attaform 0.16.4 → 0.17.1

package/dist/shared/attaform.C0iFnTN0.d.ts

@@ -0,0 +1,165 @@
+import { z } from 'zod';
+import { G as GenericForm, s as FlatPath, B as NestedType, U as UseFormConfiguration, b as AbstractSchema, D as DeepPartial, c as DefaultValuesShape, ag as ValidateOnConfig, d as UseFormReturnType } from './attaform.C_5aB6EQ.js';
+
+/**
+ * The shape `form.values.<key>` returns at runtime.
+ *
+ * Per leaf:
+ *
+ * 1. `z.preprocess(fn, inner)` — compiles to `ZodPipe<ZodTransform, inner>`.
+ *    The preprocess fn fires at the write boundary (synthesized into
+ *    `setValue`), so storage holds whatever `inner` stores. Recurse
+ *    `StorageShape` on `inner` so a defaulted leaf inside `inner` still
+ *    reads `T` (not `T | undefined`).
+ *
+ * 2. `inner.transform(fn)` — compiles to `ZodPipe<inner, ZodTransform>`.
+ *    Transforms fire at submit / validate, NOT at the write boundary,
+ *    so storage holds whatever `inner` stores. Recurse `StorageShape`
+ *    on `inner` for the same reason.
+ *
+ *    A bare top-level `ZodTransform` (no `in` schema) reads
+ *    `_zod.input` directly — there's no inner to recurse into.
+ *
+ * 3. Codec / generic pipe — neither side is a transform. Read
+ *    `_zod.output`. Codecs aren't write-boundary-synthesized, so the
+ *    post-parse view is the only honest storage type.
+ *
+ * 4. Everything else (defaults, catch, readonly, optional, primitives,
+ *    nested objects) — read `_zod.output`. Defaults and catches fire
+ *    at parse time, so the post-init view is what storage holds.
+ *    Nested objects delegate to Zod's own recursion on `_zod.output`,
+ *    which peels nested defaults inside structural containers.
+ *
+ * Recursion: the alias calls itself on the non-transform side of a
+ * pipe so the inner shape gets the same per-key storage treatment as
+ * the top level. Without it, an inner `.default(...)` inside a
+ * transformed object would peel back to `T | undefined` (the broad
+ * input contract). Recursion only fires for pipe leaves — most leaves
+ * skip it.
+ *
+ * Implementation note: direct `_zod` property access mirrors Zod's
+ * own `$InferObjectOutput` / `$InferObjectInput`, which read
+ * `T[k]['_zod']['output']` / `T[k]['_zod']['input']` directly rather
+ * than wrapping in the top-level `output<T>` / `input<T>` conditional.
+ * Wrapping per key spawns a fresh conditional instantiation for every
+ * key; Volar's web-worker checker collapses that per-key walk to
+ * `any` once the schema is non-trivial. Property access has no
+ * conditional and resolves cleanly under the same budget.
+ *
+ * Shape access also goes through `_zod.def.shape` rather than
+ * `infer Shape from z.ZodObject<Shape>` — the latter collapses to the
+ * `$ZodShape` upper bound in the same worker because of
+ * `z.ZodObject`'s `out Shape` covariance markers.
+ */
+type StorageShape<S> = S extends {
+    _zod: {
+        def: {
+            type: 'object';
+            shape: infer Shape;
+        };
+    };
+} ? {
+    [K in keyof Shape]-?: StorageLeaf<Shape[K]>;
+} : StorageLeaf<S>;
+type StorageLeaf<L> = L extends {
+    _zod: {
+        def: {
+            type: 'pipe';
+            in: infer A;
+            out: infer B;
+        };
+    };
+} ? A extends {
+    _zod: {
+        def: {
+            type: 'transform';
+        };
