npm - @timber-js/app - Versions diffs - 0.2.0-alpha.9 → 0.2.0-alpha.91 - Mend

@timber-js/app 0.2.0-alpha.9 → 0.2.0-alpha.91

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (619) hide show

package/dist/_chunks/actions-DLnUaR65.js +421 -0
package/dist/_chunks/actions-DLnUaR65.js.map +1 -0
package/dist/_chunks/{als-registry-B7DbZ2hS.js → als-registry-HS0LGUl2.js} +1 -1
package/dist/_chunks/als-registry-HS0LGUl2.js.map +1 -0
package/dist/_chunks/chunk-BYIpzuS7.js +39 -0
package/dist/_chunks/{debug-gwlJkDuf.js → debug-ECi_61pb.js} +2 -2
package/dist/_chunks/debug-ECi_61pb.js.map +1 -0
package/dist/_chunks/define-C77ScO0m.js +106 -0
package/dist/_chunks/define-C77ScO0m.js.map +1 -0
package/dist/_chunks/define-Itxvcd7F.js +199 -0
package/dist/_chunks/define-Itxvcd7F.js.map +1 -0
package/dist/_chunks/define-cookie-BowvzoP0.js +94 -0
package/dist/_chunks/define-cookie-BowvzoP0.js.map +1 -0
package/dist/_chunks/{format-DviM89f0.js → dev-warnings-DpGRGoDi.js} +5 -44
package/dist/_chunks/dev-warnings-DpGRGoDi.js.map +1 -0
package/dist/_chunks/format-CYBGxKtc.js +14 -0
package/dist/_chunks/format-CYBGxKtc.js.map +1 -0
package/dist/_chunks/{interception-BOoWmLUA.js → interception-ErnB33JX.js} +301 -133
package/dist/_chunks/interception-ErnB33JX.js.map +1 -0
package/dist/_chunks/merge-search-params-Cm_KIWDX.js +41 -0
package/dist/_chunks/merge-search-params-Cm_KIWDX.js.map +1 -0
package/dist/_chunks/{metadata-routes-Cjmvi3rQ.js → metadata-routes-DS3eKNmf.js} +1 -1
package/dist/_chunks/{metadata-routes-Cjmvi3rQ.js.map → metadata-routes-DS3eKNmf.js.map} +1 -1
package/dist/_chunks/request-context-CK5tZqIP.js +478 -0
package/dist/_chunks/request-context-CK5tZqIP.js.map +1 -0
package/dist/_chunks/schema-bridge-C3xl_vfb.js +86 -0
package/dist/_chunks/schema-bridge-C3xl_vfb.js.map +1 -0
package/dist/_chunks/segment-classify-BDNn6EzD.js +65 -0
package/dist/_chunks/segment-classify-BDNn6EzD.js.map +1 -0
package/dist/_chunks/segment-context-fHFLF1PE.js +34 -0
package/dist/_chunks/segment-context-fHFLF1PE.js.map +1 -0
package/dist/_chunks/{ssr-data-MjmprTmO.js → ssr-data-DzuI0bIV.js} +1 -1
package/dist/_chunks/{ssr-data-MjmprTmO.js.map → ssr-data-DzuI0bIV.js.map} +1 -1
package/dist/_chunks/stale-reload-BX5gL1r-.js +64 -0
package/dist/_chunks/stale-reload-BX5gL1r-.js.map +1 -0
package/dist/_chunks/{tracing-CemImE6h.js → tracing-CCYbKn5n.js} +60 -9
package/dist/_chunks/tracing-CCYbKn5n.js.map +1 -0
package/dist/_chunks/use-params-Br9YSUFV.js +295 -0
package/dist/_chunks/use-params-Br9YSUFV.js.map +1 -0
package/dist/_chunks/{use-query-states-D5KaffOK.js → use-query-states-BiV5GJgm.js} +7 -4
package/dist/_chunks/use-query-states-BiV5GJgm.js.map +1 -0
package/dist/adapters/cloudflare-dev.d.ts +109 -0
package/dist/adapters/cloudflare-dev.d.ts.map +1 -0
package/dist/adapters/cloudflare-dev.js +73 -0
package/dist/adapters/cloudflare-dev.js.map +1 -0
package/dist/adapters/cloudflare-kv-cache.d.ts +64 -0
package/dist/adapters/cloudflare-kv-cache.d.ts.map +1 -0
package/dist/adapters/cloudflare-kv-cache.js +95 -0
package/dist/adapters/cloudflare-kv-cache.js.map +1 -0
package/dist/adapters/cloudflare.d.ts +148 -12
package/dist/adapters/cloudflare.d.ts.map +1 -1
package/dist/adapters/cloudflare.js +135 -11
package/dist/adapters/cloudflare.js.map +1 -1
package/dist/adapters/compress-module.d.ts.map +1 -1
package/dist/adapters/nitro.d.ts +17 -1
package/dist/adapters/nitro.d.ts.map +1 -1
package/dist/adapters/nitro.js +56 -13
package/dist/adapters/nitro.js.map +1 -1
package/dist/cache/cache-api.d.ts +24 -0
package/dist/cache/cache-api.d.ts.map +1 -0
package/dist/cache/handler-store.d.ts +31 -0
package/dist/cache/handler-store.d.ts.map +1 -0
package/dist/cache/index.d.ts +23 -7
package/dist/cache/index.d.ts.map +1 -1
package/dist/cache/index.js +142 -80
package/dist/cache/index.js.map +1 -1
package/dist/cache/singleflight.d.ts +18 -1
package/dist/cache/singleflight.d.ts.map +1 -1
package/dist/cache/sizeof.d.ts +22 -0
package/dist/cache/sizeof.d.ts.map +1 -0
package/dist/cache/timber-cache.d.ts +1 -1
package/dist/cache/timber-cache.d.ts.map +1 -1
package/dist/cli.d.ts +6 -1
package/dist/cli.d.ts.map +1 -1
package/dist/cli.js +8 -3
package/dist/cli.js.map +1 -1
package/dist/client/browser-dev.d.ts +27 -1
package/dist/client/browser-dev.d.ts.map +1 -1
package/dist/client/browser-entry/action-dispatch.d.ts +17 -0
package/dist/client/browser-entry/action-dispatch.d.ts.map +1 -0
package/dist/client/browser-entry/hmr.d.ts +21 -0
package/dist/client/browser-entry/hmr.d.ts.map +1 -0
package/dist/client/browser-entry/hydrate.d.ts +46 -0
package/dist/client/browser-entry/hydrate.d.ts.map +1 -0
package/dist/client/browser-entry/index.d.ts +30 -0
package/dist/client/browser-entry/index.d.ts.map +1 -0
package/dist/client/browser-entry/post-hydration.d.ts +26 -0
package/dist/client/browser-entry/post-hydration.d.ts.map +1 -0
package/dist/client/browser-entry/router-init.d.ts +23 -0
package/dist/client/browser-entry/router-init.d.ts.map +1 -0
package/dist/client/browser-entry/rsc-stream.d.ts +24 -0
package/dist/client/browser-entry/rsc-stream.d.ts.map +1 -0
package/dist/client/browser-entry/scroll.d.ts +19 -0
package/dist/client/browser-entry/scroll.d.ts.map +1 -0
package/dist/client/error-boundary.d.ts +12 -5
package/dist/client/error-boundary.d.ts.map +1 -1
package/dist/client/error-boundary.js +10 -4
package/dist/client/error-boundary.js.map +1 -1
package/dist/client/error-reconstituter.d.ts +54 -0
package/dist/client/error-reconstituter.d.ts.map +1 -0
package/dist/client/form.d.ts +6 -3
package/dist/client/form.d.ts.map +1 -1
package/dist/client/history.d.ts +19 -4
package/dist/client/history.d.ts.map +1 -1
package/dist/client/index.d.ts +9 -21
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +229 -1018
package/dist/client/index.js.map +1 -1
package/dist/client/internal.d.ts +18 -0
