vinext 0.0.30 → 0.0.32

package/dist/shims/server.js

@@ -1,497 +1,564 @@
-/**
- * next/server shim
- *
- * Provides NextRequest, NextResponse, and related types that work with
- * standard Web APIs (Request/Response). This means they work on Node,
- * Cloudflare Workers, Deno, and any WinterCG-compatible runtime.
- *
- * This is a pragmatic subset — we implement the most commonly used APIs
- * rather than bug-for-bug parity with Next.js internals.
- */
 import { encodeMiddlewareRequestHeaders } from "../server/middleware-request-headers.js";
 import { parseCookieHeader } from "./internal/parse-cookie-header.js";
-// ---------------------------------------------------------------------------
-// NextRequest
-// ---------------------------------------------------------------------------
-export class NextRequest extends Request {
-    _nextUrl;
-    _cookies;
-    constructor(input, init) {
-        // Handle the case where input is a Request object - we need to extract URL and init
-        // to avoid Node.js undici issues with passing Request objects directly to super()
-        if (input instanceof Request) {
-            const req = input;
-            super(req.url, {
-                method: req.method,
-                headers: req.headers,
-                body: req.body,
-                // @ts-expect-error - duplex is not in RequestInit type but needed for streams
-                duplex: req.body ? "half" : undefined,
-                ...init,
-            });
-        }
-        else {
-            super(input, init);
-        }
-        const url = typeof input === "string"
-            ? new URL(input, "http://localhost")
-            : input instanceof URL
-                ? input
-                : new URL(input.url, "http://localhost");
-        this._nextUrl = new NextURL(url);
-        this._cookies = new RequestCookies(this.headers);
-    }
-    get nextUrl() {
-        return this._nextUrl;
-    }
-    get cookies() {
-        return this._cookies;
-    }
-    /**
-     * Client IP address. Prefers Cloudflare's trusted CF-Connecting-IP header
-     * over the spoofable X-Forwarded-For. Returns undefined if unavailable.
-     */
-    get ip() {
-        return (this.headers.get("cf-connecting-ip") ??
-            this.headers.get("x-real-ip") ??
-            this.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ??
-            undefined);
-    }
-    /**
-     * Geolocation data. Platform-dependent (e.g., Cloudflare, Vercel).
-     * Returns undefined if not available.
-     */
-    get geo() {
-        // Check Cloudflare-style headers, Vercel-style headers
-        const country = this.headers.get("cf-ipcountry") ?? this.headers.get("x-vercel-ip-country") ?? undefined;
-        if (!country)
-            return undefined;
-        return {
-            country,
-            city: this.headers.get("cf-ipcity") ?? this.headers.get("x-vercel-ip-city") ?? undefined,
-            region: this.headers.get("cf-region") ??
-                this.headers.get("x-vercel-ip-country-region") ??
-                undefined,
-            latitude: this.headers.get("cf-iplatitude") ?? this.headers.get("x-vercel-ip-latitude") ?? undefined,
-            longitude: this.headers.get("cf-iplongitude") ??
-                this.headers.get("x-vercel-ip-longitude") ??
-                undefined,
-        };
-    }
-    /**
-     * The build ID of the Next.js application.
-     * Delegates to `nextUrl.buildId` to match Next.js API surface.
-     * Can be used in middleware to detect deployment skew between client and server.
-     */
-    get buildId() {
-        return this._nextUrl.buildId;
-    }
-}
-// ---------------------------------------------------------------------------
-// NextResponse
-// ---------------------------------------------------------------------------
-export class NextResponse extends Response {
-    _cookies;
-    constructor(body, init) {
-        super(body, init);
-        this._cookies = new ResponseCookies(this.headers);
-    }
-    get cookies() {
-        return this._cookies;
-    }
-    /**
-     * Create a JSON response.
-     */
-    static json(body, init) {
-        const headers = new Headers(init?.headers);
-        if (!headers.has("content-type")) {
-            headers.set("content-type", "application/json");
-        }
-        return new NextResponse(JSON.stringify(body), {
-            ...init,
-            headers,
-        });
-    }
-    /**
-     * Create a redirect response.
-     */
-    static redirect(url, init) {
-        const status = typeof init === "number" ? init : (init?.status ?? 307);
-        const destination = typeof url === "string" ? url : url.toString();
-        const headers = new Headers(typeof init === "object" ? init?.headers : undefined);
-        headers.set("Location", destination);
-        return new NextResponse(null, { status, headers });
-    }
-    /**
-     * Create a rewrite response (middleware pattern).
