@jasonshimmy/vite-plugin-cer-app 0.10.0 → 0.12.0

package/CHANGELOG.md

@@ -1,6 +1,14 @@
 # Changelog
 
 All notable changes to this project will be documented in this file.
+## [v0.12.0] - 2026-03-22
+
+- feat: implement ISR support with isrHandler for SSR fallback in Cloudflare, Netlify, and Vercel adapters (ddcc4d4)
+
+## [v0.11.0] - 2026-03-22
+
+- feat: add Cloudflare Pages adapter for SSR and SSG support (2734c26)
+
 ## [v0.10.0] - 2026-03-22
 
 - feat: add adapters for Vercel and Netlify deployment platforms (7112bf6)

package/IMPLEMENTATION_PLAN.md

@@ -287,6 +287,10 @@ Requires a `revalidate` option per route (via `meta.ssg.revalidate: 60`).
 
 **Files:**
 - `src/cli/commands/preview.ts` — ISR cache layer
+- `src/runtime/isr-handler.ts` — `createIsrHandler` factory (shared by all platforms)
+- `src/cli/adapters/vercel.ts` — uses `isrHandler` for SSR fallback
+- `src/cli/adapters/netlify.ts` — uses `isrHandler` for SSR fallback
+- `src/cli/adapters/cloudflare.ts` — uses `isrHandler` for SSR fallback
 - `src/plugin/virtual/routes.ts` — include `meta.ssg.revalidate` in route
 - `src/types/page.ts` — add `revalidate` to `PageSsgConfig`
 

package/ROADMAP.md

@@ -98,6 +98,47 @@ but lacks basic production safeguards.
 
 ## Phase 9 — Auth Primitives
 
+### 9.0 Server middleware + `useSession()` ✅
+
+**Problem:** No way to intercept every SSR/API request before routing (auth,
+CORS, logging). No isomorphic session management.
+
+**Design:**
+
+*Convention:* Files in `server/middleware/` export a default
+`defineServerMiddleware()` function. They run in alphabetical order on every
+request before API routes and before SSR rendering.
+
+```ts
+// server/middleware/auth.ts
+export default defineServerMiddleware(async (req, res, next) => {
+  const session = useSession<{ userId: string }>()
+  const data = await session.get()
+  if (!data?.userId) { res.statusCode = 401; res.end('Unauthorized'); return }
+  ;(req as any).user = data
+  next()
+})
+```
+
+`useSession<T>(options?)` — HMAC-SHA-256 signed cookie session:
+- Signing key: `runtimeConfig.private.sessionSecret` (resolved from
+  `SESSION_SECRET` env var at server startup).
+- `get()` → verifies signature, returns typed data or `null`.
+- `set(data)` → signs and writes `httpOnly` cookie.
+- `clear()` → sets `maxAge = 0`.
+- Web Crypto API (`crypto.subtle`) — works in Node.js ≥ 18 and Cloudflare Workers.
+
+**Files:**
+- `src/plugin/virtual/server-middleware.ts` — generator (existed, now wired)
+- `src/runtime/entry-server-template.ts` — `runServerMiddleware()` exported
+- `src/cli/adapters/netlify.ts` / `vercel.ts` / `cloudflare.ts` — call it before routing
+- `src/runtime/composables/define-server-middleware.ts` — new composable
+- `src/runtime/composables/use-session.ts` — new composable
+- `src/runtime/composables/index.ts` — re-exports
+- `src/plugin/dts-generator.ts` — globals + `virtual:cer-server-middleware` decl
+
+---
+
 ### 9.1 Client-side route middleware (navigation guards) ✅
 
 **Problem:** There is no way to intercept client-side navigations to redirect
@@ -203,22 +244,32 @@ response during SSR and `document.cookie` on the client.
 
 ## Phase 10 — Platform Adapters
 
-### 10.1 Cloudflare Workers adapter 🔜
+### 10.1 Cloudflare Workers adapter ✅
 
 **Problem:** The server bundle uses Node.js streams (`AsyncLocalStorage`,
 `createReadStream`, `IncomingMessage`). Cloudflare Workers run a Web
 platform environment without these.
 
-**Design:**
-- Replace `renderToStreamWithJITCSSDSD` with a Web Streams equivalent in
-  `entry-server-template.ts` when the `cloudflare` adapter is selected.
-- Swap `AsyncLocalStorage` with `AsyncContext` (TC39 proposal, available in
-  Workers) or a request-scoped `Map`.
-- The adapter wraps the handler as a `fetch(Request): Response` function.
-- Build output: a single `worker.js` compatible with `wrangler deploy`.
+**Solution:** Cloudflare Pages Advanced Mode (`_worker.js`) with
+`nodejs_compat` compatibility flag. Key techniques:
+- `nodejs_compat` provides `AsyncLocalStorage`, `node:stream` (`Readable.from`)
+  and `node:buffer` — everything the SSR bundle needs.
+- `dist/client/index.html` is read at adapter-run time and inlined as a string
+  constant in `_worker.js` via `globalThis.__CER_CLIENT_TEMPLATE__`, set using
+  top-level `await` before the server bundle is dynamically imported. This
+  bypasses the `node:fs` call in the bundle's module init without changing the
+  server entry template beyond adding a graceful try-catch fallback.
+- The worker bridge mirrors the Netlify bridge (Web Request → Node.js mock →
+  Response) and runs `runServerMiddleware` + API routing before SSR.
+- Responses are buffered (Cloudflare Functions limitation, same as Netlify).
 
