@zenithbuild/cli 0.7.10 → 0.7.12

package/dist/global-middleware.js

@@ -0,0 +1,252 @@
+import { existsSync } from 'node:fs';
+import { readdir, readFile } from 'node:fs/promises';
+import { createRequire } from 'node:module';
+import { dirname, join, relative, resolve } from 'node:path';
+const PACKAGE_REQUIRE = createRequire(import.meta.url);
+const STATIC_MIDDLEWARE_TARGETS = new Set([
+    'static',
+    'static-export',
+    'vercel-static',
+    'netlify-static'
+]);
+function toPosixRelative(from, to) {
+    const relativePath = relative(from, to).replaceAll('\\', '/');
+    return relativePath || '.';
+}
+function middlewareError(sourceFile, message) {
+    return new Error(`[Zenith:Middleware] Invalid global middleware in ${sourceFile}: ${message}`);
+}
+function resolveTypeScriptApi(projectRoot) {
+    try {
+        const projectRequire = createRequire(join(projectRoot, '__zenith_middleware_parser__.js'));
+        return projectRequire('typescript');
+    }
+    catch {
+        try {
+            return PACKAGE_REQUIRE('typescript');
+        }
+        catch {
+            throw new Error('[Zenith:Middleware] Global middleware validation requires the `typescript` package to be installed.');
+        }
+    }
+}
+function hasModifier(ts, node, kind) {
+    return Boolean(node?.modifiers?.some((modifier) => modifier.kind === kind));
+}
+function isAllowedTypeOnlyNamedExport(ts, node) {
+    if (ts.isInterfaceDeclaration(node) || ts.isTypeAliasDeclaration(node)) {
+        return hasModifier(ts, node, ts.SyntaxKind.ExportKeyword)
+            && !hasModifier(ts, node, ts.SyntaxKind.DefaultKeyword);
+    }
+    if (ts.isExportDeclaration(node)) {
+        if (node.isTypeOnly) {
+            return true;
+        }
+        const elements = node.exportClause && ts.isNamedExports(node.exportClause)
+            ? node.exportClause.elements
+            : [];
+        return elements.length > 0 && elements.every((specifier) => specifier.isTypeOnly === true);
+    }
+    return false;
+}
+function unwrapExpression(ts, expression) {
+    let current = expression;
+    while (current && ts.isParenthesizedExpression(current)) {
+        current = current.expression;
+    }
+    return current;
+}
+function isFunctionLikeDefault(ts, expression) {
+    const unwrapped = unwrapExpression(ts, expression);
+    return ts.isFunctionExpression(unwrapped) || ts.isArrowFunction(unwrapped)
+        ? unwrapped
+        : null;
+}
+function propertyAccessPath(ts, node) {
+    const parts = [];
+    let current = node;
+    while (current && ts.isPropertyAccessExpression(current)) {
+        parts.unshift(current.name.text);
+        current = current.expression;
+    }
+    if (current && ts.isIdentifier(current)) {
+        parts.unshift(current.text);
+    }
+    return parts;
+}
+function hasCommonJsExport(ts, node) {
+    let found = false;
+    function visit(current) {
+        if (found) {
+            return;
+        }
+        if (ts.isBinaryExpression(current)
+            && current.operatorToken.kind === ts.SyntaxKind.EqualsToken
+            && ts.isPropertyAccessExpression(current.left)) {
+            const parts = propertyAccessPath(ts, current.left);
+            if (parts[0] === 'module' && parts[1] === 'exports') {
+                found = true;
+                return;
+            }
+            if (parts[0] === 'exports') {
+                found = true;
+                return;
+            }
+        }
+        ts.forEachChild(current, visit);
