@safeaccess/inline 0.1.1 → 0.1.3

package/dist/exceptions/readonly-violation-exception.js

@@ -2,6 +2,10 @@ import { AccessorException } from './accessor-exception.js';
 /**
  * Thrown when a write operation is attempted on a readonly accessor.
  *
+ * @api
+ *
+ * @see AccessorException  Parent exception class.
+ *
  * @example
  * const accessor = Inline.fromJson('{}').readonly(true);
  * accessor.set('key', 'value'); // throws ReadonlyViolationException

package/dist/exceptions/security-exception.d.ts

@@ -6,6 +6,12 @@ import { AccessorException } from './accessor-exception.js';
  * methods, stream wrapper / protocol URI schemes, Node.js globals),
  * payload size violations, key-count limits, and depth limit violations.
  *
+ * @api
+ *
+ * @see AccessorException   Parent exception class.
+ * @see SecurityGuard       Validates keys against the forbidden list.
+ * @see SecurityParser      Enforces payload, depth, and key-count limits.
+ *
  * @example
  * throw new SecurityException("Forbidden key '__proto__' detected.");
  */

package/dist/exceptions/security-exception.js

@@ -6,6 +6,12 @@ import { AccessorException } from './accessor-exception.js';
  * methods, stream wrapper / protocol URI schemes, Node.js globals),
  * payload size violations, key-count limits, and depth limit violations.
  *
+ * @api
+ *
+ * @see AccessorException   Parent exception class.
+ * @see SecurityGuard       Validates keys against the forbidden list.
+ * @see SecurityParser      Enforces payload, depth, and key-count limits.
+ *
  * @example
  * throw new SecurityException("Forbidden key '__proto__' detected.");
  */

package/dist/exceptions/unsupported-type-exception.d.ts

@@ -2,6 +2,10 @@ import { AccessorException } from './accessor-exception.js';
 /**
  * Thrown when the requested format or TypeFormat value is not supported.
  *
+ * @api
+ *
+ * @see AccessorException  Parent exception class.
+ *
  * @example
  * throw new UnsupportedTypeException('TypeFormat.Csv is not supported.');
  */

package/dist/exceptions/unsupported-type-exception.js

@@ -2,6 +2,10 @@ import { AccessorException } from './accessor-exception.js';
 /**
  * Thrown when the requested format or TypeFormat value is not supported.
  *
+ * @api
+ *
+ * @see AccessorException  Parent exception class.
+ *
  * @example
  * throw new UnsupportedTypeException('TypeFormat.Csv is not supported.');
  */

package/dist/exceptions/yaml-parse-exception.d.ts

@@ -5,6 +5,10 @@ import { InvalidFormatException } from './invalid-format-exception.js';
  * Unsafe constructs include: tags (!! and !), anchors (&), aliases (*),
  * and merge keys (<<).
  *
+ * @api
+ *
+ * @see InvalidFormatException  Parent exception class.
+ *
  * @example
  * throw new YamlParseException('YAML anchors are not supported (line 3).');
  */

package/dist/exceptions/yaml-parse-exception.js

@@ -5,6 +5,10 @@ import { InvalidFormatException } from './invalid-format-exception.js';
  * Unsafe constructs include: tags (!! and !), anchors (&), aliases (*),
  * and merge keys (<<).
  *
+ * @api
+ *
+ * @see InvalidFormatException  Parent exception class.
+ *
  * @example
  * throw new YamlParseException('YAML anchors are not supported (line 3).');
  */

package/dist/index.js

@@ -15,7 +15,8 @@ export { EnvAccessor } from './accessors/formats/env-accessor.js';
 export { NdjsonAccessor } from './accessors/formats/ndjson-accessor.js';
 export { AnyAccessor } from './accessors/formats/any-accessor.js';
 // Core
-// NOTE: DotNotationParser is intentionally not exported — it is an internal component.
+// NOTE: DotNotationParser is intentionally not exported - it is an internal component.
+// Cache - SimplePathCache is @internal; consumers must use PathCacheInterface
 // Security
 export { SecurityGuard } from './security/security-guard.js';
 export { SecurityParser } from './security/security-parser.js';

