npm - @timber-js/app - Versions diffs - 0.2.0-alpha.4 → 0.2.0-alpha.40 - Mend

@timber-js/app 0.2.0-alpha.4 → 0.2.0-alpha.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (336) hide show

package/LICENSE +8 -0
package/dist/_chunks/{als-registry-B7DbZ2hS.js → als-registry-Ba7URUIn.js} +1 -1
package/dist/_chunks/als-registry-Ba7URUIn.js.map +1 -0
package/dist/_chunks/chunk-DYhsFzuS.js +33 -0
package/dist/_chunks/debug-ECi_61pb.js +108 -0
package/dist/_chunks/debug-ECi_61pb.js.map +1 -0
package/dist/_chunks/define-cookie-BmKbSyp0.js +93 -0
package/dist/_chunks/define-cookie-BmKbSyp0.js.map +1 -0
package/dist/_chunks/error-boundary-BAN3751q.js +211 -0
package/dist/_chunks/error-boundary-BAN3751q.js.map +1 -0
package/dist/_chunks/{format-CwdaB0_2.js → format-cX7wzEp2.js} +2 -2
package/dist/_chunks/{format-CwdaB0_2.js.map → format-cX7wzEp2.js.map} +1 -1
package/dist/_chunks/{interception-BOoWmLUA.js → interception-D2djYaIm.js} +112 -77
package/dist/_chunks/interception-D2djYaIm.js.map +1 -0
package/dist/_chunks/{metadata-routes-Cjmvi3rQ.js → metadata-routes-BU684ls2.js} +1 -1
package/dist/_chunks/{metadata-routes-Cjmvi3rQ.js.map → metadata-routes-BU684ls2.js.map} +1 -1
package/dist/_chunks/{request-context-CZJi4CuK.js → request-context-BxYIJM24.js} +93 -69
package/dist/_chunks/request-context-BxYIJM24.js.map +1 -0
package/dist/_chunks/segment-context-C6byCyZU.js +69 -0
package/dist/_chunks/segment-context-C6byCyZU.js.map +1 -0
package/dist/_chunks/stale-reload-C0ValzG7.js +47 -0
package/dist/_chunks/stale-reload-C0ValzG7.js.map +1 -0
package/dist/_chunks/{tracing-Cwn7697K.js → tracing-CuXiCP5p.js} +17 -3
package/dist/_chunks/{tracing-Cwn7697K.js.map → tracing-CuXiCP5p.js.map} +1 -1
package/dist/_chunks/{use-query-states-D5KaffOK.js → use-query-states-BvW0TKDn.js} +1 -1
package/dist/_chunks/{use-query-states-D5KaffOK.js.map → use-query-states-BvW0TKDn.js.map} +1 -1
package/dist/_chunks/wrappers-C6J0nNji.js +331 -0
package/dist/_chunks/wrappers-C6J0nNji.js.map +1 -0
package/dist/adapters/compress-module.d.ts.map +1 -1
package/dist/adapters/nitro.d.ts +17 -1
package/dist/adapters/nitro.d.ts.map +1 -1
package/dist/adapters/nitro.js +56 -13
package/dist/adapters/nitro.js.map +1 -1
package/dist/cache/fast-hash.d.ts +22 -0
package/dist/cache/fast-hash.d.ts.map +1 -0
package/dist/cache/index.d.ts +5 -2
package/dist/cache/index.d.ts.map +1 -1
package/dist/cache/index.js +88 -18
package/dist/cache/index.js.map +1 -1
package/dist/cache/register-cached-function.d.ts.map +1 -1
package/dist/cache/singleflight.d.ts +18 -1
package/dist/cache/singleflight.d.ts.map +1 -1
package/dist/cache/timber-cache.d.ts.map +1 -1
package/dist/client/error-boundary.d.ts +10 -1
package/dist/client/error-boundary.d.ts.map +1 -1
package/dist/client/error-boundary.js +1 -125
package/dist/client/index.d.ts +3 -2
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +213 -93
package/dist/client/index.js.map +1 -1
package/dist/client/link.d.ts +22 -8
package/dist/client/link.d.ts.map +1 -1
package/dist/client/navigation-context.d.ts +2 -2
package/dist/client/router.d.ts +25 -3
package/dist/client/router.d.ts.map +1 -1
package/dist/client/rsc-fetch.d.ts +23 -2
package/dist/client/rsc-fetch.d.ts.map +1 -1
package/dist/client/segment-cache.d.ts +1 -1
package/dist/client/segment-cache.d.ts.map +1 -1
package/dist/client/segment-context.d.ts +1 -1
package/dist/client/segment-context.d.ts.map +1 -1
package/dist/client/segment-merger.d.ts.map +1 -1
package/dist/client/stale-reload.d.ts +15 -0
package/dist/client/stale-reload.d.ts.map +1 -1
package/dist/client/top-loader.d.ts +1 -1
package/dist/client/top-loader.d.ts.map +1 -1
package/dist/client/transition-root.d.ts +1 -1
package/dist/client/transition-root.d.ts.map +1 -1
package/dist/client/use-params.d.ts +2 -2
package/dist/client/use-params.d.ts.map +1 -1
package/dist/client/use-query-states.d.ts +1 -1
package/dist/codec.d.ts +21 -0
package/dist/codec.d.ts.map +1 -0
package/dist/cookies/define-cookie.d.ts +33 -12
package/dist/cookies/define-cookie.d.ts.map +1 -1
package/dist/cookies/index.js +1 -83
package/dist/fonts/css.d.ts +1 -0
package/dist/fonts/css.d.ts.map +1 -1
package/dist/fonts/local.d.ts +4 -2
package/dist/fonts/local.d.ts.map +1 -1
package/dist/index.d.ts +112 -35
package/dist/index.d.ts.map +1 -1
package/dist/index.js +635 -233
package/dist/index.js.map +1 -1
package/dist/params/define.d.ts +76 -0
package/dist/params/define.d.ts.map +1 -0
package/dist/params/index.d.ts +8 -0
package/dist/params/index.d.ts.map +1 -0
package/dist/params/index.js +104 -0
package/dist/params/index.js.map +1 -0
package/dist/plugins/adapter-build.d.ts.map +1 -1
package/dist/plugins/build-manifest.d.ts.map +1 -1