package/dist/client/internal.d.ts.map +1 -0
package/dist/client/internal.js +890 -0
package/dist/client/internal.js.map +1 -0
package/dist/client/link-pending-store.d.ts +63 -0
package/dist/client/link-pending-store.d.ts.map +1 -0
package/dist/client/link.d.ts +62 -55
package/dist/client/link.d.ts.map +1 -1
package/dist/client/nav-link-store.d.ts +36 -0
package/dist/client/nav-link-store.d.ts.map +1 -0
package/dist/client/navigation-api-types.d.ts +90 -0
package/dist/client/navigation-api-types.d.ts.map +1 -0
package/dist/client/navigation-api.d.ts +115 -0
package/dist/client/navigation-api.d.ts.map +1 -0
package/dist/client/navigation-context.d.ts +13 -2
package/dist/client/navigation-context.d.ts.map +1 -1
package/dist/client/{transition-root.d.ts → navigation-root.d.ts} +42 -8
package/dist/client/navigation-root.d.ts.map +1 -0
package/dist/client/nuqs-adapter.d.ts.map +1 -1
package/dist/client/router-ref.d.ts +1 -1
package/dist/client/router.d.ts +70 -4
package/dist/client/router.d.ts.map +1 -1
package/dist/client/rsc-fetch.d.ts +38 -3
package/dist/client/rsc-fetch.d.ts.map +1 -1
package/dist/client/segment-cache.d.ts +1 -1
package/dist/client/segment-cache.d.ts.map +1 -1
package/dist/client/segment-outlet.d.ts +63 -0
package/dist/client/segment-outlet.d.ts.map +1 -0
package/dist/client/ssr-data.d.ts +13 -4
package/dist/client/ssr-data.d.ts.map +1 -1
package/dist/client/stale-reload.d.ts +15 -0
package/dist/client/stale-reload.d.ts.map +1 -1
package/dist/client/top-loader.d.ts +5 -5
package/dist/client/top-loader.d.ts.map +1 -1
package/dist/client/use-link-status.d.ts +5 -5
package/dist/client/use-link-status.d.ts.map +1 -1
package/dist/client/use-params.d.ts +6 -4
package/dist/client/use-params.d.ts.map +1 -1
package/dist/client/{use-navigation-pending.d.ts → use-pending-navigation.d.ts} +4 -4
package/dist/client/use-pending-navigation.d.ts.map +1 -0
package/dist/client/use-query-states.d.ts +1 -1
package/dist/client/use-query-states.d.ts.map +1 -1
package/dist/client/use-router.d.ts +1 -1
package/dist/codec.d.ts +33 -0
package/dist/codec.d.ts.map +1 -0
package/dist/codec.js +2 -0
package/dist/config-types.d.ts +266 -0
package/dist/config-types.d.ts.map +1 -0
package/dist/config-validation.d.ts +51 -0
package/dist/config-validation.d.ts.map +1 -0
package/dist/content/index.d.ts +1 -10
package/dist/content/index.d.ts.map +1 -1
package/dist/content/index.js +0 -2
package/dist/cookies/define-cookie.d.ts +35 -14
package/dist/cookies/define-cookie.d.ts.map +1 -1
package/dist/cookies/index.js +1 -83
package/dist/fonts/bundle.d.ts +48 -0
package/dist/fonts/bundle.d.ts.map +1 -0
package/dist/fonts/css.d.ts +1 -0
package/dist/fonts/css.d.ts.map +1 -1
package/dist/fonts/dev-middleware.d.ts +22 -0
package/dist/fonts/dev-middleware.d.ts.map +1 -0
package/dist/fonts/pipeline.d.ts +138 -0
package/dist/fonts/pipeline.d.ts.map +1 -0
package/dist/fonts/transform.d.ts +72 -0
package/dist/fonts/transform.d.ts.map +1 -0
package/dist/fonts/types.d.ts +45 -1
package/dist/fonts/types.d.ts.map +1 -1
package/dist/fonts/virtual-modules.d.ts +59 -0
package/dist/fonts/virtual-modules.d.ts.map +1 -0
package/dist/index.d.ts +45 -190
package/dist/index.d.ts.map +1 -1
package/dist/index.js +4294 -2453
package/dist/index.js.map +1 -1
package/dist/plugin-context.d.ts +107 -0
package/dist/plugin-context.d.ts.map +1 -0
package/dist/plugins/adapter-build.d.ts +1 -1
package/dist/plugins/adapter-build.d.ts.map +1 -1
package/dist/plugins/build-manifest.d.ts +2 -2
package/dist/plugins/build-manifest.d.ts.map +1 -1
package/dist/plugins/build-report.d.ts +3 -3
package/dist/plugins/build-report.d.ts.map +1 -1
package/dist/plugins/client-chunks.d.ts +32 -0
package/dist/plugins/client-chunks.d.ts.map +1 -0
package/dist/plugins/content.d.ts +1 -1
package/dist/plugins/content.d.ts.map +1 -1
package/dist/plugins/dev-404-page.d.ts +56 -0
package/dist/plugins/dev-404-page.d.ts.map +1 -0
package/dist/plugins/dev-browser-logs.d.ts +84 -0
package/dist/plugins/dev-browser-logs.d.ts.map +1 -0
package/dist/plugins/dev-error-overlay.d.ts +49 -9
package/dist/plugins/dev-error-overlay.d.ts.map +1 -1
package/dist/plugins/dev-error-page.d.ts +58 -0
package/dist/plugins/dev-error-page.d.ts.map +1 -0
package/dist/plugins/dev-logs.d.ts +1 -1
package/dist/plugins/dev-logs.d.ts.map +1 -1
package/dist/plugins/dev-server.d.ts +1 -1
package/dist/plugins/dev-server.d.ts.map +1 -1
package/dist/plugins/dev-terminal-error.d.ts +28 -0
package/dist/plugins/dev-terminal-error.d.ts.map +1 -0
package/dist/plugins/entries.d.ts +1 -1
package/dist/plugins/entries.d.ts.map +1 -1
package/dist/plugins/fonts.d.ts +17 -73
package/dist/plugins/fonts.d.ts.map +1 -1
package/dist/plugins/mdx.d.ts +1 -1
package/dist/plugins/mdx.d.ts.map +1 -1
package/dist/plugins/routing.d.ts +1 -1
package/dist/plugins/routing.d.ts.map +1 -1
package/dist/plugins/server-bundle.d.ts.map +1 -1
package/dist/plugins/shims.d.ts +6 -5
package/dist/plugins/shims.d.ts.map +1 -1
package/dist/plugins/static-build.d.ts +4 -4
package/dist/plugins/static-build.d.ts.map +1 -1
package/dist/routing/codegen-shared.d.ts +38 -0
package/dist/routing/codegen-shared.d.ts.map +1 -0
package/dist/routing/codegen-types.d.ts +36 -0
package/dist/routing/codegen-types.d.ts.map +1 -0
package/dist/routing/codegen.d.ts +2 -2
package/dist/routing/codegen.d.ts.map +1 -1
package/dist/routing/convention-lint.d.ts +41 -0
package/dist/routing/convention-lint.d.ts.map +1 -0
package/dist/routing/index.d.ts +2 -0
package/dist/routing/index.d.ts.map +1 -1
package/dist/routing/index.js +3 -2
package/dist/routing/link-codegen.d.ts +90 -0
package/dist/routing/link-codegen.d.ts.map +1 -0
package/dist/routing/scanner.d.ts.map +1 -1
package/dist/routing/segment-classify.d.ts +46 -0
package/dist/routing/segment-classify.d.ts.map +1 -0
package/dist/routing/status-file-lint.d.ts +2 -1