-     * Sets the x-middleware-rewrite header.
-     */
-    static rewrite(destination, init) {
-        const url = typeof destination === "string" ? destination : destination.toString();
-        const headers = new Headers(init?.headers);
-        headers.set("x-middleware-rewrite", url);
-        if (init?.request?.headers) {
-            encodeMiddlewareRequestHeaders(headers, init.request.headers);
-        }
-        return new NextResponse(null, { ...init, headers });
-    }
-    /**
-     * Continue to the next handler (middleware pattern).
-     * Sets the x-middleware-next header.
-     */
-    static next(init) {
-        const headers = new Headers(init?.headers);
-        headers.set("x-middleware-next", "1");
-        if (init?.request?.headers) {
-            encodeMiddlewareRequestHeaders(headers, init.request.headers);
-        }
-        return new NextResponse(null, { ...init, headers });
-    }
-}
-// ---------------------------------------------------------------------------
-// NextURL — lightweight URL wrapper with pathname helpers
-// ---------------------------------------------------------------------------
-export class NextURL {
-    _url;
-    constructor(input, base) {
-        this._url = new URL(input.toString(), base);
-    }
-    get href() {
-        return this._url.href;
-    }
-    set href(value) {
-        this._url.href = value;
-    }
-    get origin() {
-        return this._url.origin;
-    }
-    get protocol() {
-        return this._url.protocol;
-    }
-    set protocol(value) {
-        this._url.protocol = value;
-    }
-    get username() {
-        return this._url.username;
-    }
-    set username(value) {
-        this._url.username = value;
-    }
-    get password() {
-        return this._url.password;
-    }
-    set password(value) {
-        this._url.password = value;
-    }
-    get host() {
-        return this._url.host;
-    }
-    set host(value) {
-        this._url.host = value;
-    }
-    get hostname() {
-        return this._url.hostname;
-    }
-    set hostname(value) {
-        this._url.hostname = value;
-    }
-    get port() {
-        return this._url.port;
-    }
-    set port(value) {
-        this._url.port = value;
-    }
-    get pathname() {
-        return this._url.pathname;
-    }
-    set pathname(value) {
-        this._url.pathname = value;
-    }
-    get search() {
-        return this._url.search;
-    }
-    set search(value) {
-        this._url.search = value;
-    }
-    get searchParams() {
-        return this._url.searchParams;
-    }
-    get hash() {
-        return this._url.hash;
-    }
-    set hash(value) {
-        this._url.hash = value;
-    }
-    clone() {
-        return new NextURL(this._url.href);
-    }
-    toString() {
-        return this._url.toString();
-    }
-    /**
-     * The build ID of the Next.js application.
-     * Set from `generateBuildId` in next.config.js, or a random UUID if not configured.
-     * Can be used in middleware to detect deployment skew between client and server.
-     * Matches the Next.js API: `request.nextUrl.buildId`.
-     */
-    get buildId() {
-        return process.env.__VINEXT_BUILD_ID ?? undefined;
-    }
-}
-export class RequestCookies {
-    _headers;
-    _parsed;
-    constructor(headers) {
-        this._headers = headers;
-        this._parsed = parseCookieHeader(headers.get("cookie") ?? "");
-    }
-    get(name) {
-        const value = this._parsed.get(name);
-        return value !== undefined ? { name, value } : undefined;
-    }
-    getAll(nameOrOptions) {
-        const name = typeof nameOrOptions === "string" ? nameOrOptions : nameOrOptions?.name;
-        return [...this._parsed.entries()]
-            .filter(([cookieName]) => name === undefined || cookieName === name)
-            .map(([cookieName, value]) => ({ name: cookieName, value }));
-    }
-    has(name) {
-        return this._parsed.has(name);
-    }
-    set(nameOrOptions, value) {
-        let cookieName;
-        let cookieValue;
-        if (typeof nameOrOptions === "string") {
-            cookieName = nameOrOptions;
-            cookieValue = value ?? "";
-        }
-        else {
-            cookieName = nameOrOptions.name;
-            cookieValue = nameOrOptions.value;
-        }
-        this._parsed.set(cookieName, cookieValue);
-        this._syncHeader();
-        return this;
-    }
-    delete(names) {
-        if (Array.isArray(names)) {
-            const results = names.map((name) => this._parsed.delete(name));
-            this._syncHeader();
-            return results;
-        }
-        const result = this._parsed.delete(names);
-        this._syncHeader();
-        return result;
-    }
-    clear() {
-        this._parsed.clear();
-        this._syncHeader();
-        return this;
-    }
-    get size() {
-        return this._parsed.size;
-    }
-    toString() {
-        return this._serialize();
-    }
-    _serialize() {
-        return [...this._parsed.entries()].map(([n, v]) => `${n}=${encodeURIComponent(v)}`).join("; ");
-    }
-    _syncHeader() {
-        if (this._parsed.size === 0) {
-            this._headers.delete("cookie");
-        }
-        else {
-            this._headers.set("cookie", this._serialize());
-        }
-    }
-    [Symbol.iterator]() {
-        const entries = this.getAll().map((c) => [c.name, c]);
-        return entries[Symbol.iterator]();
-    }
+import { getRequestExecutionContext } from "./request-context.js";
+//#region src/shims/server.ts
+/**
+* next/server shim
+*
+* Provides NextRequest, NextResponse, and related types that work with
+* standard Web APIs (Request/Response). This means they work on Node,
+* Cloudflare Workers, Deno, and any WinterCG-compatible runtime.
