.0...js-v0.1.1) (2026-04-07)
+
+### Features
 
+- **js:** bootstrap release tracking for rebranded package ([5fc07d7](https://github.com/felipesauer/safeaccess-inline/commit/5fc07d7126870d72145bbfc80609370c9d1509c7))
 
 ### Bug Fixes
 
-* **js:** add repository field for npm provenance validation ([b34cdef](https://github.com/felipesauer/safeaccess-inline/commit/b34cdeff01e7e7566921f04b11f33fbd391aa8d2))
+- **js:** add repository field for npm provenance validation ([b34cdef](https://github.com/felipesauer/safeaccess-inline/commit/b34cdeff01e7e7566921f04b11f33fbd391aa8d2))
 
 ## 0.1.0 (2026-04-07)
 
@@ -20,7 +38,7 @@ All notable changes to the `@safeaccess/inline` JavaScript/TypeScript package ar
 
 - **ci:** achieve 100% branch coverage on Vitest 4.x and fix docs-ci workflow ([#14](https://github.com/felipesauer/safeaccess-inline/issues/14)) ([11daf5a](https://github.com/felipesauer/safeaccess-inline/commit/11daf5aaa1ff1b901c8297921533485f1584a330))
 
-## [0.1.0] — 2026-04-06
+## [0.1.0] - 2026-04-06
 
 ### Features
 

package/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Felipe Sauer
+Copyright (c) 2026 Safe Access Inline
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/README.md

@@ -1,8 +1,8 @@
 <p align="center">
-  <img src="../../public/logo.svg" width="80" alt="safeaccess-inline logo">
+  <img src="https://raw.githubusercontent.com/felipesauer/safeaccess-inline/main/.github/assets/logo.svg" width="80" alt="safeaccess-inline logo">
 </p>
 
-<h1 align="center">Safe Access Inline — TypeScript</h1>
+<h1 align="center">Safe Access Inline - TypeScript</h1>
 
 <p align="center">
   <a href="https://www.npmjs.com/package/@safeaccess/inline"><img src="https://img.shields.io/npm/v/@safeaccess/inline?label=npm" alt="npm"></a>
@@ -11,7 +11,7 @@
 
 ---
 
-Safe nested data access with dot notation for JavaScript and TypeScript. Navigate deeply nested objects, JSON, YAML, XML, INI, ENV, and NDJSON structures — with built-in security validation, immutable writes, and a fluent builder API.
+Safe nested data access with dot notation for JavaScript and TypeScript. Navigate deeply nested arrays, objects, JSON, YAML, XML, INI, ENV, and NDJSON structures - with built-in security validation, immutable writes, and a fluent builder API.
 
 ## Installation
 
@@ -33,7 +33,7 @@ accessor.get('user.email', 'N/A'); // 'N/A' (default when missing)
 accessor.has('user.age'); // true
 accessor.getOrFail('user.name'); // 'Alice' (throws if missing)
 
-// Immutable writes — original is never modified
+// Immutable writes - original is never modified
 const updated = accessor.set('user.email', 'alice@example.com');
 updated.get('user.email'); // 'alice@example.com'
 accessor.has('user.email'); // false (original unchanged)
@@ -41,12 +41,14 @@ accessor.has('user.email'); // false (original unchanged)
 
 ## Dot Notation Syntax
 
-The TypeScript package supports dot-separated key access:
+### Basic Syntax
 
-| Syntax      | Example        | Description               |
-| ----------- | -------------- | ------------------------- |
-| `key.key`   | `user.name`    | Nested key access         |
-| `key.0.key` | `users.0.name` | Numeric key (array index) |
+| Syntax            | Example            | Description                     |
+| ----------------- | ------------------ | ------------------------------- |
+| `key.key`         | `user.name`        | Nested key access               |
+| `key.0.key`       | `users.0.name`     | Numeric key (array index)       |
+| `key\.with\.dots` | `config\.db\.host` | Escaped dots in key names       |
+| `$` or `$.path`   | `$.user.name`      | Optional root prefix (stripped) |
 
 ```typescript
 const data = Inline.fromJson('{"users": [{"name": "Alice"}, {"name": "Bob"}]}');
@@ -54,7 +56,46 @@ data.get('users.0.name'); // 'Alice'
 data.get('users.1.name'); // 'Bob'
 ```
 
