npm - @rangojs/router - Versions diffs - 0.0.0-experimental.97 → 0.0.0-experimental.98914650 - Mend

@rangojs/router 0.0.0-experimental.97 → 0.0.0-experimental.98914650

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (356) hide show

package/README.md +24 -9
package/dist/bin/rango.js +157 -63
package/dist/testing/vitest.js +82 -0
package/dist/vite/index.js +1584 -639
package/package.json +71 -21
package/skills/api-client/SKILL.md +211 -0
package/skills/breadcrumbs/SKILL.md +60 -0
package/skills/bundle-analysis/SKILL.md +159 -0
package/skills/cache-guide/SKILL.md +222 -30
package/skills/caching/SKILL.md +263 -8
package/skills/composability/SKILL.md +27 -2
package/skills/css/SKILL.md +76 -0
package/skills/document-cache/SKILL.md +78 -55
package/skills/handler-use/SKILL.md +3 -1
package/skills/hooks/SKILL.md +235 -28
package/skills/host-router/SKILL.md +122 -22
package/skills/i18n/SKILL.md +276 -0
package/skills/intercept/SKILL.md +29 -5
package/skills/layout/SKILL.md +13 -9
package/skills/links/SKILL.md +173 -17
package/skills/loader/SKILL.md +170 -23
package/skills/middleware/SKILL.md +16 -10
package/skills/migrate-nextjs/SKILL.md +38 -16
package/skills/mime-routes/SKILL.md +27 -0
package/skills/observability/SKILL.md +137 -0
package/skills/parallel/SKILL.md +11 -7
package/skills/prerender/SKILL.md +14 -33
package/skills/rango/SKILL.md +250 -25
package/skills/react-compiler/SKILL.md +168 -0
package/skills/response-routes/SKILL.md +114 -47
package/skills/route/SKILL.md +42 -5
package/skills/router-setup/SKILL.md +3 -3
package/skills/server-actions/SKILL.md +78 -42
package/skills/tailwind/SKILL.md +27 -3
package/skills/testing/SKILL.md +129 -0
package/skills/testing/bindings.md +89 -0
package/skills/testing/cache-prerender.md +124 -0
package/skills/testing/client-components.md +122 -0
package/skills/testing/e2e-parity.md +125 -0
package/skills/testing/flight.md +92 -0
package/skills/testing/handles.md +129 -0
package/skills/testing/loader.md +128 -0
package/skills/testing/middleware.md +99 -0
package/skills/testing/render-handler.md +121 -0
package/skills/testing/response-routes.md +95 -0
package/skills/testing/reverse-and-types.md +84 -0
package/skills/testing/server-actions.md +107 -0
package/skills/testing/server-tree.md +128 -0
package/skills/testing/setup.md +120 -0
package/skills/typesafety/SKILL.md +316 -26
package/skills/use-cache/SKILL.md +36 -5
package/skills/vercel/SKILL.md +107 -0
package/skills/view-transitions/SKILL.md +294 -0
package/src/__augment-tests__/augment.ts +81 -0
package/src/__augment-tests__/augmented.check.ts +116 -0
package/src/__internal.ts +0 -65
package/src/browser/action-coordinator.ts +53 -36
package/src/browser/action-fence.ts +47 -0
package/src/browser/app-shell.ts +14 -27
package/src/browser/cookie-name.ts +140 -0
package/src/browser/event-controller.ts +37 -143
package/src/browser/history-state.ts +21 -0
package/src/browser/index.ts +3 -3
package/src/browser/invalidate-client-cache.ts +52 -0
package/src/browser/navigation-bridge.ts +30 -59
package/src/browser/navigation-client.ts +96 -84
package/src/browser/navigation-store-handle.ts +38 -0
package/src/browser/navigation-store.ts +32 -82
package/src/browser/navigation-transaction.ts +9 -59
package/src/browser/partial-update.ts +60 -127
package/src/browser/prefetch/cache.ts +82 -72
package/src/browser/prefetch/fetch.ts +108 -33
package/src/browser/prefetch/queue.ts +6 -3
package/src/browser/rango-state.ts +157 -115
package/src/browser/react/Link.tsx +0 -2
package/src/browser/react/NavigationProvider.tsx +41 -48
package/src/browser/react/ScrollRestoration.tsx +10 -6
package/src/browser/react/filter-segment-order.ts +0 -2
package/src/browser/react/index.ts +0 -48
package/src/browser/react/location-state-shared.ts +166 -8
package/src/browser/react/location-state.ts +39 -14
package/src/browser/react/use-action.ts +6 -15
package/src/browser/react/use-handle.ts +17 -14
package/src/browser/react/use-link-status.ts +0 -4
package/src/browser/react/use-navigation.ts +0 -3
package/src/browser/react/use-params.ts +11 -11
package/src/browser/react/use-reverse.ts +106 -0
package/src/browser/react/use-router.ts +20 -5
package/src/browser/react/use-search-params.ts +0 -5
package/src/browser/react/use-segments.ts +0 -13
package/src/browser/response-adapter.ts +52 -1
package/src/browser/rsc-router.tsx +70 -34
package/src/browser/scroll-restoration.ts +22 -14
package/src/browser/segment-structure-assert.ts +2 -2
package/src/browser/server-action-bridge.ts +168 -44
package/src/browser/types.ts +36 -21
package/src/browser/validate-redirect-origin.ts +43 -16
package/src/build/collect-fallback-refs.ts +107 -0
package/src/build/generate-manifest.ts +60 -35
package/src/build/generate-route-types.ts +3 -0
package/src/build/index.ts +8 -2
package/src/build/prefix-tree-utils.ts +123 -0
