vinext 0.0.40 → 0.0.42

package/dist/entries/app-rsc-entry.js

@@ -15,6 +15,7 @@ import fs from "node:fs";
 */
 const configMatchersPath = resolveEntryPath("../config/config-matchers.js", import.meta.url);
 const requestPipelinePath = resolveEntryPath("../server/request-pipeline.js", import.meta.url);
+const middlewareRequestHeadersPath = resolveEntryPath("../server/middleware-request-headers.js", import.meta.url);
 const requestContextShimPath = resolveEntryPath("../shims/request-context.js", import.meta.url);
 const normalizePathModulePath = resolveEntryPath("../server/normalize-path.js", import.meta.url);
 const appRouteHandlerRuntimePath = resolveEntryPath("../server/app-route-handler-runtime.js", import.meta.url);
@@ -24,9 +25,11 @@ const appRouteHandlerCachePath = resolveEntryPath("../server/app-route-handler-c
 const appPageCachePath = resolveEntryPath("../server/app-page-cache.js", import.meta.url);
 const appPageExecutionPath = resolveEntryPath("../server/app-page-execution.js", import.meta.url);
 const appPageBoundaryRenderPath = resolveEntryPath("../server/app-page-boundary-render.js", import.meta.url);
+const appElementsPath = resolveEntryPath("../server/app-elements.js", import.meta.url);
 const appPageRouteWiringPath = resolveEntryPath("../server/app-page-route-wiring.js", import.meta.url);
 const appPageRenderPath = resolveEntryPath("../server/app-page-render.js", import.meta.url);
 const appPageResponsePath = resolveEntryPath("../server/app-page-response.js", import.meta.url);
+const cspPath = resolveEntryPath("../server/csp.js", import.meta.url);
 const appPageRequestPath = resolveEntryPath("../server/app-page-request.js", import.meta.url);
 const appRouteHandlerResponsePath = resolveEntryPath("../server/app-route-handler-response.js", import.meta.url);
 const routeTriePath = resolveEntryPath("../routing/route-trie.js", import.meta.url);
@@ -68,7 +71,7 @@ function generateRscEntry(appDir, routes, middlewarePath, metadataRoutes, global
 		if (route.pagePath) getImportVar(route.pagePath);
 		if (route.routePath) getImportVar(route.routePath);
 		for (const layout of route.layouts) getImportVar(layout);
-		for (const tmpl of route.templates) if (tmpl) getImportVar(tmpl);
+		for (const tmpl of route.templates) getImportVar(tmpl);
 		if (route.loadingPath) getImportVar(route.loadingPath);
 		if (route.errorPath) getImportVar(route.errorPath);
 		if (route.layoutErrorPaths) {
@@ -87,9 +90,9 @@ function generateRscEntry(appDir, routes, middlewarePath, metadataRoutes, global
 			for (const ir of slot.interceptingRoutes) getImportVar(ir.pagePath);
 		}
 	}
-	const routeEntries = routes.map((route) => {
+	const routeEntries = routes.map((route, routeIdx) => {
 		const layoutVars = route.layouts.map((l) => getImportVar(l));
-		const templateVars = route.templates.map((t) => t ? getImportVar(t) : "null");
+		const templateVars = route.templates.map((t) => getImportVar(t));
 		const notFoundVars = (route.notFoundPaths || []).map((nf) => nf ? getImportVar(nf) : "null");
 		const slotEntries = route.parallelSlots.map((slot) => {
 			const interceptEntries = slot.interceptingRoutes.map((ir) => `        {
@@ -98,7 +101,8 @@ function generateRscEntry(appDir, routes, middlewarePath, metadataRoutes, global
           page: ${getImportVar(ir.pagePath)},
           params: ${JSON.stringify(ir.params)},
         }`);
-			return `      ${JSON.stringify(slot.name)}: {
+			return `      ${JSON.stringify(slot.key)}: {
+        name: ${JSON.stringify(slot.name)},
         page: ${slot.pagePath ? getImportVar(slot.pagePath) : "null"},
         default: ${slot.defaultPath ? getImportVar(slot.defaultPath) : "null"},
         layout: ${slot.layoutPath ? getImportVar(slot.layoutPath) : "null"},
@@ -113,6 +117,8 @@ ${interceptEntries.join(",\n")}
 		});
 		const layoutErrorVars = (route.layoutErrorPaths || []).map((ep) => ep ? getImportVar(ep) : "null");
 		return `  {
+    __buildTimeClassifications: __VINEXT_CLASS(${routeIdx}), // evaluated once at module load
+    __buildTimeReasons: __classDebug ? __VINEXT_CLASS_REASONS(${routeIdx}) : null,
