@timber-js/app 0.2.0-alpha.9 → 0.2.0-alpha.90

package/dist/server/internal.js

@@ -0,0 +1,2900 @@
+import { n as isDevMode, t as isDebug } from "../_chunks/debug-ECi_61pb.js";
+import { a as warnRedirectInSuspense, c as warnSuspenseWrappingChildren, i as warnRedirectInAccess, n as setViteServer, o as warnSlowSlotWithoutSuspense, r as warnDenyInSuspense, s as warnStaticRequestApi, t as WarningId } from "../_chunks/dev-warnings-DpGRGoDi.js";
+import { t as classifyUrlSegment } from "../_chunks/segment-classify-BDNn6EzD.js";
+import { i as getMetadataRouteServePath, n as classifyMetadataRoute, r as getMetadataRouteAutoLink, t as METADATA_ROUTE_CONVENTIONS } from "../_chunks/metadata-routes-DS3eKNmf.js";
+import { a as timingAls, r as requestContextAls, t as earlyHintsSenderAls } from "../_chunks/als-registry-HS0LGUl2.js";
+import { f as runWithRequestContext, l as getSetCookieHeaders, m as setSegmentParams, p as setMutableCookieContext, t as applyRequestHeaderOverlay, u as markResponseFlushed } from "../_chunks/request-context-CK5tZqIP.js";
+import { l as RenderError, n as executeAction, o as DenySignal, r as isRscActionRequest, s as RedirectSignal, t as buildNoJsResponse } from "../_chunks/actions-DLnUaR65.js";
+import { c as replaceTraceId, d as withSpan, i as getOtelTraceId, l as runWithTraceId, o as getTraceId, r as generateTraceId, s as getTraceStore, u as setSpanAttribute } from "../_chunks/tracing-CCYbKn5n.js";
+import "../client/error-boundary.js";
+import "../_chunks/segment-context-fHFLF1PE.js";
+import { readFile } from "node:fs/promises";
+import { createElement } from "react";
+//#region src/server/canonicalize.ts
+/**
+* Encoded separators that produce a 400 rejection.
+* %2f (/) and %5c (\) cause path-confusion attacks.
+*/
+var ENCODED_SEPARATOR_RE = /%2f|%5c/i;
+/** Null byte — rejected. */
+var NULL_BYTE_RE = /%00/i;
+/**
+* Canonicalize a URL pathname.
+*
+* 1. Reject encoded separators (%2f, %5c) and null bytes (%00)
+* 2. Single percent-decode
+* 3. Collapse // → /
+* 4. Resolve .. segments (reject if escaping root)
+* 5. Strip trailing slash (except root "/")
+*
+* @param rawPathname - The raw pathname from the request URL (percent-encoded)
+* @param stripTrailingSlash - Whether to strip trailing slashes. Default: true.
+*/
+function canonicalize(rawPathname, stripTrailingSlash = true) {
+	if (ENCODED_SEPARATOR_RE.test(rawPathname)) return {
+		ok: false,
+		status: 400
+	};
+	if (NULL_BYTE_RE.test(rawPathname)) return {
+		ok: false,
+		status: 400
+	};
+	let decoded;
+	try {
+		decoded = decodeURIComponent(rawPathname);
+	} catch {
+		return {
+			ok: false,
+			status: 400
+		};
+	}
+	if (decoded.includes("\0")) return {
+		ok: false,
+		status: 400
+	};
+	let pathname = decoded.replace(/\/\/+/g, "/");
+	const segments = pathname.split("/");
+	const resolved = [];
+	for (const seg of segments) if (seg === "..") {
+		if (resolved.length <= 1) return {
+			ok: false,
+			status: 400
+		};
+		resolved.pop();
+	} else if (seg !== ".") resolved.push(seg);
+	pathname = resolved.join("/") || "/";
+	if (stripTrailingSlash && pathname.length > 1 && pathname.endsWith("/")) pathname = pathname.slice(0, -1);
+	return {
+		ok: true,
+		pathname
+	};
+}
+//#endregion
+//#region src/server/proxy.ts
+/**
+* Run the proxy pipeline.
+*
+* @param proxyExport - The default export from proxy.ts (function or array)
+* @param req - The incoming request
+* @param next - The continuation that proceeds to route matching and rendering
+* @returns The final response
+*/
+async function runProxy(proxyExport, req, next) {
+	const fns = Array.isArray(proxyExport) ? proxyExport : [proxyExport];
+	let i = fns.length;
+	let composed = next;
+	while (i--) {
+		const fn = fns[i];
+		const downstream = composed;
+		composed = () => Promise.resolve(fn(req, downstream));
+	}
+	return composed();
+}
+//#endregion
+//#region src/server/middleware-runner.ts
+/**
+* Run a route's middleware function.
+*
+* @param middlewareFn - The default export from the route's middleware.ts
+* @param ctx - The middleware context (req, params, headers, requestHeaders, searchParams)
+* @returns A Response if middleware short-circuited, or undefined to continue
+*/
+async function runMiddleware(middlewareFn, ctx) {
+	const result = await middlewareFn(ctx);
+	if (result instanceof Response) return result;
+}
+/**
+* Run all middleware functions in the segment chain, root to leaf.
+*
+* Execution is top-down: root middleware runs first, leaf middleware runs last.
+* All middleware share the same MiddlewareContext — a parent that sets
+* ctx.requestHeaders makes it visible to child middleware and downstream components.
+*
+* Short-circuits on the first middleware that returns a Response.
+* Remaining middleware in the chain do not execute.
+*
+* @param chain - Middleware functions ordered root-to-leaf
+* @param ctx - Shared middleware context
+* @returns A Response if any middleware short-circuited, or undefined to continue
+*/
+async function runMiddlewareChain(chain, ctx) {
+	for (const fn of chain) {
+		const result = await fn(ctx);
+		if (result instanceof Response) return result;
+	}
+}
+//#endregion
+//#region src/server/server-timing.ts
+/**
+* Server-Timing header — dev-mode timing breakdowns for Chrome DevTools.
+*
+* Collects timing entries per request using ALS. Each pipeline phase
+* (proxy, middleware, render, SSR, access, fetch) records an entry.
+* Before response flush, entries are formatted into a Server-Timing header.
+*
+* Only active in dev mode — zero overhead in production.
+*
+* See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Server-Timing
+* Task: LOCAL-290
+*/
+/**
+* Run a callback with a per-request timing collector.
+* Must be called at the top of the request pipeline (wraps the full request).
+*/
+function runWithTimingCollector(fn) {
+	return timingAls.run({ entries: [] }, fn);
+}
+/**
+* Run a function and automatically record its duration as a timing entry.
+* Returns the function's result. No-ops the recording if outside a collector.
+*/
+async function withTiming(name, desc, fn) {
+	const store = timingAls.getStore();
+	if (!store) return fn();
+	const start = performance.now();
+	try {
+		return await fn();
+	} finally {
+		const dur = Math.round(performance.now() - start);
+		store.entries.push({
+			name,
+			dur,
+			desc
+		});
+	}
+}
+/**
+* Get the Server-Timing header value for the current request.
+* Returns null if no entries exist or outside a collector.
+*
+* Format: `name;dur=123;desc="description", name2;dur=456`
+* See RFC 6797 / Server-Timing spec for format details.
+*/
+function getServerTimingHeader() {
+	const store = timingAls.getStore();
+	if (!store || store.entries.length === 0) return null;
+	const nameCounts = /* @__PURE__ */ new Map();
+	const parts = store.entries.map((entry) => {
+		const count = nameCounts.get(entry.name) ?? 0;
+		nameCounts.set(entry.name, count + 1);
+		const uniqueName = count > 0 ? `${entry.name}-${count}` : entry.name;
+		return {
+			...entry,
+			name: uniqueName
+		};
+	}).map((entry) => {
+		let part = `${entry.name};dur=${entry.dur}`;
+		if (entry.desc) {
+			const safeDesc = entry.desc.replace(/\\/g, "\\\\").replace(/"/g, "\\\"");
+			part += `;desc="${safeDesc}"`;
+		}
+		return part;
+	});
+	const MAX_HEADER_SIZE = 4096;
+	let result = "";
+	for (let i = 0; i < parts.length; i++) {
+		const candidate = result ? `${result}, ${parts[i]}` : parts[i];
+		if (candidate.length > MAX_HEADER_SIZE) break;
+		result = candidate;
+	}
+	return result || null;
+}
+//#endregion
+//#region src/server/error-formatter.ts
+/**
+* Error Formatter — rewrites SSR/RSC error messages to surface user code.
+*
+* When React or Vite throw errors during SSR, stack traces reference
+* vendored dependency paths (e.g. `.vite/deps_ssr/@vitejs_plugin-rsc_vendor_...`)
+* and mangled export names (`__vite_ssr_export_default__`). This module
+* rewrites error messages and stack traces to point at user code instead.
+*
+* Dev-only — in production, errors go through the structured logger
+* without formatting.
+*/
+/**
+* Patterns that identify internal Vite/RSC vendor paths in stack traces.
+* These are replaced with human-readable labels.
+*/
+var VENDOR_PATH_PATTERNS = [
+	{
+		pattern: /node_modules\/\.vite\/deps_ssr\/@vitejs_plugin-rsc_vendor_react-server-dom[^\s)]+/g,
+		replacement: "<react-server-dom>"
+	},
+	{
+		pattern: /node_modules\/\.vite\/deps_ssr\/@vitejs_plugin-rsc_vendor[^\s)]+/g,
+		replacement: "<rsc-vendor>"
+	},
+	{
+		pattern: /node_modules\/\.vite\/deps_ssr\/[^\s)]+/g,
+		replacement: "<vite-dep>"
+	},
+	{
+		pattern: /node_modules\/\.vite\/deps\/[^\s)]+/g,
+		replacement: "<vite-dep>"
+	}
+];
+/**
+* Patterns that identify Vite-mangled export names in error messages.
+*/
+var MANGLED_NAME_PATTERNS = [{
+	pattern: /__vite_ssr_export_default__/g,
+	replacement: "<default export>"
+}, {
+	pattern: /__vite_ssr_export_(\w+)__/g,
+	replacement: "<export $1>"
+}];
+/**
+* Rewrite an error's message and stack to replace internal Vite paths
+* and mangled names with human-readable labels.
+*/
+function formatSsrError(error) {
+	if (!(error instanceof Error)) return String(error);
+	let message = error.message;
+	let stack = error.stack ?? "";
+	for (const { pattern, replacement } of MANGLED_NAME_PATTERNS) message = message.replace(pattern, replacement);
+	for (const { pattern, replacement } of VENDOR_PATH_PATTERNS) stack = stack.replace(pattern, replacement);
+	for (const { pattern, replacement } of MANGLED_NAME_PATTERNS) stack = stack.replace(pattern, replacement);
+	const hint = extractErrorHint(error.message);
+	const parts = [];
+	parts.push(message);
+	if (hint) parts.push(`  → ${hint}`);
+	const userFrames = extractUserFrames(stack);
+	if (userFrames.length > 0) {
+		parts.push("");
+		parts.push("  User code in stack:");
+		for (const frame of userFrames) parts.push(`    ${frame}`);
+	}
+	return parts.join("\n");
+}
+/**
+* Extract a human-readable hint from common React/RSC error messages.
+*
+* React error messages contain useful information but the surrounding
+* context (vendor paths, mangled names) obscures it. This extracts the
+* actionable part as a one-line hint.
+*/
+function extractErrorHint(message) {
+	if (message.match(/Functions cannot be passed directly to Client Components/)) {
+		const propMatch = message.match(/<[^>]*?\s(\w+)=\{function/);
+		if (propMatch) return `Prop "${propMatch[1]}" is a function — mark it "use server" or call it before passing`;
+		return "A function prop was passed to a Client Component — mark it \"use server\" or call it before passing";
+	}
+	if (message.includes("Objects are not valid as a React child")) return "An object was rendered as JSX children — convert to string or extract the value";
+	const nullRefMatch = message.match(/Cannot read propert(?:y|ies) of (undefined|null) \(reading '(\w+)'\)/);
+	if (nullRefMatch) return `Accessed .${nullRefMatch[2]} on ${nullRefMatch[1]} — check that the value exists`;
+	const notFnMatch = message.match(/(\w+) is not a function/);
+	if (notFnMatch) return `"${notFnMatch[1]}" is not a function — check imports and exports`;
+	if (message.includes("Element type is invalid")) return "A component resolved to undefined/null — check default exports and import paths";
+	if (message.includes("Invalid hook call")) return "A hook was called outside of a React component render. If this is a 'use client' component, ensure the directive is at the very top of the file (before any imports) and that @vitejs/plugin-rsc is loaded correctly. Barrel re-exports from non-'use client' files do not propagate the directive.";
+	return null;
+}
+/**
+* Extract stack frames that reference user code (not node_modules,
+* not framework internals).
+*
+* Returns at most 5 frames to keep output concise.
