npm - @timber-js/app - Versions diffs - 0.2.0-alpha.98 → 0.2.0-alpha.99 - Mend

@timber-js/app 0.2.0-alpha.98 → 0.2.0-alpha.99

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (322) hide show

package/LICENSE +8 -0
package/dist/_chunks/actions-CQ8Z8VGL.js +1061 -0
package/dist/_chunks/actions-CQ8Z8VGL.js.map +1 -0
package/dist/_chunks/build-output-helper-DXnW0qjz.js +61 -0
package/dist/_chunks/build-output-helper-DXnW0qjz.js.map +1 -0
package/dist/_chunks/{define-Itxvcd7F.js → define-B-Q_UMOD.js} +19 -23
package/dist/_chunks/define-B-Q_UMOD.js.map +1 -0
package/dist/_chunks/{define-C77ScO0m.js → define-CfBPoJb0.js} +24 -7
package/dist/_chunks/define-CfBPoJb0.js.map +1 -0
package/dist/_chunks/define-cookie-BjpIt4UC.js +194 -0
package/dist/_chunks/define-cookie-BjpIt4UC.js.map +1 -0
package/dist/_chunks/{format-CYBGxKtc.js → format-Bcn-Iv1x.js} +1 -1
package/dist/_chunks/{format-CYBGxKtc.js.map → format-Bcn-Iv1x.js.map} +1 -1
package/dist/_chunks/handler-store-B-lqaGyh.js +54 -0
package/dist/_chunks/handler-store-B-lqaGyh.js.map +1 -0
package/dist/_chunks/logger-0m8MsKdc.js +291 -0
package/dist/_chunks/logger-0m8MsKdc.js.map +1 -0
package/dist/_chunks/merge-search-params-BphMdht_.js +122 -0
package/dist/_chunks/merge-search-params-BphMdht_.js.map +1 -0
package/dist/_chunks/navigation-root-BCYczjml.js +96 -0
package/dist/_chunks/navigation-root-BCYczjml.js.map +1 -0
package/dist/_chunks/registry-I2ss-lvy.js +20 -0
package/dist/_chunks/registry-I2ss-lvy.js.map +1 -0
package/dist/_chunks/router-ref-h3-UaCQv.js +28 -0
package/dist/_chunks/router-ref-h3-UaCQv.js.map +1 -0
package/dist/_chunks/{schema-bridge-C3xl_vfb.js → schema-bridge-Cxu4l-7p.js} +1 -1
package/dist/_chunks/{schema-bridge-C3xl_vfb.js.map → schema-bridge-Cxu4l-7p.js.map} +1 -1
package/dist/_chunks/{segment-context-fHFLF1PE.js → segment-context-Dx_OizxD.js} +1 -1
package/dist/_chunks/{segment-context-fHFLF1PE.js.map → segment-context-Dx_OizxD.js.map} +1 -1
package/dist/_chunks/{router-ref-C8OCm7g7.js → ssr-data-B4CdH7rE.js} +2 -26
package/dist/_chunks/ssr-data-B4CdH7rE.js.map +1 -0
package/dist/_chunks/{stale-reload-BX5gL1r-.js → stale-reload-Bab885FO.js} +1 -1
package/dist/_chunks/{stale-reload-BX5gL1r-.js.map → stale-reload-Bab885FO.js.map} +1 -1
package/dist/_chunks/tracing-C8V-YGsP.js +329 -0
package/dist/_chunks/tracing-C8V-YGsP.js.map +1 -0
package/dist/_chunks/{use-query-states-BiV5GJgm.js → use-query-states-B2XTqxDR.js} +3 -19
package/dist/_chunks/use-query-states-B2XTqxDR.js.map +1 -0
package/dist/_chunks/{use-params-IOPu7E8t.js → use-segment-params-BkpKAQ7D.js} +9 -95
package/dist/_chunks/use-segment-params-BkpKAQ7D.js.map +1 -0
package/dist/_chunks/{walkers-VOXgavMF.js → walkers-Tg0Alwcg.js} +6 -3
package/dist/_chunks/walkers-Tg0Alwcg.js.map +1 -0
package/dist/_chunks/{dev-warnings-DpGRGoDi.js → warnings-Cg47l5sk.js} +3 -3
package/dist/_chunks/warnings-Cg47l5sk.js.map +1 -0
package/dist/adapters/build-output-helper.d.ts +28 -0
package/dist/adapters/build-output-helper.d.ts.map +1 -0
package/dist/adapters/cloudflare.d.ts.map +1 -1
package/dist/adapters/cloudflare.js +8 -28
package/dist/adapters/cloudflare.js.map +1 -1
package/dist/adapters/nitro.d.ts.map +1 -1
package/dist/adapters/nitro.js +8 -26
package/dist/adapters/nitro.js.map +1 -1
package/dist/adapters/shared.d.ts +16 -0
package/dist/adapters/shared.d.ts.map +1 -0
package/dist/cache/index.js +9 -2
package/dist/cache/index.js.map +1 -1
package/dist/cache/timber-cache.d.ts.map +1 -1
package/dist/client/error-boundary.js +2 -1
package/dist/client/error-boundary.js.map +1 -1
package/dist/client/form.d.ts +10 -24
package/dist/client/form.d.ts.map +1 -1
package/dist/client/index.d.ts +1 -5
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +40 -90
package/dist/client/index.js.map +1 -1
package/dist/client/internal.d.ts +2 -1
package/dist/client/internal.d.ts.map +1 -1
package/dist/client/internal.js +81 -7
package/dist/client/internal.js.map +1 -1
package/dist/client/rsc-fetch.d.ts.map +1 -1
package/dist/client/state.d.ts +1 -1
package/dist/client/use-cookie.d.ts +8 -0
package/dist/client/use-cookie.d.ts.map +1 -1
package/dist/client/{use-params.d.ts → use-segment-params.d.ts} +1 -1
package/dist/client/use-segment-params.d.ts.map +1 -0
package/dist/codec.d.ts +1 -1
package/dist/codec.d.ts.map +1 -1
package/dist/codec.js +2 -2
package/dist/config-types.d.ts +28 -0
package/dist/config-types.d.ts.map +1 -1
package/dist/cookies/define-cookie.d.ts +87 -35
package/dist/cookies/define-cookie.d.ts.map +1 -1
package/dist/cookies/index.d.ts +2 -1
package/dist/cookies/index.d.ts.map +1 -1
package/dist/cookies/index.js +48 -2
package/dist/cookies/index.js.map +1 -0
package/dist/cookies/json-cookie.d.ts +64 -0
package/dist/cookies/json-cookie.d.ts.map +1 -0
package/dist/cookies/validation.d.ts +46 -0
package/dist/cookies/validation.d.ts.map +1 -0
package/dist/{plugins/dev-404-page.d.ts → dev-tools/404-page.d.ts} +1 -1
package/dist/dev-tools/404-page.d.ts.map +1 -0
package/dist/{plugins/dev-browser-logs.d.ts → dev-tools/browser-logs.d.ts} +1 -1
package/dist/dev-tools/browser-logs.d.ts.map +1 -0
package/dist/{plugins/dev-error-page.d.ts → dev-tools/error-page.d.ts} +2 -2
package/dist/dev-tools/error-page.d.ts.map +1 -0
package/dist/{server/dev-holding-server.d.ts → dev-tools/holding-server.d.ts} +1 -1
package/dist/dev-tools/holding-server.d.ts.map +1 -0
package/dist/dev-tools/index.d.ts +31 -0
package/dist/dev-tools/index.d.ts.map +1 -0
package/dist/{server/dev-span-processor.d.ts → dev-tools/instrumentation.d.ts} +26 -6
package/dist/dev-tools/instrumentation.d.ts.map +1 -0
package/dist/{server/dev-logger.d.ts → dev-tools/logger.d.ts} +1 -1
package/dist/dev-tools/logger.d.ts.map +1 -0
package/dist/{plugins/dev-logs.d.ts → dev-tools/logs.d.ts} +1 -1
package/dist/dev-tools/logs.d.ts.map +1 -0
package/dist/{plugins/dev-error-overlay.d.ts → dev-tools/overlay.d.ts} +3 -12
package/dist/dev-tools/overlay.d.ts.map +1 -0
package/dist/dev-tools/stack-classifier.d.ts +34 -0
package/dist/dev-tools/stack-classifier.d.ts.map +1 -0
package/dist/{plugins/dev-terminal-error.d.ts → dev-tools/terminal.d.ts} +2 -2
package/dist/dev-tools/terminal.d.ts.map +1 -0
package/dist/{server/dev-warnings.d.ts → dev-tools/warnings.d.ts} +1 -1
package/dist/dev-tools/warnings.d.ts.map +1 -0
package/dist/index.d.ts +1 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +97 -72
package/dist/index.js.map +1 -1
package/dist/plugin-context.d.ts +1 -1
package/dist/plugin-context.d.ts.map +1 -1
