@qzsy/vinext 0.1.7

package/dist/server/dev-initial-server-error.d.ts

@@ -0,0 +1,9 @@
+//#region src/server/dev-initial-server-error.d.ts
+type InitialDevServerErrorPayload = {
+  message: string;
+  name?: string;
+  stack?: string;
+};
+declare function createInitialDevServerErrorScript(error: unknown, scriptNonce?: string, nodeEnv?: string | undefined): string;
+//#endregion
+export { InitialDevServerErrorPayload, createInitialDevServerErrorScript };

package/dist/server/dev-initial-server-error.js

@@ -0,0 +1,26 @@
+import { createInlineScriptTag, safeJsonStringify } from "./html.js";
+//#region src/server/dev-initial-server-error.ts
+const INITIAL_DEV_SERVER_ERRORS_GLOBAL = "__VINEXT_INITIAL_DEV_ERRORS__";
+function stringifyThrownValue(error) {
+	if (typeof error === "string") return error;
+	try {
+		return String(error);
+	} catch {
+		return Object.prototype.toString.call(error);
+	}
+}
+function createInitialDevServerErrorPayload(error) {
+	if (error instanceof Error) return {
+		message: error.message,
+		name: error.name || void 0,
+		stack: error.stack || void 0
+	};
+	return { message: stringifyThrownValue(error) };
+}
+function createInitialDevServerErrorScript(error, scriptNonce, nodeEnv = process.env.NODE_ENV) {
+	if (error == null || nodeEnv === "production") return "";
+	const globalRef = "self[" + safeJsonStringify(INITIAL_DEV_SERVER_ERRORS_GLOBAL) + "]";
+	return createInlineScriptTag(`${globalRef}=${globalRef}||[];${globalRef}.push(${safeJsonStringify(createInitialDevServerErrorPayload(error))})`, scriptNonce);
+}
+//#endregion
+export { createInitialDevServerErrorScript };