package/dist/routing/status-file-lint.d.ts.map +1 -1
package/dist/routing/types.d.ts +16 -4
package/dist/routing/types.d.ts.map +1 -1
package/dist/rsc-runtime/rsc.d.ts +1 -1
package/dist/rsc-runtime/rsc.d.ts.map +1 -1
package/dist/rsc-runtime/ssr.d.ts +12 -0
package/dist/rsc-runtime/ssr.d.ts.map +1 -1
package/dist/schema-bridge.d.ts +76 -0
package/dist/schema-bridge.d.ts.map +1 -0
package/dist/search-params/define.d.ts +139 -0
package/dist/search-params/define.d.ts.map +1 -0
package/dist/search-params/index.d.ts +4 -7
package/dist/search-params/index.d.ts.map +1 -1
package/dist/search-params/index.js +32 -441
package/dist/search-params/index.js.map +1 -1
package/dist/search-params/registry.d.ts +2 -2
package/dist/search-params/registry.d.ts.map +1 -1
package/dist/search-params/wrappers.d.ts +53 -0
package/dist/search-params/wrappers.d.ts.map +1 -0
package/dist/segment-params/define.d.ts +78 -0
package/dist/segment-params/define.d.ts.map +1 -0
package/dist/segment-params/index.d.ts +3 -0
package/dist/segment-params/index.d.ts.map +1 -0
package/dist/segment-params/index.js +2 -0
package/dist/server/access-gate.d.ts +4 -0
package/dist/server/access-gate.d.ts.map +1 -1
package/dist/server/action-client.d.ts +41 -6
package/dist/server/action-client.d.ts.map +1 -1
package/dist/server/action-encryption.d.ts +76 -0
package/dist/server/action-encryption.d.ts.map +1 -0
package/dist/server/action-handler.d.ts +7 -0
package/dist/server/action-handler.d.ts.map +1 -1
package/dist/server/actions.d.ts +3 -6
package/dist/server/actions.d.ts.map +1 -1
package/dist/server/als-registry.d.ts +32 -4
package/dist/server/als-registry.d.ts.map +1 -1
package/dist/server/build-manifest.d.ts +2 -2
package/dist/server/build-manifest.d.ts.map +1 -1
package/dist/server/debug.d.ts +1 -1
package/dist/server/default-logger.d.ts +22 -0
package/dist/server/default-logger.d.ts.map +1 -0
package/dist/server/deny-page-resolver.d.ts +52 -0
package/dist/server/deny-page-resolver.d.ts.map +1 -0
package/dist/server/deny-renderer.d.ts.map +1 -1
package/dist/server/dev-holding-server.d.ts +52 -0
package/dist/server/dev-holding-server.d.ts.map +1 -0
package/dist/server/dev-source-map.d.ts +22 -0
package/dist/server/dev-source-map.d.ts.map +1 -0
package/dist/server/dev-warnings.d.ts +1 -21
package/dist/server/dev-warnings.d.ts.map +1 -1
package/dist/server/early-hints.d.ts +13 -5
package/dist/server/early-hints.d.ts.map +1 -1
package/dist/server/error-boundary-wrapper.d.ts +7 -1
package/dist/server/error-boundary-wrapper.d.ts.map +1 -1
package/dist/server/fallback-error.d.ts +12 -7
package/dist/server/fallback-error.d.ts.map +1 -1
package/dist/server/flight-injection-state.d.ts +66 -0
package/dist/server/flight-injection-state.d.ts.map +1 -0
package/dist/server/flight-scripts.d.ts +42 -0
package/dist/server/flight-scripts.d.ts.map +1 -0
package/dist/server/flush.d.ts.map +1 -1
package/dist/server/form-data.d.ts +29 -0
package/dist/server/form-data.d.ts.map +1 -1
package/dist/server/html-injectors.d.ts +51 -11
package/dist/server/html-injectors.d.ts.map +1 -1
package/dist/server/index.d.ts +5 -43
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +195 -2800
package/dist/server/index.js.map +1 -1
package/dist/server/internal.d.ts +46 -0
package/dist/server/internal.d.ts.map +1 -0
package/dist/server/internal.js +2900 -0
package/dist/server/internal.js.map +1 -0
package/dist/server/logger.d.ts +25 -7
package/dist/server/logger.d.ts.map +1 -1
package/dist/server/middleware-runner.d.ts +19 -4
package/dist/server/middleware-runner.d.ts.map +1 -1
package/dist/server/node-stream-transforms.d.ts +113 -0
package/dist/server/node-stream-transforms.d.ts.map +1 -0
package/dist/server/page-deny-boundary.d.ts +31 -0
package/dist/server/page-deny-boundary.d.ts.map +1 -0
package/dist/server/pipeline-interception.d.ts +1 -1
package/dist/server/pipeline-interception.d.ts.map +1 -1
package/dist/server/pipeline-metadata.d.ts +6 -0
package/dist/server/pipeline-metadata.d.ts.map +1 -1
package/dist/server/pipeline.d.ts +52 -10
package/dist/server/pipeline.d.ts.map +1 -1
package/dist/server/primitives.d.ts +69 -18
package/dist/server/primitives.d.ts.map +1 -1
package/dist/server/render-timeout.d.ts +51 -0
package/dist/server/render-timeout.d.ts.map +1 -0
package/dist/server/request-context.d.ts +112 -43
package/dist/server/request-context.d.ts.map +1 -1
package/dist/server/route-element-builder.d.ts +27 -1
package/dist/server/route-element-builder.d.ts.map +1 -1
package/dist/server/route-handler.d.ts.map +1 -1
package/dist/server/route-matcher.d.ts +16 -2
package/dist/server/route-matcher.d.ts.map +1 -1
package/dist/server/rsc-entry/api-handler.d.ts +2 -2
package/dist/server/rsc-entry/api-handler.d.ts.map +1 -1
package/dist/server/rsc-entry/error-renderer.d.ts +26 -13
package/dist/server/rsc-entry/error-renderer.d.ts.map +1 -1
package/dist/server/rsc-entry/helpers.d.ts +48 -5
package/dist/server/rsc-entry/helpers.d.ts.map +1 -1
package/dist/server/rsc-entry/index.d.ts +20 -3
package/dist/server/rsc-entry/index.d.ts.map +1 -1
package/dist/server/rsc-entry/rsc-payload.d.ts +3 -3
package/dist/server/rsc-entry/rsc-payload.d.ts.map +1 -1
package/dist/server/rsc-entry/rsc-stream.d.ts +14 -1
package/dist/server/rsc-entry/rsc-stream.d.ts.map +1 -1
package/dist/server/rsc-entry/ssr-bridge.d.ts +1 -1
package/dist/server/rsc-entry/ssr-bridge.d.ts.map +1 -1
package/dist/server/rsc-entry/ssr-renderer.d.ts +19 -4
package/dist/server/rsc-entry/ssr-renderer.d.ts.map +1 -1
package/dist/server/safe-load.d.ts +46 -0
package/dist/server/safe-load.d.ts.map +1 -0
package/dist/server/sensitive-fields.d.ts +74 -0
package/dist/server/sensitive-fields.d.ts.map +1 -0
package/dist/server/sitemap-generator.d.ts +129 -0
package/dist/server/sitemap-generator.d.ts.map +1 -0
package/dist/server/sitemap-handler.d.ts +22 -0
