@timber-js/app 0.1.48 → 0.1.50

package/src/plugins/entries.ts

@@ -33,6 +33,7 @@ const VIRTUAL_IDS = {
   ssrEntry: 'virtual:timber-ssr-entry',
   browserEntry: 'virtual:timber-browser-entry',
   config: 'virtual:timber-config',
+  instrumentation: 'virtual:timber-instrumentation',
 } as const;
 
 /**
@@ -53,6 +54,9 @@ const ENTRY_FILE_MAP: Record<string, string> = {
 /** The \0-prefixed resolved ID for virtual:timber-config */
 const RESOLVED_CONFIG_ID = `\0${VIRTUAL_IDS.config}`;
 
+/** The \0-prefixed resolved ID for virtual:timber-instrumentation */
+const RESOLVED_INSTRUMENTATION_ID = `\0${VIRTUAL_IDS.instrumentation}`;
+
 /**
  * Strip the \0 prefix from a module ID.
  *
@@ -103,6 +107,7 @@ function generateConfigModule(ctx: PluginContext): string {
     clientJavascript: ctx.clientJavascript,
     dev: ctx.dev ?? false,
     slowPhaseMs: ctx.config.dev?.slowPhaseMs ?? 200,
+    slowRequestMs: ctx.config.slowRequestMs ?? 3000,
     cookieSecrets,
   };
 
@@ -116,6 +121,56 @@ function generateConfigModule(ctx: PluginContext): string {
   ].join('\n');
 }
 
+/**
+ * Detect the user's instrumentation.ts file at the project root.
+ *
+ * Checks for instrumentation.ts, .js, and .mjs — matching the same
+ * extensions as timber.config.ts detection.
+ */
+function detectInstrumentationFile(root: string): string | null {
+  const extensions = ['.ts', '.js', '.mjs'];
+  for (const ext of extensions) {
+    const candidate = resolve(root, `instrumentation${ext}`);
+    if (existsSync(candidate)) return candidate;
+  }
+  return null;
+}
+
+/**
+ * Generate the virtual:timber-instrumentation module source.
+ *
+ * When the user's instrumentation.ts exists, generates a module that
+ * dynamically imports it. When it doesn't exist, generates a module
+ * that returns null. The RSC entry calls this loader at startup time.
+ *
+ * See design/17-logging.md §"instrumentation.ts — The Entry Point"
+ */
+export function generateInstrumentationModule(instrumentationPath: string | null): string {
+  if (instrumentationPath) {
+    // Use the absolute path so the bundler can resolve and include it.
+    // The dynamic import ensures the file is loaded lazily and errors
+    // in the user's code don't prevent the module from being parsed.
+    return [
+      '// Auto-generated instrumentation loader — do not edit.',
+      '// Generated by timber-entries plugin.',
+      '',
+      `export default async function loadUserInstrumentation() {`,
+      `  return import(${JSON.stringify(instrumentationPath)});`,
+      `}`,
+    ].join('\n');
+  }
+
+  return [
+    '// Auto-generated instrumentation loader — do not edit.',
+    '// Generated by timber-entries plugin.',
+    '// No instrumentation.ts found at project root.',
+    '',
+    `export default async function loadUserInstrumentation() {`,
+    `  return null;`,
+    `}`,
+  ].join('\n');
+}
+
 /**
  * Create the timber-entries Vite plugin.
  *
@@ -153,19 +208,28 @@ export function timberEntries(ctx: PluginContext): Plugin {
         return RESOLVED_CONFIG_ID;
       }
 
+      // Check instrumentation virtual module
+      if (cleanId === VIRTUAL_IDS.instrumentation) {
+        return RESOLVED_INSTRUMENTATION_ID;
+      }
+
       return null;
     },
 
     /**
-     * Load the virtual:timber-config module.
+     * Load virtual modules: virtual:timber-config and virtual:timber-instrumentation.
      *
      * Entry files (rsc/ssr/browser) are real TypeScript files that Vite
-     * processes normally. Only virtual:timber-config needs generated code.
+     * processes normally. Only config and instrumentation need generated code.
      */
     load(id: string) {
       if (id === RESOLVED_CONFIG_ID) {
         return generateConfigModule(ctx);
       }
+      if (id === RESOLVED_INSTRUMENTATION_ID) {
+        const instrumentationPath = detectInstrumentationFile(ctx.root);
+        return generateInstrumentationModule(instrumentationPath);
+      }
       return null;
     },
 

package/src/routing/scanner.ts

@@ -19,10 +19,7 @@ import type {
   InterceptionMarker,
 } from './types.js';
 import { DEFAULT_PAGE_EXTENSIONS, INTERCEPTION_MARKERS } from './types.js';
-import {
-  classifyMetadataRoute,
-  isDynamicMetadataExtension,
-} from '#/server/metadata-routes.js';
+import { classifyMetadataRoute, isDynamicMetadataExtension } from '#/server/metadata-routes.js';
 
 /**
  * Pattern matching encoded path delimiters that must be rejected during route discovery.

package/src/server/als-registry.ts

@@ -114,3 +114,13 @@ export type EarlyHintsSenderFn = (links: string[]) => void;
 
 /** @internal — import via early-hints-sender.ts public API */
 export const earlyHintsSenderAls = new AsyncLocalStorage<EarlyHintsSenderFn>();
+
+// ─── waitUntil Bridge ────────────────────────────────────────────────────
+// Used by: waituntil-bridge.ts (waitUntil())
+// Design doc: design/11-platform.md §"waitUntil()"
+
+/** Function that extends the request lifecycle with a background promise. */
+export type WaitUntilFn = (promise: Promise<unknown>) => void;
+
+/** @internal — import via waituntil-bridge.ts public API */
+export const waitUntilAls = new AsyncLocalStorage<WaitUntilFn>();

package/src/server/compress.ts

@@ -153,4 +153,3 @@ function compressWithGzip(body: ReadableStream<Uint8Array>): ReadableStream<Uint
   // than ReadableStream's Uint8Array, but Uint8Array is a valid BufferSource.
   return body.pipeThrough(compressionStream as unknown as TransformStream<Uint8Array, Uint8Array>);
 }
-

package/src/server/metadata-platform.ts

@@ -218,7 +218,10 @@ export function renderAppLinks(
 /**
  * Render Apple iTunes smart banner meta tag.
  */
-export function renderItunes(itunes: NonNullable<Metadata['itunes']>, elements: HeadElement[]): void {
+export function renderItunes(
+  itunes: NonNullable<Metadata['itunes']>,
+  elements: HeadElement[]
+): void {
   const parts = [`app-id=${itunes.appId}`];
   if (itunes.affiliateData) parts.push(`affiliate-data=${itunes.affiliateData}`);
   if (itunes.appArgument) parts.push(`app-argument=${itunes.appArgument}`);