package/dist/inline.d.ts

@@ -1,10 +1,10 @@
 import { TypeFormat } from './type-format.js';
-import { DotNotationParser } from './core/dot-notation-parser.js';
 import type { SecurityGuardInterface } from './contracts/security-guard-interface.js';
 import type { SecurityParserInterface } from './contracts/security-parser-interface.js';
 import type { AccessorsInterface } from './contracts/accessors-interface.js';
 import type { ParseIntegrationInterface } from './contracts/parse-integration-interface.js';
 import type { PathCacheInterface } from './contracts/path-cache-interface.js';
+import type { ValidatableParserInterface } from './contracts/validatable-parser-interface.js';
 import { ArrayAccessor } from './accessors/formats/array-accessor.js';
 import { ObjectAccessor } from './accessors/formats/object-accessor.js';
 import { JsonAccessor } from './accessors/formats/json-accessor.js';
@@ -14,6 +14,7 @@ import { IniAccessor } from './accessors/formats/ini-accessor.js';
 import { EnvAccessor } from './accessors/formats/env-accessor.js';
 import { NdjsonAccessor } from './accessors/formats/ndjson-accessor.js';
 import { AnyAccessor } from './accessors/formats/any-accessor.js';
+import { InlineBuilderAccessor } from './core/inline-builder-accessor.js';
 /**
  * Facade for creating typed data accessors fluently.
  *
@@ -21,6 +22,8 @@ import { AnyAccessor } from './accessors/formats/any-accessor.js';
  * Use the builder methods (`withSecurityGuard`, `withSecurityParser`) to
  * customize the security configuration before creating an accessor.
  *
+ * @api
+ *
  * @example
  * const accessor = Inline.fromJson('{"name":"Alice"}');
  * accessor.get('name'); // 'Alice'
@@ -29,60 +32,8 @@ import { AnyAccessor } from './accessors/formats/any-accessor.js';
  * const accessor = Inline.from(TypeFormat.Yaml, 'name: Alice');
  * accessor.get('name'); // 'Alice'
  */
-export declare class Inline {
-    private readonly guard;
-    private readonly secParser;
-    private readonly pathCache;
-    private readonly integration;
-    private readonly strictMode;
-    private constructor();
+export declare class Inline extends InlineBuilderAccessor {
     private static defaultInstance;
-    private makeParser;
-    /**
-     * Apply configured strict mode to a new accessor before hydration.
-     *
-     * @param accessor - Unhydrated accessor instance.
-     * @returns Same accessor with strict mode applied if configured.
-     */
-    private prepare;
-    /**
-     * Return a new Inline instance with a custom SecurityGuard, preserving other settings.
-     *
-     * @param guard - Custom security guard implementation.
-     * @returns New Inline builder instance.
-     */
-    withSecurityGuard(guard: SecurityGuardInterface): Inline;
-    /**
-     * Return a new Inline instance with a custom SecurityParser, preserving other settings.
-     *
-     * @param parser - Custom security parser implementation.
-     * @returns New Inline builder instance.
-     */
-    withSecurityParser(parser: SecurityParserInterface): Inline;
-    /**
-     * Return a new Inline instance with a custom path cache, preserving other settings.
-     *
-     * @param cache - Custom path cache implementation.
-     * @returns New Inline builder instance.
-     */
-    withPathCache(cache: PathCacheInterface): Inline;
-    /**
-     * Return a new Inline instance with a custom parser integration, preserving other settings.
-     *
-     * @param integration - Custom format integration implementation.
-     * @returns New Inline builder instance.
-     */
-    withParserIntegration(integration: ParseIntegrationInterface): Inline;
-    /**
-     * Return a new Inline instance with the given strict mode, preserving other settings.
-     *
-     * @param strict - Whether to enable strict security validation.