package/dist/server/dev-lockfile.d.ts

@@ -0,0 +1,109 @@
+//#region src/server/dev-lockfile.d.ts
+/**
+ * Dev server lock file.
+ *
+ * Writes the running dev server's PID, port, and URL into a lock file at
+ * `<root>/.vinext/dev/lock.json`. When a second `vinext dev` process starts in
+ * the same project directory, it reads the lock file and either fails with an
+ * actionable error or, if the previous process is dead, takes over the lock.
+ *
+ * This is especially useful for AI coding agents, which frequently attempt to
+ * start `vinext dev` without knowing a server is already running.
+ *
+ * Ported behaviorally from Next.js:
+ *   https://github.com/vercel/next.js/blob/canary/packages/next/src/build/lockfile.ts
+ *
+ * Differences vs Next.js:
+ * - No native `flock()`. Next.js uses Rust SWC bindings for cross-platform
+ *   advisory locking; vinext uses a JSON file plus a PID liveness check
+ *   (`process.kill(pid, 0)`), which is good enough for the dev-server
+ *   "another server is running" use case. Race conditions on lock acquisition
+ *   are tolerated: at worst, two dev servers race and one fails to bind a port.
+ * - Lock file lives in `<root>/.vinext/dev/lock.json` (mirroring Next.js'
+ *   `.next/dev/lock` layout). `.vinext/` is already used by the fonts plugin
+ *   to cache self-hosted Google Fonts, so this re-uses the same project-local
+ *   state directory rather than polluting `node_modules`.
+ */
+/**
+ * Information about a running dev server, stored inside the lock file itself.
+ */
+type DevServerInfo = {
+  pid: number;
+  port: number;
+  hostname: string;
+  appUrl: string;
+  startedAt: number; /** Project directory the server is running in. Used to detect stale entries. */
+  cwd: string;
+};
+type DevLockfile = {
+  /** Update the lock file contents (e.g. once the port is known after listen). */update(info: DevServerInfo): void; /** Release the lock — deletes the file. Safe to call multiple times. */
+  release(): void; /** Absolute path to the lock file. */
+  path: string;
+};
+/**
+ * Returns the absolute path to the lock file for a given project root.
+ */
+declare function getLockfilePath(root: string): string;
+/**
+ * Reads and parses the lock file at the given path. Returns `undefined` if the
+ * file doesn't exist or can't be parsed.
+ */
+declare function readLockfile(lockfilePath: string): DevServerInfo | undefined;
+/**
+ * Returns true if a process with the given PID is running.
+ *
+ * Uses `process.kill(pid, 0)`, which sends a null signal — it doesn't actually
+ * kill the process, it just checks if it exists. Throws `ESRCH` if the process
+ * doesn't exist, or `EPERM` if it exists but we don't have permission to
+ * signal it (in which case it's still running, just owned by someone else).
+ */
+declare function isPidAlive(pid: number): boolean;
+type FormatErrorOptions = {
+  /** Existing server info from the lock file, if readable. */existing: DevServerInfo | undefined; /** Project directory the new (failing) process is trying to run in. */
+  cwd: string; /** Path to the lock file. */
+  lockfilePath: string;
+};
+/**
+ * Format the error message printed when another dev server is already running.
+ *
+ * Matches Next.js' error layout so AI agents and CLIs can parse the same
+ * `- PID: ` / `- Local: ` lines.
+ *
+ * The `existing: undefined` branch below is defensive — `tryAcquireLockfile`
+ * currently only returns `ok: false` with a defined `existing`, but the
+ * formatter is exported and unit-tested separately, so it handles both shapes.
+ */
+declare function formatAlreadyRunningError(opts: FormatErrorOptions): string;
+type AcquireOptions = {
+  /** Project root. Lock file goes in `<root>/.vinext/dev/lock.json`. */root: string; /** Initial server info to write. Port/URL may be updated later via `update()`. */
+  info: DevServerInfo;
+  /**
+   * If a lock file exists but its PID is dead, take over instead of failing.
+   * Defaults to `true`. Set to `false` for testing.
+   */
+  takeOverStale?: boolean; /** Register `process.on('exit', release)`. Defaults to `true`. */
+  unlockOnExit?: boolean;
+};
+type AcquireSuccess = {
+  ok: true;
+  lockfile: DevLockfile;
+};
+type AcquireFailure = {
+  ok: false; /** The server info from the existing lock file, if readable. */
+  existing: DevServerInfo | undefined; /** Absolute path to the lock file. */
+  lockfilePath: string;
+};
+type AcquireResult = AcquireSuccess | AcquireFailure;
+/**
+ * Try to acquire the dev lock file for the given project root.
+ *
+ * Returns `{ ok: true, lockfile }` on success — the caller should call
+ * `lockfile.release()` on shutdown (or rely on the exit listener registered
+ * via `unlockOnExit`).
+ *
+ * Returns `{ ok: false, existing, lockfilePath }` if another live dev server
+ * already holds the lock.
+ */
+declare function tryAcquireLockfile(opts: AcquireOptions): AcquireResult;
+//#endregion
+export { DevLockfile, DevServerInfo, formatAlreadyRunningError, getLockfilePath, isPidAlive, readLockfile, tryAcquireLockfile };

