@timber-js/app 0.2.0-alpha.98 → 0.2.0-alpha.99

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (322) hide show
  1. package/LICENSE +8 -0
  2. package/dist/_chunks/actions-CQ8Z8VGL.js +1061 -0
  3. package/dist/_chunks/actions-CQ8Z8VGL.js.map +1 -0
  4. package/dist/_chunks/build-output-helper-DXnW0qjz.js +61 -0
  5. package/dist/_chunks/build-output-helper-DXnW0qjz.js.map +1 -0
  6. package/dist/_chunks/{define-Itxvcd7F.js → define-B-Q_UMOD.js} +19 -23
  7. package/dist/_chunks/define-B-Q_UMOD.js.map +1 -0
  8. package/dist/_chunks/{define-C77ScO0m.js → define-CfBPoJb0.js} +24 -7
  9. package/dist/_chunks/define-CfBPoJb0.js.map +1 -0
  10. package/dist/_chunks/define-cookie-BjpIt4UC.js +194 -0
  11. package/dist/_chunks/define-cookie-BjpIt4UC.js.map +1 -0
  12. package/dist/_chunks/{format-CYBGxKtc.js → format-Bcn-Iv1x.js} +1 -1
  13. package/dist/_chunks/{format-CYBGxKtc.js.map → format-Bcn-Iv1x.js.map} +1 -1
  14. package/dist/_chunks/handler-store-B-lqaGyh.js +54 -0
  15. package/dist/_chunks/handler-store-B-lqaGyh.js.map +1 -0
  16. package/dist/_chunks/logger-0m8MsKdc.js +291 -0
  17. package/dist/_chunks/logger-0m8MsKdc.js.map +1 -0
  18. package/dist/_chunks/merge-search-params-BphMdht_.js +122 -0
  19. package/dist/_chunks/merge-search-params-BphMdht_.js.map +1 -0
  20. package/dist/_chunks/navigation-root-BCYczjml.js +96 -0
  21. package/dist/_chunks/navigation-root-BCYczjml.js.map +1 -0
  22. package/dist/_chunks/registry-I2ss-lvy.js +20 -0
  23. package/dist/_chunks/registry-I2ss-lvy.js.map +1 -0
  24. package/dist/_chunks/router-ref-h3-UaCQv.js +28 -0
  25. package/dist/_chunks/router-ref-h3-UaCQv.js.map +1 -0
  26. package/dist/_chunks/{schema-bridge-C3xl_vfb.js → schema-bridge-Cxu4l-7p.js} +1 -1
  27. package/dist/_chunks/{schema-bridge-C3xl_vfb.js.map → schema-bridge-Cxu4l-7p.js.map} +1 -1
  28. package/dist/_chunks/{segment-context-fHFLF1PE.js → segment-context-Dx_OizxD.js} +1 -1
  29. package/dist/_chunks/{segment-context-fHFLF1PE.js.map → segment-context-Dx_OizxD.js.map} +1 -1
  30. package/dist/_chunks/{router-ref-C8OCm7g7.js → ssr-data-B4CdH7rE.js} +2 -26
  31. package/dist/_chunks/ssr-data-B4CdH7rE.js.map +1 -0
  32. package/dist/_chunks/{stale-reload-BX5gL1r-.js → stale-reload-Bab885FO.js} +1 -1
  33. package/dist/_chunks/{stale-reload-BX5gL1r-.js.map → stale-reload-Bab885FO.js.map} +1 -1
  34. package/dist/_chunks/tracing-C8V-YGsP.js +329 -0
  35. package/dist/_chunks/tracing-C8V-YGsP.js.map +1 -0
  36. package/dist/_chunks/{use-query-states-BiV5GJgm.js → use-query-states-B2XTqxDR.js} +3 -19
  37. package/dist/_chunks/use-query-states-B2XTqxDR.js.map +1 -0
  38. package/dist/_chunks/{use-params-IOPu7E8t.js → use-segment-params-BkpKAQ7D.js} +9 -95
  39. package/dist/_chunks/use-segment-params-BkpKAQ7D.js.map +1 -0
  40. package/dist/_chunks/{walkers-VOXgavMF.js → walkers-Tg0Alwcg.js} +6 -3
  41. package/dist/_chunks/walkers-Tg0Alwcg.js.map +1 -0
  42. package/dist/_chunks/{dev-warnings-DpGRGoDi.js → warnings-Cg47l5sk.js} +3 -3
  43. package/dist/_chunks/warnings-Cg47l5sk.js.map +1 -0
  44. package/dist/adapters/build-output-helper.d.ts +28 -0
  45. package/dist/adapters/build-output-helper.d.ts.map +1 -0
  46. package/dist/adapters/cloudflare.d.ts.map +1 -1
  47. package/dist/adapters/cloudflare.js +8 -28
  48. package/dist/adapters/cloudflare.js.map +1 -1
  49. package/dist/adapters/nitro.d.ts.map +1 -1
  50. package/dist/adapters/nitro.js +8 -26
  51. package/dist/adapters/nitro.js.map +1 -1
  52. package/dist/adapters/shared.d.ts +16 -0
  53. package/dist/adapters/shared.d.ts.map +1 -0
  54. package/dist/cache/index.js +9 -2
  55. package/dist/cache/index.js.map +1 -1
  56. package/dist/cache/timber-cache.d.ts.map +1 -1
  57. package/dist/client/error-boundary.js +2 -1
  58. package/dist/client/error-boundary.js.map +1 -1
  59. package/dist/client/form.d.ts +10 -24
  60. package/dist/client/form.d.ts.map +1 -1
  61. package/dist/client/index.d.ts +1 -5
  62. package/dist/client/index.d.ts.map +1 -1
  63. package/dist/client/index.js +40 -90
  64. package/dist/client/index.js.map +1 -1
  65. package/dist/client/internal.d.ts +2 -1
  66. package/dist/client/internal.d.ts.map +1 -1
  67. package/dist/client/internal.js +81 -7
  68. package/dist/client/internal.js.map +1 -1
  69. package/dist/client/rsc-fetch.d.ts.map +1 -1
  70. package/dist/client/state.d.ts +1 -1
  71. package/dist/client/use-cookie.d.ts +8 -0
  72. package/dist/client/use-cookie.d.ts.map +1 -1
  73. package/dist/client/{use-params.d.ts → use-segment-params.d.ts} +1 -1
  74. package/dist/client/use-segment-params.d.ts.map +1 -0
  75. package/dist/codec.d.ts +1 -1
  76. package/dist/codec.d.ts.map +1 -1
  77. package/dist/codec.js +2 -2
  78. package/dist/config-types.d.ts +28 -0
  79. package/dist/config-types.d.ts.map +1 -1
  80. package/dist/cookies/define-cookie.d.ts +87 -35
  81. package/dist/cookies/define-cookie.d.ts.map +1 -1
  82. package/dist/cookies/index.d.ts +2 -1
  83. package/dist/cookies/index.d.ts.map +1 -1
  84. package/dist/cookies/index.js +48 -2
  85. package/dist/cookies/index.js.map +1 -0
  86. package/dist/cookies/json-cookie.d.ts +64 -0
  87. package/dist/cookies/json-cookie.d.ts.map +1 -0
  88. package/dist/cookies/validation.d.ts +46 -0
  89. package/dist/cookies/validation.d.ts.map +1 -0
  90. package/dist/{plugins/dev-404-page.d.ts → dev-tools/404-page.d.ts} +1 -1
  91. package/dist/dev-tools/404-page.d.ts.map +1 -0
  92. package/dist/{plugins/dev-browser-logs.d.ts → dev-tools/browser-logs.d.ts} +1 -1
  93. package/dist/dev-tools/browser-logs.d.ts.map +1 -0
  94. package/dist/{plugins/dev-error-page.d.ts → dev-tools/error-page.d.ts} +2 -2
  95. package/dist/dev-tools/error-page.d.ts.map +1 -0
  96. package/dist/{server/dev-holding-server.d.ts → dev-tools/holding-server.d.ts} +1 -1
  97. package/dist/dev-tools/holding-server.d.ts.map +1 -0
  98. package/dist/dev-tools/index.d.ts +31 -0
  99. package/dist/dev-tools/index.d.ts.map +1 -0
  100. package/dist/{server/dev-span-processor.d.ts → dev-tools/instrumentation.d.ts} +26 -6
  101. package/dist/dev-tools/instrumentation.d.ts.map +1 -0
  102. package/dist/{server/dev-logger.d.ts → dev-tools/logger.d.ts} +1 -1
  103. package/dist/dev-tools/logger.d.ts.map +1 -0
  104. package/dist/{plugins/dev-logs.d.ts → dev-tools/logs.d.ts} +1 -1
  105. package/dist/dev-tools/logs.d.ts.map +1 -0
  106. package/dist/{plugins/dev-error-overlay.d.ts → dev-tools/overlay.d.ts} +3 -12
  107. package/dist/dev-tools/overlay.d.ts.map +1 -0
  108. package/dist/dev-tools/stack-classifier.d.ts +34 -0
  109. package/dist/dev-tools/stack-classifier.d.ts.map +1 -0
  110. package/dist/{plugins/dev-terminal-error.d.ts → dev-tools/terminal.d.ts} +2 -2
  111. package/dist/dev-tools/terminal.d.ts.map +1 -0
  112. package/dist/{server/dev-warnings.d.ts → dev-tools/warnings.d.ts} +1 -1
  113. package/dist/dev-tools/warnings.d.ts.map +1 -0
  114. package/dist/index.d.ts +1 -0
  115. package/dist/index.d.ts.map +1 -1
  116. package/dist/index.js +97 -72
  117. package/dist/index.js.map +1 -1
  118. package/dist/plugin-context.d.ts +1 -1
  119. package/dist/plugin-context.d.ts.map +1 -1
  120. package/dist/plugins/adapter-build.d.ts.map +1 -1
  121. package/dist/routing/convention-lint.d.ts.map +1 -1
  122. package/dist/routing/index.js +1 -1
  123. package/dist/routing/scanner.d.ts.map +1 -1
  124. package/dist/routing/status-file-lint.d.ts.map +1 -1
  125. package/dist/search-params/define.d.ts +25 -7
  126. package/dist/search-params/define.d.ts.map +1 -1
  127. package/dist/search-params/index.js +5 -3
  128. package/dist/search-params/index.js.map +1 -1
  129. package/dist/search-params/wrappers.d.ts +2 -2
  130. package/dist/search-params/wrappers.d.ts.map +1 -1
  131. package/dist/segment-params/define.d.ts +23 -6
  132. package/dist/segment-params/define.d.ts.map +1 -1
  133. package/dist/segment-params/index.js +1 -1
  134. package/dist/server/access-gate.d.ts +4 -3
  135. package/dist/server/access-gate.d.ts.map +1 -1
  136. package/dist/server/action-handler.d.ts +15 -6
  137. package/dist/server/action-handler.d.ts.map +1 -1
  138. package/dist/server/als-registry.d.ts +5 -5
  139. package/dist/server/als-registry.d.ts.map +1 -1
  140. package/dist/server/asset-headers.d.ts +1 -15
  141. package/dist/server/asset-headers.d.ts.map +1 -1
  142. package/dist/server/cookie-context.d.ts +170 -0
  143. package/dist/server/cookie-context.d.ts.map +1 -0
  144. package/dist/server/cookie-parsing.d.ts +51 -0
  145. package/dist/server/cookie-parsing.d.ts.map +1 -0
  146. package/dist/server/deny-boundary.d.ts +90 -0
  147. package/dist/server/deny-boundary.d.ts.map +1 -0
  148. package/dist/server/deny-renderer.d.ts.map +1 -1
  149. package/dist/server/early-hints-sender.d.ts.map +1 -1
  150. package/dist/server/index.d.ts +5 -4
  151. package/dist/server/index.d.ts.map +1 -1
  152. package/dist/server/index.js +4 -149
  153. package/dist/server/index.js.map +1 -1
  154. package/dist/server/internal.d.ts +6 -4
  155. package/dist/server/internal.d.ts.map +1 -1
  156. package/dist/server/internal.js +261 -408
  157. package/dist/server/internal.js.map +1 -1
  158. package/dist/server/logger.d.ts +14 -0
  159. package/dist/server/logger.d.ts.map +1 -1
  160. package/dist/server/middleware-runner.d.ts +17 -0
  161. package/dist/server/middleware-runner.d.ts.map +1 -1
  162. package/dist/server/param-coercion.d.ts +26 -0
  163. package/dist/server/param-coercion.d.ts.map +1 -0
  164. package/dist/server/pipeline-helpers.d.ts +14 -7
  165. package/dist/server/pipeline-helpers.d.ts.map +1 -1
  166. package/dist/server/pipeline-outcome.d.ts +49 -0
  167. package/dist/server/pipeline-outcome.d.ts.map +1 -0
  168. package/dist/server/pipeline-phases.d.ts +4 -49
  169. package/dist/server/pipeline-phases.d.ts.map +1 -1
  170. package/dist/server/pipeline.d.ts +0 -2
  171. package/dist/server/pipeline.d.ts.map +1 -1
  172. package/dist/server/request-context.d.ts +22 -159
  173. package/dist/server/request-context.d.ts.map +1 -1
  174. package/dist/server/route-element-builder.d.ts.map +1 -1
  175. package/dist/server/rsc-entry/action-middleware-runner.d.ts +66 -0
  176. package/dist/server/rsc-entry/action-middleware-runner.d.ts.map +1 -0
  177. package/dist/server/rsc-entry/helpers.d.ts +1 -1
  178. package/dist/server/rsc-entry/helpers.d.ts.map +1 -1
  179. package/dist/server/rsc-entry/index.d.ts.map +1 -1
  180. package/dist/server/rsc-entry/render-route.d.ts +50 -0
  181. package/dist/server/rsc-entry/render-route.d.ts.map +1 -0
  182. package/dist/server/rsc-entry/wrap-action-dispatch.d.ts +59 -14
  183. package/dist/server/rsc-entry/wrap-action-dispatch.d.ts.map +1 -1
  184. package/dist/server/state-tree-diff.d.ts.map +1 -1
  185. package/dist/server/tracing.d.ts +1 -1
  186. package/dist/server/tracing.d.ts.map +1 -1
  187. package/dist/server/tree-builder.d.ts +45 -16
  188. package/dist/server/tree-builder.d.ts.map +1 -1
  189. package/dist/server/types.d.ts +48 -0
  190. package/dist/server/types.d.ts.map +1 -1
  191. package/dist/server/utils/escape-html.d.ts +14 -0
  192. package/dist/server/utils/escape-html.d.ts.map +1 -0
  193. package/dist/shims/headers.d.ts +2 -2
  194. package/dist/shims/headers.d.ts.map +1 -1
  195. package/dist/shims/navigation-client.d.ts +3 -1
  196. package/dist/shims/navigation-client.d.ts.map +1 -1
  197. package/dist/shims/navigation.d.ts +9 -4
  198. package/dist/shims/navigation.d.ts.map +1 -1
  199. package/package.json +6 -7
  200. package/src/adapters/build-output-helper.ts +77 -0
  201. package/src/adapters/cloudflare.ts +10 -50
  202. package/src/adapters/nitro.ts +11 -45
  203. package/src/adapters/shared.ts +40 -0
  204. package/src/cache/timber-cache.ts +3 -2
  205. package/src/cli.ts +0 -0
  206. package/src/client/form.tsx +17 -25
  207. package/src/client/index.ts +16 -9
  208. package/src/client/internal.ts +3 -2
  209. package/src/client/router.ts +1 -1
  210. package/src/client/rsc-fetch.ts +15 -0
  211. package/src/client/state.ts +2 -2
  212. package/src/client/use-cookie.ts +29 -0
  213. package/src/codec.ts +3 -7
  214. package/src/config-types.ts +28 -0
  215. package/src/cookies/define-cookie.ts +271 -78
  216. package/src/cookies/index.ts +11 -8
  217. package/src/cookies/json-cookie.ts +105 -0
  218. package/src/cookies/validation.ts +134 -0
  219. package/src/{plugins/dev-404-page.ts → dev-tools/404-page.ts} +2 -7
  220. package/src/{plugins/dev-error-page.ts → dev-tools/error-page.ts} +5 -32
  221. package/src/dev-tools/index.ts +90 -0
  222. package/src/dev-tools/instrumentation.ts +176 -0
  223. package/src/{plugins/dev-logs.ts → dev-tools/logs.ts} +2 -2
  224. package/src/{plugins/dev-error-overlay.ts → dev-tools/overlay.ts} +5 -23
  225. package/src/dev-tools/stack-classifier.ts +75 -0
  226. package/src/{plugins/dev-terminal-error.ts → dev-tools/terminal.ts} +4 -38
  227. package/src/{server/dev-warnings.ts → dev-tools/warnings.ts} +1 -1
  228. package/src/index.ts +11 -3
  229. package/src/plugin-context.ts +1 -1
  230. package/src/plugins/adapter-build.ts +3 -1
  231. package/src/plugins/dev-server.ts +3 -3
  232. package/src/plugins/shims.ts +1 -1
  233. package/src/plugins/static-build.ts +1 -1
  234. package/src/routing/convention-lint.ts +5 -4
  235. package/src/routing/scanner.ts +5 -2
  236. package/src/routing/status-file-lint.ts +4 -2
  237. package/src/search-params/define.ts +71 -15
  238. package/src/search-params/wrappers.ts +9 -2
  239. package/src/segment-params/define.ts +66 -13
  240. package/src/server/access-gate.tsx +9 -8
  241. package/src/server/action-handler.ts +28 -38
  242. package/src/server/als-registry.ts +5 -5
  243. package/src/server/asset-headers.ts +8 -34
  244. package/src/server/cookie-context.ts +468 -0
  245. package/src/server/cookie-parsing.ts +135 -0
  246. package/src/server/{deny-page-resolver.ts → deny-boundary.ts} +78 -14
  247. package/src/server/deny-renderer.ts +2 -7
  248. package/src/server/early-hints-sender.ts +3 -2
  249. package/src/server/fallback-error.ts +1 -1
  250. package/src/server/index.ts +13 -14
  251. package/src/server/internal.ts +10 -3
  252. package/src/server/logger.ts +23 -0
  253. package/src/server/middleware-runner.ts +44 -0
  254. package/src/server/param-coercion.ts +76 -0
  255. package/src/server/pipeline-helpers.ts +37 -13
  256. package/src/server/pipeline-outcome.ts +167 -0
  257. package/src/server/pipeline-phases.ts +27 -209
  258. package/src/server/pipeline.ts +2 -9
  259. package/src/server/request-context.ts +46 -451
  260. package/src/server/route-element-builder.ts +7 -3
  261. package/src/server/rsc-entry/action-middleware-runner.ts +167 -0
  262. package/src/server/rsc-entry/error-renderer.ts +1 -1
  263. package/src/server/rsc-entry/helpers.ts +2 -7
  264. package/src/server/rsc-entry/index.ts +34 -273
  265. package/src/server/rsc-entry/render-route.ts +304 -0
  266. package/src/server/rsc-entry/rsc-payload.ts +1 -1
  267. package/src/server/rsc-entry/ssr-renderer.ts +2 -2
  268. package/src/server/rsc-entry/wrap-action-dispatch.ts +316 -23
  269. package/src/server/ssr-entry.ts +1 -1
  270. package/src/server/state-tree-diff.ts +4 -1
  271. package/src/server/tracing.ts +3 -3
  272. package/src/server/tree-builder.ts +128 -52
  273. package/src/server/types.ts +52 -0
  274. package/src/server/utils/escape-html.ts +20 -0
  275. package/src/shims/headers.ts +3 -3
  276. package/src/shims/navigation-client.ts +4 -3
  277. package/src/shims/navigation.ts +9 -7
  278. package/dist/_chunks/actions-DLnUaR65.js +0 -421
  279. package/dist/_chunks/actions-DLnUaR65.js.map +0 -1
  280. package/dist/_chunks/als-registry-HS0LGUl2.js +0 -41
  281. package/dist/_chunks/als-registry-HS0LGUl2.js.map +0 -1
  282. package/dist/_chunks/debug-ECi_61pb.js +0 -108
  283. package/dist/_chunks/debug-ECi_61pb.js.map +0 -1
  284. package/dist/_chunks/define-C77ScO0m.js.map +0 -1
  285. package/dist/_chunks/define-Itxvcd7F.js.map +0 -1
  286. package/dist/_chunks/define-cookie-BowvzoP0.js +0 -94
  287. package/dist/_chunks/define-cookie-BowvzoP0.js.map +0 -1
  288. package/dist/_chunks/dev-warnings-DpGRGoDi.js.map +0 -1
  289. package/dist/_chunks/merge-search-params-Cm_KIWDX.js +0 -41
  290. package/dist/_chunks/merge-search-params-Cm_KIWDX.js.map +0 -1
  291. package/dist/_chunks/request-context-CK5tZqIP.js +0 -478
  292. package/dist/_chunks/request-context-CK5tZqIP.js.map +0 -1
  293. package/dist/_chunks/router-ref-C8OCm7g7.js.map +0 -1
  294. package/dist/_chunks/tracing-CCYbKn5n.js +0 -238
  295. package/dist/_chunks/tracing-CCYbKn5n.js.map +0 -1
  296. package/dist/_chunks/use-params-IOPu7E8t.js.map +0 -1
  297. package/dist/_chunks/use-query-states-BiV5GJgm.js.map +0 -1
  298. package/dist/_chunks/walkers-VOXgavMF.js.map +0 -1
  299. package/dist/client/use-params.d.ts.map +0 -1
  300. package/dist/plugins/dev-404-page.d.ts.map +0 -1
  301. package/dist/plugins/dev-browser-logs.d.ts.map +0 -1
  302. package/dist/plugins/dev-error-overlay.d.ts.map +0 -1
  303. package/dist/plugins/dev-error-page.d.ts.map +0 -1
  304. package/dist/plugins/dev-logs.d.ts.map +0 -1
  305. package/dist/plugins/dev-terminal-error.d.ts.map +0 -1
  306. package/dist/server/deny-page-resolver.d.ts +0 -52
  307. package/dist/server/deny-page-resolver.d.ts.map +0 -1
  308. package/dist/server/dev-fetch-instrumentation.d.ts +0 -22
  309. package/dist/server/dev-fetch-instrumentation.d.ts.map +0 -1
  310. package/dist/server/dev-holding-server.d.ts.map +0 -1
  311. package/dist/server/dev-logger.d.ts.map +0 -1
  312. package/dist/server/dev-span-processor.d.ts.map +0 -1
  313. package/dist/server/dev-warnings.d.ts.map +0 -1
  314. package/dist/server/page-deny-boundary.d.ts +0 -31
  315. package/dist/server/page-deny-boundary.d.ts.map +0 -1
  316. package/src/server/dev-fetch-instrumentation.ts +0 -96
  317. package/src/server/dev-span-processor.ts +0 -78
  318. package/src/server/page-deny-boundary.tsx +0 -56
  319. /package/src/client/{use-params.ts → use-segment-params.ts} +0 -0
  320. /package/src/{plugins/dev-browser-logs.ts → dev-tools/browser-logs.ts} +0 -0
  321. /package/src/{server/dev-holding-server.ts → dev-tools/holding-server.ts} +0 -0
  322. /package/src/{server/dev-logger.ts → dev-tools/logger.ts} +0 -0
package/dist/server/internal.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"internal.js","names":[],"sources":["../../src/server/server-timing.ts","../../src/server/error-formatter.ts","../../src/server/default-logger.ts","../../src/server/logger.ts","../../src/server/instrumentation.ts","../../src/server/pipeline-helpers.ts","../../src/server/canonicalize.ts","../../src/server/proxy.ts","../../src/server/middleware-runner.ts","../../src/server/metadata-social.ts","../../src/server/metadata-platform.ts","../../src/server/metadata-render.ts","../../src/server/metadata.ts","../../src/server/safe-load.ts","../../src/server/deny-page-resolver.ts","../../src/server/access-gate.tsx","../../src/server/route-element-builder.ts","../../src/server/version-skew.ts","../../src/server/pipeline-metadata.ts","../../src/server/pipeline-interception.ts","../../src/server/pipeline-phases.ts","../../src/server/pipeline.ts","../../src/server/build-manifest.ts","../../src/server/early-hints.ts","../../src/server/early-hints-sender.ts","../../src/server/tree-builder.ts","../../src/server/status-code-resolver.ts","../../src/server/flush.ts","../../src/server/csrf.ts","../../src/server/body-limits.ts","../../src/server/route-handler.ts","../../src/server/render-timeout.ts"],"sourcesContent":["/**\n * Server-Timing header — dev-mode timing breakdowns for Chrome DevTools.\n *\n * Collects timing entries per request using ALS. Each pipeline phase\n * (proxy, middleware, render, SSR, access, fetch) records an entry.\n * Before response flush, entries are formatted into a Server-Timing header.\n *\n * Only active in dev mode — zero overhead in production.\n *\n * See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Server-Timing\n * Task: LOCAL-290\n */\n\nimport { timingAls } from './als-registry.js';\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\nexport interface TimingEntry {\n /** Metric name (alphanumeric + hyphens, no spaces). */\n name: string;\n /** Duration in milliseconds. */\n dur: number;\n /** Human-readable description (shown in DevTools). */\n desc?: string;\n}\n\n// ─── Public API ───────────────────────────────────────────────────────────\n\n/**\n * Run a callback with a per-request timing collector.\n * Must be called at the top of the request pipeline (wraps the full request).\n */\nexport function runWithTimingCollector<T>(fn: () => T): T {\n return timingAls.run({ entries: [] }, fn);\n}\n\n/**\n * Record a timing entry for the current request.\n * No-ops if called outside a timing collector (e.g. in production).\n */\nexport function recordTiming(entry: TimingEntry): void {\n const store = timingAls.getStore();\n if (!store) return;\n store.entries.push(entry);\n}\n\n/**\n * Run a function and automatically record its duration as a timing entry.\n * Returns the function's result. No-ops the recording if outside a collector.\n */\nexport async function withTiming<T>(\n name: string,\n desc: string | undefined,\n fn: () => T | Promise<T>\n): Promise<T> {\n const store = timingAls.getStore();\n if (!store) return fn();\n\n const start = performance.now();\n try {\n return await fn();\n } finally {\n const dur = Math.round(performance.now() - start);\n store.entries.push({ name, dur, desc });\n }\n}\n\n/**\n * Get the Server-Timing header value for the current request.\n * Returns null if no entries exist or outside a collector.\n *\n * Format: `name;dur=123;desc=\"description\", name2;dur=456`\n * See RFC 6797 / Server-Timing spec for format details.\n */\nexport function getServerTimingHeader(): string | null {\n const store = timingAls.getStore();\n if (!store || store.entries.length === 0) return null;\n\n // Deduplicate names — if a name appears multiple times, suffix with index\n const nameCounts = new Map<string, number>();\n const entries = store.entries.map((entry) => {\n const count = nameCounts.get(entry.name) ?? 0;\n nameCounts.set(entry.name, count + 1);\n const uniqueName = count > 0 ? `${entry.name}-${count}` : entry.name;\n return { ...entry, name: uniqueName };\n });\n\n const parts = entries.map((entry) => {\n let part = `${entry.name};dur=${entry.dur}`;\n if (entry.desc) {\n // Escape quotes in desc per Server-Timing spec\n const safeDesc = entry.desc.replace(/\\\\/g, '\\\\\\\\').replace(/\"/g, '\\\\\"');\n part += `;desc=\"${safeDesc}\"`;\n }\n return part;\n });\n\n // Respect header size limits — browsers typically handle up to 8KB headers.\n // Truncate if the header exceeds 4KB to leave room for other headers.\n const MAX_HEADER_SIZE = 4096;\n let result = '';\n for (let i = 0; i < parts.length; i++) {\n const candidate = result ? `${result}, ${parts[i]}` : parts[i]!;\n if (candidate.length > MAX_HEADER_SIZE) break;\n result = candidate;\n }\n\n return result || null;\n}\n\n/**\n * Sanitize a URL for use in Server-Timing desc.\n * Strips query params and truncates long paths to avoid information leakage.\n */\nexport function sanitizeUrlForTiming(url: string): string {\n try {\n const parsed = new URL(url);\n const origin = parsed.host;\n let path = parsed.pathname;\n // Truncate long paths\n if (path.length > 50) {\n path = path.slice(0, 47) + '...';\n }\n return `${origin}${path}`;\n } catch {\n // Not a valid URL — truncate raw string\n if (url.length > 60) {\n return url.slice(0, 57) + '...';\n }\n return url;\n }\n}\n","/**\n * Error Formatter — rewrites SSR/RSC error messages to surface user code.\n *\n * When React or Vite throw errors during SSR, stack traces reference\n * vendored dependency paths (e.g. `.vite/deps_ssr/@vitejs_plugin-rsc_vendor_...`)\n * and mangled export names (`__vite_ssr_export_default__`). This module\n * rewrites error messages and stack traces to point at user code instead.\n *\n * Dev-only — in production, errors go through the structured logger\n * without formatting.\n */\n\n// ─── Stack Trace Rewriting ──────────────────────────────────────────────────\n\n/**\n * Patterns that identify internal Vite/RSC vendor paths in stack traces.\n * These are replaced with human-readable labels.\n */\nconst VENDOR_PATH_PATTERNS: Array<{ pattern: RegExp; replacement: string }> = [\n {\n pattern: /node_modules\\/\\.vite\\/deps_ssr\\/@vitejs_plugin-rsc_vendor_react-server-dom[^\\s)]+/g,\n replacement: '<react-server-dom>',\n },\n {\n pattern: /node_modules\\/\\.vite\\/deps_ssr\\/@vitejs_plugin-rsc_vendor[^\\s)]+/g,\n replacement: '<rsc-vendor>',\n },\n {\n pattern: /node_modules\\/\\.vite\\/deps_ssr\\/[^\\s)]+/g,\n replacement: '<vite-dep>',\n },\n {\n pattern: /node_modules\\/\\.vite\\/deps\\/[^\\s)]+/g,\n replacement: '<vite-dep>',\n },\n];\n\n/**\n * Patterns that identify Vite-mangled export names in error messages.\n */\nconst MANGLED_NAME_PATTERNS: Array<{ pattern: RegExp; replacement: string }> = [\n {\n pattern: /__vite_ssr_export_default__/g,\n replacement: '<default export>',\n },\n {\n pattern: /__vite_ssr_export_(\\w+)__/g,\n replacement: '<export $1>',\n },\n];\n\n/**\n * Rewrite an error's message and stack to replace internal Vite paths\n * and mangled names with human-readable labels.\n */\nexport function formatSsrError(error: unknown): string {\n if (!(error instanceof Error)) {\n return String(error);\n }\n\n let message = error.message;\n let stack = error.stack ?? '';\n\n // Rewrite mangled names in the message\n for (const { pattern, replacement } of MANGLED_NAME_PATTERNS) {\n message = message.replace(pattern, replacement);\n }\n\n // Rewrite vendor paths in the stack\n for (const { pattern, replacement } of VENDOR_PATH_PATTERNS) {\n stack = stack.replace(pattern, replacement);\n }\n\n // Rewrite mangled names in the stack too\n for (const { pattern, replacement } of MANGLED_NAME_PATTERNS) {\n stack = stack.replace(pattern, replacement);\n }\n\n // Extract hints from React-specific error patterns\n const hint = extractErrorHint(error.message);\n\n // Build formatted output: cleaned message, hint (if any), then cleaned stack\n const parts: string[] = [];\n parts.push(message);\n if (hint) {\n parts.push(` → ${hint}`);\n }\n\n // Include only the user-code frames from the stack (skip the first line\n // which is the message itself, and filter out vendor-only frames)\n const userFrames = extractUserFrames(stack);\n if (userFrames.length > 0) {\n parts.push('');\n parts.push(' User code in stack:');\n for (const frame of userFrames) {\n parts.push(` ${frame}`);\n }\n }\n\n return parts.join('\\n');\n}\n\n// ─── Error Hint Extraction ──────────────────────────────────────────────────\n\n/**\n * Extract a human-readable hint from common React/RSC error messages.\n *\n * React error messages contain useful information but the surrounding\n * context (vendor paths, mangled names) obscures it. This extracts the\n * actionable part as a one-line hint.\n */\nfunction extractErrorHint(message: string): string | null {\n // \"Functions cannot be passed directly to Client Components\"\n // Extract the component and prop name from the JSX-like syntax in the message\n const fnPassedMatch = message.match(/Functions cannot be passed directly to Client Components/);\n if (fnPassedMatch) {\n // Try to extract the prop name from the message\n // React formats: <... propName={function ...} ...>\n const propMatch = message.match(/<[^>]*?\\s(\\w+)=\\{function/);\n if (propMatch) {\n return `Prop \"${propMatch[1]}\" is a function — mark it \"use server\" or call it before passing`;\n }\n return 'A function prop was passed to a Client Component — mark it \"use server\" or call it before passing';\n }\n\n // \"Objects are not valid as a React child\"\n if (message.includes('Objects are not valid as a React child')) {\n return 'An object was rendered as JSX children — convert to string or extract the value';\n }\n\n // \"Cannot read properties of undefined/null\"\n const nullRefMatch = message.match(\n /Cannot read propert(?:y|ies) of (undefined|null) \\(reading '(\\w+)'\\)/\n );\n if (nullRefMatch) {\n return `Accessed .${nullRefMatch[2]} on ${nullRefMatch[1]} — check that the value exists`;\n }\n\n // \"X is not a function\"\n const notFnMatch = message.match(/(\\w+) is not a function/);\n if (notFnMatch) {\n return `\"${notFnMatch[1]}\" is not a function — check imports and exports`;\n }\n\n // \"Element type is invalid\"\n if (message.includes('Element type is invalid')) {\n return 'A component resolved to undefined/null — check default exports and import paths';\n }\n\n // \"Invalid hook call\" — hooks called outside React's render context.\n // In RSC, this typically means a 'use client' component was executed as a\n // server component instead of being serialized as a client reference.\n if (message.includes('Invalid hook call')) {\n return (\n 'A hook was called outside of a React component render. ' +\n \"If this is a 'use client' component, ensure the directive is at the very top of the file \" +\n '(before any imports) and that @vitejs/plugin-rsc is loaded correctly. ' +\n \"Barrel re-exports from non-'use client' files do not propagate the directive.\"\n );\n }\n\n return null;\n}\n\n// ─── Stack Frame Filtering ──────────────────────────────────────────────────\n\n/**\n * Extract stack frames that reference user code (not node_modules,\n * not framework internals).\n *\n * Returns at most 5 frames to keep output concise.\n */\nfunction extractUserFrames(stack: string): string[] {\n const lines = stack.split('\\n');\n const userFrames: string[] = [];\n\n for (const line of lines) {\n const trimmed = line.trim();\n // Skip non-frame lines\n if (!trimmed.startsWith('at ')) continue;\n // Skip node_modules, vendor, and internal frames\n if (\n trimmed.includes('node_modules') ||\n trimmed.includes('<react-server-dom>') ||\n trimmed.includes('<rsc-vendor>') ||\n trimmed.includes('<vite-dep>') ||\n trimmed.includes('node:internal')\n ) {\n continue;\n }\n userFrames.push(trimmed);\n if (userFrames.length >= 5) break;\n }\n\n return userFrames;\n}\n","/**\n * DefaultLogger — human-readable stderr logging when no custom logger is configured.\n *\n * Ships as the fallback so production deployments always have error visibility,\n * even without an `instrumentation.ts` logger export. Output is one line per\n * event, designed for `fly logs`, `kubectl logs`, Cloudflare dashboard tails, etc.\n *\n * Format:\n * [timber] ERROR message key=value key=value trace_id=4bf92f35\n * [timber] WARN message key=value key=value trace_id=4bf92f35\n * [timber] INFO message method=GET path=/dashboard status=200 durationMs=43 trace_id=4bf92f35\n *\n * Behavior:\n * - Suppressed entirely in dev mode (dev logging handles all output)\n * - `debug` suppressed unless TIMBER_DEBUG is set\n * - Replaced entirely when a custom logger is set via `setLogger()`\n *\n * See design/17-logging.md §\"DefaultLogger\"\n */\n\nimport { isDevMode, isDebug } from './debug.js';\nimport { formatSsrError } from './error-formatter.js';\nimport type { TimberLogger } from './logger.js';\n\n/**\n * Format data fields as `key=value` pairs for human-readable output.\n * - `error` key is serialized via formatSsrError for stack trace cleanup\n * - `trace_id` is truncated to 8 chars for readability (full ID in OTEL)\n * - Other values are stringified inline\n */\nfunction formatDataFields(data?: Record<string, unknown>): string {\n if (!data) return '';\n\n const parts: string[] = [];\n let traceId: string | undefined;\n\n for (const [key, value] of Object.entries(data)) {\n if (key === 'trace_id') {\n // Defer trace_id to the end\n traceId = typeof value === 'string' ? value : String(value);\n continue;\n }\n if (key === 'error') {\n // Serialize errors with formatSsrError for clean output\n parts.push(`error=${formatSsrError(value)}`);\n continue;\n }\n if (value === undefined || value === null) continue;\n parts.push(`${key}=${value}`);\n }\n\n // trace_id always last, truncated to 8 chars for readability\n if (traceId) {\n parts.push(`trace_id=${traceId.slice(0, 8)}`);\n }\n\n return parts.length > 0 ? ' ' + parts.join(' ') : '';\n}\n\n/** Pad level string to fixed width for alignment. */\nfunction padLevel(level: string): string {\n return level.padEnd(5);\n}\n\nexport function createDefaultLogger(): TimberLogger {\n return {\n error(msg: string, data?: Record<string, unknown>): void {\n // Errors are ALWAYS logged, including dev mode. Suppressing errors\n // in dev causes silent 500s with no stack trace, making route.ts\n // and render errors impossible to debug. See TIM-555.\n const fields = formatDataFields(data);\n process.stderr.write(`[timber] ${padLevel('ERROR')} ${msg}${fields}\\n`);\n },\n\n warn(msg: string, data?: Record<string, unknown>): void {\n // Warnings are always logged — same rationale as errors.\n const fields = formatDataFields(data);\n process.stderr.write(`[timber] ${padLevel('WARN')} ${msg}${fields}\\n`);\n },\n\n info(msg: string, data?: Record<string, unknown>): void {\n // info is suppressed by default — per-request lines are too noisy\n // without a custom logger. Enable with TIMBER_DEBUG.\n if (isDevMode()) return;\n if (!isDebug()) return;\n const fields = formatDataFields(data);\n process.stderr.write(`[timber] ${padLevel('INFO')} ${msg}${fields}\\n`);\n },\n\n debug(msg: string, data?: Record<string, unknown>): void {\n // debug is suppressed in dev (dev logger handles it) and in\n // production unless TIMBER_DEBUG is explicitly set.\n if (isDevMode()) return;\n if (!isDebug()) return;\n const fields = formatDataFields(data);\n process.stderr.write(`[timber] ${padLevel('DEBUG')} ${msg}${fields}\\n`);\n },\n };\n}\n","/**\n * Logger — structured logging with environment-aware formatting.\n *\n * timber.js ships a DefaultLogger that writes human-readable lines to stderr\n * in production. Users can export a custom logger from instrumentation.ts to\n * replace it with pino, winston, or any TimberLogger-compatible object.\n *\n * See design/17-logging.md §\"Production Logging\"\n */\n\nimport { getTraceStore } from './tracing.js';\nimport { createDefaultLogger } from './default-logger.js';\n\n// ─── Logger Interface ─────────────────────────────────────────────────────\n\n/** Any object with standard log methods satisfies this — pino, winston, consola, console. */\nexport interface TimberLogger {\n info(msg: string, data?: Record<string, unknown>): void;\n warn(msg: string, data?: Record<string, unknown>): void;\n error(msg: string, data?: Record<string, unknown>): void;\n debug(msg: string, data?: Record<string, unknown>): void;\n}\n\n// ─── Logger Registry ──────────────────────────────────────────────────────\n\n// Initialize with DefaultLogger so production errors are never silent.\n// Replaced when setLogger() is called from instrumentation.ts.\nlet _logger: TimberLogger = createDefaultLogger();\n\n/**\n * Set the user-provided logger. Called by the instrumentation loader\n * when it finds a `logger` export in instrumentation.ts. Replaces\n * the DefaultLogger entirely.\n */\nexport function setLogger(logger: TimberLogger): void {\n _logger = logger;\n}\n\n/**\n * Get the current logger. Always non-null — returns DefaultLogger when\n * no custom logger is configured.\n */\nexport function getLogger(): TimberLogger {\n return _logger;\n}\n\n// ─── Framework Log Helpers ────────────────────────────────────────────────\n\n/**\n * Inject trace_id and span_id into log data for log–trace correlation.\n * Always injects trace_id (never undefined). Injects span_id only when OTEL is active.\n */\nfunction withTraceContext(data?: Record<string, unknown>): Record<string, unknown> {\n const store = getTraceStore();\n const enriched: Record<string, unknown> = { ...data };\n if (store) {\n enriched.trace_id = store.traceId;\n if (store.spanId) {\n enriched.span_id = store.spanId;\n }\n }\n return enriched;\n}\n\n// ─── Framework Event Emitters ─────────────────────────────────────────────\n\n/** Log a completed request. Level: info. */\nexport function logRequestCompleted(data: {\n method: string;\n path: string;\n status: number;\n durationMs: number;\n /** Number of concurrent in-flight requests (including this one) at completion time. */\n concurrency?: number;\n}): void {\n _logger.info('request completed', withTraceContext(data));\n}\n\n/** Log request received. Level: debug. */\nexport function logRequestReceived(data: { method: string; path: string }): void {\n _logger.debug('request received', withTraceContext(data));\n}\n\n/** Log a slow request warning. Level: warn. */\nexport function logSlowRequest(data: {\n method: string;\n path: string;\n durationMs: number;\n threshold: number;\n /** Number of concurrent in-flight requests at the time the slow request completed. */\n concurrency?: number;\n}): void {\n _logger.warn('slow request exceeded threshold', withTraceContext(data));\n}\n\n/** Log middleware short-circuit. Level: debug. */\nexport function logMiddlewareShortCircuit(data: {\n method: string;\n path: string;\n status: number;\n}): void {\n _logger.debug('middleware short-circuited', withTraceContext(data));\n}\n\n/** Log unhandled error in middleware phase. Level: error. */\nexport function logMiddlewareError(data: { method: string; path: string; error: unknown }): void {\n _logger.error('unhandled error in middleware phase', withTraceContext(data));\n}\n\n/** Log unhandled render-phase error. Level: error. */\nexport function logRenderError(data: {\n method: string;\n path: string;\n error: unknown;\n errorId?: string;\n}): void {\n _logger.error('unhandled render-phase error', withTraceContext(data));\n}\n\n/** Log proxy.ts uncaught error. Level: error. */\nexport function logProxyError(data: { error: unknown }): void {\n _logger.error('proxy.ts threw uncaught error', withTraceContext(data));\n}\n\n/** Log unhandled error in server action. Level: error. */\nexport function logActionError(data: { method: string; path: string; error: unknown }): void {\n _logger.error('unhandled server action error', withTraceContext(data));\n}\n\n/** Log unhandled error in route handler. Level: error. */\nexport function logRouteError(data: { method: string; path: string; error: unknown }): void {\n _logger.error('unhandled route handler error', withTraceContext(data));\n}\n\n/** Log SSR streaming error (post-shell). Level: error. */\nexport function logStreamingError(data: { error: unknown }): void {\n _logger.error('SSR streaming error (post-shell)', withTraceContext(data));\n}\n\n/** Log waitUntil() adapter missing (once at startup). Level: warn. */\nexport function logWaitUntilUnsupported(): void {\n _logger.warn('adapter does not support waitUntil()');\n}\n\n/** Log waitUntil() promise rejection. Level: warn. */\nexport function logWaitUntilRejected(data: { error: unknown }): void {\n _logger.warn('waitUntil() promise rejected', withTraceContext(data));\n}\n\n/** Log staleWhileRevalidate refetch failure. Level: warn. */\nexport function logSwrRefetchFailed(data: { cacheKey: string; error: unknown }): void {\n _logger.warn('staleWhileRevalidate refetch failed', withTraceContext(data));\n}\n\n/** Log cache miss. Level: debug. */\nexport function logCacheMiss(data: { cacheKey: string }): void {\n _logger.debug('timber.cache MISS', withTraceContext(data));\n}\n","/**\n * Instrumentation — loads and runs the user's instrumentation.ts file.\n *\n * instrumentation.ts is a file convention at the project root that exports:\n * - register() — called once at server startup, before the first request\n * - onRequestError() — called for every unhandled server error\n * - logger — any object with info/warn/error/debug methods\n *\n * See design/17-logging.md §\"instrumentation.ts — The Entry Point\"\n */\n\nimport { setLogger, type TimberLogger } from './logger.js';\n\n// ─── Instrumentation Types ────────────────────────────────────────────────\n\nexport type InstrumentationOnRequestError = (\n error: unknown,\n request: InstrumentationRequestInfo,\n context: InstrumentationErrorContext\n) => void | Promise<void>;\n\nexport interface InstrumentationRequestInfo {\n /** HTTP method: 'GET', 'POST', etc. */\n method: string;\n /** Request path: '/dashboard/projects/123' */\n path: string;\n /** Request headers as a plain object. */\n headers: Record<string, string>;\n}\n\nexport interface InstrumentationErrorContext {\n /** Which pipeline phase the error occurred in. */\n phase: 'proxy' | 'handler' | 'render' | 'action' | 'route';\n /** The route pattern: '/dashboard/projects/[id]' */\n routePath: string;\n /** Type of route that was matched. */\n routeType: 'page' | 'route' | 'action';\n /** Always set — OTEL trace ID or UUID fallback. */\n traceId: string;\n}\n\n// ─── Instrumentation Module Shape ─────────────────────────────────────────\n\ninterface InstrumentationModule {\n register?: () => void | Promise<void>;\n onRequestError?: InstrumentationOnRequestError;\n logger?: TimberLogger;\n}\n\n// ─── State ────────────────────────────────────────────────────────────────\n//\n// Intentional per-app singletons (not per-request). Instrumentation loads\n// once at server startup and persists for the lifetime of the process/isolate.\n// These must NOT be migrated to ALS — they are correctly scoped to the app.\n\nlet _initialized = false;\nlet _onRequestError: InstrumentationOnRequestError | null = null;\n\n/**\n * Load and initialize the user's instrumentation.ts module.\n *\n * - Awaits register() before returning (server blocks on this).\n * - Picks up the logger export and wires it into the framework logger.\n * - Stores onRequestError for later invocation.\n *\n * @param loader - Function that dynamically imports the user's instrumentation module.\n * Returns null if no instrumentation.ts exists.\n */\nexport async function loadInstrumentation(\n loader: () => Promise<InstrumentationModule | null>\n): Promise<void> {\n if (_initialized) return;\n _initialized = true;\n\n let mod: InstrumentationModule | null;\n try {\n mod = await loader();\n } catch (error) {\n console.error('[timber] Failed to load instrumentation.ts:', error);\n return;\n }\n\n if (!mod) return;\n\n // Wire up the logger export\n if (mod.logger && typeof mod.logger.info === 'function') {\n setLogger(mod.logger);\n }\n\n // Store onRequestError for later\n if (typeof mod.onRequestError === 'function') {\n _onRequestError = mod.onRequestError;\n }\n\n // Await register() — server does not accept requests until this resolves\n if (typeof mod.register === 'function') {\n try {\n await mod.register();\n } catch (error) {\n console.error('[timber] instrumentation.ts register() threw:', error);\n throw error;\n }\n }\n}\n\n/**\n * Call the user's onRequestError hook. Catches and logs any errors thrown\n * by the hook itself — it must not affect the response.\n */\nexport async function callOnRequestError(\n error: unknown,\n request: InstrumentationRequestInfo,\n context: InstrumentationErrorContext\n): Promise<void> {\n if (!_onRequestError) return;\n try {\n await _onRequestError(error, request, context);\n } catch (hookError) {\n console.error('[timber] onRequestError hook threw:', hookError);\n }\n}\n\n/**\n * Check if onRequestError is registered.\n */\nexport function hasOnRequestError(): boolean {\n return _onRequestError !== null;\n}\n\n/**\n * Reset instrumentation state. Test-only.\n */\nexport function resetInstrumentation(): void {\n _initialized = false;\n _onRequestError = null;\n}\n","/**\n * Pipeline helpers — small utility functions used by `pipeline.ts` and\n * `pipeline-phases.ts`. Lifted out of `pipeline.ts` to keep that file\n * focused on the request handler entry point.\n *\n * Each helper is intentionally a free function with no closure capture, so\n * it can be unit-tested in isolation.\n *\n * See design/07-routing.md §\"Request Lifecycle\".\n */\n\nimport type { ProxyExport } from './proxy.js';\nimport { getSetCookieHeaders } from './request-context.js';\nimport { callOnRequestError } from './instrumentation.js';\nimport { getTraceId } from './tracing.js';\nimport { RedirectSignal } from './primitives.js';\nimport type { ProxyConfig } from './pipeline.js';\n\n// ─── Prototype-Pollution-Safe Merge ────────────────────────────────────────\n\n/** Keys that must never be merged via Object.assign — they pollute Object.prototype. */\nconst DANGEROUS_KEYS = new Set(['__proto__', 'constructor', 'prototype']);\n\n/**\n * Shallow merge that skips top-level prototype-polluting keys.\n *\n * This is intentionally NOT a deep sanitizer. It only blocks shallow\n * pollution via top-level `__proto__` / `constructor` / `prototype`\n * keys. The deeper guarantee for segment params comes from merging\n * codec output into a null-prototype target inside coerceSegmentParams().\n *\n * See TIM-655, TIM-855, design/13-security.md\n */\nexport function safeMerge(target: Record<string, unknown>, source: Record<string, unknown>): void {\n for (const key of Object.keys(source)) {\n if (!DANGEROUS_KEYS.has(key)) {\n target[key] = source[key];\n }\n }\n}\n\n// ─── Proxy Resolver ────────────────────────────────────────────────────────\n\n/**\n * Resolver closure produced once at pipeline construction. The lazy variant\n * still calls `loader()` per-request (HMR relies on re-importing), but the\n * choice of which branch to take is made once, not on every request.\n */\nexport type ProxyResolver = () => ProxyExport | Promise<ProxyExport>;\n\n/**\n * Build a proxy resolver closure from the declared source. Called exactly\n * once at `createPipeline` setup time, so the hot path sees only the branch\n * that corresponds to this pipeline's configured variant.\n *\n * Returns `null` when the app has no proxy.ts — the hot path short-circuits\n * around `runProxyPhase` entirely in that case.\n *\n * Accepts the sugar form (a bare `ProxyExport` — function or function array)\n * and normalises it to the static variant. Functions and arrays are\n * structurally distinct from the tagged `{ kind: 'lazy', loader }` object,\n * so discrimination is unambiguous.\n */\nexport function makeProxyResolver(\n proxy: ProxyConfig | ProxyExport | undefined\n): ProxyResolver | null {\n if (proxy === undefined) return null;\n // Sugar: a bare ProxyExport (function or function array) — treat as static.\n if (typeof proxy === 'function' || Array.isArray(proxy)) {\n const exp = proxy;\n return () => exp;\n }\n if (proxy.kind === 'static') {\n const exp = proxy.export;\n return () => exp;\n }\n const loader = proxy.loader;\n return async () => (await loader()).default;\n}\n\n// ─── Cookie / Header Helpers ───────────────────────────────────────────────\n\n/**\n * Apply all Set-Cookie headers from the cookie jar to a Headers object.\n * Each cookie gets its own Set-Cookie header per RFC 6265 §4.1.\n */\nexport function applyCookieJar(headers: Headers): void {\n for (const value of getSetCookieHeaders()) {\n headers.append('Set-Cookie', value);\n }\n}\n\n/**\n * Merge framework-managed response headers onto a terminal response without\n * overwriting headers the terminal response already set itself.\n */\nexport function mergeMissingHeaders(target: Headers, source: Headers): void {\n const existingKeys = new Set([...target.keys()].map((key) => key.toLowerCase()));\n for (const [key, value] of source.entries()) {\n if (!existingKeys.has(key.toLowerCase())) {\n target.append(key, value);\n }\n }\n}\n\n// ─── Mutable Response Cloning ──────────────────────────────────────────────\n\n/**\n * Clone a Response into a fresh one whose header bag is guaranteed mutable.\n *\n * `Response.redirect()` and some platform-level passthrough responses (notably\n * on Cloudflare Workers) return objects with frozen header bags. Calling\n * `.set()` or `.append()` on them throws `TypeError: immutable`, which the\n * pipeline can hit when it appends Set-Cookie or Server-Timing entries.\n *\n * The pipeline calls this at the producer sites where user-controlled\n * responses enter the framework — `outcomeToResponse` for all phase outcomes,\n * and `handleRequest` for metadata-route and auto-sitemap user handlers — so\n * downstream code can write headers without runtime feature-detection.\n *\n * The clone is unconditional. This is a deliberate trade: we avoid a\n * try/catch + thrown `TypeError` on every request (the previous probe-based\n * approach paid that cost on the hot path) and accept one cheap Response\n * rewrap at the framework boundary instead.\n */\nexport function cloneWithMutableHeaders(response: Response): Response {\n return new Response(response.body, {\n status: response.status,\n statusText: response.statusText,\n headers: new Headers(response.headers),\n });\n}\n\n// ─── Redirect Builder ──────────────────────────────────────────────────────\n\n/**\n * Build a redirect Response from a RedirectSignal.\n *\n * For RSC payload requests (client navigation), returns 204 + X-Timber-Redirect\n * so the client router can perform a soft SPA redirect. A raw 302 would be\n * turned into an opaque redirect by fetch({redirect:'manual'}), crashing\n * createFromFetch. See design/19-client-navigation.md.\n */\nexport function buildRedirectResponse(\n signal: RedirectSignal,\n req: Request,\n headers: Headers\n): Response {\n const isRsc = (req.headers.get('Accept') ?? '').includes('text/x-component');\n if (isRsc) {\n headers.set('X-Timber-Redirect', signal.location);\n return new Response(null, { status: 204, headers });\n }\n headers.set('Location', signal.location);\n return new Response(null, { status: signal.status, headers });\n}\n\n// ─── Instrumentation ───────────────────────────────────────────────────────\n\n/**\n * Fire the user's onRequestError hook with request context.\n * Extracts request info from the Request object and calls the instrumentation hook.\n */\nexport async function fireOnRequestError(\n error: unknown,\n req: Request,\n phase: 'proxy' | 'handler' | 'render' | 'action' | 'route'\n): Promise<void> {\n const url = new URL(req.url);\n const headersObj: Record<string, string> = {};\n req.headers.forEach((v, k) => {\n headersObj[k] = v;\n });\n\n await callOnRequestError(\n error,\n { method: req.method, path: url.pathname, headers: headersObj },\n { phase, routePath: url.pathname, routeType: 'page', traceId: getTraceId() }\n );\n}\n","/**\n * URL canonicalization — runs once at the request boundary.\n *\n * Every layer (proxy.ts, middleware.ts, access.ts, components) sees the same\n * canonical path. No re-decoding occurs at any later stage.\n *\n * See design/07-routing.md §\"URL Canonicalization & Security\"\n */\n\n/** Result of canonicalization — either a clean path or a rejection. */\nexport type CanonicalizeResult = { ok: true; pathname: string } | { ok: false; status: 400 };\n\n/**\n * Encoded separators that produce a 400 rejection.\n * %2f (/) and %5c (\\) cause path-confusion attacks.\n */\nconst ENCODED_SEPARATOR_RE = /%2f|%5c/i;\n\n/** Null byte — rejected. */\nconst NULL_BYTE_RE = /%00/i;\n\n/**\n * Canonicalize a URL pathname.\n *\n * 1. Reject encoded separators (%2f, %5c) and null bytes (%00)\n * 2. Single percent-decode\n * 3. Collapse // → /\n * 4. Resolve .. segments (reject if escaping root)\n * 5. Strip trailing slash (except root \"/\")\n *\n * @param rawPathname - The raw pathname from the request URL (percent-encoded)\n * @param stripTrailingSlash - Whether to strip trailing slashes. Default: true.\n */\nexport function canonicalize(rawPathname: string, stripTrailingSlash = true): CanonicalizeResult {\n // Step 1: Reject dangerous encoded sequences BEFORE decoding.\n // This must happen on the raw input so %252f doesn't bypass after a single decode.\n if (ENCODED_SEPARATOR_RE.test(rawPathname)) {\n return { ok: false, status: 400 };\n }\n if (NULL_BYTE_RE.test(rawPathname)) {\n return { ok: false, status: 400 };\n }\n\n // Step 2: Single percent-decode.\n // Double-encoded input (%2561 → %61) stays as %61 — not decoded again.\n let decoded: string;\n try {\n decoded = decodeURIComponent(rawPathname);\n } catch {\n // Malformed percent-encoding → 400\n return { ok: false, status: 400 };\n }\n\n // Reject null bytes that appeared after decoding (from valid %00-like sequences\n // that weren't caught above — belt and suspenders).\n if (decoded.includes('\\0')) {\n return { ok: false, status: 400 };\n }\n\n // Backslash is NOT a path separator — keep as literal character.\n // But reject if it would create // after normalization (e.g., /\\evil.com).\n // We do NOT convert \\ to / — it stays as a literal.\n\n // Step 3: Collapse consecutive slashes.\n let pathname = decoded.replace(/\\/\\/+/g, '/');\n\n // Step 4: Resolve .. and . segments.\n const segments = pathname.split('/');\n const resolved: string[] = [];\n for (const seg of segments) {\n if (seg === '..') {\n if (resolved.length <= 1) {\n // Trying to escape root — 400\n return { ok: false, status: 400 };\n }\n resolved.pop();\n } else if (seg !== '.') {\n resolved.push(seg);\n }\n }\n\n pathname = resolved.join('/') || '/';\n\n // Step 5: Strip trailing slash (except root \"/\").\n if (stripTrailingSlash && pathname.length > 1 && pathname.endsWith('/')) {\n pathname = pathname.slice(0, -1);\n }\n\n return { ok: true, pathname };\n}\n","/**\n * Proxy runner — executes app/proxy.ts before route matching.\n *\n * Supports two forms:\n * - Function: (req, next) => Promise<Response>\n * - Array: middleware functions composed left-to-right\n *\n * See design/07-routing.md §\"proxy.ts — Global Middleware\"\n */\n\n/** Signature for a single proxy middleware function. */\nexport type ProxyFn = (req: Request, next: () => Promise<Response>) => Response | Promise<Response>;\n\n/** The proxy.ts default export — either a function or an array of functions. */\nexport type ProxyExport = ProxyFn | ProxyFn[];\n\n/**\n * Run the proxy pipeline.\n *\n * @param proxyExport - The default export from proxy.ts (function or array)\n * @param req - The incoming request\n * @param next - The continuation that proceeds to route matching and rendering\n * @returns The final response\n */\nexport async function runProxy(\n proxyExport: ProxyExport,\n req: Request,\n next: () => Promise<Response>\n): Promise<Response> {\n const fns = Array.isArray(proxyExport) ? proxyExport : [proxyExport];\n\n // Compose left-to-right: first item's next() calls the second, etc.\n // The last item's next() calls the original `next` (route matching + render).\n let i = fns.length;\n let composed = next;\n while (i--) {\n const fn = fns[i]!;\n const downstream = composed;\n composed = () => Promise.resolve(fn(req, downstream));\n }\n\n return composed();\n}\n","/**\n * Middleware runner — executes a route's middleware.ts chain before rendering.\n *\n * All middleware.ts files in the segment chain run, root to leaf (top-down).\n * The first middleware that returns a Response short-circuits the chain.\n * There is no next() — each middleware is independent.\n *\n * See design/07-routing.md §\"middleware.ts\"\n */\n\nimport type { MiddlewareContext } from './types.js';\n\n/** Signature of a middleware.ts default export. */\nexport type MiddlewareFn = (ctx: MiddlewareContext) => Response | void | Promise<Response | void>;\n\n/**\n * Run a route's middleware function.\n *\n * @param middlewareFn - The default export from the route's middleware.ts\n * @param ctx - The middleware context (req, params, headers, requestHeaders, searchParams)\n * @returns A Response if middleware short-circuited, or undefined to continue\n */\nexport async function runMiddleware(\n middlewareFn: MiddlewareFn,\n ctx: MiddlewareContext\n): Promise<Response | undefined> {\n const result = await middlewareFn(ctx);\n if (result instanceof Response) {\n return result;\n }\n return undefined;\n}\n\n/**\n * Run all middleware functions in the segment chain, root to leaf.\n *\n * Execution is top-down: root middleware runs first, leaf middleware runs last.\n * All middleware share the same MiddlewareContext — a parent that sets\n * ctx.requestHeaders makes it visible to child middleware and downstream components.\n *\n * Short-circuits on the first middleware that returns a Response.\n * Remaining middleware in the chain do not execute.\n *\n * @param chain - Middleware functions ordered root-to-leaf\n * @param ctx - Shared middleware context\n * @returns A Response if any middleware short-circuited, or undefined to continue\n */\nexport async function runMiddlewareChain(\n chain: MiddlewareFn[],\n ctx: MiddlewareContext\n): Promise<Response | undefined> {\n for (const fn of chain) {\n const result = await fn(ctx);\n if (result instanceof Response) {\n return result;\n }\n }\n return undefined;\n}\n","/**\n * Social metadata rendering — Open Graph and Twitter Card meta tags.\n *\n * Extracted from metadata-render.ts to keep files under 500 lines.\n *\n * See design/16-metadata.md\n */\n\nimport type { Metadata } from './types.js';\nimport type { HeadElement } from './metadata.js';\n\n/**\n * Render Open Graph metadata into head element descriptors.\n *\n * Handles og:title, og:description, og:image (with dimensions/alt),\n * og:video, og:audio, og:article:author, and other OG properties.\n */\nexport function renderOpenGraph(\n og: NonNullable<Metadata['openGraph']>,\n elements: HeadElement[]\n): void {\n const simpleProps: Array<[string, string | undefined]> = [\n ['og:title', og.title],\n ['og:description', og.description],\n ['og:url', og.url],\n ['og:site_name', og.siteName],\n ['og:locale', og.locale],\n ['og:type', og.type],\n ['og:article:published_time', og.publishedTime],\n ['og:article:modified_time', og.modifiedTime],\n ];\n\n for (const [property, content] of simpleProps) {\n if (content) {\n elements.push({ tag: 'meta', attrs: { property, content } });\n }\n }\n\n // Images — normalize single object to array for uniform handling\n if (og.images) {\n if (typeof og.images === 'string') {\n elements.push({ tag: 'meta', attrs: { property: 'og:image', content: og.images } });\n } else {\n const imgList = Array.isArray(og.images) ? og.images : [og.images];\n for (const img of imgList) {\n elements.push({ tag: 'meta', attrs: { property: 'og:image', content: img.url } });\n if (img.width) {\n elements.push({\n tag: 'meta',\n attrs: { property: 'og:image:width', content: String(img.width) },\n });\n }\n if (img.height) {\n elements.push({\n tag: 'meta',\n attrs: { property: 'og:image:height', content: String(img.height) },\n });\n }\n if (img.alt) {\n elements.push({ tag: 'meta', attrs: { property: 'og:image:alt', content: img.alt } });\n }\n }\n }\n }\n\n // Videos\n if (og.videos) {\n for (const video of og.videos) {\n elements.push({ tag: 'meta', attrs: { property: 'og:video', content: video.url } });\n }\n }\n\n // Audio\n if (og.audio) {\n for (const audio of og.audio) {\n elements.push({ tag: 'meta', attrs: { property: 'og:audio', content: audio.url } });\n }\n }\n\n // Authors\n if (og.authors) {\n for (const author of og.authors) {\n elements.push({\n tag: 'meta',\n attrs: { property: 'og:article:author', content: author },\n });\n }\n }\n}\n\n/**\n * Render Twitter Card metadata into head element descriptors.\n *\n * Handles twitter:card, twitter:site, twitter:title, twitter:image,\n * twitter:player, and twitter:app (per-platform name/id/url).\n */\nexport function renderTwitter(tw: NonNullable<Metadata['twitter']>, elements: HeadElement[]): void {\n const simpleProps: Array<[string, string | undefined]> = [\n ['twitter:card', tw.card],\n ['twitter:site', tw.site],\n ['twitter:site:id', tw.siteId],\n ['twitter:title', tw.title],\n ['twitter:description', tw.description],\n ['twitter:creator', tw.creator],\n ['twitter:creator:id', tw.creatorId],\n ];\n\n for (const [name, content] of simpleProps) {\n if (content) {\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n\n // Images — normalize single object to array for uniform handling\n if (tw.images) {\n if (typeof tw.images === 'string') {\n elements.push({ tag: 'meta', attrs: { name: 'twitter:image', content: tw.images } });\n } else {\n const imgList = Array.isArray(tw.images) ? tw.images : [tw.images];\n for (const img of imgList) {\n const url = typeof img === 'string' ? img : img.url;\n elements.push({ tag: 'meta', attrs: { name: 'twitter:image', content: url } });\n }\n }\n }\n\n // Player card fields\n if (tw.players) {\n for (const player of tw.players) {\n elements.push({ tag: 'meta', attrs: { name: 'twitter:player', content: player.playerUrl } });\n if (player.width) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'twitter:player:width', content: String(player.width) },\n });\n }\n if (player.height) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'twitter:player:height', content: String(player.height) },\n });\n }\n if (player.streamUrl) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'twitter:player:stream', content: player.streamUrl },\n });\n }\n }\n }\n\n // App card fields — 3 platforms × 3 attributes (name, id, url)\n if (tw.app) {\n const platforms: Array<[keyof NonNullable<typeof tw.app.id>, string]> = [\n ['iPhone', 'iphone'],\n ['iPad', 'ipad'],\n ['googlePlay', 'googleplay'],\n ];\n\n // App name is shared across platforms but the spec uses per-platform names.\n // Emit for each platform that has an ID.\n if (tw.app.name) {\n for (const [key, tag] of platforms) {\n if (tw.app.id?.[key]) {\n elements.push({\n tag: 'meta',\n attrs: { name: `twitter:app:name:${tag}`, content: tw.app.name },\n });\n }\n }\n }\n\n for (const [key, tag] of platforms) {\n const id = tw.app.id?.[key];\n if (id) {\n elements.push({ tag: 'meta', attrs: { name: `twitter:app:id:${tag}`, content: id } });\n }\n }\n\n for (const [key, tag] of platforms) {\n const url = tw.app.url?.[key];\n if (url) {\n elements.push({ tag: 'meta', attrs: { name: `twitter:app:url:${tag}`, content: url } });\n }\n }\n }\n}\n","/**\n * Platform-specific metadata rendering — icons, Apple Web App, App Links, iTunes.\n *\n * Extracted from metadata-render.ts to keep files under 500 lines.\n *\n * See design/16-metadata.md\n */\n\nimport type { Metadata } from './types.js';\nimport type { HeadElement } from './metadata.js';\n\n/**\n * Render icon link elements (favicon, shortcut, apple-touch-icon, custom).