odac 1.4.5 → 1.4.6

package/.agent/rules/memory.md

@@ -32,6 +32,7 @@ trigger: always_on
 
 ## Dependency Management
 - **Prefer Native Fetch:** Use the native `fetch` API for network requests in both Node.js (18+) and browser environments to reduce dependencies and bundle size.
+- **Hybrid Overrides:** When using `overrides` in `package.json` for security hardening, always verify tool compatibility (especially Jest/Coverage). If a global override (e.g., `minimatch: 10.x`) breaks a critical utility (e.g., `test-exclude`), use a nested override to provide a compatible version (e.g., `3.x`) for that specific tool while keeping the rest of the project secure.
 
 ## Naming & Text Conventions
 - **ODAC Casing:** Always write "ODAC" in uppercase letters when referring to the framework name in strings, comments, log messages, or user-facing text. **EXCEPTION:** The class name itself (`class Odac`) and variable references to it should remain `Odac` (PascalCase) as per code conventions.
@@ -55,6 +56,10 @@ trigger: always_on
 
 ## Security Logic & Authentication
 - **Enterprise Token Rotation:** The `Auth.js` system utilizes a non-blocking refresh token rotation mechanism for cookies (`odac_x`/`odac_y`). To prevent race conditions during concurrent requests in high-throughput SPAs, rotated tokens are **not** immediately deleted. Instead, their `active` timestamp is set to naturally expire in 60 seconds (Grace Period), and their `date` timestamp is set to the Unix Epoch (`new Date(0)`) as an identifier mark. Never delete rotated tokens immediately.
+- **Template String Escaping:** When escaping template strings for inline JavaScript execution or translation payloads, always escape backslashes first before escaping single quotes (e.g., `.replace(/\\/g, '\\\\').replace(/'/g, "\\'")`) to prevent an injected backslash from disabling the quote escape and causing a Template Injection / XSS vulnerability.
 
 ## View Engine & SSR
-- **Auto-Navigation Injection:** The ODAC View engine (`src/View.js`) automatically parses skeleton HTML files and dynamically injects `data-odac-navigate="content"` into the element immediately wrapping `{{ CONTENT }}`. Do NOT manually add this attribute to HTML templates or assume it is missing based on static analysis, as it is handled seamlessly at runtime via SSR.
+- **Auto-Navigation Injection:** The ODAC View engine (`src/View.js`) automatically parses skeleton HTML files and dynamically injects `data-odac-navigate` attributes into ALL elements wrapping `{{ PART_NAME }}` placeholders (e.g. `{{ CONTENT }}`, `{{ SIDEBAR }}`, `{{ FOOTER }}`). Do NOT manually add these attributes to HTML templates.
+- **Smart Part Diffing (AJAX Navigation):** The AJAX navigation system uses a server-driven part diffing mechanism. The client sends its current part values via `X-Odac-Parts` header (e.g. `content=docs/intro,sidebar=docs/nav`). The server compares these with the new page's parts and only renders/returns parts whose view path has changed. Parts that are identical between pages are skipped (no re-render, no DOM update). Parts that exist on the old page but not the new page are cleared. The `parts` manifest is included in every AJAX response for the client to track state. **Exception:** The `content` part is always re-rendered regardless of view path match, since its output is URL-dependent.
+- **Part Refresh Override:** `View.set('partName', 'viewPath', { refresh: true })` forces a part to re-render on every AJAX navigation even if its view path hasn't changed. Useful for parts with request-dependent dynamic content (e.g. active menu state). The `#refresh` Set tracks which parts bypass the diffing comparison.
+- **Initial Parts State:** On first page load, the `<html>` tag receives a `data-odac-parts` JSON attribute containing the current part-to-view mapping. The client reads this to initialize its parts tracking state for subsequent AJAX navigations.

package/.releaserc.js

@@ -135,7 +135,7 @@ Powered by [⚡ ODAC](https://odac.run)
     [
       '@semantic-release/git',
       {
-        assets: ['package.json', 'CHANGELOG.md'],
+        assets: ['package.json', 'package-lock.json', 'CHANGELOG.md'],
         message: '⚡ ODAC.JS v${nextRelease.version} Released'
       }
     ],

package/CHANGELOG.md

@@ -1,3 +1,25 @@
+### ⚙️ Engine Tuning
+
+- replace global Odac reference with private instance and update dependency overrides for security hardening
+- **test/view:** remove unused CACHE_DIR variable in parseOdacTag tests
+
+### ✨ What's New
+
+- **client:** log malformed data-odac-parts JSON to ease debugging
+- **view:** smart AJAX part diffing with selective re-render
+
+### 🛠️ Fixes & Improvements
+
+- **route:** encode X-Odac-Parts header values to prevent splitting errors
+- **View:** escape single quotes in template expressions to prevent syntax errors
+- **view:** prevent template injection by escaping backslashes in dynamic parser
+
+
+
+---
+
+Powered by [⚡ ODAC](https://odac.run)
+
 ### security
 
 - **template:** add noopener to external footer links to mitigate reverse tabnabbing

package/client/odac.js

@@ -119,7 +119,7 @@ if (typeof window !== 'undefined') {
     #page = null
     #token = {hash: [], data: false}
     #formSubmitHandlers = new Map()
-    #loader = {elements: {}, callback: null}
+    #loader = {elements: {}, callback: null, parts: {}}
     #isNavigating = false
 
     constructor() {
@@ -772,20 +772,34 @@ if (typeof window !== 'undefined') {
       this.#isNavigating = true
 
       const currentSkeleton = document.documentElement.dataset.odacSkeleton
-      const elements = Object.entries(this.#loader.elements)
+
+      // Merge loader-registered elements with auto-discovered navigate elements
+      const elements = {...this.#loader.elements}
+      document.querySelectorAll('[data-odac-navigate]').forEach(el => {
+        const partName = el.getAttribute('data-odac-navigate')
+        if (!elements[partName]) elements[partName] = `[data-odac-navigate="${partName}"]`
+      })
 
       const elementsToUpdate = []
-      elements.forEach(([key, selector]) => {
+      for (const [key, selector] of Object.entries(elements)) {
         const element = document.querySelector(selector)
-        if (element) elementsToUpdate.push({key, element})
-      })
+        if (element) elementsToUpdate.push({key, element, selector})
+      }
+
+      // Build X-Odac-Parts header from current known parts
+      const partsHeader = Object.entries(this.#loader.parts)
+        .map(([k, v]) => `${k}=${encodeURIComponent(v)}`)
+        .join(',')
+
+      // Collect part keys to request from server
+      const loadKeys = Object.keys(elements)
 
       const useViewTransition = document.startViewTransition && document.querySelectorAll('[odac-transition]').length > 0
 
       if (useViewTransition) {
-        this.#loadWithViewTransition(url, callback, push, currentUrl, currentSkeleton, elementsToUpdate)
+        this.#loadWithViewTransition(url, callback, push, currentUrl, currentSkeleton, elementsToUpdate, partsHeader, loadKeys)
       } else {
-        this.#loadWithFade(url, callback, push, currentUrl, currentSkeleton, elementsToUpdate)
+        this.#loadWithFade(url, callback, push, currentUrl, currentSkeleton, elementsToUpdate, partsHeader, loadKeys)
       }
     }
 