-> **Note:** Advanced PathQuery features (wildcards, filters, slices, recursive descent, projections) are available in the PHP package only. See the [PHP README](../php/README.md#advanced-pathquery) for details.
+### Advanced PathQuery
+
+| Syntax          | Example             | Description                               |
+| --------------- | ------------------- | ----------------------------------------- |
+| `[0]`           | `users[0]`          | Bracket index access                      |
+| `*` or `[*]`    | `users.*`           | Wildcard - expand all children            |
+| `..key`         | `..name`            | Recursive descent - find key at any depth |
+| `..['a','b']`   | `..['name','age']`  | Multi-key recursive descent               |
+| `[0,1,2]`       | `users[0,1,2]`      | Multi-index selection                     |
+| `['a','b']`     | `['name','age']`    | Multi-key selection                       |
+| `[0:5]`         | `items[0:5]`        | Slice - indices 0 through 4               |
+| `[::2]`         | `items[::2]`        | Slice with step                           |
+| `[::-1]`        | `items[::-1]`       | Reverse slice                             |
+| `[?expr]`       | `users[?age>18]`    | Filter predicate expression               |
+| `.{fields}`     | `.{name, age}`      | Projection - select fields                |
+| `.{alias: src}` | `.{fullName: name}` | Aliased projection                        |
+
+### Filter Expressions
+
+```typescript
+const data = Inline.fromJson(`[
+    {"name": "Alice", "age": 25, "role": "admin"},
+    {"name": "Bob",   "age": 17, "role": "user"},
+    {"name": "Carol", "age": 30, "role": "admin"}
+]`);
+
+// Comparison: ==, !=, >, <, >=, <=
+data.get('[?age>18]'); // Alice and Carol
+
+// Logical: && and ||
+data.get('[?age>18 && role=="admin"]'); // Alice and Carol
+
+// Built-in functions: starts_with, contains, values
+data.get('[?starts_with(@.name, "A")]'); // Alice
+data.get('[?contains(@.name, "ob")]'); // Bob
+
+// Arithmetic in predicates: +, -, *, /
+const orders = Inline.fromJson('[{"price": 10, "qty": 5}, {"price": 3, "qty": 2}]');
+orders.get('[?@.price * @.qty > 20]'); // first order only
+```
 
 ## Supported Formats
 
@@ -110,7 +151,7 @@ accessor.get('database.host'); // 'localhost'
 <summary><strong>ENV (dotenv)</strong></summary>
 
 ```typescript
-const accessor = Inline.fromEnv('APP_NAME=MyApp\nDB_HOST=localhost');
+const accessor = Inline.fromEnv('APP_NAME=MyApp\nAPP_DEBUG=true\nDB_HOST=localhost');
 accessor.get('DB_HOST'); // 'localhost'
 ```
 
@@ -140,6 +181,20 @@ objAccessor.get('name'); // 'Alice'
 
 </details>
 
+<details>
+<summary><strong>Any (custom format via integration)</strong></summary>
+
+```typescript
+import { Inline } from '@safeaccess/inline';
+import type { ParseIntegrationInterface } from '@safeaccess/inline';
+
+// Requires implementing ParseIntegrationInterface
+const accessor = Inline.withParserIntegration(new MyCsvIntegration()).fromAny(csvString);
+accessor.get('0.column_name');
+```
+
+</details>
+
 <details>
 <summary><strong>Dynamic (by TypeFormat enum)</strong></summary>
 
@@ -173,13 +228,11 @@ accessor.getMany({
 }); // { 'a.b': 1, 'a.x': 'fallback' }
 accessor.getRaw(); // original JSON string
 