package/dist/server/sitemap-handler.d.ts.map +1 -0
package/dist/server/slot-resolver.d.ts +1 -1
package/dist/server/slot-resolver.d.ts.map +1 -1
package/dist/server/ssr-entry.d.ts +23 -0
package/dist/server/ssr-entry.d.ts.map +1 -1
package/dist/server/ssr-render.d.ts +39 -21
package/dist/server/ssr-render.d.ts.map +1 -1
package/dist/server/ssr-wrappers.d.ts +50 -0
package/dist/server/ssr-wrappers.d.ts.map +1 -0
package/dist/server/status-code-resolver.d.ts +1 -1
package/dist/server/status-code-resolver.d.ts.map +1 -1
package/dist/server/stream-utils.d.ts +36 -0
package/dist/server/stream-utils.d.ts.map +1 -0
package/dist/server/tracing.d.ts +4 -4
package/dist/server/tracing.d.ts.map +1 -1
package/dist/server/tree-builder.d.ts +22 -19
package/dist/server/tree-builder.d.ts.map +1 -1
package/dist/server/types.d.ts +1 -4
package/dist/server/types.d.ts.map +1 -1
package/dist/server/version-skew.d.ts +61 -0
package/dist/server/version-skew.d.ts.map +1 -0
package/dist/shared/merge-search-params.d.ts +22 -0
package/dist/shared/merge-search-params.d.ts.map +1 -0
package/dist/shims/font-google.d.ts +1 -1
package/dist/shims/font-google.d.ts.map +1 -1
package/dist/shims/font-google.js +42 -0
package/dist/shims/font-google.js.map +1 -0
package/dist/shims/font-local.d.ts +26 -0
package/dist/shims/font-local.d.ts.map +1 -0
package/dist/shims/font-local.js +20 -0
package/dist/shims/font-local.js.map +1 -0
package/dist/shims/headers.d.ts +2 -1
package/dist/shims/headers.d.ts.map +1 -1
package/dist/shims/navigation-client.d.ts +1 -1
package/dist/shims/navigation-client.d.ts.map +1 -1
package/dist/shims/navigation.d.ts +3 -2
package/dist/shims/navigation.d.ts.map +1 -1
package/dist/utils/directive-parser.d.ts +5 -2
package/dist/utils/directive-parser.d.ts.map +1 -1
package/dist/utils/state-machine.d.ts +80 -0
package/dist/utils/state-machine.d.ts.map +1 -0
package/package.json +51 -16
package/src/adapters/cloudflare-dev.ts +177 -0
package/src/adapters/cloudflare-kv-cache.ts +142 -0
package/src/adapters/cloudflare.ts +342 -28
package/src/adapters/compress-module.ts +24 -4
package/src/adapters/nitro.ts +52 -8
package/src/adapters/wrangler.d.ts +7 -0
package/src/cache/cache-api.ts +38 -0
package/src/cache/handler-store.ts +68 -0
package/src/cache/index.ts +81 -18
package/src/cache/singleflight.ts +62 -4
package/src/cache/sizeof.ts +31 -0
package/src/cache/timber-cache.ts +24 -20
package/src/cli.ts +16 -6
package/src/client/browser-dev.ts +128 -1
package/src/client/browser-entry/action-dispatch.ts +116 -0
package/src/client/browser-entry/hmr.ts +81 -0
package/src/client/browser-entry/hydrate.ts +145 -0
package/src/client/browser-entry/index.ts +143 -0
package/src/client/browser-entry/post-hydration.ts +119 -0
package/src/client/browser-entry/router-init.ts +193 -0
package/src/client/browser-entry/rsc-stream.ts +157 -0
package/src/client/browser-entry/scroll.ts +27 -0
package/src/client/error-boundary.tsx +48 -16
package/src/client/error-reconstituter.tsx +65 -0
package/src/client/form.tsx +14 -7
package/src/client/history.ts +26 -4
package/src/client/index.ts +65 -38
package/src/client/internal.ts +57 -0
package/src/client/link-pending-store.ts +111 -0
package/src/client/link.tsx +342 -113
package/src/client/nav-link-store.ts +47 -0
package/src/client/navigation-api-types.ts +112 -0
package/src/client/navigation-api.ts +332 -0
package/src/client/navigation-context.ts +31 -6
package/src/client/navigation-root.tsx +342 -0
package/src/client/nuqs-adapter.tsx +16 -3
package/src/client/router-ref.ts +1 -1
package/src/client/router.ts +299 -72
package/src/client/rsc-fetch.ts +97 -8
package/src/client/segment-cache.ts +1 -1
package/src/client/segment-outlet.tsx +86 -0
package/src/client/ssr-data.ts +13 -5
package/src/client/stale-reload.ts +72 -3
package/src/client/top-loader.tsx +18 -6
package/src/client/use-link-status.ts +7 -7
package/src/client/use-params.ts +7 -5
package/src/client/{use-navigation-pending.ts → use-pending-navigation.ts} +6 -6
package/src/client/use-query-states.ts +9 -3
package/src/client/use-router.ts +1 -1
package/src/codec.ts +49 -0
package/src/config-types.ts +264 -0
package/src/config-validation.ts +303 -0
package/src/content/index.ts +5 -13
package/src/cookies/define-cookie.ts +78 -25
package/src/cookies/index.ts +8 -0
package/src/fonts/bundle.ts +142 -0
package/src/fonts/css.ts +2 -1
package/src/fonts/dev-middleware.ts +74 -0
package/src/fonts/pipeline.ts +275 -0
package/src/fonts/transform.ts +353 -0
package/src/fonts/types.ts +50 -1
package/src/fonts/virtual-modules.ts +159 -0
package/src/index.ts +314 -355
package/src/plugin-context.ts +240 -0
package/src/plugins/adapter-build.ts +9 -3
package/src/plugins/build-manifest.ts +13 -2
package/src/plugins/build-report.ts +3 -3
package/src/plugins/client-chunks.ts +65 -0
package/src/plugins/content.ts +1 -1
package/src/plugins/dev-404-page.ts +418 -0
package/src/plugins/dev-browser-logs.ts +288 -0
package/src/plugins/dev-error-overlay.ts +286 -42
package/src/plugins/dev-error-page.ts +536 -0
package/src/plugins/dev-logs.ts +1 -1
package/src/plugins/dev-server.ts +146 -19
package/src/plugins/dev-terminal-error.ts +217 -0
package/src/plugins/entries.ts +111 -10
package/src/plugins/fonts.ts +133 -638
package/src/plugins/mdx.ts +1 -1
package/src/plugins/routing.ts +213 -31
package/src/plugins/server-action-exports.ts +1 -1
package/src/plugins/server-bundle.ts +32 -1
package/src/plugins/shims.ts +136 -35
package/src/plugins/static-build.ts +17 -11
package/src/routing/codegen-shared.ts +74 -0
package/src/routing/codegen-types.ts +37 -0
package/src/routing/codegen.ts +112 -173
package/src/routing/convention-lint.ts +356 -0
package/src/routing/index.ts +2 -0
package/src/routing/link-codegen.ts +262 -0
package/src/routing/scanner.ts +93 -23
package/src/routing/segment-classify.ts +89 -0
package/src/routing/status-file-lint.ts +3 -2