     pattern: ${JSON.stringify(route.pattern)},
     patternParts: ${JSON.stringify(route.patternParts)},
     isDynamic: ${route.isDynamic},
@@ -121,6 +127,7 @@ ${interceptEntries.join(",\n")}
     routeHandler: ${route.routePath ? getImportVar(route.routePath) : "null"},
     layouts: [${layoutVars.join(", ")}],
     routeSegments: ${JSON.stringify(route.routeSegments)},
+    templateTreePositions: ${JSON.stringify(route.templateTreePositions)},
     layoutTreePositions: ${JSON.stringify(route.layoutTreePositions)},
     templates: [${templateVars.join(", ")}],
     errors: [${layoutErrorVars.join(", ")}],
@@ -218,7 +225,8 @@ ${instrumentationPath ? `import * as _instrumentation from ${JSON.stringify(inst
 ${effectiveMetaRoutes.length > 0 ? `import { sitemapToXml, robotsToText, manifestToJson } from ${JSON.stringify(metadataRoutesPath)};` : ""}
 import { requestContextFromRequest, normalizeHost, matchRedirect, matchRewrite, matchHeaders, isExternalUrl, proxyExternalRequest, sanitizeDestination } from ${JSON.stringify(configMatchersPath)};
 import { decodePathParams as __decodePathParams } from ${JSON.stringify(normalizePathModulePath)};
-import { validateCsrfOrigin, validateImageUrl, guardProtocolRelativeUrl, hasBasePath, stripBasePath, normalizeTrailingSlash, processMiddlewareHeaders } from ${JSON.stringify(requestPipelinePath)};
+import { buildRequestHeadersFromMiddlewareResponse as __buildRequestHeadersFromMiddlewareResponse } from ${JSON.stringify(middlewareRequestHeadersPath)};
+import { validateCsrfOrigin, validateServerActionPayload, validateImageUrl, guardProtocolRelativeUrl, hasBasePath, stripBasePath, normalizeTrailingSlash, processMiddlewareHeaders } from ${JSON.stringify(requestPipelinePath)};
 import {
   isKnownDynamicAppRoute as __isKnownDynamicAppRoute,
 } from ${JSON.stringify(appRouteHandlerRuntimePath)};
@@ -245,7 +253,12 @@ import {
   renderAppPageHttpAccessFallback as __renderAppPageHttpAccessFallback,
 } from ${JSON.stringify(appPageBoundaryRenderPath)};
 import {
-  buildAppPageRouteElement as __buildAppPageRouteElement,
+  APP_INTERCEPTION_CONTEXT_KEY as __APP_INTERCEPTION_CONTEXT_KEY,
+  createAppPayloadRouteId as __createAppPayloadRouteId,
+} from ${JSON.stringify(appElementsPath)};
+import {
+  buildAppPageElements as __buildAppPageElements,
+  createAppPageTreePath as __createAppPageTreePath,
   resolveAppPageChildSegments as __resolveAppPageChildSegments,
 } from ${JSON.stringify(appPageRouteWiringPath)};
 import {
@@ -254,7 +267,9 @@ import {
 import {
   mergeMiddlewareResponseHeaders as __mergeMiddlewareResponseHeaders,
 } from ${JSON.stringify(appPageResponsePath)};
+import { getScriptNonceFromHeaderSources as __getScriptNonceFromHeaderSources } from ${JSON.stringify(cspPath)};
 import {
+  resolveAppPageActionRerenderTarget as __resolveAppPageActionRerenderTarget,
   buildAppPageElement as __buildAppPageElement,
   resolveAppPageIntercept as __resolveAppPageIntercept,
   validateAppPageDynamicParams as __validateAppPageDynamicParams,
@@ -395,7 +410,21 @@ function __isrCacheKey(pathname, suffix) {
   return prefix + ":__hash:" + __isrFnv1a64(normalized) + ":" + suffix;
 }
 function __isrHtmlKey(pathname) { return __isrCacheKey(pathname, "html"); }
-function __isrRscKey(pathname) { return __isrCacheKey(pathname, "rsc"); }
+function __isrRscKey(pathname, mountedSlotsHeader) {
+  if (!mountedSlotsHeader) return __isrCacheKey(pathname, "rsc");
+  return __isrCacheKey(pathname, "rsc:" + __isrFnv1a64(mountedSlotsHeader));
+}
+function __normalizeMountedSlotsHeader(raw) {
+  if (!raw) return null;
+  const normalized = Array.from(
+    new Set(
+      raw
+        .split(/\\s+/)
+        .filter(Boolean),
+    ),
+  ).sort().join(" ");
+  return normalized || null;
+}
 function __isrRouteKey(pathname) { return __isrCacheKey(pathname, "route"); }
 // Verbose cache logging — opt in with NEXT_PRIVATE_DEBUG_CACHE=1.
 // Matches the env var Next.js uses for its own cache debug output so operators
@@ -404,6 +433,16 @@ const __isrDebug = process.env.NEXT_PRIVATE_DEBUG_CACHE
   ? console.debug.bind(console, "[vinext] ISR:")
   : undefined;
 