-// Write (immutable — every write returns a new instance)
-const updated = accessor.set('a.d', 3);
-const cleaned = updated.remove('a.c');
-const merged = cleaned.merge('a', { e: 4 });
-const full = merged.mergeAll({ f: 5 });
+// Write (immutable - every write returns a new instance)
+const updated = accessor.set('a.d', 3).remove('a.c').merge('a', { e: 4 }).mergeAll({ f: 5 });
+updated.all(); // { a: { b: 1, d: 3, e: 4 }, f: 5 }
 
-// Readonly mode — block all writes
+// Readonly mode - block all writes
 const readonly = accessor.readonly();
 readonly.get('a.b'); // 1 (reads work)
 readonly.set('a.b', 99); // throws ReadonlyViolationException
@@ -204,7 +257,7 @@ const accessor = Inline.withSecurityGuard(new SecurityGuard(512, ['secret']))
 | ------------------------------------ | ------------------------------------------------ |
 | `withSecurityGuard(guard)`           | Custom forbidden-key rules and depth limits      |
 | `withSecurityParser(parser)`         | Custom payload size and structural limits        |
-| `withPathCache(cache)`               | Custom path segment cache for repeated lookups   |
+| `withPathCache(cache)`               | Path segment cache for repeated lookups          |
 | `withParserIntegration(integration)` | Custom format parser for `fromAny()`             |
 | `withStrictMode(false)`              | Disable security validation (trusted input only) |
 
@@ -243,7 +296,7 @@ const accessor = Inline.withSecurityGuard(guard).fromJson(data);
 
 | Format | Protection                                       |
 | ------ | ------------------------------------------------ |
-| XML    | Rejects `<!DOCTYPE` — prevents XXE attacks       |
+| XML    | Rejects `<!DOCTYPE` - prevents XXE attacks       |
 | YAML   | Blocks unsafe tags, anchors, aliases, merge keys |
 | All    | Forbidden key validation on every parsed key     |
 
