vinext 0.0.54 → 0.1.0

package/dist/cloudflare/tpr.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"tpr.js","names":[],"sources":["../../src/cloudflare/tpr.ts"],"sourcesContent":["/**\n * TPR: Traffic-aware Pre-Rendering\n *\n * Uses Cloudflare zone analytics to determine which pages actually get\n * traffic, and pre-renders only those during deploy. The pre-rendered\n * HTML is uploaded to KV in the same format ISR uses at runtime — no\n * runtime changes needed.\n *\n * Flow:\n *   1. Parse wrangler config to find custom domain and KV namespace\n *   2. Resolve the Cloudflare zone for the custom domain\n *   3. Query zone analytics (GraphQL) for top pages by request count\n *   4. Walk ranked list until coverage threshold is met\n *   5. Start the built production server locally\n *   6. Fetch each hot route to produce HTML\n *   7. Upload pre-rendered HTML to KV (same KVCacheEntry format ISR reads)\n *\n * TPR is an experimental feature enabled via --experimental-tpr. It\n * gracefully skips when no custom domain, no API token, no traffic data,\n * or no KV namespace is configured.\n */\n\nimport fs from \"node:fs\";\nimport path from \"node:path\";\nimport { spawn, type ChildProcess } from \"node:child_process\";\nimport { VINEXT_REVALIDATE_HEADER } from \"../server/headers.js\";\nimport { isrCacheKey } from \"../server/isr-cache.js\";\nimport { ENTRY_PREFIX } from \"./kv-cache-handler.js\";\n\n// ─── Types ───────────────────────────────────────────────────────────────────\n\nexport type TPROptions = {\n  /** Project root directory. */\n  root: string;\n  /** Traffic coverage percentage (0–100). Default: 90. */\n  coverage: number;\n  /** Hard cap on number of pages to pre-render. Default: 1000. */\n  limit: number;\n  /** Analytics lookback window in hours. Default: 24. */\n  window: number;\n};\n\nexport type TPRResult = {\n  /** Total unique page paths found in analytics. */\n  totalPaths: number;\n  /** Number of pages successfully pre-rendered and uploaded. */\n  prerenderedCount: number;\n  /** Actual traffic coverage achieved (percentage). */\n  coverageAchieved: number;\n  /** Wall-clock duration of the TPR step in milliseconds. */\n  durationMs: number;\n  /** If TPR was skipped, the reason. */\n  skipped?: string;\n};\n\ntype TrafficEntry = {\n  path: string;\n  requests: number;\n};\n\ntype SelectedRoutes = {\n  routes: TrafficEntry[];\n  totalRequests: number;\n  coveredRequests: number;\n  coveragePercent: number;\n};\n\ntype PrerenderResult = {\n  html: string;\n  status: number;\n  headers: Record<string, string>;\n};\n\ntype WranglerConfig = {\n  accountId?: string;\n  kvNamespaceId?: string;\n  customDomain?: string;\n};\n\n// ─── Wrangler Config Parsing ─────────────────────────────────────────────────\n\n/**\n * Parse wrangler config (JSONC or TOML) to extract the fields TPR needs:\n * account_id, VINEXT_CACHE KV namespace ID, and custom domain.\n */\nexport function parseWranglerConfig(root: string): WranglerConfig | null {\n  // Try JSONC / JSON first\n  for (const filename of [\"wrangler.jsonc\", \"wrangler.json\"]) {\n    const filepath = path.join(root, filename);\n    if (fs.existsSync(filepath)) {\n      const content = fs.readFileSync(filepath, \"utf-8\");\n      try {\n        const json = JSON.parse(stripJsonComments(content));\n        return extractFromJSON(json);\n      } catch {\n        continue;\n      }\n    }\n  }\n\n  // Try TOML\n  const tomlPath = path.join(root, \"wrangler.toml\");\n  if (fs.existsSync(tomlPath)) {\n    const content = fs.readFileSync(tomlPath, \"utf-8\");\n    return extractFromTOML(content);\n  }\n\n  return null;\n}\n\n/**\n * Strip single-line (//) and multi-line comments from JSONC while\n * preserving strings that contain slashes.\n */\nfunction stripJsonComments(str: string): string {\n  let result = \"\";\n  let inString = false;\n  let inSingleLine = false;\n  let inMultiLine = false;\n  let escapeNext = false;\n\n  for (let i = 0; i < str.length; i++) {\n    const ch = str[i];\n    const next = str[i + 1];\n\n    if (escapeNext) {\n      if (!inSingleLine && !inMultiLine) result += ch;\n      escapeNext = false;\n      continue;\n    }\n\n    if (ch === \"\\\\\" && inString) {\n      result += ch;\n      escapeNext = true;\n      continue;\n    }\n\n    if (inSingleLine) {\n      if (ch === \"\\n\") {\n        inSingleLine = false;\n        result += ch;\n      }\n      continue;\n    }\n\n    if (inMultiLine) {\n      if (ch === \"*\" && next === \"/\") {\n        inMultiLine = false;\n        i++;\n      }\n      continue;\n    }\n\n    if (ch === '\"' && !inString) {\n      inString = true;\n      result += ch;\n      continue;\n    }\n\n    if (ch === '\"' && inString) {\n      inString = false;\n      result += ch;\n      continue;\n    }\n\n    if (!inString && ch === \"/\" && next === \"/\") {\n      inSingleLine = true;\n      i++;\n      continue;\n    }\n\n    if (!inString && ch === \"/\" && next === \"*\") {\n      inMultiLine = true;\n      i++;\n      continue;\n    }\n\n    result += ch;\n  }\n\n  return result;\n}\n\nfunction extractFromJSON(config: Record<string, unknown>): WranglerConfig {\n  const result: WranglerConfig = {};\n\n  // account_id\n  if (typeof config.account_id === \"string\") {\n    result.accountId = config.account_id;\n  }\n\n  // KV namespace ID for VINEXT_CACHE\n  if (Array.isArray(config.kv_namespaces)) {\n    const vinextKV = config.kv_namespaces.find(\n      (ns: Record<string, unknown>) =>\n        ns && typeof ns === \"object\" && ns.binding === \"VINEXT_CACHE\",\n    );\n    if (vinextKV && typeof vinextKV.id === \"string\" && vinextKV.id !== \"<your-kv-namespace-id>\") {\n      result.kvNamespaceId = vinextKV.id;\n    }\n  }\n\n  // Custom domain — check routes[] and custom_domains[]\n  const domain = extractDomainFromRoutes(config.routes) ?? extractDomainFromCustomDomains(config);\n  if (domain) result.customDomain = domain;\n\n  return result;\n}\n\nfunction extractDomainFromRoutes(routes: unknown): string | null {\n  if (!Array.isArray(routes)) return null;\n\n  for (const route of routes) {\n    if (typeof route === \"string\") {\n      const domain = cleanDomain(route);\n      if (domain && !domain.includes(\"workers.dev\")) return domain;\n    } else if (route && typeof route === \"object\") {\n      const r = route as Record<string, unknown>;\n      const pattern =\n        typeof r.zone_name === \"string\"\n          ? r.zone_name\n          : typeof r.pattern === \"string\"\n            ? r.pattern\n            : null;\n      if (pattern) {\n        const domain = cleanDomain(pattern);\n        if (domain && !domain.includes(\"workers.dev\")) return domain;\n      }\n    }\n  }\n  return null;\n}\n\nfunction extractDomainFromCustomDomains(config: Record<string, unknown>): string | null {\n  // Workers Custom Domains: \"custom_domains\": [\"example.com\"]\n  if (Array.isArray(config.custom_domains)) {\n    for (const d of config.custom_domains) {\n      if (typeof d === \"string\" && !d.includes(\"workers.dev\")) {\n        return cleanDomain(d);\n      }\n    }\n  }\n  return null;\n}\n\n/** Strip protocol and trailing wildcards from a route pattern to get a bare domain. */\nfunction cleanDomain(raw: string): string | null {\n  const cleaned = raw\n    .replace(/^https?:\\/\\//, \"\")\n    .replace(/\\/\\*$/, \"\")\n    .replace(/\\/+$/, \"\")\n    .split(\"/\")[0]; // Take only the host part\n  return cleaned || null;\n}\n\n/**\n * Simple extraction of specific fields from wrangler.toml content.\n * Not a full TOML parser — just enough for the fields we need.\n */\nfunction extractFromTOML(content: string): WranglerConfig {\n  const result: WranglerConfig = {};\n\n  // account_id = \"...\"\n  const accountMatch = content.match(/^account_id\\s*=\\s*\"([^\"]+)\"/m);\n  if (accountMatch) result.accountId = accountMatch[1];\n\n  // KV namespace with binding = \"VINEXT_CACHE\"\n  // Look for [[kv_namespaces]] blocks\n  const kvBlocks = content.split(/\\[\\[kv_namespaces\\]\\]/);\n  for (let i = 1; i < kvBlocks.length; i++) {\n    const block = kvBlocks[i].split(/\\[\\[/)[0]; // Take until next section\n    const bindingMatch = block.match(/binding\\s*=\\s*\"([^\"]+)\"/);\n    const idMatch = block.match(/\\bid\\s*=\\s*\"([^\"]+)\"/);\n    if (\n      bindingMatch?.[1] === \"VINEXT_CACHE\" &&\n      idMatch?.[1] &&\n      idMatch[1] !== \"<your-kv-namespace-id>\"\n    ) {\n      result.kvNamespaceId = idMatch[1];\n    }\n  }\n\n  // routes — both string and table forms\n  // route = \"example.com/*\"\n  const routeMatch = content.match(/^route\\s*=\\s*\"([^\"]+)\"/m);\n  if (routeMatch) {\n    const domain = cleanDomain(routeMatch[1]);\n    if (domain && !domain.includes(\"workers.dev\")) {\n      result.customDomain = domain;\n    }\n  }\n\n  // [[routes]] blocks\n  if (!result.customDomain) {\n    const routeBlocks = content.split(/\\[\\[routes\\]\\]/);\n    for (let i = 1; i < routeBlocks.length; i++) {\n      const block = routeBlocks[i].split(/\\[\\[/)[0];\n      const patternMatch = block.match(/pattern\\s*=\\s*\"([^\"]+)\"/);\n      if (patternMatch) {\n        const domain = cleanDomain(patternMatch[1]);\n        if (domain && !domain.includes(\"workers.dev\")) {\n          result.customDomain = domain;\n          break;\n        }\n      }\n    }\n  }\n\n  return result;\n}\n\n// ─── Cloudflare API ──────────────────────────────────────────────────────────\n\n/**\n * Generate zone lookup candidates from shortest (2-part) to longest.\n * Tries the most common case first (e.g., \"example.com\") and progressively\n * adds labels for multi-part TLDs (e.g., \"co.uk\" → \"example.co.uk\").\n *\n * \"shop.example.com\"    → [\"example.com\", \"shop.example.com\"]\n * \"shop.example.co.uk\"  → [\"co.uk\", \"example.co.uk\", \"shop.example.co.uk\"]\n * \"example.com\"         → [\"example.com\"]\n */\nexport function domainCandidates(domain: string): string[] {\n  const parts = domain.split(\".\");\n  const candidates: string[] = [];\n  for (let i = parts.length - 2; i >= 0; i--) {\n    candidates.push(parts.slice(i).join(\".\"));\n  }\n  return candidates;\n}\n\n/** Resolve zone ID from a domain name via the Cloudflare API. */\nasync function resolveZoneId(domain: string, apiToken: string): Promise<string | null> {\n  // Try progressively longer domain candidates until one matches a zone.\n  // This handles all public suffixes without a hardcoded TLD list —\n  // for simple TLDs (.com, .io) the 2-part candidate hits on the first try;\n  // for multi-part TLDs (.co.uk, .com.au) it takes one extra call.\n  for (const candidate of domainCandidates(domain)) {\n    const response = await fetch(\n      `https://api.cloudflare.com/client/v4/zones?name=${encodeURIComponent(candidate)}`,\n      {\n        headers: {\n          Authorization: `Bearer ${apiToken}`,\n          \"Content-Type\": \"application/json\",\n        },\n      },\n    );\n\n    if (!response.ok) continue;\n\n    const data = (await response.json()) as {\n      success: boolean;\n      result?: Array<{ id: string }>;\n    };\n    if (data.success && data.result?.length) {\n      return data.result[0].id;\n    }\n  }\n\n  return null;\n}\n\n/** Resolve the account ID associated with the API token. */\nasync function resolveAccountId(apiToken: string): Promise<string | null> {\n  const response = await fetch(\"https://api.cloudflare.com/client/v4/accounts?per_page=1\", {\n    headers: {\n      Authorization: `Bearer ${apiToken}`,\n      \"Content-Type\": \"application/json\",\n    },\n  });\n\n  if (!response.ok) return null;\n\n  const data = (await response.json()) as {\n    success: boolean;\n    result?: Array<{ id: string }>;\n  };\n  if (!data.success || !data.result?.length) return null;\n\n  return data.result[0].id;\n}\n\n// ─── Traffic Querying ────────────────────────────────────────────────────────\n\n/**\n * Query Cloudflare zone analytics for top page paths by request count\n * over the given time window.\n */\nasync function queryTraffic(\n  zoneTag: string,\n  apiToken: string,\n  windowHours: number,\n): Promise<TrafficEntry[]> {\n  const now = new Date();\n  const start = new Date(now.getTime() - windowHours * 60 * 60 * 1000);\n\n  const query = `{\n    viewer {\n      zones(filter: { zoneTag: \"${zoneTag}\" }) {\n        httpRequestsAdaptiveGroups(\n          limit: 10000\n          orderBy: [sum_requests_DESC]\n          filter: {\n            datetime_geq: \"${start.toISOString()}\"\n            datetime_lt: \"${now.toISOString()}\"\n            requestSource: \"eyeball\"\n          }\n        ) {\n          sum { requests }\n          dimensions { clientRequestPath }\n        }\n      }\n    }\n  }`;\n\n  const response = await fetch(\"https://api.cloudflare.com/client/v4/graphql\", {\n    method: \"POST\",\n    headers: {\n      Authorization: `Bearer ${apiToken}`,\n      \"Content-Type\": \"application/json\",\n    },\n    body: JSON.stringify({ query }),\n  });\n\n  if (!response.ok) {\n    throw new Error(`Zone analytics query failed: ${response.status} ${response.statusText}`);\n  }\n\n  const data = (await response.json()) as {\n    errors?: Array<{ message: string }>;\n    data?: {\n      viewer?: {\n        zones?: Array<{\n          httpRequestsAdaptiveGroups?: Array<{\n            sum: { requests: number };\n            dimensions: { clientRequestPath: string };\n          }>;\n        }>;\n      };\n    };\n  };\n\n  if (data.errors?.length) {\n    throw new Error(`Zone analytics error: ${data.errors[0].message}`);\n  }\n\n  const groups = data.data?.viewer?.zones?.[0]?.httpRequestsAdaptiveGroups;\n  if (!groups || groups.length === 0) return [];\n\n  return filterTrafficPaths(\n    groups.map((g) => ({\n      path: g.dimensions.clientRequestPath,\n      requests: g.sum.requests,\n    })),\n  );\n}\n\n/** Filter out non-page requests (static assets, API routes, internal routes). */\nfunction filterTrafficPaths(entries: TrafficEntry[]): TrafficEntry[] {\n  return entries.filter((e) => {\n    if (!e.path.startsWith(\"/\")) return false;\n    // Static assets\n    if (/\\.(js|css|png|jpg|jpeg|gif|svg|ico|woff2?|ttf|eot|map|webp|avif)$/i.test(e.path))\n      return false;\n    // API routes\n    if (e.path.startsWith(\"/api/\")) return false;\n    // Internal routes\n    if (e.path.startsWith(\"/_next/\") || e.path.startsWith(\"/__vinext/\")) return false;\n    // RSC requests\n    if (e.path.endsWith(\".rsc\")) return false;\n    return true;\n  });\n}\n\n// ─── Route Selection ─────────────────────────────────────────────────────────\n\n/**\n * Walk the ranked traffic list, accumulating request counts until the\n * coverage target is met or the hard cap is reached.