package/dist/server/dev-lockfile.js

@@ -0,0 +1,179 @@
+import { normalizePathSeparators } from "../utils/path.js";
+import fs from "node:fs";
+import path from "node:path";
+//#region src/server/dev-lockfile.ts
+/**
+* Dev server lock file.
+*
+* Writes the running dev server's PID, port, and URL into a lock file at
+* `<root>/.vinext/dev/lock.json`. When a second `vinext dev` process starts in
+* the same project directory, it reads the lock file and either fails with an
+* actionable error or, if the previous process is dead, takes over the lock.
+*
+* This is especially useful for AI coding agents, which frequently attempt to
+* start `vinext dev` without knowing a server is already running.
+*
+* Ported behaviorally from Next.js:
+*   https://github.com/vercel/next.js/blob/canary/packages/next/src/build/lockfile.ts
+*
+* Differences vs Next.js:
+* - No native `flock()`. Next.js uses Rust SWC bindings for cross-platform
+*   advisory locking; vinext uses a JSON file plus a PID liveness check
+*   (`process.kill(pid, 0)`), which is good enough for the dev-server
+*   "another server is running" use case. Race conditions on lock acquisition
+*   are tolerated: at worst, two dev servers race and one fails to bind a port.
+* - Lock file lives in `<root>/.vinext/dev/lock.json` (mirroring Next.js'
+*   `.next/dev/lock` layout). `.vinext/` is already used by the fonts plugin
+*   to cache self-hosted Google Fonts, so this re-uses the same project-local
+*   state directory rather than polluting `node_modules`.
+*/
+const LOCK_DIR_RELATIVE = path.join(".vinext", "dev");
+const LOCK_FILE_NAME = "lock.json";
+/**
+* Returns the absolute path to the lock file for a given project root.
+*/
+function getLockfilePath(root) {
+	return path.join(root, LOCK_DIR_RELATIVE, LOCK_FILE_NAME);
+}
+/**
+* Reads and parses the lock file at the given path. Returns `undefined` if the
+* file doesn't exist or can't be parsed.
+*/
+function readLockfile(lockfilePath) {
+	let content;
+	try {
+		content = fs.readFileSync(lockfilePath, "utf-8");
+	} catch {
+		return;
+	}
+	try {
+		const parsed = JSON.parse(content);
+		if (typeof parsed.pid === "number" && typeof parsed.port === "number" && typeof parsed.hostname === "string" && typeof parsed.appUrl === "string" && typeof parsed.startedAt === "number" && typeof parsed.cwd === "string") return parsed;
+		return;
+	} catch {
+		return;
+	}
+}
+/**
+* Returns true if a process with the given PID is running.
+*
+* Uses `process.kill(pid, 0)`, which sends a null signal — it doesn't actually
+* kill the process, it just checks if it exists. Throws `ESRCH` if the process
+* doesn't exist, or `EPERM` if it exists but we don't have permission to
+* signal it (in which case it's still running, just owned by someone else).
+*/
+function isPidAlive(pid) {
+	if (!Number.isInteger(pid) || pid <= 0) return false;
+	try {
+		process.kill(pid, 0);
+		return true;
+	} catch (err) {
+		return err.code === "EPERM";
+	}
+}
+/**
+* Writes the lock file with the given content. Creates the parent directory
+* if it doesn't exist.
+*
+* Mode `0o600` because the lock file contains a PID that, in principle, lets
+* other users on the machine send signals to this user's dev server.
+* Restricting reads is defense-in-depth: the PID is also discoverable via
+* `ps` and the port via `netstat`/`ss`, so this isn't load-bearing.
+*/
+function writeLockfile(lockfilePath, info) {
+	fs.mkdirSync(path.dirname(lockfilePath), { recursive: true });
+	fs.writeFileSync(lockfilePath, JSON.stringify(info, null, 2), { mode: 384 });
+}
+/**
+* Format the error message printed when another dev server is already running.
+*
+* Matches Next.js' error layout so AI agents and CLIs can parse the same
+* `- PID: ` / `- Local: ` lines.
+*
+* The `existing: undefined` branch below is defensive — `tryAcquireLockfile`
+* currently only returns `ok: false` with a defined `existing`, but the
+* formatter is exported and unit-tested separately, so it handles both shapes.
+*/
+function formatAlreadyRunningError(opts) {
+	const { existing, cwd, lockfilePath } = opts;
+	if (!existing) return [
+		"Another vinext dev server appears to be running in this directory.",
+		"",
+		`Stale lock file: ${normalizePathSeparators(path.relative(cwd, lockfilePath))}`,
+		"Remove it manually if no server is running, then re-run `vinext dev`."
+	].join("\n");
+	const killCommand = process.platform === "win32" ? `taskkill /PID ${existing.pid} /F` : `kill ${existing.pid}`;
+	return [
+		"Another vinext dev server is already running.",
+		"",
+		`- Local:        ${existing.appUrl}`,
+		`- PID:          ${existing.pid}`,
+		`- Dir:          ${existing.cwd}`,
+		"",
+		`You can access the existing server at ${existing.appUrl},`,
+		`or run \`${killCommand}\` to stop it and start a new one.`
+	].join("\n");
+}
+/**
+* Try to acquire the dev lock file for the given project root.
+*
+* Returns `{ ok: true, lockfile }` on success — the caller should call
+* `lockfile.release()` on shutdown (or rely on the exit listener registered
+* via `unlockOnExit`).
+*
+* Returns `{ ok: false, existing, lockfilePath }` if another live dev server
+* already holds the lock.
+*/
+function tryAcquireLockfile(opts) {
+	const { root, info, takeOverStale = true, unlockOnExit = true } = opts;
+	const lockfilePath = getLockfilePath(root);
+	const existing = readLockfile(lockfilePath);
+	if (existing) {
+		if (isPidAlive(existing.pid)) return {
+			ok: false,
+			existing,
+			lockfilePath
+		};
+		if (!takeOverStale) return {
+			ok: false,
+			existing,
+			lockfilePath
+		};
+	}
+	writeLockfile(lockfilePath, info);
+	const ownerPid = info.pid;
+	let released = false;
+	const release = () => {
+		if (released) return;
+		released = true;
+		try {
+			const current = readLockfile(lockfilePath);
+			if (current && current.pid === ownerPid) fs.unlinkSync(lockfilePath);
+		} catch {}
+	};
+	let exitListener;
+	if (unlockOnExit) {
+		exitListener = () => release();
+		process.on("exit", exitListener);
+	}
+	return {
+		ok: true,
+		lockfile: {
+			path: lockfilePath,
+			update(next) {
+				try {
+					writeLockfile(lockfilePath, next);
+				} catch {}
+			},
+			release() {
+				release();
+				if (exitListener) {
+					process.off("exit", exitListener);
+					exitListener = void 0;
+				}
+			}
+		}
+	};
+}
+//#endregion
+export { formatAlreadyRunningError, getLockfilePath, isPidAlive, readLockfile, tryAcquireLockfile };