package/src/server/metadata-social.ts

@@ -15,7 +15,10 @@ import type { HeadElement } from './metadata.js';
  * Handles og:title, og:description, og:image (with dimensions/alt),
  * og:video, og:audio, og:article:author, and other OG properties.
  */
-export function renderOpenGraph(og: NonNullable<Metadata['openGraph']>, elements: HeadElement[]): void {
+export function renderOpenGraph(
+  og: NonNullable<Metadata['openGraph']>,
+  elements: HeadElement[]
+): void {
   const simpleProps: Array<[string, string | undefined]> = [
     ['og:title', og.title],
     ['og:description', og.description],

package/src/server/pipeline.ts

@@ -14,11 +14,7 @@
 import { canonicalize } from './canonicalize.js';
 import { runProxy, type ProxyExport } from './proxy.js';
 import { runMiddleware, type MiddlewareFn } from './middleware-runner.js';
-import {
-  runWithTimingCollector,
-  withTiming,
-  getServerTimingHeader,
-} from './server-timing.js';
+import { runWithTimingCollector, withTiming, getServerTimingHeader } from './server-timing.js';
 import {
   runWithRequestContext,
   applyRequestHeaderOverlay,
@@ -258,9 +254,7 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
           return response;
         };
 
-        return enableServerTiming
-          ? runWithTimingCollector(runRequest)
-          : runRequest();
+        return enableServerTiming ? runWithTimingCollector(runRequest) : runRequest();
       });
     });
   };
@@ -276,12 +270,9 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
       } else {
         proxyExport = config.proxy!;
       }
-      const proxyFn = () =>
-        runProxy(proxyExport, req, () => handleRequest(req, method, path));
+      const proxyFn = () => runProxy(proxyExport, req, () => handleRequest(req, method, path));
       return await withSpan('timber.proxy', {}, () =>
-        enableServerTiming
-          ? withTiming('proxy', 'proxy.ts', proxyFn)
-          : proxyFn()
+        enableServerTiming ? withTiming('proxy', 'proxy.ts', proxyFn) : proxyFn()
       );
     } catch (error) {
       // Uncaught proxy.ts error → bare HTTP 500
@@ -430,9 +421,7 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
         setMutableCookieContext(true);
         const middlewareFn = () => runMiddleware(match.middleware!, ctx);
         const middlewareResponse = await withSpan('timber.middleware', {}, () =>
-          enableServerTiming
-            ? withTiming('mw', 'middleware.ts', middlewareFn)
-            : middlewareFn()
+          enableServerTiming ? withTiming('mw', 'middleware.ts', middlewareFn) : middlewareFn()
         );
         setMutableCookieContext(false);
         if (middlewareResponse) {
@@ -487,9 +476,7 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
       const renderFn = () =>
         render(req, match, responseHeaders, requestHeaderOverlay, interception);
       const response = await withSpan('timber.render', { 'http.route': canonicalPathname }, () =>
-        enableServerTiming
-          ? withTiming('render', 'RSC + SSR render', renderFn)
-          : renderFn()
+        enableServerTiming ? withTiming('render', 'RSC + SSR render', renderFn) : renderFn()
       );
       markResponseFlushed();
       return response;
@@ -542,8 +529,6 @@ async function fireOnRequestError(
   );
 }
 
-
-
 // ─── Cookie Helpers ──────────────────────────────────────────────────────
 
 /**
@@ -585,5 +570,3 @@ function ensureMutableResponse(response: Response): Response {
     });
   }
 }
-
-

package/src/server/primitives.ts

@@ -4,6 +4,7 @@
 // use to control request flow. See design/10-error-handling.md.
 
 import type { JsonSerializable } from './types.js';
+import { getWaitUntil as _getWaitUntil } from './waituntil-bridge.js';
 
 // ─── Dev-mode validation ────────────────────────────────────────────────────
 
@@ -71,10 +72,7 @@ export function findNonSerializable(value: unknown, path = 'data'): string | nul
   }
 
   for (const key of Object.keys(value as Record<string, unknown>)) {
-    const result = findNonSerializable(
-      (value as Record<string, unknown>)[key],
-      `${path}.${key}`
-    );
+    const result = findNonSerializable((value as Record<string, unknown>)[key], `${path}.${key}`);
     if (result) return result;
   }
   return null;
@@ -338,14 +336,26 @@ let _waitUntilWarned = false;
  * Register a promise to be kept alive after the response is sent.
  * Maps to `ctx.waitUntil()` on Cloudflare Workers and similar platforms.
  *
- * If the adapter does not support `waitUntil`, a warning is logged once
- * and the promise is left to resolve (or reject) without being tracked.
+ * In production, the platform adapter installs a per-request waitUntil
+ * function via ALS (see waituntil-bridge.ts). This function checks the
+ * ALS bridge first, then falls back to the legacy adapter argument.
+ *
+ * If neither is available, a warning is logged once and the promise is
+ * left to resolve (or reject) without being tracked.
  *
  * @param promise - The background work to keep alive.
- * @param adapter - The platform adapter (injected by the framework at runtime).
+ * @param adapter - Optional legacy adapter (prefer ALS bridge in production).
  */
-export function waitUntil(promise: Promise<unknown>, adapter: WaitUntilAdapter): void {
-  if (typeof adapter.waitUntil === 'function') {
+export function waitUntil(promise: Promise<unknown>, adapter?: WaitUntilAdapter): void {
+  // Check ALS bridge first (installed by generated entry points)
+  const alsFn = _getWaitUntil();
+  if (alsFn) {
+    alsFn(promise);
+    return;
+  }
+
+  // Fall back to legacy adapter argument
+  if (adapter && typeof adapter.waitUntil === 'function') {
     adapter.waitUntil(promise);
     return;
   }

package/src/server/request-context.ts

@@ -12,11 +12,7 @@
 
 import { createHmac, timingSafeEqual } from 'node:crypto';
 import type { Routes } from '#/index.js';
-import {
-  requestContextAls,
-  type RequestContextStore,
-  type CookieEntry,
-} from './als-registry.js';
+import { requestContextAls, type RequestContextStore, type CookieEntry } from './als-registry.js';
 
