schema-components 1.29.0 → 2.0.1

package/dist/core/merge.mjs

@@ -1,5 +1,6 @@
 import { isObject } from "./guards.mjs";
-import { emitDiagnostic } from "./diagnostics.mjs";
+import { appendPointer, emitDiagnostic } from "./diagnostics.mjs";
+import { isPrototypePollutingKey } from "./uri.mjs";
 //#region src/core/merge.ts
 /**
 * Schema merging, nullable detection, and discriminated union detection.
@@ -137,7 +138,18 @@ function mergeAllOf(schemas, diagnostics, pointer = "") {
 		if (entry === true) continue;
 		if (!isObject(entry)) continue;
 		const props = getObject(entry, "properties");
-		if (props !== void 0) for (const [key, value] of Object.entries(props)) properties[key] = value;
+		if (props !== void 0) for (const [key, value] of Object.entries(props)) {
+			if (isPrototypePollutingKey(key)) {
+				emitDiagnostic(diagnostics, {
+					code: "prototype-polluting-property",
+					message: `Refusing to merge prototype-polluting property name from allOf branch: ${key}`,
+					pointer: appendPointer(pointer, `properties/${key}`),
+					detail: { propertyName: key }
+				});
+				continue;
+			}
+			properties[key] = value;
+		}
 		const req = getArray(entry, "required");
 		if (req !== void 0) {
 			for (const r of req) if (typeof r === "string" && !required.includes(r)) required.push(r);
@@ -232,6 +244,17 @@ function normaliseAnyOf(options) {
 * uses `kind` while another uses `type`) detection fails and a
 * `discriminator-inconsistent` diagnostic is emitted so callers can
 * see why the union falls back to a generic oneOf.
+*
+* When two or more options share the same discriminator `const` value,
+* the union is still treated as discriminated — the first-match
+* behaviour in `resolveDiscriminatedActive` (in `core/unionMatch.ts`)
+* resolves the active option — but a `discriminator-duplicate`
+* diagnostic is emitted so the unreachable branch is visible to the
+* consumer. Changing the behaviour to fall back to a generic union
+* would be a silent regression for the much commoner case of two
+* intentionally-identical discriminator values appearing in distinct
+* sub-schemas (e.g. an `allOf`-driven hierarchy where the base option
+* duplicates the leaf).
 */
 function detectDiscriminated(options, diagnostics, pointer = "") {
 	if (options.length === 0) return void 0;
@@ -263,10 +286,50 @@ function detectDiscriminated(options, diagnostics, pointer = "") {
 		return;
 	}
 	if (discriminator === void 0) return void 0;
+	const objectOptions = options.filter(isObject);
+	emitDuplicateDiscriminatorDiagnostic(objectOptions, discriminator, diagnostics, pointer);
 	return {
-		options: options.filter(isObject),
+		options: objectOptions,
 		discriminator
 	};
 }
+/**
+* Inspect the discriminator `const` value declared on each option and
+* emit a `discriminator-duplicate` diagnostic when two or more options
+* share the same value. The diagnostic detail carries the offending
+* value plus the indices of the colliding options so consumers can
+* point at them directly.
+*/
+function emitDuplicateDiscriminatorDiagnostic(options, discriminator, diagnostics, pointer) {
+	const groups = /* @__PURE__ */ new Map();
+	for (const [index, option] of options.entries()) {
+		const props = getObject(option, "properties");
+		if (props === void 0) continue;
+		const discriminatorSchema = getObject(props, discriminator);
+		if (discriminatorSchema === void 0) continue;
+		if (!("const" in discriminatorSchema)) continue;
+		const constValue = discriminatorSchema.const;
+		const key = JSON.stringify(constValue);
+		const existing = groups.get(key);
+		if (existing === void 0) groups.set(key, {
+			value: constValue,
+			indices: [index]
+		});
+		else existing.indices.push(index);
+	}
+	for (const { value, indices } of groups.values()) {
+		if (indices.length < 2) continue;
+		emitDiagnostic(diagnostics, {
+			code: "discriminator-duplicate",
+			message: `oneOf options ${indices.join(", ")} share the same discriminator value for "${discriminator}" (${JSON.stringify(value)}); only the first option is reachable`,
+			pointer,
+			detail: {
+				discriminator,
+				value,
+				indices
+			}
+		});
+	}
+}
 //#endregion
 export { ANNOTATION_SIBLINGS, detectDiscriminated, mergeAllOf, mergeRefSiblings, normaliseAnyOf };

package/dist/core/normalise.d.mts

@@ -1,4 +1,4 @@
-import { i as DiagnosticsOptions } from "../diagnostics-ByEzkjrA.mjs";
+import { i as DiagnosticsOptions } from "../diagnostics-BTrm3O6J.mjs";
 import { i as OpenApiVersionInfo, r as JsonSchemaDraft } from "../version-DL8U5RuA.mjs";
 