+    };
+} ? StorageShape<B> : B extends {
+    _zod: {
+        def: {
+            type: 'transform';
+        };
+    };
+} ? StorageShape<A> : L extends {
+    _zod: {
+        output: infer Out;
+    };
+} ? Out : never : L extends {
+    _zod: {
+        def: {
+            type: 'transform';
+        };
+    };
+} ? L extends {
+    _zod: {
+        input: infer In;
+    };
+} ? In : never : L extends {
+    _zod: {
+        output: infer Out;
+    };
+} ? Out : never;
+
+/**
+ * Zod v4 adapter entry point. Re-exports the adapter + the useForm
+ * wrapper that threads zod-v4-specific schema types through
+ * useAbstractForm.
+ */
+
+/**
+ * Type of the value accepted at `Path` for `setValue` / `defaultValues`
+ * — the schema's `z.input<Schema>` shape at that path. Matches what
+ * `form.values.X` returns at runtime (the honest input view storage
+ * holds before transforms run).
+ *
+ * ```ts
+ * const schema = z.object({
+ *   flag: z.string().transform((v) => v.length > 10),
+ * })
+ * type FlagWriteIn = PathInput<typeof schema, 'flag'> // string
+ * ```
+ */
+type PathInput<Schema extends z.ZodType, Path extends string> = z.input<Schema> extends GenericForm ? Path extends FlatPath<z.input<Schema>> ? NestedType<z.input<Schema>, Path> : never : never;
+/**
+ * Type produced at `Path` after the full parse pipeline — the schema's
+ * `z.output<Schema>` shape at that path. Matches the `data` payload of
+ * `form.process()` and the value handed to `handleSubmit`'s callback.
+ *
+ * ```ts
+ * const schema = z.object({
+ *   flag: z.string().transform((v) => v.length > 10),
+ * })
+ * type FlagParsedOut = PathOutput<typeof schema, 'flag'> // boolean
+ * ```
+ */
+type PathOutput<Schema extends z.ZodType, Path extends string> = z.output<Schema> extends GenericForm ? Path extends FlatPath<z.output<Schema>> ? NestedType<z.output<Schema>, Path> : never : never;
+/**
+ * Create a form bound to a Zod v4 schema.
+ *
+ * ```ts
+ * import { useForm } from 'attaform/zod'
+ * import { z } from 'zod'
+ *
+ * const form = useForm({
+ *   schema: z.object({
+ *     email: z.email(),
+ *     password: z.string().min(8),
+ *   }),
+ *   defaultValues: { email: '' },
+ * })
+ * ```
+ *
+ * Returns a form API exposing `register`, `values`, `errors`,
+ * `fields`, `setValue`, `handleSubmit`, `meta`, field-array
+ * helpers, and more. See `UseFormReturnType` for the full
+ * surface.
+ *
+ * For Zod v3, import from `attaform/zod-v3` instead.
+ */
+declare function useForm<Schema extends z.ZodObject>(configuration: Omit<UseFormConfiguration<z.input<Schema> extends GenericForm ? z.input<Schema> : never, z.output<Schema> extends GenericForm ? z.output<Schema> : never, AbstractSchema<z.input<Schema> extends GenericForm ? z.input<Schema> : never, z.output<Schema> extends GenericForm ? z.output<Schema> : never>, DeepPartial<DefaultValuesShape<z.input<Schema> extends GenericForm ? z.input<Schema> : never>>>, 'schema' | 'validateOn' | 'debounceMs'> & {
+    schema: Schema;
+} & ValidateOnConfig): UseFormReturnType<z.input<Schema> extends GenericForm ? z.input<Schema> : never, z.output<Schema> extends GenericForm ? z.output<Schema> : never, StorageShape<Schema> extends GenericForm ? StorageShape<Schema> : never>;
+
+export { useForm as u };
+export type { PathInput as P, StorageShape as S, PathOutput as a };