 // Re-export the ALS for framework-internal consumers that need direct access.
 export { requestContextAls };

package/src/server/rsc-entry/index.ts

@@ -21,6 +21,8 @@ import routeManifest from 'virtual:timber-route-manifest';
 import config from 'virtual:timber-config';
 // @ts-expect-error — virtual module provided by timber-build-manifest plugin
 import buildManifest from 'virtual:timber-build-manifest';
+// @ts-expect-error — virtual module provided by timber-entries plugin
+import loadUserInstrumentation from 'virtual:timber-instrumentation';
 
 import type { FormRerender } from '#/server/action-handler.js';
 import { handleActionRequest, isActionRequest } from '#/server/action-handler.js';
@@ -51,6 +53,7 @@ import { createMetadataRouteMatcher, createRouteMatcher } from '#/server/route-m
 import { initDevTracing } from '#/server/tracing.js';
 
 import { renderFallbackError as renderFallback } from '#/server/fallback-error.js';
+import { loadInstrumentation } from '#/server/instrumentation.js';
 import { handleApiRoute } from './api-handler.js';
 import { renderErrorPage, renderNoMatchPage } from './error-renderer.js';
 import {
@@ -86,6 +89,12 @@ export function setDevPipelineErrorHandler(handler: (error: Error, phase: string
  * 103 Early Hints → middleware.ts → render (RSC → SSR → HTML).
  */
 async function createRequestHandler(manifest: typeof routeManifest, runtimeConfig: typeof config) {
+  // Load the user's instrumentation.ts — register() is awaited before the
+  // server accepts any requests. The logger and onRequestError hooks are
+  // wired into the framework. This runs once at startup.
+  // See design/17-logging.md §"register() — Server Startup"
+  await loadInstrumentation(loadUserInstrumentation);
+
   // Initialize cookie signing secrets from config (design/29-cookies.md §"Signed Cookies")
   const cookieSecrets = (runtimeConfig as Record<string, unknown>).cookieSecrets as
     | string[]
@@ -174,6 +183,9 @@ async function createRequestHandler(manifest: typeof routeManifest, runtimeConfi
       return renderNoMatchPage(req, manifest.root, responseHeaders, clientBootstrap);
     },
     interceptionRewrites: manifest.interceptionRewrites,
+    // Slow request threshold from timber.config.ts. Default 3000ms, 0 to disable.
+    // See design/17-logging.md §"slowRequestMs"
+    slowRequestMs: (runtimeConfig as Record<string, unknown>).slowRequestMs as number | undefined,
     enableServerTiming: isDev,
     onPipelineError: isDev
       ? (error: Error, phase: string) => {
@@ -446,4 +458,8 @@ async function renderRoute(
 // the handler with per-request 103 Early Hints sender via ALS.
 export { runWithEarlyHintsSender } from '#/server/early-hints-sender.js';
 
+// Re-export for generated entry points to wrap the handler with per-request
+// waitUntil support via ALS. See design/11-platform.md §"waitUntil()".
+export { runWithWaitUntil } from '#/server/waituntil-bridge.js';
+
 export default await createRequestHandler(routeManifest, config);

package/src/server/rsc-entry/rsc-stream.ts

@@ -46,10 +46,7 @@ export interface RscStreamResult {
  * fires onError during stream consumption. Signals are captured in the
  * returned `signals` object for the caller to handle.
  */
-export function renderRscStream(
-  element: React.ReactElement,
-  req: Request
-): RscStreamResult {
+export function renderRscStream(element: React.ReactElement, req: Request): RscStreamResult {
   const signals: RenderSignals = {
     denySignal: null,
     redirectSignal: null,

package/src/server/rsc-entry/ssr-renderer.ts

@@ -121,9 +121,7 @@ export async function renderSsrResponse(opts: SsrRenderOptions): Promise<Respons
   // promotion if the denial was already handled by a TimberErrorBoundary
   // (e.g., slot error boundary). The boundary sets navContext._denyHandledByBoundary
   // during SSR rendering. See LOCAL-298.
-  function checkCapturedSignals(
-    skipHandledDeny = false
-  ): Response | Promise<Response> | null {
+  function checkCapturedSignals(skipHandledDeny = false): Response | Promise<Response> | null {
     if (signals.redirectSignal) {
       return buildRedirectResponse(req, signals.redirectSignal, responseHeaders);
     }

package/src/server/rsc-prop-warnings.ts

@@ -42,8 +42,7 @@ const DETECTION_RULES: Array<{
     pattern: /RegExp/i,
     info: {
       type: 'RegExp',
-      suggestion:
-        'Use .toString() to serialize, and new RegExp() to reconstruct on the client.',
+      suggestion: 'Use .toString() to serialize, and new RegExp() to reconstruct on the client.',
     },
   },
   {
@@ -58,24 +57,21 @@ const DETECTION_RULES: Array<{
     pattern: /URLSearchParams/,
     info: {
       type: 'URLSearchParams',
-      suggestion:
-        'Pass .toString() to serialize, or spread entries: Object.fromEntries(params).',
+      suggestion: 'Pass .toString() to serialize, or spread entries: Object.fromEntries(params).',
     },
   },
   {
     pattern: /Headers/,
     info: {
       type: 'Headers',
-      suggestion:
-        'Convert to a plain object: Object.fromEntries(headers.entries()).',
+      suggestion: 'Convert to a plain object: Object.fromEntries(headers.entries()).',
     },
   },
   {
     pattern: /Symbol/i,
     info: {
       type: 'Symbol',
-      suggestion:
-        'Symbols cannot be serialized. Use a string identifier instead.',
+      suggestion: 'Symbols cannot be serialized. Use a string identifier instead.',
     },
   },
   {
@@ -91,8 +87,7 @@ const DETECTION_RULES: Array<{
     pattern: /Classes or null prototypes/i,
     info: {
       type: 'class instance',
-      suggestion:
-        'Spread to a plain object: { ...instance } or extract the needed properties.',
+      suggestion: 'Spread to a plain object: { ...instance } or extract the needed properties.',
     },
   },
   {
@@ -116,9 +111,7 @@ const DETECTION_RULES: Array<{
  * Returns type info with an actionable fix, or null if the error
  * is not related to RSC prop serialization.
  */
-export function detectNonSerializableType(
-  errorMessage: string
-): NonSerializableTypeInfo | null {
+export function detectNonSerializableType(errorMessage: string): NonSerializableTypeInfo | null {
   if (!errorMessage) return null;
 
