vinext 0.0.51 → 0.0.52

package/dist/server/app-rsc-handler.js.map

@@ -1 +1 @@
-{"version":3,"file":"app-rsc-handler.js","names":[],"sources":["../../src/server/app-rsc-handler.ts"],"sourcesContent":["import type {\n  NextHeader,\n  NextI18nConfig,\n  NextRedirect,\n  NextRewrite,\n} from \"../config/next-config.js\";\nimport {\n  isExternalUrl,\n  matchRedirect,\n  matchRewrite,\n  proxyExternalRequest,\n  requestContextFromRequest,\n  sanitizeDestination,\n} from \"../config/config-matchers.js\";\nimport { headersContextFromRequest } from \"vinext/shims/headers\";\nimport {\n  NEXT_ACTION_HEADER,\n  RSC_ACTION_HEADER,\n  RSC_HEADER,\n  VINEXT_MW_CTX_HEADER,\n} from \"./headers.js\";\nimport { ensureFetchPatch, setCurrentFetchSoftTags } from \"vinext/shims/fetch-cache\";\nimport type { ReactFormState } from \"react-dom/client\";\nimport {\n  getRequestExecutionContext,\n  type ExecutionContextLike,\n} from \"vinext/shims/request-context\";\nimport { pickRootParams, setRootParams } from \"vinext/shims/root-params\";\nimport { createRequestContext, runWithRequestContext } from \"vinext/shims/unified-request-context\";\nimport { flattenErrorCauses } from \"../utils/error-cause.js\";\nimport { hasBasePath } from \"../utils/base-path.js\";\nimport { applyAppMiddleware, type AppMiddlewareContext } from \"./app-middleware.js\";\nimport { mergeMiddlewareResponseHeaders } from \"./app-page-response.js\";\nimport { handleAppPrerenderEndpoint } from \"./app-prerender-endpoints.js\";\nimport {\n  createRscRedirectLocation,\n  resolveInvalidRscCacheBustingRequest,\n  stripRscCacheBustingSearchParam,\n  stripRscSuffix,\n} from \"./app-rsc-cache-busting.js\";\nimport { finalizeAppRscResponse } from \"./app-rsc-response-finalizer.js\";\nimport { normalizeRscRequest } from \"./app-rsc-request-normalization.js\";\nimport { notFoundResponse } from \"./http-error-responses.js\";\nimport { getScriptNonceFromHeaderSources } from \"./csp.js\";\nimport { buildPageCacheTags } from \"./implicit-tags.js\";\nimport { handleMetadataRouteRequest } from \"./metadata-route-response.js\";\nimport type { MiddlewareModule } from \"./middleware-runtime.js\";\nimport { runWithPrerenderWorkUnit } from \"./prerender-work-unit-setup.js\";\nimport { buildPostMwRequestContext } from \"./app-post-middleware-context.js\";\nimport type { AppRscRenderMode } from \"./app-rsc-render-mode.js\";\nimport {\n  cloneRequestWithHeaders,\n  filterInternalHeaders,\n  applyConfigHeadersToResponse,\n  normalizeTrailingSlash,\n  resolvePublicFileRoute,\n  validateImageUrl,\n} from \"./request-pipeline.js\";\n\ntype AppPageParams = Record<string, string | string[]>;\ntype RequestContext = ReturnType<typeof requestContextFromRequest>;\ntype MetadataRoutes = Parameters<typeof handleMetadataRouteRequest>[0][\"metadataRoutes\"];\ntype MakeThenableParams = Parameters<typeof handleMetadataRouteRequest>[0][\"makeThenableParams\"];\ntype StaticParamsMap = Parameters<typeof handleAppPrerenderEndpoint>[1][\"staticParamsMap\"];\ntype RootParamNamesMap = Parameters<\n  typeof handleAppPrerenderEndpoint\n>[1][\"rootParamNamesByPattern\"];\n\ntype AppRscMiddlewareContext = AppMiddlewareContext;\n\ntype AppRscHandlerRoute = {\n  isDynamic: boolean;\n  page?: unknown;\n  pattern: string;\n  rootParamNames?: readonly string[];\n  routeHandler?: unknown;\n  routeSegments: readonly string[];\n};\n\ntype AppRscRouteMatch<TRoute> = {\n  params: AppPageParams;\n  route: TRoute;\n};\n\ntype DispatchMatchedPageOptions<TRoute> = {\n  cleanPathname: string;\n  formState: ReactFormState | null;\n  actionError?: unknown;\n  actionFailed?: boolean;\n  handlerStart: number;\n  interceptionContext: string | null;\n  isProgressiveActionRender: boolean;\n  isRscRequest: boolean;\n  middlewareContext: AppRscMiddlewareContext;\n  mountedSlotsHeader: string | null;\n  params: AppPageParams;\n  request: Request;\n  route: TRoute;\n  scriptNonce?: string;\n  searchParams: URLSearchParams;\n  renderMode: AppRscRenderMode;\n};\n\ntype DispatchMatchedRouteHandlerOptions<TRoute> = {\n  cleanPathname: string;\n  middlewareContext: AppRscMiddlewareContext;\n  params: AppPageParams;\n  request: Request;\n  route: TRoute;\n  searchParams: URLSearchParams;\n};\n\ntype HandleProgressiveActionRequestOptions = {\n  actionId: string | null;\n  cleanPathname: string;\n  contentType: string;\n  middlewareContext: AppRscMiddlewareContext;\n  request: Request;\n};\n\ntype ProgressiveActionFormStateResult =\n  | {\n      formState: ReactFormState | null;\n      kind: \"form-state\";\n    }\n  | {\n      actionError: unknown;\n      actionFailed: true;\n      formState: null;\n      kind: \"form-state\";\n    };\n\ntype HandleServerActionRequestOptions = {\n  actionId: string | null;\n  cleanPathname: string;\n  contentType: string;\n  interceptionContext: string | null;\n  isRscRequest: boolean;\n  middlewareContext: AppRscMiddlewareContext;\n  mountedSlotsHeader: string | null;\n  request: Request;\n  searchParams: URLSearchParams;\n};\n\ntype RenderNotFoundOptions<TRoute> = {\n  isRscRequest: boolean;\n  matchedParams?: AppPageParams;\n  middlewareContext: AppRscMiddlewareContext;\n  request: Request;\n  route: TRoute | null;\n  scriptNonce?: string;\n};\n\ntype RenderPagesFallbackOptions = {\n  isRscRequest: boolean;\n  middlewareContext: AppRscMiddlewareContext;\n  request: Request;\n  url: URL;\n};\n\ntype NavigationContextValue = {\n  params: AppPageParams;\n  pathname: string;\n  searchParams: URLSearchParams;\n};\n\ntype CreateAppRscHandlerOptions<TRoute extends AppRscHandlerRoute> = {\n  basePath: string;\n  clearRequestContext: () => void;\n  configHeaders: NextHeader[];\n  configRedirects: NextRedirect[];\n  configRewrites: {\n    afterFiles: NextRewrite[];\n    beforeFiles: NextRewrite[];\n    fallback: NextRewrite[];\n  };\n  dispatchMatchedPage: (options: DispatchMatchedPageOptions<TRoute>) => Promise<Response>;\n  dispatchMatchedRouteHandler: (\n    options: DispatchMatchedRouteHandlerOptions<TRoute>,\n  ) => Promise<Response>;\n  ensureInstrumentation?: () => Promise<void>;\n  handleProgressiveActionRequest: (\n    options: HandleProgressiveActionRequestOptions,\n  ) => Promise<Response | ProgressiveActionFormStateResult | null>;\n  handleServerActionRequest: (\n    options: HandleServerActionRequestOptions,\n  ) => Promise<Response | null>;\n  i18nConfig: NextI18nConfig | null;\n  isMiddlewareProxy: boolean;\n  loadPrerenderPagesRoutes?: () => Promise<unknown>;\n  makeThenableParams: MakeThenableParams;\n  matchRoute: (pathname: string) => AppRscRouteMatch<TRoute> | null;\n  metadataRoutes: MetadataRoutes;\n  middlewareModule: MiddlewareModule | null;\n  publicFiles: ReadonlySet<string>;\n  renderNotFound: (options: RenderNotFoundOptions<TRoute>) => Promise<Response | null>;\n  renderPagesFallback?: (options: RenderPagesFallbackOptions) => Promise<Response | null>;\n  rootParamNamesByPattern?: RootParamNamesMap;\n  setNavigationContext: (context: NavigationContextValue) => void;\n  staticParamsMap: StaticParamsMap;\n  trailingSlash: boolean;\n  validateDevRequestOrigin?: (request: Request) => Response | null;\n};\n\nfunction hasProperty<TKey extends PropertyKey>(\n  value: object,\n  key: TKey,\n): value is object & Record<TKey, unknown> {\n  return key in value;\n}\n\nfunction isExecutionContextLike(value: unknown): value is ExecutionContextLike {\n  if (!value || typeof value !== \"object\") return false;\n  return hasProperty(value, \"waitUntil\") && typeof value.waitUntil === \"function\";\n}\n\nfunction redirectDestinationWithBasePath(destination: string, basePath: string): string {\n  if (!basePath || isExternalUrl(destination) || hasBasePath(destination, basePath)) {\n    return destination;\n  }\n  return basePath + destination;\n}\n\nasync function applyRewrite(\n  options: {\n    clearRequestContext: () => void;\n    request: Request;\n    requestContext: RequestContext;\n    rewrites: NextRewrite[];\n  },\n  cleanPathname: string,\n): Promise<Response | string | null> {\n  if (!options.rewrites.length) return null;\n\n  const rewritten = matchRewrite(cleanPathname, options.rewrites, options.requestContext);\n  if (!rewritten) return null;\n\n  if (isExternalUrl(rewritten)) {\n    options.clearRequestContext();\n    return proxyExternalRequest(options.request, rewritten);\n  }\n\n  return rewritten;\n}\n\nfunction applyConfigHeadersToMiddlewareRedirect(\n  response: Response,\n  options: {\n    configHeaders: NextHeader[];\n    pathname: string;\n    requestContext: RequestContext;\n  },\n): Response {\n  // Non-redirect middleware responses still pass through finalization, where\n  // config headers are applied once. Redirects skip finalization to avoid\n  // mutating immutable redirect headers, so they need the earlier header layer here.\n  if (response.status < 300 || response.status >= 400) return response;\n  if (!options.configHeaders.length) return response;\n\n  const headers = new Headers();\n  applyConfigHeadersToResponse(headers, {\n    configHeaders: options.configHeaders,\n    pathname: options.pathname,\n    requestContext: options.requestContext,\n  });\n\n  if (!headers.entries().next().done) {\n    mergeMiddlewareResponseHeaders(headers, response.headers);\n    return new Response(response.body, {\n      status: response.status,\n      statusText: response.statusText,\n      headers,\n    });\n  }\n\n  return response;\n}\n\nasync function handleAppRscRequest<TRoute extends AppRscHandlerRoute>(\n  options: CreateAppRscHandlerOptions<TRoute>,\n  request: Request,\n  preMiddlewareRequestContext: RequestContext,\n): Promise<Response> {\n  const handlerStart = process.env.NODE_ENV !== \"production\" ? performance.now() : 0;\n\n  if (process.env.NODE_ENV !== \"production\") {\n    const originBlock = options.validateDevRequestOrigin?.(request);\n    if (originBlock) return originBlock;\n  }\n\n  const normalized = normalizeRscRequest(request, options.basePath);\n  if (normalized instanceof Response) return normalized;\n\n  const { url, isRscRequest, interceptionContextHeader, mountedSlotsHeader, renderMode } =\n    normalized;\n  let { pathname, cleanPathname } = normalized;\n\n  const prerenderEndpointResponse = await handleAppPrerenderEndpoint(request, {\n    isPrerenderEnabled() {\n      return process.env.VINEXT_PRERENDER === \"1\";\n    },\n    loadPagesRoutes: options.loadPrerenderPagesRoutes,\n    pathname,\n    rootParamNamesByPattern: options.rootParamNamesByPattern,\n    staticParamsMap: options.staticParamsMap,\n  });\n  if (prerenderEndpointResponse) return prerenderEndpointResponse;\n\n  const trailingSlashRedirect = normalizeTrailingSlash(\n    pathname,\n    options.basePath,\n    options.trailingSlash,\n    url.search,\n  );\n  if (trailingSlashRedirect) return trailingSlashRedirect;\n\n  const redirectPathname = stripRscSuffix(pathname);\n  const redirect = matchRedirect(\n    redirectPathname,\n    options.configRedirects,\n    preMiddlewareRequestContext,\n  );\n  if (redirect) {\n    const destination = sanitizeDestination(\n      redirectDestinationWithBasePath(redirect.destination, options.basePath),\n    );\n    const location =\n      isRscRequest && request.headers.get(RSC_HEADER) === \"1\"\n        ? await createRscRedirectLocation(destination, request)\n        : destination;\n    return new Response(null, {\n      status: redirect.permanent ? 308 : 307,\n      headers: { Location: location },\n    });\n  }\n\n  const rscCacheBustingRedirect = await resolveInvalidRscCacheBustingRequest({\n    isRscRequest,\n    request,\n  });\n  if (rscCacheBustingRedirect) return rscCacheBustingRedirect;\n\n  const middlewareContext: AppRscMiddlewareContext = {\n    headers: null,\n    requestHeaders: null,\n    status: null,\n  };\n\n  if (options.middlewareModule) {\n    const middlewareResult = await applyAppMiddleware({\n      basePath: options.basePath,\n      cleanPathname,\n      context: middlewareContext,\n      i18nConfig: options.i18nConfig,\n      isProxy: options.isMiddlewareProxy,\n      module: options.middlewareModule,\n      request,\n    });\n    if (middlewareResult.kind === \"response\") {\n      return applyConfigHeadersToMiddlewareRedirect(middlewareResult.response, {\n        configHeaders: options.configHeaders,\n        pathname: cleanPathname,\n        requestContext: preMiddlewareRequestContext,\n      });\n    }\n\n    cleanPathname = middlewareResult.cleanPathname;\n    if (middlewareResult.search !== null) {\n      url.search = middlewareResult.search;\n    }\n  }\n\n  const scriptNonce = getScriptNonceFromHeaderSources(request.headers, middlewareContext.headers);\n  const postMiddlewareRequestContext = buildPostMwRequestContext(request);\n\n  const beforeFilesRewrite = await applyRewrite(\n    {\n      clearRequestContext: options.clearRequestContext,\n      request,\n      requestContext: postMiddlewareRequestContext,\n      rewrites: options.configRewrites.beforeFiles,\n    },\n    cleanPathname,\n  );\n  if (beforeFilesRewrite instanceof Response) return beforeFilesRewrite;\n  if (beforeFilesRewrite) cleanPathname = beforeFilesRewrite;\n\n  if (cleanPathname === \"/_vinext/image\") {\n    const imageUrlResult = validateImageUrl(url.searchParams.get(\"url\"), request.url);\n    if (imageUrlResult instanceof Response) return imageUrlResult;\n    return Response.redirect(new URL(imageUrlResult, url.origin).href, 302);\n  }\n\n  const metadataRouteResponse = await handleMetadataRouteRequest({\n    metadataRoutes: options.metadataRoutes,\n    cleanPathname,\n    makeThenableParams: options.makeThenableParams,\n  });\n  if (metadataRouteResponse) return metadataRouteResponse;\n\n  const publicFileResponse = resolvePublicFileRoute({\n    cleanPathname,\n    middlewareContext,\n    pathname,\n    publicFiles: options.publicFiles,\n    request,\n  });\n  if (publicFileResponse) {\n    options.clearRequestContext();\n    return publicFileResponse;\n  }\n\n  if (isRscRequest) {\n    stripRscCacheBustingSearchParam(url);\n  }\n\n  options.setNavigationContext({\n    pathname: cleanPathname,\n    searchParams: url.searchParams,\n    params: {},\n  });\n\n  const actionId =\n    request.headers.get(RSC_ACTION_HEADER) ?? request.headers.get(NEXT_ACTION_HEADER);\n  const contentType = request.headers.get(\"content-type\") || \"\";\n\n  const progressiveActionResult = await options.handleProgressiveActionRequest({\n    actionId,\n    cleanPathname,\n    contentType,\n    middlewareContext,\n    request,\n  });\n  if (progressiveActionResult instanceof Response) return progressiveActionResult;\n  const isProgressiveActionRender = progressiveActionResult?.kind === \"form-state\";\n  const formState = isProgressiveActionRender ? progressiveActionResult.formState : null;\n  const failedProgressiveActionResult =\n    isProgressiveActionRender && \"actionFailed\" in progressiveActionResult\n      ? progressiveActionResult\n      : null;\n  const actionFailed = failedProgressiveActionResult !== null;\n  const actionError = failedProgressiveActionResult?.actionError;\n\n  const serverActionResponse = await options.handleServerActionRequest({\n    actionId,\n    cleanPathname,\n    contentType,\n    interceptionContext: interceptionContextHeader,\n    isRscRequest,\n    middlewareContext,\n    mountedSlotsHeader,\n    request,\n    searchParams: url.searchParams,\n  });\n  if (serverActionResponse) return serverActionResponse;\n\n  let match = options.matchRoute(cleanPathname);\n  if (!match || match.route.isDynamic) {\n    const afterFilesRewrite = await applyRewrite(\n      {\n        clearRequestContext: options.clearRequestContext,\n        request,\n        requestContext: postMiddlewareRequestContext,\n        rewrites: options.configRewrites.afterFiles,\n      },\n      cleanPathname,\n    );\n    if (afterFilesRewrite instanceof Response) return afterFilesRewrite;\n    if (afterFilesRewrite) {\n      cleanPathname = afterFilesRewrite;\n      match = options.matchRoute(cleanPathname);\n    }\n  }\n\n  if (!match) {\n    const fallbackRewrite = await applyRewrite(\n      {\n        clearRequestContext: options.clearRequestContext,\n        request,\n        requestContext: postMiddlewareRequestContext,\n        rewrites: options.configRewrites.fallback,\n      },\n      cleanPathname,\n    );\n    if (fallbackRewrite instanceof Response) return fallbackRewrite;\n    if (fallbackRewrite) {\n      cleanPathname = fallbackRewrite;\n      match = options.matchRoute(cleanPathname);\n    }\n  }\n\n  if (!match) {\n    const pagesFallbackResponse = await options.renderPagesFallback?.({\n      isRscRequest,\n      middlewareContext,\n      request,\n      url,\n    });\n    if (pagesFallbackResponse) {\n      options.clearRequestContext();\n      return pagesFallbackResponse;\n    }\n\n    const renderedNotFoundResponse = await options.renderNotFound({\n      isRscRequest,\n      middlewareContext,\n      request,\n      route: null,\n      scriptNonce,\n    });\n    if (renderedNotFoundResponse) return renderedNotFoundResponse;\n\n    options.clearRequestContext();\n    const headers = new Headers();\n    mergeMiddlewareResponseHeaders(headers, middlewareContext.headers);\n    return notFoundResponse({ headers });\n  }\n\n  const { route, params } = match;\n  options.setNavigationContext({\n    pathname: cleanPathname,\n    searchParams: url.searchParams,\n    params,\n  });\n  setRootParams(pickRootParams(params, route.rootParamNames));\n\n  if (route.routeHandler) {\n    setCurrentFetchSoftTags(\n      buildPageCacheTags(cleanPathname, [], [...route.routeSegments], \"route\"),\n    );\n    return options.dispatchMatchedRouteHandler({\n      cleanPathname,\n      middlewareContext,\n      params,\n      request,\n      route,\n      searchParams: url.searchParams,\n    });\n  }\n\n  return options.dispatchMatchedPage({\n    cleanPathname,\n    formState,\n    actionError,\n    actionFailed,\n    handlerStart,\n    interceptionContext: interceptionContextHeader,\n    isProgressiveActionRender,\n    isRscRequest,\n    middlewareContext,\n    mountedSlotsHeader,\n    params,\n    request,\n    route,\n    scriptNonce,\n    searchParams: url.searchParams,\n    renderMode,\n  });\n}\n\nexport function createAppRscHandler<TRoute extends AppRscHandlerRoute>(\n  options: CreateAppRscHandlerOptions<TRoute>,\n): (request: Request, ctx: unknown) => Promise<Response> {\n  return async function appRscHandler(rawRequest, ctx) {\n    await options.ensureInstrumentation?.();\n\n    // Strip forged internal headers at the App Router request boundary.\n    // Must happen BEFORE headersContextFromRequest() and\n    // requestContextFromRequest() so the captured context never contains\n    // attacker-controlled internal headers. This is the correct boundary\n    // for pure App Router requests; in hybrid app+pages mode the connect\n    // handler already filtered headers upstream and x-vinext-mw-ctx\n    // (not in INTERNAL_HEADERS) carries the forwarded middleware context.