@@ -291,7 +344,7 @@ try {
 
 | Exception                    | Extends                  | When                                      |
 | ---------------------------- | ------------------------ | ----------------------------------------- |
-| `AccessorException`          | `Error`                  | Root — catch-all                          |
+| `AccessorException`          | `Error`                  | Root - catch-all                          |
 | `SecurityException`          | `AccessorException`      | Forbidden key, payload, structural limits |
 | `InvalidFormatException`     | `AccessorException`      | Malformed JSON, XML, INI, NDJSON          |
 | `YamlParseException`         | `InvalidFormatException` | Unsafe or malformed YAML                  |
@@ -315,6 +368,7 @@ const accessor = Inline.withStrictMode(false).fromJson(trustedPayload);
 
 ```typescript
 // Implement PathCacheInterface for repeated lookups
+const cacheMap = new Map();
 const cache: PathCacheInterface = {
     get: (path) => cacheMap.get(path) ?? null,
     set: (path, segments) => {
@@ -349,7 +403,7 @@ const accessor = Inline.withParserIntegration(csvIntegration).fromAny(csvString)
 
 ## API Reference
 
-### Facade: `Inline`
+### `Inline` Facade
 
 #### Static Factory Methods
 
@@ -400,6 +454,10 @@ const accessor = Inline.withParserIntegration(csvIntegration).fromAny(csvString)
 | `readonly(flag?)` | Block all writes           |
 | `strict(flag?)`   | Toggle security validation |
 
+#### TypeFormat Enum
+
+`Array` · `Object` · `Json` · `Xml` · `Yaml` · `Ini` · `Env` · `Ndjson` · `Any`
+
 ## Exports
 
 The package uses **named exports only** (no default exports). All public types are available from the main entry point:

package/dist/accessors/abstract-accessor.d.ts

@@ -1,13 +1,25 @@
 import type { AccessorsInterface } from '../contracts/accessors-interface.js';
-import { DotNotationParser } from '../core/dot-notation-parser.js';
+import type { ValidatableParserInterface } from '../contracts/validatable-parser-interface.js';
+/**
+ * Base accessor providing read, write, and lifecycle operations.
+ *
+ * Implements all AccessorsInterface methods with immutable copy
+ * semantics for writes, optional readonly enforcement, and strict mode
+ * for security validation on data ingestion.
+ *
+ * Subclasses must implement `parse()` to convert raw input into
+ * a normalized plain object.
+ *
+ * @api
+ */
 export declare abstract class AbstractAccessor implements AccessorsInterface {
-    protected readonly parser: DotNotationParser;
+    protected readonly parser: ValidatableParserInterface;
     /** @internal Mutable state grouped to allow O(1) shallow clone in mutations. */
     private _state;
     /**
      * @param parser - Dot-notation parser for path operations.
      */
-    constructor(parser: DotNotationParser);
+    constructor(parser: ValidatableParserInterface);
     /**
      * Convert raw input data into a normalized plain object.
      *
@@ -33,6 +45,8 @@ export declare abstract class AbstractAccessor implements AccessorsInterface {
      *
      * @param data - Raw input in the format expected by the accessor.
      * @returns Populated accessor instance.
+     * @throws {InvalidFormatException} When the raw input cannot be parsed.
+     * @throws {SecurityException} When payload exceeds size limit, data contains forbidden keys, or violates structural limits.
      */
     abstract from(data: unknown): this;
     /**
@@ -59,7 +73,7 @@ export declare abstract class AbstractAccessor implements AccessorsInterface {
      * Only use with fully trusted, application-controlled input.
      *
      * @example
-     * // Trust the input — skip all security checks
+     * // Trust the input - skip all security checks
      * const accessor = new JsonAccessor(parser).strict(false).from(trustedPayload);
      */
     strict(strict?: boolean): this;
@@ -159,19 +173,19 @@ export declare abstract class AbstractAccessor implements AccessorsInterface {
      */
     all(): Record<string, unknown>;
     /**
-     * Count elements at a path, or the root if undefined.
+     * Count elements at a path, or the root if null/undefined.
      *
-     * @param path - Dot-notation path, or undefined for root.
+     * @param path - Dot-notation path, or null/undefined for root.
      * @returns Number of elements.
      */
-    count(path?: string): number;
+    count(path?: string | null): number;
     /**
-     * Retrieve array keys at a path, or root keys if undefined.
