npm - @timber-js/app - Versions diffs - 0.2.0-alpha.95 → 0.2.0-alpha.96 - Mend

@timber-js/app 0.2.0-alpha.95 → 0.2.0-alpha.96

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (46) hide show

package/LICENSE +8 -0
package/dist/_chunks/{interception-DSv3A2Zn.js → interception-BsLCA9gk.js} +4 -4
package/dist/_chunks/interception-BsLCA9gk.js.map +1 -0
package/dist/_chunks/{ssr-data-DzuI0bIV.js → router-ref-C8OCm7g7.js} +26 -2
package/dist/_chunks/router-ref-C8OCm7g7.js.map +1 -0
package/dist/_chunks/{use-params-Br9YSUFV.js → use-params-IOPu7E8t.js} +3 -27
package/dist/_chunks/use-params-IOPu7E8t.js.map +1 -0
package/dist/client/browser-dev.d.ts +7 -0
package/dist/client/browser-dev.d.ts.map +1 -1
package/dist/client/error-boundary.d.ts.map +1 -1
package/dist/client/error-boundary.js +16 -2
package/dist/client/error-boundary.js.map +1 -1
package/dist/client/index.js +2 -2
package/dist/client/internal.js +2 -2
package/dist/fonts/pipeline.d.ts +29 -0
package/dist/fonts/pipeline.d.ts.map +1 -1
package/dist/fonts/transform.d.ts +0 -8
package/dist/fonts/transform.d.ts.map +1 -1
package/dist/fonts/virtual-modules.d.ts +49 -5
package/dist/fonts/virtual-modules.d.ts.map +1 -1
package/dist/index.js +229 -89
package/dist/index.js.map +1 -1
package/dist/plugins/fonts.d.ts.map +1 -1
package/dist/plugins/mdx.d.ts.map +1 -1
package/dist/routing/index.js +1 -1
package/dist/routing/link-codegen.d.ts.map +1 -1
package/dist/server/internal.js +2 -2
package/dist/server/internal.js.map +1 -1
package/dist/server/pipeline.d.ts +10 -1
package/dist/server/pipeline.d.ts.map +1 -1
package/dist/server/rsc-entry/index.d.ts.map +1 -1
package/package.json +6 -7
package/src/cli.ts +0 -0
package/src/client/browser-dev.ts +25 -0
package/src/client/error-boundary.tsx +49 -4
package/src/fonts/pipeline.ts +39 -0
package/src/fonts/transform.ts +61 -8
package/src/fonts/virtual-modules.ts +73 -5
package/src/plugins/fonts.ts +49 -14
package/src/plugins/mdx.ts +42 -9
package/src/routing/link-codegen.ts +29 -9
package/src/server/pipeline.ts +12 -3
package/src/server/rsc-entry/index.ts +54 -21
package/dist/_chunks/interception-DSv3A2Zn.js.map +0 -1
package/dist/_chunks/ssr-data-DzuI0bIV.js.map +0 -1
package/dist/_chunks/use-params-Br9YSUFV.js.map +0 -1

package/dist/server/internal.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"internal.js","names":[],"sources":["../../src/server/canonicalize.ts","../../src/server/proxy.ts","../../src/server/middleware-runner.ts","../../src/server/server-timing.ts","../../src/server/error-formatter.ts","../../src/server/default-logger.ts","../../src/server/logger.ts","../../src/server/instrumentation.ts","../../src/server/metadata-social.ts","../../src/server/metadata-platform.ts","../../src/server/metadata-render.ts","../../src/server/metadata.ts","../../src/server/safe-load.ts","../../src/server/deny-page-resolver.ts","../../src/server/access-gate.tsx","../../src/server/route-element-builder.ts","../../src/server/version-skew.ts","../../src/server/pipeline-metadata.ts","../../src/server/pipeline-interception.ts","../../src/server/pipeline.ts","../../src/server/build-manifest.ts","../../src/server/early-hints.ts","../../src/server/early-hints-sender.ts","../../src/server/tree-builder.ts","../../src/server/status-code-resolver.ts","../../src/server/flush.ts","../../src/server/csrf.ts","../../src/server/body-limits.ts","../../src/server/route-handler.ts","../../src/server/render-timeout.ts"],"sourcesContent":["/*\n URL canonicalization — runs once at the request boundary.\n \n Every layer (proxy.ts, middleware.ts, access.ts, components) sees the same\n * canonical path. No re-decoding occurs at any later stage.\n \n See design/07-routing.md §\"URL Canonicalization & Security\"\n /\n\n/* Result of canonicalization — either a clean path or a rejection. /\nexport type CanonicalizeResult = { ok: true; pathname: string } \| { ok: false; status: 400 };\n\n/\n Encoded separators that produce a 400 rejection.\n * %2f (/) and %5c (\\) cause path-confusion attacks.\n /\nconst ENCODED_SEPARATOR_RE = /%2f\|%5c/i;\n\n/* Null byte — rejected. /\nconst NULL_BYTE_RE = /%00/i;\n\n/\n Canonicalize a URL pathname.\n \n 1. Reject encoded separators (%2f, %5c) and null bytes (%00)\n * 2. Single percent-decode\n * 3. Collapse // → /\n * 4. Resolve .. segments (reject if escaping root)\n * 5. Strip trailing slash (except root \"/\")\n \n @param rawPathname - The raw pathname from the request URL (percent-encoded)\n * @param stripTrailingSlash - Whether to strip trailing slashes. Default: true.\n /\nexport function canonicalize(rawPathname: string, stripTrailingSlash = true): CanonicalizeResult {\n // Step 1: Reject dangerous encoded sequences BEFORE decoding.\n // This must happen on the raw input so %252f doesn't bypass after a single decode.\n if (ENCODED_SEPARATOR_RE.test(rawPathname)) {\n return { ok: false, status: 400 };\n }\n if (NULL_BYTE_RE.test(rawPathname)) {\n return { ok: false, status: 400 };\n }\n\n // Step 2: Single percent-decode.\n // Double-encoded input (%2561 → %61) stays as %61 — not decoded again.\n let decoded: string;\n try {\n decoded = decodeURIComponent(rawPathname);\n } catch {\n // Malformed percent-encoding → 400\n return { ok: false, status: 400 };\n }\n\n // Reject null bytes that appeared after decoding (from valid %00-like sequences\n // that weren't caught above — belt and suspenders).\n if (decoded.includes('\\0')) {\n return { ok: false, status: 400 };\n }\n\n // Backslash is NOT a path separator — keep as literal character.\n // But reject if it would create // after normalization (e.g., /\\evil.com).\n // We do NOT convert \\ to / — it stays as a literal.\n\n // Step 3: Collapse consecutive slashes.\n let pathname = decoded.replace(/\\/\\/+/g, '/');\n\n // Step 4: Resolve .. and . segments.\n const segments = pathname.split('/');\n const resolved: string[] = [];\n for (const seg of segments) {\n if (seg === '..') {\n if (resolved.length <= 1) {\n // Trying to escape root — 400\n return { ok: false, status: 400 };\n }\n resolved.pop();\n } else if (seg !== '.') {\n resolved.push(seg);\n }\n }\n\n pathname = resolved.join('/') \|\| '/';\n\n // Step 5: Strip trailing slash (except root \"/\").\n if (stripTrailingSlash && pathname.length > 1 && pathname.endsWith('/')) {\n pathname = pathname.slice(0, -1);\n }\n\n return { ok: true, pathname };\n}\n","/\n Proxy runner — executes app/proxy.ts before route matching.\n \n Supports two forms:\n * - Function: (req, next) => Promise<Response>\n * - Array: middleware functions composed left-to-right\n \n See design/07-routing.md §\"proxy.ts — Global Middleware\"\n /\n\n/* Signature for a single proxy middleware function. /\nexport type ProxyFn = (req: Request, next: () => Promise<Response>) => Response \| Promise<Response>;\n\n/* The proxy.ts default export — either a function or an array of functions. /\nexport type ProxyExport = ProxyFn \| ProxyFn[];\n\n/\n Run the proxy pipeline.\n \n @param proxyExport - The default export from proxy.ts (function or array)\n * @param req - The incoming request\n * @param next - The continuation that proceeds to route matching and rendering\n * @returns The final response\n /\nexport async function runProxy(\n proxyExport: ProxyExport,\n req: Request,\n next: () => Promise<Response>\n): Promise<Response> {\n const fns = Array.isArray(proxyExport) ? proxyExport : [proxyExport];\n\n // Compose left-to-right: first item's next() calls the second, etc.\n // The last item's next() calls the original `next` (route matching + render).\n let i = fns.length;\n let composed = next;\n while (i--) {\n const fn = fns[i]!;\n const downstream = composed;\n composed = () => Promise.resolve(fn(req, downstream));\n }\n\n return composed();\n}\n","/\n Middleware runner — executes a route's middleware.ts chain before rendering.\n \n All middleware.ts files in the segment chain run, root to leaf (top-down).\n * The first middleware that returns a Response short-circuits the chain.\n * There is no next() — each middleware is independent.\n \n See design/07-routing.md §\"middleware.ts\"\n /\n\nimport type { MiddlewareContext } from './types.js';\n\n/* Signature of a middleware.ts default export. /\nexport type MiddlewareFn = (ctx: MiddlewareContext) => Response \| void \| Promise<Response \| void>;\n\n/\n Run a route's middleware function.\n \n @param middlewareFn - The default export from the route's middleware.ts\n * @param ctx - The middleware context (req, params, headers, requestHeaders, searchParams)\n * @returns A Response if middleware short-circuited, or undefined to continue\n /\nexport async function runMiddleware(\n middlewareFn: MiddlewareFn,\n ctx: MiddlewareContext\n): Promise<Response \| undefined> {\n const result = await middlewareFn(ctx);\n if (result instanceof Response) {\n return result;\n }\n return undefined;\n}\n\n/\n Run all middleware functions in the segment chain, root to leaf.\n \n Execution is top-down: root middleware runs first, leaf middleware runs last.\n * All middleware share the same MiddlewareContext — a parent that sets\n * ctx.requestHeaders makes it visible to child middleware and downstream components.\n \n Short-circuits on the first middleware that returns a Response.\n * Remaining middleware in the chain do not execute.\n \n @param chain - Middleware functions ordered root-to-leaf\n * @param ctx - Shared middleware context\n * @returns A Response if any middleware short-circuited, or undefined to continue\n /\nexport async function runMiddlewareChain(\n chain: MiddlewareFn[],\n ctx: MiddlewareContext\n): Promise<Response \| undefined> {\n for (const fn of chain) {\n const result = await fn(ctx);\n if (result instanceof Response) {\n return result;\n }\n }\n return undefined;\n}\n","/\n Server-Timing header — dev-mode timing breakdowns for Chrome DevTools.\n \n Collects timing entries per request using ALS. Each pipeline phase\n * (proxy, middleware, render, SSR, access, fetch) records an entry.\n * Before response flush, entries are formatted into a Server-Timing header.\n \n Only active in dev mode — zero overhead in production.\n \n See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Server-Timing\n * Task: LOCAL-290\n /\n\nimport { timingAls } from './als-registry.js';\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\nexport interface TimingEntry {\n /* Metric name (alphanumeric + hyphens, no spaces). /\n name: string;\n /* Duration in milliseconds. /\n dur: number;\n /* Human-readable description (shown in DevTools). /\n desc?: string;\n}\n\n// ─── Public API ───────────────────────────────────────────────────────────\n\n/\n Run a callback with a per-request timing collector.\n * Must be called at the top of the request pipeline (wraps the full request).\n /\nexport function runWithTimingCollector<T>(fn: () => T): T {\n return timingAls.run({ entries: [] }, fn);\n}\n\n/\n Record a timing entry for the current request.\n * No-ops if called outside a timing collector (e.g. in production).\n /\nexport function recordTiming(entry: TimingEntry): void {\n const store = timingAls.getStore();\n if (!store) return;\n store.entries.push(entry);\n}\n\n/\n Run a function and automatically record its duration as a timing entry.\n * Returns the function's result. No-ops the recording if outside a collector.\n /\nexport async function withTiming<T>(\n name: string,\n desc: string \| undefined,\n fn: () => T \| Promise<T>\n): Promise<T> {\n const store = timingAls.getStore();\n if (!store) return fn();\n\n const start = performance.now();\n try {\n return await fn();\n } finally {\n const dur = Math.round(performance.now() - start);\n store.entries.push({ name, dur, desc });\n }\n}\n\n/\n Get the Server-Timing header value for the current request.\n * Returns null if no entries exist or outside a collector.\n \n Format: `name;dur=123;desc=\"description\", name2;dur=456`\n * See RFC 6797 / Server-Timing spec for format details.\n /\nexport function getServerTimingHeader(): string \| null {\n const store = timingAls.getStore();\n if (!store \|\| store.entries.length === 0) return null;\n\n // Deduplicate names — if a name appears multiple times, suffix with index\n const nameCounts = new Map<string, number>();\n const entries = store.entries.map((entry) => {\n const count = nameCounts.get(entry.name) ?? 0;\n nameCounts.set(entry.name, count + 1);\n const uniqueName = count > 0 ? `${entry.name}-${count}` : entry.name;\n return { ...entry, name: uniqueName };\n });\n\n const parts = entries.map((entry) => {\n let part = `${entry.name};dur=${entry.dur}`;\n if (entry.desc) {\n // Escape quotes in desc per Server-Timing spec\n const safeDesc = entry.desc.replace(/\\\\/g, '\\\\\\\\').replace(/\"/g, '\\\\\"');\n part += `;desc=\"${safeDesc}\"`;\n }\n return part;\n });\n\n // Respect header size limits — browsers typically handle up to 8KB headers.\n // Truncate if the header exceeds 4KB to leave room for other headers.\n const MAX_HEADER_SIZE = 4096;\n let result = '';\n for (let i = 0; i < parts.length; i++) {\n const candidate = result ? `${result}, ${parts[i]}` : parts[i]!;\n if (candidate.length > MAX_HEADER_SIZE) break;\n result = candidate;\n }\n\n return result \|\| null;\n}\n\n/\n Sanitize a URL for use in Server-Timing desc.\n * Strips query params and truncates long paths to avoid information leakage.\n /\nexport function sanitizeUrlForTiming(url: string): string {\n try {\n const parsed = new URL(url);\n const origin = parsed.host;\n let path = parsed.pathname;\n // Truncate long paths\n if (path.length > 50) {\n path = path.slice(0, 47) + '...';\n }\n return `${origin}${path}`;\n } catch {\n // Not a valid URL — truncate raw string\n if (url.length > 60) {\n return url.slice(0, 57) + '...';\n }\n return url;\n }\n}\n","/\n Error Formatter — rewrites SSR/RSC error messages to surface user code.\n \n When React or Vite throw errors during SSR, stack traces reference\n * vendored dependency paths (e.g. `.vite/deps_ssr/@vitejs_plugin-rsc_vendor_...`)\n * and mangled export names (`__vite_ssr_export_default__`). This module\n * rewrites error messages and stack traces to point at user code instead.\n \n Dev-only — in production, errors go through the structured logger\n * without formatting.\n /\n\n// ─── Stack Trace Rewriting ──────────────────────────────────────────────────\n\n/\n Patterns that identify internal Vite/RSC vendor paths in stack traces.\n * These are replaced with human-readable labels.\n /\nconst VENDOR_PATH_PATTERNS: Array<{ pattern: RegExp; replacement: string }> = [\n {\n pattern: /node_modules\\/\\.vite\\/deps_ssr\\/@vitejs_plugin-rsc_vendor_react-server-dom[^\\s)]+/g,\n replacement: '<react-server-dom>',\n },\n {\n pattern: /node_modules\\/\\.vite\\/deps_ssr\\/@vitejs_plugin-rsc_vendor[^\\s)]+/g,\n replacement: '<rsc-vendor>',\n },\n {\n pattern: /node_modules\\/\\.vite\\/deps_ssr\\/[^\\s)]+/g,\n replacement: '<vite-dep>',\n },\n {\n pattern: /node_modules\\/\\.vite\\/deps\\/[^\\s)]+/g,\n replacement: '<vite-dep>',\n },\n];\n\n/\n Patterns that identify Vite-mangled export names in error messages.\n /\nconst MANGLED_NAME_PATTERNS: Array<{ pattern: RegExp; replacement: string }> = [\n {\n pattern: /__vite_ssr_export_default__/g,\n replacement: '<default export>',\n },\n {\n pattern: /__vite_ssr_export_(\\w+)__/g,\n replacement: '<export $1>',\n },\n];\n\n/\n Rewrite an error's message and stack to replace internal Vite paths\n * and mangled names with human-readable labels.\n /\nexport function formatSsrError(error: unknown): string {\n if (!(error instanceof Error)) {\n return String(error);\n }\n\n let message = error.message;\n let stack = error.stack ?? '';\n\n // Rewrite mangled names in the message\n for (const { pattern, replacement } of MANGLED_NAME_PATTERNS) {\n message = message.replace(pattern, replacement);\n }\n\n // Rewrite vendor paths in the stack\n for (const { pattern, replacement } of VENDOR_PATH_PATTERNS) {\n stack = stack.replace(pattern, replacement);\n }\n\n // Rewrite mangled names in the stack too\n for (const { pattern, replacement } of MANGLED_NAME_PATTERNS) {\n stack = stack.replace(pattern, replacement);\n }\n\n // Extract hints from React-specific error patterns\n const hint = extractErrorHint(error.message);\n\n // Build formatted output: cleaned message, hint (if any), then cleaned stack\n const parts: string[] = [];\n parts.push(message);\n if (hint) {\n parts.push(` → ${hint}`);\n }\n\n // Include only the user-code frames from the stack (skip the first line\n // which is the message itself, and filter out vendor-only frames)\n const userFrames = extractUserFrames(stack);\n if (userFrames.length > 0) {\n parts.push('');\n parts.push(' User code in stack:');\n for (const frame of userFrames) {\n parts.push(` ${frame}`);\n }\n }\n\n return parts.join('\\n');\n}\n\n// ─── Error Hint Extraction ──────────────────────────────────────────────────\n\n/\n Extract a human-readable hint from common React/RSC error messages.\n \n React error messages contain useful information but the surrounding\n * context (vendor paths, mangled names) obscures it. This extracts the\n * actionable part as a one-line hint.\n /\nfunction extractErrorHint(message: string): string \| null {\n // \"Functions cannot be passed directly to Client Components\"\n // Extract the component and prop name from the JSX-like syntax in the message\n const fnPassedMatch = message.match(/Functions cannot be passed directly to Client Components/);\n if (fnPassedMatch) {\n // Try to extract the prop name from the message\n // React formats: <... propName={function ...} ...>\n const propMatch = message.match(/<[^>]?\\s(\\w+)=\\{function/);\n if (propMatch) {\n return `Prop \"${propMatch[1]}\" is a function — mark it \"use server\" or call it before passing`;\n }\n return 'A function prop was passed to a Client Component — mark it \"use server\" or call it before passing';\n }\n\n // \"Objects are not valid as a React child\"\n if (message.includes('Objects are not valid as a React child')) {\n return 'An object was rendered as JSX children — convert to string or extract the value';\n }\n\n // \"Cannot read properties of undefined/null\"\n const nullRefMatch = message.match(\n /Cannot read propert(?:y\|ies) of (undefined\|null) \$reading '(\\w+)'\$/\n );\n if (nullRefMatch) {\n return `Accessed .${nullRefMatch[2]} on ${nullRefMatch[1]} — check that the value exists`;\n }\n\n // \"X is not a function\"\n const notFnMatch = message.match(/(\\w+) is not a function/);\n if (notFnMatch) {\n return `\"${notFnMatch[1]}\" is not a function — check imports and exports`;\n }\n\n // \"Element type is invalid\"\n if (message.includes('Element type is invalid')) {\n return 'A component resolved to undefined/null — check default exports and import paths';\n }\n\n // \"Invalid hook call\" — hooks called outside React's render context.\n // In RSC, this typically means a 'use client' component was executed as a\n // server component instead of being serialized as a client reference.\n if (message.includes('Invalid hook call')) {\n return (\n 'A hook was called outside of a React component render. ' +\n \"If this is a 'use client' component, ensure the directive is at the very top of the file \" +\n '(before any imports) and that @vitejs/plugin-rsc is loaded correctly. ' +\n \"Barrel re-exports from non-'use client' files do not propagate the directive.\"\n );\n }\n\n return null;\n}\n\n// ─── Stack Frame Filtering ──────────────────────────────────────────────────\n\n/*\n Extract stack frames that reference user code (not node_modules,\n * not framework internals).\n \n Returns at most 5 frames to keep output concise.\n /\nfunction extractUserFrames(stack: string): string[] {\n const lines = stack.split('\\n');\n const userFrames: string[] = [];\n\n for (const line of lines) {\n const trimmed = line.trim();\n // Skip non-frame lines\n if (!trimmed.startsWith('at ')) continue;\n // Skip node_modules, vendor, and internal frames\n if (\n trimmed.includes('node_modules') \|\|\n trimmed.includes('<react-server-dom>') \|\|\n trimmed.includes('<rsc-vendor>') \|\|\n trimmed.includes('<vite-dep>') \|\|\n trimmed.includes('node:internal')\n ) {\n continue;\n }\n userFrames.push(trimmed);\n if (userFrames.length >= 5) break;\n }\n\n return userFrames;\n}\n","/\n DefaultLogger — human-readable stderr logging when no custom logger is configured.\n \n Ships as the fallback so production deployments always have error visibility,\n * even without an `instrumentation.ts` logger export. Output is one line per\n * event, designed for `fly logs`, `kubectl logs`, Cloudflare dashboard tails, etc.\n \n Format:\n * [timber] ERROR message key=value key=value trace_id=4bf92f35\n * [timber] WARN message key=value key=value trace_id=4bf92f35\n * [timber] INFO message method=GET path=/dashboard status=200 durationMs=43 trace_id=4bf92f35\n \n Behavior:\n * - Suppressed entirely in dev mode (dev logging handles all output)\n * - `debug` suppressed unless TIMBER_DEBUG is set\n * - Replaced entirely when a custom logger is set via `setLogger()`\n \n See design/17-logging.md §\"DefaultLogger\"\n /\n\nimport { isDevMode, isDebug } from './debug.js';\nimport { formatSsrError } from './error-formatter.js';\nimport type { TimberLogger } from './logger.js';\n\n/\n Format data fields as `key=value` pairs for human-readable output.\n * - `error` key is serialized via formatSsrError for stack trace cleanup\n * - `trace_id` is truncated to 8 chars for readability (full ID in OTEL)\n * - Other values are stringified inline\n /\nfunction formatDataFields(data?: Record<string, unknown>): string {\n if (!data) return '';\n\n const parts: string[] = [];\n let traceId: string \| undefined;\n\n for (const [key, value] of Object.entries(data)) {\n if (key === 'trace_id') {\n // Defer trace_id to the end\n traceId = typeof value === 'string' ? value : String(value);\n continue;\n }\n if (key === 'error') {\n // Serialize errors with formatSsrError for clean output\n parts.push(`error=${formatSsrError(value)}`);\n continue;\n }\n if (value === undefined \|\| value === null) continue;\n parts.push(`${key}=${value}`);\n }\n\n // trace_id always last, truncated to 8 chars for readability\n if (traceId) {\n parts.push(`trace_id=${traceId.slice(0, 8)}`);\n }\n\n return parts.length > 0 ? ' ' + parts.join(' ') : '';\n}\n\n/* Pad level string to fixed width for alignment. /\nfunction padLevel(level: string): string {\n return level.padEnd(5);\n}\n\nexport function createDefaultLogger(): TimberLogger {\n return {\n error(msg: string, data?: Record<string, unknown>): void {\n // Errors are ALWAYS logged, including dev mode. Suppressing errors\n // in dev causes silent 500s with no stack trace, making route.ts\n // and render errors impossible to debug. See TIM-555.\n const fields = formatDataFields(data);\n process.stderr.write(`[timber] ${padLevel('ERROR')} ${msg}${fields}\\n`);\n },\n\n warn(msg: string, data?: Record<string, unknown>): void {\n // Warnings are always logged — same rationale as errors.\n const fields = formatDataFields(data);\n process.stderr.write(`[timber] ${padLevel('WARN')} ${msg}${fields}\\n`);\n },\n\n info(msg: string, data?: Record<string, unknown>): void {\n // info is suppressed by default — per-request lines are too noisy\n // without a custom logger. Enable with TIMBER_DEBUG.\n if (isDevMode()) return;\n if (!isDebug()) return;\n const fields = formatDataFields(data);\n process.stderr.write(`[timber] ${padLevel('INFO')} ${msg}${fields}\\n`);\n },\n\n debug(msg: string, data?: Record<string, unknown>): void {\n // debug is suppressed in dev (dev logger handles it) and in\n // production unless TIMBER_DEBUG is explicitly set.\n if (isDevMode()) return;\n if (!isDebug()) return;\n const fields = formatDataFields(data);\n process.stderr.write(`[timber] ${padLevel('DEBUG')} ${msg}${fields}\\n`);\n },\n };\n}\n","/\n Logger — structured logging with environment-aware formatting.\n \n timber.js ships a DefaultLogger that writes human-readable lines to stderr\n * in production. Users can export a custom logger from instrumentation.ts to\n * replace it with pino, winston, or any TimberLogger-compatible object.\n \n See design/17-logging.md §\"Production Logging\"\n /\n\nimport { getTraceStore } from './tracing.js';\nimport { createDefaultLogger } from './default-logger.js';\n\n// ─── Logger Interface ─────────────────────────────────────────────────────\n\n/* Any object with standard log methods satisfies this — pino, winston, consola, console. /\nexport interface TimberLogger {\n info(msg: string, data?: Record<string, unknown>): void;\n warn(msg: string, data?: Record<string, unknown>): void;\n error(msg: string, data?: Record<string, unknown>): void;\n debug(msg: string, data?: Record<string, unknown>): void;\n}\n\n// ─── Logger Registry ──────────────────────────────────────────────────────\n\n// Initialize with DefaultLogger so production errors are never silent.\n// Replaced when setLogger() is called from instrumentation.ts.\nlet _logger: TimberLogger = createDefaultLogger();\n\n/\n Set the user-provided logger. Called by the instrumentation loader\n * when it finds a `logger` export in instrumentation.ts. Replaces\n * the DefaultLogger entirely.\n /\nexport function setLogger(logger: TimberLogger): void {\n _logger = logger;\n}\n\n/\n Get the current logger. Always non-null — returns DefaultLogger when\n * no custom logger is configured.\n /\nexport function getLogger(): TimberLogger {\n return _logger;\n}\n\n// ─── Framework Log Helpers ────────────────────────────────────────────────\n\n/\n Inject trace_id and span_id into log data for log–trace correlation.\n * Always injects trace_id (never undefined). Injects span_id only when OTEL is active.\n /\nfunction withTraceContext(data?: Record<string, unknown>): Record<string, unknown> {\n const store = getTraceStore();\n const enriched: Record<string, unknown> = { ...data };\n if (store) {\n enriched.trace_id = store.traceId;\n if (store.spanId) {\n enriched.span_id = store.spanId;\n }\n }\n return enriched;\n}\n\n// ─── Framework Event Emitters ─────────────────────────────────────────────\n\n/* Log a completed request. Level: info. /\nexport function logRequestCompleted(data: {\n method: string;\n path: string;\n status: number;\n durationMs: number;\n /* Number of concurrent in-flight requests (including this one) at completion time. /\n concurrency?: number;\n}): void {\n _logger.info('request completed', withTraceContext(data));\n}\n\n/* Log request received. Level: debug. /\nexport function logRequestReceived(data: { method: string; path: string }): void {\n _logger.debug('request received', withTraceContext(data));\n}\n\n/* Log a slow request warning. Level: warn. /\nexport function logSlowRequest(data: {\n method: string;\n path: string;\n durationMs: number;\n threshold: number;\n /* Number of concurrent in-flight requests at the time the slow request completed. /\n concurrency?: number;\n}): void {\n _logger.warn('slow request exceeded threshold', withTraceContext(data));\n}\n\n/* Log middleware short-circuit. Level: debug. /\nexport function logMiddlewareShortCircuit(data: {\n method: string;\n path: string;\n status: number;\n}): void {\n _logger.debug('middleware short-circuited', withTraceContext(data));\n}\n\n/* Log unhandled error in middleware phase. Level: error. /\nexport function logMiddlewareError(data: { method: string; path: string; error: unknown }): void {\n _logger.error('unhandled error in middleware phase', withTraceContext(data));\n}\n\n/* Log unhandled render-phase error. Level: error. /\nexport function logRenderError(data: {\n method: string;\n path: string;\n error: unknown;\n errorId?: string;\n}): void {\n _logger.error('unhandled render-phase error', withTraceContext(data));\n}\n\n/* Log proxy.ts uncaught error. Level: error. /\nexport function logProxyError(data: { error: unknown }): void {\n _logger.error('proxy.ts threw uncaught error', withTraceContext(data));\n}\n\n/* Log unhandled error in server action. Level: error. /\nexport function logActionError(data: { method: string; path: string; error: unknown }): void {\n _logger.error('unhandled server action error', withTraceContext(data));\n}\n\n/* Log unhandled error in route handler. Level: error. /\nexport function logRouteError(data: { method: string; path: string; error: unknown }): void {\n _logger.error('unhandled route handler error', withTraceContext(data));\n}\n\n/* Log SSR streaming error (post-shell). Level: error. /\nexport function logStreamingError(data: { error: unknown }): void {\n _logger.error('SSR streaming error (post-shell)', withTraceContext(data));\n}\n\n/* Log waitUntil() adapter missing (once at startup). Level: warn. /\nexport function logWaitUntilUnsupported(): void {\n _logger.warn('adapter does not support waitUntil()');\n}\n\n/* Log waitUntil() promise rejection. Level: warn. /\nexport function logWaitUntilRejected(data: { error: unknown }): void {\n _logger.warn('waitUntil() promise rejected', withTraceContext(data));\n}\n\n/* Log staleWhileRevalidate refetch failure. Level: warn. /\nexport function logSwrRefetchFailed(data: { cacheKey: string; error: unknown }): void {\n _logger.warn('staleWhileRevalidate refetch failed', withTraceContext(data));\n}\n\n/* Log cache miss. Level: debug. /\nexport function logCacheMiss(data: { cacheKey: string }): void {\n _logger.debug('timber.cache MISS', withTraceContext(data));\n}\n","/\n Instrumentation — loads and runs the user's instrumentation.ts file.\n \n instrumentation.ts is a file convention at the project root that exports:\n * - register() — called once at server startup, before the first request\n * - onRequestError() — called for every unhandled server error\n * - logger — any object with info/warn/error/debug methods\n \n See design/17-logging.md §\"instrumentation.ts — The Entry Point\"\n /\n\nimport { setLogger, type TimberLogger } from './logger.js';\n\n// ─── Instrumentation Types ────────────────────────────────────────────────\n\nexport type InstrumentationOnRequestError = (\n error: unknown,\n request: InstrumentationRequestInfo,\n context: InstrumentationErrorContext\n) => void \| Promise<void>;\n\nexport interface InstrumentationRequestInfo {\n /* HTTP method: 'GET', 'POST', etc. /\n method: string;\n /* Request path: '/dashboard/projects/123' /\n path: string;\n /* Request headers as a plain object. /\n headers: Record<string, string>;\n}\n\nexport interface InstrumentationErrorContext {\n /* Which pipeline phase the error occurred in. /\n phase: 'proxy' \| 'handler' \| 'render' \| 'action' \| 'route';\n /* The route pattern: '/dashboard/projects/[id]' /\n routePath: string;\n /* Type of route that was matched. /\n routeType: 'page' \| 'route' \| 'action';\n /* Always set — OTEL trace ID or UUID fallback. /\n traceId: string;\n}\n\n// ─── Instrumentation Module Shape ─────────────────────────────────────────\n\ninterface InstrumentationModule {\n register?: () => void \| Promise<void>;\n onRequestError?: InstrumentationOnRequestError;\n logger?: TimberLogger;\n}\n\n// ─── State ────────────────────────────────────────────────────────────────\n//\n// Intentional per-app singletons (not per-request). Instrumentation loads\n// once at server startup and persists for the lifetime of the process/isolate.\n// These must NOT be migrated to ALS — they are correctly scoped to the app.\n\nlet _initialized = false;\nlet _onRequestError: InstrumentationOnRequestError \| null = null;\n\n/\n Load and initialize the user's instrumentation.ts module.\n \n - Awaits register() before returning (server blocks on this).\n * - Picks up the logger export and wires it into the framework logger.\n * - Stores onRequestError for later invocation.\n \n @param loader - Function that dynamically imports the user's instrumentation module.\n * Returns null if no instrumentation.ts exists.\n /\nexport async function loadInstrumentation(\n loader: () => Promise<InstrumentationModule \| null>\n): Promise<void> {\n if (_initialized) return;\n _initialized = true;\n\n let mod: InstrumentationModule \| null;\n try {\n mod = await loader();\n } catch (error) {\n console.error('[timber] Failed to load instrumentation.ts:', error);\n return;\n }\n\n if (!mod) return;\n\n // Wire up the logger export\n if (mod.logger && typeof mod.logger.info === 'function') {\n setLogger(mod.logger);\n }\n\n // Store onRequestError for later\n if (typeof mod.onRequestError === 'function') {\n _onRequestError = mod.onRequestError;\n }\n\n // Await register() — server does not accept requests until this resolves\n if (typeof mod.register === 'function') {\n try {\n await mod.register();\n } catch (error) {\n console.error('[timber] instrumentation.ts register() threw:', error);\n throw error;\n }\n }\n}\n\n/\n Call the user's onRequestError hook. Catches and logs any errors thrown\n * by the hook itself — it must not affect the response.\n /\nexport async function callOnRequestError(\n error: unknown,\n request: InstrumentationRequestInfo,\n context: InstrumentationErrorContext\n): Promise<void> {\n if (!_onRequestError) return;\n try {\n await _onRequestError(error, request, context);\n } catch (hookError) {\n console.error('[timber] onRequestError hook threw:', hookError);\n }\n}\n\n/\n Check if onRequestError is registered.\n /\nexport function hasOnRequestError(): boolean {\n return _onRequestError !== null;\n}\n\n/\n Reset instrumentation state. Test-only.\n /\nexport function resetInstrumentation(): void {\n _initialized = false;\n _onRequestError = null;\n}\n","/\n Social metadata rendering — Open Graph and Twitter Card meta tags.\n \n Extracted from metadata-render.ts to keep files under 500 lines.\n \n See design/16-metadata.md\n /\n\nimport type { Metadata } from './types.js';\nimport type { HeadElement } from './metadata.js';\n\n/\n Render Open Graph metadata into head element descriptors.\n \n Handles og:title, og:description, og:image (with dimensions/alt),\n * og:video, og:audio, og:article:author, and other OG properties.\n /\nexport function renderOpenGraph(\n og: NonNullable<Metadata['openGraph']>,\n elements: HeadElement[]\n): void {\n const simpleProps: Array<[string, string \| undefined]> = [\n ['og:title', og.title],\n ['og:description', og.description],\n ['og:url', og.url],\n ['og:site_name', og.siteName],\n ['og:locale', og.locale],\n ['og:type', og.type],\n ['og:article:published_time', og.publishedTime],\n ['og:article:modified_time', og.modifiedTime],\n ];\n\n for (const [property, content] of simpleProps) {\n if (content) {\n elements.push({ tag: 'meta', attrs: { property, content } });\n }\n }\n\n // Images — normalize single object to array for uniform handling\n if (og.images) {\n if (typeof og.images === 'string') {\n elements.push({ tag: 'meta', attrs: { property: 'og:image', content: og.images } });\n } else {\n const imgList = Array.isArray(og.images) ? og.images : [og.images];\n for (const img of imgList) {\n elements.push({ tag: 'meta', attrs: { property: 'og:image', content: img.url } });\n if (img.width) {\n elements.push({\n tag: 'meta',\n attrs: { property: 'og:image:width', content: String(img.width) },\n });\n }\n if (img.height) {\n elements.push({\n tag: 'meta',\n attrs: { property: 'og:image:height', content: String(img.height) },\n });\n }\n if (img.alt) {\n elements.push({ tag: 'meta', attrs: { property: 'og:image:alt', content: img.alt } });\n }\n }\n }\n }\n\n // Videos\n if (og.videos) {\n for (const video of og.videos) {\n elements.push({ tag: 'meta', attrs: { property: 'og:video', content: video.url } });\n }\n }\n\n // Audio\n if (og.audio) {\n for (const audio of og.audio) {\n elements.push({ tag: 'meta', attrs: { property: 'og:audio', content: audio.url } });\n }\n }\n\n // Authors\n if (og.authors) {\n for (const author of og.authors) {\n elements.push({\n tag: 'meta',\n attrs: { property: 'og:article:author', content: author },\n });\n }\n }\n}\n\n/\n Render Twitter Card metadata into head element descriptors.\n \n Handles twitter:card, twitter:site, twitter:title, twitter:image,\n * twitter:player, and twitter:app (per-platform name/id/url).\n /\nexport function renderTwitter(tw: NonNullable<Metadata['twitter']>, elements: HeadElement[]): void {\n const simpleProps: Array<[string, string \| undefined]> = [\n ['twitter:card', tw.card],\n ['twitter:site', tw.site],\n ['twitter:site:id', tw.siteId],\n ['twitter:title', tw.title],\n ['twitter:description', tw.description],\n ['twitter:creator', tw.creator],\n ['twitter:creator:id', tw.creatorId],\n ];\n\n for (const [name, content] of simpleProps) {\n if (content) {\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n\n // Images — normalize single object to array for uniform handling\n if (tw.images) {\n if (typeof tw.images === 'string') {\n elements.push({ tag: 'meta', attrs: { name: 'twitter:image', content: tw.images } });\n } else {\n const imgList = Array.isArray(tw.images) ? tw.images : [tw.images];\n for (const img of imgList) {\n const url = typeof img === 'string' ? img : img.url;\n elements.push({ tag: 'meta', attrs: { name: 'twitter:image', content: url } });\n }\n }\n }\n\n // Player card fields\n if (tw.players) {\n for (const player of tw.players) {\n elements.push({ tag: 'meta', attrs: { name: 'twitter:player', content: player.playerUrl } });\n if (player.width) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'twitter:player:width', content: String(player.width) },\n });\n }\n if (player.height) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'twitter:player:height', content: String(player.height) },\n });\n }\n if (player.streamUrl) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'twitter:player:stream', content: player.streamUrl },\n });\n }\n }\n }\n\n // App card fields — 3 platforms × 3 attributes (name, id, url)\n if (tw.app) {\n const platforms: Array<[keyof NonNullable<typeof tw.app.id>, string]> = [\n ['iPhone', 'iphone'],\n ['iPad', 'ipad'],\n ['googlePlay', 'googleplay'],\n ];\n\n // App name is shared across platforms but the spec uses per-platform names.\n // Emit for each platform that has an ID.\n if (tw.app.name) {\n for (const [key, tag] of platforms) {\n if (tw.app.id?.[key]) {\n elements.push({\n tag: 'meta',\n attrs: { name: `twitter:app:name:${tag}`, content: tw.app.name },\n });\n }\n }\n }\n\n for (const [key, tag] of platforms) {\n const id = tw.app.id?.[key];\n if (id) {\n elements.push({ tag: 'meta', attrs: { name: `twitter:app:id:${tag}`, content: id } });\n }\n }\n\n for (const [key, tag] of platforms) {\n const url = tw.app.url?.[key];\n if (url) {\n elements.push({ tag: 'meta', attrs: { name: `twitter:app:url:${tag}`, content: url } });\n }\n }\n }\n}\n","/\n Platform-specific metadata rendering — icons, Apple Web App, App Links, iTunes.\n \n Extracted from metadata-render.ts to keep files under 500 lines.\n \n See design/16-metadata.md\n /\n\nimport type { Metadata } from './types.js';\nimport type { HeadElement } from './metadata.js';\n\n/\n Render icon link elements (favicon, shortcut, apple-touch-icon, custom).\n /\nexport function renderIcons(icons: NonNullable<Metadata['icons']>, elements: HeadElement[]): void {\n // Icon\n if (icons.icon) {\n if (typeof icons.icon === 'string') {\n elements.push({ tag: 'link', attrs: { rel: 'icon', href: icons.icon } });\n } else if (Array.isArray(icons.icon)) {\n for (const icon of icons.icon) {\n const attrs: Record<string, string> = { rel: 'icon', href: icon.url };\n if (icon.sizes) attrs.sizes = icon.sizes;\n if (icon.type) attrs.type = icon.type;\n elements.push({ tag: 'link', attrs });\n }\n }\n }\n\n // Shortcut\n if (icons.shortcut) {\n const urls = Array.isArray(icons.shortcut) ? icons.shortcut : [icons.shortcut];\n for (const url of urls) {\n elements.push({ tag: 'link', attrs: { rel: 'shortcut icon', href: url } });\n }\n }\n\n // Apple\n if (icons.apple) {\n if (typeof icons.apple === 'string') {\n elements.push({ tag: 'link', attrs: { rel: 'apple-touch-icon', href: icons.apple } });\n } else if (Array.isArray(icons.apple)) {\n for (const icon of icons.apple) {\n const attrs: Record<string, string> = { rel: 'apple-touch-icon', href: icon.url };\n if (icon.sizes) attrs.sizes = icon.sizes;\n elements.push({ tag: 'link', attrs });\n }\n }\n }\n\n // Other\n if (icons.other) {\n for (const icon of icons.other) {\n const attrs: Record<string, string> = { rel: icon.rel, href: icon.url };\n if (icon.sizes) attrs.sizes = icon.sizes;\n if (icon.type) attrs.type = icon.type;\n elements.push({ tag: 'link', attrs });\n }\n }\n}\n\n/\n Render alternate link elements (canonical, hreflang, media, types).\n /\nexport function renderAlternates(\n alternates: NonNullable<Metadata['alternates']>,\n elements: HeadElement[]\n): void {\n if (alternates.canonical) {\n elements.push({ tag: 'link', attrs: { rel: 'canonical', href: alternates.canonical } });\n }\n\n if (alternates.languages) {\n for (const [lang, href] of Object.entries(alternates.languages)) {\n elements.push({\n tag: 'link',\n attrs: { rel: 'alternate', hreflang: lang, href },\n });\n }\n }\n\n if (alternates.media) {\n for (const [media, href] of Object.entries(alternates.media)) {\n elements.push({\n tag: 'link',\n attrs: { rel: 'alternate', media, href },\n });\n }\n }\n\n if (alternates.types) {\n for (const [type, href] of Object.entries(alternates.types)) {\n elements.push({\n tag: 'link',\n attrs: { rel: 'alternate', type, href },\n });\n }\n }\n}\n\n/\n Render site verification meta tags (Google, Yahoo, Yandex, custom).\n /\nexport function renderVerification(\n verification: NonNullable<Metadata['verification']>,\n elements: HeadElement[]\n): void {\n const verificationProps: Array<[string, string \| undefined]> = [\n ['google-site-verification', verification.google],\n ['y_key', verification.yahoo],\n ['yandex-verification', verification.yandex],\n ];\n\n for (const [name, content] of verificationProps) {\n if (content) {\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n if (verification.other) {\n for (const [name, value] of Object.entries(verification.other)) {\n const content = Array.isArray(value) ? value.join(', ') : value;\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n}\n\n/\n Render Apple Web App meta tags and startup image links.\n /\nexport function renderAppleWebApp(\n appleWebApp: NonNullable<Metadata['appleWebApp']>,\n elements: HeadElement[]\n): void {\n if (appleWebApp.capable) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'apple-mobile-web-app-capable', content: 'yes' },\n });\n }\n if (appleWebApp.title) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'apple-mobile-web-app-title', content: appleWebApp.title },\n });\n }\n if (appleWebApp.statusBarStyle) {\n elements.push({\n tag: 'meta',\n attrs: {\n name: 'apple-mobile-web-app-status-bar-style',\n content: appleWebApp.statusBarStyle,\n },\n });\n }\n if (appleWebApp.startupImage) {\n const images = Array.isArray(appleWebApp.startupImage)\n ? appleWebApp.startupImage\n : [{ url: appleWebApp.startupImage }];\n for (const img of images) {\n const url = typeof img === 'string' ? img : img.url;\n const attrs: Record<string, string> = { rel: 'apple-touch-startup-image', href: url };\n if (typeof img === 'object' && img.media) {\n attrs.media = img.media;\n }\n elements.push({ tag: 'link', attrs });\n }\n }\n}\n\n/\n Render App Links (al:) meta tags for deep linking across platforms.\n /\nexport function renderAppLinks(\n appLinks: NonNullable<Metadata['appLinks']>,\n elements: HeadElement[]\n): void {\n const platformEntries: Array<[string, Array<Record<string, unknown>> \| undefined]> = [\n ['ios', appLinks.ios],\n ['android', appLinks.android],\n ['windows', appLinks.windows],\n ['windows_phone', appLinks.windowsPhone],\n ['windows_universal', appLinks.windowsUniversal],\n ];\n\n for (const [platform, entries] of platformEntries) {\n if (!entries) continue;\n for (const entry of entries) {\n for (const [key, value] of Object.entries(entry)) {\n if (value !== undefined && value !== null) {\n elements.push({\n tag: 'meta',\n attrs: { property: `al:${platform}:${key}`, content: String(value) },\n });\n }\n }\n }\n }\n\n if (appLinks.web) {\n if (appLinks.web.url) {\n elements.push({\n tag: 'meta',\n attrs: { property: 'al:web:url', content: appLinks.web.url },\n });\n }\n if (appLinks.web.shouldFallback !== undefined) {\n elements.push({\n tag: 'meta',\n attrs: {\n property: 'al:web:should_fallback',\n content: appLinks.web.shouldFallback ? 'true' : 'false',\n },\n });\n }\n }\n}\n\n/*\n Render Apple iTunes smart banner meta tag.\n /\nexport function renderItunes(\n itunes: NonNullable<Metadata['itunes']>,\n elements: HeadElement[]\n): void {\n const parts = [`app-id=${itunes.appId}`];\n if (itunes.affiliateData) parts.push(`affiliate-data=${itunes.affiliateData}`);\n if (itunes.appArgument) parts.push(`app-argument=${itunes.appArgument}`);\n elements.push({\n tag: 'meta',\n attrs: { name: 'apple-itunes-app', content: parts.join(', ') },\n });\n}\n","/\n Metadata rendering — converts resolved Metadata into HeadElement descriptors.\n \n Extracted from metadata.ts to keep files under 500 lines.\n \n See design/16-metadata.md\n /\n\nimport type { Metadata } from './types.js';\nimport type { HeadElement } from './metadata.js';\nimport { renderOpenGraph, renderTwitter } from './metadata-social.js';\nimport {\n renderIcons,\n renderAlternates,\n renderVerification,\n renderAppleWebApp,\n renderAppLinks,\n renderItunes,\n} from './metadata-platform.js';\n\n// ─── Render to Elements ──────────────────────────────────────────────────────\n\n/\n Convert resolved metadata into an array of head element descriptors.\n \n Each descriptor has a `tag` ('title', 'meta', 'link') and either\n * `content` (for <title>) or `attrs` (for <meta>/<link>).\n \n The framework's MetadataResolver component consumes these descriptors\n * and renders them into the <head>.\n /\nexport function renderMetadataToElements(metadata: Metadata): HeadElement[] {\n const elements: HeadElement[] = [];\n\n // Title\n if (typeof metadata.title === 'string') {\n elements.push({ tag: 'title', content: metadata.title });\n }\n\n // Simple string meta tags\n const simpleMetaProps: Array<[string, string \| undefined]> = [\n ['description', metadata.description],\n ['generator', metadata.generator],\n ['application-name', metadata.applicationName],\n ['referrer', metadata.referrer],\n ['category', metadata.category],\n ['creator', metadata.creator],\n ['publisher', metadata.publisher],\n ];\n\n for (const [name, content] of simpleMetaProps) {\n if (content) {\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n\n // Keywords (array or string)\n if (metadata.keywords) {\n const content = Array.isArray(metadata.keywords)\n ? metadata.keywords.join(', ')\n : metadata.keywords;\n elements.push({ tag: 'meta', attrs: { name: 'keywords', content } });\n }\n\n // Robots\n if (metadata.robots) {\n const content =\n typeof metadata.robots === 'string' ? metadata.robots : renderRobotsObject(metadata.robots);\n elements.push({ tag: 'meta', attrs: { name: 'robots', content } });\n\n // googleBot as separate tag\n if (typeof metadata.robots === 'object' && metadata.robots.googleBot) {\n const gbContent =\n typeof metadata.robots.googleBot === 'string'\n ? metadata.robots.googleBot\n : renderRobotsObject(metadata.robots.googleBot);\n elements.push({ tag: 'meta', attrs: { name: 'googlebot', content: gbContent } });\n }\n }\n\n // Open Graph\n if (metadata.openGraph) {\n renderOpenGraph(metadata.openGraph, elements);\n }\n\n // Twitter\n if (metadata.twitter) {\n renderTwitter(metadata.twitter, elements);\n }\n\n // Icons\n if (metadata.icons) {\n renderIcons(metadata.icons, elements);\n }\n\n // Manifest\n if (metadata.manifest) {\n elements.push({ tag: 'link', attrs: { rel: 'manifest', href: metadata.manifest } });\n }\n\n // Alternates\n if (metadata.alternates) {\n renderAlternates(metadata.alternates, elements);\n }\n\n // Verification\n if (metadata.verification) {\n renderVerification(metadata.verification, elements);\n }\n\n // Format detection\n if (metadata.formatDetection) {\n const parts: string[] = [];\n if (metadata.formatDetection.telephone === false) parts.push('telephone=no');\n if (metadata.formatDetection.email === false) parts.push('email=no');\n if (metadata.formatDetection.address === false) parts.push('address=no');\n if (parts.length > 0) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'format-detection', content: parts.join(', ') },\n });\n }\n }\n\n // Authors\n if (metadata.authors) {\n const authorList = Array.isArray(metadata.authors) ? metadata.authors : [metadata.authors];\n for (const author of authorList) {\n if (author.name) {\n elements.push({ tag: 'meta', attrs: { name: 'author', content: author.name } });\n }\n if (author.url) {\n elements.push({ tag: 'link', attrs: { rel: 'author', href: author.url } });\n }\n }\n }\n\n // Apple Web App\n if (metadata.appleWebApp) {\n renderAppleWebApp(metadata.appleWebApp, elements);\n }\n\n // App Links (al:)\n if (metadata.appLinks) {\n renderAppLinks(metadata.appLinks, elements);\n }\n\n // iTunes\n if (metadata.itunes) {\n renderItunes(metadata.itunes, elements);\n }\n\n // Other (custom meta tags)\n if (metadata.other) {\n for (const [name, value] of Object.entries(metadata.other)) {\n const content = Array.isArray(value) ? value.join(', ') : value;\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n\n return elements;\n}\n\n// ─── Rendering Helpers ───────────────────────────────────────────────────────\n\nfunction renderRobotsObject(robots: Record<string, unknown>): string {\n const parts: string[] = [];\n if (robots.index === true) parts.push('index');\n if (robots.index === false) parts.push('noindex');\n if (robots.follow === true) parts.push('follow');\n if (robots.follow === false) parts.push('nofollow');\n return parts.join(', ');\n}\n","/*\n Metadata resolution for timber.js.\n \n Resolves metadata from a segment chain (layouts + page), applies title\n * templates, shallow-merges entries, and produces head element descriptors.\n \n Resolution happens inside the render pass — React.cache is active,\n * metadata is outside Suspense, and the flush point guarantees completeness.\n \n Rendering (Metadata → HeadElement[]) is in metadata-render.ts.\n \n See design/16-metadata.md\n /\n\nimport type { Metadata } from './types.js';\n\n// Re-export renderMetadataToElements from the rendering module so existing\n// consumers (route-element-builder, tests) can keep importing from here.\nexport { renderMetadataToElements } from './metadata-render.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\n/* A single metadata entry from a layout or page module. /\nexport interface SegmentMetadataEntry {\n /* The resolved metadata object (from static or async `metadata` export). /\n metadata: Metadata;\n /* Whether this entry is from the page (leaf) module. /\n isPage: boolean;\n}\n\n/* Options for resolveMetadata. /\nexport interface ResolveMetadataOptions {\n /\n When true, the page's metadata is discarded (simulating a render error)\n * and `<meta name=\"robots\" content=\"noindex\">` is injected.\n /\n errorState?: boolean;\n}\n\n/* A rendered head element descriptor. /\nexport interface HeadElement {\n tag: 'title' \| 'meta' \| 'link';\n content?: string;\n attrs?: Record<string, string>;\n}\n\n// ─── Title Resolution ────────────────────────────────────────────────────────\n\n/\n Resolve a title value with an optional template.\n \n - string → apply template if present\n * - { absolute: '...' } → use as-is, skip template\n * - { default: '...' } → use as fallback (no template applied)\n * - undefined → undefined\n /\nexport function resolveTitle(\n title: Metadata['title'],\n template: string \| undefined\n): string \| undefined {\n if (title === undefined \|\| title === null) {\n return undefined;\n }\n\n if (typeof title === 'string') {\n return template ? template.replace('%s', title) : title;\n }\n\n // Object form\n if (title.absolute !== undefined) {\n return title.absolute;\n }\n\n if (title.default !== undefined) {\n return title.default;\n }\n\n return undefined;\n}\n\n// ─── Metadata Resolution ─────────────────────────────────────────────────────\n\n/\n Resolve metadata from a segment chain.\n \n Processes entries from root layout to page (in segment order).\n * The merge algorithm:\n * 1. Shallow-merge all keys except title (later wins)\n * 2. Track the most recent title template\n * 3. Resolve the final title using the template\n \n In error state, the page entry is dropped and noindex is injected.\n \n See design/16-metadata.md §\"Merge Algorithm\"\n /\nexport function resolveMetadata(\n entries: SegmentMetadataEntry[],\n options: ResolveMetadataOptions = {}\n): Metadata {\n const { errorState = false } = options;\n\n const merged: Metadata = {};\n let titleTemplate: string \| undefined;\n let lastDefault: string \| undefined;\n let rawTitle: Metadata['title'];\n\n for (const { metadata, isPage } of entries) {\n // In error state, skip the page's metadata entirely\n if (errorState && isPage) {\n continue;\n }\n\n // Track title template\n if (metadata.title !== undefined && typeof metadata.title === 'object') {\n if (metadata.title.template !== undefined) {\n titleTemplate = metadata.title.template;\n }\n if (metadata.title.default !== undefined) {\n lastDefault = metadata.title.default;\n }\n }\n\n // Shallow-merge all keys except title\n for (const key of Object.keys(metadata) as Array<keyof Metadata>) {\n if (key === 'title') continue;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n (merged as any)[key] = metadata[key];\n }\n\n // Track raw title (will be resolved after the loop)\n if (metadata.title !== undefined) {\n rawTitle = metadata.title;\n }\n }\n\n // In error state, we lost page title — use the most recent default\n if (errorState) {\n rawTitle = lastDefault !== undefined ? { default: lastDefault } : rawTitle;\n // Don't apply template in error state\n titleTemplate = undefined;\n }\n\n // Resolve the final title\n const resolvedTitle = resolveTitle(rawTitle, titleTemplate);\n if (resolvedTitle !== undefined) {\n merged.title = resolvedTitle;\n }\n\n // Error state: inject noindex, overriding any user robots\n if (errorState) {\n merged.robots = 'noindex';\n }\n\n return merged;\n}\n\n// ─── URL Resolution ──────────────────────────────────────────────────────────\n\n/\n Check if a string is an absolute URL.\n /\nfunction isAbsoluteUrl(url: string): boolean {\n return url.startsWith('http://') \|\| url.startsWith('https://') \|\| url.startsWith('//');\n}\n\n/\n Resolve a relative URL against a base URL.\n /\nfunction resolveUrl(url: string, base: URL): string {\n if (isAbsoluteUrl(url)) return url;\n return new URL(url, base).toString();\n}\n\n/\n Resolve relative URLs in metadata fields against metadataBase.\n \n Returns a new metadata object with URLs resolved. Absolute URLs are not modified.\n * If metadataBase is not set, returns the metadata unchanged.\n /\nexport function resolveMetadataUrls(metadata: Metadata): Metadata {\n const base = metadata.metadataBase;\n if (!base) return metadata;\n\n const result = { ...metadata };\n\n // Resolve openGraph images\n if (result.openGraph) {\n result.openGraph = { ...result.openGraph };\n if (typeof result.openGraph.images === 'string') {\n result.openGraph.images = resolveUrl(result.openGraph.images, base);\n } else if (Array.isArray(result.openGraph.images)) {\n result.openGraph.images = result.openGraph.images.map((img) => ({\n ...img,\n url: resolveUrl(img.url, base),\n }));\n } else if (result.openGraph.images) {\n // Single object: { url, width?, height?, alt? }\n result.openGraph.images = {\n ...result.openGraph.images,\n url: resolveUrl(result.openGraph.images.url, base),\n };\n }\n if (result.openGraph.url && !isAbsoluteUrl(result.openGraph.url)) {\n result.openGraph.url = resolveUrl(result.openGraph.url, base);\n }\n }\n\n // Resolve twitter images\n if (result.twitter) {\n result.twitter = { ...result.twitter };\n if (typeof result.twitter.images === 'string') {\n result.twitter.images = resolveUrl(result.twitter.images, base);\n } else if (Array.isArray(result.twitter.images)) {\n // Resolve each image URL, preserving the union type structure\n const resolved = result.twitter.images.map((img) =>\n typeof img === 'string' ? resolveUrl(img, base) : { ...img, url: resolveUrl(img.url, base) }\n );\n // If all entries are strings, assign as string[]; otherwise as object[]\n const allStrings = resolved.every((r) => typeof r === 'string');\n result.twitter.images = allStrings\n ? (resolved as string[])\n : (resolved as Array<{ url: string; alt?: string; width?: number; height?: number }>);\n } else if (result.twitter.images) {\n // Single object: { url, alt?, width?, height? }\n result.twitter.images = {\n ...result.twitter.images,\n url: resolveUrl(result.twitter.images.url, base),\n };\n }\n }\n\n // Resolve alternates\n if (result.alternates) {\n result.alternates = { ...result.alternates };\n if (result.alternates.canonical && !isAbsoluteUrl(result.alternates.canonical)) {\n result.alternates.canonical = resolveUrl(result.alternates.canonical, base);\n }\n if (result.alternates.languages) {\n const langs: Record<string, string> = {};\n for (const [lang, url] of Object.entries(result.alternates.languages)) {\n langs[lang] = isAbsoluteUrl(url) ? url : resolveUrl(url, base);\n }\n result.alternates.languages = langs;\n }\n }\n\n // Resolve icon URLs\n if (result.icons) {\n result.icons = { ...result.icons };\n if (typeof result.icons.icon === 'string') {\n result.icons.icon = resolveUrl(result.icons.icon, base);\n } else if (Array.isArray(result.icons.icon)) {\n result.icons.icon = result.icons.icon.map((i) => ({ ...i, url: resolveUrl(i.url, base) }));\n }\n if (typeof result.icons.apple === 'string') {\n result.icons.apple = resolveUrl(result.icons.apple, base);\n } else if (Array.isArray(result.icons.apple)) {\n result.icons.apple = result.icons.apple.map((i) => ({ ...i, url: resolveUrl(i.url, base) }));\n }\n }\n\n return result;\n}\n","/\n loadModule — enriched error context for route manifest .load() failures.