zod-codegen 1.7.0 → 1.7.2

package/CHANGELOG.md

@@ -1,3 +1,15 @@
+## [1.7.2](https://github.com/julienandreu/zod-codegen/compare/v1.7.1...v1.7.2) (2026-03-10)
+
+### 🐛 Bug Fixes
+
+- redact credentials from source URL in generated file headers ([#88](https://github.com/julienandreu/zod-codegen/issues/88)) ([692901d](https://github.com/julienandreu/zod-codegen/commit/692901d0b3ea8a53cbb92102bc9c3f7f90aa44aa))
+
+## [1.7.1](https://github.com/julienandreu/zod-codegen/compare/v1.7.0...v1.7.1) (2026-03-10)
+
+### 🐛 Bug Fixes
+
+- properly handle URL inputs with authentication support ([#87](https://github.com/julienandreu/zod-codegen/issues/87)) ([49ba2c4](https://github.com/julienandreu/zod-codegen/commit/49ba2c483458397d9f12e03b8f6c634981e4454a))
+
 ## [1.7.0](https://github.com/julienandreu/zod-codegen/compare/v1.6.3...v1.7.0) (2026-03-09)
 
 ### 🚀 Features

package/dist/src/services/file-reader.service.d.ts

@@ -1,7 +1,9 @@
 import type { OpenApiFileParser, OpenApiFileReader } from '../interfaces/file-reader';
 import type { OpenApiSpecType } from '../types/openapi';
 export declare class SyncFileReaderService implements OpenApiFileReader {
+    private isUrl;
     readFile(path: string): Promise<string>;
+    private fetchUrl;
 }
 export declare class OpenApiFileParserService implements OpenApiFileParser<OpenApiSpecType> {
     parse(input: unknown): OpenApiSpecType;

package/dist/src/services/file-reader.service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"file-reader.service.d.ts","sourceRoot":"","sources":["../../../src/services/file-reader.service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACtF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAGxD,qBAAa,qBAAsB,YAAW,iBAAiB;IACvD,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAgB9C;AAED,qBAAa,wBAAyB,YAAW,iBAAiB,CAAC,eAAe,CAAC;IACjF,KAAK,CAAC,KAAK,EAAE,OAAO,GAAG,eAAe;CAgBvC"}
+{"version":3,"file":"file-reader.service.d.ts","sourceRoot":"","sources":["../../../src/services/file-reader.service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACtF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAGxD,qBAAa,qBAAsB,YAAW,iBAAiB;IAC7D,OAAO,CAAC,KAAK;IASP,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAQ/B,QAAQ;CAkBvB;AAED,qBAAa,wBAAyB,YAAW,iBAAiB,CAAC,eAAe,CAAC;IACjF,KAAK,CAAC,KAAK,EAAE,OAAO,GAAG,eAAe;CAgBvC"}

package/dist/src/services/file-reader.service.js

@@ -2,21 +2,35 @@ import { load } from 'js-yaml';
 import { readFileSync } from 'node:fs';
 import { OpenApiSpec } from '../types/openapi.js';
 export class SyncFileReaderService {
-    async readFile(path) {
-        // Check if path is a URL
+    isUrl(path) {
         try {
             const url = new URL(path);
-            // If it's a valid URL, fetch it
-            const response = await fetch(url.toString());
-            if (!response.ok) {
-                throw new Error(`Failed to fetch ${path}: ${String(response.status)} ${response.statusText}`);
-            }
-            return await response.text();
+            return url.protocol === 'http:' || url.protocol === 'https:';
         }
         catch {
-            // If URL parsing fails, treat it as a local file path
-            return readFileSync(path, 'utf8');
+            return false;
+        }
+    }
+    async readFile(path) {
+        if (this.isUrl(path)) {
+            return await this.fetchUrl(path);
+        }
+        return readFileSync(path, 'utf8');
+    }
+    async fetchUrl(path) {
+        const url = new URL(path);
+        const headers = {};
+        if (url.username || url.password) {
+            const credentials = `${decodeURIComponent(url.username)}:${decodeURIComponent(url.password)}`;
+            headers['Authorization'] = `Basic ${btoa(credentials)}`;
+            url.username = '';
+            url.password = '';
+        }
+        const response = await fetch(url.toString(), { headers });
+        if (!response.ok) {
+            throw new Error(`Failed to fetch ${path}: ${String(response.status)} ${response.statusText}`);
         }
+        return await response.text();
     }
 }
 export class OpenApiFileParserService {

