@vertz/ui-server 0.2.30 → 0.2.32

package/dist/index.js

@@ -1,10 +1,19 @@
+import {
+  createHoles,
+  createSSRHandler,
+  isAotDebugEnabled,
+  loadAotManifest,
+  ssrRenderAot
+} from "./shared/chunk-gbcsa7h1.js";
+import {
+  createNodeHandler
+} from "./shared/chunk-es0406qq.js";
 import {
   collectStreamChunks,
   compileThemeCached,
   createAccessSetScript,
   createRequestContext,
   createSSRDataChunk,
-  createSSRHandler,
   createSessionScript,
   createSlotPlaceholder,
   createTemplateChunk,
@@ -25,28 +34,30 @@ import {
   ssrRenderToString,
   streamToString,
   toPrefetchSession
-} from "./shared/chunk-bd0sgykf.js";
+} from "./shared/chunk-34fexgex.js";
 import {
   clearGlobalSSRTimeout,
   createSSRAdapter,
   getGlobalSSRTimeout,
   getSSRQueries,
   getSSRUrl,
-  installDomShim,
   isInSSR,
   rawHtml,
   registerSSRQuery,
   setGlobalSSRTimeout,
-  ssrStorage,
-  toVNode
-} from "./shared/chunk-gcwqkynf.js";
+  ssrStorage
+} from "./shared/chunk-ybftdw1r.js";
+
+// src/index.ts
+import { extractRoutes } from "@vertz/ui-compiler";
 
 // src/aot-manifest-build.ts
 import { readdirSync, readFileSync } from "node:fs";
-import { join } from "node:path";
+import { basename, join } from "node:path";
 import { compileForSSRAot } from "@vertz/ui-compiler";
 function generateAotBuildManifest(srcDir) {
   const components = {};
+  const compiledFiles = {};
   const classificationLog = [];
   const tsxFiles = collectTsxFiles(srcDir);
   for (const filePath of tsxFiles) {
@@ -56,7 +67,14 @@ function generateAotBuildManifest(srcDir) {
       for (const comp of result.components) {
         components[comp.name] = {
           tier: comp.tier,
-          holes: comp.holes
+          holes: comp.holes,
+          queryKeys: comp.queryKeys
+        };
+      }
+      if (result.components.length > 0) {
+        compiledFiles[filePath] = {
+          code: result.code,
+          components: result.components
         };
       }
     } catch (e) {
@@ -83,7 +101,61 @@ function generateAotBuildManifest(srcDir) {
     const pct = Math.round(aotCount / total * 100);
     classificationLog.push(`Coverage: ${aotCount}/${total} components (${pct}%)`);
   }
-  return { components, classificationLog };
+  return { components, compiledFiles, classificationLog };
+}
+function buildAotRouteMap(components, routes) {
+  const routeMap = {};
+  for (const route of routes) {
+    const comp = components[route.componentName];
+    if (!comp || comp.tier === "runtime-fallback")
+      continue;
+    routeMap[route.pattern] = {
+      renderFn: `__ssr_${route.componentName}`,
+      holes: comp.holes,
+      queryKeys: comp.queryKeys
+    };
+  }
+  return routeMap;
+}
+function generateAotBarrel(compiledFiles, routeMap) {
+  const neededFns = new Set;
+  for (const entry of Object.values(routeMap)) {
+    neededFns.add(entry.renderFn);
+  }
+  const fnToFile = new Map;
+  for (const [filePath, compiled] of Object.entries(compiledFiles)) {
+    for (const comp of compiled.components) {
+      const fnName = `__ssr_${comp.name}`;
+      if (neededFns.has(fnName)) {
+        fnToFile.set(fnName, filePath);
+      }
+    }
+  }
+  const fileToFns = new Map;
+  for (const [fnName, filePath] of fnToFile) {
+    const existing = fileToFns.get(filePath) ?? [];
+    existing.push(fnName);
+    fileToFns.set(filePath, existing);
+  }
+  const lines = [];
+  const files = {};
+  let fileIndex = 0;
+  for (const [filePath, fns] of fileToFns) {
