vinext 0.0.50 → 0.0.52

package/dist/shims/font-utils.js

@@ -0,0 +1,97 @@
+//#region src/shims/font-utils.ts
+/**
+* Escape a string for safe interpolation inside a CSS single-quoted string.
+*
+* Prevents CSS injection by escaping characters that could break out of
+* a `'...'` CSS string context: backslashes, single quotes, and newlines.
+*
+* Used by font-google-base.ts, font-local.ts, and fallback-metrics.ts.
+*/
+function escapeCSSString(value) {
+	return value.replace(/\\/g, "\\\\").replace(/'/g, "\\'").replace(/\n/g, "\\a ").replace(/\r/g, "\\d ");
+}
+/**
+* Validate a CSS custom property name (e.g. `--font-inter`).
+*
+* Custom properties must start with `--` and only contain alphanumeric
+* characters, hyphens, and underscores. Anything else could be used to
+* break out of the CSS declaration and inject arbitrary rules.
+*
+* Returns the name if valid, undefined otherwise.
+*/
+function sanitizeCSSVarName(name) {
+	if (/^--[a-zA-Z0-9_-]+$/.test(name)) return name;
+}
+/**
+* Sanitize a CSS font-family fallback name.
+*
+* Generic family names (sans-serif, serif, monospace, etc.) are used as-is.
+* Named families are wrapped in escaped quotes. This prevents injection via
+* crafted fallback values like `); } body { color: red; } .x {`.
+*/
+function sanitizeFallback(name) {
+	const generics = new Set([
+		"serif",
+		"sans-serif",
+		"monospace",
+		"cursive",
+		"fantasy",
+		"system-ui",
+		"ui-serif",
+		"ui-sans-serif",
+		"ui-monospace",
+		"ui-rounded",
+		"emoji",
+		"math",
+		"fangsong"
+	]);
+	const trimmed = name.trim();
+	if (generics.has(trimmed)) return trimmed;
+	return `'${escapeCSSString(trimmed)}'`;
+}
+function singleFontOptionValue(value) {
+	if (Array.isArray(value)) return new Set(value).size === 1 ? value[0] : void 0;
+	return value;
+}
+function sanitizeFontDescriptorValue(value) {
+	if (/[{};]|\/\*|\*\/|<\//i.test(value)) return void 0;
+	return value;
+}
+function resolveFontWeight(weight) {
+	const value = singleFontOptionValue(weight);
+	if (!value || value.includes(" ")) return void 0;
+	const numericWeight = Number(value);
+	return Number.isFinite(numericWeight) ? numericWeight : void 0;
+}
+function resolveFontStyle(style) {
+	const value = singleFontOptionValue(style);
+	if (!value || value.includes(" ")) return void 0;
+	return sanitizeFontDescriptorValue(value);
+}
+function resolveGoogleFontStyle(style) {
+	if (style === void 0) return "normal";
+	const value = singleFontOptionValue(style);
+	if (!value) return void 0;
+	if (value === "normal" || value === "italic") return value;
+}
+function resolveSingleFaceStyle(input) {
+	const fontWeight = input.internalWeight ?? resolveFontWeight(input.weight);
+	const fontStyle = (input.internalStyle ? sanitizeFontDescriptorValue(input.internalStyle) : void 0) ?? (input.google ? resolveGoogleFontStyle(input.style) : resolveFontStyle(input.style));
+	return {
+		fontFamily: input.fontFamily,
+		...fontWeight !== void 0 ? { fontWeight } : {},
+		...fontStyle ? { fontStyle } : {}
+	};
+}
+function formatFontClassRule(className, style) {
+	const fontStyle = style.fontStyle ? sanitizeFontDescriptorValue(style.fontStyle) : void 0;
+	return `.${className} { ${[
+		`font-family: ${style.fontFamily}`,
+		...style.fontWeight !== void 0 ? [`font-weight: ${style.fontWeight}`] : [],
+		...fontStyle ? [`font-style: ${fontStyle}`] : []
+	].join("; ")}; }\n`;
+}
+//#endregion
+export { escapeCSSString, formatFontClassRule, resolveFontStyle, resolveFontWeight, resolveGoogleFontStyle, resolveSingleFaceStyle, sanitizeCSSVarName, sanitizeFallback, sanitizeFontDescriptorValue, singleFontOptionValue };
+
+//# sourceMappingURL=font-utils.js.map

