@vertz/ui-server 0.2.15 → 0.2.17

package/dist/shared/{chunk-98972e43.js → chunk-c5ee9yf1.js}

@@ -6,7 +6,7 @@ import {
   setGlobalSSRTimeout,
   ssrStorage,
   toVNode
-} from "./chunk-n1arq9xq.js";
+} from "./chunk-9jjdzz8c.js";
 
 // src/html-serializer.ts
 var VOID_ELEMENTS = new Set([
@@ -209,7 +209,7 @@ function createRequestContext(url) {
     contextScope: null,
     entityStore: new EntityStore,
     envelopeStore: new QueryEnvelopeStore,
-    queryCache: new MemoryCache,
+    queryCache: new MemoryCache({ maxSize: Infinity }),
     inflight: new Map,
     queries: [],
     errors: []
@@ -230,9 +230,6 @@ function resolveAppFactory(module) {
   return createApp;
 }
 function collectCSS(themeCss, module) {
-  const themeTag = themeCss ? `<style data-vertz-css>${themeCss}</style>` : "";
-  const globalTags = module.styles ? module.styles.map((s) => `<style data-vertz-css>${s}</style>`).join(`
-`) : "";
   const alreadyIncluded = new Set;
   if (themeCss)
     alreadyIncluded.add(themeCss);
@@ -241,9 +238,12 @@ function collectCSS(themeCss, module) {
       alreadyIncluded.add(s);
   }
   const componentCss = module.getInjectedCSS ? module.getInjectedCSS().filter((s) => !alreadyIncluded.has(s)) : [];
-  const componentStyles = componentCss.map((s) => `<style data-vertz-css>${s}</style>`).join(`
-`);
-  return [themeTag, globalTags, componentStyles].filter(Boolean).join(`
+  const themeTag = themeCss ? `<style data-vertz-css>${themeCss}</style>` : "";
+  const globalTag = module.styles && module.styles.length > 0 ? `<style data-vertz-css>${module.styles.join(`
+`)}</style>` : "";
+  const componentTag = componentCss.length > 0 ? `<style data-vertz-css>${componentCss.join(`
+`)}</style>` : "";
+  return [themeTag, globalTag, componentTag].filter(Boolean).join(`
 `);
 }
 async function ssrRenderToString(module, url, options) {
@@ -251,19 +251,57 @@ async function ssrRenderToString(module, url, options) {
   const ssrTimeout = options?.ssrTimeout ?? 300;
   ensureDomShim();
   const ctx = createRequestContext(normalizedUrl);
+  if (options?.ssrAuth) {
+    ctx.ssrAuth = options.ssrAuth;
+  }
   return ssrStorage.run(ctx, async () => {
     try {
       setGlobalSSRTimeout(ssrTimeout);
       const createApp = resolveAppFactory(module);
       let themeCss = "";
+      let themePreloadTags = "";
       if (module.theme) {
         try {
-          themeCss = compileTheme(module.theme).css;
+          const compiled = compileTheme(module.theme, {
+            fallbackMetrics: options?.fallbackMetrics
+          });
+          themeCss = compiled.css;
+          themePreloadTags = compiled.preloadTags;
         } catch (e) {
           console.error("[vertz] Failed to compile theme export. Ensure your theme is created with defineTheme().", e);
         }
       }
       createApp();
+      if (ctx.ssrRedirect) {
+        return {
+          html: "",
+          css: "",
+          ssrData: [],
+          headTags: "",
+          redirect: ctx.ssrRedirect
+        };
+      }
+      const store = ssrStorage.getStore();
+      if (store) {
+        if (store.pendingRouteComponents?.size) {
+          const entries = Array.from(store.pendingRouteComponents.entries());
+          const results = await Promise.allSettled(entries.map(([route, promise]) => Promise.race([
+            promise.then((mod) => ({ route, factory: mod.default })),
+            new Promise((_, reject) => setTimeout(() => reject(new Error("lazy route timeout")), ssrTimeout))
+          ])));
+          store.resolvedComponents = new Map;
+          for (const result of results) {
+            if (result.status === "fulfilled") {
