vinext 0.0.24 → 0.0.25

package/dist/server/app-dev-server.js

@@ -18,7 +18,7 @@ import { isProxyFile } from "./middleware.js";
  * It matches the incoming request URL to an app route, builds the
  * nested layout + page tree, and renders it to an RSC stream.
  */
-export function generateRscEntry(appDir, routes, middlewarePath, metadataRoutes, globalErrorPath, basePath, trailingSlash, config) {
+export function generateRscEntry(appDir, routes, middlewarePath, metadataRoutes, globalErrorPath, basePath, trailingSlash, config, instrumentationPath) {
     const bp = basePath ?? "";
     const ts = trailingSlash ?? false;
     const redirects = config?.redirects ?? [];
@@ -119,7 +119,8 @@ ${interceptEntries.join(",\n")}
     page: ${route.pagePath ? getImportVar(route.pagePath) : "null"},
     routeHandler: ${route.routePath ? getImportVar(route.routePath) : "null"},
     layouts: [${layoutVars.join(", ")}],
-    layoutSegmentDepths: ${JSON.stringify(route.layoutSegmentDepths)},
+    routeSegments: ${JSON.stringify(route.routeSegments)},
+    layoutTreePositions: ${JSON.stringify(route.layoutTreePositions)},
     templates: [${templateVars.join(", ")}],
     errors: [${layoutErrorVars.join(", ")}],
     slots: {
@@ -194,14 +195,16 @@ import {
   loadServerAction,
   createTemporaryReferenceSet,
 } from "@vitejs/plugin-rsc/rsc";
+import { AsyncLocalStorage } from "node:async_hooks";
 import { createElement, Suspense, Fragment } from "react";
 import { setNavigationContext as _setNavigationContextOrig, getNavigationContext as _getNavigationContext } from "next/navigation";
 import { setHeadersContext, headersContextFromRequest, getDraftModeCookieHeader, getAndClearPendingCookies, consumeDynamicUsage, markDynamicUsage, runWithHeadersContext, applyMiddlewareRequestHeaders, getHeadersContext } from "next/headers";
-import { NextRequest } from "next/server";
+import { NextRequest, NextFetchEvent } from "next/server";
 import { ErrorBoundary, NotFoundBoundary } from "vinext/error-boundary";
 import { LayoutSegmentProvider } from "vinext/layout-segment-context";
 import { MetadataHead, mergeMetadata, resolveModuleMetadata, ViewportHead, mergeViewport, resolveModuleViewport } from "vinext/metadata";
 ${middlewarePath ? `import * as middlewareModule from ${JSON.stringify(middlewarePath.replace(/\\/g, "/"))};` : ""}
+${instrumentationPath ? `import * as _instrumentation from ${JSON.stringify(instrumentationPath.replace(/\\/g, "/"))};` : ""}
 ${effectiveMetaRoutes.length > 0 ? `import { sitemapToXml, robotsToText, manifestToJson } from ${JSON.stringify(fileURLToPath(new URL("./metadata-routes.js", import.meta.url)).replace(/\\/g, "/"))};` : ""}
 import { _consumeRequestScopedCacheLife, _runWithCacheState } from "next/cache";
 import { runWithFetchCache } from "vinext/fetch-cache";
@@ -214,6 +217,20 @@ import { getSSRFontStyles as _getSSRFontStylesLocal, getSSRFontPreloads as _getS
 function _getSSRFontStyles() { return [..._getSSRFontStylesGoogle(), ..._getSSRFontStylesLocal()]; }
 function _getSSRFontPreloads() { return [..._getSSRFontPreloadsGoogle(), ..._getSSRFontPreloadsLocal()]; }
 
