@timber-js/app 0.1.0

package/dist/server/index.js

@@ -0,0 +1,2925 @@
+import { a as warnDenyAfterFlush, c as warnRedirectInAccess, d as warnSlowSlotWithoutSuspense, f as warnStaticRequestApi, i as warnCacheRequestProps, l as warnRedirectInSlotAccess, n as WarningId, o as warnDenyInSuspense, p as warnSuspenseWrappingChildren, r as setViteServer, s as warnDynamicApiInStaticBuild, t as formatSize, u as warnRedirectInSuspense } from "../_chunks/format-DNt20Kt8.js";
+import { i as getMetadataRouteServePath, n as classifyMetadataRoute, r as getMetadataRouteAutoLink, t as METADATA_ROUTE_CONVENTIONS } from "../_chunks/metadata-routes-BDnswgRO.js";
+import { a as markResponseFlushed, c as setCookieSecrets, i as headers, l as setMutableCookieContext, n as cookies, o as runWithRequestContext, r as getSetCookieHeaders, s as searchParams, t as applyRequestHeaderOverlay, u as setParsedSearchParams } from "../_chunks/request-context-D6XHINkR.js";
+import { a as replaceTraceId, c as spanId, i as getTraceStore, l as traceId, n as generateTraceId, o as runWithTraceId, r as getOtelTraceId, s as setSpanAttribute, t as addSpanEvent, u as withSpan } from "../_chunks/tracing-BtOwb8O6.js";
+import { t as TimberErrorBoundary } from "../_chunks/error-boundary-dj-WO5uq.js";
+import { AsyncLocalStorage } from "node:async_hooks";
+//#region src/server/primitives.ts
+/**
+* Render-phase signal thrown by `deny()`. Caught by the framework to produce
+* the correct HTTP status code (segment context) or graceful degradation (slot context).
+*/
+var DenySignal = class extends Error {
+	status;
+	data;
+	constructor(status, data) {
+		super(`Access denied with status ${status}`);
+		this.name = "DenySignal";
+		this.status = status;
+		this.data = data;
+	}
+	/**
+	* Extract the file that called deny() from the stack trace.
+	* Returns a short path (e.g. "app/auth/access.ts") or undefined if
+	* the stack can't be parsed. Dev-only — used for dev log output.
+	*/
+	get sourceFile() {
+		if (!this.stack) return void 0;
+		const frames = this.stack.split("\n");
+		for (let i = 2; i < frames.length; i++) {
+			const frame = frames[i];
+			if (!frame) continue;
+			if (frame.includes("primitives.ts") || frame.includes("node_modules")) continue;
+			const match = frame.match(/\(([^)]+?)(?::\d+:\d+)\)/) ?? frame.match(/at\s+([^\s]+?)(?::\d+:\d+)/);
+			if (match?.[1]) {
+				const full = match[1];
+				const appIdx = full.indexOf("/app/");
+				return appIdx >= 0 ? full.slice(appIdx + 1) : full;
+			}
+		}
+	}
+};
+/**
+* Universal denial primitive. Throws a `DenySignal` that the framework catches.
+*
+* - In segment context (outside Suspense): produces HTTP status code
+* - In slot context: graceful degradation → denied.tsx → default.tsx → null
+* - Inside Suspense (hold window): promoted to pre-flush behavior
+* - Inside Suspense (after flush): error boundary + noindex meta
+*
+* @param status - Any 4xx HTTP status code. Defaults to 403.
+* @param data - Optional data passed as `dangerouslyPassData` prop to status-code files.
+*/
+function deny(status = 403, data) {
+	if (status < 400 || status > 499) throw new Error(`deny() requires a 4xx status code, got ${status}. For 5xx errors, throw a RenderError instead.`);
+	throw new DenySignal(status, data);
+}
+/**
+* Convenience alias for `deny(404)`.
+*
+* Provided for Next.js API compatibility — libraries and user code that
+* call `notFound()` from `next/navigation` get the same behavior as
+* `deny(404)` in timber.
+*/
+function notFound() {
+	throw new DenySignal(404);
+}
+/**
+* Next.js redirect type discriminator.
+*
+* Provided for API compatibility with libraries that import `RedirectType`
+* from `next/navigation`. In timber, `redirect()` always uses `replace`
+* semantics (no history entry for the redirect itself).
+*/
+var RedirectType = {
+	push: "push",
+	replace: "replace"
+};
+/**
+* Render-phase signal thrown by `redirect()` and `redirectExternal()`.
+* Caught by the framework to produce a 3xx response or client-side navigation.
+*/
+var RedirectSignal = class extends Error {
+	location;
+	status;
+	constructor(location, status) {
+		super(`Redirect to ${location}`);
+		this.name = "RedirectSignal";
+		this.location = location;
+		this.status = status;
+	}
+};
+/** Pattern matching absolute URLs: http(s):// or protocol-relative // */
+var ABSOLUTE_URL_RE = /^(?:[a-zA-Z][a-zA-Z\d+\-.]*:|\/\/)/;
+/**
+* Redirect to a relative path. Rejects absolute and protocol-relative URLs.
+* Use `redirectExternal()` for external redirects with an allow-list.
+*
+* @param path - Relative path (e.g. '/login', 'settings', '/login?returnTo=/dash')
+* @param status - HTTP redirect status code (3xx). Defaults to 302.
+*/
+function redirect(path, status = 302) {
+	if (status < 300 || status > 399) throw new Error(`redirect() requires a 3xx status code, got ${status}.`);
+	if (ABSOLUTE_URL_RE.test(path)) throw new Error(`redirect() only accepts relative URLs. Got absolute URL: "${path}". Use redirectExternal(url, allowList) for external redirects.`);
+	throw new RedirectSignal(path, status);
+}
+/**
+* Permanent redirect to a relative path. Shorthand for `redirect(path, 308)`.
+*
+* Uses 308 (Permanent Redirect) which preserves the HTTP method — the browser
+* will replay POST requests to the new location. This matches Next.js behavior.
+*
+* @param path - Relative path (e.g. '/new-page', '/dashboard')
+*/
+function permanentRedirect(path) {
+	redirect(path, 308);
+}
+/**
+* Redirect to an external URL. The hostname must be in the provided allow-list.
+*
+* @param url - Absolute URL to redirect to.
+* @param allowList - Array of allowed hostnames (e.g. ['example.com', 'auth.example.com']).
+* @param status - HTTP redirect status code (3xx). Defaults to 302.
+*/
+function redirectExternal(url, allowList, status = 302) {
+	if (status < 300 || status > 399) throw new Error(`redirectExternal() requires a 3xx status code, got ${status}.`);
+	let hostname;
+	try {
+		hostname = new URL(url).hostname;
+	} catch {
+		throw new Error(`redirectExternal() received an invalid URL: "${url}"`);
+	}
+	if (!allowList.includes(hostname)) throw new Error(`redirectExternal() target "${hostname}" is not in the allow-list. Allowed: [${allowList.join(", ")}]`);
+	throw new RedirectSignal(url, status);
+}
+/**
+* Typed throw for render-phase errors that carry structured context to error boundaries.
+*
+* The `digest` (code + data) is serialized into the RSC stream separately from the
+* Error instance — only the digest crosses the RSC → client boundary.
+*
+* @example
+* ```ts
+* throw new RenderError('PRODUCT_NOT_FOUND', {
+*   title: 'Product not found',
+*   resourceId: params.id,
+* })
+* ```
+*/
+var RenderError = class extends Error {
+	code;
+	digest;
+	status;
+	constructor(code, data, options) {
+		super(`RenderError: ${code}`);
+		this.name = "RenderError";
+		this.code = code;
+		this.digest = {
+			code,
+			data
+		};
+		const status = options?.status ?? 500;
+		if (status < 400 || status > 599) throw new Error(`RenderError status must be 4xx or 5xx, got ${status}.`);
+		this.status = status;
+	}
+};
+var _waitUntilWarned = false;
+/**
+* Register a promise to be kept alive after the response is sent.
+* Maps to `ctx.waitUntil()` on Cloudflare Workers and similar platforms.
+*
+* If the adapter does not support `waitUntil`, a warning is logged once
+* and the promise is left to resolve (or reject) without being tracked.
+*
+* @param promise - The background work to keep alive.
+* @param adapter - The platform adapter (injected by the framework at runtime).
+*/
+function waitUntil(promise, adapter) {
+	if (typeof adapter.waitUntil === "function") {
+		adapter.waitUntil(promise);
+		return;
+	}
+	if (!_waitUntilWarned) {
+		_waitUntilWarned = true;
+		console.warn("[timber] waitUntil() is not supported by the current adapter. Background work will not be tracked. This warning is shown once.");
+	}
+}
+//#endregion
+//#region src/server/canonicalize.ts
+/**
+* Encoded separators that produce a 400 rejection.
+* %2f (/) and %5c (\) cause path-confusion attacks.
+*/
+var ENCODED_SEPARATOR_RE = /%2f|%5c/i;
+/** Null byte — rejected. */
+var NULL_BYTE_RE = /%00/i;
+/**
+* Canonicalize a URL pathname.
+*
+* 1. Reject encoded separators (%2f, %5c) and null bytes (%00)
+* 2. Single percent-decode
+* 3. Collapse // → /
+* 4. Resolve .. segments (reject if escaping root)
+* 5. Strip trailing slash (except root "/")
+*
+* @param rawPathname - The raw pathname from the request URL (percent-encoded)
+* @param stripTrailingSlash - Whether to strip trailing slashes. Default: true.
+*/
+function canonicalize(rawPathname, stripTrailingSlash = true) {
+	if (ENCODED_SEPARATOR_RE.test(rawPathname)) return {
+		ok: false,
+		status: 400
+	};
+	if (NULL_BYTE_RE.test(rawPathname)) return {
+		ok: false,
+		status: 400
+	};
+	let decoded;
+	try {
+		decoded = decodeURIComponent(rawPathname);
+	} catch {
+		return {
+			ok: false,
+			status: 400
+		};
+	}
+	if (decoded.includes("\0")) return {
+		ok: false,
+		status: 400
+	};
+	let pathname = decoded.replace(/\/\/+/g, "/");
+	const segments = pathname.split("/");
+	const resolved = [];
+	for (const seg of segments) if (seg === "..") {
+		if (resolved.length <= 1) return {
+			ok: false,
+			status: 400
+		};
+		resolved.pop();
+	} else if (seg !== ".") resolved.push(seg);
+	pathname = resolved.join("/") || "/";
+	if (stripTrailingSlash && pathname.length > 1 && pathname.endsWith("/")) pathname = pathname.slice(0, -1);
+	return {
+		ok: true,
+		pathname
+	};
+}
+//#endregion
+//#region src/server/proxy.ts
+/**
+* Run the proxy pipeline.
+*
+* @param proxyExport - The default export from proxy.ts (function or array)
+* @param req - The incoming request
+* @param next - The continuation that proceeds to route matching and rendering
+* @returns The final response
+*/
+async function runProxy(proxyExport, req, next) {
+	const fns = Array.isArray(proxyExport) ? proxyExport : [proxyExport];
+	let i = fns.length;
+	let composed = next;
+	while (i--) {
+		const fn = fns[i];
+		const downstream = composed;
+		composed = () => Promise.resolve(fn(req, downstream));
+	}
+	return composed();
+}
+//#endregion
+//#region src/server/middleware-runner.ts
+/**
+* Run a route's middleware function.
+*
+* @param middlewareFn - The default export from the route's middleware.ts
+* @param ctx - The middleware context (req, params, headers, requestHeaders, searchParams)
+* @returns A Response if middleware short-circuited, or undefined to continue
+*/
+async function runMiddleware(middlewareFn, ctx) {
+	const result = await middlewareFn(ctx);
+	if (result instanceof Response) return result;
+}
+//#endregion
+//#region src/server/error-formatter.ts
+/**
+* Error Formatter — rewrites SSR/RSC error messages to surface user code.
+*
+* When React or Vite throw errors during SSR, stack traces reference
+* vendored dependency paths (e.g. `.vite/deps_ssr/@vitejs_plugin-rsc_vendor_...`)
+* and mangled export names (`__vite_ssr_export_default__`). This module
+* rewrites error messages and stack traces to point at user code instead.
+*
+* Dev-only — in production, errors go through the structured logger
+* without formatting.
+*/
+/**
+* Patterns that identify internal Vite/RSC vendor paths in stack traces.
+* These are replaced with human-readable labels.
+*/
+var VENDOR_PATH_PATTERNS = [
+	{
+		pattern: /node_modules\/\.vite\/deps_ssr\/@vitejs_plugin-rsc_vendor_react-server-dom[^\s)]+/g,
+		replacement: "<react-server-dom>"
+	},
+	{
+		pattern: /node_modules\/\.vite\/deps_ssr\/@vitejs_plugin-rsc_vendor[^\s)]+/g,
+		replacement: "<rsc-vendor>"
+	},
+	{
+		pattern: /node_modules\/\.vite\/deps_ssr\/[^\s)]+/g,
+		replacement: "<vite-dep>"
+	},
+	{
+		pattern: /node_modules\/\.vite\/deps\/[^\s)]+/g,
+		replacement: "<vite-dep>"
+	}
+];
+/**
+* Patterns that identify Vite-mangled export names in error messages.
