@timber-js/app 0.2.0-alpha.8 → 0.2.0-alpha.80

package/dist/server/index.js

@@ -1,2592 +1,10 @@
-import { n as isDevMode, t as isDebug } from "../_chunks/debug-gwlJkDuf.js";
-import { a as warnDenyAfterFlush, c as warnRedirectInAccess, d as warnSlowSlotWithoutSuspense, f as warnStaticRequestApi, i as warnCacheRequestProps, l as warnRedirectInSlotAccess, n as WarningId, o as warnDenyInSuspense, p as warnSuspenseWrappingChildren, r as setViteServer, s as warnDynamicApiInStaticBuild, t as formatSize, u as warnRedirectInSuspense } from "../_chunks/format-DviM89f0.js";
-import { i as getMetadataRouteServePath, n as classifyMetadataRoute, r as getMetadataRouteAutoLink, t as METADATA_ROUTE_CONVENTIONS } from "../_chunks/metadata-routes-Cjmvi3rQ.js";
-import { a as timingAls, i as revalidationAls, n as formFlashAls, s as waitUntilAls, t as earlyHintsSenderAls } from "../_chunks/als-registry-B7DbZ2hS.js";
-import { a as markResponseFlushed, c as setCookieSecrets, i as headers, l as setMutableCookieContext, n as cookies, o as runWithRequestContext, r as getSetCookieHeaders, s as searchParams, t as applyRequestHeaderOverlay, u as setParsedSearchParams } from "../_chunks/request-context-DIkVh_jG.js";
-import { a as getTraceStore, c as setSpanAttribute, d as withSpan, i as getOtelTraceId, l as spanId, o as replaceTraceId, r as generateTraceId, s as runWithTraceId, t as addSpanEvent, u as traceId } from "../_chunks/tracing-CemImE6h.js";
-import { readFile } from "node:fs/promises";
-//#region src/server/waituntil-bridge.ts
-/**
-* Per-request waitUntil bridge — ALS bridge for platform adapters.
-*
-* The generated entry point (Nitro, Cloudflare) wraps the handler with
-* `runWithWaitUntil`, binding the platform's lifecycle extension function
-* (e.g., h3's `event.waitUntil()` or CF's `ctx.waitUntil()`) for the
-* request duration. The `waitUntil()` primitive reads from this ALS to
-* dispatch background work to the correct platform API.
-*
-* Design doc: design/11-platform.md §"waitUntil()"
-*/
-/**
-* Get the current request's waitUntil function, if available.
-*
-* Returns undefined when no platform adapter has installed a waitUntil
-* handler for the current request (e.g., on platforms that don't support
-* lifecycle extension, or outside a request context).
-*/
-function getWaitUntil() {
-	return waitUntilAls.getStore();
-}
-//#endregion
-//#region src/server/primitives.ts
-/**
-* Check if a value is JSON-serializable without data loss.
-* Returns a description of the first non-serializable value found, or null if OK.
-*
-* @internal Exported for testing only.
-*/
-function findNonSerializable(value, path = "data") {
-	if (value === null || value === void 0) return null;
-	switch (typeof value) {
-		case "string":
-		case "number":
-		case "boolean": return null;
-		case "bigint": return `${path} contains a BigInt — BigInt throws in JSON.stringify`;
-		case "function": return `${path} is a function — functions are not JSON-serializable`;
-		case "symbol": return `${path} is a symbol — symbols are not JSON-serializable`;
-		case "object": break;
-		default: return `${path} has unsupported type "${typeof value}"`;
-	}
-	if (value instanceof Date) return `${path} is a Date — Dates silently coerce to strings in JSON.stringify`;
-	if (value instanceof Map) return `${path} is a Map — Maps serialize as {} in JSON.stringify (data loss)`;
-	if (value instanceof Set) return `${path} is a Set — Sets serialize as {} in JSON.stringify (data loss)`;
-	if (value instanceof RegExp) return `${path} is a RegExp — RegExps serialize as {} in JSON.stringify`;
-	if (value instanceof Error) return `${path} is an Error — Errors serialize as {} in JSON.stringify`;
-	if (Array.isArray(value)) {
-		for (let i = 0; i < value.length; i++) {
-			const result = findNonSerializable(value[i], `${path}[${i}]`);
-			if (result) return result;
-		}
-		return null;
-	}
-	const proto = Object.getPrototypeOf(value);
-	if (proto === null) return `${path} is a null-prototype object — React Flight rejects null prototypes`;
-	if (proto !== Object.prototype) return `${path} is a ${value.constructor?.name ?? "unknown"} instance — class instances may lose data in JSON.stringify`;
-	for (const key of Object.keys(value)) {
-		const result = findNonSerializable(value[key], `${path}.${key}`);
-		if (result) return result;
-	}
-	return null;
-}
-/**
-* Emit a dev-mode warning if data is not JSON-serializable.
-* No-op in production.
-*/
-function warnIfNotSerializable(data, callerName) {
-	if (!isDebug()) return;
-	if (data === void 0) return;
-	const issue = findNonSerializable(data);
-	if (issue) console.warn(`[timber] ${callerName}: ${issue}. Data passed to deny() or RenderError must be JSON-serializable because the post-flush path uses JSON.stringify, not React Flight.`);
-}
-/**
-* Render-phase signal thrown by `deny()`. Caught by the framework to produce
-* the correct HTTP status code (segment context) or graceful degradation (slot context).
-*/
-var DenySignal = class extends Error {
-	status;
-	data;
-	constructor(status, data) {
-		super(`Access denied with status ${status}`);
-		this.name = "DenySignal";
-		this.status = status;
-		this.data = data;
-	}
-	/**
-	* Extract the file that called deny() from the stack trace.
-	* Returns a short path (e.g. "app/auth/access.ts") or undefined if
-	* the stack can't be parsed. Dev-only — used for dev log output.
-	*/
-	get sourceFile() {
-		if (!this.stack) return void 0;
-		const frames = this.stack.split("\n");
-		for (let i = 2; i < frames.length; i++) {
-			const frame = frames[i];
-			if (!frame) continue;
-			if (frame.includes("primitives.ts") || frame.includes("node_modules")) continue;
-			const match = frame.match(/\(([^)]+?)(?::\d+:\d+)\)/) ?? frame.match(/at\s+([^\s]+?)(?::\d+:\d+)/);
-			if (match?.[1]) {
-				const full = match[1];
-				const appIdx = full.indexOf("/app/");
-				return appIdx >= 0 ? full.slice(appIdx + 1) : full;
-			}
-		}
-	}
-};
-/**
-* Universal denial primitive. Throws a `DenySignal` that the framework catches.
-*
-* - In segment context (outside Suspense): produces HTTP status code
-* - In slot context: graceful degradation → denied.tsx → default.tsx → null
-* - Inside Suspense (hold window): promoted to pre-flush behavior
-* - Inside Suspense (after flush): error boundary + noindex meta
-*
-* @param status - Any 4xx HTTP status code. Defaults to 403.
-* @param data - Optional JSON-serializable data passed as `dangerouslyPassData` prop to status-code files.
-*/
-function deny(status = 403, data) {
-	if (status < 400 || status > 499) throw new Error(`deny() requires a 4xx status code, got ${status}. For 5xx errors, throw a RenderError instead.`);
-	warnIfNotSerializable(data, "deny()");
-	throw new DenySignal(status, data);
-}
-/**
-* Convenience alias for `deny(404)`.
-*
-* Provided for Next.js API compatibility — libraries and user code that
-* call `notFound()` from `next/navigation` get the same behavior as
-* `deny(404)` in timber.
-*/
-function notFound() {
-	throw new DenySignal(404);
-}
-/**
-* Next.js redirect type discriminator.
-*
-* Provided for API compatibility with libraries that import `RedirectType`
-* from `next/navigation`. In timber, `redirect()` always uses `replace`
-* semantics (no history entry for the redirect itself).
-*/
-var RedirectType = {
-	push: "push",
-	replace: "replace"
-};
-/**
-* Render-phase signal thrown by `redirect()` and `redirectExternal()`.
-* Caught by the framework to produce a 3xx response or client-side navigation.
-*/
-var RedirectSignal = class extends Error {
-	location;
-	status;
-	constructor(location, status) {
-		super(`Redirect to ${location}`);
-		this.name = "RedirectSignal";
-		this.location = location;
-		this.status = status;
-	}
-};
-/** Pattern matching absolute URLs: http(s):// or protocol-relative // */
-var ABSOLUTE_URL_RE = /^(?:[a-zA-Z][a-zA-Z\d+\-.]*:|\/\/)/;
-/**
-* Redirect to a relative path. Rejects absolute and protocol-relative URLs.
-* Use `redirectExternal()` for external redirects with an allow-list.
-*
-* @param path - Relative path (e.g. '/login', 'settings', '/login?returnTo=/dash')
-* @param status - HTTP redirect status code (3xx). Defaults to 302.
-*/
-function redirect(path, status = 302) {
-	if (status < 300 || status > 399) throw new Error(`redirect() requires a 3xx status code, got ${status}.`);
-	if (ABSOLUTE_URL_RE.test(path)) throw new Error(`redirect() only accepts relative URLs. Got absolute URL: "${path}". Use redirectExternal(url, allowList) for external redirects.`);
-	throw new RedirectSignal(path, status);
-}
-/**
-* Permanent redirect to a relative path. Shorthand for `redirect(path, 308)`.
-*
-* Uses 308 (Permanent Redirect) which preserves the HTTP method — the browser
-* will replay POST requests to the new location. This matches Next.js behavior.
-*
-* @param path - Relative path (e.g. '/new-page', '/dashboard')
-*/
-function permanentRedirect(path) {
-	redirect(path, 308);
-}
-/**
-* Redirect to an external URL. The hostname must be in the provided allow-list.
-*
-* @param url - Absolute URL to redirect to.
-* @param allowList - Array of allowed hostnames (e.g. ['example.com', 'auth.example.com']).
-* @param status - HTTP redirect status code (3xx). Defaults to 302.
-*/
-function redirectExternal(url, allowList, status = 302) {
-	if (status < 300 || status > 399) throw new Error(`redirectExternal() requires a 3xx status code, got ${status}.`);
-	let hostname;
-	try {
-		hostname = new URL(url).hostname;
-	} catch {
-		throw new Error(`redirectExternal() received an invalid URL: "${url}"`);
-	}
-	if (!allowList.includes(hostname)) throw new Error(`redirectExternal() target "${hostname}" is not in the allow-list. Allowed: [${allowList.join(", ")}]`);
-	throw new RedirectSignal(url, status);
-}
-/**
-* Typed throw for render-phase errors that carry structured context to error boundaries.
-*
-* The `digest` (code + data) is serialized into the RSC stream separately from the
-* Error instance — only the digest crosses the RSC → client boundary.
-*
-* @example
-* ```ts
-* throw new RenderError('PRODUCT_NOT_FOUND', {
-*   title: 'Product not found',
-*   resourceId: params.id,
-* })
-* ```
-*/
-var RenderError = class extends Error {
-	code;
-	digest;
-	status;
-	constructor(code, data, options) {
-		super(`RenderError: ${code}`);
-		this.name = "RenderError";
-		this.code = code;
-		this.digest = {
-			code,
-			data
-		};
-		warnIfNotSerializable(data, "RenderError");
-		const status = options?.status ?? 500;
-		if (status < 400 || status > 599) throw new Error(`RenderError status must be 4xx or 5xx, got ${status}.`);
-		this.status = status;
-	}
-};
-var _waitUntilWarned = false;
-/**
-* Register a promise to be kept alive after the response is sent.
-* Maps to `ctx.waitUntil()` on Cloudflare Workers and similar platforms.
-*
-* In production, the platform adapter installs a per-request waitUntil
-* function via ALS (see waituntil-bridge.ts). This function checks the
-* ALS bridge first, then falls back to the legacy adapter argument.
-*
-* If neither is available, a warning is logged once and the promise is
-* left to resolve (or reject) without being tracked.
-*
-* @param promise - The background work to keep alive.
-* @param adapter - Optional legacy adapter (prefer ALS bridge in production).
-*/
-function waitUntil(promise, adapter) {
-	const alsFn = getWaitUntil();
-	if (alsFn) {
-		alsFn(promise);
-		return;
-	}
-	if (adapter && typeof adapter.waitUntil === "function") {
-		adapter.waitUntil(promise);
-		return;
-	}
-	if (!_waitUntilWarned) {
-		_waitUntilWarned = true;
-		console.warn("[timber] waitUntil() is not supported by the current adapter. Background work will not be tracked. This warning is shown once.");
-	}
-}
-//#endregion
-//#region src/server/canonicalize.ts
-/**
-* Encoded separators that produce a 400 rejection.
-* %2f (/) and %5c (\) cause path-confusion attacks.
-*/
-var ENCODED_SEPARATOR_RE = /%2f|%5c/i;
-/** Null byte — rejected. */
-var NULL_BYTE_RE = /%00/i;
-/**
-* Canonicalize a URL pathname.
-*
-* 1. Reject encoded separators (%2f, %5c) and null bytes (%00)
-* 2. Single percent-decode
-* 3. Collapse // → /
-* 4. Resolve .. segments (reject if escaping root)
-* 5. Strip trailing slash (except root "/")
-*
-* @param rawPathname - The raw pathname from the request URL (percent-encoded)
-* @param stripTrailingSlash - Whether to strip trailing slashes. Default: true.
