vinext 0.0.47 → 0.0.48

package/dist/server/cache-proof.d.ts

@@ -0,0 +1,200 @@
+import { AppRouteSemanticIds } from "../routing/app-route-graph.js";
+
+//#region src/server/cache-proof.d.ts
+declare const CACHE_PROOF_MODEL_SCHEMA_VERSION = 0;
+type CacheProofModelSchemaVersion = 0;
+type CacheProofRejectionCode = "CP_MODEL_DISABLED" | "CP_DIMENSION_COUNT_EXCEEDED" | "CP_DIMENSION_NAME_MISSING" | "CP_DIMENSION_NAME_TOO_LONG" | "CP_DIMENSION_VALUE_COUNT_EXCEEDED" | "CP_DIMENSION_VALUE_TOO_LONG" | "CP_DIMENSION_VALUES_MISSING" | "CP_ENCODED_VARIANT_TOO_LONG" | "CP_INVALID_VARIANT_BUDGET" | "CP_ROUTE_VARIANT_CEILING_EXCEEDED" | "CP_UNSAFE_PUBLIC_DIMENSION" | "CP_BOUNDARY_OUTCOME_MISMATCH" | "CP_BOUNDARY_OUTCOME_UNKNOWN";
+type CacheProofTraceFieldValue = string | number | boolean | null | readonly string[];
+type CacheProofTraceFields = Readonly<Record<string, CacheProofTraceFieldValue>>;
+type CacheProofBreakerFallbackMode = "renderFresh" | "privateUncacheable";
+type CacheProofFallbackScope = "affectedOutput" | "route";
+type CacheProofBreakerFallback = Readonly<{
+  kind: "breakerFallback";
+  code: CacheProofRejectionCode;
+  mode: CacheProofBreakerFallbackMode;
+  scope: CacheProofFallbackScope;
+  fields: CacheProofTraceFields;
+}>;
+type CacheVariantBudget = Readonly<{
+  maxDimensionCount: number;
+  maxDimensionNameLength: number;
+  maxDimensionValueLength: number;
+  maxEncodedLength: number;
+  maxValuesPerDimension: number;
+  maxVariantsPerRoute: number;
+}>;
+declare const DEFAULT_CACHE_VARIANT_BUDGET: {
+  maxDimensionCount: number;
+  maxDimensionNameLength: number;
+  maxDimensionValueLength: number;
+  maxEncodedLength: number;
+  maxValuesPerDimension: number;
+  maxVariantsPerRoute: number;
+};
+type CacheVariantDimensionSource = "auth" | "cookie" | "custom" | "draft-mode" | "header" | "interception" | "mounted-slots" | "params" | "route" | "search" | "session";
+type CacheVariantDimensionPrivacy = "internal" | "private" | "public";
+type CacheVariantDimensionInput = Readonly<{
+  name: string;
+  privacy: CacheVariantDimensionPrivacy;
+  source: CacheVariantDimensionSource;
+  values: readonly string[];
+}>;
+type CacheVariantDimension = Readonly<{
+  encoded: string;
+  name: string;
+  privacy: CacheVariantDimensionPrivacy;
+  source: CacheVariantDimensionSource;
+  valueCount: number;
+  valueHashes: readonly string[];
+}>;
+type CacheProofOutputScope = Readonly<{
+  kind: "app-html";
+  renderEpoch: string | null;
+  rootBoundaryId: string | null;
+  routeId: string;
+}> | Readonly<{
+  kind: "app-rsc";
+  mountedSlotsFingerprint: string | null;
+  renderEpoch: string | null;
+  rootBoundaryId: string | null;
+  routeId: string;
+}> | Readonly<{
+  kind: "layout";
+  layoutId: string;
+  rootBoundaryId: string | null;
+  routeId: string;
+}> | Readonly<{
+  kind: "page";
+  pageId: string;
+  rootBoundaryId: string | null;
+  routeId: string;
+}> | Readonly<{
+  kind: "route-handler";
+  routeHandlerId: string;
+  routeId: string;
+}> | Readonly<{
+  kind: "slot";
+  rootBoundaryId: string | null;
+  routeId: string;
+  slotId: string;
+}> | Readonly<{
+  kind: "template";
+  rootBoundaryId: string | null;
+  routeId: string;
+  templateId: string;
+}>;
+type CacheVariant = Readonly<{
+  budget: CacheVariantBudget;
+  cacheKey: string;
+  dimensions: readonly CacheVariantDimension[];
+  encodedLength: number;
+  output: CacheProofOutputScope;
+  schemaVersion: CacheProofModelSchemaVersion;
+}>;
+type BuildCacheVariantInput = Readonly<{
+  budget: CacheVariantBudget;
+  dimensions: readonly CacheVariantDimensionInput[];
+  existingVariantCount: number;
+  output: CacheProofOutputScope;
+}>;
+type BuildCacheVariantResult = Readonly<{
+  kind: "variant";
+  variant: CacheVariant;
+}> | Readonly<{
+  kind: "breakerFallback";
+  fallback: CacheProofBreakerFallback;
+}>;
+type AppRouteCacheProofGraphScopeInput = Readonly<{
+  ids: AppRouteSemanticIds;
+}>;
+type AppRouteCacheProofGraphScope = Readonly<{
+  layoutIds: readonly string[];
+  pageId: string | null;
+  routeHandlerId: string | null;
+  routeId: string;
+  slotIds: readonly string[];
+  templateIds: readonly string[];
+}>;
+type BoundaryOutcome = Readonly<{
+  kind: "error";
+  digest?: string;
+}> | Readonly<{
+  kind: "forbidden";
+}> | Readonly<{
+  kind: "globalError";
+  digest?: string;
+}> | Readonly<{
+  kind: "notFound";
+}> | Readonly<{
+  kind: "redirect";
+  location: string;
+  status: number;
+}> | Readonly<{
+  kind: "success";
+}> | Readonly<{
+  kind: "unauthorized";
+}> | Readonly<{
+  kind: "unknown";
+}>;
+type BoundaryOutcomeCompatibility = Readonly<{
+  kind: "compatible";
+  outcome: BoundaryOutcome;
+  reason: "CP_BOUNDARY_OUTCOME_MATCH";
+}> | Readonly<{
+  candidate: BoundaryOutcome;
+  expected: BoundaryOutcome;
+  fallback: CacheProofBreakerFallback;
+  kind: "incompatible";
+}>;
+type RenderObservationCompleteness = "complete" | "partial" | "unknown";
+type RenderCacheability = "private" | "public" | "uncacheable" | "unknown";
+type RenderRequestApiKind = "connection" | "cookies" | "draftMode" | "headers" | "params" | "searchParams";
+type RenderRequestApiStatus = "notObserved" | "observed" | "unknown";
+type RenderRequestApiObservation = Readonly<{
+  kind: RenderRequestApiKind;
+  status: RenderRequestApiStatus;
+}>;
+type RenderObservation = Readonly<{
+  boundaryOutcome: BoundaryOutcome;
+  cacheTags: readonly string[];
+  cacheability: RenderCacheability;
+  completeness: RenderObservationCompleteness;
+  dynamicFetches: readonly string[];
+  output: CacheProofOutputScope;
+  pathTags: readonly string[];
+  requestApis: readonly RenderRequestApiObservation[];
+  schemaVersion: CacheProofModelSchemaVersion;
+}>;
+type BuildRenderObservationInput = Readonly<{
+  boundaryOutcome: BoundaryOutcome;
+  cacheTags: readonly string[];
+  cacheability: RenderCacheability;
+  completeness: RenderObservationCompleteness;
+  dynamicFetches: readonly string[];
+  output: CacheProofOutputScope;
+  pathTags: readonly string[];
+  requestApis: readonly RenderRequestApiObservation[];
+}>;
+type DisabledCacheProofDecision = Readonly<{
+  canReuse: false;
+  fallback: CacheProofBreakerFallback;
+  kind: "disabled";
+  observation: RenderObservation;
+  variant: CacheVariant;
+}>;
+type CreateDisabledCacheProofDecisionInput = Readonly<{