\n \n Wraps the lazy `load()` functions from the route manifest with a\n * try/catch that re-throws with the file path and original cause.\n \n Callers that need fallthrough behavior (error renderers) can use\n * `.catch(() => null)` or try/catch — the decision stays at the call site.\n \n See design/spike-TIM-551-dynamic-import-audit.md §\"Proposed Wrapping Strategy\"\n /\n\n/* A manifest file reference with a lazy import function and file path. /\nexport interface ManifestLoader {\n load: () => Promise<unknown>;\n filePath: string;\n}\n\n/\n Custom error class for module load failures.\n \n Preserves the original error as `cause` while providing a\n * human-readable message with the file path.\n /\nexport class ModuleLoadError extends Error {\n /* The file path that failed to load. /\n readonly filePath: string;\n\n constructor(filePath: string, cause: unknown) {\n const originalMessage = cause instanceof Error ? cause.message : String(cause);\n super(`[timber] Failed to load module ${filePath}\\n ${originalMessage}`, { cause });\n this.name = 'ModuleLoadError';\n this.filePath = filePath;\n }\n}\n\n/\n Load a route manifest module with enriched error context.\n \n On success: returns the module object (same as `loader.load()`).\n * On failure: throws `ModuleLoadError` with file path and original cause.\n \n For error rendering paths that need fallthrough instead of throwing,\n * callers should catch at the call site:\n \n ```ts\n * // Throwing (default) — route-element-builder, api-handler, etc.\n * const mod = await loadModule(segment.page);\n \n // Fallthrough — error-renderer, error-boundary-wrapper\n * const mod = await loadModule(segment.error).catch(() => null);\n * ```\n /\nexport async function loadModule<T = Record<string, unknown>>(loader: ManifestLoader): Promise<T> {\n try {\n return (await loader.load()) as T;\n } catch (error) {\n throw new ModuleLoadError(loader.filePath, error);\n }\n}\n","/\n Deny Page Resolver — resolves status-code file components for in-tree deny handling.\n \n When AccessGate or PageDenyBoundary catches a DenySignal, they need to\n * render the matching deny page (403.tsx, 4xx.tsx, error.tsx) as a normal\n * element in the React tree. This module resolves the deny page chain from\n * the segment chain — a list of fallback components ordered by specificity.\n \n The chain is built during buildRouteElement and passed as a prop to\n * AccessGate and PageDenyBoundary. At catch time, the first matching\n * component is rendered.\n \n See design/10-error-handling.md §\"Status-Code Files\", TIM-666.\n /\n\nimport { createElement } from 'react';\n\nimport type { ManifestSegmentNode } from './route-matcher.js';\nimport { loadModule } from './safe-load.js';\nimport { requestContextAls } from './als-registry.js';\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/* A single entry in the deny page fallback chain. /\nexport interface DenyPageEntry {\n /* Status code filter: specific (403), category (400 = any 4xx), or null (catch-all). /\n status: number \| null;\n /* The component to render (server or client — both work). /\n component: (...args: unknown[]) => unknown;\n}\n\n// ─── Resolver ─────────────────────────────────────────────────────────────\n\n/\n Build the deny page fallback chain from the segment chain.\n \n Walks segments from `startIndex` outward (toward root) and collects\n * status-code file components in fallback order:\n * 1. Specific status files (403.tsx, 404.tsx) — exact match\n * 2. Category catch-alls (4xx.tsx) — matches any 4xx\n * 3. error.tsx — catches everything\n \n Each segment is checked in this order. The chain is ordered so the\n * FIRST match wins at catch time.\n /\nexport async function buildDenyPageChain(\n segments: ManifestSegmentNode[],\n startIndex: number\n): Promise<DenyPageEntry[]> {\n const chain: DenyPageEntry[] = [];\n\n // Pass 1: Status files (specific + category) across ALL segments.\n // These have higher priority than error.tsx — a root 4xx.tsx should\n // match before a leaf error.tsx. Walking inner → outer ensures the\n // nearest match wins within each priority tier.\n for (let i = startIndex; i >= 0; i--) {\n const segment = segments[i];\n if (!segment.statusFiles) continue;\n\n // Specific status files (403.tsx, 404.tsx, etc.)\n for (const [key, file] of Object.entries(segment.statusFiles)) {\n if (key !== '4xx' && key !== '5xx') {\n const status = parseInt(key, 10);\n if (!isNaN(status)) {\n const mod = await loadModule(file).catch(() => null);\n if (mod?.default) {\n chain.push({ status, component: mod.default as (...args: unknown[]) => unknown });\n }\n }\n }\n }\n\n // Category catch-alls (4xx.tsx, 5xx.tsx)\n for (const [key, file] of Object.entries(segment.statusFiles)) {\n if (key === '4xx' \|\| key === '5xx') {\n const mod = await loadModule(file).catch(() => null);\n if (mod?.default) {\n const categoryStatus = key === '4xx' ? 400 : 500;\n chain.push({\n status: categoryStatus,\n component: mod.default as (...args: unknown[]) => unknown,\n });\n }\n }\n }\n }\n\n // Pass 2: error.tsx files — lowest priority catch-all.\n // Only added AFTER all status files so they never shadow a specific\n // or category status file from an ancestor segment.\n for (let i = startIndex; i >= 0; i--) {\n const segment = segments[i];\n if (segment.error) {\n const mod = await loadModule(segment.error).catch(() => null);\n if (mod?.default) {\n chain.push({ status: null, component: mod.default as (...args: unknown[]) => unknown });\n }\n }\n }\n\n return chain;\n}\n\n// ─── Matcher ──────────────────────────────────────────────────────────────\n\n/\n Find the first deny page in the chain that matches the given status code.\n * Returns a React element for the matching component, or null if no match.\n /\nexport function renderMatchingDenyPage(\n chain: DenyPageEntry[],\n status: number,\n data: unknown\n): React.ReactElement \| null {\n const h = createElement as (...args: unknown[]) => React.ReactElement;\n\n for (const entry of chain) {\n if (entry.status === status) {\n return h(entry.component, { status, dangerouslyPassData: data });\n }\n if (entry.status === 400 && status >= 400 && status <= 499) {\n return h(entry.component, { status, dangerouslyPassData: data });\n }\n if (entry.status === 500 && status >= 500 && status <= 599) {\n return h(entry.component, { status, dangerouslyPassData: data });\n }\n if (entry.status === null) {\n return h(entry.component, { status, dangerouslyPassData: data });\n }\n }\n return null;\n}\n\n// ─── ALS Helper ───────────────────────────────────────────────────────────\n\n/\n Set the deny status in the request context ALS.\n * Called from AccessGate / PageDenyBoundary when a DenySignal is caught.\n * The pipeline reads this after render to set the HTTP status code.\n /\nexport function setDenyStatus(status: number): void {\n const store = requestContextAls.getStore();\n if (store) {\n store.denyStatus = status;\n }\n}\n\n/\n Read the deny status from the request context ALS.\n * Returns undefined if no deny was caught during render.\n /\nexport function getDenyStatus(): number \| undefined {\n return requestContextAls.getStore()?.denyStatus;\n}\n","/\n AccessGate and SlotAccessGate — framework-injected async server components.\n \n AccessGate wraps each segment's layout in the element tree. It calls the\n * segment's access.ts before the layout renders. If access.ts calls deny()\n * or redirect(), the signal propagates as a render-phase throw — caught by\n * the flush controller to produce the correct HTTP status code.\n \n SlotAccessGate wraps parallel slot content. On denial, it renders the\n * graceful degradation chain: denied.tsx → default.tsx → null. Slot denial\n * does not affect the HTTP status code.\n \n See design/04-authorization.md and design/02-rendering-pipeline.md §\"AccessGate\"\n /\n\nimport { DenySignal, RedirectSignal } from './primitives.js';\nimport type { AccessGateProps, SlotAccessGateProps, ReactElement } from './tree-builder.js';\nimport { withSpan, setSpanAttribute } from './tracing.js';\nimport { isDebug } from './debug.js';\nimport type { DenyPageEntry } from './deny-page-resolver.js';\nimport { renderMatchingDenyPage, setDenyStatus } from './deny-page-resolver.js';\n\n// ─── AccessGate ─────────────────────────────────────────────────────────────\n\n/\n Framework-injected access gate for segments.\n \n When a pre-computed `verdict` prop is provided (from the pre-render pass\n * in route-element-builder.ts), AccessGate replays it synchronously — no\n * async, no re-execution of access.ts, immune to Suspense timing. The OTEL\n * span was already emitted during the pre-render pass.\n \n When no verdict is provided (backward compat with tree-builder.ts),\n * AccessGate calls accessFn directly with OTEL instrumentation.\n \n access.ts is a pure gate — return values are discarded. The layout below\n * gets the same data by calling the same cached functions (React.cache dedup).\n /\nexport function AccessGate(props: AccessGateProps): ReactElement \| Promise<ReactElement> {\n const { accessFn, segmentName, verdict, denyPages, children } = props;\n\n // Fast path: replay pre-computed verdict from the pre-render pass.\n if (verdict !== undefined) {\n if (verdict === 'pass') {\n return children;\n }\n throw verdict;\n }\n\n // Primary path: call accessFn directly during render.\n // If denyPages is provided, catch DenySignal and render the deny page\n // in-tree — no throw reaches React Flight, no second render pass.\n return accessGateFallback(accessFn, segmentName, denyPages, children);\n}\n\n/\n Async fallback for AccessGate when no pre-computed verdict is available.\n * Calls accessFn with OTEL instrumentation.\n /\nasync function accessGateFallback(\n accessFn: AccessGateProps['accessFn'],\n segmentName: AccessGateProps['segmentName'],\n denyPages: DenyPageEntry[] \| undefined,\n children: ReactElement\n): Promise<ReactElement> {\n try {\n await withSpan('timber.access', { 'timber.segment': segmentName ?? 'unknown' }, async () => {\n try {\n await accessFn();\n await setSpanAttribute('timber.result', 'pass');\n } catch (error: unknown) {\n if (error instanceof DenySignal) {\n await setSpanAttribute('timber.result', 'deny');\n await setSpanAttribute('timber.deny_status', error.status);\n if (error.sourceFile) {\n await setSpanAttribute('timber.deny_file', error.sourceFile);\n }\n } else if (error instanceof RedirectSignal) {\n await setSpanAttribute('timber.result', 'redirect');\n }\n throw error;\n }\n });\n } catch (error: unknown) {\n // Catch DenySignal and render the deny page in-tree.\n // No throw reaches React Flight — clean stream, single render pass.\n // RedirectSignal and other errors propagate normally.\n if (error instanceof DenySignal && denyPages) {\n const denyElement = renderMatchingDenyPage(denyPages, error.status, error.data);\n if (denyElement) {\n setDenyStatus(error.status);\n return denyElement;\n }\n }\n throw error;\n }\n\n return children;\n}\n\n// ─── SlotAccessGate ─────────────────────────────────────────────────────────\n\n/\n Framework-injected access gate for parallel slots.\n \n On denial, graceful degradation: denied.tsx → default.tsx → null.\n * The HTTP status code is unaffected — slot denial is a UI concern, not\n * a protocol concern. The parent layout and sibling slots still render.\n \n DeniedComponent is passed instead of a pre-built element so that\n * DenySignal.data can be forwarded as the dangerouslyPassData prop\n * and the slot name can be passed as the slot prop. See TIM-488.\n \n redirect() in slot access.ts is a dev-mode error — redirecting from a\n * slot doesn't make architectural sense.\n /\nexport async function SlotAccessGate(props: SlotAccessGateProps): Promise<ReactElement> {\n const { accessFn, DeniedComponent, slotName, createElement, defaultFallback, children } = props;\n\n try {\n await accessFn();\n } catch (error: unknown) {\n // DenySignal → graceful degradation (denied.tsx → default.tsx → null)\n // Build the denied element dynamically so DenySignal.data is forwarded.\n if (error instanceof DenySignal) {\n return (\n buildDeniedFallback(DeniedComponent, slotName, error.data, createElement) ??\n defaultFallback ??\n null\n );\n }\n\n // RedirectSignal in slot access → dev-mode error.\n // Slot access should use deny(), not redirect(). Redirecting from a\n // slot would redirect the entire page, which breaks the contract that\n // slot failure is graceful degradation.\n if (error instanceof RedirectSignal) {\n if (isDebug()) {\n console.error(\n '[timber] redirect() is not allowed in slot access.ts. ' +\n 'Slots use deny() for graceful degradation — denied.tsx → default.tsx → null. ' +\n \"If you need to redirect, move the logic to the parent segment's access.ts.\"\n );\n }\n // In production, treat as a deny — render fallback rather than crash.\n return (\n buildDeniedFallback(DeniedComponent, slotName, undefined, createElement) ??\n defaultFallback ??\n null\n );\n }\n\n // Unhandled error — re-throw so error boundaries can catch it.\n // Dev-mode warning: slot access should use deny(), not throw.\n if (isDebug()) {\n console.warn(\n '[timber] Unhandled error in slot access.ts. ' +\n 'Use deny() for access control, not unhandled throws.',\n error\n );\n }\n throw error;\n }\n\n // Access passed — render slot content.\n return children;\n}\n\n/\n Build the denied fallback element dynamically with DenySignal data.\n * Returns null if no DeniedComponent is available.\n /\nfunction buildDeniedFallback(\n DeniedComponent: SlotAccessGateProps['DeniedComponent'],\n slotName: string,\n data: unknown,\n createElement: SlotAccessGateProps['createElement']\n): ReactElement \| null {\n if (!DeniedComponent) return null;\n return createElement(DeniedComponent, {\n slot: slotName,\n dangerouslyPassData: data,\n });\n}\n","/\n Route Element Builder — constructs a React element tree from a matched route.\n \n Extracted from rsc-entry.ts to enable reuse by the revalidation renderer\n * (which needs the element tree without RSC serialization) and to keep\n * rsc-entry.ts under the 500-line limit.\n \n This module handles:\n * 1. Loading page/layout components from the segment chain\n * 2. Collecting access.ts checks (executed inside render by AccessPreRunner)\n * 3. Resolving metadata (static object or async function, both exported as `metadata`)\n * 4. Building the React element tree (page → error boundaries → access gates → layouts)\n * 5. Resolving parallel slots\n * 6. Wrapping the tree with AccessPreRunner for React.cache-scoped access checks\n \n See design/02-rendering-pipeline.md, design/04-authorization.md\n /\n\nimport { createElement } from 'react';\n\nimport { withSpan } from './tracing.js';\nimport type { RouteMatch } from './pipeline.js';\nimport type { ManifestSegmentNode } from './route-matcher.js';\nimport { resolveMetadata, renderMetadataToElements } from './metadata.js';\nimport type { HeadElement as MetadataHeadElement } from './metadata.js';\nimport type { Metadata } from './types.js';\nimport { METADATA_ROUTE_CONVENTIONS, getMetadataRouteAutoLink } from './metadata-routes.js';\nimport { DenySignal, RedirectSignal } from './primitives.js';\nimport { AccessGate } from './access-gate.js';\nimport { PageDenyBoundary } from './page-deny-boundary.js';\nimport { buildDenyPageChain, renderMatchingDenyPage, setDenyStatus } from './deny-page-resolver.js';\nimport type { DenyPageEntry } from './deny-page-resolver.js';\nimport { resolveSlotElement } from './slot-resolver.js';\nimport { SegmentProvider } from '../client/segment-context.js';\n\nimport { wrapSegmentWithErrorBoundaries } from './error-boundary-wrapper.js';\nimport type { InterceptionContext } from './pipeline.js';\nimport { shouldSkipSegment } from './state-tree-diff.js';\nimport { loadModule } from './safe-load.js';\n\n// ─── Client Reference Detection ──────────────────────────────────────────\n\n/\n Symbol used by React Flight to mark client references.\n * Client references are proxy objects created by @vitejs/plugin-rsc for\n * 'use client' modules in the RSC environment. They must be passed to\n * createElement() — calling them as functions throws:\n * \"Unexpectedly client reference export 'default' is called on server\"\n /\nconst CLIENT_REFERENCE_TAG = Symbol.for('react.client.reference');\n\n/\n Detect whether a component is a React client reference.\n * Client references have $$typeof set to Symbol.for('react.client.reference')\n * by registerClientReference() in the React Flight server runtime.\n \n Used to skip OTEL tracing wrappers that would call the component as a\n * function. Client components must go through createElement only — they are\n * serialized as references in the RSC Flight stream, not executed on the server.\n /\nexport function isClientReference(component: unknown): boolean {\n return (\n component != null &&\n typeof component === 'function' &&\n (component as unknown as Record<string, unknown>).$$typeof === CLIENT_REFERENCE_TAG\n );\n}\n\n// ─── Param Coercion Error ─────────────────────────────────────────────────\n\n/\n Thrown when a defineSegmentParams codec's parse() fails.\n * The pipeline catches this and responds with 404.\n /\nexport class ParamCoercionError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'ParamCoercionError';\n }\n}\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/* Head element for client-side metadata updates. /\nexport interface HeadElement {\n tag: string;\n content?: string;\n attrs?: Record<string, string \| null>;\n}\n\n/* Layout entry with component and segment. /\nexport interface LayoutComponentEntry {\n component: (...args: unknown[]) => unknown;\n segment: ManifestSegmentNode;\n}\n\n/* Result of building a route element tree. /\nexport interface RouteElementResult {\n /* The React element tree (page wrapped in layouts, access gates, error boundaries). /\n element: React.ReactElement;\n /* Resolved head elements for metadata. /\n headElements: HeadElement[];\n /* Layout components loaded along the segment chain. /\n layoutComponents: LayoutComponentEntry[];\n /* Segments from the route match. /\n segments: ManifestSegmentNode[];\n /* Max deferSuspenseFor hold window across all segments. /\n deferSuspenseFor: number;\n /\n Segment paths that were skipped because the client already has them cached.\n * Ordered outermost to innermost. Empty when no segments were skipped.\n * The client uses this to merge the partial payload with cached segments.\n * See design/19-client-navigation.md §\"X-Timber-State-Tree Header\"\n /\n skippedSegments: string[];\n}\n\n/\n Wraps a DenySignal or RedirectSignal with the layout components loaded\n * so far, enabling the caller to render deny pages inside the layout shell.\n \n @deprecated No longer thrown by buildRouteElement since TIM-662. Access\n * checks now run inside AccessPreRunner during renderToReadableStream, and\n * signals are caught by onError. Kept for backward compat with external code.\n /\nexport class RouteSignalWithContext extends Error {\n constructor(\n public readonly signal: DenySignal \| RedirectSignal,\n public readonly layoutComponents: LayoutComponentEntry[],\n public readonly segments: ManifestSegmentNode[]\n ) {\n super(signal.message);\n }\n}\n\n// ─── Module Processing Helpers ─────────────────────────────────────────────\n\n/\n Reject the legacy `generateMetadata` export with a helpful migration message.\n * Throws if the module exports `generateMetadata` instead of `metadata`.\n /\nfunction rejectLegacyGenerateMetadata(mod: Record<string, unknown>, filePath: string): void {\n if ('generateMetadata' in mod) {\n throw new Error(\n `${filePath}: \"generateMetadata\" is not a valid export. ` +\n `Export an async function named \"metadata\" instead.\\n\\n` +\n ` // Before\\n` +\n ` export async function generateMetadata({ params }) { ... }\\n\\n` +\n ` // After\\n` +\n ` export async function metadata() { ... }`\n );\n }\n}\n\n/\n Extract and resolve metadata from a module (layout or page).\n * Handles both static metadata objects and async metadata functions.\n * Returns the resolved Metadata, or null if none exported.\n \n Metadata functions no longer receive { params } — they access params\n * via getSegmentParams() from ALS, same as page/layout components.\n /\nasync function extractMetadata(\n mod: Record<string, unknown>,\n segment: ManifestSegmentNode\n): Promise<Metadata \| null> {\n if (typeof mod.metadata === 'function') {\n type MetadataFn = () => Promise<Metadata>;\n return (\n (await withSpan(\n 'timber.metadata',\n { 'timber.segment': segment.segmentName ?? segment.urlPath },\n () => (mod.metadata as MetadataFn)()\n )) ?? null\n );\n }\n if (mod.metadata) {\n return mod.metadata as Metadata;\n }\n return null;\n}\n\n/\n Extract `deferSuspenseFor` from a module and return the maximum\n * of the current value and the module's value.\n /\nfunction extractDeferSuspenseFor(mod: Record<string, unknown>, current: number): number {\n if (typeof mod.deferSuspenseFor === 'number' && mod.deferSuspenseFor > current) {\n return mod.deferSuspenseFor;\n }\n return current;\n}\n\n// ─── Builder ──────────────────────────────────────────────────────────────\n\n/\n Build a React element tree from a matched route.\n \n Loads modules, runs access checks, resolves metadata, and constructs\n * the element tree. DenySignal and RedirectSignal propagate to the caller\n * for HTTP-level handling.\n \n Does NOT serialize to RSC Flight — the caller decides whether to render\n * to a stream or use the element directly (e.g., for action revalidation).\n \n Access checks are collected but NOT executed here. They run inside\n * AccessPreRunner during renderToReadableStream so that access.ts and\n * render components share the same React.cache scope (TIM-662).\n /\nexport async function buildRouteElement(\n req: Request,\n match: RouteMatch,\n interception?: InterceptionContext,\n clientStateTree?: Set<string> \| null\n): Promise<RouteElementResult> {\n const segments = match.segments as unknown as ManifestSegmentNode[];\n\n // Load all modules along the segment chain\n const metadataEntries: Array<{ metadata: Metadata; isPage: boolean }> = [];\n const layoutComponents: LayoutComponentEntry[] = [];\n let PageComponent: ((...args: unknown[]) => unknown) \| null = null;\n let deferSuspenseFor = 0;\n\n for (let i = 0; i < segments.length; i++) {\n const segment = segments[i];\n const isLeaf = i === segments.length - 1;\n\n // Load layout\n if (segment.layout) {\n const mod = await loadModule(segment.layout);\n if (mod.default) {\n layoutComponents.push({\n component: mod.default as (...args: unknown[]) => unknown,\n segment,\n });\n }\n\n // Param coercion is handled in the pipeline (Stage 2c) before\n // middleware and rendering. See coerceSegmentParams() in pipeline.ts.\n\n rejectLegacyGenerateMetadata(mod, segment.layout.filePath ?? segment.urlPath);\n const layoutMetadata = await extractMetadata(mod, segment);\n if (layoutMetadata) {\n metadataEntries.push({ metadata: layoutMetadata, isPage: false });\n }\n deferSuspenseFor = extractDeferSuspenseFor(mod, deferSuspenseFor);\n }\n\n // Load page (leaf segment only)\n if (isLeaf && segment.page) {\n const mod = await loadModule(segment.page);\n\n // Param coercion is handled in the pipeline (Stage 2c) before\n // middleware and rendering. See coerceSegmentParams() in pipeline.ts.\n\n if (mod.default) {\n PageComponent = mod.default as (...args: unknown[]) => unknown;\n }\n rejectLegacyGenerateMetadata(mod, segment.page.filePath ?? segment.urlPath);\n const pageMetadata = await extractMetadata(mod, segment);\n if (pageMetadata) {\n metadataEntries.push({ metadata: pageMetadata, isPage: true });\n }\n deferSuspenseFor = extractDeferSuspenseFor(mod, deferSuspenseFor);\n }\n }\n\n if (!PageComponent) {\n throw new Error(`No page component found for route: ${new URL(req.url).pathname}`);\n }\n\n // Access checks are NOT run here. AccessGate components in the element\n // tree call accessFn directly during renderToReadableStream, sharing the\n // same React.cache scope as layout/page components. A requireUser() call\n // in access.ts populates React.cache; the same call in a layout is a hit.\n //\n // Previously (before TIM-662), access checks ran eagerly in a pre-render\n // loop OUTSIDE renderToReadableStream, breaking React.cache dedup.\n //\n // See design/04-authorization.md §\"Pre-Render Pass and Verdict Replay\"\n\n // Build deny page fallback chains for each segment position.\n // When AccessGate or PageDenyBoundary catches a DenySignal, they render\n // the matching deny page in-tree instead of throwing into React Flight.\n // The chain walks from the current segment outward to root, collecting\n // status-code files (403.tsx → 4xx.tsx → error.tsx) in fallback order.\n // See TIM-666.\n const denyPageChains = new Map<number, DenyPageEntry[]>();\n for (let i = 0; i < segments.length; i++) {\n const chain = await buildDenyPageChain(segments, i);\n if (chain.length > 0) {\n denyPageChains.set(i, chain);\n }\n }\n\n // Resolve metadata\n const resolvedMetadata = resolveMetadata(metadataEntries);\n const headElements = renderMetadataToElements(resolvedMetadata);\n\n // Auto-link metadata route files (icon, apple-icon, manifest) from segments.\n // See design/16-metadata.md §\"Auto-Linking\"\n for (const segment of segments) {\n if (!segment.metadataRoutes) continue;\n for (const baseName of Object.keys(segment.metadataRoutes)) {\n const convention = METADATA_ROUTE_CONVENTIONS[baseName];\n if (!convention) continue;\n // Non-nestable routes only auto-link from root\n if (!convention.nestable && segment.urlPath !== '/') continue;\n // Build the href: segment urlPath + serve path\n const prefix = segment.urlPath === '/' ? '' : segment.urlPath;\n const href = `${prefix}/${convention.servePath}`;\n const autoLink = getMetadataRouteAutoLink(convention.type, href);\n if (autoLink) {\n const attrs: Record<string, string> = { rel: autoLink.rel, href: autoLink.href };\n if (autoLink.type) attrs.type = autoLink.type;\n headElements.push({ tag: 'link', attrs } as MetadataHeadElement);\n }\n }\n }\n\n // Build element tree: page wrapped in layouts (innermost to outermost)\n const h = createElement as (...args: unknown[]) => React.ReactElement;\n\n // Build the page element.\n // Client references ('use client' pages) must NOT be called as functions —\n // they are proxy objects that throw when invoked. They must go through\n // createElement only, which serializes them as client references in the\n // RSC Flight stream. OTEL tracing is skipped for client components.\n // See TIM-627 for the original bug.\n // Build the page element.\n // Server component pages are wrapped in PageDenyBoundary which calls\n // them as async functions and catches DenySignal — rendering the deny\n // page in-tree instead of throwing into React Flight. This eliminates\n // the second render pass for deny pages. See TIM-666.\n //\n // Client reference pages ('use client') can't call deny() (server-only),\n // so they go through createElement normally — no wrapper needed.\n const leafIndex = segments.length - 1;\n const leafDenyPages = denyPageChains.get(leafIndex);\n let element: React.ReactElement;\n if (isClientReference(PageComponent)) {\n element = h(PageComponent, {});\n } else if (leafDenyPages && leafDenyPages.length > 0) {\n // Server component page WITH deny page chain — wrap in PageDenyBoundary\n element = h(PageDenyBoundary, {\n Page: PageComponent,\n route: match.segments[leafIndex]?.urlPath ?? '/',\n denyPages: leafDenyPages,\n });\n } else {\n // Server component page WITHOUT deny page chain — trace only\n const TracedPage = async (props: Record<string, unknown>) => {\n return withSpan(\n 'timber.page',\n { 'timber.route': match.segments[leafIndex]?.urlPath ?? '/' },\n () => (PageComponent as (props: Record<string, unknown>) => unknown)(props)\n );\n };\n element = h(TracedPage, {});\n }\n\n // Build a lookup of layout components by segment for O(1) access.\n const layoutBySegment = new Map(\n layoutComponents.map(({ component, segment }) => [segment, component])\n );\n\n // Track which segments were skipped for the X-Timber-Skipped-Segments header.\n // The client uses this to merge the partial payload with its cached segments.\n const skippedSegments: string[] = [];\n\n // Wrap from innermost (leaf) to outermost (root), processing every\n // segment in the chain. Each segment may contribute:\n // 1. Error boundaries (status files + error.tsx)\n // 2. Layout component — wraps children + parallel slots\n // 3. SegmentProvider — records position for useSelectedLayoutSegment\n //\n // When clientStateTree is provided (from X-Timber-State-Tree header on\n // client navigation), sync layouts the client already has are skipped.\n // Access.ts already ran for ALL segments in the pre-render loop above.\n // See design/19-client-navigation.md §\"X-Timber-State-Tree Header\"\n //\n // hasRenderedLayoutBelow tracks whether a non-skipped layout has been\n // seen below the current segment. A segment can ONLY be skipped if\n // there is a rendered layout below it — the client merger can only\n // replace inner SegmentProviders (client component boundaries), not\n // page content embedded in a layout's server-rendered output.\n // Without this guard, skipping the innermost layout causes the merger\n // to drop the layout entirely and replace it with just the page.\n let hasRenderedLayoutBelow = false;\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n const isLeaf = i === segments.length - 1;\n const layoutComponent = layoutBySegment.get(segment);\n\n // Check if this segment's layout can be skipped for partial rendering.\n // Skipped segments: no layout wrapping, no error boundaries, no slots,\n // no AccessGate in element tree (access already ran pre-render).\n //\n // Additional constraints beyond shouldSkipSegment:\n // - Must have a rendered layout below (so the merger can find an\n // inner SegmentProvider to splice the new content into)\n // - Route groups are never skipped because sibling groups share the\n // same urlPath (e.g., /(marketing) and /(app) both have \"/\"),\n // which would cause the wrong cached layout to be reused\n const skip =\n shouldSkipSegment(segment.urlPath, layoutComponent, isLeaf, clientStateTree ?? null) &&\n hasRenderedLayoutBelow &&\n segment.segmentType !== 'group';\n\n if (skip) {\n // Skip this segment's layout/error boundaries — the client uses its cached version.\n // Metadata was already resolved above (head elements are correct).\n // Record for X-Timber-Skipped-Segments header (outermost first, so prepend).\n skippedSegments.unshift(segment.urlPath);\n\n // SECURITY: Even though the layout is skipped, AccessGate MUST still\n // wrap the element tree. access.ts runs on every navigation regardless\n // of cached layouts or state tree content.\n // See design/13-security.md §\"Auth always runs\" (test #11).\n if (segment.access) {\n const accessMod = await loadModule(segment.access);\n const accessFn = accessMod.default as (() => unknown) \| undefined;\n if (accessFn) {\n element = h(AccessGate, {\n accessFn,\n segmentName: segment.segmentName,\n denyPages: denyPageChains.get(i),\n children: element,\n });\n }\n }\n\n continue;\n }\n\n // This segment is rendered — mark that future (outer) segments have\n // a rendered layout below them and can safely be skipped.\n if (layoutComponent) {\n hasRenderedLayoutBelow = true;\n }\n\n // Wrap with error boundaries from this segment (inside layout).\n // Keep ALL error boundaries (including 4xx) — they're the safety net for\n // DenySignal from nested server components that escape AccessGate/PageDenyBoundary\n // try/catch. Status-code files must be 'use client' TSX or MDX to serialize\n // as error boundary fallbacks. See TIM-666.\n element = await wrapSegmentWithErrorBoundaries(segment, element, h);\n\n // Wrap with layout BEFORE AccessGate — AccessGate is OUTSIDE the layout.\n // When AccessGate denies, the layout never renders. The deny page appears\n // at the AccessGate level, wrapped by PARENT layouts only.\n // This prevents leaking layout UI (sidebars, nav) on denied pages.\n // See design/04-authorization.md §\"Access Failure\".\n if (layoutComponent) {\n // Resolve parallel slots for this layout\n const slotProps: Record<string, unknown> = {};\n const slotEntries = Object.entries(segment.slots ?? {});\n for (const [slotName, slotNode] of slotEntries) {\n slotProps[slotName] = await resolveSlotElement(\n slotNode as ManifestSegmentNode,\n match,\n h,\n interception\n );\n }\n\n const segmentPath = segment.urlPath.split('/');\n const parallelRouteKeys = Object.keys(segment.slots ?? {});\n\n // For route groups, urlPath is shared with the parent (both \"/\"),\n // so include the group name to distinguish them. Used for both OTEL\n // span labels and client-side element caching (segmentId).\n const segmentId =\n segment.segmentType === 'group'\n ? `${segment.urlPath === '/' ? '' : segment.urlPath}/${segment.segmentName}`\n : segment.urlPath;\n\n // Build the layout element.\n // Same client reference guard as pages — client layouts must not be\n // called as functions. OTEL tracing is skipped for client components.\n let layoutElement: React.ReactElement;\n if (isClientReference(layoutComponent)) {\n layoutElement = h(layoutComponent, {\n ...slotProps,\n children: element,\n });\n } else {\n // Server component layout — wrap with OTEL tracing AND DenySignal\n // catching. If the layout calls deny(), the signal is caught here\n // and the matching deny page renders in-tree (same pattern as\n // AccessGate and PageDenyBoundary). Without this, DenySignal\n // escapes to React Flight onError and triggers the re-render\n // fallback path. See TIM-668, design/04-authorization.md.\n const layoutComponentRef = layoutComponent;\n const layoutDenyPages = denyPageChains.get(i);\n const TracedLayout = async (props: Record<string, unknown>) => {\n try {\n return await withSpan('timber.layout', { 'timber.segment': segmentId }, () =>\n (layoutComponentRef as (props: Record<string, unknown>) => unknown)(props)\n );\n } catch (error: unknown) {\n if (error instanceof DenySignal && layoutDenyPages) {\n const denyElement = renderMatchingDenyPage(layoutDenyPages, error.status, error.data);\n if (denyElement) {\n setDenyStatus(error.status);\n return denyElement;\n }\n }\n // Non-deny errors (RedirectSignal, runtime errors) propagate normally.\n throw error;\n }\n };\n layoutElement = h(TracedLayout, {\n ...slotProps,\n children: element,\n });\n }\n\n element = h(SegmentProvider, {\n segments: segmentPath,\n segmentId,\n parallelRouteKeys,\n children: layoutElement,\n });\n }\n\n // Wrap in AccessGate OUTSIDE the layout.\n // If access denies, the deny page renders here — the layout above\n // never executes. Parent layouts (from outer iterations) form the shell.\n // See TIM-662, TIM-666, design/04-authorization.md §\"Access Failure\".\n if (segment.access) {\n const accessMod = await loadModule(segment.access);\n const accessFn = accessMod.default as (() => unknown) \| undefined;\n if (accessFn) {\n element = h(AccessGate, {\n accessFn,\n segmentName: segment.segmentName,\n denyPages: denyPageChains.get(i),\n children: element,\n });\n }\n }\n }\n\n return {\n element,\n headElements: headElements as HeadElement[],\n layoutComponents,\n segments,\n deferSuspenseFor,\n skippedSegments,\n };\n}\n","/\n Version Skew Detection — graceful recovery when stale clients hit new deployments.\n \n When a new version of the app is deployed, clients with open tabs still have\n * the old JavaScript bundle. Without version skew handling, these stale clients\n * will experience:\n \n 1. Server action calls that crash (action IDs are content-hashed)\n * 2. Chunk load failures (old filenames gone from CDN)\n * 3. RSC payload mismatches (component references differ between builds)\n \n This module implements deployment ID comparison:\n * - A per-build deployment ID is generated at build time (see build-manifest.ts)\n * - The client sends it via `X-Timber-Deployment-Id` header on every RSC/action request\n * - The server compares it against the current build's ID\n * - On mismatch: signal the client to reload (not crash)\n \n The deployment ID is always-on in production. Dev mode skips the check\n * (HMR handles code updates without full reloads).\n \n See design/25-production-deployments.md, TIM-446\n /\n\n// ─── Constants ───────────────────────────────────────────────────\n\n/* Header sent by the client with every RSC/action request. /\nexport const DEPLOYMENT_ID_HEADER = 'X-Timber-Deployment-Id';\n\n/* Response header that signals the client to do a full page reload. /\nexport const RELOAD_HEADER = 'X-Timber-Reload';\n\n// ─── Deployment ID ───────────────────────────────────────────────\n\n/\n The current build's deployment ID. Set at startup from the manifest init\n * module (globalThis.__TIMBER_DEPLOYMENT_ID__). Null in dev mode.\n /\nlet currentDeploymentId: string \| null = null;\n\n/\n Set the current deployment ID. Called once at server startup from the\n * manifest init module. In dev mode this is never called (deployment ID\n * checks are skipped).\n /\nexport function setDeploymentId(id: string): void {\n currentDeploymentId = id;\n}\n\n/\n Get the current deployment ID. Returns null in dev mode.\n /\nexport function getDeploymentId(): string \| null {\n return currentDeploymentId;\n}\n\n// ─── Skew Detection ──────────────────────────────────────────────\n\n/* Result of a version skew check. /\nexport interface SkewCheckResult {\n /* Whether the client's deployment ID matches the server's. /\n ok: boolean;\n /* The client's deployment ID (null if header not sent — e.g., initial page load). /\n clientId: string \| null;\n}\n\n/\n Check if a request's deployment ID matches the current build.\n \n Returns `{ ok: true }` when:\n * - Dev mode (no deployment ID set — HMR handles updates)\n * - No deployment ID header (initial page load, non-RSC request)\n * - Deployment IDs match\n \n Returns `{ ok: false }` when:\n * - Client sends a deployment ID that differs from the current build\n /\nexport function checkVersionSkew(req: Request): SkewCheckResult {\n // Dev mode — no deployment ID checks (HMR handles updates)\n if (!currentDeploymentId) {\n return { ok: true, clientId: null };\n }\n\n const clientId = req.headers.get(DEPLOYMENT_ID_HEADER);\n\n // No header — initial page load or non-RSC request. Always OK.\n if (!clientId) {\n return { ok: true, clientId: null };\n }\n\n // Compare deployment IDs\n if (clientId === currentDeploymentId) {\n return { ok: true, clientId };\n }\n\n return { ok: false, clientId };\n}\n\n/\n Apply version skew reload headers to a response.\n * Sets X-Timber-Reload: 1 to signal the client to do a full page reload.\n /\nexport function applyReloadHeaders(headers: Headers): void {\n headers.set(RELOAD_HEADER, '1');\n}\n","/\n Metadata route helpers for the request pipeline.\n \n Handles serving static metadata files and serializing sitemap responses.\n * Extracted from pipeline.ts to keep files under 500 lines.\n \n See design/16-metadata.md §\"Metadata Routes\"\n /\n\nimport { readFile } from 'node:fs/promises';\n\n/\n Content types that are text-based and should include charset=utf-8.\n * Binary formats (images) should not include charset.\n /\nconst TEXT_CONTENT_TYPES = new Set([\n 'application/xml',\n 'text/plain',\n 'application/json',\n 'application/manifest+json',\n 'image/svg+xml',\n]);\n\n/\n Serve a static metadata file by reading it from disk.\n \n Static metadata route files (.xml, .txt, .json, .png, .ico, .svg, etc.)\n * are served as-is with the appropriate Content-Type header.\n * Text files include charset=utf-8; binary files do not.\n \n See design/16-metadata.md §\"Metadata Routes\"\n /\nexport async function serveStaticMetadataFile(\n metaMatch: import('./route-matcher.js').MetadataRouteMatch\n): Promise<Response> {\n const { contentType, file } = metaMatch;\n const isText = TEXT_CONTENT_TYPES.has(contentType);\n\n const body = await readFile(file.filePath);\n\n const headers: Record<string, string> = {\n 'Content-Type': isText ? `${contentType}; charset=utf-8` : contentType,\n 'Content-Length': String(body.byteLength),\n };\n\n return new Response(body, { status: 200, headers });\n}\n\n/\n Serialize a sitemap array to XML.\n * Follows the sitemap.org protocol: https://www.sitemaps.org/protocol.html\n /\nexport function serializeSitemap(\n entries: Array<{\n url: string;\n lastModified?: string \| Date;\n changeFrequency?: string;\n priority?: number;\n }>\n): string {\n const urls = entries\n .map((e) => {\n let xml = ` <url>\\n <loc>${escapeXml(e.url)}</loc>`;\n if (e.lastModified) {\n const date = e.lastModified instanceof Date ? e.lastModified.toISOString() : e.lastModified;\n xml += `\\n <lastmod>${escapeXml(date)}</lastmod>`;\n }\n if (e.changeFrequency) {\n xml += `\\n <changefreq>${escapeXml(e.changeFrequency)}</changefreq>`;\n }\n if (e.priority !== undefined) {\n xml += `\\n <priority>${e.priority}</priority>`;\n }\n xml += '\\n </url>';\n return xml;\n })\n .join('\\n');\n\n return `<?xml version=\"1.0\" encoding=\"UTF-8\"?>\\n<urlset xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\">\\n${urls}\\n</urlset>`;\n}\n\n/\n Serialize a sitemap index (list of sub-sitemap URLs) to XML.\n * Used for pagination when the total URL count exceeds 50,000.\n * Follows the sitemap.org protocol: https://www.sitemaps.org/protocol.html\n /\nexport function serializeSitemapIndex(sitemapUrls: string[]): string {\n const sitemaps = sitemapUrls\n .map((url) => ` <sitemap>\\n <loc>${escapeXml(url)}</loc>\\n </sitemap>`)\n .join('\\n');\n\n return `<?xml version=\"1.0\" encoding=\"UTF-8\"?>\\n<sitemapindex xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\">\\n${sitemaps}\\n</sitemapindex>`;\n}\n\n/* Escape special XML characters. /\nexport function escapeXml(str: string): string {\n return str\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>')\n .replace(/\"/g, '"')\n .replace(/'/g, ''');\n}\n","/\n Interception route matching for the request pipeline.\n \n Matches target URLs against interception rewrites to support the\n * modal route pattern (soft navigation intercepts).\n \n Extracted from pipeline.ts to keep files under 500 lines.\n \n See design/07-routing.md §\"Intercepting Routes\"\n /\n\nimport { classifyUrlSegment } from '../routing/segment-classify.js';\n\n/* Result of a successful interception match. /\nexport interface InterceptionMatchResult {\n /* The pathname to re-match (the source/intercepting route's parent). /\n sourcePathname: string;\n}\n\n/\n Check if an intercepting route applies for this soft navigation.\n \n Matches the target pathname against interception rewrites, constrained\n * by the source URL (X-Timber-URL header — where the user navigates FROM).\n \n Returns the source pathname to re-match if interception applies, or null.\n /\nexport function findInterceptionMatch(\n targetPathname: string,\n sourceUrl: string,\n rewrites: import('../routing/interception.js').InterceptionRewrite[]\n): InterceptionMatchResult \| null {\n for (const rewrite of rewrites) {\n // Check if the source URL starts with the intercepting prefix\n if (!sourceUrl.startsWith(rewrite.interceptingPrefix)) continue;\n\n // Check if the target URL matches the intercepted pattern.\n // Dynamic segments in the pattern match any single URL segment.\n if (pathnameMatchesPattern(targetPathname, rewrite.interceptedPattern)) {\n return { sourcePathname: rewrite.interceptingPrefix };\n }\n }\n return null;\n}\n\n/\n Check if a pathname matches a URL pattern with dynamic segments.\n \n Supports [param] (single segment) and [...param] (one or more segments).\n * Static segments must match exactly.\n /\nexport function pathnameMatchesPattern(pathname: string, pattern: string): boolean {\n const pathParts = pathname === '/' ? [] : pathname.slice(1).split('/');\n const patternParts = pattern === '/' ? [] : pattern.slice(1).split('/');\n\n let pi = 0;\n for (let i = 0; i < patternParts.length; i++) {\n const seg = classifyUrlSegment(patternParts[i]);\n\n switch (seg.kind) {\n case 'catch-all':\n return pi < pathParts.length;\n case 'optional-catch-all':\n return true;\n case 'dynamic':\n if (pi >= pathParts.length) return false;\n pi++;\n continue;\n case 'static':\n if (pi >= pathParts.length \|\| pathParts[pi] !== seg.value) return false;\n pi++;\n continue;\n }\n }\n\n return pi === pathParts.length;\n}\n","/\n Request pipeline — the central dispatch for all timber.js requests.\n \n Pipeline stages (in order):\n * proxy.ts → canonicalize → route match → 103 Early Hints → middleware.ts → render\n \n Each stage is a pure function or returns a Response to short-circuit.\n * Each request gets a trace ID, structured logging, and OTEL spans.\n \n See design/07-routing.md §\"Request Lifecycle\", design/02-rendering-pipeline.md §\"Request Flow\",\n * and design/17-logging.md §\"Production Logging\"\n /\n\nimport { canonicalize } from './canonicalize.js';\nimport { runProxy, type ProxyExport } from './proxy.js';\nimport { runMiddlewareChain, type MiddlewareFn } from './middleware-runner.js';\nimport { runWithTimingCollector, withTiming, getServerTimingHeader } from './server-timing.js';\nimport {\n runWithRequestContext,\n applyRequestHeaderOverlay,\n setMutableCookieContext,\n getSetCookieHeaders,\n markResponseFlushed,\n setSegmentParams,\n} from './request-context.js';\nimport {\n generateTraceId,\n runWithTraceId,\n getOtelTraceId,\n replaceTraceId,\n withSpan,\n setSpanAttribute,\n getTraceId,\n} from './tracing.js';\nimport {\n logRequestReceived,\n logRequestCompleted,\n logSlowRequest,\n logProxyError,\n logMiddlewareError,\n logMiddlewareShortCircuit,\n logRenderError,\n} from './logger.js';\nimport { callOnRequestError } from './instrumentation.js';\nimport { RedirectSignal, DenySignal } from './primitives.js';\nimport { ParamCoercionError } from './route-element-builder.js';\nimport { checkVersionSkew, applyReloadHeaders } from './version-skew.js';\nimport { serveStaticMetadataFile, serializeSitemap } from './pipeline-metadata.js';\nimport { loadModule } from './safe-load.js';\nimport { findInterceptionMatch } from './pipeline-interception.js';\nimport type { MiddlewareContext } from './types.js';\nimport type { SegmentNode } from '../routing/types.js';\n\n// ─── Prototype-Pollution-Safe Merge ────────────────────────────────────────\n\n/* Keys that must never be merged via Object.assign — they pollute Object.prototype. /\nconst DANGEROUS_KEYS = new Set(['__proto__', 'constructor', 'prototype']);\n\n/\n Shallow merge that skips prototype-polluting keys.\n \n Used instead of Object.assign when the source object comes from\n * user-authored codec output (segmentParams.parse), which could\n * contain __proto__, constructor, or prototype keys.\n \n See TIM-655, design/13-security.md\n /\nexport function safeMerge(target: Record<string, unknown>, source: Record<string, unknown>): void {\n for (const key of Object.keys(source)) {\n if (!DANGEROUS_KEYS.has(key)) {\n target[key] = source[key];\n }\n }\n}\n\n// ─── Route Match Result ────────────────────────────────────────────────────\n\n/* Result of matching a canonical pathname against the route tree. /\nexport interface RouteMatch {\n /* The matched segment chain from root to leaf. /\n segments: SegmentNode[];\n /* Extracted segment params (catch-all segments produce string[]). /\n segmentParams: Record<string, string \| string[]>;\n /* Middleware chain from the segment tree, ordered root-to-leaf. /\n middlewareChain: MiddlewareFn[];\n}\n\n/* Function that matches a canonical pathname to a route. /\nexport type RouteMatcher = (pathname: string) => RouteMatch \| null;\n\n/* Function that matches a canonical pathname to a metadata route. /\nexport type MetadataRouteMatcher = (\n pathname: string\n) => import('./route-matcher.js').MetadataRouteMatch \| null;\n\n/* Context for intercepting route resolution (modal pattern). /\nexport interface InterceptionContext {\n /* The URL the user is navigating TO (the intercepted route). /\n targetPathname: string;\n}\n\n/* Function that renders a matched route into a Response. /\nexport type RouteRenderer = (\n req: Request,\n match: RouteMatch,\n responseHeaders: Headers,\n requestHeaderOverlay: Headers,\n interception?: InterceptionContext\n) => Response \| Promise<Response>;\n\n/* Function that sends 103 Early Hints for a matched route. /\nexport type EarlyHintsEmitter = (\n match: RouteMatch,\n req: Request,\n responseHeaders: Headers\n) => void \| Promise<void>;\n\n// ─── Pipeline Configuration ────────────────────────────────────────────────\n\nexport interface PipelineConfig {\n /* The proxy.ts default export (function or array). Undefined if no proxy.ts. /\n proxy?: ProxyExport;\n /* Lazy loader for proxy.ts — called per-request so HMR updates take effect. /\n proxyLoader?: () => Promise<{ default: ProxyExport }>;\n /* Route matcher — resolves a canonical pathname to a RouteMatch. /\n matchRoute: RouteMatcher;\n /* Metadata route matcher — resolves metadata route pathnames (sitemap.xml, robots.txt, etc.) /\n matchMetadataRoute?: MetadataRouteMatcher;\n /* Renderer — produces the final Response for a matched route. /\n render: RouteRenderer;\n /* Renderer for no-match 404 — renders 404.tsx in root layout. /\n renderNoMatch?: (req: Request, responseHeaders: Headers) => Response \| Promise<Response>;\n /* Early hints emitter — fires 103 hints after route match, before middleware. /\n earlyHints?: EarlyHintsEmitter;\n /* Whether to strip trailing slashes during canonicalization. Default: true. /\n stripTrailingSlash?: boolean;\n /* Slow request threshold in ms. Requests exceeding this emit a warning. 0 to disable. Default: 3000. /\n slowRequestMs?: number;\n /\n Interception rewrites — conditional routes for the modal pattern.\n * Generated at build time from intercepting route directories.\n * See design/07-routing.md §\"Intercepting Routes\"\n /\n interceptionRewrites?: import('../routing/interception.js').InterceptionRewrite[];\n /\n Control Server-Timing header output.\n \n - `'detailed'` — per-phase breakdown (proxy, middleware, render).\n * - `'total'` — single `total;dur=N` entry (production-safe).\n * - `false` — no Server-Timing header at all.\n \n Default: `'total'`.\n /\n serverTiming?: 'detailed' \| 'total' \| false;\n /\n Auto-generated sitemap handler. When provided, the pipeline intercepts\n * `/sitemap.xml` and `/sitemap/N.xml` requests and delegates to this\n * function. Returns a Response or null (pass-through to regular routing).\n \n See design/16-metadata.md §\"Auto-generated Sitemap\"\n /\n autoSitemapHandler?: (pathname: string) => Promise<Response \| null>;\n /\n Dev pipeline error callback — called when a pipeline phase (proxy,\n * middleware, render) catches an unhandled error. Used to wire the error\n * into the Vite browser error overlay in dev mode.\n \n Undefined in production — zero overhead.\n /\n onPipelineError?: (error: Error, phase: string) => void;\n\n /\n Fallback error renderer — called when a catastrophic error escapes the\n * render phase. Produces an HTML Response instead of a bare empty 500.\n \n In dev mode, this renders a styled error page with the error message\n * and stack trace. In production, this attempts to render the app's\n * error.tsx / 5xx.tsx / 500.tsx from the root segment.\n \n If this function throws, the pipeline falls back to a bare\n * `new Response(null, { status: 500 })`.\n /\n renderFallbackError?: (\n error: unknown,\n req: Request,\n responseHeaders: Headers\n ) => Response \| Promise<Response>;\n /\n Fallback deny page renderer — called when a DenySignal escapes from\n * middleware or the render phase. Renders the appropriate status-code\n * page (403.tsx, 404.tsx, etc.) instead of returning a bare empty response.\n \n If this function throws, the pipeline falls back to a bare\n * `new Response(null, { status: denyStatus })`.\n /\n renderDenyFallback?: (\n deny: DenySignal,\n req: Request,\n responseHeaders: Headers\n ) => Response \| Promise<Response>;\n}\n\n// ─── Param Coercion ────────────────────────────────────────────────────────\n\n/\n Run segment param coercion on the matched route's segments.\n \n Loads params.ts modules from segments that have them, extracts the\n * segmentParams definition, and coerces raw string params through codecs.\n * Throws ParamCoercionError if any codec fails (→ 404).\n \n This runs BEFORE middleware, so ctx.segmentParams is already typed.\n * See design/07-routing.md §\"Where Coercion Runs\"\n /\nexport async function coerceSegmentParams(match: RouteMatch): Promise<void> {\n const segments = match.segments as unknown as import('./route-matcher.js').ManifestSegmentNode[];\n\n for (const segment of segments) {\n // Only process segments that have a params.ts convention file\n if (!segment.params) continue;\n\n let mod: Record<string, unknown>;\n try {\n mod = await loadModule(segment.params);\n } catch (err) {\n throw new ParamCoercionError(\n `Failed to load params module for segment \"${segment.segmentName}\": ${err instanceof Error ? err.message : String(err)}`\n );\n }\n\n const segmentParamsDef = mod.segmentParams as\n \| { parse(raw: Record<string, string \| string[]>): Record<string, unknown> }\n \| undefined;\n\n if (!segmentParamsDef \|\| typeof segmentParamsDef.parse !== 'function') continue;\n\n try {\n const coerced = segmentParamsDef.parse(match.segmentParams);\n // Merge coerced values back — use safeMerge to prevent prototype pollution\n // from malicious/buggy codec output. See TIM-655.\n safeMerge(match.segmentParams, coerced as Record<string, unknown>);\n } catch (err) {\n throw new ParamCoercionError(err instanceof Error ? err.message : String(err));\n }\n }\n}\n\n// ─── Pipeline ──────────────────────────────────────────────────────────────\n\n/\n Create the request handler from a pipeline configuration.\n \n Returns a function that processes an incoming Request through all pipeline stages\n * and produces a Response. This is the top-level entry point for the server.\n /\nexport function createPipeline(config: PipelineConfig): (req: Request) => Promise<Response> {\n const {\n proxy,\n matchRoute,\n render,\n earlyHints,\n stripTrailingSlash = true,\n slowRequestMs = 3000,\n serverTiming = 'total',\n onPipelineError,\n } = config;\n\n // Concurrent request counter — tracks how many requests are in-flight.\n // Logged with each request for diagnosing resource contention.\n let activeRequests = 0;\n\n return async (req: Request): Promise<Response> => {\n const url = new URL(req.url);\n const method = req.method;\n const path = url.pathname;\n const startTime = performance.now();\n activeRequests++;\n\n // Establish per-request trace ID scope (design/17-logging.md §\"trace_id is Always Set\").\n // This runs before runWithRequestContext so traceId() is available from the\n // very first line of proxy.ts, middleware.ts, and all server code.\n const traceIdValue = generateTraceId();\n\n return runWithTraceId(traceIdValue, async () => {\n // Establish request context ALS scope so getHeaders() and getCookies() work\n // throughout the entire request lifecycle (proxy, middleware, render).\n return runWithRequestContext(req, async () => {\n // In dev mode, wrap with timing collector for Server-Timing header.\n // The collector uses ALS so timing entries are per-request.\n const runRequest = async () => {\n logRequestReceived({ method, path });\n\n const response = await withSpan(\n 'http.server.request',\n { 'http.request.method': method, 'url.path': path },\n async () => {\n // If OTEL is active, the root span now exists — replace the UUID\n // fallback with the real OTEL trace ID for log–trace correlation.\n const otelIds = await getOtelTraceId();\n if (otelIds) {\n replaceTraceId(otelIds.traceId, otelIds.spanId);\n }\n\n let result: Response;\n if (proxy \|\| config.proxyLoader) {\n result = await runProxyPhase(req, method, path);\n } else {\n result = await handleRequest(req, method, path);\n }\n\n // Set response status on the root span before it ends —\n // DevSpanProcessor reads this for tree/summary output.\n await setSpanAttribute('http.response.status_code', result.status);\n\n // Append Server-Timing header based on configured mode.\n // Response.redirect() creates immutable headers, so we must\n // ensure mutability before writing Server-Timing.\n if (serverTiming === 'detailed') {\n // Detailed: per-phase breakdown (proxy, middleware, render).\n const timingHeader = getServerTimingHeader();\n if (timingHeader) {\n result = ensureMutableResponse(result);\n result.headers.set('Server-Timing', timingHeader);\n }\n } else if (serverTiming === 'total') {\n // Total only: single `total;dur=N` — no phase names.\n // Prevents information disclosure while giving browser\n // DevTools useful timing data.\n const totalMs = Math.round(performance.now() - startTime);\n result = ensureMutableResponse(result);\n result.headers.set('Server-Timing', `total;dur=${totalMs}`);\n }\n // serverTiming === false: no header at all\n\n return result;\n }\n );\n\n // Post-span: structured production logging\n const durationMs = Math.round(performance.now() - startTime);\n const status = response.status;\n const concurrency = activeRequests;\n activeRequests--;\n logRequestCompleted({ method, path, status, durationMs, concurrency });\n\n if (slowRequestMs > 0 && durationMs > slowRequestMs) {\n logSlowRequest({ method, path, durationMs, threshold: slowRequestMs, concurrency });\n }\n\n return response;\n };\n\n return serverTiming === 'detailed' ? runWithTimingCollector(runRequest) : runRequest();\n });\n });\n };\n\n async function runProxyPhase(req: Request, method: string, path: string): Promise<Response> {\n try {\n // Resolve the proxy export. When a proxyLoader is provided (lazy import),\n // it is called per-request so HMR updates in dev take effect immediately.