+*/
+function extractUserFrames(stack) {
+	const lines = stack.split("\n");
+	const userFrames = [];
+	for (const line of lines) {
+		const trimmed = line.trim();
+		if (!trimmed.startsWith("at ")) continue;
+		if (trimmed.includes("node_modules") || trimmed.includes("<react-server-dom>") || trimmed.includes("<rsc-vendor>") || trimmed.includes("<vite-dep>") || trimmed.includes("node:internal")) continue;
+		userFrames.push(trimmed);
+		if (userFrames.length >= 5) break;
+	}
+	return userFrames;
+}
+//#endregion
+//#region src/server/default-logger.ts
+/**
+* DefaultLogger — human-readable stderr logging when no custom logger is configured.
+*
+* Ships as the fallback so production deployments always have error visibility,
+* even without an `instrumentation.ts` logger export. Output is one line per
+* event, designed for `fly logs`, `kubectl logs`, Cloudflare dashboard tails, etc.
+*
+* Format:
+*   [timber] ERROR  message  key=value key=value  trace_id=4bf92f35
+*   [timber] WARN   message  key=value key=value  trace_id=4bf92f35
+*   [timber] INFO   message  method=GET path=/dashboard status=200 durationMs=43  trace_id=4bf92f35
+*
+* Behavior:
+* - Suppressed entirely in dev mode (dev logging handles all output)
+* - `debug` suppressed unless TIMBER_DEBUG is set
+* - Replaced entirely when a custom logger is set via `setLogger()`
+*
+* See design/17-logging.md §"DefaultLogger"
+*/
+/**
+* Format data fields as `key=value` pairs for human-readable output.
+* - `error` key is serialized via formatSsrError for stack trace cleanup
+* - `trace_id` is truncated to 8 chars for readability (full ID in OTEL)
+* - Other values are stringified inline
+*/
+function formatDataFields(data) {
+	if (!data) return "";
+	const parts = [];
+	let traceId;
+	for (const [key, value] of Object.entries(data)) {
+		if (key === "trace_id") {
+			traceId = typeof value === "string" ? value : String(value);
+			continue;
+		}
+		if (key === "error") {
+			parts.push(`error=${formatSsrError(value)}`);
+			continue;
+		}
+		if (value === void 0 || value === null) continue;
+		parts.push(`${key}=${value}`);
+	}
+	if (traceId) parts.push(`trace_id=${traceId.slice(0, 8)}`);
+	return parts.length > 0 ? "  " + parts.join("  ") : "";
+}
+/** Pad level string to fixed width for alignment. */
+function padLevel(level) {
+	return level.padEnd(5);
+}
+function createDefaultLogger() {
+	return {
+		error(msg, data) {
+			const fields = formatDataFields(data);
+			process.stderr.write(`[timber] ${padLevel("ERROR")}  ${msg}${fields}\n`);
+		},
+		warn(msg, data) {
+			const fields = formatDataFields(data);
+			process.stderr.write(`[timber] ${padLevel("WARN")}  ${msg}${fields}\n`);
+		},
+		info(msg, data) {
+			if (isDevMode()) return;
+			if (!isDebug()) return;
+			const fields = formatDataFields(data);
+			process.stderr.write(`[timber] ${padLevel("INFO")}  ${msg}${fields}\n`);
+		},
+		debug(msg, data) {
+			if (isDevMode()) return;
+			if (!isDebug()) return;
+			const fields = formatDataFields(data);
+			process.stderr.write(`[timber] ${padLevel("DEBUG")}  ${msg}${fields}\n`);
+		}
+	};
+}
+//#endregion
+//#region src/server/logger.ts
+/**
+* Logger — structured logging with environment-aware formatting.
+*
+* timber.js ships a DefaultLogger that writes human-readable lines to stderr
+* in production. Users can export a custom logger from instrumentation.ts to
+* replace it with pino, winston, or any TimberLogger-compatible object.
+*
+* See design/17-logging.md §"Production Logging"
+*/
+var _logger = createDefaultLogger();
+/**
+* Set the user-provided logger. Called by the instrumentation loader
+* when it finds a `logger` export in instrumentation.ts. Replaces
+* the DefaultLogger entirely.
+*/
+function setLogger(logger) {
+	_logger = logger;
+}
+/**
+* Get the current logger. Always non-null — returns DefaultLogger when
+* no custom logger is configured.
+*/
+function getLogger() {
+	return _logger;
+}
+/**
+* Inject trace_id and span_id into log data for log–trace correlation.
+* Always injects trace_id (never undefined). Injects span_id only when OTEL is active.
+*/
+function withTraceContext(data) {
+	const store = getTraceStore();
+	const enriched = { ...data };
+	if (store) {
+		enriched.trace_id = store.traceId;
+		if (store.spanId) enriched.span_id = store.spanId;
+	}
+	return enriched;
+}
+/** Log a completed request. Level: info. */
+function logRequestCompleted(data) {
+	_logger.info("request completed", withTraceContext(data));
+}
+/** Log request received. Level: debug. */
+function logRequestReceived(data) {
+	_logger.debug("request received", withTraceContext(data));
+}
+/** Log a slow request warning. Level: warn. */
+function logSlowRequest(data) {
+	_logger.warn("slow request exceeded threshold", withTraceContext(data));
+}
+/** Log middleware short-circuit. Level: debug. */
+function logMiddlewareShortCircuit(data) {
+	_logger.debug("middleware short-circuited", withTraceContext(data));
+}
+/** Log unhandled error in middleware phase. Level: error. */
+function logMiddlewareError(data) {
+	_logger.error("unhandled error in middleware phase", withTraceContext(data));
+}
+/** Log unhandled render-phase error. Level: error. */
+function logRenderError(data) {
+	_logger.error("unhandled render-phase error", withTraceContext(data));
+}
+/** Log proxy.ts uncaught error. Level: error. */
+function logProxyError(data) {
+	_logger.error("proxy.ts threw uncaught error", withTraceContext(data));
+}
+/** Log unhandled error in route handler. Level: error. */
+function logRouteError(data) {
+	_logger.error("unhandled route handler error", withTraceContext(data));
+}
+/** Log waitUntil() adapter missing (once at startup). Level: warn. */
+function logWaitUntilUnsupported() {
+	_logger.warn("adapter does not support waitUntil()");
+}
+/** Log waitUntil() promise rejection. Level: warn. */
+function logWaitUntilRejected(data) {
+	_logger.warn("waitUntil() promise rejected", withTraceContext(data));
+}
+/** Log staleWhileRevalidate refetch failure. Level: warn. */
+function logSwrRefetchFailed(data) {
+	_logger.warn("staleWhileRevalidate refetch failed", withTraceContext(data));
+}
+/** Log cache miss. Level: debug. */
+function logCacheMiss(data) {
+	_logger.debug("timber.cache MISS", withTraceContext(data));
+}
+//#endregion
+//#region src/server/instrumentation.ts
+/**
+* Instrumentation — loads and runs the user's instrumentation.ts file.
+*
+* instrumentation.ts is a file convention at the project root that exports:
+* - register() — called once at server startup, before the first request
+* - onRequestError() — called for every unhandled server error
+* - logger — any object with info/warn/error/debug methods
+*
+* See design/17-logging.md §"instrumentation.ts — The Entry Point"
+*/
+var _initialized = false;
+var _onRequestError = null;
+/**
+* Load and initialize the user's instrumentation.ts module.
+*
+* - Awaits register() before returning (server blocks on this).
+* - Picks up the logger export and wires it into the framework logger.
+* - Stores onRequestError for later invocation.
+*
+* @param loader - Function that dynamically imports the user's instrumentation module.
+*                 Returns null if no instrumentation.ts exists.
+*/
+async function loadInstrumentation(loader) {
+	if (_initialized) return;
+	_initialized = true;
+	let mod;
+	try {
+		mod = await loader();
+	} catch (error) {
+		console.error("[timber] Failed to load instrumentation.ts:", error);
+		return;
+	}
+	if (!mod) return;
+	if (mod.logger && typeof mod.logger.info === "function") setLogger(mod.logger);
+	if (typeof mod.onRequestError === "function") _onRequestError = mod.onRequestError;
+	if (typeof mod.register === "function") try {
+		await mod.register();
+	} catch (error) {
+		console.error("[timber] instrumentation.ts register() threw:", error);
+		throw error;
+	}
+}
+/**
+* Call the user's onRequestError hook. Catches and logs any errors thrown
+* by the hook itself — it must not affect the response.
+*/
+async function callOnRequestError(error, request, context) {
+	if (!_onRequestError) return;
+	try {
+		await _onRequestError(error, request, context);
+	} catch (hookError) {
+		console.error("[timber] onRequestError hook threw:", hookError);
+	}
+}
+/**
+* Check if onRequestError is registered.
+*/
+function hasOnRequestError() {
+	return _onRequestError !== null;
+}
+//#endregion
+//#region src/server/metadata-social.ts
+/**
+* Render Open Graph metadata into head element descriptors.
+*
+* Handles og:title, og:description, og:image (with dimensions/alt),
+* og:video, og:audio, og:article:author, and other OG properties.
+*/
+function renderOpenGraph(og, elements) {
+	const simpleProps = [
+		["og:title", og.title],
+		["og:description", og.description],
+		["og:url", og.url],
+		["og:site_name", og.siteName],
+		["og:locale", og.locale],
+		["og:type", og.type],
+		["og:article:published_time", og.publishedTime],
+		["og:article:modified_time", og.modifiedTime]
+	];
+	for (const [property, content] of simpleProps) if (content) elements.push({
+		tag: "meta",
+		attrs: {
+			property,
+			content
+		}
+	});
+	if (og.images) if (typeof og.images === "string") elements.push({
+		tag: "meta",
+		attrs: {
+			property: "og:image",
+			content: og.images
+		}
+	});
+	else {
+		const imgList = Array.isArray(og.images) ? og.images : [og.images];
+		for (const img of imgList) {
+			elements.push({
+				tag: "meta",
+				attrs: {
+					property: "og:image",
+					content: img.url
+				}
+			});
+			if (img.width) elements.push({
+				tag: "meta",
+				attrs: {
+					property: "og:image:width",
+					content: String(img.width)
+				}
+			});
+			if (img.height) elements.push({
+				tag: "meta",
+				attrs: {
+					property: "og:image:height",
+					content: String(img.height)
+				}
+			});
+			if (img.alt) elements.push({
+				tag: "meta",
+				attrs: {
+					property: "og:image:alt",
+					content: img.alt
+				}
+			});
+		}
+	}
+	if (og.videos) for (const video of og.videos) elements.push({
+		tag: "meta",
+		attrs: {
+			property: "og:video",
+			content: video.url
+		}
+	});
+	if (og.audio) for (const audio of og.audio) elements.push({
+		tag: "meta",
+		attrs: {
+			property: "og:audio",
+			content: audio.url
+		}
+	});
+	if (og.authors) for (const author of og.authors) elements.push({
+		tag: "meta",
+		attrs: {
+			property: "og:article:author",
+			content: author
+		}
+	});
+}
+/**
+* Render Twitter Card metadata into head element descriptors.
+*
+* Handles twitter:card, twitter:site, twitter:title, twitter:image,
+* twitter:player, and twitter:app (per-platform name/id/url).
+*/
+function renderTwitter(tw, elements) {
+	const simpleProps = [
+		["twitter:card", tw.card],
+		["twitter:site", tw.site],
+		["twitter:site:id", tw.siteId],
+		["twitter:title", tw.title],
+		["twitter:description", tw.description],
+		["twitter:creator", tw.creator],
+		["twitter:creator:id", tw.creatorId]
+	];
+	for (const [name, content] of simpleProps) if (content) elements.push({
+		tag: "meta",
+		attrs: {
+			name,
+			content
+		}
+	});
+	if (tw.images) if (typeof tw.images === "string") elements.push({
+		tag: "meta",
+		attrs: {
+			name: "twitter:image",
+			content: tw.images
+		}
+	});
+	else {
+		const imgList = Array.isArray(tw.images) ? tw.images : [tw.images];
+		for (const img of imgList) {
+			const url = typeof img === "string" ? img : img.url;
+			elements.push({
+				tag: "meta",
+				attrs: {
+					name: "twitter:image",
+					content: url
+				}
+			});
+		}
+	}
+	if (tw.players) for (const player of tw.players) {
+		elements.push({
+			tag: "meta",
+			attrs: {
+				name: "twitter:player",
+				content: player.playerUrl
+			}
+		});
+		if (player.width) elements.push({
+			tag: "meta",
+			attrs: {
+				name: "twitter:player:width",
+				content: String(player.width)
+			}
+		});
+		if (player.height) elements.push({
+			tag: "meta",
+			attrs: {
+				name: "twitter:player:height",
+				content: String(player.height)
+			}
+		});
+		if (player.streamUrl) elements.push({
+			tag: "meta",
+			attrs: {
+				name: "twitter:player:stream",
+				content: player.streamUrl
+			}
+		});
+	}
+	if (tw.app) {
+		const platforms = [
+			["iPhone", "iphone"],
+			["iPad", "ipad"],
+			["googlePlay", "googleplay"]
+		];
+		if (tw.app.name) {
+			for (const [key, tag] of platforms) if (tw.app.id?.[key]) elements.push({
+				tag: "meta",
+				attrs: {
+					name: `twitter:app:name:${tag}`,
+					content: tw.app.name
+				}
+			});
+		}
+		for (const [key, tag] of platforms) {
+			const id = tw.app.id?.[key];
+			if (id) elements.push({
+				tag: "meta",
+				attrs: {
+					name: `twitter:app:id:${tag}`,
+					content: id
+				}
+			});
+		}
+		for (const [key, tag] of platforms) {
+			const url = tw.app.url?.[key];
+			if (url) elements.push({
+				tag: "meta",
+				attrs: {
+					name: `twitter:app:url:${tag}`,
+					content: url
+				}
+			});
+		}
+	}
+}
+//#endregion
+//#region src/server/metadata-platform.ts
+/**
+* Render icon link elements (favicon, shortcut, apple-touch-icon, custom).