package/dist/src/services/file-writer.service.d.ts

@@ -4,6 +4,7 @@ export declare class SyncFileWriterService implements FileWriter {
     private readonly version;
     private readonly inputPath;
     constructor(name: string, version: string, inputPath: string);
+    private redactUrl;
     writeFile(filePath: string, content: string): void;
     resolveOutputPath(outputDir: string, fileName?: string): string;
 }

package/dist/src/services/file-writer.service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"file-writer.service.d.ts","sourceRoot":"","sources":["../../../src/services/file-writer.service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAE/D,qBAAa,qBAAsB,YAAW,UAAU;IAEpD,OAAO,CAAC,QAAQ,CAAC,IAAI;IACrB,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,SAAS;gBAFT,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM;IAGpC,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAqBlD,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,SAAW,GAAG,MAAM;CAGlE"}
+{"version":3,"file":"file-writer.service.d.ts","sourceRoot":"","sources":["../../../src/services/file-writer.service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAE/D,qBAAa,qBAAsB,YAAW,UAAU;IAEpD,OAAO,CAAC,QAAQ,CAAC,IAAI;IACrB,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,SAAS;gBAFT,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM;IAGpC,OAAO,CAAC,SAAS;IAajB,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAqBlD,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,SAAW,GAAG,MAAM;CAGlE"}

package/dist/src/services/file-writer.service.js

@@ -9,12 +9,25 @@ export class SyncFileWriterService {
         this.version = version;
         this.inputPath = inputPath;
     }
+    redactUrl(path) {
+        try {
+            const url = new URL(path);
+            if ((url.protocol === 'http:' || url.protocol === 'https:') && url.password) {
+                url.password = '***';
+                return url.toString();
+            }
+        }
+        catch {
+            // Not a URL, return as-is
+        }
+        return path;
+    }
     writeFile(filePath, content) {
         const generatedContent = [
             '// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.',
             `// Built with ${this.name}@${this.version}`,
             `// Latest edit: ${new Date().toUTCString()}`,
-            `// Source file: ${this.inputPath}`,
+            `// Source file: ${this.redactUrl(this.inputPath)}`,
             '/* eslint-disable */',
             '// @ts-nocheck',
             '',

package/dist/tests/integration/cli-comprehensive.test.js

@@ -106,5 +106,18 @@ describe('CLI Comprehensive Integration', () => {
             const outputFile = resolve(testOutputDir, 'api.ts');
             expect(existsSync(outputFile)).toBe(true);
         });
+        it('should generate code from a remote URL', () => {
+            execSync(`node ./dist/src/cli.js --input https://petstore3.swagger.io/api/v3/openapi.json --output ${testOutputDir}`, {
+                encoding: 'utf-8',
+                cwd,
+                timeout: 30000
+            });
+            const outputFile = resolve(testOutputDir, 'api.ts');
+            expect(existsSync(outputFile)).toBe(true);
+            const content = readFileSync(outputFile, 'utf-8');
+            expect(content).toContain('export default class');
+            expect(content).toContain('class ResponseValidationError<T> extends Error');
+            expect(content).toContain('import { z }');
+        });
     });
 });