-*/
-function canonicalize(rawPathname, stripTrailingSlash = true) {
-	if (ENCODED_SEPARATOR_RE.test(rawPathname)) return {
-		ok: false,
-		status: 400
-	};
-	if (NULL_BYTE_RE.test(rawPathname)) return {
-		ok: false,
-		status: 400
-	};
-	let decoded;
-	try {
-		decoded = decodeURIComponent(rawPathname);
-	} catch {
-		return {
-			ok: false,
-			status: 400
-		};
-	}
-	if (decoded.includes("\0")) return {
-		ok: false,
-		status: 400
-	};
-	let pathname = decoded.replace(/\/\/+/g, "/");
-	const segments = pathname.split("/");
-	const resolved = [];
-	for (const seg of segments) if (seg === "..") {
-		if (resolved.length <= 1) return {
-			ok: false,
-			status: 400
-		};
-		resolved.pop();
-	} else if (seg !== ".") resolved.push(seg);
-	pathname = resolved.join("/") || "/";
-	if (stripTrailingSlash && pathname.length > 1 && pathname.endsWith("/")) pathname = pathname.slice(0, -1);
-	return {
-		ok: true,
-		pathname
-	};
-}
-//#endregion
-//#region src/server/proxy.ts
-/**
-* Run the proxy pipeline.
-*
-* @param proxyExport - The default export from proxy.ts (function or array)
-* @param req - The incoming request
-* @param next - The continuation that proceeds to route matching and rendering
-* @returns The final response
-*/
-async function runProxy(proxyExport, req, next) {
-	const fns = Array.isArray(proxyExport) ? proxyExport : [proxyExport];
-	let i = fns.length;
-	let composed = next;
-	while (i--) {
-		const fn = fns[i];
-		const downstream = composed;
-		composed = () => Promise.resolve(fn(req, downstream));
-	}
-	return composed();
-}
-//#endregion
-//#region src/server/middleware-runner.ts
-/**
-* Run a route's middleware function.
-*
-* @param middlewareFn - The default export from the route's middleware.ts
-* @param ctx - The middleware context (req, params, headers, requestHeaders, searchParams)
-* @returns A Response if middleware short-circuited, or undefined to continue
-*/
-async function runMiddleware(middlewareFn, ctx) {
-	const result = await middlewareFn(ctx);
-	if (result instanceof Response) return result;
-}
-//#endregion
-//#region src/server/server-timing.ts
-/**
-* Server-Timing header — dev-mode timing breakdowns for Chrome DevTools.
-*
-* Collects timing entries per request using ALS. Each pipeline phase
-* (proxy, middleware, render, SSR, access, fetch) records an entry.
-* Before response flush, entries are formatted into a Server-Timing header.
-*
-* Only active in dev mode — zero overhead in production.
-*
-* See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Server-Timing
-* Task: LOCAL-290
-*/
-/**
-* Run a callback with a per-request timing collector.
-* Must be called at the top of the request pipeline (wraps the full request).
-*/
-function runWithTimingCollector(fn) {
-	return timingAls.run({ entries: [] }, fn);
-}
-/**
-* Run a function and automatically record its duration as a timing entry.
-* Returns the function's result. No-ops the recording if outside a collector.
-*/
-async function withTiming(name, desc, fn) {
-	const store = timingAls.getStore();
-	if (!store) return fn();
-	const start = performance.now();
-	try {
-		return await fn();
-	} finally {
-		const dur = Math.round(performance.now() - start);
-		store.entries.push({
-			name,
-			dur,
-			desc
-		});
-	}
-}
-/**
-* Get the Server-Timing header value for the current request.
-* Returns null if no entries exist or outside a collector.
-*
-* Format: `name;dur=123;desc="description", name2;dur=456`
-* See RFC 6797 / Server-Timing spec for format details.
-*/
-function getServerTimingHeader() {
-	const store = timingAls.getStore();
-	if (!store || store.entries.length === 0) return null;
-	const nameCounts = /* @__PURE__ */ new Map();
-	const parts = store.entries.map((entry) => {
-		const count = nameCounts.get(entry.name) ?? 0;
-		nameCounts.set(entry.name, count + 1);
-		const uniqueName = count > 0 ? `${entry.name}-${count}` : entry.name;
-		return {
-			...entry,
-			name: uniqueName
-		};
-	}).map((entry) => {
-		let part = `${entry.name};dur=${entry.dur}`;
-		if (entry.desc) {
-			const safeDesc = entry.desc.replace(/\\/g, "\\\\").replace(/"/g, "\\\"");
-			part += `;desc="${safeDesc}"`;
-		}
-		return part;
-	});
-	const MAX_HEADER_SIZE = 4096;
-	let result = "";
-	for (let i = 0; i < parts.length; i++) {
-		const candidate = result ? `${result}, ${parts[i]}` : parts[i];
-		if (candidate.length > MAX_HEADER_SIZE) break;
-		result = candidate;
-	}
-	return result || null;
-}
-//#endregion
-//#region src/server/error-formatter.ts
-/**
-* Error Formatter — rewrites SSR/RSC error messages to surface user code.
-*
-* When React or Vite throw errors during SSR, stack traces reference
-* vendored dependency paths (e.g. `.vite/deps_ssr/@vitejs_plugin-rsc_vendor_...`)
-* and mangled export names (`__vite_ssr_export_default__`). This module
-* rewrites error messages and stack traces to point at user code instead.
-*
-* Dev-only — in production, errors go through the structured logger
-* without formatting.
-*/
-/**
-* Patterns that identify internal Vite/RSC vendor paths in stack traces.
-* These are replaced with human-readable labels.
-*/
-var VENDOR_PATH_PATTERNS = [
-	{
-		pattern: /node_modules\/\.vite\/deps_ssr\/@vitejs_plugin-rsc_vendor_react-server-dom[^\s)]+/g,
-		replacement: "<react-server-dom>"
-	},
-	{
-		pattern: /node_modules\/\.vite\/deps_ssr\/@vitejs_plugin-rsc_vendor[^\s)]+/g,
-		replacement: "<rsc-vendor>"
-	},
-	{
-		pattern: /node_modules\/\.vite\/deps_ssr\/[^\s)]+/g,
-		replacement: "<vite-dep>"
-	},
-	{
-		pattern: /node_modules\/\.vite\/deps\/[^\s)]+/g,
-		replacement: "<vite-dep>"
-	}
-];
-/**
-* Patterns that identify Vite-mangled export names in error messages.
-*/
-var MANGLED_NAME_PATTERNS = [{
-	pattern: /__vite_ssr_export_default__/g,
-	replacement: "<default export>"
-}, {
-	pattern: /__vite_ssr_export_(\w+)__/g,
-	replacement: "<export $1>"
-}];
-/**
-* Rewrite an error's message and stack to replace internal Vite paths
-* and mangled names with human-readable labels.
-*/
-function formatSsrError(error) {
-	if (!(error instanceof Error)) return String(error);
-	let message = error.message;
-	let stack = error.stack ?? "";
-	for (const { pattern, replacement } of MANGLED_NAME_PATTERNS) message = message.replace(pattern, replacement);
-	for (const { pattern, replacement } of VENDOR_PATH_PATTERNS) stack = stack.replace(pattern, replacement);
-	for (const { pattern, replacement } of MANGLED_NAME_PATTERNS) stack = stack.replace(pattern, replacement);
-	const hint = extractErrorHint(error.message);
-	const parts = [];
-	parts.push(message);
-	if (hint) parts.push(`  → ${hint}`);
-	const userFrames = extractUserFrames(stack);
-	if (userFrames.length > 0) {
-		parts.push("");
-		parts.push("  User code in stack:");
-		for (const frame of userFrames) parts.push(`    ${frame}`);
-	}
-	return parts.join("\n");
-}
-/**
-* Extract a human-readable hint from common React/RSC error messages.
-*
-* React error messages contain useful information but the surrounding
-* context (vendor paths, mangled names) obscures it. This extracts the
-* actionable part as a one-line hint.
-*/
-function extractErrorHint(message) {
-	if (message.match(/Functions cannot be passed directly to Client Components/)) {
-		const propMatch = message.match(/<[^>]*?\s(\w+)=\{function/);
-		if (propMatch) return `Prop "${propMatch[1]}" is a function — mark it "use server" or call it before passing`;
-		return "A function prop was passed to a Client Component — mark it \"use server\" or call it before passing";
-	}
-	if (message.includes("Objects are not valid as a React child")) return "An object was rendered as JSX children — convert to string or extract the value";
-	const nullRefMatch = message.match(/Cannot read propert(?:y|ies) of (undefined|null) \(reading '(\w+)'\)/);
-	if (nullRefMatch) return `Accessed .${nullRefMatch[2]} on ${nullRefMatch[1]} — check that the value exists`;
-	const notFnMatch = message.match(/(\w+) is not a function/);
-	if (notFnMatch) return `"${notFnMatch[1]}" is not a function — check imports and exports`;
-	if (message.includes("Element type is invalid")) return "A component resolved to undefined/null — check default exports and import paths";
-	if (message.includes("Invalid hook call")) return "A hook was called outside of a React component render. If this is a 'use client' component, ensure the directive is at the very top of the file (before any imports) and that @vitejs/plugin-rsc is loaded correctly. Barrel re-exports from non-'use client' files do not propagate the directive.";
-	return null;
-}
-/**
-* Extract stack frames that reference user code (not node_modules,
-* not framework internals).
-*
-* Returns at most 5 frames to keep output concise.
-*/
-function extractUserFrames(stack) {
-	const lines = stack.split("\n");
-	const userFrames = [];
-	for (const line of lines) {
-		const trimmed = line.trim();
-		if (!trimmed.startsWith("at ")) continue;
-		if (trimmed.includes("node_modules") || trimmed.includes("<react-server-dom>") || trimmed.includes("<rsc-vendor>") || trimmed.includes("<vite-dep>") || trimmed.includes("node:internal")) continue;
-		userFrames.push(trimmed);
-		if (userFrames.length >= 5) break;
-	}
-	return userFrames;
-}
-//#endregion
-//#region src/server/logger.ts
-/**
-* Logger — structured logging with environment-aware formatting.
-*
-* timber.js does not ship a logger. Users export any object with
-* info/warn/error/debug methods from instrumentation.ts and the framework
-* picks it up. Silent if no logger export is present.
-*
-* See design/17-logging.md §"Production Logging"
-*/
-var _logger = null;
-/**
-* Set the user-provided logger. Called by the instrumentation loader
-* when it finds a `logger` export in instrumentation.ts.
-*/
-function setLogger(logger) {
-	_logger = logger;
-}
-/**
-* Get the current logger, or null if none configured.
-* Framework-internal — used at framework event points to emit structured logs.
-*/
-function getLogger() {
-	return _logger;
-}
-/**
-* Inject trace_id and span_id into log data for log–trace correlation.
-* Always injects trace_id (never undefined). Injects span_id only when OTEL is active.
-*/
-function withTraceContext(data) {
-	const store = getTraceStore();
-	const enriched = { ...data };
-	if (store) {
-		enriched.trace_id = store.traceId;
-		if (store.spanId) enriched.span_id = store.spanId;
-	}
-	return enriched;
-}
-/** Log a completed request. Level: info. */
-function logRequestCompleted(data) {
-	_logger?.info("request completed", withTraceContext(data));
-}
-/** Log request received. Level: debug. */
-function logRequestReceived(data) {
-	_logger?.debug("request received", withTraceContext(data));
-}
-/** Log a slow request warning. Level: warn. */
-function logSlowRequest(data) {
-	_logger?.warn("slow request exceeded threshold", withTraceContext(data));
-}
-/** Log middleware short-circuit. Level: debug. */
-function logMiddlewareShortCircuit(data) {
-	_logger?.debug("middleware short-circuited", withTraceContext(data));
-}
-/** Log unhandled error in middleware phase. Level: error. */
-function logMiddlewareError(data) {
-	if (_logger) _logger.error("unhandled error in middleware phase", withTraceContext(data));
-	else if (isDebug()) console.error("[timber] middleware error", data.error);
-}
-/** Log unhandled render-phase error. Level: error. */
-function logRenderError(data) {
-	if (_logger) _logger.error("unhandled render-phase error", withTraceContext(data));
-	else if (isDebug()) console.error("[timber] render error:", formatSsrError(data.error));
-}
-/** Log proxy.ts uncaught error. Level: error. */
-function logProxyError(data) {
-	if (_logger) _logger.error("proxy.ts threw uncaught error", withTraceContext(data));
-	else if (isDebug()) console.error("[timber] proxy error", data.error);
-}
-/** Log waitUntil() adapter missing (once at startup). Level: warn. */
-function logWaitUntilUnsupported() {
-	_logger?.warn("adapter does not support waitUntil()");
-}
-/** Log waitUntil() promise rejection. Level: warn. */
-function logWaitUntilRejected(data) {
-	_logger?.warn("waitUntil() promise rejected", withTraceContext(data));
-}
-/** Log staleWhileRevalidate refetch failure. Level: warn. */
-function logSwrRefetchFailed(data) {
-	_logger?.warn("staleWhileRevalidate refetch failed", withTraceContext(data));
-}
-/** Log cache miss. Level: debug. */
-function logCacheMiss(data) {
-	_logger?.debug("timber.cache MISS", withTraceContext(data));
-}
-//#endregion
-//#region src/server/instrumentation.ts
-/**
-* Instrumentation — loads and runs the user's instrumentation.ts file.
