@zenithbuild/cli 0.7.4 → 0.7.7

package/dist/server-runtime/node-server.js

@@ -7,7 +7,7 @@ import { appLocalRedirectLocation, imageEndpointPath, normalizeBasePath, routeCh
 import { handleImageRequest } from '../images/service.js';
 import { createTrustedOriginResolver } from '../request-origin.js';
 import { defaultRouteDenyMessage, logServerException, sanitizeRouteResult } from '../server-error.js';
-import { executeRouteRequest, renderRouteRequest } from './route-render.js';
+import { executeRouteRequest, renderResourceRouteRequest, renderRouteRequest } from './route-render.js';
 import { resolveRequestRoute } from './resolve-request-route.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
@@ -97,17 +97,53 @@ async function createWebRequest(req, url) {
     }
     return new Request(url.toString(), init);
 }
+function getSetCookieValues(response) {
+    if (typeof response?.headers?.getSetCookie === 'function') {
+        return response.headers.getSetCookie();
+    }
+    const value = response?.headers?.get?.('set-cookie');
+    return typeof value === 'string' && value.length > 0 ? [value] : [];
+}
 async function sendFetchResponse(res, response, method) {
     res.statusCode = response.status;
+    const setCookies = getSetCookieValues(response);
+    if (setCookies.length > 0) {
+        res.setHeader('set-cookie', setCookies);
+    }
     for (const [key, value] of response.headers.entries()) {
+        if (key.toLowerCase() === 'set-cookie') {
+            continue;
+        }
         res.setHeader(key, value);
     }
-    if (String(method || 'GET').toUpperCase() === 'HEAD') {
+    if (String(method || 'GET').toUpperCase() === 'HEAD' || !response.body) {
         res.end();
         return;
     }
-    const body = await response.arrayBuffer();
-    res.end(Buffer.from(body));
+    try {
+        const bodyStream = Readable.fromWeb(response.body);
+        bodyStream.pipe(res);
+        bodyStream.on('error', (err) => {
+            logServerException('node response stream failed', err);
+            if (!res.headersSent) {
+                res.statusCode = 500;
+                res.end();
+            }
+            else {
+                res.destroy();
+            }
+        });
+    }
+    catch (err) {
+        logServerException('node response pipe creation failed', err);
+        if (!res.headersSent) {
+            res.statusCode = 500;
+            res.end();
+        }
+        else {
+            res.destroy();
+        }
+    }
 }
 async function sendStaticFile(res, filePath, method) {
     const body = await readFile(filePath);
@@ -155,13 +191,16 @@ async function loadRuntimeContext(options = {}) {
             base_path: '/'
         });
         const serverManifest = await readJson(join(serverDir, 'manifest.json'), { routes: [] });
+        const allServerRoutes = Array.isArray(serverManifest.routes) ? serverManifest.routes : [];
         return {
             distDir,
             serverDir,
             staticDir: resolve(serverDir, config.static_dir || '../static'),
             buildManifest,
             buildRoutes: Array.isArray(buildManifest.routes) ? buildManifest.routes : [],
-            serverRoutes: Array.isArray(serverManifest.routes) ? serverManifest.routes : [],
+            serverRoutes: allServerRoutes,
+            pageServerRoutes: allServerRoutes.filter((route) => route?.route_kind !== 'resource'),
+            resourceServerRoutes: allServerRoutes.filter((route) => route?.route_kind === 'resource'),
             images: config.images || {},
             basePath: normalizeBasePath(config.base_path || '/')
         };
@@ -206,7 +245,7 @@ async function handleRouteCheck(req, res, url, context) {
     }
     let result = { kind: 'allow' };
     let routeId = buildResolved.route.path || '';
-    const serverResolved = resolveRequestRoute(canonicalTargetUrl, context.serverRoutes);
+    const serverResolved = resolveRequestRoute(canonicalTargetUrl, context.pageServerRoutes);
     if (serverResolved.matched && serverResolved.route) {
         routeId = serverResolved.route.route_id || serverResolved.route.name || serverResolved.route.path || routeId;
         try {
@@ -275,7 +314,20 @@ async function handleNodeRequest(req, res, context, serverOrigin) {
         await sendStaticFile(res, assetPath, req.method);
         return;
     }
-    const serverResolved = resolveRequestRoute(canonicalUrl, context.serverRoutes);
+    const resourceResolved = resolveRequestRoute(canonicalUrl, context.resourceServerRoutes);
+    if (resourceResolved.matched && resourceResolved.route) {
+        const routeDir = join(context.serverDir, 'routes', resourceResolved.route.name);
+        const request = await createWebRequest(req, url);
+        const response = await renderResourceRouteRequest({
+            request,
+            route: resourceResolved.route,
+            params: resourceResolved.params,
+            routeModulePath: join(routeDir, 'route', 'entry.js')
+        });
+        await sendFetchResponse(res, response, req.method);
+        return;
+    }
+    const serverResolved = resolveRequestRoute(canonicalUrl, context.pageServerRoutes);
     if (serverResolved.matched && serverResolved.route) {
         const routeDir = join(context.serverDir, 'routes', serverResolved.route.name);
         const request = await createWebRequest(req, url);