package/dist/shared/{attaform.CXMOheyZ.d.mts → attaform.C6qzEdIM.d.cts}

@@ -1,4 +1,4 @@
-import { G as GenericForm, F as FormKey, d as UseFormReturnType, R as RegisterValue } from './attaform.CU3JperC.mjs';
+import { G as GenericForm, F as FormKey, d as UseFormReturnType, R as RegisterValue } from './attaform.C_5aB6EQ.cjs';
 import { Ref } from 'vue';
 
 /**

package/dist/shared/{attaform.CJttVxRj.cjs → attaform.C8LVFVVe.cjs}

@@ -1,6 +1,6 @@
 'use strict';
 
-const plugin = require('./attaform.rIRYSUI1.cjs');
+const plugin = require('./attaform.Dee2rU1P.cjs');
 
 function renderAttaformState(app) {
   const registry = plugin.getRegistryFromApp(app);
@@ -29,4 +29,4 @@ function hydrateAttaformState(app, payload) {
 
 exports.hydrateAttaformState = hydrateAttaformState;
 exports.renderAttaformState = renderAttaformState;
-//# sourceMappingURL=attaform.CJttVxRj.cjs.map
+//# sourceMappingURL=attaform.C8LVFVVe.cjs.map

package/dist/shared/{attaform.CJttVxRj.cjs.map → attaform.C8LVFVVe.cjs.map}

@@ -1 +1 @@
-{"version":3,"file":"attaform.CJttVxRj.cjs","sources":["../../src/runtime/core/serialize.ts"],"sourcesContent":["import type { App } from 'vue'\nimport type { FormKey } from '../types/types-api'\nimport { getRegistryFromApp, type SerializedFormData } from './registry'\n\n/**\n * Serialised snapshot of every form in a Vue app, produced by\n * `renderAttaformState` and consumed by `hydrateAttaformState`.\n *\n * JSON-safe — pass to `JSON.stringify`, `devalue`, or any other\n * serialiser before embedding in your SSR payload.\n */\nexport type SerializedAttaformState = {\n  /** Tuples of `[formKey, snapshot]` for every form in the app. */\n  readonly forms: ReadonlyArray<readonly [FormKey, SerializedFormData]>\n}\n\n/**\n * Snapshot every form on a Vue app for SSR. Call from your server\n * entry after rendering the app:\n *\n * ```ts\n * import { renderToString } from '@vue/server-renderer'\n * import { renderAttaformState, escapeForInlineScript } from 'attaform'\n *\n * const html = await renderToString(app)\n * const state = renderAttaformState(app)\n * const payload = escapeForInlineScript(JSON.stringify(state))\n *\n * return `\n *   ${html}\n *   <script>window.__ATTAFORM_STATE__ = ${payload}</script>\n * `\n * ```\n *\n * Pair with `hydrateAttaformState` on the client to restore the\n * forms in their server-rendered state. Nuxt users don't need this —\n * `attaform/nuxt` wires SSR automatically.\n */\nexport function renderAttaformState(app: App): SerializedAttaformState {\n  const registry = getRegistryFromApp(app)\n  const forms: Array<readonly [FormKey, SerializedFormData]> = []\n  for (const [key, state] of registry.forms) {\n    // Skip the blank field when the set is empty so the\n    // wire payload stays minimal for forms that don't use it. The\n    // optional shape on the consuming side handles the absence\n    // cleanly (defaults to \"no blank paths\").\n    const transientList = Array.from(state.blankPaths)\n    forms.push([\n      key,\n      {\n        form: state.form.value,\n        schemaErrors: Array.from(state.schemaErrors.entries()),\n        userErrors: Array.from(state.userErrors.entries()),\n        fields: Array.from(state.fields.entries()),\n        ...(transientList.length > 0 ? { blankPaths: transientList } : {}),\n      },\n    ])\n  }\n  return { forms }\n}\n\n/**\n * Restore forms from a server-rendered snapshot on the client. Call\n * from your client entry before mounting:\n *\n * ```ts\n * import { createApp } from 'vue'\n * import { createAttaform, hydrateAttaformState } from 'attaform'\n *\n * const app = createApp(App).use(createAttaform())\n * hydrateAttaformState(app, window.__ATTAFORM_STATE__)\n * app.mount('#app')\n * ```\n *\n * The next `useForm({ key })` call for each serialised form picks up\n * the snapshot transparently — no further action is required.\n */\nexport function hydrateAttaformState(app: App, payload: SerializedAttaformState): void {\n  const registry = getRegistryFromApp(app)\n  for (const [key, data] of payload.forms) {\n    registry.pendingHydration.set(key, data)\n  }\n}\n"],"names":["getRegistryFromApp"],"mappings":";;;;AAsCO,SAAS,oBAAoB,GAAA,EAAmC;AACrE,EAAA,MAAM,QAAA,GAAWA,0BAAmB,GAAG,CAAA;AACvC,EAAA,MAAM,QAAuD,EAAC;AAC9D,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,CAAA,IAAK,SAAS,KAAA,EAAO;AAKzC,IAAA,MAAM,aAAA,GAAgB,KAAA,CAAM,IAAA,CAAK,KAAA,CAAM,UAAU,CAAA;AACjD,IAAA,KAAA,CAAM,IAAA,CAAK;AAAA,MACT,GAAA;AAAA,MACA;AAAA,QACE,IAAA,EAAM,MAAM,IAAA,CAAK,KAAA;AAAA,QACjB,cAAc,KAAA,CAAM,IAAA,CAAK,KAAA,CAAM,YAAA,CAAa,SAAS,CAAA;AAAA,QACrD,YAAY,KAAA,CAAM,IAAA,CAAK,KAAA,CAAM,UAAA,CAAW,SAAS,CAAA;AAAA,QACjD,QAAQ,KAAA,CAAM,IAAA,CAAK,KAAA,CAAM,MAAA,CAAO,SAAS,CAAA;AAAA,QACzC,GAAI,cAAc,MAAA,GAAS,CAAA,GAAI,EAAE,UAAA,EAAY,aAAA,KAAkB;AAAC;AAClE,KACD,CAAA;AAAA,EACH;AACA,EAAA,OAAO,EAAE,KAAA,EAAM;AACjB;AAkBO,SAAS,oBAAA,CAAqB,KAAU,OAAA,EAAwC;AACrF,EAAA,MAAM,QAAA,GAAWA,0BAAmB,GAAG,CAAA;AACvC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,IAAI,CAAA,IAAK,QAAQ,KAAA,EAAO;AACvC,IAAA,QAAA,CAAS,gBAAA,CAAiB,GAAA,CAAI,GAAA,EAAK,IAAI,CAAA;AAAA,EACzC;AACF;;;;;"}