-**Complexity:** High. Requires a new server entry template and build pipeline
-changes.
+**Files:**
+- `src/cli/adapters/cloudflare.ts` — Cloudflare Pages adapter
+- `src/runtime/entry-server-template.ts` — `globalThis.__CER_CLIENT_TEMPLATE__`
+  fallback + try-catch around `readFileSync`
+- `src/cli/commands/adapt.ts` — `cer-app adapt --platform cloudflare`
+- `src/types/config.ts` — `'cloudflare'` added to `adapter` union
+- `src/cli/commands/build.ts` — auto-runs adapter post-build
 
 ---
 
@@ -280,9 +331,10 @@ canonical URL. No new infrastructure needed — all forwarded to `<head>`.
 | 8.1 | Path traversal fix in preview server | 🔴 Critical | ✅ |
 | 8.2 | `runtimeConfig.private` (server-only secrets) | 🔴 Critical | ✅ |
 | 8.3 | Preview server hardening (headers, timeouts, graceful shutdown) | 🟡 High | ✅ |
+| 9.0 | Server middleware + `useSession()` | 🟡 High | ✅ |
 | 9.1 | Client-side route middleware (navigation guards) | 🟡 High | ✅ |
 | 9.2 | `useCookie()` composable | 🟡 High | ✅ |
-| 10.1 | Cloudflare Workers adapter | 🟢 Medium | 🔜 |
+| 10.1 | Cloudflare Workers adapter | 🟢 Medium | ✅ |
 | 10.2 | Vercel adapter | 🟢 Medium | ✅ |
 | 10.3 | Netlify adapter | 🟢 Medium | ✅ |
 | 11.1 | DevTools overlay | 🟢 Medium | ❌ |

package/commits.txt

@@ -1 +1 @@
-- feat: add adapters for Vercel and Netlify deployment platforms (7112bf6)
+- feat: implement ISR support with isrHandler for SSR fallback in Cloudflare, Netlify, and Vercel adapters (ddcc4d4)

package/dist/cli/adapters/cloudflare.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Cloudflare Pages adapter.
+ *
+ * Transforms the cer-app `dist/` output into the files needed to deploy on
+ * Cloudflare Pages with an edge-side SSR worker.
+ *
+ * SSR mode:
+ *   - Reads dist/client/index.html and inlines it as a string constant in the
+ *     generated `_worker.js` (Cloudflare Pages Advanced Mode convention).
+ *     The worker sets globalThis.__CER_CLIENT_TEMPLATE__ before dynamically
+ *     importing the server bundle, bypassing the node:fs call in server.js.
+ *   - Copies content-hashed assets and other public files to dist/ alongside
+ *     _worker.js — Cloudflare Pages serves them from the CDN before the worker.
+ *   - Writes `wrangler.toml` with nodejs_compat for AsyncLocalStorage + streams.
+ *
+ * SPA/SSG mode:
+ *   - Copies static files to dist/ (already in correct layout after build).
+ *   - Writes wrangler.toml pointing at dist/ with no function.
+ *
+ * Cloudflare Pages Advanced Mode (_worker.js) reference:
+ *   https://developers.cloudflare.com/pages/functions/advanced-mode/
+ *
+ * nodejs_compat compatibility flag reference:
+ *   https://developers.cloudflare.com/workers/runtime-apis/nodejs/
+ */
+export declare function runCloudflareAdapter(root: string): Promise<void>;
+//# sourceMappingURL=cloudflare.d.ts.map

package/dist/cli/adapters/cloudflare.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloudflare.d.ts","sourceRoot":"","sources":["../../../src/cli/adapters/cloudflare.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAuLH,wBAAsB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA0BtE"}