\n */\nfunction selectRoutes(\n  traffic: TrafficEntry[],\n  coverageTarget: number,\n  limit: number,\n): SelectedRoutes {\n  const totalRequests = traffic.reduce((sum, e) => sum + e.requests, 0);\n  if (totalRequests === 0) {\n    return { routes: [], totalRequests: 0, coveredRequests: 0, coveragePercent: 0 };\n  }\n\n  const target = totalRequests * (coverageTarget / 100);\n  const selected: TrafficEntry[] = [];\n  let accumulated = 0;\n\n  // Traffic is already sorted DESC by requests from the GraphQL query\n  for (const entry of traffic) {\n    if (accumulated >= target || selected.length >= limit) break;\n    selected.push(entry);\n    accumulated += entry.requests;\n  }\n\n  return {\n    routes: selected,\n    totalRequests,\n    coveredRequests: accumulated,\n    coveragePercent: (accumulated / totalRequests) * 100,\n  };\n}\n\n// ─── Pre-rendering ───────────────────────────────────────────────────────────\n\n/** Pre-render port — high number to avoid collisions with dev servers. */\nconst PRERENDER_PORT = 19384;\n\n/** Max time to wait for the local server to start (ms). */\nconst SERVER_STARTUP_TIMEOUT = 30_000;\n\n/** Max concurrent fetch requests during pre-rendering. */\nconst FETCH_CONCURRENCY = 10;\n\n/**\n * Start a local production server, fetch each route to produce HTML,\n * and return the results. Pages that fail to render are skipped.\n */\nasync function prerenderRoutes(\n  routes: string[],\n  root: string,\n  hostDomain?: string,\n): Promise<Map<string, PrerenderResult>> {\n  const results = new Map<string, PrerenderResult>();\n  let failedCount = 0;\n  const port = PRERENDER_PORT;\n\n  // Verify dist/ exists\n  const distDir = path.join(root, \"dist\");\n  if (!fs.existsSync(distDir)) {\n    console.log(\"  TPR: Skipping pre-render — dist/ directory not found\");\n    return results;\n  }\n\n  // Start the local production server as a subprocess\n  const serverProcess = startLocalServer(root, port);\n\n  try {\n    await waitForServer(port, SERVER_STARTUP_TIMEOUT);\n\n    // Fetch routes in batches to limit concurrency\n    for (let i = 0; i < routes.length; i += FETCH_CONCURRENCY) {\n      const batch = routes.slice(i, i + FETCH_CONCURRENCY);\n      const promises = batch.map(async (routePath) => {\n        try {\n          const response = await fetch(`http://127.0.0.1:${port}${routePath}`, {\n            headers: {\n              \"User-Agent\": \"vinext-tpr/1.0\",\n              ...(hostDomain ? { Host: hostDomain } : {}),\n            },\n            redirect: \"manual\", // Don't follow redirects — cache the redirect itself\n          });\n\n          // Only cache successful responses (2xx and 3xx)\n          if (response.status < 400) {\n            const html = await response.text();\n            const headers: Record<string, string> = {};\n            response.headers.forEach((value, key) => {\n              // Only keep relevant headers\n              if (\n                key === \"content-type\" ||\n                key === \"cache-control\" ||\n                key === VINEXT_REVALIDATE_HEADER ||\n                key === \"location\"\n              ) {\n                headers[key] = value;\n              }\n            });\n            results.set(routePath, {\n              html,\n              status: response.status,\n              headers,\n            });\n          }\n        } catch {\n          // Skip pages that fail to render — they may depend on\n          // request-specific data (cookies, headers, auth) that\n          // isn't available during pre-rendering.\n          failedCount++;\n        }\n      });\n\n      await Promise.all(promises);\n    }\n\n    if (failedCount > 0) {\n      console.log(`  TPR: ${failedCount} page(s) failed to pre-render (skipped)`);\n    }\n  } finally {\n    serverProcess.kill(\"SIGTERM\");\n    // Give it a moment to clean up\n    await new Promise<void>((resolve) => {\n      serverProcess.on(\"exit\", resolve);\n      setTimeout(resolve, 2000);\n    });\n  }\n\n  return results;\n}\n\n/**\n * Spawn a subprocess running the vinext production server.\n * Uses the same Node.js binary and resolves prod-server.js relative\n * to the current module (works whether vinext is installed or linked).\n */\nfunction startLocalServer(root: string, port: number): ChildProcess {\n  const prodServerPath = path.resolve(import.meta.dirname, \"..\", \"server\", \"prod-server.js\");\n  const outDir = path.join(root, \"dist\");\n\n  // Escape backslashes for Windows paths inside the JS string\n  const escapedProdServer = prodServerPath.replace(/\\\\/g, \"\\\\\\\\\");\n  const escapedOutDir = outDir.replace(/\\\\/g, \"\\\\\\\\\");\n\n  const script = [\n    `import(\"file://${escapedProdServer}\")`,\n    `.then(m => m.startProdServer({ port: ${port}, host: \"127.0.0.1\", outDir: \"${escapedOutDir}\" }))`,\n    `.catch(e => { console.error(\"[vinext-tpr] Server failed to start:\", e); process.exit(1); });`,\n  ].join(\"\");\n\n  const proc = spawn(process.execPath, [\"--input-type=module\", \"-e\", script], {\n    cwd: root,\n    stdio: \"pipe\",\n    env: { ...process.env, NODE_ENV: \"production\" },\n  });\n\n  // Forward server errors to the parent's stderr for debugging\n  proc.stderr?.on(\"data\", (chunk: Buffer) => {\n    const msg = chunk.toString().trim();\n    if (msg) console.error(`  [tpr-server] ${msg}`);\n  });\n\n  return proc;\n}\n\n/** Poll the local server until it responds or the timeout is reached. */\nasync function waitForServer(port: number, timeoutMs: number): Promise<void> {\n  const start = Date.now();\n  while (Date.now() - start < timeoutMs) {\n    try {\n      const controller = new AbortController();\n      const timer = setTimeout(() => controller.abort(), 2000);\n      const response = await fetch(`http://127.0.0.1:${port}/`, {\n        redirect: \"manual\",\n        signal: controller.signal,\n      });\n      clearTimeout(timer);\n      // Any response means the server is up\n      await response.text(); // consume body\n      return;\n    } catch {\n      await new Promise<void>((r) => setTimeout(r, 300));\n    }\n  }\n  throw new Error(`Local production server failed to start within ${timeoutMs / 1000}s`);\n}\n\n// ─── KV Upload ───────────────────────────────────────────────────────────────\n\n/** KV bulk API accepts up to 10,000 pairs per request */\nconst KV_BATCH_SIZE = 10_000;\n\n/** Maximum KV expiration TTL: 30 days */\nconst MAX_KV_TTL_SECONDS = 30 * 24 * 3600;\n\n/**\n * Build KV bulk API pairs from pre-rendered entries.\n *\n * Key format matches the runtime KVCacheHandler exactly:\n *   ENTRY_PREFIX + isrCacheKey(\"app\", pathname, buildId) + \":html\"\n *   → \"cache:app:<buildId>:<pathname>:html\"\n */\nexport function buildTprKVPairs(\n  entries: Map<string, PrerenderResult>,\n  buildId: string | undefined,\n  defaultRevalidateSeconds: number,\n): Array<{ key: string; value: string; expiration_ttl: number }> {\n  const now = Date.now();\n  const pairs: Array<{ key: string; value: string; expiration_ttl: number }> = [];\n\n  for (const [routePath, result] of entries) {\n    const revalidateHeader = result.headers[VINEXT_REVALIDATE_HEADER];\n    const revalidateSeconds =\n      revalidateHeader && !isNaN(Number(revalidateHeader))\n        ? Number(revalidateHeader)\n        : defaultRevalidateSeconds;\n\n    const revalidateAt = revalidateSeconds > 0 ? now + revalidateSeconds * 1000 : null;\n\n    // For revalidating entries: 30-day TTL matches runtime KVCacheHandler.set().\n    // For non-revalidating entries: runtime uses no TTL (entries persist indefinitely),\n    // but TPR uses a 24h fallback so pre-warmed entries don't accumulate forever.\n    const kvTtl = revalidateSeconds > 0 ? MAX_KV_TTL_SECONDS : 24 * 3600;\n\n    const entry = {\n      value: {\n        kind: \"APP_PAGE\" as const,\n        html: result.html,\n        headers: result.headers,\n        status: result.status,\n      },\n      tags: [] as string[],\n      lastModified: now,\n      revalidateAt,\n    };\n\n    const cacheKey = ENTRY_PREFIX + isrCacheKey(\"app\", routePath, buildId) + \":html\";\n\n    pairs.push({\n      key: cacheKey,\n      value: JSON.stringify(entry),\n      expiration_ttl: kvTtl,\n    });\n  }\n\n  return pairs;\n}\n\n/**\n * Upload pre-rendered pages to KV using the Cloudflare REST API.\n * Writes in the same KVCacheEntry format that KVCacheHandler reads\n * at runtime, so ISR serves these entries without any code changes.\n */\nasync function uploadToKV(\n  entries: Map<string, PrerenderResult>,\n  namespaceId: string,\n  accountId: string,\n  apiToken: string,\n  defaultRevalidateSeconds: number,\n  buildId?: string,\n): Promise<void> {\n  const pairs = buildTprKVPairs(entries, buildId, defaultRevalidateSeconds);\n  for (let i = 0; i < pairs.length; i += KV_BATCH_SIZE) {\n    const batch = pairs.slice(i, i + KV_BATCH_SIZE);\n    const response = await fetch(\n      `https://api.cloudflare.com/client/v4/accounts/${accountId}/storage/kv/namespaces/${namespaceId}/bulk`,\n      {\n        method: \"PUT\",\n        headers: {\n          Authorization: `Bearer ${apiToken}`,\n          \"Content-Type\": \"application/json\",\n        },\n        body: JSON.stringify(batch),\n      },\n    );\n\n    if (!response.ok) {\n      const text = await response.text();\n      throw new Error(\n        `KV bulk upload failed (batch ${Math.floor(i / KV_BATCH_SIZE) + 1}): ${response.status} — ${text}`,\n      );\n    }\n  }\n}\n\n// ─── Main Entry ──────────────────────────────────────────────────────────────\n\n/** Default revalidation TTL for pre-rendered pages (1 hour). */\nconst DEFAULT_REVALIDATE_SECONDS = 3600;\n\n/**\n * Run the TPR pipeline: query traffic, select routes, pre-render, upload.\n *\n * Designed to be called between the build step and wrangler deploy in\n * the `vinext deploy` pipeline. Gracefully skips (never errors) when\n * the prerequisites aren't met.\n */\nexport async function runTPR(options: TPROptions): Promise<TPRResult> {\n  const startTime = Date.now();\n  const { root, coverage, limit, window: windowHours } = options;\n\n  const skip = (reason: string): TPRResult => ({\n    totalPaths: 0,\n    prerenderedCount: 0,\n    coverageAchieved: 0,\n    durationMs: Date.now() - startTime,\n    skipped: reason,\n  });\n\n  // ── 1. Check for API token ────────────────────────────────────\n  const apiToken = process.env.CLOUDFLARE_API_TOKEN;\n  if (!apiToken) {\n    return skip(\"no CLOUDFLARE_API_TOKEN set\");\n  }\n\n  // ── 2. Parse wrangler config ──────────────────────────────────\n  const wranglerConfig = parseWranglerConfig(root);\n  if (!wranglerConfig) {\n    return skip(\"could not parse wrangler config\");\n  }\n\n  // ── 3. Check for custom domain ────────────────────────────────\n  if (!wranglerConfig.customDomain) {\n    return skip(\"no custom domain — zone analytics unavailable\");\n  }\n\n  // ── 4. Check for KV namespace ─────────────────────────────────\n  if (!wranglerConfig.kvNamespaceId) {\n    return skip(\"no VINEXT_CACHE KV namespace configured\");\n  }\n\n  // ── 5. Resolve account ID ─────────────────────────────────────\n  const accountId = wranglerConfig.accountId ?? (await resolveAccountId(apiToken));\n  if (!accountId) {\n    return skip(\"could not resolve Cloudflare account ID\");\n  }\n\n  // ── 6. Resolve zone ID ────────────────────────────────────────\n  console.log(`  TPR: Analyzing traffic for ${wranglerConfig.customDomain} (last ${windowHours}h)`);\n\n  const zoneId = await resolveZoneId(wranglerConfig.customDomain, apiToken);\n  if (!zoneId) {\n    return skip(`could not resolve zone for ${wranglerConfig.customDomain}`);\n  }\n\n  // ── 7. Query traffic data ─────────────────────────────────────\n  let traffic: TrafficEntry[];\n  try {\n    traffic = await queryTraffic(zoneId, apiToken, windowHours);\n  } catch (err) {\n    return skip(`analytics query failed: ${err instanceof Error ? err.message : String(err)}`);\n  }\n\n  if (traffic.length === 0) {\n    return skip(\"no traffic data available (first deploy?)\");\n  }\n\n  // ── 8. Select routes by coverage ──────────────────────────────\n  const selection = selectRoutes(traffic, coverage, limit);\n\n  console.log(\n    `  TPR: ${traffic.length.toLocaleString()} unique paths — ` +\n      `${selection.routes.length} pages cover ${Math.round(selection.coveragePercent)}% of traffic`,\n  );\n\n  if (selection.routes.length === 0) {\n    return {\n      totalPaths: traffic.length,\n      prerenderedCount: 0,\n      coverageAchieved: 0,\n      durationMs: Date.now() - startTime,\n      skipped: \"no pre-renderable routes after filtering\",\n    };\n  }\n\n  // ── 9. Pre-render selected routes ─────────────────────────────\n  console.log(`  TPR: Pre-rendering ${selection.routes.length} pages...`);\n\n  const routePaths = selection.routes.map((r) => r.path);\n  let rendered: Map<string, PrerenderResult>;\n  try {\n    rendered = await prerenderRoutes(routePaths, root, wranglerConfig.customDomain);\n  } catch (err) {\n    return skip(`pre-rendering failed: ${err instanceof Error ? err.message : String(err)}`);\n  }\n\n  if (rendered.size === 0) {\n    return {\n      totalPaths: traffic.length,\n      prerenderedCount: 0,\n      coverageAchieved: selection.coveragePercent,\n      durationMs: Date.now() - startTime,\n      skipped: \"all pages failed to pre-render (request-dependent?)\",\n    };\n  }\n\n  // ── 10. Upload to KV ──────────────────────────────────────────\n  // Read buildId from the BUILD_ID file written by vinext:build-id plugin.\n  let buildId: string;\n  try {\n    buildId = fs.readFileSync(path.join(root, \"dist\", \"server\", \"BUILD_ID\"), \"utf-8\").trim();\n  } catch {\n    // BUILD_ID is written by vinext:build-id during every production build.\n    // If missing, the build output is likely corrupted or incomplete.\n    // Proceeding without buildId would write keys that never match runtime.\n    console.warn(\n      \"  TPR: Could not read BUILD_ID from dist/server/ — KV keys will not match runtime. Skipping KV upload.