package/dist/shims/font-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"font-utils.js","names":[],"sources":["../../src/shims/font-utils.ts"],"sourcesContent":["export type FontStyle = {\n  fontFamily: string;\n  fontWeight?: number;\n  fontStyle?: string;\n};\n\nexport type FontFaceStyleInput = {\n  fontFamily: string;\n  weight?: string | string[];\n  style?: string | string[];\n  internalWeight?: number;\n  internalStyle?: string;\n  google?: boolean;\n};\n\n/**\n * Escape a string for safe interpolation inside a CSS single-quoted string.\n *\n * Prevents CSS injection by escaping characters that could break out of\n * a `'...'` CSS string context: backslashes, single quotes, and newlines.\n *\n * Used by font-google-base.ts, font-local.ts, and fallback-metrics.ts.\n */\nexport function escapeCSSString(value: string): string {\n  return value\n    .replace(/\\\\/g, \"\\\\\\\\\")\n    .replace(/'/g, \"\\\\'\")\n    .replace(/\\n/g, \"\\\\a \")\n    .replace(/\\r/g, \"\\\\d \");\n}\n\n/**\n * Validate a CSS custom property name (e.g. `--font-inter`).\n *\n * Custom properties must start with `--` and only contain alphanumeric\n * characters, hyphens, and underscores. Anything else could be used to\n * break out of the CSS declaration and inject arbitrary rules.\n *\n * Returns the name if valid, undefined otherwise.\n */\nexport function sanitizeCSSVarName(name: string): string | undefined {\n  if (/^--[a-zA-Z0-9_-]+$/.test(name)) return name;\n  return undefined;\n}\n\n/**\n * Sanitize a CSS font-family fallback name.\n *\n * Generic family names (sans-serif, serif, monospace, etc.) are used as-is.\n * Named families are wrapped in escaped quotes. This prevents injection via\n * crafted fallback values like `); } body { color: red; } .x {`.\n */\nexport function sanitizeFallback(name: string): string {\n  // CSS generic font families — safe to use unquoted\n  const generics = new Set([\n    \"serif\",\n    \"sans-serif\",\n    \"monospace\",\n    \"cursive\",\n    \"fantasy\",\n    \"system-ui\",\n    \"ui-serif\",\n    \"ui-sans-serif\",\n    \"ui-monospace\",\n    \"ui-rounded\",\n    \"emoji\",\n    \"math\",\n    \"fangsong\",\n  ]);\n  const trimmed = name.trim();\n  if (generics.has(trimmed)) return trimmed;\n  // Wrap in single quotes with escaping to prevent CSS injection\n  return `'${escapeCSSString(trimmed)}'`;\n}\n\nexport function singleFontOptionValue(value: string | string[] | undefined): string | undefined {\n  if (Array.isArray(value)) {\n    const values = new Set(value);\n    return values.size === 1 ? value[0] : undefined;\n  }\n  return value;\n}\n\nexport function sanitizeFontDescriptorValue(value: string): string | undefined {\n  if (/[{};]|\\/\\*|\\*\\/|<\\//i.test(value)) return undefined;\n  return value;\n}\n\nexport function resolveFontWeight(weight: string | string[] | undefined): number | undefined {\n  const value = singleFontOptionValue(weight);\n  if (!value || value.includes(\" \")) return undefined;\n  const numericWeight = Number(value);\n  return Number.isFinite(numericWeight) ? numericWeight : undefined;\n}\n\nexport function resolveFontStyle(style: string | string[] | undefined): string | undefined {\n  const value = singleFontOptionValue(style);\n  if (!value || value.includes(\" \")) return undefined;\n  return sanitizeFontDescriptorValue(value);\n}\n\nexport function resolveGoogleFontStyle(style: string | string[] | undefined): string | undefined {\n  if (style === undefined) return \"normal\";\n  const value = singleFontOptionValue(style);\n  if (!value) return undefined;\n  if (value === \"normal\" || value === \"italic\") return value;\n  return undefined;\n}\n\nexport function resolveSingleFaceStyle(input: FontFaceStyleInput): FontStyle {\n  const fontWeight = input.internalWeight ?? resolveFontWeight(input.weight);\n  const internalStyle = input.internalStyle\n    ? sanitizeFontDescriptorValue(input.internalStyle)\n    : undefined;\n  const fontStyle =\n    internalStyle ??\n    (input.google ? resolveGoogleFontStyle(input.style) : resolveFontStyle(input.style));\n\n  return {\n    fontFamily: input.fontFamily,\n    ...(fontWeight !== undefined ? { fontWeight } : {}),\n    ...(fontStyle ? { fontStyle } : {}),\n  };\n}\n\nexport function formatFontClassRule(className: string, style: FontStyle): string {\n  const fontStyle = style.fontStyle ? sanitizeFontDescriptorValue(style.fontStyle) : undefined;\n  const declarations = [\n    `font-family: ${style.fontFamily}`,\n    ...(style.fontWeight !== undefined ? [`font-weight: ${style.fontWeight}`] : []),\n    ...(fontStyle ? [`font-style: ${fontStyle}`] : []),\n  ];\n  return `.${className} { ${declarations.join(\"; \")}; }\\n`;\n}\n"],"mappings":";;;;;;;;;AAuBA,SAAgB,gBAAgB,OAAuB;CACrD,OAAO,MACJ,QAAQ,OAAO,OAAO,CACtB,QAAQ,MAAM,MAAM,CACpB,QAAQ,OAAO,OAAO,CACtB,QAAQ,OAAO,OAAO;;;;;;;;;;;AAY3B,SAAgB,mBAAmB,MAAkC;CACnE,IAAI,qBAAqB,KAAK,KAAK,EAAE,OAAO;;;;;;;;;AAW9C,SAAgB,iBAAiB,MAAsB;CAErD,MAAM,WAAW,IAAI,IAAI;EACvB;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD,CAAC;CACF,MAAM,UAAU,KAAK,MAAM;CAC3B,IAAI,SAAS,IAAI,QAAQ,EAAE,OAAO;CAElC,OAAO,IAAI,gBAAgB,QAAQ,CAAC;;AAGtC,SAAgB,sBAAsB,OAA0D;CAC9F,IAAI,MAAM,QAAQ,MAAM,EAEtB,OAAO,IADY,IAAI,MACV,CAAC,SAAS,IAAI,MAAM,KAAK,KAAA;CAExC,OAAO;;AAGT,SAAgB,4BAA4B,OAAmC;CAC7E,IAAI,uBAAuB,KAAK,MAAM,EAAE,OAAO,KAAA;CAC/C,OAAO;;AAGT,SAAgB,kBAAkB,QAA2D;CAC3F,MAAM,QAAQ,sBAAsB,OAAO;CAC3C,IAAI,CAAC,SAAS,MAAM,SAAS,IAAI,EAAE,OAAO,KAAA;CAC1C,MAAM,gBAAgB,OAAO,MAAM;CACnC,OAAO,OAAO,SAAS,cAAc,GAAG,gBAAgB,KAAA;;AAG1D,SAAgB,iBAAiB,OAA0D;CACzF,MAAM,QAAQ,sBAAsB,MAAM;CAC1C,IAAI,CAAC,SAAS,MAAM,SAAS,IAAI,EAAE,OAAO,KAAA;CAC1C,OAAO,4BAA4B,MAAM;;AAG3C,SAAgB,uBAAuB,OAA0D;CAC/F,IAAI,UAAU,KAAA,GAAW,OAAO;CAChC,MAAM,QAAQ,sBAAsB,MAAM;CAC1C,IAAI,CAAC,OAAO,OAAO,KAAA;CACnB,IAAI,UAAU,YAAY,UAAU,UAAU,OAAO;;AAIvD,SAAgB,uBAAuB,OAAsC;CAC3E,MAAM,aAAa,MAAM,kBAAkB,kBAAkB,MAAM,OAAO;CAI1E,MAAM,aAHgB,MAAM,gBACxB,4BAA4B,MAAM,cAAc,GAChD,KAAA,OAGD,MAAM,SAAS,uBAAuB,MAAM,MAAM,GAAG,iBAAiB,MAAM,MAAM;CAErF,OAAO;EACL,YAAY,MAAM;EAClB,GAAI,eAAe,KAAA,IAAY,EAAE,YAAY,GAAG,EAAE;EAClD,GAAI,YAAY,EAAE,WAAW,GAAG,EAAE;EACnC;;AAGH,SAAgB,oBAAoB,WAAmB,OAA0B;CAC/E,MAAM,YAAY,MAAM,YAAY,4BAA4B,MAAM,UAAU,GAAG,KAAA;CAMnF,OAAO,IAAI,UAAU,KAAK;EAJxB,gBAAgB,MAAM;EACtB,GAAI,MAAM,eAAe,KAAA,IAAY,CAAC,gBAAgB,MAAM,aAAa,GAAG,EAAE;EAC9E,GAAI,YAAY,CAAC,eAAe,YAAY,GAAG,EAAE;EAEb,CAAC,KAAK,KAAK,CAAC"}

package/dist/shims/form.js

@@ -1,6 +1,7 @@
 "use client";
 import { isDangerousScheme } from "./url-safety.js";
-import { toSameOriginPath } from "./url-utils.js";
+import { toSameOriginPath, withBasePath } from "./url-utils.js";
+import { hasAppNavigationRuntime } from "../client/navigation-runtime.js";
 import { navigateClientSide } from "./navigation.js";
 import { forwardRef, useActionState } from "react";
 import { jsx } from "react/jsx-runtime";
@@ -22,6 +23,7 @@ import { jsx } from "react/jsx-runtime";
 *     <button type="submit">Search</button>
 *   </Form>
 */
+const __basePath = process.env.__NEXT_ROUTER_BASEPATH ?? "";
 const SUPPORTED_FORM_ENCTYPE = "application/x-www-form-urlencoded";
 const SUPPORTED_FORM_METHOD = "GET";
 const SUPPORTED_FORM_TARGET = "_self";
@@ -112,6 +114,7 @@ const Form = forwardRef(function Form(props, ref) {
 			...rest
 		});
 	}
+	const actionHref = withBasePath(action, __basePath);
 	async function handleSubmit(e) {
 		if (onSubmit) {
 			onSubmit(e);
@@ -120,7 +123,7 @@ const Form = forwardRef(function Form(props, ref) {
 		const submitter = getSubmitter(e.nativeEvent);
 		if (submitter && hasUnsupportedSubmitterAttributes(submitter)) return;
 		if (getEffectiveMethod(submitter, rest.method) !== "GET") return;
-		const effectiveAction = getEffectiveAction(submitter, action);
+		const effectiveAction = getEffectiveAction(submitter, actionHref);
 		if (process.env.NODE_ENV !== "production" && submitter?.getAttribute("formaction") !== null) checkFormActionUrl(effectiveAction, "formAction");
 		if (!isSafeAction(effectiveAction)) {
 			if (process.env.NODE_ENV !== "production") console.warn(`<Form> blocked unsafe action: ${effectiveAction}`);
@@ -129,17 +132,21 @@ const Form = forwardRef(function Form(props, ref) {
 		}
 		e.preventDefault();
 		const url = createFormSubmitDestinationUrl(effectiveAction, e.currentTarget, submitter);
-		if (typeof window.__VINEXT_RSC_NAVIGATE__ === "function") await navigateClientSide(url, replace ? "replace" : "push", scroll);
-		else {
+		if (hasAppNavigationRuntime()) await navigateClientSide(url, replace ? "replace" : "push", scroll);
+		else try {
+			const Router = (await import("./router.js")).default;
+			if (replace) await Router.replace(url, void 0, { scroll });
+			else await Router.push(url, void 0, { scroll });
+		} catch {
 			if (replace) window.history.replaceState({}, "", url);
 			else window.history.pushState({}, "", url);
 			window.dispatchEvent(new PopStateEvent("popstate"));
+			if (scroll) window.scrollTo(0, 0);
 		}
-		if (typeof window.__VINEXT_RSC_NAVIGATE__ !== "function" && scroll) window.scrollTo(0, 0);
 	}
 	return /* @__PURE__ */ jsx("form", {
 		ref,
-		action,
+		action: actionHref,
 		onSubmit: (event) => {
 			handleSubmit(event);
 		},