package/dist/server/dev-module-runner.d.ts

@@ -0,0 +1,30 @@
+import { DevEnvironment } from "vite";
+import { ModuleRunner } from "vite/module-runner";
+
+//#region src/server/dev-module-runner.d.ts
+/**
+ * A Vite DevEnvironment duck-typed to the minimal surface we need.
+ * `DevEnvironment.fetchModule()` is a plain async method available on all
+ * environment types — including Cloudflare's custom environments that don't
+ * support the hot-channel-based transport.
+ */
+type DevEnvironmentLike = {
+  fetchModule: (id: string, importer?: string, options?: {
+    cached?: boolean;
+    startOffset?: number;
+  }) => Promise<Record<string, unknown>>;
+};
+/**
+ * Build a ModuleRunner that calls `environment.fetchModule()` directly,
+ * bypassing the hot channel entirely.
+ *
+ * Safe to construct and call at any time — including during `configureServer()`
+ * before the server is listening, and inside request handlers — because it
+ * never accesses `environment.hot.api`.
+ *
+ * @param environment - Any Vite DevEnvironment (or duck-typed equivalent).
+ *   Typically `server.environments["ssr"]`.
+ */
+declare function createDirectRunner(environment: DevEnvironmentLike | DevEnvironment): ModuleRunner;
+//#endregion
+export { createDirectRunner };

