npm - @timber-js/app - Versions diffs - 0.2.0-alpha.97 → 0.2.0-alpha.99 - Mend

@timber-js/app 0.2.0-alpha.97 → 0.2.0-alpha.99

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (372) hide show

package/dist/_chunks/actions-CQ8Z8VGL.js +1061 -0
package/dist/_chunks/actions-CQ8Z8VGL.js.map +1 -0
package/dist/_chunks/build-output-helper-DXnW0qjz.js +61 -0
package/dist/_chunks/build-output-helper-DXnW0qjz.js.map +1 -0
package/dist/_chunks/{define-Itxvcd7F.js → define-B-Q_UMOD.js} +19 -23
package/dist/_chunks/define-B-Q_UMOD.js.map +1 -0
package/dist/_chunks/{define-C77ScO0m.js → define-CfBPoJb0.js} +24 -7
package/dist/_chunks/define-CfBPoJb0.js.map +1 -0
package/dist/_chunks/define-cookie-BjpIt4UC.js +194 -0
package/dist/_chunks/define-cookie-BjpIt4UC.js.map +1 -0
package/dist/_chunks/{format-CYBGxKtc.js → format-Bcn-Iv1x.js} +1 -1
package/dist/_chunks/{format-CYBGxKtc.js.map → format-Bcn-Iv1x.js.map} +1 -1
package/dist/_chunks/handler-store-B-lqaGyh.js +54 -0
package/dist/_chunks/handler-store-B-lqaGyh.js.map +1 -0
package/dist/_chunks/logger-0m8MsKdc.js +291 -0
package/dist/_chunks/logger-0m8MsKdc.js.map +1 -0
package/dist/_chunks/merge-search-params-BphMdht_.js +122 -0
package/dist/_chunks/merge-search-params-BphMdht_.js.map +1 -0
package/dist/_chunks/{metadata-routes-DS3eKNmf.js → metadata-routes-BU684ls2.js} +1 -1
package/dist/_chunks/{metadata-routes-DS3eKNmf.js.map → metadata-routes-BU684ls2.js.map} +1 -1
package/dist/_chunks/navigation-root-BCYczjml.js +96 -0
package/dist/_chunks/navigation-root-BCYczjml.js.map +1 -0
package/dist/_chunks/registry-I2ss-lvy.js +20 -0
package/dist/_chunks/registry-I2ss-lvy.js.map +1 -0
package/dist/_chunks/router-ref-h3-UaCQv.js +28 -0
package/dist/_chunks/router-ref-h3-UaCQv.js.map +1 -0
package/dist/_chunks/{schema-bridge-C3xl_vfb.js → schema-bridge-Cxu4l-7p.js} +1 -1
package/dist/_chunks/{schema-bridge-C3xl_vfb.js.map → schema-bridge-Cxu4l-7p.js.map} +1 -1
package/dist/_chunks/segment-classify-BjfuctV2.js +137 -0
package/dist/_chunks/segment-classify-BjfuctV2.js.map +1 -0
package/dist/_chunks/{segment-context-fHFLF1PE.js → segment-context-Dx_OizxD.js} +1 -1
package/dist/_chunks/{segment-context-fHFLF1PE.js.map → segment-context-Dx_OizxD.js.map} +1 -1
package/dist/_chunks/{router-ref-C8OCm7g7.js → ssr-data-B4CdH7rE.js} +2 -26
package/dist/_chunks/ssr-data-B4CdH7rE.js.map +1 -0
package/dist/_chunks/{stale-reload-BX5gL1r-.js → stale-reload-Bab885FO.js} +1 -1
package/dist/_chunks/{stale-reload-BX5gL1r-.js.map → stale-reload-Bab885FO.js.map} +1 -1
package/dist/_chunks/tracing-C8V-YGsP.js +329 -0
package/dist/_chunks/tracing-C8V-YGsP.js.map +1 -0
package/dist/_chunks/{use-query-states-BiV5GJgm.js → use-query-states-B2XTqxDR.js} +3 -19
package/dist/_chunks/use-query-states-B2XTqxDR.js.map +1 -0
package/dist/_chunks/{use-params-IOPu7E8t.js → use-segment-params-BkpKAQ7D.js} +9 -95
package/dist/_chunks/use-segment-params-BkpKAQ7D.js.map +1 -0
package/dist/_chunks/{interception-BbqMCVXa.js → walkers-Tg0Alwcg.js} +66 -87
package/dist/_chunks/walkers-Tg0Alwcg.js.map +1 -0
package/dist/_chunks/{dev-warnings-DpGRGoDi.js → warnings-Cg47l5sk.js} +3 -3
package/dist/_chunks/warnings-Cg47l5sk.js.map +1 -0
package/dist/adapters/build-output-helper.d.ts +28 -0
package/dist/adapters/build-output-helper.d.ts.map +1 -0
package/dist/adapters/cloudflare.d.ts.map +1 -1
package/dist/adapters/cloudflare.js +8 -28
package/dist/adapters/cloudflare.js.map +1 -1
package/dist/adapters/nitro.d.ts.map +1 -1
package/dist/adapters/nitro.js +63 -31
package/dist/adapters/nitro.js.map +1 -1
package/dist/adapters/shared.d.ts +16 -0
package/dist/adapters/shared.d.ts.map +1 -0
package/dist/cache/index.js +9 -2
package/dist/cache/index.js.map +1 -1
package/dist/cache/timber-cache.d.ts.map +1 -1
package/dist/client/error-boundary.js +2 -1
package/dist/client/error-boundary.js.map +1 -1
package/dist/client/form.d.ts +10 -24
package/dist/client/form.d.ts.map +1 -1
package/dist/client/index.d.ts +1 -5
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +41 -91
package/dist/client/index.js.map +1 -1
package/dist/client/internal.d.ts +2 -1
package/dist/client/internal.d.ts.map +1 -1
package/dist/client/internal.js +81 -7
package/dist/client/internal.js.map +1 -1
package/dist/client/rsc-fetch.d.ts.map +1 -1
package/dist/client/state.d.ts +1 -1
package/dist/client/use-cookie.d.ts +8 -0
package/dist/client/use-cookie.d.ts.map +1 -1
package/dist/client/{use-params.d.ts → use-segment-params.d.ts} +1 -1
package/dist/client/use-segment-params.d.ts.map +1 -0
package/dist/codec.d.ts +1 -1
package/dist/codec.d.ts.map +1 -1
package/dist/codec.js +2 -2
package/dist/config-types.d.ts +28 -0
package/dist/config-types.d.ts.map +1 -1
package/dist/cookies/define-cookie.d.ts +87 -35
package/dist/cookies/define-cookie.d.ts.map +1 -1
package/dist/cookies/index.d.ts +2 -1
package/dist/cookies/index.d.ts.map +1 -1
package/dist/cookies/index.js +48 -2
package/dist/cookies/index.js.map +1 -0
package/dist/cookies/json-cookie.d.ts +64 -0
package/dist/cookies/json-cookie.d.ts.map +1 -0
package/dist/cookies/validation.d.ts +46 -0
package/dist/cookies/validation.d.ts.map +1 -0
package/dist/{plugins/dev-404-page.d.ts → dev-tools/404-page.d.ts} +9 -19
package/dist/dev-tools/404-page.d.ts.map +1 -0
package/dist/{plugins/dev-browser-logs.d.ts → dev-tools/browser-logs.d.ts} +1 -1
package/dist/dev-tools/browser-logs.d.ts.map +1 -0
package/dist/{plugins/dev-error-page.d.ts → dev-tools/error-page.d.ts} +2 -2
package/dist/dev-tools/error-page.d.ts.map +1 -0
package/dist/{server/dev-holding-server.d.ts → dev-tools/holding-server.d.ts} +5 -3
package/dist/dev-tools/holding-server.d.ts.map +1 -0
package/dist/dev-tools/index.d.ts +31 -0
package/dist/dev-tools/index.d.ts.map +1 -0
package/dist/{server/dev-span-processor.d.ts → dev-tools/instrumentation.d.ts} +26 -6
package/dist/dev-tools/instrumentation.d.ts.map +1 -0
package/dist/{server/dev-logger.d.ts → dev-tools/logger.d.ts} +1 -1
package/dist/dev-tools/logger.d.ts.map +1 -0
package/dist/{plugins/dev-logs.d.ts → dev-tools/logs.d.ts} +1 -1
package/dist/dev-tools/logs.d.ts.map +1 -0
package/dist/{plugins/dev-error-overlay.d.ts → dev-tools/overlay.d.ts} +3 -12
package/dist/dev-tools/overlay.d.ts.map +1 -0
package/dist/dev-tools/stack-classifier.d.ts +34 -0
package/dist/dev-tools/stack-classifier.d.ts.map +1 -0
package/dist/{plugins/dev-terminal-error.d.ts → dev-tools/terminal.d.ts} +2 -2
package/dist/dev-tools/terminal.d.ts.map +1 -0
package/dist/{server/dev-warnings.d.ts → dev-tools/warnings.d.ts} +1 -1
package/dist/dev-tools/warnings.d.ts.map +1 -0
package/dist/index.d.ts +1 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +285 -133
package/dist/index.js.map +1 -1
package/dist/plugin-context.d.ts +1 -1
package/dist/plugin-context.d.ts.map +1 -1
package/dist/plugins/adapter-build.d.ts.map +1 -1
package/dist/plugins/build-report.d.ts +6 -4
package/dist/plugins/build-report.d.ts.map +1 -1
package/dist/routing/convention-lint.d.ts.map +1 -1
package/dist/routing/index.d.ts +5 -3
package/dist/routing/index.d.ts.map +1 -1
package/dist/routing/index.js +3 -3
package/dist/routing/scanner.d.ts +1 -10
package/dist/routing/scanner.d.ts.map +1 -1
package/dist/routing/segment-classify.d.ts +37 -8
package/dist/routing/segment-classify.d.ts.map +1 -1
package/dist/routing/status-file-lint.d.ts.map +1 -1
package/dist/routing/types.d.ts +63 -23
package/dist/routing/types.d.ts.map +1 -1
package/dist/routing/walkers.d.ts +51 -0
package/dist/routing/walkers.d.ts.map +1 -0
package/dist/search-params/define.d.ts +25 -7
package/dist/search-params/define.d.ts.map +1 -1
package/dist/search-params/index.js +5 -3
package/dist/search-params/index.js.map +1 -1
package/dist/search-params/wrappers.d.ts +2 -2
package/dist/search-params/wrappers.d.ts.map +1 -1
package/dist/segment-params/define.d.ts +23 -6
package/dist/segment-params/define.d.ts.map +1 -1
package/dist/segment-params/index.js +1 -1
package/dist/server/access-gate.d.ts +4 -3
package/dist/server/access-gate.d.ts.map +1 -1
package/dist/server/action-handler.d.ts +15 -6
package/dist/server/action-handler.d.ts.map +1 -1
package/dist/server/als-registry.d.ts +5 -5
package/dist/server/als-registry.d.ts.map +1 -1
package/dist/server/asset-headers.d.ts +1 -15
package/dist/server/asset-headers.d.ts.map +1 -1
package/dist/server/cookie-context.d.ts +170 -0
package/dist/server/cookie-context.d.ts.map +1 -0
package/dist/server/cookie-parsing.d.ts +51 -0
package/dist/server/cookie-parsing.d.ts.map +1 -0
package/dist/server/deny-boundary.d.ts +90 -0
package/dist/server/deny-boundary.d.ts.map +1 -0
package/dist/server/deny-renderer.d.ts.map +1 -1
package/dist/server/early-hints-sender.d.ts.map +1 -1
package/dist/server/html-injector-core.d.ts +212 -0
package/dist/server/html-injector-core.d.ts.map +1 -0
package/dist/server/html-injectors.d.ts +59 -59
package/dist/server/html-injectors.d.ts.map +1 -1
package/dist/server/index.d.ts +5 -4
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +4 -149
package/dist/server/index.js.map +1 -1
package/dist/server/internal.d.ts +6 -4
package/dist/server/internal.d.ts.map +1 -1
package/dist/server/internal.js +852 -852
package/dist/server/internal.js.map +1 -1
package/dist/server/logger.d.ts +14 -0
package/dist/server/logger.d.ts.map +1 -1
package/dist/server/middleware-runner.d.ts +17 -0
package/dist/server/middleware-runner.d.ts.map +1 -1
package/dist/server/node-stream-transforms.d.ts +46 -49
package/dist/server/node-stream-transforms.d.ts.map +1 -1
package/dist/server/param-coercion.d.ts +26 -0
package/dist/server/param-coercion.d.ts.map +1 -0
package/dist/server/pipeline-helpers.d.ts +95 -0