\n let proxyExport: ProxyExport;\n if (config.proxyLoader) {\n const mod = await config.proxyLoader();\n proxyExport = mod.default;\n } else {\n proxyExport = config.proxy!;\n }\n const proxyFn = () => runProxy(proxyExport, req, () => handleRequest(req, method, path));\n return await withSpan('timber.proxy', {}, () =>\n serverTiming === 'detailed' ? withTiming('proxy', 'proxy.ts', proxyFn) : proxyFn()\n );\n } catch (error) {\n // Uncaught proxy.ts error → bare HTTP 500\n logProxyError({ error });\n await fireOnRequestError(error, req, 'proxy');\n if (onPipelineError && error instanceof Error) onPipelineError(error, 'proxy');\n return new Response(null, { status: 500 });\n }\n }\n\n /\n Build a redirect Response from a RedirectSignal.\n \n For RSC payload requests (client navigation), returns 204 + X-Timber-Redirect\n * so the client router can perform a soft SPA redirect. A raw 302 would be\n * turned into an opaque redirect by fetch({redirect:'manual'}), crashing\n * createFromFetch. See design/19-client-navigation.md.\n /\n function buildRedirectResponse(signal: RedirectSignal, req: Request, headers: Headers): Response {\n const isRsc = (req.headers.get('Accept') ?? '').includes('text/x-component');\n if (isRsc) {\n headers.set('X-Timber-Redirect', signal.location);\n return new Response(null, { status: 204, headers });\n }\n headers.set('Location', signal.location);\n return new Response(null, { status: signal.status, headers });\n }\n\n async function handleRequest(req: Request, method: string, path: string): Promise<Response> {\n // Stage 1: URL canonicalization\n const url = new URL(req.url);\n const result = canonicalize(url.pathname, stripTrailingSlash);\n if (!result.ok) {\n return new Response(null, { status: result.status });\n }\n const canonicalPathname = result.pathname;\n\n // Stage 1b: Metadata route matching — runs before regular route matching.\n // Metadata routes skip middleware.ts and access.ts (public endpoints for crawlers).\n // See design/16-metadata.md §\"Pipeline Integration\"\n if (config.matchMetadataRoute) {\n const metaMatch = config.matchMetadataRoute(canonicalPathname);\n if (metaMatch) {\n try {\n // Static metadata files (.xml, .txt, .png, .ico, etc.) are served\n // directly from disk. Dynamic metadata routes (.ts, .tsx) export a\n // handler function that generates the response.\n if (metaMatch.isStatic) {\n return await serveStaticMetadataFile(metaMatch);\n }\n\n const mod = await loadModule<{ default?: Function }>(metaMatch.file);\n if (typeof mod.default !== 'function') {\n return new Response('Metadata route must export a default function', { status: 500 });\n }\n const handlerResult = await mod.default();\n // If the handler returns a Response, use it directly\n if (handlerResult instanceof Response) {\n return handlerResult;\n }\n // Otherwise, serialize based on content type\n const contentType = metaMatch.contentType;\n let body: string;\n if (typeof handlerResult === 'string') {\n body = handlerResult;\n } else if (contentType === 'application/xml') {\n body = serializeSitemap(handlerResult);\n } else if (contentType === 'application/manifest+json') {\n body = JSON.stringify(handlerResult, null, 2);\n } else {\n body = typeof handlerResult === 'string' ? handlerResult : String(handlerResult);\n }\n return new Response(body, {\n status: 200,\n headers: { 'Content-Type': `${contentType}; charset=utf-8` },\n });\n } catch (error) {\n logRenderError({ method, path, error });\n if (onPipelineError && error instanceof Error) onPipelineError(error, 'metadata-route');\n return new Response(null, { status: 500 });\n }\n }\n }\n\n // Stage 1b.2: Auto-generated sitemap — serves /sitemap.xml and /sitemap/N.xml\n // when sitemap generation is enabled and no user-authored sitemap exists.\n // Runs after metadata route matching so user sitemaps always take precedence.\n // See design/16-metadata.md §\"Auto-generated Sitemap\"\n if (config.autoSitemapHandler) {\n try {\n const sitemapResponse = await config.autoSitemapHandler(canonicalPathname);\n if (sitemapResponse) return sitemapResponse;\n } catch (error) {\n logRenderError({ method, path, error });\n if (onPipelineError && error instanceof Error) onPipelineError(error, 'auto-sitemap');\n return new Response(null, { status: 500 });\n }\n }\n\n // Stage 1c: Version skew detection (TIM-446).\n // For RSC payload requests (client navigation), check if the client's\n // deployment ID matches the current build. On mismatch, signal the\n // client to do a full page reload instead of returning an RSC payload\n // that references mismatched module IDs.\n const isRscRequest = (req.headers.get('Accept') ?? '').includes('text/x-component');\n if (isRscRequest) {\n const skewCheck = checkVersionSkew(req);\n if (!skewCheck.ok) {\n const reloadHeaders = new Headers();\n applyReloadHeaders(reloadHeaders);\n return new Response(null, { status: 204, headers: reloadHeaders });\n }\n }\n\n // Stage 2: Route matching\n let match = matchRoute(canonicalPathname);\n let interception: InterceptionContext \| undefined;\n\n // Stage 2a: Intercepting route resolution (modal pattern).\n // On soft navigation, check if an intercepting route should render instead.\n // The client sends X-Timber-URL with the current pathname (where they're\n // navigating FROM). If a rewrite matches, re-route to the source URL so\n // the source layout renders with the intercepted content in the slot.\n const sourceUrl = req.headers.get('X-Timber-URL');\n if (sourceUrl && config.interceptionRewrites?.length) {\n const intercepted = findInterceptionMatch(\n canonicalPathname,\n sourceUrl,\n config.interceptionRewrites\n );\n if (intercepted) {\n const sourceMatch = matchRoute(intercepted.sourcePathname);\n if (sourceMatch) {\n match = sourceMatch;\n interception = { targetPathname: canonicalPathname };\n }\n }\n }\n\n if (!match) {\n // No route matched — render 404.tsx in root layout if available,\n // otherwise fall back to a bare 404 Response.\n if (config.renderNoMatch) {\n const responseHeaders = new Headers();\n return config.renderNoMatch(req, responseHeaders);\n }\n return new Response(null, { status: 404 });\n }\n\n // Response and request header containers — created before early hints so\n // the emitter can append Link headers (e.g. for Cloudflare CDN → 103).\n const responseHeaders = new Headers();\n const requestHeaderOverlay = new Headers();\n\n // Set Cache-Control for dynamic HTML responses. Without this header,\n // CDNs (particularly Cloudflare) may attempt to buffer/process the\n // response differently, causing intermittent multi-second delays.\n // This matches Next.js's default behavior.\n responseHeaders.set('Cache-Control', 'private, no-cache, no-store, max-age=0, must-revalidate');\n\n // Stage 2b: 103 Early Hints (before middleware, after match)\n // Fires before middleware so the browser can begin fetching critical\n // assets while middleware runs. Non-fatal — a failing emitter never\n // blocks the request.\n if (earlyHints) {\n try {\n await earlyHints(match, req, responseHeaders);\n } catch {\n // Early hints failure is non-fatal\n }\n }\n\n // Stage 2c: Param coercion (before middleware)\n // Load params.ts modules from matched segments and coerce raw string\n // params through defineSegmentParams codecs. Coercion failure → 404\n // (middleware never runs). See design/07-routing.md §\"Where Coercion Runs\"\n try {\n await coerceSegmentParams(match);\n } catch (error) {\n if (error instanceof ParamCoercionError) {\n // For API routes (route.ts), return a bare 404 — not an HTML page.\n // API consumers expect JSON/empty responses, not rendered HTML.\n const leafSegment = match.segments[match.segments.length - 1];\n if (\n (leafSegment as { route?: unknown }).route &&\n !(leafSegment as { page?: unknown }).page\n ) {\n return new Response(null, { status: 404 });\n }\n // Route through the app's 404 page (404.tsx in root layout) instead of\n // returning a bare empty 404 Response. Falls back to bare 404 only if\n // no renderNoMatch renderer is configured.\n if (config.renderNoMatch) {\n return config.renderNoMatch(req, responseHeaders);\n }\n return new Response(null, { status: 404 });\n }\n throw error;\n }\n\n // Store coerced segment params in ALS so components can access them\n // via getSegmentParams() instead of receiving them as a prop.\n // See design/07-routing.md §\"params.ts — Convention File for Typed Params\"\n setSegmentParams(match.segmentParams);\n\n // Stage 3: Middleware chain (root-to-leaf, short-circuits on first Response)\n if (match.middlewareChain.length > 0) {\n const ctx: MiddlewareContext = {\n req,\n requestHeaders: requestHeaderOverlay,\n headers: responseHeaders,\n segmentParams: match.segmentParams,\n earlyHints: (hints) => {\n for (const hint of hints) {\n // Match Cloudflare's cached Early Hints attribute order: `as` before `rel`.\n // Cloudflare caches Link headers and re-emits them on subsequent 200s.\n // If our order differs, the browser sees duplicate preloads and warns.\n let value: string;\n if (hint.as !== undefined) {\n value = `<${hint.href}>; as=${hint.as}; rel=${hint.rel}`;\n } else {\n value = `<${hint.href}>; rel=${hint.rel}`;\n }\n if (hint.crossOrigin !== undefined) value += `; crossorigin=${hint.crossOrigin}`;\n if (hint.fetchPriority !== undefined) value += `; fetchpriority=${hint.fetchPriority}`;\n responseHeaders.append('Link', value);\n }\n },\n };\n\n try {\n // Enable cookie mutation during middleware (design/29-cookies.md §\"Context Tracking\")\n setMutableCookieContext(true);\n const chainFn = () => runMiddlewareChain(match.middlewareChain, ctx);\n const middlewareResponse = await withSpan('timber.middleware', {}, () =>\n serverTiming === 'detailed' ? withTiming('mw', 'middleware.ts', chainFn) : chainFn()\n );\n setMutableCookieContext(false);\n if (middlewareResponse) {\n // Apply cookie jar to short-circuit response.\n // Response.redirect() creates immutable headers, so ensure\n // mutability before appending Set-Cookie entries.\n const finalResponse = ensureMutableResponse(middlewareResponse);\n applyCookieJar(finalResponse.headers);\n // Merge parent-set responseHeaders onto the short-circuit response.\n // Child-set headers take precedence — only add headers not already present.\n // Snapshot existing keys first so multi-value headers (Set-Cookie, Link)\n // from the parent are all appended when the child didn't set that key.\n const existingKeys = new Set(\n [...finalResponse.headers.keys()].map((k) => k.toLowerCase())\n );\n for (const [key, value] of responseHeaders.entries()) {\n if (!existingKeys.has(key.toLowerCase())) {\n finalResponse.headers.append(key, value);\n }\n }\n logMiddlewareShortCircuit({ method, path, status: finalResponse.status });\n return finalResponse;\n }\n // Middleware chain completed without short-circuiting — apply any\n // injected request headers so getHeaders() returns them downstream.\n applyRequestHeaderOverlay(requestHeaderOverlay);\n } catch (error) {\n setMutableCookieContext(false);\n // RedirectSignal from middleware → HTTP redirect (not an error)\n if (error instanceof RedirectSignal) {\n applyCookieJar(responseHeaders);\n return buildRedirectResponse(error, req, responseHeaders);\n }\n // DenySignal from middleware → render deny page with correct status code.\n // Previously returned bare Response(null) — now renders 403.tsx etc.\n if (error instanceof DenySignal) {\n applyCookieJar(responseHeaders);\n if (config.renderDenyFallback) {\n try {\n return await config.renderDenyFallback(error, req, responseHeaders);\n } catch {\n // Deny page rendering failed — fall through to bare response\n }\n }\n return new Response(null, { status: error.status, headers: responseHeaders });\n }\n // Middleware throw → HTTP 500 (middleware runs before rendering,\n // no error boundary to catch it)\n logMiddlewareError({ method, path, error });\n await fireOnRequestError(error, req, 'handler');\n if (onPipelineError && error instanceof Error) onPipelineError(error, 'middleware');\n return new Response(null, { status: 500 });\n }\n }\n\n // Apply cookie jar to response headers before render commits them.\n // Middleware may have set cookies; they need to be on responseHeaders\n // before flushResponse creates the Response object.\n applyCookieJar(responseHeaders);\n\n // Stage 4: Render (access gates + element tree + renderToReadableStream)\n try {\n const renderFn = () =>\n render(req, match, responseHeaders, requestHeaderOverlay, interception);\n const response = await withSpan('timber.render', { 'http.route': canonicalPathname }, () =>\n serverTiming === 'detailed'\n ? withTiming('render', 'RSC + SSR render', renderFn)\n : renderFn()\n );\n markResponseFlushed();\n return response;\n } catch (error) {\n // DenySignal leaked from render (e.g. notFound() in metadata()).\n // Render the deny page with the correct status code.\n if (error instanceof DenySignal) {\n if (config.renderDenyFallback) {\n try {\n return await config.renderDenyFallback(error, req, responseHeaders);\n } catch {\n // Deny page rendering failed — fall through to bare response\n }\n }\n return new Response(null, { status: error.status, headers: responseHeaders });\n }\n // RedirectSignal leaked from render — honour the redirect\n if (error instanceof RedirectSignal) {\n return buildRedirectResponse(error, req, responseHeaders);\n }\n logRenderError({ method, path, error });\n await fireOnRequestError(error, req, 'render');\n if (onPipelineError && error instanceof Error) onPipelineError(error, 'render');\n // Try fallback error page before bare 500\n if (config.renderFallbackError) {\n try {\n return await config.renderFallbackError(error, req, responseHeaders);\n } catch {\n // Fallback rendering itself failed — fall through to bare 500\n }\n }\n return new Response(null, { status: 500 });\n }\n }\n}\n\n/\n Fire the user's onRequestError hook with request context.\n * Extracts request info from the Request object and calls the instrumentation hook.\n /\nasync function fireOnRequestError(\n error: unknown,\n req: Request,\n phase: 'proxy' \| 'handler' \| 'render' \| 'action' \| 'route'\n): Promise<void> {\n const url = new URL(req.url);\n const headersObj: Record<string, string> = {};\n req.headers.forEach((v, k) => {\n headersObj[k] = v;\n });\n\n await callOnRequestError(\n error,\n { method: req.method, path: url.pathname, headers: headersObj },\n { phase, routePath: url.pathname, routeType: 'page', traceId: getTraceId() }\n );\n}\n\n// ─── Cookie Helpers ──────────────────────────────────────────────────────\n\n/\n Apply all Set-Cookie headers from the cookie jar to a Headers object.\n * Each cookie gets its own Set-Cookie header per RFC 6265 §4.1.\n /\nfunction applyCookieJar(headers: Headers): void {\n for (const value of getSetCookieHeaders()) {\n headers.append('Set-Cookie', value);\n }\n}\n\n// ─── Immutable Response Helpers ──────────────────────────────────────────\n\n/\n Ensure a Response has mutable headers so the pipeline can safely append\n * Set-Cookie and Server-Timing entries.\n \n `Response.redirect()` and some platform-level responses return objects\n * with immutable headers. Calling `.set()` or `.append()` on them throws\n * `TypeError: immutable`. This helper detects the immutable case by\n * attempting a no-op write and, on failure, clones into a fresh Response\n * with mutable headers.\n /\nfunction ensureMutableResponse(response: Response): Response {\n try {\n // Probe mutability with a benign operation that we immediately undo.\n // We pick a header name that is extremely unlikely to collide with\n // anything meaningful and delete it right away.\n response.headers.set('X-Timber-Probe', '1');\n response.headers.delete('X-Timber-Probe');\n return response;\n } catch {\n // Headers are immutable — rebuild with mutable headers.\n return new Response(response.body, {\n status: response.status,\n statusText: response.statusText,\n headers: new Headers(response.headers),\n });\n }\n}\n","/\n Build manifest types and utilities for CSS and JS asset tracking.\n \n The build manifest maps route segment file paths to their output\n * chunks from Vite's client build. This enables:\n * - <link rel=\"stylesheet\"> injection in HTML <head>\n * - <script type=\"module\"> with hashed URLs in production\n * - <link rel=\"modulepreload\"> for client chunk dependencies\n * - Link preload headers for Early Hints (103)\n \n In dev mode, Vite's HMR client handles CSS/JS injection, so the build\n * manifest is empty. In production, it's populated from Vite's\n * .vite/manifest.json after the client build.\n \n Design docs: 18-build-system.md §\"Build Manifest\", 02-rendering-pipeline.md §\"Early Hints\"\n /\n\n/* A font asset entry in the build manifest. /\nexport interface ManifestFontEntry {\n /* URL path to the font file (e.g. `/_timber/fonts/inter-latin-400-abc123.woff2`). /\n href: string;\n /* Font format (e.g. `woff2`). /\n format: string;\n /* Crossorigin attribute — always `anonymous` for fonts. /\n crossOrigin: string;\n}\n\n/* Build manifest mapping input file paths to output asset URLs. /\nexport interface BuildManifest {\n /* Map from input file path (relative to project root) to output CSS URLs. /\n css: Record<string, string[]>;\n /* Map from input file path to output JS chunk URL (hashed filename). /\n js: Record<string, string>;\n /* Map from input file path to transitive JS dependency URLs for modulepreload. /\n modulepreload: Record<string, string[]>;\n /* Map from input file path to font assets used by that module. /\n fonts: Record<string, ManifestFontEntry[]>;\n}\n\n/* Empty build manifest used in dev mode. /\nexport const EMPTY_BUILD_MANIFEST: BuildManifest = {\n css: {},\n js: {},\n modulepreload: {},\n fonts: {},\n};\n\n/* Segment shape expected by collectRouteCss (matches ManifestSegmentNode). /\ninterface SegmentWithFiles {\n layout?: { filePath: string };\n page?: { filePath: string };\n}\n\n/\n Collect all CSS files needed for a matched route's segment chain.\n \n Walks segments root → leaf, collecting CSS for each layout and page.\n * Deduplicates while preserving order (root layout CSS first).\n /\nexport function collectRouteCss(segments: SegmentWithFiles[], manifest: BuildManifest): string[] {\n const seen = new Set<string>();\n const result: string[] = [];\n\n for (const segment of segments) {\n for (const file of [segment.layout, segment.page]) {\n if (!file) continue;\n const cssFiles = manifest.css[file.filePath];\n if (!cssFiles) continue;\n for (const url of cssFiles) {\n if (!seen.has(url)) {\n seen.add(url);\n result.push(url);\n }\n }\n }\n }\n\n return result;\n}\n\n/\n Generate <link rel=\"stylesheet\"> tags for CSS URLs.\n \n Returns an HTML string to prepend to headHtml for injection\n * via injectHead() before </head>.\n /\nexport function buildCssLinkTags(cssUrls: string[]): string {\n // Emit <link rel=\"stylesheet\"> tags as a fallback for platforms where\n // React's Float system (via @vitejs/plugin-rsc preinit with\n // data-precedence) doesn't handle CSS injection. In practice, Float\n // deduplicates and these may be dropped. No preload hints — Float\n // already starts the fetch via preinit(), and redundant preloads\n // cause \"ignored due to unknown as/type\" browser warnings.\n return cssUrls.map((url) => `<link rel=\"stylesheet\" href=\"${url}\">`).join('');\n}\n\n/\n Generate a Link header value for CSS preload hints.\n \n Cloudflare CDN automatically converts Link headers with rel=preload\n * into 103 Early Hints responses. This avoids platform-specific 103\n * sending code.\n \n Example output: `</assets/root.css>; as=style; rel=preload, </assets/page.css>; as=style; rel=preload`\n /\nexport function buildLinkHeaders(cssUrls: string[]): string {\n return cssUrls.map((url) => `<${url}>; as=style; rel=preload`).join(', ');\n}\n\n// ─── Font utilities ──────────────────────────────────────────────────────\n\n/\n Collect all font entries needed for a matched route's segment chain.\n \n Walks segments root → leaf, collecting fonts for each layout and page.\n * Deduplicates by href while preserving order.\n /\nexport function collectRouteFonts(\n segments: SegmentWithFiles[],\n manifest: BuildManifest\n): ManifestFontEntry[] {\n const seen = new Set<string>();\n const result: ManifestFontEntry[] = [];\n\n for (const segment of segments) {\n for (const file of [segment.layout, segment.page]) {\n if (!file) continue;\n const fonts = manifest.fonts[file.filePath];\n if (!fonts) continue;\n for (const entry of fonts) {\n if (!seen.has(entry.href)) {\n seen.add(entry.href);\n result.push(entry);\n }\n }\n }\n }\n\n return result;\n}\n\n/\n Generate <link rel=\"preload\"> tags for font assets.\n \n Font preloads use `as=font` and always include `crossorigin` (required\n * for font preloads even for same-origin resources per the spec).\n /\nexport function buildFontPreloadTags(fonts: ManifestFontEntry[]): string {\n return fonts\n .map(\n (f) =>\n `<link rel=\"preload\" href=\"${f.href}\" as=\"font\" type=\"font/${f.format}\" crossorigin=\"${f.crossOrigin}\">`\n )\n .join('');\n}\n\n/\n Generate Link header values for font preload hints.\n \n Cloudflare CDN converts Link headers with rel=preload into 103 Early Hints.\n \n Example: `</fonts/inter.woff2>; as=font; rel=preload; crossorigin`\n /\nexport function buildFontLinkHeaders(fonts: ManifestFontEntry[]): string {\n return fonts.map((f) => `<${f.href}>; as=font; rel=preload; crossorigin`).join(', ');\n}\n\n// ─── JS chunk utilities ──────────────────────────────────────────────────\n\n/\n Collect JS chunk URLs for a matched route's segment chain.\n \n Walks segments root → leaf, collecting the JS chunk for each layout\n * and page. Deduplicates while preserving order.\n /\nexport function collectRouteJs(segments: SegmentWithFiles[], manifest: BuildManifest): string[] {\n const seen = new Set<string>();\n const result: string[] = [];\n\n for (const segment of segments) {\n for (const file of [segment.layout, segment.page]) {\n if (!file) continue;\n const jsUrl = manifest.js[file.filePath];\n if (!jsUrl) continue;\n if (!seen.has(jsUrl)) {\n seen.add(jsUrl);\n result.push(jsUrl);\n }\n }\n }\n\n return result;\n}\n\n/\n Collect modulepreload URLs for a matched route's segment chain.\n \n Walks segments root → leaf, collecting transitive JS dependencies\n * for each layout and page. Deduplicates across segments.\n /\nexport function collectRouteModulepreloads(\n segments: SegmentWithFiles[],\n manifest: BuildManifest\n): string[] {\n const seen = new Set<string>();\n const result: string[] = [];\n\n for (const segment of segments) {\n for (const file of [segment.layout, segment.page]) {\n if (!file) continue;\n const preloads = manifest.modulepreload[file.filePath];\n if (!preloads) continue;\n for (const url of preloads) {\n if (!seen.has(url)) {\n seen.add(url);\n result.push(url);\n }\n }\n }\n }\n\n return result;\n}\n\n/\n Generate <link rel=\"modulepreload\"> tags for JS dependency URLs.\n \n Modulepreload hints tell the browser to fetch and parse JS modules\n * before they're needed, reducing waterfall latency for dynamic imports.\n /\nexport function buildModulepreloadTags(urls: string[]): string {\n return urls.map((url) => `<link rel=\"modulepreload\" href=\"${url}\">`).join('');\n}\n\n/\n Generate a <script type=\"module\"> tag for a JS entry point.\n /\nexport function buildEntryScriptTag(url: string): string {\n return `<script type=\"module\" src=\"${url}\"></script>`;\n}\n","/\n 103 Early Hints utilities.\n \n Early Hints are sent before the final response to let the browser\n * start fetching critical resources (CSS, fonts, JS) while the server\n * is still rendering.\n \n The framework collects hints from two sources:\n * 1. Build manifest — CSS, fonts, and JS chunks known at route-match time\n * 2. ctx.earlyHints() — explicit hints added by middleware or route handlers\n \n Both are emitted as Link headers. Cloudflare CDN automatically converts\n * Link headers into 103 Early Hints responses.\n \n Design docs: 02-rendering-pipeline.md §\"Early Hints (103)\"\n /\n\nimport {\n collectRouteCss,\n collectRouteFonts,\n collectRouteModulepreloads,\n} from './build-manifest.js';\nimport type { BuildManifest } from './build-manifest.js';\n\n/* Minimal segment shape needed for early hint collection. /\ninterface SegmentWithFiles {\n layout?: { filePath: string };\n page?: { filePath: string };\n}\n\n// ─── EarlyHint type ───────────────────────────────────────────────────────\n\n/\n A single Link header hint for 103 Early Hints.\n \n ```ts\n * ctx.earlyHints([\n * { href: '/styles/critical.css', rel: 'preload', as: 'style' },\n * { href: 'https://fonts.googleapis.com', rel: 'preconnect' },\n * ])\n * ```\n /\nexport interface EarlyHint {\n /* The resource URL (absolute or root-relative). /\n href: string;\n /* Link relation — `preload`, `modulepreload`, or `preconnect`. /\n rel: 'preload' \| 'modulepreload' \| 'preconnect';\n /* Resource type for `preload` hints (omit for `modulepreload` / `preconnect`). /\n as?: 'style' \| 'script' \| 'font' \| 'image' \| 'fetch' \| 'document';\n /* Crossorigin attribute — required for font preloads per spec. /\n crossOrigin?: 'anonymous' \| 'use-credentials';\n /* Fetch priority hint — `high`, `low`, or `auto`. /\n fetchPriority?: 'high' \| 'low' \| 'auto';\n}\n\n// ─── formatLinkHeader ─────────────────────────────────────────────────────\n\n/\n Format a single EarlyHint as a Link header value.\n \n Attribute order: `as` before `rel` to match Cloudflare CDN's cached\n * Early Hints format. Cloudflare caches Link headers from 200 responses\n * and re-emits them as 103 Early Hints on subsequent requests. If our\n * attribute order differs from Cloudflare's cached copy, the browser\n * sees two preload headers for the same URL (different attribute order)\n * and warns \"Preload was ignored.\" Matching the order ensures the\n * browser deduplicates them correctly.\n \n Examples:\n * `</styles/root.css>; as=style; rel=preload`\n * `</fonts/inter.woff2>; as=font; rel=preload; crossorigin=anonymous`\n * `</_timber/client.js>; rel=modulepreload`\n * `<https://fonts.googleapis.com>; rel=preconnect`\n /\nexport function formatLinkHeader(hint: EarlyHint): string {\n // For preload hints, emit `as` before `rel` to match Cloudflare's\n // cached header format and avoid duplicate preload warnings.\n if (hint.as !== undefined) {\n let value = `<${hint.href}>; as=${hint.as}; rel=${hint.rel}`;\n if (hint.crossOrigin !== undefined) value += `; crossorigin=${hint.crossOrigin}`;\n if (hint.fetchPriority !== undefined) value += `; fetchpriority=${hint.fetchPriority}`;\n return value;\n }\n // For modulepreload / preconnect (no `as`), emit rel first.\n let value = `<${hint.href}>; rel=${hint.rel}`;\n if (hint.crossOrigin !== undefined) value += `; crossorigin=${hint.crossOrigin}`;\n if (hint.fetchPriority !== undefined) value += `; fetchpriority=${hint.fetchPriority}`;\n return value;\n}\n\n// ─── collectEarlyHintHeaders ──────────────────────────────────────────────\n\n/* Options for early hint collection. /\nexport interface EarlyHintOptions {\n /* Skip JS modulepreload hints (e.g. when client JavaScript is disabled). /\n skipJs?: boolean;\n}\n\n/\n Collect all Link header strings for a matched route's segment chain.\n \n Walks the build manifest to emit hints for:\n * - CSS stylesheets (as=style; rel=preload)\n * - Font assets (as=font; rel=preload; crossorigin)\n * - JS modulepreload hints (rel=modulepreload) — unless skipJs is set\n \n Also emits global CSS from the `_global` manifest key. Route files\n * are server components that don't appear in the client bundle, so\n * per-route CSS keying doesn't work with the RSC plugin. The `_global`\n * key contains all CSS assets from the client build — fine for early\n * hints since they're just prefetch signals.\n \n Returns formatted Link header strings, deduplicated by URL, root → leaf order.\n * Returns an empty array in dev mode (manifest is empty).\n /\nexport function collectEarlyHintHeaders(\n segments: SegmentWithFiles[],\n manifest: BuildManifest,\n options?: EarlyHintOptions\n): string[] {\n const result: string[] = [];\n // Dedup by URL (href), not by full formatted header string.\n // Different code paths can produce the same URL with different attribute\n // ordering, which would bypass a full-string dedup and produce duplicate\n // Link headers that trigger browser \"preload was ignored\" warnings.\n const seenUrls = new Set<string>();\n\n const add = (url: string, header: string) => {\n if (!seenUrls.has(url)) {\n seenUrls.add(url);\n result.push(header);\n }\n };\n\n // Per-route CSS — as=style; rel=preload\n for (const url of collectRouteCss(segments, manifest)) {\n add(url, formatLinkHeader({ href: url, rel: 'preload', as: 'style' }));\n }\n\n // Global CSS — all CSS assets from the client bundle.\n // Covers CSS that the RSC plugin injects via data-rsc-css-href,\n // which isn't keyed to route segments in our manifest.\n for (const url of manifest.css['_global'] ?? []) {\n add(url, formatLinkHeader({ href: url, rel: 'preload', as: 'style' }));\n }\n\n // Fonts — as=font; rel=preload; crossorigin (crossorigin required per spec)\n for (const font of collectRouteFonts(segments, manifest)) {\n add(\n font.href,\n formatLinkHeader({ href: font.href, rel: 'preload', as: 'font', crossOrigin: 'anonymous' })\n );\n }\n\n // JS chunks — rel=modulepreload (skip when client JS is disabled)\n if (!options?.skipJs) {\n for (const url of collectRouteModulepreloads(segments, manifest)) {\n add(url, formatLinkHeader({ href: url, rel: 'modulepreload' }));\n }\n }\n\n return result;\n}\n","/\n Per-request 103 Early Hints sender — ALS bridge for platform adapters.\n \n The pipeline collects Link headers for CSS, fonts, and JS chunks at\n * route-match time. On platforms that support it (Node.js v18.11+, Bun),\n * the adapter can send these as a 103 Early Hints interim response before\n * the final response is ready.\n \n This module provides an ALS-based bridge: the generated entry point\n * (e.g., the Nitro entry) wraps the handler with `runWithEarlyHintsSender`,\n * binding a per-request sender function. The pipeline calls\n * `sendEarlyHints103()` to fire the 103 if a sender is available.\n \n On platforms where 103 is handled at the CDN level (e.g., Cloudflare\n * converts Link headers into 103 automatically), no sender is installed\n * and `sendEarlyHints103()` is a no-op.\n \n Design doc: 02-rendering-pipeline.md §\"Early Hints (103)\"\n /\n\nimport { earlyHintsSenderAls } from './als-registry.js';\n\n/* Function that sends Link header values as a 103 Early Hints response. /\nexport type EarlyHintsSenderFn = (links: string[]) => void;\n\n/\n Run a function with a per-request early hints sender installed.\n \n Called by generated entry points (e.g., Nitro node-server/bun) to\n * bind the platform's writeEarlyHints capability for the request duration.\n /\nexport function runWithEarlyHintsSender<T>(sender: EarlyHintsSenderFn, fn: () => T): T {\n return earlyHintsSenderAls.run(sender, fn);\n}\n\n/\n Send collected Link headers as a 103 Early Hints response.\n \n No-op if no sender is installed for the current request (e.g., on\n * Cloudflare where the CDN handles 103 automatically, or in dev mode).\n \n Non-fatal: errors from the sender are caught and silently ignored.\n /\nexport function sendEarlyHints103(links: string[]): void {\n if (!links.length) return;\n const sender = earlyHintsSenderAls.getStore();\n if (!sender) return;\n try {\n sender(links);\n } catch {\n // Sending 103 is best-effort — failure never blocks the request.\n }\n}\n","/\n Element tree construction for timber.js rendering.\n \n Builds a unified React element tree from a matched segment chain, bottom-up:\n * page → status-code error boundaries → access gates → layout → repeat up segment chain\n \n The tree is rendered via a single `renderToReadableStream` call,\n * giving one `React.cache` scope for the entire route.\n \n See design/02-rendering-pipeline.md §\"Element Tree Construction\"\n /\n\nimport type { SegmentNode, RouteFile } from '../routing/types.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\n/* A loaded module for a route file convention. /\nexport interface LoadedModule {\n /* The default export (component, access function, etc.) /\n default?: unknown;\n /* Named exports (for route.ts method handlers, metadata, etc.) /\n [key: string]: unknown;\n}\n\n/* Function that loads a route file's module. /\nexport type ModuleLoader = (file: RouteFile) => LoadedModule \| Promise<LoadedModule>;\n\n/* A React element — kept opaque to avoid a React dependency in this module. /\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport type ReactElement = any;\n\n/* Function that creates a React element. Matches React.createElement signature. /\nexport type CreateElement = (\n type: unknown,\n props: Record<string, unknown> \| null,\n ...children: unknown[]\n) => ReactElement;\n\n/\n Resolved slot content for a layout.\n * Key is slot name (without @), value is the element tree for that slot.\n /\nexport type SlotElements = Map<string, ReactElement>;\n\n/* Configuration for the tree builder. /\nexport interface TreeBuilderConfig {\n /* The matched segment chain from root to leaf. /\n segments: SegmentNode[];\n /* Loads a route file's module. /\n loadModule: ModuleLoader;\n /* React.createElement or equivalent. /\n createElement: CreateElement;\n /\n Error boundary component for wrapping segments.\n \n This is injected by the caller rather than imported directly to avoid\n * pulling 'use client' code into the server barrel (@timber-js/app/server).\n * In the RSC environment, the RSC plugin transforms this import to a\n * client reference proxy — the caller handles the import so the server\n * barrel stays free of client dependencies.\n /\n errorBoundaryComponent?: unknown;\n}\n\n// ─── Component wrappers ──────────────────────────────────────────────────────\n\n/\n Framework-injected access gate component.\n \n When `verdict` is provided (from the pre-render pass), AccessGate replays\n * the stored result synchronously — no re-execution, no async, immune to\n * Suspense timing. When `verdict` is absent, falls back to calling `accessFn`\n * (backward compat for tree-builder.ts which doesn't run a pre-render pass).\n /\nexport interface AccessGateProps {\n accessFn: () => unknown;\n /* Segment name for dev logging (e.g. \"authenticated\", \"dashboard\"). /\n segmentName?: string;\n /\n Pre-computed verdict from the pre-render pass. When set, AccessGate\n * replays this verdict synchronously instead of calling accessFn.\n * - 'pass': render children\n * - DenySignal/RedirectSignal: throw synchronously\n /\n verdict?:\n \| 'pass'\n \| import('./primitives.js').DenySignal\n \| import('./primitives.js').RedirectSignal;\n /\n Deny page fallback chain. When provided and a DenySignal is caught,\n * AccessGate renders the matching deny page in-tree instead of throwing.\n * This prevents the error from reaching React Flight, eliminating the\n * second render pass. See TIM-666.\n /\n denyPages?: import('./deny-page-resolver.js').DenyPageEntry[];\n children: ReactElement;\n}\n\n/\n Framework-injected slot access gate component.\n * On denial, renders denied.tsx → default.tsx → null instead of failing the page.\n \n DeniedComponent is passed instead of a pre-built element so that\n * SlotAccessGate can forward DenySignal.data as dangerouslyPassData\n * and slotName as the slot prop after catching the signal.\n /\nexport interface SlotAccessGateProps {\n accessFn: () => unknown;\n /* The denied.tsx component (not a pre-built element). null if no denied.tsx exists. /\n DeniedComponent: ((...args: unknown[]) => unknown) \| null;\n /* Slot directory name without @ prefix (e.g. \"admin\", \"sidebar\"). /\n slotName: string;\n /* createElement function for building elements dynamically. /\n createElement: CreateElement;\n defaultFallback: ReactElement \| null;\n children: ReactElement;\n}\n\n/\n Framework-injected error boundary wrapper.\n * Wraps content with status-code error boundary handling.\n /\nexport interface ErrorBoundaryProps {\n fallbackComponent?: ReactElement \| null;\n fallbackElement?: ReactElement \| null;\n status?: number;\n children: ReactElement;\n}\n\n// ─── Tree Builder ────────────────────────────────────────────────────────────\n\n/\n Result of building the element tree.\n /\nexport interface TreeBuildResult {\n /* The root React element tree ready for renderToReadableStream. /\n tree: ReactElement;\n /* Whether the leaf segment is a route.ts (API endpoint) rather than a page. /\n isApiRoute: boolean;\n}\n\n/\n Build the unified element tree from a matched segment chain.\n \n Construction is bottom-up:\n * 1. Start with the page component (leaf segment)\n * 2. Wrap in status-code error boundaries (fallback chain)\n * 3. Wrap in AccessGate (if segment has access.ts)\n * 4. Pass as children to the segment's layout\n * 5. Repeat up the segment chain to root\n \n Parallel slots are resolved at each layout level and composed as named props.\n /\nexport async function buildElementTree(config: TreeBuilderConfig): Promise<TreeBuildResult> {\n const { segments, loadModule, createElement, errorBoundaryComponent } = config;\n\n if (segments.length === 0) {\n throw new Error('[timber] buildElementTree: empty segment chain');\n }\n\n const leaf = segments[segments.length - 1];\n\n // API routes (route.ts) don't build a React tree\n if (leaf.route && !leaf.page) {\n return { tree: null, isApiRoute: true };\n }\n\n // Start with the page component\n const pageModule = leaf.page ? await loadModule(leaf.page) : null;\n const PageComponent = pageModule?.default as ((...args: unknown[]) => ReactElement) \| undefined;\n\n if (!PageComponent) {\n throw new Error(\n `[timber] No page component found for route at ${leaf.urlPath}. ` +\n 'Each route must have a page.tsx or route.ts.'\n );\n }\n\n // Build the page element — params are accessed via getSegmentParams() from ALS\n let element: ReactElement = createElement(PageComponent, {});\n\n // Build tree bottom-up: wrap page, then walk segments from leaf to root\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n\n // Wrap in error boundaries (status-code files + error.tsx)\n element = await wrapWithErrorBoundaries(\n segment,\n element,\n loadModule,\n createElement,\n errorBoundaryComponent\n );\n\n // Wrap in AccessGate if segment has access.ts\n if (segment.access) {\n const accessModule = await loadModule(segment.access);\n const accessFn = accessModule.default as AccessGateProps['accessFn'];\n element = createElement('timber:access-gate', {\n accessFn,\n segmentName: segment.segmentName,\n children: element,\n } satisfies AccessGateProps);\n }\n\n // Wrap in layout (if exists and not the leaf's page-level wrapping)\n if (segment.layout) {\n const layoutModule = await loadModule(segment.layout);\n const LayoutComponent = layoutModule.default as\n \| ((...args: unknown[]) => ReactElement)\n \| undefined;\n\n if (LayoutComponent) {\n // Resolve parallel slots for this layout\n const slotProps: Record<string, ReactElement> = {};\n if (segment.slots.size > 0) {\n for (const [slotName, slotNode] of segment.slots) {\n slotProps[slotName] = await buildSlotElement(\n slotNode,\n loadModule,\n createElement,\n errorBoundaryComponent\n );\n }\n }\n\n element = createElement(LayoutComponent, {\n ...slotProps,\n children: element,\n });\n }\n }\n }\n\n return { tree: element, isApiRoute: false };\n}\n\n// ─── Slot Element Builder ────────────────────────────────────────────────────\n\n/\n Build the element tree for a parallel slot.\n \n Slots have their own access.ts (SlotAccessGate) and error boundaries.\n * On access denial: denied.tsx → default.tsx → null (graceful degradation).\n /\nasync function buildSlotElement(\n slotNode: SegmentNode,\n loadModule: ModuleLoader,\n createElement: CreateElement,\n errorBoundaryComponent: unknown\n): Promise<ReactElement> {\n // Load slot page\n const pageModule = slotNode.page ? await loadModule(slotNode.page) : null;\n const PageComponent = pageModule?.default as ((...args: unknown[]) => ReactElement) \| undefined;\n\n // Load default.tsx fallback\n const defaultModule = slotNode.default ? await loadModule(slotNode.default) : null;\n const DefaultComponent = defaultModule?.default as\n \| ((...args: unknown[]) => ReactElement)\n \| undefined;\n\n // If no page, render default.tsx or null\n if (!PageComponent) {\n return DefaultComponent ? createElement(DefaultComponent, {}) : null;\n }\n\n let element: ReactElement = createElement(PageComponent, {});\n\n // Wrap in error boundaries\n element = await wrapWithErrorBoundaries(\n slotNode,\n element,\n loadModule,\n createElement,\n errorBoundaryComponent\n );\n\n // Wrap in SlotAccessGate if slot has access.ts\n if (slotNode.access) {\n const accessModule = await loadModule(slotNode.access);\n const accessFn = accessModule.default as SlotAccessGateProps['accessFn'];\n\n // Load denied.tsx — pass component (not pre-built element) so\n // SlotAccessGate can forward DenySignal.data dynamically. See TIM-488.\n const deniedModule = slotNode.denied ? await loadModule(slotNode.denied) : null;\n const DeniedComponent =\n (deniedModule?.default as ((...args: unknown[]) => ReactElement) \| undefined) ?? null;\n\n const defaultFallback = DefaultComponent ? createElement(DefaultComponent, {}) : null;\n\n element = createElement('timber:slot-access-gate', {\n accessFn,\n DeniedComponent,\n slotName: slotNode.segmentName.replace(/^@/, ''),\n createElement,\n defaultFallback,\n children: element,\n } satisfies SlotAccessGateProps);\n }\n\n return element;\n}\n\n// ─── Error Boundary Wrapping ─────────────────────────────────────────────────\n\n/* MDX/markdown extensions — these are server components that cannot be passed as function props. /\nconst MDX_EXTENSIONS = new Set(['mdx', 'md']);\n\n/\n Check if a route file is an MDX/markdown file based on its extension.\n * MDX components are server components by default and cannot cross the\n * RSC→client boundary as function props. They must be pre-rendered as\n * elements and passed as fallbackElement instead of fallbackComponent.\n /\nfunction isMdxFile(file: RouteFile): boolean {\n return MDX_EXTENSIONS.has(file.extension);\n}\n\n/\n Wrap an element with error boundaries from a segment's status-code files.\n \n Wrapping order (innermost to outermost):\n * 1. Specific status files (503.tsx, 429.tsx, etc.)\n * 2. Category catch-alls (4xx.tsx, 5xx.tsx)\n * 3. error.tsx (general error boundary)\n \n This creates the fallback chain described in design/10-error-handling.md.\n \n MDX status files are server components and cannot be passed as function\n * props to TimberErrorBoundary (a 'use client' component). Instead, they\n * are pre-rendered as elements and passed as fallbackElement. The error\n * boundary renders the element directly when an error is caught.\n * See TIM-503.\n /\nasync function wrapWithErrorBoundaries(\n segment: SegmentNode,\n element: ReactElement,\n loadModule: ModuleLoader,\n createElement: CreateElement,\n errorBoundaryComponent: unknown\n): Promise<ReactElement> {\n // Wrapping is applied inside-out. The last wrap call produces the outermost boundary.\n // Order: specific status → category → error.tsx (outermost)\n\n if (segment.statusFiles) {\n // Wrap with specific status files (innermost — highest priority at runtime)\n for (const [key, file] of segment.statusFiles) {\n if (key !== '4xx' && key !== '5xx') {\n const status = parseInt(key, 10);\n if (!isNaN(status)) {\n const mod = await loadModule(file);\n const Component = mod.default;\n if (Component) {\n const boundaryProps = isMdxFile(file)\n ? ({\n fallbackElement: createElement(Component, { status }),\n status,\n children: element,\n } satisfies ErrorBoundaryProps)\n : ({\n fallbackComponent: Component,\n status,\n children: element,\n } satisfies ErrorBoundaryProps);\n element = createElement(errorBoundaryComponent, boundaryProps);\n }\n }\n }\n }\n\n // Wrap with category catch-alls (4xx.tsx, 5xx.tsx)\n for (const [key, file] of segment.statusFiles) {\n if (key === '4xx' \|\| key === '5xx') {\n const mod = await loadModule(file);\n const Component = mod.default;\n if (Component) {\n const categoryStatus = key === '4xx' ? 400 : 500;\n const boundaryProps = isMdxFile(file)\n ? ({\n fallbackElement: createElement(Component, {}),\n status: categoryStatus,\n children: element,\n } satisfies ErrorBoundaryProps)\n : ({\n fallbackComponent: Component,\n status: categoryStatus,\n children: element,\n } satisfies ErrorBoundaryProps);\n element = createElement(errorBoundaryComponent, boundaryProps);\n }\n }\n }\n }\n\n // Wrap with error.tsx (outermost — catches anything not matched by status files)\n // Note: error.tsx/error.mdx receives { error, digest, reset } props.\n // MDX error files are pre-rendered without those props (they're static content).\n if (segment.error) {\n const errorModule = await loadModule(segment.error);\n const ErrorComponent = errorModule.default;\n if (ErrorComponent) {\n const boundaryProps = isMdxFile(segment.error)\n ? ({\n fallbackElement: createElement(ErrorComponent, {}),\n children: element,\n } satisfies ErrorBoundaryProps)\n : ({\n fallbackComponent: ErrorComponent,\n children: element,\n } satisfies ErrorBoundaryProps);\n element = createElement(errorBoundaryComponent, boundaryProps);\n }\n }\n\n return element;\n}\n","/\n Status-code file resolver for timber.js error/denial rendering.\n \n Given an HTTP status code and a matched segment chain, resolves the\n * correct file to render by walking the fallback chain described in\n * design/10-error-handling.md §\"Status-Code Files\".\n \n Supports two format families:\n * - 'component' (default): .tsx/.jsx/.mdx status files → React rendering pipeline\n * - 'json': .json status files → raw JSON response, no React\n \n Fallback chains operate within the same format family (no cross-format fallback).\n \n Component chain (4xx):\n * Pass 1 — status files (leaf → root): {status}.tsx → 4xx.tsx\n * Pass 2 — legacy compat (leaf → root): not-found.tsx / forbidden.tsx / unauthorized.tsx\n * Pass 3 — error.tsx (leaf → root)\n * Pass 4 — framework default (returns null)\n \n JSON chain (4xx):\n * Pass 1 — json status files (leaf → root): {status}.json → 4xx.json\n * Pass 2 — framework default JSON (returns null, caller provides bare JSON)\n \n 5xx (component only):\n * Per-segment (leaf → root): {status}.tsx → 5xx.tsx → error.tsx\n * Then global-error.tsx (future)\n * Then framework default (returns null)\n /\n\nimport type { SegmentNode, RouteFile } from '../routing/types.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\n/* How the status-code file was matched. /\nexport type StatusFileKind =\n \| 'exact' // e.g. 403.tsx matched status 403\n \| 'category' // e.g. 4xx.tsx matched status 403\n \| 'legacy' // e.g. not-found.tsx matched status 404\n \| 'error'; // error.tsx as last resort\n\n/* Response format family for status-code resolution. /\nexport type StatusFileFormat = 'component' \| 'json';\n\n/* Result of resolving a status-code file for a segment chain. /\nexport interface StatusFileResolution {\n /* The matched route file. /\n file: RouteFile;\n /* The HTTP status code (always the original status, not the file's code). /\n status: number;\n /* How the file was matched. /\n kind: StatusFileKind;\n /* Index into the segments array where the file was found. /\n segmentIndex: number;\n}\n\n/* How a slot denial file was matched. /\nexport type SlotDeniedKind = 'denied' \| 'default';\n\n/* Result of resolving a slot denied file. /\nexport interface SlotDeniedResolution {\n /* The matched route file (denied.tsx or default.tsx). /\n file: RouteFile;\n /* Slot name without @ prefix. /\n slotName: string;\n /* How the file was matched. /\n kind: SlotDeniedKind;\n}\n\n// ─── Legacy Compat Mapping ───────────────────────────────────────────────────\n\n/\n Maps legacy file convention names to their corresponding HTTP status codes.\n * Only used in the 4xx component fallback chain.\n /\nconst LEGACY_FILE_TO_STATUS: Record<string, number> = {\n 'not-found': 404,\n 'forbidden': 403,\n 'unauthorized': 401,\n};\n\n// ─── Resolver ────────────────────────────────────────────────────────────────\n\n/\n Resolve the status-code file to render for a given HTTP status code.\n \n Walks the segment chain from leaf to root following the fallback chain\n * defined in design/10-error-handling.md. Returns null if no file is found\n * (caller should render the framework default).\n \n @param status - The HTTP status code (4xx or 5xx).\n * @param segments - The matched segment chain from root (index 0) to leaf (last).\n * @param format - The response format family ('component' or 'json'). Defaults to 'component'.\n /\nexport function resolveStatusFile(\n status: number,\n segments: ReadonlyArray<SegmentNode>,\n format: StatusFileFormat = 'component'\n): StatusFileResolution \| null {\n if (status >= 400 && status <= 499) {\n return format === 'json' ? resolve4xxJson(status, segments) : resolve4xx(status, segments);\n }\n if (status >= 500 && status <= 599) {\n // JSON format for 5xx uses the same json chain pattern\n return format === 'json' ? resolve5xxJson(status, segments) : resolve5xx(status, segments);\n }\n return null;\n}\n\n/\n 4xx component fallback chain (three separate passes):\n * Pass 1 — status files (leaf → root): {status}.tsx → 4xx.tsx\n * Pass 2 — legacy compat (leaf → root): not-found.tsx / forbidden.tsx / unauthorized.tsx\n * Pass 3 — error.tsx (leaf → root)\n /\nfunction resolve4xx(\n status: number,\n segments: ReadonlyArray<SegmentNode>\n): StatusFileResolution \| null {\n const statusStr = String(status);\n\n // Pass 1: status files across all segments (leaf → root)\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n if (!segment.statusFiles) continue;\n\n // Exact match first\n const exact = segment.statusFiles.get(statusStr);\n if (exact) {\n return { file: exact, status, kind: 'exact', segmentIndex: i };\n }\n\n // Category catch-all\n const category = segment.statusFiles.get('4xx');\n if (category) {\n return { file: category, status, kind: 'category', segmentIndex: i };\n }\n }\n\n // Pass 2: legacy compat files (leaf → root)\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n if (!segment.legacyStatusFiles) continue;\n\n for (const [name, legacyStatus] of Object.entries(LEGACY_FILE_TO_STATUS)) {\n if (legacyStatus === status) {\n const file = segment.legacyStatusFiles.get(name);\n if (file) {\n return { file, status, kind: 'legacy', segmentIndex: i };\n }\n }\n }\n }\n\n // Pass 3: error.tsx (leaf → root)\n for (let i = segments.length - 1; i >= 0; i--) {\n if (segments[i].error) {\n return { file: segments[i].error!, status, kind: 'error', segmentIndex: i };\n }\n }\n\n return null;\n}\n\n/\n 4xx JSON fallback chain (single pass):\n * Pass 1 — json status files (leaf → root): {status}.json → 4xx.json\n * No legacy compat, no error.tsx — JSON chain terminates at category catch-all.\n /\nfunction resolve4xxJson(\n status: number,\n segments: ReadonlyArray<SegmentNode>\n): StatusFileResolution \| null {\n const statusStr = String(status);\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n if (!segment.jsonStatusFiles) continue;\n\n // Exact match first\n const exact = segment.jsonStatusFiles.get(statusStr);\n if (exact) {\n return { file: exact, status, kind: 'exact', segmentIndex: i };\n }\n\n // Category catch-all\n const category = segment.jsonStatusFiles.get('4xx');\n if (category) {\n return { file: category, status, kind: 'category', segmentIndex: i };\n }\n }\n\n return null;\n}\n\n/\n 5xx component fallback chain (single pass, per-segment):\n * At each segment (leaf → root): {status}.tsx → 5xx.tsx → error.tsx\n /\nfunction resolve5xx(\n status: number,\n segments: ReadonlyArray<SegmentNode>\n): StatusFileResolution \| null {\n const statusStr = String(status);\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n\n // Exact status file\n if (segment.statusFiles) {\n const exact = segment.statusFiles.get(statusStr);\n if (exact) {\n return { file: exact, status, kind: 'exact', segmentIndex: i };\n }\n\n // Category catch-all\n const category = segment.statusFiles.get('5xx');\n if (category) {\n return { file: category, status, kind: 'category', segmentIndex: i };\n }\n }\n\n // error.tsx at this segment level (for 5xx, checked per-segment)\n if (segment.error) {\n return { file: segment.error, status, kind: 'error', segmentIndex: i };\n }\n }\n\n return null;\n}\n\n/\n 5xx JSON fallback chain (single pass):\n * At each segment (leaf → root): {status}.json → 5xx.json\n * No error.tsx equivalent — JSON chain terminates at category catch-all.\n /\nfunction resolve5xxJson(\n status: number,\n segments: ReadonlyArray<SegmentNode>\n): StatusFileResolution \| null {\n const statusStr = String(status);\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n if (!segment.jsonStatusFiles) continue;\n\n const exact = segment.jsonStatusFiles.get(statusStr);\n if (exact) {\n return { file: exact, status, kind: 'exact', segmentIndex: i };\n }\n\n const category = segment.jsonStatusFiles.get('5xx');\n if (category) {\n return { file: category, status, kind: 'category', segmentIndex: i };\n }\n }\n\n return null;\n}\n\n// ─── Slot Denied Resolver ────────────────────────────────────────────────────\n\n/\n Resolve the denial file for a parallel route slot.\n \n Slot denial is graceful degradation — no HTTP status on the wire.\n * Fallback chain: denied.tsx → default.tsx → null.\n \n @param slotNode - The segment node for the slot (segmentType === 'slot').\n /\nexport function resolveSlotDenied(slotNode: SegmentNode): SlotDeniedResolution \| null {\n const slotName = slotNode.segmentName.replace(/^@/, '');\n\n if (slotNode.denied) {\n return { file: slotNode.denied, slotName, kind: 'denied' };\n }\n\n if (slotNode.default) {\n return { file: slotNode.default, slotName, kind: 'default' };\n }\n\n return null;\n}\n","/\n Flush controller for timber.js rendering.\n \n Holds the response until `onShellReady` fires, then commits the HTTP status\n * code and flushes the shell. Render-phase signals (deny, redirect, unhandled\n * throws) caught before flush produce correct HTTP status codes.\n \n See design/02-rendering-pipeline.md §\"The Flush Point\" and §\"The Hold Window\"\n /\n\nimport { DenySignal, RedirectSignal, RenderError } from './primitives.js';\nimport { logRenderError } from './logger.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\n/* The readable stream from React's renderToReadableStream. /\nexport interface ReactRenderStream {\n /* The underlying ReadableStream of HTML bytes. /\n readable: ReadableStream<Uint8Array>;\n /* Resolves when the shell has finished rendering (all non-Suspense content). /\n allReady?: Promise<void>;\n}\n\n/* Options for the flush controller. /\nexport interface FlushOptions {\n /* Response headers to include (from middleware.ts, proxy.ts, etc.). /\n responseHeaders?: Headers;\n /* Default status code when rendering succeeds. Default: 200. /\n defaultStatus?: number;\n}\n\n/* Result of the flush process. /\nexport interface FlushResult {\n /* The final HTTP Response. /\n response: Response;\n /* The status code committed. /\n status: number;\n /* Whether the response was a redirect. /\n isRedirect: boolean;\n /* Whether the response was a denial. /\n isDenial: boolean;\n}\n\n// ─── Render Function Type ────────────────────────────────────────────────────\n\n/\n A function that performs the React render.\n \n The flush controller calls this, catches any signals thrown during the\n * synchronous shell render (before onShellReady), and produces the\n * correct HTTP response.\n \n Must return an object with:\n * - `stream`: The ReadableStream from renderToReadableStream\n * - `shellReady`: A Promise that resolves when onShellReady fires\n /\nexport interface RenderResult {\n /* The HTML byte stream. /\n stream: ReadableStream<Uint8Array>;\n /* Resolves when the shell is ready (all non-Suspense content rendered). /\n shellReady: Promise<void>;\n}\n\nexport type RenderFn = () => RenderResult \| Promise<RenderResult>;\n\n// ─── Flush Controller ────────────────────────────────────────────────────────\n\n/\n Execute a render and hold the response until the shell is ready.\n \n The flush controller:\n * 1. Calls the render function to start renderToReadableStream\n * 2. Waits for shellReady (onShellReady)\n * 3. If a render-phase signal was thrown (deny, redirect, error), produces\n * the correct HTTP status code\n * 4. If the shell rendered successfully, commits the status and streams\n \n Render-phase signals caught before flush:\n * - `DenySignal` → HTTP 4xx with appropriate status code\n * - `RedirectSignal` → HTTP 3xx with Location header\n * - `RenderError` → HTTP status from error (default 500)\n * - Unhandled error → HTTP 500\n \n @param renderFn - Function that starts the React render.\n * @param options - Flush configuration.\n * @returns The committed HTTP Response.\n /\nexport async function flushResponse(\n renderFn: RenderFn,\n options: FlushOptions = {}\n): Promise<FlushResult> {\n const { responseHeaders = new Headers(), defaultStatus = 200 } = options;\n\n let renderResult: RenderResult;\n\n // Phase 1: Start the render. The render function may throw synchronously\n // if there's an immediate error before React even starts.