-*
-* instrumentation.ts is a file convention at the project root that exports:
-* - register() — called once at server startup, before the first request
-* - onRequestError() — called for every unhandled server error
-* - logger — any object with info/warn/error/debug methods
-*
-* See design/17-logging.md §"instrumentation.ts — The Entry Point"
-*/
-var _initialized = false;
-var _onRequestError = null;
-/**
-* Load and initialize the user's instrumentation.ts module.
-*
-* - Awaits register() before returning (server blocks on this).
-* - Picks up the logger export and wires it into the framework logger.
-* - Stores onRequestError for later invocation.
-*
-* @param loader - Function that dynamically imports the user's instrumentation module.
-*                 Returns null if no instrumentation.ts exists.
-*/
-async function loadInstrumentation(loader) {
-	if (_initialized) return;
-	_initialized = true;
-	let mod;
-	try {
-		mod = await loader();
-	} catch (error) {
-		console.error("[timber] Failed to load instrumentation.ts:", error);
-		return;
-	}
-	if (!mod) return;
-	if (mod.logger && typeof mod.logger.info === "function") setLogger(mod.logger);
-	if (typeof mod.onRequestError === "function") _onRequestError = mod.onRequestError;
-	if (typeof mod.register === "function") try {
-		await mod.register();
-	} catch (error) {
-		console.error("[timber] instrumentation.ts register() threw:", error);
-		throw error;
-	}
-}
-/**
-* Call the user's onRequestError hook. Catches and logs any errors thrown
-* by the hook itself — it must not affect the response.
-*/
-async function callOnRequestError(error, request, context) {
-	if (!_onRequestError) return;
-	try {
-		await _onRequestError(error, request, context);
-	} catch (hookError) {
-		console.error("[timber] onRequestError hook threw:", hookError);
-	}
-}
-/**
-* Check if onRequestError is registered.
-*/
-function hasOnRequestError() {
-	return _onRequestError !== null;
-}
-//#endregion
-//#region src/server/pipeline-metadata.ts
-/**
-* Metadata route helpers for the request pipeline.
-*
-* Handles serving static metadata files and serializing sitemap responses.
-* Extracted from pipeline.ts to keep files under 500 lines.
-*
-* See design/16-metadata.md §"Metadata Routes"
-*/
-/**
-* Content types that are text-based and should include charset=utf-8.
-* Binary formats (images) should not include charset.
-*/
-var TEXT_CONTENT_TYPES = new Set([
-	"application/xml",
-	"text/plain",
-	"application/json",
-	"application/manifest+json",
-	"image/svg+xml"
-]);
-/**
-* Serve a static metadata file by reading it from disk.
-*
-* Static metadata route files (.xml, .txt, .json, .png, .ico, .svg, etc.)
-* are served as-is with the appropriate Content-Type header.
-* Text files include charset=utf-8; binary files do not.
-*
-* See design/16-metadata.md §"Metadata Routes"
-*/
-async function serveStaticMetadataFile(metaMatch) {
-	const { contentType, file } = metaMatch;
-	const isText = TEXT_CONTENT_TYPES.has(contentType);
-	const body = await readFile(file.filePath);
-	const headers = {
-		"Content-Type": isText ? `${contentType}; charset=utf-8` : contentType,
-		"Content-Length": String(body.byteLength)
-	};
-	return new Response(body, {
-		status: 200,
-		headers
-	});
-}
-/**
-* Serialize a sitemap array to XML.
-* Follows the sitemap.org protocol: https://www.sitemaps.org/protocol.html
-*/
-function serializeSitemap(entries) {
-	return `<?xml version="1.0" encoding="UTF-8"?>\n<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">\n${entries.map((e) => {
-		let xml = `  <url>\n    <loc>${escapeXml(e.url)}</loc>`;
-		if (e.lastModified) {
-			const date = e.lastModified instanceof Date ? e.lastModified.toISOString() : e.lastModified;
-			xml += `\n    <lastmod>${escapeXml(date)}</lastmod>`;
-		}
-		if (e.changeFrequency) xml += `\n    <changefreq>${escapeXml(e.changeFrequency)}</changefreq>`;
-		if (e.priority !== void 0) xml += `\n    <priority>${e.priority}</priority>`;
-		xml += "\n  </url>";
-		return xml;
-	}).join("\n")}\n</urlset>`;
-}
-/** Escape special XML characters. */
-function escapeXml(str) {
-	return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&apos;");
-}
-//#endregion
-//#region src/server/pipeline-interception.ts
-/**
-* Check if an intercepting route applies for this soft navigation.
-*
-* Matches the target pathname against interception rewrites, constrained
-* by the source URL (X-Timber-URL header — where the user navigates FROM).
-*
-* Returns the source pathname to re-match if interception applies, or null.
-*/
-function findInterceptionMatch(targetPathname, sourceUrl, rewrites) {
-	for (const rewrite of rewrites) {
-		if (!sourceUrl.startsWith(rewrite.interceptingPrefix)) continue;
-		if (pathnameMatchesPattern(targetPathname, rewrite.interceptedPattern)) return { sourcePathname: rewrite.interceptingPrefix };
-	}
-	return null;
-}
-/**
-* Check if a pathname matches a URL pattern with dynamic segments.
-*
-* Supports [param] (single segment) and [...param] (one or more segments).
-* Static segments must match exactly.
-*/
-function pathnameMatchesPattern(pathname, pattern) {
-	const pathParts = pathname === "/" ? [] : pathname.slice(1).split("/");
-	const patternParts = pattern === "/" ? [] : pattern.slice(1).split("/");
-	let pi = 0;
-	for (let i = 0; i < patternParts.length; i++) {
-		const segment = patternParts[i];
-		if (segment.startsWith("[...") || segment.startsWith("[[...")) return pi < pathParts.length || segment.startsWith("[[...");
-		if (segment.startsWith("[") && segment.endsWith("]")) {
-			if (pi >= pathParts.length) return false;
-			pi++;
-			continue;
-		}
-		if (pi >= pathParts.length || pathParts[pi] !== segment) return false;
-		pi++;
-	}
-	return pi === pathParts.length;
-}
-//#endregion
-//#region src/server/pipeline.ts
-/**
-* Request pipeline — the central dispatch for all timber.js requests.
-*
-* Pipeline stages (in order):
-*   proxy.ts → canonicalize → route match → 103 Early Hints → middleware.ts → render
-*
-* Each stage is a pure function or returns a Response to short-circuit.
-* Each request gets a trace ID, structured logging, and OTEL spans.
-*
-* See design/07-routing.md §"Request Lifecycle", design/02-rendering-pipeline.md §"Request Flow",
-* and design/17-logging.md §"Production Logging"
-*/
-/**
-* Create the request handler from a pipeline configuration.
-*
-* Returns a function that processes an incoming Request through all pipeline stages
-* and produces a Response. This is the top-level entry point for the server.
-*/
-function createPipeline(config) {
-	const { proxy, matchRoute, render, earlyHints, stripTrailingSlash = true, slowRequestMs = 3e3, enableServerTiming = false, onPipelineError } = config;
-	let activeRequests = 0;
-	return async (req) => {
-		const url = new URL(req.url);
-		const method = req.method;
-		const path = url.pathname;
-		const startTime = performance.now();
-		activeRequests++;
-		return runWithTraceId(generateTraceId(), async () => {
-			return runWithRequestContext(req, async () => {
-				const runRequest = async () => {
-					logRequestReceived({
-						method,
-						path
-					});
-					const response = await withSpan("http.server.request", {
-						"http.request.method": method,
-						"url.path": path
-					}, async () => {
-						const otelIds = await getOtelTraceId();
-						if (otelIds) replaceTraceId(otelIds.traceId, otelIds.spanId);
-						let result;
-						if (proxy || config.proxyLoader) result = await runProxyPhase(req, method, path);
-						else result = await handleRequest(req, method, path);
-						await setSpanAttribute("http.response.status_code", result.status);
-						if (enableServerTiming) {
-							const serverTiming = getServerTimingHeader();
-							if (serverTiming) {
-								result = ensureMutableResponse(result);
-								result.headers.set("Server-Timing", serverTiming);
-							}
-						} else {
-							const totalMs = Math.round(performance.now() - startTime);
-							result = ensureMutableResponse(result);
-							result.headers.set("Server-Timing", `total;dur=${totalMs}`);
-						}
-						return result;
-					});
-					const durationMs = Math.round(performance.now() - startTime);
-					const status = response.status;
-					const concurrency = activeRequests;
-					activeRequests--;
-					logRequestCompleted({
-						method,
-						path,
-						status,
-						durationMs,
-						concurrency
-					});
-					if (slowRequestMs > 0 && durationMs > slowRequestMs) logSlowRequest({
-						method,
-						path,
-						durationMs,
-						threshold: slowRequestMs,
-						concurrency
-					});
-					return response;
-				};
-				return enableServerTiming ? runWithTimingCollector(runRequest) : runRequest();
-			});
-		});
-	};
-	async function runProxyPhase(req, method, path) {
-		try {
-			let proxyExport;
-			if (config.proxyLoader) proxyExport = (await config.proxyLoader()).default;
-			else proxyExport = config.proxy;
-			const proxyFn = () => runProxy(proxyExport, req, () => handleRequest(req, method, path));
-			return await withSpan("timber.proxy", {}, () => enableServerTiming ? withTiming("proxy", "proxy.ts", proxyFn) : proxyFn());
-		} catch (error) {
-			logProxyError({ error });
-			await fireOnRequestError(error, req, "proxy");
-			if (onPipelineError && error instanceof Error) onPipelineError(error, "proxy");
-			return new Response(null, { status: 500 });
-		}
-	}
-	async function handleRequest(req, method, path) {
-		const result = canonicalize(new URL(req.url).pathname, stripTrailingSlash);
-		if (!result.ok) return new Response(null, { status: result.status });
-		const canonicalPathname = result.pathname;
-		if (config.matchMetadataRoute) {
-			const metaMatch = config.matchMetadataRoute(canonicalPathname);
-			if (metaMatch) try {
-				if (metaMatch.isStatic) return await serveStaticMetadataFile(metaMatch);
-				const mod = await metaMatch.file.load();
-				if (typeof mod.default !== "function") return new Response("Metadata route must export a default function", { status: 500 });
-				const handlerResult = await mod.default();
-				if (handlerResult instanceof Response) return handlerResult;
-				const contentType = metaMatch.contentType;
-				let body;
-				if (typeof handlerResult === "string") body = handlerResult;
-				else if (contentType === "application/xml") body = serializeSitemap(handlerResult);
-				else if (contentType === "application/manifest+json") body = JSON.stringify(handlerResult, null, 2);
-				else body = typeof handlerResult === "string" ? handlerResult : String(handlerResult);
-				return new Response(body, {
-					status: 200,
-					headers: { "Content-Type": `${contentType}; charset=utf-8` }
-				});
-			} catch (error) {
-				logRenderError({
-					method,
-					path,
-					error
-				});
-				if (onPipelineError && error instanceof Error) onPipelineError(error, "metadata-route");
-				return new Response(null, { status: 500 });
-			}
-		}
-		let match = matchRoute(canonicalPathname);
-		let interception;
-		const sourceUrl = req.headers.get("X-Timber-URL");
-		if (sourceUrl && config.interceptionRewrites?.length) {
-			const intercepted = findInterceptionMatch(canonicalPathname, sourceUrl, config.interceptionRewrites);
-			if (intercepted) {
-				const sourceMatch = matchRoute(intercepted.sourcePathname);
-				if (sourceMatch) {
-					match = sourceMatch;
-					interception = { targetPathname: canonicalPathname };
-				}
-			}
-		}
-		if (!match) {
-			if (config.renderNoMatch) {
-				const responseHeaders = new Headers();
-				return config.renderNoMatch(req, responseHeaders);
-			}
-			return new Response(null, { status: 404 });
-		}
-		const responseHeaders = new Headers();
-		const requestHeaderOverlay = new Headers();
-		responseHeaders.set("Cache-Control", "private, no-cache, no-store, max-age=0, must-revalidate");
-		if (earlyHints) try {
-			await earlyHints(match, req, responseHeaders);
-		} catch {}
-		if (match.middleware) {
-			const ctx = {
-				req,
-				requestHeaders: requestHeaderOverlay,
-				headers: responseHeaders,
-				params: match.params,
-				searchParams: new URL(req.url).searchParams,
-				earlyHints: (hints) => {
-					for (const hint of hints) {
-						let value = `<${hint.href}>; rel=${hint.rel}`;
-						if (hint.as !== void 0) value += `; as=${hint.as}`;
-						if (hint.crossOrigin !== void 0) value += `; crossorigin=${hint.crossOrigin}`;
-						if (hint.fetchPriority !== void 0) value += `; fetchpriority=${hint.fetchPriority}`;
-						responseHeaders.append("Link", value);
-					}
-				}
-			};
-			try {
-				setMutableCookieContext(true);
-				const middlewareFn = () => runMiddleware(match.middleware, ctx);
-				const middlewareResponse = await withSpan("timber.middleware", {}, () => enableServerTiming ? withTiming("mw", "middleware.ts", middlewareFn) : middlewareFn());
-				setMutableCookieContext(false);
-				if (middlewareResponse) {
-					const finalResponse = ensureMutableResponse(middlewareResponse);
-					applyCookieJar(finalResponse.headers);
-					logMiddlewareShortCircuit({
-						method,
-						path,
-						status: finalResponse.status
-					});
-					return finalResponse;
-				}
-				applyRequestHeaderOverlay(requestHeaderOverlay);
-			} catch (error) {
-				setMutableCookieContext(false);
-				if (error instanceof RedirectSignal) {
-					applyCookieJar(responseHeaders);
-					if ((req.headers.get("Accept") ?? "").includes("text/x-component")) {
-						responseHeaders.set("X-Timber-Redirect", error.location);
-						return new Response(null, {
-							status: 204,
-							headers: responseHeaders
-						});
-					}
-					responseHeaders.set("Location", error.location);
-					return new Response(null, {
-						status: error.status,
-						headers: responseHeaders
-					});
-				}
-				if (error instanceof DenySignal) return new Response(null, { status: error.status });
-				logMiddlewareError({
-					method,
-					path,
-					error
-				});
-				await fireOnRequestError(error, req, "handler");
-				if (onPipelineError && error instanceof Error) onPipelineError(error, "middleware");
-				return new Response(null, { status: 500 });
-			}
-		}
-		applyCookieJar(responseHeaders);
-		try {
-			const renderFn = () => render(req, match, responseHeaders, requestHeaderOverlay, interception);
-			const response = await withSpan("timber.render", { "http.route": canonicalPathname }, () => enableServerTiming ? withTiming("render", "RSC + SSR render", renderFn) : renderFn());
-			markResponseFlushed();
-			return response;
-		} catch (error) {
-			if (error instanceof DenySignal) return new Response(null, { status: error.status });
-			if (error instanceof RedirectSignal) {
-				if ((req.headers.get("Accept") ?? "").includes("text/x-component")) {
-					responseHeaders.set("X-Timber-Redirect", error.location);
-					return new Response(null, {
-						status: 204,
-						headers: responseHeaders
-					});
-				}
-				responseHeaders.set("Location", error.location);
-				return new Response(null, {
-					status: error.status,
-					headers: responseHeaders
-				});
-			}
-			logRenderError({
-				method,
-				path,
-				error
-			});
-			await fireOnRequestError(error, req, "render");
-			if (onPipelineError && error instanceof Error) onPipelineError(error, "render");
-			if (config.renderFallbackError) try {
-				return await config.renderFallbackError(error, req, responseHeaders);
-			} catch {}
-			return new Response(null, { status: 500 });
-		}
-	}
-}
-/**
-* Fire the user's onRequestError hook with request context.