package/dist/server/pipeline-helpers.d.ts.map +1 -0
package/dist/server/pipeline-outcome.d.ts +49 -0
package/dist/server/pipeline-outcome.d.ts.map +1 -0
package/dist/server/pipeline-phases.d.ts +52 -0
package/dist/server/pipeline-phases.d.ts.map +1 -0
package/dist/server/pipeline.d.ts +51 -32
package/dist/server/pipeline.d.ts.map +1 -1
package/dist/server/port-resolution.d.ts +117 -0
package/dist/server/port-resolution.d.ts.map +1 -0
package/dist/server/request-context.d.ts +22 -159
package/dist/server/request-context.d.ts.map +1 -1
package/dist/server/route-element-builder.d.ts.map +1 -1
package/dist/server/route-matcher.d.ts +20 -47
package/dist/server/route-matcher.d.ts.map +1 -1
package/dist/server/rsc-entry/action-middleware-runner.d.ts +66 -0
package/dist/server/rsc-entry/action-middleware-runner.d.ts.map +1 -0
package/dist/server/rsc-entry/helpers.d.ts +1 -1
package/dist/server/rsc-entry/helpers.d.ts.map +1 -1
package/dist/server/rsc-entry/index.d.ts.map +1 -1
package/dist/server/rsc-entry/render-route.d.ts +50 -0
package/dist/server/rsc-entry/render-route.d.ts.map +1 -0
package/dist/server/rsc-entry/wrap-action-dispatch.d.ts +119 -0
package/dist/server/rsc-entry/wrap-action-dispatch.d.ts.map +1 -0
package/dist/server/state-tree-diff.d.ts.map +1 -1
package/dist/server/status-code-resolver.d.ts +16 -11
package/dist/server/status-code-resolver.d.ts.map +1 -1
package/dist/server/tracing.d.ts +1 -1
package/dist/server/tracing.d.ts.map +1 -1
package/dist/server/tree-builder.d.ts +45 -16
package/dist/server/tree-builder.d.ts.map +1 -1
package/dist/server/types.d.ts +48 -0
package/dist/server/types.d.ts.map +1 -1
package/dist/server/utils/escape-html.d.ts +14 -0
package/dist/server/utils/escape-html.d.ts.map +1 -0
package/dist/shims/headers.d.ts +2 -2
package/dist/shims/headers.d.ts.map +1 -1
package/dist/shims/navigation-client.d.ts +3 -1
package/dist/shims/navigation-client.d.ts.map +1 -1
package/dist/shims/navigation.d.ts +9 -4
package/dist/shims/navigation.d.ts.map +1 -1
package/dist/utils/directive-parser.d.ts +0 -45
package/dist/utils/directive-parser.d.ts.map +1 -1
package/package.json +1 -1
package/src/adapters/build-output-helper.ts +77 -0
package/src/adapters/cloudflare.ts +10 -50
package/src/adapters/nitro.ts +66 -50
package/src/adapters/shared.ts +40 -0
package/src/cache/timber-cache.ts +3 -2
package/src/client/form.tsx +17 -25
package/src/client/index.ts +16 -9
package/src/client/internal.ts +3 -2
package/src/client/router.ts +1 -1
package/src/client/rsc-fetch.ts +15 -0
package/src/client/state.ts +2 -2
package/src/client/use-cookie.ts +29 -0
package/src/codec.ts +3 -7
package/src/config-types.ts +28 -0
package/src/cookies/define-cookie.ts +271 -78
package/src/cookies/index.ts +11 -8
package/src/cookies/json-cookie.ts +105 -0
package/src/cookies/validation.ts +134 -0
package/src/{plugins/dev-404-page.ts → dev-tools/404-page.ts} +17 -48
package/src/{plugins/dev-error-page.ts → dev-tools/error-page.ts} +5 -32
package/src/{server/dev-holding-server.ts → dev-tools/holding-server.ts} +4 -2
package/src/dev-tools/index.ts +90 -0
package/src/dev-tools/instrumentation.ts +176 -0
package/src/{plugins/dev-logs.ts → dev-tools/logs.ts} +2 -2
package/src/{plugins/dev-error-overlay.ts → dev-tools/overlay.ts} +5 -23
package/src/dev-tools/stack-classifier.ts +75 -0
package/src/{plugins/dev-terminal-error.ts → dev-tools/terminal.ts} +4 -38
package/src/{server/dev-warnings.ts → dev-tools/warnings.ts} +1 -1
package/src/index.ts +95 -34
package/src/plugin-context.ts +1 -1
package/src/plugins/adapter-build.ts +3 -1
package/src/plugins/build-report.ts +13 -22
package/src/plugins/dev-server.ts +3 -3
package/src/plugins/routing.ts +14 -12
package/src/plugins/shims.ts +1 -1
package/src/plugins/static-build.ts +1 -1
package/src/routing/codegen.ts +1 -1
package/src/routing/convention-lint.ts +9 -8
package/src/routing/index.ts +5 -3
package/src/routing/interception.ts +1 -1
package/src/routing/scanner.ts +22 -95
package/src/routing/segment-classify.ts +107 -8
package/src/routing/status-file-lint.ts +7 -5
package/src/routing/types.ts +63 -23
package/src/routing/walkers.ts +90 -0
package/src/search-params/define.ts +71 -15
package/src/search-params/wrappers.ts +9 -2
package/src/segment-params/define.ts +66 -13
package/src/server/access-gate.tsx +9 -8
package/src/server/action-handler.ts +34 -38
package/src/server/als-registry.ts +5 -5
package/src/server/asset-headers.ts +8 -34
package/src/server/cookie-context.ts +468 -0
package/src/server/cookie-parsing.ts +135 -0
package/src/server/{deny-page-resolver.ts → deny-boundary.ts} +78 -14
package/src/server/deny-renderer.ts +7 -12
package/src/server/early-hints-sender.ts +3 -2
package/src/server/fallback-error.ts +2 -2
package/src/server/html-injector-core.ts +403 -0
package/src/server/html-injectors.ts +158 -297
package/src/server/index.ts +13 -14
package/src/server/internal.ts +10 -3
package/src/server/logger.ts +23 -0
package/src/server/middleware-runner.ts +44 -0
package/src/server/node-stream-transforms.ts +108 -248
package/src/server/param-coercion.ts +76 -0
package/src/server/pipeline-helpers.ts +204 -0
package/src/server/pipeline-outcome.ts +167 -0
package/src/server/pipeline-phases.ts +409 -0
package/src/server/pipeline.ts +70 -540
package/src/server/port-resolution.ts +215 -0
package/src/server/request-context.ts +46 -451
package/src/server/route-element-builder.ts +8 -4
package/src/server/route-matcher.ts +28 -60
package/src/server/rsc-entry/action-middleware-runner.ts +167 -0
package/src/server/rsc-entry/api-handler.ts +2 -2
package/src/server/rsc-entry/error-renderer.ts +2 -2
package/src/server/rsc-entry/helpers.ts +2 -7
package/src/server/rsc-entry/index.ts +81 -366
package/src/server/rsc-entry/render-route.ts +304 -0
package/src/server/rsc-entry/rsc-payload.ts +1 -1
package/src/server/rsc-entry/ssr-renderer.ts +2 -2
package/src/server/rsc-entry/wrap-action-dispatch.ts +449 -0
package/src/server/sitemap-generator.ts +1 -1
package/src/server/slot-resolver.ts +1 -1
package/src/server/ssr-entry.ts +1 -1
package/src/server/state-tree-diff.ts +4 -1
package/src/server/status-code-resolver.ts +112 -128
package/src/server/tracing.ts +3 -3
package/src/server/tree-builder.ts +134 -56
package/src/server/types.ts +52 -0
package/src/server/utils/escape-html.ts +20 -0
package/src/shims/headers.ts +3 -3
package/src/shims/navigation-client.ts +4 -3
package/src/shims/navigation.ts +9 -7
package/src/utils/directive-parser.ts +0 -392
package/dist/_chunks/actions-DLnUaR65.js +0 -421
package/dist/_chunks/actions-DLnUaR65.js.map +0 -1
package/dist/_chunks/als-registry-HS0LGUl2.js +0 -41
package/dist/_chunks/als-registry-HS0LGUl2.js.map +0 -1
package/dist/_chunks/debug-ECi_61pb.js +0 -108
package/dist/_chunks/debug-ECi_61pb.js.map +0 -1
package/dist/_chunks/define-C77ScO0m.js.map +0 -1
package/dist/_chunks/define-Itxvcd7F.js.map +0 -1
package/dist/_chunks/define-cookie-BowvzoP0.js +0 -94
package/dist/_chunks/define-cookie-BowvzoP0.js.map +0 -1
package/dist/_chunks/dev-warnings-DpGRGoDi.js.map +0 -1
package/dist/_chunks/interception-BbqMCVXa.js.map +0 -1
package/dist/_chunks/merge-search-params-Cm_KIWDX.js +0 -41
package/dist/_chunks/merge-search-params-Cm_KIWDX.js.map +0 -1
package/dist/_chunks/request-context-CK5tZqIP.js +0 -478
package/dist/_chunks/request-context-CK5tZqIP.js.map +0 -1
package/dist/_chunks/router-ref-C8OCm7g7.js.map +0 -1
package/dist/_chunks/segment-classify-BDNn6EzD.js +0 -65
package/dist/_chunks/segment-classify-BDNn6EzD.js.map +0 -1
package/dist/_chunks/tracing-CCYbKn5n.js +0 -238
package/dist/_chunks/tracing-CCYbKn5n.js.map +0 -1
package/dist/_chunks/use-params-IOPu7E8t.js.map +0 -1
package/dist/_chunks/use-query-states-BiV5GJgm.js.map +0 -1
package/dist/client/use-params.d.ts.map +0 -1
package/dist/plugins/dev-404-page.d.ts.map +0 -1
package/dist/plugins/dev-browser-logs.d.ts.map +0 -1
package/dist/plugins/dev-error-overlay.d.ts.map +0 -1
package/dist/plugins/dev-error-page.d.ts.map +0 -1
package/dist/plugins/dev-logs.d.ts.map +0 -1
package/dist/plugins/dev-terminal-error.d.ts.map +0 -1
package/dist/server/deny-page-resolver.d.ts +0 -52
package/dist/server/deny-page-resolver.d.ts.map +0 -1
package/dist/server/dev-fetch-instrumentation.d.ts +0 -22
package/dist/server/dev-fetch-instrumentation.d.ts.map +0 -1
package/dist/server/dev-holding-server.d.ts.map +0 -1
package/dist/server/dev-logger.d.ts.map +0 -1
package/dist/server/dev-span-processor.d.ts.map +0 -1
package/dist/server/dev-warnings.d.ts.map +0 -1
package/dist/server/manifest-status-resolver.d.ts +0 -58
package/dist/server/manifest-status-resolver.d.ts.map +0 -1
package/dist/server/page-deny-boundary.d.ts +0 -31
package/dist/server/page-deny-boundary.d.ts.map +0 -1
package/src/server/dev-fetch-instrumentation.ts +0 -96
package/src/server/dev-span-processor.ts +0 -78
package/src/server/manifest-status-resolver.ts +0 -215
package/src/server/page-deny-boundary.tsx +0 -56
/package/src/client/{use-params.ts → use-segment-params.ts} +0 -0
/package/src/{plugins/dev-browser-logs.ts → dev-tools/browser-logs.ts} +0 -0
/package/src/{server/dev-logger.ts → dev-tools/logger.ts} +0 -0

package/dist/_chunks/request-context-CK5tZqIP.js DELETED Viewed

@@ -1,478 +0,0 @@
-import { r as __exportAll } from "./chunk-BYIpzuS7.js";
-import { t as isDebug } from "./debug-ECi_61pb.js";
-import { r as requestContextAls } from "./als-registry-HS0LGUl2.js";
-import { t as _setGetSearchParamsFn } from "./define-Itxvcd7F.js";
-import { t as _setGetSegmentParamsFn } from "./define-C77ScO0m.js";
-//#region src/server/request-context.ts
-/**
-* Request Context — per-request ALS store for getHeaders() and getCookies().