\n try {\n renderResult = await renderFn();\n } catch (error) {\n return handleSignal(error, responseHeaders);\n }\n\n // Phase 2: Wait for onShellReady. Render-phase signals (deny, redirect,\n // throws outside Suspense) are caught here.\n try {\n await renderResult.shellReady;\n } catch (error) {\n return handleSignal(error, responseHeaders);\n }\n\n // Phase 3: Shell rendered successfully. Commit status and stream.\n responseHeaders.set('Content-Type', 'text/html; charset=utf-8');\n\n return {\n response: new Response(renderResult.stream, {\n status: defaultStatus,\n headers: responseHeaders,\n }),\n status: defaultStatus,\n isRedirect: false,\n isDenial: false,\n };\n}\n\n// ─── Signal Handling ─────────────────────────────────────────────────────────\n\n/\n Handle a render-phase signal and produce the correct HTTP response.\n /\nfunction handleSignal(error: unknown, responseHeaders: Headers): FlushResult {\n // Redirect signal → HTTP 3xx\n if (error instanceof RedirectSignal) {\n responseHeaders.set('Location', error.location);\n return {\n response: new Response(null, {\n status: error.status,\n headers: responseHeaders,\n }),\n status: error.status,\n isRedirect: true,\n isDenial: false,\n };\n }\n\n // Deny signal → HTTP 4xx\n if (error instanceof DenySignal) {\n return {\n response: new Response(null, {\n status: error.status,\n headers: responseHeaders,\n }),\n status: error.status,\n isRedirect: false,\n isDenial: true,\n };\n }\n\n // RenderError → HTTP status from error\n if (error instanceof RenderError) {\n return {\n response: new Response(null, {\n status: error.status,\n headers: responseHeaders,\n }),\n status: error.status,\n isRedirect: false,\n isDenial: false,\n };\n }\n\n // Unknown error → HTTP 500\n logRenderError({ method: '', path: '', error });\n return {\n response: new Response(null, {\n status: 500,\n headers: responseHeaders,\n }),\n status: 500,\n isRedirect: false,\n isDenial: false,\n };\n}\n","/\n CSRF protection — Origin header validation.\n \n Auto-derived from the Host header for single-origin deployments.\n * Configurable via allowedOrigins for multi-origin setups.\n * Disable with csrf: false (not recommended outside local dev).\n \n See design/08-forms-and-actions.md §\"CSRF Protection\"\n * See design/13-security.md §\"Security Testing Checklist\" #6\n /\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\nexport interface CsrfConfig {\n /* Explicit list of allowed origins. Replaces Host-based auto-derivation. /\n allowedOrigins?: string[];\n /* Set to false to disable CSRF validation entirely. /\n csrf?: boolean;\n}\n\nexport type CsrfResult = { ok: true } \| { ok: false; status: 403 };\n\n// ─── Constants ────────────────────────────────────────────────────────────\n\n/* HTTP methods that are considered safe (no mutation). /\nconst SAFE_METHODS = new Set(['GET', 'HEAD', 'OPTIONS']);\n\n// ─── Implementation ───────────────────────────────────────────────────────\n\n/\n Validate the Origin header against the request's Host.\n \n For mutation methods (POST, PUT, PATCH, DELETE):\n * - If `csrf: false`, skip validation.\n * - If `allowedOrigins` is set, Origin must match one exactly (no wildcards).\n * - Otherwise, Origin's host must match the request's Host header.\n \n Safe methods (GET, HEAD, OPTIONS) always pass.\n /\nexport function validateCsrf(req: Request, config: CsrfConfig): CsrfResult {\n // Safe methods don't need CSRF protection\n if (SAFE_METHODS.has(req.method)) {\n return { ok: true };\n }\n\n // Explicitly disabled\n if (config.csrf === false) {\n return { ok: true };\n }\n\n const origin = req.headers.get('Origin');\n\n // No Origin header on a mutation → reject\n if (!origin) {\n return { ok: false, status: 403 };\n }\n\n // If allowedOrigins is configured, use that instead of Host-based derivation\n if (config.allowedOrigins) {\n const allowed = config.allowedOrigins.includes(origin);\n return allowed ? { ok: true } : { ok: false, status: 403 };\n }\n\n // Auto-derive from Host header\n const host = req.headers.get('Host');\n if (!host) {\n return { ok: false, status: 403 };\n }\n\n // Extract hostname from Origin URL and compare to Host header\n let originHost: string;\n try {\n originHost = new URL(origin).host;\n } catch {\n return { ok: false, status: 403 };\n }\n\n return originHost === host ? { ok: true } : { ok: false, status: 403 };\n}\n","/\n Request body size limits — returns 413 when exceeded.\n * See design/08-forms-and-actions.md §\"FormData Limits\"\n /\n\nexport interface BodyLimitsConfig {\n limits?: {\n actionBodySize?: string;\n uploadBodySize?: string;\n maxFields?: number;\n };\n}\n\nexport type BodyLimitResult = { ok: true } \| { ok: false; status: 411 \| 413 };\n\nexport type BodyKind = 'action' \| 'upload';\n\nconst KB = 1024;\nconst MB = 1024 KB;\nconst GB = 1024 * MB;\n\nexport const DEFAULT_LIMITS = {\n actionBodySize: 1 * MB,\n uploadBodySize: 10 * MB,\n maxFields: 100,\n} as const;\n\nconst SIZE_PATTERN = /^(\\d+(?:\\.\\d+)?)\\s(kb\|mb\|gb)?$/i;\n\n/* Parse a human-readable size string (\"1mb\", \"512kb\", \"1024\") into bytes. /\nexport function parseBodySize(size: string): number {\n const match = SIZE_PATTERN.exec(size.trim());\n if (!match) {\n throw new Error(\n `Invalid body size format: \"${size}\". Expected format like \"1mb\", \"512kb\", or \"1024\".`\n );\n }\n\n const value = Number.parseFloat(match[1]);\n const unit = (match[2] ?? '').toLowerCase();\n\n switch (unit) {\n case 'kb':\n return Math.floor(value KB);\n case 'mb':\n return Math.floor(value * MB);\n case 'gb':\n return Math.floor(value * GB);\n case '':\n return Math.floor(value);\n default:\n throw new Error(`Unknown size unit: \"${unit}\"`);\n }\n}\n\n/** Check whether a request body exceeds the configured size limit (stateless, no ALS). /\nexport function enforceBodyLimits(\n req: Request,\n kind: BodyKind,\n config: BodyLimitsConfig\n): BodyLimitResult {\n const contentLength = req.headers.get('Content-Length');\n if (!contentLength) {\n // Reject requests without Content-Length — prevents body limit bypass via\n // chunked transfer-encoding. Browsers always send Content-Length for form POSTs.\n return { ok: false, status: 411 };\n }\n\n const bodySize = Number.parseInt(contentLength, 10);\n if (Number.isNaN(bodySize)) {\n return { ok: false, status: 411 };\n }\n\n const limit = resolveLimit(kind, config);\n return bodySize <= limit ? { ok: true } : { ok: false, status: 413 };\n}\n\n/* Check whether a FormData payload exceeds the configured field count limit. /\nexport function enforceFieldLimit(formData: FormData, config: BodyLimitsConfig): BodyLimitResult {\n const maxFields = config.limits?.maxFields ?? DEFAULT_LIMITS.maxFields;\n // Count unique keys — FormData.keys() yields duplicates for multi-value fields,\n // so we use a Set to count distinct field names.\n const fieldCount = new Set(formData.keys()).size;\n return fieldCount <= maxFields ? { ok: true } : { ok: false, status: 413 };\n}\n\n/\n Resolve the byte limit for a given body kind, using config overrides or defaults.\n /\nfunction resolveLimit(kind: BodyKind, config: BodyLimitsConfig): number {\n const userLimits = config.limits;\n\n if (kind === 'action') {\n return userLimits?.actionBodySize\n ? parseBodySize(userLimits.actionBodySize)\n : DEFAULT_LIMITS.actionBodySize;\n }\n\n return userLimits?.uploadBodySize\n ? parseBodySize(userLimits.uploadBodySize)\n : DEFAULT_LIMITS.uploadBodySize;\n}\n","/\n Route handler for route.ts API endpoints.\n \n route.ts files export named HTTP method handlers (GET, POST, etc.).\n * They share the same pipeline (proxy → match → middleware → access → handler)\n * but don't render React trees.\n \n See design/07-routing.md §\"route.ts — API Endpoints\"\n /\n\nimport type { RouteContext } from './types.js';\nimport { logRouteError } from './logger.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────\n\n/* HTTP methods that route.ts can export as named handlers. /\nexport type HttpMethod = 'GET' \| 'POST' \| 'PUT' \| 'PATCH' \| 'DELETE' \| 'HEAD' \| 'OPTIONS';\n\n/* A single route handler function — one-arg signature. /\nexport type RouteHandler = (ctx: RouteContext) => Response \| Promise<Response>;\n\n/* A route.ts module — named exports for each supported HTTP method. /\nexport type RouteModule = {\n [K in HttpMethod]?: RouteHandler;\n};\n\n/* All recognized HTTP method export names. /\nconst HTTP_METHODS: HttpMethod[] = ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'];\n\n// ─── Allowed Methods ─────────────────────────────────────────────────────\n\n/\n Resolve the full list of allowed methods for a route module.\n \n Includes:\n * - All explicitly exported methods\n * - HEAD (implicit when GET is exported)\n * - OPTIONS (always implicit)\n /\nexport function resolveAllowedMethods(mod: RouteModule): HttpMethod[] {\n const methods: HttpMethod[] = [];\n\n for (const method of HTTP_METHODS) {\n if (method === 'HEAD' \|\| method === 'OPTIONS') continue;\n if (mod[method]) {\n methods.push(method);\n }\n }\n\n // HEAD is implicit when GET is exported\n if (mod.GET && !mod.HEAD) {\n methods.push('HEAD');\n } else if (mod.HEAD) {\n methods.push('HEAD');\n }\n\n // OPTIONS is always implicit\n if (!mod.OPTIONS) {\n methods.push('OPTIONS');\n } else {\n methods.push('OPTIONS');\n }\n\n return methods;\n}\n\n// ─── Route Request Handler ───────────────────────────────────────────────\n\n/\n Handle an incoming request against a route.ts module.\n \n Dispatches to the named method handler, auto-generates 405/OPTIONS,\n * and merges response headers from ctx.headers.\n /\nexport async function handleRouteRequest(mod: RouteModule, ctx: RouteContext): Promise<Response> {\n const method = ctx.req.method.toUpperCase() as HttpMethod;\n const allowed = resolveAllowedMethods(mod);\n const allowHeader = allowed.join(', ');\n\n // Auto OPTIONS — 204 with Allow header\n if (method === 'OPTIONS') {\n if (mod.OPTIONS) {\n return runHandler(mod.OPTIONS, ctx);\n }\n return new Response(null, {\n status: 204,\n headers: { Allow: allowHeader },\n });\n }\n\n // HEAD fallback — run GET, strip body\n if (method === 'HEAD') {\n if (mod.HEAD) {\n return runHandler(mod.HEAD, ctx);\n }\n if (mod.GET) {\n const res = await runHandler(mod.GET, ctx);\n // Return headers + status but no body\n return new Response(null, {\n status: res.status,\n headers: res.headers,\n });\n }\n }\n\n // Dispatch to the named handler\n const handler = mod[method];\n if (!handler) {\n return new Response(null, {\n status: 405,\n headers: { Allow: allowHeader },\n });\n }\n\n return runHandler(handler, ctx);\n}\n\n/\n Run a handler, merge ctx.headers into the response, and catch errors.\n /\nasync function runHandler(handler: RouteHandler, ctx: RouteContext): Promise<Response> {\n try {\n const res = await handler(ctx);\n return mergeResponseHeaders(res, ctx.headers);\n } catch (error) {\n logRouteError({ method: ctx.req.method, path: new URL(ctx.req.url).pathname, error });\n return new Response(null, { status: 500 });\n }\n}\n\n/\n Merge response headers from ctx.headers into the handler's response.\n * ctx.headers (set by middleware or the handler) are applied to the final response.\n * Handler-set headers take precedence over ctx.headers.\n /\nfunction mergeResponseHeaders(res: Response, ctxHeaders: Headers): Response {\n // If no ctx headers to merge, return as-is\n let hasCtxHeaders = false;\n ctxHeaders.forEach(() => {\n hasCtxHeaders = true;\n });\n if (!hasCtxHeaders) return res;\n\n // Merge: ctx.headers first, then handler response headers override.\n // Set-Cookie needs special handling: Headers.set() replaces all values\n // for a key, but each Set-Cookie must be its own header per RFC 6265 §4.1.\n // Use append for Set-Cookie, set for everything else.\n const merged = new Headers();\n ctxHeaders.forEach((value, key) => {\n if (key.toLowerCase() === 'set-cookie') {\n merged.append(key, value);\n } else {\n merged.set(key, value);\n }\n });\n // Response Set-Cookie headers: use getSetCookie() to preserve individual\n // cookies (forEach joins them with \", \" into one entry).\n const resCookies = res.headers.getSetCookie();\n for (const cookie of resCookies) {\n merged.append('Set-Cookie', cookie);\n }\n res.headers.forEach((value, key) => {\n if (key.toLowerCase() !== 'set-cookie') {\n merged.set(key, value);\n }\n });\n\n return new Response(res.body, {\n status: res.status,\n statusText: res.statusText,\n headers: merged,\n });\n}\n","/\n Render timeout utilities for SSR streaming pipeline.\n \n Provides a RenderTimeoutError class and a helper to create\n * timeout-guarded AbortSignals. Used to defend against hung RSC\n * streams and infinite SSR renders.\n \n Design doc: 02-rendering-pipeline.md §\"Streaming Constraints\"\n /\n\n/\n Error thrown when an SSR render or RSC stream read exceeds the\n * configured timeout. Callers can check `instanceof RenderTimeoutError`\n * to distinguish timeout from other errors and return a 504 or close\n * the connection cleanly.\n /\nexport class RenderTimeoutError extends Error {\n readonly timeoutMs: number;\n\n constructor(timeoutMs: number, context?: string) {\n const message = context\n ? `Render timeout after ${timeoutMs}ms: ${context}`\n : `Render timeout after ${timeoutMs}ms`;\n super(message);\n this.name = 'RenderTimeoutError';\n this.timeoutMs = timeoutMs;\n }\n}\n\n/\n Result of createRenderTimeout — an AbortSignal that fires after\n * the given duration, plus a cancel function to clear the timer\n * when the render completes normally.\n /\nexport interface RenderTimeout {\n /* AbortSignal that aborts after timeoutMs. /\n signal: AbortSignal;\n /* Cancel the timeout timer. Call this when the render completes. /\n cancel: () => void;\n}\n\n/\n Create a render timeout that aborts after the given duration.\n \n Returns an AbortSignal and a cancel function. The signal fires\n * with a RenderTimeoutError as the abort reason after `timeoutMs`.\n * Call `cancel()` when the render completes to prevent the timeout\n * from firing.\n \n If an existing `parentSignal` is provided, the returned signal\n * aborts when either the parent signal or the timeout fires —\n * whichever comes first.\n /\nexport function createRenderTimeout(timeoutMs: number, parentSignal?: AbortSignal): RenderTimeout {\n const controller = new AbortController();\n const reason = new RenderTimeoutError(timeoutMs, 'RSC stream read timed out');\n\n const timer = setTimeout(() => {\n controller.abort(reason);\n }, timeoutMs);\n\n // If there's a parent signal (e.g. request abort), chain it\n if (parentSignal) {\n if (parentSignal.aborted) {\n clearTimeout(timer);\n controller.abort(parentSignal.reason);\n } else {\n parentSignal.addEventListener(\n 'abort',\n () => {\n clearTimeout(timer);\n controller.abort(parentSignal.reason);\n },\n { once: true }\n );\n }\n }\n\n return {\n signal: controller.signal,\n cancel: () => {\n clearTimeout(timer);\n },\n };\n}\n\n/\n Race a promise against a timeout. Rejects with RenderTimeoutError\n * if the promise does not resolve within `timeoutMs`.\n \n Used to guard individual `rscReader.read()` calls inside pullLoop.\n */\nexport function withTimeout<T>(\n promise: Promise<T>,\n timeoutMs: number,\n context?: string\n): Promise<T> {\n let timer: ReturnType<typeof setTimeout>;\n const timeoutPromise = new Promise<never>((_resolve, reject) => {\n timer = setTimeout(() => {\n reject(new RenderTimeoutError(timeoutMs, context));\n }, timeoutMs);\n });\n\n return Promise.race([promise, timeoutPromise]).finally(() => {\n clearTimeout(timer!);\n });\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAgBA,IAAM,uBAAuB;;AAG7B,IAAM,eAAe;;;;;;;;;;;;;AAcrB,SAAgB,aAAa,aAAqB,qBAAqB,MAA0B;AAG/F,KAAI,qBAAqB,KAAK,YAAY,CACxC,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;AAEnC,KAAI,aAAa,KAAK,YAAY,CAChC,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;CAKnC,IAAI;AACJ,KAAI;AACF,YAAU,mBAAmB,YAAY;SACnC;AAEN,SAAO;GAAE,IAAI;GAAO,QAAQ;GAAK;;AAKnC,KAAI,QAAQ,SAAS,KAAK,CACxB,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;CAQnC,IAAI,WAAW,QAAQ,QAAQ,UAAU,IAAI;CAG7C,MAAM,WAAW,SAAS,MAAM,IAAI;CACpC,MAAM,WAAqB,EAAE;AAC7B,MAAK,MAAM,OAAO,SAChB,KAAI,QAAQ,MAAM;AAChB,MAAI,SAAS,UAAU,EAErB,QAAO;GAAE,IAAI;GAAO,QAAQ;GAAK;AAEnC,WAAS,KAAK;YACL,QAAQ,IACjB,UAAS,KAAK,IAAI;AAItB,YAAW,SAAS,KAAK,IAAI,IAAI;AAGjC,KAAI,sBAAsB,SAAS,SAAS,KAAK,SAAS,SAAS,IAAI,CACrE,YAAW,SAAS,MAAM,GAAG,GAAG;AAGlC,QAAO;EAAE,IAAI;EAAM;EAAU;;;;;;;;;;;;AChE/B,eAAsB,SACpB,aACA,KACA,MACmB;CACnB,MAAM,MAAM,MAAM,QAAQ,YAAY,GAAG,cAAc,CAAC,YAAY;CAIpE,IAAI,IAAI,IAAI;CACZ,IAAI,WAAW;AACf,QAAO,KAAK;EACV,MAAM,KAAK,IAAI;EACf,MAAM,aAAa;AACnB,mBAAiB,QAAQ,QAAQ,GAAG,KAAK,WAAW,CAAC;;AAGvD,QAAO,UAAU;;;;;;;;;;;ACnBnB,eAAsB,cACpB,cACA,KAC+B;CAC/B,MAAM,SAAS,MAAM,aAAa,IAAI;AACtC,KAAI,kBAAkB,SACpB,QAAO;;;;;;;;;;;;;;;;AAmBX,eAAsB,mBACpB,OACA,KAC+B;AAC/B,MAAK,MAAM,MAAM,OAAO;EACtB,MAAM,SAAS,MAAM,GAAG,IAAI;AAC5B,MAAI,kBAAkB,SACpB,QAAO;;;;;;;;;;;;;;;;;;;;;ACtBb,SAAgB,uBAA0B,IAAgB;AACxD,QAAO,UAAU,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG;;;;;;AAiB3C,eAAsB,WACpB,MACA,MACA,IACY;CACZ,MAAM,QAAQ,UAAU,UAAU;AAClC,KAAI,CAAC,MAAO,QAAO,IAAI;CAEvB,MAAM,QAAQ,YAAY,KAAK;AAC/B,KAAI;AACF,SAAO,MAAM,IAAI;WACT;EACR,MAAM,MAAM,KAAK,MAAM,YAAY,KAAK,GAAG,MAAM;AACjD,QAAM,QAAQ,KAAK;GAAE;GAAM;GAAK;GAAM,CAAC;;;;;;;;;;AAW3C,SAAgB,wBAAuC;CACrD,MAAM,QAAQ,UAAU,UAAU;AAClC,KAAI,CAAC,SAAS,MAAM,QAAQ,WAAW,EAAG,QAAO;CAGjD,MAAM,6BAAa,IAAI,KAAqB;CAQ5C,MAAM,QAPU,MAAM,QAAQ,KAAK,UAAU;EAC3C,MAAM,QAAQ,WAAW,IAAI,MAAM,KAAK,IAAI;AAC5C,aAAW,IAAI,MAAM,MAAM,QAAQ,EAAE;EACrC,MAAM,aAAa,QAAQ,IAAI,GAAG,MAAM,KAAK,GAAG,UAAU,MAAM;AAChE,SAAO;GAAE,GAAG;GAAO,MAAM;GAAY;GACrC,CAEoB,KAAK,UAAU;EACnC,IAAI,OAAO,GAAG,MAAM,KAAK,OAAO,MAAM;AACtC,MAAI,MAAM,MAAM;GAEd,MAAM,WAAW,MAAM,KAAK,QAAQ,OAAO,OAAO,CAAC,QAAQ,MAAM,OAAM;AACvE,WAAQ,UAAU,SAAS;;AAE7B,SAAO;GACP;CAIF,MAAM,kBAAkB;CACxB,IAAI,SAAS;AACb,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;EACrC,MAAM,YAAY,SAAS,GAAG,OAAO,IAAI,MAAM,OAAO,MAAM;AAC5D,MAAI,UAAU,SAAS,gBAAiB;AACxC,WAAS;;AAGX,QAAO,UAAU;;;;;;;;;;;;;;;;;;;ACzFnB,IAAM,uBAAwE;CAC5E;EACE,SAAS;EACT,aAAa;EACd;CACD;EACE,SAAS;EACT,aAAa;EACd;CACD;EACE,SAAS;EACT,aAAa;EACd;CACD;EACE,SAAS;EACT,aAAa;EACd;CACF;;;;AAKD,IAAM,wBAAyE,CAC7E;CACE,SAAS;CACT,aAAa;CACd,EACD;CACE,SAAS;CACT,aAAa;CACd,CACF;;;;;AAMD,SAAgB,eAAe,OAAwB;AACrD,KAAI,EAAE,iBAAiB,OACrB,QAAO,OAAO,MAAM;CAGtB,IAAI,UAAU,MAAM;CACpB,IAAI,QAAQ,MAAM,SAAS;AAG3B,MAAK,MAAM,EAAE,SAAS,iBAAiB,sBACrC,WAAU,QAAQ,QAAQ,SAAS,YAAY;AAIjD,MAAK,MAAM,EAAE,SAAS,iBAAiB,qBACrC,SAAQ,MAAM,QAAQ,SAAS,YAAY;AAI7C,MAAK,MAAM,EAAE,SAAS,iBAAiB,sBACrC,SAAQ,MAAM,QAAQ,SAAS,YAAY;CAI7C,MAAM,OAAO,iBAAiB,MAAM,QAAQ;CAG5C,MAAM,QAAkB,EAAE;AAC1B,OAAM,KAAK,QAAQ;AACnB,KAAI,KACF,OAAM,KAAK,OAAO,OAAO;CAK3B,MAAM,aAAa,kBAAkB,MAAM;AAC3C,KAAI,WAAW,SAAS,GAAG;AACzB,QAAM,KAAK,GAAG;AACd,QAAM,KAAK,wBAAwB;AACnC,OAAK,MAAM,SAAS,WAClB,OAAM,KAAK,OAAO,QAAQ;;AAI9B,QAAO,MAAM,KAAK,KAAK;;;;;;;;;AAYzB,SAAS,iBAAiB,SAAgC;AAIxD,KADsB,QAAQ,MAAM,2DAA2D,EAC5E;EAGjB,MAAM,YAAY,QAAQ,MAAM,4BAA4B;AAC5D,MAAI,UACF,QAAO,SAAS,UAAU,GAAG;AAE/B,SAAO;;AAIT,KAAI,QAAQ,SAAS,yCAAyC,CAC5D,QAAO;CAIT,MAAM,eAAe,QAAQ,MAC3B,uEACD;AACD,KAAI,aACF,QAAO,aAAa,aAAa,GAAG,MAAM,aAAa,GAAG;CAI5D,MAAM,aAAa,QAAQ,MAAM,0BAA0B;AAC3D,KAAI,WACF,QAAO,IAAI,WAAW,GAAG;AAI3B,KAAI,QAAQ,SAAS,0BAA0B,CAC7C,QAAO;AAMT,KAAI,QAAQ,SAAS,oBAAoB,CACvC,QACE;AAOJ,QAAO;;;;;;;;AAWT,SAAS,kBAAkB,OAAyB;CAClD,MAAM,QAAQ,MAAM,MAAM,KAAK;CAC/B,MAAM,aAAuB,EAAE;AAE/B,MAAK,MAAM,QAAQ,OAAO;EACxB,MAAM,UAAU,KAAK,MAAM;AAE3B,MAAI,CAAC,QAAQ,WAAW,MAAM,CAAE;AAEhC,MACE,QAAQ,SAAS,eAAe,IAChC,QAAQ,SAAS,qBAAqB,IACtC,QAAQ,SAAS,eAAe,IAChC,QAAQ,SAAS,aAAa,IAC9B,QAAQ,SAAS,gBAAgB,CAEjC;AAEF,aAAW,KAAK,QAAQ;AACxB,MAAI,WAAW,UAAU,EAAG;;AAG9B,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACpKT,SAAS,iBAAiB,MAAwC;AAChE,KAAI,CAAC,KAAM,QAAO;CAElB,MAAM,QAAkB,EAAE;CAC1B,IAAI;AAEJ,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,KAAK,EAAE;AAC/C,MAAI,QAAQ,YAAY;AAEtB,aAAU,OAAO,UAAU,WAAW,QAAQ,OAAO,MAAM;AAC3D;;AAEF,MAAI,QAAQ,SAAS;AAEnB,SAAM,KAAK,SAAS,eAAe,MAAM,GAAG;AAC5C;;AAEF,MAAI,UAAU,KAAA,KAAa,UAAU,KAAM;AAC3C,QAAM,KAAK,GAAG,IAAI,GAAG,QAAQ;;AAI/B,KAAI,QACF,OAAM,KAAK,YAAY,QAAQ,MAAM,GAAG,EAAE,GAAG;AAG/C,QAAO,MAAM,SAAS,IAAI,OAAO,MAAM,KAAK,KAAK,GAAG;;;AAItD,SAAS,SAAS,OAAuB;AACvC,QAAO,MAAM,OAAO,EAAE;;AAGxB,SAAgB,sBAAoC;AAClD,QAAO;EACL,MAAM,KAAa,MAAsC;GAIvD,MAAM,SAAS,iBAAiB,KAAK;AACrC,WAAQ,OAAO,MAAM,YAAY,SAAS,QAAQ,CAAC,IAAI,MAAM,OAAO,IAAI;;EAG1E,KAAK,KAAa,MAAsC;GAEtD,MAAM,SAAS,iBAAiB,KAAK;AACrC,WAAQ,OAAO,MAAM,YAAY,SAAS,OAAO,CAAC,IAAI,MAAM,OAAO,IAAI;;EAGzE,KAAK,KAAa,MAAsC;AAGtD,OAAI,WAAW,CAAE;AACjB,OAAI,CAAC,SAAS,CAAE;GAChB,MAAM,SAAS,iBAAiB,KAAK;AACrC,WAAQ,OAAO,MAAM,YAAY,SAAS,OAAO,CAAC,IAAI,MAAM,OAAO,IAAI;;EAGzE,MAAM,KAAa,MAAsC;AAGvD,OAAI,WAAW,CAAE;AACjB,OAAI,CAAC,SAAS,CAAE;GAChB,MAAM,SAAS,iBAAiB,KAAK;AACrC,WAAQ,OAAO,MAAM,YAAY,SAAS,QAAQ,CAAC,IAAI,MAAM,OAAO,IAAI;;EAE3E;;;;;;;;;;;;;ACtEH,IAAI,UAAwB,qBAAqB;;;;;;AAOjD,SAAgB,UAAU,QAA4B;AACpD,WAAU;;;;;;AAOZ,SAAgB,YAA0B;AACxC,QAAO;;;;;;AAST,SAAS,iBAAiB,MAAyD;CACjF,MAAM,QAAQ,eAAe;CAC7B,MAAM,WAAoC,EAAE,GAAG,MAAM;AACrD,KAAI,OAAO;AACT,WAAS,WAAW,MAAM;AAC1B,MAAI,MAAM,OACR,UAAS,UAAU,MAAM;;AAG7B,QAAO;;;AAMT,SAAgB,oBAAoB,MAO3B;AACP,SAAQ,KAAK,qBAAqB,iBAAiB,KAAK,CAAC;;;AAI3D,SAAgB,mBAAmB,MAA8C;AAC/E,SAAQ,MAAM,oBAAoB,iBAAiB,KAAK,CAAC;;;AAI3D,SAAgB,eAAe,MAOtB;AACP,SAAQ,KAAK,mCAAmC,iBAAiB,KAAK,CAAC;;;AAIzE,SAAgB,0BAA0B,MAIjC;AACP,SAAQ,MAAM,8BAA8B,iBAAiB,KAAK,CAAC;;;AAIrE,SAAgB,mBAAmB,MAA8D;AAC/F,SAAQ,MAAM,uCAAuC,iBAAiB,KAAK,CAAC;;;AAI9E,SAAgB,eAAe,MAKtB;AACP,SAAQ,MAAM,gCAAgC,iBAAiB,KAAK,CAAC;;;AAIvE,SAAgB,cAAc,MAAgC;AAC5D,SAAQ,MAAM,iCAAiC,iBAAiB,KAAK,CAAC;;;AASxE,SAAgB,cAAc,MAA8D;AAC1F,SAAQ,MAAM,iCAAiC,iBAAiB,KAAK,CAAC;;;AASxE,SAAgB,0BAAgC;AAC9C,SAAQ,KAAK,uCAAuC;;;AAItD,SAAgB,qBAAqB,MAAgC;AACnE,SAAQ,KAAK,gCAAgC,iBAAiB,KAAK,CAAC;;;AAItE,SAAgB,oBAAoB,MAAkD;AACpF,SAAQ,KAAK,uCAAuC,iBAAiB,KAAK,CAAC;;;AAI7E,SAAgB,aAAa,MAAkC;AAC7D,SAAQ,MAAM,qBAAqB,iBAAiB,KAAK,CAAC;;;;;;;;;;;;;;ACrG5D,IAAI,eAAe;AACnB,IAAI,kBAAwD;;;;;;;;;;;AAY5D,eAAsB,oBACpB,QACe;AACf,KAAI,aAAc;AAClB,gBAAe;CAEf,IAAI;AACJ,KAAI;AACF,QAAM,MAAM,QAAQ;UACb,OAAO;AACd,UAAQ,MAAM,+CAA+C,MAAM;AACnE;;AAGF,KAAI,CAAC,IAAK;AAGV,KAAI,IAAI,UAAU,OAAO,IAAI,OAAO,SAAS,WAC3C,WAAU,IAAI,OAAO;AAIvB,KAAI,OAAO,IAAI,mBAAmB,WAChC,mBAAkB,IAAI;AAIxB,KAAI,OAAO,IAAI,aAAa,WAC1B,KAAI;AACF,QAAM,IAAI,UAAU;UACb,OAAO;AACd,UAAQ,MAAM,iDAAiD,MAAM;AACrE,QAAM;;;;;;;AASZ,eAAsB,mBACpB,OACA,SACA,SACe;AACf,KAAI,CAAC,gBAAiB;AACtB,KAAI;AACF,QAAM,gBAAgB,OAAO,SAAS,QAAQ;UACvC,WAAW;AAClB,UAAQ,MAAM,uCAAuC,UAAU;;;;;;AAOnE,SAAgB,oBAA6B;AAC3C,QAAO,oBAAoB;;;;;;;;;;AC7G7B,SAAgB,gBACd,IACA,UACM;CACN,MAAM,cAAmD;EACvD,CAAC,YAAY,GAAG,MAAM;EACtB,CAAC,kBAAkB,GAAG,YAAY;EAClC,CAAC,UAAU,GAAG,IAAI;EAClB,CAAC,gBAAgB,GAAG,SAAS;EAC7B,CAAC,aAAa,GAAG,OAAO;EACxB,CAAC,WAAW,GAAG,KAAK;EACpB,CAAC,6BAA6B,GAAG,cAAc;EAC/C,CAAC,4BAA4B,GAAG,aAAa;EAC9C;AAED,MAAK,MAAM,CAAC,UAAU,YAAY,YAChC,KAAI,QACF,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE;GAAU;GAAS;EAAE,CAAC;AAKhE,KAAI,GAAG,OACL,KAAI,OAAO,GAAG,WAAW,SACvB,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,UAAU;GAAY,SAAS,GAAG;GAAQ;EAAE,CAAC;MAC9E;EACL,MAAM,UAAU,MAAM,QAAQ,GAAG,OAAO,GAAG,GAAG,SAAS,CAAC,GAAG,OAAO;AAClE,OAAK,MAAM,OAAO,SAAS;AACzB,YAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,UAAU;KAAY,SAAS,IAAI;KAAK;IAAE,CAAC;AACjF,OAAI,IAAI,MACN,UAAS,KAAK;IACZ,KAAK;IACL,OAAO;KAAE,UAAU;KAAkB,SAAS,OAAO,IAAI,MAAM;KAAE;IAClE,CAAC;AAEJ,OAAI,IAAI,OACN,UAAS,KAAK;IACZ,KAAK;IACL,OAAO;KAAE,UAAU;KAAmB,SAAS,OAAO,IAAI,OAAO;KAAE;IACpE,CAAC;AAEJ,OAAI,IAAI,IACN,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,UAAU;KAAgB,SAAS,IAAI;KAAK;IAAE,CAAC;;;AAO7F,KAAI,GAAG,OACL,MAAK,MAAM,SAAS,GAAG,OACrB,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,UAAU;GAAY,SAAS,MAAM;GAAK;EAAE,CAAC;AAKvF,KAAI,GAAG,MACL,MAAK,MAAM,SAAS,GAAG,MACrB,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,UAAU;GAAY,SAAS,MAAM;GAAK;EAAE,CAAC;AAKvF,KAAI,GAAG,QACL,MAAK,MAAM,UAAU,GAAG,QACtB,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,UAAU;GAAqB,SAAS;GAAQ;EAC1D,CAAC;;;;;;;;AAWR,SAAgB,cAAc,IAAsC,UAA+B;CACjG,MAAM,cAAmD;EACvD,CAAC,gBAAgB,GAAG,KAAK;EACzB,CAAC,gBAAgB,GAAG,KAAK;EACzB,CAAC,mBAAmB,GAAG,OAAO;EAC9B,CAAC,iBAAiB,GAAG,MAAM;EAC3B,CAAC,uBAAuB,GAAG,YAAY;EACvC,CAAC,mBAAmB,GAAG,QAAQ;EAC/B,CAAC,sBAAsB,GAAG,UAAU;EACrC;AAED,MAAK,MAAM,CAAC,MAAM,YAAY,YAC5B,KAAI,QACF,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE;GAAM;GAAS;EAAE,CAAC;AAK5D,KAAI,GAAG,OACL,KAAI,OAAO,GAAG,WAAW,SACvB,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,MAAM;GAAiB,SAAS,GAAG;GAAQ;EAAE,CAAC;MAC/E;EACL,MAAM,UAAU,MAAM,QAAQ,GAAG,OAAO,GAAG,GAAG,SAAS,CAAC,GAAG,OAAO;AAClE,OAAK,MAAM,OAAO,SAAS;GACzB,MAAM,MAAM,OAAO,QAAQ,WAAW,MAAM,IAAI;AAChD,YAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM;KAAiB,SAAS;KAAK;IAAE,CAAC;;;AAMpF,KAAI,GAAG,QACL,MAAK,MAAM,UAAU,GAAG,SAAS;AAC/B,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,MAAM;IAAkB,SAAS,OAAO;IAAW;GAAE,CAAC;AAC5F,MAAI,OAAO,MACT,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,MAAM;IAAwB,SAAS,OAAO,OAAO,MAAM;IAAE;GACvE,CAAC;AAEJ,MAAI,OAAO,OACT,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,MAAM;IAAyB,SAAS,OAAO,OAAO,OAAO;IAAE;GACzE,CAAC;AAEJ,MAAI,OAAO,UACT,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,MAAM;IAAyB,SAAS,OAAO;IAAW;GACpE,CAAC;;AAMR,KAAI,GAAG,KAAK;EACV,MAAM,YAAkE;GACtE,CAAC,UAAU,SAAS;GACpB,CAAC,QAAQ,OAAO;GAChB,CAAC,cAAc,aAAa;GAC7B;AAID,MAAI,GAAG,IAAI;QACJ,MAAM,CAAC,KAAK,QAAQ,UACvB,KAAI,GAAG,IAAI,KAAK,KACd,UAAS,KAAK;IACZ,KAAK;IACL,OAAO;KAAE,MAAM,oBAAoB;KAAO,SAAS,GAAG,IAAI;KAAM;IACjE,CAAC;;AAKR,OAAK,MAAM,CAAC,KAAK,QAAQ,WAAW;GAClC,MAAM,KAAK,GAAG,IAAI,KAAK;AACvB,OAAI,GACF,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM,kBAAkB;KAAO,SAAS;KAAI;IAAE,CAAC;;AAIzF,OAAK,MAAM,CAAC,KAAK,QAAQ,WAAW;GAClC,MAAM,MAAM,GAAG,IAAI,MAAM;AACzB,OAAI,IACF,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM,mBAAmB;KAAO,SAAS;KAAK;IAAE,CAAC;;;;;;;;;ACxK/F,SAAgB,YAAY,OAAuC,UAA+B;AAEhG,KAAI,MAAM;MACJ,OAAO,MAAM,SAAS,SACxB,UAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,KAAK;IAAQ,MAAM,MAAM;IAAM;GAAE,CAAC;WAC/D,MAAM,QAAQ,MAAM,KAAK,CAClC,MAAK,MAAM,QAAQ,MAAM,MAAM;GAC7B,MAAM,QAAgC;IAAE,KAAK;IAAQ,MAAM,KAAK;IAAK;AACrE,OAAI,KAAK,MAAO,OAAM,QAAQ,KAAK;AACnC,OAAI,KAAK,KAAM,OAAM,OAAO,KAAK;AACjC,YAAS,KAAK;IAAE,KAAK;IAAQ;IAAO,CAAC;;;AAM3C,KAAI,MAAM,UAAU;EAClB,MAAM,OAAO,MAAM,QAAQ,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,MAAM,SAAS;AAC9E,OAAK,MAAM,OAAO,KAChB,UAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,KAAK;IAAiB,MAAM;IAAK;GAAE,CAAC;;AAK9E,KAAI,MAAM;MACJ,OAAO,MAAM,UAAU,SACzB,UAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,KAAK;IAAoB,MAAM,MAAM;IAAO;GAAE,CAAC;WAC5E,MAAM,QAAQ,MAAM,MAAM,CACnC,MAAK,MAAM,QAAQ,MAAM,OAAO;GAC9B,MAAM,QAAgC;IAAE,KAAK;IAAoB,MAAM,KAAK;IAAK;AACjF,OAAI,KAAK,MAAO,OAAM,QAAQ,KAAK;AACnC,YAAS,KAAK;IAAE,KAAK;IAAQ;IAAO,CAAC;;;AAM3C,KAAI,MAAM,MACR,MAAK,MAAM,QAAQ,MAAM,OAAO;EAC9B,MAAM,QAAgC;GAAE,KAAK,KAAK;GAAK,MAAM,KAAK;GAAK;AACvE,MAAI,KAAK,MAAO,OAAM,QAAQ,KAAK;AACnC,MAAI,KAAK,KAAM,OAAM,OAAO,KAAK;AACjC,WAAS,KAAK;GAAE,KAAK;GAAQ;GAAO,CAAC;;;;;;AAQ3C,SAAgB,iBACd,YACA,UACM;AACN,KAAI,WAAW,UACb,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,KAAK;GAAa,MAAM,WAAW;GAAW;EAAE,CAAC;AAGzF,KAAI,WAAW,UACb,MAAK,MAAM,CAAC,MAAM,SAAS,OAAO,QAAQ,WAAW,UAAU,CAC7D,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,KAAK;GAAa,UAAU;GAAM;GAAM;EAClD,CAAC;AAIN,KAAI,WAAW,MACb,MAAK,MAAM,CAAC,OAAO,SAAS,OAAO,QAAQ,WAAW,MAAM,CAC1D,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,KAAK;GAAa;GAAO;GAAM;EACzC,CAAC;AAIN,KAAI,WAAW,MACb,MAAK,MAAM,CAAC,MAAM,SAAS,OAAO,QAAQ,WAAW,MAAM,CACzD,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,KAAK;GAAa;GAAM;GAAM;EACxC,CAAC;;;;;AAQR,SAAgB,mBACd,cACA,UACM;CACN,MAAM,oBAAyD;EAC7D,CAAC,4BAA4B,aAAa,OAAO;EACjD,CAAC,SAAS,aAAa,MAAM;EAC7B,CAAC,uBAAuB,aAAa,OAAO;EAC7C;AAED,MAAK,MAAM,CAAC,MAAM,YAAY,kBAC5B,KAAI,QACF,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE;GAAM;GAAS;EAAE,CAAC;AAG5D,KAAI,aAAa,MACf,MAAK,MAAM,CAAC,MAAM,UAAU,OAAO,QAAQ,aAAa,MAAM,EAAE;EAC9D,MAAM,UAAU,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,KAAK,GAAG;AAC1D,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE;IAAM;IAAS;GAAE,CAAC;;;;;;AAQ9D,SAAgB,kBACd,aACA,UACM;AACN,KAAI,YAAY,QACd,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,MAAM;GAAgC,SAAS;GAAO;EAChE,CAAC;AAEJ,KAAI,YAAY,MACd,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,MAAM;GAA8B,SAAS,YAAY;GAAO;EAC1E,CAAC;AAEJ,KAAI,YAAY,eACd,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GACL,MAAM;GACN,SAAS,YAAY;GACtB;EACF,CAAC;AAEJ,KAAI,YAAY,cAAc;EAC5B,MAAM,SAAS,MAAM,QAAQ,YAAY,aAAa,GAClD,YAAY,eACZ,CAAC,EAAE,KAAK,YAAY,cAAc,CAAC;AACvC,OAAK,MAAM,OAAO,QAAQ;GAExB,MAAM,QAAgC;IAAE,KAAK;IAA6B,MAD9D,OAAO,QAAQ,WAAW,MAAM,IAAI;IACqC;AACrF,OAAI,OAAO,QAAQ,YAAY,IAAI,MACjC,OAAM,QAAQ,IAAI;AAEpB,YAAS,KAAK;IAAE,KAAK;IAAQ;IAAO,CAAC;;;;;;;AAQ3C,SAAgB,eACd,UACA,UACM;CACN,MAAM,kBAA+E;EACnF,CAAC,OAAO,SAAS,IAAI;EACrB,CAAC,WAAW,SAAS,QAAQ;EAC7B,CAAC,WAAW,SAAS,QAAQ;EAC7B,CAAC,iBAAiB,SAAS,aAAa;EACxC,CAAC,qBAAqB,SAAS,iBAAiB;EACjD;AAED,MAAK,MAAM,CAAC,UAAU,YAAY,iBAAiB;AACjD,MAAI,CAAC,QAAS;AACd,OAAK,MAAM,SAAS,QAClB,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,MAAM,CAC9C,KAAI,UAAU,KAAA,KAAa,UAAU,KACnC,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,UAAU,MAAM,SAAS,GAAG;IAAO,SAAS,OAAO,MAAM;IAAE;GACrE,CAAC;;AAMV,KAAI,SAAS,KAAK;AAChB,MAAI,SAAS,IAAI,IACf,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,UAAU;IAAc,SAAS,SAAS,IAAI;IAAK;GAC7D,CAAC;AAEJ,MAAI,SAAS,IAAI,mBAAmB,KAAA,EAClC,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IACL,UAAU;IACV,SAAS,SAAS,IAAI,iBAAiB,SAAS;IACjD;GACF,CAAC;;;;;;AAQR,SAAgB,aACd,QACA,UACM;CACN,MAAM,QAAQ,CAAC,UAAU,OAAO,QAAQ;AACxC,KAAI,OAAO,cAAe,OAAM,KAAK,kBAAkB,OAAO,gBAAgB;AAC9E,KAAI,OAAO,YAAa,OAAM,KAAK,gBAAgB,OAAO,cAAc;AACxE,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,MAAM;GAAoB,SAAS,MAAM,KAAK,KAAK;GAAE;EAC/D,CAAC;;;;;;;;;;;;;ACvMJ,SAAgB,yBAAyB,UAAmC;CAC1E,MAAM,WAA0B,EAAE;AAGlC,KAAI,OAAO,SAAS,UAAU,SAC5B,UAAS,KAAK;EAAE,KAAK;EAAS,SAAS,SAAS;EAAO,CAAC;CAI1D,MAAM,kBAAuD;EAC3D,CAAC,eAAe,SAAS,YAAY;EACrC,CAAC,aAAa,SAAS,UAAU;EACjC,CAAC,oBAAoB,SAAS,gBAAgB;EAC9C,CAAC,YAAY,SAAS,SAAS;EAC/B,CAAC,YAAY,SAAS,SAAS;EAC/B,CAAC,WAAW,SAAS,QAAQ;EAC7B,CAAC,aAAa,SAAS,UAAU;EAClC;AAED,MAAK,MAAM,CAAC,MAAM,YAAY,gBAC5B,KAAI,QACF,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE;GAAM;GAAS;EAAE,CAAC;AAK5D,KAAI,SAAS,UAAU;EACrB,MAAM,UAAU,MAAM,QAAQ,SAAS,SAAS,GAC5C,SAAS,SAAS,KAAK,KAAK,GAC5B,SAAS;AACb,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,MAAM;IAAY;IAAS;GAAE,CAAC;;AAItE,KAAI,SAAS,QAAQ;EACnB,MAAM,UACJ,OAAO,SAAS,WAAW,WAAW,SAAS,SAAS,mBAAmB,SAAS,OAAO;AAC7F,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,MAAM;IAAU;IAAS;GAAE,CAAC;AAGlE,MAAI,OAAO,SAAS,WAAW,YAAY,SAAS,OAAO,WAAW;GACpE,MAAM,YACJ,OAAO,SAAS,OAAO,cAAc,WACjC,SAAS,OAAO,YAChB,mBAAmB,SAAS,OAAO,UAAU;AACnD,YAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM;KAAa,SAAS;KAAW;IAAE,CAAC;;;AAKpF,KAAI,SAAS,UACX,iBAAgB,SAAS,WAAW,SAAS;AAI/C,KAAI,SAAS,QACX,eAAc,SAAS,SAAS,SAAS;AAI3C,KAAI,SAAS,MACX,aAAY,SAAS,OAAO,SAAS;AAIvC,KAAI,SAAS,SACX,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,KAAK;GAAY,MAAM,SAAS;GAAU;EAAE,CAAC;AAIrF,KAAI,SAAS,WACX,kBAAiB,SAAS,YAAY,SAAS;AAIjD,KAAI,SAAS,aACX,oBAAmB,SAAS,cAAc,SAAS;AAIrD,KAAI,SAAS,iBAAiB;EAC5B,MAAM,QAAkB,EAAE;AAC1B,MAAI,SAAS,gBAAgB,cAAc,MAAO,OAAM,KAAK,eAAe;AAC5E,MAAI,SAAS,gBAAgB,UAAU,MAAO,OAAM,KAAK,WAAW;AACpE,MAAI,SAAS,gBAAgB,YAAY,MAAO,OAAM,KAAK,aAAa;AACxE,MAAI,MAAM,SAAS,EACjB,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,MAAM;IAAoB,SAAS,MAAM,KAAK,KAAK;IAAE;GAC/D,CAAC;;AAKN,KAAI,SAAS,SAAS;EACpB,MAAM,aAAa,MAAM,QAAQ,SAAS,QAAQ,GAAG,SAAS,UAAU,CAAC,SAAS,QAAQ;AAC1F,OAAK,MAAM,UAAU,YAAY;AAC/B,OAAI,OAAO,KACT,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM;KAAU,SAAS,OAAO;KAAM;IAAE,CAAC;AAEjF,OAAI,OAAO,IACT,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,KAAK;KAAU,MAAM,OAAO;KAAK;IAAE,CAAC;;;AAMhF,KAAI,SAAS,YACX,mBAAkB,SAAS,aAAa,SAAS;AAInD,KAAI,SAAS,SACX,gBAAe,SAAS,UAAU,SAAS;AAI7C,KAAI,SAAS,OACX,cAAa,SAAS,QAAQ,SAAS;AAIzC,KAAI,SAAS,MACX,MAAK,MAAM,CAAC,MAAM,UAAU,OAAO,QAAQ,SAAS,MAAM,EAAE;EAC1D,MAAM,UAAU,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,KAAK,GAAG;AAC1D,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE;IAAM;IAAS;GAAE,CAAC;;AAI5D,QAAO;;AAKT,SAAS,mBAAmB,QAAyC;CACnE,MAAM,QAAkB,EAAE;AAC1B,KAAI,OAAO,UAAU,KAAM,OAAM,KAAK,QAAQ;AAC9C,KAAI,OAAO,UAAU,MAAO,OAAM,KAAK,UAAU;AACjD,KAAI,OAAO,WAAW,KAAM,OAAM,KAAK,SAAS;AAChD,KAAI,OAAO,WAAW,MAAO,OAAM,KAAK,WAAW;AACnD,QAAO,MAAM,KAAK,KAAK;;;;;;;;;;;;ACnHzB,SAAgB,aACd,OACA,UACoB;AACpB,KAAI,UAAU,KAAA,KAAa,UAAU,KACnC;AAGF,KAAI,OAAO,UAAU,SACnB,QAAO,WAAW,SAAS,QAAQ,MAAM,MAAM,GAAG;AAIpD,KAAI,MAAM,aAAa,KAAA,EACrB,QAAO,MAAM;AAGf,KAAI,MAAM,YAAY,KAAA,EACpB,QAAO,MAAM;;;;;;;;;;;;;;;AAqBjB,SAAgB,gBACd,SACA,UAAkC,EAAE,EAC1B;CACV,MAAM,EAAE,aAAa,UAAU;CAE/B,MAAM,SAAmB,EAAE;CAC3B,IAAI;CACJ,IAAI;CACJ,IAAI;AAEJ,MAAK,MAAM,EAAE,UAAU,YAAY,SAAS;AAE1C,MAAI,cAAc,OAChB;AAIF,MAAI,SAAS,UAAU,KAAA,KAAa,OAAO,SAAS,UAAU,UAAU;AACtE,OAAI,SAAS,MAAM,aAAa,KAAA,EAC9B,iBAAgB,SAAS,MAAM;AAEjC,OAAI,SAAS,MAAM,YAAY,KAAA,EAC7B,eAAc,SAAS,MAAM;;AAKjC,OAAK,MAAM,OAAO,OAAO,KAAK,SAAS,EAA2B;AAChE,OAAI,QAAQ,QAAS;AAEpB,UAAe,OAAO,SAAS;;AAIlC,MAAI,SAAS,UAAU,KAAA,EACrB,YAAW,SAAS;;AAKxB,KAAI,YAAY;AACd,aAAW,gBAAgB,KAAA,IAAY,EAAE,SAAS,aAAa,GAAG;AAElE,kBAAgB,KAAA;;CAIlB,MAAM,gBAAgB,aAAa,UAAU,cAAc;AAC3D,KAAI,kBAAkB,KAAA,EACpB,QAAO,QAAQ;AAIjB,KAAI,WACF,QAAO,SAAS;AAGlB,QAAO;;;;;AAQT,SAAS,cAAc,KAAsB;AAC3C,QAAO,IAAI,WAAW,UAAU,IAAI,IAAI,WAAW,WAAW,IAAI,IAAI,WAAW,KAAK;;;;;AAMxF,SAAS,WAAW,KAAa,MAAmB;AAClD,KAAI,cAAc,IAAI,CAAE,QAAO;AAC/B,QAAO,IAAI,IAAI,KAAK,KAAK,CAAC,UAAU;;;;;;;;AAStC,SAAgB,oBAAoB,UAA8B;CAChE,MAAM,OAAO,SAAS;AACtB,KAAI,CAAC,KAAM,QAAO;CAElB,MAAM,SAAS,EAAE,GAAG,UAAU;AAG9B,KAAI,OAAO,WAAW;AACpB,SAAO,YAAY,EAAE,GAAG,OAAO,WAAW;AAC1C,MAAI,OAAO,OAAO,UAAU,WAAW,SACrC,QAAO,UAAU,SAAS,WAAW,OAAO,UAAU,QAAQ,KAAK;WAC1D,MAAM,QAAQ,OAAO,UAAU,OAAO,CAC/C,QAAO,UAAU,SAAS,OAAO,UAAU,OAAO,KAAK,SAAS;GAC9D,GAAG;GACH,KAAK,WAAW,IAAI,KAAK,KAAK;GAC/B,EAAE;WACM,OAAO,UAAU,OAE1B,QAAO,UAAU,SAAS;GACxB,GAAG,OAAO,UAAU;GACpB,KAAK,WAAW,OAAO,UAAU,OAAO,KAAK,KAAK;GACnD;AAEH,MAAI,OAAO,UAAU,OAAO,CAAC,cAAc,OAAO,UAAU,IAAI,CAC9D,QAAO,UAAU,MAAM,WAAW,OAAO,UAAU,KAAK,KAAK;;AAKjE,KAAI,OAAO,SAAS;AAClB,SAAO,UAAU,EAAE,GAAG,OAAO,SAAS;AACtC,MAAI,OAAO,OAAO,QAAQ,WAAW,SACnC,QAAO,QAAQ,SAAS,WAAW,OAAO,QAAQ,QAAQ,KAAK;WACtD,MAAM,QAAQ,OAAO,QAAQ,OAAO,EAAE;GAE/C,MAAM,WAAW,OAAO,QAAQ,OAAO,KAAK,QAC1C,OAAO,QAAQ,WAAW,WAAW,KAAK,KAAK,GAAG;IAAE,GAAG;IAAK,KAAK,WAAW,IAAI,KAAK,KAAK;IAAE,CAC7F;GAED,MAAM,aAAa,SAAS,OAAO,MAAM,OAAO,MAAM,SAAS;AAC/D,UAAO,QAAQ,SAAS,aACnB,WACA;aACI,OAAO,QAAQ,OAExB,QAAO,QAAQ,SAAS;GACtB,GAAG,OAAO,QAAQ;GAClB,KAAK,WAAW,OAAO,QAAQ,OAAO,KAAK,KAAK;GACjD;;AAKL,KAAI,OAAO,YAAY;AACrB,SAAO,aAAa,EAAE,GAAG,OAAO,YAAY;AAC5C,MAAI,OAAO,WAAW,aAAa,CAAC,cAAc,OAAO,WAAW,UAAU,CAC5E,QAAO,WAAW,YAAY,WAAW,OAAO,WAAW,WAAW,KAAK;AAE7E,MAAI,OAAO,WAAW,WAAW;GAC/B,MAAM,QAAgC,EAAE;AACxC,QAAK,MAAM,CAAC,MAAM,QAAQ,OAAO,QAAQ,OAAO,WAAW,UAAU,CACnE,OAAM,QAAQ,cAAc,IAAI,GAAG,MAAM,WAAW,KAAK,KAAK;AAEhE,UAAO,WAAW,YAAY;;;AAKlC,KAAI,OAAO,OAAO;AAChB,SAAO,QAAQ,EAAE,GAAG,OAAO,OAAO;AAClC,MAAI,OAAO,OAAO,MAAM,SAAS,SAC/B,QAAO,MAAM,OAAO,WAAW,OAAO,MAAM,MAAM,KAAK;WAC9C,MAAM,QAAQ,OAAO,MAAM,KAAK,CACzC,QAAO,MAAM,OAAO,OAAO,MAAM,KAAK,KAAK,OAAO;GAAE,GAAG;GAAG,KAAK,WAAW,EAAE,KAAK,KAAK;GAAE,EAAE;AAE5F,MAAI,OAAO,OAAO,MAAM,UAAU,SAChC,QAAO,MAAM,QAAQ,WAAW,OAAO,MAAM,OAAO,KAAK;WAChD,MAAM,QAAQ,OAAO,MAAM,MAAM,CAC1C,QAAO,MAAM,QAAQ,OAAO,MAAM,MAAM,KAAK,OAAO;GAAE,GAAG;GAAG,KAAK,WAAW,EAAE,KAAK,KAAK;GAAE,EAAE;;AAIhG,QAAO;;;;;;;;;;AC7OT,IAAa,kBAAb,cAAqC,MAAM;;CAEzC;CAEA,YAAY,UAAkB,OAAgB;EAC5C,MAAM,kBAAkB,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;AAC9E,QAAM,kCAAkC,SAAS,MAAM,mBAAmB,EAAE,OAAO,CAAC;AACpF,OAAK,OAAO;AACZ,OAAK,WAAW;;;;;;;;;;;;;;;;;;;;AAqBpB,eAAsB,WAAwC,QAAoC;AAChG,KAAI;AACF,SAAQ,MAAM,OAAO,MAAM;UACpB,OAAO;AACd,QAAM,IAAI,gBAAgB,OAAO,UAAU,MAAM;;;;;;;;;;;;;;;;;;;;;;;ACoDrD,SAAgB,uBACd,OACA,QACA,MAC2B;CAC3B,MAAM,IAAI;AAEV,MAAK,MAAM,SAAS,OAAO;AACzB,MAAI,MAAM,WAAW,OACnB,QAAO,EAAE,MAAM,WAAW;GAAE;GAAQ,qBAAqB;GAAM,CAAC;AAElE,MAAI,MAAM,WAAW,OAAO,UAAU,OAAO,UAAU,IACrD,QAAO,EAAE,MAAM,WAAW;GAAE;GAAQ,qBAAqB;GAAM,CAAC;AAElE,MAAI,MAAM,WAAW,OAAO,UAAU,OAAO,UAAU,IACrD,QAAO,EAAE,MAAM,WAAW;GAAE;GAAQ,qBAAqB;GAAM,CAAC;AAElE,MAAI,MAAM,WAAW,KACnB,QAAO,EAAE,MAAM,WAAW;GAAE;GAAQ,qBAAqB;GAAM,CAAC;;AAGpE,QAAO;;;;;;;AAUT,SAAgB,cAAc,QAAsB;CAClD,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,MACF,OAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACzGvB,SAAgB,WAAW,OAA8D;CACvF,MAAM,EAAE,UAAU,aAAa,SAAS,WAAW,aAAa;AAGhE,KAAI,YAAY,KAAA,GAAW;AACzB,MAAI,YAAY,OACd,QAAO;AAET,QAAM;;AAMR,QAAO,mBAAmB,UAAU,aAAa,WAAW,SAAS;;;;;;AAOvE,eAAe,mBACb,UACA,aACA,WACA,UACuB;AACvB,KAAI;AACF,QAAM,SAAS,iBAAiB,EAAE,kBAAkB,eAAe,WAAW,EAAE,YAAY;AAC1F,OAAI;AACF,UAAM,UAAU;AAChB,UAAM,iBAAiB,iBAAiB,OAAO;YACxC,OAAgB;AACvB,QAAI,iBAAiB,YAAY;AAC/B,WAAM,iBAAiB,iBAAiB,OAAO;AAC/C,WAAM,iBAAiB,sBAAsB,MAAM,OAAO;AAC1D,SAAI,MAAM,WACR,OAAM,iBAAiB,oBAAoB,MAAM,WAAW;eAErD,iBAAiB,eAC1B,OAAM,iBAAiB,iBAAiB,WAAW;AAErD,UAAM;;IAER;UACK,OAAgB;AAIvB,MAAI,iBAAiB,cAAc,WAAW;GAC5C,MAAM,cAAc,uBAAuB,WAAW,MAAM,QAAQ,MAAM,KAAK;AAC/E,OAAI,aAAa;AACf,kBAAc,MAAM,OAAO;AAC3B,WAAO;;;AAGX,QAAM;;AAGR,QAAO;;;;;;;;;;;;;;;;AAmBT,eAAsB,eAAe,OAAmD;CACtF,MAAM,EAAE,UAAU,iBAAiB,UAAU,eAAe,iBAAiB,aAAa;AAE1F,KAAI;AACF,QAAM,UAAU;UACT,OAAgB;AAGvB,MAAI,iBAAiB,WACnB,QACE,oBAAoB,iBAAiB,UAAU,MAAM,MAAM,cAAc,IACzE,mBACA;AAQJ,MAAI,iBAAiB,gBAAgB;AACnC,OAAI,SAAS,CACX,SAAQ,MACN,gNAGD;AAGH,UACE,oBAAoB,iBAAiB,UAAU,KAAA,GAAW,cAAc,IACxE,mBACA;;AAMJ,MAAI,SAAS,CACX,SAAQ,KACN,oGAEA,MACD;AAEH,QAAM;;AAIR,QAAO;;;;;;AAOT,SAAS,oBACP,iBACA,UACA,MACA,eACqB;AACrB,KAAI,CAAC,gBAAiB,QAAO;AAC7B,QAAO,cAAc,iBAAiB;EACpC,MAAM;EACN,qBAAqB;EACtB,CAAC;;;;;;;;AC5GJ,IAAa,qBAAb,cAAwC,MAAM;CAC5C,YAAY,SAAiB;AAC3B,QAAM,QAAQ;AACd,OAAK,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACnDhB,IAAa,uBAAuB;;AAGpC,IAAa,gBAAgB;;;;;AAQ7B,IAAI,sBAAqC;;;;;;;;;;;;AAuCzC,SAAgB,iBAAiB,KAA+B;AAE9D,KAAI,CAAC,oBACH,QAAO;EAAE,IAAI;EAAM,UAAU;EAAM;CAGrC,MAAM,WAAW,IAAI,QAAQ,IAAI,qBAAqB;AAGtD,KAAI,CAAC,SACH,QAAO;EAAE,IAAI;EAAM,UAAU;EAAM;AAIrC,KAAI,aAAa,oBACf,QAAO;EAAE,IAAI;EAAM;EAAU;AAG/B,QAAO;EAAE,IAAI;EAAO;EAAU;;;;;;AAOhC,SAAgB,mBAAmB,SAAwB;AACzD,SAAQ,IAAI,eAAe,IAAI;;;;;;;;;;;;;;;;ACvFjC,IAAM,qBAAqB,IAAI,IAAI;CACjC;CACA;CACA;CACA;CACA;CACD,CAAC;;;;;;;;;;AAWF,eAAsB,wBACpB,WACmB;CACnB,MAAM,EAAE,aAAa,SAAS;CAC9B,MAAM,SAAS,mBAAmB,IAAI,YAAY;CAElD,MAAM,OAAO,MAAM,SAAS,KAAK,SAAS;CAE1C,MAAM,UAAkC;EACtC,gBAAgB,SAAS,GAAG,YAAY,mBAAmB;EAC3D,kBAAkB,OAAO,KAAK,WAAW;EAC1C;AAED,QAAO,IAAI,SAAS,MAAM;EAAE,QAAQ;EAAK;EAAS,CAAC;;;;;;AAOrD,SAAgB,iBACd,SAMQ;AAmBR,QAAO,yGAlBM,QACV,KAAK,MAAM;EACV,IAAI,MAAM,qBAAqB,UAAU,EAAE,IAAI,CAAC;AAChD,MAAI,EAAE,cAAc;GAClB,MAAM,OAAO,EAAE,wBAAwB,OAAO,EAAE,aAAa,aAAa,GAAG,EAAE;AAC/E,UAAO,kBAAkB,UAAU,KAAK,CAAC;;AAE3C,MAAI,EAAE,gBACJ,QAAO,qBAAqB,UAAU,EAAE,gBAAgB,CAAC;AAE3D,MAAI,EAAE,aAAa,KAAA,EACjB,QAAO,mBAAmB,EAAE,SAAS;AAEvC,SAAO;AACP,SAAO;GACP,CACD,KAAK,KAAK,CAEwG;;;AAiBvH,SAAgB,UAAU,KAAqB;AAC7C,QAAO,IACJ,QAAQ,MAAM,QAAQ,CACtB,QAAQ,MAAM,OAAO,CACrB,QAAQ,MAAM,OAAO,CACrB,QAAQ,MAAM,SAAS,CACvB,QAAQ,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;AC1E5B,SAAgB,sBACd,gBACA,WACA,UACgC;AAChC,MAAK,MAAM,WAAW,UAAU;AAE9B,MAAI,CAAC,UAAU,WAAW,QAAQ,mBAAmB,CAAE;AAIvD,MAAI,uBAAuB,gBAAgB,QAAQ,mBAAmB,CACpE,QAAO,EAAE,gBAAgB,QAAQ,oBAAoB;;AAGzD,QAAO;;;;;;;;AAST,SAAgB,uBAAuB,UAAkB,SAA0B;CACjF,MAAM,YAAY,aAAa,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,CAAC,MAAM,IAAI;CACtE,MAAM,eAAe,YAAY,MAAM,EAAE,GAAG,QAAQ,MAAM,EAAE,CAAC,MAAM,IAAI;CAEvE,IAAI,KAAK;AACT,MAAK,IAAI,IAAI,GAAG,IAAI,aAAa,QAAQ,KAAK;EAC5C,MAAM,MAAM,mBAAmB,aAAa,GAAG;AAE/C,UAAQ,IAAI,MAAZ;GACE,KAAK,YACH,QAAO,KAAK,UAAU;GACxB,KAAK,qBACH,QAAO;GACT,KAAK;AACH,QAAI,MAAM,UAAU,OAAQ,QAAO;AACnC;AACA;GACF,KAAK;AACH,QAAI,MAAM,UAAU,UAAU,UAAU,QAAQ,IAAI,MAAO,QAAO;AAClE;AACA;;;AAIN,QAAO,OAAO,UAAU;;;;;;;;;;;;;;;;;ACnB1B,IAAM,iBAAiB,IAAI,IAAI;CAAC;CAAa;CAAe;CAAY,CAAC;;;;;;;;;;AAWzE,SAAgB,UAAU,QAAiC,QAAuC;AAChG,MAAK,MAAM,OAAO,OAAO,KAAK,OAAO,CACnC,KAAI,CAAC,eAAe,IAAI,IAAI,CAC1B,QAAO,OAAO,OAAO;;;;;;;;;;;;AAgJ3B,eAAsB,oBAAoB,OAAkC;CAC1E,MAAM,WAAW,MAAM;AAEvB,MAAK,MAAM,WAAW,UAAU;AAE9B,MAAI,CAAC,QAAQ,OAAQ;EAErB,IAAI;AACJ,MAAI;AACF,SAAM,MAAM,WAAW,QAAQ,OAAO;WAC/B,KAAK;AACZ,SAAM,IAAI,mBACR,6CAA6C,QAAQ,YAAY,KAAK,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,GACvH;;EAGH,MAAM,mBAAmB,IAAI;AAI7B,MAAI,CAAC,oBAAoB,OAAO,iBAAiB,UAAU,WAAY;AAEvE,MAAI;GACF,MAAM,UAAU,iBAAiB,MAAM,MAAM,cAAc;AAG3D,aAAU,MAAM,eAAe,QAAmC;WAC3D,KAAK;AACZ,SAAM,IAAI,mBAAmB,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,CAAC;;;;;;;;;;AAapF,SAAgB,eAAe,QAA6D;CAC1F,MAAM,EACJ,OACA,YACA,QACA,YACA,qBAAqB,MACrB,gBAAgB,KAChB,eAAe,SACf,oBACE;CAIJ,IAAI,iBAAiB;AAErB,QAAO,OAAO,QAAoC;EAChD,MAAM,MAAM,IAAI,IAAI,IAAI,IAAI;EAC5B,MAAM,SAAS,IAAI;EACnB,MAAM,OAAO,IAAI;EACjB,MAAM,YAAY,YAAY,KAAK;AACnC;AAOA,SAAO,eAFc,iBAAiB,EAEF,YAAY;AAG9C,UAAO,sBAAsB,KAAK,YAAY;IAG5C,MAAM,aAAa,YAAY;AAC7B,wBAAmB;MAAE;MAAQ;MAAM,CAAC;KAEpC,MAAM,WAAW,MAAM,SACrB,uBACA;MAAE,uBAAuB;MAAQ,YAAY;MAAM,EACnD,YAAY;MAGV,MAAM,UAAU,MAAM,gBAAgB;AACtC,UAAI,QACF,gBAAe,QAAQ,SAAS,QAAQ,OAAO;MAGjD,IAAI;AACJ,UAAI,SAAS,OAAO,YAClB,UAAS,MAAM,cAAc,KAAK,QAAQ,KAAK;UAE/C,UAAS,MAAM,cAAc,KAAK,QAAQ,KAAK;AAKjD,YAAM,iBAAiB,6BAA6B,OAAO,OAAO;AAKlE,UAAI,iBAAiB,YAAY;OAE/B,MAAM,eAAe,uBAAuB;AAC5C,WAAI,cAAc;AAChB,iBAAS,sBAAsB,OAAO;AACtC,eAAO,QAAQ,IAAI,iBAAiB,aAAa;;iBAE1C,iBAAiB,SAAS;OAInC,MAAM,UAAU,KAAK,MAAM,YAAY,KAAK,GAAG,UAAU;AACzD,gBAAS,sBAAsB,OAAO;AACtC,cAAO,QAAQ,IAAI,iBAAiB,aAAa,UAAU;;AAI7D,aAAO;OAEV;KAGD,MAAM,aAAa,KAAK,MAAM,YAAY,KAAK,GAAG,UAAU;KAC5D,MAAM,SAAS,SAAS;KACxB,MAAM,cAAc;AACpB;AACA,yBAAoB;MAAE;MAAQ;MAAM;MAAQ;MAAY;MAAa,CAAC;AAEtE,SAAI,gBAAgB,KAAK,aAAa,cACpC,gBAAe;MAAE;MAAQ;MAAM;MAAY,WAAW;MAAe;MAAa,CAAC;AAGrF,YAAO;;AAGT,WAAO,iBAAiB,aAAa,uBAAuB,WAAW,GAAG,YAAY;KACtF;IACF;;CAGJ,eAAe,cAAc,KAAc,QAAgB,MAAiC;AAC1F,MAAI;GAGF,IAAI;AACJ,OAAI,OAAO,YAET,gBADY,MAAM,OAAO,aAAa,EACpB;OAElB,eAAc,OAAO;GAEvB,MAAM,gBAAgB,SAAS,aAAa,WAAW,cAAc,KAAK,QAAQ,KAAK,CAAC;AACxF,UAAO,MAAM,SAAS,gBAAgB,EAAE,QACtC,iBAAiB,aAAa,WAAW,SAAS,YAAY,QAAQ,GAAG,SAAS,CACnF;WACM,OAAO;AAEd,iBAAc,EAAE,OAAO,CAAC;AACxB,SAAM,mBAAmB,OAAO,KAAK,QAAQ;AAC7C,OAAI,mBAAmB,iBAAiB,MAAO,iBAAgB,OAAO,QAAQ;AAC9E,UAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;;;;;;;;;;CAY9C,SAAS,sBAAsB,QAAwB,KAAc,SAA4B;AAE/F,OADe,IAAI,QAAQ,IAAI,SAAS,IAAI,IAAI,SAAS,mBAAmB,EACjE;AACT,WAAQ,IAAI,qBAAqB,OAAO,SAAS;AACjD,UAAO,IAAI,SAAS,MAAM;IAAE,QAAQ;IAAK;IAAS,CAAC;;AAErD,UAAQ,IAAI,YAAY,OAAO,SAAS;AACxC,SAAO,IAAI,SAAS,MAAM;GAAE,QAAQ,OAAO;GAAQ;GAAS,CAAC;;CAG/D,eAAe,cAAc,KAAc,QAAgB,MAAiC;EAG1F,MAAM,SAAS,aADH,IAAI,IAAI,IAAI,IAAI,CACI,UAAU,mBAAmB;AAC7D,MAAI,CAAC,OAAO,GACV,QAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,OAAO,QAAQ,CAAC;EAEtD,MAAM,oBAAoB,OAAO;AAKjC,MAAI,OAAO,oBAAoB;GAC7B,MAAM,YAAY,OAAO,mBAAmB,kBAAkB;AAC9D,OAAI,UACF,KAAI;AAIF,QAAI,UAAU,SACZ,QAAO,MAAM,wBAAwB,UAAU;IAGjD,MAAM,MAAM,MAAM,WAAmC,UAAU,KAAK;AACpE,QAAI,OAAO,IAAI,YAAY,WACzB,QAAO,IAAI,SAAS,iDAAiD,EAAE,QAAQ,KAAK,CAAC;IAEvF,MAAM,gBAAgB,MAAM,IAAI,SAAS;AAEzC,QAAI,yBAAyB,SAC3B,QAAO;IAGT,MAAM,cAAc,UAAU;IAC9B,IAAI;AACJ,QAAI,OAAO,kBAAkB,SAC3B,QAAO;aACE,gBAAgB,kBACzB,QAAO,iBAAiB,cAAc;aAC7B,gBAAgB,4BACzB,QAAO,KAAK,UAAU,eAAe,MAAM,EAAE;QAE7C,QAAO,OAAO,kBAAkB,WAAW,gBAAgB,OAAO,cAAc;AAElF,WAAO,IAAI,SAAS,MAAM;KACxB,QAAQ;KACR,SAAS,EAAE,gBAAgB,GAAG,YAAY,kBAAkB;KAC7D,CAAC;YACK,OAAO;AACd,mBAAe;KAAE;KAAQ;KAAM;KAAO,CAAC;AACvC,QAAI,mBAAmB,iBAAiB,MAAO,iBAAgB,OAAO,iBAAiB;AACvF,WAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;;AAShD,MAAI,OAAO,mBACT,KAAI;GACF,MAAM,kBAAkB,MAAM,OAAO,mBAAmB,kBAAkB;AAC1E,OAAI,gBAAiB,QAAO;WACrB,OAAO;AACd,kBAAe;IAAE;IAAQ;IAAM;IAAO,CAAC;AACvC,OAAI,mBAAmB,iBAAiB,MAAO,iBAAgB,OAAO,eAAe;AACrF,UAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;AAU9C,OADsB,IAAI,QAAQ,IAAI,SAAS,IAAI,IAAI,SAAS,mBAAmB;OAG7E,CADc,iBAAiB,IAAI,CACxB,IAAI;IACjB,MAAM,gBAAgB,IAAI,SAAS;AACnC,uBAAmB,cAAc;AACjC,WAAO,IAAI,SAAS,MAAM;KAAE,QAAQ;KAAK,SAAS;KAAe,CAAC;;;EAKtE,IAAI,QAAQ,WAAW,kBAAkB;EACzC,IAAI;EAOJ,MAAM,YAAY,IAAI,QAAQ,IAAI,eAAe;AACjD,MAAI,aAAa,OAAO,sBAAsB,QAAQ;GACpD,MAAM,cAAc,sBAClB,mBACA,WACA,OAAO,qBACR;AACD,OAAI,aAAa;IACf,MAAM,cAAc,WAAW,YAAY,eAAe;AAC1D,QAAI,aAAa;AACf,aAAQ;AACR,oBAAe,EAAE,gBAAgB,mBAAmB;;;;AAK1D,MAAI,CAAC,OAAO;AAGV,OAAI,OAAO,eAAe;IACxB,MAAM,kBAAkB,IAAI,SAAS;AACrC,WAAO,OAAO,cAAc,KAAK,gBAAgB;;AAEnD,UAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;EAK5C,MAAM,kBAAkB,IAAI,SAAS;EACrC,MAAM,uBAAuB,IAAI,SAAS;AAM1C,kBAAgB,IAAI,iBAAiB,0DAA0D;AAM/F,MAAI,WACF,KAAI;AACF,SAAM,WAAW,OAAO,KAAK,gBAAgB;UACvC;AASV,MAAI;AACF,SAAM,oBAAoB,MAAM;WACzB,OAAO;AACd,OAAI,iBAAiB,oBAAoB;IAGvC,MAAM,cAAc,MAAM,SAAS,MAAM,SAAS,SAAS;AAC3D,QACG,YAAoC,SACrC,CAAE,YAAmC,KAErC,QAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;AAK5C,QAAI,OAAO,cACT,QAAO,OAAO,cAAc,KAAK,gBAAgB;AAEnD,WAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;AAE5C,SAAM;;AAMR,mBAAiB,MAAM,cAAc;AAGrC,MAAI,MAAM,gBAAgB,SAAS,GAAG;GACpC,MAAM,MAAyB;IAC7B;IACA,gBAAgB;IAChB,SAAS;IACT,eAAe,MAAM;IACrB,aAAa,UAAU;AACrB,UAAK,MAAM,QAAQ,OAAO;MAIxB,IAAI;AACJ,UAAI,KAAK,OAAO,KAAA,EACd,SAAQ,IAAI,KAAK,KAAK,QAAQ,KAAK,GAAG,QAAQ,KAAK;UAEnD,SAAQ,IAAI,KAAK,KAAK,SAAS,KAAK;AAEtC,UAAI,KAAK,gBAAgB,KAAA,EAAW,UAAS,iBAAiB,KAAK;AACnE,UAAI,KAAK,kBAAkB,KAAA,EAAW,UAAS,mBAAmB,KAAK;AACvE,sBAAgB,OAAO,QAAQ,MAAM;;;IAG1C;AAED,OAAI;AAEF,4BAAwB,KAAK;IAC7B,MAAM,gBAAgB,mBAAmB,MAAM,iBAAiB,IAAI;IACpE,MAAM,qBAAqB,MAAM,SAAS,qBAAqB,EAAE,QAC/D,iBAAiB,aAAa,WAAW,MAAM,iBAAiB,QAAQ,GAAG,SAAS,CACrF;AACD,4BAAwB,MAAM;AAC9B,QAAI,oBAAoB;KAItB,MAAM,gBAAgB,sBAAsB,mBAAmB;AAC/D,oBAAe,cAAc,QAAQ;KAKrC,MAAM,eAAe,IAAI,IACvB,CAAC,GAAG,cAAc,QAAQ,MAAM,CAAC,CAAC,KAAK,MAAM,EAAE,aAAa,CAAC,CAC9D;AACD,UAAK,MAAM,CAAC,KAAK,UAAU,gBAAgB,SAAS,CAClD,KAAI,CAAC,aAAa,IAAI,IAAI,aAAa,CAAC,CACtC,eAAc,QAAQ,OAAO,KAAK,MAAM;AAG5C,+BAA0B;MAAE;MAAQ;MAAM,QAAQ,cAAc;MAAQ,CAAC;AACzE,YAAO;;AAIT,8BAA0B,qBAAqB;YACxC,OAAO;AACd,4BAAwB,MAAM;AAE9B,QAAI,iBAAiB,gBAAgB;AACnC,oBAAe,gBAAgB;AAC/B,YAAO,sBAAsB,OAAO,KAAK,gBAAgB;;AAI3D,QAAI,iBAAiB,YAAY;AAC/B,oBAAe,gBAAgB;AAC/B,SAAI,OAAO,mBACT,KAAI;AACF,aAAO,MAAM,OAAO,mBAAmB,OAAO,KAAK,gBAAgB;aAC7D;AAIV,YAAO,IAAI,SAAS,MAAM;MAAE,QAAQ,MAAM;MAAQ,SAAS;MAAiB,CAAC;;AAI/E,uBAAmB;KAAE;KAAQ;KAAM;KAAO,CAAC;AAC3C,UAAM,mBAAmB,OAAO,KAAK,UAAU;AAC/C,QAAI,mBAAmB,iBAAiB,MAAO,iBAAgB,OAAO,aAAa;AACnF,WAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;;AAO9C,iBAAe,gBAAgB;AAG/B,MAAI;GACF,MAAM,iBACJ,OAAO,KAAK,OAAO,iBAAiB,sBAAsB,aAAa;GACzE,MAAM,WAAW,MAAM,SAAS,iBAAiB,EAAE,cAAc,mBAAmB,QAClF,iBAAiB,aACb,WAAW,UAAU,oBAAoB,SAAS,GAClD,UAAU,CACf;AACD,wBAAqB;AACrB,UAAO;WACA,OAAO;AAGd,OAAI,iBAAiB,YAAY;AAC/B,QAAI,OAAO,mBACT,KAAI;AACF,YAAO,MAAM,OAAO,mBAAmB,OAAO,KAAK,gBAAgB;YAC7D;AAIV,WAAO,IAAI,SAAS,MAAM;KAAE,QAAQ,MAAM;KAAQ,SAAS;KAAiB,CAAC;;AAG/E,OAAI,iBAAiB,eACnB,QAAO,sBAAsB,OAAO,KAAK,gBAAgB;AAE3D,kBAAe;IAAE;IAAQ;IAAM;IAAO,CAAC;AACvC,SAAM,mBAAmB,OAAO,KAAK,SAAS;AAC9C,OAAI,mBAAmB,iBAAiB,MAAO,iBAAgB,OAAO,SAAS;AAE/E,OAAI,OAAO,oBACT,KAAI;AACF,WAAO,MAAM,OAAO,oBAAoB,OAAO,KAAK,gBAAgB;WAC9D;AAIV,UAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;;;;;;;AAShD,eAAe,mBACb,OACA,KACA,OACe;CACf,MAAM,MAAM,IAAI,IAAI,IAAI,IAAI;CAC5B,MAAM,aAAqC,EAAE;AAC7C,KAAI,QAAQ,SAAS,GAAG,MAAM;AAC5B,aAAW,KAAK;GAChB;AAEF,OAAM,mBACJ,OACA;EAAE,QAAQ,IAAI;EAAQ,MAAM,IAAI;EAAU,SAAS;EAAY,EAC/D;EAAE;EAAO,WAAW,IAAI;EAAU,WAAW;EAAQ,SAAS,YAAY;EAAE,CAC7E;;;;;;AASH,SAAS,eAAe,SAAwB;AAC9C,MAAK,MAAM,SAAS,qBAAqB,CACvC,SAAQ,OAAO,cAAc,MAAM;;;;;;;;;;;;AAgBvC,SAAS,sBAAsB,UAA8B;AAC3D,KAAI;AAIF,WAAS,QAAQ,IAAI,kBAAkB,IAAI;AAC3C,WAAS,QAAQ,OAAO,iBAAiB;AACzC,SAAO;SACD;AAEN,SAAO,IAAI,SAAS,SAAS,MAAM;GACjC,QAAQ,SAAS;GACjB,YAAY,SAAS;GACrB,SAAS,IAAI,QAAQ,SAAS,QAAQ;GACvC,CAAC;;;;;;;;;;;ACxsBN,SAAgB,gBAAgB,UAA8B,UAAmC;CAC/F,MAAM,uBAAO,IAAI,KAAa;CAC9B,MAAM,SAAmB,EAAE;AAE3B,MAAK,MAAM,WAAW,SACpB,MAAK,MAAM,QAAQ,CAAC,QAAQ,QAAQ,QAAQ,KAAK,EAAE;AACjD,MAAI,CAAC,KAAM;EACX,MAAM,WAAW,SAAS,IAAI,KAAK;AACnC,MAAI,CAAC,SAAU;AACf,OAAK,MAAM,OAAO,SAChB,KAAI,CAAC,KAAK,IAAI,IAAI,EAAE;AAClB,QAAK,IAAI,IAAI;AACb,UAAO,KAAK,IAAI;;;AAMxB,QAAO;;;;;;;;AAwCT,SAAgB,kBACd,UACA,UACqB;CACrB,MAAM,uBAAO,IAAI,KAAa;CAC9B,MAAM,SAA8B,EAAE;AAEtC,MAAK,MAAM,WAAW,SACpB,MAAK,MAAM,QAAQ,CAAC,QAAQ,QAAQ,QAAQ,KAAK,EAAE;AACjD,MAAI,CAAC,KAAM;EACX,MAAM,QAAQ,SAAS,MAAM,KAAK;AAClC,MAAI,CAAC,MAAO;AACZ,OAAK,MAAM,SAAS,MAClB,KAAI,CAAC,KAAK,IAAI,MAAM,KAAK,EAAE;AACzB,QAAK,IAAI,MAAM,KAAK;AACpB,UAAO,KAAK,MAAM;;;AAM1B,QAAO;;;;;;;;AA8DT,SAAgB,2BACd,UACA,UACU;CACV,MAAM,uBAAO,IAAI,KAAa;CAC9B,MAAM,SAAmB,EAAE;AAE3B,MAAK,MAAM,WAAW,SACpB,MAAK,MAAM,QAAQ,CAAC,QAAQ,QAAQ,QAAQ,KAAK,EAAE;AACjD,MAAI,CAAC,KAAM;EACX,MAAM,WAAW,SAAS,cAAc,KAAK;AAC7C,MAAI,CAAC,SAAU;AACf,OAAK,MAAM,OAAO,SAChB,KAAI,CAAC,KAAK,IAAI,IAAI,EAAE;AAClB,QAAK,IAAI,IAAI;AACb,UAAO,KAAK,IAAI;;;AAMxB,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACnJT,SAAgB,iBAAiB,MAAyB;AAGxD,KAAI,KAAK,OAAO,KAAA,GAAW;EACzB,IAAI,QAAQ,IAAI,KAAK,KAAK,QAAQ,KAAK,GAAG,QAAQ,KAAK;AACvD,MAAI,KAAK,gBAAgB,KAAA,EAAW,UAAS,iBAAiB,KAAK;AACnE,MAAI,KAAK,kBAAkB,KAAA,EAAW,UAAS,mBAAmB,KAAK;AACvE,SAAO;;CAGT,IAAI,QAAQ,IAAI,KAAK,KAAK,SAAS,KAAK;AACxC,KAAI,KAAK,gBAAgB,KAAA,EAAW,UAAS,iBAAiB,KAAK;AACnE,KAAI,KAAK,kBAAkB,KAAA,EAAW,UAAS,mBAAmB,KAAK;AACvE,QAAO;;;;;;;;;;;;;;;;;;;AA4BT,SAAgB,wBACd,UACA,UACA,SACU;CACV,MAAM,SAAmB,EAAE;CAK3B,MAAM,2BAAW,IAAI,KAAa;CAElC,MAAM,OAAO,KAAa,WAAmB;AAC3C,MAAI,CAAC,SAAS,IAAI,IAAI,EAAE;AACtB,YAAS,IAAI,IAAI;AACjB,UAAO,KAAK,OAAO;;;AAKvB,MAAK,MAAM,OAAO,gBAAgB,UAAU,SAAS,CACnD,KAAI,KAAK,iBAAiB;EAAE,MAAM;EAAK,KAAK;EAAW,IAAI;EAAS,CAAC,CAAC;AAMxE,MAAK,MAAM,OAAO,SAAS,IAAI,cAAc,EAAE,CAC7C,KAAI,KAAK,iBAAiB;EAAE,MAAM;EAAK,KAAK;EAAW,IAAI;EAAS,CAAC,CAAC;AAIxE,MAAK,MAAM,QAAQ,kBAAkB,UAAU,SAAS,CACtD,KACE,KAAK,MACL,iBAAiB;EAAE,MAAM,KAAK;EAAM,KAAK;EAAW,IAAI;EAAQ,aAAa;EAAa,CAAC,CAC5F;AAIH,KAAI,CAAC,SAAS,OACZ,MAAK,MAAM,OAAO,2BAA2B,UAAU,SAAS,CAC9D,KAAI,KAAK,iBAAiB;EAAE,MAAM;EAAK,KAAK;EAAiB,CAAC,CAAC;AAInE,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AClIT,SAAgB,wBAA2B,QAA4B,IAAgB;AACrF,QAAO,oBAAoB,IAAI,QAAQ,GAAG;;;;;;;;;;AAW5C,SAAgB,kBAAkB,OAAuB;AACvD,KAAI,CAAC,MAAM,OAAQ;CACnB,MAAM,SAAS,oBAAoB,UAAU;AAC7C,KAAI,CAAC,OAAQ;AACb,KAAI;AACF,SAAO,MAAM;SACP;;;;;;;;;;;;;;;;ACwGV,eAAsB,iBAAiB,QAAqD;CAC1F,MAAM,EAAE,UAAU,YAAY,eAAe,2BAA2B;AAExE,KAAI,SAAS,WAAW,EACtB,OAAM,IAAI,MAAM,iDAAiD;CAGnE,MAAM,OAAO,SAAS,SAAS,SAAS;AAGxC,KAAI,KAAK,SAAS,CAAC,KAAK,KACtB,QAAO;EAAE,MAAM;EAAM,YAAY;EAAM;CAKzC,MAAM,iBADa,KAAK,OAAO,MAAM,WAAW,KAAK,KAAK,GAAG,OAC3B;AAElC,KAAI,CAAC,cACH,OAAM,IAAI,MACR,iDAAiD,KAAK,QAAQ,gDAE/D;CAIH,IAAI,UAAwB,cAAc,eAAe,EAAE,CAAC;AAG5D,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,UAAU,SAAS;AAGzB,YAAU,MAAM,wBACd,SACA,SACA,YACA,eACA,uBACD;AAGD,MAAI,QAAQ,QAAQ;GAElB,MAAM,YADe,MAAM,WAAW,QAAQ,OAAO,EACvB;AAC9B,aAAU,cAAc,sBAAsB;IAC5C;IACA,aAAa,QAAQ;IACrB,UAAU;IACX,CAA2B;;AAI9B,MAAI,QAAQ,QAAQ;GAElB,MAAM,mBADe,MAAM,WAAW,QAAQ,OAAO,EAChB;AAIrC,OAAI,iBAAiB;IAEnB,MAAM,YAA0C,EAAE;AAClD,QAAI,QAAQ,MAAM,OAAO,EACvB,MAAK,MAAM,CAAC,UAAU,aAAa,QAAQ,MACzC,WAAU,YAAY,MAAM,iBAC1B,UACA,YACA,eACA,uBACD;AAIL,cAAU,cAAc,iBAAiB;KACvC,GAAG;KACH,UAAU;KACX,CAAC;;;;AAKR,QAAO;EAAE,MAAM;EAAS,YAAY;EAAO;;;;;;;;AAW7C,eAAe,iBACb,UACA,YACA,eACA,wBACuB;CAGvB,MAAM,iBADa,SAAS,OAAO,MAAM,WAAW,SAAS,KAAK,GAAG,OACnC;CAIlC,MAAM,oBADgB,SAAS,UAAU,MAAM,WAAW,SAAS,QAAQ,GAAG,OACtC;AAKxC,KAAI,CAAC,cACH,QAAO,mBAAmB,cAAc,kBAAkB,EAAE,CAAC,GAAG;CAGlE,IAAI,UAAwB,cAAc,eAAe,EAAE,CAAC;AAG5D,WAAU,MAAM,wBACd,UACA,SACA,YACA,eACA,uBACD;AAGD,KAAI,SAAS,QAAQ;EAEnB,MAAM,YADe,MAAM,WAAW,SAAS,OAAO,EACxB;EAK9B,MAAM,mBADe,SAAS,SAAS,MAAM,WAAW,SAAS,OAAO,GAAG,OAE1D,WAAkE;EAEnF,MAAM,kBAAkB,mBAAmB,cAAc,kBAAkB,EAAE,CAAC,GAAG;AAEjF,YAAU,cAAc,2BAA2B;GACjD;GACA;GACA,UAAU,SAAS,YAAY,QAAQ,MAAM,GAAG;GAChD;GACA;GACA,UAAU;GACX,CAA+B;;AAGlC,QAAO;;;AAMT,IAAM,iBAAiB,IAAI,IAAI,CAAC,OAAO,KAAK,CAAC;;;;;;;AAQ7C,SAAS,UAAU,MAA0B;AAC3C,QAAO,eAAe,IAAI,KAAK,UAAU;;;;;;;;;;;;;;;;;;AAmB3C,eAAe,wBACb,SACA,SACA,YACA,eACA,wBACuB;AAIvB,KAAI,QAAQ,aAAa;AAEvB,OAAK,MAAM,CAAC,KAAK,SAAS,QAAQ,YAChC,KAAI,QAAQ,SAAS,QAAQ,OAAO;GAClC,MAAM,SAAS,SAAS,KAAK,GAAG;AAChC,OAAI,CAAC,MAAM,OAAO,EAAE;IAElB,MAAM,aADM,MAAM,WAAW,KAAK,EACZ;AACtB,QAAI,UAYF,WAAU,cAAc,wBAXF,UAAU,KAAK,GAChC;KACC,iBAAiB,cAAc,WAAW,EAAE,QAAQ,CAAC;KACrD;KACA,UAAU;KACX,GACA;KACC,mBAAmB;KACnB;KACA,UAAU;KACX,CACyD;;;AAOtE,OAAK,MAAM,CAAC,KAAK,SAAS,QAAQ,YAChC,KAAI,QAAQ,SAAS,QAAQ,OAAO;GAElC,MAAM,aADM,MAAM,WAAW,KAAK,EACZ;AACtB,OAAI,WAAW;IACb,MAAM,iBAAiB,QAAQ,QAAQ,MAAM;AAY7C,cAAU,cAAc,wBAXF,UAAU,KAAK,GAChC;KACC,iBAAiB,cAAc,WAAW,EAAE,CAAC;KAC7C,QAAQ;KACR,UAAU;KACX,GACA;KACC,mBAAmB;KACnB,QAAQ;KACR,UAAU;KACX,CACyD;;;;AAStE,KAAI,QAAQ,OAAO;EAEjB,MAAM,kBADc,MAAM,WAAW,QAAQ,MAAM,EAChB;AACnC,MAAI,eAUF,WAAU,cAAc,wBATF,UAAU,QAAQ,MAAM,GACzC;GACC,iBAAiB,cAAc,gBAAgB,EAAE,CAAC;GAClD,UAAU;GACX,GACA;GACC,mBAAmB;GACnB,UAAU;GACX,CACyD;;AAIlE,QAAO;;;;;;;;ACpVT,IAAM,wBAAgD;CACpD,aAAa;CACb,aAAa;CACb,gBAAgB;CACjB;;;;;;;;;;;;AAeD,SAAgB,kBACd,QACA,UACA,SAA2B,aACE;AAC7B,KAAI,UAAU,OAAO,UAAU,IAC7B,QAAO,WAAW,SAAS,eAAe,QAAQ,SAAS,GAAG,WAAW,QAAQ,SAAS;AAE5F,KAAI,UAAU,OAAO,UAAU,IAE7B,QAAO,WAAW,SAAS,eAAe,QAAQ,SAAS,GAAG,WAAW,QAAQ,SAAS;AAE5F,QAAO;;;;;;;;AAST,SAAS,WACP,QACA,UAC6B;CAC7B,MAAM,YAAY,OAAO,OAAO;AAGhC,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,UAAU,SAAS;AACzB,MAAI,CAAC,QAAQ,YAAa;EAG1B,MAAM,QAAQ,QAAQ,YAAY,IAAI,UAAU;AAChD,MAAI,MACF,QAAO;GAAE,MAAM;GAAO;GAAQ,MAAM;GAAS,cAAc;GAAG;EAIhE,MAAM,WAAW,QAAQ,YAAY,IAAI,MAAM;AAC/C,MAAI,SACF,QAAO;GAAE,MAAM;GAAU;GAAQ,MAAM;GAAY,cAAc;GAAG;;AAKxE,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,UAAU,SAAS;AACzB,MAAI,CAAC,QAAQ,kBAAmB;AAEhC,OAAK,MAAM,CAAC,MAAM,iBAAiB,OAAO,QAAQ,sBAAsB,CACtE,KAAI,iBAAiB,QAAQ;GAC3B,MAAM,OAAO,QAAQ,kBAAkB,IAAI,KAAK;AAChD,OAAI,KACF,QAAO;IAAE;IAAM;IAAQ,MAAM;IAAU,cAAc;IAAG;;;AAOhE,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,IACxC,KAAI,SAAS,GAAG,MACd,QAAO;EAAE,MAAM,SAAS,GAAG;EAAQ;EAAQ,MAAM;EAAS,cAAc;EAAG;AAI/E,QAAO;;;;;;;AAQT,SAAS,eACP,QACA,UAC6B;CAC7B,MAAM,YAAY,OAAO,OAAO;AAEhC,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,UAAU,SAAS;AACzB,MAAI,CAAC,QAAQ,gBAAiB;EAG9B,MAAM,QAAQ,QAAQ,gBAAgB,IAAI,UAAU;AACpD,MAAI,MACF,QAAO;GAAE,MAAM;GAAO;GAAQ,MAAM;GAAS,cAAc;GAAG;EAIhE,MAAM,WAAW,QAAQ,gBAAgB,IAAI,MAAM;AACnD,MAAI,SACF,QAAO;GAAE,MAAM;GAAU;GAAQ,MAAM;GAAY,cAAc;GAAG;;AAIxE,QAAO;;;;;;AAOT,SAAS,WACP,QACA,UAC6B;CAC7B,MAAM,YAAY,OAAO,OAAO;AAEhC,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,UAAU,SAAS;AAGzB,MAAI,QAAQ,aAAa;GACvB,MAAM,QAAQ,QAAQ,YAAY,IAAI,UAAU;AAChD,OAAI,MACF,QAAO;IAAE,MAAM;IAAO;IAAQ,MAAM;IAAS,cAAc;IAAG;GAIhE,MAAM,WAAW,QAAQ,YAAY,IAAI,MAAM;AAC/C,OAAI,SACF,QAAO;IAAE,MAAM;IAAU;IAAQ,MAAM;IAAY,cAAc;IAAG;;AAKxE,MAAI,QAAQ,MACV,QAAO;GAAE,MAAM,QAAQ;GAAO;GAAQ,MAAM;GAAS,cAAc;GAAG;;AAI1E,QAAO;;;;;;;AAQT,SAAS,eACP,QACA,UAC6B;CAC7B,MAAM,YAAY,OAAO,OAAO;AAEhC,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,UAAU,SAAS;AACzB,MAAI,CAAC,QAAQ,gBAAiB;EAE9B,MAAM,QAAQ,QAAQ,gBAAgB,IAAI,UAAU;AACpD,MAAI,MACF,QAAO;GAAE,MAAM;GAAO;GAAQ,MAAM;GAAS,cAAc;GAAG;EAGhE,MAAM,WAAW,QAAQ,gBAAgB,IAAI,MAAM;AACnD,MAAI,SACF,QAAO;GAAE,MAAM;GAAU;GAAQ,MAAM;GAAY,cAAc;GAAG;;AAIxE,QAAO;;;;;;;;;;AAaT,SAAgB,kBAAkB,UAAoD;CACpF,MAAM,WAAW,SAAS,YAAY,QAAQ,MAAM,GAAG;AAEvD,KAAI,SAAS,OACX,QAAO;EAAE,MAAM,SAAS;EAAQ;EAAU,MAAM;EAAU;AAG5D,KAAI,SAAS,QACX,QAAO;EAAE,MAAM,SAAS;EAAS;EAAU,MAAM;EAAW;AAG9D,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACjMT,eAAsB,cACpB,UACA,UAAwB,EAAE,EACJ;CACtB,MAAM,EAAE,kBAAkB,IAAI,SAAS,EAAE,gBAAgB,QAAQ;CAEjE,IAAI;AAIJ,KAAI;AACF,iBAAe,MAAM,UAAU;UACxB,OAAO;AACd,SAAO,aAAa,OAAO,gBAAgB;;AAK7C,KAAI;AACF,QAAM,aAAa;UACZ,OAAO;AACd,SAAO,aAAa,OAAO,gBAAgB;;AAI7C,iBAAgB,IAAI,gBAAgB,2BAA2B;AAE/D,QAAO;EACL,UAAU,IAAI,SAAS,aAAa,QAAQ;GAC1C,QAAQ;GACR,SAAS;GACV,CAAC;EACF,QAAQ;EACR,YAAY;EACZ,UAAU;EACX;;;;;AAQH,SAAS,aAAa,OAAgB,iBAAuC;AAE3E,KAAI,iBAAiB,gBAAgB;AACnC,kBAAgB,IAAI,YAAY,MAAM,SAAS;AAC/C,SAAO;GACL,UAAU,IAAI,SAAS,MAAM;IAC3B,QAAQ,MAAM;IACd,SAAS;IACV,CAAC;GACF,QAAQ,MAAM;GACd,YAAY;GACZ,UAAU;GACX;;AAIH,KAAI,iBAAiB,WACnB,QAAO;EACL,UAAU,IAAI,SAAS,MAAM;GAC3B,QAAQ,MAAM;GACd,SAAS;GACV,CAAC;EACF,QAAQ,MAAM;EACd,YAAY;EACZ,UAAU;EACX;AAIH,KAAI,iBAAiB,YACnB,QAAO;EACL,UAAU,IAAI,SAAS,MAAM;GAC3B,QAAQ,MAAM;GACd,SAAS;GACV,CAAC;EACF,QAAQ,MAAM;EACd,YAAY;EACZ,UAAU;EACX;AAIH,gBAAe;EAAE,QAAQ;EAAI,MAAM;EAAI;EAAO,CAAC;AAC/C,QAAO;EACL,UAAU,IAAI,SAAS,MAAM;GAC3B,QAAQ;GACR,SAAS;GACV,CAAC;EACF,QAAQ;EACR,YAAY;EACZ,UAAU;EACX;;;;;AC5JH,IAAM,eAAe,IAAI,IAAI;CAAC;CAAO;CAAQ;CAAU,CAAC;;;;;;;;;;;AAcxD,SAAgB,aAAa,KAAc,QAAgC;AAEzE,KAAI,aAAa,IAAI,IAAI,OAAO,CAC9B,QAAO,EAAE,IAAI,MAAM;AAIrB,KAAI,OAAO,SAAS,MAClB,QAAO,EAAE,IAAI,MAAM;CAGrB,MAAM,SAAS,IAAI,QAAQ,IAAI,SAAS;AAGxC,KAAI,CAAC,OACH,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;AAInC,KAAI,OAAO,eAET,QADgB,OAAO,eAAe,SAAS,OAAO,GACrC,EAAE,IAAI,MAAM,GAAG;EAAE,IAAI;EAAO,QAAQ;EAAK;CAI5D,MAAM,OAAO,IAAI,QAAQ,IAAI,OAAO;AACpC,KAAI,CAAC,KACH,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;CAInC,IAAI;AACJ,KAAI;AACF,eAAa,IAAI,IAAI,OAAO,CAAC;SACvB;AACN,SAAO;GAAE,IAAI;GAAO,QAAQ;GAAK;;AAGnC,QAAO,eAAe,OAAO,EAAE,IAAI,MAAM,GAAG;EAAE,IAAI;EAAO,QAAQ;EAAK;;;;AC5DxE,IAAM,KAAK;AACX,IAAM,KAAK,OAAO;AAClB,IAAM,KAAK,OAAO;AAElB,IAAa,iBAAiB;CAC5B,gBAAgB,IAAI;CACpB,gBAAgB,KAAK;CACrB,WAAW;CACZ;AAED,IAAM,eAAe;;AAGrB,SAAgB,cAAc,MAAsB;CAClD,MAAM,QAAQ,aAAa,KAAK,KAAK,MAAM,CAAC;AAC5C,KAAI,CAAC,MACH,OAAM,IAAI,MACR,8BAA8B,KAAK,oDACpC;CAGH,MAAM,QAAQ,OAAO,WAAW,MAAM,GAAG;CACzC,MAAM,QAAQ,MAAM,MAAM,IAAI,aAAa;AAE3C,SAAQ,MAAR;EACE,KAAK,KACH,QAAO,KAAK,MAAM,QAAQ,GAAG;EAC/B,KAAK,KACH,QAAO,KAAK,MAAM,QAAQ,GAAG;EAC/B,KAAK,KACH,QAAO,KAAK,MAAM,QAAQ,GAAG;EAC/B,KAAK,GACH,QAAO,KAAK,MAAM,MAAM;EAC1B,QACE,OAAM,IAAI,MAAM,uBAAuB,KAAK,GAAG;;;;AAKrD,SAAgB,kBACd,KACA,MACA,QACiB;CACjB,MAAM,gBAAgB,IAAI,QAAQ,IAAI,iBAAiB;AACvD,KAAI,CAAC,cAGH,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;CAGnC,MAAM,WAAW,OAAO,SAAS,eAAe,GAAG;AACnD,KAAI,OAAO,MAAM,SAAS,CACxB,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;AAInC,QAAO,YADO,aAAa,MAAM,OAAO,GACb,EAAE,IAAI,MAAM,GAAG;EAAE,IAAI;EAAO,QAAQ;EAAK;;;;;AAetE,SAAS,aAAa,MAAgB,QAAkC;CACtE,MAAM,aAAa,OAAO;AAE1B,KAAI,SAAS,SACX,QAAO,YAAY,iBACf,cAAc,WAAW,eAAe,GACxC,eAAe;AAGrB,QAAO,YAAY,iBACf,cAAc,WAAW,eAAe,GACxC,eAAe;;;;;ACzErB,IAAM,eAA6B;CAAC;CAAO;CAAQ;CAAO;CAAS;CAAU;CAAQ;CAAU;;;;;;;;;AAY/F,SAAgB,sBAAsB,KAAgC;CACpE,MAAM,UAAwB,EAAE;AAEhC,MAAK,MAAM,UAAU,cAAc;AACjC,MAAI,WAAW,UAAU,WAAW,UAAW;AAC/C,MAAI,IAAI,QACN,SAAQ,KAAK,OAAO;;AAKxB,KAAI,IAAI,OAAO,CAAC,IAAI,KAClB,SAAQ,KAAK,OAAO;UACX,IAAI,KACb,SAAQ,KAAK,OAAO;AAItB,KAAI,CAAC,IAAI,QACP,SAAQ,KAAK,UAAU;KAEvB,SAAQ,KAAK,UAAU;AAGzB,QAAO;;;;;;;;AAWT,eAAsB,mBAAmB,KAAkB,KAAsC;CAC/F,MAAM,SAAS,IAAI,IAAI,OAAO,aAAa;CAE3C,MAAM,cADU,sBAAsB,IAAI,CACd,KAAK,KAAK;AAGtC,KAAI,WAAW,WAAW;AACxB,MAAI,IAAI,QACN,QAAO,WAAW,IAAI,SAAS,IAAI;AAErC,SAAO,IAAI,SAAS,MAAM;GACxB,QAAQ;GACR,SAAS,EAAE,OAAO,aAAa;GAChC,CAAC;;AAIJ,KAAI,WAAW,QAAQ;AACrB,MAAI,IAAI,KACN,QAAO,WAAW,IAAI,MAAM,IAAI;AAElC,MAAI,IAAI,KAAK;GACX,MAAM,MAAM,MAAM,WAAW,IAAI,KAAK,IAAI;AAE1C,UAAO,IAAI,SAAS,MAAM;IACxB,QAAQ,IAAI;IACZ,SAAS,IAAI;IACd,CAAC;;;CAKN,MAAM,UAAU,IAAI;AACpB,KAAI,CAAC,QACH,QAAO,IAAI,SAAS,MAAM;EACxB,QAAQ;EACR,SAAS,EAAE,OAAO,aAAa;EAChC,CAAC;AAGJ,QAAO,WAAW,SAAS,IAAI;;;;;AAMjC,eAAe,WAAW,SAAuB,KAAsC;AACrF,KAAI;AAEF,SAAO,qBADK,MAAM,QAAQ,IAAI,EACG,IAAI,QAAQ;UACtC,OAAO;AACd,gBAAc;GAAE,QAAQ,IAAI,IAAI;GAAQ,MAAM,IAAI,IAAI,IAAI,IAAI,IAAI,CAAC;GAAU;GAAO,CAAC;AACrF,SAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;;;;;;;AAS9C,SAAS,qBAAqB,KAAe,YAA+B;CAE1E,IAAI,gBAAgB;AACpB,YAAW,cAAc;AACvB,kBAAgB;GAChB;AACF,KAAI,CAAC,cAAe,QAAO;CAM3B,MAAM,SAAS,IAAI,SAAS;AAC5B,YAAW,SAAS,OAAO,QAAQ;AACjC,MAAI,IAAI,aAAa,KAAK,aACxB,QAAO,OAAO,KAAK,MAAM;MAEzB,QAAO,IAAI,KAAK,MAAM;GAExB;CAGF,MAAM,aAAa,IAAI,QAAQ,cAAc;AAC7C,MAAK,MAAM,UAAU,WACnB,QAAO,OAAO,cAAc,OAAO;AAErC,KAAI,QAAQ,SAAS,OAAO,QAAQ;AAClC,MAAI,IAAI,aAAa,KAAK,aACxB,QAAO,IAAI,KAAK,MAAM;GAExB;AAEF,QAAO,IAAI,SAAS,IAAI,MAAM;EAC5B,QAAQ,IAAI;EACZ,YAAY,IAAI;EAChB,SAAS;EACV,CAAC;;;;;;;;;;;;;;;;;;;AC3JJ,IAAa,qBAAb,cAAwC,MAAM;CAC5C;CAEA,YAAY,WAAmB,SAAkB;EAC/C,MAAM,UAAU,UACZ,wBAAwB,UAAU,MAAM,YACxC,wBAAwB,UAAU;AACtC,QAAM,QAAQ;AACd,OAAK,OAAO;AACZ,OAAK,YAAY"}