+     * Retrieve array keys at a path, or root keys if null/undefined.
      *
-     * @param path - Dot-notation path, or undefined for root.
+     * @param path - Dot-notation path, or null/undefined for root.
      * @returns List of keys.
      */
-    keys(path?: string): string[];
+    keys(path?: string | null): string[];
     /**
      * Deep-merge an object into the value at a dot-notation path.
      *

package/dist/accessors/abstract-accessor.js

@@ -1,5 +1,17 @@
 import { PathNotFoundException } from '../exceptions/path-not-found-exception.js';
 import { ReadonlyViolationException } from '../exceptions/readonly-violation-exception.js';
+/**
+ * Base accessor providing read, write, and lifecycle operations.
+ *
+ * Implements all AccessorsInterface methods with immutable copy
+ * semantics for writes, optional readonly enforcement, and strict mode
+ * for security validation on data ingestion.
+ *
+ * Subclasses must implement `parse()` to convert raw input into
+ * a normalized plain object.
+ *
+ * @api
+ */
 export class AbstractAccessor {
     parser;
     /** @internal Mutable state grouped to allow O(1) shallow clone in mutations. */
@@ -68,7 +80,7 @@ export class AbstractAccessor {
      * Only use with fully trusted, application-controlled input.
      *
      * @example
-     * // Trust the input — skip all security checks
+     * // Trust the input - skip all security checks
      * const accessor = new JsonAccessor(parser).strict(false).from(trustedPayload);
      */
     strict(strict = true) {
@@ -133,7 +145,8 @@ export class AbstractAccessor {
      * @returns True if the path resolves to a value.
      */
     hasAt(segments) {
-        return this.parser.hasAt(this._state.data, segments);
+        const sentinel = Object.create(null);
+        return this.parser.getAt(this._state.data, segments, sentinel) !== sentinel;
     }
     /**
      * Set a value at a dot-notation path.
@@ -207,26 +220,26 @@ export class AbstractAccessor {
         return this._state.data;
     }
     /**
-     * Count elements at a path, or the root if undefined.
+     * Count elements at a path, or the root if null/undefined.
      *
-     * @param path - Dot-notation path, or undefined for root.
+     * @param path - Dot-notation path, or null/undefined for root.
      * @returns Number of elements.
      */
     count(path) {
-        const target = path !== undefined ? this.get(path, {}) : this._state.data;
+        const target = path != null ? this.get(path, {}) : this._state.data;
         if (typeof target === 'object' && target !== null) {
             return Object.keys(target).length;
         }
         return 0;
     }
     /**
-     * Retrieve array keys at a path, or root keys if undefined.
+     * Retrieve array keys at a path, or root keys if null/undefined.
      *
-     * @param path - Dot-notation path, or undefined for root.
+     * @param path - Dot-notation path, or null/undefined for root.
      * @returns List of keys.
      */
     keys(path) {
-        const target = path !== undefined ? this.get(path, {}) : this._state.data;
+        const target = path != null ? this.get(path, {}) : this._state.data;
         /* Stryker disable next-line ConditionalExpression -- equivalent: get() always returns an object-type value here; typeof check is a type guard only */
         if (typeof target === 'object' && target !== null) {
             return Object.keys(target);

package/dist/accessors/abstract-integration-accessor.d.ts

@@ -0,0 +1,22 @@
+import { AbstractAccessor } from './abstract-accessor.js';
+import type { ParseIntegrationInterface } from '../contracts/parse-integration-interface.js';
+import type { ValidatableParserInterface } from '../contracts/validatable-parser-interface.js';
+/**
+ * Base accessor with custom format integration support.
+ *
+ * Extends {@link AbstractAccessor} to inject a {@link ParseIntegrationInterface}
+ * for user-defined format detection and parsing. Used exclusively by
+ * {@link AnyAccessor} to handle arbitrary input formats.
+ *
+ * @internal
+ */
+export declare abstract class AbstractIntegrationAccessor extends AbstractAccessor {
+    protected readonly integration: ParseIntegrationInterface;
+    /**
+     * Create an accessor with parser and custom integration dependencies.
+     *
+     * @param parser - Dot-notation parser.
+     * @param integration - Custom format parser.
+     */
+    constructor(parser: ValidatableParserInterface, integration: ParseIntegrationInterface);
