vinext 0.0.26 → 0.0.28

package/dist/entries/app-rsc-entry.js

@@ -10,13 +10,14 @@
 import fs from "node:fs";
 import { fileURLToPath } from "node:url";
 import { generateDevOriginCheckCode } from "../server/dev-origin-check.js";
-import { generateSafeRegExpCode, generateMiddlewareMatcherCode, generateNormalizePathCode } from "../server/middleware-codegen.js";
+import { generateSafeRegExpCode, generateMiddlewareMatcherCode, generateNormalizePathCode, } from "../server/middleware-codegen.js";
 import { isProxyFile } from "../server/middleware.js";
 // Pre-computed absolute paths for generated-code imports. The virtual RSC
 // entry can't use relative imports (it has no real file location), so we
 // resolve these at code-generation time and embed them as absolute paths.
 const configMatchersPath = fileURLToPath(new URL("../config/config-matchers.js", import.meta.url)).replace(/\\/g, "/");
 const requestPipelinePath = fileURLToPath(new URL("../server/request-pipeline.js", import.meta.url)).replace(/\\/g, "/");
+const requestContextShimPath = fileURLToPath(new URL("../shims/request-context.js", import.meta.url)).replace(/\\/g, "/");
 /**
  * Generate the virtual RSC entry module.
  *
@@ -32,6 +33,7 @@ export function generateRscEntry(appDir, routes, middlewarePath, metadataRoutes,
     const headers = config?.headers ?? [];
     const allowedOrigins = config?.allowedOrigins ?? [];
     const bodySizeLimit = config?.bodySizeLimit ?? 1 * 1024 * 1024;
+    const i18nConfig = config?.i18n ?? null;
     // Build import map for all page and layout files
     const imports = [];
     const importMap = new Map();
@@ -96,7 +98,7 @@ export function generateRscEntry(appDir, routes, middlewarePath, metadataRoutes,
     const routeEntries = routes.map((route) => {
         const layoutVars = route.layouts.map((l) => getImportVar(l));
         const templateVars = route.templates.map((t) => getImportVar(t));
-        const notFoundVars = (route.notFoundPaths || []).map((nf) => nf ? getImportVar(nf) : "null");
+        const notFoundVars = (route.notFoundPaths || []).map((nf) => (nf ? getImportVar(nf) : "null"));
         const slotEntries = route.parallelSlots.map((slot) => {
             const interceptEntries = slot.interceptingRoutes.map((ir) => {
                 return `        {
@@ -121,6 +123,7 @@ ${interceptEntries.join(",\n")}
         const layoutErrorVars = (route.layoutErrorPaths || []).map((ep) => ep ? getImportVar(ep) : "null");
         return `  {
     pattern: ${JSON.stringify(route.pattern)},
+    patternParts: ${JSON.stringify(route.patternParts)},
     isDynamic: ${route.isDynamic},
     params: ${JSON.stringify(route.params)},
     page: ${route.pagePath ? getImportVar(route.pagePath) : "null"},
@@ -143,18 +146,12 @@ ${slotEntries.join(",\n")}
     });
     // Find root not-found/forbidden/unauthorized pages and root layouts for global error handling
     const rootRoute = routes.find((r) => r.pattern === "/");
-    const rootNotFoundVar = rootRoute?.notFoundPath
-        ? getImportVar(rootRoute.notFoundPath)
-        : null;
-    const rootForbiddenVar = rootRoute?.forbiddenPath
-        ? getImportVar(rootRoute.forbiddenPath)
-        : null;
+    const rootNotFoundVar = rootRoute?.notFoundPath ? getImportVar(rootRoute.notFoundPath) : null;
+    const rootForbiddenVar = rootRoute?.forbiddenPath ? getImportVar(rootRoute.forbiddenPath) : null;
     const rootUnauthorizedVar = rootRoute?.unauthorizedPath
         ? getImportVar(rootRoute.unauthorizedPath)
         : null;
-    const rootLayoutVars = rootRoute
-        ? rootRoute.layouts.map((l) => getImportVar(l))
-        : [];
+    const rootLayoutVars = rootRoute ? rootRoute.layouts.map((l) => getImportVar(l)) : [];
     // Global error boundary (app/global-error.tsx)
     const globalErrorVar = globalErrorPath ? getImportVar(globalErrorPath) : null;
     // Build metadata route handling
@@ -205,7 +202,7 @@ import {
 import { AsyncLocalStorage } from "node:async_hooks";
 import { createElement, Suspense, Fragment } from "react";
 import { setNavigationContext as _setNavigationContextOrig, getNavigationContext as _getNavigationContext } from "next/navigation";
-import { setHeadersContext, headersContextFromRequest, getDraftModeCookieHeader, getAndClearPendingCookies, consumeDynamicUsage, markDynamicUsage, runWithHeadersContext, applyMiddlewareRequestHeaders, getHeadersContext } from "next/headers";
+import { setHeadersContext, headersContextFromRequest, getDraftModeCookieHeader, getAndClearPendingCookies, consumeDynamicUsage, markDynamicUsage, runWithHeadersContext, applyMiddlewareRequestHeaders, getHeadersContext, setHeadersAccessPhase } from "next/headers";
 import { NextRequest, NextFetchEvent } from "next/server";
 import { ErrorBoundary, NotFoundBoundary } from "vinext/error-boundary";
 import { LayoutSegmentProvider } from "vinext/layout-segment-context";
@@ -213,10 +210,11 @@ import { MetadataHead, mergeMetadata, resolveModuleMetadata, ViewportHead, merge
 ${middlewarePath ? `import * as middlewareModule from ${JSON.stringify(middlewarePath.replace(/\\/g, "/"))};` : ""}
 ${instrumentationPath ? `import * as _instrumentation from ${JSON.stringify(instrumentationPath.replace(/\\/g, "/"))};` : ""}
 ${effectiveMetaRoutes.length > 0 ? `import { sitemapToXml, robotsToText, manifestToJson } from ${JSON.stringify(fileURLToPath(new URL("../server/metadata-routes.js", import.meta.url)).replace(/\\/g, "/"))};` : ""}
-import { requestContextFromRequest, matchRedirect, matchRewrite, matchHeaders, isExternalUrl, proxyExternalRequest, sanitizeDestination } from ${JSON.stringify(configMatchersPath)};
-import { validateCsrfOrigin, validateImageUrl, guardProtocolRelativeUrl, stripBasePath, normalizeTrailingSlash, processMiddlewareHeaders } from ${JSON.stringify(requestPipelinePath)};
-import { _consumeRequestScopedCacheLife, _runWithCacheState } from "next/cache";
-import { runWithFetchCache } from "vinext/fetch-cache";
+import { requestContextFromRequest, normalizeHost, matchRedirect, matchRewrite, matchHeaders, isExternalUrl, proxyExternalRequest, sanitizeDestination } from ${JSON.stringify(configMatchersPath)};