-* Extracts request info from the Request object and calls the instrumentation hook.
-*/
-async function fireOnRequestError(error, req, phase) {
-	const url = new URL(req.url);
-	const headersObj = {};
-	req.headers.forEach((v, k) => {
-		headersObj[k] = v;
-	});
-	await callOnRequestError(error, {
-		method: req.method,
-		path: url.pathname,
-		headers: headersObj
-	}, {
-		phase,
-		routePath: url.pathname,
-		routeType: "page",
-		traceId: traceId()
-	});
-}
-/**
-* Apply all Set-Cookie headers from the cookie jar to a Headers object.
-* Each cookie gets its own Set-Cookie header per RFC 6265 §4.1.
-*/
-function applyCookieJar(headers) {
-	for (const value of getSetCookieHeaders()) headers.append("Set-Cookie", value);
-}
-/**
-* Ensure a Response has mutable headers so the pipeline can safely append
-* Set-Cookie and Server-Timing entries.
-*
-* `Response.redirect()` and some platform-level responses return objects
-* with immutable headers. Calling `.set()` or `.append()` on them throws
-* `TypeError: immutable`. This helper detects the immutable case by
-* attempting a no-op write and, on failure, clones into a fresh Response
-* with mutable headers.
-*/
-function ensureMutableResponse(response) {
-	try {
-		response.headers.set("X-Timber-Probe", "1");
-		response.headers.delete("X-Timber-Probe");
-		return response;
-	} catch {
-		return new Response(response.body, {
-			status: response.status,
-			statusText: response.statusText,
-			headers: new Headers(response.headers)
-		});
-	}
-}
-//#endregion
-//#region src/server/build-manifest.ts
-/**
-* Collect all CSS files needed for a matched route's segment chain.
-*
-* Walks segments root → leaf, collecting CSS for each layout and page.
-* Deduplicates while preserving order (root layout CSS first).
-*/
-function collectRouteCss(segments, manifest) {
-	const seen = /* @__PURE__ */ new Set();
-	const result = [];
-	for (const segment of segments) for (const file of [segment.layout, segment.page]) {
-		if (!file) continue;
-		const cssFiles = manifest.css[file.filePath];
-		if (!cssFiles) continue;
-		for (const url of cssFiles) if (!seen.has(url)) {
-			seen.add(url);
-			result.push(url);
-		}
-	}
-	return result;
-}
-/**
-* Collect all font entries needed for a matched route's segment chain.
-*
-* Walks segments root → leaf, collecting fonts for each layout and page.
-* Deduplicates by href while preserving order.
-*/
-function collectRouteFonts(segments, manifest) {
-	const seen = /* @__PURE__ */ new Set();
-	const result = [];
-	for (const segment of segments) for (const file of [segment.layout, segment.page]) {
-		if (!file) continue;
-		const fonts = manifest.fonts[file.filePath];
-		if (!fonts) continue;
-		for (const entry of fonts) if (!seen.has(entry.href)) {
-			seen.add(entry.href);
-			result.push(entry);
-		}
-	}
-	return result;
-}
-/**
-* Collect modulepreload URLs for a matched route's segment chain.
-*
-* Walks segments root → leaf, collecting transitive JS dependencies
-* for each layout and page. Deduplicates across segments.
-*/
-function collectRouteModulepreloads(segments, manifest) {
-	const seen = /* @__PURE__ */ new Set();
-	const result = [];
-	for (const segment of segments) for (const file of [segment.layout, segment.page]) {
-		if (!file) continue;
-		const preloads = manifest.modulepreload[file.filePath];
-		if (!preloads) continue;
-		for (const url of preloads) if (!seen.has(url)) {
-			seen.add(url);
-			result.push(url);
-		}
-	}
-	return result;
-}
-//#endregion
-//#region src/server/early-hints.ts
-/**
-* 103 Early Hints utilities.
-*
-* Early Hints are sent before the final response to let the browser
-* start fetching critical resources (CSS, fonts, JS) while the server
-* is still rendering.
-*
-* The framework collects hints from two sources:
-* 1. Build manifest — CSS, fonts, and JS chunks known at route-match time
-* 2. ctx.earlyHints() — explicit hints added by middleware or route handlers
-*
-* Both are emitted as Link headers. Cloudflare CDN automatically converts
-* Link headers into 103 Early Hints responses.
-*
-* Design docs: 02-rendering-pipeline.md §"Early Hints (103)"
-*/
-/**
-* Format a single EarlyHint as a Link header value.
-*
-* Examples:
-*   `</styles/root.css>; rel=preload; as=style`
-*   `</fonts/inter.woff2>; rel=preload; as=font; crossorigin=anonymous`
-*   `</_timber/client.js>; rel=modulepreload`
-*   `<https://fonts.googleapis.com>; rel=preconnect`
-*/
-function formatLinkHeader(hint) {
-	let value = `<${hint.href}>; rel=${hint.rel}`;
-	if (hint.as !== void 0) value += `; as=${hint.as}`;
-	if (hint.crossOrigin !== void 0) value += `; crossorigin=${hint.crossOrigin}`;
-	if (hint.fetchPriority !== void 0) value += `; fetchpriority=${hint.fetchPriority}`;
-	return value;
-}
-/**
-* Collect all Link header strings for a matched route's segment chain.
-*
-* Walks the build manifest to emit hints for:
-* - CSS stylesheets (rel=preload; as=style)
-* - Font assets (rel=preload; as=font; crossorigin)
-* - JS modulepreload hints (rel=modulepreload) — unless skipJs is set
-*
-* Also emits global CSS from the `_global` manifest key. Route files
-* are server components that don't appear in the client bundle, so
-* per-route CSS keying doesn't work with the RSC plugin. The `_global`
-* key contains all CSS assets from the client build — fine for early
-* hints since they're just prefetch signals.
-*
-* Returns formatted Link header strings, deduplicated, root → leaf order.
-* Returns an empty array in dev mode (manifest is empty).
-*/
-function collectEarlyHintHeaders(segments, manifest, options) {
-	const result = [];
-	const seen = /* @__PURE__ */ new Set();
-	const add = (header) => {
-		if (!seen.has(header)) {
-			seen.add(header);
-			result.push(header);
-		}
-	};
-	for (const url of collectRouteCss(segments, manifest)) add(formatLinkHeader({
-		href: url,
-		rel: "preload",
-		as: "style"
-	}));
-	for (const url of manifest.css["_global"] ?? []) add(formatLinkHeader({
-		href: url,
-		rel: "preload",
-		as: "style"
-	}));
-	for (const font of collectRouteFonts(segments, manifest)) add(formatLinkHeader({
-		href: font.href,
-		rel: "preload",
-		as: "font",
-		crossOrigin: "anonymous"
-	}));
-	if (!options?.skipJs) for (const url of collectRouteModulepreloads(segments, manifest)) add(formatLinkHeader({
-		href: url,
-		rel: "modulepreload"
-	}));
-	return result;
-}
-//#endregion
-//#region src/server/early-hints-sender.ts
-/**
-* Per-request 103 Early Hints sender — ALS bridge for platform adapters.
-*
-* The pipeline collects Link headers for CSS, fonts, and JS chunks at
-* route-match time. On platforms that support it (Node.js v18.11+, Bun),
-* the adapter can send these as a 103 Early Hints interim response before
-* the final response is ready.
-*
-* This module provides an ALS-based bridge: the generated entry point
-* (e.g., the Nitro entry) wraps the handler with `runWithEarlyHintsSender`,
-* binding a per-request sender function. The pipeline calls
-* `sendEarlyHints103()` to fire the 103 if a sender is available.
-*
-* On platforms where 103 is handled at the CDN level (e.g., Cloudflare
-* converts Link headers into 103 automatically), no sender is installed
-* and `sendEarlyHints103()` is a no-op.
-*
-* Design doc: 02-rendering-pipeline.md §"Early Hints (103)"
-*/
-/**
-* Run a function with a per-request early hints sender installed.
-*
-* Called by generated entry points (e.g., Nitro node-server/bun) to
-* bind the platform's writeEarlyHints capability for the request duration.
-*/
-function runWithEarlyHintsSender(sender, fn) {
-	return earlyHintsSenderAls.run(sender, fn);
-}
-/**
-* Send collected Link headers as a 103 Early Hints response.
-*
-* No-op if no sender is installed for the current request (e.g., on
-* Cloudflare where the CDN handles 103 automatically, or in dev mode).
-*
-* Non-fatal: errors from the sender are caught and silently ignored.
-*/
-function sendEarlyHints103(links) {
-	if (!links.length) return;
-	const sender = earlyHintsSenderAls.getStore();
-	if (!sender) return;
-	try {
-		sender(links);
-	} catch {}
-}
-//#endregion
-//#region src/server/tree-builder.ts
-/**
-* Build the unified element tree from a matched segment chain.
-*
-* Construction is bottom-up:
-*   1. Start with the page component (leaf segment)
-*   2. Wrap in status-code error boundaries (fallback chain)
-*   3. Wrap in AccessGate (if segment has access.ts)
-*   4. Pass as children to the segment's layout
-*   5. Repeat up the segment chain to root
-*
-* Parallel slots are resolved at each layout level and composed as named props.
-*/
-async function buildElementTree(config) {
-	const { segments, params, searchParams, loadModule, createElement, errorBoundaryComponent } = config;
-	if (segments.length === 0) throw new Error("[timber] buildElementTree: empty segment chain");
-	const leaf = segments[segments.length - 1];
-	if (leaf.route && !leaf.page) return {
-		tree: null,
-		isApiRoute: true
-	};
-	const PageComponent = (leaf.page ? await loadModule(leaf.page) : null)?.default;
-	if (!PageComponent) throw new Error(`[timber] No page component found for route at ${leaf.urlPath}. Each route must have a page.tsx or route.ts.`);
-	let element = createElement(PageComponent, {
-		params,
-		searchParams
-	});
-	for (let i = segments.length - 1; i >= 0; i--) {
-		const segment = segments[i];
-		element = await wrapWithErrorBoundaries(segment, element, loadModule, createElement, errorBoundaryComponent);
-		if (segment.access) {
-			const accessFn = (await loadModule(segment.access)).default;
-			element = createElement("timber:access-gate", {
-				accessFn,
-				params,
-				searchParams,
-				segmentName: segment.segmentName,
-				children: element
-			});
-		}
-		if (segment.layout) {
-			const LayoutComponent = (await loadModule(segment.layout)).default;
-			if (LayoutComponent) {
-				const slotProps = {};
-				if (segment.slots.size > 0) for (const [slotName, slotNode] of segment.slots) slotProps[slotName] = await buildSlotElement(slotNode, params, searchParams, loadModule, createElement, errorBoundaryComponent);
-				element = createElement(LayoutComponent, {
-					...slotProps,
-					params,
-					searchParams,
-					children: element
-				});
-			}
-		}
-	}
-	return {
-		tree: element,
-		isApiRoute: false
-	};
-}
-/**
-* Build the element tree for a parallel slot.