package/dist/server/dev-module-runner.js

@@ -0,0 +1,91 @@
+import { ESModulesEvaluator, ModuleRunner, createNodeImportMeta } from "vite/module-runner";
+//#region src/server/dev-module-runner.ts
+/**
+* dev-module-runner.ts
+*
+* Shared utility for loading modules via a Vite DevEnvironment's
+* fetchModule() method, bypassing the hot channel entirely.
+*
+* ## Why this exists
+*
+* Vite 7's `server.ssrLoadModule()` and the lazy `RunnableDevEnvironment.runner`
+* getter both use `SSRCompatModuleRunner`, which constructs a
+* `createServerModuleRunnerTransport` synchronously. That transport calls
+* `connect()` immediately, which reads `environment.hot.api.outsideEmitter` —
+* a property that only exists on `RunnableDevEnvironment` after the server
+* starts listening.
+*
+* When `@cloudflare/vite-plugin` is present it registers its own Vite
+* environments (e.g. `"rsc"`, `"ssr"`) that are *not* `RunnableDevEnvironment`
+* instances. Calling `ssrLoadModule()` in that context crashes with:
+*
+*   TypeError: Cannot read properties of undefined (reading 'outsideEmitter')
+*
+* This affects any code that needs to load a user module at request time (or
+* at startup before the server is listening) from the host Node.js process:
+*   - Pages Router middleware (`runMiddleware` → `ssrLoadModule` on every request)
+*   - Pages Router instrumentation (`runInstrumentation` → `ssrLoadModule` at startup)
+*
+* ## The fix
+*
+* `DevEnvironment.fetchModule()` is a plain `async` method — it does not touch
+* the hot channel at all. We build a `ModuleRunner` whose transport invokes
+* `fetchModule()` directly. This is safe at any time: before the server is
+* listening, during request handling, whenever.
+*
+* ## Usage
+*
+* ```ts
+* import { createDirectRunner } from "./dev-module-runner.js";
+*
+* const runner = createDirectRunner(server.environments["ssr"]);
+* const mod = await runner.import("/abs/path/to/file.ts");
+* await runner.close();
+* ```
+*
+* For long-lived use (e.g. per-request middleware loading), create the runner
+* once and reuse it — do NOT create a new runner on every request.
+*
+* ## Environment selection
+*
+* Prefer the `"ssr"` environment; fall back to any other available environment.
+* Never use the `"rsc"` environment for Pages Router concerns — that environment
+* may be a Cloudflare Workers environment and not suitable for Node.js modules.
+*
+* ```ts
+* const env = server.environments["ssr"] ?? Object.values(server.environments)[0];
+* const runner = createDirectRunner(env);
+* ```
+*/
+/**
+* Build a ModuleRunner that calls `environment.fetchModule()` directly,
+* bypassing the hot channel entirely.
+*
+* Safe to construct and call at any time — including during `configureServer()`
+* before the server is listening, and inside request handlers — because it
+* never accesses `environment.hot.api`.
+*
+* @param environment - Any Vite DevEnvironment (or duck-typed equivalent).
+*   Typically `server.environments["ssr"]`.
+*/
+function createDirectRunner(environment) {
+	return new ModuleRunner({
+		transport: { invoke: async (payload) => {
+			const { name, data: args } = payload.data;
+			if (name === "fetchModule") {
+				const [id, importer, options] = args;
+				return { result: await environment.fetchModule(id, importer, options) };
+			}
+			if (name === "getBuiltins") return { result: [] };
+			return { error: {
+				name: "Error",
+				message: `[vinext] Unexpected ModuleRunner invoke: ${name}`
+			} };
+		} },
+		createImportMeta: createNodeImportMeta,
+		sourcemapInterceptor: false,
+		hmr: false
+	}, new ESModulesEvaluator());
+}
+//#endregion
+export { createDirectRunner };

package/dist/server/dev-origin-check.d.ts

@@ -0,0 +1,62 @@
+//#region src/server/dev-origin-check.d.ts
+/**
+ * Cross-origin request protection for the dev server.
+ *
+ * Prevents external websites from making cross-origin requests to the
+ * local dev server and reading the responses (data exfiltration).
+ *
+ * Vite 7 provides built-in CORS and WebSocket origin protection, but
+ * vinext overrides Vite's CORS config to allow OPTIONS passthrough.
+ * This module adds origin verification to vinext's own request handlers.
+ */
+/**
+ * Check if a request origin is allowed for dev server access.
+ *
+ * Returns true if the request should be allowed, false if it should be blocked.
+ *
+ * Allowed origins:
+ * - Requests with no Origin header (same-origin navigations, curl, etc.)
+ * - Requests from localhost, 127.0.0.1, or [::1] (any port)
+ * - Requests from any subdomain of localhost (e.g., foo.localhost)
+ * - Requests where Origin hostname matches the Host header
+ * - Requests from origins in the allowedDevOrigins list
+ *
+ * @param origin - The Origin header value (may be null/undefined)
+ * @param host - The Host header value for same-origin comparison
+ * @param allowedDevOrigins - Additional allowed origins from config
+ */
+declare function isAllowedDevOrigin(origin: string | null | undefined, host: string | null | undefined, allowedDevOrigins?: string[]): boolean;
+/**
+ * Check if a cross-origin request should be blocked based on Sec-Fetch headers.
+ *
+ * Browsers set `Sec-Fetch-Site: cross-site` and `Sec-Fetch-Mode: no-cors` on
+ * requests from <script>, <img>, <link> tags on a different origin. These
+ * requests don't include an Origin header but can still exfiltrate data via
+ * script execution or timing side channels.
+ *
+ * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-Fetch-Site
+ */
+declare function isCrossSiteNoCorsRequest(secFetchSite: string | null | undefined, secFetchMode: string | null | undefined): boolean;
+/**
+ * Validate a dev server request from a Node.js IncomingMessage.
+ *
+ * Returns null if the request is allowed, or a reason string if it should be blocked.
+ * This is used by the Pages Router connect middleware.
+ */
+declare function validateDevRequest(headers: {
+  origin?: string;
+  host?: string;
+  "x-forwarded-host"?: string;
+  "sec-fetch-site"?: string;
+  "sec-fetch-mode"?: string;
+}, allowedDevOrigins?: string[]): string | null;
+/**
+ * Generate JavaScript code for origin validation in the App Router RSC entry.
+ *
+ * The App Router handler runs in the RSC Vite environment where requests are
+ * Web API Request objects (not Node.js IncomingMessage). This generates inline
+ * code that performs the same checks as validateDevRequest().
+ */
+declare function generateDevOriginCheckCode(allowedDevOrigins?: string[]): string;
+//#endregion
+export { generateDevOriginCheckCode, isAllowedDevOrigin, isCrossSiteNoCorsRequest, validateDevRequest };