+*/
+function renderIcons(icons, elements) {
+	if (icons.icon) {
+		if (typeof icons.icon === "string") elements.push({
+			tag: "link",
+			attrs: {
+				rel: "icon",
+				href: icons.icon
+			}
+		});
+		else if (Array.isArray(icons.icon)) for (const icon of icons.icon) {
+			const attrs = {
+				rel: "icon",
+				href: icon.url
+			};
+			if (icon.sizes) attrs.sizes = icon.sizes;
+			if (icon.type) attrs.type = icon.type;
+			elements.push({
+				tag: "link",
+				attrs
+			});
+		}
+	}
+	if (icons.shortcut) {
+		const urls = Array.isArray(icons.shortcut) ? icons.shortcut : [icons.shortcut];
+		for (const url of urls) elements.push({
+			tag: "link",
+			attrs: {
+				rel: "shortcut icon",
+				href: url
+			}
+		});
+	}
+	if (icons.apple) {
+		if (typeof icons.apple === "string") elements.push({
+			tag: "link",
+			attrs: {
+				rel: "apple-touch-icon",
+				href: icons.apple
+			}
+		});
+		else if (Array.isArray(icons.apple)) for (const icon of icons.apple) {
+			const attrs = {
+				rel: "apple-touch-icon",
+				href: icon.url
+			};
+			if (icon.sizes) attrs.sizes = icon.sizes;
+			elements.push({
+				tag: "link",
+				attrs
+			});
+		}
+	}
+	if (icons.other) for (const icon of icons.other) {
+		const attrs = {
+			rel: icon.rel,
+			href: icon.url
+		};
+		if (icon.sizes) attrs.sizes = icon.sizes;
+		if (icon.type) attrs.type = icon.type;
+		elements.push({
+			tag: "link",
+			attrs
+		});
+	}
+}
+/**
+* Render alternate link elements (canonical, hreflang, media, types).
+*/
+function renderAlternates(alternates, elements) {
+	if (alternates.canonical) elements.push({
+		tag: "link",
+		attrs: {
+			rel: "canonical",
+			href: alternates.canonical
+		}
+	});
+	if (alternates.languages) for (const [lang, href] of Object.entries(alternates.languages)) elements.push({
+		tag: "link",
+		attrs: {
+			rel: "alternate",
+			hreflang: lang,
+			href
+		}
+	});
+	if (alternates.media) for (const [media, href] of Object.entries(alternates.media)) elements.push({
+		tag: "link",
+		attrs: {
+			rel: "alternate",
+			media,
+			href
+		}
+	});
+	if (alternates.types) for (const [type, href] of Object.entries(alternates.types)) elements.push({
+		tag: "link",
+		attrs: {
+			rel: "alternate",
+			type,
+			href
+		}
+	});
+}
+/**
+* Render site verification meta tags (Google, Yahoo, Yandex, custom).
+*/
+function renderVerification(verification, elements) {
+	const verificationProps = [
+		["google-site-verification", verification.google],
+		["y_key", verification.yahoo],
+		["yandex-verification", verification.yandex]
+	];
+	for (const [name, content] of verificationProps) if (content) elements.push({
+		tag: "meta",
+		attrs: {
+			name,
+			content
+		}
+	});
+	if (verification.other) for (const [name, value] of Object.entries(verification.other)) {
+		const content = Array.isArray(value) ? value.join(", ") : value;
+		elements.push({
+			tag: "meta",
+			attrs: {
+				name,
+				content
+			}
+		});
+	}
+}
+/**
+* Render Apple Web App meta tags and startup image links.
+*/
+function renderAppleWebApp(appleWebApp, elements) {
+	if (appleWebApp.capable) elements.push({
+		tag: "meta",
+		attrs: {
+			name: "apple-mobile-web-app-capable",
+			content: "yes"
+		}
+	});
+	if (appleWebApp.title) elements.push({
+		tag: "meta",
+		attrs: {
+			name: "apple-mobile-web-app-title",
+			content: appleWebApp.title
+		}
+	});
+	if (appleWebApp.statusBarStyle) elements.push({
+		tag: "meta",
+		attrs: {
+			name: "apple-mobile-web-app-status-bar-style",
+			content: appleWebApp.statusBarStyle
+		}
+	});
+	if (appleWebApp.startupImage) {
+		const images = Array.isArray(appleWebApp.startupImage) ? appleWebApp.startupImage : [{ url: appleWebApp.startupImage }];
+		for (const img of images) {
+			const attrs = {
+				rel: "apple-touch-startup-image",
+				href: typeof img === "string" ? img : img.url
+			};
+			if (typeof img === "object" && img.media) attrs.media = img.media;
+			elements.push({
+				tag: "link",
+				attrs
+			});
+		}
+	}
+}
+/**
+* Render App Links (al:*) meta tags for deep linking across platforms.
+*/
+function renderAppLinks(appLinks, elements) {
+	const platformEntries = [
+		["ios", appLinks.ios],
+		["android", appLinks.android],
+		["windows", appLinks.windows],
+		["windows_phone", appLinks.windowsPhone],
+		["windows_universal", appLinks.windowsUniversal]
+	];
+	for (const [platform, entries] of platformEntries) {
+		if (!entries) continue;
+		for (const entry of entries) for (const [key, value] of Object.entries(entry)) if (value !== void 0 && value !== null) elements.push({
+			tag: "meta",
+			attrs: {
+				property: `al:${platform}:${key}`,
+				content: String(value)
+			}
+		});
+	}
+	if (appLinks.web) {
+		if (appLinks.web.url) elements.push({
+			tag: "meta",
+			attrs: {
+				property: "al:web:url",
+				content: appLinks.web.url
+			}
+		});
+		if (appLinks.web.shouldFallback !== void 0) elements.push({
+			tag: "meta",
+			attrs: {
+				property: "al:web:should_fallback",
+				content: appLinks.web.shouldFallback ? "true" : "false"
+			}
+		});
+	}
+}
+/**
+* Render Apple iTunes smart banner meta tag.
+*/
+function renderItunes(itunes, elements) {
+	const parts = [`app-id=${itunes.appId}`];
+	if (itunes.affiliateData) parts.push(`affiliate-data=${itunes.affiliateData}`);
+	if (itunes.appArgument) parts.push(`app-argument=${itunes.appArgument}`);
+	elements.push({
+		tag: "meta",
+		attrs: {
+			name: "apple-itunes-app",
+			content: parts.join(", ")
+		}
+	});
+}
+//#endregion
+//#region src/server/metadata-render.ts
+/**
+* Convert resolved metadata into an array of head element descriptors.
+*
+* Each descriptor has a `tag` ('title', 'meta', 'link') and either
+* `content` (for <title>) or `attrs` (for <meta>/<link>).
+*
+* The framework's MetadataResolver component consumes these descriptors
+* and renders them into the <head>.
+*/
+function renderMetadataToElements(metadata) {
+	const elements = [];
+	if (typeof metadata.title === "string") elements.push({
+		tag: "title",
+		content: metadata.title
+	});
+	const simpleMetaProps = [
+		["description", metadata.description],
+		["generator", metadata.generator],
+		["application-name", metadata.applicationName],
+		["referrer", metadata.referrer],
+		["category", metadata.category],
+		["creator", metadata.creator],
+		["publisher", metadata.publisher]
+	];
+	for (const [name, content] of simpleMetaProps) if (content) elements.push({
+		tag: "meta",
+		attrs: {
+			name,
+			content
+		}
+	});
+	if (metadata.keywords) {
+		const content = Array.isArray(metadata.keywords) ? metadata.keywords.join(", ") : metadata.keywords;
+		elements.push({
+			tag: "meta",
+			attrs: {
+				name: "keywords",
+				content
+			}
+		});
+	}
+	if (metadata.robots) {
+		const content = typeof metadata.robots === "string" ? metadata.robots : renderRobotsObject(metadata.robots);
+		elements.push({
+			tag: "meta",
+			attrs: {
+				name: "robots",
+				content
+			}
+		});
+		if (typeof metadata.robots === "object" && metadata.robots.googleBot) {
+			const gbContent = typeof metadata.robots.googleBot === "string" ? metadata.robots.googleBot : renderRobotsObject(metadata.robots.googleBot);
+			elements.push({
+				tag: "meta",
+				attrs: {
+					name: "googlebot",
+					content: gbContent
+				}
+			});
+		}
+	}
+	if (metadata.openGraph) renderOpenGraph(metadata.openGraph, elements);
+	if (metadata.twitter) renderTwitter(metadata.twitter, elements);
+	if (metadata.icons) renderIcons(metadata.icons, elements);
+	if (metadata.manifest) elements.push({
+		tag: "link",
+		attrs: {
+			rel: "manifest",
+			href: metadata.manifest
+		}
+	});
+	if (metadata.alternates) renderAlternates(metadata.alternates, elements);
+	if (metadata.verification) renderVerification(metadata.verification, elements);
+	if (metadata.formatDetection) {
+		const parts = [];
+		if (metadata.formatDetection.telephone === false) parts.push("telephone=no");
+		if (metadata.formatDetection.email === false) parts.push("email=no");
+		if (metadata.formatDetection.address === false) parts.push("address=no");
+		if (parts.length > 0) elements.push({
+			tag: "meta",
+			attrs: {
+				name: "format-detection",
+				content: parts.join(", ")
+			}
+		});
+	}
+	if (metadata.authors) {
+		const authorList = Array.isArray(metadata.authors) ? metadata.authors : [metadata.authors];
+		for (const author of authorList) {
+			if (author.name) elements.push({
+				tag: "meta",
+				attrs: {
+					name: "author",
+					content: author.name
+				}
+			});
+			if (author.url) elements.push({
+				tag: "link",
+				attrs: {
+					rel: "author",
+					href: author.url
+				}
+			});
+		}
+	}
+	if (metadata.appleWebApp) renderAppleWebApp(metadata.appleWebApp, elements);
+	if (metadata.appLinks) renderAppLinks(metadata.appLinks, elements);
+	if (metadata.itunes) renderItunes(metadata.itunes, elements);
+	if (metadata.other) for (const [name, value] of Object.entries(metadata.other)) {
+		const content = Array.isArray(value) ? value.join(", ") : value;
+		elements.push({
+			tag: "meta",
+			attrs: {
+				name,
+				content
+			}
+		});
+	}
+	return elements;
+}
+function renderRobotsObject(robots) {
+	const parts = [];
+	if (robots.index === true) parts.push("index");
+	if (robots.index === false) parts.push("noindex");
+	if (robots.follow === true) parts.push("follow");
+	if (robots.follow === false) parts.push("nofollow");
+	return parts.join(", ");
+}
+//#endregion
+//#region src/server/metadata.ts
+/**
+* Resolve a title value with an optional template.
+*
+* - string → apply template if present
+* - { absolute: '...' } → use as-is, skip template
+* - { default: '...' } → use as fallback (no template applied)
+* - undefined → undefined
+*/
+function resolveTitle(title, template) {
+	if (title === void 0 || title === null) return;
+	if (typeof title === "string") return template ? template.replace("%s", title) : title;
+	if (title.absolute !== void 0) return title.absolute;
+	if (title.default !== void 0) return title.default;
+}
+/**
+* Resolve metadata from a segment chain.
+*
+* Processes entries from root layout to page (in segment order).
+* The merge algorithm:
+*   1. Shallow-merge all keys except title (later wins)
+*   2. Track the most recent title template
+*   3. Resolve the final title using the template
+*
+* In error state, the page entry is dropped and noindex is injected.
+*
+* See design/16-metadata.md §"Merge Algorithm"
+*/
+function resolveMetadata(entries, options = {}) {
+	const { errorState = false } = options;
+	const merged = {};
+	let titleTemplate;
+	let lastDefault;
+	let rawTitle;
+	for (const { metadata, isPage } of entries) {
+		if (errorState && isPage) continue;
+		if (metadata.title !== void 0 && typeof metadata.title === "object") {
+			if (metadata.title.template !== void 0) titleTemplate = metadata.title.template;
+			if (metadata.title.default !== void 0) lastDefault = metadata.title.default;
+		}
+		for (const key of Object.keys(metadata)) {
+			if (key === "title") continue;
+			merged[key] = metadata[key];
+		}
+		if (metadata.title !== void 0) rawTitle = metadata.title;
+	}
+	if (errorState) {
+		rawTitle = lastDefault !== void 0 ? { default: lastDefault } : rawTitle;
+		titleTemplate = void 0;
+	}
+	const resolvedTitle = resolveTitle(rawTitle, titleTemplate);
+	if (resolvedTitle !== void 0) merged.title = resolvedTitle;
+	if (errorState) merged.robots = "noindex";
+	return merged;
+}
+/**
+* Check if a string is an absolute URL.