-*
-* Slots have their own access.ts (SlotAccessGate) and error boundaries.
-* On access denial: denied.tsx → default.tsx → null (graceful degradation).
-*/
-async function buildSlotElement(slotNode, params, searchParams, loadModule, createElement, errorBoundaryComponent) {
-	const PageComponent = (slotNode.page ? await loadModule(slotNode.page) : null)?.default;
-	const DefaultComponent = (slotNode.default ? await loadModule(slotNode.default) : null)?.default;
-	if (!PageComponent) return DefaultComponent ? createElement(DefaultComponent, {
-		params,
-		searchParams
-	}) : null;
-	let element = createElement(PageComponent, {
-		params,
-		searchParams
-	});
-	element = await wrapWithErrorBoundaries(slotNode, element, loadModule, createElement, errorBoundaryComponent);
-	if (slotNode.access) {
-		const accessFn = (await loadModule(slotNode.access)).default;
-		const DeniedComponent = (slotNode.denied ? await loadModule(slotNode.denied) : null)?.default;
-		element = createElement("timber:slot-access-gate", {
-			accessFn,
-			params,
-			searchParams,
-			deniedFallback: DeniedComponent ? createElement(DeniedComponent, {
-				slot: slotNode.segmentName.replace(/^@/, ""),
-				dangerouslyPassData: void 0
-			}) : null,
-			defaultFallback: DefaultComponent ? createElement(DefaultComponent, {
-				params,
-				searchParams
-			}) : null,
-			children: element
-		});
-	}
-	return element;
-}
-/**
-* Wrap an element with error boundaries from a segment's status-code files.
-*
-* Wrapping order (innermost to outermost):
-*   1. Specific status files (503.tsx, 429.tsx, etc.)
-*   2. Category catch-alls (4xx.tsx, 5xx.tsx)
-*   3. error.tsx (general error boundary)
-*
-* This creates the fallback chain described in design/10-error-handling.md.
-*/
-async function wrapWithErrorBoundaries(segment, element, loadModule, createElement, errorBoundaryComponent) {
-	if (segment.statusFiles) {
-		for (const [key, file] of segment.statusFiles) if (key !== "4xx" && key !== "5xx") {
-			const status = parseInt(key, 10);
-			if (!isNaN(status)) {
-				const Component = (await loadModule(file)).default;
-				if (Component) element = createElement(errorBoundaryComponent, {
-					fallbackComponent: Component,
-					status,
-					children: element
-				});
-			}
-		}
-		for (const [key, file] of segment.statusFiles) if (key === "4xx" || key === "5xx") {
-			const Component = (await loadModule(file)).default;
-			if (Component) element = createElement(errorBoundaryComponent, {
-				fallbackComponent: Component,
-				status: key === "4xx" ? 400 : 500,
-				children: element
-			});
-		}
-	}
-	if (segment.error) {
-		const ErrorComponent = (await loadModule(segment.error)).default;
-		if (ErrorComponent) element = createElement(errorBoundaryComponent, {
-			fallbackComponent: ErrorComponent,
-			children: element
-		});
-	}
-	return element;
-}
-//#endregion
-//#region src/server/access-gate.tsx
-/**
-* AccessGate and SlotAccessGate — framework-injected async server components.
-*
-* AccessGate wraps each segment's layout in the element tree. It calls the
-* segment's access.ts before the layout renders. If access.ts calls deny()
-* or redirect(), the signal propagates as a render-phase throw — caught by
-* the flush controller to produce the correct HTTP status code.
-*
-* SlotAccessGate wraps parallel slot content. On denial, it renders the
-* graceful degradation chain: denied.tsx → default.tsx → null. Slot denial
-* does not affect the HTTP status code.
-*
-* See design/04-authorization.md and design/02-rendering-pipeline.md §"AccessGate"
-*/
-/**
-* Framework-injected access gate for segments.
-*
-* When a pre-computed `verdict` prop is provided (from the pre-render pass
-* in route-element-builder.ts), AccessGate replays it synchronously — no
-* async, no re-execution of access.ts, immune to Suspense timing. The OTEL
-* span was already emitted during the pre-render pass.
-*
-* When no verdict is provided (backward compat with tree-builder.ts),
-* AccessGate calls accessFn directly with OTEL instrumentation.
-*
-* access.ts is a pure gate — return values are discarded. The layout below
-* gets the same data by calling the same cached functions (React.cache dedup).
-*/
-function AccessGate(props) {
-	const { accessFn, params, searchParams, segmentName, verdict, children } = props;
-	if (verdict !== void 0) {
-		if (verdict === "pass") return children;
-		throw verdict;
-	}
-	return accessGateFallback(accessFn, params, searchParams, segmentName, children);
-}
-/**
-* Async fallback for AccessGate when no pre-computed verdict is available.
-* Calls accessFn with OTEL instrumentation.
-*/
-async function accessGateFallback(accessFn, params, searchParams, segmentName, children) {
-	await withSpan("timber.access", { "timber.segment": segmentName ?? "unknown" }, async () => {
-		try {
-			await accessFn({
-				params,
-				searchParams
-			});
-			await setSpanAttribute("timber.result", "pass");
-		} catch (error) {
-			if (error instanceof DenySignal) {
-				await setSpanAttribute("timber.result", "deny");
-				await setSpanAttribute("timber.deny_status", error.status);
-				if (error.sourceFile) await setSpanAttribute("timber.deny_file", error.sourceFile);
-			} else if (error instanceof RedirectSignal) await setSpanAttribute("timber.result", "redirect");
-			throw error;
-		}
-	});
-	return children;
-}
-/**
-* Framework-injected access gate for parallel slots.
-*
-* On denial, graceful degradation: denied.tsx → default.tsx → null.
-* The HTTP status code is unaffected — slot denial is a UI concern, not
-* a protocol concern. The parent layout and sibling slots still render.
-*
-* redirect() in slot access.ts is a dev-mode error — redirecting from a
-* slot doesn't make architectural sense.
-*/
-async function SlotAccessGate(props) {
-	const { accessFn, params, searchParams, deniedFallback, defaultFallback, children } = props;
-	try {
-		await accessFn({
-			params,
-			searchParams
-		});
-	} catch (error) {
-		if (error instanceof DenySignal) return deniedFallback ?? defaultFallback ?? null;
-		if (error instanceof RedirectSignal) {
-			if (isDebug()) console.error("[timber] redirect() is not allowed in slot access.ts. Slots use deny() for graceful degradation — denied.tsx → default.tsx → null. If you need to redirect, move the logic to the parent segment's access.ts.");
-			return deniedFallback ?? defaultFallback ?? null;
-		}
-		if (isDebug()) console.warn("[timber] Unhandled error in slot access.ts. Use deny() for access control, not unhandled throws.", error);
-		throw error;
-	}
-	return children;
-}
-//#endregion
-//#region src/server/status-code-resolver.ts
-/**
-* Maps legacy file convention names to their corresponding HTTP status codes.
-* Only used in the 4xx component fallback chain.
-*/
-var LEGACY_FILE_TO_STATUS = {
-	"not-found": 404,
-	"forbidden": 403,
-	"unauthorized": 401
-};
-/**
-* Resolve the status-code file to render for a given HTTP status code.
-*
-* Walks the segment chain from leaf to root following the fallback chain
-* defined in design/10-error-handling.md. Returns null if no file is found
-* (caller should render the framework default).
-*
-* @param status - The HTTP status code (4xx or 5xx).
-* @param segments - The matched segment chain from root (index 0) to leaf (last).
-* @param format - The response format family ('component' or 'json'). Defaults to 'component'.
-*/
-function resolveStatusFile(status, segments, format = "component") {
-	if (status >= 400 && status <= 499) return format === "json" ? resolve4xxJson(status, segments) : resolve4xx(status, segments);
-	if (status >= 500 && status <= 599) return format === "json" ? resolve5xxJson(status, segments) : resolve5xx(status, segments);
-	return null;
-}
-/**
-* 4xx component fallback chain (three separate passes):
-*   Pass 1 — status files (leaf → root): {status}.tsx → 4xx.tsx
-*   Pass 2 — legacy compat (leaf → root): not-found.tsx / forbidden.tsx / unauthorized.tsx
-*   Pass 3 — error.tsx (leaf → root)
-*/
-function resolve4xx(status, segments) {
-	const statusStr = String(status);
-	for (let i = segments.length - 1; i >= 0; i--) {
-		const segment = segments[i];
-		if (!segment.statusFiles) continue;
-		const exact = segment.statusFiles.get(statusStr);
-		if (exact) return {
-			file: exact,
-			status,
-			kind: "exact",
-			segmentIndex: i
-		};
-		const category = segment.statusFiles.get("4xx");
-		if (category) return {
-			file: category,
-			status,
-			kind: "category",
-			segmentIndex: i
-		};
-	}
-	for (let i = segments.length - 1; i >= 0; i--) {
-		const segment = segments[i];
-		if (!segment.legacyStatusFiles) continue;
-		for (const [name, legacyStatus] of Object.entries(LEGACY_FILE_TO_STATUS)) if (legacyStatus === status) {
-			const file = segment.legacyStatusFiles.get(name);
-			if (file) return {
-				file,
-				status,
-				kind: "legacy",
-				segmentIndex: i
-			};
-		}
-	}
-	for (let i = segments.length - 1; i >= 0; i--) if (segments[i].error) return {
-		file: segments[i].error,
-		status,
-		kind: "error",
-		segmentIndex: i
-	};
-	return null;
-}
-/**
-* 4xx JSON fallback chain (single pass):
-*   Pass 1 — json status files (leaf → root): {status}.json → 4xx.json
-*   No legacy compat, no error.tsx — JSON chain terminates at category catch-all.
-*/
-function resolve4xxJson(status, segments) {
-	const statusStr = String(status);
-	for (let i = segments.length - 1; i >= 0; i--) {
-		const segment = segments[i];
-		if (!segment.jsonStatusFiles) continue;
-		const exact = segment.jsonStatusFiles.get(statusStr);
-		if (exact) return {
-			file: exact,
-			status,
-			kind: "exact",
-			segmentIndex: i
-		};
-		const category = segment.jsonStatusFiles.get("4xx");
-		if (category) return {
-			file: category,
-			status,
-			kind: "category",
-			segmentIndex: i
-		};
-	}
-	return null;
-}
-/**
-* 5xx component fallback chain (single pass, per-segment):
-*   At each segment (leaf → root): {status}.tsx → 5xx.tsx → error.tsx
-*/
-function resolve5xx(status, segments) {
-	const statusStr = String(status);
-	for (let i = segments.length - 1; i >= 0; i--) {
-		const segment = segments[i];
-		if (segment.statusFiles) {
-			const exact = segment.statusFiles.get(statusStr);
-			if (exact) return {
-				file: exact,
-				status,
-				kind: "exact",
-				segmentIndex: i
-			};
-			const category = segment.statusFiles.get("5xx");
-			if (category) return {
-				file: category,
-				status,
-				kind: "category",
-				segmentIndex: i
-			};
-		}
-		if (segment.error) return {
-			file: segment.error,
-			status,
-			kind: "error",
-			segmentIndex: i
-		};
-	}
-	return null;
-}
-/**
-* 5xx JSON fallback chain (single pass):
-*   At each segment (leaf → root): {status}.json → 5xx.json
-*   No error.tsx equivalent — JSON chain terminates at category catch-all.
-*/
-function resolve5xxJson(status, segments) {
-	const statusStr = String(status);
-	for (let i = segments.length - 1; i >= 0; i--) {
-		const segment = segments[i];
-		if (!segment.jsonStatusFiles) continue;
-		const exact = segment.jsonStatusFiles.get(statusStr);
-		if (exact) return {
-			file: exact,
-			status,
-			kind: "exact",
-			segmentIndex: i
-		};
-		const category = segment.jsonStatusFiles.get("5xx");
-		if (category) return {
-			file: category,
-			status,
-			kind: "category",
-			segmentIndex: i
-		};
-	}
-	return null;
-}
-/**
-* Resolve the denial file for a parallel route slot.
-*
-* Slot denial is graceful degradation — no HTTP status on the wire.
-* Fallback chain: denied.tsx → default.tsx → null.
-*
-* @param slotNode - The segment node for the slot (segmentType === 'slot').
-*/
-function resolveSlotDenied(slotNode) {
-	const slotName = slotNode.segmentName.replace(/^@/, "");
-	if (slotNode.denied) return {
-		file: slotNode.denied,
-		slotName,
-		kind: "denied"
-	};
-	if (slotNode.default) return {
-		file: slotNode.default,
-		slotName,
-		kind: "default"
-	};
-	return null;
-}
-//#endregion
-//#region src/server/flush.ts
-/**
-* Flush controller for timber.js rendering.
-*
-* Holds the response until `onShellReady` fires, then commits the HTTP status
-* code and flushes the shell. Render-phase signals (deny, redirect, unhandled
-* throws) caught before flush produce correct HTTP status codes.
-*
-* See design/02-rendering-pipeline.md §"The Flush Point" and §"The Hold Window"
-*/
-/**
-* Execute a render and hold the response until the shell is ready.