package/dist/server-runtime/route-render.d.ts

@@ -8,7 +8,7 @@ export function extractInternalParams(requestUrl: any, route: any): {};
  *   routeModulePath: string,
  *   guardOnly?: boolean
  * }} options
- * @returns {Promise<{ publicUrl: URL, result: { kind: string, [key: string]: unknown }, trace: { guard: string, action: string, load: string }, status?: number }>}
+ * @returns {Promise<{ publicUrl: URL, result: { kind: string, [key: string]: unknown }, trace: { guard: string, action: string, load: string }, status?: number, setCookies?: string[] }>}
  */
 export function executeRouteRequest(options: {
     request: Request;
@@ -34,6 +34,7 @@ export function executeRouteRequest(options: {
         load: string;
     };
     status?: number;
+    setCookies?: string[];
 }>;
 /**
  * @param {{
@@ -62,3 +63,26 @@ export function renderRouteRequest(options: {
     imageManifestPath?: string | null;
     imageConfig?: Record<string, unknown>;
 }): Promise<Response>;
+/**
+ * @param {{
+ *   request: Request,
+ *   route: { path: string, params?: string[], route_id?: string | null, server_script_path?: string | null, file?: string | null, route_kind?: string | null, base_path?: string | null },
+ *   params: Record<string, string>,
+ *   routeModulePath: string
+ * }} options
+ * @returns {Promise<Response>}
+ */
+export function renderResourceRouteRequest(options: {
+    request: Request;
+    route: {
+        path: string;
+        params?: string[];
+        route_id?: string | null;
+        server_script_path?: string | null;
+        file?: string | null;
+        route_kind?: string | null;
+        base_path?: string | null;
+    };
+    params: Record<string, string>;
+    routeModulePath: string;
+}): Promise<Response>;

