npm - @timber-js/app - Versions diffs - 0.2.0-alpha.8 → 0.2.0-alpha.80 - Mend

@timber-js/app 0.2.0-alpha.8 → 0.2.0-alpha.80

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (573) hide show

package/LICENSE +8 -0
package/dist/_chunks/actions-Dg-ANYHb.js +421 -0
package/dist/_chunks/actions-Dg-ANYHb.js.map +1 -0
package/dist/_chunks/{als-registry-B7DbZ2hS.js → als-registry-HS0LGUl2.js} +1 -1
package/dist/_chunks/als-registry-HS0LGUl2.js.map +1 -0
package/dist/_chunks/chunk-DYhsFzuS.js +33 -0
package/dist/_chunks/{debug-gwlJkDuf.js → debug-ECi_61pb.js} +2 -2
package/dist/_chunks/debug-ECi_61pb.js.map +1 -0
package/dist/_chunks/define-C77ScO0m.js +106 -0
package/dist/_chunks/define-C77ScO0m.js.map +1 -0
package/dist/_chunks/define-CZqDwhSu.js +199 -0
package/dist/_chunks/define-CZqDwhSu.js.map +1 -0
package/dist/_chunks/define-cookie-C2IkoFGN.js +94 -0
package/dist/_chunks/define-cookie-C2IkoFGN.js.map +1 -0
package/dist/_chunks/{format-DviM89f0.js → dev-warnings-DpGRGoDi.js} +5 -44
package/dist/_chunks/dev-warnings-DpGRGoDi.js.map +1 -0
package/dist/_chunks/format-CYBGxKtc.js +14 -0
package/dist/_chunks/format-CYBGxKtc.js.map +1 -0
package/dist/_chunks/{interception-BOoWmLUA.js → interception-Dpn_UfAD.js} +171 -97
package/dist/_chunks/interception-Dpn_UfAD.js.map +1 -0
package/dist/_chunks/merge-search-params-Cm_KIWDX.js +41 -0
package/dist/_chunks/merge-search-params-Cm_KIWDX.js.map +1 -0
package/dist/_chunks/{metadata-routes-Cjmvi3rQ.js → metadata-routes-DS3eKNmf.js} +1 -1
package/dist/_chunks/{metadata-routes-Cjmvi3rQ.js.map → metadata-routes-DS3eKNmf.js.map} +1 -1
package/dist/_chunks/request-context-qMsWgy9C.js +478 -0
package/dist/_chunks/request-context-qMsWgy9C.js.map +1 -0
package/dist/_chunks/schema-bridge-C3xl_vfb.js +86 -0
package/dist/_chunks/schema-bridge-C3xl_vfb.js.map +1 -0
package/dist/_chunks/segment-classify-BDNn6EzD.js +65 -0
package/dist/_chunks/segment-classify-BDNn6EzD.js.map +1 -0
package/dist/_chunks/segment-context-fHFLF1PE.js +34 -0
package/dist/_chunks/segment-context-fHFLF1PE.js.map +1 -0
package/dist/_chunks/{ssr-data-MjmprTmO.js → ssr-data-DzuI0bIV.js} +1 -1
package/dist/_chunks/{ssr-data-MjmprTmO.js.map → ssr-data-DzuI0bIV.js.map} +1 -1
package/dist/_chunks/stale-reload-C2plcNtG.js +64 -0
package/dist/_chunks/stale-reload-C2plcNtG.js.map +1 -0
package/dist/_chunks/{tracing-CemImE6h.js → tracing-CCYbKn5n.js} +60 -9
package/dist/_chunks/tracing-CCYbKn5n.js.map +1 -0
package/dist/_chunks/use-params-Br9YSUFV.js +295 -0
package/dist/_chunks/use-params-Br9YSUFV.js.map +1 -0
package/dist/_chunks/{use-query-states-D5KaffOK.js → use-query-states-Lo_s_pw2.js} +4 -4
package/dist/_chunks/use-query-states-Lo_s_pw2.js.map +1 -0
package/dist/_chunks/wrappers-_DTmImGt.js +63 -0
package/dist/_chunks/wrappers-_DTmImGt.js.map +1 -0
package/dist/adapters/cloudflare-dev.d.ts +109 -0
package/dist/adapters/cloudflare-dev.d.ts.map +1 -0
package/dist/adapters/cloudflare-dev.js +73 -0
package/dist/adapters/cloudflare-dev.js.map +1 -0
package/dist/adapters/cloudflare-kv-cache.d.ts +64 -0
package/dist/adapters/cloudflare-kv-cache.d.ts.map +1 -0
package/dist/adapters/cloudflare-kv-cache.js +95 -0
package/dist/adapters/cloudflare-kv-cache.js.map +1 -0
package/dist/adapters/cloudflare.d.ts +148 -12
package/dist/adapters/cloudflare.d.ts.map +1 -1
package/dist/adapters/cloudflare.js +135 -11
package/dist/adapters/cloudflare.js.map +1 -1
package/dist/adapters/compress-module.d.ts.map +1 -1
package/dist/adapters/nitro.d.ts +17 -1
package/dist/adapters/nitro.d.ts.map +1 -1
package/dist/adapters/nitro.js +56 -13
package/dist/adapters/nitro.js.map +1 -1
package/dist/cache/cache-api.d.ts +24 -0
package/dist/cache/cache-api.d.ts.map +1 -0
package/dist/cache/handler-store.d.ts +31 -0
package/dist/cache/handler-store.d.ts.map +1 -0
package/dist/cache/index.d.ts +23 -7
package/dist/cache/index.d.ts.map +1 -1
package/dist/cache/index.js +142 -80
package/dist/cache/index.js.map +1 -1
package/dist/cache/singleflight.d.ts +18 -1
package/dist/cache/singleflight.d.ts.map +1 -1
package/dist/cache/sizeof.d.ts +22 -0
package/dist/cache/sizeof.d.ts.map +1 -0
package/dist/cache/timber-cache.d.ts +1 -1
package/dist/cache/timber-cache.d.ts.map +1 -1
package/dist/cli.d.ts +6 -1
package/dist/cli.d.ts.map +1 -1
package/dist/cli.js +6 -1
package/dist/cli.js.map +1 -1
package/dist/client/browser-dev.d.ts +27 -1
package/dist/client/browser-dev.d.ts.map +1 -1
package/dist/client/browser-entry/action-dispatch.d.ts +17 -0
package/dist/client/browser-entry/action-dispatch.d.ts.map +1 -0
package/dist/client/browser-entry/hmr.d.ts +21 -0
package/dist/client/browser-entry/hmr.d.ts.map +1 -0
package/dist/client/browser-entry/hydrate.d.ts +46 -0
package/dist/client/browser-entry/hydrate.d.ts.map +1 -0
package/dist/client/browser-entry/index.d.ts +30 -0
package/dist/client/browser-entry/index.d.ts.map +1 -0
package/dist/client/browser-entry/post-hydration.d.ts +26 -0
package/dist/client/browser-entry/post-hydration.d.ts.map +1 -0
package/dist/client/browser-entry/router-init.d.ts +23 -0
package/dist/client/browser-entry/router-init.d.ts.map +1 -0
package/dist/client/browser-entry/rsc-stream.d.ts +24 -0
package/dist/client/browser-entry/rsc-stream.d.ts.map +1 -0
package/dist/client/browser-entry/scroll.d.ts +19 -0
package/dist/client/browser-entry/scroll.d.ts.map +1 -0
package/dist/client/error-boundary.d.ts +12 -5
package/dist/client/error-boundary.d.ts.map +1 -1
package/dist/client/error-boundary.js +10 -4
package/dist/client/error-boundary.js.map +1 -1
package/dist/client/error-reconstituter.d.ts +54 -0
package/dist/client/error-reconstituter.d.ts.map +1 -0
package/dist/client/form.d.ts +2 -2
package/dist/client/form.d.ts.map +1 -1
package/dist/client/history.d.ts +19 -4
package/dist/client/history.d.ts.map +1 -1
package/dist/client/index.d.ts +7 -21
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +210 -1017
package/dist/client/index.js.map +1 -1
package/dist/client/internal.d.ts +18 -0
package/dist/client/internal.d.ts.map +1 -0
package/dist/client/internal.js +890 -0
package/dist/client/internal.js.map +1 -0
package/dist/client/link-pending-store.d.ts +63 -0
package/dist/client/link-pending-store.d.ts.map +1 -0
package/dist/client/link.d.ts +90 -32