 //#region src/core/normalise.d.ts

package/dist/core/normalise.mjs

@@ -1,2 +1,2 @@
-import { a as normaliseJsonSchema, i as normaliseDraft04Node, n as deepNormaliseWithContext, o as normaliseOpenApiSchemas, r as documentContainsKeyword, s as selectDraftTransform, t as deepNormalise } from "../normalise-Db1xaxgx.mjs";
+import { a as normaliseJsonSchema, i as normaliseDraft04Node, n as deepNormaliseWithContext, o as normaliseOpenApiSchemas, r as documentContainsKeyword, s as selectDraftTransform, t as deepNormalise } from "../normalise-DB-Xtjmn.mjs";
 export { deepNormalise, deepNormaliseWithContext, documentContainsKeyword, normaliseDraft04Node, normaliseJsonSchema, normaliseOpenApiSchemas, selectDraftTransform };

package/dist/core/openapi30.mjs

@@ -1,2 +1,2 @@
-import { d as deepNormaliseOpenApiDoc, f as liftExampleToExamples, h as normaliseOpenApi30Node, l as applyDiscriminatorAllOfPrepass, m as normaliseOpenApi30Discriminator, p as normaliseOpenApi30Combined, u as deepNormaliseOpenApi30Doc } from "../normalise-Db1xaxgx.mjs";
+import { d as deepNormaliseOpenApiDoc, f as liftExampleToExamples, h as normaliseOpenApi30Node, l as applyDiscriminatorAllOfPrepass, m as normaliseOpenApi30Discriminator, p as normaliseOpenApi30Combined, u as deepNormaliseOpenApi30Doc } from "../normalise-DB-Xtjmn.mjs";
 export { applyDiscriminatorAllOfPrepass, deepNormaliseOpenApi30Doc, deepNormaliseOpenApiDoc, liftExampleToExamples, normaliseOpenApi30Combined, normaliseOpenApi30Discriminator, normaliseOpenApi30Node };

package/dist/core/ref.d.mts

@@ -1,2 +1,2 @@
-import { a as dereference, i as countDistinctRefs, n as RECURSIVE_ANCHOR_SENTINEL, o as findAnchor, r as RefOptions, s as resolveRef, t as ExternalResolver } from "../ref-CPh8rKQ3.mjs";
+import { a as dereference, i as countDistinctRefs, n as RECURSIVE_ANCHOR_SENTINEL, o as findAnchor, r as RefOptions, s as resolveRef, t as ExternalResolver } from "../ref-DdsbekXX.mjs";
 export { ExternalResolver, RECURSIVE_ANCHOR_SENTINEL, RefOptions, countDistinctRefs, dereference, findAnchor, resolveRef };

package/dist/core/refChain.d.mts

@@ -13,8 +13,6 @@
  * detect cycles, and tracking hop count against `maxHops`. The caller chooses
  * what to do on cycle or depth-cap via `onCycle` / `onDepthExceeded`.
  */
-/** Maximum number of `$ref` hops permitted by default. */
-declare const DEFAULT_REF_CHAIN_MAX_HOPS = 8;
 /**
  * Configuration for a single chain resolution.
  *
@@ -51,7 +49,8 @@ interface ResolveRefChainOptions<T> {
   readonly onDepthExceeded?: (ref: string) => T | undefined;
   /**
    * Maximum number of `$ref` hops permitted before `onDepthExceeded` fires.
-   * Defaults to `DEFAULT_REF_CHAIN_MAX_HOPS`.
+   * Defaults to `MAX_PATH_ITEM_REF_HOPS` from `core/limits.ts`, the
+   * canonical cap shared with the OpenAPI Path Item ref walker.
    */
   readonly maxHops?: number;
   /**
@@ -67,4 +66,4 @@ interface ResolveRefChainOptions<T> {
  */
 declare function resolveRefChain<T>(initial: T, options: ResolveRefChainOptions<T>): T | undefined;
 //#endregion
-export { DEFAULT_REF_CHAIN_MAX_HOPS, ResolveRefChainOptions, resolveRefChain };
+export { ResolveRefChainOptions, resolveRefChain };

package/dist/core/refChain.mjs

@@ -1,3 +1,4 @@
+import "./limits.mjs";
 //#region src/core/refChain.ts
 /**
 * Generic single-pass `$ref` chain resolver.
@@ -13,8 +14,6 @@
 * detect cycles, and tracking hop count against `maxHops`. The caller chooses
 * what to do on cycle or depth-cap via `onCycle` / `onDepthExceeded`.
 */
-/** Maximum number of `$ref` hops permitted by default. */
-const DEFAULT_REF_CHAIN_MAX_HOPS = 8;
 function defaultExtractRef(node) {
 	if (typeof node !== "object" || node === null) return void 0;
 	if (!("$ref" in node)) return void 0;
@@ -41,4 +40,4 @@ function resolveRefChain(initial, options) {
 	}
 }
 //#endregion
-export { DEFAULT_REF_CHAIN_MAX_HOPS, resolveRefChain };
+export { resolveRefChain };