+import { validateCsrfOrigin, validateImageUrl, guardProtocolRelativeUrl, hasBasePath, stripBasePath, normalizeTrailingSlash, processMiddlewareHeaders } from ${JSON.stringify(requestPipelinePath)};
+import { _consumeRequestScopedCacheLife, _runWithCacheState, getCacheHandler } from "next/cache";
+import { runWithExecutionContext as _runWithExecutionContext, getRequestExecutionContext as _getRequestExecutionContext } from ${JSON.stringify(requestContextShimPath)};
+import { getCollectedFetchTags, runWithFetchCache } from "vinext/fetch-cache";
 import { runWithPrivateCache as _runWithPrivateCache } from "vinext/cache-runtime";
 // Import server-only state module to register ALS-backed accessors.
 import { runWithNavigationContext as _runWithNavigationContext } from "vinext/navigation-state";
@@ -252,7 +250,94 @@ function setNavigationContext(ctx) {
 // ISR cache is disabled in dev mode — every request re-renders fresh,
 // matching Next.js dev behavior. Cache-Control headers are still emitted
 // based on export const revalidate for testing purposes.
-// Production ISR is handled by prod-server.ts and the Cloudflare worker entry.
+// Production ISR uses the MemoryCacheHandler (or configured KV handler).
+//
+// These helpers are inlined instead of imported from isr-cache.js because
+// the virtual RSC entry module runs in the RSC Vite environment which
+// cannot use dynamic imports at the module-evaluation level for server-only
+// modules, and direct imports must use the pre-computed absolute paths.
+async function __isrGet(key) {
+  const handler = getCacheHandler();
+  const result = await handler.get(key);
+  if (!result || !result.value) return null;
+  return { value: result, isStale: result.cacheState === "stale" };
+}
+async function __isrSet(key, data, revalidateSeconds, tags) {
+  const handler = getCacheHandler();
+  await handler.set(key, data, { revalidate: revalidateSeconds, tags: Array.isArray(tags) ? tags : [] });
+}
+function __pageCacheTags(pathname, extraTags) {
+  const tags = [pathname, "_N_T_" + pathname];
+  if (Array.isArray(extraTags)) {
+    for (const tag of extraTags) {
+      if (!tags.includes(tag)) tags.push(tag);
+    }
+  }
+  return tags;
+}
+// Note: cache entries are written with \`headers: undefined\`. Next.js stores
+// response headers (e.g. set-cookie from cookies().set() during render) in the
+// cache entry so they can be replayed on HIT. We don't do this because:
+//   1. Pages that call cookies().set() during render trigger dynamicUsedDuringRender,
+//      which opts them out of ISR caching before we reach the write path.
+//   2. Custom response headers set via next/headers are not yet captured separately
+//      from the live Response object in vinext's server pipeline.
+// In practice this means ISR-cached responses won't replay render-time set-cookie
+// headers — but that case is already prevented by the dynamic-usage opt-out.
+// TODO: capture render-time response headers for full Next.js parity.
+const __pendingRegenerations = new Map();
+function __triggerBackgroundRegeneration(key, renderFn) {
+  if (__pendingRegenerations.has(key)) return;
+  const promise = renderFn()
+    .catch((err) => console.error("[vinext] ISR regen failed for " + key + ":", err))
+    .finally(() => __pendingRegenerations.delete(key));
+  __pendingRegenerations.set(key, promise);
+  const ctx = _getRequestExecutionContext();
+  if (ctx && typeof ctx.waitUntil === "function") ctx.waitUntil(promise);
+}
+// HTML and RSC are stored under separate keys — matching Next.js's file-system
+// layout (.html / .rsc) — so each request type reads and writes its own key
+// independently with no races or partial-entry sentinels.
+//
+// Key format: "app:<buildId>:<pathname>:<suffix>"
+// Long-pathname fallback: "app:<buildId>:__hash:<fnv1a64(pathname)>:<suffix>"
+// Without buildId (should not happen in production): "app:<pathname>:<suffix>"
+// The 200-char threshold keeps the full key well under Cloudflare KV's 512-byte limit
+// even after adding the build ID and suffix. FNV-1a 64 is used for the hash (two
+// 32-bit rounds) to give a ~64-bit output with negligible collision probability for
+// realistic pathname lengths.
+// Keep prefix construction and hashing logic in sync with isrCacheKey() in server/isr-cache.ts.
+function __isrFnv1a64(s) {
+  // h1 uses the standard FNV-1a 32-bit offset basis (0x811c9dc5).
+  let h1 = 0x811c9dc5;
+  for (let i = 0; i < s.length; i++) { h1 ^= s.charCodeAt(i); h1 = (h1 * 0x01000193) >>> 0; }
+  // h2 uses a different seed (0x050c5d1f — the FNV-1a hash of the string "vinext")
+  // so the two rounds are independently seeded and their outputs are decorrelated.
+  // Concatenating two independently-seeded 32-bit FNV-1a hashes gives an effective
+  // 64-bit hash. A random non-standard seed would also work; we derive it from a
+  // fixed string so the choice is auditable and deterministic across rebuilds.
+  let h2 = 0x050c5d1f;
+  for (let i = 0; i < s.length; i++) { h2 ^= s.charCodeAt(i); h2 = (h2 * 0x01000193) >>> 0; }
+  return h1.toString(36) + h2.toString(36);
+}
+function __isrCacheKey(pathname, suffix) {
+  const normalized = pathname === "/" ? "/" : pathname.replace(/\\/$/, "");
+  // __VINEXT_BUILD_ID is replaced at compile time by Vite's define plugin.
+  const buildId = process.env.__VINEXT_BUILD_ID;
+  const prefix = buildId ? "app:" + buildId : "app";
+  const key = prefix + ":" + normalized + ":" + suffix;
+  if (key.length <= 200) return key;
+  // Pathname too long — hash it to keep under KV's 512-byte key limit.
+  return prefix + ":__hash:" + __isrFnv1a64(normalized) + ":" + suffix;
+}
+function __isrHtmlKey(pathname) { return __isrCacheKey(pathname, "html"); }
+function __isrRscKey(pathname) { return __isrCacheKey(pathname, "rsc"); }
+// Verbose cache logging — opt in with NEXT_PRIVATE_DEBUG_CACHE=1.
+// Matches the env var Next.js uses for its own cache debug output so operators
+// have a single knob for all cache tracing.
+const __isrDebug = process.env.NEXT_PRIVATE_DEBUG_CACHE
+  ? console.debug.bind(console, "[vinext] ISR:")
+  : undefined;
 