+}

package/dist/accessors/abstract-integration-accessor.js

@@ -0,0 +1,23 @@
+import { AbstractAccessor } from './abstract-accessor.js';
+/**
+ * Base accessor with custom format integration support.
+ *
+ * Extends {@link AbstractAccessor} to inject a {@link ParseIntegrationInterface}
+ * for user-defined format detection and parsing. Used exclusively by
+ * {@link AnyAccessor} to handle arbitrary input formats.
+ *
+ * @internal
+ */
+export class AbstractIntegrationAccessor extends AbstractAccessor {
+    integration;
+    /**
+     * Create an accessor with parser and custom integration dependencies.
+     *
+     * @param parser - Dot-notation parser.
+     * @param integration - Custom format parser.
+     */
+    constructor(parser, integration) {
+        super(parser);
+        this.integration = integration;
+    }
+}

package/dist/accessors/formats/any-accessor.d.ts

@@ -1,24 +1,25 @@
-import { AbstractAccessor } from '../abstract-accessor.js';
+import { AbstractIntegrationAccessor } from '../abstract-integration-accessor.js';
 import type { ParseIntegrationInterface } from '../../contracts/parse-integration-interface.js';
-import type { DotNotationParser } from '../../core/dot-notation-parser.js';
+import type { ValidatableParserInterface } from '../../contracts/validatable-parser-interface.js';
 /**
  * Accessor for arbitrary formats via a custom {@link ParseIntegrationInterface}.
  *
  * Delegates format detection and parsing to a user-provided integration.
  * Validates string payloads against security constraints before parsing.
  *
+ * @api
+ *
  * @example
  * const integration = new MyCsvIntegration();
  * const accessor = Inline.withParserIntegration(integration).fromAny(csvString);
  * accessor.get('0.name'); // first row, name column
  */
-export declare class AnyAccessor extends AbstractAccessor {
-    private readonly integration;
+export declare class AnyAccessor extends AbstractIntegrationAccessor {
     /**
      * @param parser      - Dot-notation parser with security configuration.
      * @param integration - Custom format parser for detecting and parsing input.
      */
-    constructor(parser: DotNotationParser, integration: ParseIntegrationInterface);
+    constructor(parser: ValidatableParserInterface, integration: ParseIntegrationInterface);
     /**
      * Hydrate from raw data via the custom integration.
      *
@@ -26,10 +27,11 @@ export declare class AnyAccessor extends AbstractAccessor {
      * @returns Populated accessor instance.
      * @throws {InvalidFormatException} When the integration rejects the format.
      * @throws {SecurityException} When string input violates payload-size limits.
+     *
+     * @example
+     * const accessor = new AnyAccessor(parser, integration).from(rawData);
      */
     from(data: unknown): this;
-    /**
-     * @internal
-     */
+    /** {@inheritDoc} */
     protected parse(raw: unknown): Record<string, unknown>;
 }

package/dist/accessors/formats/any-accessor.js

@@ -1,4 +1,4 @@
-import { AbstractAccessor } from '../abstract-accessor.js';
+import { AbstractIntegrationAccessor } from '../abstract-integration-accessor.js';
 import { InvalidFormatException } from '../../exceptions/invalid-format-exception.js';
 /**
  * Accessor for arbitrary formats via a custom {@link ParseIntegrationInterface}.
@@ -6,20 +6,20 @@ import { InvalidFormatException } from '../../exceptions/invalid-format-exceptio
  * Delegates format detection and parsing to a user-provided integration.
  * Validates string payloads against security constraints before parsing.
  *
+ * @api
+ *
  * @example
  * const integration = new MyCsvIntegration();
  * const accessor = Inline.withParserIntegration(integration).fromAny(csvString);
  * accessor.get('0.name'); // first row, name column
  */
-export class AnyAccessor extends AbstractAccessor {
-    integration;
+export class AnyAccessor extends AbstractIntegrationAccessor {
     /**
      * @param parser      - Dot-notation parser with security configuration.
      * @param integration - Custom format parser for detecting and parsing input.
      */
     constructor(parser, integration) {
-        super(parser);
-        this.integration = integration;
+        super(parser, integration);
     }
     /**
      * Hydrate from raw data via the custom integration.
@@ -28,6 +28,9 @@ export class AnyAccessor extends AbstractAccessor {
      * @returns Populated accessor instance.