\n    // srvx's NodeRequestHeaders reads from rawHeaders for iteration but falls\n    // back to req.headers for .get() / .has(). In the dev server we add\n    // x-vinext-mw-ctx to req.headers after the Request is built, so it is\n    // visible to .get() but lost when filterInternalHeaders iterates. Read it\n    // BEFORE iterating so applyForwardedMiddlewareContext can skip middleware.\n    const mwCtx = rawRequest.headers.get(VINEXT_MW_CTX_HEADER);\n    const filteredHeaders = filterInternalHeaders(rawRequest.headers);\n    if (mwCtx !== null) {\n      filteredHeaders.set(VINEXT_MW_CTX_HEADER, mwCtx);\n    }\n    const request = cloneRequestWithHeaders(rawRequest, filteredHeaders);\n\n    const executionContext = isExecutionContextLike(ctx)\n      ? ctx\n      : (getRequestExecutionContext() ?? null);\n    const headersContext = headersContextFromRequest(request);\n    const requestContext = createRequestContext({\n      headersContext,\n      executionContext,\n      unstableCacheRevalidation: \"background\",\n    });\n\n    return runWithRequestContext(requestContext, () =>\n      runWithPrerenderWorkUnit(\n        async () => {\n          ensureFetchPatch();\n          const preMiddlewareRequestContext = requestContextFromRequest(request);\n          let response: Response;\n\n          try {\n            response = await handleAppRscRequest(options, request, preMiddlewareRequestContext);\n          } catch (error) {\n            if (process.env.NODE_ENV !== \"production\") {\n              flattenErrorCauses(error);\n            }\n            throw error;\n          }\n\n          return finalizeAppRscResponse(response, request, {\n            basePath: options.basePath,\n            configHeaders: options.configHeaders,\n            requestContext: preMiddlewareRequestContext,\n          });\n        },\n        { route: () => new URL(request.url).pathname },\n      ),\n    );\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AA4MA,SAAS,YACP,OACA,KACyC;CACzC,OAAO,OAAO;;AAGhB,SAAS,uBAAuB,OAA+C;CAC7E,IAAI,CAAC,SAAS,OAAO,UAAU,UAAU,OAAO;CAChD,OAAO,YAAY,OAAO,YAAY,IAAI,OAAO,MAAM,cAAc;;AAGvE,SAAS,gCAAgC,aAAqB,UAA0B;CACtF,IAAI,CAAC,YAAY,cAAc,YAAY,IAAI,YAAY,aAAa,SAAS,EAC/E,OAAO;CAET,OAAO,WAAW;;AAGpB,eAAe,aACb,SAMA,eACmC;CACnC,IAAI,CAAC,QAAQ,SAAS,QAAQ,OAAO;CAErC,MAAM,YAAY,aAAa,eAAe,QAAQ,UAAU,QAAQ,eAAe;CACvF,IAAI,CAAC,WAAW,OAAO;CAEvB,IAAI,cAAc,UAAU,EAAE;EAC5B,QAAQ,qBAAqB;EAC7B,OAAO,qBAAqB,QAAQ,SAAS,UAAU;;CAGzD,OAAO;;AAGT,SAAS,uCACP,UACA,SAKU;CAIV,IAAI,SAAS,SAAS,OAAO,SAAS,UAAU,KAAK,OAAO;CAC5D,IAAI,CAAC,QAAQ,cAAc,QAAQ,OAAO;CAE1C,MAAM,UAAU,IAAI,SAAS;CAC7B,6BAA6B,SAAS;EACpC,eAAe,QAAQ;EACvB,UAAU,QAAQ;EAClB,gBAAgB,QAAQ;EACzB,CAAC;CAEF,IAAI,CAAC,QAAQ,SAAS,CAAC,MAAM,CAAC,MAAM;EAClC,+BAA+B,SAAS,SAAS,QAAQ;EACzD,OAAO,IAAI,SAAS,SAAS,MAAM;GACjC,QAAQ,SAAS;GACjB,YAAY,SAAS;GACrB;GACD,CAAC;;CAGJ,OAAO;;AAGT,eAAe,oBACb,SACA,SACA,6BACmB;CACnB,MAAM,eAAe,QAAQ,IAAI,aAAa,eAAe,YAAY,KAAK,GAAG;CAEjF,IAAI,QAAQ,IAAI,aAAa,cAAc;EACzC,MAAM,cAAc,QAAQ,2BAA2B,QAAQ;EAC/D,IAAI,aAAa,OAAO;;CAG1B,MAAM,aAAa,oBAAoB,SAAS,QAAQ,SAAS;CACjE,IAAI,sBAAsB,UAAU,OAAO;CAE3C,MAAM,EAAE,KAAK,cAAc,2BAA2B,oBAAoB,eACxE;CACF,IAAI,EAAE,UAAU,kBAAkB;CAElC,MAAM,4BAA4B,MAAM,2BAA2B,SAAS;EAC1E,qBAAqB;GACnB,OAAO,QAAQ,IAAI,qBAAqB;;EAE1C,iBAAiB,QAAQ;EACzB;EACA,yBAAyB,QAAQ;EACjC,iBAAiB,QAAQ;EAC1B,CAAC;CACF,IAAI,2BAA2B,OAAO;CAEtC,MAAM,wBAAwB,uBAC5B,UACA,QAAQ,UACR,QAAQ,eACR,IAAI,OACL;CACD,IAAI,uBAAuB,OAAO;CAGlC,MAAM,WAAW,cADQ,eAAe,SAEtB,EAChB,QAAQ,iBACR,4BACD;CACD,IAAI,UAAU;EACZ,MAAM,cAAc,oBAClB,gCAAgC,SAAS,aAAa,QAAQ,SAAS,CACxE;EACD,MAAM,WACJ,gBAAgB,QAAQ,QAAQ,IAAA,MAAe,KAAK,MAChD,MAAM,0BAA0B,aAAa,QAAQ,GACrD;EACN,OAAO,IAAI,SAAS,MAAM;GACxB,QAAQ,SAAS,YAAY,MAAM;GACnC,SAAS,EAAE,UAAU,UAAU;GAChC,CAAC;;CAGJ,MAAM,0BAA0B,MAAM,qCAAqC;EACzE;EACA;EACD,CAAC;CACF,IAAI,yBAAyB,OAAO;CAEpC,MAAM,oBAA6C;EACjD,SAAS;EACT,gBAAgB;EAChB,QAAQ;EACT;CAED,IAAI,QAAQ,kBAAkB;EAC5B,MAAM,mBAAmB,MAAM,mBAAmB;GAChD,UAAU,QAAQ;GAClB;GACA,SAAS;GACT,YAAY,QAAQ;GACpB,SAAS,QAAQ;GACjB,QAAQ,QAAQ;GAChB;GACD,CAAC;EACF,IAAI,iBAAiB,SAAS,YAC5B,OAAO,uCAAuC,iBAAiB,UAAU;GACvE,eAAe,QAAQ;GACvB,UAAU;GACV,gBAAgB;GACjB,CAAC;EAGJ,gBAAgB,iBAAiB;EACjC,IAAI,iBAAiB,WAAW,MAC9B,IAAI,SAAS,iBAAiB;;CAIlC,MAAM,cAAc,gCAAgC,QAAQ,SAAS,kBAAkB,QAAQ;CAC/F,MAAM,+BAA+B,0BAA0B,QAAQ;CAEvE,MAAM,qBAAqB,MAAM,aAC/B;EACE,qBAAqB,QAAQ;EAC7B;EACA,gBAAgB;EAChB,UAAU,QAAQ,eAAe;EAClC,EACD,cACD;CACD,IAAI,8BAA8B,UAAU,OAAO;CACnD,IAAI,oBAAoB,gBAAgB;CAExC,IAAI,kBAAkB,kBAAkB;EACtC,MAAM,iBAAiB,iBAAiB,IAAI,aAAa,IAAI,MAAM,EAAE,QAAQ,IAAI;EACjF,IAAI,0BAA0B,UAAU,OAAO;EAC/C,OAAO,SAAS,SAAS,IAAI,IAAI,gBAAgB,IAAI,OAAO,CAAC,MAAM,IAAI;;CAGzE,MAAM,wBAAwB,MAAM,2BAA2B;EAC7D,gBAAgB,QAAQ;EACxB;EACA,oBAAoB,QAAQ;EAC7B,CAAC;CACF,IAAI,uBAAuB,OAAO;CAElC,MAAM,qBAAqB,uBAAuB;EAChD;EACA;EACA;EACA,aAAa,QAAQ;EACrB;EACD,CAAC;CACF,IAAI,oBAAoB;EACtB,QAAQ,qBAAqB;EAC7B,OAAO;;CAGT,IAAI,cACF,gCAAgC,IAAI;CAGtC,QAAQ,qBAAqB;EAC3B,UAAU;EACV,cAAc,IAAI;EAClB,QAAQ,EAAE;EACX,CAAC;CAEF,MAAM,WACJ,QAAQ,QAAQ,IAAA,eAAsB,IAAI,QAAQ,QAAQ,IAAA,cAAuB;CACnF,MAAM,cAAc,QAAQ,QAAQ,IAAI,eAAe,IAAI;CAE3D,MAAM,0BAA0B,MAAM,QAAQ,+BAA+B;EAC3E;EACA;EACA;EACA;EACA;EACD,CAAC;CACF,IAAI,mCAAmC,UAAU,OAAO;CACxD,MAAM,4BAA4B,yBAAyB,SAAS;CACpE,MAAM,YAAY,4BAA4B,wBAAwB,YAAY;CAClF,MAAM,gCACJ,6BAA6B,kBAAkB,0BAC3C,0BACA;CACN,MAAM,eAAe,kCAAkC;CACvD,MAAM,cAAc,+BAA+B;CAEnD,MAAM,uBAAuB,MAAM,QAAQ,0BAA0B;EACnE;EACA;EACA;EACA,qBAAqB;EACrB;EACA;EACA;EACA;EACA,cAAc,IAAI;EACnB,CAAC;CACF,IAAI,sBAAsB,OAAO;CAEjC,IAAI,QAAQ,QAAQ,WAAW,cAAc;CAC7C,IAAI,CAAC,SAAS,MAAM,MAAM,WAAW;EACnC,MAAM,oBAAoB,MAAM,aAC9B;GACE,qBAAqB,QAAQ;GAC7B;GACA,gBAAgB;GAChB,UAAU,QAAQ,eAAe;GAClC,EACD,cACD;EACD,IAAI,6BAA6B,UAAU,OAAO;EAClD,IAAI,mBAAmB;GACrB,gBAAgB;GAChB,QAAQ,QAAQ,WAAW,cAAc;;;CAI7C,IAAI,CAAC,OAAO;EACV,MAAM,kBAAkB,MAAM,aAC5B;GACE,qBAAqB,QAAQ;GAC7B;GACA,gBAAgB;GAChB,UAAU,QAAQ,eAAe;GAClC,EACD,cACD;EACD,IAAI,2BAA2B,UAAU,OAAO;EAChD,IAAI,iBAAiB;GACnB,gBAAgB;GAChB,QAAQ,QAAQ,WAAW,cAAc;;;CAI7C,IAAI,CAAC,OAAO;EACV,MAAM,wBAAwB,MAAM,QAAQ,sBAAsB;GAChE;GACA;GACA;GACA;GACD,CAAC;EACF,IAAI,uBAAuB;GACzB,QAAQ,qBAAqB;GAC7B,OAAO;;EAGT,MAAM,2BAA2B,MAAM,QAAQ,eAAe;GAC5D;GACA;GACA;GACA,OAAO;GACP;GACD,CAAC;EACF,IAAI,0BAA0B,OAAO;EAErC,QAAQ,qBAAqB;EAC7B,MAAM,UAAU,IAAI,SAAS;EAC7B,+BAA+B,SAAS,kBAAkB,QAAQ;EAClE,OAAO,iBAAiB,EAAE,SAAS,CAAC;;CAGtC,MAAM,EAAE,OAAO,WAAW;CAC1B,QAAQ,qBAAqB;EAC3B,UAAU;EACV,cAAc,IAAI;EAClB;EACD,CAAC;CACF,cAAc,eAAe,QAAQ,MAAM,eAAe,CAAC;CAE3D,IAAI,MAAM,cAAc;EACtB,wBACE,mBAAmB,eAAe,EAAE,EAAE,CAAC,GAAG,MAAM,cAAc,EAAE,QAAQ,CACzE;EACD,OAAO,QAAQ,4BAA4B;GACzC;GACA;GACA;GACA;GACA;GACA,cAAc,IAAI;GACnB,CAAC;;CAGJ,OAAO,QAAQ,oBAAoB;EACjC;EACA;EACA;EACA;EACA;EACA,qBAAqB;EACrB;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA,cAAc,IAAI;EAClB;EACD,CAAC;;AAGJ,SAAgB,oBACd,SACuD;CACvD,OAAO,eAAe,cAAc,YAAY,KAAK;EACnD,MAAM,QAAQ,yBAAyB;EAcvC,MAAM,QAAQ,WAAW,QAAQ,IAAI,qBAAqB;EAC1D,MAAM,kBAAkB,sBAAsB,WAAW,QAAQ;EACjE,IAAI,UAAU,MACZ,gBAAgB,IAAI,sBAAsB,MAAM;EAElD,MAAM,UAAU,wBAAwB,YAAY,gBAAgB;EAEpE,MAAM,mBAAmB,uBAAuB,IAAI,GAChD,MACC,4BAA4B,IAAI;EAQrC,OAAO,sBANgB,qBAAqB;GAC1C,gBAFqB,0BAA0B,QAEjC;GACd;GACA,2BAA2B;GAC5B,CAE0C,QACzC,yBACE,YAAY;GACV,kBAAkB;GAClB,MAAM,8BAA8B,0BAA0B,QAAQ;GACtE,IAAI;GAEJ,IAAI;IACF,WAAW,MAAM,oBAAoB,SAAS,SAAS,4BAA4B;YAC5E,OAAO;IACd,IAAI,QAAQ,IAAI,aAAa,cAC3B,mBAAmB,MAAM;IAE3B,MAAM;;GAGR,OAAO,uBAAuB,UAAU,SAAS;IAC/C,UAAU,QAAQ;IAClB,eAAe,QAAQ;IACvB,gBAAgB;IACjB,CAAC;KAEJ,EAAE,aAAa,IAAI,IAAI,QAAQ,IAAI,CAAC,UAAU,CAC/C,CACF"}
+{"version":3,"file":"app-rsc-handler.js","names":[],"sources":["../../src/server/app-rsc-handler.ts"],"sourcesContent":["import type {\n  NextHeader,\n  NextI18nConfig,\n  NextRedirect,\n  NextRewrite,\n} from \"../config/next-config.js\";\nimport {\n  isExternalUrl,\n  matchRedirect,\n  matchRewrite,\n  proxyExternalRequest,\n  requestContextFromRequest,\n  sanitizeDestination,\n  type BasePathMatchState,\n} from \"../config/config-matchers.js\";\nimport { headersContextFromRequest } from \"vinext/shims/headers\";\nimport {\n  NEXT_ACTION_HEADER,\n  RSC_ACTION_HEADER,\n  RSC_HEADER,\n  VINEXT_MW_CTX_HEADER,\n} from \"./headers.js\";\nimport { ensureFetchPatch, setCurrentFetchSoftTags } from \"vinext/shims/fetch-cache\";\nimport type { ReactFormState } from \"react-dom/client\";\nimport {\n  getRequestExecutionContext,\n  type ExecutionContextLike,\n} from \"vinext/shims/request-context\";\nimport { pickRootParams, setRootParams, type RootParams } from \"vinext/shims/root-params\";\nimport { createRequestContext, runWithRequestContext } from \"vinext/shims/unified-request-context\";\nimport { flattenErrorCauses } from \"../utils/error-cause.js\";\nimport { hasBasePath } from \"../utils/base-path.js\";\nimport { applyAppMiddleware, type AppMiddlewareContext } from \"./app-middleware.js\";\nimport { mergeMiddlewareResponseHeaders } from \"./app-page-response.js\";\nimport { handleAppPrerenderEndpoint } from \"./app-prerender-endpoints.js\";\nimport {\n  createRscRedirectLocation,\n  resolveInvalidRscCacheBustingRequest,\n  stripRscCacheBustingSearchParam,\n  stripRscSuffix,\n} from \"./app-rsc-cache-busting.js\";\nimport { finalizeAppRscResponse } from \"./app-rsc-response-finalizer.js\";\nimport { normalizeRscRequest } from \"./app-rsc-request-normalization.js\";\nimport { normalizeDefaultLocalePathname } from \"./pages-i18n.js\";\nimport { notFoundResponse } from \"./http-error-responses.js\";\nimport { getScriptNonceFromHeaderSources } from \"./csp.js\";\nimport { buildPageCacheTags } from \"./implicit-tags.js\";\nimport { handleMetadataRouteRequest } from \"./metadata-route-response.js\";\nimport type { MiddlewareModule } from \"./middleware-runtime.js\";\nimport { runWithPrerenderWorkUnit } from \"./prerender-work-unit-setup.js\";\nimport { buildPostMwRequestContext } from \"./app-post-middleware-context.js\";\nimport type { AppRscRenderMode } from \"./app-rsc-render-mode.js\";\nimport {\n  cloneRequestWithHeaders,\n  filterInternalHeaders,\n  applyConfigHeadersToResponse,\n  normalizeTrailingSlash,\n  resolvePublicFileRoute,\n  validateImageUrl,\n} from \"./request-pipeline.js\";\n\ntype AppPageParams = Record<string, string | string[]>;\ntype RequestContext = ReturnType<typeof requestContextFromRequest>;\ntype MetadataRoutes = Parameters<typeof handleMetadataRouteRequest>[0][\"metadataRoutes\"];\ntype MakeThenableParams = Parameters<typeof handleMetadataRouteRequest>[0][\"makeThenableParams\"];\ntype StaticParamsMap = Parameters<typeof handleAppPrerenderEndpoint>[1][\"staticParamsMap\"];\ntype RootParamNamesMap = Parameters<\n  typeof handleAppPrerenderEndpoint\n>[1][\"rootParamNamesByPattern\"];\n\ntype AppRscMiddlewareContext = AppMiddlewareContext;\n\ntype AppRscHandlerRoute = {\n  isDynamic: boolean;\n  page?: unknown;\n  pattern: string;\n  rootParamNames?: readonly string[];\n  routeHandler?: unknown;\n  routeSegments: readonly string[];\n};\n\ntype AppRscRouteMatch<TRoute> = {\n  params: AppPageParams;\n  route: TRoute;\n};\n\ntype DispatchMatchedPageOptions<TRoute> = {\n  cleanPathname: string;\n  formState: ReactFormState | null;\n  actionError?: unknown;\n  actionFailed?: boolean;\n  handlerStart: number;\n  interceptionContext: string | null;\n  isProgressiveActionRender: boolean;\n  isRscRequest: boolean;\n  middlewareContext: AppRscMiddlewareContext;\n  mountedSlotsHeader: string | null;\n  params: AppPageParams;\n  rootParams?: RootParams;\n  request: Request;\n  route: TRoute;\n  scriptNonce?: string;\n  searchParams: URLSearchParams;\n  renderMode: AppRscRenderMode;\n};\n\ntype DispatchMatchedRouteHandlerOptions<TRoute> = {\n  cleanPathname: string;\n  middlewareContext: AppRscMiddlewareContext;\n  /**\n   * `null` for non-dynamic routes. Mirrors Next.js' route handler context\n   * shape: user code that does `params ? await params : null` resolves to\n   * `null` for routes without dynamic segments. Dynamic routes receive the\n   * matched params object.\n   */\n  params: AppPageParams | null;\n  request: Request;\n  route: TRoute;\n  searchParams: URLSearchParams;\n};\n\ntype HandleProgressiveActionRequestOptions = {\n  actionId: string | null;\n  cleanPathname: string;\n  contentType: string;\n  middlewareContext: AppRscMiddlewareContext;\n  request: Request;\n};\n\ntype ProgressiveActionFormStateResult =\n  | {\n      formState: ReactFormState | null;\n      kind: \"form-state\";\n    }\n  | {\n      actionError: unknown;\n      actionFailed: true;\n      formState: null;\n      kind: \"form-state\";\n    };\n\ntype HandleServerActionRequestOptions = {\n  actionId: string | null;\n  cleanPathname: string;\n  contentType: string;\n  interceptionContext: string | null;\n  isRscRequest: boolean;\n  middlewareContext: AppRscMiddlewareContext;\n  mountedSlotsHeader: string | null;\n  request: Request;\n  searchParams: URLSearchParams;\n};\n\ntype RenderNotFoundOptions<TRoute> = {\n  isRscRequest: boolean;\n  matchedParams?: AppPageParams;\n  middlewareContext: AppRscMiddlewareContext;\n  request: Request;\n  route: TRoute | null;\n  scriptNonce?: string;\n};\n\ntype RenderPagesFallbackOptions = {\n  isRscRequest: boolean;\n  middlewareContext: AppRscMiddlewareContext;\n  request: Request;\n  url: URL;\n};\n\ntype NavigationContextValue = {\n  params: AppPageParams;\n  pathname: string;\n  searchParams: URLSearchParams;\n};\n\ntype CreateAppRscHandlerOptions<TRoute extends AppRscHandlerRoute> = {\n  basePath: string;\n  clearRequestContext: () => void;\n  configHeaders: NextHeader[];\n  configRedirects: NextRedirect[];\n  configRewrites: {\n    afterFiles: NextRewrite[];\n    beforeFiles: NextRewrite[];\n    fallback: NextRewrite[];\n  };\n  dispatchMatchedPage: (options: DispatchMatchedPageOptions<TRoute>) => Promise<Response>;\n  dispatchMatchedRouteHandler: (\n    options: DispatchMatchedRouteHandlerOptions<TRoute>,\n  ) => Promise<Response>;\n  ensureInstrumentation?: () => Promise<void>;\n  handleProgressiveActionRequest: (\n    options: HandleProgressiveActionRequestOptions,\n  ) => Promise<Response | ProgressiveActionFormStateResult | null>;\n  handleServerActionRequest: (\n    options: HandleServerActionRequestOptions,\n  ) => Promise<Response | null>;\n  i18nConfig: NextI18nConfig | null;\n  isMiddlewareProxy: boolean;\n  loadPrerenderPagesRoutes?: () => Promise<unknown>;\n  makeThenableParams: MakeThenableParams;\n  matchRoute: (pathname: string) => AppRscRouteMatch<TRoute> | null;\n  metadataRoutes: MetadataRoutes;\n  middlewareModule: MiddlewareModule | null;\n  publicFiles: ReadonlySet<string>;\n  renderNotFound: (options: RenderNotFoundOptions<TRoute>) => Promise<Response | null>;\n  renderPagesFallback?: (options: RenderPagesFallbackOptions) => Promise<Response | null>;\n  rootParamNamesByPattern?: RootParamNamesMap;\n  setNavigationContext: (context: NavigationContextValue) => void;\n  staticParamsMap: StaticParamsMap;\n  trailingSlash: boolean;\n  validateDevRequestOrigin?: (request: Request) => Response | null;\n};\n\nfunction hasProperty<TKey extends PropertyKey>(\n  value: object,\n  key: TKey,\n): value is object & Record<TKey, unknown> {\n  return key in value;\n}\n\nfunction isExecutionContextLike(value: unknown): value is ExecutionContextLike {\n  if (!value || typeof value !== \"object\") return false;\n  return hasProperty(value, \"waitUntil\") && typeof value.waitUntil === \"function\";\n}\n\n// TODO(#1333): once App Router supports `basePath: false` rules (see\n// `normalizeRscRequest` — it 404s out-of-basePath requests before they\n// reach this code), pass `hadBasePath` here and skip the prefix when\n// false, mirroring the same guard in `prod-server.ts` and `deploy.ts`.\nfunction redirectDestinationWithBasePath(destination: string, basePath: string): string {\n  if (!basePath || isExternalUrl(destination) || hasBasePath(destination, basePath)) {\n    return destination;\n  }\n  return basePath + destination;\n}\n\nasync function applyRewrite(\n  options: {\n    basePathState: BasePathMatchState;\n    clearRequestContext: () => void;\n    request: Request;\n    requestContext: RequestContext;\n    rewrites: NextRewrite[];\n  },\n  cleanPathname: string,\n): Promise<Response | string | null> {\n  if (!options.rewrites.length) return null;\n\n  const rewritten = matchRewrite(\n    cleanPathname,\n    options.rewrites,\n    options.requestContext,\n    options.basePathState,\n  );\n  if (!rewritten) return null;\n\n  if (isExternalUrl(rewritten)) {\n    options.clearRequestContext();\n    return proxyExternalRequest(options.request, rewritten);\n  }\n\n  return rewritten;\n}\n\nfunction applyConfigHeadersToMiddlewareRedirect(\n  response: Response,\n  options: {\n    basePathState: BasePathMatchState;\n    configHeaders: NextHeader[];\n    pathname: string;\n    requestContext: RequestContext;\n  },\n): Response {\n  // Non-redirect middleware responses still pass through finalization, where\n  // config headers are applied once. Redirects skip finalization to avoid\n  // mutating immutable redirect headers, so they need the earlier header layer here.\n  if (response.status < 300 || response.status >= 400) return response;\n  if (!options.configHeaders.length) return response;\n\n  const headers = new Headers();\n  applyConfigHeadersToResponse(headers, {\n    configHeaders: options.configHeaders,\n    pathname: options.pathname,\n    requestContext: options.requestContext,\n    basePathState: options.basePathState,\n  });\n\n  if (!headers.entries().next().done) {\n    mergeMiddlewareResponseHeaders(headers, response.headers);\n    return new Response(response.body, {\n      status: response.status,\n      statusText: response.statusText,\n      headers,\n    });\n  }\n\n  return response;\n}\n\nasync function handleAppRscRequest<TRoute extends AppRscHandlerRoute>(\n  options: CreateAppRscHandlerOptions<TRoute>,\n  request: Request,\n  preMiddlewareRequestContext: RequestContext,\n  isDataRequest: boolean,\n): Promise<Response> {\n  const handlerStart = process.env.NODE_ENV !== \"production\" ? performance.now() : 0;\n\n  if (process.env.NODE_ENV !== \"production\") {\n    const originBlock = options.validateDevRequestOrigin?.(request);\n    if (originBlock) return originBlock;\n  }\n\n  const normalized = normalizeRscRequest(request, options.basePath);\n  if (normalized instanceof Response) return normalized;\n\n  const { url, isRscRequest, interceptionContextHeader, mountedSlotsHeader, renderMode } =\n    normalized;\n  let { pathname, cleanPathname } = normalized;\n  // Canonical (external) pathname the user requested. Middleware rewrites and\n  // next.config.js rewrites mutate `cleanPathname` so internal route matching\n  // can find the destination page, but hooks like `usePathname()` must reflect\n  // the original URL the user sees in the address bar.\n  // Matches Next.js: test/e2e/app-dir/hooks/hooks.test.ts —\n  //   \"should have the canonical url pathname on rewrite\"\n  const canonicalPathname = cleanPathname;\n\n  // The request reached this point so it was either under basePath (stripped\n  // by normalizeRscRequest) or basePath is empty. In both cases the matcher\n  // gating below treats default (basePath: true) rules as eligible. The App\n  // Router does not yet support `basePath: false` rules — they would need a\n  // pre-strip hook in normalizeRscRequest to fire. Tracked as follow-up to\n  // issue #1333.