-*
-* Follows the same pattern as tracing.ts: a module-level AsyncLocalStorage
-* instance, public accessor functions that throw outside request scope,
-* and a framework-internal `runWithRequestContext()` to establish scope.
-*
-* See design/04-authorization.md §"AccessContext does not include cookies or headers"
-* and design/11-platform.md §"AsyncLocalStorage".
-* See design/29-cookies.md for cookie mutation semantics.
-*/
-var request_context_exports = /* @__PURE__ */ __exportAll({
-	applyRequestHeaderOverlay: () => applyRequestHeaderOverlay,
-	getCookie: () => getCookie,
-	getCookies: () => getCookies,
-	getHeader: () => getHeader,
-	getHeaders: () => getHeaders,
-	getRequestSearchString: () => getRequestSearchString,
-	getSearchParams: () => getSearchParams,
-	getSegmentParams: () => getSegmentParams,
-	getSetCookieHeaders: () => getSetCookieHeaders,
-	markResponseFlushed: () => markResponseFlushed,
-	requestContextAls: () => requestContextAls,
-	runWithRequestContext: () => runWithRequestContext,
-	setMutableCookieContext: () => setMutableCookieContext,
-	setSegmentParams: () => setSegmentParams
-});
-/**
-* Returns a read-only view of the current request's headers.
-*
-* Available in middleware, access checks, server components, and server actions.
-* Throws if called outside a request context (security principle #2: no global fallback).
-*/
-function getHeaders() {
-	const store = requestContextAls.getStore();
-	if (!store) throw new Error("[timber] getHeaders() called outside of a request context. It can only be used in middleware, access checks, server components, and server actions.");
-	return Promise.resolve(store.headers);
-}
-/**
-* Returns the value of a single request header, or undefined if absent.
-*
-* Thin wrapper over `(await getHeaders()).get(name)` for the common
-* case where you need exactly one header.
-*
-* ```ts
-* import { getHeader } from '@timber-js/app/server'
-*
-* export default async function Page() {
-*   const auth = await getHeader('authorization');
-* }
-* ```
-*/
-async function getHeader(name) {
-	return (await getHeaders()).get(name) ?? void 0;
-}
-/**
-* Returns a cookie accessor for the current request.
-*
-* Available in middleware, access checks, server components, and server actions.
-* Throws if called outside a request context (security principle #2: no global fallback).
-*
-* Read methods (.get, .has, .getAll) are always available and reflect
-* read-your-own-writes from .set() calls in the same request.
-*
-* Mutation methods (.set, .delete, .clear) are only available in mutable
-* contexts (middleware.ts, server actions, route.ts handlers). Calling them
-* in read-only contexts (access.ts, server components) throws.
-*
-* See design/29-cookies.md
-*/
-function getCookies() {
-	const store = requestContextAls.getStore();
-	if (!store) throw new Error("[timber] getCookies() called outside of a request context. It can only be used in middleware, access checks, server components, and server actions.");
-	if (!store.parsedCookies) store.parsedCookies = parseCookieHeader(store.cookieHeader);
-	const map = store.parsedCookies;
-	return Promise.resolve({
-		get(name) {
-			return map.get(name);
-		},
-		has(name) {
-			return map.has(name);
-		},
-		getAll() {
-			return Array.from(map.entries()).map(([name, value]) => ({
-				name,
-				value
-			}));
-		},
-		get size() {
-			return map.size;
-		},
-		set(name, value, options) {
-			assertMutable(store, "set");
-			if (store.flushed) {
-				if (isDebug()) console.warn(`[timber] warn: getCookies().set('${name}') called after response headers were committed.\n  The cookie will NOT be sent. Move cookie mutations to middleware.ts, a server action,\n  or a route.ts handler.`);
-				return;
-			}
-			const opts = {
-				...DEFAULT_COOKIE_OPTIONS,
-				...options
-			};
-			store.cookieJar.set(name, {
-				name,
-				value,
-				options: opts
-			});
-			map.set(name, value);
-		},
-		setFromHeaders(headers) {
-			assertMutable(store, "setFromHeaders");
-			if (store.flushed) {
-				console.warn("[timber] warn: getCookies().setFromHeaders() called after response headers were committed.\n  The cookies will NOT be sent. Move cookie mutations to middleware.ts, a server action,\n  or a route.ts handler.");
-				return;
-			}
-			for (const raw of headers.getSetCookie()) {
-				const parsed = parseSetCookie(raw);
-				if (parsed) setRaw(store, map, parsed.name, parsed.value, parsed.options);
-			}
-		},
-		delete(name, options) {
-			assertMutable(store, "delete");
-			if (store.flushed) {
-				if (isDebug()) console.warn(`[timber] warn: getCookies().delete('${name}') called after response headers were committed.\n  The cookie will NOT be deleted. Move cookie mutations to middleware.ts, a server action,\n  or a route.ts handler.`);
-				return;
-			}
-			const opts = {
-				...DEFAULT_COOKIE_OPTIONS,
-				...options,
-				maxAge: 0,
-				expires: /* @__PURE__ */ new Date(0)
-			};
-			store.cookieJar.set(name, {
-				name,
-				value: "",
-				options: opts
-			});
-			map.delete(name);
-		},
-		clear() {
-			assertMutable(store, "clear");
-			if (store.flushed) return;
-			for (const name of Array.from(map.keys())) store.cookieJar.set(name, {
-				name,
-				value: "",
-				options: {
-					...DEFAULT_COOKIE_OPTIONS,
-					maxAge: 0,
-					expires: /* @__PURE__ */ new Date(0)
-				}
-			});
-			map.clear();
-		},
-		toString() {
-			return Array.from(map.entries()).map(([name, value]) => `${name}=${value}`).join("; ");
-		}
-	});
-}
-/**
-* Returns the value of a single cookie, or undefined if absent.
-*
-* Thin wrapper over `(await getCookies()).get(name)` for the common
-* case where you need exactly one cookie.
-*
-* ```ts
-* import { getCookie } from '@timber-js/app/server'
-*
-* export default async function Page() {
-*   const session = await getCookie('session_id');
-* }
-* ```
-*/
-async function getCookie(name) {
-	return (await getCookies()).get(name);
-}
-/**
-* Returns a Promise resolving to the current request's raw URLSearchParams.
-*
-* For typed, parsed search params, import the definition from params.ts
-* and call `.load()` or `.parse()`:
-*
-* ```ts
-* import { searchParams } from './params'
-* const parsed = await searchParams.get()
-* ```
-*
-* Or explicitly:
-*
-* ```ts
-* import { getSearchParams } from '@timber-js/app/server'
-* import { searchParams } from './params'
-* const parsed = searchParams.parse(await getSearchParams())
-* ```
-*
-* Throws if called outside a request context.
-*/
-function getSearchParams() {
-	const store = requestContextAls.getStore();
-	if (!store) throw new Error("[timber] getSearchParams() called outside of a request context. It can only be used in middleware, access checks, server components, and server actions.");
-	return store.searchParamsPromise;
-}
-_setGetSearchParamsFn(getSearchParams);
-_setGetSegmentParamsFn(getSegmentParams);
-/**
-* Returns a Promise resolving to the current request's coerced segment params.
-*
-* Segment params are set by the pipeline after route matching and param
-* coercion (via params.ts codecs). When no params.ts exists, values are
-* raw strings. When codecs are defined, values are already coerced
-* (e.g., `id` is a `number` if `defineSegmentParams({ id: z.coerce.number() })`).
-*
-* This is the primary way page and layout components access route params:
-*
-* ```ts
-* import { getSegmentParams } from '@timber-js/app/server'
-*
-* export default async function Page() {
-*   const { slug } = await getSegmentParams()
-*   // ...
-* }
-* ```
-*
-* Throws if called outside a request context.
-*/
-function getSegmentParams() {
-	const store = requestContextAls.getStore();
-	if (!store) throw new Error("[timber] getSegmentParams() called outside of a request context. It can only be used in middleware, access checks, server components, and server actions.");
-	if (!store.segmentParamsPromise) throw new Error("[timber] getSegmentParams() called before route matching completed. Segment params are not available until after the route is matched.");
-	return store.segmentParamsPromise;
-}
-/**
-* Set the segment params promise on the current request context.
-* Called by the pipeline after route matching and param coercion.
-*
-* @internal — framework use only
-*/
-function setSegmentParams(params) {
-	const store = requestContextAls.getStore();
-	if (!store) throw new Error("[timber] setSegmentParams() called outside of a request context.");
-	store.segmentParamsPromise = Promise.resolve(params);
-}
-/**
-* Returns the raw search string from the current request URL (e.g. "?foo=bar").
-* Synchronous — safe for use in `redirect()` which throws synchronously.
-*
-* Returns empty string if called outside a request context (non-throwing for
-* use in redirect's optional preserveSearchParams path).
-*
-* @internal — used by redirect() for preserveSearchParams support.
-*/
-function getRequestSearchString() {
-	return requestContextAls.getStore()?.searchString ?? "";
-}
-var DEFAULT_COOKIE_OPTIONS = {
-	path: "/",
-	httpOnly: true,
-	secure: true,
-	sameSite: "lax"
-};
-/**
-* Write a cookie to the jar WITHOUT merging DEFAULT_COOKIE_OPTIONS.
-* Used by setFromHeaders to preserve the original header's attributes exactly.
-*
-* For deletion cookies (maxAge=0), the jar entry is still created so the
-* Set-Cookie header is emitted, but the cookie is NOT added to the read map
-* (it would be misleading — the cookie is being deleted).
-*/
-function setRaw(store, readMap, name, value, options) {
-	store.cookieJar.set(name, {
-		name,
-		value,
-		options
-	});
-	if (options.maxAge === 0) readMap.delete(name);
-	else readMap.set(name, value);
-}
-/**
-* Parse a raw `Set-Cookie` header string into name, value, and options.
-* Handles all standard attributes: Path, Domain, Max-Age, Expires,
-* SameSite, Secure, HttpOnly, Partitioned.
-*
-* Does NOT apply DEFAULT_COOKIE_OPTIONS — the caller decides whether
-* to merge defaults (e.g. `set()` does, but `setRaw()` should preserve
-* the original header's intent).
-*/
-function parseSetCookie(header) {
-	const segments = header.split(";");
-	const nameValue = segments[0];
-	const eqIdx = nameValue.indexOf("=");
-	if (eqIdx <= 0) return null;
-	const name = nameValue.slice(0, eqIdx).trim();
-	const value = nameValue.slice(eqIdx + 1).trim();
-	const options = {};
-	for (let i = 1; i < segments.length; i++) {
-		const seg = segments[i].trim();
-		if (!seg) continue;
-		const [attrName, ...rest] = seg.split("=");
-		const key = attrName.trim().toLowerCase();
-		const val = rest.join("=").trim();
-		switch (key) {
-			case "path":
-				options.path = val || "/";
-				break;
-			case "domain":
-				options.domain = val;
-				break;
-			case "max-age":
-				options.maxAge = Number(val);
-				break;
-			case "expires":
-				options.expires = new Date(val);
-				break;
-			case "samesite":
-				options.sameSite = val.toLowerCase();
-				break;
-			case "secure":
-				options.secure = true;
-				break;
-			case "httponly":
-				options.httpOnly = true;
-				break;
-			case "partitioned":
-				options.partitioned = true;
-				break;
-		}
-	}
-	return {
-		name,
-		value,
-		options
-	};
-}
-/**
-* Run a callback within a request context. Used by the pipeline to establish
-* per-request ALS scope so that `getHeaders()` and `getCookies()` work.