+{"version":3,"file":"attaform.C8LVFVVe.cjs","sources":["../../src/runtime/core/serialize.ts"],"sourcesContent":["import type { App } from 'vue'\nimport type { FormKey } from '../types/types-api'\nimport { getRegistryFromApp, type SerializedFormData } from './registry'\n\n/**\n * Serialised snapshot of every form in a Vue app, produced by\n * `renderAttaformState` and consumed by `hydrateAttaformState`.\n *\n * JSON-safe — pass to `JSON.stringify`, `devalue`, or any other\n * serialiser before embedding in your SSR payload.\n */\nexport type SerializedAttaformState = {\n  /** Tuples of `[formKey, snapshot]` for every form in the app. */\n  readonly forms: ReadonlyArray<readonly [FormKey, SerializedFormData]>\n}\n\n/**\n * Snapshot every form on a Vue app for SSR. Call from your server\n * entry after rendering the app:\n *\n * ```ts\n * import { renderToString } from '@vue/server-renderer'\n * import { renderAttaformState, escapeForInlineScript } from 'attaform'\n *\n * const html = await renderToString(app)\n * const state = renderAttaformState(app)\n * const payload = escapeForInlineScript(JSON.stringify(state))\n *\n * return `\n *   ${html}\n *   <script>window.__ATTAFORM_STATE__ = ${payload}</script>\n * `\n * ```\n *\n * Pair with `hydrateAttaformState` on the client to restore the\n * forms in their server-rendered state. Nuxt users don't need this —\n * `attaform/nuxt` wires SSR automatically.\n */\nexport function renderAttaformState(app: App): SerializedAttaformState {\n  const registry = getRegistryFromApp(app)\n  const forms: Array<readonly [FormKey, SerializedFormData]> = []\n  for (const [key, state] of registry.forms) {\n    // Skip the blank field when the set is empty so the\n    // wire payload stays minimal for forms that don't use it. The\n    // optional shape on the consuming side handles the absence\n    // cleanly (defaults to \"no blank paths\").\n    const transientList = Array.from(state.blankPaths)\n    forms.push([\n      key,\n      {\n        form: state.form.value,\n        schemaErrors: Array.from(state.schemaErrors.entries()),\n        userErrors: Array.from(state.userErrors.entries()),\n        fields: Array.from(state.fields.entries()),\n        ...(transientList.length > 0 ? { blankPaths: transientList } : {}),\n      },\n    ])\n  }\n  return { forms }\n}\n\n/**\n * Restore forms from a server-rendered snapshot on the client. Call\n * from your client entry before mounting:\n *\n * ```ts\n * import { createApp } from 'vue'\n * import { createAttaform, hydrateAttaformState } from 'attaform'\n *\n * const app = createApp(App).use(createAttaform())\n * hydrateAttaformState(app, window.__ATTAFORM_STATE__)\n * app.mount('#app')\n * ```\n *\n * The next `useForm({ key })` call for each serialised form picks up\n * the snapshot transparently — no further action is required.\n */\nexport function hydrateAttaformState(app: App, payload: SerializedAttaformState): void {\n  const registry = getRegistryFromApp(app)\n  for (const [key, data] of payload.forms) {\n    registry.pendingHydration.set(key, data)\n  }\n}\n"],"names":["getRegistryFromApp"],"mappings":";;;;AAsCO,SAAS,oBAAoB,GAAA,EAAmC;AACrE,EAAA,MAAM,QAAA,GAAWA,0BAAmB,GAAG,CAAA;AACvC,EAAA,MAAM,QAAuD,EAAC;AAC9D,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,CAAA,IAAK,SAAS,KAAA,EAAO;AAKzC,IAAA,MAAM,aAAA,GAAgB,KAAA,CAAM,IAAA,CAAK,KAAA,CAAM,UAAU,CAAA;AACjD,IAAA,KAAA,CAAM,IAAA,CAAK;AAAA,MACT,GAAA;AAAA,MACA;AAAA,QACE,IAAA,EAAM,MAAM,IAAA,CAAK,KAAA;AAAA,QACjB,cAAc,KAAA,CAAM,IAAA,CAAK,KAAA,CAAM,YAAA,CAAa,SAAS,CAAA;AAAA,QACrD,YAAY,KAAA,CAAM,IAAA,CAAK,KAAA,CAAM,UAAA,CAAW,SAAS,CAAA;AAAA,QACjD,QAAQ,KAAA,CAAM,IAAA,CAAK,KAAA,CAAM,MAAA,CAAO,SAAS,CAAA;AAAA,QACzC,GAAI,cAAc,MAAA,GAAS,CAAA,GAAI,EAAE,UAAA,EAAY,aAAA,KAAkB;AAAC;AAClE,KACD,CAAA;AAAA,EACH;AACA,EAAA,OAAO,EAAE,KAAA,EAAM;AACjB;AAkBO,SAAS,oBAAA,CAAqB,KAAU,OAAA,EAAwC;AACrF,EAAA,MAAM,QAAA,GAAWA,0BAAmB,GAAG,CAAA;AACvC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,IAAI,CAAA,IAAK,QAAQ,KAAA,EAAO;AACvC,IAAA,QAAA,CAAS,gBAAA,CAAiB,GAAA,CAAI,GAAA,EAAK,IAAI,CAAA;AAAA,EACzC;AACF;;;;;"}