+    }
+    ts.forEachChild(node, visit);
+    return found;
+}
+function assertTwoNonRestParams(fn, sourceFile) {
+    const params = Array.isArray(fn?.parameters) ? fn.parameters : [];
+    const hasRest = params.some((param) => param.dotDotDotToken);
+    if (params.length !== 2 || hasRest) {
+        throw middlewareError(sourceFile, 'default function must accept exactly two arguments: ctx and next.');
+    }
+}
+export function validateGlobalMiddlewareSource(source, sourceFile, projectRoot = process.cwd()) {
+    const ts = resolveTypeScriptApi(projectRoot);
+    const parsed = ts.createSourceFile(sourceFile, String(source || ''), ts.ScriptTarget.Latest, true, ts.ScriptKind.TS);
+    if (parsed.parseDiagnostics.length > 0) {
+        throw middlewareError(sourceFile, 'unable to parse middleware module.');
+    }
+    if (hasCommonJsExport(ts, parsed)) {
+        throw middlewareError(sourceFile, 'CommonJS middleware exports are not supported. Use `export default function middleware(ctx, next) { ... }`.');
+    }
+    let defaultExportCount = 0;
+    let defaultFunction = null;
+    let defaultExportWasNonFunction = false;
+    let hasNamedRuntimeExport = false;
+    for (const statement of parsed.statements) {
+        if (ts.isExportDeclaration(statement)) {
+            if (!isAllowedTypeOnlyNamedExport(ts, statement)) {
+                hasNamedRuntimeExport = true;
+            }
+            continue;
+        }
+        if (ts.isExportAssignment(statement)) {
+            if (statement.isExportEquals) {
+                throw middlewareError(sourceFile, 'CommonJS middleware exports are not supported. Use `export default function middleware(ctx, next) { ... }`.');
+            }
+            defaultExportCount += 1;
+            const fn = isFunctionLikeDefault(ts, statement.expression);
+            if (fn) {
+                defaultFunction = fn;
+            }
+            else {
+                defaultExportWasNonFunction = true;
+            }
+            continue;
+        }
+        const hasExport = hasModifier(ts, statement, ts.SyntaxKind.ExportKeyword);
+        if (!hasExport) {
+            continue;
+        }
+        const hasDefault = hasModifier(ts, statement, ts.SyntaxKind.DefaultKeyword);
+        if (hasDefault) {
+            defaultExportCount += 1;
+            if (ts.isFunctionDeclaration(statement)) {
+                defaultFunction = statement;
+            }
+            else {
+                defaultExportWasNonFunction = true;
+            }
+            continue;
+        }
+        if (!isAllowedTypeOnlyNamedExport(ts, statement)) {
+            hasNamedRuntimeExport = true;
+        }
+    }
+    if (hasNamedRuntimeExport) {
+        throw middlewareError(sourceFile, 'named runtime exports are not supported. Export only `default function middleware(ctx, next)`.');
+    }
+    if (defaultExportCount !== 1) {
+        throw middlewareError(sourceFile, 'expected exactly one default export function.');
+    }
+    if (!defaultFunction || defaultExportWasNonFunction) {
+        throw middlewareError(sourceFile, 'default export must be a function. Use `export default function middleware(ctx, next) { ... }`.');
+    }
+    assertTwoNonRestParams(defaultFunction, sourceFile);
+}
+async function findNestedMiddlewareFiles(dir, projectRoot) {
+    const matches = [];
+    let entries;
+    try {
+        entries = await readdir(dir, { withFileTypes: true });
+    }
+    catch {
+        return matches;
+    }
