npm - @timber-js/app - Versions diffs - 0.2.0-alpha.97 → 0.2.0-alpha.99 - Mend

@timber-js/app 0.2.0-alpha.97 → 0.2.0-alpha.99

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (372) hide show

package/dist/_chunks/actions-CQ8Z8VGL.js +1061 -0
package/dist/_chunks/actions-CQ8Z8VGL.js.map +1 -0
package/dist/_chunks/build-output-helper-DXnW0qjz.js +61 -0
package/dist/_chunks/build-output-helper-DXnW0qjz.js.map +1 -0
package/dist/_chunks/{define-Itxvcd7F.js → define-B-Q_UMOD.js} +19 -23
package/dist/_chunks/define-B-Q_UMOD.js.map +1 -0
package/dist/_chunks/{define-C77ScO0m.js → define-CfBPoJb0.js} +24 -7
package/dist/_chunks/define-CfBPoJb0.js.map +1 -0
package/dist/_chunks/define-cookie-BjpIt4UC.js +194 -0
package/dist/_chunks/define-cookie-BjpIt4UC.js.map +1 -0
package/dist/_chunks/{format-CYBGxKtc.js → format-Bcn-Iv1x.js} +1 -1
package/dist/_chunks/{format-CYBGxKtc.js.map → format-Bcn-Iv1x.js.map} +1 -1
package/dist/_chunks/handler-store-B-lqaGyh.js +54 -0
package/dist/_chunks/handler-store-B-lqaGyh.js.map +1 -0
package/dist/_chunks/logger-0m8MsKdc.js +291 -0
package/dist/_chunks/logger-0m8MsKdc.js.map +1 -0
package/dist/_chunks/merge-search-params-BphMdht_.js +122 -0
package/dist/_chunks/merge-search-params-BphMdht_.js.map +1 -0
package/dist/_chunks/{metadata-routes-DS3eKNmf.js → metadata-routes-BU684ls2.js} +1 -1
package/dist/_chunks/{metadata-routes-DS3eKNmf.js.map → metadata-routes-BU684ls2.js.map} +1 -1
package/dist/_chunks/navigation-root-BCYczjml.js +96 -0
package/dist/_chunks/navigation-root-BCYczjml.js.map +1 -0
package/dist/_chunks/registry-I2ss-lvy.js +20 -0
package/dist/_chunks/registry-I2ss-lvy.js.map +1 -0
package/dist/_chunks/router-ref-h3-UaCQv.js +28 -0
package/dist/_chunks/router-ref-h3-UaCQv.js.map +1 -0
package/dist/_chunks/{schema-bridge-C3xl_vfb.js → schema-bridge-Cxu4l-7p.js} +1 -1
package/dist/_chunks/{schema-bridge-C3xl_vfb.js.map → schema-bridge-Cxu4l-7p.js.map} +1 -1
package/dist/_chunks/segment-classify-BjfuctV2.js +137 -0
package/dist/_chunks/segment-classify-BjfuctV2.js.map +1 -0
package/dist/_chunks/{segment-context-fHFLF1PE.js → segment-context-Dx_OizxD.js} +1 -1
package/dist/_chunks/{segment-context-fHFLF1PE.js.map → segment-context-Dx_OizxD.js.map} +1 -1
package/dist/_chunks/{router-ref-C8OCm7g7.js → ssr-data-B4CdH7rE.js} +2 -26
package/dist/_chunks/ssr-data-B4CdH7rE.js.map +1 -0
package/dist/_chunks/{stale-reload-BX5gL1r-.js → stale-reload-Bab885FO.js} +1 -1
package/dist/_chunks/{stale-reload-BX5gL1r-.js.map → stale-reload-Bab885FO.js.map} +1 -1
package/dist/_chunks/tracing-C8V-YGsP.js +329 -0
package/dist/_chunks/tracing-C8V-YGsP.js.map +1 -0
package/dist/_chunks/{use-query-states-BiV5GJgm.js → use-query-states-B2XTqxDR.js} +3 -19
package/dist/_chunks/use-query-states-B2XTqxDR.js.map +1 -0
package/dist/_chunks/{use-params-IOPu7E8t.js → use-segment-params-BkpKAQ7D.js} +9 -95
package/dist/_chunks/use-segment-params-BkpKAQ7D.js.map +1 -0
package/dist/_chunks/{interception-BbqMCVXa.js → walkers-Tg0Alwcg.js} +66 -87
package/dist/_chunks/walkers-Tg0Alwcg.js.map +1 -0
package/dist/_chunks/{dev-warnings-DpGRGoDi.js → warnings-Cg47l5sk.js} +3 -3
package/dist/_chunks/warnings-Cg47l5sk.js.map +1 -0
package/dist/adapters/build-output-helper.d.ts +28 -0
package/dist/adapters/build-output-helper.d.ts.map +1 -0
package/dist/adapters/cloudflare.d.ts.map +1 -1
package/dist/adapters/cloudflare.js +8 -28
package/dist/adapters/cloudflare.js.map +1 -1
package/dist/adapters/nitro.d.ts.map +1 -1
package/dist/adapters/nitro.js +63 -31
package/dist/adapters/nitro.js.map +1 -1
package/dist/adapters/shared.d.ts +16 -0
package/dist/adapters/shared.d.ts.map +1 -0
package/dist/cache/index.js +9 -2
package/dist/cache/index.js.map +1 -1
package/dist/cache/timber-cache.d.ts.map +1 -1
package/dist/client/error-boundary.js +2 -1
package/dist/client/error-boundary.js.map +1 -1
package/dist/client/form.d.ts +10 -24
package/dist/client/form.d.ts.map +1 -1
package/dist/client/index.d.ts +1 -5
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +41 -91
package/dist/client/index.js.map +1 -1
package/dist/client/internal.d.ts +2 -1
package/dist/client/internal.d.ts.map +1 -1
package/dist/client/internal.js +81 -7
package/dist/client/internal.js.map +1 -1
package/dist/client/rsc-fetch.d.ts.map +1 -1
package/dist/client/state.d.ts +1 -1
package/dist/client/use-cookie.d.ts +8 -0
package/dist/client/use-cookie.d.ts.map +1 -1
package/dist/client/{use-params.d.ts → use-segment-params.d.ts} +1 -1
package/dist/client/use-segment-params.d.ts.map +1 -0
package/dist/codec.d.ts +1 -1
package/dist/codec.d.ts.map +1 -1
package/dist/codec.js +2 -2
package/dist/config-types.d.ts +28 -0
package/dist/config-types.d.ts.map +1 -1
package/dist/cookies/define-cookie.d.ts +87 -35
package/dist/cookies/define-cookie.d.ts.map +1 -1
package/dist/cookies/index.d.ts +2 -1
package/dist/cookies/index.d.ts.map +1 -1
package/dist/cookies/index.js +48 -2
package/dist/cookies/index.js.map +1 -0
package/dist/cookies/json-cookie.d.ts +64 -0
package/dist/cookies/json-cookie.d.ts.map +1 -0
package/dist/cookies/validation.d.ts +46 -0