@@ -795,17 +809,20 @@ if (typeof window !== 'undefined') {
      * names, enabling per-element morphing animations orchestrated by the browser.
      * Non-transition elements still update their content within the transition frame.
      */
-    #loadWithViewTransition(url, callback, push, currentUrl, currentSkeleton, elementsToUpdate) {
+    #loadWithViewTransition(url, callback, push, currentUrl, currentSkeleton, elementsToUpdate, partsHeader, loadKeys) {
       const oldTransitionElements = this.#applyTransitionNames()
 
+      const headers = {
+        'X-Odac': 'ajaxload',
+        'X-Odac-Load': loadKeys.join(','),
+        'X-Odac-Skeleton': currentSkeleton || ''
+      }
+      if (partsHeader) headers['X-Odac-Parts'] = partsHeader
+
       this.#ajax({
         url,
         type: 'GET',
-        headers: {
-          'X-Odac': 'ajaxload',
-          'X-Odac-Load': Object.keys(this.#loader.elements).join(','),
-          'X-Odac-Skeleton': currentSkeleton || ''
-        },
+        headers,
         dataType: 'json',
         success: (data, status, xhr) => {
           const finalUrl = xhr.responseURL || url
@@ -815,6 +832,15 @@ if (typeof window !== 'undefined') {
             return
           }
 
+          // Update tracked parts from server manifest
+          if (data.parts) this.#loader.parts = data.parts
+
+          // Determine which parts were removed by the new page
+          const removedParts = []
+          for (const {key, element} of elementsToUpdate) {
+            if (data.parts && !(key in data.parts)) removedParts.push({key, element})
+          }
+
           const transition = document.startViewTransition(() => {
             if (finalUrl !== currentUrl && push) window.history.pushState(null, document.title, finalUrl)
 
@@ -827,10 +853,16 @@ if (typeof window !== 'undefined') {
             if (data.data) this.#data = data.data
             if (data.title) document.title = this.#decodeHtmlEntities(data.title)
 
+            // Update only parts that have new content from server
             elementsToUpdate.forEach(({key, element}) => {
               if (data.output && data.output[key] !== undefined) element.innerHTML = data.output[key]
             })
 
+            // Clear removed parts
+            for (const {element} of removedParts) {
+              element.innerHTML = ''
+            }
+
             this.#applyTransitionNames()
           })
 
@@ -854,78 +886,74 @@ if (typeof window !== 'undefined') {
 
     /**
      * Performs page navigation using the legacy fade-in/fade-out animation.
-     * This is the fallback path when the View Transition API is unavailable
-     * or no `odac-transition` elements exist in the DOM.
+     * Only fades elements whose content actually changed, leaving unchanged
+     * parts (like a shared sidebar) completely untouched and visible.
      */
-    #loadWithFade(url, callback, push, currentUrl, currentSkeleton, elementsToUpdate) {
-      let ajaxData = null,
-        ajaxXhr = null,
-        fadeOutComplete = false,
-        ajaxComplete = false
-
-      const applyUpdate = () => {
-        if (!fadeOutComplete || !ajaxComplete || !ajaxData) return
-
-        const finalUrl = ajaxXhr.responseURL || url
-        if (ajaxData.skeletonChanged) {
-          window.location.href = finalUrl
-          return
-        }
-        if (finalUrl !== currentUrl && push) window.history.pushState(null, document.title, finalUrl)
-
-        const newPage = ajaxXhr.getResponseHeader('X-Odac-Page')
-        if (newPage !== null) {
-          this.#page = newPage
-          document.documentElement.dataset.odacPage = newPage
-        }
-
-        if (ajaxData.data) this.#data = ajaxData.data
-        if (ajaxData.title) document.title = this.#decodeHtmlEntities(ajaxData.title)
-
-        if (elementsToUpdate.length === 0) {
-          this.#handleLoadComplete(ajaxData, callback)
-          return
-        }
-
-        let completed = 0
-        elementsToUpdate.forEach(({key, element}) => {
-          if (ajaxData.output && ajaxData.output[key] !== undefined) element.innerHTML = ajaxData.output[key]
-          this.#fadeIn(element, 200, () => {
-            completed++
-            if (completed === elementsToUpdate.length) this.#handleLoadComplete(ajaxData, callback)
-          })
-        })
-      }
-
-      if (elementsToUpdate.length > 0) {
-        let fadeOutCount = 0
-        elementsToUpdate.forEach(({element}) => {
-          this.#fadeOut(element, 200, () => {
-            fadeOutCount++
-            if (fadeOutCount === elementsToUpdate.length) {
-              fadeOutComplete = true
-              applyUpdate()
-            }
-          })
-        })
-      } else {
-        fadeOutComplete = true
+    #loadWithFade(url, callback, push, currentUrl, currentSkeleton, elementsToUpdate, partsHeader, loadKeys) {
+      const headers = {
+        'X-Odac': 'ajaxload',
+        'X-Odac-Load': loadKeys.join(','),
+        'X-Odac-Skeleton': currentSkeleton || ''
       }
+      if (partsHeader) headers['X-Odac-Parts'] = partsHeader
 
       this.#ajax({
         url,
         type: 'GET',
-        headers: {
-          'X-Odac': 'ajaxload',
-          'X-Odac-Load': Object.keys(this.#loader.elements).join(','),
-          'X-Odac-Skeleton': currentSkeleton || ''
-        },
+        headers,
         dataType: 'json',
         success: (data, status, xhr) => {
-          ajaxData = data
-          ajaxXhr = xhr
-          ajaxComplete = true
-          applyUpdate()
+          const finalUrl = xhr.responseURL || url
+          if (data.skeletonChanged) {
+            window.location.href = finalUrl
+            return
+          }
+          if (finalUrl !== currentUrl && push) window.history.pushState(null, document.title, finalUrl)
+
+          const newPage = xhr.getResponseHeader('X-Odac-Page')
+          if (newPage !== null) {
+            this.#page = newPage
+            document.documentElement.dataset.odacPage = newPage
+          }
+
+          if (data.data) this.#data = data.data
+          if (data.title) document.title = this.#decodeHtmlEntities(data.title)
+          if (data.parts) this.#loader.parts = data.parts
+
+          // Classify elements: changed, removed, or unchanged
+          const changedParts = []
+          const removedParts = []
+
+          for (const {key, element} of elementsToUpdate) {
+            if (data.output && data.output[key] !== undefined) {
+              changedParts.push({key, element})
+            } else if (data.parts && !(key in data.parts)) {
+              removedParts.push({key, element})
+            }
+          }
+
+          // Clear removed parts immediately
+          for (const {element} of removedParts) {
+            element.innerHTML = ''
+          }
+
+          // No changed parts — complete immediately
+          if (changedParts.length === 0) {
+            this.#handleLoadComplete(data, callback)
+            return
+          }
+
+          // Fade out only changed parts, then swap content and fade in
+          let fadeOutCount = 0
+          changedParts.forEach(({key, element}) => {
+            this.#fadeOut(element, 200, () => {
+              element.innerHTML = data.output[key]
+              this.#fadeIn(element, 200, () => {
+                fadeOutCount++
+                if (fadeOutCount === changedParts.length) this.#handleLoadComplete(data, callback)
+              })
+            })
+          })
         },
         error: () => {
           this.#isNavigating = false
@@ -974,9 +1002,10 @@ if (typeof window !== 'undefined') {
       }
     }
 