-*
-* The flush controller:
-* 1. Calls the render function to start renderToReadableStream
-* 2. Waits for shellReady (onShellReady)
-* 3. If a render-phase signal was thrown (deny, redirect, error), produces
-*    the correct HTTP status code
-* 4. If the shell rendered successfully, commits the status and streams
-*
-* Render-phase signals caught before flush:
-* - `DenySignal` → HTTP 4xx with appropriate status code
-* - `RedirectSignal` → HTTP 3xx with Location header
-* - `RenderError` → HTTP status from error (default 500)
-* - Unhandled error → HTTP 500
-*
-* @param renderFn - Function that starts the React render.
-* @param options - Flush configuration.
-* @returns The committed HTTP Response.
-*/
-async function flushResponse(renderFn, options = {}) {
-	const { responseHeaders = new Headers(), defaultStatus = 200 } = options;
-	let renderResult;
-	try {
-		renderResult = await renderFn();
-	} catch (error) {
-		return handleSignal(error, responseHeaders);
-	}
-	try {
-		await renderResult.shellReady;
-	} catch (error) {
-		return handleSignal(error, responseHeaders);
-	}
-	responseHeaders.set("Content-Type", "text/html; charset=utf-8");
-	return {
-		response: new Response(renderResult.stream, {
-			status: defaultStatus,
-			headers: responseHeaders
-		}),
-		status: defaultStatus,
-		isRedirect: false,
-		isDenial: false
-	};
-}
-/**
-* Handle a render-phase signal and produce the correct HTTP response.
-*/
-function handleSignal(error, responseHeaders) {
-	if (error instanceof RedirectSignal) {
-		responseHeaders.set("Location", error.location);
-		return {
-			response: new Response(null, {
-				status: error.status,
-				headers: responseHeaders
-			}),
-			status: error.status,
-			isRedirect: true,
-			isDenial: false
-		};
-	}
-	if (error instanceof DenySignal) return {
-		response: new Response(null, {
-			status: error.status,
-			headers: responseHeaders
-		}),
-		status: error.status,
-		isRedirect: false,
-		isDenial: true
-	};
-	if (error instanceof RenderError) return {
-		response: new Response(null, {
-			status: error.status,
-			headers: responseHeaders
-		}),
-		status: error.status,
-		isRedirect: false,
-		isDenial: false
-	};
-	console.error("[timber] Unhandled render-phase error:", error);
-	return {
-		response: new Response(null, {
-			status: 500,
-			headers: responseHeaders
-		}),
-		status: 500,
-		isRedirect: false,
-		isDenial: false
-	};
-}
-//#endregion
-//#region src/server/csrf.ts
-/** HTTP methods that are considered safe (no mutation). */
-var SAFE_METHODS = new Set([
-	"GET",
-	"HEAD",
-	"OPTIONS"
-]);
-/**
-* Validate the Origin header against the request's Host.
-*
-* For mutation methods (POST, PUT, PATCH, DELETE):
-* - If `csrf: false`, skip validation.
-* - If `allowedOrigins` is set, Origin must match one exactly (no wildcards).
-* - Otherwise, Origin's host must match the request's Host header.
-*
-* Safe methods (GET, HEAD, OPTIONS) always pass.
-*/
-function validateCsrf(req, config) {
-	if (SAFE_METHODS.has(req.method)) return { ok: true };
-	if (config.csrf === false) return { ok: true };
-	const origin = req.headers.get("Origin");
-	if (!origin) return {
-		ok: false,
-		status: 403
-	};
-	if (config.allowedOrigins) return config.allowedOrigins.includes(origin) ? { ok: true } : {
-		ok: false,
-		status: 403
-	};
-	const host = req.headers.get("Host");
-	if (!host) return {
-		ok: false,
-		status: 403
-	};
-	let originHost;
-	try {
-		originHost = new URL(origin).host;
-	} catch {
-		return {
-			ok: false,
-			status: 403
-		};
-	}
-	return originHost === host ? { ok: true } : {
-		ok: false,
-		status: 403
-	};
-}
-//#endregion
-//#region src/server/body-limits.ts
-var KB = 1024;
-var MB = 1024 * KB;
-var GB = 1024 * MB;
-var DEFAULT_LIMITS = {
-	actionBodySize: 1 * MB,
-	uploadBodySize: 10 * MB,
-	maxFields: 100
-};
-var SIZE_PATTERN = /^(\d+(?:\.\d+)?)\s*(kb|mb|gb)?$/i;
-/** Parse a human-readable size string ("1mb", "512kb", "1024") into bytes. */
-function parseBodySize(size) {
-	const match = SIZE_PATTERN.exec(size.trim());
-	if (!match) throw new Error(`Invalid body size format: "${size}". Expected format like "1mb", "512kb", or "1024".`);
-	const value = Number.parseFloat(match[1]);
-	const unit = (match[2] ?? "").toLowerCase();
-	switch (unit) {
-		case "kb": return Math.floor(value * KB);
-		case "mb": return Math.floor(value * MB);
-		case "gb": return Math.floor(value * GB);
-		case "": return Math.floor(value);
-		default: throw new Error(`Unknown size unit: "${unit}"`);
-	}
-}
-/** Check whether a request body exceeds the configured size limit (stateless, no ALS). */
-function enforceBodyLimits(req, kind, config) {
-	const contentLength = req.headers.get("Content-Length");
-	if (!contentLength) return {
-		ok: false,
-		status: 411
-	};
-	const bodySize = Number.parseInt(contentLength, 10);
-	if (Number.isNaN(bodySize)) return {
-		ok: false,
-		status: 411
-	};
-	return bodySize <= resolveLimit(kind, config) ? { ok: true } : {
-		ok: false,
-		status: 413
-	};
-}
-/**
-* Resolve the byte limit for a given body kind, using config overrides or defaults.
-*/
-function resolveLimit(kind, config) {
-	const userLimits = config.limits;
-	if (kind === "action") return userLimits?.actionBodySize ? parseBodySize(userLimits.actionBodySize) : DEFAULT_LIMITS.actionBodySize;
-	return userLimits?.uploadBodySize ? parseBodySize(userLimits.uploadBodySize) : DEFAULT_LIMITS.uploadBodySize;
-}
-//#endregion
-//#region src/server/metadata-social.ts
-/**
-* Render Open Graph metadata into head element descriptors.
-*
-* Handles og:title, og:description, og:image (with dimensions/alt),
-* og:video, og:audio, og:article:author, and other OG properties.
-*/
-function renderOpenGraph(og, elements) {
-	const simpleProps = [
-		["og:title", og.title],
-		["og:description", og.description],
-		["og:url", og.url],
-		["og:site_name", og.siteName],
-		["og:locale", og.locale],
-		["og:type", og.type],
-		["og:article:published_time", og.publishedTime],
-		["og:article:modified_time", og.modifiedTime]
-	];
-	for (const [property, content] of simpleProps) if (content) elements.push({
-		tag: "meta",
-		attrs: {
-			property,
-			content
-		}
-	});
-	if (og.images) if (typeof og.images === "string") elements.push({
-		tag: "meta",
-		attrs: {
-			property: "og:image",
-			content: og.images
-		}
-	});
-	else {
-		const imgList = Array.isArray(og.images) ? og.images : [og.images];
-		for (const img of imgList) {
-			elements.push({
-				tag: "meta",
-				attrs: {
-					property: "og:image",
-					content: img.url
-				}
-			});
-			if (img.width) elements.push({
-				tag: "meta",
-				attrs: {
-					property: "og:image:width",
-					content: String(img.width)
-				}
-			});
-			if (img.height) elements.push({
-				tag: "meta",
-				attrs: {
-					property: "og:image:height",
-					content: String(img.height)
-				}
-			});
-			if (img.alt) elements.push({
-				tag: "meta",
-				attrs: {
-					property: "og:image:alt",
-					content: img.alt
-				}
-			});
-		}
-	}
-	if (og.videos) for (const video of og.videos) elements.push({
-		tag: "meta",
-		attrs: {
-			property: "og:video",
-			content: video.url
-		}
-	});
-	if (og.audio) for (const audio of og.audio) elements.push({
-		tag: "meta",
-		attrs: {
-			property: "og:audio",
-			content: audio.url
-		}
-	});
-	if (og.authors) for (const author of og.authors) elements.push({
-		tag: "meta",
-		attrs: {
-			property: "og:article:author",
-			content: author
-		}
-	});
-}
-/**
-* Render Twitter Card metadata into head element descriptors.
-*
-* Handles twitter:card, twitter:site, twitter:title, twitter:image,
-* twitter:player, and twitter:app (per-platform name/id/url).
-*/
-function renderTwitter(tw, elements) {
-	const simpleProps = [
-		["twitter:card", tw.card],
-		["twitter:site", tw.site],
-		["twitter:site:id", tw.siteId],
-		["twitter:title", tw.title],
-		["twitter:description", tw.description],
-		["twitter:creator", tw.creator],
-		["twitter:creator:id", tw.creatorId]
-	];
-	for (const [name, content] of simpleProps) if (content) elements.push({
-		tag: "meta",
-		attrs: {
-			name,
-			content
-		}
-	});
-	if (tw.images) if (typeof tw.images === "string") elements.push({
-		tag: "meta",
-		attrs: {
-			name: "twitter:image",
-			content: tw.images
-		}
-	});
-	else {
-		const imgList = Array.isArray(tw.images) ? tw.images : [tw.images];
-		for (const img of imgList) {
-			const url = typeof img === "string" ? img : img.url;
-			elements.push({
-				tag: "meta",
-				attrs: {
-					name: "twitter:image",
-					content: url
-				}
-			});
-		}
-	}
-	if (tw.players) for (const player of tw.players) {
-		elements.push({
-			tag: "meta",
-			attrs: {
-				name: "twitter:player",
-				content: player.playerUrl
-			}
-		});
-		if (player.width) elements.push({
-			tag: "meta",
-			attrs: {
-				name: "twitter:player:width",
-				content: String(player.width)
-			}
-		});
-		if (player.height) elements.push({
-			tag: "meta",
-			attrs: {
-				name: "twitter:player:height",
-				content: String(player.height)
-			}
-		});
-		if (player.streamUrl) elements.push({
-			tag: "meta",
-			attrs: {
-				name: "twitter:player:stream",
-				content: player.streamUrl
-			}
-		});
-	}
-	if (tw.app) {
-		const platforms = [
-			["iPhone", "iphone"],
-			["iPad", "ipad"],
-			["googlePlay", "googleplay"]
-		];
-		if (tw.app.name) {
-			for (const [key, tag] of platforms) if (tw.app.id?.[key]) elements.push({
-				tag: "meta",
-				attrs: {
-					name: `twitter:app:name:${tag}`,
-					content: tw.app.name
-				}
-			});
-		}
-		for (const [key, tag] of platforms) {
-			const id = tw.app.id?.[key];
-			if (id) elements.push({
-				tag: "meta",
-				attrs: {
-					name: `twitter:app:id:${tag}`,
-					content: id
-				}
-			});
-		}
-		for (const [key, tag] of platforms) {
-			const url = tw.app.url?.[key];
-			if (url) elements.push({
-				tag: "meta",
-				attrs: {
-					name: `twitter:app:url:${tag}`,
-					content: url
-				}
-			});
-		}
-	}
-}
-//#endregion
-//#region src/server/metadata-platform.ts
-/**
-* Render icon link elements (favicon, shortcut, apple-touch-icon, custom).
-*/
-function renderIcons(icons, elements) {
-	if (icons.icon) {
-		if (typeof icons.icon === "string") elements.push({
-			tag: "link",
-			attrs: {
-				rel: "icon",
-				href: icons.icon
-			}
-		});
-		else if (Array.isArray(icons.icon)) for (const icon of icons.icon) {
-			const attrs = {
-				rel: "icon",
-				href: icon.url
-			};
-			if (icon.sizes) attrs.sizes = icon.sizes;
-			if (icon.type) attrs.type = icon.type;
-			elements.push({
-				tag: "link",
-				attrs
-			});
-		}
-	}
-	if (icons.shortcut) {
-		const urls = Array.isArray(icons.shortcut) ? icons.shortcut : [icons.shortcut];
-		for (const url of urls) elements.push({
-			tag: "link",
-			attrs: {
-				rel: "shortcut icon",
-				href: url
-			}
-		});
-	}
-	if (icons.apple) {
-		if (typeof icons.apple === "string") elements.push({
-			tag: "link",
-			attrs: {
-				rel: "apple-touch-icon",
-				href: icons.apple
-			}
-		});
-		else if (Array.isArray(icons.apple)) for (const icon of icons.apple) {
-			const attrs = {
-				rel: "apple-touch-icon",
-				href: icon.url
-			};
-			if (icon.sizes) attrs.sizes = icon.sizes;
-			elements.push({
-				tag: "link",
-				attrs
-			});
-		}
-	}
-	if (icons.other) for (const icon of icons.other) {
-		const attrs = {
-			rel: icon.rel,
-			href: icon.url
-		};
-		if (icon.sizes) attrs.sizes = icon.sizes;
-		if (icon.type) attrs.type = icon.type;
-		elements.push({
-			tag: "link",
-			attrs
-		});
-	}
-}
-/**
-* Render alternate link elements (canonical, hreflang, media, types).