package/dist/plugins/client-chunks.d.ts +32 -0
package/dist/plugins/client-chunks.d.ts.map +1 -0
package/dist/plugins/dev-error-overlay.d.ts +26 -1
package/dist/plugins/dev-error-overlay.d.ts.map +1 -1
package/dist/plugins/entries.d.ts +7 -0
package/dist/plugins/entries.d.ts.map +1 -1
package/dist/plugins/fonts.d.ts +9 -1
package/dist/plugins/fonts.d.ts.map +1 -1
package/dist/plugins/mdx.d.ts +6 -0
package/dist/plugins/mdx.d.ts.map +1 -1
package/dist/plugins/routing.d.ts.map +1 -1
package/dist/plugins/server-bundle.d.ts.map +1 -1
package/dist/plugins/static-build.d.ts.map +1 -1
package/dist/routing/codegen.d.ts +2 -2
package/dist/routing/codegen.d.ts.map +1 -1
package/dist/routing/index.js +1 -1
package/dist/routing/scanner.d.ts.map +1 -1
package/dist/routing/status-file-lint.d.ts +2 -1
package/dist/routing/status-file-lint.d.ts.map +1 -1
package/dist/routing/types.d.ts +6 -4
package/dist/routing/types.d.ts.map +1 -1
package/dist/rsc-runtime/rsc.d.ts +1 -1
package/dist/rsc-runtime/rsc.d.ts.map +1 -1
package/dist/rsc-runtime/ssr.d.ts +12 -0
package/dist/rsc-runtime/ssr.d.ts.map +1 -1
package/dist/search-params/codecs.d.ts +1 -1
package/dist/search-params/define.d.ts +153 -0
package/dist/search-params/define.d.ts.map +1 -0
package/dist/search-params/index.d.ts +4 -5
package/dist/search-params/index.d.ts.map +1 -1
package/dist/search-params/index.js +3 -474
package/dist/search-params/registry.d.ts +1 -1
package/dist/search-params/wrappers.d.ts +53 -0
package/dist/search-params/wrappers.d.ts.map +1 -0
package/dist/server/access-gate.d.ts +4 -0
package/dist/server/access-gate.d.ts.map +1 -1
package/dist/server/action-client.d.ts.map +1 -1
package/dist/server/action-encryption.d.ts +76 -0
package/dist/server/action-encryption.d.ts.map +1 -0
package/dist/server/action-handler.d.ts.map +1 -1
package/dist/server/als-registry.d.ts +18 -4
package/dist/server/als-registry.d.ts.map +1 -1
package/dist/server/build-manifest.d.ts +2 -2
package/dist/server/debug.d.ts +46 -15
package/dist/server/debug.d.ts.map +1 -1
package/dist/server/default-logger.d.ts +22 -0
package/dist/server/default-logger.d.ts.map +1 -0
package/dist/server/deny-renderer.d.ts.map +1 -1
package/dist/server/early-hints.d.ts +13 -5
package/dist/server/early-hints.d.ts.map +1 -1
package/dist/server/error-boundary-wrapper.d.ts +4 -0
package/dist/server/error-boundary-wrapper.d.ts.map +1 -1
package/dist/server/flight-injection-state.d.ts +78 -0
package/dist/server/flight-injection-state.d.ts.map +1 -0
package/dist/server/flight-scripts.d.ts +39 -0
package/dist/server/flight-scripts.d.ts.map +1 -0
package/dist/server/flush.d.ts.map +1 -1
package/dist/server/form-data.d.ts +29 -0
package/dist/server/form-data.d.ts.map +1 -1
package/dist/server/html-injectors.d.ts +5 -11
package/dist/server/html-injectors.d.ts.map +1 -1
package/dist/server/index.d.ts +4 -2
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +1975 -1649
package/dist/server/index.js.map +1 -1
package/dist/server/logger.d.ts +24 -7
package/dist/server/logger.d.ts.map +1 -1
package/dist/server/node-stream-transforms.d.ts +77 -0
package/dist/server/node-stream-transforms.d.ts.map +1 -0
package/dist/server/pipeline.d.ts +7 -4
package/dist/server/pipeline.d.ts.map +1 -1
package/dist/server/primitives.d.ts +30 -3
package/dist/server/primitives.d.ts.map +1 -1
package/dist/server/render-timeout.d.ts +51 -0
package/dist/server/render-timeout.d.ts.map +1 -0
package/dist/server/request-context.d.ts +65 -38
package/dist/server/request-context.d.ts.map +1 -1
package/dist/server/route-element-builder.d.ts +7 -0
package/dist/server/route-element-builder.d.ts.map +1 -1
package/dist/server/route-handler.d.ts.map +1 -1
package/dist/server/route-matcher.d.ts +2 -2
package/dist/server/route-matcher.d.ts.map +1 -1
package/dist/server/rsc-entry/error-renderer.d.ts.map +1 -1
package/dist/server/rsc-entry/helpers.d.ts +46 -3
package/dist/server/rsc-entry/helpers.d.ts.map +1 -1
package/dist/server/rsc-entry/index.d.ts +6 -1
package/dist/server/rsc-entry/index.d.ts.map +1 -1
package/dist/server/rsc-entry/rsc-payload.d.ts.map +1 -1
package/dist/server/rsc-entry/rsc-stream.d.ts +9 -0
package/dist/server/rsc-entry/rsc-stream.d.ts.map +1 -1
package/dist/server/rsc-entry/ssr-renderer.d.ts.map +1 -1
package/dist/server/slot-resolver.d.ts +1 -1
package/dist/server/slot-resolver.d.ts.map +1 -1
package/dist/server/ssr-entry.d.ts +22 -0
package/dist/server/ssr-entry.d.ts.map +1 -1
package/dist/server/ssr-render.d.ts +39 -21
package/dist/server/ssr-render.d.ts.map +1 -1
package/dist/server/tracing.d.ts +10 -0
package/dist/server/tracing.d.ts.map +1 -1
package/dist/server/tree-builder.d.ts +19 -12
package/dist/server/tree-builder.d.ts.map +1 -1