package/dist/cookies/validation.d.ts.map +1 -0
package/dist/{plugins/dev-404-page.d.ts → dev-tools/404-page.d.ts} +9 -19
package/dist/dev-tools/404-page.d.ts.map +1 -0
package/dist/{plugins/dev-browser-logs.d.ts → dev-tools/browser-logs.d.ts} +1 -1
package/dist/dev-tools/browser-logs.d.ts.map +1 -0
package/dist/{plugins/dev-error-page.d.ts → dev-tools/error-page.d.ts} +2 -2
package/dist/dev-tools/error-page.d.ts.map +1 -0
package/dist/{server/dev-holding-server.d.ts → dev-tools/holding-server.d.ts} +5 -3
package/dist/dev-tools/holding-server.d.ts.map +1 -0
package/dist/dev-tools/index.d.ts +31 -0
package/dist/dev-tools/index.d.ts.map +1 -0
package/dist/{server/dev-span-processor.d.ts → dev-tools/instrumentation.d.ts} +26 -6
package/dist/dev-tools/instrumentation.d.ts.map +1 -0
package/dist/{server/dev-logger.d.ts → dev-tools/logger.d.ts} +1 -1
package/dist/dev-tools/logger.d.ts.map +1 -0
package/dist/{plugins/dev-logs.d.ts → dev-tools/logs.d.ts} +1 -1
package/dist/dev-tools/logs.d.ts.map +1 -0
package/dist/{plugins/dev-error-overlay.d.ts → dev-tools/overlay.d.ts} +3 -12
package/dist/dev-tools/overlay.d.ts.map +1 -0
package/dist/dev-tools/stack-classifier.d.ts +34 -0
package/dist/dev-tools/stack-classifier.d.ts.map +1 -0
package/dist/{plugins/dev-terminal-error.d.ts → dev-tools/terminal.d.ts} +2 -2
package/dist/dev-tools/terminal.d.ts.map +1 -0
package/dist/{server/dev-warnings.d.ts → dev-tools/warnings.d.ts} +1 -1
package/dist/dev-tools/warnings.d.ts.map +1 -0
package/dist/index.d.ts +1 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +285 -133
package/dist/index.js.map +1 -1
package/dist/plugin-context.d.ts +1 -1
package/dist/plugin-context.d.ts.map +1 -1
package/dist/plugins/adapter-build.d.ts.map +1 -1
package/dist/plugins/build-report.d.ts +6 -4
package/dist/plugins/build-report.d.ts.map +1 -1
package/dist/routing/convention-lint.d.ts.map +1 -1
package/dist/routing/index.d.ts +5 -3
package/dist/routing/index.d.ts.map +1 -1
package/dist/routing/index.js +3 -3
package/dist/routing/scanner.d.ts +1 -10
package/dist/routing/scanner.d.ts.map +1 -1
package/dist/routing/segment-classify.d.ts +37 -8
package/dist/routing/segment-classify.d.ts.map +1 -1
package/dist/routing/status-file-lint.d.ts.map +1 -1
package/dist/routing/types.d.ts +63 -23
package/dist/routing/types.d.ts.map +1 -1
package/dist/routing/walkers.d.ts +51 -0
package/dist/routing/walkers.d.ts.map +1 -0
package/dist/search-params/define.d.ts +25 -7
package/dist/search-params/define.d.ts.map +1 -1
package/dist/search-params/index.js +5 -3
package/dist/search-params/index.js.map +1 -1
package/dist/search-params/wrappers.d.ts +2 -2
package/dist/search-params/wrappers.d.ts.map +1 -1
package/dist/segment-params/define.d.ts +23 -6
package/dist/segment-params/define.d.ts.map +1 -1
package/dist/segment-params/index.js +1 -1
package/dist/server/access-gate.d.ts +4 -3
package/dist/server/access-gate.d.ts.map +1 -1
package/dist/server/action-handler.d.ts +15 -6
package/dist/server/action-handler.d.ts.map +1 -1
package/dist/server/als-registry.d.ts +5 -5
package/dist/server/als-registry.d.ts.map +1 -1
package/dist/server/asset-headers.d.ts +1 -15
package/dist/server/asset-headers.d.ts.map +1 -1
package/dist/server/cookie-context.d.ts +170 -0
package/dist/server/cookie-context.d.ts.map +1 -0
package/dist/server/cookie-parsing.d.ts +51 -0
package/dist/server/cookie-parsing.d.ts.map +1 -0
package/dist/server/deny-boundary.d.ts +90 -0
package/dist/server/deny-boundary.d.ts.map +1 -0
package/dist/server/deny-renderer.d.ts.map +1 -1
package/dist/server/early-hints-sender.d.ts.map +1 -1
package/dist/server/html-injector-core.d.ts +212 -0
package/dist/server/html-injector-core.d.ts.map +1 -0
package/dist/server/html-injectors.d.ts +59 -59
package/dist/server/html-injectors.d.ts.map +1 -1
package/dist/server/index.d.ts +5 -4
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +4 -149
package/dist/server/index.js.map +1 -1
package/dist/server/internal.d.ts +6 -4
package/dist/server/internal.d.ts.map +1 -1
package/dist/server/internal.js +852 -852
package/dist/server/internal.js.map +1 -1
package/dist/server/logger.d.ts +14 -0
package/dist/server/logger.d.ts.map +1 -1
package/dist/server/middleware-runner.d.ts +17 -0
package/dist/server/middleware-runner.d.ts.map +1 -1
package/dist/server/node-stream-transforms.d.ts +46 -49
package/dist/server/node-stream-transforms.d.ts.map +1 -1
package/dist/server/param-coercion.d.ts +26 -0
package/dist/server/param-coercion.d.ts.map +1 -0
package/dist/server/pipeline-helpers.d.ts +95 -0
package/dist/server/pipeline-helpers.d.ts.map +1 -0
package/dist/server/pipeline-outcome.d.ts +49 -0
package/dist/server/pipeline-outcome.d.ts.map +1 -0
package/dist/server/pipeline-phases.d.ts +52 -0
package/dist/server/pipeline-phases.d.ts.map +1 -0
package/dist/server/pipeline.d.ts +51 -32
package/dist/server/pipeline.d.ts.map +1 -1
package/dist/server/port-resolution.d.ts +117 -0
package/dist/server/port-resolution.d.ts.map +1 -0
package/dist/server/request-context.d.ts +22 -159
package/dist/server/request-context.d.ts.map +1 -1