 // Normalize null-prototype objects from matchPattern() into thenable objects
 // that work both as Promises (for Next.js 15+ async params) and as plain
@@ -431,7 +516,8 @@ function createRscOnErrorHandler(request, pathname, routePath) {
 
 ${imports.join("\n")}
 
-${instrumentationPath ? `// Run instrumentation register() exactly once, lazily on the first request.
+${instrumentationPath
+        ? `// Run instrumentation register() exactly once, lazily on the first request.
 // Previously this was a top-level await, which blocked the entire module graph
 // from finishing initialization until register() resolved — adding that latency
 // to every cold start. Moving it here preserves the "runs before any request is
@@ -460,7 +546,8 @@ async function __ensureInstrumentation() {
     __instrumentationInitialized = true;
   })();
   return __instrumentationInitPromise;
-}` : ""}
+}`
+        : ""}
 
 const routes = [
 ${routeEntries.join(",\n")}
@@ -556,7 +643,8 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
         element = createElement(LayoutSegmentProvider, { childSegments: _cs }, element);
       }
     }
-    ${globalErrorVar ? `
+    ${globalErrorVar
+        ? `
     const _GlobalErrorComponent = ${globalErrorVar}.default;
     if (_GlobalErrorComponent) {
       element = createElement(ErrorBoundary, {
@@ -564,7 +652,8 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
         children: element,
       });
     }
-    ` : ""}
+    `
+        : ""}
     const _pathname = new URL(request.url).pathname;
     const onRenderError = createRscOnErrorHandler(
       request,
@@ -644,12 +733,14 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       }
     }
   }
-  ${globalErrorVar ? `
+  ${globalErrorVar
+        ? `
   if (!ErrorComponent) {
     ErrorComponent = ${globalErrorVar}?.default ?? null;
     _isGlobalError = !!ErrorComponent;
   }
-  ` : ""}
+  `
+        : ""}
   if (!ErrorComponent) return null;
 
   const rawError = error instanceof Error ? error : new Error(String(error));
@@ -687,7 +778,8 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
           element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
         }
       }
-      ${globalErrorVar ? `
+      ${globalErrorVar
+        ? `
       const _ErrGlobalComponent = ${globalErrorVar}.default;
       if (_ErrGlobalComponent) {
         element = createElement(ErrorBoundary, {
@@ -695,7 +787,8 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
           children: element,
         });
       }
-      ` : ""}
+      `
+        : ""}
     } else {
       // For HTML (full page load) responses, wrap with layouts only.
       const _errParamsHtml = matchedParams ?? route?.params ?? {};
@@ -757,20 +850,20 @@ function matchRoute(url, routes) {
    // NOTE: Do NOT decodeURIComponent here. The caller is responsible for decoding
    // the pathname exactly once at the request entry point. Decoding again here
    // would cause inconsistent path matching between middleware and routing.
+  const urlParts = normalizedUrl.split("/").filter(Boolean);
   for (const route of routes) {
-    const params = matchPattern(normalizedUrl, route.pattern);
+    const params = matchPattern(urlParts, route.patternParts);
     if (params !== null) return { route, params };
   }
   return null;
 }
 
-function matchPattern(url, pattern) {
-  const urlParts = url.split("/").filter(Boolean);
-  const patternParts = pattern.split("/").filter(Boolean);
+function matchPattern(urlParts, patternParts) {
   const params = Object.create(null);
   for (let i = 0; i < patternParts.length; i++) {
     const pp = patternParts[i];
     if (pp.endsWith("+")) {
+      if (i !== patternParts.length - 1) return null;
       const paramName = pp.slice(1, -1);
       const remaining = urlParts.slice(i);
       if (remaining.length === 0) return null;
@@ -778,6 +871,7 @@ function matchPattern(url, pattern) {
       return params;
     }
     if (pp.endsWith("*")) {
+      if (i !== patternParts.length - 1) return null;
       const paramName = pp.slice(1, -1);
       params[paramName] = urlParts.slice(i);
       return params;
@@ -806,6 +900,7 @@ for (let ri = 0; ri < routes.length; ri++) {
         sourceRouteIndex: ri,
         slotName,
         targetPattern: intercept.targetPattern,
+        targetPatternParts: intercept.targetPattern.split("/").filter(Boolean),
         page: intercept.page,
         params: intercept.params,
       });
@@ -818,8 +913,9 @@ for (let ri = 0; ri < routes.length; ri++) {
  * Returns the match info or null.
  */
 function findIntercept(pathname) {
+  const urlParts = pathname.split("/").filter(Boolean);
   for (const entry of interceptLookup) {
-    const params = matchPattern(pathname, entry.targetPattern);
+    const params = matchPattern(urlParts, entry.targetPatternParts);
     if (params !== null) {
       return { ...entry, matchedParams: params };
     }
@@ -1105,7 +1201,8 @@ async function buildPageElement(route, params, opts, searchParams) {
   // For HTML requests (initial page load), the ErrorBoundary catches during SSR
   // but produces double <html>/<body> (root layout + global-error). The request
   // handler detects this via the rscOnError flag and re-renders without layouts.
-  ${globalErrorVar ? `
+  ${globalErrorVar
+        ? `
   const GlobalErrorComponent = ${globalErrorVar}.default;
   if (GlobalErrorComponent) {
     element = createElement(ErrorBoundary, {
@@ -1113,7 +1210,8 @@ async function buildPageElement(route, params, opts, searchParams) {
       children: element,
     });
   }
-  ` : ""}
+  `
+        : ""}
 
   return element;
 }
@@ -1122,6 +1220,7 @@ ${middlewarePath ? generateMiddlewareMatcherCode("modern") : ""}
 
 const __basePath = ${JSON.stringify(bp)};
 const __trailingSlash = ${JSON.stringify(ts)};
+const __i18nConfig = ${JSON.stringify(i18nConfig)};
 const __configRedirects = ${JSON.stringify(redirects)};
 const __configRewrites = ${JSON.stringify(rewrites)};
 const __configHeaders = ${JSON.stringify(headers)};
@@ -1160,7 +1259,7 @@ function __buildPostMwRequestContext(request) {
     headers: ctx.headers,
     cookies: cookiesRecord,
     query: url.searchParams,
-    host: ctx.headers.get("host") || url.host,
+    host: normalizeHost(ctx.headers.get("host"), url.hostname),
   };
 }
 
@@ -1230,18 +1329,24 @@ async function __readFormDataWithLimit(request, maxBytes) {
   return new Response(combined, { headers: { "Content-Type": contentType } }).formData();
 }
 
-export default async function handler(request) {
-  ${instrumentationPath ? `// Ensure instrumentation.register() has run before handling the first request.
+export default async function handler(request, ctx) {
+  ${instrumentationPath
+        ? `// Ensure instrumentation.register() has run before handling the first request.
   // This is a no-op after the first call (guarded by __instrumentationInitialized).
   await __ensureInstrumentation();
-  ` : ""}
+  `
+        : ""}
   // Wrap the entire request in nested AsyncLocalStorage.run() scopes to ensure
   // per-request isolation for all state modules. Each runWith*() creates an
   // ALS scope that propagates through all async continuations (including RSC
   // streaming), preventing state leakage between concurrent requests on
   // Cloudflare Workers and other concurrent runtimes.
+  //
+  // runWithExecutionContext stores the Workers ExecutionContext (ctx) in ALS so
+  // that KVCacheHandler._putInBackground can register background KV puts with
+  // ctx.waitUntil() without needing ctx passed at construction time.
   const headersCtx = headersContextFromRequest(request);
-  return runWithHeadersContext(headersCtx, () =>
+  const _run = () => runWithHeadersContext(headersCtx, () =>
     _runWithNavigationContext(() =>
       _runWithCacheState(() =>
         _runWithPrivateCache(() =>
@@ -1284,6 +1389,7 @@ export default async function handler(request) {
       )
     )
   );
+  return ctx ? _runWithExecutionContext(ctx, _run) : _run();
 }
 
 async function _handleRequest(request, __reqCtx, _mwCtx) {
@@ -1316,10 +1422,12 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   }
   let pathname = __normalizePath(decodedUrlPathname);
 