package/dist/server/dev-origin-check.js

@@ -0,0 +1,156 @@
+//#region src/server/dev-origin-check.ts
+/**
+* Cross-origin request protection for the dev server.
+*
+* Prevents external websites from making cross-origin requests to the
+* local dev server and reading the responses (data exfiltration).
+*
+* Vite 7 provides built-in CORS and WebSocket origin protection, but
+* vinext overrides Vite's CORS config to allow OPTIONS passthrough.
+* This module adds origin verification to vinext's own request handlers.
+*/
+/**
+* Default hostnames considered safe for dev server access.
+* These are always allowed regardless of configuration.
+*/
+const SAFE_DEV_HOSTS = [
+	"localhost",
+	"127.0.0.1",
+	"[::1]"
+];
+/**
+* Check if a request origin is allowed for dev server access.
+*
+* Returns true if the request should be allowed, false if it should be blocked.
+*
+* Allowed origins:
+* - Requests with no Origin header (same-origin navigations, curl, etc.)
+* - Requests from localhost, 127.0.0.1, or [::1] (any port)
+* - Requests from any subdomain of localhost (e.g., foo.localhost)
+* - Requests where Origin hostname matches the Host header
+* - Requests from origins in the allowedDevOrigins list
+*
+* @param origin - The Origin header value (may be null/undefined)
+* @param host - The Host header value for same-origin comparison
+* @param allowedDevOrigins - Additional allowed origins from config
+*/
+function isAllowedDevOrigin(origin, host, allowedDevOrigins) {
+	if (!origin) return true;
+	if (origin === "null") return allowedDevOrigins?.includes("null") ?? false;
+	let originHostname;
+	try {
+		originHostname = new URL(origin).hostname.toLowerCase();
+	} catch {
+		return false;
+	}
+	if (SAFE_DEV_HOSTS.includes(originHostname)) return true;
+	if (originHostname.endsWith(".localhost")) return true;
+	if (host) {
+		const hostHostname = host.split(",")[0].trim().split(":")[0].toLowerCase();
+		if (originHostname === hostHostname) return true;
+	}
+	if (allowedDevOrigins) {
+		for (const pattern of allowedDevOrigins) if (pattern.startsWith("*.")) {
+			const suffix = pattern.slice(1);
+			if (originHostname === pattern.slice(2) || originHostname.endsWith(suffix)) return true;
+		} else if (originHostname === pattern) return true;
+	}
+	return false;
+}
+/**
+* Check if a cross-origin request should be blocked based on Sec-Fetch headers.
+*
+* Browsers set `Sec-Fetch-Site: cross-site` and `Sec-Fetch-Mode: no-cors` on
+* requests from <script>, <img>, <link> tags on a different origin. These
+* requests don't include an Origin header but can still exfiltrate data via
+* script execution or timing side channels.
+*
+* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-Fetch-Site
+*/
+function isCrossSiteNoCorsRequest(secFetchSite, secFetchMode) {
+	return secFetchMode === "no-cors" && secFetchSite === "cross-site";
+}
+/**
+* Validate a dev server request from a Node.js IncomingMessage.
+*
+* Returns null if the request is allowed, or a reason string if it should be blocked.
+* This is used by the Pages Router connect middleware.
+*/
+function validateDevRequest(headers, allowedDevOrigins) {
+	if (isCrossSiteNoCorsRequest(headers["sec-fetch-site"], headers["sec-fetch-mode"])) return `cross-site no-cors request blocked`;
+	const effectiveHost = headers["x-forwarded-host"] || headers.host;