package/dist/server/route-element-builder.d.ts.map +1 -1
package/dist/server/route-matcher.d.ts +20 -47
package/dist/server/route-matcher.d.ts.map +1 -1
package/dist/server/rsc-entry/action-middleware-runner.d.ts +66 -0
package/dist/server/rsc-entry/action-middleware-runner.d.ts.map +1 -0
package/dist/server/rsc-entry/helpers.d.ts +1 -1
package/dist/server/rsc-entry/helpers.d.ts.map +1 -1
package/dist/server/rsc-entry/index.d.ts.map +1 -1
package/dist/server/rsc-entry/render-route.d.ts +50 -0
package/dist/server/rsc-entry/render-route.d.ts.map +1 -0
package/dist/server/rsc-entry/wrap-action-dispatch.d.ts +119 -0
package/dist/server/rsc-entry/wrap-action-dispatch.d.ts.map +1 -0
package/dist/server/state-tree-diff.d.ts.map +1 -1
package/dist/server/status-code-resolver.d.ts +16 -11
package/dist/server/status-code-resolver.d.ts.map +1 -1
package/dist/server/tracing.d.ts +1 -1
package/dist/server/tracing.d.ts.map +1 -1
package/dist/server/tree-builder.d.ts +45 -16
package/dist/server/tree-builder.d.ts.map +1 -1
package/dist/server/types.d.ts +48 -0
package/dist/server/types.d.ts.map +1 -1
package/dist/server/utils/escape-html.d.ts +14 -0
package/dist/server/utils/escape-html.d.ts.map +1 -0
package/dist/shims/headers.d.ts +2 -2
package/dist/shims/headers.d.ts.map +1 -1
package/dist/shims/navigation-client.d.ts +3 -1
package/dist/shims/navigation-client.d.ts.map +1 -1
package/dist/shims/navigation.d.ts +9 -4
package/dist/shims/navigation.d.ts.map +1 -1
package/dist/utils/directive-parser.d.ts +0 -45
package/dist/utils/directive-parser.d.ts.map +1 -1
package/package.json +1 -1
package/src/adapters/build-output-helper.ts +77 -0
package/src/adapters/cloudflare.ts +10 -50
package/src/adapters/nitro.ts +66 -50
package/src/adapters/shared.ts +40 -0
package/src/cache/timber-cache.ts +3 -2
package/src/client/form.tsx +17 -25
package/src/client/index.ts +16 -9
package/src/client/internal.ts +3 -2
package/src/client/router.ts +1 -1
package/src/client/rsc-fetch.ts +15 -0
package/src/client/state.ts +2 -2
package/src/client/use-cookie.ts +29 -0
package/src/codec.ts +3 -7
package/src/config-types.ts +28 -0
package/src/cookies/define-cookie.ts +271 -78
package/src/cookies/index.ts +11 -8
package/src/cookies/json-cookie.ts +105 -0
package/src/cookies/validation.ts +134 -0
package/src/{plugins/dev-404-page.ts → dev-tools/404-page.ts} +17 -48
package/src/{plugins/dev-error-page.ts → dev-tools/error-page.ts} +5 -32
package/src/{server/dev-holding-server.ts → dev-tools/holding-server.ts} +4 -2
package/src/dev-tools/index.ts +90 -0
package/src/dev-tools/instrumentation.ts +176 -0
package/src/{plugins/dev-logs.ts → dev-tools/logs.ts} +2 -2
package/src/{plugins/dev-error-overlay.ts → dev-tools/overlay.ts} +5 -23
package/src/dev-tools/stack-classifier.ts +75 -0
package/src/{plugins/dev-terminal-error.ts → dev-tools/terminal.ts} +4 -38
package/src/{server/dev-warnings.ts → dev-tools/warnings.ts} +1 -1
package/src/index.ts +95 -34
package/src/plugin-context.ts +1 -1
package/src/plugins/adapter-build.ts +3 -1
package/src/plugins/build-report.ts +13 -22
package/src/plugins/dev-server.ts +3 -3
package/src/plugins/routing.ts +14 -12
package/src/plugins/shims.ts +1 -1
package/src/plugins/static-build.ts +1 -1
package/src/routing/codegen.ts +1 -1
package/src/routing/convention-lint.ts +9 -8
package/src/routing/index.ts +5 -3
package/src/routing/interception.ts +1 -1
package/src/routing/scanner.ts +22 -95
package/src/routing/segment-classify.ts +107 -8
package/src/routing/status-file-lint.ts +7 -5
package/src/routing/types.ts +63 -23
package/src/routing/walkers.ts +90 -0
package/src/search-params/define.ts +71 -15
package/src/search-params/wrappers.ts +9 -2
package/src/segment-params/define.ts +66 -13
package/src/server/access-gate.tsx +9 -8
package/src/server/action-handler.ts +34 -38
package/src/server/als-registry.ts +5 -5
package/src/server/asset-headers.ts +8 -34
package/src/server/cookie-context.ts +468 -0
package/src/server/cookie-parsing.ts +135 -0
package/src/server/{deny-page-resolver.ts → deny-boundary.ts} +78 -14
package/src/server/deny-renderer.ts +7 -12
package/src/server/early-hints-sender.ts +3 -2
package/src/server/fallback-error.ts +2 -2
package/src/server/html-injector-core.ts +403 -0
package/src/server/html-injectors.ts +158 -297
package/src/server/index.ts +13 -14
package/src/server/internal.ts +10 -3
package/src/server/logger.ts +23 -0
package/src/server/middleware-runner.ts +44 -0
package/src/server/node-stream-transforms.ts +108 -248
package/src/server/param-coercion.ts +76 -0
package/src/server/pipeline-helpers.ts +204 -0
package/src/server/pipeline-outcome.ts +167 -0
package/src/server/pipeline-phases.ts +409 -0
package/src/server/pipeline.ts +70 -540
package/src/server/port-resolution.ts +215 -0
package/src/server/request-context.ts +46 -451
package/src/server/route-element-builder.ts +8 -4
package/src/server/route-matcher.ts +28 -60
package/src/server/rsc-entry/action-middleware-runner.ts +167 -0
package/src/server/rsc-entry/api-handler.ts +2 -2
package/src/server/rsc-entry/error-renderer.ts +2 -2
package/src/server/rsc-entry/helpers.ts +2 -7