\n */\nexport function renderIcons(icons: NonNullable<Metadata['icons']>, elements: HeadElement[]): void {\n // Icon\n if (icons.icon) {\n if (typeof icons.icon === 'string') {\n elements.push({ tag: 'link', attrs: { rel: 'icon', href: icons.icon } });\n } else if (Array.isArray(icons.icon)) {\n for (const icon of icons.icon) {\n const attrs: Record<string, string> = { rel: 'icon', href: icon.url };\n if (icon.sizes) attrs.sizes = icon.sizes;\n if (icon.type) attrs.type = icon.type;\n elements.push({ tag: 'link', attrs });\n }\n }\n }\n\n // Shortcut\n if (icons.shortcut) {\n const urls = Array.isArray(icons.shortcut) ? icons.shortcut : [icons.shortcut];\n for (const url of urls) {\n elements.push({ tag: 'link', attrs: { rel: 'shortcut icon', href: url } });\n }\n }\n\n // Apple\n if (icons.apple) {\n if (typeof icons.apple === 'string') {\n elements.push({ tag: 'link', attrs: { rel: 'apple-touch-icon', href: icons.apple } });\n } else if (Array.isArray(icons.apple)) {\n for (const icon of icons.apple) {\n const attrs: Record<string, string> = { rel: 'apple-touch-icon', href: icon.url };\n if (icon.sizes) attrs.sizes = icon.sizes;\n elements.push({ tag: 'link', attrs });\n }\n }\n }\n\n // Other\n if (icons.other) {\n for (const icon of icons.other) {\n const attrs: Record<string, string> = { rel: icon.rel, href: icon.url };\n if (icon.sizes) attrs.sizes = icon.sizes;\n if (icon.type) attrs.type = icon.type;\n elements.push({ tag: 'link', attrs });\n }\n }\n}\n\n/**\n * Render alternate link elements (canonical, hreflang, media, types).\n */\nexport function renderAlternates(\n alternates: NonNullable<Metadata['alternates']>,\n elements: HeadElement[]\n): void {\n if (alternates.canonical) {\n elements.push({ tag: 'link', attrs: { rel: 'canonical', href: alternates.canonical } });\n }\n\n if (alternates.languages) {\n for (const [lang, href] of Object.entries(alternates.languages)) {\n elements.push({\n tag: 'link',\n attrs: { rel: 'alternate', hreflang: lang, href },\n });\n }\n }\n\n if (alternates.media) {\n for (const [media, href] of Object.entries(alternates.media)) {\n elements.push({\n tag: 'link',\n attrs: { rel: 'alternate', media, href },\n });\n }\n }\n\n if (alternates.types) {\n for (const [type, href] of Object.entries(alternates.types)) {\n elements.push({\n tag: 'link',\n attrs: { rel: 'alternate', type, href },\n });\n }\n }\n}\n\n/**\n * Render site verification meta tags (Google, Yahoo, Yandex, custom).\n */\nexport function renderVerification(\n verification: NonNullable<Metadata['verification']>,\n elements: HeadElement[]\n): void {\n const verificationProps: Array<[string, string | undefined]> = [\n ['google-site-verification', verification.google],\n ['y_key', verification.yahoo],\n ['yandex-verification', verification.yandex],\n ];\n\n for (const [name, content] of verificationProps) {\n if (content) {\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n if (verification.other) {\n for (const [name, value] of Object.entries(verification.other)) {\n const content = Array.isArray(value) ? value.join(', ') : value;\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n}\n\n/**\n * Render Apple Web App meta tags and startup image links.\n */\nexport function renderAppleWebApp(\n appleWebApp: NonNullable<Metadata['appleWebApp']>,\n elements: HeadElement[]\n): void {\n if (appleWebApp.capable) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'apple-mobile-web-app-capable', content: 'yes' },\n });\n }\n if (appleWebApp.title) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'apple-mobile-web-app-title', content: appleWebApp.title },\n });\n }\n if (appleWebApp.statusBarStyle) {\n elements.push({\n tag: 'meta',\n attrs: {\n name: 'apple-mobile-web-app-status-bar-style',\n content: appleWebApp.statusBarStyle,\n },\n });\n }\n if (appleWebApp.startupImage) {\n const images = Array.isArray(appleWebApp.startupImage)\n ? appleWebApp.startupImage\n : [{ url: appleWebApp.startupImage }];\n for (const img of images) {\n const url = typeof img === 'string' ? img : img.url;\n const attrs: Record<string, string> = { rel: 'apple-touch-startup-image', href: url };\n if (typeof img === 'object' && img.media) {\n attrs.media = img.media;\n }\n elements.push({ tag: 'link', attrs });\n }\n }\n}\n\n/**\n * Render App Links (al:*) meta tags for deep linking across platforms.\n */\nexport function renderAppLinks(\n appLinks: NonNullable<Metadata['appLinks']>,\n elements: HeadElement[]\n): void {\n const platformEntries: Array<[string, Array<Record<string, unknown>> | undefined]> = [\n ['ios', appLinks.ios],\n ['android', appLinks.android],\n ['windows', appLinks.windows],\n ['windows_phone', appLinks.windowsPhone],\n ['windows_universal', appLinks.windowsUniversal],\n ];\n\n for (const [platform, entries] of platformEntries) {\n if (!entries) continue;\n for (const entry of entries) {\n for (const [key, value] of Object.entries(entry)) {\n if (value !== undefined && value !== null) {\n elements.push({\n tag: 'meta',\n attrs: { property: `al:${platform}:${key}`, content: String(value) },\n });\n }\n }\n }\n }\n\n if (appLinks.web) {\n if (appLinks.web.url) {\n elements.push({\n tag: 'meta',\n attrs: { property: 'al:web:url', content: appLinks.web.url },\n });\n }\n if (appLinks.web.shouldFallback !== undefined) {\n elements.push({\n tag: 'meta',\n attrs: {\n property: 'al:web:should_fallback',\n content: appLinks.web.shouldFallback ? 'true' : 'false',\n },\n });\n }\n }\n}\n\n/**\n * Render Apple iTunes smart banner meta tag.\n */\nexport function renderItunes(\n itunes: NonNullable<Metadata['itunes']>,\n elements: HeadElement[]\n): void {\n const parts = [`app-id=${itunes.appId}`];\n if (itunes.affiliateData) parts.push(`affiliate-data=${itunes.affiliateData}`);\n if (itunes.appArgument) parts.push(`app-argument=${itunes.appArgument}`);\n elements.push({\n tag: 'meta',\n attrs: { name: 'apple-itunes-app', content: parts.join(', ') },\n });\n}\n","/**\n * Metadata rendering — converts resolved Metadata into HeadElement descriptors.\n *\n * Extracted from metadata.ts to keep files under 500 lines.\n *\n * See design/16-metadata.md\n */\n\nimport type { Metadata } from './types.js';\nimport type { HeadElement } from './metadata.js';\nimport { renderOpenGraph, renderTwitter } from './metadata-social.js';\nimport {\n renderIcons,\n renderAlternates,\n renderVerification,\n renderAppleWebApp,\n renderAppLinks,\n renderItunes,\n} from './metadata-platform.js';\n\n// ─── Render to Elements ──────────────────────────────────────────────────────\n\n/**\n * Convert resolved metadata into an array of head element descriptors.\n *\n * Each descriptor has a `tag` ('title', 'meta', 'link') and either\n * `content` (for <title>) or `attrs` (for <meta>/<link>).\n *\n * The framework's MetadataResolver component consumes these descriptors\n * and renders them into the <head>.\n */\nexport function renderMetadataToElements(metadata: Metadata): HeadElement[] {\n const elements: HeadElement[] = [];\n\n // Title\n if (typeof metadata.title === 'string') {\n elements.push({ tag: 'title', content: metadata.title });\n }\n\n // Simple string meta tags\n const simpleMetaProps: Array<[string, string | undefined]> = [\n ['description', metadata.description],\n ['generator', metadata.generator],\n ['application-name', metadata.applicationName],\n ['referrer', metadata.referrer],\n ['category', metadata.category],\n ['creator', metadata.creator],\n ['publisher', metadata.publisher],\n ];\n\n for (const [name, content] of simpleMetaProps) {\n if (content) {\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n\n // Keywords (array or string)\n if (metadata.keywords) {\n const content = Array.isArray(metadata.keywords)\n ? metadata.keywords.join(', ')\n : metadata.keywords;\n elements.push({ tag: 'meta', attrs: { name: 'keywords', content } });\n }\n\n // Robots\n if (metadata.robots) {\n const content =\n typeof metadata.robots === 'string' ? metadata.robots : renderRobotsObject(metadata.robots);\n elements.push({ tag: 'meta', attrs: { name: 'robots', content } });\n\n // googleBot as separate tag\n if (typeof metadata.robots === 'object' && metadata.robots.googleBot) {\n const gbContent =\n typeof metadata.robots.googleBot === 'string'\n ? metadata.robots.googleBot\n : renderRobotsObject(metadata.robots.googleBot);\n elements.push({ tag: 'meta', attrs: { name: 'googlebot', content: gbContent } });\n }\n }\n\n // Open Graph\n if (metadata.openGraph) {\n renderOpenGraph(metadata.openGraph, elements);\n }\n\n // Twitter\n if (metadata.twitter) {\n renderTwitter(metadata.twitter, elements);\n }\n\n // Icons\n if (metadata.icons) {\n renderIcons(metadata.icons, elements);\n }\n\n // Manifest\n if (metadata.manifest) {\n elements.push({ tag: 'link', attrs: { rel: 'manifest', href: metadata.manifest } });\n }\n\n // Alternates\n if (metadata.alternates) {\n renderAlternates(metadata.alternates, elements);\n }\n\n // Verification\n if (metadata.verification) {\n renderVerification(metadata.verification, elements);\n }\n\n // Format detection\n if (metadata.formatDetection) {\n const parts: string[] = [];\n if (metadata.formatDetection.telephone === false) parts.push('telephone=no');\n if (metadata.formatDetection.email === false) parts.push('email=no');\n if (metadata.formatDetection.address === false) parts.push('address=no');\n if (parts.length > 0) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'format-detection', content: parts.join(', ') },\n });\n }\n }\n\n // Authors\n if (metadata.authors) {\n const authorList = Array.isArray(metadata.authors) ? metadata.authors : [metadata.authors];\n for (const author of authorList) {\n if (author.name) {\n elements.push({ tag: 'meta', attrs: { name: 'author', content: author.name } });\n }\n if (author.url) {\n elements.push({ tag: 'link', attrs: { rel: 'author', href: author.url } });\n }\n }\n }\n\n // Apple Web App\n if (metadata.appleWebApp) {\n renderAppleWebApp(metadata.appleWebApp, elements);\n }\n\n // App Links (al:*)\n if (metadata.appLinks) {\n renderAppLinks(metadata.appLinks, elements);\n }\n\n // iTunes\n if (metadata.itunes) {\n renderItunes(metadata.itunes, elements);\n }\n\n // Other (custom meta tags)\n if (metadata.other) {\n for (const [name, value] of Object.entries(metadata.other)) {\n const content = Array.isArray(value) ? value.join(', ') : value;\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n\n return elements;\n}\n\n// ─── Rendering Helpers ───────────────────────────────────────────────────────\n\nfunction renderRobotsObject(robots: Record<string, unknown>): string {\n const parts: string[] = [];\n if (robots.index === true) parts.push('index');\n if (robots.index === false) parts.push('noindex');\n if (robots.follow === true) parts.push('follow');\n if (robots.follow === false) parts.push('nofollow');\n return parts.join(', ');\n}\n","/**\n * Metadata resolution for timber.js.\n *\n * Resolves metadata from a segment chain (layouts + page), applies title\n * templates, shallow-merges entries, and produces head element descriptors.\n *\n * Resolution happens inside the render pass — React.cache is active,\n * metadata is outside Suspense, and the flush point guarantees completeness.\n *\n * Rendering (Metadata → HeadElement[]) is in metadata-render.ts.\n *\n * See design/16-metadata.md\n */\n\nimport type { Metadata } from './types.js';\n\n// Re-export renderMetadataToElements from the rendering module so existing\n// consumers (route-element-builder, tests) can keep importing from here.\nexport { renderMetadataToElements } from './metadata-render.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\n/** A single metadata entry from a layout or page module. */\nexport interface SegmentMetadataEntry {\n /** The resolved metadata object (from static or async `metadata` export). */\n metadata: Metadata;\n /** Whether this entry is from the page (leaf) module. */\n isPage: boolean;\n}\n\n/** Options for resolveMetadata. */\nexport interface ResolveMetadataOptions {\n /**\n * When true, the page's metadata is discarded (simulating a render error)\n * and `<meta name=\"robots\" content=\"noindex\">` is injected.\n */\n errorState?: boolean;\n}\n\n/** A rendered head element descriptor. */\nexport interface HeadElement {\n tag: 'title' | 'meta' | 'link';\n content?: string;\n attrs?: Record<string, string>;\n}\n\n// ─── Title Resolution ────────────────────────────────────────────────────────\n\n/**\n * Resolve a title value with an optional template.\n *\n * - string → apply template if present\n * - { absolute: '...' } → use as-is, skip template\n * - { default: '...' } → use as fallback (no template applied)\n * - undefined → undefined\n */\nexport function resolveTitle(\n title: Metadata['title'],\n template: string | undefined\n): string | undefined {\n if (title === undefined || title === null) {\n return undefined;\n }\n\n if (typeof title === 'string') {\n return template ? template.replace('%s', title) : title;\n }\n\n // Object form\n if (title.absolute !== undefined) {\n return title.absolute;\n }\n\n if (title.default !== undefined) {\n return title.default;\n }\n\n return undefined;\n}\n\n// ─── Metadata Resolution ─────────────────────────────────────────────────────\n\n/**\n * Resolve metadata from a segment chain.\n *\n * Processes entries from root layout to page (in segment order).\n * The merge algorithm:\n * 1. Shallow-merge all keys except title (later wins)\n * 2. Track the most recent title template\n * 3. Resolve the final title using the template\n *\n * In error state, the page entry is dropped and noindex is injected.\n *\n * See design/16-metadata.md §\"Merge Algorithm\"\n */\nexport function resolveMetadata(\n entries: SegmentMetadataEntry[],\n options: ResolveMetadataOptions = {}\n): Metadata {\n const { errorState = false } = options;\n\n const merged: Metadata = {};\n let titleTemplate: string | undefined;\n let lastDefault: string | undefined;\n let rawTitle: Metadata['title'];\n\n for (const { metadata, isPage } of entries) {\n // In error state, skip the page's metadata entirely\n if (errorState && isPage) {\n continue;\n }\n\n // Track title template\n if (metadata.title !== undefined && typeof metadata.title === 'object') {\n if (metadata.title.template !== undefined) {\n titleTemplate = metadata.title.template;\n }\n if (metadata.title.default !== undefined) {\n lastDefault = metadata.title.default;\n }\n }\n\n // Shallow-merge all keys except title\n for (const key of Object.keys(metadata) as Array<keyof Metadata>) {\n if (key === 'title') continue;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n (merged as any)[key] = metadata[key];\n }\n\n // Track raw title (will be resolved after the loop)\n if (metadata.title !== undefined) {\n rawTitle = metadata.title;\n }\n }\n\n // In error state, we lost page title — use the most recent default\n if (errorState) {\n rawTitle = lastDefault !== undefined ? { default: lastDefault } : rawTitle;\n // Don't apply template in error state\n titleTemplate = undefined;\n }\n\n // Resolve the final title\n const resolvedTitle = resolveTitle(rawTitle, titleTemplate);\n if (resolvedTitle !== undefined) {\n merged.title = resolvedTitle;\n }\n\n // Error state: inject noindex, overriding any user robots\n if (errorState) {\n merged.robots = 'noindex';\n }\n\n return merged;\n}\n\n// ─── URL Resolution ──────────────────────────────────────────────────────────\n\n/**\n * Check if a string is an absolute URL.\n */\nfunction isAbsoluteUrl(url: string): boolean {\n return url.startsWith('http://') || url.startsWith('https://') || url.startsWith('//');\n}\n\n/**\n * Resolve a relative URL against a base URL.\n */\nfunction resolveUrl(url: string, base: URL): string {\n if (isAbsoluteUrl(url)) return url;\n return new URL(url, base).toString();\n}\n\n/**\n * Resolve relative URLs in metadata fields against metadataBase.\n *\n * Returns a new metadata object with URLs resolved. Absolute URLs are not modified.\n * If metadataBase is not set, returns the metadata unchanged.\n */\nexport function resolveMetadataUrls(metadata: Metadata): Metadata {\n const base = metadata.metadataBase;\n if (!base) return metadata;\n\n const result = { ...metadata };\n\n // Resolve openGraph images\n if (result.openGraph) {\n result.openGraph = { ...result.openGraph };\n if (typeof result.openGraph.images === 'string') {\n result.openGraph.images = resolveUrl(result.openGraph.images, base);\n } else if (Array.isArray(result.openGraph.images)) {\n result.openGraph.images = result.openGraph.images.map((img) => ({\n ...img,\n url: resolveUrl(img.url, base),\n }));\n } else if (result.openGraph.images) {\n // Single object: { url, width?, height?, alt? }\n result.openGraph.images = {\n ...result.openGraph.images,\n url: resolveUrl(result.openGraph.images.url, base),\n };\n }\n if (result.openGraph.url && !isAbsoluteUrl(result.openGraph.url)) {\n result.openGraph.url = resolveUrl(result.openGraph.url, base);\n }\n }\n\n // Resolve twitter images\n if (result.twitter) {\n result.twitter = { ...result.twitter };\n if (typeof result.twitter.images === 'string') {\n result.twitter.images = resolveUrl(result.twitter.images, base);\n } else if (Array.isArray(result.twitter.images)) {\n // Resolve each image URL, preserving the union type structure\n const resolved = result.twitter.images.map((img) =>\n typeof img === 'string' ? resolveUrl(img, base) : { ...img, url: resolveUrl(img.url, base) }\n );\n // If all entries are strings, assign as string[]; otherwise as object[]\n const allStrings = resolved.every((r) => typeof r === 'string');\n result.twitter.images = allStrings\n ? (resolved as string[])\n : (resolved as Array<{ url: string; alt?: string; width?: number; height?: number }>);\n } else if (result.twitter.images) {\n // Single object: { url, alt?, width?, height? }\n result.twitter.images = {\n ...result.twitter.images,\n url: resolveUrl(result.twitter.images.url, base),\n };\n }\n }\n\n // Resolve alternates\n if (result.alternates) {\n result.alternates = { ...result.alternates };\n if (result.alternates.canonical && !isAbsoluteUrl(result.alternates.canonical)) {\n result.alternates.canonical = resolveUrl(result.alternates.canonical, base);\n }\n if (result.alternates.languages) {\n const langs: Record<string, string> = {};\n for (const [lang, url] of Object.entries(result.alternates.languages)) {\n langs[lang] = isAbsoluteUrl(url) ? url : resolveUrl(url, base);\n }\n result.alternates.languages = langs;\n }\n }\n\n // Resolve icon URLs\n if (result.icons) {\n result.icons = { ...result.icons };\n if (typeof result.icons.icon === 'string') {\n result.icons.icon = resolveUrl(result.icons.icon, base);\n } else if (Array.isArray(result.icons.icon)) {\n result.icons.icon = result.icons.icon.map((i) => ({ ...i, url: resolveUrl(i.url, base) }));\n }\n if (typeof result.icons.apple === 'string') {\n result.icons.apple = resolveUrl(result.icons.apple, base);\n } else if (Array.isArray(result.icons.apple)) {\n result.icons.apple = result.icons.apple.map((i) => ({ ...i, url: resolveUrl(i.url, base) }));\n }\n }\n\n return result;\n}\n","/**\n * loadModule — enriched error context for route manifest .load() failures.\n *\n * Wraps the lazy `load()` functions from the route manifest with a\n * try/catch that re-throws with the file path and original cause.\n *\n * Callers that need fallthrough behavior (error renderers) can use\n * `.catch(() => null)` or try/catch — the decision stays at the call site.\n *\n * See design/spike-TIM-551-dynamic-import-audit.md §\"Proposed Wrapping Strategy\"\n */\n\n/** A manifest file reference with a lazy import function and file path. */\nexport interface ManifestLoader {\n load: () => Promise<unknown>;\n filePath: string;\n}\n\n/**\n * Custom error class for module load failures.\n *\n * Preserves the original error as `cause` while providing a\n * human-readable message with the file path.\n */\nexport class ModuleLoadError extends Error {\n /** The file path that failed to load. */\n readonly filePath: string;\n\n constructor(filePath: string, cause: unknown) {\n const originalMessage = cause instanceof Error ? cause.message : String(cause);\n super(`[timber] Failed to load module ${filePath}\\n ${originalMessage}`, { cause });\n this.name = 'ModuleLoadError';\n this.filePath = filePath;\n }\n}\n\n/**\n * Load a route manifest module with enriched error context.\n *\n * On success: returns the module object (same as `loader.load()`).\n * On failure: throws `ModuleLoadError` with file path and original cause.\n *\n * For error rendering paths that need fallthrough instead of throwing,\n * callers should catch at the call site:\n *\n * ```ts\n * // Throwing (default) — route-element-builder, api-handler, etc.\n * const mod = await loadModule(segment.page);\n *\n * // Fallthrough — error-renderer, error-boundary-wrapper\n * const mod = await loadModule(segment.error).catch(() => null);\n * ```\n */\nexport async function loadModule<T = Record<string, unknown>>(loader: ManifestLoader): Promise<T> {\n try {\n return (await loader.load()) as T;\n } catch (error) {\n throw new ModuleLoadError(loader.filePath, error);\n }\n}\n","/**\n * Deny Page Resolver — resolves status-code file components for in-tree deny handling.\n *\n * When AccessGate or PageDenyBoundary catches a DenySignal, they need to\n * render the matching deny page (403.tsx, 4xx.tsx, error.tsx) as a normal\n * element in the React tree. This module resolves the deny page chain from\n * the segment chain — a list of fallback components ordered by specificity.\n *\n * The chain is built during buildRouteElement and passed as a prop to\n * AccessGate and PageDenyBoundary. At catch time, the first matching\n * component is rendered.\n *\n * See design/10-error-handling.md §\"Status-Code Files\", TIM-666.\n */\n\nimport { createElement } from 'react';\n\nimport type { ManifestSegmentNode } from './route-matcher.js';\nimport { loadModule } from './safe-load.js';\nimport { requestContextAls } from './als-registry.js';\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/** A single entry in the deny page fallback chain. */\nexport interface DenyPageEntry {\n /** Status code filter: specific (403), category (400 = any 4xx), or null (catch-all). */\n status: number | null;\n /** The component to render (server or client — both work). */\n component: (...args: unknown[]) => unknown;\n}\n\n// ─── Resolver ─────────────────────────────────────────────────────────────\n\n/**\n * Build the deny page fallback chain from the segment chain.\n *\n * Walks segments from `startIndex` outward (toward root) and collects\n * status-code file components in fallback order:\n * 1. Specific status files (403.tsx, 404.tsx) — exact match\n * 2. Category catch-alls (4xx.tsx) — matches any 4xx\n * 3. error.tsx — catches everything\n *\n * Each segment is checked in this order. The chain is ordered so the\n * FIRST match wins at catch time.\n */\nexport async function buildDenyPageChain(\n segments: ManifestSegmentNode[],\n startIndex: number\n): Promise<DenyPageEntry[]> {\n const chain: DenyPageEntry[] = [];\n\n // Pass 1: Status files (specific + category) across ALL segments.\n // These have higher priority than error.tsx — a root 4xx.tsx should\n // match before a leaf error.tsx. Walking inner → outer ensures the\n // nearest match wins within each priority tier.\n for (let i = startIndex; i >= 0; i--) {\n const segment = segments[i];\n if (!segment.statusFiles) continue;\n\n // Specific status files (403.tsx, 404.tsx, etc.)\n for (const [key, file] of Object.entries(segment.statusFiles)) {\n if (key !== '4xx' && key !== '5xx') {\n const status = parseInt(key, 10);\n if (!isNaN(status)) {\n const mod = await loadModule(file).catch(() => null);\n if (mod?.default) {\n chain.push({ status, component: mod.default as (...args: unknown[]) => unknown });\n }\n }\n }\n }\n\n // Category catch-alls (4xx.tsx, 5xx.tsx)\n for (const [key, file] of Object.entries(segment.statusFiles)) {\n if (key === '4xx' || key === '5xx') {\n const mod = await loadModule(file).catch(() => null);\n if (mod?.default) {\n const categoryStatus = key === '4xx' ? 400 : 500;\n chain.push({\n status: categoryStatus,\n component: mod.default as (...args: unknown[]) => unknown,\n });\n }\n }\n }\n }\n\n // Pass 2: error.tsx files — lowest priority catch-all.\n // Only added AFTER all status files so they never shadow a specific\n // or category status file from an ancestor segment.\n for (let i = startIndex; i >= 0; i--) {\n const segment = segments[i];\n if (segment.error) {\n const mod = await loadModule(segment.error).catch(() => null);\n if (mod?.default) {\n chain.push({ status: null, component: mod.default as (...args: unknown[]) => unknown });\n }\n }\n }\n\n return chain;\n}\n\n// ─── Matcher ──────────────────────────────────────────────────────────────\n\n/**\n * Find the first deny page in the chain that matches the given status code.\n * Returns a React element for the matching component, or null if no match.\n */\nexport function renderMatchingDenyPage(\n chain: DenyPageEntry[],\n status: number,\n data: unknown\n): React.ReactElement | null {\n const h = createElement as (...args: unknown[]) => React.ReactElement;\n\n for (const entry of chain) {\n if (entry.status === status) {\n return h(entry.component, { status, dangerouslyPassData: data });\n }\n if (entry.status === 400 && status >= 400 && status <= 499) {\n return h(entry.component, { status, dangerouslyPassData: data });\n }\n if (entry.status === 500 && status >= 500 && status <= 599) {\n return h(entry.component, { status, dangerouslyPassData: data });\n }\n if (entry.status === null) {\n return h(entry.component, { status, dangerouslyPassData: data });\n }\n }\n return null;\n}\n\n// ─── ALS Helper ───────────────────────────────────────────────────────────\n\n/**\n * Set the deny status in the request context ALS.\n * Called from AccessGate / PageDenyBoundary when a DenySignal is caught.\n * The pipeline reads this after render to set the HTTP status code.\n */\nexport function setDenyStatus(status: number): void {\n const store = requestContextAls.getStore();\n if (store) {\n store.denyStatus = status;\n }\n}\n\n/**\n * Read the deny status from the request context ALS.\n * Returns undefined if no deny was caught during render.\n */\nexport function getDenyStatus(): number | undefined {\n return requestContextAls.getStore()?.denyStatus;\n}\n","/**\n * AccessGate and SlotAccessGate — framework-injected async server components.\n *\n * AccessGate wraps each segment's layout in the element tree. It calls the\n * segment's access.ts before the layout renders. If access.ts calls deny()\n * or redirect(), the signal propagates as a render-phase throw — caught by\n * the flush controller to produce the correct HTTP status code.\n *\n * SlotAccessGate wraps parallel slot content. On denial, it renders the\n * graceful degradation chain: denied.tsx → default.tsx → null. Slot denial\n * does not affect the HTTP status code.\n *\n * See design/04-authorization.md and design/02-rendering-pipeline.md §\"AccessGate\"\n */\n\nimport { DenySignal, RedirectSignal } from './primitives.js';\nimport type { AccessGateProps, SlotAccessGateProps, ReactElement } from './tree-builder.js';\nimport { withSpan, setSpanAttribute } from './tracing.js';\nimport { isDebug } from './debug.js';\nimport type { DenyPageEntry } from './deny-page-resolver.js';\nimport { renderMatchingDenyPage, setDenyStatus } from './deny-page-resolver.js';\n\n// ─── AccessGate ─────────────────────────────────────────────────────────────\n\n/**\n * Framework-injected access gate for segments.\n *\n * When a pre-computed `verdict` prop is provided (from the pre-render pass\n * in route-element-builder.ts), AccessGate replays it synchronously — no\n * async, no re-execution of access.ts, immune to Suspense timing. The OTEL\n * span was already emitted during the pre-render pass.\n *\n * When no verdict is provided (backward compat with tree-builder.ts),\n * AccessGate calls accessFn directly with OTEL instrumentation.\n *\n * access.ts is a pure gate — return values are discarded. The layout below\n * gets the same data by calling the same cached functions (React.cache dedup).\n */\nexport function AccessGate(props: AccessGateProps): ReactElement | Promise<ReactElement> {\n const { accessFn, segmentName, verdict, denyPages, children } = props;\n\n // Fast path: replay pre-computed verdict from the pre-render pass.\n if (verdict !== undefined) {\n if (verdict === 'pass') {\n return children;\n }\n throw verdict;\n }\n\n // Primary path: call accessFn directly during render.\n // If denyPages is provided, catch DenySignal and render the deny page\n // in-tree — no throw reaches React Flight, no second render pass.\n return accessGateFallback(accessFn, segmentName, denyPages, children);\n}\n\n/**\n * Async fallback for AccessGate when no pre-computed verdict is available.\n * Calls accessFn with OTEL instrumentation.\n */\nasync function accessGateFallback(\n accessFn: AccessGateProps['accessFn'],\n segmentName: AccessGateProps['segmentName'],\n denyPages: DenyPageEntry[] | undefined,\n children: ReactElement\n): Promise<ReactElement> {\n try {\n await withSpan('timber.access', { 'timber.segment': segmentName ?? 'unknown' }, async () => {\n try {\n await accessFn();\n await setSpanAttribute('timber.result', 'pass');\n } catch (error: unknown) {\n if (error instanceof DenySignal) {\n await setSpanAttribute('timber.result', 'deny');\n await setSpanAttribute('timber.deny_status', error.status);\n if (error.sourceFile) {\n await setSpanAttribute('timber.deny_file', error.sourceFile);\n }\n } else if (error instanceof RedirectSignal) {\n await setSpanAttribute('timber.result', 'redirect');\n }\n throw error;\n }\n });\n } catch (error: unknown) {\n // Catch DenySignal and render the deny page in-tree.\n // No throw reaches React Flight — clean stream, single render pass.\n // RedirectSignal and other errors propagate normally.\n if (error instanceof DenySignal && denyPages) {\n const denyElement = renderMatchingDenyPage(denyPages, error.status, error.data);\n if (denyElement) {\n setDenyStatus(error.status);\n return denyElement;\n }\n }\n throw error;\n }\n\n return children;\n}\n\n// ─── SlotAccessGate ─────────────────────────────────────────────────────────\n\n/**\n * Framework-injected access gate for parallel slots.\n *\n * On denial, graceful degradation: denied.tsx → default.tsx → null.\n * The HTTP status code is unaffected — slot denial is a UI concern, not\n * a protocol concern. The parent layout and sibling slots still render.\n *\n * DeniedComponent is passed instead of a pre-built element so that\n * DenySignal.data can be forwarded as the dangerouslyPassData prop\n * and the slot name can be passed as the slot prop. See TIM-488.\n *\n * redirect() in slot access.ts is a dev-mode error — redirecting from a\n * slot doesn't make architectural sense.\n */\nexport async function SlotAccessGate(props: SlotAccessGateProps): Promise<ReactElement> {\n const { accessFn, DeniedComponent, slotName, createElement, defaultFallback, children } = props;\n\n try {\n await accessFn();\n } catch (error: unknown) {\n // DenySignal → graceful degradation (denied.tsx → default.tsx → null)\n // Build the denied element dynamically so DenySignal.data is forwarded.\n if (error instanceof DenySignal) {\n return (\n buildDeniedFallback(DeniedComponent, slotName, error.data, createElement) ??\n defaultFallback ??\n null\n );\n }\n\n // RedirectSignal in slot access → dev-mode error.\n // Slot access should use deny(), not redirect(). Redirecting from a\n // slot would redirect the entire page, which breaks the contract that\n // slot failure is graceful degradation.\n if (error instanceof RedirectSignal) {\n if (isDebug()) {\n console.error(\n '[timber] redirect() is not allowed in slot access.ts. ' +\n 'Slots use deny() for graceful degradation — denied.tsx → default.tsx → null. ' +\n \"If you need to redirect, move the logic to the parent segment's access.ts.\"\n );\n }\n // In production, treat as a deny — render fallback rather than crash.\n return (\n buildDeniedFallback(DeniedComponent, slotName, undefined, createElement) ??\n defaultFallback ??\n null\n );\n }\n\n // Unhandled error — re-throw so error boundaries can catch it.\n // Dev-mode warning: slot access should use deny(), not throw.\n if (isDebug()) {\n console.warn(\n '[timber] Unhandled error in slot access.ts. ' +\n 'Use deny() for access control, not unhandled throws.',\n error\n );\n }\n throw error;\n }\n\n // Access passed — render slot content.\n return children;\n}\n\n/**\n * Build the denied fallback element dynamically with DenySignal data.\n * Returns null if no DeniedComponent is available.\n */\nfunction buildDeniedFallback(\n DeniedComponent: SlotAccessGateProps['DeniedComponent'],\n slotName: string,\n data: unknown,\n createElement: SlotAccessGateProps['createElement']\n): ReactElement | null {\n if (!DeniedComponent) return null;\n return createElement(DeniedComponent, {\n slot: slotName,\n dangerouslyPassData: data,\n });\n}\n","/**\n * Route Element Builder — constructs a React element tree from a matched route.\n *\n * Extracted from rsc-entry.ts to enable reuse by the revalidation renderer\n * (which needs the element tree without RSC serialization) and to keep\n * rsc-entry.ts under the 500-line limit.\n *\n * This module handles:\n * 1. Loading page/layout components from the segment chain\n * 2. Collecting access.ts checks (executed inside render by AccessPreRunner)\n * 3. Resolving metadata (static object or async function, both exported as `metadata`)\n * 4. Building the React element tree (page → error boundaries → access gates → layouts)\n * 5. Resolving parallel slots\n * 6. Wrapping the tree with AccessPreRunner for React.cache-scoped access checks\n *\n * See design/02-rendering-pipeline.md, design/04-authorization.md\n */\n\nimport { createElement } from 'react';\n\nimport { withSpan } from './tracing.js';\nimport type { RouteMatch } from './pipeline.js';\nimport type { ManifestSegmentNode } from './route-matcher.js';\nimport { resolveMetadata, renderMetadataToElements } from './metadata.js';\nimport type { HeadElement as MetadataHeadElement } from './metadata.js';\nimport type { Metadata } from './types.js';\nimport { METADATA_ROUTE_CONVENTIONS, getMetadataRouteAutoLink } from './metadata-routes.js';\nimport { DenySignal, RedirectSignal } from './primitives.js';\nimport { AccessGate } from './access-gate.js';\nimport { PageDenyBoundary } from './page-deny-boundary.js';\nimport { buildDenyPageChain, renderMatchingDenyPage, setDenyStatus } from './deny-page-resolver.js';\nimport type { DenyPageEntry } from './deny-page-resolver.js';\nimport { resolveSlotElement } from './slot-resolver.js';\nimport { SegmentProvider } from '../client/segment-context.js';\n\nimport { wrapSegmentWithErrorBoundaries } from './error-boundary-wrapper.js';\nimport type { InterceptionContext } from './pipeline.js';\nimport { shouldSkipSegment } from './state-tree-diff.js';\nimport { loadModule } from './safe-load.js';\n\n// ─── Client Reference Detection ──────────────────────────────────────────\n\n/**\n * Symbol used by React Flight to mark client references.\n * Client references are proxy objects created by @vitejs/plugin-rsc for\n * 'use client' modules in the RSC environment. They must be passed to\n * createElement() — calling them as functions throws:\n * \"Unexpectedly client reference export 'default' is called on server\"\n */\nconst CLIENT_REFERENCE_TAG = Symbol.for('react.client.reference');\n\n/**\n * Detect whether a component is a React client reference.\n * Client references have $$typeof set to Symbol.for('react.client.reference')\n * by registerClientReference() in the React Flight server runtime.\n *\n * Used to skip OTEL tracing wrappers that would call the component as a\n * function. Client components must go through createElement only — they are\n * serialized as references in the RSC Flight stream, not executed on the server.\n */\nexport function isClientReference(component: unknown): boolean {\n return (\n component != null &&\n typeof component === 'function' &&\n (component as unknown as Record<string, unknown>).$$typeof === CLIENT_REFERENCE_TAG\n );\n}\n\n// ─── Param Coercion Error ─────────────────────────────────────────────────\n\n/**\n * Thrown when a defineSegmentParams codec's parse() fails.\n * The pipeline catches this and responds with 404.\n */\nexport class ParamCoercionError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'ParamCoercionError';\n }\n}\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/** Head element for client-side metadata updates. */\nexport interface HeadElement {\n tag: string;\n content?: string;\n attrs?: Record<string, string | null>;\n}\n\n/** Layout entry with component and segment. */\nexport interface LayoutComponentEntry {\n component: (...args: unknown[]) => unknown;\n segment: ManifestSegmentNode;\n}\n\n/** Result of building a route element tree. */\nexport interface RouteElementResult {\n /** The React element tree (page wrapped in layouts, access gates, error boundaries). */\n element: React.ReactElement;\n /** Resolved head elements for metadata. */\n headElements: HeadElement[];\n /** Layout components loaded along the segment chain. */\n layoutComponents: LayoutComponentEntry[];\n /** Segments from the route match. */\n segments: ManifestSegmentNode[];\n /** Max deferSuspenseFor hold window across all segments. */\n deferSuspenseFor: number;\n /**\n * Segment paths that were skipped because the client already has them cached.\n * Ordered outermost to innermost. Empty when no segments were skipped.\n * The client uses this to merge the partial payload with cached segments.\n * See design/19-client-navigation.md §\"X-Timber-State-Tree Header\"\n */\n skippedSegments: string[];\n}\n\n/**\n * Wraps a DenySignal or RedirectSignal with the layout components loaded\n * so far, enabling the caller to render deny pages inside the layout shell.\n *\n * @deprecated No longer thrown by buildRouteElement since TIM-662. Access\n * checks now run inside AccessPreRunner during renderToReadableStream, and\n * signals are caught by onError. Kept for backward compat with external code.\n */\nexport class RouteSignalWithContext extends Error {\n constructor(\n public readonly signal: DenySignal | RedirectSignal,\n public readonly layoutComponents: LayoutComponentEntry[],\n public readonly segments: ManifestSegmentNode[]\n ) {\n super(signal.message);\n }\n}\n\n// ─── Module Processing Helpers ─────────────────────────────────────────────\n\n/**\n * Reject the legacy `generateMetadata` export with a helpful migration message.\n * Throws if the module exports `generateMetadata` instead of `metadata`.\n */\nfunction rejectLegacyGenerateMetadata(mod: Record<string, unknown>, filePath: string): void {\n if ('generateMetadata' in mod) {\n throw new Error(\n `${filePath}: \"generateMetadata\" is not a valid export. ` +\n `Export an async function named \"metadata\" instead.\\n\\n` +\n ` // Before\\n` +\n ` export async function generateMetadata({ params }) { ... }\\n\\n` +\n ` // After\\n` +\n ` export async function metadata() { ... }`\n );\n }\n}\n\n/**\n * Extract and resolve metadata from a module (layout or page).\n * Handles both static metadata objects and async metadata functions.\n * Returns the resolved Metadata, or null if none exported.\n *\n * Metadata functions no longer receive { params } — they access params\n * via getSegmentParams() from ALS, same as page/layout components.\n */\nasync function extractMetadata(\n mod: Record<string, unknown>,\n segment: ManifestSegmentNode\n): Promise<Metadata | null> {\n if (typeof mod.metadata === 'function') {\n type MetadataFn = () => Promise<Metadata>;\n return (\n (await withSpan(\n 'timber.metadata',\n { 'timber.segment': segment.segmentName ?? segment.urlPath },\n () => (mod.metadata as MetadataFn)()\n )) ?? null\n );\n }\n if (mod.metadata) {\n return mod.metadata as Metadata;\n }\n return null;\n}\n\n/**\n * Extract `deferSuspenseFor` from a module and return the maximum\n * of the current value and the module's value.\n */\nfunction extractDeferSuspenseFor(mod: Record<string, unknown>, current: number): number {\n if (typeof mod.deferSuspenseFor === 'number' && mod.deferSuspenseFor > current) {\n return mod.deferSuspenseFor;\n }\n return current;\n}\n\n// ─── Builder ──────────────────────────────────────────────────────────────\n\n/**\n * Build a React element tree from a matched route.\n *\n * Loads modules, runs access checks, resolves metadata, and constructs\n * the element tree. DenySignal and RedirectSignal propagate to the caller\n * for HTTP-level handling.\n *\n * Does NOT serialize to RSC Flight — the caller decides whether to render\n * to a stream or use the element directly (e.g., for action revalidation).\n *\n * Access checks are collected but NOT executed here. They run inside\n * AccessPreRunner during renderToReadableStream so that access.ts and\n * render components share the same React.cache scope (TIM-662).\n */\nexport async function buildRouteElement(\n req: Request,\n match: RouteMatch,\n interception?: InterceptionContext,\n clientStateTree?: Set<string> | null\n): Promise<RouteElementResult> {\n const segments = match.segments;\n\n // Load all modules along the segment chain\n const metadataEntries: Array<{ metadata: Metadata; isPage: boolean }> = [];\n const layoutComponents: LayoutComponentEntry[] = [];\n let PageComponent: ((...args: unknown[]) => unknown) | null = null;\n let deferSuspenseFor = 0;\n\n for (let i = 0; i < segments.length; i++) {\n const segment = segments[i];\n const isLeaf = i === segments.length - 1;\n\n // Load layout\n if (segment.layout) {\n const mod = await loadModule(segment.layout);\n if (mod.default) {\n layoutComponents.push({\n component: mod.default as (...args: unknown[]) => unknown,\n segment,\n });\n }\n\n // Param coercion is handled in the pipeline (Stage 2c) before\n // middleware and rendering. See coerceSegmentParams() in pipeline.ts.\n\n rejectLegacyGenerateMetadata(mod, segment.layout.filePath ?? segment.urlPath);\n const layoutMetadata = await extractMetadata(mod, segment);\n if (layoutMetadata) {\n metadataEntries.push({ metadata: layoutMetadata, isPage: false });\n }\n deferSuspenseFor = extractDeferSuspenseFor(mod, deferSuspenseFor);\n }\n\n // Load page (leaf segment only)\n if (isLeaf && segment.page) {\n const mod = await loadModule(segment.page);\n\n // Param coercion is handled in the pipeline (Stage 2c) before\n // middleware and rendering. See coerceSegmentParams() in pipeline.ts.\n\n if (mod.default) {\n PageComponent = mod.default as (...args: unknown[]) => unknown;\n }\n rejectLegacyGenerateMetadata(mod, segment.page.filePath ?? segment.urlPath);\n const pageMetadata = await extractMetadata(mod, segment);\n if (pageMetadata) {\n metadataEntries.push({ metadata: pageMetadata, isPage: true });\n }\n deferSuspenseFor = extractDeferSuspenseFor(mod, deferSuspenseFor);\n }\n }\n\n if (!PageComponent) {\n throw new Error(`No page component found for route: ${new URL(req.url).pathname}`);\n }\n\n // Access checks are NOT run here. AccessGate components in the element\n // tree call accessFn directly during renderToReadableStream, sharing the\n // same React.cache scope as layout/page components. A requireUser() call\n // in access.ts populates React.cache; the same call in a layout is a hit.\n //\n // Previously (before TIM-662), access checks ran eagerly in a pre-render\n // loop OUTSIDE renderToReadableStream, breaking React.cache dedup.\n //\n // See design/04-authorization.md §\"Pre-Render Pass and Verdict Replay\"\n\n // Build deny page fallback chains for each segment position.\n // When AccessGate or PageDenyBoundary catches a DenySignal, they render\n // the matching deny page in-tree instead of throwing into React Flight.\n // The chain walks from the current segment outward to root, collecting\n // status-code files (403.tsx → 4xx.tsx → error.tsx) in fallback order.\n // See TIM-666.\n const denyPageChains = new Map<number, DenyPageEntry[]>();\n for (let i = 0; i < segments.length; i++) {\n const chain = await buildDenyPageChain(segments, i);\n if (chain.length > 0) {\n denyPageChains.set(i, chain);\n }\n }\n\n // Resolve metadata\n const resolvedMetadata = resolveMetadata(metadataEntries);\n const headElements = renderMetadataToElements(resolvedMetadata);\n\n // Auto-link metadata route files (icon, apple-icon, manifest) from segments.\n // See design/16-metadata.md §\"Auto-Linking\"\n for (const segment of segments) {\n if (!segment.metadataRoutes) continue;\n for (const baseName of Object.keys(segment.metadataRoutes)) {\n const convention = METADATA_ROUTE_CONVENTIONS[baseName];\n if (!convention) continue;\n // Non-nestable routes only auto-link from root\n if (!convention.nestable && segment.urlPath !== '/') continue;\n // Build the href: segment urlPath + serve path\n const prefix = segment.urlPath === '/' ? '' : segment.urlPath;\n const href = `${prefix}/${convention.servePath}`;\n const autoLink = getMetadataRouteAutoLink(convention.type, href);\n if (autoLink) {\n const attrs: Record<string, string> = { rel: autoLink.rel, href: autoLink.href };\n if (autoLink.type) attrs.type = autoLink.type;\n headElements.push({ tag: 'link', attrs } as MetadataHeadElement);\n }\n }\n }\n\n // Build element tree: page wrapped in layouts (innermost to outermost)\n const h = createElement as (...args: unknown[]) => React.ReactElement;\n\n // Build the page element.\n // Client references ('use client' pages) must NOT be called as functions —\n // they are proxy objects that throw when invoked. They must go through\n // createElement only, which serializes them as client references in the\n // RSC Flight stream. OTEL tracing is skipped for client components.\n // See TIM-627 for the original bug.\n // Build the page element.\n // Server component pages are wrapped in PageDenyBoundary which calls\n // them as async functions and catches DenySignal — rendering the deny\n // page in-tree instead of throwing into React Flight. This eliminates\n // the second render pass for deny pages. See TIM-666.\n //\n // Client reference pages ('use client') can't call deny() (server-only),\n // so they go through createElement normally — no wrapper needed.\n const leafIndex = segments.length - 1;\n const leafDenyPages = denyPageChains.get(leafIndex);\n let element: React.ReactElement;\n if (isClientReference(PageComponent)) {\n element = h(PageComponent, {});\n } else if (leafDenyPages && leafDenyPages.length > 0) {\n // Server component page WITH deny page chain — wrap in PageDenyBoundary\n element = h(PageDenyBoundary, {\n Page: PageComponent,\n route: match.segments[leafIndex]?.urlPath ?? '/',\n denyPages: leafDenyPages,\n });\n } else {\n // Server component page WITHOUT deny page chain — trace only\n const TracedPage = async (props: Record<string, unknown>) => {\n return withSpan(\n 'timber.page',\n { 'timber.route': match.segments[leafIndex]?.urlPath ?? '/' },\n () => (PageComponent as (props: Record<string, unknown>) => unknown)(props)\n );\n };\n element = h(TracedPage, {});\n }\n\n // Build a lookup of layout components by segment for O(1) access.\n const layoutBySegment = new Map(\n layoutComponents.map(({ component, segment }) => [segment, component])\n );\n\n // Track which segments were skipped for the X-Timber-Skipped-Segments header.\n // The client uses this to merge the partial payload with its cached segments.\n const skippedSegments: string[] = [];\n\n // Wrap from innermost (leaf) to outermost (root), processing every\n // segment in the chain. Each segment may contribute:\n // 1. Error boundaries (status files + error.tsx)\n // 2. Layout component — wraps children + parallel slots\n // 3. SegmentProvider — records position for useSelectedLayoutSegment\n //\n // When clientStateTree is provided (from X-Timber-State-Tree header on\n // client navigation), sync layouts the client already has are skipped.\n // Access.ts already ran for ALL segments in the pre-render loop above.\n // See design/19-client-navigation.md §\"X-Timber-State-Tree Header\"\n //\n // hasRenderedLayoutBelow tracks whether a non-skipped layout has been\n // seen below the current segment. A segment can ONLY be skipped if\n // there is a rendered layout below it — the client merger can only\n // replace inner SegmentProviders (client component boundaries), not\n // page content embedded in a layout's server-rendered output.\n // Without this guard, skipping the innermost layout causes the merger\n // to drop the layout entirely and replace it with just the page.\n let hasRenderedLayoutBelow = false;\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n const isLeaf = i === segments.length - 1;\n const layoutComponent = layoutBySegment.get(segment);\n\n // Check if this segment's layout can be skipped for partial rendering.\n // Skipped segments: no layout wrapping, no error boundaries, no slots,\n // no AccessGate in element tree (access already ran pre-render).\n //\n // Additional constraints beyond shouldSkipSegment:\n // - Must have a rendered layout below (so the merger can find an\n // inner SegmentProvider to splice the new content into)\n // - Route groups are never skipped because sibling groups share the\n // same urlPath (e.g., /(marketing) and /(app) both have \"/\"),\n // which would cause the wrong cached layout to be reused\n const skip =\n shouldSkipSegment(segment.urlPath, layoutComponent, isLeaf, clientStateTree ?? null) &&\n hasRenderedLayoutBelow &&\n segment.segmentType !== 'group';\n\n if (skip) {\n // Skip this segment's layout/error boundaries — the client uses its cached version.\n // Metadata was already resolved above (head elements are correct).\n // Record for X-Timber-Skipped-Segments header (outermost first, so prepend).\n skippedSegments.unshift(segment.urlPath);\n\n // SECURITY: Even though the layout is skipped, AccessGate MUST still\n // wrap the element tree. access.ts runs on every navigation regardless\n // of cached layouts or state tree content.\n // See design/13-security.md §\"Auth always runs\" (test #11).\n if (segment.access) {\n const accessMod = await loadModule(segment.access);\n const accessFn = accessMod.default as (() => unknown) | undefined;\n if (accessFn) {\n element = h(AccessGate, {\n accessFn,\n segmentName: segment.segmentName,\n denyPages: denyPageChains.get(i),\n children: element,\n });\n }\n }\n\n continue;\n }\n\n // This segment is rendered — mark that future (outer) segments have\n // a rendered layout below them and can safely be skipped.\n if (layoutComponent) {\n hasRenderedLayoutBelow = true;\n }\n\n // Wrap with error boundaries from this segment (inside layout).\n // Keep ALL error boundaries (including 4xx) — they're the safety net for\n // DenySignal from nested server components that escape AccessGate/PageDenyBoundary\n // try/catch. Status-code files must be 'use client' TSX or MDX to serialize\n // as error boundary fallbacks. See TIM-666.\n element = await wrapSegmentWithErrorBoundaries(segment, element, h);\n\n // Wrap with layout BEFORE AccessGate — AccessGate is OUTSIDE the layout.\n // When AccessGate denies, the layout never renders. The deny page appears\n // at the AccessGate level, wrapped by PARENT layouts only.\n // This prevents leaking layout UI (sidebars, nav) on denied pages.\n // See design/04-authorization.md §\"Access Failure\".\n if (layoutComponent) {\n // Resolve parallel slots for this layout\n const slotProps: Record<string, unknown> = {};\n const slotEntries = Object.entries(segment.slots ?? {});\n for (const [slotName, slotNode] of slotEntries) {\n slotProps[slotName] = await resolveSlotElement(\n slotNode as ManifestSegmentNode,\n match,\n h,\n interception\n );\n }\n\n const segmentPath = segment.urlPath.split('/');\n const parallelRouteKeys = Object.keys(segment.slots ?? {});\n\n // For route groups, urlPath is shared with the parent (both \"/\"),\n // so include the group name to distinguish them. Used for both OTEL\n // span labels and client-side element caching (segmentId).\n const segmentId =\n segment.segmentType === 'group'\n ? `${segment.urlPath === '/' ? '' : segment.urlPath}/${segment.segmentName}`\n : segment.urlPath;\n\n // Build the layout element.\n // Same client reference guard as pages — client layouts must not be\n // called as functions. OTEL tracing is skipped for client components.\n let layoutElement: React.ReactElement;\n if (isClientReference(layoutComponent)) {\n layoutElement = h(layoutComponent, {\n ...slotProps,\n children: element,\n });\n } else {\n // Server component layout — wrap with OTEL tracing AND DenySignal\n // catching. If the layout calls deny(), the signal is caught here\n // and the matching deny page renders in-tree (same pattern as\n // AccessGate and PageDenyBoundary). Without this, DenySignal\n // escapes to React Flight onError and triggers the re-render\n // fallback path. See TIM-668, design/04-authorization.md.\n const layoutComponentRef = layoutComponent;\n const layoutDenyPages = denyPageChains.get(i);\n const TracedLayout = async (props: Record<string, unknown>) => {\n try {\n return await withSpan('timber.layout', { 'timber.segment': segmentId }, () =>\n (layoutComponentRef as (props: Record<string, unknown>) => unknown)(props)\n );\n } catch (error: unknown) {\n if (error instanceof DenySignal && layoutDenyPages) {\n const denyElement = renderMatchingDenyPage(layoutDenyPages, error.status, error.data);\n if (denyElement) {\n setDenyStatus(error.status);\n return denyElement;\n }\n }\n // Non-deny errors (RedirectSignal, runtime errors) propagate normally.\n throw error;\n }\n };\n layoutElement = h(TracedLayout, {\n ...slotProps,\n children: element,\n });\n }\n\n element = h(SegmentProvider, {\n segments: segmentPath,\n segmentId,\n parallelRouteKeys,\n children: layoutElement,\n });\n }\n\n // Wrap in AccessGate OUTSIDE the layout.\n // If access denies, the deny page renders here — the layout above\n // never executes. Parent layouts (from outer iterations) form the shell.\n // See TIM-662, TIM-666, design/04-authorization.md §\"Access Failure\".\n if (segment.access) {\n const accessMod = await loadModule(segment.access);\n const accessFn = accessMod.default as (() => unknown) | undefined;\n if (accessFn) {\n element = h(AccessGate, {\n accessFn,\n segmentName: segment.segmentName,\n denyPages: denyPageChains.get(i),\n children: element,\n });\n }\n }\n }\n\n return {\n element,\n headElements: headElements as HeadElement[],\n layoutComponents,\n segments,\n deferSuspenseFor,\n skippedSegments,\n };\n}\n","/**\n * Version Skew Detection — graceful recovery when stale clients hit new deployments.\n *\n * When a new version of the app is deployed, clients with open tabs still have\n * the old JavaScript bundle. Without version skew handling, these stale clients\n * will experience:\n *\n * 1. Server action calls that crash (action IDs are content-hashed)\n * 2. Chunk load failures (old filenames gone from CDN)\n * 3. RSC payload mismatches (component references differ between builds)\n *\n * This module implements deployment ID comparison:\n * - A per-build deployment ID is generated at build time (see build-manifest.ts)\n * - The client sends it via `X-Timber-Deployment-Id` header on every RSC/action request\n * - The server compares it against the current build's ID\n * - On mismatch: signal the client to reload (not crash)\n *\n * The deployment ID is always-on in production. Dev mode skips the check\n * (HMR handles code updates without full reloads).\n *\n * See design/25-production-deployments.md, TIM-446\n */\n\n// ─── Constants ───────────────────────────────────────────────────\n\n/** Header sent by the client with every RSC/action request. */\nexport const DEPLOYMENT_ID_HEADER = 'X-Timber-Deployment-Id';\n\n/** Response header that signals the client to do a full page reload. */\nexport const RELOAD_HEADER = 'X-Timber-Reload';\n\n// ─── Deployment ID ───────────────────────────────────────────────\n\n/**\n * The current build's deployment ID. Set at startup from the manifest init\n * module (globalThis.__TIMBER_DEPLOYMENT_ID__). Null in dev mode.\n */\nlet currentDeploymentId: string | null = null;\n\n/**\n * Set the current deployment ID. Called once at server startup from the\n * manifest init module. In dev mode this is never called (deployment ID\n * checks are skipped).\n */\nexport function setDeploymentId(id: string): void {\n currentDeploymentId = id;\n}\n\n/**\n * Get the current deployment ID. Returns null in dev mode.\n */\nexport function getDeploymentId(): string | null {\n return currentDeploymentId;\n}\n\n// ─── Skew Detection ──────────────────────────────────────────────\n\n/** Result of a version skew check. */\nexport interface SkewCheckResult {\n /** Whether the client's deployment ID matches the server's. */\n ok: boolean;\n /** The client's deployment ID (null if header not sent — e.g., initial page load). */\n clientId: string | null;\n}\n\n/**\n * Check if a request's deployment ID matches the current build.\n *\n * Returns `{ ok: true }` when:\n * - Dev mode (no deployment ID set — HMR handles updates)\n * - No deployment ID header (initial page load, non-RSC request)\n * - Deployment IDs match\n *\n * Returns `{ ok: false }` when:\n * - Client sends a deployment ID that differs from the current build\n */\nexport function checkVersionSkew(req: Request): SkewCheckResult {\n // Dev mode — no deployment ID checks (HMR handles updates)\n if (!currentDeploymentId) {\n return { ok: true, clientId: null };\n }\n\n const clientId = req.headers.get(DEPLOYMENT_ID_HEADER);\n\n // No header — initial page load or non-RSC request. Always OK.\n if (!clientId) {\n return { ok: true, clientId: null };\n }\n\n // Compare deployment IDs\n if (clientId === currentDeploymentId) {\n return { ok: true, clientId };\n }\n\n return { ok: false, clientId };\n}\n\n/**\n * Apply version skew reload headers to a response.\n * Sets X-Timber-Reload: 1 to signal the client to do a full page reload.\n */\nexport function applyReloadHeaders(headers: Headers): void {\n headers.set(RELOAD_HEADER, '1');\n}\n","/**\n * Metadata route helpers for the request pipeline.\n *\n * Handles serving static metadata files and serializing sitemap responses.\n * Extracted from pipeline.ts to keep files under 500 lines.\n *\n * See design/16-metadata.md §\"Metadata Routes\"\n */\n\nimport { readFile } from 'node:fs/promises';\n\n/**\n * Content types that are text-based and should include charset=utf-8.\n * Binary formats (images) should not include charset.\n */\nconst TEXT_CONTENT_TYPES = new Set([\n 'application/xml',\n 'text/plain',\n 'application/json',\n 'application/manifest+json',\n 'image/svg+xml',\n]);\n\n/**\n * Serve a static metadata file by reading it from disk.\n *\n * Static metadata route files (.xml, .txt, .json, .png, .ico, .svg, etc.)\n * are served as-is with the appropriate Content-Type header.\n * Text files include charset=utf-8; binary files do not.\n *\n * See design/16-metadata.md §\"Metadata Routes\"\n */\nexport async function serveStaticMetadataFile(\n metaMatch: import('./route-matcher.js').MetadataRouteMatch\n): Promise<Response> {\n const { contentType, file } = metaMatch;\n const isText = TEXT_CONTENT_TYPES.has(contentType);\n\n const body = await readFile(file.filePath);\n\n const headers: Record<string, string> = {\n 'Content-Type': isText ? `${contentType}; charset=utf-8` : contentType,\n 'Content-Length': String(body.byteLength),\n };\n\n return new Response(body, { status: 200, headers });\n}\n\n/**\n * Serialize a sitemap array to XML.\n * Follows the sitemap.org protocol: https://www.sitemaps.org/protocol.html\n */\nexport function serializeSitemap(\n entries: Array<{\n url: string;\n lastModified?: string | Date;\n changeFrequency?: string;\n priority?: number;\n }>\n): string {\n const urls = entries\n .map((e) => {\n let xml = ` <url>\\n <loc>${escapeXml(e.url)}</loc>`;\n if (e.lastModified) {\n const date = e.lastModified instanceof Date ? e.lastModified.toISOString() : e.lastModified;\n xml += `\\n <lastmod>${escapeXml(date)}</lastmod>`;\n }\n if (e.changeFrequency) {\n xml += `\\n <changefreq>${escapeXml(e.changeFrequency)}</changefreq>`;\n }\n if (e.priority !== undefined) {\n xml += `\\n <priority>${e.priority}</priority>`;\n }\n xml += '\\n </url>';\n return xml;\n })\n .join('\\n');\n\n return `<?xml version=\"1.0\" encoding=\"UTF-8\"?>\\n<urlset xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\">\\n${urls}\\n</urlset>`;\n}\n\n/**\n * Serialize a sitemap index (list of sub-sitemap URLs) to XML.\n * Used for pagination when the total URL count exceeds 50,000.\n * Follows the sitemap.org protocol: https://www.sitemaps.org/protocol.html\n */\nexport function serializeSitemapIndex(sitemapUrls: string[]): string {\n const sitemaps = sitemapUrls\n .map((url) => ` <sitemap>\\n <loc>${escapeXml(url)}</loc>\\n </sitemap>`)\n .join('\\n');\n\n return `<?xml version=\"1.0\" encoding=\"UTF-8\"?>\\n<sitemapindex xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\">\\n${sitemaps}\\n</sitemapindex>`;\n}\n\n/** Escape special XML characters. */\nexport function escapeXml(str: string): string {\n return str\n .replace(/&/g, '&amp;')\n .replace(/</g, '&lt;')\n .replace(/>/g, '&gt;')\n .replace(/\"/g, '&quot;')\n .replace(/'/g, '&apos;');\n}\n","/**\n * Interception route matching for the request pipeline.\n *\n * Matches target URLs against interception rewrites to support the\n * modal route pattern (soft navigation intercepts).\n *\n * Extracted from pipeline.ts to keep files under 500 lines.\n *\n * See design/07-routing.md §\"Intercepting Routes\"\n */\n\nimport { classifyUrlSegment } from '../routing/segment-classify.js';\n\n/** Result of a successful interception match. */\nexport interface InterceptionMatchResult {\n /** The pathname to re-match (the source/intercepting route's parent). */\n sourcePathname: string;\n}\n\n/**\n * Check if an intercepting route applies for this soft navigation.\n *\n * Matches the target pathname against interception rewrites, constrained\n * by the source URL (X-Timber-URL header — where the user navigates FROM).\n *\n * Returns the source pathname to re-match if interception applies, or null.\n */\nexport function findInterceptionMatch(\n targetPathname: string,\n sourceUrl: string,\n rewrites: import('../routing/interception.js').InterceptionRewrite[]\n): InterceptionMatchResult | null {\n for (const rewrite of rewrites) {\n // Check if the source URL starts with the intercepting prefix\n if (!sourceUrl.startsWith(rewrite.interceptingPrefix)) continue;\n\n // Check if the target URL matches the intercepted pattern.\n // Dynamic segments in the pattern match any single URL segment.\n if (pathnameMatchesPattern(targetPathname, rewrite.interceptedPattern)) {\n return { sourcePathname: rewrite.interceptingPrefix };\n }\n }\n return null;\n}\n\n/**\n * Check if a pathname matches a URL pattern with dynamic segments.\n *\n * Supports [param] (single segment) and [...param] (one or more segments).\n * Static segments must match exactly.\n */\nexport function pathnameMatchesPattern(pathname: string, pattern: string): boolean {\n const pathParts = pathname === '/' ? [] : pathname.slice(1).split('/');\n const patternParts = pattern === '/' ? [] : pattern.slice(1).split('/');\n\n let pi = 0;\n for (let i = 0; i < patternParts.length; i++) {\n const seg = classifyUrlSegment(patternParts[i]);\n\n switch (seg.kind) {\n case 'catch-all':\n return pi < pathParts.length;\n case 'optional-catch-all':\n return true;\n case 'dynamic':\n if (pi >= pathParts.length) return false;\n pi++;\n continue;\n case 'static':\n if (pi >= pathParts.length || pathParts[pi] !