package/dist/server/types.d.ts +1 -3
package/dist/server/types.d.ts.map +1 -1
package/dist/server/version-skew.d.ts +61 -0
package/dist/server/version-skew.d.ts.map +1 -0
package/dist/server/waituntil-bridge.d.ts.map +1 -1
package/dist/shared/merge-search-params.d.ts +22 -0
package/dist/shared/merge-search-params.d.ts.map +1 -0
package/dist/shims/navigation-client.d.ts +1 -1
package/dist/shims/navigation-client.d.ts.map +1 -1
package/dist/shims/navigation.d.ts +1 -1
package/dist/shims/navigation.d.ts.map +1 -1
package/dist/utils/state-machine.d.ts +80 -0
package/dist/utils/state-machine.d.ts.map +1 -0
package/package.json +17 -14
package/src/adapters/compress-module.ts +24 -4
package/src/adapters/nitro.ts +58 -9
package/src/cache/fast-hash.ts +34 -0
package/src/cache/index.ts +5 -2
package/src/cache/register-cached-function.ts +7 -3
package/src/cache/singleflight.ts +62 -4
package/src/cache/timber-cache.ts +34 -26
package/src/cli.ts +0 -0
package/src/client/browser-entry.ts +94 -90
package/src/client/error-boundary.tsx +18 -1
package/src/client/index.ts +10 -1
package/src/client/link.tsx +78 -19
package/src/client/navigation-context.ts +2 -2
package/src/client/router.ts +105 -60
package/src/client/rsc-fetch.ts +63 -2
package/src/client/segment-cache.ts +1 -1
package/src/client/segment-context.ts +6 -1
package/src/client/segment-merger.ts +2 -8
package/src/client/stale-reload.ts +32 -6
package/src/client/top-loader.tsx +10 -9
package/src/client/transition-root.tsx +7 -1
package/src/client/use-params.ts +3 -3
package/src/client/use-query-states.ts +1 -1
package/src/codec.ts +21 -0
package/src/cookies/define-cookie.ts +69 -18
package/src/fonts/css.ts +2 -1
package/src/fonts/local.ts +7 -3
package/src/index.ts +280 -85
package/src/params/define.ts +260 -0
package/src/params/index.ts +28 -0
package/src/plugins/adapter-build.ts +6 -0
package/src/plugins/build-manifest.ts +11 -0
package/src/plugins/client-chunks.ts +65 -0
package/src/plugins/dev-error-overlay.ts +70 -1
package/src/plugins/dev-server.ts +38 -4
package/src/plugins/entries.ts +12 -11
package/src/plugins/fonts.ts +171 -19
package/src/plugins/mdx.ts +9 -5
package/src/plugins/routing.ts +40 -14
package/src/plugins/server-bundle.ts +32 -1
package/src/plugins/shims.ts +1 -1
package/src/plugins/static-build.ts +8 -4
package/src/routing/codegen.ts +109 -88
package/src/routing/scanner.ts +55 -6
package/src/routing/status-file-lint.ts +2 -1
package/src/routing/types.ts +7 -4
package/src/rsc-runtime/rsc.ts +2 -0
package/src/rsc-runtime/ssr.ts +50 -0
package/src/rsc-runtime/vendor-types.d.ts +7 -0
package/src/search-params/codecs.ts +1 -1
package/src/search-params/define.ts +504 -0
package/src/search-params/index.ts +12 -18
package/src/search-params/registry.ts +1 -1
package/src/search-params/wrappers.ts +85 -0
package/src/server/access-gate.tsx +40 -9
package/src/server/action-client.ts +14 -5
package/src/server/action-encryption.ts +144 -0
package/src/server/action-handler.ts +19 -2
package/src/server/als-registry.ts +18 -4
package/src/server/build-manifest.ts +4 -4
package/src/server/compress.ts +25 -7
package/src/server/debug.ts +55 -17
package/src/server/default-logger.ts +98 -0
package/src/server/deny-renderer.ts +2 -1
package/src/server/early-hints.ts +36 -15
package/src/server/error-boundary-wrapper.ts +57 -14
package/src/server/flight-injection-state.ts +152 -0
package/src/server/flight-scripts.ts +59 -0
package/src/server/flush.ts +2 -1
package/src/server/form-data.ts +76 -0
package/src/server/html-injectors.ts +103 -66
package/src/server/index.ts +9 -4
package/src/server/logger.ts +38 -35
package/src/server/node-stream-transforms.ts +381 -0
package/src/server/pipeline.ts +131 -39
package/src/server/primitives.ts +47 -5
package/src/server/render-timeout.ts +108 -0
package/src/server/request-context.ts +112 -119
package/src/server/route-element-builder.ts +106 -114
package/src/server/route-handler.ts +2 -1
package/src/server/route-matcher.ts +2 -2
package/src/server/rsc-entry/error-renderer.ts +5 -3
package/src/server/rsc-entry/helpers.ts +122 -3
package/src/server/rsc-entry/index.ts +125 -49
package/src/server/rsc-entry/rsc-payload.ts +52 -12
package/src/server/rsc-entry/rsc-stream.ts +33 -8
package/src/server/rsc-entry/ssr-renderer.ts +40 -13
package/src/server/slot-resolver.ts +199 -210
package/src/server/ssr-entry.ts +169 -17
package/src/server/ssr-render.ts +266 -67
package/src/server/tracing.ts +23 -0
package/src/server/tree-builder.ts +91 -57
package/src/server/types.ts +1 -3
package/src/server/version-skew.ts +104 -0
package/src/server/waituntil-bridge.ts +4 -1
package/src/shared/merge-search-params.ts +48 -0