   for (const rule of DETECTION_RULES) {
@@ -171,10 +164,7 @@ export function formatRscPropWarning(
  * @param requestPath - The request pathname for context
  * @returns true if a warning was emitted
  */
-export function checkAndWarnRscPropError(
-  error: unknown,
-  requestPath: string
-): boolean {
+export function checkAndWarnRscPropError(error: unknown, requestPath: string): boolean {
   if (process.env.NODE_ENV === 'production') return false;
   if (!(error instanceof Error)) return false;
 

package/src/server/waituntil-bridge.ts

@@ -0,0 +1,34 @@
+/**
+ * Per-request waitUntil bridge — ALS bridge for platform adapters.
+ *
+ * The generated entry point (Nitro, Cloudflare) wraps the handler with
+ * `runWithWaitUntil`, binding the platform's lifecycle extension function
+ * (e.g., h3's `event.waitUntil()` or CF's `ctx.waitUntil()`) for the
+ * request duration. The `waitUntil()` primitive reads from this ALS to
+ * dispatch background work to the correct platform API.
+ *
+ * Design doc: design/11-platform.md §"waitUntil()"
+ */
+
+import { waitUntilAls } from './als-registry.js';
+
+/**
+ * Run a function with a per-request waitUntil handler installed.
+ *
+ * Called by generated entry points (Nitro node-server/bun, Cloudflare)
+ * to bind the platform's lifecycle extension for the request duration.
+ */
+export function runWithWaitUntil<T>(waitUntilFn: (promise: Promise<unknown>) => void, fn: () => T): T {
+  return waitUntilAls.run(waitUntilFn, fn);
+}
+
+/**
+ * Get the current request's waitUntil function, if available.
+ *
+ * Returns undefined when no platform adapter has installed a waitUntil
+ * handler for the current request (e.g., on platforms that don't support
+ * lifecycle extension, or outside a request context).
+ */
+export function getWaitUntil(): ((promise: Promise<unknown>) => void) | undefined {
+  return waitUntilAls.getStore();
+}

