npm - @timber-js/app - Versions diffs - 0.2.0-alpha.9 → 0.2.0-alpha.91 - Mend

@timber-js/app 0.2.0-alpha.9 → 0.2.0-alpha.91

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (619) hide show

package/dist/_chunks/actions-DLnUaR65.js +421 -0
package/dist/_chunks/actions-DLnUaR65.js.map +1 -0
package/dist/_chunks/{als-registry-B7DbZ2hS.js → als-registry-HS0LGUl2.js} +1 -1
package/dist/_chunks/als-registry-HS0LGUl2.js.map +1 -0
package/dist/_chunks/chunk-BYIpzuS7.js +39 -0
package/dist/_chunks/{debug-gwlJkDuf.js → debug-ECi_61pb.js} +2 -2
package/dist/_chunks/debug-ECi_61pb.js.map +1 -0
package/dist/_chunks/define-C77ScO0m.js +106 -0
package/dist/_chunks/define-C77ScO0m.js.map +1 -0
package/dist/_chunks/define-Itxvcd7F.js +199 -0
package/dist/_chunks/define-Itxvcd7F.js.map +1 -0
package/dist/_chunks/define-cookie-BowvzoP0.js +94 -0
package/dist/_chunks/define-cookie-BowvzoP0.js.map +1 -0
package/dist/_chunks/{format-DviM89f0.js → dev-warnings-DpGRGoDi.js} +5 -44
package/dist/_chunks/dev-warnings-DpGRGoDi.js.map +1 -0
package/dist/_chunks/format-CYBGxKtc.js +14 -0
package/dist/_chunks/format-CYBGxKtc.js.map +1 -0
package/dist/_chunks/{interception-BOoWmLUA.js → interception-ErnB33JX.js} +301 -133
package/dist/_chunks/interception-ErnB33JX.js.map +1 -0
package/dist/_chunks/merge-search-params-Cm_KIWDX.js +41 -0
package/dist/_chunks/merge-search-params-Cm_KIWDX.js.map +1 -0
package/dist/_chunks/{metadata-routes-Cjmvi3rQ.js → metadata-routes-DS3eKNmf.js} +1 -1
package/dist/_chunks/{metadata-routes-Cjmvi3rQ.js.map → metadata-routes-DS3eKNmf.js.map} +1 -1
package/dist/_chunks/request-context-CK5tZqIP.js +478 -0
package/dist/_chunks/request-context-CK5tZqIP.js.map +1 -0
package/dist/_chunks/schema-bridge-C3xl_vfb.js +86 -0
package/dist/_chunks/schema-bridge-C3xl_vfb.js.map +1 -0
package/dist/_chunks/segment-classify-BDNn6EzD.js +65 -0
package/dist/_chunks/segment-classify-BDNn6EzD.js.map +1 -0
package/dist/_chunks/segment-context-fHFLF1PE.js +34 -0
package/dist/_chunks/segment-context-fHFLF1PE.js.map +1 -0
package/dist/_chunks/{ssr-data-MjmprTmO.js → ssr-data-DzuI0bIV.js} +1 -1
package/dist/_chunks/{ssr-data-MjmprTmO.js.map → ssr-data-DzuI0bIV.js.map} +1 -1
package/dist/_chunks/stale-reload-BX5gL1r-.js +64 -0
package/dist/_chunks/stale-reload-BX5gL1r-.js.map +1 -0
package/dist/_chunks/{tracing-CemImE6h.js → tracing-CCYbKn5n.js} +60 -9
package/dist/_chunks/tracing-CCYbKn5n.js.map +1 -0
package/dist/_chunks/use-params-Br9YSUFV.js +295 -0
package/dist/_chunks/use-params-Br9YSUFV.js.map +1 -0
package/dist/_chunks/{use-query-states-D5KaffOK.js → use-query-states-BiV5GJgm.js} +7 -4
package/dist/_chunks/use-query-states-BiV5GJgm.js.map +1 -0
package/dist/adapters/cloudflare-dev.d.ts +109 -0
package/dist/adapters/cloudflare-dev.d.ts.map +1 -0
package/dist/adapters/cloudflare-dev.js +73 -0
package/dist/adapters/cloudflare-dev.js.map +1 -0
package/dist/adapters/cloudflare-kv-cache.d.ts +64 -0
package/dist/adapters/cloudflare-kv-cache.d.ts.map +1 -0
package/dist/adapters/cloudflare-kv-cache.js +95 -0
package/dist/adapters/cloudflare-kv-cache.js.map +1 -0
package/dist/adapters/cloudflare.d.ts +148 -12
package/dist/adapters/cloudflare.d.ts.map +1 -1
package/dist/adapters/cloudflare.js +135 -11
package/dist/adapters/cloudflare.js.map +1 -1
package/dist/adapters/compress-module.d.ts.map +1 -1
package/dist/adapters/nitro.d.ts +17 -1
package/dist/adapters/nitro.d.ts.map +1 -1
package/dist/adapters/nitro.js +56 -13
package/dist/adapters/nitro.js.map +1 -1
package/dist/cache/cache-api.d.ts +24 -0
package/dist/cache/cache-api.d.ts.map +1 -0
package/dist/cache/handler-store.d.ts +31 -0
package/dist/cache/handler-store.d.ts.map +1 -0
package/dist/cache/index.d.ts +23 -7
package/dist/cache/index.d.ts.map +1 -1
package/dist/cache/index.js +142 -80
package/dist/cache/index.js.map +1 -1
package/dist/cache/singleflight.d.ts +18 -1
package/dist/cache/singleflight.d.ts.map +1 -1
package/dist/cache/sizeof.d.ts +22 -0
package/dist/cache/sizeof.d.ts.map +1 -0
package/dist/cache/timber-cache.d.ts +1 -1
package/dist/cache/timber-cache.d.ts.map +1 -1
package/dist/cli.d.ts +6 -1
package/dist/cli.d.ts.map +1 -1
package/dist/cli.js +8 -3
package/dist/cli.js.map +1 -1
package/dist/client/browser-dev.d.ts +27 -1
package/dist/client/browser-dev.d.ts.map +1 -1
package/dist/client/browser-entry/action-dispatch.d.ts +17 -0
package/dist/client/browser-entry/action-dispatch.d.ts.map +1 -0
package/dist/client/browser-entry/hmr.d.ts +21 -0
package/dist/client/browser-entry/hmr.d.ts.map +1 -0
package/dist/client/browser-entry/hydrate.d.ts +46 -0
package/dist/client/browser-entry/hydrate.d.ts.map +1 -0
package/dist/client/browser-entry/index.d.ts +30 -0
package/dist/client/browser-entry/index.d.ts.map +1 -0
package/dist/client/browser-entry/post-hydration.d.ts +26 -0
package/dist/client/browser-entry/post-hydration.d.ts.map +1 -0
package/dist/client/browser-entry/router-init.d.ts +23 -0
package/dist/client/browser-entry/router-init.d.ts.map +1 -0
package/dist/client/browser-entry/rsc-stream.d.ts +24 -0
package/dist/client/browser-entry/rsc-stream.d.ts.map +1 -0
package/dist/client/browser-entry/scroll.d.ts +19 -0
package/dist/client/browser-entry/scroll.d.ts.map +1 -0
package/dist/client/error-boundary.d.ts +12 -5
package/dist/client/error-boundary.d.ts.map +1 -1
package/dist/client/error-boundary.js +10 -4
package/dist/client/error-boundary.js.map +1 -1
package/dist/client/error-reconstituter.d.ts +54 -0
package/dist/client/error-reconstituter.d.ts.map +1 -0
package/dist/client/form.d.ts +6 -3
package/dist/client/form.d.ts.map +1 -1
package/dist/client/history.d.ts +19 -4
package/dist/client/history.d.ts.map +1 -1
package/dist/client/index.d.ts +9 -21
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +229 -1018
package/dist/client/index.js.map +1 -1
package/dist/client/internal.d.ts +18 -0
package/dist/client/internal.d.ts.map +1 -0
package/dist/client/internal.js +890 -0
package/dist/client/internal.js.map +1 -0
package/dist/client/link-pending-store.d.ts +63 -0
package/dist/client/link-pending-store.d.ts.map +1 -0
package/dist/client/link.d.ts +62 -55
package/dist/client/link.d.ts.map +1 -1
package/dist/client/nav-link-store.d.ts +36 -0
package/dist/client/nav-link-store.d.ts.map +1 -0
package/dist/client/navigation-api-types.d.ts +90 -0
package/dist/client/navigation-api-types.d.ts.map +1 -0
package/dist/client/navigation-api.d.ts +115 -0
package/dist/client/navigation-api.d.ts.map +1 -0
package/dist/client/navigation-context.d.ts +13 -2