+    entries.sort((left, right) => left.name.localeCompare(right.name));
+    for (const entry of entries) {
+        const fullPath = join(dir, entry.name);
+        if (entry.isDirectory()) {
+            if (entry.name === 'middleware' && existsSync(join(fullPath, 'index.ts'))) {
+                matches.push(join(fullPath, 'index.ts'));
+            }
+            matches.push(...await findNestedMiddlewareFiles(fullPath, projectRoot));
+            continue;
+        }
+        if (entry.isFile() && entry.name === 'middleware.ts') {
+            matches.push(fullPath);
+        }
+    }
+    return matches.sort((left, right) => (toPosixRelative(projectRoot, left).localeCompare(toPosixRelative(projectRoot, right))));
+}
+function createMetadata(sourceFile) {
+    return { source_file: sourceFile };
+}
+export function normalizeGlobalMiddlewareMetadata(globalMiddleware) {
+    const sourceFile = typeof globalMiddleware?.source_file === 'string'
+        ? globalMiddleware.source_file
+        : typeof globalMiddleware?.sourceFile === 'string'
+            ? globalMiddleware.sourceFile
+            : null;
+    return sourceFile ? createMetadata(sourceFile) : null;
+}
+export function assertGlobalMiddlewareTargetSupported(target, globalMiddleware) {
+    if (!globalMiddleware || !STATIC_MIDDLEWARE_TARGETS.has(target)) {
+        return;
+    }
+    throw new Error(`[Zenith:Middleware] target "${target}" cannot use global middleware. ` +
+        'Global middleware requires a server-capable target ("node", "vercel", or "netlify"). ' +
+        `File: ${globalMiddleware.sourceFile}.`);
+}
+export async function resolveGlobalMiddleware({ projectRoot, pagesDir, target } = {}) {
+    const resolvedProjectRoot = resolve(projectRoot || process.cwd());
+    const resolvedPagesDir = resolve(resolvedProjectRoot, pagesDir || 'pages');
+    const middlewareRoot = dirname(resolvedPagesDir);
+    const rootCandidates = [
+        join(middlewareRoot, 'middleware.ts'),
+        join(middlewareRoot, 'middleware', 'index.ts')
+    ].filter((candidate) => existsSync(candidate));
+    if (rootCandidates.length > 1) {
+        throw new Error(`[Zenith:Middleware] Multiple global middleware files found in "${middlewareRoot}". ` +
+            'Keep exactly one of: middleware.ts, middleware/index.ts.');
+    }
+    const nestedMatches = await findNestedMiddlewareFiles(resolvedPagesDir, resolvedProjectRoot);
+    if (nestedMatches.length > 0) {
+        const relativePath = toPosixRelative(resolvedProjectRoot, nestedMatches[0]);
+        const middlewareRootRelative = toPosixRelative(resolvedProjectRoot, middlewareRoot);
+        const targetPath = middlewareRootRelative === '.'
+            ? 'middleware.ts'
+            : `${middlewareRootRelative}/middleware.ts`;
+        throw new Error('[Zenith:Middleware] Nested middleware files are not supported in V1. ' +
+            `Move "${relativePath}" to "${targetPath}" or remove it.`);
+    }
+    if (rootCandidates.length === 0) {
+        return null;
+    }
+    const sourcePath = rootCandidates[0];
+    const sourceFile = toPosixRelative(resolvedProjectRoot, sourcePath);
+    const globalMiddleware = {
+        sourcePath,
+        sourceFile,
+        root: middlewareRoot,
+        metadata: createMetadata(sourceFile)
+    };
+    assertGlobalMiddlewareTargetSupported(target, globalMiddleware);
+    validateGlobalMiddlewareSource(await readFile(sourcePath, 'utf8'), sourceFile, resolvedProjectRoot);
+    return globalMiddleware;
+}

