This is an "optional" item in the spec but we can do it with a little more wizardry.

• during traversal, keep a list of all the paths that lead to real schemas
• when evaluating (not traversing) a $ref, check against this list, and error if not found.

This is probably not going to happen, since we now rely on $refs to "non-schemas" in OpenAPI documents.

This isn't true since we can override the management of references, as well as schema resources, in JSMDO's traverse sub.

in JSM::Traverse:

• capture the target of all $refs ($recursiveRef, $dynamicRef) via callbacks,
• return the location of all schema resource root paths in $state,
• check the target of all $refs against its own and other documents' lists of schema resources.

in JSM::Document constructor:

• store this list of schema resource roots on the document object.

JSMDO::traverse:

• perform a similar check as to JSM::traverse for $refs in schemas against all schema resources (after all subschemas have been traversed) (this will find things like $ref: /components/schemas/model.foo/properties/baz embedded in another schema)
• use callbacks on $ref to do specific checks in specific locations (e.g. in a response object, a $ref can only go to /components/responses/* in this or another document, etc)

Since there is a performance cost (at traverse time) to performing this, this should be controlled by a constructor config value, defaulting to off (probably - because the specification is ambivalent about whether this is allowed).

This is now done, at runtime when evaluating the $ref keyword (and those similar to it), in version 0.575.