-*
-* @param req - The incoming Request object.
-* @param fn - The function to run within the request context.
-*/
-function runWithRequestContext(req, fn) {
-	const originalCopy = new Headers(req.headers);
-	const parsedUrl = new URL(req.url);
-	const store = {
-		headers: freezeHeaders(req.headers),
-		originalHeaders: originalCopy,
-		cookieHeader: req.headers.get("cookie") ?? "",
-		searchParamsPromise: Promise.resolve(parsedUrl.searchParams),
-		searchString: parsedUrl.search,
-		cookieJar: /* @__PURE__ */ new Map(),
-		flushed: false,
-		mutableContext: false
-	};
-	return requestContextAls.run(store, fn);
-}
-/**
-* Enable cookie mutation for the current context. Called by the framework
-* when entering middleware.ts, server actions, or route.ts handlers.
-*
-* See design/29-cookies.md §"Context Tracking"
-*/
-function setMutableCookieContext(mutable) {
-	const store = requestContextAls.getStore();
-	if (store) store.mutableContext = mutable;
-}
-/**
-* Mark the response as flushed (headers committed). After this point,
-* cookie mutations log a warning instead of throwing.
-*
-* See design/29-cookies.md §"Streaming Constraint: Post-Flush Cookie Warning"
-*/
-function markResponseFlushed() {
-	const store = requestContextAls.getStore();
-	if (store) store.flushed = true;
-}
-/**
-* Collect all Set-Cookie headers from the cookie jar.
-* Called by the framework at flush time to apply cookies to the response.
-*
-* Returns an array of serialized Set-Cookie header values.
-*/
-function getSetCookieHeaders() {
-	const store = requestContextAls.getStore();
-	if (!store) return [];
-	return Array.from(store.cookieJar.values()).map(serializeCookieEntry);
-}
-/**
-* Apply middleware-injected request headers to the current request context.
-*
-* Called by the pipeline after middleware.ts runs. Merges overlay headers
-* on top of the original request headers so downstream code (access.ts,
-* server components, server actions) sees them via `getHeaders()`.
-*
-* The original request headers are never mutated — a new frozen Headers
-* object is created with the overlay applied on top.
-*
-* See design/07-routing.md §"Request Header Injection"
-*/
-function applyRequestHeaderOverlay(overlay) {
-	const store = requestContextAls.getStore();
-	if (!store) throw new Error("[timber] applyRequestHeaderOverlay() called outside of a request context.");
-	let hasOverlay = false;
-	overlay.forEach(() => {
-		hasOverlay = true;
-	});
-	if (!hasOverlay) return;
-	const merged = new Headers(store.originalHeaders);
-	overlay.forEach((value, key) => {
-		merged.set(key, value);
-	});
-	store.headers = freezeHeaders(merged);
-}
-var MUTATING_METHODS = new Set([
-	"set",
-	"append",
-	"delete"
-]);
-/**
-* Wrap a Headers object in a Proxy that throws on mutating methods.
-* Object.freeze doesn't work on Headers (native internal slots), so we
-* intercept property access and reject set/append/delete at runtime.
-*
-* Read methods (get, has, entries, etc.) must be bound to the underlying
-* Headers instance because they access private #headersList slots.
-*/
-function freezeHeaders(source) {
-	const copy = new Headers(source);
-	return new Proxy(copy, { get(target, prop) {
-		if (typeof prop === "string" && MUTATING_METHODS.has(prop)) return () => {
-			throw new Error(`[timber] getHeaders() returns a read-only Headers object. Calling .${prop}() is not allowed. Use ctx.requestHeaders in middleware to inject headers for downstream components.`);
-		};
-		const value = Reflect.get(target, prop);
-		if (typeof value === "function") return value.bind(target);
-		return value;
-	} });
-}
-/** Throw if cookie mutation is attempted in a read-only context. */
-function assertMutable(store, method) {
-	if (!store.mutableContext) throw new Error(`(timber] getCookies().${method}() cannot be called in this context.\n  Set cookies in middleware.ts, server actions, or route.ts handlers.`);
-}
-/**
-* Parse a Cookie header string into a Map of name → value pairs.
-* Follows RFC 6265 §4.2.1: cookies are semicolon-separated key=value pairs.
-*/
-function parseCookieHeader(header) {
-	const map = /* @__PURE__ */ new Map();
-	if (!header) return map;
-	for (const pair of header.split(";")) {
-		const eqIndex = pair.indexOf("=");
-		if (eqIndex === -1) continue;
-		const name = pair.slice(0, eqIndex).trim();
-		const value = pair.slice(eqIndex + 1).trim();
-		if (name) map.set(name, value);
-	}
-	return map;
-}
-/** Serialize a CookieEntry into a Set-Cookie header value. */
-function serializeCookieEntry(entry) {
-	const parts = [`${entry.name}=${entry.value}`];
-	const opts = entry.options;
-	if (opts.domain) parts.push(`Domain=${opts.domain}`);
-	if (opts.path) parts.push(`Path=${opts.path}`);
-	if (opts.expires) parts.push(`Expires=${opts.expires.toUTCString()}`);
-	if (opts.maxAge !== void 0) parts.push(`Max-Age=${opts.maxAge}`);
-	if (opts.httpOnly) parts.push("HttpOnly");
-	if (opts.secure) parts.push("Secure");
-	if (opts.sameSite) parts.push(`SameSite=${opts.sameSite.charAt(0).toUpperCase()}${opts.sameSite.slice(1)}`);
-	if (opts.partitioned) parts.push("Partitioned");
-	return parts.join("; ");
-}
-//#endregion
-export { getHeaders as a, getSegmentParams as c, request_context_exports as d, runWithRequestContext as f, getHeader as i, getSetCookieHeaders as l, setSegmentParams as m, getCookie as n, getRequestSearchString as o, setMutableCookieContext as p, getCookies as r, getSearchParams as s, applyRequestHeaderOverlay as t, markResponseFlushed as u };
-//# sourceMappingURL=request-context-CK5tZqIP.js.map

package/dist/_chunks/request-context-CK5tZqIP.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"request-context-CK5tZqIP.js","names":[],"sources":["../../src/server/request-context.ts"],"sourcesContent":["/**\n * Request Context — per-request ALS store for getHeaders() and getCookies().\n *\n * Follows the same pattern as tracing.ts: a module-level AsyncLocalStorage\n * instance, public accessor functions that throw outside request scope,\n * and a framework-internal `runWithRequestContext()` to establish scope.\n *\n * See design/04-authorization.md §\"AccessContext does not include cookies or headers\"\n * and design/11-platform.md §\"AsyncLocalStorage\".\n * See design/29-cookies.md for cookie mutation semantics.\n */\n\nimport { requestContextAls, type RequestContextStore, type CookieEntry } from './als-registry.js';\nimport { isDebug } from './debug.js';\nimport { _setGetSearchParamsFn } from '../search-params/define.js';\nimport { _setGetSegmentParamsFn } from '../segment-params/define.js';\n\n// Re-export the ALS for framework-internal consumers that need direct access.\nexport { requestContextAls };\n\n// No fallback needed — we use enterWith() instead of run() to ensure\n// the ALS context persists for the entire request lifecycle including\n// async stream consumption by React's renderToReadableStream.\n\n// ─── Public API ───────────────────────────────────────────────────────────\n\n/**\n * Returns a read-only view of the current request's headers.\n *\n * Available in middleware, access checks, server components, and server actions.\n * Throws if called outside a request context (security principle #2: no global fallback).\n */\nexport function getHeaders(): Promise<ReadonlyHeaders> {\n const store = requestContextAls.getStore();\n if (!store) {\n throw new Error(\n '[timber] getHeaders() called outside of a request context. ' +\n 'It can only be used in middleware, access checks, server components, and server actions.'\n );\n }\n return Promise.resolve(store.headers);\n}\n\n/**\n * Returns the value of a single request header, or undefined if absent.\n *\n * Thin wrapper over `(await getHeaders()).get(name)` for the common\n * case where you need exactly one header.\n *\n * ```ts\n * import { getHeader } from '@timber-js/app/server'\n *\n * export default async function Page() {\n * const auth = await getHeader('authorization');\n * }\n * ```\n */\nexport async function getHeader(name: string): Promise<string | undefined> {\n const headers = await getHeaders();\n return headers.get(name) ?? undefined;\n}\n\n/**\n * Returns a cookie accessor for the current request.\n *\n * Available in middleware, access checks, server components, and server actions.\n * Throws if called outside a request context (security principle #2: no global fallback).\n *\n * Read methods (.get, .has, .getAll) are always available and reflect\n * read-your-own-writes from .set() calls in the same request.\n *\n * Mutation methods (.set, .delete, .clear) are only available in mutable\n * contexts (middleware.ts, server actions, route.ts handlers). Calling them\n * in read-only contexts (access.ts, server components) throws.\n *\n * See design/29-cookies.md\n */\nexport function getCookies(): Promise<RequestCookies> {\n const store = requestContextAls.getStore();\n if (!store) {\n throw new Error(\n '[timber] getCookies() called outside of a request context. ' +\n 'It can only be used in middleware, access checks, server components, and server actions.'\n );\n }\n\n // Parse cookies lazily on first access\n if (!store.parsedCookies) {\n store.parsedCookies = parseCookieHeader(store.cookieHeader);\n }\n\n const map = store.parsedCookies;\n return Promise.resolve({\n get(name: string): string | undefined {\n return map.get(name);\n },\n has(name: string): boolean {\n return map.has(name);\n },\n getAll(): Array<{ name: string; value: string }> {\n return Array.from(map.entries()).map(([name, value]) => ({ name, value }));\n },\n get size(): number {\n return map.size;\n },\n\n set(name: string, value: string, options?: CookieOptions): void {\n assertMutable(store, 'set');\n if (store.flushed) {\n if (isDebug()) {\n console.warn(\n `[timber] warn: getCookies().set('${name}') called after response headers were committed.\\n` +\n ` The cookie will NOT be sent. Move cookie mutations to middleware.ts, a server action,\\n` +\n ` or a route.ts handler.