schema-components 1.18.1 → 1.20.0

package/dist/core/swagger2.d.mts

@@ -1,4 +1,4 @@
-import { i as DiagnosticsOptions } from "../diagnostics-BYk63jsC.mjs";
+import { i as DiagnosticsOptions } from "../diagnostics-CbBPsxSt.mjs";
 import { NodeTransform } from "./normalise.mjs";
 
 //#region src/core/swagger2.d.ts

package/dist/core/swagger2.mjs

@@ -1,2 +1,2 @@
-import { a as normaliseSwagger2Document } from "../normalise-tL9FckAk.mjs";
+import { o as normaliseSwagger2Document } from "../normalise-CMMEl4cd.mjs";
 export { normaliseSwagger2Document };

package/dist/core/typeInference.d.mts

@@ -1,2 +1,2 @@
-import { a as InferResponseFields, c as PathOfType, d as UnsafeFields, f as __SchemaInferenceFellBack, i as InferRequestBodyFields, l as ResolveOpenAPIRef, n as FromJSONSchema, o as OpenAPIRequestBodyType, r as InferParameterOverrides, s as OpenAPIResponseType, t as DEFAULT_MAX_DEPTH, u as TypeAtPath } from "../typeInference-5JiqIZ8t.mjs";
-export { DEFAULT_MAX_DEPTH, FromJSONSchema, InferParameterOverrides, InferRequestBodyFields, InferResponseFields, OpenAPIRequestBodyType, OpenAPIResponseType, PathOfType, ResolveOpenAPIRef, TypeAtPath, UnsafeFields, __SchemaInferenceFellBack };
+import { a as InferResponseFields, c as PathOfType, d as TypeAtPath, f as UnrepresentableZodSchemaError, h as __SchemaInferenceFellBack, i as InferRequestBodyFields, l as RejectUnrepresentableZod, m as UnsafeFields, n as FromJSONSchema, o as OpenAPIRequestBodyType, p as UnrepresentableZodType, r as InferParameterOverrides, s as OpenAPIResponseType, t as DEFAULT_MAX_DEPTH, u as ResolveOpenAPIRef } from "../typeInference-CDoD_LZ_.mjs";
+export { DEFAULT_MAX_DEPTH, FromJSONSchema, InferParameterOverrides, InferRequestBodyFields, InferResponseFields, OpenAPIRequestBodyType, OpenAPIResponseType, PathOfType, RejectUnrepresentableZod, ResolveOpenAPIRef, TypeAtPath, UnrepresentableZodSchemaError, UnrepresentableZodType, UnsafeFields, __SchemaInferenceFellBack };