package/dist/images/remote-fetch.d.ts

@@ -0,0 +1,12 @@
+export function isLocalNetworkAddress(address: any): boolean;
+export function resolveRemoteTarget(remoteUrl: any, config: any, lookupImpl?: typeof lookup): Promise<{
+    url: import("node:url").URL;
+    address: string;
+    family: number;
+    requestUrl: import("node:url").URL;
+}>;
+export function validateRemoteTarget(remoteUrl: any, config: any): Promise<import("node:url").URL>;
+export function fetchRemoteImage(remote: any, config: any, fetchImpl?: typeof fetchPinnedRemoteUrl, lookupImpl?: typeof lookup): Promise<any>;
+import { lookup } from 'node:dns/promises';
+declare function fetchPinnedRemoteUrl(requestUrl: any, options?: {}): Promise<any>;
+export {};

package/dist/images/remote-fetch.js

@@ -0,0 +1,257 @@
+import { lookup } from 'node:dns/promises';
+import http from 'node:http';
+import https from 'node:https';
+import { isIP } from 'node:net';
+import { Readable } from 'node:stream';
+import { matchRemotePattern } from './shared.js';
+const MAX_REMOTE_REDIRECTS = 5;
+const PINNED_REMOTE_TARGET = Symbol('zenithPinnedRemoteTarget');
+function parseIpv4(address) {
+    if (!address) {
+        return null;
+    }
+    const parts = String(address).split('.');
+    if (parts.length !== 4) {
+        return null;
+    }
+    const octets = parts.map((part) => {
+        if (!/^\d+$/.test(part)) {
+            return null;
+        }
+        const value = Number.parseInt(part, 10);
+        return value >= 0 && value <= 255 ? value : null;
+    });
+    return octets.every((part) => part !== null) ? octets : null;
+}
+function isBlockedIpv4(address) {
+    const octets = parseIpv4(address);
+    if (!octets) {
+        return false;
+    }
+    const [a, b, c, d] = octets;
+    if (a === 0 || a === 10 || a === 127 || a >= 224) {
+        return true;
+    }
+    if (a === 100 && b >= 64 && b <= 127) {
+        return true;
+    }
+    if (a === 169 && b === 254) {
+        return true;
+    }
+    if (a === 172 && b >= 16 && b <= 31) {
+        return true;
+    }
+    if (a === 192 && (b === 168 || (b === 0 && (c === 0 || c === 2)) || (b === 88 && c === 99))) {
+        return true;
+    }
+    if (a === 198 && (b === 18 || b === 19 || (b === 51 && c === 100))) {
+        return true;
+    }
+    if (a === 203 && b === 0 && c === 113) {
+        return true;
+    }
+    return a === 255 && b === 255 && c === 255 && d === 255;
+}
+function leadingIpv6Hextet(address) {
+    const first = String(address).toLowerCase().replace(/^\[|\]$/g, '').split('%')[0].split(':')[0];
+    return Number.parseInt(first || '0', 16);
+}
+function mappedIpv4Address(address) {
+    const normalized = String(address || '').toLowerCase().replace(/^\[|\]$/g, '').split('%')[0];
+    if (normalized.includes('.')) {
+        const candidate = normalized.slice(normalized.lastIndexOf(':') + 1);
+        return parseIpv4(candidate) ? candidate : null;
+    }
+    const mappedHex = normalized.match(/^::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/i);
+    if (mappedHex) {
+        const high = Number.parseInt(mappedHex[1], 16);
+        const low = Number.parseInt(mappedHex[2], 16);
+        if (Number.isFinite(high) && Number.isFinite(low)) {
+            return `${(high >> 8) & 0xff}.${high & 0xff}.${(low >> 8) & 0xff}.${low & 0xff}`;
+        }
+    }
+    return null;
+}
+function isBlockedIpv6(address) {
+    const normalized = String(address || '').toLowerCase().replace(/^\[|\]$/g, '').split('%')[0];
+    if (!normalized) {
+        return false;
+    }
+    const mapped = mappedIpv4Address(normalized);
+    if (mapped) {
+        return isBlockedIpv4(mapped);
+    }
+    if (normalized === '::' || normalized === '::1') {
+        return true;
+    }
+    const first = leadingIpv6Hextet(normalized);
+    if (!Number.isFinite(first)) {
+        return false;
+    }
+    return (first & 0xfe00) === 0xfc00
+        || (first & 0xffc0) === 0xfe80
+        || (first & 0xff00) === 0xff00;
+}
+function normalizeHostnameAddress(hostname) {
+    return String(hostname || '').replace(/^\[|\]$/g, '').split('%')[0];
+}
+export function isLocalNetworkAddress(address) {
+    const normalized = normalizeHostnameAddress(address);
+    if (!normalized) {
+        return false;
+    }
+    if (isBlockedIpv4(normalized)) {
+        return true;
+    }
+    return isBlockedIpv6(normalized);
+}
+function isLoopbackHostname(hostname) {
+    const normalized = String(hostname || '').toLowerCase();
+    return normalized === 'localhost' || normalized.endsWith('.localhost');
+}
+async function resolveRemoteAddress(url, config, lookupImpl = lookup) {
+    const hostname = normalizeHostnameAddress(url.hostname);
+    const allowLocalNetwork = Boolean(config.dangerouslyAllowLocalNetwork);
+    if (!allowLocalNetwork && (isLoopbackHostname(hostname) || isLocalNetworkAddress(hostname))) {
+        throw new Error('[Zenith:Image] Loopback and local network image fetches are blocked');
+    }
+    const literalFamily = isIP(hostname);
+    if (literalFamily) {
+        return {
+            address: hostname,
+            family: literalFamily
+        };
+    }