\n  const basePathState = { basePath: options.basePath, hadBasePath: true };\n\n  const prerenderEndpointResponse = await handleAppPrerenderEndpoint(request, {\n    isPrerenderEnabled() {\n      return process.env.VINEXT_PRERENDER === \"1\";\n    },\n    loadPagesRoutes: options.loadPrerenderPagesRoutes,\n    pathname,\n    rootParamNamesByPattern: options.rootParamNamesByPattern,\n    staticParamsMap: options.staticParamsMap,\n  });\n  if (prerenderEndpointResponse) return prerenderEndpointResponse;\n\n  const trailingSlashRedirect = normalizeTrailingSlash(\n    pathname,\n    options.basePath,\n    options.trailingSlash,\n    url.search,\n  );\n  if (trailingSlashRedirect) return trailingSlashRedirect;\n\n  // Default-locale path normalisation (issue #1336, item 4). Next.js\n  // splices in the (domain-aware) default locale on every request that\n  // arrives without a locale prefix before running config redirect / rewrite\n  // / header matching. Mirrors resolve-routes.ts lines ~250-263.\n  //\n  // Defined once here so the same helper is reused for the redirect match\n  // below, the middleware-redirect config header match further down, and the\n  // post-middleware rewrite matches. `i18nConfig` and `url.hostname` are\n  // request-scoped constants from this point on.\n  const matchPathname = (p: string): string =>\n    normalizeDefaultLocalePathname(p, options.i18nConfig, { hostname: url.hostname });\n\n  const redirectPathname = matchPathname(stripRscSuffix(pathname));\n  const redirect = matchRedirect(\n    redirectPathname,\n    options.configRedirects,\n    preMiddlewareRequestContext,\n    basePathState,\n  );\n  if (redirect) {\n    const destination = sanitizeDestination(\n      redirectDestinationWithBasePath(redirect.destination, options.basePath),\n    );\n    const location =\n      isRscRequest && request.headers.get(RSC_HEADER) === \"1\"\n        ? await createRscRedirectLocation(destination, request)\n        : destination;\n    return new Response(null, {\n      status: redirect.permanent ? 308 : 307,\n      headers: { Location: location },\n    });\n  }\n\n  const rscCacheBustingRedirect = await resolveInvalidRscCacheBustingRequest({\n    isRscRequest,\n    request,\n  });\n  if (rscCacheBustingRedirect) return rscCacheBustingRedirect;\n\n  const middlewareContext: AppRscMiddlewareContext = {\n    headers: null,\n    requestHeaders: null,\n    status: null,\n  };\n\n  if (options.middlewareModule) {\n    const middlewareResult = await applyAppMiddleware({\n      basePath: options.basePath,\n      cleanPathname,\n      context: middlewareContext,\n      i18nConfig: options.i18nConfig,\n      isDataRequest,\n      isProxy: options.isMiddlewareProxy,\n      module: options.middlewareModule,\n      request,\n      trailingSlash: options.trailingSlash,\n    });\n    if (middlewareResult.kind === \"response\") {\n      return applyConfigHeadersToMiddlewareRedirect(middlewareResult.response, {\n        basePathState,\n        configHeaders: options.configHeaders,\n        pathname: matchPathname(cleanPathname),\n        requestContext: preMiddlewareRequestContext,\n      });\n    }\n\n    cleanPathname = middlewareResult.cleanPathname;\n    if (middlewareResult.search !== null) {\n      url.search = middlewareResult.search;\n    }\n  }\n\n  const scriptNonce = getScriptNonceFromHeaderSources(request.headers, middlewareContext.headers);\n  const postMiddlewareRequestContext = buildPostMwRequestContext(request);\n\n  // Rewrites (beforeFiles, afterFiles, fallback) use `matchPathname` from\n  // above to splice in the default locale before matching. Route matching\n  // itself continues to use the un-prefixed `cleanPathname` because App\n  // Router files live under `app/...` with no locale segment. See issue\n  // #1336 item 4 / pages-i18n.normalizeDefaultLocalePathname.\n  const beforeFilesRewrite = await applyRewrite(\n    {\n      basePathState,\n      clearRequestContext: options.clearRequestContext,\n      request,\n      requestContext: postMiddlewareRequestContext,\n      rewrites: options.configRewrites.beforeFiles,\n    },\n    matchPathname(cleanPathname),\n  );\n  if (beforeFilesRewrite instanceof Response) return beforeFilesRewrite;\n  if (beforeFilesRewrite) cleanPathname = beforeFilesRewrite;\n\n  if (cleanPathname === \"/_vinext/image\") {\n    const imageUrlResult = validateImageUrl(url.searchParams.get(\"url\"), request.url);\n    if (imageUrlResult instanceof Response) return imageUrlResult;\n    return Response.redirect(new URL(imageUrlResult, url.origin).href, 302);\n  }\n\n  const metadataRouteResponse = await handleMetadataRouteRequest({\n    metadataRoutes: options.metadataRoutes,\n    cleanPathname,\n    makeThenableParams: options.makeThenableParams,\n  });\n  if (metadataRouteResponse) return metadataRouteResponse;\n\n  const publicFileResponse = resolvePublicFileRoute({\n    cleanPathname,\n    middlewareContext,\n    pathname,\n    publicFiles: options.publicFiles,\n    request,\n  });\n  if (publicFileResponse) {\n    options.clearRequestContext();\n    return publicFileResponse;\n  }\n\n  if (isRscRequest) {\n    stripRscCacheBustingSearchParam(url);\n  }\n\n  options.setNavigationContext({\n    pathname: canonicalPathname,\n    searchParams: url.searchParams,\n    params: {},\n  });\n\n  const actionId =\n    request.headers.get(RSC_ACTION_HEADER) ?? request.headers.get(NEXT_ACTION_HEADER);\n  const contentType = request.headers.get(\"content-type\") || \"\";\n\n  const progressiveActionResult = await options.handleProgressiveActionRequest({\n    actionId,\n    cleanPathname,\n    contentType,\n    middlewareContext,\n    request,\n  });\n  if (progressiveActionResult instanceof Response) return progressiveActionResult;\n  const isProgressiveActionRender = progressiveActionResult?.kind === \"form-state\";\n  const formState = isProgressiveActionRender ? progressiveActionResult.formState : null;\n  const failedProgressiveActionResult =\n    isProgressiveActionRender && \"actionFailed\" in progressiveActionResult\n      ? progressiveActionResult\n      : null;\n  const actionFailed = failedProgressiveActionResult !== null;\n  const actionError = failedProgressiveActionResult?.actionError;\n\n  const serverActionResponse = await options.handleServerActionRequest({\n    actionId,\n    cleanPathname,\n    contentType,\n    interceptionContext: interceptionContextHeader,\n    isRscRequest,\n    middlewareContext,\n    mountedSlotsHeader,\n    request,\n    searchParams: url.searchParams,\n  });\n  if (serverActionResponse) return serverActionResponse;\n\n  let match = options.matchRoute(cleanPathname);\n  if (!match || match.route.isDynamic) {\n    const afterFilesRewrite = await applyRewrite(\n      {\n        basePathState,\n        clearRequestContext: options.clearRequestContext,\n        request,\n        requestContext: postMiddlewareRequestContext,\n        rewrites: options.configRewrites.afterFiles,\n      },\n      matchPathname(cleanPathname),\n    );\n    if (afterFilesRewrite instanceof Response) return afterFilesRewrite;\n    if (afterFilesRewrite) {\n      cleanPathname = afterFilesRewrite;\n      match = options.matchRoute(cleanPathname);\n    }\n  }\n\n  if (!match) {\n    const fallbackRewrite = await applyRewrite(\n      {\n        basePathState,\n        clearRequestContext: options.clearRequestContext,\n        request,\n        requestContext: postMiddlewareRequestContext,\n        rewrites: options.configRewrites.fallback,\n      },\n      matchPathname(cleanPathname),\n    );\n    if (fallbackRewrite instanceof Response) return fallbackRewrite;\n    if (fallbackRewrite) {\n      cleanPathname = fallbackRewrite;\n      match = options.matchRoute(cleanPathname);\n    }\n  }\n\n  if (!match) {\n    const pagesFallbackResponse = await options.renderPagesFallback?.({\n      isRscRequest,\n      middlewareContext,\n      request,\n      url,\n    });\n    if (pagesFallbackResponse) {\n      options.clearRequestContext();\n      return pagesFallbackResponse;\n    }\n\n    const renderedNotFoundResponse = await options.renderNotFound({\n      isRscRequest,\n      middlewareContext,\n      request,\n      route: null,\n      scriptNonce,\n    });\n    if (renderedNotFoundResponse) return renderedNotFoundResponse;\n\n    options.clearRequestContext();\n    const headers = new Headers();\n    mergeMiddlewareResponseHeaders(headers, middlewareContext.headers);\n    return notFoundResponse({ headers });\n  }\n\n  const { route, params } = match;\n  options.setNavigationContext({\n    pathname: canonicalPathname,\n    searchParams: url.searchParams,\n    params,\n  });\n  const rootParams = pickRootParams(params, route.rootParamNames);\n  setRootParams(rootParams);\n\n  if (route.routeHandler) {\n    setCurrentFetchSoftTags(\n      buildPageCacheTags(cleanPathname, [], [...route.routeSegments], \"route\"),\n    );\n    return options.dispatchMatchedRouteHandler({\n      cleanPathname,\n      middlewareContext,\n      // Non-dynamic routes report params as `null` to match Next.js. Internal\n      // bookkeeping above (navigation context, root params) keeps the matched\n      // object (always `{}` for non-dynamic) so `useParams()` etc. still see\n      // an object shape; only the user-facing handler context surfaces null.\n      params: route.isDynamic ? params : null,\n      request,\n      route,\n      searchParams: url.searchParams,\n    });\n  }\n\n  return options.dispatchMatchedPage({\n    cleanPathname,\n    formState,\n    actionError,\n    actionFailed,\n    handlerStart,\n    interceptionContext: interceptionContextHeader,\n    isProgressiveActionRender,\n    isRscRequest,\n    middlewareContext,\n    mountedSlotsHeader,\n    params,\n    rootParams,\n    request,\n    route,\n    scriptNonce,\n    searchParams: url.searchParams,\n    renderMode,\n  });\n}\n\nexport function createAppRscHandler<TRoute extends AppRscHandlerRoute>(\n  options: CreateAppRscHandlerOptions<TRoute>,\n): (request: Request, ctx: unknown) => Promise<Response> {\n  return async function appRscHandler(rawRequest, ctx) {\n    await options.ensureInstrumentation?.();\n\n    // Strip forged internal headers at the App Router request boundary.\n    // Must happen BEFORE headersContextFromRequest() and\n    // requestContextFromRequest() so the captured context never contains\n    // attacker-controlled internal headers. This is the correct boundary\n    // for pure App Router requests; in hybrid app+pages mode the connect\n    // handler already filtered headers upstream and x-vinext-mw-ctx\n    // (not in INTERNAL_HEADERS) carries the forwarded middleware context.\n    // srvx's NodeRequestHeaders reads from rawHeaders for iteration but falls\n    // back to req.headers for .get() / .has(). In the dev server we add\n    // x-vinext-mw-ctx to req.headers after the Request is built, so it is\n    // visible to .get() but lost when filterInternalHeaders iterates. Read it\n    // BEFORE iterating so applyForwardedMiddlewareContext can skip middleware.\n    const mwCtx = rawRequest.headers.get(VINEXT_MW_CTX_HEADER);\n    // Capture `x-nextjs-data` before filtering — the middleware redirect\n    // protocol needs to know whether the inbound request was a `_next/data`\n    // fetch to emit `x-nextjs-redirect` instead of an HTTP redirect.\n    const isDataRequest = rawRequest.headers.get(\"x-nextjs-data\") === \"1\";\n    const filteredHeaders = filterInternalHeaders(rawRequest.headers);\n    if (mwCtx !== null) {\n      filteredHeaders.set(VINEXT_MW_CTX_HEADER, mwCtx);\n    }\n    const request = cloneRequestWithHeaders(rawRequest, filteredHeaders);\n\n    const executionContext = isExecutionContextLike(ctx)\n      ? ctx\n      : (getRequestExecutionContext() ?? null);\n    const headersContext = headersContextFromRequest(request);\n    const requestContext = createRequestContext({\n      headersContext,\n      executionContext,\n      unstableCacheRevalidation: \"background\",\n    });\n\n    return runWithRequestContext(requestContext, () =>\n      runWithPrerenderWorkUnit(\n        async () => {\n          ensureFetchPatch();\n          const preMiddlewareRequestContext = requestContextFromRequest(request);\n          let response: Response;\n\n          try {\n            response = await handleAppRscRequest(\n              options,\n              request,\n              preMiddlewareRequestContext,\n              isDataRequest,\n            );\n          } catch (error) {\n            if (process.env.NODE_ENV !== \"production\") {\n              flattenErrorCauses(error);\n            }\n            throw error;\n          }\n\n          return finalizeAppRscResponse(response, request, {\n            basePath: options.basePath,\n            configHeaders: options.configHeaders,\n            i18nConfig: options.i18nConfig,\n            requestContext: preMiddlewareRequestContext,\n          });\n        },\n        { route: () => new URL(request.url).pathname },\n      ),\n    );\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAqNA,SAAS,YACP,OACA,KACyC;CACzC,OAAO,OAAO;;AAGhB,SAAS,uBAAuB,OAA+C;CAC7E,IAAI,CAAC,SAAS,OAAO,UAAU,UAAU,OAAO;CAChD,OAAO,YAAY,OAAO,YAAY,IAAI,OAAO,MAAM,cAAc;;AAOvE,SAAS,gCAAgC,aAAqB,UAA0B;CACtF,IAAI,CAAC,YAAY,cAAc,YAAY,IAAI,YAAY,aAAa,SAAS,EAC/E,OAAO;CAET,OAAO,WAAW;;AAGpB,eAAe,aACb,SAOA,eACmC;CACnC,IAAI,CAAC,QAAQ,SAAS,QAAQ,OAAO;CAErC,MAAM,YAAY,aAChB,eACA,QAAQ,UACR,QAAQ,gBACR,QAAQ,cACT;CACD,IAAI,CAAC,WAAW,OAAO;CAEvB,IAAI,cAAc,UAAU,EAAE;EAC5B,QAAQ,qBAAqB;EAC7B,OAAO,qBAAqB,QAAQ,SAAS,UAAU;;CAGzD,OAAO;;AAGT,SAAS,uCACP,UACA,SAMU;CAIV,IAAI,SAAS,SAAS,OAAO,SAAS,UAAU,KAAK,OAAO;CAC5D,IAAI,CAAC,QAAQ,cAAc,QAAQ,OAAO;CAE1C,MAAM,UAAU,IAAI,SAAS;CAC7B,6BAA6B,SAAS;EACpC,eAAe,QAAQ;EACvB,UAAU,QAAQ;EAClB,gBAAgB,QAAQ;EACxB,eAAe,QAAQ;EACxB,CAAC;CAEF,IAAI,CAAC,QAAQ,SAAS,CAAC,MAAM,CAAC,MAAM;EAClC,+BAA+B,SAAS,SAAS,QAAQ;EACzD,OAAO,IAAI,SAAS,SAAS,MAAM;GACjC,QAAQ,SAAS;GACjB,YAAY,SAAS;GACrB;GACD,CAAC;;CAGJ,OAAO;;AAGT,eAAe,oBACb,SACA,SACA,6BACA,eACmB;CACnB,MAAM,eAAe,QAAQ,IAAI,aAAa,eAAe,YAAY,KAAK,GAAG;CAEjF,IAAI,QAAQ,IAAI,aAAa,cAAc;EACzC,MAAM,cAAc,QAAQ,2BAA2B,QAAQ;EAC/D,IAAI,aAAa,OAAO;;CAG1B,MAAM,aAAa,oBAAoB,SAAS,QAAQ,SAAS;CACjE,IAAI,sBAAsB,UAAU,OAAO;CAE3C,MAAM,EAAE,KAAK,cAAc,2BAA2B,oBAAoB,eACxE;CACF,IAAI,EAAE,UAAU,kBAAkB;CAOlC,MAAM,oBAAoB;CAQ1B,MAAM,gBAAgB;EAAE,UAAU,QAAQ;EAAU,aAAa;EAAM;CAEvE,MAAM,4BAA4B,MAAM,2BAA2B,SAAS;EAC1E,qBAAqB;GACnB,OAAO,QAAQ,IAAI,qBAAqB;;EAE1C,iBAAiB,QAAQ;EACzB;EACA,yBAAyB,QAAQ;EACjC,iBAAiB,QAAQ;EAC1B,CAAC;CACF,IAAI,2BAA2B,OAAO;CAEtC,MAAM,wBAAwB,uBAC5B,UACA,QAAQ,UACR,QAAQ,eACR,IAAI,OACL;CACD,IAAI,uBAAuB,OAAO;CAWlC,MAAM,iBAAiB,MACrB,+BAA+B,GAAG,QAAQ,YAAY,EAAE,UAAU,IAAI,UAAU,CAAC;CAGnF,MAAM,WAAW,cADQ,cAAc,eAAe,SAAS,CAE7C,EAChB,QAAQ,iBACR,6BACA,cACD;CACD,IAAI,UAAU;EACZ,MAAM,cAAc,oBAClB,gCAAgC,SAAS,aAAa,QAAQ,SAAS,CACxE;EACD,MAAM,WACJ,gBAAgB,QAAQ,QAAQ,IAAA,MAAe,KAAK,MAChD,MAAM,0BAA0B,aAAa,QAAQ,GACrD;EACN,OAAO,IAAI,SAAS,MAAM;GACxB,QAAQ,SAAS,YAAY,MAAM;GACnC,SAAS,EAAE,UAAU,UAAU;GAChC,CAAC;;CAGJ,MAAM,0BAA0B,MAAM,qCAAqC;EACzE;EACA;EACD,CAAC;CACF,IAAI,yBAAyB,OAAO;CAEpC,MAAM,oBAA6C;EACjD,SAAS;EACT,gBAAgB;EAChB,QAAQ;EACT;CAED,IAAI,QAAQ,kBAAkB;EAC5B,MAAM,mBAAmB,MAAM,mBAAmB;GAChD,UAAU,QAAQ;GAClB;GACA,SAAS;GACT,YAAY,QAAQ;GACpB;GACA,SAAS,QAAQ;GACjB,QAAQ,QAAQ;GAChB;GACA,eAAe,QAAQ;GACxB,CAAC;EACF,IAAI,iBAAiB,SAAS,YAC5B,OAAO,uCAAuC,iBAAiB,UAAU;GACvE;GACA,eAAe,QAAQ;GACvB,UAAU,cAAc,cAAc;GACtC,gBAAgB;GACjB,CAAC;EAGJ,gBAAgB,iBAAiB;EACjC,IAAI,iBAAiB,WAAW,MAC9B,IAAI,SAAS,iBAAiB;;CAIlC,MAAM,cAAc,gCAAgC,QAAQ,SAAS,kBAAkB,QAAQ;CAC/F,MAAM,+BAA+B,0BAA0B,QAAQ;CAOvE,MAAM,qBAAqB,MAAM,aAC/B;EACE;EACA,qBAAqB,QAAQ;EAC7B;EACA,gBAAgB;EAChB,UAAU,QAAQ,eAAe;EAClC,EACD,cAAc,cAAc,CAC7B;CACD,IAAI,8BAA8B,UAAU,OAAO;CACnD,IAAI,oBAAoB,gBAAgB;CAExC,IAAI,kBAAkB,kBAAkB;EACtC,MAAM,iBAAiB,iBAAiB,IAAI,aAAa,IAAI,MAAM,EAAE,QAAQ,IAAI;EACjF,IAAI,0BAA0B,UAAU,OAAO;EAC/C,OAAO,SAAS,SAAS,IAAI,IAAI,gBAAgB,IAAI,OAAO,CAAC,MAAM,IAAI;;CAGzE,MAAM,wBAAwB,MAAM,2BAA2B;EAC7D,gBAAgB,QAAQ;EACxB;EACA,oBAAoB,QAAQ;EAC7B,CAAC;CACF,IAAI,uBAAuB,OAAO;CAElC,MAAM,qBAAqB,uBAAuB;EAChD;EACA;EACA;EACA,aAAa,QAAQ;EACrB;EACD,CAAC;CACF,IAAI,oBAAoB;EACtB,QAAQ,qBAAqB;EAC7B,OAAO;;CAGT,IAAI,cACF,gCAAgC,IAAI;CAGtC,QAAQ,qBAAqB;EAC3B,UAAU;EACV,cAAc,IAAI;EAClB,QAAQ,EAAE;EACX,CAAC;CAEF,MAAM,WACJ,QAAQ,QAAQ,IAAA,eAAsB,IAAI,QAAQ,QAAQ,IAAA,cAAuB;CACnF,MAAM,cAAc,QAAQ,QAAQ,IAAI,eAAe,IAAI;CAE3D,MAAM,0BAA0B,MAAM,QAAQ,+BAA+B;EAC3E;EACA;EACA;EACA;EACA;EACD,CAAC;CACF,IAAI,mCAAmC,UAAU,OAAO;CACxD,MAAM,4BAA4B,yBAAyB,SAAS;CACpE,MAAM,YAAY,4BAA4B,wBAAwB,YAAY;CAClF,MAAM,gCACJ,6BAA6B,kBAAkB,0BAC3C,0BACA;CACN,MAAM,eAAe,kCAAkC;CACvD,MAAM,cAAc,+BAA+B;CAEnD,MAAM,uBAAuB,MAAM,QAAQ,0BAA0B;EACnE;EACA;EACA;EACA,qBAAqB;EACrB;EACA;EACA;EACA;EACA,cAAc,IAAI;EACnB,CAAC;CACF,IAAI,sBAAsB,OAAO;CAEjC,IAAI,QAAQ,QAAQ,WAAW,cAAc;CAC7C,IAAI,CAAC,SAAS,MAAM,MAAM,WAAW;EACnC,MAAM,oBAAoB,MAAM,aAC9B;GACE;GACA,qBAAqB,QAAQ;GAC7B;GACA,gBAAgB;GAChB,UAAU,QAAQ,eAAe;GAClC,EACD,cAAc,cAAc,CAC7B;EACD,IAAI,6BAA6B,UAAU,OAAO;EAClD,IAAI,mBAAmB;GACrB,gBAAgB;GAChB,QAAQ,QAAQ,WAAW,cAAc;;;CAI7C,IAAI,CAAC,OAAO;EACV,MAAM,kBAAkB,MAAM,aAC5B;GACE;GACA,qBAAqB,QAAQ;GAC7B;GACA,gBAAgB;GAChB,UAAU,QAAQ,eAAe;GAClC,EACD,cAAc,cAAc,CAC7B;EACD,IAAI,2BAA2B,UAAU,OAAO;EAChD,IAAI,iBAAiB;GACnB,gBAAgB;GAChB,QAAQ,QAAQ,WAAW,cAAc;;;CAI7C,IAAI,CAAC,OAAO;EACV,MAAM,wBAAwB,MAAM,QAAQ,sBAAsB;GAChE;GACA;GACA;GACA;GACD,CAAC;EACF,IAAI,uBAAuB;GACzB,QAAQ,qBAAqB;GAC7B,OAAO;;EAGT,MAAM,2BAA2B,MAAM,QAAQ,eAAe;GAC5D;GACA;GACA;GACA,OAAO;GACP;GACD,CAAC;EACF,IAAI,0BAA0B,OAAO;EAErC,QAAQ,qBAAqB;EAC7B,MAAM,UAAU,IAAI,SAAS;EAC7B,+BAA+B,SAAS,kBAAkB,QAAQ;EAClE,OAAO,iBAAiB,EAAE,SAAS,CAAC;;CAGtC,MAAM,EAAE,OAAO,WAAW;CAC1B,QAAQ,qBAAqB;EAC3B,UAAU;EACV,cAAc,IAAI;EAClB;EACD,CAAC;CACF,MAAM,aAAa,eAAe,QAAQ,MAAM,eAAe;CAC/D,cAAc,WAAW;CAEzB,IAAI,MAAM,cAAc;EACtB,wBACE,mBAAmB,eAAe,EAAE,EAAE,CAAC,GAAG,MAAM,cAAc,EAAE,QAAQ,CACzE;EACD,OAAO,QAAQ,4BAA4B;GACzC;GACA;GAKA,QAAQ,MAAM,YAAY,SAAS;GACnC;GACA;GACA,cAAc,IAAI;GACnB,CAAC;;CAGJ,OAAO,QAAQ,oBAAoB;EACjC;EACA;EACA;EACA;EACA;EACA,qBAAqB;EACrB;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA,cAAc,IAAI;EAClB;EACD,CAAC;;AAGJ,SAAgB,oBACd,SACuD;CACvD,OAAO,eAAe,cAAc,YAAY,KAAK;EACnD,MAAM,QAAQ,yBAAyB;EAcvC,MAAM,QAAQ,WAAW,QAAQ,IAAI,qBAAqB;EAI1D,MAAM,gBAAgB,WAAW,QAAQ,IAAI,gBAAgB,KAAK;EAClE,MAAM,kBAAkB,sBAAsB,WAAW,QAAQ;EACjE,IAAI,UAAU,MACZ,gBAAgB,IAAI,sBAAsB,MAAM;EAElD,MAAM,UAAU,wBAAwB,YAAY,gBAAgB;EAEpE,MAAM,mBAAmB,uBAAuB,IAAI,GAChD,MACC,4BAA4B,IAAI;EAQrC,OAAO,sBANgB,qBAAqB;GAC1C,gBAFqB,0BAA0B,QAEjC;GACd;GACA,2BAA2B;GAC5B,CAE0C,QACzC,yBACE,YAAY;GACV,kBAAkB;GAClB,MAAM,8BAA8B,0BAA0B,QAAQ;GACtE,IAAI;GAEJ,IAAI;IACF,WAAW,MAAM,oBACf,SACA,SACA,6BACA,cACD;YACM,OAAO;IACd,IAAI,QAAQ,IAAI,aAAa,cAC3B,mBAAmB,MAAM;IAE3B,MAAM;;GAGR,OAAO,uBAAuB,UAAU,SAAS;IAC/C,UAAU,QAAQ;IAClB,eAAe,QAAQ;IACvB,YAAY,QAAQ;IACpB,gBAAgB;IACjB,CAAC;KAEJ,EAAE,aAAa,IAAI,IAAI,QAAQ,IAAI,CAAC,UAAU,CAC/C,CACF"}