-     * @returns New Inline builder instance.
-     *
-     * @security Passing `false` disables all SecurityGuard and SecurityParser
-     * validation. Only use with fully trusted, application-controlled input.
-     */
-    withStrictMode(strict: boolean): Inline;
     /**
      * Return a new Inline instance with a custom SecurityGuard.
      *
@@ -174,6 +125,9 @@ export declare class Inline {
     /**
      * Create an XmlAccessor from an XML string.
      *
+     * Note: The PHP equivalent also accepts `\SimpleXMLElement`; JS only
+     * accepts raw XML strings (no pre-parsed equivalent exists in JS).
+     *
      * @param data - Raw XML string.
      * @returns Populated XmlAccessor instance.
      * @throws {InvalidFormatException} When the XML is malformed.
@@ -249,14 +203,19 @@ export declare class Inline {
     /**
      * Create a typed accessor by its constructor.
      *
+     * Note: The PHP equivalent accepts a class-string (FQCN) instead of a
+     * constructor reference, e.g. `Inline::make(JsonAccessor::class, $data)`.
+     *
      * @param AccessorConstructor - The accessor class to instantiate.
      * @param data                - Raw data to hydrate the accessor with.
      * @returns Populated accessor instance.
+     * @throws {InvalidFormatException} When the data does not match the accessor's expected format.
+     * @throws {SecurityException} When security constraints are violated.
      *
      * @example
      * Inline.make(JsonAccessor, '{"key":"value"}').get('key'); // 'value'
      */
-    make<T extends AccessorsInterface>(AccessorConstructor: new (parser: DotNotationParser) => T, data: unknown): T;
+    make<T extends AccessorsInterface>(AccessorConstructor: new (parser: ValidatableParserInterface) => T, data: unknown): T;
     /**
      * Create an accessor for the given TypeFormat and raw data.
      *
@@ -266,6 +225,9 @@ export declare class Inline {
      * @throws {InvalidFormatException} When the data is malformed for the target format.
      * @throws {SecurityException} When security constraints are violated.
      * @throws {UnsupportedTypeException} When the TypeFormat is not supported.
+     *
+     * @example
+     * Inline.from(TypeFormat.Json, '{"key":"value"}').get('key'); // 'value'
      */
     from(typeFormat: TypeFormat, data: unknown): AccessorsInterface;
     /**
@@ -305,6 +267,9 @@ export declare class Inline {
     /**
      * Create an XmlAccessor from an XML string.
      *
+     * Note: The PHP equivalent also accepts `\SimpleXMLElement`; JS only
+     * accepts raw XML strings (no pre-parsed equivalent exists in JS).
+     *
      * @param data - Raw XML string.
      * @returns Populated XmlAccessor instance.
      * @throws {InvalidFormatException} When the XML is malformed.
@@ -391,12 +356,17 @@ export declare class Inline {
     /**
      * Create a typed accessor by its constructor.
      *
+     * Note: The PHP equivalent accepts a class-string (FQCN) instead of a
+     * constructor reference, e.g. `Inline::make(JsonAccessor::class, $data)`.
+     *
      * @param AccessorConstructor - The accessor class to instantiate.
      * @param data                - Raw data to hydrate the accessor with.
      * @returns Populated accessor instance.
+     * @throws {InvalidFormatException} When the data does not match the accessor's expected format.
+     * @throws {SecurityException} When security constraints are violated.
      *
      * @example
      * Inline.make(JsonAccessor, '{"key":"value"}').get('key'); // 'value'
      */
-    static make<T extends AccessorsInterface>(AccessorConstructor: new (parser: DotNotationParser) => T, data: unknown): T;
+    static make<T extends AccessorsInterface>(AccessorConstructor: new (parser: ValidatableParserInterface) => T, data: unknown): T;
 }