+  observation: RenderObservation;
+  variant: CacheVariant;
+}>;
+declare function createAppRouteCacheProofGraphScope(route: AppRouteCacheProofGraphScopeInput): AppRouteCacheProofGraphScope;
+declare function buildCacheVariant(input: BuildCacheVariantInput): BuildCacheVariantResult;
+declare function buildBoundaryOutcomeCompatibility(input: {
+  candidate: BoundaryOutcome;
+  expected: BoundaryOutcome;
+}): BoundaryOutcomeCompatibility;
+declare function buildRenderObservation(input: BuildRenderObservationInput): RenderObservation;
+declare function hasCompleteNegativeRequestApiProof(observation: RenderObservation, requiredApis: readonly RenderRequestApiKind[]): boolean;
+declare function createDisabledCacheProofDecision(input: CreateDisabledCacheProofDecisionInput): DisabledCacheProofDecision;
+//#endregion
+export { AppRouteCacheProofGraphScope, AppRouteCacheProofGraphScopeInput, BoundaryOutcome, BoundaryOutcomeCompatibility, BuildCacheVariantInput, BuildCacheVariantResult, BuildRenderObservationInput, CACHE_PROOF_MODEL_SCHEMA_VERSION, CacheProofBreakerFallback, CacheProofBreakerFallbackMode, CacheProofFallbackScope, CacheProofModelSchemaVersion, CacheProofOutputScope, CacheProofRejectionCode, CacheProofTraceFieldValue, CacheProofTraceFields, CacheVariant, CacheVariantBudget, CacheVariantDimension, CacheVariantDimensionInput, CacheVariantDimensionPrivacy, CacheVariantDimensionSource, CreateDisabledCacheProofDecisionInput, DEFAULT_CACHE_VARIANT_BUDGET, DisabledCacheProofDecision, RenderCacheability, RenderObservation, RenderObservationCompleteness, RenderRequestApiKind, RenderRequestApiObservation, RenderRequestApiStatus, buildBoundaryOutcomeCompatibility, buildCacheVariant, buildRenderObservation, createAppRouteCacheProofGraphScope, createDisabledCacheProofDecision, hasCompleteNegativeRequestApiProof };
+//# sourceMappingURL=cache-proof.d.ts.map

package/dist/server/cache-proof.js

@@ -0,0 +1,342 @@
+import { fnv1a64 } from "../utils/hash.js";
+//#region src/server/cache-proof.ts
+const CACHE_PROOF_MODEL_SCHEMA_VERSION = 0;
+const DEFAULT_CACHE_VARIANT_BUDGET = {
+	maxDimensionCount: 8,
+	maxDimensionNameLength: 64,
+	maxDimensionValueLength: 256,
+	maxEncodedLength: 1024,
+	maxValuesPerDimension: 8,
+	maxVariantsPerRoute: 64
+};
+const PUBLIC_UNSAFE_DIMENSION_SOURCES = new Set([
+	"auth",
+	"cookie",
+	"draft-mode",
+	"header",
+	"session"
+]);
+function buildBreakerFallback(code, fields = {}, mode = "renderFresh", scope = "affectedOutput") {
+	return {
+		kind: "breakerFallback",
+		code,
+		mode,
+		scope,
+		fields
+	};
+}
+function sortedUnique(values) {
+	return [...new Set(values)].sort();
+}
+function normalizeDimensionName(name) {
+	return name.trim().toLowerCase();
+}
+function redactValue(value) {
+	return `h:${fnv1a64(value)}`;
+}
+function sortedUniqueRedacted(values) {
+	return sortedUnique(sortedUnique(values).map(redactValue));
+}
+function encodeParts(parts) {
+	return JSON.stringify(parts);
+}
+function compareDimensions(a, b) {
+	return a.source.localeCompare(b.source) || a.name.localeCompare(b.name) || a.privacy.localeCompare(b.privacy);
+}
+function encodeNullable(value) {
+	return value;
+}
+function assertNever(value) {
+	throw new Error(`Unhandled cache proof variant: ${String(value)}`);
+}
+function encodeOutputScope(output) {
+	switch (output.kind) {
+		case "app-html": return encodeParts([
+			output.kind,
+			output.routeId,
+			encodeNullable(output.rootBoundaryId),
+			encodeNullable(output.renderEpoch)
+		]);
+		case "app-rsc": return encodeParts([
+			output.kind,
+			output.routeId,
+			encodeNullable(output.rootBoundaryId),
+			encodeNullable(output.renderEpoch),
+			encodeNullable(output.mountedSlotsFingerprint)
+		]);
+		case "layout": return encodeParts([
+			output.kind,
+			output.routeId,
+			output.layoutId,
+			encodeNullable(output.rootBoundaryId)
+		]);
+		case "page": return encodeParts([
+			output.kind,
+			output.routeId,
+			output.pageId,
+			encodeNullable(output.rootBoundaryId)
+		]);
+		case "route-handler": return encodeParts([
+			output.kind,
+			output.routeId,
+			output.routeHandlerId
+		]);
+		case "slot": return encodeParts([
+			output.kind,
+			output.routeId,
+			output.slotId,
+			encodeNullable(output.rootBoundaryId)
+		]);
+		case "template": return encodeParts([
+			output.kind,
+			output.routeId,
+			output.templateId,
+			encodeNullable(output.rootBoundaryId)
+		]);
+		default: return assertNever(output);
+	}
+}
+function validateBudgetNumber(name, value) {
+	if (Number.isInteger(value) && value >= 0) return null;
+	return buildBreakerFallback("CP_INVALID_VARIANT_BUDGET", { budgetField: name });
+}
+function validateBudget(budget) {
+	return validateBudgetNumber("maxDimensionCount", budget.maxDimensionCount) ?? validateBudgetNumber("maxDimensionNameLength", budget.maxDimensionNameLength) ?? validateBudgetNumber("maxDimensionValueLength", budget.maxDimensionValueLength) ?? validateBudgetNumber("maxEncodedLength", budget.maxEncodedLength) ?? validateBudgetNumber("maxValuesPerDimension", budget.maxValuesPerDimension) ?? validateBudgetNumber("maxVariantsPerRoute", budget.maxVariantsPerRoute);
+}
+function buildDimension(input, budget) {
+	const name = normalizeDimensionName(input.name);
+	if (name.length === 0) return buildBreakerFallback("CP_DIMENSION_NAME_MISSING", { source: input.source });
+	if (name.length > budget.maxDimensionNameLength) return buildBreakerFallback("CP_DIMENSION_NAME_TOO_LONG", {
+		maxLength: budget.maxDimensionNameLength,
+		nameHash: redactValue(name),
+		source: input.source
+	});
+	if (input.privacy === "public" && PUBLIC_UNSAFE_DIMENSION_SOURCES.has(input.source)) return buildBreakerFallback("CP_UNSAFE_PUBLIC_DIMENSION", {
+		name,
+		source: input.source
+	}, "privateUncacheable");
+	const values = sortedUnique(input.values);
+	if (values.length === 0) return buildBreakerFallback("CP_DIMENSION_VALUES_MISSING", {
+		name,
+		source: input.source
+	});
+	if (values.length > budget.maxValuesPerDimension) return buildBreakerFallback("CP_DIMENSION_VALUE_COUNT_EXCEEDED", {
+		maxValues: budget.maxValuesPerDimension,
+		name,
+		source: input.source,
+		valueCount: values.length
+	});
+	for (const value of values) if (value.length > budget.maxDimensionValueLength) return buildBreakerFallback("CP_DIMENSION_VALUE_TOO_LONG", {
+		maxLength: budget.maxDimensionValueLength,