+*/
+var MANGLED_NAME_PATTERNS = [{
+	pattern: /__vite_ssr_export_default__/g,
+	replacement: "<default export>"
+}, {
+	pattern: /__vite_ssr_export_(\w+)__/g,
+	replacement: "<export $1>"
+}];
+/**
+* Rewrite an error's message and stack to replace internal Vite paths
+* and mangled names with human-readable labels.
+*/
+function formatSsrError(error) {
+	if (!(error instanceof Error)) return String(error);
+	let message = error.message;
+	let stack = error.stack ?? "";
+	for (const { pattern, replacement } of MANGLED_NAME_PATTERNS) message = message.replace(pattern, replacement);
+	for (const { pattern, replacement } of VENDOR_PATH_PATTERNS) stack = stack.replace(pattern, replacement);
+	for (const { pattern, replacement } of MANGLED_NAME_PATTERNS) stack = stack.replace(pattern, replacement);
+	const hint = extractErrorHint(error.message);
+	const parts = [];
+	parts.push(message);
+	if (hint) parts.push(`  → ${hint}`);
+	const userFrames = extractUserFrames(stack);
+	if (userFrames.length > 0) {
+		parts.push("");
+		parts.push("  User code in stack:");
+		for (const frame of userFrames) parts.push(`    ${frame}`);
+	}
+	return parts.join("\n");
+}
+/**
+* Extract a human-readable hint from common React/RSC error messages.
+*
+* React error messages contain useful information but the surrounding
+* context (vendor paths, mangled names) obscures it. This extracts the
+* actionable part as a one-line hint.
+*/
+function extractErrorHint(message) {
+	if (message.match(/Functions cannot be passed directly to Client Components/)) {
+		const propMatch = message.match(/<[^>]*?\s(\w+)=\{function/);
+		if (propMatch) return `Prop "${propMatch[1]}" is a function — mark it "use server" or call it before passing`;
+		return "A function prop was passed to a Client Component — mark it \"use server\" or call it before passing";
+	}
+	if (message.includes("Objects are not valid as a React child")) return "An object was rendered as JSX children — convert to string or extract the value";
+	const nullRefMatch = message.match(/Cannot read propert(?:y|ies) of (undefined|null) \(reading '(\w+)'\)/);
+	if (nullRefMatch) return `Accessed .${nullRefMatch[2]} on ${nullRefMatch[1]} — check that the value exists`;
+	const notFnMatch = message.match(/(\w+) is not a function/);
+	if (notFnMatch) return `"${notFnMatch[1]}" is not a function — check imports and exports`;
+	if (message.includes("Element type is invalid")) return "A component resolved to undefined/null — check default exports and import paths";
+	return null;
+}
+/**
+* Extract stack frames that reference user code (not node_modules,
+* not framework internals).
+*
+* Returns at most 5 frames to keep output concise.
+*/
+function extractUserFrames(stack) {
+	const lines = stack.split("\n");
+	const userFrames = [];
+	for (const line of lines) {
+		const trimmed = line.trim();
+		if (!trimmed.startsWith("at ")) continue;
+		if (trimmed.includes("node_modules") || trimmed.includes("<react-server-dom>") || trimmed.includes("<rsc-vendor>") || trimmed.includes("<vite-dep>") || trimmed.includes("node:internal")) continue;
+		userFrames.push(trimmed);
+		if (userFrames.length >= 5) break;
+	}
+	return userFrames;
+}
+//#endregion
+//#region src/server/logger.ts
+/**
+* Logger — structured logging with environment-aware formatting.
+*
+* timber.js does not ship a logger. Users export any object with
+* info/warn/error/debug methods from instrumentation.ts and the framework
+* picks it up. Silent if no logger export is present.
+*
+* See design/17-logging.md §"Production Logging"
+*/
+var _logger = null;
+/**
+* Set the user-provided logger. Called by the instrumentation loader
+* when it finds a `logger` export in instrumentation.ts.
+*/
+function setLogger(logger) {
+	_logger = logger;
+}
+/**
+* Get the current logger, or null if none configured.
+* Framework-internal — used at framework event points to emit structured logs.
+*/
+function getLogger() {
+	return _logger;
+}
+/**
+* Inject trace_id and span_id into log data for log–trace correlation.
+* Always injects trace_id (never undefined). Injects span_id only when OTEL is active.
+*/
+function withTraceContext(data) {
+	const store = getTraceStore();
+	const enriched = { ...data };
+	if (store) {
+		enriched.trace_id = store.traceId;
+		if (store.spanId) enriched.span_id = store.spanId;
+	}
+	return enriched;
+}
+/** Log a completed request. Level: info. */
+function logRequestCompleted(data) {
+	_logger?.info("request completed", withTraceContext(data));
+}
+/** Log request received. Level: debug. */
+function logRequestReceived(data) {
+	_logger?.debug("request received", withTraceContext(data));
+}
+/** Log a slow request warning. Level: warn. */
+function logSlowRequest(data) {
+	_logger?.warn("slow request exceeded threshold", withTraceContext(data));
+}
+/** Log middleware short-circuit. Level: debug. */
+function logMiddlewareShortCircuit(data) {
+	_logger?.debug("middleware short-circuited", withTraceContext(data));
+}
+/** Log unhandled error in middleware phase. Level: error. */
+function logMiddlewareError(data) {
+	if (_logger) _logger.error("unhandled error in middleware phase", withTraceContext(data));
+	else if (process.env.NODE_ENV !== "production") console.error("[timber] middleware error", data.error);
+}
+/** Log unhandled render-phase error. Level: error. */
+function logRenderError(data) {
+	if (_logger) _logger.error("unhandled render-phase error", withTraceContext(data));
+	else if (process.env.NODE_ENV !== "production") console.error("[timber] render error:", formatSsrError(data.error));
+}
+/** Log proxy.ts uncaught error. Level: error. */
+function logProxyError(data) {
+	if (_logger) _logger.error("proxy.ts threw uncaught error", withTraceContext(data));
+	else if (process.env.NODE_ENV !== "production") console.error("[timber] proxy error", data.error);
+}
+/** Log waitUntil() adapter missing (once at startup). Level: warn. */
+function logWaitUntilUnsupported() {
+	_logger?.warn("adapter does not support waitUntil()");
+}
+/** Log waitUntil() promise rejection. Level: warn. */
+function logWaitUntilRejected(data) {
+	_logger?.warn("waitUntil() promise rejected", withTraceContext(data));
+}
+/** Log staleWhileRevalidate refetch failure. Level: warn. */
+function logSwrRefetchFailed(data) {
+	_logger?.warn("staleWhileRevalidate refetch failed", withTraceContext(data));
+}
+/** Log cache miss. Level: debug. */
+function logCacheMiss(data) {
+	_logger?.debug("timber.cache MISS", withTraceContext(data));
+}
+//#endregion
+//#region src/server/instrumentation.ts
+/**
+* Instrumentation — loads and runs the user's instrumentation.ts file.
+*
+* instrumentation.ts is a file convention at the project root that exports:
+* - register() — called once at server startup, before the first request
+* - onRequestError() — called for every unhandled server error
+* - logger — any object with info/warn/error/debug methods
+*
+* See design/17-logging.md §"instrumentation.ts — The Entry Point"
+*/
+var _initialized = false;
+var _onRequestError = null;
+/**
+* Load and initialize the user's instrumentation.ts module.
+*
+* - Awaits register() before returning (server blocks on this).
+* - Picks up the logger export and wires it into the framework logger.
+* - Stores onRequestError for later invocation.
+*
+* @param loader - Function that dynamically imports the user's instrumentation module.
+*                 Returns null if no instrumentation.ts exists.
+*/
+async function loadInstrumentation(loader) {
+	if (_initialized) return;
+	_initialized = true;
+	let mod;
+	try {
+		mod = await loader();
+	} catch (error) {
+		console.error("[timber] Failed to load instrumentation.ts:", error);
+		return;
+	}
+	if (!mod) return;
+	if (mod.logger && typeof mod.logger.info === "function") setLogger(mod.logger);
+	if (typeof mod.onRequestError === "function") _onRequestError = mod.onRequestError;
+	if (typeof mod.register === "function") try {
+		await mod.register();
+	} catch (error) {
+		console.error("[timber] instrumentation.ts register() threw:", error);
+		throw error;
+	}
+}
+/**
+* Call the user's onRequestError hook. Catches and logs any errors thrown
+* by the hook itself — it must not affect the response.
+*/
+async function callOnRequestError(error, request, context) {
+	if (!_onRequestError) return;
+	try {
+		await _onRequestError(error, request, context);
+	} catch (hookError) {
+		console.error("[timber] onRequestError hook threw:", hookError);
+	}
+}
+/**
+* Check if onRequestError is registered.
+*/
+function hasOnRequestError() {
+	return _onRequestError !== null;
+}
+//#endregion
+//#region src/server/pipeline.ts
+/**
+* Request pipeline — the central dispatch for all timber.js requests.
+*
+* Pipeline stages (in order):
+*   proxy.ts → canonicalize → route match → 103 Early Hints → middleware.ts → render
+*
+* Each stage is a pure function or returns a Response to short-circuit.
+* Each request gets a trace ID, structured logging, and OTEL spans.
+*
+* See design/07-routing.md §"Request Lifecycle", design/02-rendering-pipeline.md §"Request Flow",
+* and design/17-logging.md §"Production Logging"
+*/
+/**
+* Create the request handler from a pipeline configuration.
+*
+* Returns a function that processes an incoming Request through all pipeline stages
+* and produces a Response. This is the top-level entry point for the server.
+*/
+function createPipeline(config) {
+	const { proxy, matchRoute, render, earlyHints, stripTrailingSlash = true, slowRequestMs = 3e3, onPipelineError } = config;
+	return async (req) => {
+		const url = new URL(req.url);
+		const method = req.method;
+		const path = url.pathname;
+		const startTime = performance.now();
+		return runWithTraceId(generateTraceId(), async () => {
+			return runWithRequestContext(req, async () => {
+				logRequestReceived({
+					method,
+					path
+				});
+				const response = await withSpan("http.server.request", {
+					"http.request.method": method,
+					"url.path": path
+				}, async () => {
+					const otelIds = await getOtelTraceId();
+					if (otelIds) replaceTraceId(otelIds.traceId, otelIds.spanId);
+					let result;
+					if (proxy || config.proxyLoader) result = await runProxyPhase(req, method, path);
+					else result = await handleRequest(req, method, path);
+					await setSpanAttribute("http.response.status_code", result.status);
+					return result;
+				});
+				const durationMs = Math.round(performance.now() - startTime);
+				const status = response.status;
+				logRequestCompleted({
+					method,
+					path,
+					status,
+					durationMs
+				});
+				if (slowRequestMs > 0 && durationMs > slowRequestMs) logSlowRequest({
+					method,
+					path,
+					durationMs,
+					threshold: slowRequestMs
+				});
+				return response;
+			});
+		});
+	};
+	async function runProxyPhase(req, method, path) {
+		try {
+			let proxyExport;
+			if (config.proxyLoader) proxyExport = (await config.proxyLoader()).default;
+			else proxyExport = config.proxy;
+			return await withSpan("timber.proxy", {}, () => runProxy(proxyExport, req, () => handleRequest(req, method, path)));
+		} catch (error) {
+			logProxyError({ error });
+			await fireOnRequestError(error, req, "proxy");
+			if (onPipelineError && error instanceof Error) onPipelineError(error, "proxy");
+			return new Response(null, { status: 500 });
+		}
+	}
+	async function handleRequest(req, method, path) {
+		const result = canonicalize(new URL(req.url).pathname, stripTrailingSlash);
+		if (!result.ok) return new Response(null, { status: result.status });
+		const canonicalPathname = result.pathname;
+		if (config.matchMetadataRoute) {
+			const metaMatch = config.matchMetadataRoute(canonicalPathname);
+			if (metaMatch) try {
+				const mod = await metaMatch.file.load();
+				if (typeof mod.default !== "function") return new Response("Metadata route must export a default function", { status: 500 });
+				const handlerResult = await mod.default();
+				if (handlerResult instanceof Response) return handlerResult;
+				const contentType = metaMatch.contentType;
+				let body;
+				if (typeof handlerResult === "string") body = handlerResult;
+				else if (contentType === "application/xml") body = serializeSitemap(handlerResult);
+				else if (contentType === "application/manifest+json") body = JSON.stringify(handlerResult, null, 2);
+				else body = typeof handlerResult === "string" ? handlerResult : String(handlerResult);
+				return new Response(body, {
+					status: 200,
+					headers: { "Content-Type": `${contentType}; charset=utf-8` }
+				});
+			} catch (error) {
+				logRenderError({
+					method,
+					path,
+					error
+				});
+				if (onPipelineError && error instanceof Error) onPipelineError(error, "metadata-route");
+				return new Response(null, { status: 500 });
+			}
+		}
+		let match = matchRoute(canonicalPathname);
+		let interception;
+		const sourceUrl = req.headers.get("X-Timber-URL");
+		if (sourceUrl && config.interceptionRewrites?.length) {
+			const intercepted = findInterceptionMatch(canonicalPathname, sourceUrl, config.interceptionRewrites);
+			if (intercepted) {
+				const sourceMatch = matchRoute(intercepted.sourcePathname);
+				if (sourceMatch) {
+					match = sourceMatch;
+					interception = { targetPathname: canonicalPathname };
+				}
+			}
+		}
+		if (!match) {
+			if (config.renderNoMatch) {
+				const responseHeaders = new Headers();
+				return config.renderNoMatch(req, responseHeaders);
+			}
+			return new Response(null, { status: 404 });
+		}
+		const responseHeaders = new Headers();
+		const requestHeaderOverlay = new Headers();
+		if (earlyHints) try {
+			await earlyHints(match, req, responseHeaders);
+		} catch {}
+		if (match.middleware) {
+			const ctx = {
+				req,
+				requestHeaders: requestHeaderOverlay,
+				headers: responseHeaders,
+				params: match.params,
+				searchParams: new URL(req.url).searchParams,
+				earlyHints: (hints) => {
+					for (const hint of hints) {
+						let value = `<${hint.href}>; rel=${hint.rel}`;
+						if (hint.as !== void 0) value += `; as=${hint.as}`;
+						if (hint.crossOrigin !== void 0) value += `; crossorigin=${hint.crossOrigin}`;
+						if (hint.fetchPriority !== void 0) value += `; fetchpriority=${hint.fetchPriority}`;
+						responseHeaders.append("Link", value);
+					}
+				}
+			};
+			try {
+				setMutableCookieContext(true);
+				const middlewareResponse = await withSpan("timber.middleware", {}, () => runMiddleware(match.middleware, ctx));
+				setMutableCookieContext(false);
+				if (middlewareResponse) {
+					applyCookieJar(middlewareResponse.headers);
+					logMiddlewareShortCircuit({
+						method,
+						path,
+						status: middlewareResponse.status
+					});
+					return middlewareResponse;
+				}
+				applyRequestHeaderOverlay(requestHeaderOverlay);
+			} catch (error) {
+				setMutableCookieContext(false);
+				if (error instanceof RedirectSignal) {
+					applyCookieJar(responseHeaders);
+					if ((req.headers.get("Accept") ?? "").includes("text/x-component")) {
+						responseHeaders.set("X-Timber-Redirect", error.location);
+						return new Response(null, {
+							status: 204,
+							headers: responseHeaders
+						});
+					}
+					responseHeaders.set("Location", error.location);
+					return new Response(null, {
+						status: error.status,
+						headers: responseHeaders
+					});
+				}
+				if (error instanceof DenySignal) return new Response(null, { status: error.status });
+				logMiddlewareError({
+					method,
+					path,
+					error
+				});
+				await fireOnRequestError(error, req, "handler");
+				if (onPipelineError && error instanceof Error) onPipelineError(error, "middleware");
+				return new Response(null, { status: 500 });
+			}
+		}
+		applyCookieJar(responseHeaders);
+		try {
+			const response = await withSpan("timber.render", { "http.route": canonicalPathname }, () => render(req, match, responseHeaders, requestHeaderOverlay, interception));
+			markResponseFlushed();
+			return response;
+		} catch (error) {
+			logRenderError({
+				method,
+				path,
+				error
+			});
+			await fireOnRequestError(error, req, "render");
+			if (onPipelineError && error instanceof Error) onPipelineError(error, "render");
+			return new Response(null, { status: 500 });
+		}
+	}
+}
+/**
+* Fire the user's onRequestError hook with request context.