package/dist/inline.js

@@ -1,19 +1,7 @@
 import { TypeFormat } from './type-format.js';
-import { DotNotationParser } from './core/dot-notation-parser.js';
-import { SecurityGuard } from './security/security-guard.js';
-import { SecurityParser } from './security/security-parser.js';
 import { AbstractAccessor } from './accessors/abstract-accessor.js';
-import { ArrayAccessor } from './accessors/formats/array-accessor.js';
-import { ObjectAccessor } from './accessors/formats/object-accessor.js';
-import { JsonAccessor } from './accessors/formats/json-accessor.js';
-import { XmlAccessor } from './accessors/formats/xml-accessor.js';
-import { YamlAccessor } from './accessors/formats/yaml-accessor.js';
-import { IniAccessor } from './accessors/formats/ini-accessor.js';
-import { EnvAccessor } from './accessors/formats/env-accessor.js';
-import { NdjsonAccessor } from './accessors/formats/ndjson-accessor.js';
-import { AnyAccessor } from './accessors/formats/any-accessor.js';
 import { UnsupportedTypeException } from './exceptions/unsupported-type-exception.js';
-import { InvalidFormatException } from './exceptions/invalid-format-exception.js';
+import { InlineBuilderAccessor } from './core/inline-builder-accessor.js';
 /**
  * Facade for creating typed data accessors fluently.
  *
@@ -21,6 +9,8 @@ import { InvalidFormatException } from './exceptions/invalid-format-exception.js
  * Use the builder methods (`withSecurityGuard`, `withSecurityParser`) to
  * customize the security configuration before creating an accessor.
  *
+ * @api
+ *
  * @example
  * const accessor = Inline.fromJson('{"name":"Alice"}');
  * accessor.get('name'); // 'Alice'
@@ -29,85 +19,11 @@ import { InvalidFormatException } from './exceptions/invalid-format-exception.js
  * const accessor = Inline.from(TypeFormat.Yaml, 'name: Alice');
  * accessor.get('name'); // 'Alice'
  */
-export class Inline {
-    guard;
-    secParser;
-    pathCache;
-    integration;
-    strictMode;
-    constructor(guard, secParser, pathCache = null, integration = null, strictMode = null) {
-        this.guard = guard;
-        this.secParser = secParser;
-        this.pathCache = pathCache;
-        this.integration = integration;
-        this.strictMode = strictMode;
-    }
+export class Inline extends InlineBuilderAccessor {
     static defaultInstance() {
-        return new Inline(new SecurityGuard(), new SecurityParser());
-    }
-    makeParser() {
-        return new DotNotationParser(this.guard, this.secParser, this.pathCache ?? undefined);
-    }
-    /**
-     * Apply configured strict mode to a new accessor before hydration.
-     *
-     * @param accessor - Unhydrated accessor instance.
-     * @returns Same accessor with strict mode applied if configured.
-     */
-    prepare(accessor) {
-        if (this.strictMode !== null) {
-            return accessor.strict(this.strictMode);
-        }
-        return accessor;
-    }
-    /**
-     * Return a new Inline instance with a custom SecurityGuard, preserving other settings.
-     *
-     * @param guard - Custom security guard implementation.
-     * @returns New Inline builder instance.
-     */
-    withSecurityGuard(guard) {
-        return new Inline(guard, this.secParser, this.pathCache, this.integration, this.strictMode);
-    }
-    /**
-     * Return a new Inline instance with a custom SecurityParser, preserving other settings.
-     *
-     * @param parser - Custom security parser implementation.
-     * @returns New Inline builder instance.
-     */
-    withSecurityParser(parser) {
-        return new Inline(this.guard, parser, this.pathCache, this.integration, this.strictMode);
-    }
-    /**
-     * Return a new Inline instance with a custom path cache, preserving other settings.
-     *
-     * @param cache - Custom path cache implementation.
-     * @returns New Inline builder instance.
-     */
-    withPathCache(cache) {
-        return new Inline(this.guard, this.secParser, cache, this.integration, this.strictMode);
-    }
-    /**
-     * Return a new Inline instance with a custom parser integration, preserving other settings.
-     *
-     * @param integration - Custom format integration implementation.
-     * @returns New Inline builder instance.
-     */
-    withParserIntegration(integration) {
-        return new Inline(this.guard, this.secParser, this.pathCache, integration, this.strictMode);
-    }
-    /**
-     * Return a new Inline instance with the given strict mode, preserving other settings.
-     *