-  ${bp ? `
+  ${bp
+        ? `
   // Strip basePath prefix
   pathname = stripBasePath(pathname, __basePath);
-  ` : ""}
+  `
+        : ""}
 
   // Trailing slash normalization (redirect to canonical form)
   const __tsRedirect = normalizeTrailingSlash(pathname, __basePath, __trailingSlash, url.search);
@@ -1334,7 +1442,9 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     const __redir = matchRedirect(__redirPathname, __configRedirects, __reqCtx);
     if (__redir) {
       const __redirDest = sanitizeDestination(
-        __basePath && !__redir.destination.startsWith(__basePath)
+        __basePath &&
+          !isExternalUrl(__redir.destination) &&
+          !hasBasePath(__redir.destination, __basePath)
           ? __basePath + __redir.destination
           : __redir.destination
       );
@@ -1352,7 +1462,8 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   // _mwCtx (per-request container) so handler() can merge them into
   // every response path without module-level state that races on Workers.
 
-  ${middlewarePath ? `
+  ${middlewarePath
+        ? `
    // Run proxy/middleware if present and path matches.
    // Validate exports match the file type (proxy.ts vs middleware.ts), matching Next.js behavior.
    // https://github.com/vercel/next.js/blob/canary/test/e2e/app-dir/proxy-missing-export/proxy-missing-export.test.ts
@@ -1366,7 +1477,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     throw new Error("The " + _fileType + " file must export a function named \`" + _expectedExport + "\` or a \`default\` function.");
   }
   const middlewareMatcher = middlewareModule.config?.matcher;
-  if (matchesMiddleware(cleanPathname, middlewareMatcher)) {
+  if (matchesMiddleware(cleanPathname, middlewareMatcher, request, __i18nConfig)) {
     try {
       // Wrap in NextRequest so middleware gets .nextUrl, .cookies, .geo, .ip, etc.
        // Always construct a new Request with the fully decoded + normalized pathname
@@ -1434,7 +1545,8 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     applyMiddlewareRequestHeaders(_mwCtx.headers);
     processMiddlewareHeaders(_mwCtx.headers);
   }
-  ` : ""}
+  `
+        : ""}
 
   // Build post-middleware request context for afterFiles/fallback rewrites.
   // These run after middleware in the App Router execution order and should
@@ -1467,6 +1579,34 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
 
   // Handle metadata routes (sitemap.xml, robots.txt, manifest.webmanifest, etc.)
   for (const metaRoute of metadataRoutes) {
+    // generateSitemaps() support — paginated sitemaps at /{prefix}/sitemap/{id}.xml
+    // When a sitemap module exports generateSitemaps, the base URL (e.g. /products/sitemap.xml)
+    // is no longer served. Instead, individual sitemaps are served at /products/sitemap/{id}.xml.
+    if (
+      metaRoute.type === "sitemap" &&
+      metaRoute.isDynamic &&
+      typeof metaRoute.module.generateSitemaps === "function"
+    ) {
+      const sitemapPrefix = metaRoute.servedUrl.slice(0, -4); // strip ".xml"
+      // Match exactly /{prefix}/{id}.xml — one segment only (no slashes in id)
+      if (cleanPathname.startsWith(sitemapPrefix + "/") && cleanPathname.endsWith(".xml")) {
+        const rawId = cleanPathname.slice(sitemapPrefix.length + 1, -4);
+        if (rawId.includes("/")) continue; // multi-segment — not a paginated sitemap
+        const sitemaps = await metaRoute.module.generateSitemaps();
+        const matched = sitemaps.find(function(s) { return String(s.id) === rawId; });
+        if (!matched) return new Response("Not Found", { status: 404 });
+        // Pass the original typed id from generateSitemaps() so numeric IDs stay numeric.
+        // TODO: wrap with makeThenableParams-style Promise when upgrading to Next.js 16
+        // full-Promise param semantics (id becomes Promise<string> in v16).
+        const result = await metaRoute.module.default({ id: matched.id });
+        if (result instanceof Response) return result;
+        return new Response(sitemapToXml(result), {
+          headers: { "Content-Type": metaRoute.contentType },
+        });
+      }
+      // Skip — the base servedUrl is not served when generateSitemaps exists
+      continue;
+    }
     if (cleanPathname === metaRoute.servedUrl) {
       if (metaRoute.isDynamic) {
         // Dynamic metadata route — call the default export and serialize
@@ -1552,39 +1692,44 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       const action = await loadServerAction(actionId);
       let returnValue;
       let actionRedirect = null;
+      const previousHeadersPhase = setHeadersAccessPhase("action");
       try {
-        const data = await action.apply(null, args);
-        returnValue = { ok: true, data };
-      } catch (e) {
-        // Detect redirect() / permanentRedirect() called inside the action.
-        // These throw errors with digest "NEXT_REDIRECT;replace;url[;status]".
-        // The URL is encodeURIComponent-encoded to prevent semicolons in the URL
-        // from corrupting the delimiter-based digest format.
-        if (e && typeof e === "object" && "digest" in e) {
-          const digest = String(e.digest);
-          if (digest.startsWith("NEXT_REDIRECT;")) {
-            const parts = digest.split(";");
-            actionRedirect = {
-              url: decodeURIComponent(parts[2]),
-              type: parts[1] || "replace",       // "push" or "replace"
-              status: parts[3] ? parseInt(parts[3], 10) : 307,
-            };
-            returnValue = { ok: true, data: undefined };
-          } else if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
-            // notFound() / forbidden() / unauthorized() in action — package as error
-            returnValue = { ok: false, data: e };
+        try {
+          const data = await action.apply(null, args);
+          returnValue = { ok: true, data };
+        } catch (e) {
+          // Detect redirect() / permanentRedirect() called inside the action.
+          // These throw errors with digest "NEXT_REDIRECT;replace;url[;status]".
+          // The URL is encodeURIComponent-encoded to prevent semicolons in the URL
+          // from corrupting the delimiter-based digest format.
+          if (e && typeof e === "object" && "digest" in e) {
+            const digest = String(e.digest);
+            if (digest.startsWith("NEXT_REDIRECT;")) {
+              const parts = digest.split(";");
+              actionRedirect = {
+                url: decodeURIComponent(parts[2]),
+                type: parts[1] || "replace",       // "push" or "replace"
+                status: parts[3] ? parseInt(parts[3], 10) : 307,
+              };
+              returnValue = { ok: true, data: undefined };
+            } else if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+              // notFound() / forbidden() / unauthorized() in action — package as error
+              returnValue = { ok: false, data: e };
+            } else {
+              // Non-navigation digest error — sanitize in production to avoid
+              // leaking internal details (connection strings, paths, etc.)
+              console.error("[vinext] Server action error:", e);
+              returnValue = { ok: false, data: __sanitizeErrorForClient(e) };
+            }
           } else {
-            // Non-navigation digest error — sanitize in production to avoid
-            // leaking internal details (connection strings, paths, etc.)
+            // Unhandled error — sanitize in production to avoid leaking
+            // internal details (database errors, file paths, stack traces, etc.)
             console.error("[vinext] Server action error:", e);
             returnValue = { ok: false, data: __sanitizeErrorForClient(e) };
           }
-        } else {
-          // Unhandled error — sanitize in production to avoid leaking
-          // internal details (database errors, file paths, stack traces, etc.)
-          console.error("[vinext] Server action error:", e);
-          returnValue = { ok: false, data: __sanitizeErrorForClient(e) };
         }
+      } finally {
+        setHeadersAccessPhase(previousHeadersPhase);
       }
 