\",\n    );\n    return skip(\"BUILD_ID not found in dist/server/ — build output may be incomplete\");\n  }\n\n  try {\n    await uploadToKV(\n      rendered,\n      wranglerConfig.kvNamespaceId,\n      accountId,\n      apiToken,\n      DEFAULT_REVALIDATE_SECONDS,\n      buildId,\n    );\n  } catch (err) {\n    return skip(`KV upload failed: ${err instanceof Error ? err.message : String(err)}`);\n  }\n\n  const durationMs = Date.now() - startTime;\n  console.log(\n    `  TPR: Pre-rendered ${rendered.size} pages in ${(durationMs / 1000).toFixed(1)}s → KV cache`,\n  );\n\n  return {\n    totalPaths: traffic.length,\n    prerenderedCount: rendered.size,\n    coverageAchieved: selection.coveragePercent,\n    durationMs,\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqFA,SAAgB,oBAAoB,MAAqC;CAEvE,KAAK,MAAM,YAAY,CAAC,kBAAkB,gBAAgB,EAAE;EAC1D,MAAM,WAAW,KAAK,KAAK,MAAM,SAAS;EAC1C,IAAI,GAAG,WAAW,SAAS,EAAE;GAC3B,MAAM,UAAU,GAAG,aAAa,UAAU,QAAQ;GAClD,IAAI;IAEF,OAAO,gBADM,KAAK,MAAM,kBAAkB,QAAQ,CACvB,CAAC;WACtB;IACN;;;;CAMN,MAAM,WAAW,KAAK,KAAK,MAAM,gBAAgB;CACjD,IAAI,GAAG,WAAW,SAAS,EAEzB,OAAO,gBADS,GAAG,aAAa,UAAU,QACZ,CAAC;CAGjC,OAAO;;;;;;AAOT,SAAS,kBAAkB,KAAqB;CAC9C,IAAI,SAAS;CACb,IAAI,WAAW;CACf,IAAI,eAAe;CACnB,IAAI,cAAc;CAClB,IAAI,aAAa;CAEjB,KAAK,IAAI,IAAI,GAAG,IAAI,IAAI,QAAQ,KAAK;EACnC,MAAM,KAAK,IAAI;EACf,MAAM,OAAO,IAAI,IAAI;EAErB,IAAI,YAAY;GACd,IAAI,CAAC,gBAAgB,CAAC,aAAa,UAAU;GAC7C,aAAa;GACb;;EAGF,IAAI,OAAO,QAAQ,UAAU;GAC3B,UAAU;GACV,aAAa;GACb;;EAGF,IAAI,cAAc;GAChB,IAAI,OAAO,MAAM;IACf,eAAe;IACf,UAAU;;GAEZ;;EAGF,IAAI,aAAa;GACf,IAAI,OAAO,OAAO,SAAS,KAAK;IAC9B,cAAc;IACd;;GAEF;;EAGF,IAAI,OAAO,QAAO,CAAC,UAAU;GAC3B,WAAW;GACX,UAAU;GACV;;EAGF,IAAI,OAAO,QAAO,UAAU;GAC1B,WAAW;GACX,UAAU;GACV;;EAGF,IAAI,CAAC,YAAY,OAAO,OAAO,SAAS,KAAK;GAC3C,eAAe;GACf;GACA;;EAGF,IAAI,CAAC,YAAY,OAAO,OAAO,SAAS,KAAK;GAC3C,cAAc;GACd;GACA;;EAGF,UAAU;;CAGZ,OAAO;;AAGT,SAAS,gBAAgB,QAAiD;CACxE,MAAM,SAAyB,EAAE;CAGjC,IAAI,OAAO,OAAO,eAAe,UAC/B,OAAO,YAAY,OAAO;CAI5B,IAAI,MAAM,QAAQ,OAAO,cAAc,EAAE;EACvC,MAAM,WAAW,OAAO,cAAc,MACnC,OACC,MAAM,OAAO,OAAO,YAAY,GAAG,YAAY,eAClD;EACD,IAAI,YAAY,OAAO,SAAS,OAAO,YAAY,SAAS,OAAO,0BACjE,OAAO,gBAAgB,SAAS;;CAKpC,MAAM,SAAS,wBAAwB,OAAO,OAAO,IAAI,+BAA+B,OAAO;CAC/F,IAAI,QAAQ,OAAO,eAAe;CAElC,OAAO;;AAGT,SAAS,wBAAwB,QAAgC;CAC/D,IAAI,CAAC,MAAM,QAAQ,OAAO,EAAE,OAAO;CAEnC,KAAK,MAAM,SAAS,QAClB,IAAI,OAAO,UAAU,UAAU;EAC7B,MAAM,SAAS,YAAY,MAAM;EACjC,IAAI,UAAU,CAAC,OAAO,SAAS,cAAc,EAAE,OAAO;QACjD,IAAI,SAAS,OAAO,UAAU,UAAU;EAC7C,MAAM,IAAI;EACV,MAAM,UACJ,OAAO,EAAE,cAAc,WACnB,EAAE,YACF,OAAO,EAAE,YAAY,WACnB,EAAE,UACF;EACR,IAAI,SAAS;GACX,MAAM,SAAS,YAAY,QAAQ;GACnC,IAAI,UAAU,CAAC,OAAO,SAAS,cAAc,EAAE,OAAO;;;CAI5D,OAAO;;AAGT,SAAS,+BAA+B,QAAgD;CAEtF,IAAI,MAAM,QAAQ,OAAO,eAAe;OACjC,MAAM,KAAK,OAAO,gBACrB,IAAI,OAAO,MAAM,YAAY,CAAC,EAAE,SAAS,cAAc,EACrD,OAAO,YAAY,EAAE;;CAI3B,OAAO;;;AAIT,SAAS,YAAY,KAA4B;CAM/C,OALgB,IACb,QAAQ,gBAAgB,GAAG,CAC3B,QAAQ,SAAS,GAAG,CACpB,QAAQ,QAAQ,GAAG,CACnB,MAAM,IAAI,CAAC,MACI;;;;;;AAOpB,SAAS,gBAAgB,SAAiC;CACxD,MAAM,SAAyB,EAAE;CAGjC,MAAM,eAAe,QAAQ,MAAM,+BAA+B;CAClE,IAAI,cAAc,OAAO,YAAY,aAAa;CAIlD,MAAM,WAAW,QAAQ,MAAM,wBAAwB;CACvD,KAAK,IAAI,IAAI,GAAG,IAAI,SAAS,QAAQ,KAAK;EACxC,MAAM,QAAQ,SAAS,GAAG,MAAM,OAAO,CAAC;EACxC,MAAM,eAAe,MAAM,MAAM,0BAA0B;EAC3D,MAAM,UAAU,MAAM,MAAM,uBAAuB;EACnD,IACE,eAAe,OAAO,kBACtB,UAAU,MACV,QAAQ,OAAO,0BAEf,OAAO,gBAAgB,QAAQ;;CAMnC,MAAM,aAAa,QAAQ,MAAM,0BAA0B;CAC3D,IAAI,YAAY;EACd,MAAM,SAAS,YAAY,WAAW,GAAG;EACzC,IAAI,UAAU,CAAC,OAAO,SAAS,cAAc,EAC3C,OAAO,eAAe;;CAK1B,IAAI,CAAC,OAAO,cAAc;EACxB,MAAM,cAAc,QAAQ,MAAM,iBAAiB;EACnD,KAAK,IAAI,IAAI,GAAG,IAAI,YAAY,QAAQ,KAAK;GAE3C,MAAM,eADQ,YAAY,GAAG,MAAM,OAAO,CAAC,GAChB,MAAM,0BAA0B;GAC3D,IAAI,cAAc;IAChB,MAAM,SAAS,YAAY,aAAa,GAAG;IAC3C,IAAI,UAAU,CAAC,OAAO,SAAS,cAAc,EAAE;KAC7C,OAAO,eAAe;KACtB;;;;;CAMR,OAAO;;;;;;;;;;;AAcT,SAAgB,iBAAiB,QAA0B;CACzD,MAAM,QAAQ,OAAO,MAAM,IAAI;CAC/B,MAAM,aAAuB,EAAE;CAC/B,KAAK,IAAI,IAAI,MAAM,SAAS,GAAG,KAAK,GAAG,KACrC,WAAW,KAAK,MAAM,MAAM,EAAE,CAAC,KAAK,IAAI,CAAC;CAE3C,OAAO;;;AAIT,eAAe,cAAc,QAAgB,UAA0C;CAKrF,KAAK,MAAM,aAAa,iBAAiB,OAAO,EAAE;EAChD,MAAM,WAAW,MAAM,MACrB,mDAAmD,mBAAmB,UAAU,IAChF,EACE,SAAS;GACP,eAAe,UAAU;GACzB,gBAAgB;GACjB,EACF,CACF;EAED,IAAI,CAAC,SAAS,IAAI;EAElB,MAAM,OAAQ,MAAM,SAAS,MAAM;EAInC,IAAI,KAAK,WAAW,KAAK,QAAQ,QAC/B,OAAO,KAAK,OAAO,GAAG;;CAI1B,OAAO;;;AAIT,eAAe,iBAAiB,UAA0C;CACxE,MAAM,WAAW,MAAM,MAAM,4DAA4D,EACvF,SAAS;EACP,eAAe,UAAU;EACzB,gBAAgB;EACjB,EACF,CAAC;CAEF,IAAI,CAAC,SAAS,IAAI,OAAO;CAEzB,MAAM,OAAQ,MAAM,SAAS,MAAM;CAInC,IAAI,CAAC,KAAK,WAAW,CAAC,KAAK,QAAQ,QAAQ,OAAO;CAElD,OAAO,KAAK,OAAO,GAAG;;;;;;AASxB,eAAe,aACb,SACA,UACA,aACyB;CACzB,MAAM,sBAAM,IAAI,MAAM;CAGtB,MAAM,QAAQ;;kCAEkB,QAAQ;;;;;8CAKb,IATT,KAAK,IAAI,SAAS,GAAG,cAAc,KAAK,KAAK,IAS/B,EAAC,aAAa,CAAC;4BACrB,IAAI,aAAa,CAAC;;;;;;;;;;CAW5C,MAAM,WAAW,MAAM,MAAM,gDAAgD;EAC3E,QAAQ;EACR,SAAS;GACP,eAAe,UAAU;GACzB,gBAAgB;GACjB;EACD,MAAM,KAAK,UAAU,EAAE,OAAO,CAAC;EAChC,CAAC;CAEF,IAAI,CAAC,SAAS,IACZ,MAAM,IAAI,MAAM,gCAAgC,SAAS,OAAO,GAAG,SAAS,aAAa;CAG3F,MAAM,OAAQ,MAAM,SAAS,MAAM;CAcnC,IAAI,KAAK,QAAQ,QACf,MAAM,IAAI,MAAM,yBAAyB,KAAK,OAAO,GAAG,UAAU;CAGpE,MAAM,SAAS,KAAK,MAAM,QAAQ,QAAQ,IAAI;CAC9C,IAAI,CAAC,UAAU,OAAO,WAAW,GAAG,OAAO,EAAE;CAE7C,OAAO,mBACL,OAAO,KAAK,OAAO;EACjB,MAAM,EAAE,WAAW;EACnB,UAAU,EAAE,IAAI;EACjB,EAAE,CACJ;;;AAIH,SAAS,mBAAmB,SAAyC;CACnE,OAAO,QAAQ,QAAQ,MAAM;EAC3B,IAAI,CAAC,EAAE,KAAK,WAAW,IAAI,EAAE,OAAO;EAEpC,IAAI,qEAAqE,KAAK,EAAE,KAAK,EACnF,OAAO;EAET,IAAI,EAAE,KAAK,WAAW,QAAQ,EAAE,OAAO;EAEvC,IAAI,EAAE,KAAK,WAAW,UAAU,IAAI,EAAE,KAAK,WAAW,aAAa,EAAE,OAAO;EAE5E,IAAI,EAAE,KAAK,SAAS,OAAO,EAAE,OAAO;EACpC,OAAO;GACP;;;;;;AASJ,SAAS,aACP,SACA,gBACA,OACgB;CAChB,MAAM,gBAAgB,QAAQ,QAAQ,KAAK,MAAM,MAAM,EAAE,UAAU,EAAE;CACrE,IAAI,kBAAkB,GACpB,OAAO;EAAE,QAAQ,EAAE;EAAE,eAAe;EAAG,iBAAiB;EAAG,iBAAiB;EAAG;CAGjF,MAAM,SAAS,iBAAiB,iBAAiB;CACjD,MAAM,WAA2B,EAAE;CACnC,IAAI,cAAc;CAGlB,KAAK,MAAM,SAAS,SAAS;EAC3B,IAAI,eAAe,UAAU,SAAS,UAAU,OAAO;EACvD,SAAS,KAAK,MAAM;EACpB,eAAe,MAAM;;CAGvB,OAAO;EACL,QAAQ;EACR;EACA,iBAAiB;EACjB,iBAAkB,cAAc,gBAAiB;EAClD;;;AAMH,MAAM,iBAAiB;;AAGvB,MAAM,yBAAyB;;AAG/B,MAAM,oBAAoB;;;;;AAM1B,eAAe,gBACb,QACA,MACA,YACuC;CACvC,MAAM,0BAAU,IAAI,KAA8B;CAClD,IAAI,cAAc;CAClB,MAAM,OAAO;CAGb,MAAM,UAAU,KAAK,KAAK,MAAM,OAAO;CACvC,IAAI,CAAC,GAAG,WAAW,QAAQ,EAAE;EAC3B,QAAQ,IAAI,yDAAyD;EACrE,OAAO;;CAIT,MAAM,gBAAgB,iBAAiB,MAAM,KAAK;CAElD,IAAI;EACF,MAAM,cAAc,MAAM,uBAAuB;EAGjD,KAAK,IAAI,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK,mBAAmB;GAEzD,MAAM,WADQ,OAAO,MAAM,GAAG,IAAI,kBACZ,CAAC,IAAI,OAAO,cAAc;IAC9C,IAAI;KACF,MAAM,WAAW,MAAM,MAAM,oBAAoB,OAAO,aAAa;MACnE,SAAS;OACP,cAAc;OACd,GAAI,aAAa,EAAE,MAAM,YAAY,GAAG,EAAE;OAC3C;MACD,UAAU;MACX,CAAC;KAGF,IAAI,SAAS,SAAS,KAAK;MACzB,MAAM,OAAO,MAAM,SAAS,MAAM;MAClC,MAAM,UAAkC,EAAE;MAC1C,SAAS,QAAQ,SAAS,OAAO,QAAQ;OAEvC,IACE,QAAQ,kBACR,QAAQ,mBACR,QAAA,yBACA,QAAQ,YAER,QAAQ,OAAO;QAEjB;MACF,QAAQ,IAAI,WAAW;OACrB;OACA,QAAQ,SAAS;OACjB;OACD,CAAC;;YAEE;KAIN;;KAEF;GAEF,MAAM,QAAQ,IAAI,SAAS;;EAG7B,IAAI,cAAc,GAChB,QAAQ,IAAI,UAAU,YAAY,yCAAyC;WAErE;EACR,cAAc,KAAK,UAAU;EAE7B,MAAM,IAAI,SAAe,YAAY;GACnC,cAAc,GAAG,QAAQ,QAAQ;GACjC,WAAW,SAAS,IAAK;IACzB;;CAGJ,OAAO;;;;;;;AAQT,SAAS,iBAAiB,MAAc,MAA4B;CAClE,MAAM,iBAAiB,KAAK,QAAQ,OAAO,KAAK,SAAS,MAAM,UAAU,iBAAiB;CAC1F,MAAM,SAAS,KAAK,KAAK,MAAM,OAAO;CAGtC,MAAM,oBAAoB,eAAe,QAAQ,OAAO,OAAO;CAC/D,MAAM,gBAAgB,OAAO,QAAQ,OAAO,OAAO;CAEnD,MAAM,SAAS;EACb,kBAAkB,kBAAkB;EACpC,wCAAwC,KAAK,gCAAgC,cAAc;EAC3F;EACD,CAAC,KAAK,GAAG;CAEV,MAAM,OAAO,MAAM,QAAQ,UAAU;EAAC;EAAuB;EAAM;EAAO,EAAE;EAC1E,KAAK;EACL,OAAO;EACP,KAAK;GAAE,GAAG,QAAQ;GAAK,UAAU;GAAc;EAChD,CAAC;CAGF,KAAK,QAAQ,GAAG,SAAS,UAAkB;EACzC,MAAM,MAAM,MAAM,UAAU,CAAC,MAAM;EACnC,IAAI,KAAK,QAAQ,MAAM,kBAAkB,MAAM;GAC/C;CAEF,OAAO;;;AAIT,eAAe,cAAc,MAAc,WAAkC;CAC3E,MAAM,QAAQ,KAAK,KAAK;CACxB,OAAO,KAAK,KAAK,GAAG,QAAQ,WAC1B,IAAI;EACF,MAAM,aAAa,IAAI,iBAAiB;EACxC,MAAM,QAAQ,iBAAiB,WAAW,OAAO,EAAE,IAAK;EACxD,MAAM,WAAW,MAAM,MAAM,oBAAoB,KAAK,IAAI;GACxD,UAAU;GACV,QAAQ,WAAW;GACpB,CAAC;EACF,aAAa,MAAM;EAEnB,MAAM,SAAS,MAAM;EACrB;SACM;EACN,MAAM,IAAI,SAAe,MAAM,WAAW,GAAG,IAAI,CAAC;;CAGtD,MAAM,IAAI,MAAM,kDAAkD,YAAY,IAAK,GAAG;;;AAMxF,MAAM,gBAAgB;;AAGtB,MAAM,qBAAqB,MAAU;;;;;;;;AASrC,SAAgB,gBACd,SACA,SACA,0BAC+D;CAC/D,MAAM,MAAM,KAAK,KAAK;CACtB,MAAM,QAAuE,EAAE;CAE/E,KAAK,MAAM,CAAC,WAAW,WAAW,SAAS;EACzC,MAAM,mBAAmB,OAAO,QAAQ;EACxC,MAAM,oBACJ,oBAAoB,CAAC,MAAM,OAAO,iBAAiB,CAAC,GAChD,OAAO,iBAAiB,GACxB;EAEN,MAAM,eAAe,oBAAoB,IAAI,MAAM,oBAAoB,MAAO;EAK9E,MAAM,QAAQ,oBAAoB,IAAI,qBAAqB,KAAK;EAEhE,MAAM,QAAQ;GACZ,OAAO;IACL,MAAM;IACN,MAAM,OAAO;IACb,SAAS,OAAO;IAChB,QAAQ,OAAO;IAChB;GACD,MAAM,EAAE;GACR,cAAc;GACd;GACD;EAED,MAAM,WAAW,eAAe,YAAY,OAAO,WAAW,QAAQ,GAAG;EAEzE,MAAM,KAAK;GACT,KAAK;GACL,OAAO,KAAK,UAAU,MAAM;GAC5B,gBAAgB;GACjB,CAAC;;CAGJ,OAAO;;;;;;;AAQT,eAAe,WACb,SACA,aACA,WACA,UACA,0BACA,SACe;CACf,MAAM,QAAQ,gBAAgB,SAAS,SAAS,yBAAyB;CACzE,KAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,eAAe;EACpD,MAAM,QAAQ,MAAM,MAAM,GAAG,IAAI,cAAc;EAC/C,MAAM,WAAW,MAAM,MACrB,iDAAiD,UAAU,yBAAyB,YAAY,QAChG;GACE,QAAQ;GACR,SAAS;IACP,eAAe,UAAU;IACzB,gBAAgB;IACjB;GACD,MAAM,KAAK,UAAU,MAAM;GAC5B,CACF;EAED,IAAI,CAAC,SAAS,IAAI;GAChB,MAAM,OAAO,MAAM,SAAS,MAAM;GAClC,MAAM,IAAI,MACR,gCAAgC,KAAK,MAAM,IAAI,cAAc,GAAG,EAAE,KAAK,SAAS,OAAO,KAAK,OAC7F;;;;;AAQP,MAAM,6BAA6B;;;;;;;;AASnC,eAAsB,OAAO,SAAyC;CACpE,MAAM,YAAY,KAAK,KAAK;CAC5B,MAAM,EAAE,MAAM,UAAU,OAAO,QAAQ,gBAAgB;CAEvD,MAAM,QAAQ,YAA+B;EAC3C,YAAY;EACZ,kBAAkB;EAClB,kBAAkB;EAClB,YAAY,KAAK,KAAK,GAAG;EACzB,SAAS;EACV;CAGD,MAAM,WAAW,QAAQ,IAAI;CAC7B,IAAI,CAAC,UACH,OAAO,KAAK,8BAA8B;CAI5C,MAAM,iBAAiB,oBAAoB,KAAK;CAChD,IAAI,CAAC,gBACH,OAAO,KAAK,kCAAkC;CAIhD,IAAI,CAAC,eAAe,cAClB,OAAO,KAAK,gDAAgD;CAI9D,IAAI,CAAC,eAAe,eAClB,OAAO,KAAK,0CAA0C;CAIxD,MAAM,YAAY,eAAe,aAAc,MAAM,iBAAiB,SAAS;CAC/E,IAAI,CAAC,WACH,OAAO,KAAK,0CAA0C;CAIxD,QAAQ,IAAI,gCAAgC,eAAe,aAAa,SAAS,YAAY,IAAI;CAEjG,MAAM,SAAS,MAAM,cAAc,eAAe,cAAc,SAAS;CACzE,IAAI,CAAC,QACH,OAAO,KAAK,8BAA8B,eAAe,eAAe;CAI1E,IAAI;CACJ,IAAI;EACF,UAAU,MAAM,aAAa,QAAQ,UAAU,YAAY;UACpD,KAAK;EACZ,OAAO,KAAK,2BAA2B,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,GAAG;;CAG5F,IAAI,QAAQ,WAAW,GACrB,OAAO,KAAK,4CAA4C;CAI1D,MAAM,YAAY,aAAa,SAAS,UAAU,MAAM;CAExD,QAAQ,IACN,UAAU,QAAQ,OAAO,gBAAgB,CAAC,kBACrC,UAAU,OAAO,OAAO,eAAe,KAAK,MAAM,UAAU,gBAAgB,CAAC,cACnF;CAED,IAAI,UAAU,OAAO,WAAW,GAC9B,OAAO;EACL,YAAY,QAAQ;EACpB,kBAAkB;EAClB,kBAAkB;EAClB,YAAY,KAAK,KAAK,GAAG;EACzB,SAAS;EACV;CAIH,QAAQ,IAAI,wBAAwB,UAAU,OAAO,OAAO,WAAW;CAEvE,MAAM,aAAa,UAAU,OAAO,KAAK,MAAM,EAAE,KAAK;CACtD,IAAI;CACJ,IAAI;EACF,WAAW,MAAM,gBAAgB,YAAY,MAAM,eAAe,aAAa;UACxE,KAAK;EACZ,OAAO,KAAK,yBAAyB,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,GAAG;;CAG1F,IAAI,SAAS,SAAS,GACpB,OAAO;EACL,YAAY,QAAQ;EACpB,kBAAkB;EAClB,kBAAkB,UAAU;EAC5B,YAAY,KAAK,KAAK,GAAG;EACzB,SAAS;EACV;CAKH,IAAI;CACJ,IAAI;EACF,UAAU,GAAG,aAAa,KAAK,KAAK,MAAM,QAAQ,UAAU,WAAW,EAAE,QAAQ,CAAC,MAAM;SAClF;EAIN,QAAQ,KACN,yGACD;EACD,OAAO,KAAK,sEAAsE;;CAGpF,IAAI;EACF,MAAM,WACJ,UACA,eAAe,eACf,WACA,UACA,4BACA,QACD;UACM,KAAK;EACZ,OAAO,KAAK,qBAAqB,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,GAAG;;CAGtF,MAAM,aAAa,KAAK,KAAK,GAAG;CAChC,QAAQ,IACN,uBAAuB,SAAS,KAAK,aAAa,aAAa,KAAM,QAAQ,EAAE,CAAC,cACjF;CAED,OAAO;EACL,YAAY,QAAQ;EACpB,kBAAkB,SAAS;EAC3B,kBAAkB,UAAU;EAC5B;EACD"}

package/dist/config/config-matchers.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"config-matchers.js","names":[],"sources":["../../src/config/config-matchers.ts"],"sourcesContent":["/**\n * Config pattern matching and rule application utilities.\n *\n * Shared between the dev server (index.ts) and the production server\n * (prod-server.ts) so both apply next.config.js rules identically.\n */\n\nimport type {\n  NextI18nConfig,\n  NextRedirect,\n  NextRewrite,\n  NextHeader,\n  HasCondition,\n} from \"./next-config.js\";\nimport {\n  MIDDLEWARE_HEADER_PREFIX,\n  VINEXT_MW_CTX_HEADER,\n  VINEXT_PRERENDER_ROUTE_PARAMS_HEADER,\n  VINEXT_PRERENDER_SECRET_HEADER,\n} from \"../server/headers.js\";\nimport { buildRequestHeadersFromMiddlewareResponse } from \"../server/middleware-request-headers.js\";\n\n/**\n * Cache for compiled regex patterns in matchConfigPattern.\n *\n * Redirect/rewrite patterns are static — they come from next.config.js and\n * never change at runtime. Without caching, every request that hits the regex\n * branch re-runs the full tokeniser walk + isSafeRegex + new RegExp() for\n * every rule in the array. On apps with many locale-prefixed rules (which all\n * contain `(` and therefore enter the regex branch) this dominated profiling\n * at ~2.4 seconds of CPU self-time.\n *\n * Value is `null` when safeRegExp rejected the pattern (ReDoS risk), so we\n * skip it on subsequent requests too without re-running the scanner.\n */\nconst _compiledPatternCache = new Map<string, { re: RegExp; paramNames: string[] } | null>();\n\n/**\n * Cache for compiled header source regexes in matchHeaders.\n *\n * Each NextHeader rule has a `source` that is run through escapeHeaderSource()\n * then safeRegExp() to produce a RegExp. Both are pure functions of the source\n * string and the result never changes. Without caching, every request\n * re-runs the full escapeHeaderSource tokeniser + isSafeRegex scan + new RegExp()\n * for every header rule.\n *\n * Value is `null` when safeRegExp rejected the pattern (ReDoS risk).\n */\nconst _compiledHeaderSourceCache = new Map<string, RegExp | null>();\n\n/**\n * Cache for compiled has/missing condition value regexes in checkSingleCondition.\n *\n * Each has/missing condition may carry a `value` string that is passed directly\n * to safeRegExp() for matching against header/cookie/query/host values. The\n * condition objects are static (from next.config.js) so the compiled RegExp\n * never changes. Without caching, safeRegExp() is called on every request for\n * every condition on every rule.\n *\n * Value is `null` when safeRegExp rejected the pattern, or `false` when the\n * value string was undefined (no regex needed — use exact string comparison).\n */\nconst _compiledConditionCache = new Map<string, RegExp | null>();\n\n/**\n * Cache for destination substitution regexes in substituteDestinationParams.\n *\n * The regex depends only on the set of param keys captured from the matched\n * source pattern. Caching by sorted key list avoids recompiling a new RegExp\n * for repeated redirect/rewrite calls that use the same param shape.\n */\nconst _compiledDestinationParamCache = new Map<string, RegExp>();\n\n/**\n * Generic helper for the regex compilation caches above.\n *\n * Each cache stores the compiled artifact (or `null` when safeRegExp rejected\n * the pattern) the first time a key is seen, and reuses it forever. The\n * `undefined` sentinel distinguishes \"not yet seen\" from \"seen and rejected\"\n * so we never re-run isSafeRegex on the same input.\n *\n * Keep the security path intact: `compile()` is responsible for calling\n * safeRegExp(); this helper only handles caching.\n */\nfunction getCachedRegex<K, V>(cache: Map<K, V | null>, key: K, compile: () => V | null): V | null {\n  let value = cache.get(key);\n  if (value === undefined) {\n    value = compile();\n    cache.set(key, value);\n  }\n  return value;\n}\n\n/**\n * Redirect index for O(1) locale-static rule lookup.\n *\n * Many Next.js apps generate 50-100 redirect rules of the form:\n *   /:locale(en|es|fr|...)?/some-static-path  →  /some-destination\n *\n * The compiled regex for each is like:\n *   ^/(en|es|fr|...)?/some-static-path$\n *\n * When no redirect matches (the common case for ordinary page loads),\n * matchRedirect previously ran exec() on every one of those regexes —\n * ~2ms per call, ~2992ms total self-time in profiles.\n *\n * The index splits rules into two buckets:\n *\n *   localeStatic — rules whose source is exactly /:paramName(alt1|alt2|...)?/suffix\n *     where `suffix` is a static path with no further params or regex groups.\n *     These are indexed in a Map<suffix, entry[]> for O(1) lookup after a\n *     single fast strip of the optional locale prefix.\n *\n *   linear — all other rules. Matched with the original O(n) loop.\n *\n * The index is stored in a WeakMap keyed by the redirects array so it is\n * computed once per config load and GC'd when the array is no longer live.\n *\n * ## Ordering invariant\n *\n * Redirect rules must be evaluated in their original order (first match wins).\n * Each locale-static entry stores its `originalIndex` so that, when a\n * locale-static fast-path match is found, any linear rules that appear earlier\n * in the array are still checked first.\n */\n\n/**\n * Matches `/:param(alternation)?/static/suffix` — the locale-static pattern.\n *\n * The `?` after the capture group is itself optional so that both forms are\n * detected:\n *   - `/:locale(en|fr)?/foo` (locale segment optional — user-written rules)\n *   - `/:nextInternalLocale(en|fr)/foo` (locale segment mandatory — emitted\n *      by `applyLocaleToRoutes` for the locale-capture variant)\n * Both forms benefit from O(1) suffix lookup; the optionality is recorded\n * on the entry so we know whether to try the no-locale-prefix bucket.\n */\nconst _LOCALE_STATIC_RE = /^\\/:[\\w-]+\\(([^)]+)\\)(\\??)\\/([a-zA-Z0-9_~.%@!$&'*+,;=:/-]+)$/;\n\ntype LocaleStaticEntry = {\n  /** The param name extracted from the source (e.g. \"locale\"). */\n  paramName: string;\n  /** The compiled regex matching just the alternation, used at match time. */\n  altRe: RegExp;\n  /** Whether the locale segment is optional (the source had `?` after the group). */\n  optional: boolean;\n  /** The original redirect rule. */\n  redirect: NextRedirect;\n  /** Position of this rule in the original redirects array. */\n  originalIndex: number;\n};\n\ntype RedirectIndex = {\n  /** Fast-path map: strippedPath (e.g. \"/security\") → matching entries. */\n  localeStatic: Map<string, LocaleStaticEntry[]>;\n  /**\n   * Linear fallback for rules that couldn't be indexed.