package/dist/core/types.d.mts

@@ -1,2 +1,2 @@
-import { A as UnionField, B as isNegationField, C as RecordField, D as StringConstraints, E as SchemaType, F as isConditionalField, G as isRecordField, H as isNullField, I as isDiscriminatedUnionField, J as isTupleField, K as isRecursiveField, L as isEnumField, M as WalkedField, N as isArrayField, O as StringField, P as isBooleanField, R as isFileField, S as ObjectField, T as SchemaMeta, U as isNumberField, V as isNeverField, W as isObjectField, X as isUnknownField, Y as isUnionField, Z as resolveEditability, _ as NeverField, a as DiscriminatedUnionField, b as NumberField, c as FieldBase, d as FieldOverrides, f as FileConstraints, g as NegationField, h as LiteralField, i as ConditionalField, j as UnknownField, k as TupleField, l as FieldConstraints, m as JsonObject, n as ArrayField, o as Editability, p as FileField, q as isStringField, r as BooleanField, s as EnumField, t as ArrayConstraints, u as FieldOverride, v as NullField, w as RecursiveField, x as ObjectConstraints, y as NumberConstraints, z as isLiteralField } from "../types-D_5ST7SS.mjs";
+import { A as UnionField, B as isNegationField, C as RecordField, D as StringConstraints, E as SchemaType, F as isConditionalField, G as isRecordField, H as isNullField, I as isDiscriminatedUnionField, J as isTupleField, K as isRecursiveField, L as isEnumField, M as WalkedField, N as isArrayField, O as StringField, P as isBooleanField, R as isFileField, S as ObjectField, T as SchemaMeta, U as isNumberField, V as isNeverField, W as isObjectField, X as isUnknownField, Y as isUnionField, Z as resolveEditability, _ as NeverField, a as DiscriminatedUnionField, b as NumberField, c as FieldBase, d as FieldOverrides, f as FileConstraints, g as NegationField, h as LiteralField, i as ConditionalField, j as UnknownField, k as TupleField, l as FieldConstraints, m as JsonObject, n as ArrayField, o as Editability, p as FileField, q as isStringField, r as BooleanField, s as EnumField, t as ArrayConstraints, u as FieldOverride, v as NullField, w as RecursiveField, x as ObjectConstraints, y as NumberConstraints, z as isLiteralField } from "../types-C9zw9wbX.mjs";
 export { ArrayConstraints, ArrayField, BooleanField, ConditionalField, DiscriminatedUnionField, Editability, EnumField, FieldBase, FieldConstraints, FieldOverride, FieldOverrides, FileConstraints, FileField, JsonObject, LiteralField, NegationField, NeverField, NullField, NumberConstraints, NumberField, ObjectConstraints, ObjectField, RecordField, RecursiveField, SchemaMeta, SchemaType, StringConstraints, StringField, TupleField, UnionField, UnknownField, WalkedField, isArrayField, isBooleanField, isConditionalField, isDiscriminatedUnionField, isEnumField, isFileField, isLiteralField, isNegationField, isNeverField, isNullField, isNumberField, isObjectField, isRecordField, isRecursiveField, isStringField, isTupleField, isUnionField, isUnknownField, resolveEditability };

package/dist/core/uri.d.mts

@@ -0,0 +1,41 @@
+//#region src/core/uri.d.ts
+/**
+ * URI safety helpers shared by HTML and React renderers.
+ *
+ * User-supplied URI values flow into anchor `href` attributes. Without
+ * scheme validation a value such as `javascript:alert(1)` becomes a
+ * clickable XSS sink — HTML escaping does not help, since the dangerous
+ * payload sits inside the scheme rather than the body of the attribute.
+ *
+ * These helpers exist so the HTML renderer (`html/renderers.ts`) and the
+ * React renderer (`react/headlessRenderers.tsx`) apply identical rules
+ * when deciding whether a string is safe to render as an `href`.
+ */
+/**
+ * Decide whether `value` is safe to use as an anchor `href`.
+ *
+ * Returns `true` when the value is either a relative reference (no scheme
+ * component) or an absolute URI using `http`/`https`. Returns `false`
+ * for any other scheme, including dangerous ones like `javascript:` and
+ * `data:`.
+ */
+declare function isSafeHyperlink(value: string): boolean;
+/**
+ * Decide whether `value` is safe to interpolate into a `mailto:` URI.
+ *
+ * The check rejects values that do not match the standard email format
+ * pattern. The format pattern excludes whitespace, which means a CRLF
+ * sequence (or its percent-encoded form embedded by the caller) cannot
+ * pass — eliminating the SMTP/`mailto` header-injection vector.
+ */
+declare function isSafeMailtoAddress(value: string): boolean;
+/**
+ * Decide whether `key` is one of the prototype-polluting property names
+ * (`__proto__`, `constructor`, `prototype`).
+ *
+ * Used by JSON Pointer resolvers and by the JSON Schema `properties`
+ * walker to refuse traversal into these names.
+ */
+declare function isPrototypePollutingKey(key: string): boolean;
+//#endregion
+export { isPrototypePollutingKey, isSafeHyperlink, isSafeMailtoAddress };