-*/
-function renderAlternates(alternates, elements) {
-	if (alternates.canonical) elements.push({
-		tag: "link",
-		attrs: {
-			rel: "canonical",
-			href: alternates.canonical
-		}
-	});
-	if (alternates.languages) for (const [lang, href] of Object.entries(alternates.languages)) elements.push({
-		tag: "link",
-		attrs: {
-			rel: "alternate",
-			hreflang: lang,
-			href
-		}
-	});
-	if (alternates.media) for (const [media, href] of Object.entries(alternates.media)) elements.push({
-		tag: "link",
-		attrs: {
-			rel: "alternate",
-			media,
-			href
-		}
-	});
-	if (alternates.types) for (const [type, href] of Object.entries(alternates.types)) elements.push({
-		tag: "link",
-		attrs: {
-			rel: "alternate",
-			type,
-			href
-		}
-	});
-}
-/**
-* Render site verification meta tags (Google, Yahoo, Yandex, custom).
-*/
-function renderVerification(verification, elements) {
-	const verificationProps = [
-		["google-site-verification", verification.google],
-		["y_key", verification.yahoo],
-		["yandex-verification", verification.yandex]
-	];
-	for (const [name, content] of verificationProps) if (content) elements.push({
-		tag: "meta",
-		attrs: {
-			name,
-			content
-		}
-	});
-	if (verification.other) for (const [name, value] of Object.entries(verification.other)) {
-		const content = Array.isArray(value) ? value.join(", ") : value;
-		elements.push({
-			tag: "meta",
-			attrs: {
-				name,
-				content
-			}
-		});
-	}
-}
-/**
-* Render Apple Web App meta tags and startup image links.
-*/
-function renderAppleWebApp(appleWebApp, elements) {
-	if (appleWebApp.capable) elements.push({
-		tag: "meta",
-		attrs: {
-			name: "apple-mobile-web-app-capable",
-			content: "yes"
-		}
-	});
-	if (appleWebApp.title) elements.push({
-		tag: "meta",
-		attrs: {
-			name: "apple-mobile-web-app-title",
-			content: appleWebApp.title
-		}
-	});
-	if (appleWebApp.statusBarStyle) elements.push({
-		tag: "meta",
-		attrs: {
-			name: "apple-mobile-web-app-status-bar-style",
-			content: appleWebApp.statusBarStyle
-		}
-	});
-	if (appleWebApp.startupImage) {
-		const images = Array.isArray(appleWebApp.startupImage) ? appleWebApp.startupImage : [{ url: appleWebApp.startupImage }];
-		for (const img of images) {
-			const attrs = {
-				rel: "apple-touch-startup-image",
-				href: typeof img === "string" ? img : img.url
-			};
-			if (typeof img === "object" && img.media) attrs.media = img.media;
-			elements.push({
-				tag: "link",
-				attrs
-			});
-		}
-	}
-}
-/**
-* Render App Links (al:*) meta tags for deep linking across platforms.
-*/
-function renderAppLinks(appLinks, elements) {
-	const platformEntries = [
-		["ios", appLinks.ios],
-		["android", appLinks.android],
-		["windows", appLinks.windows],
-		["windows_phone", appLinks.windowsPhone],
-		["windows_universal", appLinks.windowsUniversal]
-	];
-	for (const [platform, entries] of platformEntries) {
-		if (!entries) continue;
-		for (const entry of entries) for (const [key, value] of Object.entries(entry)) if (value !== void 0 && value !== null) elements.push({
-			tag: "meta",
-			attrs: {
-				property: `al:${platform}:${key}`,
-				content: String(value)
-			}
-		});
-	}
-	if (appLinks.web) {
-		if (appLinks.web.url) elements.push({
-			tag: "meta",
-			attrs: {
-				property: "al:web:url",
-				content: appLinks.web.url
-			}
-		});
-		if (appLinks.web.shouldFallback !== void 0) elements.push({
-			tag: "meta",
-			attrs: {
-				property: "al:web:should_fallback",
-				content: appLinks.web.shouldFallback ? "true" : "false"
-			}
-		});
-	}
-}
-/**
-* Render Apple iTunes smart banner meta tag.
-*/
-function renderItunes(itunes, elements) {
-	const parts = [`app-id=${itunes.appId}`];
-	if (itunes.affiliateData) parts.push(`affiliate-data=${itunes.affiliateData}`);
-	if (itunes.appArgument) parts.push(`app-argument=${itunes.appArgument}`);
-	elements.push({
-		tag: "meta",
-		attrs: {
-			name: "apple-itunes-app",
-			content: parts.join(", ")
-		}
-	});
-}
-//#endregion
-//#region src/server/metadata-render.ts
-/**
-* Convert resolved metadata into an array of head element descriptors.
-*
-* Each descriptor has a `tag` ('title', 'meta', 'link') and either
-* `content` (for <title>) or `attrs` (for <meta>/<link>).
-*
-* The framework's MetadataResolver component consumes these descriptors
-* and renders them into the <head>.
-*/
-function renderMetadataToElements(metadata) {
-	const elements = [];
-	if (typeof metadata.title === "string") elements.push({
-		tag: "title",
-		content: metadata.title
-	});
-	const simpleMetaProps = [
-		["description", metadata.description],
-		["generator", metadata.generator],
-		["application-name", metadata.applicationName],
-		["referrer", metadata.referrer],
-		["category", metadata.category],
-		["creator", metadata.creator],
-		["publisher", metadata.publisher]
-	];
-	for (const [name, content] of simpleMetaProps) if (content) elements.push({
-		tag: "meta",
-		attrs: {
-			name,
-			content
-		}
-	});
-	if (metadata.keywords) {
-		const content = Array.isArray(metadata.keywords) ? metadata.keywords.join(", ") : metadata.keywords;
-		elements.push({
-			tag: "meta",
-			attrs: {
-				name: "keywords",
-				content
-			}
-		});
-	}
-	if (metadata.robots) {
-		const content = typeof metadata.robots === "string" ? metadata.robots : renderRobotsObject(metadata.robots);
-		elements.push({
-			tag: "meta",
-			attrs: {
-				name: "robots",
-				content
-			}
-		});
-		if (typeof metadata.robots === "object" && metadata.robots.googleBot) {
-			const gbContent = typeof metadata.robots.googleBot === "string" ? metadata.robots.googleBot : renderRobotsObject(metadata.robots.googleBot);
-			elements.push({
-				tag: "meta",
-				attrs: {
-					name: "googlebot",
-					content: gbContent
-				}
-			});
-		}
-	}
-	if (metadata.openGraph) renderOpenGraph(metadata.openGraph, elements);
-	if (metadata.twitter) renderTwitter(metadata.twitter, elements);
-	if (metadata.icons) renderIcons(metadata.icons, elements);
-	if (metadata.manifest) elements.push({
-		tag: "link",
-		attrs: {
-			rel: "manifest",
-			href: metadata.manifest
-		}
-	});
-	if (metadata.alternates) renderAlternates(metadata.alternates, elements);
-	if (metadata.verification) renderVerification(metadata.verification, elements);
-	if (metadata.formatDetection) {
-		const parts = [];
-		if (metadata.formatDetection.telephone === false) parts.push("telephone=no");
-		if (metadata.formatDetection.email === false) parts.push("email=no");
-		if (metadata.formatDetection.address === false) parts.push("address=no");
-		if (parts.length > 0) elements.push({
-			tag: "meta",
-			attrs: {
-				name: "format-detection",
-				content: parts.join(", ")
-			}
-		});
-	}
-	if (metadata.authors) {
-		const authorList = Array.isArray(metadata.authors) ? metadata.authors : [metadata.authors];
-		for (const author of authorList) {
-			if (author.name) elements.push({
-				tag: "meta",
-				attrs: {
-					name: "author",
-					content: author.name
-				}
-			});
-			if (author.url) elements.push({
-				tag: "link",
-				attrs: {
-					rel: "author",
-					href: author.url
-				}
-			});
-		}
-	}
-	if (metadata.appleWebApp) renderAppleWebApp(metadata.appleWebApp, elements);
-	if (metadata.appLinks) renderAppLinks(metadata.appLinks, elements);
-	if (metadata.itunes) renderItunes(metadata.itunes, elements);
-	if (metadata.other) for (const [name, value] of Object.entries(metadata.other)) {
-		const content = Array.isArray(value) ? value.join(", ") : value;
-		elements.push({
-			tag: "meta",
-			attrs: {
-				name,
-				content
-			}
-		});
-	}
-	return elements;
-}
-function renderRobotsObject(robots) {
-	const parts = [];
-	if (robots.index === true) parts.push("index");
-	if (robots.index === false) parts.push("noindex");
-	if (robots.follow === true) parts.push("follow");
-	if (robots.follow === false) parts.push("nofollow");
-	return parts.join(", ");
-}
-//#endregion
-//#region src/server/metadata.ts
-/**
-* Resolve a title value with an optional template.
-*
-* - string → apply template if present
-* - { absolute: '...' } → use as-is, skip template
-* - { default: '...' } → use as fallback (no template applied)
-* - undefined → undefined
-*/
-function resolveTitle(title, template) {
-	if (title === void 0 || title === null) return;
-	if (typeof title === "string") return template ? template.replace("%s", title) : title;
-	if (title.absolute !== void 0) return title.absolute;
-	if (title.default !== void 0) return title.default;
-}
-/**
-* Resolve metadata from a segment chain.
-*
-* Processes entries from root layout to page (in segment order).
-* The merge algorithm:
-*   1. Shallow-merge all keys except title (later wins)
-*   2. Track the most recent title template
-*   3. Resolve the final title using the template
-*
-* In error state, the page entry is dropped and noindex is injected.
-*
-* See design/16-metadata.md §"Merge Algorithm"
-*/
-function resolveMetadata(entries, options = {}) {
-	const { errorState = false } = options;
-	const merged = {};
-	let titleTemplate;
-	let lastDefault;
-	let rawTitle;
-	for (const { metadata, isPage } of entries) {
-		if (errorState && isPage) continue;
-		if (metadata.title !== void 0 && typeof metadata.title === "object") {
-			if (metadata.title.template !== void 0) titleTemplate = metadata.title.template;
-			if (metadata.title.default !== void 0) lastDefault = metadata.title.default;
-		}
-		for (const key of Object.keys(metadata)) {
-			if (key === "title") continue;
-			merged[key] = metadata[key];
-		}
-		if (metadata.title !== void 0) rawTitle = metadata.title;
-	}
-	if (errorState) {
-		rawTitle = lastDefault !== void 0 ? { default: lastDefault } : rawTitle;
-		titleTemplate = void 0;
-	}
-	const resolvedTitle = resolveTitle(rawTitle, titleTemplate);
-	if (resolvedTitle !== void 0) merged.title = resolvedTitle;
-	if (errorState) merged.robots = "noindex";
-	return merged;
-}
-/**
-* Check if a string is an absolute URL.
-*/
-function isAbsoluteUrl(url) {
-	return url.startsWith("http://") || url.startsWith("https://") || url.startsWith("//");
-}
-/**
-* Resolve a relative URL against a base URL.
-*/
-function resolveUrl(url, base) {
-	if (isAbsoluteUrl(url)) return url;
-	return new URL(url, base).toString();
-}
-/**
-* Resolve relative URLs in metadata fields against metadataBase.
-*
-* Returns a new metadata object with URLs resolved. Absolute URLs are not modified.
-* If metadataBase is not set, returns the metadata unchanged.