package/dist/plugins/adapter-build.d.ts.map +1 -1
package/dist/routing/convention-lint.d.ts.map +1 -1
package/dist/routing/index.js +1 -1
package/dist/routing/scanner.d.ts.map +1 -1
package/dist/routing/status-file-lint.d.ts.map +1 -1
package/dist/search-params/define.d.ts +25 -7
package/dist/search-params/define.d.ts.map +1 -1
package/dist/search-params/index.js +5 -3
package/dist/search-params/index.js.map +1 -1
package/dist/search-params/wrappers.d.ts +2 -2
package/dist/search-params/wrappers.d.ts.map +1 -1
package/dist/segment-params/define.d.ts +23 -6
package/dist/segment-params/define.d.ts.map +1 -1
package/dist/segment-params/index.js +1 -1
package/dist/server/access-gate.d.ts +4 -3
package/dist/server/access-gate.d.ts.map +1 -1
package/dist/server/action-handler.d.ts +15 -6
package/dist/server/action-handler.d.ts.map +1 -1
package/dist/server/als-registry.d.ts +5 -5
package/dist/server/als-registry.d.ts.map +1 -1
package/dist/server/asset-headers.d.ts +1 -15
package/dist/server/asset-headers.d.ts.map +1 -1
package/dist/server/cookie-context.d.ts +170 -0
package/dist/server/cookie-context.d.ts.map +1 -0
package/dist/server/cookie-parsing.d.ts +51 -0
package/dist/server/cookie-parsing.d.ts.map +1 -0
package/dist/server/deny-boundary.d.ts +90 -0
package/dist/server/deny-boundary.d.ts.map +1 -0
package/dist/server/deny-renderer.d.ts.map +1 -1
package/dist/server/early-hints-sender.d.ts.map +1 -1
package/dist/server/index.d.ts +5 -4
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +4 -149
package/dist/server/index.js.map +1 -1
package/dist/server/internal.d.ts +6 -4
package/dist/server/internal.d.ts.map +1 -1
package/dist/server/internal.js +261 -408
package/dist/server/internal.js.map +1 -1
package/dist/server/logger.d.ts +14 -0
package/dist/server/logger.d.ts.map +1 -1
package/dist/server/middleware-runner.d.ts +17 -0
package/dist/server/middleware-runner.d.ts.map +1 -1
package/dist/server/param-coercion.d.ts +26 -0
package/dist/server/param-coercion.d.ts.map +1 -0
package/dist/server/pipeline-helpers.d.ts +14 -7
package/dist/server/pipeline-helpers.d.ts.map +1 -1
package/dist/server/pipeline-outcome.d.ts +49 -0
package/dist/server/pipeline-outcome.d.ts.map +1 -0
package/dist/server/pipeline-phases.d.ts +4 -49
package/dist/server/pipeline-phases.d.ts.map +1 -1
package/dist/server/pipeline.d.ts +0 -2
package/dist/server/pipeline.d.ts.map +1 -1
package/dist/server/request-context.d.ts +22 -159
package/dist/server/request-context.d.ts.map +1 -1
package/dist/server/route-element-builder.d.ts.map +1 -1
package/dist/server/rsc-entry/action-middleware-runner.d.ts +66 -0
package/dist/server/rsc-entry/action-middleware-runner.d.ts.map +1 -0
package/dist/server/rsc-entry/helpers.d.ts +1 -1
package/dist/server/rsc-entry/helpers.d.ts.map +1 -1
package/dist/server/rsc-entry/index.d.ts.map +1 -1
package/dist/server/rsc-entry/render-route.d.ts +50 -0
package/dist/server/rsc-entry/render-route.d.ts.map +1 -0
package/dist/server/rsc-entry/wrap-action-dispatch.d.ts +59 -14
package/dist/server/rsc-entry/wrap-action-dispatch.d.ts.map +1 -1
package/dist/server/state-tree-diff.d.ts.map +1 -1
package/dist/server/tracing.d.ts +1 -1
package/dist/server/tracing.d.ts.map +1 -1
package/dist/server/tree-builder.d.ts +45 -16
package/dist/server/tree-builder.d.ts.map +1 -1
package/dist/server/types.d.ts +48 -0
package/dist/server/types.d.ts.map +1 -1
package/dist/server/utils/escape-html.d.ts +14 -0
package/dist/server/utils/escape-html.d.ts.map +1 -0
package/dist/shims/headers.d.ts +2 -2
package/dist/shims/headers.d.ts.map +1 -1
package/dist/shims/navigation-client.d.ts +3 -1
package/dist/shims/navigation-client.d.ts.map +1 -1
package/dist/shims/navigation.d.ts +9 -4
package/dist/shims/navigation.d.ts.map +1 -1
package/package.json +6 -7
package/src/adapters/build-output-helper.ts +77 -0
package/src/adapters/cloudflare.ts +10 -50
package/src/adapters/nitro.ts +11 -45
package/src/adapters/shared.ts +40 -0
package/src/cache/timber-cache.ts +3 -2
package/src/cli.ts +0 -0
package/src/client/form.tsx +17 -25
package/src/client/index.ts +16 -9
package/src/client/internal.ts +3 -2
package/src/client/router.ts +1 -1
package/src/client/rsc-fetch.ts +15 -0
package/src/client/state.ts +2 -2
package/src/client/use-cookie.ts +29 -0
package/src/codec.ts +3 -7
package/src/config-types.ts +28 -0
package/src/cookies/define-cookie.ts +271 -78
package/src/cookies/index.ts +11 -8
package/src/cookies/json-cookie.ts +105 -0
package/src/cookies/validation.ts +134 -0
package/src/{plugins/dev-404-page.ts → dev-tools/404-page.ts} +2 -7
package/src/{plugins/dev-error-page.ts → dev-tools/error-page.ts} +5 -32
package/src/dev-tools/index.ts +90 -0
package/src/dev-tools/instrumentation.ts +176 -0
package/src/{plugins/dev-logs.ts → dev-tools/logs.ts} +2 -2
package/src/{plugins/dev-error-overlay.ts → dev-tools/overlay.ts} +5 -23
package/src/dev-tools/stack-classifier.ts +75 -0
package/src/{plugins/dev-terminal-error.ts → dev-tools/terminal.ts} +4 -38
package/src/{server/dev-warnings.ts → dev-tools/warnings.ts} +1 -1
package/src/index.ts +11 -3
package/src/plugin-context.ts +1 -1
package/src/plugins/adapter-build.ts +3 -1
package/src/plugins/dev-server.ts +3 -3
package/src/plugins/shims.ts +1 -1
package/src/plugins/static-build.ts +1 -1
package/src/routing/convention-lint.ts +5 -4
package/src/routing/scanner.ts +5 -2
package/src/routing/status-file-lint.ts +4 -2
package/src/search-params/define.ts +71 -15
package/src/search-params/wrappers.ts +9 -2
package/src/segment-params/define.ts +66 -13
package/src/server/access-gate.tsx +9 -8
package/src/server/action-handler.ts +28 -38
package/src/server/als-registry.ts +5 -5
package/src/server/asset-headers.ts +8 -34
package/src/server/cookie-context.ts +468 -0
package/src/server/cookie-parsing.ts +135 -0
package/src/server/{deny-page-resolver.ts → deny-boundary.ts} +78 -14
package/src/server/deny-renderer.ts +2 -7
package/src/server/early-hints-sender.ts +3 -2
package/src/server/fallback-error.ts +1 -1
package/src/server/index.ts +13 -14
package/src/server/internal.ts +10 -3
package/src/server/logger.ts +23 -0
package/src/server/middleware-runner.ts +44 -0
package/src/server/param-coercion.ts +76 -0
package/src/server/pipeline-helpers.ts +37 -13
package/src/server/pipeline-outcome.ts +167 -0
package/src/server/pipeline-phases.ts +27 -209
package/src/server/pipeline.ts +2 -9
package/src/server/request-context.ts +46 -451
package/src/server/route-element-builder.ts +7 -3