package/dist/server/app-rsc-render-mode.d.ts

@@ -1,11 +1,12 @@
 //#region src/server/app-rsc-render-mode.d.ts
-type AppRscRenderMode = "navigation" | "refresh-preserve-ui" | "action-rerender-preserve-ui";
+type AppRscRenderMode = "navigation" | "prefetch-loading-shell" | "refresh-preserve-ui" | "action-rerender-preserve-ui";
 declare const APP_RSC_RENDER_MODE_NAVIGATION = "navigation";
+declare const APP_RSC_RENDER_MODE_PREFETCH_LOADING_SHELL = "prefetch-loading-shell";
 declare const APP_RSC_RENDER_MODE_REFRESH_PRESERVE_UI = "refresh-preserve-ui";
 declare const APP_RSC_RENDER_MODE_ACTION_RERENDER_PRESERVE_UI = "action-rerender-preserve-ui";
 declare function shouldSuppressLoadingBoundaries(mode: AppRscRenderMode): boolean;
-declare function shouldUsePreserveUiCacheVariant(mode: AppRscRenderMode): boolean;
+declare function getRscRenderModeCacheVariant(mode: AppRscRenderMode): string | null;
 declare function parseAppRscRenderMode(value: string | null): AppRscRenderMode;
 //#endregion
-export { APP_RSC_RENDER_MODE_ACTION_RERENDER_PRESERVE_UI, APP_RSC_RENDER_MODE_NAVIGATION, APP_RSC_RENDER_MODE_REFRESH_PRESERVE_UI, AppRscRenderMode, parseAppRscRenderMode, shouldSuppressLoadingBoundaries, shouldUsePreserveUiCacheVariant };
+export { APP_RSC_RENDER_MODE_ACTION_RERENDER_PRESERVE_UI, APP_RSC_RENDER_MODE_NAVIGATION, APP_RSC_RENDER_MODE_PREFETCH_LOADING_SHELL, APP_RSC_RENDER_MODE_REFRESH_PRESERVE_UI, AppRscRenderMode, getRscRenderModeCacheVariant, parseAppRscRenderMode, shouldSuppressLoadingBoundaries };
 //# sourceMappingURL=app-rsc-render-mode.d.ts.map

package/dist/server/app-rsc-render-mode.js

@@ -1,5 +1,6 @@
 //#region src/server/app-rsc-render-mode.ts
 const APP_RSC_RENDER_MODE_NAVIGATION = "navigation";
+const APP_RSC_RENDER_MODE_PREFETCH_LOADING_SHELL = "prefetch-loading-shell";
 const APP_RSC_RENDER_MODE_REFRESH_PRESERVE_UI = "refresh-preserve-ui";
 const APP_RSC_RENDER_MODE_ACTION_RERENDER_PRESERVE_UI = "action-rerender-preserve-ui";
 function shouldSuppressLoadingBoundaries(mode) {
@@ -8,14 +9,19 @@ function shouldSuppressLoadingBoundaries(mode) {
 function shouldUsePreserveUiCacheVariant(mode) {
 	return shouldSuppressLoadingBoundaries(mode);
 }
+function getRscRenderModeCacheVariant(mode) {
+	if (mode === "prefetch-loading-shell") return "prefetch-loading-shell";
+	return shouldUsePreserveUiCacheVariant(mode) ? "preserve-ui" : null;
+}
 function parseAppRscRenderMode(value) {
 	switch (value) {
+		case APP_RSC_RENDER_MODE_PREFETCH_LOADING_SHELL: return APP_RSC_RENDER_MODE_PREFETCH_LOADING_SHELL;
 		case APP_RSC_RENDER_MODE_REFRESH_PRESERVE_UI: return APP_RSC_RENDER_MODE_REFRESH_PRESERVE_UI;
 		case APP_RSC_RENDER_MODE_ACTION_RERENDER_PRESERVE_UI: return APP_RSC_RENDER_MODE_ACTION_RERENDER_PRESERVE_UI;
 		default: return APP_RSC_RENDER_MODE_NAVIGATION;
 	}
 }
 //#endregion
-export { APP_RSC_RENDER_MODE_ACTION_RERENDER_PRESERVE_UI, APP_RSC_RENDER_MODE_NAVIGATION, APP_RSC_RENDER_MODE_REFRESH_PRESERVE_UI, parseAppRscRenderMode, shouldSuppressLoadingBoundaries, shouldUsePreserveUiCacheVariant };
+export { APP_RSC_RENDER_MODE_ACTION_RERENDER_PRESERVE_UI, APP_RSC_RENDER_MODE_NAVIGATION, APP_RSC_RENDER_MODE_PREFETCH_LOADING_SHELL, APP_RSC_RENDER_MODE_REFRESH_PRESERVE_UI, getRscRenderModeCacheVariant, parseAppRscRenderMode, shouldSuppressLoadingBoundaries };
 