package/dist/cli/adapters/cloudflare.js

@@ -0,0 +1,282 @@
+/**
+ * Cloudflare Pages adapter.
+ *
+ * Transforms the cer-app `dist/` output into the files needed to deploy on
+ * Cloudflare Pages with an edge-side SSR worker.
+ *
+ * SSR mode:
+ *   - Reads dist/client/index.html and inlines it as a string constant in the
+ *     generated `_worker.js` (Cloudflare Pages Advanced Mode convention).
+ *     The worker sets globalThis.__CER_CLIENT_TEMPLATE__ before dynamically
+ *     importing the server bundle, bypassing the node:fs call in server.js.
+ *   - Copies content-hashed assets and other public files to dist/ alongside
+ *     _worker.js — Cloudflare Pages serves them from the CDN before the worker.
+ *   - Writes `wrangler.toml` with nodejs_compat for AsyncLocalStorage + streams.
+ *
+ * SPA/SSG mode:
+ *   - Copies static files to dist/ (already in correct layout after build).
+ *   - Writes wrangler.toml pointing at dist/ with no function.
+ *
+ * Cloudflare Pages Advanced Mode (_worker.js) reference:
+ *   https://developers.cloudflare.com/pages/functions/advanced-mode/
+ *
+ * nodejs_compat compatibility flag reference:
+ *   https://developers.cloudflare.com/workers/runtime-apis/nodejs/
+ */
+import { join } from 'pathe';
+import { existsSync, mkdirSync, writeFileSync, readFileSync, copyFileSync, cpSync, readdirSync, statSync, } from 'node:fs';
+// ─── Worker bridge template ───────────────────────────────────────────────────
+/**
+ * Generates the _worker.js content with the client HTML inlined.
+ *
+ * Key design points:
+ * - Sets globalThis.__CER_CLIENT_TEMPLATE__ BEFORE dynamically importing the
+ *   server bundle so the bundle's module-init code sees the value instead of
+ *   trying readFileSync (which throws in Workers without node:fs).
+ * - Uses top-level await (supported in Cloudflare Workers ES modules).
+ * - Mirrors the Netlify bridge's Web Request → Node.js mock → Response pattern;
+ *   Cloudflare Workers with nodejs_compat support node:stream + AsyncLocalStorage.
+ * - Exports `{ fetch }` — the Cloudflare Pages _worker.js module format.
+ */
+function generateWorkerBridge(clientHtml) {
+    // Escape the HTML for embedding in a JS template literal.
+    const escaped = clientHtml.replace(/\\/g, '\\\\').replace(/`/g, '\\`').replace(/\$\{/g, '\\${');
+    return `\
+// Auto-generated by @jasonshimmy/vite-plugin-cer-app — do not edit.
+// Cloudflare Pages _worker.js — Advanced Mode SSR bridge.
+// Requires compatibility_flags = ["nodejs_compat"] in wrangler.toml.
+import { Readable } from 'node:stream'
+
+// Inline the client HTML template so the server bundle does not need node:fs.
+// Must be set before the dynamic import below resolves.
+globalThis.__CER_CLIENT_TEMPLATE__ = \`${escaped}\`
+
+const { handler, isrHandler, apiRoutes, runServerMiddleware, runWithRequestContext } = await import('./server/server.js')
+
+function matchApiPattern(pattern, urlPath) {
+  const pp = pattern.split('/')
+  const up = urlPath.split('/')
+  if (pp.length !== up.length) return null
+  const params = {}
+  for (let i = 0; i < pp.length; i++) {
+    if (pp[i].startsWith(':')) params[pp[i].slice(1)] = decodeURIComponent(up[i])
+    else if (pp[i] !== up[i]) return null
+  }
+  return params
+}
+
+function parseQuery(search) {
+  if (!search) return {}
+  const qs = search.startsWith('?') ? search.slice(1) : search
+  const result = {}
+  for (const part of qs.split('&')) {
+    if (!part) continue
+    const eqIdx = part.indexOf('=')
+    if (eqIdx === -1) result[decodeURIComponent(part)] = ''
+    else result[decodeURIComponent(part.slice(0, eqIdx))] = decodeURIComponent(part.slice(eqIdx + 1))
+  }
+  return result
+}
+
+async function toNodeRequest(webReq) {
+  const url = new URL(webReq.url)
+  const hasBody = webReq.body !== null
+    && webReq.method !== 'GET'
+    && webReq.method !== 'HEAD'
+  const body = hasBody ? Buffer.from(await webReq.arrayBuffer()) : null
+  const req = Object.assign(
+    body ? Readable.from([body]) : Readable.from([]),
+    {
+      url: url.pathname + url.search,
+      method: webReq.method,
+      headers: Object.fromEntries(webReq.headers.entries()),
+    },
+  )
+  req.query = parseQuery(url.search)
+  if (body !== null) {
+    const ct = webReq.headers.get('content-type') ?? ''
+    if (ct.includes('application/json')) {
+      try { req.body = JSON.parse(body.toString('utf-8')) } catch { req.body = undefined }
+    } else {
+      req.body = body
+    }
+  }
+  return req
+}
+
+function createNodeResponse() {
+  const chunks = []
+  const headers = {}
+  let _resolve
+  let _ended = false
+  const promise = new Promise((res) => { _resolve = res })
+  const res = {
+    statusCode: 200,
+    setHeader(name, value) { headers[name.toLowerCase()] = String(value) },
+    getHeader(name) { return headers[name.toLowerCase()] },
+    removeHeader(name) { delete headers[name.toLowerCase()] },
+    write(chunk) {
+      if (_ended) return
+      chunks.push(typeof chunk === 'string' ? Buffer.from(chunk, 'utf-8') : Buffer.from(chunk))
+    },
+    end(chunk) {
+      if (_ended) return
+      _ended = true
+      if (chunk) {
+        chunks.push(typeof chunk === 'string' ? Buffer.from(chunk, 'utf-8') : Buffer.from(chunk))
+      }
+      _resolve(new Response(Buffer.concat(chunks), { status: res.statusCode, headers }))
+    },
+    json(data) {
+      this.setHeader('Content-Type', 'application/json; charset=utf-8')
+      this.end(JSON.stringify(data))
+    },
+    status(code) { this.statusCode = code; return this },