package/src/shims/navigation-client.ts +1 -1
package/src/shims/navigation.ts +1 -1
package/src/utils/state-machine.ts +111 -0
package/dist/_chunks/als-registry-B7DbZ2hS.js.map +0 -1
package/dist/_chunks/debug-B4WUeqJ-.js +0 -75
package/dist/_chunks/debug-B4WUeqJ-.js.map +0 -1
package/dist/_chunks/interception-BOoWmLUA.js.map +0 -1
package/dist/_chunks/request-context-CZJi4CuK.js.map +0 -1
package/dist/_chunks/ssr-data-MjmprTmO.js +0 -88
package/dist/_chunks/ssr-data-MjmprTmO.js.map +0 -1
package/dist/_chunks/use-cookie-DX-l1_5E.js +0 -91
package/dist/_chunks/use-cookie-DX-l1_5E.js.map +0 -1
package/dist/client/error-boundary.js.map +0 -1
package/dist/cookies/index.js.map +0 -1
package/dist/plugins/dynamic-transform.d.ts +0 -72
package/dist/plugins/dynamic-transform.d.ts.map +0 -1
package/dist/search-params/analyze.d.ts +0 -54
package/dist/search-params/analyze.d.ts.map +0 -1
package/dist/search-params/builtin-codecs.d.ts +0 -105
package/dist/search-params/builtin-codecs.d.ts.map +0 -1
package/dist/search-params/create.d.ts +0 -106
package/dist/search-params/create.d.ts.map +0 -1
package/dist/search-params/index.js.map +0 -1
package/dist/server/prerender.d.ts +0 -77
package/dist/server/prerender.d.ts.map +0 -1
package/dist/server/response-cache.d.ts +0 -53
package/dist/server/response-cache.d.ts.map +0 -1
package/src/plugins/dynamic-transform.ts +0 -161
package/src/search-params/analyze.ts +0 -192
package/src/search-params/builtin-codecs.ts +0 -228
package/src/search-params/create.ts +0 -321
package/src/server/prerender.ts +0 -139
package/src/server/response-cache.ts +0 -277

package/src/server/node-stream-transforms.ts ADDED Viewed

@@ -0,0 +1,381 @@
+/**
+ * Node.js native stream transforms for SSR HTML post-processing.
+ *
+ * These are Node.js Transform stream equivalents of the Web Stream
+ * transforms in html-injectors.ts. Used on Node.js/Bun where native
+ * streams (C++ backed) are faster than Web Streams (JS reimplementation).
+ *
+ * The transforms are pure string operations on HTML chunks — the same
+ * logic as the Web Stream versions, just wrapped in Node.js Transform
+ * instead of Web TransformStream.
+ *
+ * Architecture:
+ *   renderToPipeableStream → pipe(errorHandler) → pipe(headInjector)
+ *     → pipe(flightInjector) → Readable.toWeb() → Response
+ *
+ * All chunks stay in C++ Node.js stream buffers until the final
+ * Readable.toWeb() conversion for the Response body.
+ */
+import { Transform } from 'node:stream';
+import { createGzip, constants } from 'node:zlib';
+import { createMachine } from '../utils/state-machine.js';
+import { flightChunkScript } from './flight-scripts.js';
+import {
+  flightInjectionTransitions,
+  isSuffixStripped,
+  isHtmlDone,
+  isPullDone,
+  type FlightInjectionState,
+  type FlightInjectionEvent,
+} from './flight-injection-state.js';
+import { withTimeout, RenderTimeoutError } from './render-timeout.js';
+import { logStreamingError } from './logger.js';
+// ─── Head Injection ──────────────────────────────────────────────────────────
+/**
+ * Node.js Transform that injects HTML content before </head>.
+ *
+ * Equivalent to injectHead() in html-injectors.ts. Streams chunks
+ * through immediately, keeping only a small trailing buffer to handle
+ * </head> split across chunk boundaries.
+ */
+export function createNodeHeadInjector(headHtml: string): Transform {
+  if (!headHtml) {
+    return new Transform({
+      transform(chunk, _enc, cb) {
+        cb(null, chunk);
+      },
+    });
+  }
+  const target = '</head>';
+  const tailLen = target.length - 1;
+  let injected = false;
+  let tail = '';
+  return new Transform({
+    transform(chunk: Buffer, _encoding, callback) {
+      if (injected) {
+        callback(null, chunk);
+        return;
+      }
+      const text = tail + chunk.toString('utf-8');
+      const tagIndex = text.indexOf(target);
+      if (tagIndex !== -1) {
+        const before = text.slice(0, tagIndex);
+        const after = text.slice(tagIndex);
+        this.push(Buffer.from(before + headHtml + after, 'utf-8'));
+        injected = true;
+        tail = '';
+        callback();
+      } else {
+        const safeEnd = Math.max(0, text.length - tailLen);
+        if (safeEnd > 0) {
+          this.push(Buffer.from(text.slice(0, safeEnd), 'utf-8'));
+        }
+        tail = text.slice(safeEnd);
+        callback();
+      }
+    },
+    flush(callback) {
+      if (!injected && tail) {
+        this.push(Buffer.from(tail, 'utf-8'));
+      }
+      callback();
+    },
+  });
+}
+// ─── RSC Flight Injection ────────────────────────────────────────────────────
+/**
+ * Node.js Transform that merges RSC script tags into the HTML stream.