 //# sourceMappingURL=app-rsc-render-mode.js.map

package/dist/server/app-rsc-render-mode.js.map

@@ -1 +1 @@
-{"version":3,"file":"app-rsc-render-mode.js","names":[],"sources":["../../src/server/app-rsc-render-mode.ts"],"sourcesContent":["export type AppRscRenderMode = \"navigation\" | \"refresh-preserve-ui\" | \"action-rerender-preserve-ui\";\n\nexport const APP_RSC_RENDER_MODE_NAVIGATION = \"navigation\" satisfies AppRscRenderMode;\nexport const APP_RSC_RENDER_MODE_REFRESH_PRESERVE_UI =\n  \"refresh-preserve-ui\" satisfies AppRscRenderMode;\nexport const APP_RSC_RENDER_MODE_ACTION_RERENDER_PRESERVE_UI =\n  \"action-rerender-preserve-ui\" satisfies AppRscRenderMode;\n\nexport function shouldSuppressLoadingBoundaries(mode: AppRscRenderMode): boolean {\n  return (\n    mode === APP_RSC_RENDER_MODE_REFRESH_PRESERVE_UI ||\n    mode === APP_RSC_RENDER_MODE_ACTION_RERENDER_PRESERVE_UI\n  );\n}\n\nexport function shouldUsePreserveUiCacheVariant(mode: AppRscRenderMode): boolean {\n  return shouldSuppressLoadingBoundaries(mode);\n}\n\nexport function parseAppRscRenderMode(value: string | null): AppRscRenderMode {\n  switch (value) {\n    case APP_RSC_RENDER_MODE_REFRESH_PRESERVE_UI:\n      return APP_RSC_RENDER_MODE_REFRESH_PRESERVE_UI;\n    case APP_RSC_RENDER_MODE_ACTION_RERENDER_PRESERVE_UI:\n      return APP_RSC_RENDER_MODE_ACTION_RERENDER_PRESERVE_UI;\n    case null:\n    default:\n      return APP_RSC_RENDER_MODE_NAVIGATION;\n  }\n}\n"],"mappings":";AAEA,MAAa,iCAAiC;AAC9C,MAAa,0CACX;AACF,MAAa,kDACX;AAEF,SAAgB,gCAAgC,MAAiC;CAC/E,OACE,SAAA,yBACA,SAAA;;AAIJ,SAAgB,gCAAgC,MAAiC;CAC/E,OAAO,gCAAgC,KAAK;;AAG9C,SAAgB,sBAAsB,OAAwC;CAC5E,QAAQ,OAAR;EACE,KAAK,yCACH,OAAO;EACT,KAAK,iDACH,OAAO;EAET,SACE,OAAO"}
+{"version":3,"file":"app-rsc-render-mode.js","names":[],"sources":["../../src/server/app-rsc-render-mode.ts"],"sourcesContent":["export type AppRscRenderMode =\n  | \"navigation\"\n  | \"prefetch-loading-shell\"\n  | \"refresh-preserve-ui\"\n  | \"action-rerender-preserve-ui\";\n\nexport const APP_RSC_RENDER_MODE_NAVIGATION = \"navigation\" satisfies AppRscRenderMode;\nexport const APP_RSC_RENDER_MODE_PREFETCH_LOADING_SHELL =\n  \"prefetch-loading-shell\" satisfies AppRscRenderMode;\nexport const APP_RSC_RENDER_MODE_REFRESH_PRESERVE_UI =\n  \"refresh-preserve-ui\" satisfies AppRscRenderMode;\nexport const APP_RSC_RENDER_MODE_ACTION_RERENDER_PRESERVE_UI =\n  \"action-rerender-preserve-ui\" satisfies AppRscRenderMode;\n\nexport function shouldSuppressLoadingBoundaries(mode: AppRscRenderMode): boolean {\n  return (\n    mode === APP_RSC_RENDER_MODE_REFRESH_PRESERVE_UI ||\n    mode === APP_RSC_RENDER_MODE_ACTION_RERENDER_PRESERVE_UI\n  );\n}\n\nfunction shouldUsePreserveUiCacheVariant(mode: AppRscRenderMode): boolean {\n  return shouldSuppressLoadingBoundaries(mode);\n}\n\nexport function getRscRenderModeCacheVariant(mode: AppRscRenderMode): string | null {\n  if (mode === APP_RSC_RENDER_MODE_PREFETCH_LOADING_SHELL) {\n    return \"prefetch-loading-shell\";\n  }\n\n  return shouldUsePreserveUiCacheVariant(mode) ? \"preserve-ui\" : null;\n}\n\nexport function parseAppRscRenderMode(value: string | null): AppRscRenderMode {\n  switch (value) {\n    case APP_RSC_RENDER_MODE_PREFETCH_LOADING_SHELL:\n      return APP_RSC_RENDER_MODE_PREFETCH_LOADING_SHELL;\n    case APP_RSC_RENDER_MODE_REFRESH_PRESERVE_UI:\n      return APP_RSC_RENDER_MODE_REFRESH_PRESERVE_UI;\n    case APP_RSC_RENDER_MODE_ACTION_RERENDER_PRESERVE_UI:\n      return APP_RSC_RENDER_MODE_ACTION_RERENDER_PRESERVE_UI;\n    case null:\n    default:\n      return APP_RSC_RENDER_MODE_NAVIGATION;\n  }\n}\n"],"mappings":";AAMA,MAAa,iCAAiC;AAC9C,MAAa,6CACX;AACF,MAAa,0CACX;AACF,MAAa,kDACX;AAEF,SAAgB,gCAAgC,MAAiC;CAC/E,OACE,SAAA,yBACA,SAAA;;AAIJ,SAAS,gCAAgC,MAAiC;CACxE,OAAO,gCAAgC,KAAK;;AAG9C,SAAgB,6BAA6B,MAAuC;CAClF,IAAI,SAAA,0BACF,OAAO;CAGT,OAAO,gCAAgC,KAAK,GAAG,gBAAgB;;AAGjE,SAAgB,sBAAsB,OAAwC;CAC5E,QAAQ,OAAR;EACE,KAAK,4CACH,OAAO;EACT,KAAK,yCACH,OAAO;EACT,KAAK,iDACH,OAAO;EAET,SACE,OAAO"}

package/dist/server/app-rsc-request-normalization.d.ts

@@ -1,5 +1,6 @@
 import { normalizeMountedSlotsHeader } from "./app-mounted-slots-header.js";
 import { AppRscRenderMode } from "./app-rsc-render-mode.js";
+import { ClientReuseManifestParseResult } from "./client-reuse-manifest.js";
 
 //#region src/server/app-rsc-request-normalization.d.ts
 type NormalizedRscRequest = {
@@ -9,7 +10,8 @@ type NormalizedRscRequest = {
   isRscRequest: boolean; /** Sanitized X-Vinext-Interception-Context header (null bytes stripped). null when absent. */
   interceptionContextHeader: string | null; /** Normalized x-vinext-mounted-slots header (deduplicated, sorted). null when absent or blank. */
   mountedSlotsHeader: string | null; /** Semantic RSC payload mode. HTML requests always normalize to "navigation". */
-  renderMode: AppRscRenderMode;
+  renderMode: AppRscRenderMode; /** Disabled ClientReuseManifest hint. Never authorizes skip transport in this stage. */
+  clientReuseManifest: ClientReuseManifestParseResult;
 };
 /**
  * Normalize an App Router RSC request.
@@ -35,6 +37,7 @@ type NormalizedRscRequest = {
  *   8. Sanitize X-Vinext-Interception-Context — strip null bytes (header injection)
  *   9. Normalize x-vinext-mounted-slots — dedup and sort for canonical cache keys
  *   10. Read semantic render mode for refresh/action payload rendering
+ *   11. Parse disabled ClientReuseManifest hints on canonical RSC payload requests
  *
  * @returns A 400 or 404 Response for invalid or out-of-scope inputs,
  *          or a NormalizedRscRequest for valid requests.

package/dist/server/app-rsc-request-normalization.js

@@ -1,12 +1,13 @@
 import { normalizePathnameForRouteMatchStrict } from "../routing/utils.js";
 import { hasBasePath, stripBasePath } from "../utils/base-path.js";
-import { VINEXT_MOUNTED_SLOTS_HEADER, VINEXT_RSC_RENDER_MODE_HEADER } from "./headers.js";
+import { VINEXT_CLIENT_REUSE_MANIFEST_HEADER, VINEXT_MOUNTED_SLOTS_HEADER, VINEXT_RSC_RENDER_MODE_HEADER } from "./headers.js";
 import { normalizePath } from "./normalize-path.js";
 import { badRequestResponse, notFoundResponse } from "./http-error-responses.js";
 import { guardProtocolRelativeUrl } from "./request-pipeline.js";
 import { normalizeMountedSlotsHeader } from "./app-mounted-slots-header.js";
 import { APP_RSC_RENDER_MODE_NAVIGATION, parseAppRscRenderMode } from "./app-rsc-render-mode.js";
 import { stripRscSuffix } from "./app-rsc-cache-busting.js";
+import { parseClientReuseManifestHeader } from "./client-reuse-manifest.js";
 //#region src/server/app-rsc-request-normalization.ts
 /**
 * Normalize an App Router RSC request.
@@ -32,6 +33,7 @@ import { stripRscSuffix } from "./app-rsc-cache-busting.js";
 *   8. Sanitize X-Vinext-Interception-Context — strip null bytes (header injection)
 *   9. Normalize x-vinext-mounted-slots — dedup and sort for canonical cache keys
 *   10. Read semantic render mode for refresh/action payload rendering
+*   11. Parse disabled ClientReuseManifest hints on canonical RSC payload requests
 *
 * @returns A 400 or 404 Response for invalid or out-of-scope inputs,
 *          or a NormalizedRscRequest for valid requests.
@@ -57,6 +59,7 @@ function normalizeRscRequest(request, basePath) {
 	const mountedSlotsHeader = normalizeMountedSlotsHeader(request.headers.get(VINEXT_MOUNTED_SLOTS_HEADER));
 	const renderMode = isRscRequest ? parseAppRscRenderMode(request.headers.get(VINEXT_RSC_RENDER_MODE_HEADER)) : APP_RSC_RENDER_MODE_NAVIGATION;
 	return {
+		clientReuseManifest: isRscRequest ? parseClientReuseManifestHeader(request.headers.get(VINEXT_CLIENT_REUSE_MANIFEST_HEADER)) : { kind: "absent" },
 		url,
 		pathname,
 		cleanPathname,