package/src/server/rsc-entry/action-middleware-runner.ts +167 -0
package/src/server/rsc-entry/error-renderer.ts +1 -1
package/src/server/rsc-entry/helpers.ts +2 -7
package/src/server/rsc-entry/index.ts +34 -273
package/src/server/rsc-entry/render-route.ts +304 -0
package/src/server/rsc-entry/rsc-payload.ts +1 -1
package/src/server/rsc-entry/ssr-renderer.ts +2 -2
package/src/server/rsc-entry/wrap-action-dispatch.ts +316 -23
package/src/server/ssr-entry.ts +1 -1
package/src/server/state-tree-diff.ts +4 -1
package/src/server/tracing.ts +3 -3
package/src/server/tree-builder.ts +128 -52
package/src/server/types.ts +52 -0
package/src/server/utils/escape-html.ts +20 -0
package/src/shims/headers.ts +3 -3
package/src/shims/navigation-client.ts +4 -3
package/src/shims/navigation.ts +9 -7
package/dist/_chunks/actions-DLnUaR65.js +0 -421
package/dist/_chunks/actions-DLnUaR65.js.map +0 -1
package/dist/_chunks/als-registry-HS0LGUl2.js +0 -41
package/dist/_chunks/als-registry-HS0LGUl2.js.map +0 -1
package/dist/_chunks/debug-ECi_61pb.js +0 -108
package/dist/_chunks/debug-ECi_61pb.js.map +0 -1
package/dist/_chunks/define-C77ScO0m.js.map +0 -1
package/dist/_chunks/define-Itxvcd7F.js.map +0 -1
package/dist/_chunks/define-cookie-BowvzoP0.js +0 -94
package/dist/_chunks/define-cookie-BowvzoP0.js.map +0 -1
package/dist/_chunks/dev-warnings-DpGRGoDi.js.map +0 -1
package/dist/_chunks/merge-search-params-Cm_KIWDX.js +0 -41
package/dist/_chunks/merge-search-params-Cm_KIWDX.js.map +0 -1
package/dist/_chunks/request-context-CK5tZqIP.js +0 -478
package/dist/_chunks/request-context-CK5tZqIP.js.map +0 -1
package/dist/_chunks/router-ref-C8OCm7g7.js.map +0 -1
package/dist/_chunks/tracing-CCYbKn5n.js +0 -238
package/dist/_chunks/tracing-CCYbKn5n.js.map +0 -1
package/dist/_chunks/use-params-IOPu7E8t.js.map +0 -1
package/dist/_chunks/use-query-states-BiV5GJgm.js.map +0 -1
package/dist/_chunks/walkers-VOXgavMF.js.map +0 -1
package/dist/client/use-params.d.ts.map +0 -1
package/dist/plugins/dev-404-page.d.ts.map +0 -1
package/dist/plugins/dev-browser-logs.d.ts.map +0 -1
package/dist/plugins/dev-error-overlay.d.ts.map +0 -1
package/dist/plugins/dev-error-page.d.ts.map +0 -1
package/dist/plugins/dev-logs.d.ts.map +0 -1
package/dist/plugins/dev-terminal-error.d.ts.map +0 -1
package/dist/server/deny-page-resolver.d.ts +0 -52
package/dist/server/deny-page-resolver.d.ts.map +0 -1
package/dist/server/dev-fetch-instrumentation.d.ts +0 -22
package/dist/server/dev-fetch-instrumentation.d.ts.map +0 -1
package/dist/server/dev-holding-server.d.ts.map +0 -1
package/dist/server/dev-logger.d.ts.map +0 -1
package/dist/server/dev-span-processor.d.ts.map +0 -1
package/dist/server/dev-warnings.d.ts.map +0 -1
package/dist/server/page-deny-boundary.d.ts +0 -31
package/dist/server/page-deny-boundary.d.ts.map +0 -1
package/src/server/dev-fetch-instrumentation.ts +0 -96
package/src/server/dev-span-processor.ts +0 -78
package/src/server/page-deny-boundary.tsx +0 -56
/package/src/client/{use-params.ts → use-segment-params.ts} +0 -0
/package/src/{plugins/dev-browser-logs.ts → dev-tools/browser-logs.ts} +0 -0
/package/src/{server/dev-holding-server.ts → dev-tools/holding-server.ts} +0 -0
/package/src/{server/dev-logger.ts → dev-tools/logger.ts} +0 -0

package/dist/server/internal.js CHANGED Viewed

@@ -1,13 +1,11 @@
-import { n as isDevMode, t as isDebug } from "../_chunks/debug-ECi_61pb.js";
-import { a as warnRedirectInSuspense, c as warnSuspenseWrappingChildren, i as warnRedirectInAccess, n as setViteServer, o as warnSlowSlotWithoutSuspense, r as warnDenyInSuspense, s as warnStaticRequestApi, t as WarningId } from "../_chunks/dev-warnings-DpGRGoDi.js";
+import { c as replaceTraceId, d as withSpan, f as earlyHintsSenderAls, g as timingAls, i as getOtelTraceId, l as runWithTraceId, m as requestContextAls, o as getTraceId, r as generateTraceId, u as setSpanAttribute, v as isDebug } from "../_chunks/tracing-C8V-YGsP.js";
+import { a as warnRedirectInSuspense, c as warnSuspenseWrappingChildren, i as warnRedirectInAccess, n as setViteServer, o as warnSlowSlotWithoutSuspense, r as warnDenyInSuspense, s as warnStaticRequestApi, t as WarningId } from "../_chunks/warnings-Cg47l5sk.js";
 import { n as classifyUrlSegment } from "../_chunks/segment-classify-BjfuctV2.js";
 import { i as getMetadataRouteServePath, n as classifyMetadataRoute, r as getMetadataRouteAutoLink, t as METADATA_ROUTE_CONVENTIONS } from "../_chunks/metadata-routes-BU684ls2.js";
-import { a as timingAls, r as requestContextAls, t as earlyHintsSenderAls } from "../_chunks/als-registry-HS0LGUl2.js";
-import { f as runWithRequestContext, l as getSetCookieHeaders, m as setSegmentParams, p as setMutableCookieContext, t as applyRequestHeaderOverlay, u as markResponseFlushed } from "../_chunks/request-context-CK5tZqIP.js";
-import { l as RenderError, n as executeAction, o as DenySignal, r as isRscActionRequest, s as RedirectSignal, t as buildNoJsResponse } from "../_chunks/actions-DLnUaR65.js";
-import { c as replaceTraceId, d as withSpan, i as getOtelTraceId, l as runWithTraceId, o as getTraceId, r as generateTraceId, s as getTraceStore, u as setSpanAttribute } from "../_chunks/tracing-CCYbKn5n.js";
+import { a as logProxyError, c as logRequestReceived, d as logSwrRefetchFailed, f as logWaitUntilRejected, h as swallow, i as logMiddlewareShortCircuit, l as logRouteError, m as setLogger, n as logCacheMiss, o as logRenderError, p as logWaitUntilUnsupported, r as logMiddlewareError, s as logRequestCompleted, t as getLogger, u as logSlowRequest } from "../_chunks/logger-0m8MsKdc.js";
+import { C as setMutableCookieContext, D as getSetCookieHeaders, S as runWithRequestContext, T as getCookie, _ as getHeader, b as getSegmentParams, c as DenySignal, d as RenderError, g as applyRequestHeaderOverlay, l as RedirectSignal, n as executeAction, o as coerce, r as isRscActionRequest, t as buildNoJsResponse, w as setSegmentParams, x as markResponseFlushed, y as getSearchParams } from "../_chunks/actions-CQ8Z8VGL.js";
 import "../client/error-boundary.js";
-import "../_chunks/segment-context-fHFLF1PE.js";
+import "../_chunks/segment-context-Dx_OizxD.js";
 import { readFile } from "node:fs/promises";
 import { createElement } from "react";
 //#region src/server/server-timing.ts
@@ -86,276 +84,6 @@ function getServerTimingHeader() {
 	return result || null;
 }
 //#endregion
-//#region src/server/error-formatter.ts
-/**
-* Error Formatter — rewrites SSR/RSC error messages to surface user code.