package/dist/_chunks/request-context-C69VW4xS.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"request-context-C69VW4xS.js","names":[],"sources":["../../src/server/request-context.ts"],"sourcesContent":["/**\n * Request Context — per-request ALS store for headers() and cookies().\n *\n * Follows the same pattern as tracing.ts: a module-level AsyncLocalStorage\n * instance, public accessor functions that throw outside request scope,\n * and a framework-internal `runWithRequestContext()` to establish scope.\n *\n * See design/04-authorization.md §\"AccessContext does not include cookies or headers\"\n * and design/11-platform.md §\"AsyncLocalStorage\".\n * See design/29-cookies.md for cookie mutation semantics.\n */\n\nimport { createHmac, timingSafeEqual } from 'node:crypto';\nimport type { Routes } from '#/index.js';\nimport {\n  requestContextAls,\n  type RequestContextStore,\n  type CookieEntry,\n} from './als-registry.js';\n\n// Re-export the ALS for framework-internal consumers that need direct access.\nexport { requestContextAls };\n\n// No fallback needed — we use enterWith() instead of run() to ensure\n// the ALS context persists for the entire request lifecycle including\n// async stream consumption by React's renderToReadableStream.\n\n// ─── Cookie Signing Secrets ──────────────────────────────────────────────\n\n/**\n * Module-level cookie signing secrets. Index 0 is the newest (used for signing).\n * All entries are tried for verification (key rotation support).\n *\n * Set by the framework at startup via `setCookieSecrets()`.\n * See design/29-cookies.md §\"Signed Cookies\"\n */\nlet _cookieSecrets: string[] = [];\n\n/**\n * Configure the cookie signing secrets.\n *\n * Called by the framework during server initialization with values from\n * `cookies.secret` or `cookies.secrets` in timber.config.ts.\n *\n * The first secret (index 0) is used for signing new cookies.\n * All secrets are tried for verification (supports key rotation).\n */\nexport function setCookieSecrets(secrets: string[]): void {\n  _cookieSecrets = secrets.filter(Boolean);\n}\n\n// ─── Public API ───────────────────────────────────────────────────────────\n\n/**\n * Returns a read-only view of the current request's headers.\n *\n * Available in middleware, access checks, server components, and server actions.\n * Throws if called outside a request context (security principle #2: no global fallback).\n */\nexport function headers(): ReadonlyHeaders {\n  const store = requestContextAls.getStore();\n  if (!store) {\n    throw new Error(\n      '[timber] headers() called outside of a request context. ' +\n        'It can only be used in middleware, access checks, server components, and server actions.'\n    );\n  }\n  return store.headers;\n}\n\n/**\n * Returns a cookie accessor for the current request.\n *\n * Available in middleware, access checks, server components, and server actions.\n * Throws if called outside a request context (security principle #2: no global fallback).\n *\n * Read methods (.get, .has, .getAll) are always available and reflect\n * read-your-own-writes from .set() calls in the same request.\n *\n * Mutation methods (.set, .delete, .clear) are only available in mutable\n * contexts (middleware.ts, server actions, route.ts handlers). Calling them\n * in read-only contexts (access.ts, server components) throws.\n *\n * See design/29-cookies.md\n */\nexport function cookies(): RequestCookies {\n  const store = requestContextAls.getStore();\n  if (!store) {\n    throw new Error(\n      '[timber] cookies() called outside of a request context. ' +\n        'It can only be used in middleware, access checks, server components, and server actions.'\n    );\n  }\n\n  // Parse cookies lazily on first access\n  if (!store.parsedCookies) {\n    store.parsedCookies = parseCookieHeader(store.cookieHeader);\n  }\n\n  const map = store.parsedCookies;\n  return {\n    get(name: string): string | undefined {\n      return map.get(name);\n    },\n    has(name: string): boolean {\n      return map.has(name);\n    },\n    getAll(): Array<{ name: string; value: string }> {\n      return Array.from(map.entries()).map(([name, value]) => ({ name, value }));\n    },\n    get size(): number {\n      return map.size;\n    },\n\n    getSigned(name: string): string | undefined {\n      const raw = map.get(name);\n      if (!raw || _cookieSecrets.length === 0) return undefined;\n      return verifySignedCookie(raw, _cookieSecrets);\n    },\n\n    set(name: string, value: string, options?: CookieOptions): void {\n      assertMutable(store, 'set');\n      if (store.flushed) {\n        if (process.env.NODE_ENV !== 'production') {\n          console.warn(\n            `[timber] warn: cookies().set('${name}') called after response headers were committed.\\n` +\n              `  The cookie will NOT be sent. Move cookie mutations to middleware.ts, a server action,\\n` +\n              `  or a route.ts handler.`\n          );\n        }\n        return;\n      }\n      let storedValue = value;\n      if (options?.signed) {\n        if (_cookieSecrets.length === 0) {\n          throw new Error(\n            `[timber] cookies().set('${name}', ..., { signed: true }) requires ` +\n              `cookies.secret or cookies.secrets in timber.config.ts.`\n          );\n        }\n        storedValue = signCookieValue(value, _cookieSecrets[0]);\n      }\n      const opts = { ...DEFAULT_COOKIE_OPTIONS, ...options };\n      store.cookieJar.set(name, { name, value: storedValue, options: opts });\n      // Read-your-own-writes: update the parsed cookies map with the signed value\n      // so getSigned() can verify it in the same request\n      map.set(name, storedValue);\n    },\n\n    delete(name: string, options?: Pick<CookieOptions, 'path' | 'domain'>): void {\n      assertMutable(store, 'delete');\n      if (store.flushed) {\n        if (process.env.NODE_ENV !== 'production') {\n          console.warn(\n            `[timber] warn: cookies().delete('${name}') called after response headers were committed.