package/dist/tests/unit/file-reader.test.js

@@ -1,8 +1,7 @@
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
 import { beforeEach, describe, expect, it, vi } from 'vitest';
 import { OpenApiFileParserService, SyncFileReaderService } from '../../src/services/file-reader.service';
-import { join } from 'node:path';
-import { fileURLToPath } from 'node:url';
-import { dirname } from 'node:path';
 const __dirname = dirname(fileURLToPath(import.meta.url));
 describe('SyncFileReaderService', () => {
     let reader;
@@ -25,7 +24,6 @@ describe('SyncFileReaderService', () => {
             await expect(reader.readFile('./non-existent-file.json')).rejects.toThrow();
         });
         it('should handle URLs', async () => {
-            // Mock fetch for URL test
             const originalFetch = global.fetch;
             global.fetch = vi.fn().mockResolvedValue({
                 ok: true,
@@ -33,6 +31,7 @@ describe('SyncFileReaderService', () => {
             });
             const content = await reader.readFile('https://example.com/openapi.json');
             expect(content).toBeTruthy();
+            expect(global.fetch).toHaveBeenCalledWith('https://example.com/openapi.json', { headers: {} });
             global.fetch = originalFetch;
         });
         it('should handle URL fetch errors with non-ok responses', async () => {
@@ -43,11 +42,40 @@ describe('SyncFileReaderService', () => {
                 statusText: 'Not Found'
             });
             global.fetch = mockFetch;
-            await expect(reader.readFile('https://example.com/not-found.json')).rejects.toThrow();
-            // Verify fetch was called
-            expect(mockFetch).toHaveBeenCalledWith('https://example.com/not-found.json');
+            await expect(reader.readFile('https://example.com/not-found.json')).rejects.toThrow('Failed to fetch');
+            global.fetch = originalFetch;
+        });
+        it('should propagate network errors for URLs instead of falling back to readFileSync', async () => {
+            const originalFetch = global.fetch;
+            global.fetch = vi.fn().mockRejectedValue(new TypeError('fetch failed'));
+            await expect(reader.readFile('https://example.com/openapi.json')).rejects.toThrow('fetch failed');
+            global.fetch = originalFetch;
+        });
+        it('should extract basic auth credentials from URL into Authorization header', async () => {
+            const originalFetch = global.fetch;
+            const mockFetch = vi.fn().mockResolvedValue({
+                ok: true,
+                text: async () => '{}'
+            });
+            global.fetch = mockFetch;
+            await reader.readFile('https://user:pass@example.com/openapi.json');
+            expect(mockFetch).toHaveBeenCalledWith('https://example.com/openapi.json', { headers: { Authorization: `Basic ${btoa('user:pass')}` } });
+            global.fetch = originalFetch;
+        });
+        it('should decode percent-encoded credentials from URL', async () => {
+            const originalFetch = global.fetch;
+            const mockFetch = vi.fn().mockResolvedValue({
+                ok: true,
+                text: async () => '{}'
+            });
+            global.fetch = mockFetch;
+            await reader.readFile('https://julien%2Bstaging%40saris.ai:qwerty123@api.staging.saris.ai/api/openapi.json');
+            expect(mockFetch).toHaveBeenCalledWith('https://api.staging.saris.ai/api/openapi.json', { headers: { Authorization: `Basic ${btoa('julien+staging@saris.ai:qwerty123')}` } });
             global.fetch = originalFetch;
         });
+        it('should not treat non-http schemes as URLs', async () => {
+            await expect(reader.readFile('file:///etc/passwd')).rejects.toThrow();
+        });
     });
 });
 describe('OpenApiFileParserService', () => {

package/dist/tests/unit/file-writer.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=file-writer.test.d.ts.map

package/dist/tests/unit/file-writer.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-writer.test.d.ts","sourceRoot":"","sources":["../../../tests/unit/file-writer.test.ts"],"names":[],"mappings":""}