package/dist/core/uri.mjs

@@ -0,0 +1,76 @@
+import { EMAIL_FORMAT_PATTERN } from "./formats.mjs";
+//#region src/core/uri.ts
+/**
+* URI safety helpers shared by HTML and React renderers.
+*
+* User-supplied URI values flow into anchor `href` attributes. Without
+* scheme validation a value such as `javascript:alert(1)` becomes a
+* clickable XSS sink — HTML escaping does not help, since the dangerous
+* payload sits inside the scheme rather than the body of the attribute.
+*
+* These helpers exist so the HTML renderer (`html/renderers.ts`) and the
+* React renderer (`react/headlessRenderers.tsx`) apply identical rules
+* when deciding whether a string is safe to render as an `href`.
+*/
+/**
+* Match the scheme portion of an absolute URI (RFC 3986 production
+* `scheme ":"`). Leading ASCII whitespace is tolerated because browsers
+* strip it before parsing the scheme; any other prefix (including raw
+* control characters) keeps the value out of the safe-scheme branch.
+*/
+const ABSOLUTE_URI_SCHEME = /^\s*([a-z][a-z0-9+\-.]*):/i;
+/**
+* Schemes safe to emit unmodified into an `href` attribute. Anything
+* outside this set — most importantly `javascript:`, `data:`, `vbscript:`
+* and `file:` — is rejected and rendered as text.
+*/
+const SAFE_HYPERLINK_SCHEMES = new Set(["http", "https"]);
+/**
+* Decide whether `value` is safe to use as an anchor `href`.
+*
+* Returns `true` when the value is either a relative reference (no scheme
+* component) or an absolute URI using `http`/`https`. Returns `false`
+* for any other scheme, including dangerous ones like `javascript:` and
+* `data:`.
+*/
+function isSafeHyperlink(value) {
+	const match = ABSOLUTE_URI_SCHEME.exec(value);
+	if (match === null) return true;
+	const scheme = match[1];
+	if (scheme === void 0) return false;
+	return SAFE_HYPERLINK_SCHEMES.has(scheme.toLowerCase());
+}
+/**
+* Decide whether `value` is safe to interpolate into a `mailto:` URI.
+*
+* The check rejects values that do not match the standard email format
+* pattern. The format pattern excludes whitespace, which means a CRLF
+* sequence (or its percent-encoded form embedded by the caller) cannot
+* pass — eliminating the SMTP/`mailto` header-injection vector.
+*/
+function isSafeMailtoAddress(value) {
+	return EMAIL_FORMAT_PATTERN.test(value);
+}
+/**
+* Property names that must never be traversed via dynamic indexing on an
+* untrusted object. Walking into any of these returns `Object.prototype`
+* (or similar) and lets an attacker plant fields visible to every plain
+* object in the runtime.
+*/
+const PROTOTYPE_POLLUTING_KEYS = new Set([
+	"__proto__",
+	"constructor",
+	"prototype"
+]);
+/**
+* Decide whether `key` is one of the prototype-polluting property names
+* (`__proto__`, `constructor`, `prototype`).
+*
+* Used by JSON Pointer resolvers and by the JSON Schema `properties`
+* walker to refuse traversal into these names.
+*/
+function isPrototypePollutingKey(key) {
+	return PROTOTYPE_POLLUTING_KEYS.has(key);
+}
+//#endregion
+export { isPrototypePollutingKey, isSafeHyperlink, isSafeMailtoAddress };

package/dist/core/version.d.mts

@@ -1,2 +1,2 @@
-import { a as detectOpenApiVersion, c as isOpenApi30, i as detectJsonSchemaDraft, l as isOpenApi31, n as JsonSchemaDraft, o as inferJsonSchemaDraft, r as OpenApiVersionInfo, s as inferJsonSchemaDraftWithReason, t as InferredDraft, u as isSwagger2 } from "../version-B5NV-35j.mjs";
-export { InferredDraft, JsonSchemaDraft, OpenApiVersionInfo, detectJsonSchemaDraft, detectOpenApiVersion, inferJsonSchemaDraft, inferJsonSchemaDraftWithReason, isOpenApi30, isOpenApi31, isSwagger2 };
+import { a as detectJsonSchemaDraft, c as inferJsonSchemaDraftWithReason, d as isSwagger2, f as matchJsonSchemaDraftUri, i as OpenApiVersionInfo, l as isOpenApi30, n as JsonSchemaDialectInfo, o as detectOpenApiVersion, p as readJsonSchemaDialect, r as JsonSchemaDraft, s as inferJsonSchemaDraft, t as InferredDraft, u as isOpenApi31 } from "../version-D-u7aMfy.mjs";
+export { InferredDraft, JsonSchemaDialectInfo, JsonSchemaDraft, OpenApiVersionInfo, detectJsonSchemaDraft, detectOpenApiVersion, inferJsonSchemaDraft, inferJsonSchemaDraftWithReason, isOpenApi30, isOpenApi31, isSwagger2, matchJsonSchemaDraftUri, readJsonSchemaDialect };

