@scalar/openapi-types 0.3.6 → 0.3.7

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @scalar/openapi-types
 
+## 0.3.7
+
+### Patch Changes
+
+- ccf875a: feat: support x-scalar-credentials-location extension
+
 ## 0.3.6
 
 ### Patch Changes

package/dist/schemas/3.1/processed/runtime-expression.js

@@ -21,11 +21,11 @@ const validatePureExpression = (value) => {
     return true;
   }
   const [mainPart, jsonPointer] = expression.split("#");
-  const [source, type, ...rest] = mainPart.split(".");
-  if (!["request", "response"].includes(source)) {
+  const [source, type, ...rest] = mainPart?.split(".") ?? [];
+  if (!["request", "response"].includes(source ?? "")) {
     return false;
   }
-  if (!["header", "query", "path", "body"].includes(type)) {
+  if (!["header", "query", "path", "body"].includes(type ?? "")) {
     return false;
   }
   if (type === "body") {

package/dist/schemas/3.1/processed/runtime-expression.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/schemas/3.1/processed/runtime-expression.ts"],
-  "sourcesContent": ["import { z } from 'zod'\n\n// Helper for validating the expression syntax\nconst isValidRuntimeExpression = (value: string): boolean => {\n  // Handle pure runtime expressions starting with $\n  if (value.startsWith('$')) {\n    return validatePureExpression(value)\n  }\n\n  // Handle embedded expressions in strings\n  if (value.includes('{')) {\n    // Extract all expressions within curly braces\n    const expressions = value.match(/\\{([^}]+)\\}/g)\n    if (!expressions) {\n      return false\n    }\n\n    // Validate each embedded expression\n    return expressions.every((expr) => {\n      // Remove curly braces and validate the inner expression\n      const innerExpr = expr.slice(1, -1)\n      return validatePureExpression(innerExpr)\n    })\n  }\n\n  return false\n}\n\n// Helper to validate a pure runtime expression (without curly braces)\nconst validatePureExpression = (value: string): boolean => {\n  // Remove $ prefix if present\n  const expression = value.startsWith('$') ? value.slice(1) : value\n\n  // Basic expressions without references\n  if (['method', 'url', 'statusCode'].includes(expression)) {\n    return true\n  }\n\n  // First split on # to separate the JSON pointer if it exists\n  const [mainPart, jsonPointer] = expression.split('#')\n\n  // Request and response references\n  const [source, type, ...rest] = mainPart.split('.')\n\n  if (!['request', 'response'].includes(source)) {\n    return false\n  }\n\n  if (!['header', 'query', 'path', 'body'].includes(type)) {\n    return false\n  }\n\n  // For body references, validate JSON pointer syntax\n  if (type === 'body') {\n    if (jsonPointer === undefined) {\n      return false\n    }\n\n    // Empty pointer ('') and root pointer ('/') are valid\n    if (jsonPointer === '' || jsonPointer === '/') {\n      return true\n    }\n\n    // For other pointers, validate the path\n    if (!jsonPointer.startsWith('/')) {\n      return false\n    }\n\n    // Split on / and validate each segment\n    const segments = jsonPointer.slice(1).split('/')\n\n    return segments.every((segment) => {\n      // Decode any JSON Pointer escape sequences\n      const decoded = segment.replace(/~1/g, '/').replace(/~0/g, '~')\n\n      // Segment must not be empty unless it's the last one\n      return decoded.length > 0\n    })\n  }\n\n  // For header references, validate header name\n  if (type === 'header') {\n    // Header names cannot contain spaces\n    const headerName = rest.join('.')\n    return !headerName.includes(' ')\n  }\n\n  // For other types (query, path), ensure there's a field name\n  return rest.length === 1\n}\n\n/**\n * Runtime Expression Schema\n *\n * Runtime expressions allow defining values based on information that will only be available within the HTTP message in\n * an actual API call. This mechanism is used by Link Objects and Callback Objects.