package/src/server/rsc-entry/index.ts +81 -366
package/src/server/rsc-entry/render-route.ts +304 -0
package/src/server/rsc-entry/rsc-payload.ts +1 -1
package/src/server/rsc-entry/ssr-renderer.ts +2 -2
package/src/server/rsc-entry/wrap-action-dispatch.ts +449 -0
package/src/server/sitemap-generator.ts +1 -1
package/src/server/slot-resolver.ts +1 -1
package/src/server/ssr-entry.ts +1 -1
package/src/server/state-tree-diff.ts +4 -1
package/src/server/status-code-resolver.ts +112 -128
package/src/server/tracing.ts +3 -3
package/src/server/tree-builder.ts +134 -56
package/src/server/types.ts +52 -0
package/src/server/utils/escape-html.ts +20 -0
package/src/shims/headers.ts +3 -3
package/src/shims/navigation-client.ts +4 -3
package/src/shims/navigation.ts +9 -7
package/src/utils/directive-parser.ts +0 -392
package/dist/_chunks/actions-DLnUaR65.js +0 -421
package/dist/_chunks/actions-DLnUaR65.js.map +0 -1
package/dist/_chunks/als-registry-HS0LGUl2.js +0 -41
package/dist/_chunks/als-registry-HS0LGUl2.js.map +0 -1
package/dist/_chunks/debug-ECi_61pb.js +0 -108
package/dist/_chunks/debug-ECi_61pb.js.map +0 -1
package/dist/_chunks/define-C77ScO0m.js.map +0 -1
package/dist/_chunks/define-Itxvcd7F.js.map +0 -1
package/dist/_chunks/define-cookie-BowvzoP0.js +0 -94
package/dist/_chunks/define-cookie-BowvzoP0.js.map +0 -1
package/dist/_chunks/dev-warnings-DpGRGoDi.js.map +0 -1
package/dist/_chunks/interception-BbqMCVXa.js.map +0 -1
package/dist/_chunks/merge-search-params-Cm_KIWDX.js +0 -41
package/dist/_chunks/merge-search-params-Cm_KIWDX.js.map +0 -1
package/dist/_chunks/request-context-CK5tZqIP.js +0 -478
package/dist/_chunks/request-context-CK5tZqIP.js.map +0 -1
package/dist/_chunks/router-ref-C8OCm7g7.js.map +0 -1
package/dist/_chunks/segment-classify-BDNn6EzD.js +0 -65
package/dist/_chunks/segment-classify-BDNn6EzD.js.map +0 -1
package/dist/_chunks/tracing-CCYbKn5n.js +0 -238
package/dist/_chunks/tracing-CCYbKn5n.js.map +0 -1
package/dist/_chunks/use-params-IOPu7E8t.js.map +0 -1
package/dist/_chunks/use-query-states-BiV5GJgm.js.map +0 -1
package/dist/client/use-params.d.ts.map +0 -1
package/dist/plugins/dev-404-page.d.ts.map +0 -1
package/dist/plugins/dev-browser-logs.d.ts.map +0 -1
package/dist/plugins/dev-error-overlay.d.ts.map +0 -1
package/dist/plugins/dev-error-page.d.ts.map +0 -1
package/dist/plugins/dev-logs.d.ts.map +0 -1
package/dist/plugins/dev-terminal-error.d.ts.map +0 -1
package/dist/server/deny-page-resolver.d.ts +0 -52
package/dist/server/deny-page-resolver.d.ts.map +0 -1
package/dist/server/dev-fetch-instrumentation.d.ts +0 -22
package/dist/server/dev-fetch-instrumentation.d.ts.map +0 -1
package/dist/server/dev-holding-server.d.ts.map +0 -1
package/dist/server/dev-logger.d.ts.map +0 -1
package/dist/server/dev-span-processor.d.ts.map +0 -1
package/dist/server/dev-warnings.d.ts.map +0 -1
package/dist/server/manifest-status-resolver.d.ts +0 -58
package/dist/server/manifest-status-resolver.d.ts.map +0 -1
package/dist/server/page-deny-boundary.d.ts +0 -31
package/dist/server/page-deny-boundary.d.ts.map +0 -1
package/src/server/dev-fetch-instrumentation.ts +0 -96
package/src/server/dev-span-processor.ts +0 -78
package/src/server/manifest-status-resolver.ts +0 -215
package/src/server/page-deny-boundary.tsx +0 -56
/package/src/client/{use-params.ts → use-segment-params.ts} +0 -0
/package/src/{plugins/dev-browser-logs.ts → dev-tools/browser-logs.ts} +0 -0
/package/src/{server/dev-logger.ts → dev-tools/logger.ts} +0 -0

package/src/server/rsc-entry/index.ts CHANGED Viewed

@@ -31,28 +31,20 @@ import loadUserInstrumentation from 'virtual:timber-instrumentation';
 // @ts-expect-error — virtual module provided by timber-entries plugin
 import loadCacheHandler from 'virtual:timber-cache-handler';
-import type { FormRerender } from '../action-handler.js';
-import { handleActionRequest, isActionRequest } from '../action-handler.js';
+import { wrapPipelineWithActionDispatch } from './wrap-action-dispatch.js';
 import type { BodyLimitsConfig } from '../body-limits.js';
 import type { BuildManifest } from '../build-manifest.js';
-import {
-  buildFontPreloadTags,
-  buildModulepreloadTags,
-  collectRouteFonts,
-  collectRouteModulepreloads,
-} from '../build-manifest.js';
 import type { LayoutEntry } from '../deny-renderer.js';
 import { renderDenyPage, renderDenyPageAsRsc } from '../deny-renderer.js';
-import { resolveLogMode } from '../dev-logger.js';
+import { resolveLogMode } from '../../dev-tools/logger.js';
 import { sendEarlyHints103 } from '../early-hints-sender.js';
 import { collectEarlyHintHeaders } from '../early-hints.js';
-import { runWithFormFlash } from '../form-flash.js';
-import type { ClientBootstrapConfig } from '../html-injectors.js';
 import { buildClientScripts } from '../html-injectors.js';
 import type { InterceptionContext, PipelineConfig, RouteMatch } from '../pipeline.js';
-import { createPipeline, coerceSegmentParams } from '../pipeline.js';
+import { createPipeline } from '../pipeline.js';
+import { coerceSegmentParams } from '../param-coercion.js';
 import { setSegmentParams } from '../request-context.js';