1	+ {"version":3,"file":"internal.js","names":[],"sources":["../../src/server/canonicalize.ts","../../src/server/proxy.ts","../../src/server/middleware-runner.ts","../../src/server/server-timing.ts","../../src/server/error-formatter.ts","../../src/server/default-logger.ts","../../src/server/logger.ts","../../src/server/instrumentation.ts","../../src/server/metadata-social.ts","../../src/server/metadata-platform.ts","../../src/server/metadata-render.ts","../../src/server/metadata.ts","../../src/server/safe-load.ts","../../src/server/deny-page-resolver.ts","../../src/server/access-gate.tsx","../../src/server/route-element-builder.ts","../../src/server/version-skew.ts","../../src/server/pipeline-metadata.ts","../../src/server/pipeline-interception.ts","../../src/server/pipeline.ts","../../src/server/build-manifest.ts","../../src/server/early-hints.ts","../../src/server/early-hints-sender.ts","../../src/server/tree-builder.ts","../../src/server/status-code-resolver.ts","../../src/server/flush.ts","../../src/server/csrf.ts","../../src/server/body-limits.ts","../../src/server/route-handler.ts","../../src/server/render-timeout.ts"],"sourcesContent":["/*\n URL canonicalization — runs once at the request boundary.\n \n Every layer (proxy.ts, middleware.ts, access.ts, components) sees the same\n * canonical path. No re-decoding occurs at any later stage.\n \n See design/07-routing.md §\"URL Canonicalization & Security\"\n /\n\n/* Result of canonicalization — either a clean path or a rejection. /\nexport type CanonicalizeResult = { ok: true; pathname: string } \| { ok: false; status: 400 };\n\n/\n Encoded separators that produce a 400 rejection.\n * %2f (/) and %5c (\\) cause path-confusion attacks.\n /\nconst ENCODED_SEPARATOR_RE = /%2f\|%5c/i;\n\n/* Null byte — rejected. /\nconst NULL_BYTE_RE = /%00/i;\n\n/\n Canonicalize a URL pathname.\n \n 1. Reject encoded separators (%2f, %5c) and null bytes (%00)\n * 2. Single percent-decode\n * 3. Collapse // → /\n * 4. Resolve .. segments (reject if escaping root)\n * 5. Strip trailing slash (except root \"/\")\n \n @param rawPathname - The raw pathname from the request URL (percent-encoded)\n * @param stripTrailingSlash - Whether to strip trailing slashes. Default: true.\n /\nexport function canonicalize(rawPathname: string, stripTrailingSlash = true): CanonicalizeResult {\n // Step 1: Reject dangerous encoded sequences BEFORE decoding.\n // This must happen on the raw input so %252f doesn't bypass after a single decode.\n if (ENCODED_SEPARATOR_RE.test(rawPathname)) {\n return { ok: false, status: 400 };\n }\n if (NULL_BYTE_RE.test(rawPathname)) {\n return { ok: false, status: 400 };\n }\n\n // Step 2: Single percent-decode.\n // Double-encoded input (%2561 → %61) stays as %61 — not decoded again.\n let decoded: string;\n try {\n decoded = decodeURIComponent(rawPathname);\n } catch {\n // Malformed percent-encoding → 400\n return { ok: false, status: 400 };\n }\n\n // Reject null bytes that appeared after decoding (from valid %00-like sequences\n // that weren't caught above — belt and suspenders).\n if (decoded.includes('\\0')) {\n return { ok: false, status: 400 };\n }\n\n // Backslash is NOT a path separator — keep as literal character.\n // But reject if it would create // after normalization (e.g., /\\evil.com).\n // We do NOT convert \\ to / — it stays as a literal.\n\n // Step 3: Collapse consecutive slashes.\n let pathname = decoded.replace(/\\/\\/+/g, '/');\n\n // Step 4: Resolve .. and . segments.\n const segments = pathname.split('/');\n const resolved: string[] = [];\n for (const seg of segments) {\n if (seg === '..') {\n if (resolved.length <= 1) {\n // Trying to escape root — 400\n return { ok: false, status: 400 };\n }\n resolved.pop();\n } else if (seg !== '.') {\n resolved.push(seg);\n }\n }\n\n pathname = resolved.join('/') \|\| '/';\n\n // Step 5: Strip trailing slash (except root \"/\").\n if (stripTrailingSlash && pathname.length > 1 && pathname.endsWith('/')) {\n pathname = pathname.slice(0, -1);\n }\n\n return { ok: true, pathname };\n}\n","/\n Proxy runner — executes app/proxy.ts before route matching.\n \n Supports two forms:\n * - Function: (req, next) => Promise<Response>\n * - Array: middleware functions composed left-to-right\n \n See design/07-routing.md §\"proxy.ts — Global Middleware\"\n /\n\n/* Signature for a single proxy middleware function. /\nexport type ProxyFn = (req: Request, next: () => Promise<Response>) => Response \| Promise<Response>;\n\n/* The proxy.ts default export — either a function or an array of functions. /\nexport type ProxyExport = ProxyFn \| ProxyFn[];\n\n/\n Run the proxy pipeline.\n \n @param proxyExport - The default export from proxy.ts (function or array)\n * @param req - The incoming request\n * @param next - The continuation that proceeds to route matching and rendering\n * @returns The final response\n /\nexport async function runProxy(\n proxyExport: ProxyExport,\n req: Request,\n next: () => Promise<Response>\n): Promise<Response> {\n const fns = Array.isArray(proxyExport) ? proxyExport : [proxyExport];\n\n // Compose left-to-right: first item's next() calls the second, etc.\n // The last item's next() calls the original `next` (route matching + render).\n let i = fns.length;\n let composed = next;\n while (i--) {\n const fn = fns[i]!;\n const downstream = composed;\n composed = () => Promise.resolve(fn(req, downstream));\n }\n\n return composed();\n}\n","/\n Middleware runner — executes a route's middleware.ts chain before rendering.\n \n All middleware.ts files in the segment chain run, root to leaf (top-down).\n * The first middleware that returns a Response short-circuits the chain.\n * There is no next() — each middleware is independent.\n \n See design/07-routing.md §\"middleware.ts\"\n /\n\nimport type { MiddlewareContext } from './types.js';\n\n/* Signature of a middleware.ts default export. /\nexport type MiddlewareFn = (ctx: MiddlewareContext) => Response \| void \| Promise<Response \| void>;\n\n/\n Run a route's middleware function.\n \n @param middlewareFn - The default export from the route's middleware.ts\n * @param ctx - The middleware context (req, params, headers, requestHeaders, searchParams)\n * @returns A Response if middleware short-circuited, or undefined to continue\n /\nexport async function runMiddleware(\n middlewareFn: MiddlewareFn,\n ctx: MiddlewareContext\n): Promise<Response \| undefined> {\n const result = await middlewareFn(ctx);\n if (result instanceof Response) {\n return result;\n }\n return undefined;\n}\n\n/\n Run all middleware functions in the segment chain, root to leaf.\n \n Execution is top-down: root middleware runs first, leaf middleware runs last.\n * All middleware share the same MiddlewareContext — a parent that sets\n * ctx.requestHeaders makes it visible to child middleware and downstream components.\n \n Short-circuits on the first middleware that returns a Response.\n * Remaining middleware in the chain do not execute.\n \n @param chain - Middleware functions ordered root-to-leaf\n * @param ctx - Shared middleware context\n * @returns A Response if any middleware short-circuited, or undefined to continue\n /\nexport async function runMiddlewareChain(\n chain: MiddlewareFn[],\n ctx: MiddlewareContext\n): Promise<Response \| undefined> {\n for (const fn of chain) {\n const result = await fn(ctx);\n if (result instanceof Response) {\n return result;\n }\n }\n return undefined;\n}\n","/\n Server-Timing header — dev-mode timing breakdowns for Chrome DevTools.\n \n Collects timing entries per request using ALS. Each pipeline phase\n * (proxy, middleware, render, SSR, access, fetch) records an entry.\n * Before response flush, entries are formatted into a Server-Timing header.\n \n Only active in dev mode — zero overhead in production.\n \n See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Server-Timing\n * Task: LOCAL-290\n /\n\nimport { timingAls } from './als-registry.js';\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\nexport interface TimingEntry {\n /* Metric name (alphanumeric + hyphens, no spaces). /\n name: string;\n /* Duration in milliseconds. /\n dur: number;\n /* Human-readable description (shown in DevTools). /\n desc?: string;\n}\n\n// ─── Public API ───────────────────────────────────────────────────────────\n\n/\n Run a callback with a per-request timing collector.\n * Must be called at the top of the request pipeline (wraps the full request).\n /\nexport function runWithTimingCollector<T>(fn: () => T): T {\n return timingAls.run({ entries: [] }, fn);\n}\n\n/\n Record a timing entry for the current request.\n * No-ops if called outside a timing collector (e.g. in production).\n /\nexport function recordTiming(entry: TimingEntry): void {\n const store = timingAls.getStore();\n if (!store) return;\n store.entries.push(entry);\n}\n\n/\n Run a function and automatically record its duration as a timing entry.\n * Returns the function's result. No-ops the recording if outside a collector.\n /\nexport async function withTiming<T>(\n name: string,\n desc: string \| undefined,\n fn: () => T \| Promise<T>\n): Promise<T> {\n const store = timingAls.getStore();\n if (!store) return fn();\n\n const start = performance.now();\n try {\n return await fn();\n } finally {\n const dur = Math.round(performance.now() - start);\n store.entries.push({ name, dur, desc });\n }\n}\n\n/\n Get the Server-Timing header value for the current request.\n * Returns null if no entries exist or outside a collector.\n \n Format: `name;dur=123;desc=\"description\", name2;dur=456`\n * See RFC 6797 / Server-Timing spec for format details.\n /\nexport function getServerTimingHeader(): string \| null {\n const store = timingAls.getStore();\n if (!store \|\| store.entries.length === 0) return null;\n\n // Deduplicate names — if a name appears multiple times, suffix with index\n const nameCounts = new Map<string, number>();\n const entries = store.entries.map((entry) => {\n const count = nameCounts.get(entry.name) ?? 0;\n nameCounts.set(entry.name, count + 1);\n const uniqueName = count > 0 ? `${entry.name}-${count}` : entry.name;\n return { ...entry, name: uniqueName };\n });\n\n const parts = entries.map((entry) => {\n let part = `${entry.name};dur=${entry.dur}`;\n if (entry.desc) {\n // Escape quotes in desc per Server-Timing spec\n const safeDesc = entry.desc.replace(/\\\\/g, '\\\\\\\\').replace(/\"/g, '\\\\\"');\n part += `;desc=\"${safeDesc}\"`;\n }\n return part;\n });\n\n // Respect header size limits — browsers typically handle up to 8KB headers.\n // Truncate if the header exceeds 4KB to leave room for other headers.\n const MAX_HEADER_SIZE = 4096;\n let result = '';\n for (let i = 0; i < parts.length; i++) {\n const candidate = result ? `${result}, ${parts[i]}` : parts[i]!;\n if (candidate.length > MAX_HEADER_SIZE) break;\n result = candidate;\n }\n\n return result \|\| null;\n}\n\n/\n Sanitize a URL for use in Server-Timing desc.\n * Strips query params and truncates long paths to avoid information leakage.\n /\nexport function sanitizeUrlForTiming(url: string): string {\n try {\n const parsed = new URL(url);\n const origin = parsed.host;\n let path = parsed.pathname;\n // Truncate long paths\n if (path.length > 50) {\n path = path.slice(0, 47) + '...';\n }\n return `${origin}${path}`;\n } catch {\n // Not a valid URL — truncate raw string\n if (url.length > 60) {\n return url.slice(0, 57) + '...';\n }\n return url;\n }\n}\n","/\n Error Formatter — rewrites SSR/RSC error messages to surface user code.\n \n When React or Vite throw errors during SSR, stack traces reference\n * vendored dependency paths (e.g. `.vite/deps_ssr/@vitejs_plugin-rsc_vendor_...`)\n * and mangled export names (`__vite_ssr_export_default__`). This module\n * rewrites error messages and stack traces to point at user code instead.\n \n Dev-only — in production, errors go through the structured logger\n * without formatting.\n /\n\n// ─── Stack Trace Rewriting ──────────────────────────────────────────────────\n\n/\n Patterns that identify internal Vite/RSC vendor paths in stack traces.\n * These are replaced with human-readable labels.\n /\nconst VENDOR_PATH_PATTERNS: Array<{ pattern: RegExp; replacement: string }> = [\n {\n pattern: /node_modules\\/\\.vite\\/deps_ssr\\/@vitejs_plugin-rsc_vendor_react-server-dom[^\\s)]+/g,\n replacement: '<react-server-dom>',\n },\n {\n pattern: /node_modules\\/\\.vite\\/deps_ssr\\/@vitejs_plugin-rsc_vendor[^\\s)]+/g,\n replacement: '<rsc-vendor>',\n },\n {\n pattern: /node_modules\\/\\.vite\\/deps_ssr\\/[^\\s)]+/g,\n replacement: '<vite-dep>',\n },\n {\n pattern: /node_modules\\/\\.vite\\/deps\\/[^\\s)]+/g,\n replacement: '<vite-dep>',\n },\n];\n\n/\n Patterns that identify Vite-mangled export names in error messages.\n /\nconst MANGLED_NAME_PATTERNS: Array<{ pattern: RegExp; replacement: string }> = [\n {\n pattern: /__vite_ssr_export_default__/g,\n replacement: '<default export>',\n },\n {\n pattern: /__vite_ssr_export_(\\w+)__/g,\n replacement: '<export $1>',\n },\n];\n\n/\n Rewrite an error's message and stack to replace internal Vite paths\n * and mangled names with human-readable labels.\n /\nexport function formatSsrError(error: unknown): string {\n if (!(error instanceof Error)) {\n return String(error);\n }\n\n let message = error.message;\n let stack = error.stack ?? '';\n\n // Rewrite mangled names in the message\n for (const { pattern, replacement } of MANGLED_NAME_PATTERNS) {\n message = message.replace(pattern, replacement);\n }\n\n // Rewrite vendor paths in the stack\n for (const { pattern, replacement } of VENDOR_PATH_PATTERNS) {\n stack = stack.replace(pattern, replacement);\n }\n\n // Rewrite mangled names in the stack too\n for (const { pattern, replacement } of MANGLED_NAME_PATTERNS) {\n stack = stack.replace(pattern, replacement);\n }\n\n // Extract hints from React-specific error patterns\n const hint = extractErrorHint(error.message);\n\n // Build formatted output: cleaned message, hint (if any), then cleaned stack\n const parts: string[] = [];\n parts.push(message);\n if (hint) {\n parts.push(` → ${hint}`);\n }\n\n // Include only the user-code frames from the stack (skip the first line\n // which is the message itself, and filter out vendor-only frames)\n const userFrames = extractUserFrames(stack);\n if (userFrames.length > 0) {\n parts.push('');\n parts.push(' User code in stack:');\n for (const frame of userFrames) {\n parts.push(` ${frame}`);\n }\n }\n\n return parts.join('\\n');\n}\n\n// ─── Error Hint Extraction ──────────────────────────────────────────────────\n\n/\n Extract a human-readable hint from common React/RSC error messages.\n \n React error messages contain useful information but the surrounding\n * context (vendor paths, mangled names) obscures it. This extracts the\n * actionable part as a one-line hint.\n /\nfunction extractErrorHint(message: string): string \| null {\n // \"Functions cannot be passed directly to Client Components\"\n // Extract the component and prop name from the JSX-like syntax in the message\n const fnPassedMatch = message.match(/Functions cannot be passed directly to Client Components/);\n if (fnPassedMatch) {\n // Try to extract the prop name from the message\n // React formats: <... propName={function ...} ...>\n const propMatch = message.match(/<[^>]?\\s(\\w+)=\\{function/);\n if (propMatch) {\n return `Prop \"${propMatch[1]}\" is a function — mark it \"use server\" or call it before passing`;\n }\n return 'A function prop was passed to a Client Component — mark it \"use server\" or call it before passing';\n }\n\n // \"Objects are not valid as a React child\"\n if (message.includes('Objects are not valid as a React child')) {\n return 'An object was rendered as JSX children — convert to string or extract the value';\n }\n\n // \"Cannot read properties of undefined/null\"\n const nullRefMatch = message.match(\n /Cannot read propert(?:y\|ies) of (undefined\|null) \$reading '(\\w+)'\$/\n );\n if (nullRefMatch) {\n return `Accessed .${nullRefMatch[2]} on ${nullRefMatch[1]} — check that the value exists`;\n }\n\n // \"X is not a function\"\n const notFnMatch = message.match(/(\\w+) is not a function/);\n if (notFnMatch) {\n return `\"${notFnMatch[1]}\" is not a function — check imports and exports`;\n }\n\n // \"Element type is invalid\"\n if (message.includes('Element type is invalid')) {\n return 'A component resolved to undefined/null — check default exports and import paths';\n }\n\n // \"Invalid hook call\" — hooks called outside React's render context.\n // In RSC, this typically means a 'use client' component was executed as a\n // server component instead of being serialized as a client reference.\n if (message.includes('Invalid hook call')) {\n return (\n 'A hook was called outside of a React component render. ' +\n \"If this is a 'use client' component, ensure the directive is at the very top of the file \" +\n '(before any imports) and that @vitejs/plugin-rsc is loaded correctly. ' +\n \"Barrel re-exports from non-'use client' files do not propagate the directive.\"\n );\n }\n\n return null;\n}\n\n// ─── Stack Frame Filtering ──────────────────────────────────────────────────\n\n/*\n Extract stack frames that reference user code (not node_modules,\n * not framework internals).\n \n Returns at most 5 frames to keep output concise.\n /\nfunction extractUserFrames(stack: string): string[] {\n const lines = stack.split('\\n');\n const userFrames: string[] = [];\n\n for (const line of lines) {\n const trimmed = line.trim();\n // Skip non-frame lines\n if (!trimmed.startsWith('at ')) continue;\n // Skip node_modules, vendor, and internal frames\n if (\n trimmed.includes('node_modules') \|\|\n trimmed.includes('<react-server-dom>') \|\|\n trimmed.includes('<rsc-vendor>') \|\|\n trimmed.includes('<vite-dep>') \|\|\n trimmed.includes('node:internal')\n ) {\n continue;\n }\n userFrames.push(trimmed);\n if (userFrames.length >= 5) break;\n }\n\n return userFrames;\n}\n","/\n DefaultLogger — human-readable stderr logging when no custom logger is configured.\n \n Ships as the fallback so production deployments always have error visibility,\n * even without an `instrumentation.ts` logger export. Output is one line per\n * event, designed for `fly logs`, `kubectl logs`, Cloudflare dashboard tails, etc.\n \n Format:\n * [timber] ERROR message key=value key=value trace_id=4bf92f35\n * [timber] WARN message key=value key=value trace_id=4bf92f35\n * [timber] INFO message method=GET path=/dashboard status=200 durationMs=43 trace_id=4bf92f35\n \n Behavior:\n * - Suppressed entirely in dev mode (dev logging handles all output)\n * - `debug` suppressed unless TIMBER_DEBUG is set\n * - Replaced entirely when a custom logger is set via `setLogger()`\n \n See design/17-logging.md §\"DefaultLogger\"\n /\n\nimport { isDevMode, isDebug } from './debug.js';\nimport { formatSsrError } from './error-formatter.js';\nimport type { TimberLogger } from './logger.js';\n\n/\n Format data fields as `key=value` pairs for human-readable output.\n * - `error` key is serialized via formatSsrError for stack trace cleanup\n * - `trace_id` is truncated to 8 chars for readability (full ID in OTEL)\n * - Other values are stringified inline\n /\nfunction formatDataFields(data?: Record<string, unknown>): string {\n if (!data) return '';\n\n const parts: string[] = [];\n let traceId: string \| undefined;\n\n for (const [key, value] of Object.entries(data)) {\n if (key === 'trace_id') {\n // Defer trace_id to the end\n traceId = typeof value === 'string' ? value : String(value);\n continue;\n }\n if (key === 'error') {\n // Serialize errors with formatSsrError for clean output\n parts.push(`error=${formatSsrError(value)}`);\n continue;\n }\n if (value === undefined \|\| value === null) continue;\n parts.push(`${key}=${value}`);\n }\n\n // trace_id always last, truncated to 8 chars for readability\n if (traceId) {\n parts.push(`trace_id=${traceId.slice(0, 8)}`);\n }\n\n return parts.length > 0 ? ' ' + parts.join(' ') : '';\n}\n\n/* Pad level string to fixed width for alignment. /\nfunction padLevel(level: string): string {\n return level.padEnd(5);\n}\n\nexport function createDefaultLogger(): TimberLogger {\n return {\n error(msg: string, data?: Record<string, unknown>): void {\n // Errors are ALWAYS logged, including dev mode. Suppressing errors\n // in dev causes silent 500s with no stack trace, making route.ts\n // and render errors impossible to debug. See TIM-555.\n const fields = formatDataFields(data);\n process.stderr.write(`[timber] ${padLevel('ERROR')} ${msg}${fields}\\n`);\n },\n\n warn(msg: string, data?: Record<string, unknown>): void {\n // Warnings are always logged — same rationale as errors.\n const fields = formatDataFields(data);\n process.stderr.write(`[timber] ${padLevel('WARN')} ${msg}${fields}\\n`);\n },\n\n info(msg: string, data?: Record<string, unknown>): void {\n // info is suppressed by default — per-request lines are too noisy\n // without a custom logger. Enable with TIMBER_DEBUG.\n if (isDevMode()) return;\n if (!isDebug()) return;\n const fields = formatDataFields(data);\n process.stderr.write(`[timber] ${padLevel('INFO')} ${msg}${fields}\\n`);\n },\n\n debug(msg: string, data?: Record<string, unknown>): void {\n // debug is suppressed in dev (dev logger handles it) and in\n // production unless TIMBER_DEBUG is explicitly set.\n if (isDevMode()) return;\n if (!isDebug()) return;\n const fields = formatDataFields(data);\n process.stderr.write(`[timber] ${padLevel('DEBUG')} ${msg}${fields}\\n`);\n },\n };\n}\n","/\n Logger — structured logging with environment-aware formatting.\n \n timber.js ships a DefaultLogger that writes human-readable lines to stderr\n * in production. Users can export a custom logger from instrumentation.ts to\n * replace it with pino, winston, or any TimberLogger-compatible object.\n \n See design/17-logging.md §\"Production Logging\"\n /\n\nimport { getTraceStore } from './tracing.js';\nimport { createDefaultLogger } from './default-logger.js';\n\n// ─── Logger Interface ─────────────────────────────────────────────────────\n\n/* Any object with standard log methods satisfies this — pino, winston, consola, console. /\nexport interface TimberLogger {\n info(msg: string, data?: Record<string, unknown>): void;\n warn(msg: string, data?: Record<string, unknown>): void;\n error(msg: string, data?: Record<string, unknown>): void;\n debug(msg: string, data?: Record<string, unknown>): void;\n}\n\n// ─── Logger Registry ──────────────────────────────────────────────────────\n\n// Initialize with DefaultLogger so production errors are never silent.\n// Replaced when setLogger() is called from instrumentation.ts.\nlet _logger: TimberLogger = createDefaultLogger();\n\n/\n Set the user-provided logger. Called by the instrumentation loader\n * when it finds a `logger` export in instrumentation.ts. Replaces\n * the DefaultLogger entirely.\n /\nexport function setLogger(logger: TimberLogger): void {\n _logger = logger;\n}\n\n/\n Get the current logger. Always non-null — returns DefaultLogger when\n * no custom logger is configured.\n /\nexport function getLogger(): TimberLogger {\n return _logger;\n}\n\n// ─── Framework Log Helpers ────────────────────────────────────────────────\n\n/\n Inject trace_id and span_id into log data for log–trace correlation.\n * Always injects trace_id (never undefined). Injects span_id only when OTEL is active.\n /\nfunction withTraceContext(data?: Record<string, unknown>): Record<string, unknown> {\n const store = getTraceStore();\n const enriched: Record<string, unknown> = { ...data };\n if (store) {\n enriched.trace_id = store.traceId;\n if (store.spanId) {\n enriched.span_id = store.spanId;\n }\n }\n return enriched;\n}\n\n// ─── Framework Event Emitters ─────────────────────────────────────────────\n\n/* Log a completed request. Level: info. /\nexport function logRequestCompleted(data: {\n method: string;\n path: string;\n status: number;\n durationMs: number;\n /* Number of concurrent in-flight requests (including this one) at completion time. /\n concurrency?: number;\n}): void {\n _logger.info('request completed', withTraceContext(data));\n}\n\n/* Log request received. Level: debug. /\nexport function logRequestReceived(data: { method: string; path: string }): void {\n _logger.debug('request received', withTraceContext(data));\n}\n\n/* Log a slow request warning. Level: warn. /\nexport function logSlowRequest(data: {\n method: string;\n path: string;\n durationMs: number;\n threshold: number;\n /* Number of concurrent in-flight requests at the time the slow request completed. /\n concurrency?: number;\n}): void {\n _logger.warn('slow request exceeded threshold', withTraceContext(data));\n}\n\n/* Log middleware short-circuit. Level: debug. /\nexport function logMiddlewareShortCircuit(data: {\n method: string;\n path: string;\n status: number;\n}): void {\n _logger.debug('middleware short-circuited', withTraceContext(data));\n}\n\n/* Log unhandled error in middleware phase. Level: error. /\nexport function logMiddlewareError(data: { method: string; path: string; error: unknown }): void {\n _logger.error('unhandled error in middleware phase', withTraceContext(data));\n}\n\n/* Log unhandled render-phase error. Level: error. /\nexport function logRenderError(data: {\n method: string;\n path: string;\n error: unknown;\n errorId?: string;\n}): void {\n _logger.error('unhandled render-phase error', withTraceContext(data));\n}\n\n/* Log proxy.ts uncaught error. Level: error. /\nexport function logProxyError(data: { error: unknown }): void {\n _logger.error('proxy.ts threw uncaught error', withTraceContext(data));\n}\n\n/* Log unhandled error in server action. Level: error. /\nexport function logActionError(data: { method: string; path: string; error: unknown }): void {\n _logger.error('unhandled server action error', withTraceContext(data));\n}\n\n/* Log unhandled error in route handler. Level: error. /\nexport function logRouteError(data: { method: string; path: string; error: unknown }): void {\n _logger.error('unhandled route handler error', withTraceContext(data));\n}\n\n/* Log SSR streaming error (post-shell). Level: error. /\nexport function logStreamingError(data: { error: unknown }): void {\n _logger.error('SSR streaming error (post-shell)', withTraceContext(data));\n}\n\n/* Log waitUntil() adapter missing (once at startup). Level: warn. /\nexport function logWaitUntilUnsupported(): void {\n _logger.warn('adapter does not support waitUntil()');\n}\n\n/* Log waitUntil() promise rejection. Level: warn. /\nexport function logWaitUntilRejected(data: { error: unknown }): void {\n _logger.warn('waitUntil() promise rejected', withTraceContext(data));\n}\n\n/* Log staleWhileRevalidate refetch failure. Level: warn. /\nexport function logSwrRefetchFailed(data: { cacheKey: string; error: unknown }): void {\n _logger.warn('staleWhileRevalidate refetch failed', withTraceContext(data));\n}\n\n/* Log cache miss. Level: debug. /\nexport function logCacheMiss(data: { cacheKey: string }): void {\n _logger.debug('timber.cache MISS', withTraceContext(data));\n}\n","/\n Instrumentation — loads and runs the user's instrumentation.ts file.\n \n instrumentation.ts is a file convention at the project root that exports:\n * - register() — called once at server startup, before the first request\n * - onRequestError() — called for every unhandled server error\n * - logger — any object with info/warn/error/debug methods\n \n See design/17-logging.md §\"instrumentation.ts — The Entry Point\"\n /\n\nimport { setLogger, type TimberLogger } from './logger.js';\n\n// ─── Instrumentation Types ────────────────────────────────────────────────\n\nexport type InstrumentationOnRequestError = (\n error: unknown,\n request: InstrumentationRequestInfo,\n context: InstrumentationErrorContext\n) => void \| Promise<void>;\n\nexport interface InstrumentationRequestInfo {\n /* HTTP method: 'GET', 'POST', etc. /\n method: string;\n /* Request path: '/dashboard/projects/123' /\n path: string;\n /* Request headers as a plain object. /\n headers: Record<string, string>;\n}\n\nexport interface InstrumentationErrorContext {\n /* Which pipeline phase the error occurred in. /\n phase: 'proxy' \| 'handler' \| 'render' \| 'action' \| 'route';\n /* The route pattern: '/dashboard/projects/[id]' /\n routePath: string;\n /* Type of route that was matched. /\n routeType: 'page' \| 'route' \| 'action';\n /* Always set — OTEL trace ID or UUID fallback. /\n traceId: string;\n}\n\n// ─── Instrumentation Module Shape ─────────────────────────────────────────\n\ninterface InstrumentationModule {\n register?: () => void \| Promise<void>;\n onRequestError?: InstrumentationOnRequestError;\n logger?: TimberLogger;\n}\n\n// ─── State ────────────────────────────────────────────────────────────────\n//\n// Intentional per-app singletons (not per-request). Instrumentation loads\n// once at server startup and persists for the lifetime of the process/isolate.\n// These must NOT be migrated to ALS — they are correctly scoped to the app.\n\nlet _initialized = false;\nlet _onRequestError: InstrumentationOnRequestError \| null = null;\n\n/\n Load and initialize the user's instrumentation.ts module.\n \n - Awaits register() before returning (server blocks on this).\n * - Picks up the logger export and wires it into the framework logger.\n * - Stores onRequestError for later invocation.\n \n @param loader - Function that dynamically imports the user's instrumentation module.\n * Returns null if no instrumentation.ts exists.\n /\nexport async function loadInstrumentation(\n loader: () => Promise<InstrumentationModule \| null>\n): Promise<void> {\n if (_initialized) return;\n _initialized = true;\n\n let mod: InstrumentationModule \| null;\n try {\n mod = await loader();\n } catch (error) {\n console.error('[timber] Failed to load instrumentation.ts:', error);\n return;\n }\n\n if (!mod) return;\n\n // Wire up the logger export\n if (mod.logger && typeof mod.logger.info === 'function') {\n setLogger(mod.logger);\n }\n\n // Store onRequestError for later\n if (typeof mod.onRequestError === 'function') {\n _onRequestError = mod.onRequestError;\n }\n\n // Await register() — server does not accept requests until this resolves\n if (typeof mod.register === 'function') {\n try {\n await mod.register();\n } catch (error) {\n console.error('[timber] instrumentation.ts register() threw:', error);\n throw error;\n }\n }\n}\n\n/\n Call the user's onRequestError hook. Catches and logs any errors thrown\n * by the hook itself — it must not affect the response.\n /\nexport async function callOnRequestError(\n error: unknown,\n request: InstrumentationRequestInfo,\n context: InstrumentationErrorContext\n): Promise<void> {\n if (!_onRequestError) return;\n try {\n await _onRequestError(error, request, context);\n } catch (hookError) {\n console.error('[timber] onRequestError hook threw:', hookError);\n }\n}\n\n/\n Check if onRequestError is registered.\n /\nexport function hasOnRequestError(): boolean {\n return _onRequestError !== null;\n}\n\n/\n Reset instrumentation state. Test-only.\n /\nexport function resetInstrumentation(): void {\n _initialized = false;\n _onRequestError = null;\n}\n","/\n Social metadata rendering — Open Graph and Twitter Card meta tags.\n \n Extracted from metadata-render.ts to keep files under 500 lines.\n \n See design/16-metadata.md\n /\n\nimport type { Metadata } from './types.js';\nimport type { HeadElement } from './metadata.js';\n\n/\n Render Open Graph metadata into head element descriptors.\n \n Handles og:title, og:description, og:image (with dimensions/alt),\n * og:video, og:audio, og:article:author, and other OG properties.\n /\nexport function renderOpenGraph(\n og: NonNullable<Metadata['openGraph']>,\n elements: HeadElement[]\n): void {\n const simpleProps: Array<[string, string \| undefined]> = [\n ['og:title', og.title],\n ['og:description', og.description],\n ['og:url', og.url],\n ['og:site_name', og.siteName],\n ['og:locale', og.locale],\n ['og:type', og.type],\n ['og:article:published_time', og.publishedTime],\n ['og:article:modified_time', og.modifiedTime],\n ];\n\n for (const [property, content] of simpleProps) {\n if (content) {\n elements.push({ tag: 'meta', attrs: { property, content } });\n }\n }\n\n // Images — normalize single object to array for uniform handling\n if (og.images) {\n if (typeof og.images === 'string') {\n elements.push({ tag: 'meta', attrs: { property: 'og:image', content: og.images } });\n } else {\n const imgList = Array.isArray(og.images) ? og.images : [og.images];\n for (const img of imgList) {\n elements.push({ tag: 'meta', attrs: { property: 'og:image', content: img.url } });\n if (img.width) {\n elements.push({\n tag: 'meta',\n attrs: { property: 'og:image:width', content: String(img.width) },\n });\n }\n if (img.height) {\n elements.push({\n tag: 'meta',\n attrs: { property: 'og:image:height', content: String(img.height) },\n });\n }\n if (img.alt) {\n elements.push({ tag: 'meta', attrs: { property: 'og:image:alt', content: img.alt } });\n }\n }\n }\n }\n\n // Videos\n if (og.videos) {\n for (const video of og.videos) {\n elements.push({ tag: 'meta', attrs: { property: 'og:video', content: video.url } });\n }\n }\n\n // Audio\n if (og.audio) {\n for (const audio of og.audio) {\n elements.push({ tag: 'meta', attrs: { property: 'og:audio', content: audio.url } });\n }\n }\n\n // Authors\n if (og.authors) {\n for (const author of og.authors) {\n elements.push({\n tag: 'meta',\n attrs: { property: 'og:article:author', content: author },\n });\n }\n }\n}\n\n/\n Render Twitter Card metadata into head element descriptors.\n \n Handles twitter:card, twitter:site, twitter:title, twitter:image,\n * twitter:player, and twitter:app (per-platform name/id/url).\n /\nexport function renderTwitter(tw: NonNullable<Metadata['twitter']>, elements: HeadElement[]): void {\n const simpleProps: Array<[string, string \| undefined]> = [\n ['twitter:card', tw.card],\n ['twitter:site', tw.site],\n ['twitter:site:id', tw.siteId],\n ['twitter:title', tw.title],\n ['twitter:description', tw.description],\n ['twitter:creator', tw.creator],\n ['twitter:creator:id', tw.creatorId],\n ];\n\n for (const [name, content] of simpleProps) {\n if (content) {\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n\n // Images — normalize single object to array for uniform handling\n if (tw.images) {\n if (typeof tw.images === 'string') {\n elements.push({ tag: 'meta', attrs: { name: 'twitter:image', content: tw.images } });\n } else {\n const imgList = Array.isArray(tw.images) ? tw.images : [tw.images];\n for (const img of imgList) {\n const url = typeof img === 'string' ? img : img.url;\n elements.push({ tag: 'meta', attrs: { name: 'twitter:image', content: url } });\n }\n }\n }\n\n // Player card fields\n if (tw.players) {\n for (const player of tw.players) {\n elements.push({ tag: 'meta', attrs: { name: 'twitter:player', content: player.playerUrl } });\n if (player.width) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'twitter:player:width', content: String(player.width) },\n });\n }\n if (player.height) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'twitter:player:height', content: String(player.height) },\n });\n }\n if (player.streamUrl) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'twitter:player:stream', content: player.streamUrl },\n });\n }\n }\n }\n\n // App card fields — 3 platforms × 3 attributes (name, id, url)\n if (tw.app) {\n const platforms: Array<[keyof NonNullable<typeof tw.app.id>, string]> = [\n ['iPhone', 'iphone'],\n ['iPad', 'ipad'],\n ['googlePlay', 'googleplay'],\n ];\n\n // App name is shared across platforms but the spec uses per-platform names.\n // Emit for each platform that has an ID.\n if (tw.app.name) {\n for (const [key, tag] of platforms) {\n if (tw.app.id?.[key]) {\n elements.push({\n tag: 'meta',\n attrs: { name: `twitter:app:name:${tag}`, content: tw.app.name },\n });\n }\n }\n }\n\n for (const [key, tag] of platforms) {\n const id = tw.app.id?.[key];\n if (id) {\n elements.push({ tag: 'meta', attrs: { name: `twitter:app:id:${tag}`, content: id } });\n }\n }\n\n for (const [key, tag] of platforms) {\n const url = tw.app.url?.[key];\n if (url) {\n elements.push({ tag: 'meta', attrs: { name: `twitter:app:url:${tag}`, content: url } });\n }\n }\n }\n}\n","/\n Platform-specific metadata rendering — icons, Apple Web App, App Links, iTunes.\n \n Extracted from metadata-render.ts to keep files under 500 lines.\n \n See design/16-metadata.md\n /\n\nimport type { Metadata } from './types.js';\nimport type { HeadElement } from './metadata.js';\n\n/\n Render icon link elements (favicon, shortcut, apple-touch-icon, custom).\n /\nexport function renderIcons(icons: NonNullable<Metadata['icons']>, elements: HeadElement[]): void {\n // Icon\n if (icons.icon) {\n if (typeof icons.icon === 'string') {\n elements.push({ tag: 'link', attrs: { rel: 'icon', href: icons.icon } });\n } else if (Array.isArray(icons.icon)) {\n for (const icon of icons.icon) {\n const attrs: Record<string, string> = { rel: 'icon', href: icon.url };\n if (icon.sizes) attrs.sizes = icon.sizes;\n if (icon.type) attrs.type = icon.type;\n elements.push({ tag: 'link', attrs });\n }\n }\n }\n\n // Shortcut\n if (icons.shortcut) {\n const urls = Array.isArray(icons.shortcut) ? icons.shortcut : [icons.shortcut];\n for (const url of urls) {\n elements.push({ tag: 'link', attrs: { rel: 'shortcut icon', href: url } });\n }\n }\n\n // Apple\n if (icons.apple) {\n if (typeof icons.apple === 'string') {\n elements.push({ tag: 'link', attrs: { rel: 'apple-touch-icon', href: icons.apple } });\n } else if (Array.isArray(icons.apple)) {\n for (const icon of icons.apple) {\n const attrs: Record<string, string> = { rel: 'apple-touch-icon', href: icon.url };\n if (icon.sizes) attrs.sizes = icon.sizes;\n elements.push({ tag: 'link', attrs });\n }\n }\n }\n\n // Other\n if (icons.other) {\n for (const icon of icons.other) {\n const attrs: Record<string, string> = { rel: icon.rel, href: icon.url };\n if (icon.sizes) attrs.sizes = icon.sizes;\n if (icon.type) attrs.type = icon.type;\n elements.push({ tag: 'link', attrs });\n }\n }\n}\n\n/\n Render alternate link elements (canonical, hreflang, media, types).\n /\nexport function renderAlternates(\n alternates: NonNullable<Metadata['alternates']>,\n elements: HeadElement[]\n): void {\n if (alternates.canonical) {\n elements.push({ tag: 'link', attrs: { rel: 'canonical', href: alternates.canonical } });\n }\n\n if (alternates.languages) {\n for (const [lang, href] of Object.entries(alternates.languages)) {\n elements.push({\n tag: 'link',\n attrs: { rel: 'alternate', hreflang: lang, href },\n });\n }\n }\n\n if (alternates.media) {\n for (const [media, href] of Object.entries(alternates.media)) {\n elements.push({\n tag: 'link',\n attrs: { rel: 'alternate', media, href },\n });\n }\n }\n\n if (alternates.types) {\n for (const [type, href] of Object.entries(alternates.types)) {\n elements.push({\n tag: 'link',\n attrs: { rel: 'alternate', type, href },\n });\n }\n }\n}\n\n/\n Render site verification meta tags (Google, Yahoo, Yandex, custom).\n /\nexport function renderVerification(\n verification: NonNullable<Metadata['verification']>,\n elements: HeadElement[]\n): void {\n const verificationProps: Array<[string, string \| undefined]> = [\n ['google-site-verification', verification.google],\n ['y_key', verification.yahoo],\n ['yandex-verification', verification.yandex],\n ];\n\n for (const [name, content] of verificationProps) {\n if (content) {\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n if (verification.other) {\n for (const [name, value] of Object.entries(verification.other)) {\n const content = Array.isArray(value) ? value.join(', ') : value;\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n}\n\n/\n Render Apple Web App meta tags and startup image links.\n /\nexport function renderAppleWebApp(\n appleWebApp: NonNullable<Metadata['appleWebApp']>,\n elements: HeadElement[]\n): void {\n if (appleWebApp.capable) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'apple-mobile-web-app-capable', content: 'yes' },\n });\n }\n if (appleWebApp.title) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'apple-mobile-web-app-title', content: appleWebApp.title },\n });\n }\n if (appleWebApp.statusBarStyle) {\n elements.push({\n tag: 'meta',\n attrs: {\n name: 'apple-mobile-web-app-status-bar-style',\n content: appleWebApp.statusBarStyle,\n },\n });\n }\n if (appleWebApp.startupImage) {\n const images = Array.isArray(appleWebApp.startupImage)\n ? appleWebApp.startupImage\n : [{ url: appleWebApp.startupImage }];\n for (const img of images) {\n const url = typeof img === 'string' ? img : img.url;\n const attrs: Record<string, string> = { rel: 'apple-touch-startup-image', href: url };\n if (typeof img === 'object' && img.media) {\n attrs.media = img.media;\n }\n elements.push({ tag: 'link', attrs });\n }\n }\n}\n\n/\n Render App Links (al:) meta tags for deep linking across platforms.\n /\nexport function renderAppLinks(\n appLinks: NonNullable<Metadata['appLinks']>,\n elements: HeadElement[]\n): void {\n const platformEntries: Array<[string, Array<Record<string, unknown>> \| undefined]> = [\n ['ios', appLinks.ios],\n ['android', appLinks.android],\n ['windows', appLinks.windows],\n ['windows_phone', appLinks.windowsPhone],\n ['windows_universal', appLinks.windowsUniversal],\n ];\n\n for (const [platform, entries] of platformEntries) {\n if (!entries) continue;\n for (const entry of entries) {\n for (const [key, value] of Object.entries(entry)) {\n if (value !== undefined && value !== null) {\n elements.push({\n tag: 'meta',\n attrs: { property: `al:${platform}:${key}`, content: String(value) },\n });\n }\n }\n }\n }\n\n if (appLinks.web) {\n if (appLinks.web.url) {\n elements.push({\n tag: 'meta',\n attrs: { property: 'al:web:url', content: appLinks.web.url },\n });\n }\n if (appLinks.web.shouldFallback !== undefined) {\n elements.push({\n tag: 'meta',\n attrs: {\n property: 'al:web:should_fallback',\n content: appLinks.web.shouldFallback ? 'true' : 'false',\n },\n });\n }\n }\n}\n\n/*\n Render Apple iTunes smart banner meta tag.\n /\nexport function renderItunes(\n itunes: NonNullable<Metadata['itunes']>,\n elements: HeadElement[]\n): void {\n const parts = [`app-id=${itunes.appId}`];\n if (itunes.affiliateData) parts.push(`affiliate-data=${itunes.affiliateData}`);\n if (itunes.appArgument) parts.push(`app-argument=${itunes.appArgument}`);\n elements.push({\n tag: 'meta',\n attrs: { name: 'apple-itunes-app', content: parts.join(', ') },\n });\n}\n","/\n Metadata rendering — converts resolved Metadata into HeadElement descriptors.\n \n Extracted from metadata.ts to keep files under 500 lines.\n \n See design/16-metadata.md\n /\n\nimport type { Metadata } from './types.js';\nimport type { HeadElement } from './metadata.js';\nimport { renderOpenGraph, renderTwitter } from './metadata-social.js';\nimport {\n renderIcons,\n renderAlternates,\n renderVerification,\n renderAppleWebApp,\n renderAppLinks,\n renderItunes,\n} from './metadata-platform.js';\n\n// ─── Render to Elements ──────────────────────────────────────────────────────\n\n/\n Convert resolved metadata into an array of head element descriptors.\n \n Each descriptor has a `tag` ('title', 'meta', 'link') and either\n * `content` (for <title>) or `attrs` (for <meta>/<link>).\n \n The framework's MetadataResolver component consumes these descriptors\n * and renders them into the <head>.\n /\nexport function renderMetadataToElements(metadata: Metadata): HeadElement[] {\n const elements: HeadElement[] = [];\n\n // Title\n if (typeof metadata.title === 'string') {\n elements.push({ tag: 'title', content: metadata.title });\n }\n\n // Simple string meta tags\n const simpleMetaProps: Array<[string, string \| undefined]> = [\n ['description', metadata.description],\n ['generator', metadata.generator],\n ['application-name', metadata.applicationName],\n ['referrer', metadata.referrer],\n ['category', metadata.category],\n ['creator', metadata.creator],\n ['publisher', metadata.publisher],\n ];\n\n for (const [name, content] of simpleMetaProps) {\n if (content) {\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n\n // Keywords (array or string)\n if (metadata.keywords) {\n const content = Array.isArray(metadata.keywords)\n ? metadata.keywords.join(', ')\n : metadata.keywords;\n elements.push({ tag: 'meta', attrs: { name: 'keywords', content } });\n }\n\n // Robots\n if (metadata.robots) {\n const content =\n typeof metadata.robots === 'string' ? metadata.robots : renderRobotsObject(metadata.robots);\n elements.push({ tag: 'meta', attrs: { name: 'robots', content } });\n\n // googleBot as separate tag\n if (typeof metadata.robots === 'object' && metadata.robots.googleBot) {\n const gbContent =\n typeof metadata.robots.googleBot === 'string'\n ? metadata.robots.googleBot\n : renderRobotsObject(metadata.robots.googleBot);\n elements.push({ tag: 'meta', attrs: { name: 'googlebot', content: gbContent } });\n }\n }\n\n // Open Graph\n if (metadata.openGraph) {\n renderOpenGraph(metadata.openGraph, elements);\n }\n\n // Twitter\n if (metadata.twitter) {\n renderTwitter(metadata.twitter, elements);\n }\n\n // Icons\n if (metadata.icons) {\n renderIcons(metadata.icons, elements);\n }\n\n // Manifest\n if (metadata.manifest) {\n elements.push({ tag: 'link', attrs: { rel: 'manifest', href: metadata.manifest } });\n }\n\n // Alternates\n if (metadata.alternates) {\n renderAlternates(metadata.alternates, elements);\n }\n\n // Verification\n if (metadata.verification) {\n renderVerification(metadata.verification, elements);\n }\n\n // Format detection\n if (metadata.formatDetection) {\n const parts: string[] = [];\n if (metadata.formatDetection.telephone === false) parts.push('telephone=no');\n if (metadata.formatDetection.email === false) parts.push('email=no');\n if (metadata.formatDetection.address === false) parts.push('address=no');\n if (parts.length > 0) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'format-detection', content: parts.join(', ') },\n });\n }\n }\n\n // Authors\n if (metadata.authors) {\n const authorList = Array.isArray(metadata.authors) ? metadata.authors : [metadata.authors];\n for (const author of authorList) {\n if (author.name) {\n elements.push({ tag: 'meta', attrs: { name: 'author', content: author.name } });\n }\n if (author.url) {\n elements.push({ tag: 'link', attrs: { rel: 'author', href: author.url } });\n }\n }\n }\n\n // Apple Web App\n if (metadata.appleWebApp) {\n renderAppleWebApp(metadata.appleWebApp, elements);\n }\n\n // App Links (al:)\n if (metadata.appLinks) {\n renderAppLinks(metadata.appLinks, elements);\n }\n\n // iTunes\n if (metadata.itunes) {\n renderItunes(metadata.itunes, elements);\n }\n\n // Other (custom meta tags)\n if (metadata.other) {\n for (const [name, value] of Object.entries(metadata.other)) {\n const content = Array.isArray(value) ? value.join(', ') : value;\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n\n return elements;\n}\n\n// ─── Rendering Helpers ───────────────────────────────────────────────────────\n\nfunction renderRobotsObject(robots: Record<string, unknown>): string {\n const parts: string[] = [];\n if (robots.index === true) parts.push('index');\n if (robots.index === false) parts.push('noindex');\n if (robots.follow === true) parts.push('follow');\n if (robots.follow === false) parts.push('nofollow');\n return parts.join(', ');\n}\n","/*\n Metadata resolution for timber.js.\n \n Resolves metadata from a segment chain (layouts + page), applies title\n * templates, shallow-merges entries, and produces head element descriptors.\n \n Resolution happens inside the render pass — React.cache is active,\n * metadata is outside Suspense, and the flush point guarantees completeness.\n \n Rendering (Metadata → HeadElement[]) is in metadata-render.ts.\n \n See design/16-metadata.md\n /\n\nimport type { Metadata } from './types.js';\n\n// Re-export renderMetadataToElements from the rendering module so existing\n// consumers (route-element-builder, tests) can keep importing from here.\nexport { renderMetadataToElements } from './metadata-render.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\n/* A single metadata entry from a layout or page module. /\nexport interface SegmentMetadataEntry {\n /* The resolved metadata object (from static or async `metadata` export). /\n metadata: Metadata;\n /* Whether this entry is from the page (leaf) module. /\n isPage: boolean;\n}\n\n/* Options for resolveMetadata. /\nexport interface ResolveMetadataOptions {\n /\n When true, the page's metadata is discarded (simulating a render error)\n * and `<meta name=\"robots\" content=\"noindex\">` is injected.\n /\n errorState?: boolean;\n}\n\n/* A rendered head element descriptor. /\nexport interface HeadElement {\n tag: 'title' \| 'meta' \| 'link';\n content?: string;\n attrs?: Record<string, string>;\n}\n\n// ─── Title Resolution ────────────────────────────────────────────────────────\n\n/\n Resolve a title value with an optional template.\n \n - string → apply template if present\n * - { absolute: '...' } → use as-is, skip template\n * - { default: '...' } → use as fallback (no template applied)\n * - undefined → undefined\n /\nexport function resolveTitle(\n title: Metadata['title'],\n template: string \| undefined\n): string \| undefined {\n if (title === undefined \|\| title === null) {\n return undefined;\n }\n\n if (typeof title === 'string') {\n return template ? template.replace('%s', title) : title;\n }\n\n // Object form\n if (title.absolute !== undefined) {\n return title.absolute;\n }\n\n if (title.default !== undefined) {\n return title.default;\n }\n\n return undefined;\n}\n\n// ─── Metadata Resolution ─────────────────────────────────────────────────────\n\n/\n Resolve metadata from a segment chain.\n \n Processes entries from root layout to page (in segment order).\n * The merge algorithm:\n * 1. Shallow-merge all keys except title (later wins)\n * 2. Track the most recent title template\n * 3. Resolve the final title using the template\n \n In error state, the page entry is dropped and noindex is injected.\n \n See design/16-metadata.md §\"Merge Algorithm\"\n /\nexport function resolveMetadata(\n entries: SegmentMetadataEntry[],\n options: ResolveMetadataOptions = {}\n): Metadata {\n const { errorState = false } = options;\n\n const merged: Metadata = {};\n let titleTemplate: string \| undefined;\n let lastDefault: string \| undefined;\n let rawTitle: Metadata['title'];\n\n for (const { metadata, isPage } of entries) {\n // In error state, skip the page's metadata entirely\n if (errorState && isPage) {\n continue;\n }\n\n // Track title template\n if (metadata.title !== undefined && typeof metadata.title === 'object') {\n if (metadata.title.template !== undefined) {\n titleTemplate = metadata.title.template;\n }\n if (metadata.title.default !== undefined) {\n lastDefault = metadata.title.default;\n }\n }\n\n // Shallow-merge all keys except title\n for (const key of Object.keys(metadata) as Array<keyof Metadata>) {\n if (key === 'title') continue;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n (merged as any)[key] = metadata[key];\n }\n\n // Track raw title (will be resolved after the loop)\n if (metadata.title !== undefined) {\n rawTitle = metadata.title;\n }\n }\n\n // In error state, we lost page title — use the most recent default\n if (errorState) {\n rawTitle = lastDefault !== undefined ? { default: lastDefault } : rawTitle;\n // Don't apply template in error state\n titleTemplate = undefined;\n }\n\n // Resolve the final title\n const resolvedTitle = resolveTitle(rawTitle, titleTemplate);\n if (resolvedTitle !== undefined) {\n merged.title = resolvedTitle;\n }\n\n // Error state: inject noindex, overriding any user robots\n if (errorState) {\n merged.robots = 'noindex';\n }\n\n return merged;\n}\n\n// ─── URL Resolution ──────────────────────────────────────────────────────────\n\n/\n Check if a string is an absolute URL.\n /\nfunction isAbsoluteUrl(url: string): boolean {\n return url.startsWith('http://') \|\| url.startsWith('https://') \|\| url.startsWith('//');\n}\n\n/\n Resolve a relative URL against a base URL.\n /\nfunction resolveUrl(url: string, base: URL): string {\n if (isAbsoluteUrl(url)) return url;\n return new URL(url, base).toString();\n}\n\n/\n Resolve relative URLs in metadata fields against metadataBase.\n \n Returns a new metadata object with URLs resolved. Absolute URLs are not modified.\n * If metadataBase is not set, returns the metadata unchanged.\n /\nexport function resolveMetadataUrls(metadata: Metadata): Metadata {\n const base = metadata.metadataBase;\n if (!base) return metadata;\n\n const result = { ...metadata };\n\n // Resolve openGraph images\n if (result.openGraph) {\n result.openGraph = { ...result.openGraph };\n if (typeof result.openGraph.images === 'string') {\n result.openGraph.images = resolveUrl(result.openGraph.images, base);\n } else if (Array.isArray(result.openGraph.images)) {\n result.openGraph.images = result.openGraph.images.map((img) => ({\n ...img,\n url: resolveUrl(img.url, base),\n }));\n } else if (result.openGraph.images) {\n // Single object: { url, width?, height?, alt? }\n result.openGraph.images = {\n ...result.openGraph.images,\n url: resolveUrl(result.openGraph.images.url, base),\n };\n }\n if (result.openGraph.url && !isAbsoluteUrl(result.openGraph.url)) {\n result.openGraph.url = resolveUrl(result.openGraph.url, base);\n }\n }\n\n // Resolve twitter images\n if (result.twitter) {\n result.twitter = { ...result.twitter };\n if (typeof result.twitter.images === 'string') {\n result.twitter.images = resolveUrl(result.twitter.images, base);\n } else if (Array.isArray(result.twitter.images)) {\n // Resolve each image URL, preserving the union type structure\n const resolved = result.twitter.images.map((img) =>\n typeof img === 'string' ? resolveUrl(img, base) : { ...img, url: resolveUrl(img.url, base) }\n );\n // If all entries are strings, assign as string[]; otherwise as object[]\n const allStrings = resolved.every((r) => typeof r === 'string');\n result.twitter.images = allStrings\n ? (resolved as string[])\n : (resolved as Array<{ url: string; alt?: string; width?: number; height?: number }>);\n } else if (result.twitter.images) {\n // Single object: { url, alt?, width?, height? }\n result.twitter.images = {\n ...result.twitter.images,\n url: resolveUrl(result.twitter.images.url, base),\n };\n }\n }\n\n // Resolve alternates\n if (result.alternates) {\n result.alternates = { ...result.alternates };\n if (result.alternates.canonical && !isAbsoluteUrl(result.alternates.canonical)) {\n result.alternates.canonical = resolveUrl(result.alternates.canonical, base);\n }\n if (result.alternates.languages) {\n const langs: Record<string, string> = {};\n for (const [lang, url] of Object.entries(result.alternates.languages)) {\n langs[lang] = isAbsoluteUrl(url) ? url : resolveUrl(url, base);\n }\n result.alternates.languages = langs;\n }\n }\n\n // Resolve icon URLs\n if (result.icons) {\n result.icons = { ...result.icons };\n if (typeof result.icons.icon === 'string') {\n result.icons.icon = resolveUrl(result.icons.icon, base);\n } else if (Array.isArray(result.icons.icon)) {\n result.icons.icon = result.icons.icon.map((i) => ({ ...i, url: resolveUrl(i.url, base) }));\n }\n if (typeof result.icons.apple === 'string') {\n result.icons.apple = resolveUrl(result.icons.apple, base);\n } else if (Array.isArray(result.icons.apple)) {\n result.icons.apple = result.icons.apple.map((i) => ({ ...i, url: resolveUrl(i.url, base) }));\n }\n }\n\n return result;\n}\n","/\n loadModule — enriched error context for route manifest .load() failures.\n \n Wraps the lazy `load()` functions from the route manifest with a\n * try/catch that re-throws with the file path and original cause.\n \n Callers that need fallthrough behavior (error renderers) can use\n * `.catch(() => null)` or try/catch — the decision stays at the call site.\n \n See design/spike-TIM-551-dynamic-import-audit.md §\"Proposed Wrapping Strategy\"\n /\n\n/* A manifest file reference with a lazy import function and file path. /\nexport interface ManifestLoader {\n load: () => Promise<unknown>;\n filePath: string;\n}\n\n/\n Custom error class for module load failures.\n \n Preserves the original error as `cause` while providing a\n * human-readable message with the file path.\n /\nexport class ModuleLoadError extends Error {\n /* The file path that failed to load. /\n readonly filePath: string;\n\n constructor(filePath: string, cause: unknown) {\n const originalMessage = cause instanceof Error ? cause.message : String(cause);\n super(`[timber] Failed to load module ${filePath}\\n ${originalMessage}`, { cause });\n this.name = 'ModuleLoadError';\n this.filePath = filePath;\n }\n}\n\n/\n Load a route manifest module with enriched error context.