package/dist/core/renderer.d.mts

@@ -1,2 +1,199 @@
-import { a as HtmlRenderProps, c as RenderFunction, d as getHtmlRenderFn, f as getRenderFunction, h as typeToKey, i as HtmlRenderFunction, l as RenderProps, m as mergeResolvers, n as BaseFieldProps, o as HtmlResolver, p as mergeHtmlResolvers, r as ComponentResolver, s as RESOLVER_KEYS, t as AllConstraints, u as buildRenderProps } from "../renderer-OaOz-n6-.mjs";
-export { AllConstraints, BaseFieldProps, ComponentResolver, HtmlRenderFunction, HtmlRenderProps, HtmlResolver, RESOLVER_KEYS, RenderFunction, RenderProps, buildRenderProps, getHtmlRenderFn, getRenderFunction, mergeHtmlResolvers, mergeResolvers, typeToKey };
+import { E as StringConstraints, f as FileConstraints, j as WalkedField, t as ArrayConstraints, w as SchemaMeta, x as ObjectConstraints, y as NumberConstraints } from "../types-BrYbjC7_.mjs";
+
+//#region src/core/renderer.d.ts
+/**
+ * Flat intersection of all constraint types.
+ * Used in renderer props where the render function receives the union
+ * but knows (by resolver key) which subset applies.
+ *
+ * The walker's discriminated WalkedField enforces type-correct constraints
+ * at construction time; the renderer consumes them as this flat type.
+ */
+type AllConstraints = StringConstraints & NumberConstraints & ArrayConstraints & ObjectConstraints & FileConstraints;
+/**
+ * Properties available on every schema field, regardless of rendering target.
+ * Both React and HTML renderers receive these.
+ *
+ * Per-type schema data — enum values, object fields, array element schema,
+ * union options, record key/value types, tuple `prefixItems`, conditional
+ * if/then/else clauses, negation `negated`, recursive `refTarget`, literal
+ * values — lives on the discriminated `tree`. Renderers narrow on
+ * `tree.type` and read from the matching variant; there are no duplicate
+ * sibling fields on these props.
+ */
+interface BaseFieldProps {
+  /** Current field value. */
+  value: unknown;
+  /** Whether to render as read-only display. */
+  readOnly: boolean;
+  /** Whether to render as an empty input. */
+  writeOnly: boolean;
+  /** Schema metadata for this field. */
+  meta: SchemaMeta;
+  /** Constraints from schema checks. */
+  constraints: AllConstraints;
+  /** Dot-separated path from root (e.g. "address.city"). */
+  path: string;
+  /** Example values from the schema's `examples` keyword. */
+  examples?: unknown[];
+  /** Walked field tree for recursive rendering. */
+  tree: WalkedField;
+}
+/**
+ * Props for React render functions. Extends BaseFieldProps with:
+ * - `onChange` — callback to propagate value changes back to state
+ * - `renderChild` — recursively renders a child field, threading onChange
+ */
+interface RenderProps extends BaseFieldProps {
+  /** Callback to update the field value. */
+  onChange: (value: unknown) => void;
+  /**
+   * Render a child field. Theme adapters call this to recursively render
+   * nested structures (object fields, array elements, union options).
+   * The resolver and rendering context are already wired in.
+   *
+   * @param tree - The walked field tree for the child
+   * @param value - The child's current value
+   * @param onChange - Callback receiving the child's next value
+   * @param pathSuffix - Path segment from the parent (e.g. "city",
+   *   "[0]"). Joined to the parent's path with a dot, or substituted
+   *   when the parent acts as a transparent wrapper (union options).
+   *   Required for every container — without it children inherit no
+   *   path and `inputId()` will throw.
+   */
+  renderChild: (tree: WalkedField, value: unknown, onChange: (v: unknown) => void, pathSuffix?: string) => unknown;
+}
+/**
+ * Props for HTML render functions. Extends BaseFieldProps with:
+ * - `renderChild` — recursively renders a child field to HTML string
+ *
+ * No `onChange` — HTML rendering is pure output with no event handling.
+ */
+interface HtmlRenderProps extends BaseFieldProps {
+  /**
+   * Render a child field to an HTML string. Theme adapters call this
+   * to recursively render nested structures.
+   *
+   * @param tree - The walked field tree for the child
+   * @param value - The child's current value
+   * @param pathSuffix - Path segment from the parent (e.g. "city",
+   *   "[0]"). When omitted, the child's description is used as fallback.
+   */
+  renderChild: (tree: WalkedField, value: unknown, pathSuffix?: string) => string;
+}
+/**
+ * Build the `RenderProps` object handed to a resolver render function or a
+ * widget. Used by both the server-side `<SchemaView>` (which has no
+ * `onChange`) and the client-side `<SchemaComponent>` (which threads an
+ * `onChange` callback).
+ *
+ * When `onChange` is `undefined` the caller is rendering in read-only mode:
+ * a noop `onChange` is wired up, `readOnly` is forced to `true`, and
+ * `writeOnly` is forced to `false`. Otherwise the editability is taken