+// Classification debug — opt in with VINEXT_DEBUG_CLASSIFICATION=1. Gated on
+// the env var so the hot path pays no overhead unless an operator is actively
+// tracing why a layout was flagged static or dynamic. The reason payload is
+// carried by __VINEXT_CLASS_REASONS and consumed inside probeAppPageLayouts.
+const __classDebug = process.env.VINEXT_DEBUG_CLASSIFICATION
+  ? function(layoutId, reason) {
+      console.debug("[vinext] CLS:", layoutId, reason);
+    }
+  : undefined;
+
 // Normalize null-prototype objects from matchPattern() into thenable objects
 // that work both as Promises (for Next.js 15+ async params) and as plain
 // objects with synchronous property access (for pre-15 code like params.id).
@@ -572,6 +611,24 @@ async function __ensureInstrumentation() {
   return __instrumentationInitPromise;
 }` : ""}
 
+// Build-time layout classification dispatch. Replaced in generateBundle
+// with a switch statement that returns a pre-computed per-layout
+// Map<layoutIndex, "static" | "dynamic"> for each route. Until the
+// plugin patches this stub, every route falls back to the Layer 3
+// runtime probe, which is the current (slow) behaviour.
+function __VINEXT_CLASS(routeIdx) {
+  return null;
+}
+
+// Build-time layout classification reasons dispatch. Sibling of
+// __VINEXT_CLASS, returning a per-route Map<layoutIndex, ClassificationReason>
+// that feeds the debug channel when VINEXT_DEBUG_CLASSIFICATION is active.
+// Replaced in generateBundle with a real dispatch table; the stub returns
+// null so the hot path never allocates reason maps when debug is off.
+function __VINEXT_CLASS_REASONS(routeIdx) {
+  return null;
+}
+
 const routes = [
 ${routeEntries.join(",\n")}
 ];
@@ -593,7 +650,7 @@ const rootLayouts = [${rootLayoutVars.join(", ")}];
  * @param opts.boundaryComponent - Override the boundary component (for layout-level notFound)
  * @param opts.layouts - Override the layouts to wrap with (for layout-level notFound, excludes the throwing layout)
  */
-async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, opts) {
+async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, opts, scriptNonce) {
   return __renderAppPageHttpAccessFallback({
     boundaryComponent: opts?.boundaryComponent ?? null,
     buildFontLinkHeader: __buildAppPageFontLinkHeader,
@@ -624,13 +681,14 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
     rootUnauthorizedModule: rootUnauthorizedModule,
     route,
     renderToReadableStream,
+    scriptNonce,
     statusCode,
   });
 }
 
 /** Convenience: render a not-found page (404) */
-async function renderNotFoundPage(route, isRscRequest, request, matchedParams) {
-  return renderHTTPAccessFallbackPage(route, 404, isRscRequest, request, { matchedParams });
+async function renderNotFoundPage(route, isRscRequest, request, matchedParams, scriptNonce) {
+  return renderHTTPAccessFallbackPage(route, 404, isRscRequest, request, { matchedParams }, scriptNonce);
 }
 
 /**
@@ -640,7 +698,7 @@ async function renderNotFoundPage(route, isRscRequest, request, matchedParams) {
  * Next.js returns HTTP 200 when error.tsx catches an error (the error is "handled"
  * by the boundary). This matches that behavior intentionally.
  */
-async function renderErrorBoundaryPage(route, error, isRscRequest, request, matchedParams) {
+async function renderErrorBoundaryPage(route, error, isRscRequest, request, matchedParams, scriptNonce) {
   return __renderAppPageErrorBoundary({
     buildFontLinkHeader: __buildAppPageFontLinkHeader,
     clearRequestContext() {
@@ -668,6 +726,7 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
     route,
     renderToReadableStream,
     sanitizeErrorForClient: __sanitizeErrorForClient,
+    scriptNonce,
   });
 }
 
@@ -727,17 +786,17 @@ function matchPattern(urlParts, patternParts) {
 }
 
 // Build a global intercepting route lookup for RSC navigation.
-// Maps target URL patterns to { sourceRouteIndex, slotName, interceptPage, params }.
+// Maps target URL patterns to { sourceRouteIndex, slotKey, interceptPage, params }.
 const interceptLookup = [];
 for (let ri = 0; ri < routes.length; ri++) {
   const r = routes[ri];
   if (!r.slots) continue;
-  for (const [slotName, slotMod] of Object.entries(r.slots)) {
+  for (const [slotKey, slotMod] of Object.entries(r.slots)) {
     if (!slotMod.intercepts) continue;
     for (const intercept of slotMod.intercepts) {
       interceptLookup.push({
         sourceRouteIndex: ri,
-        slotName,
+        slotKey,
         targetPattern: intercept.targetPattern,
         targetPatternParts: intercept.targetPattern.split("/").filter(Boolean),
         page: intercept.page,
@@ -762,10 +821,31 @@ function findIntercept(pathname) {
   return null;
 }
 
-async function buildPageElement(route, params, opts, searchParams) {
+async function buildPageElements(route, params, routePath, pageRequest) {
+  const {
+    opts,
+    searchParams,
+    isRscRequest,
+    request,
+    mountedSlotsHeader,
+  } = pageRequest;
   const PageComponent = route.page?.default;
   if (!PageComponent) {
-    return createElement("div", null, "Page has no default export");
+    const _interceptionContext = opts?.interceptionContext ?? null;
+    const _noExportRouteId = __createAppPayloadRouteId(routePath, _interceptionContext);
+    let _noExportRootLayout = null;
+    if (route.layouts?.length > 0) {
+      // Compute the root layout tree path for this error payload using the
+      // canonical helper so it stays aligned with buildAppPageElements().
+      const _tp = route.layoutTreePositions?.[0] ?? 0;
+      _noExportRootLayout = __createAppPageTreePath(route.routeSegments, _tp);
+    }
+    return {
+      [__APP_INTERCEPTION_CONTEXT_KEY]: _interceptionContext,
+      __route: _noExportRouteId,
+      __rootLayout: _noExportRootLayout,
+      [_noExportRouteId]: createElement("div", null, "Page has no default export"),
+    };
   }
 