package/dist/shims/form.js.map

@@ -1 +1 @@
-{"version":3,"file":"form.js","names":[],"sources":["../../src/shims/form.tsx"],"sourcesContent":["\"use client\";\n\n/**\n * next/form shim\n *\n * Progressive enhancement form component. In Next.js, this replaces\n * the standard <form> element with one that intercepts submissions\n * and performs client-side navigation for GET forms (search forms).\n *\n * For POST forms with server actions, it delegates to React's built-in\n * form action handling.\n *\n * Usage:\n *   import Form from 'next/form';\n *   <Form action=\"/search\">\n *     <input name=\"q\" />\n *     <button type=\"submit\">Search</button>\n *   </Form>\n */\n\nimport { forwardRef, useActionState, type FormHTMLAttributes, type ForwardedRef } from \"react\";\nimport { navigateClientSide } from \"./navigation.js\";\nimport { isDangerousScheme } from \"./url-safety.js\";\nimport { toSameOriginPath } from \"./url-utils.js\";\n\n// Re-export useActionState from React 19 to match Next.js's next/form module\nexport { useActionState };\n\ntype FormSubmitter = HTMLButtonElement | HTMLInputElement;\nconst SUPPORTED_FORM_ENCTYPE = \"application/x-www-form-urlencoded\";\nconst SUPPORTED_FORM_METHOD = \"GET\";\nconst SUPPORTED_FORM_TARGET = \"_self\";\n\nfunction isSafeAction(action: string): boolean {\n  // Block dangerous URI schemes\n  if (isDangerousScheme(action)) return false;\n  // Block protocol-relative URLs (//evil.com/...)\n  if (action.startsWith(\"//\")) return false;\n  // Block absolute URLs to external origins (client-side: compare origins)\n  if (/^https?:\\/\\//i.test(action)) {\n    if (typeof window !== \"undefined\") {\n      try {\n        const actionUrl = new URL(action);\n        return actionUrl.origin === window.location.origin;\n      } catch {\n        return false;\n      }\n    }\n    // Server-side: block all absolute URLs (can't compare origins)\n    return false;\n  }\n  return true;\n}\n\nfunction getSubmitter(nativeEvent: unknown): FormSubmitter | null {\n  const submitter =\n    nativeEvent &&\n    typeof nativeEvent === \"object\" &&\n    \"submitter\" in nativeEvent &&\n    nativeEvent.submitter instanceof Element\n      ? nativeEvent.submitter\n      : null;\n\n  if (submitter instanceof HTMLButtonElement || submitter instanceof HTMLInputElement) {\n    return submitter;\n  }\n  return null;\n}\n\nfunction getEffectiveMethod(\n  submitter: FormSubmitter | null,\n  formMethod: FormHTMLAttributes<HTMLFormElement>[\"method\"],\n): string {\n  const override = submitter?.getAttribute(\"formmethod\");\n  return (override ?? formMethod ?? \"GET\").toUpperCase();\n}\n\nfunction getEffectiveAction(submitter: FormSubmitter | null, formAction: string): string {\n  return submitter?.getAttribute(\"formaction\") ?? formAction;\n}\n\nfunction checkFormActionUrl(action: string, source: \"action\" | \"formAction\"): void {\n  const aPropName = source === \"action\" ? \"an `action`\" : \"a `formAction`\";\n\n  let testUrl: URL;\n  try {\n    testUrl = new URL(action, \"http://n\");\n  } catch {\n    console.error(`<Form> received ${aPropName} that cannot be parsed as a URL: \"${action}\".`);\n    return;\n  }\n\n  if (testUrl.searchParams.size) {\n    console.warn(\n      `<Form> received ${aPropName} that contains search params: \"${action}\". This is not supported, and they will be ignored. ` +\n        `If you need to pass in additional search params, use an \\`<input type=\"hidden\" />\\` instead.`,\n    );\n  }\n}\n\nfunction hasUnsupportedSubmitterAttributes(submitter: FormSubmitter): boolean {\n  const formEncType = submitter.getAttribute(\"formenctype\");\n  if (formEncType !== null && formEncType !== SUPPORTED_FORM_ENCTYPE) {\n    console.error(\n      `<Form>'s \\`encType\\` was set to an unsupported value via \\`formEncType=\"${formEncType}\"\\`. ` +\n        `This will disable <Form>'s navigation functionality. If you need this, use a native <form> element instead.`,\n    );\n    return true;\n  }\n\n  const formMethod = submitter.getAttribute(\"formmethod\");\n  if (formMethod !== null && formMethod.toUpperCase() !== SUPPORTED_FORM_METHOD) {\n    console.error(\n      `<Form>'s \\`method\\` was set to an unsupported value via \\`formMethod=\"${formMethod}\"\\`. ` +\n        `This will disable <Form>'s navigation functionality. If you need this, use a native <form> element instead.`,\n    );\n    return true;\n  }\n\n  const formTarget = submitter.getAttribute(\"formtarget\");\n  if (formTarget !== null && formTarget !== SUPPORTED_FORM_TARGET) {\n    console.error(\n      `<Form>'s \\`target\\` was set to an unsupported value via \\`formTarget=\"${formTarget}\"\\`. ` +\n        `This will disable <Form>'s navigation functionality. If you need this, use a native <form> element instead.`,\n    );\n    return true;\n  }\n\n  return false;\n}\n\nfunction createFormSubmitDestinationUrl(\n  action: string,\n  form: HTMLFormElement,\n  submitter: FormSubmitter | null,\n): string {\n  const targetUrl = new URL(action, window.location.href);\n  if (targetUrl.searchParams.size) {\n    targetUrl.search = \"\";\n  }\n\n  const formData = buildFormData(form, submitter);\n  for (const [name, value] of formData) {\n    targetUrl.searchParams.append(name, typeof value === \"string\" ? value : value.name);\n  }\n\n  return toSameOriginPath(targetUrl.href) ?? targetUrl.href;\n}\n\nfunction buildFormData(form: HTMLFormElement, submitter: FormSubmitter | null): FormData {\n  if (!submitter) return new FormData(form);\n\n  try {\n    return new FormData(form, submitter);\n  } catch {\n    const formData = new FormData(form);\n    if (!submitter.disabled && submitter.name) {\n      formData.append(submitter.name, submitter.value);\n    }\n    return formData;\n  }\n}\n\ntype FormProps = {\n  /** Target URL for GET forms, or server action for POST forms */\n  action: string | ((formData: FormData) => void | Promise<void>);\n  /** Replace instead of push in history (default: false) */\n  replace?: boolean;\n  /** Scroll to top after navigation (default: true) */\n  scroll?: boolean;\n} & FormHTMLAttributes<HTMLFormElement>;\n\nconst Form = forwardRef(function Form(props: FormProps, ref: ForwardedRef<HTMLFormElement>) {\n  const { action, replace = false, scroll = true, onSubmit, ...rest } = props;\n\n  // If action is a function (server action), pass it directly to React\n  if (typeof action === \"function\") {\n    return <form ref={ref} action={action} onSubmit={onSubmit} {...rest} />;\n  }\n\n  // Block dangerous action URLs. Render <form> without action attribute\n  // so it submits to the current page (safe default).