-*/
-function resolveMetadataUrls(metadata) {
-	const base = metadata.metadataBase;
-	if (!base) return metadata;
-	const result = { ...metadata };
-	if (result.openGraph) {
-		result.openGraph = { ...result.openGraph };
-		if (typeof result.openGraph.images === "string") result.openGraph.images = resolveUrl(result.openGraph.images, base);
-		else if (Array.isArray(result.openGraph.images)) result.openGraph.images = result.openGraph.images.map((img) => ({
-			...img,
-			url: resolveUrl(img.url, base)
-		}));
-		else if (result.openGraph.images) result.openGraph.images = {
-			...result.openGraph.images,
-			url: resolveUrl(result.openGraph.images.url, base)
-		};
-		if (result.openGraph.url && !isAbsoluteUrl(result.openGraph.url)) result.openGraph.url = resolveUrl(result.openGraph.url, base);
-	}
-	if (result.twitter) {
-		result.twitter = { ...result.twitter };
-		if (typeof result.twitter.images === "string") result.twitter.images = resolveUrl(result.twitter.images, base);
-		else if (Array.isArray(result.twitter.images)) {
-			const resolved = result.twitter.images.map((img) => typeof img === "string" ? resolveUrl(img, base) : {
-				...img,
-				url: resolveUrl(img.url, base)
-			});
-			const allStrings = resolved.every((r) => typeof r === "string");
-			result.twitter.images = allStrings ? resolved : resolved;
-		} else if (result.twitter.images) result.twitter.images = {
-			...result.twitter.images,
-			url: resolveUrl(result.twitter.images.url, base)
-		};
-	}
-	if (result.alternates) {
-		result.alternates = { ...result.alternates };
-		if (result.alternates.canonical && !isAbsoluteUrl(result.alternates.canonical)) result.alternates.canonical = resolveUrl(result.alternates.canonical, base);
-		if (result.alternates.languages) {
-			const langs = {};
-			for (const [lang, url] of Object.entries(result.alternates.languages)) langs[lang] = isAbsoluteUrl(url) ? url : resolveUrl(url, base);
-			result.alternates.languages = langs;
-		}
-	}
-	if (result.icons) {
-		result.icons = { ...result.icons };
-		if (typeof result.icons.icon === "string") result.icons.icon = resolveUrl(result.icons.icon, base);
-		else if (Array.isArray(result.icons.icon)) result.icons.icon = result.icons.icon.map((i) => ({
-			...i,
-			url: resolveUrl(i.url, base)
-		}));
-		if (typeof result.icons.apple === "string") result.icons.apple = resolveUrl(result.icons.apple, base);
-		else if (Array.isArray(result.icons.apple)) result.icons.apple = result.icons.apple.map((i) => ({
-			...i,
-			url: resolveUrl(i.url, base)
-		}));
-	}
-	return result;
-}
-//#endregion
+import { n as isDevMode, t as isDebug } from "../_chunks/debug-ECi_61pb.js";
+import { t as formatSize } from "../_chunks/format-CYBGxKtc.js";
+import { n as formFlashAls } from "../_chunks/als-registry-HS0LGUl2.js";
+import { n as defineSegmentParams } from "../_chunks/define-C77ScO0m.js";
+import { a as getHeaders, c as getSegmentParams, i as getHeader, n as getCookie, r as getCookies, s as getSearchParams } from "../_chunks/request-context-qMsWgy9C.js";
+import { a as revalidateTag, c as RedirectType, d as redirect, f as redirectExternal, i as revalidatePath, o as DenySignal, p as waitUntil, s as RedirectSignal, u as deny } from "../_chunks/actions-Dg-ANYHb.js";
+import { a as getSpanId, d as withSpan, o as getTraceId, t as addSpanEvent } from "../_chunks/tracing-CCYbKn5n.js";
 //#region src/server/form-data.ts
 /**
 * FormData preprocessing — schema-agnostic conversion of FormData to typed objects.
@@ -2697,6 +115,35 @@ var coerce = {
 		} catch {
 			return;
 		}
+	},
+	date(value) {
+		if (value === void 0 || value === null || value === "") return void 0;
+		if (value instanceof Date) return value;
+		if (typeof value !== "string") return void 0;
+		const date = new Date(value);
+		if (Number.isNaN(date.getTime())) return void 0;
+		const ymdMatch = value.match(/^(\d{4})-(\d{2})-(\d{2})/);
+		if (ymdMatch) {
+			const inputYear = Number(ymdMatch[1]);
+			const inputMonth = Number(ymdMatch[2]);
+			const inputDay = Number(ymdMatch[3]);
+			const isUTC = value.length === 10 || value.endsWith("Z");
+			const parsedYear = isUTC ? date.getUTCFullYear() : date.getFullYear();
+			const parsedMonth = isUTC ? date.getUTCMonth() + 1 : date.getMonth() + 1;
+			const parsedDay = isUTC ? date.getUTCDate() : date.getDate();
+			if (inputYear !== parsedYear || inputMonth !== parsedMonth || inputDay !== parsedDay) return;
+		}
+		return date;
+	},
+	file(options) {
+		return (value) => {
+			if (value === void 0 || value === null || value === "") return void 0;
+			if (!(value instanceof File)) return void 0;
+			if (value.size === 0 && value.name === "") return void 0;
+			if (options?.maxSize !== void 0 && value.size > options.maxSize) return;
+			if (options?.accept !== void 0 && !options.accept.includes(value.type)) return;
+			return value;
+		};
 	}
 };
 //#endregion
@@ -2879,6 +326,7 @@ function createActionClient(config = {}) {
 					input
 				}) };
 			} catch (error) {
+				if (error instanceof RedirectSignal || error instanceof DenySignal) throw error;
 				return handleActionError(error);
 			}
 		}
@@ -2987,214 +435,6 @@ function getFormFlash() {
 	return formFlashAls.getStore() ?? null;
 }
 //#endregion
-//#region src/server/actions.ts
-/**
-* Get the current revalidation state. Throws if called outside an action context.
-* @internal
-*/
-function getRevalidationState() {
-	const state = revalidationAls.getStore();
-	if (!state) throw new Error("revalidatePath/revalidateTag called outside of a server action context. These functions can only be called during action execution.");
-	return state;
-}
-/**
-* Re-render the route at `path` and include the RSC flight payload in the
-* action response. The client reconciles inline — no separate fetch needed.
-*
-* Can be called from server actions, API routes, or any server-side context.
-*
-* @param path - The path to re-render (e.g. '/dashboard', '/todos').
-*/
-function revalidatePath(path) {
-	const state = getRevalidationState();
-	if (!state.paths.includes(path)) state.paths.push(path);
-}
-/**
-* Invalidate all pre-rendered shells and 'use cache' entries tagged with `tag`.
-* Does not return a payload — the next request for an invalidated route re-renders fresh.
-*
-* @param tag - The cache tag to invalidate (e.g. 'products', 'user:123').
-*/
-function revalidateTag(tag) {
-	const state = getRevalidationState();
-	if (!state.tags.includes(tag)) state.tags.push(tag);
-}
-/**
-* Execute a server action and process revalidation.
-*
-* 1. Sets up revalidation state
-* 2. Calls the action function
-* 3. Processes revalidateTag calls (invalidates cache entries)
-* 4. Processes revalidatePath calls (re-renders and captures RSC payload)
-* 5. Returns the action result + optional RSC payload
-*
-* @param actionFn - The server action function to execute.
-* @param args - Arguments to pass to the action.
-* @param config - Handler configuration (cache handler, renderer).
-*/
-async function executeAction(actionFn, args, config = {}, spanMeta) {
-	const state = {
-		paths: [],
-		tags: []
-	};
-	let actionResult;
-	let redirectTo;
-	let redirectStatus;
-	await revalidationAls.run(state, async () => {
-		try {
-			actionResult = await withSpan("timber.action", {
-				...spanMeta?.actionFile ? { "timber.action_file": spanMeta.actionFile } : {},
-				...spanMeta?.actionName ? { "timber.action_name": spanMeta.actionName } : {}
-			}, () => actionFn(...args));
-		} catch (error) {
-			if (error instanceof RedirectSignal) {
-				redirectTo = error.location;
-				redirectStatus = error.status;
-			} else throw error;
-		}
-	});
-	if (state.tags.length > 0 && config.cacheHandler) await Promise.all(state.tags.map((tag) => config.cacheHandler.invalidate({ tag })));
-	let revalidation;
-	if (state.paths.length > 0 && config.renderer) {
-		const path = state.paths[0];
-		try {
-			revalidation = await config.renderer(path);
-		} catch (renderError) {
-			if (renderError instanceof RedirectSignal) {
-				redirectTo = renderError.location;
-				redirectStatus = renderError.status;
-			} else console.error("[timber] revalidatePath render failed:", renderError);
-		}
-	}
-	return {
-		actionResult,
-		revalidation,
-		...redirectTo ? {
-			redirectTo,
-			redirectStatus
-		} : {}
-	};
-}
-/**
-* Build an HTTP Response for a no-JS form submission.
-* Standard POST → 302 redirect pattern.
-*
-* @param redirectPath - Where to redirect after the action executes.
-*/
-function buildNoJsResponse(redirectPath, status = 302) {
-	return new Response(null, {
-		status,
-		headers: { Location: redirectPath }
-	});
-}
-/**
-* Detect whether the incoming request is an RSC action request (with JS)
-* or a plain HTML form POST (no JS).
-*
-* RSC action requests use Accept: text/x-component or Content-Type: text/x-component.
-*/
-function isRscActionRequest(req) {
-	const accept = req.headers.get("Accept") ?? "";
-	const contentType = req.headers.get("Content-Type") ?? "";
-	return accept.includes("text/x-component") || contentType.includes("text/x-component");
-}
-//#endregion
-//#region src/server/route-handler.ts
-/** All recognized HTTP method export names. */
-var HTTP_METHODS = [
-	"GET",
-	"POST",
-	"PUT",
-	"PATCH",
-	"DELETE",
-	"HEAD",
-	"OPTIONS"
-];
-/**
-* Resolve the full list of allowed methods for a route module.
-*
-* Includes:
-* - All explicitly exported methods
-* - HEAD (implicit when GET is exported)
-* - OPTIONS (always implicit)
-*/
-function resolveAllowedMethods(mod) {
-	const methods = [];
-	for (const method of HTTP_METHODS) {
-		if (method === "HEAD" || method === "OPTIONS") continue;
-		if (mod[method]) methods.push(method);
-	}
-	if (mod.GET && !mod.HEAD) methods.push("HEAD");
-	else if (mod.HEAD) methods.push("HEAD");
-	if (!mod.OPTIONS) methods.push("OPTIONS");
-	else methods.push("OPTIONS");
-	return methods;
-}
-/**
-* Handle an incoming request against a route.ts module.
-*
-* Dispatches to the named method handler, auto-generates 405/OPTIONS,
-* and merges response headers from ctx.headers.
-*/
-async function handleRouteRequest(mod, ctx) {
-	const method = ctx.req.method.toUpperCase();
-	const allowHeader = resolveAllowedMethods(mod).join(", ");
-	if (method === "OPTIONS") {
-		if (mod.OPTIONS) return runHandler(mod.OPTIONS, ctx);
-		return new Response(null, {
-			status: 204,
-			headers: { Allow: allowHeader }
-		});
-	}
-	if (method === "HEAD") {
-		if (mod.HEAD) return runHandler(mod.HEAD, ctx);
-		if (mod.GET) {
-			const res = await runHandler(mod.GET, ctx);
-			return new Response(null, {
-				status: res.status,
-				headers: res.headers
-			});
-		}
-	}
-	const handler = mod[method];
-	if (!handler) return new Response(null, {
-		status: 405,
-		headers: { Allow: allowHeader }
-	});
-	return runHandler(handler, ctx);
-}
-/**
-* Run a handler, merge ctx.headers into the response, and catch errors.
-*/
-async function runHandler(handler, ctx) {
-	try {
-		return mergeResponseHeaders(await handler(ctx), ctx.headers);
-	} catch (error) {
-		console.error("[timber] Uncaught error in route.ts handler:", error);
-		return new Response(null, { status: 500 });
-	}
-}
-/**
-* Merge response headers from ctx.headers into the handler's response.
-* ctx.headers (set by middleware or the handler) are applied to the final response.
-* Handler-set headers take precedence over ctx.headers.
-*/
-function mergeResponseHeaders(res, ctxHeaders) {
-	let hasCtxHeaders = false;
-	ctxHeaders.forEach(() => {
-		hasCtxHeaders = true;
-	});
-	if (!hasCtxHeaders) return res;
-	const merged = new Headers();
-	ctxHeaders.forEach((value, key) => merged.set(key, value));
-	res.headers.forEach((value, key) => merged.set(key, value));
-	return new Response(res.body, {
-		status: res.status,
-		statusText: res.statusText,
-		headers: merged
-	});
-}
-//#endregion
-export { AccessGate, ActionError, DEFAULT_LIMITS, DenySignal, METADATA_ROUTE_CONVENTIONS, RedirectSignal, RedirectType, RenderError, SlotAccessGate, WarningId, addSpanEvent, buildElementTree, buildNoJsResponse, callOnRequestError, canonicalize, classifyMetadataRoute, coerce, collectEarlyHintHeaders, cookies, createActionClient, createPipeline, deny, enforceBodyLimits, executeAction, flushResponse, formatLinkHeader, generateTraceId, getFormFlash, getLogger, getMetadataRouteAutoLink, getMetadataRouteServePath, getSetCookieHeaders, handleRouteRequest, hasOnRequestError, headers, isRscActionRequest, loadInstrumentation, logCacheMiss, logMiddlewareError, logMiddlewareShortCircuit, logProxyError, logRenderError, logRequestCompleted, logRequestReceived, logSlowRequest, logSwrRefetchFailed, logWaitUntilRejected, logWaitUntilUnsupported, markResponseFlushed, notFound, parseBodySize, parseFormData, permanentRedirect, redirect, redirectExternal, renderMetadataToElements, replaceTraceId, resolveAllowedMethods, resolveMetadata, resolveMetadataUrls, resolveSlotDenied, resolveStatusFile, resolveTitle, revalidatePath, revalidateTag, runMiddleware, runProxy, runWithEarlyHintsSender, runWithRequestContext, runWithTraceId, searchParams, sendEarlyHints103, setCookieSecrets, setLogger, setMutableCookieContext, setParsedSearchParams, setViteServer, spanId, traceId, validateCsrf, validated, waitUntil, warnCacheRequestProps, warnDenyAfterFlush, warnDenyInSuspense, warnDynamicApiInStaticBuild, warnRedirectInAccess, warnRedirectInSlotAccess, warnRedirectInSuspense, warnSlowSlotWithoutSuspense, warnStaticRequestApi, warnSuspenseWrappingChildren, withSpan };
+export { ActionError, RedirectType, addSpanEvent, coerce, createActionClient, defineSegmentParams, deny, getCookie, getCookies, getFormFlash, getHeader, getHeaders, getSearchParams, getSegmentParams, getSpanId, getTraceId, parseFormData, redirect, redirectExternal, revalidatePath, revalidateTag, validated, waitUntil, withSpan };
 
 //# sourceMappingURL=index.js.map