   // Resolve metadata and viewport from layouts and page.
@@ -794,6 +874,24 @@ async function buildPageElement(route, params, opts, searchParams) {
   // route it to the nearest error.tsx boundary (or global-error.tsx).
   const layoutMods = route.layouts.filter(Boolean);
 
+  // Convert URLSearchParams → plain object for page generateMetadata() and
+  // pageProps.searchParams. Built before the layout loop so the page metadata
+  // call (below) and pageProps can reference the same object.
+  // NOTE: Layouts do NOT receive searchParams in generateMetadata() — only
+  // pages do. This matches Next.js behavior (resolve-metadata.ts:777).
+  const spObj = Object.create(null);
+  let hasSearchParams = false;
+  if (searchParams && searchParams.forEach) {
+    searchParams.forEach(function(v, k) {
+      hasSearchParams = true;
+      if (k in spObj) {
+        spObj[k] = Array.isArray(spObj[k]) ? spObj[k].concat(v) : [spObj[k], v];
+      } else {
+        spObj[k] = v;
+      }
+    });
+  }
+
   // Build the parent promise chain and kick off metadata resolution in one pass.
   // Each layout module is called exactly once. layoutMetaPromises[i] is the
   // promise for layout[i]'s own metadata result.
@@ -816,22 +914,6 @@ async function buildPageElement(route, params, opts, searchParams) {
   // Page's parent is the fully-accumulated layout metadata.
   const pageParentPromise = accumulatedMetaPromise;
 
-  // Convert URLSearchParams → plain object so we can pass it to
-  // resolveModuleMetadata (which expects Record<string, string | string[]>).
-  // This same object is reused for pageProps.searchParams below.
-  const spObj = {};
-  let hasSearchParams = false;
-  if (searchParams && searchParams.forEach) {
-    searchParams.forEach(function(v, k) {
-      hasSearchParams = true;
-      if (k in spObj) {
-        spObj[k] = Array.isArray(spObj[k]) ? spObj[k].concat(v) : [spObj[k], v];
-      } else {
-        spObj[k] = v;
-      }
-    });
-  }
-
   const [layoutMetaResults, layoutVpResults, pageMeta, pageVp] = await Promise.all([
     Promise.all(layoutMetaPromises),
     Promise.all(layoutMods.map((mod) => resolveModuleViewport(mod, params).catch((err) => { console.error("[vinext] Layout generateViewport() failed:", err); return null; }))),
@@ -863,19 +945,31 @@ async function buildPageElement(route, params, opts, searchParams) {
     // dynamic, and this avoids false positives from React internals.
     if (hasSearchParams) markDynamicUsage();
   }
-  return __buildAppPageRouteElement({
+  // mountedSlotsHeader is threaded through from the handler scope so every
+  // call site shares one source of truth for request-derived values. Reading
+  // the same header in two places invites silent drift when a future refactor
+  // changes only one of them.
+  const mountedSlotIds = mountedSlotsHeader
+    ? new Set(mountedSlotsHeader.split(" "))
+    : null;
+
+  return __buildAppPageElements({
     element: createElement(PageComponent, pageProps),
     globalErrorModule: ${globalErrorVar ? globalErrorVar : "null"},
+    isRscRequest,
+    mountedSlotIds,
     makeThenableParams,
     matchedParams: params,
     resolvedMetadata,
     resolvedViewport,
+    interceptionContext: opts?.interceptionContext ?? null,
+    routePath,
     rootNotFoundModule: ${rootNotFoundVar ? rootNotFoundVar : "null"},
     route,
     slotOverrides:
-      opts && opts.interceptSlot && opts.interceptPage
+      opts && opts.interceptSlotKey && opts.interceptPage
         ? {
-            [opts.interceptSlot]: {
+            [opts.interceptSlotKey]: {
               pageModule: opts.interceptPage,
               params: opts.interceptParams || params,
             },
@@ -1030,7 +1124,7 @@ export default async function handler(request, ctx) {
     // Per-request container for middleware state. Passed into
     // _handleRequest which fills in .headers and .status;
     // avoids module-level variables that race on Workers.
-    const _mwCtx = { headers: null, status: null };
+    const _mwCtx = { headers: null, requestHeaders: null, status: null };
     const response = await _handleRequest(request, __reqCtx, _mwCtx);
     // Apply custom headers from next.config.js to non-redirect responses.
     // Skip redirects (3xx) because Response.redirect() creates immutable headers,
@@ -1194,6 +1288,14 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   }
 
   const isRscRequest = pathname.endsWith(".rsc") || request.headers.get("accept")?.includes("text/x-component");
+  // Read mounted-slots header once at the handler scope and thread it through
+  // every buildPageElements call site. Previously both the handler and
+  // buildPageElements read and normalized it independently, which invited
+  // silent drift if a future refactor changed only one path.
+  const __mountedSlotsHeader = __normalizeMountedSlotsHeader(
+    request.headers.get("x-vinext-mounted-slots"),
+  );
+  const interceptionContextHeader = request.headers.get("X-Vinext-Interception-Context")?.replaceAll("\0", "") || null;
   let cleanPathname = pathname.replace(/\\.rsc$/, "");
 