\n \n On success: returns the module object (same as `loader.load()`).\n * On failure: throws `ModuleLoadError` with file path and original cause.\n \n For error rendering paths that need fallthrough instead of throwing,\n * callers should catch at the call site:\n \n ```ts\n * // Throwing (default) — route-element-builder, api-handler, etc.\n * const mod = await loadModule(segment.page);\n \n // Fallthrough — error-renderer, error-boundary-wrapper\n * const mod = await loadModule(segment.error).catch(() => null);\n * ```\n /\nexport async function loadModule<T = Record<string, unknown>>(loader: ManifestLoader): Promise<T> {\n try {\n return (await loader.load()) as T;\n } catch (error) {\n throw new ModuleLoadError(loader.filePath, error);\n }\n}\n","/\n Deny Page Resolver — resolves status-code file components for in-tree deny handling.\n \n When AccessGate or PageDenyBoundary catches a DenySignal, they need to\n * render the matching deny page (403.tsx, 4xx.tsx, error.tsx) as a normal\n * element in the React tree. This module resolves the deny page chain from\n * the segment chain — a list of fallback components ordered by specificity.\n \n The chain is built during buildRouteElement and passed as a prop to\n * AccessGate and PageDenyBoundary. At catch time, the first matching\n * component is rendered.\n \n See design/10-error-handling.md §\"Status-Code Files\", TIM-666.\n /\n\nimport { createElement } from 'react';\n\nimport type { ManifestSegmentNode } from './route-matcher.js';\nimport { loadModule } from './safe-load.js';\nimport { requestContextAls } from './als-registry.js';\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/* A single entry in the deny page fallback chain. /\nexport interface DenyPageEntry {\n /* Status code filter: specific (403), category (400 = any 4xx), or null (catch-all). /\n status: number \| null;\n /* The component to render (server or client — both work). /\n component: (...args: unknown[]) => unknown;\n}\n\n// ─── Resolver ─────────────────────────────────────────────────────────────\n\n/\n Build the deny page fallback chain from the segment chain.\n \n Walks segments from `startIndex` outward (toward root) and collects\n * status-code file components in fallback order:\n * 1. Specific status files (403.tsx, 404.tsx) — exact match\n * 2. Category catch-alls (4xx.tsx) — matches any 4xx\n * 3. error.tsx — catches everything\n \n Each segment is checked in this order. The chain is ordered so the\n * FIRST match wins at catch time.\n /\nexport async function buildDenyPageChain(\n segments: ManifestSegmentNode[],\n startIndex: number\n): Promise<DenyPageEntry[]> {\n const chain: DenyPageEntry[] = [];\n\n // Pass 1: Status files (specific + category) across ALL segments.\n // These have higher priority than error.tsx — a root 4xx.tsx should\n // match before a leaf error.tsx. Walking inner → outer ensures the\n // nearest match wins within each priority tier.\n for (let i = startIndex; i >= 0; i--) {\n const segment = segments[i];\n if (!segment.statusFiles) continue;\n\n // Specific status files (403.tsx, 404.tsx, etc.)\n for (const [key, file] of Object.entries(segment.statusFiles)) {\n if (key !== '4xx' && key !== '5xx') {\n const status = parseInt(key, 10);\n if (!isNaN(status)) {\n const mod = await loadModule(file).catch(() => null);\n if (mod?.default) {\n chain.push({ status, component: mod.default as (...args: unknown[]) => unknown });\n }\n }\n }\n }\n\n // Category catch-alls (4xx.tsx, 5xx.tsx)\n for (const [key, file] of Object.entries(segment.statusFiles)) {\n if (key === '4xx' \|\| key === '5xx') {\n const mod = await loadModule(file).catch(() => null);\n if (mod?.default) {\n const categoryStatus = key === '4xx' ? 400 : 500;\n chain.push({\n status: categoryStatus,\n component: mod.default as (...args: unknown[]) => unknown,\n });\n }\n }\n }\n }\n\n // Pass 2: error.tsx files — lowest priority catch-all.\n // Only added AFTER all status files so they never shadow a specific\n // or category status file from an ancestor segment.\n for (let i = startIndex; i >= 0; i--) {\n const segment = segments[i];\n if (segment.error) {\n const mod = await loadModule(segment.error).catch(() => null);\n if (mod?.default) {\n chain.push({ status: null, component: mod.default as (...args: unknown[]) => unknown });\n }\n }\n }\n\n return chain;\n}\n\n// ─── Matcher ──────────────────────────────────────────────────────────────\n\n/\n Find the first deny page in the chain that matches the given status code.\n * Returns a React element for the matching component, or null if no match.\n /\nexport function renderMatchingDenyPage(\n chain: DenyPageEntry[],\n status: number,\n data: unknown\n): React.ReactElement \| null {\n const h = createElement as (...args: unknown[]) => React.ReactElement;\n\n for (const entry of chain) {\n if (entry.status === status) {\n return h(entry.component, { status, dangerouslyPassData: data });\n }\n if (entry.status === 400 && status >= 400 && status <= 499) {\n return h(entry.component, { status, dangerouslyPassData: data });\n }\n if (entry.status === 500 && status >= 500 && status <= 599) {\n return h(entry.component, { status, dangerouslyPassData: data });\n }\n if (entry.status === null) {\n return h(entry.component, { status, dangerouslyPassData: data });\n }\n }\n return null;\n}\n\n// ─── ALS Helper ───────────────────────────────────────────────────────────\n\n/\n Set the deny status in the request context ALS.\n * Called from AccessGate / PageDenyBoundary when a DenySignal is caught.\n * The pipeline reads this after render to set the HTTP status code.\n /\nexport function setDenyStatus(status: number): void {\n const store = requestContextAls.getStore();\n if (store) {\n store.denyStatus = status;\n }\n}\n\n/\n Read the deny status from the request context ALS.\n * Returns undefined if no deny was caught during render.\n /\nexport function getDenyStatus(): number \| undefined {\n return requestContextAls.getStore()?.denyStatus;\n}\n","/\n AccessGate and SlotAccessGate — framework-injected async server components.\n \n AccessGate wraps each segment's layout in the element tree. It calls the\n * segment's access.ts before the layout renders. If access.ts calls deny()\n * or redirect(), the signal propagates as a render-phase throw — caught by\n * the flush controller to produce the correct HTTP status code.\n \n SlotAccessGate wraps parallel slot content. On denial, it renders the\n * graceful degradation chain: denied.tsx → default.tsx → null. Slot denial\n * does not affect the HTTP status code.\n \n See design/04-authorization.md and design/02-rendering-pipeline.md §\"AccessGate\"\n /\n\nimport { DenySignal, RedirectSignal } from './primitives.js';\nimport type { AccessGateProps, SlotAccessGateProps, ReactElement } from './tree-builder.js';\nimport { withSpan, setSpanAttribute } from './tracing.js';\nimport { isDebug } from './debug.js';\nimport type { DenyPageEntry } from './deny-page-resolver.js';\nimport { renderMatchingDenyPage, setDenyStatus } from './deny-page-resolver.js';\n\n// ─── AccessGate ─────────────────────────────────────────────────────────────\n\n/\n Framework-injected access gate for segments.\n \n When a pre-computed `verdict` prop is provided (from the pre-render pass\n * in route-element-builder.ts), AccessGate replays it synchronously — no\n * async, no re-execution of access.ts, immune to Suspense timing. The OTEL\n * span was already emitted during the pre-render pass.\n \n When no verdict is provided (backward compat with tree-builder.ts),\n * AccessGate calls accessFn directly with OTEL instrumentation.\n \n access.ts is a pure gate — return values are discarded. The layout below\n * gets the same data by calling the same cached functions (React.cache dedup).\n /\nexport function AccessGate(props: AccessGateProps): ReactElement \| Promise<ReactElement> {\n const { accessFn, segmentName, verdict, denyPages, children } = props;\n\n // Fast path: replay pre-computed verdict from the pre-render pass.\n if (verdict !== undefined) {\n if (verdict === 'pass') {\n return children;\n }\n throw verdict;\n }\n\n // Primary path: call accessFn directly during render.\n // If denyPages is provided, catch DenySignal and render the deny page\n // in-tree — no throw reaches React Flight, no second render pass.\n return accessGateFallback(accessFn, segmentName, denyPages, children);\n}\n\n/\n Async fallback for AccessGate when no pre-computed verdict is available.\n * Calls accessFn with OTEL instrumentation.\n /\nasync function accessGateFallback(\n accessFn: AccessGateProps['accessFn'],\n segmentName: AccessGateProps['segmentName'],\n denyPages: DenyPageEntry[] \| undefined,\n children: ReactElement\n): Promise<ReactElement> {\n try {\n await withSpan('timber.access', { 'timber.segment': segmentName ?? 'unknown' }, async () => {\n try {\n await accessFn();\n await setSpanAttribute('timber.result', 'pass');\n } catch (error: unknown) {\n if (error instanceof DenySignal) {\n await setSpanAttribute('timber.result', 'deny');\n await setSpanAttribute('timber.deny_status', error.status);\n if (error.sourceFile) {\n await setSpanAttribute('timber.deny_file', error.sourceFile);\n }\n } else if (error instanceof RedirectSignal) {\n await setSpanAttribute('timber.result', 'redirect');\n }\n throw error;\n }\n });\n } catch (error: unknown) {\n // Catch DenySignal and render the deny page in-tree.\n // No throw reaches React Flight — clean stream, single render pass.\n // RedirectSignal and other errors propagate normally.\n if (error instanceof DenySignal && denyPages) {\n const denyElement = renderMatchingDenyPage(denyPages, error.status, error.data);\n if (denyElement) {\n setDenyStatus(error.status);\n return denyElement;\n }\n }\n throw error;\n }\n\n return children;\n}\n\n// ─── SlotAccessGate ─────────────────────────────────────────────────────────\n\n/\n Framework-injected access gate for parallel slots.\n \n On denial, graceful degradation: denied.tsx → default.tsx → null.\n * The HTTP status code is unaffected — slot denial is a UI concern, not\n * a protocol concern. The parent layout and sibling slots still render.\n \n DeniedComponent is passed instead of a pre-built element so that\n * DenySignal.data can be forwarded as the dangerouslyPassData prop\n * and the slot name can be passed as the slot prop. See TIM-488.\n \n redirect() in slot access.ts is a dev-mode error — redirecting from a\n * slot doesn't make architectural sense.\n /\nexport async function SlotAccessGate(props: SlotAccessGateProps): Promise<ReactElement> {\n const { accessFn, DeniedComponent, slotName, createElement, defaultFallback, children } = props;\n\n try {\n await accessFn();\n } catch (error: unknown) {\n // DenySignal → graceful degradation (denied.tsx → default.tsx → null)\n // Build the denied element dynamically so DenySignal.data is forwarded.\n if (error instanceof DenySignal) {\n return (\n buildDeniedFallback(DeniedComponent, slotName, error.data, createElement) ??\n defaultFallback ??\n null\n );\n }\n\n // RedirectSignal in slot access → dev-mode error.\n // Slot access should use deny(), not redirect(). Redirecting from a\n // slot would redirect the entire page, which breaks the contract that\n // slot failure is graceful degradation.\n if (error instanceof RedirectSignal) {\n if (isDebug()) {\n console.error(\n '[timber] redirect() is not allowed in slot access.ts. ' +\n 'Slots use deny() for graceful degradation — denied.tsx → default.tsx → null. ' +\n \"If you need to redirect, move the logic to the parent segment's access.ts.\"\n );\n }\n // In production, treat as a deny — render fallback rather than crash.\n return (\n buildDeniedFallback(DeniedComponent, slotName, undefined, createElement) ??\n defaultFallback ??\n null\n );\n }\n\n // Unhandled error — re-throw so error boundaries can catch it.\n // Dev-mode warning: slot access should use deny(), not throw.\n if (isDebug()) {\n console.warn(\n '[timber] Unhandled error in slot access.ts. ' +\n 'Use deny() for access control, not unhandled throws.',\n error\n );\n }\n throw error;\n }\n\n // Access passed — render slot content.\n return children;\n}\n\n/\n Build the denied fallback element dynamically with DenySignal data.\n * Returns null if no DeniedComponent is available.\n /\nfunction buildDeniedFallback(\n DeniedComponent: SlotAccessGateProps['DeniedComponent'],\n slotName: string,\n data: unknown,\n createElement: SlotAccessGateProps['createElement']\n): ReactElement \| null {\n if (!DeniedComponent) return null;\n return createElement(DeniedComponent, {\n slot: slotName,\n dangerouslyPassData: data,\n });\n}\n","/\n Route Element Builder — constructs a React element tree from a matched route.\n \n Extracted from rsc-entry.ts to enable reuse by the revalidation renderer\n * (which needs the element tree without RSC serialization) and to keep\n * rsc-entry.ts under the 500-line limit.\n \n This module handles:\n * 1. Loading page/layout components from the segment chain\n * 2. Collecting access.ts checks (executed inside render by AccessPreRunner)\n * 3. Resolving metadata (static object or async function, both exported as `metadata`)\n * 4. Building the React element tree (page → error boundaries → access gates → layouts)\n * 5. Resolving parallel slots\n * 6. Wrapping the tree with AccessPreRunner for React.cache-scoped access checks\n \n See design/02-rendering-pipeline.md, design/04-authorization.md\n /\n\nimport { createElement } from 'react';\n\nimport { withSpan } from './tracing.js';\nimport type { RouteMatch } from './pipeline.js';\nimport type { ManifestSegmentNode } from './route-matcher.js';\nimport { resolveMetadata, renderMetadataToElements } from './metadata.js';\nimport type { HeadElement as MetadataHeadElement } from './metadata.js';\nimport type { Metadata } from './types.js';\nimport { METADATA_ROUTE_CONVENTIONS, getMetadataRouteAutoLink } from './metadata-routes.js';\nimport { DenySignal, RedirectSignal } from './primitives.js';\nimport { AccessGate } from './access-gate.js';\nimport { PageDenyBoundary } from './page-deny-boundary.js';\nimport { buildDenyPageChain, renderMatchingDenyPage, setDenyStatus } from './deny-page-resolver.js';\nimport type { DenyPageEntry } from './deny-page-resolver.js';\nimport { resolveSlotElement } from './slot-resolver.js';\nimport { SegmentProvider } from '../client/segment-context.js';\n\nimport { wrapSegmentWithErrorBoundaries } from './error-boundary-wrapper.js';\nimport type { InterceptionContext } from './pipeline.js';\nimport { shouldSkipSegment } from './state-tree-diff.js';\nimport { loadModule } from './safe-load.js';\n\n// ─── Client Reference Detection ──────────────────────────────────────────\n\n/\n Symbol used by React Flight to mark client references.\n * Client references are proxy objects created by @vitejs/plugin-rsc for\n * 'use client' modules in the RSC environment. They must be passed to\n * createElement() — calling them as functions throws:\n * \"Unexpectedly client reference export 'default' is called on server\"\n /\nconst CLIENT_REFERENCE_TAG = Symbol.for('react.client.reference');\n\n/\n Detect whether a component is a React client reference.\n * Client references have $$typeof set to Symbol.for('react.client.reference')\n * by registerClientReference() in the React Flight server runtime.\n \n Used to skip OTEL tracing wrappers that would call the component as a\n * function. Client components must go through createElement only — they are\n * serialized as references in the RSC Flight stream, not executed on the server.\n /\nexport function isClientReference(component: unknown): boolean {\n return (\n component != null &&\n typeof component === 'function' &&\n (component as unknown as Record<string, unknown>).$$typeof === CLIENT_REFERENCE_TAG\n );\n}\n\n// ─── Param Coercion Error ─────────────────────────────────────────────────\n\n/\n Thrown when a defineSegmentParams codec's parse() fails.\n * The pipeline catches this and responds with 404.\n /\nexport class ParamCoercionError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'ParamCoercionError';\n }\n}\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/* Head element for client-side metadata updates. /\nexport interface HeadElement {\n tag: string;\n content?: string;\n attrs?: Record<string, string \| null>;\n}\n\n/* Layout entry with component and segment. /\nexport interface LayoutComponentEntry {\n component: (...args: unknown[]) => unknown;\n segment: ManifestSegmentNode;\n}\n\n/* Result of building a route element tree. /\nexport interface RouteElementResult {\n /* The React element tree (page wrapped in layouts, access gates, error boundaries). /\n element: React.ReactElement;\n /* Resolved head elements for metadata. /\n headElements: HeadElement[];\n /* Layout components loaded along the segment chain. /\n layoutComponents: LayoutComponentEntry[];\n /* Segments from the route match. /\n segments: ManifestSegmentNode[];\n /* Max deferSuspenseFor hold window across all segments. /\n deferSuspenseFor: number;\n /\n Segment paths that were skipped because the client already has them cached.\n * Ordered outermost to innermost. Empty when no segments were skipped.\n * The client uses this to merge the partial payload with cached segments.\n * See design/19-client-navigation.md §\"X-Timber-State-Tree Header\"\n /\n skippedSegments: string[];\n}\n\n/\n Wraps a DenySignal or RedirectSignal with the layout components loaded\n * so far, enabling the caller to render deny pages inside the layout shell.\n \n @deprecated No longer thrown by buildRouteElement since TIM-662. Access\n * checks now run inside AccessPreRunner during renderToReadableStream, and\n * signals are caught by onError. Kept for backward compat with external code.\n /\nexport class RouteSignalWithContext extends Error {\n constructor(\n public readonly signal: DenySignal \| RedirectSignal,\n public readonly layoutComponents: LayoutComponentEntry[],\n public readonly segments: ManifestSegmentNode[]\n ) {\n super(signal.message);\n }\n}\n\n// ─── Module Processing Helpers ─────────────────────────────────────────────\n\n/\n Reject the legacy `generateMetadata` export with a helpful migration message.\n * Throws if the module exports `generateMetadata` instead of `metadata`.\n /\nfunction rejectLegacyGenerateMetadata(mod: Record<string, unknown>, filePath: string): void {\n if ('generateMetadata' in mod) {\n throw new Error(\n `${filePath}: \"generateMetadata\" is not a valid export. ` +\n `Export an async function named \"metadata\" instead.\\n\\n` +\n ` // Before\\n` +\n ` export async function generateMetadata({ params }) { ... }\\n\\n` +\n ` // After\\n` +\n ` export async function metadata() { ... }`\n );\n }\n}\n\n/\n Extract and resolve metadata from a module (layout or page).\n * Handles both static metadata objects and async metadata functions.\n * Returns the resolved Metadata, or null if none exported.\n \n Metadata functions no longer receive { params } — they access params\n * via getSegmentParams() from ALS, same as page/layout components.\n /\nasync function extractMetadata(\n mod: Record<string, unknown>,\n segment: ManifestSegmentNode\n): Promise<Metadata \| null> {\n if (typeof mod.metadata === 'function') {\n type MetadataFn = () => Promise<Metadata>;\n return (\n (await withSpan(\n 'timber.metadata',\n { 'timber.segment': segment.segmentName ?? segment.urlPath },\n () => (mod.metadata as MetadataFn)()\n )) ?? null\n );\n }\n if (mod.metadata) {\n return mod.metadata as Metadata;\n }\n return null;\n}\n\n/\n Extract `deferSuspenseFor` from a module and return the maximum\n * of the current value and the module's value.\n /\nfunction extractDeferSuspenseFor(mod: Record<string, unknown>, current: number): number {\n if (typeof mod.deferSuspenseFor === 'number' && mod.deferSuspenseFor > current) {\n return mod.deferSuspenseFor;\n }\n return current;\n}\n\n// ─── Builder ──────────────────────────────────────────────────────────────\n\n/\n Build a React element tree from a matched route.\n \n Loads modules, runs access checks, resolves metadata, and constructs\n * the element tree. DenySignal and RedirectSignal propagate to the caller\n * for HTTP-level handling.\n \n Does NOT serialize to RSC Flight — the caller decides whether to render\n * to a stream or use the element directly (e.g., for action revalidation).\n \n Access checks are collected but NOT executed here. They run inside\n * AccessPreRunner during renderToReadableStream so that access.ts and\n * render components share the same React.cache scope (TIM-662).\n /\nexport async function buildRouteElement(\n req: Request,\n match: RouteMatch,\n interception?: InterceptionContext,\n clientStateTree?: Set<string> \| null\n): Promise<RouteElementResult> {\n const segments = match.segments as unknown as ManifestSegmentNode[];\n\n // Load all modules along the segment chain\n const metadataEntries: Array<{ metadata: Metadata; isPage: boolean }> = [];\n const layoutComponents: LayoutComponentEntry[] = [];\n let PageComponent: ((...args: unknown[]) => unknown) \| null = null;\n let deferSuspenseFor = 0;\n\n for (let i = 0; i < segments.length; i++) {\n const segment = segments[i];\n const isLeaf = i === segments.length - 1;\n\n // Load layout\n if (segment.layout) {\n const mod = await loadModule(segment.layout);\n if (mod.default) {\n layoutComponents.push({\n component: mod.default as (...args: unknown[]) => unknown,\n segment,\n });\n }\n\n // Param coercion is handled in the pipeline (Stage 2c) before\n // middleware and rendering. See coerceSegmentParams() in pipeline.ts.\n\n rejectLegacyGenerateMetadata(mod, segment.layout.filePath ?? segment.urlPath);\n const layoutMetadata = await extractMetadata(mod, segment);\n if (layoutMetadata) {\n metadataEntries.push({ metadata: layoutMetadata, isPage: false });\n }\n deferSuspenseFor = extractDeferSuspenseFor(mod, deferSuspenseFor);\n }\n\n // Load page (leaf segment only)\n if (isLeaf && segment.page) {\n const mod = await loadModule(segment.page);\n\n // Param coercion is handled in the pipeline (Stage 2c) before\n // middleware and rendering. See coerceSegmentParams() in pipeline.ts.\n\n if (mod.default) {\n PageComponent = mod.default as (...args: unknown[]) => unknown;\n }\n rejectLegacyGenerateMetadata(mod, segment.page.filePath ?? segment.urlPath);\n const pageMetadata = await extractMetadata(mod, segment);\n if (pageMetadata) {\n metadataEntries.push({ metadata: pageMetadata, isPage: true });\n }\n deferSuspenseFor = extractDeferSuspenseFor(mod, deferSuspenseFor);\n }\n }\n\n if (!PageComponent) {\n throw new Error(`No page component found for route: ${new URL(req.url).pathname}`);\n }\n\n // Access checks are NOT run here. AccessGate components in the element\n // tree call accessFn directly during renderToReadableStream, sharing the\n // same React.cache scope as layout/page components. A requireUser() call\n // in access.ts populates React.cache; the same call in a layout is a hit.\n //\n // Previously (before TIM-662), access checks ran eagerly in a pre-render\n // loop OUTSIDE renderToReadableStream, breaking React.cache dedup.\n //\n // See design/04-authorization.md §\"Pre-Render Pass and Verdict Replay\"\n\n // Build deny page fallback chains for each segment position.\n // When AccessGate or PageDenyBoundary catches a DenySignal, they render\n // the matching deny page in-tree instead of throwing into React Flight.\n // The chain walks from the current segment outward to root, collecting\n // status-code files (403.tsx → 4xx.tsx → error.tsx) in fallback order.\n // See TIM-666.\n const denyPageChains = new Map<number, DenyPageEntry[]>();\n for (let i = 0; i < segments.length; i++) {\n const chain = await buildDenyPageChain(segments, i);\n if (chain.length > 0) {\n denyPageChains.set(i, chain);\n }\n }\n\n // Resolve metadata\n const resolvedMetadata = resolveMetadata(metadataEntries);\n const headElements = renderMetadataToElements(resolvedMetadata);\n\n // Auto-link metadata route files (icon, apple-icon, manifest) from segments.\n // See design/16-metadata.md §\"Auto-Linking\"\n for (const segment of segments) {\n if (!segment.metadataRoutes) continue;\n for (const baseName of Object.keys(segment.metadataRoutes)) {\n const convention = METADATA_ROUTE_CONVENTIONS[baseName];\n if (!convention) continue;\n // Non-nestable routes only auto-link from root\n if (!convention.nestable && segment.urlPath !== '/') continue;\n // Build the href: segment urlPath + serve path\n const prefix = segment.urlPath === '/' ? '' : segment.urlPath;\n const href = `${prefix}/${convention.servePath}`;\n const autoLink = getMetadataRouteAutoLink(convention.type, href);\n if (autoLink) {\n const attrs: Record<string, string> = { rel: autoLink.rel, href: autoLink.href };\n if (autoLink.type) attrs.type = autoLink.type;\n headElements.push({ tag: 'link', attrs } as MetadataHeadElement);\n }\n }\n }\n\n // Build element tree: page wrapped in layouts (innermost to outermost)\n const h = createElement as (...args: unknown[]) => React.ReactElement;\n\n // Build the page element.\n // Client references ('use client' pages) must NOT be called as functions —\n // they are proxy objects that throw when invoked. They must go through\n // createElement only, which serializes them as client references in the\n // RSC Flight stream. OTEL tracing is skipped for client components.\n // See TIM-627 for the original bug.\n // Build the page element.\n // Server component pages are wrapped in PageDenyBoundary which calls\n // them as async functions and catches DenySignal — rendering the deny\n // page in-tree instead of throwing into React Flight. This eliminates\n // the second render pass for deny pages. See TIM-666.\n //\n // Client reference pages ('use client') can't call deny() (server-only),\n // so they go through createElement normally — no wrapper needed.\n const leafIndex = segments.length - 1;\n const leafDenyPages = denyPageChains.get(leafIndex);\n let element: React.ReactElement;\n if (isClientReference(PageComponent)) {\n element = h(PageComponent, {});\n } else if (leafDenyPages && leafDenyPages.length > 0) {\n // Server component page WITH deny page chain — wrap in PageDenyBoundary\n element = h(PageDenyBoundary, {\n Page: PageComponent,\n route: match.segments[leafIndex]?.urlPath ?? '/',\n denyPages: leafDenyPages,\n });\n } else {\n // Server component page WITHOUT deny page chain — trace only\n const TracedPage = async (props: Record<string, unknown>) => {\n return withSpan(\n 'timber.page',\n { 'timber.route': match.segments[leafIndex]?.urlPath ?? '/' },\n () => (PageComponent as (props: Record<string, unknown>) => unknown)(props)\n );\n };\n element = h(TracedPage, {});\n }\n\n // Build a lookup of layout components by segment for O(1) access.\n const layoutBySegment = new Map(\n layoutComponents.map(({ component, segment }) => [segment, component])\n );\n\n // Track which segments were skipped for the X-Timber-Skipped-Segments header.\n // The client uses this to merge the partial payload with its cached segments.\n const skippedSegments: string[] = [];\n\n // Wrap from innermost (leaf) to outermost (root), processing every\n // segment in the chain. Each segment may contribute:\n // 1. Error boundaries (status files + error.tsx)\n // 2. Layout component — wraps children + parallel slots\n // 3. SegmentProvider — records position for useSelectedLayoutSegment\n //\n // When clientStateTree is provided (from X-Timber-State-Tree header on\n // client navigation), sync layouts the client already has are skipped.\n // Access.ts already ran for ALL segments in the pre-render loop above.\n // See design/19-client-navigation.md §\"X-Timber-State-Tree Header\"\n //\n // hasRenderedLayoutBelow tracks whether a non-skipped layout has been\n // seen below the current segment. A segment can ONLY be skipped if\n // there is a rendered layout below it — the client merger can only\n // replace inner SegmentProviders (client component boundaries), not\n // page content embedded in a layout's server-rendered output.\n // Without this guard, skipping the innermost layout causes the merger\n // to drop the layout entirely and replace it with just the page.\n let hasRenderedLayoutBelow = false;\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n const isLeaf = i === segments.length - 1;\n const layoutComponent = layoutBySegment.get(segment);\n\n // Check if this segment's layout can be skipped for partial rendering.\n // Skipped segments: no layout wrapping, no error boundaries, no slots,\n // no AccessGate in element tree (access already ran pre-render).\n //\n // Additional constraints beyond shouldSkipSegment:\n // - Must have a rendered layout below (so the merger can find an\n // inner SegmentProvider to splice the new content into)\n // - Route groups are never skipped because sibling groups share the\n // same urlPath (e.g., /(marketing) and /(app) both have \"/\"),\n // which would cause the wrong cached layout to be reused\n const skip =\n shouldSkipSegment(segment.urlPath, layoutComponent, isLeaf, clientStateTree ?? null) &&\n hasRenderedLayoutBelow &&\n segment.segmentType !== 'group';\n\n if (skip) {\n // Skip this segment's layout/error boundaries — the client uses its cached version.\n // Metadata was already resolved above (head elements are correct).\n // Record for X-Timber-Skipped-Segments header (outermost first, so prepend).\n skippedSegments.unshift(segment.urlPath);\n\n // SECURITY: Even though the layout is skipped, AccessGate MUST still\n // wrap the element tree. access.ts runs on every navigation regardless\n // of cached layouts or state tree content.\n // See design/13-security.md §\"Auth always runs\" (test #11).\n if (segment.access) {\n const accessMod = await loadModule(segment.access);\n const accessFn = accessMod.default as (() => unknown) \| undefined;\n if (accessFn) {\n element = h(AccessGate, {\n accessFn,\n segmentName: segment.segmentName,\n denyPages: denyPageChains.get(i),\n children: element,\n });\n }\n }\n\n continue;\n }\n\n // This segment is rendered — mark that future (outer) segments have\n // a rendered layout below them and can safely be skipped.\n if (layoutComponent) {\n hasRenderedLayoutBelow = true;\n }\n\n // Wrap with error boundaries from this segment (inside layout).\n // Keep ALL error boundaries (including 4xx) — they're the safety net for\n // DenySignal from nested server components that escape AccessGate/PageDenyBoundary\n // try/catch. Status-code files must be 'use client' TSX or MDX to serialize\n // as error boundary fallbacks. See TIM-666.\n element = await wrapSegmentWithErrorBoundaries(segment, element, h);\n\n // Wrap with layout BEFORE AccessGate — AccessGate is OUTSIDE the layout.\n // When AccessGate denies, the layout never renders. The deny page appears\n // at the AccessGate level, wrapped by PARENT layouts only.\n // This prevents leaking layout UI (sidebars, nav) on denied pages.\n // See design/04-authorization.md §\"Access Failure\".\n if (layoutComponent) {\n // Resolve parallel slots for this layout\n const slotProps: Record<string, unknown> = {};\n const slotEntries = Object.entries(segment.slots ?? {});\n for (const [slotName, slotNode] of slotEntries) {\n slotProps[slotName] = await resolveSlotElement(\n slotNode as ManifestSegmentNode,\n match,\n h,\n interception\n );\n }\n\n const segmentPath = segment.urlPath.split('/');\n const parallelRouteKeys = Object.keys(segment.slots ?? {});\n\n // For route groups, urlPath is shared with the parent (both \"/\"),\n // so include the group name to distinguish them. Used for both OTEL\n // span labels and client-side element caching (segmentId).\n const segmentId =\n segment.segmentType === 'group'\n ? `${segment.urlPath === '/' ? '' : segment.urlPath}/${segment.segmentName}`\n : segment.urlPath;\n\n // Build the layout element.\n // Same client reference guard as pages — client layouts must not be\n // called as functions. OTEL tracing is skipped for client components.\n let layoutElement: React.ReactElement;\n if (isClientReference(layoutComponent)) {\n layoutElement = h(layoutComponent, {\n ...slotProps,\n children: element,\n });\n } else {\n // Server component layout — wrap with OTEL tracing AND DenySignal\n // catching. If the layout calls deny(), the signal is caught here\n // and the matching deny page renders in-tree (same pattern as\n // AccessGate and PageDenyBoundary). Without this, DenySignal\n // escapes to React Flight onError and triggers the re-render\n // fallback path. See TIM-668, design/04-authorization.md.\n const layoutComponentRef = layoutComponent;\n const layoutDenyPages = denyPageChains.get(i);\n const TracedLayout = async (props: Record<string, unknown>) => {\n try {\n return await withSpan('timber.layout', { 'timber.segment': segmentId }, () =>\n (layoutComponentRef as (props: Record<string, unknown>) => unknown)(props)\n );\n } catch (error: unknown) {\n if (error instanceof DenySignal && layoutDenyPages) {\n const denyElement = renderMatchingDenyPage(layoutDenyPages, error.status, error.data);\n if (denyElement) {\n setDenyStatus(error.status);\n return denyElement;\n }\n }\n // Non-deny errors (RedirectSignal, runtime errors) propagate normally.\n throw error;\n }\n };\n layoutElement = h(TracedLayout, {\n ...slotProps,\n children: element,\n });\n }\n\n element = h(SegmentProvider, {\n segments: segmentPath,\n segmentId,\n parallelRouteKeys,\n children: layoutElement,\n });\n }\n\n // Wrap in AccessGate OUTSIDE the layout.\n // If access denies, the deny page renders here — the layout above\n // never executes. Parent layouts (from outer iterations) form the shell.\n // See TIM-662, TIM-666, design/04-authorization.md §\"Access Failure\".\n if (segment.access) {\n const accessMod = await loadModule(segment.access);\n const accessFn = accessMod.default as (() => unknown) \| undefined;\n if (accessFn) {\n element = h(AccessGate, {\n accessFn,\n segmentName: segment.segmentName,\n denyPages: denyPageChains.get(i),\n children: element,\n });\n }\n }\n }\n\n return {\n element,\n headElements: headElements as HeadElement[],\n layoutComponents,\n segments,\n deferSuspenseFor,\n skippedSegments,\n };\n}\n","/\n Version Skew Detection — graceful recovery when stale clients hit new deployments.\n \n When a new version of the app is deployed, clients with open tabs still have\n * the old JavaScript bundle. Without version skew handling, these stale clients\n * will experience:\n \n 1. Server action calls that crash (action IDs are content-hashed)\n * 2. Chunk load failures (old filenames gone from CDN)\n * 3. RSC payload mismatches (component references differ between builds)\n \n This module implements deployment ID comparison:\n * - A per-build deployment ID is generated at build time (see build-manifest.ts)\n * - The client sends it via `X-Timber-Deployment-Id` header on every RSC/action request\n * - The server compares it against the current build's ID\n * - On mismatch: signal the client to reload (not crash)\n \n The deployment ID is always-on in production. Dev mode skips the check\n * (HMR handles code updates without full reloads).\n \n See design/25-production-deployments.md, TIM-446\n /\n\n// ─── Constants ───────────────────────────────────────────────────\n\n/* Header sent by the client with every RSC/action request. /\nexport const DEPLOYMENT_ID_HEADER = 'X-Timber-Deployment-Id';\n\n/* Response header that signals the client to do a full page reload. /\nexport const RELOAD_HEADER = 'X-Timber-Reload';\n\n// ─── Deployment ID ───────────────────────────────────────────────\n\n/\n The current build's deployment ID. Set at startup from the manifest init\n * module (globalThis.__TIMBER_DEPLOYMENT_ID__). Null in dev mode.\n /\nlet currentDeploymentId: string \| null = null;\n\n/\n Set the current deployment ID. Called once at server startup from the\n * manifest init module. In dev mode this is never called (deployment ID\n * checks are skipped).\n /\nexport function setDeploymentId(id: string): void {\n currentDeploymentId = id;\n}\n\n/\n Get the current deployment ID. Returns null in dev mode.\n /\nexport function getDeploymentId(): string \| null {\n return currentDeploymentId;\n}\n\n// ─── Skew Detection ──────────────────────────────────────────────\n\n/* Result of a version skew check. /\nexport interface SkewCheckResult {\n /* Whether the client's deployment ID matches the server's. /\n ok: boolean;\n /* The client's deployment ID (null if header not sent — e.g., initial page load). /\n clientId: string \| null;\n}\n\n/\n Check if a request's deployment ID matches the current build.\n \n Returns `{ ok: true }` when:\n * - Dev mode (no deployment ID set — HMR handles updates)\n * - No deployment ID header (initial page load, non-RSC request)\n * - Deployment IDs match\n \n Returns `{ ok: false }` when:\n * - Client sends a deployment ID that differs from the current build\n /\nexport function checkVersionSkew(req: Request): SkewCheckResult {\n // Dev mode — no deployment ID checks (HMR handles updates)\n if (!currentDeploymentId) {\n return { ok: true, clientId: null };\n }\n\n const clientId = req.headers.get(DEPLOYMENT_ID_HEADER);\n\n // No header — initial page load or non-RSC request. Always OK.\n if (!clientId) {\n return { ok: true, clientId: null };\n }\n\n // Compare deployment IDs\n if (clientId === currentDeploymentId) {\n return { ok: true, clientId };\n }\n\n return { ok: false, clientId };\n}\n\n/\n Apply version skew reload headers to a response.\n * Sets X-Timber-Reload: 1 to signal the client to do a full page reload.\n /\nexport function applyReloadHeaders(headers: Headers): void {\n headers.set(RELOAD_HEADER, '1');\n}\n","/\n Metadata route helpers for the request pipeline.\n \n Handles serving static metadata files and serializing sitemap responses.\n * Extracted from pipeline.ts to keep files under 500 lines.\n \n See design/16-metadata.md §\"Metadata Routes\"\n /\n\nimport { readFile } from 'node:fs/promises';\n\n/\n Content types that are text-based and should include charset=utf-8.\n * Binary formats (images) should not include charset.\n /\nconst TEXT_CONTENT_TYPES = new Set([\n 'application/xml',\n 'text/plain',\n 'application/json',\n 'application/manifest+json',\n 'image/svg+xml',\n]);\n\n/\n Serve a static metadata file by reading it from disk.\n \n Static metadata route files (.xml, .txt, .json, .png, .ico, .svg, etc.)\n * are served as-is with the appropriate Content-Type header.\n * Text files include charset=utf-8; binary files do not.\n \n See design/16-metadata.md §\"Metadata Routes\"\n /\nexport async function serveStaticMetadataFile(\n metaMatch: import('./route-matcher.js').MetadataRouteMatch\n): Promise<Response> {\n const { contentType, file } = metaMatch;\n const isText = TEXT_CONTENT_TYPES.has(contentType);\n\n const body = await readFile(file.filePath);\n\n const headers: Record<string, string> = {\n 'Content-Type': isText ? `${contentType}; charset=utf-8` : contentType,\n 'Content-Length': String(body.byteLength),\n };\n\n return new Response(body, { status: 200, headers });\n}\n\n/\n Serialize a sitemap array to XML.\n * Follows the sitemap.org protocol: https://www.sitemaps.org/protocol.html\n /\nexport function serializeSitemap(\n entries: Array<{\n url: string;\n lastModified?: string \| Date;\n changeFrequency?: string;\n priority?: number;\n }>\n): string {\n const urls = entries\n .map((e) => {\n let xml = ` <url>\\n <loc>${escapeXml(e.url)}</loc>`;\n if (e.lastModified) {\n const date = e.lastModified instanceof Date ? e.lastModified.toISOString() : e.lastModified;\n xml += `\\n <lastmod>${escapeXml(date)}</lastmod>`;\n }\n if (e.changeFrequency) {\n xml += `\\n <changefreq>${escapeXml(e.changeFrequency)}</changefreq>`;\n }\n if (e.priority !== undefined) {\n xml += `\\n <priority>${e.priority}</priority>`;\n }\n xml += '\\n </url>';\n return xml;\n })\n .join('\\n');\n\n return `<?xml version=\"1.0\" encoding=\"UTF-8\"?>\\n<urlset xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\">\\n${urls}\\n</urlset>`;\n}\n\n/\n Serialize a sitemap index (list of sub-sitemap URLs) to XML.\n * Used for pagination when the total URL count exceeds 50,000.\n * Follows the sitemap.org protocol: https://www.sitemaps.org/protocol.html\n /\nexport function serializeSitemapIndex(sitemapUrls: string[]): string {\n const sitemaps = sitemapUrls\n .map((url) => ` <sitemap>\\n <loc>${escapeXml(url)}</loc>\\n </sitemap>`)\n .join('\\n');\n\n return `<?xml version=\"1.0\" encoding=\"UTF-8\"?>\\n<sitemapindex xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\">\\n${sitemaps}\\n</sitemapindex>`;\n}\n\n/* Escape special XML characters. /\nexport function escapeXml(str: string): string {\n return str\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>')\n .replace(/\"/g, '"')\n .replace(/'/g, ''');\n}\n","/\n Interception route matching for the request pipeline.\n \n Matches target URLs against interception rewrites to support the\n * modal route pattern (soft navigation intercepts).\n \n Extracted from pipeline.ts to keep files under 500 lines.\n \n See design/07-routing.md §\"Intercepting Routes\"\n /\n\nimport { classifyUrlSegment } from '../routing/segment-classify.js';\n\n/* Result of a successful interception match. /\nexport interface InterceptionMatchResult {\n /* The pathname to re-match (the source/intercepting route's parent). /\n sourcePathname: string;\n}\n\n/\n Check if an intercepting route applies for this soft navigation.\n \n Matches the target pathname against interception rewrites, constrained\n * by the source URL (X-Timber-URL header — where the user navigates FROM).\n \n Returns the source pathname to re-match if interception applies, or null.\n /\nexport function findInterceptionMatch(\n targetPathname: string,\n sourceUrl: string,\n rewrites: import('../routing/interception.js').InterceptionRewrite[]\n): InterceptionMatchResult \| null {\n for (const rewrite of rewrites) {\n // Check if the source URL starts with the intercepting prefix\n if (!sourceUrl.startsWith(rewrite.interceptingPrefix)) continue;\n\n // Check if the target URL matches the intercepted pattern.\n // Dynamic segments in the pattern match any single URL segment.\n if (pathnameMatchesPattern(targetPathname, rewrite.interceptedPattern)) {\n return { sourcePathname: rewrite.interceptingPrefix };\n }\n }\n return null;\n}\n\n/\n Check if a pathname matches a URL pattern with dynamic segments.\n \n Supports [param] (single segment) and [...param] (one or more segments).\n * Static segments must match exactly.\n /\nexport function pathnameMatchesPattern(pathname: string, pattern: string): boolean {\n const pathParts = pathname === '/' ? [] : pathname.slice(1).split('/');\n const patternParts = pattern === '/' ? [] : pattern.slice(1).split('/');\n\n let pi = 0;\n for (let i = 0; i < patternParts.length; i++) {\n const seg = classifyUrlSegment(patternParts[i]);\n\n switch (seg.kind) {\n case 'catch-all':\n return pi < pathParts.length;\n case 'optional-catch-all':\n return true;\n case 'dynamic':\n if (pi >= pathParts.length) return false;\n pi++;\n continue;\n case 'static':\n if (pi >= pathParts.length \|\| pathParts[pi] !== seg.value) return false;\n pi++;\n continue;\n }\n }\n\n return pi === pathParts.length;\n}\n","/\n Request pipeline — the central dispatch for all timber.js requests.\n \n Pipeline stages (in order):\n * proxy.ts → canonicalize → route match → 103 Early Hints → middleware.ts → render\n \n Each stage is a pure function or returns a Response to short-circuit.\n * Each request gets a trace ID, structured logging, and OTEL spans.\n \n See design/07-routing.md §\"Request Lifecycle\", design/02-rendering-pipeline.md §\"Request Flow\",\n * and design/17-logging.md §\"Production Logging\"\n /\n\nimport { canonicalize } from './canonicalize.js';\nimport { runProxy, type ProxyExport } from './proxy.js';\nimport { runMiddlewareChain, type MiddlewareFn } from './middleware-runner.js';\nimport { runWithTimingCollector, withTiming, getServerTimingHeader } from './server-timing.js';\nimport {\n runWithRequestContext,\n applyRequestHeaderOverlay,\n setMutableCookieContext,\n getSetCookieHeaders,\n markResponseFlushed,\n setSegmentParams,\n} from './request-context.js';\nimport {\n generateTraceId,\n runWithTraceId,\n getOtelTraceId,\n replaceTraceId,\n withSpan,\n setSpanAttribute,\n getTraceId,\n} from './tracing.js';\nimport {\n logRequestReceived,\n logRequestCompleted,\n logSlowRequest,\n logProxyError,\n logMiddlewareError,\n logMiddlewareShortCircuit,\n logRenderError,\n} from './logger.js';\nimport { callOnRequestError } from './instrumentation.js';\nimport { RedirectSignal, DenySignal } from './primitives.js';\nimport { ParamCoercionError } from './route-element-builder.js';\nimport { checkVersionSkew, applyReloadHeaders } from './version-skew.js';\nimport { serveStaticMetadataFile, serializeSitemap } from './pipeline-metadata.js';\nimport { loadModule } from './safe-load.js';\nimport { findInterceptionMatch } from './pipeline-interception.js';\nimport type { MiddlewareContext } from './types.js';\nimport type { SegmentNode } from '../routing/types.js';\n\n// ─── Prototype-Pollution-Safe Merge ────────────────────────────────────────\n\n/* Keys that must never be merged via Object.assign — they pollute Object.prototype. /\nconst DANGEROUS_KEYS = new Set(['__proto__', 'constructor', 'prototype']);\n\n/\n Shallow merge that skips prototype-polluting keys.\n \n Used instead of Object.assign when the source object comes from\n * user-authored codec output (segmentParams.parse), which could\n * contain __proto__, constructor, or prototype keys.\n \n See TIM-655, design/13-security.md\n /\nexport function safeMerge(target: Record<string, unknown>, source: Record<string, unknown>): void {\n for (const key of Object.keys(source)) {\n if (!DANGEROUS_KEYS.has(key)) {\n target[key] = source[key];\n }\n }\n}\n\n// ─── Route Match Result ────────────────────────────────────────────────────\n\n/* Result of matching a canonical pathname against the route tree. /\nexport interface RouteMatch {\n /* The matched segment chain from root to leaf. /\n segments: SegmentNode[];\n /* Extracted segment params (catch-all segments produce string[]). /\n segmentParams: Record<string, string \| string[]>;\n /* Middleware chain from the segment tree, ordered root-to-leaf. /\n middlewareChain: MiddlewareFn[];\n}\n\n/* Function that matches a canonical pathname to a route. /\nexport type RouteMatcher = (pathname: string) => RouteMatch \| null;\n\n/* Function that matches a canonical pathname to a metadata route. /\nexport type MetadataRouteMatcher = (\n pathname: string\n) => import('./route-matcher.js').MetadataRouteMatch \| null;\n\n/* Context for intercepting route resolution (modal pattern). /\nexport interface InterceptionContext {\n /* The URL the user is navigating TO (the intercepted route). /\n targetPathname: string;\n}\n\n/* Function that renders a matched route into a Response. /\nexport type RouteRenderer = (\n req: Request,\n match: RouteMatch,\n responseHeaders: Headers,\n requestHeaderOverlay: Headers,\n interception?: InterceptionContext\n) => Response \| Promise<Response>;\n\n/* Function that sends 103 Early Hints for a matched route. /\nexport type EarlyHintsEmitter = (\n match: RouteMatch,\n req: Request,\n responseHeaders: Headers\n) => void \| Promise<void>;\n\n// ─── Pipeline Configuration ────────────────────────────────────────────────\n\nexport interface PipelineConfig {\n /* The proxy.ts default export (function or array). Undefined if no proxy.ts. /\n proxy?: ProxyExport;\n /* Lazy loader for proxy.ts — called per-request so HMR updates take effect. /\n proxyLoader?: () => Promise<{ default: ProxyExport }>;\n /* Route matcher — resolves a canonical pathname to a RouteMatch. /\n matchRoute: RouteMatcher;\n /* Metadata route matcher — resolves metadata route pathnames (sitemap.xml, robots.txt, etc.) /\n matchMetadataRoute?: MetadataRouteMatcher;\n /* Renderer — produces the final Response for a matched route. /\n render: RouteRenderer;\n /* Renderer for no-match 404 — renders 404.tsx in root layout. /\n renderNoMatch?: (req: Request, responseHeaders: Headers) => Response \| Promise<Response>;\n /* Early hints emitter — fires 103 hints after route match, before middleware. /\n earlyHints?: EarlyHintsEmitter;\n /* Whether to strip trailing slashes during canonicalization. Default: true. /\n stripTrailingSlash?: boolean;\n /* Slow request threshold in ms. Requests exceeding this emit a warning. 0 to disable. Default: 3000. /\n slowRequestMs?: number;\n /\n Interception rewrites — conditional routes for the modal pattern.\n * Generated at build time from intercepting route directories.\n * See design/07-routing.md §\"Intercepting Routes\"\n /\n interceptionRewrites?: import('../routing/interception.js').InterceptionRewrite[];\n /\n Control Server-Timing header output.\n \n - `'detailed'` — per-phase breakdown (proxy, middleware, render).\n * - `'total'` — single `total;dur=N` entry (production-safe).\n * - `false` — no Server-Timing header at all.\n \n Default: `'total'`.\n /\n serverTiming?: 'detailed' \| 'total' \| false;\n /\n Auto-generated sitemap handler. When provided, the pipeline intercepts\n * `/sitemap.xml` and `/sitemap/N.xml` requests and delegates to this\n * function. Returns a Response or null (pass-through to regular routing).\n \n See design/16-metadata.md §\"Auto-generated Sitemap\"\n /\n autoSitemapHandler?: (pathname: string) => Promise<Response \| null>;\n /\n Dev pipeline error callback — called when a pipeline phase (proxy,\n * middleware, render) catches an unhandled error. Used to wire the error\n * into the Vite browser error overlay in dev mode.\n \n Undefined in production — zero overhead.\n /\n onPipelineError?: (error: Error, phase: string) => void;\n\n /\n Fallback error renderer — called when a catastrophic error escapes the\n * render phase. Produces an HTML Response instead of a bare empty 500.\n \n In dev mode, this renders a styled error page with the error message\n * and stack trace. In production, this attempts to render the app's\n * error.tsx / 5xx.tsx / 500.tsx from the root segment.\n \n If this function throws, the pipeline falls back to a bare\n * `new Response(null, { status: 500 })`.\n /\n renderFallbackError?: (\n error: unknown,\n req: Request,\n responseHeaders: Headers\n ) => Response \| Promise<Response>;\n /\n Fallback deny page renderer — called when a DenySignal escapes from\n * middleware or the render phase. Renders the appropriate status-code\n * page (403.tsx, 404.tsx, etc.) instead of returning a bare empty response.\n \n If this function throws, the pipeline falls back to a bare\n * `new Response(null, { status: denyStatus })`.\n /\n renderDenyFallback?: (\n deny: DenySignal,\n req: Request,\n responseHeaders: Headers,\n /\n The matched route, if available. Provided by both the middleware-stage\n * and render-stage catch blocks (matching runs before middleware). When\n * present, the renderer should resolve the deny status file against the\n * matched chain so colocated `403.tsx`/`4xx.tsx`/`401.json` files are\n * picked up. Falls back to the root-only chain when omitted (e.g. for\n * deny()s thrown before route matching could complete). See TIM-822.\n /\n match?: RouteMatch\n ) => Response \| Promise<Response>;\n}\n\n// ─── Param Coercion ────────────────────────────────────────────────────────\n\n/\n Run segment param coercion on the matched route's segments.\n \n Loads params.ts modules from segments that have them, extracts the\n * segmentParams definition, and coerces raw string params through codecs.\n * Throws ParamCoercionError if any codec fails (→ 404).\n \n This runs BEFORE middleware, so ctx.segmentParams is already typed.\n * See design/07-routing.md §\"Where Coercion Runs\"\n /\nexport async function coerceSegmentParams(match: RouteMatch): Promise<void> {\n const segments = match.segments as unknown as import('./route-matcher.js').ManifestSegmentNode[];\n\n for (const segment of segments) {\n // Only process segments that have a params.ts convention file\n if (!segment.params) continue;\n\n let mod: Record<string, unknown>;\n try {\n mod = await loadModule(segment.params);\n } catch (err) {\n throw new ParamCoercionError(\n `Failed to load params module for segment \"${segment.segmentName}\": ${err instanceof Error ? err.message : String(err)}`\n );\n }\n\n const segmentParamsDef = mod.segmentParams as\n \| { parse(raw: Record<string, string \| string[]>): Record<string, unknown> }\n \| undefined;\n\n if (!segmentParamsDef \|\| typeof segmentParamsDef.parse !== 'function') continue;\n\n try {\n const coerced = segmentParamsDef.parse(match.segmentParams);\n // Merge coerced values back — use safeMerge to prevent prototype pollution\n // from malicious/buggy codec output. See TIM-655.\n safeMerge(match.segmentParams, coerced as Record<string, unknown>);\n } catch (err) {\n throw new ParamCoercionError(err instanceof Error ? err.message : String(err));\n }\n }\n}\n\n// ─── Pipeline ──────────────────────────────────────────────────────────────\n\n/\n Create the request handler from a pipeline configuration.\n \n Returns a function that processes an incoming Request through all pipeline stages\n * and produces a Response. This is the top-level entry point for the server.\n /\nexport function createPipeline(config: PipelineConfig): (req: Request) => Promise<Response> {\n const {\n proxy,\n matchRoute,\n render,\n earlyHints,\n stripTrailingSlash = true,\n slowRequestMs = 3000,\n serverTiming = 'total',\n onPipelineError,\n } = config;\n\n // Concurrent request counter — tracks how many requests are in-flight.\n // Logged with each request for diagnosing resource contention.\n let activeRequests = 0;\n\n return async (req: Request): Promise<Response> => {\n const url = new URL(req.url);\n const method = req.method;\n const path = url.pathname;\n const startTime = performance.now();\n activeRequests++;\n\n // Establish per-request trace ID scope (design/17-logging.md §\"trace_id is Always Set\").\n // This runs before runWithRequestContext so traceId() is available from the\n // very first line of proxy.ts, middleware.ts, and all server code.\n const traceIdValue = generateTraceId();\n\n return runWithTraceId(traceIdValue, async () => {\n // Establish request context ALS scope so getHeaders() and getCookies() work\n // throughout the entire request lifecycle (proxy, middleware, render).\n return runWithRequestContext(req, async () => {\n // In dev mode, wrap with timing collector for Server-Timing header.\n // The collector uses ALS so timing entries are per-request.\n const runRequest = async () => {\n logRequestReceived({ method, path });\n\n const response = await withSpan(\n 'http.server.request',\n { 'http.request.method': method, 'url.path': path },\n async () => {\n // If OTEL is active, the root span now exists — replace the UUID\n // fallback with the real OTEL trace ID for log–trace correlation.\n const otelIds = await getOtelTraceId();\n if (otelIds) {\n replaceTraceId(otelIds.traceId, otelIds.spanId);\n }\n\n let result: Response;\n if (proxy \|\| config.proxyLoader) {\n result = await runProxyPhase(req, method, path);\n } else {\n result = await handleRequest(req, method, path);\n }\n\n // Set response status on the root span before it ends —\n // DevSpanProcessor reads this for tree/summary output.\n await setSpanAttribute('http.response.status_code', result.status);\n\n // Append Server-Timing header based on configured mode.\n // Response.redirect() creates immutable headers, so we must\n // ensure mutability before writing Server-Timing.\n if (serverTiming === 'detailed') {\n // Detailed: per-phase breakdown (proxy, middleware, render).\n const timingHeader = getServerTimingHeader();\n if (timingHeader) {\n result = ensureMutableResponse(result);\n result.headers.set('Server-Timing', timingHeader);\n }\n } else if (serverTiming === 'total') {\n // Total only: single `total;dur=N` — no phase names.\n // Prevents information disclosure while giving browser\n // DevTools useful timing data.\n const totalMs = Math.round(performance.now() - startTime);\n result = ensureMutableResponse(result);\n result.headers.set('Server-Timing', `total;dur=${totalMs}`);\n }\n // serverTiming === false: no header at all\n\n return result;\n }\n );\n\n // Post-span: structured production logging\n const durationMs = Math.round(performance.now() - startTime);\n const status = response.status;\n const concurrency = activeRequests;\n activeRequests--;\n logRequestCompleted({ method, path, status, durationMs, concurrency });\n\n if (slowRequestMs > 0 && durationMs > slowRequestMs) {\n logSlowRequest({ method, path, durationMs, threshold: slowRequestMs, concurrency });\n }\n\n return response;\n };\n\n return serverTiming === 'detailed' ? runWithTimingCollector(runRequest) : runRequest();\n });\n });\n };\n\n async function runProxyPhase(req: Request, method: string, path: string): Promise<Response> {\n try {\n // Resolve the proxy export. When a proxyLoader is provided (lazy import),\n // it is called per-request so HMR updates in dev take effect immediately.\n let proxyExport: ProxyExport;\n if (config.proxyLoader) {\n const mod = await config.proxyLoader();\n proxyExport = mod.default;\n } else {\n proxyExport = config.proxy!;\n }\n const proxyFn = () => runProxy(proxyExport, req, () => handleRequest(req, method, path));\n return await withSpan('timber.proxy', {}, () =>\n serverTiming === 'detailed' ? withTiming('proxy', 'proxy.ts', proxyFn) : proxyFn()\n );\n } catch (error) {\n // Uncaught proxy.ts error → bare HTTP 500\n logProxyError({ error });\n await fireOnRequestError(error, req, 'proxy');\n if (onPipelineError && error instanceof Error) onPipelineError(error, 'proxy');\n return new Response(null, { status: 500 });\n }\n }\n\n /\n Build a redirect Response from a RedirectSignal.