-     * @param strict - Whether to enable strict security validation.
-     * @returns New Inline builder instance.
-     *
-     * @security Passing `false` disables all SecurityGuard and SecurityParser
-     * validation. Only use with fully trusted, application-controlled input.
-     */
-    withStrictMode(strict) {
-        return new Inline(this.guard, this.secParser, this.pathCache, this.integration, strict);
+        return new Inline();
     }
+    // ── Instance factory methods ──────────────────────────────────────
     /**
      * Return a new Inline instance with a custom SecurityGuard.
      *
@@ -118,7 +34,7 @@ export class Inline {
      * Inline.withSecurityGuard(new SecurityGuard(10, ['extraKey'])).fromJson('{}');
      */
     static withSecurityGuard(guard) {
-        return new Inline(guard, new SecurityParser());
+        return new Inline(guard);
     }
     /**
      * Return a new Inline instance with a custom SecurityParser.
@@ -130,7 +46,7 @@ export class Inline {
      * Inline.withSecurityParser(new SecurityParser({ maxDepth: 10 })).fromJson('{}');
      */
     static withSecurityParser(parser) {
-        return new Inline(new SecurityGuard(), parser);
+        return new Inline(undefined, parser);
     }
     /**
      * Return a new Inline instance with a custom path cache.
@@ -143,7 +59,7 @@ export class Inline {
      * Inline.withPathCache(cache).fromJson('{"key":"value"}');
      */
     static withPathCache(cache) {
-        return new Inline(new SecurityGuard(), new SecurityParser(), cache);
+        return new Inline(undefined, undefined, cache);
     }
     /**
      * Return a new Inline instance with a custom parser integration for `fromAny()`.
@@ -155,7 +71,7 @@ export class Inline {
      * Inline.withParserIntegration(new MyCsvIntegration()).fromAny(csvString);
      */
     static withParserIntegration(integration) {
-        return new Inline(new SecurityGuard(), new SecurityParser(), null, integration);
+        return new Inline(undefined, undefined, null, integration);
     }
     /**
      * Return a new Inline instance with the given strict mode.
@@ -170,7 +86,7 @@ export class Inline {
      * Inline.withStrictMode(false).fromJson(hugePayload).get('key');
      */
     static withStrictMode(strict) {
-        return new Inline(new SecurityGuard(), new SecurityParser(), null, null, strict);
+        return new Inline(undefined, undefined, null, null, strict);
     }
     /**
      * Create an ArrayAccessor from a plain object or array.
@@ -183,7 +99,7 @@ export class Inline {
      * inline.fromArray({ name: 'Alice' }).get('name'); // 'Alice'
      */
     fromArray(data) {
-        return this.prepare(new ArrayAccessor(this.makeParser())).from(data);
+        return this.builder().array(data);
     }
     /**
      * Create an ObjectAccessor from a JavaScript object.
@@ -196,7 +112,7 @@ export class Inline {
      * inline.fromObject({ user: { name: 'Alice' } }).get('user.name');
      */
     fromObject(data) {
-        return this.prepare(new ObjectAccessor(this.makeParser())).from(data);
+        return this.builder().object(data);
     }
     /**
      * Create a JsonAccessor from a JSON string.
@@ -210,11 +126,14 @@ export class Inline {
      * inline.fromJson('{"key":"value"}').get('key'); // 'value'
      */
     fromJson(data) {
-        return this.prepare(new JsonAccessor(this.makeParser())).from(data);
+        return this.builder().json(data);
     }
     /**
      * Create an XmlAccessor from an XML string.
      *
+     * Note: The PHP equivalent also accepts `\SimpleXMLElement`; JS only
+     * accepts raw XML strings (no pre-parsed equivalent exists in JS).
+     *
      * @param data - Raw XML string.
      * @returns Populated XmlAccessor instance.
      * @throws {InvalidFormatException} When the XML is malformed.
@@ -224,7 +143,7 @@ export class Inline {
      * inline.fromXml('<root><key>value</key></root>').get('key');
      */
     fromXml(data) {
-        return this.prepare(new XmlAccessor(this.makeParser())).from(data);
+        return this.builder().xml(data);
     }
     /**
      * Create a YamlAccessor from a YAML string.
@@ -238,7 +157,7 @@ export class Inline {
      * inline.fromYaml('name: Alice').get('name'); // 'Alice'
      */
     fromYaml(data) {
-        return this.prepare(new YamlAccessor(this.makeParser())).from(data);
+        return this.builder().yaml(data);
     }
     /**
      * Create an IniAccessor from an INI string.
@@ -252,7 +171,7 @@ export class Inline {