-*
-* When React or Vite throw errors during SSR, stack traces reference
-* vendored dependency paths (e.g. `.vite/deps_ssr/@vitejs_plugin-rsc_vendor_...`)
-* and mangled export names (`__vite_ssr_export_default__`). This module
-* rewrites error messages and stack traces to point at user code instead.
-*
-* Dev-only — in production, errors go through the structured logger
-* without formatting.
-*/
-/**
-* Patterns that identify internal Vite/RSC vendor paths in stack traces.
-* These are replaced with human-readable labels.
-*/
-var VENDOR_PATH_PATTERNS = [
-	{
-		pattern: /node_modules\/\.vite\/deps_ssr\/@vitejs_plugin-rsc_vendor_react-server-dom[^\s)]+/g,
-		replacement: "<react-server-dom>"
-	},
-	{
-		pattern: /node_modules\/\.vite\/deps_ssr\/@vitejs_plugin-rsc_vendor[^\s)]+/g,
-		replacement: "<rsc-vendor>"
-	},
-	{
-		pattern: /node_modules\/\.vite\/deps_ssr\/[^\s)]+/g,
-		replacement: "<vite-dep>"
-	},
-	{
-		pattern: /node_modules\/\.vite\/deps\/[^\s)]+/g,
-		replacement: "<vite-dep>"
-	}
-];
-/**
-* Patterns that identify Vite-mangled export names in error messages.
-*/
-var MANGLED_NAME_PATTERNS = [{
-	pattern: /__vite_ssr_export_default__/g,
-	replacement: "<default export>"
-}, {
-	pattern: /__vite_ssr_export_(\w+)__/g,
-	replacement: "<export $1>"
-}];
-/**
-* Rewrite an error's message and stack to replace internal Vite paths
-* and mangled names with human-readable labels.
-*/
-function formatSsrError(error) {
-	if (!(error instanceof Error)) return String(error);
-	let message = error.message;
-	let stack = error.stack ?? "";
-	for (const { pattern, replacement } of MANGLED_NAME_PATTERNS) message = message.replace(pattern, replacement);
-	for (const { pattern, replacement } of VENDOR_PATH_PATTERNS) stack = stack.replace(pattern, replacement);
-	for (const { pattern, replacement } of MANGLED_NAME_PATTERNS) stack = stack.replace(pattern, replacement);
-	const hint = extractErrorHint(error.message);
-	const parts = [];
-	parts.push(message);
-	if (hint) parts.push(`  → ${hint}`);
-	const userFrames = extractUserFrames(stack);
-	if (userFrames.length > 0) {
-		parts.push("");
-		parts.push("  User code in stack:");
-		for (const frame of userFrames) parts.push(`    ${frame}`);
-	}
-	return parts.join("\n");
-}
-/**
-* Extract a human-readable hint from common React/RSC error messages.
-*
-* React error messages contain useful information but the surrounding
-* context (vendor paths, mangled names) obscures it. This extracts the
-* actionable part as a one-line hint.
-*/
-function extractErrorHint(message) {
-	if (message.match(/Functions cannot be passed directly to Client Components/)) {
-		const propMatch = message.match(/<[^>]*?\s(\w+)=\{function/);
-		if (propMatch) return `Prop "${propMatch[1]}" is a function — mark it "use server" or call it before passing`;
-		return "A function prop was passed to a Client Component — mark it \"use server\" or call it before passing";
-	}
-	if (message.includes("Objects are not valid as a React child")) return "An object was rendered as JSX children — convert to string or extract the value";
-	const nullRefMatch = message.match(/Cannot read propert(?:y|ies) of (undefined|null) \(reading '(\w+)'\)/);
-	if (nullRefMatch) return `Accessed .${nullRefMatch[2]} on ${nullRefMatch[1]} — check that the value exists`;
-	const notFnMatch = message.match(/(\w+) is not a function/);
-	if (notFnMatch) return `"${notFnMatch[1]}" is not a function — check imports and exports`;
-	if (message.includes("Element type is invalid")) return "A component resolved to undefined/null — check default exports and import paths";
-	if (message.includes("Invalid hook call")) return "A hook was called outside of a React component render. If this is a 'use client' component, ensure the directive is at the very top of the file (before any imports) and that @vitejs/plugin-rsc is loaded correctly. Barrel re-exports from non-'use client' files do not propagate the directive.";
-	return null;
-}
-/**
-* Extract stack frames that reference user code (not node_modules,
-* not framework internals).
-*
-* Returns at most 5 frames to keep output concise.
-*/
-function extractUserFrames(stack) {
-	const lines = stack.split("\n");
-	const userFrames = [];
-	for (const line of lines) {
-		const trimmed = line.trim();
-		if (!trimmed.startsWith("at ")) continue;
-		if (trimmed.includes("node_modules") || trimmed.includes("<react-server-dom>") || trimmed.includes("<rsc-vendor>") || trimmed.includes("<vite-dep>") || trimmed.includes("node:internal")) continue;
-		userFrames.push(trimmed);
-		if (userFrames.length >= 5) break;
-	}
-	return userFrames;
-}
-//#endregion
-//#region src/server/default-logger.ts
-/**
-* DefaultLogger — human-readable stderr logging when no custom logger is configured.
-*
-* Ships as the fallback so production deployments always have error visibility,
-* even without an `instrumentation.ts` logger export. Output is one line per
-* event, designed for `fly logs`, `kubectl logs`, Cloudflare dashboard tails, etc.
-*
-* Format:
-*   [timber] ERROR  message  key=value key=value  trace_id=4bf92f35
-*   [timber] WARN   message  key=value key=value  trace_id=4bf92f35
-*   [timber] INFO   message  method=GET path=/dashboard status=200 durationMs=43  trace_id=4bf92f35
-*
-* Behavior:
-* - Suppressed entirely in dev mode (dev logging handles all output)
-* - `debug` suppressed unless TIMBER_DEBUG is set
-* - Replaced entirely when a custom logger is set via `setLogger()`
-*
-* See design/17-logging.md §"DefaultLogger"
-*/
-/**
-* Format data fields as `key=value` pairs for human-readable output.