package/src/build/route-trie.ts +89 -10
package/src/build/route-types/codegen.ts +4 -4
package/src/build/route-types/include-resolution.ts +1 -1
package/src/build/route-types/param-extraction.ts +6 -3
package/src/build/route-types/per-module-writer.ts +7 -4
package/src/build/route-types/router-processing.ts +122 -22
package/src/build/route-types/scan-filter.ts +1 -1
package/src/build/route-types/source-scan.ts +118 -0
package/src/build/runtime-discovery.ts +9 -20
package/src/cache/cache-error.ts +104 -0
package/src/cache/cache-policy.ts +68 -28
package/src/cache/cache-runtime.ts +134 -32
package/src/cache/cache-scope.ts +100 -74
package/src/cache/cache-tag.ts +98 -0
package/src/cache/cf/cf-cache-store.ts +2255 -238
package/src/cache/cf/index.ts +6 -16
package/src/cache/document-cache.ts +61 -20
package/src/cache/handle-snapshot.ts +63 -0
package/src/cache/index.ts +22 -20
package/src/cache/memory-segment-store.ts +136 -37
package/src/cache/profile-registry.ts +6 -30
package/src/cache/read-through-swr.ts +41 -11
package/src/cache/segment-codec.ts +0 -16
package/src/cache/tag-invalidation.ts +230 -0
package/src/cache/types.ts +33 -100
package/src/cache/vercel/index.ts +11 -0
package/src/cache/vercel/vercel-cache-store.ts +799 -0
package/src/client.rsc.tsx +6 -21
package/src/client.tsx +25 -61
package/src/component-utils.ts +19 -0
package/src/context-var.ts +17 -5
package/src/decode-loader-results.ts +36 -0
package/src/defer.ts +196 -0
package/src/deps/ssr.ts +0 -1
package/src/errors.ts +30 -4
package/src/handle.ts +31 -23
package/src/handles/MetaTags.tsx +0 -14
package/src/handles/breadcrumbs.ts +16 -5
package/src/handles/meta.ts +0 -39
package/src/host/cookie-handler.ts +0 -36
package/src/host/errors.ts +0 -24
package/src/host/index.ts +8 -2
package/src/host/pattern-matcher.ts +7 -50
package/src/host/router.ts +107 -99
package/src/host/testing.ts +40 -27
package/src/host/types.ts +37 -4
package/src/host/utils.ts +1 -1
package/src/href-client.ts +137 -22
package/src/index.rsc.ts +63 -9
package/src/index.ts +64 -9
package/src/internal-debug.ts +2 -4
package/src/loader-store.ts +500 -0
package/src/loader.rsc.ts +20 -13
package/src/loader.ts +12 -11
package/src/missing-id-error.ts +68 -0
package/src/network-error-thrower.tsx +1 -6
package/src/outlet-provider.tsx +1 -5
package/src/prerender/param-hash.ts +10 -11
package/src/prerender/store.ts +32 -37
package/src/prerender.ts +61 -6
package/src/redirect-origin.ts +100 -0
package/src/response-utils.ts +9 -0
package/src/reverse.ts +65 -40
package/src/root-error-boundary.tsx +1 -19
package/src/route-content-wrapper.tsx +7 -72
package/src/route-definition/dsl-helpers.ts +244 -281
package/src/route-definition/helper-factories.ts +29 -139
package/src/route-definition/helpers-types.ts +40 -17
package/src/route-definition/redirect.ts +43 -9
package/src/route-definition/resolve-handler-use.ts +6 -0
package/src/route-definition/use-item-types.ts +32 -0
package/src/route-map-builder.ts +0 -16
package/src/route-types.ts +19 -41
package/src/router/basename.ts +14 -0
package/src/router/content-negotiation.ts +15 -15
package/src/router/error-handling.ts +13 -17
package/src/router/find-match.ts +44 -23
package/src/router/handler-context.ts +4 -41
package/src/router/intercept-resolution.ts +14 -19
package/src/router/lazy-includes.ts +9 -46
package/src/router/loader-resolution.ts +91 -46
package/src/router/logging.ts +0 -6
package/src/router/manifest.ts +18 -29
package/src/router/match-api.ts +0 -20
package/src/router/match-context.ts +0 -22
package/src/router/match-handlers.ts +57 -58
package/src/router/match-middleware/background-revalidation.ts +0 -7
package/src/router/match-middleware/cache-lookup.ts +150 -271
package/src/router/match-middleware/cache-store.ts +3 -33
package/src/router/match-middleware/intercept-resolution.ts +0 -22
package/src/router/match-middleware/segment-resolution.ts +0 -22
package/src/router/match-pipelines.ts +1 -42
package/src/router/match-result.ts +31 -80
package/src/router/metrics.ts +0 -34
package/src/router/middleware-types.ts +5 -112
package/src/router/middleware.ts +118 -133
package/src/router/navigation-snapshot.ts +0 -51
package/src/router/params-util.ts +23 -0
package/src/router/pattern-matching.ts +62 -67
package/src/router/prerender-match.ts +99 -63
package/src/router/preview-match.ts +3 -1
package/src/router/request-classification.ts +28 -62
package/src/router/revalidation.ts +50 -56
package/src/router/route-snapshot.ts +0 -1
package/src/router/router-context.ts +0 -27
package/src/router/router-interfaces.ts +68 -35
package/src/router/router-options.ts +55 -1
package/src/router/router-registry.ts +2 -5
package/src/router/segment-resolution/fresh.ts +44 -63
package/src/router/segment-resolution/helpers.ts +34 -0
package/src/router/segment-resolution/loader-cache.ts +40 -37