+*
+* This is a pragmatic subset — we implement the most commonly used APIs
+* rather than bug-for-bug parity with Next.js internals.
+*/
+const _USE_CACHE_ALS_KEY = Symbol.for("vinext.cacheRuntime.contextAls");
+const _UNSTABLE_CACHE_ALS_KEY = Symbol.for("vinext.unstableCache.als");
+const _g = globalThis;
+function _throwIfInsideCacheScope(apiName) {
+	if (_g[_USE_CACHE_ALS_KEY]?.getStore() != null) throw new Error(`\`${apiName}\` cannot be called inside "use cache". If you need this data inside a cached function, call \`${apiName}\` outside and pass the required data as an argument.`);
+	if (_g[_UNSTABLE_CACHE_ALS_KEY]?.getStore() === true) throw new Error(`\`${apiName}\` cannot be called inside a function cached with \`unstable_cache()\`. If you need this data inside a cached function, call \`${apiName}\` outside and pass the required data as an argument.`);
 }
+var NextRequest = class extends Request {
+	_nextUrl;
+	_cookies;
+	constructor(input, init) {
+		const { nextConfig: _nextConfig, ...requestInit } = init ?? {};
+		if (input instanceof Request) {
+			const req = input;
+			super(req.url, {
+				method: req.method,
+				headers: req.headers,
+				body: req.body,
+				duplex: req.body ? "half" : void 0,
+				...requestInit
+			});
+		} else super(input, requestInit);
+		this._nextUrl = new NextURL(typeof input === "string" ? new URL(input, "http://localhost") : input instanceof URL ? input : new URL(input.url, "http://localhost"), void 0, _nextConfig ? {
+			basePath: _nextConfig.basePath,
+			nextConfig: { i18n: _nextConfig.i18n }
+		} : void 0);
+		this._cookies = new RequestCookies(this.headers);
+	}
+	get nextUrl() {
+		return this._nextUrl;
+	}
+	get cookies() {
+		return this._cookies;
+	}
+	/**
+	* Client IP address. Prefers Cloudflare's trusted CF-Connecting-IP header
+	* over the spoofable X-Forwarded-For. Returns undefined if unavailable.
+	*/
+	get ip() {
+		return this.headers.get("cf-connecting-ip") ?? this.headers.get("x-real-ip") ?? this.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ?? void 0;
+	}
+	/**
+	* Geolocation data. Platform-dependent (e.g., Cloudflare, Vercel).
+	* Returns undefined if not available.
+	*/
+	get geo() {
+		const country = this.headers.get("cf-ipcountry") ?? this.headers.get("x-vercel-ip-country") ?? void 0;
+		if (!country) return void 0;
+		return {
+			country,
+			city: this.headers.get("cf-ipcity") ?? this.headers.get("x-vercel-ip-city") ?? void 0,
+			region: this.headers.get("cf-region") ?? this.headers.get("x-vercel-ip-country-region") ?? void 0,
+			latitude: this.headers.get("cf-iplatitude") ?? this.headers.get("x-vercel-ip-latitude") ?? void 0,
+			longitude: this.headers.get("cf-iplongitude") ?? this.headers.get("x-vercel-ip-longitude") ?? void 0
+		};
+	}
+	/**
+	* The build ID of the Next.js application.
+	* Delegates to `nextUrl.buildId` to match Next.js API surface.