package/src/routing/types.ts +17 -4
package/src/rsc-runtime/rsc.ts +2 -0
package/src/rsc-runtime/ssr.ts +50 -0
package/src/rsc-runtime/vendor-types.d.ts +7 -0
package/src/{search-params/codecs.ts → schema-bridge.ts} +57 -20
package/src/search-params/define.ts +482 -0
package/src/search-params/index.ts +14 -20
package/src/search-params/registry.ts +2 -2
package/src/search-params/wrappers.ts +85 -0
package/src/segment-params/define.ts +279 -0
package/src/segment-params/index.ts +9 -0
package/src/server/access-gate.tsx +70 -29
package/src/server/action-client.ts +88 -15
package/src/server/action-encryption.ts +144 -0
package/src/server/action-handler.ts +53 -6
package/src/server/actions.ts +10 -9
package/src/server/als-registry.ts +34 -6
package/src/server/build-manifest.ts +10 -4
package/src/server/compress.ts +25 -7
package/src/server/debug.ts +1 -1
package/src/server/default-logger.ts +99 -0
package/src/server/deny-page-resolver.ts +154 -0
package/src/server/deny-renderer.ts +24 -38
package/src/server/dev-holding-server.ts +185 -0
package/src/server/dev-source-map.ts +31 -0
package/src/server/dev-warnings.ts +4 -49
package/src/server/early-hints.ts +36 -15
package/src/server/error-boundary-wrapper.ts +74 -22
package/src/server/fallback-error.ts +74 -102
package/src/server/flight-injection-state.ts +113 -0
package/src/server/flight-scripts.ts +62 -0
package/src/server/flush.ts +2 -1
package/src/server/form-data.ts +76 -0
package/src/server/html-injectors.ts +280 -120
package/src/server/index.ts +25 -177
package/src/server/internal.ts +169 -0
package/src/server/logger.ts +44 -36
package/src/server/middleware-runner.ts +31 -4
package/src/server/node-stream-transforms.ts +509 -0
package/src/server/page-deny-boundary.tsx +56 -0
package/src/server/pipeline-interception.ts +17 -16
package/src/server/pipeline-metadata.ts +13 -0
package/src/server/pipeline.ts +261 -66
package/src/server/primitives.ts +111 -28
package/src/server/render-timeout.ts +108 -0
package/src/server/request-context.ts +293 -132
package/src/server/route-element-builder.ts +283 -191
package/src/server/route-handler.ts +24 -4
package/src/server/route-matcher.ts +31 -20
package/src/server/rsc-entry/api-handler.ts +15 -16
package/src/server/rsc-entry/error-renderer.ts +305 -89
package/src/server/rsc-entry/helpers.ts +134 -5
package/src/server/rsc-entry/index.ts +304 -111
package/src/server/rsc-entry/rsc-payload.ts +65 -18
package/src/server/rsc-entry/rsc-stream.ts +81 -13
package/src/server/rsc-entry/ssr-bridge.ts +14 -5
package/src/server/rsc-entry/ssr-renderer.ts +171 -38
package/src/server/safe-load.ts +60 -0
package/src/server/sensitive-fields.ts +230 -0
package/src/server/sitemap-generator.ts +338 -0
package/src/server/sitemap-handler.ts +126 -0
package/src/server/slot-resolver.ts +244 -229
package/src/server/ssr-entry.ts +215 -32
package/src/server/ssr-render.ts +289 -67
package/src/server/ssr-wrappers.tsx +139 -0
package/src/server/status-code-resolver.ts +1 -1
package/src/server/stream-utils.ts +213 -0
package/src/server/tracing.ts +20 -9
package/src/server/tree-builder.ts +92 -58
package/src/server/types.ts +3 -6
package/src/server/version-skew.ts +104 -0
package/src/shared/merge-search-params.ts +55 -0
package/src/shims/font-google.ts +1 -1
package/src/shims/font-local.ts +34 -0
package/src/shims/headers.ts +5 -1
package/src/shims/navigation-client.ts +1 -1
package/src/shims/navigation.ts +7 -2
package/src/utils/directive-parser.ts +5 -2
package/src/utils/state-machine.ts +111 -0
package/dist/_chunks/als-registry-B7DbZ2hS.js.map +0 -1
package/dist/_chunks/debug-gwlJkDuf.js.map +0 -1
package/dist/_chunks/format-DviM89f0.js.map +0 -1
package/dist/_chunks/interception-BOoWmLUA.js.map +0 -1
package/dist/_chunks/request-context-DIkVh_jG.js +0 -330
package/dist/_chunks/request-context-DIkVh_jG.js.map +0 -1
package/dist/_chunks/tracing-CemImE6h.js.map +0 -1
package/dist/_chunks/use-cookie-DX-l1_5E.js +0 -91
package/dist/_chunks/use-cookie-DX-l1_5E.js.map +0 -1
package/dist/_chunks/use-query-states-D5KaffOK.js.map +0 -1
package/dist/cache/register-cached-function.d.ts +0 -17
package/dist/cache/register-cached-function.d.ts.map +0 -1
package/dist/client/browser-entry.d.ts +0 -21
package/dist/client/browser-entry.d.ts.map +0 -1
package/dist/client/link-status-provider.d.ts +0 -11
package/dist/client/link-status-provider.d.ts.map +0 -1
package/dist/client/transition-root.d.ts.map +0 -1
package/dist/client/use-navigation-pending.d.ts.map +0 -1
package/dist/cookies/index.js.map +0 -1
package/dist/plugins/cache-transform.d.ts +0 -36
package/dist/plugins/cache-transform.d.ts.map +0 -1
package/dist/plugins/dynamic-transform.d.ts +0 -72
package/dist/plugins/dynamic-transform.d.ts.map +0 -1
package/dist/search-params/analyze.d.ts +0 -54
package/dist/search-params/analyze.d.ts.map +0 -1
package/dist/search-params/builtin-codecs.d.ts +0 -105
package/dist/search-params/builtin-codecs.d.ts.map +0 -1
package/dist/search-params/codecs.d.ts +0 -53
package/dist/search-params/codecs.d.ts.map +0 -1
package/dist/search-params/create.d.ts +0 -106
package/dist/search-params/create.d.ts.map +0 -1
package/dist/server/prerender.d.ts +0 -77
package/dist/server/prerender.d.ts.map +0 -1
package/dist/server/response-cache.d.ts +0 -54
package/dist/server/response-cache.d.ts.map +0 -1
package/src/cache/register-cached-function.ts +0 -103
package/src/client/browser-entry.ts +0 -678
package/src/client/link-status-provider.tsx +0 -30
package/src/client/transition-root.tsx +0 -166
package/src/plugins/cache-transform.ts +0 -199
package/src/plugins/dynamic-transform.ts +0 -161
package/src/search-params/analyze.ts +0 -192
package/src/search-params/builtin-codecs.ts +0 -228
package/src/search-params/create.ts +0 -321
package/src/server/prerender.ts +0 -139
package/src/server/response-cache.ts +0 -410