package/src/router/segment-resolution/revalidation.ts +203 -285
package/src/router/segment-resolution/static-store.ts +19 -5
package/src/router/segment-resolution/streamed-handler-telemetry.ts +52 -0
package/src/router/segment-resolution/view-transition-default.ts +36 -0
package/src/router/segment-resolution.ts +4 -1
package/src/router/segment-wrappers.ts +0 -3
package/src/router/state-cookie-name.ts +33 -0
package/src/router/substitute-pattern-params.ts +56 -0
package/src/router/telemetry-otel.ts +0 -20
package/src/router/telemetry.ts +96 -19
package/src/router/timeout.ts +0 -20
package/src/router/trie-matching.ts +87 -48
package/src/router/types.ts +9 -63
package/src/router/url-params.ts +0 -5
package/src/router.ts +80 -41
package/src/rsc/handler-context.ts +3 -2
package/src/rsc/handler.ts +83 -78
package/src/rsc/helpers.ts +93 -5
package/src/rsc/index.ts +1 -1
package/src/rsc/json-route-result.ts +38 -0
package/src/rsc/manifest-init.ts +28 -41
package/src/rsc/origin-guard.ts +39 -25
package/src/rsc/progressive-enhancement.ts +12 -1
package/src/rsc/redirect-guard.ts +99 -0
package/src/rsc/response-error.ts +79 -12
package/src/rsc/response-route-handler.ts +76 -62
package/src/rsc/rsc-rendering.ts +41 -60
package/src/rsc/runtime-warnings.ts +23 -10
package/src/rsc/server-action.ts +62 -67
package/src/rsc/ssr-setup.ts +16 -0
package/src/rsc/types.ts +10 -5
package/src/runtime-env.ts +18 -0
package/src/search-params.ts +4 -20
package/src/segment-loader-promise.ts +14 -2
package/src/segment-system.tsx +199 -142
package/src/serialize.ts +243 -0
package/src/server/context.ts +150 -51
package/src/server/cookie-store.ts +80 -5
package/src/server/handle-store.ts +7 -24
package/src/server/loader-registry.ts +5 -24
package/src/server/request-context.ts +165 -87
package/src/ssr/index.tsx +14 -14
package/src/static-handler.ts +10 -13
package/src/testing/cache-status.ts +162 -0
package/src/testing/collect-handle.ts +40 -0
package/src/testing/dispatch.ts +618 -0
package/src/testing/dom.entry.ts +22 -0
package/src/testing/e2e/fixture.ts +188 -0
package/src/testing/e2e/index.ts +128 -0
package/src/testing/e2e/matchers.ts +35 -0
package/src/testing/e2e/page-helpers.ts +272 -0
package/src/testing/e2e/parity.ts +387 -0
package/src/testing/e2e/server.ts +195 -0
package/src/testing/flight-matchers.ts +97 -0
package/src/testing/flight-normalize.ts +11 -0
package/src/testing/flight-runtime.d.ts +57 -0
package/src/testing/flight-tree.ts +682 -0
package/src/testing/flight.entry.ts +52 -0
package/src/testing/flight.ts +232 -0
package/src/testing/generated-routes.ts +183 -0
package/src/testing/index.ts +99 -0
package/src/testing/internal/context.ts +348 -0
package/src/testing/internal/flight-client-globals.ts +30 -0
package/src/testing/internal/seed-vars.ts +54 -0
package/src/testing/render-handler.ts +330 -0
package/src/testing/render-route.tsx +566 -0
package/src/testing/run-loader.ts +378 -0
package/src/testing/run-middleware.ts +205 -0
package/src/testing/vitest-stubs/cloudflare-email.ts +9 -0
package/src/testing/vitest-stubs/cloudflare-workers.ts +21 -0
package/src/testing/vitest-stubs/plugin-rsc.ts +16 -0
package/src/testing/vitest-stubs/version.ts +5 -0
package/src/testing/vitest.ts +305 -0
package/src/theme/ThemeProvider.tsx +0 -52
package/src/theme/ThemeScript.tsx +0 -6
package/src/theme/constants.ts +0 -12
package/src/theme/index.ts +0 -7
package/src/theme/theme-context.ts +1 -5
package/src/theme/theme-script.ts +0 -14
package/src/theme/use-theme.ts +0 -3
package/src/types/boundaries.ts +0 -35
package/src/types/cache-types.ts +13 -4
package/src/types/error-types.ts +30 -90
package/src/types/global-namespace.ts +54 -41
package/src/types/handler-context.ts +97 -22
package/src/types/index.ts +1 -10
package/src/types/loader-types.ts +6 -3
package/src/types/request-scope.ts +0 -19
package/src/types/route-config.ts +6 -50
package/src/types/route-entry.ts +0 -6
package/src/types/segments.ts +18 -14
package/src/urls/include-helper.ts +9 -56
package/src/urls/index.ts +1 -11
package/src/urls/path-helper-types.ts +19 -5
package/src/urls/path-helper.ts +17 -106
package/src/urls/pattern-types.ts +36 -19
package/src/urls/response-types.ts +20 -19
package/src/urls/type-extraction.ts +58 -139
package/src/urls/urls-function.ts +1 -18
package/src/use-loader.tsx +292 -107
package/src/vite/debug.ts +1 -0
package/src/vite/discovery/bundle-postprocess.ts +8 -7
package/src/vite/discovery/discover-routers.ts +95 -82
package/src/vite/discovery/discovery-errors.ts +194 -0
package/src/vite/discovery/prerender-collection.ts +26 -34
package/src/vite/discovery/route-types-writer.ts +40 -84
package/src/vite/discovery/state.ts +39 -1
package/src/vite/discovery/virtual-module-codegen.ts +14 -34
package/src/vite/index.ts +4 -0
package/src/vite/plugin-types.ts +185 -10
package/src/vite/plugins/cjs-to-esm.ts +3 -18