\n   * Each entry is [originalIndex, redirect].\n   */\n  linear: Array<[number, NextRedirect]>;\n};\n\nconst _redirectIndexCache = new WeakMap<NextRedirect[], RedirectIndex>();\n\n/**\n * Build (or retrieve from cache) the redirect index for a given redirects array.\n *\n * Called once per config load from matchRedirect. The WeakMap ensures the index\n * is recomputed if the config is reloaded (new array reference) and GC'd when\n * the array is collected.\n */\nfunction _getRedirectIndex(redirects: NextRedirect[]): RedirectIndex {\n  let index = _redirectIndexCache.get(redirects);\n  if (index !== undefined) return index;\n\n  const localeStatic = new Map<string, LocaleStaticEntry[]>();\n  const linear: Array<[number, NextRedirect]> = [];\n\n  for (let i = 0; i < redirects.length; i++) {\n    const redirect = redirects[i];\n    const m = _LOCALE_STATIC_RE.exec(redirect.source);\n    if (m) {\n      const paramName = redirect.source.slice(2, redirect.source.indexOf(\"(\"));\n      const alternation = m[1];\n      const optional = m[2] === \"?\";\n      const suffix = \"/\" + m[3]; // e.g. \"/security\"\n      // Build a small regex to validate the captured locale value against the\n      // alternation. Using anchored match to avoid partial matches.\n      // The alternation comes from user config; run it through safeRegExp to\n      // guard against ReDoS in pathological configs.\n      const altRe = safeRegExp(\"^(?:\" + alternation + \")$\");\n      if (!altRe) {\n        // Unsafe alternation — fall back to linear scan for this rule.\n        linear.push([i, redirect]);\n        continue;\n      }\n      const entry: LocaleStaticEntry = {\n        paramName,\n        altRe,\n        optional,\n        redirect,\n        originalIndex: i,\n      };\n      const bucket = localeStatic.get(suffix);\n      if (bucket) {\n        bucket.push(entry);\n      } else {\n        localeStatic.set(suffix, [entry]);\n      }\n    } else {\n      linear.push([i, redirect]);\n    }\n  }\n\n  index = { localeStatic, linear };\n  _redirectIndexCache.set(redirects, index);\n  return index;\n}\n\n/** Hop-by-hop headers that should not be forwarded through a proxy. */\nconst HOP_BY_HOP_HEADERS = new Set([\n  \"connection\",\n  \"keep-alive\",\n  \"proxy-authenticate\",\n  \"proxy-authorization\",\n  \"te\",\n  \"trailers\",\n  \"transfer-encoding\",\n  \"upgrade\",\n]);\n\n/**\n * Request hop-by-hop headers to strip before proxying with fetch().\n * Intentionally narrower than HOP_BY_HOP_HEADERS: external rewrite proxying\n * still forwards proxy auth credentials, while response sanitization strips\n * them before returning data to the client.\n */\nconst REQUEST_HOP_BY_HOP_HEADERS = new Set([\n  \"connection\",\n  \"keep-alive\",\n  \"te\",\n  \"trailers\",\n  \"transfer-encoding\",\n  \"upgrade\",\n]);\n\nfunction stripHopByHopRequestHeaders(headers: Headers): void {\n  const connectionTokens = (headers.get(\"connection\") || \"\")\n    .split(\",\")\n    .map((value) => value.trim().toLowerCase())\n    .filter(Boolean);\n\n  for (const header of REQUEST_HOP_BY_HOP_HEADERS) {\n    headers.delete(header);\n  }\n\n  for (const token of connectionTokens) {\n    headers.delete(token);\n  }\n}\n\n/**\n * Detect regex patterns vulnerable to catastrophic backtracking (ReDoS).\n *\n * Uses a lightweight heuristic: scans the pattern string for nested quantifiers\n * (a quantifier applied to a group that itself contains a quantifier). This\n * catches the most common pathological patterns like `(a+)+`, `(.*)*`,\n * `([^/]+)+`, `(a|a+)+` without needing a full regex parser.\n *\n * Returns true if the pattern appears safe, false if it's potentially dangerous.\n */\nexport function isSafeRegex(pattern: string): boolean {\n  // Track parenthesis nesting depth and whether we've seen a quantifier\n  // at each depth level.\n  const quantifierAtDepth: boolean[] = [];\n  let depth = 0;\n  let i = 0;\n\n  while (i < pattern.length) {\n    const ch = pattern[i];\n\n    // Skip escaped characters\n    if (ch === \"\\\\\") {\n      i += 2;\n      continue;\n    }\n\n    // Skip character classes [...] — quantifiers inside them are literal\n    if (ch === \"[\") {\n      i++;\n      while (i < pattern.length && pattern[i] !== \"]\") {\n        if (pattern[i] === \"\\\\\") i++; // skip escaped char in class\n        i++;\n      }\n      i++; // skip closing ]\n      continue;\n    }\n\n    if (ch === \"(\") {\n      depth++;\n      // Initialize: no quantifier seen yet at this new depth\n      if (quantifierAtDepth.length <= depth) {\n        quantifierAtDepth.push(false);\n      } else {\n        quantifierAtDepth[depth] = false;\n      }\n      i++;\n      continue;\n    }\n\n    if (ch === \")\") {\n      const hadQuantifier = depth > 0 && quantifierAtDepth[depth];\n      if (depth > 0) depth--;\n\n      // Look ahead for a quantifier on this group: +, *, {n,m}\n      // Note: '?' after ')' means \"zero or one\" which does NOT cause catastrophic\n      // backtracking — it only allows 2 paths (match/skip), not exponential.\n      // Only unbounded repetition (+, *, {n,}) on a group with inner quantifiers is dangerous.\n      const next = pattern[i + 1];\n      if (next === \"+\" || next === \"*\" || next === \"{\") {\n        if (hadQuantifier) {\n          // Nested quantifier detected: quantifier on a group that contains a quantifier\n          return false;\n        }\n        // Mark the enclosing depth as having a quantifier\n        if (depth >= 0 && depth < quantifierAtDepth.length) {\n          quantifierAtDepth[depth] = true;\n        }\n      }\n      i++;\n      continue;\n    }\n\n    // Detect quantifiers: +, *, ?, {n,m}\n    // '?' is a quantifier (optional) unless it follows another quantifier (+, *, ?, })\n    // in which case it's a non-greedy modifier.\n    if (ch === \"+\" || ch === \"*\") {\n      if (depth > 0) {\n        quantifierAtDepth[depth] = true;\n      }\n      i++;\n      continue;\n    }\n\n    if (ch === \"?\") {\n      // '?' after +, *, ?, or } is a non-greedy modifier, not a quantifier\n      const prev = i > 0 ? pattern[i - 1] : \"\";\n      if (prev !== \"+\" && prev !== \"*\" && prev !== \"?\" && prev !== \"}\") {\n        if (depth > 0) {\n          quantifierAtDepth[depth] = true;\n        }\n      }\n      i++;\n      continue;\n    }\n\n    if (ch === \"{\") {\n      // Check if this is a quantifier {n}, {n,}, {n,m}\n      let j = i + 1;\n      while (j < pattern.length && /[\\d,]/.test(pattern[j])) j++;\n      if (j < pattern.length && pattern[j] === \"}\" && j > i + 1) {\n        if (depth > 0) {\n          quantifierAtDepth[depth] = true;\n        }\n        i = j + 1;\n        continue;\n      }\n    }\n\n    i++;\n  }\n\n  return true;\n}\n\n/**\n * Compile a regex pattern safely. Returns the compiled RegExp or null if the\n * pattern is invalid or vulnerable to ReDoS.\n *\n * Logs a warning when a pattern is rejected so developers can fix their config.\n */\nexport function safeRegExp(pattern: string, flags?: string): RegExp | null {\n  if (!isSafeRegex(pattern)) {\n    console.warn(\n      `[vinext] Ignoring potentially unsafe regex pattern (ReDoS risk): ${pattern}\\n` +\n        `  Patterns with nested quantifiers (e.g. (a+)+) can cause catastrophic backtracking.\\n` +\n        `  Simplify the pattern to avoid nested repetition.`,\n    );\n    return null;\n  }\n  try {\n    return new RegExp(pattern, flags);\n  } catch {\n    return null;\n  }\n}\n\n/**\n * Convert a Next.js header/rewrite/redirect source pattern into a regex string.\n *\n * Regex groups in the source (e.g. `(\\d+)`) are extracted first, the remaining\n * text is escaped/converted in a **single pass** (avoiding chained `.replace()`\n * which CodeQL flags as incomplete sanitization), then groups are restored.\n */\nexport function escapeHeaderSource(source: string): string {\n  // Sentinel character for group placeholders. Uses a Unicode private-use-area\n  // codepoint that will never appear in real source patterns.\n  const S = \"\\uE000\";\n\n  // Step 1: extract regex groups and replace with numbered placeholders.\n  const groups: string[] = [];\n  const withPlaceholders = source.replace(/\\(([^)]+)\\)/g, (_m, inner) => {\n    groups.push(inner);\n    return `${S}G${groups.length - 1}${S}`;\n  });\n\n  // Step 2: single-pass conversion of the placeholder-bearing string.\n  // Match named params (:[\\w-]+), sentinel group placeholders, metacharacters, and literal text.\n  // The regex uses non-overlapping alternatives to avoid backtracking:\n  //   :[\\w-]+  — named parameter (constraint sentinel is checked procedurally;\n  //              param names may contain hyphens, e.g. :auth-method)\n  //   sentinel group — standalone regex group placeholder\n  //   [.+?*] — single metachar to escape/convert\n  //   [^.+?*:\\uE000]+ — literal text (excludes all chars that start other alternatives)\n  let result = \"\";\n  const re = new RegExp(\n    `${S}G(\\\\d+)${S}|:[\\\\w-]+|[.+?*]|[^.+?*:\\\\uE000]+`, // lgtm[js/redos] — alternatives are non-overlapping\n    \"g\",\n  );\n  let m: RegExpExecArray | null;\n  while ((m = re.exec(withPlaceholders)) !== null) {\n    if (m[1] !== undefined) {\n      // Standalone regex group — restore as-is\n      result += `(${groups[Number(m[1])]})`;\n    } else if (m[0].startsWith(\":\")) {\n      // Named parameter — check if followed by a constraint group placeholder\n      const afterParam = withPlaceholders.slice(re.lastIndex);\n      const constraintMatch = afterParam.match(new RegExp(`^${S}G(\\\\d+)${S}`));\n      if (constraintMatch) {\n        // :param(constraint) — use the constraint as the capture group\n        re.lastIndex += constraintMatch[0].length;\n        result += `(${groups[Number(constraintMatch[1])]})`;\n      } else {\n        // Plain named parameter → match one segment\n        result += \"[^/]+\";\n      }\n    } else {\n      switch (m[0]) {\n        case \".\":\n          result += \"\\\\.\";\n          break;\n        case \"+\":\n          result += \"\\\\+\";\n          break;\n        case \"?\":\n          result += \"\\\\?\";\n          break;\n        case \"*\":\n          result += \".*\";\n          break;\n        default:\n          result += m[0];\n          break;\n      }\n    }\n  }\n\n  return result;\n}\n\n/**\n * Request context needed for evaluating has/missing conditions.\n * Callers extract the relevant parts from the incoming Request.\n */\nexport type RequestContext = {\n  headers: Headers;\n  cookies: Record<string, string>;\n  query: URLSearchParams;\n  host: string;\n};\n\n/**\n * basePath gating state passed alongside the pathname to every matcher.\n *\n * Rewrites/redirects/headers run with default `basePath: true` semantics in\n * Next.js: the rule only matches when the inbound request was under the\n * configured `basePath`. Rules with `basePath: false` opt out and match\n * the original (un-stripped) pathname regardless of prefix.\n *\n * When `basePath` is empty (not configured) every rule is treated as\n * basePath-defaulted: every request matches.\n *\n * @see .nextjs-ref/packages/next/src/lib/load-custom-routes.ts:198-220\n */\nexport type BasePathMatchState = {\n  /** Configured `basePath` (without trailing slash) or \"\" when unset. */\n  basePath: string;\n  /**\n   * True when the inbound request was originally under `basePath` (i.e.\n   * the prod-server/handler stripped the prefix before the matcher runs).\n   * Ignored when `basePath` is empty.\n   */\n  hadBasePath: boolean;\n};\n\nconst _BASEPATH_DEFAULT: BasePathMatchState = { basePath: \"\", hadBasePath: true };\n\n/**\n * Decide whether a rule should be evaluated at all given the current\n * basePath-gating state.\n *\n * Encodes the Next.js rules:\n *   - basePath: false rule → only when the request was NOT under basePath\n *     (i.e. it's the explicit opt-out path). When `basePath` itself is\n *     empty, basePath: false rules are still allowed to match — there's\n *     just no basePath to gate them.\n *   - default rule (basePath !== false) → only when the request WAS under\n *     basePath (or no basePath is configured).\n */\nfunction shouldEvaluateRule(ruleBasePath: false | undefined, state: BasePathMatchState): boolean {\n  if (!state.basePath) return true;\n  return ruleBasePath === false ? !state.hadBasePath : state.hadBasePath;\n}\n\n/**\n * Parse a Cookie header string into a key-value record.\n */\nexport function parseCookies(cookieHeader: string | null): Record<string, string> {\n  if (!cookieHeader) return {};\n  const cookies: Record<string, string> = {};\n  for (const part of cookieHeader.split(\";\")) {\n    const eq = part.indexOf(\"=\");\n    if (eq === -1) continue;\n    const key = part.slice(0, eq).trim();\n    const value = part.slice(eq + 1).trim();\n    if (key) cookies[key] = value;\n  }\n  return cookies;\n}\n\n/**\n * Build a RequestContext from a Web Request object.\n */\nexport function requestContextFromRequest(request: Request): RequestContext {\n  const url = new URL(request.url);\n  return {\n    headers: request.headers,\n    cookies: parseCookies(request.headers.get(\"cookie\")),\n    query: url.searchParams,\n    host: normalizeHost(request.headers.get(\"host\"), url.hostname),\n  };\n}\n\nexport function normalizeHost(hostHeader: string | null, fallbackHostname: string): string {\n  const host = hostHeader ?? fallbackHostname;\n  return host.split(\":\", 1)[0].toLowerCase();\n}\n\n/**\n * Unpack `x-middleware-request-*` headers from the collected middleware\n * response headers into the actual request, and strip all `x-middleware-*`\n * internal signals so they never reach clients.\n *\n * `middlewareHeaders` is mutated in-place (matching keys are deleted).\n * Returns a (possibly cloned) `Request` with the unpacked headers applied,\n * and a fresh `RequestContext` built from it — ready for post-middleware\n * config rule matching (beforeFiles, afterFiles, fallback).\n *\n * Works for both Node.js requests (mutable headers) and Workers requests\n * (immutable — cloned only when there are headers to apply).\n *\n * `x-middleware-request-*` values are always plain strings (they carry\n * individual header values), so the wider `string | string[]` type of\n * `middlewareHeaders` is safe to cast here.\n */\nexport function applyMiddlewareRequestHeaders(\n  middlewareHeaders: Record<string, string | string[]>,\n  request: Request,\n  options: { preserveCredentialHeaders?: boolean } = {},\n): { request: Request; postMwReqCtx: RequestContext } {\n  const nextHeaders = buildRequestHeadersFromMiddlewareResponse(\n    request.headers,\n    middlewareHeaders,\n    options,\n  );\n\n  for (const key of Object.keys(middlewareHeaders)) {\n    if (key.startsWith(MIDDLEWARE_HEADER_PREFIX)) {\n      delete middlewareHeaders[key];\n    }\n  }\n\n  if (nextHeaders) {\n    // Headers may be immutable (Workers), so always clone via new Headers().