package/dist/server/app-rsc-request-normalization.js.map

@@ -1 +1 @@
-{"version":3,"file":"app-rsc-request-normalization.js","names":[],"sources":["../../src/server/app-rsc-request-normalization.ts"],"sourcesContent":["import { normalizePath } from \"./normalize-path.js\";\nimport { normalizePathnameForRouteMatchStrict } from \"../routing/utils.js\";\nimport { guardProtocolRelativeUrl } from \"./request-pipeline.js\";\nimport { hasBasePath, stripBasePath } from \"../utils/base-path.js\";\nimport {\n  VINEXT_INTERCEPTION_CONTEXT_HEADER,\n  VINEXT_MOUNTED_SLOTS_HEADER,\n  VINEXT_RSC_RENDER_MODE_HEADER,\n} from \"./headers.js\";\nimport { normalizeMountedSlotsHeader } from \"./app-mounted-slots-header.js\";\nimport { stripRscSuffix } from \"./app-rsc-cache-busting.js\";\nimport {\n  APP_RSC_RENDER_MODE_NAVIGATION,\n  parseAppRscRenderMode,\n  type AppRscRenderMode,\n} from \"./app-rsc-render-mode.js\";\nimport { badRequestResponse, notFoundResponse } from \"./http-error-responses.js\";\n\nexport { normalizeMountedSlotsHeader } from \"./app-mounted-slots-header.js\";\n\nexport type NormalizedRscRequest = {\n  /** Parsed URL. Callers may mutate `url.search` after middleware runs. */\n  url: URL;\n  /** Normalized pathname with basePath stripped. Used for all internal routing. */\n  pathname: string;\n  /** Pathname with `.rsc` suffix removed. Used for route matching and navigation context. */\n  cleanPathname: string;\n  /** True when the request targets a canonical `.rsc` payload URL. */\n  isRscRequest: boolean;\n  /** Sanitized X-Vinext-Interception-Context header (null bytes stripped). null when absent. */\n  interceptionContextHeader: string | null;\n  /** Normalized x-vinext-mounted-slots header (deduplicated, sorted). null when absent or blank. */\n  mountedSlotsHeader: string | null;\n  /** Semantic RSC payload mode. HTML requests always normalize to \"navigation\". */\n  renderMode: AppRscRenderMode;\n};\n\n/**\n * Normalize an App Router RSC request.\n *\n * Performs all security-sensitive and compatibility-sensitive preprocessing before\n * route matching. The ordering of steps is security-critical — changing it introduces\n * vulnerabilities:\n *\n *   1. Parse URL\n *   2. Protocol-relative URL guard — on the raw pathname, BEFORE normalizePath collapses\n *      `//` to `/`. If the guard ran after normalization, `//evil.com` → `/evil.com`\n *      would bypass the check and reach the trailing-slash redirector, which echoes the\n *      path into a `Location` header that browsers interpret as protocol-relative.\n *   3. Strict percent-decode each segment — throws on malformed sequences (→ 400). Must\n *      run before basePath check so %2F-encoded slashes cannot create fake basePath prefixes.\n *   4. Collapse double-slashes, resolve `.` and `..` segments (normalizePath)\n *   5. basePath check + strip — 404 when pathname lacks the basePath prefix.\n *      `/__vinext/` bypasses this for internal prerender endpoints.\n *   6. RSC detection: `.rsc` suffix only. RSC headers do not select payload\n *      rendering at the canonical HTML URL, so caches that ignore Vary cannot\n *      store Flight responses under HTML URLs.\n *   7. cleanPathname — pathname with `.rsc` suffix stripped\n *   8. Sanitize X-Vinext-Interception-Context — strip null bytes (header injection)\n *   9. Normalize x-vinext-mounted-slots — dedup and sort for canonical cache keys\n *   10. Read semantic render mode for refresh/action payload rendering\n *\n * @returns A 400 or 404 Response for invalid or out-of-scope inputs,\n *          or a NormalizedRscRequest for valid requests.\n */\nexport function normalizeRscRequest(\n  request: Request,\n  basePath: string,\n): Response | NormalizedRscRequest {\n  const url = new URL(request.url);\n\n  // Step 2: Guard against protocol-relative open redirects on the raw pathname.\n  // normalizePath (step 4) would collapse //evil.com to /evil.com, causing the\n  // guard to miss it. Raw pathname must be checked first.\n  const protoGuard = guardProtocolRelativeUrl(url.pathname);\n  if (protoGuard) return protoGuard;\n\n  // Step 3: Strict segment-wise percent-decode. Preserves encoded path delimiters\n  // (%2F stays %2F) to prevent encoded slashes from acting as path separators.\n  // Throws on malformed sequences like %GG — caller must return 400.\n  let decoded: string;\n  try {\n    decoded = normalizePathnameForRouteMatchStrict(url.pathname);\n  } catch {\n    return badRequestResponse();\n  }\n\n  // Step 4: Collapse double-slashes and resolve . / .. segments.\n  let pathname = normalizePath(decoded);\n\n  // Step 5: basePath check and strip.\n  // Skipped when basePath is empty (no basePath configured).\n  // /__vinext/ prefix bypasses the check for internal prerender endpoints\n  // that must be reachable regardless of basePath configuration.\n  if (basePath) {\n    if (!hasBasePath(pathname, basePath) && !pathname.startsWith(\"/__vinext/\")) {\n      return notFoundResponse();\n    }\n    pathname = stripBasePath(pathname, basePath);\n  }\n\n  // Steps 6-7: RSC detection and cleanPathname.\n  const isRscRequest = pathname.endsWith(\".rsc\");\n  const cleanPathname = stripRscSuffix(pathname);\n\n  // Step 8: Sanitize X-Vinext-Interception-Context.\n  // Null bytes in header values can be used for injection in some HTTP stacks.\n  const interceptionContextHeader =\n    request.headers.get(VINEXT_INTERCEPTION_CONTEXT_HEADER)?.replaceAll(\"\\0\", \"\") || null;\n\n  // Step 9: Normalize mounted-slots header for canonical cache keying.\n  const mountedSlotsHeader = normalizeMountedSlotsHeader(\n    request.headers.get(VINEXT_MOUNTED_SLOTS_HEADER),\n  );\n  const renderMode = isRscRequest\n    ? parseAppRscRenderMode(request.headers.get(VINEXT_RSC_RENDER_MODE_HEADER))\n    : APP_RSC_RENDER_MODE_NAVIGATION;\n\n  return {\n    url,\n    pathname,\n    cleanPathname,\n    isRscRequest,\n    interceptionContextHeader,\n    mountedSlotsHeader,\n    renderMode,\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiEA,SAAgB,oBACd,SACA,UACiC;CACjC,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;CAKhC,MAAM,aAAa,yBAAyB,IAAI,SAAS;CACzD,IAAI,YAAY,OAAO;CAKvB,IAAI;CACJ,IAAI;EACF,UAAU,qCAAqC,IAAI,SAAS;SACtD;EACN,OAAO,oBAAoB;;CAI7B,IAAI,WAAW,cAAc,QAAQ;CAMrC,IAAI,UAAU;EACZ,IAAI,CAAC,YAAY,UAAU,SAAS,IAAI,CAAC,SAAS,WAAW,aAAa,EACxE,OAAO,kBAAkB;EAE3B,WAAW,cAAc,UAAU,SAAS;;CAI9C,MAAM,eAAe,SAAS,SAAS,OAAO;CAC9C,MAAM,gBAAgB,eAAe,SAAS;CAI9C,MAAM,4BACJ,QAAQ,QAAQ,IAAA,gCAAuC,EAAE,WAAW,MAAM,GAAG,IAAI;CAGnF,MAAM,qBAAqB,4BACzB,QAAQ,QAAQ,IAAI,4BAA4B,CACjD;CACD,MAAM,aAAa,eACf,sBAAsB,QAAQ,QAAQ,IAAI,8BAA8B,CAAC,GACzE;CAEJ,OAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACD"}
+{"version":3,"file":"app-rsc-request-normalization.js","names":[],"sources":["../../src/server/app-rsc-request-normalization.ts"],"sourcesContent":["import { normalizePath } from \"./normalize-path.js\";\nimport { normalizePathnameForRouteMatchStrict } from \"../routing/utils.js\";\nimport { guardProtocolRelativeUrl } from \"./request-pipeline.js\";\nimport { hasBasePath, stripBasePath } from \"../utils/base-path.js\";\nimport {\n  VINEXT_CLIENT_REUSE_MANIFEST_HEADER,\n  VINEXT_INTERCEPTION_CONTEXT_HEADER,\n  VINEXT_MOUNTED_SLOTS_HEADER,\n  VINEXT_RSC_RENDER_MODE_HEADER,\n} from \"./headers.js\";\nimport {\n  parseClientReuseManifestHeader,\n  type ClientReuseManifestParseResult,\n} from \"./client-reuse-manifest.js\";\nimport { normalizeMountedSlotsHeader } from \"./app-mounted-slots-header.js\";\nimport { stripRscSuffix } from \"./app-rsc-cache-busting.js\";\nimport {\n  APP_RSC_RENDER_MODE_NAVIGATION,\n  parseAppRscRenderMode,\n  type AppRscRenderMode,\n} from \"./app-rsc-render-mode.js\";\nimport { badRequestResponse, notFoundResponse } from \"./http-error-responses.js\";\n\nexport { normalizeMountedSlotsHeader } from \"./app-mounted-slots-header.js\";\n\nexport type NormalizedRscRequest = {\n  /** Parsed URL. Callers may mutate `url.search` after middleware runs. */\n  url: URL;\n  /** Normalized pathname with basePath stripped. Used for all internal routing. */\n  pathname: string;\n  /** Pathname with `.rsc` suffix removed. Used for route matching and navigation context. */\n  cleanPathname: string;\n  /** True when the request targets a canonical `.rsc` payload URL. */\n  isRscRequest: boolean;\n  /** Sanitized X-Vinext-Interception-Context header (null bytes stripped). null when absent. */\n  interceptionContextHeader: string | null;\n  /** Normalized x-vinext-mounted-slots header (deduplicated, sorted). null when absent or blank. */\n  mountedSlotsHeader: string | null;\n  /** Semantic RSC payload mode. HTML requests always normalize to \"navigation\". */\n  renderMode: AppRscRenderMode;\n  /** Disabled ClientReuseManifest hint. Never authorizes skip transport in this stage. */\n  clientReuseManifest: ClientReuseManifestParseResult;\n};\n\n/**\n * Normalize an App Router RSC request.\n *\n * Performs all security-sensitive and compatibility-sensitive preprocessing before\n * route matching. The ordering of steps is security-critical — changing it introduces\n * vulnerabilities:\n *\n *   1. Parse URL\n *   2. Protocol-relative URL guard — on the raw pathname, BEFORE normalizePath collapses\n *      `//` to `/`. If the guard ran after normalization, `//evil.com` → `/evil.com`\n *      would bypass the check and reach the trailing-slash redirector, which echoes the\n *      path into a `Location` header that browsers interpret as protocol-relative.\n *   3. Strict percent-decode each segment — throws on malformed sequences (→ 400). Must\n *      run before basePath check so %2F-encoded slashes cannot create fake basePath prefixes.\n *   4. Collapse double-slashes, resolve `.` and `..` segments (normalizePath)\n *   5. basePath check + strip — 404 when pathname lacks the basePath prefix.\n *      `/__vinext/` bypasses this for internal prerender endpoints.\n *   6. RSC detection: `.rsc` suffix only. RSC headers do not select payload\n *      rendering at the canonical HTML URL, so caches that ignore Vary cannot\n *      store Flight responses under HTML URLs.\n *   7. cleanPathname — pathname with `.rsc` suffix stripped\n *   8. Sanitize X-Vinext-Interception-Context — strip null bytes (header injection)\n *   9. Normalize x-vinext-mounted-slots — dedup and sort for canonical cache keys\n *   10. Read semantic render mode for refresh/action payload rendering\n *   11. Parse disabled ClientReuseManifest hints on canonical RSC payload requests\n *\n * @returns A 400 or 404 Response for invalid or out-of-scope inputs,\n *          or a NormalizedRscRequest for valid requests.\n */\nexport function normalizeRscRequest(\n  request: Request,\n  basePath: string,\n): Response | NormalizedRscRequest {\n  const url = new URL(request.url);\n\n  // Step 2: Guard against protocol-relative open redirects on the raw pathname.\n  // normalizePath (step 4) would collapse //evil.com to /evil.com, causing the\n  // guard to miss it. Raw pathname must be checked first.\n  const protoGuard = guardProtocolRelativeUrl(url.pathname);\n  if (protoGuard) return protoGuard;\n\n  // Step 3: Strict segment-wise percent-decode. Preserves encoded path delimiters\n  // (%2F stays %2F) to prevent encoded slashes from acting as path separators.\n  // Throws on malformed sequences like %GG — caller must return 400.\n  let decoded: string;\n  try {\n    decoded = normalizePathnameForRouteMatchStrict(url.pathname);\n  } catch {\n    return badRequestResponse();\n  }\n\n  // Step 4: Collapse double-slashes and resolve . / .. segments.\n  let pathname = normalizePath(decoded);\n\n  // Step 5: basePath check and strip.\n  // Skipped when basePath is empty (no basePath configured).\n  // /__vinext/ prefix bypasses the check for internal prerender endpoints\n  // that must be reachable regardless of basePath configuration.\n  if (basePath) {\n    if (!hasBasePath(pathname, basePath) && !pathname.startsWith(\"/__vinext/\")) {\n      return notFoundResponse();\n    }\n    pathname = stripBasePath(pathname, basePath);\n  }\n\n  // Steps 6-7: RSC detection and cleanPathname.\n  const isRscRequest = pathname.endsWith(\".rsc\");\n  const cleanPathname = stripRscSuffix(pathname);\n\n  // Step 8: Sanitize X-Vinext-Interception-Context.\n  // Null bytes in header values can be used for injection in some HTTP stacks.\n  const interceptionContextHeader =\n    request.headers.get(VINEXT_INTERCEPTION_CONTEXT_HEADER)?.replaceAll(\"\\0\", \"\") || null;\n\n  // Step 9: Normalize mounted-slots header for canonical cache keying.\n  const mountedSlotsHeader = normalizeMountedSlotsHeader(\n    request.headers.get(VINEXT_MOUNTED_SLOTS_HEADER),\n  );\n  const renderMode = isRscRequest\n    ? parseAppRscRenderMode(request.headers.get(VINEXT_RSC_RENDER_MODE_HEADER))\n    : APP_RSC_RENDER_MODE_NAVIGATION;\n  const clientReuseManifest = isRscRequest\n    ? parseClientReuseManifestHeader(request.headers.get(VINEXT_CLIENT_REUSE_MANIFEST_HEADER))\n    : ({ kind: \"absent\" } satisfies ClientReuseManifestParseResult);\n\n  return {\n    clientReuseManifest,\n    url,\n    pathname,\n    cleanPathname,\n    isRscRequest,\n    interceptionContextHeader,\n    mountedSlotsHeader,\n    renderMode,\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyEA,SAAgB,oBACd,SACA,UACiC;CACjC,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;CAKhC,MAAM,aAAa,yBAAyB,IAAI,SAAS;CACzD,IAAI,YAAY,OAAO;CAKvB,IAAI;CACJ,IAAI;EACF,UAAU,qCAAqC,IAAI,SAAS;SACtD;EACN,OAAO,oBAAoB;;CAI7B,IAAI,WAAW,cAAc,QAAQ;CAMrC,IAAI,UAAU;EACZ,IAAI,CAAC,YAAY,UAAU,SAAS,IAAI,CAAC,SAAS,WAAW,aAAa,EACxE,OAAO,kBAAkB;EAE3B,WAAW,cAAc,UAAU,SAAS;;CAI9C,MAAM,eAAe,SAAS,SAAS,OAAO;CAC9C,MAAM,gBAAgB,eAAe,SAAS;CAI9C,MAAM,4BACJ,QAAQ,QAAQ,IAAA,gCAAuC,EAAE,WAAW,MAAM,GAAG,IAAI;CAGnF,MAAM,qBAAqB,4BACzB,QAAQ,QAAQ,IAAI,4BAA4B,CACjD;CACD,MAAM,aAAa,eACf,sBAAsB,QAAQ,QAAQ,IAAI,8BAA8B,CAAC,GACzE;CAKJ,OAAO;EACL,qBAL0B,eACxB,+BAA+B,QAAQ,QAAQ,IAAI,oCAAoC,CAAC,GACvF,EAAE,MAAM,UAAU;EAIrB;EACA;EACA;EACA;EACA;EACA;EACA;EACD"}

package/dist/server/app-rsc-response-finalizer.d.ts

@@ -1,10 +1,17 @@
-import { NextHeader } from "../config/next-config.js";
+import { NextHeader, NextI18nConfig } from "../config/next-config.js";
 import { RequestContext } from "../config/config-matchers.js";
 
 //#region src/server/app-rsc-response-finalizer.d.ts
 type FinalizeAppRscResponseOptions = {
   basePath: string;
   configHeaders: NextHeader[];
+  /**
+   * i18n config used to splice the default locale into unprefixed paths
+   * before config header matching, so locale-aware `has`/`missing` rules
+   * with `:locale` placeholders or `locale: false` overrides still match
+   * default-locale URLs (issue #1336, item 4).
+   */
+  i18nConfig: NextI18nConfig | null;
   /**
    * Original pre-middleware request context.
    * Next.js evaluates config header has/missing conditions against the

package/dist/server/app-rsc-response-finalizer.js

@@ -1,9 +1,10 @@
 import { normalizePathnameForRouteMatch } from "../routing/utils.js";
-import { stripBasePath } from "../utils/base-path.js";
+import { hasBasePath, stripBasePath } from "../utils/base-path.js";
 import "./headers.js";
 import { normalizePath } from "./normalize-path.js";
 import { applyConfigHeadersToResponse } from "./request-pipeline.js";
 import { VINEXT_RSC_VARY_HEADER } from "./app-rsc-cache-busting.js";
+import { normalizeDefaultLocalePathname } from "./pages-i18n.js";
 import { mergeVaryHeader } from "./middleware-response-headers.js";
 //#region src/server/app-rsc-response-finalizer.ts
 /**
@@ -29,11 +30,17 @@ function finalizeAppRscResponse(response, request, options) {
 	} catch {
 		pathname = url.pathname;
 	}
+	const hadBasePath = !options.basePath || hasBasePath(pathname, options.basePath);
 	pathname = stripBasePath(pathname, options.basePath);
+	const matchPathname = options.i18nConfig ? normalizeDefaultLocalePathname(pathname, options.i18nConfig, { hostname: url.hostname }) : pathname;
 	applyConfigHeadersToResponse(response.headers, {
 		configHeaders: options.configHeaders,
-		pathname,
-		requestContext: options.requestContext
+		pathname: matchPathname,
+		requestContext: options.requestContext,
+		basePathState: {
+			basePath: options.basePath,
+			hadBasePath
+		}
 	});
 	return response;
 }

package/dist/server/app-rsc-response-finalizer.js.map

@@ -1 +1 @@
-{"version":3,"file":"app-rsc-response-finalizer.js","names":[],"sources":["../../src/server/app-rsc-response-finalizer.ts"],"sourcesContent":["import type { NextHeader } from \"../config/next-config.js\";\nimport type { RequestContext } from \"../config/config-matchers.js\";\nimport { VINEXT_STATIC_FILE_HEADER } from \"./headers.js\";\nimport { applyConfigHeadersToResponse } from \"./request-pipeline.js\";\nimport { VINEXT_RSC_VARY_HEADER } from \"./app-rsc-cache-busting.js\";\nimport { mergeVaryHeader } from \"./middleware-response-headers.js\";\nimport { stripBasePath } from \"../utils/base-path.js\";\nimport { normalizePath } from \"./normalize-path.js\";\nimport { normalizePathnameForRouteMatch } from \"../routing/utils.js\";\n\ntype FinalizeAppRscResponseOptions = {\n  basePath: string;\n  configHeaders: NextHeader[];\n  /**\n   * Original pre-middleware request context.\n   * Next.js evaluates config header has/missing conditions against the\n   * unmodified incoming request, so callers must pass the snapshot taken\n   * before middleware runs.\n   */\n  requestContext: RequestContext;\n};\n\n/**\n * Apply App Router response finalization that must happen outside individual\n * route dispatchers.\n *\n * Called once per request in the outer handler() wrapper, after all route\n * handling, so that every response path (page, route handler, server action,\n * metadata, not-found) gets headers applied consistently.\n *\n * Skips 3xx redirect responses. Response.redirect() creates immutable\n * headers that throw on mutation, and Next.js does not apply config headers\n * to redirects regardless.\n */\nexport function finalizeAppRscResponse(\n  response: Response,\n  request: Request,\n  options: FinalizeAppRscResponseOptions,\n): Response {\n  // 3xx responses: Response.redirect() headers are immutable (throws on write),\n  // and Next.js deliberately excludes config headers from redirect responses.\n  if (response.status >= 300 && response.status < 400) {\n    return response;\n  }\n\n  if (!response.headers.has(VINEXT_STATIC_FILE_HEADER)) {\n    mergeVaryHeader(response.headers, VINEXT_RSC_VARY_HEADER);\n  }\n\n  if (!options.configHeaders.length) {\n    return response;\n  }\n\n  const url = new URL(request.url);\n  let pathname: string;\n  try {\n    pathname = normalizePath(normalizePathnameForRouteMatch(url.pathname));\n  } catch {\n    // Malformed percent-encoding. The request reached this point only because\n    // normalizePathnameForRouteMatchStrict ran earlier and returned 400 for\n    // truly-malformed paths. This catch exists as a safety net for edge cases;\n    // keep the historical raw-path fallback rather than crashing the response.\n    pathname = url.pathname;\n  }\n\n  // Config header sources are defined without basePath prefix. Strip basePath\n  // at a segment boundary (not a string prefix) so /app2/page with basePath\n  // /app is not incorrectly treated as /app with suffix /2/page.\n  pathname = stripBasePath(pathname, options.basePath);\n\n  applyConfigHeadersToResponse(response.headers, {\n    configHeaders: options.configHeaders,\n    pathname,\n    requestContext: options.requestContext,\n  });\n\n  return response;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAkCA,SAAgB,uBACd,UACA,SACA,SACU;CAGV,IAAI,SAAS,UAAU,OAAO,SAAS,SAAS,KAC9C,OAAO;CAGT,IAAI,CAAC,SAAS,QAAQ,IAAA,uBAA8B,EAClD,gBAAgB,SAAS,SAAS,uBAAuB;CAG3D,IAAI,CAAC,QAAQ,cAAc,QACzB,OAAO;CAGT,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;CAChC,IAAI;CACJ,IAAI;EACF,WAAW,cAAc,+BAA+B,IAAI,SAAS,CAAC;SAChE;EAKN,WAAW,IAAI;;CAMjB,WAAW,cAAc,UAAU,QAAQ,SAAS;CAEpD,6BAA6B,SAAS,SAAS;EAC7C,eAAe,QAAQ;EACvB;EACA,gBAAgB,QAAQ;EACzB,CAAC;CAEF,OAAO"}
+{"version":3,"file":"app-rsc-response-finalizer.js","names":[],"sources":["../../src/server/app-rsc-response-finalizer.ts"],"sourcesContent":["import type { NextHeader, NextI18nConfig } from \"../config/next-config.js\";\nimport type { RequestContext } from \"../config/config-matchers.js\";\nimport { VINEXT_STATIC_FILE_HEADER } from \"./headers.js\";\nimport { applyConfigHeadersToResponse } from \"./request-pipeline.js\";\nimport { VINEXT_RSC_VARY_HEADER } from \"./app-rsc-cache-busting.js\";\nimport { mergeVaryHeader } from \"./middleware-response-headers.js\";\nimport { hasBasePath, stripBasePath } from \"../utils/base-path.js\";\nimport { normalizePath } from \"./normalize-path.js\";\nimport { normalizePathnameForRouteMatch } from \"../routing/utils.js\";\nimport { normalizeDefaultLocalePathname } from \"./pages-i18n.js\";\n\ntype FinalizeAppRscResponseOptions = {\n  basePath: string;\n  configHeaders: NextHeader[];\n  /**\n   * i18n config used to splice the default locale into unprefixed paths\n   * before config header matching, so locale-aware `has`/`missing` rules\n   * with `:locale` placeholders or `locale: false` overrides still match\n   * default-locale URLs (issue #1336, item 4).\n   */\n  i18nConfig: NextI18nConfig | null;\n  /**\n   * Original pre-middleware request context.\n   * Next.js evaluates config header has/missing conditions against the\n   * unmodified incoming request, so callers must pass the snapshot taken\n   * before middleware runs.\n   */\n  requestContext: RequestContext;\n};\n\n/**\n * Apply App Router response finalization that must happen outside individual\n * route dispatchers.\n *\n * Called once per request in the outer handler() wrapper, after all route\n * handling, so that every response path (page, route handler, server action,\n * metadata, not-found) gets headers applied consistently.\n *\n * Skips 3xx redirect responses. Response.redirect() creates immutable\n * headers that throw on mutation, and Next.js does not apply config headers\n * to redirects regardless.\n */\nexport function finalizeAppRscResponse(\n  response: Response,\n  request: Request,\n  options: FinalizeAppRscResponseOptions,\n): Response {\n  // 3xx responses: Response.redirect() headers are immutable (throws on write),\n  // and Next.js deliberately excludes config headers from redirect responses.\n  if (response.status >= 300 && response.status < 400) {\n    return response;\n  }\n\n  if (!response.headers.has(VINEXT_STATIC_FILE_HEADER)) {\n    mergeVaryHeader(response.headers, VINEXT_RSC_VARY_HEADER);\n  }\n\n  if (!options.configHeaders.length) {\n    return response;\n  }\n\n  const url = new URL(request.url);\n  let pathname: string;\n  try {\n    pathname = normalizePath(normalizePathnameForRouteMatch(url.pathname));\n  } catch {\n    // Malformed percent-encoding. The request reached this point only because\n    // normalizePathnameForRouteMatchStrict ran earlier and returned 400 for\n    // truly-malformed paths. This catch exists as a safety net for edge cases;\n    // keep the historical raw-path fallback rather than crashing the response.\n    pathname = url.pathname;\n  }\n\n  // Config header sources are defined without basePath prefix. Strip basePath\n  // at a segment boundary (not a string prefix) so /app2/page with basePath\n  // /app is not incorrectly treated as /app with suffix /2/page.\n  const hadBasePath = !options.basePath || hasBasePath(pathname, options.basePath);\n  pathname = stripBasePath(pathname, options.basePath);\n\n  // Default-locale path normalisation (issue #1336, item 4). Splice in the\n  // (domain-aware) default locale on unprefixed paths so locale-aware\n  // `has`/`missing` rules with `:locale` placeholders or `locale: false`\n  // overrides still match default-locale URLs. Mirrors the call sites in\n  // `prod-server.ts`, `deploy.ts`, and `app-rsc-handler.ts`.\n  const matchPathname = options.i18nConfig\n    ? normalizeDefaultLocalePathname(pathname, options.i18nConfig, { hostname: url.hostname })\n    : pathname;\n\n  applyConfigHeadersToResponse(response.headers, {\n    configHeaders: options.configHeaders,\n    pathname: matchPathname,\n    requestContext: options.requestContext,\n    basePathState: { basePath: options.basePath, hadBasePath },\n  });\n\n  return response;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AA0CA,SAAgB,uBACd,UACA,SACA,SACU;CAGV,IAAI,SAAS,UAAU,OAAO,SAAS,SAAS,KAC9C,OAAO;CAGT,IAAI,CAAC,SAAS,QAAQ,IAAA,uBAA8B,EAClD,gBAAgB,SAAS,SAAS,uBAAuB;CAG3D,IAAI,CAAC,QAAQ,cAAc,QACzB,OAAO;CAGT,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;CAChC,IAAI;CACJ,IAAI;EACF,WAAW,cAAc,+BAA+B,IAAI,SAAS,CAAC;SAChE;EAKN,WAAW,IAAI;;CAMjB,MAAM,cAAc,CAAC,QAAQ,YAAY,YAAY,UAAU,QAAQ,SAAS;CAChF,WAAW,cAAc,UAAU,QAAQ,SAAS;CAOpD,MAAM,gBAAgB,QAAQ,aAC1B,+BAA+B,UAAU,QAAQ,YAAY,EAAE,UAAU,IAAI,UAAU,CAAC,GACxF;CAEJ,6BAA6B,SAAS,SAAS;EAC7C,eAAe,QAAQ;EACvB,UAAU;EACV,gBAAgB,QAAQ;EACxB,eAAe;GAAE,UAAU,QAAQ;GAAU;GAAa;EAC3D,CAAC;CAEF,OAAO"}