`\n );\n }\n return;\n }\n const opts = { ...DEFAULT_COOKIE_OPTIONS, ...options };\n store.cookieJar.set(name, { name, value, options: opts });\n // Read-your-own-writes: update the parsed cookies map\n map.set(name, value);\n },\n\n setFromHeaders(headers: Headers): void {\n assertMutable(store, 'setFromHeaders');\n if (store.flushed) {\n console.warn(\n `[timber] warn: getCookies().setFromHeaders() called after response headers were committed.\\n` +\n ` The cookies will NOT be sent. Move cookie mutations to middleware.ts, a server action,\\n` +\n ` or a route.ts handler.`\n );\n return;\n }\n // Headers.getSetCookie() returns individual Set-Cookie strings,\n // avoiding the fragile comma-splitting that raw .get() requires.\n for (const raw of headers.getSetCookie()) {\n const parsed = parseSetCookie(raw);\n if (parsed) {\n // Use setRaw to preserve the original header's attributes without\n // merging DEFAULT_COOKIE_OPTIONS (parseSetCookie intentionally\n // does not apply defaults — see its doc comment).\n setRaw(store, map, parsed.name, parsed.value, parsed.options);\n }\n }\n },\n\n delete(name: string, options?: Pick<CookieOptions, 'path' | 'domain'>): void {\n assertMutable(store, 'delete');\n if (store.flushed) {\n if (isDebug()) {\n console.warn(\n `[timber] warn: getCookies().delete('${name}') called after response headers were committed.\\n` +\n ` The cookie will NOT be deleted. Move cookie mutations to middleware.ts, a server action,\\n` +\n ` or a route.ts handler.`\n );\n }\n return;\n }\n const opts: CookieOptions = {\n ...DEFAULT_COOKIE_OPTIONS,\n ...options,\n maxAge: 0,\n expires: new Date(0),\n };\n store.cookieJar.set(name, { name, value: '', options: opts });\n // Remove from read view\n map.delete(name);\n },\n\n clear(): void {\n assertMutable(store, 'clear');\n if (store.flushed) return;\n // Delete every incoming cookie\n for (const name of Array.from(map.keys())) {\n store.cookieJar.set(name, {\n name,\n value: '',\n options: { ...DEFAULT_COOKIE_OPTIONS, maxAge: 0, expires: new Date(0) },\n });\n }\n map.clear();\n },\n\n toString(): string {\n return Array.from(map.entries())\n .map(([name, value]) => `${name}=${value}`)\n .join('; ');\n },\n });\n}\n\n/**\n * Returns the value of a single cookie, or undefined if absent.\n *\n * Thin wrapper over `(await getCookies()).get(name)` for the common\n * case where you need exactly one cookie.\n *\n * ```ts\n * import { getCookie } from '@timber-js/app/server'\n *\n * export default async function Page() {\n * const session = await getCookie('session_id');\n * }\n * ```\n */\nexport async function getCookie(name: string): Promise<string | undefined> {\n const cookies = await getCookies();\n return cookies.get(name);\n}\n\n/**\n * Returns a Promise resolving to the current request's raw URLSearchParams.\n *\n * For typed, parsed search params, import the definition from params.ts\n * and call `.load()` or `.parse()`:\n *\n * ```ts\n * import { searchParams } from './params'\n * const parsed = await searchParams.get()\n * ```\n *\n * Or explicitly:\n *\n * ```ts\n * import { getSearchParams } from '@timber-js/app/server'\n * import { searchParams } from './params'\n * const parsed = searchParams.parse(await getSearchParams())\n * ```\n *\n * Throws if called outside a request context.\n */\nexport function getSearchParams(): Promise<URLSearchParams> {\n const store = requestContextAls.getStore();\n if (!store) {\n throw new Error(\n '[timber] getSearchParams() called outside of a request context. ' +\n 'It can only be used in middleware, access checks, server components, and server actions.'\n );\n }\n return store.searchParamsPromise;\n}\n\n// Eagerly register getSearchParams with the search-params module so\n// searchParams.get() can call it synchronously without a dynamic import.\n// Dynamic imports lose ALS context in React's RSC Flight renderer,\n// breaking getSearchParams() in parallel slot pages. See TIM-523.\n_setGetSearchParamsFn(getSearchParams);\n\n// Eagerly register getSegmentParams with the segment-params module so\n// segmentParams.get() can call it synchronously without a dynamic import.\n// Same pattern as search params — dynamic imports lose ALS context. See TIM-523.\n_setGetSegmentParamsFn(getSegmentParams);\n\n/**\n * Returns a Promise resolving to the current request's coerced segment params.\n *\n * Segment params are set by the pipeline after route matching and param\n * coercion (via params.ts codecs). When no params.ts exists, values are\n * raw strings. When codecs are defined, values are already coerced\n * (e.g., `id` is a `number` if `defineSegmentParams({ id: z.coerce.number() })`).\n *\n * This is the primary way page and layout components access route params:\n *\n * ```ts\n * import { getSegmentParams } from '@timber-js/app/server'\n *\n * export default async function Page() {\n * const { slug } = await getSegmentParams()\n * // ...\n * }\n * ```\n *\n * Throws if called outside a request context.\n */\nexport function getSegmentParams(): Promise<Record<string, string | string[]>> {\n const store = requestContextAls.getStore();\n if (!store) {\n throw new Error(\n '[timber] getSegmentParams() called outside of a request context. ' +\n 'It can only be used in middleware, access checks, server components, and server actions.'\n );\n }\n if (!store.segmentParamsPromise) {\n throw new Error(\n '[timber] getSegmentParams() called before route matching completed. ' +\n 'Segment params are not available until after the route is matched.'\n );\n }\n return store.segmentParamsPromise;\n}\n\n/**\n * Set the segment params promise on the current request context.\n * Called by the pipeline after route matching and param coercion.\n *\n * @internal — framework use only\n */\nexport function setSegmentParams(params: Record<string, string | string[]>): void {\n const store = requestContextAls.getStore();\n if (!store) {\n throw new Error('[timber] setSegmentParams() called outside of a request context.');\n }\n store.segmentParamsPromise = Promise.resolve(params);\n}\n\n/**\n * Returns the raw search string from the current request URL (e.g. \"?foo=bar\").\n * Synchronous — safe for use in `redirect()` which throws synchronously.\n *\n * Returns empty string if called outside a request context (non-throwing for\n * use in redirect's optional preserveSearchParams path).\n *\n * @internal — used by redirect() for preserveSearchParams support.\n */\nexport function getRequestSearchString(): string {\n const store = requestContextAls.getStore();\n return store?.searchString ?? '';\n}\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/**\n * Read-only Headers interface. The standard Headers class is mutable;\n * this type narrows it to read-only methods. The underlying object is\n * still a Headers instance, but user code should not mutate it.\n */\nexport type ReadonlyHeaders = Pick<\n Headers,\n 'get' | 'has' | 'entries' | 'keys' | 'values' | 'forEach' | typeof Symbol.iterator\n>;\n\n/** Options for setting a cookie. See design/29-cookies.md. */\nexport interface CookieOptions {\n /** Domain scope. Default: omitted (current domain only). */\n domain?: string;\n /** URL path scope. Default: '/'. */\n path?: string;\n /** Expiration date. Mutually exclusive with maxAge. */\n expires?: Date;\n /** Max age in seconds. Mutually exclusive with expires. */\n maxAge?: number;\n /** Prevent client-side JS access. Default: true. */\n httpOnly?: boolean;\n /** Only send over HTTPS. Default: true. */\n secure?: boolean;\n /** Cross-site request policy. Default: 'lax'. */\n sameSite?: 'strict' | 'lax' | 'none';\n /** Partitioned (CHIPS) — isolate cookie per top-level site. Default: false. */\n partitioned?: boolean;\n}\n\nconst DEFAULT_COOKIE_OPTIONS: CookieOptions = {\n path: '/',\n httpOnly: true,\n secure: true,\n sameSite: 'lax',\n};\n\n/**\n * Write a cookie to the jar WITHOUT merging DEFAULT_COOKIE_OPTIONS.\n * Used by setFromHeaders to preserve the original header's attributes exactly.\n *\n * For deletion cookies (maxAge=0), the jar entry is still created so the\n * Set-Cookie header is emitted, but the cookie is NOT added to the read map\n * (it would be misleading — the cookie is being deleted).\n */\nfunction setRaw(\n store: RequestContextStore,\n readMap: Map<string, string>,\n name: string,\n value: string,\n options: CookieOptions\n): void {\n store.cookieJar.set(name, { name, value, options });\n // Deletion cookies (Max-Age=0) should not appear in the read map\n if (options.maxAge === 0) {\n readMap.delete(name);\n } else {\n readMap.set(name, value);\n }\n}\n\n/**\n * Parse a raw `Set-Cookie` header string into name, value, and options.\n * Handles all standard attributes: Path, Domain, Max-Age, Expires,\n * SameSite, Secure, HttpOnly, Partitioned.\n *\n * Does NOT apply DEFAULT_COOKIE_OPTIONS — the caller decides whether\n * to merge defaults (e.g. `set()` does, but `setRaw()` should preserve\n * the original header's intent).\n */\nfunction parseSetCookie(\n header: string\n): { name: string; value: string; options: CookieOptions } | null {\n const segments = header.split(';');\n const nameValue = segments[0];\n const eqIdx = nameValue.indexOf('=');\n if (eqIdx <= 0) return null;\n\n const name = nameValue.slice(0, eqIdx).trim();\n const value = nameValue.slice(eqIdx + 1).trim();\n const options: CookieOptions = {};\n\n for (let i = 1; i < segments.length; i++) {\n const seg = segments[i].trim();\n if (!seg) continue;\n const [attrName, ...rest] = seg.split('=');\n const key = attrName.trim().toLowerCase();\n const val = rest.join('=').trim();\n switch (key) {\n case 'path':\n options.path = val || '/';\n break;\n case 'domain':\n options.domain = val;\n break;\n case 'max-age':\n options.maxAge = Number(val);\n break;\n case 'expires':\n options.expires = new Date(val);\n break;\n case 'samesite':\n options.sameSite = val.toLowerCase() as 'strict' | 'lax' | 'none';\n break;\n case 'secure':\n options.secure = true;\n break;\n case 'httponly':\n options.httpOnly = true;\n break;\n case 'partitioned':\n options.partitioned = true;\n break;\n }\n }\n\n return { name, value, options };\n}\n\n/**\n * Cookie accessor returned by `getCookies()`.\n *\n * Read methods are always available. Mutation methods throw in read-only\n * contexts (access.ts, server components).