+              const { route, factory } = result.value;
+              store.resolvedComponents.set(route, factory);
+            }
+          }
+          store.pendingRouteComponents = undefined;
+        }
+        if (!store.resolvedComponents) {
+          store.resolvedComponents = new Map;
+        }
+      }
       const queries = getSSRQueries();
       const resolvedQueries = [];
       if (queries.length > 0) {
@@ -275,7 +313,6 @@ async function ssrRenderToString(module, url, options) {
           }),
           new Promise((r) => setTimeout(r, timeout || ssrTimeout)).then(() => "timeout")
         ])));
-        const store = ssrStorage.getStore();
         if (store)
           store.queries = [];
       }
@@ -288,7 +325,13 @@ async function ssrRenderToString(module, url, options) {
         key,
         data: JSON.parse(JSON.stringify(data))
       })) : [];
-      return { html, css, ssrData };
+      return {
+        html,
+        css,
+        ssrData,
+        headTags: themePreloadTags,
+        discoveredRoutes: ctx.discoveredRoutes
+      };
     } finally {
       clearGlobalSSRTimeout();
     }
@@ -439,17 +482,75 @@ data: ${safeSerialize(entry)}
   });
 }
 
-// src/ssr-handler.ts
-function injectIntoTemplate(template, appHtml, appCss, ssrData, nonce) {
+// src/ssr-access-set.ts
+function getAccessSetForSSR(jwtPayload) {
+  if (!jwtPayload)
+    return null;
+  const acl = jwtPayload.acl;
+  if (!acl)
+    return null;
+  if (acl.overflow)
+    return null;
+  if (!acl.set)
+    return null;
+  return {
+    entitlements: Object.fromEntries(Object.entries(acl.set.entitlements).map(([name, check]) => [
+      name,
+      {
+        allowed: check.allowed,
+        reasons: check.reasons ?? [],
+        ...check.reason ? { reason: check.reason } : {},
+        ...check.meta ? { meta: check.meta } : {}
+      }
+    ])),
+    flags: acl.set.flags,
+    plan: acl.set.plan,
+    computedAt: acl.set.computedAt
+  };
+}
+function createAccessSetScript(accessSet, nonce) {
+  const json = JSON.stringify(accessSet);
+  const escaped = json.replace(/</g, "\\u003c").replace(/\u2028/g, "\\u2028").replace(/\u2029/g, "\\u2029");
+  const nonceAttr = nonce ? ` nonce="${escapeAttr2(nonce)}"` : "";
+  return `<script${nonceAttr}>window.__VERTZ_ACCESS_SET__=${escaped}</script>`;
+}
+function escapeAttr2(s) {
+  return s.replace(/[&"'<>]/g, (c) => `&#${c.charCodeAt(0)};`);
+}
+
+// src/ssr-session.ts
+function createSessionScript(session, nonce) {
+  const json = JSON.stringify(session);
+  const escaped = json.replace(/</g, "\\u003c").replace(/\u2028/g, "\\u2028").replace(/\u2029/g, "\\u2029");
+  const nonceAttr = nonce ? ` nonce="${escapeAttr3(nonce)}"` : "";
+  return `<script${nonceAttr}>window.__VERTZ_SESSION__=${escaped}</script>`;
+}
+function escapeAttr3(s) {
+  return s.replace(/[&"'<>]/g, (c) => `&#${c.charCodeAt(0)};`);
+}
+
+// src/template-inject.ts
+function injectIntoTemplate(options) {
+  const { template, appHtml, appCss, ssrData, nonce, headTags, sessionScript } = options;
   let html;
   if (template.includes("<!--ssr-outlet-->")) {
     html = template.replace("<!--ssr-outlet-->", appHtml);
   } else {
     html = template.replace(/(<div[^>]*id="app"[^>]*>)([\s\S]*?)(<\/div>)/, `$1${appHtml}$3`);
   }
+  if (headTags) {
+    html = html.replace("</head>", `${headTags}
+</head>`);
+  }
   if (appCss) {
+    html = html.replace(/<link\s+rel="stylesheet"\s+href="([^"]+)"[^>]*>/g, (match, href) => `<link rel="stylesheet" href="${href}" media="print" onload="this.media='all'">
+    <noscript>${match}</noscript>`);
     html = html.replace("</head>", `${appCss}
 </head>`);
+  }
+  if (sessionScript) {