package/dist/client/link.d.ts.map +1 -1
package/dist/client/nav-link-store.d.ts +36 -0
package/dist/client/nav-link-store.d.ts.map +1 -0
package/dist/client/navigation-api-types.d.ts +90 -0
package/dist/client/navigation-api-types.d.ts.map +1 -0
package/dist/client/navigation-api.d.ts +115 -0
package/dist/client/navigation-api.d.ts.map +1 -0
package/dist/client/navigation-context.d.ts +13 -2
package/dist/client/navigation-context.d.ts.map +1 -1
package/dist/client/{transition-root.d.ts → navigation-root.d.ts} +42 -8
package/dist/client/navigation-root.d.ts.map +1 -0
package/dist/client/nuqs-adapter.d.ts.map +1 -1
package/dist/client/router-ref.d.ts +1 -1
package/dist/client/router.d.ts +70 -4
package/dist/client/router.d.ts.map +1 -1
package/dist/client/rsc-fetch.d.ts +38 -3
package/dist/client/rsc-fetch.d.ts.map +1 -1
package/dist/client/segment-cache.d.ts +1 -1
package/dist/client/segment-cache.d.ts.map +1 -1
package/dist/client/segment-outlet.d.ts +63 -0
package/dist/client/segment-outlet.d.ts.map +1 -0
package/dist/client/ssr-data.d.ts +13 -4
package/dist/client/ssr-data.d.ts.map +1 -1
package/dist/client/stale-reload.d.ts +15 -0
package/dist/client/stale-reload.d.ts.map +1 -1
package/dist/client/top-loader.d.ts +5 -5
package/dist/client/top-loader.d.ts.map +1 -1
package/dist/client/use-link-status.d.ts +5 -5
package/dist/client/use-link-status.d.ts.map +1 -1
package/dist/client/use-params.d.ts +6 -4
package/dist/client/use-params.d.ts.map +1 -1
package/dist/client/{use-navigation-pending.d.ts → use-pending-navigation.d.ts} +4 -4
package/dist/client/use-pending-navigation.d.ts.map +1 -0
package/dist/client/use-query-states.d.ts +1 -1
package/dist/client/use-query-states.d.ts.map +1 -1
package/dist/client/use-router.d.ts +1 -1
package/dist/codec.d.ts +33 -0
package/dist/codec.d.ts.map +1 -0
package/dist/codec.js +2 -0
package/dist/config-types.d.ts +210 -0
package/dist/config-types.d.ts.map +1 -0
package/dist/content/index.d.ts +1 -10
package/dist/content/index.d.ts.map +1 -1
package/dist/content/index.js +0 -2
package/dist/cookies/define-cookie.d.ts +35 -14
package/dist/cookies/define-cookie.d.ts.map +1 -1
package/dist/cookies/index.js +1 -83
package/dist/fonts/css.d.ts +1 -0
package/dist/fonts/css.d.ts.map +1 -1
package/dist/index.d.ts +45 -192
package/dist/index.d.ts.map +1 -1
package/dist/index.js +12296 -11901
package/dist/index.js.map +1 -1
package/dist/plugin-context.d.ts +84 -0
package/dist/plugin-context.d.ts.map +1 -0
package/dist/plugins/adapter-build.d.ts +1 -1
package/dist/plugins/adapter-build.d.ts.map +1 -1
package/dist/plugins/build-manifest.d.ts +2 -2
package/dist/plugins/build-manifest.d.ts.map +1 -1
package/dist/plugins/build-report.d.ts +3 -3
package/dist/plugins/build-report.d.ts.map +1 -1
package/dist/plugins/client-chunks.d.ts +32 -0
package/dist/plugins/client-chunks.d.ts.map +1 -0
package/dist/plugins/content.d.ts +1 -1
package/dist/plugins/content.d.ts.map +1 -1
package/dist/plugins/dev-browser-logs.d.ts +84 -0
package/dist/plugins/dev-browser-logs.d.ts.map +1 -0
package/dist/plugins/dev-error-overlay.d.ts +26 -1
package/dist/plugins/dev-error-overlay.d.ts.map +1 -1
package/dist/plugins/dev-logs.d.ts +1 -1
package/dist/plugins/dev-logs.d.ts.map +1 -1
package/dist/plugins/dev-server.d.ts +1 -1
package/dist/plugins/dev-server.d.ts.map +1 -1
package/dist/plugins/entries.d.ts +1 -1
package/dist/plugins/entries.d.ts.map +1 -1
package/dist/plugins/fonts.d.ts +19 -5
package/dist/plugins/fonts.d.ts.map +1 -1
package/dist/plugins/mdx.d.ts +1 -1
package/dist/plugins/mdx.d.ts.map +1 -1
package/dist/plugins/routing.d.ts +1 -1
package/dist/plugins/routing.d.ts.map +1 -1
package/dist/plugins/server-bundle.d.ts.map +1 -1
package/dist/plugins/shims.d.ts +6 -5
package/dist/plugins/shims.d.ts.map +1 -1
package/dist/plugins/static-build.d.ts +4 -4
package/dist/plugins/static-build.d.ts.map +1 -1
package/dist/routing/codegen.d.ts +2 -2
package/dist/routing/codegen.d.ts.map +1 -1
package/dist/routing/index.d.ts +2 -0
package/dist/routing/index.d.ts.map +1 -1
package/dist/routing/index.js +3 -2
package/dist/routing/scanner.d.ts.map +1 -1
package/dist/routing/segment-classify.d.ts +46 -0
package/dist/routing/segment-classify.d.ts.map +1 -0
package/dist/routing/status-file-lint.d.ts +2 -1
package/dist/routing/status-file-lint.d.ts.map +1 -1
package/dist/routing/types.d.ts +16 -4
package/dist/routing/types.d.ts.map +1 -1
package/dist/rsc-runtime/rsc.d.ts +1 -1
package/dist/rsc-runtime/rsc.d.ts.map +1 -1
package/dist/rsc-runtime/ssr.d.ts +12 -0
package/dist/rsc-runtime/ssr.d.ts.map +1 -1
package/dist/schema-bridge.d.ts +76 -0
package/dist/schema-bridge.d.ts.map +1 -0
package/dist/search-params/define.d.ts +139 -0
package/dist/search-params/define.d.ts.map +1 -0
package/dist/search-params/index.d.ts +4 -7
package/dist/search-params/index.d.ts.map +1 -1
package/dist/search-params/index.js +4 -474
package/dist/search-params/registry.d.ts +2 -2
package/dist/search-params/registry.d.ts.map +1 -1
package/dist/search-params/wrappers.d.ts +53 -0
package/dist/search-params/wrappers.d.ts.map +1 -0
package/dist/segment-params/define.d.ts +78 -0
package/dist/segment-params/define.d.ts.map +1 -0
package/dist/segment-params/index.d.ts +6 -0
package/dist/segment-params/index.d.ts.map +1 -0
package/dist/segment-params/index.js +4 -0
package/dist/server/access-gate.d.ts +4 -0
package/dist/server/access-gate.d.ts.map +1 -1
package/dist/server/action-client.d.ts +12 -1
package/dist/server/action-client.d.ts.map +1 -1
package/dist/server/action-encryption.d.ts +76 -0
package/dist/server/action-encryption.d.ts.map +1 -0
package/dist/server/action-handler.d.ts.map +1 -1
package/dist/server/actions.d.ts +3 -6
package/dist/server/actions.d.ts.map +1 -1
package/dist/server/als-registry.d.ts +32 -4
package/dist/server/als-registry.d.ts.map +1 -1
package/dist/server/build-manifest.d.ts +2 -2
package/dist/server/build-manifest.d.ts.map +1 -1
package/dist/server/debug.d.ts +1 -1
package/dist/server/default-logger.d.ts +22 -0
package/dist/server/default-logger.d.ts.map +1 -0
package/dist/server/deny-page-resolver.d.ts +52 -0
package/dist/server/deny-page-resolver.d.ts.map +1 -0
package/dist/server/deny-renderer.d.ts.map +1 -1
package/dist/server/dev-holding-server.d.ts +52 -0