+	* Can be used in middleware to detect deployment skew between client and server.
+	*/
+	get buildId() {
+		return this._nextUrl.buildId;
+	}
+};
+var NextResponse = class NextResponse extends Response {
+	_cookies;
+	constructor(body, init) {
+		super(body, init);
+		this._cookies = new ResponseCookies(this.headers);
+	}
+	get cookies() {
+		return this._cookies;
+	}
+	/**
+	* Create a JSON response.
+	*/
+	static json(body, init) {
+		const headers = new Headers(init?.headers);
+		if (!headers.has("content-type")) headers.set("content-type", "application/json");
+		return new NextResponse(JSON.stringify(body), {
+			...init,
+			headers
+		});
+	}
+	/**
+	* Create a redirect response.
+	*/
+	static redirect(url, init) {
+		const status = typeof init === "number" ? init : init?.status ?? 307;
+		const destination = typeof url === "string" ? url : url.toString();
+		const headers = new Headers(typeof init === "object" ? init?.headers : void 0);
+		headers.set("Location", destination);
+		return new NextResponse(null, {
+			status,
+			headers
+		});
+	}
+	/**
+	* Create a rewrite response (middleware pattern).
+	* Sets the x-middleware-rewrite header.
+	*/
+	static rewrite(destination, init) {
+		const url = typeof destination === "string" ? destination : destination.toString();
+		const headers = new Headers(init?.headers);
+		headers.set("x-middleware-rewrite", url);
+		if (init?.request?.headers) encodeMiddlewareRequestHeaders(headers, init.request.headers);
+		return new NextResponse(null, {
+			...init,
+			headers
+		});
+	}
+	/**
+	* Continue to the next handler (middleware pattern).
+	* Sets the x-middleware-next header.
+	*/
+	static next(init) {
+		const headers = new Headers(init?.headers);
+		headers.set("x-middleware-next", "1");
+		if (init?.request?.headers) encodeMiddlewareRequestHeaders(headers, init.request.headers);
+		return new NextResponse(null, {
+			...init,
+			headers
+		});
+	}
+};
+var NextURL = class NextURL {
+	/** Internal URL stores the pathname WITHOUT basePath or locale prefix. */
+	_url;
+	_basePath;
+	_locale;
+	_defaultLocale;
+	_locales;
+	constructor(input, base, config) {
+		this._url = new URL(input.toString(), base);
+		this._basePath = config?.basePath ?? "";
+		this._stripBasePath();
+		const i18n = config?.nextConfig?.i18n;
+		if (i18n) {
+			this._locales = [...i18n.locales];
+			this._defaultLocale = i18n.defaultLocale;
+			this._analyzeLocale(this._locales);
+		}
+	}
+	/** Strip basePath prefix from the internal pathname. */
+	_stripBasePath() {
+		if (!this._basePath) return;
+		const { pathname } = this._url;
+		if (pathname === this._basePath || pathname.startsWith(this._basePath + "/")) this._url.pathname = pathname.slice(this._basePath.length) || "/";
+	}
+	/** Extract locale from pathname, stripping it from the internal URL. */
+	_analyzeLocale(locales) {
+		const segments = this._url.pathname.split("/");
+		const candidate = segments[1]?.toLowerCase();
+		const match = locales.find((l) => l.toLowerCase() === candidate);
+		if (match) {
+			this._locale = match;
+			this._url.pathname = "/" + segments.slice(2).join("/");
+		} else this._locale = this._defaultLocale;
+	}
+	/**
+	* Reconstruct the full pathname with basePath + locale prefix.
+	* Mirrors Next.js's internal formatPathname().