   // Middleware response headers and custom rewrite status are stored in
@@ -1332,11 +1434,16 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   // be merged into the outgoing HTTP response — this prefix is reserved for
   // internal routing signals and must never reach clients.
   if (_mwCtx.headers) {
+    // Preserve the pre-strip header set so route handlers can reconstruct
+    // a request object with middleware header overrides applied.
+    _mwCtx.requestHeaders = new Headers(_mwCtx.headers);
     applyMiddlewareRequestHeaders(_mwCtx.headers);
     processMiddlewareHeaders(_mwCtx.headers);
   }
   ` : ""}
 
+  const _scriptNonce = __getScriptNonceFromHeaderSources(request.headers, _mwCtx.headers);
+
   // Build post-middleware request context for afterFiles/fallback rewrites.
   // These run after middleware in the App Router execution order and should
   // evaluate has/missing conditions against middleware-modified headers.
@@ -1496,6 +1603,12 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
         }
         throw sizeErr;
       }
+      const payloadResponse = await validateServerActionPayload(body);
+      if (payloadResponse) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return payloadResponse;
+      }
       const temporaryReferences = createTemporaryReferenceSet();
       const args = await decodeReply(body, { temporaryReferences });
       const action = await loadServerAction(actionId);
@@ -1508,10 +1621,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
           returnValue = { ok: true, data };
         } catch (e) {
           // Detect redirect() / permanentRedirect() called inside the action.
-          // These throw errors with digest "NEXT_REDIRECT;<type>;<url>[;<status>]".
-          // The type field is empty when redirect() was called without an explicit
-          // type argument. In Server Action context, Next.js defaults to "push" so
-          // the Back button works after form submissions.
+          // These throw errors with digest "NEXT_REDIRECT;replace;url[;status]".
           // The URL is encodeURIComponent-encoded to prevent semicolons in the URL
           // from corrupting the delimiter-based digest format.
           if (e && typeof e === "object" && "digest" in e) {
@@ -1520,7 +1630,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
               const parts = digest.split(";");
               actionRedirect = {
                 url: decodeURIComponent(parts[2]),
-                type: parts[1] || "push",          // Server Action → default "push"
+                type: parts[1] || "push",          // "push" or "replace"
                 status: parts[3] ? parseInt(parts[3], 10) : 307,
               };
               returnValue = { ok: true, data: undefined };
@@ -1557,9 +1667,6 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
           "Content-Type": "text/x-component; charset=utf-8",
           "Vary": "RSC, Accept",
         });
-        // Merge middleware headers first so the framework's own redirect control
-        // headers below are always authoritative and cannot be clobbered by
-        // middleware that happens to set x-action-redirect* keys.
         __mergeMiddlewareResponseHeaders(redirectHeaders, _mwCtx.headers);
         redirectHeaders.set("x-action-redirect", actionRedirect.url);
         redirectHeaders.set("x-action-redirect-type", actionRedirect.type);
@@ -1574,24 +1681,71 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
 
       // After the action, re-render the current page so the client
       // gets an updated React tree reflecting any mutations.
+      //
+      // When the original request came from inside an intercepted modal
+      // (X-Vinext-Interception-Context present + source route still
+      // matches), rebuild the intercepted tree — otherwise the modal would
+      // unmount and the direct route would render in its place. Mirrors
+      // the interception resolution used by the GET path.
       const match = matchRoute(cleanPathname);
       let element;
+      let errorPattern = match ? match.route.pattern : cleanPathname;
       if (match) {
         const { route: actionRoute, params: actionParams } = match;
+        const __actionRerenderTarget = __resolveAppPageActionRerenderTarget({
+          cleanPathname,
+          currentParams: actionParams,
+          currentRoute: actionRoute,
+          findIntercept,
+          getRouteParamNames(sourceRoute) {
+            return sourceRoute.params;
+          },
+          getSourceRoute(sourceRouteIndex) {
+            return routes[sourceRouteIndex];
+          },
+          isRscRequest,
+          toInterceptOpts(intercept) {
+            return {
+              interceptionContext: interceptionContextHeader,
+              interceptSlotKey: intercept.slotKey,
+              interceptPage: intercept.page,
+              interceptParams: intercept.matchedParams,
+            };
+          },
+        });
+
         setNavigationContext({
           pathname: cleanPathname,
           searchParams: url.searchParams,
-          params: actionParams,
+          params: __actionRerenderTarget.navigationParams,
         });
-        element = await buildPageElement(actionRoute, actionParams, undefined, url.searchParams);
+        element = buildPageElements(
+          __actionRerenderTarget.route,
+          __actionRerenderTarget.params,
+          cleanPathname,
+          {
+            opts: __actionRerenderTarget.interceptOpts,
+            searchParams: url.searchParams,
+            isRscRequest,
+            request,
+            mountedSlotsHeader: __mountedSlotsHeader,
+          },
+        );
+        errorPattern = __actionRerenderTarget.route.pattern;
       } else {
-        element = createElement("div", null, "Page not found");
+        const _actionRouteId = __createAppPayloadRouteId(cleanPathname, null);
+        element = {
+          [__APP_INTERCEPTION_CONTEXT_KEY]: null,
+          __route: _actionRouteId,
+          __rootLayout: null,
+          [_actionRouteId]: createElement("div", null, "Page not found"),
+        };
       }
 