+    html = html.replace("</body>", `${sessionScript}
+</body>`);
   }
   if (ssrData.length > 0) {
     const nonceAttr = nonce != null ? ` nonce="${nonce}"` : "";
@@ -459,8 +560,44 @@ function injectIntoTemplate(template, appHtml, appCss, ssrData, nonce) {
   }
   return html;
 }
+
+// src/ssr-handler.ts
+import { compileTheme as compileTheme2 } from "@vertz/ui";
+function sanitizeLinkHref(href) {
+  return href.replace(/[<>,;\s"']/g, (ch) => `%${ch.charCodeAt(0).toString(16).toUpperCase()}`);
+}
+function sanitizeLinkParam(value) {
+  return value.replace(/[^a-zA-Z0-9/_.-]/g, "");
+}
+function buildLinkHeader(items) {
+  return items.map((item) => {
+    const parts = [
+      `<${sanitizeLinkHref(item.href)}>`,
+      "rel=preload",
+      `as=${sanitizeLinkParam(item.as)}`
+    ];
+    if (item.type)
+      parts.push(`type=${sanitizeLinkParam(item.type)}`);
+    if (item.crossorigin)
+      parts.push("crossorigin");
+    return parts.join("; ");
+  }).join(", ");
+}
+function buildModulepreloadTags(paths) {
+  return paths.map((p) => `<link rel="modulepreload" href="${escapeAttr(p)}">`).join(`
+`);
+}
 function createSSRHandler(options) {
-  const { module, ssrTimeout, inlineCSS, nonce } = options;
+  const {
+    module,
+    ssrTimeout,
+    inlineCSS,
+    nonce,
+    fallbackMetrics,
+    modulepreload,
+    cacheControl,
+    sessionResolver
+  } = options;
   let template = options.template;
   if (inlineCSS) {
     for (const [href, css] of Object.entries(inlineCSS)) {
@@ -470,13 +607,46 @@ function createSSRHandler(options) {
       template = template.replace(linkPattern, `<style data-vertz-css>${safeCss}</style>`);
     }
   }
+  let linkHeader;
+  if (module.theme) {
+    const compiled = compileTheme2(module.theme, { fallbackMetrics });
+    if (compiled.preloadItems.length > 0) {
+      linkHeader = buildLinkHeader(compiled.preloadItems);
+    }
+  }
+  const modulepreloadTags = modulepreload?.length ? buildModulepreloadTags(modulepreload) : undefined;
   return async (request) => {
     const url = new URL(request.url);
     const pathname = url.pathname;
     if (request.headers.get("x-vertz-nav") === "1") {
       return handleNavRequest(module, pathname, ssrTimeout);
     }
-    return handleHTMLRequest(module, template, pathname, ssrTimeout, nonce);
+    let sessionScript = "";
+    let ssrAuth;
+    if (sessionResolver) {
+      try {
+        const sessionResult = await sessionResolver(request);
+        if (sessionResult) {
+          ssrAuth = {
+            status: "authenticated",
+            user: sessionResult.session.user,
+            expiresAt: sessionResult.session.expiresAt
+          };
+          const scripts = [];
+          scripts.push(createSessionScript(sessionResult.session, nonce));
+          if (sessionResult.accessSet != null) {
+            scripts.push(createAccessSetScript(sessionResult.accessSet, nonce));
+          }
+          sessionScript = scripts.join(`
+`);
+        } else {
+          ssrAuth = { status: "unauthenticated" };
+        }
+      } catch (resolverErr) {
+        console.warn("[Server] Session resolver failed:", resolverErr instanceof Error ? resolverErr.message : resolverErr);
+      }
+    }
+    return handleHTMLRequest(module, template, pathname + url.search, ssrTimeout, nonce, fallbackMetrics, linkHeader, modulepreloadTags, cacheControl, sessionScript, ssrAuth);
   };
 }
 async function handleNavRequest(module, url, ssrTimeout) {
@@ -502,15 +672,34 @@ data: {}
     });
   }
 }
-async function handleHTMLRequest(module, template, url, ssrTimeout, nonce) {
+async function handleHTMLRequest(module, template, url, ssrTimeout, nonce, fallbackMetrics, linkHeader, modulepreloadTags, cacheControl, sessionScript, ssrAuth) {