+	*/
+	_formatPathname() {
+		let prefix = this._basePath;
+		if (this._locale && this._locale !== this._defaultLocale) prefix += "/" + this._locale;
+		if (!prefix) return this._url.pathname;
+		const inner = this._url.pathname;
+		return inner === "/" ? prefix : prefix + inner;
+	}
+	get href() {
+		const formatted = this._formatPathname();
+		if (formatted === this._url.pathname) return this._url.href;
+		const { href, pathname, search, hash } = this._url;
+		const baseEnd = href.length - pathname.length - search.length - hash.length;
+		return href.slice(0, baseEnd) + formatted + search + hash;
+	}
+	set href(value) {
+		this._url.href = value;
+		this._stripBasePath();
+		if (this._locales) this._analyzeLocale(this._locales);
+	}
+	get origin() {
+		return this._url.origin;
+	}
+	get protocol() {
+		return this._url.protocol;
+	}
+	set protocol(value) {
+		this._url.protocol = value;
+	}
+	get username() {
+		return this._url.username;
+	}
+	set username(value) {
+		this._url.username = value;
+	}
+	get password() {
+		return this._url.password;
+	}
+	set password(value) {
+		this._url.password = value;
+	}
+	get host() {
+		return this._url.host;
+	}
+	set host(value) {
+		this._url.host = value;
+	}
+	get hostname() {
+		return this._url.hostname;
+	}
+	set hostname(value) {
+		this._url.hostname = value;
+	}
+	get port() {
+		return this._url.port;
+	}
+	set port(value) {
+		this._url.port = value;
+	}
+	/** Returns the pathname WITHOUT basePath or locale prefix. */
+	get pathname() {
+		return this._url.pathname;
+	}
+	set pathname(value) {
+		this._url.pathname = value;
+	}
+	get search() {
+		return this._url.search;
+	}
+	set search(value) {
+		this._url.search = value;
+	}
+	get searchParams() {
+		return this._url.searchParams;
+	}
+	get hash() {
+		return this._url.hash;
+	}
+	set hash(value) {
+		this._url.hash = value;
+	}
+	get basePath() {
+		return this._basePath;
+	}
+	set basePath(value) {
+		this._basePath = value === "" ? "" : value.startsWith("/") ? value : "/" + value;
+	}
+	get locale() {
+		return this._locale ?? "";
+	}
+	set locale(value) {
+		if (this._locales) {
+			if (!value) {
+				this._locale = this._defaultLocale;
+				return;
+			}
+			if (!this._locales.includes(value)) throw new TypeError(`The locale "${value}" is not in the configured locales: ${this._locales.join(", ")}`);
+		}
+		this._locale = this._locales ? value : this._locale;
+	}
+	get defaultLocale() {
+		return this._defaultLocale;
+	}
+	get locales() {
+		return this._locales ? [...this._locales] : void 0;
+	}
+	clone() {
+		const config = {
+			basePath: this._basePath,
+			nextConfig: this._locales ? { i18n: {
+				locales: [...this._locales],
+				defaultLocale: this._defaultLocale
+			} } : void 0
+		};
+		return new NextURL(this.href, void 0, config);
+	}
+	toString() {
+		return this.href;
+	}
+	/**
+	* The build ID of the Next.js application.
+	* Set from `generateBuildId` in next.config.js, or a random UUID if not configured.
+	* Can be used in middleware to detect deployment skew between client and server.
+	* Matches the Next.js API: `request.nextUrl.buildId`.
+	*/
+	get buildId() {
+		return process.env.__VINEXT_BUILD_ID ?? void 0;
+	}
+};
+var RequestCookies = class {
+	_headers;
+	_parsed;
+	constructor(headers) {
+		this._headers = headers;
+		this._parsed = parseCookieHeader(headers.get("cookie") ?? "");
+	}
+	get(name) {
+		const value = this._parsed.get(name);
+		return value !== void 0 ? {
+			name,
+			value
+		} : void 0;
+	}
+	getAll(nameOrOptions) {
+		const name = typeof nameOrOptions === "string" ? nameOrOptions : nameOrOptions?.name;
+		return [...this._parsed.entries()].filter(([cookieName]) => name === void 0 || cookieName === name).map(([cookieName, value]) => ({
+			name: cookieName,
+			value
+		}));
+	}
+	has(name) {
+		return this._parsed.has(name);
+	}
+	set(nameOrOptions, value) {
+		let cookieName;
+		let cookieValue;
+		if (typeof nameOrOptions === "string") {
+			cookieName = nameOrOptions;
+			cookieValue = value ?? "";
+		} else {
+			cookieName = nameOrOptions.name;
+			cookieValue = nameOrOptions.value;
+		}
+		this._parsed.set(cookieName, cookieValue);
+		this._syncHeader();
+		return this;
+	}
+	delete(names) {
+		if (Array.isArray(names)) {
+			const results = names.map((name) => this._parsed.delete(name));
+			this._syncHeader();
+			return results;
+		}
+		const result = this._parsed.delete(names);
+		this._syncHeader();
+		return result;
+	}
+	clear() {
+		this._parsed.clear();
+		this._syncHeader();
+		return this;
+	}
+	get size() {
+		return this._parsed.size;
+	}
+	toString() {
+		return this._serialize();
+	}
+	_serialize() {
+		return [...this._parsed.entries()].map(([n, v]) => `${n}=${encodeURIComponent(v)}`).join("; ");
+	}
+	_syncHeader() {
+		if (this._parsed.size === 0) this._headers.delete("cookie");
+		else this._headers.set("cookie", this._serialize());
+	}
+	[Symbol.iterator]() {
+		return this.getAll().map((c) => [c.name, c])[Symbol.iterator]();
+	}
+};
 /**
- * RFC 6265 §4.1.1: cookie-name is a token (RFC 2616 §2.2).