+* Extracts request info from the Request object and calls the instrumentation hook.
+*/
+async function fireOnRequestError(error, req, phase) {
+	const url = new URL(req.url);
+	const headersObj = {};
+	req.headers.forEach((v, k) => {
+		headersObj[k] = v;
+	});
+	await callOnRequestError(error, {
+		method: req.method,
+		path: url.pathname,
+		headers: headersObj
+	}, {
+		phase,
+		routePath: url.pathname,
+		routeType: "page",
+		traceId: traceId()
+	});
+}
+/**
+* Check if an intercepting route applies for this soft navigation.
+*
+* Matches the target pathname against interception rewrites, constrained
+* by the source URL (X-Timber-URL header — where the user navigates FROM).
+*
+* Returns the source pathname to re-match if interception applies, or null.
+*/
+function findInterceptionMatch(targetPathname, sourceUrl, rewrites) {
+	for (const rewrite of rewrites) {
+		if (!sourceUrl.startsWith(rewrite.interceptingPrefix)) continue;
+		if (pathnameMatchesPattern(targetPathname, rewrite.interceptedPattern)) return { sourcePathname: rewrite.interceptingPrefix };
+	}
+	return null;
+}
+/**
+* Check if a pathname matches a URL pattern with dynamic segments.
+*
+* Supports [param] (single segment) and [...param] (one or more segments).
+* Static segments must match exactly.
+*/
+function pathnameMatchesPattern(pathname, pattern) {
+	const pathParts = pathname === "/" ? [] : pathname.slice(1).split("/");
+	const patternParts = pattern === "/" ? [] : pattern.slice(1).split("/");
+	let pi = 0;
+	for (let i = 0; i < patternParts.length; i++) {
+		const segment = patternParts[i];
+		if (segment.startsWith("[...") || segment.startsWith("[[...")) return pi < pathParts.length || segment.startsWith("[[...");
+		if (segment.startsWith("[") && segment.endsWith("]")) {
+			if (pi >= pathParts.length) return false;
+			pi++;
+			continue;
+		}
+		if (pi >= pathParts.length || pathParts[pi] !== segment) return false;
+		pi++;
+	}
+	return pi === pathParts.length;
+}
+/**
+* Apply all Set-Cookie headers from the cookie jar to a Headers object.
+* Each cookie gets its own Set-Cookie header per RFC 6265 §4.1.
+*/
+function applyCookieJar(headers) {
+	for (const value of getSetCookieHeaders()) headers.append("Set-Cookie", value);
+}
+/**
+* Serialize a sitemap array to XML.
+* Follows the sitemap.org protocol: https://www.sitemaps.org/protocol.html
+*/
+function serializeSitemap(entries) {
+	return `<?xml version="1.0" encoding="UTF-8"?>\n<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">\n${entries.map((e) => {
+		let xml = `  <url>\n    <loc>${escapeXml(e.url)}</loc>`;
+		if (e.lastModified) {
+			const date = e.lastModified instanceof Date ? e.lastModified.toISOString() : e.lastModified;
+			xml += `\n    <lastmod>${escapeXml(date)}</lastmod>`;
+		}
+		if (e.changeFrequency) xml += `\n    <changefreq>${escapeXml(e.changeFrequency)}</changefreq>`;
+		if (e.priority !== void 0) xml += `\n    <priority>${e.priority}</priority>`;
+		xml += "\n  </url>";
+		return xml;
+	}).join("\n")}\n</urlset>`;
+}
+/** Escape special XML characters. */
+function escapeXml(str) {
+	return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&apos;");
+}
+//#endregion
+//#region src/server/build-manifest.ts
+/**
+* Collect all CSS files needed for a matched route's segment chain.
+*
+* Walks segments root → leaf, collecting CSS for each layout and page.
+* Deduplicates while preserving order (root layout CSS first).
+*/
+function collectRouteCss(segments, manifest) {
+	const seen = /* @__PURE__ */ new Set();
+	const result = [];
+	for (const segment of segments) for (const file of [segment.layout, segment.page]) {
+		if (!file) continue;
+		const cssFiles = manifest.css[file.filePath];
+		if (!cssFiles) continue;
+		for (const url of cssFiles) if (!seen.has(url)) {
+			seen.add(url);
+			result.push(url);
+		}
+	}
+	return result;
+}
+/**
+* Collect all font entries needed for a matched route's segment chain.
+*
+* Walks segments root → leaf, collecting fonts for each layout and page.
+* Deduplicates by href while preserving order.
+*/
+function collectRouteFonts(segments, manifest) {
+	const seen = /* @__PURE__ */ new Set();
+	const result = [];
+	for (const segment of segments) for (const file of [segment.layout, segment.page]) {
+		if (!file) continue;
+		const fonts = manifest.fonts[file.filePath];
+		if (!fonts) continue;
+		for (const entry of fonts) if (!seen.has(entry.href)) {
+			seen.add(entry.href);
+			result.push(entry);
+		}
+	}
+	return result;
+}
+/**
+* Collect modulepreload URLs for a matched route's segment chain.
+*
+* Walks segments root → leaf, collecting transitive JS dependencies
+* for each layout and page. Deduplicates across segments.
+*/
+function collectRouteModulepreloads(segments, manifest) {
+	const seen = /* @__PURE__ */ new Set();
+	const result = [];
+	for (const segment of segments) for (const file of [segment.layout, segment.page]) {
+		if (!file) continue;
+		const preloads = manifest.modulepreload[file.filePath];
+		if (!preloads) continue;
+		for (const url of preloads) if (!seen.has(url)) {
+			seen.add(url);
+			result.push(url);
+		}
+	}
+	return result;
+}
+//#endregion
+//#region src/server/early-hints.ts
+/**
+* 103 Early Hints utilities.
+*
+* Early Hints are sent before the final response to let the browser
+* start fetching critical resources (CSS, fonts, JS) while the server
+* is still rendering.
+*
+* The framework collects hints from two sources:
+* 1. Build manifest — CSS, fonts, and JS chunks known at route-match time
+* 2. ctx.earlyHints() — explicit hints added by middleware or route handlers
+*
+* Both are emitted as Link headers. Cloudflare CDN automatically converts
+* Link headers into 103 Early Hints responses.
+*
+* Design docs: 02-rendering-pipeline.md §"Early Hints (103)"
+*/
+/**
+* Format a single EarlyHint as a Link header value.
+*
+* Examples:
+*   `</styles/root.css>; rel=preload; as=style`
+*   `</fonts/inter.woff2>; rel=preload; as=font; crossorigin=anonymous`
+*   `</_timber/client.js>; rel=modulepreload`
+*   `<https://fonts.googleapis.com>; rel=preconnect`
+*/
+function formatLinkHeader(hint) {
+	let value = `<${hint.href}>; rel=${hint.rel}`;
+	if (hint.as !== void 0) value += `; as=${hint.as}`;
+	if (hint.crossOrigin !== void 0) value += `; crossorigin=${hint.crossOrigin}`;
+	if (hint.fetchPriority !== void 0) value += `; fetchpriority=${hint.fetchPriority}`;
+	return value;
+}
+/**
+* Collect all Link header strings for a matched route's segment chain.
+*
+* Walks the build manifest to emit hints for:
+* - CSS stylesheets (rel=preload; as=style)
+* - Font assets (rel=preload; as=font; crossorigin)
+* - JS modulepreload hints (rel=modulepreload) — unless skipJs is set
+*
+* Also emits global CSS from the `_global` manifest key. Route files
+* are server components that don't appear in the client bundle, so
+* per-route CSS keying doesn't work with the RSC plugin. The `_global`
+* key contains all CSS assets from the client build — fine for early
+* hints since they're just prefetch signals.
+*
+* Returns formatted Link header strings, deduplicated, root → leaf order.
+* Returns an empty array in dev mode (manifest is empty).
+*/
+function collectEarlyHintHeaders(segments, manifest, options) {
+	const result = [];
+	const seen = /* @__PURE__ */ new Set();
+	const add = (header) => {
+		if (!seen.has(header)) {
+			seen.add(header);
+			result.push(header);
+		}
+	};
+	for (const url of collectRouteCss(segments, manifest)) add(formatLinkHeader({
+		href: url,
+		rel: "preload",
+		as: "style"
+	}));
+	for (const url of manifest.css["_global"] ?? []) add(formatLinkHeader({
+		href: url,
+		rel: "preload",
+		as: "style"
+	}));
+	for (const font of collectRouteFonts(segments, manifest)) add(formatLinkHeader({
+		href: font.href,
+		rel: "preload",
+		as: "font",
+		crossOrigin: "anonymous"
+	}));
+	if (!options?.skipJs) for (const url of collectRouteModulepreloads(segments, manifest)) add(formatLinkHeader({
+		href: url,
+		rel: "modulepreload"
+	}));
+	return result;
+}
+//#endregion
+//#region src/server/early-hints-sender.ts
+/**
+* Per-request 103 Early Hints sender — ALS bridge for platform adapters.
+*
+* The pipeline collects Link headers for CSS, fonts, and JS chunks at
+* route-match time. On platforms that support it (Node.js v18.11+, Bun),
+* the adapter can send these as a 103 Early Hints interim response before
+* the final response is ready.
+*
+* This module provides an ALS-based bridge: the generated entry point
+* (e.g., the Nitro entry) wraps the handler with `runWithEarlyHintsSender`,
+* binding a per-request sender function. The pipeline calls
+* `sendEarlyHints103()` to fire the 103 if a sender is available.
+*
+* On platforms where 103 is handled at the CDN level (e.g., Cloudflare
+* converts Link headers into 103 automatically), no sender is installed
+* and `sendEarlyHints103()` is a no-op.
+*
+* Design doc: 02-rendering-pipeline.md §"Early Hints (103)"
+*/
+var earlyHintsSenderAls = new AsyncLocalStorage();
+/**
+* Run a function with a per-request early hints sender installed.
+*
+* Called by generated entry points (e.g., Nitro node-server/bun) to
+* bind the platform's writeEarlyHints capability for the request duration.
+*/
+function runWithEarlyHintsSender(sender, fn) {
+	return earlyHintsSenderAls.run(sender, fn);
+}
+/**
+* Send collected Link headers as a 103 Early Hints response.
