@vertz/ui-server 0.2.29 → 0.2.31

package/dist/shared/chunk-es0406qq.js

@@ -0,0 +1,227 @@
+import {
+  escapeAttr,
+  injectIntoTemplate,
+  precomputeHandlerState,
+  resolveRouteModulepreload,
+  resolveSession,
+  safeSerialize,
+  ssrRenderProgressive,
+  ssrRenderSinglePass,
+  ssrStreamNavQueries
+} from "./chunk-34fexgex.js";
+
+// src/node-handler.ts
+function createNodeHandler(options) {
+  const {
+    module,
+    ssrTimeout,
+    nonce,
+    fallbackMetrics,
+    routeChunkManifest,
+    cacheControl,
+    sessionResolver,
+    manifest,
+    progressiveHTML
+  } = options;
+  const { template, linkHeader, modulepreloadTags, splitResult } = precomputeHandlerState(options);
+  const useProgressive = progressiveHTML && splitResult && !(manifest?.routeEntries && Object.keys(manifest.routeEntries).length > 0);
+  return (req, res) => {
+    (async () => {
+      try {
+        const url = req.url ?? "/";
+        if (req.headers["x-vertz-nav"] === "1") {
+          const pathname = url.split("?")[0];
+          await handleNavRequest(req, res, module, pathname, ssrTimeout);
+          return;
+        }
+        let sessionScript = "";
+        let ssrAuth;
+        if (sessionResolver) {
+          const fullUrl = `http://${req.headers.host ?? "localhost"}${url}`;
+          const webRequest = new Request(fullUrl, {
+            method: req.method ?? "GET",
+            headers: req.headers
+          });
+          const result2 = await resolveSession(webRequest, sessionResolver, nonce);
+          sessionScript = result2.sessionScript;
+          ssrAuth = result2.ssrAuth;
+        }
+        if (useProgressive) {
+          await handleProgressiveRequest(req, res, module, splitResult, url, ssrTimeout, nonce, fallbackMetrics, linkHeader, modulepreloadTags, routeChunkManifest, cacheControl, sessionScript, ssrAuth, manifest);
+          return;
+        }
+        const result = await ssrRenderSinglePass(module, url, {
+          ssrTimeout,
+          fallbackMetrics,
+          ssrAuth,
+          manifest
+        });
+        if (result.redirect) {
+          res.writeHead(302, { Location: result.redirect.to });
+          res.end();
+          return;
+        }
+        const resolvedModulepreloadTags = resolveRouteModulepreload(routeChunkManifest, result.matchedRoutePatterns, modulepreloadTags);
+        const allHeadTags = [result.headTags, resolvedModulepreloadTags].filter(Boolean).join(`
+`);
+        const html = injectIntoTemplate({
+          template,
+          appHtml: result.html,
+          appCss: result.css,
+          ssrData: result.ssrData,
+          nonce,
+          headTags: allHeadTags || undefined,
+          sessionScript
+        });
+        const headers = {
+          "Content-Type": "text/html; charset=utf-8"
+        };
+        if (linkHeader)
+          headers.Link = linkHeader;
+        if (cacheControl)
+          headers["Cache-Control"] = cacheControl;
+        res.writeHead(200, headers);
+        res.end(html);
+      } catch (err) {
+        console.error("[SSR] Render failed:", err instanceof Error ? err.message : err);
+        if (!res.headersSent) {
+          res.writeHead(500, { "Content-Type": "text/plain" });
+        }
+        res.end("Internal Server Error");
+      }
+    })();
+  };
+}
+async function handleProgressiveRequest(req, res, module, split, url, ssrTimeout, nonce, fallbackMetrics, linkHeader, staticModulepreloadTags, routeChunkManifest, cacheControl, sessionScript, ssrAuth, manifest) {
+  const result = await ssrRenderProgressive(module, url, {
+    ssrTimeout,
+    fallbackMetrics,
+    ssrAuth,
+    manifest
+  });
+  if (result.redirect) {
+    res.writeHead(302, { Location: result.redirect.to });
+    res.end();
+    return;
+  }