- * Allowed: any visible ASCII (0x21-0x7E) except separators: ()<>@,;:\"/[]?={}
- */
+* RFC 6265 §4.1.1: cookie-name is a token (RFC 2616 §2.2).
+* Allowed: any visible ASCII (0x21-0x7E) except separators: ()<>@,;:\"/[]?={}
+*/
 const VALID_COOKIE_NAME_RE = /^[\x21\x23-\x27\x2A\x2B\x2D\x2E\x30-\x39\x41-\x5A\x5E-\x7A\x7C\x7E]+$/;
 function validateCookieName(name) {
-    if (!name || !VALID_COOKIE_NAME_RE.test(name)) {
-        throw new Error(`Invalid cookie name: ${JSON.stringify(name)}`);
-    }
+	if (!name || !VALID_COOKIE_NAME_RE.test(name)) throw new Error(`Invalid cookie name: ${JSON.stringify(name)}`);
 }
 function validateCookieAttributeValue(value, attributeName) {
-    for (let i = 0; i < value.length; i++) {
-        const code = value.charCodeAt(i);
-        if (code <= 0x1f || code === 0x7f || value[i] === ";") {
-            throw new Error(`Invalid cookie ${attributeName} value: ${JSON.stringify(value)}`);
-        }
-    }
-}
-export class ResponseCookies {
-    _headers;
-    constructor(headers) {
-        this._headers = headers;
-    }
-    set(name, value, options) {
-        validateCookieName(name);
-        const parts = [`${name}=${encodeURIComponent(value)}`];
-        if (options?.path) {
-            validateCookieAttributeValue(options.path, "Path");
-            parts.push(`Path=${options.path}`);
-        }
-        if (options?.domain) {
-            validateCookieAttributeValue(options.domain, "Domain");
-            parts.push(`Domain=${options.domain}`);
-        }
-        if (options?.maxAge !== undefined)
-            parts.push(`Max-Age=${options.maxAge}`);
-        if (options?.expires)
-            parts.push(`Expires=${options.expires.toUTCString()}`);
-        if (options?.httpOnly)
-            parts.push("HttpOnly");
-        if (options?.secure)
-            parts.push("Secure");
-        if (options?.sameSite)
-            parts.push(`SameSite=${options.sameSite}`);
-        this._headers.append("Set-Cookie", parts.join("; "));
-        return this;
-    }
-    get(name) {
-        for (const header of this._headers.getSetCookie()) {
-            const eq = header.indexOf("=");
-            if (eq === -1)
-                continue;
-            const cookieName = header.slice(0, eq);
-            if (cookieName === name) {
-                const semi = header.indexOf(";", eq);
-                const raw = header.slice(eq + 1, semi === -1 ? undefined : semi);
-                let value;
-                try {
-                    value = decodeURIComponent(raw);
-                }
-                catch {
-                    value = raw;
-                }
-                return { name, value };
-            }
-        }
-        return undefined;
-    }
-    getAll() {
-        const entries = [];
-        for (const header of this._headers.getSetCookie()) {
-            const eq = header.indexOf("=");
-            if (eq === -1)
-                continue;
-            const cookieName = header.slice(0, eq);
-            const semi = header.indexOf(";", eq);
-            const raw = header.slice(eq + 1, semi === -1 ? undefined : semi);
-            let value;
-            try {
-                value = decodeURIComponent(raw);
-            }
-            catch {
-                value = raw;
-            }
-            entries.push({ name: cookieName, value });
-        }
-        return entries;
-    }
-    delete(name) {
-        this.set(name, "", { maxAge: 0, path: "/" });
-        return this;
-    }
-    [Symbol.iterator]() {
-        const entries = [];
-        for (const header of this._headers.getSetCookie()) {
-            const eq = header.indexOf("=");
-            if (eq === -1)
-                continue;
-            const cookieName = header.slice(0, eq);
-            const semi = header.indexOf(";", eq);
-            const raw = header.slice(eq + 1, semi === -1 ? undefined : semi);