package/dist/tests/unit/file-writer.test.js

@@ -0,0 +1,53 @@
+import { existsSync, mkdirSync, readFileSync, rmSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { afterEach, beforeEach, describe, expect, it } from 'vitest';
+import { SyncFileWriterService } from '../../src/services/file-writer.service';
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const testOutputDir = join(__dirname, '../../test-output-writer');
+describe('SyncFileWriterService', () => {
+    beforeEach(() => {
+        if (existsSync(testOutputDir)) {
+            rmSync(testOutputDir, { recursive: true, force: true });
+        }
+        mkdirSync(testOutputDir, { recursive: true });
+    });
+    afterEach(() => {
+        if (existsSync(testOutputDir)) {
+            rmSync(testOutputDir, { recursive: true, force: true });
+        }
+    });
+    describe('credential redaction', () => {
+        it('should redact password from URL with embedded credentials', () => {
+            const writer = new SyncFileWriterService('zod-codegen', '1.0.0', 'https://user:secretpass@api.example.com/openapi.json');
+            const outPath = join(testOutputDir, 'api.ts');
+            writer.writeFile(outPath, 'const x = 1;');
+            const content = readFileSync(outPath, 'utf-8');
+            expect(content).toContain('// Source file: https://user:***@api.example.com/openapi.json');
+            expect(content).not.toContain('secretpass');
+        });
+        it('should redact password from URL with percent-encoded credentials', () => {
+            const writer = new SyncFileWriterService('zod-codegen', '1.0.0', 'https://api%2Bstaging%40saris.ai:hnt.xjx3rby8YKM8wnm@api.staging.saris.ai/api/openapi.json');
+            const outPath = join(testOutputDir, 'api.ts');
+            writer.writeFile(outPath, 'const x = 1;');
+            const content = readFileSync(outPath, 'utf-8');
+            expect(content).toContain('api%2Bstaging%40saris.ai');
+            expect(content).toContain(':***@');
+            expect(content).not.toContain('hnt.xjx3rby8YKM8wnm');
+        });
+        it('should leave URL without credentials unchanged', () => {
+            const writer = new SyncFileWriterService('zod-codegen', '1.0.0', 'https://api.example.com/openapi.json');
+            const outPath = join(testOutputDir, 'api.ts');
+            writer.writeFile(outPath, 'const x = 1;');
+            const content = readFileSync(outPath, 'utf-8');
+            expect(content).toContain('// Source file: https://api.example.com/openapi.json');
+        });
+        it('should leave local file paths unchanged', () => {
+            const writer = new SyncFileWriterService('zod-codegen', '1.0.0', './samples/openapi.json');
+            const outPath = join(testOutputDir, 'api.ts');
+            writer.writeFile(outPath, 'const x = 1;');
+            const content = readFileSync(outPath, 'utf-8');
+            expect(content).toContain('// Source file: ./samples/openapi.json');
+        });
+    });
+});

package/package.json

@@ -101,5 +101,5 @@
     "release": "semantic-release",
     "release:dry": "semantic-release --dry-run"
   },
-  "version": "1.7.0"
+  "version": "1.7.2"
 }

package/src/services/file-reader.service.ts

@@ -5,21 +5,40 @@ import type { OpenApiSpecType } from '../types/openapi';
 import { OpenApiSpec } from '../types/openapi';
 
 export class SyncFileReaderService implements OpenApiFileReader {
-  async readFile(path: string): Promise<string> {
-    // Check if path is a URL
+  private isUrl(path: string): boolean {
     try {
       const url = new URL(path);
-      // If it's a valid URL, fetch it
-      const response = await fetch(url.toString());
-      if (!response.ok) {
-        throw new Error(`Failed to fetch ${path}: ${String(response.status)} ${response.statusText}`);
-      }
-
-      return await response.text();
+      return url.protocol === 'http:' || url.protocol === 'https:';
     } catch {
-      // If URL parsing fails, treat it as a local file path
-      return readFileSync(path, 'utf8');
+      return false;
+    }
+  }
+
+  async readFile(path: string): Promise<string> {
+    if (this.isUrl(path)) {
+      return await this.fetchUrl(path);
+    }
+
+    return readFileSync(path, 'utf8');
+  }
+
+  private async fetchUrl(path: string): Promise<string> {
+    const url = new URL(path);
+
+    const headers: Record<string, string> = {};
+    if (url.username || url.password) {
+      const credentials = `${decodeURIComponent(url.username)}:${decodeURIComponent(url.password)}`;
+      headers['Authorization'] = `Basic ${btoa(credentials)}`;
+      url.username = '';
+      url.password = '';
     }
+
+    const response = await fetch(url.toString(), { headers });
+    if (!response.ok) {
+      throw new Error(`Failed to fetch ${path}: ${String(response.status)} ${response.statusText}`);
+    }
+
+    return await response.text();
   }
 }
 

package/src/services/file-writer.service.ts

@@ -9,12 +9,25 @@ export class SyncFileWriterService implements FileWriter {
     private readonly inputPath: string
   ) {}
 