       // If the action called redirect(), signal the client to navigate.
@@ -1737,16 +1882,39 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     }
     const hasDefault = typeof handler["default"] === "function";
 
+    // Route handlers need the same middleware header/status merge behavior as
+    // page responses. This keeps middleware response headers visible on API
+    // routes in Workers/dev, and preserves custom rewrite status overrides.
+    function attachRouteHandlerMiddlewareContext(response) {
+      // _mwCtx.headers is only set (non-null) when middleware actually ran and
+      // produced a continue/rewrite response. An empty Headers object (middleware
+      // ran but produced no response headers) is a harmless edge case: the early
+      // return is skipped, but the copy loop below is a no-op, so no incorrect
+      // headers are added. The allocation cost in that case is acceptable.
+      if (!_mwCtx.headers && _mwCtx.status == null) return response;
+      const responseHeaders = new Headers(response.headers);
+      if (_mwCtx.headers) {
+        for (const [key, value] of _mwCtx.headers) {
+          responseHeaders.append(key, value);
+        }
+      }
+      return new Response(response.body, {
+        status: _mwCtx.status ?? response.status,
+        statusText: response.statusText,
+        headers: responseHeaders,
+      });
+    }
+
     // OPTIONS auto-implementation: respond with Allow header and 204
     if (method === "OPTIONS" && typeof handler["OPTIONS"] !== "function") {
       const allowMethods = hasDefault ? HTTP_METHODS : exportedMethods;
       if (!allowMethods.includes("OPTIONS")) allowMethods.push("OPTIONS");
       setHeadersContext(null);
       setNavigationContext(null);
-      return new Response(null, {
+      return attachRouteHandlerMiddlewareContext(new Response(null, {
         status: 204,
         headers: { "Allow": allowMethods.join(", ") },
-      });
+      }));
     }
 
     // HEAD auto-implementation: run GET handler and strip body
@@ -1758,12 +1926,20 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     }
 
     if (typeof handlerFn === "function") {
+      const previousHeadersPhase = setHeadersAccessPhase("route-handler");
       try {
         const response = await handlerFn(request, { params });
+        const dynamicUsedInHandler = consumeDynamicUsage();
 
         // Apply Cache-Control from route segment config (export const revalidate = N).
-        // Next.js sets s-maxage on GET route handlers with a numeric revalidate value.
-        if (revalidateSeconds !== null && (method === "GET" || isAutoHead) && !response.headers.has("cache-control")) {
+        // Runtime request APIs like headers() / cookies() make GET handlers dynamic,
+        // so only attach ISR headers when the handler stayed static.
+        if (
+          revalidateSeconds !== null &&
+          !dynamicUsedInHandler &&
+          (method === "GET" || isAutoHead) &&
+          !response.headers.has("cache-control")
+        ) {
           response.headers.set("cache-control", "s-maxage=" + revalidateSeconds + ", stale-while-revalidate");
         }
 
@@ -1782,28 +1958,28 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
           if (draftCookie) newHeaders.append("Set-Cookie", draftCookie);
 
           if (isAutoHead) {
-            return new Response(null, {
+            return attachRouteHandlerMiddlewareContext(new Response(null, {
               status: response.status,
               statusText: response.statusText,
               headers: newHeaders,
-            });
+            }));
           }
-          return new Response(response.body, {
+          return attachRouteHandlerMiddlewareContext(new Response(response.body, {
             status: response.status,
             statusText: response.statusText,
             headers: newHeaders,
-          });
+          }));
         }
 
         if (isAutoHead) {
           // Strip body for auto-HEAD, preserve headers and status
-          return new Response(null, {
+          return attachRouteHandlerMiddlewareContext(new Response(null, {
             status: response.status,
             statusText: response.statusText,
             headers: response.headers,
-          });
+          }));
         }
-        return response;
+        return attachRouteHandlerMiddlewareContext(response);
       } catch (err) {
         getAndClearPendingCookies(); // Clear any pending cookies on error
         // Catch redirect() / notFound() thrown from route handlers
@@ -1815,16 +1991,16 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
             const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
             setHeadersContext(null);
             setNavigationContext(null);
-            return new Response(null, {
+            return attachRouteHandlerMiddlewareContext(new Response(null, {
               status: statusCode,
               headers: { Location: new URL(redirectUrl, request.url).toString() },
-            });
+            }));
           }
           if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
             const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
             setHeadersContext(null);
             setNavigationContext(null);
-            return new Response(null, { status: statusCode });
+            return attachRouteHandlerMiddlewareContext(new Response(null, { status: statusCode }));
           }
         }
         setHeadersContext(null);
@@ -1837,15 +2013,17 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
         ).catch((reportErr) => {
           console.error("[vinext] Failed to report route handler error:", reportErr);
         });
-        return new Response(null, { status: 500 });
+        return attachRouteHandlerMiddlewareContext(new Response(null, { status: 500 }));
+      } finally {
+        setHeadersAccessPhase(previousHeadersPhase);
       }
     }
     setHeadersContext(null);
     setNavigationContext(null);
-    return new Response(null, {
+    return attachRouteHandlerMiddlewareContext(new Response(null, {
       status: 405,
       headers: { Allow: exportedMethods.join(", ") },
-    });
+    }));
   }
 
   // Build the component tree: layouts wrapping the page
@@ -1874,25 +2052,18 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     });
   }
 