package/src/vite/plugins/client-ref-dedup.ts +0 -11
package/src/vite/plugins/client-ref-hashing.ts +12 -11
package/src/vite/plugins/cloudflare-protocol-stub.ts +1 -21
package/src/vite/plugins/expose-action-id.ts +4 -75
package/src/vite/plugins/expose-id-utils.ts +3 -54
package/src/vite/plugins/expose-ids/export-analysis.ts +76 -34
package/src/vite/plugins/expose-ids/handler-transform.ts +6 -74
package/src/vite/plugins/expose-ids/loader-transform.ts +3 -20
package/src/vite/plugins/expose-ids/router-transform.ts +0 -13
package/src/vite/plugins/expose-internal-ids.ts +57 -67
package/src/vite/plugins/performance-tracks.ts +9 -16
package/src/vite/plugins/refresh-cmd.ts +1 -1
package/src/vite/plugins/use-cache-transform.ts +26 -49
package/src/vite/plugins/vercel-output.ts +258 -0
package/src/vite/plugins/version-injector.ts +2 -32
package/src/vite/plugins/version-plugin.ts +32 -23
package/src/vite/plugins/virtual-entries.ts +35 -17
package/src/vite/rango.ts +148 -115
package/src/vite/router-discovery.ts +220 -68
package/src/vite/utils/ast-handler-extract.ts +15 -31
package/src/vite/utils/bundle-analysis.ts +10 -15
package/src/vite/utils/client-chunks.ts +184 -0
package/src/vite/utils/forward-user-plugins.ts +171 -0
package/src/vite/utils/manifest-utils.ts +4 -59
package/src/vite/utils/package-resolution.ts +1 -73
package/src/vite/utils/prerender-utils.ts +0 -34
package/src/vite/utils/shared-utils.ts +95 -43
package/src/browser/action-response-classifier.ts +0 -99
package/src/browser/react/use-client-cache.ts +0 -58
package/src/browser/shallow.ts +0 -40
package/src/handles/index.ts +0 -7
package/src/router/middleware-cookies.ts +0 -55

package/src/router/middleware-types.ts CHANGED Viewed

@@ -1,10 +1,3 @@
-/**
- * Middleware Types
- *
- * Type definitions and interfaces for the middleware system.
- * Separated from execution logic for cleaner imports.
- */
 import type { ContextVar } from "../context-var.js";
 import type {
   DefaultReverseRouteMap,
@@ -16,17 +9,11 @@ import type { Theme } from "../theme/types.js";
 import type { LocationStateEntry } from "../browser/react/location-state-shared.js";
 import type { RequestScope } from "../types/request-scope.js";
-/**
- * Get variable function type
- */
 type GetVariableFn = {
   <T>(contextVar: ContextVar<T>): T | undefined;
   <K extends keyof DefaultVars>(key: K): DefaultVars[K];
 };
-/**
- * Set variable function type
- */
 type SetVariableFn = {
   <T>(contextVar: ContextVar<T>, value: T, options?: { cache?: boolean }): void;
   <K extends keyof DefaultVars>(
@@ -36,9 +23,6 @@ type SetVariableFn = {
   ): void;
 };
-/**
- * Cookie options for setting cookies
- */
 export interface CookieOptions {
   domain?: string;
   path?: string;
@@ -49,151 +33,60 @@ export interface CookieOptions {
   sameSite?: "strict" | "lax" | "none";
 }
-/**
- * Context passed to middleware
- *
- * @template TEnv - Environment type (bindings, variables) - defaults to any for internal flexibility
- * @template TParams - URL params type (typed for route middleware, Record<string, string> for global middleware)
- */
 export interface MiddlewareContext<
   TEnv = any,
-  TParams = Record<string, string>,
+  TParams = Record<string, string | undefined>,
 > extends RequestScope<TEnv> {
-  /** URL params extracted from route/middleware pattern */
   params: TParams;
-  /**
-   * Response headers.
-   * Before `next()`, returns headers from the shared response stub.
-   * After `next()`, returns headers from the downstream response.
-   */
   readonly headers: Headers;
-  /** Get a context variable (shared with route handlers) */
   get: GetVariableFn;
-  /** Set a context variable (shared with route handlers) */
   set: SetVariableFn;
-  /**
-   * Set a response header - can be called before or after `next()`.
-   *
-   * When called before `next()`, headers are queued and merged into the final response.
-   * When called after `next()`, headers are set directly on the response.
-   */
   header(name: string, value: string): void;
-  /**
-   * The matched route name, if available and the route has an explicit name.
-   * Undefined for global middleware (runs before route matching) or unnamed routes.
-   */
   routeName?: DefaultRouteName;
-  /**
-   * Enable performance metrics for this request.
-   * When called, granular timing breakdown is logged to console and
-   * included in the Server-Timing response header, regardless of the
-   * router-level `debugPerformance` option.
-   *
-   * Call **before** `await next()` so the metrics store exists when
-   * downstream phases (route matching, rendering, SSR) record their
-   * spans. Calling after `next()` returns still emits `handler:total`
-   * but misses all upstream metrics.
-   */
   debugPerformance(): void;
-  /**
-   * Current theme (from cookie or default).