package/dist/core/version.mjs

@@ -15,6 +15,22 @@ const DRAFT_URIS = new Map([
 	["https://json-schema.org/draft-04/schema#", "draft-04"]
 ]);
 /**
+* Match a `$schema` URI string to a known draft. Returns `undefined`
+* when the URI matches none of the documented Draft 04 – Draft 2020-12
+* schema URIs (including the known prefix patterns) — callers can use
+* this to distinguish an authoritative match from a silent fallback.
+*/
+function matchJsonSchemaDraftUri(uri) {
+	const exact = DRAFT_URIS.get(uri);
+	if (exact !== void 0) return exact;
+	for (const [draftUri, draft] of DRAFT_URIS) if (uri.startsWith(draftUri) || uri === draftUri) return draft;
+	if (uri.includes("/draft/2020-12/")) return "draft-2020-12";
+	if (uri.includes("/draft/2019-09/")) return "draft-2019-09";
+	if (uri.includes("/draft-07")) return "draft-07";
+	if (uri.includes("/draft-06")) return "draft-06";
+	if (uri.includes("/draft-04")) return "draft-04";
+}
+/**
 * Detect the JSON Schema draft version from a schema's `$schema` URI.
 * When `$schema` is absent, uses heuristic keyword detection via
 * `inferJsonSchemaDraft` to guess the draft version.
@@ -24,14 +40,8 @@ const DRAFT_URIS = new Map([
 function detectJsonSchemaDraft(schema) {
 	const $schema = schema.$schema;
 	if (typeof $schema === "string") {
-		const exact = DRAFT_URIS.get($schema);
-		if (exact !== void 0) return exact;
-		for (const [uri, draft] of DRAFT_URIS) if ($schema.startsWith(uri) || $schema === uri) return draft;
-		if ($schema.includes("/draft/2020-12/")) return "draft-2020-12";
-		if ($schema.includes("/draft/2019-09/")) return "draft-2019-09";
-		if ($schema.includes("/draft-07")) return "draft-07";
-		if ($schema.includes("/draft-06")) return "draft-06";
-		if ($schema.includes("/draft-04")) return "draft-04";
+		const matched = matchJsonSchemaDraftUri($schema);
+		if (matched !== void 0) return matched;
 		return "draft-2020-12";
 	}
 	return inferJsonSchemaDraft(schema);
@@ -147,5 +157,29 @@ function isOpenApi31(version) {
 function isSwagger2(version) {
 	return version.major === 2;
 }
+/**
+* Inspect an OpenAPI 3.1 document for a `jsonSchemaDialect` declaration.
+*
+* Per the OpenAPI 3.1 spec, an OpenAPI document may declare the default
+* JSON Schema dialect for its Schema Objects via the top-level
+* `jsonSchemaDialect` URI. Real-world 3.1 documents overwhelmingly omit
+* the keyword and rely on the spec-defined Draft 2020-12 default — this
+* helper surfaces the declaration so the normaliser can either honour a
+* known dialect or emit a diagnostic for an unknown one.
+*/
+function readJsonSchemaDialect(doc) {
+	const value = doc.jsonSchemaDialect;
+	if (typeof value !== "string") return { kind: "absent" };
+	const draft = matchJsonSchemaDraftUri(value);
+	if (draft === void 0) return {
+		kind: "unknown",
+		uri: value
+	};
+	return {
+		kind: "known",
+		uri: value,
+		draft
+	};
+}
 //#endregion
-export { detectJsonSchemaDraft, detectOpenApiVersion, inferJsonSchemaDraft, inferJsonSchemaDraftWithReason, isOpenApi30, isOpenApi31, isSwagger2 };
+export { detectJsonSchemaDraft, detectOpenApiVersion, inferJsonSchemaDraft, inferJsonSchemaDraftWithReason, isOpenApi30, isOpenApi31, isSwagger2, matchJsonSchemaDraftUri, readJsonSchemaDialect };