+    const resolved = await lookupImpl(hostname, { all: true });
+    if (!Array.isArray(resolved) || resolved.length === 0) {
+        throw new Error('[Zenith:Image] Remote image hostname did not resolve');
+    }
+    if (!allowLocalNetwork && resolved.some((entry) => isLocalNetworkAddress(entry.address))) {
+        throw new Error('[Zenith:Image] Private network image fetches are blocked');
+    }
+    return {
+        address: resolved[0].address,
+        family: resolved[0].family || isIP(resolved[0].address)
+    };
+}
+function buildPinnedUrl(url, address, family) {
+    const pinned = new URL(url.toString());
+    pinned.hostname = family === 6 ? `[${address}]` : address;
+    return pinned;
+}
+export async function resolveRemoteTarget(remoteUrl, config, lookupImpl = lookup) {
+    const url = new URL(remoteUrl);
+    if (!matchRemotePattern(url, config.remotePatterns)) {
+        throw new Error('[Zenith:Image] Remote URL is not allowed by images.remotePatterns');
+    }
+    const resolved = await resolveRemoteAddress(url, config, lookupImpl);
+    return {
+        url,
+        address: resolved.address,
+        family: resolved.family,
+        requestUrl: buildPinnedUrl(url, resolved.address, resolved.family)
+    };
+}
+function remoteFetchHeaders(target) {
+    return {
+        'Accept': 'image/avif,image/webp,image/png,image/jpeg,image/*;q=0.8,*/*;q=0.1',
+        'Host': target.url.host
+    };
+}
+function createRemoteFetchOptions(target) {
+    return {
+        headers: remoteFetchHeaders(target),
+        redirect: 'manual',
+        [PINNED_REMOTE_TARGET]: target
+    };
+}
+function normalizeRequestHeaders(headers = {}) {
+    if (headers instanceof Headers) {
+        return Object.fromEntries(headers.entries());
+    }
+    return { ...headers };
+}
+function responseHeadersFromNode(headers) {
+    const out = new Headers();
+    for (const [key, value] of Object.entries(headers || {})) {
+        if (Array.isArray(value)) {
+            for (const item of value) {
+                out.append(key, String(item));
+            }
+            continue;
+        }
+        if (value !== undefined) {
+            out.set(key, String(value));
+        }
+    }
+    return out;
+}
+function nodeRequestOptions(target, options = {}) {
+    const url = target.url;
+    const protocol = url.protocol;
+    if (protocol !== 'http:' && protocol !== 'https:') {
+        throw new Error('[Zenith:Image] Remote image protocol must be http or https');
+    }
+    const headers = normalizeRequestHeaders(options.headers);
+    const requestOptions = {
+        protocol,
+        hostname: target.address,
+        port: url.port || (protocol === 'https:' ? 443 : 80),
+        method: 'GET',
+        path: `${url.pathname}${url.search}`,
+        headers
+    };
+    const originalHostname = normalizeHostnameAddress(url.hostname);
+    if (protocol === 'https:' && !isIP(originalHostname)) {
+        requestOptions.servername = originalHostname;
+    }
+    return requestOptions;
+}
+async function fetchPinnedRemoteUrl(requestUrl, options = {}) {
+    const target = options[PINNED_REMOTE_TARGET];
+    if (!target) {
+        return fetch(requestUrl, options);
+    }
+    const transport = target.url.protocol === 'https:' ? https : http;
+    return new Promise((resolve, reject) => {
+        const request = transport.request(nodeRequestOptions(target, options), (response) => {
+            const status = response.statusCode || 502;
+            const body = status === 204 || status === 205 || status === 304
+                ? null
+                : Readable.toWeb(response);
+            resolve(new Response(body, {
+                status,
+                statusText: response.statusMessage || '',
+                headers: responseHeadersFromNode(response.headers)
+            }));
+        });
+        request.on('error', reject);
+        request.end();
+    });
+}
+export async function validateRemoteTarget(remoteUrl, config) {
+    return (await resolveRemoteTarget(remoteUrl, config)).url;
+}
+export async function fetchRemoteImage(remote, config, fetchImpl = fetchPinnedRemoteUrl, lookupImpl = lookup) {
+    let current = remote instanceof URL ? remote : new URL(String(remote));
+    for (let redirectCount = 0; redirectCount <= MAX_REMOTE_REDIRECTS; redirectCount += 1) {
+        const target = await resolveRemoteTarget(current.toString(), config, lookupImpl);
+        current = target.url;
+        const response = await fetchImpl(target.requestUrl, createRemoteFetchOptions(target));
+        if (response.status < 300 || response.status >= 400) {
+            return response;
+        }
+        const location = response.headers.get('location');
+        if (!location) {
+            throw new Error('[Zenith:Image] Remote image redirect is missing a Location header');
+        }
+        try {
+            await response.body?.cancel?.();
+        }
+        catch {
+            // Ignore body cancellation errors while redirecting.
+        }
+        current = new URL(location, current);
+    }
+    throw new Error('[Zenith:Image] Remote image redirected too many times');
+}