       const onRenderError = createRscOnErrorHandler(
         request,
         cleanPathname,
-        match ? match.route.pattern : cleanPathname,
+        errorPattern,
       );
       const rscStream = renderToReadableStream(
         { root: element, returnValue },
@@ -1606,15 +1760,22 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       const actionPendingCookies = getAndClearPendingCookies();
       const actionDraftCookie = getDraftModeCookieHeader();
 
-      const actionHeaders = new Headers({ "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" });
+      const actionHeaders = new Headers({
+        "Content-Type": "text/x-component; charset=utf-8",
+        "Vary": "RSC, Accept",
+      });
       __mergeMiddlewareResponseHeaders(actionHeaders, _mwCtx.headers);
+      const actionResponse = new Response(rscStream, {
+        status: _mwCtx.status ?? 200,
+        headers: actionHeaders,
+      });
       if (actionPendingCookies.length > 0 || actionDraftCookie) {
         for (const cookie of actionPendingCookies) {
-          actionHeaders.append("Set-Cookie", cookie);
+          actionResponse.headers.append("Set-Cookie", cookie);
         }
-        if (actionDraftCookie) actionHeaders.append("Set-Cookie", actionDraftCookie);
+        if (actionDraftCookie) actionResponse.headers.append("Set-Cookie", actionDraftCookie);
       }
-      return new Response(rscStream, { status: _mwCtx.status ?? 200, headers: actionHeaders });
+      return actionResponse;
     } catch (err) {
       getAndClearPendingCookies(); // Clear pending cookies on error
       console.error("[vinext] Server action error:", err);
@@ -1674,12 +1835,24 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     if (!isRscRequest) {
       const __pagesEntry = await import.meta.viteRsc.loadModule("ssr", "index");
       if (typeof __pagesEntry.renderPage === "function") {
+        const __pagesRequestHeaders = _mwCtx.requestHeaders
+          ? __buildRequestHeadersFromMiddlewareResponse(request.headers, _mwCtx.requestHeaders)
+          : null;
+        const __pagesRequest = __pagesRequestHeaders
+          ? new Request(request.url, { method: request.method, headers: __pagesRequestHeaders })
+          : request;
         // Use segment-wise decoding to preserve encoded path delimiters (%2F).
         // decodeURIComponent would turn /admin%2Fpanel into /admin/panel,
         // changing the path structure and bypassing middleware matchers.
         // Ported from Next.js: packages/next/src/server/lib/router-utils/decode-path-params.ts
         // https://github.com/vercel/next.js/blob/canary/packages/next/src/server/lib/router-utils/decode-path-params.ts
-        const __pagesRes = await __pagesEntry.renderPage(request, __decodePathParams(url.pathname) + (url.search || ""), {});
+        const __pagesRes = await __pagesEntry.renderPage(
+          __pagesRequest,
+          __decodePathParams(url.pathname) + (url.search || ""),
+          {},
+          undefined,
+          _mwCtx.requestHeaders,
+        );
         // Only return the Pages Router response if it matched a route
         // (non-404). A 404 means the path isn't a Pages route either,
         // so fall through to the App Router not-found page below.
@@ -1692,7 +1865,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     }
     ` : ""}
     // Render custom not-found page if available, otherwise plain 404
-    const notFoundResponse = await renderNotFoundPage(null, isRscRequest, request);
+    const notFoundResponse = await renderNotFoundPage(null, isRscRequest, request, undefined, _scriptNonce);
     if (notFoundResponse) return notFoundResponse;
     setHeadersContext(null);
     setNavigationContext(null);
@@ -1822,6 +1995,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
         markDynamicUsage,
         method,
         middlewareContext: _mwCtx,
+        middlewareRequestHeaders: _mwCtx.requestHeaders,
         params: makeThenableParams(params),
         reportRequestError: _reportRequestError,
         request,
@@ -1905,6 +2079,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   if (
     process.env.NODE_ENV === "production" &&
     !isForceDynamic &&
+    (isRscRequest || !_scriptNonce) &&
     revalidateSeconds !== null && revalidateSeconds > 0 && revalidateSeconds !== Infinity
   ) {
     const __cachedPageResponse = await __readAppPageCacheResponse({
@@ -1919,6 +2094,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       isrHtmlKey: __isrHtmlKey,
       isrRscKey: __isrRscKey,
       isrSet: __isrSet,
+      mountedSlotsHeader: __mountedSlotsHeader,
       revalidateSeconds,
       renderFreshPageForCache: async function() {
         // Re-render the page to produce fresh HTML + RSC data for the cache
@@ -1933,7 +2109,21 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