+// ALS used to suppress the expected "Invalid hook call" dev warning when
+// layout/page components are probed outside React's render cycle. Patching
+// console.error once at module load (instead of per-request) avoids the
+// concurrent-request issue where request A's suppression filter could
+// swallow real errors from request B.
+const _suppressHookWarningAls = new AsyncLocalStorage();
+const _origConsoleError = console.error;
+console.error = (...args) => {
+  if (_suppressHookWarningAls.getStore() === true &&
+      typeof args[0] === "string" &&
+      args[0].includes("Invalid hook call")) return;
+  _origConsoleError.apply(console, args);
+};
+
 // Set navigation context in the ALS-backed store. "use client" components
 // rendered during SSR need the pathname/searchParams/params but the SSR
 // environment has a separate module instance of next/navigation.
@@ -242,6 +259,38 @@ function makeThenableParams(obj) {
   return Object.assign(Promise.resolve(plain), plain);
 }
 
+// Resolve route tree segments to actual values using matched params.
+// Dynamic segments like [id] are replaced with param values, catch-all
+// segments like [...slug] are joined with "/", and route groups are kept as-is.
+function __resolveChildSegments(routeSegments, treePosition, params) {
+  var raw = routeSegments.slice(treePosition);
+  var result = [];
+  for (var j = 0; j < raw.length; j++) {
+    var seg = raw[j];
+    // Optional catch-all: [[...param]]
+    if (seg.indexOf("[[...") === 0 && seg.charAt(seg.length - 1) === "]" && seg.charAt(seg.length - 2) === "]") {
+      var pn = seg.slice(5, -2);
+      var v = params[pn];
+      // Skip empty optional catch-all (e.g., visiting /blog on [[...slug]] route)
+      if (Array.isArray(v) && v.length === 0) continue;
+      if (v == null) continue;
+      result.push(Array.isArray(v) ? v.join("/") : v);
+    // Catch-all: [...param]
+    } else if (seg.indexOf("[...") === 0 && seg.charAt(seg.length - 1) === "]") {
+      var pn2 = seg.slice(4, -1);
+      var v2 = params[pn2];
+      result.push(Array.isArray(v2) ? v2.join("/") : (v2 || seg));
+    // Dynamic: [param]
+    } else if (seg.charAt(0) === "[" && seg.charAt(seg.length - 1) === "]" && seg.indexOf(".") === -1) {
+      var pn3 = seg.slice(1, -1);
+      result.push(params[pn3] || seg);
+    } else {
+      result.push(seg);
+    }
+  }
+  return result;
+}
+
 // djb2 hash — matches Next.js's stringHash for digest generation.
 // Produces a stable numeric string from error message + stack.
 function __errorDigest(str) {
@@ -347,6 +396,23 @@ function rscOnError(error) {
 
 ${imports.join("\n")}
 
+${instrumentationPath ? `// Run instrumentation register() once at module evaluation time — before any
+// requests are handled. This runs inside the Worker process (or RSC environment),
+// which is exactly where request handling happens. Matches Next.js semantics:
+// register() is called once on startup in the process that handles requests.
+if (typeof _instrumentation.register === "function") {
+  await _instrumentation.register();
+}
+// Store the onRequestError handler on globalThis so it is visible to
+// reportRequestError() (imported as _reportRequestError above) regardless
+// of which Vite environment module graph it is called from. With
+// @vitejs/plugin-rsc the RSC and SSR environments run in the same Node.js
+// process and share globalThis. With @cloudflare/vite-plugin everything
+// runs inside the Worker so globalThis is the Worker's global — also correct.
+if (typeof _instrumentation.onRequestError === "function") {
+  globalThis.__VINEXT_onRequestErrorHandler__ = _instrumentation.onRequestError;
+}` : ""}
+
 const routes = [
 ${routeEntries.join(",\n")}
 ];
@@ -418,13 +484,17 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
     // We wrap each layout with LayoutSegmentProvider and add GlobalErrorBoundary
     // to match the wrapping order in buildPageElement(), ensuring smooth
     // client-side tree reconciliation.
-    const layoutDepths = route?.layoutSegmentDepths;
+    const _treePositions = route?.layoutTreePositions;
+    const _routeSegs = route?.routeSegments || [];
+    const _fallbackParams = opts?.matchedParams ?? route?.params ?? {};
+    const _asyncFallbackParams = makeThenableParams(_fallbackParams);
     for (let i = layouts.length - 1; i >= 0; i--) {
       const LayoutComponent = layouts[i]?.default;
       if (LayoutComponent) {
-        element = createElement(LayoutComponent, { children: element });
-        const layoutDepth = layoutDepths ? layoutDepths[i] : 0;
-        element = createElement(LayoutSegmentProvider, { depth: layoutDepth }, element);
+        element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParams });
+        const _tp = _treePositions ? _treePositions[i] : 0;
+        const _cs = __resolveChildSegments(_routeSegs, _tp, _fallbackParams);
+        element = createElement(LayoutSegmentProvider, { childSegments: _cs }, element);
       }
     }
     ${globalErrorVar ? `
@@ -446,10 +516,12 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
   }
   // For HTML (full page load) responses, wrap with layouts only (no client-side
   // wrappers needed since SSR generates the complete HTML document).
+  const _fallbackParamsHtml = opts?.matchedParams ?? route?.params ?? {};
+  const _asyncFallbackParamsHtml = makeThenableParams(_fallbackParamsHtml);
   for (let i = layouts.length - 1; i >= 0; i--) {
     const LayoutComponent = layouts[i]?.default;
     if (LayoutComponent) {
-      element = createElement(LayoutComponent, { children: element });
+      element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParamsHtml });
     }
   }
   const rscStream = renderToReadableStream(element, { onError: rscOnError });
@@ -473,8 +545,8 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
 }
 