+  const resolvedModulepreloadTags = resolveRouteModulepreload(routeChunkManifest, result.matchedRoutePatterns, staticModulepreloadTags);
+  let headChunk = split.headTemplate;
+  const headCloseIdx = headChunk.lastIndexOf("</head>");
+  if (headCloseIdx !== -1) {
+    const injections = [];
+    if (result.css)
+      injections.push(result.css);
+    if (result.headTags)
+      injections.push(result.headTags);
+    if (resolvedModulepreloadTags)
+      injections.push(resolvedModulepreloadTags);
+    if (sessionScript)
+      injections.push(sessionScript);
+    if (injections.length > 0) {
+      headChunk = headChunk.slice(0, headCloseIdx) + injections.join(`
+`) + `
+` + headChunk.slice(headCloseIdx);
+    }
+  } else {
+    if (result.css)
+      headChunk += result.css;
+    if (result.headTags)
+      headChunk += result.headTags;
+    if (resolvedModulepreloadTags)
+      headChunk += resolvedModulepreloadTags;
+    if (sessionScript)
+      headChunk += sessionScript;
+  }
+  const headers = {
+    "Content-Type": "text/html; charset=utf-8"
+  };
+  if (linkHeader)
+    headers.Link = linkHeader;
+  if (cacheControl)
+    headers["Cache-Control"] = cacheControl;
+  res.writeHead(200, headers);
+  res.write(headChunk);
+  let clientDisconnected = false;
+  req.on("close", () => {
+    clientDisconnected = true;
+  });
+  if (result.renderStream) {
+    const reader = result.renderStream.getReader();
+    let renderError;
+    try {
+      for (;; ) {
+        if (clientDisconnected) {
+          reader.cancel();
+          break;
+        }
+        const { done, value } = await reader.read();
+        if (done)
+          break;
+        const canContinue = res.write(value);
+        if (!canContinue && !clientDisconnected) {
+          await new Promise((resolve) => res.once("drain", resolve));
+        }
+      }
+    } catch (err) {
+      renderError = err instanceof Error ? err : new Error(String(err));
+    } finally {
+      reader.releaseLock();
+    }
+    if (renderError && !clientDisconnected) {
+      console.error("[SSR] Render error after head sent:", renderError.message);
+      const nonceAttr = nonce != null ? ` nonce="${escapeAttr(nonce)}"` : "";
+      const errorScript = `<script${nonceAttr}>document.dispatchEvent(new CustomEvent('vertz:ssr-error',` + `{detail:{message:${safeSerialize(renderError.message)}}}))</script>`;
+      res.write(errorScript);
+    }
+  }
+  if (clientDisconnected)
+    return;
+  let tail = "";
+  if (result.ssrData.length > 0) {
+    const nonceAttr = nonce != null ? ` nonce="${escapeAttr(nonce)}"` : "";
+    tail += `<script${nonceAttr}>window.__VERTZ_SSR_DATA__=${safeSerialize(result.ssrData)};</script>`;
+  }
+  tail += split.tailTemplate;
+  res.end(tail);
+}
+async function handleNavRequest(req, res, module, url, ssrTimeout) {
+  res.writeHead(200, {
+    "Content-Type": "text/event-stream",
+    "Cache-Control": "no-cache"
+  });
+  try {
+    const stream = await ssrStreamNavQueries(module, url, { ssrTimeout });
+    let clientDisconnected = false;
+    req.on("close", () => {
+      clientDisconnected = true;
+    });
+    const reader = stream.getReader();
+    try {
+      for (;; ) {
+        if (clientDisconnected) {
+          reader.cancel();
+          break;
+        }
+        const { done, value } = await reader.read();
+        if (done)
+          break;
+        const canContinue = res.write(value);
+        if (!canContinue && !clientDisconnected) {
+          await new Promise((resolve) => res.once("drain", resolve));
+        }
+      }
+    } finally {
+      reader.releaseLock();
+    }
+  } catch {
+    res.write(`event: done
+data: {}
+
+`);
+  }
+  if (!res.writableEnded) {
+    res.end();
+  }
+}
+
+export { createNodeHandler };