-  // dynamic = 'error': set a trap context that throws when headers/cookies are accessed
+  // dynamic = 'error': install an access error so request APIs fail with the
+  // static-generation message even for legacy sync property access.
   if (isDynamicError) {
     const errorMsg = 'Page with \`dynamic = "error"\` used a dynamic API. ' +
       'This page was expected to be fully static, but headers(), cookies(), ' +
       'or searchParams was accessed. Remove the dynamic API usage or change ' +
       'the dynamic config to "auto" or "force-dynamic".';
-    const throwingHeaders = new Proxy(new Headers(), {
-      get(target, prop) {
-        if (typeof prop === "string" && prop !== "then") throw new Error(errorMsg);
-        return Reflect.get(target, prop);
-      },
+    setHeadersContext({
+      headers: new Headers(),
+      cookies: new Map(),
+      accessError: new Error(errorMsg),
     });
-    const throwingCookies = new Proxy(new Map(), {
-      get(target, prop) {
-        if (typeof prop === "string" && prop !== "then") throw new Error(errorMsg);
-        return Reflect.get(target, prop);
-      },
-    });
-    setHeadersContext({ headers: throwingHeaders, cookies: throwingCookies });
     setNavigationContext({
       pathname: cleanPathname,
       searchParams: new URLSearchParams(),
@@ -1900,7 +2071,177 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     });
   }
 
-  // dynamicParams = false: only params from generateStaticParams are allowed
+  // force-dynamic: set no-store Cache-Control
+  const isForceDynamic = dynamicConfig === "force-dynamic";
+
+  // ── ISR cache read (production only) ─────────────────────────────────────
+  // Read from cache BEFORE generateStaticParams and all rendering work.
+  // This is the critical performance optimization: on a cache hit we skip
+  // ALL expensive work (generateStaticParams, buildPageElement, layout probe,
+  // page probe, renderToReadableStream, SSR). Both HTML and RSC requests
+  // (client-side navigation / prefetch) are served from cache.
+  //
+  // HTML and RSC are stored under separate keys (matching Next.js's .html/.rsc
+  // file layout) so each request type reads and writes independently — no races,
+  // no partial-entry sentinels, no read-before-write hacks needed.
+  //
+  // force-static and dynamic='error' are compatible with ISR — they control
+  // how dynamic APIs behave during rendering, not whether results are cached.
+  // Only force-dynamic truly bypasses the ISR cache.
+  if (
+    process.env.NODE_ENV === "production" &&
+    !isForceDynamic &&
+    revalidateSeconds !== null && revalidateSeconds > 0 && revalidateSeconds !== Infinity
+  ) {
+    const __isrKey = isRscRequest ? __isrRscKey(cleanPathname) : __isrHtmlKey(cleanPathname);
+    try {
+      const __cached = await __isrGet(__isrKey);
+      if (__cached && !__cached.isStale && __cached.value.value && __cached.value.value.kind === "APP_PAGE") {
+        const __cachedValue = __cached.value.value;
+        const __hasRsc = !!__cachedValue.rscData;
+        const __hasHtml = typeof __cachedValue.html === "string" && __cachedValue.html.length > 0;
+        if (isRscRequest && __hasRsc) {
+          __isrDebug?.("HIT (RSC)", cleanPathname);
+          setHeadersContext(null);
+          setNavigationContext(null);
+          return new Response(__cachedValue.rscData, {
+            status: __cachedValue.status || 200,
+            headers: {
+              "Content-Type": "text/x-component; charset=utf-8",
+              "Cache-Control": "s-maxage=" + revalidateSeconds + ", stale-while-revalidate",
+              "Vary": "RSC, Accept",
+              "X-Vinext-Cache": "HIT",
+            },
+          });
+        }
+        if (!isRscRequest && __hasHtml) {
+          __isrDebug?.("HIT (HTML)", cleanPathname);
+          setHeadersContext(null);
+          setNavigationContext(null);
+          return new Response(__cachedValue.html, {
+            status: __cachedValue.status || 200,
+            headers: {
+              "Content-Type": "text/html; charset=utf-8",
+              "Cache-Control": "s-maxage=" + revalidateSeconds + ", stale-while-revalidate",
+              "Vary": "RSC, Accept",
+              "X-Vinext-Cache": "HIT",
+            },
+          });
+        }
+        __isrDebug?.("MISS (empty cached entry)", cleanPathname);
+      }
+      if (__cached && __cached.isStale && __cached.value.value && __cached.value.value.kind === "APP_PAGE") {
+        // Stale cache hit — serve stale immediately, trigger background regeneration.
+        // Regen writes both keys independently so neither path blocks on the other.
+        const __staleValue = __cached.value.value;
+        const __staleStatus = __staleValue.status || 200;
+        const __revalSecs = revalidateSeconds;
+        __triggerBackgroundRegeneration(cleanPathname, async function() {
+          // Re-render the page to produce fresh HTML + RSC data for the cache
+          // Use an empty headers context for background regeneration — not the original
+          // user request — to prevent user-specific cookies/auth headers from leaking
+          // into content that is cached and served to all subsequent users.
+          const __revalHeadCtx = { headers: new Headers(), cookies: new Map() };
+          const __revalResult = await runWithHeadersContext(__revalHeadCtx, () =>
+            _runWithNavigationContext(() =>
+              _runWithCacheState(() =>
+                _runWithPrivateCache(() =>
+                  runWithFetchCache(async () => {
+                    setNavigationContext({ pathname: cleanPathname, searchParams: url.searchParams, params });
+                    const __revalElement = await buildPageElement(route, params, undefined, url.searchParams);
+                    const __revalOnError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+                    const __revalRscStream = renderToReadableStream(__revalElement, { onError: __revalOnError });
+                    // Tee RSC stream: one for SSR, one to capture rscData
+                    const [__revalRscForSsr, __revalRscForCapture] = __revalRscStream.tee();
+                    // Capture rscData bytes in parallel with SSR
+                    const __rscDataPromise = (async () => {
+                      const __rscReader = __revalRscForCapture.getReader();
+                      const __rscChunks = [];
+                      let __rscTotal = 0;
+                      for (;;) {
+                        const { done, value } = await __rscReader.read();
+                        if (done) break;
+                        __rscChunks.push(value);
+                        __rscTotal += value.byteLength;
+                      }
+                      const __rscBuf = new Uint8Array(__rscTotal);
+                      let __rscOff = 0;
+                      for (const c of __rscChunks) { __rscBuf.set(c, __rscOff); __rscOff += c.byteLength; }
+                      return __rscBuf.buffer;
+                    })();
+                    const __revalFontData = { links: _getSSRFontLinks(), styles: _getSSRFontStyles(), preloads: _getSSRFontPreloads() };
+                    const __revalSsrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+                    const __revalHtmlStream = await __revalSsrEntry.handleSsr(__revalRscForSsr, _getNavigationContext(), __revalFontData);
+                    setHeadersContext(null);
+                    setNavigationContext(null);
+                    // Collect the full HTML string from the stream
+                    const __revalReader = __revalHtmlStream.getReader();
+                    const __revalDecoder = new TextDecoder();
+                    const __revalChunks = [];
+                    for (;;) {
+                      const { done, value } = await __revalReader.read();
+                      if (done) break;
+                      __revalChunks.push(__revalDecoder.decode(value, { stream: true }));
+                    }
+                    __revalChunks.push(__revalDecoder.decode());
+                    const __freshHtml = __revalChunks.join("");
+                    const __freshRscData = await __rscDataPromise;
+                    const __pageTags = __pageCacheTags(cleanPathname, getCollectedFetchTags());
+                    return { html: __freshHtml, rscData: __freshRscData, tags: __pageTags };
+                  })
+                )
+              )
+            )
+          );
+          // Write HTML and RSC to their own keys independently — no races
+          await Promise.all([
+            __isrSet(__isrHtmlKey(cleanPathname), { kind: "APP_PAGE", html: __revalResult.html, rscData: undefined, headers: undefined, postponed: undefined, status: 200 }, __revalSecs, __revalResult.tags),
+            __isrSet(__isrRscKey(cleanPathname), { kind: "APP_PAGE", html: "", rscData: __revalResult.rscData, headers: undefined, postponed: undefined, status: 200 }, __revalSecs, __revalResult.tags),
+          ]);
+          __isrDebug?.("regen complete", cleanPathname);
+        });
+        if (isRscRequest && __staleValue.rscData) {
+          __isrDebug?.("STALE (RSC)", cleanPathname);
+          setHeadersContext(null);
+          setNavigationContext(null);
+          return new Response(__staleValue.rscData, {
+            status: __staleStatus,
+            headers: {
+              "Content-Type": "text/x-component; charset=utf-8",
+              "Cache-Control": "s-maxage=0, stale-while-revalidate",
+              "Vary": "RSC, Accept",
+              "X-Vinext-Cache": "STALE",
+            },
+          });
+        }
+        if (!isRscRequest && typeof __staleValue.html === "string" && __staleValue.html.length > 0) {
+          __isrDebug?.("STALE (HTML)", cleanPathname);
+          setHeadersContext(null);
+          setNavigationContext(null);
+          return new Response(__staleValue.html, {
+            status: __staleStatus,
+            headers: {
+              "Content-Type": "text/html; charset=utf-8",
+              "Cache-Control": "s-maxage=0, stale-while-revalidate",
+              "Vary": "RSC, Accept",
+              "X-Vinext-Cache": "STALE",
+            },
+          });
+        }
+        // Stale entry exists but is empty for this request type — fall through to render
+        __isrDebug?.("STALE MISS (empty stale entry)", cleanPathname);
+      }
+      if (!__cached) {
+        __isrDebug?.("MISS (no cache entry)", cleanPathname);
+      }
+    } catch (__isrReadErr) {
+      // Cache read failure — fall through to normal rendering
+      console.error("[vinext] ISR cache read error:", __isrReadErr);
+    }
+  }
+
+  // dynamicParams = false: only params from generateStaticParams are allowed.
+  // This runs AFTER the ISR cache read so that a cache hit skips this work entirely.
   if (dynamicParamsConfig === false && route.isDynamic && typeof route.page?.generateStaticParams === "function") {
     try {
       // Pass parent params to generateStaticParams (Next.js top-down params passing).
@@ -1930,9 +2271,6 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     }
   }
 