+ *
+ * Equivalent to injectRscPayload() in html-injectors.ts. Combines
+ * createInlinedRscStream + createFlightInjectionTransform into a single
+ * Node.js Transform.
+ *
+ * 1. Strips `</body></html>` from the shell so all subsequent content
+ *    is at `<body>` level.
+ * 2. Reads RSC chunks from the provided ReadableStream and injects them
+ *    as `<script>` tags after HTML chunks.
+ * 3. Re-emits `</body></html>` at the very end.
+ *
+ * The RSC stream is a Web ReadableStream (from the tee'd RSC Flight
+ * stream). We read from it using the Web API — this is the one bridge
+ * point between Web Streams and Node.js streams in the pipeline.
+ */
+/**
+ * Options for the Node.js flight injector.
+ */
+export interface NodeFlightInjectorOptions {
+  /**
+   * Timeout in milliseconds for individual RSC stream reads.
+   * If a single `rscReader.read()` call does not resolve within
+   * this duration, the read is aborted and the stream errors with
+   * a RenderTimeoutError. Default: 30000 (30s).
+   */
+  renderTimeoutMs?: number;
+}
+export function createNodeFlightInjector(
+  rscStream: ReadableStream<Uint8Array> | undefined,
+  options?: NodeFlightInjectorOptions
+): Transform {
+  if (!rscStream) {
+    return new Transform({
+      transform(chunk, _enc, cb) {
+        cb(null, chunk);
+      },
+    });
+  }
+  const timeoutMs = options?.renderTimeoutMs ?? 30_000;
+  const suffix = '</body></html>';
+  const suffixBuf = Buffer.from(suffix, 'utf-8');
+  const rscReader = rscStream.getReader();
+  const decoder = new TextDecoder('utf-8', { fatal: true });
+  const machine = createMachine<FlightInjectionState, FlightInjectionEvent>({
+    initial: { phase: 'init' },
+    transitions: flightInjectionTransitions,
+  });
+  // Stored promise from pullLoop — awaited in flush() via .then()
+  // instead of polling. Matches the Web Streams pattern in
+  // html-injectors.ts (pullPromise.then(finish)).
+  let pullPromise: Promise<void> | null = null;
+  // pullLoop reads RSC chunks and pushes them directly to the transform
+  // output as <script> tags. This ensures RSC data is delivered to the
+  // browser as soon as it's available — not deferred until the next HTML
+  // chunk. Critical for streaming: the shell RSC payload must arrive
+  // with the shell HTML so hydration can start before Suspense resolves.
+  async function pullLoop(stream: Transform): Promise<void> {
+    // Yield once so the first transform() call can emit the bootstrap
+    // signal before we start pushing data chunks.
+    await new Promise<void>((r) => setImmediate(r));
+    try {
+      for (;;) {
+        // Guard each RSC read with a timeout so a permanently hung
+        // RSC stream (e.g. a Suspense component with a fetch that
+        // never resolves) eventually aborts instead of blocking
+        // forever. When timeoutMs <= 0, the guard is disabled.
+        // See design/02-rendering-pipeline.md §"Streaming Constraints".
+        const readPromise = rscReader.read();
+        const { done, value } =
+          timeoutMs > 0
+            ? await withTimeout(readPromise, timeoutMs, 'RSC stream read timed out')
+            : await readPromise;
+        if (done) {
+          machine.send({ type: 'PULL_DONE' });
+          return;
+        }
+        const decoded = decoder.decode(value, { stream: true });
+        const scriptBuf = Buffer.from(flightChunkScript(decoded), 'utf-8');
+        // Push directly to the transform output — don't wait for an
+        // HTML chunk to trigger drainPending.
+        stream.push(scriptBuf);
+        // Yield between reads so HTML chunks get a chance to flow
+        // through transform() first — but only while HTML is still
+        // streaming. Once flush() fires (all HTML emitted), drain
+        // remaining RSC chunks without yielding.
+        if (!isHtmlDone(machine.state)) {
+          await new Promise<void>((r) => setImmediate(r));
+        }
+      }
+    } catch (err) {
+      // On timeout, cancel the RSC reader to release resources.
+      if (err instanceof RenderTimeoutError) {
+        rscReader.cancel(err).catch(() => {});
+      }
+      machine.send({ type: 'PULL_ERROR', error: err });
+    }
+  }
+  // No bootstrap script here — the init script is in <head> via
+  // flightInitScript() (see flight-scripts.ts). This ensures __timber_f
+  // exists before any chunk scripts execute.
+  const transform = new Transform({
+    transform(chunk: Buffer, _encoding, callback) {
+      const isFirst = machine.state.phase === 'init';
+      if (isFirst) {
+        machine.send({ type: 'FIRST_CHUNK' });
+      }
+      if (isSuffixStripped(machine.state)) {
+        transform.push(chunk);
+        callback();
+        return;
+      }
+      const text = chunk.toString('utf-8');
+      const idx = text.indexOf(suffix);
+      if (idx !== -1) {
+        machine.send({ type: 'SUFFIX_FOUND' });
+        const before = text.slice(0, idx);
+        const after = text.slice(idx + suffix.length);
+        if (before) transform.push(Buffer.from(before, 'utf-8'));
+        if (after) transform.push(Buffer.from(after, 'utf-8'));
+      } else {
+        transform.push(chunk);
+      }
+      // Start the pull loop on the first HTML chunk to stream RSC
+      // data chunks alongside the HTML. The __timber_f init script is
+      // already in <head> (via flightInitScript), so no bootstrap needed.
+      // Store the promise so flush() can await it instead of polling.
+      if (isFirst) {
+        pullPromise = pullLoop(transform);
+      }
+      callback();
+    },
+    flush(callback) {
+      // All HTML chunks have been emitted. Transition to flushing —
+      // the pull loop will stop yielding between RSC reads since
+      // isHtmlDone() now returns true.