-import { buildRouteElement, ParamCoercionError } from '../route-element-builder.js';
+import { buildRouteElement } from '../route-element-builder.js';
 import type { ManifestSegmentNode } from '../route-matcher.js';
 import { createMetadataRouteMatcher, createRouteMatcher } from '../route-matcher.js';
 import { initDevTracing } from '../tracing.js';
@@ -61,23 +53,16 @@ import { renderFallbackError as renderFallback } from '../fallback-error.js';
 import { loadInstrumentation } from '../instrumentation.js';
 import { loadModule } from '../safe-load.js';
 import { logRenderError } from '../logger.js';
-import { handleApiRoute } from './api-handler.js';
-import { renderErrorPage, renderNoMatchPage } from './error-renderer.js';
+import { renderNoMatchPage } from './error-renderer.js';
 import {
-  buildRedirectResponse,
   createDebugChannelSink,
-  escapeHtml,
   isRscPayloadRequest,
   type DebugComponentEntry,
 } from './helpers.js';
-import { parseClientStateTree } from '../state-tree-diff.js';
-import { buildRscPayloadResponse } from './rsc-payload.js';
-import { renderRscStream } from './rsc-stream.js';
-import { renderSsrResponse } from './ssr-renderer.js';
+import { renderRoute } from './render-route.js';
 import { callSsr } from './ssr-bridge.js';
 import { isDebug, isDevMode, setDebugFromConfig } from '../debug.js';
 import { setSourceMapCallback } from '../dev-source-map.js';
-import { recordTiming } from '../server-timing.js';
 import { requestContextAls } from '../als-registry.js';
 import { createAutoSitemapHandler } from '../sitemap-handler.js';
@@ -232,15 +217,22 @@ async function createRequestHandler(manifest: typeof routeManifest, runtimeConfi
       await initDevTracing({ mode: devLogMode, slowPhaseMs });
       // Patch globalThis.fetch to create OTEL spans for fetch calls.
       // Spans appear as children of the active component span in the dev log tree.
-      const { instrumentDevFetch } = await import('../dev-fetch-instrumentation.js');
+      const { instrumentDevFetch } = await import('../../dev-tools/instrumentation.js');
       instrumentDevFetch();
     }
   }
   const typedBuildManifest = buildManifest as BuildManifest;
+  // The routing plugin emits `manifest.proxy = { load, filePath }` only when
+  // the app has an `app/proxy.ts`. Convert that to the pipeline's lazy variant
+  // so HMR re-imports per request; leave it undefined when there's no proxy.
+  const proxyConfig: PipelineConfig['proxy'] = manifest.proxy?.load
+    ? { kind: 'lazy', loader: manifest.proxy.load }
+    : undefined;
   const pipelineConfig: PipelineConfig = {
-    proxyLoader: manifest.proxy?.load,
+    proxy: proxyConfig,
     matchRoute,
     matchMetadataRoute,
     // 103 Early Hints — fires after route match, before middleware.
@@ -248,11 +240,7 @@ async function createRequestHandler(manifest: typeof routeManifest, runtimeConfi
     // so the browser starts fetching critical resources while the server renders.
     // In dev mode the manifest is empty — no hints are sent.
     earlyHints: (match: RouteMatch, _req: Request, responseHeaders: Headers) => {
-      const segments = match.segments as unknown as Array<{
-        layout?: { filePath: string };
-        page?: { filePath: string };
-      }>;
-      const headers = collectEarlyHintHeaders(segments, typedBuildManifest, {
+      const headers = collectEarlyHintHeaders(match.segments, typedBuildManifest, {
         skipJs: clientJsDisabled,
       });
       for (const h of headers) {
@@ -273,11 +261,14 @@ async function createRequestHandler(manifest: typeof routeManifest, runtimeConfi
         req,
         match,
         responseHeaders,
-        clientBootstrap,
-        clientJsDisabled,
-        interception,
-        manifest.root,
-        manifest.globalError
+        {
+          clientBootstrap,
+          clientJsDisabled,
+          rootSegment: manifest.root,
+          buildManifest: typedBuildManifest,
+          globalError: manifest.globalError,
+        },
+        interception
       );
     },
     renderNoMatch: async (req: Request, responseHeaders: Headers) => {
@@ -295,7 +286,7 @@ async function createRequestHandler(manifest: typeof routeManifest, runtimeConfi
       // should receive the bare 404 without an HTML body (TIM-793).
       const acceptsHtml = (req.headers.get('accept') ?? '').includes('text/html');
       if (isDev && !response.body && req.method === 'GET' && acceptsHtml) {
-        const { generateDev404Page, collectRoutes } = await import('../../plugins/dev-404-page.js');
+        const { generateDev404Page, collectRoutes } = await import('../../dev-tools/404-page.js');
         const routes = collectRoutes(manifest.root);
         const pathname = new URL(req.url).pathname;
         const html = generateDev404Page(pathname, routes);
@@ -358,10 +349,7 @@ async function createRequestHandler(manifest: typeof routeManifest, runtimeConfi
       // route's `401.json` are picked up. Fall back to the root chain when no
       // match is available (e.g. proxy-stage deny before route matching).