\\n` +\n              `  The cookie will NOT be deleted. Move cookie mutations to middleware.ts, a server action,\\n` +\n              `  or a route.ts handler.`\n          );\n        }\n        return;\n      }\n      const opts: CookieOptions = {\n        ...DEFAULT_COOKIE_OPTIONS,\n        ...options,\n        maxAge: 0,\n        expires: new Date(0),\n      };\n      store.cookieJar.set(name, { name, value: '', options: opts });\n      // Remove from read view\n      map.delete(name);\n    },\n\n    clear(): void {\n      assertMutable(store, 'clear');\n      if (store.flushed) return;\n      // Delete every incoming cookie\n      for (const name of Array.from(map.keys())) {\n        store.cookieJar.set(name, {\n          name,\n          value: '',\n          options: { ...DEFAULT_COOKIE_OPTIONS, maxAge: 0, expires: new Date(0) },\n        });\n      }\n      map.clear();\n    },\n\n    toString(): string {\n      return Array.from(map.entries())\n        .map(([name, value]) => `${name}=${value}`)\n        .join('; ');\n    },\n  };\n}\n\n/**\n * Returns a Promise resolving to the current request's search params.\n *\n * In `page.tsx`, `middleware.ts`, and `access.ts` the framework pre-parses the\n * route's `search-params.ts` definition and the Promise resolves to the typed\n * object. In all other server component contexts it resolves to raw\n * `URLSearchParams`.\n *\n * Returned as a Promise to match the `params` prop convention and to allow\n * future partial pre-rendering support where param resolution may be deferred.\n *\n * Throws if called outside a request context.\n */\nexport function searchParams<R extends keyof Routes>(): Promise<Routes[R]['searchParams']>;\nexport function searchParams(): Promise<URLSearchParams | Record<string, unknown>>;\nexport function searchParams(): Promise<URLSearchParams | Record<string, unknown>> {\n  const store = requestContextAls.getStore();\n  if (!store) {\n    throw new Error(\n      '[timber] searchParams() called outside of a request context. ' +\n        'It can only be used in middleware, access checks, server components, and server actions.'\n    );\n  }\n  return store.searchParamsPromise;\n}\n\n/**\n * Replace the search params Promise for the current request with one that\n * resolves to the typed parsed result from the route's search-params.ts.\n * Called by the framework before rendering the page — not for app code.\n */\nexport function setParsedSearchParams(parsed: Record<string, unknown>): void {\n  const store = requestContextAls.getStore();\n  if (store) {\n    store.searchParamsPromise = Promise.resolve(parsed);\n  }\n}\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/**\n * Read-only Headers interface. The standard Headers class is mutable;\n * this type narrows it to read-only methods. The underlying object is\n * still a Headers instance, but user code should not mutate it.\n */\nexport type ReadonlyHeaders = Pick<\n  Headers,\n  'get' | 'has' | 'entries' | 'keys' | 'values' | 'forEach' | typeof Symbol.iterator\n>;\n\n/** Options for setting a cookie. See design/29-cookies.md. */\nexport interface CookieOptions {\n  /** Domain scope. Default: omitted (current domain only). */\n  domain?: string;\n  /** URL path scope. Default: '/'. */\n  path?: string;\n  /** Expiration date. Mutually exclusive with maxAge. */\n  expires?: Date;\n  /** Max age in seconds. Mutually exclusive with expires. */\n  maxAge?: number;\n  /** Prevent client-side JS access. Default: true. */\n  httpOnly?: boolean;\n  /** Only send over HTTPS. Default: true. */\n  secure?: boolean;\n  /** Cross-site request policy. Default: 'lax'. */\n  sameSite?: 'strict' | 'lax' | 'none';\n  /** Partitioned (CHIPS) — isolate cookie per top-level site. Default: false. */\n  partitioned?: boolean;\n  /**\n   * Sign the cookie value with HMAC-SHA256 for integrity verification.\n   * Requires `cookies.secret` or `cookies.secrets` in timber.config.ts.\n   * See design/29-cookies.md §\"Signed Cookies\".\n   */\n  signed?: boolean;\n}\n\nconst DEFAULT_COOKIE_OPTIONS: CookieOptions = {\n  path: '/',\n  httpOnly: true,\n  secure: true,\n  sameSite: 'lax',\n};\n\n/**\n * Cookie accessor returned by `cookies()`.\n *\n * Read methods are always available. Mutation methods throw in read-only\n * contexts (access.ts, server components).\n */\nexport interface RequestCookies {\n  /** Get a cookie value by name. Returns undefined if not present. */\n  get(name: string): string | undefined;\n  /** Check if a cookie exists. */\n  has(name: string): boolean;\n  /** Get all cookies as an array of { name, value } pairs. */\n  getAll(): Array<{ name: string; value: string }>;\n  /** Number of cookies. */\n  readonly size: number;\n  /**\n   * Get a signed cookie value, verifying its HMAC-SHA256 signature.\n   * Returns undefined if the cookie is missing, the signature is invalid,\n   * or no secrets are configured. Never throws.\n   *\n   * See design/29-cookies.md §\"Signed Cookies\"\n   */\n  getSigned(name: string): string | undefined;\n  /** Set a cookie. Only available in mutable contexts (middleware, actions, route handlers). */\n  set(name: string, value: string, options?: CookieOptions): void;\n  /** Delete a cookie. Only available in mutable contexts. */\n  delete(name: string, options?: Pick<CookieOptions, 'path' | 'domain'>): void;\n  /** Delete all cookies. Only available in mutable contexts. */\n  clear(): void;\n  /** Serialize cookies as a Cookie header string. */\n  toString(): string;\n}\n\n// ─── Framework-Internal Helpers ───────────────────────────────────────────\n\n/**\n * Run a callback within a request context. Used by the pipeline to establish\n * per-request ALS scope so that `headers()` and `cookies()` work.\n *\n * @param req - The incoming Request object.\n * @param fn - The function to run within the request context.