-* - `error` key is serialized via formatSsrError for stack trace cleanup
-* - `trace_id` is truncated to 8 chars for readability (full ID in OTEL)
-* - Other values are stringified inline
-*/
-function formatDataFields(data) {
-	if (!data) return "";
-	const parts = [];
-	let traceId;
-	for (const [key, value] of Object.entries(data)) {
-		if (key === "trace_id") {
-			traceId = typeof value === "string" ? value : String(value);
-			continue;
-		}
-		if (key === "error") {
-			parts.push(`error=${formatSsrError(value)}`);
-			continue;
-		}
-		if (value === void 0 || value === null) continue;
-		parts.push(`${key}=${value}`);
-	}
-	if (traceId) parts.push(`trace_id=${traceId.slice(0, 8)}`);
-	return parts.length > 0 ? "  " + parts.join("  ") : "";
-}
-/** Pad level string to fixed width for alignment. */
-function padLevel(level) {
-	return level.padEnd(5);
-}
-function createDefaultLogger() {
-	return {
-		error(msg, data) {
-			const fields = formatDataFields(data);
-			process.stderr.write(`[timber] ${padLevel("ERROR")}  ${msg}${fields}\n`);
-		},
-		warn(msg, data) {
-			const fields = formatDataFields(data);
-			process.stderr.write(`[timber] ${padLevel("WARN")}  ${msg}${fields}\n`);
-		},
-		info(msg, data) {
-			if (isDevMode()) return;
-			if (!isDebug()) return;
-			const fields = formatDataFields(data);
-			process.stderr.write(`[timber] ${padLevel("INFO")}  ${msg}${fields}\n`);
-		},
-		debug(msg, data) {
-			if (isDevMode()) return;
-			if (!isDebug()) return;
-			const fields = formatDataFields(data);
-			process.stderr.write(`[timber] ${padLevel("DEBUG")}  ${msg}${fields}\n`);
-		}
-	};
-}
-//#endregion
-//#region src/server/logger.ts
-/**
-* Logger — structured logging with environment-aware formatting.
-*
-* timber.js ships a DefaultLogger that writes human-readable lines to stderr
-* in production. Users can export a custom logger from instrumentation.ts to
-* replace it with pino, winston, or any TimberLogger-compatible object.
-*
-* See design/17-logging.md §"Production Logging"
-*/
-var _logger = createDefaultLogger();
-/**
-* Set the user-provided logger. Called by the instrumentation loader
-* when it finds a `logger` export in instrumentation.ts. Replaces
-* the DefaultLogger entirely.
-*/
-function setLogger(logger) {
-	_logger = logger;
-}
-/**
-* Get the current logger. Always non-null — returns DefaultLogger when
-* no custom logger is configured.
-*/
-function getLogger() {
-	return _logger;
-}
-/**
-* Inject trace_id and span_id into log data for log–trace correlation.
-* Always injects trace_id (never undefined). Injects span_id only when OTEL is active.
-*/
-function withTraceContext(data) {
-	const store = getTraceStore();
-	const enriched = { ...data };
-	if (store) {
-		enriched.trace_id = store.traceId;
-		if (store.spanId) enriched.span_id = store.spanId;
-	}
-	return enriched;
-}
-/** Log a completed request. Level: info. */
-function logRequestCompleted(data) {
-	_logger.info("request completed", withTraceContext(data));
-}
-/** Log request received. Level: debug. */
-function logRequestReceived(data) {
-	_logger.debug("request received", withTraceContext(data));
-}
-/** Log a slow request warning. Level: warn. */
-function logSlowRequest(data) {
-	_logger.warn("slow request exceeded threshold", withTraceContext(data));
-}
-/** Log middleware short-circuit. Level: debug. */
-function logMiddlewareShortCircuit(data) {
-	_logger.debug("middleware short-circuited", withTraceContext(data));
-}
-/** Log unhandled error in middleware phase. Level: error. */
-function logMiddlewareError(data) {
-	_logger.error("unhandled error in middleware phase", withTraceContext(data));
-}
-/** Log unhandled render-phase error. Level: error. */
-function logRenderError(data) {
-	_logger.error("unhandled render-phase error", withTraceContext(data));
-}
-/** Log proxy.ts uncaught error. Level: error. */
-function logProxyError(data) {
-	_logger.error("proxy.ts threw uncaught error", withTraceContext(data));
-}
-/** Log unhandled error in route handler. Level: error. */
-function logRouteError(data) {
-	_logger.error("unhandled route handler error", withTraceContext(data));
-}
-/** Log waitUntil() adapter missing (once at startup). Level: warn. */
-function logWaitUntilUnsupported() {
-	_logger.warn("adapter does not support waitUntil()");
-}
-/** Log waitUntil() promise rejection. Level: warn. */
-function logWaitUntilRejected(data) {
-	_logger.warn("waitUntil() promise rejected", withTraceContext(data));
-}
-/** Log staleWhileRevalidate refetch failure. Level: warn. */
-function logSwrRefetchFailed(data) {
-	_logger.warn("staleWhileRevalidate refetch failed", withTraceContext(data));
-}
-/** Log cache miss. Level: debug. */
-function logCacheMiss(data) {
-	_logger.debug("timber.cache MISS", withTraceContext(data));
-}
-//#endregion
 //#region src/server/instrumentation.ts
 /**
 * Instrumentation — loads and runs the user's instrumentation.ts file.
@@ -419,24 +147,37 @@ function hasOnRequestError() {
 }
 //#endregion
 //#region src/server/pipeline-helpers.ts
-/** Keys that must never be merged via Object.assign — they pollute Object.prototype. */
-var DANGEROUS_KEYS = new Set([
-	"__proto__",
-	"constructor",
-	"prototype"
-]);
 /**
-* Shallow merge that skips top-level prototype-polluting keys.
+* Only __proto__ needs stripping — it has a language-level setter that
+* changes the prototype chain of spread copies. constructor and prototype
+* are harmless own properties on null-prototype objects.
+*/
+var DANGEROUS_KEYS = new Set(["__proto__"]);
+/**
+* Deep-walk a value returned by a segment param codec, producing a
+* sanitized copy where every plain object is null-prototype and
+* dangerous keys (__proto__, constructor, prototype) are stripped at
+* every depth.
+*
+* Non-plain objects (Date, Map, class instances, etc.) are returned
+* as-is — they cannot be poisoned by `{...x}` spread and may carry
+* author-intended prototype methods.
 *
-* This is intentionally NOT a deep sanitizer. It only blocks shallow
-* pollution via top-level `__proto__` / `constructor` / `prototype`
-* keys. The deeper guarantee for segment params comes from merging
-* codec output into a null-prototype target inside coerceSegmentParams().
+* Arrays are walked element-wise.
 *
-* See TIM-655, TIM-855, design/13-security.md
+* Performance: URL params are bounded by URL length (~8 KB). Realistic
+* trees are <1 KB. The recursive walk is sub-microsecond.
+*
+* See TIM-655, TIM-855, TIM-873, design/13-security.md
 */
-function safeMerge(target, source) {
-	for (const key of Object.keys(source)) if (!DANGEROUS_KEYS.has(key)) target[key] = source[key];
+function sanitizeParamValue(value) {
+	if (value === null || typeof value !== "object") return value;
+	if (Array.isArray(value)) return value.map(sanitizeParamValue);
+	const proto = Object.getPrototypeOf(value);
+	if (proto !== Object.prototype && proto !== null) return value;
+	const out = Object.create(null);
+	for (const key of Object.keys(value)) if (!DANGEROUS_KEYS.has(key)) out[key] = sanitizeParamValue(value[key]);
+	return out;
 }
 /**
 * Build a proxy resolver closure from the declared source. Called exactly
@@ -661,6 +402,35 @@ async function runMiddlewareChain(chain, ctx) {
 		if (result instanceof Response) return result;
 	}
 }
+/**
+* Per-request marker for synthetic re-render requests that should NOT
+* re-execute `middleware.ts`. The action-dispatch wrapper runs middleware
+* once on the inbound action POST; when validation fails on the no-JS
+* path, it builds a synthetic GET that flows through the normal pipeline
+* to render the page with `getFormFlash()` data. Without this marker, the
+* pipeline would run middleware a second time on that synthetic GET.