== seg.value) return false;\n pi++;\n continue;\n }\n }\n\n return pi === pathParts.length;\n}\n","/**\n * Pipeline phase functions — module-level free functions that take their\n * dependencies as explicit parameters. Each phase returns a `PhaseOutcome`\n * (a discriminated union over response / redirect / deny / error). The\n * terminal `outcomeToResponse` translates outcomes into Responses.\n *\n * Lifted out of `createPipeline` so each phase can be unit-tested in\n * isolation. The lift is mechanical — these functions used to be closures\n * over `config`; they now take `config` as an explicit parameter.\n *\n * See design/07-routing.md §\"Request Lifecycle\", design/02-rendering-pipeline.md §\"Request Flow\".\n */\n\nimport { canonicalize } from './canonicalize.js';\nimport { runProxy } from './proxy.js';\nimport { runMiddlewareChain } from './middleware-runner.js';\nimport { withTiming } from './server-timing.js';\nimport {\n applyRequestHeaderOverlay,\n setMutableCookieContext,\n markResponseFlushed,\n setSegmentParams,\n} from './request-context.js';\nimport { withSpan } from './tracing.js';\nimport {\n logProxyError,\n logMiddlewareError,\n logMiddlewareShortCircuit,\n logRenderError,\n} from './logger.js';\nimport { RedirectSignal, DenySignal } from './primitives.js';\nimport { ParamCoercionError } from './route-element-builder.js';\nimport { checkVersionSkew, applyReloadHeaders } from './version-skew.js';\nimport { serveStaticMetadataFile, serializeSitemap } from './pipeline-metadata.js';\nimport { loadModule } from './safe-load.js';\nimport { findInterceptionMatch } from './pipeline-interception.js';\nimport {\n applyCookieJar,\n buildRedirectResponse,\n cloneWithMutableHeaders,\n fireOnRequestError,\n mergeMissingHeaders,\n safeMerge,\n type ProxyResolver,\n} from './pipeline-helpers.js';\nimport type { InterceptionContext, PipelineConfig, RouteMatch } from './pipeline.js';\nimport type { MiddlewareContext } from './types.js';\n\n// ─── Phase Outcome ─────────────────────────────────────────────────────────\n\nexport type PhaseName = 'proxy' | 'middleware' | 'render';\n\nexport type PhaseOutcome =\n | { kind: 'response'; phase: PhaseName; response: Response }\n | { kind: 'redirect'; phase: PhaseName; signal: RedirectSignal }\n | { kind: 'deny'; phase: PhaseName; signal: DenySignal }\n | { kind: 'error'; phase: PhaseName; error: unknown };\n\nexport interface OutcomeContext {\n req: Request;\n method: string;\n path: string;\n responseHeaders?: Headers;\n match?: RouteMatch;\n}\n\ninterface RenderContext {\n canonicalPathname: string;\n interception?: InterceptionContext;\n}\n\n// ─── Param Coercion ────────────────────────────────────────────────────────\n\n/**\n * Run segment param coercion on the matched route's segments.\n *\n * Loads params.ts modules from segments that have them, extracts the\n * segmentParams definition, and coerces raw string params through codecs.\n * Throws ParamCoercionError if any codec fails (→ 404).\n *\n * This runs BEFORE middleware, so ctx.segmentParams is already typed.\n * See design/07-routing.md §\"Where Coercion Runs\"\n */\nexport async function coerceSegmentParams(match: RouteMatch): Promise<void> {\n const segments = match.segments;\n let mergeTarget = match.segmentParams as Record<string, unknown>;\n let usesNullPrototypeTarget = Object.getPrototypeOf(mergeTarget) === null;\n\n for (const segment of segments) {\n // Only process segments that have a params.ts convention file\n if (!segment.params) continue;\n\n let mod: Record<string, unknown>;\n try {\n mod = await loadModule(segment.params);\n } catch (err) {\n throw new ParamCoercionError(\n `Failed to load params module for segment \"${segment.segmentName}\": ${err instanceof Error ? err.message : String(err)}`\n );\n }\n\n const segmentParamsDef = mod.segmentParams as\n | { parse(raw: Record<string, string | string[]>): Record<string, unknown> }\n | undefined;\n\n if (!segmentParamsDef || typeof segmentParamsDef.parse !== 'function') continue;\n\n try {\n const coerced = segmentParamsDef.parse(match.segmentParams);\n\n if (!usesNullPrototypeTarget) {\n mergeTarget = Object.create(null) as Record<string, unknown>;\n safeMerge(mergeTarget, match.segmentParams as Record<string, unknown>);\n match.segmentParams = mergeTarget as RouteMatch['segmentParams'];\n usesNullPrototypeTarget = true;\n }\n\n // safeMerge blocks shallow prototype-polluting keys from codec output.\n // The null-prototype target above provides the deeper guarantee for\n // nested values without paying the cost of a deep sanitizer.\n safeMerge(mergeTarget, coerced as Record<string, unknown>);\n } catch (err) {\n throw new ParamCoercionError(err instanceof Error ? err.message : String(err));\n }\n }\n}\n\n// ─── Phase: Proxy ──────────────────────────────────────────────────────────\n\n/**\n * Run the proxy.ts phase. Calls user proxy code and uses `handleRequest` as\n * the inner `next()` continuation. The proxy resolver was picked at pipeline\n * construction time so the hot path sees no per-request branching on the\n * `ProxyConfig` discriminant.\n */\nexport async function runProxyPhase(\n config: PipelineConfig,\n getProxy: ProxyResolver,\n req: Request,\n method: string,\n path: string\n): Promise<PhaseOutcome> {\n const detailed = config.serverTiming === 'detailed';\n try {\n const proxyExport = await getProxy();\n const proxyFn = () =>\n runProxy(proxyExport, req, () => handleRequest(config, req, method, path));\n const response = await withSpan('timber.proxy', {}, () =>\n detailed ? withTiming('proxy', 'proxy.ts', proxyFn) : proxyFn()\n );\n return { kind: 'response', phase: 'proxy', response };\n } catch (error) {\n return { kind: 'error', phase: 'proxy', error };\n }\n}\n\n// ─── Phase: Middleware ─────────────────────────────────────────────────────\n\n/**\n * Run the middleware chain phase. If the chain short-circuits with a Response,\n * returns it as a 'response' outcome. Otherwise applies the request header\n * overlay and falls through to the render phase.\n */\nexport async function runMiddlewarePhase(\n config: PipelineConfig,\n req: Request,\n match: RouteMatch,\n responseHeaders: Headers,\n requestHeaderOverlay: Headers,\n renderContext: RenderContext\n): Promise<PhaseOutcome> {\n const detailed = config.serverTiming === 'detailed';\n const ctx: MiddlewareContext = {\n req,\n requestHeaders: requestHeaderOverlay,\n headers: responseHeaders,\n segmentParams: match.segmentParams,\n earlyHints: (hints) => {\n for (const hint of hints) {\n // Match Cloudflare's cached Early Hints attribute order: `as` before `rel`.\n // Cloudflare caches Link headers and re-emits them on subsequent 200s.\n // If our order differs, the browser sees duplicate preloads and warns.\n let value: string;\n if (hint.as !== undefined) {\n value = `<${hint.href}>; as=${hint.as}; rel=${hint.rel}`;\n } else {\n value = `<${hint.href}>; rel=${hint.rel}`;\n }\n if (hint.crossOrigin !== undefined) value += `; crossorigin=${hint.crossOrigin}`;\n if (hint.fetchPriority !== undefined) value += `; fetchpriority=${hint.fetchPriority}`;\n responseHeaders.append('Link', value);\n }\n },\n };\n\n try {\n const chainFn = () => runMiddlewareChain(match.middlewareChain, ctx);\n // Enable cookie mutation during middleware (design/29-cookies.md §\"Context Tracking\")\n const middlewareResponse = await (async () => {\n setMutableCookieContext(true);\n try {\n return await withSpan('timber.middleware', {}, () =>\n detailed ? withTiming('mw', 'middleware.ts', chainFn) : chainFn()\n );\n } finally {\n setMutableCookieContext(false);\n }\n })();\n if (middlewareResponse) {\n return { kind: 'response', phase: 'middleware', response: middlewareResponse };\n }\n // Middleware chain completed without short-circuiting — apply any\n // injected request headers so getHeaders() returns them downstream.\n applyRequestHeaderOverlay(requestHeaderOverlay);\n\n // Apply cookie jar to response headers before render commits them.\n // This preserves the historical ordering where middleware cookie writes\n // are visible to route-handler header merging, while handler Set-Cookie\n // values still come after middleware cookies and therefore take precedence.\n applyCookieJar(responseHeaders);\n\n return runRenderPhase(config, req, match, responseHeaders, requestHeaderOverlay, renderContext);\n } catch (error) {\n if (error instanceof RedirectSignal) {\n return { kind: 'redirect', phase: 'middleware', signal: error };\n }\n if (error instanceof DenySignal) {\n return { kind: 'deny', phase: 'middleware', signal: error };\n }\n return { kind: 'error', phase: 'middleware', error };\n }\n}\n\n// ─── Phase: Render ─────────────────────────────────────────────────────────\n\n/**\n * Run the render phase. Wraps the configured renderer in a span and a\n * timing scope, and translates thrown signals into outcome variants.\n */\nexport async function runRenderPhase(\n config: PipelineConfig,\n req: Request,\n match: RouteMatch,\n responseHeaders: Headers,\n requestHeaderOverlay: Headers,\n { canonicalPathname, interception }: RenderContext\n): Promise<PhaseOutcome> {\n const detailed = config.serverTiming === 'detailed';\n try {\n const renderFn = () =>\n config.render(req, match, responseHeaders, requestHeaderOverlay, interception);\n const response = await withSpan('timber.render', { 'http.route': canonicalPathname }, () =>\n detailed ? withTiming('render', 'RSC + SSR render', renderFn) : renderFn()\n );\n return { kind: 'response', phase: 'render', response };\n } catch (error) {\n if (error instanceof DenySignal) {\n return { kind: 'deny', phase: 'render', signal: error };\n }\n if (error instanceof RedirectSignal) {\n return { kind: 'redirect', phase: 'render', signal: error };\n }\n return { kind: 'error', phase: 'render', error };\n }\n}\n\n// ─── Request Handler ───────────────────────────────────────────────────────\n\n/**\n * Process a single request from canonicalization through phase dispatch.\n *\n * Stages: canonicalize → metadata routes → auto-sitemap → version skew →\n * route match → interception → early hints → param coercion → middleware →\n * render → outcome translation. Pre-routing short-circuits return Responses\n * directly; post-match dispatch goes through `outcomeToResponse`.\n *\n * Used both as the top-level entry (when no proxy.ts is configured) and as\n * the `next()` continuation passed to `runProxy()`.\n */\nexport async function handleRequest(\n config: PipelineConfig,\n req: Request,\n method: string,\n path: string\n): Promise<Response> {\n const stripTrailingSlash = config.stripTrailingSlash ?? true;\n\n // Stage 1: URL canonicalization\n const url = new URL(req.url);\n const result = canonicalize(url.pathname, stripTrailingSlash);\n if (!result.ok) {\n return new Response(null, { status: result.status });\n }\n const canonicalPathname = result.pathname;\n\n // Stage 1b: Metadata route matching — runs before regular route matching.\n // Metadata routes skip middleware.ts and access.ts (public endpoints for crawlers).\n // See design/16-metadata.md §\"Pipeline Integration\"\n if (config.matchMetadataRoute) {\n const metaMatch = config.matchMetadataRoute(canonicalPathname);\n if (metaMatch) {\n try {\n // Static metadata files (.xml, .txt, .png, .ico, etc.) are served\n // directly from disk. Dynamic metadata routes (.ts, .tsx) export a\n // handler function that generates the response.\n if (metaMatch.isStatic) {\n return await serveStaticMetadataFile(metaMatch);\n }\n\n const mod = await loadModule<{ default?: Function }>(metaMatch.file);\n if (typeof mod.default !== 'function') {\n return new Response('Metadata route must export a default function', { status: 500 });\n }\n const handlerResult = await mod.default();\n // If the handler returns a Response, normalize headers so the\n // outer Server-Timing writer can append without hitting an\n // immutable header bag (e.g. user returns Response.redirect()).\n if (handlerResult instanceof Response) {\n return cloneWithMutableHeaders(handlerResult);\n }\n // Otherwise, serialize based on content type\n const contentType = metaMatch.contentType;\n let body: string;\n if (typeof handlerResult === 'string') {\n body = handlerResult;\n } else if (contentType === 'application/xml') {\n body = serializeSitemap(handlerResult);\n } else if (contentType === 'application/manifest+json') {\n body = JSON.stringify(handlerResult, null, 2);\n } else {\n body = typeof handlerResult === 'string' ? handlerResult : String(handlerResult);\n }\n return new Response(body, {\n status: 200,\n headers: { 'Content-Type': `${contentType}; charset=utf-8` },\n });\n } catch (error) {\n logRenderError({ method, path, error });\n if (config.onPipelineError && error instanceof Error)\n config.onPipelineError(error, 'metadata-route');\n return new Response(null, { status: 500 });\n }\n }\n }\n\n // Stage 1b.2: Auto-generated sitemap — serves /sitemap.xml and /sitemap/N.xml\n // when sitemap generation is enabled and no user-authored sitemap exists.\n // Runs after metadata route matching so user sitemaps always take precedence.\n // See design/16-metadata.md §\"Auto-generated Sitemap\"\n if (config.autoSitemapHandler) {\n try {\n const sitemapResponse = await config.autoSitemapHandler(canonicalPathname);\n if (sitemapResponse) return cloneWithMutableHeaders(sitemapResponse);\n } catch (error) {\n logRenderError({ method, path, error });\n if (config.onPipelineError && error instanceof Error)\n config.onPipelineError(error, 'auto-sitemap');\n return new Response(null, { status: 500 });\n }\n }\n\n // Stage 1c: Version skew detection (TIM-446).\n // For RSC payload requests (client navigation), check if the client's\n // deployment ID matches the current build. On mismatch, signal the\n // client to do a full page reload instead of returning an RSC payload\n // that references mismatched module IDs.\n const isRscRequest = (req.headers.get('Accept') ?? '').includes('text/x-component');\n if (isRscRequest) {\n const skewCheck = checkVersionSkew(req);\n if (!skewCheck.ok) {\n const reloadHeaders = new Headers();\n applyReloadHeaders(reloadHeaders);\n return new Response(null, { status: 204, headers: reloadHeaders });\n }\n }\n\n // Stage 2: Route matching\n let match = config.matchRoute(canonicalPathname);\n let interception: InterceptionContext | undefined;\n\n // Stage 2a: Intercepting route resolution (modal pattern).\n // On soft navigation, check if an intercepting route should render instead.\n // The client sends X-Timber-URL with the current pathname (where they're\n // navigating FROM). If a rewrite matches, re-route to the source URL so\n // the source layout renders with the intercepted content in the slot.\n const sourceUrl = req.headers.get('X-Timber-URL');\n if (sourceUrl && config.interceptionRewrites?.length) {\n const intercepted = findInterceptionMatch(\n canonicalPathname,\n sourceUrl,\n config.interceptionRewrites\n );\n if (intercepted) {\n const sourceMatch = config.matchRoute(intercepted.sourcePathname);\n if (sourceMatch) {\n match = sourceMatch;\n interception = { targetPathname: canonicalPathname };\n }\n }\n }\n\n if (!match) {\n // No route matched — render 404.tsx in root layout if available,\n // otherwise fall back to a bare 404 Response.\n if (config.renderNoMatch) {\n const responseHeaders = new Headers();\n return cloneWithMutableHeaders(await config.renderNoMatch(req, responseHeaders));\n }\n return new Response(null, { status: 404 });\n }\n\n // Response and request header containers — created before early hints so\n // the emitter can append Link headers (e.g. for Cloudflare CDN → 103).\n const responseHeaders = new Headers();\n const requestHeaderOverlay = new Headers();\n\n // Set Cache-Control for dynamic HTML responses. Without this header,\n // CDNs (particularly Cloudflare) may attempt to buffer/process the\n // response differently, causing intermittent multi-second delays.\n // This matches Next.js's default behavior.\n responseHeaders.set('Cache-Control', 'private, no-cache, no-store, max-age=0, must-revalidate');\n\n // Stage 2b: 103 Early Hints (before middleware, after match)\n // Fires before middleware so the browser can begin fetching critical\n // assets while middleware runs. Non-fatal — a failing emitter never\n // blocks the request.\n if (config.earlyHints) {\n try {\n await config.earlyHints(match, req, responseHeaders);\n } catch {\n // Early hints failure is non-fatal\n }\n }\n\n // Stage 2c: Param coercion (before middleware)\n // Load params.ts modules from matched segments and coerce raw string\n // params through defineSegmentParams codecs. Coercion failure → 404\n // (middleware never runs). See design/07-routing.md §\"Where Coercion Runs\"\n try {\n await coerceSegmentParams(match);\n } catch (error) {\n if (error instanceof ParamCoercionError) {\n // For API routes (route.ts), return a bare 404 — not an HTML page.\n // API consumers expect JSON/empty responses, not rendered HTML.\n const leafSegment = match.segments[match.segments.length - 1];\n if ((leafSegment as { route?: unknown }).route && !(leafSegment as { page?: unknown }).page) {\n return new Response(null, { status: 404 });\n }\n // Route through the app's 404 page (404.tsx in root layout) instead of\n // returning a bare empty 404 Response. Falls back to bare 404 only if\n // no renderNoMatch renderer is configured.\n if (config.renderNoMatch) {\n return cloneWithMutableHeaders(await config.renderNoMatch(req, responseHeaders));\n }\n return new Response(null, { status: 404 });\n }\n throw error;\n }\n\n // Store coerced segment params in ALS so components can access them\n // via getSegmentParams() instead of receiving them as a prop.\n // See design/07-routing.md §\"params.ts — Convention File for Typed Params\"\n setSegmentParams(match.segmentParams);\n\n const outcome =\n match.middlewareChain.length > 0\n ? await runMiddlewarePhase(config, req, match, responseHeaders, requestHeaderOverlay, {\n canonicalPathname,\n interception,\n })\n : await runRenderPhase(config, req, match, responseHeaders, requestHeaderOverlay, {\n canonicalPathname,\n interception,\n });\n\n return outcomeToResponse(config, outcome, {\n req,\n method,\n path,\n responseHeaders,\n match,\n });\n}\n\n// ─── Outcome Translation ───────────────────────────────────────────────────\n\n/**\n * Terminal outcome handler — converts a `PhaseOutcome` into a final\n * `Response`, applying cookies, building redirects, rendering deny pages\n * and fallback error pages, and firing instrumentation hooks.\n *\n * This is the single source of truth for how phase outputs become wire\n * responses; the per-phase try/catch blocks now produce values, not\n * Responses, so the conversion logic lives in exactly one place.\n */\nexport async function outcomeToResponse(\n config: PipelineConfig,\n outcome: PhaseOutcome,\n ctx: OutcomeContext\n): Promise<Response> {\n switch (outcome.kind) {\n case 'response': {\n // Clone unconditionally so downstream code (cookie/header merge,\n // Server-Timing in createPipeline) can write headers without paying\n // for a try/catch immutability probe per request. User middleware,\n // proxy, and route code may all return `Response.redirect()` or\n // platform-level responses with frozen header bags. See TIM-866.\n const finalResponse = cloneWithMutableHeaders(outcome.response);\n\n if (outcome.phase === 'proxy') return finalResponse;\n\n if (outcome.phase === 'middleware' && ctx.responseHeaders) {\n applyCookieJar(finalResponse.headers);\n mergeMissingHeaders(finalResponse.headers, ctx.responseHeaders);\n logMiddlewareShortCircuit({\n method: ctx.method,\n path: ctx.path,\n status: finalResponse.status,\n });\n }\n\n if (outcome.phase === 'render') {\n markResponseFlushed();\n }\n\n return finalResponse;\n }\n\n case 'redirect': {\n const headers = ctx.responseHeaders ?? new Headers();\n applyCookieJar(headers);\n return buildRedirectResponse(outcome.signal, ctx.req, headers);\n }\n\n case 'deny': {\n const headers = ctx.responseHeaders ?? new Headers();\n applyCookieJar(headers);\n if (config.renderDenyFallback) {\n try {\n // Clone user-supplied deny-page responses so downstream\n // Server-Timing writes are safe against frozen header bags\n // (e.g. user returned Response.redirect from the hook).\n return cloneWithMutableHeaders(\n await config.renderDenyFallback(outcome.signal, ctx.req, headers, ctx.match)\n );\n } catch {\n // Deny page rendering failed — fall through to bare response\n }\n }\n return new Response(null, { status: outcome.signal.status, headers });\n }\n\n case 'error': {\n if (outcome.phase === 'proxy') {\n logProxyError({ error: outcome.error });\n await fireOnRequestError(outcome.error, ctx.req, 'proxy');\n if (config.onPipelineError && outcome.error instanceof Error)\n config.onPipelineError(outcome.error, 'proxy');\n return new Response(null, { status: 500 });\n }\n\n if (outcome.phase === 'middleware') {\n logMiddlewareError({ method: ctx.method, path: ctx.path, error: outcome.error });\n await fireOnRequestError(outcome.error, ctx.req, 'handler');\n if (config.onPipelineError && outcome.error instanceof Error) {\n config.onPipelineError(outcome.error, 'middleware');\n }\n return new Response(null, { status: 500 });\n }\n\n const headers = ctx.responseHeaders ?? new Headers();\n applyCookieJar(headers);\n logRenderError({ method: ctx.method, path: ctx.path, error: outcome.error });\n await fireOnRequestError(outcome.error, ctx.req, 'render');\n if (config.onPipelineError && outcome.error instanceof Error)\n config.onPipelineError(outcome.error, 'render');\n if (config.renderFallbackError) {\n try {\n // Clone user-supplied fallback error responses so downstream\n // Server-Timing writes are safe against frozen header bags.\n return cloneWithMutableHeaders(\n await config.renderFallbackError(outcome.error, ctx.req, headers)\n );\n } catch {\n // Fallback rendering itself failed — fall through to bare 500\n }\n }\n return new Response(null, { status: 500 });\n }\n }\n}\n","/**\n * Request pipeline — the central dispatch for all timber.js requests.\n *\n * Pipeline stages (in order):\n * proxy.ts → canonicalize → route match → 103 Early Hints → middleware.ts → render\n *\n * The phase functions live in `pipeline-phases.ts` so each phase can be\n * tested in isolation. The terminal `outcomeToResponse` translator and\n * stateless helpers live in `pipeline-phases.ts` and `pipeline-helpers.ts`\n * respectively. This file owns only the public type surface and the\n * `createPipeline` entry point: trace ID setup, request-context ALS,\n * Server-Timing wrapping, and the activeRequests counter.\n *\n * See design/07-routing.md §\"Request Lifecycle\", design/02-rendering-pipeline.md §\"Request Flow\",\n * and design/17-logging.md §\"Production Logging\"\n */\n\nimport type { ProxyExport } from './proxy.js';\nimport type { MiddlewareFn } from './middleware-runner.js';\nimport { runWithTimingCollector, getServerTimingHeader } from './server-timing.js';\nimport { runWithRequestContext } from './request-context.js';\nimport {\n generateTraceId,\n runWithTraceId,\n getOtelTraceId,\n replaceTraceId,\n withSpan,\n setSpanAttribute,\n} from './tracing.js';\nimport { logRequestReceived, logRequestCompleted, logSlowRequest } from './logger.js';\nimport { DenySignal } from './primitives.js';\nimport type { ManifestSegmentNode } from './route-matcher.js';\nimport { makeProxyResolver } from './pipeline-helpers.js';\nimport { handleRequest, outcomeToResponse, runProxyPhase } from './pipeline-phases.js';\n\n// ─── Re-exports for backwards compatibility ────────────────────────────────\n\n// `safeMerge` and `coerceSegmentParams` were originally exported from this\n// module. They now live in pipeline-helpers.ts and pipeline-phases.ts; the\n// re-exports preserve `import { safeMerge } from './pipeline.js'` callers.\nexport { safeMerge } from './pipeline-helpers.js';\nexport { coerceSegmentParams } from './pipeline-phases.js';\n\n// ─── Route Match Result ────────────────────────────────────────────────────\n\n/**\n * Result of matching a canonical pathname against the route tree.\n *\n * `segments` is the runtime (`ManifestFile`-specialized) shape — the same\n * nodes carried in the virtual route manifest. TIM-863 unified this: the\n * matcher produces `ManifestSegmentNode[]` directly and every consumer\n * (render, slots, params coercion, early hints, deny fallback) sees the\n * same structural type with no `as unknown as` laundering.\n */\nexport interface RouteMatch {\n /** The matched segment chain from root to leaf. */\n segments: ManifestSegmentNode[];\n /** Extracted segment params (catch-all segments produce string[]). */\n segmentParams: Record<string, string | string[]>;\n /** Middleware chain from the segment tree, ordered root-to-leaf. */\n middlewareChain: MiddlewareFn[];\n}\n\n/** Function that matches a canonical pathname to a route. */\nexport type RouteMatcher = (pathname: string) => RouteMatch | null;\n\n/** Function that matches a canonical pathname to a metadata route. */\nexport type MetadataRouteMatcher = (\n pathname: string\n) => import('./route-matcher.js').MetadataRouteMatch | null;\n\n/** Context for intercepting route resolution (modal pattern). */\nexport interface InterceptionContext {\n /** The URL the user is navigating TO (the intercepted route). */\n targetPathname: string;\n}\n\n/** Function that renders a matched route into a Response. */\nexport type RouteRenderer = (\n req: Request,\n match: RouteMatch,\n responseHeaders: Headers,\n requestHeaderOverlay: Headers,\n interception?: InterceptionContext\n) => Response | Promise<Response>;\n\n/** Function that sends 103 Early Hints for a matched route. */\nexport type EarlyHintsEmitter = (\n match: RouteMatch,\n req: Request,\n responseHeaders: Headers\n) => void | Promise<void>;\n\n// ─── Pipeline Configuration ────────────────────────────────────────────────\n\n/**\n * Proxy source — a tagged union so the choice between \"already-resolved\n * export\" and \"lazy HMR-friendly loader\" is encoded in the type, not\n * inferred per-request.\n *\n * - `static` — the proxy export is already resolved (production, tests).\n * - `lazy` — a loader is called per-request for HMR freshness (dev).\n *\n * `PipelineConfig.proxy` also accepts a bare `ProxyExport` (a function or\n * function array) as shorthand for the static variant — convenient for tests\n * that construct a `createPipeline` config inline. Omit the field entirely\n * when the app has no `proxy.ts`.\n *\n * See design/07-routing.md §\"proxy.ts — Global Middleware\".\n */\nexport type ProxyConfig =\n | { kind: 'static'; export: ProxyExport }\n | { kind: 'lazy'; loader: () => Promise<{ default: ProxyExport }> };\n\nexport interface PipelineConfig {\n /**\n * proxy.ts source. Undefined if the app has no proxy.ts. Accepts either a\n * tagged `ProxyConfig` (canonical) or a bare `ProxyExport` as sugar for the\n * static variant.\n */\n proxy?: ProxyConfig | ProxyExport;\n /** Route matcher — resolves a canonical pathname to a RouteMatch. */\n matchRoute: RouteMatcher;\n /** Metadata route matcher — resolves metadata route pathnames (sitemap.xml, robots.txt, etc.) */\n matchMetadataRoute?: MetadataRouteMatcher;\n /** Renderer — produces the final Response for a matched route. */\n render: RouteRenderer;\n /** Renderer for no-match 404 — renders 404.tsx in root layout. */\n renderNoMatch?: (req: Request, responseHeaders: Headers) => Response | Promise<Response>;\n /** Early hints emitter — fires 103 hints after route match, before middleware. */\n earlyHints?: EarlyHintsEmitter;\n /** Whether to strip trailing slashes during canonicalization. Default: true. */\n stripTrailingSlash?: boolean;\n /** Slow request threshold in ms. Requests exceeding this emit a warning. 0 to disable. Default: 3000. */\n slowRequestMs?: number;\n /**\n * Interception rewrites — conditional routes for the modal pattern.\n * Generated at build time from intercepting route directories.\n * See design/07-routing.md §\"Intercepting Routes\"\n */\n interceptionRewrites?: import('../routing/interception.js').InterceptionRewrite[];\n /**\n * Control Server-Timing header output.\n *\n * - `'detailed'` — per-phase breakdown (proxy, middleware, render).\n * - `'total'` — single `total;dur=N` entry (production-safe).\n * - `false` — no Server-Timing header at all.\n *\n * Default: `'total'`.\n */\n serverTiming?: 'detailed' | 'total' | false;\n /**\n * Auto-generated sitemap handler. When provided, the pipeline intercepts\n * `/sitemap.xml` and `/sitemap/N.xml` requests and delegates to this\n * function. Returns a Response or null (pass-through to regular routing).\n *\n * See design/16-metadata.md §\"Auto-generated Sitemap\"\n */\n autoSitemapHandler?: (pathname: string) => Promise<Response | null>;\n /**\n * Dev pipeline error callback — called when a pipeline phase (proxy,\n * middleware, render) catches an unhandled error. Used to wire the error\n * into the Vite browser error overlay in dev mode.\n *\n * Undefined in production — zero overhead.\n */\n onPipelineError?: (error: Error, phase: string) => void;\n\n /**\n * Fallback error renderer — called when a catastrophic error escapes the\n * render phase. Produces an HTML Response instead of a bare empty 500.\n *\n * In dev mode, this renders a styled error page with the error message\n * and stack trace. In production, this attempts to render the app's\n * error.tsx / 5xx.tsx / 500.tsx from the root segment.\n *\n * If this function throws, the pipeline falls back to a bare\n * `new Response(null, { status: 500 })`.\n */\n renderFallbackError?: (\n error: unknown,\n req: Request,\n responseHeaders: Headers\n ) => Response | Promise<Response>;\n /**\n * Fallback deny page renderer — called when a DenySignal escapes from\n * middleware or the render phase. Renders the appropriate status-code\n * page (403.tsx, 404.tsx, etc.) instead of returning a bare empty response.\n *\n * If this function throws, the pipeline falls back to a bare\n * `new Response(null, { status: denyStatus })`.\n */\n renderDenyFallback?: (\n deny: DenySignal,\n req: Request,\n responseHeaders: Headers,\n /**\n * The matched route, if available. Provided by both the middleware-stage\n * and render-stage catch blocks (matching runs before middleware). When\n * present, the renderer should resolve the deny status file against the\n * matched chain so colocated `403.tsx`/`4xx.tsx`/`401.json` files are\n * picked up. Falls back to the root-only chain when omitted (e.g. for\n * deny()s thrown before route matching could complete). See TIM-822.\n */\n match?: RouteMatch\n ) => Response | Promise<Response>;\n}\n\n// ─── Pipeline ──────────────────────────────────────────────────────────────\n\n/**\n * Create the request handler from a pipeline configuration.\n *\n * Returns a function that processes an incoming Request through all pipeline\n * stages and produces a Response. This is the top-level entry point for the\n * server. The body is intentionally small — phase logic lives in\n * `pipeline-phases.ts`. This function only owns the per-request setup that\n * has to wrap the entire dispatch: trace ID, request context ALS, span\n * scope, Server-Timing header emission, and the active-request counter.\n */\nexport function createPipeline(config: PipelineConfig): (req: Request) => Promise<Response> {\n // Resolve the proxy source once. The request hot path calls this closure\n // directly with no discriminant check — the branch is taken here during\n // setup. For the lazy variant, `loader()` still runs per-request so HMR\n // continues to re-import the user's proxy.ts.\n const proxyResolver = makeProxyResolver(config.proxy);\n const slowRequestMs = config.slowRequestMs ?? 3000;\n const serverTiming = config.serverTiming ?? 'total';\n\n // Concurrent request counter — tracks how many requests are in-flight.\n // Logged with each request for diagnosing resource contention.\n let activeRequests = 0;\n\n return async (req: Request): Promise<Response> => {\n const url = new URL(req.url);\n const method = req.method;\n const path = url.pathname;\n const startTime = performance.now();\n activeRequests++;\n\n // Establish per-request trace ID scope (design/17-logging.md §\"trace_id is Always Set\").\n // This runs before runWithRequestContext so traceId() is available from the\n // very first line of proxy.ts, middleware.ts, and all server code.\n const traceIdValue = generateTraceId();\n\n return runWithTraceId(traceIdValue, async () => {\n // Establish request context ALS scope so getHeaders() and getCookies() work\n // throughout the entire request lifecycle (proxy, middleware, render).\n return runWithRequestContext(req, async () => {\n // In dev mode, wrap with timing collector for Server-Timing header.\n // The collector uses ALS so timing entries are per-request.\n const runRequest = async () => {\n logRequestReceived({ method, path });\n\n const response = await withSpan(\n 'http.server.request',\n { 'http.request.method': method, 'url.path': path },\n async () => {\n // If OTEL is active, the root span now exists — replace the UUID\n // fallback with the real OTEL trace ID for log–trace correlation.\n const otelIds = await getOtelTraceId();\n if (otelIds) {\n replaceTraceId(otelIds.traceId, otelIds.spanId);\n }\n\n let result: Response;\n if (proxyResolver) {\n const outcome = await runProxyPhase(config, proxyResolver, req, method, path);\n result = await outcomeToResponse(config, outcome, { req, method, path });\n } else {\n result = await handleRequest(config, req, method, path);\n }\n\n // Set response status on the root span before it ends —\n // DevSpanProcessor reads this for tree/summary output.\n await setSpanAttribute('http.response.status_code', result.status);\n\n // Append Server-Timing header based on configured mode.\n // Header mutability is guaranteed by the producer-side clone\n // in `outcomeToResponse` and the metadata-route / auto-sitemap\n // user-handler clones in `handleRequest`, so we can write\n // directly without a runtime probe. See TIM-866.\n if (serverTiming === 'detailed') {\n // Detailed: per-phase breakdown (proxy, middleware, render).\n const timingHeader = getServerTimingHeader();\n if (timingHeader) {\n result.headers.set('Server-Timing', timingHeader);\n }\n } else if (serverTiming === 'total') {\n // Total only: single `total;dur=N` — no phase names.\n // Prevents information disclosure while giving browser\n // DevTools useful timing data.\n const totalMs = Math.round(performance.now() - startTime);\n result.headers.set('Server-Timing', `total;dur=${totalMs}`);\n }\n // serverTiming === false: no header at all\n\n return result;\n }\n );\n\n // Post-span: structured production logging\n const durationMs = Math.round(performance.now() - startTime);\n const status = response.status;\n const concurrency = activeRequests;\n activeRequests--;\n logRequestCompleted({ method, path, status, durationMs, concurrency });\n\n if (slowRequestMs > 0 && durationMs > slowRequestMs) {\n logSlowRequest({ method, path, durationMs, threshold: slowRequestMs, concurrency });\n }\n\n return response;\n };\n\n return serverTiming === 'detailed' ? runWithTimingCollector(runRequest) : runRequest();\n });\n });\n };\n}\n","/**\n * Build manifest types and utilities for CSS and JS asset tracking.\n *\n * The build manifest maps route segment file paths to their output\n * chunks from Vite's client build. This enables:\n * - <link rel=\"stylesheet\"> injection in HTML <head>\n * - <script type=\"module\"> with hashed URLs in production\n * - <link rel=\"modulepreload\"> for client chunk dependencies\n * - Link preload headers for Early Hints (103)\n *\n * In dev mode, Vite's HMR client handles CSS/JS injection, so the build\n * manifest is empty. In production, it's populated from Vite's\n * .vite/manifest.json after the client build.\n *\n * Design docs: 18-build-system.md §\"Build Manifest\", 02-rendering-pipeline.md §\"Early Hints\"\n */\n\n/** A font asset entry in the build manifest. */\nexport interface ManifestFontEntry {\n /** URL path to the font file (e.g. `/_timber/fonts/inter-latin-400-abc123.woff2`). */\n href: string;\n /** Font format (e.g. `woff2`). */\n format: string;\n /** Crossorigin attribute — always `anonymous` for fonts. */\n crossOrigin: string;\n}\n\n/** Build manifest mapping input file paths to output asset URLs. */\nexport interface BuildManifest {\n /** Map from input file path (relative to project root) to output CSS URLs. */\n css: Record<string, string[]>;\n /** Map from input file path to output JS chunk URL (hashed filename). */\n js: Record<string, string>;\n /** Map from input file path to transitive JS dependency URLs for modulepreload. */\n modulepreload: Record<string, string[]>;\n /** Map from input file path to font assets used by that module. */\n fonts: Record<string, ManifestFontEntry[]>;\n}\n\n/** Empty build manifest used in dev mode. */\nexport const EMPTY_BUILD_MANIFEST: BuildManifest = {\n css: {},\n js: {},\n modulepreload: {},\n fonts: {},\n};\n\n/** Segment shape expected by collectRouteCss (matches ManifestSegmentNode). */\ninterface SegmentWithFiles {\n layout?: { filePath: string };\n page?: { filePath: string };\n}\n\n/**\n * Collect all CSS files needed for a matched route's segment chain.\n *\n * Walks segments root → leaf, collecting CSS for each layout and page.\n * Deduplicates while preserving order (root layout CSS first).\n */\nexport function collectRouteCss(segments: SegmentWithFiles[], manifest: BuildManifest): string[] {\n const seen = new Set<string>();\n const result: string[] = [];\n\n for (const segment of segments) {\n for (const file of [segment.layout, segment.page]) {\n if (!file) continue;\n const cssFiles = manifest.css[file.filePath];\n if (!cssFiles) continue;\n for (const url of cssFiles) {\n if (!seen.has(url)) {\n seen.add(url);\n result.push(url);\n }\n }\n }\n }\n\n return result;\n}\n\n/**\n * Generate <link rel=\"stylesheet\"> tags for CSS URLs.\n *\n * Returns an HTML string to prepend to headHtml for injection\n * via injectHead() before </head>.\n */\nexport function buildCssLinkTags(cssUrls: string[]): string {\n // Emit <link rel=\"stylesheet\"> tags as a fallback for platforms where\n // React's Float system (via @vitejs/plugin-rsc preinit with\n // data-precedence) doesn't handle CSS injection. In practice, Float\n // deduplicates and these may be dropped. No preload hints — Float\n // already starts the fetch via preinit(), and redundant preloads\n // cause \"ignored due to unknown as/type\" browser warnings.\n return cssUrls.map((url) => `<link rel=\"stylesheet\" href=\"${url}\">`).join('');\n}\n\n/**\n * Generate a Link header value for CSS preload hints.\n *\n * Cloudflare CDN automatically converts Link headers with rel=preload\n * into 103 Early Hints responses. This avoids platform-specific 103\n * sending code.\n *\n * Example output: `</assets/root.css>; as=style; rel=preload, </assets/page.css>; as=style; rel=preload`\n */\nexport function buildLinkHeaders(cssUrls: string[]): string {\n return cssUrls.map((url) => `<${url}>; as=style; rel=preload`).join(', ');\n}\n\n// ─── Font utilities ──────────────────────────────────────────────────────\n\n/**\n * Collect all font entries needed for a matched route's segment chain.\n *\n * Walks segments root → leaf, collecting fonts for each layout and page.\n * Deduplicates by href while preserving order.\n */\nexport function collectRouteFonts(\n segments: SegmentWithFiles[],\n manifest: BuildManifest\n): ManifestFontEntry[] {\n const seen = new Set<string>();\n const result: ManifestFontEntry[] = [];\n\n for (const segment of segments) {\n for (const file of [segment.layout, segment.page]) {\n if (!file) continue;\n const fonts = manifest.fonts[file.filePath];\n if (!fonts) continue;\n for (const entry of fonts) {\n if (!seen.has(entry.href)) {\n seen.add(entry.href);\n result.push(entry);\n }\n }\n }\n }\n\n return result;\n}\n\n/**\n * Generate <link rel=\"preload\"> tags for font assets.\n *\n * Font preloads use `as=font` and always include `crossorigin` (required\n * for font preloads even for same-origin resources per the spec).\n */\nexport function buildFontPreloadTags(fonts: ManifestFontEntry[]): string {\n return fonts\n .map(\n (f) =>\n `<link rel=\"preload\" href=\"${f.href}\" as=\"font\" type=\"font/${f.format}\" crossorigin=\"${f.crossOrigin}\">`\n )\n .join('');\n}\n\n/**\n * Generate Link header values for font preload hints.\n *\n * Cloudflare CDN converts Link headers with rel=preload into 103 Early Hints.\n *\n * Example: `</fonts/inter.woff2>; as=font; rel=preload; crossorigin`\n */\nexport function buildFontLinkHeaders(fonts: ManifestFontEntry[]): string {\n return fonts.map((f) => `<${f.href}>; as=font; rel=preload; crossorigin`).join(', ');\n}\n\n// ─── JS chunk utilities ──────────────────────────────────────────────────\n\n/**\n * Collect JS chunk URLs for a matched route's segment chain.\n *\n * Walks segments root → leaf, collecting the JS chunk for each layout\n * and page. Deduplicates while preserving order.\n */\nexport function collectRouteJs(segments: SegmentWithFiles[], manifest: BuildManifest): string[] {\n const seen = new Set<string>();\n const result: string[] = [];\n\n for (const segment of segments) {\n for (const file of [segment.layout, segment.page]) {\n if (!file) continue;\n const jsUrl = manifest.js[file.filePath];\n if (!jsUrl) continue;\n if (!seen.has(jsUrl)) {\n seen.add(jsUrl);\n result.push(jsUrl);\n }\n }\n }\n\n return result;\n}\n\n/**\n * Collect modulepreload URLs for a matched route's segment chain.\n *\n * Walks segments root → leaf, collecting transitive JS dependencies\n * for each layout and page. Deduplicates across segments.\n */\nexport function collectRouteModulepreloads(\n segments: SegmentWithFiles[],\n manifest: BuildManifest\n): string[] {\n const seen = new Set<string>();\n const result: string[] = [];\n\n for (const segment of segments) {\n for (const file of [segment.layout, segment.page]) {\n if (!file) continue;\n const preloads = manifest.modulepreload[file.filePath];\n if (!preloads) continue;\n for (const url of preloads) {\n if (!seen.has(url)) {\n seen.add(url);\n result.push(url);\n }\n }\n }\n }\n\n return result;\n}\n\n/**\n * Generate <link rel=\"modulepreload\"> tags for JS dependency URLs.\n *\n * Modulepreload hints tell the browser to fetch and parse JS modules\n * before they're needed, reducing waterfall latency for dynamic imports.\n */\nexport function buildModulepreloadTags(urls: string[]): string {\n return urls.map((url) => `<link rel=\"modulepreload\" href=\"${url}\">`).join('');\n}\n\n/**\n * Generate a <script type=\"module\"> tag for a JS entry point.\n */\nexport function buildEntryScriptTag(url: string): string {\n return `<script type=\"module\" src=\"${url}\"></script>`;\n}\n","/**\n * 103 Early Hints utilities.\n *\n * Early Hints are sent before the final response to let the browser\n * start fetching critical resources (CSS, fonts, JS) while the server\n * is still rendering.\n *\n * The framework collects hints from two sources:\n * 1. Build manifest — CSS, fonts, and JS chunks known at route-match time\n * 2. ctx.earlyHints() — explicit hints added by middleware or route handlers\n *\n * Both are emitted as Link headers. Cloudflare CDN automatically converts\n * Link headers into 103 Early Hints responses.\n *\n * Design docs: 02-rendering-pipeline.md §\"Early Hints (103)\"\n */\n\nimport {\n collectRouteCss,\n collectRouteFonts,\n collectRouteModulepreloads,\n} from './build-manifest.js';\nimport type { BuildManifest } from './build-manifest.js';\n\n/** Minimal segment shape needed for early hint collection. */\ninterface SegmentWithFiles {\n layout?: { filePath: string };\n page?: { filePath: string };\n}\n\n// ─── EarlyHint type ───────────────────────────────────────────────────────\n\n/**\n * A single Link header hint for 103 Early Hints.\n *\n * ```ts\n * ctx.earlyHints([\n * { href: '/styles/critical.css', rel: 'preload', as: 'style' },\n * { href: 'https://fonts.googleapis.com', rel: 'preconnect' },\n * ])\n * ```\n */\nexport interface EarlyHint {\n /** The resource URL (absolute or root-relative). */\n href: string;\n /** Link relation — `preload`, `modulepreload`, or `preconnect`. */\n rel: 'preload' | 'modulepreload' | 'preconnect';\n /** Resource type for `preload` hints (omit for `modulepreload` / `preconnect`). */\n as?: 'style' | 'script' | 'font' | 'image' | 'fetch' | 'document';\n /** Crossorigin attribute — required for font preloads per spec. */\n crossOrigin?: 'anonymous' | 'use-credentials';\n /** Fetch priority hint — `high`, `low`, or `auto`. */\n fetchPriority?: 'high' | 'low' | 'auto';\n}\n\n// ─── formatLinkHeader ─────────────────────────────────────────────────────\n\n/**\n * Format a single EarlyHint as a Link header value.\n *\n * Attribute order: `as` before `rel` to match Cloudflare CDN's cached\n * Early Hints format. Cloudflare caches Link headers from 200 responses\n * and re-emits them as 103 Early Hints on subsequent requests. If our\n * attribute order differs from Cloudflare's cached copy, the browser\n * sees two preload headers for the same URL (different attribute order)\n * and warns \"Preload was ignored.\" Matching the order ensures the\n * browser deduplicates them correctly.\n *\n * Examples:\n * `</styles/root.css>; as=style; rel=preload`\n * `</fonts/inter.woff2>; as=font; rel=preload; crossorigin=anonymous`\n * `</_timber/client.js>; rel=modulepreload`\n * `<https://fonts.googleapis.com>; rel=preconnect`\n */\nexport function formatLinkHeader(hint: EarlyHint): string {\n // For preload hints, emit `as` before `rel` to match Cloudflare's\n // cached header format and avoid duplicate preload warnings.\n if (hint.as !== undefined) {\n let value = `<${hint.href}>; as=${hint.as}; rel=${hint.rel}`;\n if (hint.crossOrigin !== undefined) value += `; crossorigin=${hint.crossOrigin}`;\n if (hint.fetchPriority !== undefined) value += `; fetchpriority=${hint.fetchPriority}`;\n return value;\n }\n // For modulepreload / preconnect (no `as`), emit rel first.\n let value = `<${hint.href}>; rel=${hint.rel}`;\n if (hint.crossOrigin !== undefined) value += `; crossorigin=${hint.crossOrigin}`;\n if (hint.fetchPriority !== undefined) value += `; fetchpriority=${hint.fetchPriority}`;\n return value;\n}\n\n// ─── collectEarlyHintHeaders ──────────────────────────────────────────────\n\n/** Options for early hint collection. */\nexport interface EarlyHintOptions {\n /** Skip JS modulepreload hints (e.g. when client JavaScript is disabled). */\n skipJs?: boolean;\n}\n\n/**\n * Collect all Link header strings for a matched route's segment chain.\n *\n * Walks the build manifest to emit hints for:\n * - CSS stylesheets (as=style; rel=preload)\n * - Font assets (as=font; rel=preload; crossorigin)\n * - JS modulepreload hints (rel=modulepreload) — unless skipJs is set\n *\n * Also emits global CSS from the `_global` manifest key. Route files\n * are server components that don't appear in the client bundle, so\n * per-route CSS keying doesn't work with the RSC plugin. The `_global`\n * key contains all CSS assets from the client build — fine for early\n * hints since they're just prefetch signals.\n *\n * Returns formatted Link header strings, deduplicated by URL, root → leaf order.\n * Returns an empty array in dev mode (manifest is empty).\n */\nexport function collectEarlyHintHeaders(\n segments: SegmentWithFiles[],\n manifest: BuildManifest,\n options?: EarlyHintOptions\n): string[] {\n const result: string[] = [];\n // Dedup by URL (href), not by full formatted header string.\n // Different code paths can produce the same URL with different attribute\n // ordering, which would bypass a full-string dedup and produce duplicate\n // Link headers that trigger browser \"preload was ignored\" warnings.\n const seenUrls = new Set<string>();\n\n const add = (url: string, header: string) => {\n if (!seenUrls.has(url)) {\n seenUrls.add(url);\n result.push(header);\n }\n };\n\n // Per-route CSS — as=style; rel=preload\n for (const url of collectRouteCss(segments, manifest)) {\n add(url, formatLinkHeader({ href: url, rel: 'preload', as: 'style' }));\n }\n\n // Global CSS — all CSS assets from the client bundle.\n // Covers CSS that the RSC plugin injects via data-rsc-css-href,\n // which isn't keyed to route segments in our manifest.\n for (const url of manifest.css['_global'] ?? []) {\n add(url, formatLinkHeader({ href: url, rel: 'preload', as: 'style' }));\n }\n\n // Fonts — as=font; rel=preload; crossorigin (crossorigin required per spec)\n for (const font of collectRouteFonts(segments, manifest)) {\n add(\n font.href,\n formatLinkHeader({ href: font.href, rel: 'preload', as: 'font', crossOrigin: 'anonymous' })\n );\n }\n\n // JS chunks — rel=modulepreload (skip when client JS is disabled)\n if (!options?.skipJs) {\n for (const url of collectRouteModulepreloads(segments, manifest)) {\n add(url, formatLinkHeader({ href: url, rel: 'modulepreload' }));\n }\n }\n\n return result;\n}\n","/**\n * Per-request 103 Early Hints sender — ALS bridge for platform adapters.\n *\n * The pipeline collects Link headers for CSS, fonts, and JS chunks at\n * route-match time. On platforms that support it (Node.js v18.11+, Bun),\n * the adapter can send these as a 103 Early Hints interim response before\n * the final response is ready.\n *\n * This module provides an ALS-based bridge: the generated entry point\n * (e.g., the Nitro entry) wraps the handler with `runWithEarlyHintsSender`,\n * binding a per-request sender function. The pipeline calls\n * `sendEarlyHints103()` to fire the 103 if a sender is available.\n *\n * On platforms where 103 is handled at the CDN level (e.g., Cloudflare\n * converts Link headers into 103 automatically), no sender is installed\n * and `sendEarlyHints103()` is a no-op.\n *\n * Design doc: 02-rendering-pipeline.md §\"Early Hints (103)\"\n */\n\nimport { earlyHintsSenderAls } from './als-registry.js';\n\n/** Function that sends Link header values as a 103 Early Hints response. */\nexport type EarlyHintsSenderFn = (links: string[]) => void;\n\n/**\n * Run a function with a per-request early hints sender installed.\n *\n * Called by generated entry points (e.g., Nitro node-server/bun) to\n * bind the platform's writeEarlyHints capability for the request duration.\n */\nexport function runWithEarlyHintsSender<T>(sender: EarlyHintsSenderFn, fn: () => T): T {\n return earlyHintsSenderAls.run(sender, fn);\n}\n\n/**\n * Send collected Link headers as a 103 Early Hints response.\n *\n * No-op if no sender is installed for the current request (e.g., on\n * Cloudflare where the CDN handles 103 automatically, or in dev mode).\n *\n * Non-fatal: errors from the sender are caught and silently ignored.\n */\nexport function sendEarlyHints103(links: string[]): void {\n if (!links.length) return;\n const sender = earlyHintsSenderAls.getStore();\n if (!sender) return;\n try {\n sender(links);\n } catch {\n // Sending 103 is best-effort — failure never blocks the request.\n }\n}\n","/**\n * Element tree construction for timber.js rendering.\n *\n * Builds a unified React element tree from a matched segment chain, bottom-up:\n * page → status-code error boundaries → access gates → layout → repeat up segment chain\n *\n * The tree is rendered via a single `renderToReadableStream` call,\n * giving one `React.cache` scope for the entire route.\n *\n * See design/02-rendering-pipeline.md §\"Element Tree Construction\"\n */\n\nimport type { SegmentNode, RouteFile } from '../routing/types.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\n/** A loaded module for a route file convention. */\nexport interface LoadedModule {\n /** The default export (component, access function, etc.) */\n default?: unknown;\n /** Named exports (for route.ts method handlers, metadata, etc.) */\n [key: string]: unknown;\n}\n\n/** Function that loads a route file's module. */\nexport type ModuleLoader = (file: RouteFile) => LoadedModule | Promise<LoadedModule>;\n\n/** A React element — kept opaque to avoid a React dependency in this module. */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport type ReactElement = any;\n\n/** Function that creates a React element. Matches React.createElement signature. */\nexport type CreateElement = (\n type: unknown,\n props: Record<string, unknown> | null,\n ...children: unknown[]\n) => ReactElement;\n\n/**\n * Resolved slot content for a layout.\n * Key is slot name (without @), value is the element tree for that slot.\n */\nexport type SlotElements = Map<string, ReactElement>;\n\n/** Configuration for the tree builder. */\nexport interface TreeBuilderConfig {\n /** The matched segment chain from root to leaf. */\n segments: SegmentNode[];\n /** Loads a route file's module. */\n loadModule: ModuleLoader;\n /** React.createElement or equivalent. */\n createElement: CreateElement;\n /**\n * Error boundary component for wrapping segments.\n *\n * This is injected by the caller rather than imported directly to avoid\n * pulling 'use client' code into the server barrel (@timber-js/app/server).\n * In the RSC environment, the RSC plugin transforms this import to a\n * client reference proxy — the caller handles the import so the server\n * barrel stays free of client dependencies.\n */\n errorBoundaryComponent?: unknown;\n}\n\n// ─── Component wrappers ──────────────────────────────────────────────────────\n\n/**\n * Framework-injected access gate component.\n *\n * When `verdict` is provided (from the pre-render pass), AccessGate replays\n * the stored result synchronously — no re-execution, no async, immune to\n * Suspense timing. When `verdict` is absent, falls back to calling `accessFn`\n * (backward compat for tree-builder.ts which doesn't run a pre-render pass).\n */\nexport interface AccessGateProps {\n accessFn: () => unknown;\n /** Segment name for dev logging (e.g. \"authenticated\", \"dashboard\"). */\n segmentName?: string;\n /**\n * Pre-computed verdict from the pre-render pass. When set, AccessGate\n * replays this verdict synchronously instead of calling accessFn.\n * - 'pass': render children\n * - DenySignal/RedirectSignal: throw synchronously\n */\n verdict?:\n | 'pass'\n | import('./primitives.js').DenySignal\n | import('./primitives.js').RedirectSignal;\n /**\n * Deny page fallback chain. When provided and a DenySignal is caught,\n * AccessGate renders the matching deny page in-tree instead of throwing.\n * This prevents the error from reaching React Flight, eliminating the\n * second render pass. See TIM-666.\n */\n denyPages?: import('./deny-page-resolver.js').DenyPageEntry[];\n children: ReactElement;\n}\n\n/**\n * Framework-injected slot access gate component.\n * On denial, renders denied.tsx → default.tsx → null instead of failing the page.\n *\n * DeniedComponent is passed instead of a pre-built element so that\n * SlotAccessGate can forward DenySignal.data as dangerouslyPassData\n * and slotName as the slot prop after catching the signal.\n */\nexport interface SlotAccessGateProps {\n accessFn: () => unknown;\n /** The denied.tsx component (not a pre-built element). null if no denied.tsx exists. */\n DeniedComponent: ((...args: unknown[]) => unknown) | null;\n /** Slot directory name without @ prefix (e.g. \"admin\", \"sidebar\"). */\n slotName: string;\n /** createElement function for building elements dynamically. */\n createElement: CreateElement;\n defaultFallback: ReactElement | null;\n children: ReactElement;\n}\n\n/**\n * Framework-injected error boundary wrapper.\n * Wraps content with status-code error boundary handling.\n */\nexport interface ErrorBoundaryProps {\n fallbackComponent?: ReactElement | null;\n fallbackElement?: ReactElement | null;\n status?: number;\n children: ReactElement;\n}\n\n// ─── Tree Builder ────────────────────────────────────────────────────────────\n\n/**\n * Result of building the element tree.\n */\nexport interface TreeBuildResult {\n /** The root React element tree ready for renderToReadableStream. */\n tree: ReactElement;\n /** Whether the leaf segment is a route.ts (API endpoint) rather than a page. */\n isApiRoute: boolean;\n}\n\n/**\n * Build the unified element tree from a matched segment chain.\n *\n * Construction is bottom-up:\n * 1. Start with the page component (leaf segment)\n * 2. Wrap in status-code error boundaries (fallback chain)\n * 3. Wrap in AccessGate (if segment has access.ts)\n * 4. Pass as children to the segment's layout\n * 5. Repeat up the segment chain to root\n *\n * Parallel slots are resolved at each layout level and composed as named props.\n */\nexport async function buildElementTree(config: TreeBuilderConfig): Promise<TreeBuildResult> {\n const { segments, loadModule, createElement, errorBoundaryComponent } = config;\n\n if (segments.length === 0) {\n throw new Error('[timber] buildElementTree: empty segment chain');\n }\n\n const leaf = segments[segments.length - 1];\n\n // API routes (route.ts) don't build a React tree\n if (leaf.route && !leaf.page) {\n return { tree: null, isApiRoute: true };\n }\n\n // Start with the page component\n const pageModule = leaf.page ? await loadModule(leaf.page) : null;\n const PageComponent = pageModule?.default as ((...args: unknown[]) => ReactElement) | undefined;\n\n if (!PageComponent) {\n throw new Error(\n `[timber] No page component found for route at ${leaf.urlPath}. ` +\n 'Each route must have a page.tsx or route.ts.'\n );\n }\n\n // Build the page element — params are accessed via getSegmentParams() from ALS\n let element: ReactElement = createElement(PageComponent, {});\n\n // Build tree bottom-up: wrap page, then walk segments from leaf to root\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n\n // Wrap in error boundaries (status-code files + error.tsx)\n element = await wrapWithErrorBoundaries(\n segment,\n element,\n loadModule,\n createElement,\n errorBoundaryComponent\n );\n\n // Wrap in AccessGate if segment has access.ts\n if (segment.access) {\n const accessModule = await loadModule(segment.access);\n const accessFn = accessModule.default as AccessGateProps['accessFn'];\n element = createElement('timber:access-gate', {\n accessFn,\n segmentName: segment.segmentName,\n children: element,\n } satisfies AccessGateProps);\n }\n\n // Wrap in layout (if exists and not the leaf's page-level wrapping)\n if (segment.layout) {\n const layoutModule = await loadModule(segment.layout);\n const LayoutComponent = layoutModule.default as\n | ((...args: unknown[]) => ReactElement)\n | undefined;\n\n if (LayoutComponent) {\n // Resolve parallel slots for this layout\n const slotProps: Record<string, ReactElement> = {};\n const slotNames = Object.keys(segment.slots);\n if (slotNames.length > 0) {\n for (const slotName of slotNames) {\n const slotNode = segment.slots[slotName]!;\n slotProps[slotName] = await buildSlotElement(\n slotNode,\n loadModule,\n createElement,\n errorBoundaryComponent\n );\n }\n }\n\n element = createElement(LayoutComponent, {\n ...slotProps,\n children: element,\n });\n }\n }\n }\n\n return { tree: element, isApiRoute: false };\n}\n\n// ─── Slot Element Builder ────────────────────────────────────────────────────\n\n/**\n * Build the element tree for a parallel slot.\n *\n * Slots have their own access.ts (SlotAccessGate) and error boundaries.\n * On access denial: denied.tsx → default.tsx → null (graceful degradation).\n */\nasync function buildSlotElement(\n slotNode: SegmentNode,\n loadModule: ModuleLoader,\n createElement: CreateElement,\n errorBoundaryComponent: unknown\n): Promise<ReactElement> {\n // Load slot page\n const pageModule = slotNode.page ? await loadModule(slotNode.page) : null;\n const PageComponent = pageModule?.default as ((...args: unknown[]) => ReactElement) | undefined;\n\n // Load default.tsx fallback\n const defaultModule = slotNode.default ? await loadModule(slotNode.default) : null;\n const DefaultComponent = defaultModule?.default as\n | ((...args: unknown[]) => ReactElement)\n | undefined;\n\n // If no page, render default.tsx or null\n if (!PageComponent) {\n return DefaultComponent ? createElement(DefaultComponent, {}) : null;\n }\n\n let element: ReactElement = createElement(PageComponent, {});\n\n // Wrap in error boundaries\n element = await wrapWithErrorBoundaries(\n slotNode,\n element,\n loadModule,\n createElement,\n errorBoundaryComponent\n );\n\n // Wrap in SlotAccessGate if slot has access.ts\n if (slotNode.access) {\n const accessModule = await loadModule(slotNode.access);\n const accessFn = accessModule.default as SlotAccessGateProps['accessFn'];\n\n // Load denied.tsx — pass component (not pre-built element) so\n // SlotAccessGate can forward DenySignal.data dynamically. See TIM-488.\n const deniedModule = slotNode.denied ? await loadModule(slotNode.denied) : null;\n const DeniedComponent =\n (deniedModule?.default as ((...args: unknown[]) => ReactElement) | undefined) ?? null;\n\n const defaultFallback = DefaultComponent ? createElement(DefaultComponent, {}) : null;\n\n element = createElement('timber:slot-access-gate', {\n accessFn,\n DeniedComponent,\n slotName: slotNode.segmentName.replace(/^@/, ''),\n createElement,\n defaultFallback,\n children: element,\n } satisfies SlotAccessGateProps);\n }\n\n return element;\n}\n\n// ─── Error Boundary Wrapping ─────────────────────────────────────────────────\n\n/** MDX/markdown extensions — these are server components that cannot be passed as function props. */\nconst MDX_EXTENSIONS = new Set(['mdx', 'md']);\n\n/**\n * Check if a route file is an MDX/markdown file based on its extension.\n * MDX components are server components by default and cannot cross the\n * RSC→client boundary as function props. They must be pre-rendered as\n * elements and passed as fallbackElement instead of fallbackComponent.\n */\nfunction isMdxFile(file: RouteFile): boolean {\n return MDX_EXTENSIONS.has(file.extension);\n}\n\n/**\n * Wrap an element with error boundaries from a segment's status-code files.\n *\n * Wrapping order (innermost to outermost):\n * 1. Specific status files (503.tsx, 429.tsx, etc.)\n * 2. Category catch-alls (4xx.tsx, 5xx.tsx)\n * 3. error.tsx (general error boundary)\n *\n * This creates the fallback chain described in design/10-error-handling.md.\n *\n * MDX status files are server components and cannot be passed as function\n * props to TimberErrorBoundary (a 'use client' component). Instead, they\n * are pre-rendered as elements and passed as fallbackElement. The error\n * boundary renders the element directly when an error is caught.\n * See TIM-503.\n */\nasync function wrapWithErrorBoundaries(\n segment: SegmentNode,\n element: ReactElement,\n loadModule: ModuleLoader,\n createElement: CreateElement,\n errorBoundaryComponent: unknown\n): Promise<ReactElement> {\n // Wrapping is applied inside-out. The last wrap call produces the outermost boundary.