package/dist/server/dev-holding-server.d.ts.map +1 -0
package/dist/server/dev-warnings.d.ts +1 -21
package/dist/server/dev-warnings.d.ts.map +1 -1
package/dist/server/early-hints.d.ts +13 -5
package/dist/server/early-hints.d.ts.map +1 -1
package/dist/server/error-boundary-wrapper.d.ts +7 -1
package/dist/server/error-boundary-wrapper.d.ts.map +1 -1
package/dist/server/fallback-error.d.ts +4 -3
package/dist/server/fallback-error.d.ts.map +1 -1
package/dist/server/flight-injection-state.d.ts +66 -0
package/dist/server/flight-injection-state.d.ts.map +1 -0
package/dist/server/flight-scripts.d.ts +42 -0
package/dist/server/flight-scripts.d.ts.map +1 -0
package/dist/server/flush.d.ts.map +1 -1
package/dist/server/form-data.d.ts +29 -0
package/dist/server/form-data.d.ts.map +1 -1
package/dist/server/html-injectors.d.ts +51 -11
package/dist/server/html-injectors.d.ts.map +1 -1
package/dist/server/index.d.ts +6 -43
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +38 -2798
package/dist/server/index.js.map +1 -1
package/dist/server/internal.d.ts +46 -0
package/dist/server/internal.d.ts.map +1 -0
package/dist/server/internal.js +2883 -0
package/dist/server/internal.js.map +1 -0
package/dist/server/logger.d.ts +25 -7
package/dist/server/logger.d.ts.map +1 -1
package/dist/server/middleware-runner.d.ts +19 -4
package/dist/server/middleware-runner.d.ts.map +1 -1
package/dist/server/node-stream-transforms.d.ts +113 -0
package/dist/server/node-stream-transforms.d.ts.map +1 -0
package/dist/server/page-deny-boundary.d.ts +31 -0
package/dist/server/page-deny-boundary.d.ts.map +1 -0
package/dist/server/pipeline-interception.d.ts +1 -1
package/dist/server/pipeline-interception.d.ts.map +1 -1
package/dist/server/pipeline-metadata.d.ts +6 -0
package/dist/server/pipeline-metadata.d.ts.map +1 -1
package/dist/server/pipeline.d.ts +42 -10
package/dist/server/pipeline.d.ts.map +1 -1
package/dist/server/primitives.d.ts +69 -18
package/dist/server/primitives.d.ts.map +1 -1
package/dist/server/render-timeout.d.ts +51 -0
package/dist/server/render-timeout.d.ts.map +1 -0
package/dist/server/request-context.d.ts +112 -43
package/dist/server/request-context.d.ts.map +1 -1
package/dist/server/route-element-builder.d.ts +27 -1
package/dist/server/route-element-builder.d.ts.map +1 -1
package/dist/server/route-handler.d.ts.map +1 -1
package/dist/server/route-matcher.d.ts +9 -2
package/dist/server/route-matcher.d.ts.map +1 -1
package/dist/server/rsc-entry/api-handler.d.ts +2 -2
package/dist/server/rsc-entry/api-handler.d.ts.map +1 -1
package/dist/server/rsc-entry/error-renderer.d.ts +26 -13
package/dist/server/rsc-entry/error-renderer.d.ts.map +1 -1
package/dist/server/rsc-entry/helpers.d.ts +48 -5
package/dist/server/rsc-entry/helpers.d.ts.map +1 -1
package/dist/server/rsc-entry/index.d.ts +8 -3
package/dist/server/rsc-entry/index.d.ts.map +1 -1
package/dist/server/rsc-entry/rsc-payload.d.ts +3 -3
package/dist/server/rsc-entry/rsc-payload.d.ts.map +1 -1
package/dist/server/rsc-entry/rsc-stream.d.ts +4 -1
package/dist/server/rsc-entry/rsc-stream.d.ts.map +1 -1
package/dist/server/rsc-entry/ssr-bridge.d.ts +1 -1
package/dist/server/rsc-entry/ssr-bridge.d.ts.map +1 -1
package/dist/server/rsc-entry/ssr-renderer.d.ts +19 -4
package/dist/server/rsc-entry/ssr-renderer.d.ts.map +1 -1
package/dist/server/safe-load.d.ts +46 -0
package/dist/server/safe-load.d.ts.map +1 -0
package/dist/server/sitemap-generator.d.ts +129 -0
package/dist/server/sitemap-generator.d.ts.map +1 -0
package/dist/server/sitemap-handler.d.ts +22 -0
package/dist/server/sitemap-handler.d.ts.map +1 -0
package/dist/server/slot-resolver.d.ts +1 -1
package/dist/server/slot-resolver.d.ts.map +1 -1
package/dist/server/ssr-entry.d.ts +22 -0
package/dist/server/ssr-entry.d.ts.map +1 -1
package/dist/server/ssr-render.d.ts +39 -21
package/dist/server/ssr-render.d.ts.map +1 -1
package/dist/server/ssr-wrappers.d.ts +50 -0
package/dist/server/ssr-wrappers.d.ts.map +1 -0
package/dist/server/status-code-resolver.d.ts +1 -1
package/dist/server/status-code-resolver.d.ts.map +1 -1
package/dist/server/stream-utils.d.ts +36 -0
package/dist/server/stream-utils.d.ts.map +1 -0
package/dist/server/tracing.d.ts +4 -4
package/dist/server/tracing.d.ts.map +1 -1
package/dist/server/tree-builder.d.ts +22 -19
package/dist/server/tree-builder.d.ts.map +1 -1
package/dist/server/types.d.ts +1 -4
package/dist/server/types.d.ts.map +1 -1
package/dist/server/version-skew.d.ts +61 -0
package/dist/server/version-skew.d.ts.map +1 -0
package/dist/shared/merge-search-params.d.ts +22 -0
package/dist/shared/merge-search-params.d.ts.map +1 -0
package/dist/shims/font-google.d.ts +1 -1
package/dist/shims/font-google.d.ts.map +1 -1
package/dist/shims/font-google.js +42 -0
package/dist/shims/font-google.js.map +1 -0
package/dist/shims/font-local.d.ts +26 -0
package/dist/shims/font-local.d.ts.map +1 -0
package/dist/shims/font-local.js +20 -0
package/dist/shims/font-local.js.map +1 -0
package/dist/shims/headers.d.ts +2 -1
package/dist/shims/headers.d.ts.map +1 -1
package/dist/shims/navigation-client.d.ts +1 -1
package/dist/shims/navigation-client.d.ts.map +1 -1
package/dist/shims/navigation.d.ts +3 -2
package/dist/shims/navigation.d.ts.map +1 -1
package/dist/utils/directive-parser.d.ts +5 -2
package/dist/utils/directive-parser.d.ts.map +1 -1
package/dist/utils/state-machine.d.ts +80 -0
package/dist/utils/state-machine.d.ts.map +1 -0
package/package.json +53 -23
package/src/adapters/cloudflare-dev.ts +177 -0
package/src/adapters/cloudflare-kv-cache.ts +142 -0
package/src/adapters/cloudflare.ts +342 -28
package/src/adapters/compress-module.ts +24 -4
package/src/adapters/nitro.ts +52 -8
package/src/adapters/wrangler.d.ts +7 -0
package/src/cache/cache-api.ts +38 -0
package/src/cache/handler-store.ts +68 -0
package/src/cache/index.ts +81 -18
package/src/cache/singleflight.ts +62 -4
package/src/cache/sizeof.ts +31 -0
package/src/cache/timber-cache.ts +24 -20
package/src/cli.ts +6 -1
package/src/client/browser-dev.ts +128 -1
package/src/client/browser-entry/action-dispatch.ts +116 -0
package/src/client/browser-entry/hmr.ts +81 -0
package/src/client/browser-entry/hydrate.ts +145 -0
package/src/client/browser-entry/index.ts +138 -0
package/src/client/browser-entry/post-hydration.ts +119 -0