+*
+* The set is keyed by the synthetic Request object itself, so the entry
+* lives exactly as long as the request and is garbage-collected with it.
+* Cannot be set or detected by user code — there is no header, no URL
+* parameter, nothing on the wire that an attacker could spoof.
+*
+* See TIM-871.
+*
+* @internal — framework use only.
+*/
+var middlewareBypassRequests = /* @__PURE__ */ new WeakSet();
+/**
+* Check whether a request was marked to bypass middleware.
+*
+* Called by `handleRequest` in pipeline-phases.ts before invoking the
+* middleware phase. Returns false for any request not explicitly marked.
+*
+* @internal
+*/
+function shouldBypassMiddleware(req) {
+	return middlewareBypassRequests.has(req);
+}
 //#endregion
 //#region src/server/metadata-social.ts
 /**
@@ -1389,20 +1159,36 @@ async function loadModule(loader) {
 	}
 }
 //#endregion
-//#region src/server/deny-page-resolver.ts
+//#region src/server/deny-boundary.ts
 /**
-* Deny Page Resolver — resolves status-code file components for in-tree deny handling.
+* Deny boundary subsystem — the in-tree DenySignal flow.
+*
+* Three things live together here because they form a single flow:
+*
+* 1. **Chain construction** (`buildDenyPageChain`) — walks the matched
+*    segment chain at element-tree build time and produces a list of
+*    `DenyPageEntry` records ordered by specificity (specific status →
+*    category catch-all → `error.tsx`).
+*
+* 2. **Runtime matching** (`renderMatchingDenyPage`) — picks the first
+*    chain entry whose status filter matches the thrown DenySignal and
+*    returns a React element for the matching component. Used by
+*    `AccessGate` and `PageDenyBoundary` when they catch a deny.
+*
+* 3. **The page boundary itself** (`PageDenyBoundary`) — the async server
+*    component that wraps a server-component page, calls it, and catches
+*    `DenySignal` so the deny page renders in-tree (no throw reaches
+*    React Flight, single render pass).
 *
-* When AccessGate or PageDenyBoundary catches a DenySignal, they need to
-* render the matching deny page (403.tsx, 4xx.tsx, error.tsx) as a normal
-* element in the React tree. This module resolves the deny page chain from
-* the segment chain — a list of fallback components ordered by specificity.
+* Plus the ALS helpers (`setDenyStatus` / `getDenyStatus`) the boundary
+* uses to thread the matched status code back to the pipeline so the
+* HTTP status reflects the deny.
 *
-* The chain is built during buildRouteElement and passed as a prop to
-* AccessGate and PageDenyBoundary. At catch time, the first matching
-* component is rendered.
+* Folded into one module from the former `deny-page-resolver.ts` and
+* `page-deny-boundary.tsx` (TIM-853) — the names were misleading and the
+* three pieces only made sense together.
 *
-* See design/10-error-handling.md §"Status-Code Files", TIM-666.
+* See design/04-authorization.md, design/10-error-handling.md, TIM-666.
 */
 /**
 * Find the first deny page in the chain that matches the given status code.
@@ -1749,19 +1535,7 @@ function pathnameMatchesPattern(pathname, pattern) {
 	return pi === pathParts.length;
 }
 //#endregion
-//#region src/server/pipeline-phases.ts
-/**
-* Pipeline phase functions — module-level free functions that take their
-* dependencies as explicit parameters. Each phase returns a `PhaseOutcome`
-* (a discriminated union over response / redirect / deny / error). The
-* terminal `outcomeToResponse` translates outcomes into Responses.
-*
-* Lifted out of `createPipeline` so each phase can be unit-tested in
-* isolation. The lift is mechanical — these functions used to be closures
-* over `config`; they now take `config` as an explicit parameter.
-*
-* See design/07-routing.md §"Request Lifecycle", design/02-rendering-pipeline.md §"Request Flow".
-*/
+//#region src/server/param-coercion.ts
 /**
 * Run segment param coercion on the matched route's segments.
 *
@@ -1773,10 +1547,10 @@ function pathnameMatchesPattern(pathname, pattern) {
 * See design/07-routing.md §"Where Coercion Runs"
 */
 async function coerceSegmentParams(match) {
-	const segments = match.segments;
-	let mergeTarget = match.segmentParams;
-	let usesNullPrototypeTarget = Object.getPrototypeOf(mergeTarget) === null;
-	for (const segment of segments) {
+	const mergeTarget = Object.create(null);
+	for (const key of Object.keys(match.segmentParams)) if (key !== "__proto__") mergeTarget[key] = match.segmentParams[key];
+	match.segmentParams = mergeTarget;
+	for (const segment of match.segments) {
 		if (!segment.params) continue;
 		let mod;
 		try {
@@ -1788,18 +1562,131 @@ async function coerceSegmentParams(match) {
 		if (!segmentParamsDef || typeof segmentParamsDef.parse !== "function") continue;
 		try {
 			const coerced = segmentParamsDef.parse(match.segmentParams);
-			if (!usesNullPrototypeTarget) {
-				mergeTarget = Object.create(null);
-				safeMerge(mergeTarget, match.segmentParams);
-				match.segmentParams = mergeTarget;
-				usesNullPrototypeTarget = true;
-			}
-			safeMerge(mergeTarget, coerced);
+			for (const key of Object.keys(coerced)) if (key !== "__proto__") mergeTarget[key] = sanitizeParamValue(coerced[key]);
 		} catch (err) {
 			throw new ParamCoercionError(err instanceof Error ? err.message : String(err));
 		}
 	}
 }
+//#endregion
+//#region src/server/pipeline-outcome.ts
+/**
+* Pipeline outcome translator — converts a `PhaseOutcome` (the value
+* each phase function returns) into a final `Response`.
+*
+* Lifted out of `pipeline-phases.ts` (TIM-853) so the per-phase try /
+* catch logic and the terminal Response-building logic each live in
+* their own file. The phases produce values; this module is the single
+* source of truth for how those values become wire responses.
+*
+* See design/07-routing.md §"Request Lifecycle".
+*/
+/**
+* Terminal outcome handler — converts a `PhaseOutcome` into a final
+* `Response`, applying cookies, building redirects, rendering deny pages
+* and fallback error pages, and firing instrumentation hooks.
+*
+* This is the single source of truth for how phase outputs become wire
+* responses; the per-phase try/catch blocks now produce values, not
+* Responses, so the conversion logic lives in exactly one place.