+      machine.send({ type: 'HTML_DONE' });
+      const finish = () => {
+        if (machine.state.phase === 'error') {
+          const err = machine.state.error;
+          transform.destroy(err instanceof Error ? err : new Error(String(err)));
+          return;
+        }
+        const hadSuffix =
+          (machine.state.phase === 'done' && machine.state.hadSuffix) ||
+          (machine.state.phase === 'flushing' && machine.state.hadSuffix);
+        if (hadSuffix) {
+          transform.push(suffixBuf);
+        }
+        callback();
+      };
+      if (isPullDone(machine.state)) {
+        finish();
+        return;
+      }
+      // Wait for the RSC pull loop promise to resolve instead of
+      // polling with setImmediate. This matches the Web Streams
+      // pattern in html-injectors.ts: `pullPromise.then(finish)`.
+      // No CPU spin, no busy-poll — just a Promise chain.
+      if (!pullPromise) {
+        pullPromise = pullLoop(transform);
+      }
+      pullPromise.then(finish, (err) => {
+        machine.send({ type: 'PULL_ERROR', error: err });
+        finish();
+      });
+    },
+  });
+  return transform;
+}
+// ─── Error Handling ──────────────────────────────────────────────────────────
+const NOINDEX_SCRIPT =
+  '<script>document.head.appendChild(Object.assign(document.createElement("meta"),{name:"robots",content:"noindex"}))</script>';
+/**
+ * Node.js Transform that catches post-shell streaming errors.
+ *
+ * Equivalent to wrapStreamWithErrorHandling() in ssr-render.ts.
+ * Catches errors from React's streaming phase (deny/throw inside Suspense
+ * after the shell has flushed) and closes the stream cleanly.
+ */
+export function createNodeErrorHandler(signal?: AbortSignal): Transform {
+  const transform = new Transform({
+    transform(chunk, _encoding, callback) {
+      callback(null, chunk);
+    },
+  });
+  transform.on('error', (error) => {
+    const isAbort =
+      (error instanceof DOMException && error.name === 'AbortError') ||
+      (error instanceof Error && error.name === 'AbortError') ||
+      signal?.aborted;
+    if (isAbort) {
+      transform.end();
+      return;
+    }
+    logStreamingError({ error });
+    transform.push(Buffer.from(NOINDEX_SCRIPT, 'utf-8'));
+    transform.end();
+  });
+  return transform;
+}
+// ─── Compression ─────────────────────────────────────────────────────────────
+const COMPRESSIBLE_TYPES = new Set([
+  'text/html',
+  'text/css',
+  'text/plain',
+  'text/xml',
+  'text/javascript',
+  'text/x-component',
+  'application/json',
+  'application/javascript',
+  'application/xml',
+  'application/xhtml+xml',
+  'application/rss+xml',
+  'application/atom+xml',
+  'image/svg+xml',
+]);
+/**
+ * Create a Node.js gzip Transform using native node:zlib.
+ *
+ * Uses `createGzip()` which is backed by C++ zlib — significantly faster
+ * than the Web Streams `CompressionStream` API (which is a JS wrapper
+ * around the same zlib but with per-chunk Promise overhead).
+ *
+ * Returns null if the response shouldn't be compressed (wrong content type,
+ * client doesn't accept gzip, already encoded, etc.).
+ */
+export function createNodeGzipCompressor(
+  requestHeaders: Headers,
+  responseHeaders: Headers
+): Transform | null {
+  // Check Accept-Encoding
+  const acceptEncoding = requestHeaders.get('accept-encoding') || '';
+  if (!acceptEncoding.includes('gzip')) return null;
+  // Check content type is compressible
+  const contentType = responseHeaders.get('content-type') || '';
+  const mimeType = contentType.split(';')[0].trim().toLowerCase();
+  if (!COMPRESSIBLE_TYPES.has(mimeType)) return null;
+  // Don't double-compress
+  if (responseHeaders.has('content-encoding')) return null;
+  // Set response headers for gzip
+  responseHeaders.set('content-encoding', 'gzip');
+  responseHeaders.delete('content-length');
+  const existingVary = responseHeaders.get('vary');
+  if (existingVary) {
+    if (!existingVary.toLowerCase().includes('accept-encoding')) {
+      responseHeaders.set('vary', existingVary + ', Accept-Encoding');
+    }
+  } else {
+    responseHeaders.set('vary', 'Accept-Encoding');
+  }
+  // Z_SYNC_FLUSH ensures each chunk is flushed to the output immediately.
+  // Without it, gzip buffers internally and the browser doesn't receive
+  // the HTML shell until the gzip stream closes — breaking streaming.
+  // ~2–5% size overhead vs Z_NO_FLUSH but preserves correct streaming.
+  return createGzip({ flush: constants.Z_SYNC_FLUSH });
+}

package/src/server/pipeline.ts CHANGED Viewed

@@ -21,6 +21,7 @@ import {
   setMutableCookieContext,
   getSetCookieHeaders,
   markResponseFlushed,
+  setSegmentParams,
 } from './request-context.js';
 import {
   generateTraceId,
@@ -42,6 +43,8 @@ import {
 } from './logger.js';
 import { callOnRequestError } from './instrumentation.js';
 import { RedirectSignal, DenySignal } from './primitives.js';
+import { ParamCoercionError } from './route-element-builder.js';
+import { checkVersionSkew, applyReloadHeaders } from './version-skew.js';
 import { serveStaticMetadataFile, serializeSitemap } from './pipeline-metadata.js';
 import { findInterceptionMatch } from './pipeline-interception.js';
 import type { MiddlewareContext } from './types.js';
@@ -117,12 +120,15 @@ export interface PipelineConfig {
    */
   interceptionRewrites?: import('#/routing/interception.js').InterceptionRewrite[];
   /**
-   * Emit Server-Timing header on responses for Chrome DevTools visibility.