\n  if (process.env.NODE_ENV !== \"production\") {\n    checkFormActionUrl(action, \"action\");\n  }\n\n  if (!isSafeAction(action)) {\n    if (process.env.NODE_ENV !== \"production\") {\n      console.warn(`<Form> blocked unsafe action: ${action}`);\n    }\n    return <form ref={ref} onSubmit={onSubmit} {...rest} />;\n  }\n\n  async function handleSubmit(e: React.SubmitEvent<HTMLFormElement>) {\n    // Call user's onSubmit first\n    if (onSubmit) {\n      onSubmit(e);\n      if (e.defaultPrevented) return;\n    }\n\n    const submitter = getSubmitter(e.nativeEvent);\n    if (submitter && hasUnsupportedSubmitterAttributes(submitter)) {\n      return;\n    }\n\n    // Only intercept GET forms for client-side navigation\n    const method = getEffectiveMethod(submitter, rest.method);\n    if (method !== \"GET\") return;\n\n    const effectiveAction = getEffectiveAction(submitter, action as string);\n    if (process.env.NODE_ENV !== \"production\" && submitter?.getAttribute(\"formaction\") !== null) {\n      checkFormActionUrl(effectiveAction, \"formAction\");\n    }\n    if (!isSafeAction(effectiveAction)) {\n      if (process.env.NODE_ENV !== \"production\") {\n        console.warn(`<Form> blocked unsafe action: ${effectiveAction}`);\n      }\n      e.preventDefault();\n      return;\n    }\n\n    e.preventDefault();\n    const url = createFormSubmitDestinationUrl(effectiveAction, e.currentTarget, submitter);\n\n    // Navigate client-side\n    if (typeof window.__VINEXT_RSC_NAVIGATE__ === \"function\") {\n      // App Router: use the shared navigator so URL/history publish stays\n      // aligned with the committed RSC tree.\n      await navigateClientSide(url, replace ? \"replace\" : \"push\", scroll);\n    } else {\n      // Pages Router: use router or fallback\n      if (replace) {\n        window.history.replaceState({}, \"\", url);\n      } else {\n        window.history.pushState({}, \"\", url);\n      }\n      window.dispatchEvent(new PopStateEvent(\"popstate\"));\n    }\n\n    // App Router: scroll is handled inside navigateClientSide (called above).\n    // Pages Router: scroll manually since pushState/popstate doesn't auto-scroll.\n    if (typeof window.__VINEXT_RSC_NAVIGATE__ !== \"function\" && scroll) {\n      window.scrollTo(0, 0);\n    }\n  }\n\n  return (\n    <form\n      ref={ref}\n      action={action}\n      onSubmit={(event) => {\n        void handleSubmit(event);\n      }}\n      {...rest}\n    />\n  );\n});\n\nexport default Form;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AA6BA,MAAM,yBAAyB;AAC/B,MAAM,wBAAwB;AAC9B,MAAM,wBAAwB;AAE9B,SAAS,aAAa,QAAyB;CAE7C,IAAI,kBAAkB,OAAO,EAAE,OAAO;CAEtC,IAAI,OAAO,WAAW,KAAK,EAAE,OAAO;CAEpC,IAAI,gBAAgB,KAAK,OAAO,EAAE;EAChC,IAAI,OAAO,WAAW,aACpB,IAAI;GAEF,OAAO,IADe,IAAI,OACV,CAAC,WAAW,OAAO,SAAS;UACtC;GACN,OAAO;;EAIX,OAAO;;CAET,OAAO;;AAGT,SAAS,aAAa,aAA4C;CAChE,MAAM,YACJ,eACA,OAAO,gBAAgB,YACvB,eAAe,eACf,YAAY,qBAAqB,UAC7B,YAAY,YACZ;CAEN,IAAI,qBAAqB,qBAAqB,qBAAqB,kBACjE,OAAO;CAET,OAAO;;AAGT,SAAS,mBACP,WACA,YACQ;CAER,QADiB,WAAW,aAAa,aAAa,IAClC,cAAc,OAAO,aAAa;;AAGxD,SAAS,mBAAmB,WAAiC,YAA4B;CACvF,OAAO,WAAW,aAAa,aAAa,IAAI;;AAGlD,SAAS,mBAAmB,QAAgB,QAAuC;CACjF,MAAM,YAAY,WAAW,WAAW,gBAAgB;CAExD,IAAI;CACJ,IAAI;EACF,UAAU,IAAI,IAAI,QAAQ,WAAW;SAC/B;EACN,QAAQ,MAAM,mBAAmB,UAAU,oCAAoC,OAAO,IAAI;EAC1F;;CAGF,IAAI,QAAQ,aAAa,MACvB,QAAQ,KACN,mBAAmB,UAAU,iCAAiC,OAAO,kJAEtE;;AAIL,SAAS,kCAAkC,WAAmC;CAC5E,MAAM,cAAc,UAAU,aAAa,cAAc;CACzD,IAAI,gBAAgB,QAAQ,gBAAgB,wBAAwB;EAClE,QAAQ,MACN,2EAA2E,YAAY,kHAExF;EACD,OAAO;;CAGT,MAAM,aAAa,UAAU,aAAa,aAAa;CACvD,IAAI,eAAe,QAAQ,WAAW,aAAa,KAAK,uBAAuB;EAC7E,QAAQ,MACN,yEAAyE,WAAW,kHAErF;EACD,OAAO;;CAGT,MAAM,aAAa,UAAU,aAAa,aAAa;CACvD,IAAI,eAAe,QAAQ,eAAe,uBAAuB;EAC/D,QAAQ,MACN,yEAAyE,WAAW,kHAErF;EACD,OAAO;;CAGT,OAAO;;AAGT,SAAS,+BACP,QACA,MACA,WACQ;CACR,MAAM,YAAY,IAAI,IAAI,QAAQ,OAAO,SAAS,KAAK;CACvD,IAAI,UAAU,aAAa,MACzB,UAAU,SAAS;CAGrB,MAAM,WAAW,cAAc,MAAM,UAAU;CAC/C,KAAK,MAAM,CAAC,MAAM,UAAU,UAC1B,UAAU,aAAa,OAAO,MAAM,OAAO,UAAU,WAAW,QAAQ,MAAM,KAAK;CAGrF,OAAO,iBAAiB,UAAU,KAAK,IAAI,UAAU;;AAGvD,SAAS,cAAc,MAAuB,WAA2C;CACvF,IAAI,CAAC,WAAW,OAAO,IAAI,SAAS,KAAK;CAEzC,IAAI;EACF,OAAO,IAAI,SAAS,MAAM,UAAU;SAC9B;EACN,MAAM,WAAW,IAAI,SAAS,KAAK;EACnC,IAAI,CAAC,UAAU,YAAY,UAAU,MACnC,SAAS,OAAO,UAAU,MAAM,UAAU,MAAM;EAElD,OAAO;;;AAaX,MAAM,OAAO,WAAW,SAAS,KAAK,OAAkB,KAAoC;CAC1F,MAAM,EAAE,QAAQ,UAAU,OAAO,SAAS,MAAM,UAAU,GAAG,SAAS;CAGtE,IAAI,OAAO,WAAW,YACpB,OAAO,oBAAC,QAAD;EAAW;EAAa;EAAkB;EAAU,GAAI;EAAQ,CAAA;CAKzE,IAAI,QAAQ,IAAI,aAAa,cAC3B,mBAAmB,QAAQ,SAAS;CAGtC,IAAI,CAAC,aAAa,OAAO,EAAE;EACzB,IAAI,QAAQ,IAAI,aAAa,cAC3B,QAAQ,KAAK,iCAAiC,SAAS;EAEzD,OAAO,oBAAC,QAAD;GAAW;GAAe;GAAU,GAAI;GAAQ,CAAA;;CAGzD,eAAe,aAAa,GAAuC;EAEjE,IAAI,UAAU;GACZ,SAAS,EAAE;GACX,IAAI,EAAE,kBAAkB;;EAG1B,MAAM,YAAY,aAAa,EAAE,YAAY;EAC7C,IAAI,aAAa,kCAAkC,UAAU,EAC3D;EAKF,IADe,mBAAmB,WAAW,KAAK,OACxC,KAAK,OAAO;EAEtB,MAAM,kBAAkB,mBAAmB,WAAW,OAAiB;EACvE,IAAI,QAAQ,IAAI,aAAa,gBAAgB,WAAW,aAAa,aAAa,KAAK,MACrF,mBAAmB,iBAAiB,aAAa;EAEnD,IAAI,CAAC,aAAa,gBAAgB,EAAE;GAClC,IAAI,QAAQ,IAAI,aAAa,cAC3B,QAAQ,KAAK,iCAAiC,kBAAkB;GAElE,EAAE,gBAAgB;GAClB;;EAGF,EAAE,gBAAgB;EAClB,MAAM,MAAM,+BAA+B,iBAAiB,EAAE,eAAe,UAAU;EAGvF,IAAI,OAAO,OAAO,4BAA4B,YAG5C,MAAM,mBAAmB,KAAK,UAAU,YAAY,QAAQ,OAAO;OAC9D;GAEL,IAAI,SACF,OAAO,QAAQ,aAAa,EAAE,EAAE,IAAI,IAAI;QAExC,OAAO,QAAQ,UAAU,EAAE,EAAE,IAAI,IAAI;GAEvC,OAAO,cAAc,IAAI,cAAc,WAAW,CAAC;;EAKrD,IAAI,OAAO,OAAO,4BAA4B,cAAc,QAC1D,OAAO,SAAS,GAAG,EAAE;;CAIzB,OACE,oBAAC,QAAD;EACO;EACG;EACR,WAAW,UAAU;GACnB,aAAkB,MAAM;;EAE1B,GAAI;EACJ,CAAA;EAEJ"}