+    get writableEnded() { return _ended },
+  }
+  return { res, promise }
+}
+
+async function handleRequest(webReq) {
+  const url = new URL(webReq.url)
+  const urlPath = url.pathname
+  const method = webReq.method ?? 'GET'
+
+  const nodeReq = await toNodeRequest(webReq)
+  const { res, promise } = createNodeResponse()
+
+  // Run server middleware chain (auth, logging, CORS, etc.).
+  if (!(await runServerMiddleware(nodeReq, res))) return promise
+
+  // Route /api/* requests to the API handlers exported by the server bundle.
+  if (urlPath.startsWith('/api/')) {
+    for (const route of (apiRoutes ?? [])) {
+      const params = matchApiPattern(route.path, urlPath)
+      if (params !== null) {
+        nodeReq.params = params
+        const fn = route.handlers[method.toLowerCase()]
+          ?? route.handlers[method.toUpperCase()]
+          ?? route.handlers['default']
+        if (typeof fn === 'function') {
+          // Wrap in request context so useCookie / useSession work in API handlers.
+          runWithRequestContext(nodeReq, res, () => Promise.resolve(fn(nodeReq, res))).catch(() => {
+            if (!res.writableEnded) {
+              res.statusCode = 500
+              res.end(JSON.stringify({ error: 'Internal Server Error' }))
+            }
+          })
+          return promise
+        }
+      }
+    }
+    return new Response('Not Found', { status: 404 })
+  }
+
+  // All other requests: SSR (with ISR for routes that declare meta.ssg.revalidate).
+  isrHandler(nodeReq, res).catch(() => {
+    if (!res.writableEnded) {
+      res.statusCode = 500
+      res.end('Internal Server Error')
+    }
+  })
+  return promise
+}
+
+export default {
+  async fetch(request, _env, _ctx) {
+    return handleRequest(request)
+  },
+}
+`;
+}
+// ─── Public API ───────────────────────────────────────────────────────────────
+export async function runCloudflareAdapter(root) {
+    const distDir = join(root, 'dist');
+    if (!existsSync(distDir)) {
+        throw new Error(`[cer-app] No dist/ directory found at ${distDir}. Run 'cer-app build' first.`);
+    }
+    const serverBundle = join(distDir, 'server/server.js');
+    const ssgManifest = join(distDir, 'ssg-manifest.json');
+    const isSSR = existsSync(serverBundle) && !existsSync(ssgManifest);
+    if (isSSR) {
+        _buildSSR(root, distDir);
+    }
+    else {
+        _buildStatic(root, distDir);
+    }
+    console.log('[cer-app] Cloudflare adapter complete.');
+    if (isSSR) {
+        console.log('  Worker:  dist/_worker.js');
+        console.log('  Static:  dist/');
+        console.log('  Deploy with: wrangler pages deploy dist');
+    }
+    else {
+        console.log('  Deploy with: wrangler pages deploy dist');
+    }
+}
+// ─── SSR output ───────────────────────────────────────────────────────────────
+function _buildSSR(root, distDir) {
+    const clientHtmlPath = join(distDir, 'client/index.html');
+    const clientHtml = existsSync(clientHtmlPath)
+        ? readFileSync(clientHtmlPath, 'utf-8')
+        : '';
+    // Write the worker bridge with inlined client HTML.
+    writeFileSync(join(distDir, '_worker.js'), generateWorkerBridge(clientHtml));
+    // Copy assets from dist/client/ into dist/ (at the same URL paths).
+    // Cloudflare Pages CDN serves files in the deploy directory as static first;
+    // requests that don't match a static file fall through to _worker.js.
+    // We deliberately skip index.html so HTML requests hit the SSR worker.
+    _copyClientAssets(join(distDir, 'client'), distDir);
+    // wrangler.toml: nodejs_compat for AsyncLocalStorage + node:stream support.
+    _writeWranglerToml(root, true);
+}
+// ─── Static (SPA / SSG) output ────────────────────────────────────────────────
+function _buildStatic(root, distDir) {
+    const clientDir = join(distDir, 'client');
+    if (existsSync(clientDir)) {
+        // SSG: pre-rendered HTML lives in dist/; assets in dist/client/.
+        // Move assets alongside the HTML so Cloudflare Pages serves them correctly.
+        _copyClientAssets(clientDir, distDir);
+    }
+    // SPA: everything is already in dist/ — nothing to reorganise.
+    _writeWranglerToml(root, false);
+}
+// ─── Helpers ──────────────────────────────────────────────────────────────────
+function _writeWranglerToml(root, ssrMode) {
+    const lines = [
+        '# Auto-generated by @jasonshimmy/vite-plugin-cer-app — do not edit.',
+        'name = "cer-app"',
+        'compatibility_date = "2024-09-23"',
+    ];
+    if (ssrMode) {
+        lines.push('compatibility_flags = ["nodejs_compat"]');
+    }
+    lines.push('');
+    lines.push('[pages_build_output_dir]');
+    lines.push('dir = "dist"');
+    lines.push('');
+    writeFileSync(join(root, 'wrangler.toml'), lines.join('\n'));
+}
+/**
+ * Copies Vite-hashed assets and other public files (favicon, robots.txt, …)
+ * from the client dist directory into `destDir`.
+ * Skips index.html — served by the SSR worker or SSG pre-rendering.
+ */
+function _copyClientAssets(clientDir, destDir) {
+    if (!existsSync(clientDir))
+        return;
+    mkdirSync(destDir, { recursive: true });
+    for (const entry of readdirSync(clientDir)) {
+        if (entry === 'index.html')
+            continue;
+        const src = join(clientDir, entry);
+        const dest = join(destDir, entry);
+        if (statSync(src).isDirectory()) {
+            cpSync(src, dest, { recursive: true });
+        }
+        else {
+            copyFileSync(src, dest);
+        }
+    }
+}
+//# sourceMappingURL=cloudflare.js.map