-   * Only enable in dev mode — exposes internal timing data.
+   * Control Server-Timing header output.
    *
-   * Default: false (production-safe).
+   * - `'detailed'` — per-phase breakdown (proxy, middleware, render).
+   * - `'total'` — single `total;dur=N` entry (production-safe).
+   * - `false` — no Server-Timing header at all.
+   *
+   * Default: `'total'`.
    */
-  enableServerTiming?: boolean;
+  serverTiming?: 'detailed' | 'total' | false;
   /**
    * Dev pipeline error callback — called when a pipeline phase (proxy,
    * middleware, render) catches an unhandled error. Used to wire the error
@@ -149,6 +155,42 @@ export interface PipelineConfig {
   ) => Response | Promise<Response>;
 }
+// ─── Param Coercion ────────────────────────────────────────────────────────
+/**
+ * Run segment param coercion on the matched route's segments.
+ *
+ * Loads params.ts modules from segments that have them, extracts the
+ * segmentParams definition, and coerces raw string params through codecs.
+ * Throws ParamCoercionError if any codec fails (→ 404).
+ *
+ * This runs BEFORE middleware, so ctx.segmentParams is already typed.
+ * See design/07-routing.md §"Where Coercion Runs"
+ */
+async function coerceSegmentParams(match: RouteMatch): Promise<void> {
+  const segments = match.segments as unknown as import('./route-matcher.js').ManifestSegmentNode[];
+  for (const segment of segments) {
+    // Only process segments that have a params.ts convention file
+    if (!segment.params) continue;
+    const mod = (await segment.params.load()) as Record<string, unknown>;
+    const segmentParamsDef = mod.segmentParams as
+      | { parse(raw: Record<string, string | string[]>): Record<string, unknown> }
+      | undefined;
+    if (!segmentParamsDef || typeof segmentParamsDef.parse !== 'function') continue;
+    try {
+      const coerced = segmentParamsDef.parse(match.params);
+      // Merge coerced values back into match.params
+      Object.assign(match.params, coerced);
+    } catch (err) {
+      throw new ParamCoercionError(err instanceof Error ? err.message : String(err));
+    }
+  }
+}
 // ─── Pipeline ──────────────────────────────────────────────────────────────
 /**
@@ -165,7 +207,7 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
     earlyHints,
     stripTrailingSlash = true,
     slowRequestMs = 3000,
-    enableServerTiming = false,
+    serverTiming = 'total',
     onPipelineError,
   } = config;
@@ -216,25 +258,25 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
               // DevSpanProcessor reads this for tree/summary output.
               await setSpanAttribute('http.response.status_code', result.status);
-              // Append Server-Timing header.
-              // In dev mode: detailed per-phase breakdown (proxy, middleware, render).
-              // In production: single total duration — safe to expose, no phase names.
+              // Append Server-Timing header based on configured mode.
               // Response.redirect() creates immutable headers, so we must
               // ensure mutability before writing Server-Timing.
-              if (enableServerTiming) {
-                const serverTiming = getServerTimingHeader();
-                if (serverTiming) {
+              if (serverTiming === 'detailed') {
+                // Detailed: per-phase breakdown (proxy, middleware, render).
+                const timingHeader = getServerTimingHeader();
+                if (timingHeader) {
                   result = ensureMutableResponse(result);
-                  result.headers.set('Server-Timing', serverTiming);
+                  result.headers.set('Server-Timing', timingHeader);
                 }
-              } else {
-                // Production: emit total request duration only.
-                // No phase breakdown — prevents information disclosure
-                // while giving browser DevTools useful timing data.
+              } else if (serverTiming === 'total') {
+                // Total only: single `total;dur=N` — no phase names.
+                // Prevents information disclosure while giving browser
+                // DevTools useful timing data.
                 const totalMs = Math.round(performance.now() - startTime);
                 result = ensureMutableResponse(result);
                 result.headers.set('Server-Timing', `total;dur=${totalMs}`);
               }
+              // serverTiming === false: no header at all
               return result;
             }
@@ -254,7 +296,7 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
           return response;
         };
-        return enableServerTiming ? runWithTimingCollector(runRequest) : runRequest();
+        return serverTiming === 'detailed' ? runWithTimingCollector(runRequest) : runRequest();
       });
     });
   };
@@ -272,7 +314,7 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
       }
       const proxyFn = () => runProxy(proxyExport, req, () => handleRequest(req, method, path));
       return await withSpan('timber.proxy', {}, () =>
-        enableServerTiming ? withTiming('proxy', 'proxy.ts', proxyFn) : proxyFn()
+        serverTiming === 'detailed' ? withTiming('proxy', 'proxy.ts', proxyFn) : proxyFn()
       );
     } catch (error) {
       // Uncaught proxy.ts error → bare HTTP 500
@@ -283,6 +325,24 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
     }
   }
+  /**
+   * Build a redirect Response from a RedirectSignal.
+   *
+   * For RSC payload requests (client navigation), returns 204 + X-Timber-Redirect
+   * so the client router can perform a soft SPA redirect. A raw 302 would be
+   * turned into an opaque redirect by fetch({redirect:'manual'}), crashing
+   * createFromFetch. See design/19-client-navigation.md.
+   */
+  function buildRedirectResponse(signal: RedirectSignal, req: Request, headers: Headers): Response {
+    const isRsc = (req.headers.get('Accept') ?? '').includes('text/x-component');
+    if (isRsc) {
+      headers.set('X-Timber-Redirect', signal.location);
+      return new Response(null, { status: 204, headers });
+    }
+    headers.set('Location', signal.location);
+    return new Response(null, { status: signal.status, headers });
+  }
   async function handleRequest(req: Request, method: string, path: string): Promise<Response> {
     // Stage 1: URL canonicalization
     const url = new URL(req.url);
@@ -339,6 +399,21 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
       }
     }
+    // Stage 1c: Version skew detection (TIM-446).