package/dist/client/navigation-context.d.ts.map +1 -1
package/dist/client/{transition-root.d.ts → navigation-root.d.ts} +42 -8
package/dist/client/navigation-root.d.ts.map +1 -0
package/dist/client/nuqs-adapter.d.ts.map +1 -1
package/dist/client/router-ref.d.ts +1 -1
package/dist/client/router.d.ts +70 -4
package/dist/client/router.d.ts.map +1 -1
package/dist/client/rsc-fetch.d.ts +38 -3
package/dist/client/rsc-fetch.d.ts.map +1 -1
package/dist/client/segment-cache.d.ts +1 -1
package/dist/client/segment-cache.d.ts.map +1 -1
package/dist/client/segment-outlet.d.ts +63 -0
package/dist/client/segment-outlet.d.ts.map +1 -0
package/dist/client/ssr-data.d.ts +13 -4
package/dist/client/ssr-data.d.ts.map +1 -1
package/dist/client/stale-reload.d.ts +15 -0
package/dist/client/stale-reload.d.ts.map +1 -1
package/dist/client/top-loader.d.ts +5 -5
package/dist/client/top-loader.d.ts.map +1 -1
package/dist/client/use-link-status.d.ts +5 -5
package/dist/client/use-link-status.d.ts.map +1 -1
package/dist/client/use-params.d.ts +6 -4
package/dist/client/use-params.d.ts.map +1 -1
package/dist/client/{use-navigation-pending.d.ts → use-pending-navigation.d.ts} +4 -4
package/dist/client/use-pending-navigation.d.ts.map +1 -0
package/dist/client/use-query-states.d.ts +1 -1
package/dist/client/use-query-states.d.ts.map +1 -1
package/dist/client/use-router.d.ts +1 -1
package/dist/codec.d.ts +33 -0
package/dist/codec.d.ts.map +1 -0
package/dist/codec.js +2 -0
package/dist/config-types.d.ts +266 -0
package/dist/config-types.d.ts.map +1 -0
package/dist/config-validation.d.ts +51 -0
package/dist/config-validation.d.ts.map +1 -0
package/dist/content/index.d.ts +1 -10
package/dist/content/index.d.ts.map +1 -1
package/dist/content/index.js +0 -2
package/dist/cookies/define-cookie.d.ts +35 -14
package/dist/cookies/define-cookie.d.ts.map +1 -1
package/dist/cookies/index.js +1 -83
package/dist/fonts/bundle.d.ts +48 -0
package/dist/fonts/bundle.d.ts.map +1 -0
package/dist/fonts/css.d.ts +1 -0
package/dist/fonts/css.d.ts.map +1 -1
package/dist/fonts/dev-middleware.d.ts +22 -0
package/dist/fonts/dev-middleware.d.ts.map +1 -0
package/dist/fonts/pipeline.d.ts +138 -0
package/dist/fonts/pipeline.d.ts.map +1 -0
package/dist/fonts/transform.d.ts +72 -0
package/dist/fonts/transform.d.ts.map +1 -0
package/dist/fonts/types.d.ts +45 -1
package/dist/fonts/types.d.ts.map +1 -1
package/dist/fonts/virtual-modules.d.ts +59 -0
package/dist/fonts/virtual-modules.d.ts.map +1 -0
package/dist/index.d.ts +45 -190
package/dist/index.d.ts.map +1 -1
package/dist/index.js +4294 -2453
package/dist/index.js.map +1 -1
package/dist/plugin-context.d.ts +107 -0
package/dist/plugin-context.d.ts.map +1 -0
package/dist/plugins/adapter-build.d.ts +1 -1
package/dist/plugins/adapter-build.d.ts.map +1 -1
package/dist/plugins/build-manifest.d.ts +2 -2
package/dist/plugins/build-manifest.d.ts.map +1 -1
package/dist/plugins/build-report.d.ts +3 -3
package/dist/plugins/build-report.d.ts.map +1 -1
package/dist/plugins/client-chunks.d.ts +32 -0
package/dist/plugins/client-chunks.d.ts.map +1 -0
package/dist/plugins/content.d.ts +1 -1
package/dist/plugins/content.d.ts.map +1 -1
package/dist/plugins/dev-404-page.d.ts +56 -0
package/dist/plugins/dev-404-page.d.ts.map +1 -0
package/dist/plugins/dev-browser-logs.d.ts +84 -0
package/dist/plugins/dev-browser-logs.d.ts.map +1 -0
package/dist/plugins/dev-error-overlay.d.ts +49 -9
package/dist/plugins/dev-error-overlay.d.ts.map +1 -1
package/dist/plugins/dev-error-page.d.ts +58 -0
package/dist/plugins/dev-error-page.d.ts.map +1 -0
package/dist/plugins/dev-logs.d.ts +1 -1
package/dist/plugins/dev-logs.d.ts.map +1 -1
package/dist/plugins/dev-server.d.ts +1 -1
package/dist/plugins/dev-server.d.ts.map +1 -1
package/dist/plugins/dev-terminal-error.d.ts +28 -0
package/dist/plugins/dev-terminal-error.d.ts.map +1 -0
package/dist/plugins/entries.d.ts +1 -1
package/dist/plugins/entries.d.ts.map +1 -1
package/dist/plugins/fonts.d.ts +17 -73
package/dist/plugins/fonts.d.ts.map +1 -1
package/dist/plugins/mdx.d.ts +1 -1
package/dist/plugins/mdx.d.ts.map +1 -1
package/dist/plugins/routing.d.ts +1 -1
package/dist/plugins/routing.d.ts.map +1 -1
package/dist/plugins/server-bundle.d.ts.map +1 -1
package/dist/plugins/shims.d.ts +6 -5
package/dist/plugins/shims.d.ts.map +1 -1
package/dist/plugins/static-build.d.ts +4 -4
package/dist/plugins/static-build.d.ts.map +1 -1
package/dist/routing/codegen-shared.d.ts +38 -0
package/dist/routing/codegen-shared.d.ts.map +1 -0
package/dist/routing/codegen-types.d.ts +36 -0
package/dist/routing/codegen-types.d.ts.map +1 -0
package/dist/routing/codegen.d.ts +2 -2
package/dist/routing/codegen.d.ts.map +1 -1
package/dist/routing/convention-lint.d.ts +41 -0
package/dist/routing/convention-lint.d.ts.map +1 -0
package/dist/routing/index.d.ts +2 -0
package/dist/routing/index.d.ts.map +1 -1
package/dist/routing/index.js +3 -2
package/dist/routing/link-codegen.d.ts +90 -0
package/dist/routing/link-codegen.d.ts.map +1 -0
package/dist/routing/scanner.d.ts.map +1 -1
package/dist/routing/segment-classify.d.ts +46 -0
package/dist/routing/segment-classify.d.ts.map +1 -0
package/dist/routing/status-file-lint.d.ts +2 -1
package/dist/routing/status-file-lint.d.ts.map +1 -1
package/dist/routing/types.d.ts +16 -4
package/dist/routing/types.d.ts.map +1 -1
package/dist/rsc-runtime/rsc.d.ts +1 -1
package/dist/rsc-runtime/rsc.d.ts.map +1 -1
package/dist/rsc-runtime/ssr.d.ts +12 -0
package/dist/rsc-runtime/ssr.d.ts.map +1 -1
package/dist/schema-bridge.d.ts +76 -0
package/dist/schema-bridge.d.ts.map +1 -0
package/dist/search-params/define.d.ts +139 -0
package/dist/search-params/define.d.ts.map +1 -0
package/dist/search-params/index.d.ts +4 -7
package/dist/search-params/index.d.ts.map +1 -1
package/dist/search-params/index.js +32 -441
package/dist/search-params/index.js.map +1 -1
package/dist/search-params/registry.d.ts +2 -2
package/dist/search-params/registry.d.ts.map +1 -1
package/dist/search-params/wrappers.d.ts +53 -0
package/dist/search-params/wrappers.d.ts.map +1 -0
package/dist/segment-params/define.d.ts +78 -0
package/dist/segment-params/define.d.ts.map +1 -0
package/dist/segment-params/index.d.ts +3 -0
package/dist/segment-params/index.d.ts.map +1 -0
package/dist/segment-params/index.js +2 -0
package/dist/server/access-gate.d.ts +4 -0
package/dist/server/access-gate.d.ts.map +1 -1
package/dist/server/action-client.d.ts +41 -6
package/dist/server/action-client.d.ts.map +1 -1
package/dist/server/action-encryption.d.ts +76 -0
package/dist/server/action-encryption.d.ts.map +1 -0