       // See TIM-822, design/04-authorization.md, design/10-error-handling.md.
-      type SegNode = import('../route-matcher.js').ManifestSegmentNode;
-      const chain = matchedRoute
-        ? (matchedRoute.segments as unknown as SegNode[])
-        : ([manifest.root] as unknown as SegNode[]);
+      const chain: ManifestSegmentNode[] = matchedRoute ? matchedRoute.segments : [manifest.root];
       const layoutComponents: LayoutEntry[] = [];
       try {
         for (const segment of chain) {
@@ -382,8 +370,8 @@ async function createRequestHandler(manifest: typeof routeManifest, runtimeConfi
       // Reuse the matched route's params/middleware metadata when present so
       // downstream rendering sees the real route shape. Otherwise synthesise
       // a root-only stub (no params, no middleware).
-      const match = matchedRoute ?? {
-        segments: chain as never,
+      const match: RouteMatch = matchedRoute ?? {
+        segments: chain,
         segmentParams: {},
         middlewareChain: [],
       };
@@ -421,9 +409,15 @@ async function createRequestHandler(manifest: typeof routeManifest, runtimeConfi
   const pipeline = createPipeline(pipelineConfig);
-  // Wrap the pipeline to intercept server action requests before rendering.
-  // Actions bypass the normal pipeline (no route matching, no middleware)
-  // per design/08-forms-and-actions.md §"Middleware for Server Actions".
+  // Wrap the pipeline to enforce CSRF at the request boundary and intercept
+  // server action requests. By default, the wrapper also runs the matched
+  // route's `middleware.ts` chain on action POSTs, so authentication, rate
+  // limiting, tenant isolation, and request-header injection apply to
+  // actions just like they do to page renders. See TIM-871 and
+  // design/08-forms-and-actions.md §"Middleware for Server Actions".
+  //
+  // CSRF validation lives in the wrapper (not inside the action handler) so
+  // it covers route.ts API handlers as well as server actions. See LOCAL-773.
   const csrfConfig = {
     csrf: runtimeConfig.csrf,
     allowedOrigins: (runtimeConfig as Record<string, unknown>).allowedOrigins as
@@ -431,330 +425,51 @@ async function createRequestHandler(manifest: typeof routeManifest, runtimeConfi
       | undefined,
   };
-  return async (req: Request): Promise<Response> => {
-    if (isActionRequest(req)) {
-      const actionResponse = await handleActionRequest(req, {
-        csrf: csrfConfig,
-        bodyLimits: {
-          limits: (runtimeConfig as Record<string, unknown>).limits as BodyLimitsConfig['limits'],
-        },
-        sensitiveFields: formsConfig?.stripSensitiveFields,
-        revalidateRenderer: async (path: string) => {
-          // Build the React element tree for the route at `path`.
-          // Returns the element tree (not serialized) so the action handler can
-          // combine it with the action result in a single renderToReadableStream call.
-          // Forward original request headers (cookies, session IDs, etc.).
-          const revalidateHeaders = new Headers(req.headers);
-          revalidateHeaders.set('Accept', 'text/x-component');
-          const revalidateReq = new Request(new URL(path, req.url), {
-            headers: revalidateHeaders,
-          });
-          const revalidateMatch = matchRoute(new URL(revalidateReq.url).pathname);
-          if (!revalidateMatch) {
-            throw new Error(`revalidatePath('${path}') — no matching route`);
-          }
-          // Coerce segment params (params.ts) before building the element tree.
-          // Without this, components receive raw strings instead of typed values.
-          await coerceSegmentParams(revalidateMatch);
-          // Set coerced params in ALS so getSegmentParams() works during
-          // the revalidation render (AccessGate reads params via ALS).
-          // Without this, AccessGate → getSegmentParams() throws because
-          // segmentParamsPromise is never set. See TIM-667.
-          setSegmentParams(revalidateMatch.segmentParams);
-          const routeResult = await buildRouteElement(revalidateReq, revalidateMatch);
-          return {
-            element: routeResult.element,
-            headElements: routeResult.headElements,
-          };
-        },
+  const actionsConfig = (runtimeConfig as Record<string, unknown>).actions as
+    | { runMiddleware?: boolean }
+    | undefined;
+  return wrapPipelineWithActionDispatch(pipeline, {
+    csrfConfig,
+    bodyLimits: (runtimeConfig as Record<string, unknown>).limits as BodyLimitsConfig['limits'],
+    sensitiveFields: formsConfig?.stripSensitiveFields,
+    matchRoute,
+    coerceSegmentParams,
+    renderDenyFallback: pipelineConfig.renderDenyFallback,
+    runMiddleware: actionsConfig?.runMiddleware,
+    // Thread the pipeline's `stripTrailingSlash` setting into the wrapper
+    // so its canonicalization step (applied before `matchRoute` for
+    // action POSTs) matches the page pipeline exactly. Defaults to `true`
+    // both here and inside the wrapper.
+    stripTrailingSlash: pipelineConfig.stripTrailingSlash,
+    buildRevalidateRenderer: (req) => async (path: string) => {
+      // Build the React element tree for the route at `path`.
+      // Returns the element tree (not serialized) so the action handler can
+      // combine it with the action result in a single renderToReadableStream call.
+      // Forward original request headers (cookies, session IDs, etc.).
+      const revalidateHeaders = new Headers(req.headers);
+      revalidateHeaders.set('Accept', 'text/x-component');
+      const revalidateReq = new Request(new URL(path, req.url), {
+        headers: revalidateHeaders,
       });
-      if (actionResponse) {
-        // Check if this is a re-render signal (no-JS validation failure)
-        if ('rerender' in actionResponse) {
-          const formRerender = actionResponse as FormRerender;
-          // Re-render the page with the action result as flash data.