+ * from `tree.editability`.
+ */
+declare function buildRenderProps(tree: WalkedField, value: unknown, onChange: ((next: unknown) => void) | undefined, renderChild: RenderProps["renderChild"], path: string): RenderProps;
+/**
+ * Signature for a React render function attached to a
+ * {@link ComponentResolver}. Receives the per-field {@link RenderProps}
+ * built by the walker and returns any ReactNode-compatible value.
+ */
+type RenderFunction = (props: RenderProps) => unknown;
+/**
+ * Widget map — maps component hints (from `.meta({ component })`) to render
+ * functions. A per-render bag consumed by every renderer surface that
+ * dispatches widget overrides; conceptually parallel to
+ * {@link ComponentResolver} but keyed by user-supplied hint names rather
+ * than schema types.
+ *
+ * Scoped at three levels in the React renderer:
+ *
+ * 1. **Per-instance** — `widgets` prop on `<SchemaComponent>`
+ * 2. **Context-scoped** — `widgets` prop on `<SchemaProvider>`
+ * 3. **Global** — `registerWidget()` (app-wide defaults)
+ *
+ * Resolution order: instance → context → global → resolver → headless.
+ */
+type WidgetMap = ReadonlyMap<string, RenderFunction>;
+/**
+ * Theme adapter — maps every schema field type to its React renderer.
+ * Unset keys fall back to the headless resolver. Pass to
+ * `SchemaProvider` (or `SchemaView.resolver`) to drive every
+ * schema-driven render with a specific theme.
+ */
+interface ComponentResolver {
+  string?: RenderFunction;
+  number?: RenderFunction;
+  boolean?: RenderFunction;
+  null?: RenderFunction;
+  enum?: RenderFunction;
+  object?: RenderFunction;
+  array?: RenderFunction;
+  tuple?: RenderFunction;
+  record?: RenderFunction;
+  union?: RenderFunction;
+  discriminatedUnion?: RenderFunction;
+  conditional?: RenderFunction;
+  negation?: RenderFunction;
+  literal?: RenderFunction;
+  file?: RenderFunction;
+  never?: RenderFunction;
+  unknown?: RenderFunction;
+}
+/** An HTML render function returns a string. */
+type HtmlRenderFunction = (props: HtmlRenderProps) => string;
+/**
+ * HTML resolver — maps schema types to HTML string renderers.
+ * Structurally mirrors ComponentResolver but produces strings.
+ */
+interface HtmlResolver {
+  string?: HtmlRenderFunction;
+  number?: HtmlRenderFunction;
+  boolean?: HtmlRenderFunction;
+  null?: HtmlRenderFunction;
+  enum?: HtmlRenderFunction;
+  object?: HtmlRenderFunction;
+  array?: HtmlRenderFunction;
+  tuple?: HtmlRenderFunction;
+  record?: HtmlRenderFunction;
+  union?: HtmlRenderFunction;
+  discriminatedUnion?: HtmlRenderFunction;
+  conditional?: HtmlRenderFunction;
+  negation?: HtmlRenderFunction;
+  literal?: HtmlRenderFunction;
+  file?: HtmlRenderFunction;
+  never?: HtmlRenderFunction;
+  unknown?: HtmlRenderFunction;
+}
+/**
+ * Canonical list of resolver keys, one per {@link WalkedField} variant.
+ * Iterated by the resolver merge helpers so adding a new key here is the
+ * single point of change when a new field variant is introduced.
+ */
+declare const RESOLVER_KEYS: readonly ["string", "number", "boolean", "null", "enum", "object", "array", "tuple", "record", "union", "discriminatedUnion", "conditional", "negation", "literal", "file", "never", "unknown"];
+type ResolverKey = (typeof RESOLVER_KEYS)[number];
+/**
+ * Map a schema type to the resolver key that handles it.
+ * Every WalkedField variant has a direct resolver key — exhaustive switch
+ * ensures new variants surface as a type error rather than silently
+ * falling through to "unknown".
+ */
+declare function typeToKey(type: WalkedField["type"]): ResolverKey;
+/**
+ * Look up the render function for a schema type in a ComponentResolver.
+ */
+declare function getRenderFunction(type: WalkedField["type"], resolver: ComponentResolver): RenderFunction | undefined;
+/**
+ * Look up the render function for a schema type in an HtmlResolver.
+ */
+declare function getHtmlRenderFn(type: WalkedField["type"], resolver: HtmlResolver): HtmlRenderFunction | undefined;
+/**
+ * Merge two ComponentResolvers — user values take priority, fallback fills gaps.
+ */
+declare function mergeResolvers(user: ComponentResolver, fallback: ComponentResolver): ComponentResolver;
+/**
+ * Merge two HtmlResolvers — user values take priority, fallback fills gaps.
+ */
+declare function mergeHtmlResolvers(user: HtmlResolver, fallback: HtmlResolver): HtmlResolver;
+//#endregion
+export { AllConstraints, BaseFieldProps, ComponentResolver, HtmlRenderFunction, HtmlRenderProps, HtmlResolver, RESOLVER_KEYS, RenderFunction, RenderProps, WidgetMap, buildRenderProps, getHtmlRenderFn, getRenderFunction, mergeHtmlResolvers, mergeResolvers, typeToKey };

package/dist/core/swagger2.d.mts

@@ -1,4 +1,4 @@
-import { i as DiagnosticsOptions } from "../diagnostics-ByEzkjrA.mjs";
+import { i as DiagnosticsOptions } from "../diagnostics-BTrm3O6J.mjs";
 import { NodeTransform } from "./normalise.mjs";
 