\n // Order: specific status → category → error.tsx (outermost)\n\n if (segment.statusFiles) {\n // Wrap with specific status files (innermost — highest priority at runtime)\n for (const [key, file] of Object.entries(segment.statusFiles)) {\n if (key !== '4xx' && key !== '5xx') {\n const status = parseInt(key, 10);\n if (!isNaN(status)) {\n const mod = await loadModule(file);\n const Component = mod.default;\n if (Component) {\n const boundaryProps = isMdxFile(file)\n ? ({\n fallbackElement: createElement(Component, { status }),\n status,\n children: element,\n } satisfies ErrorBoundaryProps)\n : ({\n fallbackComponent: Component,\n status,\n children: element,\n } satisfies ErrorBoundaryProps);\n element = createElement(errorBoundaryComponent, boundaryProps);\n }\n }\n }\n }\n\n // Wrap with category catch-alls (4xx.tsx, 5xx.tsx)\n for (const [key, file] of Object.entries(segment.statusFiles)) {\n if (key === '4xx' || key === '5xx') {\n const mod = await loadModule(file);\n const Component = mod.default;\n if (Component) {\n const categoryStatus = key === '4xx' ? 400 : 500;\n const boundaryProps = isMdxFile(file)\n ? ({\n fallbackElement: createElement(Component, {}),\n status: categoryStatus,\n children: element,\n } satisfies ErrorBoundaryProps)\n : ({\n fallbackComponent: Component,\n status: categoryStatus,\n children: element,\n } satisfies ErrorBoundaryProps);\n element = createElement(errorBoundaryComponent, boundaryProps);\n }\n }\n }\n }\n\n // Wrap with error.tsx (outermost — catches anything not matched by status files)\n // Note: error.tsx/error.mdx receives { error, digest, reset } props.\n // MDX error files are pre-rendered without those props (they're static content).\n if (segment.error) {\n const errorModule = await loadModule(segment.error);\n const ErrorComponent = errorModule.default;\n if (ErrorComponent) {\n const boundaryProps = isMdxFile(segment.error)\n ? ({\n fallbackElement: createElement(ErrorComponent, {}),\n children: element,\n } satisfies ErrorBoundaryProps)\n : ({\n fallbackComponent: ErrorComponent,\n children: element,\n } satisfies ErrorBoundaryProps);\n element = createElement(errorBoundaryComponent, boundaryProps);\n }\n }\n\n return element;\n}\n","/**\n * Status-code file resolver for timber.js error/denial rendering.\n *\n * Given an HTTP status code and a matched segment chain, resolves the\n * correct file to render by walking the fallback chain described in\n * design/10-error-handling.md §\"Status-Code Files\".\n *\n * **Generic over `TFile`** (TIM-848). Walks `SegmentNode<TFile>` trees\n * regardless of whether `TFile` is the build-time `RouteFile` or the\n * runtime `ManifestFile`. Before TIM-848 there were two near-identical\n * resolvers — one for the Map-based scanner output and one for the\n * object-based runtime manifest. Now there is one.\n *\n * Supports two format families:\n * - 'component' (default): .tsx/.jsx/.mdx status files → React rendering pipeline\n * - 'json': .json status files → raw JSON response, no React\n *\n * Fallback chains operate within the same format family (no cross-format fallback).\n *\n * **Component chain (4xx):**\n * Pass 1 — status files (leaf → root): {status}.tsx → 4xx.tsx\n * Pass 2 — legacy compat (leaf → root): not-found.tsx / forbidden.tsx / unauthorized.tsx\n * Pass 3 — error.tsx (leaf → root)\n * Pass 4 — framework default (returns null)\n *\n * **JSON chain (4xx and 5xx):**\n * Pass 1 — json status files (leaf → root): {status}.json → {category}.json\n * Pass 2 — framework default JSON (returns null, caller provides bare JSON)\n *\n * **5xx component:**\n * Per-segment (leaf → root): {status}.tsx → 5xx.tsx → error.tsx\n * Then framework default (returns null)\n */\n\nimport type { SegmentNode } from '../routing/types.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\n/** How the status-code file was matched. */\nexport type StatusFileKind =\n | 'exact' // e.g. 403.tsx matched status 403\n | 'category' // e.g. 4xx.tsx matched status 403\n | 'legacy' // e.g. not-found.tsx matched status 404\n | 'error'; // error.tsx as last resort\n\n/** Response format family for status-code resolution. */\nexport type StatusFileFormat = 'component' | 'json';\n\n/** Result of resolving a status-code file for a segment chain. */\nexport interface StatusFileResolution<TFile> {\n /** The matched route file. */\n file: TFile;\n /** The HTTP status code (always the original status, not the file's code). */\n status: number;\n /** How the file was matched. */\n kind: StatusFileKind;\n /** Index into the segments array where the file was found. */\n segmentIndex: number;\n}\n\n/** How a slot denial file was matched. */\nexport type SlotDeniedKind = 'denied' | 'default';\n\n/** Result of resolving a slot denied file. */\nexport interface SlotDeniedResolution<TFile> {\n /** The matched route file (denied.tsx or default.tsx). */\n file: TFile;\n /** Slot name without @ prefix. */\n slotName: string;\n /** How the file was matched. */\n kind: SlotDeniedKind;\n}\n\n// ─── Legacy Compat Mapping ───────────────────────────────────────────────────\n\n/**\n * Maps legacy file convention names to their corresponding HTTP status codes.\n * Only used in the 4xx component fallback chain.\n */\nconst LEGACY_FILE_TO_STATUS: Record<string, number> = {\n 'not-found': 404,\n 'forbidden': 403,\n 'unauthorized': 401,\n};\n\n/** Reverse index: status code → legacy file name. Built once at module load. */\nconst STATUS_TO_LEGACY_FILE: Record<number, string> = Object.fromEntries(\n Object.entries(LEGACY_FILE_TO_STATUS).map(([name, status]) => [status, name])\n);\n\n// ─── Lookup Helpers ──────────────────────────────────────────────────────\n\n/**\n * Look up `{statusStr}` then `{categoryKey}` (e.g. \"4xx\" / \"5xx\") in a\n * status-file group on a single segment. Shared by all three fallback\n * chains — the only structural difference between component 4xx,\n * component 5xx, and JSON resolution is *which* group is searched and\n * how the per-segment loop is layered around it.\n */\nfunction lookupInGroup<TFile>(\n group: Record<string, TFile> | undefined,\n statusStr: string,\n categoryKey: string,\n segmentIndex: number,\n status: number\n): StatusFileResolution<TFile> | null {\n if (!group) return null;\n const exact = group[statusStr];\n if (exact) return { file: exact, status, kind: 'exact', segmentIndex };\n const category = group[categoryKey];\n if (category) return { file: category, status, kind: 'category', segmentIndex };\n return null;\n}\n\n/**\n * Look up the legacy convention file (`not-found.tsx` / `forbidden.tsx` /\n * `unauthorized.tsx`) for `status` on a single segment. Returns null if\n * `status` has no legacy mapping or the file isn't present.\n */\nfunction lookupLegacy<TFile>(\n group: Record<string, TFile> | undefined,\n status: number,\n segmentIndex: number\n): StatusFileResolution<TFile> | null {\n if (!group) return null;\n const name = STATUS_TO_LEGACY_FILE[status];\n if (!name) return null;\n const file = group[name];\n return file ? { file, status, kind: 'legacy', segmentIndex } : null;\n}\n\n// ─── Resolver ────────────────────────────────────────────────────────────────\n\n/**\n * Resolve the status-code file to render for a given HTTP status code.\n *\n * Walks the segment chain from leaf to root following the fallback chain\n * defined in design/10-error-handling.md. Returns null if no file is found\n * (caller should render the framework default).\n *\n * @param status - The HTTP status code (4xx or 5xx).\n * @param segments - The matched segment chain from root (index 0) to leaf (last).\n * @param format - The response format family ('component' or 'json'). Defaults to 'component'.\n */\nexport function resolveStatusFile<TFile>(\n status: number,\n segments: ReadonlyArray<SegmentNode<TFile>>,\n format: StatusFileFormat = 'component'\n): StatusFileResolution<TFile> | null {\n if (status < 400 || status > 599) return null;\n if (format === 'json') return resolveJson(status, segments);\n if (status <= 499) return resolve4xx(status, segments);\n return resolve5xx(status, segments);\n}\n\n/**\n * 4xx component fallback chain — three separate full passes leaf→root.\n *\n * The passes must be separate (not interleaved per-segment) so that a\n * root-level `404.tsx` beats a leaf-level `error.tsx`. The 5xx chain\n * inverts this and is per-segment: a leaf's `error.tsx` beats a root's\n * `5xx.tsx`. This asymmetry is the only reason these two functions exist\n * separately.\n *\n * Pass 1 — {status}.tsx → 4xx.tsx (statusFiles)\n * Pass 2 — not-found / forbidden / unauthorized (legacyStatusFiles)\n * Pass 3 — error.tsx (error)\n */\nfunction resolve4xx<TFile>(\n status: number,\n segments: ReadonlyArray<SegmentNode<TFile>>\n): StatusFileResolution<TFile> | null {\n const statusStr = String(status);\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const r = lookupInGroup(segments[i].statusFiles, statusStr, '4xx', i, status);\n if (r) return r;\n }\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const r = lookupLegacy(segments[i].legacyStatusFiles, status, i);\n if (r) return r;\n }\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const errorFile = segments[i].error;\n if (errorFile) {\n return { file: errorFile, status, kind: 'error', segmentIndex: i };\n }\n }\n\n return null;\n}\n\n/**\n * 5xx component fallback chain — single pass, per-segment leaf→root.\n *\n * At each segment: {status}.tsx → 5xx.tsx → error.tsx. A leaf's\n * `error.tsx` therefore beats a root's `5xx.tsx`, which is the\n * intentional inverse of the 4xx chain.\n */\nfunction resolve5xx<TFile>(\n status: number,\n segments: ReadonlyArray<SegmentNode<TFile>>\n): StatusFileResolution<TFile> | null {\n const statusStr = String(status);\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n const r = lookupInGroup(segment.statusFiles, statusStr, '5xx', i, status);\n if (r) return r;\n if (segment.error) {\n return { file: segment.error, status, kind: 'error', segmentIndex: i };\n }\n }\n\n return null;\n}\n\n/**\n * JSON fallback chain (for both 4xx and 5xx) — single pass leaf→root.\n *\n * At each segment: {status}.json → {category}.json. No legacy compat,\n * no error.tsx — the JSON chain terminates at the category catch-all\n * and the caller falls back to a bare-JSON framework default.\n */\nfunction resolveJson<TFile>(\n status: number,\n segments: ReadonlyArray<SegmentNode<TFile>>\n): StatusFileResolution<TFile> | null {\n const statusStr = String(status);\n const categoryKey = status >= 500 ? '5xx' : '4xx';\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const r = lookupInGroup(segments[i].jsonStatusFiles, statusStr, categoryKey, i, status);\n if (r) return r;\n }\n\n return null;\n}\n\n// ─── Slot Denied Resolver ────────────────────────────────────────────────────\n\n/**\n * Resolve the denial file for a parallel route slot.\n *\n * Slot denial is graceful degradation — no HTTP status on the wire.\n * Fallback chain: denied.tsx → default.tsx → null.\n *\n * @param slotNode - The segment node for the slot (segmentType === 'slot').\n */\nexport function resolveSlotDenied<TFile>(\n slotNode: SegmentNode<TFile>\n): SlotDeniedResolution<TFile> | null {\n const slotName = slotNode.segmentName.replace(/^@/, '');\n\n if (slotNode.denied) {\n return { file: slotNode.denied, slotName, kind: 'denied' };\n }\n\n if (slotNode.default) {\n return { file: slotNode.default, slotName, kind: 'default' };\n }\n\n return null;\n}\n","/**\n * Flush controller for timber.js rendering.\n *\n * Holds the response until `onShellReady` fires, then commits the HTTP status\n * code and flushes the shell. Render-phase signals (deny, redirect, unhandled\n * throws) caught before flush produce correct HTTP status codes.\n *\n * See design/02-rendering-pipeline.md §\"The Flush Point\" and §\"The Hold Window\"\n */\n\nimport { DenySignal, RedirectSignal, RenderError } from './primitives.js';\nimport { logRenderError } from './logger.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\n/** The readable stream from React's renderToReadableStream. */\nexport interface ReactRenderStream {\n /** The underlying ReadableStream of HTML bytes. */\n readable: ReadableStream<Uint8Array>;\n /** Resolves when the shell has finished rendering (all non-Suspense content). */\n allReady?: Promise<void>;\n}\n\n/** Options for the flush controller. */\nexport interface FlushOptions {\n /** Response headers to include (from middleware.ts, proxy.ts, etc.). */\n responseHeaders?: Headers;\n /** Default status code when rendering succeeds. Default: 200. */\n defaultStatus?: number;\n}\n\n/** Result of the flush process. */\nexport interface FlushResult {\n /** The final HTTP Response. */\n response: Response;\n /** The status code committed. */\n status: number;\n /** Whether the response was a redirect. */\n isRedirect: boolean;\n /** Whether the response was a denial. */\n isDenial: boolean;\n}\n\n// ─── Render Function Type ────────────────────────────────────────────────────\n\n/**\n * A function that performs the React render.\n *\n * The flush controller calls this, catches any signals thrown during the\n * synchronous shell render (before onShellReady), and produces the\n * correct HTTP response.\n *\n * Must return an object with:\n * - `stream`: The ReadableStream from renderToReadableStream\n * - `shellReady`: A Promise that resolves when onShellReady fires\n */\nexport interface RenderResult {\n /** The HTML byte stream. */\n stream: ReadableStream<Uint8Array>;\n /** Resolves when the shell is ready (all non-Suspense content rendered). */\n shellReady: Promise<void>;\n}\n\nexport type RenderFn = () => RenderResult | Promise<RenderResult>;\n\n// ─── Flush Controller ────────────────────────────────────────────────────────\n\n/**\n * Execute a render and hold the response until the shell is ready.\n *\n * The flush controller:\n * 1. Calls the render function to start renderToReadableStream\n * 2. Waits for shellReady (onShellReady)\n * 3. If a render-phase signal was thrown (deny, redirect, error), produces\n * the correct HTTP status code\n * 4. If the shell rendered successfully, commits the status and streams\n *\n * Render-phase signals caught before flush:\n * - `DenySignal` → HTTP 4xx with appropriate status code\n * - `RedirectSignal` → HTTP 3xx with Location header\n * - `RenderError` → HTTP status from error (default 500)\n * - Unhandled error → HTTP 500\n *\n * @param renderFn - Function that starts the React render.\n * @param options - Flush configuration.\n * @returns The committed HTTP Response.\n */\nexport async function flushResponse(\n renderFn: RenderFn,\n options: FlushOptions = {}\n): Promise<FlushResult> {\n const { responseHeaders = new Headers(), defaultStatus = 200 } = options;\n\n let renderResult: RenderResult;\n\n // Phase 1: Start the render. The render function may throw synchronously\n // if there's an immediate error before React even starts.\n try {\n renderResult = await renderFn();\n } catch (error) {\n return handleSignal(error, responseHeaders);\n }\n\n // Phase 2: Wait for onShellReady. Render-phase signals (deny, redirect,\n // throws outside Suspense) are caught here.\n try {\n await renderResult.shellReady;\n } catch (error) {\n return handleSignal(error, responseHeaders);\n }\n\n // Phase 3: Shell rendered successfully. Commit status and stream.\n responseHeaders.set('Content-Type', 'text/html; charset=utf-8');\n\n return {\n response: new Response(renderResult.stream, {\n status: defaultStatus,\n headers: responseHeaders,\n }),\n status: defaultStatus,\n isRedirect: false,\n isDenial: false,\n };\n}\n\n// ─── Signal Handling ─────────────────────────────────────────────────────────\n\n/**\n * Handle a render-phase signal and produce the correct HTTP response.\n */\nfunction handleSignal(error: unknown, responseHeaders: Headers): FlushResult {\n // Redirect signal → HTTP 3xx\n if (error instanceof RedirectSignal) {\n responseHeaders.set('Location', error.location);\n return {\n response: new Response(null, {\n status: error.status,\n headers: responseHeaders,\n }),\n status: error.status,\n isRedirect: true,\n isDenial: false,\n };\n }\n\n // Deny signal → HTTP 4xx\n if (error instanceof DenySignal) {\n return {\n response: new Response(null, {\n status: error.status,\n headers: responseHeaders,\n }),\n status: error.status,\n isRedirect: false,\n isDenial: true,\n };\n }\n\n // RenderError → HTTP status from error\n if (error instanceof RenderError) {\n return {\n response: new Response(null, {\n status: error.status,\n headers: responseHeaders,\n }),\n status: error.status,\n isRedirect: false,\n isDenial: false,\n };\n }\n\n // Unknown error → HTTP 500\n logRenderError({ method: '', path: '', error });\n return {\n response: new Response(null, {\n status: 500,\n headers: responseHeaders,\n }),\n status: 500,\n isRedirect: false,\n isDenial: false,\n };\n}\n","/**\n * CSRF protection — Origin header validation.\n *\n * Auto-derived from the Host header for single-origin deployments.\n * Configurable via allowedOrigins for multi-origin setups.\n * Disable with csrf: false (not recommended outside local dev).\n *\n * See design/08-forms-and-actions.md §\"CSRF Protection\"\n * See design/13-security.md §\"Security Testing Checklist\" #6\n */\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\nexport interface CsrfConfig {\n /** Explicit list of allowed origins. Replaces Host-based auto-derivation. */\n allowedOrigins?: string[];\n /** Set to false to disable CSRF validation entirely. */\n csrf?: boolean;\n}\n\nexport type CsrfResult = { ok: true } | { ok: false; status: 403 };\n\n// ─── Constants ────────────────────────────────────────────────────────────\n\n/** HTTP methods that are considered safe (no mutation). */\nconst SAFE_METHODS = new Set(['GET', 'HEAD', 'OPTIONS']);\n\n// ─── Implementation ───────────────────────────────────────────────────────\n\n/**\n * Validate the Origin header against the request's Host.\n *\n * For mutation methods (POST, PUT, PATCH, DELETE):\n * - If `csrf: false`, skip validation.\n * - If `allowedOrigins` is set, Origin must match one exactly (no wildcards).\n * - Otherwise, Origin's host must match the request's Host header.\n *\n * Safe methods (GET, HEAD, OPTIONS) always pass.\n */\nexport function validateCsrf(req: Request, config: CsrfConfig): CsrfResult {\n // Safe methods don't need CSRF protection\n if (SAFE_METHODS.has(req.method)) {\n return { ok: true };\n }\n\n // Explicitly disabled\n if (config.csrf === false) {\n return { ok: true };\n }\n\n const origin = req.headers.get('Origin');\n\n // No Origin header on a mutation → reject\n if (!origin) {\n return { ok: false, status: 403 };\n }\n\n // If allowedOrigins is configured, use that instead of Host-based derivation\n if (config.allowedOrigins) {\n const allowed = config.allowedOrigins.includes(origin);\n return allowed ? { ok: true } : { ok: false, status: 403 };\n }\n\n // Auto-derive from Host header\n const host = req.headers.get('Host');\n if (!host) {\n return { ok: false, status: 403 };\n }\n\n // Extract hostname from Origin URL and compare to Host header\n let originHost: string;\n try {\n originHost = new URL(origin).host;\n } catch {\n return { ok: false, status: 403 };\n }\n\n return originHost === host ? { ok: true } : { ok: false, status: 403 };\n}\n","/**\n * Request body size limits — returns 413 when exceeded.\n * See design/08-forms-and-actions.md §\"FormData Limits\"\n */\n\nexport interface BodyLimitsConfig {\n limits?: {\n actionBodySize?: string;\n uploadBodySize?: string;\n maxFields?: number;\n };\n}\n\nexport type BodyLimitResult = { ok: true } | { ok: false; status: 411 | 413 };\n\nexport type BodyKind = 'action' | 'upload';\n\nconst KB = 1024;\nconst MB = 1024 * KB;\nconst GB = 1024 * MB;\n\nexport const DEFAULT_LIMITS = {\n actionBodySize: 1 * MB,\n uploadBodySize: 10 * MB,\n maxFields: 100,\n} as const;\n\nconst SIZE_PATTERN = /^(\\d+(?:\\.\\d+)?)\\s*(kb|mb|gb)?$/i;\n\n/** Parse a human-readable size string (\"1mb\", \"512kb\", \"1024\") into bytes. */\nexport function parseBodySize(size: string): number {\n const match = SIZE_PATTERN.exec(size.trim());\n if (!match) {\n throw new Error(\n `Invalid body size format: \"${size}\". Expected format like \"1mb\", \"512kb\", or \"1024\".`\n );\n }\n\n const value = Number.parseFloat(match[1]);\n const unit = (match[2] ?? '').toLowerCase();\n\n switch (unit) {\n case 'kb':\n return Math.floor(value * KB);\n case 'mb':\n return Math.floor(value * MB);\n case 'gb':\n return Math.floor(value * GB);\n case '':\n return Math.floor(value);\n default:\n throw new Error(`Unknown size unit: \"${unit}\"`);\n }\n}\n\n/** Check whether a request body exceeds the configured size limit (stateless, no ALS). */\nexport function enforceBodyLimits(\n req: Request,\n kind: BodyKind,\n config: BodyLimitsConfig\n): BodyLimitResult {\n const contentLength = req.headers.get('Content-Length');\n if (!contentLength) {\n // Reject requests without Content-Length — prevents body limit bypass via\n // chunked transfer-encoding. Browsers always send Content-Length for form POSTs.\n return { ok: false, status: 411 };\n }\n\n const bodySize = Number.parseInt(contentLength, 10);\n if (Number.isNaN(bodySize)) {\n return { ok: false, status: 411 };\n }\n\n const limit = resolveLimit(kind, config);\n return bodySize <= limit ? { ok: true } : { ok: false, status: 413 };\n}\n\n/** Check whether a FormData payload exceeds the configured field count limit. */\nexport function enforceFieldLimit(formData: FormData, config: BodyLimitsConfig): BodyLimitResult {\n const maxFields = config.limits?.maxFields ?? DEFAULT_LIMITS.maxFields;\n // Count unique keys — FormData.keys() yields duplicates for multi-value fields,\n // so we use a Set to count distinct field names.\n const fieldCount = new Set(formData.keys()).size;\n return fieldCount <= maxFields ? { ok: true } : { ok: false, status: 413 };\n}\n\n/**\n * Resolve the byte limit for a given body kind, using config overrides or defaults.\n */\nfunction resolveLimit(kind: BodyKind, config: BodyLimitsConfig): number {\n const userLimits = config.limits;\n\n if (kind === 'action') {\n return userLimits?.actionBodySize\n ? parseBodySize(userLimits.actionBodySize)\n : DEFAULT_LIMITS.actionBodySize;\n }\n\n return userLimits?.uploadBodySize\n ? parseBodySize(userLimits.uploadBodySize)\n : DEFAULT_LIMITS.uploadBodySize;\n}\n","/**\n * Route handler for route.ts API endpoints.\n *\n * route.ts files export named HTTP method handlers (GET, POST, etc.).\n * They share the same pipeline (proxy → match → middleware → access → handler)\n * but don't render React trees.\n *\n * See design/07-routing.md §\"route.ts — API Endpoints\"\n */\n\nimport type { RouteContext } from './types.js';\nimport { logRouteError } from './logger.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────\n\n/** HTTP methods that route.ts can export as named handlers. */\nexport type HttpMethod = 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE' | 'HEAD' | 'OPTIONS';\n\n/** A single route handler function — one-arg signature. */\nexport type RouteHandler = (ctx: RouteContext) => Response | Promise<Response>;\n\n/** A route.ts module — named exports for each supported HTTP method. */\nexport type RouteModule = {\n [K in HttpMethod]?: RouteHandler;\n};\n\n/** All recognized HTTP method export names. */\nconst HTTP_METHODS: HttpMethod[] = ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'];\n\n// ─── Allowed Methods ─────────────────────────────────────────────────────\n\n/**\n * Resolve the full list of allowed methods for a route module.\n *\n * Includes:\n * - All explicitly exported methods\n * - HEAD (implicit when GET is exported)\n * - OPTIONS (always implicit)\n */\nexport function resolveAllowedMethods(mod: RouteModule): HttpMethod[] {\n const methods: HttpMethod[] = [];\n\n for (const method of HTTP_METHODS) {\n if (method === 'HEAD' || method === 'OPTIONS') continue;\n if (mod[method]) {\n methods.push(method);\n }\n }\n\n // HEAD is implicit when GET is exported\n if (mod.GET && !mod.HEAD) {\n methods.push('HEAD');\n } else if (mod.HEAD) {\n methods.push('HEAD');\n }\n\n // OPTIONS is always implicit\n if (!mod.OPTIONS) {\n methods.push('OPTIONS');\n } else {\n methods.push('OPTIONS');\n }\n\n return methods;\n}\n\n// ─── Route Request Handler ───────────────────────────────────────────────\n\n/**\n * Handle an incoming request against a route.ts module.\n *\n * Dispatches to the named method handler, auto-generates 405/OPTIONS,\n * and merges response headers from ctx.headers.\n */\nexport async function handleRouteRequest(mod: RouteModule, ctx: RouteContext): Promise<Response> {\n const method = ctx.req.method.toUpperCase() as HttpMethod;\n const allowed = resolveAllowedMethods(mod);\n const allowHeader = allowed.join(', ');\n\n // Auto OPTIONS — 204 with Allow header\n if (method === 'OPTIONS') {\n if (mod.OPTIONS) {\n return runHandler(mod.OPTIONS, ctx);\n }\n return new Response(null, {\n status: 204,\n headers: { Allow: allowHeader },\n });\n }\n\n // HEAD fallback — run GET, strip body\n if (method === 'HEAD') {\n if (mod.HEAD) {\n return runHandler(mod.HEAD, ctx);\n }\n if (mod.GET) {\n const res = await runHandler(mod.GET, ctx);\n // Return headers + status but no body\n return new Response(null, {\n status: res.status,\n headers: res.headers,\n });\n }\n }\n\n // Dispatch to the named handler\n const handler = mod[method];\n if (!handler) {\n return new Response(null, {\n status: 405,\n headers: { Allow: allowHeader },\n });\n }\n\n return runHandler(handler, ctx);\n}\n\n/**\n * Run a handler, merge ctx.headers into the response, and catch errors.\n */\nasync function runHandler(handler: RouteHandler, ctx: RouteContext): Promise<Response> {\n try {\n const res = await handler(ctx);\n return mergeResponseHeaders(res, ctx.headers);\n } catch (error) {\n logRouteError({ method: ctx.req.method, path: new URL(ctx.req.url).pathname, error });\n return new Response(null, { status: 500 });\n }\n}\n\n/**\n * Merge response headers from ctx.headers into the handler's response.\n * ctx.headers (set by middleware or the handler) are applied to the final response.\n * Handler-set headers take precedence over ctx.headers.\n */\nfunction mergeResponseHeaders(res: Response, ctxHeaders: Headers): Response {\n // If no ctx headers to merge, return as-is\n let hasCtxHeaders = false;\n ctxHeaders.forEach(() => {\n hasCtxHeaders = true;\n });\n if (!hasCtxHeaders) return res;\n\n // Merge: ctx.headers first, then handler response headers override.\n // Set-Cookie needs special handling: Headers.set() replaces all values\n // for a key, but each Set-Cookie must be its own header per RFC 6265 §4.1.\n // Use append for Set-Cookie, set for everything else.\n const merged = new Headers();\n ctxHeaders.forEach((value, key) => {\n if (key.toLowerCase() === 'set-cookie') {\n merged.append(key, value);\n } else {\n merged.set(key, value);\n }\n });\n // Response Set-Cookie headers: use getSetCookie() to preserve individual\n // cookies (forEach joins them with \", \" into one entry).\n const resCookies = res.headers.getSetCookie();\n for (const cookie of resCookies) {\n merged.append('Set-Cookie', cookie);\n }\n res.headers.forEach((value, key) => {\n if (key.toLowerCase() !== 'set-cookie') {\n merged.set(key, value);\n }\n });\n\n return new Response(res.body, {\n status: res.status,\n statusText: res.statusText,\n headers: merged,\n });\n}\n","/**\n * Render timeout utilities for SSR streaming pipeline.\n *\n * Provides a RenderTimeoutError class and a helper to create\n * timeout-guarded AbortSignals. Used to defend against hung RSC\n * streams and infinite SSR renders.\n *\n * Design doc: 02-rendering-pipeline.md §\"Streaming Constraints\"\n */\n\n/**\n * Error thrown when an SSR render or RSC stream read exceeds the\n * configured timeout. Callers can check `instanceof RenderTimeoutError`\n * to distinguish timeout from other errors and return a 504 or close\n * the connection cleanly.\n */\nexport class RenderTimeoutError extends Error {\n readonly timeoutMs: number;\n\n constructor(timeoutMs: number, context?: string) {\n const message = context\n ? `Render timeout after ${timeoutMs}ms: ${context}`\n : `Render timeout after ${timeoutMs}ms`;\n super(message);\n this.name = 'RenderTimeoutError';\n this.timeoutMs = timeoutMs;\n }\n}\n\n/**\n * Result of createRenderTimeout — an AbortSignal that fires after\n * the given duration, plus a cancel function to clear the timer\n * when the render completes normally.\n */\nexport interface RenderTimeout {\n /** AbortSignal that aborts after timeoutMs. */\n signal: AbortSignal;\n /** Cancel the timeout timer. Call this when the render completes. */\n cancel: () => void;\n}\n\n/**\n * Create a render timeout that aborts after the given duration.\n *\n * Returns an AbortSignal and a cancel function. The signal fires\n * with a RenderTimeoutError as the abort reason after `timeoutMs`.\n * Call `cancel()` when the render completes to prevent the timeout\n * from firing.\n *\n * If an existing `parentSignal` is provided, the returned signal\n * aborts when either the parent signal or the timeout fires —\n * whichever comes first.\n */\nexport function createRenderTimeout(timeoutMs: number, parentSignal?: AbortSignal): RenderTimeout {\n const controller = new AbortController();\n const reason = new RenderTimeoutError(timeoutMs, 'RSC stream read timed out');\n\n const timer = setTimeout(() => {\n controller.abort(reason);\n }, timeoutMs);\n\n // If there's a parent signal (e.g. request abort), chain it\n if (parentSignal) {\n if (parentSignal.aborted) {\n clearTimeout(timer);\n controller.abort(parentSignal.reason);\n } else {\n parentSignal.addEventListener(\n 'abort',\n () => {\n clearTimeout(timer);\n controller.abort(parentSignal.reason);\n },\n { once: true }\n );\n }\n }\n\n return {\n signal: controller.signal,\n cancel: () => {\n clearTimeout(timer);\n },\n };\n}\n\n/**\n * Race a promise against a timeout. Rejects with RenderTimeoutError\n * if the promise does not resolve within `timeoutMs`.\n *\n * Used to guard individual `rscReader.read()` calls inside pullLoop.\n */\nexport function withTimeout<T>(\n promise: Promise<T>,\n timeoutMs: number,\n context?: string\n): Promise<T> {\n let timer: ReturnType<typeof setTimeout>;\n const timeoutPromise = new Promise<never>((_resolve, reject) => {\n timer = setTimeout(() => {\n reject(new RenderTimeoutError(timeoutMs, context));\n }, timeoutMs);\n });\n\n return Promise.race([promise, timeoutPromise]).finally(() => {\n clearTimeout(timer!);\n });\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgCA,SAAgB,uBAA0B,IAAgB;AACxD,QAAO,UAAU,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG;;;;;;AAiB3C,eAAsB,WACpB,MACA,MACA,IACY;CACZ,MAAM,QAAQ,UAAU,UAAU;AAClC,KAAI,CAAC,MAAO,QAAO,IAAI;CAEvB,MAAM,QAAQ,YAAY,KAAK;AAC/B,KAAI;AACF,SAAO,MAAM,IAAI;WACT;EACR,MAAM,MAAM,KAAK,MAAM,YAAY,KAAK,GAAG,MAAM;AACjD,QAAM,QAAQ,KAAK;GAAE;GAAM;GAAK;GAAM,CAAC;;;;;;;;;;AAW3C,SAAgB,wBAAuC;CACrD,MAAM,QAAQ,UAAU,UAAU;AAClC,KAAI,CAAC,SAAS,MAAM,QAAQ,WAAW,EAAG,QAAO;CAGjD,MAAM,6BAAa,IAAI,KAAqB;CAQ5C,MAAM,QAPU,MAAM,QAAQ,KAAK,UAAU;EAC3C,MAAM,QAAQ,WAAW,IAAI,MAAM,KAAK,IAAI;AAC5C,aAAW,IAAI,MAAM,MAAM,QAAQ,EAAE;EACrC,MAAM,aAAa,QAAQ,IAAI,GAAG,MAAM,KAAK,GAAG,UAAU,MAAM;AAChE,SAAO;GAAE,GAAG;GAAO,MAAM;GAAY;GACrC,CAEoB,KAAK,UAAU;EACnC,IAAI,OAAO,GAAG,MAAM,KAAK,OAAO,MAAM;AACtC,MAAI,MAAM,MAAM;GAEd,MAAM,WAAW,MAAM,KAAK,QAAQ,OAAO,OAAO,CAAC,QAAQ,MAAM,OAAM;AACvE,WAAQ,UAAU,SAAS;;AAE7B,SAAO;GACP;CAIF,MAAM,kBAAkB;CACxB,IAAI,SAAS;AACb,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;EACrC,MAAM,YAAY,SAAS,GAAG,OAAO,IAAI,MAAM,OAAO,MAAM;AAC5D,MAAI,UAAU,SAAS,gBAAiB;AACxC,WAAS;;AAGX,QAAO,UAAU;;;;;;;;;;;;;;;;;;;ACzFnB,IAAM,uBAAwE;CAC5E;EACE,SAAS;EACT,aAAa;EACd;CACD;EACE,SAAS;EACT,aAAa;EACd;CACD;EACE,SAAS;EACT,aAAa;EACd;CACD;EACE,SAAS;EACT,aAAa;EACd;CACF;;;;AAKD,IAAM,wBAAyE,CAC7E;CACE,SAAS;CACT,aAAa;CACd,EACD;CACE,SAAS;CACT,aAAa;CACd,CACF;;;;;AAMD,SAAgB,eAAe,OAAwB;AACrD,KAAI,EAAE,iBAAiB,OACrB,QAAO,OAAO,MAAM;CAGtB,IAAI,UAAU,MAAM;CACpB,IAAI,QAAQ,MAAM,SAAS;AAG3B,MAAK,MAAM,EAAE,SAAS,iBAAiB,sBACrC,WAAU,QAAQ,QAAQ,SAAS,YAAY;AAIjD,MAAK,MAAM,EAAE,SAAS,iBAAiB,qBACrC,SAAQ,MAAM,QAAQ,SAAS,YAAY;AAI7C,MAAK,MAAM,EAAE,SAAS,iBAAiB,sBACrC,SAAQ,MAAM,QAAQ,SAAS,YAAY;CAI7C,MAAM,OAAO,iBAAiB,MAAM,QAAQ;CAG5C,MAAM,QAAkB,EAAE;AAC1B,OAAM,KAAK,QAAQ;AACnB,KAAI,KACF,OAAM,KAAK,OAAO,OAAO;CAK3B,MAAM,aAAa,kBAAkB,MAAM;AAC3C,KAAI,WAAW,SAAS,GAAG;AACzB,QAAM,KAAK,GAAG;AACd,QAAM,KAAK,wBAAwB;AACnC,OAAK,MAAM,SAAS,WAClB,OAAM,KAAK,OAAO,QAAQ;;AAI9B,QAAO,MAAM,KAAK,KAAK;;;;;;;;;AAYzB,SAAS,iBAAiB,SAAgC;AAIxD,KADsB,QAAQ,MAAM,2DAA2D,EAC5E;EAGjB,MAAM,YAAY,QAAQ,MAAM,4BAA4B;AAC5D,MAAI,UACF,QAAO,SAAS,UAAU,GAAG;AAE/B,SAAO;;AAIT,KAAI,QAAQ,SAAS,yCAAyC,CAC5D,QAAO;CAIT,MAAM,eAAe,QAAQ,MAC3B,uEACD;AACD,KAAI,aACF,QAAO,aAAa,aAAa,GAAG,MAAM,aAAa,GAAG;CAI5D,MAAM,aAAa,QAAQ,MAAM,0BAA0B;AAC3D,KAAI,WACF,QAAO,IAAI,WAAW,GAAG;AAI3B,KAAI,QAAQ,SAAS,0BAA0B,CAC7C,QAAO;AAMT,KAAI,QAAQ,SAAS,oBAAoB,CACvC,QACE;AAOJ,QAAO;;;;;;;;AAWT,SAAS,kBAAkB,OAAyB;CAClD,MAAM,QAAQ,MAAM,MAAM,KAAK;CAC/B,MAAM,aAAuB,EAAE;AAE/B,MAAK,MAAM,QAAQ,OAAO;EACxB,MAAM,UAAU,KAAK,MAAM;AAE3B,MAAI,CAAC,QAAQ,WAAW,MAAM,CAAE;AAEhC,MACE,QAAQ,SAAS,eAAe,IAChC,QAAQ,SAAS,qBAAqB,IACtC,QAAQ,SAAS,eAAe,IAChC,QAAQ,SAAS,aAAa,IAC9B,QAAQ,SAAS,gBAAgB,CAEjC;AAEF,aAAW,KAAK,QAAQ;AACxB,MAAI,WAAW,UAAU,EAAG;;AAG9B,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACpKT,SAAS,iBAAiB,MAAwC;AAChE,KAAI,CAAC,KAAM,QAAO;CAElB,MAAM,QAAkB,EAAE;CAC1B,IAAI;AAEJ,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,KAAK,EAAE;AAC/C,MAAI,QAAQ,YAAY;AAEtB,aAAU,OAAO,UAAU,WAAW,QAAQ,OAAO,MAAM;AAC3D;;AAEF,MAAI,QAAQ,SAAS;AAEnB,SAAM,KAAK,SAAS,eAAe,MAAM,GAAG;AAC5C;;AAEF,MAAI,UAAU,KAAA,KAAa,UAAU,KAAM;AAC3C,QAAM,KAAK,GAAG,IAAI,GAAG,QAAQ;;AAI/B,KAAI,QACF,OAAM,KAAK,YAAY,QAAQ,MAAM,GAAG,EAAE,GAAG;AAG/C,QAAO,MAAM,SAAS,IAAI,OAAO,MAAM,KAAK,KAAK,GAAG;;;AAItD,SAAS,SAAS,OAAuB;AACvC,QAAO,MAAM,OAAO,EAAE;;AAGxB,SAAgB,sBAAoC;AAClD,QAAO;EACL,MAAM,KAAa,MAAsC;GAIvD,MAAM,SAAS,iBAAiB,KAAK;AACrC,WAAQ,OAAO,MAAM,YAAY,SAAS,QAAQ,CAAC,IAAI,MAAM,OAAO,IAAI;;EAG1E,KAAK,KAAa,MAAsC;GAEtD,MAAM,SAAS,iBAAiB,KAAK;AACrC,WAAQ,OAAO,MAAM,YAAY,SAAS,OAAO,CAAC,IAAI,MAAM,OAAO,IAAI;;EAGzE,KAAK,KAAa,MAAsC;AAGtD,OAAI,WAAW,CAAE;AACjB,OAAI,CAAC,SAAS,CAAE;GAChB,MAAM,SAAS,iBAAiB,KAAK;AACrC,WAAQ,OAAO,MAAM,YAAY,SAAS,OAAO,CAAC,IAAI,MAAM,OAAO,IAAI;;EAGzE,MAAM,KAAa,MAAsC;AAGvD,OAAI,WAAW,CAAE;AACjB,OAAI,CAAC,SAAS,CAAE;GAChB,MAAM,SAAS,iBAAiB,KAAK;AACrC,WAAQ,OAAO,MAAM,YAAY,SAAS,QAAQ,CAAC,IAAI,MAAM,OAAO,IAAI;;EAE3E;;;;;;;;;;;;;ACtEH,IAAI,UAAwB,qBAAqB;;;;;;AAOjD,SAAgB,UAAU,QAA4B;AACpD,WAAU;;;;;;AAOZ,SAAgB,YAA0B;AACxC,QAAO;;;;;;AAST,SAAS,iBAAiB,MAAyD;CACjF,MAAM,QAAQ,eAAe;CAC7B,MAAM,WAAoC,EAAE,GAAG,MAAM;AACrD,KAAI,OAAO;AACT,WAAS,WAAW,MAAM;AAC1B,MAAI,MAAM,OACR,UAAS,UAAU,MAAM;;AAG7B,QAAO;;;AAMT,SAAgB,oBAAoB,MAO3B;AACP,SAAQ,KAAK,qBAAqB,iBAAiB,KAAK,CAAC;;;AAI3D,SAAgB,mBAAmB,MAA8C;AAC/E,SAAQ,MAAM,oBAAoB,iBAAiB,KAAK,CAAC;;;AAI3D,SAAgB,eAAe,MAOtB;AACP,SAAQ,KAAK,mCAAmC,iBAAiB,KAAK,CAAC;;;AAIzE,SAAgB,0BAA0B,MAIjC;AACP,SAAQ,MAAM,8BAA8B,iBAAiB,KAAK,CAAC;;;AAIrE,SAAgB,mBAAmB,MAA8D;AAC/F,SAAQ,MAAM,uCAAuC,iBAAiB,KAAK,CAAC;;;AAI9E,SAAgB,eAAe,MAKtB;AACP,SAAQ,MAAM,gCAAgC,iBAAiB,KAAK,CAAC;;;AAIvE,SAAgB,cAAc,MAAgC;AAC5D,SAAQ,MAAM,iCAAiC,iBAAiB,KAAK,CAAC;;;AASxE,SAAgB,cAAc,MAA8D;AAC1F,SAAQ,MAAM,iCAAiC,iBAAiB,KAAK,CAAC;;;AASxE,SAAgB,0BAAgC;AAC9C,SAAQ,KAAK,uCAAuC;;;AAItD,SAAgB,qBAAqB,MAAgC;AACnE,SAAQ,KAAK,gCAAgC,iBAAiB,KAAK,CAAC;;;AAItE,SAAgB,oBAAoB,MAAkD;AACpF,SAAQ,KAAK,uCAAuC,iBAAiB,KAAK,CAAC;;;AAI7E,SAAgB,aAAa,MAAkC;AAC7D,SAAQ,MAAM,qBAAqB,iBAAiB,KAAK,CAAC;;;;;;;;;;;;;;ACrG5D,IAAI,eAAe;AACnB,IAAI,kBAAwD;;;;;;;;;;;AAY5D,eAAsB,oBACpB,QACe;AACf,KAAI,aAAc;AAClB,gBAAe;CAEf,IAAI;AACJ,KAAI;AACF,QAAM,MAAM,QAAQ;UACb,OAAO;AACd,UAAQ,MAAM,+CAA+C,MAAM;AACnE;;AAGF,KAAI,CAAC,IAAK;AAGV,KAAI,IAAI,UAAU,OAAO,IAAI,OAAO,SAAS,WAC3C,WAAU,IAAI,OAAO;AAIvB,KAAI,OAAO,IAAI,mBAAmB,WAChC,mBAAkB,IAAI;AAIxB,KAAI,OAAO,IAAI,aAAa,WAC1B,KAAI;AACF,QAAM,IAAI,UAAU;UACb,OAAO;AACd,UAAQ,MAAM,iDAAiD,MAAM;AACrE,QAAM;;;;;;;AASZ,eAAsB,mBACpB,OACA,SACA,SACe;AACf,KAAI,CAAC,gBAAiB;AACtB,KAAI;AACF,QAAM,gBAAgB,OAAO,SAAS,QAAQ;UACvC,WAAW;AAClB,UAAQ,MAAM,uCAAuC,UAAU;;;;;;AAOnE,SAAgB,oBAA6B;AAC3C,QAAO,oBAAoB;;;;;ACzG7B,IAAM,iBAAiB,IAAI,IAAI;CAAC;CAAa;CAAe;CAAY,CAAC;;;;;;;;;;;AAYzE,SAAgB,UAAU,QAAiC,QAAuC;AAChG,MAAK,MAAM,OAAO,OAAO,KAAK,OAAO,CACnC,KAAI,CAAC,eAAe,IAAI,IAAI,CAC1B,QAAO,OAAO,OAAO;;;;;;;;;;;;;;;AA2B3B,SAAgB,kBACd,OACsB;AACtB,KAAI,UAAU,KAAA,EAAW,QAAO;AAEhC,KAAI,OAAO,UAAU,cAAc,MAAM,QAAQ,MAAM,EAAE;EACvD,MAAM,MAAM;AACZ,eAAa;;AAEf,KAAI,MAAM,SAAS,UAAU;EAC3B,MAAM,MAAM,MAAM;AAClB,eAAa;;CAEf,MAAM,SAAS,MAAM;AACrB,QAAO,aAAa,MAAM,QAAQ,EAAE;;;;;;AAStC,SAAgB,eAAe,SAAwB;AACrD,MAAK,MAAM,SAAS,qBAAqB,CACvC,SAAQ,OAAO,cAAc,MAAM;;;;;;AAQvC,SAAgB,oBAAoB,QAAiB,QAAuB;CAC1E,MAAM,eAAe,IAAI,IAAI,CAAC,GAAG,OAAO,MAAM,CAAC,CAAC,KAAK,QAAQ,IAAI,aAAa,CAAC,CAAC;AAChF,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,SAAS,CACzC,KAAI,CAAC,aAAa,IAAI,IAAI,aAAa,CAAC,CACtC,QAAO,OAAO,KAAK,MAAM;;;;;;;;;;;;;;;;;;;;AAyB/B,SAAgB,wBAAwB,UAA8B;AACpE,QAAO,IAAI,SAAS,SAAS,MAAM;EACjC,QAAQ,SAAS;EACjB,YAAY,SAAS;EACrB,SAAS,IAAI,QAAQ,SAAS,QAAQ;EACvC,CAAC;;;;;;;;;;AAaJ,SAAgB,sBACd,QACA,KACA,SACU;AAEV,MADe,IAAI,QAAQ,IAAI,SAAS,IAAI,IAAI,SAAS,mBAAmB,EACjE;AACT,UAAQ,IAAI,qBAAqB,OAAO,SAAS;AACjD,SAAO,IAAI,SAAS,MAAM;GAAE,QAAQ;GAAK;GAAS,CAAC;;AAErD,SAAQ,IAAI,YAAY,OAAO,SAAS;AACxC,QAAO,IAAI,SAAS,MAAM;EAAE,QAAQ,OAAO;EAAQ;EAAS,CAAC;;;;;;AAS/D,eAAsB,mBACpB,OACA,KACA,OACe;CACf,MAAM,MAAM,IAAI,IAAI,IAAI,IAAI;CAC5B,MAAM,aAAqC,EAAE;AAC7C,KAAI,QAAQ,SAAS,GAAG,MAAM;AAC5B,aAAW,KAAK;GAChB;AAEF,OAAM,mBACJ,OACA;EAAE,QAAQ,IAAI;EAAQ,MAAM,IAAI;EAAU,SAAS;EAAY,EAC/D;EAAE;EAAO,WAAW,IAAI;EAAU,WAAW;EAAQ,SAAS,YAAY;EAAE,CAC7E;;;;;;;;AClKH,IAAM,uBAAuB;;AAG7B,IAAM,eAAe;;;;;;;;;;;;;AAcrB,SAAgB,aAAa,aAAqB,qBAAqB,MAA0B;AAG/F,KAAI,qBAAqB,KAAK,YAAY,CACxC,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;AAEnC,KAAI,aAAa,KAAK,YAAY,CAChC,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;CAKnC,IAAI;AACJ,KAAI;AACF,YAAU,mBAAmB,YAAY;SACnC;AAEN,SAAO;GAAE,IAAI;GAAO,QAAQ;GAAK;;AAKnC,KAAI,QAAQ,SAAS,KAAK,CACxB,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;CAQnC,IAAI,WAAW,QAAQ,QAAQ,UAAU,IAAI;CAG7C,MAAM,WAAW,SAAS,MAAM,IAAI;CACpC,MAAM,WAAqB,EAAE;AAC7B,MAAK,MAAM,OAAO,SAChB,KAAI,QAAQ,MAAM;AAChB,MAAI,SAAS,UAAU,EAErB,QAAO;GAAE,IAAI;GAAO,QAAQ;GAAK;AAEnC,WAAS,KAAK;YACL,QAAQ,IACjB,UAAS,KAAK,IAAI;AAItB,YAAW,SAAS,KAAK,IAAI,IAAI;AAGjC,KAAI,sBAAsB,SAAS,SAAS,KAAK,SAAS,SAAS,IAAI,CACrE,YAAW,SAAS,MAAM,GAAG,GAAG;AAGlC,QAAO;EAAE,IAAI;EAAM;EAAU;;;;;;;;;;;;AChE/B,eAAsB,SACpB,aACA,KACA,MACmB;CACnB,MAAM,MAAM,MAAM,QAAQ,YAAY,GAAG,cAAc,CAAC,YAAY;CAIpE,IAAI,IAAI,IAAI;CACZ,IAAI,WAAW;AACf,QAAO,KAAK;EACV,MAAM,KAAK,IAAI;EACf,MAAM,aAAa;AACnB,mBAAiB,QAAQ,QAAQ,GAAG,KAAK,WAAW,CAAC;;AAGvD,QAAO,UAAU;;;;;;;;;;;ACnBnB,eAAsB,cACpB,cACA,KAC+B;CAC/B,MAAM,SAAS,MAAM,aAAa,IAAI;AACtC,KAAI,kBAAkB,SACpB,QAAO;;;;;;;;;;;;;;;;AAmBX,eAAsB,mBACpB,OACA,KAC+B;AAC/B,MAAK,MAAM,MAAM,OAAO;EACtB,MAAM,SAAS,MAAM,GAAG,IAAI;AAC5B,MAAI,kBAAkB,SACpB,QAAO;;;;;;;;;;;ACrCb,SAAgB,gBACd,IACA,UACM;CACN,MAAM,cAAmD;EACvD,CAAC,YAAY,GAAG,MAAM;EACtB,CAAC,kBAAkB,GAAG,YAAY;EAClC,CAAC,UAAU,GAAG,IAAI;EAClB,CAAC,gBAAgB,GAAG,SAAS;EAC7B,CAAC,aAAa,GAAG,OAAO;EACxB,CAAC,WAAW,GAAG,KAAK;EACpB,CAAC,6BAA6B,GAAG,cAAc;EAC/C,CAAC,4BAA4B,GAAG,aAAa;EAC9C;AAED,MAAK,MAAM,CAAC,UAAU,YAAY,YAChC,KAAI,QACF,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE;GAAU;GAAS;EAAE,CAAC;AAKhE,KAAI,GAAG,OACL,KAAI,OAAO,GAAG,WAAW,SACvB,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,UAAU;GAAY,SAAS,GAAG;GAAQ;EAAE,CAAC;MAC9E;EACL,MAAM,UAAU,MAAM,QAAQ,GAAG,OAAO,GAAG,GAAG,SAAS,CAAC,GAAG,OAAO;AAClE,OAAK,MAAM,OAAO,SAAS;AACzB,YAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,UAAU;KAAY,SAAS,IAAI;KAAK;IAAE,CAAC;AACjF,OAAI,IAAI,MACN,UAAS,KAAK;IACZ,KAAK;IACL,OAAO;KAAE,UAAU;KAAkB,SAAS,OAAO,IAAI,MAAM;KAAE;IAClE,CAAC;AAEJ,OAAI,IAAI,OACN,UAAS,KAAK;IACZ,KAAK;IACL,OAAO;KAAE,UAAU;KAAmB,SAAS,OAAO,IAAI,OAAO;KAAE;IACpE,CAAC;AAEJ,OAAI,IAAI,IACN,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,UAAU;KAAgB,SAAS,IAAI;KAAK;IAAE,CAAC;;;AAO7F,KAAI,GAAG,OACL,MAAK,MAAM,SAAS,GAAG,OACrB,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,UAAU;GAAY,SAAS,MAAM;GAAK;EAAE,CAAC;AAKvF,KAAI,GAAG,MACL,MAAK,MAAM,SAAS,GAAG,MACrB,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,UAAU;GAAY,SAAS,MAAM;GAAK;EAAE,CAAC;AAKvF,KAAI,GAAG,QACL,MAAK,MAAM,UAAU,GAAG,QACtB,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,UAAU;GAAqB,SAAS;GAAQ;EAC1D,CAAC;;;;;;;;AAWR,SAAgB,cAAc,IAAsC,UAA+B;CACjG,MAAM,cAAmD;EACvD,CAAC,gBAAgB,GAAG,KAAK;EACzB,CAAC,gBAAgB,GAAG,KAAK;EACzB,CAAC,mBAAmB,GAAG,OAAO;EAC9B,CAAC,iBAAiB,GAAG,MAAM;EAC3B,CAAC,uBAAuB,GAAG,YAAY;EACvC,CAAC,mBAAmB,GAAG,QAAQ;EAC/B,CAAC,sBAAsB,GAAG,UAAU;EACrC;AAED,MAAK,MAAM,CAAC,MAAM,YAAY,YAC5B,KAAI,QACF,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE;GAAM;GAAS;EAAE,CAAC;AAK5D,KAAI,GAAG,OACL,KAAI,OAAO,GAAG,WAAW,SACvB,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,MAAM;GAAiB,SAAS,GAAG;GAAQ;EAAE,CAAC;MAC/E;EACL,MAAM,UAAU,MAAM,QAAQ,GAAG,OAAO,GAAG,GAAG,SAAS,CAAC,GAAG,OAAO;AAClE,OAAK,MAAM,OAAO,SAAS;GACzB,MAAM,MAAM,OAAO,QAAQ,WAAW,MAAM,IAAI;AAChD,YAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM;KAAiB,SAAS;KAAK;IAAE,CAAC;;;AAMpF,KAAI,GAAG,QACL,MAAK,MAAM,UAAU,GAAG,SAAS;AAC/B,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,MAAM;IAAkB,SAAS,OAAO;IAAW;GAAE,CAAC;AAC5F,MAAI,OAAO,MACT,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,MAAM;IAAwB,SAAS,OAAO,OAAO,MAAM;IAAE;GACvE,CAAC;AAEJ,MAAI,OAAO,OACT,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,MAAM;IAAyB,SAAS,OAAO,OAAO,OAAO;IAAE;GACzE,CAAC;AAEJ,MAAI,OAAO,UACT,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,MAAM;IAAyB,SAAS,OAAO;IAAW;GACpE,CAAC;;AAMR,KAAI,GAAG,KAAK;EACV,MAAM,YAAkE;GACtE,CAAC,UAAU,SAAS;GACpB,CAAC,QAAQ,OAAO;GAChB,CAAC,cAAc,aAAa;GAC7B;AAID,MAAI,GAAG,IAAI;QACJ,MAAM,CAAC,KAAK,QAAQ,UACvB,KAAI,GAAG,IAAI,KAAK,KACd,UAAS,KAAK;IACZ,KAAK;IACL,OAAO;KAAE,MAAM,oBAAoB;KAAO,SAAS,GAAG,IAAI;KAAM;IACjE,CAAC;;AAKR,OAAK,MAAM,CAAC,KAAK,QAAQ,WAAW;GAClC,MAAM,KAAK,GAAG,IAAI,KAAK;AACvB,OAAI,GACF,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM,kBAAkB;KAAO,SAAS;KAAI;IAAE,CAAC;;AAIzF,OAAK,MAAM,CAAC,KAAK,QAAQ,WAAW;GAClC,MAAM,MAAM,GAAG,IAAI,MAAM;AACzB,OAAI,IACF,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM,mBAAmB;KAAO,SAAS;KAAK;IAAE,CAAC;;;;;;;;;ACxK/F,SAAgB,YAAY,OAAuC,UAA+B;AAEhG,KAAI,MAAM;MACJ,OAAO,MAAM,SAAS,SACxB,UAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,KAAK;IAAQ,MAAM,MAAM;IAAM;GAAE,CAAC;WAC/D,MAAM,QAAQ,MAAM,KAAK,CAClC,MAAK,MAAM,QAAQ,MAAM,MAAM;GAC7B,MAAM,QAAgC;IAAE,KAAK;IAAQ,MAAM,KAAK;IAAK;AACrE,OAAI,KAAK,MAAO,OAAM,QAAQ,KAAK;AACnC,OAAI,KAAK,KAAM,OAAM,OAAO,KAAK;AACjC,YAAS,KAAK;IAAE,KAAK;IAAQ;IAAO,CAAC;;;AAM3C,KAAI,MAAM,UAAU;EAClB,MAAM,OAAO,MAAM,QAAQ,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,MAAM,SAAS;AAC9E,OAAK,MAAM,OAAO,KAChB,UAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,KAAK;IAAiB,MAAM;IAAK;GAAE,CAAC;;AAK9E,KAAI,MAAM;MACJ,OAAO,MAAM,UAAU,SACzB,UAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,KAAK;IAAoB,MAAM,MAAM;IAAO;GAAE,CAAC;WAC5E,MAAM,QAAQ,MAAM,MAAM,CACnC,MAAK,MAAM,QAAQ,MAAM,OAAO;GAC9B,MAAM,QAAgC;IAAE,KAAK;IAAoB,MAAM,KAAK;IAAK;AACjF,OAAI,KAAK,MAAO,OAAM,QAAQ,KAAK;AACnC,YAAS,KAAK;IAAE,KAAK;IAAQ;IAAO,CAAC;;;AAM3C,KAAI,MAAM,MACR,MAAK,MAAM,QAAQ,MAAM,OAAO;EAC9B,MAAM,QAAgC;GAAE,KAAK,KAAK;GAAK,MAAM,KAAK;GAAK;AACvE,MAAI,KAAK,MAAO,OAAM,QAAQ,KAAK;AACnC,MAAI,KAAK,KAAM,OAAM,OAAO,KAAK;AACjC,WAAS,KAAK;GAAE,KAAK;GAAQ;GAAO,CAAC;;;;;;AAQ3C,SAAgB,iBACd,YACA,UACM;AACN,KAAI,WAAW,UACb,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,KAAK;GAAa,MAAM,WAAW;GAAW;EAAE,CAAC;AAGzF,KAAI,WAAW,UACb,MAAK,MAAM,CAAC,MAAM,SAAS,OAAO,QAAQ,WAAW,UAAU,CAC7D,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,KAAK;GAAa,UAAU;GAAM;GAAM;EAClD,CAAC;AAIN,KAAI,WAAW,MACb,MAAK,MAAM,CAAC,OAAO,SAAS,OAAO,QAAQ,WAAW,MAAM,CAC1D,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,KAAK;GAAa;GAAO;GAAM;EACzC,CAAC;AAIN,KAAI,WAAW,MACb,MAAK,MAAM,CAAC,MAAM,SAAS,OAAO,QAAQ,WAAW,MAAM,CACzD,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,KAAK;GAAa;GAAM;GAAM;EACxC,CAAC;;;;;AAQR,SAAgB,mBACd,cACA,UACM;CACN,MAAM,oBAAyD;EAC7D,CAAC,4BAA4B,aAAa,OAAO;EACjD,CAAC,SAAS,aAAa,MAAM;EAC7B,CAAC,uBAAuB,aAAa,OAAO;EAC7C;AAED,MAAK,MAAM,CAAC,MAAM,YAAY,kBAC5B,KAAI,QACF,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE;GAAM;GAAS;EAAE,CAAC;AAG5D,KAAI,aAAa,MACf,MAAK,MAAM,CAAC,MAAM,UAAU,OAAO,QAAQ,aAAa,MAAM,EAAE;EAC9D,MAAM,UAAU,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,KAAK,GAAG;AAC1D,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE;IAAM;IAAS;GAAE,CAAC;;;;;;AAQ9D,SAAgB,kBACd,aACA,UACM;AACN,KAAI,YAAY,QACd,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,MAAM;GAAgC,SAAS;GAAO;EAChE,CAAC;AAEJ,KAAI,YAAY,MACd,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,MAAM;GAA8B,SAAS,YAAY;GAAO;EAC1E,CAAC;AAEJ,KAAI,YAAY,eACd,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GACL,MAAM;GACN,SAAS,YAAY;GACtB;EACF,CAAC;AAEJ,KAAI,YAAY,cAAc;EAC5B,MAAM,SAAS,MAAM,QAAQ,YAAY,aAAa,GAClD,YAAY,eACZ,CAAC,EAAE,KAAK,YAAY,cAAc,CAAC;AACvC,OAAK,MAAM,OAAO,QAAQ;GAExB,MAAM,QAAgC;IAAE,KAAK;IAA6B,MAD9D,OAAO,QAAQ,WAAW,MAAM,IAAI;IACqC;AACrF,OAAI,OAAO,QAAQ,YAAY,IAAI,MACjC,OAAM,QAAQ,IAAI;AAEpB,YAAS,KAAK;IAAE,KAAK;IAAQ;IAAO,CAAC;;;;;;;AAQ3C,SAAgB,eACd,UACA,UACM;CACN,MAAM,kBAA+E;EACnF,CAAC,OAAO,SAAS,IAAI;EACrB,CAAC,WAAW,SAAS,QAAQ;EAC7B,CAAC,WAAW,SAAS,QAAQ;EAC7B,CAAC,iBAAiB,SAAS,aAAa;EACxC,CAAC,qBAAqB,SAAS,iBAAiB;EACjD;AAED,MAAK,MAAM,CAAC,UAAU,YAAY,iBAAiB;AACjD,MAAI,CAAC,QAAS;AACd,OAAK,MAAM,SAAS,QAClB,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,MAAM,CAC9C,KAAI,UAAU,KAAA,KAAa,UAAU,KACnC,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,UAAU,MAAM,SAAS,GAAG;IAAO,SAAS,OAAO,MAAM;IAAE;GACrE,CAAC;;AAMV,KAAI,SAAS,KAAK;AAChB,MAAI,SAAS,IAAI,IACf,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,UAAU;IAAc,SAAS,SAAS,IAAI;IAAK;GAC7D,CAAC;AAEJ,MAAI,SAAS,IAAI,mBAAmB,KAAA,EAClC,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IACL,UAAU;IACV,SAAS,SAAS,IAAI,iBAAiB,SAAS;IACjD;GACF,CAAC;;;;;;AAQR,SAAgB,aACd,QACA,UACM;CACN,MAAM,QAAQ,CAAC,UAAU,OAAO,QAAQ;AACxC,KAAI,OAAO,cAAe,OAAM,KAAK,kBAAkB,OAAO,gBAAgB;AAC9E,KAAI,OAAO,YAAa,OAAM,KAAK,gBAAgB,OAAO,cAAc;AACxE,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,MAAM;GAAoB,SAAS,MAAM,KAAK,KAAK;GAAE;EAC/D,CAAC;;;;;;;;;;;;;ACvMJ,SAAgB,yBAAyB,UAAmC;CAC1E,MAAM,WAA0B,EAAE;AAGlC,KAAI,OAAO,SAAS,UAAU,SAC5B,UAAS,KAAK;EAAE,KAAK;EAAS,SAAS,SAAS;EAAO,CAAC;CAI1D,MAAM,kBAAuD;EAC3D,CAAC,eAAe,SAAS,YAAY;EACrC,CAAC,aAAa,SAAS,UAAU;EACjC,CAAC,oBAAoB,SAAS,gBAAgB;EAC9C,CAAC,YAAY,SAAS,SAAS;EAC/B,CAAC,YAAY,SAAS,SAAS;EAC/B,CAAC,WAAW,SAAS,QAAQ;EAC7B,CAAC,aAAa,SAAS,UAAU;EAClC;AAED,MAAK,MAAM,CAAC,MAAM,YAAY,gBAC5B,KAAI,QACF,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE;GAAM;GAAS;EAAE,CAAC;AAK5D,KAAI,SAAS,UAAU;EACrB,MAAM,UAAU,MAAM,QAAQ,SAAS,SAAS,GAC5C,SAAS,SAAS,KAAK,KAAK,GAC5B,SAAS;AACb,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,MAAM;IAAY;IAAS;GAAE,CAAC;;AAItE,KAAI,SAAS,QAAQ;EACnB,MAAM,UACJ,OAAO,SAAS,WAAW,WAAW,SAAS,SAAS,mBAAmB,SAAS,OAAO;AAC7F,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,MAAM;IAAU;IAAS;GAAE,CAAC;AAGlE,MAAI,OAAO,SAAS,WAAW,YAAY,SAAS,OAAO,WAAW;GACpE,MAAM,YACJ,OAAO,SAAS,OAAO,cAAc,WACjC,SAAS,OAAO,YAChB,mBAAmB,SAAS,OAAO,UAAU;AACnD,YAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM;KAAa,SAAS;KAAW;IAAE,CAAC;;;AAKpF,KAAI,SAAS,UACX,iBAAgB,SAAS,WAAW,SAAS;AAI/C,KAAI,SAAS,QACX,eAAc,SAAS,SAAS,SAAS;AAI3C,KAAI,SAAS,MACX,aAAY,SAAS,OAAO,SAAS;AAIvC,KAAI,SAAS,SACX,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,KAAK;GAAY,MAAM,SAAS;GAAU;EAAE,CAAC;AAIrF,KAAI,SAAS,WACX,kBAAiB,SAAS,YAAY,SAAS;AAIjD,KAAI,SAAS,aACX,oBAAmB,SAAS,cAAc,SAAS;AAIrD,KAAI,SAAS,iBAAiB;EAC5B,MAAM,QAAkB,EAAE;AAC1B,MAAI,SAAS,gBAAgB,cAAc,MAAO,OAAM,KAAK,eAAe;AAC5E,MAAI,SAAS,gBAAgB,UAAU,MAAO,OAAM,KAAK,WAAW;AACpE,MAAI,SAAS,gBAAgB,YAAY,MAAO,OAAM,KAAK,aAAa;AACxE,MAAI,MAAM,SAAS,EACjB,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,MAAM;IAAoB,SAAS,MAAM,KAAK,KAAK;IAAE;GAC/D,CAAC;;AAKN,KAAI,SAAS,SAAS;EACpB,MAAM,aAAa,MAAM,QAAQ,SAAS,QAAQ,GAAG,SAAS,UAAU,CAAC,SAAS,QAAQ;AAC1F,OAAK,MAAM,UAAU,YAAY;AAC/B,OAAI,OAAO,KACT,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM;KAAU,SAAS,OAAO;KAAM;IAAE,CAAC;AAEjF,OAAI,OAAO,IACT,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,KAAK;KAAU,MAAM,OAAO;KAAK;IAAE,CAAC;;;AAMhF,KAAI,SAAS,YACX,mBAAkB,SAAS,aAAa,SAAS;AAInD,KAAI,SAAS,SACX,gBAAe,SAAS,UAAU,SAAS;AAI7C,KAAI,SAAS,OACX,cAAa,SAAS,QAAQ,SAAS;AAIzC,KAAI,SAAS,MACX,MAAK,MAAM,CAAC,MAAM,UAAU,OAAO,QAAQ,SAAS,MAAM,EAAE;EAC1D,MAAM,UAAU,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,KAAK,GAAG;AAC1D,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE;IAAM;IAAS;GAAE,CAAC;;AAI5D,QAAO;;AAKT,SAAS,mBAAmB,QAAyC;CACnE,MAAM,QAAkB,EAAE;AAC1B,KAAI,OAAO,UAAU,KAAM,OAAM,KAAK,QAAQ;AAC9C,KAAI,OAAO,UAAU,MAAO,OAAM,KAAK,UAAU;AACjD,KAAI,OAAO,WAAW,KAAM,OAAM,KAAK,SAAS;AAChD,KAAI,OAAO,WAAW,MAAO,OAAM,KAAK,WAAW;AACnD,QAAO,MAAM,KAAK,KAAK;;;;;;;;;;;;ACnHzB,SAAgB,aACd,OACA,UACoB;AACpB,KAAI,UAAU,KAAA,KAAa,UAAU,KACnC;AAGF,KAAI,OAAO,UAAU,SACnB,QAAO,WAAW,SAAS,QAAQ,MAAM,MAAM,GAAG;AAIpD,KAAI,MAAM,aAAa,KAAA,EACrB,QAAO,MAAM;AAGf,KAAI,MAAM,YAAY,KAAA,EACpB,QAAO,MAAM;;;;;;;;;;;;;;;AAqBjB,SAAgB,gBACd,SACA,UAAkC,EAAE,EAC1B;CACV,MAAM,EAAE,aAAa,UAAU;CAE/B,MAAM,SAAmB,EAAE;CAC3B,IAAI;CACJ,IAAI;CACJ,IAAI;AAEJ,MAAK,MAAM,EAAE,UAAU,YAAY,SAAS;AAE1C,MAAI,cAAc,OAChB;AAIF,MAAI,SAAS,UAAU,KAAA,KAAa,OAAO,SAAS,UAAU,UAAU;AACtE,OAAI,SAAS,MAAM,aAAa,KAAA,EAC9B,iBAAgB,SAAS,MAAM;AAEjC,OAAI,SAAS,MAAM,YAAY,KAAA,EAC7B,eAAc,SAAS,MAAM;;AAKjC,OAAK,MAAM,OAAO,OAAO,KAAK,SAAS,EAA2B;AAChE,OAAI,QAAQ,QAAS;AAEpB,UAAe,OAAO,SAAS;;AAIlC,MAAI,SAAS,UAAU,KAAA,EACrB,YAAW,SAAS;;AAKxB,KAAI,YAAY;AACd,aAAW,gBAAgB,KAAA,IAAY,EAAE,SAAS,aAAa,GAAG;AAElE,kBAAgB,KAAA;;CAIlB,MAAM,gBAAgB,aAAa,UAAU,cAAc;AAC3D,KAAI,kBAAkB,KAAA,EACpB,QAAO,QAAQ;AAIjB,KAAI,WACF,QAAO,SAAS;AAGlB,QAAO;;;;;AAQT,SAAS,cAAc,KAAsB;AAC3C,QAAO,IAAI,WAAW,UAAU,IAAI,IAAI,WAAW,WAAW,IAAI,IAAI,WAAW,KAAK;;;;;AAMxF,SAAS,WAAW,KAAa,MAAmB;AAClD,KAAI,cAAc,IAAI,CAAE,QAAO;AAC/B,QAAO,IAAI,IAAI,KAAK,KAAK,CAAC,UAAU;;;;;;;;AAStC,SAAgB,oBAAoB,UAA8B;CAChE,MAAM,OAAO,SAAS;AACtB,KAAI,CAAC,KAAM,QAAO;CAElB,MAAM,SAAS,EAAE,GAAG,UAAU;AAG9B,KAAI,OAAO,WAAW;AACpB,SAAO,YAAY,EAAE,GAAG,OAAO,WAAW;AAC1C,MAAI,OAAO,OAAO,UAAU,WAAW,SACrC,QAAO,UAAU,SAAS,WAAW,OAAO,UAAU,QAAQ,KAAK;WAC1D,MAAM,QAAQ,OAAO,UAAU,OAAO,CAC/C,QAAO,UAAU,SAAS,OAAO,UAAU,OAAO,KAAK,SAAS;GAC9D,GAAG;GACH,KAAK,WAAW,IAAI,KAAK,KAAK;GAC/B,EAAE;WACM,OAAO,UAAU,OAE1B,QAAO,UAAU,SAAS;GACxB,GAAG,OAAO,UAAU;GACpB,KAAK,WAAW,OAAO,UAAU,OAAO,KAAK,KAAK;GACnD;AAEH,MAAI,OAAO,UAAU,OAAO,CAAC,cAAc,OAAO,UAAU,IAAI,CAC9D,QAAO,UAAU,MAAM,WAAW,OAAO,UAAU,KAAK,KAAK;;AAKjE,KAAI,OAAO,SAAS;AAClB,SAAO,UAAU,EAAE,GAAG,OAAO,SAAS;AACtC,MAAI,OAAO,OAAO,QAAQ,WAAW,SACnC,QAAO,QAAQ,SAAS,WAAW,OAAO,QAAQ,QAAQ,KAAK;WACtD,MAAM,QAAQ,OAAO,QAAQ,OAAO,EAAE;GAE/C,MAAM,WAAW,OAAO,QAAQ,OAAO,KAAK,QAC1C,OAAO,QAAQ,WAAW,WAAW,KAAK,KAAK,GAAG;IAAE,GAAG;IAAK,KAAK,WAAW,IAAI,KAAK,KAAK;IAAE,CAC7F;GAED,MAAM,aAAa,SAAS,OAAO,MAAM,OAAO,MAAM,SAAS;AAC/D,UAAO,QAAQ,SAAS,aACnB,WACA;aACI,OAAO,QAAQ,OAExB,QAAO,QAAQ,SAAS;GACtB,GAAG,OAAO,QAAQ;GAClB,KAAK,WAAW,OAAO,QAAQ,OAAO,KAAK,KAAK;GACjD;;AAKL,KAAI,OAAO,YAAY;AACrB,SAAO,aAAa,EAAE,GAAG,OAAO,YAAY;AAC5C,MAAI,OAAO,WAAW,aAAa,CAAC,cAAc,OAAO,WAAW,UAAU,CAC5E,QAAO,WAAW,YAAY,WAAW,OAAO,WAAW,WAAW,KAAK;AAE7E,MAAI,OAAO,WAAW,WAAW;GAC/B,MAAM,QAAgC,EAAE;AACxC,QAAK,MAAM,CAAC,MAAM,QAAQ,OAAO,QAAQ,OAAO,WAAW,UAAU,CACnE,OAAM,QAAQ,cAAc,IAAI,GAAG,MAAM,WAAW,KAAK,KAAK;AAEhE,UAAO,WAAW,YAAY;;;AAKlC,KAAI,OAAO,OAAO;AAChB,SAAO,QAAQ,EAAE,GAAG,OAAO,OAAO;AAClC,MAAI,OAAO,OAAO,MAAM,SAAS,SAC/B,QAAO,MAAM,OAAO,WAAW,OAAO,MAAM,MAAM,KAAK;WAC9C,MAAM,QAAQ,OAAO,MAAM,KAAK,CACzC,QAAO,MAAM,OAAO,OAAO,MAAM,KAAK,KAAK,OAAO;GAAE,GAAG;GAAG,KAAK,WAAW,EAAE,KAAK,KAAK;GAAE,EAAE;AAE5F,MAAI,OAAO,OAAO,MAAM,UAAU,SAChC,QAAO,MAAM,QAAQ,WAAW,OAAO,MAAM,OAAO,KAAK;WAChD,MAAM,QAAQ,OAAO,MAAM,MAAM,CAC1C,QAAO,MAAM,QAAQ,OAAO,MAAM,MAAM,KAAK,OAAO;GAAE,GAAG;GAAG,KAAK,WAAW,EAAE,KAAK,KAAK;GAAE,EAAE;;AAIhG,QAAO;;;;;;;;;;AC7OT,IAAa,kBAAb,cAAqC,MAAM;;CAEzC;CAEA,YAAY,UAAkB,OAAgB;EAC5C,MAAM,kBAAkB,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;AAC9E,QAAM,kCAAkC,SAAS,MAAM,mBAAmB,EAAE,OAAO,CAAC;AACpF,OAAK,OAAO;AACZ,OAAK,WAAW;;;;;;;;;;;;;;;;;;;;AAqBpB,eAAsB,WAAwC,QAAoC;AAChG,KAAI;AACF,SAAQ,MAAM,OAAO,MAAM;UACpB,OAAO;AACd,QAAM,IAAI,gBAAgB,OAAO,UAAU,MAAM;;;;;;;;;;;;;;;;;;;;;;;ACoDrD,SAAgB,uBACd,OACA,QACA,MAC2B;CAC3B,MAAM,IAAI;AAEV,MAAK,MAAM,SAAS,OAAO;AACzB,MAAI,MAAM,WAAW,OACnB,QAAO,EAAE,MAAM,WAAW;GAAE;GAAQ,qBAAqB;GAAM,CAAC;AAElE,MAAI,MAAM,WAAW,OAAO,UAAU,OAAO,UAAU,IACrD,QAAO,EAAE,MAAM,WAAW;GAAE;GAAQ,qBAAqB;GAAM,CAAC;AAElE,MAAI,MAAM,WAAW,OAAO,UAAU,OAAO,UAAU,IACrD,QAAO,EAAE,MAAM,WAAW;GAAE;GAAQ,qBAAqB;GAAM,CAAC;AAElE,MAAI,MAAM,WAAW,KACnB,QAAO,EAAE,MAAM,WAAW;GAAE;GAAQ,qBAAqB;GAAM,CAAC;;AAGpE,QAAO;;;;;;;AAUT,SAAgB,cAAc,QAAsB;CAClD,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,MACF,OAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACzGvB,SAAgB,WAAW,OAA8D;CACvF,MAAM,EAAE,UAAU,aAAa,SAAS,WAAW,aAAa;AAGhE,KAAI,YAAY,KAAA,GAAW;AACzB,MAAI,YAAY,OACd,QAAO;AAET,QAAM;;AAMR,QAAO,mBAAmB,UAAU,aAAa,WAAW,SAAS;;;;;;AAOvE,eAAe,mBACb,UACA,aACA,WACA,UACuB;AACvB,KAAI;AACF,QAAM,SAAS,iBAAiB,EAAE,kBAAkB,eAAe,WAAW,EAAE,YAAY;AAC1F,OAAI;AACF,UAAM,UAAU;AAChB,UAAM,iBAAiB,iBAAiB,OAAO;YACxC,OAAgB;AACvB,QAAI,iBAAiB,YAAY;AAC/B,WAAM,iBAAiB,iBAAiB,OAAO;AAC/C,WAAM,iBAAiB,sBAAsB,MAAM,OAAO;AAC1D,SAAI,MAAM,WACR,OAAM,iBAAiB,oBAAoB,MAAM,WAAW;eAErD,iBAAiB,eAC1B,OAAM,iBAAiB,iBAAiB,WAAW;AAErD,UAAM;;IAER;UACK,OAAgB;AAIvB,MAAI,iBAAiB,cAAc,WAAW;GAC5C,MAAM,cAAc,uBAAuB,WAAW,MAAM,QAAQ,MAAM,KAAK;AAC/E,OAAI,aAAa;AACf,kBAAc,MAAM,OAAO;AAC3B,WAAO;;;AAGX,QAAM;;AAGR,QAAO;;;;;;;;;;;;;;;;AAmBT,eAAsB,eAAe,OAAmD;CACtF,MAAM,EAAE,UAAU,iBAAiB,UAAU,eAAe,iBAAiB,aAAa;AAE1F,KAAI;AACF,QAAM,UAAU;UACT,OAAgB;AAGvB,MAAI,iBAAiB,WACnB,QACE,oBAAoB,iBAAiB,UAAU,MAAM,MAAM,cAAc,IACzE,mBACA;AAQJ,MAAI,iBAAiB,gBAAgB;AACnC,OAAI,SAAS,CACX,SAAQ,MACN,gNAGD;AAGH,UACE,oBAAoB,iBAAiB,UAAU,KAAA,GAAW,cAAc,IACxE,mBACA;;AAMJ,MAAI,SAAS,CACX,SAAQ,KACN,oGAEA,MACD;AAEH,QAAM;;AAIR,QAAO;;;;;;AAOT,SAAS,oBACP,iBACA,UACA,MACA,eACqB;AACrB,KAAI,CAAC,gBAAiB,QAAO;AAC7B,QAAO,cAAc,iBAAiB;EACpC,MAAM;EACN,qBAAqB;EACtB,CAAC;;;;;;;;AC5GJ,IAAa,qBAAb,cAAwC,MAAM;CAC5C,YAAY,SAAiB;AAC3B,QAAM,QAAQ;AACd,OAAK,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACnDhB,IAAa,uBAAuB;;AAGpC,IAAa,gBAAgB;;;;;AAQ7B,IAAI,sBAAqC;;;;;;;;;;;;AAuCzC,SAAgB,iBAAiB,KAA+B;AAE9D,KAAI,CAAC,oBACH,QAAO;EAAE,IAAI;EAAM,UAAU;EAAM;CAGrC,MAAM,WAAW,IAAI,QAAQ,IAAI,qBAAqB;AAGtD,KAAI,CAAC,SACH,QAAO;EAAE,IAAI;EAAM,UAAU;EAAM;AAIrC,KAAI,aAAa,oBACf,QAAO;EAAE,IAAI;EAAM;EAAU;AAG/B,QAAO;EAAE,IAAI;EAAO;EAAU;;;;;;AAOhC,SAAgB,mBAAmB,SAAwB;AACzD,SAAQ,IAAI,eAAe,IAAI;;;;;;;;;;;;;;;;ACvFjC,IAAM,qBAAqB,IAAI,IAAI;CACjC;CACA;CACA;CACA;CACA;CACD,CAAC;;;;;;;;;;AAWF,eAAsB,wBACpB,WACmB;CACnB,MAAM,EAAE,aAAa,SAAS;CAC9B,MAAM,SAAS,mBAAmB,IAAI,YAAY;CAElD,MAAM,OAAO,MAAM,SAAS,KAAK,SAAS;CAE1C,MAAM,UAAkC;EACtC,gBAAgB,SAAS,GAAG,YAAY,mBAAmB;EAC3D,kBAAkB,OAAO,KAAK,WAAW;EAC1C;AAED,QAAO,IAAI,SAAS,MAAM;EAAE,QAAQ;EAAK;EAAS,CAAC;;;;;;AAOrD,SAAgB,iBACd,SAMQ;AAmBR,QAAO,yGAlBM,QACV,KAAK,MAAM;EACV,IAAI,MAAM,qBAAqB,UAAU,EAAE,IAAI,CAAC;AAChD,MAAI,EAAE,cAAc;GAClB,MAAM,OAAO,EAAE,wBAAwB,OAAO,EAAE,aAAa,aAAa,GAAG,EAAE;AAC/E,UAAO,kBAAkB,UAAU,KAAK,CAAC;;AAE3C,MAAI,EAAE,gBACJ,QAAO,qBAAqB,UAAU,EAAE,gBAAgB,CAAC;AAE3D,MAAI,EAAE,aAAa,KAAA,EACjB,QAAO,mBAAmB,EAAE,SAAS;AAEvC,SAAO;AACP,SAAO;GACP,CACD,KAAK,KAAK,CAEwG;;;AAiBvH,SAAgB,UAAU,KAAqB;AAC7C,QAAO,IACJ,QAAQ,MAAM,QAAQ,CACtB,QAAQ,MAAM,OAAO,CACrB,QAAQ,MAAM,OAAO,CACrB,QAAQ,MAAM,SAAS,CACvB,QAAQ,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;AC1E5B,SAAgB,sBACd,gBACA,WACA,UACgC;AAChC,MAAK,MAAM,WAAW,UAAU;AAE9B,MAAI,CAAC,UAAU,WAAW,QAAQ,mBAAmB,CAAE;AAIvD,MAAI,uBAAuB,gBAAgB,QAAQ,mBAAmB,CACpE,QAAO,EAAE,gBAAgB,QAAQ,oBAAoB;;AAGzD,QAAO;;;;;;;;AAST,SAAgB,uBAAuB,UAAkB,SAA0B;CACjF,MAAM,YAAY,aAAa,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,CAAC,MAAM,IAAI;CACtE,MAAM,eAAe,YAAY,MAAM,EAAE,GAAG,QAAQ,MAAM,EAAE,CAAC,MAAM,IAAI;CAEvE,IAAI,KAAK;AACT,MAAK,IAAI,IAAI,GAAG,IAAI,aAAa,QAAQ,KAAK;EAC5C,MAAM,MAAM,mBAAmB,aAAa,GAAG;AAE/C,UAAQ,IAAI,MAAZ;GACE,KAAK,YACH,QAAO,KAAK,UAAU;GACxB,KAAK,qBACH,QAAO;GACT,KAAK;AACH,QAAI,MAAM,UAAU,OAAQ,QAAO;AACnC;AACA;GACF,KAAK;AACH,QAAI,MAAM,UAAU,UAAU,UAAU,QAAQ,IAAI,MAAO,QAAO;AAClE;AACA;;;AAIN,QAAO,OAAO,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;ACQ1B,eAAsB,oBAAoB,OAAkC;CAC1E,MAAM,WAAW,MAAM;CACvB,IAAI,cAAc,MAAM;CACxB,IAAI,0BAA0B,OAAO,eAAe,YAAY,KAAK;AAErE,MAAK,MAAM,WAAW,UAAU;AAE9B,MAAI,CAAC,QAAQ,OAAQ;EAErB,IAAI;AACJ,MAAI;AACF,SAAM,MAAM,WAAW,QAAQ,OAAO;WAC/B,KAAK;AACZ,SAAM,IAAI,mBACR,6CAA6C,QAAQ,YAAY,KAAK,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,GACvH;;EAGH,MAAM,mBAAmB,IAAI;AAI7B,MAAI,CAAC,oBAAoB,OAAO,iBAAiB,UAAU,WAAY;AAEvE,MAAI;GACF,MAAM,UAAU,iBAAiB,MAAM,MAAM,cAAc;AAE3D,OAAI,CAAC,yBAAyB;AAC5B,kBAAc,OAAO,OAAO,KAAK;AACjC,cAAU,aAAa,MAAM,cAAyC;AACtE,UAAM,gBAAgB;AACtB,8BAA0B;;AAM5B,aAAU,aAAa,QAAmC;WACnD,KAAK;AACZ,SAAM,IAAI,mBAAmB,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,CAAC;;;;;;;;;;AAapF,eAAsB,cACpB,QACA,UACA,KACA,QACA,MACuB;CACvB,MAAM,WAAW,OAAO,iBAAiB;AACzC,KAAI;EACF,MAAM,cAAc,MAAM,UAAU;EACpC,MAAM,gBACJ,SAAS,aAAa,WAAW,cAAc,QAAQ,KAAK,QAAQ,KAAK,CAAC;AAI5E,SAAO;GAAE,MAAM;GAAY,OAAO;GAAS,UAH1B,MAAM,SAAS,gBAAgB,EAAE,QAChD,WAAW,WAAW,SAAS,YAAY,QAAQ,GAAG,SAAS,CAChE;GACoD;UAC9C,OAAO;AACd,SAAO;GAAE,MAAM;GAAS,OAAO;GAAS;GAAO;;;;;;;;AAWnD,eAAsB,mBACpB,QACA,KACA,OACA,iBACA,sBACA,eACuB;CACvB,MAAM,WAAW,OAAO,iBAAiB;CACzC,MAAM,MAAyB;EAC7B;EACA,gBAAgB;EAChB,SAAS;EACT,eAAe,MAAM;EACrB,aAAa,UAAU;AACrB,QAAK,MAAM,QAAQ,OAAO;IAIxB,IAAI;AACJ,QAAI,KAAK,OAAO,KAAA,EACd,SAAQ,IAAI,KAAK,KAAK,QAAQ,KAAK,GAAG,QAAQ,KAAK;QAEnD,SAAQ,IAAI,KAAK,KAAK,SAAS,KAAK;AAEtC,QAAI,KAAK,gBAAgB,KAAA,EAAW,UAAS,iBAAiB,KAAK;AACnE,QAAI,KAAK,kBAAkB,KAAA,EAAW,UAAS,mBAAmB,KAAK;AACvE,oBAAgB,OAAO,QAAQ,MAAM;;;EAG1C;AAED,KAAI;EACF,MAAM,gBAAgB,mBAAmB,MAAM,iBAAiB,IAAI;EAEpE,MAAM,qBAAqB,OAAO,YAAY;AAC5C,2BAAwB,KAAK;AAC7B,OAAI;AACF,WAAO,MAAM,SAAS,qBAAqB,EAAE,QAC3C,WAAW,WAAW,MAAM,iBAAiB,QAAQ,GAAG,SAAS,CAClE;aACO;AACR,4BAAwB,MAAM;;MAE9B;AACJ,MAAI,mBACF,QAAO;GAAE,MAAM;GAAY,OAAO;GAAc,UAAU;GAAoB;AAIhF,4BAA0B,qBAAqB;AAM/C,iBAAe,gBAAgB;AAE/B,SAAO,eAAe,QAAQ,KAAK,OAAO,iBAAiB,sBAAsB,cAAc;UACxF,OAAO;AACd,MAAI,iBAAiB,eACnB,QAAO;GAAE,MAAM;GAAY,OAAO;GAAc,QAAQ;GAAO;AAEjE,MAAI,iBAAiB,WACnB,QAAO;GAAE,MAAM;GAAQ,OAAO;GAAc,QAAQ;GAAO;AAE7D,SAAO;GAAE,MAAM;GAAS,OAAO;GAAc;GAAO;;;;;;;AAUxD,eAAsB,eACpB,QACA,KACA,OACA,iBACA,sBACA,EAAE,mBAAmB,gBACE;CACvB,MAAM,WAAW,OAAO,iBAAiB;AACzC,KAAI;EACF,MAAM,iBACJ,OAAO,OAAO,KAAK,OAAO,iBAAiB,sBAAsB,aAAa;AAIhF,SAAO;GAAE,MAAM;GAAY,OAAO;GAAU,UAH3B,MAAM,SAAS,iBAAiB,EAAE,cAAc,mBAAmB,QAClF,WAAW,WAAW,UAAU,oBAAoB,SAAS,GAAG,UAAU,CAC3E;GACqD;UAC/C,OAAO;AACd,MAAI,iBAAiB,WACnB,QAAO;GAAE,MAAM;GAAQ,OAAO;GAAU,QAAQ;GAAO;AAEzD,MAAI,iBAAiB,eACnB,QAAO;GAAE,MAAM;GAAY,OAAO;GAAU,QAAQ;GAAO;AAE7D,SAAO;GAAE,MAAM;GAAS,OAAO;GAAU;GAAO;;;;;;;;;;;;;;AAiBpD,eAAsB,cACpB,QACA,KACA,QACA,MACmB;CACnB,MAAM,qBAAqB,OAAO,sBAAsB;CAIxD,MAAM,SAAS,aADH,IAAI,IAAI,IAAI,IAAI,CACI,UAAU,mBAAmB;AAC7D,KAAI,CAAC,OAAO,GACV,QAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,OAAO,QAAQ,CAAC;CAEtD,MAAM,oBAAoB,OAAO;AAKjC,KAAI,OAAO,oBAAoB;EAC7B,MAAM,YAAY,OAAO,mBAAmB,kBAAkB;AAC9D,MAAI,UACF,KAAI;AAIF,OAAI,UAAU,SACZ,QAAO,MAAM,wBAAwB,UAAU;GAGjD,MAAM,MAAM,MAAM,WAAmC,UAAU,KAAK;AACpE,OAAI,OAAO,IAAI,YAAY,WACzB,QAAO,IAAI,SAAS,iDAAiD,EAAE,QAAQ,KAAK,CAAC;GAEvF,MAAM,gBAAgB,MAAM,IAAI,SAAS;AAIzC,OAAI,yBAAyB,SAC3B,QAAO,wBAAwB,cAAc;GAG/C,MAAM,cAAc,UAAU;GAC9B,IAAI;AACJ,OAAI,OAAO,kBAAkB,SAC3B,QAAO;YACE,gBAAgB,kBACzB,QAAO,iBAAiB,cAAc;YAC7B,gBAAgB,4BACzB,QAAO,KAAK,UAAU,eAAe,MAAM,EAAE;OAE7C,QAAO,OAAO,kBAAkB,WAAW,gBAAgB,OAAO,cAAc;AAElF,UAAO,IAAI,SAAS,MAAM;IACxB,QAAQ;IACR,SAAS,EAAE,gBAAgB,GAAG,YAAY,kBAAkB;IAC7D,CAAC;WACK,OAAO;AACd,kBAAe;IAAE;IAAQ;IAAM;IAAO,CAAC;AACvC,OAAI,OAAO,mBAAmB,iBAAiB,MAC7C,QAAO,gBAAgB,OAAO,iBAAiB;AACjD,UAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;;AAShD,KAAI,OAAO,mBACT,KAAI;EACF,MAAM,kBAAkB,MAAM,OAAO,mBAAmB,kBAAkB;AAC1E,MAAI,gBAAiB,QAAO,wBAAwB,gBAAgB;UAC7D,OAAO;AACd,iBAAe;GAAE;GAAQ;GAAM;GAAO,CAAC;AACvC,MAAI,OAAO,mBAAmB,iBAAiB,MAC7C,QAAO,gBAAgB,OAAO,eAAe;AAC/C,SAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;AAU9C,MADsB,IAAI,QAAQ,IAAI,SAAS,IAAI,IAAI,SAAS,mBAAmB;MAG7E,CADc,iBAAiB,IAAI,CACxB,IAAI;GACjB,MAAM,gBAAgB,IAAI,SAAS;AACnC,sBAAmB,cAAc;AACjC,UAAO,IAAI,SAAS,MAAM;IAAE,QAAQ;IAAK,SAAS;IAAe,CAAC;;;CAKtE,IAAI,QAAQ,OAAO,WAAW,kBAAkB;CAChD,IAAI;CAOJ,MAAM,YAAY,IAAI,QAAQ,IAAI,eAAe;AACjD,KAAI,aAAa,OAAO,sBAAsB,QAAQ;EACpD,MAAM,cAAc,sBAClB,mBACA,WACA,OAAO,qBACR;AACD,MAAI,aAAa;GACf,MAAM,cAAc,OAAO,WAAW,YAAY,eAAe;AACjE,OAAI,aAAa;AACf,YAAQ;AACR,mBAAe,EAAE,gBAAgB,mBAAmB;;;;AAK1D,KAAI,CAAC,OAAO;AAGV,MAAI,OAAO,eAAe;GACxB,MAAM,kBAAkB,IAAI,SAAS;AACrC,UAAO,wBAAwB,MAAM,OAAO,cAAc,KAAK,gBAAgB,CAAC;;AAElF,SAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;CAK5C,MAAM,kBAAkB,IAAI,SAAS;CACrC,MAAM,uBAAuB,IAAI,SAAS;AAM1C,iBAAgB,IAAI,iBAAiB,0DAA0D;AAM/F,KAAI,OAAO,WACT,KAAI;AACF,QAAM,OAAO,WAAW,OAAO,KAAK,gBAAgB;SAC9C;AASV,KAAI;AACF,QAAM,oBAAoB,MAAM;UACzB,OAAO;AACd,MAAI,iBAAiB,oBAAoB;GAGvC,MAAM,cAAc,MAAM,SAAS,MAAM,SAAS,SAAS;AAC3D,OAAK,YAAoC,SAAS,CAAE,YAAmC,KACrF,QAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;AAK5C,OAAI,OAAO,cACT,QAAO,wBAAwB,MAAM,OAAO,cAAc,KAAK,gBAAgB,CAAC;AAElF,UAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;AAE5C,QAAM;;AAMR,kBAAiB,MAAM,cAAc;AAarC,QAAO,kBAAkB,QAVvB,MAAM,gBAAgB,SAAS,IAC3B,MAAM,mBAAmB,QAAQ,KAAK,OAAO,iBAAiB,sBAAsB;EAClF;EACA;EACD,CAAC,GACF,MAAM,eAAe,QAAQ,KAAK,OAAO,iBAAiB,sBAAsB;EAC9E;EACA;EACD,CAAC,EAEkC;EACxC;EACA;EACA;EACA;EACA;EACD,CAAC;;;;;;;;;;;AAcJ,eAAsB,kBACpB,QACA,SACA,KACmB;AACnB,SAAQ,QAAQ,MAAhB;EACE,KAAK,YAAY;GAMf,MAAM,gBAAgB,wBAAwB,QAAQ,SAAS;AAE/D,OAAI,QAAQ,UAAU,QAAS,QAAO;AAEtC,OAAI,QAAQ,UAAU,gBAAgB,IAAI,iBAAiB;AACzD,mBAAe,cAAc,QAAQ;AACrC,wBAAoB,cAAc,SAAS,IAAI,gBAAgB;AAC/D,8BAA0B;KACxB,QAAQ,IAAI;KACZ,MAAM,IAAI;KACV,QAAQ,cAAc;KACvB,CAAC;;AAGJ,OAAI,QAAQ,UAAU,SACpB,sBAAqB;AAGvB,UAAO;;EAGT,KAAK,YAAY;GACf,MAAM,UAAU,IAAI,mBAAmB,IAAI,SAAS;AACpD,kBAAe,QAAQ;AACvB,UAAO,sBAAsB,QAAQ,QAAQ,IAAI,KAAK,QAAQ;;EAGhE,KAAK,QAAQ;GACX,MAAM,UAAU,IAAI,mBAAmB,IAAI,SAAS;AACpD,kBAAe,QAAQ;AACvB,OAAI,OAAO,mBACT,KAAI;AAIF,WAAO,wBACL,MAAM,OAAO,mBAAmB,QAAQ,QAAQ,IAAI,KAAK,SAAS,IAAI,MAAM,CAC7E;WACK;AAIV,UAAO,IAAI,SAAS,MAAM;IAAE,QAAQ,QAAQ,OAAO;IAAQ;IAAS,CAAC;;EAGvE,KAAK,SAAS;AACZ,OAAI,QAAQ,UAAU,SAAS;AAC7B,kBAAc,EAAE,OAAO,QAAQ,OAAO,CAAC;AACvC,UAAM,mBAAmB,QAAQ,OAAO,IAAI,KAAK,QAAQ;AACzD,QAAI,OAAO,mBAAmB,QAAQ,iBAAiB,MACrD,QAAO,gBAAgB,QAAQ,OAAO,QAAQ;AAChD,WAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;AAG5C,OAAI,QAAQ,UAAU,cAAc;AAClC,uBAAmB;KAAE,QAAQ,IAAI;KAAQ,MAAM,IAAI;KAAM,OAAO,QAAQ;KAAO,CAAC;AAChF,UAAM,mBAAmB,QAAQ,OAAO,IAAI,KAAK,UAAU;AAC3D,QAAI,OAAO,mBAAmB,QAAQ,iBAAiB,MACrD,QAAO,gBAAgB,QAAQ,OAAO,aAAa;AAErD,WAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;GAG5C,MAAM,UAAU,IAAI,mBAAmB,IAAI,SAAS;AACpD,kBAAe,QAAQ;AACvB,kBAAe;IAAE,QAAQ,IAAI;IAAQ,MAAM,IAAI;IAAM,OAAO,QAAQ;IAAO,CAAC;AAC5E,SAAM,mBAAmB,QAAQ,OAAO,IAAI,KAAK,SAAS;AAC1D,OAAI,OAAO,mBAAmB,QAAQ,iBAAiB,MACrD,QAAO,gBAAgB,QAAQ,OAAO,SAAS;AACjD,OAAI,OAAO,oBACT,KAAI;AAGF,WAAO,wBACL,MAAM,OAAO,oBAAoB,QAAQ,OAAO,IAAI,KAAK,QAAQ,CAClE;WACK;AAIV,UAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;;;;;;;;;;;;;;;AC/WhD,SAAgB,eAAe,QAA6D;CAK1F,MAAM,gBAAgB,kBAAkB,OAAO,MAAM;CACrD,MAAM,gBAAgB,OAAO,iBAAiB;CAC9C,MAAM,eAAe,OAAO,gBAAgB;CAI5C,IAAI,iBAAiB;AAErB,QAAO,OAAO,QAAoC;EAChD,MAAM,MAAM,IAAI,IAAI,IAAI,IAAI;EAC5B,MAAM,SAAS,IAAI;EACnB,MAAM,OAAO,IAAI;EACjB,MAAM,YAAY,YAAY,KAAK;AACnC;AAOA,SAAO,eAFc,iBAAiB,EAEF