\n */\nexport function runWithRequestContext<T>(req: Request, fn: () => T): T {\n  const originalCopy = new Headers(req.headers);\n  const store: RequestContextStore = {\n    headers: freezeHeaders(req.headers),\n    originalHeaders: originalCopy,\n    cookieHeader: req.headers.get('cookie') ?? '',\n    searchParamsPromise: Promise.resolve(new URL(req.url).searchParams),\n    cookieJar: new Map(),\n    flushed: false,\n    mutableContext: false,\n  };\n  return requestContextAls.run(store, fn);\n}\n\n/**\n * Enable cookie mutation for the current context. Called by the framework\n * when entering middleware.ts, server actions, or route.ts handlers.\n *\n * See design/29-cookies.md §\"Context Tracking\"\n */\nexport function setMutableCookieContext(mutable: boolean): void {\n  const store = requestContextAls.getStore();\n  if (store) {\n    store.mutableContext = mutable;\n  }\n}\n\n/**\n * Mark the response as flushed (headers committed). After this point,\n * cookie mutations log a warning instead of throwing.\n *\n * See design/29-cookies.md §\"Streaming Constraint: Post-Flush Cookie Warning\"\n */\nexport function markResponseFlushed(): void {\n  const store = requestContextAls.getStore();\n  if (store) {\n    store.flushed = true;\n  }\n}\n\n/**\n * Collect all Set-Cookie headers from the cookie jar.\n * Called by the framework at flush time to apply cookies to the response.\n *\n * Returns an array of serialized Set-Cookie header values.\n */\nexport function getSetCookieHeaders(): string[] {\n  const store = requestContextAls.getStore();\n  if (!store) return [];\n  return Array.from(store.cookieJar.values()).map(serializeCookieEntry);\n}\n\n/**\n * Apply middleware-injected request headers to the current request context.\n *\n * Called by the pipeline after middleware.ts runs. Merges overlay headers\n * on top of the original request headers so downstream code (access.ts,\n * server components, server actions) sees them via `headers()`.\n *\n * The original request headers are never mutated — a new frozen Headers\n * object is created with the overlay applied on top.\n *\n * See design/07-routing.md §\"Request Header Injection\"\n */\nexport function applyRequestHeaderOverlay(overlay: Headers): void {\n  const store = requestContextAls.getStore();\n  if (!store) {\n    throw new Error('[timber] applyRequestHeaderOverlay() called outside of a request context.');\n  }\n\n  // Check if the overlay has any headers — skip if empty\n  let hasOverlay = false;\n  overlay.forEach(() => {\n    hasOverlay = true;\n  });\n  if (!hasOverlay) return;\n\n  // Merge: start with original headers, overlay on top\n  const merged = new Headers(store.originalHeaders);\n  overlay.forEach((value, key) => {\n    merged.set(key, value);\n  });\n  store.headers = freezeHeaders(merged);\n}\n\n// ─── Read-Only Headers ────────────────────────────────────────────────────\n\nconst MUTATING_METHODS = new Set(['set', 'append', 'delete']);\n\n/**\n * Wrap a Headers object in a Proxy that throws on mutating methods.\n * Object.freeze doesn't work on Headers (native internal slots), so we\n * intercept property access and reject set/append/delete at runtime.\n *\n * Read methods (get, has, entries, etc.) must be bound to the underlying\n * Headers instance because they access private #headersList slots.\n */\nfunction freezeHeaders(source: Headers): Headers {\n  const copy = new Headers(source);\n  return new Proxy(copy, {\n    get(target, prop) {\n      if (typeof prop === 'string' && MUTATING_METHODS.has(prop)) {\n        return () => {\n          throw new Error(\n            `[timber] headers() returns a read-only Headers object. ` +\n              `Calling .${prop}() is not allowed. ` +\n              `Use ctx.requestHeaders in middleware to inject headers for downstream components.`\n          );\n        };\n      }\n      const value = Reflect.get(target, prop);\n      // Bind methods to the real Headers instance so private slot access works\n      if (typeof value === 'function') {\n        return value.bind(target);\n      }\n      return value;\n    },\n  });\n}\n\n// ─── Cookie Helpers ───────────────────────────────────────────────────────\n\n/** Throw if cookie mutation is attempted in a read-only context. */\nfunction assertMutable(store: RequestContextStore, method: string): void {\n  if (!store.mutableContext) {\n    throw new Error(\n      `[timber] cookies().${method}() cannot be called in this context.\\n` +\n        `  Set cookies in middleware.ts, server actions, or route.ts handlers.`\n    );\n  }\n}\n\n/**\n * Parse a Cookie header string into a Map of name → value pairs.\n * Follows RFC 6265 §4.2.1: cookies are semicolon-separated key=value pairs.\n */\nfunction parseCookieHeader(header: string): Map<string, string> {\n  const map = new Map<string, string>();\n  if (!header) return map;\n\n  for (const pair of header.split(';')) {\n    const eqIndex = pair.indexOf('=');\n    if (eqIndex === -1) continue;\n    const name = pair.slice(0, eqIndex).trim();\n    const value = pair.slice(eqIndex + 1).trim();\n    if (name) {\n      map.set(name, value);\n    }\n  }\n\n  return map;\n}\n\n// ─── Cookie Signing ──────────────────────────────────────────────────────\n\n/**\n * Sign a cookie value with HMAC-SHA256.\n * Returns `value.hex_signature`.\n */\nfunction signCookieValue(value: string, secret: string): string {\n  const signature = createHmac('sha256', secret).update(value).digest('hex');\n  return `${value}.${signature}`;\n}\n\n/**\n * Verify a signed cookie value against an array of secrets.\n * Returns the original value if any secret produces a matching signature,\n * or undefined if none match. Uses timing-safe comparison.\n *\n * The signed format is `value.hex_signature` — split at the last `.`.\n */\nfunction verifySignedCookie(raw: string, secrets: string[]): string | undefined {\n  const lastDot = raw.lastIndexOf('.');\n  if (lastDot <= 0 || lastDot === raw.length - 1) return undefined;\n\n  const value = raw.slice(0, lastDot);\n  const signature = raw.slice(lastDot + 1);\n\n  // Hex-encoded SHA-256 is always 64 chars\n  if (signature.length !