package/dist/cli/adapters/cloudflare.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloudflare.js","sourceRoot":"","sources":["../../../src/cli/adapters/cloudflare.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,OAAO,CAAA;AAC5B,OAAO,EACL,UAAU,EACV,SAAS,EACT,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,MAAM,EACN,WAAW,EACX,QAAQ,GACT,MAAM,SAAS,CAAA;AAEhB,iFAAiF;AAEjF;;;;;;;;;;;GAWG;AACH,SAAS,oBAAoB,CAAC,UAAkB;IAC9C,0DAA0D;IAC1D,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAE/F,OAAO;;;;;;;;yCAQgC,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA0I/C,CAAA;AACD,CAAC;AAED,iFAAiF;AAEjF,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,IAAY;IACrD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IAClC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CACb,yCAAyC,OAAO,8BAA8B,CAC/E,CAAA;IACH,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAA;IACtD,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAA;IACtD,MAAM,KAAK,GAAG,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAA;IAElE,IAAI,KAAK,EAAE,CAAC;QACV,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IAC1B,CAAC;SAAM,CAAC;QACN,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IAC7B,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAA;IACrD,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAA;QACzC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;QAC/B,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAA;IAC1D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAA;IAC1D,CAAC;AACH,CAAC;AAED,iFAAiF;AAEjF,SAAS,SAAS,CAAC,IAAY,EAAE,OAAe;IAC9C,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAA;IACzD,MAAM,UAAU,GAAG,UAAU,CAAC,cAAc,CAAC;QAC3C,CAAC,CAAC,YAAY,CAAC,cAAc,EAAE,OAAO,CAAC;QACvC,CAAC,CAAC,EAAE,CAAA;IAEN,oDAAoD;IACpD,aAAa,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,EAAE,oBAAoB,CAAC,UAAU,CAAC,CAAC,CAAA;IAE5E,oEAAoE;IACpE,6EAA6E;IAC7E,sEAAsE;IACtE,uEAAuE;IACvE,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,OAAO,CAAC,CAAA;IAEnD,4EAA4E;IAC5E,kBAAkB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;AAChC,CAAC;AAED,iFAAiF;AAEjF,SAAS,YAAY,CAAC,IAAY,EAAE,OAAe;IACjD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;IAEzC,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1B,iEAAiE;QACjE,4EAA4E;QAC5E,iBAAiB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;IACvC,CAAC;IACD,+DAA+D;IAE/D,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;AACjC,CAAC;AAED,iFAAiF;AAEjF,SAAS,kBAAkB,CAAC,IAAY,EAAE,OAAgB;IACxD,MAAM,KAAK,GAAG;QACZ,qEAAqE;QACrE,kBAAkB;QAClB,mCAAmC;KACpC,CAAA;IAED,IAAI,OAAO,EAAE,CAAC;QACZ,KAAK,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAA;IACvD,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IACd,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAA;IACtC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;IAC1B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAEd,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;AAC9D,CAAC;AAED;;;;GAIG;AACH,SAAS,iBAAiB,CAAC,SAAiB,EAAE,OAAe;IAC3D,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAM;IAClC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IACvC,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3C,IAAI,KAAK,KAAK,YAAY;YAAE,SAAQ;QACpC,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QAClC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QACjC,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;YAChC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;QACxC,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/cli/adapters/netlify.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"netlify.d.ts","sourceRoot":"","sources":["../../../src/cli/adapters/netlify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AA8IH,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA0BnE"}
+{"version":3,"file":"netlify.d.ts","sourceRoot":"","sources":["../../../src/cli/adapters/netlify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAuKH,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA0BnE"}