package/src/client/browser-entry/router-init.ts +193 -0
package/src/client/browser-entry/rsc-stream.ts +157 -0
package/src/client/browser-entry/scroll.ts +27 -0
package/src/client/error-boundary.tsx +48 -16
package/src/client/error-reconstituter.tsx +65 -0
package/src/client/form.tsx +2 -2
package/src/client/history.ts +26 -4
package/src/client/index.ts +19 -38
package/src/client/internal.ts +57 -0
package/src/client/link-pending-store.ts +111 -0
package/src/client/link.tsx +329 -97
package/src/client/nav-link-store.ts +47 -0
package/src/client/navigation-api-types.ts +112 -0
package/src/client/navigation-api.ts +332 -0
package/src/client/navigation-context.ts +31 -6
package/src/client/navigation-root.tsx +342 -0
package/src/client/nuqs-adapter.tsx +16 -3
package/src/client/router-ref.ts +1 -1
package/src/client/router.ts +299 -72
package/src/client/rsc-fetch.ts +97 -8
package/src/client/segment-cache.ts +1 -1
package/src/client/segment-outlet.tsx +86 -0
package/src/client/ssr-data.ts +13 -5
package/src/client/stale-reload.ts +72 -3
package/src/client/top-loader.tsx +16 -8
package/src/client/use-link-status.ts +7 -7
package/src/client/use-params.ts +7 -5
package/src/client/{use-navigation-pending.ts → use-pending-navigation.ts} +6 -6
package/src/client/use-query-states.ts +3 -3
package/src/client/use-router.ts +1 -1
package/src/codec.ts +49 -0
package/src/config-types.ts +208 -0
package/src/content/index.ts +5 -13
package/src/cookies/define-cookie.ts +78 -25
package/src/cookies/index.ts +8 -0
package/src/fonts/css.ts +2 -1
package/src/index.ts +258 -354
package/src/plugin-context.ts +200 -0
package/src/plugins/adapter-build.ts +8 -2
package/src/plugins/build-manifest.ts +13 -2
package/src/plugins/build-report.ts +3 -3
package/src/plugins/client-chunks.ts +65 -0
package/src/plugins/content.ts +1 -1
package/src/plugins/dev-browser-logs.ts +288 -0
package/src/plugins/dev-error-overlay.ts +70 -1
package/src/plugins/dev-logs.ts +1 -1
package/src/plugins/dev-server.ts +70 -9
package/src/plugins/entries.ts +71 -10
package/src/plugins/fonts.ts +168 -61
package/src/plugins/mdx.ts +1 -1
package/src/plugins/routing.ts +57 -17
package/src/plugins/server-action-exports.ts +1 -1
package/src/plugins/server-bundle.ts +32 -1
package/src/plugins/shims.ts +135 -35
package/src/plugins/static-build.ts +17 -11
package/src/routing/codegen.ts +165 -105
package/src/routing/index.ts +2 -0
package/src/routing/scanner.ts +93 -23
package/src/routing/segment-classify.ts +89 -0
package/src/routing/status-file-lint.ts +3 -2
package/src/routing/types.ts +17 -4
package/src/rsc-runtime/rsc.ts +2 -0
package/src/rsc-runtime/ssr.ts +50 -0
package/src/rsc-runtime/vendor-types.d.ts +7 -0
package/src/{search-params/codecs.ts → schema-bridge.ts} +57 -20
package/src/search-params/define.ts +482 -0
package/src/search-params/index.ts +14 -20
package/src/search-params/registry.ts +2 -2
package/src/search-params/wrappers.ts +85 -0
package/src/segment-params/define.ts +279 -0
package/src/segment-params/index.ts +29 -0
package/src/server/access-gate.tsx +70 -29
package/src/server/action-client.ts +21 -2
package/src/server/action-encryption.ts +144 -0
package/src/server/action-handler.ts +21 -4
package/src/server/actions.ts +10 -9
package/src/server/als-registry.ts +34 -6
package/src/server/build-manifest.ts +10 -4
package/src/server/compress.ts +25 -7
package/src/server/debug.ts +1 -1
package/src/server/default-logger.ts +99 -0
package/src/server/deny-page-resolver.ts +154 -0
package/src/server/deny-renderer.ts +24 -38
package/src/server/dev-holding-server.ts +185 -0
package/src/server/dev-warnings.ts +4 -49
package/src/server/early-hints.ts +36 -15
package/src/server/error-boundary-wrapper.ts +74 -22
package/src/server/fallback-error.ts +31 -15
package/src/server/flight-injection-state.ts +113 -0
package/src/server/flight-scripts.ts +62 -0
package/src/server/flush.ts +2 -1
package/src/server/form-data.ts +76 -0
package/src/server/html-injectors.ts +280 -120
package/src/server/index.ts +26 -177
package/src/server/internal.ts +169 -0
package/src/server/logger.ts +44 -36
package/src/server/middleware-runner.ts +31 -4
package/src/server/node-stream-transforms.ts +509 -0
package/src/server/page-deny-boundary.tsx +56 -0
package/src/server/pipeline-interception.ts +17 -16
package/src/server/pipeline-metadata.ts +13 -0
package/src/server/pipeline.ts +227 -62
package/src/server/primitives.ts +111 -28
package/src/server/render-timeout.ts +108 -0
package/src/server/request-context.ts +293 -132
package/src/server/route-element-builder.ts +283 -191
package/src/server/route-handler.ts +24 -4
package/src/server/route-matcher.ts +24 -20
package/src/server/rsc-entry/api-handler.ts +15 -16
package/src/server/rsc-entry/error-renderer.ts +300 -89
package/src/server/rsc-entry/helpers.ts +134 -5
package/src/server/rsc-entry/index.ts +200 -112
package/src/server/rsc-entry/rsc-payload.ts +65 -18
package/src/server/rsc-entry/rsc-stream.ts +65 -13
package/src/server/rsc-entry/ssr-bridge.ts +14 -5
package/src/server/rsc-entry/ssr-renderer.ts +168 -38
package/src/server/safe-load.ts +60 -0
package/src/server/sitemap-generator.ts +338 -0
package/src/server/sitemap-handler.ts +126 -0
package/src/server/slot-resolver.ts +244 -229
package/src/server/ssr-entry.ts +211 -32
package/src/server/ssr-render.ts +289 -67
package/src/server/ssr-wrappers.tsx +139 -0
package/src/server/status-code-resolver.ts +1 -1
package/src/server/stream-utils.ts +213 -0
package/src/server/tracing.ts +20 -9
package/src/server/tree-builder.ts +92 -58
package/src/server/types.ts +3 -6
package/src/server/version-skew.ts +104 -0
package/src/shared/merge-search-params.ts +55 -0
package/src/shims/font-google.ts +1 -1
package/src/shims/font-local.ts +34 -0
package/src/shims/headers.ts +5 -1
package/src/shims/navigation-client.ts +1 -1
package/src/shims/navigation.ts +7 -2
package/src/utils/directive-parser.ts +5 -2
package/src/utils/state-machine.ts +111 -0
package/dist/_chunks/als-registry-B7DbZ2hS.js.map +0 -1
package/dist/_chunks/debug-gwlJkDuf.js.map +0 -1
package/dist/_chunks/format-DviM89f0.js.map +0 -1
package/dist/_chunks/interception-BOoWmLUA.js.map +0 -1
package/dist/_chunks/request-context-DIkVh_jG.js +0 -330