-            let value;
-            try {
-                value = decodeURIComponent(raw);
-            }
-            catch {
-                value = raw;
-            }
-            entries.push([cookieName, { name: cookieName, value }]);
-        }
-        return entries[Symbol.iterator]();
-    }
+	for (let i = 0; i < value.length; i++) {
+		const code = value.charCodeAt(i);
+		if (code <= 31 || code === 127 || value[i] === ";") throw new Error(`Invalid cookie ${attributeName} value: ${JSON.stringify(value)}`);
+	}
 }
+var ResponseCookies = class {
+	_headers;
+	constructor(headers) {
+		this._headers = headers;
+	}
+	set(name, value, options) {
+		validateCookieName(name);
+		const parts = [`${name}=${encodeURIComponent(value)}`];
+		if (options?.path) {
+			validateCookieAttributeValue(options.path, "Path");
+			parts.push(`Path=${options.path}`);
+		}
+		if (options?.domain) {
+			validateCookieAttributeValue(options.domain, "Domain");
+			parts.push(`Domain=${options.domain}`);
+		}
+		if (options?.maxAge !== void 0) parts.push(`Max-Age=${options.maxAge}`);
+		if (options?.expires) parts.push(`Expires=${options.expires.toUTCString()}`);
+		if (options?.httpOnly) parts.push("HttpOnly");
+		if (options?.secure) parts.push("Secure");
+		if (options?.sameSite) parts.push(`SameSite=${options.sameSite}`);
+		this._headers.append("Set-Cookie", parts.join("; "));
+		return this;
+	}
+	get(name) {
+		for (const header of this._headers.getSetCookie()) {
+			const eq = header.indexOf("=");
+			if (eq === -1) continue;
+			if (header.slice(0, eq) === name) {
+				const semi = header.indexOf(";", eq);
+				const raw = header.slice(eq + 1, semi === -1 ? void 0 : semi);
+				let value;
+				try {
+					value = decodeURIComponent(raw);
+				} catch {
+					value = raw;
+				}
+				return {
+					name,
+					value
+				};
+			}
+		}
+	}
+	has(name) {
+		return this.get(name) !== void 0;
+	}
+	getAll() {
+		const entries = [];
+		for (const header of this._headers.getSetCookie()) {
+			const eq = header.indexOf("=");
+			if (eq === -1) continue;
+			const cookieName = header.slice(0, eq);
+			const semi = header.indexOf(";", eq);
+			const raw = header.slice(eq + 1, semi === -1 ? void 0 : semi);
+			let value;
+			try {
+				value = decodeURIComponent(raw);
+			} catch {
+				value = raw;
+			}
+			entries.push({
+				name: cookieName,
+				value
+			});
+		}
+		return entries;
+	}
+	delete(name) {
+		this.set(name, "", {
+			maxAge: 0,
+			path: "/"
+		});
+		return this;
+	}
+	[Symbol.iterator]() {
+		const entries = [];
+		for (const header of this._headers.getSetCookie()) {
+			const eq = header.indexOf("=");
+			if (eq === -1) continue;
+			const cookieName = header.slice(0, eq);
+			const semi = header.indexOf(";", eq);
+			const raw = header.slice(eq + 1, semi === -1 ? void 0 : semi);
+			let value;
+			try {
+				value = decodeURIComponent(raw);
+			} catch {
+				value = raw;
+			}
+			entries.push([cookieName, {
+				name: cookieName,
+				value
+			}]);
+		}
+		return entries[Symbol.iterator]();
+	}
+};
 /**
- * Minimal NextFetchEvent — extends FetchEvent where available,
- * otherwise provides the waitUntil pattern standalone.
- */
-export class NextFetchEvent {
-    sourcePage;
-    _waitUntilPromises = [];
-    constructor(params) {
-        this.sourcePage = params.page;
-    }
-    waitUntil(promise) {
-        this._waitUntilPromises.push(promise);
-    }
-    /** Drain all waitUntil promises. Returns a single promise that settles when all are done. */
-    drainWaitUntil() {
-        return Promise.allSettled(this._waitUntilPromises);
-    }
-}
-// ---------------------------------------------------------------------------
-// Utility exports
-// ---------------------------------------------------------------------------
+* Minimal NextFetchEvent — extends FetchEvent where available,
+* otherwise provides the waitUntil pattern standalone.