package/dist/server/app-rsc-route-matching.js

@@ -1,4 +1,4 @@
-import { normalizePathnameForRouteMatch } from "../routing/utils.js";
+import { splitPathnameForRouteMatch } from "../routing/utils.js";
 import { buildRouteTrie, trieMatch } from "../routing/route-trie.js";
 import { matchRoutePattern, matchRoutePatternPrefix } from "../routing/route-pattern.js";
 //#region src/server/app-rsc-route-matching.ts
@@ -7,7 +7,7 @@ function createRouteParams() {
 }
 function appRscPathnameParts(pathname) {
 	const pathOnly = pathname.split("?")[0];
-	return normalizePathnameForRouteMatch(pathOnly === "/" ? "/" : pathOnly.replace(/\/$/, "")).split("/").filter(Boolean);
+	return splitPathnameForRouteMatch(pathOnly === "/" ? "/" : pathOnly.replace(/\/$/, ""));
 }
 function createAppRscRouteMatcher(routes) {
 	const routeTrie = buildRouteTrie(routes);

package/dist/server/app-rsc-route-matching.js.map

@@ -1 +1 @@
-{"version":3,"file":"app-rsc-route-matching.js","names":[],"sources":["../../src/server/app-rsc-route-matching.ts"],"sourcesContent":["import { buildRouteTrie, trieMatch } from \"../routing/route-trie.js\";\nimport {\n  matchRoutePattern,\n  matchRoutePatternPrefix,\n  type RoutePatternParams,\n} from \"../routing/route-pattern.js\";\nimport { normalizePathnameForRouteMatch } from \"../routing/utils.js\";\n\ntype AppRscRouteParams = RoutePatternParams;\n\ntype AppRscInterceptForMatching = {\n  targetPattern: string;\n  /**\n   * URL pattern of the *intercepting route* (the path that owns the slot,\n   * with route groups and `@slot` segments stripped). Mirrors Next.js'\n   * `interceptingRoute` from `extractInterceptionRouteInformation`.\n   *\n   * Next.js implements interception as a rewrite that fires only when the\n   * `Next-URL` header matches `^<sourceMatchPattern>(?:/.*)?$`. vinext's\n   * matcher enforces the same constraint at `findIntercept`: an intercept\n   * whose `targetPattern` matches the request URL is only valid when the\n   * provided source pathname (X-Vinext-Interception-Context / Next-URL)\n   * matches this pattern, with descendants allowed.\n   *\n   * Optional for backwards compat: when absent or empty, the matcher falls\n   * back to the legacy behavior of matching by target alone (still gated on\n   * a non-null source pathname).\n   *\n   * @see https://github.com/vercel/next.js/blob/canary/packages/next/src/lib/generate-interception-routes-rewrites.ts\n   */\n  sourceMatchPattern?: string;\n  interceptLayouts: readonly unknown[];\n  page: unknown;\n  params: readonly string[];\n};\n\ntype AppRscSlotForMatching = {\n  id?: string | null;\n  intercepts?: readonly AppRscInterceptForMatching[];\n};\n\ntype AppRscRouteForMatching = {\n  patternParts: string[];\n  slots?: Record<string, AppRscSlotForMatching>;\n};\n\ntype AppRscInterceptMatch = AppRscInterceptLookupEntry & {\n  matchedParams: AppRscRouteParams;\n};\n\ntype AppRscInterceptLookupEntry = {\n  sourceRouteIndex: number;\n  slotKey: string;\n  targetPattern: string;\n  targetPatternParts: string[];\n  sourceMatchPattern: string | null;\n  sourceMatchPatternParts: string[] | null;\n  interceptLayouts: readonly unknown[];\n  page: unknown;\n  params: readonly string[];\n  slotId: string | null;\n};\n\nfunction createRouteParams(): AppRscRouteParams {\n  return Object.create(null);\n}\n\nfunction appRscPathnameParts(pathname: string): string[] {\n  const pathOnly = pathname.split(\"?\")[0];\n  const normalized = pathOnly === \"/\" ? \"/\" : pathOnly.replace(/\\/$/, \"\");\n  return normalizePathnameForRouteMatch(normalized).split(\"/\").filter(Boolean);\n}\n\nexport function createAppRscRouteMatcher<Route extends AppRscRouteForMatching>(\n  routes: Route[],\n): {\n  matchRoute(url: string): { route: Route; params: AppRscRouteParams } | null;\n  findIntercept(pathname: string, sourcePathname?: string | null): AppRscInterceptMatch | null;\n} {\n  const routeTrie = buildRouteTrie(routes);\n  const interceptLookup = createInterceptLookup(routes);\n\n  return {\n    matchRoute(url) {\n      return trieMatch(routeTrie, appRscPathnameParts(url));\n    },\n    findIntercept(pathname, sourcePathname = null) {\n      // Mirror Next.js' rewrite semantics: interception only fires when the\n      // Next-URL header is present AND matches the intercepting route's regex\n      // (with descendants allowed). Without a source pathname there is no\n      // header for the rewrite to gate on, so we render the direct route.\n      // https://github.com/vercel/next.js/blob/canary/packages/next/src/lib/generate-interception-routes-rewrites.ts\n      if (sourcePathname === null) return null;\n\n      const urlParts = appRscPathnameParts(pathname);\n      const sourceParts = appRscPathnameParts(sourcePathname);\n\n      for (const entry of interceptLookup) {\n        // Primary gate: when the intercept declares a `sourceMatchPattern`\n        // (the intercepting route's path, descendants allowed), require the\n        // request's source pathname to satisfy it. This mirrors Next.js'\n        // `^<interceptingRoute>(?:/.*)?$` header regex precisely and is the\n        // authoritative gate when the manifest carries the pattern.\n        if (!matchInterceptSource(sourceParts, entry)) continue;\n\n        const params = matchAppRscRoutePattern(urlParts, entry.targetPatternParts);\n        if (params === null) continue;\n\n        const sourceRoute = routes[entry.sourceRouteIndex];\n        const matchedSourceParams = sourceRoute\n          ? matchAppRscRoutePattern(sourceParts, sourceRoute.patternParts)\n          : null;\n\n        // Secondary gate (from #1249): when the entry has no\n        // `sourceMatchPatternParts` declared (older manifest shapes), reject\n        // sources that don't match the slot owner's route pattern exactly.\n        // This is the safety net that keeps unrelated sources from pulling\n        // in a modal they have no slot for. When `sourceMatchPatternParts`\n        // *is* declared, `matchInterceptSource` above has already approved\n        // the source (including descendants), so a stricter exact-match\n        // check on the slot-owner route here would defeat the descendant\n        // semantics — fall back to empty params instead.\n        if (matchedSourceParams === null && entry.sourceMatchPatternParts === null) {\n          continue;\n        }\n        const sourceParams = matchedSourceParams ?? createRouteParams();\n        return { ...entry, matchedParams: mergeMatchedParams(sourceParams, params) };\n      }\n      return null;\n    },\n  };\n}\n\n/**\n * Check whether the request's source pathname (Next-URL / interception\n * context) satisfies the intercept entry's intercepting-route pattern, with\n * descendants allowed. Mirrors the header regex shape Next.js emits for the\n * generated interception rewrite: `^<pattern>(?:/.*)?$`.\n *\n * When the entry has no declared `sourceMatchPatternParts`, fall back to the\n * legacy behavior of accepting any source (we still require the source to be\n * non-null at the caller — see `findIntercept`).\n */\nfunction matchInterceptSource(sourceParts: string[], entry: AppRscInterceptLookupEntry): boolean {\n  const patternParts = entry.sourceMatchPatternParts;\n  if (!patternParts) return true;\n  // Root pattern (`/`) matches any source.\n  if (patternParts.length === 0) return true;\n  return matchRoutePatternPrefix(sourceParts, patternParts);\n}\n\nfunction createInterceptLookup<Route extends AppRscRouteForMatching>(\n  routes: Route[],\n): AppRscInterceptLookupEntry[] {\n  const interceptLookup: AppRscInterceptLookupEntry[] = [];\n  for (let routeIndex = 0; routeIndex < routes.length; routeIndex++) {\n    const route = routes[routeIndex];\n    if (!route.slots) continue;\n    for (const [slotKey, slotModule] of Object.entries(route.slots)) {\n      if (!slotModule.intercepts) continue;\n      for (const intercept of slotModule.intercepts) {\n        const sourceMatchPattern = intercept.sourceMatchPattern ?? null;\n        const sourceMatchPatternParts = sourceMatchPattern\n          ? sourceMatchPattern.split(\"/\").filter(Boolean)\n          : null;\n        interceptLookup.push({\n          sourceRouteIndex: routeIndex,\n          slotKey,\n          slotId: typeof slotModule.id === \"string\" ? slotModule.id : null,\n          targetPattern: intercept.targetPattern,\n          targetPatternParts: intercept.targetPattern.split(\"/\").filter(Boolean),\n          sourceMatchPattern,\n          sourceMatchPatternParts,\n          interceptLayouts: intercept.interceptLayouts,\n          page: intercept.page,\n          params: intercept.params,\n        });\n      }\n    }\n  }\n  return interceptLookup;\n}\n\nexport function matchAppRscRoutePattern(\n  urlParts: string[],\n  patternParts: string[],\n): AppRscRouteParams | null {\n  return matchRoutePattern(urlParts, patternParts);\n}\n\nfunction mergeMatchedParams(\n  sourceParams: AppRscRouteParams,\n  targetParams: AppRscRouteParams,\n): AppRscRouteParams {\n  return Object.assign(createRouteParams(), sourceParams, targetParams);\n}\n"],"mappings":";;;;AA+DA,SAAS,oBAAuC;CAC9C,OAAO,OAAO,OAAO,KAAK;;AAG5B,SAAS,oBAAoB,UAA4B;CACvD,MAAM,WAAW,SAAS,MAAM,IAAI,CAAC;CAErC,OAAO,+BADY,aAAa,MAAM,MAAM,SAAS,QAAQ,OAAO,GAAG,CACtB,CAAC,MAAM,IAAI,CAAC,OAAO,QAAQ;;AAG9E,SAAgB,yBACd,QAIA;CACA,MAAM,YAAY,eAAe,OAAO;CACxC,MAAM,kBAAkB,sBAAsB,OAAO;CAErD,OAAO;EACL,WAAW,KAAK;GACd,OAAO,UAAU,WAAW,oBAAoB,IAAI,CAAC;;EAEvD,cAAc,UAAU,iBAAiB,MAAM;GAM7C,IAAI,mBAAmB,MAAM,OAAO;GAEpC,MAAM,WAAW,oBAAoB,SAAS;GAC9C,MAAM,cAAc,oBAAoB,eAAe;GAEvD,KAAK,MAAM,SAAS,iBAAiB;IAMnC,IAAI,CAAC,qBAAqB,aAAa,MAAM,EAAE;IAE/C,MAAM,SAAS,wBAAwB,UAAU,MAAM,mBAAmB;IAC1E,IAAI,WAAW,MAAM;IAErB,MAAM,cAAc,OAAO,MAAM;IACjC,MAAM,sBAAsB,cACxB,wBAAwB,aAAa,YAAY,aAAa,GAC9D;IAWJ,IAAI,wBAAwB,QAAQ,MAAM,4BAA4B,MACpE;IAEF,MAAM,eAAe,uBAAuB,mBAAmB;IAC/D,OAAO;KAAE,GAAG;KAAO,eAAe,mBAAmB,cAAc,OAAO;KAAE;;GAE9E,OAAO;;EAEV;;;;;;;;;;;;AAaH,SAAS,qBAAqB,aAAuB,OAA4C;CAC/F,MAAM,eAAe,MAAM;CAC3B,IAAI,CAAC,cAAc,OAAO;CAE1B,IAAI,aAAa,WAAW,GAAG,OAAO;CACtC,OAAO,wBAAwB,aAAa,aAAa;;AAG3D,SAAS,sBACP,QAC8B;CAC9B,MAAM,kBAAgD,EAAE;CACxD,KAAK,IAAI,aAAa,GAAG,aAAa,OAAO,QAAQ,cAAc;EACjE,MAAM,QAAQ,OAAO;EACrB,IAAI,CAAC,MAAM,OAAO;EAClB,KAAK,MAAM,CAAC,SAAS,eAAe,OAAO,QAAQ,MAAM,MAAM,EAAE;GAC/D,IAAI,CAAC,WAAW,YAAY;GAC5B,KAAK,MAAM,aAAa,WAAW,YAAY;IAC7C,MAAM,qBAAqB,UAAU,sBAAsB;IAC3D,MAAM,0BAA0B,qBAC5B,mBAAmB,MAAM,IAAI,CAAC,OAAO,QAAQ,GAC7C;IACJ,gBAAgB,KAAK;KACnB,kBAAkB;KAClB;KACA,QAAQ,OAAO,WAAW,OAAO,WAAW,WAAW,KAAK;KAC5D,eAAe,UAAU;KACzB,oBAAoB,UAAU,cAAc,MAAM,IAAI,CAAC,OAAO,QAAQ;KACtE;KACA;KACA,kBAAkB,UAAU;KAC5B,MAAM,UAAU;KAChB,QAAQ,UAAU;KACnB,CAAC;;;;CAIR,OAAO;;AAGT,SAAgB,wBACd,UACA,cAC0B;CAC1B,OAAO,kBAAkB,UAAU,aAAa;;AAGlD,SAAS,mBACP,cACA,cACmB;CACnB,OAAO,OAAO,OAAO,mBAAmB,EAAE,cAAc,aAAa"}
+{"version":3,"file":"app-rsc-route-matching.js","names":[],"sources":["../../src/server/app-rsc-route-matching.ts"],"sourcesContent":["import { buildRouteTrie, trieMatch } from \"../routing/route-trie.js\";\nimport {\n  matchRoutePattern,\n  matchRoutePatternPrefix,\n  type RoutePatternParams,\n} from \"../routing/route-pattern.js\";\nimport { splitPathnameForRouteMatch } from \"../routing/utils.js\";\n\ntype AppRscRouteParams = RoutePatternParams;\n\ntype AppRscInterceptForMatching = {\n  targetPattern: string;\n  /**\n   * URL pattern of the *intercepting route* (the path that owns the slot,\n   * with route groups and `@slot` segments stripped). Mirrors Next.js'\n   * `interceptingRoute` from `extractInterceptionRouteInformation`.\n   *\n   * Next.js implements interception as a rewrite that fires only when the\n   * `Next-URL` header matches `^<sourceMatchPattern>(?:/.*)?$`. vinext's\n   * matcher enforces the same constraint at `findIntercept`: an intercept\n   * whose `targetPattern` matches the request URL is only valid when the\n   * provided source pathname (X-Vinext-Interception-Context / Next-URL)\n   * matches this pattern, with descendants allowed.\n   *\n   * Optional for backwards compat: when absent or empty, the matcher falls\n   * back to the legacy behavior of matching by target alone (still gated on\n   * a non-null source pathname).\n   *\n   * @see https://github.com/vercel/next.js/blob/canary/packages/next/src/lib/generate-interception-routes-rewrites.ts\n   */\n  sourceMatchPattern?: string;\n  interceptLayouts: readonly unknown[];\n  page: unknown;\n  params: readonly string[];\n};\n\ntype AppRscSlotForMatching = {\n  id?: string | null;\n  intercepts?: readonly AppRscInterceptForMatching[];\n};\n\ntype AppRscRouteForMatching = {\n  patternParts: string[];\n  slots?: Record<string, AppRscSlotForMatching>;\n};\n\ntype AppRscInterceptMatch = AppRscInterceptLookupEntry & {\n  matchedParams: AppRscRouteParams;\n};\n\ntype AppRscInterceptLookupEntry = {\n  sourceRouteIndex: number;\n  slotKey: string;\n  targetPattern: string;\n  targetPatternParts: string[];\n  sourceMatchPattern: string | null;\n  sourceMatchPatternParts: string[] | null;\n  interceptLayouts: readonly unknown[];\n  page: unknown;\n  params: readonly string[];\n  slotId: string | null;\n};\n\nfunction createRouteParams(): AppRscRouteParams {\n  return Object.create(null);\n}\n\nfunction appRscPathnameParts(pathname: string): string[] {\n  const pathOnly = pathname.split(\"?\")[0];\n  const normalized = pathOnly === \"/\" ? \"/\" : pathOnly.replace(/\\/$/, \"\");\n  return splitPathnameForRouteMatch(normalized);\n}\n\nexport function createAppRscRouteMatcher<Route extends AppRscRouteForMatching>(\n  routes: Route[],\n): {\n  matchRoute(url: string): { route: Route; params: AppRscRouteParams } | null;\n  findIntercept(pathname: string, sourcePathname?: string | null): AppRscInterceptMatch | null;\n} {\n  const routeTrie = buildRouteTrie(routes);\n  const interceptLookup = createInterceptLookup(routes);\n\n  return {\n    matchRoute(url) {\n      return trieMatch(routeTrie, appRscPathnameParts(url));\n    },\n    findIntercept(pathname, sourcePathname = null) {\n      // Mirror Next.js' rewrite semantics: interception only fires when the\n      // Next-URL header is present AND matches the intercepting route's regex\n      // (with descendants allowed). Without a source pathname there is no\n      // header for the rewrite to gate on, so we render the direct route.\n      // https://github.com/vercel/next.js/blob/canary/packages/next/src/lib/generate-interception-routes-rewrites.ts\n      if (sourcePathname === null) return null;\n\n      const urlParts = appRscPathnameParts(pathname);\n      const sourceParts = appRscPathnameParts(sourcePathname);\n\n      for (const entry of interceptLookup) {\n        // Primary gate: when the intercept declares a `sourceMatchPattern`\n        // (the intercepting route's path, descendants allowed), require the\n        // request's source pathname to satisfy it. This mirrors Next.js'\n        // `^<interceptingRoute>(?:/.*)?$` header regex precisely and is the\n        // authoritative gate when the manifest carries the pattern.\n        if (!matchInterceptSource(sourceParts, entry)) continue;\n\n        const params = matchAppRscRoutePattern(urlParts, entry.targetPatternParts);\n        if (params === null) continue;\n\n        const sourceRoute = routes[entry.sourceRouteIndex];\n        const matchedSourceParams = sourceRoute\n          ? matchAppRscRoutePattern(sourceParts, sourceRoute.patternParts)\n          : null;\n\n        // Secondary gate (from #1249): when the entry has no\n        // `sourceMatchPatternParts` declared (older manifest shapes), reject\n        // sources that don't match the slot owner's route pattern exactly.\n        // This is the safety net that keeps unrelated sources from pulling\n        // in a modal they have no slot for. When `sourceMatchPatternParts`\n        // *is* declared, `matchInterceptSource` above has already approved\n        // the source (including descendants), so a stricter exact-match\n        // check on the slot-owner route here would defeat the descendant\n        // semantics — fall back to empty params instead.\n        if (matchedSourceParams === null && entry.sourceMatchPatternParts === null) {\n          continue;\n        }\n        const sourceParams = matchedSourceParams ?? createRouteParams();\n        return { ...entry, matchedParams: mergeMatchedParams(sourceParams, params) };\n      }\n      return null;\n    },\n  };\n}\n\n/**\n * Check whether the request's source pathname (Next-URL / interception\n * context) satisfies the intercept entry's intercepting-route pattern, with\n * descendants allowed. Mirrors the header regex shape Next.js emits for the\n * generated interception rewrite: `^<pattern>(?:/.*)?$`.\n *\n * When the entry has no declared `sourceMatchPatternParts`, fall back to the\n * legacy behavior of accepting any source (we still require the source to be\n * non-null at the caller — see `findIntercept`).\n */\nfunction matchInterceptSource(sourceParts: string[], entry: AppRscInterceptLookupEntry): boolean {\n  const patternParts = entry.sourceMatchPatternParts;\n  if (!patternParts) return true;\n  // Root pattern (`/`) matches any source.\n  if (patternParts.length === 0) return true;\n  return matchRoutePatternPrefix(sourceParts, patternParts);\n}\n\nfunction createInterceptLookup<Route extends AppRscRouteForMatching>(\n  routes: Route[],\n): AppRscInterceptLookupEntry[] {\n  const interceptLookup: AppRscInterceptLookupEntry[] = [];\n  for (let routeIndex = 0; routeIndex < routes.length; routeIndex++) {\n    const route = routes[routeIndex];\n    if (!route.slots) continue;\n    for (const [slotKey, slotModule] of Object.entries(route.slots)) {\n      if (!slotModule.intercepts) continue;\n      for (const intercept of slotModule.intercepts) {\n        const sourceMatchPattern = intercept.sourceMatchPattern ?? null;\n        const sourceMatchPatternParts = sourceMatchPattern\n          ? sourceMatchPattern.split(\"/\").filter(Boolean)\n          : null;\n        interceptLookup.push({\n          sourceRouteIndex: routeIndex,\n          slotKey,\n          slotId: typeof slotModule.id === \"string\" ? slotModule.id : null,\n          targetPattern: intercept.targetPattern,\n          targetPatternParts: intercept.targetPattern.split(\"/\").filter(Boolean),\n          sourceMatchPattern,\n          sourceMatchPatternParts,\n          interceptLayouts: intercept.interceptLayouts,\n          page: intercept.page,\n          params: intercept.params,\n        });\n      }\n    }\n  }\n  return interceptLookup;\n}\n\nexport function matchAppRscRoutePattern(\n  urlParts: string[],\n  patternParts: string[],\n): AppRscRouteParams | null {\n  return matchRoutePattern(urlParts, patternParts);\n}\n\nfunction mergeMatchedParams(\n  sourceParams: AppRscRouteParams,\n  targetParams: AppRscRouteParams,\n): AppRscRouteParams {\n  return Object.assign(createRouteParams(), sourceParams, targetParams);\n}\n"],"mappings":";;;;AA+DA,SAAS,oBAAuC;CAC9C,OAAO,OAAO,OAAO,KAAK;;AAG5B,SAAS,oBAAoB,UAA4B;CACvD,MAAM,WAAW,SAAS,MAAM,IAAI,CAAC;CAErC,OAAO,2BADY,aAAa,MAAM,MAAM,SAAS,QAAQ,OAAO,GAAG,CAC1B;;AAG/C,SAAgB,yBACd,QAIA;CACA,MAAM,YAAY,eAAe,OAAO;CACxC,MAAM,kBAAkB,sBAAsB,OAAO;CAErD,OAAO;EACL,WAAW,KAAK;GACd,OAAO,UAAU,WAAW,oBAAoB,IAAI,CAAC;;EAEvD,cAAc,UAAU,iBAAiB,MAAM;GAM7C,IAAI,mBAAmB,MAAM,OAAO;GAEpC,MAAM,WAAW,oBAAoB,SAAS;GAC9C,MAAM,cAAc,oBAAoB,eAAe;GAEvD,KAAK,MAAM,SAAS,iBAAiB;IAMnC,IAAI,CAAC,qBAAqB,aAAa,MAAM,EAAE;IAE/C,MAAM,SAAS,wBAAwB,UAAU,MAAM,mBAAmB;IAC1E,IAAI,WAAW,MAAM;IAErB,MAAM,cAAc,OAAO,MAAM;IACjC,MAAM,sBAAsB,cACxB,wBAAwB,aAAa,YAAY,aAAa,GAC9D;IAWJ,IAAI,wBAAwB,QAAQ,MAAM,4BAA4B,MACpE;IAEF,MAAM,eAAe,uBAAuB,mBAAmB;IAC/D,OAAO;KAAE,GAAG;KAAO,eAAe,mBAAmB,cAAc,OAAO;KAAE;;GAE9E,OAAO;;EAEV;;;;;;;;;;;;AAaH,SAAS,qBAAqB,aAAuB,OAA4C;CAC/F,MAAM,eAAe,MAAM;CAC3B,IAAI,CAAC,cAAc,OAAO;CAE1B,IAAI,aAAa,WAAW,GAAG,OAAO;CACtC,OAAO,wBAAwB,aAAa,aAAa;;AAG3D,SAAS,sBACP,QAC8B;CAC9B,MAAM,kBAAgD,EAAE;CACxD,KAAK,IAAI,aAAa,GAAG,aAAa,OAAO,QAAQ,cAAc;EACjE,MAAM,QAAQ,OAAO;EACrB,IAAI,CAAC,MAAM,OAAO;EAClB,KAAK,MAAM,CAAC,SAAS,eAAe,OAAO,QAAQ,MAAM,MAAM,EAAE;GAC/D,IAAI,CAAC,WAAW,YAAY;GAC5B,KAAK,MAAM,aAAa,WAAW,YAAY;IAC7C,MAAM,qBAAqB,UAAU,sBAAsB;IAC3D,MAAM,0BAA0B,qBAC5B,mBAAmB,MAAM,IAAI,CAAC,OAAO,QAAQ,GAC7C;IACJ,gBAAgB,KAAK;KACnB,kBAAkB;KAClB;KACA,QAAQ,OAAO,WAAW,OAAO,WAAW,WAAW,KAAK;KAC5D,eAAe,UAAU;KACzB,oBAAoB,UAAU,cAAc,MAAM,IAAI,CAAC,OAAO,QAAQ;KACtE;KACA;KACA,kBAAkB,UAAU;KAC5B,MAAM,UAAU;KAChB,QAAQ,UAAU;KACnB,CAAC;;;;CAIR,OAAO;;AAGT,SAAgB,wBACd,UACA,cAC0B;CAC1B,OAAO,kBAAkB,UAAU,aAAa;;AAGlD,SAAS,mBACP,cACA,cACmB;CACnB,OAAO,OAAO,OAAO,mBAAmB,EAAE,cAAc,aAAa"}