package/dist/server-runtime/route-render.js

@@ -1,10 +1,12 @@
 import { readFile } from 'node:fs/promises';
 import { pathToFileURL } from 'node:url';
+import { attachRouteAuth } from '../auth/route-auth.js';
 import { appLocalRedirectLocation, normalizeBasePath, prependBasePath } from '../base-path.js';
 import { createImageRuntimePayload, injectImageRuntimePayload } from '../images/payload.js';
 import { materializeImageMarkup } from '../images/materialize.js';
+import { buildResourceResponseDescriptor } from '../resource-response.js';
 import { clientFacingRouteMessage, defaultRouteDenyMessage, logServerException } from '../server-error.js';
-import { allow, data, deny, invalid, redirect, resolveRouteResult } from '../server-contract.js';
+import { allow, data, deny, download, invalid, json, redirect, resolveRouteResult, text } from '../server-contract.js';
 const MODULE_CACHE = new Map();
 const INTERNAL_QUERY_PREFIX = '__zenith_param_';
 function parseCookies(rawCookieHeader) {
@@ -41,12 +43,29 @@ function escapeInlineJson(payload) {
         .replace(/\u2028/g, '\\u2028')
         .replace(/\u2029/g, '\\u2029');
 }
-function createTextResponse(status, message) {
+function appendSetCookieHeaders(headers, setCookies = []) {
+    for (const value of Array.isArray(setCookies) ? setCookies : []) {
+        headers.append('Set-Cookie', value);
+    }
+    return headers;
+}
+function createTextResponse(status, message, setCookies = []) {
+    const headers = new Headers({
+        'Content-Type': 'text/plain; charset=utf-8'
+    });
+    appendSetCookieHeaders(headers, setCookies);
     return new Response(message || defaultRouteDenyMessage(status), {
         status,
-        headers: {
-            'Content-Type': 'text/plain; charset=utf-8'
-        }
+        headers
+    });
+}
+function createResourceResponse(result, basePath, setCookies = []) {
+    const descriptor = buildResourceResponseDescriptor(result, basePath, setCookies);
+    const headers = new Headers(descriptor.headers);
+    appendSetCookieHeaders(headers, descriptor.setCookies);
+    return new Response(descriptor.body, {
+        status: descriptor.status,
+        headers
     });
 }
 function injectSsrPayload(html, payload) {
@@ -140,9 +159,9 @@ async function loadRouteExports(routeModulePath) {
     MODULE_CACHE.set(cacheKey, value);
     return value;
 }
-function createRouteContext({ request, route, params, publicUrl }) {
+function createRouteContext({ request, route, params, publicUrl, guardOnly = false }) {
     const requestHeaders = Object.fromEntries(request.headers.entries());
-    return {
+    const ctx = {
         params: { ...params },
         url: publicUrl,
         headers: { ...requestHeaders },
@@ -156,20 +175,22 @@ function createRouteContext({ request, route, params, publicUrl }) {
         },
         env: {},
         action: null,
-        auth: {
-            async getSession() {
-                return null;
-            },
-            async requireSession() {
-                throw redirect('/login', 302);
-            }
-        },
         allow,
         redirect,
         deny,
         invalid,
-        data
+        data,
+        json,
+        text,
+        download
     };
+    attachRouteAuth(ctx, {
+        requestUrl: publicUrl,
+        guardOnly,
+        redirect,
+        deny
+    });
+    return ctx;
 }
 /**
  * @param {{
@@ -179,24 +200,26 @@ function createRouteContext({ request, route, params, publicUrl }) {
  *   routeModulePath: string,
  *   guardOnly?: boolean
  * }} options
- * @returns {Promise<{ publicUrl: URL, result: { kind: string, [key: string]: unknown }, trace: { guard: string, action: string, load: string }, status?: number }>}
+ * @returns {Promise<{ publicUrl: URL, result: { kind: string, [key: string]: unknown }, trace: { guard: string, action: string, load: string }, status?: number, setCookies?: string[] }>}
  */
 export async function executeRouteRequest(options) {
     const { request, route, params, routeModulePath, guardOnly = false } = options;
     const publicUrl = buildPublicUrl(request.url, route, params);
-    const ctx = createRouteContext({ request, route, params, publicUrl });
+    const ctx = createRouteContext({ request, route, params, publicUrl, guardOnly });
     const exports = await loadRouteExports(routeModulePath);
     const resolved = await resolveRouteResult({
         exports,
         ctx,
         filePath: route.file || route.server_script_path || route.path,
-        guardOnly
+        guardOnly,
+        routeKind: route.route_kind === 'resource' ? 'resource' : 'page'
     });
     return {
         publicUrl,
         result: resolved.result,
         trace: resolved.trace,
-        status: resolved.status
+        status: resolved.status,
+        setCookies: Array.isArray(resolved.setCookies) ? resolved.setCookies : []
     };
 }
 /**
@@ -214,24 +237,26 @@ export async function executeRouteRequest(options) {
 export async function renderRouteRequest(options) {
     const { request, route, params, routeModulePath, shellHtmlPath, imageManifestPath = null, imageConfig = {} } = options;
     try {
-        const { publicUrl, result, status } = await executeRouteRequest({
+        const { publicUrl, result, status, setCookies = [] } = await executeRouteRequest({
             request,
             route,
             params,
             routeModulePath
         });
         if (result.kind === 'redirect') {
+            const headers = new Headers({
+                Location: appLocalRedirectLocation(result.location, route.base_path || '/'),
+                'Cache-Control': 'no-store'
+            });
+            appendSetCookieHeaders(headers, setCookies);
             return new Response('', {
                 status: Number.isInteger(result.status) ? result.status : 302,
-                headers: {
-                    Location: appLocalRedirectLocation(result.location, route.base_path || '/'),
-                    'Cache-Control': 'no-store'
-                }
+                headers
             });
         }
         if (result.kind === 'deny') {
             const status = Number.isInteger(result.status) ? result.status : 403;
-            return createTextResponse(status, clientFacingRouteMessage(status, result.message));
+            return createTextResponse(status, clientFacingRouteMessage(status, result.message), setCookies);
         }
         const ssrPayload = result.kind === 'data' && result.data && typeof result.data === 'object' && !Array.isArray(result.data)
             ? result.data
@@ -248,11 +273,13 @@ export async function renderRouteRequest(options) {
         });
         html = injectSsrPayload(html, ssrPayload);
         html = injectImageRuntimePayload(html, imagePayload);
+        const headers = new Headers({
+            'Content-Type': 'text/html; charset=utf-8'
+        });
+        appendSetCookieHeaders(headers, setCookies);
         return new Response(html, {
             status: Number.isInteger(status) ? status : 200,
-            headers: {
-                'Content-Type': 'text/html; charset=utf-8'
-            }
+            headers
         });
     }
     catch (error) {
@@ -260,3 +287,28 @@ export async function renderRouteRequest(options) {
         return createTextResponse(500, defaultRouteDenyMessage(500));
     }
 }
+/**
+ * @param {{
+ *   request: Request,
+ *   route: { path: string, params?: string[], route_id?: string | null, server_script_path?: string | null, file?: string | null, route_kind?: string | null, base_path?: string | null },
+ *   params: Record<string, string>,
+ *   routeModulePath: string
+ * }} options
+ * @returns {Promise<Response>}
+ */
+export async function renderResourceRouteRequest(options) {
+    const { request, route, params, routeModulePath } = options;
+    try {
+        const { result, setCookies = [] } = await executeRouteRequest({
+            request,
+            route: { ...route, route_kind: 'resource' },
+            params,
+            routeModulePath
+        });
+        return createResourceResponse(result, route.base_path || '/', setCookies);
+    }
+    catch (error) {
+        logServerException('node resource route render failed', error);
+        return createTextResponse(500, defaultRouteDenyMessage(500));
+    }
+}