+*
+* No-op if no sender is installed for the current request (e.g., on
+* Cloudflare where the CDN handles 103 automatically, or in dev mode).
+*
+* Non-fatal: errors from the sender are caught and silently ignored.
+*/
+function sendEarlyHints103(links) {
+	if (!links.length) return;
+	const sender = earlyHintsSenderAls.getStore();
+	if (!sender) return;
+	try {
+		sender(links);
+	} catch {}
+}
+//#endregion
+//#region src/server/tree-builder.ts
+/**
+* Build the unified element tree from a matched segment chain.
+*
+* Construction is bottom-up:
+*   1. Start with the page component (leaf segment)
+*   2. Wrap in status-code error boundaries (fallback chain)
+*   3. Wrap in AccessGate (if segment has access.ts)
+*   4. Pass as children to the segment's layout
+*   5. Repeat up the segment chain to root
+*
+* Parallel slots are resolved at each layout level and composed as named props.
+*/
+async function buildElementTree(config) {
+	const { segments, params, searchParams, loadModule, createElement } = config;
+	if (segments.length === 0) throw new Error("[timber] buildElementTree: empty segment chain");
+	const leaf = segments[segments.length - 1];
+	if (leaf.route && !leaf.page) return {
+		tree: null,
+		isApiRoute: true
+	};
+	const PageComponent = (leaf.page ? await loadModule(leaf.page) : null)?.default;
+	if (!PageComponent) throw new Error(`[timber] No page component found for route at ${leaf.urlPath}. Each route must have a page.tsx or route.ts.`);
+	let element = createElement(PageComponent, {
+		params,
+		searchParams
+	});
+	for (let i = segments.length - 1; i >= 0; i--) {
+		const segment = segments[i];
+		element = await wrapWithErrorBoundaries(segment, element, loadModule, createElement);
+		if (segment.access) {
+			const accessFn = (await loadModule(segment.access)).default;
+			element = createElement("timber:access-gate", {
+				accessFn,
+				params,
+				searchParams,
+				segmentName: segment.segmentName,
+				children: element
+			});
+		}
+		if (segment.layout) {
+			const LayoutComponent = (await loadModule(segment.layout)).default;
+			if (LayoutComponent) {
+				const slotProps = {};
+				if (segment.slots.size > 0) for (const [slotName, slotNode] of segment.slots) slotProps[slotName] = await buildSlotElement(slotNode, params, searchParams, loadModule, createElement);
+				element = createElement(LayoutComponent, {
+					...slotProps,
+					params,
+					searchParams,
+					children: element
+				});
+			}
+		}
+	}
+	return {
+		tree: element,
+		isApiRoute: false
+	};
+}
+/**
+* Build the element tree for a parallel slot.
+*
+* Slots have their own access.ts (SlotAccessGate) and error boundaries.
+* On access denial: denied.tsx → default.tsx → null (graceful degradation).
+*/
+async function buildSlotElement(slotNode, params, searchParams, loadModule, createElement) {
+	const PageComponent = (slotNode.page ? await loadModule(slotNode.page) : null)?.default;
+	const DefaultComponent = (slotNode.default ? await loadModule(slotNode.default) : null)?.default;
+	if (!PageComponent) return DefaultComponent ? createElement(DefaultComponent, {
+		params,
+		searchParams
+	}) : null;
+	let element = createElement(PageComponent, {
+		params,
+		searchParams
+	});
+	element = await wrapWithErrorBoundaries(slotNode, element, loadModule, createElement);
+	if (slotNode.access) {
+		const accessFn = (await loadModule(slotNode.access)).default;
+		const DeniedComponent = (slotNode.denied ? await loadModule(slotNode.denied) : null)?.default;
+		element = createElement("timber:slot-access-gate", {
+			accessFn,
+			params,
+			searchParams,
+			deniedFallback: DeniedComponent ? createElement(DeniedComponent, {
+				slot: slotNode.segmentName.replace(/^@/, ""),
+				dangerouslyPassData: void 0
+			}) : null,
+			defaultFallback: DefaultComponent ? createElement(DefaultComponent, {
+				params,
+				searchParams
+			}) : null,
+			children: element
+		});
+	}
+	return element;
+}
+/**
+* Wrap an element with error boundaries from a segment's status-code files.
+*
+* Wrapping order (innermost to outermost):
+*   1. Specific status files (503.tsx, 429.tsx, etc.)
+*   2. Category catch-alls (4xx.tsx, 5xx.tsx)
+*   3. error.tsx (general error boundary)
+*
+* This creates the fallback chain described in design/10-error-handling.md.
+*/
+async function wrapWithErrorBoundaries(segment, element, loadModule, createElement) {
+	if (segment.statusFiles) {
+		for (const [key, file] of segment.statusFiles) if (key !== "4xx" && key !== "5xx") {
+			const status = parseInt(key, 10);
+			if (!isNaN(status)) {
+				const Component = (await loadModule(file)).default;
+				if (Component) element = createElement(TimberErrorBoundary, {
+					fallbackComponent: Component,
+					status,
+					children: element
+				});
+			}
+		}
+		for (const [key, file] of segment.statusFiles) if (key === "4xx" || key === "5xx") {
+			const Component = (await loadModule(file)).default;
+			if (Component) element = createElement(TimberErrorBoundary, {
+				fallbackComponent: Component,
+				status: key === "4xx" ? 400 : 500,
+				children: element
+			});
+		}
+	}
+	if (segment.error) {
+		const ErrorComponent = (await loadModule(segment.error)).default;
+		if (ErrorComponent) element = createElement(TimberErrorBoundary, {
+			fallbackComponent: ErrorComponent,
+			children: element
+		});
+	}
+	return element;
+}
+//#endregion
+//#region src/server/access-gate.tsx
+/**
+* AccessGate and SlotAccessGate — framework-injected async server components.
+*
+* AccessGate wraps each segment's layout in the element tree. It calls the
+* segment's access.ts before the layout renders. If access.ts calls deny()
+* or redirect(), the signal propagates as a render-phase throw — caught by
+* the flush controller to produce the correct HTTP status code.
+*
+* SlotAccessGate wraps parallel slot content. On denial, it renders the
+* graceful degradation chain: denied.tsx → default.tsx → null. Slot denial
+* does not affect the HTTP status code.
+*
+* See design/04-authorization.md and design/02-rendering-pipeline.md §"AccessGate"
+*/
+/**
+* Framework-injected access gate for segments.
+*
+* When a pre-computed `verdict` prop is provided (from the pre-render pass
+* in route-element-builder.ts), AccessGate replays it synchronously — no
+* async, no re-execution of access.ts, immune to Suspense timing. The OTEL
+* span was already emitted during the pre-render pass.
+*
+* When no verdict is provided (backward compat with tree-builder.ts),
+* AccessGate calls accessFn directly with OTEL instrumentation.
+*
+* access.ts is a pure gate — return values are discarded. The layout below
+* gets the same data by calling the same cached functions (React.cache dedup).
+*/
+function AccessGate(props) {
+	const { accessFn, params, searchParams, segmentName, verdict, children } = props;
+	if (verdict !== void 0) {
+		if (verdict === "pass") return children;
+		throw verdict;
+	}
+	return accessGateFallback(accessFn, params, searchParams, segmentName, children);
+}
+/**
+* Async fallback for AccessGate when no pre-computed verdict is available.
+* Calls accessFn with OTEL instrumentation.
+*/
+async function accessGateFallback(accessFn, params, searchParams, segmentName, children) {
+	await withSpan("timber.access", { "timber.segment": segmentName ?? "unknown" }, async () => {
+		try {
+			await accessFn({
+				params,
+				searchParams
+			});
+			await setSpanAttribute("timber.result", "pass");
+		} catch (error) {
+			if (error instanceof DenySignal) {
+				await setSpanAttribute("timber.result", "deny");
+				await setSpanAttribute("timber.deny_status", error.status);
+				if (error.sourceFile) await setSpanAttribute("timber.deny_file", error.sourceFile);
+			} else if (error instanceof RedirectSignal) await setSpanAttribute("timber.result", "redirect");
+			throw error;
+		}
+	});
+	return children;
+}
+/**
+* Framework-injected access gate for parallel slots.
+*
+* On denial, graceful degradation: denied.tsx → default.tsx → null.
+* The HTTP status code is unaffected — slot denial is a UI concern, not
+* a protocol concern. The parent layout and sibling slots still render.
+*
+* redirect() in slot access.ts is a dev-mode error — redirecting from a
+* slot doesn't make architectural sense.
+*/
+async function SlotAccessGate(props) {
+	const { accessFn, params, searchParams, deniedFallback, defaultFallback, children } = props;
+	try {
+		await accessFn({
+			params,
+			searchParams
+		});
+	} catch (error) {
+		if (error instanceof DenySignal) return deniedFallback ?? defaultFallback ?? null;
+		if (error instanceof RedirectSignal) {
+			if (process.env.NODE_ENV !== "production") console.error("[timber] redirect() is not allowed in slot access.ts. Slots use deny() for graceful degradation — denied.tsx → default.tsx → null. If you need to redirect, move the logic to the parent segment's access.ts.");
+			return deniedFallback ?? defaultFallback ?? null;
+		}
+		if (process.env.NODE_ENV !== "production") console.warn("[timber] Unhandled error in slot access.ts. Use deny() for access control, not unhandled throws.", error);
+		throw error;
+	}
+	return children;
+}
+//#endregion
+//#region src/server/status-code-resolver.ts
+/**
+* Maps legacy file convention names to their corresponding HTTP status codes.
+* Only used in the 4xx component fallback chain.
+*/
+var LEGACY_FILE_TO_STATUS = {
+	"not-found": 404,
+	"forbidden": 403,
+	"unauthorized": 401
+};
+/**
+* Resolve the status-code file to render for a given HTTP status code.
+*
+* Walks the segment chain from leaf to root following the fallback chain
+* defined in design/10-error-handling.md. Returns null if no file is found
+* (caller should render the framework default).
+*
+* @param status - The HTTP status code (4xx or 5xx).
+* @param segments - The matched segment chain from root (index 0) to leaf (last).
+* @param format - The response format family ('component' or 'json'). Defaults to 'component'.
+*/
+function resolveStatusFile(status, segments, format = "component") {
+	if (status >= 400 && status <= 499) return format === "json" ? resolve4xxJson(status, segments) : resolve4xx(status, segments);
+	if (status >= 500 && status <= 599) return format === "json" ? resolve5xxJson(status, segments) : resolve5xx(status, segments);
+	return null;
+}
+/**
+* 4xx component fallback chain (three separate passes):
+*   Pass 1 — status files (leaf → root): {status}.tsx → 4xx.tsx
+*   Pass 2 — legacy compat (leaf → root): not-found.tsx / forbidden.tsx / unauthorized.tsx
+*   Pass 3 — error.tsx (leaf → root)
+*/
+function resolve4xx(status, segments) {
+	const statusStr = String(status);
+	for (let i = segments.length - 1; i >= 0; i--) {
+		const segment = segments[i];
+		if (!segment.statusFiles) continue;
+		const exact = segment.statusFiles.get(statusStr);
+		if (exact) return {
+			file: exact,
+			status,
+			kind: "exact",
+			segmentIndex: i
+		};
+		const category = segment.statusFiles.get("4xx");
+		if (category) return {
+			file: category,
+			status,
+			kind: "category",
+			segmentIndex: i
+		};
+	}
+	for (let i = segments.length - 1; i >= 0; i--) {
+		const segment = segments[i];
+		if (!segment.legacyStatusFiles) continue;
+		for (const [name, legacyStatus] of Object.entries(LEGACY_FILE_TO_STATUS)) if (legacyStatus === status) {
+			const file = segment.legacyStatusFiles.get(name);
+			if (file) return {
+				file,
+				status,
+				kind: "legacy",
+				segmentIndex: i
+			};
+		}
+	}
+	for (let i = segments.length - 1; i >= 0; i--) if (segments[i].error) return {
+		file: segments[i].error,
+		status,
+		kind: "error",
+		segmentIndex: i
+	};
+	return null;
+}
+/**
+* 4xx JSON fallback chain (single pass):
+*   Pass 1 — json status files (leaf → root): {status}.json → 4xx.json
+*   No legacy compat, no error.tsx — JSON chain terminates at category catch-all.
+*/
+function resolve4xxJson(status, segments) {
+	const statusStr = String(status);
+	for (let i = segments.length - 1; i >= 0; i--) {
+		const segment = segments[i];
+		if (!segment.jsonStatusFiles) continue;
+		const exact = segment.jsonStatusFiles.get(statusStr);
+		if (exact) return {
+			file: exact,
+			status,
+			kind: "exact",
+			segmentIndex: i
+		};
+		const category = segment.jsonStatusFiles.get("4xx");
+		if (category) return {
+			file: category,
+			status,
+			kind: "category",
+			segmentIndex: i
+		};
+	}
+	return null;
+}
+/**
+* 5xx component fallback chain (single pass, per-segment):
+*   At each segment (leaf → root): {status}.tsx → 5xx.tsx → error.tsx
+*/
+function resolve5xx(status, segments) {
+	const statusStr = String(status);
+	for (let i = segments.length - 1; i >= 0; i--) {
+		const segment = segments[i];
+		if (segment.statusFiles) {
+			const exact = segment.statusFiles.get(statusStr);
+			if (exact) return {
+				file: exact,
+				status,
+				kind: "exact",
+				segmentIndex: i
+			};
+			const category = segment.statusFiles.get("5xx");
+			if (category) return {
+				file: category,
+				status,
+				kind: "category",
+				segmentIndex: i
+			};
+		}
+		if (segment.error) return {
+			file: segment.error,
+			status,
+			kind: "error",
+			segmentIndex: i
+		};
+	}
+	return null;
+}
+/**
+* 5xx JSON fallback chain (single pass):
+*   At each segment (leaf → root): {status}.json → 5xx.json
+*   No error.tsx equivalent — JSON chain terminates at category catch-all.
