attaform 0.22.0 → 0.23.0

package/dist/shared/{attaform.BKFwekY2.mjs → attaform.BhI9Icek.mjs}

@@ -2,9 +2,6 @@ import { shallowReactive, getCurrentInstance, inject, isRef, effectScope, watch,
 
 const __DEV__ = (typeof process !== "undefined" ? process.env.NODE_ENV : "production") !== "production";
 
-var __defProp = Object.defineProperty;
-var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
-var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
 class AttaformError extends Error {
   constructor(message, options) {
     super(message, options);
@@ -48,24 +45,6 @@ class ReservedFormKeyError extends AttaformError {
     );
   }
 }
-class AnonPersistError extends AttaformError {
-  constructor(opts) {
-    super(formatAnonPersistMessage(opts));
-    __publicField(this, "schemaFields");
-    __publicField(this, "callSite");
-    __publicField(this, "cause");
-    this.schemaFields = opts.schemaFields;
-    this.callSite = opts.callSite;
-    this.cause = opts.cause;
-  }
-}
-function formatAnonPersistMessage(opts) {
-  const head = opts.cause === "no-key" ? `useForm({ persist: ... }) requires an explicit \`key:\`. Anonymous synthetic keys (\`__atta:anon:*\`) drift across mounts and can collide between unrelated forms \u2014 refusing to persist to a non-deterministic location.` : `register(_, { persist: true }) declared on a form whose useForm() options have no \`persist:\` configured. The opt-in is recorded but nothing would ever land in storage.`;
-  const fields = opts.schemaFields !== void 0 && opts.schemaFields.length > 0 ? ` Form fields: { ${opts.schemaFields.join(", ")} }.` : "";
-  const fix = opts.cause === "no-key" ? ` Fix: add \`key: '<stable-id>'\` to useForm().` : ` Fix: add \`persist: 'session'\` (or 'local') and \`key:\` to useForm(), or remove \`{ persist: true }\` from this register() call.`;
-  const where = opts.callSite !== void 0 ? ` ${opts.callSite}` : "";
-  return `[attaform] ${head}${fields}${fix}${where}`;
-}
 
 function detectSSR(options = {}) {
   if (options.ssr !== void 0) return options.ssr;
@@ -617,21 +596,6 @@ function readFilesFromInput(el) {
   if (files === null || files.length === 0) return null;
   return files.item(0);
 }
-const warnedPersistedFileForms = __DEV__ ? /* @__PURE__ */ new WeakMap() : null;
-function maybeWarnPersistedFile(value) {
-  if (!__DEV__ || warnedPersistedFileForms === null) return;
-  if (value.persist !== true) return;
-  let warnedPaths = warnedPersistedFileForms.get(value.persistOptIns);
-  if (warnedPaths === void 0) {
-    warnedPaths = /* @__PURE__ */ new Set();
-    warnedPersistedFileForms.set(value.persistOptIns, warnedPaths);
-  }
-  if (warnedPaths.has(value.path)) return;
-  warnedPaths.add(value.path);
-  warn(
-    `[attaform] register('${value.path}', { persist: true }) on <input type="file"> \u2014 files can't ride a refresh (browsers block programmatic writes to <input type="file">), so this path won't be saved. For long-lived flows, upload on selection and persist the resulting URL or ID in a sibling string field.`
-  );
-}
 const fileScopeKey = Symbol.for("attaform:file-scope");
 const vRegisterFile = {
   created(el, { value }, vnode) {
@@ -639,7 +603,6 @@ const vRegisterFile = {
     const input = el;
     value.registerElement(input);
     setAssignFunction(input, vnode, value);
-    maybeWarnPersistedFile(value);
     const currentRaw = value.innerRef.value;
     if (isBlankFileValue(currentRaw)) {
       const blankShape = isMultipleInput(input, vnode) ? [] : null;
@@ -689,250 +652,11 @@ const vRegisterFile = {
   }
 };
 