package/dist/shared/chunk-wb5fv233.js

@@ -0,0 +1,216 @@
+import {
+  encodeChunk,
+  escapeAttr,
+  injectIntoTemplate,
+  precomputeHandlerState,
+  resolveRouteModulepreload,
+  resolveSession,
+  safeSerialize,
+  ssrRenderProgressive,
+  ssrRenderSinglePass,
+  ssrStreamNavQueries
+} from "./chunk-34fexgex.js";
+
+// src/ssr-progressive-response.ts
+function buildProgressiveResponse(options) {
+  const { headChunk, renderStream, tailChunk, ssrData, nonce, headers } = options;
+  const stream = new ReadableStream({
+    async start(controller) {
+      controller.enqueue(encodeChunk(headChunk));
+      const reader = renderStream.getReader();
+      let renderError;
+      try {
+        for (;; ) {
+          const { done, value } = await reader.read();
+          if (done)
+            break;
+          controller.enqueue(value);
+        }
+      } catch (err) {
+        renderError = err instanceof Error ? err : new Error(String(err));
+      }
+      if (renderError) {
+        console.error("[SSR] Render error after head sent:", renderError.message);
+        const nonceAttr = nonce != null ? ` nonce="${escapeAttr(nonce)}"` : "";
+        const errorScript = `<script${nonceAttr}>document.dispatchEvent(new CustomEvent('vertz:ssr-error',` + `{detail:{message:${safeSerialize(renderError.message)}}}))</script>`;
+        controller.enqueue(encodeChunk(errorScript));
+      }
+      let tail = "";
+      if (ssrData.length > 0) {
+        const nonceAttr = nonce != null ? ` nonce="${escapeAttr(nonce)}"` : "";
+        tail += `<script${nonceAttr}>window.__VERTZ_SSR_DATA__=${safeSerialize(ssrData)};</script>`;
+      }
+      tail += tailChunk;
+      controller.enqueue(encodeChunk(tail));
+      controller.close();
+    }
+  });
+  const responseHeaders = {
+    "Content-Type": "text/html; charset=utf-8",
+    ...headers
+  };
+  return new Response(stream, { status: 200, headers: responseHeaders });
+}
+
+// src/ssr-handler.ts
+function createSSRHandler(options) {
+  const {
+    module,
+    ssrTimeout,
+    nonce,
+    fallbackMetrics,
+    routeChunkManifest,
+    cacheControl,
+    sessionResolver,
+    manifest,
+    progressiveHTML
+  } = options;
+  const { template, linkHeader, modulepreloadTags, splitResult } = precomputeHandlerState(options);
+  return async (request) => {
+    const url = new URL(request.url);
+    const pathname = url.pathname;
+    if (request.headers.get("x-vertz-nav") === "1") {
+      return handleNavRequest(module, pathname, ssrTimeout);
+    }
+    let sessionScript = "";
+    let ssrAuth;
+    if (sessionResolver) {
+      const result = await resolveSession(request, sessionResolver, nonce);
+      sessionScript = result.sessionScript;
+      ssrAuth = result.ssrAuth;
+    }
+    const useProgressive = progressiveHTML && splitResult && !(manifest?.routeEntries && Object.keys(manifest.routeEntries).length > 0);
+    if (useProgressive) {
+      return handleProgressiveHTMLRequest(module, splitResult, pathname + url.search, ssrTimeout, nonce, fallbackMetrics, linkHeader, modulepreloadTags, routeChunkManifest, cacheControl, sessionScript, ssrAuth, manifest);
+    }
+    return handleHTMLRequest(module, template, pathname + url.search, ssrTimeout, nonce, fallbackMetrics, linkHeader, modulepreloadTags, routeChunkManifest, cacheControl, sessionScript, ssrAuth, manifest);
+  };
+}
+async function handleNavRequest(module, url, ssrTimeout) {
+  try {
+    const stream = await ssrStreamNavQueries(module, url, { ssrTimeout });
+    return new Response(stream, {
+      status: 200,
+      headers: {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache"
+      }
+    });
+  } catch {
+    return new Response(`event: done
+data: {}
+
+`, {