+*/
+function resolve5xxJson(status, segments) {
+	const statusStr = String(status);
+	for (let i = segments.length - 1; i >= 0; i--) {
+		const segment = segments[i];
+		if (!segment.jsonStatusFiles) continue;
+		const exact = segment.jsonStatusFiles.get(statusStr);
+		if (exact) return {
+			file: exact,
+			status,
+			kind: "exact",
+			segmentIndex: i
+		};
+		const category = segment.jsonStatusFiles.get("5xx");
+		if (category) return {
+			file: category,
+			status,
+			kind: "category",
+			segmentIndex: i
+		};
+	}
+	return null;
+}
+/**
+* Resolve the denial file for a parallel route slot.
+*
+* Slot denial is graceful degradation — no HTTP status on the wire.
+* Fallback chain: denied.tsx → default.tsx → null.
+*
+* @param slotNode - The segment node for the slot (segmentType === 'slot').
+*/
+function resolveSlotDenied(slotNode) {
+	const slotName = slotNode.segmentName.replace(/^@/, "");
+	if (slotNode.denied) return {
+		file: slotNode.denied,
+		slotName,
+		kind: "denied"
+	};
+	if (slotNode.default) return {
+		file: slotNode.default,
+		slotName,
+		kind: "default"
+	};
+	return null;
+}
+//#endregion
+//#region src/server/flush.ts
+/**
+* Flush controller for timber.js rendering.
+*
+* Holds the response until `onShellReady` fires, then commits the HTTP status
+* code and flushes the shell. Render-phase signals (deny, redirect, unhandled
+* throws) caught before flush produce correct HTTP status codes.
+*
+* See design/02-rendering-pipeline.md §"The Flush Point" and §"The Hold Window"
+*/
+/**
+* Execute a render and hold the response until the shell is ready.
+*
+* The flush controller:
+* 1. Calls the render function to start renderToReadableStream
+* 2. Waits for shellReady (onShellReady)
+* 3. If a render-phase signal was thrown (deny, redirect, error), produces
+*    the correct HTTP status code
+* 4. If the shell rendered successfully, commits the status and streams
+*
+* Render-phase signals caught before flush:
+* - `DenySignal` → HTTP 4xx with appropriate status code
+* - `RedirectSignal` → HTTP 3xx with Location header
+* - `RenderError` → HTTP status from error (default 500)
+* - Unhandled error → HTTP 500
+*
+* @param renderFn - Function that starts the React render.
+* @param options - Flush configuration.
+* @returns The committed HTTP Response.
+*/
+async function flushResponse(renderFn, options = {}) {
+	const { responseHeaders = new Headers(), defaultStatus = 200 } = options;
+	let renderResult;
+	try {
+		renderResult = await renderFn();
+	} catch (error) {
+		return handleSignal(error, responseHeaders);
+	}
+	try {
+		await renderResult.shellReady;
+	} catch (error) {
+		return handleSignal(error, responseHeaders);
+	}
+	responseHeaders.set("Content-Type", "text/html; charset=utf-8");
+	return {
+		response: new Response(renderResult.stream, {
+			status: defaultStatus,
+			headers: responseHeaders
+		}),
+		status: defaultStatus,
+		isRedirect: false,
+		isDenial: false
+	};
+}
+/**
+* Handle a render-phase signal and produce the correct HTTP response.
+*/
+function handleSignal(error, responseHeaders) {
+	if (error instanceof RedirectSignal) {
+		responseHeaders.set("Location", error.location);
+		return {
+			response: new Response(null, {
+				status: error.status,
+				headers: responseHeaders
+			}),
+			status: error.status,
+			isRedirect: true,
+			isDenial: false
+		};
+	}
+	if (error instanceof DenySignal) return {
+		response: new Response(null, {
+			status: error.status,
+			headers: responseHeaders
+		}),
+		status: error.status,
+		isRedirect: false,
+		isDenial: true
+	};
+	if (error instanceof RenderError) return {
+		response: new Response(null, {
+			status: error.status,
+			headers: responseHeaders
+		}),
+		status: error.status,
+		isRedirect: false,
+		isDenial: false
+	};
+	console.error("[timber] Unhandled render-phase error:", error);
+	return {
+		response: new Response(null, {
+			status: 500,
+			headers: responseHeaders
+		}),
+		status: 500,
+		isRedirect: false,
+		isDenial: false
+	};
+}
+//#endregion
+//#region src/server/csrf.ts
+/** HTTP methods that are considered safe (no mutation). */
+var SAFE_METHODS = new Set([
+	"GET",
+	"HEAD",
+	"OPTIONS"
+]);
+/**
+* Validate the Origin header against the request's Host.
+*
+* For mutation methods (POST, PUT, PATCH, DELETE):
+* - If `csrf: false`, skip validation.
+* - If `allowedOrigins` is set, Origin must match one exactly (no wildcards).
+* - Otherwise, Origin's host must match the request's Host header.
+*
+* Safe methods (GET, HEAD, OPTIONS) always pass.
+*/
+function validateCsrf(req, config) {
+	if (SAFE_METHODS.has(req.method)) return { ok: true };
+	if (config.csrf === false) return { ok: true };
+	const origin = req.headers.get("Origin");
+	if (!origin) return {
+		ok: false,
+		status: 403
+	};
+	if (config.allowedOrigins) return config.allowedOrigins.includes(origin) ? { ok: true } : {
+		ok: false,
+		status: 403
+	};
+	const host = req.headers.get("Host");
+	if (!host) return {
+		ok: false,
+		status: 403
+	};
+	let originHost;
+	try {
+		originHost = new URL(origin).host;
+	} catch {
+		return {
+			ok: false,
+			status: 403
+		};
+	}
+	return originHost === host ? { ok: true } : {
+		ok: false,
+		status: 403
+	};
+}
+//#endregion
+//#region src/server/body-limits.ts
+var KB = 1024;
+var MB = 1024 * KB;
+var GB = 1024 * MB;
+var DEFAULT_LIMITS = {
+	actionBodySize: 1 * MB,
+	uploadBodySize: 10 * MB,
+	maxFields: 100
+};
+var SIZE_PATTERN = /^(\d+(?:\.\d+)?)\s*(kb|mb|gb)?$/i;
+/** Parse a human-readable size string ("1mb", "512kb", "1024") into bytes. */
+function parseBodySize(size) {
+	const match = SIZE_PATTERN.exec(size.trim());
+	if (!match) throw new Error(`Invalid body size format: "${size}". Expected format like "1mb", "512kb", or "1024".`);
+	const value = Number.parseFloat(match[1]);
+	const unit = (match[2] ?? "").toLowerCase();
+	switch (unit) {
+		case "kb": return Math.floor(value * KB);
+		case "mb": return Math.floor(value * MB);
+		case "gb": return Math.floor(value * GB);
+		case "": return Math.floor(value);
+		default: throw new Error(`Unknown size unit: "${unit}"`);
+	}
+}
+/** Check whether a request body exceeds the configured size limit (stateless, no ALS). */
+function enforceBodyLimits(req, kind, config) {
+	const contentLength = req.headers.get("Content-Length");
+	if (!contentLength) return {
+		ok: false,
+		status: 411
+	};
+	const bodySize = Number.parseInt(contentLength, 10);
+	if (Number.isNaN(bodySize)) return {
+		ok: false,
+		status: 411
+	};
+	return bodySize <= resolveLimit(kind, config) ? { ok: true } : {
+		ok: false,
+		status: 413
+	};
+}
+/**
+* Resolve the byte limit for a given body kind, using config overrides or defaults.
+*/
+function resolveLimit(kind, config) {
+	const userLimits = config.limits;
+	if (kind === "action") return userLimits?.actionBodySize ? parseBodySize(userLimits.actionBodySize) : DEFAULT_LIMITS.actionBodySize;
+	return userLimits?.uploadBodySize ? parseBodySize(userLimits.uploadBodySize) : DEFAULT_LIMITS.uploadBodySize;
+}
+//#endregion
+//#region src/server/metadata-render.ts
+/**
+* Convert resolved metadata into an array of head element descriptors.
+*
+* Each descriptor has a `tag` ('title', 'meta', 'link') and either
+* `content` (for <title>) or `attrs` (for <meta>/<link>).
+*
+* The framework's MetadataResolver component consumes these descriptors
+* and renders them into the <head>.
+*/
+function renderMetadataToElements(metadata) {
+	const elements = [];
+	if (typeof metadata.title === "string") elements.push({
+		tag: "title",
+		content: metadata.title
+	});
+	const simpleMetaProps = [
+		["description", metadata.description],
+		["generator", metadata.generator],
+		["application-name", metadata.applicationName],
+		["referrer", metadata.referrer],
+		["category", metadata.category],
+		["creator", metadata.creator],
+		["publisher", metadata.publisher]
+	];
+	for (const [name, content] of simpleMetaProps) if (content) elements.push({
+		tag: "meta",
+		attrs: {
+			name,
+			content
+		}
+	});
+	if (metadata.keywords) {
+		const content = Array.isArray(metadata.keywords) ? metadata.keywords.join(", ") : metadata.keywords;
+		elements.push({
+			tag: "meta",
+			attrs: {
+				name: "keywords",
+				content
+			}
+		});
+	}
+	if (metadata.robots) {
+		const content = typeof metadata.robots === "string" ? metadata.robots : renderRobotsObject(metadata.robots);
+		elements.push({
+			tag: "meta",
+			attrs: {
+				name: "robots",
+				content
+			}
+		});
+		if (typeof metadata.robots === "object" && metadata.robots.googleBot) {
+			const gbContent = typeof metadata.robots.googleBot === "string" ? metadata.robots.googleBot : renderRobotsObject(metadata.robots.googleBot);
+			elements.push({
+				tag: "meta",
+				attrs: {
+					name: "googlebot",
+					content: gbContent
+				}
+			});
+		}
+	}
+	if (metadata.openGraph) renderOpenGraph(metadata.openGraph, elements);
+	if (metadata.twitter) renderTwitter(metadata.twitter, elements);
+	if (metadata.icons) renderIcons(metadata.icons, elements);
+	if (metadata.manifest) elements.push({
+		tag: "link",
+		attrs: {
+			rel: "manifest",
+			href: metadata.manifest
+		}
+	});
+	if (metadata.alternates) renderAlternates(metadata.alternates, elements);
+	if (metadata.verification) renderVerification(metadata.verification, elements);
+	if (metadata.formatDetection) {
+		const parts = [];
+		if (metadata.formatDetection.telephone === false) parts.push("telephone=no");
+		if (metadata.formatDetection.email === false) parts.push("email=no");
+		if (metadata.formatDetection.address === false) parts.push("address=no");
+		if (parts.length > 0) elements.push({
+			tag: "meta",
+			attrs: {
+				name: "format-detection",
+				content: parts.join(", ")
+			}
+		});
+	}
+	if (metadata.authors) {
+		const authorList = Array.isArray(metadata.authors) ? metadata.authors : [metadata.authors];
+		for (const author of authorList) {
+			if (author.name) elements.push({
+				tag: "meta",
+				attrs: {
+					name: "author",
+					content: author.name
+				}
+			});
+			if (author.url) elements.push({
+				tag: "link",
+				attrs: {
+					rel: "author",
+					href: author.url
+				}
+			});
+		}
+	}
+	if (metadata.appleWebApp) renderAppleWebApp(metadata.appleWebApp, elements);
+	if (metadata.appLinks) renderAppLinks(metadata.appLinks, elements);
+	if (metadata.itunes) renderItunes(metadata.itunes, elements);
+	if (metadata.other) for (const [name, value] of Object.entries(metadata.other)) {
+		const content = Array.isArray(value) ? value.join(", ") : value;
+		elements.push({
+			tag: "meta",
+			attrs: {
+				name,
+				content
+			}
+		});
+	}
+	return elements;
+}
+function renderRobotsObject(robots) {
+	const parts = [];
+	if (robots.index === true) parts.push("index");
+	if (robots.index === false) parts.push("noindex");
+	if (robots.follow === true) parts.push("follow");
+	if (robots.follow === false) parts.push("nofollow");
+	return parts.join(", ");
+}
+function renderOpenGraph(og, elements) {
+	const simpleProps = [
+		["og:title", og.title],
+		["og:description", og.description],
+		["og:url", og.url],
+		["og:site_name", og.siteName],
+		["og:locale", og.locale],
+		["og:type", og.type],
+		["og:article:published_time", og.publishedTime],
+		["og:article:modified_time", og.modifiedTime]
+	];
+	for (const [property, content] of simpleProps) if (content) elements.push({