   try {
-    const result = await ssrRenderToString(module, url, { ssrTimeout });
-    const html = injectIntoTemplate(template, result.html, result.css, result.ssrData, nonce);
-    return new Response(html, {
-      status: 200,
-      headers: { "Content-Type": "text/html; charset=utf-8" }
+    const result = await ssrRenderToString(module, url, { ssrTimeout, fallbackMetrics, ssrAuth });
+    if (result.redirect) {
+      return new Response(null, {
+        status: 302,
+        headers: { Location: result.redirect.to }
+      });
+    }
+    const allHeadTags = [result.headTags, modulepreloadTags].filter(Boolean).join(`
+`);
+    const html = injectIntoTemplate({
+      template,
+      appHtml: result.html,
+      appCss: result.css,
+      ssrData: result.ssrData,
+      nonce,
+      headTags: allHeadTags || undefined,
+      sessionScript
     });
-  } catch {
+    const headers = { "Content-Type": "text/html; charset=utf-8" };
+    if (linkHeader)
+      headers.Link = linkHeader;
+    if (cacheControl)
+      headers["Cache-Control"] = cacheControl;
+    return new Response(html, { status: 200, headers });
+  } catch (err) {
+    console.error("[SSR] Render failed:", err instanceof Error ? err.message : err);
     return new Response("Internal Server Error", {
       status: 500,
       headers: { "Content-Type": "text/plain" }
@@ -518,4 +707,4 @@ async function handleHTMLRequest(module, template, url, ssrTimeout, nonce) {
   }
 }
 
-export { escapeHtml, escapeAttr, serializeToHtml, resetSlotCounter, createSlotPlaceholder, encodeChunk, streamToString, collectStreamChunks, createTemplateChunk, renderToStream, safeSerialize, getStreamingRuntimeScript, createSSRDataChunk, createRequestContext, ssrRenderToString, ssrDiscoverQueries, createSSRHandler };
+export { escapeHtml, escapeAttr, serializeToHtml, resetSlotCounter, createSlotPlaceholder, encodeChunk, streamToString, collectStreamChunks, createTemplateChunk, renderToStream, safeSerialize, getStreamingRuntimeScript, createSSRDataChunk, createRequestContext, ssrRenderToString, ssrDiscoverQueries, getAccessSetForSSR, createAccessSetScript, createSessionScript, injectIntoTemplate, createSSRHandler };

package/dist/shared/chunk-gggnhyqj.js

@@ -0,0 +1,57 @@
+// @bun
+// src/bun-plugin/image-paths.ts
+import { createHash } from "crypto";
+import { readFileSync } from "fs";
+import { basename, dirname, extname, resolve } from "path";
+var EXT_MAP = {
+  jpeg: ".jpg",
+  jpg: ".jpg",
+  png: ".png",
+  webp: ".webp",
+  gif: ".gif"
+};
+var MIME_MAP = {
+  jpeg: "image/jpeg",
+  jpg: "image/jpeg",
+  png: "image/png",
+  webp: "image/webp",
+  gif: "image/gif"
+};
+var IMG_CONTENT_TYPES = {
+  webp: "image/webp",
+  png: "image/png",
+  jpg: "image/jpeg",
+  jpeg: "image/jpeg",
+  gif: "image/gif",
+  avif: "image/avif"
+};
+function imageContentType(ext) {
+  return ext && IMG_CONTENT_TYPES[ext] || "application/octet-stream";
+}
+function isValidImageName(imgName) {
+  return !imgName.includes("..") && !imgName.includes("\x00");
+}
+function resolveImageSrc(src, sourceFile, projectRoot) {
+  if (src.startsWith("/"))
+    return resolve(projectRoot, src.slice(1));
+  return resolve(dirname(sourceFile), src);
+}
+function computeImageOutputPaths(sourcePath, width, height, quality, fit) {
+  let sourceBuffer;
+  try {
+    sourceBuffer = readFileSync(sourcePath);
+  } catch {
+    return null;
+  }
+  const hash = createHash("sha256").update(sourceBuffer).update(`${width}x${height}q${quality}f${fit}`).digest("hex").slice(0, 12);
+  const name = basename(sourcePath, extname(sourcePath));