\n *\n * Expressions can be:\n * 1. Pure runtime expressions starting with $ (e.g. $method, $request.path.id)\n * 2. Embedded expressions in strings using curly braces (e.g. \"Hello {$request.body#/name}!\")\n *\n * @see https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.1.md#runtime-expressions\n */\nexport const RuntimeExpressionSchema = z.string().refine(isValidRuntimeExpression, (value) => ({\n  message: `Invalid runtime expression: \"${value}\". Runtime expressions must:\n  - Start with $ or contain expressions in curly braces {}\n  - Use one of: $method, $url, $statusCode\n  - Or follow pattern: $request|response.(header|query|path|body)\n  - For body refs, include valid JSON pointer (e.g. #/user/id)\n  - For headers, use valid header names without spaces\n  Example valid expressions:\n  - Pure: $method, $request.path.id, $response.body#/status\n  - Embedded: \"Hello {$request.body#/name}!\", \"Status: {$statusCode}\"`,\n}))\n"],
-  "mappings": "AAAA,SAAS,SAAS;AAGlB,MAAM,2BAA2B,CAAC,UAA2B;AAE3D,MAAI,MAAM,WAAW,GAAG,GAAG;AACzB,WAAO,uBAAuB,KAAK;AAAA,EACrC;AAGA,MAAI,MAAM,SAAS,GAAG,GAAG;AAEvB,UAAM,cAAc,MAAM,MAAM,cAAc;AAC9C,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,IACT;AAGA,WAAO,YAAY,MAAM,CAAC,SAAS;AAEjC,YAAM,YAAY,KAAK,MAAM,GAAG,EAAE;AAClC,aAAO,uBAAuB,SAAS;AAAA,IACzC,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAGA,MAAM,yBAAyB,CAAC,UAA2B;AAEzD,QAAM,aAAa,MAAM,WAAW,GAAG,IAAI,MAAM,MAAM,CAAC,IAAI;AAG5D,MAAI,CAAC,UAAU,OAAO,YAAY,EAAE,SAAS,UAAU,GAAG;AACxD,WAAO;AAAA,EACT;AAGA,QAAM,CAAC,UAAU,WAAW,IAAI,WAAW,MAAM,GAAG;AAGpD,QAAM,CAAC,QAAQ,MAAM,GAAG,IAAI,IAAI,SAAS,MAAM,GAAG;AAElD,MAAI,CAAC,CAAC,WAAW,UAAU,EAAE,SAAS,MAAM,GAAG;AAC7C,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,CAAC,UAAU,SAAS,QAAQ,MAAM,EAAE,SAAS,IAAI,GAAG;AACvD,WAAO;AAAA,EACT;AAGA,MAAI,SAAS,QAAQ;AACnB,QAAI,gBAAgB,QAAW;AAC7B,aAAO;AAAA,IACT;AAGA,QAAI,gBAAgB,MAAM,gBAAgB,KAAK;AAC7C,aAAO;AAAA,IACT;AAGA,QAAI,CAAC,YAAY,WAAW,GAAG,GAAG;AAChC,aAAO;AAAA,IACT;AAGA,UAAM,WAAW,YAAY,MAAM,CAAC,EAAE,MAAM,GAAG;AAE/C,WAAO,SAAS,MAAM,CAAC,YAAY;AAEjC,YAAM,UAAU,QAAQ,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG;AAG9D,aAAO,QAAQ,SAAS;AAAA,IAC1B,CAAC;AAAA,EACH;AAGA,MAAI,SAAS,UAAU;AAErB,UAAM,aAAa,KAAK,KAAK,GAAG;AAChC,WAAO,CAAC,WAAW,SAAS,GAAG;AAAA,EACjC;AAGA,SAAO,KAAK,WAAW;AACzB;AAcO,MAAM,0BAA0B,EAAE,OAAO,EAAE,OAAO,0BAA0B,CAAC,WAAW;AAAA,EAC7F,SAAS,gCAAgC,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAShD,EAAE;",
+  "sourcesContent": ["import { z } from 'zod'\n\n// Helper for validating the expression syntax\nconst isValidRuntimeExpression = (value: string): boolean => {\n  // Handle pure runtime expressions starting with $\n  if (value.startsWith('$')) {\n    return validatePureExpression(value)\n  }\n\n  // Handle embedded expressions in strings\n  if (value.includes('{')) {\n    // Extract all expressions within curly braces\n    const expressions = value.match(/\\{([^}]+)\\}/g)\n    if (!expressions) {\n      return false\n    }\n\n    // Validate each embedded expression\n    return expressions.every((expr) => {\n      // Remove curly braces and validate the inner expression\n      const innerExpr = expr.slice(1, -1)\n      return validatePureExpression(innerExpr)\n    })\n  }\n\n  return false\n}\n\n// Helper to validate a pure runtime expression (without curly braces)\nconst validatePureExpression = (value: string): boolean => {\n  // Remove $ prefix if present\n  const expression = value.startsWith('$') ? value.slice(1) : value\n\n  // Basic expressions without references\n  if (['method', 'url', 'statusCode'].includes(expression)) {\n    return true\n  }\n\n  // First split on # to separate the JSON pointer if it exists\n  const [mainPart, jsonPointer] = expression.split('#')\n\n  // Request and response references\n  const [source, type, ...rest] = mainPart?.split('.') ?? []\n\n  if (!['request', 'response'].includes(source ?? '')) {\n    return false\n  }\n\n  if (!