-          // Server components read it via getFormFlash() and pass it to
-          // client form components as the initial useActionState value.
-          //
-          // Build a synthetic GET request for the rerender pipeline:
-          //   - Same URL (so route matching lands on the same page)
-          //   - Cookie header replaced with the post-action RYW snapshot
-          //     so server components see the action's writes (TIM-837)
-          //   - Method GET because the rerender is conceptually a page
-          //     render, not a re-POST. The pipeline doesn't branch on
-          //     method for page rendering, and constructing a POST without
-          //     a body is awkward across Request implementations.
-          const rerenderHeaders = new Headers(req.headers);
-          if (formRerender.cookieHeader) {
-            rerenderHeaders.set('cookie', formRerender.cookieHeader);
-          } else {
-            rerenderHeaders.delete('cookie');
-          }
-          const rerenderReq = new Request(req.url, {
-            method: 'GET',
-            headers: rerenderHeaders,
-          });
-          const response = await runWithFormFlash(formRerender.rerender, () =>
-            pipeline(rerenderReq)
-          );
-          // Apply Set-Cookie headers snapshotted from the action's ALS scope.
-          // The pipeline above runs in its own request context with a fresh
-          // cookie jar, so cookies set inside the action would otherwise be
-          // silently dropped on the no-JS rerender path. See TIM-836
-          // (LOCAL-740).
-          for (const value of formRerender.setCookieHeaders) {
-            response.headers.append('Set-Cookie', value);
-          }
-          return response;
-        }
-        return actionResponse;
+      const revalidateMatch = matchRoute(new URL(revalidateReq.url).pathname);
+      if (!revalidateMatch) {
+        throw new Error(`revalidatePath('${path}') — no matching route`);
       }
-    }
-    return pipeline(req);
-  };
-}
-/**
- * Render a matched route to an HTML Response via RSC → SSR pipeline,
- * or return a raw RSC Flight stream for client-side navigation requests.
- *
- * 1. Load page/layout components from the segment chain
- * 2. Resolve metadata
- * 3. Render to RSC Flight stream (serializes "use client" as references)
- * 4. If Accept: text/x-component → return RSC stream directly
- *    Otherwise → pass RSC stream to SSR entry for HTML rendering
- */
-async function renderRoute(
-  _req: Request,
-  match: RouteMatch,
-  responseHeaders: Headers,
-  clientBootstrap: ClientBootstrapConfig,
-  clientJsDisabled: boolean,
-  interception?: InterceptionContext,
-  rootSegment?: ManifestSegmentNode,
-  globalError?: { load: () => Promise<unknown>; filePath: string }
-): Promise<Response> {
-  const segments = match.segments as unknown as ManifestSegmentNode[];
-  const leaf = segments[segments.length - 1];
-  // API routes (route.ts) — run access.ts standalone then dispatch to handler.
-  // No React render pass — AccessGate is not used, React.cache is not active.
-  // See design/04-authorization.md §"Auth in API Routes".
-  if (leaf.route && !leaf.page) {
-    return handleApiRoute(_req, match, segments, responseHeaders);
-  }
-  // Parse X-Timber-State-Tree for RSC payload requests (client navigation).
-  // The state tree lists sync segments the client has cached — the server
-  // skips re-rendering those layouts for a smaller, faster RSC payload.
-  // Only used for RSC requests — HTML requests always get a full render.
-  // See design/19-client-navigation.md §"X-Timber-State-Tree Header"
-  const clientStateTree = isRscPayloadRequest(_req) ? parseClientStateTree(_req) : null;
-  // Build the React element tree — loads modules, collects access checks,
-  // resolves metadata. Access checks are NOT run here — they run inside
-  // AccessPreRunner during renderToReadableStream so that access.ts and
-  // render components share the same React.cache scope (TIM-662).
-  //
-  // DenySignal/RedirectSignal from access checks are caught by onError
-  // during stream consumption and handled by renderSsrResponse /
-  // buildRscPayloadResponse.
-  let routeResult;
-  const _buildStart = performance.now();
-  try {
-    routeResult = await buildRouteElement(_req, match, interception, clientStateTree);
-  } catch (error) {
-    // Param coercion failed — render the custom 404 page (status files / not-found).
-    // Previously returned a bare Response(null, { status: 404 }) which bypassed
-    // custom not-found pages. Now routes through renderNoMatchPage so apps with
-    // 404.tsx / not-found status files render their custom page.
-    if (error instanceof ParamCoercionError) {
-      return renderNoMatchPage(_req, rootSegment!, responseHeaders, clientBootstrap);
-    }
-    // No PageComponent found — same treatment as param coercion: render custom 404.
-    if (error instanceof Error && error.message.startsWith('No page component')) {
-      return renderNoMatchPage(_req, rootSegment!, responseHeaders, clientBootstrap);
-    }
-    throw error;
-  }
-  const _buildEnd = performance.now();
-  recordTiming({
-    name: 'build',
-    dur: Math.round(_buildEnd - _buildStart),
-    desc: 'build element tree',
-  });
-  const { element, headElements, layoutComponents, deferSuspenseFor, skippedSegments } =
-    routeResult;
-  // Build head HTML for injection into the SSR output.
-  // Collects CSS, fonts, and modulepreload from the build manifest for matched segments.
-  // In dev mode the manifest is empty — Vite HMR handles CSS/JS.
-  //
-  // Link headers (for 103 Early Hints) are emitted by the earlyHints pipeline
-  // stage before middleware runs. Here we only emit the <head> HTML fallback tags
-  // — these ensure resources load even on platforms without Early Hints support.
-  const typedManifest = buildManifest as BuildManifest;
-  let headHtml = '';
-  // CSS is handled by the RSC plugin via ReactDOM.preinit() with
-  // data-precedence attributes. This injects <link rel="stylesheet">
-  // tags during the RSC render phase — before our headHtml injection.