\n \n For RSC payload requests (client navigation), returns 204 + X-Timber-Redirect\n * so the client router can perform a soft SPA redirect. A raw 302 would be\n * turned into an opaque redirect by fetch({redirect:'manual'}), crashing\n * createFromFetch. See design/19-client-navigation.md.\n /\n function buildRedirectResponse(signal: RedirectSignal, req: Request, headers: Headers): Response {\n const isRsc = (req.headers.get('Accept') ?? '').includes('text/x-component');\n if (isRsc) {\n headers.set('X-Timber-Redirect', signal.location);\n return new Response(null, { status: 204, headers });\n }\n headers.set('Location', signal.location);\n return new Response(null, { status: signal.status, headers });\n }\n\n async function handleRequest(req: Request, method: string, path: string): Promise<Response> {\n // Stage 1: URL canonicalization\n const url = new URL(req.url);\n const result = canonicalize(url.pathname, stripTrailingSlash);\n if (!result.ok) {\n return new Response(null, { status: result.status });\n }\n const canonicalPathname = result.pathname;\n\n // Stage 1b: Metadata route matching — runs before regular route matching.\n // Metadata routes skip middleware.ts and access.ts (public endpoints for crawlers).\n // See design/16-metadata.md §\"Pipeline Integration\"\n if (config.matchMetadataRoute) {\n const metaMatch = config.matchMetadataRoute(canonicalPathname);\n if (metaMatch) {\n try {\n // Static metadata files (.xml, .txt, .png, .ico, etc.) are served\n // directly from disk. Dynamic metadata routes (.ts, .tsx) export a\n // handler function that generates the response.\n if (metaMatch.isStatic) {\n return await serveStaticMetadataFile(metaMatch);\n }\n\n const mod = await loadModule<{ default?: Function }>(metaMatch.file);\n if (typeof mod.default !== 'function') {\n return new Response('Metadata route must export a default function', { status: 500 });\n }\n const handlerResult = await mod.default();\n // If the handler returns a Response, use it directly\n if (handlerResult instanceof Response) {\n return handlerResult;\n }\n // Otherwise, serialize based on content type\n const contentType = metaMatch.contentType;\n let body: string;\n if (typeof handlerResult === 'string') {\n body = handlerResult;\n } else if (contentType === 'application/xml') {\n body = serializeSitemap(handlerResult);\n } else if (contentType === 'application/manifest+json') {\n body = JSON.stringify(handlerResult, null, 2);\n } else {\n body = typeof handlerResult === 'string' ? handlerResult : String(handlerResult);\n }\n return new Response(body, {\n status: 200,\n headers: { 'Content-Type': `${contentType}; charset=utf-8` },\n });\n } catch (error) {\n logRenderError({ method, path, error });\n if (onPipelineError && error instanceof Error) onPipelineError(error, 'metadata-route');\n return new Response(null, { status: 500 });\n }\n }\n }\n\n // Stage 1b.2: Auto-generated sitemap — serves /sitemap.xml and /sitemap/N.xml\n // when sitemap generation is enabled and no user-authored sitemap exists.\n // Runs after metadata route matching so user sitemaps always take precedence.\n // See design/16-metadata.md §\"Auto-generated Sitemap\"\n if (config.autoSitemapHandler) {\n try {\n const sitemapResponse = await config.autoSitemapHandler(canonicalPathname);\n if (sitemapResponse) return sitemapResponse;\n } catch (error) {\n logRenderError({ method, path, error });\n if (onPipelineError && error instanceof Error) onPipelineError(error, 'auto-sitemap');\n return new Response(null, { status: 500 });\n }\n }\n\n // Stage 1c: Version skew detection (TIM-446).\n // For RSC payload requests (client navigation), check if the client's\n // deployment ID matches the current build. On mismatch, signal the\n // client to do a full page reload instead of returning an RSC payload\n // that references mismatched module IDs.\n const isRscRequest = (req.headers.get('Accept') ?? '').includes('text/x-component');\n if (isRscRequest) {\n const skewCheck = checkVersionSkew(req);\n if (!skewCheck.ok) {\n const reloadHeaders = new Headers();\n applyReloadHeaders(reloadHeaders);\n return new Response(null, { status: 204, headers: reloadHeaders });\n }\n }\n\n // Stage 2: Route matching\n let match = matchRoute(canonicalPathname);\n let interception: InterceptionContext \| undefined;\n\n // Stage 2a: Intercepting route resolution (modal pattern).\n // On soft navigation, check if an intercepting route should render instead.\n // The client sends X-Timber-URL with the current pathname (where they're\n // navigating FROM). If a rewrite matches, re-route to the source URL so\n // the source layout renders with the intercepted content in the slot.\n const sourceUrl = req.headers.get('X-Timber-URL');\n if (sourceUrl && config.interceptionRewrites?.length) {\n const intercepted = findInterceptionMatch(\n canonicalPathname,\n sourceUrl,\n config.interceptionRewrites\n );\n if (intercepted) {\n const sourceMatch = matchRoute(intercepted.sourcePathname);\n if (sourceMatch) {\n match = sourceMatch;\n interception = { targetPathname: canonicalPathname };\n }\n }\n }\n\n if (!match) {\n // No route matched — render 404.tsx in root layout if available,\n // otherwise fall back to a bare 404 Response.\n if (config.renderNoMatch) {\n const responseHeaders = new Headers();\n return config.renderNoMatch(req, responseHeaders);\n }\n return new Response(null, { status: 404 });\n }\n\n // Response and request header containers — created before early hints so\n // the emitter can append Link headers (e.g. for Cloudflare CDN → 103).\n const responseHeaders = new Headers();\n const requestHeaderOverlay = new Headers();\n\n // Set Cache-Control for dynamic HTML responses. Without this header,\n // CDNs (particularly Cloudflare) may attempt to buffer/process the\n // response differently, causing intermittent multi-second delays.\n // This matches Next.js's default behavior.\n responseHeaders.set('Cache-Control', 'private, no-cache, no-store, max-age=0, must-revalidate');\n\n // Stage 2b: 103 Early Hints (before middleware, after match)\n // Fires before middleware so the browser can begin fetching critical\n // assets while middleware runs. Non-fatal — a failing emitter never\n // blocks the request.\n if (earlyHints) {\n try {\n await earlyHints(match, req, responseHeaders);\n } catch {\n // Early hints failure is non-fatal\n }\n }\n\n // Stage 2c: Param coercion (before middleware)\n // Load params.ts modules from matched segments and coerce raw string\n // params through defineSegmentParams codecs. Coercion failure → 404\n // (middleware never runs). See design/07-routing.md §\"Where Coercion Runs\"\n try {\n await coerceSegmentParams(match);\n } catch (error) {\n if (error instanceof ParamCoercionError) {\n // For API routes (route.ts), return a bare 404 — not an HTML page.\n // API consumers expect JSON/empty responses, not rendered HTML.\n const leafSegment = match.segments[match.segments.length - 1];\n if (\n (leafSegment as { route?: unknown }).route &&\n !(leafSegment as { page?: unknown }).page\n ) {\n return new Response(null, { status: 404 });\n }\n // Route through the app's 404 page (404.tsx in root layout) instead of\n // returning a bare empty 404 Response. Falls back to bare 404 only if\n // no renderNoMatch renderer is configured.\n if (config.renderNoMatch) {\n return config.renderNoMatch(req, responseHeaders);\n }\n return new Response(null, { status: 404 });\n }\n throw error;\n }\n\n // Store coerced segment params in ALS so components can access them\n // via getSegmentParams() instead of receiving them as a prop.\n // See design/07-routing.md §\"params.ts — Convention File for Typed Params\"\n setSegmentParams(match.segmentParams);\n\n // Stage 3: Middleware chain (root-to-leaf, short-circuits on first Response)\n if (match.middlewareChain.length > 0) {\n const ctx: MiddlewareContext = {\n req,\n requestHeaders: requestHeaderOverlay,\n headers: responseHeaders,\n segmentParams: match.segmentParams,\n earlyHints: (hints) => {\n for (const hint of hints) {\n // Match Cloudflare's cached Early Hints attribute order: `as` before `rel`.\n // Cloudflare caches Link headers and re-emits them on subsequent 200s.\n // If our order differs, the browser sees duplicate preloads and warns.\n let value: string;\n if (hint.as !== undefined) {\n value = `<${hint.href}>; as=${hint.as}; rel=${hint.rel}`;\n } else {\n value = `<${hint.href}>; rel=${hint.rel}`;\n }\n if (hint.crossOrigin !== undefined) value += `; crossorigin=${hint.crossOrigin}`;\n if (hint.fetchPriority !== undefined) value += `; fetchpriority=${hint.fetchPriority}`;\n responseHeaders.append('Link', value);\n }\n },\n };\n\n try {\n // Enable cookie mutation during middleware (design/29-cookies.md §\"Context Tracking\")\n setMutableCookieContext(true);\n const chainFn = () => runMiddlewareChain(match.middlewareChain, ctx);\n const middlewareResponse = await withSpan('timber.middleware', {}, () =>\n serverTiming === 'detailed' ? withTiming('mw', 'middleware.ts', chainFn) : chainFn()\n );\n setMutableCookieContext(false);\n if (middlewareResponse) {\n // Apply cookie jar to short-circuit response.\n // Response.redirect() creates immutable headers, so ensure\n // mutability before appending Set-Cookie entries.\n const finalResponse = ensureMutableResponse(middlewareResponse);\n applyCookieJar(finalResponse.headers);\n // Merge parent-set responseHeaders onto the short-circuit response.\n // Child-set headers take precedence — only add headers not already present.\n // Snapshot existing keys first so multi-value headers (Set-Cookie, Link)\n // from the parent are all appended when the child didn't set that key.\n const existingKeys = new Set(\n [...finalResponse.headers.keys()].map((k) => k.toLowerCase())\n );\n for (const [key, value] of responseHeaders.entries()) {\n if (!existingKeys.has(key.toLowerCase())) {\n finalResponse.headers.append(key, value);\n }\n }\n logMiddlewareShortCircuit({ method, path, status: finalResponse.status });\n return finalResponse;\n }\n // Middleware chain completed without short-circuiting — apply any\n // injected request headers so getHeaders() returns them downstream.\n applyRequestHeaderOverlay(requestHeaderOverlay);\n } catch (error) {\n setMutableCookieContext(false);\n // RedirectSignal from middleware → HTTP redirect (not an error)\n if (error instanceof RedirectSignal) {\n applyCookieJar(responseHeaders);\n return buildRedirectResponse(error, req, responseHeaders);\n }\n // DenySignal from middleware → render deny page with correct status code.\n // Previously returned bare Response(null) — now renders 403.tsx etc.\n if (error instanceof DenySignal) {\n applyCookieJar(responseHeaders);\n if (config.renderDenyFallback) {\n try {\n return await config.renderDenyFallback(error, req, responseHeaders, match);\n } catch {\n // Deny page rendering failed — fall through to bare response\n }\n }\n return new Response(null, { status: error.status, headers: responseHeaders });\n }\n // Middleware throw → HTTP 500 (middleware runs before rendering,\n // no error boundary to catch it)\n logMiddlewareError({ method, path, error });\n await fireOnRequestError(error, req, 'handler');\n if (onPipelineError && error instanceof Error) onPipelineError(error, 'middleware');\n return new Response(null, { status: 500 });\n }\n }\n\n // Apply cookie jar to response headers before render commits them.\n // Middleware may have set cookies; they need to be on responseHeaders\n // before flushResponse creates the Response object.\n applyCookieJar(responseHeaders);\n\n // Stage 4: Render (access gates + element tree + renderToReadableStream)\n try {\n const renderFn = () =>\n render(req, match, responseHeaders, requestHeaderOverlay, interception);\n const response = await withSpan('timber.render', { 'http.route': canonicalPathname }, () =>\n serverTiming === 'detailed'\n ? withTiming('render', 'RSC + SSR render', renderFn)\n : renderFn()\n );\n markResponseFlushed();\n return response;\n } catch (error) {\n // DenySignal leaked from render (e.g. notFound() in metadata()).\n // Render the deny page with the correct status code.\n if (error instanceof DenySignal) {\n if (config.renderDenyFallback) {\n try {\n return await config.renderDenyFallback(error, req, responseHeaders, match);\n } catch {\n // Deny page rendering failed — fall through to bare response\n }\n }\n return new Response(null, { status: error.status, headers: responseHeaders });\n }\n // RedirectSignal leaked from render — honour the redirect\n if (error instanceof RedirectSignal) {\n return buildRedirectResponse(error, req, responseHeaders);\n }\n logRenderError({ method, path, error });\n await fireOnRequestError(error, req, 'render');\n if (onPipelineError && error instanceof Error) onPipelineError(error, 'render');\n // Try fallback error page before bare 500\n if (config.renderFallbackError) {\n try {\n return await config.renderFallbackError(error, req, responseHeaders);\n } catch {\n // Fallback rendering itself failed — fall through to bare 500\n }\n }\n return new Response(null, { status: 500 });\n }\n }\n}\n\n/\n Fire the user's onRequestError hook with request context.\n * Extracts request info from the Request object and calls the instrumentation hook.\n /\nasync function fireOnRequestError(\n error: unknown,\n req: Request,\n phase: 'proxy' \| 'handler' \| 'render' \| 'action' \| 'route'\n): Promise<void> {\n const url = new URL(req.url);\n const headersObj: Record<string, string> = {};\n req.headers.forEach((v, k) => {\n headersObj[k] = v;\n });\n\n await callOnRequestError(\n error,\n { method: req.method, path: url.pathname, headers: headersObj },\n { phase, routePath: url.pathname, routeType: 'page', traceId: getTraceId() }\n );\n}\n\n// ─── Cookie Helpers ──────────────────────────────────────────────────────\n\n/\n Apply all Set-Cookie headers from the cookie jar to a Headers object.\n * Each cookie gets its own Set-Cookie header per RFC 6265 §4.1.\n /\nfunction applyCookieJar(headers: Headers): void {\n for (const value of getSetCookieHeaders()) {\n headers.append('Set-Cookie', value);\n }\n}\n\n// ─── Immutable Response Helpers ──────────────────────────────────────────\n\n/\n Ensure a Response has mutable headers so the pipeline can safely append\n * Set-Cookie and Server-Timing entries.\n \n `Response.redirect()` and some platform-level responses return objects\n * with immutable headers. Calling `.set()` or `.append()` on them throws\n * `TypeError: immutable`. This helper detects the immutable case by\n * attempting a no-op write and, on failure, clones into a fresh Response\n * with mutable headers.\n /\nfunction ensureMutableResponse(response: Response): Response {\n try {\n // Probe mutability with a benign operation that we immediately undo.\n // We pick a header name that is extremely unlikely to collide with\n // anything meaningful and delete it right away.\n response.headers.set('X-Timber-Probe', '1');\n response.headers.delete('X-Timber-Probe');\n return response;\n } catch {\n // Headers are immutable — rebuild with mutable headers.\n return new Response(response.body, {\n status: response.status,\n statusText: response.statusText,\n headers: new Headers(response.headers),\n });\n }\n}\n","/\n Build manifest types and utilities for CSS and JS asset tracking.\n \n The build manifest maps route segment file paths to their output\n * chunks from Vite's client build. This enables:\n * - <link rel=\"stylesheet\"> injection in HTML <head>\n * - <script type=\"module\"> with hashed URLs in production\n * - <link rel=\"modulepreload\"> for client chunk dependencies\n * - Link preload headers for Early Hints (103)\n \n In dev mode, Vite's HMR client handles CSS/JS injection, so the build\n * manifest is empty. In production, it's populated from Vite's\n * .vite/manifest.json after the client build.\n \n Design docs: 18-build-system.md §\"Build Manifest\", 02-rendering-pipeline.md §\"Early Hints\"\n /\n\n/* A font asset entry in the build manifest. /\nexport interface ManifestFontEntry {\n /* URL path to the font file (e.g. `/_timber/fonts/inter-latin-400-abc123.woff2`). /\n href: string;\n /* Font format (e.g. `woff2`). /\n format: string;\n /* Crossorigin attribute — always `anonymous` for fonts. /\n crossOrigin: string;\n}\n\n/* Build manifest mapping input file paths to output asset URLs. /\nexport interface BuildManifest {\n /* Map from input file path (relative to project root) to output CSS URLs. /\n css: Record<string, string[]>;\n /* Map from input file path to output JS chunk URL (hashed filename). /\n js: Record<string, string>;\n /* Map from input file path to transitive JS dependency URLs for modulepreload. /\n modulepreload: Record<string, string[]>;\n /* Map from input file path to font assets used by that module. /\n fonts: Record<string, ManifestFontEntry[]>;\n}\n\n/* Empty build manifest used in dev mode. /\nexport const EMPTY_BUILD_MANIFEST: BuildManifest = {\n css: {},\n js: {},\n modulepreload: {},\n fonts: {},\n};\n\n/* Segment shape expected by collectRouteCss (matches ManifestSegmentNode). /\ninterface SegmentWithFiles {\n layout?: { filePath: string };\n page?: { filePath: string };\n}\n\n/\n Collect all CSS files needed for a matched route's segment chain.\n \n Walks segments root → leaf, collecting CSS for each layout and page.\n * Deduplicates while preserving order (root layout CSS first).\n /\nexport function collectRouteCss(segments: SegmentWithFiles[], manifest: BuildManifest): string[] {\n const seen = new Set<string>();\n const result: string[] = [];\n\n for (const segment of segments) {\n for (const file of [segment.layout, segment.page]) {\n if (!file) continue;\n const cssFiles = manifest.css[file.filePath];\n if (!cssFiles) continue;\n for (const url of cssFiles) {\n if (!seen.has(url)) {\n seen.add(url);\n result.push(url);\n }\n }\n }\n }\n\n return result;\n}\n\n/\n Generate <link rel=\"stylesheet\"> tags for CSS URLs.\n \n Returns an HTML string to prepend to headHtml for injection\n * via injectHead() before </head>.\n /\nexport function buildCssLinkTags(cssUrls: string[]): string {\n // Emit <link rel=\"stylesheet\"> tags as a fallback for platforms where\n // React's Float system (via @vitejs/plugin-rsc preinit with\n // data-precedence) doesn't handle CSS injection. In practice, Float\n // deduplicates and these may be dropped. No preload hints — Float\n // already starts the fetch via preinit(), and redundant preloads\n // cause \"ignored due to unknown as/type\" browser warnings.\n return cssUrls.map((url) => `<link rel=\"stylesheet\" href=\"${url}\">`).join('');\n}\n\n/\n Generate a Link header value for CSS preload hints.\n \n Cloudflare CDN automatically converts Link headers with rel=preload\n * into 103 Early Hints responses. This avoids platform-specific 103\n * sending code.\n \n Example output: `</assets/root.css>; as=style; rel=preload, </assets/page.css>; as=style; rel=preload`\n /\nexport function buildLinkHeaders(cssUrls: string[]): string {\n return cssUrls.map((url) => `<${url}>; as=style; rel=preload`).join(', ');\n}\n\n// ─── Font utilities ──────────────────────────────────────────────────────\n\n/\n Collect all font entries needed for a matched route's segment chain.\n \n Walks segments root → leaf, collecting fonts for each layout and page.\n * Deduplicates by href while preserving order.\n /\nexport function collectRouteFonts(\n segments: SegmentWithFiles[],\n manifest: BuildManifest\n): ManifestFontEntry[] {\n const seen = new Set<string>();\n const result: ManifestFontEntry[] = [];\n\n for (const segment of segments) {\n for (const file of [segment.layout, segment.page]) {\n if (!file) continue;\n const fonts = manifest.fonts[file.filePath];\n if (!fonts) continue;\n for (const entry of fonts) {\n if (!seen.has(entry.href)) {\n seen.add(entry.href);\n result.push(entry);\n }\n }\n }\n }\n\n return result;\n}\n\n/\n Generate <link rel=\"preload\"> tags for font assets.\n \n Font preloads use `as=font` and always include `crossorigin` (required\n * for font preloads even for same-origin resources per the spec).\n /\nexport function buildFontPreloadTags(fonts: ManifestFontEntry[]): string {\n return fonts\n .map(\n (f) =>\n `<link rel=\"preload\" href=\"${f.href}\" as=\"font\" type=\"font/${f.format}\" crossorigin=\"${f.crossOrigin}\">`\n )\n .join('');\n}\n\n/\n Generate Link header values for font preload hints.\n \n Cloudflare CDN converts Link headers with rel=preload into 103 Early Hints.\n \n Example: `</fonts/inter.woff2>; as=font; rel=preload; crossorigin`\n /\nexport function buildFontLinkHeaders(fonts: ManifestFontEntry[]): string {\n return fonts.map((f) => `<${f.href}>; as=font; rel=preload; crossorigin`).join(', ');\n}\n\n// ─── JS chunk utilities ──────────────────────────────────────────────────\n\n/\n Collect JS chunk URLs for a matched route's segment chain.\n \n Walks segments root → leaf, collecting the JS chunk for each layout\n * and page. Deduplicates while preserving order.\n /\nexport function collectRouteJs(segments: SegmentWithFiles[], manifest: BuildManifest): string[] {\n const seen = new Set<string>();\n const result: string[] = [];\n\n for (const segment of segments) {\n for (const file of [segment.layout, segment.page]) {\n if (!file) continue;\n const jsUrl = manifest.js[file.filePath];\n if (!jsUrl) continue;\n if (!seen.has(jsUrl)) {\n seen.add(jsUrl);\n result.push(jsUrl);\n }\n }\n }\n\n return result;\n}\n\n/\n Collect modulepreload URLs for a matched route's segment chain.\n \n Walks segments root → leaf, collecting transitive JS dependencies\n * for each layout and page. Deduplicates across segments.\n /\nexport function collectRouteModulepreloads(\n segments: SegmentWithFiles[],\n manifest: BuildManifest\n): string[] {\n const seen = new Set<string>();\n const result: string[] = [];\n\n for (const segment of segments) {\n for (const file of [segment.layout, segment.page]) {\n if (!file) continue;\n const preloads = manifest.modulepreload[file.filePath];\n if (!preloads) continue;\n for (const url of preloads) {\n if (!seen.has(url)) {\n seen.add(url);\n result.push(url);\n }\n }\n }\n }\n\n return result;\n}\n\n/\n Generate <link rel=\"modulepreload\"> tags for JS dependency URLs.\n \n Modulepreload hints tell the browser to fetch and parse JS modules\n * before they're needed, reducing waterfall latency for dynamic imports.\n /\nexport function buildModulepreloadTags(urls: string[]): string {\n return urls.map((url) => `<link rel=\"modulepreload\" href=\"${url}\">`).join('');\n}\n\n/\n Generate a <script type=\"module\"> tag for a JS entry point.\n /\nexport function buildEntryScriptTag(url: string): string {\n return `<script type=\"module\" src=\"${url}\"></script>`;\n}\n","/\n 103 Early Hints utilities.\n \n Early Hints are sent before the final response to let the browser\n * start fetching critical resources (CSS, fonts, JS) while the server\n * is still rendering.\n \n The framework collects hints from two sources:\n * 1. Build manifest — CSS, fonts, and JS chunks known at route-match time\n * 2. ctx.earlyHints() — explicit hints added by middleware or route handlers\n \n Both are emitted as Link headers. Cloudflare CDN automatically converts\n * Link headers into 103 Early Hints responses.\n \n Design docs: 02-rendering-pipeline.md §\"Early Hints (103)\"\n /\n\nimport {\n collectRouteCss,\n collectRouteFonts,\n collectRouteModulepreloads,\n} from './build-manifest.js';\nimport type { BuildManifest } from './build-manifest.js';\n\n/* Minimal segment shape needed for early hint collection. /\ninterface SegmentWithFiles {\n layout?: { filePath: string };\n page?: { filePath: string };\n}\n\n// ─── EarlyHint type ───────────────────────────────────────────────────────\n\n/\n A single Link header hint for 103 Early Hints.\n \n ```ts\n * ctx.earlyHints([\n * { href: '/styles/critical.css', rel: 'preload', as: 'style' },\n * { href: 'https://fonts.googleapis.com', rel: 'preconnect' },\n * ])\n * ```\n /\nexport interface EarlyHint {\n /* The resource URL (absolute or root-relative). /\n href: string;\n /* Link relation — `preload`, `modulepreload`, or `preconnect`. /\n rel: 'preload' \| 'modulepreload' \| 'preconnect';\n /* Resource type for `preload` hints (omit for `modulepreload` / `preconnect`). /\n as?: 'style' \| 'script' \| 'font' \| 'image' \| 'fetch' \| 'document';\n /* Crossorigin attribute — required for font preloads per spec. /\n crossOrigin?: 'anonymous' \| 'use-credentials';\n /* Fetch priority hint — `high`, `low`, or `auto`. /\n fetchPriority?: 'high' \| 'low' \| 'auto';\n}\n\n// ─── formatLinkHeader ─────────────────────────────────────────────────────\n\n/\n Format a single EarlyHint as a Link header value.\n \n Attribute order: `as` before `rel` to match Cloudflare CDN's cached\n * Early Hints format. Cloudflare caches Link headers from 200 responses\n * and re-emits them as 103 Early Hints on subsequent requests. If our\n * attribute order differs from Cloudflare's cached copy, the browser\n * sees two preload headers for the same URL (different attribute order)\n * and warns \"Preload was ignored.\" Matching the order ensures the\n * browser deduplicates them correctly.\n \n Examples:\n * `</styles/root.css>; as=style; rel=preload`\n * `</fonts/inter.woff2>; as=font; rel=preload; crossorigin=anonymous`\n * `</_timber/client.js>; rel=modulepreload`\n * `<https://fonts.googleapis.com>; rel=preconnect`\n /\nexport function formatLinkHeader(hint: EarlyHint): string {\n // For preload hints, emit `as` before `rel` to match Cloudflare's\n // cached header format and avoid duplicate preload warnings.\n if (hint.as !== undefined) {\n let value = `<${hint.href}>; as=${hint.as}; rel=${hint.rel}`;\n if (hint.crossOrigin !== undefined) value += `; crossorigin=${hint.crossOrigin}`;\n if (hint.fetchPriority !== undefined) value += `; fetchpriority=${hint.fetchPriority}`;\n return value;\n }\n // For modulepreload / preconnect (no `as`), emit rel first.\n let value = `<${hint.href}>; rel=${hint.rel}`;\n if (hint.crossOrigin !== undefined) value += `; crossorigin=${hint.crossOrigin}`;\n if (hint.fetchPriority !== undefined) value += `; fetchpriority=${hint.fetchPriority}`;\n return value;\n}\n\n// ─── collectEarlyHintHeaders ──────────────────────────────────────────────\n\n/* Options for early hint collection. /\nexport interface EarlyHintOptions {\n /* Skip JS modulepreload hints (e.g. when client JavaScript is disabled). /\n skipJs?: boolean;\n}\n\n/\n Collect all Link header strings for a matched route's segment chain.\n \n Walks the build manifest to emit hints for:\n * - CSS stylesheets (as=style; rel=preload)\n * - Font assets (as=font; rel=preload; crossorigin)\n * - JS modulepreload hints (rel=modulepreload) — unless skipJs is set\n \n Also emits global CSS from the `_global` manifest key. Route files\n * are server components that don't appear in the client bundle, so\n * per-route CSS keying doesn't work with the RSC plugin. The `_global`\n * key contains all CSS assets from the client build — fine for early\n * hints since they're just prefetch signals.\n \n Returns formatted Link header strings, deduplicated by URL, root → leaf order.\n * Returns an empty array in dev mode (manifest is empty).\n /\nexport function collectEarlyHintHeaders(\n segments: SegmentWithFiles[],\n manifest: BuildManifest,\n options?: EarlyHintOptions\n): string[] {\n const result: string[] = [];\n // Dedup by URL (href), not by full formatted header string.\n // Different code paths can produce the same URL with different attribute\n // ordering, which would bypass a full-string dedup and produce duplicate\n // Link headers that trigger browser \"preload was ignored\" warnings.\n const seenUrls = new Set<string>();\n\n const add = (url: string, header: string) => {\n if (!seenUrls.has(url)) {\n seenUrls.add(url);\n result.push(header);\n }\n };\n\n // Per-route CSS — as=style; rel=preload\n for (const url of collectRouteCss(segments, manifest)) {\n add(url, formatLinkHeader({ href: url, rel: 'preload', as: 'style' }));\n }\n\n // Global CSS — all CSS assets from the client bundle.\n // Covers CSS that the RSC plugin injects via data-rsc-css-href,\n // which isn't keyed to route segments in our manifest.\n for (const url of manifest.css['_global'] ?? []) {\n add(url, formatLinkHeader({ href: url, rel: 'preload', as: 'style' }));\n }\n\n // Fonts — as=font; rel=preload; crossorigin (crossorigin required per spec)\n for (const font of collectRouteFonts(segments, manifest)) {\n add(\n font.href,\n formatLinkHeader({ href: font.href, rel: 'preload', as: 'font', crossOrigin: 'anonymous' })\n );\n }\n\n // JS chunks — rel=modulepreload (skip when client JS is disabled)\n if (!options?.skipJs) {\n for (const url of collectRouteModulepreloads(segments, manifest)) {\n add(url, formatLinkHeader({ href: url, rel: 'modulepreload' }));\n }\n }\n\n return result;\n}\n","/\n Per-request 103 Early Hints sender — ALS bridge for platform adapters.\n \n The pipeline collects Link headers for CSS, fonts, and JS chunks at\n * route-match time. On platforms that support it (Node.js v18.11+, Bun),\n * the adapter can send these as a 103 Early Hints interim response before\n * the final response is ready.\n \n This module provides an ALS-based bridge: the generated entry point\n * (e.g., the Nitro entry) wraps the handler with `runWithEarlyHintsSender`,\n * binding a per-request sender function. The pipeline calls\n * `sendEarlyHints103()` to fire the 103 if a sender is available.\n \n On platforms where 103 is handled at the CDN level (e.g., Cloudflare\n * converts Link headers into 103 automatically), no sender is installed\n * and `sendEarlyHints103()` is a no-op.\n \n Design doc: 02-rendering-pipeline.md §\"Early Hints (103)\"\n /\n\nimport { earlyHintsSenderAls } from './als-registry.js';\n\n/* Function that sends Link header values as a 103 Early Hints response. /\nexport type EarlyHintsSenderFn = (links: string[]) => void;\n\n/\n Run a function with a per-request early hints sender installed.\n \n Called by generated entry points (e.g., Nitro node-server/bun) to\n * bind the platform's writeEarlyHints capability for the request duration.\n /\nexport function runWithEarlyHintsSender<T>(sender: EarlyHintsSenderFn, fn: () => T): T {\n return earlyHintsSenderAls.run(sender, fn);\n}\n\n/\n Send collected Link headers as a 103 Early Hints response.\n \n No-op if no sender is installed for the current request (e.g., on\n * Cloudflare where the CDN handles 103 automatically, or in dev mode).\n \n Non-fatal: errors from the sender are caught and silently ignored.\n /\nexport function sendEarlyHints103(links: string[]): void {\n if (!links.length) return;\n const sender = earlyHintsSenderAls.getStore();\n if (!sender) return;\n try {\n sender(links);\n } catch {\n // Sending 103 is best-effort — failure never blocks the request.\n }\n}\n","/\n Element tree construction for timber.js rendering.\n \n Builds a unified React element tree from a matched segment chain, bottom-up:\n * page → status-code error boundaries → access gates → layout → repeat up segment chain\n \n The tree is rendered via a single `renderToReadableStream` call,\n * giving one `React.cache` scope for the entire route.\n \n See design/02-rendering-pipeline.md §\"Element Tree Construction\"\n /\n\nimport type { SegmentNode, RouteFile } from '../routing/types.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\n/* A loaded module for a route file convention. /\nexport interface LoadedModule {\n /* The default export (component, access function, etc.) /\n default?: unknown;\n /* Named exports (for route.ts method handlers, metadata, etc.) /\n [key: string]: unknown;\n}\n\n/* Function that loads a route file's module. /\nexport type ModuleLoader = (file: RouteFile) => LoadedModule \| Promise<LoadedModule>;\n\n/* A React element — kept opaque to avoid a React dependency in this module. /\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport type ReactElement = any;\n\n/* Function that creates a React element. Matches React.createElement signature. /\nexport type CreateElement = (\n type: unknown,\n props: Record<string, unknown> \| null,\n ...children: unknown[]\n) => ReactElement;\n\n/\n Resolved slot content for a layout.\n * Key is slot name (without @), value is the element tree for that slot.\n /\nexport type SlotElements = Map<string, ReactElement>;\n\n/* Configuration for the tree builder. /\nexport interface TreeBuilderConfig {\n /* The matched segment chain from root to leaf. /\n segments: SegmentNode[];\n /* Loads a route file's module. /\n loadModule: ModuleLoader;\n /* React.createElement or equivalent. /\n createElement: CreateElement;\n /\n Error boundary component for wrapping segments.\n \n This is injected by the caller rather than imported directly to avoid\n * pulling 'use client' code into the server barrel (@timber-js/app/server).\n * In the RSC environment, the RSC plugin transforms this import to a\n * client reference proxy — the caller handles the import so the server\n * barrel stays free of client dependencies.\n /\n errorBoundaryComponent?: unknown;\n}\n\n// ─── Component wrappers ──────────────────────────────────────────────────────\n\n/\n Framework-injected access gate component.\n \n When `verdict` is provided (from the pre-render pass), AccessGate replays\n * the stored result synchronously — no re-execution, no async, immune to\n * Suspense timing. When `verdict` is absent, falls back to calling `accessFn`\n * (backward compat for tree-builder.ts which doesn't run a pre-render pass).\n /\nexport interface AccessGateProps {\n accessFn: () => unknown;\n /* Segment name for dev logging (e.g. \"authenticated\", \"dashboard\"). /\n segmentName?: string;\n /\n Pre-computed verdict from the pre-render pass. When set, AccessGate\n * replays this verdict synchronously instead of calling accessFn.\n * - 'pass': render children\n * - DenySignal/RedirectSignal: throw synchronously\n /\n verdict?:\n \| 'pass'\n \| import('./primitives.js').DenySignal\n \| import('./primitives.js').RedirectSignal;\n /\n Deny page fallback chain. When provided and a DenySignal is caught,\n * AccessGate renders the matching deny page in-tree instead of throwing.\n * This prevents the error from reaching React Flight, eliminating the\n * second render pass. See TIM-666.\n /\n denyPages?: import('./deny-page-resolver.js').DenyPageEntry[];\n children: ReactElement;\n}\n\n/\n Framework-injected slot access gate component.\n * On denial, renders denied.tsx → default.tsx → null instead of failing the page.\n \n DeniedComponent is passed instead of a pre-built element so that\n * SlotAccessGate can forward DenySignal.data as dangerouslyPassData\n * and slotName as the slot prop after catching the signal.\n /\nexport interface SlotAccessGateProps {\n accessFn: () => unknown;\n /* The denied.tsx component (not a pre-built element). null if no denied.tsx exists. /\n DeniedComponent: ((...args: unknown[]) => unknown) \| null;\n /* Slot directory name without @ prefix (e.g. \"admin\", \"sidebar\"). /\n slotName: string;\n /* createElement function for building elements dynamically. /\n createElement: CreateElement;\n defaultFallback: ReactElement \| null;\n children: ReactElement;\n}\n\n/\n Framework-injected error boundary wrapper.\n * Wraps content with status-code error boundary handling.\n /\nexport interface ErrorBoundaryProps {\n fallbackComponent?: ReactElement \| null;\n fallbackElement?: ReactElement \| null;\n status?: number;\n children: ReactElement;\n}\n\n// ─── Tree Builder ────────────────────────────────────────────────────────────\n\n/\n Result of building the element tree.\n /\nexport interface TreeBuildResult {\n /* The root React element tree ready for renderToReadableStream. /\n tree: ReactElement;\n /* Whether the leaf segment is a route.ts (API endpoint) rather than a page. /\n isApiRoute: boolean;\n}\n\n/\n Build the unified element tree from a matched segment chain.\n \n Construction is bottom-up:\n * 1. Start with the page component (leaf segment)\n * 2. Wrap in status-code error boundaries (fallback chain)\n * 3. Wrap in AccessGate (if segment has access.ts)\n * 4. Pass as children to the segment's layout\n * 5. Repeat up the segment chain to root\n \n Parallel slots are resolved at each layout level and composed as named props.\n /\nexport async function buildElementTree(config: TreeBuilderConfig): Promise<TreeBuildResult> {\n const { segments, loadModule, createElement, errorBoundaryComponent } = config;\n\n if (segments.length === 0) {\n throw new Error('[timber] buildElementTree: empty segment chain');\n }\n\n const leaf = segments[segments.length - 1];\n\n // API routes (route.ts) don't build a React tree\n if (leaf.route && !leaf.page) {\n return { tree: null, isApiRoute: true };\n }\n\n // Start with the page component\n const pageModule = leaf.page ? await loadModule(leaf.page) : null;\n const PageComponent = pageModule?.default as ((...args: unknown[]) => ReactElement) \| undefined;\n\n if (!PageComponent) {\n throw new Error(\n `[timber] No page component found for route at ${leaf.urlPath}. ` +\n 'Each route must have a page.tsx or route.ts.'\n );\n }\n\n // Build the page element — params are accessed via getSegmentParams() from ALS\n let element: ReactElement = createElement(PageComponent, {});\n\n // Build tree bottom-up: wrap page, then walk segments from leaf to root\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n\n // Wrap in error boundaries (status-code files + error.tsx)\n element = await wrapWithErrorBoundaries(\n segment,\n element,\n loadModule,\n createElement,\n errorBoundaryComponent\n );\n\n // Wrap in AccessGate if segment has access.ts\n if (segment.access) {\n const accessModule = await loadModule(segment.access);\n const accessFn = accessModule.default as AccessGateProps['accessFn'];\n element = createElement('timber:access-gate', {\n accessFn,\n segmentName: segment.segmentName,\n children: element,\n } satisfies AccessGateProps);\n }\n\n // Wrap in layout (if exists and not the leaf's page-level wrapping)\n if (segment.layout) {\n const layoutModule = await loadModule(segment.layout);\n const LayoutComponent = layoutModule.default as\n \| ((...args: unknown[]) => ReactElement)\n \| undefined;\n\n if (LayoutComponent) {\n // Resolve parallel slots for this layout\n const slotProps: Record<string, ReactElement> = {};\n if (segment.slots.size > 0) {\n for (const [slotName, slotNode] of segment.slots) {\n slotProps[slotName] = await buildSlotElement(\n slotNode,\n loadModule,\n createElement,\n errorBoundaryComponent\n );\n }\n }\n\n element = createElement(LayoutComponent, {\n ...slotProps,\n children: element,\n });\n }\n }\n }\n\n return { tree: element, isApiRoute: false };\n}\n\n// ─── Slot Element Builder ────────────────────────────────────────────────────\n\n/\n Build the element tree for a parallel slot.\n \n Slots have their own access.ts (SlotAccessGate) and error boundaries.\n * On access denial: denied.tsx → default.tsx → null (graceful degradation).\n /\nasync function buildSlotElement(\n slotNode: SegmentNode,\n loadModule: ModuleLoader,\n createElement: CreateElement,\n errorBoundaryComponent: unknown\n): Promise<ReactElement> {\n // Load slot page\n const pageModule = slotNode.page ? await loadModule(slotNode.page) : null;\n const PageComponent = pageModule?.default as ((...args: unknown[]) => ReactElement) \| undefined;\n\n // Load default.tsx fallback\n const defaultModule = slotNode.default ? await loadModule(slotNode.default) : null;\n const DefaultComponent = defaultModule?.default as\n \| ((...args: unknown[]) => ReactElement)\n \| undefined;\n\n // If no page, render default.tsx or null\n if (!PageComponent) {\n return DefaultComponent ? createElement(DefaultComponent, {}) : null;\n }\n\n let element: ReactElement = createElement(PageComponent, {});\n\n // Wrap in error boundaries\n element = await wrapWithErrorBoundaries(\n slotNode,\n element,\n loadModule,\n createElement,\n errorBoundaryComponent\n );\n\n // Wrap in SlotAccessGate if slot has access.ts\n if (slotNode.access) {\n const accessModule = await loadModule(slotNode.access);\n const accessFn = accessModule.default as SlotAccessGateProps['accessFn'];\n\n // Load denied.tsx — pass component (not pre-built element) so\n // SlotAccessGate can forward DenySignal.data dynamically. See TIM-488.\n const deniedModule = slotNode.denied ? await loadModule(slotNode.denied) : null;\n const DeniedComponent =\n (deniedModule?.default as ((...args: unknown[]) => ReactElement) \| undefined) ?? null;\n\n const defaultFallback = DefaultComponent ? createElement(DefaultComponent, {}) : null;\n\n element = createElement('timber:slot-access-gate', {\n accessFn,\n DeniedComponent,\n slotName: slotNode.segmentName.replace(/^@/, ''),\n createElement,\n defaultFallback,\n children: element,\n } satisfies SlotAccessGateProps);\n }\n\n return element;\n}\n\n// ─── Error Boundary Wrapping ─────────────────────────────────────────────────\n\n/* MDX/markdown extensions — these are server components that cannot be passed as function props. /\nconst MDX_EXTENSIONS = new Set(['mdx', 'md']);\n\n/\n Check if a route file is an MDX/markdown file based on its extension.\n * MDX components are server components by default and cannot cross the\n * RSC→client boundary as function props. They must be pre-rendered as\n * elements and passed as fallbackElement instead of fallbackComponent.\n /\nfunction isMdxFile(file: RouteFile): boolean {\n return MDX_EXTENSIONS.has(file.extension);\n}\n\n/\n Wrap an element with error boundaries from a segment's status-code files.\n \n Wrapping order (innermost to outermost):\n * 1. Specific status files (503.tsx, 429.tsx, etc.)\n * 2. Category catch-alls (4xx.tsx, 5xx.tsx)\n * 3. error.tsx (general error boundary)\n \n This creates the fallback chain described in design/10-error-handling.md.\n \n MDX status files are server components and cannot be passed as function\n * props to TimberErrorBoundary (a 'use client' component). Instead, they\n * are pre-rendered as elements and passed as fallbackElement. The error\n * boundary renders the element directly when an error is caught.\n * See TIM-503.\n /\nasync function wrapWithErrorBoundaries(\n segment: SegmentNode,\n element: ReactElement,\n loadModule: ModuleLoader,\n createElement: CreateElement,\n errorBoundaryComponent: unknown\n): Promise<ReactElement> {\n // Wrapping is applied inside-out. The last wrap call produces the outermost boundary.\n // Order: specific status → category → error.tsx (outermost)\n\n if (segment.statusFiles) {\n // Wrap with specific status files (innermost — highest priority at runtime)\n for (const [key, file] of segment.statusFiles) {\n if (key !== '4xx' && key !== '5xx') {\n const status = parseInt(key, 10);\n if (!isNaN(status)) {\n const mod = await loadModule(file);\n const Component = mod.default;\n if (Component) {\n const boundaryProps = isMdxFile(file)\n ? ({\n fallbackElement: createElement(Component, { status }),\n status,\n children: element,\n } satisfies ErrorBoundaryProps)\n : ({\n fallbackComponent: Component,\n status,\n children: element,\n } satisfies ErrorBoundaryProps);\n element = createElement(errorBoundaryComponent, boundaryProps);\n }\n }\n }\n }\n\n // Wrap with category catch-alls (4xx.tsx, 5xx.tsx)\n for (const [key, file] of segment.statusFiles) {\n if (key === '4xx' \|\| key === '5xx') {\n const mod = await loadModule(file);\n const Component = mod.default;\n if (Component) {\n const categoryStatus = key === '4xx' ? 400 : 500;\n const boundaryProps = isMdxFile(file)\n ? ({\n fallbackElement: createElement(Component, {}),\n status: categoryStatus,\n children: element,\n } satisfies ErrorBoundaryProps)\n : ({\n fallbackComponent: Component,\n status: categoryStatus,\n children: element,\n } satisfies ErrorBoundaryProps);\n element = createElement(errorBoundaryComponent, boundaryProps);\n }\n }\n }\n }\n\n // Wrap with error.tsx (outermost — catches anything not matched by status files)\n // Note: error.tsx/error.mdx receives { error, digest, reset } props.\n // MDX error files are pre-rendered without those props (they're static content).\n if (segment.error) {\n const errorModule = await loadModule(segment.error);\n const ErrorComponent = errorModule.default;\n if (ErrorComponent) {\n const boundaryProps = isMdxFile(segment.error)\n ? ({\n fallbackElement: createElement(ErrorComponent, {}),\n children: element,\n } satisfies ErrorBoundaryProps)\n : ({\n fallbackComponent: ErrorComponent,\n children: element,\n } satisfies ErrorBoundaryProps);\n element = createElement(errorBoundaryComponent, boundaryProps);\n }\n }\n\n return element;\n}\n","/\n Status-code file resolver for timber.js error/denial rendering.\n \n Given an HTTP status code and a matched segment chain, resolves the\n * correct file to render by walking the fallback chain described in\n * design/10-error-handling.md §\"Status-Code Files\".\n \n Supports two format families:\n * - 'component' (default): .tsx/.jsx/.mdx status files → React rendering pipeline\n * - 'json': .json status files → raw JSON response, no React\n \n Fallback chains operate within the same format family (no cross-format fallback).\n \n Component chain (4xx):\n * Pass 1 — status files (leaf → root): {status}.tsx → 4xx.tsx\n * Pass 2 — legacy compat (leaf → root): not-found.tsx / forbidden.tsx / unauthorized.tsx\n * Pass 3 — error.tsx (leaf → root)\n * Pass 4 — framework default (returns null)\n \n JSON chain (4xx):\n * Pass 1 — json status files (leaf → root): {status}.json → 4xx.json\n * Pass 2 — framework default JSON (returns null, caller provides bare JSON)\n \n 5xx (component only):\n * Per-segment (leaf → root): {status}.tsx → 5xx.tsx → error.tsx\n * Then global-error.tsx (future)\n * Then framework default (returns null)\n /\n\nimport type { SegmentNode, RouteFile } from '../routing/types.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\n/* How the status-code file was matched. /\nexport type StatusFileKind =\n \| 'exact' // e.g. 403.tsx matched status 403\n \| 'category' // e.g. 4xx.tsx matched status 403\n \| 'legacy' // e.g. not-found.tsx matched status 404\n \| 'error'; // error.tsx as last resort\n\n/* Response format family for status-code resolution. /\nexport type StatusFileFormat = 'component' \| 'json';\n\n/* Result of resolving a status-code file for a segment chain. /\nexport interface StatusFileResolution {\n /* The matched route file. /\n file: RouteFile;\n /* The HTTP status code (always the original status, not the file's code). /\n status: number;\n /* How the file was matched. /\n kind: StatusFileKind;\n /* Index into the segments array where the file was found. /\n segmentIndex: number;\n}\n\n/* How a slot denial file was matched. /\nexport type SlotDeniedKind = 'denied' \| 'default';\n\n/* Result of resolving a slot denied file. /\nexport interface SlotDeniedResolution {\n /* The matched route file (denied.tsx or default.tsx). /\n file: RouteFile;\n /* Slot name without @ prefix. /\n slotName: string;\n /* How the file was matched. /\n kind: SlotDeniedKind;\n}\n\n// ─── Legacy Compat Mapping ───────────────────────────────────────────────────\n\n/\n Maps legacy file convention names to their corresponding HTTP status codes.\n * Only used in the 4xx component fallback chain.\n /\nconst LEGACY_FILE_TO_STATUS: Record<string, number> = {\n 'not-found': 404,\n 'forbidden': 403,\n 'unauthorized': 401,\n};\n\n// ─── Resolver ────────────────────────────────────────────────────────────────\n\n/\n Resolve the status-code file to render for a given HTTP status code.\n \n Walks the segment chain from leaf to root following the fallback chain\n * defined in design/10-error-handling.md. Returns null if no file is found\n * (caller should render the framework default).\n \n @param status - The HTTP status code (4xx or 5xx).\n * @param segments - The matched segment chain from root (index 0) to leaf (last).\n * @param format - The response format family ('component' or 'json'). Defaults to 'component'.\n /\nexport function resolveStatusFile(\n status: number,\n segments: ReadonlyArray<SegmentNode>,\n format: StatusFileFormat = 'component'\n): StatusFileResolution \| null {\n if (status >= 400 && status <= 499) {\n return format === 'json' ? resolve4xxJson(status, segments) : resolve4xx(status, segments);\n }\n if (status >= 500 && status <= 599) {\n // JSON format for 5xx uses the same json chain pattern\n return format === 'json' ? resolve5xxJson(status, segments) : resolve5xx(status, segments);\n }\n return null;\n}\n\n/\n 4xx component fallback chain (three separate passes):\n * Pass 1 — status files (leaf → root): {status}.tsx → 4xx.tsx\n * Pass 2 — legacy compat (leaf → root): not-found.tsx / forbidden.tsx / unauthorized.tsx\n * Pass 3 — error.tsx (leaf → root)\n /\nfunction resolve4xx(\n status: number,\n segments: ReadonlyArray<SegmentNode>\n): StatusFileResolution \| null {\n const statusStr = String(status);\n\n // Pass 1: status files across all segments (leaf → root)\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n if (!segment.statusFiles) continue;\n\n // Exact match first\n const exact = segment.statusFiles.get(statusStr);\n if (exact) {\n return { file: exact, status, kind: 'exact', segmentIndex: i };\n }\n\n // Category catch-all\n const category = segment.statusFiles.get('4xx');\n if (category) {\n return { file: category, status, kind: 'category', segmentIndex: i };\n }\n }\n\n // Pass 2: legacy compat files (leaf → root)\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n if (!segment.legacyStatusFiles) continue;\n\n for (const [name, legacyStatus] of Object.entries(LEGACY_FILE_TO_STATUS)) {\n if (legacyStatus === status) {\n const file = segment.legacyStatusFiles.get(name);\n if (file) {\n return { file, status, kind: 'legacy', segmentIndex: i };\n }\n }\n }\n }\n\n // Pass 3: error.tsx (leaf → root)\n for (let i = segments.length - 1; i >= 0; i--) {\n if (segments[i].error) {\n return { file: segments[i].error!, status, kind: 'error', segmentIndex: i };\n }\n }\n\n return null;\n}\n\n/\n 4xx JSON fallback chain (single pass):\n * Pass 1 — json status files (leaf → root): {status}.json → 4xx.json\n * No legacy compat, no error.tsx — JSON chain terminates at category catch-all.\n /\nfunction resolve4xxJson(\n status: number,\n segments: ReadonlyArray<SegmentNode>\n): StatusFileResolution \| null {\n const statusStr = String(status);\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n if (!segment.jsonStatusFiles) continue;\n\n // Exact match first\n const exact = segment.jsonStatusFiles.get(statusStr);\n if (exact) {\n return { file: exact, status, kind: 'exact', segmentIndex: i };\n }\n\n // Category catch-all\n const category = segment.jsonStatusFiles.get('4xx');\n if (category) {\n return { file: category, status, kind: 'category', segmentIndex: i };\n }\n }\n\n return null;\n}\n\n/\n 5xx component fallback chain (single pass, per-segment):\n * At each segment (leaf → root): {status}.tsx → 5xx.tsx → error.tsx\n /\nfunction resolve5xx(\n status: number,\n segments: ReadonlyArray<SegmentNode>\n): StatusFileResolution \| null {\n const statusStr = String(status);\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n\n // Exact status file\n if (segment.statusFiles) {\n const exact = segment.statusFiles.get(statusStr);\n if (exact) {\n return { file: exact, status, kind: 'exact', segmentIndex: i };\n }\n\n // Category catch-all\n const category = segment.statusFiles.get('5xx');\n if (category) {\n return { file: category, status, kind: 'category', segmentIndex: i };\n }\n }\n\n // error.tsx at this segment level (for 5xx, checked per-segment)\n if (segment.error) {\n return { file: segment.error, status, kind: 'error', segmentIndex: i };\n }\n }\n\n return null;\n}\n\n/\n 5xx JSON fallback chain (single pass):\n * At each segment (leaf → root): {status}.json → 5xx.json\n * No error.tsx equivalent — JSON chain terminates at category catch-all.\n /\nfunction resolve5xxJson(\n status: number,\n segments: ReadonlyArray<SegmentNode>\n): StatusFileResolution \| null {\n const statusStr = String(status);\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n if (!segment.jsonStatusFiles) continue;\n\n const exact = segment.jsonStatusFiles.get(statusStr);\n if (exact) {\n return { file: exact, status, kind: 'exact', segmentIndex: i };\n }\n\n const category = segment.jsonStatusFiles.get('5xx');\n if (category) {\n return { file: category, status, kind: 'category', segmentIndex: i };\n }\n }\n\n return null;\n}\n\n// ─── Slot Denied Resolver ────────────────────────────────────────────────────\n\n/\n Resolve the denial file for a parallel route slot.\n \n Slot denial is graceful degradation — no HTTP status on the wire.\n * Fallback chain: denied.tsx → default.tsx → null.\n \n @param slotNode - The segment node for the slot (segmentType === 'slot').\n /\nexport function resolveSlotDenied(slotNode: SegmentNode): SlotDeniedResolution \| null {\n const slotName = slotNode.segmentName.replace(/^@/, '');\n\n if (slotNode.denied) {\n return { file: slotNode.denied, slotName, kind: 'denied' };\n }\n\n if (slotNode.default) {\n return { file: slotNode.default, slotName, kind: 'default' };\n }\n\n return null;\n}\n","/\n Flush controller for timber.js rendering.\n \n Holds the response until `onShellReady` fires, then commits the HTTP status\n * code and flushes the shell. Render-phase signals (deny, redirect, unhandled\n * throws) caught before flush produce correct HTTP status codes.\n \n See design/02-rendering-pipeline.md §\"The Flush Point\" and §\"The Hold Window\"\n /\n\nimport { DenySignal, RedirectSignal, RenderError } from './primitives.js';\nimport { logRenderError } from './logger.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\n/* The readable stream from React's renderToReadableStream. /\nexport interface ReactRenderStream {\n /* The underlying ReadableStream of HTML bytes. /\n readable: ReadableStream<Uint8Array>;\n /* Resolves when the shell has finished rendering (all non-Suspense content). /\n allReady?: Promise<void>;\n}\n\n/* Options for the flush controller. /\nexport interface FlushOptions {\n /* Response headers to include (from middleware.ts, proxy.ts, etc.). /\n responseHeaders?: Headers;\n /* Default status code when rendering succeeds. Default: 200. /\n defaultStatus?: number;\n}\n\n/* Result of the flush process. /\nexport interface FlushResult {\n /* The final HTTP Response. /\n response: Response;\n /* The status code committed. /\n status: number;\n /* Whether the response was a redirect. /\n isRedirect: boolean;\n /* Whether the response was a denial. /\n isDenial: boolean;\n}\n\n// ─── Render Function Type ────────────────────────────────────────────────────\n\n/\n A function that performs the React render.\n \n The flush controller calls this, catches any signals thrown during the\n * synchronous shell render (before onShellReady), and produces the\n * correct HTTP response.\n \n Must return an object with:\n * - `stream`: The ReadableStream from renderToReadableStream\n * - `shellReady`: A Promise that resolves when onShellReady fires\n /\nexport interface RenderResult {\n /* The HTML byte stream. /\n stream: ReadableStream<Uint8Array>;\n /* Resolves when the shell is ready (all non-Suspense content rendered). /\n shellReady: Promise<void>;\n}\n\nexport type RenderFn = () => RenderResult \| Promise<RenderResult>;\n\n// ─── Flush Controller ────────────────────────────────────────────────────────\n\n/\n Execute a render and hold the response until the shell is ready.\n \n The flush controller:\n * 1. Calls the render function to start renderToReadableStream\n * 2. Waits for shellReady (onShellReady)\n * 3. If a render-phase signal was thrown (deny, redirect, error), produces\n * the correct HTTP status code\n * 4. If the shell rendered successfully, commits the status and streams\n \n Render-phase signals caught before flush:\n * - `DenySignal` → HTTP 4xx with appropriate status code\n * - `RedirectSignal` → HTTP 3xx with Location header\n * - `RenderError` → HTTP status from error (default 500)\n * - Unhandled error → HTTP 500\n \n @param renderFn - Function that starts the React render.\n * @param options - Flush configuration.\n * @returns The committed HTTP Response.\n /\nexport async function flushResponse(\n renderFn: RenderFn,\n options: FlushOptions = {}\n): Promise<FlushResult> {\n const { responseHeaders = new Headers(), defaultStatus = 200 } = options;\n\n let renderResult: RenderResult;\n\n // Phase 1: Start the render. The render function may throw synchronously\n // if there's an immediate error before React even starts.\n try {\n renderResult = await renderFn();\n } catch (error) {\n return handleSignal(error, responseHeaders);\n }\n\n // Phase 2: Wait for onShellReady. Render-phase signals (deny, redirect,\n // throws outside Suspense) are caught here.\n try {\n await renderResult.shellReady;\n } catch (error) {\n return handleSignal(error, responseHeaders);\n }\n\n // Phase 3: Shell rendered successfully. Commit status and stream.\n responseHeaders.set('Content-Type', 'text/html; charset=utf-8');\n\n return {\n response: new Response(renderResult.stream, {\n status: defaultStatus,\n headers: responseHeaders,\n }),\n status: defaultStatus,\n isRedirect: false,\n isDenial: false,\n };\n}\n\n// ─── Signal Handling ─────────────────────────────────────────────────────────\n\n/\n Handle a render-phase signal and produce the correct HTTP response.