package/dist/shared/attaform.CHorcsIU.d.cts

@@ -0,0 +1,165 @@
+import { z } from 'zod';
+import { G as GenericForm, s as FlatPath, B as NestedType, U as UseFormConfiguration, b as AbstractSchema, D as DeepPartial, c as DefaultValuesShape, ag as ValidateOnConfig, d as UseFormReturnType } from './attaform.C_5aB6EQ.cjs';
+
+/**
+ * The shape `form.values.<key>` returns at runtime.
+ *
+ * Per leaf:
+ *
+ * 1. `z.preprocess(fn, inner)` — compiles to `ZodPipe<ZodTransform, inner>`.
+ *    The preprocess fn fires at the write boundary (synthesized into
+ *    `setValue`), so storage holds whatever `inner` stores. Recurse
+ *    `StorageShape` on `inner` so a defaulted leaf inside `inner` still
+ *    reads `T` (not `T | undefined`).
+ *
+ * 2. `inner.transform(fn)` — compiles to `ZodPipe<inner, ZodTransform>`.
+ *    Transforms fire at submit / validate, NOT at the write boundary,
+ *    so storage holds whatever `inner` stores. Recurse `StorageShape`
+ *    on `inner` for the same reason.
+ *
+ *    A bare top-level `ZodTransform` (no `in` schema) reads
+ *    `_zod.input` directly — there's no inner to recurse into.
+ *
+ * 3. Codec / generic pipe — neither side is a transform. Read
+ *    `_zod.output`. Codecs aren't write-boundary-synthesized, so the
+ *    post-parse view is the only honest storage type.
+ *
+ * 4. Everything else (defaults, catch, readonly, optional, primitives,
+ *    nested objects) — read `_zod.output`. Defaults and catches fire
+ *    at parse time, so the post-init view is what storage holds.
+ *    Nested objects delegate to Zod's own recursion on `_zod.output`,
+ *    which peels nested defaults inside structural containers.
+ *
+ * Recursion: the alias calls itself on the non-transform side of a
+ * pipe so the inner shape gets the same per-key storage treatment as
+ * the top level. Without it, an inner `.default(...)` inside a
+ * transformed object would peel back to `T | undefined` (the broad
+ * input contract). Recursion only fires for pipe leaves — most leaves
+ * skip it.
+ *
+ * Implementation note: direct `_zod` property access mirrors Zod's
+ * own `$InferObjectOutput` / `$InferObjectInput`, which read
+ * `T[k]['_zod']['output']` / `T[k]['_zod']['input']` directly rather
+ * than wrapping in the top-level `output<T>` / `input<T>` conditional.
+ * Wrapping per key spawns a fresh conditional instantiation for every
+ * key; Volar's web-worker checker collapses that per-key walk to
+ * `any` once the schema is non-trivial. Property access has no
+ * conditional and resolves cleanly under the same budget.
+ *
+ * Shape access also goes through `_zod.def.shape` rather than
+ * `infer Shape from z.ZodObject<Shape>` — the latter collapses to the
+ * `$ZodShape` upper bound in the same worker because of
+ * `z.ZodObject`'s `out Shape` covariance markers.
+ */
+type StorageShape<S> = S extends {
+    _zod: {
+        def: {
+            type: 'object';
+            shape: infer Shape;
+        };
+    };
+} ? {
+    [K in keyof Shape]-?: StorageLeaf<Shape[K]>;
+} : StorageLeaf<S>;
+type StorageLeaf<L> = L extends {
+    _zod: {
+        def: {
+            type: 'pipe';
+            in: infer A;
+            out: infer B;
+        };
+    };
+} ? A extends {
+    _zod: {
+        def: {
+            type: 'transform';
+        };
+    };