+*/
+function isAbsoluteUrl(url) {
+	return url.startsWith("http://") || url.startsWith("https://") || url.startsWith("//");
+}
+/**
+* Resolve a relative URL against a base URL.
+*/
+function resolveUrl(url, base) {
+	if (isAbsoluteUrl(url)) return url;
+	return new URL(url, base).toString();
+}
+/**
+* Resolve relative URLs in metadata fields against metadataBase.
+*
+* Returns a new metadata object with URLs resolved. Absolute URLs are not modified.
+* If metadataBase is not set, returns the metadata unchanged.
+*/
+function resolveMetadataUrls(metadata) {
+	const base = metadata.metadataBase;
+	if (!base) return metadata;
+	const result = { ...metadata };
+	if (result.openGraph) {
+		result.openGraph = { ...result.openGraph };
+		if (typeof result.openGraph.images === "string") result.openGraph.images = resolveUrl(result.openGraph.images, base);
+		else if (Array.isArray(result.openGraph.images)) result.openGraph.images = result.openGraph.images.map((img) => ({
+			...img,
+			url: resolveUrl(img.url, base)
+		}));
+		else if (result.openGraph.images) result.openGraph.images = {
+			...result.openGraph.images,
+			url: resolveUrl(result.openGraph.images.url, base)
+		};
+		if (result.openGraph.url && !isAbsoluteUrl(result.openGraph.url)) result.openGraph.url = resolveUrl(result.openGraph.url, base);
+	}
+	if (result.twitter) {
+		result.twitter = { ...result.twitter };
+		if (typeof result.twitter.images === "string") result.twitter.images = resolveUrl(result.twitter.images, base);
+		else if (Array.isArray(result.twitter.images)) {
+			const resolved = result.twitter.images.map((img) => typeof img === "string" ? resolveUrl(img, base) : {
+				...img,
+				url: resolveUrl(img.url, base)
+			});
+			const allStrings = resolved.every((r) => typeof r === "string");
+			result.twitter.images = allStrings ? resolved : resolved;
+		} else if (result.twitter.images) result.twitter.images = {
+			...result.twitter.images,
+			url: resolveUrl(result.twitter.images.url, base)
+		};
+	}
+	if (result.alternates) {
+		result.alternates = { ...result.alternates };
+		if (result.alternates.canonical && !isAbsoluteUrl(result.alternates.canonical)) result.alternates.canonical = resolveUrl(result.alternates.canonical, base);
+		if (result.alternates.languages) {
+			const langs = {};
+			for (const [lang, url] of Object.entries(result.alternates.languages)) langs[lang] = isAbsoluteUrl(url) ? url : resolveUrl(url, base);
+			result.alternates.languages = langs;
+		}
+	}
+	if (result.icons) {
+		result.icons = { ...result.icons };
+		if (typeof result.icons.icon === "string") result.icons.icon = resolveUrl(result.icons.icon, base);
+		else if (Array.isArray(result.icons.icon)) result.icons.icon = result.icons.icon.map((i) => ({
+			...i,
+			url: resolveUrl(i.url, base)
+		}));
+		if (typeof result.icons.apple === "string") result.icons.apple = resolveUrl(result.icons.apple, base);
+		else if (Array.isArray(result.icons.apple)) result.icons.apple = result.icons.apple.map((i) => ({
+			...i,
+			url: resolveUrl(i.url, base)
+		}));
+	}
+	return result;
+}
+//#endregion
+//#region src/server/safe-load.ts
+/**
+* Custom error class for module load failures.
+*
+* Preserves the original error as `cause` while providing a
+* human-readable message with the file path.
+*/
+var ModuleLoadError = class extends Error {
+	/** The file path that failed to load. */
+	filePath;
+	constructor(filePath, cause) {
+		const originalMessage = cause instanceof Error ? cause.message : String(cause);
+		super(`[timber] Failed to load module ${filePath}\n  ${originalMessage}`, { cause });
+		this.name = "ModuleLoadError";
+		this.filePath = filePath;
+	}
+};
+/**
+* Load a route manifest module with enriched error context.
+*
+* On success: returns the module object (same as `loader.load()`).
+* On failure: throws `ModuleLoadError` with file path and original cause.
+*
+* For error rendering paths that need fallthrough instead of throwing,
+* callers should catch at the call site:
+*
+* ```ts
+* // Throwing (default) — route-element-builder, api-handler, etc.
+* const mod = await loadModule(segment.page);
+*
+* // Fallthrough — error-renderer, error-boundary-wrapper
+* const mod = await loadModule(segment.error).catch(() => null);
+* ```
+*/
+async function loadModule(loader) {
+	try {
+		return await loader.load();
+	} catch (error) {
+		throw new ModuleLoadError(loader.filePath, error);
+	}
+}
+//#endregion
+//#region src/server/deny-page-resolver.ts
+/**
+* Deny Page Resolver — resolves status-code file components for in-tree deny handling.
+*
+* When AccessGate or PageDenyBoundary catches a DenySignal, they need to
+* render the matching deny page (403.tsx, 4xx.tsx, error.tsx) as a normal
+* element in the React tree. This module resolves the deny page chain from
+* the segment chain — a list of fallback components ordered by specificity.
+*
+* The chain is built during buildRouteElement and passed as a prop to
+* AccessGate and PageDenyBoundary. At catch time, the first matching
+* component is rendered.
+*
+* See design/10-error-handling.md §"Status-Code Files", TIM-666.
+*/
+/**
+* Find the first deny page in the chain that matches the given status code.
+* Returns a React element for the matching component, or null if no match.
+*/
+function renderMatchingDenyPage(chain, status, data) {
+	const h = createElement;
+	for (const entry of chain) {
+		if (entry.status === status) return h(entry.component, {
+			status,
+			dangerouslyPassData: data
+		});
+		if (entry.status === 400 && status >= 400 && status <= 499) return h(entry.component, {
+			status,
+			dangerouslyPassData: data
+		});
+		if (entry.status === 500 && status >= 500 && status <= 599) return h(entry.component, {
+			status,
+			dangerouslyPassData: data
+		});
+		if (entry.status === null) return h(entry.component, {
+			status,
+			dangerouslyPassData: data
+		});
+	}
+	return null;
+}
+/**
+* Set the deny status in the request context ALS.
+* Called from AccessGate / PageDenyBoundary when a DenySignal is caught.
+* The pipeline reads this after render to set the HTTP status code.
+*/
+function setDenyStatus(status) {
+	const store = requestContextAls.getStore();
+	if (store) store.denyStatus = status;
+}
+//#endregion
+//#region src/server/access-gate.tsx
+/**
+* AccessGate and SlotAccessGate — framework-injected async server components.
+*
+* AccessGate wraps each segment's layout in the element tree. It calls the
+* segment's access.ts before the layout renders. If access.ts calls deny()
+* or redirect(), the signal propagates as a render-phase throw — caught by
+* the flush controller to produce the correct HTTP status code.
+*
+* SlotAccessGate wraps parallel slot content. On denial, it renders the
+* graceful degradation chain: denied.tsx → default.tsx → null. Slot denial
+* does not affect the HTTP status code.
+*
+* See design/04-authorization.md and design/02-rendering-pipeline.md §"AccessGate"
+*/
+/**
+* Framework-injected access gate for segments.
+*
+* When a pre-computed `verdict` prop is provided (from the pre-render pass
+* in route-element-builder.ts), AccessGate replays it synchronously — no
+* async, no re-execution of access.ts, immune to Suspense timing. The OTEL
+* span was already emitted during the pre-render pass.
+*
+* When no verdict is provided (backward compat with tree-builder.ts),
+* AccessGate calls accessFn directly with OTEL instrumentation.
+*
+* access.ts is a pure gate — return values are discarded. The layout below
+* gets the same data by calling the same cached functions (React.cache dedup).
+*/
+function AccessGate(props) {
+	const { accessFn, segmentName, verdict, denyPages, children } = props;
+	if (verdict !== void 0) {
+		if (verdict === "pass") return children;
+		throw verdict;
+	}
+	return accessGateFallback(accessFn, segmentName, denyPages, children);
+}
+/**
+* Async fallback for AccessGate when no pre-computed verdict is available.
+* Calls accessFn with OTEL instrumentation.
+*/
+async function accessGateFallback(accessFn, segmentName, denyPages, children) {
+	try {
+		await withSpan("timber.access", { "timber.segment": segmentName ?? "unknown" }, async () => {
+			try {
+				await accessFn();
+				await setSpanAttribute("timber.result", "pass");
+			} catch (error) {
+				if (error instanceof DenySignal) {
+					await setSpanAttribute("timber.result", "deny");
+					await setSpanAttribute("timber.deny_status", error.status);
+					if (error.sourceFile) await setSpanAttribute("timber.deny_file", error.sourceFile);
+				} else if (error instanceof RedirectSignal) await setSpanAttribute("timber.result", "redirect");
+				throw error;
+			}
+		});
+	} catch (error) {
+		if (error instanceof DenySignal && denyPages) {
+			const denyElement = renderMatchingDenyPage(denyPages, error.status, error.data);
+			if (denyElement) {
+				setDenyStatus(error.status);
+				return denyElement;
+			}
+		}
+		throw error;
+	}
+	return children;
+}
+/**
+* Framework-injected access gate for parallel slots.
+*
+* On denial, graceful degradation: denied.tsx → default.tsx → null.
+* The HTTP status code is unaffected — slot denial is a UI concern, not
+* a protocol concern. The parent layout and sibling slots still render.
+*
+* DeniedComponent is passed instead of a pre-built element so that
+* DenySignal.data can be forwarded as the dangerouslyPassData prop
+* and the slot name can be passed as the slot prop. See TIM-488.
+*
+* redirect() in slot access.ts is a dev-mode error — redirecting from a
+* slot doesn't make architectural sense.
+*/
+async function SlotAccessGate(props) {
+	const { accessFn, DeniedComponent, slotName, createElement, defaultFallback, children } = props;
+	try {
+		await accessFn();
+	} catch (error) {
+		if (error instanceof DenySignal) return buildDeniedFallback(DeniedComponent, slotName, error.data, createElement) ?? defaultFallback ?? null;
+		if (error instanceof RedirectSignal) {
+			if (isDebug()) console.error("[timber] redirect() is not allowed in slot access.ts. Slots use deny() for graceful degradation — denied.tsx → default.tsx → null. If you need to redirect, move the logic to the parent segment's access.ts.");
+			return buildDeniedFallback(DeniedComponent, slotName, void 0, createElement) ?? defaultFallback ?? null;
+		}
+		if (isDebug()) console.warn("[timber] Unhandled error in slot access.ts. Use deny() for access control, not unhandled throws.", error);
+		throw error;
+	}
+	return children;
+}
+/**
+* Build the denied fallback element dynamically with DenySignal data.
+* Returns null if no DeniedComponent is available.
+*/
+function buildDeniedFallback(DeniedComponent, slotName, data, createElement) {
+	if (!DeniedComponent) return null;
+	return createElement(DeniedComponent, {
+		slot: slotName,
+		dangerouslyPassData: data
+	});
+}
+//#endregion
+//#region src/server/route-element-builder.ts
+/**
+* Thrown when a defineSegmentParams codec's parse() fails.
+* The pipeline catches this and responds with 404.
+*/
+var ParamCoercionError = class extends Error {
+	constructor(message) {
+		super(message);
+		this.name = "ParamCoercionError";
+	}
+};
+//#endregion
+//#region src/server/version-skew.ts
+/**
+* Version Skew Detection — graceful recovery when stale clients hit new deployments.
+*
+* When a new version of the app is deployed, clients with open tabs still have
+* the old JavaScript bundle. Without version skew handling, these stale clients
+* will experience:
+*
+* 1. Server action calls that crash (action IDs are content-hashed)
+* 2. Chunk load failures (old filenames gone from CDN)
+* 3. RSC payload mismatches (component references differ between builds)
+*
+* This module implements deployment ID comparison:
+* - A per-build deployment ID is generated at build time (see build-manifest.ts)
+* - The client sends it via `X-Timber-Deployment-Id` header on every RSC/action request
+* - The server compares it against the current build's ID
+* - On mismatch: signal the client to reload (not crash)
+*
+* The deployment ID is always-on in production. Dev mode skips the check
+* (HMR handles code updates without full reloads).
+*
+* See design/25-production-deployments.md, TIM-446
+*/
+/** Header sent by the client with every RSC/action request. */
+var DEPLOYMENT_ID_HEADER = "X-Timber-Deployment-Id";
+/** Response header that signals the client to do a full page reload. */
+var RELOAD_HEADER = "X-Timber-Reload";
+/**
+* The current build's deployment ID. Set at startup from the manifest init
+* module (globalThis.__TIMBER_DEPLOYMENT_ID__). Null in dev mode.
+*/
+var currentDeploymentId = null;
+/**
+* Check if a request's deployment ID matches the current build.
+*
+* Returns `{ ok: true }` when:
+* - Dev mode (no deployment ID set — HMR handles updates)
+* - No deployment ID header (initial page load, non-RSC request)
+* - Deployment IDs match
+*
+* Returns `{ ok: false }` when:
+* - Client sends a deployment ID that differs from the current build
+*/
+function checkVersionSkew(req) {
+	if (!currentDeploymentId) return {
+		ok: true,
+		clientId: null
+	};
+	const clientId = req.headers.get(DEPLOYMENT_ID_HEADER);
+	if (!clientId) return {
+		ok: true,
+		clientId: null
+	};
+	if (clientId === currentDeploymentId) return {
+		ok: true,
+		clientId
+	};
+	return {
+		ok: false,
+		clientId
+	};
+}
+/**
+* Apply version skew reload headers to a response.