-   * Only available when theme is enabled in router config.
-   */
   theme?: Theme;
-  /**
-   * Set the theme (only available when theme is enabled in router config).
-   * Sets a cookie with the new theme value.
-   */
   setTheme?: (theme: Theme) => void;
-  /**
-   * Attach location state entries to this response.
-   * State is delivered to the client via history.pushState and accessible
-   * through the useLocationState() hook.
-   */
   setLocationState(entries: LocationStateEntry | LocationStateEntry[]): void;
-  /**
-   * Generate URLs from route names.
-   * - `name` — global route, from the named-routes definition
-   */
   reverse: ScopedReverseFunction<
     Record<string, string>,
     DefaultReverseRouteMap
   >;
 }
-/**
- * Middleware function signature
- *
- * @template TEnv - Environment type - defaults to any for internal flexibility
- * @template TParams - URL params type (typed for route middleware)
- *
- * When using middleware with global augmentation (RSCRouter.Env), explicitly
- * annotate your middleware functions, or the types will be inferred from context:
- *
- * @example
- * ```typescript
- * // With explicit annotation (recommended for reusable middleware)
- * const authMiddleware: MiddlewareFn<AppEnv> = async (ctx, next) => {...}
- *
- * // Types inferred from router.use() call
- * router.use((ctx, next) => {...}) // ctx is typed from router's TEnv
- * ```
- */
-export type MiddlewareFn<TEnv = any, TParams = Record<string, string>> = (
+export type MiddlewareFn<
+  TEnv = any,
+  TParams = Record<string, string | undefined>,
+> = (
   ctx: MiddlewareContext<TEnv, TParams>,
   next: () => Promise<Response>,
 ) => Response | void | Promise<Response | void>;
-/**
- * Stored middleware entry with pattern matching info
- * @internal - uses any for internal flexibility
- */
 export interface MiddlewareEntry<TEnv = any> {
-  /** Original pattern string */
   pattern: string | null;
-  /** Compiled regex for matching */
   regex: RegExp | null;
-  /** Param names extracted from pattern */
   paramNames: string[];
-  /** The middleware function */
   handler: MiddlewareFn<TEnv>;
-  /** Mount prefix this middleware is scoped to (null = global) */
-  mountPrefix: string | null;
 }
-/**
- * Mutable response holder - tracks the current response through the middleware chain.
- */
 export interface ResponseHolder {
   response: Response | null;
 }
-/**
- * Entry type for middleware collection
- * Matches the shape of EntryData used in router.ts
- */
 export interface MiddlewareCollectableEntry {
   middleware?: MiddlewareFn<any, any>[];
   layout?: MiddlewareCollectableEntry[];
 }
-/**
- * Collected route middleware with params
- */
 export interface CollectedMiddleware {
   handler: MiddlewareFn<any, any>;
   params: Record<string, string>;

package/src/router/middleware.ts CHANGED Viewed

@@ -1,13 +1,4 @@
 /// <reference types="vite/types/importMeta.d.ts" />
-/**
- * Middleware Execution
- *
- * True middleware that wraps the entire RSC handler.
- * - `await next()` returns actual Response
- * - Can modify response headers
- * - Can catch errors from RSC rendering
- * - Forgiving API: if middleware doesn't return, original response is used
- */
 import { contextGet, contextSet } from "../context-var.js";
 import { safeDecodeURIComponent } from "./url-params.js";
@@ -21,28 +12,28 @@ import type {
   ResponseHolder,
 } from "./middleware-types.js";
 import { _getRequestContext } from "../server/request-context.js";
+import {
+  EXTERNAL_REDIRECT_MARKER,
+  isExternalRedirect,
+  markExternalRedirect,
+} from "../redirect-origin.js";
 import { isAutoGeneratedRouteName } from "../route-name.js";
 import { appendMetric, createMetricsStore } from "./metrics.js";
 import { stripInternalParams } from "./handler-context.js";
 import { isWebSocketUpgradeResponse } from "../response-utils.js";
-// Re-export types and cookie utilities for backward compatibility
+// Re-export types consumed through this module's path.
 export type {
   CookieOptions,
-  CollectedMiddleware,
-  MiddlewareCollectableEntry,
   MiddlewareContext,
   MiddlewareEntry,
   MiddlewareFn,
-  ResponseHolder,
 } from "./middleware-types.js";
-export { parseCookies, serializeCookie } from "./middleware-cookies.js";
 const MIDDLEWARE_METRIC_DEPTH = 1;
-/** Ignore post-next() durations below this threshold (measurement noise). */
 const POST_METRIC_MIN_DURATION_MS = 0.01;
-function getMiddlewareMetricBase<TEnv>(
+function getMiddlewareMetricLabel<TEnv>(
   entry: MiddlewareEntry<TEnv>,
   ordinal: number,
 ): string {
@@ -50,23 +41,12 @@ function getMiddlewareMetricBase<TEnv>(
   const scope = entry.pattern ?? "*";
   if (handlerName) {
-    return `${handlerName}@${scope}`;
+    return `middleware:${handlerName}@${scope}`;
   }
-  return `${scope}#${ordinal + 1}`;
+  return `middleware:${scope}#${ordinal + 1}`;
 }
-function getMiddlewareMetricLabel<TEnv>(
-  entry: MiddlewareEntry<TEnv>,
-  ordinal: number,
-): string {
-  return `middleware:${getMiddlewareMetricBase(entry, ordinal)}`;
-}
-/**
- * Parse a route pattern into regex and param names
- * Supports: *, /path, /path/*, /path/:param, /path/:param/*
- */
 export function parsePattern(pattern: string): {
   regex: RegExp;
   paramNames: string[];
@@ -261,9 +241,13 @@ export function createMiddlewareContext<TEnv>(
     reverse:
       reverse ??