 /** Convenience: render a not-found page (404) */
-async function renderNotFoundPage(route, isRscRequest, request) {
-  return renderHTTPAccessFallbackPage(route, 404, isRscRequest, request);
+async function renderNotFoundPage(route, isRscRequest, request, matchedParams) {
+  return renderHTTPAccessFallbackPage(route, 404, isRscRequest, request, { matchedParams });
 }
 
 /**
@@ -484,7 +556,7 @@ async function renderNotFoundPage(route, isRscRequest, request) {
  * Next.js returns HTTP 200 when error.tsx catches an error (the error is "handled"
  * by the boundary). This matches that behavior intentionally.
  */
-async function renderErrorBoundaryPage(route, error, isRscRequest, request) {
+async function renderErrorBoundaryPage(route, error, isRscRequest, request, matchedParams) {
   // Resolve the error boundary component: leaf error.tsx first, then walk per-layout
   // errors from innermost to outermost (matching ancestor inheritance), then global-error.tsx.
   let ErrorComponent = route?.error?.default ?? null;
@@ -517,13 +589,17 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request) {
     // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
     // This ensures React can reconcile the tree without destroying the DOM.
     // Same rationale as renderHTTPAccessFallbackPage — see comment there.
-    const layoutDepths = route?.layoutSegmentDepths;
+    const _errTreePositions = route?.layoutTreePositions;
+    const _errRouteSegs = route?.routeSegments || [];
+    const _errParams = matchedParams ?? route?.params ?? {};
+    const _asyncErrParams = makeThenableParams(_errParams);
     for (let i = layouts.length - 1; i >= 0; i--) {
       const LayoutComponent = layouts[i]?.default;
       if (LayoutComponent) {
-        element = createElement(LayoutComponent, { children: element });
-        const layoutDepth = layoutDepths ? layoutDepths[i] : 0;
-        element = createElement(LayoutSegmentProvider, { depth: layoutDepth }, element);
+        element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
+        const _etp = _errTreePositions ? _errTreePositions[i] : 0;
+        const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
+        element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
       }
     }
     ${globalErrorVar ? `
@@ -544,10 +620,12 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request) {
     });
   }
   // For HTML (full page load) responses, wrap with layouts only.
+  const _errParamsHtml = matchedParams ?? route?.params ?? {};
+  const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
   for (let i = layouts.length - 1; i >= 0; i--) {
     const LayoutComponent = layouts[i]?.default;
     if (LayoutComponent) {
-      element = createElement(LayoutComponent, { children: element });
+      element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
     }
   }
   const rscStream = renderToReadableStream(element, { onError: rscOnError });
@@ -703,6 +781,10 @@ async function buildPageElement(route, params, opts, searchParams) {
   }
   let element = createElement(PageComponent, pageProps);
 