['header', 'query', 'path', 'body'].includes(type ?? '')) {\n    return false\n  }\n\n  // For body references, validate JSON pointer syntax\n  if (type === 'body') {\n    if (jsonPointer === undefined) {\n      return false\n    }\n\n    // Empty pointer ('') and root pointer ('/') are valid\n    if (jsonPointer === '' || jsonPointer === '/') {\n      return true\n    }\n\n    // For other pointers, validate the path\n    if (!jsonPointer.startsWith('/')) {\n      return false\n    }\n\n    // Split on / and validate each segment\n    const segments = jsonPointer.slice(1).split('/')\n\n    return segments.every((segment) => {\n      // Decode any JSON Pointer escape sequences\n      const decoded = segment.replace(/~1/g, '/').replace(/~0/g, '~')\n\n      // Segment must not be empty unless it's the last one\n      return decoded.length > 0\n    })\n  }\n\n  // For header references, validate header name\n  if (type === 'header') {\n    // Header names cannot contain spaces\n    const headerName = rest.join('.')\n    return !headerName.includes(' ')\n  }\n\n  // For other types (query, path), ensure there's a field name\n  return rest.length === 1\n}\n\n/**\n * Runtime Expression Schema\n *\n * Runtime expressions allow defining values based on information that will only be available within the HTTP message in\n * an actual API call. This mechanism is used by Link Objects and Callback Objects.\n *\n * Expressions can be:\n * 1. Pure runtime expressions starting with $ (e.g. $method, $request.path.id)\n * 2. Embedded expressions in strings using curly braces (e.g. \"Hello {$request.body#/name}!\")\n *\n * @see https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.1.md#runtime-expressions\n */\nexport const RuntimeExpressionSchema = z.string().refine(isValidRuntimeExpression, (value) => ({\n  message: `Invalid runtime expression: \"${value}\". Runtime expressions must:\n  - Start with $ or contain expressions in curly braces {}\n  - Use one of: $method, $url, $statusCode\n  - Or follow pattern: $request|response.(header|query|path|body)\n  - For body refs, include valid JSON pointer (e.g. #/user/id)\n  - For headers, use valid header names without spaces\n  Example valid expressions:\n  - Pure: $method, $request.path.id, $response.body#/status\n  - Embedded: \"Hello {$request.body#/name}!\", \"Status: {$statusCode}\"`,\n}))\n"],
+  "mappings": "AAAA,SAAS,SAAS;AAGlB,MAAM,2BAA2B,CAAC,UAA2B;AAE3D,MAAI,MAAM,WAAW,GAAG,GAAG;AACzB,WAAO,uBAAuB,KAAK;AAAA,EACrC;AAGA,MAAI,MAAM,SAAS,GAAG,GAAG;AAEvB,UAAM,cAAc,MAAM,MAAM,cAAc;AAC9C,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,IACT;AAGA,WAAO,YAAY,MAAM,CAAC,SAAS;AAEjC,YAAM,YAAY,KAAK,MAAM,GAAG,EAAE;AAClC,aAAO,uBAAuB,SAAS;AAAA,IACzC,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAGA,MAAM,yBAAyB,CAAC,UAA2B;AAEzD,QAAM,aAAa,MAAM,WAAW,GAAG,IAAI,MAAM,MAAM,CAAC,IAAI;AAG5D,MAAI,CAAC,UAAU,OAAO,YAAY,EAAE,SAAS,UAAU,GAAG;AACxD,WAAO;AAAA,EACT;AAGA,QAAM,CAAC,UAAU,WAAW,IAAI,WAAW,MAAM,GAAG;AAGpD,QAAM,CAAC,QAAQ,MAAM,GAAG,IAAI,IAAI,UAAU,MAAM,GAAG,KAAK,CAAC;AAEzD,MAAI,CAAC,CAAC,WAAW,UAAU,EAAE,SAAS,UAAU,EAAE,GAAG;AACnD,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,CAAC,UAAU,SAAS,QAAQ,MAAM,EAAE,SAAS,QAAQ,EAAE,GAAG;AAC7D,WAAO;AAAA,EACT;AAGA,MAAI,SAAS,QAAQ;AACnB,QAAI,gBAAgB,QAAW;AAC7B,aAAO;AAAA,IACT;AAGA,QAAI,gBAAgB,MAAM,gBAAgB,KAAK;AAC7C,aAAO;AAAA,IACT;AAGA,QAAI,CAAC,YAAY,WAAW,GAAG,GAAG;AAChC,aAAO;AAAA,IACT;AAGA,UAAM,WAAW,YAAY,MAAM,CAAC,EAAE,MAAM,GAAG;AAE/C,WAAO,SAAS,MAAM,CAAC,YAAY;AAEjC,YAAM,UAAU,QAAQ,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG;AAG9D,aAAO,QAAQ,SAAS;AAAA,IAC1B,CAAC;AAAA,EACH;AAGA,MAAI,SAAS,UAAU;AAErB,UAAM,aAAa,KAAK,KAAK,GAAG;AAChC,WAAO,CAAC,WAAW,SAAS,GAAG;AAAA,EACjC;AAGA,SAAO,KAAK,WAAW;AACzB;AAcO,MAAM,0BAA0B,EAAE,OAAO,EAAE,OAAO,0BAA0B,CAAC,WAAW;AAAA,EAC7F,SAAS,gCAAgC,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAShD,EAAE;",
   "names": []
 }