+  const ext = extname(sourcePath).slice(1);
+  return {
+    webp1x: `/__vertz_img/${name}-${hash}-${width}w.webp`,
+    webp2x: `/__vertz_img/${name}-${hash}-${width * 2}w.webp`,
+    fallback: `/__vertz_img/${name}-${hash}-${width * 2}w${EXT_MAP[ext] ?? ".jpg"}`,
+    fallbackType: MIME_MAP[ext] ?? "image/jpeg"
+  };
+}
+
+export { imageContentType, isValidImageName, resolveImageSrc, computeImageOutputPaths };

package/dist/ssr/index.d.ts

@@ -1,4 +1,6 @@
-import { Theme } from "@vertz/ui";
+import { CompiledRoute } from "@vertz/ui";
+import { FontFallbackMetrics, Theme } from "@vertz/ui";
+import { SSRAuth as SSRAuth_jq1nwm } from "@vertz/ui/internals";
 interface SSRModule {
 	default?: () => unknown;
 	App?: () => unknown;
@@ -21,6 +23,14 @@ interface SSRRenderResult {
 		key: string;
 		data: unknown;
 	}>;
+	/** Font preload link tags for injection into <head>. */
+	headTags: string;
+	/** Route patterns discovered by createRouter() during SSR (for build-time pre-rendering). */
+	discoveredRoutes?: string[];
+	/** Set when ProtectedRoute writes a redirect during SSR. Server should return 302. */
+	redirect?: {
+		to: string;
+	};
 }
 interface SSRDiscoverResult {
 	resolved: Array<{
@@ -38,6 +48,10 @@ interface SSRDiscoverResult {
 */
 declare function ssrRenderToString(module: SSRModule, url: string, options?: {
 	ssrTimeout?: number;
+	/** Pre-computed font fallback metrics (computed at server startup). */
+	fallbackMetrics?: Record<string, FontFallbackMetrics>;
+	/** Auth state resolved from session cookie. Passed to SSRRenderContext for AuthProvider. */
+	ssrAuth?: SSRAuth_jq1nwm;
 }): Promise<SSRRenderResult>;
 /**
 * Discover queries for a given URL without rendering.
@@ -47,6 +61,83 @@ declare function ssrRenderToString(module: SSRModule, url: string, options?: {
 declare function ssrDiscoverQueries(module: SSRModule, url: string, options?: {
 	ssrTimeout?: number;
 }): Promise<SSRDiscoverResult>;
+interface PrerenderResult {
+	/** The route path that was pre-rendered. */
+	path: string;
+	/** The complete HTML string. */
+	html: string;
+}
+interface PrerenderOptions {
+	/** Route paths to pre-render. */
+	routes: string[];
+	/** CSP nonce for inline scripts. */
+	nonce?: string;
+}
+/**
+* Discover all route patterns from an SSR module.
+*
+* Renders `/` to trigger `createRouter()`, which registers route patterns
+* with the SSR context. Returns the discovered patterns (including dynamic).
+*/
+declare function discoverRoutes(module: SSRModule): Promise<string[]>;
+/**
+* Filter route patterns to only pre-renderable ones.
+*
+* Excludes:
+* - Routes with `:param` segments
+* - Routes with `*` wildcard
+* - Routes with `prerender: false` (looked up in compiledRoutes)
+*/
+declare function filterPrerenderableRoutes(patterns: string[], compiledRoutes?: CompiledRoute[]): string[];
+/**
+* Pre-render a list of routes into complete HTML strings.
+*
+* Routes are rendered sequentially (not in parallel) because the DOM shim
+* uses process-global `document`/`window`. Concurrent renders would interleave.
+*
+* CSS from SSR (theme variables, font-face, global styles) is injected as
+* inline `<style>` tags. The template's `<link>` tags only cover component
+* CSS extracted by the bundler — theme and globals are computed at render time.
+*
+* @throws Error if any route fails to render (with hint about `prerender: false`)
+*/
+declare function prerenderRoutes(module: SSRModule, template: string, options: PrerenderOptions): Promise<PrerenderResult[]>;
+/**
+* Strip `<script>` tags and `<link rel="modulepreload">` from pre-rendered HTML
+* that has no interactive components (no `data-v-island` or `data-v-id` markers).