+  // Wrap page with empty segment provider so useSelectedLayoutSegments()
+  // returns [] when called from inside a page component (leaf node).
+  element = createElement(LayoutSegmentProvider, { childSegments: [] }, element);
+
   // Add metadata + viewport head tags (React 19 hoists title/meta/link to <head>)
   // Next.js always injects charset and default viewport even when no metadata/viewport
   // is exported. We replicate that by always emitting these essential head elements.
@@ -853,12 +935,13 @@ async function buildPageElement(route, params, opts, searchParams) {
       element = createElement(LayoutComponent, layoutProps);
 
       // Wrap the layout with LayoutSegmentProvider so useSelectedLayoutSegments()
-      // called INSIDE this layout knows its URL segment depth. The depth tells the
-      // hook how many URL segments are above this layout, so it returns only the
-      // segments below. We wrap the layout (not just children) because hooks are
-      // called from components rendered inside the layout's own JSX.
-      const layoutDepth = route.layoutSegmentDepths ? route.layoutSegmentDepths[i] : 0;
-      element = createElement(LayoutSegmentProvider, { depth: layoutDepth }, element);
+      // called INSIDE this layout gets the correct child segments. We resolve the
+      // route tree segments using actual param values and pass them through context.
+      // We wrap the layout (not just children) because hooks are called from
+      // components rendered inside the layout's own JSX.
+      const treePos = route.layoutTreePositions ? route.layoutTreePositions[i] : 0;
+      const childSegs = __resolveChildSegments(route.routeSegments || [], treePos, params);
+      element = createElement(LayoutSegmentProvider, { childSegments: childSegs }, element);
     }
   }
 
@@ -1187,12 +1270,6 @@ async function __proxyExternalRequest(request, externalUrl) {
   const headers = new Headers(request.headers);
   headers.set("host", targetUrl.host);
   headers.delete("connection");
-  // Strip credentials and internal headers to prevent leaking auth tokens,
-  // session cookies, and middleware internals to third-party origins.
-  headers.delete("cookie");
-  headers.delete("authorization");
-  headers.delete("x-api-key");
-  headers.delete("proxy-authorization");
   for (const key of [...headers.keys()]) {
     if (key.startsWith("x-middleware-")) headers.delete(key);
   }
@@ -1282,19 +1359,13 @@ export default async function handler(request) {
                   const lk = h.key.toLowerCase();
                   if (lk === "vary" || lk === "set-cookie") {
                     response.headers.append(h.key, h.value);
-                  } else {
+                  } else if (!response.headers.has(lk)) {
+                    // Middleware headers take precedence: skip config keys already
+                    // set by middleware so middleware headers always win.
                     response.headers.set(h.key, h.value);
                   }
                 }
               }
-              // Merge middleware response headers into the final response.
-              // This runs at the top level so every response path (route
-              // handlers, server actions, metadata, errors, etc.) gets them.
-              if (_mwCtx.headers) {
-                for (const [key, value] of _mwCtx.headers) {
-                  response.headers.append(key, value);
-                }
-              }
             }
             return response;
           })
@@ -1405,7 +1476,9 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       mwUrl.pathname = cleanPathname;
       const mwRequest = new Request(mwUrl, request);
       const nextRequest = mwRequest instanceof NextRequest ? mwRequest : new NextRequest(mwRequest);
-      const mwResponse = await middlewareFn(nextRequest);
+      const mwFetchEvent = new NextFetchEvent({ page: cleanPathname });
+      const mwResponse = await middlewareFn(nextRequest, mwFetchEvent);
+      mwFetchEvent.drainWaitUntil();
       if (mwResponse) {
         // Check for x-middleware-next (continue)
         if (mwResponse.headers.get("x-middleware-next") === "1") {
@@ -1763,6 +1836,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   if (route.routeHandler) {
     const handler = route.routeHandler;
     const method = request.method.toUpperCase();
+    const revalidateSeconds = typeof handler.revalidate === "number" && handler.revalidate > 0 ? handler.revalidate : null;
 
     // Collect exported HTTP methods for OPTIONS auto-response and Allow header
     const HTTP_METHODS = ["GET", "HEAD", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"];
@@ -1797,6 +1871,12 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       try {
         const response = await handlerFn(request, { params });
 