+{"version":3,"file":"form.js","names":[],"sources":["../../src/shims/form.tsx"],"sourcesContent":["\"use client\";\n\n/**\n * next/form shim\n *\n * Progressive enhancement form component. In Next.js, this replaces\n * the standard <form> element with one that intercepts submissions\n * and performs client-side navigation for GET forms (search forms).\n *\n * For POST forms with server actions, it delegates to React's built-in\n * form action handling.\n *\n * Usage:\n *   import Form from 'next/form';\n *   <Form action=\"/search\">\n *     <input name=\"q\" />\n *     <button type=\"submit\">Search</button>\n *   </Form>\n */\n\nimport { forwardRef, useActionState, type FormHTMLAttributes, type ForwardedRef } from \"react\";\nimport { hasAppNavigationRuntime } from \"../client/navigation-runtime.js\";\nimport { navigateClientSide } from \"./navigation.js\";\nimport { isDangerousScheme } from \"./url-safety.js\";\nimport { toSameOriginPath, withBasePath } from \"./url-utils.js\";\n\n// Mirrors `__NEXT_ROUTER_BASEPATH` exposure in `next/link` / `next/router`.\n// `addBasePath` is only applied to the form-level `action` prop. A submitter's\n// `formAction` is intentionally untouched, matching Next.js (the comment in\n// upstream `form.tsx` notes \"this should not have basePath added, because we\n// can't add it before hydration\").\nconst __basePath: string = process.env.__NEXT_ROUTER_BASEPATH ?? \"\";\n\n// Re-export useActionState from React 19 to match Next.js's next/form module\nexport { useActionState };\n\ntype FormSubmitter = HTMLButtonElement | HTMLInputElement;\nconst SUPPORTED_FORM_ENCTYPE = \"application/x-www-form-urlencoded\";\nconst SUPPORTED_FORM_METHOD = \"GET\";\nconst SUPPORTED_FORM_TARGET = \"_self\";\n\nfunction isSafeAction(action: string): boolean {\n  // Block dangerous URI schemes\n  if (isDangerousScheme(action)) return false;\n  // Block protocol-relative URLs (//evil.com/...)\n  if (action.startsWith(\"//\")) return false;\n  // Block absolute URLs to external origins (client-side: compare origins)\n  if (/^https?:\\/\\//i.test(action)) {\n    if (typeof window !== \"undefined\") {\n      try {\n        const actionUrl = new URL(action);\n        return actionUrl.origin === window.location.origin;\n      } catch {\n        return false;\n      }\n    }\n    // Server-side: block all absolute URLs (can't compare origins)\n    return false;\n  }\n  return true;\n}\n\nfunction getSubmitter(nativeEvent: unknown): FormSubmitter | null {\n  const submitter =\n    nativeEvent &&\n    typeof nativeEvent === \"object\" &&\n    \"submitter\" in nativeEvent &&\n    nativeEvent.submitter instanceof Element\n      ? nativeEvent.submitter\n      : null;\n\n  if (submitter instanceof HTMLButtonElement || submitter instanceof HTMLInputElement) {\n    return submitter;\n  }\n  return null;\n}\n\nfunction getEffectiveMethod(\n  submitter: FormSubmitter | null,\n  formMethod: FormHTMLAttributes<HTMLFormElement>[\"method\"],\n): string {\n  const override = submitter?.getAttribute(\"formmethod\");\n  return (override ?? formMethod ?? \"GET\").toUpperCase();\n}\n\nfunction getEffectiveAction(submitter: FormSubmitter | null, formAction: string): string {\n  return submitter?.getAttribute(\"formaction\") ?? formAction;\n}\n\nfunction checkFormActionUrl(action: string, source: \"action\" | \"formAction\"): void {\n  const aPropName = source === \"action\" ? \"an `action`\" : \"a `formAction`\";\n\n  let testUrl: URL;\n  try {\n    testUrl = new URL(action, \"http://n\");\n  } catch {\n    console.error(`<Form> received ${aPropName} that cannot be parsed as a URL: \"${action}\".`);\n    return;\n  }\n\n  if (testUrl.searchParams.size) {\n    console.warn(\n      `<Form> received ${aPropName} that contains search params: \"${action}\". This is not supported, and they will be ignored. ` +\n        `If you need to pass in additional search params, use an \\`<input type=\"hidden\" />\\` instead.`,\n    );\n  }\n}\n\nfunction hasUnsupportedSubmitterAttributes(submitter: FormSubmitter): boolean {\n  const formEncType = submitter.getAttribute(\"formenctype\");\n  if (formEncType !== null && formEncType !== SUPPORTED_FORM_ENCTYPE) {\n    console.error(\n      `<Form>'s \\`encType\\` was set to an unsupported value via \\`formEncType=\"${formEncType}\"\\`. ` +\n        `This will disable <Form>'s navigation functionality. If you need this, use a native <form> element instead.`,\n    );\n    return true;\n  }\n\n  const formMethod = submitter.getAttribute(\"formmethod\");\n  if (formMethod !== null && formMethod.toUpperCase() !== SUPPORTED_FORM_METHOD) {\n    console.error(\n      `<Form>'s \\`method\\` was set to an unsupported value via \\`formMethod=\"${formMethod}\"\\`. ` +\n        `This will disable <Form>'s navigation functionality. If you need this, use a native <form> element instead.`,\n    );\n    return true;\n  }\n\n  const formTarget = submitter.getAttribute(\"formtarget\");\n  if (formTarget !== null && formTarget !== SUPPORTED_FORM_TARGET) {\n    console.error(\n      `<Form>'s \\`target\\` was set to an unsupported value via \\`formTarget=\"${formTarget}\"\\`. ` +\n        `This will disable <Form>'s navigation functionality. If you need this, use a native <form> element instead.`,\n    );\n    return true;\n  }\n\n  return false;\n}\n\nfunction createFormSubmitDestinationUrl(\n  action: string,\n  form: HTMLFormElement,\n  submitter: FormSubmitter | null,\n): string {\n  const targetUrl = new URL(action, window.location.href);\n  if (targetUrl.searchParams.size) {\n    targetUrl.search = \"\";\n  }\n\n  const formData = buildFormData(form, submitter);\n  for (const [name, value] of formData) {\n    targetUrl.searchParams.append(name, typeof value === \"string\" ? value : value.name);\n  }\n\n  return toSameOriginPath(targetUrl.href) ?? targetUrl.href;\n}\n\nfunction buildFormData(form: HTMLFormElement, submitter: FormSubmitter | null): FormData {\n  if (!submitter) return new FormData(form);\n\n  try {\n    return new FormData(form, submitter);\n  } catch {\n    const formData = new FormData(form);\n    if (!submitter.disabled && submitter.name) {\n      formData.append(submitter.name, submitter.value);\n    }\n    return formData;\n  }\n}\n\ntype FormProps = {\n  /** Target URL for GET forms, or server action for POST forms */\n  action: string | ((formData: FormData) => void | Promise<void>);\n  /** Replace instead of push in history (default: false) */\n  replace?: boolean;\n  /** Scroll to top after navigation (default: true) */\n  scroll?: boolean;\n} & FormHTMLAttributes<HTMLFormElement>;\n\nconst Form = forwardRef(function Form(props: FormProps, ref: ForwardedRef<HTMLFormElement>) {\n  const { action, replace = false, scroll = true, onSubmit, ...rest } = props;\n\n  // If action is a function (server action), pass it directly to React\n  if (typeof action === \"function\") {\n    return <form ref={ref} action={action} onSubmit={onSubmit} {...rest} />;\n  }\n\n  // Block dangerous action URLs. Render <form> without action attribute\n  // so it submits to the current page (safe default).\n  if (process.env.NODE_ENV !== \"production\") {\n    checkFormActionUrl(action, \"action\");\n  }\n\n  if (!isSafeAction(action)) {\n    if (process.env.NODE_ENV !