+} ? StorageShape<B> : B extends {
+    _zod: {
+        def: {
+            type: 'transform';
+        };
+    };
+} ? StorageShape<A> : L extends {
+    _zod: {
+        output: infer Out;
+    };
+} ? Out : never : L extends {
+    _zod: {
+        def: {
+            type: 'transform';
+        };
+    };
+} ? L extends {
+    _zod: {
+        input: infer In;
+    };
+} ? In : never : L extends {
+    _zod: {
+        output: infer Out;
+    };
+} ? Out : never;
+
+/**
+ * Zod v4 adapter entry point. Re-exports the adapter + the useForm
+ * wrapper that threads zod-v4-specific schema types through
+ * useAbstractForm.
+ */
+
+/**
+ * Type of the value accepted at `Path` for `setValue` / `defaultValues`
+ * — the schema's `z.input<Schema>` shape at that path. Matches what
+ * `form.values.X` returns at runtime (the honest input view storage
+ * holds before transforms run).
+ *
+ * ```ts
+ * const schema = z.object({
+ *   flag: z.string().transform((v) => v.length > 10),
+ * })
+ * type FlagWriteIn = PathInput<typeof schema, 'flag'> // string
+ * ```
+ */
+type PathInput<Schema extends z.ZodType, Path extends string> = z.input<Schema> extends GenericForm ? Path extends FlatPath<z.input<Schema>> ? NestedType<z.input<Schema>, Path> : never : never;
+/**
+ * Type produced at `Path` after the full parse pipeline — the schema's
+ * `z.output<Schema>` shape at that path. Matches the `data` payload of
+ * `form.process()` and the value handed to `handleSubmit`'s callback.
+ *
+ * ```ts
+ * const schema = z.object({
+ *   flag: z.string().transform((v) => v.length > 10),
+ * })
+ * type FlagParsedOut = PathOutput<typeof schema, 'flag'> // boolean
+ * ```
+ */
+type PathOutput<Schema extends z.ZodType, Path extends string> = z.output<Schema> extends GenericForm ? Path extends FlatPath<z.output<Schema>> ? NestedType<z.output<Schema>, Path> : never : never;
+/**
+ * Create a form bound to a Zod v4 schema.
+ *
+ * ```ts
+ * import { useForm } from 'attaform/zod'
+ * import { z } from 'zod'
+ *
+ * const form = useForm({
+ *   schema: z.object({
+ *     email: z.email(),
+ *     password: z.string().min(8),
+ *   }),
+ *   defaultValues: { email: '' },
+ * })
+ * ```
+ *
+ * Returns a form API exposing `register`, `values`, `errors`,
+ * `fields`, `setValue`, `handleSubmit`, `meta`, field-array
+ * helpers, and more. See `UseFormReturnType` for the full
+ * surface.
+ *
+ * For Zod v3, import from `attaform/zod-v3` instead.
+ */
+declare function useForm<Schema extends z.ZodObject>(configuration: Omit<UseFormConfiguration<z.input<Schema> extends GenericForm ? z.input<Schema> : never, z.output<Schema> extends GenericForm ? z.output<Schema> : never, AbstractSchema<z.input<Schema> extends GenericForm ? z.input<Schema> : never, z.output<Schema> extends GenericForm ? z.output<Schema> : never>, DeepPartial<DefaultValuesShape<z.input<Schema> extends GenericForm ? z.input<Schema> : never>>>, 'schema' | 'validateOn' | 'debounceMs'> & {
+    schema: Schema;
+} & ValidateOnConfig): UseFormReturnType<z.input<Schema> extends GenericForm ? z.input<Schema> : never, z.output<Schema> extends GenericForm ? z.output<Schema> : never, StorageShape<Schema> extends GenericForm ? StorageShape<Schema> : never>;
+
+export { useForm as u };
+export type { PathInput as P, StorageShape as S, PathOutput as a };