package/dist/_chunks/request-context-DIkVh_jG.js.map +0 -1
package/dist/_chunks/tracing-CemImE6h.js.map +0 -1
package/dist/_chunks/use-cookie-DX-l1_5E.js +0 -91
package/dist/_chunks/use-cookie-DX-l1_5E.js.map +0 -1
package/dist/_chunks/use-query-states-D5KaffOK.js.map +0 -1
package/dist/cache/register-cached-function.d.ts +0 -17
package/dist/cache/register-cached-function.d.ts.map +0 -1
package/dist/client/browser-entry.d.ts +0 -21
package/dist/client/browser-entry.d.ts.map +0 -1
package/dist/client/link-status-provider.d.ts +0 -11
package/dist/client/link-status-provider.d.ts.map +0 -1
package/dist/client/transition-root.d.ts.map +0 -1
package/dist/client/use-navigation-pending.d.ts.map +0 -1
package/dist/cookies/index.js.map +0 -1
package/dist/plugins/cache-transform.d.ts +0 -36
package/dist/plugins/cache-transform.d.ts.map +0 -1
package/dist/plugins/dynamic-transform.d.ts +0 -72
package/dist/plugins/dynamic-transform.d.ts.map +0 -1
package/dist/search-params/analyze.d.ts +0 -54
package/dist/search-params/analyze.d.ts.map +0 -1
package/dist/search-params/builtin-codecs.d.ts +0 -105
package/dist/search-params/builtin-codecs.d.ts.map +0 -1
package/dist/search-params/codecs.d.ts +0 -53
package/dist/search-params/codecs.d.ts.map +0 -1
package/dist/search-params/create.d.ts +0 -106
package/dist/search-params/create.d.ts.map +0 -1
package/dist/search-params/index.js.map +0 -1
package/dist/server/prerender.d.ts +0 -77
package/dist/server/prerender.d.ts.map +0 -1
package/dist/server/response-cache.d.ts +0 -54
package/dist/server/response-cache.d.ts.map +0 -1
package/src/cache/register-cached-function.ts +0 -103
package/src/client/browser-entry.ts +0 -678
package/src/client/link-status-provider.tsx +0 -30
package/src/client/transition-root.tsx +0 -166
package/src/plugins/cache-transform.ts +0 -199
package/src/plugins/dynamic-transform.ts +0 -161
package/src/search-params/analyze.ts +0 -192
package/src/search-params/builtin-codecs.ts +0 -228
package/src/search-params/create.ts +0 -321
package/src/server/prerender.ts +0 -139
package/src/server/response-cache.ts +0 -410

package/src/server/pipeline.ts CHANGED Viewed

@@ -13,7 +13,7 @@
 import { canonicalize } from './canonicalize.js';
 import { runProxy, type ProxyExport } from './proxy.js';
-import { runMiddleware, type MiddlewareFn } from './middleware-runner.js';
+import { runMiddlewareChain, type MiddlewareFn } from './middleware-runner.js';
 import { runWithTimingCollector, withTiming, getServerTimingHeader } from './server-timing.js';
 import {
   runWithRequestContext,
@@ -21,6 +21,7 @@ import {
   setMutableCookieContext,
   getSetCookieHeaders,
   markResponseFlushed,
+  setSegmentParams,
 } from './request-context.js';
 import {
   generateTraceId,
@@ -29,7 +30,7 @@ import {
   replaceTraceId,
   withSpan,
   setSpanAttribute,
-  traceId,
+  getTraceId,
 } from './tracing.js';
 import {
   logRequestReceived,
@@ -42,10 +43,35 @@ import {
 } from './logger.js';
 import { callOnRequestError } from './instrumentation.js';
 import { RedirectSignal, DenySignal } from './primitives.js';
+import { ParamCoercionError } from './route-element-builder.js';
+import { checkVersionSkew, applyReloadHeaders } from './version-skew.js';
 import { serveStaticMetadataFile, serializeSitemap } from './pipeline-metadata.js';
+import { loadModule } from './safe-load.js';
 import { findInterceptionMatch } from './pipeline-interception.js';
 import type { MiddlewareContext } from './types.js';
-import type { SegmentNode } from '#/routing/types.js';
+import type { SegmentNode } from '../routing/types.js';
+// ─── Prototype-Pollution-Safe Merge ────────────────────────────────────────
+/** Keys that must never be merged via Object.assign — they pollute Object.prototype. */
+const DANGEROUS_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+/**
+ * Shallow merge that skips prototype-polluting keys.
+ *
+ * Used instead of Object.assign when the source object comes from
+ * user-authored codec output (segmentParams.parse), which could
+ * contain __proto__, constructor, or prototype keys.
+ *
+ * See TIM-655, design/13-security.md
+ */
+export function safeMerge(target: Record<string, unknown>, source: Record<string, unknown>): void {
+  for (const key of Object.keys(source)) {
+    if (!DANGEROUS_KEYS.has(key)) {
+      target[key] = source[key];
+    }
+  }
+}
 // ─── Route Match Result ────────────────────────────────────────────────────
@@ -53,10 +79,10 @@ import type { SegmentNode } from '#/routing/types.js';
 export interface RouteMatch {
   /** The matched segment chain from root to leaf. */
   segments: SegmentNode[];
-  /** Extracted route params (catch-all segments produce string[]). */
-  params: Record<string, string | string[]>;
-  /** The leaf segment's middleware.ts export, if any. */
-  middleware?: MiddlewareFn;
+  /** Extracted segment params (catch-all segments produce string[]). */
+  segmentParams: Record<string, string | string[]>;
+  /** Middleware chain from the segment tree, ordered root-to-leaf. */
+  middlewareChain: MiddlewareFn[];
 }
 /** Function that matches a canonical pathname to a route. */
@@ -115,14 +141,25 @@ export interface PipelineConfig {
    * Generated at build time from intercepting route directories.
    * See design/07-routing.md §"Intercepting Routes"
    */
-  interceptionRewrites?: import('#/routing/interception.js').InterceptionRewrite[];
+  interceptionRewrites?: import('../routing/interception.js').InterceptionRewrite[];
+  /**
+   * Control Server-Timing header output.
+   *
+   * - `'detailed'` — per-phase breakdown (proxy, middleware, render).
+   * - `'total'` — single `total;dur=N` entry (production-safe).
+   * - `false` — no Server-Timing header at all.
+   *
+   * Default: `'total'`.
+   */
+  serverTiming?: 'detailed' | 'total' | false;
   /**
-   * Emit Server-Timing header on responses for Chrome DevTools visibility.
-   * Only enable in dev mode — exposes internal timing data.
+   * Auto-generated sitemap handler. When provided, the pipeline intercepts
+   * `/sitemap.xml` and `/sitemap/N.xml` requests and delegates to this
+   * function. Returns a Response or null (pass-through to regular routing).
    *
-   * Default: false (production-safe).