+		tag: "meta",
+		attrs: {
+			property,
+			content
+		}
+	});
+	if (og.images) if (typeof og.images === "string") elements.push({
+		tag: "meta",
+		attrs: {
+			property: "og:image",
+			content: og.images
+		}
+	});
+	else {
+		const imgList = Array.isArray(og.images) ? og.images : [og.images];
+		for (const img of imgList) {
+			elements.push({
+				tag: "meta",
+				attrs: {
+					property: "og:image",
+					content: img.url
+				}
+			});
+			if (img.width) elements.push({
+				tag: "meta",
+				attrs: {
+					property: "og:image:width",
+					content: String(img.width)
+				}
+			});
+			if (img.height) elements.push({
+				tag: "meta",
+				attrs: {
+					property: "og:image:height",
+					content: String(img.height)
+				}
+			});
+			if (img.alt) elements.push({
+				tag: "meta",
+				attrs: {
+					property: "og:image:alt",
+					content: img.alt
+				}
+			});
+		}
+	}
+	if (og.videos) for (const video of og.videos) elements.push({
+		tag: "meta",
+		attrs: {
+			property: "og:video",
+			content: video.url
+		}
+	});
+	if (og.audio) for (const audio of og.audio) elements.push({
+		tag: "meta",
+		attrs: {
+			property: "og:audio",
+			content: audio.url
+		}
+	});
+	if (og.authors) for (const author of og.authors) elements.push({
+		tag: "meta",
+		attrs: {
+			property: "og:article:author",
+			content: author
+		}
+	});
+}
+function renderTwitter(tw, elements) {
+	const simpleProps = [
+		["twitter:card", tw.card],
+		["twitter:site", tw.site],
+		["twitter:site:id", tw.siteId],
+		["twitter:title", tw.title],
+		["twitter:description", tw.description],
+		["twitter:creator", tw.creator],
+		["twitter:creator:id", tw.creatorId]
+	];
+	for (const [name, content] of simpleProps) if (content) elements.push({
+		tag: "meta",
+		attrs: {
+			name,
+			content
+		}
+	});
+	if (tw.images) if (typeof tw.images === "string") elements.push({
+		tag: "meta",
+		attrs: {
+			name: "twitter:image",
+			content: tw.images
+		}
+	});
+	else {
+		const imgList = Array.isArray(tw.images) ? tw.images : [tw.images];
+		for (const img of imgList) {
+			const url = typeof img === "string" ? img : img.url;
+			elements.push({
+				tag: "meta",
+				attrs: {
+					name: "twitter:image",
+					content: url
+				}
+			});
+		}
+	}
+	if (tw.players) for (const player of tw.players) {
+		elements.push({
+			tag: "meta",
+			attrs: {
+				name: "twitter:player",
+				content: player.playerUrl
+			}
+		});
+		if (player.width) elements.push({
+			tag: "meta",
+			attrs: {
+				name: "twitter:player:width",
+				content: String(player.width)
+			}
+		});
+		if (player.height) elements.push({
+			tag: "meta",
+			attrs: {
+				name: "twitter:player:height",
+				content: String(player.height)
+			}
+		});
+		if (player.streamUrl) elements.push({
+			tag: "meta",
+			attrs: {
+				name: "twitter:player:stream",
+				content: player.streamUrl
+			}
+		});
+	}
+	if (tw.app) {
+		const platforms = [
+			["iPhone", "iphone"],
+			["iPad", "ipad"],
+			["googlePlay", "googleplay"]
+		];
+		if (tw.app.name) {
+			for (const [key, tag] of platforms) if (tw.app.id?.[key]) elements.push({
+				tag: "meta",
+				attrs: {
+					name: `twitter:app:name:${tag}`,
+					content: tw.app.name
+				}
+			});
+		}
+		for (const [key, tag] of platforms) {
+			const id = tw.app.id?.[key];
+			if (id) elements.push({
+				tag: "meta",
+				attrs: {
+					name: `twitter:app:id:${tag}`,
+					content: id
+				}
+			});
+		}
+		for (const [key, tag] of platforms) {
+			const url = tw.app.url?.[key];
+			if (url) elements.push({
+				tag: "meta",
+				attrs: {
+					name: `twitter:app:url:${tag}`,
+					content: url
+				}
+			});
+		}
+	}
+}
+function renderIcons(icons, elements) {
+	if (icons.icon) {
+		if (typeof icons.icon === "string") elements.push({
+			tag: "link",
+			attrs: {
+				rel: "icon",
+				href: icons.icon
+			}
+		});
+		else if (Array.isArray(icons.icon)) for (const icon of icons.icon) {
+			const attrs = {
+				rel: "icon",
+				href: icon.url
+			};
+			if (icon.sizes) attrs.sizes = icon.sizes;
+			if (icon.type) attrs.type = icon.type;
+			elements.push({
+				tag: "link",
+				attrs
+			});
+		}
+	}
+	if (icons.shortcut) {
+		const urls = Array.isArray(icons.shortcut) ? icons.shortcut : [icons.shortcut];
+		for (const url of urls) elements.push({
+			tag: "link",
+			attrs: {
+				rel: "shortcut icon",
+				href: url
+			}
+		});
+	}
+	if (icons.apple) {
+		if (typeof icons.apple === "string") elements.push({
+			tag: "link",
+			attrs: {
+				rel: "apple-touch-icon",
+				href: icons.apple
+			}
+		});
+		else if (Array.isArray(icons.apple)) for (const icon of icons.apple) {
+			const attrs = {
+				rel: "apple-touch-icon",
+				href: icon.url
+			};
+			if (icon.sizes) attrs.sizes = icon.sizes;
+			elements.push({
+				tag: "link",
+				attrs
+			});
+		}
+	}
+	if (icons.other) for (const icon of icons.other) {
+		const attrs = {
+			rel: icon.rel,
+			href: icon.url
+		};
+		if (icon.sizes) attrs.sizes = icon.sizes;
+		if (icon.type) attrs.type = icon.type;
+		elements.push({
+			tag: "link",
+			attrs
+		});
+	}
+}
+function renderAlternates(alternates, elements) {
+	if (alternates.canonical) elements.push({
+		tag: "link",
+		attrs: {
+			rel: "canonical",
+			href: alternates.canonical
+		}
+	});
+	if (alternates.languages) for (const [lang, href] of Object.entries(alternates.languages)) elements.push({
+		tag: "link",
+		attrs: {
+			rel: "alternate",
+			hreflang: lang,
+			href
+		}
+	});
+	if (alternates.media) for (const [media, href] of Object.entries(alternates.media)) elements.push({
+		tag: "link",
+		attrs: {
+			rel: "alternate",
+			media,
+			href
+		}
+	});
+	if (alternates.types) for (const [type, href] of Object.entries(alternates.types)) elements.push({
+		tag: "link",
+		attrs: {
+			rel: "alternate",
+			type,
+			href
+		}
+	});
+}
+function renderVerification(verification, elements) {
+	const verificationProps = [
+		["google-site-verification", verification.google],
+		["y_key", verification.yahoo],
+		["yandex-verification", verification.yandex]
+	];
+	for (const [name, content] of verificationProps) if (content) elements.push({
+		tag: "meta",
+		attrs: {
+			name,
+			content
+		}
+	});
+	if (verification.other) for (const [name, value] of Object.entries(verification.other)) {
+		const content = Array.isArray(value) ? value.join(", ") : value;
+		elements.push({
+			tag: "meta",
+			attrs: {
+				name,
+				content
+			}
+		});
+	}
+}
+function renderAppleWebApp(appleWebApp, elements) {
+	if (appleWebApp.capable) elements.push({
+		tag: "meta",
+		attrs: {
+			name: "apple-mobile-web-app-capable",
+			content: "yes"
+		}
+	});
+	if (appleWebApp.title) elements.push({
+		tag: "meta",
+		attrs: {
+			name: "apple-mobile-web-app-title",
+			content: appleWebApp.title
+		}
+	});
+	if (appleWebApp.statusBarStyle) elements.push({
+		tag: "meta",
+		attrs: {
+			name: "apple-mobile-web-app-status-bar-style",
+			content: appleWebApp.statusBarStyle
+		}
+	});
+	if (appleWebApp.startupImage) {
+		const images = Array.isArray(appleWebApp.startupImage) ? appleWebApp.startupImage : [{ url: appleWebApp.startupImage }];
+		for (const img of images) {
+			const attrs = {
+				rel: "apple-touch-startup-image",
+				href: typeof img === "string" ? img : img.url
+			};
+			if (typeof img === "object" && img.media) attrs.media = img.media;
+			elements.push({
+				tag: "link",
+				attrs
+			});
+		}
+	}
+}
+function renderAppLinks(appLinks, elements) {
+	const platformEntries = [
+		["ios", appLinks.ios],
+		["android", appLinks.android],
+		["windows", appLinks.windows],
+		["windows_phone", appLinks.windowsPhone],
+		["windows_universal", appLinks.windowsUniversal]
+	];
+	for (const [platform, entries] of platformEntries) {
+		if (!entries) continue;
+		for (const entry of entries) for (const [key, value] of Object.entries(entry)) if (value !== void 0 && value !== null) elements.push({
+			tag: "meta",
+			attrs: {
+				property: `al:${platform}:${key}`,
+				content: String(value)
+			}
+		});
+	}
+	if (appLinks.web) {
+		if (appLinks.web.url) elements.push({
+			tag: "meta",
+			attrs: {
+				property: "al:web:url",
+				content: appLinks.web.url
+			}
+		});
+		if (appLinks.web.shouldFallback !== void 0) elements.push({
+			tag: "meta",
+			attrs: {
+				property: "al:web:should_fallback",
+				content: appLinks.web.shouldFallback ? "true" : "false"
+			}
+		});
+	}
+}
+function renderItunes(itunes, elements) {
+	const parts = [`app-id=${itunes.appId}`];
+	if (itunes.affiliateData) parts.push(`affiliate-data=${itunes.affiliateData}`);
+	if (itunes.appArgument) parts.push(`app-argument=${itunes.appArgument}`);
+	elements.push({
+		tag: "meta",
+		attrs: {
+			name: "apple-itunes-app",
+			content: parts.join(", ")
+		}
+	});
+}
+//#endregion
+//#region src/server/metadata.ts
+/**
+* Resolve a title value with an optional template.
+*
+* - string → apply template if present
+* - { absolute: '...' } → use as-is, skip template
+* - { default: '...' } → use as fallback (no template applied)
+* - undefined → undefined
+*/
+function resolveTitle(title, template) {
+	if (title === void 0 || title === null) return;
+	if (typeof title === "string") return template ? template.replace("%s", title) : title;
+	if (title.absolute !== void 0) return title.absolute;
+	if (title.default !== void 0) return title.default;
+}
+/**
+* Resolve metadata from a segment chain.
+*
+* Processes entries from root layout to page (in segment order).
+* The merge algorithm:
+*   1. Shallow-merge all keys except title (later wins)
+*   2. Track the most recent title template
+*   3. Resolve the final title using the template
+*
+* In error state, the page entry is dropped and noindex is injected.
+*
+* See design/16-metadata.md §"Merge Algorithm"
+*/
+function resolveMetadata(entries, options = {}) {
+	const { errorState = false } = options;
+	const merged = {};
+	let titleTemplate;
+	let lastDefault;
+	let rawTitle;
+	for (const { metadata, isPage } of entries) {
+		if (errorState && isPage) continue;
+		if (metadata.title !== void 0 && typeof metadata.title === "object") {
+			if (metadata.title.template !== void 0) titleTemplate = metadata.title.template;
+			if (metadata.title.default !== void 0) lastDefault = metadata.title.default;
+		}
+		for (const key of Object.keys(metadata)) {
+			if (key === "title") continue;
+			merged[key] = metadata[key];
+		}
+		if (metadata.title !== void 0) rawTitle = metadata.title;
+	}
+	if (errorState) {
+		rawTitle = lastDefault !== void 0 ? { default: lastDefault } : rawTitle;
+		titleTemplate = void 0;
+	}
+	const resolvedTitle = resolveTitle(rawTitle, titleTemplate);
+	if (resolvedTitle !== void 0) merged.title = resolvedTitle;
+	if (errorState) merged.robots = "noindex";
+	return merged;
+}
+/**
+* Check if a string is an absolute URL.
+*/
+function isAbsoluteUrl(url) {
+	return url.startsWith("http://") || url.startsWith("https://") || url.startsWith("//");
+}
+/**
+* Resolve a relative URL against a base URL.
+*/
+function resolveUrl(url, base) {
+	if (isAbsoluteUrl(url)) return url;
+	return new URL(url, base).toString();
+}
+/**
+* Resolve relative URLs in metadata fields against metadataBase.
+*
+* Returns a new metadata object with URLs resolved. Absolute URLs are not modified.
+* If metadataBase is not set, returns the metadata unchanged.