-    loader(selector, elements, callback) {
+    loader(selector, elements, callback, initialParts) {
       this.#loader.elements = elements
       this.#loader.callback = callback
+      if (initialParts) this.#loader.parts = initialParts
       const odacInstance = this
 
       this.#on(document, 'click', selector, function (e) {
@@ -1152,10 +1181,28 @@ if (typeof window !== 'undefined') {
   window.Odac = new _odac()
   ;(function initAutoNavigate() {
     const init = () => {
-      const contentEl = document.querySelector('[data-odac-navigate="content"]')
-      if (contentEl) {
-        window.Odac.loader('a[href^="/"]:not([data-navigate="false"]):not(.no-navigate)', {content: '[data-odac-navigate="content"]'}, null)
+      const navigateElements = document.querySelectorAll('[data-odac-navigate]')
+      if (navigateElements.length === 0) return
+
+      const elements = {}
+      navigateElements.forEach(el => {
+        const partName = el.getAttribute('data-odac-navigate')
+        elements[partName] = `[data-odac-navigate="${partName}"]`
+      })
+
+      // Initialize parts state from server-rendered data attribute
+      const partsAttr = document.documentElement.dataset.odacParts
+      let initialParts = {}
+      if (partsAttr) {
+        try {
+          initialParts = JSON.parse(partsAttr)
+        } catch (e) {
+          console.error('Odac: Failed to parse data-odac-parts attribute.', e)
+          // Graceful fallback if attribute is malformed
+        }
       }
+
+      window.Odac.loader('a[href^="/"]:not([data-navigate="false"]):not(.no-navigate)', elements, null, initialParts)
     }
     document.readyState === 'loading' ? document.addEventListener('DOMContentLoaded', init) : init()
   })()

package/docs/ai/skills/backend/views.md

@@ -1,45 +1,106 @@
 ---
 name: backend-views-templates-skill
-description: ODAC server-side rendering guidelines for template performance, skeleton layouts, and safe output rendering.
+description: ODAC server-side rendering guidelines for skeleton layouts, smart part diffing, template syntax, and safe output rendering.
 metadata:
-  tags: backend, views, templates, ssr, xss-protection, skeleton, rendering
+  tags: backend, views, templates, ssr, xss-protection, skeleton, rendering, part-diffing, ajax-navigation
 ---
 
 # Backend Views & Templates Skill
 
-High-performance server-side rendering using ODAC's optimized template engine.
+High-performance server-side rendering using ODAC's optimized template engine with smart AJAX part diffing.
 
 ## Architectural Approach
-Views in ODAC are logic-light but powerful. They support automatic XSS protection, high-performance looping, and server-side JavaScript execution via `<script:odac>`.
+Views in ODAC are logic-light but powerful. They support automatic XSS protection, high-performance looping, server-side JavaScript execution via `<script:odac>`, and a smart AJAX navigation system that only updates parts of the page that actually changed.
 
 ## Core Rules
 1.  **Skeleton Architecture**: Use `Odac.View.skeleton('name')` to wrap content in a layout.
-2.  **Data Binding — Two Equivalent Syntaxes**:
+2.  **Part Setting**: Use `Odac.View.set(partName, viewPath)` to fill skeleton placeholders.
+3.  **Data Binding — Two Equivalent Syntaxes**:
     -   `<odac var="key" />`: Tag-based output (HTML-escaped, XSS-safe).
     -   `{{ key }}`: Inline/interpolation output (HTML-escaped, XSS-safe). Identical behavior to `<odac var>`.
-    -   `<odac var="key" raw />` or `{!! key !!}`: Raw output (Use with extreme caution).
-3.  **Choosing the Right Syntax**:
-    -   **Inside HTML attributes** (`src`, `alt`, `href`, `class`, `value`, etc.) → Always prefer `{{ }}`. It reads naturally and keeps markup clean.
+    -   `<odac var="key" raw />` or `{!! key !!}`: Raw output (use with extreme caution).
+4.  **Choosing the Right Syntax**:
+    -   **Inside HTML attributes** (`src`, `alt`, `href`, `class`, `value`, etc.) → Always prefer `{{ }}`.
     -   **Inline within text or mixed HTML** → Prefer `{{ }}` for short interpolations.
-    -   **Standalone block output** (the variable is the only content of an element) → Prefer `<odac var="" />` for structural clarity and IDE support.
-    -   Both syntaxes compile to the same engine output. The choice is about readability, not functionality.
-4.  **Conditionals**: Use `<odac:if condition="VAR"> ... </odac:if>`.
-5.  **Looping**: Use `<odac:for in="ARRAY" value="ITEM"> ... </odac:for>` or the performance-optimized `[[odac_for ...]]`.
-6.  **Server-Side JS**: Use `<script:odac>` for complex calculations during rendering.
+    -   **Standalone block output** → Prefer `<odac var="" />` for structural clarity.
+5.  **Conditionals**: Use `<odac:if condition="VAR"> ... </odac:if>`.
+6.  **Looping**: Use `<odac:for in="ARRAY" value="ITEM"> ... </odac:for>`.
+7.  **Server-Side JS**: Use `<script:odac>` for complex calculations during rendering.
+
+## Smart Part Diffing (AJAX Navigation)
+
+ODAC uses a **server-driven part diffing** system during AJAX navigation. Understanding this is critical for building multi-section layouts correctly.
+
+### How it works
+- The client tracks which view file each part is currently showing.
+- On every AJAX navigation, it sends this state to the server via `X-Odac-Parts`.
+- The server compares the new page's parts against the client's current state and **only renders parts that changed**.
+- The client only updates DOM elements that received new content.
+
+### Rules
+| Scenario | Behavior |
+|----------|----------|
+| Part view path unchanged | Skipped — not re-rendered, DOM untouched |
+| Part view path changed | Re-rendered and DOM updated |
+| Part removed on new page | DOM element content cleared |
+| Skeleton changed | Full page reload |
+| `content` part | **Always** re-rendered (URL-dependent by nature) |
+
+### Force-refresh a part
+If a part's view path stays the same but its rendered output changes per request (e.g. a sidebar with an active menu state):
+
+```javascript
+// Always re-renders on AJAX navigation even if view path is unchanged
+Odac.View.set('sidebar', 'docs.nav', { refresh: true })
+```
+
+### Skeleton placeholder rules
+- Each `{{ PLACEHOLDER }}` must be wrapped in its own HTML element.
+- The engine auto-injects `data-odac-navigate` on wrapper elements — do not add manually.
+- Unset placeholders are silently removed from the final HTML output.
+
+```html
+<!-- skeleton/main.html -->
+<aside>{{ SIDEBAR }}</aside>   <!-- auto-gets data-odac-navigate="sidebar" -->
+<main>{{ CONTENT }}</main>     <!-- auto-gets data-odac-navigate="content" -->
+```
 