+   * See design/16-metadata.md §"Auto-generated Sitemap"
    */
-  enableServerTiming?: boolean;
+  autoSitemapHandler?: (pathname: string) => Promise<Response | null>;
   /**
    * Dev pipeline error callback — called when a pipeline phase (proxy,
    * middleware, render) catches an unhandled error. Used to wire the error
@@ -149,6 +186,51 @@ export interface PipelineConfig {
   ) => Response | Promise<Response>;
 }
+// ─── Param Coercion ────────────────────────────────────────────────────────
+/**
+ * Run segment param coercion on the matched route's segments.
+ *
+ * Loads params.ts modules from segments that have them, extracts the
+ * segmentParams definition, and coerces raw string params through codecs.
+ * Throws ParamCoercionError if any codec fails (→ 404).
+ *
+ * This runs BEFORE middleware, so ctx.segmentParams is already typed.
+ * See design/07-routing.md §"Where Coercion Runs"
+ */
+export async function coerceSegmentParams(match: RouteMatch): Promise<void> {
+  const segments = match.segments as unknown as import('./route-matcher.js').ManifestSegmentNode[];
+  for (const segment of segments) {
+    // Only process segments that have a params.ts convention file
+    if (!segment.params) continue;
+    let mod: Record<string, unknown>;
+    try {
+      mod = await loadModule(segment.params);
+    } catch (err) {
+      throw new ParamCoercionError(
+        `Failed to load params module for segment "${segment.segmentName}": ${err instanceof Error ? err.message : String(err)}`
+      );
+    }
+    const segmentParamsDef = mod.segmentParams as
+      | { parse(raw: Record<string, string | string[]>): Record<string, unknown> }
+      | undefined;
+    if (!segmentParamsDef || typeof segmentParamsDef.parse !== 'function') continue;
+    try {
+      const coerced = segmentParamsDef.parse(match.segmentParams);
+      // Merge coerced values back — use safeMerge to prevent prototype pollution
+      // from malicious/buggy codec output. See TIM-655.
+      safeMerge(match.segmentParams, coerced as Record<string, unknown>);
+    } catch (err) {
+      throw new ParamCoercionError(err instanceof Error ? err.message : String(err));
+    }
+  }
+}
 // ─── Pipeline ──────────────────────────────────────────────────────────────
 /**
@@ -165,7 +247,7 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
     earlyHints,
     stripTrailingSlash = true,
     slowRequestMs = 3000,
-    enableServerTiming = false,
+    serverTiming = 'total',
     onPipelineError,
   } = config;
@@ -186,7 +268,7 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
     const traceIdValue = generateTraceId();
     return runWithTraceId(traceIdValue, async () => {
-      // Establish request context ALS scope so headers() and cookies() work
+      // Establish request context ALS scope so getHeaders() and getCookies() work
       // throughout the entire request lifecycle (proxy, middleware, render).
       return runWithRequestContext(req, async () => {
         // In dev mode, wrap with timing collector for Server-Timing header.
@@ -216,25 +298,25 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
               // DevSpanProcessor reads this for tree/summary output.
               await setSpanAttribute('http.response.status_code', result.status);
-              // Append Server-Timing header.
-              // In dev mode: detailed per-phase breakdown (proxy, middleware, render).
-              // In production: single total duration — safe to expose, no phase names.
+              // Append Server-Timing header based on configured mode.
               // Response.redirect() creates immutable headers, so we must
               // ensure mutability before writing Server-Timing.
-              if (enableServerTiming) {
-                const serverTiming = getServerTimingHeader();
-                if (serverTiming) {
+              if (serverTiming === 'detailed') {
+                // Detailed: per-phase breakdown (proxy, middleware, render).
+                const timingHeader = getServerTimingHeader();
+                if (timingHeader) {
                   result = ensureMutableResponse(result);
-                  result.headers.set('Server-Timing', serverTiming);
+                  result.headers.set('Server-Timing', timingHeader);
                 }
-              } else {
-                // Production: emit total request duration only.
-                // No phase breakdown — prevents information disclosure
-                // while giving browser DevTools useful timing data.
+              } else if (serverTiming === 'total') {
+                // Total only: single `total;dur=N` — no phase names.
+                // Prevents information disclosure while giving browser
+                // DevTools useful timing data.
                 const totalMs = Math.round(performance.now() - startTime);
                 result = ensureMutableResponse(result);
                 result.headers.set('Server-Timing', `total;dur=${totalMs}`);
               }
+              // serverTiming === false: no header at all
               return result;
             }
@@ -254,7 +336,7 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
           return response;
         };
-        return enableServerTiming ? runWithTimingCollector(runRequest) : runRequest();
+        return serverTiming === 'detailed' ? runWithTimingCollector(runRequest) : runRequest();
       });
     });
   };
@@ -272,7 +354,7 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
       }
       const proxyFn = () => runProxy(proxyExport, req, () => handleRequest(req, method, path));
       return await withSpan('timber.proxy', {}, () =>
-        enableServerTiming ? withTiming('proxy', 'proxy.ts', proxyFn) : proxyFn()
+        serverTiming === 'detailed' ? withTiming('proxy', 'proxy.ts', proxyFn) : proxyFn()
       );
     } catch (error) {
       // Uncaught proxy.ts error → bare HTTP 500
@@ -283,6 +365,24 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
     }
   }
+  /**
+   * Build a redirect Response from a RedirectSignal.
+   *
+   * For RSC payload requests (client navigation), returns 204 + X-Timber-Redirect
+   * so the client router can perform a soft SPA redirect. A raw 302 would be
+   * turned into an opaque redirect by fetch({redirect:'manual'}), crashing
+   * createFromFetch. See design/19-client-navigation.md.
+   */
+  function buildRedirectResponse(signal: RedirectSignal, req: Request, headers: Headers): Response {
+    const isRsc = (req.headers.get('Accept') ?? '').includes('text/x-component');
+    if (isRsc) {
+      headers.set('X-Timber-Redirect', signal.location);
+      return new Response(null, { status: 204, headers });
+    }
+    headers.set('Location', signal.location);
+    return new Response(null, { status: signal.status, headers });
+  }
   async function handleRequest(req: Request, method: string, path: string): Promise<Response> {
     // Stage 1: URL canonicalization
     const url = new URL(req.url);
@@ -306,7 +406,7 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
             return await serveStaticMetadataFile(metaMatch);
           }
-          const mod = (await metaMatch.file.load()) as { default?: Function };
+          const mod = await loadModule<{ default?: Function }>(metaMatch.file);
           if (typeof mod.default !== 'function') {
             return new Response('Metadata route must export a default function', { status: 500 });
           }
@@ -339,6 +439,36 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
       }
     }
+    // Stage 1b.2: Auto-generated sitemap — serves /sitemap.xml and /sitemap/N.xml
+    // when sitemap generation is enabled and no user-authored sitemap exists.
+    // Runs after metadata route matching so user sitemaps always take precedence.
+    // See design/16-metadata.md §"Auto-generated Sitemap"
+    if (config.autoSitemapHandler) {
+      try {
+        const sitemapResponse = await config.autoSitemapHandler(canonicalPathname);
+        if (sitemapResponse) return sitemapResponse;
+      } catch (error) {
+        logRenderError({ method, path, error });
+        if (onPipelineError && error instanceof Error) onPipelineError(error, 'auto-sitemap');
+        return new Response(null, { status: 500 });
+      }
+    }
+    // Stage 1c: Version skew detection (TIM-446).
+    // For RSC payload requests (client navigation), check if the client's
+    // deployment ID matches the current build. On mismatch, signal the
+    // client to do a full page reload instead of returning an RSC payload
+    // that references mismatched module IDs.