 //#region src/core/swagger2.d.ts

package/dist/core/swagger2.mjs

@@ -1,2 +1,2 @@
-import { c as normaliseSwagger2Document } from "../normalise-Db1xaxgx.mjs";
+import { c as normaliseSwagger2Document } from "../normalise-DB-Xtjmn.mjs";
 export { normaliseSwagger2Document };

package/dist/core/typeInference.d.mts

@@ -1,5 +1,5 @@
-import { d as FieldOverrides, u as FieldOverride } from "../types-C2Ay1FEh.mjs";
-import { i as MaxRefDepth } from "../limits-DswmqWuy.mjs";
+import { d as FieldOverrides, u as FieldOverride } from "../types-BrYbjC7_.mjs";
+import { i as MaxRefDepth } from "../limits-x4OiyJxh.mjs";
 import { z } from "zod";
 
 //#region src/core/typeInference.d.ts
@@ -790,7 +790,7 @@ type RequestBodySchemaOf<Op, ContentType extends string = DEFAULT_OPENAPI_CONTEN
  * Without this fallback, querying a concrete status against a document
  * that declares only `"2XX"` or `"default"` would silently produce
  * `unknown`. The runtime resolver applies the same fall-through
- * behaviour in `resolveResponseFromParsed`.
+ * behaviour in `resolveResponse`.
  */
 type ResponseSchemaOf<Op, Status extends string, ContentType extends string = DEFAULT_OPENAPI_CONTENT_TYPE> = Op extends {
   responses: infer Rs extends Record<string, unknown>;

package/dist/core/types.d.mts

@@ -1,2 +1,2 @@
-import { A as UnknownField, B as isNeverField, C as RecordField, D as StringField, E as StringConstraints, F as isDiscriminatedUnionField, G as isStringField, H as isNumberField, I as isEnumField, J as isUnknownField, K as isTupleField, L as isFileField, M as isArrayField, N as isBooleanField, O as TupleField, P as isConditionalField, R as isLiteralField, S as ObjectField, T as SchemaType, U as isObjectField, V as isNullField, W as isRecordField, Y as resolveEditability, _ as NeverField, a as DiscriminatedUnionField, b as NumberField, c as FieldBase, d as FieldOverrides, f as FileConstraints, g as NegationField, h as LiteralField, i as ConditionalField, j as WalkedField, k as UnionField, l as FieldConstraints, m as JsonObject, n as ArrayField, o as Editability, p as FileField, q as isUnionField, r as BooleanField, s as EnumField, t as ArrayConstraints, u as FieldOverride, v as NullField, w as SchemaMeta, x as ObjectConstraints, y as NumberConstraints, z as isNegationField } from "../types-C2Ay1FEh.mjs";
+import { A as UnknownField, B as isNeverField, C as RecordField, D as StringField, E as StringConstraints, F as isDiscriminatedUnionField, G as isStringField, H as isNumberField, I as isEnumField, J as isUnknownField, K as isTupleField, L as isFileField, M as isArrayField, N as isBooleanField, O as TupleField, P as isConditionalField, R as isLiteralField, S as ObjectField, T as SchemaType, U as isObjectField, V as isNullField, W as isRecordField, Y as resolveEditability, _ as NeverField, a as DiscriminatedUnionField, b as NumberField, c as FieldBase, d as FieldOverrides, f as FileConstraints, g as NegationField, h as LiteralField, i as ConditionalField, j as WalkedField, k as UnionField, l as FieldConstraints, m as JsonObject, n as ArrayField, o as Editability, p as FileField, q as isUnionField, r as BooleanField, s as EnumField, t as ArrayConstraints, u as FieldOverride, v as NullField, w as SchemaMeta, x as ObjectConstraints, y as NumberConstraints, z as isNegationField } from "../types-BrYbjC7_.mjs";
 export { ArrayConstraints, ArrayField, BooleanField, ConditionalField, DiscriminatedUnionField, Editability, EnumField, FieldBase, FieldConstraints, FieldOverride, FieldOverrides, FileConstraints, FileField, JsonObject, LiteralField, NegationField, NeverField, NullField, NumberConstraints, NumberField, ObjectConstraints, ObjectField, RecordField, SchemaMeta, SchemaType, StringConstraints, StringField, TupleField, UnionField, UnknownField, WalkedField, isArrayField, isBooleanField, isConditionalField, isDiscriminatedUnionField, isEnumField, isFileField, isLiteralField, isNegationField, isNeverField, isNullField, isNumberField, isObjectField, isRecordField, isStringField, isTupleField, isUnionField, isUnknownField, resolveEditability };

package/dist/core/unionMatch.d.mts

@@ -1,4 +1,4 @@
-import { j as WalkedField } from "../types-C2Ay1FEh.mjs";
+import { j as WalkedField } from "../types-BrYbjC7_.mjs";
 