+      status: 200,
+      headers: {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache"
+      }
+    });
+  }
+}
+async function handleProgressiveHTMLRequest(module, split, url, ssrTimeout, nonce, fallbackMetrics, linkHeader, staticModulepreloadTags, routeChunkManifest, cacheControl, sessionScript, ssrAuth, manifest) {
+  try {
+    const result = await ssrRenderProgressive(module, url, {
+      ssrTimeout,
+      fallbackMetrics,
+      ssrAuth,
+      manifest
+    });
+    if (result.redirect) {
+      return new Response(null, {
+        status: 302,
+        headers: { Location: result.redirect.to }
+      });
+    }
+    const modulepreloadTags = resolveRouteModulepreload(routeChunkManifest, result.matchedRoutePatterns, staticModulepreloadTags);
+    let headChunk = split.headTemplate;
+    const headCloseIdx = headChunk.lastIndexOf("</head>");
+    if (headCloseIdx !== -1) {
+      const injections = [];
+      if (result.css)
+        injections.push(result.css);
+      if (result.headTags)
+        injections.push(result.headTags);
+      if (modulepreloadTags)
+        injections.push(modulepreloadTags);
+      if (sessionScript)
+        injections.push(sessionScript);
+      if (injections.length > 0) {
+        headChunk = headChunk.slice(0, headCloseIdx) + injections.join(`
+`) + `
+` + headChunk.slice(headCloseIdx);
+      }
+    } else {
+      if (result.css)
+        headChunk += result.css;
+      if (result.headTags)
+        headChunk += result.headTags;
+      if (modulepreloadTags)
+        headChunk += modulepreloadTags;
+      if (sessionScript)
+        headChunk += sessionScript;
+    }
+    const headers = {};
+    if (linkHeader)
+      headers.Link = linkHeader;
+    if (cacheControl)
+      headers["Cache-Control"] = cacheControl;
+    return buildProgressiveResponse({
+      headChunk,
+      renderStream: result.renderStream,
+      tailChunk: split.tailTemplate,
+      ssrData: result.ssrData,
+      nonce,
+      headers
+    });
+  } catch (err) {
+    console.error("[SSR] Render failed:", err instanceof Error ? err.message : err);
+    return new Response("Internal Server Error", {
+      status: 500,
+      headers: { "Content-Type": "text/plain" }
+    });
+  }
+}
+async function handleHTMLRequest(module, template, url, ssrTimeout, nonce, fallbackMetrics, linkHeader, staticModulepreloadTags, routeChunkManifest, cacheControl, sessionScript, ssrAuth, manifest) {
+  try {
+    const result = await ssrRenderSinglePass(module, url, {
+      ssrTimeout,
+      fallbackMetrics,
+      ssrAuth,
+      manifest
+    });
+    if (result.redirect) {
+      return new Response(null, {
+        status: 302,
+        headers: { Location: result.redirect.to }
+      });
+    }
+    const modulepreloadTags = resolveRouteModulepreload(routeChunkManifest, result.matchedRoutePatterns, staticModulepreloadTags);
+    const allHeadTags = [result.headTags, modulepreloadTags].filter(Boolean).join(`
+`);
+    const html = injectIntoTemplate({
+      template,
+      appHtml: result.html,
+      appCss: result.css,
+      ssrData: result.ssrData,
+      nonce,
+      headTags: allHeadTags || undefined,
+      sessionScript
+    });
+    const headers = { "Content-Type": "text/html; charset=utf-8" };
+    if (linkHeader)
+      headers.Link = linkHeader;
+    if (cacheControl)
+      headers["Cache-Control"] = cacheControl;
+    return new Response(html, { status: 200, headers });
+  } catch (err) {
+    console.error("[SSR] Render failed:", err instanceof Error ? err.message : err);
+    return new Response("Internal Server Error", {
+      status: 500,
+      headers: { "Content-Type": "text/plain" }
+    });
+  }
+}
+
+export { createSSRHandler };