+    const isRscRequest = (req.headers.get('Accept') ?? '').includes('text/x-component');
+    if (isRscRequest) {
+      const skewCheck = checkVersionSkew(req);
+      if (!skewCheck.ok) {
+        const reloadHeaders = new Headers();
+        applyReloadHeaders(reloadHeaders);
+        return new Response(null, { status: 204, headers: reloadHeaders });
+      }
+    }
     // Stage 2: Route matching
     let match = matchRoute(canonicalPathname);
     let interception: InterceptionContext | undefined;
@@ -397,18 +527,57 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
       }
     }
-    // Stage 3: Leaf middleware.ts (only the leaf route's middleware runs)
-    if (match.middleware) {
+    // Stage 2c: Param coercion (before middleware)
+    // Load params.ts modules from matched segments and coerce raw string
+    // params through defineSegmentParams codecs. Coercion failure → 404
+    // (middleware never runs). See design/07-routing.md §"Where Coercion Runs"
+    try {
+      await coerceSegmentParams(match);
+    } catch (error) {
+      if (error instanceof ParamCoercionError) {
+        // For API routes (route.ts), return a bare 404 — not an HTML page.
+        // API consumers expect JSON/empty responses, not rendered HTML.
+        const leafSegment = match.segments[match.segments.length - 1];
+        if (
+          (leafSegment as { route?: unknown }).route &&
+          !(leafSegment as { page?: unknown }).page
+        ) {
+          return new Response(null, { status: 404 });
+        }
+        // Route through the app's 404 page (404.tsx in root layout) instead of
+        // returning a bare empty 404 Response. Falls back to bare 404 only if
+        // no renderNoMatch renderer is configured.
+        if (config.renderNoMatch) {
+          return config.renderNoMatch(req, responseHeaders);
+        }
+        return new Response(null, { status: 404 });
+      }
+      throw error;
+    }
+    // Store coerced segment params in ALS so components can access them
+    // via getSegmentParams() instead of receiving them as a prop.
+    // See design/07-routing.md §"params.ts — Convention File for Typed Params"
+    setSegmentParams(match.segmentParams);
+    // Stage 3: Middleware chain (root-to-leaf, short-circuits on first Response)
+    if (match.middlewareChain.length > 0) {
       const ctx: MiddlewareContext = {
         req,
         requestHeaders: requestHeaderOverlay,
         headers: responseHeaders,
-        params: match.params,
-        searchParams: new URL(req.url).searchParams,
+        segmentParams: match.segmentParams,
         earlyHints: (hints) => {
           for (const hint of hints) {
-            let value = `<${hint.href}>; rel=${hint.rel}`;
-            if (hint.as !== undefined) value += `; as=${hint.as}`;
+            // Match Cloudflare's cached Early Hints attribute order: `as` before `rel`.
+            // Cloudflare caches Link headers and re-emits them on subsequent 200s.
+            // If our order differs, the browser sees duplicate preloads and warns.
+            let value: string;
+            if (hint.as !== undefined) {
+              value = `<${hint.href}>; as=${hint.as}; rel=${hint.rel}`;
+            } else {
+              value = `<${hint.href}>; rel=${hint.rel}`;
+            }
             if (hint.crossOrigin !== undefined) value += `; crossorigin=${hint.crossOrigin}`;
             if (hint.fetchPriority !== undefined) value += `; fetchpriority=${hint.fetchPriority}`;
             responseHeaders.append('Link', value);
@@ -419,9 +588,9 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
       try {
         // Enable cookie mutation during middleware (design/29-cookies.md §"Context Tracking")
         setMutableCookieContext(true);
-        const middlewareFn = () => runMiddleware(match.middleware!, ctx);
+        const chainFn = () => runMiddlewareChain(match.middlewareChain, ctx);
         const middlewareResponse = await withSpan('timber.middleware', {}, () =>
-          enableServerTiming ? withTiming('mw', 'middleware.ts', middlewareFn) : middlewareFn()
+          serverTiming === 'detailed' ? withTiming('mw', 'middleware.ts', chainFn) : chainFn()
         );
         setMutableCookieContext(false);
         if (middlewareResponse) {
@@ -430,28 +599,30 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
           // mutability before appending Set-Cookie entries.
           const finalResponse = ensureMutableResponse(middlewareResponse);
           applyCookieJar(finalResponse.headers);
+          // Merge parent-set responseHeaders onto the short-circuit response.
+          // Child-set headers take precedence — only add headers not already present.
+          // Snapshot existing keys first so multi-value headers (Set-Cookie, Link)
+          // from the parent are all appended when the child didn't set that key.
+          const existingKeys = new Set(
+            [...finalResponse.headers.keys()].map((k) => k.toLowerCase())
+          );
+          for (const [key, value] of responseHeaders.entries()) {
+            if (!existingKeys.has(key.toLowerCase())) {
+              finalResponse.headers.append(key, value);
+            }
+          }
           logMiddlewareShortCircuit({ method, path, status: finalResponse.status });
           return finalResponse;
         }
-        // Middleware succeeded without short-circuiting — apply any
-        // injected request headers so headers() returns them downstream.
+        // Middleware chain completed without short-circuiting — apply any
+        // injected request headers so getHeaders() returns them downstream.
         applyRequestHeaderOverlay(requestHeaderOverlay);
       } catch (error) {
         setMutableCookieContext(false);
-        // RedirectSignal from middleware → HTTP redirect (not an error).
-        // For RSC payload requests (client navigation), return 204 + X-Timber-Redirect
-        // so the client router can perform a soft SPA redirect. A raw 302 would be
-        // turned into an opaque redirect by fetch({redirect:'manual'}), crashing
-        // createFromFetch. See design/19-client-navigation.md.
+        // RedirectSignal from middleware → HTTP redirect (not an error)
         if (error instanceof RedirectSignal) {
           applyCookieJar(responseHeaders);
-          const isRsc = (req.headers.get('Accept') ?? '').includes('text/x-component');
-          if (isRsc) {
-            responseHeaders.set('X-Timber-Redirect', error.location);
-            return new Response(null, { status: 204, headers: responseHeaders });
-          }
-          responseHeaders.set('Location', error.location);
-          return new Response(null, { status: error.status, headers: responseHeaders });
+          return buildRedirectResponse(error, req, responseHeaders);
         }
         // DenySignal from middleware → HTTP deny status
         if (error instanceof DenySignal) {
@@ -476,7 +647,9 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
       const renderFn = () =>
         render(req, match, responseHeaders, requestHeaderOverlay, interception);
       const response = await withSpan('timber.render', { 'http.route': canonicalPathname }, () =>
-        enableServerTiming ? withTiming('render', 'RSC + SSR render', renderFn) : renderFn()
+        serverTiming === 'detailed'
+          ? withTiming('render', 'RSC + SSR render', renderFn)
+          : renderFn()
       );
       markResponseFlushed();
       return response;
@@ -486,17 +659,9 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
       if (error instanceof DenySignal) {
         return new Response(null, { status: error.status });
       }
-      // RedirectSignal leaked from render — honour the redirect.
-      // For RSC payload requests, return 204 + X-Timber-Redirect so the
-      // client router can perform a soft SPA redirect (same as middleware path).