-const idGenerator = /* @__PURE__ */ (() => {
-  let counter = 0;
-  return () => `el-${++counter}`;
-})();
-const elementIds = /* @__PURE__ */ new WeakMap();
-function getOrAssignElementId(el) {
-  let id = elementIds.get(el);
-  if (id === void 0) {
-    id = idGenerator();
-    elementIds.set(el, id);
-  }
-  return id;
-}
-function createPersistOptInRegistry() {
-  const byPath = /* @__PURE__ */ new Map();
-  function add(elementId, path) {
-    const existing = byPath.get(path);
-    if (existing === void 0) {
-      byPath.set(path, /* @__PURE__ */ new Set([elementId]));
-      return;
-    }
-    existing.add(elementId);
-  }
-  function remove(elementId, path) {
-    const existing = byPath.get(path);
-    if (existing === void 0) return;
-    existing.delete(elementId);
-    if (existing.size === 0) byPath.delete(path);
-  }
-  function removeAllFor(elementId) {
-    for (const [path, ids] of byPath) {
-      if (!ids.delete(elementId)) continue;
-      if (ids.size === 0) byPath.delete(path);
-    }
-  }
-  function hasOptIn(elementId, path) {
-    return byPath.get(path)?.has(elementId) ?? false;
-  }
-  function hasAnyOptInForPath(path) {
-    const ids = byPath.get(path);
-    return ids !== void 0 && ids.size > 0;
-  }
-  function optedInPaths() {
-    return byPath.keys();
-  }
-  function isEmpty() {
-    return byPath.size === 0;
-  }
-  function clear() {
-    byPath.clear();
-  }
-  return {
-    add,
-    remove,
-    removeAllFor,
-    hasOptIn,
-    hasAnyOptInForPath,
-    optedInPaths,
-    isEmpty,
-    clear
-  };
-}
-
-const DEFAULT_SENSITIVE_NAMES = Object.freeze([
-  // Passwords + PIN-like
-  "password",
-  "passwd",
-  "pwd",
-  "pin",
-  // Card / payment
-  "cvv",
-  "cvc",
-  "card_number",
-  "card_num",
-  "card",
-  "iban",
-  "routing_number",
-  "account_number",
-  // Government / identity
-  "ssn",
-  "social_security",
-  "dob",
-  "date_of_birth",
-  "passport",
-  "driver_license",
-  // Tax IDs
-  "tin",
-  "ein",
-  "itin",
-  "tax_id",
-  // Tokens / secrets / API auth
-  "token",
-  "tokens",
-  "secret",
-  "secrets",
-  "api_key",
-  "api_secret",
-  "api_token",
-  "private_key",
-  "bearer",
-  "oauth",
-  "auth_token",
-  "access_token",
-  "refresh_token",
-  "session_id",
-  "session_key",
-  "session_token",
-  // MFA / OTP
-  "otp",
-  "one_time_password",
-  "one_time_code",
-  "mfa_secret",
-  "mfa_seed",
-  "mfa_code",
-  "mfa_token",
-  "two_factor_code",
-  "two_factor_token",
-  "2fa",
-  "2fa_code",
-  "2fa_token",
-  "recovery_code",
-  "backup_code"
-]);
-const WORD_BOUNDARY_THRESHOLD = 5;
-function escapeRegex(s) {
-  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-}
-function nameToRegex(name) {
-  const parts = name.split(/[_\s-]/).filter((p) => p.length > 0);
-  if (parts.length === 0) {
-    return /(?!)/;
-  }
-  const escaped = parts.map(escapeRegex).join("[_\\s-]?");
-  const compactLength = parts.reduce((sum, p) => sum + p.length, 0);
-  const useBoundary = compactLength <= WORD_BOUNDARY_THRESHOLD;
-  const source = useBoundary ? `\\b${escaped}\\b` : escaped;
-  return new RegExp(source, "i");
-}
-function namesToPatterns(names) {
-  const patterns = [];
-  for (const name of names) {
-    if (typeof name !== "string" || name.length === 0) continue;
-    patterns.push(nameToRegex(name));
-  }
-  return patterns;
-}
-const DEFAULT_PATTERNS = namesToPatterns(DEFAULT_SENSITIVE_NAMES);
-function createSegmentMatchesSensitive(names = DEFAULT_SENSITIVE_NAMES) {
-  const patterns = names === DEFAULT_SENSITIVE_NAMES ? DEFAULT_PATTERNS : namesToPatterns(names);
-  return (segment) => {
-    if (typeof segment !== "string") return false;
-    for (const p of patterns) {
-      if (p.test(segment)) return true;
-    }
-    return false;
-  };
-}
-function createIsSensitivePath(names = DEFAULT_SENSITIVE_NAMES) {
-  const segmentMatches = createSegmentMatchesSensitive(names);
-  return (path) => {
-    if (typeof path !== "string") {
-      for (const segment of path) {
-        if (segmentMatches(segment)) return true;
-      }
-      return false;
-    }
-    if (path.startsWith("[")) {
-      try {
-        const parsed = JSON.parse(path);
-        if (Array.isArray(parsed)) {
-          for (const segment of parsed) {
-            if (segmentMatches(segment)) return true;
-          }
-          return false;
-        }
-      } catch {
-      }
-    }
-    for (const segment of path.split(".")) {