+*/
+function resolveMetadataUrls(metadata) {
+	const base = metadata.metadataBase;
+	if (!base) return metadata;
+	const result = { ...metadata };
+	if (result.openGraph) {
+		result.openGraph = { ...result.openGraph };
+		if (typeof result.openGraph.images === "string") result.openGraph.images = resolveUrl(result.openGraph.images, base);
+		else if (Array.isArray(result.openGraph.images)) result.openGraph.images = result.openGraph.images.map((img) => ({
+			...img,
+			url: resolveUrl(img.url, base)
+		}));
+		else if (result.openGraph.images) result.openGraph.images = {
+			...result.openGraph.images,
+			url: resolveUrl(result.openGraph.images.url, base)
+		};
+		if (result.openGraph.url && !isAbsoluteUrl(result.openGraph.url)) result.openGraph.url = resolveUrl(result.openGraph.url, base);
+	}
+	if (result.twitter) {
+		result.twitter = { ...result.twitter };
+		if (typeof result.twitter.images === "string") result.twitter.images = resolveUrl(result.twitter.images, base);
+		else if (Array.isArray(result.twitter.images)) {
+			const resolved = result.twitter.images.map((img) => typeof img === "string" ? resolveUrl(img, base) : {
+				...img,
+				url: resolveUrl(img.url, base)
+			});
+			const allStrings = resolved.every((r) => typeof r === "string");
+			result.twitter.images = allStrings ? resolved : resolved;
+		} else if (result.twitter.images) result.twitter.images = {
+			...result.twitter.images,
+			url: resolveUrl(result.twitter.images.url, base)
+		};
+	}
+	if (result.alternates) {
+		result.alternates = { ...result.alternates };
+		if (result.alternates.canonical && !isAbsoluteUrl(result.alternates.canonical)) result.alternates.canonical = resolveUrl(result.alternates.canonical, base);
+		if (result.alternates.languages) {
+			const langs = {};
+			for (const [lang, url] of Object.entries(result.alternates.languages)) langs[lang] = isAbsoluteUrl(url) ? url : resolveUrl(url, base);
+			result.alternates.languages = langs;
+		}
+	}
+	if (result.icons) {
+		result.icons = { ...result.icons };
+		if (typeof result.icons.icon === "string") result.icons.icon = resolveUrl(result.icons.icon, base);
+		else if (Array.isArray(result.icons.icon)) result.icons.icon = result.icons.icon.map((i) => ({
+			...i,
+			url: resolveUrl(i.url, base)
+		}));
+		if (typeof result.icons.apple === "string") result.icons.apple = resolveUrl(result.icons.apple, base);
+		else if (Array.isArray(result.icons.apple)) result.icons.apple = result.icons.apple.map((i) => ({
+			...i,
+			url: resolveUrl(i.url, base)
+		}));
+	}
+	return result;
+}
+//#endregion
+//#region src/server/form-data.ts
+/**
+* FormData preprocessing — schema-agnostic conversion of FormData to typed objects.
+*
+* FormData is all strings. Schema validation expects typed values. This module
+* bridges the gap with intelligent coercion that runs *before* schema validation.
+*
+* Inspired by zod-form-data, but schema-agnostic — works with any Standard Schema
+* library (Zod, Valibot, ArkType).
+*
+* See design/08-forms-and-actions.md §"parseFormData() and coerce helpers"
+*/
+/**
+* Convert FormData into a plain object with intelligent coercion.
+*
+* Handles:
+* - **Duplicate keys → arrays**: `tags=js&tags=ts` → `{ tags: ["js", "ts"] }`
+* - **Nested dot-paths**: `user.name=Alice` → `{ user: { name: "Alice" } }`
+* - **Empty strings → undefined**: Enables `.optional()` semantics in schemas
+* - **Empty Files → undefined**: File inputs with no selection become `undefined`
+* - **Strips `$ACTION_*` fields**: React's internal hidden fields are excluded
+*/
+function parseFormData(formData) {
+	const flat = {};
+	for (const key of new Set(formData.keys())) {
+		if (key.startsWith("$ACTION_")) continue;
+		const processed = formData.getAll(key).map(normalizeValue);
+		if (processed.length === 1) flat[key] = processed[0];
+		else flat[key] = processed.filter((v) => v !== void 0);
+	}
+	return expandDotPaths(flat);
+}
+/**
+* Normalize a single FormData entry value.
+* - Empty strings → undefined (enables .optional() semantics)
+* - Empty File objects (no selection) → undefined
+* - Everything else passes through as-is
+*/
+function normalizeValue(value) {
+	if (typeof value === "string") return value === "" ? void 0 : value;
+	if (value instanceof File && value.size === 0 && value.name === "") return;
+	return value;
+}
+/**
+* Expand dot-notation keys into nested objects.
+* `{ "user.name": "Alice", "user.age": "30" }` → `{ user: { name: "Alice", age: "30" } }`
+*
+* Keys without dots are left as-is. Bracket notation (e.g. `items[0]`) is NOT
+* supported — use dot notation (`items.0`) instead.
+*/
+function expandDotPaths(flat) {
+	const result = {};
+	let hasDotPaths = false;
+	for (const key of Object.keys(flat)) if (key.includes(".")) {
+		hasDotPaths = true;
+		break;
+	}
+	if (!hasDotPaths) return flat;
+	for (const [key, value] of Object.entries(flat)) {
+		if (!key.includes(".")) {
+			result[key] = value;
+			continue;
+		}
+		const parts = key.split(".");
+		let current = result;
+		for (let i = 0; i < parts.length - 1; i++) {
+			const part = parts[i];
+			if (current[part] === void 0 || current[part] === null) current[part] = {};
+			if (typeof current[part] !== "object" || current[part] instanceof File) current[part] = {};
+			current = current[part];
+		}
+		current[parts[parts.length - 1]] = value;
+	}
+	return result;
+}
+/**
+* Schema-agnostic coercion primitives for common FormData patterns.
+*
+* These are plain transform functions — they compose with any schema library's
+* `transform`/`preprocess` pipeline:
+*
+* ```ts
+* // Zod
+* z.preprocess(coerce.number, z.number())
+* // Valibot
+* v.pipe(v.unknown(), v.transform(coerce.number), v.number())
+* ```
+*/
+var coerce = {
+	number(value) {
+		if (value === void 0 || value === null || value === "") return void 0;
+		if (typeof value === "number") return value;
+		if (typeof value !== "string") return void 0;
+		const num = Number(value);
+		if (Number.isNaN(num)) return void 0;
+		return num;
+	},
+	checkbox(value) {
+		if (value === void 0 || value === null || value === "") return false;
+		if (typeof value === "boolean") return value;
+		return typeof value === "string" && value.length > 0;
+	},
+	json(value) {
+		if (value === void 0 || value === null || value === "") return void 0;
+		if (typeof value !== "string") return value;
+		try {
+			return JSON.parse(value);
+		} catch {
+			return;
+		}
+	}
+};
+//#endregion
+//#region src/server/action-client.ts
+/**
+* createActionClient — typed middleware and schema validation for server actions.
+*
+* Inspired by next-safe-action. Provides a builder API:
+*   createActionClient({ middleware }) → .schema(z.object(...)) → .action(fn)
+*
+* The resulting action function satisfies both:
+*   1. Direct call: action(input) → Promise<ActionResult>
+*   2. React useActionState: (prevState, formData) => Promise<ActionResult>
+*
+* See design/08-forms-and-actions.md §"Middleware for Server Actions"
+*/
+/**
+* Typed error class for server actions. Carries a string code and optional data.
+* When thrown from middleware or the action body, the action short-circuits and
+* the client receives `result.serverError`.
+*
+* In production, unexpected errors (non-ActionError) return `{ code: 'INTERNAL_ERROR' }`
+* with no message. In dev, `data.message` is included.
+*/
+var ActionError = class extends Error {
+	code;
+	data;
+	constructor(code, data) {
+		super(`ActionError: ${code}`);
+		this.name = "ActionError";
+		this.code = code;
+		this.data = data;
+	}
+};
+/** Check if a schema implements the Standard Schema protocol. */
+function isStandardSchema(schema) {
+	return typeof schema === "object" && schema !== null && "~standard" in schema && typeof schema["~standard"].validate === "function";
+}
+/**
+* Run middleware array or single function. Returns merged context.
+*/
+async function runActionMiddleware(middleware) {
+	if (!middleware) return {};
+	if (Array.isArray(middleware)) {
+		let merged = {};
+		for (const mw of middleware) {
+			const result = await mw();
+			merged = {
+				...merged,
+				...result
+			};
+		}
+		return merged;
+	}
+	return await middleware();
+}
+/**
+* Extract validation errors from a schema error.
+* Supports Zod's flatten() and generic issues array.
+*/
+function extractValidationErrors(error) {
+	if (typeof error.flatten === "function") return error.flatten().fieldErrors;
+	if (error.issues) {
+		const errors = {};
+		for (const issue of error.issues) {
+			const path = issue.path?.join(".") ?? "_root";
+			if (!errors[path]) errors[path] = [];
+			errors[path].push(issue.message);
+		}
+		return errors;
+	}
+	return { _root: ["Validation failed"] };
+}
+/**
+* Extract validation errors from Standard Schema issues.
+*/
+function extractStandardSchemaErrors(issues) {
+	const errors = {};
+	for (const issue of issues) {
+		const path = issue.path?.map((p) => {
+			if (typeof p === "object" && p !== null && "key" in p) return String(p.key);
+			return String(p);
+		}).join(".") ?? "_root";
+		if (!errors[path]) errors[path] = [];
+		errors[path].push(issue.message);
+	}
+	return Object.keys(errors).length > 0 ? errors : { _root: ["Validation failed"] };
+}
+/**
+* Wrap unexpected errors into a safe server error result.
+* ActionError → typed result. Other errors → INTERNAL_ERROR (no leak).
+*
+* Exported for use by action-handler.ts to catch errors from raw 'use server'
+* functions that don't use createActionClient.
+*/
+function handleActionError(error) {
+	if (error instanceof ActionError) return { serverError: {
+		code: error.code,
+		...error.data ? { data: error.data } : {}
+	} };
+	return { serverError: {
+		code: "INTERNAL_ERROR",
+		...typeof process !== "undefined" && process.env.NODE_ENV !== "production" && error instanceof Error ? { data: { message: error.message } } : {}
+	} };
+}
+/**
+* Create a typed action client with middleware and schema validation.
+*
+* @example
+* ```ts
+* const action = createActionClient({
+*   middleware: async () => {
+*     const user = await getUser()
+*     if (!user) throw new ActionError('UNAUTHORIZED')
+*     return { user }
+*   },
+* })
+*
+* export const createTodo = action
+*   .schema(z.object({ title: z.string().min(1) }))
+*   .action(async ({ input, ctx }) => {
+*     await db.todos.create({ ...input, userId: ctx.user.id })
+*   })
+* ```
+*/
+function createActionClient(config = {}) {
+	function buildAction(schema, fn) {
+		async function actionHandler(...args) {
+			try {
+				const ctx = await runActionMiddleware(config.middleware);
+				let rawInput;
+				if (args.length === 2 && args[1] instanceof FormData) rawInput = schema ? parseFormData(args[1]) : args[1];
+				else rawInput = args[0];
+				if (config.fileSizeLimit !== void 0 && rawInput && typeof rawInput === "object") {
+					const fileSizeErrors = validateFileSizes(rawInput, config.fileSizeLimit);
+					if (fileSizeErrors) return {
+						validationErrors: fileSizeErrors,
+						submittedValues: stripFiles(rawInput)
+					};
+				}
+				const submittedValues = schema ? stripFiles(rawInput) : void 0;
+				let input;
+				if (schema) if (isStandardSchema(schema)) {
+					const result = schema["~standard"].validate(rawInput);
+					if (result instanceof Promise) throw new Error("[timber] createActionClient: schema returned a Promise — only sync schemas are supported.");
+					if (result.issues) {
+						const validationErrors = extractStandardSchemaErrors(result.issues);
+						logValidationFailure(validationErrors);
+						return {
+							validationErrors,
+							submittedValues
+						};
+					}
+					input = result.value;
+				} else if (typeof schema.safeParse === "function") {
+					const result = schema.safeParse(rawInput);
+					if (!result.success) {
+						const validationErrors = extractValidationErrors(result.error);
+						logValidationFailure(validationErrors);
+						return {
+							validationErrors,
+							submittedValues
+						};
+					}
+					input = result.data;
+				} else try {
+					input = schema.parse(rawInput);
+				} catch (parseError) {
+					const validationErrors = extractValidationErrors(parseError);
+					logValidationFailure(validationErrors);
+					return {
+						validationErrors,
+						submittedValues
+					};
+				}
+				else input = rawInput;
+				return { data: await fn({
+					ctx,
+					input
+				}) };
+			} catch (error) {
+				return handleActionError(error);
+			}
+		}
+		return actionHandler;
+	}
+	return {
+		schema(schema) {
+			return { action(fn) {
+				return buildAction(schema, fn);
+			} };
+		},
+		action(fn) {
+			return buildAction(void 0, fn);
+		}
+	};
+}
+/**
+* Convenience wrapper for the common case: validate input, run handler.
+* No middleware needed.
+*
+* @example
+* ```ts
+* 'use server'
+* import { validated } from '@timber/app/server'
+* import { z } from 'zod'
+*
+* export const createTodo = validated(
+*   z.object({ title: z.string().min(1) }),
+*   async (input) => {
+*     await db.todos.create(input)
+*   }
+* )
+* ```
+*/
+function validated(schema, handler) {
+	return createActionClient().schema(schema).action(async ({ input }) => handler(input));
+}
+/**
+* Log validation failures in dev mode so developers can see what went wrong.
+* In production, validation errors are only returned to the client.