+        // Apply Cache-Control from route segment config (export const revalidate = N).
+        // Next.js sets s-maxage on GET route handlers with a numeric revalidate value.
+        if (revalidateSeconds !== null && (method === "GET" || isAutoHead) && !response.headers.has("cache-control")) {
+          response.headers.set("cache-control", "s-maxage=" + revalidateSeconds + ", stale-while-revalidate");
+        }
+
         // Collect any Set-Cookie headers from cookies().set()/delete() calls
         const pendingCookies = getAndClearPendingCookies();
         const draftCookie = getDraftModeCookieHeader();
@@ -2018,7 +2098,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       }
       if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
         const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
-        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request);
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { matchedParams: params });
         if (fallbackResp) return fallbackResp;
         setHeadersContext(null);
         setNavigationContext(null);
@@ -2027,7 +2107,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       }
     }
     // Non-special error (e.g. generateMetadata() threw) — render error.tsx if available
-    const errorBoundaryResp = await renderErrorBoundaryPage(route, buildErr, isRscRequest, request);
+    const errorBoundaryResp = await renderErrorBoundaryPage(route, buildErr, isRscRequest, request, params);
     if (errorBoundaryResp) return errorBoundaryResp;
     throw buildErr;
   }
@@ -2049,7 +2129,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       }
       if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
         const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
-        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request);
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { matchedParams: params });
         if (fallbackResp) return fallbackResp;
         setHeadersContext(null);
         setNavigationContext(null);
@@ -2074,54 +2154,61 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   // layouts itself throws notFound() during the fallback rendering (causing a 500).
   if (route.layouts && route.layouts.length > 0) {
     const asyncParams = makeThenableParams(params);
-    for (let li = route.layouts.length - 1; li >= 0; li--) {
-      const LayoutComp = route.layouts[li]?.default;
-      if (!LayoutComp) continue;
-      try {
-        const lr = LayoutComp({ params: asyncParams, children: null });
-        if (lr && typeof lr === "object" && typeof lr.then === "function") await lr;
-      } catch (layoutErr) {
-        if (layoutErr && typeof layoutErr === "object" && "digest" in layoutErr) {
-          const digest = String(layoutErr.digest);
-           if (digest.startsWith("NEXT_REDIRECT;")) {
-             const parts = digest.split(";");
-             const redirectUrl = decodeURIComponent(parts[2]);
-             const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
-             setHeadersContext(null);
-             setNavigationContext(null);
-             return Response.redirect(new URL(redirectUrl, request.url), statusCode);
-          }
-          if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
-            const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
-            // Find the not-found component from the parent level (the boundary that
-            // would catch this in Next.js). Walk up from the throwing layout to find
-            // the nearest not-found at a parent layout's directory.
-            let parentNotFound = null;
-            if (route.notFounds) {
-              for (let pi = li - 1; pi >= 0; pi--) {
-                if (route.notFounds[pi]?.default) {
-                  parentNotFound = route.notFounds[pi].default;
-                  break;
+    // Run inside ALS context so the module-level console.error patch suppresses
+    // "Invalid hook call" only for this request's probe — concurrent requests
+    // each have their own ALS store and are unaffected.
+    const _layoutProbeResult = await _suppressHookWarningAls.run(true, async () => {
+      for (let li = route.layouts.length - 1; li >= 0; li--) {
+        const LayoutComp = route.layouts[li]?.default;
+        if (!LayoutComp) continue;
+        try {
+          const lr = LayoutComp({ params: asyncParams, children: null });
+          if (lr && typeof lr === "object" && typeof lr.then === "function") await lr;
+        } catch (layoutErr) {
+          if (layoutErr && typeof layoutErr === "object" && "digest" in layoutErr) {
+            const digest = String(layoutErr.digest);
+             if (digest.startsWith("NEXT_REDIRECT;")) {
+               const parts = digest.split(";");
+               const redirectUrl = decodeURIComponent(parts[2]);
+               const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+               setHeadersContext(null);
+               setNavigationContext(null);
+               return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+            }
+            if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+              const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+              // Find the not-found component from the parent level (the boundary that
+              // would catch this in Next.js). Walk up from the throwing layout to find
+              // the nearest not-found at a parent layout's directory.
+              let parentNotFound = null;
+              if (route.notFounds) {
+                for (let pi = li - 1; pi >= 0; pi--) {
+                  if (route.notFounds[pi]?.default) {
+                    parentNotFound = route.notFounds[pi].default;
+                    break;
+                  }
                 }
               }
+              if (!parentNotFound) parentNotFound = ${rootNotFoundVar ? `${rootNotFoundVar}?.default` : "null"};
+              // Wrap in only the layouts above the throwing one
+              const parentLayouts = route.layouts.slice(0, li);
+              const fallbackResp = await renderHTTPAccessFallbackPage(
+                route, statusCode, isRscRequest, request,
+                { boundaryComponent: parentNotFound, layouts: parentLayouts, matchedParams: params }
+              );
+              if (fallbackResp) return fallbackResp;
+              setHeadersContext(null);
+              setNavigationContext(null);
+              const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+              return new Response(statusText, { status: statusCode });
             }
-            if (!parentNotFound) parentNotFound = ${rootNotFoundVar ? `${rootNotFoundVar}?.default` : "null"};
-            // Wrap in only the layouts above the throwing one
-            const parentLayouts = route.layouts.slice(0, li);
-            const fallbackResp = await renderHTTPAccessFallbackPage(
-              route, statusCode, isRscRequest, request,
-              { boundaryComponent: parentNotFound, layouts: parentLayouts }
-            );
-            if (fallbackResp) return fallbackResp;
-            setHeadersContext(null);
-            setNavigationContext(null);
-            const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
-            return new Response(statusText, { status: statusCode });
           }
+          // Not a special error — let it propagate through normal RSC rendering
         }
-        // Not a special error — let it propagate through normal RSC rendering
       }
-    }
+      return null;
+    });
+    if (_layoutProbeResult instanceof Response) return _layoutProbeResult;
   }
 