,YAAY;AAG9C,UAAO,sBAAsB,KAAK,YAAY;IAG5C,MAAM,aAAa,YAAY;AAC7B,wBAAmB;MAAE;MAAQ;MAAM,CAAC;KAEpC,MAAM,WAAW,MAAM,SACrB,uBACA;MAAE,uBAAuB;MAAQ,YAAY;MAAM,EACnD,YAAY;MAGV,MAAM,UAAU,MAAM,gBAAgB;AACtC,UAAI,QACF,gBAAe,QAAQ,SAAS,QAAQ,OAAO;MAGjD,IAAI;AACJ,UAAI,cAEF,UAAS,MAAM,kBAAkB,QADjB,MAAM,cAAc,QAAQ,eAAe,KAAK,QAAQ,KAAK,EAC3B;OAAE;OAAK;OAAQ;OAAM,CAAC;UAExE,UAAS,MAAM,cAAc,QAAQ,KAAK,QAAQ,KAAK;AAKzD,YAAM,iBAAiB,6BAA6B,OAAO,OAAO;AAOlE,UAAI,iBAAiB,YAAY;OAE/B,MAAM,eAAe,uBAAuB;AAC5C,WAAI,aACF,QAAO,QAAQ,IAAI,iBAAiB,aAAa;iBAE1C,iBAAiB,SAAS;OAInC,MAAM,UAAU,KAAK,MAAM,YAAY,KAAK,GAAG,UAAU;AACzD,cAAO,QAAQ,IAAI,iBAAiB,aAAa,UAAU;;AAI7D,aAAO;OAEV;KAGD,MAAM,aAAa,KAAK,MAAM,YAAY,KAAK,GAAG,UAAU;KAC5D,MAAM,SAAS,SAAS;KACxB,MAAM,cAAc;AACpB;AACA,yBAAoB;MAAE;MAAQ;MAAM;MAAQ;MAAY;MAAa,CAAC;AAEtE,SAAI,gBAAgB,KAAK,aAAa,cACpC,gBAAe;MAAE;MAAQ;MAAM;MAAY,WAAW;MAAe;MAAa,CAAC;AAGrF,YAAO;;AAGT,WAAO,iBAAiB,aAAa,uBAAuB,WAAW,GAAG,YAAY;KACtF;IACF;;;;;;;;;;;AClQN,SAAgB,gBAAgB,UAA8B,UAAmC;CAC/F,MAAM,uBAAO,IAAI,KAAa;CAC9B,MAAM,SAAmB,EAAE;AAE3B,MAAK,MAAM,WAAW,SACpB,MAAK,MAAM,QAAQ,CAAC,QAAQ,QAAQ,QAAQ,KAAK,EAAE;AACjD,MAAI,CAAC,KAAM;EACX,MAAM,WAAW,SAAS,IAAI,KAAK;AACnC,MAAI,CAAC,SAAU;AACf,OAAK,MAAM,OAAO,SAChB,KAAI,CAAC,KAAK,IAAI,IAAI,EAAE;AAClB,QAAK,IAAI,IAAI;AACb,UAAO,KAAK,IAAI;;;AAMxB,QAAO;;;;;;;;AAwCT,SAAgB,kBACd,UACA,UACqB;CACrB,MAAM,uBAAO,IAAI,KAAa;CAC9B,MAAM,SAA8B,EAAE;AAEtC,MAAK,MAAM,WAAW,SACpB,MAAK,MAAM,QAAQ,CAAC,QAAQ,QAAQ,QAAQ,KAAK,EAAE;AACjD,MAAI,CAAC,KAAM;EACX,MAAM,QAAQ,SAAS,MAAM,KAAK;AAClC,MAAI,CAAC,MAAO;AACZ,OAAK,MAAM,SAAS,MAClB,KAAI,CAAC,KAAK,IAAI,MAAM,KAAK,EAAE;AACzB,QAAK,IAAI,MAAM,KAAK;AACpB,UAAO,KAAK,MAAM;;;AAM1B,QAAO;;;;;;;;AA8DT,SAAgB,2BACd,UACA,UACU;CACV,MAAM,uBAAO,IAAI,KAAa;CAC9B,MAAM,SAAmB,EAAE;AAE3B,MAAK,MAAM,WAAW,SACpB,MAAK,MAAM,QAAQ,CAAC,QAAQ,QAAQ,QAAQ,KAAK,EAAE;AACjD,MAAI,CAAC,KAAM;EACX,MAAM,WAAW,SAAS,cAAc,KAAK;AAC7C,MAAI,CAAC,SAAU;AACf,OAAK,MAAM,OAAO,SAChB,KAAI,CAAC,KAAK,IAAI,IAAI,EAAE;AAClB,QAAK,IAAI,IAAI;AACb,UAAO,KAAK,IAAI;;;AAMxB,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACnJT,SAAgB,iBAAiB,MAAyB;AAGxD,KAAI,KAAK,OAAO,KAAA,GAAW;EACzB,IAAI,QAAQ,IAAI,KAAK,KAAK,QAAQ,KAAK,GAAG,QAAQ,KAAK;AACvD,MAAI,KAAK,gBAAgB,KAAA,EAAW,UAAS,iBAAiB,KAAK;AACnE,MAAI,KAAK,kBAAkB,KAAA,EAAW,UAAS,mBAAmB,KAAK;AACvE,SAAO;;CAGT,IAAI,QAAQ,IAAI,KAAK,KAAK,SAAS,KAAK;AACxC,KAAI,KAAK,gBAAgB,KAAA,EAAW,UAAS,iBAAiB,KAAK;AACnE,KAAI,KAAK,kBAAkB,KAAA,EAAW,UAAS,mBAAmB,KAAK;AACvE,QAAO;;;;;;;;;;;;;;;;;;;AA4BT,SAAgB,wBACd,UACA,UACA,SACU;CACV,MAAM,SAAmB,EAAE;CAK3B,MAAM,2BAAW,IAAI,KAAa;CAElC,MAAM,OAAO,KAAa,WAAmB;AAC3C,MAAI,CAAC,SAAS,IAAI,IAAI,EAAE;AACtB,YAAS,IAAI,IAAI;AACjB,UAAO,KAAK,OAAO;;;AAKvB,MAAK,MAAM,OAAO,gBAAgB,UAAU,SAAS,CACnD,KAAI,KAAK,iBAAiB;EAAE,MAAM;EAAK,KAAK;EAAW,IAAI;EAAS,CAAC,CAAC;AAMxE,MAAK,MAAM,OAAO,SAAS,IAAI,cAAc,EAAE,CAC7C,KAAI,KAAK,iBAAiB;EAAE,MAAM;EAAK,KAAK;EAAW,IAAI;EAAS,CAAC,CAAC;AAIxE,MAAK,MAAM,QAAQ,kBAAkB,UAAU,SAAS,CACtD,KACE,KAAK,MACL,iBAAiB;EAAE,MAAM,KAAK;EAAM,KAAK;EAAW,IAAI;EAAQ,aAAa;EAAa,CAAC,CAC5F;AAIH,KAAI,CAAC,SAAS,OACZ,MAAK,MAAM,OAAO,2BAA2B,UAAU,SAAS,CAC9D,KAAI,KAAK,iBAAiB;EAAE,MAAM;EAAK,KAAK;EAAiB,CAAC,CAAC;AAInE,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AClIT,SAAgB,wBAA2B,QAA4B,IAAgB;AACrF,QAAO,oBAAoB,IAAI,QAAQ,GAAG;;;;;;;;;;AAW5C,SAAgB,kBAAkB,OAAuB;AACvD,KAAI,CAAC,MAAM,OAAQ;CACnB,MAAM,SAAS,oBAAoB,UAAU;AAC7C,KAAI,CAAC,OAAQ;AACb,KAAI;AACF,SAAO,MAAM;SACP;;;;;;;;;;;;;;;;ACwGV,eAAsB,iBAAiB,QAAqD;CAC1F,MAAM,EAAE,UAAU,YAAY,eAAe,2BAA2B;AAExE,KAAI,SAAS,WAAW,EACtB,OAAM,IAAI,MAAM,iDAAiD;CAGnE,MAAM,OAAO,SAAS,SAAS,SAAS;AAGxC,KAAI,KAAK,SAAS,CAAC,KAAK,KACtB,QAAO;EAAE,MAAM;EAAM,YAAY;EAAM;CAKzC,MAAM,iBADa,KAAK,OAAO,MAAM,WAAW,KAAK,KAAK,GAAG,OAC3B;AAElC,KAAI,CAAC,cACH,OAAM,IAAI,MACR,iDAAiD,KAAK,QAAQ,gDAE/D;CAIH,IAAI,UAAwB,cAAc,eAAe,EAAE,CAAC;AAG5D,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,UAAU,SAAS;AAGzB,YAAU,MAAM,wBACd,SACA,SACA,YACA,eACA,uBACD;AAGD,MAAI,QAAQ,QAAQ;GAElB,MAAM,YADe,MAAM,WAAW,QAAQ,OAAO,EACvB;AAC9B,aAAU,cAAc,sBAAsB;IAC5C;IACA,aAAa,QAAQ;IACrB,UAAU;IACX,CAA2B;;AAI9B,MAAI,QAAQ,QAAQ;GAElB,MAAM,mBADe,MAAM,WAAW,QAAQ,OAAO,EAChB;AAIrC,OAAI,iBAAiB;IAEnB,MAAM,YAA0C,EAAE;IAClD,MAAM,YAAY,OAAO,KAAK,QAAQ,MAAM;AAC5C,QAAI,UAAU,SAAS,EACrB,MAAK,MAAM,YAAY,WAAW;KAChC,MAAM,WAAW,QAAQ,MAAM;AAC/B,eAAU,YAAY,MAAM,iBAC1B,UACA,YACA,eACA,uBACD;;AAIL,cAAU,cAAc,iBAAiB;KACvC,GAAG;KACH,UAAU;KACX,CAAC;;;;AAKR,QAAO;EAAE,MAAM;EAAS,YAAY;EAAO;;;;;;;;AAW7C,eAAe,iBACb,UACA,YACA,eACA,wBACuB;CAGvB,MAAM,iBADa,SAAS,OAAO,MAAM,WAAW,SAAS,KAAK,GAAG,OACnC;CAIlC,MAAM,oBADgB,SAAS,UAAU,MAAM,WAAW,SAAS,QAAQ,GAAG,OACtC;AAKxC,KAAI,CAAC,cACH,QAAO,mBAAmB,cAAc,kBAAkB,EAAE,CAAC,GAAG;CAGlE,IAAI,UAAwB,cAAc,eAAe,EAAE,CAAC;AAG5D,WAAU,MAAM,wBACd,UACA,SACA,YACA,eACA,uBACD;AAGD,KAAI,SAAS,QAAQ;EAEnB,MAAM,YADe,MAAM,WAAW,SAAS,OAAO,EACxB;EAK9B,MAAM,mBADe,SAAS,SAAS,MAAM,WAAW,SAAS,OAAO,GAAG,OAE1D,WAAkE;EAEnF,MAAM,kBAAkB,mBAAmB,cAAc,kBAAkB,EAAE,CAAC,GAAG;AAEjF,YAAU,cAAc,2BAA2B;GACjD;GACA;GACA,UAAU,SAAS,YAAY,QAAQ,MAAM,GAAG;GAChD;GACA;GACA,UAAU;GACX,CAA+B;;AAGlC,QAAO;;;AAMT,IAAM,iBAAiB,IAAI,IAAI,CAAC,OAAO,KAAK,CAAC;;;;;;;AAQ7C,SAAS,UAAU,MAA0B;AAC3C,QAAO,eAAe,IAAI,KAAK,UAAU;;;;;;;;;;;;;;;;;;AAmB3C,eAAe,wBACb,SACA,SACA,YACA,eACA,wBACuB;AAIvB,KAAI,QAAQ,aAAa;AAEvB,OAAK,MAAM,CAAC,KAAK,SAAS,OAAO,QAAQ,QAAQ,YAAY,CAC3D,KAAI,QAAQ,SAAS,QAAQ,OAAO;GAClC,MAAM,SAAS,SAAS,KAAK,GAAG;AAChC,OAAI,CAAC,MAAM,OAAO,EAAE;IAElB,MAAM,aADM,MAAM,WAAW,KAAK,EACZ;AACtB,QAAI,UAYF,WAAU,cAAc,wBAXF,UAAU,KAAK,GAChC;KACC,iBAAiB,cAAc,WAAW,EAAE,QAAQ,CAAC;KACrD;KACA,UAAU;KACX,GACA;KACC,mBAAmB;KACnB;KACA,UAAU;KACX,CACyD;;;AAOtE,OAAK,MAAM,CAAC,KAAK,SAAS,OAAO,QAAQ,QAAQ,YAAY,CAC3D,KAAI,QAAQ,SAAS,QAAQ,OAAO;GAElC,MAAM,aADM,MAAM,WAAW,KAAK,EACZ;AACtB,OAAI,WAAW;IACb,MAAM,iBAAiB,QAAQ,QAAQ,MAAM;AAY7C,cAAU,cAAc,wBAXF,UAAU,KAAK,GAChC;KACC,iBAAiB,cAAc,WAAW,EAAE,CAAC;KAC7C,QAAQ;KACR,UAAU;KACX,GACA;KACC,mBAAmB;KACnB,QAAQ;KACR,UAAU;KACX,CACyD;;;;AAStE,KAAI,QAAQ,OAAO;EAEjB,MAAM,kBADc,MAAM,WAAW,QAAQ,MAAM,EAChB;AACnC,MAAI,eAUF,WAAU,cAAc,wBATF,UAAU,QAAQ,MAAM,GACzC;GACC,iBAAiB,cAAc,gBAAgB,EAAE,CAAC;GAClD,UAAU;GACX,GACA;GACC,mBAAmB;GACnB,UAAU;GACX,CACyD;;AAIlE,QAAO;;;;;AC1UT,IAAM,wBAAgD,OAAO,YAC3D,OAAO,QAR6C;CACpD,aAAa;CACb,aAAa;CACb,gBAAgB;CACjB,CAIsC,CAAC,KAAK,CAAC,MAAM,YAAY,CAAC,QAAQ,KAAK,CAAC,CAC9E;;;;;;;;AAWD,SAAS,cACP,OACA,WACA,aACA,cACA,QACoC;AACpC,KAAI,CAAC,MAAO,QAAO;CACnB,MAAM,QAAQ,MAAM;AACpB,KAAI,MAAO,QAAO;EAAE,MAAM;EAAO;EAAQ,MAAM;EAAS;EAAc;CACtE,MAAM,WAAW,MAAM;AACvB,KAAI,SAAU,QAAO;EAAE,MAAM;EAAU;EAAQ,MAAM;EAAY;EAAc;AAC/E,QAAO;;;;;;;AAQT,SAAS,aACP,OACA,QACA,cACoC;AACpC,KAAI,CAAC,MAAO,QAAO;CACnB,MAAM,OAAO,sBAAsB;AACnC,KAAI,CAAC,KAAM,QAAO;CAClB,MAAM,OAAO,MAAM;AACnB,QAAO,OAAO;EAAE;EAAM;EAAQ,MAAM;EAAU;EAAc,GAAG;;;;;;;;;;;;;AAgBjE,SAAgB,kBACd,QACA,UACA,SAA2B,aACS;AACpC,KAAI,SAAS,OAAO,SAAS,IAAK,QAAO;AACzC,KAAI,WAAW,OAAQ,QAAO,YAAY,QAAQ,SAAS;AAC3D,KAAI,UAAU,IAAK,QAAO,WAAW,QAAQ,SAAS;AACtD,QAAO,WAAW,QAAQ,SAAS;;;;;;;;;;;;;;;AAgBrC,SAAS,WACP,QACA,UACoC;CACpC,MAAM,YAAY,OAAO,OAAO;AAEhC,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,IAAI,cAAc,SAAS,GAAG,aAAa,WAAW,OAAO,GAAG,OAAO;AAC7E,MAAI,EAAG,QAAO;;AAGhB,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,IAAI,aAAa,SAAS,GAAG,mBAAmB,QAAQ,EAAE;AAChE,MAAI,EAAG,QAAO;;AAGhB,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,YAAY,SAAS,GAAG;AAC9B,MAAI,UACF,QAAO;GAAE,MAAM;GAAW;GAAQ,MAAM;GAAS,cAAc;GAAG;;AAItE,QAAO;;;;;;;;;AAUT,SAAS,WACP,QACA,UACoC;CACpC,MAAM,YAAY,OAAO,OAAO;AAEhC,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,UAAU,SAAS;EACzB,MAAM,IAAI,cAAc,QAAQ,aAAa,WAAW,OAAO,GAAG,OAAO;AACzE,MAAI,EAAG,QAAO;AACd,MAAI,QAAQ,MACV,QAAO;GAAE,MAAM,QAAQ;GAAO;GAAQ,MAAM;GAAS,cAAc;GAAG;;AAI1E,QAAO;;;;;;;;;AAUT,SAAS,YACP,QACA,UACoC;CACpC,MAAM,YAAY,OAAO,OAAO;CAChC,MAAM,cAAc,UAAU,MAAM,QAAQ;AAE5C,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,IAAI,cAAc,SAAS,GAAG,iBAAiB,WAAW,aAAa,GAAG,OAAO;AACvF,MAAI,EAAG,QAAO;;AAGhB,QAAO;;;;;;;;;;AAaT,SAAgB,kBACd,UACoC;CACpC,MAAM,WAAW,SAAS,YAAY,QAAQ,MAAM,GAAG;AAEvD,KAAI,SAAS,OACX,QAAO;EAAE,MAAM,SAAS;EAAQ;EAAU,MAAM;EAAU;AAG5D,KAAI,SAAS,QACX,QAAO;EAAE,MAAM,SAAS;EAAS;EAAU,MAAM;EAAW;AAG9D,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACjLT,eAAsB,cACpB,UACA,UAAwB,EAAE,EACJ;CACtB,MAAM,EAAE,kBAAkB,IAAI,SAAS,EAAE,gBAAgB,QAAQ;CAEjE,IAAI;AAIJ,KAAI;AACF,iBAAe,MAAM,UAAU;UACxB,OAAO;AACd,SAAO,aAAa,OAAO,gBAAgB;;AAK7C,KAAI;AACF,QAAM,aAAa;UACZ,OAAO;AACd,SAAO,aAAa,OAAO,gBAAgB;;AAI7C,iBAAgB,IAAI,gBAAgB,2BAA2B;AAE/D,QAAO;EACL,UAAU,IAAI,SAAS,aAAa,QAAQ;GAC1C,QAAQ;GACR,SAAS;GACV,CAAC;EACF,QAAQ;EACR,YAAY;EACZ,UAAU;EACX;;;;;AAQH,SAAS,aAAa,OAAgB,iBAAuC;AAE3E,KAAI,iBAAiB,gBAAgB;AACnC,kBAAgB,IAAI,YAAY,MAAM,SAAS;AAC/C,SAAO;GACL,UAAU,IAAI,SAAS,MAAM;IAC3B,QAAQ,MAAM;IACd,SAAS;IACV,CAAC;GACF,QAAQ,MAAM;GACd,YAAY;GACZ,UAAU;GACX;;AAIH,KAAI,iBAAiB,WACnB,QAAO;EACL,UAAU,IAAI,SAAS,MAAM;GAC3B,QAAQ,MAAM;GACd,SAAS;GACV,CAAC;EACF,QAAQ,MAAM;EACd,YAAY;EACZ,UAAU;EACX;AAIH,KAAI,iBAAiB,YACnB,QAAO;EACL,UAAU,IAAI,SAAS,MAAM;GAC3B,QAAQ,MAAM;GACd,SAAS;GACV,CAAC;EACF,QAAQ,MAAM;EACd,YAAY;EACZ,UAAU;EACX;AAIH,gBAAe;EAAE,QAAQ;EAAI,MAAM;EAAI;EAAO,CAAC;AAC/C,QAAO;EACL,UAAU,IAAI,SAAS,MAAM;GAC3B,QAAQ;GACR,SAAS;GACV,CAAC;EACF,QAAQ;EACR,YAAY;EACZ,UAAU;EACX;;;;;AC5JH,IAAM,eAAe,IAAI,IAAI;CAAC;CAAO;CAAQ;CAAU,CAAC;;;;;;;;;;;AAcxD,SAAgB,aAAa,KAAc,QAAgC;AAEzE,KAAI,aAAa,IAAI,IAAI,OAAO,CAC9B,QAAO,EAAE,IAAI,MAAM;AAIrB,KAAI,OAAO,SAAS,MAClB,QAAO,EAAE,IAAI,MAAM;CAGrB,MAAM,SAAS,IAAI,QAAQ,IAAI,SAAS;AAGxC,KAAI,CAAC,OACH,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;AAInC,KAAI,OAAO,eAET,QADgB,OAAO,eAAe,SAAS,OAAO,GACrC,EAAE,IAAI,MAAM,GAAG;EAAE,IAAI;EAAO,QAAQ;EAAK;CAI5D,MAAM,OAAO,IAAI,QAAQ,IAAI,OAAO;AACpC,KAAI,CAAC,KACH,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;CAInC,IAAI;AACJ,KAAI;AACF,eAAa,IAAI,IAAI,OAAO,CAAC;SACvB;AACN,SAAO;GAAE,IAAI;GAAO,QAAQ;GAAK;;AAGnC,QAAO,eAAe,OAAO,EAAE,IAAI,MAAM,GAAG;EAAE,IAAI;EAAO,QAAQ;EAAK;;;;AC5DxE,IAAM,KAAK;AACX,IAAM,KAAK,OAAO;AAClB,IAAM,KAAK,OAAO;AAElB,IAAa,iBAAiB;CAC5B,gBAAgB,IAAI;CACpB,gBAAgB,KAAK;CACrB,WAAW;CACZ;AAED,IAAM,eAAe;;AAGrB,SAAgB,cAAc,MAAsB;CAClD,MAAM,QAAQ,aAAa,KAAK,KAAK,MAAM,CAAC;AAC5C,KAAI,CAAC,MACH,OAAM,IAAI,MACR,8BAA8B,KAAK,oDACpC;CAGH,MAAM,QAAQ,OAAO,WAAW,MAAM,GAAG;CACzC,MAAM,QAAQ,MAAM,MAAM,IAAI,aAAa;AAE3C,SAAQ,MAAR;EACE,KAAK,KACH,QAAO,KAAK,MAAM,QAAQ,GAAG;EAC/B,KAAK,KACH,QAAO,KAAK,MAAM,QAAQ,GAAG;EAC/B,KAAK,KACH,QAAO,KAAK,MAAM,QAAQ,GAAG;EAC/B,KAAK,GACH,QAAO,KAAK,MAAM,MAAM;EAC1B,QACE,OAAM,IAAI,MAAM,uBAAuB,KAAK,GAAG;;;;AAKrD,SAAgB,kBACd,KACA,MACA,QACiB;CACjB,MAAM,gBAAgB,IAAI,QAAQ,IAAI,iBAAiB;AACvD,KAAI,CAAC,cAGH,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;CAGnC,MAAM,WAAW,OAAO,SAAS,eAAe,GAAG;AACnD,KAAI,OAAO,MAAM,SAAS,CACxB,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;AAInC,QAAO,YADO,aAAa,MAAM,OAAO,GACb,EAAE,IAAI,MAAM,GAAG;EAAE,IAAI;EAAO,QAAQ;EAAK;;;;;AAetE,SAAS,aAAa,MAAgB,QAAkC;CACtE,MAAM,aAAa,OAAO;AAE1B,KAAI,SAAS,SACX,QAAO,YAAY,iBACf,cAAc,WAAW,eAAe,GACxC,eAAe;AAGrB,QAAO,YAAY,iBACf,cAAc,WAAW,eAAe,GACxC,eAAe;;;;;ACzErB,IAAM,eAA6B;CAAC;CAAO;CAAQ;CAAO;CAAS;CAAU;CAAQ;CAAU;;;;;;;;;AAY/F,SAAgB,sBAAsB,KAAgC;CACpE,MAAM,UAAwB,EAAE;AAEhC,MAAK,MAAM,UAAU,cAAc;AACjC,MAAI,WAAW,UAAU,WAAW,UAAW;AAC/C,MAAI,IAAI,QACN,SAAQ,KAAK,OAAO;;AAKxB,KAAI,IAAI,OAAO,CAAC,IAAI,KAClB,SAAQ,KAAK,OAAO;UACX,IAAI,KACb,SAAQ,KAAK,OAAO;AAItB,KAAI,CAAC,IAAI,QACP,SAAQ,KAAK,UAAU;KAEvB,SAAQ,KAAK,UAAU;AAGzB,QAAO;;;;;;;;AAWT,eAAsB,mBAAmB,KAAkB,KAAsC;CAC/F,MAAM,SAAS,IAAI,IAAI,OAAO,aAAa;CAE3C,MAAM,cADU,sBAAsB,IAAI,CACd,KAAK,KAAK;AAGtC,KAAI,WAAW,WAAW;AACxB,MAAI,IAAI,QACN,QAAO,WAAW,IAAI,SAAS,IAAI;AAErC,SAAO,IAAI,SAAS,MAAM;GACxB,QAAQ;GACR,SAAS,EAAE,OAAO,aAAa;GAChC,CAAC;;AAIJ,KAAI,WAAW,QAAQ;AACrB,MAAI,IAAI,KACN,QAAO,WAAW,IAAI,MAAM,IAAI;AAElC,MAAI,IAAI,KAAK;GACX,MAAM,MAAM,MAAM,WAAW,IAAI,KAAK,IAAI;AAE1C,UAAO,IAAI,SAAS,MAAM;IACxB,QAAQ,IAAI;IACZ,SAAS,IAAI;IACd,CAAC;;;CAKN,MAAM,UAAU,IAAI;AACpB,KAAI,CAAC,QACH,QAAO,IAAI,SAAS,MAAM;EACxB,QAAQ;EACR,SAAS,EAAE,OAAO,aAAa;EAChC,CAAC;AAGJ,QAAO,WAAW,SAAS,IAAI;;;;;AAMjC,eAAe,WAAW,SAAuB,KAAsC;AACrF,KAAI;AAEF,SAAO,qBADK,MAAM,QAAQ,IAAI,EACG,IAAI,QAAQ;UACtC,OAAO;AACd,gBAAc;GAAE,QAAQ,IAAI,IAAI;GAAQ,MAAM,IAAI,IAAI,IAAI,IAAI,IAAI,CAAC;GAAU;GAAO,CAAC;AACrF,SAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;;;;;;;AAS9C,SAAS,qBAAqB,KAAe,YAA+B;CAE1E,IAAI,gBAAgB;AACpB,YAAW,cAAc;AACvB,kBAAgB;GAChB;AACF,KAAI,CAAC,cAAe,QAAO;CAM3B,MAAM,SAAS,IAAI,SAAS;AAC5B,YAAW,SAAS,OAAO,QAAQ;AACjC,MAAI,IAAI,aAAa,KAAK,aACxB,QAAO,OAAO,KAAK,MAAM;MAEzB,QAAO,IAAI,KAAK,MAAM;GAExB;CAGF,MAAM,aAAa,IAAI,QAAQ,cAAc;AAC7C,MAAK,MAAM,UAAU,WACnB,QAAO,OAAO,cAAc,OAAO;AAErC,KAAI,QAAQ,SAAS,OAAO,QAAQ;AAClC,MAAI,IAAI,aAAa,KAAK,aACxB,QAAO,IAAI,KAAK,MAAM;GAExB;AAEF,QAAO,IAAI,SAAS,IAAI,MAAM;EAC5B,QAAQ,IAAI;EACZ,YAAY,IAAI;EAChB,SAAS;EACV,CAAC;;;;;;;;;;;;;;;;;;;AC3JJ,IAAa,qBAAb,cAAwC,MAAM;CAC5C;CAEA,YAAY,WAAmB,SAAkB;EAC/C,MAAM,UAAU,UACZ,wBAAwB,UAAU,MAAM,YACxC,wBAAwB,UAAU;AACtC,QAAM,QAAQ;AACd,OAAK,OAAO;AACZ,OAAK,YAAY"}
1
+ {"version":3,"file":"internal.js","names":[],"sources":["../../src/server/server-timing.ts","../../src/server/instrumentation.ts","../../src/server/pipeline-helpers.ts","../../src/server/canonicalize.ts","../../src/server/proxy.ts","../../src/server/middleware-runner.ts","../../src/server/metadata-social.ts","../../src/server/metadata-platform.ts","../../src/server/metadata-render.ts","../../src/server/metadata.ts","../../src/server/safe-load.ts","../../src/server/deny-boundary.ts","../../src/server/access-gate.tsx","../../src/server/route-element-builder.ts","../../src/server/version-skew.ts","../../src/server/pipeline-metadata.ts","../../src/server/pipeline-interception.ts","../../src/server/param-coercion.ts","../../src/server/pipeline-outcome.ts","../../src/server/pipeline-phases.ts","../../src/server/pipeline.ts","../../src/server/build-manifest.ts","../../src/server/early-hints.ts","../../src/server/early-hints-sender.ts","../../src/server/tree-builder.ts","../../src/server/status-code-resolver.ts","../../src/server/flush.ts","../../src/server/csrf.ts","../../src/server/body-limits.ts","../../src/server/route-handler.ts","../../src/server/render-timeout.ts"],"sourcesContent":["/**\n * Server-Timing header — dev-mode timing breakdowns for Chrome DevTools.\n *\n * Collects timing entries per request using ALS. Each pipeline phase\n * (proxy, middleware, render, SSR, access, fetch) records an entry.\n * Before response flush, entries are formatted into a Server-Timing header.\n *\n * Only active in dev mode — zero overhead in production.\n *\n * See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Server-Timing\n * Task: LOCAL-290\n */\n\nimport { timingAls } from './als-registry.js';\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\nexport interface TimingEntry {\n /** Metric name (alphanumeric + hyphens, no spaces). */\n name: string;\n /** Duration in milliseconds. */\n dur: number;\n /** Human-readable description (shown in DevTools). */\n desc?: string;\n}\n\n// ─── Public API ───────────────────────────────────────────────────────────\n\n/**\n * Run a callback with a per-request timing collector.\n * Must be called at the top of the request pipeline (wraps the full request).\n */\nexport function runWithTimingCollector<T>(fn: () => T): T {\n return timingAls.run({ entries: [] }, fn);\n}\n\n/**\n * Record a timing entry for the current request.\n * No-ops if called outside a timing collector (e.g. in production).\n */\nexport function recordTiming(entry: TimingEntry): void {\n const store = timingAls.getStore();\n if (!store) return;\n store.entries.push(entry);\n}\n\n/**\n * Run a function and automatically record its duration as a timing entry.\n * Returns the function's result. No-ops the recording if outside a collector.\n */\nexport async function withTiming<T>(\n name: string,\n desc: string | undefined,\n fn: () => T | Promise<T>\n): Promise<T> {\n const store = timingAls.getStore();\n if (!store) return fn();\n\n const start = performance.now();\n try {\n return await fn();\n } finally {\n const dur = Math.round(performance.now() - start);\n store.entries.push({ name, dur, desc });\n }\n}\n\n/**\n * Get the Server-Timing header value for the current request.\n * Returns null if no entries exist or outside a collector.\n *\n * Format: `name;dur=123;desc=\"description\", name2;dur=456`\n * See RFC 6797 / Server-Timing spec for format details.\n */\nexport function getServerTimingHeader(): string | null {\n const store = timingAls.getStore();\n if (!store || store.entries.length === 0) return null;\n\n // Deduplicate names — if a name appears multiple times, suffix with index\n const nameCounts = new Map<string, number>();\n const entries = store.entries.map((entry) => {\n const count = nameCounts.get(entry.name) ?? 0;\n nameCounts.set(entry.name, count + 1);\n const uniqueName = count > 0 ? `${entry.name}-${count}` : entry.name;\n return { ...entry, name: uniqueName };\n });\n\n const parts = entries.map((entry) => {\n let part = `${entry.name};dur=${entry.dur}`;\n if (entry.desc) {\n // Escape quotes in desc per Server-Timing spec\n const safeDesc = entry.desc.replace(/\\\\/g, '\\\\\\\\').replace(/\"/g, '\\\\\"');\n part += `;desc=\"${safeDesc}\"`;\n }\n return part;\n });\n\n // Respect header size limits — browsers typically handle up to 8KB headers.\n // Truncate if the header exceeds 4KB to leave room for other headers.\n const MAX_HEADER_SIZE = 4096;\n let result = '';\n for (let i = 0; i < parts.length; i++) {\n const candidate = result ? `${result}, ${parts[i]}` : parts[i]!;\n if (candidate.length > MAX_HEADER_SIZE) break;\n result = candidate;\n }\n\n return result || null;\n}\n\n/**\n * Sanitize a URL for use in Server-Timing desc.\n * Strips query params and truncates long paths to avoid information leakage.\n */\nexport function sanitizeUrlForTiming(url: string): string {\n try {\n const parsed = new URL(url);\n const origin = parsed.host;\n let path = parsed.pathname;\n // Truncate long paths\n if (path.length > 50) {\n path = path.slice(0, 47) + '...';\n }\n return `${origin}${path}`;\n } catch {\n // Not a valid URL — truncate raw string\n if (url.length > 60) {\n return url.slice(0, 57) + '...';\n }\n return url;\n }\n}\n","/**\n * Instrumentation — loads and runs the user's instrumentation.ts file.\n *\n * instrumentation.ts is a file convention at the project root that exports:\n * - register() — called once at server startup, before the first request\n * - onRequestError() — called for every unhandled server error\n * - logger — any object with info/warn/error/debug methods\n *\n * See design/17-logging.md §\"instrumentation.ts — The Entry Point\"\n */\n\nimport { setLogger, type TimberLogger } from './logger.js';\n\n// ─── Instrumentation Types ────────────────────────────────────────────────\n\nexport type InstrumentationOnRequestError = (\n error: unknown,\n request: InstrumentationRequestInfo,\n context: InstrumentationErrorContext\n) => void | Promise<void>;\n\nexport interface InstrumentationRequestInfo {\n /** HTTP method: 'GET', 'POST', etc. */\n method: string;\n /** Request path: '/dashboard/projects/123' */\n path: string;\n /** Request headers as a plain object. */\n headers: Record<string, string>;\n}\n\nexport interface InstrumentationErrorContext {\n /** Which pipeline phase the error occurred in. */\n phase: 'proxy' | 'handler' | 'render' | 'action' | 'route';\n /** The route pattern: '/dashboard/projects/[id]' */\n routePath: string;\n /** Type of route that was matched. */\n routeType: 'page' | 'route' | 'action';\n /** Always set — OTEL trace ID or UUID fallback. */\n traceId: string;\n}\n\n// ─── Instrumentation Module Shape ─────────────────────────────────────────\n\ninterface InstrumentationModule {\n register?: () => void | Promise<void>;\n onRequestError?: InstrumentationOnRequestError;\n logger?: TimberLogger;\n}\n\n// ─── State ────────────────────────────────────────────────────────────────\n//\n// Intentional per-app singletons (not per-request). Instrumentation loads\n// once at server startup and persists for the lifetime of the process/isolate.\n// These must NOT be migrated to ALS — they are correctly scoped to the app.\n\nlet _initialized = false;\nlet _onRequestError: InstrumentationOnRequestError | null = null;\n\n/**\n * Load and initialize the user's instrumentation.ts module.\n *\n * - Awaits register() before returning (server blocks on this).\n * - Picks up the logger export and wires it into the framework logger.\n * - Stores onRequestError for later invocation.\n *\n * @param loader - Function that dynamically imports the user's instrumentation module.\n * Returns null if no instrumentation.ts exists.\n */\nexport async function loadInstrumentation(\n loader: () => Promise<InstrumentationModule | null>\n): Promise<void> {\n if (_initialized) return;\n _initialized = true;\n\n let mod: InstrumentationModule | null;\n try {\n mod = await loader();\n } catch (error) {\n console.error('[timber] Failed to load instrumentation.ts:', error);\n return;\n }\n\n if (!mod) return;\n\n // Wire up the logger export\n if (mod.logger && typeof mod.logger.info === 'function') {\n setLogger(mod.logger);\n }\n\n // Store onRequestError for later\n if (typeof mod.onRequestError === 'function') {\n _onRequestError = mod.onRequestError;\n }\n\n // Await register() — server does not accept requests until this resolves\n if (typeof mod.register === 'function') {\n try {\n await mod.register();\n } catch (error) {\n console.error('[timber] instrumentation.ts register() threw:', error);\n throw error;\n }\n }\n}\n\n/**\n * Call the user's onRequestError hook. Catches and logs any errors thrown\n * by the hook itself — it must not affect the response.\n */\nexport async function callOnRequestError(\n error: unknown,\n request: InstrumentationRequestInfo,\n context: InstrumentationErrorContext\n): Promise<void> {\n if (!_onRequestError) return;\n try {\n await _onRequestError(error, request, context);\n } catch (hookError) {\n console.error('[timber] onRequestError hook threw:', hookError);\n }\n}\n\n/**\n * Check if onRequestError is registered.\n */\nexport function hasOnRequestError(): boolean {\n return _onRequestError !== null;\n}\n\n/**\n * Reset instrumentation state. Test-only.\n */\nexport function resetInstrumentation(): void {\n _initialized = false;\n _onRequestError = null;\n}\n","/**\n * Pipeline helpers — small utility functions used by `pipeline.ts` and\n * `pipeline-phases.ts`. Lifted out of `pipeline.ts` to keep that file\n * focused on the request handler entry point.\n *\n * Each helper is intentionally a free function with no closure capture, so\n * it can be unit-tested in isolation.\n *\n * See design/07-routing.md §\"Request Lifecycle\".\n */\n\nimport type { ProxyExport } from './proxy.js';\nimport { getSetCookieHeaders } from './cookie-context.js';\nimport { callOnRequestError } from './instrumentation.js';\nimport { getTraceId } from './tracing.js';\nimport { RedirectSignal } from './primitives.js';\nimport type { ProxyConfig } from './pipeline.js';\n\n// ─── Prototype-Pollution-Safe Sanitizer ────────────────────────────────────\n\n/**\n * Only __proto__ needs stripping — it has a language-level setter that\n * changes the prototype chain of spread copies. constructor and prototype\n * are harmless own properties on null-prototype objects.\n */\nconst DANGEROUS_KEYS = new Set(['__proto__']);\n\n/**\n * Deep-walk a value returned by a segment param codec, producing a\n * sanitized copy where every plain object is null-prototype and\n * dangerous keys (__proto__, constructor, prototype) are stripped at\n * every depth.\n *\n * Non-plain objects (Date, Map, class instances, etc.) are returned\n * as-is — they cannot be poisoned by `{...x}` spread and may carry\n * author-intended prototype methods.\n *\n * Arrays are walked element-wise.\n *\n * Performance: URL params are bounded by URL length (~8 KB). Realistic\n * trees are <1 KB. The recursive walk is sub-microsecond.\n *\n * See TIM-655, TIM-855, TIM-873, design/13-security.md\n */\nexport function sanitizeParamValue(value: unknown): unknown {\n if (value === null || typeof value !== 'object') return value;\n\n if (Array.isArray(value)) {\n return value.map(sanitizeParamValue);\n }\n\n // Only walk plain objects — anything with a custom prototype (Date, Map,\n // class instances) is left untouched.\n const proto = Object.getPrototypeOf(value);\n if (proto !== Object.prototype && proto !== null) return value;\n\n const out: Record<string, unknown> = Object.create(null);\n for (const key of Object.keys(value as Record<string, unknown>)) {\n if (!DANGEROUS_KEYS.has(key)) {\n out[key] = sanitizeParamValue((value as Record<string, unknown>)[key]);\n }\n }\n return out;\n}\n\n// ─── Proxy Resolver ────────────────────────────────────────────────────────\n\n/**\n * Resolver closure produced once at pipeline construction. The lazy variant\n * still calls `loader()` per-request (HMR relies on re-importing), but the\n * choice of which branch to take is made once, not on every request.\n */\nexport type ProxyResolver = () => ProxyExport | Promise<ProxyExport>;\n\n/**\n * Build a proxy resolver closure from the declared source. Called exactly\n * once at `createPipeline` setup time, so the hot path sees only the branch\n * that corresponds to this pipeline's configured variant.\n *\n * Returns `null` when the app has no proxy.ts — the hot path short-circuits\n * around `runProxyPhase` entirely in that case.\n *\n * Accepts the sugar form (a bare `ProxyExport` — function or function array)\n * and normalises it to the static variant. Functions and arrays are\n * structurally distinct from the tagged `{ kind: 'lazy', loader }` object,\n * so discrimination is unambiguous.\n */\nexport function makeProxyResolver(\n proxy: ProxyConfig | ProxyExport | undefined\n): ProxyResolver | null {\n if (proxy === undefined) return null;\n // Sugar: a bare ProxyExport (function or function array) — treat as static.\n if (typeof proxy === 'function' || Array.isArray(proxy)) {\n const exp = proxy;\n return () => exp;\n }\n if (proxy.kind === 'static') {\n const exp = proxy.export;\n return () => exp;\n }\n const loader = proxy.loader;\n return async () => (await loader()).default;\n}\n\n// ─── Cookie / Header Helpers ───────────────────────────────────────────────\n\n/**\n * Apply all Set-Cookie headers from the cookie jar to a Headers object.\n * Each cookie gets its own Set-Cookie header per RFC 6265 §4.1.\n */\nexport function applyCookieJar(headers: Headers): void {\n for (const value of getSetCookieHeaders()) {\n headers.append('Set-Cookie', value);\n }\n}\n\n/**\n * Merge framework-managed response headers onto a terminal response without\n * overwriting headers the terminal response already set itself.\n */\nexport function mergeMissingHeaders(target: Headers, source: Headers): void {\n const existingKeys = new Set([...target.keys()].map((key) => key.toLowerCase()));\n for (const [key, value] of source.entries()) {\n if (!existingKeys.has(key.toLowerCase())) {\n target.append(key, value);\n }\n }\n}\n\n// ─── Mutable Response Cloning ──────────────────────────────────────────────\n\n/**\n * Clone a Response into a fresh one whose header bag is guaranteed mutable.\n *\n * `Response.redirect()` and some platform-level passthrough responses (notably\n * on Cloudflare Workers) return objects with frozen header bags. Calling\n * `.set()` or `.append()` on them throws `TypeError: immutable`, which the\n * pipeline can hit when it appends Set-Cookie or Server-Timing entries.\n *\n * The pipeline calls this at the producer sites where user-controlled\n * responses enter the framework — `outcomeToResponse` for all phase outcomes,\n * and `handleRequest` for metadata-route and auto-sitemap user handlers — so\n * downstream code can write headers without runtime feature-detection.\n *\n * The clone is unconditional. This is a deliberate trade: we avoid a\n * try/catch + thrown `TypeError` on every request (the previous probe-based\n * approach paid that cost on the hot path) and accept one cheap Response\n * rewrap at the framework boundary instead.\n */\nexport function cloneWithMutableHeaders(response: Response): Response {\n return new Response(response.body, {\n status: response.status,\n statusText: response.statusText,\n headers: new Headers(response.headers),\n });\n}\n\n// ─── Redirect Builder ──────────────────────────────────────────────────────\n\n/**\n * Build a redirect Response from a RedirectSignal.\n *\n * For RSC payload requests (client navigation), returns 204 + X-Timber-Redirect\n * so the client router can perform a soft SPA redirect. A raw 302 would be\n * turned into an opaque redirect by fetch({redirect:'manual'}), crashing\n * createFromFetch. See design/19-client-navigation.md.\n */\nexport function buildRedirectResponse(\n signal: RedirectSignal,\n req: Request,\n headers: Headers\n): Response {\n const isRsc = (req.headers.get('Accept') ?? '').includes('text/x-component');\n if (isRsc) {\n headers.set('X-Timber-Redirect', signal.location);\n return new Response(null, { status: 204, headers });\n }\n headers.set('Location', signal.location);\n return new Response(null, { status: signal.status, headers });\n}\n\n// ─── Instrumentation ───────────────────────────────────────────────────────\n\n/**\n * Fire the user's onRequestError hook with request context.\n * Extracts request info from the Request object and calls the instrumentation hook.\n */\nexport async function fireOnRequestError(\n error: unknown,\n req: Request,\n phase: 'proxy' | 'handler' | 'render' | 'action' | 'route'\n): Promise<void> {\n const url = new URL(req.url);\n const headersObj: Record<string, string> = {};\n req.headers.forEach((v, k) => {\n headersObj[k] = v;\n });\n\n await callOnRequestError(\n error,\n { method: req.method, path: url.pathname, headers: headersObj },\n { phase, routePath: url.pathname, routeType: 'page', traceId: getTraceId() }\n );\n}\n","/**\n * URL canonicalization — runs once at the request boundary.\n *\n * Every layer (proxy.ts, middleware.ts, access.ts, components) sees the same\n * canonical path. No re-decoding occurs at any later stage.\n *\n * See design/07-routing.md §\"URL Canonicalization & Security\"\n */\n\n/** Result of canonicalization — either a clean path or a rejection. */\nexport type CanonicalizeResult = { ok: true; pathname: string } | { ok: false; status: 400 };\n\n/**\n * Encoded separators that produce a 400 rejection.\n * %2f (/) and %5c (\\) cause path-confusion attacks.\n */\nconst ENCODED_SEPARATOR_RE = /%2f|%5c/i;\n\n/** Null byte — rejected. */\nconst NULL_BYTE_RE = /%00/i;\n\n/**\n * Canonicalize a URL pathname.\n *\n * 1. Reject encoded separators (%2f, %5c) and null bytes (%00)\n * 2. Single percent-decode\n * 3. Collapse // → /\n * 4. Resolve .. segments (reject if escaping root)\n * 5. Strip trailing slash (except root \"/\")\n *\n * @param rawPathname - The raw pathname from the request URL (percent-encoded)\n * @param stripTrailingSlash - Whether to strip trailing slashes. Default: true.\n */\nexport function canonicalize(rawPathname: string, stripTrailingSlash = true): CanonicalizeResult {\n // Step 1: Reject dangerous encoded sequences BEFORE decoding.\n // This must happen on the raw input so %252f doesn't bypass after a single decode.\n if (ENCODED_SEPARATOR_RE.test(rawPathname)) {\n return { ok: false, status: 400 };\n }\n if (NULL_BYTE_RE.test(rawPathname)) {\n return { ok: false, status: 400 };\n }\n\n // Step 2: Single percent-decode.\n // Double-encoded input (%2561 → %61) stays as %61 — not decoded again.\n let decoded: string;\n try {\n decoded = decodeURIComponent(rawPathname);\n } catch {\n // Malformed percent-encoding → 400\n return { ok: false, status: 400 };\n }\n\n // Reject null bytes that appeared after decoding (from valid %00-like sequences\n // that weren't caught above — belt and suspenders).\n if (decoded.includes('\\0')) {\n return { ok: false, status: 400 };\n }\n\n // Backslash is NOT a path separator — keep as literal character.\n // But reject if it would create // after normalization (e.g., /\\evil.com).\n // We do NOT convert \\ to / — it stays as a literal.\n\n // Step 3: Collapse consecutive slashes.\n let pathname = decoded.replace(/\\/\\/+/g, '/');\n\n // Step 4: Resolve .. and . segments.\n const segments = pathname.split('/');\n const resolved: string[] = [];\n for (const seg of segments) {\n if (seg === '..') {\n if (resolved.length <= 1) {\n // Trying to escape root — 400\n return { ok: false, status: 400 };\n }\n resolved.pop();\n } else if (seg !== '.') {\n resolved.push(seg);\n }\n }\n\n pathname = resolved.join('/') || '/';\n\n // Step 5: Strip trailing slash (except root \"/\").\n if (stripTrailingSlash && pathname.length > 1 && pathname.endsWith('/')) {\n pathname = pathname.slice(0, -1);\n }\n\n return { ok: true, pathname };\n}\n","/**\n * Proxy runner — executes app/proxy.ts before route matching.\n *\n * Supports two forms:\n * - Function: (req, next) => Promise<Response>\n * - Array: middleware functions composed left-to-right\n *\n * See design/07-routing.md §\"proxy.ts — Global Middleware\"\n */\n\n/** Signature for a single proxy middleware function. */\nexport type ProxyFn = (req: Request, next: () => Promise<Response>) => Response | Promise<Response>;\n\n/** The proxy.ts default export — either a function or an array of functions. */\nexport type ProxyExport = ProxyFn | ProxyFn[];\n\n/**\n * Run the proxy pipeline.\n *\n * @param proxyExport - The default export from proxy.ts (function or array)\n * @param req - The incoming request\n * @param next - The continuation that proceeds to route matching and rendering\n * @returns The final response\n */\nexport async function runProxy(\n proxyExport: ProxyExport,\n req: Request,\n next: () => Promise<Response>\n): Promise<Response> {\n const fns = Array.isArray(proxyExport) ? proxyExport : [proxyExport];\n\n // Compose left-to-right: first item's next() calls the second, etc.\n // The last item's next() calls the original `next` (route matching + render).\n let i = fns.length;\n let composed = next;\n while (i--) {\n const fn = fns[i]!;\n const downstream = composed;\n composed = () => Promise.resolve(fn(req, downstream));\n }\n\n return composed();\n}\n","/**\n * Middleware runner — executes a route's middleware.ts chain before rendering.\n *\n * All middleware.ts files in the segment chain run, root to leaf (top-down).\n * The first middleware that returns a Response short-circuits the chain.\n * There is no next() — each middleware is independent.\n *\n * See design/07-routing.md §\"middleware.ts\"\n */\n\nimport type { MiddlewareContext } from './types.js';\n\n/** Signature of a middleware.ts default export. */\nexport type MiddlewareFn = (ctx: MiddlewareContext) => Response | void | Promise<Response | void>;\n\n/**\n * Run a route's middleware function.\n *\n * @param middlewareFn - The default export from the route's middleware.ts\n * @param ctx - The middleware context (req, params, headers, requestHeaders, searchParams)\n * @returns A Response if middleware short-circuited, or undefined to continue\n */\nexport async function runMiddleware(\n middlewareFn: MiddlewareFn,\n ctx: MiddlewareContext\n): Promise<Response | undefined> {\n const result = await middlewareFn(ctx);\n if (result instanceof Response) {\n return result;\n }\n return undefined;\n}\n\n/**\n * Run all middleware functions in the segment chain, root to leaf.\n *\n * Execution is top-down: root middleware runs first, leaf middleware runs last.\n * All middleware share the same MiddlewareContext — a parent that sets\n * ctx.requestHeaders makes it visible to child middleware and downstream components.\n *\n * Short-circuits on the first middleware that returns a Response.\n * Remaining middleware in the chain do not execute.\n *\n * @param chain - Middleware functions ordered root-to-leaf\n * @param ctx - Shared middleware context\n * @returns A Response if any middleware short-circuited, or undefined to continue\n */\nexport async function runMiddlewareChain(\n chain: MiddlewareFn[],\n ctx: MiddlewareContext\n): Promise<Response | undefined> {\n for (const fn of chain) {\n const result = await fn(ctx);\n if (result instanceof Response) {\n return result;\n }\n }\n return undefined;\n}\n\n// ─── Per-Request Middleware Bypass ─────────────────────────────────────────\n\n/**\n * Per-request marker for synthetic re-render requests that should NOT\n * re-execute `middleware.ts`. The action-dispatch wrapper runs middleware\n * once on the inbound action POST; when validation fails on the no-JS\n * path, it builds a synthetic GET that flows through the normal pipeline\n * to render the page with `getFormFlash()` data. Without this marker, the\n * pipeline would run middleware a second time on that synthetic GET.\n *\n * The set is keyed by the synthetic Request object itself, so the entry\n * lives exactly as long as the request and is garbage-collected with it.\n * Cannot be set or detected by user code — there is no header, no URL\n * parameter, nothing on the wire that an attacker could spoof.\n *\n * See TIM-871.\n *\n * @internal — framework use only.\n */\nconst middlewareBypassRequests = new WeakSet<Request>();\n\n/**\n * Mark a request so the pipeline skips its middleware phase.\n *\n * Used by `wrap-action-dispatch.ts` for the no-JS form-rerender path.\n *\n * @internal\n */\nexport function markRequestBypassMiddleware(req: Request): void {\n middlewareBypassRequests.add(req);\n}\n\n/**\n * Check whether a request was marked to bypass middleware.\n *\n * Called by `handleRequest` in pipeline-phases.ts before invoking the\n * middleware phase. Returns false for any request not explicitly marked.\n *\n * @internal\n */\nexport function shouldBypassMiddleware(req: Request): boolean {\n return middlewareBypassRequests.has(req);\n}\n","/**\n * Social metadata rendering — Open Graph and Twitter Card meta tags.\n *\n * Extracted from metadata-render.ts to keep files under 500 lines.\n *\n * See design/16-metadata.md\n */\n\nimport type { Metadata } from './types.js';\nimport type { HeadElement } from './metadata.js';\n\n/**\n * Render Open Graph metadata into head element descriptors.\n *\n * Handles og:title, og:description, og:image (with dimensions/alt),\n * og:video, og:audio, og:article:author, and other OG properties.\n */\nexport function renderOpenGraph(\n og: NonNullable<Metadata['openGraph']>,\n elements: HeadElement[]\n): void {\n const simpleProps: Array<[string, string | undefined]> = [\n ['og:title', og.title],\n ['og:description', og.description],\n ['og:url', og.url],\n ['og:site_name', og.siteName],\n ['og:locale', og.locale],\n ['og:type', og.type],\n ['og:article:published_time', og.publishedTime],\n ['og:article:modified_time', og.modifiedTime],\n ];\n\n for (const [property, content] of simpleProps) {\n if (content) {\n elements.push({ tag: 'meta', attrs: { property, content } });\n }\n }\n\n // Images — normalize single object to array for uniform handling\n if (og.images) {\n if (typeof og.images === 'string') {\n elements.push({ tag: 'meta', attrs: { property: 'og:image', content: og.images } });\n } else {\n const imgList = Array.isArray(og.images) ? og.images : [og.images];\n for (const img of imgList) {\n elements.push({ tag: 'meta', attrs: { property: 'og:image', content: img.url } });\n if (img.width) {\n elements.push({\n tag: 'meta',\n attrs: { property: 'og:image:width', content: String(img.width) },\n });\n }\n if (img.height) {\n elements.push({\n tag: 'meta',\n attrs: { property: 'og:image:height', content: String(img.height) },\n });\n }\n if (img.alt) {\n elements.push({ tag: 'meta', attrs: { property: 'og:image:alt', content: img.alt } });\n }\n }\n }\n }\n\n // Videos\n if (og.videos) {\n for (const video of og.videos) {\n elements.push({ tag: 'meta', attrs: { property: 'og:video', content: video.url } });\n }\n }\n\n // Audio\n if (og.audio) {\n for (const audio of og.audio) {\n elements.push({ tag: 'meta', attrs: { property: 'og:audio', content: audio.url } });\n }\n }\n\n // Authors\n if (og.authors) {\n for (const author of og.authors) {\n elements.push({\n tag: 'meta',\n attrs: { property: 'og:article:author', content: author },\n });\n }\n }\n}\n\n/**\n * Render Twitter Card metadata into head element descriptors.\n *\n * Handles twitter:card, twitter:site, twitter:title, twitter:image,\n * twitter:player, and twitter:app (per-platform name/id/url).\n */\nexport function renderTwitter(tw: NonNullable<Metadata['twitter']>, elements: HeadElement[]): void {\n const simpleProps: Array<[string, string | undefined]> = [\n ['twitter:card', tw.card],\n ['twitter:site', tw.site],\n ['twitter:site:id', tw.siteId],\n ['twitter:title', tw.title],\n ['twitter:description', tw.description],\n ['twitter:creator', tw.creator],\n ['twitter:creator:id', tw.creatorId],\n ];\n\n for (const [name, content] of simpleProps) {\n if (content) {\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n\n // Images — normalize single object to array for uniform handling\n if (tw.images) {\n if (typeof tw.images === 'string') {\n elements.push({ tag: 'meta', attrs: { name: 'twitter:image', content: tw.images } });\n } else {\n const imgList = Array.isArray(tw.images) ? tw.images : [tw.images];\n for (const img of imgList) {\n const url = typeof img === 'string' ? img : img.url;\n elements.push({ tag: 'meta', attrs: { name: 'twitter:image', content: url } });\n }\n }\n }\n\n // Player card fields\n if (tw.players) {\n for (const player of tw.players) {\n elements.push({ tag: 'meta', attrs: { name: 'twitter:player', content: player.playerUrl } });\n if (player.width) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'twitter:player:width', content: String(player.width) },\n });\n }\n if (player.height) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'twitter:player:height', content: String(player.height) },\n });\n }\n if (player.streamUrl) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'twitter:player:stream', content: player.streamUrl },\n });\n }\n }\n }\n\n // App card fields — 3 platforms × 3 attributes (name, id, url)\n if (tw.app) {\n const platforms: Array<[keyof NonNullable<typeof tw.app.id>, string]> = [\n ['iPhone', 'iphone'],\n ['iPad', 'ipad'],\n ['googlePlay', 'googleplay'],\n ];\n\n // App name is shared across platforms but the spec uses per-platform names.\n // Emit for each platform that has an ID.\n if (tw.app.name) {\n for (const [key, tag] of platforms) {\n if (tw.app.id?.[key]) {\n elements.push({\n tag: 'meta',\n attrs: { name: `twitter:app:name:${tag}`, content: tw.app.name },\n });\n }\n }\n }\n\n for (const [key, tag] of platforms) {\n const id = tw.app.id?.[key];\n if (id) {\n elements.push({ tag: 'meta', attrs: { name: `twitter:app:id:${tag}`, content: id } });\n }\n }\n\n for (const [key, tag] of platforms) {\n const url = tw.app.url?.[key];\n if (url) {\n elements.push({ tag: 'meta', attrs: { name: `twitter:app:url:${tag}`, content: url } });\n }\n }\n }\n}\n","/**\n * Platform-specific metadata rendering — icons, Apple Web App, App Links, iTunes.\n *\n * Extracted from metadata-render.ts to keep files under 500 lines.\n *\n * See design/16-metadata.md\n */\n\nimport type { Metadata } from './types.js';\nimport type { HeadElement } from './metadata.js';\n\n/**\n * Render icon link elements (favicon, shortcut, apple-touch-icon, custom).\n */\nexport function renderIcons(icons: NonNullable<Metadata['icons']>, elements: HeadElement[]): void {\n // Icon\n if (icons.icon) {\n if (typeof icons.icon === 'string') {\n elements.push({ tag: 'link', attrs: { rel: 'icon', href: icons.icon } });\n } else if (Array.isArray(icons.icon)) {\n for (const icon of icons.icon) {\n const attrs: Record<string, string> = { rel: 'icon', href: icon.url };\n if (icon.sizes) attrs.sizes = icon.sizes;\n if (icon.type) attrs.type = icon.type;\n elements.push({ tag: 'link', attrs });\n }\n }\n }\n\n // Shortcut\n if (icons.shortcut) {\n const urls = Array.isArray(icons.shortcut) ? icons.shortcut : [icons.shortcut];\n for (const url of urls) {\n elements.push({ tag: 'link', attrs: { rel: 'shortcut icon', href: url } });\n }\n }\n\n // Apple\n if (icons.apple) {\n if (typeof icons.apple === 'string') {\n elements.push({ tag: 'link', attrs: { rel: 'apple-touch-icon', href: icons.apple } });\n } else if (Array.isArray(icons.apple)) {\n for (const icon of icons.apple) {\n const attrs: Record<string, string> = { rel: 'apple-touch-icon', href: icon.url };\n if (icon.sizes) attrs.sizes = icon.sizes;\n elements.push({ tag: 'link', attrs });\n }\n }\n }\n\n // Other\n if (icons.other) {\n for (const icon of icons.other) {\n const attrs: Record<string, string> = { rel: icon.rel, href: icon.url };\n if (icon.sizes) attrs.sizes = icon.sizes;\n if (icon.type) attrs.type = icon.type;\n elements.push({ tag: 'link', attrs });\n }\n }\n}\n\n/**\n * Render alternate link elements (canonical, hreflang, media, types).\n */\nexport function renderAlternates(\n alternates: NonNullable<Metadata['alternates']>,\n elements: HeadElement[]\n): void {\n if (alternates.canonical) {\n elements.push({ tag: 'link', attrs: { rel: 'canonical', href: alternates.canonical } });\n }\n\n if (alternates.languages) {\n for (const [lang, href] of Object.entries(alternates.languages)) {\n elements.push({\n tag: 'link',\n attrs: { rel: 'alternate', hreflang: lang, href },\n });\n }\n }\n\n if (alternates.media) {\n for (const [media, href] of Object.entries(alternates.media)) {\n elements.push({\n tag: 'link',\n attrs: { rel: 'alternate', media, href },\n });\n }\n }\n\n if (alternates.types) {\n for (const [type, href] of Object.entries(alternates.types)) {\n elements.push({\n tag: 'link',\n attrs: { rel: 'alternate', type, href },\n });\n }\n }\n}\n\n/**\n * Render site verification meta tags (Google, Yahoo, Yandex, custom).\n */\nexport function renderVerification(\n verification: NonNullable<Metadata['verification']>,\n elements: HeadElement[]\n): void {\n const verificationProps: Array<[string, string | undefined]> = [\n ['google-site-verification', verification.google],\n ['y_key', verification.yahoo],\n ['yandex-verification', verification.yandex],\n ];\n\n for (const [name, content] of verificationProps) {\n if (content) {\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n if (verification.other) {\n for (const [name, value] of Object.entries(verification.other)) {\n const content = Array.isArray(value) ? value.join(', ') : value;\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n}\n\n/**\n * Render Apple Web App meta tags and startup image links.\n */\nexport function renderAppleWebApp(\n appleWebApp: NonNullable<Metadata['appleWebApp']>,\n elements: HeadElement[]\n): void {\n if (appleWebApp.capable) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'apple-mobile-web-app-capable', content: 'yes' },\n });\n }\n if (appleWebApp.title) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'apple-mobile-web-app-title', content: appleWebApp.title },\n });\n }\n if (appleWebApp.statusBarStyle) {\n elements.push({\n tag: 'meta',\n attrs: {\n name: 'apple-mobile-web-app-status-bar-style',\n content: appleWebApp.statusBarStyle,\n },\n });\n }\n if (appleWebApp.startupImage) {\n const images = Array.isArray(appleWebApp.startupImage)\n ? appleWebApp.startupImage\n : [{ url: appleWebApp.startupImage }];\n for (const img of images) {\n const url = typeof img === 'string' ? img : img.url;\n const attrs: Record<string, string> = { rel: 'apple-touch-startup-image', href: url };\n if (typeof img === 'object' && img.media) {\n attrs.media = img.media;\n }\n elements.push({ tag: 'link', attrs });\n }\n }\n}\n\n/**\n * Render App Links (al:*) meta tags for deep linking across platforms.\n */\nexport function renderAppLinks(\n appLinks: NonNullable<Metadata['appLinks']>,\n elements: HeadElement[]\n): void {\n const platformEntries: Array<[string, Array<Record<string, unknown>> | undefined]> = [\n ['ios', appLinks.ios],\n ['android', appLinks.android],\n ['windows', appLinks.windows],\n ['windows_phone', appLinks.windowsPhone],\n ['windows_universal', appLinks.windowsUniversal],\n ];\n\n for (const [platform, entries] of platformEntries) {\n if (!entries) continue;\n for (const entry of entries) {\n for (const [key, value] of Object.entries(entry)) {\n if (value !== undefined && value !== null) {\n elements.push({\n tag: 'meta',\n attrs: { property: `al:${platform}:${key}`, content: String(value) },\n });\n }\n }\n }\n }\n\n if (appLinks.web) {\n if (appLinks.web.url) {\n elements.push({\n tag: 'meta',\n attrs: { property: 'al:web:url', content: appLinks.web.url },\n });\n }\n if (appLinks.web.shouldFallback !== undefined) {\n elements.push({\n tag: 'meta',\n attrs: {\n property: 'al:web:should_fallback',\n content: appLinks.web.shouldFallback ? 'true' : 'false',\n },\n });\n }\n }\n}\n\n/**\n * Render Apple iTunes smart banner meta tag.\n */\nexport function renderItunes(\n itunes: NonNullable<Metadata['itunes']>,\n elements: HeadElement[]\n): void {\n const parts = [`app-id=${itunes.appId}`];\n if (itunes.affiliateData) parts.push(`affiliate-data=${itunes.affiliateData}`);\n if (itunes.appArgument) parts.push(`app-argument=${itunes.appArgument}`);\n elements.push({\n tag: 'meta',\n attrs: { name: 'apple-itunes-app', content: parts.join(', ') },\n });\n}\n","/**\n * Metadata rendering — converts resolved Metadata into HeadElement descriptors.\n *\n * Extracted from metadata.ts to keep files under 500 lines.\n *\n * See design/16-metadata.md\n */\n\nimport type { Metadata } from './types.js';\nimport type { HeadElement } from './metadata.js';\nimport { renderOpenGraph, renderTwitter } from './metadata-social.js';\nimport {\n renderIcons,\n renderAlternates,\n renderVerification,\n renderAppleWebApp,\n renderAppLinks,\n renderItunes,\n} from './metadata-platform.js';\n\n// ─── Render to Elements ──────────────────────────────────────────────────────\n\n/**\n * Convert resolved metadata into an array of head element descriptors.\n *\n * Each descriptor has a `tag` ('title', 'meta', 'link') and either\n * `content` (for <title>) or `attrs` (for <meta>/<link>).\n *\n * The framework's MetadataResolver component consumes these descriptors\n * and renders them into the <head>.\n */\nexport function renderMetadataToElements(metadata: Metadata): HeadElement[] {\n const elements: HeadElement[] = [];\n\n // Title\n if (typeof metadata.title === 'string') {\n elements.push({ tag: 'title', content: metadata.title });\n }\n\n // Simple string meta tags\n const simpleMetaProps: Array<[string, string | undefined]> = [\n ['description', metadata.description],\n ['generator', metadata.generator],\n ['application-name', metadata.applicationName],\n ['referrer', metadata.referrer],\n ['category', metadata.category],\n ['creator', metadata.creator],\n ['publisher', metadata.publisher],\n ];\n\n for (const [name, content] of simpleMetaProps) {\n if (content) {\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n\n // Keywords (array or string)\n if (metadata.keywords) {\n const content = Array.isArray(metadata.keywords)\n ? metadata.keywords.join(', ')\n : metadata.keywords;\n elements.push({ tag: 'meta', attrs: { name: 'keywords', content } });\n }\n\n // Robots\n if (metadata.robots) {\n const content =\n typeof metadata.robots === 'string' ? metadata.robots : renderRobotsObject(metadata.robots);\n elements.push({ tag: 'meta', attrs: { name: 'robots', content } });\n\n // googleBot as separate tag\n if (typeof metadata.robots === 'object' && metadata.robots.googleBot) {\n const gbContent =\n typeof metadata.robots.googleBot === 'string'\n ? metadata.robots.googleBot\n : renderRobotsObject(metadata.robots.googleBot);\n elements.push({ tag: 'meta', attrs: { name: 'googlebot', content: gbContent } });\n }\n }\n\n // Open Graph\n if (metadata.openGraph) {\n renderOpenGraph(metadata.openGraph, elements);\n }\n\n // Twitter\n if (metadata.twitter) {\n renderTwitter(metadata.twitter, elements);\n }\n\n // Icons\n if (metadata.icons) {\n renderIcons(metadata.icons, elements);\n }\n\n // Manifest\n if (metadata.manifest) {\n elements.push({ tag: 'link', attrs: { rel: 'manifest', href: metadata.manifest } });\n }\n\n // Alternates\n if (metadata.alternates) {\n renderAlternates(metadata.alternates, elements);\n }\n\n // Verification\n if (metadata.verification) {\n renderVerification(metadata.verification, elements);\n }\n\n // Format detection\n if (metadata.formatDetection) {\n const parts: string[] = [];\n if (metadata.formatDetection.telephone === false) parts.push('telephone=no');\n if (metadata.formatDetection.email === false) parts.push('email=no');\n if (metadata.formatDetection.address === false) parts.push('address=no');\n if (parts.length > 0) {\n elements.push({\n tag: 'meta',\n attrs: { name: 'format-detection', content: parts.join(', ') },\n });\n }\n }\n\n // Authors\n if (metadata.authors) {\n const authorList = Array.isArray(metadata.authors) ? metadata.authors : [metadata.authors];\n for (const author of authorList) {\n if (author.name) {\n elements.push({ tag: 'meta', attrs: { name: 'author', content: author.name } });\n }\n if (author.url) {\n elements.push({ tag: 'link', attrs: { rel: 'author', href: author.url } });\n }\n }\n }\n\n // Apple Web App\n if (metadata.appleWebApp) {\n renderAppleWebApp(metadata.appleWebApp, elements);\n }\n\n // App Links (al:*)\n if (metadata.appLinks) {\n renderAppLinks(metadata.appLinks, elements);\n }\n\n // iTunes\n if (metadata.itunes) {\n renderItunes(metadata.itunes, elements);\n }\n\n // Other (custom meta tags)\n if (metadata.other) {\n for (const [name, value] of Object.entries(metadata.other)) {\n const content = Array.isArray(value) ? value.join(', ') : value;\n elements.push({ tag: 'meta', attrs: { name, content } });\n }\n }\n\n return elements;\n}\n\n// ─── Rendering Helpers ───────────────────────────────────────────────────────\n\nfunction renderRobotsObject(robots: Record<string, unknown>): string {\n const parts: string[] = [];\n if (robots.index === true) parts.push('index');\n if (robots.index === false) parts.push('noindex');\n if (robots.follow === true) parts.push('follow');\n if (robots.follow === false) parts.push('nofollow');\n return parts.join(', ');\n}\n","/**\n * Metadata resolution for timber.js.\n *\n * Resolves metadata from a segment chain (layouts + page), applies title\n * templates, shallow-merges entries, and produces head element descriptors.\n *\n * Resolution happens inside the render pass — React.cache is active,\n * metadata is outside Suspense, and the flush point guarantees completeness.\n *\n * Rendering (Metadata → HeadElement[]) is in metadata-render.ts.\n *\n * See design/16-metadata.md\n */\n\nimport type { Metadata } from './types.js';\n\n// Re-export renderMetadataToElements from the rendering module so existing\n// consumers (route-element-builder, tests) can keep importing from here.\nexport { renderMetadataToElements } from './metadata-render.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\n/** A single metadata entry from a layout or page module. */\nexport interface SegmentMetadataEntry {\n /** The resolved metadata object (from static or async `metadata` export). */\n metadata: Metadata;\n /** Whether this entry is from the page (leaf) module. */\n isPage: boolean;\n}\n\n/** Options for resolveMetadata. */\nexport interface ResolveMetadataOptions {\n /**\n * When true, the page's metadata is discarded (simulating a render error)\n * and `<meta name=\"robots\" content=\"noindex\">` is injected.\n */\n errorState?: boolean;\n}\n\n/** A rendered head element descriptor. */\nexport interface HeadElement {\n tag: 'title' | 'meta' | 'link';\n content?: string;\n attrs?: Record<string, string>;\n}\n\n// ─── Title Resolution ────────────────────────────────────────────────────────\n\n/**\n * Resolve a title value with an optional template.\n *\n * - string → apply template if present\n * - { absolute: '...' } → use as-is, skip template\n * - { default: '...' } → use as fallback (no template applied)\n * - undefined → undefined\n */\nexport function resolveTitle(\n title: Metadata['title'],\n template: string | undefined\n): string | undefined {\n if (title === undefined || title === null) {\n return undefined;\n }\n\n if (typeof title === 'string') {\n return template ? template.replace('%s', title) : title;\n }\n\n // Object form\n if (title.absolute !== undefined) {\n return title.absolute;\n }\n\n if (title.default !== undefined) {\n return title.default;\n }\n\n return undefined;\n}\n\n// ─── Metadata Resolution ─────────────────────────────────────────────────────\n\n/**\n * Resolve metadata from a segment chain.\n *\n * Processes entries from root layout to page (in segment order).\n * The merge algorithm:\n * 1. Shallow-merge all keys except title (later wins)\n * 2. Track the most recent title template\n * 3. Resolve the final title using the template\n *\n * In error state, the page entry is dropped and noindex is injected.\n *\n * See design/16-metadata.md §\"Merge Algorithm\"\n */\nexport function resolveMetadata(\n entries: SegmentMetadataEntry[],\n options: ResolveMetadataOptions = {}\n): Metadata {\n const { errorState = false } = options;\n\n const merged: Metadata = {};\n let titleTemplate: string | undefined;\n let lastDefault: string | undefined;\n let rawTitle: Metadata['title'];\n\n for (const { metadata, isPage } of entries) {\n // In error state, skip the page's metadata entirely\n if (errorState && isPage) {\n continue;\n }\n\n // Track title template\n if (metadata.title !== undefined && typeof metadata.title === 'object') {\n if (metadata.title.template !== undefined) {\n titleTemplate = metadata.title.template;\n }\n if (metadata.title.default !== undefined) {\n lastDefault = metadata.title.default;\n }\n }\n\n // Shallow-merge all keys except title\n for (const key of Object.keys(metadata) as Array<keyof Metadata>) {\n if (key === 'title') continue;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n (merged as any)[key] = metadata[key];\n }\n\n // Track raw title (will be resolved after the loop)\n if (metadata.title !== undefined) {\n rawTitle = metadata.title;\n }\n }\n\n // In error state, we lost page title — use the most recent default\n if (errorState) {\n rawTitle = lastDefault !== undefined ? { default: lastDefault } : rawTitle;\n // Don't apply template in error state\n titleTemplate = undefined;\n }\n\n // Resolve the final title\n const resolvedTitle = resolveTitle(rawTitle, titleTemplate);\n if (resolvedTitle !== undefined) {\n merged.title = resolvedTitle;\n }\n\n // Error state: inject noindex, overriding any user robots\n if (errorState) {\n merged.robots = 'noindex';\n }\n\n return merged;\n}\n\n// ─── URL Resolution ──────────────────────────────────────────────────────────\n\n/**\n * Check if a string is an absolute URL.\n */\nfunction isAbsoluteUrl(url: string): boolean {\n return url.startsWith('http://') || url.startsWith('https://') || url.startsWith('//');\n}\n\n/**\n * Resolve a relative URL against a base URL.\n */\nfunction resolveUrl(url: string, base: URL): string {\n if (isAbsoluteUrl(url)) return url;\n return new URL(url, base).toString();\n}\n\n/**\n * Resolve relative URLs in metadata fields against metadataBase.\n *\n * Returns a new metadata object with URLs resolved. Absolute URLs are not modified.\n * If metadataBase is not set, returns the metadata unchanged.\n */\nexport function resolveMetadataUrls(metadata: Metadata): Metadata {\n const base = metadata.metadataBase;\n if (!base) return metadata;\n\n const result = { ...metadata };\n\n // Resolve openGraph images\n if (result.openGraph) {\n result.openGraph = { ...result.openGraph };\n if (typeof result.openGraph.images === 'string') {\n result.openGraph.images = resolveUrl(result.openGraph.images, base);\n } else if (Array.isArray(result.openGraph.images)) {\n result.openGraph.images = result.openGraph.images.map((img) => ({\n ...img,\n url: resolveUrl(img.url, base),\n }));\n } else if (result.openGraph.images) {\n // Single object: { url, width?, height?, alt? }\n result.openGraph.images = {\n ...result.openGraph.images,\n url: resolveUrl(result.openGraph.images.url, base),\n };\n }\n if (result.openGraph.url && !isAbsoluteUrl(result.openGraph.url)) {\n result.openGraph.url = resolveUrl(result.openGraph.url, base);\n }\n }\n\n // Resolve twitter images\n if (result.twitter) {\n result.twitter = { ...result.twitter };\n if (typeof result.twitter.images === 'string') {\n result.twitter.images = resolveUrl(result.twitter.images, base);\n } else if (Array.isArray(result.twitter.images)) {\n // Resolve each image URL, preserving the union type structure\n const resolved = result.twitter.images.map((img) =>\n typeof img === 'string' ? resolveUrl(img, base) : { ...img, url: resolveUrl(img.url, base) }\n );\n // If all entries are strings, assign as string[]; otherwise as object[]\n const allStrings = resolved.every((r) => typeof r === 'string');\n result.twitter.images = allStrings\n ? (resolved as string[])\n : (resolved as Array<{ url: string; alt?: string; width?: number; height?: number }>);\n } else if (result.twitter.images) {\n // Single object: { url, alt?, width?, height? }\n result.twitter.images = {\n ...result.twitter.images,\n url: resolveUrl(result.twitter.images.url, base),\n };\n }\n }\n\n // Resolve alternates\n if (result.alternates) {\n result.alternates = { ...result.alternates };\n if (result.alternates.canonical && !isAbsoluteUrl(result.alternates.canonical)) {\n result.alternates.canonical = resolveUrl(result.alternates.canonical, base);\n }\n if (result.alternates.languages) {\n const langs: Record<string, string> = {};\n for (const [lang, url] of Object.entries(result.alternates.languages)) {\n langs[lang] = isAbsoluteUrl(url) ? url : resolveUrl(url, base);\n }\n result.alternates.languages = langs;\n }\n }\n\n // Resolve icon URLs\n if (result.icons) {\n result.icons = { ...result.icons };\n if (typeof result.icons.icon === 'string') {\n result.icons.icon = resolveUrl(result.icons.icon, base);\n } else if (Array.isArray(result.icons.icon)) {\n result.icons.icon = result.icons.icon.map((i) => ({ ...i, url: resolveUrl(i.url, base) }));\n }\n if (typeof result.icons.apple === 'string') {\n result.icons.apple = resolveUrl(result.icons.apple, base);\n } else if (Array.isArray(result.icons.apple)) {\n result.icons.apple = result.icons.apple.map((i) => ({ ...i, url: resolveUrl(i.url, base) }));\n }\n }\n\n return result;\n}\n","/**\n * loadModule — enriched error context for route manifest .load() failures.\n *\n * Wraps the lazy `load()` functions from the route manifest with a\n * try/catch that re-throws with the file path and original cause.\n *\n * Callers that need fallthrough behavior (error renderers) can use\n * `.catch(() => null)` or try/catch — the decision stays at the call site.\n *\n * See design/spike-TIM-551-dynamic-import-audit.md §\"Proposed Wrapping Strategy\"\n */\n\n/** A manifest file reference with a lazy import function and file path. */\nexport interface ManifestLoader {\n load: () => Promise<unknown>;\n filePath: string;\n}\n\n/**\n * Custom error class for module load failures.\n *\n * Preserves the original error as `cause` while providing a\n * human-readable message with the file path.