+		name,
+		source: input.source,
+		valueHash: redactValue(value)
+	});
+	const valueHashes = values.map(redactValue);
+	return {
+		encoded: encodeParts([
+			input.source,
+			input.privacy,
+			name,
+			valueHashes
+		]),
+		name,
+		privacy: input.privacy,
+		source: input.source,
+		valueCount: valueHashes.length,
+		valueHashes
+	};
+}
+function isCacheProofBreakerFallback(value) {
+	return "code" in value;
+}
+function getDimensionBucket(bySource, source, privacy) {
+	const existingByPrivacy = bySource.get(source);
+	const byPrivacy = existingByPrivacy ?? /* @__PURE__ */ new Map();
+	if (!existingByPrivacy) bySource.set(source, byPrivacy);
+	const existingByName = byPrivacy.get(privacy);
+	const byName = existingByName ?? /* @__PURE__ */ new Map();
+	if (!existingByName) byPrivacy.set(privacy, byName);
+	return byName;
+}
+function mergeDimensionInputs(dimensions) {
+	const bySource = /* @__PURE__ */ new Map();
+	const orderedDimensions = [];
+	for (const dimension of dimensions) {
+		const name = normalizeDimensionName(dimension.name);
+		const bucket = getDimensionBucket(bySource, dimension.source, dimension.privacy);
+		const existing = bucket.get(name);
+		if (existing) {
+			existing.values.push(...dimension.values);
+			continue;
+		}
+		const accumulator = {
+			name,
+			privacy: dimension.privacy,
+			source: dimension.source,
+			values: [...dimension.values]
+		};
+		bucket.set(name, accumulator);
+		orderedDimensions.push(accumulator);
+	}
+	return orderedDimensions;
+}
+function createAppRouteCacheProofGraphScope(route) {
+	return {
+		routeId: route.ids.route,
+		pageId: route.ids.page,
+		routeHandlerId: route.ids.routeHandler,
+		layoutIds: [...route.ids.layouts],
+		templateIds: [...route.ids.templates],
+		slotIds: sortedUnique(Object.values(route.ids.slots))
+	};
+}
+function buildCacheVariant(input) {
+	const budgetFallback = validateBudget(input.budget);
+	if (budgetFallback) return {
+		kind: "breakerFallback",
+		fallback: budgetFallback
+	};
+	if (input.existingVariantCount >= input.budget.maxVariantsPerRoute) return {
+		kind: "breakerFallback",
+		fallback: buildBreakerFallback("CP_ROUTE_VARIANT_CEILING_EXCEEDED", {
+			existingVariantCount: input.existingVariantCount,
+			maxVariantsPerRoute: input.budget.maxVariantsPerRoute,
+			routeId: input.output.routeId
+		}, "privateUncacheable", "route")
+	};
+	const dimensionInputs = mergeDimensionInputs(input.dimensions);
+	if (dimensionInputs.length > input.budget.maxDimensionCount) return {
+		kind: "breakerFallback",
+		fallback: buildBreakerFallback("CP_DIMENSION_COUNT_EXCEEDED", {
+			dimensionCount: dimensionInputs.length,
+			maxDimensionCount: input.budget.maxDimensionCount,
+			routeId: input.output.routeId
+		})
+	};
+	const dimensions = [];
+	for (const dimensionInput of dimensionInputs) {
+		const dimension = buildDimension(dimensionInput, input.budget);
+		if (isCacheProofBreakerFallback(dimension)) return {
+			kind: "breakerFallback",
+			fallback: dimension
+		};
+		dimensions.push(dimension);
+	}
+	dimensions.sort(compareDimensions);
+	const encoded = [
+		`schema:0`,
+		encodeOutputScope(input.output),
+		...dimensions.map((dimension) => dimension.encoded)
+	].join("|");
+	if (encoded.length > input.budget.maxEncodedLength) return {
+		kind: "breakerFallback",
+		fallback: buildBreakerFallback("CP_ENCODED_VARIANT_TOO_LONG", {
+			encodedHash: redactValue(encoded),
+			encodedLength: encoded.length,
+			maxEncodedLength: input.budget.maxEncodedLength,
+			routeId: input.output.routeId
+		})
+	};
+	return {
+		kind: "variant",
+		variant: {
+			schemaVersion: 0,
+			cacheKey: `cp0:${fnv1a64(encoded)}`,
+			output: input.output,
+			dimensions,
+			encodedLength: encoded.length,
+			budget: { ...input.budget }
+		}
+	};
+}
+function boundaryOutcomesMatch(expected, candidate) {
+	switch (expected.kind) {
+		case "error": return candidate.kind === "error" && (expected.digest ?? "") === (candidate.digest ?? "");
+		case "forbidden": return candidate.kind === "forbidden";
+		case "globalError": return candidate.kind === "globalError" && (expected.digest ?? "") === (candidate.digest ?? "");
+		case "notFound": return candidate.kind === "notFound";
+		case "redirect": return candidate.kind === "redirect" && expected.status === candidate.status && expected.location === candidate.location;
+		case "success": return candidate.kind === "success";
+		case "unauthorized": return candidate.kind === "unauthorized";
+		case "unknown": return false;
+		default: return assertNever(expected);
+	}
+}
+function buildBoundaryOutcomeCompatibility(input) {
+	if (input.expected.kind === "unknown" || input.candidate.kind === "unknown") return {
+		kind: "incompatible",
+		expected: input.expected,
+		candidate: input.candidate,
+		fallback: buildBreakerFallback("CP_BOUNDARY_OUTCOME_UNKNOWN", {
+			candidateKind: input.candidate.kind,
+			expectedKind: input.expected.kind
+		})
+	};
+	if (boundaryOutcomesMatch(input.expected, input.candidate)) return {
+		kind: "compatible",
+		outcome: input.candidate,
+		reason: "CP_BOUNDARY_OUTCOME_MATCH"
+	};
+	return {
+		kind: "incompatible",
+		expected: input.expected,
+		candidate: input.candidate,
+		fallback: buildBreakerFallback("CP_BOUNDARY_OUTCOME_MISMATCH", {
+			candidateKind: input.candidate.kind,
+			expectedKind: input.expected.kind
+		})
+	};
+}
+function requestApiStatusRank(status) {
+	switch (status) {
+		case "notObserved": return 0;
+		case "unknown": return 1;
+		case "observed": return 2;
+		default: return assertNever(status);
+	}
+}
+function normalizeRequestApiObservations(observations) {
+	const byKind = /* @__PURE__ */ new Map();
+	for (const observation of observations) {
+		const current = byKind.get(observation.kind);
+		if (current === void 0 || requestApiStatusRank(observation.status) > requestApiStatusRank(current)) byKind.set(observation.kind, observation.status);
+	}
+	return [...byKind.entries()].sort(([left], [right]) => left.localeCompare(right)).map(([kind, status]) => ({
+		kind,
+		status
+	}));
+}
+function buildRenderObservation(input) {
+	return {
+		schemaVersion: 0,
+		output: input.output,
+		completeness: input.completeness,
+		boundaryOutcome: input.boundaryOutcome,
+		requestApis: normalizeRequestApiObservations(input.requestApis),
+		dynamicFetches: sortedUniqueRedacted(input.dynamicFetches),