-      if (segmentMatches(segment)) return true;
-    }
-    return false;
-  };
-}
-const defaultIsSensitivePath = createIsSensitivePath();
-function isSensitivePath(path) {
-  return defaultIsSensitivePath(path);
-}
-const warnedSensitivePersist = __DEV__ ? /* @__PURE__ */ new Set() : null;
-function allowSensitivePersist(path, acknowledged, isSensitive = defaultIsSensitivePath) {
-  if (acknowledged) return true;
-  if (!isSensitive(path)) return true;
-  if (warnedSensitivePersist !== null) {
-    const display = Array.isArray(path) ? path.join(".") : String(path);
-    if (!warnedSensitivePersist.has(display)) {
-      warnedSensitivePersist.add(display);
-      console.warn(
-        `[attaform] Not persisting "${display}" \u2014 it matches a sensitive-name pattern (password / cvv / ssn / token / etc.) and was opted into persistence without \`acknowledgeSensitive: true\`. Storing sensitive data in client-side storage is a compliance risk (PII / PCI-DSS / HIPAA / SOC2). Persist it server-side, or pass \`acknowledgeSensitive: true\` to register() / form.persist() if this is intentional.`
-      );
-    }
-  }
-  return false;
-}
-
-function syncPersistOptIn(el, value, oldValue, vnodeType) {
-  const wasOptedIn = isRegisterValue(oldValue) && oldValue.persist === true;
-  const isFileInput = el.tagName === "INPUT" && (vnodeType === "file" || el.type === "file");
-  const wantsOptIn = !isFileInput && isRegisterValue(value) && value.persist === true;
-  if (!wasOptedIn && !wantsOptIn) return;
-  const elementId = getOrAssignElementId(el);
-  if (wasOptedIn) {
-    const old = oldValue;
-    const samePathAndRegistry = wantsOptIn && value.path === old.path && value.persistOptIns === old.persistOptIns;
-    if (!samePathAndRegistry) {
-      old.persistOptIns.remove(elementId, old.path);
-    }
-  }
-  if (wantsOptIn) {
-    const v = value;
-    if (allowSensitivePersist(v.path, v.acknowledgeSensitive, v.isSensitivePath)) {
-      v.persistOptIns.add(elementId, v.path);
-    }
-  }
-}
-function syncMultiTabOptOut(value, oldValue) {
-  const wasOptedOut = isRegisterValue(oldValue) && oldValue.unmarkNoSync !== void 0;
-  const wantsOptOut = isRegisterValue(value) && value.markNoSync !== void 0;
-  if (!wasOptedOut && !wantsOptOut) return;
-  if (wasOptedOut) {
-    const old = oldValue;
-    const samePath = wantsOptOut && value.path === old.path;
-    if (!samePath) old.unmarkNoSync?.();
-  }
-  if (wantsOptOut) {
-    const v = value;
-    const samePathOld = wasOptedOut && oldValue.path === v.path;
-    if (!samePathOld) v.markNoSync?.();
-  }
-}
 function syncElementRegistration(el, value, oldValue) {
   const wasRegistered = isRegisterValue(oldValue);
   const isRegistered = isRegisterValue(value);
   if (!wasRegistered && !isRegistered) return;
-  const samePathAndStore = wasRegistered && isRegistered && oldValue.path === value.path && oldValue.persistOptIns === value.persistOptIns;
+  const samePathAndStore = wasRegistered && isRegistered && oldValue.path === value.path && oldValue.formKey === value.formKey;
   if (wasRegistered && !samePathAndStore) {
     oldValue.deregisterElement(el);
   }
@@ -1453,8 +1177,6 @@ function getCheckboxValue(el, checked) {
 const warnedUnsupportedElements = __DEV__ ? /* @__PURE__ */ new WeakSet() : null;
 const vRegisterDynamic = {
   created(el, binding, vnode) {
-    syncPersistOptIn(el, binding.value, void 0, vnode.props?.["type"]);
-    syncMultiTabOptOut(binding.value, void 0);
     callModelHook(el, binding, vnode, null, "created");
     if (isRegisterValue(binding.value)) setupAria(el, binding.value, vnode);
   },
@@ -1476,8 +1198,6 @@ const vRegisterDynamic = {
     }
   },
   beforeUpdate(el, binding, vnode, prevVNode) {
-    syncPersistOptIn(el, binding.value, binding.oldValue, vnode.props?.["type"]);
-    syncMultiTabOptOut(binding.value, binding.oldValue);
     syncElementRegistration(el, binding.value, binding.oldValue);
     callModelHook(el, binding, vnode, prevVNode, "beforeUpdate");
     const ariaEl = el;
@@ -1503,10 +1223,6 @@ const vRegisterDynamic = {
     removeTrackedListeners(el);
     teardownAria(el);
     teardownValueSync(el);
-    if (isRegisterValue(value)) {
-      value.persistOptIns.removeAllFor(getOrAssignElementId(el));
-      value.unmarkNoSync?.();
-    }
     if (!isRegisterValue(value)) return;
     value.deregisterElement(el);
     delete el.composing;
@@ -1728,5 +1444,5 @@ function pathsEqual(a, b) {
   return true;
 }
 