package/dist/core/walkBuilders.d.mts

@@ -1,6 +1,6 @@
-import { M as WalkedField, O as StringField, T as SchemaMeta, b as NumberField, c as FieldBase, j as UnknownField, o as Editability, p as FileField, r as BooleanField, v as NullField } from "../types-D_5ST7SS.mjs";
-import { i as DiagnosticsOptions } from "../diagnostics-BYk63jsC.mjs";
-import { t as ExternalResolver } from "../ref-Ckt5liZs.mjs";
+import { M as WalkedField, O as StringField, T as SchemaMeta, b as NumberField, c as FieldBase, j as UnknownField, o as Editability, p as FileField, r as BooleanField, v as NullField } from "../types-C9zw9wbX.mjs";
+import { i as DiagnosticsOptions } from "../diagnostics-CbBPsxSt.mjs";
+import { t as ExternalResolver } from "../ref-C8JbwfiS.mjs";
 
 //#region src/core/walkBuilders.d.ts
 declare function getString(obj: Record<string, unknown>, key: string): string | undefined;

package/dist/core/walker.d.mts

@@ -1,4 +1,4 @@
-import { M as WalkedField } from "../types-D_5ST7SS.mjs";
+import { M as WalkedField } from "../types-C9zw9wbX.mjs";
 import { WalkOptions } from "./walkBuilders.mjs";
 