 ## Reference Patterns
 
-### 1. The Controller to View Flow
+### 1. Standard Page with Shared Layout
+```javascript
+// controller/docs/page.js
+module.exports = function (Odac) {
+  Odac.View
+    .skeleton('main')
+    .set('sidebar', 'docs.nav')   // shared — skipped if unchanged on next navigate
+    .set('content', 'docs.intro') // always re-rendered
+}
+```
+
+### 2. Sidebar with Active State (force refresh)
 ```javascript
-// Controller
-Odac.View.skeleton('main');
-Odac.View.set({
-  title: 'Dashboard',
-  stats: { users: 150, orders: 45 }
-});
+// controller/docs/page.js
+module.exports = function (Odac) {
+  Odac.View
+    .skeleton('main')
+    .set('sidebar', 'docs.nav', { refresh: true }) // re-renders every navigate
+    .set('content', 'docs.intro')
+}
 ```
 
-### 2. Template Syntax Reference
+### 3. Page Without Sidebar
+```javascript
+// controller/home.js — navigating here clears the sidebar DOM element
+module.exports = function (Odac) {
+  Odac.View
+    .skeleton('main')
+    .set('content', 'home')
+  // sidebar not set → its DOM element is emptied on AJAX navigation
+}
+```
+
+### 4. Template Syntax Reference
 ```html
 <!-- Standalone block output — prefer <odac var> -->
 <h1><odac var="title" /></h1>
@@ -47,47 +108,33 @@ Odac.View.set({
 <!-- Inside attributes — prefer {{ }} -->
 <img src="{{ product.image }}" alt="{{ product.name }}">
 <a href="/user/{{ user.id }}" class="btn {{ isActive ? 'active' : '' }}">Profile</a>
-<input type="text" value="{{ query }}">
 
-<!-- Inline text interpolation — prefer {{ }} -->
+<!-- Inline text interpolation -->
 <p>Welcome, {{ user.name }}. You have {{ notifications }} new messages.</p>
-<span>${{ product.price }}</span>
 
 <!-- Conditional -->
 <odac:if condition="stats.users > 100">
   <span class="badge">Popular!</span>
 </odac:if>
 
-<!-- Performance Loop -->
-[[odac_for user in users]]
+<!-- Loop -->
+<odac:for in="users" value="user">
   <li>{{ user.name }}</li>
-[[odac_endfor]]
+</odac:for>
 ```
 
-### 3. Backend JavaScript (`<script:odac>`)
-Perfect for calculations that shouldn't clutter the controller but are too complex for simple tags.
+### 5. Backend JavaScript (`<script:odac>`)
 ```html
 <script:odac>
-  // Runs on the SERVER during rendering
-  const total = items.reduce((sum, i) => sum + i.price, 0);
-  const tax = total * 0.18;
+  const total = items.reduce((sum, i) => sum + i.price, 0)
+  const tax = total * 0.18
 </script:odac>
 
 <p>Subtotal: ${{ total }}</p>
 <p>Tax: ${{ tax }}</p>
 ```
 
-## Syntax Selection Guide
-
-| Context | Preferred Syntax | Example |
-|---------|-----------------|---------|
-| HTML attributes (`src`, `href`, `alt`, `class`, `value`) | `{{ }}` | `<img src="{{ photo.url }}" alt="{{ photo.caption }}">` |
-| Inline text within elements | `{{ }}` | `<p>Hello, {{ user.name }}</p>` |
-| Standalone element content | `<odac var />` | `<h1><odac var="title" /></h1>` |
-| Raw HTML output (trusted only) | `<odac var raw />` or `{!! !!}` | `<div><odac var="content" raw /></div>` |
-
 ## Security Best Practices
--   **Both `{{ }}` and `<odac var>` are XSS-safe**: Both apply HTML escaping by default. Use either with confidence.
+-   **Both `{{ }}` and `<odac var>` are XSS-safe**: Both apply HTML escaping by default.
 -   **Raw output requires trust**: Only use `raw` / `{!! !!}` with content you fully control. Never with user input.
 -   **Limit `<script:odac>`**: Do not perform database queries or API calls inside views; keep them in the controller.
--   **Partial Awareness**: Use `<odac:include view="path.to.view" />` for reusable components.

package/docs/ai/skills/frontend/core.md

@@ -60,11 +60,25 @@ Odac.action({
 ### 3. Data Utilities
 ```javascript
 // Accessing data shared from backend (Odac.share)
-const user = odac.data('user');
+const user = odac.data('user')
 
 // Using Storage wrapper
-odac.storage('theme', 'dark');
-const theme = odac.storage('theme');
+odac.storage('theme', 'dark')
+const theme = odac.storage('theme')
+```
+
+### 4. Programmatic Navigation
+```javascript
+// Navigate to a URL (AJAX, pushes to history)
+Odac.load('/dashboard')
+
+// Navigate without history entry
+Odac.load('/dashboard', null, false)
+
+// Navigate with a post-load callback
+Odac.load('/dashboard', function(page, vars) {
+  console.log('Loaded page:', page)
+})
 ```
 
 ## Best Practices

package/docs/ai/skills/frontend/navigation.md

@@ -1,32 +1,87 @@
 ---
 name: frontend-navigation-spa-skill
-description: Single-page navigation patterns in odac.js for smooth transitions, route control, and lifecycle-safe execution.
+description: Single-page navigation patterns in odac.js including smart part diffing, smooth transitions, route control, and lifecycle-safe execution.
 metadata:
-  tags: frontend, navigation, spa, ajax-navigation, page-lifecycle, transitions, view-transitions
+  tags: frontend, navigation, spa, ajax-navigation, page-lifecycle, transitions, view-transitions, part-diffing
 ---
 
 # Frontend Navigation & SPA Skill
 
 Smooth transitions and single-page application behavior using `odac.js`.
 