+* Sets X-Timber-Reload: 1 to signal the client to do a full page reload.
+*/
+function applyReloadHeaders(headers) {
+	headers.set(RELOAD_HEADER, "1");
+}
+//#endregion
+//#region src/server/pipeline-metadata.ts
+/**
+* Metadata route helpers for the request pipeline.
+*
+* Handles serving static metadata files and serializing sitemap responses.
+* Extracted from pipeline.ts to keep files under 500 lines.
+*
+* See design/16-metadata.md §"Metadata Routes"
+*/
+/**
+* Content types that are text-based and should include charset=utf-8.
+* Binary formats (images) should not include charset.
+*/
+var TEXT_CONTENT_TYPES = new Set([
+	"application/xml",
+	"text/plain",
+	"application/json",
+	"application/manifest+json",
+	"image/svg+xml"
+]);
+/**
+* Serve a static metadata file by reading it from disk.
+*
+* Static metadata route files (.xml, .txt, .json, .png, .ico, .svg, etc.)
+* are served as-is with the appropriate Content-Type header.
+* Text files include charset=utf-8; binary files do not.
+*
+* See design/16-metadata.md §"Metadata Routes"
+*/
+async function serveStaticMetadataFile(metaMatch) {
+	const { contentType, file } = metaMatch;
+	const isText = TEXT_CONTENT_TYPES.has(contentType);
+	const body = await readFile(file.filePath);
+	const headers = {
+		"Content-Type": isText ? `${contentType}; charset=utf-8` : contentType,
+		"Content-Length": String(body.byteLength)
+	};
+	return new Response(body, {
+		status: 200,
+		headers
+	});
+}
+/**
+* Serialize a sitemap array to XML.
+* Follows the sitemap.org protocol: https://www.sitemaps.org/protocol.html
+*/
+function serializeSitemap(entries) {
+	return `<?xml version="1.0" encoding="UTF-8"?>\n<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">\n${entries.map((e) => {
+		let xml = `  <url>\n    <loc>${escapeXml(e.url)}</loc>`;
+		if (e.lastModified) {
+			const date = e.lastModified instanceof Date ? e.lastModified.toISOString() : e.lastModified;
+			xml += `\n    <lastmod>${escapeXml(date)}</lastmod>`;
+		}
+		if (e.changeFrequency) xml += `\n    <changefreq>${escapeXml(e.changeFrequency)}</changefreq>`;
+		if (e.priority !== void 0) xml += `\n    <priority>${e.priority}</priority>`;
+		xml += "\n  </url>";
+		return xml;
+	}).join("\n")}\n</urlset>`;
+}
+/** Escape special XML characters. */
+function escapeXml(str) {
+	return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&apos;");
+}
+//#endregion
+//#region src/server/pipeline-interception.ts
+/**
+* Interception route matching for the request pipeline.
+*
+* Matches target URLs against interception rewrites to support the
+* modal route pattern (soft navigation intercepts).
+*
+* Extracted from pipeline.ts to keep files under 500 lines.
+*
+* See design/07-routing.md §"Intercepting Routes"
+*/
+/**
+* Check if an intercepting route applies for this soft navigation.
+*
+* Matches the target pathname against interception rewrites, constrained
+* by the source URL (X-Timber-URL header — where the user navigates FROM).
+*
+* Returns the source pathname to re-match if interception applies, or null.
+*/
+function findInterceptionMatch(targetPathname, sourceUrl, rewrites) {
+	for (const rewrite of rewrites) {
+		if (!sourceUrl.startsWith(rewrite.interceptingPrefix)) continue;
+		if (pathnameMatchesPattern(targetPathname, rewrite.interceptedPattern)) return { sourcePathname: rewrite.interceptingPrefix };
+	}
+	return null;
+}
+/**
+* Check if a pathname matches a URL pattern with dynamic segments.
+*
+* Supports [param] (single segment) and [...param] (one or more segments).
+* Static segments must match exactly.
+*/
+function pathnameMatchesPattern(pathname, pattern) {
+	const pathParts = pathname === "/" ? [] : pathname.slice(1).split("/");
+	const patternParts = pattern === "/" ? [] : pattern.slice(1).split("/");
+	let pi = 0;
+	for (let i = 0; i < patternParts.length; i++) {
+		const seg = classifyUrlSegment(patternParts[i]);
+		switch (seg.kind) {
+			case "catch-all": return pi < pathParts.length;
+			case "optional-catch-all": return true;
+			case "dynamic":
+				if (pi >= pathParts.length) return false;
+				pi++;
+				continue;
+			case "static":
+				if (pi >= pathParts.length || pathParts[pi] !== seg.value) return false;
+				pi++;
+				continue;
+		}
+	}
+	return pi === pathParts.length;
+}
+//#endregion
+//#region src/server/pipeline.ts
+/**
+* Request pipeline — the central dispatch for all timber.js requests.
+*
+* Pipeline stages (in order):
+*   proxy.ts → canonicalize → route match → 103 Early Hints → middleware.ts → render
+*
+* Each stage is a pure function or returns a Response to short-circuit.
+* Each request gets a trace ID, structured logging, and OTEL spans.
+*
+* See design/07-routing.md §"Request Lifecycle", design/02-rendering-pipeline.md §"Request Flow",
+* and design/17-logging.md §"Production Logging"
+*/
+/** Keys that must never be merged via Object.assign — they pollute Object.prototype. */
+var DANGEROUS_KEYS = new Set([
+	"__proto__",
+	"constructor",
+	"prototype"
+]);
+/**
+* Shallow merge that skips prototype-polluting keys.
+*
+* Used instead of Object.assign when the source object comes from
+* user-authored codec output (segmentParams.parse), which could
+* contain __proto__, constructor, or prototype keys.
+*
+* See TIM-655, design/13-security.md
+*/
+function safeMerge(target, source) {
+	for (const key of Object.keys(source)) if (!DANGEROUS_KEYS.has(key)) target[key] = source[key];
+}
+/**
+* Run segment param coercion on the matched route's segments.
+*
+* Loads params.ts modules from segments that have them, extracts the
+* segmentParams definition, and coerces raw string params through codecs.
+* Throws ParamCoercionError if any codec fails (→ 404).
+*
+* This runs BEFORE middleware, so ctx.segmentParams is already typed.
+* See design/07-routing.md §"Where Coercion Runs"
+*/
+async function coerceSegmentParams(match) {
+	const segments = match.segments;
+	for (const segment of segments) {
+		if (!segment.params) continue;
+		let mod;
+		try {
+			mod = await loadModule(segment.params);
+		} catch (err) {
+			throw new ParamCoercionError(`Failed to load params module for segment "${segment.segmentName}": ${err instanceof Error ? err.message : String(err)}`);
+		}
+		const segmentParamsDef = mod.segmentParams;
+		if (!segmentParamsDef || typeof segmentParamsDef.parse !== "function") continue;
+		try {
+			const coerced = segmentParamsDef.parse(match.segmentParams);
+			safeMerge(match.segmentParams, coerced);
+		} catch (err) {
+			throw new ParamCoercionError(err instanceof Error ? err.message : String(err));
+		}
+	}
+}
+/**
+* Create the request handler from a pipeline configuration.
+*
+* Returns a function that processes an incoming Request through all pipeline stages
+* and produces a Response. This is the top-level entry point for the server.
+*/
+function createPipeline(config) {
+	const { proxy, matchRoute, render, earlyHints, stripTrailingSlash = true, slowRequestMs = 3e3, serverTiming = "total", onPipelineError } = config;
+	let activeRequests = 0;
+	return async (req) => {
+		const url = new URL(req.url);
+		const method = req.method;
+		const path = url.pathname;
+		const startTime = performance.now();
+		activeRequests++;
+		return runWithTraceId(generateTraceId(), async () => {
+			return runWithRequestContext(req, async () => {
+				const runRequest = async () => {
+					logRequestReceived({
+						method,
+						path
+					});
+					const response = await withSpan("http.server.request", {
+						"http.request.method": method,
+						"url.path": path
+					}, async () => {
+						const otelIds = await getOtelTraceId();
+						if (otelIds) replaceTraceId(otelIds.traceId, otelIds.spanId);
+						let result;
+						if (proxy || config.proxyLoader) result = await runProxyPhase(req, method, path);
+						else result = await handleRequest(req, method, path);
+						await setSpanAttribute("http.response.status_code", result.status);
+						if (serverTiming === "detailed") {
+							const timingHeader = getServerTimingHeader();
+							if (timingHeader) {
+								result = ensureMutableResponse(result);
+								result.headers.set("Server-Timing", timingHeader);
+							}
+						} else if (serverTiming === "total") {
+							const totalMs = Math.round(performance.now() - startTime);
+							result = ensureMutableResponse(result);
+							result.headers.set("Server-Timing", `total;dur=${totalMs}`);
+						}
+						return result;
+					});
+					const durationMs = Math.round(performance.now() - startTime);
+					const status = response.status;
+					const concurrency = activeRequests;
+					activeRequests--;
+					logRequestCompleted({
+						method,
+						path,
+						status,
+						durationMs,
+						concurrency
+					});
+					if (slowRequestMs > 0 && durationMs > slowRequestMs) logSlowRequest({
+						method,
+						path,
+						durationMs,
+						threshold: slowRequestMs,
+						concurrency
+					});
+					return response;
+				};
+				return serverTiming === "detailed" ? runWithTimingCollector(runRequest) : runRequest();
+			});
+		});
+	};
+	async function runProxyPhase(req, method, path) {
+		try {
+			let proxyExport;
+			if (config.proxyLoader) proxyExport = (await config.proxyLoader()).default;
+			else proxyExport = config.proxy;
+			const proxyFn = () => runProxy(proxyExport, req, () => handleRequest(req, method, path));
+			return await withSpan("timber.proxy", {}, () => serverTiming === "detailed" ? withTiming("proxy", "proxy.ts", proxyFn) : proxyFn());
+		} catch (error) {
+			logProxyError({ error });
+			await fireOnRequestError(error, req, "proxy");
+			if (onPipelineError && error instanceof Error) onPipelineError(error, "proxy");
+			return new Response(null, { status: 500 });
+		}
+	}
+	/**
+	* Build a redirect Response from a RedirectSignal.
+	*
+	* For RSC payload requests (client navigation), returns 204 + X-Timber-Redirect
+	* so the client router can perform a soft SPA redirect. A raw 302 would be
+	* turned into an opaque redirect by fetch({redirect:'manual'}), crashing
+	* createFromFetch. See design/19-client-navigation.md.