         return _runWithUnifiedCtx(__revalUCtx, async () => {
           _ensureFetchPatch();
           setNavigationContext({ pathname: cleanPathname, searchParams: new URLSearchParams(), params });
-          const __revalElement = await buildPageElement(route, params, undefined, new URLSearchParams());
+          // Slot context (X-Vinext-Mounted-Slots) is inherited from the
+          // triggering request so the regen result is cached under the
+          // correct slot-variant key.
+          const __revalElement = await buildPageElements(
+            route,
+            params,
+            cleanPathname,
+            {
+              opts: undefined,
+              searchParams: new URLSearchParams(),
+              isRscRequest,
+              request,
+              mountedSlotsHeader: __mountedSlotsHeader,
+            },
+          );
           const __revalOnError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
           const __revalRscStream = renderToReadableStream(__revalElement, { onError: __revalOnError });
           const __revalRscCapture = __teeAppPageRscStreamForCapture(__revalRscStream, true);
@@ -1982,44 +2172,30 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   // If the target URL matches an intercepting route in a parallel slot,
   // render the source route with the intercepting page in the slot.
   const __interceptResult = await __resolveAppPageIntercept({
-    buildPageElement,
+    buildPageElement(interceptRoute, interceptParams, interceptOpts, interceptSearchParams) {
+      return buildPageElements(
+        interceptRoute,
+        interceptParams,
+        cleanPathname,
+        {
+          opts: interceptOpts,
+          searchParams: interceptSearchParams,
+          isRscRequest,
+          request,
+          mountedSlotsHeader: __mountedSlotsHeader,
+        },
+      );
+    },
     cleanPathname,
     currentRoute: route,
     findIntercept,
-    getRoutePattern(sourceRoute) {
-      return sourceRoute.pattern;
+    getRouteParamNames(sourceRoute) {
+      return sourceRoute.params;
     },
     getSourceRoute(sourceRouteIndex) {
       return routes[sourceRouteIndex];
     },
     isRscRequest,
-    matchSourceRouteParams(pattern) {
-      // Extract actual URL param values by prefix-matching the request pathname
-      // against the source route's pattern. This handles all interception conventions:
-      // (.) same-level, (..) one-level-up, and (...) root — the source pattern's
-      // dynamic segments that align with the URL get their real values extracted.
-      // We must NOT use matchRoute(pattern) here: the trie would match the literal
-      // ":param" strings as dynamic segment values, returning e.g. {id: ":id"}.
-      const patternParts = pattern.split("/").filter(Boolean);
-      const urlParts = cleanPathname.split("/").filter(Boolean);
-      const params = Object.create(null);
-      for (let i = 0; i < patternParts.length; i++) {
-        const pp = patternParts[i];
-        if (pp.endsWith("+") || pp.endsWith("*")) {
-          // urlParts.slice(i) safely returns [] when i >= urlParts.length,
-          // which is the correct value for optional catch-all with zero segments.
-          params[pp.slice(1, -1)] = urlParts.slice(i);
-          break;
-        }
-        if (i >= urlParts.length) break;
-        if (pp.startsWith(":")) {
-          params[pp.slice(1)] = urlParts[i];
-        } else if (pp !== urlParts[i]) {
-          break;
-        }
-      }
-      return params;
-    },
     renderInterceptResponse(sourceRoute, interceptElement) {
       const interceptOnError = createRscOnErrorHandler(
         request,
@@ -2033,7 +2209,10 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       // by the client, and async server components that run during consumption need the
       // context to still be live. The AsyncLocalStorage scope from runWithRequestContext
       // handles cleanup naturally when all async continuations complete.
-      const interceptHeaders = new Headers({ "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" });
+      const interceptHeaders = new Headers({
+        "Content-Type": "text/x-component; charset=utf-8",
+        "Vary": "RSC, Accept",
+      });
       __mergeMiddlewareResponseHeaders(interceptHeaders, _mwCtx.headers);
       return new Response(interceptStream, {
         status: _mwCtx.status ?? 200,
@@ -2044,7 +2223,8 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     setNavigationContext,
     toInterceptOpts(intercept) {
       return {
-        interceptSlot: intercept.slotName,
+        interceptionContext: interceptionContextHeader,
+        interceptSlotKey: intercept.slotKey,
         interceptPage: intercept.page,
         interceptParams: intercept.matchedParams,
       };
@@ -2057,10 +2237,16 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
 