-  // We do NOT emit additional <link rel="stylesheet"> tags here because:
-  // 1. React's Float system deduplicates them, making ours redundant
-  // 2. The duplicate reference confuses React's client-side preload
-  //    deduplication, causing "preload ignored" browser warnings
-  //
-  // CSS URLs are still collected for Early Hints (Link headers) in
-  // buildEarlyHintsHeaders() — those are HTTP headers, not DOM elements,
-  // so they don't conflict with Float.
-  // Font CSS is NOT inlined here anymore (TIM-828). The transform hook
-  // injects a side-effect `import 'virtual:timber-font-css/<hash>.css'`
-  // into each file that calls a font function. @vitejs/plugin-rsc's
-  // `collectCss` walks the RSC module graph, finds the virtual CSS
-  // module, and React Float `preinit()`s it as
-  // `<link rel="stylesheet" data-rsc-css-href=...>` — the same path
-  // component CSS rides on. Dev and production share a single path,
-  // with no `globalThis` channel and no dev/prod skew.
-  //
-  // Font preload hints (distinct from the @font-face CSS) still flow
-  // through `BuildManifest.fonts[importer]` and are emitted below plus
-  // as 103 Early Hints via `buildEarlyHintsHeaders()`.
-  const fontEntries = collectRouteFonts(segments, typedManifest);
-  if (fontEntries.length > 0) {
-    headHtml += buildFontPreloadTags(fontEntries);
-  }
-  // Skip modulepreload tags when client JavaScript is disabled — no JS to preload.
-  if (!clientJsDisabled) {
-    const preloadUrls = collectRouteModulepreloads(segments, typedManifest);
-    if (preloadUrls.length > 0) {
-      headHtml += buildModulepreloadTags(preloadUrls);
-    }
-  }
-  for (const el of headElements) {
-    if (el.tag === 'title' && el.content) {
-      headHtml += `<title>${escapeHtml(el.content)}</title>`;
-    } else if (el.attrs) {
-      const attrs = Object.entries(el.attrs)
-        .filter(([, v]) => v != null)
-        .map(([k, v]) => `${k}="${escapeHtml(v as string)}"`)
-        .join(' ');
-      headHtml += `<${el.tag} ${attrs}>`;
-    }
-  }
-  // In dev mode, inject the browser log forwarding script so console
-  // errors/warnings from the browser appear in the server terminal.
-  // Set by timber-dev-browser-logs plugin via globalThis (TIM-575).
-  if (isDevMode()) {
-    const devLogScript = (globalThis as Record<string, unknown>).__timber_dev_browser_log_script as
-      | string
-      | undefined;
-    if (devLogScript) {
-      headHtml += devLogScript;
-    }
-  }
-  // Render to RSC Flight stream with signal tracking.
-  const _rscStart = performance.now();
-  const { rscStream, signals, getDebugComponents } = renderRscStream(element, _req);
-  // Store the debug components getter in ALS so onPipelineError can
-  // include component tree context for render-phase errors (dev mode only).
-  // Per-request via ALS — no cross-request race. See TIM-557.
-  const alsStore = requestContextAls.getStore();
-  if (alsStore) {
-    alsStore.debugComponentsGetter = getDebugComponents;
-  }
-  recordTiming({
-    name: 'rsc-init',
-    dur: Math.round(performance.now() - _rscStart),
-    desc: 'RSC stream init',
-  });
-  // Synchronous redirect — redirect() in access.ts or a non-async component
-  // throws during renderToReadableStream creation. Return HTTP redirect.
-  if (signals.redirectSignal) {
-    return buildRedirectResponse(_req, signals.redirectSignal, responseHeaders);
-  }
-  // Synchronous deny — deny() in a non-async component throws during
-  // renderToReadableStream creation, caught in the try/catch above.
-  if (signals.denySignal) {
-    if (isRscPayloadRequest(_req)) {
-      return renderDenyPageAsRsc(
-        signals.denySignal,
-        segments,
-        layoutComponents as LayoutEntry[],
-        responseHeaders,
-        createDebugChannelSink
-      );
-    }
-    return renderDenyPage(
-      signals.denySignal,
-      segments,
-      layoutComponents as LayoutEntry[],
-      _req,
-      match,
-      responseHeaders,
-      clientBootstrap,
-      createDebugChannelSink,
-      callSsr
-    );
-  }
-  // Synchronous render error — renderToReadableStream threw before
-  // creating the stream. Render the error page with correct 5xx status.
-  // (Async render errors are tracked in onError and handled after SSR.)
-  if (signals.renderError && !rscStream) {
-    return renderErrorPage(
-      signals.renderError.error,
-      signals.renderError.status,
-      segments,
-      layoutComponents as LayoutEntry[],
-      _req,
-      match,
-      responseHeaders,
-      clientBootstrap,
-      globalError
-    );
-  }
-  // For RSC payload requests (client navigation), return the RSC Flight
-  // stream directly — skip SSR HTML rendering entirely.
-  // See design/19-client-navigation.md §"RSC Payload Handling"
-  if (isRscPayloadRequest(_req)) {
-    return buildRscPayloadResponse(
-      _req,
-      rscStream!,
-      signals,
-      segments,
-      layoutComponents,
-      headElements,
-      match,
-      responseHeaders,
-      skippedSegments
-    );
-  }
-  // Pipe through SSR for HTML rendering with streaming Suspense support.
-  return renderSsrResponse({
-    req: _req,
-    rscStream: rscStream!,
-    signals,
-    segments,
-    layoutComponents,
-    match,
-    responseHeaders,
-    clientBootstrap,
-    clientJsDisabled,
-    headHtml,
-    deferSuspenseFor,
-    globalError,
+      // Coerce segment params (params.ts) before building the element tree.
+      // Without this, components receive raw strings instead of typed values.
+      await coerceSegmentParams(revalidateMatch);
+      // Set coerced params in ALS so getSegmentParams() works during the
+      // revalidation render (AccessGate reads params via ALS). Without this,
+      // AccessGate → getSegmentParams() throws because segmentParams
+      // is never set. See TIM-667.
+      setSegmentParams(revalidateMatch.segmentParams);
+      const routeResult = await buildRouteElement(revalidateReq, revalidateMatch);
+      return {
+        element: routeResult.element,
+        headElements: routeResult.headElements,
+      };
+    },
   });
 }