+    const moduleName = basename(filePath, ".tsx").replace(/[^a-zA-Z0-9_-]/g, "_");
+    const tempFileName = `__aot_${fileIndex}_${moduleName}`;
+    const moduleRef = `./${tempFileName}`;
+    lines.push(`export { ${fns.sort().join(", ")} } from '${moduleRef}';`);
+    const compiled = compiledFiles[filePath];
+    if (compiled) {
+      files[`${tempFileName}.tsx`] = compiled.code;
+    }
+    fileIndex++;
+  }
+  return {
+    barrelSource: lines.join(`
+`),
+    files
+  };
 }
 function collectTsxFiles(dir) {
   const files = [];
@@ -665,147 +737,6 @@ function createAotManifestManager(options) {
     }
   };
 }
-// src/ssr-aot-pipeline.ts
-function createHoles(holeNames, module, url, queryCache, ssrAuth) {
-  if (holeNames.length === 0)
-    return {};
-  const holes = {};
-  for (const name of holeNames) {
-    holes[name] = () => {
-      const holeCtx = createRequestContext(url);
-      for (const [key, data] of queryCache) {
-        holeCtx.queryCache.set(key, data);
-      }
-      if (ssrAuth) {
-        holeCtx.ssrAuth = ssrAuth;
-      }
-      holeCtx.resolvedComponents = new Map;
-      return ssrStorage.run(holeCtx, () => {
-        ensureDomShim();
-        const factory = resolveHoleComponent(module, name);
-        if (!factory) {
-          return `<!-- AOT hole: ${name} not found -->`;
-        }
-        const node = factory();
-        const vnode = toVNode(node);
-        return serializeToHtml(vnode);
-      });
-    };
-  }
-  return holes;
-}
-function resolveHoleComponent(module, name) {
-  const moduleRecord = module;
-  const exported = moduleRecord[name];
-  if (typeof exported === "function") {
-    return exported;
-  }
-  return;
-}
-async function ssrRenderAot(module, url, options) {
-  const { aotManifest, manifest } = options;
-  const ssrTimeout = options.ssrTimeout ?? 300;
-  const normalizedUrl = url.endsWith("/index.html") ? url.slice(0, -"/index.html".length) || "/" : url;
-  const fallbackOptions = {
-    ssrTimeout,
-    fallbackMetrics: options.fallbackMetrics,
-    ssrAuth: options.ssrAuth,
-    manifest,
-    prefetchSession: options.prefetchSession
-  };
-  const aotPatterns = Object.keys(aotManifest.routes);
-  const matches = matchUrlToPatterns(normalizedUrl, aotPatterns);
-  if (matches.length === 0) {
-    return ssrRenderSinglePass(module, normalizedUrl, fallbackOptions);
-  }
-  const match = matches[matches.length - 1];
-  if (!match) {
-    return ssrRenderSinglePass(module, normalizedUrl, fallbackOptions);
-  }
-  const aotEntry = aotManifest.routes[match.pattern];
-  if (!aotEntry) {
-    return ssrRenderSinglePass(module, normalizedUrl, fallbackOptions);
-  }
-  const queryCache = new Map;
-  try {
-    setGlobalSSRTimeout(ssrTimeout);
-    const holes = createHoles(aotEntry.holes, module, normalizedUrl, queryCache, options.ssrAuth);
-    const ctx = {
-      holes,
-      getData: (key) => queryCache.get(key),
-      session: options.prefetchSession,
-      params: match.params
-    };
-    const data = {};
-    for (const [key, value] of queryCache) {
-      data[key] = value;
-    }
-    const html = aotEntry.render(data, ctx);
-    if (options.diagnostics && isAotDebugEnabled()) {
-      try {
-        const domResult = await ssrRenderSinglePass(module, normalizedUrl, fallbackOptions);
-        if (domResult.html !== html) {
-          options.diagnostics.recordDivergence(match.pattern, html, domResult.html);
-        }