package/dist/server-script-composition.d.ts

@@ -1,12 +1,12 @@
 /**
  * @param {{
  *   sourceFile: string,
- *   inlineServerScript?: { source: string, prerender: boolean, has_guard: boolean, has_load: boolean, has_action: boolean, source_path: string } | null,
+ *   inlineServerScript?: { source: string, prerender: boolean, has_guard: boolean, has_load: boolean, has_action: boolean, source_path: string, export_paths?: string[] } | null,
  *   adjacentGuardPath?: string | null,
  *   adjacentLoadPath?: string | null,
  *   adjacentActionPath?: string | null
  * }} input
- * @returns {{ serverScript: { source: string, prerender: boolean, has_guard: boolean, has_load: boolean, has_action: boolean, source_path: string } | null, guardPath: string | null, loadPath: string | null, actionPath: string | null }}
+ * @returns {{ serverScript: { source: string, prerender: boolean, has_guard: boolean, has_load: boolean, has_action: boolean, source_path: string, export_paths?: string[] } | null, guardPath: string | null, loadPath: string | null, actionPath: string | null }}
  */
 export function composeServerScriptEnvelope({ sourceFile, inlineServerScript, adjacentGuardPath, adjacentLoadPath, adjacentActionPath }: {
     sourceFile: string;
@@ -17,6 +17,7 @@ export function composeServerScriptEnvelope({ sourceFile, inlineServerScript, ad
         has_load: boolean;
         has_action: boolean;
         source_path: string;
+        export_paths?: string[];
     } | null;
     adjacentGuardPath?: string | null;
     adjacentLoadPath?: string | null;
@@ -29,6 +30,7 @@ export function composeServerScriptEnvelope({ sourceFile, inlineServerScript, ad
         has_load: boolean;
         has_action: boolean;
         source_path: string;
+        export_paths?: string[];
     } | null;
     guardPath: string | null;
     loadPath: string | null;