\n    request = new Request(request.url, {\n      method: request.method,\n      headers: nextHeaders,\n      body: request.body,\n      // @ts-expect-error — duplex needed for streaming request bodies\n      duplex: request.body ? \"half\" : undefined,\n    });\n  }\n\n  return { request, postMwReqCtx: requestContextFromRequest(request) };\n}\n\nfunction _emptyParams(): Record<string, string> {\n  return Object.create(null) as Record<string, string>;\n}\n\nfunction _matchConditionValue(\n  actualValue: string,\n  expectedValue: string | undefined,\n): Record<string, string> | null {\n  if (expectedValue === undefined) return _emptyParams();\n\n  const re = _cachedConditionRegex(expectedValue);\n  if (re) {\n    const match = re.exec(actualValue);\n    if (!match) return null;\n\n    const params = _emptyParams();\n    if (match.groups) {\n      for (const [key, value] of Object.entries(match.groups)) {\n        if (value !== undefined) params[key] = value;\n      }\n    }\n    return params;\n  }\n\n  return actualValue === expectedValue ? _emptyParams() : null;\n}\n\n/**\n * Check a single has/missing condition against request context.\n * Returns captured params when the condition is satisfied, or null otherwise.\n */\nfunction matchSingleCondition(\n  condition: HasCondition,\n  ctx: RequestContext,\n): Record<string, string> | null {\n  switch (condition.type) {\n    case \"header\": {\n      const headerValue = ctx.headers.get(condition.key);\n      if (headerValue === null) return null;\n      return _matchConditionValue(headerValue, condition.value);\n    }\n    case \"cookie\": {\n      const cookieValue = ctx.cookies[condition.key];\n      if (cookieValue === undefined) return null;\n      return _matchConditionValue(cookieValue, condition.value);\n    }\n    case \"query\": {\n      const queryValue = ctx.query.get(condition.key);\n      if (queryValue === null) return null;\n      return _matchConditionValue(queryValue, condition.value);\n    }\n    case \"host\": {\n      if (condition.value !== undefined) return _matchConditionValue(ctx.host, condition.value);\n      return ctx.host === condition.key ? _emptyParams() : null;\n    }\n    default:\n      return null;\n  }\n}\n\n/**\n * Return a cached RegExp for a has/missing condition value string, compiling\n * on first use. Returns null if safeRegExp rejected the pattern or if the\n * value is not a valid regex (fall back to exact string comparison).\n */\nfunction _cachedConditionRegex(value: string): RegExp | null {\n  return getCachedRegex(_compiledConditionCache, value, () =>\n    // Anchor the regex to match the full value, not a substring.\n    // Matches Next.js: new RegExp(`^${hasItem.value}$`)\n    // Without anchoring, has:[cookie:role=admin] would match \"not-admin\".\n    safeRegExp(`^${value}$`),\n  );\n}\n\n/**\n * Check all has/missing conditions for a config rule.\n * Returns true if the rule should be applied (all has conditions pass, all missing conditions pass).\n *\n * - has: every condition must match (the request must have it)\n * - missing: every condition must NOT match (the request must not have it)\n */\nfunction collectConditionParams(\n  has: HasCondition[] | undefined,\n  missing: HasCondition[] | undefined,\n  ctx: RequestContext,\n): Record<string, string> | null {\n  const params = _emptyParams();\n\n  if (has) {\n    for (const condition of has) {\n      const conditionParams = matchSingleCondition(condition, ctx);\n      if (!conditionParams) return null;\n      Object.assign(params, conditionParams);\n    }\n  }\n\n  if (missing) {\n    for (const condition of missing) {\n      if (matchSingleCondition(condition, ctx)) return null;\n    }\n  }\n\n  return params;\n}\n\nexport function checkHasConditions(\n  has: HasCondition[] | undefined,\n  missing: HasCondition[] | undefined,\n  ctx: RequestContext,\n): boolean {\n  return collectConditionParams(has, missing, ctx) !== null;\n}\n\n/**\n * If the current position in `str` starts with a parenthesized group, consume\n * it and advance `re.lastIndex` past the closing `)`. Returns the group\n * contents or null if no group is present.\n */\nfunction extractConstraint(str: string, re: RegExp): string | null {\n  if (str[re.lastIndex] !== \"(\") return null;\n  const start = re.lastIndex + 1;\n  let depth = 1;\n  let i = start;\n  while (i < str.length && depth > 0) {\n    if (str[i] === \"(\") depth++;\n    else if (str[i] === \")\") depth--;\n    i++;\n  }\n  if (depth !== 0) return null;\n  re.lastIndex = i;\n  return str.slice(start, i - 1);\n}\n\n/**\n * Match a Next.js config pattern (from redirects/rewrites sources) against a pathname.\n * Returns matched params or null.\n *\n * Supports:\n *   :param     - matches a single path segment\n *   :param*    - matches zero or more segments (catch-all)\n *   :param+    - matches one or more segments\n *   (regex)    - inline regex patterns in the source\n *   :param(constraint) - named param with inline regex constraint\n */\n/**\n * Strip a single trailing slash from a pathname for config-source matching.\n *\n * Next.js conditionally appends `(/)?` to rewrite/redirect/header source\n * regexes when `trailingSlash: true` (see Next.js\n * `resolve-rewrites.ts` and `server-utils.ts:checkRewrite`). Rather than\n * threading the trailingSlash flag through every matcher, we unconditionally\n * strip a trailing slash from the incoming pathname. When `trailingSlash: false`\n * the request pipeline emits a normalizing redirect (step 3) before config\n * rewrites/redirects (step 6) ever run, so the pathname is already slash-free;\n * the unconditional strip is defense-in-depth for that ordering. When\n * `trailingSlash: true` it bridges the gap between the canonicalized request\n * path (`/rewrite-1/`) and source patterns written without a trailing slash\n * (`/rewrite-1`).\n *\n * The root path `\"/\"` is preserved as-is.\n */\nfunction stripTrailingSlashForConfigMatch(pathname: string): string {\n  return pathname.length > 1 && pathname.endsWith(\"/\") ? pathname.slice(0, -1) : pathname;\n}\n\nexport function matchConfigPattern(\n  pathname: string,\n  pattern: string,\n): Record<string, string> | null {\n  // See `stripTrailingSlashForConfigMatch` — the source pattern itself is left\n  // unchanged because catch-all patterns (`:param*` / `:param+`) and the root\n  // `/` already consume any trailing slash; stripping the pattern would change\n  // those semantics.\n  pathname = stripTrailingSlashForConfigMatch(pathname);\n\n  // If the pattern contains regex groups like (\\d+) or (.*), use regex matching.\n  // Also enter this branch when a catch-all parameter (:param* or :param+) is\n  // followed by a literal suffix (e.g. \"/:path*.md\"). Without this, the suffix\n  // pattern falls through to the simple segment matcher which incorrectly treats\n  // the whole segment (\":path*.md\") as a named parameter and matches everything.\n  // The last condition catches simple params with literal suffixes (e.g. \"/:slug.md\")\n  // where the param name is followed by a dot — the simple matcher would treat\n  // \"slug.md\" as the param name and match any single segment regardless of suffix.\n  // Enter the full regex branch when:\n  //   - the pattern uses explicit regex groups or escapes,\n  //   - a catch-all (`:foo*` / `:foo+`) is followed by a literal suffix that\n  //     the simple catch-all branch cannot express,\n  //   - a named param is followed by a dot (the simple branch would treat\n  //     \"slug.md\" as the whole param name),\n  //   - the pattern has multiple named params and any of them is a catch-all\n  //     (e.g. `/:locale/files/:path*`). The simple catch-all branch only\n  //     handles trailing-catch-all-with-static-prefix; mixed cases need regex.\n  const catchAllAnchor = /:[\\w-]+[*+]/.test(pattern);\n  const namedParamCount = (pattern.match(/:[\\w-]+/g) || []).length;\n  if (\n    pattern.includes(\"(\") ||\n    pattern.includes(\"\\\\\") ||\n    /:[\\w-]+[*+][^/]/.test(pattern) ||\n    /:[\\w-]+\\./.test(pattern) ||\n    (catchAllAnchor && namedParamCount > 1)\n  ) {\n    try {\n      // Look up the compiled regex in the module-level cache. Patterns come\n      // from next.config.js and are static, so we only need to compile each\n      // one once across the lifetime of the worker/server process.\n      // null is stored for rejected patterns so we don't re-run isSafeRegex.\n      const compiled = getCachedRegex(_compiledPatternCache, pattern, () => {\n        // Cache miss — compile the pattern now and store the result.\n        // Param names may contain hyphens (e.g. :auth-method, :sign-in).\n        const paramNames: string[] = [];\n        // Single-pass conversion with procedural suffix handling. The tokenizer\n        // matches only simple, non-overlapping tokens; quantifier/constraint\n        // suffixes after :param are consumed procedurally to avoid polynomial\n        // backtracking in the regex engine.\n        let regexStr = \"\";\n        const tokenRe = /:([\\w-]+)|[.]|[^:.]+/g; // lgtm[js/redos] — alternatives are non-overlapping (`:` and `.` excluded from `[^:.]+`)\n        let tok: RegExpExecArray | null;\n        while ((tok = tokenRe.exec(pattern)) !== null) {\n          if (tok[1] !== undefined) {\n            const name = tok[1];\n            const rest = pattern.slice(tokenRe.lastIndex);\n            // Check for quantifier (* or +) with optional constraint\n            if (rest.startsWith(\"*\") || rest.startsWith(\"+\")) {\n              const quantifier = rest[0];\n              tokenRe.lastIndex += 1;\n              const constraint = extractConstraint(pattern, tokenRe);\n              paramNames.push(name);\n              if (constraint !== null) {\n                regexStr += `(${constraint})`;\n              } else {\n                regexStr += quantifier === \"*\" ? \"(.*)\" : \"(.+)\";\n              }\n            } else {\n              // Check for inline constraint without quantifier\n              const constraint = extractConstraint(pattern, tokenRe);\n              paramNames.push(name);\n              regexStr += constraint !== null ? `(${constraint})` : \"([^/]+)\";\n            }\n          } else if (tok[0] === \".\") {\n            regexStr += \"\\\\.\";\n          } else {\n            regexStr += tok[0];\n          }\n        }\n        const re = safeRegExp(\"^\" + regexStr + \"$\");\n        return re ? { re, paramNames } : null;\n      });\n      if (!compiled) return null;\n      const match = compiled.re.exec(pathname);\n      if (!match) return null;\n      const params: Record<string, string> = Object.create(null);\n      for (let i = 0; i < compiled.paramNames.length; i++) {\n        params[compiled.paramNames[i]] = match[i + 1] ?? \"\";\n      }\n      return params;\n    } catch {\n      // Fall through to segment-based matching\n    }\n  }\n\n  // Check for catch-all patterns (:param* or :param+) without regex groups\n  // Param names may contain hyphens (e.g. :sign-in*, :sign-up+).\n  const catchAllMatch = pattern.match(/:([\\w-]+)(\\*|\\+)$/);\n  if (catchAllMatch) {\n    const prefix = pattern.slice(0, pattern.lastIndexOf(\":\"));\n    const paramName = catchAllMatch[1];\n    const isPlus = catchAllMatch[2] === \"+\";\n\n    const prefixNoSlash = prefix.replace(/\\/$/, \"\");\n    if (!pathname.startsWith(prefixNoSlash)) return null;\n    const charAfter = pathname[prefixNoSlash.length];\n    if (charAfter !== undefined && charAfter !== \"/\") return null;\n\n    const rest = pathname.slice(prefixNoSlash.length);\n    if (isPlus && (!rest || rest === \"/\")) return null;\n    let restValue = rest.startsWith(\"/\") ? rest.slice(1) : rest;\n    // NOTE: Do NOT decodeURIComponent here. The pathname is already decoded at\n    // the request entry point. Decoding again would produce incorrect param values.\n    return { [paramName]: restValue };\n  }\n\n  // Simple segment-based matching for exact patterns and :param\n  const parts = pattern.split(\"/\");\n  const pathParts = pathname.split(\"/\");\n\n  if (parts.length !== pathParts.length) return null;\n\n  const params: Record<string, string> = Object.create(null);\n  for (let i = 0; i < parts.length; i++) {\n    if (parts[i].startsWith(\":\")) {\n      params[parts[i].slice(1)] = pathParts[i];\n    } else if (parts[i] !== pathParts[i]) {\n      return null;\n    }\n  }\n  return params;\n}\n\n/**\n * Apply redirect rules from next.config.js.\n * Returns the redirect info if a redirect was matched, or null.\n *\n * `ctx` provides the request context (cookies, headers, query, host) used\n * to evaluate has/missing conditions. Next.js always has request context\n * when evaluating redirects, so this parameter is required.\n *\n * ## Performance\n *\n * Rules with a locale-capture-group prefix (the dominant pattern in large\n * Next.js apps — e.g. `/:locale(en|es|fr|...)?/some-path`) are handled via\n * a pre-built index. Instead of running exec() on each locale regex\n * individually, we:\n *\n *   1. Strip the optional locale prefix from the pathname with one cheap\n *      string-slice check (no regex exec on the hot path).\n *   2. Look up the stripped suffix in a Map<suffix, entry[]>.\n *   3. For each matching entry, validate the captured locale string against\n *      a small, anchored alternation regex.\n *\n * This reduces the per-request cost from O(n × regex) to O(1) map lookup +\n * O(matches × tiny-regex), eliminating the ~2992ms self-time reported in\n * profiles for apps with 63+ locale-prefixed rules.\n *\n * Rules that don't fit the locale-static pattern fall back to the original\n * linear matchConfigPattern scan.\n *\n * ## Ordering invariant\n *\n * First match wins, preserving the original redirect array order. When a\n * locale-static fast-path match is found at position N, all linear rules with\n * an original index < N are checked via matchConfigPattern first — they are\n * few in practice (typically zero) so this is not a hot-path concern.\n */\nexport function matchRedirect(\n  pathname: string,\n  redirects: NextRedirect[],\n  ctx: RequestContext,\n  basePathState: BasePathMatchState = _BASEPATH_DEFAULT,\n): { destination: string; permanent: boolean } | null {\n  if (redirects.length === 0) return null;\n\n  // Strip trailing slash so the locale-static fast path (Map.get on the\n  // pathname) matches keys derived from slash-free source patterns. The\n  // linear fallback also passes through `matchConfigPattern` which strips\n  // again, but normalizing once here keeps both paths consistent.\n  pathname = stripTrailingSlashForConfigMatch(pathname);\n\n  const index = _getRedirectIndex(redirects);\n\n  // --- Locate the best locale-static candidate ---\n  //\n  // We look for the locale-static entry with the LOWEST originalIndex that\n  // matches this pathname (and passes has/missing conditions).\n  //\n  // Strategy: try both the full pathname (locale omitted, e.g. \"/security\")\n  // and the pathname with the first segment stripped (locale present, e.g.\n  // \"/en/security\" → suffix \"/security\", locale \"en\").\n  //\n  // We do NOT use a regex here — just a single indexOf('/') to locate the\n  // second slash, which is O(n) on the path length but far cheaper than\n  // running 63 compiled regexes.\n\n  let localeMatch: { destination: string; permanent: boolean } | null = null;\n  let localeMatchIndex = Infinity;\n\n  if (index.localeStatic.size > 0) {\n    // Case 1: no locale prefix — pathname IS the suffix.\n    // Only valid for entries whose source had `?` after the alternation\n    // (the locale segment was optional). Mandatory-locale entries — emitted\n    // by `applyLocaleToRoutes` as `/:nextInternalLocale(en|fr)/foo` — must\n    // not match here because they require the locale segment to be present.