+## How AJAX Navigation Works
+
+ODAC's navigation system is **zero-config** and **server-driven**. On first page load, the framework automatically:
+1. Detects all skeleton placeholder wrapper elements (those with `data-odac-navigate` attributes injected by the server).
+2. Registers click handlers on all internal links.
+3. Reads the initial parts state from `data-odac-parts` on the `<html>` element.
+
+On every subsequent navigation:
+1. The client sends the current parts state to the server via `X-Odac-Parts`.
+2. The server returns only the parts that changed (`output`) plus the new parts manifest (`parts`).
+3. The client fades out and updates only the changed elements. Unchanged parts (e.g. a shared sidebar) are never touched.
+
 ## Rules
-1.  **Selection**: Enable via `Odac.action({ navigate: 'main' })`.
-2.  **Exclusion**: Use `data-navigate="false"` or `.no-navigate` class for full reloads.
-3.  **Lifecycle**: Use `load` and `page` events to run code after navigation.
-4.  **View Transitions**: Add `odac-transition` attribute to elements for native browser View Transition API animations. Zero-config — no JS setup required.
+1.  **Zero-config auto-navigation**: Works automatically when the skeleton has `data-odac-navigate` elements. No `Odac.action()` call needed for basic navigation.
+2.  **Manual setup**: Use `Odac.action({ navigate: ... })` to customize selectors, update targets, or add callbacks.
+3.  **Exclusion**: Use `data-navigate="false"` attribute or `.no-navigate` class on links to force full page reloads.
+4.  **Lifecycle**: Use `load` and `page` events to run code after navigation.
+5.  **View Transitions**: Add `odac-transition` attribute to elements for native browser View Transition API animations.
 
 ## Patterns
+
+### Auto-navigation (zero-config)
+No setup required. As long as the skeleton has properly wrapped placeholders, navigation is automatic.
+
+### Manual navigation setup
 ```javascript
 Odac.action({
   navigate: {
-    update: 'main',
+    update: 'main',           // CSS selector of the element to update
     on: function(page, vars) {
-      console.log('Navigated to:', page);
+      console.log('Navigated to:', page)
     }
   }
-});
+})
+```
+
+### Programmatic navigation
+```javascript
+// Navigate to a URL programmatically
+Odac.load('/docs/getting-started')
+
+// Navigate without pushing to history
+Odac.load('/docs/getting-started', null, false)
+
+// Navigate with a callback
+Odac.load('/docs/getting-started', function(page, vars) {
+  console.log('Loaded:', page)
+})
+```
+
+### Excluding links from AJAX navigation
+```html
+<!-- Full reload for this link -->
+<a href="/logout" data-navigate="false">Logout</a>
+
+<!-- Full reload via class -->
+<a href="/external-page" class="no-navigate">External</a>
 ```
 
+## Smart Part Diffing Behavior
+
+The client automatically handles these scenarios without any configuration:
+
+| Scenario | Client behavior |
+|----------|----------------|
+| Sidebar unchanged between pages | Sidebar DOM untouched, no flicker |
+| Sidebar changes between pages | Sidebar fades out → new content → fades in |
+| Sidebar removed on new page | Sidebar element content cleared |
+| Skeleton changes | Full page reload |
+| `content` part | Always updated |
+
+The fade animation only runs on elements that actually receive new content. Unchanged parts stay fully visible throughout the navigation.
+
 ## View Transitions (Native Browser API)
 
 Elements with the `odac-transition` attribute automatically use the browser's View Transition API instead of the legacy fade animation. The attribute value becomes the `view-transition-name`, enabling per-element morphing between pages.
@@ -47,7 +102,6 @@ Elements with the `odac-transition` attribute automatically use the browser's Vi
 
 ### CSS Customization
 ```css
-/* Target a specific element's transition */
 ::view-transition-old(hero) {
   animation: fade-out 0.3s ease;
 }
@@ -55,7 +109,6 @@ Elements with the `odac-transition` attribute automatically use the browser's Vi
   animation: fade-in 0.3s ease;
 }
 
-/* Slide sidebar from left */
 ::view-transition-old(sidebar) {
   animation: slide-out-left 0.25s ease;
 }
@@ -66,6 +119,6 @@ Elements with the `odac-transition` attribute automatically use the browser's Vi
 
 ### Rules
 1. Each `odac-transition` value must be unique within the page.
-2. Elements persist across navigations (e.g., shared header) for smooth morphing.
+2. Elements that persist across navigations (e.g. shared header) produce smooth morphing animations.
 3. No JavaScript configuration needed — attribute-only setup.
 4. Falls back to fade animation gracefully on unsupported browsers.

package/docs/backend/07-views/01-the-view-directory.md

@@ -42,15 +42,16 @@ Example: `skeleton/main.html`
 
 **Important Rules for Placeholders:**
 
-1. **Each placeholder must be wrapped in HTML tags** - This allows AJAX to identify and update specific sections
-2. **Never place placeholders directly next to each other** - Bad: `{{ HEADER }}{{ CONTENT }}`, Good: `<header>{{ HEADER }}</header><main>{{ CONTENT }}</main>`
-3. **Placeholders are uppercase** - `{{ HEADER }}`, `{{ CONTENT }}`, `{{ FOOTER }}`
-4. **Use semantic HTML tags** - `<header>`, `<main>`, `<footer>`, `<aside>`, `<nav>`, etc.
+1. **Each placeholder must be wrapped in its own HTML tag** — This allows the AJAX navigation system to identify and independently update each section.
+2. **Never place placeholders directly next to each other** — Bad: `{{ HEADER }}{{ CONTENT }}`, Good: `<header>{{ HEADER }}</header><main>{{ CONTENT }}</main>`
+3. **Placeholders are uppercase** — `{{ HEADER }}`, `{{ CONTENT }}`, `{{ FOOTER }}`
+4. **Use semantic HTML tags** — `<header>`, `<main>`, `<footer>`, `<aside>`, `<nav>`, etc.
+5. **Unset placeholders are automatically removed** — If a controller does not call `set('sidebar', ...)`, the `{{ SIDEBAR }}` placeholder is silently removed from the output. No stale text leaks into the HTML.
 
 **Why wrap in tags?**
-When using AJAX navigation, the system needs to identify which part of the page to update. HTML tags provide clear boundaries for each section.
+When using AJAX navigation, the system automatically injects `data-odac-navigate` attributes onto the wrapper elements of each placeholder. This enables the smart part-diffing engine to update only the sections that actually changed between navigations.
 
-**Note:** Skeleton files currently support only view part placeholders (uppercase). For dynamic content like page titles, use a view part for the `<head>` section or set them in individual view files.
+**Note:** Skeleton files support only view part placeholders (uppercase). For dynamic content like page titles, use a view part for the `<head>` section or place a `<title>` tag inside the content view.
 
 ### View Files
 
@@ -66,8 +67,29 @@ view/
 ├── content/
 │   ├── home.html
 │   └── about.html
+├── sidebar/
+│   └── docs.html
 └── footer/
     └── main.html
 ```
 