\n */\nexport class ModuleLoadError extends Error {\n /** The file path that failed to load. */\n readonly filePath: string;\n\n constructor(filePath: string, cause: unknown) {\n const originalMessage = cause instanceof Error ? cause.message : String(cause);\n super(`[timber] Failed to load module ${filePath}\\n ${originalMessage}`, { cause });\n this.name = 'ModuleLoadError';\n this.filePath = filePath;\n }\n}\n\n/**\n * Load a route manifest module with enriched error context.\n *\n * On success: returns the module object (same as `loader.load()`).\n * On failure: throws `ModuleLoadError` with file path and original cause.\n *\n * For error rendering paths that need fallthrough instead of throwing,\n * callers should catch at the call site:\n *\n * ```ts\n * // Throwing (default) — route-element-builder, api-handler, etc.\n * const mod = await loadModule(segment.page);\n *\n * // Fallthrough — error-renderer, error-boundary-wrapper\n * const mod = await loadModule(segment.error).catch(() => null);\n * ```\n */\nexport async function loadModule<T = Record<string, unknown>>(loader: ManifestLoader): Promise<T> {\n try {\n return (await loader.load()) as T;\n } catch (error) {\n throw new ModuleLoadError(loader.filePath, error);\n }\n}\n","/**\n * Deny boundary subsystem — the in-tree DenySignal flow.\n *\n * Three things live together here because they form a single flow:\n *\n * 1. **Chain construction** (`buildDenyPageChain`) — walks the matched\n * segment chain at element-tree build time and produces a list of\n * `DenyPageEntry` records ordered by specificity (specific status →\n * category catch-all → `error.tsx`).\n *\n * 2. **Runtime matching** (`renderMatchingDenyPage`) — picks the first\n * chain entry whose status filter matches the thrown DenySignal and\n * returns a React element for the matching component. Used by\n * `AccessGate` and `PageDenyBoundary` when they catch a deny.\n *\n * 3. **The page boundary itself** (`PageDenyBoundary`) — the async server\n * component that wraps a server-component page, calls it, and catches\n * `DenySignal` so the deny page renders in-tree (no throw reaches\n * React Flight, single render pass).\n *\n * Plus the ALS helpers (`setDenyStatus` / `getDenyStatus`) the boundary\n * uses to thread the matched status code back to the pipeline so the\n * HTTP status reflects the deny.\n *\n * Folded into one module from the former `deny-page-resolver.ts` and\n * `page-deny-boundary.tsx` (TIM-853) — the names were misleading and the\n * three pieces only made sense together.\n *\n * See design/04-authorization.md, design/10-error-handling.md, TIM-666.\n */\n\nimport { createElement } from 'react';\n\nimport { requestContextAls } from './als-registry.js';\nimport { DenySignal } from './primitives.js';\nimport { loadModule } from './safe-load.js';\nimport { withSpan } from './tracing.js';\nimport type { ManifestSegmentNode } from './route-matcher.js';\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/** A single entry in the deny page fallback chain. */\nexport interface DenyPageEntry {\n /** Status code filter: specific (403), category (400 = any 4xx), or null (catch-all). */\n status: number | null;\n /** The component to render (server or client — both work). */\n component: (...args: unknown[]) => unknown;\n}\n\n// ─── Chain Construction ──────────────────────────────────────────────────\n\n/**\n * Build the deny page fallback chain from the segment chain.\n *\n * Walks segments from `startIndex` outward (toward root) and collects\n * status-code file components in fallback order:\n * 1. Specific status files (403.tsx, 404.tsx) — exact match\n * 2. Category catch-alls (4xx.tsx) — matches any 4xx\n * 3. error.tsx — catches everything\n *\n * Each segment is checked in this order. The chain is ordered so the\n * FIRST match wins at catch time.\n */\nexport async function buildDenyPageChain(\n segments: ManifestSegmentNode[],\n startIndex: number\n): Promise<DenyPageEntry[]> {\n const chain: DenyPageEntry[] = [];\n\n // Pass 1: Status files (specific + category) across ALL segments.\n // These have higher priority than error.tsx — a root 4xx.tsx should\n // match before a leaf error.tsx. Walking inner → outer ensures the\n // nearest match wins within each priority tier.\n for (let i = startIndex; i >= 0; i--) {\n const segment = segments[i];\n if (!segment.statusFiles) continue;\n\n // Specific status files (403.tsx, 404.tsx, etc.)\n for (const [key, file] of Object.entries(segment.statusFiles)) {\n if (key !== '4xx' && key !== '5xx') {\n const status = parseInt(key, 10);\n if (!isNaN(status)) {\n const mod = await loadModule(file).catch(() => null);\n if (mod?.default) {\n chain.push({ status, component: mod.default as (...args: unknown[]) => unknown });\n }\n }\n }\n }\n\n // Category catch-alls (4xx.tsx, 5xx.tsx)\n for (const [key, file] of Object.entries(segment.statusFiles)) {\n if (key === '4xx' || key === '5xx') {\n const mod = await loadModule(file).catch(() => null);\n if (mod?.default) {\n const categoryStatus = key === '4xx' ? 400 : 500;\n chain.push({\n status: categoryStatus,\n component: mod.default as (...args: unknown[]) => unknown,\n });\n }\n }\n }\n }\n\n // Pass 2: error.tsx files — lowest priority catch-all.\n // Only added AFTER all status files so they never shadow a specific\n // or category status file from an ancestor segment.\n for (let i = startIndex; i >= 0; i--) {\n const segment = segments[i];\n if (segment.error) {\n const mod = await loadModule(segment.error).catch(() => null);\n if (mod?.default) {\n chain.push({ status: null, component: mod.default as (...args: unknown[]) => unknown });\n }\n }\n }\n\n return chain;\n}\n\n// ─── Runtime Matcher ──────────────────────────────────────────────────────\n\n/**\n * Find the first deny page in the chain that matches the given status code.\n * Returns a React element for the matching component, or null if no match.\n */\nexport function renderMatchingDenyPage(\n chain: DenyPageEntry[],\n status: number,\n data: unknown\n): React.ReactElement | null {\n const h = createElement as (...args: unknown[]) => React.ReactElement;\n\n for (const entry of chain) {\n if (entry.status === status) {\n return h(entry.component, { status, dangerouslyPassData: data });\n }\n if (entry.status === 400 && status >= 400 && status <= 499) {\n return h(entry.component, { status, dangerouslyPassData: data });\n }\n if (entry.status === 500 && status >= 500 && status <= 599) {\n return h(entry.component, { status, dangerouslyPassData: data });\n }\n if (entry.status === null) {\n return h(entry.component, { status, dangerouslyPassData: data });\n }\n }\n return null;\n}\n\n// ─── Page Boundary ────────────────────────────────────────────────────────\n\n/**\n * Async server component that wraps a page call with DenySignal catching.\n *\n * Calls the page component as an async function (the same thing React\n * Flight does internally), awaits it, and catches DenySignal. On catch,\n * renders the matching deny page in-tree. On success, returns the page's\n * rendered output normally.\n *\n * Client component pages ('use client') are NOT wrapped — they can't call\n * deny() (server-only API) and must go through createElement normally.\n *\n * No error reaches React Flight — the Flight stream is clean, SSR succeeds,\n * and the entire request uses a single renderToReadableStream call.\n */\nexport async function PageDenyBoundary({\n Page,\n route,\n denyPages,\n}: {\n /** The page server component function. */\n Page: (...args: unknown[]) => unknown;\n /** Route path for OTEL tracing. */\n route: string;\n /** Deny page fallback chain from the segment chain. */\n denyPages: DenyPageEntry[];\n}): Promise<React.ReactElement> {\n try {\n // Call the page as an async function — same as React Flight does.\n // Wrap in OTEL span for tracing (replaces the TracedPage wrapper).\n const result = await withSpan('timber.page', { 'timber.route': route }, () => Page({}));\n return result as React.ReactElement;\n } catch (error: unknown) {\n if (error instanceof DenySignal) {\n const denyElement = renderMatchingDenyPage(denyPages, error.status, error.data);\n if (denyElement) {\n setDenyStatus(error.status);\n return denyElement;\n }\n }\n // Non-deny errors (RedirectSignal, runtime errors) propagate normally.\n throw error;\n }\n}\n\n// ─── ALS Helpers ──────────────────────────────────────────────────────────\n\n/**\n * Set the deny status in the request context ALS.\n * Called from AccessGate / PageDenyBoundary when a DenySignal is caught.\n * The pipeline reads this after render to set the HTTP status code.\n */\nexport function setDenyStatus(status: number): void {\n const store = requestContextAls.getStore();\n if (store) {\n store.denyStatus = status;\n }\n}\n\n/**\n * Read the deny status from the request context ALS.\n * Returns undefined if no deny was caught during render.\n */\nexport function getDenyStatus(): number | undefined {\n return requestContextAls.getStore()?.denyStatus;\n}\n","/**\n * AccessGate and SlotAccessGate — framework-injected async server components.\n *\n * AccessGate wraps each segment's layout in the element tree. It calls the\n * segment's access.ts before the layout renders. If access.ts calls deny()\n * or redirect(), the signal propagates as a render-phase throw — caught by\n * the flush controller to produce the correct HTTP status code.\n *\n * SlotAccessGate wraps parallel slot content. On denial, it renders the\n * graceful degradation chain: denied.tsx → default.tsx → null. Slot denial\n * does not affect the HTTP status code.\n *\n * See design/04-authorization.md and design/02-rendering-pipeline.md §\"AccessGate\"\n */\n\nimport { DenySignal, RedirectSignal } from './primitives.js';\nimport type { AccessGateProps, SlotAccessGateProps } from './tree-builder.js';\nimport { withSpan, setSpanAttribute } from './tracing.js';\nimport { isDebug } from './debug.js';\nimport type { DenyPageEntry } from './deny-boundary.js';\nimport { renderMatchingDenyPage, setDenyStatus } from './deny-boundary.js';\nimport type { ReactNode } from 'react';\n\n// ─── AccessGate ─────────────────────────────────────────────────────────────\n\n/**\n * Framework-injected access gate for segments.\n *\n * When a pre-computed `verdict` prop is provided (from the pre-render pass\n * in route-element-builder.ts), AccessGate replays it synchronously — no\n * async, no re-execution of access.ts, immune to Suspense timing. The OTEL\n * span was already emitted during the pre-render pass.\n *\n * When no verdict is provided (backward compat with tree-builder.ts),\n * AccessGate calls accessFn directly with OTEL instrumentation.\n *\n * access.ts is a pure gate — return values are discarded. The layout below\n * gets the same data by calling the same cached functions (React.cache dedup).\n */\nexport function AccessGate(props: AccessGateProps): ReactNode | Promise<ReactNode> {\n const { accessFn, segmentName, verdict, denyPages, children } = props;\n\n // Fast path: replay pre-computed verdict from the pre-render pass.\n if (verdict !== undefined) {\n if (verdict === 'pass') {\n return children;\n }\n throw verdict;\n }\n\n // Primary path: call accessFn directly during render.\n // If denyPages is provided, catch DenySignal and render the deny page\n // in-tree — no throw reaches React Flight, no second render pass.\n return accessGateFallback(accessFn, segmentName, denyPages, children);\n}\n\n/**\n * Async fallback for AccessGate when no pre-computed verdict is available.\n * Calls accessFn with OTEL instrumentation.\n */\nasync function accessGateFallback(\n accessFn: AccessGateProps['accessFn'],\n segmentName: AccessGateProps['segmentName'],\n denyPages: DenyPageEntry[] | undefined,\n children: ReactNode\n): Promise<ReactNode> {\n try {\n await withSpan('timber.access', { 'timber.segment': segmentName ?? 'unknown' }, async () => {\n try {\n await accessFn();\n await setSpanAttribute('timber.result', 'pass');\n } catch (error: unknown) {\n if (error instanceof DenySignal) {\n await setSpanAttribute('timber.result', 'deny');\n await setSpanAttribute('timber.deny_status', error.status);\n if (error.sourceFile) {\n await setSpanAttribute('timber.deny_file', error.sourceFile);\n }\n } else if (error instanceof RedirectSignal) {\n await setSpanAttribute('timber.result', 'redirect');\n }\n throw error;\n }\n });\n } catch (error: unknown) {\n // Catch DenySignal and render the deny page in-tree.\n // No throw reaches React Flight — clean stream, single render pass.\n // RedirectSignal and other errors propagate normally.\n if (error instanceof DenySignal && denyPages) {\n const denyElement = renderMatchingDenyPage(denyPages, error.status, error.data);\n if (denyElement) {\n setDenyStatus(error.status);\n return denyElement;\n }\n }\n throw error;\n }\n\n return children;\n}\n\n// ─── SlotAccessGate ─────────────────────────────────────────────────────────\n\n/**\n * Framework-injected access gate for parallel slots.\n *\n * On denial, graceful degradation: denied.tsx → default.tsx → null.\n * The HTTP status code is unaffected — slot denial is a UI concern, not\n * a protocol concern. The parent layout and sibling slots still render.\n *\n * DeniedComponent is passed instead of a pre-built element so that\n * DenySignal.data can be forwarded as the dangerouslyPassData prop\n * and the slot name can be passed as the slot prop. See TIM-488.\n *\n * redirect() in slot access.ts is a dev-mode error — redirecting from a\n * slot doesn't make architectural sense.\n */\nexport async function SlotAccessGate(props: SlotAccessGateProps): Promise<ReactNode> {\n const { accessFn, DeniedComponent, slotName, createElement, defaultFallback, children } = props;\n\n try {\n await accessFn();\n } catch (error: unknown) {\n // DenySignal → graceful degradation (denied.tsx → default.tsx → null)\n // Build the denied element dynamically so DenySignal.data is forwarded.\n if (error instanceof DenySignal) {\n return (\n buildDeniedFallback(DeniedComponent, slotName, error.data, createElement) ??\n defaultFallback ??\n null\n );\n }\n\n // RedirectSignal in slot access → dev-mode error.\n // Slot access should use deny(), not redirect(). Redirecting from a\n // slot would redirect the entire page, which breaks the contract that\n // slot failure is graceful degradation.\n if (error instanceof RedirectSignal) {\n if (isDebug()) {\n console.error(\n '[timber] redirect() is not allowed in slot access.ts. ' +\n 'Slots use deny() for graceful degradation — denied.tsx → default.tsx → null. ' +\n \"If you need to redirect, move the logic to the parent segment's access.ts.\"\n );\n }\n // In production, treat as a deny — render fallback rather than crash.\n return (\n buildDeniedFallback(DeniedComponent, slotName, undefined, createElement) ??\n defaultFallback ??\n null\n );\n }\n\n // Unhandled error — re-throw so error boundaries can catch it.\n // Dev-mode warning: slot access should use deny(), not throw.\n if (isDebug()) {\n console.warn(\n '[timber] Unhandled error in slot access.ts. ' +\n 'Use deny() for access control, not unhandled throws.',\n error\n );\n }\n throw error;\n }\n\n // Access passed — render slot content.\n return children;\n}\n\n/**\n * Build the denied fallback element dynamically with DenySignal data.\n * Returns null if no DeniedComponent is available.\n */\nfunction buildDeniedFallback(\n DeniedComponent: SlotAccessGateProps['DeniedComponent'],\n slotName: string,\n data: unknown,\n createElement: SlotAccessGateProps['createElement']\n): ReactNode | null {\n if (!DeniedComponent) return null;\n return createElement(DeniedComponent, {\n slot: slotName,\n dangerouslyPassData: data,\n });\n}\n","/**\n * Route Element Builder — constructs a React element tree from a matched route.\n *\n * Extracted from rsc-entry.ts to enable reuse by the revalidation renderer\n * (which needs the element tree without RSC serialization) and to keep\n * rsc-entry.ts under the 500-line limit.\n *\n * This module handles:\n * 1. Loading page/layout components from the segment chain\n * 2. Collecting access.ts checks (executed inside render by AccessPreRunner)\n * 3. Resolving metadata (static object or async function, both exported as `metadata`)\n * 4. Building the React element tree (page → error boundaries → access gates → layouts)\n * 5. Resolving parallel slots\n * 6. Wrapping the tree with AccessPreRunner for React.cache-scoped access checks\n *\n * See design/02-rendering-pipeline.md, design/04-authorization.md\n */\n\nimport { createElement } from 'react';\n\nimport { withSpan } from './tracing.js';\nimport type { RouteMatch } from './pipeline.js';\nimport type { ManifestSegmentNode } from './route-matcher.js';\nimport { resolveMetadata, renderMetadataToElements } from './metadata.js';\nimport type { HeadElement as MetadataHeadElement } from './metadata.js';\nimport type { Metadata } from './types.js';\nimport { METADATA_ROUTE_CONVENTIONS, getMetadataRouteAutoLink } from './metadata-routes.js';\nimport { DenySignal, RedirectSignal } from './primitives.js';\nimport { AccessGate } from './access-gate.js';\nimport {\n PageDenyBoundary,\n buildDenyPageChain,\n renderMatchingDenyPage,\n setDenyStatus,\n} from './deny-boundary.js';\nimport type { DenyPageEntry } from './deny-boundary.js';\nimport { resolveSlotElement } from './slot-resolver.js';\nimport { SegmentProvider } from '../client/segment-context.js';\n\nimport { wrapSegmentWithErrorBoundaries } from './error-boundary-wrapper.js';\nimport type { InterceptionContext } from './pipeline.js';\nimport { shouldSkipSegment } from './state-tree-diff.js';\nimport { loadModule } from './safe-load.js';\n\n// ─── Client Reference Detection ──────────────────────────────────────────\n\n/**\n * Symbol used by React Flight to mark client references.\n * Client references are proxy objects created by @vitejs/plugin-rsc for\n * 'use client' modules in the RSC environment. They must be passed to\n * createElement() — calling them as functions throws:\n * \"Unexpectedly client reference export 'default' is called on server\"\n */\nconst CLIENT_REFERENCE_TAG = Symbol.for('react.client.reference');\n\n/**\n * Detect whether a component is a React client reference.\n * Client references have $$typeof set to Symbol.for('react.client.reference')\n * by registerClientReference() in the React Flight server runtime.\n *\n * Used to skip OTEL tracing wrappers that would call the component as a\n * function. Client components must go through createElement only — they are\n * serialized as references in the RSC Flight stream, not executed on the server.\n */\nexport function isClientReference(component: unknown): boolean {\n return (\n component != null &&\n typeof component === 'function' &&\n (component as unknown as Record<string, unknown>).$$typeof === CLIENT_REFERENCE_TAG\n );\n}\n\n// ─── Param Coercion Error ─────────────────────────────────────────────────\n\n/**\n * Thrown when a defineSegmentParams codec's parse() fails.\n * The pipeline catches this and responds with 404.\n */\nexport class ParamCoercionError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'ParamCoercionError';\n }\n}\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/** Head element for client-side metadata updates. */\nexport interface HeadElement {\n tag: string;\n content?: string;\n attrs?: Record<string, string | null>;\n}\n\n/** Layout entry with component and segment. */\nexport interface LayoutComponentEntry {\n component: (...args: unknown[]) => unknown;\n segment: ManifestSegmentNode;\n}\n\n/** Result of building a route element tree. */\nexport interface RouteElementResult {\n /** The React element tree (page wrapped in layouts, access gates, error boundaries). */\n element: React.ReactElement;\n /** Resolved head elements for metadata. */\n headElements: HeadElement[];\n /** Layout components loaded along the segment chain. */\n layoutComponents: LayoutComponentEntry[];\n /** Segments from the route match. */\n segments: ManifestSegmentNode[];\n /** Max deferSuspenseFor hold window across all segments. */\n deferSuspenseFor: number;\n /**\n * Segment paths that were skipped because the client already has them cached.\n * Ordered outermost to innermost. Empty when no segments were skipped.\n * The client uses this to merge the partial payload with cached segments.\n * See design/19-client-navigation.md §\"X-Timber-State-Tree Header\"\n */\n skippedSegments: string[];\n}\n\n/**\n * Wraps a DenySignal or RedirectSignal with the layout components loaded\n * so far, enabling the caller to render deny pages inside the layout shell.\n *\n * @deprecated No longer thrown by buildRouteElement since TIM-662. Access\n * checks now run inside AccessPreRunner during renderToReadableStream, and\n * signals are caught by onError. Kept for backward compat with external code.\n */\nexport class RouteSignalWithContext extends Error {\n constructor(\n public readonly signal: DenySignal | RedirectSignal,\n public readonly layoutComponents: LayoutComponentEntry[],\n public readonly segments: ManifestSegmentNode[]\n ) {\n super(signal.message);\n }\n}\n\n// ─── Module Processing Helpers ─────────────────────────────────────────────\n\n/**\n * Reject the legacy `generateMetadata` export with a helpful migration message.\n * Throws if the module exports `generateMetadata` instead of `metadata`.\n */\nfunction rejectLegacyGenerateMetadata(mod: Record<string, unknown>, filePath: string): void {\n if ('generateMetadata' in mod) {\n throw new Error(\n `${filePath}: \"generateMetadata\" is not a valid export. ` +\n `Export an async function named \"metadata\" instead.\\n\\n` +\n ` // Before\\n` +\n ` export async function generateMetadata({ params }) { ... }\\n\\n` +\n ` // After\\n` +\n ` export async function metadata() { ... }`\n );\n }\n}\n\n/**\n * Extract and resolve metadata from a module (layout or page).\n * Handles both static metadata objects and async metadata functions.\n * Returns the resolved Metadata, or null if none exported.\n *\n * Metadata functions no longer receive { params } — they access params\n * via getSegmentParams() from ALS, same as page/layout components.\n */\nasync function extractMetadata(\n mod: Record<string, unknown>,\n segment: ManifestSegmentNode\n): Promise<Metadata | null> {\n if (typeof mod.metadata === 'function') {\n type MetadataFn = () => Promise<Metadata>;\n return (\n (await withSpan(\n 'timber.metadata',\n { 'timber.segment': segment.segmentName ?? segment.urlPath },\n () => (mod.metadata as MetadataFn)()\n )) ?? null\n );\n }\n if (mod.metadata) {\n return mod.metadata as Metadata;\n }\n return null;\n}\n\n/**\n * Extract `deferSuspenseFor` from a module and return the maximum\n * of the current value and the module's value.\n */\nfunction extractDeferSuspenseFor(mod: Record<string, unknown>, current: number): number {\n if (typeof mod.deferSuspenseFor === 'number' && mod.deferSuspenseFor > current) {\n return mod.deferSuspenseFor;\n }\n return current;\n}\n\n// ─── Builder ──────────────────────────────────────────────────────────────\n\n/**\n * Build a React element tree from a matched route.\n *\n * Loads modules, runs access checks, resolves metadata, and constructs\n * the element tree. DenySignal and RedirectSignal propagate to the caller\n * for HTTP-level handling.\n *\n * Does NOT serialize to RSC Flight — the caller decides whether to render\n * to a stream or use the element directly (e.g., for action revalidation).\n *\n * Access checks are collected but NOT executed here. They run inside\n * AccessPreRunner during renderToReadableStream so that access.ts and\n * render components share the same React.cache scope (TIM-662).\n */\nexport async function buildRouteElement(\n req: Request,\n match: RouteMatch,\n interception?: InterceptionContext,\n clientStateTree?: Set<string> | null\n): Promise<RouteElementResult> {\n const segments = match.segments;\n\n // Load all modules along the segment chain\n const metadataEntries: Array<{ metadata: Metadata; isPage: boolean }> = [];\n const layoutComponents: LayoutComponentEntry[] = [];\n let PageComponent: ((...args: unknown[]) => unknown) | null = null;\n let deferSuspenseFor = 0;\n\n for (let i = 0; i < segments.length; i++) {\n const segment = segments[i];\n const isLeaf = i === segments.length - 1;\n\n // Load layout\n if (segment.layout) {\n const mod = await loadModule(segment.layout);\n if (mod.default) {\n layoutComponents.push({\n component: mod.default as (...args: unknown[]) => unknown,\n segment,\n });\n }\n\n // Param coercion is handled in the pipeline (Stage 2c) before\n // middleware and rendering. See coerceSegmentParams() in pipeline.ts.\n\n rejectLegacyGenerateMetadata(mod, segment.layout.filePath ?? segment.urlPath);\n const layoutMetadata = await extractMetadata(mod, segment);\n if (layoutMetadata) {\n metadataEntries.push({ metadata: layoutMetadata, isPage: false });\n }\n deferSuspenseFor = extractDeferSuspenseFor(mod, deferSuspenseFor);\n }\n\n // Load page (leaf segment only)\n if (isLeaf && segment.page) {\n const mod = await loadModule(segment.page);\n\n // Param coercion is handled in the pipeline (Stage 2c) before\n // middleware and rendering. See coerceSegmentParams() in pipeline.ts.\n\n if (mod.default) {\n PageComponent = mod.default as (...args: unknown[]) => unknown;\n }\n rejectLegacyGenerateMetadata(mod, segment.page.filePath ?? segment.urlPath);\n const pageMetadata = await extractMetadata(mod, segment);\n if (pageMetadata) {\n metadataEntries.push({ metadata: pageMetadata, isPage: true });\n }\n deferSuspenseFor = extractDeferSuspenseFor(mod, deferSuspenseFor);\n }\n }\n\n if (!PageComponent) {\n throw new Error(`No page component found for route: ${new URL(req.url).pathname}`);\n }\n\n // Access checks are NOT run here. AccessGate components in the element\n // tree call accessFn directly during renderToReadableStream, sharing the\n // same React.cache scope as layout/page components. A requireUser() call\n // in access.ts populates React.cache; the same call in a layout is a hit.\n //\n // Previously (before TIM-662), access checks ran eagerly in a pre-render\n // loop OUTSIDE renderToReadableStream, breaking React.cache dedup.\n //\n // See design/04-authorization.md §\"Pre-Render Pass and Verdict Replay\"\n\n // Build deny page fallback chains for each segment position.\n // When AccessGate or PageDenyBoundary catches a DenySignal, they render\n // the matching deny page in-tree instead of throwing into React Flight.\n // The chain walks from the current segment outward to root, collecting\n // status-code files (403.tsx → 4xx.tsx → error.tsx) in fallback order.\n // See TIM-666.\n const denyPageChains = new Map<number, DenyPageEntry[]>();\n for (let i = 0; i < segments.length; i++) {\n const chain = await buildDenyPageChain(segments, i);\n if (chain.length > 0) {\n denyPageChains.set(i, chain);\n }\n }\n\n // Resolve metadata\n const resolvedMetadata = resolveMetadata(metadataEntries);\n const headElements = renderMetadataToElements(resolvedMetadata);\n\n // Auto-link metadata route files (icon, apple-icon, manifest) from segments.\n // See design/16-metadata.md §\"Auto-Linking\"\n for (const segment of segments) {\n if (!segment.metadataRoutes) continue;\n for (const baseName of Object.keys(segment.metadataRoutes)) {\n const convention = METADATA_ROUTE_CONVENTIONS[baseName];\n if (!convention) continue;\n // Non-nestable routes only auto-link from root\n if (!convention.nestable && segment.urlPath !== '/') continue;\n // Build the href: segment urlPath + serve path\n const prefix = segment.urlPath === '/' ? '' : segment.urlPath;\n const href = `${prefix}/${convention.servePath}`;\n const autoLink = getMetadataRouteAutoLink(convention.type, href);\n if (autoLink) {\n const attrs: Record<string, string> = { rel: autoLink.rel, href: autoLink.href };\n if (autoLink.type) attrs.type = autoLink.type;\n headElements.push({ tag: 'link', attrs } as MetadataHeadElement);\n }\n }\n }\n\n // Build element tree: page wrapped in layouts (innermost to outermost)\n const h = createElement as (...args: unknown[]) => React.ReactElement;\n\n // Build the page element.\n // Client references ('use client' pages) must NOT be called as functions —\n // they are proxy objects that throw when invoked. They must go through\n // createElement only, which serializes them as client references in the\n // RSC Flight stream. OTEL tracing is skipped for client components.\n // See TIM-627 for the original bug.\n // Build the page element.\n // Server component pages are wrapped in PageDenyBoundary which calls\n // them as async functions and catches DenySignal — rendering the deny\n // page in-tree instead of throwing into React Flight. This eliminates\n // the second render pass for deny pages. See TIM-666.\n //\n // Client reference pages ('use client') can't call deny() (server-only),\n // so they go through createElement normally — no wrapper needed.\n const leafIndex = segments.length - 1;\n const leafDenyPages = denyPageChains.get(leafIndex);\n let element: React.ReactElement;\n if (isClientReference(PageComponent)) {\n element = h(PageComponent, {});\n } else if (leafDenyPages && leafDenyPages.length > 0) {\n // Server component page WITH deny page chain — wrap in PageDenyBoundary\n element = h(PageDenyBoundary, {\n Page: PageComponent,\n route: match.segments[leafIndex]?.urlPath ?? '/',\n denyPages: leafDenyPages,\n });\n } else {\n // Server component page WITHOUT deny page chain — trace only\n const TracedPage = async (props: Record<string, unknown>) => {\n return withSpan(\n 'timber.page',\n { 'timber.route': match.segments[leafIndex]?.urlPath ?? '/' },\n () => (PageComponent as (props: Record<string, unknown>) => unknown)(props)\n );\n };\n element = h(TracedPage, {});\n }\n\n // Build a lookup of layout components by segment for O(1) access.\n const layoutBySegment = new Map(\n layoutComponents.map(({ component, segment }) => [segment, component])\n );\n\n // Track which segments were skipped for the X-Timber-Skipped-Segments header.\n // The client uses this to merge the partial payload with its cached segments.\n const skippedSegments: string[] = [];\n\n // Wrap from innermost (leaf) to outermost (root), processing every\n // segment in the chain. Each segment may contribute:\n // 1. Error boundaries (status files + error.tsx)\n // 2. Layout component — wraps children + parallel slots\n // 3. SegmentProvider — records position for useSelectedLayoutSegment\n //\n // When clientStateTree is provided (from X-Timber-State-Tree header on\n // client navigation), sync layouts the client already has are skipped.\n // Access.ts already ran for ALL segments in the pre-render loop above.\n // See design/19-client-navigation.md §\"X-Timber-State-Tree Header\"\n //\n // hasRenderedLayoutBelow tracks whether a non-skipped layout has been\n // seen below the current segment. A segment can ONLY be skipped if\n // there is a rendered layout below it — the client merger can only\n // replace inner SegmentProviders (client component boundaries), not\n // page content embedded in a layout's server-rendered output.\n // Without this guard, skipping the innermost layout causes the merger\n // to drop the layout entirely and replace it with just the page.\n let hasRenderedLayoutBelow = false;\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n const isLeaf = i === segments.length - 1;\n const layoutComponent = layoutBySegment.get(segment);\n\n // Check if this segment's layout can be skipped for partial rendering.\n // Skipped segments: no layout wrapping, no error boundaries, no slots,\n // no AccessGate in element tree (access already ran pre-render).\n //\n // Additional constraints beyond shouldSkipSegment:\n // - Must have a rendered layout below (so the merger can find an\n // inner SegmentProvider to splice the new content into)\n // - Route groups are never skipped because sibling groups share the\n // same urlPath (e.g., /(marketing) and /(app) both have \"/\"),\n // which would cause the wrong cached layout to be reused\n const skip =\n shouldSkipSegment(segment.urlPath, layoutComponent, isLeaf, clientStateTree ?? null) &&\n hasRenderedLayoutBelow &&\n segment.segmentType !== 'group';\n\n if (skip) {\n // Skip this segment's layout/error boundaries — the client uses its cached version.\n // Metadata was already resolved above (head elements are correct).\n // Record for X-Timber-Skipped-Segments header (outermost first, so prepend).\n skippedSegments.unshift(segment.urlPath);\n\n // SECURITY: Even though the layout is skipped, AccessGate MUST still\n // wrap the element tree. access.ts runs on every navigation regardless\n // of cached layouts or state tree content.\n // See design/13-security.md §\"Auth always runs\" (test #11).\n if (segment.access) {\n const accessMod = await loadModule(segment.access);\n const accessFn = accessMod.default as (() => unknown) | undefined;\n if (accessFn) {\n element = h(AccessGate, {\n accessFn,\n segmentName: segment.segmentName,\n denyPages: denyPageChains.get(i),\n children: element,\n });\n }\n }\n\n continue;\n }\n\n // This segment is rendered — mark that future (outer) segments have\n // a rendered layout below them and can safely be skipped.\n if (layoutComponent) {\n hasRenderedLayoutBelow = true;\n }\n\n // Wrap with error boundaries from this segment (inside layout).\n // Keep ALL error boundaries (including 4xx) — they're the safety net for\n // DenySignal from nested server components that escape AccessGate/PageDenyBoundary\n // try/catch. Status-code files must be 'use client' TSX or MDX to serialize\n // as error boundary fallbacks. See TIM-666.\n element = await wrapSegmentWithErrorBoundaries(segment, element, h);\n\n // Wrap with layout BEFORE AccessGate — AccessGate is OUTSIDE the layout.\n // When AccessGate denies, the layout never renders. The deny page appears\n // at the AccessGate level, wrapped by PARENT layouts only.\n // This prevents leaking layout UI (sidebars, nav) on denied pages.\n // See design/04-authorization.md §\"Access Failure\".\n if (layoutComponent) {\n // Resolve parallel slots for this layout\n const slotProps: Record<string, unknown> = {};\n const slotEntries = Object.entries(segment.slots ?? {});\n for (const [slotName, slotNode] of slotEntries) {\n slotProps[slotName] = await resolveSlotElement(\n slotNode as ManifestSegmentNode,\n match,\n h,\n interception\n );\n }\n\n const segmentPath = segment.urlPath.split('/');\n const parallelRouteKeys = Object.keys(segment.slots ?? {});\n\n // For route groups, urlPath is shared with the parent (both \"/\"),\n // so include the group name to distinguish them. Used for both OTEL\n // span labels and client-side element caching (segmentId).\n const segmentId =\n segment.segmentType === 'group'\n ? `${segment.urlPath === '/' ? '' : segment.urlPath}/${segment.segmentName}`\n : segment.urlPath;\n\n // Build the layout element.\n // Same client reference guard as pages — client layouts must not be\n // called as functions. OTEL tracing is skipped for client components.\n let layoutElement: React.ReactElement;\n if (isClientReference(layoutComponent)) {\n layoutElement = h(layoutComponent, {\n ...slotProps,\n children: element,\n });\n } else {\n // Server component layout — wrap with OTEL tracing AND DenySignal\n // catching. If the layout calls deny(), the signal is caught here\n // and the matching deny page renders in-tree (same pattern as\n // AccessGate and PageDenyBoundary). Without this, DenySignal\n // escapes to React Flight onError and triggers the re-render\n // fallback path. See TIM-668, design/04-authorization.md.\n const layoutComponentRef = layoutComponent;\n const layoutDenyPages = denyPageChains.get(i);\n const TracedLayout = async (props: Record<string, unknown>) => {\n try {\n return await withSpan('timber.layout', { 'timber.segment': segmentId }, () =>\n (layoutComponentRef as (props: Record<string, unknown>) => unknown)(props)\n );\n } catch (error: unknown) {\n if (error instanceof DenySignal && layoutDenyPages) {\n const denyElement = renderMatchingDenyPage(layoutDenyPages, error.status, error.data);\n if (denyElement) {\n setDenyStatus(error.status);\n return denyElement;\n }\n }\n // Non-deny errors (RedirectSignal, runtime errors) propagate normally.\n throw error;\n }\n };\n layoutElement = h(TracedLayout, {\n ...slotProps,\n children: element,\n });\n }\n\n element = h(SegmentProvider, {\n segments: segmentPath,\n segmentId,\n parallelRouteKeys,\n children: layoutElement,\n });\n }\n\n // Wrap in AccessGate OUTSIDE the layout.\n // If access denies, the deny page renders here — the layout above\n // never executes. Parent layouts (from outer iterations) form the shell.\n // See TIM-662, TIM-666, design/04-authorization.md §\"Access Failure\".\n if (segment.access) {\n const accessMod = await loadModule(segment.access);\n const accessFn = accessMod.default as (() => unknown) | undefined;\n if (accessFn) {\n element = h(AccessGate, {\n accessFn,\n segmentName: segment.segmentName,\n denyPages: denyPageChains.get(i),\n children: element,\n });\n }\n }\n }\n\n return {\n element,\n headElements: headElements as HeadElement[],\n layoutComponents,\n segments,\n deferSuspenseFor,\n skippedSegments,\n };\n}\n","/**\n * Version Skew Detection — graceful recovery when stale clients hit new deployments.\n *\n * When a new version of the app is deployed, clients with open tabs still have\n * the old JavaScript bundle. Without version skew handling, these stale clients\n * will experience:\n *\n * 1. Server action calls that crash (action IDs are content-hashed)\n * 2. Chunk load failures (old filenames gone from CDN)\n * 3. RSC payload mismatches (component references differ between builds)\n *\n * This module implements deployment ID comparison:\n * - A per-build deployment ID is generated at build time (see build-manifest.ts)\n * - The client sends it via `X-Timber-Deployment-Id` header on every RSC/action request\n * - The server compares it against the current build's ID\n * - On mismatch: signal the client to reload (not crash)\n *\n * The deployment ID is always-on in production. Dev mode skips the check\n * (HMR handles code updates without full reloads).\n *\n * See design/25-production-deployments.md, TIM-446\n */\n\n// ─── Constants ───────────────────────────────────────────────────\n\n/** Header sent by the client with every RSC/action request. */\nexport const DEPLOYMENT_ID_HEADER = 'X-Timber-Deployment-Id';\n\n/** Response header that signals the client to do a full page reload. */\nexport const RELOAD_HEADER = 'X-Timber-Reload';\n\n// ─── Deployment ID ───────────────────────────────────────────────\n\n/**\n * The current build's deployment ID. Set at startup from the manifest init\n * module (globalThis.__TIMBER_DEPLOYMENT_ID__). Null in dev mode.\n */\nlet currentDeploymentId: string | null = null;\n\n/**\n * Set the current deployment ID. Called once at server startup from the\n * manifest init module. In dev mode this is never called (deployment ID\n * checks are skipped).\n */\nexport function setDeploymentId(id: string): void {\n currentDeploymentId = id;\n}\n\n/**\n * Get the current deployment ID. Returns null in dev mode.\n */\nexport function getDeploymentId(): string | null {\n return currentDeploymentId;\n}\n\n// ─── Skew Detection ──────────────────────────────────────────────\n\n/** Result of a version skew check. */\nexport interface SkewCheckResult {\n /** Whether the client's deployment ID matches the server's. */\n ok: boolean;\n /** The client's deployment ID (null if header not sent — e.g., initial page load). */\n clientId: string | null;\n}\n\n/**\n * Check if a request's deployment ID matches the current build.\n *\n * Returns `{ ok: true }` when:\n * - Dev mode (no deployment ID set — HMR handles updates)\n * - No deployment ID header (initial page load, non-RSC request)\n * - Deployment IDs match\n *\n * Returns `{ ok: false }` when:\n * - Client sends a deployment ID that differs from the current build\n */\nexport function checkVersionSkew(req: Request): SkewCheckResult {\n // Dev mode — no deployment ID checks (HMR handles updates)\n if (!currentDeploymentId) {\n return { ok: true, clientId: null };\n }\n\n const clientId = req.headers.get(DEPLOYMENT_ID_HEADER);\n\n // No header — initial page load or non-RSC request. Always OK.\n if (!clientId) {\n return { ok: true, clientId: null };\n }\n\n // Compare deployment IDs\n if (clientId === currentDeploymentId) {\n return { ok: true, clientId };\n }\n\n return { ok: false, clientId };\n}\n\n/**\n * Apply version skew reload headers to a response.\n * Sets X-Timber-Reload: 1 to signal the client to do a full page reload.\n */\nexport function applyReloadHeaders(headers: Headers): void {\n headers.set(RELOAD_HEADER, '1');\n}\n","/**\n * Metadata route helpers for the request pipeline.\n *\n * Handles serving static metadata files and serializing sitemap responses.\n * Extracted from pipeline.ts to keep files under 500 lines.\n *\n * See design/16-metadata.md §\"Metadata Routes\"\n */\n\nimport { readFile } from 'node:fs/promises';\n\n/**\n * Content types that are text-based and should include charset=utf-8.\n * Binary formats (images) should not include charset.\n */\nconst TEXT_CONTENT_TYPES = new Set([\n 'application/xml',\n 'text/plain',\n 'application/json',\n 'application/manifest+json',\n 'image/svg+xml',\n]);\n\n/**\n * Serve a static metadata file by reading it from disk.\n *\n * Static metadata route files (.xml, .txt, .json, .png, .ico, .svg, etc.)\n * are served as-is with the appropriate Content-Type header.\n * Text files include charset=utf-8; binary files do not.\n *\n * See design/16-metadata.md §\"Metadata Routes\"\n */\nexport async function serveStaticMetadataFile(\n metaMatch: import('./route-matcher.js').MetadataRouteMatch\n): Promise<Response> {\n const { contentType, file } = metaMatch;\n const isText = TEXT_CONTENT_TYPES.has(contentType);\n\n const body = await readFile(file.filePath);\n\n const headers: Record<string, string> = {\n 'Content-Type': isText ? `${contentType}; charset=utf-8` : contentType,\n 'Content-Length': String(body.byteLength),\n };\n\n return new Response(body, { status: 200, headers });\n}\n\n/**\n * Serialize a sitemap array to XML.\n * Follows the sitemap.org protocol: https://www.sitemaps.org/protocol.html\n */\nexport function serializeSitemap(\n entries: Array<{\n url: string;\n lastModified?: string | Date;\n changeFrequency?: string;\n priority?: number;\n }>\n): string {\n const urls = entries\n .map((e) => {\n let xml = ` <url>\\n <loc>${escapeXml(e.url)}</loc>`;\n if (e.lastModified) {\n const date = e.lastModified instanceof Date ? e.lastModified.toISOString() : e.lastModified;\n xml += `\\n <lastmod>${escapeXml(date)}</lastmod>`;\n }\n if (e.changeFrequency) {\n xml += `\\n <changefreq>${escapeXml(e.changeFrequency)}</changefreq>`;\n }\n if (e.priority !== undefined) {\n xml += `\\n <priority>${e.priority}</priority>`;\n }\n xml += '\\n </url>';\n return xml;\n })\n .join('\\n');\n\n return `<?xml version=\"1.0\" encoding=\"UTF-8\"?>\\n<urlset xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\">\\n${urls}\\n</urlset>`;\n}\n\n/**\n * Serialize a sitemap index (list of sub-sitemap URLs) to XML.\n * Used for pagination when the total URL count exceeds 50,000.\n * Follows the sitemap.org protocol: https://www.sitemaps.org/protocol.html\n */\nexport function serializeSitemapIndex(sitemapUrls: string[]): string {\n const sitemaps = sitemapUrls\n .map((url) => ` <sitemap>\\n <loc>${escapeXml(url)}</loc>\\n </sitemap>`)\n .join('\\n');\n\n return `<?xml version=\"1.0\" encoding=\"UTF-8\"?>\\n<sitemapindex xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\">\\n${sitemaps}\\n</sitemapindex>`;\n}\n\n/** Escape special XML characters. */\nexport function escapeXml(str: string): string {\n return str\n .replace(/&/g, '&amp;')\n .replace(/</g, '&lt;')\n .replace(/>/g, '&gt;')\n .replace(/\"/g, '&quot;')\n .replace(/'/g, '&apos;');\n}\n","/**\n * Interception route matching for the request pipeline.\n *\n * Matches target URLs against interception rewrites to support the\n * modal route pattern (soft navigation intercepts).\n *\n * Extracted from pipeline.ts to keep files under 500 lines.\n *\n * See design/07-routing.md §\"Intercepting Routes\"\n */\n\nimport { classifyUrlSegment } from '../routing/segment-classify.js';\n\n/** Result of a successful interception match. */\nexport interface InterceptionMatchResult {\n /** The pathname to re-match (the source/intercepting route's parent). */\n sourcePathname: string;\n}\n\n/**\n * Check if an intercepting route applies for this soft navigation.\n *\n * Matches the target pathname against interception rewrites, constrained\n * by the source URL (X-Timber-URL header — where the user navigates FROM).\n *\n * Returns the source pathname to re-match if interception applies, or null.\n */\nexport function findInterceptionMatch(\n targetPathname: string,\n sourceUrl: string,\n rewrites: import('../routing/interception.js').InterceptionRewrite[]\n): InterceptionMatchResult | null {\n for (const rewrite of rewrites) {\n // Check if the source URL starts with the intercepting prefix\n if (!sourceUrl.startsWith(rewrite.interceptingPrefix)) continue;\n\n // Check if the target URL matches the intercepted pattern.\n // Dynamic segments in the pattern match any single URL segment.\n if (pathnameMatchesPattern(targetPathname, rewrite.interceptedPattern)) {\n return { sourcePathname: rewrite.interceptingPrefix };\n }\n }\n return null;\n}\n\n/**\n * Check if a pathname matches a URL pattern with dynamic segments.\n *\n * Supports [param] (single segment) and [...param] (one or more segments).\n * Static segments must match exactly.\n */\nexport function pathnameMatchesPattern(pathname: string, pattern: string): boolean {\n const pathParts = pathname === '/' ? [] : pathname.slice(1).split('/');\n const patternParts = pattern === '/' ? [] : pattern.slice(1).split('/');\n\n let pi = 0;\n for (let i = 0; i < patternParts.length; i++) {\n const seg = classifyUrlSegment(patternParts[i]);\n\n switch (seg.kind) {\n case 'catch-all':\n return pi < pathParts.length;\n case 'optional-catch-all':\n return true;\n case 'dynamic':\n if (pi >= pathParts.length) return false;\n pi++;\n continue;\n case 'static':\n if (pi >= pathParts.length || pathParts[pi] !== seg.value) return false;\n pi++;\n continue;\n }\n }\n\n return pi === pathParts.length;\n}\n","/**\n * Segment param coercion — runs the matched route's `params.ts` codecs\n * over the raw matcher output before middleware and rendering.\n *\n * Lifted out of `pipeline-phases.ts` (TIM-853) so the coercer can be\n * imported directly by other entry points (the action-dispatch wrapper,\n * the revalidation renderer in `rsc-entry/index.ts`) without pulling\n * the entire pipeline phase module along with it.\n *\n * The function throws `ParamCoercionError` from `route-element-builder.ts`\n * on any codec failure; the pipeline catches that and dispatches to the\n * 404 page. See design/07-routing.md §\"Where Coercion Runs\".\n */\n\nimport type { RouteMatch } from './pipeline.js';\nimport { sanitizeParamValue } from './pipeline-helpers.js';\nimport { loadModule } from './safe-load.js';\nimport { ParamCoercionError } from './route-element-builder.js';\n\n/**\n * Run segment param coercion on the matched route's segments.\n *\n * Loads params.ts modules from segments that have them, extracts the\n * segmentParams definition, and coerces raw string params through codecs.\n * Throws ParamCoercionError if any codec fails (→ 404).\n *\n * This runs BEFORE middleware, so ctx.segmentParams is already typed.\n * See design/07-routing.md §\"Where Coercion Runs\"\n */\nexport async function coerceSegmentParams(match: RouteMatch): Promise<void> {\n // Unconditionally install a null-prototype target so the invariant\n // \"match.segmentParams is null-prototype\" holds from the first line,\n // regardless of whether any segment has a codec.\n const mergeTarget: Record<string, unknown> = Object.create(null);\n for (const key of Object.keys(match.segmentParams)) {\n if (key !== '__proto__') {\n mergeTarget[key] = match.segmentParams[key as keyof typeof match.segmentParams];\n }\n }\n match.segmentParams = mergeTarget as RouteMatch['segmentParams'];\n\n for (const segment of match.segments) {\n // Only process segments that have a params.ts convention file\n if (!segment.params) continue;\n\n let mod: Record<string, unknown>;\n try {\n mod = await loadModule(segment.params);\n } catch (err) {\n throw new ParamCoercionError(\n `Failed to load params module for segment \"${segment.segmentName}\": ${err instanceof Error ? err.message : String(err)}`\n );\n }\n\n const segmentParamsDef = mod.segmentParams as\n | { parse(raw: Record<string, string | string[]>): Record<string, unknown> }\n | undefined;\n\n if (!segmentParamsDef || typeof segmentParamsDef.parse !== 'function') continue;\n\n try {\n const coerced = segmentParamsDef.parse(match.segmentParams);\n\n // Deep-sanitize codec output: every nested plain object becomes\n // null-prototype with dangerous keys stripped at every depth.\n // See TIM-873, design/13-security.md\n for (const key of Object.keys(coerced as Record<string, unknown>)) {\n if (key !== '__proto__') {\n mergeTarget[key] = sanitizeParamValue((coerced as Record<string, unknown>)[key]);\n }\n }\n } catch (err) {\n throw new ParamCoercionError(err instanceof Error ? err.message : String(err));\n }\n }\n}\n","/**\n * Pipeline outcome translator — converts a `PhaseOutcome` (the value\n * each phase function returns) into a final `Response`.\n *\n * Lifted out of `pipeline-phases.ts` (TIM-853) so the per-phase try /\n * catch logic and the terminal Response-building logic each live in\n * their own file. The phases produce values; this module is the single\n * source of truth for how those values become wire responses.\n *\n * See design/07-routing.md §\"Request Lifecycle\".\n */\n\nimport {\n applyCookieJar,\n buildRedirectResponse,\n cloneWithMutableHeaders,\n fireOnRequestError,\n mergeMissingHeaders,\n} from './pipeline-helpers.js';\nimport {\n logProxyError,\n logMiddlewareError,\n logMiddlewareShortCircuit,\n logRenderError,\n} from './logger.js';\nimport { markResponseFlushed } from './request-context.js';\nimport { RedirectSignal, DenySignal } from './primitives.js';\nimport type { PipelineConfig, RouteMatch } from './pipeline.js';\n\n// ─── Phase Outcome ─────────────────────────────────────────────────────────\n\nexport type PhaseName = 'proxy' | 'middleware' | 'render';\n\nexport type PhaseOutcome =\n | { kind: 'response'; phase: PhaseName; response: Response }\n | { kind: 'redirect'; phase: PhaseName; signal: RedirectSignal }\n | { kind: 'deny'; phase: PhaseName; signal: DenySignal }\n | { kind: 'error'; phase: PhaseName; error: unknown };\n\nexport interface OutcomeContext {\n req: Request;\n method: string;\n path: string;\n responseHeaders?: Headers;\n match?: RouteMatch;\n}\n\n// ─── Translator ────────────────────────────────────────────────────────────\n\n/**\n * Terminal outcome handler — converts a `PhaseOutcome` into a final\n * `Response`, applying cookies, building redirects, rendering deny pages\n * and fallback error pages, and firing instrumentation hooks.\n *\n * This is the single source of truth for how phase outputs become wire\n * responses; the per-phase try/catch blocks now produce values, not\n * Responses, so the conversion logic lives in exactly one place.\n */\nexport async function outcomeToResponse(\n config: PipelineConfig,\n outcome: PhaseOutcome,\n ctx: OutcomeContext\n): Promise<Response> {\n switch (outcome.kind) {\n case 'response': {\n // Clone unconditionally so downstream code (cookie/header merge,\n // Server-Timing in createPipeline) can write headers without paying\n // for a try/catch immutability probe per request. User middleware,\n // proxy, and route code may all return `Response.redirect()` or\n // platform-level responses with frozen header bags. See TIM-866.\n const finalResponse = cloneWithMutableHeaders(outcome.response);\n\n if (outcome.phase === 'proxy') return finalResponse;\n\n if (outcome.phase === 'middleware' && ctx.responseHeaders) {\n applyCookieJar(finalResponse.headers);\n mergeMissingHeaders(finalResponse.headers, ctx.responseHeaders);\n logMiddlewareShortCircuit({\n method: ctx.method,\n path: ctx.path,\n status: finalResponse.status,\n });\n }\n\n if (outcome.phase === 'render') {\n markResponseFlushed();\n }\n\n return finalResponse;\n }\n\n case 'redirect': {\n const headers = ctx.responseHeaders ?? new Headers();\n applyCookieJar(headers);\n return buildRedirectResponse(outcome.signal, ctx.req, headers);\n }\n\n case 'deny': {\n const headers = ctx.responseHeaders ?? new Headers();\n applyCookieJar(headers);\n if (config.renderDenyFallback) {\n try {\n // Clone user-supplied deny-page responses so downstream\n // Server-Timing writes are safe against frozen header bags\n // (e.g. user returned Response.redirect from the hook).\n return cloneWithMutableHeaders(\n await config.renderDenyFallback(outcome.signal, ctx.req, headers, ctx.match)\n );\n } catch (denyRenderError) {\n // Deny page rendering failed — log before falling through to bare response.\n // Without this, a crashing deny page produces a blank response with zero\n // server-side signal. See TIM-876.\n logRenderError({ method: ctx.method, path: ctx.path, error: denyRenderError });\n await fireOnRequestError(denyRenderError, ctx.req, 'render');\n if (config.onPipelineError && denyRenderError instanceof Error)\n config.onPipelineError(denyRenderError, 'render');\n }\n }\n return new Response(null, { status: outcome.signal.status, headers });\n }\n\n case 'error': {\n if (outcome.phase === 'proxy') {\n logProxyError({ error: outcome.error });\n await fireOnRequestError(outcome.error, ctx.req, 'proxy');\n if (config.onPipelineError && outcome.error instanceof Error)\n config.onPipelineError(outcome.error, 'proxy');\n return new Response(null, { status: 500 });\n }\n\n if (outcome.phase === 'middleware') {\n logMiddlewareError({ method: ctx.method, path: ctx.path, error: outcome.error });\n await fireOnRequestError(outcome.error, ctx.req, 'handler');\n if (config.onPipelineError && outcome.error instanceof Error) {\n config.onPipelineError(outcome.error, 'middleware');\n }\n return new Response(null, { status: 500 });\n }\n\n const headers = ctx.responseHeaders ?? new Headers();\n applyCookieJar(headers);\n logRenderError({ method: ctx.method, path: ctx.path, error: outcome.error });\n await fireOnRequestError(outcome.error, ctx.req, 'render');\n if (config.onPipelineError && outcome.error instanceof Error)\n config.onPipelineError(outcome.error, 'render');\n if (config.renderFallbackError) {\n try {\n // Clone user-supplied fallback error responses so downstream\n // Server-Timing writes are safe against frozen header bags.\n return cloneWithMutableHeaders(\n await config.renderFallbackError(outcome.error, ctx.req, headers)\n );\n } catch (fallbackRenderError) {\n // Fallback rendering itself failed — log the secondary error before\n // falling through to bare 500. The original render error was already\n // logged above; this captures the fallback renderer's own crash so it\n // doesn't vanish silently. See TIM-876.\n logRenderError({ method: ctx.method, path: ctx.path, error: fallbackRenderError });\n await fireOnRequestError(fallbackRenderError, ctx.req, 'render');\n if (config.onPipelineError && fallbackRenderError instanceof Error)\n config.onPipelineError(fallbackRenderError, 'render');\n }\n }\n return new Response(null, { status: 500 });\n }\n }\n}\n","/**\n * Pipeline phase functions — module-level free functions that take their\n * dependencies as explicit parameters. Each phase returns a `PhaseOutcome`\n * (a discriminated union over response / redirect / deny / error) defined\n * in `pipeline-outcome.ts`. The terminal `outcomeToResponse` (also in\n * `pipeline-outcome.ts`) translates outcomes into Responses.\n *\n * Lifted out of `createPipeline` so each phase can be unit-tested in\n * isolation. The lift is mechanical — these functions used to be closures\n * over `config`; they now take `config` as an explicit parameter.\n *\n * See design/07-routing.md §\"Request Lifecycle\", design/02-rendering-pipeline.md §\"Request Flow\".\n */\n\nimport { canonicalize } from './canonicalize.js';\nimport { runProxy } from './proxy.js';\nimport { runMiddlewareChain, shouldBypassMiddleware } from './middleware-runner.js';\nimport { withTiming } from './server-timing.js';\nimport {\n applyRequestHeaderOverlay,\n setMutableCookieContext,\n setSegmentParams,\n} from './request-context.js';\nimport { withSpan } from './tracing.js';\nimport { logRenderError } from './logger.js';\nimport { RedirectSignal, DenySignal } from './primitives.js';\nimport { ParamCoercionError } from './route-element-builder.js';\nimport { checkVersionSkew, applyReloadHeaders } from './version-skew.js';\nimport { serveStaticMetadataFile, serializeSitemap } from './pipeline-metadata.js';\nimport { loadModule } from './safe-load.js';\nimport { findInterceptionMatch } from './pipeline-interception.js';\nimport { applyCookieJar, cloneWithMutableHeaders, type ProxyResolver } from './pipeline-helpers.js';\nimport { coerceSegmentParams } from './param-coercion.js';\nimport { outcomeToResponse, type PhaseOutcome } from './pipeline-outcome.js';\nimport type { InterceptionContext, PipelineConfig, RouteMatch } from './pipeline.js';\nimport type { MetadataHandler, MetadataRoute, MiddlewareContext } from './types.js';\nimport { swallow } from './logger.js';\n\ninterface RenderContext {\n canonicalPathname: string;\n interception?: InterceptionContext;\n}\n\n// ─── Phase: Proxy ──────────────────────────────────────────────────────────\n\n/**\n * Run the proxy.ts phase. Calls user proxy code and uses `handleRequest` as\n * the inner `next()` continuation. The proxy resolver was picked at pipeline\n * construction time so the hot path sees no per-request branching on the\n * `ProxyConfig` discriminant.\n */\nexport async function runProxyPhase(\n config: PipelineConfig,\n getProxy: ProxyResolver,\n req: Request,\n method: string,\n path: string\n): Promise<PhaseOutcome> {\n const detailed = config.serverTiming === 'detailed';\n try {\n const proxyExport = await getProxy();\n const proxyFn = () =>\n runProxy(proxyExport, req, () => handleRequest(config, req, method, path));\n const response = await withSpan('timber.proxy', {}, () =>\n detailed ? withTiming('proxy', 'proxy.ts', proxyFn) : proxyFn()\n );\n return { kind: 'response', phase: 'proxy', response };\n } catch (error) {\n return { kind: 'error', phase: 'proxy', error };\n }\n}\n\n// ─── Phase: Middleware ─────────────────────────────────────────────────────\n\n/**\n * Run the middleware chain phase. If the chain short-circuits with a Response,\n * returns it as a 'response' outcome. Otherwise applies the request header\n * overlay and falls through to the render phase.\n */\nexport async function runMiddlewarePhase(\n config: PipelineConfig,\n req: Request,\n match: RouteMatch,\n responseHeaders: Headers,\n requestHeaderOverlay: Headers,\n renderContext: RenderContext\n): Promise<PhaseOutcome> {\n const detailed = config.serverTiming === 'detailed';\n const ctx: MiddlewareContext = {\n req,\n requestHeaders: requestHeaderOverlay,\n headers: responseHeaders,\n segmentParams: match.segmentParams,\n earlyHints: (hints) => {\n for (const hint of hints) {\n // Match Cloudflare's cached Early Hints attribute order: `as` before `rel`.\n // Cloudflare caches Link headers and re-emits them on subsequent 200s.\n // If our order differs, the browser sees duplicate preloads and warns.\n let value: string;\n if (hint.as !== undefined) {\n value = `<${hint.href}>; as=${hint.as}; rel=${hint.rel}`;\n } else {\n value = `<${hint.href}>; rel=${hint.rel}`;\n }\n if (hint.crossOrigin !== undefined) value += `; crossorigin=${hint.crossOrigin}`;\n if (hint.fetchPriority !== undefined) value += `; fetchpriority=${hint.fetchPriority}`;\n responseHeaders.append('Link', value);\n }\n },\n };\n\n try {\n const chainFn = () => runMiddlewareChain(match.middlewareChain, ctx);\n // Enable cookie mutation during middleware (design/29-cookies.md §\"Context Tracking\")\n const middlewareResponse = await (async () => {\n setMutableCookieContext(true);\n try {\n return await withSpan('timber.middleware', {}, () =>\n detailed ? withTiming('mw', 'middleware.ts', chainFn) : chainFn()\n );\n } finally {\n setMutableCookieContext(false);\n }\n })();\n if (middlewareResponse) {\n return { kind: 'response', phase: 'middleware', response: middlewareResponse };\n }\n // Middleware chain completed without short-circuiting — apply any\n // injected request headers so getHeaders() returns them downstream.\n applyRequestHeaderOverlay(requestHeaderOverlay);\n\n // Apply cookie jar to response headers before render commits them.\n // This preserves the historical ordering where middleware cookie writes\n // are visible to route-handler header merging, while handler Set-Cookie\n // values still come after middleware cookies and therefore take precedence.\n applyCookieJar(responseHeaders);\n\n return runRenderPhase(config, req, match, responseHeaders, requestHeaderOverlay, renderContext);\n } catch (error) {\n if (error instanceof RedirectSignal) {\n return { kind: 'redirect', phase: 'middleware', signal: error };\n }\n if (error instanceof DenySignal) {\n return { kind: 'deny', phase: 'middleware', signal: error };\n }\n return { kind: 'error', phase: 'middleware', error };\n }\n}\n\n// ─── Phase: Render ─────────────────────────────────────────────────────────\n\n/**\n * Run the render phase. Wraps the configured renderer in a span and a\n * timing scope, and translates thrown signals into outcome variants.\n */\nexport async function runRenderPhase(\n config: PipelineConfig,\n req: Request,\n match: RouteMatch,\n responseHeaders: Headers,\n requestHeaderOverlay: Headers,\n { canonicalPathname, interception }: RenderContext\n): Promise<PhaseOutcome> {\n const detailed = config.serverTiming === 'detailed';\n try {\n const renderFn = () =>\n config.render(req, match, responseHeaders, requestHeaderOverlay, interception);\n const response = await withSpan('timber.render', { 'http.route': canonicalPathname }, () =>\n detailed ? withTiming('render', 'RSC + SSR render', renderFn) : renderFn()\n );\n return { kind: 'response', phase: 'render', response };\n } catch (error) {\n if (error instanceof DenySignal) {\n return { kind: 'deny', phase: 'render', signal: error };\n }\n if (error instanceof RedirectSignal) {\n return { kind: 'redirect', phase: 'render', signal: error };\n }\n return { kind: 'error', phase: 'render', error };\n }\n}\n\n// ─── Request Handler ───────────────────────────────────────────────────────\n\n/**\n * Process a single request from canonicalization through phase dispatch.