package/dist/cli/adapters/netlify.js

@@ -38,7 +38,7 @@ import { existsSync, mkdirSync, writeFileSync, copyFileSync, cpSync, readdirSync
 const NETLIFY_SSR_BRIDGE = `\
 // Auto-generated by @jasonshimmy/vite-plugin-cer-app — do not edit.
 import { Readable } from 'node:stream'
-import { handler, apiRoutes } from '../../dist/server/server.js'
+import { handler, isrHandler, apiRoutes, runServerMiddleware, runWithRequestContext } from '../../dist/server/server.js'
 
 function matchApiPattern(pattern, urlPath) {
   const pp = pattern.split('/')
@@ -52,6 +52,19 @@ function matchApiPattern(pattern, urlPath) {
   return params
 }
 
+function parseQuery(search) {
+  if (!search) return {}
+  const qs = search.startsWith('?') ? search.slice(1) : search
+  const result = {}
+  for (const part of qs.split('&')) {
+    if (!part) continue
+    const eqIdx = part.indexOf('=')
+    if (eqIdx === -1) result[decodeURIComponent(part)] = ''
+    else result[decodeURIComponent(part.slice(0, eqIdx))] = decodeURIComponent(part.slice(eqIdx + 1))
+  }
+  return result
+}
+
 async function toNodeRequest(webReq) {
   const url = new URL(webReq.url)
   const hasBody = webReq.body !== null
@@ -66,6 +79,15 @@ async function toNodeRequest(webReq) {
       headers: Object.fromEntries(webReq.headers.entries()),
     },
   )
+  req.query = parseQuery(url.search)
+  if (body !== null) {
+    const ct = webReq.headers.get('content-type') ?? ''
+    if (ct.includes('application/json')) {
+      try { req.body = JSON.parse(body.toString('utf-8')) } catch { req.body = undefined }
+    } else {
+      req.body = body
+    }
+  }
   return req
 }
 
@@ -108,20 +130,25 @@ export default async (webReq) => {
   const urlPath = url.pathname
   const method = webReq.method ?? 'GET'
 
+  // Convert to Node.js-style req/res upfront so server middleware can run.
+  const nodeReq = await toNodeRequest(webReq)
+  const { res, promise } = createNodeResponse()
+
+  // Run server middleware chain (auth, logging, CORS, etc.).
+  if (!(await runServerMiddleware(nodeReq, res))) return promise
+
   // Route /api/* requests to the API handlers exported by the server bundle.
   if (urlPath.startsWith('/api/')) {
     for (const route of (apiRoutes ?? [])) {
       const params = matchApiPattern(route.path, urlPath)
       if (params !== null) {
-        const nodeReq = await toNodeRequest(webReq)
         nodeReq.params = params
-        const { res, promise } = createNodeResponse()
         const fn = route.handlers[method.toLowerCase()]
           ?? route.handlers[method.toUpperCase()]
           ?? route.handlers['default']
         if (typeof fn === 'function') {
-          // Use Promise.resolve() so the catch works for both sync and async handlers.
-          Promise.resolve(fn(nodeReq, res)).catch(() => {
+          // Wrap in request context so useCookie / useSession work in API handlers.
+          runWithRequestContext(nodeReq, res, () => Promise.resolve(fn(nodeReq, res))).catch(() => {
             if (!res.writableEnded) {
               res.statusCode = 500
               res.end(JSON.stringify({ error: 'Internal Server Error' }))
@@ -134,10 +161,8 @@ export default async (webReq) => {
     return new Response('Not Found', { status: 404 })
   }
 
-  // All other requests: SSR.
-  const nodeReq = await toNodeRequest(webReq)
-  const { res, promise } = createNodeResponse()
-  handler(nodeReq, res).catch(() => {
+  // All other requests: SSR (with ISR for routes that declare meta.ssg.revalidate).
+  isrHandler(nodeReq, res).catch(() => {
     if (!res.writableEnded) {
       res.statusCode = 500
       res.end('Internal Server Error')