 //#region src/core/unionMatch.d.ts
 /**

package/dist/core/uri.d.mts

@@ -17,16 +17,24 @@
  * Returns `true` when the value is either a relative reference (no scheme
  * component) or an absolute URI using `http`/`https`. Returns `false`
  * for any other scheme, including dangerous ones like `javascript:` and
- * `data:`.
+ * `data:`, and for any value that splices ASCII tab/newline/NUL bytes
+ * into its scheme — the WHATWG URL parser strips those before scheme
+ * detection, so accepting them would let `"java\tscript:alert(1)"`
+ * resolve to `javascript:alert(1)` in a browser.
  */
 declare function isSafeHyperlink(value: string): boolean;
 /**
  * Decide whether `value` is safe to interpolate into a `mailto:` URI.
  *
  * The check rejects values that do not match the standard email format
- * pattern. The format pattern excludes whitespace, which means a CRLF
- * sequence (or its percent-encoded form embedded by the caller) cannot
- * pass — eliminating the SMTP/`mailto` header-injection vector.
+ * pattern. The format pattern excludes whitespace, but it does permit
+ * `%`, and a browser decodes percent-escapes at click time — so a value
+ * such as `"foo%0Abcc:victim@bar.com"` would inject a `Bcc:` header into
+ * the resulting `mailto:` URI. Refuse any value containing `%` to close
+ * that header-injection vector. The plain email-format regex stays a
+ * pure email-syntax check; the additional `%` filter lives here so other
+ * callers of the format pattern (form validators, JSON Schema `format:
+ * email` checks) are not affected.
  */
 declare function isSafeMailtoAddress(value: string): boolean;
 /**

package/dist/core/uri.mjs

@@ -20,6 +20,22 @@ import { EMAIL_FORMAT_PATTERN } from "./formats.mjs";
 */
 const ABSOLUTE_URI_SCHEME = /^\s*([a-z][a-z0-9+\-.]*):/i;
 /**
+* ASCII control characters that the WHATWG URL parser strips before it
+* detects a scheme. A value such as `"java\tscript:alert(1)"` therefore
+* resolves to `javascript:alert(1)` in a browser, even though the literal
+* scheme regex would not match. Splicing any of these characters into a
+* URI is unambiguously hostile, so the safe-scheme check refuses such
+* values outright.
+*
+* Source: WHATWG URL Living Standard §4.4 "URL parsing" — tab and newline
+* (`\t`, `\n`, `\r`) are removed prior to state-machine entry. NUL bytes
+* (`\0`) are likewise stripped by some user agents and never legitimate
+* inside a URI.
+*
+* https://web.archive.org/web/20251101000000*\/https://url.spec.whatwg.org/#concept-basic-url-parser
+*/
+const URL_CONTROL_CHARACTERS = /[\t\n\r\0]/;
+/**
 * Schemes safe to emit unmodified into an `href` attribute. Anything
 * outside this set — most importantly `javascript:`, `data:`, `vbscript:`
 * and `file:` — is rejected and rendered as text.
@@ -31,9 +47,13 @@ const SAFE_HYPERLINK_SCHEMES = new Set(["http", "https"]);
 * Returns `true` when the value is either a relative reference (no scheme
 * component) or an absolute URI using `http`/`https`. Returns `false`
 * for any other scheme, including dangerous ones like `javascript:` and
-* `data:`.
+* `data:`, and for any value that splices ASCII tab/newline/NUL bytes
+* into its scheme — the WHATWG URL parser strips those before scheme
+* detection, so accepting them would let `"java\tscript:alert(1)"`
+* resolve to `javascript:alert(1)` in a browser.
 */
 function isSafeHyperlink(value) {
+	if (URL_CONTROL_CHARACTERS.test(value)) return false;
 	const match = ABSOLUTE_URI_SCHEME.exec(value);
 	if (match === null) return true;
 	const scheme = match[1];
@@ -44,11 +64,17 @@ function isSafeHyperlink(value) {
 * Decide whether `value` is safe to interpolate into a `mailto:` URI.
 *
 * The check rejects values that do not match the standard email format
-* pattern. The format pattern excludes whitespace, which means a CRLF
-* sequence (or its percent-encoded form embedded by the caller) cannot
-* pass — eliminating the SMTP/`mailto` header-injection vector.
+* pattern. The format pattern excludes whitespace, but it does permit
+* `%`, and a browser decodes percent-escapes at click time — so a value
+* such as `"foo%0Abcc:victim@bar.com"` would inject a `Bcc:` header into
+* the resulting `mailto:` URI. Refuse any value containing `%` to close
+* that header-injection vector. The plain email-format regex stays a
+* pure email-syntax check; the additional `%` filter lives here so other
+* callers of the format pattern (form validators, JSON Schema `format:
+* email` checks) are not affected.
 */
 function isSafeMailtoAddress(value) {
+	if (value.includes("%")) return false;
 	return EMAIL_FORMAT_PATTERN.test(value);
 }
 /**