== \"production\") {\n      console.warn(`<Form> blocked unsafe action: ${action}`);\n    }\n    return <form ref={ref} onSubmit={onSubmit} {...rest} />;\n  }\n\n  // Prefix basePath to the navigating `action` prop (matches Next.js's\n  // `addBasePath(actionProp)` in `client/form.tsx` and `client/app-dir/form.tsx`).\n  // This becomes both the rendered `action=` attribute (so JS-disabled\n  // submissions still hit the right URL) and the soft-navigation target.\n  const actionHref = withBasePath(action, __basePath);\n\n  async function handleSubmit(e: React.SubmitEvent<HTMLFormElement>) {\n    // Call user's onSubmit first\n    if (onSubmit) {\n      onSubmit(e);\n      if (e.defaultPrevented) return;\n    }\n\n    const submitter = getSubmitter(e.nativeEvent);\n    if (submitter && hasUnsupportedSubmitterAttributes(submitter)) {\n      return;\n    }\n\n    // Only intercept GET forms for client-side navigation\n    const method = getEffectiveMethod(submitter, rest.method);\n    if (method !== \"GET\") return;\n\n    // NOTE: a submitter's `formAction` is intentionally NOT base-path-prefixed\n    // here, matching Next.js. Upstream `form.tsx` notes: \"this should not have\n    // `basePath` added, because we can't add it before hydration\".\n    const effectiveAction = getEffectiveAction(submitter, actionHref);\n    if (process.env.NODE_ENV !== \"production\" && submitter?.getAttribute(\"formaction\") !== null) {\n      checkFormActionUrl(effectiveAction, \"formAction\");\n    }\n    if (!isSafeAction(effectiveAction)) {\n      if (process.env.NODE_ENV !== \"production\") {\n        console.warn(`<Form> blocked unsafe action: ${effectiveAction}`);\n      }\n      e.preventDefault();\n      return;\n    }\n\n    e.preventDefault();\n    const url = createFormSubmitDestinationUrl(effectiveAction, e.currentTarget, submitter);\n\n    // Navigate client-side\n    if (hasAppNavigationRuntime()) {\n      // App Router: use the shared navigator so URL/history publish stays\n      // aligned with the committed RSC tree.\n      await navigateClientSide(url, replace ? \"replace\" : \"push\", scroll);\n    } else {\n      // Pages Router: delegate to the Router singleton so navigation flows\n      // through `performNavigation` (route events, HTML fetch, scroll\n      // handling). Mirrors what `<Link>` does at link.tsx:619-623.\n      try {\n        const routerModule = await import(\"./router.js\");\n        const Router = routerModule.default;\n        if (replace) {\n          await Router.replace(url, undefined, { scroll });\n        } else {\n          await Router.push(url, undefined, { scroll });\n        }\n      } catch {\n        // Fallback: pushState + popstate keeps the URL in sync even if the\n        // Router singleton import fails (e.g. in test/SSR-only contexts).\n        if (replace) {\n          window.history.replaceState({}, \"\", url);\n        } else {\n          window.history.pushState({}, \"\", url);\n        }\n        window.dispatchEvent(new PopStateEvent(\"popstate\"));\n        if (scroll) {\n          window.scrollTo(0, 0);\n        }\n      }\n    }\n  }\n\n  return (\n    <form\n      ref={ref}\n      action={actionHref}\n      onSubmit={(event) => {\n        void handleSubmit(event);\n      }}\n      {...rest}\n    />\n  );\n});\n\nexport default Form;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AA+BA,MAAM,aAAqB,QAAQ,IAAI,0BAA0B;AAMjE,MAAM,yBAAyB;AAC/B,MAAM,wBAAwB;AAC9B,MAAM,wBAAwB;AAE9B,SAAS,aAAa,QAAyB;CAE7C,IAAI,kBAAkB,OAAO,EAAE,OAAO;CAEtC,IAAI,OAAO,WAAW,KAAK,EAAE,OAAO;CAEpC,IAAI,gBAAgB,KAAK,OAAO,EAAE;EAChC,IAAI,OAAO,WAAW,aACpB,IAAI;GAEF,OAAO,IADe,IAAI,OACV,CAAC,WAAW,OAAO,SAAS;UACtC;GACN,OAAO;;EAIX,OAAO;;CAET,OAAO;;AAGT,SAAS,aAAa,aAA4C;CAChE,MAAM,YACJ,eACA,OAAO,gBAAgB,YACvB,eAAe,eACf,YAAY,qBAAqB,UAC7B,YAAY,YACZ;CAEN,IAAI,qBAAqB,qBAAqB,qBAAqB,kBACjE,OAAO;CAET,OAAO;;AAGT,SAAS,mBACP,WACA,YACQ;CAER,QADiB,WAAW,aAAa,aAAa,IAClC,cAAc,OAAO,aAAa;;AAGxD,SAAS,mBAAmB,WAAiC,YAA4B;CACvF,OAAO,WAAW,aAAa,aAAa,IAAI;;AAGlD,SAAS,mBAAmB,QAAgB,QAAuC;CACjF,MAAM,YAAY,WAAW,WAAW,gBAAgB;CAExD,IAAI;CACJ,IAAI;EACF,UAAU,IAAI,IAAI,QAAQ,WAAW;SAC/B;EACN,QAAQ,MAAM,mBAAmB,UAAU,oCAAoC,OAAO,IAAI;EAC1F;;CAGF,IAAI,QAAQ,aAAa,MACvB,QAAQ,KACN,mBAAmB,UAAU,iCAAiC,OAAO,kJAEtE;;AAIL,SAAS,kCAAkC,WAAmC;CAC5E,MAAM,cAAc,UAAU,aAAa,cAAc;CACzD,IAAI,gBAAgB,QAAQ,gBAAgB,wBAAwB;EAClE,QAAQ,MACN,2EAA2E,YAAY,kHAExF;EACD,OAAO;;CAGT,MAAM,aAAa,UAAU,aAAa,aAAa;CACvD,IAAI,eAAe,QAAQ,WAAW,aAAa,KAAK,uBAAuB;EAC7E,QAAQ,MACN,yEAAyE,WAAW,kHAErF;EACD,OAAO;;CAGT,MAAM,aAAa,UAAU,aAAa,aAAa;CACvD,IAAI,eAAe,QAAQ,eAAe,uBAAuB;EAC/D,QAAQ,MACN,yEAAyE,WAAW,kHAErF;EACD,OAAO;;CAGT,OAAO;;AAGT,SAAS,+BACP,QACA,MACA,WACQ;CACR,MAAM,YAAY,IAAI,IAAI,QAAQ,OAAO,SAAS,KAAK;CACvD,IAAI,UAAU,aAAa,MACzB,UAAU,SAAS;CAGrB,MAAM,WAAW,cAAc,MAAM,UAAU;CAC/C,KAAK,MAAM,CAAC,MAAM,UAAU,UAC1B,UAAU,aAAa,OAAO,MAAM,OAAO,UAAU,WAAW,QAAQ,MAAM,KAAK;CAGrF,OAAO,iBAAiB,UAAU,KAAK,IAAI,UAAU;;AAGvD,SAAS,cAAc,MAAuB,WAA2C;CACvF,IAAI,CAAC,WAAW,OAAO,IAAI,SAAS,KAAK;CAEzC,IAAI;EACF,OAAO,IAAI,SAAS,MAAM,UAAU;SAC9B;EACN,MAAM,WAAW,IAAI,SAAS,KAAK;EACnC,IAAI,CAAC,UAAU,YAAY,UAAU,MACnC,SAAS,OAAO,UAAU,MAAM,UAAU,MAAM;EAElD,OAAO;;;AAaX,MAAM,OAAO,WAAW,SAAS,KAAK,OAAkB,KAAoC;CAC1F,MAAM,EAAE,QAAQ,UAAU,OAAO,SAAS,MAAM,UAAU,GAAG,SAAS;CAGtE,IAAI,OAAO,WAAW,YACpB,OAAO,oBAAC,QAAD;EAAW;EAAa;EAAkB;EAAU,GAAI;EAAQ,CAAA;CAKzE,IAAI,QAAQ,IAAI,aAAa,cAC3B,mBAAmB,QAAQ,SAAS;CAGtC,IAAI,CAAC,aAAa,OAAO,EAAE;EACzB,IAAI,QAAQ,IAAI,aAAa,cAC3B,QAAQ,KAAK,iCAAiC,SAAS;EAEzD,OAAO,oBAAC,QAAD;GAAW;GAAe;GAAU,GAAI;GAAQ,CAAA;;CAOzD,MAAM,aAAa,aAAa,QAAQ,WAAW;CAEnD,eAAe,aAAa,GAAuC;EAEjE,IAAI,UAAU;GACZ,SAAS,EAAE;GACX,IAAI,EAAE,kBAAkB;;EAG1B,MAAM,YAAY,aAAa,EAAE,YAAY;EAC7C,IAAI,aAAa,kCAAkC,UAAU,EAC3D;EAKF,IADe,mBAAmB,WAAW,KAAK,OACxC,KAAK,OAAO;EAKtB,MAAM,kBAAkB,mBAAmB,WAAW,WAAW;EACjE,IAAI,QAAQ,IAAI,aAAa,gBAAgB,WAAW,aAAa,aAAa,KAAK,MACrF,mBAAmB,iBAAiB,aAAa;EAEnD,IAAI,CAAC,aAAa,gBAAgB,EAAE;GAClC,IAAI,QAAQ,IAAI,aAAa,cAC3B,QAAQ,KAAK,iCAAiC,kBAAkB;GAElE,EAAE,gBAAgB;GAClB;;EAGF,EAAE,gBAAgB;EAClB,MAAM,MAAM,+BAA+B,iBAAiB,EAAE,eAAe,UAAU;EAGvF,IAAI,yBAAyB,EAG3B,MAAM,mBAAmB,KAAK,UAAU,YAAY,QAAQ,OAAO;OAKnE,IAAI;GAEF,MAAM,UAAS,MADY,OAAO,gBACN;GAC5B,IAAI,SACF,MAAM,OAAO,QAAQ,KAAK,KAAA,GAAW,EAAE,QAAQ,CAAC;QAEhD,MAAM,OAAO,KAAK,KAAK,KAAA,GAAW,EAAE,QAAQ,CAAC;UAEzC;GAGN,IAAI,SACF,OAAO,QAAQ,aAAa,EAAE,EAAE,IAAI,IAAI;QAExC,OAAO,QAAQ,UAAU,EAAE,EAAE,IAAI,IAAI;GAEvC,OAAO,cAAc,IAAI,cAAc,WAAW,CAAC;GACnD,IAAI,QACF,OAAO,SAAS,GAAG,EAAE;;;CAM7B,OACE,oBAAC,QAAD;EACO;EACL,QAAQ;EACR,WAAW,UAAU;GACnB,aAAkB,MAAM;;EAE1B,GAAI;EACJ,CAAA;EAEJ"}