-  // force-dynamic: set no-store Cache-Control
-  const isForceDynamic = dynamicConfig === "force-dynamic";
-
   // Check for intercepting routes on RSC requests (client-side navigation).
   // If the target URL matches an intercepting route in a parallel slot,
   // render the source route with the intercepting page in the slot.
@@ -2165,6 +2503,34 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   };
   const rscStream = renderToReadableStream(element, { onError: onRenderError });
 
+  // For ISR pages in production: tee the RSC stream immediately after creation so we
+  // can capture rscData for BOTH RSC requests (client-side nav/prefetch) and HTML
+  // requests. The tee must happen here — before the isRscRequest branch — so both
+  // paths can use the captured bytes when writing to the ISR cache.
+  //   __rscForResponse  → sent to the client (RSC response) or to SSR (HTML response)
+  //   __isrRscDataPromise → resolves to ArrayBuffer of captured RSC wire bytes
+  let __rscForResponse = rscStream;
+  let __isrRscDataPromise = null;
+  if (process.env.NODE_ENV === "production" && revalidateSeconds !== null && revalidateSeconds > 0 && revalidateSeconds !== Infinity && !isForceDynamic) {
+    const [__rscA, __rscB] = rscStream.tee();
+    __rscForResponse = __rscA;
+    __isrRscDataPromise = (async () => {
+      const __rscReader = __rscB.getReader();
+      const __rscChunks = [];
+      let __rscTotal = 0;
+      for (;;) {
+        const { done, value } = await __rscReader.read();
+        if (done) break;
+        __rscChunks.push(value);
+        __rscTotal += value.byteLength;
+      }
+      const __rscBuf = new Uint8Array(__rscTotal);
+      let __rscOff = 0;
+      for (const c of __rscChunks) { __rscBuf.set(c, __rscOff); __rscOff += c.byteLength; }
+      return __rscBuf.buffer;
+    })();
+  }
+
   if (isRscRequest) {
     // Direct RSC stream response (for client-side navigation)
     // NOTE: Do NOT clear headers/navigation context here!
@@ -2181,6 +2547,9 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     } else if ((isForceStatic || isDynamicError) && !revalidateSeconds) {
       responseHeaders["Cache-Control"] = "s-maxage=31536000, stale-while-revalidate";
       responseHeaders["X-Vinext-Cache"] = "STATIC";
+    } else if (revalidateSeconds === Infinity) {
+      responseHeaders["Cache-Control"] = "s-maxage=31536000, stale-while-revalidate";
+      responseHeaders["X-Vinext-Cache"] = "STATIC";
     } else if (revalidateSeconds) {
       responseHeaders["Cache-Control"] = "s-maxage=" + revalidateSeconds + ", stale-while-revalidate";
     }
@@ -2230,7 +2599,26 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       const compileMs = __compileEnd !== undefined ? Math.round(__compileEnd - __reqStart) : -1;
       responseHeaders["x-vinext-timing"] = handlerStart + "," + compileMs + ",-1";
     }
-    return new Response(rscStream, { status: _mwCtx.status || 200, headers: responseHeaders });
+    // For ISR-eligible RSC requests in production: write rscData to its own key.
+    // HTML is stored under a separate key (written by the HTML path below) so
+    // these writes never race or clobber each other.
+    if (process.env.NODE_ENV === "production" && __isrRscDataPromise) {
+      responseHeaders["X-Vinext-Cache"] = "MISS";
+      const __isrKeyRsc = __isrRscKey(cleanPathname);
+      const __revalSecsRsc = revalidateSeconds;
+      const __rscWritePromise = (async () => {
+        try {
+          const __rscDataForCache = await __isrRscDataPromise;
+          const __pageTags = __pageCacheTags(cleanPathname, getCollectedFetchTags());
+          await __isrSet(__isrKeyRsc, { kind: "APP_PAGE", html: "", rscData: __rscDataForCache, headers: undefined, postponed: undefined, status: 200 }, __revalSecsRsc, __pageTags);
+          __isrDebug?.("RSC cache written", __isrKeyRsc);
+        } catch (__rscWriteErr) {
+          console.error("[vinext] ISR RSC cache write error:", __rscWriteErr);
+        }
+      })();
+      _getRequestExecutionContext()?.waitUntil(__rscWritePromise);
+    }
+    return new Response(__rscForResponse, { status: _mwCtx.status || 200, headers: responseHeaders });
   }
 