package/src/server/action-encryption.ts ADDED Viewed

@@ -0,0 +1,144 @@
+/**
+ * Server action bound args encryption utilities.
+ *
+ * Provides key management for the RSC plugin's built-in bound args encryption.
+ * The RSC plugin (@vitejs/plugin-rsc) handles the actual encrypt/decrypt via
+ * AES-256-GCM — this module handles:
+ *
+ * 1. Key sourcing: auto-generated at build time (embedded in bundle), overridable
+ *    via env var for cross-build key sharing (rolling/blue-green deployments)
+ * 2. Build-time key expression generation for the RSC plugin's `defineEncryptionKey`
+ *
+ * Encryption is always on in production. In dev mode, it's on by default
+ * (matching the RSC plugin's behavior) but can be disabled for debugging.
+ *
+ * ## Known Security Considerations
+ *
+ * 1. **defineEncryptionKey is a raw JS expression.** The RSC plugin inlines it
+ *    verbatim into generated code. We only emit the hardcoded string
+ *    `process.env.TIMBER_ACTIONS_ENCRYPTION_KEY` — never user-controlled input.
+ *    If this function is ever extended to accept configurable env var names,
+ *    the expression MUST be validated against a safe pattern.
+ *
+ * 2. **Key material lives in GC-visible JS strings.** `atob()` decodes the key
+ *    into a regular JavaScript string on the V8 heap. JavaScript has no
+ *    `SecureString` or memory-zeroing primitive — this is an inherent platform
+ *    limitation. Acceptable for web server use; would need review for FIPS.
+ *
+ * 3. **TIMBER_ACTIONS_ENCRYPTION_KEY must be set at both build time and runtime.**
+ *    At build time, we validate the key format and emit a runtime expression.
+ *    If the env var is present at build time but missing at runtime, the server
+ *    will crash on first action invocation with an opaque `atob(undefined)` error.
+ *    If the env var is present at runtime but was absent at build time, the RSC
+ *    plugin will have generated its own key and the env var is silently ignored.
+ *
+ * See design/08-forms-and-actions.md §"Security"
+ * See design/13-security.md
+ */
+// ─── Types ────────────────────────────────────────────────────────────────
+/** User-facing configuration for action bound args encryption. */
+export interface ActionEncryptionConfig {
+  /**
+   * Disable encryption in dev mode for easier debugging.
+   * Has no effect in production — encryption is always enabled.
+   * Default: false (encryption is on in dev too).
+   */
+  disableInDev?: boolean;
+}
+// ─── Key Resolution ───────────────────────────────────────────────────────
+/**
+ * Regex for safe `defineEncryptionKey` expressions.
+ *
+ * The RSC plugin inlines this expression verbatim into generated JavaScript.
+ * We restrict it to `process.env.<UPPER_SNAKE_CASE>` to prevent code injection.
+ * See "Known Security Considerations" at the top of this file.
+ */
+const SAFE_KEY_EXPR = /^process\.env\.[A-Z_][A-Z0-9_]*$/;
+/**
+ * Build the `defineEncryptionKey` expression for the RSC plugin.
+ *
+ * The RSC plugin accepts a JavaScript expression string that will be
+ * inlined into the encryption runtime module. At runtime, this expression
+ * must evaluate to the base64-encoded encryption key.
+ *
+ * Priority:
+ * 1. `TIMBER_ACTIONS_ENCRYPTION_KEY` env var (for cross-build key sharing
+ *    in rolling/blue-green deployments)
+ * 2. Auto-generated at build time (RSC plugin default — embedded in bundle,
+ *    consistent across all instances of the same build)
+ *
+ * For env var keys, we generate a runtime expression that reads the env var.
+ * For auto-generated keys, we return undefined and let the RSC plugin handle it.
+ */
+export function resolveEncryptionKeyExpression(): string | undefined {
+  // Check for env var override — used for cross-build key sharing where
+  // multiple builds must agree on the same encryption key.
+  const envKey = process.env.TIMBER_ACTIONS_ENCRYPTION_KEY;
+  if (envKey) {
+    // Validate the key format (must be base64-encoded 32-byte key)
+    validateKeyFormat(envKey);
+    // Return a runtime expression that reads the env var at startup.
+    // This ensures the key is read at runtime, not embedded in the build.
+    const expr = 'process.env.TIMBER_ACTIONS_ENCRYPTION_KEY';
+    // Defense-in-depth: validate the expression matches our safe pattern.
+    // This is redundant today (hardcoded string), but protects against
+    // future refactors that might make the expression configurable.
+    if (!SAFE_KEY_EXPR.test(expr)) {
+      throw new Error(`Unsafe encryption key expression: ${expr}`);
+    }
+    return expr;
+  }
+  // No override — let the RSC plugin auto-generate a per-build key
+  return undefined;
+}
+/**
+ * Determine whether action encryption should be enabled.
+ *
+ * Encryption is always enabled in production. In dev mode, it's enabled
+ * by default but can be disabled via config for debugging.
+ */
+export function shouldEnableEncryption(isDev: boolean, config?: ActionEncryptionConfig): boolean {
+  if (!isDev) return true; // Always on in production
+  if (config?.disableInDev) return false; // Opt-out in dev
+  return true; // On by default in dev too
+}
+// ─── Key Validation ───────────────────────────────────────────────────────
+/**
+ * Validate that a key string is a valid base64-encoded 256-bit key.
+ * Throws a descriptive error if the key is malformed.
+ */
+export function validateKeyFormat(key: string): void {
+  // Decode base64 and check length (32 bytes = 256 bits)
+  try {
+    const decoded = atob(key);
+    const bytes = decoded.length;
+    if (bytes !== 32) {
+      throw new Error(
+        `TIMBER_ACTIONS_ENCRYPTION_KEY must be a base64-encoded 256-bit (32-byte) key. ` +
+          `Got ${bytes} bytes. Generate one with: ` +
+          `node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"`
+      );
+    }
+  } catch (error) {
+    if (error instanceof Error && error.message.includes('TIMBER_ACTIONS_ENCRYPTION_KEY')) {
+      throw error;
+    }
+    throw new Error(
+      `TIMBER_ACTIONS_ENCRYPTION_KEY is not valid base64. ` +
+        `Generate a key with: ` +
+        `node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"`
+    );
+  }
+}

package/src/server/action-handler.ts CHANGED Viewed

@@ -18,7 +18,7 @@ import {
   decodeReply,
   decodeAction,
   renderToReadableStream,
-} from '#/rsc-runtime/rsc.js';
+} from '../rsc-runtime/rsc.js';
 import { validateCsrf, type CsrfConfig } from './csrf.js';
 import { executeAction, type RevalidateRenderer } from './actions.js';
@@ -30,7 +30,15 @@ import {
 import { handleActionError } from './action-client.js';
 import { enforceBodyLimits, enforceFieldLimit, type BodyLimitsConfig } from './body-limits.js';
 import { parseFormData } from './form-data.js';
+import {
+  stripSensitiveFields,
+  resolveSensitivePredicate,
+  getGlobalSensitiveFieldsConfig,
+  type SensitiveFieldsOption,
+} from './sensitive-fields.js';
 import type { FormFlashData } from './form-flash.js';
+import { checkVersionSkew, applyReloadHeaders } from './version-skew.js';
+import { logActionError } from './logger.js';
 // ─── Types ────────────────────────────────────────────────────────────────
@@ -42,6 +50,12 @@ export interface ActionDispatchConfig {
   revalidateRenderer?: RevalidateRenderer;
   /** Body size limits (from timber.config.ts). */
   bodyLimits?: BodyLimitsConfig;
+  /**
+   * Override the sensitive-field deny-list for the no-JS form POST path.
+   * Defaults to the global `forms.stripSensitiveFields` from `timber.config.ts`.
+   * See `SensitiveFieldsOption` in `./sensitive-fields.ts` and TIM-816.
+   */
+  sensitiveFields?: SensitiveFieldsOption;
 }
 // ─── Constants ────────────────────────────────────────────────────────────
@@ -90,6 +104,21 @@ export async function handleActionRequest(
   req: Request,
   config: ActionDispatchConfig
 ): Promise<Response | FormRerender | null> {
+  // Version skew detection — reject actions from stale clients (TIM-446).
+  // On mismatch, return a structured RSC error response that the client
+  // handles by showing a brief "App updated" message and reloading.
+  const skewCheck = checkVersionSkew(req);
+  if (!skewCheck.ok) {
+    const reloadHeaders = new Headers({
+      'Content-Type': RSC_CONTENT_TYPE,
+    });
+    applyReloadHeaders(reloadHeaders);
+    // Return the reload signal as an RSC stream so createFromFetch can
+    // decode it. The client checks X-Timber-Reload before processing.
+    const rscStream = renderToReadableStream({ _versionSkew: true });
+    return new Response(rscStream, { status: 200, headers: reloadHeaders });
+  }
   // CSRF validation — reject cross-origin mutation requests.
   const csrfResult = validateCsrf(req, config.csrf);
   if (!csrfResult.ok) {
@@ -106,7 +135,7 @@ export async function handleActionRequest(
     return new Response(null, { status: limitsResult.status });
   }
-  // Run inside request context so headers(), cookies() work in actions.
+  // Run inside request context so getHeaders(), getCookies() work in actions.
   // Actions are a mutable context — they can set cookies (design/29-cookies.md).
   return runWithRequestContext(req, async () => {
     setMutableCookieContext(true);
@@ -177,7 +206,7 @@ async function handleRscAction(
     });
   } catch (error) {
     // Log full error server-side for debugging
-    console.error('[timber] server action error:', error);
+    logActionError({ method: req.method, path: new URL(req.url).pathname, error });
     // Return structured error response — ActionError gets its code/data,
     // unexpected errors get sanitized { code: 'INTERNAL_ERROR' }
@@ -278,8 +307,14 @@ async function handleFormAction(
   }
   // Capture submitted values for re-render on validation failure.
-  // Parse before decodeAction consumes the FormData.
-  const submittedValues = parseFormData(formData);
+  // Parse before decodeAction consumes the FormData, then strip sensitive
+  // fields (passwords, tokens, CVV, etc.) so they are never rendered back
+  // into the HTML as `defaultValue` attributes. See TIM-816.
+  const sensitivePredicate = resolveSensitivePredicate(
+    config.sensitiveFields,
+    getGlobalSensitiveFieldsConfig()
+  );
+  const submittedValues = stripSensitiveFields(parseFormData(formData), sensitivePredicate);
   // decodeAction resolves the action function from the form data's hidden fields.
   // It returns a bound function with the form data already applied.
@@ -293,7 +328,7 @@ async function handleFormAction(
       renderer: config.revalidateRenderer,
     });
   } catch (error) {
-    console.error('[timber] server action error:', error);
+    logActionError({ method: req.method, path: new URL(req.url).pathname, error });
     // Return the error as flash data for re-render.
     // handleActionError produces { serverError } for ActionErrors
@@ -321,5 +356,17 @@ async function handleFormAction(
   // This handles both success ({ data }) and validation failure
   // ({ validationErrors, submittedValues }) — the form is the single source of truth.
   const actionResult = result.actionResult as FormFlashData;
+  // Defense-in-depth: strip sensitive fields from `actionResult.submittedValues`
+  // even if the action already built it. `createActionClient` strips internally,
+  // but raw `'use server'` functions that manually return `{ submittedValues }`
+  // are not covered by the inner strip. See TIM-816.
+  if (actionResult && actionResult.submittedValues) {
+    actionResult.submittedValues = stripSensitiveFields(
+      actionResult.submittedValues,
+      sensitivePredicate
+    );
+  }
   return { rerender: actionResult };
 }