-      ((name: string) => {
+      ((
+        name: string,
+        _params?: Record<string, string>,
+        _search?: Record<string, unknown>,
+      ) => {
         throw new Error(
-          `ctx.reverse() is not available - route map was not provided to middleware context`,
+          `ctx.reverse(${JSON.stringify(name)}) is not available: no route map is bound to this middleware context.`,
         );
       }),
@@ -307,6 +291,88 @@ export function matchMiddleware<TEnv>(
   return matches;
 }
+// Set-Cookie is appended; for other headers stubOverridesNonCookie=true
+// overwrites (chain ran to completion), false fills only missing slots (an
+// explicit short-circuit Response's own headers win).
+function mergeStubHeaders(
+  target: Headers,
+  stub: Headers,
+  stubOverridesNonCookie: boolean,
+): void {
+  stub.forEach((value, name) => {
+    // The reserved external-redirect marker is internal and never a trust
+    // signal; never copy a stub value (e.g. a stray ctx.header() call) onto a
+    // browser-facing response. The opt-in is the out-of-band brand.
+    if (name.toLowerCase() === EXTERNAL_REDIRECT_MARKER) return;
+    if (name.toLowerCase() === "set-cookie") {
+      target.append(name, value);
+    } else if (stubOverridesNonCookie || !target.has(name)) {
+      target.set(name, value);
+    }
+  });
+}
+// Set-Cookie is deduped so a nested inner executeMiddleware that already merged
+// the same reqCtx cookies does not duplicate them; other headers fill if missing.
+function mergeReqCtxStub(
+  target: Headers,
+  reqCtx: ReturnType<typeof _getRequestContext>,
+): void {
+  if (!reqCtx) return;
+  const stubCookies = reqCtx.res.headers.getSetCookie();
+  if (stubCookies.length > 0) {
+    const existing = new Set(target.getSetCookie());
+    for (const cookie of stubCookies) {
+      if (!existing.has(cookie)) {
+        target.append("set-cookie", cookie);
+      }
+    }
+  }
+  reqCtx.res.headers.forEach((value, name) => {
+    // Never propagate the reserved external-redirect marker (see mergeStubHeaders).
+    if (name.toLowerCase() === EXTERNAL_REDIRECT_MARKER) return;
+    if (name !== "set-cookie" && !target.has(name)) {
+      target.set(name, value);
+    }
+  });
+}
+// Clone `base` with stub headers merged into a fresh Headers (the clone keeps
+// the body mutable for post-next() modifications). Set-Cookie is always
+// appended; other headers obey stubOverridesNonCookie (see mergeStubHeaders).
+// mergeReqCtx folds in RequestContext stub cookies/headers; the intercept
+// short-circuit path passes false (its reqCtx headers are not merged here),
+// which is the one deliberate divergence between the call sites.
+function mergeResponse(
+  base: Response,
+  stub: Headers,
+  opts: { stubOverridesNonCookie: boolean; mergeReqCtx: boolean },
+): Response {
+  const mergedHeaders = new Headers(base.headers);
+  // The reserved external-redirect marker is never a trust signal and must never
+  // reach the browser. The guard strips it on 3xx redirects; strip it here too so
+  // a forged value cannot ride a non-3xx middleware response (which the 3xx-only
+  // guard would not touch) to the client. The opt-in is the out-of-band brand.
+  mergedHeaders.delete(EXTERNAL_REDIRECT_MARKER);
+  mergeStubHeaders(mergedHeaders, stub, opts.stubOverridesNonCookie);
+  if (opts.mergeReqCtx) {
+    mergeReqCtxStub(mergedHeaders, _getRequestContext());
+  }
+  const merged = new Response(base.body, {
+    status: base.status,
+    statusText: base.statusText,
+    headers: mergedHeaders,
+  });
+  // Transfer the out-of-band external-redirect brand across this rebuild: a
+  // middleware short-circuit `return redirect(url, { external: true })` reaches
+  // the open-redirect guard only after this merge, and the brand lives on the
+  // Response object, not in its headers.
+  if (isExternalRedirect(base)) {
+    markExternalRedirect(merged);
+  }
+  return merged;
+}
 /**
  * Execute middleware chain
  *
@@ -315,7 +381,7 @@ export function matchMiddleware<TEnv>(
  * - `ctx.headers` available before and after `await next()`
  * - `ctx.header()` shorthand for setting a single header
  * - Forgiving: if middleware doesn't return, uses the downstream response
- * - Short-circuit: return Response to stop chain
+ * - Short-circuit: return OR throw a Response to stop chain
  * - Error catching: try/catch around `next()` works
  */
 export async function executeMiddleware<TEnv>(
@@ -345,47 +411,16 @@ export async function executeMiddleware<TEnv>(
       // End of chain - call actual RSC handler
       const response = await finalHandler();
-      // Merge headers set on stub into the real response.
-      // Use append for Set-Cookie to preserve multiple cookies.
-      const mergedHeaders = new Headers(response.headers);
-      stubResponse.headers.forEach((value, name) => {
-        if (name.toLowerCase() === "set-cookie") {
-          mergedHeaders.append(name, value);
-        } else {
-          mergedHeaders.set(name, value);
-        }
-      });
-      // Also merge shared RequestContext stub (cookies written via cookies().set()).
-      // Dedup Set-Cookie: an inner executeMiddleware (route-level middleware)
-      // may have already merged the same reqCtx cookies into the response.