package/dist/server/app-server-action-execution.js

@@ -9,8 +9,8 @@ import { setCurrentFetchCacheMode } from "../shims/fetch-cache.js";
 import { VINEXT_RSC_CONTENT_TYPE, VINEXT_RSC_VARY_HEADER, applyRscCompatibilityIdHeader } from "./app-rsc-cache-busting.js";
 import { createServerActionNotFoundResponse, getServerActionNotFoundMessage, isServerActionNotFoundError } from "./server-action-not-found.js";
 import { mergeMiddlewareResponseHeaders } from "./middleware-response-headers.js";
-import { readStreamAsTextWithLimit } from "../utils/text-stream.js";
 import { getNextErrorDigest, parseNextHttpErrorDigest, parseNextRedirectDigest } from "./next-error-digest.js";
+import { readStreamAsTextWithLimit } from "../utils/text-stream.js";
 import { resolveAppPageActionRerenderTarget } from "./app-page-request.js";
 //#region src/server/app-server-action-execution.ts
 /**

package/dist/server/app-ssr-entry.d.ts

@@ -1,4 +1,5 @@
 import { NavigationContext } from "../shims/navigation.js";
+import { RootParams } from "../shims/root-params.js";
 import { ReactFormState } from "react-dom/client";
 
 //#region src/server/app-ssr-entry.d.ts
@@ -22,6 +23,7 @@ declare function handleSsr(rscStream: ReadableStream<Uint8Array>, navContext: Na
   };
   formState?: ReactFormState | null;
   basePath?: string;
+  rootParams?: RootParams;
   /** When true, wait for the full React tree (including Suspense boundaries)
    *  to resolve before returning the HTML stream. Used for static prerender
    *  and ISR cache writes to avoid caching fallback content. */

package/dist/server/app-ssr-entry.js

@@ -9,10 +9,11 @@ import { runWithNavigationContext } from "../shims/navigation-state.js";
 import { withScriptNonce } from "../shims/script-nonce-context.js";
 import { createInlineScriptTag, createNonceAttribute, escapeHtmlAttr, safeJsonStringify } from "./html.js";
 import { ElementsContext, Slot } from "../shims/slot.js";
+import { createNavigationRuntimeRscMetadataScript, createRscEmbedTransform, createTickBufferedTransform } from "./app-ssr-stream.js";
 import { RSC_FORM_STATE_GLOBAL } from "./app-browser-hydration.js";
 import { createClientReferencePreloader } from "./app-client-reference-preloader.js";
 import { deferUntilStreamConsumed } from "./app-page-stream.js";
-import { createRscEmbedTransform, createTickBufferedTransform } from "./app-ssr-stream.js";
+import { runWithRootParamsScope } from "../shims/root-params.js";
 import { createSsrErrorMetaRenderer } from "./app-ssr-error-meta.js";
 import { Fragment, createElement, use } from "react";
 import { renderToReadableStream, renderToStaticMarkup } from "react-dom/server.edge";
@@ -80,13 +81,11 @@ function buildModulePreloadHtml(bootstrapModuleUrl, nonce) {
 	return `<link rel="modulepreload"${createNonceAttribute(nonce)} href="${escapeHtmlAttr(bootstrapModuleUrl)}" />\n`;
 }
 function buildHeadInjectionHtml(navContext, bootstrapModuleUrl, formState, insertedHTML, fontHTML, scriptNonce) {
-	const paramsScript = createInlineScriptTag("self.__VINEXT_RSC_PARAMS__=" + safeJsonStringify(navContext?.params ?? {}), scriptNonce);
-	const navScript = createInlineScriptTag("self.__VINEXT_RSC_NAV__=" + safeJsonStringify({
+	const navPayload = {
 		pathname: navContext?.pathname ?? "/",
 		searchParams: navContext?.searchParams ? [...navContext.searchParams.entries()] : []
-	}), scriptNonce);
-	const formStateScript = formState === null ? "" : createInlineScriptTag("self[" + safeJsonStringify(RSC_FORM_STATE_GLOBAL) + "]=" + safeJsonStringify(formState), scriptNonce);
-	return paramsScript + navScript + formStateScript + buildModulePreloadHtml(bootstrapModuleUrl, scriptNonce) + insertedHTML + fontHTML;
+	};
+	return createInlineScriptTag(createNavigationRuntimeRscMetadataScript(navContext?.params ?? {}, navPayload), scriptNonce) + (formState === null ? "" : createInlineScriptTag("self[" + safeJsonStringify(RSC_FORM_STATE_GLOBAL) + "]=" + safeJsonStringify(formState), scriptNonce)) + buildModulePreloadHtml(bootstrapModuleUrl, scriptNonce) + insertedHTML + fontHTML;
 }
 async function handleSsr(rscStream, navContext, fontData, options) {
 	return runWithNavigationContext(async () => {
@@ -97,56 +96,58 @@ async function handleSsr(rscStream, navContext, fontData, options) {
 			setNavigationContext(null);
 			clearServerInsertedHTML();
 		};
-		try {
-			let ssrStream;
-			let rscEmbed;
-			if (options?.sideStream) {
-				ssrStream = rscStream;
-				rscEmbed = createRscEmbedTransform(options.sideStream, options?.scriptNonce);
-				if (options.capturedRscDataRef) options.capturedRscDataRef.value = rscEmbed.getRawBuffer();
-			} else {
-				const [s1, s2] = rscStream.tee();
-				ssrStream = s1;
-				rscEmbed = createRscEmbedTransform(s2, options?.scriptNonce);
-			}
-			let flightRoot = null;
-			function VinextFlightRoot() {
-				if (!flightRoot) flightRoot = createFromReadableStream(ssrStream);
-				const wireElements = use(flightRoot);
-				const elements = AppElementsWire.decode(wireElements);
-				const metadata = AppElementsWire.readMetadata(elements);
-				return createElement(ElementsContext.Provider, { value: elements }, createElement(Slot, { id: metadata.routeId }));
-			}
-			const flightRootElement = createElement(VinextFlightRoot);
-			const root = AppRouterContext ? createElement(AppRouterContext.Provider, { value: appRouterInstance }, flightRootElement) : flightRootElement;
-			const ssrRoot = withScriptNonce(ServerInsertedHTMLContext ? createElement(ServerInsertedHTMLContext.Provider, { value: useServerInsertedHTML }, root) : root, options?.scriptNonce);
-			const bootstrapModuleUrl = extractBootstrapModuleUrl(await import.meta.viteRsc.loadBootstrapScriptContent("index"));
-			const errorMetaRenderer = createSsrErrorMetaRenderer({ basePath: options?.basePath });
-			const htmlStream = await renderToReadableStream(ssrRoot, {
-				bootstrapModules: bootstrapModuleUrl ? [bootstrapModuleUrl] : void 0,
-				formState: options?.formState ?? null,
-				nonce: options?.scriptNonce,
-				onError(error) {
-					errorMetaRenderer.capture(error);
-					if (error && typeof error === "object" && "digest" in error) return String(error.digest);
-					if (process.env.NODE_ENV === "production" && error) return ssrErrorDigest(getErrorMessage(error) + (error instanceof Error ? error.stack ?? "" : ""));
+		return runWithRootParamsScope(options?.rootParams ?? {}, async () => {
+			try {
+				let ssrStream;
+				let rscEmbed;
+				if (options?.sideStream) {
+					ssrStream = rscStream;
+					rscEmbed = createRscEmbedTransform(options.sideStream, options?.scriptNonce);
+					if (options.capturedRscDataRef) options.capturedRscDataRef.value = rscEmbed.getRawBuffer();
+				} else {
+					const [s1, s2] = rscStream.tee();
+					ssrStream = s1;
+					rscEmbed = createRscEmbedTransform(s2, options?.scriptNonce);
 				}
-			});
-			if (options?.waitForAllReady === true) await htmlStream.allReady;
-			const fontHTML = renderFontHtml(fontData, options?.scriptNonce);
-			let didInjectHeadHTML = false;
-			const getInsertedHTML = () => {
-				const insertedHTML = renderInsertedHtml(renderServerInsertedHTML());
-				const errorMetaHTML = errorMetaRenderer.flush();
-				if (didInjectHeadHTML) return insertedHTML + errorMetaHTML;
-				didInjectHeadHTML = true;
-				return buildHeadInjectionHtml(navContext, bootstrapModuleUrl, options?.formState ?? null, insertedHTML + errorMetaHTML, fontHTML, options?.scriptNonce);
-			};
-			return deferUntilStreamConsumed(htmlStream.pipeThrough(createTickBufferedTransform(rscEmbed, getInsertedHTML)), cleanup);
-		} catch (error) {
-			cleanup();
-			throw error;
-		}
+				let flightRoot = null;
+				function VinextFlightRoot() {
+					if (!flightRoot) flightRoot = createFromReadableStream(ssrStream);
+					const wireElements = use(flightRoot);
+					const elements = AppElementsWire.decode(wireElements);
+					const metadata = AppElementsWire.readMetadata(elements);
+					return createElement(ElementsContext.Provider, { value: elements }, createElement(Slot, { id: metadata.routeId }));
+				}
+				const flightRootElement = createElement(VinextFlightRoot);
+				const root = AppRouterContext ? createElement(AppRouterContext.Provider, { value: appRouterInstance }, flightRootElement) : flightRootElement;
+				const ssrRoot = withScriptNonce(ServerInsertedHTMLContext ? createElement(ServerInsertedHTMLContext.Provider, { value: useServerInsertedHTML }, root) : root, options?.scriptNonce);
+				const bootstrapModuleUrl = extractBootstrapModuleUrl(await import.meta.viteRsc.loadBootstrapScriptContent("index"));
+				const errorMetaRenderer = createSsrErrorMetaRenderer({ basePath: options?.basePath });
+				const htmlStream = await renderToReadableStream(ssrRoot, {
+					bootstrapModules: bootstrapModuleUrl ? [bootstrapModuleUrl] : void 0,
+					formState: options?.formState ?? null,
+					nonce: options?.scriptNonce,
+					onError(error) {
+						errorMetaRenderer.capture(error);
+						if (error && typeof error === "object" && "digest" in error) return String(error.digest);
+						if (process.env.NODE_ENV === "production" && error) return ssrErrorDigest(getErrorMessage(error) + (error instanceof Error ? error.stack ?? "" : ""));
+					}
+				});
+				if (options?.waitForAllReady === true) await htmlStream.allReady;
+				const fontHTML = renderFontHtml(fontData, options?.scriptNonce);
+				let didInjectHeadHTML = false;
+				const getInsertedHTML = () => {
+					const insertedHTML = renderInsertedHtml(renderServerInsertedHTML());
+					const errorMetaHTML = errorMetaRenderer.flush();
+					if (didInjectHeadHTML) return insertedHTML + errorMetaHTML;
+					didInjectHeadHTML = true;
+					return buildHeadInjectionHtml(navContext, bootstrapModuleUrl, options?.formState ?? null, insertedHTML + errorMetaHTML, fontHTML, options?.scriptNonce);
+				};
+				return deferUntilStreamConsumed(htmlStream.pipeThrough(createTickBufferedTransform(rscEmbed, getInsertedHTML)), cleanup);
+			} catch (error) {
+				cleanup();
+				throw error;
+			}
+		});
 	});
 }
 var app_ssr_entry_default = { async fetch(request) {