package/dist/shims/hash-scroll.d.ts

@@ -0,0 +1,7 @@
+//#region src/shims/hash-scroll.d.ts
+declare function decodeHashFragment(fragment: string): string;
+declare function scrollToHashTarget(hash: string): void;
+declare function scrollToHashTargetOnNextFrame(hash: string): void;
+//#endregion
+export { decodeHashFragment, scrollToHashTarget, scrollToHashTargetOnNextFrame };
+//# sourceMappingURL=hash-scroll.d.ts.map

package/dist/shims/hash-scroll.js

@@ -0,0 +1,30 @@
+//#region src/shims/hash-scroll.ts
+function decodeHashFragment(fragment) {
+	try {
+		return decodeURIComponent(fragment);
+	} catch {
+		return fragment;
+	}
+}
+function scrollToHashTarget(hash) {
+	const fragment = decodeHashFragment(hash.startsWith("#") ? hash.slice(1) : hash);
+	if (fragment === "" || fragment === "top") {
+		window.scrollTo(0, 0);
+		return;
+	}
+	const idElement = document.getElementById(fragment);
+	if (idElement) {
+		idElement.scrollIntoView({ behavior: "auto" });
+		return;
+	}
+	document.getElementsByName(fragment)[0]?.scrollIntoView({ behavior: "auto" });
+}
+function scrollToHashTargetOnNextFrame(hash) {
+	requestAnimationFrame(() => {
+		scrollToHashTarget(hash);
+	});
+}
+//#endregion
+export { decodeHashFragment, scrollToHashTarget, scrollToHashTargetOnNextFrame };
+
+//# sourceMappingURL=hash-scroll.js.map

package/dist/shims/hash-scroll.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash-scroll.js","names":[],"sources":["../../src/shims/hash-scroll.ts"],"sourcesContent":["export function decodeHashFragment(fragment: string): string {\n  try {\n    return decodeURIComponent(fragment);\n  } catch {\n    // Malformed percent escapes cannot be decoded; keep navigation alive and\n    // attempt browser-style matching against the raw fragment.\n    return fragment;\n  }\n}\n\nexport function scrollToHashTarget(hash: string): void {\n  const fragment = decodeHashFragment(hash.startsWith(\"#\") ? hash.slice(1) : hash);\n\n  if (fragment === \"\" || fragment === \"top\") {\n    window.scrollTo(0, 0);\n    return;\n  }\n\n  const idElement = document.getElementById(fragment);\n  if (idElement) {\n    idElement.scrollIntoView({ behavior: \"auto\" });\n    return;\n  }\n\n  document.getElementsByName(fragment)[0]?.scrollIntoView({ behavior: \"auto\" });\n}\n\nexport function scrollToHashTargetOnNextFrame(hash: string): void {\n  requestAnimationFrame(() => {\n    scrollToHashTarget(hash);\n  });\n}\n"],"mappings":";AAAA,SAAgB,mBAAmB,UAA0B;CAC3D,IAAI;EACF,OAAO,mBAAmB,SAAS;SAC7B;EAGN,OAAO;;;AAIX,SAAgB,mBAAmB,MAAoB;CACrD,MAAM,WAAW,mBAAmB,KAAK,WAAW,IAAI,GAAG,KAAK,MAAM,EAAE,GAAG,KAAK;CAEhF,IAAI,aAAa,MAAM,aAAa,OAAO;EACzC,OAAO,SAAS,GAAG,EAAE;EACrB;;CAGF,MAAM,YAAY,SAAS,eAAe,SAAS;CACnD,IAAI,WAAW;EACb,UAAU,eAAe,EAAE,UAAU,QAAQ,CAAC;EAC9C;;CAGF,SAAS,kBAAkB,SAAS,CAAC,IAAI,eAAe,EAAE,UAAU,QAAQ,CAAC;;AAG/E,SAAgB,8BAA8B,MAAoB;CAChE,4BAA4B;EAC1B,mBAAmB,KAAK;GACxB"}