package/dist/server/action-handler.d.ts +7 -0
package/dist/server/action-handler.d.ts.map +1 -1
package/dist/server/actions.d.ts +3 -6
package/dist/server/actions.d.ts.map +1 -1
package/dist/server/als-registry.d.ts +32 -4
package/dist/server/als-registry.d.ts.map +1 -1
package/dist/server/build-manifest.d.ts +2 -2
package/dist/server/build-manifest.d.ts.map +1 -1
package/dist/server/debug.d.ts +1 -1
package/dist/server/default-logger.d.ts +22 -0
package/dist/server/default-logger.d.ts.map +1 -0
package/dist/server/deny-page-resolver.d.ts +52 -0
package/dist/server/deny-page-resolver.d.ts.map +1 -0
package/dist/server/deny-renderer.d.ts.map +1 -1
package/dist/server/dev-holding-server.d.ts +52 -0
package/dist/server/dev-holding-server.d.ts.map +1 -0
package/dist/server/dev-source-map.d.ts +22 -0
package/dist/server/dev-source-map.d.ts.map +1 -0
package/dist/server/dev-warnings.d.ts +1 -21
package/dist/server/dev-warnings.d.ts.map +1 -1
package/dist/server/early-hints.d.ts +13 -5
package/dist/server/early-hints.d.ts.map +1 -1
package/dist/server/error-boundary-wrapper.d.ts +7 -1
package/dist/server/error-boundary-wrapper.d.ts.map +1 -1
package/dist/server/fallback-error.d.ts +12 -7
package/dist/server/fallback-error.d.ts.map +1 -1
package/dist/server/flight-injection-state.d.ts +66 -0
package/dist/server/flight-injection-state.d.ts.map +1 -0
package/dist/server/flight-scripts.d.ts +42 -0
package/dist/server/flight-scripts.d.ts.map +1 -0
package/dist/server/flush.d.ts.map +1 -1
package/dist/server/form-data.d.ts +29 -0
package/dist/server/form-data.d.ts.map +1 -1
package/dist/server/html-injectors.d.ts +51 -11
package/dist/server/html-injectors.d.ts.map +1 -1
package/dist/server/index.d.ts +5 -43
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +195 -2800
package/dist/server/index.js.map +1 -1
package/dist/server/internal.d.ts +46 -0
package/dist/server/internal.d.ts.map +1 -0
package/dist/server/internal.js +2900 -0
package/dist/server/internal.js.map +1 -0
package/dist/server/logger.d.ts +25 -7
package/dist/server/logger.d.ts.map +1 -1
package/dist/server/middleware-runner.d.ts +19 -4
package/dist/server/middleware-runner.d.ts.map +1 -1
package/dist/server/node-stream-transforms.d.ts +113 -0
package/dist/server/node-stream-transforms.d.ts.map +1 -0
package/dist/server/page-deny-boundary.d.ts +31 -0
package/dist/server/page-deny-boundary.d.ts.map +1 -0
package/dist/server/pipeline-interception.d.ts +1 -1
package/dist/server/pipeline-interception.d.ts.map +1 -1
package/dist/server/pipeline-metadata.d.ts +6 -0
package/dist/server/pipeline-metadata.d.ts.map +1 -1
package/dist/server/pipeline.d.ts +52 -10
package/dist/server/pipeline.d.ts.map +1 -1
package/dist/server/primitives.d.ts +69 -18
package/dist/server/primitives.d.ts.map +1 -1
package/dist/server/render-timeout.d.ts +51 -0
package/dist/server/render-timeout.d.ts.map +1 -0
package/dist/server/request-context.d.ts +112 -43
package/dist/server/request-context.d.ts.map +1 -1
package/dist/server/route-element-builder.d.ts +27 -1
package/dist/server/route-element-builder.d.ts.map +1 -1
package/dist/server/route-handler.d.ts.map +1 -1
package/dist/server/route-matcher.d.ts +16 -2
package/dist/server/route-matcher.d.ts.map +1 -1
package/dist/server/rsc-entry/api-handler.d.ts +2 -2
package/dist/server/rsc-entry/api-handler.d.ts.map +1 -1
package/dist/server/rsc-entry/error-renderer.d.ts +26 -13
package/dist/server/rsc-entry/error-renderer.d.ts.map +1 -1
package/dist/server/rsc-entry/helpers.d.ts +48 -5
package/dist/server/rsc-entry/helpers.d.ts.map +1 -1
package/dist/server/rsc-entry/index.d.ts +20 -3
package/dist/server/rsc-entry/index.d.ts.map +1 -1
package/dist/server/rsc-entry/rsc-payload.d.ts +3 -3
package/dist/server/rsc-entry/rsc-payload.d.ts.map +1 -1
package/dist/server/rsc-entry/rsc-stream.d.ts +14 -1
package/dist/server/rsc-entry/rsc-stream.d.ts.map +1 -1
package/dist/server/rsc-entry/ssr-bridge.d.ts +1 -1
package/dist/server/rsc-entry/ssr-bridge.d.ts.map +1 -1
package/dist/server/rsc-entry/ssr-renderer.d.ts +19 -4
package/dist/server/rsc-entry/ssr-renderer.d.ts.map +1 -1
package/dist/server/safe-load.d.ts +46 -0
package/dist/server/safe-load.d.ts.map +1 -0
package/dist/server/sensitive-fields.d.ts +74 -0
package/dist/server/sensitive-fields.d.ts.map +1 -0
package/dist/server/sitemap-generator.d.ts +129 -0
package/dist/server/sitemap-generator.d.ts.map +1 -0
package/dist/server/sitemap-handler.d.ts +22 -0
package/dist/server/sitemap-handler.d.ts.map +1 -0
package/dist/server/slot-resolver.d.ts +1 -1
package/dist/server/slot-resolver.d.ts.map +1 -1
package/dist/server/ssr-entry.d.ts +23 -0
package/dist/server/ssr-entry.d.ts.map +1 -1
package/dist/server/ssr-render.d.ts +39 -21
package/dist/server/ssr-render.d.ts.map +1 -1
package/dist/server/ssr-wrappers.d.ts +50 -0
package/dist/server/ssr-wrappers.d.ts.map +1 -0
package/dist/server/status-code-resolver.d.ts +1 -1
package/dist/server/status-code-resolver.d.ts.map +1 -1
package/dist/server/stream-utils.d.ts +36 -0
package/dist/server/stream-utils.d.ts.map +1 -0
package/dist/server/tracing.d.ts +4 -4
package/dist/server/tracing.d.ts.map +1 -1
package/dist/server/tree-builder.d.ts +22 -19
package/dist/server/tree-builder.d.ts.map +1 -1
package/dist/server/types.d.ts +1 -4
package/dist/server/types.d.ts.map +1 -1
package/dist/server/version-skew.d.ts +61 -0
package/dist/server/version-skew.d.ts.map +1 -0
package/dist/shared/merge-search-params.d.ts +22 -0
package/dist/shared/merge-search-params.d.ts.map +1 -0
package/dist/shims/font-google.d.ts +1 -1
package/dist/shims/font-google.d.ts.map +1 -1
package/dist/shims/font-google.js +42 -0
package/dist/shims/font-google.js.map +1 -0
package/dist/shims/font-local.d.ts +26 -0
package/dist/shims/font-local.d.ts.map +1 -0
package/dist/shims/font-local.js +20 -0
package/dist/shims/font-local.js.map +1 -0
package/dist/shims/headers.d.ts +2 -1
package/dist/shims/headers.d.ts.map +1 -1
package/dist/shims/navigation-client.d.ts +1 -1
package/dist/shims/navigation-client.d.ts.map +1 -1
package/dist/shims/navigation.d.ts +3 -2
package/dist/shims/navigation.d.ts.map +1 -1
package/dist/utils/directive-parser.d.ts +5 -2
package/dist/utils/directive-parser.d.ts.map +1 -1
package/dist/utils/state-machine.d.ts +80 -0
package/dist/utils/state-machine.d.ts.map +1 -0
package/package.json +51 -16
package/src/adapters/cloudflare-dev.ts +177 -0
package/src/adapters/cloudflare-kv-cache.ts +142 -0
package/src/adapters/cloudflare.ts +342 -28
package/src/adapters/compress-module.ts +24 -4