package/dist/images/service.d.ts

@@ -14,3 +14,13 @@ export function handleImageFetchRequest(request: Request | {
     config?: Record<string, unknown>;
 }): Promise<Response>;
 export function handleImageRequest(_req: any, res: any, options: any): Promise<boolean>;
+export namespace __imageServiceTestHooks {
+    export { fetchRemoteImage };
+    export { isLocalNetworkAddress };
+    export { resolveRemoteTarget };
+    export { validateRemoteTarget };
+}
+import { fetchRemoteImage } from './remote-fetch.js';
+import { isLocalNetworkAddress } from './remote-fetch.js';
+import { resolveRemoteTarget } from './remote-fetch.js';
+import { validateRemoteTarget } from './remote-fetch.js';

package/dist/images/service.js

@@ -1,9 +1,9 @@
-import { lookup } from 'node:dns/promises';
 import { existsSync } from 'node:fs';
 import { mkdir, readFile, stat, writeFile, readdir } from 'node:fs/promises';
 import { dirname, extname, join, relative, resolve } from 'node:path';
 import sharp from 'sharp';
-import { buildLocalImageKey, buildLocalVariantAssetPath, matchRemotePattern, normalizeImageConfig, normalizeImageFormat } from './shared.js';
+import { fetchRemoteImage, isLocalNetworkAddress, resolveRemoteTarget, validateRemoteTarget } from './remote-fetch.js';
+import { buildLocalImageKey, buildLocalVariantAssetPath, normalizeImageConfig, normalizeImageFormat } from './shared.js';
 const RASTER_EXTENSIONS = new Set(['.jpg', '.jpeg', '.png', '.webp', '.avif']);
 const MIME_BY_FORMAT = {
     avif: 'image/avif',
@@ -12,28 +12,6 @@ const MIME_BY_FORMAT = {
     jpg: 'image/jpeg',
     jpeg: 'image/jpeg'
 };
-function isPrivateIp(address) {
-    if (!address) {
-        return false;
-    }
-    if (address === '::1' || address === '127.0.0.1') {
-        return true;
-    }
-    if (address.startsWith('10.') || address.startsWith('192.168.')) {
-        return true;
-    }
-    if (/^172\.(1[6-9]|2\d|3[0-1])\./.test(address)) {
-        return true;
-    }
-    if (/^(fc|fd)/i.test(address.replace(/:/g, ''))) {
-        return true;
-    }
-    return false;
-}
-function isLoopbackHostname(hostname) {
-    const normalized = String(hostname || '').toLowerCase();
-    return normalized === 'localhost' || normalized === '127.0.0.1' || normalized === '::1';
-}
 function mimeTypeForFormat(format) {
     return MIME_BY_FORMAT[normalizeImageFormat(format)] || 'application/octet-stream';
 }
@@ -167,22 +145,6 @@ export async function buildImageArtifacts(options) {
     await writeFile(manifestPath, `${JSON.stringify(manifest, null, 2)}\n`, 'utf8');
     return { manifest };
 }
-async function validateRemoteTarget(remoteUrl, config) {
-    const url = new URL(remoteUrl);
-    if (!matchRemotePattern(url, config.remotePatterns)) {
-        throw new Error('[Zenith:Image] Remote URL is not allowed by images.remotePatterns');
-    }
-    if (!config.dangerouslyAllowLocalNetwork) {
-        if (isLoopbackHostname(url.hostname)) {
-            throw new Error('[Zenith:Image] Loopback and local network image fetches are blocked');
-        }
-        const resolved = await lookup(url.hostname, { all: true });
-        if (resolved.some((entry) => isPrivateIp(entry.address))) {
-            throw new Error('[Zenith:Image] Private network image fetches are blocked');
-        }
-    }
-    return url;
-}
 async function readRemoteBuffer(response, maxBytes) {
     const reader = response.body?.getReader?.();
     if (!reader) {
@@ -273,12 +235,7 @@ async function createImageResponse(options) {
                 : mimeTypeForFormat(format || 'jpg');
             return createBufferResponse(200, contentType, cached, config.minimumCacheTTL);
         }
-        const response = await fetch(remote, {
-            headers: {
-                'Accept': 'image/avif,image/webp,image/png,image/jpeg,image/*;q=0.8,*/*;q=0.1'
-            },
-            redirect: 'follow'
-        });
+        const response = await fetchRemoteImage(remote, config);
         if (!response.ok) {
             throw new Error(`[Zenith:Image] Remote image fetch failed with status ${response.status}`);
         }
@@ -330,3 +287,9 @@ export async function handleImageRequest(_req, res, options) {
     await sendResponse(res, response);
     return true;
 }
+export const __imageServiceTestHooks = {
+    fetchRemoteImage,
+    isLocalNetworkAddress,
+    resolveRemoteTarget,
+    validateRemoteTarget
+};