+	*/
+	function buildRedirectResponse(signal, req, headers) {
+		if ((req.headers.get("Accept") ?? "").includes("text/x-component")) {
+			headers.set("X-Timber-Redirect", signal.location);
+			return new Response(null, {
+				status: 204,
+				headers
+			});
+		}
+		headers.set("Location", signal.location);
+		return new Response(null, {
+			status: signal.status,
+			headers
+		});
+	}
+	async function handleRequest(req, method, path) {
+		const result = canonicalize(new URL(req.url).pathname, stripTrailingSlash);
+		if (!result.ok) return new Response(null, { status: result.status });
+		const canonicalPathname = result.pathname;
+		if (config.matchMetadataRoute) {
+			const metaMatch = config.matchMetadataRoute(canonicalPathname);
+			if (metaMatch) try {
+				if (metaMatch.isStatic) return await serveStaticMetadataFile(metaMatch);
+				const mod = await loadModule(metaMatch.file);
+				if (typeof mod.default !== "function") return new Response("Metadata route must export a default function", { status: 500 });
+				const handlerResult = await mod.default();
+				if (handlerResult instanceof Response) return handlerResult;
+				const contentType = metaMatch.contentType;
+				let body;
+				if (typeof handlerResult === "string") body = handlerResult;
+				else if (contentType === "application/xml") body = serializeSitemap(handlerResult);
+				else if (contentType === "application/manifest+json") body = JSON.stringify(handlerResult, null, 2);
+				else body = typeof handlerResult === "string" ? handlerResult : String(handlerResult);
+				return new Response(body, {
+					status: 200,
+					headers: { "Content-Type": `${contentType}; charset=utf-8` }
+				});
+			} catch (error) {
+				logRenderError({
+					method,
+					path,
+					error
+				});
+				if (onPipelineError && error instanceof Error) onPipelineError(error, "metadata-route");
+				return new Response(null, { status: 500 });
+			}
+		}
+		if (config.autoSitemapHandler) try {
+			const sitemapResponse = await config.autoSitemapHandler(canonicalPathname);
+			if (sitemapResponse) return sitemapResponse;
+		} catch (error) {
+			logRenderError({
+				method,
+				path,
+				error
+			});
+			if (onPipelineError && error instanceof Error) onPipelineError(error, "auto-sitemap");
+			return new Response(null, { status: 500 });
+		}
+		if ((req.headers.get("Accept") ?? "").includes("text/x-component")) {
+			if (!checkVersionSkew(req).ok) {
+				const reloadHeaders = new Headers();
+				applyReloadHeaders(reloadHeaders);
+				return new Response(null, {
+					status: 204,
+					headers: reloadHeaders
+				});
+			}
+		}
+		let match = matchRoute(canonicalPathname);
+		let interception;
+		const sourceUrl = req.headers.get("X-Timber-URL");
+		if (sourceUrl && config.interceptionRewrites?.length) {
+			const intercepted = findInterceptionMatch(canonicalPathname, sourceUrl, config.interceptionRewrites);
+			if (intercepted) {
+				const sourceMatch = matchRoute(intercepted.sourcePathname);
+				if (sourceMatch) {
+					match = sourceMatch;
+					interception = { targetPathname: canonicalPathname };
+				}
+			}
+		}
+		if (!match) {
+			if (config.renderNoMatch) {
+				const responseHeaders = new Headers();
+				return config.renderNoMatch(req, responseHeaders);
+			}
+			return new Response(null, { status: 404 });
+		}
+		const responseHeaders = new Headers();
+		const requestHeaderOverlay = new Headers();
+		responseHeaders.set("Cache-Control", "private, no-cache, no-store, max-age=0, must-revalidate");
+		if (earlyHints) try {
+			await earlyHints(match, req, responseHeaders);
+		} catch {}
+		try {
+			await coerceSegmentParams(match);
+		} catch (error) {
+			if (error instanceof ParamCoercionError) {
+				const leafSegment = match.segments[match.segments.length - 1];
+				if (leafSegment.route && !leafSegment.page) return new Response(null, { status: 404 });
+				if (config.renderNoMatch) return config.renderNoMatch(req, responseHeaders);
+				return new Response(null, { status: 404 });
+			}
+			throw error;
+		}
+		setSegmentParams(match.segmentParams);
+		if (match.middlewareChain.length > 0) {
+			const ctx = {
+				req,
+				requestHeaders: requestHeaderOverlay,
+				headers: responseHeaders,
+				segmentParams: match.segmentParams,
+				earlyHints: (hints) => {
+					for (const hint of hints) {
+						let value;
+						if (hint.as !== void 0) value = `<${hint.href}>; as=${hint.as}; rel=${hint.rel}`;
+						else value = `<${hint.href}>; rel=${hint.rel}`;
+						if (hint.crossOrigin !== void 0) value += `; crossorigin=${hint.crossOrigin}`;
+						if (hint.fetchPriority !== void 0) value += `; fetchpriority=${hint.fetchPriority}`;
+						responseHeaders.append("Link", value);
+					}
+				}
+			};
+			try {
+				setMutableCookieContext(true);
+				const chainFn = () => runMiddlewareChain(match.middlewareChain, ctx);
+				const middlewareResponse = await withSpan("timber.middleware", {}, () => serverTiming === "detailed" ? withTiming("mw", "middleware.ts", chainFn) : chainFn());
+				setMutableCookieContext(false);
+				if (middlewareResponse) {
+					const finalResponse = ensureMutableResponse(middlewareResponse);
+					applyCookieJar(finalResponse.headers);
+					const existingKeys = new Set([...finalResponse.headers.keys()].map((k) => k.toLowerCase()));
+					for (const [key, value] of responseHeaders.entries()) if (!existingKeys.has(key.toLowerCase())) finalResponse.headers.append(key, value);
+					logMiddlewareShortCircuit({
+						method,
+						path,
+						status: finalResponse.status
+					});
+					return finalResponse;
+				}
+				applyRequestHeaderOverlay(requestHeaderOverlay);
+			} catch (error) {
+				setMutableCookieContext(false);
+				if (error instanceof RedirectSignal) {
+					applyCookieJar(responseHeaders);
+					return buildRedirectResponse(error, req, responseHeaders);
+				}
+				if (error instanceof DenySignal) {
+					applyCookieJar(responseHeaders);
+					if (config.renderDenyFallback) try {
+						return await config.renderDenyFallback(error, req, responseHeaders);
+					} catch {}
+					return new Response(null, {
+						status: error.status,
+						headers: responseHeaders
+					});
+				}
+				logMiddlewareError({
+					method,
+					path,
+					error
+				});
+				await fireOnRequestError(error, req, "handler");
+				if (onPipelineError && error instanceof Error) onPipelineError(error, "middleware");
+				return new Response(null, { status: 500 });
+			}
+		}
+		applyCookieJar(responseHeaders);
+		try {
+			const renderFn = () => render(req, match, responseHeaders, requestHeaderOverlay, interception);
+			const response = await withSpan("timber.render", { "http.route": canonicalPathname }, () => serverTiming === "detailed" ? withTiming("render", "RSC + SSR render", renderFn) : renderFn());
+			markResponseFlushed();
+			return response;
+		} catch (error) {
+			if (error instanceof DenySignal) {
+				if (config.renderDenyFallback) try {
+					return await config.renderDenyFallback(error, req, responseHeaders);
+				} catch {}
+				return new Response(null, {
+					status: error.status,
+					headers: responseHeaders
+				});
+			}
+			if (error instanceof RedirectSignal) return buildRedirectResponse(error, req, responseHeaders);
+			logRenderError({
+				method,
+				path,
+				error
+			});
+			await fireOnRequestError(error, req, "render");
+			if (onPipelineError && error instanceof Error) onPipelineError(error, "render");
+			if (config.renderFallbackError) try {
+				return await config.renderFallbackError(error, req, responseHeaders);
+			} catch {}
+			return new Response(null, { status: 500 });
+		}
+	}
+}
+/**
+* Fire the user's onRequestError hook with request context.
+* Extracts request info from the Request object and calls the instrumentation hook.
+*/
+async function fireOnRequestError(error, req, phase) {
+	const url = new URL(req.url);
+	const headersObj = {};
+	req.headers.forEach((v, k) => {
+		headersObj[k] = v;
+	});
+	await callOnRequestError(error, {
+		method: req.method,
+		path: url.pathname,
+		headers: headersObj
+	}, {
+		phase,
+		routePath: url.pathname,
+		routeType: "page",
+		traceId: getTraceId()
+	});
+}
+/**
+* Apply all Set-Cookie headers from the cookie jar to a Headers object.
+* Each cookie gets its own Set-Cookie header per RFC 6265 §4.1.
+*/
+function applyCookieJar(headers) {
+	for (const value of getSetCookieHeaders()) headers.append("Set-Cookie", value);
+}
+/**
+* Ensure a Response has mutable headers so the pipeline can safely append
+* Set-Cookie and Server-Timing entries.
+*
+* `Response.redirect()` and some platform-level responses return objects
+* with immutable headers. Calling `.set()` or `.append()` on them throws
+* `TypeError: immutable`. This helper detects the immutable case by
+* attempting a no-op write and, on failure, clones into a fresh Response
+* with mutable headers.
+*/
+function ensureMutableResponse(response) {
+	try {
+		response.headers.set("X-Timber-Probe", "1");
+		response.headers.delete("X-Timber-Probe");
+		return response;
+	} catch {
+		return new Response(response.body, {
+			status: response.status,
+			statusText: response.statusText,
+			headers: new Headers(response.headers)
+		});
+	}
+}
+//#endregion
+//#region src/server/build-manifest.ts
+/**
+* Collect all CSS files needed for a matched route's segment chain.
+*
+* Walks segments root → leaf, collecting CSS for each layout and page.
+* Deduplicates while preserving order (root layout CSS first).
+*/
+function collectRouteCss(segments, manifest) {
+	const seen = /* @__PURE__ */ new Set();
+	const result = [];
+	for (const segment of segments) for (const file of [segment.layout, segment.page]) {
+		if (!file) continue;
+		const cssFiles = manifest.css[file.filePath];
+		if (!cssFiles) continue;
+		for (const url of cssFiles) if (!seen.has(url)) {
+			seen.add(url);
+			result.push(url);
+		}
+	}
+	return result;
+}
+/**
+* Collect all font entries needed for a matched route's segment chain.
+*
+* Walks segments root → leaf, collecting fonts for each layout and page.
+* Deduplicates by href while preserving order.
+*/
+function collectRouteFonts(segments, manifest) {
+	const seen = /* @__PURE__ */ new Set();
+	const result = [];
+	for (const segment of segments) for (const file of [segment.layout, segment.page]) {
+		if (!file) continue;
+		const fonts = manifest.fonts[file.filePath];
+		if (!fonts) continue;
+		for (const entry of fonts) if (!seen.has(entry.href)) {
+			seen.add(entry.href);
+			result.push(entry);
+		}
+	}
+	return result;
+}
+/**
+* Collect modulepreload URLs for a matched route's segment chain.
+*
+* Walks segments root → leaf, collecting transitive JS dependencies
+* for each layout and page. Deduplicates across segments.
+*/
+function collectRouteModulepreloads(segments, manifest) {
+	const seen = /* @__PURE__ */ new Set();
+	const result = [];
+	for (const segment of segments) for (const file of [segment.layout, segment.page]) {
+		if (!file) continue;
+		const preloads = manifest.modulepreload[file.filePath];
+		if (!preloads) continue;
+		for (const url of preloads) if (!seen.has(url)) {
+			seen.add(url);
+			result.push(url);
+		}
+	}
+	return result;
+}
+//#endregion
+//#region src/server/early-hints.ts
+/**
+* 103 Early Hints utilities.
+*
+* Early Hints are sent before the final response to let the browser
+* start fetching critical resources (CSS, fonts, JS) while the server
+* is still rendering.
+*
+* The framework collects hints from two sources:
+* 1. Build manifest — CSS, fonts, and JS chunks known at route-match time
+* 2. ctx.earlyHints() — explicit hints added by middleware or route handlers
+*
+* Both are emitted as Link headers. Cloudflare CDN automatically converts
+* Link headers into 103 Early Hints responses.
+*
+* Design docs: 02-rendering-pipeline.md §"Early Hints (103)"
+*/
+/**
+* Format a single EarlyHint as a Link header value.
+*
+* Attribute order: `as` before `rel` to match Cloudflare CDN's cached
+* Early Hints format. Cloudflare caches Link headers from 200 responses
+* and re-emits them as 103 Early Hints on subsequent requests. If our
+* attribute order differs from Cloudflare's cached copy, the browser
+* sees two preload headers for the same URL (different attribute order)
+* and warns "Preload was ignored." Matching the order ensures the
+* browser deduplicates them correctly.
+*
+* Examples:
+*   `</styles/root.css>; as=style; rel=preload`
+*   `</fonts/inter.woff2>; as=font; rel=preload; crossorigin=anonymous`
+*   `</_timber/client.js>; rel=modulepreload`
+*   `<https://fonts.googleapis.com>; rel=preconnect`
+*/
+function formatLinkHeader(hint) {
+	if (hint.as !== void 0) {
+		let value = `<${hint.href}>; as=${hint.as}; rel=${hint.rel}`;
+		if (hint.crossOrigin !== void 0) value += `; crossorigin=${hint.crossOrigin}`;
+		if (hint.fetchPriority !== void 0) value += `; fetchpriority=${hint.fetchPriority}`;
+		return value;
+	}
+	let value = `<${hint.href}>; rel=${hint.rel}`;
+	if (hint.crossOrigin !== void 0) value += `; crossorigin=${hint.crossOrigin}`;
+	if (hint.fetchPriority !== void 0) value += `; fetchpriority=${hint.fetchPriority}`;
+	return value;
+}
+/**
+* Collect all Link header strings for a matched route's segment chain.
+*
+* Walks the build manifest to emit hints for:
+* - CSS stylesheets (as=style; rel=preload)
+* - Font assets (as=font; rel=preload; crossorigin)
+* - JS modulepreload hints (rel=modulepreload) — unless skipJs is set
+*
+* Also emits global CSS from the `_global` manifest key. Route files
+* are server components that don't appear in the client bundle, so
+* per-route CSS keying doesn't work with the RSC plugin. The `_global`
+* key contains all CSS assets from the client build — fine for early
+* hints since they're just prefetch signals.
+*
+* Returns formatted Link header strings, deduplicated by URL, root → leaf order.
+* Returns an empty array in dev mode (manifest is empty).
+*/
+function collectEarlyHintHeaders(segments, manifest, options) {
+	const result = [];
+	const seenUrls = /* @__PURE__ */ new Set();
+	const add = (url, header) => {
+		if (!seenUrls.has(url)) {
+			seenUrls.add(url);
+			result.push(header);
+		}
+	};
+	for (const url of collectRouteCss(segments, manifest)) add(url, formatLinkHeader({
+		href: url,
+		rel: "preload",
+		as: "style"
+	}));
+	for (const url of manifest.css["_global"] ?? []) add(url, formatLinkHeader({
+		href: url,
+		rel: "preload",
+		as: "style"
+	}));
+	for (const font of collectRouteFonts(segments, manifest)) add(font.href, formatLinkHeader({
+		href: font.href,
+		rel: "preload",
+		as: "font",
+		crossOrigin: "anonymous"
+	}));
+	if (!options?.skipJs) for (const url of collectRouteModulepreloads(segments, manifest)) add(url, formatLinkHeader({
+		href: url,
+		rel: "modulepreload"
+	}));
+	return result;
+}
+//#endregion
+//#region src/server/early-hints-sender.ts
+/**
+* Per-request 103 Early Hints sender — ALS bridge for platform adapters.