      * inline.fromIni('[section]\nkey=value').get('section.key'); // 'value'
      */
     fromIni(data) {
-        return this.prepare(new IniAccessor(this.makeParser())).from(data);
+        return this.builder().ini(data);
     }
     /**
      * Create an EnvAccessor from a dotenv-formatted string.
@@ -265,7 +184,7 @@ export class Inline {
      * inline.fromEnv('APP_NAME=MyApp').get('APP_NAME'); // 'MyApp'
      */
     fromEnv(data) {
-        return this.prepare(new EnvAccessor(this.makeParser())).from(data);
+        return this.builder().env(data);
     }
     /**
      * Create an NdjsonAccessor from a newline-delimited JSON string.
@@ -279,7 +198,7 @@ export class Inline {
      * inline.fromNdjson('{"id":1}\n{"id":2}').get('0.id'); // 1
      */
     fromNdjson(data) {
-        return this.prepare(new NdjsonAccessor(this.makeParser())).from(data);
+        return this.builder().ndjson(data);
     }
     /**
      * Create an AnyAccessor from raw data using a custom integration.
@@ -297,26 +216,28 @@ export class Inline {
      * Inline.withParserIntegration(new CsvIntegration()).fromAny(csvString);
      */
     fromAny(data, integration) {
-        const resolved = integration ?? this.integration;
-        if (resolved === null) {
-            throw new InvalidFormatException('AnyAccessor requires a ParseIntegrationInterface — use Inline.withParserIntegration(integration).fromAny(data).');
-        }
-        return this.prepare(new AnyAccessor(this.makeParser(), resolved)).from(data);
+        return this.builder().any(data, integration);
     }
     /**
      * Create a typed accessor by its constructor.
      *
+     * Note: The PHP equivalent accepts a class-string (FQCN) instead of a
+     * constructor reference, e.g. `Inline::make(JsonAccessor::class, $data)`.
+     *
      * @param AccessorConstructor - The accessor class to instantiate.
      * @param data                - Raw data to hydrate the accessor with.
      * @returns Populated accessor instance.
+     * @throws {InvalidFormatException} When the data does not match the accessor's expected format.
+     * @throws {SecurityException} When security constraints are violated.
      *
      * @example
      * Inline.make(JsonAccessor, '{"key":"value"}').get('key'); // 'value'
      */
     make(AccessorConstructor, data) {
-        const accessor = new AccessorConstructor(this.makeParser());
-        if (this.strictMode !== null && accessor instanceof AbstractAccessor) {
-            return accessor.strict(this.strictMode).from(data);
+        const factory = this.builder();
+        const accessor = new AccessorConstructor(factory.getParser());
+        if (this._strictMode !== null && accessor instanceof AbstractAccessor) {
+            return accessor.strict(this._strictMode).from(data);
         }
         return accessor.from(data);
     }
@@ -329,6 +250,9 @@ export class Inline {
      * @throws {InvalidFormatException} When the data is malformed for the target format.
      * @throws {SecurityException} When security constraints are violated.
      * @throws {UnsupportedTypeException} When the TypeFormat is not supported.
+     *
+     * @example
+     * Inline.from(TypeFormat.Json, '{"key":"value"}').get('key'); // 'value'
      */
     from(typeFormat, data) {
         switch (typeFormat) {
@@ -399,6 +323,9 @@ export class Inline {
     /**
      * Create an XmlAccessor from an XML string.
      *
+     * Note: The PHP equivalent also accepts `\SimpleXMLElement`; JS only
+     * accepts raw XML strings (no pre-parsed equivalent exists in JS).
+     *
      * @param data - Raw XML string.
      * @returns Populated XmlAccessor instance.
      * @throws {InvalidFormatException} When the XML is malformed.
@@ -499,9 +426,14 @@ export class Inline {
     /**
      * Create a typed accessor by its constructor.
      *
+     * Note: The PHP equivalent accepts a class-string (FQCN) instead of a
+     * constructor reference, e.g. `Inline::make(JsonAccessor::class, $data)`.
+     *
      * @param AccessorConstructor - The accessor class to instantiate.
      * @param data                - Raw data to hydrate the accessor with.
      * @returns Populated accessor instance.
+     * @throws {InvalidFormatException} When the data does not match the accessor's expected format.
+     * @throws {SecurityException} When security constraints are violated.
      *
      * @example
      * Inline.make(JsonAccessor, '{"key":"value"}').get('key'); // 'value'