 //#region src/core/walker.d.ts

package/dist/core/walker.mjs

@@ -3,6 +3,7 @@ import { appendPointer, emitDiagnostic } from "./diagnostics.mjs";
 import { countDistinctRefs, resolveRef } from "./ref.mjs";
 import { extractArrayConstraints, extractObjectConstraints, stripInapplicableConstraints } from "./constraints.mjs";
 import { ANNOTATION_SIBLINGS, detectDiscriminated, mergeAllOf, mergeRefSiblings, normaliseAnyOf } from "./merge.mjs";
+import { isPrototypePollutingKey } from "./uri.mjs";
 import { buildBase, buildBooleanField, buildFileField, buildNullField, buildNumberField, buildStringField, buildUnknownField, extractChildOverride, extractSchemaMetaFields, getArray, getObject, getString, isPrimitive, walkDependentRequiredMap, walkSubSchemaMap, withoutKeys } from "./walkBuilders.mjs";
 //#region src/core/walker.ts
 /**
@@ -236,11 +237,28 @@ function walkBoolean(schema, ctx) {
 	return buildBooleanField(schema, ctx);
 }
 function walkEnum(schema, enumValues, ctx) {
+	const accepted = [];
+	for (let i = 0; i < enumValues.length; i++) {
+		const v = enumValues[i];
+		if (isPrimitive(v)) {
+			accepted.push(v);
+			continue;
+		}
+		emitDiagnostic(ctx.diagnostics, {
+			code: "enum-value-filtered",
+			message: `enum value at index ${String(i)} is not a primitive (${v === void 0 ? "undefined" : typeof v}); dropping the entry`,
+			pointer: appendPointer(ctx.pointer, `enum/${String(i)}`),
+			detail: {
+				index: i,
+				value: v
+			}
+		});
+	}
 	return {
 		...buildBase(schema, ctx),
 		type: "enum",
 		constraints: {},
-		enumValues: enumValues.filter((v) => typeof v === "string" || typeof v === "number" || typeof v === "boolean" || v === null)
+		enumValues: accepted
 	};
 }
 function walkLiteral(schema, ctx) {
@@ -254,9 +272,35 @@ function walkLiteral(schema, ctx) {
 	};
 }
 function walkObject(schema, properties, ctx) {
-	const requiredFields = getArray(schema, "required")?.filter((r) => typeof r === "string") ?? [];
+	const required = getArray(schema, "required");
+	const requiredFields = [];
+	if (required !== void 0) for (let i = 0; i < required.length; i++) {
+		const r = required[i];
+		if (typeof r === "string") {
+			requiredFields.push(r);
+			continue;
+		}
+		emitDiagnostic(ctx.diagnostics, {
+			code: "required-non-string",
+			message: `required[${String(i)}] is not a string (${r === null ? "null" : typeof r}); dropping the entry`,
+			pointer: appendPointer(ctx.pointer, `required/${String(i)}`),
+			detail: {
+				index: i,
+				value: r
+			}
+		});
+	}
 	const fields = {};
 	for (const [key, propSchema] of Object.entries(properties)) {
+		if (isPrototypePollutingKey(key)) {
+			emitDiagnostic(ctx.diagnostics, {
+				code: "prototype-polluting-property",
+				message: `Refusing to register prototype-polluting property name: ${key}`,
+				pointer: appendPointer(ctx.pointer, key),
+				detail: { propertyName: key }
+			});
+			continue;
+		}
 		const childOverride = extractChildOverride(ctx.fieldOverrides, key);
 		const isRequired = requiredFields.includes(key);
 		const childCtx = {
@@ -343,11 +387,14 @@ function walkArray(schema, ctx) {
 	const prefixItems = getArray(schema, "prefixItems");
 	if (prefixItems !== void 0) {
 		const walkedItems = prefixItems.filter(isObject).map((item) => walkNode(item, ctx));
+		const restSchema = getObject(schema, "items");
+		const restItems = restSchema !== void 0 ? walkNode(restSchema, ctx) : void 0;
 		return {
 			...buildBase(schema, ctx),
 			type: "tuple",
 			constraints: extractArrayConstraints(schema),
-			prefixItems: walkedItems
+			prefixItems: walkedItems,
+			...restItems !== void 0 ? { restItems } : {}
 		};
 	}
 	const unevaluatedItemsSchema = getObject(schema, "unevaluatedItems");

package/dist/{diagnostics-BYk63jsC.d.mts → diagnostics-CbBPsxSt.d.mts}

@@ -16,7 +16,7 @@
  * Machine-readable codes identifying each class of diagnostic.
  * Stable across releases — consumers can pattern-match on these.
  */
-type DiagnosticCode = "unresolved-ref" | "unknown-keyword" | "unknown-format" | "invalid-const" | "unsupported-type" | "dropped-swagger-feature" | "external-ref" | "type-negation-fallback" | "conditional-fallback" | "assumed-draft" | "depth-exceeded" | "allof-conflict" | "discriminator-inconsistent";
+type DiagnosticCode = "unresolved-ref" | "unknown-keyword" | "unknown-format" | "invalid-const" | "unsupported-type" | "dropped-swagger-feature" | "external-ref" | "type-negation-fallback" | "conditional-fallback" | "assumed-draft" | "depth-exceeded" | "allof-conflict" | "discriminator-inconsistent" | "divisible-by-conflict" | "legacy-dependencies-split" | "dependent-required-invalid" | "unknown-json-schema-dialect" | "relative-ref-resolved" | "bare-exclusive-bound" | "enum-value-filtered" | "required-non-string" | "pattern-invalid" | "duplicate-body-parameter" | "prototype-polluting-property";
 /**
  * A single diagnostic emitted during schema processing.
  */