+*
+* The pipeline collects Link headers for CSS, fonts, and JS chunks at
+* route-match time. On platforms that support it (Node.js v18.11+, Bun),
+* the adapter can send these as a 103 Early Hints interim response before
+* the final response is ready.
+*
+* This module provides an ALS-based bridge: the generated entry point
+* (e.g., the Nitro entry) wraps the handler with `runWithEarlyHintsSender`,
+* binding a per-request sender function. The pipeline calls
+* `sendEarlyHints103()` to fire the 103 if a sender is available.
+*
+* On platforms where 103 is handled at the CDN level (e.g., Cloudflare
+* converts Link headers into 103 automatically), no sender is installed
+* and `sendEarlyHints103()` is a no-op.
+*
+* Design doc: 02-rendering-pipeline.md §"Early Hints (103)"
+*/
+/**
+* Run a function with a per-request early hints sender installed.
+*
+* Called by generated entry points (e.g., Nitro node-server/bun) to
+* bind the platform's writeEarlyHints capability for the request duration.
+*/
+function runWithEarlyHintsSender(sender, fn) {
+	return earlyHintsSenderAls.run(sender, fn);
+}
+/**
+* Send collected Link headers as a 103 Early Hints response.
+*
+* No-op if no sender is installed for the current request (e.g., on
+* Cloudflare where the CDN handles 103 automatically, or in dev mode).
+*
+* Non-fatal: errors from the sender are caught and silently ignored.
+*/
+function sendEarlyHints103(links) {
+	if (!links.length) return;
+	const sender = earlyHintsSenderAls.getStore();
+	if (!sender) return;
+	try {
+		sender(links);
+	} catch {}
+}
+//#endregion
+//#region src/server/tree-builder.ts
+/**
+* Build the unified element tree from a matched segment chain.
+*
+* Construction is bottom-up:
+*   1. Start with the page component (leaf segment)
+*   2. Wrap in status-code error boundaries (fallback chain)
+*   3. Wrap in AccessGate (if segment has access.ts)
+*   4. Pass as children to the segment's layout
+*   5. Repeat up the segment chain to root
+*
+* Parallel slots are resolved at each layout level and composed as named props.
+*/
+async function buildElementTree(config) {
+	const { segments, loadModule, createElement, errorBoundaryComponent } = config;
+	if (segments.length === 0) throw new Error("[timber] buildElementTree: empty segment chain");
+	const leaf = segments[segments.length - 1];
+	if (leaf.route && !leaf.page) return {
+		tree: null,
+		isApiRoute: true
+	};
+	const PageComponent = (leaf.page ? await loadModule(leaf.page) : null)?.default;
+	if (!PageComponent) throw new Error(`[timber] No page component found for route at ${leaf.urlPath}. Each route must have a page.tsx or route.ts.`);
+	let element = createElement(PageComponent, {});
+	for (let i = segments.length - 1; i >= 0; i--) {
+		const segment = segments[i];
+		element = await wrapWithErrorBoundaries(segment, element, loadModule, createElement, errorBoundaryComponent);
+		if (segment.access) {
+			const accessFn = (await loadModule(segment.access)).default;
+			element = createElement("timber:access-gate", {
+				accessFn,
+				segmentName: segment.segmentName,
+				children: element
+			});
+		}
+		if (segment.layout) {
+			const LayoutComponent = (await loadModule(segment.layout)).default;
+			if (LayoutComponent) {
+				const slotProps = {};
+				if (segment.slots.size > 0) for (const [slotName, slotNode] of segment.slots) slotProps[slotName] = await buildSlotElement(slotNode, loadModule, createElement, errorBoundaryComponent);
+				element = createElement(LayoutComponent, {
+					...slotProps,
+					children: element
+				});
+			}
+		}
+	}
+	return {
+		tree: element,
+		isApiRoute: false
+	};
+}
+/**
+* Build the element tree for a parallel slot.
+*
+* Slots have their own access.ts (SlotAccessGate) and error boundaries.
+* On access denial: denied.tsx → default.tsx → null (graceful degradation).
+*/
+async function buildSlotElement(slotNode, loadModule, createElement, errorBoundaryComponent) {
+	const PageComponent = (slotNode.page ? await loadModule(slotNode.page) : null)?.default;
+	const DefaultComponent = (slotNode.default ? await loadModule(slotNode.default) : null)?.default;
+	if (!PageComponent) return DefaultComponent ? createElement(DefaultComponent, {}) : null;
+	let element = createElement(PageComponent, {});
+	element = await wrapWithErrorBoundaries(slotNode, element, loadModule, createElement, errorBoundaryComponent);
+	if (slotNode.access) {
+		const accessFn = (await loadModule(slotNode.access)).default;
+		const DeniedComponent = (slotNode.denied ? await loadModule(slotNode.denied) : null)?.default ?? null;
+		const defaultFallback = DefaultComponent ? createElement(DefaultComponent, {}) : null;
+		element = createElement("timber:slot-access-gate", {
+			accessFn,
+			DeniedComponent,
+			slotName: slotNode.segmentName.replace(/^@/, ""),
+			createElement,
+			defaultFallback,
+			children: element
+		});
+	}
+	return element;
+}
+/** MDX/markdown extensions — these are server components that cannot be passed as function props. */
+var MDX_EXTENSIONS = new Set(["mdx", "md"]);
+/**
+* Check if a route file is an MDX/markdown file based on its extension.
+* MDX components are server components by default and cannot cross the
+* RSC→client boundary as function props. They must be pre-rendered as
+* elements and passed as fallbackElement instead of fallbackComponent.
+*/
+function isMdxFile(file) {
+	return MDX_EXTENSIONS.has(file.extension);
+}
+/**
+* Wrap an element with error boundaries from a segment's status-code files.
+*
+* Wrapping order (innermost to outermost):
+*   1. Specific status files (503.tsx, 429.tsx, etc.)
+*   2. Category catch-alls (4xx.tsx, 5xx.tsx)
+*   3. error.tsx (general error boundary)
+*
+* This creates the fallback chain described in design/10-error-handling.md.
+*
+* MDX status files are server components and cannot be passed as function
+* props to TimberErrorBoundary (a 'use client' component). Instead, they
+* are pre-rendered as elements and passed as fallbackElement. The error
+* boundary renders the element directly when an error is caught.
+* See TIM-503.
+*/
+async function wrapWithErrorBoundaries(segment, element, loadModule, createElement, errorBoundaryComponent) {
+	if (segment.statusFiles) {
+		for (const [key, file] of segment.statusFiles) if (key !== "4xx" && key !== "5xx") {
+			const status = parseInt(key, 10);
+			if (!isNaN(status)) {
+				const Component = (await loadModule(file)).default;
+				if (Component) element = createElement(errorBoundaryComponent, isMdxFile(file) ? {
+					fallbackElement: createElement(Component, { status }),
+					status,
+					children: element
+				} : {
+					fallbackComponent: Component,
+					status,
+					children: element
+				});
+			}
+		}
+		for (const [key, file] of segment.statusFiles) if (key === "4xx" || key === "5xx") {
+			const Component = (await loadModule(file)).default;
+			if (Component) {
+				const categoryStatus = key === "4xx" ? 400 : 500;
+				element = createElement(errorBoundaryComponent, isMdxFile(file) ? {
+					fallbackElement: createElement(Component, {}),
+					status: categoryStatus,
+					children: element
+				} : {
+					fallbackComponent: Component,
+					status: categoryStatus,
+					children: element
+				});
+			}
+		}
+	}
+	if (segment.error) {
+		const ErrorComponent = (await loadModule(segment.error)).default;
+		if (ErrorComponent) element = createElement(errorBoundaryComponent, isMdxFile(segment.error) ? {
+			fallbackElement: createElement(ErrorComponent, {}),
+			children: element
+		} : {
+			fallbackComponent: ErrorComponent,
+			children: element
+		});
+	}
+	return element;
+}
+//#endregion
+//#region src/server/status-code-resolver.ts
+/**
+* Maps legacy file convention names to their corresponding HTTP status codes.
+* Only used in the 4xx component fallback chain.
+*/
+var LEGACY_FILE_TO_STATUS = {
+	"not-found": 404,
+	"forbidden": 403,
+	"unauthorized": 401
+};
+/**
+* Resolve the status-code file to render for a given HTTP status code.
+*
+* Walks the segment chain from leaf to root following the fallback chain
+* defined in design/10-error-handling.md. Returns null if no file is found
+* (caller should render the framework default).
+*
+* @param status - The HTTP status code (4xx or 5xx).
+* @param segments - The matched segment chain from root (index 0) to leaf (last).
+* @param format - The response format family ('component' or 'json'). Defaults to 'component'.
+*/
+function resolveStatusFile(status, segments, format = "component") {
+	if (status >= 400 && status <= 499) return format === "json" ? resolve4xxJson(status, segments) : resolve4xx(status, segments);
+	if (status >= 500 && status <= 599) return format === "json" ? resolve5xxJson(status, segments) : resolve5xx(status, segments);
+	return null;
+}
+/**
+* 4xx component fallback chain (three separate passes):
+*   Pass 1 — status files (leaf → root): {status}.tsx → 4xx.tsx
+*   Pass 2 — legacy compat (leaf → root): not-found.tsx / forbidden.tsx / unauthorized.tsx
+*   Pass 3 — error.tsx (leaf → root)
+*/
+function resolve4xx(status, segments) {
+	const statusStr = String(status);
+	for (let i = segments.length - 1; i >= 0; i--) {
+		const segment = segments[i];
+		if (!segment.statusFiles) continue;
+		const exact = segment.statusFiles.get(statusStr);
+		if (exact) return {
+			file: exact,
+			status,
+			kind: "exact",
+			segmentIndex: i
+		};
+		const category = segment.statusFiles.get("4xx");
+		if (category) return {
+			file: category,
+			status,
+			kind: "category",
+			segmentIndex: i
+		};
+	}
+	for (let i = segments.length - 1; i >= 0; i--) {
+		const segment = segments[i];
+		if (!segment.legacyStatusFiles) continue;
+		for (const [name, legacyStatus] of Object.entries(LEGACY_FILE_TO_STATUS)) if (legacyStatus === status) {
+			const file = segment.legacyStatusFiles.get(name);
+			if (file) return {
+				file,
+				status,
+				kind: "legacy",
+				segmentIndex: i
+			};
+		}
+	}
+	for (let i = segments.length - 1; i >= 0; i--) if (segments[i].error) return {
+		file: segments[i].error,
+		status,
+		kind: "error",
+		segmentIndex: i
+	};
+	return null;
+}
+/**
+* 4xx JSON fallback chain (single pass):
+*   Pass 1 — json status files (leaf → root): {status}.json → 4xx.json
+*   No legacy compat, no error.tsx — JSON chain terminates at category catch-all.
+*/
+function resolve4xxJson(status, segments) {
+	const statusStr = String(status);
+	for (let i = segments.length - 1; i >= 0; i--) {
+		const segment = segments[i];
+		if (!segment.jsonStatusFiles) continue;
+		const exact = segment.jsonStatusFiles.get(statusStr);
+		if (exact) return {
+			file: exact,
+			status,
+			kind: "exact",
+			segmentIndex: i
+		};
+		const category = segment.jsonStatusFiles.get("4xx");
+		if (category) return {
+			file: category,
+			status,
+			kind: "category",
+			segmentIndex: i
+		};
+	}
+	return null;
+}
+/**
+* 5xx component fallback chain (single pass, per-segment):
+*   At each segment (leaf → root): {status}.tsx → 5xx.tsx → error.tsx
+*/
+function resolve5xx(status, segments) {
+	const statusStr = String(status);
+	for (let i = segments.length - 1; i >= 0; i--) {
+		const segment = segments[i];
+		if (segment.statusFiles) {
+			const exact = segment.statusFiles.get(statusStr);
+			if (exact) return {
+				file: exact,
+				status,
+				kind: "exact",
+				segmentIndex: i
+			};
+			const category = segment.statusFiles.get("5xx");
+			if (category) return {
+				file: category,
+				status,
+				kind: "category",
+				segmentIndex: i
+			};
+		}
+		if (segment.error) return {
+			file: segment.error,
+			status,
+			kind: "error",
+			segmentIndex: i
+		};
+	}
+	return null;
+}
+/**
+* 5xx JSON fallback chain (single pass):
+*   At each segment (leaf → root): {status}.json → 5xx.json
+*   No error.tsx equivalent — JSON chain terminates at category catch-all.
+*/
+function resolve5xxJson(status, segments) {
+	const statusStr = String(status);
+	for (let i = segments.length - 1; i >= 0; i--) {
+		const segment = segments[i];
+		if (!segment.jsonStatusFiles) continue;
+		const exact = segment.jsonStatusFiles.get(statusStr);
+		if (exact) return {
+			file: exact,
+			status,
+			kind: "exact",
+			segmentIndex: i
+		};
+		const category = segment.jsonStatusFiles.get("5xx");
+		if (category) return {
+			file: category,
+			status,
+			kind: "category",
+			segmentIndex: i
+		};
+	}
+	return null;
+}
+/**
+* Resolve the denial file for a parallel route slot.
+*
+* Slot denial is graceful degradation — no HTTP status on the wire.