-export { AnonPersistError as A, segmentsToDotted as B, coerceToPathKey as C, DEFAULT_SENSITIVE_NAMES as D, isSensitivePath as E, FORM_ERRORS_PATH_KEY as F, createPersistOptInRegistry as G, ensureAttaformInstalled as H, InvalidPathError as I, kFormContext as J, kFormInstanceId as K, createIsSensitivePath as L, REGISTER_OWNER_MARKER as M, kAttaformAncestorWizard as N, OutsideSetupError as O, ROOT_PATH as R, SubmitErrorHandlerError as S, V_REGISTER_MARKER as V, __DEV__ as _, canonicalizePath as a, AttaformError as b, createAttaform as c, InvalidUseFormConfigError as d, ROOT_PATH_KEY as e, RegistryNotInstalledError as f, getRegistryFromApp as g, ReservedFormKeyError as h, assignKey as i, createRegistry as j, kAttaformWizardActiveStepResolver as k, isPathPrefix as l, isRegisterValue as m, kAttaformRegistry as n, pathKeyToDotted as o, parseDottedPath as p, pathsEqual as q, keyForSegments as r, segmentsForPathKey as s, toError as t, useRegistry as u, vRegister as v, INTERACTIVE_TAG_NAMES as w, getOrAssignElementId as x, allowSensitivePersist as y, FORM_ERRORS_PATH as z };
-//# sourceMappingURL=attaform.BKFwekY2.mjs.map
+export { AttaformError as A, kFormInstanceId as B, REGISTER_OWNER_MARKER as C, kAttaformAncestorWizard as D, FORM_ERRORS_PATH_KEY as F, InvalidPathError as I, OutsideSetupError as O, ROOT_PATH as R, SubmitErrorHandlerError as S, V_REGISTER_MARKER as V, __DEV__ as _, canonicalizePath as a, InvalidUseFormConfigError as b, createAttaform as c, ROOT_PATH_KEY as d, RegistryNotInstalledError as e, ReservedFormKeyError as f, getRegistryFromApp as g, assignKey as h, createRegistry as i, isPathPrefix as j, kAttaformWizardActiveStepResolver as k, isRegisterValue as l, kAttaformRegistry as m, pathKeyToDotted as n, pathsEqual as o, parseDottedPath as p, keyForSegments as q, INTERACTIVE_TAG_NAMES as r, segmentsForPathKey as s, toError as t, useRegistry as u, vRegister as v, FORM_ERRORS_PATH as w, coerceToPathKey as x, ensureAttaformInstalled as y, kFormContext as z };
+//# sourceMappingURL=attaform.BhI9Icek.mjs.map