== 64) return undefined;\n\n  const signatureBuffer = Buffer.from(signature, 'hex');\n  // If the hex decode produced fewer bytes, the signature was not valid hex\n  if (signatureBuffer.length !== 32) return undefined;\n\n  for (const secret of secrets) {\n    const expected = createHmac('sha256', secret).update(value).digest();\n    if (timingSafeEqual(expected, signatureBuffer)) {\n      return value;\n    }\n  }\n  return undefined;\n}\n\n/** Serialize a CookieEntry into a Set-Cookie header value. */\nfunction serializeCookieEntry(entry: CookieEntry): string {\n  const parts = [`${entry.name}=${entry.value}`];\n  const opts = entry.options;\n\n  if (opts.domain) parts.push(`Domain=${opts.domain}`);\n  if (opts.path) parts.push(`Path=${opts.path}`);\n  if (opts.expires) parts.push(`Expires=${opts.expires.toUTCString()}`);\n  if (opts.maxAge !== undefined) parts.push(`Max-Age=${opts.maxAge}`);\n  if (opts.httpOnly) parts.push('HttpOnly');\n  if (opts.secure) parts.push('Secure');\n  if (opts.sameSite) {\n    parts.push(`SameSite=${opts.sameSite.charAt(0).toUpperCase()}${opts.sameSite.slice(1)}`);\n  }\n  if (opts.partitioned) parts.push('Partitioned');\n\n  return parts.join('; ');\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAoCA,IAAI,iBAA2B,EAAE;;;;;;;;;;AAWjC,SAAgB,iBAAiB,SAAyB;AACxD,kBAAiB,QAAQ,OAAO,QAAQ;;;;;;;;AAW1C,SAAgB,UAA2B;CACzC,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,CAAC,MACH,OAAM,IAAI,MACR,mJAED;AAEH,QAAO,MAAM;;;;;;;;;;;;;;;;;AAkBf,SAAgB,UAA0B;CACxC,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,CAAC,MACH,OAAM,IAAI,MACR,mJAED;AAIH,KAAI,CAAC,MAAM,cACT,OAAM,gBAAgB,kBAAkB,MAAM,aAAa;CAG7D,MAAM,MAAM,MAAM;AAClB,QAAO;EACL,IAAI,MAAkC;AACpC,UAAO,IAAI,IAAI,KAAK;;EAEtB,IAAI,MAAuB;AACzB,UAAO,IAAI,IAAI,KAAK;;EAEtB,SAAiD;AAC/C,UAAO,MAAM,KAAK,IAAI,SAAS,CAAC,CAAC,KAAK,CAAC,MAAM,YAAY;IAAE;IAAM;IAAO,EAAE;;EAE5E,IAAI,OAAe;AACjB,UAAO,IAAI;;EAGb,UAAU,MAAkC;GAC1C,MAAM,MAAM,IAAI,IAAI,KAAK;AACzB,OAAI,CAAC,OAAO,eAAe,WAAW,EAAG,QAAO,KAAA;AAChD,UAAO,mBAAmB,KAAK,eAAe;;EAGhD,IAAI,MAAc,OAAe,SAA+B;AAC9D,iBAAc,OAAO,MAAM;AAC3B,OAAI,MAAM,SAAS;AACjB,QAAA,QAAA,IAAA,aAA6B,aAC3B,SAAQ,KACN,iCAAiC,KAAK,qKAGvC;AAEH;;GAEF,IAAI,cAAc;AAClB,OAAI,SAAS,QAAQ;AACnB,QAAI,eAAe,WAAW,EAC5B,OAAM,IAAI,MACR,2BAA2B,KAAK,2FAEjC;AAEH,kBAAc,gBAAgB,OAAO,eAAe,GAAG;;GAEzD,MAAM,OAAO;IAAE,GAAG;IAAwB,GAAG;IAAS;AACtD,SAAM,UAAU,IAAI,MAAM;IAAE;IAAM,OAAO;IAAa,SAAS;IAAM,CAAC;AAGtE,OAAI,IAAI,MAAM,YAAY;;EAG5B,OAAO,MAAc,SAAwD;AAC3E,iBAAc,OAAO,SAAS;AAC9B,OAAI,MAAM,SAAS;AACjB,QAAA,QAAA,IAAA,aAA6B,aAC3B,SAAQ,KACN,oCAAoC,KAAK,wKAG1C;AAEH;;GAEF,MAAM,OAAsB;IAC1B,GAAG;IACH,GAAG;IACH,QAAQ;IACR,yBAAS,IAAI,KAAK,EAAE;IACrB;AACD,SAAM,UAAU,IAAI,MAAM;IAAE;IAAM,OAAO;IAAI,SAAS;IAAM,CAAC;AAE7D,OAAI,OAAO,KAAK;;EAGlB,QAAc;AACZ,iBAAc,OAAO,QAAQ;AAC7B,OAAI,MAAM,QAAS;AAEnB,QAAK,MAAM,QAAQ,MAAM,KAAK,IAAI,MAAM,CAAC,CACvC,OAAM,UAAU,IAAI,MAAM;IACxB;IACA,OAAO;IACP,SAAS;KAAE,GAAG;KAAwB,QAAQ;KAAG,yBAAS,IAAI,KAAK,EAAE;KAAE;IACxE,CAAC;AAEJ,OAAI,OAAO;;EAGb,WAAmB;AACjB,UAAO,MAAM,KAAK,IAAI,SAAS,CAAC,CAC7B,KAAK,CAAC,MAAM,WAAW,GAAG,KAAK,GAAG,QAAQ,CAC1C,KAAK,KAAK;;EAEhB;;AAkBH,SAAgB,eAAmE;CACjF,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,CAAC,MACH,OAAM,IAAI,MACR,wJAED;AAEH,QAAO,MAAM;;;;;;;AAQf,SAAgB,sBAAsB,QAAuC;CAC3E,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,MACF,OAAM,sBAAsB,QAAQ,QAAQ,OAAO;;AA0CvD,IAAM,yBAAwC;CAC5C,MAAM;CACN,UAAU;CACV,QAAQ;CACR,UAAU;CACX;;;;;;;;AA4CD,SAAgB,sBAAyB,KAAc,IAAgB;CACrE,MAAM,eAAe,IAAI,QAAQ,IAAI,QAAQ;CAC7C,MAAM,QAA6B;EACjC,SAAS,cAAc,IAAI,QAAQ;EACnC,iBAAiB;EACjB,cAAc,IAAI,QAAQ,IAAI,SAAS,IAAI;EAC3C,qBAAqB,QAAQ,QAAQ,IAAI,IAAI,IAAI,IAAI,CAAC,aAAa;EACnE,2BAAW,IAAI,KAAK;EACpB,SAAS;EACT,gBAAgB;EACjB;AACD,QAAO,kBAAkB,IAAI,OAAO,GAAG;;;;;;;;AASzC,SAAgB,wBAAwB,SAAwB;CAC9D,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,MACF,OAAM,iBAAiB;;;;;;;;AAU3B,SAAgB,sBAA4B;CAC1C,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,MACF,OAAM,UAAU;;;;;;;;AAUpB,SAAgB,sBAAgC;CAC9C,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,CAAC,MAAO,QAAO,EAAE;AACrB,QAAO,MAAM,KAAK,MAAM,UAAU,QAAQ,CAAC,CAAC,IAAI,qBAAqB;;;;;;;;;;;;;;AAevE,SAAgB,0BAA0B,SAAwB;CAChE,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,CAAC,MACH,OAAM,IAAI,MAAM,4EAA4E;CAI9F,IAAI,aAAa;AACjB,SAAQ,cAAc;AACpB,eAAa;GACb;AACF,KAAI,CAAC,WAAY;CAGjB,MAAM,SAAS,IAAI,QAAQ,MAAM,gBAAgB;AACjD,SAAQ,SAAS,OAAO,QAAQ;AAC9B,SAAO,IAAI,KAAK,MAAM;GACtB;AACF,OAAM,UAAU,cAAc,OAAO;;AAKvC,IAAM,mBAAmB,IAAI,IAAI;CAAC;CAAO;CAAU;CAAS,CAAC;;;;;;;;;AAU7D,SAAS,cAAc,QAA0B;CAC/C,MAAM,OAAO,IAAI,QAAQ,OAAO;AAChC,QAAO,IAAI,MAAM,MAAM,EACrB,IAAI,QAAQ,MAAM;AAChB,MAAI,OAAO,SAAS,YAAY,iBAAiB,IAAI,KAAK,CACxD,cAAa;AACX,SAAM,IAAI,MACR,mEACc,KAAK,sGAEpB;;EAGL,MAAM,QAAQ,QAAQ,IAAI,QAAQ,KAAK;AAEvC,MAAI,OAAO,UAAU,WACnB,QAAO,MAAM,KAAK,OAAO;AAE3B,SAAO;IAEV,CAAC;;;AAMJ,SAAS,cAAc,OAA4B,QAAsB;AACvE,KAAI,CAAC,MAAM,eACT,OAAM,IAAI,MACR,sBAAsB,OAAO,6GAE9B;;;;;;AAQL,SAAS,kBAAkB,QAAqC;CAC9D,MAAM,sBAAM,IAAI,KAAqB;AACrC,KAAI,CAAC,OAAQ,QAAO;AAEpB,MAAK,MAAM,QAAQ,OAAO,MAAM,IAAI,EAAE;EACpC,MAAM,UAAU,KAAK,QAAQ,IAAI;AACjC,MAAI,YAAY,GAAI;EACpB,MAAM,OAAO,KAAK,MAAM,GAAG,QAAQ,CAAC,MAAM;EAC1C,MAAM,QAAQ,KAAK,MAAM,UAAU,EAAE,CAAC,MAAM;AAC5C,MAAI,KACF,KAAI,IAAI,MAAM,MAAM;;AAIxB,QAAO;;;;;;AAST,SAAS,gBAAgB,OAAe,QAAwB;AAE9D,QAAO,GAAG,MAAM,GADE,WAAW,UAAU,OAAO,CAAC,OAAO,MAAM,CAAC,OAAO,MAAM;;;;;;;;;AAW5E,SAAS,mBAAmB,KAAa,SAAuC;CAC9E,MAAM,UAAU,IAAI,YAAY,IAAI;AACpC,KAAI,WAAW,KAAK,YAAY,IAAI,SAAS,EAAG,QAAO,KAAA;CAEvD,MAAM,QAAQ,IAAI,MAAM,GAAG,QAAQ;CACnC,MAAM,YAAY,IAAI,MAAM,UAAU,EAAE;AAGxC,KAAI,UAAU,WAAW,GAAI,QAAO,KAAA;CAEpC,MAAM,kBAAkB,OAAO,KAAK,WAAW,MAAM;AAErD,KAAI,gBAAgB,WAAW,GAAI,QAAO,KAAA;AAE1C,MAAK,MAAM,UAAU,QAEnB,KAAI,gBADa,WAAW,UAAU,OAAO,CAAC,OAAO,MAAM,CAAC,QAAQ,EACtC,gBAAgB,CAC5C,QAAO;;;AAOb,SAAS,qBAAqB,OAA4B;CACxD,MAAM,QAAQ,CAAC,GAAG,MAAM,KAAK,GAAG,MAAM,QAAQ;CAC9C,MAAM,OAAO,MAAM;AAEnB,KAAI,KAAK,OAAQ,OAAM,KAAK,UAAU,KAAK,SAAS;AACpD,KAAI,KAAK,KAAM,OAAM,KAAK,QAAQ,KAAK,OAAO;AAC9C,KAAI,KAAK,QAAS,OAAM,KAAK,WAAW,KAAK,QAAQ,aAAa,GAAG;AACrE,KAAI,KAAK,WAAW,KAAA,EAAW,OAAM,KAAK,WAAW,KAAK,SAAS;AACnE,KAAI,KAAK,SAAU,OAAM,KAAK,WAAW;AACzC,KAAI,KAAK,OAAQ,OAAM,KAAK,SAAS;AACrC,KAAI,KAAK,SACP,OAAM,KAAK,YAAY,KAAK,SAAS,OAAO,EAAE,CAAC,aAAa,GAAG,KAAK,SAAS,MAAM,EAAE,GAAG;AAE1F,KAAI,KAAK,YAAa,OAAM,KAAK,cAAc;AAE/C,QAAO,MAAM,KAAK,KAAK"}