package/dist/shared/{chunk-gcwqkynf.js → chunk-ybftdw1r.js}

@@ -707,4 +707,4 @@ function toVNode(element) {
   return { tag: "span", attrs: {}, children: [String(element)] };
 }
 
-export { ssrStorage, isInSSR, getSSRUrl, registerSSRQuery, getSSRQueries, setGlobalSSRTimeout, clearGlobalSSRTimeout, getGlobalSSRTimeout, SSRNode, SSRComment, rawHtml, SSRTextNode, SSRDocumentFragment, SSRElement, createSSRAdapter, installDomShim, removeDomShim, toVNode };
+export { SSRNode, SSRComment, rawHtml, SSRTextNode, SSRDocumentFragment, SSRElement, createSSRAdapter, ssrStorage, isInSSR, getSSRUrl, registerSSRQuery, getSSRQueries, setGlobalSSRTimeout, clearGlobalSSRTimeout, getGlobalSSRTimeout, installDomShim, removeDomShim, toVNode };

package/dist/ssr/index.d.ts

@@ -128,7 +128,59 @@ declare function stripScriptsFromStaticHTML(html: string): string;
 * - Routes without `prerender` or `generateParams` are not collected
 */
 declare function collectPrerenderPaths(routes: CompiledRoute2[], prefix?: string): Promise<string[]>;
-import { FontFallbackMetrics as FontFallbackMetrics3 } from "@vertz/ui";
+import { FontFallbackMetrics as FontFallbackMetrics4 } from "@vertz/ui";
+import { ExtractedQuery } from "@vertz/ui-compiler";
+/**
+* SSR prefetch access rule evaluator.
+*
+* Evaluates serialized entity access rules against the current session
+* to determine whether a query should be prefetched during SSR.
+*
+* The serialized rules come from the prefetch manifest (generated at build time).
+* The session comes from the JWT decoded at request time.
+*/
+/**
+* Serialized access rule — the JSON-friendly format stored in the manifest.
+* Mirrors SerializedRule from @vertz/server/auth/rules but defined here
+* to avoid importing the server package into the SSR pipeline.
+*/
+type SerializedAccessRule = {
+	type: "public";
+} | {
+	type: "authenticated";
+} | {
+	type: "role";
+	roles: string[];
+} | {
+	type: "entitlement";
+	value: string;
+} | {
+	type: "where";
+	conditions: Record<string, unknown>;
+} | {
+	type: "all";
+	rules: SerializedAccessRule[];
+} | {
+	type: "any";
+	rules: SerializedAccessRule[];
+} | {
+	type: "fva";
+	maxAge: number;
+} | {
+	type: "deny";
+};
+/** Serialized entity access rules from the prefetch manifest. */
+type EntityAccessMap = Record<string, Partial<Record<string, SerializedAccessRule>>>;
+interface SSRPrefetchManifest {
+	/** Route patterns present in the manifest. */
+	routePatterns: string[];
+	/** Entity access rules keyed by entity name → operation → serialized rule. */
+	entityAccess?: EntityAccessMap;
+	/** Route entries with query binding metadata for zero-discovery prefetch. */
+	routeEntries?: Record<string, {
+		queries: ExtractedQuery[];
+	}>;
+}
 import { AccessSet } from "@vertz/ui/auth";
 interface SessionData {
 	user: {
@@ -182,7 +234,7 @@ interface SSRHandlerOptions {
 	*/
 	nonce?: string;
 	/** Pre-computed font fallback metrics (computed at server startup). */
-	fallbackMetrics?: Record<string, FontFallbackMetrics3>;
+	fallbackMetrics?: Record<string, FontFallbackMetrics4>;
 	/** Paths to inject as `<link rel="modulepreload">` in `<head>`. */
 	modulepreload?: string[];
 	/**
@@ -200,6 +252,27 @@ interface SSRHandlerOptions {
 	* optionally `window.__VERTZ_ACCESS_SET__` for instant auth hydration.
 	*/
 	sessionResolver?: SessionResolver;
+	/**
+	* Prefetch manifest for single-pass SSR optimization.
+	*
+	* When provided with route entries and an API client export, enables
+	* zero-discovery rendering — queries are prefetched from the manifest
+	* without executing the component tree, then a single render pass
+	* produces the HTML. Without a manifest, SSR still uses the single-pass
+	* discovery-then-render approach (cheaper than two-pass).
+	*/
+	manifest?: SSRPrefetchManifest;
+	/**
+	* Enable progressive HTML streaming. Default: false.
+	*
+	* When true, the Response body is a ReadableStream that sends `<head>`
+	* content (CSS, preloads, fonts) before `<body>` rendering is complete.
+	* This improves TTFB and FCP.
+	*
+	* Has no effect on zero-discovery routes (manifest with routeEntries),
+	* which always use buffered rendering.
+	*/
+	progressiveHTML?: boolean;
 }
 declare function createSSRHandler(options: SSRHandlerOptions): (request: Request) => Promise<Response>;
 interface InjectIntoTemplateOptions {