-      const reqCtx = _getRequestContext();
-      if (reqCtx) {
-        const stubCookies = reqCtx.res.headers.getSetCookie();
-        if (stubCookies.length > 0) {
-          const existing = new Set(mergedHeaders.getSetCookie());
-          for (const cookie of stubCookies) {
-            if (!existing.has(cookie)) {
-              mergedHeaders.append("set-cookie", cookie);
-            }
-          }
-        }
-        reqCtx.res.headers.forEach((value, name) => {
-          if (name !== "set-cookie" && !mergedHeaders.has(name)) {
-            mergedHeaders.set(name, value);
-          }
-        });
-      }
       if (isWebSocketUpgradeResponse(response)) {
         responseHolder.response = response;
         return response;
       }
-      // Clone response with merged headers (mutable for post-next() modifications)
-      responseHolder.response = new Response(response.body, {
-        status: response.status,
-        statusText: response.statusText,
-        headers: mergedHeaders,
+      // Chain ran to completion: stub headers overwrite (stubOverridesNonCookie)
+      // and reqCtx stub headers are merged in.
+      responseHolder.response = mergeResponse(response, stubResponse.headers, {
+        stubOverridesNonCookie: true,
+        mergeReqCtx: true,
       });
       return responseHolder.response;
@@ -477,45 +512,18 @@ export async function executeMiddleware<TEnv>(
     // Explicit return takes precedence (middleware short-circuit).
     // Merge stub headers (from ctx.header before this point) and
-    // RequestContext stub headers (from ctx.setCookie) into the
+    // RequestContext stub headers (from cookies().set()) into the
     // returned Response so they are not lost.
     if (result instanceof Response) {
       if (isWebSocketUpgradeResponse(result)) {
         responseHolder.response = result;
         return result;
       }
-      const mergedHeaders = new Headers(result.headers);
-      stubResponse.headers.forEach((value, name) => {
-        if (name.toLowerCase() === "set-cookie") {
-          mergedHeaders.append(name, value);
-        } else if (!mergedHeaders.has(name)) {
-          mergedHeaders.set(name, value);
-        }
-      });
-      // Also merge shared RequestContext stub (cookies written via setCookie).
-      // Dedup Set-Cookie: an inner executeMiddleware (route-level middleware)
-      // may have already merged the same reqCtx cookies into the response.
-      const reqCtx = _getRequestContext();
-      if (reqCtx) {
-        const stubCookies = reqCtx.res.headers.getSetCookie();
-        if (stubCookies.length > 0) {
-          const existing = new Set(mergedHeaders.getSetCookie());
-          for (const cookie of stubCookies) {
-            if (!existing.has(cookie)) {
-              mergedHeaders.append("set-cookie", cookie);
-            }
-          }
-        }
-        reqCtx.res.headers.forEach((value, name) => {
-          if (name !== "set-cookie" && !mergedHeaders.has(name)) {
-            mergedHeaders.set(name, value);
-          }
-        });
-      }
-      const merged = new Response(result.body, {
-        status: result.status,
-        statusText: result.statusText,
-        headers: mergedHeaders,
+      // Explicit short-circuit: the returned Response's own headers win
+      // (stubOverridesNonCookie=false); reqCtx stub headers still merge in.
+      const merged = mergeResponse(result, stubResponse.headers, {
+        stubOverridesNonCookie: false,
+        mergeReqCtx: true,
       });
       responseHolder.response = merged;
       return merged;
@@ -565,21 +573,7 @@ export async function executeMiddleware<TEnv>(
   // set-cookie on an upgrade is not meaningful.
   const reqCtx = _getRequestContext();
   if (reqCtx && !isWebSocketUpgradeResponse(finalResponse)) {
-    const stubCookies = reqCtx.res.headers.getSetCookie();
-    if (stubCookies.length > 0) {
-      const existingCookies = new Set(finalResponse.headers.getSetCookie());
-      for (const cookie of stubCookies) {
-        if (!existingCookies.has(cookie)) {
-          finalResponse.headers.append("set-cookie", cookie);
-        }
-      }
-    }
-    // Fill in non-cookie headers that aren't already on the response
-    reqCtx.res.headers.forEach((value, name) => {
-      if (name !== "set-cookie" && !finalResponse.headers.has(name)) {
-        finalResponse.headers.set(name, value);
-      }
-    });
+    mergeReqCtxStub(finalResponse.headers, reqCtx);
   }
   return finalResponse;
@@ -590,7 +584,7 @@ export async function executeMiddleware<TEnv>(
  *
  * Intercepts use a shared stubResponse from the request context. This function:
  * - Runs middleware in sequence with a simple next() chain
- * - Returns Response if any middleware short-circuits (returns Response or redirects BEFORE next())
+ * - Returns Response if any middleware short-circuits (returns OR throws a Response, or redirects, BEFORE next())
  * - Returns null if all middleware calls next() - headers set after next() remain on stubResponse
  *
  * @param middlewares - Array of middleware functions
@@ -684,21 +678,13 @@ export async function executeInterceptMiddleware<TEnv>(
     });
     if (hasStubHeaders) {
-      // Clone and merge headers from stub into early response.
-      // Only fill in missing headers — the returned Response's explicit
-      // headers take precedence, matching executeMiddleware behavior.
-      const mergedHeaders = new Headers(response.headers);
-      stubResponse.headers.forEach((value, name) => {
-        if (name.toLowerCase() === "set-cookie") {
-          mergedHeaders.append(name, value);
-        } else if (!mergedHeaders.has(name)) {
-          mergedHeaders.set(name, value);
-        }
-      });
-      return new Response(response.body, {
-        status: response.status,
-        statusText: response.statusText,
-        headers: mergedHeaders,
+      // Only fill in missing headers — the returned Response's explicit headers
+      // take precedence (stubOverridesNonCookie=false), matching executeMiddleware.