package/src/server/actions.ts CHANGED Viewed

@@ -3,7 +3,7 @@
  *
  * - revalidatePath(path) re-renders the route at that path and returns the RSC
  *   flight payload for inline reconciliation.
- * - revalidateTag(tag) invalidates cached shells and 'use cache' entries by tag.
+ * - revalidateTag(tag) invalidates timber.cache entries by tag.
  *
  * Both are callable from anywhere on the server — actions, API routes, handlers.
  *
@@ -14,7 +14,7 @@
  * See design/08-forms-and-actions.md
  */
-import type { CacheHandler } from '#/cache/index';
+import { getCacheHandler } from '../cache/handler-store';
 import { RedirectSignal } from './primitives';
 import { withSpan } from './tracing';
 import { revalidationAls, type RevalidationState } from './als-registry.js';
@@ -37,8 +37,6 @@ export type { RevalidationState } from './als-registry.js';
 /** Options for creating the action handler. */
 export interface ActionHandlerConfig {
-  /** Cache handler for tag invalidation. */
-  cacheHandler?: CacheHandler;
   /** Renderer for producing RSC payloads during revalidation. */
   renderer?: RevalidateRenderer;
 }
@@ -112,8 +110,8 @@ export function revalidatePath(path: string): void {
 }
 /**
- * Invalidate all pre-rendered shells and 'use cache' entries tagged with `tag`.
- * Does not return a payload — the next request for an invalidated route re-renders fresh.
+ * Invalidate all timber.cache entries tagged with `tag`.
+ * Does not return a payload — the next request for an invalidated entry re-executes.
  *
  * @param tag - The cache tag to invalidate (e.g. 'products', 'user:123').
  */
@@ -172,9 +170,12 @@ export async function executeAction(
     }
   });
-  // Process tag invalidation
-  if (state.tags.length > 0 && config.cacheHandler) {
-    await Promise.all(state.tags.map((tag) => config.cacheHandler!.invalidate({ tag })));
+  // Process tag invalidation via the module-level cache handler singleton.
+  // setCacheHandler() is called at boot from rsc-entry when timber.config.ts
+  // provides a cacheHandler; otherwise falls back to in-memory LRU (TIM-599).
+  if (state.tags.length > 0) {
+    const handler = getCacheHandler();
+    await Promise.all(state.tags.map((tag) => handler.invalidate({ tag })));
   }
   // Process path revalidation — build element tree (not yet serialized)

package/src/server/als-registry.ts CHANGED Viewed

@@ -21,9 +21,10 @@
  */
 import { AsyncLocalStorage } from 'node:async_hooks';
+import type { DebugComponentEntry } from './rsc-entry/helpers.js';
 // ─── Request Context ──────────────────────────────────────────────────────
-// Used by: request-context.ts (headers(), cookies(), searchParams())
+// Used by: request-context.ts (getHeaders(), getCookies(), getSearchParams())
 // Design doc: design/04-authorization.md
 /** @internal — import via request-context.ts public API */
@@ -39,17 +40,44 @@ export interface RequestContextStore {
   /** Original (pre-overlay) frozen headers, kept for overlay merging. */
   originalHeaders: Headers;
   /**
-   * Promise resolving to the route's typed search params (when search-params.ts
-   * exists) or to the raw URLSearchParams. Stored as a Promise so the framework
-   * can later support partial pre-rendering where param resolution is deferred.
+   * Promise resolving to the raw URLSearchParams for the current request.
+   * To get typed parsed params, import a search params definition and
+   * call `.parse(searchParams())`.
    */
-  searchParamsPromise: Promise<URLSearchParams | Record<string, unknown>>;
+  searchParamsPromise: Promise<URLSearchParams>;
+  /**
+   * Raw search string from the request URL (e.g. "?foo=bar&baz=1").
+   * Available synchronously for use in `redirect()` with `preserveSearchParams`.
+   */
+  searchString: string;
+  /**
+   * Promise resolving to the coerced segment params for the current request.
+   * Set by the pipeline after route matching and param coercion, before
+   * middleware and rendering. Pages and layouts read params via
+   * `getSegmentParams()` instead of receiving them as a prop.
+   *
+   * See design/07-routing.md §"params.ts — Convention File for Typed Params"
+   */
+  segmentParamsPromise?: Promise<Record<string, string | string[]>>;
   /** Outgoing Set-Cookie entries (name → serialized value + options). Last write wins. */
   cookieJar: Map<string, CookieEntry>;
   /** Whether the response has flushed (headers committed). */
   flushed: boolean;
   /** Whether the current context allows cookie mutation. */
   mutableContext: boolean;
+  /**
+   * Set by AccessGate or PageDenyBoundary when a DenySignal is caught
+   * server-side (inside the React tree, before React Flight sees it).
+   * The pipeline reads this after render to set the HTTP status code.
+   * See TIM-666.
+   */
+  denyStatus?: number;
+  /**
+   * Dev-only: getter for the current request's RSC debug components.
+   * Set by renderRoute() so onPipelineError can include component tree
+   * context for render-phase errors without module-level shared state.
+   */
+  debugComponentsGetter?: () => DebugComponentEntry[];
 }
 /** A single outgoing cookie entry in the cookie jar. */
@@ -60,7 +88,7 @@ export interface CookieEntry {
 }
 // ─── Tracing ──────────────────────────────────────────────────────────────
-// Used by: tracing.ts (traceId(), spanId())
+// Used by: tracing.ts (getTraceId(), getSpanId())
 // Design doc: design/17-logging.md
 export interface TraceStore {

package/src/server/build-manifest.ts CHANGED Viewed

@@ -85,6 +85,12 @@ export function collectRouteCss(segments: SegmentWithFiles[], manifest: BuildMan
  * via injectHead() before </head>.
  */
 export function buildCssLinkTags(cssUrls: string[]): string {
+  // Emit <link rel="stylesheet"> tags as a fallback for platforms where
+  // React's Float system (via @vitejs/plugin-rsc preinit with
+  // data-precedence) doesn't handle CSS injection. In practice, Float
+  // deduplicates and these may be dropped. No preload hints — Float
+  // already starts the fetch via preinit(), and redundant preloads
+  // cause "ignored due to unknown as/type" browser warnings.
   return cssUrls.map((url) => `<link rel="stylesheet" href="${url}">`).join('');
 }
@@ -95,10 +101,10 @@ export function buildCssLinkTags(cssUrls: string[]): string {
  * into 103 Early Hints responses. This avoids platform-specific 103
  * sending code.
  *
- * Example output: `</assets/root.css>; rel=preload; as=style, </assets/page.css>; rel=preload; as=style`
+ * Example output: `</assets/root.css>; as=style; rel=preload, </assets/page.css>; as=style; rel=preload`
  */
 export function buildLinkHeaders(cssUrls: string[]): string {
-  return cssUrls.map((url) => `<${url}>; rel=preload; as=style`).join(', ');
+  return cssUrls.map((url) => `<${url}>; as=style; rel=preload`).join(', ');
 }
 // ─── Font utilities ──────────────────────────────────────────────────────
@@ -153,10 +159,10 @@ export function buildFontPreloadTags(fonts: ManifestFontEntry[]): string {
  *
  * Cloudflare CDN converts Link headers with rel=preload into 103 Early Hints.
  *
- * Example: `</fonts/inter.woff2>; rel=preload; as=font; crossorigin`
+ * Example: `</fonts/inter.woff2>; as=font; rel=preload; crossorigin`
  */
 export function buildFontLinkHeaders(fonts: ManifestFontEntry[]): string {
-  return fonts.map((f) => `<${f.href}>; rel=preload; as=font; crossorigin`).join(', ');
+  return fonts.map((f) => `<${f.href}>; as=font; rel=preload; crossorigin`).join(', ');
 }
 // ─── JS chunk utilities ──────────────────────────────────────────────────