package/src/adapters/nitro.ts +52 -8
package/src/adapters/wrangler.d.ts +7 -0
package/src/cache/cache-api.ts +38 -0
package/src/cache/handler-store.ts +68 -0
package/src/cache/index.ts +81 -18
package/src/cache/singleflight.ts +62 -4
package/src/cache/sizeof.ts +31 -0
package/src/cache/timber-cache.ts +24 -20
package/src/cli.ts +16 -6
package/src/client/browser-dev.ts +128 -1
package/src/client/browser-entry/action-dispatch.ts +116 -0
package/src/client/browser-entry/hmr.ts +81 -0
package/src/client/browser-entry/hydrate.ts +145 -0
package/src/client/browser-entry/index.ts +143 -0
package/src/client/browser-entry/post-hydration.ts +119 -0
package/src/client/browser-entry/router-init.ts +193 -0
package/src/client/browser-entry/rsc-stream.ts +157 -0
package/src/client/browser-entry/scroll.ts +27 -0
package/src/client/error-boundary.tsx +48 -16
package/src/client/error-reconstituter.tsx +65 -0
package/src/client/form.tsx +14 -7
package/src/client/history.ts +26 -4
package/src/client/index.ts +65 -38
package/src/client/internal.ts +57 -0
package/src/client/link-pending-store.ts +111 -0
package/src/client/link.tsx +342 -113
package/src/client/nav-link-store.ts +47 -0
package/src/client/navigation-api-types.ts +112 -0
package/src/client/navigation-api.ts +332 -0
package/src/client/navigation-context.ts +31 -6
package/src/client/navigation-root.tsx +342 -0
package/src/client/nuqs-adapter.tsx +16 -3
package/src/client/router-ref.ts +1 -1
package/src/client/router.ts +299 -72
package/src/client/rsc-fetch.ts +97 -8
package/src/client/segment-cache.ts +1 -1
package/src/client/segment-outlet.tsx +86 -0
package/src/client/ssr-data.ts +13 -5
package/src/client/stale-reload.ts +72 -3
package/src/client/top-loader.tsx +18 -6
package/src/client/use-link-status.ts +7 -7
package/src/client/use-params.ts +7 -5
package/src/client/{use-navigation-pending.ts → use-pending-navigation.ts} +6 -6
package/src/client/use-query-states.ts +9 -3
package/src/client/use-router.ts +1 -1
package/src/codec.ts +49 -0
package/src/config-types.ts +264 -0
package/src/config-validation.ts +303 -0
package/src/content/index.ts +5 -13
package/src/cookies/define-cookie.ts +78 -25
package/src/cookies/index.ts +8 -0
package/src/fonts/bundle.ts +142 -0
package/src/fonts/css.ts +2 -1
package/src/fonts/dev-middleware.ts +74 -0
package/src/fonts/pipeline.ts +275 -0
package/src/fonts/transform.ts +353 -0
package/src/fonts/types.ts +50 -1
package/src/fonts/virtual-modules.ts +159 -0
package/src/index.ts +314 -355
package/src/plugin-context.ts +240 -0
package/src/plugins/adapter-build.ts +9 -3
package/src/plugins/build-manifest.ts +13 -2
package/src/plugins/build-report.ts +3 -3
package/src/plugins/client-chunks.ts +65 -0
package/src/plugins/content.ts +1 -1
package/src/plugins/dev-404-page.ts +418 -0
package/src/plugins/dev-browser-logs.ts +288 -0
package/src/plugins/dev-error-overlay.ts +286 -42
package/src/plugins/dev-error-page.ts +536 -0
package/src/plugins/dev-logs.ts +1 -1
package/src/plugins/dev-server.ts +146 -19
package/src/plugins/dev-terminal-error.ts +217 -0
package/src/plugins/entries.ts +111 -10
package/src/plugins/fonts.ts +133 -638
package/src/plugins/mdx.ts +1 -1
package/src/plugins/routing.ts +213 -31
package/src/plugins/server-action-exports.ts +1 -1
package/src/plugins/server-bundle.ts +32 -1
package/src/plugins/shims.ts +136 -35
package/src/plugins/static-build.ts +17 -11
package/src/routing/codegen-shared.ts +74 -0
package/src/routing/codegen-types.ts +37 -0
package/src/routing/codegen.ts +112 -173
package/src/routing/convention-lint.ts +356 -0
package/src/routing/index.ts +2 -0
package/src/routing/link-codegen.ts +262 -0
package/src/routing/scanner.ts +93 -23
package/src/routing/segment-classify.ts +89 -0
package/src/routing/status-file-lint.ts +3 -2
package/src/routing/types.ts +17 -4
package/src/rsc-runtime/rsc.ts +2 -0
package/src/rsc-runtime/ssr.ts +50 -0
package/src/rsc-runtime/vendor-types.d.ts +7 -0
package/src/{search-params/codecs.ts → schema-bridge.ts} +57 -20
package/src/search-params/define.ts +482 -0
package/src/search-params/index.ts +14 -20
package/src/search-params/registry.ts +2 -2
package/src/search-params/wrappers.ts +85 -0
package/src/segment-params/define.ts +279 -0
package/src/segment-params/index.ts +9 -0
package/src/server/access-gate.tsx +70 -29
package/src/server/action-client.ts +88 -15
package/src/server/action-encryption.ts +144 -0
package/src/server/action-handler.ts +53 -6
package/src/server/actions.ts +10 -9
package/src/server/als-registry.ts +34 -6
package/src/server/build-manifest.ts +10 -4
package/src/server/compress.ts +25 -7
package/src/server/debug.ts +1 -1
package/src/server/default-logger.ts +99 -0
package/src/server/deny-page-resolver.ts +154 -0
package/src/server/deny-renderer.ts +24 -38
package/src/server/dev-holding-server.ts +185 -0
package/src/server/dev-source-map.ts +31 -0
package/src/server/dev-warnings.ts +4 -49
package/src/server/early-hints.ts +36 -15
package/src/server/error-boundary-wrapper.ts +74 -22
package/src/server/fallback-error.ts +74 -102
package/src/server/flight-injection-state.ts +113 -0
package/src/server/flight-scripts.ts +62 -0
package/src/server/flush.ts +2 -1
package/src/server/form-data.ts +76 -0
package/src/server/html-injectors.ts +280 -120
package/src/server/index.ts +25 -177
package/src/server/internal.ts +169 -0
package/src/server/logger.ts +44 -36
package/src/server/middleware-runner.ts +31 -4
package/src/server/node-stream-transforms.ts +509 -0
package/src/server/page-deny-boundary.tsx +56 -0
package/src/server/pipeline-interception.ts +17 -16
package/src/server/pipeline-metadata.ts +13 -0
package/src/server/pipeline.ts +261 -66
package/src/server/primitives.ts +111 -28
package/src/server/render-timeout.ts +108 -0
package/src/server/request-context.ts +293 -132
package/src/server/route-element-builder.ts +283 -191
package/src/server/route-handler.ts +24 -4
package/src/server/route-matcher.ts +31 -20
package/src/server/rsc-entry/api-handler.ts +15 -16
package/src/server/rsc-entry/error-renderer.ts +305 -89
package/src/server/rsc-entry/helpers.ts +134 -5
package/src/server/rsc-entry/index.ts +304 -111
package/src/server/rsc-entry/rsc-payload.ts +65 -18
package/src/server/rsc-entry/rsc-stream.ts +81 -13
package/src/server/rsc-entry/ssr-bridge.ts +14 -5
package/src/server/rsc-entry/ssr-renderer.ts +171 -38
package/src/server/safe-load.ts +60 -0
package/src/server/sensitive-fields.ts +230 -0
package/src/server/sitemap-generator.ts +338 -0