      * @throws {InvalidFormatException} When the integration rejects the format.
      * @throws {SecurityException} When string input violates payload-size limits.
+     *
+     * @example
+     * const accessor = new AnyAccessor(parser, integration).from(rawData);
      */
     from(data) {
         if (!this.integration.assertFormat(data)) {
@@ -35,9 +38,7 @@ export class AnyAccessor extends AbstractAccessor {
         }
         return this.ingest(data);
     }
-    /**
-     * @internal
-     */
+    /** {@inheritDoc} */
     parse(raw) {
         return this.integration.parse(raw);
     }

package/dist/accessors/formats/array-accessor.d.ts

@@ -4,6 +4,8 @@ import { AbstractAccessor } from '../abstract-accessor.js';
  *
  * Accepts a plain object or array directly. No string parsing is involved.
  *
+ * @api
+ *
  * @example
  * const accessor = new ArrayAccessor(parser).from({ key: 'value' });
  * accessor.get('key'); // 'value'

package/dist/accessors/formats/array-accessor.js

@@ -5,6 +5,8 @@ import { InvalidFormatException } from '../../exceptions/invalid-format-exceptio
  *
  * Accepts a plain object or array directly. No string parsing is involved.
  *
+ * @api
+ *
  * @example
  * const accessor = new ArrayAccessor(parser).from({ key: 'value' });
  * accessor.get('key'); // 'value'

package/dist/accessors/formats/env-accessor.d.ts

@@ -5,6 +5,8 @@ import { AbstractAccessor } from '../abstract-accessor.js';
  * Parses KEY=VALUE lines, skipping comments (#) and blank lines.
  * Strips surrounding single and double quotes from values.
  *
+ * @api
+ *
  * @example
  * const accessor = new EnvAccessor(parser).from('DB_HOST=localhost\nDEBUG=true');
  * accessor.get('DB_HOST'); // 'localhost'

package/dist/accessors/formats/env-accessor.js

@@ -6,6 +6,8 @@ import { InvalidFormatException } from '../../exceptions/invalid-format-exceptio
  * Parses KEY=VALUE lines, skipping comments (#) and blank lines.
  * Strips surrounding single and double quotes from values.
  *
+ * @api
+ *
  * @example
  * const accessor = new EnvAccessor(parser).from('DB_HOST=localhost\nDEBUG=true');
  * accessor.get('DB_HOST'); // 'localhost'

package/dist/accessors/formats/ini-accessor.d.ts

@@ -5,6 +5,8 @@ import { AbstractAccessor } from '../abstract-accessor.js';
  * Parses sections (e.g. `[section]`) as nested keys.
  * Type inference: numeric strings become numbers, `true`/`false` become booleans.
  *
+ * @api
+ *
  * @example
  * const accessor = new IniAccessor(parser).from('[db]\nhost=localhost\nport=5432');
  * accessor.get('db.host'); // 'localhost'

package/dist/accessors/formats/ini-accessor.js

@@ -6,6 +6,8 @@ import { InvalidFormatException } from '../../exceptions/invalid-format-exceptio
  * Parses sections (e.g. `[section]`) as nested keys.
  * Type inference: numeric strings become numbers, `true`/`false` become booleans.
  *
+ * @api
+ *
  * @example
  * const accessor = new IniAccessor(parser).from('[db]\nhost=localhost\nport=5432');
  * accessor.get('db.host'); // 'localhost'

package/dist/accessors/formats/json-accessor.d.ts

@@ -4,6 +4,8 @@ import { AbstractAccessor } from '../abstract-accessor.js';
  *
  * Decodes JSON via `JSON.parse()`. Validates payload size before parsing.
  *
+ * @api
+ *
  * @example
  * const accessor = new JsonAccessor(parser).from('{"key":"value"}');
  * accessor.get('key'); // 'value'

package/dist/accessors/formats/json-accessor.js

@@ -5,6 +5,8 @@ import { InvalidFormatException } from '../../exceptions/invalid-format-exceptio
  *
  * Decodes JSON via `JSON.parse()`. Validates payload size before parsing.
  *
+ * @api
+ *
  * @example
  * const accessor = new JsonAccessor(parser).from('{"key":"value"}');
  * accessor.get('key'); // 'value'

package/dist/accessors/formats/ndjson-accessor.d.ts

@@ -5,6 +5,8 @@ import { AbstractAccessor } from '../abstract-accessor.js';
  * Parses each non-empty line as a standalone JSON object,
  * producing an indexed record of parsed entries.
  *
+ * @api
+ *
  * @example
  * const ndjson = '{"id":1}\n{"id":2}';
  * const accessor = new NdjsonAccessor(parser).from(ndjson);

package/dist/accessors/formats/ndjson-accessor.js

@@ -6,6 +6,8 @@ import { InvalidFormatException } from '../../exceptions/invalid-format-exceptio
  * Parses each non-empty line as a standalone JSON object,
  * producing an indexed record of parsed entries.
  *
+ * @api
+ *
  * @example
  * const ndjson = '{"id":1}\n{"id":2}';
  * const accessor = new NdjsonAccessor(parser).from(ndjson);