package/dist/shims/headers.d.ts

@@ -1,13 +1,6 @@
+import { RenderRequestApiKind } from "../server/cache-proof.js";
+
 //#region src/shims/headers.d.ts
-/**
- * next/headers shim
- *
- * Provides cookies() and headers() functions for App Router Server Components.
- * These read from a request context set by the RSC handler before rendering.
- *
- * In Next.js 15+, cookies() and headers() return Promises (async).
- * We support both the sync (legacy) and async patterns.
- */
 type HeadersContext = {
   headers: Headers;
   cookies: Map<string, string>;
@@ -20,7 +13,8 @@ type HeadersContext = {
 type HeadersAccessPhase = "render" | "action" | "route-handler";
 type VinextHeadersShimState = {
   headersContext: HeadersContext | null;
-  dynamicUsageDetected: boolean; /** Error recorded by throwIfInsideCacheScope for dev diagnostics, persists even if caught by user code. */
+  dynamicUsageDetected: boolean;
+  renderRequestApiUsage: Set<RenderRequestApiKind>; /** Error recorded by throwIfInsideCacheScope for dev diagnostics, persists even if caught by user code. */
   invalidDynamicUsageError: unknown;
   pendingSetCookies: string[];
   draftModeCookieHeader: string | null;
@@ -36,6 +30,9 @@ type VinextHeadersShimState = {
  * Called by connection(), cookies(), headers(), and noStore().
  */
 declare function markDynamicUsage(): void;
+declare function markRenderRequestApiUsage(kind: RenderRequestApiKind): void;
+declare function peekRenderRequestApiUsage(): RenderRequestApiKind[];
+declare function consumeRenderRequestApiUsage(): RenderRequestApiKind[];
 /**
  * Throw if the current execution is inside a "use cache" or unstable_cache()
  * scope. Called by dynamic request APIs (headers, cookies, connection) to
@@ -220,5 +217,5 @@ declare class RequestCookies {
   toString(): string;
 }
 //#endregion
-export { HeadersAccessPhase, HeadersContext, type RequestCookies, VinextHeadersShimState, applyMiddlewareRequestHeaders, consumeDynamicUsage, consumeInvalidDynamicUsageError, cookies, draftMode, getAndClearPendingCookies, getDraftModeCookieHeader, getHeadersAccessPhase, getHeadersContext, headers, headersContextFromRequest, isDraftModeRequest, markDynamicUsage, runWithHeadersContext, setHeadersAccessPhase, setHeadersContext, throwIfInsideCacheScope };
+export { HeadersAccessPhase, HeadersContext, type RequestCookies, VinextHeadersShimState, applyMiddlewareRequestHeaders, consumeDynamicUsage, consumeInvalidDynamicUsageError, consumeRenderRequestApiUsage, cookies, draftMode, getAndClearPendingCookies, getDraftModeCookieHeader, getHeadersAccessPhase, getHeadersContext, headers, headersContextFromRequest, isDraftModeRequest, markDynamicUsage, markRenderRequestApiUsage, peekRenderRequestApiUsage, runWithHeadersContext, setHeadersAccessPhase, setHeadersContext, throwIfInsideCacheScope };
 //# sourceMappingURL=headers.d.ts.map

package/dist/shims/headers.js

@@ -11,6 +11,7 @@ const _als = getOrCreateAls("vinext.nextHeadersShim.als");
 const _fallbackState = _g[_FALLBACK_KEY] ??= {
 	headersContext: null,
 	dynamicUsageDetected: false,
+	renderRequestApiUsage: /* @__PURE__ */ new Set(),
 	invalidDynamicUsageError: null,
 	pendingSetCookies: [],
 	draftModeCookieHeader: null,
@@ -102,6 +103,18 @@ function markDynamicUsage() {
 	if (state.headersContext?.forceStatic) return;
 	state.dynamicUsageDetected = true;
 }
+function markRenderRequestApiUsage(kind) {
+	_getState().renderRequestApiUsage.add(kind);
+}
+function peekRenderRequestApiUsage() {
+	return [..._getState().renderRequestApiUsage].sort();
+}
+function consumeRenderRequestApiUsage() {
+	const state = _getState();
+	const observed = [...state.renderRequestApiUsage].sort();
+	state.renderRequestApiUsage = /* @__PURE__ */ new Set();
+	return observed;
+}
 /** Symbol used by cache-runtime.ts to store the "use cache" ALS on globalThis */
 const _USE_CACHE_ALS_KEY = Symbol.for("vinext.cacheRuntime.contextAls");
 /** Symbol used by cache.ts to store the unstable_cache ALS on globalThis */
@@ -200,6 +213,7 @@ function setHeadersContext(ctx) {
 	if (ctx !== null) {
 		state.headersContext = ctx;
 		state.dynamicUsageDetected = false;
+		state.renderRequestApiUsage = /* @__PURE__ */ new Set();
 		state.pendingSetCookies = [];
 		state.draftModeCookieHeader = null;
 		state.phase = "render";
@@ -212,6 +226,7 @@ function runWithHeadersContext(ctx, fn) {
 	if (isInsideUnifiedScope()) return runWithUnifiedStateMutation((uCtx) => {
 		uCtx.headersContext = ctx;
 		uCtx.dynamicUsageDetected = false;
+		uCtx.renderRequestApiUsage = /* @__PURE__ */ new Set();
 		uCtx.pendingSetCookies = [];
 		uCtx.draftModeCookieHeader = null;
 		uCtx.phase = "render";
@@ -219,6 +234,7 @@ function runWithHeadersContext(ctx, fn) {
 	const state = {
 		headersContext: ctx,
 		dynamicUsageDetected: false,
+		renderRequestApiUsage: /* @__PURE__ */ new Set(),
 		invalidDynamicUsageError: null,
 		pendingSetCookies: [],
 		draftModeCookieHeader: null,
@@ -416,6 +432,7 @@ function headersContextFromRequest(request) {
 * the context is already available).
 */
 function headers() {
+	markRenderRequestApiUsage("headers");
 	try {
 		throwIfInsideCacheScope("headers()");
 	} catch (error) {
@@ -432,6 +449,7 @@ function headers() {
 * Returns a ReadonlyRequestCookies-like object.
 */
 function cookies() {
+	markRenderRequestApiUsage("cookies");
 	try {
 		throwIfInsideCacheScope("cookies()");
 	} catch (error) {
@@ -488,21 +506,23 @@ function draftModeCookieAttributes() {
 * - `disable()`: clears the bypass cookie
 */
 async function draftMode() {
+	markRenderRequestApiUsage("draftMode");
 	throwIfInsideCacheScope("draftMode()");
 	const state = _getState();
 	if (state.headersContext?.accessError) throw state.headersContext.accessError;
-	markDynamicUsage();
 	const secret = getDraftSecret();
 	return {
 		get isEnabled() {
 			return state.headersContext ? state.headersContext.cookies.get(DRAFT_MODE_COOKIE) === secret : false;
 		},
 		enable() {
+			markDynamicUsage();
 			if (state.headersContext?.accessError) throw state.headersContext.accessError;
 			if (state.headersContext) state.headersContext.cookies.set(DRAFT_MODE_COOKIE, secret);
 			state.draftModeCookieHeader = `${DRAFT_MODE_COOKIE}=${secret}; ${draftModeCookieAttributes()}`;
 		},
 		disable() {
+			markDynamicUsage();
 			if (state.headersContext?.accessError) throw state.headersContext.accessError;
 			if (state.headersContext) state.headersContext.cookies.delete(DRAFT_MODE_COOKIE);
 			state.draftModeCookieHeader = `${DRAFT_MODE_COOKIE}=; ${draftModeCookieAttributes()}; Expires=${DRAFT_MODE_EXPIRED_DATE}`;
@@ -607,6 +627,6 @@ var RequestCookies = class {
 	}
 };
 //#endregion
-export { applyMiddlewareRequestHeaders, consumeDynamicUsage, consumeInvalidDynamicUsageError, cookies, draftMode, getAndClearPendingCookies, getDraftModeCookieHeader, getHeadersAccessPhase, getHeadersContext, headers, headersContextFromRequest, isDraftModeRequest, markDynamicUsage, runWithHeadersContext, setHeadersAccessPhase, setHeadersContext, throwIfInsideCacheScope };
+export { applyMiddlewareRequestHeaders, consumeDynamicUsage, consumeInvalidDynamicUsageError, consumeRenderRequestApiUsage, cookies, draftMode, getAndClearPendingCookies, getDraftModeCookieHeader, getHeadersAccessPhase, getHeadersContext, headers, headersContextFromRequest, isDraftModeRequest, markDynamicUsage, markRenderRequestApiUsage, peekRenderRequestApiUsage, runWithHeadersContext, setHeadersAccessPhase, setHeadersContext, throwIfInsideCacheScope };
 
 //# sourceMappingURL=headers.js.map