package/src/server/sitemap-handler.ts +126 -0
package/src/server/slot-resolver.ts +244 -229
package/src/server/ssr-entry.ts +215 -32
package/src/server/ssr-render.ts +289 -67
package/src/server/ssr-wrappers.tsx +139 -0
package/src/server/status-code-resolver.ts +1 -1
package/src/server/stream-utils.ts +213 -0
package/src/server/tracing.ts +20 -9
package/src/server/tree-builder.ts +92 -58
package/src/server/types.ts +3 -6
package/src/server/version-skew.ts +104 -0
package/src/shared/merge-search-params.ts +55 -0
package/src/shims/font-google.ts +1 -1
package/src/shims/font-local.ts +34 -0
package/src/shims/headers.ts +5 -1
package/src/shims/navigation-client.ts +1 -1
package/src/shims/navigation.ts +7 -2
package/src/utils/directive-parser.ts +5 -2
package/src/utils/state-machine.ts +111 -0
package/dist/_chunks/als-registry-B7DbZ2hS.js.map +0 -1
package/dist/_chunks/debug-gwlJkDuf.js.map +0 -1
package/dist/_chunks/format-DviM89f0.js.map +0 -1
package/dist/_chunks/interception-BOoWmLUA.js.map +0 -1
package/dist/_chunks/request-context-DIkVh_jG.js +0 -330
package/dist/_chunks/request-context-DIkVh_jG.js.map +0 -1
package/dist/_chunks/tracing-CemImE6h.js.map +0 -1
package/dist/_chunks/use-cookie-DX-l1_5E.js +0 -91
package/dist/_chunks/use-cookie-DX-l1_5E.js.map +0 -1
package/dist/_chunks/use-query-states-D5KaffOK.js.map +0 -1
package/dist/cache/register-cached-function.d.ts +0 -17
package/dist/cache/register-cached-function.d.ts.map +0 -1
package/dist/client/browser-entry.d.ts +0 -21
package/dist/client/browser-entry.d.ts.map +0 -1
package/dist/client/link-status-provider.d.ts +0 -11
package/dist/client/link-status-provider.d.ts.map +0 -1
package/dist/client/transition-root.d.ts.map +0 -1
package/dist/client/use-navigation-pending.d.ts.map +0 -1
package/dist/cookies/index.js.map +0 -1
package/dist/plugins/cache-transform.d.ts +0 -36
package/dist/plugins/cache-transform.d.ts.map +0 -1
package/dist/plugins/dynamic-transform.d.ts +0 -72
package/dist/plugins/dynamic-transform.d.ts.map +0 -1
package/dist/search-params/analyze.d.ts +0 -54
package/dist/search-params/analyze.d.ts.map +0 -1
package/dist/search-params/builtin-codecs.d.ts +0 -105
package/dist/search-params/builtin-codecs.d.ts.map +0 -1
package/dist/search-params/codecs.d.ts +0 -53
package/dist/search-params/codecs.d.ts.map +0 -1
package/dist/search-params/create.d.ts +0 -106
package/dist/search-params/create.d.ts.map +0 -1
package/dist/server/prerender.d.ts +0 -77
package/dist/server/prerender.d.ts.map +0 -1
package/dist/server/response-cache.d.ts +0 -54
package/dist/server/response-cache.d.ts.map +0 -1
package/src/cache/register-cached-function.ts +0 -103
package/src/client/browser-entry.ts +0 -678
package/src/client/link-status-provider.tsx +0 -30
package/src/client/transition-root.tsx +0 -166
package/src/plugins/cache-transform.ts +0 -199
package/src/plugins/dynamic-transform.ts +0 -161
package/src/search-params/analyze.ts +0 -192
package/src/search-params/builtin-codecs.ts +0 -228
package/src/search-params/create.ts +0 -321
package/src/server/prerender.ts +0 -139
package/src/server/response-cache.ts +0 -410

package/src/server/route-element-builder.ts CHANGED Viewed

@@ -7,17 +7,18 @@
  *
  * This module handles:
  * 1. Loading page/layout components from the segment chain
- * 2. Running access.ts checks (DenySignal/RedirectSignal propagate to caller)
+ * 2. Collecting access.ts checks (executed inside render by AccessPreRunner)
  * 3. Resolving metadata (static object or async function, both exported as `metadata`)
  * 4. Building the React element tree (page → error boundaries → access gates → layouts)
  * 5. Resolving parallel slots
+ * 6. Wrapping the tree with AccessPreRunner for React.cache-scoped access checks
  *
  * See design/02-rendering-pipeline.md, design/04-authorization.md
  */
 import { createElement } from 'react';
-import { withSpan, setSpanAttribute } from './tracing.js';
+import { withSpan } from './tracing.js';
 import type { RouteMatch } from './pipeline.js';
 import type { ManifestSegmentNode } from './route-matcher.js';
 import { resolveMetadata, renderMetadataToElements } from './metadata.js';
@@ -26,13 +27,57 @@ import type { Metadata } from './types.js';
 import { METADATA_ROUTE_CONVENTIONS, getMetadataRouteAutoLink } from './metadata-routes.js';
 import { DenySignal, RedirectSignal } from './primitives.js';
 import { AccessGate } from './access-gate.js';
+import { PageDenyBoundary } from './page-deny-boundary.js';
+import { buildDenyPageChain, renderMatchingDenyPage, setDenyStatus } from './deny-page-resolver.js';
+import type { DenyPageEntry } from './deny-page-resolver.js';
 import { resolveSlotElement } from './slot-resolver.js';
-import { SegmentProvider } from '#/client/segment-context.js';
-import { setParsedSearchParams } from './request-context.js';
-import type { SearchParamsDefinition } from '#/search-params/create.js';
+import { SegmentProvider } from '../client/segment-context.js';
 import { wrapSegmentWithErrorBoundaries } from './error-boundary-wrapper.js';
 import type { InterceptionContext } from './pipeline.js';
 import { shouldSkipSegment } from './state-tree-diff.js';
+import { loadModule } from './safe-load.js';
+// ─── Client Reference Detection ──────────────────────────────────────────
+/**
+ * Symbol used by React Flight to mark client references.
+ * Client references are proxy objects created by @vitejs/plugin-rsc for
+ * 'use client' modules in the RSC environment. They must be passed to
+ * createElement() — calling them as functions throws:
+ * "Unexpectedly client reference export 'default' is called on server"
+ */
+const CLIENT_REFERENCE_TAG = Symbol.for('react.client.reference');
+/**
+ * Detect whether a component is a React client reference.
+ * Client references have $$typeof set to Symbol.for('react.client.reference')
+ * by registerClientReference() in the React Flight server runtime.
+ *
+ * Used to skip OTEL tracing wrappers that would call the component as a
+ * function. Client components must go through createElement only — they are
+ * serialized as references in the RSC Flight stream, not executed on the server.
+ */
+export function isClientReference(component: unknown): boolean {
+  return (
+    component != null &&
+    typeof component === 'function' &&
+    (component as unknown as Record<string, unknown>).$$typeof === CLIENT_REFERENCE_TAG
+  );
+}
+// ─── Param Coercion Error ─────────────────────────────────────────────────
+/**
+ * Thrown when a defineSegmentParams codec's parse() fails.