\n    const noLocaleBucket = index.localeStatic.get(pathname);\n    if (noLocaleBucket) {\n      for (const entry of noLocaleBucket) {\n        if (!entry.optional) continue; // mandatory-locale rule — skip\n        if (entry.originalIndex >= localeMatchIndex) continue; // already have a better match\n        const redirect = entry.redirect;\n        if (!shouldEvaluateRule(redirect.basePath, basePathState)) continue;\n        const conditionParams =\n          redirect.has || redirect.missing\n            ? collectConditionParams(redirect.has, redirect.missing, ctx)\n            : _emptyParams();\n        if (!conditionParams) continue;\n        // Locale was omitted (the `?` made it optional) — param value is \"\".\n        const dest = substituteAndSanitizeDestination(redirect.destination, {\n          [entry.paramName]: \"\",\n          ...conditionParams,\n        });\n        localeMatch = { destination: dest, permanent: redirect.permanent };\n        localeMatchIndex = entry.originalIndex;\n        break; // bucket entries are in insertion order = original order\n      }\n    }\n\n    // Case 2: locale prefix present — first path segment is the locale.\n    // Find the second slash: pathname = \"/locale/rest/of/path\"\n    //                                         ^--- slashTwo\n    const slashTwo = pathname.indexOf(\"/\", 1);\n    if (slashTwo !== -1) {\n      const suffix = pathname.slice(slashTwo); // e.g. \"/security\"\n      const localePart = pathname.slice(1, slashTwo); // e.g. \"en\"\n      const localeBucket = index.localeStatic.get(suffix);\n      if (localeBucket) {\n        for (const entry of localeBucket) {\n          if (entry.originalIndex >= localeMatchIndex) continue;\n          // Validate that `localePart` is one of the allowed alternation values.\n          if (!entry.altRe.test(localePart)) continue;\n          const redirect = entry.redirect;\n          if (!shouldEvaluateRule(redirect.basePath, basePathState)) continue;\n          const conditionParams =\n            redirect.has || redirect.missing\n              ? collectConditionParams(redirect.has, redirect.missing, ctx)\n              : _emptyParams();\n          if (!conditionParams) continue;\n          const dest = substituteAndSanitizeDestination(redirect.destination, {\n            [entry.paramName]: localePart,\n            ...conditionParams,\n          });\n          localeMatch = { destination: dest, permanent: redirect.permanent };\n          localeMatchIndex = entry.originalIndex;\n          break; // bucket entries are in insertion order = original order\n        }\n      }\n    }\n  }\n\n  // --- Linear fallback: all non-locale-static rules ---\n  //\n  // We only need to check linear rules whose originalIndex < localeMatchIndex.\n  // If localeMatchIndex is Infinity (no locale match), we check all of them.\n  for (const [origIdx, redirect] of index.linear) {\n    if (origIdx >= localeMatchIndex) {\n      // This linear rule comes after the best locale-static match —\n      // the locale-static match wins. Stop scanning.\n      break;\n    }\n    if (!shouldEvaluateRule(redirect.basePath, basePathState)) continue;\n    const params = matchConfigPattern(pathname, redirect.source);\n    if (params) {\n      const conditionParams =\n        redirect.has || redirect.missing\n          ? collectConditionParams(redirect.has, redirect.missing, ctx)\n          : _emptyParams();\n      if (!conditionParams) continue;\n      // Collapse protocol-relative URLs (e.g. //evil.com from decoded %2F in catch-all params).\n      const dest = substituteAndSanitizeDestination(redirect.destination, {\n        ...params,\n        ...conditionParams,\n      });\n      return { destination: dest, permanent: redirect.permanent };\n    }\n  }\n\n  // Return the locale-static match if found (no earlier linear rule matched).\n  return localeMatch;\n}\n\n/**\n * Apply rewrite rules from next.config.js.\n * Returns the rewritten URL or null if no rewrite matched.\n *\n * `ctx` provides the request context (cookies, headers, query, host) used\n * to evaluate has/missing conditions. Next.js always has request context\n * when evaluating rewrites, so this parameter is required.\n */\nexport function matchRewrite(\n  pathname: string,\n  rewrites: NextRewrite[],\n  ctx: RequestContext,\n  basePathState: BasePathMatchState = _BASEPATH_DEFAULT,\n): string | null {\n  for (const rewrite of rewrites) {\n    if (!shouldEvaluateRule(rewrite.basePath, basePathState)) continue;\n    const params = matchConfigPattern(pathname, rewrite.source);\n    if (params) {\n      const conditionParams =\n        rewrite.has || rewrite.missing\n          ? collectConditionParams(rewrite.has, rewrite.missing, ctx)\n          : _emptyParams();\n      if (!conditionParams) continue;\n      // Collapse protocol-relative URLs (e.g. //evil.com from decoded %2F in catch-all params).\n      return substituteAndSanitizeDestination(rewrite.destination, {\n        ...params,\n        ...conditionParams,\n      });\n    }\n  }\n  return null;\n}\n\n/**\n * Substitute all matched route params into a redirect/rewrite destination.\n *\n * Handles repeated params (e.g. `/api/:id/:id`) and catch-all suffix forms\n * (`:path*`, `:path+`) in a single pass. Unknown params are left intact.\n */\nfunction substituteDestinationParams(destination: string, params: Record<string, string>): string {\n  const keys = Object.keys(params);\n  if (keys.length === 0) return destination;\n\n  // Match only the concrete param keys captured from the source pattern.\n  // Sorting longest-first ensures hyphenated names like `auth-method`\n  // win over shorter prefixes like `auth`. The negative lookahead keeps\n  // alphanumeric/underscore suffixes attached, while allowing `-` to act\n  // as a literal delimiter in destinations like `:year-:month`.\n  const sortedKeys = [...keys].sort((a, b) => b.length - a.length);\n  const cacheKey = sortedKeys.join(\"\\0\");\n  let paramRe = _compiledDestinationParamCache.get(cacheKey);\n  if (!paramRe) {\n    const paramAlternation = sortedKeys\n      .map((key) => key.replace(/[.*+?^${}()|[\\]\\\\]/g, \"\\\\$&\"))\n      .join(\"|\");\n    paramRe = new RegExp(`:(${paramAlternation})([+*])?(?![A-Za-z0-9_])`, \"g\");\n    _compiledDestinationParamCache.set(cacheKey, paramRe);\n  }\n\n  return destination.replace(paramRe, (_token, key: string) => params[key]);\n}\n\n/**\n * Substitute params into a redirect/rewrite destination and sanitize the\n * result. Used by every redirect/rewrite branch — the substitution can\n * introduce protocol-relative URLs (e.g. `//evil.com` from a decoded `%2F`\n * in a catch-all param), which sanitizeDestination collapses.\n */\nfunction substituteAndSanitizeDestination(\n  destination: string,\n  params: Record<string, string>,\n): string {\n  return sanitizeDestination(substituteDestinationParams(destination, params));\n}\n\n/**\n * Sanitize a redirect/rewrite destination to collapse protocol-relative URLs.\n *\n * After parameter substitution, a destination like `/:path*` can become\n * `//evil.com` if the catch-all captured a decoded `%2F` (`/evil.com`).\n * Browsers interpret `//evil.com` as a protocol-relative URL, redirecting\n * users off-site.\n *\n * This function collapses any leading double (or more) slashes to a single\n * slash for non-external (relative) destinations.\n */\nexport function sanitizeDestination(dest: string): string {\n  // External URLs (http://, https://) are intentional — don't touch them\n  if (dest.startsWith(\"http://\") || dest.startsWith(\"https://\")) {\n    return dest;\n  }\n  // Normalize leading backslashes to forward slashes. Browsers interpret\n  // backslash as forward slash in URL contexts, so \"\\/evil.com\" becomes\n  // \"//evil.com\" (protocol-relative redirect). Replace any mix of leading\n  // slashes and backslashes with a single forward slash.\n  dest = dest.replace(/^[\\\\/]+/, \"/\");\n  return dest;\n}\n\n/**\n * Check if a URL is external (absolute URL or protocol-relative).\n * Detects any URL scheme (http:, https:, data:, javascript:, blob:, etc.)\n * per RFC 3986, plus protocol-relative URLs (//).\n */\nexport function isExternalUrl(url: string): boolean {\n  return /^[a-z][a-z0-9+.-]*:/i.test(url) || url.startsWith(\"//\");\n}\n\n/**\n * Proxy an incoming request to an external URL and return the upstream response.\n *\n * Used for external rewrites (e.g. `/ph/:path*` → `https://us.i.posthog.com/:path*`).\n * Next.js handles these as server-side reverse proxies, forwarding the request\n * method, headers, and body to the external destination.\n *\n * Works in all runtimes (Node.js, Cloudflare Workers) via the standard fetch() API.\n */\nexport async function proxyExternalRequest(\n  request: Request,\n  externalUrl: string,\n): Promise<Response> {\n  // Build the full external URL, preserving query parameters from the original request\n  const originalUrl = new URL(request.url);\n  const targetUrl = new URL(externalUrl);\n  const destinationKeys = new Set(targetUrl.searchParams.keys());\n\n  // If the rewrite destination already has query params, merge them.\n  // Destination params take precedence — original request params are only added\n  // when the destination doesn't already specify that key.\n  for (const [key, value] of originalUrl.searchParams) {\n    if (!destinationKeys.has(key)) {\n      targetUrl.searchParams.append(key, value);\n    }\n  }\n\n  // Forward the request with appropriate headers\n  const headers = new Headers(request.headers);\n  // Set Host to the external target (required for correct routing)\n  headers.set(\"host\", targetUrl.host);\n  // Remove headers that should not be forwarded to external services.\n  // fetch() handles framing independently, so hop-by-hop transport headers\n  // from the client must not be forwarded upstream. In particular,\n  // transfer-encoding could cause request boundary disagreement between the\n  // proxy and backend (defense-in-depth against request smuggling,\n  // ref: CVE GHSA-ggv3-7p47-pfv8).\n  stripHopByHopRequestHeaders(headers);\n  const keysToDelete: string[] = [];\n  for (const key of headers.keys()) {\n    if (key.startsWith(MIDDLEWARE_HEADER_PREFIX)) {\n      keysToDelete.push(key);\n    }\n  }\n  for (const key of keysToDelete) {\n    headers.delete(key);\n  }\n  // Internal prerender authentication header must never be forwarded to\n  // external rewrite destinations. It authorizes hidden production endpoints\n  // used only by vinext's own prerender pipeline.\n  headers.delete(VINEXT_PRERENDER_SECRET_HEADER);\n  headers.delete(VINEXT_PRERENDER_ROUTE_PARAMS_HEADER);\n  // Internal App Router dev middleware context must never leave the dev server.\n  headers.delete(VINEXT_MW_CTX_HEADER);\n\n  const method = request.method;\n  const hasBody = method !== \"GET\" && method !== \"HEAD\";\n\n  const init: RequestInit & { duplex?: string } = {\n    method,\n    headers,\n    redirect: \"manual\", // Don't follow redirects — pass them through to the client\n  };\n\n  if (hasBody && request.body) {\n    init.body = request.body;\n    init.duplex = \"half\";\n  }\n\n  // Enforce a timeout so slow/unresponsive upstreams don't hold connections\n  // open indefinitely (DoS amplification risk on Node.js dev/prod servers).\n  const controller = new AbortController();\n  const timeout = setTimeout(() => controller.abort(), 30_000);\n  let upstreamResponse: Response;\n  try {\n    upstreamResponse = await fetch(targetUrl.href, { ...init, signal: controller.signal });\n  } catch (e) {\n    if (e instanceof Error && e.name === \"AbortError\") {\n      console.error(\"[vinext] External rewrite proxy timeout:\", targetUrl.href);\n      return new Response(\"Gateway Timeout\", { status: 504 });\n    }\n    console.error(\"[vinext] External rewrite proxy error:\", e);\n    return new Response(\"Bad Gateway\", { status: 502 });\n  } finally {\n    clearTimeout(timeout);\n  }\n\n  // Build the response to return to the client.\n  // Copy all upstream headers except hop-by-hop headers.\n  // Node.js fetch() auto-decompresses responses (gzip, br, etc.), so the body\n  // we receive is already plain text. Forwarding the original content-encoding\n  // and content-length headers causes the browser to attempt a second\n  // decompression on the already-decoded body, resulting in\n  // ERR_CONTENT_DECODING_FAILED. Strip both headers on Node.js only.\n  // On Workers, fetch() preserves wire encoding, so the headers stay accurate.\n  const isNodeRuntime = typeof process !== \"undefined\" && !!process.versions?.node;\n  const responseHeaders = new Headers();\n  upstreamResponse.headers.forEach((value, key) => {\n    const lower = key.toLowerCase();\n    if (HOP_BY_HOP_HEADERS.has(lower)) return;\n    if (isNodeRuntime && (lower === \"content-encoding\" || lower === \"content-length\")) return;\n    responseHeaders.append(key, value);\n  });\n\n  return new Response(upstreamResponse.body, {\n    status: upstreamResponse.status,\n    statusText: upstreamResponse.statusText,\n    headers: responseHeaders,\n  });\n}\n\n/**\n * Apply custom header rules from next.config.js.\n * Returns an array of { key, value } pairs to set on the response.\n *\n * `ctx` provides the request context (cookies, headers, query, host) used\n * to evaluate has/missing conditions. Next.js always has request context\n * when evaluating headers, so this parameter is required.\n */\nexport function matchHeaders(\n  pathname: string,\n  headers: NextHeader[],\n  ctx: RequestContext,\n  basePathState: BasePathMatchState = _BASEPATH_DEFAULT,\n): Array<{ key: string; value: string }> {\n  // Header source regexes are compiled without a trailing-slash tolerance,\n  // so the incoming pathname must be normalized the same way config rewrites\n  // and redirects are. See `stripTrailingSlashForConfigMatch`.\n  pathname = stripTrailingSlashForConfigMatch(pathname);\n\n  const result: Array<{ key: string; value: string }> = [];\n  for (const rule of headers) {\n    if (!shouldEvaluateRule(rule.basePath, basePathState)) continue;\n    // Cache the compiled source regex — escapeHeaderSource() + safeRegExp() are\n    // pure functions of rule.source and the result never changes between requests.\n    const sourceRegex = getCachedRegex(_compiledHeaderSourceCache, rule.source, () =>\n      safeRegExp(\"^\" + escapeHeaderSource(rule.source) + \"$\"),\n    );\n    if (sourceRegex && sourceRegex.test(pathname)) {\n      if (rule.has || rule.missing) {\n        if (!checkHasConditions(rule.has, rule.missing, ctx)) {\n          continue;\n        }\n      }\n      result.push(...rule.headers);\n    }\n  }\n  return result;\n}\n\n/**\n * Escape a string for inclusion in a regex character class / alternation.\n * Mirrors `escape-string-regexp` semantics used by Next.js's processRoutes.\n */\nfunction _escapeRegexString(value: string): string {\n  return value.replace(/[|\\\\{}()[\\]^$+*?.]/g, \"\\\\$&\");\n}\n\n/**\n * Apply Next.js i18n locale-prefix transformation to a set of redirect or\n * rewrite rules. Mirrors the relevant slice of Next.js's `processRoutes`\n * (load-custom-routes.ts) with one deliberate divergence noted below.