package/dist/cli/adapters/netlify.js.map

@@ -1 +1 @@
-{"version":3,"file":"netlify.js","sourceRoot":"","sources":["../../../src/cli/adapters/netlify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,OAAO,CAAA;AAC5B,OAAO,EACL,UAAU,EACV,SAAS,EACT,aAAa,EACb,YAAY,EACZ,MAAM,EACN,WAAW,EACX,QAAQ,EACR,MAAM,GACP,MAAM,SAAS,CAAA;AAEhB,gFAAgF;AAEhF;;;;;;;;;;;GAWG;AACH,MAAM,kBAAkB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8G1B,CAAA;AAED,iFAAiF;AAEjF,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,IAAY;IAClD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IAClC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CACb,yCAAyC,OAAO,8BAA8B,CAC/E,CAAA;IACH,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAA;IACtD,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAA;IACtD,MAAM,KAAK,GAAG,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAA;IAElE,IAAI,KAAK,EAAE,CAAC;QACV,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IAC1B,CAAC;SAAM,CAAC;QACN,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IAC7B,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAA;IAClD,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAA;QACpD,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAA;QAC5C,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAA;IAC9C,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAA;IAC9C,CAAC;AACH,CAAC;AAED,iFAAiF;AAEjF,SAAS,SAAS,CAAC,IAAY,EAAE,OAAe;IAC9C,iCAAiC;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAA;IACpD,SAAS,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IAC5C,aAAa,CAAC,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,EAAE,kBAAkB,CAAC,CAAA;IAEhE,iEAAiE;IACjE,2EAA2E;IAC3E,uEAAuE;IACvE,8DAA8D;IAC9D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAA;IACjD,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;IACtD,CAAC;IACD,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,UAAU,CAAC,CAAA;IAEtD,+EAA+E;IAC/E,aAAa,CACX,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAC1B;;;;;;;;;;;;;CAaH,CACE,CAAA;AACH,CAAC;AAED,iFAAiF;AAEjF,SAAS,YAAY,CAAC,IAAY,EAAE,OAAe;IACjD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;IACzC,IAAI,UAAkB,CAAA;IAEtB,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1B,4EAA4E;QAC5E,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAA;QAC3C,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;QACtD,CAAC;QACD,yEAAyE;QACzE,MAAM,CAAC,OAAO,EAAE,UAAU,EAAE;YAC1B,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CACd,GAAG,KAAK,SAAS,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,mBAAmB,CAAC;SAC1D,CAAC,CAAA;QACF,uDAAuD;QACvD,iBAAiB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAA;IAC1C,CAAC;SAAM,CAAC;QACN,4DAA4D;QAC5D,UAAU,GAAG,MAAM,CAAA;IACrB,CAAC;IAED,uCAAuC;IACvC,aAAa,CACX,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAC1B;;eAEW,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU;;;;;;;;;;;CAW1F,CACE,CAAA;AACH,CAAC;AAED,iFAAiF;AAEjF;;;;GAIG;AACH,SAAS,iBAAiB,CAAC,SAAiB,EAAE,OAAe;IAC3D,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAM;IAClC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IACvC,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3C,IAAI,KAAK,KAAK,YAAY;YAAE,SAAQ;QACpC,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QAClC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QACjC,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;YAChC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;QACxC,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;AACH,CAAC"}
+{"version":3,"file":"netlify.js","sourceRoot":"","sources":["../../../src/cli/adapters/netlify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,OAAO,CAAA;AAC5B,OAAO,EACL,UAAU,EACV,SAAS,EACT,aAAa,EACb,YAAY,EACZ,MAAM,EACN,WAAW,EACX,QAAQ,EACR,MAAM,GACP,MAAM,SAAS,CAAA;AAEhB,gFAAgF;AAEhF;;;;;;;;;;;GAWG;AACH,MAAM,kBAAkB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuI1B,CAAA;AAED,iFAAiF;AAEjF,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,IAAY;IAClD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IAClC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CACb,yCAAyC,OAAO,8BAA8B,CAC/E,CAAA;IACH,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAA;IACtD,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAA;IACtD,MAAM,KAAK,GAAG,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAA;IAElE,IAAI,KAAK,EAAE,CAAC;QACV,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IAC1B,CAAC;SAAM,CAAC;QACN,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IAC7B,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAA;IAClD,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAA;QACpD,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAA;QAC5C,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAA;IAC9C,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAA;IAC9C,CAAC;AACH,CAAC;AAED,iFAAiF;AAEjF,SAAS,SAAS,CAAC,IAAY,EAAE,OAAe;IAC9C,iCAAiC;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAA;IACpD,SAAS,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IAC5C,aAAa,CAAC,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,EAAE,kBAAkB,CAAC,CAAA;IAEhE,iEAAiE;IACjE,2EAA2E;IAC3E,uEAAuE;IACvE,8DAA8D;IAC9D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAA;IACjD,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;IACtD,CAAC;IACD,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,UAAU,CAAC,CAAA;IAEtD,+EAA+E;IAC/E,aAAa,CACX,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAC1B;;;;;;;;;;;;;CAaH,CACE,CAAA;AACH,CAAC;AAED,iFAAiF;AAEjF,SAAS,YAAY,CAAC,IAAY,EAAE,OAAe;IACjD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;IACzC,IAAI,UAAkB,CAAA;IAEtB,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1B,4EAA4E;QAC5E,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAA;QAC3C,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;QACtD,CAAC;QACD,yEAAyE;QACzE,MAAM,CAAC,OAAO,EAAE,UAAU,EAAE;YAC1B,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CACd,GAAG,KAAK,SAAS,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,mBAAmB,CAAC;SAC1D,CAAC,CAAA;QACF,uDAAuD;QACvD,iBAAiB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAA;IAC1C,CAAC;SAAM,CAAC;QACN,4DAA4D;QAC5D,UAAU,GAAG,MAAM,CAAA;IACrB,CAAC;IAED,uCAAuC;IACvC,aAAa,CACX,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAC1B;;eAEW,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU;;;;;;;;;;;CAW1F,CACE,CAAA;AACH,CAAC;AAED,iFAAiF;AAEjF;;;;GAIG;AACH,SAAS,iBAAiB,CAAC,SAAiB,EAAE,OAAe;IAC3D,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAM;IAClC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IACvC,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3C,IAAI,KAAK,KAAK,YAAY;YAAE,SAAQ;QACpC,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QAClC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QACjC,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;YAChC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;QACxC,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/cli/adapters/vercel.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"vercel.d.ts","sourceRoot":"","sources":["../../../src/cli/adapters/vercel.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAqFH,wBAAsB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA4BlE"}
+{"version":3,"file":"vercel.d.ts","sourceRoot":"","sources":["../../../src/cli/adapters/vercel.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AA4HH,wBAAsB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA4BlE"}

