@vertz/ui-server 0.2.30 → 0.2.31

package/dist/index.js

@@ -1,10 +1,15 @@
+import {
+  createSSRHandler
+} from "./shared/chunk-wb5fv233.js";
+import {
+  createNodeHandler
+} from "./shared/chunk-es0406qq.js";
 import {
   collectStreamChunks,
   compileThemeCached,
   createAccessSetScript,
   createRequestContext,
   createSSRDataChunk,
-  createSSRHandler,
   createSessionScript,
   createSlotPlaceholder,
   createTemplateChunk,
@@ -25,7 +30,7 @@ import {
   ssrRenderToString,
   streamToString,
   toPrefetchSession
-} from "./shared/chunk-bd0sgykf.js";
+} from "./shared/chunk-34fexgex.js";
 import {
   clearGlobalSSRTimeout,
   createSSRAdapter,
@@ -39,7 +44,7 @@ import {
   setGlobalSSRTimeout,
   ssrStorage,
   toVNode
-} from "./shared/chunk-gcwqkynf.js";
+} from "./shared/chunk-ybftdw1r.js";
 
 // src/aot-manifest-build.ts
 import { readdirSync, readFileSync } from "node:fs";
@@ -1110,6 +1115,7 @@ export {
   createSSRDataChunk,
   createSSRAdapter,
   createPrefetchManifestManager,
+  createNodeHandler,
   createHoles,
   createAotManifestManager,
   createAccessSetScript,