+*
+* Pages with islands or hydrated components need the client JS; purely static
+* pages (like /manifesto) ship zero JavaScript.
+*/
+declare function stripScriptsFromStaticHTML(html: string): string;
+import { FontFallbackMetrics as FontFallbackMetrics2 } from "@vertz/ui";
+import { AccessSet } from "@vertz/ui/auth";
+interface SessionData {
+	user: {
+		id: string;
+		email: string;
+		role: string;
+		[key: string]: unknown;
+	};
+	/** Unix timestamp in milliseconds (JWT exp * 1000). */
+	expiresAt: number;
+}
+/** Resolved session data for SSR injection. */
+interface SSRSessionInfo {
+	session: SessionData;
+	/**
+	* Access set from JWT acl claim.
+	* - Present (object): inline access set (no overflow)
+	* - null: access control is configured but the set overflowed the JWT
+	* - undefined: access control is not configured
+	*/
+	accessSet?: AccessSet | null;
+}
+/**
+* Callback that extracts session data from a request.
+* Returns null when no valid session exists (expired, missing, or invalid cookie).
+*/
+type SessionResolver = (request: Request) => Promise<SSRSessionInfo | null>;
 interface SSRHandlerOptions {
 	/** The loaded SSR module (import('./dist/server/index.js')) */
 	module: SSRModule;
@@ -72,15 +163,38 @@ interface SSRHandlerOptions {
 	* so that strict Content-Security-Policy headers do not block it.
 	*/
 	nonce?: string;
+	/** Pre-computed font fallback metrics (computed at server startup). */
+	fallbackMetrics?: Record<string, FontFallbackMetrics2>;
+	/** Paths to inject as `<link rel="modulepreload">` in `<head>`. */
+	modulepreload?: string[];
+	/** Cache-Control header for HTML responses. Omit or undefined = no header (safe default). */
+	cacheControl?: string;
+	/**
+	* Resolves session data from request cookies for SSR injection.
+	* When provided, SSR HTML includes `window.__VERTZ_SESSION__` and
+	* optionally `window.__VERTZ_ACCESS_SET__` for instant auth hydration.
+	*/
+	sessionResolver?: SessionResolver;
+}
+declare function createSSRHandler(options: SSRHandlerOptions): (request: Request) => Promise<Response>;
+interface InjectIntoTemplateOptions {
+	template: string;
+	appHtml: string;
+	appCss: string;
+	ssrData: Array<{
+		key: string;
+		data: unknown;
+	}>;
+	nonce?: string;
+	headTags?: string;
+	/** Pre-built session + access set script tags for SSR injection. */
+	sessionScript?: string;
 }
 /**
-* Create a web-standard SSR request handler.
+* Inject SSR output into the HTML template.
 *
-* Handles two types of requests:
-* - X-Vertz-Nav: 1 -> SSE Response with pre-fetched query data
-* - Normal HTML request -> SSR-rendered HTML Response
-*
-* Does NOT serve static files — that's the adapter/platform's job.
+* Replaces <!--ssr-outlet--> or <div id="app"> content with rendered HTML,
+* injects CSS before </head>, and ssrData before </body>.