+*/
+var NextFetchEvent = class {
+	sourcePage;
+	_waitUntilPromises = [];
+	constructor(params) {
+		this.sourcePage = params.page;
+	}
+	waitUntil(promise) {
+		this._waitUntilPromises.push(promise);
+	}
+	/** Drain all waitUntil promises. Returns a single promise that settles when all are done. */
+	drainWaitUntil() {
+		return Promise.allSettled(this._waitUntilPromises);
+	}
+};
 /**
- * Parse user agent string. Minimal implementation — for full UA parsing,
- * apps should use a dedicated library like `ua-parser-js`.
- */
-export function userAgentFromString(ua) {
-    const input = ua ?? "";
-    return {
-        isBot: /bot|crawler|spider|crawling/i.test(input),
-        ua: input,
-        browser: {},
-        device: {},
-        engine: {},
-        os: {},
-        cpu: {},
-    };
+* Parse user agent string. Minimal implementation — for full UA parsing,
+* apps should use a dedicated library like `ua-parser-js`.
+*/
+function userAgentFromString(ua) {
+	const input = ua ?? "";
+	return {
+		isBot: /bot|crawler|spider|crawling/i.test(input),
+		ua: input,
+		browser: {},
+		device: {},
+		engine: {},
+		os: {},
+		cpu: {}
+	};
 }
-export function userAgent({ headers }) {
-    return userAgentFromString(headers.get("user-agent") ?? undefined);
+function userAgent({ headers }) {
+	return userAgentFromString(headers.get("user-agent") ?? void 0);
 }
 /**
- * after() — schedule work after the response is sent.
- * In a real server, this would use the platform's waitUntil.
- * Here we simply run it as a microtask (best-effort).
- */
-export function after(task) {
-    const promise = typeof task === "function" ? Promise.resolve().then(task) : task;
-    promise.catch((err) => {
-        console.error("[vinext] after() task failed:", err);
-    });
+* after() — schedule work after the response is sent.
+*
+* Uses the platform's `waitUntil` (via the per-request ExecutionContext) when
+* available so the task survives past the response on Cloudflare Workers.
+* Falls back to a fire-and-forget microtask on runtimes without an execution
+* context (e.g. Node.js dev server).
+*
+* Throws when called inside a cached scope — request-specific
+* side-effects must not leak into cached results.
+*/
+function after(task) {
+	_throwIfInsideCacheScope("after()");
+	const guarded = (typeof task === "function" ? Promise.resolve().then(task) : task).catch((err) => {
+		console.error("[vinext] after() task failed:", err);
+	});
+	getRequestExecutionContext()?.waitUntil(guarded);
 }
 /**
- * connection() — signals that the response requires a live connection
- * (not a static/cached response). Opts the page out of ISR caching
- * and sets Cache-Control: no-store on the response.
- */
-export async function connection() {
-    const { markDynamicUsage, throwIfInsideCacheScope } = await import("./headers.js");
-    throwIfInsideCacheScope("connection()");
-    markDynamicUsage();
+* connection() — signals that the response requires a live connection
+* (not a static/cached response). Opts the page out of ISR caching
+* and sets Cache-Control: no-store on the response.
+*/
+async function connection() {
+	const { markDynamicUsage, throwIfInsideCacheScope } = await import("./headers.js");
+	throwIfInsideCacheScope("connection()");
+	markDynamicUsage();
 }
 /**
- * URLPattern re-export — used in middleware for route matching.
- * Available natively in Node 20+, Cloudflare Workers, Deno.
- * Falls back to urlpattern-polyfill if the global is not available.
- */
-export const URLPattern = globalThis.URLPattern ??
-    (() => {
-        throw new Error("URLPattern is not available in this runtime. " +
-            "Install the `urlpattern-polyfill` package or upgrade to Node 20+.");
-    });
+* URLPattern re-export — used in middleware for route matching.
+* Available natively in Node 20+, Cloudflare Workers, Deno.
+* Falls back to urlpattern-polyfill if the global is not available.
+*/
+const URLPattern = globalThis.URLPattern ?? (() => {
+	throw new Error("URLPattern is not available in this runtime. Install the `urlpattern-polyfill` package or upgrade to Node 20+.");
+});
+//#endregion
+export { NextFetchEvent, NextRequest, NextResponse, NextURL, RequestCookies, ResponseCookies, URLPattern, after, connection, userAgent, userAgentFromString };
+
 //# sourceMappingURL=server.js.map