   const __pageBuildResult = await __buildAppPageElement({
     buildPageElement() {
-      return buildPageElement(route, params, interceptOpts, url.searchParams);
+      return buildPageElements(route, params, cleanPathname, {
+        opts: interceptOpts,
+        searchParams: url.searchParams,
+        isRscRequest,
+        request,
+        mountedSlotsHeader: __mountedSlotsHeader,
+      });
     },
     renderErrorBoundaryPage(buildErr) {
-      return renderErrorBoundaryPage(route, buildErr, isRscRequest, request, params);
+      return renderErrorBoundaryPage(route, buildErr, isRscRequest, request, params, _scriptNonce);
     },
     renderSpecialError(__buildSpecialError) {
       return __buildAppPageSpecialErrorResponse({
@@ -2069,9 +2255,16 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
           setNavigationContext(null);
         },
         renderFallbackPage(statusCode) {
-          return renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, {
-            matchedParams: params,
-          });
+          return renderHTTPAccessFallbackPage(
+            route,
+            statusCode,
+            isRscRequest,
+            request,
+            {
+              matchedParams: params,
+            },
+            _scriptNonce,
+          );
         },
         requestUrl: request.url,
         specialError: __buildSpecialError,
@@ -2088,19 +2281,6 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   // rscCssTransform — no manual loadCss() call needed.
   const _hasLoadingBoundary = !!(route.loading && route.loading.default);
   const _asyncLayoutParams = makeThenableParams(params);
-  // Convert URLSearchParams to a plain object then wrap in makeThenableParams()
-  // so probePage() passes the same shape that buildPageElement() gives to the
-  // real render. Without this, pages that destructure await-ed searchParams
-  // throw TypeError during probe.
-  const _probeSearchObj = {};
-  url.searchParams.forEach(function(v, k) {
-    if (k in _probeSearchObj) {
-      _probeSearchObj[k] = Array.isArray(_probeSearchObj[k]) ? _probeSearchObj[k].concat(v) : [_probeSearchObj[k], v];
-    } else {
-      _probeSearchObj[k] = v;
-    }
-  });
-  const _asyncSearchParams = makeThenableParams(_probeSearchObj);
   return __renderAppPageLifecycle({
     cleanPathname,
     clearRequestContext() {
@@ -2146,11 +2326,43 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       return LayoutComp({ params: _asyncLayoutParams, children: null });
     },
     probePage() {
+      const _probeSearchObj = {};
+      url.searchParams.forEach(function(v, k) {
+        if (k in _probeSearchObj) {
+          _probeSearchObj[k] = Array.isArray(_probeSearchObj[k])
+            ? _probeSearchObj[k].concat(v)
+            : [_probeSearchObj[k], v];
+        } else {
+          _probeSearchObj[k] = v;
+        }
+      });
+      const _asyncSearchParams = makeThenableParams(_probeSearchObj);
       return PageComponent({ params: _asyncLayoutParams, searchParams: _asyncSearchParams });
     },
+    classification: {
+      getLayoutId(index) {
+        const tp = route.layoutTreePositions?.[index] ?? 0;
+        return "layout:" + __createAppPageTreePath(route.routeSegments, tp);
+      },
+      buildTimeClassifications: route.__buildTimeClassifications,
+      buildTimeReasons: route.__buildTimeReasons,
+      debugClassification: __classDebug,
+      async runWithIsolatedDynamicScope(fn) {
+        const priorDynamic = consumeDynamicUsage();
+        try {
+          const result = await fn();
+          const dynamicDetected = consumeDynamicUsage();
+          return { result, dynamicDetected };
+        } finally {
+          consumeDynamicUsage();
+          if (priorDynamic) markDynamicUsage();
+        }
+      },
+    },
     revalidateSeconds,
+    mountedSlotsHeader: __mountedSlotsHeader,
     renderErrorBoundaryResponse(renderErr) {
-      return renderErrorBoundaryPage(route, renderErr, isRscRequest, request, params);
+      return renderErrorBoundaryPage(route, renderErr, isRscRequest, request, params, _scriptNonce);
     },
     async renderLayoutSpecialError(__layoutSpecialError, li) {
       return __buildAppPageSpecialErrorResponse({
@@ -2173,11 +2385,18 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
           }
           if (!parentNotFound) parentNotFound = ${rootNotFoundVar ? `${rootNotFoundVar}?.default` : "null"};
           const parentLayouts = route.layouts.slice(0, li);
-          return renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, {
-            boundaryComponent: parentNotFound,
-            layouts: parentLayouts,
-            matchedParams: params,
-          });
+          return renderHTTPAccessFallbackPage(
+            route,
+            statusCode,
+            isRscRequest,
+            request,
+            {
+              boundaryComponent: parentNotFound,
+              layouts: parentLayouts,
+              matchedParams: params,
+            },
+            _scriptNonce,
+          );
         },
         requestUrl: request.url,
         specialError: __layoutSpecialError,
@@ -2190,9 +2409,16 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
           setNavigationContext(null);
         },
         renderFallbackPage(statusCode) {
-          return renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, {
-            matchedParams: params,
-          });
+          return renderHTTPAccessFallbackPage(
+            route,
+            statusCode,
+            isRscRequest,
+            request,
+            {
+              matchedParams: params,
+            },
+            _scriptNonce,
+          );
         },
         requestUrl: request.url,
         specialError,
@@ -2207,6 +2433,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       // each have their own ALS store and are unaffected.
       return _suppressHookWarningAls.run(true, probe);
     },
+    scriptNonce: _scriptNonce,
     waitUntil(__cachePromise) {
       _getRequestExecutionContext()?.waitUntil(__cachePromise);
     },