+	if (!isAllowedDevOrigin(headers.origin, effectiveHost, allowedDevOrigins)) return `origin "${headers.origin}" is not allowed`;
+	return null;
+}
+/**
+* Generate JavaScript code for origin validation in the App Router RSC entry.
+*
+* The App Router handler runs in the RSC Vite environment where requests are
+* Web API Request objects (not Node.js IncomingMessage). This generates inline
+* code that performs the same checks as validateDevRequest().
+*/
+function generateDevOriginCheckCode(allowedDevOrigins) {
+	return `
+// ── Dev server origin verification ──────────────────────────────────────
+// Block cross-origin requests to prevent data exfiltration during development.
+const __allowedDevOrigins = ${JSON.stringify(allowedDevOrigins ?? [])};
+const __safeDevHosts = ["localhost", "127.0.0.1", "[::1]"];
+
+function __forbidden() {
+  return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+}
+
+function __validateDevRequestOrigin(request) {
+  // Check Sec-Fetch headers (catches <script> tag exfiltration)
+  if (request.headers.get("sec-fetch-mode") === "no-cors" &&
+      request.headers.get("sec-fetch-site") === "cross-site") {
+    console.warn("[vinext] Blocked cross-site no-cors request to " + new URL(request.url).pathname);
+    return __forbidden();
+  }
+
+  const origin = request.headers.get("origin");
+  if (!origin) return null;
+
+  // Origin "null" is sent by opaque/sandboxed contexts. Block unless explicitly allowed.
+  if (origin === "null") {
+    if (!__allowedDevOrigins.includes("null")) {
+      console.warn("[vinext] Blocked request with Origin: null. Add \\"null\\" to allowedDevOrigins to allow sandboxed contexts.");
+      return __forbidden();
+    }
+    return null;
+  }
+
+  let originHostname;
+  try {
+    originHostname = new URL(origin).hostname.toLowerCase();
+  } catch {
+    return __forbidden();
+  }
+
+  // Allow localhost, 127.0.0.1, [::1], and *.localhost
+  if (__safeDevHosts.includes(originHostname) || originHostname.endsWith(".localhost")) return null;
+
+  // Same-origin: compare against Host header
+  const hostHeader = (request.headers.get("x-forwarded-host") || request.headers.get("host") || "").split(",")[0].trim().split(":")[0].toLowerCase();
+  if (hostHeader && originHostname === hostHeader) return null;
+
+  // Check user-configured allowed origins
+  for (const pattern of __allowedDevOrigins) {
+    if (pattern.startsWith("*.")) {
+      const suffix = pattern.slice(1);
+      if (originHostname === pattern.slice(2) || originHostname.endsWith(suffix)) return null;
+    } else if (originHostname === pattern) {
+      return null;
+    }
+  }
+
+  console.warn(
+    \`[vinext] Blocked cross-origin request from "\${origin}" to \${new URL(request.url).pathname}. \` +
+    \`To allow this origin, add it to allowedDevOrigins in next.config.js.\`
+  );
+  return __forbidden();
+}
+`;
+}
+//#endregion
+export { generateDevOriginCheckCode, isAllowedDevOrigin, isCrossSiteNoCorsRequest, validateDevRequest };

package/dist/server/dev-route-files.d.ts

@@ -0,0 +1,6 @@
+import { ValidFileMatcher } from "../routing/file-matcher.js";
+
+//#region src/server/dev-route-files.d.ts
+declare function shouldInvalidateAppRouteFile(appDir: string, filePath: string, matcher: ValidFileMatcher): boolean;
+//#endregion
+export { shouldInvalidateAppRouteFile };