+ * The pipeline catches this and responds with 404.
+ */
+export class ParamCoercionError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'ParamCoercionError';
+  }
+}
 // ─── Types ────────────────────────────────────────────────────────────────
@@ -73,6 +118,10 @@ export interface RouteElementResult {
 /**
  * Wraps a DenySignal or RedirectSignal with the layout components loaded
  * so far, enabling the caller to render deny pages inside the layout shell.
+ *
+ * @deprecated No longer thrown by buildRouteElement since TIM-662. Access
+ * checks now run inside AccessPreRunner during renderToReadableStream, and
+ * signals are caught by onError. Kept for backward compat with external code.
  */
 export class RouteSignalWithContext extends Error {
   constructor(
@@ -84,6 +133,64 @@ export class RouteSignalWithContext extends Error {
   }
 }
+// ─── Module Processing Helpers ─────────────────────────────────────────────
+/**
+ * Reject the legacy `generateMetadata` export with a helpful migration message.
+ * Throws if the module exports `generateMetadata` instead of `metadata`.
+ */
+function rejectLegacyGenerateMetadata(mod: Record<string, unknown>, filePath: string): void {
+  if ('generateMetadata' in mod) {
+    throw new Error(
+      `${filePath}: "generateMetadata" is not a valid export. ` +
+        `Export an async function named "metadata" instead.\n\n` +
+        `  // Before\n` +
+        `  export async function generateMetadata({ params }) { ... }\n\n` +
+        `  // After\n` +
+        `  export async function metadata() { ... }`
+    );
+  }
+}
+/**
+ * Extract and resolve metadata from a module (layout or page).
+ * Handles both static metadata objects and async metadata functions.
+ * Returns the resolved Metadata, or null if none exported.
+ *
+ * Metadata functions no longer receive { params } — they access params
+ * via getSegmentParams() from ALS, same as page/layout components.
+ */
+async function extractMetadata(
+  mod: Record<string, unknown>,
+  segment: ManifestSegmentNode
+): Promise<Metadata | null> {
+  if (typeof mod.metadata === 'function') {
+    type MetadataFn = () => Promise<Metadata>;
+    return (
+      (await withSpan(
+        'timber.metadata',
+        { 'timber.segment': segment.segmentName ?? segment.urlPath },
+        () => (mod.metadata as MetadataFn)()
+      )) ?? null
+    );
+  }
+  if (mod.metadata) {
+    return mod.metadata as Metadata;
+  }
+  return null;
+}
+/**
+ * Extract `deferSuspenseFor` from a module and return the maximum
+ * of the current value and the module's value.
+ */
+function extractDeferSuspenseFor(mod: Record<string, unknown>, current: number): number {
+  if (typeof mod.deferSuspenseFor === 'number' && mod.deferSuspenseFor > current) {
+    return mod.deferSuspenseFor;
+  }
+  return current;
+}
 // ─── Builder ──────────────────────────────────────────────────────────────
 /**
@@ -95,6 +202,10 @@ export class RouteSignalWithContext extends Error {
  *
  * Does NOT serialize to RSC Flight — the caller decides whether to render
  * to a stream or use the element directly (e.g., for action revalidation).
+ *
+ * Access checks are collected but NOT executed here. They run inside
+ * AccessPreRunner during renderToReadableStream so that access.ts and
+ * render components share the same React.cache scope (TIM-662).
  */
 export async function buildRouteElement(
   req: Request,
@@ -104,9 +215,6 @@ export async function buildRouteElement(
 ): Promise<RouteElementResult> {
   const segments = match.segments as unknown as ManifestSegmentNode[];
-  // Params are passed as a Promise to match Next.js 15+ convention.
-  const paramsPromise = Promise.resolve(match.params);
   // Load all modules along the segment chain
   const metadataEntries: Array<{ metadata: Metadata; isPage: boolean }> = [];
   const layoutComponents: LayoutComponentEntry[] = [];
@@ -119,94 +227,41 @@ export async function buildRouteElement(
     // Load layout
     if (segment.layout) {
-      const mod = (await segment.layout.load()) as Record<string, unknown>;
+      const mod = await loadModule(segment.layout);
       if (mod.default) {
         layoutComponents.push({
           component: mod.default as (...args: unknown[]) => unknown,
           segment,
         });
       }
-      // Reject legacy generateMetadata export — use `export async function metadata()` instead
-      if ('generateMetadata' in mod) {
-        const filePath = segment.layout.filePath ?? segment.urlPath;
-        throw new Error(
-          `${filePath}: "generateMetadata" is not a valid export. ` +
-            `Export an async function named "metadata" instead.\n\n` +
-            `  // Before\n` +
-            `  export async function generateMetadata({ params }) { ... }\n\n` +
-            `  // After\n` +
-            `  export async function metadata({ params }) { ... }`
-        );
-      }
-      // Unified metadata export: static object or async function
-      if (typeof mod.metadata === 'function') {
-        type MetadataFn = (props: Record<string, unknown>) => Promise<Metadata>;
-        const generated = await withSpan(
-          'timber.metadata',
-          { 'timber.segment': segment.segmentName ?? segment.urlPath },
-          () => (mod.metadata as MetadataFn)({ params: paramsPromise })
-        );
-        if (generated) {
-          metadataEntries.push({ metadata: generated, isPage: false });
-        }
-      } else if (mod.metadata) {
-        metadataEntries.push({ metadata: mod.metadata as Metadata, isPage: false });
-      }
-      // deferSuspenseFor hold window — max across all segments
-      if (typeof mod.deferSuspenseFor === 'number' && mod.deferSuspenseFor > deferSuspenseFor) {
-        deferSuspenseFor = mod.deferSuspenseFor;
+      // Param coercion is handled in the pipeline (Stage 2c) before
+      // middleware and rendering. See coerceSegmentParams() in pipeline.ts.
+      rejectLegacyGenerateMetadata(mod, segment.layout.filePath ?? segment.urlPath);
+      const layoutMetadata = await extractMetadata(mod, segment);
+      if (layoutMetadata) {
+        metadataEntries.push({ metadata: layoutMetadata, isPage: false });
       }
+      deferSuspenseFor = extractDeferSuspenseFor(mod, deferSuspenseFor);
     }
     // Load page (leaf segment only)
     if (isLeaf && segment.page) {
-      // Load and apply search-params.ts definition before rendering so
-      // searchParams() from @timber-js/app/server returns parsed typed values.
-      if (segment.searchParams) {
-        const spMod = (await segment.searchParams.load()) as {
-          default?: SearchParamsDefinition<Record<string, unknown>>;
-        };
-        if (spMod.default) {
-          const rawSearchParams = new URL(req.url).searchParams;
-          const parsed = spMod.default.parse(rawSearchParams);
-          setParsedSearchParams(parsed);
-        }
-      }
+      const mod = await loadModule(segment.page);
+      // Param coercion is handled in the pipeline (Stage 2c) before
+      // middleware and rendering. See coerceSegmentParams() in pipeline.ts.