   // Pre-render the page component to catch redirect()/notFound() thrown synchronously.
@@ -2134,37 +2221,35 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   // would be hit before the RSC stream even starts).
   //
   // Because this calls the component outside React's render cycle, hooks like use()
-  // trigger "Invalid hook call" console.error in dev. Suppress that expected warning.
+  // trigger "Invalid hook call" console.error in dev. The module-level ALS patch
+  // suppresses the warning only within this request's execution context.
   const _hasLoadingBoundary = !!(route.loading && route.loading.default);
-  const _origConsoleError = console.error;
-  console.error = (...args) => {
-    if (typeof args[0] === "string" && args[0].includes("Invalid hook call")) return;
-    _origConsoleError.apply(console, args);
-  };
-  try {
-    const testResult = PageComponent({ params });
-    // If it's a promise (async component), only await if there's no loading boundary.
-    // With a loading boundary, the Suspense streaming pipeline handles async resolution
-    // and any redirect/notFound errors via rscOnError.
-    if (testResult && typeof testResult === "object" && typeof testResult.then === "function") {
-      if (!_hasLoadingBoundary) {
-        await testResult;
-      } else {
-        // Suppress unhandled promise rejection — with a loading boundary,
-        // redirect/notFound errors are handled by rscOnError during streaming.
-        testResult.catch(() => {});
+  const _pageProbeResult = await _suppressHookWarningAls.run(true, async () => {
+    try {
+      const testResult = PageComponent({ params });
+      // If it's a promise (async component), only await if there's no loading boundary.
+      // With a loading boundary, the Suspense streaming pipeline handles async resolution
+      // and any redirect/notFound errors via rscOnError.
+      if (testResult && typeof testResult === "object" && typeof testResult.then === "function") {
+        if (!_hasLoadingBoundary) {
+          await testResult;
+        } else {
+          // Suppress unhandled promise rejection — with a loading boundary,
+          // redirect/notFound errors are handled by rscOnError during streaming.
+          testResult.catch(() => {});
+        }
       }
+    } catch (preRenderErr) {
+      const specialResponse = await handleRenderError(preRenderErr);
+      if (specialResponse) return specialResponse;
+      // Non-special errors from the pre-render test are expected (e.g. use() hook
+      // fails outside React's render cycle, client references can't execute on server).
+      // Only redirect/notFound/forbidden/unauthorized are actionable here — other
+      // errors will be properly caught during actual RSC/SSR rendering below.
     }
-  } catch (preRenderErr) {
-    const specialResponse = await handleRenderError(preRenderErr);
-    if (specialResponse) return specialResponse;
-    // Non-special errors from the pre-render test are expected (e.g. use() hook
-    // fails outside React's render cycle, client references can't execute on server).
-    // Only redirect/notFound/forbidden/unauthorized are actionable here — other
-    // errors will be properly caught during actual RSC/SSR rendering below.
-  } finally {
-    console.error = _origConsoleError;
-  }
+    return null;
+  });
+  if (_pageProbeResult instanceof Response) return _pageProbeResult;
 