+### Smart AJAX Navigation & Part Diffing
 
+When navigating between pages via AJAX, ODAC uses a **server-driven part diffing** system to minimize unnecessary work:
+
+- **Unchanged parts are skipped** — If `sidebar` points to the same view file on both the current and next page, the server does not re-render it and the client does not update its DOM. The sidebar stays visible and untouched.
+- **Changed parts are updated** — Only parts whose view path changed are rendered and sent to the client.
+- **Removed parts are cleared** — If the next page does not set a part that the current page had (e.g. navigating away from a page with a sidebar), that element's content is emptied.
+- **`content` is always refreshed** — Because content views are typically URL-dependent (e.g. `/{id}`), the `content` part is always re-rendered regardless of view path.
+- **Skeleton change triggers full reload** — If the next page uses a different skeleton, a full page navigation is performed automatically.
+
+This means a shared sidebar, header, or footer that does not change between pages will never flicker or reload during AJAX navigation.
+
+#### Force-refresh a part
+
+If a part's view path stays the same but its rendered output changes per request (e.g. a sidebar with an active menu state), mark it with `{ refresh: true }`:
+
+```javascript
+// This sidebar will re-render on every navigation even if the view path is unchanged
+Odac.View.set('sidebar', 'docs.nav', { refresh: true })
+```

package/docs/backend/07-views/02-rendering-a-view.md

@@ -70,6 +70,17 @@ Odac.View
 
 In this case, placeholders like `{{ HEADER }}`, `{{ CONTENT }}`, `{{ FOOTER }}` in the skeleton are automatically matched with `view/home/header.html`, `view/home/content.html`, `view/home/footer.html` files.
 
+### 6. Force-Refreshing a Part
+
+By default, ODAC's smart diffing skips re-rendering a part if its view path hasn't changed between navigations. If a part's output is request-dependent (e.g. a sidebar that highlights the active menu item), use `{ refresh: true }` to always re-render it:
+
+```javascript
+// Sidebar re-renders on every AJAX navigation regardless of view path
+Odac.View.set('sidebar', 'docs.nav', { refresh: true })
+```
+
+This option is only relevant for AJAX navigations. Full page loads always render all parts.
+
 ### Setting Dynamic Page Titles and Meta Tags
 
 Since skeleton files only support view part placeholders, you have two approaches for dynamic titles:
@@ -101,8 +112,6 @@ Create a separate view part for the `<head>` section:
 </html>
 ```
 
-**Note:** Each placeholder is wrapped in an HTML tag so AJAX can identify and update specific sections.
-
 **Head View (view/head/main.html):**
 ```html
 <head>
@@ -122,15 +131,13 @@ module.exports = async function (Odac) {
     .where('id', productId)
     .first()
   
-  // Set dynamic title and description
   Odac.pageTitle = product ? `${product.name} - My Store` : 'Product Not Found'
   Odac.pageDescription = product ? product.short_description : ''
-  
   Odac.product = product
   
   Odac.View.set({
     skeleton: 'main',
-    head: 'main',        // Include dynamic head
+    head: 'main',
     header: 'main',
     content: 'product.detail',
     footer: 'main'
@@ -142,21 +149,6 @@ module.exports = async function (Odac) {
 
 Include the title tag in your content view:
 
-**Skeleton (skeleton/simple.html):**
-```html
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <link rel="stylesheet" href="/assets/css/style.css">
-</head>
-<body>
-    {{ CONTENT }}
-</body>
-</html>
-```
-
 **Content View (view/content/product.html):**
 ```html
 <title>{{ Odac.product.name }} - My Store</title>
@@ -167,7 +159,7 @@ Include the title tag in your content view:
 </div>
 ```
 
-**Note:** This approach is less clean but works for simple cases.
+The AJAX navigation system automatically extracts the `<title>` tag from the rendered content and updates `document.title`.
 
 ### Important Notes
 
@@ -175,5 +167,6 @@ Include the title tag in your content view:
 - Skeleton files should be in the `skeleton/` directory, view files in the `view/` directory
 - Placeholders for view parts are written in uppercase: `{{ HEADER }}`, `{{ CONTENT }}`, etc.
 - View part names are specified in lowercase: `header`, `content`, etc.
-- Variables in skeleton/views are accessed via `Odac` object: `{{ Odac.variableName }}`
-- You don't need to use `return` from the controller, `Odac.View.set()` automatically initiates the rendering process
+- Variables in views are accessed via the `Odac` object: `{{ Odac.variableName }}`
+- Unset placeholders are silently removed from the final HTML output
+- You don't need to call `return` from the controller — `Odac.View.set()` automatically initiates rendering

package/package.json

@@ -1,13 +1,13 @@
 {
   "name": "odac",
-  "description": "⚡ Next-Gen Server & Framework: Web, DNS, Mail, SSL & Monitoring in one CLI.",
+  "description": "Lightweight, high-performance Node.js framework for building modern web applications with built-in routing, auth, database, templating, WebSocket, i18n and zero-config Tailwind CSS.",
   "homepage": "https://odac.run",
   "author": {
     "name": "emre.red",
     "email": "mail@emre.red",
     "url": "https://emre.red"
   },
-  "version": "1.4.5",
+  "version": "1.4.6",
   "license": "MIT",
   "engines": {
     "node": ">=18.0.0"
@@ -27,14 +27,38 @@
     "tailwindcss": "^4.1.18"
   },
   "optionalDependencies": {
+    "sharp": "^0.33.0"
+  },
+  "peerDependencies": {
     "mysql2": "^3.16.0",
     "pg": "^8.16.3",
     "redis": "^5.10.0",
-    "sharp": "^0.33.0"
+    "sqlite3": "^6.0.0"
+  },
+  "peerDependenciesMeta": {
+    "mysql2": {
+      "optional": true
+    },
+    "pg": {
+      "optional": true
+    },
+    "redis": {
+      "optional": true
+    },
+    "sqlite3": {
+      "optional": true
+    }
   },
   "overrides": {
-    "tar": "7.5.9",
-    "cross-spawn": "7.0.6"
+    "brace-expansion": "5.0.5",
+    "cross-spawn": "7.0.6",
+    "handlebars": "4.7.9",
+    "minimatch": "10.2.4",
+    "test-exclude": {
+      "minimatch": "3.1.5"
+    },
+    "picomatch": "4.0.4",
+    "tar": "7.5.13"
   },
   "devDependencies": {
     "@eslint/js": "^9.39.2",
@@ -54,7 +78,7 @@
     "lint-staged": "^16.2.7",
     "prettier": "^3.8.1",
     "semantic-release": "^25.0.3",
-    "sqlite3": "^5.1.7"
+    "sqlite3": "^6.0.1"
   },
   "scripts": {
     "lint": "eslint .",

package/src/Request.js

@@ -16,6 +16,7 @@ class OdacRequest {
   isAjaxLoad = false
   ajaxLoad = null
   clientSkeleton = null
+  clientParts = null
   page = null
 
   constructor(id, req, res, odac) {
@@ -50,11 +51,11 @@ class OdacRequest {
     this.status(code)
     let result = {401: 'Unauthorized', 404: 'Not Found', 408: 'Request Timeout'}[code] ?? null
     if (
-      global.Odac.Route.routes[this.route].error &&
-      global.Odac.Route.routes[this.route].error[code] &&
-      typeof global.Odac.Route.routes[this.route].error[code].cache === 'function'
+      this.#odac.Route?.routes?.[this.route]?.error &&
+      this.#odac.Route.routes[this.route].error[code] &&
+      typeof this.#odac.Route.routes[this.route].error[code].cache === 'function'
     )
-      result = await global.Odac.Route.routes[this.route].error[code].cache(this.#odac)
+      result = await this.#odac.Route.routes[this.route].error[code].cache(this.#odac)
     this.end(result)
   }
 