\n */\nexport interface RequestCookies {\n /** Get a cookie value by name. Returns undefined if not present. */\n get(name: string): string | undefined;\n /** Check if a cookie exists. */\n has(name: string): boolean;\n /** Get all cookies as an array of { name, value } pairs. */\n getAll(): Array<{ name: string; value: string }>;\n /** Number of cookies. */\n readonly size: number;\n /** Set a cookie. Only available in mutable contexts (middleware, actions, route handlers). */\n set(name: string, value: string, options?: CookieOptions): void;\n /**\n * Copy all `Set-Cookie` headers from a `Headers` object.\n * Parses each header and forwards name, value, and all attributes\n * (path, domain, max-age, expires, sameSite, secure, httpOnly, partitioned).\n *\n * Useful when forwarding cookies from an internal `fetch()` or auth handler:\n * ```ts\n * const response = await auth.handler(req);\n * getCookies().then(c => c.setFromHeaders(response.headers));\n * ```\n */\n setFromHeaders(headers: Headers): void;\n /** Delete a cookie. Only available in mutable contexts. */\n delete(name: string, options?: Pick<CookieOptions, 'path' | 'domain'>): void;\n /** Delete all cookies. Only available in mutable contexts. */\n clear(): void;\n /** Serialize cookies as a Cookie header string. */\n toString(): string;\n}\n\n// ─── Framework-Internal Helpers ───────────────────────────────────────────\n\n/**\n * Run a callback within a request context. Used by the pipeline to establish\n * per-request ALS scope so that `getHeaders()` and `getCookies()` work.\n *\n * @param req - The incoming Request object.\n * @param fn - The function to run within the request context.\n */\nexport function runWithRequestContext<T>(req: Request, fn: () => T): T {\n const originalCopy = new Headers(req.headers);\n const parsedUrl = new URL(req.url);\n const store: RequestContextStore = {\n headers: freezeHeaders(req.headers),\n originalHeaders: originalCopy,\n cookieHeader: req.headers.get('cookie') ?? '',\n searchParamsPromise: Promise.resolve(parsedUrl.searchParams),\n searchString: parsedUrl.search,\n cookieJar: new Map(),\n flushed: false,\n mutableContext: false,\n };\n return requestContextAls.run(store, fn);\n}\n\n/**\n * Enable cookie mutation for the current context. Called by the framework\n * when entering middleware.ts, server actions, or route.ts handlers.\n *\n * See design/29-cookies.md §\"Context Tracking\"\n */\nexport function setMutableCookieContext(mutable: boolean): void {\n const store = requestContextAls.getStore();\n if (store) {\n store.mutableContext = mutable;\n }\n}\n\n/**\n * Mark the response as flushed (headers committed). After this point,\n * cookie mutations log a warning instead of throwing.\n *\n * See design/29-cookies.md §\"Streaming Constraint: Post-Flush Cookie Warning\"\n */\nexport function markResponseFlushed(): void {\n const store = requestContextAls.getStore();\n if (store) {\n store.flushed = true;\n }\n}\n\n/**\n * Build a Map of cookie name → value reflecting the current request's\n * read-your-own-writes state. Includes incoming cookies plus any\n * mutations from getCookies().set() / getCookies().delete() in the same request.\n *\n * Used by SSR renderers to populate NavContext.cookies so that\n * useCookie()'s server snapshot matches the actual response state.\n *\n * See design/29-cookies.md §\"Read-Your-Own-Writes\"\n * See design/triage/TIM-441-cookie-api-triage.md §4\n */\nexport function getCookiesForSsr(): Map<string, string> {\n const store = requestContextAls.getStore();\n if (!store) {\n throw new Error('[timber] getCookiesForSsr() called outside of a request context.');\n }\n\n // Trigger lazy parsing if not yet done\n if (!store.parsedCookies) {\n store.parsedCookies = parseCookieHeader(store.cookieHeader);\n }\n\n // The parsedCookies map already reflects read-your-own-writes:\n // - getCookies().set() updates the map via map.set(name, value)\n // - getCookies().delete() removes from the map via map.delete(name)\n // Return a copy so callers can't mutate the internal map.\n return new Map(store.parsedCookies);\n}\n\n/**\n * Collect all Set-Cookie headers from the cookie jar.\n * Called by the framework at flush time to apply cookies to the response.\n *\n * Returns an array of serialized Set-Cookie header values.\n */\nexport function getSetCookieHeaders(): string[] {\n const store = requestContextAls.getStore();\n if (!store) return [];\n return Array.from(store.cookieJar.values()).map(serializeCookieEntry);\n}\n\n/**\n * Apply middleware-injected request headers to the current request context.\n *\n * Called by the pipeline after middleware.ts runs. Merges overlay headers\n * on top of the original request headers so downstream code (access.ts,\n * server components, server actions) sees them via `getHeaders()`.\n *\n * The original request headers are never mutated — a new frozen Headers\n * object is created with the overlay applied on top.\n *\n * See design/07-routing.md §\"Request Header Injection\"\n */\nexport function applyRequestHeaderOverlay(overlay: Headers): void {\n const store = requestContextAls.getStore();\n if (!store) {\n throw new Error('[timber] applyRequestHeaderOverlay() called outside of a request context.');\n }\n\n // Check if the overlay has any headers — skip if empty\n let hasOverlay = false;\n overlay.forEach(() => {\n hasOverlay = true;\n });\n if (!hasOverlay) return;\n\n // Merge: start with original headers, overlay on top\n const merged = new Headers(store.originalHeaders);\n overlay.forEach((value, key) => {\n merged.set(key, value);\n });\n store.headers = freezeHeaders(merged);\n}\n\n// ─── Read-Only Headers ────────────────────────────────────────────────────\n\nconst MUTATING_METHODS = new Set(['set', 'append', 'delete']);\n\n/**\n * Wrap a Headers object in a Proxy that throws on mutating methods.\n * Object.freeze doesn't work on Headers (native internal slots), so we\n * intercept property access and reject set/append/delete at runtime.\n *\n * Read methods (get, has, entries, etc.) must be bound to the underlying\n * Headers instance because they access private #headersList slots.\n */\nfunction freezeHeaders(source: Headers): Headers {\n const copy = new Headers(source);\n return new Proxy(copy, {\n get(target, prop) {\n if (typeof prop === 'string' && MUTATING_METHODS.has(prop)) {\n return () => {\n throw new Error(\n `[timber] getHeaders() returns a read-only Headers object. ` +\n `Calling .${prop}() is not allowed. ` +\n `Use ctx.requestHeaders in middleware to inject headers for downstream components.`\n );\n };\n }\n const value = Reflect.get(target, prop);\n // Bind methods to the real Headers instance so private slot access works\n if (typeof value === 'function') {\n return value.bind(target);\n }\n return value;\n },\n });\n}\n\n// ─── Cookie Helpers ───────────────────────────────────────────────────────\n\n/** Throw if cookie mutation is attempted in a read-only context. */\nfunction assertMutable(store: RequestContextStore, method: string): void {\n if (!store.mutableContext) {\n throw new Error(\n `(timber] getCookies().${method}() cannot be called in this context.\\n` +\n ` Set cookies in middleware.ts, server actions, or route.ts handlers.`\n );\n }\n}\n\n/**\n * Parse a Cookie header string into a Map of name → value pairs.\n * Follows RFC 6265 §4.2.1: cookies are semicolon-separated key=value pairs.\n */\nfunction parseCookieHeader(header: string): Map<string, string> {\n const map = new Map<string, string>();\n if (!header) return map;\n\n for (const pair of header.split(';')) {\n const eqIndex = pair.indexOf('=');\n if (eqIndex === -1) continue;\n const name = pair.slice(0, eqIndex).trim();\n const value = pair.slice(eqIndex + 1).trim();\n if (name) {\n map.set(name, value);\n }\n }\n\n return map;\n}\n\n/** Serialize a CookieEntry into a Set-Cookie header value. */\nfunction serializeCookieEntry(entry: CookieEntry): string {\n const parts = [`${entry.name}=${entry.value}`];\n const opts = entry.options;\n\n if (opts.domain) parts.push(`Domain=${opts.domain}`);\n if (opts.path) parts.push(`Path=${opts.path}`);\n if (opts.expires) parts.push(`Expires=${opts.expires.toUTCString()}`);\n if (opts.maxAge !== undefined) parts.push(`Max-Age=${opts.maxAge}`);\n if (opts.httpOnly) parts.push('HttpOnly');\n if (opts.secure) parts.push('Secure');\n if (opts.sameSite) {\n parts.push(`SameSite=${opts.sameSite.charAt(0).toUpperCase()}${opts.sameSite.slice(1)}`);\n }\n if (opts.partitioned) parts.push('Partitioned');\n\n return parts.join('; ');\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgCA,SAAgB,aAAuC;CACrD,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,CAAC,MACH,OAAM,IAAI,MACR,sJAED;AAEH,QAAO,QAAQ,QAAQ,MAAM,QAAQ;;;;;;;;;;;;;;;;AAiBvC,eAAsB,UAAU,MAA2C;AAEzE,SADgB,MAAM,YAAY,EACnB,IAAI,KAAK,IAAI,KAAA;;;;;;;;;;;;;;;;;AAkB9B,SAAgB,aAAsC;CACpD,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,CAAC,MACH,OAAM,IAAI,MACR,sJAED;AAIH,KAAI,CAAC,MAAM,cACT,OAAM,gBAAgB,kBAAkB,MAAM,aAAa;CAG7D,MAAM,MAAM,MAAM;AAClB,QAAO,QAAQ,QAAQ;EACrB,IAAI,MAAkC;AACpC,UAAO,IAAI,IAAI,KAAK;;EAEtB,IAAI,MAAuB;AACzB,UAAO,IAAI,IAAI,KAAK;;EAEtB,SAAiD;AAC/C,UAAO,MAAM,KAAK,IAAI,SAAS,CAAC,CAAC,KAAK,CAAC,MAAM,YAAY;IAAE;IAAM;IAAO,EAAE;;EAE5E,IAAI,OAAe;AACjB,UAAO,IAAI;;EAGb,IAAI,MAAc,OAAe,SAA+B;AAC9D,iBAAc,OAAO,MAAM;AAC3B,OAAI,MAAM,SAAS;AACjB,QAAI,SAAS,CACX,SAAQ,KACN,oCAAoC,KAAK,qKAG1C;AAEH;;GAEF,MAAM,OAAO;IAAE,GAAG;IAAwB,GAAG;IAAS;AACtD,SAAM,UAAU,IAAI,MAAM;IAAE;IAAM;IAAO,SAAS;IAAM,CAAC;AAEzD,OAAI,IAAI,MAAM,MAAM;;EAGtB,eAAe,SAAwB;AACrC,iBAAc,OAAO,iBAAiB;AACtC,OAAI,MAAM,SAAS;AACjB,YAAQ,KACN,iNAGD;AACD;;AAIF,QAAK,MAAM,OAAO,QAAQ,cAAc,EAAE;IACxC,MAAM,SAAS,eAAe,IAAI;AAClC,QAAI,OAIF,QAAO,OAAO,KAAK,OAAO,MAAM,OAAO,OAAO,OAAO,QAAQ;;;EAKnE,OAAO,MAAc,SAAwD;AAC3E,iBAAc,OAAO,SAAS;AAC9B,OAAI,MAAM,SAAS;AACjB,QAAI,SAAS,CACX,SAAQ,KACN,uCAAuC,KAAK,wKAG7C;AAEH;;GAEF,MAAM,OAAsB;IAC1B,GAAG;IACH,GAAG;IACH,QAAQ;IACR,yBAAS,IAAI,KAAK,EAAE;IACrB;AACD,SAAM,UAAU,IAAI,MAAM;IAAE;IAAM,OAAO;IAAI,SAAS;IAAM,CAAC;AAE7D,OAAI,OAAO,KAAK;;EAGlB,QAAc;AACZ,iBAAc,OAAO,QAAQ;AAC7B,OAAI,MAAM,QAAS;AAEnB,QAAK,MAAM,QAAQ,MAAM,KAAK,IAAI,MAAM,CAAC,CACvC,OAAM,UAAU,IAAI,MAAM;IACxB;IACA,OAAO;IACP,SAAS;KAAE,GAAG;KAAwB,QAAQ;KAAG,yBAAS,IAAI,KAAK,EAAE;KAAE;IACxE,CAAC;AAEJ,OAAI,OAAO;;EAGb,WAAmB;AACjB,UAAO,MAAM,KAAK,IAAI,SAAS,CAAC,CAC7B,KAAK,CAAC,MAAM,WAAW,GAAG,KAAK,GAAG,QAAQ,CAC1C,KAAK,KAAK;;EAEhB,CAAC;;;;;;;;;;;;;;;;AAiBJ,eAAsB,UAAU,MAA2C;AAEzE,SADgB,MAAM,YAAY,EACnB,IAAI,KAAK;;;;;;;;;;;;;;;;;;;;;;;AAwB1B,SAAgB,kBAA4C;CAC1D,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,CAAC,MACH,OAAM,IAAI,MACR,2JAED;AAEH,QAAO,MAAM;;AAOf,sBAAsB,gBAAgB;AAKtC,uBAAuB,iBAAiB;;;;;;;;;;;;;;;;;;;;;;AAuBxC,SAAgB,mBAA+D;CAC7E,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,CAAC,MACH,OAAM,IAAI,MACR,4JAED;AAEH,KAAI,CAAC,MAAM,qBACT,OAAM,IAAI,MACR,yIAED;AAEH,QAAO,MAAM;;;;;;;;AASf,SAAgB,iBAAiB,QAAiD;CAChF,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,CAAC,MACH,OAAM,IAAI,MAAM,mEAAmE;AAErF,OAAM,uBAAuB,QAAQ,QAAQ,OAAO;;;;;;;;;;;AAYtD,SAAgB,yBAAiC;AAE/C,QADc,kBAAkB,UAAU,EAC5B,gBAAgB;;AAmChC,IAAM,yBAAwC;CAC5C,MAAM;CACN,UAAU;CACV,QAAQ;CACR,UAAU;CACX;;;;;;;;;AAUD,SAAS,OACP,OACA,SACA,MACA,OACA,SACM;AACN,OAAM,UAAU,IAAI,MAAM;EAAE;EAAM;EAAO;EAAS,CAAC;AAEnD,KAAI,QAAQ,WAAW,EACrB,SAAQ,OAAO,KAAK;KAEpB,SAAQ,IAAI,MAAM,MAAM;;;;;;;;;;;AAa5B,SAAS,eACP,QACgE;CAChE,MAAM,WAAW,OAAO,MAAM,IAAI;CAClC,MAAM,YAAY,SAAS;CAC3B,MAAM,QAAQ,UAAU,QAAQ,IAAI;AACpC,KAAI,SAAS,EAAG,QAAO;CAEvB,MAAM,OAAO,UAAU,MAAM,GAAG,MAAM,CAAC,MAAM;CAC7C,MAAM,QAAQ,UAAU,MAAM,QAAQ,EAAE,CAAC,MAAM;CAC/C,MAAM,UAAyB,EAAE;AAEjC,MAAK,IAAI,IAAI,GAAG,IAAI,SAAS,QAAQ,KAAK;EACxC,MAAM,MAAM,SAAS,GAAG,MAAM;AAC9B,MAAI,CAAC,IAAK;EACV,MAAM,CAAC,UAAU,GAAG,QAAQ,IAAI,MAAM,IAAI;EAC1C,MAAM,MAAM,SAAS,MAAM,CAAC,aAAa;EACzC,MAAM,MAAM,KAAK,KAAK,IAAI,CAAC,MAAM;AACjC,UAAQ,KAAR;GACE,KAAK;AACH,YAAQ,OAAO,OAAO;AACtB;GACF,KAAK;AACH,YAAQ,SAAS;AACjB;GACF,KAAK;AACH,YAAQ,SAAS,OAAO,IAAI;AAC5B;GACF,KAAK;AACH,YAAQ,UAAU,IAAI,KAAK,IAAI;AAC/B;GACF,KAAK;AACH,YAAQ,WAAW,IAAI,aAAa;AACpC;GACF,KAAK;AACH,YAAQ,SAAS;AACjB;GACF,KAAK;AACH,YAAQ,WAAW;AACnB;GACF,KAAK;AACH,YAAQ,cAAc;AACtB;;;AAIN,QAAO;EAAE;EAAM;EAAO;EAAS;;;;;;;;;AAiDjC,SAAgB,sBAAyB,KAAc,IAAgB;CACrE,MAAM,eAAe,IAAI,QAAQ,IAAI,QAAQ;CAC7C,MAAM,YAAY,IAAI,IAAI,IAAI,IAAI;CAClC,MAAM,QAA6B;EACjC,SAAS,cAAc,IAAI,QAAQ;EACnC,iBAAiB;EACjB,cAAc,IAAI,QAAQ,IAAI,SAAS,IAAI;EAC3C,qBAAqB,QAAQ,QAAQ,UAAU,aAAa;EAC5D,cAAc,UAAU;EACxB,2BAAW,IAAI,KAAK;EACpB,SAAS;EACT,gBAAgB;EACjB;AACD,QAAO,kBAAkB,IAAI,OAAO,GAAG;;;;;;;;AASzC,SAAgB,wBAAwB,SAAwB;CAC9D,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,MACF,OAAM,iBAAiB;;;;;;;;AAU3B,SAAgB,sBAA4B;CAC1C,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,MACF,OAAM,UAAU;;;;;;;;AAuCpB,SAAgB,sBAAgC;CAC9C,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,CAAC,MAAO,QAAO,EAAE;AACrB,QAAO,MAAM,KAAK,MAAM,UAAU,QAAQ,CAAC,CAAC,IAAI,qBAAqB;;;;;;;;;;;;;;AAevE,SAAgB,0BAA0B,SAAwB;CAChE,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,CAAC,MACH,OAAM,IAAI,MAAM,4EAA4E;CAI9F,IAAI,aAAa;AACjB,SAAQ,cAAc;AACpB,eAAa;GACb;AACF,KAAI,CAAC,WAAY;CAGjB,MAAM,SAAS,IAAI,QAAQ,MAAM,gBAAgB;AACjD,SAAQ,SAAS,OAAO,QAAQ;AAC9B,SAAO,IAAI,KAAK,MAAM;GACtB;AACF,OAAM,UAAU,cAAc,OAAO;;AAKvC,IAAM,mBAAmB,IAAI,IAAI;CAAC;CAAO;CAAU;CAAS,CAAC;;;;;;;;;AAU7D,SAAS,cAAc,QAA0B;CAC/C,MAAM,OAAO,IAAI,QAAQ,OAAO;AAChC,QAAO,IAAI,MAAM,MAAM,EACrB,IAAI,QAAQ,MAAM;AAChB,MAAI,OAAO,SAAS,YAAY,iBAAiB,IAAI,KAAK,CACxD,cAAa;AACX,SAAM,IAAI,MACR,sEACc,KAAK,sGAEpB;;EAGL,MAAM,QAAQ,QAAQ,IAAI,QAAQ,KAAK;AAEvC,MAAI,OAAO,UAAU,WACnB,QAAO,MAAM,KAAK,OAAO;AAE3B,SAAO;IAEV,CAAC;;;AAMJ,SAAS,cAAc,OAA4B,QAAsB;AACvE,KAAI,CAAC,MAAM,eACT,OAAM,IAAI,MACR,yBAAyB,OAAO,6GAEjC;;;;;;AAQL,SAAS,kBAAkB,QAAqC;CAC9D,MAAM,sBAAM,IAAI,KAAqB;AACrC,KAAI,CAAC,OAAQ,QAAO;AAEpB,MAAK,MAAM,QAAQ,OAAO,MAAM,IAAI,EAAE;EACpC,MAAM,UAAU,KAAK,QAAQ,IAAI;AACjC,MAAI,YAAY,GAAI;EACpB,MAAM,OAAO,KAAK,MAAM,GAAG,QAAQ,CAAC,MAAM;EAC1C,MAAM,QAAQ,KAAK,MAAM,UAAU,EAAE,CAAC,MAAM;AAC5C,MAAI,KACF,KAAI,IAAI,MAAM,MAAM;;AAIxB,QAAO;;;AAIT,SAAS,qBAAqB,OAA4B;CACxD,MAAM,QAAQ,CAAC,GAAG,MAAM,KAAK,GAAG,MAAM,QAAQ;CAC9C,MAAM,OAAO,MAAM;AAEnB,KAAI,KAAK,OAAQ,OAAM,KAAK,UAAU,KAAK,SAAS;AACpD,KAAI,KAAK,KAAM,OAAM,KAAK,QAAQ,KAAK,OAAO;AAC9C,KAAI,KAAK,QAAS,OAAM,KAAK,WAAW,KAAK,QAAQ,aAAa,GAAG;AACrE,KAAI,KAAK,WAAW,KAAA,EAAW,OAAM,KAAK,WAAW,KAAK,SAAS;AACnE,KAAI,KAAK,SAAU,OAAM,KAAK,WAAW;AACzC,KAAI,KAAK,OAAQ,OAAM,KAAK,SAAS;AACrC,KAAI,KAAK,SACP,OAAM,KAAK,YAAY,KAAK,SAAS,OAAO,EAAE,CAAC,aAAa,GAAG,KAAK,SAAS,MAAM,EAAE,GAAG;AAE1F,KAAI,KAAK,YAAa,OAAM,KAAK,cAAc;AAE/C,QAAO,MAAM,KAAK,KAAK"}

package/dist/_chunks/router-ref-C8OCm7g7.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"router-ref-C8OCm7g7.js","names":[],"sources":["../../src/client/state.ts","../../src/client/ssr-data.ts","../../src/client/router-ref.ts"],"sourcesContent":["/**\n * Centralized client singleton state registry.\n *\n * ALL mutable module-level state that must have singleton semantics across\n * the client bundle lives here. Individual modules (router-ref.ts, ssr-data.ts,\n * use-params.ts, use-search-params.ts, unload-guard.ts) import from this file\n * and re-export thin wrapper functions.\n *\n * Why: In Vite dev, a module is instantiated separately if reached via different\n * import paths (e.g., relative `./foo.js` vs barrel `@timber-js/app/client`).\n * By centralizing all mutable state in a single module that is always reached\n * through the same dependency chain (barrel → wrapper → state.ts), we guarantee\n * a single instance of every piece of shared state.\n *\n * DO NOT import this file from outside client/. Server code must never depend\n * on client state. The barrel (client/index.ts) is the public entry point.\n *\n * See design/18-build-system.md §\"Module Singleton Strategy\" and\n * §\"Singleton State Registry\".\n */\n\nimport type { RouterInstance } from './router.js';\nimport type { SsrData } from './ssr-data.js';\n\n// ─── Router (from router-ref.ts) ──────────────────────────────────────────\n\n/** The global router singleton — set once during bootstrap. */\nexport let globalRouter: RouterInstance | null = null;\n\nexport function _setGlobalRouter(router: RouterInstance | null): void {\n globalRouter = router;\n}\n\n// ─── SSR Data Provider (from ssr-data.ts) ──────────────────────────────────\n\n/**\n * ALS-backed SSR data provider. When registered, getSsrData() reads from\n * this function (ALS store) instead of module-level currentSsrData.\n */\nexport let ssrDataProvider: (() => SsrData | undefined) | undefined;\n\nexport function _setSsrDataProvider(provider: (() => SsrData | undefined) | undefined): void {\n ssrDataProvider = provider;\n}\n\n/** Fallback SSR data for tests and environments without ALS. */\nexport let currentSsrData: SsrData | undefined;\n\nexport function _setCurrentSsrData(data: SsrData | undefined): void {\n currentSsrData = data;\n}\n\n// ─── Route Params (from use-params.ts) ──────────────────────────────────────\n\n/** Current route params snapshot — replaced (not mutated) on each navigation. */\nexport let currentParams: Record<string, string | string[]> = {};\n\nexport function _setCurrentParams(params: Record<string, string | string[]>): void {\n currentParams = params;\n}\n\n/** Listeners notified when currentParams changes. */\nexport const paramsListeners = new Set<() => void>();\n\n// ─── Search Params Cache (from use-search-params.ts) ────────────────────────\n\n/** Cached search string — avoids reparsing when URL hasn't changed. */\nexport let cachedSearch = '';\nexport let cachedSearchParams = new URLSearchParams();\n\nexport function _setCachedSearch(search: string, params: URLSearchParams): void {\n cachedSearch = search;\n cachedSearchParams = params;\n}\n\n// ─── Unload Guard (from unload-guard.ts) ─────────────────────────────────────\n\n/** Whether the page is currently being unloaded. */\nexport let unloading = false;\n\nexport function _setUnloading(value: boolean): void {\n unloading = value;\n}\n","/**\n * SSR Data — per-request state for client hooks during server-side rendering.\n *\n * RSC and SSR are separate Vite module graphs (see design/18-build-system.md),\n * so the RSC environment's request-context ALS is not visible to SSR modules.\n * This module provides getter/setter functions that ssr-entry.ts uses to\n * populate per-request data for React's render.\n *\n * Request isolation: On the server, ssr-entry.ts registers an ALS-backed\n * provider via registerSsrDataProvider(). getSsrData() reads from the ALS\n * store, ensuring correct per-request data even when Suspense boundaries\n * resolve asynchronously across concurrent requests. The module-level\n * setSsrData/clearSsrData functions are kept as a fallback for tests\n * and environments without ALS.\n *\n * IMPORTANT: This module must NOT import node:async_hooks or any Node.js-only\n * APIs, as it's imported by 'use client' hooks that are bundled for the browser.\n * The ALS instance lives in ssr-entry.ts (server-only); this module only holds\n * a reference to the provider function.\n *\n * All mutable state is delegated to client/state.ts for singleton guarantees.\n * See design/18-build-system.md §\"Singleton State Registry\"\n */\n\nimport {\n ssrDataProvider,\n currentSsrData,\n _setSsrDataProvider,\n _setCurrentSsrData,\n} from './state.js';\n\n// ─── Types ────────────────────────────────────────────────────────\n\nexport interface SsrData {\n /** The request's URL pathname (e.g. '/dashboard/settings') */\n pathname: string;\n /** The request's search params as a plain record */\n searchParams: Record<string, string>;\n /** The request's cookies as name→value pairs */\n cookies: Map<string, string>;\n /** The request's route params (e.g. { id: '123' }) */\n params: Record<string, string | string[]>;\n /**\n * Mutable reference to NavContext for error boundary → pipeline communication.\n *\n * When TimberErrorBoundary catches a DenySignal during SSR, it:\n * 1. Sets `statusCode` to the deny status (e.g., 403) — so the HTTP\n * Response has the correct status code without a re-render.\n * 2. Sets `_denyHandledByBoundary = true` — so the pipeline skips\n * the redundant renderDenyPage() re-render.\n *\n * This runs synchronously during Fizz rendering, BEFORE onShellReady,\n * so the status code is committed before any bytes are sent.