-      } catch {}
-    }
-    const css = collectCSSFromModule(module, options.fallbackMetrics);
-    const ssrData = [];
-    for (const [key, data2] of queryCache) {
-      ssrData.push({ key, data: data2 });
-    }
-    return {
-      html,
-      css: css.cssString,
-      ssrData,
-      headTags: css.preloadTags
-    };
-  } finally {
-    clearGlobalSSRTimeout();
-  }
-}
-function isAotDebugEnabled() {
-  const env = process.env.VERTZ_DEBUG;
-  if (!env)
-    return false;
-  return env === "1" || env.split(",").includes("aot");
-}
-var domShimInstalled = false;
-function ensureDomShim() {
-  if (domShimInstalled && typeof document !== "undefined")
-    return;
-  domShimInstalled = true;
-  installDomShim();
-}
-function collectCSSFromModule(module, fallbackMetrics) {
-  let themeCss = "";
-  let preloadTags = "";
-  if (module.theme) {
-    try {
-      const compiled = compileThemeCached(module.theme, fallbackMetrics);
-      themeCss = compiled.css;
-      preloadTags = compiled.preloadTags;
-    } catch (e) {
-      console.error("[vertz] Failed to compile theme export. Ensure your theme is created with defineTheme().", e);
-    }
-  }
-  const alreadyIncluded = new Set;
-  if (themeCss)
-    alreadyIncluded.add(themeCss);
-  if (module.styles) {
-    for (const s of module.styles)
-      alreadyIncluded.add(s);
-  }
-  const componentCss = module.getInjectedCSS ? module.getInjectedCSS().filter((s) => !alreadyIncluded.has(s)) : [];
-  const themeTag = themeCss ? `<style data-vertz-css>${themeCss}</style>` : "";
-  const globalTag = module.styles && module.styles.length > 0 ? `<style data-vertz-css>${module.styles.join(`
-`)}</style>` : "";
-  const componentTag = componentCss.length > 0 ? `<style data-vertz-css>${componentCss.join(`
-`)}</style>` : "";
-  const cssString = [themeTag, globalTag, componentTag].filter(Boolean).join(`
-`);
-  return { cssString, preloadTags };
-}
 // src/ssr-aot-runtime.ts
 var UNITLESS_PROPERTIES = new Set([
   "animationIterationCount",
@@ -1089,6 +1020,7 @@ export {
   reconstructDescriptors,
   rawHtml,
   matchUrlToPatterns,
+  loadAotManifest,
   isInSSR,
   isAotDebugEnabled,
   inlineCriticalCss,
@@ -1099,6 +1031,8 @@ export {
   getAccessSetForSSR,
   generateSSRHtml,
   generateAotBuildManifest,
+  generateAotBarrel,
+  extractRoutes,
   extractFontMetrics,
   evaluateAccessRule,
   encodeChunk,
@@ -1110,11 +1044,13 @@ export {
   createSSRDataChunk,
   createSSRAdapter,
   createPrefetchManifestManager,
+  createNodeHandler,
   createHoles,
   createAotManifestManager,
   createAccessSetScript,
   collectStreamChunks,
   clearGlobalSSRTimeout,
+  buildAotRouteMap,
   __ssr_style_object,
   __ssr_spread,
   __esc_attr,

package/dist/node-handler.d.ts

@@ -0,0 +1,223 @@
+import { IncomingMessage, ServerResponse } from "node:http";
+import { FontFallbackMetrics as FontFallbackMetrics4 } from "@vertz/ui";
+/**
+* SSR prefetch access rule evaluator.
+*
+* Evaluates serialized entity access rules against the current session
+* to determine whether a query should be prefetched during SSR.
+*
+* The serialized rules come from the prefetch manifest (generated at build time).
+* The session comes from the JWT decoded at request time.
+*/
+/**
+* Serialized access rule — the JSON-friendly format stored in the manifest.
+* Mirrors SerializedRule from @vertz/server/auth/rules but defined here
+* to avoid importing the server package into the SSR pipeline.