package/src/Route.js

@@ -150,6 +150,17 @@ class Route {
       }
       Odac.Request.isAjaxLoad = true
       Odac.Request.clientSkeleton = Odac.Request.header('X-Odac-Skeleton')
+
+      // Parse client's current part values for smart diffing
+      const partsHeader = Odac.Request.header('X-Odac-Parts')
+      if (partsHeader) {
+        const parts = {}
+        for (const entry of partsHeader.split(',')) {
+          const idx = entry.indexOf('=')
+          if (idx > 0) parts[entry.substring(0, idx)] = decodeURIComponent(entry.substring(idx + 1))
+        }
+        Odac.Request.clientParts = parts
+      }
     }
     if (Odac.Config?.route?.[url]) {
       // PROD CACHE HIT

package/src/View.js

@@ -103,6 +103,7 @@ class View {
     }
   }
   #part = {}
+  #refresh = new Set()
   #odac = null
 
   constructor(odac) {
@@ -148,10 +149,25 @@ class View {
         }
       }
 
-      // Render requested elements
+      // Build current parts manifest (part name → view path)
+      const currentParts = {}
+      for (let key in this.#part) {
+        if (['all', 'skeleton'].includes(key)) continue
+        if (this.#part[key]) currentParts[key] = this.#part[key]
+      }
+
+      // Parse client's previous parts to detect unchanged regions
+      const clientParts = this.#odac.Request.clientParts || {}
+
+      // Render requested elements (skip unchanged parts)
       let title = null
       for (let element of this.#odac.Request.ajaxLoad) {
         if (this.#part[element]) {
+          // Skip rendering if the part view path has not changed and refresh is not forced
+          // Content is always re-rendered since its output depends on the current URL
+          if (element !== 'content' && !this.#refresh.has(element) && clientParts[element] && clientParts[element] === this.#part[element])
+            continue
+
           let viewPath = this.#part[element]
           if (viewPath.includes('.')) viewPath = viewPath.replace(/\./g, '/')
           if (await this.#exists(`./view/${element}/${viewPath}.html`)) {
@@ -202,6 +218,7 @@ class View {
 
       this.#odac.Request.end({
         output: output,
+        parts: currentParts,
         variables: variables,
         data: this.#odac.Request.sharedData,
         title: title,
@@ -239,6 +256,9 @@ class View {
             }
           }
       }
+
+      // Clean up unresolved skeleton placeholders
+      result = result.replace(/\{\{\s*[A-Z_]+\s*\}\}/g, '')
     }
 
     if (result) {
@@ -294,7 +314,7 @@ class View {
       }
 
       if (attrs.get) {
-        return `{{ get('${attrs.get}') || '' }}`
+        return `{{ get('${attrs.get.replace(/\\/g, '\\\\').replace(/'/g, "\\'")}') || '' }}`
       } else if (attrs.var) {
         if (attrs.raw) {
           return `{!! ${attrs.var} !!}`
@@ -323,7 +343,7 @@ class View {
         }
 
         if (attrs.get) {
-          return `{{ get('${attrs.get}') || '' }}`
+          return `{{ get('${attrs.get.replace(/\\/g, '\\\\').replace(/'/g, "\\'")}') || '' }}`
         } else if (attrs.var) {
           if (attrs.raw) {
             return `{!! ${attrs.var} !!}`
@@ -350,8 +370,9 @@ class View {
             return `%s${placeholderIndex++}`
           })
 
+          const escapedContent = processedContent.replace(/\\/g, '\\\\').replace(/'/g, "\\'")
           const translationCall =
-            placeholders.length > 0 ? `__('${processedContent}', ${placeholders.join(', ')})` : `__('${processedContent}')`
+            placeholders.length > 0 ? `__('${escapedContent}', ${placeholders.join(', ')})` : `__('${escapedContent}')`
 
           if (attrs.raw) {
             return `{!! ${translationCall} !!}`
@@ -359,7 +380,7 @@ class View {
             return `{{ ${translationCall} }}`
           }
         } else {
-          return `{{ '${innerContent}' }}`
+          return `{{ '${innerContent.replace(/\\/g, '\\\\').replace(/'/g, "\\'")}' }}`
         }
       })
       if (before === content) break
@@ -523,8 +544,12 @@ class View {
 
   // - SET PARTS
   set(...args) {
-    if (args.length === 1 && typeof args[0] === 'object') for (let key in args[0]) this.#part[key] = args[0][key]
-    else if (args.length === 2) this.#part[args[0]] = args[1]
+    if (args.length === 1 && typeof args[0] === 'object') {
+      for (let key in args[0]) this.#part[key] = args[0][key]
+    } else if (args.length >= 2) {
+      this.#part[args[0]] = args[1]
+      if (args[2]?.refresh) this.#refresh.add(args[0])
+    }
 
     if (!this.#odac.Request.page) {
       this.#odac.Request.page = this.#part.content || this.#part.all || ''
@@ -541,12 +566,21 @@ class View {
   }
 
   #addNavigateAttribute(skeleton) {
-    skeleton = skeleton.replace(/(<[^>]+>)(\s*\{\{\s*CONTENT\s*\}\})/, (match, openTag, content) => {
+    // Inject data-odac-navigate for placeholders already wrapped in an HTML tag
+    skeleton = skeleton.replace(/(<[^>]+>)(\s*\{\{\s*([A-Z_]+)\s*\}\})/g, (match, openTag, content, partName) => {
+      const attrName = partName.toLowerCase()
       if (openTag.includes('data-odac-navigate')) return match
-      const tagWithAttr = openTag.slice(0, -1) + ' data-odac-navigate="content">'
+      const tagWithAttr = openTag.slice(0, -1) + ` data-odac-navigate="${attrName}">`
       return tagWithAttr + content
     })
 
+    // Auto-wrap unwrapped placeholders so AJAX navigation can target them
+    // Uses display:contents to avoid breaking flex/grid layouts
+    skeleton = skeleton.replace(/(?<!>)\s*(\{\{\s*([A-Z_]+)\s*\}\})/g, (match, placeholder, partName) => {
+      const attrName = partName.toLowerCase()
+      return `<div style="display:contents" data-odac-navigate="${attrName}">${placeholder}</div>`
+    })
+
     const skeletonName = this.#part.skeleton || 'main'
     const pageName = this.#odac.Request.page || ''
 