package/dist/index.js

@@ -124,8 +124,18 @@ export async function cli(args, cwd) {
             : resolvePort(args.slice(1), 3000);
         const host = process.env.ZENITH_DEV_HOST || '127.0.0.1';
         logger.dev('Starting dev server…');
-        const dev = await createDevServer({ pagesDir, outDir, port, host, config, logger });
-        logger.ok(`http://${host === '0.0.0.0' ? '127.0.0.1' : host}:${dev.port}`);
+        const dev = await createDevServer({ pagesDir, outDir, projectRoot, port, host, config, logger });
+        const displayHost = host === '0.0.0.0' ? '127.0.0.1' : host;
+        const servingUrl = `http://${displayHost}:${dev.port}`;
+        if (dev.portFallback) {
+            const occupied = Array.isArray(dev.portFallback.occupiedPorts)
+                ? dev.portFallback.occupiedPorts.join(', ')
+                : String(dev.requestedPort);
+            logger.warn(`Requested port ${dev.requestedPort} is occupied; using ${dev.port}.`, {
+                hint: `Occupied port(s): ${occupied}; serving at ${servingUrl}`
+            });
+        }
+        logger.ok(servingUrl);
         // Graceful shutdown
         process.on('SIGINT', () => {
             dev.close();

package/dist/manifest.d.ts

@@ -1,3 +1,5 @@
+export function analyzeRouteScopedServerMetadata(options: import("./scoped-server-data/types.js").AnalyzeRouteScopedServerMetadataOptions): import("./scoped-server-data/types.js").AnalyzeRouteScopedServerMetadataResult;
+export function assertNoScopedServerBuildErrors(diagnostics: import("./scoped-server-data/types.js").ScopedServerDiagnostic[], contextFile: string): void;
 /**
  * @typedef {{
  *   path: string,
@@ -11,6 +13,8 @@
  *   has_guard?: boolean,
  *   has_load?: boolean,
  *   has_action?: boolean,
+ *   has_scoped_server_data?: boolean,
+ *   scoped_server_data?: import('./scoped-server-data/types.js').ManifestScopedServerDataEntry[],
  *   export_paths?: string[]
  * }} ManifestEntry
  */
@@ -19,11 +23,13 @@
  *
  * @param {string} pagesDir - Absolute path to /pages directory
  * @param {string} [extension='.zen'] - File extension to scan for
- * @param {{ compilerOpts?: object }} [options]
+ * @param {{ compilerOpts?: object, srcDir?: string, registry?: Map<string, string> }} [options]
  * @returns {Promise<ManifestEntry[]>}
  */
 export function generateManifest(pagesDir: string, extension?: string, options?: {
     compilerOpts?: object;
+    srcDir?: string;
+    registry?: Map<string, string>;
 }): Promise<ManifestEntry[]>;
 /**
  * Generate a JavaScript module string from manifest entries.
@@ -45,5 +51,7 @@ export type ManifestEntry = {
     has_guard?: boolean;
     has_load?: boolean;
     has_action?: boolean;
+    has_scoped_server_data?: boolean;
+    scoped_server_data?: import("./scoped-server-data/types.js").ManifestScopedServerDataEntry[];
     export_paths?: string[];
 };