   // Collect font data from RSC environment before passing to SSR
@@ -2251,11 +2639,16 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   }
   const fontLinkHeader = fontLinkHeaderParts.length > 0 ? fontLinkHeaderParts.join(", ") : "";
 
+  // __rscForResponse was already teed above (before isRscRequest) for ISR pages in
+  // production. For non-ISR or dev, __rscForResponse === rscStream (no tee).
+  // __isrRscDataPromise resolves to rscData bytes used by the RSC write path above;
+  // the HTML write path below uses its own separate key and does not need rscData.
+
   // Delegate to SSR environment for HTML rendering
   let htmlStream;
   try {
     const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
-    htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+    htmlStream = await ssrEntry.handleSsr(__rscForResponse, _getNavigationContext(), fontData);
     // Shell render complete; Suspense boundaries stream asynchronously
     if (process.env.NODE_ENV !== "production") __renderEnd = performance.now();
   } catch (ssrErr) {
@@ -2271,7 +2664,8 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   // the HTML output has double <html>/<body> (root layout + global-error.tsx).
   // Discard it and re-render using renderErrorBoundaryPage which skips layouts
   // when the error falls through to global-error.tsx.
-  ${globalErrorVar ? `
+  ${globalErrorVar
+        ? `
   if (_rscErrorForRerender && !isRscRequest) {
     const _hasLocalBoundary = !!(route?.error?.default) || !!(route?.errors && route.errors.some(function(e) { return e?.default; }));
     if (!_hasLocalBoundary) {
@@ -2279,7 +2673,8 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       if (cleanResp) return cleanResp;
     }
   }
-  ` : ""}
+  `
+        : ""}
 
   // Check for draftMode Set-Cookie header (from draftMode().enable()/disable())
   const draftCookie = getDraftModeCookieHeader();
@@ -2357,8 +2752,8 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   // force-static / error: treat as static regardless of dynamic usage.
   // force-static intentionally provides empty headers/cookies context so
   // dynamic APIs return safe defaults; we ignore the dynamic usage signal.
-  // dynamic='error' should have already thrown (via throwing Proxy) if user
-  // code accessed dynamic APIs, so reaching here means rendering succeeded.
+  // dynamic='error' should have already thrown via the request API accessError
+  // trap if user code touched a dynamic API, so reaching here means rendering succeeded.
   if ((isForceStatic || isDynamicError) && (revalidateSeconds === null || revalidateSeconds === 0)) {
     return attachMiddlewareContext(new Response(htmlStream, {
       headers: {
@@ -2382,9 +2777,72 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     }));
   }
 
-  // Emit Cache-Control for ISR pages so tests can verify revalidate values,
-  // but skip actual caching in dev — every request renders fresh.
-  if (revalidateSeconds !== null && revalidateSeconds > 0) {
+  // Emit Cache-Control for ISR pages and write to ISR cache on MISS (production only).
+  // revalidate=Infinity means "cache forever" (no periodic revalidation) — treated as
+  // static here so we emit s-maxage=31536000 but skip ISR cache management.
+  if (revalidateSeconds !== null && revalidateSeconds > 0 && revalidateSeconds !== Infinity) {
+    // In production, tee the HTML response body to simultaneously stream to the
+    // client and collect the full HTML string for the ISR cache. rscData was
+    // already captured above by teeing the RSC stream before SSR.
+    // In dev, skip the tee and the X-Vinext-Cache header — every request renders
+    // fresh (no cache reads or writes in dev mode).
+    if (process.env.NODE_ENV === "production") {
+      const __isrResponseProd = attachMiddlewareContext(new Response(htmlStream, {
+        headers: {
+          "Content-Type": "text/html; charset=utf-8",
+          "Cache-Control": "s-maxage=" + revalidateSeconds + ", stale-while-revalidate",
+          "Vary": "RSC, Accept",
+          "X-Vinext-Cache": "MISS",
+        },
+      }));
+      if (__isrResponseProd.body) {
+        const [__streamForClient, __streamForCache] = __isrResponseProd.body.tee();
+        const __isrKey = __isrHtmlKey(cleanPathname);
+        const __isrKeyRscFromHtml = __isrRscKey(cleanPathname);
+        const __revalSecs = revalidateSeconds;
+        const __capturedRscDataPromise = __isrRscDataPromise;
+        const __cachePromise = (async () => {
+          try {
+            const __reader = __streamForCache.getReader();
+            const __decoder = new TextDecoder();
+            const __chunks = [];
+            for (;;) {
+              const { done, value } = await __reader.read();
+              if (done) break;
+              __chunks.push(__decoder.decode(value, { stream: true }));
+            }
+            __chunks.push(__decoder.decode());
+            const __fullHtml = __chunks.join("");
+            const __pageTags = __pageCacheTags(cleanPathname, getCollectedFetchTags());
+            // Write HTML and RSC to their own keys independently.
+            // RSC data was captured by the tee above (before isRscRequest branch)
+            // so an initial browser visit (HTML request) also populates the RSC key,
+            // ensuring the first client-side navigation after a direct visit is a
+            // cache hit rather than a miss.
+            const __writes = [
+              __isrSet(__isrKey, { kind: "APP_PAGE", html: __fullHtml, rscData: undefined, headers: undefined, postponed: undefined, status: 200 }, __revalSecs, __pageTags),
+            ];
+            if (__capturedRscDataPromise) {
+              __writes.push(
+                __capturedRscDataPromise.then((__rscBuf) =>
+                  __isrSet(__isrKeyRscFromHtml, { kind: "APP_PAGE", html: "", rscData: __rscBuf, headers: undefined, postponed: undefined, status: 200 }, __revalSecs, __pageTags)
+                )
+              );
+            }
+            await Promise.all(__writes);
+            __isrDebug?.("HTML cache written", __isrKey);
+          } catch (__cacheErr) {
+            console.error("[vinext] ISR cache write error:", __cacheErr);
+          }
+        })();
+        // Register with ExecutionContext (from ALS) so the Workers runtime keeps
+        // the isolate alive until the cache write finishes, even after the response is sent.
+        _getRequestExecutionContext()?.waitUntil(__cachePromise);
+        return new Response(__streamForClient, { status: __isrResponseProd.status, headers: __isrResponseProd.headers });
+      }
+      return __isrResponseProd;
+    }
+    // Dev mode: return Cache-Control header but no X-Vinext-Cache (no cache read/write)
     return attachMiddlewareContext(new Response(htmlStream, {
       headers: {
         "Content-Type": "text/html; charset=utf-8",
@@ -2394,6 +2852,19 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     }));
   }
 
+  // revalidate=Infinity (or false, which Next.js normalises to false/0): treat as
+  // permanent static — emit the longest safe s-maxage but skip ISR cache management.
+  if (revalidateSeconds === Infinity) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "s-maxage=31536000, stale-while-revalidate",
+        "X-Vinext-Cache": "STATIC",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
   return attachMiddlewareContext(new Response(htmlStream, {
     headers: { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" },
   }));