package/dist/core/walkBuilders.d.mts

@@ -1,6 +1,6 @@
-import { A as UnknownField, D as StringField, b as NumberField, c as FieldBase, j as WalkedField, o as Editability, p as FileField, r as BooleanField, v as NullField, w as SchemaMeta } from "../types-C2Ay1FEh.mjs";
-import { i as DiagnosticsOptions } from "../diagnostics-ByEzkjrA.mjs";
-import { t as ExternalResolver } from "../ref-CPh8rKQ3.mjs";
+import { A as UnknownField, D as StringField, b as NumberField, c as FieldBase, d as FieldOverrides, j as WalkedField, o as Editability, p as FileField, r as BooleanField, v as NullField, w as SchemaMeta } from "../types-BrYbjC7_.mjs";
+import { i as DiagnosticsOptions } from "../diagnostics-BTrm3O6J.mjs";
+import { t as ExternalResolver } from "../ref-DdsbekXX.mjs";
 
 //#region src/core/walkBuilders.d.ts
 /** Read a key from a JSON object, returning the value when it is a string and `undefined` otherwise. */
@@ -14,13 +14,25 @@ declare function getObject(obj: Record<string, unknown>, key: string): Record<st
  * overrides, the root document for cross-document `$ref` resolution, a
  * diagnostics sink, and an external `$ref` resolver.
  *
+ * `WalkOptions` is generic in the schema's value type so callers that
+ * walk a typed schema can carry `FieldOverrides<T>` through. The
+ * default `T = unknown` preserves the loose runtime record shape for
+ * existing non-generic callers — `Record<string, unknown>`.
+ *
  * @group Walkers
  */
-interface WalkOptions {
+interface WalkOptions<T = unknown> {
   componentMeta?: SchemaMeta | undefined;
   rootMeta?: SchemaMeta | undefined;
-  /** Nested field overrides — same shape as the schema. */
-  fieldOverrides?: Record<string, unknown> | undefined;
+  /**
+   * Nested field overrides — same shape as the schema.
+   *
+   * Typed against `FieldOverrides<T>` when a schema value type is
+   * supplied; falls back to `Record<string, unknown>` for the
+   * default `T = unknown` so the loose runtime shape continues to
+   * compile.
+   */
+  fieldOverrides?: unknown extends T ? Record<string, unknown> | undefined : FieldOverrides<T> | undefined;
   /** The root document for $ref resolution. */
   rootDocument?: Record<string, unknown> | undefined;
   /** Diagnostics channel for surfacing silent fallbacks. */

package/dist/core/walkBuilders.mjs

@@ -107,10 +107,12 @@ function buildStringField(schema, ctx) {
 }
 /** Build a walked `NumberField` from a JSON Schema node. */
 function buildNumberField(schema, ctx) {
+	const isInteger = schema.type === "integer";
 	return {
 		...buildBase(schema, ctx),
 		type: "number",
-		constraints: extractNumberConstraints(schema)
+		constraints: extractNumberConstraints(schema),
+		isInteger
 	};
 }
 /** Build a walked `BooleanField` from a JSON Schema node. */

package/dist/core/walker.d.mts

@@ -1,4 +1,4 @@
-import { j as WalkedField } from "../types-C2Ay1FEh.mjs";
+import { j as WalkedField } from "../types-BrYbjC7_.mjs";
 import { WalkOptions } from "./walkBuilders.mjs";
 
 //#region src/core/walker.d.ts

package/dist/core/walker.mjs

@@ -323,6 +323,11 @@ function walkBoolean(schema, ctx) {
 	return buildBooleanField(schema, ctx);
 }
 function walkEnum(schema, enumValues, ctx) {
+	if (enumValues.length === 0) emitDiagnostic(ctx.diagnostics, {
+		code: "enum-empty",
+		message: "`enum` array is empty; per Draft 2020-12 §6.1.2 it must be non-empty. The schema describes an unsatisfiable value set.",
+		pointer: ctx.pointer
+	});
 	return {
 		...buildBase(schema, ctx),
 		type: "enum",