@@ -558,6 +592,17 @@ class View {
       if (!attrs.includes('data-odac-page')) {
         updates.push(`data-odac-page="${pageName}"`)
       }
+
+      // Embed current parts manifest for client-side diffing on first load
+      const partsMap = {}
+      for (let key in this.#part) {
+        if (['all', 'skeleton'].includes(key)) continue
+        if (this.#part[key]) partsMap[key] = this.#part[key]
+      }
+      if (!attrs.includes('data-odac-parts') && Object.keys(partsMap).length > 0) {
+        updates.push(`data-odac-parts='${JSON.stringify(partsMap)}'`)
+      }
+
       if (updates.length === 0) return match
       return `<html${attrs} ${updates.join(' ')}>`
     })

package/test/Database/ConnectionFactory/buildConnections.test.js

@@ -6,6 +6,10 @@ jest.mock(
       mockKnex(...args)
 )
 
+jest.mock('mysql2', () => ({}), {virtual: true})
+jest.mock('pg', () => ({}), {virtual: true})
+jest.mock('sqlite3', () => ({}), {virtual: true})
+
 const {buildConnections} = require('../../../src/Database/ConnectionFactory')
 
 describe('ConnectionFactory.buildConnections()', () => {

package/test/View/parseOdacTag.test.js

@@ -0,0 +1,180 @@
+const fs = require('fs')
+const fsPromises = fs.promises
+const path = require('path')
+const View = require('../../src/View')
+
+const FIXTURE_DIR = path.resolve(__dirname, '_fixtures')
+
+/**
+ * Integration tests for the #parseOdacTag private method.
+ * Since #parseOdacTag is private, we test it indirectly through the
+ * full render pipeline by creating temporary .html view files,
+ * invoking View.print(), and asserting the rendered output.
+ */
+describe('View.#parseOdacTag()', () => {
+  let originalDir
+  let originalCwd
+
+  beforeAll(async () => {
+    await fsPromises.mkdir(path.join(FIXTURE_DIR, 'skeleton'), {recursive: true})
+    await fsPromises.mkdir(path.join(FIXTURE_DIR, 'view', 'content'), {recursive: true})
+  })
+
+  afterAll(async () => {
+    await fsPromises.rm(FIXTURE_DIR, {recursive: true, force: true})
+  })
+
+  beforeEach(() => {
+    originalDir = global.__dir
+    originalCwd = process.cwd()
+    global.__dir = FIXTURE_DIR
+    process.chdir(FIXTURE_DIR)
+
+    if (global.Odac?.View?.cache) {
+      global.Odac.View.cache = {}
+    }
+    if (global.Odac?.View?.skeletons) {
+      global.Odac.View.skeletons = {}
+    }
+
+    // Clear require cache for compiled templates
+    for (const key of Object.keys(require.cache)) {
+      if (key.includes('.cache')) {
+        delete require.cache[key]
+      }
+    }
+  })
+
+  afterEach(() => {
+    global.__dir = originalDir
+    process.chdir(originalCwd)
+  })
+
+  let testCounter = 0
+
+  /**
+   * Writes a view file, triggers render via print(), and captures output.
+   * Uses a unique filename per call to avoid cache collisions between tests.
+   * Returns the rendered HTML string.
+   */
+  async function renderTemplate(templateContent) {
+    const uniqueId = `test_${++testCounter}`
+    const viewFile = path.join(FIXTURE_DIR, 'view', 'content', `${uniqueId}.html`)
+    await fsPromises.writeFile(viewFile, templateContent, 'utf8')
+
+    const skeletonFile = path.join(FIXTURE_DIR, 'skeleton', 'main.html')
+    await fsPromises.writeFile(skeletonFile, '{{ CONTENT }}', 'utf8')
+
+    let capturedOutput = ''
+    const errors = []
+    const originalError = console.error
+    console.error = (...args) => errors.push(args.join(' '))
+
+    const mockOdac = {
+      Config: {debug: true},
+      Var: value => {
+        const str = value === null || value === undefined ? '' : String(value)
+        return {
+          html: () => str.replace(/[&<>"']/g, m => ({'&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;'})[m])
+        }
+      },
+      Request: {
+        req: {url: '/test'},
+        res: {finished: false, headersSent: false},
+        isAjaxLoad: false,
+        ajaxLoad: [],
+        variables: {},
+        sharedData: {},
+        page: '',
+        get: () => '',
+        header: () => {},
+        end: output => {
+          capturedOutput = output
+        },
+        hasEarlyHints: () => false,
+        setEarlyHints: () => {}
+      },
+      Lang: {
+        get: (...args) => args[0]
+      },
+      View: {}
+    }
+
+    try {
+      const view = new View(mockOdac)
+      view.skeleton('main')
+      view.set('content', uniqueId)
+      await view.print()
+    } finally {
+      console.error = originalError
+    }
+
+    if (errors.length > 0) {
+      throw new Error(`Template render error: ${errors.join('\n')}`)
+    }
+
+    return capturedOutput
+  }
+
+  describe('single quote escaping in <odac> tags', () => {
+    it('should render a single quote inside <odac> without syntax error', async () => {
+      const result = await renderTemplate("<odac>'</odac>")
+      // Single quotes are HTML-escaped by Odac.Var().html()
+      expect(result).toContain('&#39;')
+    })
+
+    it('should render text with embedded single quotes', async () => {
+      const result = await renderTemplate("<odac>it's working</odac>")
+      expect(result).toContain('it&#39;s working')
+    })
+
+    it('should render multiple single quotes', async () => {
+      const result = await renderTemplate("<odac>it's a developer's life</odac>")
+      expect(result).toContain('it&#39;s a developer&#39;s life')
+    })
+
+    it('should render escaped apostrophe in translation tags', async () => {
+      const result = await renderTemplate("<odac t>it's translated</odac>")
+      expect(result).toContain('it&#39;s translated')
+    })
+  })
+
+  describe('basic <odac> tag rendering', () => {
+    it('should render plain text inside <odac> tags', async () => {
+      const result = await renderTemplate('<odac>hello world</odac>')
+      expect(result).toContain('hello world')
+    })
+
+    it('should strip backend comments (multi-line)', async () => {
+      const result = await renderTemplate('visible<!--odac hidden odac-->visible2')
+      expect(result).toContain('visible')
+      expect(result).toContain('visible2')
+      expect(result).not.toContain('hidden')
+    })
+
+    it('should strip backend comments (single-line)', async () => {
+      const result = await renderTemplate('visible<!--odac hidden -->visible2')
+      expect(result).toContain('visible')
+      expect(result).toContain('visible2')
+      expect(result).not.toContain('hidden')
+    })
+
+    it('should handle empty <odac> tags gracefully', async () => {
+      const result = await renderTemplate('<odac></odac>')
+      expect(typeof result).toBe('string')
+    })
+  })
+
+  describe('special characters in <odac> tags', () => {
+    it('should handle double quotes inside <odac> tags', async () => {
+      const result = await renderTemplate('<odac>say "hello"</odac>')
+      expect(result).toContain('say')
+    })
+
+    it('should handle angle brackets in text (HTML entities)', async () => {
+      const result = await renderTemplate('<odac>&lt;div&gt;</odac>')
+      // Already-escaped entities get double-escaped by Odac.Var().html()
+      expect(result).toContain('&amp;lt;div&amp;gt;')
+    })
+  })
+})