+		cacheTags: sortedUnique(input.cacheTags),
+		pathTags: sortedUnique(input.pathTags),
+		cacheability: input.cacheability
+	};
+}
+function hasCompleteNegativeRequestApiProof(observation, requiredApis) {
+	if (observation.completeness !== "complete") return false;
+	const statuses = /* @__PURE__ */ new Map();
+	for (const requestApi of observation.requestApis) statuses.set(requestApi.kind, requestApi.status);
+	for (const api of requiredApis) if (statuses.get(api) !== "notObserved") return false;
+	return true;
+}
+function createDisabledCacheProofDecision(input) {
+	return {
+		kind: "disabled",
+		canReuse: false,
+		variant: input.variant,
+		observation: input.observation,
+		fallback: buildBreakerFallback("CP_MODEL_DISABLED")
+	};
+}
+//#endregion
+export { CACHE_PROOF_MODEL_SCHEMA_VERSION, DEFAULT_CACHE_VARIANT_BUDGET, buildBoundaryOutcomeCompatibility, buildCacheVariant, buildRenderObservation, createAppRouteCacheProofGraphScope, createDisabledCacheProofDecision, hasCompleteNegativeRequestApiProof };
+
+//# sourceMappingURL=cache-proof.js.map

package/dist/server/cache-proof.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache-proof.js","names":[],"sources":["../../src/server/cache-proof.ts"],"sourcesContent":["import type { AppRouteSemanticIds } from \"../routing/app-route-graph.js\";\nimport { fnv1a64 } from \"../utils/hash.js\";\n\nexport const CACHE_PROOF_MODEL_SCHEMA_VERSION = 0;\nexport type CacheProofModelSchemaVersion = 0;\n\nexport type CacheProofRejectionCode =\n  | \"CP_MODEL_DISABLED\"\n  | \"CP_DIMENSION_COUNT_EXCEEDED\"\n  | \"CP_DIMENSION_NAME_MISSING\"\n  | \"CP_DIMENSION_NAME_TOO_LONG\"\n  | \"CP_DIMENSION_VALUE_COUNT_EXCEEDED\"\n  | \"CP_DIMENSION_VALUE_TOO_LONG\"\n  | \"CP_DIMENSION_VALUES_MISSING\"\n  | \"CP_ENCODED_VARIANT_TOO_LONG\"\n  | \"CP_INVALID_VARIANT_BUDGET\"\n  | \"CP_ROUTE_VARIANT_CEILING_EXCEEDED\"\n  | \"CP_UNSAFE_PUBLIC_DIMENSION\"\n  | \"CP_BOUNDARY_OUTCOME_MISMATCH\"\n  | \"CP_BOUNDARY_OUTCOME_UNKNOWN\";\n\nexport type CacheProofTraceFieldValue = string | number | boolean | null | readonly string[];\n\nexport type CacheProofTraceFields = Readonly<Record<string, CacheProofTraceFieldValue>>;\n\nexport type CacheProofBreakerFallbackMode = \"renderFresh\" | \"privateUncacheable\";\nexport type CacheProofFallbackScope = \"affectedOutput\" | \"route\";\n\nexport type CacheProofBreakerFallback = Readonly<{\n  kind: \"breakerFallback\";\n  code: CacheProofRejectionCode;\n  mode: CacheProofBreakerFallbackMode;\n  scope: CacheProofFallbackScope;\n  fields: CacheProofTraceFields;\n}>;\n\nexport type CacheVariantBudget = Readonly<{\n  maxDimensionCount: number;\n  maxDimensionNameLength: number;\n  maxDimensionValueLength: number;\n  maxEncodedLength: number;\n  maxValuesPerDimension: number;\n  maxVariantsPerRoute: number;\n}>;\n\nexport const DEFAULT_CACHE_VARIANT_BUDGET = {\n  maxDimensionCount: 8,\n  maxDimensionNameLength: 64,\n  maxDimensionValueLength: 256,\n  maxEncodedLength: 1024,\n  maxValuesPerDimension: 8,\n  maxVariantsPerRoute: 64,\n} satisfies CacheVariantBudget;\n\nexport type CacheVariantDimensionSource =\n  | \"auth\"\n  | \"cookie\"\n  | \"custom\"\n  | \"draft-mode\"\n  | \"header\"\n  | \"interception\"\n  | \"mounted-slots\"\n  | \"params\"\n  | \"route\"\n  | \"search\"\n  | \"session\";\n\nexport type CacheVariantDimensionPrivacy = \"internal\" | \"private\" | \"public\";\n\nexport type CacheVariantDimensionInput = Readonly<{\n  name: string;\n  privacy: CacheVariantDimensionPrivacy;\n  source: CacheVariantDimensionSource;\n  values: readonly string[];\n}>;\n\nexport type CacheVariantDimension = Readonly<{\n  encoded: string;\n  name: string;\n  privacy: CacheVariantDimensionPrivacy;\n  source: CacheVariantDimensionSource;\n  valueCount: number;\n  valueHashes: readonly string[];\n}>;\n\nexport type CacheProofOutputScope =\n  | Readonly<{\n      kind: \"app-html\";\n      renderEpoch: string | null;\n      rootBoundaryId: string | null;\n      routeId: string;\n    }>\n  | Readonly<{\n      kind: \"app-rsc\";\n      mountedSlotsFingerprint: string | null;\n      renderEpoch: string | null;\n      rootBoundaryId: string | null;\n      routeId: string;\n    }>\n  | Readonly<{\n      kind: \"layout\";\n      layoutId: string;\n      rootBoundaryId: string | null;\n      routeId: string;\n    }>\n  | Readonly<{\n      kind: \"page\";\n      pageId: string;\n      rootBoundaryId: string | null;\n      routeId: string;\n    }>\n  | Readonly<{\n      kind: \"route-handler\";\n      routeHandlerId: string;\n      routeId: string;\n    }>\n  | Readonly<{\n      kind: \"slot\";\n      rootBoundaryId: string | null;\n      routeId: string;\n      slotId: string;\n    }>\n  | Readonly<{\n      kind: \"template\";\n      rootBoundaryId: string | null;\n      routeId: string;\n      templateId: string;\n    }>;\n\nexport type CacheVariant = Readonly<{\n  budget: CacheVariantBudget;\n  cacheKey: string;\n  dimensions: readonly CacheVariantDimension[];\n  encodedLength: number;\n  output: CacheProofOutputScope;\n  schemaVersion: CacheProofModelSchemaVersion;\n}>;\n\nexport type BuildCacheVariantInput = Readonly<{\n  budget: CacheVariantBudget;\n  dimensions: readonly CacheVariantDimensionInput[];\n  existingVariantCount: number;\n  output: CacheProofOutputScope;\n}>;\n\nexport type BuildCacheVariantResult =\n  | Readonly<{ kind: \"variant\"; variant: CacheVariant }>\n  | Readonly<{ kind: \"breakerFallback\"; fallback: CacheProofBreakerFallback }>;\n\nexport type AppRouteCacheProofGraphScopeInput = Readonly<{\n  ids: AppRouteSemanticIds;\n}>;\n\nexport type AppRouteCacheProofGraphScope = Readonly<{\n  layoutIds: readonly string[];\n  pageId: string | null;\n  routeHandlerId: string | null;\n  routeId: string;\n  slotIds: readonly string[];\n  templateIds: readonly string[];\n}>;\n\nexport type BoundaryOutcome =\n  | Readonly<{ kind: \"error\"; digest?: string }>\n  | Readonly<{ kind: \"forbidden\" }>\n  | Readonly<{ kind: \"globalError\"; digest?: string }>\n  | Readonly<{ kind: \"notFound\" }>\n  | Readonly<{ kind: \"redirect\"; location: string; status: number }>\n  | Readonly<{ kind: \"success\" }>\n  | Readonly<{ kind: \"unauthorized\" }>\n  | Readonly<{ kind: \"unknown\" }>;\n\nexport type BoundaryOutcomeCompatibility =\n  | Readonly<{\n      kind: \"compatible\";\n      outcome: BoundaryOutcome;\n      reason: \"CP_BOUNDARY_OUTCOME_MATCH\";\n    }>\n  | Readonly<{\n      candidate: BoundaryOutcome;\n      expected: BoundaryOutcome;\n      fallback: CacheProofBreakerFallback;\n      kind: \"incompatible\";\n    }>;\n\nexport type RenderObservationCompleteness = \"complete\" | \"partial\" | \"unknown\";\nexport type RenderCacheability = \"private\" | \"public\" | \"uncacheable\" | \"unknown\";\nexport type RenderRequestApiKind =\n  | \"connection\"\n  | \"cookies\"\n  | \"draftMode\"\n  | \"headers\"\n  | \"params\"\n  | \"searchParams\";\nexport type RenderRequestApiStatus = \"notObserved\" | \"observed\" | \"unknown\";\n\nexport type RenderRequestApiObservation = Readonly<{\n  kind: RenderRequestApiKind;\n  status: RenderRequestApiStatus;\n}>;\n\nexport type RenderObservation = Readonly<{\n  boundaryOutcome: BoundaryOutcome;\n  cacheTags: readonly string[];\n  cacheability: RenderCacheability;\n  completeness: RenderObservationCompleteness;\n  dynamicFetches: readonly string[];\n  output: CacheProofOutputScope;\n  pathTags: readonly string[];\n  requestApis: readonly RenderRequestApiObservation[];\n  schemaVersion: CacheProofModelSchemaVersion;\n}>;\n\nexport type BuildRenderObservationInput = Readonly<{\n  boundaryOutcome: BoundaryOutcome;\n  cacheTags: readonly string[];\n  cacheability: RenderCacheability;\n  completeness: RenderObservationCompleteness;\n  dynamicFetches: readonly string[];\n  output: CacheProofOutputScope;\n  pathTags: readonly string[];\n  requestApis: readonly RenderRequestApiObservation[];\n}>;\n\nexport type DisabledCacheProofDecision = Readonly<{\n  canReuse: false;\n  fallback: CacheProofBreakerFallback;\n  kind: \"disabled\";\n  observation: RenderObservation;\n  variant: CacheVariant;\n}>;\n\nexport type CreateDisabledCacheProofDecisionInput = Readonly<{\n  observation: RenderObservation;\n  variant: CacheVariant;\n}>;\n\nconst PUBLIC_UNSAFE_DIMENSION_SOURCES: ReadonlySet<CacheVariantDimensionSource> = new Set([\n  \"auth\",\n  \"cookie\",\n  \"draft-mode\",\n  \"header\",\n  \"session\",\n]);\n\ntype CacheVariantDimensionAccumulator = {\n  name: string;\n  privacy: CacheVariantDimensionPrivacy;\n  source: CacheVariantDimensionSource;\n  values: string[];\n};\n\ntype DimensionAccumulatorByName = Map<string, CacheVariantDimensionAccumulator>;\ntype DimensionAccumulatorByPrivacy = Map<CacheVariantDimensionPrivacy, DimensionAccumulatorByName>;\ntype DimensionAccumulatorBySource = Map<CacheVariantDimensionSource, DimensionAccumulatorByPrivacy>;\n\nfunction buildBreakerFallback(\n  code: CacheProofRejectionCode,\n  fields: CacheProofTraceFields = {},\n  mode: CacheProofBreakerFallbackMode = \"renderFresh\",\n  scope: CacheProofFallbackScope = \"affectedOutput\",\n): CacheProofBreakerFallback {\n  return {\n    kind: \"breakerFallback\",\n    code,\n    mode,\n    scope,\n    fields,\n  };\n}\n\nfunction sortedUnique(values: readonly string[]): string[] {\n  return [...new Set(values)].sort();\n}\n\nfunction normalizeDimensionName(name: string): string {\n  return name.trim().toLowerCase();\n}\n\nfunction redactValue(value: string): string {\n  return `h:${fnv1a64(value)}`;\n}\n\nfunction sortedUniqueRedacted(values: readonly string[]): string[] {\n  return sortedUnique(sortedUnique(values).map(redactValue));\n}\n\nfunction encodeParts(parts: readonly unknown[]): string {\n  return JSON.stringify(parts);\n}\n\nfunction compareDimensions(a: CacheVariantDimension, b: CacheVariantDimension): number {\n  return (\n    a.source.localeCompare(b.source) ||\n    a.name.localeCompare(b.name) ||\n    a.privacy.localeCompare(b.privacy)\n  );\n}\n\nfunction encodeNullable(value: string | null): string | null {\n  return value;\n}\n\nfunction assertNever(value: never): never {\n  throw new Error(`Unhandled cache proof variant: ${String(value)}`);\n}\n\nfunction encodeOutputScope(output: CacheProofOutputScope): string {\n  switch (output.kind) {\n    case \"app-html\":\n      return encodeParts([\n        output.kind,\n        output.routeId,\n        encodeNullable(output.rootBoundaryId),\n        encodeNullable(output.renderEpoch),\n      ]);\n    case \"app-rsc\":\n      return encodeParts([\n        output.kind,\n        output.routeId,\n        encodeNullable(output.rootBoundaryId),\n        encodeNullable(output.renderEpoch),\n        encodeNullable(output.mountedSlotsFingerprint),\n      ]);\n    case \"layout\":\n      return encodeParts([\n        output.kind,\n        output.routeId,\n        output.layoutId,\n        encodeNullable(output.rootBoundaryId),\n      ]);\n    case \"page\":\n      return encodeParts([\n        output.kind,\n        output.routeId,\n        output.pageId,\n        encodeNullable(output.rootBoundaryId),\n      ]);\n    case \"route-handler\":\n      return encodeParts([output.kind, output.routeId, output.routeHandlerId]);\n    case \"slot\":\n      return encodeParts([\n        output.kind,\n        output.routeId,\n        output.slotId,\n        encodeNullable(output.rootBoundaryId),\n      ]);\n    case \"template\":\n      return encodeParts([\n        output.kind,\n        output.routeId,\n        output.templateId,\n        encodeNullable(output.rootBoundaryId),\n      ]);\n    default:\n      return assertNever(output);\n  }\n}\n\nfunction validateBudgetNumber(name: string, value: number): CacheProofBreakerFallback | null {\n  if (Number.isInteger(value) && value >= 0) return null;\n  return buildBreakerFallback(\"CP_INVALID_VARIANT_BUDGET\", {\n    budgetField: name,\n  });\n}\n\nfunction validateBudget(budget: CacheVariantBudget): CacheProofBreakerFallback | null {\n  return (\n    validateBudgetNumber(\"maxDimensionCount\", budget.maxDimensionCount) ??\n    validateBudgetNumber(\"maxDimensionNameLength\", budget.maxDimensionNameLength) ??\n    validateBudgetNumber(\"maxDimensionValueLength\", budget.maxDimensionValueLength) ??\n    validateBudgetNumber(\"maxEncodedLength\", budget.maxEncodedLength) ??\n    validateBudgetNumber(\"maxValuesPerDimension\", budget.maxValuesPerDimension) ??