+*/
+async function outcomeToResponse(config, outcome, ctx) {
+	switch (outcome.kind) {
+		case "response": {
+			const finalResponse = cloneWithMutableHeaders(outcome.response);
+			if (outcome.phase === "proxy") return finalResponse;
+			if (outcome.phase === "middleware" && ctx.responseHeaders) {
+				applyCookieJar(finalResponse.headers);
+				mergeMissingHeaders(finalResponse.headers, ctx.responseHeaders);
+				logMiddlewareShortCircuit({
+					method: ctx.method,
+					path: ctx.path,
+					status: finalResponse.status
+				});
+			}
+			if (outcome.phase === "render") markResponseFlushed();
+			return finalResponse;
+		}
+		case "redirect": {
+			const headers = ctx.responseHeaders ?? new Headers();
+			applyCookieJar(headers);
+			return buildRedirectResponse(outcome.signal, ctx.req, headers);
+		}
+		case "deny": {
+			const headers = ctx.responseHeaders ?? new Headers();
+			applyCookieJar(headers);
+			if (config.renderDenyFallback) try {
+				return cloneWithMutableHeaders(await config.renderDenyFallback(outcome.signal, ctx.req, headers, ctx.match));
+			} catch (denyRenderError) {
+				logRenderError({
+					method: ctx.method,
+					path: ctx.path,
+					error: denyRenderError
+				});
+				await fireOnRequestError(denyRenderError, ctx.req, "render");
+				if (config.onPipelineError && denyRenderError instanceof Error) config.onPipelineError(denyRenderError, "render");
+			}
+			return new Response(null, {
+				status: outcome.signal.status,
+				headers
+			});
+		}
+		case "error": {
+			if (outcome.phase === "proxy") {
+				logProxyError({ error: outcome.error });
+				await fireOnRequestError(outcome.error, ctx.req, "proxy");
+				if (config.onPipelineError && outcome.error instanceof Error) config.onPipelineError(outcome.error, "proxy");
+				return new Response(null, { status: 500 });
+			}
+			if (outcome.phase === "middleware") {
+				logMiddlewareError({
+					method: ctx.method,
+					path: ctx.path,
+					error: outcome.error
+				});
+				await fireOnRequestError(outcome.error, ctx.req, "handler");
+				if (config.onPipelineError && outcome.error instanceof Error) config.onPipelineError(outcome.error, "middleware");
+				return new Response(null, { status: 500 });
+			}
+			const headers = ctx.responseHeaders ?? new Headers();
+			applyCookieJar(headers);
+			logRenderError({
+				method: ctx.method,
+				path: ctx.path,
+				error: outcome.error
+			});
+			await fireOnRequestError(outcome.error, ctx.req, "render");
+			if (config.onPipelineError && outcome.error instanceof Error) config.onPipelineError(outcome.error, "render");
+			if (config.renderFallbackError) try {
+				return cloneWithMutableHeaders(await config.renderFallbackError(outcome.error, ctx.req, headers));
+			} catch (fallbackRenderError) {
+				logRenderError({
+					method: ctx.method,
+					path: ctx.path,
+					error: fallbackRenderError
+				});
+				await fireOnRequestError(fallbackRenderError, ctx.req, "render");
+				if (config.onPipelineError && fallbackRenderError instanceof Error) config.onPipelineError(fallbackRenderError, "render");
+			}
+			return new Response(null, { status: 500 });
+		}
+	}
+}
+//#endregion
+//#region src/server/pipeline-phases.ts
+/**
+* Pipeline phase functions — module-level free functions that take their
+* dependencies as explicit parameters. Each phase returns a `PhaseOutcome`
+* (a discriminated union over response / redirect / deny / error) defined
+* in `pipeline-outcome.ts`. The terminal `outcomeToResponse` (also in
+* `pipeline-outcome.ts`) translates outcomes into Responses.
+*
+* Lifted out of `createPipeline` so each phase can be unit-tested in
+* isolation. The lift is mechanical — these functions used to be closures
+* over `config`; they now take `config` as an explicit parameter.
+*
+* See design/07-routing.md §"Request Lifecycle", design/02-rendering-pipeline.md §"Request Flow".
+*/
 /**
 * Run the proxy.ts phase. Calls user proxy code and uses `handleRequest` as
 * the inner `next()` continuation. The proxy resolver was picked at pipeline
@@ -1943,7 +1830,7 @@ async function handleRequest(config, req, method, path) {
 			if (typeof handlerResult === "string") body = handlerResult;
 			else if (contentType === "application/xml") body = serializeSitemap(handlerResult);
 			else if (contentType === "application/manifest+json") body = JSON.stringify(handlerResult, null, 2);
-			else body = typeof handlerResult === "string" ? handlerResult : String(handlerResult);
+			else body = String(handlerResult);
 			return new Response(body, {
 				status: 200,
 				headers: { "Content-Type": `${contentType}; charset=utf-8` }
@@ -2005,7 +1892,9 @@ async function handleRequest(config, req, method, path) {
 	responseHeaders.set("Cache-Control", "private, no-cache, no-store, max-age=0, must-revalidate");
 	if (config.earlyHints) try {
 		await config.earlyHints(match, req, responseHeaders);
-	} catch {}
+	} catch (err) {
+		swallow(err, "early hints hook threw");
+	}
 	try {
 		await coerceSegmentParams(match);
 	} catch (error) {
@@ -2018,7 +1907,7 @@ async function handleRequest(config, req, method, path) {
 		throw error;
 	}
 	setSegmentParams(match.segmentParams);
-	return outcomeToResponse(config, match.middlewareChain.length > 0 ? await runMiddlewarePhase(config, req, match, responseHeaders, requestHeaderOverlay, {
+	return outcomeToResponse(config, !shouldBypassMiddleware(req) && match.middlewareChain.length > 0 ? await runMiddlewarePhase(config, req, match, responseHeaders, requestHeaderOverlay, {
 		canonicalPathname,
 		interception
 	}) : await runRenderPhase(config, req, match, responseHeaders, requestHeaderOverlay, {
@@ -2032,81 +1921,6 @@ async function handleRequest(config, req, method, path) {
 		match
 	});
 }
-/**
-* Terminal outcome handler — converts a `PhaseOutcome` into a final
-* `Response`, applying cookies, building redirects, rendering deny pages
-* and fallback error pages, and firing instrumentation hooks.
-*
-* This is the single source of truth for how phase outputs become wire
-* responses; the per-phase try/catch blocks now produce values, not
-* Responses, so the conversion logic lives in exactly one place.