\n *\n * Stages: canonicalize → metadata routes → auto-sitemap → version skew →\n * route match → interception → early hints → param coercion → middleware →\n * render → outcome translation. Pre-routing short-circuits return Responses\n * directly; post-match dispatch goes through `outcomeToResponse`.\n *\n * Used both as the top-level entry (when no proxy.ts is configured) and as\n * the `next()` continuation passed to `runProxy()`.\n */\nexport async function handleRequest(\n config: PipelineConfig,\n req: Request,\n method: string,\n path: string\n): Promise<Response> {\n const stripTrailingSlash = config.stripTrailingSlash ?? true;\n\n // Stage 1: URL canonicalization\n const url = new URL(req.url);\n const result = canonicalize(url.pathname, stripTrailingSlash);\n if (!result.ok) {\n return new Response(null, { status: result.status });\n }\n const canonicalPathname = result.pathname;\n\n // Stage 1b: Metadata route matching — runs before regular route matching.\n // Metadata routes skip middleware.ts and access.ts (public endpoints for crawlers).\n // See design/16-metadata.md §\"Pipeline Integration\"\n if (config.matchMetadataRoute) {\n const metaMatch = config.matchMetadataRoute(canonicalPathname);\n if (metaMatch) {\n try {\n // Static metadata files (.xml, .txt, .png, .ico, etc.) are served\n // directly from disk. Dynamic metadata routes (.ts, .tsx) export a\n // handler function that generates the response.\n if (metaMatch.isStatic) {\n return await serveStaticMetadataFile(metaMatch);\n }\n\n const mod = await loadModule<{ default?: MetadataHandler }>(metaMatch.file);\n if (typeof mod.default !== 'function') {\n return new Response('Metadata route must export a default function', { status: 500 });\n }\n const handlerResult = await mod.default();\n // If the handler returns a Response, normalize headers so the\n // outer Server-Timing writer can append without hitting an\n // immutable header bag (e.g. user returns Response.redirect()).\n if (handlerResult instanceof Response) {\n return cloneWithMutableHeaders(handlerResult);\n }\n // Otherwise, serialize based on content type. The type discriminator\n // here is the metadata route's declared content type (from the file\n // convention), not the shape of `handlerResult` — TS can't narrow the\n // `MetadataResult` union on that, so we assert against the expected\n // shape at each branch.\n const contentType = metaMatch.contentType;\n let body: string;\n if (typeof handlerResult === 'string') {\n body = handlerResult;\n } else if (contentType === 'application/xml') {\n body = serializeSitemap(handlerResult as MetadataRoute.Sitemap);\n } else if (contentType === 'application/manifest+json') {\n body = JSON.stringify(handlerResult, null, 2);\n } else {\n body = String(handlerResult);\n }\n return new Response(body, {\n status: 200,\n headers: { 'Content-Type': `${contentType}; charset=utf-8` },\n });\n } catch (error) {\n logRenderError({ method, path, error });\n if (config.onPipelineError && error instanceof Error)\n config.onPipelineError(error, 'metadata-route');\n return new Response(null, { status: 500 });\n }\n }\n }\n\n // Stage 1b.2: Auto-generated sitemap — serves /sitemap.xml and /sitemap/N.xml\n // when sitemap generation is enabled and no user-authored sitemap exists.\n // Runs after metadata route matching so user sitemaps always take precedence.\n // See design/16-metadata.md §\"Auto-generated Sitemap\"\n if (config.autoSitemapHandler) {\n try {\n const sitemapResponse = await config.autoSitemapHandler(canonicalPathname);\n if (sitemapResponse) return cloneWithMutableHeaders(sitemapResponse);\n } catch (error) {\n logRenderError({ method, path, error });\n if (config.onPipelineError && error instanceof Error)\n config.onPipelineError(error, 'auto-sitemap');\n return new Response(null, { status: 500 });\n }\n }\n\n // Stage 1c: Version skew detection (TIM-446).\n // For RSC payload requests (client navigation), check if the client's\n // deployment ID matches the current build. On mismatch, signal the\n // client to do a full page reload instead of returning an RSC payload\n // that references mismatched module IDs.\n const isRscRequest = (req.headers.get('Accept') ?? '').includes('text/x-component');\n if (isRscRequest) {\n const skewCheck = checkVersionSkew(req);\n if (!skewCheck.ok) {\n const reloadHeaders = new Headers();\n applyReloadHeaders(reloadHeaders);\n return new Response(null, { status: 204, headers: reloadHeaders });\n }\n }\n\n // Stage 2: Route matching\n let match = config.matchRoute(canonicalPathname);\n let interception: InterceptionContext | undefined;\n\n // Stage 2a: Intercepting route resolution (modal pattern).\n // On soft navigation, check if an intercepting route should render instead.\n // The client sends X-Timber-URL with the current pathname (where they're\n // navigating FROM). If a rewrite matches, re-route to the source URL so\n // the source layout renders with the intercepted content in the slot.\n const sourceUrl = req.headers.get('X-Timber-URL');\n if (sourceUrl && config.interceptionRewrites?.length) {\n const intercepted = findInterceptionMatch(\n canonicalPathname,\n sourceUrl,\n config.interceptionRewrites\n );\n if (intercepted) {\n const sourceMatch = config.matchRoute(intercepted.sourcePathname);\n if (sourceMatch) {\n match = sourceMatch;\n interception = { targetPathname: canonicalPathname };\n }\n }\n }\n\n if (!match) {\n // No route matched — render 404.tsx in root layout if available,\n // otherwise fall back to a bare 404 Response.\n if (config.renderNoMatch) {\n const responseHeaders = new Headers();\n return cloneWithMutableHeaders(await config.renderNoMatch(req, responseHeaders));\n }\n return new Response(null, { status: 404 });\n }\n\n // Response and request header containers — created before early hints so\n // the emitter can append Link headers (e.g. for Cloudflare CDN → 103).\n const responseHeaders = new Headers();\n const requestHeaderOverlay = new Headers();\n\n // Set Cache-Control for dynamic HTML responses. Without this header,\n // CDNs (particularly Cloudflare) may attempt to buffer/process the\n // response differently, causing intermittent multi-second delays.\n // This matches Next.js's default behavior.\n responseHeaders.set('Cache-Control', 'private, no-cache, no-store, max-age=0, must-revalidate');\n\n // Stage 2b: 103 Early Hints (before middleware, after match)\n // Fires before middleware so the browser can begin fetching critical\n // assets while middleware runs. Non-fatal — a failing emitter never\n // blocks the request.\n if (config.earlyHints) {\n try {\n await config.earlyHints(match, req, responseHeaders);\n } catch (err) {\n swallow(err, 'early hints hook threw');\n }\n }\n\n // Stage 2c: Param coercion (before middleware)\n // Load params.ts modules from matched segments and coerce raw string\n // params through defineSegmentParams codecs. Coercion failure → 404\n // (middleware never runs). See design/07-routing.md §\"Where Coercion Runs\"\n try {\n await coerceSegmentParams(match);\n } catch (error) {\n if (error instanceof ParamCoercionError) {\n // For API routes (route.ts), return a bare 404 — not an HTML page.\n // API consumers expect JSON/empty responses, not rendered HTML.\n const leafSegment = match.segments[match.segments.length - 1];\n if ((leafSegment as { route?: unknown }).route && !(leafSegment as { page?: unknown }).page) {\n return new Response(null, { status: 404 });\n }\n // Route through the app's 404 page (404.tsx in root layout) instead of\n // returning a bare empty 404 Response. Falls back to bare 404 only if\n // no renderNoMatch renderer is configured.\n if (config.renderNoMatch) {\n return cloneWithMutableHeaders(await config.renderNoMatch(req, responseHeaders));\n }\n return new Response(null, { status: 404 });\n }\n throw error;\n }\n\n // Store coerced segment params in ALS so components can access them\n // via getSegmentParams() instead of receiving them as a prop.\n // See design/07-routing.md §\"params.ts — Convention File for Typed Params\"\n setSegmentParams(match.segmentParams);\n\n // Bypass middleware for synthetic re-render requests built by the\n // action-dispatch wrapper after a no-JS form validation failure.\n // The wrapper has already executed middleware once on the inbound POST;\n // running it again on the rerender GET would double-execute auth, rate\n // limiting, and request-header injection. See TIM-871.\n const skipMiddleware = shouldBypassMiddleware(req);\n const outcome =\n !skipMiddleware && match.middlewareChain.length > 0\n ? await runMiddlewarePhase(config, req, match, responseHeaders, requestHeaderOverlay, {\n canonicalPathname,\n interception,\n })\n : await runRenderPhase(config, req, match, responseHeaders, requestHeaderOverlay, {\n canonicalPathname,\n interception,\n });\n\n return outcomeToResponse(config, outcome, {\n req,\n method,\n path,\n responseHeaders,\n match,\n });\n}\n","/**\n * Request pipeline — the central dispatch for all timber.js requests.\n *\n * Pipeline stages (in order):\n * proxy.ts → canonicalize → route match → 103 Early Hints → middleware.ts → render\n *\n * The phase functions live in `pipeline-phases.ts` so each phase can be\n * tested in isolation. The terminal `outcomeToResponse` translator and\n * stateless helpers live in `pipeline-phases.ts` and `pipeline-helpers.ts`\n * respectively. This file owns only the public type surface and the\n * `createPipeline` entry point: trace ID setup, request-context ALS,\n * Server-Timing wrapping, and the activeRequests counter.\n *\n * See design/07-routing.md §\"Request Lifecycle\", design/02-rendering-pipeline.md §\"Request Flow\",\n * and design/17-logging.md §\"Production Logging\"\n */\n\nimport type { ProxyExport } from './proxy.js';\nimport type { MiddlewareFn } from './middleware-runner.js';\nimport { runWithTimingCollector, getServerTimingHeader } from './server-timing.js';\nimport { runWithRequestContext } from './request-context.js';\nimport {\n generateTraceId,\n runWithTraceId,\n getOtelTraceId,\n replaceTraceId,\n withSpan,\n setSpanAttribute,\n} from './tracing.js';\nimport { logRequestReceived, logRequestCompleted, logSlowRequest } from './logger.js';\nimport { DenySignal } from './primitives.js';\nimport type { ManifestSegmentNode } from './route-matcher.js';\nimport { makeProxyResolver } from './pipeline-helpers.js';\nimport { handleRequest, runProxyPhase } from './pipeline-phases.js';\nimport { outcomeToResponse } from './pipeline-outcome.js';\n\n// ─── Route Match Result ────────────────────────────────────────────────────\n\n/**\n * Result of matching a canonical pathname against the route tree.\n *\n * `segments` is the runtime (`ManifestFile`-specialized) shape — the same\n * nodes carried in the virtual route manifest. TIM-863 unified this: the\n * matcher produces `ManifestSegmentNode[]` directly and every consumer\n * (render, slots, params coercion, early hints, deny fallback) sees the\n * same structural type with no `as unknown as` laundering.\n */\nexport interface RouteMatch {\n /** The matched segment chain from root to leaf. */\n segments: ManifestSegmentNode[];\n /** Extracted segment params (catch-all segments produce string[]). */\n segmentParams: Record<string, string | string[]>;\n /** Middleware chain from the segment tree, ordered root-to-leaf. */\n middlewareChain: MiddlewareFn[];\n}\n\n/** Function that matches a canonical pathname to a route. */\nexport type RouteMatcher = (pathname: string) => RouteMatch | null;\n\n/** Function that matches a canonical pathname to a metadata route. */\nexport type MetadataRouteMatcher = (\n pathname: string\n) => import('./route-matcher.js').MetadataRouteMatch | null;\n\n/** Context for intercepting route resolution (modal pattern). */\nexport interface InterceptionContext {\n /** The URL the user is navigating TO (the intercepted route). */\n targetPathname: string;\n}\n\n/** Function that renders a matched route into a Response. */\nexport type RouteRenderer = (\n req: Request,\n match: RouteMatch,\n responseHeaders: Headers,\n requestHeaderOverlay: Headers,\n interception?: InterceptionContext\n) => Response | Promise<Response>;\n\n/** Function that sends 103 Early Hints for a matched route. */\nexport type EarlyHintsEmitter = (\n match: RouteMatch,\n req: Request,\n responseHeaders: Headers\n) => void | Promise<void>;\n\n// ─── Pipeline Configuration ────────────────────────────────────────────────\n\n/**\n * Proxy source — a tagged union so the choice between \"already-resolved\n * export\" and \"lazy HMR-friendly loader\" is encoded in the type, not\n * inferred per-request.\n *\n * - `static` — the proxy export is already resolved (production, tests).\n * - `lazy` — a loader is called per-request for HMR freshness (dev).\n *\n * `PipelineConfig.proxy` also accepts a bare `ProxyExport` (a function or\n * function array) as shorthand for the static variant — convenient for tests\n * that construct a `createPipeline` config inline. Omit the field entirely\n * when the app has no `proxy.ts`.\n *\n * See design/07-routing.md §\"proxy.ts — Global Middleware\".\n */\nexport type ProxyConfig =\n | { kind: 'static'; export: ProxyExport }\n | { kind: 'lazy'; loader: () => Promise<{ default: ProxyExport }> };\n\nexport interface PipelineConfig {\n /**\n * proxy.ts source. Undefined if the app has no proxy.ts. Accepts either a\n * tagged `ProxyConfig` (canonical) or a bare `ProxyExport` as sugar for the\n * static variant.\n */\n proxy?: ProxyConfig | ProxyExport;\n /** Route matcher — resolves a canonical pathname to a RouteMatch. */\n matchRoute: RouteMatcher;\n /** Metadata route matcher — resolves metadata route pathnames (sitemap.xml, robots.txt, etc.) */\n matchMetadataRoute?: MetadataRouteMatcher;\n /** Renderer — produces the final Response for a matched route. */\n render: RouteRenderer;\n /** Renderer for no-match 404 — renders 404.tsx in root layout. */\n renderNoMatch?: (req: Request, responseHeaders: Headers) => Response | Promise<Response>;\n /** Early hints emitter — fires 103 hints after route match, before middleware. */\n earlyHints?: EarlyHintsEmitter;\n /** Whether to strip trailing slashes during canonicalization. Default: true. */\n stripTrailingSlash?: boolean;\n /** Slow request threshold in ms. Requests exceeding this emit a warning. 0 to disable. Default: 3000. */\n slowRequestMs?: number;\n /**\n * Interception rewrites — conditional routes for the modal pattern.\n * Generated at build time from intercepting route directories.\n * See design/07-routing.md §\"Intercepting Routes\"\n */\n interceptionRewrites?: import('../routing/interception.js').InterceptionRewrite[];\n /**\n * Control Server-Timing header output.\n *\n * - `'detailed'` — per-phase breakdown (proxy, middleware, render).\n * - `'total'` — single `total;dur=N` entry (production-safe).\n * - `false` — no Server-Timing header at all.\n *\n * Default: `'total'`.\n */\n serverTiming?: 'detailed' | 'total' | false;\n /**\n * Auto-generated sitemap handler. When provided, the pipeline intercepts\n * `/sitemap.xml` and `/sitemap/N.xml` requests and delegates to this\n * function. Returns a Response or null (pass-through to regular routing).\n *\n * See design/16-metadata.md §\"Auto-generated Sitemap\"\n */\n autoSitemapHandler?: (pathname: string) => Promise<Response | null>;\n /**\n * Dev pipeline error callback — called when a pipeline phase (proxy,\n * middleware, render) catches an unhandled error. Used to wire the error\n * into the Vite browser error overlay in dev mode.\n *\n * Undefined in production — zero overhead.\n */\n onPipelineError?: (error: Error, phase: string) => void;\n\n /**\n * Fallback error renderer — called when a catastrophic error escapes the\n * render phase. Produces an HTML Response instead of a bare empty 500.\n *\n * In dev mode, this renders a styled error page with the error message\n * and stack trace. In production, this attempts to render the app's\n * error.tsx / 5xx.tsx / 500.tsx from the root segment.\n *\n * If this function throws, the pipeline falls back to a bare\n * `new Response(null, { status: 500 })`.\n */\n renderFallbackError?: (\n error: unknown,\n req: Request,\n responseHeaders: Headers\n ) => Response | Promise<Response>;\n /**\n * Fallback deny page renderer — called when a DenySignal escapes from\n * middleware or the render phase. Renders the appropriate status-code\n * page (403.tsx, 404.tsx, etc.) instead of returning a bare empty response.\n *\n * If this function throws, the pipeline falls back to a bare\n * `new Response(null, { status: denyStatus })`.\n */\n renderDenyFallback?: (\n deny: DenySignal,\n req: Request,\n responseHeaders: Headers,\n /**\n * The matched route, if available. Provided by both the middleware-stage\n * and render-stage catch blocks (matching runs before middleware). When\n * present, the renderer should resolve the deny status file against the\n * matched chain so colocated `403.tsx`/`4xx.tsx`/`401.json` files are\n * picked up. Falls back to the root-only chain when omitted (e.g. for\n * deny()s thrown before route matching could complete). See TIM-822.\n */\n match?: RouteMatch\n ) => Response | Promise<Response>;\n}\n\n// ─── Pipeline ──────────────────────────────────────────────────────────────\n\n/**\n * Create the request handler from a pipeline configuration.\n *\n * Returns a function that processes an incoming Request through all pipeline\n * stages and produces a Response. This is the top-level entry point for the\n * server. The body is intentionally small — phase logic lives in\n * `pipeline-phases.ts`. This function only owns the per-request setup that\n * has to wrap the entire dispatch: trace ID, request context ALS, span\n * scope, Server-Timing header emission, and the active-request counter.\n */\nexport function createPipeline(config: PipelineConfig): (req: Request) => Promise<Response> {\n // Resolve the proxy source once. The request hot path calls this closure\n // directly with no discriminant check — the branch is taken here during\n // setup. For the lazy variant, `loader()` still runs per-request so HMR\n // continues to re-import the user's proxy.ts.\n const proxyResolver = makeProxyResolver(config.proxy);\n const slowRequestMs = config.slowRequestMs ?? 3000;\n const serverTiming = config.serverTiming ?? 'total';\n\n // Concurrent request counter — tracks how many requests are in-flight.\n // Logged with each request for diagnosing resource contention.\n let activeRequests = 0;\n\n return async (req: Request): Promise<Response> => {\n const url = new URL(req.url);\n const method = req.method;\n const path = url.pathname;\n const startTime = performance.now();\n activeRequests++;\n\n // Establish per-request trace ID scope (design/17-logging.md §\"trace_id is Always Set\").\n // This runs before runWithRequestContext so traceId() is available from the\n // very first line of proxy.ts, middleware.ts, and all server code.\n const traceIdValue = generateTraceId();\n\n return runWithTraceId(traceIdValue, async () => {\n // Establish request context ALS scope so getHeaders() and getCookies() work\n // throughout the entire request lifecycle (proxy, middleware, render).\n return runWithRequestContext(req, async () => {\n // In dev mode, wrap with timing collector for Server-Timing header.\n // The collector uses ALS so timing entries are per-request.\n const runRequest = async () => {\n logRequestReceived({ method, path });\n\n const response = await withSpan(\n 'http.server.request',\n { 'http.request.method': method, 'url.path': path },\n async () => {\n // If OTEL is active, the root span now exists — replace the UUID\n // fallback with the real OTEL trace ID for log–trace correlation.\n const otelIds = await getOtelTraceId();\n if (otelIds) {\n replaceTraceId(otelIds.traceId, otelIds.spanId);\n }\n\n let result: Response;\n if (proxyResolver) {\n const outcome = await runProxyPhase(config, proxyResolver, req, method, path);\n result = await outcomeToResponse(config, outcome, { req, method, path });\n } else {\n result = await handleRequest(config, req, method, path);\n }\n\n // Set response status on the root span before it ends —\n // DevSpanProcessor reads this for tree/summary output.\n await setSpanAttribute('http.response.status_code', result.status);\n\n // Append Server-Timing header based on configured mode.\n // Header mutability is guaranteed by the producer-side clone\n // in `outcomeToResponse` and the metadata-route / auto-sitemap\n // user-handler clones in `handleRequest`, so we can write\n // directly without a runtime probe. See TIM-866.\n if (serverTiming === 'detailed') {\n // Detailed: per-phase breakdown (proxy, middleware, render).\n const timingHeader = getServerTimingHeader();\n if (timingHeader) {\n result.headers.set('Server-Timing', timingHeader);\n }\n } else if (serverTiming === 'total') {\n // Total only: single `total;dur=N` — no phase names.\n // Prevents information disclosure while giving browser\n // DevTools useful timing data.\n const totalMs = Math.round(performance.now() - startTime);\n result.headers.set('Server-Timing', `total;dur=${totalMs}`);\n }\n // serverTiming === false: no header at all\n\n return result;\n }\n );\n\n // Post-span: structured production logging\n const durationMs = Math.round(performance.now() - startTime);\n const status = response.status;\n const concurrency = activeRequests;\n activeRequests--;\n logRequestCompleted({ method, path, status, durationMs, concurrency });\n\n if (slowRequestMs > 0 && durationMs > slowRequestMs) {\n logSlowRequest({ method, path, durationMs, threshold: slowRequestMs, concurrency });\n }\n\n return response;\n };\n\n return serverTiming === 'detailed' ? runWithTimingCollector(runRequest) : runRequest();\n });\n });\n };\n}\n","/**\n * Build manifest types and utilities for CSS and JS asset tracking.\n *\n * The build manifest maps route segment file paths to their output\n * chunks from Vite's client build. This enables:\n * - <link rel=\"stylesheet\"> injection in HTML <head>\n * - <script type=\"module\"> with hashed URLs in production\n * - <link rel=\"modulepreload\"> for client chunk dependencies\n * - Link preload headers for Early Hints (103)\n *\n * In dev mode, Vite's HMR client handles CSS/JS injection, so the build\n * manifest is empty. In production, it's populated from Vite's\n * .vite/manifest.json after the client build.\n *\n * Design docs: 18-build-system.md §\"Build Manifest\", 02-rendering-pipeline.md §\"Early Hints\"\n */\n\n/** A font asset entry in the build manifest. */\nexport interface ManifestFontEntry {\n /** URL path to the font file (e.g. `/_timber/fonts/inter-latin-400-abc123.woff2`). */\n href: string;\n /** Font format (e.g. `woff2`). */\n format: string;\n /** Crossorigin attribute — always `anonymous` for fonts. */\n crossOrigin: string;\n}\n\n/** Build manifest mapping input file paths to output asset URLs. */\nexport interface BuildManifest {\n /** Map from input file path (relative to project root) to output CSS URLs. */\n css: Record<string, string[]>;\n /** Map from input file path to output JS chunk URL (hashed filename). */\n js: Record<string, string>;\n /** Map from input file path to transitive JS dependency URLs for modulepreload. */\n modulepreload: Record<string, string[]>;\n /** Map from input file path to font assets used by that module. */\n fonts: Record<string, ManifestFontEntry[]>;\n}\n\n/** Empty build manifest used in dev mode. */\nexport const EMPTY_BUILD_MANIFEST: BuildManifest = {\n css: {},\n js: {},\n modulepreload: {},\n fonts: {},\n};\n\n/** Segment shape expected by collectRouteCss (matches ManifestSegmentNode). */\ninterface SegmentWithFiles {\n layout?: { filePath: string };\n page?: { filePath: string };\n}\n\n/**\n * Collect all CSS files needed for a matched route's segment chain.\n *\n * Walks segments root → leaf, collecting CSS for each layout and page.\n * Deduplicates while preserving order (root layout CSS first).\n */\nexport function collectRouteCss(segments: SegmentWithFiles[], manifest: BuildManifest): string[] {\n const seen = new Set<string>();\n const result: string[] = [];\n\n for (const segment of segments) {\n for (const file of [segment.layout, segment.page]) {\n if (!file) continue;\n const cssFiles = manifest.css[file.filePath];\n if (!cssFiles) continue;\n for (const url of cssFiles) {\n if (!seen.has(url)) {\n seen.add(url);\n result.push(url);\n }\n }\n }\n }\n\n return result;\n}\n\n/**\n * Generate <link rel=\"stylesheet\"> tags for CSS URLs.\n *\n * Returns an HTML string to prepend to headHtml for injection\n * via injectHead() before </head>.\n */\nexport function buildCssLinkTags(cssUrls: string[]): string {\n // Emit <link rel=\"stylesheet\"> tags as a fallback for platforms where\n // React's Float system (via @vitejs/plugin-rsc preinit with\n // data-precedence) doesn't handle CSS injection. In practice, Float\n // deduplicates and these may be dropped. No preload hints — Float\n // already starts the fetch via preinit(), and redundant preloads\n // cause \"ignored due to unknown as/type\" browser warnings.\n return cssUrls.map((url) => `<link rel=\"stylesheet\" href=\"${url}\">`).join('');\n}\n\n/**\n * Generate a Link header value for CSS preload hints.\n *\n * Cloudflare CDN automatically converts Link headers with rel=preload\n * into 103 Early Hints responses. This avoids platform-specific 103\n * sending code.\n *\n * Example output: `</assets/root.css>; as=style; rel=preload, </assets/page.css>; as=style; rel=preload`\n */\nexport function buildLinkHeaders(cssUrls: string[]): string {\n return cssUrls.map((url) => `<${url}>; as=style; rel=preload`).join(', ');\n}\n\n// ─── Font utilities ──────────────────────────────────────────────────────\n\n/**\n * Collect all font entries needed for a matched route's segment chain.\n *\n * Walks segments root → leaf, collecting fonts for each layout and page.\n * Deduplicates by href while preserving order.\n */\nexport function collectRouteFonts(\n segments: SegmentWithFiles[],\n manifest: BuildManifest\n): ManifestFontEntry[] {\n const seen = new Set<string>();\n const result: ManifestFontEntry[] = [];\n\n for (const segment of segments) {\n for (const file of [segment.layout, segment.page]) {\n if (!file) continue;\n const fonts = manifest.fonts[file.filePath];\n if (!fonts) continue;\n for (const entry of fonts) {\n if (!seen.has(entry.href)) {\n seen.add(entry.href);\n result.push(entry);\n }\n }\n }\n }\n\n return result;\n}\n\n/**\n * Generate <link rel=\"preload\"> tags for font assets.\n *\n * Font preloads use `as=font` and always include `crossorigin` (required\n * for font preloads even for same-origin resources per the spec).\n */\nexport function buildFontPreloadTags(fonts: ManifestFontEntry[]): string {\n return fonts\n .map(\n (f) =>\n `<link rel=\"preload\" href=\"${f.href}\" as=\"font\" type=\"font/${f.format}\" crossorigin=\"${f.crossOrigin}\">`\n )\n .join('');\n}\n\n/**\n * Generate Link header values for font preload hints.\n *\n * Cloudflare CDN converts Link headers with rel=preload into 103 Early Hints.\n *\n * Example: `</fonts/inter.woff2>; as=font; rel=preload; crossorigin`\n */\nexport function buildFontLinkHeaders(fonts: ManifestFontEntry[]): string {\n return fonts.map((f) => `<${f.href}>; as=font; rel=preload; crossorigin`).join(', ');\n}\n\n// ─── JS chunk utilities ──────────────────────────────────────────────────\n\n/**\n * Collect JS chunk URLs for a matched route's segment chain.\n *\n * Walks segments root → leaf, collecting the JS chunk for each layout\n * and page. Deduplicates while preserving order.\n */\nexport function collectRouteJs(segments: SegmentWithFiles[], manifest: BuildManifest): string[] {\n const seen = new Set<string>();\n const result: string[] = [];\n\n for (const segment of segments) {\n for (const file of [segment.layout, segment.page]) {\n if (!file) continue;\n const jsUrl = manifest.js[file.filePath];\n if (!jsUrl) continue;\n if (!seen.has(jsUrl)) {\n seen.add(jsUrl);\n result.push(jsUrl);\n }\n }\n }\n\n return result;\n}\n\n/**\n * Collect modulepreload URLs for a matched route's segment chain.\n *\n * Walks segments root → leaf, collecting transitive JS dependencies\n * for each layout and page. Deduplicates across segments.\n */\nexport function collectRouteModulepreloads(\n segments: SegmentWithFiles[],\n manifest: BuildManifest\n): string[] {\n const seen = new Set<string>();\n const result: string[] = [];\n\n for (const segment of segments) {\n for (const file of [segment.layout, segment.page]) {\n if (!file) continue;\n const preloads = manifest.modulepreload[file.filePath];\n if (!preloads) continue;\n for (const url of preloads) {\n if (!seen.has(url)) {\n seen.add(url);\n result.push(url);\n }\n }\n }\n }\n\n return result;\n}\n\n/**\n * Generate <link rel=\"modulepreload\"> tags for JS dependency URLs.\n *\n * Modulepreload hints tell the browser to fetch and parse JS modules\n * before they're needed, reducing waterfall latency for dynamic imports.\n */\nexport function buildModulepreloadTags(urls: string[]): string {\n return urls.map((url) => `<link rel=\"modulepreload\" href=\"${url}\">`).join('');\n}\n\n/**\n * Generate a <script type=\"module\"> tag for a JS entry point.\n */\nexport function buildEntryScriptTag(url: string): string {\n return `<script type=\"module\" src=\"${url}\"></script>`;\n}\n","/**\n * 103 Early Hints utilities.\n *\n * Early Hints are sent before the final response to let the browser\n * start fetching critical resources (CSS, fonts, JS) while the server\n * is still rendering.\n *\n * The framework collects hints from two sources:\n * 1. Build manifest — CSS, fonts, and JS chunks known at route-match time\n * 2. ctx.earlyHints() — explicit hints added by middleware or route handlers\n *\n * Both are emitted as Link headers. Cloudflare CDN automatically converts\n * Link headers into 103 Early Hints responses.\n *\n * Design docs: 02-rendering-pipeline.md §\"Early Hints (103)\"\n */\n\nimport {\n collectRouteCss,\n collectRouteFonts,\n collectRouteModulepreloads,\n} from './build-manifest.js';\nimport type { BuildManifest } from './build-manifest.js';\n\n/** Minimal segment shape needed for early hint collection. */\ninterface SegmentWithFiles {\n layout?: { filePath: string };\n page?: { filePath: string };\n}\n\n// ─── EarlyHint type ───────────────────────────────────────────────────────\n\n/**\n * A single Link header hint for 103 Early Hints.\n *\n * ```ts\n * ctx.earlyHints([\n * { href: '/styles/critical.css', rel: 'preload', as: 'style' },\n * { href: 'https://fonts.googleapis.com', rel: 'preconnect' },\n * ])\n * ```\n */\nexport interface EarlyHint {\n /** The resource URL (absolute or root-relative). */\n href: string;\n /** Link relation — `preload`, `modulepreload`, or `preconnect`. */\n rel: 'preload' | 'modulepreload' | 'preconnect';\n /** Resource type for `preload` hints (omit for `modulepreload` / `preconnect`). */\n as?: 'style' | 'script' | 'font' | 'image' | 'fetch' | 'document';\n /** Crossorigin attribute — required for font preloads per spec. */\n crossOrigin?: 'anonymous' | 'use-credentials';\n /** Fetch priority hint — `high`, `low`, or `auto`. */\n fetchPriority?: 'high' | 'low' | 'auto';\n}\n\n// ─── formatLinkHeader ─────────────────────────────────────────────────────\n\n/**\n * Format a single EarlyHint as a Link header value.\n *\n * Attribute order: `as` before `rel` to match Cloudflare CDN's cached\n * Early Hints format. Cloudflare caches Link headers from 200 responses\n * and re-emits them as 103 Early Hints on subsequent requests. If our\n * attribute order differs from Cloudflare's cached copy, the browser\n * sees two preload headers for the same URL (different attribute order)\n * and warns \"Preload was ignored.\" Matching the order ensures the\n * browser deduplicates them correctly.\n *\n * Examples:\n * `</styles/root.css>; as=style; rel=preload`\n * `</fonts/inter.woff2>; as=font; rel=preload; crossorigin=anonymous`\n * `</_timber/client.js>; rel=modulepreload`\n * `<https://fonts.googleapis.com>; rel=preconnect`\n */\nexport function formatLinkHeader(hint: EarlyHint): string {\n // For preload hints, emit `as` before `rel` to match Cloudflare's\n // cached header format and avoid duplicate preload warnings.\n if (hint.as !== undefined) {\n let value = `<${hint.href}>; as=${hint.as}; rel=${hint.rel}`;\n if (hint.crossOrigin !== undefined) value += `; crossorigin=${hint.crossOrigin}`;\n if (hint.fetchPriority !== undefined) value += `; fetchpriority=${hint.fetchPriority}`;\n return value;\n }\n // For modulepreload / preconnect (no `as`), emit rel first.\n let value = `<${hint.href}>; rel=${hint.rel}`;\n if (hint.crossOrigin !== undefined) value += `; crossorigin=${hint.crossOrigin}`;\n if (hint.fetchPriority !== undefined) value += `; fetchpriority=${hint.fetchPriority}`;\n return value;\n}\n\n// ─── collectEarlyHintHeaders ──────────────────────────────────────────────\n\n/** Options for early hint collection. */\nexport interface EarlyHintOptions {\n /** Skip JS modulepreload hints (e.g. when client JavaScript is disabled). */\n skipJs?: boolean;\n}\n\n/**\n * Collect all Link header strings for a matched route's segment chain.\n *\n * Walks the build manifest to emit hints for:\n * - CSS stylesheets (as=style; rel=preload)\n * - Font assets (as=font; rel=preload; crossorigin)\n * - JS modulepreload hints (rel=modulepreload) — unless skipJs is set\n *\n * Also emits global CSS from the `_global` manifest key. Route files\n * are server components that don't appear in the client bundle, so\n * per-route CSS keying doesn't work with the RSC plugin. The `_global`\n * key contains all CSS assets from the client build — fine for early\n * hints since they're just prefetch signals.\n *\n * Returns formatted Link header strings, deduplicated by URL, root → leaf order.\n * Returns an empty array in dev mode (manifest is empty).\n */\nexport function collectEarlyHintHeaders(\n segments: SegmentWithFiles[],\n manifest: BuildManifest,\n options?: EarlyHintOptions\n): string[] {\n const result: string[] = [];\n // Dedup by URL (href), not by full formatted header string.\n // Different code paths can produce the same URL with different attribute\n // ordering, which would bypass a full-string dedup and produce duplicate\n // Link headers that trigger browser \"preload was ignored\" warnings.\n const seenUrls = new Set<string>();\n\n const add = (url: string, header: string) => {\n if (!seenUrls.has(url)) {\n seenUrls.add(url);\n result.push(header);\n }\n };\n\n // Per-route CSS — as=style; rel=preload\n for (const url of collectRouteCss(segments, manifest)) {\n add(url, formatLinkHeader({ href: url, rel: 'preload', as: 'style' }));\n }\n\n // Global CSS — all CSS assets from the client bundle.\n // Covers CSS that the RSC plugin injects via data-rsc-css-href,\n // which isn't keyed to route segments in our manifest.\n for (const url of manifest.css['_global'] ?? []) {\n add(url, formatLinkHeader({ href: url, rel: 'preload', as: 'style' }));\n }\n\n // Fonts — as=font; rel=preload; crossorigin (crossorigin required per spec)\n for (const font of collectRouteFonts(segments, manifest)) {\n add(\n font.href,\n formatLinkHeader({ href: font.href, rel: 'preload', as: 'font', crossOrigin: 'anonymous' })\n );\n }\n\n // JS chunks — rel=modulepreload (skip when client JS is disabled)\n if (!options?.skipJs) {\n for (const url of collectRouteModulepreloads(segments, manifest)) {\n add(url, formatLinkHeader({ href: url, rel: 'modulepreload' }));\n }\n }\n\n return result;\n}\n","/**\n * Per-request 103 Early Hints sender — ALS bridge for platform adapters.\n *\n * The pipeline collects Link headers for CSS, fonts, and JS chunks at\n * route-match time. On platforms that support it (Node.js v18.11+, Bun),\n * the adapter can send these as a 103 Early Hints interim response before\n * the final response is ready.\n *\n * This module provides an ALS-based bridge: the generated entry point\n * (e.g., the Nitro entry) wraps the handler with `runWithEarlyHintsSender`,\n * binding a per-request sender function. The pipeline calls\n * `sendEarlyHints103()` to fire the 103 if a sender is available.\n *\n * On platforms where 103 is handled at the CDN level (e.g., Cloudflare\n * converts Link headers into 103 automatically), no sender is installed\n * and `sendEarlyHints103()` is a no-op.\n *\n * Design doc: 02-rendering-pipeline.md §\"Early Hints (103)\"\n */\n\nimport { earlyHintsSenderAls } from './als-registry.js';\nimport { swallow } from './logger.js';\n\n/** Function that sends Link header values as a 103 Early Hints response. */\nexport type EarlyHintsSenderFn = (links: string[]) => void;\n\n/**\n * Run a function with a per-request early hints sender installed.\n *\n * Called by generated entry points (e.g., Nitro node-server/bun) to\n * bind the platform's writeEarlyHints capability for the request duration.\n */\nexport function runWithEarlyHintsSender<T>(sender: EarlyHintsSenderFn, fn: () => T): T {\n return earlyHintsSenderAls.run(sender, fn);\n}\n\n/**\n * Send collected Link headers as a 103 Early Hints response.\n *\n * No-op if no sender is installed for the current request (e.g., on\n * Cloudflare where the CDN handles 103 automatically, or in dev mode).\n *\n * Non-fatal: errors from the sender are caught and silently ignored.\n */\nexport function sendEarlyHints103(links: string[]): void {\n if (!links.length) return;\n const sender = earlyHintsSenderAls.getStore();\n if (!sender) return;\n try {\n sender(links);\n } catch (err) {\n swallow(err, 'early hints 103 send failed');\n }\n}\n","/**\n * Element tree construction for timber.js rendering.\n *\n * Builds a unified React element tree from a matched segment chain, bottom-up:\n * page → status-code error boundaries → access gates → layout → repeat up segment chain\n *\n * The tree is rendered via a single `renderToReadableStream` call,\n * giving one `React.cache` scope for the entire route.\n *\n * See design/02-rendering-pipeline.md §\"Element Tree Construction\"\n */\n\nimport type { ReactNode } from 'react';\nimport type { RouteFile, SegmentNode } from '../routing/types.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\n/** A loaded module for a route file convention. */\nexport interface LoadedModule {\n /** The default export (component, access function, etc.) */\n default?: unknown;\n /** Named exports (for route.ts method handlers, metadata, etc.) */\n [key: string]: unknown;\n}\n\n/** Function that loads a route file's module. */\nexport type ModuleLoader = (file: RouteFile) => LoadedModule | Promise<LoadedModule>;\n\n/**\n * A React component reference loaded from a route module's default export.\n *\n * Loaded modules' `default` is typed as `unknown` (modules are dynamic), so\n * call sites narrow it through `isValidElementType` (below) before treating\n * it as a component. The signature is a callable returning `ReactNode` —\n * TypeScript's view of every valid React component shape, including exotic\n * components (`memo`, `forwardRef`, `lazy`) which the type system treats as\n * callable even though their runtime values are objects with `$$typeof`\n * markers rather than functions.\n */\nexport type LoadedComponent = (...args: unknown[]) => ReactNode;\n\n// Marker symbols React stamps onto exotic component types. Mirrors the\n// internal `isValidElementType` check in `react.development.js` — React\n// doesn't export it, and we don't want to add `react-is` just for this one\n// validation. Inlined the same way `isClientReference` in\n// `route-element-builder.ts` inlines the client-reference marker.\nconst REACT_FORWARD_REF_TYPE = Symbol.for('react.forward_ref');\nconst REACT_MEMO_TYPE = Symbol.for('react.memo');\nconst REACT_LAZY_TYPE = Symbol.for('react.lazy');\nconst REACT_PROVIDER_TYPE = Symbol.for('react.provider');\nconst REACT_CONTEXT_TYPE = Symbol.for('react.context');\nconst REACT_SUSPENSE_TYPE = Symbol.for('react.suspense');\nconst REACT_SUSPENSE_LIST_TYPE = Symbol.for('react.suspense_list');\nconst REACT_CLIENT_REFERENCE_TYPE = Symbol.for('react.client.reference');\n\nconst REACT_COMPONENT_TYPE_MARKERS: ReadonlySet<symbol> = new Set([\n REACT_FORWARD_REF_TYPE,\n REACT_MEMO_TYPE,\n REACT_LAZY_TYPE,\n REACT_PROVIDER_TYPE,\n REACT_CONTEXT_TYPE,\n REACT_SUSPENSE_TYPE,\n REACT_SUSPENSE_LIST_TYPE,\n REACT_CLIENT_REFERENCE_TYPE,\n]);\n\n/**\n * Validate that a loaded module's `default` export is something React\n * accepts as the first argument to `createElement` — i.e. a valid component\n * type. React doesn't export `isValidElementType` (only `isValidElement`,\n * which checks for *elements*, not *component types*), so this mirrors\n * React's internal check:\n *\n * - functions → function or class components\n * - objects with a `$$typeof` matching one of React's known component\n * markers → exotic components (`memo`, `forwardRef`, `lazy`, context,\n * suspense, client references via `@vitejs/plugin-rsc`)\n *\n * Strings (HTML tag names) are valid for `createElement` but never appear\n * as a route module's default export, so they're not recognized here.\n *\n * Anything else (numbers, plain config objects, JSON, etc.) is rejected so\n * the boundary wrapper is skipped rather than crashing inside React.\n */\nfunction isValidElementType(value: unknown): value is LoadedComponent {\n if (typeof value === 'function') return true;\n if (typeof value !== 'object' || value === null) return false;\n const marker = (value as { $$typeof?: unknown }).$$typeof;\n return typeof marker === 'symbol' && REACT_COMPONENT_TYPE_MARKERS.has(marker);\n}\n\n/**\n * Function that creates a React element. Matches React.createElement signature.\n *\n * `props` is typed as `object | null` rather than `Record<string, unknown>` so\n * that interface types with known keys (e.g. `AccessGateProps`,\n * `ErrorBoundaryProps`) flow through without an explicit index-signature cast.\n */\nexport type CreateElement = (\n type: unknown,\n props: object | null,\n ...children: unknown[]\n) => ReactNode;\n\n/**\n * Resolved slot content for a layout.\n * Key is slot name (without @), value is the element tree for that slot.\n */\nexport type SlotElements = Map<string, ReactNode>;\n\n/** Configuration for the tree builder. */\nexport interface TreeBuilderConfig {\n /** The matched segment chain from root to leaf. */\n segments: SegmentNode[];\n /** Loads a route file's module. */\n loadModule: ModuleLoader;\n /** React.createElement or equivalent. */\n createElement: CreateElement;\n /**\n * Error boundary component for wrapping segments.\n *\n * This is injected by the caller rather than imported directly to avoid\n * pulling 'use client' code into the server barrel (@timber-js/app/server).\n * In the RSC environment, the RSC plugin transforms this import to a\n * client reference proxy — the caller handles the import so the server\n * barrel stays free of client dependencies.\n */\n errorBoundaryComponent?: unknown;\n}\n\n// ─── Component wrappers ──────────────────────────────────────────────────────\n\n/**\n * Framework-injected access gate component.\n *\n * When `verdict` is provided (from the pre-render pass), AccessGate replays\n * the stored result synchronously — no re-execution, no async, immune to\n * Suspense timing. When `verdict` is absent, falls back to calling `accessFn`\n * (backward compat for tree-builder.ts which doesn't run a pre-render pass).\n */\nexport interface AccessGateProps {\n accessFn: () => unknown;\n /** Segment name for dev logging (e.g. \"authenticated\", \"dashboard\"). */\n segmentName?: string;\n /**\n * Pre-computed verdict from the pre-render pass. When set, AccessGate\n * replays this verdict synchronously instead of calling accessFn.\n * - 'pass': render children\n * - DenySignal/RedirectSignal: throw synchronously\n */\n verdict?:\n | 'pass'\n | import('./primitives.js').DenySignal\n | import('./primitives.js').RedirectSignal;\n /**\n * Deny page fallback chain. When provided and a DenySignal is caught,\n * AccessGate renders the matching deny page in-tree instead of throwing.\n * This prevents the error from reaching React Flight, eliminating the\n * second render pass. See TIM-666.\n */\n denyPages?: import('./deny-boundary.js').DenyPageEntry[];\n children: ReactNode;\n}\n\n/**\n * Framework-injected slot access gate component.\n * On denial, renders denied.tsx → default.tsx → null instead of failing the page.\n *\n * DeniedComponent is passed instead of a pre-built element so that\n * SlotAccessGate can forward DenySignal.data as dangerouslyPassData\n * and slotName as the slot prop after catching the signal.\n */\nexport interface SlotAccessGateProps {\n accessFn: () => unknown;\n /** The denied.tsx component (not a pre-built element). null if no denied.tsx exists. */\n DeniedComponent: LoadedComponent | null;\n /** Slot directory name without @ prefix (e.g. \"admin\", \"sidebar\"). */\n slotName: string;\n /** createElement function for building elements dynamically. */\n createElement: CreateElement;\n defaultFallback: ReactNode;\n children: ReactNode;\n}\n\n/**\n * Framework-injected error boundary wrapper.\n * Wraps content with status-code error boundary handling.\n *\n * Field types must agree with `TimberErrorBoundaryProps` in\n * `client/error-boundary.tsx`. The two are kept structurally compatible by\n * convention rather than by direct type import — tree-builder.ts is the\n * server-side construction site and may not import types from a 'use client'\n * module to keep the server barrel free of client coupling.\n */\nexport interface ErrorBoundaryProps {\n /** The component to render when an error is caught (TSX status files). */\n fallbackComponent?: LoadedComponent;\n /** Pre-rendered fallback element (MDX status files — see TIM-503). */\n fallbackElement?: ReactNode;\n /** Status code filter: 400 = any 4xx, 500 = any 5xx, specific number = exact match. */\n status?: number;\n children: ReactNode;\n}\n\n// ─── Tree Builder ────────────────────────────────────────────────────────────\n\n/**\n * Result of building the element tree.\n */\nexport interface TreeBuildResult {\n /**\n * The root React element tree ready for renderToReadableStream.\n * `null` for API routes (route.ts), which don't render a React tree.\n */\n tree: ReactNode;\n /** Whether the leaf segment is a route.ts (API endpoint) rather than a page. */\n isApiRoute: boolean;\n}\n\n/**\n * Build the unified element tree from a matched segment chain.\n *\n * Construction is bottom-up:\n * 1. Start with the page component (leaf segment)\n * 2. Wrap in status-code error boundaries (fallback chain)\n * 3. Wrap in AccessGate (if segment has access.ts)\n * 4. Pass as children to the segment's layout\n * 5. Repeat up the segment chain to root\n *\n * Parallel slots are resolved at each layout level and composed as named props.\n */\nexport async function buildElementTree(config: TreeBuilderConfig): Promise<TreeBuildResult> {\n const { segments, loadModule, createElement, errorBoundaryComponent } = config;\n\n if (segments.length === 0) {\n throw new Error('[timber] buildElementTree: empty segment chain');\n }\n\n const leaf = segments[segments.length - 1];\n\n // API routes (route.ts) don't build a React tree\n if (leaf.route && !leaf.page) {\n return { tree: null, isApiRoute: true };\n }\n\n // Start with the page component\n const pageModule = leaf.page ? await loadModule(leaf.page) : null;\n const PageComponent = pageModule?.default as LoadedComponent | undefined;\n\n if (!PageComponent) {\n throw new Error(\n `[timber] No page component found for route at ${leaf.urlPath}. ` +\n 'Each route must have a page.tsx or route.ts.'\n );\n }\n\n // Build the page element — params are accessed via getSegmentParams() from ALS\n let element: ReactNode = createElement(PageComponent, {});\n\n // Build tree bottom-up: wrap page, then walk segments from leaf to root\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n\n // Wrap in error boundaries (status-code files + error.tsx)\n element = await wrapWithErrorBoundaries(\n segment,\n element,\n loadModule,\n createElement,\n errorBoundaryComponent\n );\n\n // Wrap in AccessGate if segment has access.ts\n if (segment.access) {\n const accessModule = await loadModule(segment.access);\n const accessFn = accessModule.default as AccessGateProps['accessFn'];\n element = createElement('timber:access-gate', {\n accessFn,\n segmentName: segment.segmentName,\n children: element,\n } satisfies AccessGateProps);\n }\n\n // Wrap in layout (if exists and not the leaf's page-level wrapping)\n if (segment.layout) {\n const layoutModule = await loadModule(segment.layout);\n const LayoutComponent = layoutModule.default as LoadedComponent | undefined;\n\n if (LayoutComponent) {\n // Resolve parallel slots for this layout\n const slotProps: Record<string, ReactNode> = {};\n const slotNames = Object.keys(segment.slots);\n if (slotNames.length > 0) {\n for (const slotName of slotNames) {\n const slotNode = segment.slots[slotName]!;\n slotProps[slotName] = await buildSlotElement(\n slotNode,\n loadModule,\n createElement,\n errorBoundaryComponent\n );\n }\n }\n\n element = createElement(LayoutComponent, {\n ...slotProps,\n children: element,\n });\n }\n }\n }\n\n return { tree: element, isApiRoute: false };\n}\n\n// ─── Slot Element Builder ────────────────────────────────────────────────────\n\n/**\n * Build the element tree for a parallel slot.\n *\n * Slots have their own access.ts (SlotAccessGate) and error boundaries.\n * On access denial: denied.tsx → default.tsx → null (graceful degradation).\n */\nasync function buildSlotElement(\n slotNode: SegmentNode,\n loadModule: ModuleLoader,\n createElement: CreateElement,\n errorBoundaryComponent: unknown\n): Promise<ReactNode> {\n // Load slot page\n const pageModule = slotNode.page ? await loadModule(slotNode.page) : null;\n const PageComponent = pageModule?.default as LoadedComponent | undefined;\n\n // Load default.tsx fallback\n const defaultModule = slotNode.default ? await loadModule(slotNode.default) : null;\n const DefaultComponent = defaultModule?.default as LoadedComponent | undefined;\n\n // If no page, render default.tsx or null\n if (!PageComponent) {\n return DefaultComponent ? createElement(DefaultComponent, {}) : null;\n }\n\n let element: ReactNode = createElement(PageComponent, {});\n\n // Wrap in error boundaries\n element = await wrapWithErrorBoundaries(\n slotNode,\n element,\n loadModule,\n createElement,\n errorBoundaryComponent\n );\n\n // Wrap in SlotAccessGate if slot has access.ts\n if (slotNode.access) {\n const accessModule = await loadModule(slotNode.access);\n const accessFn = accessModule.default as SlotAccessGateProps['accessFn'];\n\n // Load denied.tsx — pass component (not pre-built element) so\n // SlotAccessGate can forward DenySignal.data dynamically. See TIM-488.\n const deniedModule = slotNode.denied ? await loadModule(slotNode.denied) : null;\n const DeniedComponent = (deniedModule?.default as LoadedComponent | undefined) ?? null;\n\n const defaultFallback = DefaultComponent ? createElement(DefaultComponent, {}) : null;\n\n element = createElement('timber:slot-access-gate', {\n accessFn,\n DeniedComponent,\n slotName: slotNode.segmentName.replace(/^@/, ''),\n createElement,\n defaultFallback,\n children: element,\n } satisfies SlotAccessGateProps);\n }\n\n return element;\n}\n\n// ─── Error Boundary Wrapping ─────────────────────────────────────────────────\n\n/** MDX/markdown extensions — these are server components that cannot be passed as function props. */\nconst MDX_EXTENSIONS = new Set(['mdx', 'md']);\n\n/**\n * Check if a route file is an MDX/markdown file based on its extension.\n * MDX components are server components by default and cannot cross the\n * RSC→client boundary as function props. They must be pre-rendered as\n * elements and passed as fallbackElement instead of fallbackComponent.\n */\nfunction isMdxFile(file: RouteFile): boolean {\n return MDX_EXTENSIONS.has(file.extension);\n}\n\n/**\n * Wrap an element with error boundaries from a segment's status-code files.\n *\n * Wrapping order (innermost to outermost):\n * 1. Specific status files (503.tsx, 429.tsx, etc.)\n * 2. Category catch-alls (4xx.tsx, 5xx.tsx)\n * 3. error.tsx (general error boundary)\n *\n * This creates the fallback chain described in design/10-error-handling.md.\n *\n * MDX status files are server components and cannot be passed as function\n * props to TimberErrorBoundary (a 'use client' component). Instead, they\n * are pre-rendered as elements and passed as fallbackElement. The error\n * boundary renders the element directly when an error is caught.\n * See TIM-503.\n */\nasync function wrapWithErrorBoundaries(\n segment: SegmentNode,\n element: ReactNode,\n loadModule: ModuleLoader,\n createElement: CreateElement,\n errorBoundaryComponent: unknown\n): Promise<ReactNode> {\n // Wrapping is applied inside-out. The last wrap call produces the outermost boundary.\n // Order: specific status → category → error.tsx (outermost)\n\n if (segment.statusFiles) {\n // Wrap with specific status files (innermost — highest priority at runtime)\n for (const [key, file] of Object.entries(segment.statusFiles)) {\n if (key !== '4xx' && key !== '5xx') {\n const status = parseInt(key, 10);\n if (!isNaN(status)) {\n const mod = await loadModule(file);\n // mod.default is `unknown` — narrow to a component reference.\n // `isValidElementType` accepts memo/forwardRef objects in addition to\n // bare functions; non-component values fall through.\n const Component = isValidElementType(mod.default) ? mod.default : null;\n if (Component) {\n const boundaryProps: ErrorBoundaryProps = isMdxFile(file)\n ? {\n fallbackElement: createElement(Component, { status }),\n status,\n children: element,\n }\n : {\n fallbackComponent: Component,\n status,\n children: element,\n };\n element = createElement(errorBoundaryComponent, boundaryProps);\n }\n }\n }\n }\n\n // Wrap with category catch-alls (4xx.tsx, 5xx.tsx)\n for (const [key, file] of Object.entries(segment.statusFiles)) {\n if (key === '4xx' || key === '5xx') {\n const mod = await loadModule(file);\n const Component = isValidElementType(mod.default) ? mod.default : null;\n if (Component) {\n const categoryStatus = key === '4xx' ? 400 : 500;\n const boundaryProps: ErrorBoundaryProps = isMdxFile(file)\n ? {\n fallbackElement: createElement(Component, {}),\n status: categoryStatus,\n children: element,\n }\n : {\n fallbackComponent: Component,\n status: categoryStatus,\n children: element,\n };\n element = createElement(errorBoundaryComponent, boundaryProps);\n }\n }\n }\n }\n\n // Wrap with error.tsx (outermost — catches anything not matched by status files)\n // Note: error.tsx/error.mdx receives { error, digest, reset } props.\n // MDX error files are pre-rendered without those props (they're static content).\n if (segment.error) {\n const errorModule = await loadModule(segment.error);\n const ErrorComponent = isValidElementType(errorModule.default) ? errorModule.default : null;\n if (ErrorComponent) {\n const boundaryProps: ErrorBoundaryProps = isMdxFile(segment.error)\n ? {\n fallbackElement: createElement(ErrorComponent, {}),\n children: element,\n }\n : {\n fallbackComponent: ErrorComponent,\n children: element,\n };\n element = createElement(errorBoundaryComponent, boundaryProps);\n }\n }\n\n return element;\n}\n","/**\n * Status-code file resolver for timber.js error/denial rendering.\n *\n * Given an HTTP status code and a matched segment chain, resolves the\n * correct file to render by walking the fallback chain described in\n * design/10-error-handling.md §\"Status-Code Files\".\n *\n * **Generic over `TFile`** (TIM-848). Walks `SegmentNode<TFile>` trees\n * regardless of whether `TFile` is the build-time `RouteFile` or the\n * runtime `ManifestFile`. Before TIM-848 there were two near-identical\n * resolvers — one for the Map-based scanner output and one for the\n * object-based runtime manifest. Now there is one.\n *\n * Supports two format families:\n * - 'component' (default): .tsx/.jsx/.mdx status files → React rendering pipeline\n * - 'json': .json status files → raw JSON response, no React\n *\n * Fallback chains operate within the same format family (no cross-format fallback).\n *\n * **Component chain (4xx):**\n * Pass 1 — status files (leaf → root): {status}.tsx → 4xx.tsx\n * Pass 2 — legacy compat (leaf → root): not-found.tsx / forbidden.tsx / unauthorized.tsx\n * Pass 3 — error.tsx (leaf → root)\n * Pass 4 — framework default (returns null)\n *\n * **JSON chain (4xx and 5xx):**\n * Pass 1 — json status files (leaf → root): {status}.json → {category}.json\n * Pass 2 — framework default JSON (returns null, caller provides bare JSON)\n *\n * **5xx component:**\n * Per-segment (leaf → root): {status}.tsx → 5xx.tsx → error.tsx\n * Then framework default (returns null)\n */\n\nimport type { SegmentNode } from '../routing/types.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\n/** How the status-code file was matched. */\nexport type StatusFileKind =\n | 'exact' // e.g. 403.tsx matched status 403\n | 'category' // e.g. 4xx.tsx matched status 403\n | 'legacy' // e.g. not-found.tsx matched status 404\n | 'error'; // error.tsx as last resort\n\n/** Response format family for status-code resolution. */\nexport type StatusFileFormat = 'component' | 'json';\n\n/** Result of resolving a status-code file for a segment chain. */\nexport interface StatusFileResolution<TFile> {\n /** The matched route file. */\n file: TFile;\n /** The HTTP status code (always the original status, not the file's code). */\n status: number;\n /** How the file was matched. */\n kind: StatusFileKind;\n /** Index into the segments array where the file was found. */\n segmentIndex: number;\n}\n\n/** How a slot denial file was matched. */\nexport type SlotDeniedKind = 'denied' | 'default';\n\n/** Result of resolving a slot denied file. */\nexport interface SlotDeniedResolution<TFile> {\n /** The matched route file (denied.tsx or default.tsx). */\n file: TFile;\n /** Slot name without @ prefix. */\n slotName: string;\n /** How the file was matched. */\n kind: SlotDeniedKind;\n}\n\n// ─── Legacy Compat Mapping ───────────────────────────────────────────────────\n\n/**\n * Maps legacy file convention names to their corresponding HTTP status codes.\n * Only used in the 4xx component fallback chain.\n */\nconst LEGACY_FILE_TO_STATUS: Record<string, number> = {\n 'not-found': 404,\n 'forbidden': 403,\n 'unauthorized': 401,\n};\n\n/** Reverse index: status code → legacy file name. Built once at module load. */\nconst STATUS_TO_LEGACY_FILE: Record<number, string> = Object.fromEntries(\n Object.entries(LEGACY_FILE_TO_STATUS).map(([name, status]) => [status, name])\n);\n\n// ─── Lookup Helpers ──────────────────────────────────────────────────────\n\n/**\n * Look up `{statusStr}` then `{categoryKey}` (e.g. \"4xx\" / \"5xx\") in a\n * status-file group on a single segment. Shared by all three fallback\n * chains — the only structural difference between component 4xx,\n * component 5xx, and JSON resolution is *which* group is searched and\n * how the per-segment loop is layered around it.\n */\nfunction lookupInGroup<TFile>(\n group: Record<string, TFile> | undefined,\n statusStr: string,\n categoryKey: string,\n segmentIndex: number,\n status: number\n): StatusFileResolution<TFile> | null {\n if (!group) return null;\n const exact = group[statusStr];\n if (exact) return { file: exact, status, kind: 'exact', segmentIndex };\n const category = group[categoryKey];\n if (category) return { file: category, status, kind: 'category', segmentIndex };\n return null;\n}\n\n/**\n * Look up the legacy convention file (`not-found.tsx` / `forbidden.tsx` /\n * `unauthorized.tsx`) for `status` on a single segment. Returns null if\n * `status` has no legacy mapping or the file isn't present.\n */\nfunction lookupLegacy<TFile>(\n group: Record<string, TFile> | undefined,\n status: number,\n segmentIndex: number\n): StatusFileResolution<TFile> | null {\n if (!group) return null;\n const name = STATUS_TO_LEGACY_FILE[status];\n if (!name) return null;\n const file = group[name];\n return file ? { file, status, kind: 'legacy', segmentIndex } : null;\n}\n\n// ─── Resolver ────────────────────────────────────────────────────────────────\n\n/**\n * Resolve the status-code file to render for a given HTTP status code.\n *\n * Walks the segment chain from leaf to root following the fallback chain\n * defined in design/10-error-handling.md. Returns null if no file is found\n * (caller should render the framework default).\n *\n * @param status - The HTTP status code (4xx or 5xx).\n * @param segments - The matched segment chain from root (index 0) to leaf (last).\n * @param format - The response format family ('component' or 'json'). Defaults to 'component'.\n */\nexport function resolveStatusFile<TFile>(\n status: number,\n segments: ReadonlyArray<SegmentNode<TFile>>,\n format: StatusFileFormat = 'component'\n): StatusFileResolution<TFile> | null {\n if (status < 400 || status > 599) return null;\n if (format === 'json') return resolveJson(status, segments);\n if (status <= 499) return resolve4xx(status, segments);\n return resolve5xx(status, segments);\n}\n\n/**\n * 4xx component fallback chain — three separate full passes leaf→root.\n *\n * The passes must be separate (not interleaved per-segment) so that a\n * root-level `404.tsx` beats a leaf-level `error.tsx`. The 5xx chain\n * inverts this and is per-segment: a leaf's `error.tsx` beats a root's\n * `5xx.tsx`. This asymmetry is the only reason these two functions exist\n * separately.\n *\n * Pass 1 — {status}.tsx → 4xx.tsx (statusFiles)\n * Pass 2 — not-found / forbidden / unauthorized (legacyStatusFiles)\n * Pass 3 — error.tsx (error)\n */\nfunction resolve4xx<TFile>(\n status: number,\n segments: ReadonlyArray<SegmentNode<TFile>>\n): StatusFileResolution<TFile> | null {\n const statusStr = String(status);\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const r = lookupInGroup(segments[i].statusFiles, statusStr, '4xx', i, status);\n if (r) return r;\n }\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const r = lookupLegacy(segments[i].legacyStatusFiles, status, i);\n if (r) return r;\n }\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const errorFile = segments[i].error;\n if (errorFile) {\n return { file: errorFile, status, kind: 'error', segmentIndex: i };\n }\n }\n\n return null;\n}\n\n/**\n * 5xx component fallback chain — single pass, per-segment leaf→root.\n *\n * At each segment: {status}.tsx → 5xx.tsx → error.tsx. A leaf's\n * `error.tsx` therefore beats a root's `5xx.tsx`, which is the\n * intentional inverse of the 4xx chain.