\n /\nfunction handleSignal(error: unknown, responseHeaders: Headers): FlushResult {\n // Redirect signal → HTTP 3xx\n if (error instanceof RedirectSignal) {\n responseHeaders.set('Location', error.location);\n return {\n response: new Response(null, {\n status: error.status,\n headers: responseHeaders,\n }),\n status: error.status,\n isRedirect: true,\n isDenial: false,\n };\n }\n\n // Deny signal → HTTP 4xx\n if (error instanceof DenySignal) {\n return {\n response: new Response(null, {\n status: error.status,\n headers: responseHeaders,\n }),\n status: error.status,\n isRedirect: false,\n isDenial: true,\n };\n }\n\n // RenderError → HTTP status from error\n if (error instanceof RenderError) {\n return {\n response: new Response(null, {\n status: error.status,\n headers: responseHeaders,\n }),\n status: error.status,\n isRedirect: false,\n isDenial: false,\n };\n }\n\n // Unknown error → HTTP 500\n logRenderError({ method: '', path: '', error });\n return {\n response: new Response(null, {\n status: 500,\n headers: responseHeaders,\n }),\n status: 500,\n isRedirect: false,\n isDenial: false,\n };\n}\n","/\n CSRF protection — Origin header validation.\n \n Auto-derived from the Host header for single-origin deployments.\n * Configurable via allowedOrigins for multi-origin setups.\n * Disable with csrf: false (not recommended outside local dev).\n \n See design/08-forms-and-actions.md §\"CSRF Protection\"\n * See design/13-security.md §\"Security Testing Checklist\" #6\n /\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\nexport interface CsrfConfig {\n /* Explicit list of allowed origins. Replaces Host-based auto-derivation. /\n allowedOrigins?: string[];\n /* Set to false to disable CSRF validation entirely. /\n csrf?: boolean;\n}\n\nexport type CsrfResult = { ok: true } \| { ok: false; status: 403 };\n\n// ─── Constants ────────────────────────────────────────────────────────────\n\n/* HTTP methods that are considered safe (no mutation). /\nconst SAFE_METHODS = new Set(['GET', 'HEAD', 'OPTIONS']);\n\n// ─── Implementation ───────────────────────────────────────────────────────\n\n/\n Validate the Origin header against the request's Host.\n \n For mutation methods (POST, PUT, PATCH, DELETE):\n * - If `csrf: false`, skip validation.\n * - If `allowedOrigins` is set, Origin must match one exactly (no wildcards).\n * - Otherwise, Origin's host must match the request's Host header.\n \n Safe methods (GET, HEAD, OPTIONS) always pass.\n /\nexport function validateCsrf(req: Request, config: CsrfConfig): CsrfResult {\n // Safe methods don't need CSRF protection\n if (SAFE_METHODS.has(req.method)) {\n return { ok: true };\n }\n\n // Explicitly disabled\n if (config.csrf === false) {\n return { ok: true };\n }\n\n const origin = req.headers.get('Origin');\n\n // No Origin header on a mutation → reject\n if (!origin) {\n return { ok: false, status: 403 };\n }\n\n // If allowedOrigins is configured, use that instead of Host-based derivation\n if (config.allowedOrigins) {\n const allowed = config.allowedOrigins.includes(origin);\n return allowed ? { ok: true } : { ok: false, status: 403 };\n }\n\n // Auto-derive from Host header\n const host = req.headers.get('Host');\n if (!host) {\n return { ok: false, status: 403 };\n }\n\n // Extract hostname from Origin URL and compare to Host header\n let originHost: string;\n try {\n originHost = new URL(origin).host;\n } catch {\n return { ok: false, status: 403 };\n }\n\n return originHost === host ? { ok: true } : { ok: false, status: 403 };\n}\n","/\n Request body size limits — returns 413 when exceeded.\n * See design/08-forms-and-actions.md §\"FormData Limits\"\n /\n\nexport interface BodyLimitsConfig {\n limits?: {\n actionBodySize?: string;\n uploadBodySize?: string;\n maxFields?: number;\n };\n}\n\nexport type BodyLimitResult = { ok: true } \| { ok: false; status: 411 \| 413 };\n\nexport type BodyKind = 'action' \| 'upload';\n\nconst KB = 1024;\nconst MB = 1024 KB;\nconst GB = 1024 * MB;\n\nexport const DEFAULT_LIMITS = {\n actionBodySize: 1 * MB,\n uploadBodySize: 10 * MB,\n maxFields: 100,\n} as const;\n\nconst SIZE_PATTERN = /^(\\d+(?:\\.\\d+)?)\\s(kb\|mb\|gb)?$/i;\n\n/* Parse a human-readable size string (\"1mb\", \"512kb\", \"1024\") into bytes. /\nexport function parseBodySize(size: string): number {\n const match = SIZE_PATTERN.exec(size.trim());\n if (!match) {\n throw new Error(\n `Invalid body size format: \"${size}\". Expected format like \"1mb\", \"512kb\", or \"1024\".`\n );\n }\n\n const value = Number.parseFloat(match[1]);\n const unit = (match[2] ?? '').toLowerCase();\n\n switch (unit) {\n case 'kb':\n return Math.floor(value KB);\n case 'mb':\n return Math.floor(value * MB);\n case 'gb':\n return Math.floor(value * GB);\n case '':\n return Math.floor(value);\n default:\n throw new Error(`Unknown size unit: \"${unit}\"`);\n }\n}\n\n/** Check whether a request body exceeds the configured size limit (stateless, no ALS). /\nexport function enforceBodyLimits(\n req: Request,\n kind: BodyKind,\n config: BodyLimitsConfig\n): BodyLimitResult {\n const contentLength = req.headers.get('Content-Length');\n if (!contentLength) {\n // Reject requests without Content-Length — prevents body limit bypass via\n // chunked transfer-encoding. Browsers always send Content-Length for form POSTs.\n return { ok: false, status: 411 };\n }\n\n const bodySize = Number.parseInt(contentLength, 10);\n if (Number.isNaN(bodySize)) {\n return { ok: false, status: 411 };\n }\n\n const limit = resolveLimit(kind, config);\n return bodySize <= limit ? { ok: true } : { ok: false, status: 413 };\n}\n\n/* Check whether a FormData payload exceeds the configured field count limit. /\nexport function enforceFieldLimit(formData: FormData, config: BodyLimitsConfig): BodyLimitResult {\n const maxFields = config.limits?.maxFields ?? DEFAULT_LIMITS.maxFields;\n // Count unique keys — FormData.keys() yields duplicates for multi-value fields,\n // so we use a Set to count distinct field names.\n const fieldCount = new Set(formData.keys()).size;\n return fieldCount <= maxFields ? { ok: true } : { ok: false, status: 413 };\n}\n\n/\n Resolve the byte limit for a given body kind, using config overrides or defaults.\n /\nfunction resolveLimit(kind: BodyKind, config: BodyLimitsConfig): number {\n const userLimits = config.limits;\n\n if (kind === 'action') {\n return userLimits?.actionBodySize\n ? parseBodySize(userLimits.actionBodySize)\n : DEFAULT_LIMITS.actionBodySize;\n }\n\n return userLimits?.uploadBodySize\n ? parseBodySize(userLimits.uploadBodySize)\n : DEFAULT_LIMITS.uploadBodySize;\n}\n","/\n Route handler for route.ts API endpoints.\n \n route.ts files export named HTTP method handlers (GET, POST, etc.).\n * They share the same pipeline (proxy → match → middleware → access → handler)\n * but don't render React trees.\n \n See design/07-routing.md §\"route.ts — API Endpoints\"\n /\n\nimport type { RouteContext } from './types.js';\nimport { logRouteError } from './logger.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────\n\n/* HTTP methods that route.ts can export as named handlers. /\nexport type HttpMethod = 'GET' \| 'POST' \| 'PUT' \| 'PATCH' \| 'DELETE' \| 'HEAD' \| 'OPTIONS';\n\n/* A single route handler function — one-arg signature. /\nexport type RouteHandler = (ctx: RouteContext) => Response \| Promise<Response>;\n\n/* A route.ts module — named exports for each supported HTTP method. /\nexport type RouteModule = {\n [K in HttpMethod]?: RouteHandler;\n};\n\n/* All recognized HTTP method export names. /\nconst HTTP_METHODS: HttpMethod[] = ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'];\n\n// ─── Allowed Methods ─────────────────────────────────────────────────────\n\n/\n Resolve the full list of allowed methods for a route module.\n \n Includes:\n * - All explicitly exported methods\n * - HEAD (implicit when GET is exported)\n * - OPTIONS (always implicit)\n /\nexport function resolveAllowedMethods(mod: RouteModule): HttpMethod[] {\n const methods: HttpMethod[] = [];\n\n for (const method of HTTP_METHODS) {\n if (method === 'HEAD' \|\| method === 'OPTIONS') continue;\n if (mod[method]) {\n methods.push(method);\n }\n }\n\n // HEAD is implicit when GET is exported\n if (mod.GET && !mod.HEAD) {\n methods.push('HEAD');\n } else if (mod.HEAD) {\n methods.push('HEAD');\n }\n\n // OPTIONS is always implicit\n if (!mod.OPTIONS) {\n methods.push('OPTIONS');\n } else {\n methods.push('OPTIONS');\n }\n\n return methods;\n}\n\n// ─── Route Request Handler ───────────────────────────────────────────────\n\n/\n Handle an incoming request against a route.ts module.\n \n Dispatches to the named method handler, auto-generates 405/OPTIONS,\n * and merges response headers from ctx.headers.\n /\nexport async function handleRouteRequest(mod: RouteModule, ctx: RouteContext): Promise<Response> {\n const method = ctx.req.method.toUpperCase() as HttpMethod;\n const allowed = resolveAllowedMethods(mod);\n const allowHeader = allowed.join(', ');\n\n // Auto OPTIONS — 204 with Allow header\n if (method === 'OPTIONS') {\n if (mod.OPTIONS) {\n return runHandler(mod.OPTIONS, ctx);\n }\n return new Response(null, {\n status: 204,\n headers: { Allow: allowHeader },\n });\n }\n\n // HEAD fallback — run GET, strip body\n if (method === 'HEAD') {\n if (mod.HEAD) {\n return runHandler(mod.HEAD, ctx);\n }\n if (mod.GET) {\n const res = await runHandler(mod.GET, ctx);\n // Return headers + status but no body\n return new Response(null, {\n status: res.status,\n headers: res.headers,\n });\n }\n }\n\n // Dispatch to the named handler\n const handler = mod[method];\n if (!handler) {\n return new Response(null, {\n status: 405,\n headers: { Allow: allowHeader },\n });\n }\n\n return runHandler(handler, ctx);\n}\n\n/\n Run a handler, merge ctx.headers into the response, and catch errors.\n /\nasync function runHandler(handler: RouteHandler, ctx: RouteContext): Promise<Response> {\n try {\n const res = await handler(ctx);\n return mergeResponseHeaders(res, ctx.headers);\n } catch (error) {\n logRouteError({ method: ctx.req.method, path: new URL(ctx.req.url).pathname, error });\n return new Response(null, { status: 500 });\n }\n}\n\n/\n Merge response headers from ctx.headers into the handler's response.\n * ctx.headers (set by middleware or the handler) are applied to the final response.\n * Handler-set headers take precedence over ctx.headers.\n /\nfunction mergeResponseHeaders(res: Response, ctxHeaders: Headers): Response {\n // If no ctx headers to merge, return as-is\n let hasCtxHeaders = false;\n ctxHeaders.forEach(() => {\n hasCtxHeaders = true;\n });\n if (!hasCtxHeaders) return res;\n\n // Merge: ctx.headers first, then handler response headers override.\n // Set-Cookie needs special handling: Headers.set() replaces all values\n // for a key, but each Set-Cookie must be its own header per RFC 6265 §4.1.\n // Use append for Set-Cookie, set for everything else.\n const merged = new Headers();\n ctxHeaders.forEach((value, key) => {\n if (key.toLowerCase() === 'set-cookie') {\n merged.append(key, value);\n } else {\n merged.set(key, value);\n }\n });\n // Response Set-Cookie headers: use getSetCookie() to preserve individual\n // cookies (forEach joins them with \", \" into one entry).\n const resCookies = res.headers.getSetCookie();\n for (const cookie of resCookies) {\n merged.append('Set-Cookie', cookie);\n }\n res.headers.forEach((value, key) => {\n if (key.toLowerCase() !== 'set-cookie') {\n merged.set(key, value);\n }\n });\n\n return new Response(res.body, {\n status: res.status,\n statusText: res.statusText,\n headers: merged,\n });\n}\n","/\n Render timeout utilities for SSR streaming pipeline.\n \n Provides a RenderTimeoutError class and a helper to create\n * timeout-guarded AbortSignals. Used to defend against hung RSC\n * streams and infinite SSR renders.\n \n Design doc: 02-rendering-pipeline.md §\"Streaming Constraints\"\n /\n\n/\n Error thrown when an SSR render or RSC stream read exceeds the\n * configured timeout. Callers can check `instanceof RenderTimeoutError`\n * to distinguish timeout from other errors and return a 504 or close\n * the connection cleanly.\n /\nexport class RenderTimeoutError extends Error {\n readonly timeoutMs: number;\n\n constructor(timeoutMs: number, context?: string) {\n const message = context\n ? `Render timeout after ${timeoutMs}ms: ${context}`\n : `Render timeout after ${timeoutMs}ms`;\n super(message);\n this.name = 'RenderTimeoutError';\n this.timeoutMs = timeoutMs;\n }\n}\n\n/\n Result of createRenderTimeout — an AbortSignal that fires after\n * the given duration, plus a cancel function to clear the timer\n * when the render completes normally.\n /\nexport interface RenderTimeout {\n /* AbortSignal that aborts after timeoutMs. /\n signal: AbortSignal;\n /* Cancel the timeout timer. Call this when the render completes. /\n cancel: () => void;\n}\n\n/\n Create a render timeout that aborts after the given duration.\n \n Returns an AbortSignal and a cancel function. The signal fires\n * with a RenderTimeoutError as the abort reason after `timeoutMs`.\n * Call `cancel()` when the render completes to prevent the timeout\n * from firing.\n \n If an existing `parentSignal` is provided, the returned signal\n * aborts when either the parent signal or the timeout fires —\n * whichever comes first.\n /\nexport function createRenderTimeout(timeoutMs: number, parentSignal?: AbortSignal): RenderTimeout {\n const controller = new AbortController();\n const reason = new RenderTimeoutError(timeoutMs, 'RSC stream read timed out');\n\n const timer = setTimeout(() => {\n controller.abort(reason);\n }, timeoutMs);\n\n // If there's a parent signal (e.g. request abort), chain it\n if (parentSignal) {\n if (parentSignal.aborted) {\n clearTimeout(timer);\n controller.abort(parentSignal.reason);\n } else {\n parentSignal.addEventListener(\n 'abort',\n () => {\n clearTimeout(timer);\n controller.abort(parentSignal.reason);\n },\n { once: true }\n );\n }\n }\n\n return {\n signal: controller.signal,\n cancel: () => {\n clearTimeout(timer);\n },\n };\n}\n\n/\n Race a promise against a timeout. Rejects with RenderTimeoutError\n * if the promise does not resolve within `timeoutMs`.\n \n Used to guard individual `rscReader.read()` calls inside pullLoop.\n */\nexport function withTimeout<T>(\n promise: Promise<T>,\n timeoutMs: number,\n context?: string\n): Promise<T> {\n let timer: ReturnType<typeof setTimeout>;\n const timeoutPromise = new Promise<never>((_resolve, reject) => {\n timer = setTimeout(() => {\n reject(new RenderTimeoutError(timeoutMs, context));\n }, timeoutMs);\n });\n\n return Promise.race([promise, timeoutPromise]).finally(() => {\n clearTimeout(timer!);\n });\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAgBA,IAAM,uBAAuB;;AAG7B,IAAM,eAAe;;;;;;;;;;;;;AAcrB,SAAgB,aAAa,aAAqB,qBAAqB,MAA0B;AAG/F,KAAI,qBAAqB,KAAK,YAAY,CACxC,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;AAEnC,KAAI,aAAa,KAAK,YAAY,CAChC,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;CAKnC,IAAI;AACJ,KAAI;AACF,YAAU,mBAAmB,YAAY;SACnC;AAEN,SAAO;GAAE,IAAI;GAAO,QAAQ;GAAK;;AAKnC,KAAI,QAAQ,SAAS,KAAK,CACxB,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;CAQnC,IAAI,WAAW,QAAQ,QAAQ,UAAU,IAAI;CAG7C,MAAM,WAAW,SAAS,MAAM,IAAI;CACpC,MAAM,WAAqB,EAAE;AAC7B,MAAK,MAAM,OAAO,SAChB,KAAI,QAAQ,MAAM;AAChB,MAAI,SAAS,UAAU,EAErB,QAAO;GAAE,IAAI;GAAO,QAAQ;GAAK;AAEnC,WAAS,KAAK;YACL,QAAQ,IACjB,UAAS,KAAK,IAAI;AAItB,YAAW,SAAS,KAAK,IAAI,IAAI;AAGjC,KAAI,sBAAsB,SAAS,SAAS,KAAK,SAAS,SAAS,IAAI,CACrE,YAAW,SAAS,MAAM,GAAG,GAAG;AAGlC,QAAO;EAAE,IAAI;EAAM;EAAU;;;;;;;;;;;;AChE/B,eAAsB,SACpB,aACA,KACA,MACmB;CACnB,MAAM,MAAM,MAAM,QAAQ,YAAY,GAAG,cAAc,CAAC,YAAY;CAIpE,IAAI,IAAI,IAAI;CACZ,IAAI,WAAW;AACf,QAAO,KAAK;EACV,MAAM,KAAK,IAAI;EACf,MAAM,aAAa;AACnB,mBAAiB,QAAQ,QAAQ,GAAG,KAAK,WAAW,CAAC;;AAGvD,QAAO,UAAU;;;;;;;;;;;ACnBnB,eAAsB,cACpB,cACA,KAC+B;CAC/B,MAAM,SAAS,MAAM,aAAa,IAAI;AACtC,KAAI,kBAAkB,SACpB,QAAO;;;;;;;;;;;;;;;;AAmBX,eAAsB,mBACpB,OACA,KAC+B;AAC/B,MAAK,MAAM,MAAM,OAAO;EACtB,MAAM,SAAS,MAAM,GAAG,IAAI;AAC5B,MAAI,kBAAkB,SACpB,QAAO;;;;;;;;;;;;;;;;;;;;;ACtBb,SAAgB,uBAA0B,IAAgB;AACxD,QAAO,UAAU,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG;;;;;;AAiB3C,eAAsB,WACpB,MACA,MACA,IACY;CACZ,MAAM,QAAQ,UAAU,UAAU;AAClC,KAAI,CAAC,MAAO,QAAO,IAAI;CAEvB,MAAM,QAAQ,YAAY,KAAK;AAC/B,KAAI;AACF,SAAO,MAAM,IAAI;WACT;EACR,MAAM,MAAM,KAAK,MAAM,YAAY,KAAK,GAAG,MAAM;AACjD,QAAM,QAAQ,KAAK;GAAE;GAAM;GAAK;GAAM,CAAC;;;;;;;;;;AAW3C,SAAgB,wBAAuC;CACrD,MAAM,QAAQ,UAAU,UAAU;AAClC,KAAI,CAAC,SAAS,MAAM,QAAQ,WAAW,EAAG,QAAO;CAGjD,MAAM,6BAAa,IAAI,KAAqB;CAQ5C,MAAM,QAPU,MAAM,QAAQ,KAAK,UAAU;EAC3C,MAAM,QAAQ,WAAW,IAAI,MAAM,KAAK,IAAI;AAC5C,aAAW,IAAI,MAAM,MAAM,QAAQ,EAAE;EACrC,MAAM,aAAa,QAAQ,IAAI,GAAG,MAAM,KAAK,GAAG,UAAU,MAAM;AAChE,SAAO;GAAE,GAAG;GAAO,MAAM;GAAY;GACrC,CAEoB,KAAK,UAAU;EACnC,IAAI,OAAO,GAAG,MAAM,KAAK,OAAO,MAAM;AACtC,MAAI,MAAM,MAAM;GAEd,MAAM,WAAW,MAAM,KAAK,QAAQ,OAAO,OAAO,CAAC,QAAQ,MAAM,OAAM;AACvE,WAAQ,UAAU,SAAS;;AAE7B,SAAO;GACP;CAIF,MAAM,kBAAkB;CACxB,IAAI,SAAS;AACb,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;EACrC,MAAM,YAAY,SAAS,GAAG,OAAO,IAAI,MAAM,OAAO,MAAM;AAC5D,MAAI,UAAU,SAAS,gBAAiB;AACxC,WAAS;;AAGX,QAAO,UAAU;;;;;;;;;;;;;;;;;;;ACzFnB,IAAM,uBAAwE;CAC5E;EACE,SAAS;EACT,aAAa;EACd;CACD;EACE,SAAS;EACT,aAAa;EACd;CACD;EACE,SAAS;EACT,aAAa;EACd;CACD;EACE,SAAS;EACT,aAAa;EACd;CACF;;;;AAKD,IAAM,wBAAyE,CAC7E;CACE,SAAS;CACT,aAAa;CACd,EACD;CACE,SAAS;CACT,aAAa;CACd,CACF;;;;;AAMD,SAAgB,eAAe,OAAwB;AACrD,KAAI,EAAE,iBAAiB,OACrB,QAAO,OAAO,MAAM;CAGtB,IAAI,UAAU,MAAM;CACpB,IAAI,QAAQ,MAAM,SAAS;AAG3B,MAAK,MAAM,EAAE,SAAS,iBAAiB,sBACrC,WAAU,QAAQ,QAAQ,SAAS,YAAY;AAIjD,MAAK,MAAM,EAAE,SAAS,iBAAiB,qBACrC,SAAQ,MAAM,QAAQ,SAAS,YAAY;AAI7C,MAAK,MAAM,EAAE,SAAS,iBAAiB,sBACrC,SAAQ,MAAM,QAAQ,SAAS,YAAY;CAI7C,MAAM,OAAO,iBAAiB,MAAM,QAAQ;CAG5C,MAAM,QAAkB,EAAE;AAC1B,OAAM,KAAK,QAAQ;AACnB,KAAI,KACF,OAAM,KAAK,OAAO,OAAO;CAK3B,MAAM,aAAa,kBAAkB,MAAM;AAC3C,KAAI,WAAW,SAAS,GAAG;AACzB,QAAM,KAAK,GAAG;AACd,QAAM,KAAK,wBAAwB;AACnC,OAAK,MAAM,SAAS,WAClB,OAAM,KAAK,OAAO,QAAQ;;AAI9B,QAAO,MAAM,KAAK,KAAK;;;;;;;;;AAYzB,SAAS,iBAAiB,SAAgC;AAIxD,KADsB,QAAQ,MAAM,2DAA2D,EAC5E;EAGjB,MAAM,YAAY,QAAQ,MAAM,4BAA4B;AAC5D,MAAI,UACF,QAAO,SAAS,UAAU,GAAG;AAE/B,SAAO;;AAIT,KAAI,QAAQ,SAAS,yCAAyC,CAC5D,QAAO;CAIT,MAAM,eAAe,QAAQ,MAC3B,uEACD;AACD,KAAI,aACF,QAAO,aAAa,aAAa,GAAG,MAAM,aAAa,GAAG;CAI5D,MAAM,aAAa,QAAQ,MAAM,0BAA0B;AAC3D,KAAI,WACF,QAAO,IAAI,WAAW,GAAG;AAI3B,KAAI,QAAQ,SAAS,0BAA0B,CAC7C,QAAO;AAMT,KAAI,QAAQ,SAAS,oBAAoB,CACvC,QACE;AAOJ,QAAO;;;;;;;;AAWT,SAAS,kBAAkB,OAAyB;CAClD,MAAM,QAAQ,MAAM,MAAM,KAAK;CAC/B,MAAM,aAAuB,EAAE;AAE/B,MAAK,MAAM,QAAQ,OAAO;EACxB,MAAM,UAAU,KAAK,MAAM;AAE3B,MAAI,CAAC,QAAQ,WAAW,MAAM,CAAE;AAEhC,MACE,QAAQ,SAAS,eAAe,IAChC,QAAQ,SAAS,qBAAqB,IACtC,QAAQ,SAAS,eAAe,IAChC,QAAQ,SAAS,aAAa,IAC9B,QAAQ,SAAS,gBAAgB,CAEjC;AAEF,aAAW,KAAK,QAAQ;AACxB,MAAI,WAAW,UAAU,EAAG;;AAG9B,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACpKT,SAAS,iBAAiB,MAAwC;AAChE,KAAI,CAAC,KAAM,QAAO;CAElB,MAAM,QAAkB,EAAE;CAC1B,IAAI;AAEJ,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,KAAK,EAAE;AAC/C,MAAI,QAAQ,YAAY;AAEtB,aAAU,OAAO,UAAU,WAAW,QAAQ,OAAO,MAAM;AAC3D;;AAEF,MAAI,QAAQ,SAAS;AAEnB,SAAM,KAAK,SAAS,eAAe,MAAM,GAAG;AAC5C;;AAEF,MAAI,UAAU,KAAA,KAAa,UAAU,KAAM;AAC3C,QAAM,KAAK,GAAG,IAAI,GAAG,QAAQ;;AAI/B,KAAI,QACF,OAAM,KAAK,YAAY,QAAQ,MAAM,GAAG,EAAE,GAAG;AAG/C,QAAO,MAAM,SAAS,IAAI,OAAO,MAAM,KAAK,KAAK,GAAG;;;AAItD,SAAS,SAAS,OAAuB;AACvC,QAAO,MAAM,OAAO,EAAE;;AAGxB,SAAgB,sBAAoC;AAClD,QAAO;EACL,MAAM,KAAa,MAAsC;GAIvD,MAAM,SAAS,iBAAiB,KAAK;AACrC,WAAQ,OAAO,MAAM,YAAY,SAAS,QAAQ,CAAC,IAAI,MAAM,OAAO,IAAI;;EAG1E,KAAK,KAAa,MAAsC;GAEtD,MAAM,SAAS,iBAAiB,KAAK;AACrC,WAAQ,OAAO,MAAM,YAAY,SAAS,OAAO,CAAC,IAAI,MAAM,OAAO,IAAI;;EAGzE,KAAK,KAAa,MAAsC;AAGtD,OAAI,WAAW,CAAE;AACjB,OAAI,CAAC,SAAS,CAAE;GAChB,MAAM,SAAS,iBAAiB,KAAK;AACrC,WAAQ,OAAO,MAAM,YAAY,SAAS,OAAO,CAAC,IAAI,MAAM,OAAO,IAAI;;EAGzE,MAAM,KAAa,MAAsC;AAGvD,OAAI,WAAW,CAAE;AACjB,OAAI,CAAC,SAAS,CAAE;GAChB,MAAM,SAAS,iBAAiB,KAAK;AACrC,WAAQ,OAAO,MAAM,YAAY,SAAS,QAAQ,CAAC,IAAI,MAAM,OAAO,IAAI;;EAE3E;;;;;;;;;;;;;ACtEH,IAAI,UAAwB,qBAAqB;;;;;;AAOjD,SAAgB,UAAU,QAA4B;AACpD,WAAU;;;;;;AAOZ,SAAgB,YAA0B;AACxC,QAAO;;;;;;AAST,SAAS,iBAAiB,MAAyD;CACjF,MAAM,QAAQ,eAAe;CAC7B,MAAM,WAAoC,EAAE,GAAG,MAAM;AACrD,KAAI,OAAO;AACT,WAAS,WAAW,MAAM;AAC1B,MAAI,MAAM,OACR,UAAS,UAAU,MAAM;;AAG7B,QAAO;;;AAMT,SAAgB,oBAAoB,MAO3B;AACP,SAAQ,KAAK,qBAAqB,iBAAiB,KAAK,CAAC;;;AAI3D,SAAgB,mBAAmB,MAA8C;AAC/E,SAAQ,MAAM,oBAAoB,iBAAiB,KAAK,CAAC;;;AAI3D,SAAgB,eAAe,MAOtB;AACP,SAAQ,KAAK,mCAAmC,iBAAiB,KAAK,CAAC;;;AAIzE,SAAgB,0BAA0B,MAIjC;AACP,SAAQ,MAAM,8BAA8B,iBAAiB,KAAK,CAAC;;;AAIrE,SAAgB,mBAAmB,MAA8D;AAC/F,SAAQ,MAAM,uCAAuC,iBAAiB,KAAK,CAAC;;;AAI9E,SAAgB,eAAe,MAKtB;AACP,SAAQ,MAAM,gCAAgC,iBAAiB,KAAK,CAAC;;;AAIvE,SAAgB,cAAc,MAAgC;AAC5D,SAAQ,MAAM,iCAAiC,iBAAiB,KAAK,CAAC;;;AASxE,SAAgB,cAAc,MAA8D;AAC1F,SAAQ,MAAM,iCAAiC,iBAAiB,KAAK,CAAC;;;AASxE,SAAgB,0BAAgC;AAC9C,SAAQ,KAAK,uCAAuC;;;AAItD,SAAgB,qBAAqB,MAAgC;AACnE,SAAQ,KAAK,gCAAgC,iBAAiB,KAAK,CAAC;;;AAItE,SAAgB,oBAAoB,MAAkD;AACpF,SAAQ,KAAK,uCAAuC,iBAAiB,KAAK,CAAC;;;AAI7E,SAAgB,aAAa,MAAkC;AAC7D,SAAQ,MAAM,qBAAqB,iBAAiB,KAAK,CAAC;;;;;;;;;;;;;;ACrG5D,IAAI,eAAe;AACnB,IAAI,kBAAwD;;;;;;;;;;;AAY5D,eAAsB,oBACpB,QACe;AACf,KAAI,aAAc;AAClB,gBAAe;CAEf,IAAI;AACJ,KAAI;AACF,QAAM,MAAM,QAAQ;UACb,OAAO;AACd,UAAQ,MAAM,+CAA+C,MAAM;AACnE;;AAGF,KAAI,CAAC,IAAK;AAGV,KAAI,IAAI,UAAU,OAAO,IAAI,OAAO,SAAS,WAC3C,WAAU,IAAI,OAAO;AAIvB,KAAI,OAAO,IAAI,mBAAmB,WAChC,mBAAkB,IAAI;AAIxB,KAAI,OAAO,IAAI,aAAa,WAC1B,KAAI;AACF,QAAM,IAAI,UAAU;UACb,OAAO;AACd,UAAQ,MAAM,iDAAiD,MAAM;AACrE,QAAM;;;;;;;AASZ,eAAsB,mBACpB,OACA,SACA,SACe;AACf,KAAI,CAAC,gBAAiB;AACtB,KAAI;AACF,QAAM,gBAAgB,OAAO,SAAS,QAAQ;UACvC,WAAW;AAClB,UAAQ,MAAM,uCAAuC,UAAU;;;;;;AAOnE,SAAgB,oBAA6B;AAC3C,QAAO,oBAAoB;;;;;;;;;;AC7G7B,SAAgB,gBACd,IACA,UACM;CACN,MAAM,cAAmD;EACvD,CAAC,YAAY,GAAG,MAAM;EACtB,CAAC,kBAAkB,GAAG,YAAY;EAClC,CAAC,UAAU,GAAG,IAAI;EAClB,CAAC,gBAAgB,GAAG,SAAS;EAC7B,CAAC,aAAa,GAAG,OAAO;EACxB,CAAC,WAAW,GAAG,KAAK;EACpB,CAAC,6BAA6B,GAAG,cAAc;EAC/C,CAAC,4BAA4B,GAAG,aAAa;EAC9C;AAED,MAAK,MAAM,CAAC,UAAU,YAAY,YAChC,KAAI,QACF,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE;GAAU;GAAS;EAAE,CAAC;AAKhE,KAAI,GAAG,OACL,KAAI,OAAO,GAAG,WAAW,SACvB,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,UAAU;GAAY,SAAS,GAAG;GAAQ;EAAE,CAAC;MAC9E;EACL,MAAM,UAAU,MAAM,QAAQ,GAAG,OAAO,GAAG,GAAG,SAAS,CAAC,GAAG,OAAO;AAClE,OAAK,MAAM,OAAO,SAAS;AACzB,YAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,UAAU;KAAY,SAAS,IAAI;KAAK;IAAE,CAAC;AACjF,OAAI,IAAI,MACN,UAAS,KAAK;IACZ,KAAK;IACL,OAAO;KAAE,UAAU;KAAkB,SAAS,OAAO,IAAI,MAAM;KAAE;IAClE,CAAC;AAEJ,OAAI,IAAI,OACN,UAAS,KAAK;IACZ,KAAK;IACL,OAAO;KAAE,UAAU;KAAmB,SAAS,OAAO,IAAI,OAAO;KAAE;IACpE,CAAC;AAEJ,OAAI,IAAI,IACN,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,UAAU;KAAgB,SAAS,IAAI;KAAK;IAAE,CAAC;;;AAO7F,KAAI,GAAG,OACL,MAAK,MAAM,SAAS,GAAG,OACrB,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,UAAU;GAAY,SAAS,MAAM;GAAK;EAAE,CAAC;AAKvF,KAAI,GAAG,MACL,MAAK,MAAM,SAAS,GAAG,MACrB,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,UAAU;GAAY,SAAS,MAAM;GAAK;EAAE,CAAC;AAKvF,KAAI,GAAG,QACL,MAAK,MAAM,UAAU,GAAG,QACtB,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,UAAU;GAAqB,SAAS;GAAQ;EAC1D,CAAC;;;;;;;;AAWR,SAAgB,cAAc,IAAsC,UAA+B;CACjG,MAAM,cAAmD;EACvD,CAAC,gBAAgB,GAAG,KAAK;EACzB,CAAC,gBAAgB,GAAG,KAAK;EACzB,CAAC,mBAAmB,GAAG,OAAO;EAC9B,CAAC,iBAAiB,GAAG,MAAM;EAC3B,CAAC,uBAAuB,GAAG,YAAY;EACvC,CAAC,mBAAmB,GAAG,QAAQ;EAC/B,CAAC,sBAAsB,GAAG,UAAU;EACrC;AAED,MAAK,MAAM,CAAC,MAAM,YAAY,YAC5B,KAAI,QACF,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE;GAAM;GAAS;EAAE,CAAC;AAK5D,KAAI,GAAG,OACL,KAAI,OAAO,GAAG,WAAW,SACvB,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,MAAM;GAAiB,SAAS,GAAG;GAAQ;EAAE,CAAC;MAC/E;EACL,MAAM,UAAU,MAAM,QAAQ,GAAG,OAAO,GAAG,GAAG,SAAS,CAAC,GAAG,OAAO;AAClE,OAAK,MAAM,OAAO,SAAS;GACzB,MAAM,MAAM,OAAO,QAAQ,WAAW,MAAM,IAAI;AAChD,YAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM;KAAiB,SAAS;KAAK;IAAE,CAAC;;;AAMpF,KAAI,GAAG,QACL,MAAK,MAAM,UAAU,GAAG,SAAS;AAC/B,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,MAAM;IAAkB,SAAS,OAAO;IAAW;GAAE,CAAC;AAC5F,MAAI,OAAO,MACT,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,MAAM;IAAwB,SAAS,OAAO,OAAO,MAAM;IAAE;GACvE,CAAC;AAEJ,MAAI,OAAO,OACT,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,MAAM;IAAyB,SAAS,OAAO,OAAO,OAAO;IAAE;GACzE,CAAC;AAEJ,MAAI,OAAO,UACT,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,MAAM;IAAyB,SAAS,OAAO;IAAW;GACpE,CAAC;;AAMR,KAAI,GAAG,KAAK;EACV,MAAM,YAAkE;GACtE,CAAC,UAAU,SAAS;GACpB,CAAC,QAAQ,OAAO;GAChB,CAAC,cAAc,aAAa;GAC7B;AAID,MAAI,GAAG,IAAI;QACJ,MAAM,CAAC,KAAK,QAAQ,UACvB,KAAI,GAAG,IAAI,KAAK,KACd,UAAS,KAAK;IACZ,KAAK;IACL,OAAO;KAAE,MAAM,oBAAoB;KAAO,SAAS,GAAG,IAAI;KAAM;IACjE,CAAC;;AAKR,OAAK,MAAM,CAAC,KAAK,QAAQ,WAAW;GAClC,MAAM,KAAK,GAAG,IAAI,KAAK;AACvB,OAAI,GACF,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM,kBAAkB;KAAO,SAAS;KAAI;IAAE,CAAC;;AAIzF,OAAK,MAAM,CAAC,KAAK,QAAQ,WAAW;GAClC,MAAM,MAAM,GAAG,IAAI,MAAM;AACzB,OAAI,IACF,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM,mBAAmB;KAAO,SAAS;KAAK;IAAE,CAAC;;;;;;;;;ACxK/F,SAAgB,YAAY,OAAuC,UAA+B;AAEhG,KAAI,MAAM;MACJ,OAAO,MAAM,SAAS,SACxB,UAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,KAAK;IAAQ,MAAM,MAAM;IAAM;GAAE,CAAC;WAC/D,MAAM,QAAQ,MAAM,KAAK,CAClC,MAAK,MAAM,QAAQ,MAAM,MAAM;GAC7B,MAAM,QAAgC;IAAE,KAAK;IAAQ,MAAM,KAAK;IAAK;AACrE,OAAI,KAAK,MAAO,OAAM,QAAQ,KAAK;AACnC,OAAI,KAAK,KAAM,OAAM,OAAO,KAAK;AACjC,YAAS,KAAK;IAAE,KAAK;IAAQ;IAAO,CAAC;;;AAM3C,KAAI,MAAM,UAAU;EAClB,MAAM,OAAO,MAAM,QAAQ,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,MAAM,SAAS;AAC9E,OAAK,MAAM,OAAO,KAChB,UAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,KAAK;IAAiB,MAAM;IAAK;GAAE,CAAC;;AAK9E,KAAI,MAAM;MACJ,OAAO,MAAM,UAAU,SACzB,UAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,KAAK;IAAoB,MAAM,MAAM;IAAO;GAAE,CAAC;WAC5E,MAAM,QAAQ,MAAM,MAAM,CACnC,MAAK,MAAM,QAAQ,MAAM,OAAO;GAC9B,MAAM,QAAgC;IAAE,KAAK;IAAoB,MAAM,KAAK;IAAK;AACjF,OAAI,KAAK,MAAO,OAAM,QAAQ,KAAK;AACnC,YAAS,KAAK;IAAE,KAAK;IAAQ;IAAO,CAAC;;;AAM3C,KAAI,MAAM,MACR,MAAK,MAAM,QAAQ,MAAM,OAAO;EAC9B,MAAM,QAAgC;GAAE,KAAK,KAAK;GAAK,MAAM,KAAK;GAAK;AACvE,MAAI,KAAK,MAAO,OAAM,QAAQ,KAAK;AACnC,MAAI,KAAK,KAAM,OAAM,OAAO,KAAK;AACjC,WAAS,KAAK;GAAE,KAAK;GAAQ;GAAO,CAAC;;;;;;AAQ3C,SAAgB,iBACd,YACA,UACM;AACN,KAAI,WAAW,UACb,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,KAAK;GAAa,MAAM,WAAW;GAAW;EAAE,CAAC;AAGzF,KAAI,WAAW,UACb,MAAK,MAAM,CAAC,MAAM,SAAS,OAAO,QAAQ,WAAW,UAAU,CAC7D,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,KAAK;GAAa,UAAU;GAAM;GAAM;EAClD,CAAC;AAIN,KAAI,WAAW,MACb,MAAK,MAAM,CAAC,OAAO,SAAS,OAAO,QAAQ,WAAW,MAAM,CAC1D,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,KAAK;GAAa;GAAO;GAAM;EACzC,CAAC;AAIN,KAAI,WAAW,MACb,MAAK,MAAM,CAAC,MAAM,SAAS,OAAO,QAAQ,WAAW,MAAM,CACzD,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,KAAK;GAAa;GAAM;GAAM;EACxC,CAAC;;;;;AAQR,SAAgB,mBACd,cACA,UACM;CACN,MAAM,oBAAyD;EAC7D,CAAC,4BAA4B,aAAa,OAAO;EACjD,CAAC,SAAS,aAAa,MAAM;EAC7B,CAAC,uBAAuB,aAAa,OAAO;EAC7C;AAED,MAAK,MAAM,CAAC,MAAM,YAAY,kBAC5B,KAAI,QACF,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE;GAAM;GAAS;EAAE,CAAC;AAG5D,KAAI,aAAa,MACf,MAAK,MAAM,CAAC,MAAM,UAAU,OAAO,QAAQ,aAAa,MAAM,EAAE;EAC9D,MAAM,UAAU,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,KAAK,GAAG;AAC1D,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE;IAAM;IAAS;GAAE,CAAC;;;;;;AAQ9D,SAAgB,kBACd,aACA,UACM;AACN,KAAI,YAAY,QACd,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,MAAM;GAAgC,SAAS;GAAO;EAChE,CAAC;AAEJ,KAAI,YAAY,MACd,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,MAAM;GAA8B,SAAS,YAAY;GAAO;EAC1E,CAAC;AAEJ,KAAI,YAAY,eACd,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GACL,MAAM;GACN,SAAS,YAAY;GACtB;EACF,CAAC;AAEJ,KAAI,YAAY,cAAc;EAC5B,MAAM,SAAS,MAAM,QAAQ,YAAY,aAAa,GAClD,YAAY,eACZ,CAAC,EAAE,KAAK,YAAY,cAAc,CAAC;AACvC,OAAK,MAAM,OAAO,QAAQ;GAExB,MAAM,QAAgC;IAAE,KAAK;IAA6B,MAD9D,OAAO,QAAQ,WAAW,MAAM,IAAI;IACqC;AACrF,OAAI,OAAO,QAAQ,YAAY,IAAI,MACjC,OAAM,QAAQ,IAAI;AAEpB,YAAS,KAAK;IAAE,KAAK;IAAQ;IAAO,CAAC;;;;;;;AAQ3C,SAAgB,eACd,UACA,UACM;CACN,MAAM,kBAA+E;EACnF,CAAC,OAAO,SAAS,IAAI;EACrB,CAAC,WAAW,SAAS,QAAQ;EAC7B,CAAC,WAAW,SAAS,QAAQ;EAC7B,CAAC,iBAAiB,SAAS,aAAa;EACxC,CAAC,qBAAqB,SAAS,iBAAiB;EACjD;AAED,MAAK,MAAM,CAAC,UAAU,YAAY,iBAAiB;AACjD,MAAI,CAAC,QAAS;AACd,OAAK,MAAM,SAAS,QAClB,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,MAAM,CAC9C,KAAI,UAAU,KAAA,KAAa,UAAU,KACnC,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,UAAU,MAAM,SAAS,GAAG;IAAO,SAAS,OAAO,MAAM;IAAE;GACrE,CAAC;;AAMV,KAAI,SAAS,KAAK;AAChB,MAAI,SAAS,IAAI,IACf,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,UAAU;IAAc,SAAS,SAAS,IAAI;IAAK;GAC7D,CAAC;AAEJ,MAAI,SAAS,IAAI,mBAAmB,KAAA,EAClC,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IACL,UAAU;IACV,SAAS,SAAS,IAAI,iBAAiB,SAAS;IACjD;GACF,CAAC;;;;;;AAQR,SAAgB,aACd,QACA,UACM;CACN,MAAM,QAAQ,CAAC,UAAU,OAAO,QAAQ;AACxC,KAAI,OAAO,cAAe,OAAM,KAAK,kBAAkB,OAAO,gBAAgB;AAC9E,KAAI,OAAO,YAAa,OAAM,KAAK,gBAAgB,OAAO,cAAc;AACxE,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,MAAM;GAAoB,SAAS,MAAM,KAAK,KAAK;GAAE;EAC/D,CAAC;;;;;;;;;;;;;ACvMJ,SAAgB,yBAAyB,UAAmC;CAC1E,MAAM,WAA0B,EAAE;AAGlC,KAAI,OAAO,SAAS,UAAU,SAC5B,UAAS,KAAK;EAAE,KAAK;EAAS,SAAS,SAAS;EAAO,CAAC;CAI1D,MAAM,kBAAuD;EAC3D,CAAC,eAAe,SAAS,YAAY;EACrC,CAAC,aAAa,SAAS,UAAU;EACjC,CAAC,oBAAoB,SAAS,gBAAgB;EAC9C,CAAC,YAAY,SAAS,SAAS;EAC/B,CAAC,YAAY,SAAS,SAAS;EAC/B,CAAC,WAAW,SAAS,QAAQ;EAC7B,CAAC,aAAa,SAAS,UAAU;EAClC;AAED,MAAK,MAAM,CAAC,MAAM,YAAY,gBAC5B,KAAI,QACF,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE;GAAM;GAAS;EAAE,CAAC;AAK5D,KAAI,SAAS,UAAU;EACrB,MAAM,UAAU,MAAM,QAAQ,SAAS,SAAS,GAC5C,SAAS,SAAS,KAAK,KAAK,GAC5B,SAAS;AACb,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,MAAM;IAAY;IAAS;GAAE,CAAC;;AAItE,KAAI,SAAS,QAAQ;EACnB,MAAM,UACJ,OAAO,SAAS,WAAW,WAAW,SAAS,SAAS,mBAAmB,SAAS,OAAO;AAC7F,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,MAAM;IAAU;IAAS;GAAE,CAAC;AAGlE,MAAI,OAAO,SAAS,WAAW,YAAY,SAAS,OAAO,WAAW;GACpE,MAAM,YACJ,OAAO,SAAS,OAAO,cAAc,WACjC,SAAS,OAAO,YAChB,mBAAmB,SAAS,OAAO,UAAU;AACnD,YAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM;KAAa,SAAS;KAAW;IAAE,CAAC;;;AAKpF,KAAI,SAAS,UACX,iBAAgB,SAAS,WAAW,SAAS;AAI/C,KAAI,SAAS,QACX,eAAc,SAAS,SAAS,SAAS;AAI3C,KAAI,SAAS,MACX,aAAY,SAAS,OAAO,SAAS;AAIvC,KAAI,SAAS,SACX,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,KAAK;GAAY,MAAM,SAAS;GAAU;EAAE,CAAC;AAIrF,KAAI,SAAS,WACX,kBAAiB,SAAS,YAAY,SAAS;AAIjD,KAAI,SAAS,aACX,oBAAmB,SAAS,cAAc,SAAS;AAIrD,KAAI,SAAS,iBAAiB;EAC5B,MAAM,QAAkB,EAAE;AAC1B,MAAI,SAAS,gBAAgB,cAAc,MAAO,OAAM,KAAK,eAAe;AAC5E,MAAI,SAAS,gBAAgB,UAAU,MAAO,OAAM,KAAK,WAAW;AACpE,MAAI,SAAS,gBAAgB,YAAY,MAAO,OAAM,KAAK,aAAa;AACxE,MAAI,MAAM,SAAS,EACjB,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,MAAM;IAAoB,SAAS,MAAM,KAAK,KAAK;IAAE;GAC/D,CAAC;;AAKN,KAAI,SAAS,SAAS;EACpB,MAAM,aAAa,MAAM,QAAQ,SAAS,QAAQ,GAAG,SAAS,UAAU,CAAC,SAAS,QAAQ;AAC1F,OAAK,MAAM,UAAU,YAAY;AAC/B,OAAI,OAAO,KACT,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM;KAAU,SAAS,OAAO;KAAM;IAAE,CAAC;AAEjF,OAAI,OAAO,IACT,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,KAAK;KAAU,MAAM,OAAO;KAAK;IAAE,CAAC;;;AAMhF,KAAI,SAAS,YACX,mBAAkB,SAAS,aAAa,SAAS;AAInD,KAAI,SAAS,SACX,gBAAe,SAAS,UAAU,SAAS;AAI7C,KAAI,SAAS,OACX,cAAa,SAAS,QAAQ,SAAS;AAIzC,KAAI,SAAS,MACX,MAAK,MAAM,CAAC,MAAM,UAAU,OAAO,QAAQ,SAAS,MAAM,EAAE;EAC1D,MAAM,UAAU,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,KAAK,GAAG;AAC1D,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE;IAAM;IAAS;GAAE,CAAC;;AAI5D,QAAO;;AAKT,SAAS,mBAAmB,QAAyC;CACnE,MAAM,QAAkB,EAAE;AAC1B,KAAI,OAAO,UAAU,KAAM,OAAM,KAAK,QAAQ;AAC9C,KAAI,OAAO,UAAU,MAAO,OAAM,KAAK,UAAU;AACjD,KAAI,OAAO,WAAW,KAAM,OAAM,KAAK,SAAS;AAChD,KAAI,OAAO,WAAW,MAAO,OAAM,KAAK,WAAW;AACnD,QAAO,MAAM,KAAK,KAAK;;;;;;;;;;;;ACnHzB,SAAgB,aACd,OACA,UACoB;AACpB,KAAI,UAAU,KAAA,KAAa,UAAU,KACnC;AAGF,KAAI,OAAO,UAAU,SACnB,QAAO,WAAW,SAAS,QAAQ,MAAM,MAAM,GAAG;AAIpD,KAAI,MAAM,aAAa,KAAA,EACrB,QAAO,MAAM;AAGf,KAAI,MAAM,YAAY,KAAA,EACpB,QAAO,MAAM;;;;;;;;;;;;;;;AAqBjB,SAAgB,gBACd,SACA,UAAkC,EAAE,EAC1B;CACV,MAAM,EAAE,aAAa,UAAU;CAE/B,MAAM,SAAmB,EAAE;CAC3B,IAAI;CACJ,IAAI;CACJ,IAAI;AAEJ,MAAK,MAAM,EAAE,UAAU,YAAY,SAAS;AAE1C,MAAI,cAAc,OAChB;AAIF,MAAI,SAAS,UAAU,KAAA,KAAa,OAAO,SAAS,UAAU,UAAU;AACtE,OAAI,SAAS,MAAM,aAAa,KAAA,EAC9B,iBAAgB,SAAS,MAAM;AAEjC,OAAI,SAAS,MAAM,YAAY,KAAA,EAC7B,eAAc,SAAS,MAAM;;AAKjC,OAAK,MAAM,OAAO,OAAO,KAAK,SAAS,EAA2B;AAChE,OAAI,QAAQ,QAAS;AAEpB,UAAe,OAAO,SAAS;;AAIlC,MAAI,SAAS,UAAU,KAAA,EACrB,YAAW,SAAS;;AAKxB,KAAI,YAAY;AACd,aAAW,gBAAgB,KAAA,IAAY,EAAE,SAAS,aAAa,GAAG;AAElE,kBAAgB,KAAA;;CAIlB,MAAM,gBAAgB,aAAa,UAAU,cAAc;AAC3D,KAAI,kBAAkB,KAAA,EACpB,QAAO,QAAQ;AAIjB,KAAI,WACF,QAAO,SAAS;AAGlB,QAAO;;;;;AAQT,SAAS,cAAc,KAAsB;AAC3C,QAAO,IAAI,WAAW,UAAU,IAAI,IAAI,WAAW,WAAW,IAAI,IAAI,WAAW,KAAK;;;;;AAMxF,SAAS,WAAW,KAAa,MAAmB;AAClD,KAAI,cAAc,IAAI,CAAE,QAAO;AAC/B,QAAO,IAAI,IAAI,KAAK,KAAK,CAAC,UAAU;;;;;;;;AAStC,SAAgB,oBAAoB,UAA8B;CAChE,MAAM,OAAO,SAAS;AACtB,KAAI,CAAC,KAAM,QAAO;CAElB,MAAM,SAAS,EAAE,GAAG,UAAU;AAG9B,KAAI,OAAO,WAAW;AACpB,SAAO,YAAY,EAAE,GAAG,OAAO,WAAW;AAC1C,MAAI,OAAO,OAAO,UAAU,WAAW,SACrC,QAAO,UAAU,SAAS,WAAW,OAAO,UAAU,QAAQ,KAAK;WAC1D,MAAM,QAAQ,OAAO,UAAU,OAAO,CAC/C,QAAO,UAAU,SAAS,OAAO,UAAU,OAAO,KAAK,SAAS;GAC9D,GAAG;GACH,KAAK,WAAW,IAAI,KAAK,KAAK;GAC/B,EAAE;WACM,OAAO,UAAU,OAE1B,QAAO,UAAU,SAAS;GACxB,GAAG,OAAO,UAAU;GACpB,KAAK,WAAW,OAAO,UAAU,OAAO,KAAK,KAAK;GACnD;AAEH,MAAI,OAAO,UAAU,OAAO,CAAC,cAAc,OAAO,UAAU,IAAI,CAC9D,QAAO,UAAU,MAAM,WAAW,OAAO,UAAU,KAAK,KAAK;;AAKjE,KAAI,OAAO,SAAS;AAClB,SAAO,UAAU,EAAE,GAAG,OAAO,SAAS;AACtC,MAAI,OAAO,OAAO,QAAQ,WAAW,SACnC,QAAO,QAAQ,SAAS,WAAW,OAAO,QAAQ,QAAQ,KAAK;WACtD,MAAM,QAAQ,OAAO,QAAQ,OAAO,EAAE;GAE/C,MAAM,WAAW,OAAO,QAAQ,OAAO,KAAK,QAC1C,OAAO,QAAQ,WAAW,WAAW,KAAK,KAAK,GAAG;IAAE,GAAG;IAAK,KAAK,WAAW,IAAI,KAAK,KAAK;IAAE,CAC7F;GAED,MAAM,aAAa,SAAS,OAAO,MAAM,OAAO,MAAM,SAAS;AAC/D,UAAO,QAAQ,SAAS,aACnB,WACA;aACI,OAAO,QAAQ,OAExB,QAAO,QAAQ,SAAS;GACtB,GAAG,OAAO,QAAQ;GAClB,KAAK,WAAW,OAAO,QAAQ,OAAO,KAAK,KAAK;GACjD;;AAKL,KAAI,OAAO,YAAY;AACrB,SAAO,aAAa,EAAE,GAAG,OAAO,YAAY;AAC5C,MAAI,OAAO,WAAW,aAAa,CAAC,cAAc,OAAO,WAAW,UAAU,CAC5E,QAAO,WAAW,YAAY,WAAW,OAAO,WAAW,WAAW,KAAK;AAE7E,MAAI,OAAO,WAAW,WAAW;GAC/B,MAAM,QAAgC,EAAE;AACxC,QAAK,MAAM,CAAC,MAAM,QAAQ,OAAO,QAAQ,OAAO,WAAW,UAAU,CACnE,OAAM,QAAQ,cAAc,IAAI,GAAG,MAAM,WAAW,KAAK,KAAK;AAEhE,UAAO,WAAW,YAAY;;;AAKlC,KAAI,OAAO,OAAO;AAChB,SAAO,QAAQ,EAAE,GAAG,OAAO,OAAO;AAClC,MAAI,OAAO,OAAO,MAAM,SAAS,SAC/B,QAAO,MAAM,OAAO,WAAW,OAAO,MAAM,MAAM,KAAK;WAC9C,MAAM,QAAQ,OAAO,MAAM,KAAK,CACzC,QAAO,MAAM,OAAO,OAAO,MAAM,KAAK,KAAK,OAAO;GAAE,GAAG;GAAG,KAAK,WAAW,EAAE,KAAK,KAAK;GAAE,EAAE;AAE5F,MAAI,OAAO,OAAO,MAAM,UAAU,SAChC,QAAO,MAAM,QAAQ,WAAW,OAAO,MAAM,OAAO,KAAK;WAChD,MAAM,QAAQ,OAAO,MAAM,MAAM,CAC1C,QAAO,MAAM,QAAQ,OAAO,MAAM,MAAM,KAAK,OAAO;GAAE,GAAG;GAAG,KAAK,WAAW,EAAE,KAAK,KAAK;GAAE,EAAE;;AAIhG,QAAO;;;;;;;;;;AC7OT,IAAa,kBAAb,cAAqC,MAAM;;CAEzC;CAEA,YAAY,UAAkB,OAAgB;EAC5C,MAAM,kBAAkB,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;AAC9E,QAAM,kCAAkC,SAAS,MAAM,mBAAmB,EAAE,OAAO,CAAC;AACpF,OAAK,OAAO;AACZ,OAAK,WAAW;;;;;;;;;;;;;;;;;;;;AAqBpB,eAAsB,WAAwC,QAAoC;AAChG,KAAI;AACF,SAAQ,MAAM,OAAO,MAAM;UACpB,OAAO;AACd,QAAM,IAAI,gBAAgB,OAAO,UAAU,MAAM;;;;;;;;;;;;;;;;;;;;;;;ACoDrD,SAAgB,uBACd,OACA,QACA,MAC2B;CAC3B,MAAM,IAAI;AAEV,MAAK,MAAM,SAAS,OAAO;AACzB,MAAI,MAAM,WAAW,OACnB,QAAO,EAAE,MAAM,WAAW;GAAE;GAAQ,qBAAqB;GAAM,CAAC;AAElE,MAAI,MAAM,WAAW,OAAO,UAAU,OAAO,UAAU,IACrD,QAAO,EAAE,MAAM,WAAW;GAAE;GAAQ,qBAAqB;GAAM,CAAC;AAElE,MAAI,MAAM,WAAW,OAAO,UAAU,OAAO,UAAU,IACrD,QAAO,EAAE,MAAM,WAAW;GAAE;GAAQ,qBAAqB;GAAM,CAAC;AAElE,MAAI,MAAM,WAAW,KACnB,QAAO,EAAE,MAAM,WAAW;GAAE;GAAQ,qBAAqB;GAAM,CAAC;;AAGpE,QAAO;;;;;;;AAUT,SAAgB,cAAc,QAAsB;CAClD,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,MACF,OAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACzGvB,SAAgB,WAAW,OAA8D;CACvF,MAAM,EAAE,UAAU,aAAa,SAAS,WAAW,aAAa;AAGhE,KAAI,YAAY,KAAA,GAAW;AACzB,MAAI,YAAY,OACd,QAAO;AAET,QAAM;;AAMR,QAAO,mBAAmB,UAAU,aAAa,WAAW,SAAS;;;;;;AAOvE,eAAe,mBACb,UACA,aACA,WACA,UACuB;AACvB,KAAI;AACF,QAAM,SAAS,iBAAiB,EAAE,kBAAkB,eAAe,WAAW,EAAE,YAAY;AAC1F,OAAI;AACF,UAAM,UAAU;AAChB,UAAM,iBAAiB,iBAAiB,OAAO;YACxC,OAAgB;AACvB,QAAI,iBAAiB,YAAY;AAC/B,WAAM,iBAAiB,iBAAiB,OAAO;AAC/C,WAAM,iBAAiB,sBAAsB,MAAM,OAAO;AAC1D,SAAI,MAAM,WACR,OAAM,iBAAiB,oBAAoB,MAAM,WAAW;eAErD,iBAAiB,eAC1B,OAAM,iBAAiB,iBAAiB,WAAW;AAErD,UAAM;;IAER;UACK,OAAgB;AAIvB,MAAI,iBAAiB,cAAc,WAAW;GAC5C,MAAM,cAAc,uBAAuB,WAAW,MAAM,QAAQ,MAAM,KAAK;AAC/E,OAAI,aAAa;AACf,kBAAc,MAAM,OAAO;AAC3B,WAAO;;;AAGX,QAAM;;AAGR,QAAO;;;;;;;;;;;;;;;;AAmBT,eAAsB,eAAe,OAAmD;CACtF,MAAM,EAAE,UAAU,iBAAiB,UAAU,eAAe,iBAAiB,aAAa;AAE1F,KAAI;AACF,QAAM,UAAU;UACT,OAAgB;AAGvB,MAAI,iBAAiB,WACnB,QACE,oBAAoB,iBAAiB,UAAU,MAAM,MAAM,cAAc,IACzE,mBACA;AAQJ,MAAI,iBAAiB,gBAAgB;AACnC,OAAI,SAAS,CACX,SAAQ,MACN,gNAGD;AAGH,UACE,oBAAoB,iBAAiB,UAAU,KAAA,GAAW,cAAc,IACxE,mBACA;;AAMJ,MAAI,SAAS,CACX,SAAQ,KACN,oGAEA,MACD;AAEH,QAAM;;AAIR,QAAO;;;;;;AAOT,SAAS,oBACP,iBACA,UACA,MACA,eACqB;AACrB,KAAI,CAAC,gBAAiB,QAAO;AAC7B,QAAO,cAAc,iBAAiB;EACpC,MAAM;EACN,qBAAqB;EACtB,CAAC;;;;;;;;AC5GJ,IAAa,qBAAb,cAAwC,MAAM;CAC5C,YAAY,SAAiB;AAC3B,QAAM,QAAQ;AACd,OAAK,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACnDhB,IAAa,uBAAuB;;AAGpC,IAAa,gBAAgB;;;;;AAQ7B,IAAI,sBAAqC;;;;;;;;;;;;AAuCzC,SAAgB,iBAAiB,KAA+B;AAE9D,KAAI,CAAC,oBACH,QAAO;EAAE,IAAI;EAAM,UAAU;EAAM;CAGrC,MAAM,WAAW,IAAI,QAAQ,IAAI,qBAAqB;AAGtD,KAAI,CAAC,SACH,QAAO;EAAE,IAAI;EAAM,UAAU;EAAM;AAIrC,KAAI,aAAa,oBACf,QAAO;EAAE,IAAI;EAAM;EAAU;AAG/B,QAAO;EAAE,IAAI;EAAO;EAAU;;;;;;AAOhC,SAAgB,mBAAmB,SAAwB;AACzD,SAAQ,IAAI,eAAe,IAAI;;;;;;;;;;;;;;;;ACvFjC,IAAM,qBAAqB,IAAI,IAAI;CACjC;CACA;CACA;CACA;CACA;CACD,CAAC;;;;;;;;;;AAWF,eAAsB,wBACpB,WACmB;CACnB,MAAM,EAAE,aAAa,SAAS;CAC9B,MAAM,SAAS,mBAAmB,IAAI,YAAY;CAElD,MAAM,OAAO,MAAM,SAAS,KAAK,SAAS;CAE1C,MAAM,UAAkC;EACtC,gBAAgB,SAAS,GAAG,YAAY,mBAAmB;EAC3D,kBAAkB,OAAO,KAAK,WAAW;EAC1C;AAED,QAAO,IAAI,SAAS,MAAM;EAAE,QAAQ;EAAK;EAAS,CAAC;;;;;;AAOrD,SAAgB,iBACd,SAMQ;AAmBR,QAAO,yGAlBM,QACV,KAAK,MAAM;EACV,IAAI,MAAM,qBAAqB,UAAU,EAAE,IAAI,CAAC;AAChD,MAAI,EAAE,cAAc;GAClB,MAAM,OAAO,EAAE,wBAAwB,OAAO,EAAE,aAAa,aAAa,GAAG,EAAE;AAC/E,UAAO,kBAAkB,UAAU,KAAK,CAAC;;AAE3C,MAAI,EAAE,gBACJ,QAAO,qBAAqB,UAAU,EAAE,gBAAgB,CAAC;AAE3D,MAAI,EAAE,aAAa,KAAA,EACjB,QAAO,mBAAmB,EAAE,SAAS;AAEvC,SAAO;AACP,SAAO;GACP,CACD,KAAK,KAAK,CAEwG;;;AAiBvH,SAAgB,UAAU,KAAqB;AAC7C,QAAO,IACJ,QAAQ,MAAM,QAAQ,CACtB,QAAQ,MAAM,OAAO,CACrB,QAAQ,MAAM,OAAO,CACrB,QAAQ,MAAM,SAAS,CACvB,QAAQ,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;AC1E5B,SAAgB,sBACd,gBACA,WACA,UACgC;AAChC,MAAK,MAAM,WAAW,UAAU;AAE9B,MAAI,CAAC,UAAU,WAAW,QAAQ,mBAAmB,CAAE;AAIvD,MAAI,uBAAuB,gBAAgB,QAAQ,mBAAmB,CACpE,QAAO,EAAE,gBAAgB,QAAQ,oBAAoB;;AAGzD,QAAO;;;;;;;;AAST,SAAgB,uBAAuB,UAAkB,SAA0B;CACjF,MAAM,YAAY,aAAa,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,CAAC,MAAM,IAAI;CACtE,MAAM,eAAe,YAAY,MAAM,EAAE,GAAG,QAAQ,MAAM,EAAE,CAAC,MAAM,IAAI;CAEvE,IAAI,KAAK;AACT,MAAK,IAAI,IAAI,GAAG,IAAI,aAAa,QAAQ,KAAK;EAC5C,MAAM,MAAM,mBAAmB,aAAa,GAAG;AAE/C,UAAQ,IAAI,MAAZ;GACE,KAAK,YACH,QAAO,KAAK,UAAU;GACxB,KAAK,qBACH,QAAO;GACT,KAAK;AACH,QAAI,MAAM,UAAU,OAAQ,QAAO;AACnC;AACA;GACF,KAAK;AACH,QAAI,MAAM,UAAU,UAAU,UAAU,QAAQ,IAAI,MAAO,QAAO;AAClE;AACA;;;AAIN,QAAO,OAAO,UAAU;;;;;;;;;;;;;;;;;ACnB1B,IAAM,iBAAiB,IAAI,IAAI;CAAC;CAAa;CAAe;CAAY,CAAC;;;;;;;;;;AAWzE,SAAgB,UAAU,QAAiC,QAAuC;AAChG,MAAK,MAAM,OAAO,OAAO,KAAK,OAAO,CACnC,KAAI,CAAC,eAAe,IAAI,IAAI,CAC1B,QAAO,OAAO,OAAO;;;;;;;;;;;;AAyJ3B,eAAsB,oBAAoB,OAAkC;CAC1E,MAAM,WAAW,MAAM;AAEvB,MAAK,MAAM,WAAW,UAAU;AAE9B,MAAI,CAAC,QAAQ,OAAQ;EAErB,IAAI;AACJ,MAAI;AACF,SAAM,MAAM,WAAW,QAAQ,OAAO;WAC/B,KAAK;AACZ,SAAM,IAAI,mBACR,6CAA6C,QAAQ,YAAY,KAAK,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,GACvH;;EAGH,MAAM,mBAAmB,IAAI;AAI7B,MAAI,CAAC,oBAAoB,OAAO,iBAAiB,UAAU,WAAY;AAEvE,MAAI;GACF,MAAM,UAAU,iBAAiB,MAAM,MAAM,cAAc;AAG3D,aAAU,MAAM,eAAe,QAAmC;WAC3D,KAAK;AACZ,SAAM,IAAI,mBAAmB,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,CAAC;;;;;;;;;;AAapF,SAAgB,eAAe,QAA6D;CAC1F,MAAM,EACJ,OACA,YACA,QACA,YACA,qBAAqB,MACrB,gBAAgB,KAChB,eAAe,SACf,oBACE;CAIJ,IAAI,iBAAiB;AAErB,QAAO,OAAO,QAAoC;EAChD,MAAM,MAAM,IAAI,IAAI,IAAI,IAAI;EAC5B,MAAM,SAAS,IAAI;EACnB,MAAM,OAAO,IAAI;EACjB,MAAM,YAAY,YAAY,KAAK;AACnC;AAOA,SAAO,eAFc,iBAAiB,EAEF,YAAY;AAG9C,UAAO,sBAAsB,KAAK,YAAY;IAG5C,MAAM,aAAa,YAAY;AAC7B,wBAAmB;MAAE;MAAQ;MAAM,CAAC;KAEpC,MAAM,WAAW,MAAM,SACrB,uBACA;MAAE,uBAAuB;MAAQ,YAAY;MAAM,EACnD,YAAY;MAGV,MAAM,UAAU,MAAM,gBAAgB;AACtC,UAAI,QACF,gBAAe,QAAQ,SAAS,QAAQ,OAAO;MAGjD,IAAI;AACJ,UAAI,SAAS,OAAO,YAClB,UAAS,MAAM,cAAc,KAAK,QAAQ,KAAK;UAE/C,UAAS,MAAM,cAAc,KAAK,QAAQ,KAAK;AAKjD,YAAM,iBAAiB,6BAA6B,OAAO,OAAO;AAKlE,UAAI,iBAAiB,YAAY;OAE/B,MAAM,eAAe,uBAAuB;AAC5C,WAAI,cAAc;AAChB,iBAAS,sBAAsB,OAAO;AACtC,eAAO,QAAQ,IAAI,iBAAiB,aAAa;;iBAE1C,iBAAiB,SAAS;OAInC,MAAM,UAAU,KAAK,MAAM,YAAY,KAAK,GAAG,UAAU;AACzD,gBAAS,sBAAsB,OAAO;AACtC,cAAO,QAAQ,IAAI,iBAAiB,aAAa,UAAU;;AAI7D,aAAO;OAEV;KAGD,MAAM,aAAa,KAAK,MAAM,YAAY,KAAK,GAAG,UAAU;KAC5D,MAAM,SAAS,SAAS;KACxB,MAAM,cAAc;AACpB;AACA,yBAAoB;MAAE;MAAQ;MAAM;MAAQ;MAAY;MAAa,CAAC;AAEtE,SAAI,gBAAgB,KAAK,aAAa,cACpC,gBAAe;MAAE;MAAQ;MAAM;MAAY,WAAW;MAAe;MAAa,CAAC;AAGrF,YAAO;;AAGT,WAAO,iBAAiB,aAAa,uBAAuB,WAAW,GAAG,YAAY;KACtF;IACF;;CAGJ,eAAe,cAAc,KAAc,QAAgB,MAAiC;AAC1F,MAAI;GAGF,IAAI;AACJ,OAAI,OAAO,YAET,gBADY,MAAM,OAAO,aAAa,EACpB;OAElB,eAAc,OAAO;GAEvB,MAAM,gBAAgB,SAAS,aAAa,WAAW,cAAc,KAAK,QAAQ,KAAK,CAAC;AACxF,UAAO,MAAM,SAAS,gBAAgB,EAAE,QACtC,iBAAiB,aAAa,WAAW,SAAS,YAAY,QAAQ,GAAG,SAAS,CACnF;WACM,OAAO;AAEd,iBAAc,EAAE,OAAO,CAAC;AACxB,SAAM,mBAAmB,OAAO,KAAK,QAAQ;AAC7C,OAAI,mBAAmB,iBAAiB,MAAO,iBAAgB,OAAO,QAAQ;AAC9E,UAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;;;;;;;;;;CAY9C,SAAS,sBAAsB,QAAwB,KAAc,SAA4B;AAE/F,OADe,IAAI,QAAQ,IAAI,SAAS,IAAI,IAAI,SAAS,mBAAmB,EACjE;AACT,WAAQ,IAAI,qBAAqB,OAAO,SAAS;AACjD,UAAO,IAAI,SAAS,MAAM;IAAE,QAAQ;IAAK;IAAS,CAAC;;AAErD,UAAQ,IAAI,YAAY,OAAO,SAAS;AACxC,SAAO,IAAI,SAAS,MAAM;GAAE,QAAQ,OAAO;GAAQ;GAAS,CAAC;;CAG/D,eAAe,cAAc,KAAc,QAAgB,MAAiC;EAG1F,MAAM,SAAS,aADH,IAAI,IAAI,IAAI,IAAI,CACI,UAAU,mBAAmB;AAC7D,MAAI,CAAC,OAAO,GACV,QAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,OAAO,QAAQ,CAAC;EAEtD,MAAM,oBAAoB,OAAO;AAKjC,MAAI,OAAO,oBAAoB;GAC7B,MAAM,YAAY,OAAO,mBAAmB,kBAAkB;AAC9D,OAAI,UACF,KAAI;AAIF,QAAI,UAAU,SACZ,QAAO,MAAM,wBAAwB,UAAU;IAGjD,MAAM,MAAM,MAAM,WAAmC,UAAU,KAAK;AACpE,QAAI,OAAO,IAAI,YAAY,WACzB,QAAO,IAAI,SAAS,iDAAiD,EAAE,QAAQ,KAAK,CAAC;IAEvF,MAAM,gBAAgB,MAAM,IAAI,SAAS;AAEzC,QAAI,yBAAyB,SAC3B,QAAO;IAGT,MAAM,cAAc,UAAU;IAC9B,IAAI;AACJ,QAAI,OAAO,kBAAkB,SAC3B,QAAO;aACE,gBAAgB,kBACzB,QAAO,iBAAiB,cAAc;aAC7B,gBAAgB,4BACzB,QAAO,KAAK,UAAU,eAAe,MAAM,EAAE;QAE7C,QAAO,OAAO,kBAAkB,WAAW,gBAAgB,OAAO,cAAc;AAElF,WAAO,IAAI,SAAS,MAAM;KACxB,QAAQ;KACR,SAAS,EAAE,gBAAgB,GAAG,YAAY,kBAAkB;KAC7D,CAAC;YACK,OAAO;AACd,mBAAe;KAAE;KAAQ;KAAM;KAAO,CAAC;AACvC,QAAI,mBAAmB,iBAAiB,MAAO,iBAAgB,OAAO,iBAAiB;AACvF,WAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;;AAShD,MAAI,OAAO,mBACT,KAAI;GACF,MAAM,kBAAkB,MAAM,OAAO,mBAAmB,kBAAkB;AAC1E,OAAI,gBAAiB,QAAO;WACrB,OAAO;AACd,kBAAe;IAAE;IAAQ;IAAM;IAAO,CAAC;AACvC,OAAI,mBAAmB,iBAAiB,MAAO,iBAAgB,OAAO,eAAe;AACrF,UAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;AAU9C,OADsB,IAAI,QAAQ,IAAI,SAAS,IAAI,IAAI,SAAS,mBAAmB;OAG7E,CADc,iBAAiB,IAAI,CACxB,IAAI;IACjB,MAAM,gBAAgB,IAAI,SAAS;AACnC,uBAAmB,cAAc;AACjC,WAAO,IAAI,SAAS,MAAM;KAAE,QAAQ;KAAK,SAAS;KAAe,CAAC;;;EAKtE,IAAI,QAAQ,WAAW,kBAAkB;EACzC,IAAI;EAOJ,MAAM,YAAY,IAAI,QAAQ,IAAI,eAAe;AACjD,MAAI,aAAa,OAAO,sBAAsB,QAAQ;GACpD,MAAM,cAAc,sBAClB,mBACA,WACA,OAAO,qBACR;AACD,OAAI,aAAa;IACf,MAAM,cAAc,WAAW,YAAY,eAAe;AAC1D,QAAI,aAAa;AACf,aAAQ;AACR,oBAAe,EAAE,gBAAgB,mBAAmB;;;;AAK1D,MAAI,CAAC,OAAO;AAGV,OAAI,OAAO,eAAe;IACxB,MAAM,kBAAkB,IAAI,SAAS;AACrC,WAAO,OAAO,cAAc,KAAK,gBAAgB;;AAEnD,UAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;EAK5C,MAAM,kBAAkB,IAAI,SAAS;EACrC,MAAM,uBAAuB,IAAI,SAAS;AAM1C,kBAAgB,IAAI,iBAAiB,0DAA0D;AAM/F,MAAI,WACF,KAAI;AACF,SAAM,WAAW,OAAO,KAAK,gBAAgB;UACvC;AASV,MAAI;AACF,SAAM,oBAAoB,MAAM;WACzB,OAAO;AACd,OAAI,iBAAiB,oBAAoB;IAGvC,MAAM,cAAc,MAAM,SAAS,MAAM,SAAS,SAAS;AAC3D,QACG,YAAoC,SACrC,CAAE,YAAmC,KAErC,QAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;AAK5C,QAAI,OAAO,cACT,QAAO,OAAO,cAAc,KAAK,gBAAgB;AAEnD,WAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;AAE5C,SAAM;;AAMR,mBAAiB,MAAM,cAAc;AAGrC,MAAI,MAAM,gBAAgB,SAAS,GAAG;GACpC,MAAM,MAAyB;IAC7B;IACA,gBAAgB;IAChB,SAAS;IACT,eAAe,MAAM;IACrB,aAAa,UAAU;AACrB,UAAK,MAAM,QAAQ,OAAO;MAIxB,IAAI;AACJ,UAAI,KAAK,OAAO,KAAA,EACd,SAAQ,IAAI,KAAK,KAAK,QAAQ,KAAK,GAAG,QAAQ,KAAK;UAEnD,SAAQ,IAAI,KAAK,KAAK,SAAS,KAAK;AAEtC,UAAI,KAAK,gBAAgB,KAAA,EAAW,UAAS,iBAAiB,KAAK;AACnE,UAAI,KAAK,kBAAkB,KAAA,EAAW,UAAS,mBAAmB,KAAK;AACvE,sBAAgB,OAAO,QAAQ,MAAM;;;IAG1C;AAED,OAAI;AAEF,4BAAwB,KAAK;IAC7B,MAAM,gBAAgB,mBAAmB,MAAM,iBAAiB,IAAI;IACpE,MAAM,qBAAqB,MAAM,SAAS,qBAAqB,EAAE,QAC/D,iBAAiB,aAAa,WAAW,MAAM,iBAAiB,QAAQ,GAAG,SAAS,CACrF;AACD,4BAAwB,MAAM;AAC9B,QAAI,oBAAoB;KAItB,MAAM,gBAAgB,sBAAsB,mBAAmB;AAC/D,oBAAe,cAAc,QAAQ;KAKrC,MAAM,eAAe,IAAI,IACvB,CAAC,GAAG,cAAc,QAAQ,MAAM,CAAC,CAAC,KAAK,MAAM,EAAE,aAAa,CAAC,CAC9D;AACD,UAAK,MAAM,CAAC,KAAK,UAAU,gBAAgB,SAAS,CAClD,KAAI,CAAC,aAAa,IAAI,IAAI,aAAa,CAAC,CACtC,eAAc,QAAQ,OAAO,KAAK,MAAM;AAG5C,+BAA0B;MAAE;MAAQ;MAAM,QAAQ,cAAc;MAAQ,CAAC;AACzE,YAAO;;AAIT,8BAA0B,qBAAqB;YACxC,OAAO;AACd,4BAAwB,MAAM;AAE9B,QAAI,iBAAiB,gBAAgB;AACnC,oBAAe,gBAAgB;AAC/B,YAAO,sBAAsB,OAAO,KAAK,gBAAgB;;AAI3D,QAAI,iBAAiB,YAAY;AAC/B,oBAAe,gBAAgB;AAC/B,SAAI,OAAO,mBACT,KAAI;AACF,aAAO,MAAM,OAAO,mBAAmB,OAAO,KAAK,iBAAiB,MAAM;aACpE;AAIV,YAAO,IAAI,SAAS,MAAM;MAAE,QAAQ,MAAM;MAAQ,SAAS;MAAiB,CAAC;;AAI/E,uBAAmB;KAAE;KAAQ;KAAM;KAAO,CAAC;AAC3C,UAAM,mBAAmB,OAAO,KAAK,UAAU;AAC/C,QAAI,mBAAmB,iBAAiB,MAAO,iBAAgB,OAAO,aAAa;AACnF,WAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;;AAO9C,iBAAe,gBAAgB;AAG/B,MAAI;GACF,MAAM,iBACJ,OAAO,KAAK,OAAO,iBAAiB,sBAAsB,aAAa;GACzE,MAAM,WAAW,MAAM,SAAS,iBAAiB,EAAE,cAAc,mBAAmB,QAClF,iBAAiB,aACb,WAAW,UAAU,oBAAoB,SAAS,GAClD,UAAU,CACf;AACD,wBAAqB;AACrB,UAAO;WACA,OAAO;AAGd,OAAI,iBAAiB,YAAY;AAC/B,QAAI,OAAO,mBACT,KAAI;AACF,YAAO,MAAM,OAAO,mBAAmB,OAAO,KAAK,iBAAiB,MAAM;YACpE;AAIV,WAAO,IAAI,SAAS,MAAM;KAAE,QAAQ,MAAM;KAAQ,SAAS;KAAiB,CAAC;;AAG/E,OAAI,iBAAiB,eACnB,QAAO,sBAAsB,OAAO,KAAK,gBAAgB;AAE3D,kBAAe;IAAE;IAAQ;IAAM;IAAO,CAAC;AACvC,SAAM,mBAAmB,OAAO,KAAK,SAAS;AAC9C,OAAI,mBAAmB,iBAAiB,MAAO,iBAAgB,OAAO,SAAS;AAE/E,OAAI,OAAO,oBACT,KAAI;AACF,WAAO,MAAM,OAAO,oBAAoB,OAAO,KAAK,gBAAgB;WAC9D;AAIV,UAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;;;;;;;AAShD,eAAe,mBACb,OACA,KACA,OACe;CACf,MAAM,MAAM,IAAI,IAAI,IAAI,IAAI;CAC5B,MAAM,aAAqC,EAAE;AAC7C,KAAI,QAAQ,SAAS,GAAG,MAAM;AAC5B,aAAW,KAAK;GAChB;AAEF,OAAM,mBACJ,OACA;EAAE,QAAQ,IAAI;EAAQ,MAAM,IAAI;EAAU,SAAS;EAAY,EAC/D;EAAE;EAAO,WAAW,IAAI;EAAU,WAAW;EAAQ,SAAS,YAAY;EAAE,CAC7E;;;;;;AASH,SAAS,eAAe,SAAwB;AAC9C,MAAK,MAAM,SAAS,qBAAqB,CACvC,SAAQ,OAAO,cAAc,MAAM;;;;;;;;;;;;AAgBvC,SAAS,sBAAsB,UAA8B;AAC3D,KAAI;AAIF,WAAS,QAAQ,IAAI,kBAAkB,IAAI;AAC3C,WAAS,QAAQ,OAAO,iBAAiB;AACzC,SAAO;SACD;AAEN,SAAO,IAAI,SAAS,SAAS,MAAM;GACjC,QAAQ,SAAS;GACjB,YAAY,SAAS;GACrB,SAAS,IAAI,QAAQ,SAAS,QAAQ;GACvC,CAAC;;;;;;;;;;;ACjtBN,SAAgB,gBAAgB,UAA8B,UAAmC;CAC/F,MAAM,uBAAO,IAAI,KAAa;CAC9B,MAAM,SAAmB,EAAE;AAE3B,MAAK,MAAM,WAAW,SACpB,MAAK,MAAM,QAAQ,CAAC,QAAQ,QAAQ,QAAQ,KAAK,EAAE;AACjD,MAAI,CAAC,KAAM;EACX,MAAM,WAAW,SAAS,IAAI,KAAK;AACnC,MAAI,CAAC,SAAU;AACf,OAAK,MAAM,OAAO,SAChB,KAAI,CAAC,KAAK,IAAI,IAAI,EAAE;AAClB,QAAK,IAAI,IAAI;AACb,UAAO,KAAK,IAAI;;;AAMxB,QAAO;;;;;;;;AAwCT,SAAgB,kBACd,UACA,UACqB;CACrB,MAAM,uBAAO,IAAI,KAAa;CAC9B,MAAM,SAA8B,EAAE;AAEtC,MAAK,MAAM,WAAW,SACpB,MAAK,MAAM,QAAQ,CAAC,QAAQ,QAAQ,QAAQ,KAAK,EAAE;AACjD,MAAI,CAAC,KAAM;EACX,MAAM,QAAQ,SAAS,MAAM,KAAK;AAClC,MAAI,CAAC,MAAO;AACZ,OAAK,MAAM,SAAS,MAClB,KAAI,CAAC,KAAK,IAAI,MAAM,KAAK,EAAE;AACzB,QAAK,IAAI,MAAM,KAAK;AACpB,UAAO,KAAK,MAAM;;;AAM1B,QAAO;;;;;;;;AA8DT,SAAgB,2BACd,UACA,UACU;CACV,MAAM,uBAAO,IAAI,KAAa;CAC9B,MAAM,SAAmB,EAAE;AAE3B,MAAK,MAAM,WAAW,SACpB,MAAK,MAAM,QAAQ,CAAC,QAAQ,QAAQ,QAAQ,KAAK,EAAE;AACjD,MAAI,CAAC,KAAM;EACX,MAAM,WAAW,SAAS,cAAc,KAAK;AAC7C,MAAI,CAAC,SAAU;AACf,OAAK,MAAM,OAAO,SAChB,KAAI,CAAC,KAAK,IAAI,IAAI,EAAE;AAClB,QAAK,IAAI,IAAI;AACb,UAAO,KAAK,IAAI;;;AAMxB,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACnJT,SAAgB,iBAAiB,MAAyB;AAGxD,KAAI,KAAK,OAAO,KAAA,GAAW;EACzB,IAAI,QAAQ,IAAI,KAAK,KAAK,QAAQ,KAAK,GAAG,QAAQ,KAAK;AACvD,MAAI,KAAK,gBAAgB,KAAA,EAAW,UAAS,iBAAiB,KAAK;AACnE,MAAI,KAAK,kBAAkB,KAAA,EAAW,UAAS,mBAAmB,KAAK;AACvE,SAAO;;CAGT,IAAI,QAAQ,IAAI,KAAK,KAAK,SAAS,KAAK;AACxC,KAAI,KAAK,gBAAgB,KAAA,EAAW,UAAS,iBAAiB,KAAK;AACnE,KAAI,KAAK,kBAAkB,KAAA,EAAW,UAAS,mBAAmB,KAAK;AACvE,QAAO;;;;;;;;;;;;;;;;;;;AA4BT,SAAgB,wBACd,UACA,UACA,SACU;CACV,MAAM,SAAmB,EAAE;CAK3B,MAAM,2BAAW,IAAI,KAAa;CAElC,MAAM,OAAO,KAAa,WAAmB;AAC3C,MAAI,CAAC,SAAS,IAAI,IAAI,EAAE;AACtB,YAAS,IAAI,IAAI;AACjB,UAAO,KAAK,OAAO;;;AAKvB,MAAK,MAAM,OAAO,gBAAgB,UAAU,SAAS,CACnD,KAAI,KAAK,iBAAiB;EAAE,MAAM;EAAK,KAAK;EAAW,IAAI;EAAS,CAAC,CAAC;AAMxE,MAAK,MAAM,OAAO,SAAS,IAAI,cAAc,EAAE,CAC7C,KAAI,KAAK,iBAAiB;EAAE,MAAM;EAAK,KAAK;EAAW,IAAI;EAAS,CAAC,CAAC;AAIxE,MAAK,MAAM,QAAQ,kBAAkB,UAAU,SAAS,CACtD,KACE,KAAK,MACL,iBAAiB;EAAE,MAAM,KAAK;EAAM,KAAK;EAAW,IAAI;EAAQ,aAAa;EAAa,CAAC,CAC5F;AAIH,KAAI,CAAC,SAAS,OACZ,MAAK,MAAM,OAAO,2BAA2B,UAAU,SAAS,CAC9D,KAAI,KAAK,iBAAiB;EAAE,MAAM;EAAK,KAAK;EAAiB,CAAC,CAAC;AAInE,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AClIT,SAAgB,wBAA2B,QAA4B,IAAgB;AACrF,QAAO,oBAAoB,IAAI,QAAQ,GAAG;;;;;;;;;;AAW5C,SAAgB,kBAAkB,OAAuB;AACvD,KAAI,CAAC,MAAM,OAAQ;CACnB,MAAM,SAAS,oBAAoB,UAAU;AAC7C,KAAI,CAAC,OAAQ;AACb,KAAI;AACF,SAAO,MAAM;SACP;;;;;;;;;;;;;;;;ACwGV,eAAsB,iBAAiB,QAAqD;CAC1F,MAAM,EAAE,UAAU,YAAY,eAAe,2BAA2B;AAExE,KAAI,SAAS,WAAW,EACtB,OAAM,IAAI,MAAM,iDAAiD;CAGnE,MAAM,OAAO,SAAS,SAAS,SAAS;AAGxC,KAAI,KAAK,SAAS,CAAC,KAAK,KACtB,QAAO;EAAE,MAAM;EAAM,YAAY;EAAM;CAKzC,MAAM,iBADa,KAAK,OAAO,MAAM,WAAW,KAAK,KAAK,GAAG,OAC3B;AAElC,KAAI,CAAC,cACH,OAAM,IAAI,MACR,iDAAiD,KAAK,QAAQ,gDAE/D;CAIH,IAAI,UAAwB,cAAc,eAAe,EAAE,CAAC;AAG5D,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,UAAU,SAAS;AAGzB,YAAU,MAAM,wBACd,SACA,SACA,YACA,eACA,uBACD;AAGD,MAAI,QAAQ,QAAQ;GAElB,MAAM,YADe,MAAM,WAAW,QAAQ,OAAO,EACvB;AAC9B,aAAU,cAAc,sBAAsB;IAC5C;IACA,aAAa,QAAQ;IACrB,UAAU;IACX,CAA2B;;AAI9B,MAAI,QAAQ,QAAQ;GAElB,MAAM,mBADe,MAAM,WAAW,QAAQ,OAAO,EAChB;AAIrC,OAAI,iBAAiB;IAEnB,MAAM,YAA0C,EAAE;AAClD,QAAI,QAAQ,MAAM,OAAO,EACvB,MAAK,MAAM,CAAC,UAAU,aAAa,QAAQ,MACzC,WAAU,YAAY,MAAM,iBAC1B,UACA,YACA,eACA,uBACD;AAIL,cAAU,cAAc,iBAAiB;KACvC,GAAG;KACH,UAAU;KACX,CAAC;;;;AAKR,QAAO;EAAE,MAAM;EAAS,YAAY;EAAO;;;;;;;;AAW7C,eAAe,iBACb,UACA,YACA,eACA,wBACuB;CAGvB,MAAM,iBADa,SAAS,OAAO,MAAM,WAAW,SAAS,KAAK,GAAG,OACnC;CAIlC,MAAM,oBADgB,SAAS,UAAU,MAAM,WAAW,SAAS,QAAQ,GAAG,OACtC;AAKxC,KAAI,CAAC,cACH,QAAO,mBAAmB,cAAc,kBAAkB,EAAE,CAAC,GAAG;CAGlE,IAAI,UAAwB,cAAc,eAAe,EAAE,CAAC;AAG5D,WAAU,MAAM,wBACd,UACA,SACA,YACA,eACA,uBACD;AAGD,KAAI,SAAS,QAAQ;EAEnB,MAAM,YADe,MAAM,WAAW,SAAS,OAAO,EACxB;EAK9B,MAAM,mBADe,SAAS,SAAS,MAAM,WAAW,SAAS,OAAO,GAAG,OAE1D,WAAkE;EAEnF,MAAM,kBAAkB,mBAAmB,cAAc,kBAAkB,EAAE,CAAC,GAAG;AAEjF,YAAU,cAAc,2BAA2B;GACjD;GACA;GACA,UAAU,SAAS,YAAY,QAAQ,MAAM,GAAG;GAChD;GACA;GACA,UAAU;GACX,CAA+B;;AAGlC,QAAO;;;AAMT,IAAM,iBAAiB,IAAI,IAAI,CAAC,OAAO,KAAK,CAAC;;;;;;;AAQ7C,SAAS,UAAU,MAA0B;AAC3C,QAAO,eAAe,IAAI,KAAK,UAAU;;;;;;;;;;;;;;;;;;AAmB3C,eAAe,wBACb,SACA,SACA,YACA,eACA,wBACuB;AAIvB,KAAI,QAAQ,aAAa;AAEvB,OAAK,MAAM,CAAC,KAAK,SAAS,QAAQ,YAChC,KAAI,QAAQ,SAAS,QAAQ,OAAO;GAClC,MAAM,SAAS,SAAS,KAAK,GAAG;AAChC,OAAI,CAAC,MAAM,OAAO,EAAE;IAElB,MAAM,aADM,MAAM,WAAW,KAAK,EACZ;AACtB,QAAI,UAYF,WAAU,cAAc,wBAXF,UAAU,KAAK,GAChC;KACC,iBAAiB,cAAc,WAAW,EAAE,QAAQ,CAAC;KACrD;KACA,UAAU;KACX,GACA;KACC,mBAAmB;KACnB;KACA,UAAU;KACX,CACyD;;;AAOtE,OAAK,MAAM,CAAC,KAAK,SAAS,QAAQ,YAChC,KAAI,QAAQ,SAAS,QAAQ,OAAO;GAElC,MAAM,aADM,MAAM,WAAW,KAAK,EACZ;AACtB,OAAI,WAAW;IACb,MAAM,iBAAiB,QAAQ,QAAQ,MAAM;AAY7C,cAAU,cAAc,wBAXF,UAAU,KAAK,GAChC;KACC,iBAAiB,cAAc,WAAW,EAAE,CAAC;KAC7C,QAAQ;KACR,UAAU;KACX,GACA;KACC,mBAAmB;KACnB,QAAQ;KACR,UAAU;KACX,CACyD;;;;AAStE,KAAI,QAAQ,OAAO;EAEjB,MAAM,kBADc,MAAM,WAAW,QAAQ,MAAM,EAChB;AACnC,MAAI,eAUF,WAAU,cAAc,wBATF,UAAU,QAAQ,MAAM,GACzC;GACC,iBAAiB,cAAc,gBAAgB,EAAE,CAAC;GAClD,UAAU;GACX,GACA;GACC,mBAAmB;GACnB,UAAU;GACX,CACyD;;AAIlE,QAAO;;;;;;;;ACpVT,IAAM,wBAAgD;CACpD,aAAa;CACb,aAAa;CACb,gBAAgB;CACjB;;;;;;;;;;;;AAeD,SAAgB,kBACd,QACA,UACA,SAA2B,aACE;AAC7B,KAAI,UAAU,OAAO,UAAU,IAC7B,QAAO,WAAW,SAAS,eAAe,QAAQ,SAAS,GAAG,WAAW,QAAQ,SAAS;AAE5F,KAAI,UAAU,OAAO,UAAU,IAE7B,QAAO,WAAW,SAAS,eAAe,QAAQ,SAAS,GAAG,WAAW,QAAQ,SAAS;AAE5F,QAAO;;;;;;;;AAST,SAAS,WACP,QACA,UAC6B;CAC7B,MAAM,YAAY,OAAO,OAAO;AAGhC,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,UAAU,SAAS;AACzB,MAAI,CAAC,QAAQ,YAAa;EAG1B,MAAM,QAAQ,QAAQ,YAAY,IAAI,UAAU;AAChD,MAAI,MACF,QAAO;GAAE,MAAM;GAAO;GAAQ,MAAM;GAAS,cAAc;GAAG;EAIhE,MAAM,WAAW,QAAQ,YAAY,IAAI,MAAM;AAC/C,MAAI,SACF,QAAO;GAAE,MAAM;GAAU;GAAQ,MAAM;GAAY,cAAc;GAAG;;AAKxE,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,UAAU,SAAS;AACzB,MAAI,CAAC,QAAQ,kBAAmB;AAEhC,OAAK,MAAM,CAAC,MAAM,iBAAiB,OAAO,QAAQ,sBAAsB,CACtE,KAAI,iBAAiB,QAAQ;GAC3B,MAAM,OAAO,QAAQ,kBAAkB,IAAI,KAAK;AAChD,OAAI,KACF,QAAO;IAAE;IAAM;IAAQ,MAAM;IAAU,cAAc;IAAG;;;AAOhE,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,IACxC,KAAI,SAAS,GAAG,MACd,QAAO;EAAE,MAAM,SAAS,GAAG;EAAQ;EAAQ,MAAM;EAAS,cAAc;EAAG;AAI/E,QAAO;;;;;;;AAQT,SAAS,eACP,QACA,UAC6B;CAC7B,MAAM,YAAY,OAAO,OAAO;AAEhC,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,UAAU,SAAS;AACzB,MAAI,CAAC,QAAQ,gBAAiB;EAG9B,MAAM,QAAQ,QAAQ,gBAAgB,IAAI,UAAU;AACpD,MAAI,MACF,QAAO;GAAE,MAAM;GAAO;GAAQ,MAAM;GAAS,cAAc;GAAG;EAIhE,MAAM,WAAW,QAAQ,gBAAgB,IAAI,MAAM;AACnD,MAAI,SACF,QAAO;GAAE,MAAM;GAAU;GAAQ,MAAM;GAAY,cAAc;GAAG;;AAIxE,QAAO;;;;;;AAOT,SAAS,WACP,QACA,UAC6B;CAC7B,MAAM,YAAY,OAAO,OAAO;AAEhC,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,UAAU,SAAS;AAGzB,MAAI,QAAQ,aAAa;GACvB,MAAM,QAAQ,QAAQ,YAAY,IAAI,UAAU;AAChD,OAAI,MACF,QAAO;IAAE,MAAM;IAAO;IAAQ,MAAM;IAAS,cAAc;IAAG;GAIhE,MAAM,WAAW,QAAQ,YAAY,IAAI,MAAM;AAC/C,OAAI,SACF,QAAO;IAAE,MAAM;IAAU;IAAQ,MAAM;IAAY,cAAc;IAAG;;AAKxE,MAAI,QAAQ,MACV,QAAO;GAAE,MAAM,QAAQ;GAAO;GAAQ,MAAM;GAAS,cAAc;GAAG;;AAI1E,QAAO;;;;;;;AAQT,SAAS,eACP,QACA,UAC6B;CAC7B,MAAM,YAAY,OAAO,OAAO;AAEhC,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,UAAU,SAAS;AACzB,MAAI,CAAC,QAAQ,gBAAiB;EAE9B,MAAM,QAAQ,QAAQ,gBAAgB,IAAI,UAAU;AACpD,MAAI,MACF,QAAO;GAAE,MAAM;GAAO;GAAQ,MAAM;GAAS,cAAc;GAAG;EAGhE,MAAM,WAAW,QAAQ,gBAAgB,IAAI,MAAM;AACnD,MAAI,SACF,QAAO;GAAE,MAAM;GAAU;GAAQ,MAAM;GAAY,cAAc;GAAG;;AAIxE,QAAO;;;;;;;;;;AAaT,SAAgB,kBAAkB,UAAoD;CACpF,MAAM,WAAW,SAAS,YAAY,QAAQ,MAAM,GAAG;AAEvD,KAAI,SAAS,OACX,QAAO;EAAE,MAAM,SAAS;EAAQ;EAAU,MAAM;EAAU;AAG5D,KAAI,SAAS,QACX,QAAO;EAAE,MAAM,SAAS;EAAS;EAAU,MAAM;EAAW;AAG9D,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACjMT,eAAsB,cACpB,UACA,UAAwB,EAAE,EACJ;CACtB,MAAM,EAAE,kBAAkB,IAAI,SAAS,EAAE,gBAAgB,QAAQ;CAEjE,IAAI;AAIJ,KAAI;AACF,iBAAe,MAAM,UAAU;UACxB,OAAO;AACd,SAAO,aAAa,OAAO,gBAAgB;;AAK7C,KAAI;AACF,QAAM,aAAa;UACZ,OAAO;AACd,SAAO,aAAa,OAAO,gBAAgB;;AAI7C,iBAAgB,IAAI,gBAAgB,2BAA2B;AAE/D,QAAO;EACL,UAAU,IAAI,SAAS,aAAa,QAAQ;GAC1C,QAAQ;GACR,SAAS;GACV,CAAC;EACF,QAAQ;EACR,YAAY;EACZ,UAAU;EACX;;;;;AAQH,SAAS,aAAa,OAAgB,iBAAuC;AAE3E,KAAI,iBAAiB,gBAAgB;AACnC,kBAAgB,IAAI,YAAY,MAAM,SAAS;AAC/C,SAAO;GACL,UAAU,IAAI,SAAS,MAAM;IAC3B,QAAQ,MAAM;IACd,SAAS;IACV,CAAC;GACF,QAAQ,MAAM;GACd,YAAY;GACZ,UAAU;GACX;;AAIH,KAAI,iBAAiB,WACnB,QAAO;EACL,UAAU,IAAI,SAAS,MAAM;GAC3B,QAAQ,MAAM;GACd,SAAS;GACV,CAAC;EACF,QAAQ,MAAM;EACd,YAAY;EACZ,UAAU;EACX;AAIH,KAAI,iBAAiB,YACnB,QAAO;EACL,UAAU,IAAI,SAAS,MAAM;GAC3B,QAAQ,MAAM;GACd,SAAS;GACV,CAAC;EACF,QAAQ,MAAM;EACd,YAAY;EACZ,UAAU;EACX;AAIH,gBAAe;EAAE,QAAQ;EAAI,MAAM;EAAI;EAAO,CAAC;AAC/C,QAAO;EACL,UAAU,IAAI,SAAS,MAAM;GAC3B,QAAQ;GACR,SAAS;GACV,CAAC;EACF,QAAQ;EACR,YAAY;EACZ,UAAU;EACX;;;;;AC5JH,IAAM,eAAe,IAAI,IAAI;CAAC;CAAO;CAAQ;CAAU,CAAC;;;;;;;;;;;AAcxD,SAAgB,aAAa,KAAc,QAAgC;AAEzE,KAAI,aAAa,IAAI,IAAI,OAAO,CAC9B,QAAO,EAAE,IAAI,MAAM;AAIrB,KAAI,OAAO,SAAS,MAClB,QAAO,EAAE,IAAI,MAAM;CAGrB,MAAM,SAAS,IAAI,QAAQ,IAAI,SAAS;AAGxC,KAAI,CAAC,OACH,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;AAInC,KAAI,OAAO,eAET,QADgB,OAAO,eAAe,SAAS,OAAO,GACrC,EAAE,IAAI,MAAM,GAAG;EAAE,IAAI;EAAO,QAAQ;EAAK;CAI5D,MAAM,OAAO,IAAI,QAAQ,IAAI,OAAO;AACpC,KAAI,CAAC,KACH,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;CAInC,IAAI;AACJ,KAAI;AACF,eAAa,IAAI,IAAI,OAAO,CAAC;SACvB;AACN,SAAO;GAAE,IAAI;GAAO,QAAQ;GAAK;;AAGnC,QAAO,eAAe,OAAO,EAAE,IAAI,MAAM,GAAG;EAAE,IAAI;EAAO,QAAQ;EAAK;;;;AC5DxE,IAAM,KAAK;AACX,IAAM,KAAK,OAAO;AAClB,IAAM,KAAK,OAAO;AAElB,IAAa,iBAAiB;CAC5B,gBAAgB,IAAI;CACpB,gBAAgB,KAAK;CACrB,WAAW;CACZ;AAED,IAAM,eAAe;;AAGrB,SAAgB,cAAc,MAAsB;CAClD,MAAM,QAAQ,aAAa,KAAK,KAAK,MAAM,CAAC;AAC5C,KAAI,CAAC,MACH,OAAM,IAAI,MACR,8BAA8B,KAAK,oDACpC;CAGH,MAAM,QAAQ,OAAO,WAAW,MAAM,GAAG;CACzC,MAAM,QAAQ,MAAM,MAAM,IAAI,aAAa;AAE3C,SAAQ,MAAR;EACE,KAAK,KACH,QAAO,KAAK,MAAM,QAAQ,GAAG;EAC/B,KAAK,KACH,QAAO,KAAK,MAAM,QAAQ,GAAG;EAC/B,KAAK,KACH,QAAO,KAAK,MAAM,QAAQ,GAAG;EAC/B,KAAK,GACH,QAAO,KAAK,MAAM,MAAM;EAC1B,QACE,OAAM,IAAI,MAAM,uBAAuB,KAAK,GAAG;;;;AAKrD,SAAgB,kBACd,KACA,MACA,QACiB;CACjB,MAAM,gBAAgB,IAAI,QAAQ,IAAI,iBAAiB;AACvD,KAAI,CAAC,cAGH,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;CAGnC,MAAM,WAAW,OAAO,SAAS,eAAe,GAAG;AACnD,KAAI,OAAO,MAAM,SAAS,CACxB,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;AAInC,QAAO,YADO,aAAa,MAAM,OAAO,GACb,EAAE,IAAI,MAAM,GAAG;EAAE,IAAI;EAAO,QAAQ;EAAK;;;;;AAetE,SAAS,aAAa,MAAgB,QAAkC;CACtE,MAAM,aAAa,OAAO;AAE1B,KAAI,SAAS,SACX,QAAO,YAAY,iBACf,cAAc,WAAW,eAAe,GACxC,eAAe;AAGrB,QAAO,YAAY,iBACf,cAAc,WAAW,eAAe,GACxC,eAAe;;;;;ACzErB,IAAM,eAA6B;CAAC;CAAO;CAAQ;CAAO;CAAS;CAAU;CAAQ;CAAU;;;;;;;;;AAY/F,SAAgB,sBAAsB,KAAgC;CACpE,MAAM,UAAwB,EAAE;AAEhC,MAAK,MAAM,UAAU,cAAc;AACjC,MAAI,WAAW,UAAU,WAAW,UAAW;AAC/C,MAAI,IAAI,QACN,SAAQ,KAAK,OAAO;;AAKxB,KAAI,IAAI,OAAO,CAAC,IAAI,KAClB,SAAQ,KAAK,OAAO;UACX,IAAI,KACb,SAAQ,KAAK,OAAO;AAItB,KAAI,CAAC,IAAI,QACP,SAAQ,KAAK,UAAU;KAEvB,SAAQ,KAAK,UAAU;AAGzB,QAAO;;;;;;;;AAWT,eAAsB,mBAAmB,KAAkB,KAAsC;CAC/F,MAAM,SAAS,IAAI,IAAI,OAAO,aAAa;CAE3C,MAAM,cADU,sBAAsB,IAAI,CACd,KAAK,KAAK;AAGtC,KAAI,WAAW,WAAW;AACxB,MAAI,IAAI,QACN,QAAO,WAAW,IAAI,SAAS,IAAI;AAErC,SAAO,IAAI,SAAS,MAAM;GACxB,QAAQ;GACR,SAAS,EAAE,OAAO,aAAa;GAChC,CAAC;;AAIJ,KAAI,WAAW,QAAQ;AACrB,MAAI,IAAI,KACN,QAAO,WAAW,IAAI,MAAM,IAAI;AAElC,MAAI,IAAI,KAAK;GACX,MAAM,MAAM,MAAM,WAAW,IAAI,KAAK,IAAI;AAE1C,UAAO,IAAI,SAAS,MAAM;IACxB,QAAQ,IAAI;IACZ,SAAS,IAAI;IACd,CAAC;;;CAKN,MAAM,UAAU,IAAI;AACpB,KAAI,CAAC,QACH,QAAO,IAAI,SAAS,MAAM;EACxB,QAAQ;EACR,SAAS,EAAE,OAAO,aAAa;EAChC,CAAC;AAGJ,QAAO,WAAW,SAAS,IAAI;;;;;AAMjC,eAAe,WAAW,SAAuB,KAAsC;AACrF,KAAI;AAEF,SAAO,qBADK,MAAM,QAAQ,IAAI,EACG,IAAI,QAAQ;UACtC,OAAO;AACd,gBAAc;GAAE,QAAQ,IAAI,IAAI;GAAQ,MAAM,IAAI,IAAI,IAAI,IAAI,IAAI,CAAC;GAAU;GAAO,CAAC;AACrF,SAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;;;;;;;AAS9C,SAAS,qBAAqB,KAAe,YAA+B;CAE1E,IAAI,gBAAgB;AACpB,YAAW,cAAc;AACvB,kBAAgB;GAChB;AACF,KAAI,CAAC,cAAe,QAAO;CAM3B,MAAM,SAAS,IAAI,SAAS;AAC5B,YAAW,SAAS,OAAO,QAAQ;AACjC,MAAI,IAAI,aAAa,KAAK,aACxB,QAAO,OAAO,KAAK,MAAM;MAEzB,QAAO,IAAI,KAAK,MAAM;GAExB;CAGF,MAAM,aAAa,IAAI,QAAQ,cAAc;AAC7C,MAAK,MAAM,UAAU,WACnB,QAAO,OAAO,cAAc,OAAO;AAErC,KAAI,QAAQ,SAAS,OAAO,QAAQ;AAClC,MAAI,IAAI,aAAa,KAAK,aACxB,QAAO,IAAI,KAAK,MAAM;GAExB;AAEF,QAAO,IAAI,SAAS,IAAI,MAAM;EAC5B,QAAQ,IAAI;EACZ,YAAY,IAAI;EAChB,SAAS;EACV,CAAC;;;;;;;;;;;;;;;;;;;AC3JJ,IAAa,qBAAb,cAAwC,MAAM;CAC5C;CAEA,YAAY,WAAmB,SAAkB;EAC/C,MAAM,UAAU,UACZ,wBAAwB,UAAU,MAAM,YACxC,wBAAwB,UAAU;AACtC,QAAM,QAAQ;AACd,OAAK,OAAO;AACZ,OAAK,YAAY"}