+*/
+type SerializedAccessRule = {
+	type: "public";
+} | {
+	type: "authenticated";
+} | {
+	type: "role";
+	roles: string[];
+} | {
+	type: "entitlement";
+	value: string;
+} | {
+	type: "where";
+	conditions: Record<string, unknown>;
+} | {
+	type: "all";
+	rules: SerializedAccessRule[];
+} | {
+	type: "any";
+	rules: SerializedAccessRule[];
+} | {
+	type: "fva";
+	maxAge: number;
+} | {
+	type: "deny";
+};
+/**
+* Minimal session shape needed for prefetch access evaluation.
+* Extracted from the JWT at SSR request time.
+*/
+type PrefetchSession = {
+	status: "authenticated";
+	roles?: string[];
+	entitlements?: Record<string, boolean>;
+	tenantId?: string;
+} | {
+	status: "unauthenticated";
+};
+import { CompiledRoute, Theme } from "@vertz/ui";
+interface SSRModule {
+	default?: () => unknown;
+	App?: () => unknown;
+	theme?: Theme;
+	/** Global CSS strings to include in every SSR response (e.g. resets, body styles). */
+	styles?: string[];
+	/**
+	* Return all CSS tracked by the bundled @vertz/ui instance.
+	* The Vite SSR build inlines @vertz/ui into the server bundle, creating
+	* a separate module instance from @vertz/ui-server's dependency. Without
+	* this, component CSS from module-level css() calls is invisible to the
+	* SSR renderer. Export `getInjectedCSS` from @vertz/ui in the app entry.
+	*/
+	getInjectedCSS?: () => string[];
+	/** Compiled routes exported from the app for build-time SSG with generateParams. */
+	routes?: CompiledRoute[];
+	/** Code-generated API client for manifest-driven zero-discovery prefetching. */
+	api?: Record<string, Record<string, (...args: unknown[]) => unknown>>;
+}
+import { ExtractedQuery } from "@vertz/ui-compiler";
+/** Serialized entity access rules from the prefetch manifest. */
+type EntityAccessMap = Record<string, Partial<Record<string, SerializedAccessRule>>>;
+interface SSRPrefetchManifest {
+	/** Route patterns present in the manifest. */
+	routePatterns: string[];
+	/** Entity access rules keyed by entity name → operation → serialized rule. */
+	entityAccess?: EntityAccessMap;
+	/** Route entries with query binding metadata for zero-discovery prefetch. */
+	routeEntries?: Record<string, {
+		queries: ExtractedQuery[];
+	}>;
+}
+/** Context passed to AOT render functions for accessing data and runtime holes. */
+interface SSRAotContext {
+	/** Pre-generated closures for runtime-rendered components. */
+	holes: Record<string, () => string>;
+	/** Access query data by cache key. */
+	getData(key: string): unknown;
+	/** Auth session for conditional rendering. */
+	session: PrefetchSession | undefined;
+	/** Route params for the current request. */
+	params: Record<string, string>;
+}
+/** An AOT render function: takes props/data and context, returns HTML string. */
+type AotRenderFn = (data: Record<string, unknown>, ctx: SSRAotContext) => string;
+/** Per-route AOT entry in the manifest. */
+interface AotRouteEntry {
+	/** The pre-compiled render function. */
+	render: AotRenderFn;
+	/** Component names that need runtime fallback (holes). */
+	holes: string[];
+	/** Query cache keys this route reads via ctx.getData(). */
+	queryKeys?: string[];
+}
+/**
+* AOT manifest — maps route patterns to pre-compiled render functions.
+*
+* Generated at build time by the AOT compiler pipeline.
+*/
+interface AotManifest {
+	/** Route pattern → AOT entry. */
+	routes: Record<string, AotRouteEntry>;
+}
+import { AccessSet } from "@vertz/ui/auth";
+interface SessionData {
+	user: {
+		id: string;
+		email: string;
+		role: string;
+		[key: string]: unknown;
+	};
+	/** Unix timestamp in milliseconds (JWT exp * 1000). */
+	expiresAt: number;
+}
+/** Resolved session data for SSR injection. */
+interface SSRSessionInfo {
+	session: SessionData;
+	/**
+	* Access set from JWT acl claim.
+	* - Present (object): inline access set (no overflow)
+	* - null: access control is configured but the set overflowed the JWT
+	* - undefined: access control is not configured
+	*/
+	accessSet?: AccessSet | null;
+}
+/**
+* Callback that extracts session data from a request.