\n */\nfunction resolve5xx<TFile>(\n status: number,\n segments: ReadonlyArray<SegmentNode<TFile>>\n): StatusFileResolution<TFile> | null {\n const statusStr = String(status);\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const segment = segments[i];\n const r = lookupInGroup(segment.statusFiles, statusStr, '5xx', i, status);\n if (r) return r;\n if (segment.error) {\n return { file: segment.error, status, kind: 'error', segmentIndex: i };\n }\n }\n\n return null;\n}\n\n/**\n * JSON fallback chain (for both 4xx and 5xx) — single pass leaf→root.\n *\n * At each segment: {status}.json → {category}.json. No legacy compat,\n * no error.tsx — the JSON chain terminates at the category catch-all\n * and the caller falls back to a bare-JSON framework default.\n */\nfunction resolveJson<TFile>(\n status: number,\n segments: ReadonlyArray<SegmentNode<TFile>>\n): StatusFileResolution<TFile> | null {\n const statusStr = String(status);\n const categoryKey = status >= 500 ? '5xx' : '4xx';\n\n for (let i = segments.length - 1; i >= 0; i--) {\n const r = lookupInGroup(segments[i].jsonStatusFiles, statusStr, categoryKey, i, status);\n if (r) return r;\n }\n\n return null;\n}\n\n// ─── Slot Denied Resolver ────────────────────────────────────────────────────\n\n/**\n * Resolve the denial file for a parallel route slot.\n *\n * Slot denial is graceful degradation — no HTTP status on the wire.\n * Fallback chain: denied.tsx → default.tsx → null.\n *\n * @param slotNode - The segment node for the slot (segmentType === 'slot').\n */\nexport function resolveSlotDenied<TFile>(\n slotNode: SegmentNode<TFile>\n): SlotDeniedResolution<TFile> | null {\n const slotName = slotNode.segmentName.replace(/^@/, '');\n\n if (slotNode.denied) {\n return { file: slotNode.denied, slotName, kind: 'denied' };\n }\n\n if (slotNode.default) {\n return { file: slotNode.default, slotName, kind: 'default' };\n }\n\n return null;\n}\n","/**\n * Flush controller for timber.js rendering.\n *\n * Holds the response until `onShellReady` fires, then commits the HTTP status\n * code and flushes the shell. Render-phase signals (deny, redirect, unhandled\n * throws) caught before flush produce correct HTTP status codes.\n *\n * See design/02-rendering-pipeline.md §\"The Flush Point\" and §\"The Hold Window\"\n */\n\nimport { DenySignal, RedirectSignal, RenderError } from './primitives.js';\nimport { logRenderError } from './logger.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\n/** The readable stream from React's renderToReadableStream. */\nexport interface ReactRenderStream {\n /** The underlying ReadableStream of HTML bytes. */\n readable: ReadableStream<Uint8Array>;\n /** Resolves when the shell has finished rendering (all non-Suspense content). */\n allReady?: Promise<void>;\n}\n\n/** Options for the flush controller. */\nexport interface FlushOptions {\n /** Response headers to include (from middleware.ts, proxy.ts, etc.). */\n responseHeaders?: Headers;\n /** Default status code when rendering succeeds. Default: 200. */\n defaultStatus?: number;\n}\n\n/** Result of the flush process. */\nexport interface FlushResult {\n /** The final HTTP Response. */\n response: Response;\n /** The status code committed. */\n status: number;\n /** Whether the response was a redirect. */\n isRedirect: boolean;\n /** Whether the response was a denial. */\n isDenial: boolean;\n}\n\n// ─── Render Function Type ────────────────────────────────────────────────────\n\n/**\n * A function that performs the React render.\n *\n * The flush controller calls this, catches any signals thrown during the\n * synchronous shell render (before onShellReady), and produces the\n * correct HTTP response.\n *\n * Must return an object with:\n * - `stream`: The ReadableStream from renderToReadableStream\n * - `shellReady`: A Promise that resolves when onShellReady fires\n */\nexport interface RenderResult {\n /** The HTML byte stream. */\n stream: ReadableStream<Uint8Array>;\n /** Resolves when the shell is ready (all non-Suspense content rendered). */\n shellReady: Promise<void>;\n}\n\nexport type RenderFn = () => RenderResult | Promise<RenderResult>;\n\n// ─── Flush Controller ────────────────────────────────────────────────────────\n\n/**\n * Execute a render and hold the response until the shell is ready.\n *\n * The flush controller:\n * 1. Calls the render function to start renderToReadableStream\n * 2. Waits for shellReady (onShellReady)\n * 3. If a render-phase signal was thrown (deny, redirect, error), produces\n * the correct HTTP status code\n * 4. If the shell rendered successfully, commits the status and streams\n *\n * Render-phase signals caught before flush:\n * - `DenySignal` → HTTP 4xx with appropriate status code\n * - `RedirectSignal` → HTTP 3xx with Location header\n * - `RenderError` → HTTP status from error (default 500)\n * - Unhandled error → HTTP 500\n *\n * @param renderFn - Function that starts the React render.\n * @param options - Flush configuration.\n * @returns The committed HTTP Response.\n */\nexport async function flushResponse(\n renderFn: RenderFn,\n options: FlushOptions = {}\n): Promise<FlushResult> {\n const { responseHeaders = new Headers(), defaultStatus = 200 } = options;\n\n let renderResult: RenderResult;\n\n // Phase 1: Start the render. The render function may throw synchronously\n // if there's an immediate error before React even starts.\n try {\n renderResult = await renderFn();\n } catch (error) {\n return handleSignal(error, responseHeaders);\n }\n\n // Phase 2: Wait for onShellReady. Render-phase signals (deny, redirect,\n // throws outside Suspense) are caught here.\n try {\n await renderResult.shellReady;\n } catch (error) {\n return handleSignal(error, responseHeaders);\n }\n\n // Phase 3: Shell rendered successfully. Commit status and stream.\n responseHeaders.set('Content-Type', 'text/html; charset=utf-8');\n\n return {\n response: new Response(renderResult.stream, {\n status: defaultStatus,\n headers: responseHeaders,\n }),\n status: defaultStatus,\n isRedirect: false,\n isDenial: false,\n };\n}\n\n// ─── Signal Handling ─────────────────────────────────────────────────────────\n\n/**\n * Handle a render-phase signal and produce the correct HTTP response.\n */\nfunction handleSignal(error: unknown, responseHeaders: Headers): FlushResult {\n // Redirect signal → HTTP 3xx\n if (error instanceof RedirectSignal) {\n responseHeaders.set('Location', error.location);\n return {\n response: new Response(null, {\n status: error.status,\n headers: responseHeaders,\n }),\n status: error.status,\n isRedirect: true,\n isDenial: false,\n };\n }\n\n // Deny signal → HTTP 4xx\n if (error instanceof DenySignal) {\n return {\n response: new Response(null, {\n status: error.status,\n headers: responseHeaders,\n }),\n status: error.status,\n isRedirect: false,\n isDenial: true,\n };\n }\n\n // RenderError → HTTP status from error\n if (error instanceof RenderError) {\n return {\n response: new Response(null, {\n status: error.status,\n headers: responseHeaders,\n }),\n status: error.status,\n isRedirect: false,\n isDenial: false,\n };\n }\n\n // Unknown error → HTTP 500\n logRenderError({ method: '', path: '', error });\n return {\n response: new Response(null, {\n status: 500,\n headers: responseHeaders,\n }),\n status: 500,\n isRedirect: false,\n isDenial: false,\n };\n}\n","/**\n * CSRF protection — Origin header validation.\n *\n * Auto-derived from the Host header for single-origin deployments.\n * Configurable via allowedOrigins for multi-origin setups.\n * Disable with csrf: false (not recommended outside local dev).\n *\n * See design/08-forms-and-actions.md §\"CSRF Protection\"\n * See design/13-security.md §\"Security Testing Checklist\" #6\n */\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\nexport interface CsrfConfig {\n /** Explicit list of allowed origins. Replaces Host-based auto-derivation. */\n allowedOrigins?: string[];\n /** Set to false to disable CSRF validation entirely. */\n csrf?: boolean;\n}\n\nexport type CsrfResult = { ok: true } | { ok: false; status: 403 };\n\n// ─── Constants ────────────────────────────────────────────────────────────\n\n/** HTTP methods that are considered safe (no mutation). */\nconst SAFE_METHODS = new Set(['GET', 'HEAD', 'OPTIONS']);\n\n// ─── Implementation ───────────────────────────────────────────────────────\n\n/**\n * Validate the Origin header against the request's Host.\n *\n * For mutation methods (POST, PUT, PATCH, DELETE):\n * - If `csrf: false`, skip validation.\n * - If `allowedOrigins` is set, Origin must match one exactly (no wildcards).\n * - Otherwise, Origin's host must match the request's Host header.\n *\n * Safe methods (GET, HEAD, OPTIONS) always pass.\n */\nexport function validateCsrf(req: Request, config: CsrfConfig): CsrfResult {\n // Safe methods don't need CSRF protection\n if (SAFE_METHODS.has(req.method)) {\n return { ok: true };\n }\n\n // Explicitly disabled\n if (config.csrf === false) {\n return { ok: true };\n }\n\n const origin = req.headers.get('Origin');\n\n // No Origin header on a mutation → reject\n if (!origin) {\n return { ok: false, status: 403 };\n }\n\n // If allowedOrigins is configured, use that instead of Host-based derivation\n if (config.allowedOrigins) {\n const allowed = config.allowedOrigins.includes(origin);\n return allowed ? { ok: true } : { ok: false, status: 403 };\n }\n\n // Auto-derive from Host header\n const host = req.headers.get('Host');\n if (!host) {\n return { ok: false, status: 403 };\n }\n\n // Extract hostname from Origin URL and compare to Host header\n let originHost: string;\n try {\n originHost = new URL(origin).host;\n } catch {\n return { ok: false, status: 403 };\n }\n\n return originHost === host ? { ok: true } : { ok: false, status: 403 };\n}\n","/**\n * Request body size limits — returns 413 when exceeded.\n * See design/08-forms-and-actions.md §\"FormData Limits\"\n */\n\nexport interface BodyLimitsConfig {\n limits?: {\n actionBodySize?: string;\n uploadBodySize?: string;\n maxFields?: number;\n };\n}\n\nexport type BodyLimitResult = { ok: true } | { ok: false; status: 411 | 413 };\n\nexport type BodyKind = 'action' | 'upload';\n\nconst KB = 1024;\nconst MB = 1024 * KB;\nconst GB = 1024 * MB;\n\nexport const DEFAULT_LIMITS = {\n actionBodySize: 1 * MB,\n uploadBodySize: 10 * MB,\n maxFields: 100,\n} as const;\n\nconst SIZE_PATTERN = /^(\\d+(?:\\.\\d+)?)\\s*(kb|mb|gb)?$/i;\n\n/** Parse a human-readable size string (\"1mb\", \"512kb\", \"1024\") into bytes. */\nexport function parseBodySize(size: string): number {\n const match = SIZE_PATTERN.exec(size.trim());\n if (!match) {\n throw new Error(\n `Invalid body size format: \"${size}\". Expected format like \"1mb\", \"512kb\", or \"1024\".`\n );\n }\n\n const value = Number.parseFloat(match[1]);\n const unit = (match[2] ?? '').toLowerCase();\n\n switch (unit) {\n case 'kb':\n return Math.floor(value * KB);\n case 'mb':\n return Math.floor(value * MB);\n case 'gb':\n return Math.floor(value * GB);\n case '':\n return Math.floor(value);\n default:\n throw new Error(`Unknown size unit: \"${unit}\"`);\n }\n}\n\n/** Check whether a request body exceeds the configured size limit (stateless, no ALS). */\nexport function enforceBodyLimits(\n req: Request,\n kind: BodyKind,\n config: BodyLimitsConfig\n): BodyLimitResult {\n const contentLength = req.headers.get('Content-Length');\n if (!contentLength) {\n // Reject requests without Content-Length — prevents body limit bypass via\n // chunked transfer-encoding. Browsers always send Content-Length for form POSTs.\n return { ok: false, status: 411 };\n }\n\n const bodySize = Number.parseInt(contentLength, 10);\n if (Number.isNaN(bodySize)) {\n return { ok: false, status: 411 };\n }\n\n const limit = resolveLimit(kind, config);\n return bodySize <= limit ? { ok: true } : { ok: false, status: 413 };\n}\n\n/** Check whether a FormData payload exceeds the configured field count limit. */\nexport function enforceFieldLimit(formData: FormData, config: BodyLimitsConfig): BodyLimitResult {\n const maxFields = config.limits?.maxFields ?? DEFAULT_LIMITS.maxFields;\n // Count unique keys — FormData.keys() yields duplicates for multi-value fields,\n // so we use a Set to count distinct field names.\n const fieldCount = new Set(formData.keys()).size;\n return fieldCount <= maxFields ? { ok: true } : { ok: false, status: 413 };\n}\n\n/**\n * Resolve the byte limit for a given body kind, using config overrides or defaults.\n */\nfunction resolveLimit(kind: BodyKind, config: BodyLimitsConfig): number {\n const userLimits = config.limits;\n\n if (kind === 'action') {\n return userLimits?.actionBodySize\n ? parseBodySize(userLimits.actionBodySize)\n : DEFAULT_LIMITS.actionBodySize;\n }\n\n return userLimits?.uploadBodySize\n ? parseBodySize(userLimits.uploadBodySize)\n : DEFAULT_LIMITS.uploadBodySize;\n}\n","/**\n * Route handler for route.ts API endpoints.\n *\n * route.ts files export named HTTP method handlers (GET, POST, etc.).\n * They share the same pipeline (proxy → match → middleware → access → handler)\n * but don't render React trees.\n *\n * See design/07-routing.md §\"route.ts — API Endpoints\"\n */\n\nimport type { RouteContext } from './types.js';\nimport { logRouteError } from './logger.js';\n\n// ─── Types ───────────────────────────────────────────────────────────────\n\n/** HTTP methods that route.ts can export as named handlers. */\nexport type HttpMethod = 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE' | 'HEAD' | 'OPTIONS';\n\n/** A single route handler function — one-arg signature. */\nexport type RouteHandler = (ctx: RouteContext) => Response | Promise<Response>;\n\n/** A route.ts module — named exports for each supported HTTP method. */\nexport type RouteModule = {\n [K in HttpMethod]?: RouteHandler;\n};\n\n/** All recognized HTTP method export names. */\nconst HTTP_METHODS: HttpMethod[] = ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'];\n\n// ─── Allowed Methods ─────────────────────────────────────────────────────\n\n/**\n * Resolve the full list of allowed methods for a route module.\n *\n * Includes:\n * - All explicitly exported methods\n * - HEAD (implicit when GET is exported)\n * - OPTIONS (always implicit)\n */\nexport function resolveAllowedMethods(mod: RouteModule): HttpMethod[] {\n const methods: HttpMethod[] = [];\n\n for (const method of HTTP_METHODS) {\n if (method === 'HEAD' || method === 'OPTIONS') continue;\n if (mod[method]) {\n methods.push(method);\n }\n }\n\n // HEAD is implicit when GET is exported\n if (mod.GET && !mod.HEAD) {\n methods.push('HEAD');\n } else if (mod.HEAD) {\n methods.push('HEAD');\n }\n\n // OPTIONS is always implicit\n if (!mod.OPTIONS) {\n methods.push('OPTIONS');\n } else {\n methods.push('OPTIONS');\n }\n\n return methods;\n}\n\n// ─── Route Request Handler ───────────────────────────────────────────────\n\n/**\n * Handle an incoming request against a route.ts module.\n *\n * Dispatches to the named method handler, auto-generates 405/OPTIONS,\n * and merges response headers from ctx.headers.\n */\nexport async function handleRouteRequest(mod: RouteModule, ctx: RouteContext): Promise<Response> {\n const method = ctx.req.method.toUpperCase() as HttpMethod;\n const allowed = resolveAllowedMethods(mod);\n const allowHeader = allowed.join(', ');\n\n // Auto OPTIONS — 204 with Allow header\n if (method === 'OPTIONS') {\n if (mod.OPTIONS) {\n return runHandler(mod.OPTIONS, ctx);\n }\n return new Response(null, {\n status: 204,\n headers: { Allow: allowHeader },\n });\n }\n\n // HEAD fallback — run GET, strip body\n if (method === 'HEAD') {\n if (mod.HEAD) {\n return runHandler(mod.HEAD, ctx);\n }\n if (mod.GET) {\n const res = await runHandler(mod.GET, ctx);\n // Return headers + status but no body\n return new Response(null, {\n status: res.status,\n headers: res.headers,\n });\n }\n }\n\n // Dispatch to the named handler\n const handler = mod[method];\n if (!handler) {\n return new Response(null, {\n status: 405,\n headers: { Allow: allowHeader },\n });\n }\n\n return runHandler(handler, ctx);\n}\n\n/**\n * Run a handler, merge ctx.headers into the response, and catch errors.\n */\nasync function runHandler(handler: RouteHandler, ctx: RouteContext): Promise<Response> {\n try {\n const res = await handler(ctx);\n return mergeResponseHeaders(res, ctx.headers);\n } catch (error) {\n logRouteError({ method: ctx.req.method, path: new URL(ctx.req.url).pathname, error });\n return new Response(null, { status: 500 });\n }\n}\n\n/**\n * Merge response headers from ctx.headers into the handler's response.\n * ctx.headers (set by middleware or the handler) are applied to the final response.\n * Handler-set headers take precedence over ctx.headers.\n */\nfunction mergeResponseHeaders(res: Response, ctxHeaders: Headers): Response {\n // If no ctx headers to merge, return as-is\n let hasCtxHeaders = false;\n ctxHeaders.forEach(() => {\n hasCtxHeaders = true;\n });\n if (!hasCtxHeaders) return res;\n\n // Merge: ctx.headers first, then handler response headers override.\n // Set-Cookie needs special handling: Headers.set() replaces all values\n // for a key, but each Set-Cookie must be its own header per RFC 6265 §4.1.\n // Use append for Set-Cookie, set for everything else.\n const merged = new Headers();\n ctxHeaders.forEach((value, key) => {\n if (key.toLowerCase() === 'set-cookie') {\n merged.append(key, value);\n } else {\n merged.set(key, value);\n }\n });\n // Response Set-Cookie headers: use getSetCookie() to preserve individual\n // cookies (forEach joins them with \", \" into one entry).\n const resCookies = res.headers.getSetCookie();\n for (const cookie of resCookies) {\n merged.append('Set-Cookie', cookie);\n }\n res.headers.forEach((value, key) => {\n if (key.toLowerCase() !== 'set-cookie') {\n merged.set(key, value);\n }\n });\n\n return new Response(res.body, {\n status: res.status,\n statusText: res.statusText,\n headers: merged,\n });\n}\n","/**\n * Render timeout utilities for SSR streaming pipeline.\n *\n * Provides a RenderTimeoutError class and a helper to create\n * timeout-guarded AbortSignals. Used to defend against hung RSC\n * streams and infinite SSR renders.\n *\n * Design doc: 02-rendering-pipeline.md §\"Streaming Constraints\"\n */\n\n/**\n * Error thrown when an SSR render or RSC stream read exceeds the\n * configured timeout. Callers can check `instanceof RenderTimeoutError`\n * to distinguish timeout from other errors and return a 504 or close\n * the connection cleanly.\n */\nexport class RenderTimeoutError extends Error {\n readonly timeoutMs: number;\n\n constructor(timeoutMs: number, context?: string) {\n const message = context\n ? `Render timeout after ${timeoutMs}ms: ${context}`\n : `Render timeout after ${timeoutMs}ms`;\n super(message);\n this.name = 'RenderTimeoutError';\n this.timeoutMs = timeoutMs;\n }\n}\n\n/**\n * Result of createRenderTimeout — an AbortSignal that fires after\n * the given duration, plus a cancel function to clear the timer\n * when the render completes normally.\n */\nexport interface RenderTimeout {\n /** AbortSignal that aborts after timeoutMs. */\n signal: AbortSignal;\n /** Cancel the timeout timer. Call this when the render completes. */\n cancel: () => void;\n}\n\n/**\n * Create a render timeout that aborts after the given duration.\n *\n * Returns an AbortSignal and a cancel function. The signal fires\n * with a RenderTimeoutError as the abort reason after `timeoutMs`.\n * Call `cancel()` when the render completes to prevent the timeout\n * from firing.\n *\n * If an existing `parentSignal` is provided, the returned signal\n * aborts when either the parent signal or the timeout fires —\n * whichever comes first.\n */\nexport function createRenderTimeout(timeoutMs: number, parentSignal?: AbortSignal): RenderTimeout {\n const controller = new AbortController();\n const reason = new RenderTimeoutError(timeoutMs, 'RSC stream read timed out');\n\n const timer = setTimeout(() => {\n controller.abort(reason);\n }, timeoutMs);\n\n // If there's a parent signal (e.g. request abort), chain it\n if (parentSignal) {\n if (parentSignal.aborted) {\n clearTimeout(timer);\n controller.abort(parentSignal.reason);\n } else {\n parentSignal.addEventListener(\n 'abort',\n () => {\n clearTimeout(timer);\n controller.abort(parentSignal.reason);\n },\n { once: true }\n );\n }\n }\n\n return {\n signal: controller.signal,\n cancel: () => {\n clearTimeout(timer);\n },\n };\n}\n\n/**\n * Race a promise against a timeout. Rejects with RenderTimeoutError\n * if the promise does not resolve within `timeoutMs`.\n *\n * Used to guard individual `rscReader.read()` calls inside pullLoop.\n */\nexport function withTimeout<T>(\n promise: Promise<T>,\n timeoutMs: number,\n context?: string\n): Promise<T> {\n let timer: ReturnType<typeof setTimeout>;\n const timeoutPromise = new Promise<never>((_resolve, reject) => {\n timer = setTimeout(() => {\n reject(new RenderTimeoutError(timeoutMs, context));\n }, timeoutMs);\n });\n\n return Promise.race([promise, timeoutPromise]).finally(() => {\n clearTimeout(timer!);\n });\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAgCA,SAAgB,uBAA0B,IAAgB;AACxD,QAAO,UAAU,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG;;;;;;AAiB3C,eAAsB,WACpB,MACA,MACA,IACY;CACZ,MAAM,QAAQ,UAAU,UAAU;AAClC,KAAI,CAAC,MAAO,QAAO,IAAI;CAEvB,MAAM,QAAQ,YAAY,KAAK;AAC/B,KAAI;AACF,SAAO,MAAM,IAAI;WACT;EACR,MAAM,MAAM,KAAK,MAAM,YAAY,KAAK,GAAG,MAAM;AACjD,QAAM,QAAQ,KAAK;GAAE;GAAM;GAAK;GAAM,CAAC;;;;;;;;;;AAW3C,SAAgB,wBAAuC;CACrD,MAAM,QAAQ,UAAU,UAAU;AAClC,KAAI,CAAC,SAAS,MAAM,QAAQ,WAAW,EAAG,QAAO;CAGjD,MAAM,6BAAa,IAAI,KAAqB;CAQ5C,MAAM,QAPU,MAAM,QAAQ,KAAK,UAAU;EAC3C,MAAM,QAAQ,WAAW,IAAI,MAAM,KAAK,IAAI;AAC5C,aAAW,IAAI,MAAM,MAAM,QAAQ,EAAE;EACrC,MAAM,aAAa,QAAQ,IAAI,GAAG,MAAM,KAAK,GAAG,UAAU,MAAM;AAChE,SAAO;GAAE,GAAG;GAAO,MAAM;GAAY;GACrC,CAEoB,KAAK,UAAU;EACnC,IAAI,OAAO,GAAG,MAAM,KAAK,OAAO,MAAM;AACtC,MAAI,MAAM,MAAM;GAEd,MAAM,WAAW,MAAM,KAAK,QAAQ,OAAO,OAAO,CAAC,QAAQ,MAAM,OAAM;AACvE,WAAQ,UAAU,SAAS;;AAE7B,SAAO;GACP;CAIF,MAAM,kBAAkB;CACxB,IAAI,SAAS;AACb,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;EACrC,MAAM,YAAY,SAAS,GAAG,OAAO,IAAI,MAAM,OAAO,MAAM;AAC5D,MAAI,UAAU,SAAS,gBAAiB;AACxC,WAAS;;AAGX,QAAO,UAAU;;;;;;;;;;;;;;ACpDnB,IAAI,eAAe;AACnB,IAAI,kBAAwD;;;;;;;;;;;AAY5D,eAAsB,oBACpB,QACe;AACf,KAAI,aAAc;AAClB,gBAAe;CAEf,IAAI;AACJ,KAAI;AACF,QAAM,MAAM,QAAQ;UACb,OAAO;AACd,UAAQ,MAAM,+CAA+C,MAAM;AACnE;;AAGF,KAAI,CAAC,IAAK;AAGV,KAAI,IAAI,UAAU,OAAO,IAAI,OAAO,SAAS,WAC3C,WAAU,IAAI,OAAO;AAIvB,KAAI,OAAO,IAAI,mBAAmB,WAChC,mBAAkB,IAAI;AAIxB,KAAI,OAAO,IAAI,aAAa,WAC1B,KAAI;AACF,QAAM,IAAI,UAAU;UACb,OAAO;AACd,UAAQ,MAAM,iDAAiD,MAAM;AACrE,QAAM;;;;;;;AASZ,eAAsB,mBACpB,OACA,SACA,SACe;AACf,KAAI,CAAC,gBAAiB;AACtB,KAAI;AACF,QAAM,gBAAgB,OAAO,SAAS,QAAQ;UACvC,WAAW;AAClB,UAAQ,MAAM,uCAAuC,UAAU;;;;;;AAOnE,SAAgB,oBAA6B;AAC3C,QAAO,oBAAoB;;;;;;;;;ACrG7B,IAAM,iBAAiB,IAAI,IAAI,CAAC,YAAY,CAAC;;;;;;;;;;;;;;;;;;AAmB7C,SAAgB,mBAAmB,OAAyB;AAC1D,KAAI,UAAU,QAAQ,OAAO,UAAU,SAAU,QAAO;AAExD,KAAI,MAAM,QAAQ,MAAM,CACtB,QAAO,MAAM,IAAI,mBAAmB;CAKtC,MAAM,QAAQ,OAAO,eAAe,MAAM;AAC1C,KAAI,UAAU,OAAO,aAAa,UAAU,KAAM,QAAO;CAEzD,MAAM,MAA+B,OAAO,OAAO,KAAK;AACxD,MAAK,MAAM,OAAO,OAAO,KAAK,MAAiC,CAC7D,KAAI,CAAC,eAAe,IAAI,IAAI,CAC1B,KAAI,OAAO,mBAAoB,MAAkC,KAAK;AAG1E,QAAO;;;;;;;;;;;;;;;AAyBT,SAAgB,kBACd,OACsB;AACtB,KAAI,UAAU,KAAA,EAAW,QAAO;AAEhC,KAAI,OAAO,UAAU,cAAc,MAAM,QAAQ,MAAM,EAAE;EACvD,MAAM,MAAM;AACZ,eAAa;;AAEf,KAAI,MAAM,SAAS,UAAU;EAC3B,MAAM,MAAM,MAAM;AAClB,eAAa;;CAEf,MAAM,SAAS,MAAM;AACrB,QAAO,aAAa,MAAM,QAAQ,EAAE;;;;;;AAStC,SAAgB,eAAe,SAAwB;AACrD,MAAK,MAAM,SAAS,qBAAqB,CACvC,SAAQ,OAAO,cAAc,MAAM;;;;;;AAQvC,SAAgB,oBAAoB,QAAiB,QAAuB;CAC1E,MAAM,eAAe,IAAI,IAAI,CAAC,GAAG,OAAO,MAAM,CAAC,CAAC,KAAK,QAAQ,IAAI,aAAa,CAAC,CAAC;AAChF,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,SAAS,CACzC,KAAI,CAAC,aAAa,IAAI,IAAI,aAAa,CAAC,CACtC,QAAO,OAAO,KAAK,MAAM;;;;;;;;;;;;;;;;;;;;AAyB/B,SAAgB,wBAAwB,UAA8B;AACpE,QAAO,IAAI,SAAS,SAAS,MAAM;EACjC,QAAQ,SAAS;EACjB,YAAY,SAAS;EACrB,SAAS,IAAI,QAAQ,SAAS,QAAQ;EACvC,CAAC;;;;;;;;;;AAaJ,SAAgB,sBACd,QACA,KACA,SACU;AAEV,MADe,IAAI,QAAQ,IAAI,SAAS,IAAI,IAAI,SAAS,mBAAmB,EACjE;AACT,UAAQ,IAAI,qBAAqB,OAAO,SAAS;AACjD,SAAO,IAAI,SAAS,MAAM;GAAE,QAAQ;GAAK;GAAS,CAAC;;AAErD,SAAQ,IAAI,YAAY,OAAO,SAAS;AACxC,QAAO,IAAI,SAAS,MAAM;EAAE,QAAQ,OAAO;EAAQ;EAAS,CAAC;;;;;;AAS/D,eAAsB,mBACpB,OACA,KACA,OACe;CACf,MAAM,MAAM,IAAI,IAAI,IAAI,IAAI;CAC5B,MAAM,aAAqC,EAAE;AAC7C,KAAI,QAAQ,SAAS,GAAG,MAAM;AAC5B,aAAW,KAAK;GAChB;AAEF,OAAM,mBACJ,OACA;EAAE,QAAQ,IAAI;EAAQ,MAAM,IAAI;EAAU,SAAS;EAAY,EAC/D;EAAE;EAAO,WAAW,IAAI;EAAU,WAAW;EAAQ,SAAS,YAAY;EAAE,CAC7E;;;;;;;;AC1LH,IAAM,uBAAuB;;AAG7B,IAAM,eAAe;;;;;;;;;;;;;AAcrB,SAAgB,aAAa,aAAqB,qBAAqB,MAA0B;AAG/F,KAAI,qBAAqB,KAAK,YAAY,CACxC,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;AAEnC,KAAI,aAAa,KAAK,YAAY,CAChC,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;CAKnC,IAAI;AACJ,KAAI;AACF,YAAU,mBAAmB,YAAY;SACnC;AAEN,SAAO;GAAE,IAAI;GAAO,QAAQ;GAAK;;AAKnC,KAAI,QAAQ,SAAS,KAAK,CACxB,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;CAQnC,IAAI,WAAW,QAAQ,QAAQ,UAAU,IAAI;CAG7C,MAAM,WAAW,SAAS,MAAM,IAAI;CACpC,MAAM,WAAqB,EAAE;AAC7B,MAAK,MAAM,OAAO,SAChB,KAAI,QAAQ,MAAM;AAChB,MAAI,SAAS,UAAU,EAErB,QAAO;GAAE,IAAI;GAAO,QAAQ;GAAK;AAEnC,WAAS,KAAK;YACL,QAAQ,IACjB,UAAS,KAAK,IAAI;AAItB,YAAW,SAAS,KAAK,IAAI,IAAI;AAGjC,KAAI,sBAAsB,SAAS,SAAS,KAAK,SAAS,SAAS,IAAI,CACrE,YAAW,SAAS,MAAM,GAAG,GAAG;AAGlC,QAAO;EAAE,IAAI;EAAM;EAAU;;;;;;;;;;;;AChE/B,eAAsB,SACpB,aACA,KACA,MACmB;CACnB,MAAM,MAAM,MAAM,QAAQ,YAAY,GAAG,cAAc,CAAC,YAAY;CAIpE,IAAI,IAAI,IAAI;CACZ,IAAI,WAAW;AACf,QAAO,KAAK;EACV,MAAM,KAAK,IAAI;EACf,MAAM,aAAa;AACnB,mBAAiB,QAAQ,QAAQ,GAAG,KAAK,WAAW,CAAC;;AAGvD,QAAO,UAAU;;;;;;;;;;;ACnBnB,eAAsB,cACpB,cACA,KAC+B;CAC/B,MAAM,SAAS,MAAM,aAAa,IAAI;AACtC,KAAI,kBAAkB,SACpB,QAAO;;;;;;;;;;;;;;;;AAmBX,eAAsB,mBACpB,OACA,KAC+B;AAC/B,MAAK,MAAM,MAAM,OAAO;EACtB,MAAM,SAAS,MAAM,GAAG,IAAI;AAC5B,MAAI,kBAAkB,SACpB,QAAO;;;;;;;;;;;;;;;;;;;;AAyBb,IAAM,2CAA2B,IAAI,SAAkB;;;;;;;;;AAqBvD,SAAgB,uBAAuB,KAAuB;AAC5D,QAAO,yBAAyB,IAAI,IAAI;;;;;;;;;;ACpF1C,SAAgB,gBACd,IACA,UACM;CACN,MAAM,cAAmD;EACvD,CAAC,YAAY,GAAG,MAAM;EACtB,CAAC,kBAAkB,GAAG,YAAY;EAClC,CAAC,UAAU,GAAG,IAAI;EAClB,CAAC,gBAAgB,GAAG,SAAS;EAC7B,CAAC,aAAa,GAAG,OAAO;EACxB,CAAC,WAAW,GAAG,KAAK;EACpB,CAAC,6BAA6B,GAAG,cAAc;EAC/C,CAAC,4BAA4B,GAAG,aAAa;EAC9C;AAED,MAAK,MAAM,CAAC,UAAU,YAAY,YAChC,KAAI,QACF,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE;GAAU;GAAS;EAAE,CAAC;AAKhE,KAAI,GAAG,OACL,KAAI,OAAO,GAAG,WAAW,SACvB,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,UAAU;GAAY,SAAS,GAAG;GAAQ;EAAE,CAAC;MAC9E;EACL,MAAM,UAAU,MAAM,QAAQ,GAAG,OAAO,GAAG,GAAG,SAAS,CAAC,GAAG,OAAO;AAClE,OAAK,MAAM,OAAO,SAAS;AACzB,YAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,UAAU;KAAY,SAAS,IAAI;KAAK;IAAE,CAAC;AACjF,OAAI,IAAI,MACN,UAAS,KAAK;IACZ,KAAK;IACL,OAAO;KAAE,UAAU;KAAkB,SAAS,OAAO,IAAI,MAAM;KAAE;IAClE,CAAC;AAEJ,OAAI,IAAI,OACN,UAAS,KAAK;IACZ,KAAK;IACL,OAAO;KAAE,UAAU;KAAmB,SAAS,OAAO,IAAI,OAAO;KAAE;IACpE,CAAC;AAEJ,OAAI,IAAI,IACN,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,UAAU;KAAgB,SAAS,IAAI;KAAK;IAAE,CAAC;;;AAO7F,KAAI,GAAG,OACL,MAAK,MAAM,SAAS,GAAG,OACrB,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,UAAU;GAAY,SAAS,MAAM;GAAK;EAAE,CAAC;AAKvF,KAAI,GAAG,MACL,MAAK,MAAM,SAAS,GAAG,MACrB,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,UAAU;GAAY,SAAS,MAAM;GAAK;EAAE,CAAC;AAKvF,KAAI,GAAG,QACL,MAAK,MAAM,UAAU,GAAG,QACtB,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,UAAU;GAAqB,SAAS;GAAQ;EAC1D,CAAC;;;;;;;;AAWR,SAAgB,cAAc,IAAsC,UAA+B;CACjG,MAAM,cAAmD;EACvD,CAAC,gBAAgB,GAAG,KAAK;EACzB,CAAC,gBAAgB,GAAG,KAAK;EACzB,CAAC,mBAAmB,GAAG,OAAO;EAC9B,CAAC,iBAAiB,GAAG,MAAM;EAC3B,CAAC,uBAAuB,GAAG,YAAY;EACvC,CAAC,mBAAmB,GAAG,QAAQ;EAC/B,CAAC,sBAAsB,GAAG,UAAU;EACrC;AAED,MAAK,MAAM,CAAC,MAAM,YAAY,YAC5B,KAAI,QACF,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE;GAAM;GAAS;EAAE,CAAC;AAK5D,KAAI,GAAG,OACL,KAAI,OAAO,GAAG,WAAW,SACvB,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,MAAM;GAAiB,SAAS,GAAG;GAAQ;EAAE,CAAC;MAC/E;EACL,MAAM,UAAU,MAAM,QAAQ,GAAG,OAAO,GAAG,GAAG,SAAS,CAAC,GAAG,OAAO;AAClE,OAAK,MAAM,OAAO,SAAS;GACzB,MAAM,MAAM,OAAO,QAAQ,WAAW,MAAM,IAAI;AAChD,YAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM;KAAiB,SAAS;KAAK;IAAE,CAAC;;;AAMpF,KAAI,GAAG,QACL,MAAK,MAAM,UAAU,GAAG,SAAS;AAC/B,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,MAAM;IAAkB,SAAS,OAAO;IAAW;GAAE,CAAC;AAC5F,MAAI,OAAO,MACT,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,MAAM;IAAwB,SAAS,OAAO,OAAO,MAAM;IAAE;GACvE,CAAC;AAEJ,MAAI,OAAO,OACT,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,MAAM;IAAyB,SAAS,OAAO,OAAO,OAAO;IAAE;GACzE,CAAC;AAEJ,MAAI,OAAO,UACT,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,MAAM;IAAyB,SAAS,OAAO;IAAW;GACpE,CAAC;;AAMR,KAAI,GAAG,KAAK;EACV,MAAM,YAAkE;GACtE,CAAC,UAAU,SAAS;GACpB,CAAC,QAAQ,OAAO;GAChB,CAAC,cAAc,aAAa;GAC7B;AAID,MAAI,GAAG,IAAI;QACJ,MAAM,CAAC,KAAK,QAAQ,UACvB,KAAI,GAAG,IAAI,KAAK,KACd,UAAS,KAAK;IACZ,KAAK;IACL,OAAO;KAAE,MAAM,oBAAoB;KAAO,SAAS,GAAG,IAAI;KAAM;IACjE,CAAC;;AAKR,OAAK,MAAM,CAAC,KAAK,QAAQ,WAAW;GAClC,MAAM,KAAK,GAAG,IAAI,KAAK;AACvB,OAAI,GACF,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM,kBAAkB;KAAO,SAAS;KAAI;IAAE,CAAC;;AAIzF,OAAK,MAAM,CAAC,KAAK,QAAQ,WAAW;GAClC,MAAM,MAAM,GAAG,IAAI,MAAM;AACzB,OAAI,IACF,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM,mBAAmB;KAAO,SAAS;KAAK;IAAE,CAAC;;;;;;;;;ACxK/F,SAAgB,YAAY,OAAuC,UAA+B;AAEhG,KAAI,MAAM;MACJ,OAAO,MAAM,SAAS,SACxB,UAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,KAAK;IAAQ,MAAM,MAAM;IAAM;GAAE,CAAC;WAC/D,MAAM,QAAQ,MAAM,KAAK,CAClC,MAAK,MAAM,QAAQ,MAAM,MAAM;GAC7B,MAAM,QAAgC;IAAE,KAAK;IAAQ,MAAM,KAAK;IAAK;AACrE,OAAI,KAAK,MAAO,OAAM,QAAQ,KAAK;AACnC,OAAI,KAAK,KAAM,OAAM,OAAO,KAAK;AACjC,YAAS,KAAK;IAAE,KAAK;IAAQ;IAAO,CAAC;;;AAM3C,KAAI,MAAM,UAAU;EAClB,MAAM,OAAO,MAAM,QAAQ,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,MAAM,SAAS;AAC9E,OAAK,MAAM,OAAO,KAChB,UAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,KAAK;IAAiB,MAAM;IAAK;GAAE,CAAC;;AAK9E,KAAI,MAAM;MACJ,OAAO,MAAM,UAAU,SACzB,UAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,KAAK;IAAoB,MAAM,MAAM;IAAO;GAAE,CAAC;WAC5E,MAAM,QAAQ,MAAM,MAAM,CACnC,MAAK,MAAM,QAAQ,MAAM,OAAO;GAC9B,MAAM,QAAgC;IAAE,KAAK;IAAoB,MAAM,KAAK;IAAK;AACjF,OAAI,KAAK,MAAO,OAAM,QAAQ,KAAK;AACnC,YAAS,KAAK;IAAE,KAAK;IAAQ;IAAO,CAAC;;;AAM3C,KAAI,MAAM,MACR,MAAK,MAAM,QAAQ,MAAM,OAAO;EAC9B,MAAM,QAAgC;GAAE,KAAK,KAAK;GAAK,MAAM,KAAK;GAAK;AACvE,MAAI,KAAK,MAAO,OAAM,QAAQ,KAAK;AACnC,MAAI,KAAK,KAAM,OAAM,OAAO,KAAK;AACjC,WAAS,KAAK;GAAE,KAAK;GAAQ;GAAO,CAAC;;;;;;AAQ3C,SAAgB,iBACd,YACA,UACM;AACN,KAAI,WAAW,UACb,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,KAAK;GAAa,MAAM,WAAW;GAAW;EAAE,CAAC;AAGzF,KAAI,WAAW,UACb,MAAK,MAAM,CAAC,MAAM,SAAS,OAAO,QAAQ,WAAW,UAAU,CAC7D,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,KAAK;GAAa,UAAU;GAAM;GAAM;EAClD,CAAC;AAIN,KAAI,WAAW,MACb,MAAK,MAAM,CAAC,OAAO,SAAS,OAAO,QAAQ,WAAW,MAAM,CAC1D,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,KAAK;GAAa;GAAO;GAAM;EACzC,CAAC;AAIN,KAAI,WAAW,MACb,MAAK,MAAM,CAAC,MAAM,SAAS,OAAO,QAAQ,WAAW,MAAM,CACzD,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,KAAK;GAAa;GAAM;GAAM;EACxC,CAAC;;;;;AAQR,SAAgB,mBACd,cACA,UACM;CACN,MAAM,oBAAyD;EAC7D,CAAC,4BAA4B,aAAa,OAAO;EACjD,CAAC,SAAS,aAAa,MAAM;EAC7B,CAAC,uBAAuB,aAAa,OAAO;EAC7C;AAED,MAAK,MAAM,CAAC,MAAM,YAAY,kBAC5B,KAAI,QACF,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE;GAAM;GAAS;EAAE,CAAC;AAG5D,KAAI,aAAa,MACf,MAAK,MAAM,CAAC,MAAM,UAAU,OAAO,QAAQ,aAAa,MAAM,EAAE;EAC9D,MAAM,UAAU,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,KAAK,GAAG;AAC1D,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE;IAAM;IAAS;GAAE,CAAC;;;;;;AAQ9D,SAAgB,kBACd,aACA,UACM;AACN,KAAI,YAAY,QACd,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,MAAM;GAAgC,SAAS;GAAO;EAChE,CAAC;AAEJ,KAAI,YAAY,MACd,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,MAAM;GAA8B,SAAS,YAAY;GAAO;EAC1E,CAAC;AAEJ,KAAI,YAAY,eACd,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GACL,MAAM;GACN,SAAS,YAAY;GACtB;EACF,CAAC;AAEJ,KAAI,YAAY,cAAc;EAC5B,MAAM,SAAS,MAAM,QAAQ,YAAY,aAAa,GAClD,YAAY,eACZ,CAAC,EAAE,KAAK,YAAY,cAAc,CAAC;AACvC,OAAK,MAAM,OAAO,QAAQ;GAExB,MAAM,QAAgC;IAAE,KAAK;IAA6B,MAD9D,OAAO,QAAQ,WAAW,MAAM,IAAI;IACqC;AACrF,OAAI,OAAO,QAAQ,YAAY,IAAI,MACjC,OAAM,QAAQ,IAAI;AAEpB,YAAS,KAAK;IAAE,KAAK;IAAQ;IAAO,CAAC;;;;;;;AAQ3C,SAAgB,eACd,UACA,UACM;CACN,MAAM,kBAA+E;EACnF,CAAC,OAAO,SAAS,IAAI;EACrB,CAAC,WAAW,SAAS,QAAQ;EAC7B,CAAC,WAAW,SAAS,QAAQ;EAC7B,CAAC,iBAAiB,SAAS,aAAa;EACxC,CAAC,qBAAqB,SAAS,iBAAiB;EACjD;AAED,MAAK,MAAM,CAAC,UAAU,YAAY,iBAAiB;AACjD,MAAI,CAAC,QAAS;AACd,OAAK,MAAM,SAAS,QAClB,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,MAAM,CAC9C,KAAI,UAAU,KAAA,KAAa,UAAU,KACnC,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,UAAU,MAAM,SAAS,GAAG;IAAO,SAAS,OAAO,MAAM;IAAE;GACrE,CAAC;;AAMV,KAAI,SAAS,KAAK;AAChB,MAAI,SAAS,IAAI,IACf,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,UAAU;IAAc,SAAS,SAAS,IAAI;IAAK;GAC7D,CAAC;AAEJ,MAAI,SAAS,IAAI,mBAAmB,KAAA,EAClC,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IACL,UAAU;IACV,SAAS,SAAS,IAAI,iBAAiB,SAAS;IACjD;GACF,CAAC;;;;;;AAQR,SAAgB,aACd,QACA,UACM;CACN,MAAM,QAAQ,CAAC,UAAU,OAAO,QAAQ;AACxC,KAAI,OAAO,cAAe,OAAM,KAAK,kBAAkB,OAAO,gBAAgB;AAC9E,KAAI,OAAO,YAAa,OAAM,KAAK,gBAAgB,OAAO,cAAc;AACxE,UAAS,KAAK;EACZ,KAAK;EACL,OAAO;GAAE,MAAM;GAAoB,SAAS,MAAM,KAAK,KAAK;GAAE;EAC/D,CAAC;;;;;;;;;;;;;ACvMJ,SAAgB,yBAAyB,UAAmC;CAC1E,MAAM,WAA0B,EAAE;AAGlC,KAAI,OAAO,SAAS,UAAU,SAC5B,UAAS,KAAK;EAAE,KAAK;EAAS,SAAS,SAAS;EAAO,CAAC;CAI1D,MAAM,kBAAuD;EAC3D,CAAC,eAAe,SAAS,YAAY;EACrC,CAAC,aAAa,SAAS,UAAU;EACjC,CAAC,oBAAoB,SAAS,gBAAgB;EAC9C,CAAC,YAAY,SAAS,SAAS;EAC/B,CAAC,YAAY,SAAS,SAAS;EAC/B,CAAC,WAAW,SAAS,QAAQ;EAC7B,CAAC,aAAa,SAAS,UAAU;EAClC;AAED,MAAK,MAAM,CAAC,MAAM,YAAY,gBAC5B,KAAI,QACF,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE;GAAM;GAAS;EAAE,CAAC;AAK5D,KAAI,SAAS,UAAU;EACrB,MAAM,UAAU,MAAM,QAAQ,SAAS,SAAS,GAC5C,SAAS,SAAS,KAAK,KAAK,GAC5B,SAAS;AACb,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,MAAM;IAAY;IAAS;GAAE,CAAC;;AAItE,KAAI,SAAS,QAAQ;EACnB,MAAM,UACJ,OAAO,SAAS,WAAW,WAAW,SAAS,SAAS,mBAAmB,SAAS,OAAO;AAC7F,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE,MAAM;IAAU;IAAS;GAAE,CAAC;AAGlE,MAAI,OAAO,SAAS,WAAW,YAAY,SAAS,OAAO,WAAW;GACpE,MAAM,YACJ,OAAO,SAAS,OAAO,cAAc,WACjC,SAAS,OAAO,YAChB,mBAAmB,SAAS,OAAO,UAAU;AACnD,YAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM;KAAa,SAAS;KAAW;IAAE,CAAC;;;AAKpF,KAAI,SAAS,UACX,iBAAgB,SAAS,WAAW,SAAS;AAI/C,KAAI,SAAS,QACX,eAAc,SAAS,SAAS,SAAS;AAI3C,KAAI,SAAS,MACX,aAAY,SAAS,OAAO,SAAS;AAIvC,KAAI,SAAS,SACX,UAAS,KAAK;EAAE,KAAK;EAAQ,OAAO;GAAE,KAAK;GAAY,MAAM,SAAS;GAAU;EAAE,CAAC;AAIrF,KAAI,SAAS,WACX,kBAAiB,SAAS,YAAY,SAAS;AAIjD,KAAI,SAAS,aACX,oBAAmB,SAAS,cAAc,SAAS;AAIrD,KAAI,SAAS,iBAAiB;EAC5B,MAAM,QAAkB,EAAE;AAC1B,MAAI,SAAS,gBAAgB,cAAc,MAAO,OAAM,KAAK,eAAe;AAC5E,MAAI,SAAS,gBAAgB,UAAU,MAAO,OAAM,KAAK,WAAW;AACpE,MAAI,SAAS,gBAAgB,YAAY,MAAO,OAAM,KAAK,aAAa;AACxE,MAAI,MAAM,SAAS,EACjB,UAAS,KAAK;GACZ,KAAK;GACL,OAAO;IAAE,MAAM;IAAoB,SAAS,MAAM,KAAK,KAAK;IAAE;GAC/D,CAAC;;AAKN,KAAI,SAAS,SAAS;EACpB,MAAM,aAAa,MAAM,QAAQ,SAAS,QAAQ,GAAG,SAAS,UAAU,CAAC,SAAS,QAAQ;AAC1F,OAAK,MAAM,UAAU,YAAY;AAC/B,OAAI,OAAO,KACT,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,MAAM;KAAU,SAAS,OAAO;KAAM;IAAE,CAAC;AAEjF,OAAI,OAAO,IACT,UAAS,KAAK;IAAE,KAAK;IAAQ,OAAO;KAAE,KAAK;KAAU,MAAM,OAAO;KAAK;IAAE,CAAC;;;AAMhF,KAAI,SAAS,YACX,mBAAkB,SAAS,aAAa,SAAS;AAInD,KAAI,SAAS,SACX,gBAAe,SAAS,UAAU,SAAS;AAI7C,KAAI,SAAS,OACX,cAAa,SAAS,QAAQ,SAAS;AAIzC,KAAI,SAAS,MACX,MAAK,MAAM,CAAC,MAAM,UAAU,OAAO,QAAQ,SAAS,MAAM,EAAE;EAC1D,MAAM,UAAU,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,KAAK,GAAG;AAC1D,WAAS,KAAK;GAAE,KAAK;GAAQ,OAAO;IAAE;IAAM;IAAS;GAAE,CAAC;;AAI5D,QAAO;;AAKT,SAAS,mBAAmB,QAAyC;CACnE,MAAM,QAAkB,EAAE;AAC1B,KAAI,OAAO,UAAU,KAAM,OAAM,KAAK,QAAQ;AAC9C,KAAI,OAAO,UAAU,MAAO,OAAM,KAAK,UAAU;AACjD,KAAI,OAAO,WAAW,KAAM,OAAM,KAAK,SAAS;AAChD,KAAI,OAAO,WAAW,MAAO,OAAM,KAAK,WAAW;AACnD,QAAO,MAAM,KAAK,KAAK;;;;;;;;;;;;ACnHzB,SAAgB,aACd,OACA,UACoB;AACpB,KAAI,UAAU,KAAA,KAAa,UAAU,KACnC;AAGF,KAAI,OAAO,UAAU,SACnB,QAAO,WAAW,SAAS,QAAQ,MAAM,MAAM,GAAG;AAIpD,KAAI,MAAM,aAAa,KAAA,EACrB,QAAO,MAAM;AAGf,KAAI,MAAM,YAAY,KAAA,EACpB,QAAO,MAAM;;;;;;;;;;;;;;;AAqBjB,SAAgB,gBACd,SACA,UAAkC,EAAE,EAC1B;CACV,MAAM,EAAE,aAAa,UAAU;CAE/B,MAAM,SAAmB,EAAE;CAC3B,IAAI;CACJ,IAAI;CACJ,IAAI;AAEJ,MAAK,MAAM,EAAE,UAAU,YAAY,SAAS;AAE1C,MAAI,cAAc,OAChB;AAIF,MAAI,SAAS,UAAU,KAAA,KAAa,OAAO,SAAS,UAAU,UAAU;AACtE,OAAI,SAAS,MAAM,aAAa,KAAA,EAC9B,iBAAgB,SAAS,MAAM;AAEjC,OAAI,SAAS,MAAM,YAAY,KAAA,EAC7B,eAAc,SAAS,MAAM;;AAKjC,OAAK,MAAM,OAAO,OAAO,KAAK,SAAS,EAA2B;AAChE,OAAI,QAAQ,QAAS;AAEpB,UAAe,OAAO,SAAS;;AAIlC,MAAI,SAAS,UAAU,KAAA,EACrB,YAAW,SAAS;;AAKxB,KAAI,YAAY;AACd,aAAW,gBAAgB,KAAA,IAAY,EAAE,SAAS,aAAa,GAAG;AAElE,kBAAgB,KAAA;;CAIlB,MAAM,gBAAgB,aAAa,UAAU,cAAc;AAC3D,KAAI,kBAAkB,KAAA,EACpB,QAAO,QAAQ;AAIjB,KAAI,WACF,QAAO,SAAS;AAGlB,QAAO;;;;;AAQT,SAAS,cAAc,KAAsB;AAC3C,QAAO,IAAI,WAAW,UAAU,IAAI,IAAI,WAAW,WAAW,IAAI,IAAI,WAAW,KAAK;;;;;AAMxF,SAAS,WAAW,KAAa,MAAmB;AAClD,KAAI,cAAc,IAAI,CAAE,QAAO;AAC/B,QAAO,IAAI,IAAI,KAAK,KAAK,CAAC,UAAU;;;;;;;;AAStC,SAAgB,oBAAoB,UAA8B;CAChE,MAAM,OAAO,SAAS;AACtB,KAAI,CAAC,KAAM,QAAO;CAElB,MAAM,SAAS,EAAE,GAAG,UAAU;AAG9B,KAAI,OAAO,WAAW;AACpB,SAAO,YAAY,EAAE,GAAG,OAAO,WAAW;AAC1C,MAAI,OAAO,OAAO,UAAU,WAAW,SACrC,QAAO,UAAU,SAAS,WAAW,OAAO,UAAU,QAAQ,KAAK;WAC1D,MAAM,QAAQ,OAAO,UAAU,OAAO,CAC/C,QAAO,UAAU,SAAS,OAAO,UAAU,OAAO,KAAK,SAAS;GAC9D,GAAG;GACH,KAAK,WAAW,IAAI,KAAK,KAAK;GAC/B,EAAE;WACM,OAAO,UAAU,OAE1B,QAAO,UAAU,SAAS;GACxB,GAAG,OAAO,UAAU;GACpB,KAAK,WAAW,OAAO,UAAU,OAAO,KAAK,KAAK;GACnD;AAEH,MAAI,OAAO,UAAU,OAAO,CAAC,cAAc,OAAO,UAAU,IAAI,CAC9D,QAAO,UAAU,MAAM,WAAW,OAAO,UAAU,KAAK,KAAK;;AAKjE,KAAI,OAAO,SAAS;AAClB,SAAO,UAAU,EAAE,GAAG,OAAO,SAAS;AACtC,MAAI,OAAO,OAAO,QAAQ,WAAW,SACnC,QAAO,QAAQ,SAAS,WAAW,OAAO,QAAQ,QAAQ,KAAK;WACtD,MAAM,QAAQ,OAAO,QAAQ,OAAO,EAAE;GAE/C,MAAM,WAAW,OAAO,QAAQ,OAAO,KAAK,QAC1C,OAAO,QAAQ,WAAW,WAAW,KAAK,KAAK,GAAG;IAAE,GAAG;IAAK,KAAK,WAAW,IAAI,KAAK,KAAK;IAAE,CAC7F;GAED,MAAM,aAAa,SAAS,OAAO,MAAM,OAAO,MAAM,SAAS;AAC/D,UAAO,QAAQ,SAAS,aACnB,WACA;aACI,OAAO,QAAQ,OAExB,QAAO,QAAQ,SAAS;GACtB,GAAG,OAAO,QAAQ;GAClB,KAAK,WAAW,OAAO,QAAQ,OAAO,KAAK,KAAK;GACjD;;AAKL,KAAI,OAAO,YAAY;AACrB,SAAO,aAAa,EAAE,GAAG,OAAO,YAAY;AAC5C,MAAI,OAAO,WAAW,aAAa,CAAC,cAAc,OAAO,WAAW,UAAU,CAC5E,QAAO,WAAW,YAAY,WAAW,OAAO,WAAW,WAAW,KAAK;AAE7E,MAAI,OAAO,WAAW,WAAW;GAC/B,MAAM,QAAgC,EAAE;AACxC,QAAK,MAAM,CAAC,MAAM,QAAQ,OAAO,QAAQ,OAAO,WAAW,UAAU,CACnE,OAAM,QAAQ,cAAc,IAAI,GAAG,MAAM,WAAW,KAAK,KAAK;AAEhE,UAAO,WAAW,YAAY;;;AAKlC,KAAI,OAAO,OAAO;AAChB,SAAO,QAAQ,EAAE,GAAG,OAAO,OAAO;AAClC,MAAI,OAAO,OAAO,MAAM,SAAS,SAC/B,QAAO,MAAM,OAAO,WAAW,OAAO,MAAM,MAAM,KAAK;WAC9C,MAAM,QAAQ,OAAO,MAAM,KAAK,CACzC,QAAO,MAAM,OAAO,OAAO,MAAM,KAAK,KAAK,OAAO;GAAE,GAAG;GAAG,KAAK,WAAW,EAAE,KAAK,KAAK;GAAE,EAAE;AAE5F,MAAI,OAAO,OAAO,MAAM,UAAU,SAChC,QAAO,MAAM,QAAQ,WAAW,OAAO,MAAM,OAAO,KAAK;WAChD,MAAM,QAAQ,OAAO,MAAM,MAAM,CAC1C,QAAO,MAAM,QAAQ,OAAO,MAAM,MAAM,KAAK,OAAO;GAAE,GAAG;GAAG,KAAK,WAAW,EAAE,KAAK,KAAK;GAAE,EAAE;;AAIhG,QAAO;;;;;;;;;;AC7OT,IAAa,kBAAb,cAAqC,MAAM;;CAEzC;CAEA,YAAY,UAAkB,OAAgB;EAC5C,MAAM,kBAAkB,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;AAC9E,QAAM,kCAAkC,SAAS,MAAM,mBAAmB,EAAE,OAAO,CAAC;AACpF,OAAK,OAAO;AACZ,OAAK,WAAW;;;;;;;;;;;;;;;;;;;;AAqBpB,eAAsB,WAAwC,QAAoC;AAChG,KAAI;AACF,SAAQ,MAAM,OAAO,MAAM;UACpB,OAAO;AACd,QAAM,IAAI,gBAAgB,OAAO,UAAU,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACsErD,SAAgB,uBACd,OACA,QACA,MAC2B;CAC3B,MAAM,IAAI;AAEV,MAAK,MAAM,SAAS,OAAO;AACzB,MAAI,MAAM,WAAW,OACnB,QAAO,EAAE,MAAM,WAAW;GAAE;GAAQ,qBAAqB;GAAM,CAAC;AAElE,MAAI,MAAM,WAAW,OAAO,UAAU,OAAO,UAAU,IACrD,QAAO,EAAE,MAAM,WAAW;GAAE;GAAQ,qBAAqB;GAAM,CAAC;AAElE,MAAI,MAAM,WAAW,OAAO,UAAU,OAAO,UAAU,IACrD,QAAO,EAAE,MAAM,WAAW;GAAE;GAAQ,qBAAqB;GAAM,CAAC;AAElE,MAAI,MAAM,WAAW,KACnB,QAAO,EAAE,MAAM,WAAW;GAAE;GAAQ,qBAAqB;GAAM,CAAC;;AAGpE,QAAO;;;;;;;AAwDT,SAAgB,cAAc,QAAsB;CAClD,MAAM,QAAQ,kBAAkB,UAAU;AAC1C,KAAI,MACF,OAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACxKvB,SAAgB,WAAW,OAAwD;CACjF,MAAM,EAAE,UAAU,aAAa,SAAS,WAAW,aAAa;AAGhE,KAAI,YAAY,KAAA,GAAW;AACzB,MAAI,YAAY,OACd,QAAO;AAET,QAAM;;AAMR,QAAO,mBAAmB,UAAU,aAAa,WAAW,SAAS;;;;;;AAOvE,eAAe,mBACb,UACA,aACA,WACA,UACoB;AACpB,KAAI;AACF,QAAM,SAAS,iBAAiB,EAAE,kBAAkB,eAAe,WAAW,EAAE,YAAY;AAC1F,OAAI;AACF,UAAM,UAAU;AAChB,UAAM,iBAAiB,iBAAiB,OAAO;YACxC,OAAgB;AACvB,QAAI,iBAAiB,YAAY;AAC/B,WAAM,iBAAiB,iBAAiB,OAAO;AAC/C,WAAM,iBAAiB,sBAAsB,MAAM,OAAO;AAC1D,SAAI,MAAM,WACR,OAAM,iBAAiB,oBAAoB,MAAM,WAAW;eAErD,iBAAiB,eAC1B,OAAM,iBAAiB,iBAAiB,WAAW;AAErD,UAAM;;IAER;UACK,OAAgB;AAIvB,MAAI,iBAAiB,cAAc,WAAW;GAC5C,MAAM,cAAc,uBAAuB,WAAW,MAAM,QAAQ,MAAM,KAAK;AAC/E,OAAI,aAAa;AACf,kBAAc,MAAM,OAAO;AAC3B,WAAO;;;AAGX,QAAM;;AAGR,QAAO;;;;;;;;;;;;;;;;AAmBT,eAAsB,eAAe,OAAgD;CACnF,MAAM,EAAE,UAAU,iBAAiB,UAAU,eAAe,iBAAiB,aAAa;AAE1F,KAAI;AACF,QAAM,UAAU;UACT,OAAgB;AAGvB,MAAI,iBAAiB,WACnB,QACE,oBAAoB,iBAAiB,UAAU,MAAM,MAAM,cAAc,IACzE,mBACA;AAQJ,MAAI,iBAAiB,gBAAgB;AACnC,OAAI,SAAS,CACX,SAAQ,MACN,gNAGD;AAGH,UACE,oBAAoB,iBAAiB,UAAU,KAAA,GAAW,cAAc,IACxE,mBACA;;AAMJ,MAAI,SAAS,CACX,SAAQ,KACN,oGAEA,MACD;AAEH,QAAM;;AAIR,QAAO;;;;;;AAOT,SAAS,oBACP,iBACA,UACA,MACA,eACkB;AAClB,KAAI,CAAC,gBAAiB,QAAO;AAC7B,QAAO,cAAc,iBAAiB;EACpC,MAAM;EACN,qBAAqB;EACtB,CAAC;;;;;;;;ACzGJ,IAAa,qBAAb,cAAwC,MAAM;CAC5C,YAAY,SAAiB;AAC3B,QAAM,QAAQ;AACd,OAAK,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACvDhB,IAAa,uBAAuB;;AAGpC,IAAa,gBAAgB;;;;;AAQ7B,IAAI,sBAAqC;;;;;;;;;;;;AAuCzC,SAAgB,iBAAiB,KAA+B;AAE9D,KAAI,CAAC,oBACH,QAAO;EAAE,IAAI;EAAM,UAAU;EAAM;CAGrC,MAAM,WAAW,IAAI,QAAQ,IAAI,qBAAqB;AAGtD,KAAI,CAAC,SACH,QAAO;EAAE,IAAI;EAAM,UAAU;EAAM;AAIrC,KAAI,aAAa,oBACf,QAAO;EAAE,IAAI;EAAM;EAAU;AAG/B,QAAO;EAAE,IAAI;EAAO;EAAU;;;;;;AAOhC,SAAgB,mBAAmB,SAAwB;AACzD,SAAQ,IAAI,eAAe,IAAI;;;;;;;;;;;;;;;;ACvFjC,IAAM,qBAAqB,IAAI,IAAI;CACjC;CACA;CACA;CACA;CACA;CACD,CAAC;;;;;;;;;;AAWF,eAAsB,wBACpB,WACmB;CACnB,MAAM,EAAE,aAAa,SAAS;CAC9B,MAAM,SAAS,mBAAmB,IAAI,YAAY;CAElD,MAAM,OAAO,MAAM,SAAS,KAAK,SAAS;CAE1C,MAAM,UAAkC;EACtC,gBAAgB,SAAS,GAAG,YAAY,mBAAmB;EAC3D,kBAAkB,OAAO,KAAK,WAAW;EAC1C;AAED,QAAO,IAAI,SAAS,MAAM;EAAE,QAAQ;EAAK;EAAS,CAAC;;;;;;AAOrD,SAAgB,iBACd,SAMQ;AAmBR,QAAO,yGAlBM,QACV,KAAK,MAAM;EACV,IAAI,MAAM,qBAAqB,UAAU,EAAE,IAAI,CAAC;AAChD,MAAI,EAAE,cAAc;GAClB,MAAM,OAAO,EAAE,wBAAwB,OAAO,EAAE,aAAa,aAAa,GAAG,EAAE;AAC/E,UAAO,kBAAkB,UAAU,KAAK,CAAC;;AAE3C,MAAI,EAAE,gBACJ,QAAO,qBAAqB,UAAU,EAAE,gBAAgB,CAAC;AAE3D,MAAI,EAAE,aAAa,KAAA,EACjB,QAAO,mBAAmB,EAAE,SAAS;AAEvC,SAAO;AACP,SAAO;GACP,CACD,KAAK,KAAK,CAEwG;;;AAiBvH,SAAgB,UAAU,KAAqB;AAC7C,QAAO,IACJ,QAAQ,MAAM,QAAQ,CACtB,QAAQ,MAAM,OAAO,CACrB,QAAQ,MAAM,OAAO,CACrB,QAAQ,MAAM,SAAS,CACvB,QAAQ,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;AC1E5B,SAAgB,sBACd,gBACA,WACA,UACgC;AAChC,MAAK,MAAM,WAAW,UAAU;AAE9B,MAAI,CAAC,UAAU,WAAW,QAAQ,mBAAmB,CAAE;AAIvD,MAAI,uBAAuB,gBAAgB,QAAQ,mBAAmB,CACpE,QAAO,EAAE,gBAAgB,QAAQ,oBAAoB;;AAGzD,QAAO;;;;;;;;AAST,SAAgB,uBAAuB,UAAkB,SAA0B;CACjF,MAAM,YAAY,aAAa,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,CAAC,MAAM,IAAI;CACtE,MAAM,eAAe,YAAY,MAAM,EAAE,GAAG,QAAQ,MAAM,EAAE,CAAC,MAAM,IAAI;CAEvE,IAAI,KAAK;AACT,MAAK,IAAI,IAAI,GAAG,IAAI,aAAa,QAAQ,KAAK;EAC5C,MAAM,MAAM,mBAAmB,aAAa,GAAG;AAE/C,UAAQ,IAAI,MAAZ;GACE,KAAK,YACH,QAAO,KAAK,UAAU;GACxB,KAAK,qBACH,QAAO;GACT,KAAK;AACH,QAAI,MAAM,UAAU,OAAQ,QAAO;AACnC;AACA;GACF,KAAK;AACH,QAAI,MAAM,UAAU,UAAU,UAAU,QAAQ,IAAI,MAAO,QAAO;AAClE;AACA;;;AAIN,QAAO,OAAO,UAAU;;;;;;;;;;;;;;AC9C1B,eAAsB,oBAAoB,OAAkC;CAI1E,MAAM,cAAuC,OAAO,OAAO,KAAK;AAChE,MAAK,MAAM,OAAO,OAAO,KAAK,MAAM,cAAc,CAChD,KAAI,QAAQ,YACV,aAAY,OAAO,MAAM,cAAc;AAG3C,OAAM,gBAAgB;AAEtB,MAAK,MAAM,WAAW,MAAM,UAAU;AAEpC,MAAI,CAAC,QAAQ,OAAQ;EAErB,IAAI;AACJ,MAAI;AACF,SAAM,MAAM,WAAW,QAAQ,OAAO;WAC/B,KAAK;AACZ,SAAM,IAAI,mBACR,6CAA6C,QAAQ,YAAY,KAAK,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,GACvH;;EAGH,MAAM,mBAAmB,IAAI;AAI7B,MAAI,CAAC,oBAAoB,OAAO,iBAAiB,UAAU,WAAY;AAEvE,MAAI;GACF,MAAM,UAAU,iBAAiB,MAAM,MAAM,cAAc;AAK3D,QAAK,MAAM,OAAO,OAAO,KAAK,QAAmC,CAC/D,KAAI,QAAQ,YACV,aAAY,OAAO,mBAAoB,QAAoC,KAAK;WAG7E,KAAK;AACZ,SAAM,IAAI,mBAAmB,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;ACdpF,eAAsB,kBACpB,QACA,SACA,KACmB;AACnB,SAAQ,QAAQ,MAAhB;EACE,KAAK,YAAY;GAMf,MAAM,gBAAgB,wBAAwB,QAAQ,SAAS;AAE/D,OAAI,QAAQ,UAAU,QAAS,QAAO;AAEtC,OAAI,QAAQ,UAAU,gBAAgB,IAAI,iBAAiB;AACzD,mBAAe,cAAc,QAAQ;AACrC,wBAAoB,cAAc,SAAS,IAAI,gBAAgB;AAC/D,8BAA0B;KACxB,QAAQ,IAAI;KACZ,MAAM,IAAI;KACV,QAAQ,cAAc;KACvB,CAAC;;AAGJ,OAAI,QAAQ,UAAU,SACpB,sBAAqB;AAGvB,UAAO;;EAGT,KAAK,YAAY;GACf,MAAM,UAAU,IAAI,mBAAmB,IAAI,SAAS;AACpD,kBAAe,QAAQ;AACvB,UAAO,sBAAsB,QAAQ,QAAQ,IAAI,KAAK,QAAQ;;EAGhE,KAAK,QAAQ;GACX,MAAM,UAAU,IAAI,mBAAmB,IAAI,SAAS;AACpD,kBAAe,QAAQ;AACvB,OAAI,OAAO,mBACT,KAAI;AAIF,WAAO,wBACL,MAAM,OAAO,mBAAmB,QAAQ,QAAQ,IAAI,KAAK,SAAS,IAAI,MAAM,CAC7E;YACM,iBAAiB;AAIxB,mBAAe;KAAE,QAAQ,IAAI;KAAQ,MAAM,IAAI;KAAM,OAAO;KAAiB,CAAC;AAC9E,UAAM,mBAAmB,iBAAiB,IAAI,KAAK,SAAS;AAC5D,QAAI,OAAO,mBAAmB,2BAA2B,MACvD,QAAO,gBAAgB,iBAAiB,SAAS;;AAGvD,UAAO,IAAI,SAAS,MAAM;IAAE,QAAQ,QAAQ,OAAO;IAAQ;IAAS,CAAC;;EAGvE,KAAK,SAAS;AACZ,OAAI,QAAQ,UAAU,SAAS;AAC7B,kBAAc,EAAE,OAAO,QAAQ,OAAO,CAAC;AACvC,UAAM,mBAAmB,QAAQ,OAAO,IAAI,KAAK,QAAQ;AACzD,QAAI,OAAO,mBAAmB,QAAQ,iBAAiB,MACrD,QAAO,gBAAgB,QAAQ,OAAO,QAAQ;AAChD,WAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;AAG5C,OAAI,QAAQ,UAAU,cAAc;AAClC,uBAAmB;KAAE,QAAQ,IAAI;KAAQ,MAAM,IAAI;KAAM,OAAO,QAAQ;KAAO,CAAC;AAChF,UAAM,mBAAmB,QAAQ,OAAO,IAAI,KAAK,UAAU;AAC3D,QAAI,OAAO,mBAAmB,QAAQ,iBAAiB,MACrD,QAAO,gBAAgB,QAAQ,OAAO,aAAa;AAErD,WAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;GAG5C,MAAM,UAAU,IAAI,mBAAmB,IAAI,SAAS;AACpD,kBAAe,QAAQ;AACvB,kBAAe;IAAE,QAAQ,IAAI;IAAQ,MAAM,IAAI;IAAM,OAAO,QAAQ;IAAO,CAAC;AAC5E,SAAM,mBAAmB,QAAQ,OAAO,IAAI,KAAK,SAAS;AAC1D,OAAI,OAAO,mBAAmB,QAAQ,iBAAiB,MACrD,QAAO,gBAAgB,QAAQ,OAAO,SAAS;AACjD,OAAI,OAAO,oBACT,KAAI;AAGF,WAAO,wBACL,MAAM,OAAO,oBAAoB,QAAQ,OAAO,IAAI,KAAK,QAAQ,CAClE;YACM,qBAAqB;AAK5B,mBAAe;KAAE,QAAQ,IAAI;KAAQ,MAAM,IAAI;KAAM,OAAO;KAAqB,CAAC;AAClF,UAAM,mBAAmB,qBAAqB,IAAI,KAAK,SAAS;AAChE,QAAI,OAAO,mBAAmB,+BAA+B,MAC3D,QAAO,gBAAgB,qBAAqB,SAAS;;AAG3D,UAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;AChHhD,eAAsB,cACpB,QACA,UACA,KACA,QACA,MACuB;CACvB,MAAM,WAAW,OAAO,iBAAiB;AACzC,KAAI;EACF,MAAM,cAAc,MAAM,UAAU;EACpC,MAAM,gBACJ,SAAS,aAAa,WAAW,cAAc,QAAQ,KAAK,QAAQ,KAAK,CAAC;AAI5E,SAAO;GAAE,MAAM;GAAY,OAAO;GAAS,UAH1B,MAAM,SAAS,gBAAgB,EAAE,QAChD,WAAW,WAAW,SAAS,YAAY,QAAQ,GAAG,SAAS,CAChE;GACoD;UAC9C,OAAO;AACd,SAAO;GAAE,MAAM;GAAS,OAAO;GAAS;GAAO;;;;;;;;AAWnD,eAAsB,mBACpB,QACA,KACA,OACA,iBACA,sBACA,eACuB;CACvB,MAAM,WAAW,OAAO,iBAAiB;CACzC,MAAM,MAAyB;EAC7B;EACA,gBAAgB;EAChB,SAAS;EACT,eAAe,MAAM;EACrB,aAAa,UAAU;AACrB,QAAK,MAAM,QAAQ,OAAO;IAIxB,IAAI;AACJ,QAAI,KAAK,OAAO,KAAA,EACd,SAAQ,IAAI,KAAK,KAAK,QAAQ,KAAK,GAAG,QAAQ,KAAK;QAEnD,SAAQ,IAAI,KAAK,KAAK,SAAS,KAAK;AAEtC,QAAI,KAAK,gBAAgB,KAAA,EAAW,UAAS,iBAAiB,KAAK;AACnE,QAAI,KAAK,kBAAkB,KAAA,EAAW,UAAS,mBAAmB,KAAK;AACvE,oBAAgB,OAAO,QAAQ,MAAM;;;EAG1C;AAED,KAAI;EACF,MAAM,gBAAgB,mBAAmB,MAAM,iBAAiB,IAAI;EAEpE,MAAM,qBAAqB,OAAO,YAAY;AAC5C,2BAAwB,KAAK;AAC7B,OAAI;AACF,WAAO,MAAM,SAAS,qBAAqB,EAAE,QAC3C,WAAW,WAAW,MAAM,iBAAiB,QAAQ,GAAG,SAAS,CAClE;aACO;AACR,4BAAwB,MAAM;;MAE9B;AACJ,MAAI,mBACF,QAAO;GAAE,MAAM;GAAY,OAAO;GAAc,UAAU;GAAoB;AAIhF,4BAA0B,qBAAqB;AAM/C,iBAAe,gBAAgB;AAE/B,SAAO,eAAe,QAAQ,KAAK,OAAO,iBAAiB,sBAAsB,cAAc;UACxF,OAAO;AACd,MAAI,iBAAiB,eACnB,QAAO;GAAE,MAAM;GAAY,OAAO;GAAc,QAAQ;GAAO;AAEjE,MAAI,iBAAiB,WACnB,QAAO;GAAE,MAAM;GAAQ,OAAO;GAAc,QAAQ;GAAO;AAE7D,SAAO;GAAE,MAAM;GAAS,OAAO;GAAc;GAAO;;;;;;;AAUxD,eAAsB,eACpB,QACA,KACA,OACA,iBACA,sBACA,EAAE,mBAAmB,gBACE;CACvB,MAAM,WAAW,OAAO,iBAAiB;AACzC,KAAI;EACF,MAAM,iBACJ,OAAO,OAAO,KAAK,OAAO,iBAAiB,sBAAsB,aAAa;AAIhF,SAAO;GAAE,MAAM;GAAY,OAAO;GAAU,UAH3B,MAAM,SAAS,iBAAiB,EAAE,cAAc,mBAAmB,QAClF,WAAW,WAAW,UAAU,oBAAoB,SAAS,GAAG,UAAU,CAC3E;GACqD;UAC/C,OAAO;AACd,MAAI,iBAAiB,WACnB,QAAO;GAAE,MAAM;GAAQ,OAAO;GAAU,QAAQ;GAAO;AAEzD,MAAI,iBAAiB,eACnB,QAAO;GAAE,MAAM;GAAY,OAAO;GAAU,QAAQ;GAAO;AAE7D,SAAO;GAAE,MAAM;GAAS,OAAO;GAAU;GAAO;;;;;;;;;;;;;;AAiBpD,eAAsB,cACpB,QACA,KACA,QACA,MACmB;CACnB,MAAM,qBAAqB,OAAO,sBAAsB;CAIxD,MAAM,SAAS,aADH,IAAI,IAAI,IAAI,IAAI,CACI,UAAU,mBAAmB;AAC7D,KAAI,CAAC,OAAO,GACV,QAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,OAAO,QAAQ,CAAC;CAEtD,MAAM,oBAAoB,OAAO;AAKjC,KAAI,OAAO,oBAAoB;EAC7B,MAAM,YAAY,OAAO,mBAAmB,kBAAkB;AAC9D,MAAI,UACF,KAAI;AAIF,OAAI,UAAU,SACZ,QAAO,MAAM,wBAAwB,UAAU;GAGjD,MAAM,MAAM,MAAM,WAA0C,UAAU,KAAK;AAC3E,OAAI,OAAO,IAAI,YAAY,WACzB,QAAO,IAAI,SAAS,iDAAiD,EAAE,QAAQ,KAAK,CAAC;GAEvF,MAAM,gBAAgB,MAAM,IAAI,SAAS;AAIzC,OAAI,yBAAyB,SAC3B,QAAO,wBAAwB,cAAc;GAO/C,MAAM,cAAc,UAAU;GAC9B,IAAI;AACJ,OAAI,OAAO,kBAAkB,SAC3B,QAAO;YACE,gBAAgB,kBACzB,QAAO,iBAAiB,cAAuC;YACtD,gBAAgB,4BACzB,QAAO,KAAK,UAAU,eAAe,MAAM,EAAE;OAE7C,QAAO,OAAO,cAAc;AAE9B,UAAO,IAAI,SAAS,MAAM;IACxB,QAAQ;IACR,SAAS,EAAE,gBAAgB,GAAG,YAAY,kBAAkB;IAC7D,CAAC;WACK,OAAO;AACd,kBAAe;IAAE;IAAQ;IAAM;IAAO,CAAC;AACvC,OAAI,OAAO,mBAAmB,iBAAiB,MAC7C,QAAO,gBAAgB,OAAO,iBAAiB;AACjD,UAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;;AAShD,KAAI,OAAO,mBACT,KAAI;EACF,MAAM,kBAAkB,MAAM,OAAO,mBAAmB,kBAAkB;AAC1E,MAAI,gBAAiB,QAAO,wBAAwB,gBAAgB;UAC7D,OAAO;AACd,iBAAe;GAAE;GAAQ;GAAM;GAAO,CAAC;AACvC,MAAI,OAAO,mBAAmB,iBAAiB,MAC7C,QAAO,gBAAgB,OAAO,eAAe;AAC/C,SAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;AAU9C,MADsB,IAAI,QAAQ,IAAI,SAAS,IAAI,IAAI,SAAS,mBAAmB;MAG7E,CADc,iBAAiB,IAAI,CACxB,IAAI;GACjB,MAAM,gBAAgB,IAAI,SAAS;AACnC,sBAAmB,cAAc;AACjC,UAAO,IAAI,SAAS,MAAM;IAAE,QAAQ;IAAK,SAAS;IAAe,CAAC;;;CAKtE,IAAI,QAAQ,OAAO,WAAW,kBAAkB;CAChD,IAAI;CAOJ,MAAM,YAAY,IAAI,QAAQ,IAAI,eAAe;AACjD,KAAI,aAAa,OAAO,sBAAsB,QAAQ;EACpD,MAAM,cAAc,sBAClB,mBACA,WACA,OAAO,qBACR;AACD,MAAI,aAAa;GACf,MAAM,cAAc,OAAO,WAAW,YAAY,eAAe;AACjE,OAAI,aAAa;AACf,YAAQ;AACR,mBAAe,EAAE,gBAAgB,mBAAmB;;;;AAK1D,KAAI,CAAC,OAAO;AAGV,MAAI,OAAO,eAAe;GACxB,MAAM,kBAAkB,IAAI,SAAS;AACrC,UAAO,wBAAwB,MAAM,OAAO,cAAc,KAAK,gBAAgB,CAAC;;AAElF,SAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;CAK5C,MAAM,kBAAkB,IAAI,SAAS;CACrC,MAAM,uBAAuB,IAAI,SAAS;AAM1C,iBAAgB,IAAI,iBAAiB,0DAA0D;AAM/F,KAAI,OAAO,WACT,KAAI;AACF,QAAM,OAAO,WAAW,OAAO,KAAK,gBAAgB;UAC7C,KAAK;AACZ,UAAQ,KAAK,yBAAyB;;AAQ1C,KAAI;AACF,QAAM,oBAAoB,MAAM;UACzB,OAAO;AACd,MAAI,iBAAiB,oBAAoB;GAGvC,MAAM,cAAc,MAAM,SAAS,MAAM,SAAS,SAAS;AAC3D,OAAK,YAAoC,SAAS,CAAE,YAAmC,KACrF,QAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;AAK5C,OAAI,OAAO,cACT,QAAO,wBAAwB,MAAM,OAAO,cAAc,KAAK,gBAAgB,CAAC;AAElF,UAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;AAE5C,QAAM;;AAMR,kBAAiB,MAAM,cAAc;AAmBrC,QAAO,kBAAkB,QAVvB,CAFqB,uBAAuB,IAAI,IAE7B,MAAM,gBAAgB,SAAS,IAC9C,MAAM,mBAAmB,QAAQ,KAAK,OAAO,iBAAiB,sBAAsB;EAClF;EACA;EACD,CAAC,GACF,MAAM,eAAe,QAAQ,KAAK,OAAO,iBAAiB,sBAAsB;EAC9E;EACA;EACD,CAAC,EAEkC;EACxC;EACA;EACA;EACA;EACA;EACD,CAAC;;;;;;;;;;;;;;AClMJ,SAAgB,eAAe,QAA6D;CAK1F,MAAM,gBAAgB,kBAAkB,OAAO,MAAM;CACrD,MAAM,gBAAgB,OAAO,iBAAiB;CAC9C,MAAM,eAAe,OAAO,gBAAgB;CAI5C,IAAI,iBAAiB;AAErB,QAAO,OAAO,QAAoC;EAChD,MAAM,MAAM,IAAI,IAAI,IAAI,IAAI;EAC5B,MAAM,SAAS,IAAI;EACnB,MAAM,OAAO,IAAI;EACjB,MAAM,YAAY,YAAY,KAAK;AACnC;AAOA,SAAO,eAFc,iBAAiB,EAEF,YAAY;AAG9C,UAAO,sBAAsB,KAAK,YAAY;IAG5C,MAAM,aAAa,YAAY;AAC7B,wBAAmB;MAAE;MAAQ;MAAM,CAAC;KAEpC,MAAM,WAAW,MAAM,SACrB,uBACA;MAAE,uBAAuB;MAAQ,YAAY;MAAM,EACnD,YAAY;MAGV,MAAM,UAAU,MAAM,gBAAgB;AACtC,UAAI,QACF,gBAAe,QAAQ,SAAS,QAAQ,OAAO;MAGjD,IAAI;AACJ,UAAI,cAEF,UAAS,MAAM,kBAAkB,QADjB,MAAM,cAAc,QAAQ,eAAe,KAAK,QAAQ,KAAK,EAC3B;OAAE;OAAK;OAAQ;OAAM,CAAC;UAExE,UAAS,MAAM,cAAc,QAAQ,KAAK,QAAQ,KAAK;AAKzD,YAAM,iBAAiB,6BAA6B,OAAO,OAAO;AAOlE,UAAI,iBAAiB,YAAY;OAE/B,MAAM,eAAe,uBAAuB;AAC5C,WAAI,aACF,QAAO,QAAQ,IAAI,iBAAiB,aAAa;iBAE1C,iBAAiB,SAAS;OAInC,MAAM,UAAU,KAAK,MAAM,YAAY,KAAK,GAAG,UAAU;AACzD,cAAO,QAAQ,IAAI,iBAAiB,aAAa,UAAU;;AAI7D,aAAO;OAEV;KAGD,MAAM,aAAa,KAAK,MAAM,YAAY,KAAK,GAAG,UAAU;KAC5D,MAAM,SAAS,SAAS;KACxB,MAAM,cAAc;AACpB;AACA,yBAAoB;MAAE;MAAQ;MAAM;MAAQ;MAAY;MAAa,CAAC;AAEtE,SAAI,gBAAgB,KAAK,aAAa,cACpC,gBAAe;MAAE;MAAQ;MAAM;MAAY,WAAW;MAAe;MAAa,CAAC;AAGrF,YAAO;;AAGT,WAAO,iBAAiB,aAAa,uBAAuB,WAAW,GAAG,YAAY;KACtF;IACF;;;;;;;;;;;AC3PN,SAAgB,gBAAgB,UAA8B,UAAmC;CAC/F,MAAM,uBAAO,IAAI,KAAa;CAC9B,MAAM,SAAmB,EAAE;AAE3B,MAAK,MAAM,WAAW,SACpB,MAAK,MAAM,QAAQ,CAAC,QAAQ,QAAQ,QAAQ,KAAK,EAAE;AACjD,MAAI,CAAC,KAAM;EACX,MAAM,WAAW,SAAS,IAAI,KAAK;AACnC,MAAI,CAAC,SAAU;AACf,OAAK,MAAM,OAAO,SAChB,KAAI,CAAC,KAAK,IAAI,IAAI,EAAE;AAClB,QAAK,IAAI,IAAI;AACb,UAAO,KAAK,IAAI;;;AAMxB,QAAO;;;;;;;;AAwCT,SAAgB,kBACd,UACA,UACqB;CACrB,MAAM,uBAAO,IAAI,KAAa;CAC9B,MAAM,SAA8B,EAAE;AAEtC,MAAK,MAAM,WAAW,SACpB,MAAK,MAAM,QAAQ,CAAC,QAAQ,QAAQ,QAAQ,KAAK,EAAE;AACjD,MAAI,CAAC,KAAM;EACX,MAAM,QAAQ,SAAS,MAAM,KAAK;AAClC,MAAI,CAAC,MAAO;AACZ,OAAK,MAAM,SAAS,MAClB,KAAI,CAAC,KAAK,IAAI,MAAM,KAAK,EAAE;AACzB,QAAK,IAAI,MAAM,KAAK;AACpB,UAAO,KAAK,MAAM;;;AAM1B,QAAO;;;;;;;;AA8DT,SAAgB,2BACd,UACA,UACU;CACV,MAAM,uBAAO,IAAI,KAAa;CAC9B,MAAM,SAAmB,EAAE;AAE3B,MAAK,MAAM,WAAW,SACpB,MAAK,MAAM,QAAQ,CAAC,QAAQ,QAAQ,QAAQ,KAAK,EAAE;AACjD,MAAI,CAAC,KAAM;EACX,MAAM,WAAW,SAAS,cAAc,KAAK;AAC7C,MAAI,CAAC,SAAU;AACf,OAAK,MAAM,OAAO,SAChB,KAAI,CAAC,KAAK,IAAI,IAAI,EAAE;AAClB,QAAK,IAAI,IAAI;AACb,UAAO,KAAK,IAAI;;;AAMxB,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACnJT,SAAgB,iBAAiB,MAAyB;AAGxD,KAAI,KAAK,OAAO,KAAA,GAAW;EACzB,IAAI,QAAQ,IAAI,KAAK,KAAK,QAAQ,KAAK,GAAG,QAAQ,KAAK;AACvD,MAAI,KAAK,gBAAgB,KAAA,EAAW,UAAS,iBAAiB,KAAK;AACnE,MAAI,KAAK,kBAAkB,KAAA,EAAW,UAAS,mBAAmB,KAAK;AACvE,SAAO;;CAGT,IAAI,QAAQ,IAAI,KAAK,KAAK,SAAS,KAAK;AACxC,KAAI,KAAK,gBAAgB,KAAA,EAAW,UAAS,iBAAiB,KAAK;AACnE,KAAI,KAAK,kBAAkB,KAAA,EAAW,UAAS,mBAAmB,KAAK;AACvE,QAAO;;;;;;;;;;;;;;;;;;;AA4BT,SAAgB,wBACd,UACA,UACA,SACU;CACV,MAAM,SAAmB,EAAE;CAK3B,MAAM,2BAAW,IAAI,KAAa;CAElC,MAAM,OAAO,KAAa,WAAmB;AAC3C,MAAI,CAAC,SAAS,IAAI,IAAI,EAAE;AACtB,YAAS,IAAI,IAAI;AACjB,UAAO,KAAK,OAAO;;;AAKvB,MAAK,MAAM,OAAO,gBAAgB,UAAU,SAAS,CACnD,KAAI,KAAK,iBAAiB;EAAE,MAAM;EAAK,KAAK;EAAW,IAAI;EAAS,CAAC,CAAC;AAMxE,MAAK,MAAM,OAAO,SAAS,IAAI,cAAc,EAAE,CAC7C,KAAI,KAAK,iBAAiB;EAAE,MAAM;EAAK,KAAK;EAAW,IAAI;EAAS,CAAC,CAAC;AAIxE,MAAK,MAAM,QAAQ,kBAAkB,UAAU,SAAS,CACtD,KACE,KAAK,MACL,iBAAiB;EAAE,MAAM,KAAK;EAAM,KAAK;EAAW,IAAI;EAAQ,aAAa;EAAa,CAAC,CAC5F;AAIH,KAAI,CAAC,SAAS,OACZ,MAAK,MAAM,OAAO,2BAA2B,UAAU,SAAS,CAC9D,KAAI,KAAK,iBAAiB;EAAE,MAAM;EAAK,KAAK;EAAiB,CAAC,CAAC;AAInE,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACjIT,SAAgB,wBAA2B,QAA4B,IAAgB;AACrF,QAAO,oBAAoB,IAAI,QAAQ,GAAG;;;;;;;;;;AAW5C,SAAgB,kBAAkB,OAAuB;AACvD,KAAI,CAAC,MAAM,OAAQ;CACnB,MAAM,SAAS,oBAAoB,UAAU;AAC7C,KAAI,CAAC,OAAQ;AACb,KAAI;AACF,SAAO,MAAM;UACN,KAAK;AACZ,UAAQ,KAAK,8BAA8B;;;;;ACI/C,IAAM,+BAAoD,IAAI,IAAI;CATnC,OAAO,IAAI,oBAAoB;CACtC,OAAO,IAAI,aAAa;CACxB,OAAO,IAAI,aAAa;CACpB,OAAO,IAAI,iBAAiB;CAC7B,OAAO,IAAI,gBAAgB;CAC1B,OAAO,IAAI,iBAAiB;CACvB,OAAO,IAAI,sBAAsB;CAC9B,OAAO,IAAI,yBAAyB;CAWvE,CAAC;;;;;;;;;;;;;;;;;;;AAoBF,SAAS,mBAAmB,OAA0C;AACpE,KAAI,OAAO,UAAU,WAAY,QAAO;AACxC,KAAI,OAAO,UAAU,YAAY,UAAU,KAAM,QAAO;CACxD,MAAM,SAAU,MAAiC;AACjD,QAAO,OAAO,WAAW,YAAY,6BAA6B,IAAI,OAAO;;;;;;;;;;;;;;AA+I/E,eAAsB,iBAAiB,QAAqD;CAC1F,MAAM,EAAE,UAAU,YAAY,eAAe,2BAA2B;AAExE,KAAI,SAAS,WAAW,EACtB,OAAM,IAAI,MAAM,iDAAiD;CAGnE,MAAM,OAAO,SAAS,SAAS,SAAS;AAGxC,KAAI,KAAK,SAAS,CAAC,KAAK,KACtB,QAAO;EAAE,MAAM;EAAM,YAAY;EAAM;CAKzC,MAAM,iBADa,KAAK,OAAO,MAAM,WAAW,KAAK,KAAK,GAAG,OAC3B;AAElC,KAAI,CAAC,cACH,OAAM,IAAI,MACR,iDAAiD,KAAK,QAAQ,gDAE/D;CAIH,IAAI,UAAqB,cAAc,eAAe,EAAE,CAAC;AAGzD,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,UAAU,SAAS;AAGzB,YAAU,MAAM,wBACd,SACA,SACA,YACA,eACA,uBACD;AAGD,MAAI,QAAQ,QAAQ;GAElB,MAAM,YADe,MAAM,WAAW,QAAQ,OAAO,EACvB;AAC9B,aAAU,cAAc,sBAAsB;IAC5C;IACA,aAAa,QAAQ;IACrB,UAAU;IACX,CAA2B;;AAI9B,MAAI,QAAQ,QAAQ;GAElB,MAAM,mBADe,MAAM,WAAW,QAAQ,OAAO,EAChB;AAErC,OAAI,iBAAiB;IAEnB,MAAM,YAAuC,EAAE;IAC/C,MAAM,YAAY,OAAO,KAAK,QAAQ,MAAM;AAC5C,QAAI,UAAU,SAAS,EACrB,MAAK,MAAM,YAAY,WAAW;KAChC,MAAM,WAAW,QAAQ,MAAM;AAC/B,eAAU,YAAY,MAAM,iBAC1B,UACA,YACA,eACA,uBACD;;AAIL,cAAU,cAAc,iBAAiB;KACvC,GAAG;KACH,UAAU;KACX,CAAC;;;;AAKR,QAAO;EAAE,MAAM;EAAS,YAAY;EAAO;;;;;;;;AAW7C,eAAe,iBACb,UACA,YACA,eACA,wBACoB;CAGpB,MAAM,iBADa,SAAS,OAAO,MAAM,WAAW,SAAS,KAAK,GAAG,OACnC;CAIlC,MAAM,oBADgB,SAAS,UAAU,MAAM,WAAW,SAAS,QAAQ,GAAG,OACtC;AAGxC,KAAI,CAAC,cACH,QAAO,mBAAmB,cAAc,kBAAkB,EAAE,CAAC,GAAG;CAGlE,IAAI,UAAqB,cAAc,eAAe,EAAE,CAAC;AAGzD,WAAU,MAAM,wBACd,UACA,SACA,YACA,eACA,uBACD;AAGD,KAAI,SAAS,QAAQ;EAEnB,MAAM,YADe,MAAM,WAAW,SAAS,OAAO,EACxB;EAK9B,MAAM,mBADe,SAAS,SAAS,MAAM,WAAW,SAAS,OAAO,GAAG,OACpC,WAA2C;EAElF,MAAM,kBAAkB,mBAAmB,cAAc,kBAAkB,EAAE,CAAC,GAAG;AAEjF,YAAU,cAAc,2BAA2B;GACjD;GACA;GACA,UAAU,SAAS,YAAY,QAAQ,MAAM,GAAG;GAChD;GACA;GACA,UAAU;GACX,CAA+B;;AAGlC,QAAO;;;AAMT,IAAM,iBAAiB,IAAI,IAAI,CAAC,OAAO,KAAK,CAAC;;;;;;;AAQ7C,SAAS,UAAU,MAA0B;AAC3C,QAAO,eAAe,IAAI,KAAK,UAAU;;;;;;;;;;;;;;;;;;AAmB3C,eAAe,wBACb,SACA,SACA,YACA,eACA,wBACoB;AAIpB,KAAI,QAAQ,aAAa;AAEvB,OAAK,MAAM,CAAC,KAAK,SAAS,OAAO,QAAQ,QAAQ,YAAY,CAC3D,KAAI,QAAQ,SAAS,QAAQ,OAAO;GAClC,MAAM,SAAS,SAAS,KAAK,GAAG;AAChC,OAAI,CAAC,MAAM,OAAO,EAAE;IAClB,MAAM,MAAM,MAAM,WAAW,KAAK;IAIlC,MAAM,YAAY,mBAAmB,IAAI,QAAQ,GAAG,IAAI,UAAU;AAClE,QAAI,UAYF,WAAU,cAAc,wBAXkB,UAAU,KAAK,GACrD;KACE,iBAAiB,cAAc,WAAW,EAAE,QAAQ,CAAC;KACrD;KACA,UAAU;KACX,GACD;KACE,mBAAmB;KACnB;KACA,UAAU;KACX,CACyD;;;AAOtE,OAAK,MAAM,CAAC,KAAK,SAAS,OAAO,QAAQ,QAAQ,YAAY,CAC3D,KAAI,QAAQ,SAAS,QAAQ,OAAO;GAClC,MAAM,MAAM,MAAM,WAAW,KAAK;GAClC,MAAM,YAAY,mBAAmB,IAAI,QAAQ,GAAG,IAAI,UAAU;AAClE,OAAI,WAAW;IACb,MAAM,iBAAiB,QAAQ,QAAQ,MAAM;AAY7C,cAAU,cAAc,wBAXkB,UAAU,KAAK,GACrD;KACE,iBAAiB,cAAc,WAAW,EAAE,CAAC;KAC7C,QAAQ;KACR,UAAU;KACX,GACD;KACE,mBAAmB;KACnB,QAAQ;KACR,UAAU;KACX,CACyD;;;;AAStE,KAAI,QAAQ,OAAO;EACjB,MAAM,cAAc,MAAM,WAAW,QAAQ,MAAM;EACnD,MAAM,iBAAiB,mBAAmB,YAAY,QAAQ,GAAG,YAAY,UAAU;AACvF,MAAI,eAUF,WAAU,cAAc,wBATkB,UAAU,QAAQ,MAAM,GAC9D;GACE,iBAAiB,cAAc,gBAAgB,EAAE,CAAC;GAClD,UAAU;GACX,GACD;GACE,mBAAmB;GACnB,UAAU;GACX,CACyD;;AAIlE,QAAO;;;;;ACtZT,IAAM,wBAAgD,OAAO,YAC3D,OAAO,QAR6C;CACpD,aAAa;CACb,aAAa;CACb,gBAAgB;CACjB,CAIsC,CAAC,KAAK,CAAC,MAAM,YAAY,CAAC,QAAQ,KAAK,CAAC,CAC9E;;;;;;;;AAWD,SAAS,cACP,OACA,WACA,aACA,cACA,QACoC;AACpC,KAAI,CAAC,MAAO,QAAO;CACnB,MAAM,QAAQ,MAAM;AACpB,KAAI,MAAO,QAAO;EAAE,MAAM;EAAO;EAAQ,MAAM;EAAS;EAAc;CACtE,MAAM,WAAW,MAAM;AACvB,KAAI,SAAU,QAAO;EAAE,MAAM;EAAU;EAAQ,MAAM;EAAY;EAAc;AAC/E,QAAO;;;;;;;AAQT,SAAS,aACP,OACA,QACA,cACoC;AACpC,KAAI,CAAC,MAAO,QAAO;CACnB,MAAM,OAAO,sBAAsB;AACnC,KAAI,CAAC,KAAM,QAAO;CAClB,MAAM,OAAO,MAAM;AACnB,QAAO,OAAO;EAAE;EAAM;EAAQ,MAAM;EAAU;EAAc,GAAG;;;;;;;;;;;;;AAgBjE,SAAgB,kBACd,QACA,UACA,SAA2B,aACS;AACpC,KAAI,SAAS,OAAO,SAAS,IAAK,QAAO;AACzC,KAAI,WAAW,OAAQ,QAAO,YAAY,QAAQ,SAAS;AAC3D,KAAI,UAAU,IAAK,QAAO,WAAW,QAAQ,SAAS;AACtD,QAAO,WAAW,QAAQ,SAAS;;;;;;;;;;;;;;;AAgBrC,SAAS,WACP,QACA,UACoC;CACpC,MAAM,YAAY,OAAO,OAAO;AAEhC,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,IAAI,cAAc,SAAS,GAAG,aAAa,WAAW,OAAO,GAAG,OAAO;AAC7E,MAAI,EAAG,QAAO;;AAGhB,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,IAAI,aAAa,SAAS,GAAG,mBAAmB,QAAQ,EAAE;AAChE,MAAI,EAAG,QAAO;;AAGhB,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,YAAY,SAAS,GAAG;AAC9B,MAAI,UACF,QAAO;GAAE,MAAM;GAAW;GAAQ,MAAM;GAAS,cAAc;GAAG;;AAItE,QAAO;;;;;;;;;AAUT,SAAS,WACP,QACA,UACoC;CACpC,MAAM,YAAY,OAAO,OAAO;AAEhC,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,UAAU,SAAS;EACzB,MAAM,IAAI,cAAc,QAAQ,aAAa,WAAW,OAAO,GAAG,OAAO;AACzE,MAAI,EAAG,QAAO;AACd,MAAI,QAAQ,MACV,QAAO;GAAE,MAAM,QAAQ;GAAO;GAAQ,MAAM;GAAS,cAAc;GAAG;;AAI1E,QAAO;;;;;;;;;AAUT,SAAS,YACP,QACA,UACoC;CACpC,MAAM,YAAY,OAAO,OAAO;CAChC,MAAM,cAAc,UAAU,MAAM,QAAQ;AAE5C,MAAK,IAAI,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;EAC7C,MAAM,IAAI,cAAc,SAAS,GAAG,iBAAiB,WAAW,aAAa,GAAG,OAAO;AACvF,MAAI,EAAG,QAAO;;AAGhB,QAAO;;;;;;;;;;AAaT,SAAgB,kBACd,UACoC;CACpC,MAAM,WAAW,SAAS,YAAY,QAAQ,MAAM,GAAG;AAEvD,KAAI,SAAS,OACX,QAAO;EAAE,MAAM,SAAS;EAAQ;EAAU,MAAM;EAAU;AAG5D,KAAI,SAAS,QACX,QAAO;EAAE,MAAM,SAAS;EAAS;EAAU,MAAM;EAAW;AAG9D,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACjLT,eAAsB,cACpB,UACA,UAAwB,EAAE,EACJ;CACtB,MAAM,EAAE,kBAAkB,IAAI,SAAS,EAAE,gBAAgB,QAAQ;CAEjE,IAAI;AAIJ,KAAI;AACF,iBAAe,MAAM,UAAU;UACxB,OAAO;AACd,SAAO,aAAa,OAAO,gBAAgB;;AAK7C,KAAI;AACF,QAAM,aAAa;UACZ,OAAO;AACd,SAAO,aAAa,OAAO,gBAAgB;;AAI7C,iBAAgB,IAAI,gBAAgB,2BAA2B;AAE/D,QAAO;EACL,UAAU,IAAI,SAAS,aAAa,QAAQ;GAC1C,QAAQ;GACR,SAAS;GACV,CAAC;EACF,QAAQ;EACR,YAAY;EACZ,UAAU;EACX;;;;;AAQH,SAAS,aAAa,OAAgB,iBAAuC;AAE3E,KAAI,iBAAiB,gBAAgB;AACnC,kBAAgB,IAAI,YAAY,MAAM,SAAS;AAC/C,SAAO;GACL,UAAU,IAAI,SAAS,MAAM;IAC3B,QAAQ,MAAM;IACd,SAAS;IACV,CAAC;GACF,QAAQ,MAAM;GACd,YAAY;GACZ,UAAU;GACX;;AAIH,KAAI,iBAAiB,WACnB,QAAO;EACL,UAAU,IAAI,SAAS,MAAM;GAC3B,QAAQ,MAAM;GACd,SAAS;GACV,CAAC;EACF,QAAQ,MAAM;EACd,YAAY;EACZ,UAAU;EACX;AAIH,KAAI,iBAAiB,YACnB,QAAO;EACL,UAAU,IAAI,SAAS,MAAM;GAC3B,QAAQ,MAAM;GACd,SAAS;GACV,CAAC;EACF,QAAQ,MAAM;EACd,YAAY;EACZ,UAAU;EACX;AAIH,gBAAe;EAAE,QAAQ;EAAI,MAAM;EAAI;EAAO,CAAC;AAC/C,QAAO;EACL,UAAU,IAAI,SAAS,MAAM;GAC3B,QAAQ;GACR,SAAS;GACV,CAAC;EACF,QAAQ;EACR,YAAY;EACZ,UAAU;EACX;;;;;AC5JH,IAAM,eAAe,IAAI,IAAI;CAAC;CAAO;CAAQ;CAAU,CAAC;;;;;;;;;;;AAcxD,SAAgB,aAAa,KAAc,QAAgC;AAEzE,KAAI,aAAa,IAAI,IAAI,OAAO,CAC9B,QAAO,EAAE,IAAI,MAAM;AAIrB,KAAI,OAAO,SAAS,MAClB,QAAO,EAAE,IAAI,MAAM;CAGrB,MAAM,SAAS,IAAI,QAAQ,IAAI,SAAS;AAGxC,KAAI,CAAC,OACH,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;AAInC,KAAI,OAAO,eAET,QADgB,OAAO,eAAe,SAAS,OAAO,GACrC,EAAE,IAAI,MAAM,GAAG;EAAE,IAAI;EAAO,QAAQ;EAAK;CAI5D,MAAM,OAAO,IAAI,QAAQ,IAAI,OAAO;AACpC,KAAI,CAAC,KACH,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;CAInC,IAAI;AACJ,KAAI;AACF,eAAa,IAAI,IAAI,OAAO,CAAC;SACvB;AACN,SAAO;GAAE,IAAI;GAAO,QAAQ;GAAK;;AAGnC,QAAO,eAAe,OAAO,EAAE,IAAI,MAAM,GAAG;EAAE,IAAI;EAAO,QAAQ;EAAK;;;;AC5DxE,IAAM,KAAK;AACX,IAAM,KAAK,OAAO;AAClB,IAAM,KAAK,OAAO;AAElB,IAAa,iBAAiB;CAC5B,gBAAgB,IAAI;CACpB,gBAAgB,KAAK;CACrB,WAAW;CACZ;AAED,IAAM,eAAe;;AAGrB,SAAgB,cAAc,MAAsB;CAClD,MAAM,QAAQ,aAAa,KAAK,KAAK,MAAM,CAAC;AAC5C,KAAI,CAAC,MACH,OAAM,IAAI,MACR,8BAA8B,KAAK,oDACpC;CAGH,MAAM,QAAQ,OAAO,WAAW,MAAM,GAAG;CACzC,MAAM,QAAQ,MAAM,MAAM,IAAI,aAAa;AAE3C,SAAQ,MAAR;EACE,KAAK,KACH,QAAO,KAAK,MAAM,QAAQ,GAAG;EAC/B,KAAK,KACH,QAAO,KAAK,MAAM,QAAQ,GAAG;EAC/B,KAAK,KACH,QAAO,KAAK,MAAM,QAAQ,GAAG;EAC/B,KAAK,GACH,QAAO,KAAK,MAAM,MAAM;EAC1B,QACE,OAAM,IAAI,MAAM,uBAAuB,KAAK,GAAG;;;;AAKrD,SAAgB,kBACd,KACA,MACA,QACiB;CACjB,MAAM,gBAAgB,IAAI,QAAQ,IAAI,iBAAiB;AACvD,KAAI,CAAC,cAGH,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;CAGnC,MAAM,WAAW,OAAO,SAAS,eAAe,GAAG;AACnD,KAAI,OAAO,MAAM,SAAS,CACxB,QAAO;EAAE,IAAI;EAAO,QAAQ;EAAK;AAInC,QAAO,YADO,aAAa,MAAM,OAAO,GACb,EAAE,IAAI,MAAM,GAAG;EAAE,IAAI;EAAO,QAAQ;EAAK;;;;;AAetE,SAAS,aAAa,MAAgB,QAAkC;CACtE,MAAM,aAAa,OAAO;AAE1B,KAAI,SAAS,SACX,QAAO,YAAY,iBACf,cAAc,WAAW,eAAe,GACxC,eAAe;AAGrB,QAAO,YAAY,iBACf,cAAc,WAAW,eAAe,GACxC,eAAe;;;;;ACzErB,IAAM,eAA6B;CAAC;CAAO;CAAQ;CAAO;CAAS;CAAU;CAAQ;CAAU;;;;;;;;;AAY/F,SAAgB,sBAAsB,KAAgC;CACpE,MAAM,UAAwB,EAAE;AAEhC,MAAK,MAAM,UAAU,cAAc;AACjC,MAAI,WAAW,UAAU,WAAW,UAAW;AAC/C,MAAI,IAAI,QACN,SAAQ,KAAK,OAAO;;AAKxB,KAAI,IAAI,OAAO,CAAC,IAAI,KAClB,SAAQ,KAAK,OAAO;UACX,IAAI,KACb,SAAQ,KAAK,OAAO;AAItB,KAAI,CAAC,IAAI,QACP,SAAQ,KAAK,UAAU;KAEvB,SAAQ,KAAK,UAAU;AAGzB,QAAO;;;;;;;;AAWT,eAAsB,mBAAmB,KAAkB,KAAsC;CAC/F,MAAM,SAAS,IAAI,IAAI,OAAO,aAAa;CAE3C,MAAM,cADU,sBAAsB,IAAI,CACd,KAAK,KAAK;AAGtC,KAAI,WAAW,WAAW;AACxB,MAAI,IAAI,QACN,QAAO,WAAW,IAAI,SAAS,IAAI;AAErC,SAAO,IAAI,SAAS,MAAM;GACxB,QAAQ;GACR,SAAS,EAAE,OAAO,aAAa;GAChC,CAAC;;AAIJ,KAAI,WAAW,QAAQ;AACrB,MAAI,IAAI,KACN,QAAO,WAAW,IAAI,MAAM,IAAI;AAElC,MAAI,IAAI,KAAK;GACX,MAAM,MAAM,MAAM,WAAW,IAAI,KAAK,IAAI;AAE1C,UAAO,IAAI,SAAS,MAAM;IACxB,QAAQ,IAAI;IACZ,SAAS,IAAI;IACd,CAAC;;;CAKN,MAAM,UAAU,IAAI;AACpB,KAAI,CAAC,QACH,QAAO,IAAI,SAAS,MAAM;EACxB,QAAQ;EACR,SAAS,EAAE,OAAO,aAAa;EAChC,CAAC;AAGJ,QAAO,WAAW,SAAS,IAAI;;;;;AAMjC,eAAe,WAAW,SAAuB,KAAsC;AACrF,KAAI;AAEF,SAAO,qBADK,MAAM,QAAQ,IAAI,EACG,IAAI,QAAQ;UACtC,OAAO;AACd,gBAAc;GAAE,QAAQ,IAAI,IAAI;GAAQ,MAAM,IAAI,IAAI,IAAI,IAAI,IAAI,CAAC;GAAU;GAAO,CAAC;AACrF,SAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;;;;;;;AAS9C,SAAS,qBAAqB,KAAe,YAA+B;CAE1E,IAAI,gBAAgB;AACpB,YAAW,cAAc;AACvB,kBAAgB;GAChB;AACF,KAAI,CAAC,cAAe,QAAO;CAM3B,MAAM,SAAS,IAAI,SAAS;AAC5B,YAAW,SAAS,OAAO,QAAQ;AACjC,MAAI,IAAI,aAAa,KAAK,aACxB,QAAO,OAAO,KAAK,MAAM;MAEzB,QAAO,IAAI,KAAK,MAAM;GAExB;CAGF,MAAM,aAAa,IAAI,QAAQ,cAAc;AAC7C,MAAK,MAAM,UAAU,WACnB,QAAO,OAAO,cAAc,OAAO;AAErC,KAAI,QAAQ,SAAS,OAAO,QAAQ;AAClC,MAAI,IAAI,aAAa,KAAK,aACxB,QAAO,IAAI,KAAK,MAAM;GAExB;AAEF,QAAO,IAAI,SAAS,IAAI,MAAM;EAC5B,QAAQ,IAAI;EACZ,YAAY,IAAI;EAChB,SAAS;EACV,CAAC;;;;;;;;;;;;;;;;;;;AC3JJ,IAAa,qBAAb,cAAwC,MAAM;CAC5C;CAEA,YAAY,WAAmB,SAAkB;EAC/C,MAAM,UAAU,UACZ,wBAAwB,UAAU,MAAM,YACxC,wBAAwB,UAAU;AACtC,QAAM,QAAQ;AACd,OAAK,OAAO;AACZ,OAAK,YAAY"}