package/dist/shared/{attaform.BfMxsfmE.mjs → attaform.CIEQgJnM.mjs}

@@ -71,7 +71,7 @@ function formatAnonPersistMessage(opts) {
 }
 
 function detectSSR(options = {}) {
-  if (options.override !== void 0) return options.override;
+  if (options.ssr !== void 0) return options.ssr;
   return typeof window === "undefined" && typeof document === "undefined";
 }
 
@@ -381,91 +381,138 @@ function createPersistOptInRegistry() {
   };
 }
 
-const SENSITIVE_NAME_PATTERNS = [
-  // Passwords and PIN-like
-  /password/i,
-  /passwd/i,
-  /passwords/i,
-  /\bpwd\b/i,
-  /\bpin\b/i,
+const DEFAULT_SENSITIVE_NAMES = Object.freeze([
+  // Passwords + PIN-like
+  "password",
+  "passwd",
+  "pwd",
+  "pin",
   // Card / payment
-  /\bcvv\b/i,
-  /\bcvc\b/i,
-  /card[_\s-]?(?:number|num)/i,
-  /\bcard\b/i,
-  /\biban\b/i,
-  /routing[_\s-]?number/i,
-  /account[_\s-]?number/i,
+  "cvv",
+  "cvc",
+  "card_number",
+  "card_num",
+  "card",
+  "iban",
+  "routing_number",
+  "account_number",
   // Government / identity
-  /\bssn\b/i,
-  /social[_\s-]?security/i,
-  /\bdob\b/i,
-  /date[_\s-]?of[_\s-]?birth/i,
-  /passport/i,
-  /driver[_\s-]?license/i,
-  // Tax IDs (US + international common variants)
-  /\btin\b/i,
-  /\bein\b/i,
-  /\bitin\b/i,
-  /tax[_\s-]?id/i,
-  // Tokens, secrets, API/auth credentials
-  /\btoken\b/i,
-  /\btokens\b/i,
-  /secret/i,
-  /secrets/i,
-  /api[_\s-]?key/i,
-  /api[_\s-]?secret/i,
-  /api[_\s-]?token/i,
-  /private[_\s-]?key/i,
-  /\bbearer\b/i,
-  /\boauth\b/i,
-  /auth[_\s-]?token/i,
-  /access[_\s-]?token/i,
-  /refresh[_\s-]?token/i,
-  /session[_\s-]?(?:id|key|token)/i,
+  "ssn",
+  "social_security",
+  "dob",
+  "date_of_birth",
+  "passport",
+  "driver_license",
+  // Tax IDs
+  "tin",
+  "ein",
+  "itin",
+  "tax_id",
+  // Tokens / secrets / API auth
+  "token",
+  "tokens",
+  "secret",
+  "secrets",
+  "api_key",
+  "api_secret",
+  "api_token",
+  "private_key",
+  "bearer",
+  "oauth",
+  "auth_token",
+  "access_token",
+  "refresh_token",
+  "session_id",
+  "session_key",
+  "session_token",
   // MFA / OTP
-  /\botp\b/i,
-  /one[_\s-]?time[_\s-]?(?:password|code)/i,
-  /mfa[_\s-]?(?:secret|seed|code|token)/i,
-  /two[_\s-]?factor[_\s-]?(?:code|token)/i,
-  /\b2fa[_\s-]?(?:code|token)?\b/i,
-  /recovery[_\s-]?code/i,
-  /backup[_\s-]?code/i
-];
-function segmentMatchesSensitive(segment) {
-  if (typeof segment !== "string") return false;
-  for (const pattern of SENSITIVE_NAME_PATTERNS) {
-    if (pattern.test(segment)) return true;
+  "otp",
+  "one_time_password",
+  "one_time_code",
+  "mfa_secret",
+  "mfa_seed",
+  "mfa_code",
+  "mfa_token",
+  "two_factor_code",
+  "two_factor_token",
+  "2fa",
+  "2fa_code",
+  "2fa_token",
+  "recovery_code",
+  "backup_code"
+]);
+const WORD_BOUNDARY_THRESHOLD = 5;
+function escapeRegex(s) {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+function nameToRegex(name) {
+  const parts = name.split(/[_\s-]/).filter((p) => p.length > 0);
+  if (parts.length === 0) {
+    return /(?!)/;
   }
-  return false;
-}
-function isSensitivePath(path) {
-  if (typeof path !== "string") {
-    for (const segment of path) {
-      if (segmentMatchesSensitive(segment)) return true;
+  const escaped = parts.map(escapeRegex).join("[_\\s-]?");
+  const compactLength = parts.reduce((sum, p) => sum + p.length, 0);
+  const useBoundary = compactLength <= WORD_BOUNDARY_THRESHOLD;
+  const source = useBoundary ? `\\b${escaped}\\b` : escaped;
+  return new RegExp(source, "i");
+}
+function namesToPatterns(names) {
+  const patterns = [];
+  for (const name of names) {
+    if (typeof name !== "string" || name.length === 0) continue;
+    patterns.push(nameToRegex(name));
+  }
+  return patterns;
+}
+const DEFAULT_PATTERNS = namesToPatterns(DEFAULT_SENSITIVE_NAMES);
+function createSegmentMatchesSensitive(names = DEFAULT_SENSITIVE_NAMES) {
+  const patterns = names === DEFAULT_SENSITIVE_NAMES ? DEFAULT_PATTERNS : namesToPatterns(names);
+  return (segment) => {
+    if (typeof segment !== "string") return false;
+    for (const p of patterns) {
+      if (p.test(segment)) return true;
     }
     return false;
-  }
-  if (path.startsWith("[")) {
-    try {
-      const parsed = JSON.parse(path);
-      if (Array.isArray(parsed)) {
-        for (const segment of parsed) {
-          if (segmentMatchesSensitive(segment)) return true;
+  };
+}
+function createIsSensitivePath(names = DEFAULT_SENSITIVE_NAMES) {
+  const segmentMatches = createSegmentMatchesSensitive(names);
+  return (path) => {
+    if (typeof path !== "string") {
+      for (const segment of path) {
+        if (segmentMatches(segment)) return true;
+      }
+      return false;
+    }
+    if (path.startsWith("[")) {
+      try {
+        const parsed = JSON.parse(path);
+        if (Array.isArray(parsed)) {
+          for (const segment of parsed) {
+            if (segmentMatches(segment)) return true;
+          }
+          return false;
         }
-        return false;
+      } catch {
       }
-    } catch {
     }
-  }
-  for (const segment of path.split(".")) {
-    if (segmentMatchesSensitive(segment)) return true;
-  }
-  return false;
+    for (const segment of path.split(".")) {
+      if (segmentMatches(segment)) return true;
+    }
+    return false;
+  };
 }
-function enforceSensitiveCheck(path, acknowledged) {
+const defaultSegmentMatches = createSegmentMatchesSensitive();
+const defaultIsSensitivePath = createIsSensitivePath();
+function segmentMatchesSensitive(segment) {
+  return defaultSegmentMatches(segment);
+}
+function isSensitivePath(path) {
+  return defaultIsSensitivePath(path);
+}
+function enforceSensitiveCheck(path, acknowledged, isSensitive = defaultIsSensitivePath) {
   if (acknowledged) return;
-  if (!isSensitivePath(path)) return;
+  if (!isSensitive(path)) return;
   throw new SensitivePersistFieldError(path);
 }
 