   // Mark end of compile phase: route matching, middleware, tree building are done.
   if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
@@ -2191,7 +2276,37 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     } else if (revalidateSeconds) {
       responseHeaders["Cache-Control"] = "s-maxage=" + revalidateSeconds + ", stale-while-revalidate";
     }
-    // Middleware response headers are merged by the handler() wrapper.
+    // Merge middleware response headers into the RSC response.
+    // set-cookie and vary are accumulated to preserve existing values
+    // (e.g. "Vary: RSC, Accept" set above); all other keys use plain
+    // assignment so middleware headers win over config headers, which
+    // the outer handler applies afterward and skips keys already present.
+    if (_mwCtx.headers) {
+      for (const [key, value] of _mwCtx.headers) {
+        const lk = key.toLowerCase();
+        if (lk === "set-cookie") {
+          const existing = responseHeaders[lk];
+          if (Array.isArray(existing)) {
+            existing.push(value);
+          } else if (existing) {
+            responseHeaders[lk] = [existing, value];
+          } else {
+            responseHeaders[lk] = [value];
+          }
+        } else if (lk === "vary") {
+          // Accumulate Vary values to preserve the existing "RSC, Accept" entry.
+          const existing = responseHeaders["Vary"] ?? responseHeaders["vary"];
+          if (existing) {
+            responseHeaders["Vary"] = existing + ", " + value;
+            if (responseHeaders["vary"] !== undefined) delete responseHeaders["vary"];
+          } else {
+            responseHeaders[key] = value;
+          }
+        } else {
+          responseHeaders[key] = value;
+        }
+      }
+    }
     // Attach internal timing header so the dev server middleware can log it.
     // Format: "handlerStart,compileMs,renderMs"
     //   handlerStart - absolute performance.now() when _handleRequest began,
@@ -2239,7 +2354,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     const specialResponse = await handleRenderError(ssrErr);
     if (specialResponse) return specialResponse;
     // Non-special error during SSR — render error.tsx if available
-    const errorBoundaryResp = await renderErrorBoundaryPage(route, ssrErr, isRscRequest, request);
+    const errorBoundaryResp = await renderErrorBoundaryPage(route, ssrErr, isRscRequest, request, params);
     if (errorBoundaryResp) return errorBoundaryResp;
     throw ssrErr;
   }
@@ -2259,7 +2374,16 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     if (fontLinkHeader) {
       response.headers.set("Link", fontLinkHeader);
     }
-    // Middleware response headers are merged by the handler() wrapper.
+    // Merge middleware response headers into the final response.
+    // The response is freshly constructed above (new Response(htmlStream, {...})),
+    // so set() and append() are equivalent — there are no same-key conflicts yet.
+    // Precedence over config headers is handled by the outer handler, which
+    // skips config keys that middleware already placed on the response.
+    if (_mwCtx.headers) {
+      for (const [key, value] of _mwCtx.headers) {
+        response.headers.append(key, value);
+      }
+    }
     // Attach internal timing header so the dev server middleware can log it.
     // Format: "handlerStart,compileMs,renderMs"
     //   handlerStart - absolute performance.now() when _handleRequest began,