+  private redactUrl(path: string): string {
+    try {
+      const url = new URL(path);
+      if ((url.protocol === 'http:' || url.protocol === 'https:') && url.password) {
+        url.password = '***';
+        return url.toString();
+      }
+    } catch {
+      // Not a URL, return as-is
+    }
+    return path;
+  }
+
   writeFile(filePath: string, content: string): void {
     const generatedContent = [
       '// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.',
       `// Built with ${this.name}@${this.version}`,
       `// Latest edit: ${new Date().toUTCString()}`,
-      `// Source file: ${this.inputPath}`,
+      `// Source file: ${this.redactUrl(this.inputPath)}`,
       '/* eslint-disable */',
       '// @ts-nocheck',
       '',

package/tests/integration/cli-comprehensive.test.ts

@@ -125,5 +125,21 @@ describe('CLI Comprehensive Integration', () => {
       const outputFile = resolve(testOutputDir, 'api.ts');
       expect(existsSync(outputFile)).toBe(true);
     });
+
+    it('should generate code from a remote URL', () => {
+      execSync(`node ./dist/src/cli.js --input https://petstore3.swagger.io/api/v3/openapi.json --output ${testOutputDir}`, {
+        encoding: 'utf-8',
+        cwd,
+        timeout: 30000
+      });
+
+      const outputFile = resolve(testOutputDir, 'api.ts');
+      expect(existsSync(outputFile)).toBe(true);
+
+      const content = readFileSync(outputFile, 'utf-8');
+      expect(content).toContain('export default class');
+      expect(content).toContain('class ResponseValidationError<T> extends Error');
+      expect(content).toContain('import { z }');
+    });
   });
 });

package/tests/unit/file-reader.test.ts

@@ -1,8 +1,7 @@
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
 import { beforeEach, describe, expect, it, vi } from 'vitest';
 import { OpenApiFileParserService, SyncFileReaderService } from '../../src/services/file-reader.service';
-import { join } from 'node:path';
-import { fileURLToPath } from 'node:url';
-import { dirname } from 'node:path';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 
@@ -32,7 +31,6 @@ describe('SyncFileReaderService', () => {
     });
 
     it('should handle URLs', async () => {
-      // Mock fetch for URL test
       const originalFetch = global.fetch;
       global.fetch = vi.fn().mockResolvedValue({
         ok: true,
@@ -41,6 +39,7 @@ describe('SyncFileReaderService', () => {
 
       const content = await reader.readFile('https://example.com/openapi.json');
       expect(content).toBeTruthy();
+      expect(global.fetch).toHaveBeenCalledWith('https://example.com/openapi.json', { headers: {} });
 
       global.fetch = originalFetch;
     });
@@ -54,12 +53,53 @@ describe('SyncFileReaderService', () => {
       } as Response);
       global.fetch = mockFetch;
 
-      await expect(reader.readFile('https://example.com/not-found.json')).rejects.toThrow();
+      await expect(reader.readFile('https://example.com/not-found.json')).rejects.toThrow('Failed to fetch');
+
+      global.fetch = originalFetch;
+    });
+
+    it('should propagate network errors for URLs instead of falling back to readFileSync', async () => {
+      const originalFetch = global.fetch;
+      global.fetch = vi.fn().mockRejectedValue(new TypeError('fetch failed'));
+
+      await expect(reader.readFile('https://example.com/openapi.json')).rejects.toThrow('fetch failed');
+
+      global.fetch = originalFetch;
+    });
+
+    it('should extract basic auth credentials from URL into Authorization header', async () => {
+      const originalFetch = global.fetch;
+      const mockFetch = vi.fn().mockResolvedValue({
+        ok: true,
+        text: async () => '{}'
+      } as Response);
+      global.fetch = mockFetch;
+
+      await reader.readFile('https://user:pass@example.com/openapi.json');
+
+      expect(mockFetch).toHaveBeenCalledWith('https://example.com/openapi.json', { headers: { Authorization: `Basic ${btoa('user:pass')}` } });
+
+      global.fetch = originalFetch;
+    });
+
+    it('should decode percent-encoded credentials from URL', async () => {
+      const originalFetch = global.fetch;
+      const mockFetch = vi.fn().mockResolvedValue({
+        ok: true,
+        text: async () => '{}'
+      } as Response);
+      global.fetch = mockFetch;
+
+      await reader.readFile('https://julien%2Bstaging%40saris.ai:qwerty123@api.staging.saris.ai/api/openapi.json');
+
+      expect(mockFetch).toHaveBeenCalledWith('https://api.staging.saris.ai/api/openapi.json', { headers: { Authorization: `Basic ${btoa('julien+staging@saris.ai:qwerty123')}` } });
 