+* Fallback chain: denied.tsx → default.tsx → null.
+*
+* @param slotNode - The segment node for the slot (segmentType === 'slot').
+*/
+function resolveSlotDenied(slotNode) {
+	const slotName = slotNode.segmentName.replace(/^@/, "");
+	if (slotNode.denied) return {
+		file: slotNode.denied,
+		slotName,
+		kind: "denied"
+	};
+	if (slotNode.default) return {
+		file: slotNode.default,
+		slotName,
+		kind: "default"
+	};
+	return null;
+}
+//#endregion
+//#region src/server/flush.ts
+/**
+* Flush controller for timber.js rendering.
+*
+* Holds the response until `onShellReady` fires, then commits the HTTP status
+* code and flushes the shell. Render-phase signals (deny, redirect, unhandled
+* throws) caught before flush produce correct HTTP status codes.
+*
+* See design/02-rendering-pipeline.md §"The Flush Point" and §"The Hold Window"
+*/
+/**
+* Execute a render and hold the response until the shell is ready.
+*
+* The flush controller:
+* 1. Calls the render function to start renderToReadableStream
+* 2. Waits for shellReady (onShellReady)
+* 3. If a render-phase signal was thrown (deny, redirect, error), produces
+*    the correct HTTP status code
+* 4. If the shell rendered successfully, commits the status and streams
+*
+* Render-phase signals caught before flush:
+* - `DenySignal` → HTTP 4xx with appropriate status code
+* - `RedirectSignal` → HTTP 3xx with Location header
+* - `RenderError` → HTTP status from error (default 500)
+* - Unhandled error → HTTP 500
+*
+* @param renderFn - Function that starts the React render.
+* @param options - Flush configuration.
+* @returns The committed HTTP Response.
+*/
+async function flushResponse(renderFn, options = {}) {
+	const { responseHeaders = new Headers(), defaultStatus = 200 } = options;
+	let renderResult;
+	try {
+		renderResult = await renderFn();
+	} catch (error) {
+		return handleSignal(error, responseHeaders);
+	}
+	try {
+		await renderResult.shellReady;
+	} catch (error) {
+		return handleSignal(error, responseHeaders);
+	}
+	responseHeaders.set("Content-Type", "text/html; charset=utf-8");
+	return {
+		response: new Response(renderResult.stream, {
+			status: defaultStatus,
+			headers: responseHeaders
+		}),
+		status: defaultStatus,
+		isRedirect: false,
+		isDenial: false
+	};
+}
+/**
+* Handle a render-phase signal and produce the correct HTTP response.
+*/
+function handleSignal(error, responseHeaders) {
+	if (error instanceof RedirectSignal) {
+		responseHeaders.set("Location", error.location);
+		return {
+			response: new Response(null, {
+				status: error.status,
+				headers: responseHeaders
+			}),
+			status: error.status,
+			isRedirect: true,
+			isDenial: false
+		};
+	}
+	if (error instanceof DenySignal) return {
+		response: new Response(null, {
+			status: error.status,
+			headers: responseHeaders
+		}),
+		status: error.status,
+		isRedirect: false,
+		isDenial: true
+	};
+	if (error instanceof RenderError) return {
+		response: new Response(null, {
+			status: error.status,
+			headers: responseHeaders
+		}),
+		status: error.status,
+		isRedirect: false,
+		isDenial: false
+	};
+	logRenderError({
+		method: "",
+		path: "",
+		error
+	});
+	return {
+		response: new Response(null, {
+			status: 500,
+			headers: responseHeaders
+		}),
+		status: 500,
+		isRedirect: false,
+		isDenial: false
+	};
+}
+//#endregion
+//#region src/server/csrf.ts
+/** HTTP methods that are considered safe (no mutation). */
+var SAFE_METHODS = new Set([
+	"GET",
+	"HEAD",
+	"OPTIONS"
+]);
+/**
+* Validate the Origin header against the request's Host.
+*
+* For mutation methods (POST, PUT, PATCH, DELETE):
+* - If `csrf: false`, skip validation.
+* - If `allowedOrigins` is set, Origin must match one exactly (no wildcards).
+* - Otherwise, Origin's host must match the request's Host header.
+*
+* Safe methods (GET, HEAD, OPTIONS) always pass.
+*/
+function validateCsrf(req, config) {
+	if (SAFE_METHODS.has(req.method)) return { ok: true };
+	if (config.csrf === false) return { ok: true };
+	const origin = req.headers.get("Origin");
+	if (!origin) return {
+		ok: false,
+		status: 403
+	};
+	if (config.allowedOrigins) return config.allowedOrigins.includes(origin) ? { ok: true } : {
+		ok: false,
+		status: 403
+	};
+	const host = req.headers.get("Host");
+	if (!host) return {
+		ok: false,
+		status: 403
+	};
+	let originHost;
+	try {
+		originHost = new URL(origin).host;
+	} catch {
+		return {
+			ok: false,
+			status: 403
+		};
+	}
+	return originHost === host ? { ok: true } : {
+		ok: false,
+		status: 403
+	};
+}
+//#endregion
+//#region src/server/body-limits.ts
+var KB = 1024;
+var MB = 1024 * KB;
+var GB = 1024 * MB;
+var DEFAULT_LIMITS = {
+	actionBodySize: 1 * MB,
+	uploadBodySize: 10 * MB,
+	maxFields: 100
+};
+var SIZE_PATTERN = /^(\d+(?:\.\d+)?)\s*(kb|mb|gb)?$/i;
+/** Parse a human-readable size string ("1mb", "512kb", "1024") into bytes. */
+function parseBodySize(size) {
+	const match = SIZE_PATTERN.exec(size.trim());
+	if (!match) throw new Error(`Invalid body size format: "${size}". Expected format like "1mb", "512kb", or "1024".`);
+	const value = Number.parseFloat(match[1]);
+	const unit = (match[2] ?? "").toLowerCase();
+	switch (unit) {
+		case "kb": return Math.floor(value * KB);
+		case "mb": return Math.floor(value * MB);
+		case "gb": return Math.floor(value * GB);
+		case "": return Math.floor(value);
+		default: throw new Error(`Unknown size unit: "${unit}"`);
+	}
+}
+/** Check whether a request body exceeds the configured size limit (stateless, no ALS). */
+function enforceBodyLimits(req, kind, config) {
+	const contentLength = req.headers.get("Content-Length");
+	if (!contentLength) return {
+		ok: false,
+		status: 411
+	};
+	const bodySize = Number.parseInt(contentLength, 10);
+	if (Number.isNaN(bodySize)) return {
+		ok: false,
+		status: 411
+	};
+	return bodySize <= resolveLimit(kind, config) ? { ok: true } : {
+		ok: false,
+		status: 413
+	};
+}
+/**
+* Resolve the byte limit for a given body kind, using config overrides or defaults.
+*/
+function resolveLimit(kind, config) {
+	const userLimits = config.limits;
+	if (kind === "action") return userLimits?.actionBodySize ? parseBodySize(userLimits.actionBodySize) : DEFAULT_LIMITS.actionBodySize;
+	return userLimits?.uploadBodySize ? parseBodySize(userLimits.uploadBodySize) : DEFAULT_LIMITS.uploadBodySize;
+}
+//#endregion
+//#region src/server/route-handler.ts
+/** All recognized HTTP method export names. */
+var HTTP_METHODS = [
+	"GET",
+	"POST",
+	"PUT",
+	"PATCH",
+	"DELETE",
+	"HEAD",
+	"OPTIONS"
+];
+/**
+* Resolve the full list of allowed methods for a route module.
+*
+* Includes:
+* - All explicitly exported methods
+* - HEAD (implicit when GET is exported)
+* - OPTIONS (always implicit)
+*/
+function resolveAllowedMethods(mod) {
+	const methods = [];
+	for (const method of HTTP_METHODS) {
+		if (method === "HEAD" || method === "OPTIONS") continue;
+		if (mod[method]) methods.push(method);
+	}
+	if (mod.GET && !mod.HEAD) methods.push("HEAD");
+	else if (mod.HEAD) methods.push("HEAD");
+	if (!mod.OPTIONS) methods.push("OPTIONS");
+	else methods.push("OPTIONS");
+	return methods;
+}
+/**
+* Handle an incoming request against a route.ts module.
+*
+* Dispatches to the named method handler, auto-generates 405/OPTIONS,
+* and merges response headers from ctx.headers.
+*/
+async function handleRouteRequest(mod, ctx) {
+	const method = ctx.req.method.toUpperCase();
+	const allowHeader = resolveAllowedMethods(mod).join(", ");
+	if (method === "OPTIONS") {
+		if (mod.OPTIONS) return runHandler(mod.OPTIONS, ctx);
+		return new Response(null, {
+			status: 204,
+			headers: { Allow: allowHeader }
+		});
+	}
+	if (method === "HEAD") {
+		if (mod.HEAD) return runHandler(mod.HEAD, ctx);
+		if (mod.GET) {
+			const res = await runHandler(mod.GET, ctx);
+			return new Response(null, {
+				status: res.status,
+				headers: res.headers
+			});
+		}
+	}
+	const handler = mod[method];
+	if (!handler) return new Response(null, {
+		status: 405,
+		headers: { Allow: allowHeader }
+	});
+	return runHandler(handler, ctx);
+}
+/**
+* Run a handler, merge ctx.headers into the response, and catch errors.
+*/
+async function runHandler(handler, ctx) {
+	try {
+		return mergeResponseHeaders(await handler(ctx), ctx.headers);
+	} catch (error) {
+		logRouteError({
+			method: ctx.req.method,
+			path: new URL(ctx.req.url).pathname,
+			error
+		});
+		return new Response(null, { status: 500 });
+	}
+}
+/**
+* Merge response headers from ctx.headers into the handler's response.
+* ctx.headers (set by middleware or the handler) are applied to the final response.
+* Handler-set headers take precedence over ctx.headers.
+*/
+function mergeResponseHeaders(res, ctxHeaders) {
+	let hasCtxHeaders = false;
+	ctxHeaders.forEach(() => {
+		hasCtxHeaders = true;
+	});
+	if (!hasCtxHeaders) return res;
+	const merged = new Headers();
+	ctxHeaders.forEach((value, key) => {
+		if (key.toLowerCase() === "set-cookie") merged.append(key, value);
+		else merged.set(key, value);
+	});
+	const resCookies = res.headers.getSetCookie();
+	for (const cookie of resCookies) merged.append("Set-Cookie", cookie);
+	res.headers.forEach((value, key) => {
+		if (key.toLowerCase() !== "set-cookie") merged.set(key, value);
+	});
+	return new Response(res.body, {
+		status: res.status,
+		statusText: res.statusText,
+		headers: merged
+	});
+}
+//#endregion
+//#region src/server/render-timeout.ts
+/**
+* Render timeout utilities for SSR streaming pipeline.
+*
+* Provides a RenderTimeoutError class and a helper to create
+* timeout-guarded AbortSignals. Used to defend against hung RSC
+* streams and infinite SSR renders.
+*
+* Design doc: 02-rendering-pipeline.md §"Streaming Constraints"
+*/
+/**
+* Error thrown when an SSR render or RSC stream read exceeds the
+* configured timeout. Callers can check `instanceof RenderTimeoutError`
+* to distinguish timeout from other errors and return a 504 or close
+* the connection cleanly.
+*/
+var RenderTimeoutError = class extends Error {
+	timeoutMs;
+	constructor(timeoutMs, context) {
+		const message = context ? `Render timeout after ${timeoutMs}ms: ${context}` : `Render timeout after ${timeoutMs}ms`;
+		super(message);
+		this.name = "RenderTimeoutError";
+		this.timeoutMs = timeoutMs;
+	}
+};
+//#endregion
+export { AccessGate, DEFAULT_LIMITS, DenySignal, METADATA_ROUTE_CONVENTIONS, RedirectSignal, RenderError, RenderTimeoutError, SlotAccessGate, WarningId, buildElementTree, buildNoJsResponse, callOnRequestError, canonicalize, classifyMetadataRoute, collectEarlyHintHeaders, createPipeline, enforceBodyLimits, executeAction, flushResponse, formatLinkHeader, generateTraceId, getLogger, getMetadataRouteAutoLink, getMetadataRouteServePath, getSetCookieHeaders, handleRouteRequest, hasOnRequestError, isRscActionRequest, loadInstrumentation, logCacheMiss, logMiddlewareError, logMiddlewareShortCircuit, logProxyError, logRenderError, logRequestCompleted, logRequestReceived, logSlowRequest, logSwrRefetchFailed, logWaitUntilRejected, logWaitUntilUnsupported, markResponseFlushed, parseBodySize, renderMetadataToElements, replaceTraceId, resolveAllowedMethods, resolveMetadata, resolveMetadataUrls, resolveSlotDenied, resolveStatusFile, resolveTitle, runMiddleware, runProxy, runWithEarlyHintsSender, runWithRequestContext, runWithTraceId, sendEarlyHints103, setLogger, setMutableCookieContext, setSegmentParams, setViteServer, validateCsrf, warnDenyInSuspense, warnRedirectInAccess, warnRedirectInSuspense, warnSlowSlotWithoutSuspense, warnStaticRequestApi, warnSuspenseWrappingChildren };
+
+//# sourceMappingURL=internal.js.map