-      const mod = (await segment.page.load()) as Record<string, unknown>;
       if (mod.default) {
         PageComponent = mod.default as (...args: unknown[]) => unknown;
       }
-      // Reject legacy generateMetadata export — use `export async function metadata()` instead
-      if ('generateMetadata' in mod) {
-        const filePath = segment.page.filePath ?? segment.urlPath;
-        throw new Error(
-          `${filePath}: "generateMetadata" is not a valid export. ` +
-            `Export an async function named "metadata" instead.\n\n` +
-            `  // Before\n` +
-            `  export async function generateMetadata({ params }) { ... }\n\n` +
-            `  // After\n` +
-            `  export async function metadata({ params }) { ... }`
-        );
-      }
-      // Unified metadata export: static object or async function
-      if (typeof mod.metadata === 'function') {
-        type MetadataFn = (props: Record<string, unknown>) => Promise<Metadata>;
-        const generated = await withSpan(
-          'timber.metadata',
-          { 'timber.segment': segment.segmentName ?? segment.urlPath },
-          () => (mod.metadata as MetadataFn)({ params: paramsPromise })
-        );
-        if (generated) {
-          metadataEntries.push({ metadata: generated, isPage: true });
-        }
-      } else if (mod.metadata) {
-        metadataEntries.push({ metadata: mod.metadata as Metadata, isPage: true });
-      }
-      // deferSuspenseFor hold window — max across all segments
-      if (typeof mod.deferSuspenseFor === 'number' && mod.deferSuspenseFor > deferSuspenseFor) {
-        deferSuspenseFor = mod.deferSuspenseFor;
+      rejectLegacyGenerateMetadata(mod, segment.page.filePath ?? segment.urlPath);
+      const pageMetadata = await extractMetadata(mod, segment);
+      if (pageMetadata) {
+        metadataEntries.push({ metadata: pageMetadata, isPage: true });
       }
+      deferSuspenseFor = extractDeferSuspenseFor(mod, deferSuspenseFor);
     }
   }
@@ -214,54 +269,27 @@ export async function buildRouteElement(
     throw new Error(`No page component found for route: ${new URL(req.url).pathname}`);
   }
-  // Run access.ts checks before rendering — top-down through the segment chain.
-  // Verdicts are stored so AccessGate can replay them synchronously during
-  // render, avoiding duplicate execution and Suspense timing issues.
-  // DenySignal and RedirectSignal are wrapped with layout context so the caller
-  // can render deny pages inside the layout shell.
-  // See design/04-authorization.md §"access.ts Runs on Every Navigation".
-  const accessVerdicts = new Map<number, 'pass' | DenySignal | RedirectSignal>();
-  for (let si = 0; si < segments.length; si++) {
-    const segment = segments[si];
-    if (segment.access) {
-      const accessMod = (await segment.access.load()) as Record<string, unknown>;
-      const accessFn = accessMod.default as
-        | ((ctx: { params: Record<string, string | string[]>; searchParams: unknown }) => unknown)
-        | undefined;
-      if (accessFn) {
-        try {
-          await withSpan(
-            'timber.access',
-            { 'timber.segment': segment.segmentName ?? 'unknown' },
-            async () => {
-              try {
-                await accessFn({ params: match.params, searchParams: {} });
-                await setSpanAttribute('timber.result', 'pass');
-                accessVerdicts.set(si, 'pass');
-              } catch (error) {
-                if (error instanceof DenySignal) {
-                  await setSpanAttribute('timber.result', 'deny');
-                  await setSpanAttribute('timber.deny_status', error.status);
-                  if (error.sourceFile) {
-                    await setSpanAttribute('timber.deny_file', error.sourceFile);
-                  }
-                  accessVerdicts.set(si, error);
-                } else if (error instanceof RedirectSignal) {
-                  await setSpanAttribute('timber.result', 'redirect');
-                  accessVerdicts.set(si, error);
-                }
-                throw error;
-              }
-            }
-          );
-        } catch (error) {
-          if (error instanceof DenySignal || error instanceof RedirectSignal) {
-            throw new RouteSignalWithContext(error, layoutComponents, segments);
-          }
-          throw error;
-        }
-      }
+  // Access checks are NOT run here. AccessGate components in the element
+  // tree call accessFn directly during renderToReadableStream, sharing the
+  // same React.cache scope as layout/page components. A requireUser() call
+  // in access.ts populates React.cache; the same call in a layout is a hit.
+  //
+  // Previously (before TIM-662), access checks ran eagerly in a pre-render
+  // loop OUTSIDE renderToReadableStream, breaking React.cache dedup.
+  //
+  // See design/04-authorization.md §"Pre-Render Pass and Verdict Replay"
+  // Build deny page fallback chains for each segment position.
+  // When AccessGate or PageDenyBoundary catches a DenySignal, they render
+  // the matching deny page in-tree instead of throwing into React Flight.
+  // The chain walks from the current segment outward to root, collecting
+  // status-code files (403.tsx → 4xx.tsx → error.tsx) in fallback order.
+  // See TIM-666.
+  const denyPageChains = new Map<number, DenyPageEntry[]>();
+  for (let i = 0; i < segments.length; i++) {
+    const chain = await buildDenyPageChain(segments, i);
+    if (chain.length > 0) {
+      denyPageChains.set(i, chain);
     }
   }
@@ -293,19 +321,43 @@ export async function buildRouteElement(
   // Build element tree: page wrapped in layouts (innermost to outermost)
   const h = createElement as (...args: unknown[]) => React.ReactElement;
-  // Wrap the page component in an OTEL span
-  const TracedPage = async (props: Record<string, unknown>) => {
-    return withSpan(
-      'timber.page',
-      { 'timber.route': match.segments[match.segments.length - 1]?.urlPath ?? '/' },
-      () => (PageComponent as (props: Record<string, unknown>) => unknown)(props)
-    );
-  };
-  let element = h(TracedPage, {
-    params: paramsPromise,
-    searchParams: {},
-  });
+  // Build the page element.
+  // Client references ('use client' pages) must NOT be called as functions —
+  // they are proxy objects that throw when invoked. They must go through
+  // createElement only, which serializes them as client references in the
+  // RSC Flight stream. OTEL tracing is skipped for client components.
+  // See TIM-627 for the original bug.
+  // Build the page element.
+  // Server component pages are wrapped in PageDenyBoundary which calls
+  // them as async functions and catches DenySignal — rendering the deny
+  // page in-tree instead of throwing into React Flight. This eliminates
+  // the second render pass for deny pages. See TIM-666.
+  //
+  // Client reference pages ('use client') can't call deny() (server-only),
+  // so they go through createElement normally — no wrapper needed.
+  const leafIndex = segments.length - 1;
+  const leafDenyPages = denyPageChains.get(leafIndex);
+  let element: React.ReactElement;
+  if (isClientReference(PageComponent)) {
+    element = h(PageComponent, {});
+  } else if (leafDenyPages && leafDenyPages.length > 0) {
+    // Server component page WITH deny page chain — wrap in PageDenyBoundary
+    element = h(PageDenyBoundary, {
+      Page: PageComponent,
+      route: match.segments[leafIndex]?.urlPath ?? '/',
+      denyPages: leafDenyPages,
+    });
+  } else {
+    // Server component page WITHOUT deny page chain — trace only
+    const TracedPage = async (props: Record<string, unknown>) => {
+      return withSpan(
+        'timber.page',
+        { 'timber.route': match.segments[leafIndex]?.urlPath ?? '/' },
+        () => (PageComponent as (props: Record<string, unknown>) => unknown)(props)
+      );
+    };
+    element = h(TracedPage, {});
+  }
   // Build a lookup of layout components by segment for O(1) access.
   const layoutBySegment = new Map(
@@ -357,11 +409,28 @@ export async function buildRouteElement(
       segment.segmentType !== 'group';
     if (skip) {
-      // Skip this segment entirely — the client uses its cached version.
-      // Access.ts already ran in the pre-render loop (security guarantee).
+      // Skip this segment's layout/error boundaries — the client uses its cached version.
       // Metadata was already resolved above (head elements are correct).
       // Record for X-Timber-Skipped-Segments header (outermost first, so prepend).
       skippedSegments.unshift(segment.urlPath);
+      // SECURITY: Even though the layout is skipped, AccessGate MUST still
+      // wrap the element tree. access.ts runs on every navigation regardless
+      // of cached layouts or state tree content.
+      // See design/13-security.md §"Auth always runs" (test #11).
+      if (segment.access) {
+        const accessMod = await loadModule(segment.access);
+        const accessFn = accessMod.default as (() => unknown) | undefined;
+        if (accessFn) {
+          element = h(AccessGate, {
+            accessFn,
+            segmentName: segment.segmentName,
+            denyPages: denyPageChains.get(i),
+            children: element,
+          });
+        }
+      }
       continue;
     }
@@ -372,29 +441,17 @@ export async function buildRouteElement(
     }
     // Wrap with error boundaries from this segment (inside layout).