-      // Verify fetch was called
-      expect(mockFetch).toHaveBeenCalledWith('https://example.com/not-found.json');
       global.fetch = originalFetch;
     });
+
+    it('should not treat non-http schemes as URLs', async () => {
+      await expect(reader.readFile('file:///etc/passwd')).rejects.toThrow();
+    });
   });
 });
 

package/tests/unit/file-writer.test.ts

@@ -0,0 +1,69 @@
+import { existsSync, mkdirSync, readFileSync, rmSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { afterEach, beforeEach, describe, expect, it } from 'vitest';
+import { SyncFileWriterService } from '../../src/services/file-writer.service';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const testOutputDir = join(__dirname, '../../test-output-writer');
+
+describe('SyncFileWriterService', () => {
+  beforeEach(() => {
+    if (existsSync(testOutputDir)) {
+      rmSync(testOutputDir, { recursive: true, force: true });
+    }
+
+    mkdirSync(testOutputDir, { recursive: true });
+  });
+
+  afterEach(() => {
+    if (existsSync(testOutputDir)) {
+      rmSync(testOutputDir, { recursive: true, force: true });
+    }
+  });
+
+  describe('credential redaction', () => {
+    it('should redact password from URL with embedded credentials', () => {
+      const writer = new SyncFileWriterService('zod-codegen', '1.0.0', 'https://user:secretpass@api.example.com/openapi.json');
+
+      const outPath = join(testOutputDir, 'api.ts');
+      writer.writeFile(outPath, 'const x = 1;');
+
+      const content = readFileSync(outPath, 'utf-8');
+      expect(content).toContain('// Source file: https://user:***@api.example.com/openapi.json');
+      expect(content).not.toContain('secretpass');
+    });
+
+    it('should redact password from URL with percent-encoded credentials', () => {
+      const writer = new SyncFileWriterService('zod-codegen', '1.0.0', 'https://api%2Bstaging%40saris.ai:hnt.xjx3rby8YKM8wnm@api.staging.saris.ai/api/openapi.json');
+
+      const outPath = join(testOutputDir, 'api.ts');
+      writer.writeFile(outPath, 'const x = 1;');
+
+      const content = readFileSync(outPath, 'utf-8');
+      expect(content).toContain('api%2Bstaging%40saris.ai');
+      expect(content).toContain(':***@');
+      expect(content).not.toContain('hnt.xjx3rby8YKM8wnm');
+    });
+
+    it('should leave URL without credentials unchanged', () => {
+      const writer = new SyncFileWriterService('zod-codegen', '1.0.0', 'https://api.example.com/openapi.json');
+
+      const outPath = join(testOutputDir, 'api.ts');
+      writer.writeFile(outPath, 'const x = 1;');
+
+      const content = readFileSync(outPath, 'utf-8');
+      expect(content).toContain('// Source file: https://api.example.com/openapi.json');
+    });
+
+    it('should leave local file paths unchanged', () => {
+      const writer = new SyncFileWriterService('zod-codegen', '1.0.0', './samples/openapi.json');
+
+      const outPath = join(testOutputDir, 'api.ts');
+      writer.writeFile(outPath, 'const x = 1;');
+
+      const content = readFileSync(outPath, 'utf-8');
+      expect(content).toContain('// Source file: ./samples/openapi.json');
+    });
+  });
+});