package/dist/{diagnostics-ByEzkjrA.d.mts → diagnostics-BTrm3O6J.d.mts}

@@ -18,7 +18,7 @@
  *
  * @group Diagnostics
  */
-type DiagnosticCode = "allof-conflict" | "assumed-draft" | "bare-exclusive-bound" | "conditional-fallback" | "cross-schema-relative-ref-unsupported" | "cyclic-header-ref" | "cyclic-link-ref" | "cyclic-parameter-ref" | "cyclic-path-item-ref" | "dependencies-conflict" | "dependent-required-invalid" | "depth-exceeded" | "discriminator-inconsistent" | "divisible-by-conflict" | "doc-not-object" | "dropped-swagger-feature" | "header-ref-too-deep" | "duplicate-body-parameter" | "duplicate-operation-id" | "dynamic-ref-degraded" | "enum-value-filtered" | "external-ref" | "invalid-const" | "invalid-id-fragment" | "keyword-out-of-draft" | "link-ref-too-deep" | "legacy-dependencies-split" | "legacy-dependencies-split-2019" | "non-json-media-type-fallback" | "parameter-missing-schema" | "parameter-ref-too-deep" | "path-item-ref-too-deep" | "path-webhook-name-collision" | "pattern-invalid" | "prototype-polluting-property" | "recursive-anchor-collision" | "relative-ref-resolved" | "required-non-string" | "schema-allof-incompatible" | "swagger-collection-format-dropped" | "swagger-cyclic-parameter-ref" | "swagger-invalid-file-parameter" | "swagger-malformed-oauth-flow" | "swagger-missing-consumes" | "swagger-missing-host" | "type-mismatch" | "type-negation-fallback" | "unknown-format" | "unknown-json-schema-dialect" | "unknown-keyword" | "unknown-openapi-version" | "unknown-parameter-location" | "unknown-security-scheme-type" | "unresolved-ref" | "unsupported-type" | "zod-codec-nested-output-only" | "zod-codec-output-only" | "zod-preprocess-output-only" | "zod-promise-nested-unwrap";
+type DiagnosticCode = "allof-conflict" | "assumed-draft" | "bare-exclusive-bound" | "conditional-fallback" | "cross-schema-relative-ref-unsupported" | "cyclic-header-ref" | "cyclic-link-ref" | "cyclic-parameter-ref" | "cyclic-path-item-ref" | "dependencies-conflict" | "dependent-required-invalid" | "depth-exceeded" | "discriminator-duplicate" | "discriminator-inconsistent" | "divisible-by-conflict" | "doc-not-object" | "dropped-swagger-feature" | "header-ref-too-deep" | "duplicate-body-parameter" | "duplicate-operation-id" | "dynamic-ref-degraded" | "enum-empty" | "enum-value-filtered" | "external-ref" | "invalid-const" | "invalid-id-fragment" | "keyword-out-of-draft" | "link-ref-too-deep" | "legacy-dependencies-split" | "legacy-dependencies-split-2019" | "non-json-media-type-fallback" | "parameter-missing-schema" | "parameter-ref-too-deep" | "path-item-ref-too-deep" | "path-webhook-name-collision" | "pattern-invalid" | "prototype-polluting-property" | "recursive-anchor-collision" | "relative-ref-resolved" | "required-non-string" | "schema-allof-incompatible" | "swagger-collection-format-dropped" | "swagger-cyclic-parameter-ref" | "swagger-invalid-file-parameter" | "swagger-malformed-oauth-flow" | "swagger-missing-consumes" | "swagger-missing-host" | "type-mismatch" | "type-negation-fallback" | "unknown-format" | "unknown-json-schema-dialect" | "unknown-keyword" | "unknown-openapi-version" | "unknown-parameter-location" | "unknown-security-scheme-type" | "unresolved-ref" | "unsupported-type" | "zod-codec-nested-output-only" | "zod-codec-output-only" | "zod-preprocess-output-only" | "zod-promise-nested-unwrap";
 /**
  * A single diagnostic emitted during schema processing.
  *

package/dist/{errors-D8JndRwI.d.mts → errors-Dki7tji4.d.mts}

@@ -1,4 +1,4 @@
-import { T as SchemaType } from "./types-C2Ay1FEh.mjs";
+import { T as SchemaType } from "./types-BrYbjC7_.mjs";
 
 //#region src/core/errors.d.ts
 /**

package/dist/html/a11y.d.mts

@@ -1,5 +1,6 @@
-import { j as WalkedField } from "../types-C2Ay1FEh.mjs";
-import { t as AllConstraints } from "../renderer-OaOz-n6-.mjs";
+import { j as WalkedField } from "../types-BrYbjC7_.mjs";
+import { AllConstraints } from "../core/renderer.mjs";
+import { constraintHint } from "../core/constraintHint.mjs";
 import { HtmlAttributes, HtmlNode } from "./html.mjs";
 
 //#region src/html/a11y.d.ts
@@ -27,11 +28,6 @@ declare function buildInputId(path: string, key: string): string;
  * the HTML renderers.
  */
 declare function buildHintId(inputId: string): string;
-/**
- * Build a human-readable constraint description string.
- * Returns undefined if no constraints are present.
- */
-declare function constraintHint(c: AllConstraints): string | undefined;
 /**
  * Build `aria-required` attribute for required fields.
  * Returns an object to spread into `h()` attributes, or empty object.