package/dist/node-handler.d.ts

@@ -0,0 +1,170 @@
+import { IncomingMessage, ServerResponse } from "node:http";
+import { FontFallbackMetrics as FontFallbackMetrics3 } from "@vertz/ui";
+import { CompiledRoute, Theme } from "@vertz/ui";
+interface SSRModule {
+	default?: () => unknown;
+	App?: () => unknown;
+	theme?: Theme;
+	/** Global CSS strings to include in every SSR response (e.g. resets, body styles). */
+	styles?: string[];
+	/**
+	* Return all CSS tracked by the bundled @vertz/ui instance.
+	* The Vite SSR build inlines @vertz/ui into the server bundle, creating
+	* a separate module instance from @vertz/ui-server's dependency. Without
+	* this, component CSS from module-level css() calls is invisible to the
+	* SSR renderer. Export `getInjectedCSS` from @vertz/ui in the app entry.
+	*/
+	getInjectedCSS?: () => string[];
+	/** Compiled routes exported from the app for build-time SSG with generateParams. */
+	routes?: CompiledRoute[];
+	/** Code-generated API client for manifest-driven zero-discovery prefetching. */
+	api?: Record<string, Record<string, (...args: unknown[]) => unknown>>;
+}
+import { ExtractedQuery } from "@vertz/ui-compiler";
+/**
+* SSR prefetch access rule evaluator.
+*
+* Evaluates serialized entity access rules against the current session
+* to determine whether a query should be prefetched during SSR.
+*
+* The serialized rules come from the prefetch manifest (generated at build time).
+* The session comes from the JWT decoded at request time.
+*/
+/**
+* Serialized access rule — the JSON-friendly format stored in the manifest.
+* Mirrors SerializedRule from @vertz/server/auth/rules but defined here
+* to avoid importing the server package into the SSR pipeline.
+*/
+type SerializedAccessRule = {
+	type: "public";
+} | {
+	type: "authenticated";
+} | {
+	type: "role";
+	roles: string[];
+} | {
+	type: "entitlement";
+	value: string;
+} | {
+	type: "where";
+	conditions: Record<string, unknown>;
+} | {
+	type: "all";
+	rules: SerializedAccessRule[];
+} | {
+	type: "any";
+	rules: SerializedAccessRule[];
+} | {
+	type: "fva";
+	maxAge: number;
+} | {
+	type: "deny";
+};
+/** Serialized entity access rules from the prefetch manifest. */
+type EntityAccessMap = Record<string, Partial<Record<string, SerializedAccessRule>>>;
+interface SSRPrefetchManifest {
+	/** Route patterns present in the manifest. */
+	routePatterns: string[];
+	/** Entity access rules keyed by entity name → operation → serialized rule. */
+	entityAccess?: EntityAccessMap;
+	/** Route entries with query binding metadata for zero-discovery prefetch. */
+	routeEntries?: Record<string, {
+		queries: ExtractedQuery[];
+	}>;
+}
+import { AccessSet } from "@vertz/ui/auth";
+interface SessionData {
+	user: {
+		id: string;
+		email: string;
+		role: string;
+		[key: string]: unknown;
+	};
+	/** Unix timestamp in milliseconds (JWT exp * 1000). */
+	expiresAt: number;
+}
+/** Resolved session data for SSR injection. */
+interface SSRSessionInfo {
+	session: SessionData;
+	/**
+	* Access set from JWT acl claim.
+	* - Present (object): inline access set (no overflow)
+	* - null: access control is configured but the set overflowed the JWT
+	* - undefined: access control is not configured
+	*/
+	accessSet?: AccessSet | null;
+}
+/**
+* Callback that extracts session data from a request.
+* Returns null when no valid session exists (expired, missing, or invalid cookie).
+*/
+type SessionResolver = (request: Request) => Promise<SSRSessionInfo | null>;
+interface SSRHandlerOptions {
+	/** The loaded SSR module (import('./dist/server/index.js')) */
+	module: SSRModule;
+	/** HTML template string (contents of dist/client/index.html) */
+	template: string;
+	/** SSR timeout for queries (default: 300ms) */
+	ssrTimeout?: number;
+	/**
+	* Map of CSS asset URLs to their content for inlining.
+	* Replaces `<link rel="stylesheet" href="...">` tags with inline `<style>` tags.
+	* Eliminates extra network requests, preventing FOUC on slow connections.
+	*
+	* @example
+	* ```ts
+	* inlineCSS: { '/assets/vertz.css': await Bun.file('./dist/client/assets/vertz.css').text() }
+	* ```
+	*/
+	inlineCSS?: Record<string, string>;
+	/**
+	* CSP nonce to inject on all inline `<script>` tags emitted during SSR.
+	*
+	* When set, the SSR data hydration script will include `nonce="<value>"`
+	* so that strict Content-Security-Policy headers do not block it.
+	*/
+	nonce?: string;
+	/** Pre-computed font fallback metrics (computed at server startup). */
+	fallbackMetrics?: Record<string, FontFallbackMetrics3>;
+	/** Paths to inject as `<link rel="modulepreload">` in `<head>`. */
+	modulepreload?: string[];
+	/**
+	* Route chunk manifest for per-route modulepreload injection.
+	* When provided, only chunks for the matched route are preloaded instead of all chunks.
+	*/
+	routeChunkManifest?: {
+		routes: Record<string, string[]>;
+	};
+	/** Cache-Control header for HTML responses. Omit or undefined = no header (safe default). */
+	cacheControl?: string;
+	/**
+	* Resolves session data from request cookies for SSR injection.
+	* When provided, SSR HTML includes `window.__VERTZ_SESSION__` and
+	* optionally `window.__VERTZ_ACCESS_SET__` for instant auth hydration.
+	*/
+	sessionResolver?: SessionResolver;
+	/**
+	* Prefetch manifest for single-pass SSR optimization.
+	*
+	* When provided with route entries and an API client export, enables
+	* zero-discovery rendering — queries are prefetched from the manifest
+	* without executing the component tree, then a single render pass
+	* produces the HTML. Without a manifest, SSR still uses the single-pass
+	* discovery-then-render approach (cheaper than two-pass).
+	*/
+	manifest?: SSRPrefetchManifest;
+	/**
+	* Enable progressive HTML streaming. Default: false.
+	*
+	* When true, the Response body is a ReadableStream that sends `<head>`
+	* content (CSS, preloads, fonts) before `<body>` rendering is complete.
+	* This improves TTFB and FCP.
+	*
+	* Has no effect on zero-discovery routes (manifest with routeEntries),
+	* which always use buffered rendering.
+	*/
+	progressiveHTML?: boolean;
+}
+type NodeHandlerOptions = SSRHandlerOptions;
+declare function createNodeHandler(options: NodeHandlerOptions): (req: IncomingMessage, res: ServerResponse) => void;
+export { createNodeHandler, NodeHandlerOptions };

package/dist/node-handler.js

@@ -0,0 +1,8 @@
+import {
+  createNodeHandler
+} from "./shared/chunk-es0406qq.js";
+import"./shared/chunk-34fexgex.js";
+import"./shared/chunk-ybftdw1r.js";
+export {
+  createNodeHandler
+};