+      // RedirectSignal leaked from render — honour the redirect
       if (error instanceof RedirectSignal) {
-        const isRsc = (req.headers.get('Accept') ?? '').includes('text/x-component');
-        if (isRsc) {
-          responseHeaders.set('X-Timber-Redirect', error.location);
-          return new Response(null, { status: 204, headers: responseHeaders });
-        }
-        responseHeaders.set('Location', error.location);
-        return new Response(null, { status: error.status, headers: responseHeaders });
+        return buildRedirectResponse(error, req, responseHeaders);
       }
       logRenderError({ method, path, error });
       await fireOnRequestError(error, req, 'render');
@@ -532,7 +697,7 @@ async function fireOnRequestError(
   await callOnRequestError(
     error,
     { method: req.method, path: url.pathname, headers: headersObj },
-    { phase, routePath: url.pathname, routeType: 'page', traceId: traceId() }
+    { phase, routePath: url.pathname, routeType: 'page', traceId: getTraceId() }
   );
 }

package/src/server/primitives.ts CHANGED Viewed

@@ -6,6 +6,8 @@
 import type { JsonSerializable } from './types.js';
 import { getWaitUntil as _getWaitUntil } from './waituntil-bridge.js';
 import { isDebug } from './debug.js';
+import { getRequestSearchString } from './request-context.js';
+import { mergePreservedSearchParams } from '../shared/merge-search-params.js';
 // ─── Dev-mode validation ────────────────────────────────────────────────────
@@ -143,37 +145,65 @@ export class DenySignal extends Error {
   }
 }
+/** Options for deny() when using the object form. */
+export interface DenyOptions {
+  /** HTTP status code (4xx or 5xx). Default: 403. */
+  status?: number;
+  /** Human-readable message (logged server-side, not sent to client). */
+  message?: string;
+  /** JSON-serializable data passed as `dangerouslyPassData` prop to status-code files. */
+  data?: JsonSerializable;
+}
 /**
- * Universal denial primitive. Throws a `DenySignal` that the framework catches.
+ * Universal denial/error primitive. Throws a `DenySignal` that the framework catches.
  *
  * - In segment context (outside Suspense): produces HTTP status code
  * - In slot context: graceful degradation → denied.tsx → default.tsx → null
  * - Inside Suspense (hold window): promoted to pre-flush behavior
  * - Inside Suspense (after flush): error boundary + noindex meta
  *
- * @param status - Any 4xx HTTP status code. Defaults to 403.
- * @param data - Optional JSON-serializable data passed as `dangerouslyPassData` prop to status-code files.
+ * Supports both positional and object signatures:
+ * ```ts
+ * deny()                                          // 403 (default)
+ * deny(404)                                       // 404
+ * deny(503, { retry: true })                      // 503 with data
+ * deny({ status: 503, message: 'Maintenance' })   // object form
+ * ```
+ *
+ * Accepts any 4xx or 5xx status code. This replaces the need for
+ * `throw new RenderError(...)` in user code — RenderError is now an
+ * internal pipeline detail.
+ *
+ * @param statusOrOptions - Status code (number) or options object. Default: 403.
+ * @param data - Optional JSON-serializable data (positional form only).
  */
-export function deny(status: number = 403, data?: JsonSerializable): never {
-  if (status < 400 || status > 499) {
-    throw new Error(
-      `deny() requires a 4xx status code, got ${status}. ` +
-        'For 5xx errors, throw a RenderError instead.'
-    );
+export function deny(statusOrOptions?: number | DenyOptions, data?: JsonSerializable): never {
+  let status: number;
+  let resolvedData: JsonSerializable | undefined;
+  if (typeof statusOrOptions === 'object' && statusOrOptions !== null) {
+    status = statusOrOptions.status ?? 403;
+    resolvedData = statusOrOptions.data;
+  } else {
+    status = statusOrOptions ?? 403;
+    resolvedData = data;
   }
-  warnIfNotSerializable(data, 'deny()');
-  throw new DenySignal(status, data);
+  if (status < 400 || status > 599) {
+    throw new Error(`deny() requires a 4xx or 5xx status code, got ${status}.`);
+  }
+  warnIfNotSerializable(resolvedData, 'deny()');
+  throw new DenySignal(status, resolvedData);
 }
 /**
- * Convenience alias for `deny(404)`.
- *
- * Provided for Next.js API compatibility — libraries and user code that
- * call `notFound()` from `next/navigation` get the same behavior as
- * `deny(404)` in timber.
+ * @deprecated Use `deny(404)` instead.
+ * Kept for internal use by the Next.js shim layer.
+ * @internal
  */
 export function notFound(): never {
-  throw new DenySignal(404);
+  deny(404);
 }
 /**
@@ -209,14 +239,63 @@ export class RedirectSignal extends Error {
 /** Pattern matching absolute URLs: http(s):// or protocol-relative // */
 const ABSOLUTE_URL_RE = /^(?:[a-zA-Z][a-zA-Z\d+\-.]*:|\/\/)/;
+/**
+ * Options for redirect() — alternative to passing a bare status code.
+ */
+export interface RedirectOptions {
+  /** HTTP redirect status code (3xx). Defaults to 302 (or 308 when `permanent: true`). */
+  status?: number;
+  /**
+   * When true, defaults the status to 308 (Permanent Redirect, preserves HTTP method).
+   * If `status` is also provided, `status` takes precedence.
+   *
+   * @example
+   * redirect('/new-path', { permanent: true });       // 308
+   * redirect('/new-path', { permanent: true, status: 301 }); // 301
+   */
+  permanent?: boolean;
+  /**
+   * Preserve search params from the current request URL on the redirect target.
+   *
+   * - `true` — preserve ALL current search params (target params take precedence)
+   * - `string[]` — preserve only the named params (e.g. `['private', 'token']`)
+   *
+   * Target path's own query params always take precedence over preserved ones.
+   */
+  preserveSearchParams?: true | string[];
+}
 /**
  * Redirect to a relative path. Rejects absolute and protocol-relative URLs.
  * Use `redirectExternal()` for external redirects with an allow-list.
  *
  * @param path - Relative path (e.g. '/login', 'settings', '/login?returnTo=/dash')
- * @param status - HTTP redirect status code (3xx). Defaults to 302.
+ * @param statusOrOptions - HTTP status code (3xx, default 302) or options object.
+ *
+ * @example
+ * // Simple redirect
+ * redirect('/login');
+ *
+ * // With status code
+ * redirect('/login', 301);
+ *
+ * // With preserved search params
+ * redirect(`/docs/${version}/${slug}`, { preserveSearchParams: ['foo'] });
  */
-export function redirect(path: string, status: number = 302): never {
+export function redirect(path: string, statusOrOptions?: number | RedirectOptions): never {
+  let status: number;
+  let preserveSearchParams: true | string[] | undefined;
+  if (typeof statusOrOptions === 'number') {
+    status = statusOrOptions;
+  } else if (statusOrOptions) {
+    // Explicit status wins. Otherwise permanent: true → 308, default → 302.
+    status = statusOrOptions.status ?? (statusOrOptions.permanent ? 308 : 302);
+    preserveSearchParams = statusOrOptions.preserveSearchParams;
+  } else {
+    status = 302;
+  }
   if (status < 300 || status > 399) {
     throw new Error(`redirect() requires a 3xx status code, got ${status}.`);
   }
@@ -226,19 +305,23 @@ export function redirect(path: string, status: number = 302): never {
         'Use redirectExternal(url, allowList) for external redirects.'
     );
   }
-  throw new RedirectSignal(path, status);
+  let resolvedPath = path;
+  if (preserveSearchParams) {
+    const currentSearch = getRequestSearchString();
+    resolvedPath = mergePreservedSearchParams(path, currentSearch, preserveSearchParams);
+  }
+  throw new RedirectSignal(resolvedPath, status);
 }
 /**
- * Permanent redirect to a relative path. Shorthand for `redirect(path, 308)`.
- *
- * Uses 308 (Permanent Redirect) which preserves the HTTP method — the browser
- * will replay POST requests to the new location. This matches Next.js behavior.
- *
- * @param path - Relative path (e.g. '/new-page', '/dashboard')
+ * @deprecated Use `redirect(path, { permanent: true })` instead.
+ * Kept for internal use by the Next.js shim layer.
+ * @internal
  */
-export function permanentRedirect(path: string): never {
-  redirect(path, 308);
+export function permanentRedirect(path: string, options?: Omit<RedirectOptions, 'status'>): never {
+  redirect(path, { permanent: true, ...options });
 }
 /**