@@ -607,10 +654,25 @@ function syncPersistOptIn(el, value, oldValue) {
   }
   if (wantsOptIn) {
     const v = value;
-    enforceSensitiveCheck(v.path, v.acknowledgeSensitive);
+    enforceSensitiveCheck(v.path, v.acknowledgeSensitive, v.isSensitivePath);
     v.persistOptIns.add(elementId, v.path);
   }
 }
+function syncMultiTabOptOut(value, oldValue) {
+  const wasOptedOut = isRegisterValue(oldValue) && oldValue.unmarkNoSync !== void 0;
+  const wantsOptOut = isRegisterValue(value) && value.markNoSync !== void 0;
+  if (!wasOptedOut && !wantsOptOut) return;
+  if (wasOptedOut) {
+    const old = oldValue;
+    const samePath = wantsOptOut && value.path === old.path;
+    if (!samePath) old.unmarkNoSync?.();
+  }
+  if (wantsOptOut) {
+    const v = value;
+    const samePathOld = wasOptedOut && oldValue.path === v.path;
+    if (!samePathOld) v.markNoSync?.();
+  }
+}
 function syncElementRegistration(el, value, oldValue) {
   const wasRegistered = isRegisterValue(oldValue);
   const isRegistered = isRegisterValue(value);
@@ -1059,6 +1121,7 @@ const warnedUnsupportedElements = __DEV__ ? /* @__PURE__ */ new WeakSet() : null
 const vRegisterDynamic = {
   created(el, binding, vnode) {
     syncPersistOptIn(el, binding.value, void 0);
+    syncMultiTabOptOut(binding.value, void 0);
     callModelHook(el, binding, vnode, null, "created");
     if (__DEV__ && warnedUnsupportedElements !== null && !SUPPORTED_TAGS.has(el.tagName) && !warnedUnsupportedElements.has(el)) {
       void nextTick(() => {
@@ -1080,6 +1143,7 @@ const vRegisterDynamic = {
   },
   beforeUpdate(el, binding, vnode, prevVNode) {
     syncPersistOptIn(el, binding.value, binding.oldValue);
+    syncMultiTabOptOut(binding.value, binding.oldValue);
     syncElementRegistration(el, binding.value, binding.oldValue);
     callModelHook(el, binding, vnode, prevVNode, "beforeUpdate");
   },
@@ -1090,6 +1154,7 @@ const vRegisterDynamic = {
     removeTrackedListeners(el);
     if (isRegisterValue(value)) {
       value.persistOptIns.removeAllFor(getOrAssignElementId(el));
+      value.unmarkNoSync?.();
     }
     if (!isRegisterValue(value)) return;
     value.deregisterElement(el);
@@ -1165,5 +1230,5 @@ function createAttaform(options = {}) {
   return plugin;
 }
 
-export { AnonPersistError as A, InvalidPathError as I, OutsideSetupError as O, RegistryNotInstalledError as R, SensitivePersistFieldError as S, __DEV__ as _, AttaformError as a, InvalidUseFormConfigError as b, createAttaform as c, ReservedFormKeyError as d, SubmitErrorHandlerError as e, assignKey as f, getRegistryFromApp as g, createRegistry as h, isSensitivePath as i, isRegisterValue as j, kAttaformRegistry as k, useRegistry as l, captureUserCallSite as m, enforceSensitiveCheck as n, createPersistOptInRegistry as o, ensureAttaformInstalled as p, kFormContext as q, kFormInstanceId as r, segmentMatchesSensitive as s, useRegister as u, vRegister as v };
-//# sourceMappingURL=attaform.BfMxsfmE.mjs.map
+export { AnonPersistError as A, DEFAULT_SENSITIVE_NAMES as D, InvalidPathError as I, OutsideSetupError as O, RegistryNotInstalledError as R, SensitivePersistFieldError as S, __DEV__ as _, AttaformError as a, InvalidUseFormConfigError as b, createAttaform as c, ReservedFormKeyError as d, SubmitErrorHandlerError as e, assignKey as f, getRegistryFromApp as g, createRegistry as h, isRegisterValue as i, useRegistry as j, kAttaformRegistry as k, captureUserCallSite as l, enforceSensitiveCheck as m, isSensitivePath as n, createPersistOptInRegistry as o, ensureAttaformInstalled as p, kFormContext as q, kFormInstanceId as r, segmentMatchesSensitive as s, createIsSensitivePath as t, useRegister as u, vRegister as v, createSegmentMatchesSensitive as w };
+//# sourceMappingURL=attaform.CIEQgJnM.mjs.map