+*/
+function logValidationFailure(errors) {
+	if (!(typeof process !== "undefined" && process.env.NODE_ENV !== "production")) return;
+	const fields = Object.entries(errors).map(([field, messages]) => `  ${field}: ${messages.join(", ")}`).join("\n");
+	console.warn(`[timber] action schema validation failed:\n${fields}`);
+}
+/**
+* Validate that all File objects in the input are within the size limit.
+* Returns validation errors keyed by field name, or null if all files are ok.
+*/
+function validateFileSizes(input, limit) {
+	const errors = {};
+	const limitKb = Math.round(limit / 1024);
+	const limitLabel = limit >= 1024 * 1024 ? `${Math.round(limit / (1024 * 1024))}MB` : `${limitKb}KB`;
+	for (const [key, value] of Object.entries(input)) if (value instanceof File && value.size > limit) errors[key] = [`File "${value.name}" (${formatSize(value.size)}) exceeds the ${limitLabel} limit`];
+	else if (Array.isArray(value)) {
+		const oversized = value.filter((item) => item instanceof File && item.size > limit);
+		if (oversized.length > 0) errors[key] = oversized.map((f) => `File "${f.name}" (${formatSize(f.size)}) exceeds the ${limitLabel} limit`);
+	}
+	return Object.keys(errors).length > 0 ? errors : null;
+}
+/**
+* Strip File objects from a value, returning a plain object safe for
+* serialization. File objects can't be serialized and shouldn't be echoed back.
+*/
+function stripFiles(value) {
+	if (value === null || value === void 0) return void 0;
+	if (typeof value !== "object") return void 0;
+	const result = {};
+	for (const [k, v] of Object.entries(value)) {
+		if (v instanceof File) continue;
+		if (Array.isArray(v)) result[k] = v.filter((item) => !(item instanceof File));
+		else if (typeof v === "object" && v !== null && !(v instanceof File)) result[k] = stripFiles(v) ?? {};
+		else result[k] = v;
+	}
+	return result;
+}
+//#endregion
+//#region src/server/form-flash.ts
+/**
+* Form Flash — ALS-based store for no-JS form action results.
+*
+* When a no-JS form action completes, the server re-renders the page with
+* the action result injected via AsyncLocalStorage instead of redirecting
+* (which would discard the result). Server components read the flash and
+* pass it to client form components as the initial `useActionState` value.
+*
+* This follows the Remix/Rails pattern — the form component becomes the
+* single source of truth for both with-JS (React state) and no-JS (flash).
+*
+* The flash data is server-side only — never serialized to cookies or headers.
+*
+* See design/08-forms-and-actions.md §"No-JS Error Round-Trip"
+*/
+var formFlashAls = new AsyncLocalStorage();
+/**
+* Read the form flash data for the current request.
+*
+* Returns `null` if no flash data is present (i.e., this is a normal page
+* render, not a re-render after a no-JS form submission).
+*
+* Pass the flash as the initial state to `useActionState` so the form
+* component has a single source of truth for both with-JS and no-JS paths:
+*
+* ```tsx
+* // app/contact/page.tsx (server component)
+* import { getFormFlash } from '@timber/app/server'
+*
+* export default function ContactPage() {
+*   const flash = getFormFlash()
+*   return <ContactForm flash={flash} />
+* }
+*
+* // app/contact/form.tsx (client component)
+* export function ContactForm({ flash }) {
+*   const [result, action, isPending] = useActionState(submitContact, flash)
+*   // result is the single source of truth — flash seeds it on no-JS
+* }
+* ```
+*/
+function getFormFlash() {
+	return formFlashAls.getStore() ?? null;
+}
+//#endregion
+//#region src/server/actions.ts
+/**
+* Server action primitives: revalidatePath, revalidateTag, and the action handler.
+*
+* - revalidatePath(path) re-renders the route at that path and returns the RSC
+*   flight payload for inline reconciliation.
+* - revalidateTag(tag) invalidates cached shells and 'use cache' entries by tag.
+*
+* Both are callable from anywhere on the server — actions, API routes, handlers.
+*
+* The action handler processes incoming action requests, validates CSRF,
+* enforces body limits, executes the action, and returns the response
+* (with piggybacked RSC payload if revalidatePath was called).
+*
+* See design/08-forms-and-actions.md
+*/
+var revalidationAls = new AsyncLocalStorage();
+/**
+* Get the current revalidation state. Throws if called outside an action context.
+* @internal
+*/
+function getRevalidationState() {
+	const state = revalidationAls.getStore();
+	if (!state) throw new Error("revalidatePath/revalidateTag called outside of a server action context. These functions can only be called during action execution.");
+	return state;
+}
+/**
+* Re-render the route at `path` and include the RSC flight payload in the
+* action response. The client reconciles inline — no separate fetch needed.
+*
+* Can be called from server actions, API routes, or any server-side context.
+*
+* @param path - The path to re-render (e.g. '/dashboard', '/todos').
+*/
+function revalidatePath(path) {
+	const state = getRevalidationState();
+	if (!state.paths.includes(path)) state.paths.push(path);
+}
+/**
+* Invalidate all pre-rendered shells and 'use cache' entries tagged with `tag`.
+* Does not return a payload — the next request for an invalidated route re-renders fresh.
+*
+* @param tag - The cache tag to invalidate (e.g. 'products', 'user:123').
+*/
+function revalidateTag(tag) {
+	const state = getRevalidationState();
+	if (!state.tags.includes(tag)) state.tags.push(tag);
+}
+/**
+* Execute a server action and process revalidation.
+*
+* 1. Sets up revalidation state
+* 2. Calls the action function
+* 3. Processes revalidateTag calls (invalidates cache entries)
+* 4. Processes revalidatePath calls (re-renders and captures RSC payload)
+* 5. Returns the action result + optional RSC payload
+*
+* @param actionFn - The server action function to execute.
+* @param args - Arguments to pass to the action.
+* @param config - Handler configuration (cache handler, renderer).
+*/
+async function executeAction(actionFn, args, config = {}, spanMeta) {
+	const state = {
+		paths: [],
+		tags: []
+	};
+	let actionResult;
+	let redirectTo;
+	let redirectStatus;
+	await revalidationAls.run(state, async () => {
+		try {
+			actionResult = await withSpan("timber.action", {
+				...spanMeta?.actionFile ? { "timber.action_file": spanMeta.actionFile } : {},
+				...spanMeta?.actionName ? { "timber.action_name": spanMeta.actionName } : {}
+			}, () => actionFn(...args));
+		} catch (error) {
+			if (error instanceof RedirectSignal) {
+				redirectTo = error.location;
+				redirectStatus = error.status;
+			} else throw error;
+		}
+	});
+	if (state.tags.length > 0 && config.cacheHandler) await Promise.all(state.tags.map((tag) => config.cacheHandler.invalidate({ tag })));
+	let revalidation;
+	if (state.paths.length > 0 && config.renderer) {
+		const path = state.paths[0];
+		try {
+			revalidation = await config.renderer(path);
+		} catch (renderError) {
+			if (renderError instanceof RedirectSignal) {
+				redirectTo = renderError.location;
+				redirectStatus = renderError.status;
+			} else console.error("[timber] revalidatePath render failed:", renderError);
+		}
+	}
+	return {
+		actionResult,
+		revalidation,
+		...redirectTo ? {
+			redirectTo,
+			redirectStatus
+		} : {}
+	};
+}
+/**
+* Build an HTTP Response for a no-JS form submission.
+* Standard POST → 302 redirect pattern.
+*
+* @param redirectPath - Where to redirect after the action executes.
+*/
+function buildNoJsResponse(redirectPath, status = 302) {
+	return new Response(null, {
+		status,
+		headers: { Location: redirectPath }
+	});
+}
+/**
+* Detect whether the incoming request is an RSC action request (with JS)
+* or a plain HTML form POST (no JS).
+*
+* RSC action requests use Accept: text/x-component or Content-Type: text/x-component.
+*/
+function isRscActionRequest(req) {
+	const accept = req.headers.get("Accept") ?? "";
+	const contentType = req.headers.get("Content-Type") ?? "";
+	return accept.includes("text/x-component") || contentType.includes("text/x-component");
+}
+//#endregion
+//#region src/server/route-handler.ts
+/** All recognized HTTP method export names. */
+var HTTP_METHODS = [
+	"GET",
+	"POST",
+	"PUT",
+	"PATCH",
+	"DELETE",
+	"HEAD",
+	"OPTIONS"
+];
+/**
+* Resolve the full list of allowed methods for a route module.
+*
+* Includes:
+* - All explicitly exported methods
+* - HEAD (implicit when GET is exported)
+* - OPTIONS (always implicit)
+*/
+function resolveAllowedMethods(mod) {
+	const methods = [];
+	for (const method of HTTP_METHODS) {
+		if (method === "HEAD" || method === "OPTIONS") continue;
+		if (mod[method]) methods.push(method);
+	}
+	if (mod.GET && !mod.HEAD) methods.push("HEAD");
+	else if (mod.HEAD) methods.push("HEAD");
+	if (!mod.OPTIONS) methods.push("OPTIONS");
+	else methods.push("OPTIONS");
+	return methods;
+}
+/**
+* Handle an incoming request against a route.ts module.
+*
+* Dispatches to the named method handler, auto-generates 405/OPTIONS,
+* and merges response headers from ctx.headers.
+*/
+async function handleRouteRequest(mod, ctx) {
+	const method = ctx.req.method.toUpperCase();
+	const allowHeader = resolveAllowedMethods(mod).join(", ");
+	if (method === "OPTIONS") {
+		if (mod.OPTIONS) return runHandler(mod.OPTIONS, ctx);
+		return new Response(null, {
+			status: 204,
+			headers: { Allow: allowHeader }
+		});
+	}
+	if (method === "HEAD") {
+		if (mod.HEAD) return runHandler(mod.HEAD, ctx);
+		if (mod.GET) {
+			const res = await runHandler(mod.GET, ctx);
+			return new Response(null, {
+				status: res.status,
+				headers: res.headers
+			});
+		}
+	}
+	const handler = mod[method];
+	if (!handler) return new Response(null, {
+		status: 405,
+		headers: { Allow: allowHeader }
+	});
+	return runHandler(handler, ctx);
+}
+/**
+* Run a handler, merge ctx.headers into the response, and catch errors.
+*/
+async function runHandler(handler, ctx) {
+	try {
+		return mergeResponseHeaders(await handler(ctx), ctx.headers);
+	} catch (error) {
+		console.error("[timber] Uncaught error in route.ts handler:", error);
+		return new Response(null, { status: 500 });
+	}
+}
+/**
+* Merge response headers from ctx.headers into the handler's response.
+* ctx.headers (set by middleware or the handler) are applied to the final response.
+* Handler-set headers take precedence over ctx.headers.
+*/
+function mergeResponseHeaders(res, ctxHeaders) {
+	let hasCtxHeaders = false;
+	ctxHeaders.forEach(() => {
+		hasCtxHeaders = true;
+	});
+	if (!hasCtxHeaders) return res;
+	const merged = new Headers();
+	ctxHeaders.forEach((value, key) => merged.set(key, value));
+	res.headers.forEach((value, key) => merged.set(key, value));
+	return new Response(res.body, {
+		status: res.status,
+		statusText: res.statusText,
+		headers: merged
+	});
+}
+//#endregion
+export { AccessGate, ActionError, DEFAULT_LIMITS, DenySignal, METADATA_ROUTE_CONVENTIONS, RedirectSignal, RedirectType, RenderError, SlotAccessGate, WarningId, addSpanEvent, buildElementTree, buildNoJsResponse, callOnRequestError, canonicalize, classifyMetadataRoute, coerce, collectEarlyHintHeaders, cookies, createActionClient, createPipeline, deny, enforceBodyLimits, executeAction, flushResponse, formatLinkHeader, generateTraceId, getFormFlash, getLogger, getMetadataRouteAutoLink, getMetadataRouteServePath, getSetCookieHeaders, handleRouteRequest, hasOnRequestError, headers, isRscActionRequest, loadInstrumentation, logCacheMiss, logMiddlewareError, logMiddlewareShortCircuit, logProxyError, logRenderError, logRequestCompleted, logRequestReceived, logSlowRequest, logSwrRefetchFailed, logWaitUntilRejected, logWaitUntilUnsupported, markResponseFlushed, notFound, parseBodySize, parseFormData, permanentRedirect, redirect, redirectExternal, renderMetadataToElements, replaceTraceId, resolveAllowedMethods, resolveMetadata, resolveMetadataUrls, resolveSlotDenied, resolveStatusFile, resolveTitle, revalidatePath, revalidateTag, runMiddleware, runProxy, runWithEarlyHintsSender, runWithRequestContext, runWithTraceId, searchParams, sendEarlyHints103, setCookieSecrets, setLogger, setMutableCookieContext, setParsedSearchParams, setViteServer, spanId, traceId, validateCsrf, validated, waitUntil, warnCacheRequestProps, warnDenyAfterFlush, warnDenyInSuspense, warnDynamicApiInStaticBuild, warnRedirectInAccess, warnRedirectInSlotAccess, warnRedirectInSuspense, warnSlowSlotWithoutSuspense, warnStaticRequestApi, warnSuspenseWrappingChildren, withSpan };
+
+//# sourceMappingURL=index.js.map