+    // Keep ALL error boundaries (including 4xx) — they're the safety net for
+    // DenySignal from nested server components that escape AccessGate/PageDenyBoundary
+    // try/catch. Status-code files must be 'use client' TSX or MDX to serialize
+    // as error boundary fallbacks. See TIM-666.
     element = await wrapSegmentWithErrorBoundaries(segment, element, h);
-    // Wrap in AccessGate if segment has access.ts.
-    // Pass the pre-computed verdict so AccessGate replays it synchronously
-    // instead of re-calling accessFn (dedup + Suspense immunity).
-    if (segment.access) {
-      const accessMod = (await segment.access.load()) as Record<string, unknown>;
-      const accessFn = accessMod.default as
-        | ((ctx: { params: Record<string, string | string[]>; searchParams: unknown }) => unknown)
-        | undefined;
-      if (accessFn) {
-        element = h(AccessGate, {
-          accessFn,
-          params: match.params,
-          searchParams: {},
-          segmentName: segment.segmentName,
-          verdict: accessVerdicts.get(i),
-          children: element,
-        });
-      }
-    }
-    // Wrap with layout if this segment has one — traced with OTEL span
+    // Wrap with layout BEFORE AccessGate — AccessGate is OUTSIDE the layout.
+    // When AccessGate denies, the layout never renders. The deny page appears
+    // at the AccessGate level, wrapped by PARENT layouts only.
+    // This prevents leaking layout UI (sidebars, nav) on denied pages.
+    // See design/04-authorization.md §"Access Failure".
     if (layoutComponent) {
       // Resolve parallel slots for this layout
       const slotProps: Record<string, unknown> = {};
@@ -403,7 +460,6 @@ export async function buildRouteElement(
         slotProps[slotName] = await resolveSlotElement(
           slotNode as ManifestSegmentNode,
           match,
-          paramsPromise,
           h,
           interception
         );
@@ -412,43 +468,79 @@ export async function buildRouteElement(
       const segmentPath = segment.urlPath.split('/');
       const parallelRouteKeys = Object.keys(segment.slots ?? {});
-      // Wrap the layout component in an OTEL span.
-      // For route groups, urlPath is "/" (groups don't add URL segments), so
-      // include the directory name to distinguish e.g. "layout /(pre-release)"
-      // from the root "layout /".
-      const segmentForSpan = segment;
-      const layoutComponentForSpan = layoutComponent;
-      const segmentLabel =
-        segmentForSpan.segmentType === 'group'
-          ? `${segmentForSpan.urlPath === '/' ? '' : segmentForSpan.urlPath}/${segmentForSpan.segmentName}`
-          : segmentForSpan.urlPath;
-      const TracedLayout = async (props: Record<string, unknown>) => {
-        return withSpan('timber.layout', { 'timber.segment': segmentLabel }, () =>
-          (layoutComponentForSpan as (props: Record<string, unknown>) => unknown)(props)
-        );
-      };
-      // segmentId uniquely identifies this segment for client-side element
-      // caching. For route groups, urlPath is shared with the parent (both "/"),
-      // so we include the group name to distinguish them. Without this, the
-      // segment merger's element cache would conflate root and group elements.
+      // For route groups, urlPath is shared with the parent (both "/"),
+      // so include the group name to distinguish them. Used for both OTEL
+      // span labels and client-side element caching (segmentId).
       const segmentId =
         segment.segmentType === 'group'
           ? `${segment.urlPath === '/' ? '' : segment.urlPath}/${segment.segmentName}`
           : segment.urlPath;
+      // Build the layout element.
+      // Same client reference guard as pages — client layouts must not be
+      // called as functions. OTEL tracing is skipped for client components.
+      let layoutElement: React.ReactElement;
+      if (isClientReference(layoutComponent)) {
+        layoutElement = h(layoutComponent, {
+          ...slotProps,
+          children: element,
+        });
+      } else {
+        // Server component layout — wrap with OTEL tracing AND DenySignal
+        // catching. If the layout calls deny(), the signal is caught here
+        // and the matching deny page renders in-tree (same pattern as
+        // AccessGate and PageDenyBoundary). Without this, DenySignal
+        // escapes to React Flight onError and triggers the re-render
+        // fallback path. See TIM-668, design/04-authorization.md.
+        const layoutComponentRef = layoutComponent;
+        const layoutDenyPages = denyPageChains.get(i);
+        const TracedLayout = async (props: Record<string, unknown>) => {
+          try {
+            return await withSpan('timber.layout', { 'timber.segment': segmentId }, () =>
+              (layoutComponentRef as (props: Record<string, unknown>) => unknown)(props)
+            );
+          } catch (error: unknown) {
+            if (error instanceof DenySignal && layoutDenyPages) {
+              const denyElement = renderMatchingDenyPage(layoutDenyPages, error.status, error.data);
+              if (denyElement) {
+                setDenyStatus(error.status);
+                return denyElement;
+              }
+            }
+            // Non-deny errors (RedirectSignal, runtime errors) propagate normally.
+            throw error;
+          }
+        };
+        layoutElement = h(TracedLayout, {
+          ...slotProps,
+          children: element,
+        });
+      }
       element = h(SegmentProvider, {
         segments: segmentPath,
         segmentId,
         parallelRouteKeys,
-        children: h(TracedLayout, {
-          ...slotProps,
-          params: paramsPromise,
-          searchParams: {},
-          children: element,
-        }),
+        children: layoutElement,
       });
     }
+    // Wrap in AccessGate OUTSIDE the layout.
+    // If access denies, the deny page renders here — the layout above
+    // never executes. Parent layouts (from outer iterations) form the shell.
+    // See TIM-662, TIM-666, design/04-authorization.md §"Access Failure".
+    if (segment.access) {
+      const accessMod = await loadModule(segment.access);
+      const accessFn = accessMod.default as (() => unknown) | undefined;
+      if (accessFn) {
+        element = h(AccessGate, {
+          accessFn,
+          segmentName: segment.segmentName,
+          denyPages: denyPageChains.get(i),
+          children: element,
+        });
+      }
+    }
   }
   return {

package/src/server/route-handler.ts CHANGED Viewed

@@ -9,6 +9,7 @@
  */
 import type { RouteContext } from './types.js';
+import { logRouteError } from './logger.js';
 // ─── Types ───────────────────────────────────────────────────────────────
@@ -122,7 +123,7 @@ async function runHandler(handler: RouteHandler, ctx: RouteContext): Promise<Res
     const res = await handler(ctx);
     return mergeResponseHeaders(res, ctx.headers);
   } catch (error) {
-    console.error('[timber] Uncaught error in route.ts handler:', error);
+    logRouteError({ method: ctx.req.method, path: new URL(ctx.req.url).pathname, error });
     return new Response(null, { status: 500 });
   }
 }
@@ -140,10 +141,29 @@ function mergeResponseHeaders(res: Response, ctxHeaders: Headers): Response {
   });
   if (!hasCtxHeaders) return res;
-  // Merge: ctx.headers first, then handler response headers override
+  // Merge: ctx.headers first, then handler response headers override.
+  // Set-Cookie needs special handling: Headers.set() replaces all values
+  // for a key, but each Set-Cookie must be its own header per RFC 6265 §4.1.
+  // Use append for Set-Cookie, set for everything else.
   const merged = new Headers();
-  ctxHeaders.forEach((value, key) => merged.set(key, value));
-  res.headers.forEach((value, key) => merged.set(key, value));
+  ctxHeaders.forEach((value, key) => {
+    if (key.toLowerCase() === 'set-cookie') {
+      merged.append(key, value);
+    } else {
+      merged.set(key, value);
+    }
+  });
+  // Response Set-Cookie headers: use getSetCookie() to preserve individual
+  // cookies (forEach joins them with ", " into one entry).
+  const resCookies = res.headers.getSetCookie();
+  for (const cookie of resCookies) {
+    merged.append('Set-Cookie', cookie);
+  }
+  res.headers.forEach((value, key) => {
+    if (key.toLowerCase() !== 'set-cookie') {
+      merged.set(key, value);
+    }
+  });
   return new Response(res.body, {
     status: res.status,