 */
-declare function createSSRHandler(options: SSRHandlerOptions): (request: Request) => Promise<Response>;
-export { ssrRenderToString, ssrDiscoverQueries, createSSRHandler, SSRRenderResult, SSRModule, SSRHandlerOptions, SSRDiscoverResult };
+declare function injectIntoTemplate(options: InjectIntoTemplateOptions): string;
+export { stripScriptsFromStaticHTML, ssrRenderToString, ssrDiscoverQueries, prerenderRoutes, injectIntoTemplate, filterPrerenderableRoutes, discoverRoutes, createSSRHandler, SSRRenderResult, SSRModule, SSRHandlerOptions, SSRDiscoverResult, PrerenderResult, PrerenderOptions };

package/dist/ssr/index.js

@@ -1,11 +1,88 @@
 import {
   createSSRHandler,
+  injectIntoTemplate,
   ssrDiscoverQueries,
   ssrRenderToString
-} from "../shared/chunk-98972e43.js";
-import"../shared/chunk-n1arq9xq.js";
+} from "../shared/chunk-c5ee9yf1.js";
+import"../shared/chunk-9jjdzz8c.js";
+
+// src/prerender.ts
+async function discoverRoutes(module) {
+  const result = await ssrRenderToString(module, "/");
+  return result.discoveredRoutes ?? [];
+}
+function filterPrerenderableRoutes(patterns, compiledRoutes) {
+  return patterns.filter((pattern) => {
+    if (pattern.includes(":") || pattern.includes("*"))
+      return false;
+    if (compiledRoutes) {
+      const route = findCompiledRoute(compiledRoutes, pattern);
+      if (route?.prerender === false)
+        return false;
+    }
+    return true;
+  });
+}
+async function prerenderRoutes(module, template, options) {
+  const results = [];
+  for (const routePath of options.routes) {
+    let renderResult;
+    try {
+      renderResult = await ssrRenderToString(module, routePath);
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      throw new Error(`Pre-render failed for ${routePath}
+` + `  ${message}
+` + "  Hint: If this route requires runtime data, add `prerender: false` to its route config.");
+    }
+    const html = injectIntoTemplate({
+      template,
+      appHtml: renderResult.html,
+      appCss: renderResult.css,
+      ssrData: renderResult.ssrData,
+      nonce: options.nonce,
+      headTags: renderResult.headTags || undefined
+    });
+    results.push({ path: routePath, html });
+  }
+  return results;
+}
+function stripScriptsFromStaticHTML(html) {
+  if (html.includes("data-v-island") || html.includes("data-v-id")) {
+    return html;
+  }
+  let result = html.replace(/<script\b[^>]*>[\s\S]*?<\/script>/gi, "");
+  result = result.replace(/<script\b[^>]*\/>/gi, "");
+  result = result.replace(/<link\b[^>]*\brel=["']modulepreload["'][^>]*\/?>/gi, "");
+  return result;
+}
+function findCompiledRoute(routes, pattern, prefix = "") {
+  for (const route of routes) {
+    const fullPattern = joinPatterns(prefix, route.pattern);
+    if (fullPattern === pattern)
+      return route;
+    if (route.children) {
+      const found = findCompiledRoute(route.children, pattern, fullPattern);
+      if (found)
+        return found;
+    }
+  }
+  return;
+}
+function joinPatterns(parent, child) {
+  if (!parent || parent === "/")
+    return child;
+  if (child === "/")
+    return parent;
+  return `${parent.replace(/\/$/, "")}/${child.replace(/^\//, "")}`;
+}
 export {
+  stripScriptsFromStaticHTML,
   ssrRenderToString,
   ssrDiscoverQueries,
+  prerenderRoutes,
+  injectIntoTemplate,
+  filterPrerenderableRoutes,
+  discoverRoutes,
   createSSRHandler
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vertz/ui-server",
-  "version": "0.2.15",
+  "version": "0.2.17",
   "type": "module",
   "license": "MIT",
   "description": "Vertz UI server-side rendering runtime",
@@ -56,18 +56,22 @@
   },
   "dependencies": {
     "@ampproject/remapping": "^2.3.0",
+    "@capsizecss/unpack": "^4.0.0",
     "@jridgewell/trace-mapping": "^0.3.31",
-    "@vertz/core": "^0.2.14",
-    "@vertz/ui": "^0.2.14",
-    "@vertz/ui-compiler": "^0.2.14",
+    "@vertz/core": "^0.2.16",
+    "@vertz/ui": "^0.2.16",
+    "@vertz/ui-compiler": "^0.2.16",
     "magic-string": "^0.30.0",
+    "sharp": "^0.34.5",
     "ts-morph": "^27.0.2"
   },
   "devDependencies": {
+    "@vertz/codegen": "^0.2.16",
+    "@vertz/ui-auth": "^0.2.16",
     "bun-types": "^1.3.10",
     "bunup": "^0.16.31",
     "@happy-dom/global-registrator": "^20.8.3",
-    "happy-dom": "^18.0.1",
+    "happy-dom": "^20.8.3",
     "typescript": "^5.7.0"
   },
   "engines": {