package/dist/server-script-composition.js

@@ -65,12 +65,12 @@ function classifyInlineServerSource(source) {
 /**
  * @param {{
  *   sourceFile: string,
- *   inlineServerScript?: { source: string, prerender: boolean, has_guard: boolean, has_load: boolean, has_action: boolean, source_path: string } | null,
+ *   inlineServerScript?: { source: string, prerender: boolean, has_guard: boolean, has_load: boolean, has_action: boolean, source_path: string, export_paths?: string[] } | null,
  *   adjacentGuardPath?: string | null,
  *   adjacentLoadPath?: string | null,
  *   adjacentActionPath?: string | null
  * }} input
- * @returns {{ serverScript: { source: string, prerender: boolean, has_guard: boolean, has_load: boolean, has_action: boolean, source_path: string } | null, guardPath: string | null, loadPath: string | null, actionPath: string | null }}
+ * @returns {{ serverScript: { source: string, prerender: boolean, has_guard: boolean, has_load: boolean, has_action: boolean, source_path: string, export_paths?: string[] } | null, guardPath: string | null, loadPath: string | null, actionPath: string | null }}
  */
 export function composeServerScriptEnvelope({ sourceFile, inlineServerScript = null, adjacentGuardPath = null, adjacentLoadPath = null, adjacentActionPath = null }) {
     const inlineSource = String(inlineServerScript?.source || '').trim();
@@ -128,7 +128,10 @@ export function composeServerScriptEnvelope({ sourceFile, inlineServerScript = n
             has_guard: inlineHasGuard || Boolean(adjacentGuardPath),
             has_load: inlineHasLoad || Boolean(adjacentLoadPath),
             has_action: inlineHasAction || Boolean(adjacentActionPath),
-            source_path: sourceFile
+            source_path: sourceFile,
+            export_paths: Array.isArray(inlineServerScript?.export_paths)
+                ? [...inlineServerScript.export_paths]
+                : []
         },
         guardPath: adjacentGuardPath,
         loadPath: adjacentLoadPath,

package/dist/static-export-paths.d.ts

@@ -0,0 +1,3 @@
+export function extractStaticExportPaths(source: any, sourceFile: any): string[] | null;
+export function validateStaticExportPaths(routePath: any, exportPaths: any, sourceFile: any): string[];
+export function toStaticHtmlFilePath(pathname: any): string;