package/dist/ssr/index.js

@@ -1,10 +1,12 @@
 import {
-  createSSRHandler,
+  createSSRHandler
+} from "../shared/chunk-wb5fv233.js";
+import {
   injectIntoTemplate,
   ssrDiscoverQueries,
   ssrRenderToString
-} from "../shared/chunk-yr65qdge.js";
-import"../shared/chunk-gcwqkynf.js";
+} from "../shared/chunk-34fexgex.js";
+import"../shared/chunk-ybftdw1r.js";
 
 // src/prerender.ts
 async function discoverRoutes(module) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vertz/ui-server",
-  "version": "0.2.29",
+  "version": "0.2.31",
   "type": "module",
   "license": "MIT",
   "description": "Vertz UI server-side rendering runtime",
@@ -43,6 +43,10 @@
     "./fetch-scope": {
       "import": "./dist/fetch-scope.js",
       "types": "./dist/fetch-scope.d.ts"
+    },
+    "./node": {
+      "import": "./dist/node-handler.js",
+      "types": "./dist/node-handler.d.ts"
     }
   },
   "files": [
@@ -58,15 +62,15 @@
     "@ampproject/remapping": "^2.3.0",
     "@capsizecss/unpack": "^4.0.0",
     "@jridgewell/trace-mapping": "^0.3.31",
-    "@vertz/core": "^0.2.28",
-    "@vertz/ui": "^0.2.28",
-    "@vertz/ui-compiler": "^0.2.28",
+    "@vertz/core": "^0.2.30",
+    "@vertz/ui": "^0.2.30",
+    "@vertz/ui-compiler": "^0.2.30",
     "magic-string": "^0.30.0",
     "sharp": "^0.34.5",
     "ts-morph": "^27.0.2"
   },
   "devDependencies": {
-    "@vertz/codegen": "^0.2.28",
+    "@vertz/codegen": "^0.2.30",
     "@vertz/ui-auth": "^0.2.19",
     "bun-types": "^1.3.10",
     "bunup": "^0.16.31",