package/dist/parser/xml-parser.js

@@ -21,9 +21,7 @@ export class XmlParser {
      */
     constructor(maxDepth, maxElements = 10_000) {
         this.maxDepth = maxDepth;
-        this.maxElements = Number.isFinite(maxElements) && maxElements >= 1
-            ? maxElements
-            : 10_000;
+        this.maxElements = Number.isFinite(maxElements) && maxElements >= 1 ? maxElements : 10_000;
     }
     /**
      * Parse an XML body into a plain object using the best available parser.
@@ -97,7 +95,7 @@ export class XmlParser {
     parseXmlManual(xml) {
         const stripped = xml.replace(/<\?xml[^?]*\?>/i, '').trim();
         // Bound parser complexity before the linear inner-content scan: count opening
-        // tags as a document-complexity proxy. This is a defence-in-depth limit —
+        // tags as a document-complexity proxy. This is a defence-in-depth limit -
         // the linear scanner below is already O(n), but bounding element count also
         // caps the total number of recursive parseXmlChildren calls.
         // Browser environments (DOMParser) are unaffected.
@@ -142,9 +140,10 @@ export class XmlParser {
             throw new InvalidFormatException('XmlAccessor failed to parse XML string.');
         }
         // Walk backward from the final '>' to locate the closing tag for this root element.
-        // This is O(tagNameLen) — the tag name is typically short and always bounded.
+        // This is O(tagNameLen) - the tag name is typically short and always bounded.
         let pos = doc.length - 2;
-        while (pos >= 0 && (doc[pos] === ' ' || doc[pos] === '\t' || doc[pos] === '\n' || doc[pos] === '\r')) {
+        while (pos >= 0 &&
+            (doc[pos] === ' ' || doc[pos] === '\t' || doc[pos] === '\n' || doc[pos] === '\r')) {
             pos--;
         }
         // pos must point to the last char of the root tag name.
@@ -218,7 +217,12 @@ export class XmlParser {
                     break;
                 if (content.startsWith(closeTag, nextLt)) {
                     const c = content[nextLt + closeTag.length];
-                    if (c === '>' || c === ' ' || c === '\t' || c === '\n' || c === '\r' || c === undefined) {
+                    if (c === '>' ||
+                        c === ' ' ||
+                        c === '\t' ||
+                        c === '\n' ||
+                        c === '\r' ||
+                        c === undefined) {
                         nestDepth--;
                         if (nestDepth === 0) {
                             innerEnd = nextLt;
@@ -232,9 +236,18 @@ export class XmlParser {
                 }
                 if (content.startsWith(openPrefix, nextLt)) {
                     const c = content[nextLt + openPrefix.length];
-                    if (c === '>' || c === ' ' || c === '\t' || c === '\n' || c === '\r' || c === '/') {
+                    if (c === '>' ||
+                        c === ' ' ||
+                        c === '\t' ||
+                        c === '\n' ||
+                        c === '\r' ||
+                        c === '/') {
                         const ogt = content.indexOf('>', nextLt + openPrefix.length);
-                        if (ogt !== -1 && !content.slice(nextLt + openPrefix.length, ogt).trimEnd().endsWith('/')) {
+                        if (ogt !== -1 &&
+                            !content
+                                .slice(nextLt + openPrefix.length, ogt)
+                                .trimEnd()
+                                .endsWith('/')) {
                             nestDepth++;
                         }
                     }
@@ -242,7 +255,7 @@ export class XmlParser {
                 pos = nextLt + 1;
             }
             if (innerEnd === -1) {
-                // Unclosed or malformed tag — skip past the opening tag
+                // Unclosed or malformed tag - skip past the opening tag
                 i = gt + 1;
                 continue;
             }