package/dist/{errors-C5zRC2PU.d.mts → errors-C2iABcn9.d.mts}

@@ -27,8 +27,20 @@ declare class SchemaError extends Error {
  * JSON Schema, missing OpenAPI ref, unsupported ref format.
  */
 declare class SchemaNormalisationError extends SchemaError {
-  readonly kind: "invalid-zod" | "zod3-unsupported" | "invalid-json-schema" | "openapi-missing-ref" | "openapi-invalid" | "unknown";
-  constructor(message: string, schema: unknown, kind: SchemaNormalisationError["kind"]);
+  readonly kind: "invalid-zod" | "zod3-unsupported" | "zod-transform-unsupported" | "zod-type-unrepresentable" | "zod-conversion-failed" | "invalid-json-schema" | "openapi-missing-ref" | "openapi-invalid" | "unknown";
+  /**
+   * For `zod-type-unrepresentable`, the offending Zod type name
+   * (e.g. "bigint", "date", "map", "set"). `undefined` for other kinds.
+   */
+  readonly zodType: string | undefined;
+  /**
+   * The original underlying error, when this normalisation error wraps
+   * another exception (typically the error thrown by `z.toJSONSchema()`).
+   * Preserves the source stack trace so the root cause is not lost when
+   * the classifier translates the message.
+   */
+  readonly cause: unknown;
+  constructor(message: string, schema: unknown, kind: SchemaNormalisationError["kind"], zodType?: string, cause?: unknown);
 }
 /**
  * A theme adapter's render function threw during rendering.

package/dist/html/a11y.d.mts

@@ -1,5 +1,5 @@
-import { M as WalkedField } from "../types-D_5ST7SS.mjs";
-import { t as AllConstraints } from "../renderer-BAGoX4AK.mjs";
+import { M as WalkedField } from "../types-C9zw9wbX.mjs";
+import { t as AllConstraints } from "../renderer-SOIbJBtk.mjs";
 import { HtmlAttributes, HtmlNode } from "./html.mjs";
 
 //#region src/html/a11y.d.ts

package/dist/html/renderToHtml.d.mts

@@ -1,5 +1,5 @@
-import { T as SchemaMeta } from "../types-D_5ST7SS.mjs";
-import { o as HtmlResolver } from "../renderer-BAGoX4AK.mjs";
+import { T as SchemaMeta } from "../types-C9zw9wbX.mjs";
+import { o as HtmlResolver } from "../renderer-SOIbJBtk.mjs";
 
 //#region src/html/renderToHtml.d.ts
 interface RenderToHtmlOptions {

package/dist/html/renderToHtmlStream.d.mts

@@ -1,5 +1,5 @@
-import { T as SchemaMeta } from "../types-D_5ST7SS.mjs";
-import { o as HtmlResolver } from "../renderer-BAGoX4AK.mjs";
+import { T as SchemaMeta } from "../types-C9zw9wbX.mjs";
+import { o as HtmlResolver } from "../renderer-SOIbJBtk.mjs";
 
 //#region src/html/renderToHtmlStream.d.ts
 interface StreamRenderOptions {

package/dist/html/renderers.d.mts

@@ -1,5 +1,5 @@
-import { M as WalkedField } from "../types-D_5ST7SS.mjs";
-import { o as HtmlResolver } from "../renderer-BAGoX4AK.mjs";
+import { M as WalkedField } from "../types-C9zw9wbX.mjs";
+import { o as HtmlResolver } from "../renderer-SOIbJBtk.mjs";
 
 //#region src/html/renderers.d.ts
 declare function dateInputType(format: string | undefined): string | undefined;