+* Returns null when no valid session exists (expired, missing, or invalid cookie).
+*/
+type SessionResolver = (request: Request) => Promise<SSRSessionInfo | null>;
+interface SSRHandlerOptions {
+	/** The loaded SSR module (import('./dist/server/index.js')) */
+	module: SSRModule;
+	/** HTML template string (contents of dist/client/index.html) */
+	template: string;
+	/** SSR timeout for queries (default: 300ms) */
+	ssrTimeout?: number;
+	/**
+	* Map of CSS asset URLs to their content for inlining.
+	* Replaces `<link rel="stylesheet" href="...">` tags with inline `<style>` tags.
+	* Eliminates extra network requests, preventing FOUC on slow connections.
+	*
+	* @example
+	* ```ts
+	* inlineCSS: { '/assets/vertz.css': await Bun.file('./dist/client/assets/vertz.css').text() }
+	* ```
+	*/
+	inlineCSS?: Record<string, string>;
+	/**
+	* CSP nonce to inject on all inline `<script>` tags emitted during SSR.
+	*
+	* When set, the SSR data hydration script will include `nonce="<value>"`
+	* so that strict Content-Security-Policy headers do not block it.
+	*/
+	nonce?: string;
+	/** Pre-computed font fallback metrics (computed at server startup). */
+	fallbackMetrics?: Record<string, FontFallbackMetrics4>;
+	/** Paths to inject as `<link rel="modulepreload">` in `<head>`. */
+	modulepreload?: string[];
+	/**
+	* Route chunk manifest for per-route modulepreload injection.
+	* When provided, only chunks for the matched route are preloaded instead of all chunks.
+	*/
+	routeChunkManifest?: {
+		routes: Record<string, string[]>;
+	};
+	/** Cache-Control header for HTML responses. Omit or undefined = no header (safe default). */
+	cacheControl?: string;
+	/**
+	* Resolves session data from request cookies for SSR injection.
+	* When provided, SSR HTML includes `window.__VERTZ_SESSION__` and
+	* optionally `window.__VERTZ_ACCESS_SET__` for instant auth hydration.
+	*/
+	sessionResolver?: SessionResolver;
+	/**
+	* Prefetch manifest for single-pass SSR optimization.
+	*
+	* When provided with route entries and an API client export, enables
+	* zero-discovery rendering — queries are prefetched from the manifest
+	* without executing the component tree, then a single render pass
+	* produces the HTML. Without a manifest, SSR still uses the single-pass
+	* discovery-then-render approach (cheaper than two-pass).
+	*/
+	manifest?: SSRPrefetchManifest;
+	/**
+	* Enable progressive HTML streaming. Default: false.
+	*
+	* When true, the Response body is a ReadableStream that sends `<head>`
+	* content (CSS, preloads, fonts) before `<body>` rendering is complete.
+	* This improves TTFB and FCP.
+	*
+	* Has no effect on zero-discovery routes (manifest with routeEntries),
+	* which always use buffered rendering.
+	*/
+	progressiveHTML?: boolean;
+	/**
+	* AOT manifest with pre-compiled render functions.
+	*
+	* When provided, routes matching AOT entries are rendered via string-builder
+	* functions (no DOM shim), bypassing the reactive runtime for 4-6x speedup.
+	* Routes not in the manifest fall back to `ssrRenderSinglePass()`.
+	*
+	* Load via `loadAotManifest(serverDir)` at startup.
+	*/
+	aotManifest?: AotManifest;
+}
+type NodeHandlerOptions = SSRHandlerOptions;
+declare function createNodeHandler(options: NodeHandlerOptions): (req: IncomingMessage, res: ServerResponse) => void;
+export { createNodeHandler, NodeHandlerOptions };

package/dist/node-handler.js

@@ -0,0 +1,8 @@
+import {
+  createNodeHandler
+} from "./shared/chunk-es0406qq.js";
+import"./shared/chunk-34fexgex.js";
+import"./shared/chunk-ybftdw1r.js";
+export {
+  createNodeHandler
+};