package/src/server/compress.ts CHANGED Viewed

@@ -160,15 +160,33 @@ export function compressResponse(request: Request, response: Response): Response
   });
 }
-// ─── Gzip (CompressionStream API) ────────────────────────────────────────
+// ─── Gzip (node:zlib with Z_SYNC_FLUSH) ──────────────────────────────────
+//
+// Uses node:zlib's createGzip with Z_SYNC_FLUSH so each chunk is flushed
+// to the output immediately. The Web Platform CompressionStream API buffers
+// internally and does NOT flush per-chunk — this kills streaming because
+// the browser doesn't receive the HTML shell until the gzip stream closes
+// (i.e. after all Suspense boundaries resolve).
+//
+// Z_SYNC_FLUSH adds ~2–5% size overhead vs Z_NO_FLUSH but preserves
+// correct streaming behavior: the shell renders instantly, Suspense
+// fallbacks are visible immediately, and streamed content appears
+// progressively.
+import { createGzip, constants } from 'node:zlib';
+import { Readable } from 'node:stream';
 /**
- * Compress a ReadableStream with gzip using the Web Platform CompressionStream API.
- * Available in Node 18+, Bun, and Deno — no npm dependency needed.
+ * Compress a ReadableStream with gzip, flushing each chunk immediately.
+ *
+ * Uses node:zlib's createGzip with Z_SYNC_FLUSH to ensure each HTML chunk
+ * (shell, Suspense resolution, RSC payload) is delivered to the browser
+ * as soon as it's available — preserving streaming semantics.
  */
 function compressWithGzip(body: ReadableStream<Uint8Array>): ReadableStream<Uint8Array> {
-  const compressionStream = new CompressionStream('gzip');
-  // Cast needed: CompressionStream's WritableStream<BufferSource> type is wider
-  // than ReadableStream's Uint8Array, but Uint8Array is a valid BufferSource.
-  return body.pipeThrough(compressionStream as unknown as TransformStream<Uint8Array, Uint8Array>);
+  const gzip = createGzip({ flush: constants.Z_SYNC_FLUSH });
+  const nodeInput = Readable.fromWeb(body as import('stream/web').ReadableStream);
+  nodeInput.pipe(gzip);
+  return Readable.toWeb(gzip) as ReadableStream<Uint8Array>;
 }

package/src/server/debug.ts CHANGED Viewed

@@ -48,7 +48,7 @@
  *
  * This is the ONLY function that should gate client-visible dev behavior:
  * - Dev error pages with stack traces
- * - Detailed Server-Timing response headers
+ * - Server-Timing mode default (`'detailed'` in dev, `'total'` in prod)
  * - Error messages in action `INTERNAL_ERROR` payloads
  * - Pipeline error handler wiring (Vite overlay)
  *

package/src/server/default-logger.ts ADDED Viewed

@@ -0,0 +1,99 @@
+/**
+ * DefaultLogger — human-readable stderr logging when no custom logger is configured.
+ *
+ * Ships as the fallback so production deployments always have error visibility,
+ * even without an `instrumentation.ts` logger export. Output is one line per
+ * event, designed for `fly logs`, `kubectl logs`, Cloudflare dashboard tails, etc.
+ *
+ * Format:
+ *   [timber] ERROR  message  key=value key=value  trace_id=4bf92f35
+ *   [timber] WARN   message  key=value key=value  trace_id=4bf92f35
+ *   [timber] INFO   message  method=GET path=/dashboard status=200 durationMs=43  trace_id=4bf92f35
+ *
+ * Behavior:
+ * - Suppressed entirely in dev mode (dev logging handles all output)
+ * - `debug` suppressed unless TIMBER_DEBUG is set
+ * - Replaced entirely when a custom logger is set via `setLogger()`
+ *
+ * See design/17-logging.md §"DefaultLogger"
+ */
+import { isDevMode, isDebug } from './debug.js';
+import { formatSsrError } from './error-formatter.js';
+import type { TimberLogger } from './logger.js';
+/**
+ * Format data fields as `key=value` pairs for human-readable output.
+ * - `error` key is serialized via formatSsrError for stack trace cleanup
+ * - `trace_id` is truncated to 8 chars for readability (full ID in OTEL)
+ * - Other values are stringified inline
+ */
+function formatDataFields(data?: Record<string, unknown>): string {
+  if (!data) return '';
+  const parts: string[] = [];
+  let traceId: string | undefined;
+  for (const [key, value] of Object.entries(data)) {
+    if (key === 'trace_id') {
+      // Defer trace_id to the end
+      traceId = typeof value === 'string' ? value : String(value);
+      continue;
+    }
+    if (key === 'error') {
+      // Serialize errors with formatSsrError for clean output
+      parts.push(`error=${formatSsrError(value)}`);
+      continue;
+    }
+    if (value === undefined || value === null) continue;
+    parts.push(`${key}=${value}`);
+  }
+  // trace_id always last, truncated to 8 chars for readability
+  if (traceId) {
+    parts.push(`trace_id=${traceId.slice(0, 8)}`);
+  }
+  return parts.length > 0 ? '  ' + parts.join('  ') : '';
+}
+/** Pad level string to fixed width for alignment. */
+function padLevel(level: string): string {
+  return level.padEnd(5);
+}
+export function createDefaultLogger(): TimberLogger {
+  return {
+    error(msg: string, data?: Record<string, unknown>): void {
+      // Errors are ALWAYS logged, including dev mode. Suppressing errors
+      // in dev causes silent 500s with no stack trace, making route.ts
+      // and render errors impossible to debug. See TIM-555.
+      const fields = formatDataFields(data);
+      process.stderr.write(`[timber] ${padLevel('ERROR')}  ${msg}${fields}\n`);
+    },
+    warn(msg: string, data?: Record<string, unknown>): void {
+      // Warnings are always logged — same rationale as errors.
+      const fields = formatDataFields(data);
+      process.stderr.write(`[timber] ${padLevel('WARN')}  ${msg}${fields}\n`);
+    },
+    info(msg: string, data?: Record<string, unknown>): void {
+      // info is suppressed by default — per-request lines are too noisy
+      // without a custom logger. Enable with TIMBER_DEBUG.
+      if (isDevMode()) return;
+      if (!isDebug()) return;
+      const fields = formatDataFields(data);
+      process.stderr.write(`[timber] ${padLevel('INFO')}  ${msg}${fields}\n`);
+    },
+    debug(msg: string, data?: Record<string, unknown>): void {
+      // debug is suppressed in dev (dev logger handles it) and in
+      // production unless TIMBER_DEBUG is explicitly set.
+      if (isDevMode()) return;
+      if (!isDebug()) return;
+      const fields = formatDataFields(data);
+      process.stderr.write(`[timber] ${padLevel('DEBUG')}  ${msg}${fields}\n`);
+    },
+  };
+}