-*/
-async function outcomeToResponse(config, outcome, ctx) {
-	switch (outcome.kind) {
-		case "response": {
-			const finalResponse = cloneWithMutableHeaders(outcome.response);
-			if (outcome.phase === "proxy") return finalResponse;
-			if (outcome.phase === "middleware" && ctx.responseHeaders) {
-				applyCookieJar(finalResponse.headers);
-				mergeMissingHeaders(finalResponse.headers, ctx.responseHeaders);
-				logMiddlewareShortCircuit({
-					method: ctx.method,
-					path: ctx.path,
-					status: finalResponse.status
-				});
-			}
-			if (outcome.phase === "render") markResponseFlushed();
-			return finalResponse;
-		}
-		case "redirect": {
-			const headers = ctx.responseHeaders ?? new Headers();
-			applyCookieJar(headers);
-			return buildRedirectResponse(outcome.signal, ctx.req, headers);
-		}
-		case "deny": {
-			const headers = ctx.responseHeaders ?? new Headers();
-			applyCookieJar(headers);
-			if (config.renderDenyFallback) try {
-				return cloneWithMutableHeaders(await config.renderDenyFallback(outcome.signal, ctx.req, headers, ctx.match));
-			} catch {}
-			return new Response(null, {
-				status: outcome.signal.status,
-				headers
-			});
-		}
-		case "error": {
-			if (outcome.phase === "proxy") {
-				logProxyError({ error: outcome.error });
-				await fireOnRequestError(outcome.error, ctx.req, "proxy");
-				if (config.onPipelineError && outcome.error instanceof Error) config.onPipelineError(outcome.error, "proxy");
-				return new Response(null, { status: 500 });
-			}
-			if (outcome.phase === "middleware") {
-				logMiddlewareError({
-					method: ctx.method,
-					path: ctx.path,
-					error: outcome.error
-				});
-				await fireOnRequestError(outcome.error, ctx.req, "handler");
-				if (config.onPipelineError && outcome.error instanceof Error) config.onPipelineError(outcome.error, "middleware");
-				return new Response(null, { status: 500 });
-			}
-			const headers = ctx.responseHeaders ?? new Headers();
-			applyCookieJar(headers);
-			logRenderError({
-				method: ctx.method,
-				path: ctx.path,
-				error: outcome.error
-			});
-			await fireOnRequestError(outcome.error, ctx.req, "render");
-			if (config.onPipelineError && outcome.error instanceof Error) config.onPipelineError(outcome.error, "render");
-			if (config.renderFallbackError) try {
-				return cloneWithMutableHeaders(await config.renderFallbackError(outcome.error, ctx.req, headers));
-			} catch {}
-			return new Response(null, { status: 500 });
-		}
-	}
-}
 //#endregion
 //#region src/server/pipeline.ts
 /**
@@ -2386,10 +2200,46 @@ function sendEarlyHints103(links) {
 	if (!sender) return;
 	try {
 		sender(links);
-	} catch {}
+	} catch (err) {
+		swallow(err, "early hints 103 send failed");
+	}
 }
 //#endregion
 //#region src/server/tree-builder.ts
+var REACT_COMPONENT_TYPE_MARKERS = new Set([
+	Symbol.for("react.forward_ref"),
+	Symbol.for("react.memo"),
+	Symbol.for("react.lazy"),
+	Symbol.for("react.provider"),
+	Symbol.for("react.context"),
+	Symbol.for("react.suspense"),
+	Symbol.for("react.suspense_list"),
+	Symbol.for("react.client.reference")
+]);
+/**
+* Validate that a loaded module's `default` export is something React
+* accepts as the first argument to `createElement` — i.e. a valid component
+* type. React doesn't export `isValidElementType` (only `isValidElement`,
+* which checks for *elements*, not *component types*), so this mirrors
+* React's internal check:
+*
+*   - functions  → function or class components
+*   - objects with a `$$typeof` matching one of React's known component
+*     markers → exotic components (`memo`, `forwardRef`, `lazy`, context,
+*     suspense, client references via `@vitejs/plugin-rsc`)
+*
+* Strings (HTML tag names) are valid for `createElement` but never appear
+* as a route module's default export, so they're not recognized here.
+*
+* Anything else (numbers, plain config objects, JSON, etc.) is rejected so
+* the boundary wrapper is skipped rather than crashing inside React.
+*/
+function isValidElementType(value) {
+	if (typeof value === "function") return true;
+	if (typeof value !== "object" || value === null) return false;
+	const marker = value.$$typeof;
+	return typeof marker === "symbol" && REACT_COMPONENT_TYPE_MARKERS.has(marker);
+}
 /**
 * Build the unified element tree from a matched segment chain.
 *
@@ -2504,7 +2354,8 @@ async function wrapWithErrorBoundaries(segment, element, loadModule, createEleme
 		for (const [key, file] of Object.entries(segment.statusFiles)) if (key !== "4xx" && key !== "5xx") {
 			const status = parseInt(key, 10);
 			if (!isNaN(status)) {
-				const Component = (await loadModule(file)).default;
+				const mod = await loadModule(file);
+				const Component = isValidElementType(mod.default) ? mod.default : null;
 				if (Component) element = createElement(errorBoundaryComponent, isMdxFile(file) ? {
 					fallbackElement: createElement(Component, { status }),
 					status,
@@ -2517,7 +2368,8 @@ async function wrapWithErrorBoundaries(segment, element, loadModule, createEleme
 			}
 		}
 		for (const [key, file] of Object.entries(segment.statusFiles)) if (key === "4xx" || key === "5xx") {
-			const Component = (await loadModule(file)).default;
+			const mod = await loadModule(file);
+			const Component = isValidElementType(mod.default) ? mod.default : null;
 			if (Component) {
 				const categoryStatus = key === "4xx" ? 400 : 500;
 				element = createElement(errorBoundaryComponent, isMdxFile(file) ? {
@@ -2533,7 +2385,8 @@ async function wrapWithErrorBoundaries(segment, element, loadModule, createEleme
 		}
 	}
 	if (segment.error) {
-		const ErrorComponent = (await loadModule(segment.error)).default;
+		const errorModule = await loadModule(segment.error);
+		const ErrorComponent = isValidElementType(errorModule.default) ? errorModule.default : null;
 		if (ErrorComponent) element = createElement(errorBoundaryComponent, isMdxFile(segment.error) ? {
 			fallbackElement: createElement(ErrorComponent, {}),
 			children: element
@@ -3042,6 +2895,6 @@ var RenderTimeoutError = class extends Error {
 	}
 };
 //#endregion
-export { AccessGate, DEFAULT_LIMITS, DenySignal, METADATA_ROUTE_CONVENTIONS, RedirectSignal, RenderError, RenderTimeoutError, SlotAccessGate, WarningId, buildElementTree, buildNoJsResponse, callOnRequestError, canonicalize, classifyMetadataRoute, collectEarlyHintHeaders, createPipeline, enforceBodyLimits, executeAction, flushResponse, formatLinkHeader, generateTraceId, getLogger, getMetadataRouteAutoLink, getMetadataRouteServePath, getSetCookieHeaders, handleRouteRequest, hasOnRequestError, isRscActionRequest, loadInstrumentation, logCacheMiss, logMiddlewareError, logMiddlewareShortCircuit, logProxyError, logRenderError, logRequestCompleted, logRequestReceived, logSlowRequest, logSwrRefetchFailed, logWaitUntilRejected, logWaitUntilUnsupported, markResponseFlushed, parseBodySize, renderMetadataToElements, replaceTraceId, resolveAllowedMethods, resolveMetadata, resolveMetadataUrls, resolveSlotDenied, resolveStatusFile, resolveTitle, runMiddleware, runProxy, runWithEarlyHintsSender, runWithRequestContext, runWithTraceId, sendEarlyHints103, setLogger, setMutableCookieContext, setSegmentParams, setViteServer, validateCsrf, warnDenyInSuspense, warnRedirectInAccess, warnRedirectInSuspense, warnSlowSlotWithoutSuspense, warnStaticRequestApi, warnSuspenseWrappingChildren };
+export { AccessGate, DEFAULT_LIMITS, DenySignal, METADATA_ROUTE_CONVENTIONS, RedirectSignal, RenderError, RenderTimeoutError, SlotAccessGate, WarningId, buildElementTree, buildNoJsResponse, callOnRequestError, canonicalize, classifyMetadataRoute, coerce, collectEarlyHintHeaders, createPipeline, enforceBodyLimits, executeAction, flushResponse, formatLinkHeader, generateTraceId, getCookie, getHeader, getLogger, getMetadataRouteAutoLink, getMetadataRouteServePath, getSearchParams, getSegmentParams, getSetCookieHeaders, handleRouteRequest, hasOnRequestError, isRscActionRequest, loadInstrumentation, logCacheMiss, logMiddlewareError, logMiddlewareShortCircuit, logProxyError, logRenderError, logRequestCompleted, logRequestReceived, logSlowRequest, logSwrRefetchFailed, logWaitUntilRejected, logWaitUntilUnsupported, markResponseFlushed, parseBodySize, renderMetadataToElements, replaceTraceId, resolveAllowedMethods, resolveMetadata, resolveMetadataUrls, resolveSlotDenied, resolveStatusFile, resolveTitle, runMiddleware, runProxy, runWithEarlyHintsSender, runWithRequestContext, runWithTraceId, sendEarlyHints103, setLogger, setMutableCookieContext, setSegmentParams, setViteServer, validateCsrf, warnDenyInSuspense, warnRedirectInAccess, warnRedirectInSuspense, warnSlowSlotWithoutSuspense, warnStaticRequestApi, warnSuspenseWrappingChildren };
 //# sourceMappingURL=internal.js.map