+      // mergeReqCtx=false: the intercept path deliberately does NOT merge reqCtx
+      // stub headers here (pinned by intercept-middleware-headers.test.ts).
+      return mergeResponse(response, stubResponse.headers, {
+        stubOverridesNonCookie: false,
+        mergeReqCtx: false,
       });
     }
     return response;
@@ -739,7 +725,6 @@ export async function executeLoaderMiddleware<TEnv>(
       regex: null,
       paramNames: [],
       handler,
-      mountPrefix: null,
     } as MiddlewareEntry<TEnv>,
     params,
   }));

package/src/router/navigation-snapshot.ts CHANGED Viewed

@@ -1,58 +1,26 @@
-/**
- * Navigation Snapshot
- *
- * Pure data type representing the navigation-specific state for partial requests.
- * Consolidates the header parsing, previous-route matching, intercept-context
- * detection, and segment ID filtering that previously lived inline in
- * createMatchContextForPartial (match-api.ts).
- *
- * resolveNavigation() is the factory: given a request + URL + current route key,
- * it returns a NavigationSnapshot (or null if no previous URL).
- */
 import type { RouteMatchResult } from "./pattern-matching.js";
-/**
- * Snapshot of navigation state for a partial (navigation/action) request.
- *
- * Contains the "where are we coming from?" data: previous route, intercept
- * source, client segment state, and derived flags.
- */
 export interface NavigationSnapshot {
-  /** Previous page URL (from X-RSC-Router-Client-Path or Referer) */
   prevUrl: URL;
-  /** Params from the previous route match */
   prevParams: Record<string, string>;
-  /** Previous route match result (null if prev URL doesn't match any route) */
   prevMatch: RouteMatchResult | null;
-  /** URL used as intercept context source */
   interceptContextUrl: URL;
-  /** Route match for the intercept context URL */
   interceptContextMatch: RouteMatchResult | null;
-  /** Raw segment IDs the client currently has */
   clientSegmentIds: string[];
-  /** Set version for O(1) lookup */
   clientSegmentSet: Set<string>;
-  /** Segment IDs filtered to remove parallel (.@) and loader (D\d+.) entries */
   filteredSegmentIds: string[];
-  /** Whether client considers its cache stale */
   stale: boolean;
-  /** Whether the intercept context route is the same as the current route */
   isSameRouteNavigation: boolean;
-  /** Effective "from" URL (intercept source URL when present, else prevUrl) */
   effectiveFromUrl: URL;
-  /** Effective "from" match (intercept source match when present, else prevMatch) */
   effectiveFromMatch: RouteMatchResult | null;
-  /** Whether an intercept source header was present */
   hasInterceptSource: boolean;
-  /** Whether an HMR request header was present */
   isHmr: boolean;
 }
@@ -60,23 +28,12 @@ export interface ResolveNavigationDeps {
   findMatch: (pathname: string) => RouteMatchResult | null;
 }
-/**
- * Resolve navigation state from a partial request.
- *
- * Returns null if no previous URL is available (required for partial navigation).
- *
- * @param request - The incoming HTTP request
- * @param url - Parsed URL of the request
- * @param currentRouteKey - Route key of the current (target) route match
- * @param deps - Dependencies (findMatch)
- */
 export function resolveNavigation(
   request: Request,
   url: URL,
   currentRouteKey: string,
   deps: ResolveNavigationDeps,
 ): NavigationSnapshot | null {
-  // Parse client state from RSC request params/headers
   const clientSegmentIds =
     url.searchParams.get("_rsc_segments")?.split(",").filter(Boolean) || [];
   const stale = url.searchParams.get("_rsc_stale") === "true";
@@ -92,7 +49,6 @@ export function resolveNavigation(
     return null;
   }
-  // Parse previous URL
   let prevUrl: URL;
   try {
     prevUrl = new URL(previousUrl, url.origin);
@@ -100,7 +56,6 @@ export function resolveNavigation(
     return null;
   }
-  // Parse intercept context URL
   let interceptContextUrl: URL;
   try {
     interceptContextUrl = interceptSourceUrl
@@ -110,14 +65,12 @@ export function resolveNavigation(
     interceptContextUrl = prevUrl;
   }
-  // Match previous and intercept context routes
   const prevMatch = deps.findMatch(prevUrl.pathname);
   const prevParams = prevMatch?.params || {};
   const interceptContextMatch = interceptSourceUrl
     ? deps.findMatch(interceptContextUrl.pathname)
     : prevMatch;
-  // Derived state
   const isSameRouteNavigation = !!(
     interceptContextMatch && interceptContextMatch.routeKey === currentRouteKey
   );
@@ -128,7 +81,6 @@ export function resolveNavigation(
     ? interceptContextMatch
     : prevMatch;
-  // Filter segment IDs: remove parallel (.@) and loader (D\d+.) entries
   const filteredSegmentIds = clientSegmentIds.filter((id) => {
     if (id.includes(".@")) return false;
     if (/D\d+\./.test(id)) return false;
@@ -155,9 +107,6 @@ export function resolveNavigation(
   };
 }
-/**
- * Test helper: create a NavigationSnapshot with sensible defaults and overrides.
- */
 export function createNavigationSnapshot(
   overrides?: Partial<NavigationSnapshot>,
 ): NavigationSnapshot {