package/dist/cli/adapters/vercel.js

@@ -30,7 +30,7 @@ import { existsSync, mkdirSync, writeFileSync, copyFileSync, cpSync, readdirSync
  */
 const VERCEL_LAUNCHER = `\
 // Auto-generated by @jasonshimmy/vite-plugin-cer-app — do not edit.
-import { handler, apiRoutes } from './server/server.js'
+import { handler, isrHandler, apiRoutes, runServerMiddleware, runWithRequestContext } from './server/server.js'
 
 function matchApiPattern(pattern, urlPath) {
   const pp = pattern.split('/')
@@ -44,7 +44,44 @@ function matchApiPattern(pattern, urlPath) {
   return params
 }
 
+function parseQuery(url) {
+  const qIndex = url.indexOf('?')
+  if (qIndex === -1) return {}
+  const qs = url.slice(qIndex + 1)
+  const result = {}
+  for (const part of qs.split('&')) {
+    if (!part) continue
+    const eqIdx = part.indexOf('=')
+    if (eqIdx === -1) result[decodeURIComponent(part)] = ''
+    else result[decodeURIComponent(part.slice(0, eqIdx))] = decodeURIComponent(part.slice(eqIdx + 1))
+  }
+  return result
+}
+
+async function readBody(req) {
+  return new Promise((resolve, reject) => {
+    const chunks = []
+    req.on('data', chunk => chunks.push(Buffer.from(chunk)))
+    req.on('end', () => resolve(Buffer.concat(chunks)))
+    req.on('error', reject)
+  })
+}
+
+async function parseBody(req) {
+  const contentType = req.headers['content-type'] ?? ''
+  const method = req.method?.toUpperCase() ?? 'GET'
+  if (!['POST', 'PUT', 'PATCH'].includes(method)) return undefined
+  const buf = await readBody(req)
+  if (contentType.includes('application/json')) {
+    try { return JSON.parse(buf.toString('utf-8')) } catch { return undefined }
+  }
+  return buf
+}
+
 export default async function cerAppHandler(req, res) {
+  // Run server middleware chain (auth, logging, CORS, etc.).
+  if (!(await runServerMiddleware(req, res))) return
+
   const urlPath = (req.url ?? '/').split('?')[0]
   const method = req.method ?? 'GET'
 
@@ -54,6 +91,8 @@ export default async function cerAppHandler(req, res) {
       const params = matchApiPattern(route.path, urlPath)
       if (params !== null) {
         req.params = params
+        req.query = parseQuery(req.url ?? '/')
+        req.body = await parseBody(req)
         res.json = function (data) {
           this.setHeader('Content-Type', 'application/json; charset=utf-8')
           this.end(JSON.stringify(data))
@@ -64,7 +103,7 @@ export default async function cerAppHandler(req, res) {
           ?? route.handlers['default']
         if (typeof fn === 'function') {
           try {
-            await fn(req, res)
+            await runWithRequestContext(req, res, () => Promise.resolve(fn(req, res)))
           } catch {
             if (!res.writableEnded) {
               res.statusCode = 500
@@ -81,8 +120,8 @@ export default async function cerAppHandler(req, res) {
     return
   }
 
-  // All other requests: SSR.
-  await handler(req, res)
+  // All other requests: SSR (with ISR for routes that declare meta.ssg.revalidate).
+  await isrHandler(req, res)
 }
 `;
 // ─── Public API ───────────────────────────────────────────────────────────────