\n    validateBudgetNumber(\"maxVariantsPerRoute\", budget.maxVariantsPerRoute)\n  );\n}\n\nfunction buildDimension(\n  input: CacheVariantDimensionInput,\n  budget: CacheVariantBudget,\n): CacheVariantDimension | CacheProofBreakerFallback {\n  const name = normalizeDimensionName(input.name);\n  if (name.length === 0) {\n    return buildBreakerFallback(\"CP_DIMENSION_NAME_MISSING\", {\n      source: input.source,\n    });\n  }\n  if (name.length > budget.maxDimensionNameLength) {\n    return buildBreakerFallback(\"CP_DIMENSION_NAME_TOO_LONG\", {\n      maxLength: budget.maxDimensionNameLength,\n      nameHash: redactValue(name),\n      source: input.source,\n    });\n  }\n  if (input.privacy === \"public\" && PUBLIC_UNSAFE_DIMENSION_SOURCES.has(input.source)) {\n    return buildBreakerFallback(\n      \"CP_UNSAFE_PUBLIC_DIMENSION\",\n      {\n        name,\n        source: input.source,\n      },\n      \"privateUncacheable\",\n    );\n  }\n\n  const values = sortedUnique(input.values);\n  if (values.length === 0) {\n    return buildBreakerFallback(\"CP_DIMENSION_VALUES_MISSING\", {\n      name,\n      source: input.source,\n    });\n  }\n  if (values.length > budget.maxValuesPerDimension) {\n    return buildBreakerFallback(\"CP_DIMENSION_VALUE_COUNT_EXCEEDED\", {\n      maxValues: budget.maxValuesPerDimension,\n      name,\n      source: input.source,\n      valueCount: values.length,\n    });\n  }\n  for (const value of values) {\n    if (value.length > budget.maxDimensionValueLength) {\n      return buildBreakerFallback(\"CP_DIMENSION_VALUE_TOO_LONG\", {\n        maxLength: budget.maxDimensionValueLength,\n        name,\n        source: input.source,\n        valueHash: redactValue(value),\n      });\n    }\n  }\n\n  const valueHashes = values.map(redactValue);\n  const encoded = encodeParts([input.source, input.privacy, name, valueHashes]);\n\n  return {\n    encoded,\n    name,\n    privacy: input.privacy,\n    source: input.source,\n    valueCount: valueHashes.length,\n    valueHashes,\n  };\n}\n\nfunction isCacheProofBreakerFallback(\n  value: CacheVariantDimension | CacheProofBreakerFallback,\n): value is CacheProofBreakerFallback {\n  return \"code\" in value;\n}\n\nfunction getDimensionBucket(\n  bySource: DimensionAccumulatorBySource,\n  source: CacheVariantDimensionSource,\n  privacy: CacheVariantDimensionPrivacy,\n): DimensionAccumulatorByName {\n  const existingByPrivacy = bySource.get(source);\n  const byPrivacy = existingByPrivacy ?? new Map();\n  if (!existingByPrivacy) {\n    bySource.set(source, byPrivacy);\n  }\n\n  const existingByName = byPrivacy.get(privacy);\n  const byName = existingByName ?? new Map();\n  if (!existingByName) {\n    byPrivacy.set(privacy, byName);\n  }\n\n  return byName;\n}\n\nfunction mergeDimensionInputs(\n  dimensions: readonly CacheVariantDimensionInput[],\n): CacheVariantDimensionInput[] {\n  const bySource: DimensionAccumulatorBySource = new Map();\n  const orderedDimensions: CacheVariantDimensionAccumulator[] = [];\n\n  for (const dimension of dimensions) {\n    const name = normalizeDimensionName(dimension.name);\n    const bucket = getDimensionBucket(bySource, dimension.source, dimension.privacy);\n    const existing = bucket.get(name);\n    if (existing) {\n      existing.values.push(...dimension.values);\n      continue;\n    }\n    const accumulator = {\n      name,\n      privacy: dimension.privacy,\n      source: dimension.source,\n      values: [...dimension.values],\n    };\n    bucket.set(name, accumulator);\n    orderedDimensions.push(accumulator);\n  }\n\n  return orderedDimensions;\n}\n\nexport function createAppRouteCacheProofGraphScope(\n  route: AppRouteCacheProofGraphScopeInput,\n): AppRouteCacheProofGraphScope {\n  return {\n    routeId: route.ids.route,\n    pageId: route.ids.page,\n    routeHandlerId: route.ids.routeHandler,\n    layoutIds: [...route.ids.layouts],\n    templateIds: [...route.ids.templates],\n    slotIds: sortedUnique(Object.values(route.ids.slots)),\n  };\n}\n\nexport function buildCacheVariant(input: BuildCacheVariantInput): BuildCacheVariantResult {\n  const budgetFallback = validateBudget(input.budget);\n  if (budgetFallback) {\n    return {\n      kind: \"breakerFallback\",\n      fallback: budgetFallback,\n    };\n  }\n  if (input.existingVariantCount >= input.budget.maxVariantsPerRoute) {\n    return {\n      kind: \"breakerFallback\",\n      fallback: buildBreakerFallback(\n        \"CP_ROUTE_VARIANT_CEILING_EXCEEDED\",\n        {\n          existingVariantCount: input.existingVariantCount,\n          maxVariantsPerRoute: input.budget.maxVariantsPerRoute,\n          routeId: input.output.routeId,\n        },\n        \"privateUncacheable\",\n        \"route\",\n      ),\n    };\n  }\n  const dimensionInputs = mergeDimensionInputs(input.dimensions);\n  if (dimensionInputs.length > input.budget.maxDimensionCount) {\n    return {\n      kind: \"breakerFallback\",\n      fallback: buildBreakerFallback(\"CP_DIMENSION_COUNT_EXCEEDED\", {\n        dimensionCount: dimensionInputs.length,\n        maxDimensionCount: input.budget.maxDimensionCount,\n        routeId: input.output.routeId,\n      }),\n    };\n  }\n\n  const dimensions: CacheVariantDimension[] = [];\n  for (const dimensionInput of dimensionInputs) {\n    const dimension = buildDimension(dimensionInput, input.budget);\n    if (isCacheProofBreakerFallback(dimension)) {\n      return {\n        kind: \"breakerFallback\",\n        fallback: dimension,\n      };\n    }\n    dimensions.push(dimension);\n  }\n  dimensions.sort(compareDimensions);\n\n  const encoded = [\n    `schema:${CACHE_PROOF_MODEL_SCHEMA_VERSION}`,\n    encodeOutputScope(input.output),\n    ...dimensions.map((dimension) => dimension.encoded),\n  ].join(\"|\");\n\n  if (encoded.length > input.budget.maxEncodedLength) {\n    return {\n      kind: \"breakerFallback\",\n      fallback: buildBreakerFallback(\"CP_ENCODED_VARIANT_TOO_LONG\", {\n        encodedHash: redactValue(encoded),\n        encodedLength: encoded.length,\n        maxEncodedLength: input.budget.maxEncodedLength,\n        routeId: input.output.routeId,\n      }),\n    };\n  }\n\n  return {\n    kind: \"variant\",\n    variant: {\n      schemaVersion: CACHE_PROOF_MODEL_SCHEMA_VERSION,\n      cacheKey: `cp0:${fnv1a64(encoded)}`,\n      output: input.output,\n      dimensions,\n      encodedLength: encoded.length,\n      budget: { ...input.budget },\n    },\n  };\n}\n\nfunction boundaryOutcomesMatch(expected: BoundaryOutcome, candidate: BoundaryOutcome): boolean {\n  switch (expected.kind) {\n    case \"error\":\n      return candidate.kind === \"error\" && (expected.digest ?? \"\") === (candidate.digest ?? \"\");\n    case \"forbidden\":\n      return candidate.kind === \"forbidden\";\n    case \"globalError\":\n      return (\n        candidate.kind === \"globalError\" && (expected.digest ?? \"\") === (candidate.digest ?? \"\")\n      );\n    case \"notFound\":\n      return candidate.kind === \"notFound\";\n    case \"redirect\":\n      return (\n        candidate.kind === \"redirect\" &&\n        expected.status === candidate.status &&\n        expected.location === candidate.location\n      );\n    case \"success\":\n      return candidate.kind === \"success\";\n    case \"unauthorized\":\n      return candidate.kind === \"unauthorized\";\n    case \"unknown\":\n      return false;\n    default:\n      return assertNever(expected);\n  }\n}\n\nexport function buildBoundaryOutcomeCompatibility(input: {\n  candidate: BoundaryOutcome;\n  expected: BoundaryOutcome;\n}): BoundaryOutcomeCompatibility {\n  if (input.expected.kind === \"unknown\" || input.candidate.kind === \"unknown\") {\n    return {\n      kind: \"incompatible\",\n      expected: input.expected,\n      candidate: input.candidate,\n      fallback: buildBreakerFallback(\"CP_BOUNDARY_OUTCOME_UNKNOWN\", {\n        candidateKind: input.candidate.kind,\n        expectedKind: input.expected.kind,\n      }),\n    };\n  }\n\n  if (boundaryOutcomesMatch(input.expected, input.candidate)) {\n    return {\n      kind: \"compatible\",\n      outcome: input.candidate,\n      reason: \"CP_BOUNDARY_OUTCOME_MATCH\",\n    };\n  }\n\n  return {\n    kind: \"incompatible\",\n    expected: input.expected,\n    candidate: input.candidate,\n    fallback: buildBreakerFallback(\"CP_BOUNDARY_OUTCOME_MISMATCH\", {\n      candidateKind: input.candidate.kind,\n      expectedKind: input.expected.kind,\n    }),\n  };\n}\n\nfunction requestApiStatusRank(status: RenderRequestApiStatus): number {\n  switch (status) {\n    case \"notObserved\":\n      return 0;\n    case \"unknown\":\n      return 1;\n    case \"observed\":\n      return 2;\n    default:\n      return assertNever(status);\n  }\n}\n\nfunction normalizeRequestApiObservations(\n  observations: readonly RenderRequestApiObservation[],\n): RenderRequestApiObservation[] {\n  const byKind = new Map<RenderRequestApiKind, RenderRequestApiStatus>();\n  for (const observation of observations) {\n    const current = byKind.get(observation.kind);\n    if (\n      current === undefined ||\n      requestApiStatusRank(observation.status) > requestApiStatusRank(current)\n    ) {\n      byKind.set(observation.kind, observation.status);\n    }\n  }\n\n  return [...byKind.entries()]\n    .sort(([left], [right]) => left.localeCompare(right))\n    .map(([kind, status]) => ({ kind, status }));\n}\n\nexport function buildRenderObservation(input: BuildRenderObservationInput): RenderObservation {\n  return {\n    schemaVersion: CACHE_PROOF_MODEL_SCHEMA_VERSION,\n    output: input.output,\n    completeness: input.completeness,\n    boundaryOutcome: input.boundaryOutcome,\n    requestApis: normalizeRequestApiObservations(input.requestApis),\n    dynamicFetches: sortedUniqueRedacted(input.dynamicFetches),\n    cacheTags: sortedUnique(input.cacheTags),\n    pathTags: sortedUnique(input.pathTags),\n    cacheability: input.cacheability,\n  };\n}\n\nexport function hasCompleteNegativeRequestApiProof(\n  observation: RenderObservation,\n  requiredApis: readonly RenderRequestApiKind[],\n): boolean {\n  if (observation.completeness !== \"complete\") return false;\n\n  const statuses = new Map<RenderRequestApiKind, RenderRequestApiStatus>();\n  for (const requestApi of observation.requestApis) {\n    statuses.set(requestApi.kind, requestApi.status);\n  }\n\n  for (const api of requiredApis) {\n    if (statuses.get(api) !== \"notObserved\") return false;\n  }\n  return true;\n}\n\nexport function createDisabledCacheProofDecision(\n  input: CreateDisabledCacheProofDecisionInput,\n): DisabledCacheProofDecision {\n  return {\n    kind: \"disabled\",\n    canReuse: false,\n    variant: input.variant,\n    observation: input.observation,\n    fallback: buildBreakerFallback(\"CP_MODEL_DISABLED\"),\n  };\n}\n"],"mappings":";;AAGA,MAAa,mCAAmC;AA0ChD,MAAa,+BAA+B;CAC1C,mBAAmB;CACnB,wBAAwB;CACxB,yBAAyB;CACzB,kBAAkB;CAClB,uBAAuB;CACvB,qBAAqB;CACtB;AAyLD,MAAM,kCAA4E,IAAI,IAAI;CACxF;CACA;CACA;CACA;CACA;CACD,CAAC;AAaF,SAAS,qBACP,MACA,SAAgC,EAAE,EAClC,OAAsC,eACtC,QAAiC,kBACN;AAC3B,QAAO;EACL,MAAM;EACN;EACA;EACA;EACA;EACD;;AAGH,SAAS,aAAa,QAAqC;AACzD,QAAO,CAAC,GAAG,IAAI,IAAI,OAAO,CAAC,CAAC,MAAM;;AAGpC,SAAS,uBAAuB,MAAsB;AACpD,QAAO,KAAK,MAAM,CAAC,aAAa;;AAGlC,SAAS,YAAY,OAAuB;AAC1C,QAAO,KAAK,QAAQ,MAAM;;AAG5B,SAAS,qBAAqB,QAAqC;AACjE,QAAO,aAAa,aAAa,OAAO,CAAC,IAAI,YAAY,CAAC;;AAG5D,SAAS,YAAY,OAAmC;AACtD,QAAO,KAAK,UAAU,MAAM;;AAG9B,SAAS,kBAAkB,GAA0B,GAAkC;AACrF,QACE,EAAE,OAAO,cAAc,EAAE,OAAO,IAChC,EAAE,KAAK,cAAc,EAAE,KAAK,IAC5B,EAAE,QAAQ,cAAc,EAAE,QAAQ;;AAItC,SAAS,eAAe,OAAqC;AAC3D,QAAO;;AAGT,SAAS,YAAY,OAAqB;AACxC,OAAM,IAAI,MAAM,kCAAkC,OAAO,MAAM,GAAG;;AAGpE,SAAS,kBAAkB,QAAuC;AAChE,SAAQ,OAAO,MAAf;EACE,KAAK,WACH,QAAO,YAAY;GACjB,OAAO;GACP,OAAO;GACP,eAAe,OAAO,eAAe;GACrC,eAAe,OAAO,YAAY;GACnC,CAAC;EACJ,KAAK,UACH,QAAO,YAAY;GACjB,OAAO;GACP,OAAO;GACP,eAAe,OAAO,eAAe;GACrC,eAAe,OAAO,YAAY;GAClC,eAAe,OAAO,wBAAwB;GAC/C,CAAC;EACJ,KAAK,SACH,QAAO,YAAY;GACjB,OAAO;GACP,OAAO;GACP,OAAO;GACP,eAAe,OAAO,eAAe;GACtC,CAAC;EACJ,KAAK,OACH,QAAO,YAAY;GACjB,OAAO;GACP,OAAO;GACP,OAAO;GACP,eAAe,OAAO,eAAe;GACtC,CAAC;EACJ,KAAK,gBACH,QAAO,YAAY;GAAC,OAAO;GAAM,OAAO;GAAS,OAAO;GAAe,CAAC;EAC1E,KAAK,OACH,QAAO,YAAY;GACjB,OAAO;GACP,OAAO;GACP,OAAO;GACP,eAAe,OAAO,eAAe;GACtC,CAAC;EACJ,KAAK,WACH,QAAO,YAAY;GACjB,OAAO;GACP,OAAO;GACP,OAAO;GACP,eAAe,OAAO,eAAe;GACtC,CAAC;EACJ,QACE,QAAO,YAAY,OAAO;;;AAIhC,SAAS,qBAAqB,MAAc,OAAiD;AAC3F,KAAI,OAAO,UAAU,MAAM,IAAI,SAAS,EAAG,QAAO;AAClD,QAAO,qBAAqB,6BAA6B,EACvD,aAAa,MACd,CAAC;;AAGJ,SAAS,eAAe,QAA8D;AACpF,QACE,qBAAqB,qBAAqB,OAAO,kBAAkB,IACnE,qBAAqB,0BAA0B,OAAO,uBAAuB,IAC7E,qBAAqB,2BAA2B,OAAO,wBAAwB,IAC/E,qBAAqB,oBAAoB,OAAO,iBAAiB,IACjE,qBAAqB,yBAAyB,OAAO,sBAAsB,IAC3E,qBAAqB,uBAAuB,OAAO,oBAAoB;;AAI3E,SAAS,eACP,OACA,QACmD;CACnD,MAAM,OAAO,uBAAuB,MAAM,KAAK;AAC/C,KAAI,KAAK,WAAW,EAClB,QAAO,qBAAqB,6BAA6B,EACvD,QAAQ,MAAM,QACf,CAAC;AAEJ,KAAI,KAAK,SAAS,OAAO,uBACvB,QAAO,qBAAqB,8BAA8B;EACxD,WAAW,OAAO;EAClB,UAAU,YAAY,KAAK;EAC3B,QAAQ,MAAM;EACf,CAAC;AAEJ,KAAI,MAAM,YAAY,YAAY,gCAAgC,IAAI,MAAM,OAAO,CACjF,QAAO,qBACL,8BACA;EACE;EACA,QAAQ,MAAM;EACf,EACD,qBACD;CAGH,MAAM,SAAS,aAAa,MAAM,OAAO;AACzC,KAAI,OAAO,WAAW,EACpB,QAAO,qBAAqB,+BAA+B;EACzD;EACA,QAAQ,MAAM;EACf,CAAC;AAEJ,KAAI,OAAO,SAAS,OAAO,sBACzB,QAAO,qBAAqB,qCAAqC;EAC/D,WAAW,OAAO;EAClB;EACA,QAAQ,MAAM;EACd,YAAY,OAAO;EACpB,CAAC;AAEJ,MAAK,MAAM,SAAS,OAClB,KAAI,MAAM,SAAS,OAAO,wBACxB,QAAO,qBAAqB,+BAA+B;EACzD,WAAW,OAAO;EAClB;EACA,QAAQ,MAAM;EACd,WAAW,YAAY,MAAM;EAC9B,CAAC;CAIN,MAAM,cAAc,OAAO,IAAI,YAAY;AAG3C,QAAO;EACL,SAHc,YAAY;GAAC,MAAM;GAAQ,MAAM;GAAS;GAAM;GAAY,CAAC;EAI3E;EACA,SAAS,MAAM;EACf,QAAQ,MAAM;EACd,YAAY,YAAY;EACxB;EACD;;AAGH,SAAS,4BACP,OACoC;AACpC,QAAO,UAAU;;AAGnB,SAAS,mBACP,UACA,QACA,SAC4B;CAC5B,MAAM,oBAAoB,SAAS,IAAI,OAAO;CAC9C,MAAM,YAAY,qCAAqB,IAAI,KAAK;AAChD,KAAI,CAAC,kBACH,UAAS,IAAI,QAAQ,UAAU;CAGjC,MAAM,iBAAiB,UAAU,IAAI,QAAQ;CAC7C,MAAM,SAAS,kCAAkB,IAAI,KAAK;AAC1C,KAAI,CAAC,eACH,WAAU,IAAI,SAAS,OAAO;AAGhC,QAAO;;AAGT,SAAS,qBACP,YAC8B;CAC9B,MAAM,2BAAyC,IAAI,KAAK;CACxD,MAAM,oBAAwD,EAAE;AAEhE,MAAK,MAAM,aAAa,YAAY;EAClC,MAAM,OAAO,uBAAuB,UAAU,KAAK;EACnD,MAAM,SAAS,mBAAmB,UAAU,UAAU,QAAQ,UAAU,QAAQ;EAChF,MAAM,WAAW,OAAO,IAAI,KAAK;AACjC,MAAI,UAAU;AACZ,YAAS,OAAO,KAAK,GAAG,UAAU,OAAO;AACzC;;EAEF,MAAM,cAAc;GAClB;GACA,SAAS,UAAU;GACnB,QAAQ,UAAU;GAClB,QAAQ,CAAC,GAAG,UAAU,OAAO;GAC9B;AACD,SAAO,IAAI,MAAM,YAAY;AAC7B,oBAAkB,KAAK,YAAY;;AAGrC,QAAO;;AAGT,SAAgB,mCACd,OAC8B;AAC9B,QAAO;EACL,SAAS,MAAM,IAAI;EACnB,QAAQ,MAAM,IAAI;EAClB,gBAAgB,MAAM,IAAI;EAC1B,WAAW,CAAC,GAAG,MAAM,IAAI,QAAQ;EACjC,aAAa,CAAC,GAAG,MAAM,IAAI,UAAU;EACrC,SAAS,aAAa,OAAO,OAAO,MAAM,IAAI,MAAM,CAAC;EACtD;;AAGH,SAAgB,kBAAkB,OAAwD;CACxF,MAAM,iBAAiB,eAAe,MAAM,OAAO;AACnD,KAAI,eACF,QAAO;EACL,MAAM;EACN,UAAU;EACX;AAEH,KAAI,MAAM,wBAAwB,MAAM,OAAO,oBAC7C,QAAO;EACL,MAAM;EACN,UAAU,qBACR,qCACA;GACE,sBAAsB,MAAM;GAC5B,qBAAqB,MAAM,OAAO;GAClC,SAAS,MAAM,OAAO;GACvB,EACD,sBACA,QACD;EACF;CAEH,MAAM,kBAAkB,qBAAqB,MAAM,WAAW;AAC9D,KAAI,gBAAgB,SAAS,MAAM,OAAO,kBACxC,QAAO;EACL,MAAM;EACN,UAAU,qBAAqB,+BAA+B;GAC5D,gBAAgB,gBAAgB;GAChC,mBAAmB,MAAM,OAAO;GAChC,SAAS,MAAM,OAAO;GACvB,CAAC;EACH;CAGH,MAAM,aAAsC,EAAE;AAC9C,MAAK,MAAM,kBAAkB,iBAAiB;EAC5C,MAAM,YAAY,eAAe,gBAAgB,MAAM,OAAO;AAC9D,MAAI,4BAA4B,UAAU,CACxC,QAAO;GACL,MAAM;GACN,UAAU;GACX;AAEH,aAAW,KAAK,UAAU;;AAE5B,YAAW,KAAK,kBAAkB;CAElC,MAAM,UAAU;EACd;EACA,kBAAkB,MAAM,OAAO;EAC/B,GAAG,WAAW,KAAK,cAAc,UAAU,QAAQ;EACpD,CAAC,KAAK,IAAI;AAEX,KAAI,QAAQ,SAAS,MAAM,OAAO,iBAChC,QAAO;EACL,MAAM;EACN,UAAU,qBAAqB,+BAA+B;GAC5D,aAAa,YAAY,QAAQ;GACjC,eAAe,QAAQ;GACvB,kBAAkB,MAAM,OAAO;GAC/B,SAAS,MAAM,OAAO;GACvB,CAAC;EACH;AAGH,QAAO;EACL,MAAM;EACN,SAAS;GACP,eAAA;GACA,UAAU,OAAO,QAAQ,QAAQ;GACjC,QAAQ,MAAM;GACd;GACA,eAAe,QAAQ;GACvB,QAAQ,EAAE,GAAG,MAAM,QAAQ;GAC5B;EACF;;AAGH,SAAS,sBAAsB,UAA2B,WAAqC;AAC7F,SAAQ,SAAS,MAAjB;EACE,KAAK,QACH,QAAO,UAAU,SAAS,YAAY,SAAS,UAAU,SAAS,UAAU,UAAU;EACxF,KAAK,YACH,QAAO,UAAU,SAAS;EAC5B,KAAK,cACH,QACE,UAAU,SAAS,kBAAkB,SAAS,UAAU,SAAS,UAAU,UAAU;EAEzF,KAAK,WACH,QAAO,UAAU,SAAS;EAC5B,KAAK,WACH,QACE,UAAU,SAAS,cACnB,SAAS,WAAW,UAAU,UAC9B,SAAS,aAAa,UAAU;EAEpC,KAAK,UACH,QAAO,UAAU,SAAS;EAC5B,KAAK,eACH,QAAO,UAAU,SAAS;EAC5B,KAAK,UACH,QAAO;EACT,QACE,QAAO,YAAY,SAAS;;;AAIlC,SAAgB,kCAAkC,OAGjB;AAC/B,KAAI,MAAM,SAAS,SAAS,aAAa,MAAM,UAAU,SAAS,UAChE,QAAO;EACL,MAAM;EACN,UAAU,MAAM;EAChB,WAAW,MAAM;EACjB,UAAU,qBAAqB,+BAA+B;GAC5D,eAAe,MAAM,UAAU;GAC/B,cAAc,MAAM,SAAS;GAC9B,CAAC;EACH;AAGH,KAAI,sBAAsB,MAAM,UAAU,MAAM,UAAU,CACxD,QAAO;EACL,MAAM;EACN,SAAS,MAAM;EACf,QAAQ;EACT;AAGH,QAAO;EACL,MAAM;EACN,UAAU,MAAM;EAChB,WAAW,MAAM;EACjB,UAAU,qBAAqB,gCAAgC;GAC7D,eAAe,MAAM,UAAU;GAC/B,cAAc,MAAM,SAAS;GAC9B,CAAC;EACH;;AAGH,SAAS,qBAAqB,QAAwC;AACpE,SAAQ,QAAR;EACE,KAAK,cACH,QAAO;EACT,KAAK,UACH,QAAO;EACT,KAAK,WACH,QAAO;EACT,QACE,QAAO,YAAY,OAAO;;;AAIhC,SAAS,gCACP,cAC+B;CAC/B,MAAM,yBAAS,IAAI,KAAmD;AACtE,MAAK,MAAM,eAAe,cAAc;EACtC,MAAM,UAAU,OAAO,IAAI,YAAY,KAAK;AAC5C,MACE,YAAY,KAAA,KACZ,qBAAqB,YAAY,OAAO,GAAG,qBAAqB,QAAQ,CAExE,QAAO,IAAI,YAAY,MAAM,YAAY,OAAO;;AAIpD,QAAO,CAAC,GAAG,OAAO,SAAS,CAAC,CACzB,MAAM,CAAC,OAAO,CAAC,WAAW,KAAK,cAAc,MAAM,CAAC,CACpD,KAAK,CAAC,MAAM,aAAa;EAAE;EAAM;EAAQ,EAAE;;AAGhD,SAAgB,uBAAuB,OAAuD;AAC5F,QAAO;EACL,eAAA;EACA,QAAQ,MAAM;EACd,cAAc,MAAM;EACpB,iBAAiB,MAAM;EACvB,aAAa,gCAAgC,MAAM,YAAY;EAC/D,gBAAgB,qBAAqB,MAAM,eAAe;EAC1D,WAAW,aAAa,MAAM,UAAU;EACxC,UAAU,aAAa,MAAM,SAAS;EACtC,cAAc,MAAM;EACrB;;AAGH,SAAgB,mCACd,aACA,cACS;AACT,KAAI,YAAY,iBAAiB,WAAY,QAAO;CAEpD,MAAM,2BAAW,IAAI,KAAmD;AACxE,MAAK,MAAM,cAAc,YAAY,YACnC,UAAS,IAAI,WAAW,MAAM,WAAW,OAAO;AAGlD,MAAK,MAAM,OAAO,aAChB,KAAI,SAAS,IAAI,IAAI,KAAK,cAAe,QAAO;AAElD,QAAO;;AAGT,SAAgB,iCACd,OAC4B;AAC5B,QAAO;EACL,MAAM;EACN,UAAU;EACV,SAAS,MAAM;EACf,aAAa,MAAM;EACnB,UAAU,qBAAqB,oBAAoB;EACpD"}

package/dist/server/dev-origin-check.js

@@ -96,12 +96,16 @@ function generateDevOriginCheckCode(allowedDevOrigins) {
 const __allowedDevOrigins = ${JSON.stringify(allowedDevOrigins ?? [])};
 const __safeDevHosts = ["localhost", "127.0.0.1", "[::1]"];
 
+function __forbidden() {
+  return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+}
+
 function __validateDevRequestOrigin(request) {
   // Check Sec-Fetch headers (catches <script> tag exfiltration)
   if (request.headers.get("sec-fetch-mode") === "no-cors" &&
       request.headers.get("sec-fetch-site") === "cross-site") {
     console.warn("[vinext] Blocked cross-site no-cors request to " + new URL(request.url).pathname);
-    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+    return __forbidden();
   }
 
   const origin = request.headers.get("origin");
@@ -111,7 +115,7 @@ function __validateDevRequestOrigin(request) {
   if (origin === "null") {
     if (!__allowedDevOrigins.includes("null")) {
       console.warn("[vinext] Blocked request with Origin: null. Add \\"null\\" to allowedDevOrigins to allow sandboxed contexts.");
-      return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+      return __forbidden();
     }
     return null;
   }
@@ -120,7 +124,7 @@ function __validateDevRequestOrigin(request) {
   try {
     originHostname = new URL(origin).hostname.toLowerCase();
   } catch {
-    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+    return __forbidden();
   }
 
   // Allow localhost, 127.0.0.1, [::1], and *.localhost
@@ -144,7 +148,7 @@ function __validateDevRequestOrigin(request) {
     \`[vinext] Blocked cross-origin request from "\${origin}" to \${new URL(request.url).pathname}. \` +
     \`To allow this origin, add it to allowedDevOrigins in next.config.js.\`
   );
-  return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  return __forbidden();
 }
 `;
 }