\n *\n * See TIM-664, design/04-authorization.md §\"React.cache Scope in Deny/Error Re-renders\"\n */\n _navContext?: { statusCode?: number; _denyHandledByBoundary?: boolean };\n}\n\n// ─── ALS-Backed Provider ─────────────────────────────────────────\n//\n// Server-side code (ssr-entry.ts) registers a provider that reads\n// from AsyncLocalStorage. This avoids importing node:async_hooks\n// in this browser-bundled module.\n//\n// Module singleton guarantee: In Vite's SSR environment, both\n// ssr-entry.ts (via #/client/ssr-data.js) and client component hooks\n// (via @timber-js/app/client) must resolve to the SAME module instance\n// of this file. The timber-shims plugin ensures this by remapping\n// @timber-js/app/client → src/client/index.ts in the SSR environment.\n// Without this remap, @timber-js/app/client resolves to dist/ (via\n// package.json exports), creating a split where registerSsrDataProvider\n// writes to one instance but getSsrData reads from another.\n// See timber-shims plugin resolveId for details.\n\n/**\n * Register an ALS-backed SSR data provider. Called once at module load\n * by ssr-entry.ts to wire up per-request data via AsyncLocalStorage.\n *\n * When registered, getSsrData() reads from the provider (ALS store)\n * instead of module-level state, ensuring correct isolation for\n * concurrent requests with streaming Suspense.\n */\nexport function registerSsrDataProvider(provider: () => SsrData | undefined): void {\n _setSsrDataProvider(provider);\n}\n\n// ─── Module-Level Fallback ────────────────────────────────────────\n//\n// Used by tests and as a fallback when no ALS provider is registered.\n\n/**\n * Set the SSR data for the current request via module-level state.\n *\n * In production, ssr-entry.ts uses ALS (runWithSsrData) instead.\n * This function is retained for tests and as a fallback.\n */\nexport function setSsrData(data: SsrData): void {\n _setCurrentSsrData(data);\n}\n\n/**\n * Clear the SSR data after rendering completes.\n *\n * In production, ALS scope handles cleanup automatically.\n * This function is retained for tests and as a fallback.\n */\nexport function clearSsrData(): void {\n _setCurrentSsrData(undefined);\n}\n\n/**\n * Read the current request's SSR data. Returns undefined when called\n * outside an SSR render (i.e. on the client after hydration).\n *\n * Prefers the ALS-backed provider when registered (server-side),\n * falling back to module-level state (tests, legacy).\n *\n * Used by client hooks' server snapshot functions.\n */\nexport function getSsrData(): SsrData | undefined {\n if (ssrDataProvider) {\n return ssrDataProvider();\n }\n return currentSsrData;\n}\n","// Global router reference — shared between browser-entry and client hooks.\n//\n// Delegates to client/state.ts for the actual module-level variable.\n// This ensures singleton semantics regardless of import path — all\n// callers converge on the same state.ts instance via the barrel.\n//\n// See design/18-build-system.md §\"Module Singleton Strategy\"\n\nimport type { RouterInstance } from './router.js';\nimport { globalRouter, _setGlobalRouter } from './state.js';\n\n/**\n * Set the global router instance. Called once during bootstrap.\n */\nexport function setGlobalRouter(router: RouterInstance): void {\n _setGlobalRouter(router);\n}\n\n/**\n * Get the global router instance. Throws if called before bootstrap.\n * Used by client-side hooks (usePendingNavigation, etc.)\n */\nexport function getRouter(): RouterInstance {\n if (!globalRouter) {\n throw new Error('[timber] Router not initialized. getRouter() was called before bootstrap().');\n }\n return globalRouter;\n}\n\n/**\n * Get the global router instance or null if not yet initialized.\n * Used by useRouter() methods to avoid silent failures — callers\n * can log a meaningful warning instead of silently no-oping.\n */\nexport function getRouterOrNull(): RouterInstance | null {\n return globalRouter;\n}\n\n/**\n * Reset the global router to null. Used only in tests to isolate\n * module-level state between test cases.\n * @internal\n */\nexport function resetGlobalRouter(): void {\n _setGlobalRouter(null);\n}\n"],"mappings":";;AA2BA,IAAW,eAAsC;AAEjD,SAAgB,iBAAiB,QAAqC;AACpE,gBAAe;;;;;;AASjB,IAAW;;AAOX,IAAW;AAEX,SAAgB,mBAAmB,MAAiC;AAClE,kBAAiB;;;AAMnB,IAAW,gBAAmD,EAAE;AAEhE,SAAgB,kBAAkB,QAAiD;AACjF,iBAAgB;;;AASlB,IAAW,eAAe;AAC1B,IAAW,qBAAqB,IAAI,iBAAiB;AAErD,SAAgB,iBAAiB,QAAgB,QAA+B;AAC9E,gBAAe;AACf,sBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACyBvB,SAAgB,WAAW,MAAqB;AAC9C,oBAAmB,KAAK;;;;;;;;AAS1B,SAAgB,eAAqB;AACnC,oBAAmB,KAAA,EAAU;;;;;;;;;;;AAY/B,SAAgB,aAAkC;AAChD,KAAI,gBACF,QAAO,iBAAiB;AAE1B,QAAO;;;;;;;AC9GT,SAAgB,gBAAgB,QAA8B;AAC5D,kBAAiB,OAAO;;;;;;AAO1B,SAAgB,YAA4B;AAC1C,KAAI,CAAC,aACH,OAAM,IAAI,MAAM,8EAA8E;AAEhG,QAAO;;;;;;;AAQT,SAAgB,kBAAyC;AACvD,QAAO"}

package/dist/_chunks/segment-classify-BDNn6EzD.js DELETED Viewed

@@ -1,65 +0,0 @@
-//#region src/routing/segment-classify.ts
-/**
-* Classify a URL path segment token.
-*
-* Walks the string left-to-right in one pass:
-*   1. If it doesn't start with '[', it's static.
-*   2. Count opening brackets (1 or 2) to detect optional.
-*   3. Check for '...' to detect catch-all.
-*   4. Read the param name up to the closing bracket.
-*   5. Validate the expected closing sequence (']' or ']]').
-*   6. Reject if there are leftover characters after the close.
-*
-* Any structural violation → static (safe default).
-*/
-function classifyUrlSegment(token) {
-	const len = token.length;
-	if (len === 0 || token[0] !== "[") return {
-		kind: "static",
-		value: token
-	};
-	let i = 1;
-	const optional = token[i] === "[";
-	if (optional) i++;
-	const catchAll = i + 2 < len && token[i] === "." && token[i + 1] === "." && token[i + 2] === ".";
-	if (catchAll) i += 3;
-	const nameStart = i;
-	while (i < len && token[i] !== "]") i++;
-	if (i >= len || i === nameStart) return {
-		kind: "static",
-		value: token
-	};
-	const name = token.slice(nameStart, i);
-	i++;
-	if (optional) {
-		if (i >= len || token[i] !== "]") return {
-			kind: "static",
-			value: token
-		};
-		i++;
-	}
-	if (i !== len) return {
-		kind: "static",
-		value: token
-	};
-	if (optional && catchAll) return {
-		kind: "optional-catch-all",
-		name
-	};
-	if (catchAll) return {
-		kind: "catch-all",
-		name
-	};
-	if (optional) return {
-		kind: "static",
-		value: token
-	};
-	return {
-		kind: "dynamic",
-		name
-	};
-}
-//#endregion
-export { classifyUrlSegment as t };
-//# sourceMappingURL=segment-classify-BDNn6EzD.js.map

package/dist/_chunks/segment-classify-BDNn6EzD.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"segment-classify-BDNn6EzD.js","names":[],"sources":["../../src/routing/segment-classify.ts"],"sourcesContent":["/**\n * Shared URL segment classifier.\n *\n * Single-pass character parser that classifies a route segment token\n * (e.g. \"dashboard\", \"[id]\", \"[...slug]\", \"[[...path]]\") into a typed\n * discriminated union. Used by both server-side routing and client-side\n * Link interpolation.\n *\n * NO regex. NO Node.js-only APIs. Safe to import from browser code.\n *\n * Malformed input (unclosed brackets, empty names, etc.) falls through\n * to { kind: 'static' } — the safe default.\n *\n * If you change the bracket syntax, update ONLY this file. Every\n * consumer imports from here.\n *\n * See design/07-routing.md §\"Route Segments\"\n */\n\nexport type UrlSegment =\n | { kind: 'static'; value: string }\n | { kind: 'dynamic'; name: string }\n | { kind: 'catch-all'; name: string }\n | { kind: 'optional-catch-all'; name: string };\n\n/**\n * Classify a URL path segment token.\n *\n * Walks the string left-to-right in one pass:\n * 1. If it doesn't start with '[', it's static.\n * 2. Count opening brackets (1 or 2) to detect optional.\n * 3. Check for '...' to detect catch-all.\n * 4. Read the param name up to the closing bracket.\n * 5. Validate the expected closing sequence (']' or ']]').\n * 6. Reject if there are leftover characters after the close.\n *\n * Any structural violation → static (safe default).\n */\nexport function classifyUrlSegment(token: string): UrlSegment {\n const len = token.length;\n\n // Must start with '[' to be dynamic\n if (len === 0 || token[0] !== '[') {\n return { kind: 'static', value: token };\n }\n\n let i = 1;\n\n // Check for optional: '[[...'\n const optional = token[i] === '[';\n if (optional) i++;\n\n // Check for catch-all: '...'\n const catchAll = i + 2 < len && token[i] === '.' && token[i + 1] === '.' && token[i + 2] === '.';\n if (catchAll) i += 3;\n\n // Read param name — everything up to ']'\n const nameStart = i;\n while (i < len && token[i] !== ']') i++;\n\n // Must have found a ']' and name must be non-empty\n if (i >= len || i === nameStart) {\n return { kind: 'static', value: token };\n }\n\n const name = token.slice(nameStart, i);\n i++; // skip first ']'\n\n // Optional requires a second ']'\n if (optional) {\n if (i >= len || token[i] !== ']') {\n return { kind: 'static', value: token };\n }\n i++;\n }\n\n // Must be at end of string — no trailing characters\n if (i !== len) {\n return { kind: 'static', value: token };\n }\n\n if (optional && catchAll) return { kind: 'optional-catch-all', name };\n if (catchAll) return { kind: 'catch-all', name };\n if (optional) {\n // '[[name]]' without '...' is malformed — not a valid segment syntax\n return { kind: 'static', value: token };\n }\n return { kind: 'dynamic', name };\n}\n"],"mappings":";;;;;;;;;;;;;;AAsCA,SAAgB,mBAAmB,OAA2B;CAC5D,MAAM,MAAM,MAAM;AAGlB,KAAI,QAAQ,KAAK,MAAM,OAAO,IAC5B,QAAO;EAAE,MAAM;EAAU,OAAO;EAAO;CAGzC,IAAI,IAAI;CAGR,MAAM,WAAW,MAAM,OAAO;AAC9B,KAAI,SAAU;CAGd,MAAM,WAAW,IAAI,IAAI,OAAO,MAAM,OAAO,OAAO,MAAM,IAAI,OAAO,OAAO,MAAM,IAAI,OAAO;AAC7F,KAAI,SAAU,MAAK;CAGnB,MAAM,YAAY;AAClB,QAAO,IAAI,OAAO,MAAM,OAAO,IAAK;AAGpC,KAAI,KAAK,OAAO,MAAM,UACpB,QAAO;EAAE,MAAM;EAAU,OAAO;EAAO;CAGzC,MAAM,OAAO,MAAM,MAAM,WAAW,EAAE;AACtC;AAGA,KAAI,UAAU;AACZ,MAAI,KAAK,OAAO,MAAM,OAAO,IAC3B,QAAO;GAAE,MAAM;GAAU,OAAO;GAAO;AAEzC;;AAIF,KAAI,MAAM,IACR,QAAO;EAAE,MAAM;EAAU,OAAO;EAAO;AAGzC,KAAI,YAAY,SAAU,QAAO;EAAE,MAAM;EAAsB;EAAM;AACrE,KAAI,SAAU,QAAO;EAAE,MAAM;EAAa;EAAM;AAChD,KAAI,SAEF,QAAO;EAAE,MAAM;EAAU,OAAO;EAAO;AAEzC,QAAO;EAAE,MAAM;EAAW;EAAM"}