package/dist/html/renderers.mjs

@@ -1,4 +1,5 @@
 import { sortFieldsByOrder } from "../core/fieldOrder.mjs";
+import { isSafeHyperlink, isSafeMailtoAddress } from "../core/uri.mjs";
 import { h, raw, serialize } from "./html.mjs";
 import { ariaDescribedByAttrs, ariaLabelAttrs, ariaReadonlyAttrs, ariaRequiredAttrs, buildHintElement, buildInputId, requiredIndicator } from "./a11y.mjs";
 //#region src/html/renderers.ts
@@ -26,12 +27,12 @@ function renderStringReadOnly(props) {
 		...ariaReadonlyAttrs()
 	}, "—");
 	const format = props.constraints.format;
-	if (format === "email") return h("a", {
+	if (format === "email" && isSafeMailtoAddress(strValue)) return h("a", {
 		class: "sc-value",
 		href: `mailto:${strValue}`,
 		...ariaReadonlyAttrs()
 	}, strValue);
-	if (format === "uri" || format === "url") return h("a", {
+	if ((format === "uri" || format === "url") && isSafeHyperlink(strValue)) return h("a", {
 		class: "sc-value",
 		href: strValue,
 		...ariaReadonlyAttrs()
@@ -356,6 +357,7 @@ function renderTupleHtml(props) {
 	if (props.tree.type !== "tuple") return renderUnknownHtml(props);
 	const arr = Array.isArray(props.value) ? props.value : [];
 	const prefixItems = props.tree.prefixItems;
+	const restItems = props.tree.restItems;
 	const children = [];
 	for (let i = 0; i < prefixItems.length; i++) {
 		const itemValue = arr[i];
@@ -364,6 +366,11 @@ function renderTupleHtml(props) {
 		const childHtml = props.renderChild(element, itemValue, `[${String(i)}]`);
 		children.push(h("div", { class: "sc-tuple-item" }, h("span", { class: "sc-tuple-index" }, String(i)), raw(childHtml)));
 	}
+	if (restItems !== void 0) for (let i = prefixItems.length; i < arr.length; i++) {
+		const itemValue = arr[i];
+		const childHtml = props.renderChild(restItems, itemValue, `[${String(i)}]`);
+		children.push(h("div", { class: "sc-tuple-item sc-tuple-rest" }, h("span", { class: "sc-tuple-index" }, String(i)), raw(childHtml)));
+	}
 	return serialize(h("div", { class: "sc-tuple" }, ...children));
 }
 function renderConditionalHtml(props) {
@@ -378,6 +385,32 @@ function renderConditionalHtml(props) {
 function renderNegationHtml(props) {
 	return serialize(h("div", { class: "sc-negation" }, raw("not: ...")));
 }
+/**
+* Render a null field — `z.null()` or `{ type: "null" }`.
+*
+* The only valid value is `null`, so render an em-dash placeholder.
+*/
+function renderNullHtml(props) {
+	return serialize(h("span", {
+		class: "sc-value sc-value--empty",
+		id: fieldId(props.path),
+		...ariaReadonlyAttrs()
+	}, "—"));
+}
+/**
+* Render a never field — `z.never()` or a `false` schema.
+*
+* `never` indicates a position that cannot hold any value. Render a
+* visible placeholder rather than throwing because some valid schemas
+* intentionally contain `never` branches.
+*/
+function renderNeverHtml(props) {
+	return serialize(h("span", {
+		class: "sc-value sc-never",
+		id: fieldId(props.path),
+		...ariaReadonlyAttrs()
+	}, h("em", {}, "never matches")));
+}
 function matchUnionOption(options, value) {
 	if (typeof value === "string") return options.find((o) => o.type === "string" || o.type === "enum");
 	if (typeof value === "number") return options.find((o) => o.type === "number");
@@ -389,6 +422,7 @@ const defaultHtmlResolver = {
 	string: renderStringHtml,
 	number: renderNumberHtml,
 	boolean: renderBooleanHtml,
+	null: renderNullHtml,
 	enum: renderEnumHtml,
 	object: renderObjectHtml,
 	array: renderArrayHtml,
@@ -401,6 +435,7 @@ const defaultHtmlResolver = {
 	negation: renderNegationHtml,
 	recursive: renderRecursiveHtml,
 	file: renderFileHtml,
+	never: renderNeverHtml,
 	unknown: renderUnknownHtml
 };
 //#endregion

package/dist/html/streamRenderers.d.mts

@@ -1,5 +1,5 @@
-import { M as WalkedField } from "../types-D_5ST7SS.mjs";
-import { o as HtmlResolver } from "../renderer-BAGoX4AK.mjs";
+import { M as WalkedField } from "../types-C9zw9wbX.mjs";
+import { o as HtmlResolver } from "../renderer-SOIbJBtk.mjs";
 import { HtmlElement } from "./html.mjs";
 
 //#region src/html/streamRenderers.d.ts