package/dist/schemas/extensions/x-scalar-credentials-location.d.ts

@@ -0,0 +1,22 @@
+import { z } from 'zod';
+/**
+ * An OpenAPI extension to specify where OAuth2 credentials should be sent
+ *
+ * @example
+ * ```yaml
+ * x-scalar-credentials-location: header
+ * ```
+ *
+ * @example
+ * ```yaml
+ * x-scalar-credentials-location: body
+ * ```
+ */
+export declare const XScalarCredentialsLocationSchema: z.ZodObject<{
+    'x-scalar-credentials-location': z.ZodOptional<z.ZodEnum<["header", "body"]>>;
+}, "strip", z.ZodTypeAny, {
+    'x-scalar-credentials-location'?: "header" | "body" | undefined;
+}, {
+    'x-scalar-credentials-location'?: "header" | "body" | undefined;
+}>;
+//# sourceMappingURL=x-scalar-credentials-location.d.ts.map

package/dist/schemas/extensions/x-scalar-credentials-location.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"x-scalar-credentials-location.d.ts","sourceRoot":"","sources":["../../../src/schemas/extensions/x-scalar-credentials-location.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,gCAAgC;;;;;;EAE3C,CAAA"}

package/dist/schemas/extensions/x-scalar-credentials-location.js

@@ -0,0 +1,8 @@
+import { z } from "zod";
+const XScalarCredentialsLocationSchema = z.object({
+  "x-scalar-credentials-location": z.enum(["header", "body"]).optional()
+});
+export {
+  XScalarCredentialsLocationSchema
+};
+//# sourceMappingURL=x-scalar-credentials-location.js.map

package/dist/schemas/extensions/x-scalar-credentials-location.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/schemas/extensions/x-scalar-credentials-location.ts"],
+  "sourcesContent": ["import { z } from 'zod'\n\n/**\n * An OpenAPI extension to specify where OAuth2 credentials should be sent\n *\n * @example\n * ```yaml\n * x-scalar-credentials-location: header\n * ```\n *\n * @example\n * ```yaml\n * x-scalar-credentials-location: body\n * ```\n */\nexport const XScalarCredentialsLocationSchema = z.object({\n  'x-scalar-credentials-location': z.enum(['header', 'body']).optional(),\n})\n"],
+  "mappings": "AAAA,SAAS,SAAS;AAeX,MAAM,mCAAmC,EAAE,OAAO;AAAA,EACvD,iCAAiC,EAAE,KAAK,CAAC,UAAU,MAAM,CAAC,EAAE,SAAS;AACvE,CAAC;",
+  "names": []
+}

package/package.json

@@ -16,7 +16,7 @@
     "swagger",
     "typescript"
   ],
-  "version": "0.3.6",
+  "version": "0.3.7",
   "engines": {
     "node": ">=20"
   },