+    // For RSC payload requests (client navigation), check if the client's
+    // deployment ID matches the current build. On mismatch, signal the
+    // client to do a full page reload instead of returning an RSC payload
+    // that references mismatched module IDs.
+    const isRscRequest = (req.headers.get('Accept') ?? '').includes('text/x-component');
+    if (isRscRequest) {
+      const skewCheck = checkVersionSkew(req);
+      if (!skewCheck.ok) {
+        const reloadHeaders = new Headers();
+        applyReloadHeaders(reloadHeaders);
+        return new Response(null, { status: 204, headers: reloadHeaders });
+      }
+    }
     // Stage 2: Route matching
     let match = matchRoute(canonicalPathname);
     let interception: InterceptionContext | undefined;
@@ -397,18 +472,42 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
       }
     }
+    // Stage 2c: Param coercion (before middleware)
+    // Load params.ts modules from matched segments and coerce raw string
+    // params through defineSegmentParams codecs. Coercion failure → 404
+    // (middleware never runs). See design/07-routing.md §"Where Coercion Runs"
+    try {
+      await coerceSegmentParams(match);
+    } catch (error) {
+      if (error instanceof ParamCoercionError) {
+        return new Response(null, { status: 404 });
+      }
+      throw error;
+    }
+    // Store coerced segment params in ALS so components can access them
+    // via rawSegmentParams() instead of receiving them as a prop.
+    // See design/07-routing.md §"params.ts — Convention File for Typed Params"
+    setSegmentParams(match.params);
     // Stage 3: Leaf middleware.ts (only the leaf route's middleware runs)
     if (match.middleware) {
       const ctx: MiddlewareContext = {
         req,
         requestHeaders: requestHeaderOverlay,
         headers: responseHeaders,
-        params: match.params,
-        searchParams: new URL(req.url).searchParams,
+        segmentParams: match.params,
         earlyHints: (hints) => {
           for (const hint of hints) {
-            let value = `<${hint.href}>; rel=${hint.rel}`;
-            if (hint.as !== undefined) value += `; as=${hint.as}`;
+            // Match Cloudflare's cached Early Hints attribute order: `as` before `rel`.
+            // Cloudflare caches Link headers and re-emits them on subsequent 200s.
+            // If our order differs, the browser sees duplicate preloads and warns.
+            let value: string;
+            if (hint.as !== undefined) {
+              value = `<${hint.href}>; as=${hint.as}; rel=${hint.rel}`;
+            } else {
+              value = `<${hint.href}>; rel=${hint.rel}`;
+            }
             if (hint.crossOrigin !== undefined) value += `; crossorigin=${hint.crossOrigin}`;
             if (hint.fetchPriority !== undefined) value += `; fetchpriority=${hint.fetchPriority}`;
             responseHeaders.append('Link', value);
@@ -421,7 +520,9 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
         setMutableCookieContext(true);
         const middlewareFn = () => runMiddleware(match.middleware!, ctx);
         const middlewareResponse = await withSpan('timber.middleware', {}, () =>
-          enableServerTiming ? withTiming('mw', 'middleware.ts', middlewareFn) : middlewareFn()
+          serverTiming === 'detailed'
+            ? withTiming('mw', 'middleware.ts', middlewareFn)
+            : middlewareFn()
         );
         setMutableCookieContext(false);
         if (middlewareResponse) {
@@ -438,20 +539,10 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
         applyRequestHeaderOverlay(requestHeaderOverlay);
       } catch (error) {
         setMutableCookieContext(false);
-        // RedirectSignal from middleware → HTTP redirect (not an error).
-        // For RSC payload requests (client navigation), return 204 + X-Timber-Redirect
-        // so the client router can perform a soft SPA redirect. A raw 302 would be
-        // turned into an opaque redirect by fetch({redirect:'manual'}), crashing
-        // createFromFetch. See design/19-client-navigation.md.
+        // RedirectSignal from middleware → HTTP redirect (not an error)
         if (error instanceof RedirectSignal) {
           applyCookieJar(responseHeaders);
-          const isRsc = (req.headers.get('Accept') ?? '').includes('text/x-component');
-          if (isRsc) {
-            responseHeaders.set('X-Timber-Redirect', error.location);
-            return new Response(null, { status: 204, headers: responseHeaders });
-          }
-          responseHeaders.set('Location', error.location);
-          return new Response(null, { status: error.status, headers: responseHeaders });
+          return buildRedirectResponse(error, req, responseHeaders);
         }
         // DenySignal from middleware → HTTP deny status
         if (error instanceof DenySignal) {
@@ -476,7 +567,9 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
       const renderFn = () =>
         render(req, match, responseHeaders, requestHeaderOverlay, interception);
       const response = await withSpan('timber.render', { 'http.route': canonicalPathname }, () =>
-        enableServerTiming ? withTiming('render', 'RSC + SSR render', renderFn) : renderFn()
+        serverTiming === 'detailed'
+          ? withTiming('render', 'RSC + SSR render', renderFn)
+          : renderFn()
       );
       markResponseFlushed();
       return response;
@@ -486,10 +579,9 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
       if (error instanceof DenySignal) {
         return new Response(null, { status: error.status });
       }
-      // RedirectSignal leaked from render — honour the redirect.
+      // RedirectSignal leaked from render — honour the redirect
       if (error instanceof RedirectSignal) {
-        responseHeaders.set('Location', error.location);
-        return new Response(null, { status: error.status, headers: responseHeaders });
+        return buildRedirectResponse(error, req, responseHeaders);
       }
       logRenderError({ method, path, error });
       await fireOnRequestError(error, req, 'render');