package/dist/static-export-paths.js

@@ -0,0 +1,160 @@
+import { resolveRequestRoute } from './server/resolve-request-route.js';
+function skipWhitespace(source, start) {
+    let index = start;
+    while (index < source.length) {
+        const char = source[index];
+        if (/\s/.test(char)) {
+            index += 1;
+            continue;
+        }
+        if (source.startsWith('//', index)) {
+            const nextLine = source.indexOf('\n', index + 2);
+            return nextLine === -1 ? source.length : skipWhitespace(source, nextLine + 1);
+        }
+        if (source.startsWith('/*', index)) {
+            const close = source.indexOf('*/', index + 2);
+            if (close === -1) {
+                throw new Error('[Zenith] Unterminated block comment in exportPaths literal.');
+            }
+            index = close + 2;
+            continue;
+        }
+        break;
+    }
+    return index;
+}
+function parseQuotedStringLiteral(source, start, sourceFile) {
+    const quote = source[start];
+    if (quote !== '"' && quote !== '\'') {
+        throw new Error(`[Zenith] ${sourceFile}: exportPaths must be a literal array of string paths.`);
+    }
+    let index = start + 1;
+    let value = '';
+    while (index < source.length) {
+        const char = source[index];
+        if (char === '\\') {
+            const next = source[index + 1];
+            if (next === undefined) {
+                throw new Error(`[Zenith] ${sourceFile}: exportPaths contains an invalid escape sequence.`);
+            }
+            value += char + next;
+            index += 2;
+            continue;
+        }
+        if (char === quote) {
+            try {
+                return {
+                    value: JSON.parse(`"${value.replace(/"/g, '\\"')}"`),
+                    nextIndex: index + 1
+                };
+            }
+            catch {
+                throw new Error(`[Zenith] ${sourceFile}: exportPaths contains an invalid string literal.`);
+            }
+        }
+        if (char === '\n' || char === '\r') {
+            throw new Error(`[Zenith] ${sourceFile}: exportPaths string literals must stay on one line.`);
+        }
+        value += char;
+        index += 1;
+    }
+    throw new Error(`[Zenith] ${sourceFile}: exportPaths contains an unterminated string literal.`);
+}
+function parseStringArrayLiteral(source, start, sourceFile) {
+    if (source[start] !== '[') {
+        throw new Error(`[Zenith] ${sourceFile}: exportPaths must be assigned a literal array of string paths.`);
+    }
+    const values = [];
+    let index = start + 1;
+    while (index < source.length) {
+        index = skipWhitespace(source, index);
+        if (source[index] === ']') {
+            return { values, nextIndex: index + 1 };
+        }
+        const parsed = parseQuotedStringLiteral(source, index, sourceFile);
+        values.push(parsed.value);
+        index = skipWhitespace(source, parsed.nextIndex);
+        if (source[index] === ',') {
+            index += 1;
+            continue;
+        }
+        if (source[index] === ']') {
+            return { values, nextIndex: index + 1 };
+        }
+        throw new Error(`[Zenith] ${sourceFile}: exportPaths must be a comma-delimited literal array of string paths.`);
+    }
+    throw new Error(`[Zenith] ${sourceFile}: exportPaths array is missing a closing "]".`);
+}
+function normalizeConcretePath(value, sourceFile) {
+    if (typeof value !== 'string') {
+        throw new Error(`[Zenith] ${sourceFile}: exportPaths entries must be strings.`);
+    }
+    const trimmed = value.trim();
+    if (!trimmed.startsWith('/')) {
+        throw new Error(`[Zenith] ${sourceFile}: exportPaths entries must start with "/".`);
+    }
+    if (trimmed.includes('://') || trimmed.startsWith('//')) {
+        throw new Error(`[Zenith] ${sourceFile}: exportPaths entries must be same-origin pathnames.`);
+    }
+    if (trimmed.includes('?') || trimmed.includes('#') || /[\r\n]/.test(trimmed)) {
+        throw new Error(`[Zenith] ${sourceFile}: exportPaths entries must be pathnames without query or hash.`);
+    }
+    const segments = trimmed
+        .split('/')
+        .filter(Boolean)
+        .map((segment) => segment.trim())
+        .filter((segment) => segment.length > 0);
+    for (const segment of segments) {
+        if (segment === '.' || segment === '..') {
+            throw new Error(`[Zenith] ${sourceFile}: exportPaths entries must not contain path traversal segments.`);
+        }
+        if (segment.startsWith(':') || segment.startsWith('*')) {
+            throw new Error(`[Zenith] ${sourceFile}: exportPaths entries must be concrete public URLs.`);
+        }
+    }
+    return segments.length === 0 ? '/' : `/${segments.join('/')}`;
+}
+export function extractStaticExportPaths(source, sourceFile) {
+    const match = /\bexport\s+const\s+exportPaths\b/.exec(String(source || ''));
+    if (!match) {
+        return null;
+    }
+    const equalsIndex = String(source || '').indexOf('=', match.index + match[0].length);
+    if (equalsIndex === -1) {
+        throw new Error(`[Zenith] ${sourceFile}: exportPaths must use the form export const exportPaths = [...].`);
+    }
+    const valueStart = skipWhitespace(String(source || ''), equalsIndex + 1);
+    const { values } = parseStringArrayLiteral(String(source || ''), valueStart, sourceFile);
+    return values.map((value) => normalizeConcretePath(value, sourceFile));
+}
+export function validateStaticExportPaths(routePath, exportPaths, sourceFile) {
+    if (!Array.isArray(exportPaths)) {
+        return [];
+    }
+    const deduped = [];
+    const seen = new Set();
+    for (const rawPath of exportPaths) {
+        const concretePath = normalizeConcretePath(rawPath, sourceFile);
+        if (seen.has(concretePath)) {
+            throw new Error(`[Zenith] ${sourceFile}: exportPaths contains a duplicate path "${concretePath}".`);
+        }
+        seen.add(concretePath);
+        const resolved = resolveRequestRoute(new URL(concretePath, 'http://localhost'), [{ path: routePath }]);
+        if (!resolved.matched || resolved.route?.path !== routePath) {
+            throw new Error(`[Zenith] ${sourceFile}: exportPaths entry "${concretePath}" does not match route "${routePath}".`);
+        }
+        deduped.push(concretePath);
+    }
+    return deduped;
+}
+export function toStaticHtmlFilePath(pathname) {
+    const normalized = normalizeConcretePath(pathname, 'static-export');
+    if (normalized === '/') {
+        return 'index.html';
+    }
+    const relativePath = normalized.replace(/^\//, '');
+    if (/\.[a-zA-Z0-9]+$/.test(relativePath)) {
+        return relativePath;
+    }
+    return `${relativePath}/index.html`;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zenithbuild/cli",
-  "version": "0.7.4",
+  "version": "0.7.7",
   "description": "Deterministic project orchestrator for Zenith framework",
   "license": "MIT",
   "type": "module",
@@ -38,8 +38,8 @@
     "prepublishOnly": "npm run build"
   },
   "dependencies": {
-    "@zenithbuild/compiler": "0.7.4",
-    "@zenithbuild/bundler": "0.7.4",
+    "@zenithbuild/compiler": "0.7.7",
+    "@zenithbuild/bundler": "0.7.7",
     "picocolors": "^1.1.1",
     "sharp": "^0.34.4"
   },