\n *\n * For each rule:\n *   - If `locale === false` or no i18n is configured, the rule is emitted\n *     untouched. This is the core of issue #1336 item 1: with `locale: false`\n *     the user-supplied source is matched against the raw locale-prefixed\n *     URL so a `:locale` segment in the source captures the prefix itself.\n *   - Otherwise an internal locale-capture variant is produced whose source\n *     starts with `/:nextInternalLocale(en|sv|nl)` so that locale-prefixed\n *     URLs match. For redirects only, a second variant prefixed with\n *     `/${defaultLocale}` is also emitted, matching Next.js exactly.\n *   - **Vinext divergence**: we ALSO retain the original (unprefixed) source\n *     so that requests for the default locale that arrive without a prefix\n *     still match. Next.js solves this upstream by path-normalising every\n *     incoming default-locale request to include the prefix\n *     (`resolve-routes.ts` lines ~251-263); vinext currently does that\n *     normalisation only inside the pages-server-entry route matcher, so\n *     the rewrite/redirect matcher would otherwise miss unprefixed paths.\n *     Keeping the unprefixed variant gives functionally identical behaviour\n *     without requiring a server-wide path normalisation pass. The original\n *     source is appended LAST so the locale-aware variants win when both\n *     forms could match.\n *\n * Destinations that are local (start with `/`) are similarly rewritten with\n * `/:nextInternalLocale` for the locale-capture variant so the locale\n * survives the rewrite/redirect target.\n *\n * Mirrors the Next.js reference in\n * packages/next/src/lib/load-custom-routes.ts — see `processRoutes`.\n */\nexport function applyLocaleToRoutes<T extends NextRedirect | NextRewrite>(\n  routes: T[],\n  i18n: NextI18nConfig | null | undefined,\n  type: \"redirect\" | \"rewrite\",\n  options: { trailingSlash?: boolean } = {},\n): T[] {\n  if (!i18n || routes.length === 0) return routes;\n\n  const trailingSlash = options.trailingSlash ?? false;\n  const localesAlternation = i18n.locales.map(_escapeRegexString).join(\"|\");\n  const internalLocale = `/:nextInternalLocale(${localesAlternation})`;\n\n  // Mirrors Next.js: the root source `\"/\"` is collapsed to `\"\"` only when\n  // `trailingSlash` is unset. With `trailingSlash: true` the source is\n  // preserved so the emitted variant is `/:nextInternalLocale(en|fr)/`\n  // rather than `/:nextInternalLocale(en|fr)`.\n  const suffixFor = (source: string): string => (source === \"/\" && !trailingSlash ? \"\" : source);\n\n  // For redirects, Next.js emits a per-default-locale literal variant\n  // (so that `/${defaultLocale}/old` redirects to the unprefixed destination\n  // and the default locale is implicitly stripped). For rewrites Next.js\n  // emits only the `:nextInternalLocale` form. We mirror that distinction.\n  //\n  // The list is a single-element array today; domain-locale support (which\n  // Next.js wires up alongside `i18n.domains`) will append each domain's\n  // `defaultLocale` here once vinext mirrors that branch — tracked as part\n  // of #1336's follow-ups.\n  const defaultLocales: string[] = type === \"redirect\" ? [i18n.defaultLocale] : [];\n\n  const out: T[] = [];\n  for (const r of routes) {\n    if (r.locale === false) {\n      out.push(r);\n      continue;\n    }\n\n    // Destinations may be absolute URLs (external) — Next.js skips the\n    // locale-prefix injection on external destinations.\n    const isExternal = !!r.destination && !r.destination.startsWith(\"/\");\n\n    // For each default locale, emit a literal `/${locale}/...` variant\n    // whose destination does NOT carry a locale prefix (Next.js parity).\n    if (!isExternal) {\n      for (const locale of defaultLocales) {\n        const localizedSource = `/${locale}${suffixFor(r.source)}`;\n        out.push({\n          ...r,\n          source: localizedSource,\n        });\n      }\n    }\n\n    // Emit the `:nextInternalLocale` variant that matches all locales.\n    const internalSource = `${internalLocale}${suffixFor(r.source)}`;\n    let internalDestination = r.destination;\n    if (internalDestination && internalDestination.startsWith(\"/\") && !isExternal) {\n      internalDestination = `/:nextInternalLocale${\n        internalDestination === \"/\" && !trailingSlash ? \"\" : internalDestination\n      }`;\n    }\n    out.push({\n      ...r,\n      source: internalSource,\n      destination: internalDestination,\n    });\n\n    // Retain the original unprefixed source as a fallback so default-locale\n    // requests that arrive without a prefix (e.g. `/old`) still match.\n    // See the docblock above for why this differs from upstream Next.js.\n    out.push(r);\n  }\n  return out;\n}\n"],"mappings":";;;;;;;;;;;;;;;;AAmCA,MAAM,wCAAwB,IAAI,KAA0D;;;;;;;;;;;;AAa5F,MAAM,6CAA6B,IAAI,KAA4B;;;;;;;;;;;;;AAcnE,MAAM,0CAA0B,IAAI,KAA4B;;;;;;;;AAShE,MAAM,iDAAiC,IAAI,KAAqB;;;;;;;;;;;;AAahE,SAAS,eAAqB,OAAyB,KAAQ,SAAmC;CAChG,IAAI,QAAQ,MAAM,IAAI,IAAI;CAC1B,IAAI,UAAU,KAAA,GAAW;EACvB,QAAQ,SAAS;EACjB,MAAM,IAAI,KAAK,MAAM;;CAEvB,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+CT,MAAM,oBAAoB;AAyB1B,MAAM,sCAAsB,IAAI,SAAwC;;;;;;;;AASxE,SAAS,kBAAkB,WAA0C;CACnE,IAAI,QAAQ,oBAAoB,IAAI,UAAU;CAC9C,IAAI,UAAU,KAAA,GAAW,OAAO;CAEhC,MAAM,+BAAe,IAAI,KAAkC;CAC3D,MAAM,SAAwC,EAAE;CAEhD,KAAK,IAAI,IAAI,GAAG,IAAI,UAAU,QAAQ,KAAK;EACzC,MAAM,WAAW,UAAU;EAC3B,MAAM,IAAI,kBAAkB,KAAK,SAAS,OAAO;EACjD,IAAI,GAAG;GACL,MAAM,YAAY,SAAS,OAAO,MAAM,GAAG,SAAS,OAAO,QAAQ,IAAI,CAAC;GACxE,MAAM,cAAc,EAAE;GACtB,MAAM,WAAW,EAAE,OAAO;GAC1B,MAAM,SAAS,MAAM,EAAE;GAKvB,MAAM,QAAQ,WAAW,SAAS,cAAc,KAAK;GACrD,IAAI,CAAC,OAAO;IAEV,OAAO,KAAK,CAAC,GAAG,SAAS,CAAC;IAC1B;;GAEF,MAAM,QAA2B;IAC/B;IACA;IACA;IACA;IACA,eAAe;IAChB;GACD,MAAM,SAAS,aAAa,IAAI,OAAO;GACvC,IAAI,QACF,OAAO,KAAK,MAAM;QAElB,aAAa,IAAI,QAAQ,CAAC,MAAM,CAAC;SAGnC,OAAO,KAAK,CAAC,GAAG,SAAS,CAAC;;CAI9B,QAAQ;EAAE;EAAc;EAAQ;CAChC,oBAAoB,IAAI,WAAW,MAAM;CACzC,OAAO;;;AAIT,MAAM,qBAAqB,IAAI,IAAI;CACjC;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;;;;;;;AAQF,MAAM,6BAA6B,IAAI,IAAI;CACzC;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAEF,SAAS,4BAA4B,SAAwB;CAC3D,MAAM,oBAAoB,QAAQ,IAAI,aAAa,IAAI,IACpD,MAAM,IAAI,CACV,KAAK,UAAU,MAAM,MAAM,CAAC,aAAa,CAAC,CAC1C,OAAO,QAAQ;CAElB,KAAK,MAAM,UAAU,4BACnB,QAAQ,OAAO,OAAO;CAGxB,KAAK,MAAM,SAAS,kBAClB,QAAQ,OAAO,MAAM;;;;;;;;;;;;AAczB,SAAgB,YAAY,SAA0B;CAGpD,MAAM,oBAA+B,EAAE;CACvC,IAAI,QAAQ;CACZ,IAAI,IAAI;CAER,OAAO,IAAI,QAAQ,QAAQ;EACzB,MAAM,KAAK,QAAQ;EAGnB,IAAI,OAAO,MAAM;GACf,KAAK;GACL;;EAIF,IAAI,OAAO,KAAK;GACd;GACA,OAAO,IAAI,QAAQ,UAAU,QAAQ,OAAO,KAAK;IAC/C,IAAI,QAAQ,OAAO,MAAM;IACzB;;GAEF;GACA;;EAGF,IAAI,OAAO,KAAK;GACd;GAEA,IAAI,kBAAkB,UAAU,OAC9B,kBAAkB,KAAK,MAAM;QAE7B,kBAAkB,SAAS;GAE7B;GACA;;EAGF,IAAI,OAAO,KAAK;GACd,MAAM,gBAAgB,QAAQ,KAAK,kBAAkB;GACrD,IAAI,QAAQ,GAAG;GAMf,MAAM,OAAO,QAAQ,IAAI;GACzB,IAAI,SAAS,OAAO,SAAS,OAAO,SAAS,KAAK;IAChD,IAAI,eAEF,OAAO;IAGT,IAAI,SAAS,KAAK,QAAQ,kBAAkB,QAC1C,kBAAkB,SAAS;;GAG/B;GACA;;EAMF,IAAI,OAAO,OAAO,OAAO,KAAK;GAC5B,IAAI,QAAQ,GACV,kBAAkB,SAAS;GAE7B;GACA;;EAGF,IAAI,OAAO,KAAK;GAEd,MAAM,OAAO,IAAI,IAAI,QAAQ,IAAI,KAAK;GACtC,IAAI,SAAS,OAAO,SAAS,OAAO,SAAS,OAAO,SAAS;QACvD,QAAQ,GACV,kBAAkB,SAAS;;GAG/B;GACA;;EAGF,IAAI,OAAO,KAAK;GAEd,IAAI,IAAI,IAAI;GACZ,OAAO,IAAI,QAAQ,UAAU,QAAQ,KAAK,QAAQ,GAAG,EAAE;GACvD,IAAI,IAAI,QAAQ,UAAU,QAAQ,OAAO,OAAO,IAAI,IAAI,GAAG;IACzD,IAAI,QAAQ,GACV,kBAAkB,SAAS;IAE7B,IAAI,IAAI;IACR;;;EAIJ;;CAGF,OAAO;;;;;;;;AAST,SAAgB,WAAW,SAAiB,OAA+B;CACzE,IAAI,CAAC,YAAY,QAAQ,EAAE;EACzB,QAAQ,KACN,oEAAoE,QAAQ,4IAG7E;EACD,OAAO;;CAET,IAAI;EACF,OAAO,IAAI,OAAO,SAAS,MAAM;SAC3B;EACN,OAAO;;;;;;;;;;AAWX,SAAgB,mBAAmB,QAAwB;CAGzD,MAAM,IAAI;CAGV,MAAM,SAAmB,EAAE;CAC3B,MAAM,mBAAmB,OAAO,QAAQ,iBAAiB,IAAI,UAAU;EACrE,OAAO,KAAK,MAAM;EAClB,OAAO,GAAG,EAAE,GAAG,OAAO,SAAS,IAAI;GACnC;CAUF,IAAI,SAAS;CACb,MAAM,KAAK,IAAI,OACb,GAAG,EAAE,SAAS,EAAE,oCAChB,IACD;CACD,IAAI;CACJ,QAAQ,IAAI,GAAG,KAAK,iBAAiB,MAAM,MACzC,IAAI,EAAE,OAAO,KAAA,GAEX,UAAU,IAAI,OAAO,OAAO,EAAE,GAAG,EAAE;MAC9B,IAAI,EAAE,GAAG,WAAW,IAAI,EAAE;EAG/B,MAAM,kBADa,iBAAiB,MAAM,GAAG,UACX,CAAC,MAAM,IAAI,OAAO,IAAI,EAAE,SAAS,IAAI,CAAC;EACxE,IAAI,iBAAiB;GAEnB,GAAG,aAAa,gBAAgB,GAAG;GACnC,UAAU,IAAI,OAAO,OAAO,gBAAgB,GAAG,EAAE;SAGjD,UAAU;QAGZ,QAAQ,EAAE,IAAV;EACE,KAAK;GACH,UAAU;GACV;EACF,KAAK;GACH,UAAU;GACV;EACF,KAAK;GACH,UAAU;GACV;EACF,KAAK;GACH,UAAU;GACV;EACF;GACE,UAAU,EAAE;GACZ;;CAKR,OAAO;;AAsCT,MAAM,oBAAwC;CAAE,UAAU;CAAI,aAAa;CAAM;;;;;;;;;;;;;AAcjF,SAAS,mBAAmB,cAAiC,OAAoC;CAC/F,IAAI,CAAC,MAAM,UAAU,OAAO;CAC5B,OAAO,iBAAiB,QAAQ,CAAC,MAAM,cAAc,MAAM;;;;;AAM7D,SAAgB,aAAa,cAAqD;CAChF,IAAI,CAAC,cAAc,OAAO,EAAE;CAC5B,MAAM,UAAkC,EAAE;CAC1C,KAAK,MAAM,QAAQ,aAAa,MAAM,IAAI,EAAE;EAC1C,MAAM,KAAK,KAAK,QAAQ,IAAI;EAC5B,IAAI,OAAO,IAAI;EACf,MAAM,MAAM,KAAK,MAAM,GAAG,GAAG,CAAC,MAAM;EACpC,MAAM,QAAQ,KAAK,MAAM,KAAK,EAAE,CAAC,MAAM;EACvC,IAAI,KAAK,QAAQ,OAAO;;CAE1B,OAAO;;;;;AAMT,SAAgB,0BAA0B,SAAkC;CAC1E,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;CAChC,OAAO;EACL,SAAS,QAAQ;EACjB,SAAS,aAAa,QAAQ,QAAQ,IAAI,SAAS,CAAC;EACpD,OAAO,IAAI;EACX,MAAM,cAAc,QAAQ,QAAQ,IAAI,OAAO,EAAE,IAAI,SAAS;EAC/D;;AAGH,SAAgB,cAAc,YAA2B,kBAAkC;CAEzF,QADa,cAAc,kBACf,MAAM,KAAK,EAAE,CAAC,GAAG,aAAa;;;;;;;;;;;;;;;;;;;AAoB5C,SAAgB,8BACd,mBACA,SACA,UAAmD,EAAE,EACD;CACpD,MAAM,cAAc,0CAClB,QAAQ,SACR,mBACA,QACD;CAED,KAAK,MAAM,OAAO,OAAO,KAAK,kBAAkB,EAC9C,IAAI,IAAI,WAAA,gBAAoC,EAC1C,OAAO,kBAAkB;CAI7B,IAAI,aAEF,UAAU,IAAI,QAAQ,QAAQ,KAAK;EACjC,QAAQ,QAAQ;EAChB,SAAS;EACT,MAAM,QAAQ;EAEd,QAAQ,QAAQ,OAAO,SAAS,KAAA;EACjC,CAAC;CAGJ,OAAO;EAAE;EAAS,cAAc,0BAA0B,QAAQ;EAAE;;AAGtE,SAAS,eAAuC;CAC9C,OAAO,OAAO,OAAO,KAAK;;AAG5B,SAAS,qBACP,aACA,eAC+B;CAC/B,IAAI,kBAAkB,KAAA,GAAW,OAAO,cAAc;CAEtD,MAAM,KAAK,sBAAsB,cAAc;CAC/C,IAAI,IAAI;EACN,MAAM,QAAQ,GAAG,KAAK,YAAY;EAClC,IAAI,CAAC,OAAO,OAAO;EAEnB,MAAM,SAAS,cAAc;EAC7B,IAAI,MAAM;QACH,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,MAAM,OAAO,EACrD,IAAI,UAAU,KAAA,GAAW,OAAO,OAAO;;EAG3C,OAAO;;CAGT,OAAO,gBAAgB,gBAAgB,cAAc,GAAG;;;;;;AAO1D,SAAS,qBACP,WACA,KAC+B;CAC/B,QAAQ,UAAU,MAAlB;EACE,KAAK,UAAU;GACb,MAAM,cAAc,IAAI,QAAQ,IAAI,UAAU,IAAI;GAClD,IAAI,gBAAgB,MAAM,OAAO;GACjC,OAAO,qBAAqB,aAAa,UAAU,MAAM;;EAE3D,KAAK,UAAU;GACb,MAAM,cAAc,IAAI,QAAQ,UAAU;GAC1C,IAAI,gBAAgB,KAAA,GAAW,OAAO;GACtC,OAAO,qBAAqB,aAAa,UAAU,MAAM;;EAE3D,KAAK,SAAS;GACZ,MAAM,aAAa,IAAI,MAAM,IAAI,UAAU,IAAI;GAC/C,IAAI,eAAe,MAAM,OAAO;GAChC,OAAO,qBAAqB,YAAY,UAAU,MAAM;;EAE1D,KAAK;GACH,IAAI,UAAU,UAAU,KAAA,GAAW,OAAO,qBAAqB,IAAI,MAAM,UAAU,MAAM;GACzF,OAAO,IAAI,SAAS,UAAU,MAAM,cAAc,GAAG;EAEvD,SACE,OAAO;;;;;;;;AASb,SAAS,sBAAsB,OAA8B;CAC3D,OAAO,eAAe,yBAAyB,aAI7C,WAAW,IAAI,MAAM,GAAG,CACzB;;;;;;;;;AAUH,SAAS,uBACP,KACA,SACA,KAC+B;CAC/B,MAAM,SAAS,cAAc;CAE7B,IAAI,KACF,KAAK,MAAM,aAAa,KAAK;EAC3B,MAAM,kBAAkB,qBAAqB,WAAW,IAAI;EAC5D,IAAI,CAAC,iBAAiB,OAAO;EAC7B,OAAO,OAAO,QAAQ,gBAAgB;;CAI1C,IAAI;OACG,MAAM,aAAa,SACtB,IAAI,qBAAqB,WAAW,IAAI,EAAE,OAAO;;CAIrD,OAAO;;AAGT,SAAgB,mBACd,KACA,SACA,KACS;CACT,OAAO,uBAAuB,KAAK,SAAS,IAAI,KAAK;;;;;;;AAQvD,SAAS,kBAAkB,KAAa,IAA2B;CACjE,IAAI,IAAI,GAAG,eAAe,KAAK,OAAO;CACtC,MAAM,QAAQ,GAAG,YAAY;CAC7B,IAAI,QAAQ;CACZ,IAAI,IAAI;CACR,OAAO,IAAI,IAAI,UAAU,QAAQ,GAAG;EAClC,IAAI,IAAI,OAAO,KAAK;OACf,IAAI,IAAI,OAAO,KAAK;EACzB;;CAEF,IAAI,UAAU,GAAG,OAAO;CACxB,GAAG,YAAY;CACf,OAAO,IAAI,MAAM,OAAO,IAAI,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+BhC,SAAS,iCAAiC,UAA0B;CAClE,OAAO,SAAS,SAAS,KAAK,SAAS,SAAS,IAAI,GAAG,SAAS,MAAM,GAAG,GAAG,GAAG;;AAGjF,SAAgB,mBACd,UACA,SAC+B;CAK/B,WAAW,iCAAiC,SAAS;CAmBrD,MAAM,iBAAiB,cAAc,KAAK,QAAQ;CAClD,MAAM,mBAAmB,QAAQ,MAAM,WAAW,IAAI,EAAE,EAAE;CAC1D,IACE,QAAQ,SAAS,IAAI,IACrB,QAAQ,SAAS,KAAK,IACtB,kBAAkB,KAAK,QAAQ,IAC/B,YAAY,KAAK,QAAQ,IACxB,kBAAkB,kBAAkB,GAErC,IAAI;EAKF,MAAM,WAAW,eAAe,uBAAuB,eAAe;GAGpE,MAAM,aAAuB,EAAE;GAK/B,IAAI,WAAW;GACf,MAAM,UAAU;GAChB,IAAI;GACJ,QAAQ,MAAM,QAAQ,KAAK,QAAQ,MAAM,MACvC,IAAI,IAAI,OAAO,KAAA,GAAW;IACxB,MAAM,OAAO,IAAI;IACjB,MAAM,OAAO,QAAQ,MAAM,QAAQ,UAAU;IAE7C,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,EAAE;KAChD,MAAM,aAAa,KAAK;KACxB,QAAQ,aAAa;KACrB,MAAM,aAAa,kBAAkB,SAAS,QAAQ;KACtD,WAAW,KAAK,KAAK;KACrB,IAAI,eAAe,MACjB,YAAY,IAAI,WAAW;UAE3B,YAAY,eAAe,MAAM,SAAS;WAEvC;KAEL,MAAM,aAAa,kBAAkB,SAAS,QAAQ;KACtD,WAAW,KAAK,KAAK;KACrB,YAAY,eAAe,OAAO,IAAI,WAAW,KAAK;;UAEnD,IAAI,IAAI,OAAO,KACpB,YAAY;QAEZ,YAAY,IAAI;GAGpB,MAAM,KAAK,WAAW,MAAM,WAAW,IAAI;GAC3C,OAAO,KAAK;IAAE;IAAI;IAAY,GAAG;IACjC;EACF,IAAI,CAAC,UAAU,OAAO;EACtB,MAAM,QAAQ,SAAS,GAAG,KAAK,SAAS;EACxC,IAAI,CAAC,OAAO,OAAO;EACnB,MAAM,SAAiC,OAAO,OAAO,KAAK;EAC1D,KAAK,IAAI,IAAI,GAAG,IAAI,SAAS,WAAW,QAAQ,KAC9C,OAAO,SAAS,WAAW,MAAM,MAAM,IAAI,MAAM;EAEnD,OAAO;SACD;CAOV,MAAM,gBAAgB,QAAQ,MAAM,oBAAoB;CACxD,IAAI,eAAe;EACjB,MAAM,SAAS,QAAQ,MAAM,GAAG,QAAQ,YAAY,IAAI,CAAC;EACzD,MAAM,YAAY,cAAc;EAChC,MAAM,SAAS,cAAc,OAAO;EAEpC,MAAM,gBAAgB,OAAO,QAAQ,OAAO,GAAG;EAC/C,IAAI,CAAC,SAAS,WAAW,cAAc,EAAE,OAAO;EAChD,MAAM,YAAY,SAAS,cAAc;EACzC,IAAI,cAAc,KAAA,KAAa,cAAc,KAAK,OAAO;EAEzD,MAAM,OAAO,SAAS,MAAM,cAAc,OAAO;EACjD,IAAI,WAAW,CAAC,QAAQ,SAAS,MAAM,OAAO;EAC9C,IAAI,YAAY,KAAK,WAAW,IAAI,GAAG,KAAK,MAAM,EAAE,GAAG;EAGvD,OAAO,GAAG,YAAY,WAAW;;CAInC,MAAM,QAAQ,QAAQ,MAAM,IAAI;CAChC,MAAM,YAAY,SAAS,MAAM,IAAI;CAErC,IAAI,MAAM,WAAW,UAAU,QAAQ,OAAO;CAE9C,MAAM,SAAiC,OAAO,OAAO,KAAK;CAC1D,KAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAChC,IAAI,MAAM,GAAG,WAAW,IAAI,EAC1B,OAAO,MAAM,GAAG,MAAM,EAAE,IAAI,UAAU;MACjC,IAAI,MAAM,OAAO,UAAU,IAChC,OAAO;CAGX,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsCT,SAAgB,cACd,UACA,WACA,KACA,gBAAoC,mBACgB;CACpD,IAAI,UAAU,WAAW,GAAG,OAAO;CAMnC,WAAW,iCAAiC,SAAS;CAErD,MAAM,QAAQ,kBAAkB,UAAU;CAe1C,IAAI,cAAkE;CACtE,IAAI,mBAAmB;CAEvB,IAAI,MAAM,aAAa,OAAO,GAAG;EAM/B,MAAM,iBAAiB,MAAM,aAAa,IAAI,SAAS;EACvD,IAAI,gBACF,KAAK,MAAM,SAAS,gBAAgB;GAClC,IAAI,CAAC,MAAM,UAAU;GACrB,IAAI,MAAM,iBAAiB,kBAAkB;GAC7C,MAAM,WAAW,MAAM;GACvB,IAAI,CAAC,mBAAmB,SAAS,UAAU,cAAc,EAAE;GAC3D,MAAM,kBACJ,SAAS,OAAO,SAAS,UACrB,uBAAuB,SAAS,KAAK,SAAS,SAAS,IAAI,GAC3D,cAAc;GACpB,IAAI,CAAC,iBAAiB;GAMtB,cAAc;IAAE,aAJH,iCAAiC,SAAS,aAAa;MACjE,MAAM,YAAY;KACnB,GAAG;KACJ,CACgC;IAAE,WAAW,SAAS;IAAW;GAClE,mBAAmB,MAAM;GACzB;;EAOJ,MAAM,WAAW,SAAS,QAAQ,KAAK,EAAE;EACzC,IAAI,aAAa,IAAI;GACnB,MAAM,SAAS,SAAS,MAAM,SAAS;GACvC,MAAM,aAAa,SAAS,MAAM,GAAG,SAAS;GAC9C,MAAM,eAAe,MAAM,aAAa,IAAI,OAAO;GACnD,IAAI,cACF,KAAK,MAAM,SAAS,cAAc;IAChC,IAAI,MAAM,iBAAiB,kBAAkB;IAE7C,IAAI,CAAC,MAAM,MAAM,KAAK,WAAW,EAAE;IACnC,MAAM,WAAW,MAAM;IACvB,IAAI,CAAC,mBAAmB,SAAS,UAAU,cAAc,EAAE;IAC3D,MAAM,kBACJ,SAAS,OAAO,SAAS,UACrB,uBAAuB,SAAS,KAAK,SAAS,SAAS,IAAI,GAC3D,cAAc;IACpB,IAAI,CAAC,iBAAiB;IAKtB,cAAc;KAAE,aAJH,iCAAiC,SAAS,aAAa;OACjE,MAAM,YAAY;MACnB,GAAG;MACJ,CACgC;KAAE,WAAW,SAAS;KAAW;IAClE,mBAAmB,MAAM;IACzB;;;;CAUR,KAAK,MAAM,CAAC,SAAS,aAAa,MAAM,QAAQ;EAC9C,IAAI,WAAW,kBAGb;EAEF,IAAI,CAAC,mBAAmB,SAAS,UAAU,cAAc,EAAE;EAC3D,MAAM,SAAS,mBAAmB,UAAU,SAAS,OAAO;EAC5D,IAAI,QAAQ;GACV,MAAM,kBACJ,SAAS,OAAO,SAAS,UACrB,uBAAuB,SAAS,KAAK,SAAS,SAAS,IAAI,GAC3D,cAAc;GACpB,IAAI,CAAC,iBAAiB;GAMtB,OAAO;IAAE,aAJI,iCAAiC,SAAS,aAAa;KAClE,GAAG;KACH,GAAG;KACJ,CACyB;IAAE,WAAW,SAAS;IAAW;;;CAK/D,OAAO;;;;;;;;;;AAWT,SAAgB,aACd,UACA,UACA,KACA,gBAAoC,mBACrB;CACf,KAAK,MAAM,WAAW,UAAU;EAC9B,IAAI,CAAC,mBAAmB,QAAQ,UAAU,cAAc,EAAE;EAC1D,MAAM,SAAS,mBAAmB,UAAU,QAAQ,OAAO;EAC3D,IAAI,QAAQ;GACV,MAAM,kBACJ,QAAQ,OAAO,QAAQ,UACnB,uBAAuB,QAAQ,KAAK,QAAQ,SAAS,IAAI,GACzD,cAAc;GACpB,IAAI,CAAC,iBAAiB;GAEtB,OAAO,iCAAiC,QAAQ,aAAa;IAC3D,GAAG;IACH,GAAG;IACJ,CAAC;;;CAGN,OAAO;;;;;;;;AAST,SAAS,4BAA4B,aAAqB,QAAwC;CAChG,MAAM,OAAO,OAAO,KAAK,OAAO;CAChC,IAAI,KAAK,WAAW,GAAG,OAAO;CAO9B,MAAM,aAAa,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,MAAM,EAAE,SAAS,EAAE,OAAO;CAChE,MAAM,WAAW,WAAW,KAAK,KAAK;CACtC,IAAI,UAAU,+BAA+B,IAAI,SAAS;CAC1D,IAAI,CAAC,SAAS;EACZ,MAAM,mBAAmB,WACtB,KAAK,QAAQ,IAAI,QAAQ,uBAAuB,OAAO,CAAC,CACxD,KAAK,IAAI;EACZ,UAAU,IAAI,OAAO,KAAK,iBAAiB,2BAA2B,IAAI;EAC1E,+BAA+B,IAAI,UAAU,QAAQ;;CAGvD,OAAO,YAAY,QAAQ,UAAU,QAAQ,QAAgB,OAAO,KAAK;;;;;;;;AAS3E,SAAS,iCACP,aACA,QACQ;CACR,OAAO,oBAAoB,4BAA4B,aAAa,OAAO,CAAC;;;;;;;;;;;;;AAc9E,SAAgB,oBAAoB,MAAsB;CAExD,IAAI,KAAK,WAAW,UAAU,IAAI,KAAK,WAAW,WAAW,EAC3D,OAAO;CAMT,OAAO,KAAK,QAAQ,WAAW,IAAI;CACnC,OAAO;;;;;;;AAQT,SAAgB,cAAc,KAAsB;CAClD,OAAO,uBAAuB,KAAK,IAAI,IAAI,IAAI,WAAW,KAAK;;;;;;;;;;;AAYjE,eAAsB,qBACpB,SACA,aACmB;CAEnB,MAAM,cAAc,IAAI,IAAI,QAAQ,IAAI;CACxC,MAAM,YAAY,IAAI,IAAI,YAAY;CACtC,MAAM,kBAAkB,IAAI,IAAI,UAAU,aAAa,MAAM,CAAC;CAK9D,KAAK,MAAM,CAAC,KAAK,UAAU,YAAY,cACrC,IAAI,CAAC,gBAAgB,IAAI,IAAI,EAC3B,UAAU,aAAa,OAAO,KAAK,MAAM;CAK7C,MAAM,UAAU,IAAI,QAAQ,QAAQ,QAAQ;CAE5C,QAAQ,IAAI,QAAQ,UAAU,KAAK;CAOnC,4BAA4B,QAAQ;CACpC,MAAM,eAAyB,EAAE;CACjC,KAAK,MAAM,OAAO,QAAQ,MAAM,EAC9B,IAAI,IAAI,WAAA,gBAAoC,EAC1C,aAAa,KAAK,IAAI;CAG1B,KAAK,MAAM,OAAO,cAChB,QAAQ,OAAO,IAAI;CAKrB,QAAQ,OAAO,+BAA+B;CAC9C,QAAQ,OAAO,qCAAqC;CAEpD,QAAQ,OAAO,qBAAqB;CAEpC,MAAM,SAAS,QAAQ;CACvB,MAAM,UAAU,WAAW,SAAS,WAAW;CAE/C,MAAM,OAA0C;EAC9C;EACA;EACA,UAAU;EACX;CAED,IAAI,WAAW,QAAQ,MAAM;EAC3B,KAAK,OAAO,QAAQ;EACpB,KAAK,SAAS;;CAKhB,MAAM,aAAa,IAAI,iBAAiB;CACxC,MAAM,UAAU,iBAAiB,WAAW,OAAO,EAAE,IAAO;CAC5D,IAAI;CACJ,IAAI;EACF,mBAAmB,MAAM,MAAM,UAAU,MAAM;GAAE,GAAG;GAAM,QAAQ,WAAW;GAAQ,CAAC;UAC/E,GAAG;EACV,IAAI,aAAa,SAAS,EAAE,SAAS,cAAc;GACjD,QAAQ,MAAM,4CAA4C,UAAU,KAAK;GACzE,OAAO,IAAI,SAAS,mBAAmB,EAAE,QAAQ,KAAK,CAAC;;EAEzD,QAAQ,MAAM,0CAA0C,EAAE;EAC1D,OAAO,IAAI,SAAS,eAAe,EAAE,QAAQ,KAAK,CAAC;WAC3C;EACR,aAAa,QAAQ;;CAWvB,MAAM,gBAAgB,OAAO,YAAY,eAAe,CAAC,CAAC,QAAQ,UAAU;CAC5E,MAAM,kBAAkB,IAAI,SAAS;CACrC,iBAAiB,QAAQ,SAAS,OAAO,QAAQ;EAC/C,MAAM,QAAQ,IAAI,aAAa;EAC/B,IAAI,mBAAmB,IAAI,MAAM,EAAE;EACnC,IAAI,kBAAkB,UAAU,sBAAsB,UAAU,mBAAmB;EACnF,gBAAgB,OAAO,KAAK,MAAM;GAClC;CAEF,OAAO,IAAI,SAAS,iBAAiB,MAAM;EACzC,QAAQ,iBAAiB;EACzB,YAAY,iBAAiB;EAC7B,SAAS;EACV,CAAC;;;;;;;;;;AAWJ,SAAgB,aACd,UACA,SACA,KACA,gBAAoC,mBACG;CAIvC,WAAW,iCAAiC,SAAS;CAErD,MAAM,SAAgD,EAAE;CACxD,KAAK,MAAM,QAAQ,SAAS;EAC1B,IAAI,CAAC,mBAAmB,KAAK,UAAU,cAAc,EAAE;EAGvD,MAAM,cAAc,eAAe,4BAA4B,KAAK,cAClE,WAAW,MAAM,mBAAmB,KAAK,OAAO,GAAG,IAAI,CACxD;EACD,IAAI,eAAe,YAAY,KAAK,SAAS,EAAE;GAC7C,IAAI,KAAK,OAAO,KAAK;QACf,CAAC,mBAAmB,KAAK,KAAK,KAAK,SAAS,IAAI,EAClD;;GAGJ,OAAO,KAAK,GAAG,KAAK,QAAQ;;;CAGhC,OAAO;;;;;;AAOT,SAAS,mBAAmB,OAAuB;CACjD,OAAO,MAAM,QAAQ,uBAAuB,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCrD,SAAgB,oBACd,QACA,MACA,MACA,UAAuC,EAAE,EACpC;CACL,IAAI,CAAC,QAAQ,OAAO,WAAW,GAAG,OAAO;CAEzC,MAAM,gBAAgB,QAAQ,iBAAiB;CAE/C,MAAM,iBAAiB,wBADI,KAAK,QAAQ,IAAI,mBAAmB,CAAC,KAAK,IACJ,CAAC;CAMlE,MAAM,aAAa,WAA4B,WAAW,OAAO,CAAC,gBAAgB,KAAK;CAWvF,MAAM,iBAA2B,SAAS,aAAa,CAAC,KAAK,cAAc,GAAG,EAAE;CAEhF,MAAM,MAAW,EAAE;CACnB,KAAK,MAAM,KAAK,QAAQ;EACtB,IAAI,EAAE,WAAW,OAAO;GACtB,IAAI,KAAK,EAAE;GACX;;EAKF,MAAM,aAAa,CAAC,CAAC,EAAE,eAAe,CAAC,EAAE,YAAY,WAAW,IAAI;EAIpE,IAAI,CAAC,YACH,KAAK,MAAM,UAAU,gBAAgB;GACnC,MAAM,kBAAkB,IAAI,SAAS,UAAU,EAAE,OAAO;GACxD,IAAI,KAAK;IACP,GAAG;IACH,QAAQ;IACT,CAAC;;EAKN,MAAM,iBAAiB,GAAG,iBAAiB,UAAU,EAAE,OAAO;EAC9D,IAAI,sBAAsB,EAAE;EAC5B,IAAI,uBAAuB,oBAAoB,WAAW,IAAI,IAAI,CAAC,YACjE,sBAAsB,uBACpB,wBAAwB,OAAO,CAAC,gBAAgB,KAAK;EAGzD,IAAI,KAAK;GACP,GAAG;GACH,QAAQ;GACR,aAAa;GACd,CAAC;EAKF,IAAI,KAAK,EAAE;;CAEb,OAAO"}

package/dist/config/dotenv.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"dotenv.js","names":[],"sources":["../../src/config/dotenv.ts"],"sourcesContent":["import fs from \"node:fs\";\nimport path from \"node:path\";\nimport { parseEnv } from \"node:util\";\n\ntype VinextEnvMode = \"development\" | \"production\" | \"test\";\n\n/**\n * Environment-variable bag accepted by {@link loadDotenv}.\n *\n * Intentionally a plain string→string|undefined dictionary rather than\n * `NodeJS.ProcessEnv`. `NodeJS.ProcessEnv` is augmented by `@types/node` (and\n * by Next.js, when it's anywhere in the workspace) to make `NODE_ENV` a\n * required, readonly property, which doesn't reflect Node's real runtime\n * behaviour and breaks tests that pass throwaway dictionaries here.\n */\ntype EnvBag = Record<string, string | undefined>;\n\ntype LoadDotenvOptions = {\n  root: string;\n  mode: VinextEnvMode;\n  processEnv?: EnvBag;\n};\n\ntype LoadDotenvResult = {\n  mode: VinextEnvMode;\n  loadedFiles: string[];\n  loadedEnv: Record<string, string>;\n};\n\n/**\n * Next.js-compatible dotenv lookup order (highest priority first).\n */\nexport function getDotenvFiles(mode: VinextEnvMode): string[] {\n  return [`.env.${mode}.local`, ...(mode === \"test\" ? [] : [\".env.local\"]), `.env.${mode}`, \".env\"];\n}\n\n/**\n * Load .env files into processEnv with Next.js-like precedence:\n * process.env > .env.<mode>.local > .env.local > .env.<mode> > .env.\n *\n * This mutates processEnv (defaults to process.env).\n *\n * ## Interaction with Vite's own .env loading\n *\n * Vite also loads .env files internally during createServer()/build(). That's\n * fine — the two systems serve different purposes and don't conflict:\n *\n * - **vinext** populates `process.env` so that server-side code (SSR, API\n *   routes, Server Components) can read env vars at runtime, and so the Vite\n *   plugin's `config()` hook can scan `process.env` for `NEXT_PUBLIC_*` vars\n *   to inline via `define`.\n *\n * - **Vite** loads .env files to populate `import.meta.env.VITE_*` for its\n *   own client exposure mechanism (which Next.js apps don't use).\n *\n * Because we load first and neither system overwrites existing keys, Vite's\n * pass is effectively a no-op for overlapping keys. For `start` and `deploy`\n * commands (which don't go through Vite at all), this is the only loading.\n */\nexport function loadDotenv({\n  root,\n  mode,\n  processEnv = process.env,\n}: LoadDotenvOptions): LoadDotenvResult {\n  const loadedFiles: string[] = [];\n  const loadedEnv: Record<string, string> = {};\n\n  for (const relativeFile of getDotenvFiles(mode)) {\n    const filePath = path.join(root, relativeFile);\n    if (!fs.existsSync(filePath)) continue;\n\n    const fileContent = fs.readFileSync(filePath, \"utf-8\");\n    const parsed = parseEnv(fileContent) as Record<string, string>;\n    const expanded = expandEnv(parsed, processEnv);\n\n    for (const [key, value] of Object.entries(expanded)) {\n      if (processEnv[key] !== undefined) continue;\n      processEnv[key] = value;\n      loadedEnv[key] = value;\n    }\n\n    loadedFiles.push(relativeFile);\n  }\n\n  return {\n    mode,\n    loadedFiles,\n    loadedEnv,\n  };\n}\n\nconst ENV_REF_RE = /(\\\\)?\\$(?:\\{([A-Za-z_][A-Za-z0-9_]*)\\}|([A-Za-z_][A-Za-z0-9_]*))/g;\n\nfunction expandEnv(parsed: Record<string, string>, processEnv: EnvBag): Record<string, string> {\n  const expanded: Record<string, string> = {};\n  const resolving = new Set<string>();\n  const context: Record<string, string | undefined> = {\n    ...parsed,\n    ...processEnv,\n  };\n\n  function resolveValue(key: string): string {\n    const cached = expanded[key];\n    if (cached !== undefined) return cached;\n\n    if (resolving.has(key)) {\n      return context[key] ?? \"\";\n    }\n\n    const raw = context[key];\n    if (raw === undefined) return \"\";\n\n    resolving.add(key);\n    let value = raw.replace(ENV_REF_RE, (match, escaped, braced, bare) => {\n      if (escaped) return match.slice(1);\n\n      const refKey = (braced || bare) as string;\n      return resolveValue(refKey);\n    });\n    // Strip remaining \\$ escapes not caught by the regex (e.g. \\$100 where\n    // what follows $ isn't a valid variable name).\n    value = value.replace(/\\\\\\$/g, \"$\");\n    resolving.delete(key);\n\n    expanded[key] = value;\n    context[key] = value;\n    return value;\n  }\n\n  for (const key of Object.keys(parsed)) {\n    resolveValue(key);\n  }\n\n  return expanded;\n}\n"],"mappings":";;;;;;;AAgCA,SAAgB,eAAe,MAA+B;CAC5D,OAAO;EAAC,QAAQ,KAAK;EAAS,GAAI,SAAS,SAAS,EAAE,GAAG,CAAC,aAAa;EAAG,QAAQ;EAAQ;EAAO;;;;;;;;;;;;;;;;;;;;;;;;;AA0BnG,SAAgB,WAAW,EACzB,MACA,MACA,aAAa,QAAQ,OACiB;CACtC,MAAM,cAAwB,EAAE;CAChC,MAAM,YAAoC,EAAE;CAE5C,KAAK,MAAM,gBAAgB,eAAe,KAAK,EAAE;EAC/C,MAAM,WAAW,KAAK,KAAK,MAAM,aAAa;EAC9C,IAAI,CAAC,GAAG,WAAW,SAAS,EAAE;EAI9B,MAAM,WAAW,UADF,SADK,GAAG,aAAa,UAAU,QACX,CACF,EAAE,WAAW;EAE9C,KAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,SAAS,EAAE;GACnD,IAAI,WAAW,SAAS,KAAA,GAAW;GACnC,WAAW,OAAO;GAClB,UAAU,OAAO;;EAGnB,YAAY,KAAK,aAAa;;CAGhC,OAAO;EACL;EACA;EACA;EACD;;AAGH,MAAM,aAAa;AAEnB,SAAS,UAAU,QAAgC,YAA4C;CAC7F,MAAM,WAAmC,EAAE;CAC3C,MAAM,4BAAY,IAAI,KAAa;CACnC,MAAM,UAA8C;EAClD,GAAG;EACH,GAAG;EACJ;CAED,SAAS,aAAa,KAAqB;EACzC,MAAM,SAAS,SAAS;EACxB,IAAI,WAAW,KAAA,GAAW,OAAO;EAEjC,IAAI,UAAU,IAAI,IAAI,EACpB,OAAO,QAAQ,QAAQ;EAGzB,MAAM,MAAM,QAAQ;EACpB,IAAI,QAAQ,KAAA,GAAW,OAAO;EAE9B,UAAU,IAAI,IAAI;EAClB,IAAI,QAAQ,IAAI,QAAQ,aAAa,OAAO,SAAS,QAAQ,SAAS;GACpE,IAAI,SAAS,OAAO,MAAM,MAAM,EAAE;GAGlC,OAAO,aADS,UAAU,KACC;IAC3B;EAGF,QAAQ,MAAM,QAAQ,SAAS,IAAI;EACnC,UAAU,OAAO,IAAI;EAErB,SAAS,OAAO;EAChB,QAAQ,OAAO;EACf,OAAO;;CAGT,KAAK,MAAM,OAAO,OAAO,KAAK,OAAO,EACnC,aAAa,IAAI;CAGnB,OAAO"}

package/dist/config/next-config.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"next-config.js","names":[],"sources":["../../src/config/next-config.ts"],"sourcesContent":["/**\n * next.config.js / next.config.mjs / next.config.ts parser\n *\n * Loads the Next.js config file (if present) and extracts supported options.\n * Unsupported options are logged as warnings.\n */\nimport path from \"node:path\";\nimport { createRequire } from \"node:module\";\nimport fs from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport { randomUUID } from \"node:crypto\";\nimport commonjs from \"vite-plugin-commonjs\";\nimport { PHASE_DEVELOPMENT_SERVER } from \"vinext/shims/constants\";\nimport { normalizePageExtensions } from \"../routing/file-matcher.js\";\nimport { getHtmlLimitedBotRegex } from \"../utils/html-limited-bots.js\";\nimport { isUnknownRecord } from \"../utils/record.js\";\nimport { applyLocaleToRoutes, isExternalUrl } from \"./config-matchers.js\";\nimport { loadTsconfigPathAliasesForRoot } from \"./tsconfig-paths.js\";\n\n/**\n * Parse a body size limit value (string or number) into bytes.\n * Accepts Next.js-style strings like \"1mb\", \"500kb\", \"10mb\", bare number strings like \"1048576\" (bytes),\n * and numeric values. Supports b, kb, mb, gb, tb, pb units.\n * Returns the default 1MB if the value is not provided or invalid.\n * Throws if the parsed value is less than 1.\n */\nexport function parseBodySizeLimit(value: string | number | undefined | null): number {\n  if (value === undefined || value === null) return 1 * 1024 * 1024;\n  if (typeof value === \"number\") {\n    if (value < 1) throw new Error(`Body size limit must be a positive number, got ${value}`);\n    return value;\n  }\n  const trimmed = value.trim();\n  const match = trimmed.match(/^(\\d+(?:\\.\\d+)?)\\s*(b|kb|mb|gb|tb|pb)?$/i);\n  if (!match) {\n    console.warn(\n      `[vinext] Invalid bodySizeLimit value: \"${value}\". Expected a number or a string like \"1mb\", \"500kb\". Falling back to 1MB.`,\n    );\n    return 1 * 1024 * 1024;\n  }\n  const num = parseFloat(match[1]);\n  const unit = (match[2] ?? \"b\").toLowerCase();\n  let bytes: number;\n  switch (unit) {\n    case \"b\":\n      bytes = Math.floor(num);\n      break;\n    case \"kb\":\n      bytes = Math.floor(num * 1024);\n      break;\n    case \"mb\":\n      bytes = Math.floor(num * 1024 * 1024);\n      break;\n    case \"gb\":\n      bytes = Math.floor(num * 1024 * 1024 * 1024);\n      break;\n    case \"tb\":\n      bytes = Math.floor(num * 1024 * 1024 * 1024 * 1024);\n      break;\n    case \"pb\":\n      bytes = Math.floor(num * 1024 * 1024 * 1024 * 1024 * 1024);\n      break;\n    default:\n      return 1 * 1024 * 1024;\n  }\n  if (bytes < 1) throw new Error(`Body size limit must be a positive number, got ${bytes}`);\n  return bytes;\n}\n\nexport type HasCondition = {\n  type: \"header\" | \"cookie\" | \"query\" | \"host\";\n  key: string;\n  value?: string;\n};\n\nexport type NextRedirect = {\n  source: string;\n  destination: string;\n  permanent: boolean;\n  has?: HasCondition[];\n  missing?: HasCondition[];\n  /**\n   * When true (the default with i18n configured), Next.js prepends an internal\n   * locale alternation to the source so the rule matches locale-prefixed paths.\n   * When `false`, the source is left untouched and matches the raw path,\n   * letting user-supplied `:locale` segments capture the prefix themselves.\n   * See https://nextjs.org/docs/app/api-reference/config/next-config-js/redirects#locale\n   */\n  locale?: false;\n  /**\n   * When `false`, the rule is NOT prefixed with `basePath`. Source and\n   * destination are matched/applied verbatim. Mirrors Next.js's\n   * `Redirect.basePath: false` opt-out — see\n   * `.nextjs-ref/packages/next/src/lib/load-custom-routes.ts:26`.\n   */\n  basePath?: false;\n};\n\nexport type NextRewrite = {\n  source: string;\n  destination: string;\n  has?: HasCondition[];\n  missing?: HasCondition[];\n  /** See {@link NextRedirect.locale}. */\n  locale?: false;\n  /** See {@link NextRedirect.basePath}. */\n  basePath?: false;\n};\n\nexport type NextHeader = {\n  source: string;\n  has?: HasCondition[];\n  missing?: HasCondition[];\n  headers: Array<{ key: string; value: string }>;\n  /** See {@link NextRedirect.basePath}. */\n  basePath?: false;\n};\n\nexport type NextI18nConfig = {\n  /** List of supported locales */\n  locales: string[];\n  /** The default locale (used when no locale prefix is in the URL) */\n  defaultLocale: string;\n  /**\n   * Whether to auto-detect locale from Accept-Language header.\n   * Defaults to true in Next.js.\n   */\n  localeDetection?: boolean;\n  /**\n   * Domain-based routing. Each domain maps to a specific locale.\n   */\n  domains?: Array<{\n    domain: string;\n    defaultLocale: string;\n    locales?: string[];\n    http?: boolean;\n  }>;\n};\n\n/**\n * MDX compilation options extracted from @next/mdx config.\n * These are passed through to @mdx-js/rollup so that custom\n * remark/rehype/recma plugins configured in next.config work with Vite.\n */\nexport type MdxOptions = {\n  remarkPlugins?: unknown[];\n  rehypePlugins?: unknown[];\n  recmaPlugins?: unknown[];\n};\n\nexport type NextConfig = {\n  /** Additional env variables */\n  env?: Record<string, string>;\n  /** Base URL path prefix */\n  basePath?: string;\n  /**\n   * Prefix applied to every emitted JS/CSS/image/static asset URL.\n   * Accepts a path prefix (e.g. `/custom-asset-prefix`) or an absolute\n   * URL (e.g. `https://cdn.example.com`). Distinct from `basePath`:\n   * `basePath` affects route URLs; `assetPrefix` only affects asset URLs.\n   * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/assetPrefix\n   */\n  assetPrefix?: string;\n  /** Whether to add trailing slashes */\n  trailingSlash?: boolean;\n  /** Internationalization routing config */\n  i18n?: NextI18nConfig;\n  /** URL redirect rules */\n  redirects?: () => Promise<NextRedirect[]> | NextRedirect[];\n  /** URL rewrite rules */\n  rewrites?: () =>\n    | Promise<\n        | NextRewrite[]\n        | {\n            beforeFiles: NextRewrite[];\n            afterFiles: NextRewrite[];\n            fallback: NextRewrite[];\n          }\n      >\n    | NextRewrite[]\n    | {\n        beforeFiles: NextRewrite[];\n        afterFiles: NextRewrite[];\n        fallback: NextRewrite[];\n      };\n  /** Custom response headers */\n  headers?: () => Promise<NextHeader[]> | NextHeader[];\n  /** Image optimization config */\n  images?: {\n    remotePatterns?: Array<{\n      protocol?: string;\n      hostname: string;\n      port?: string;\n      pathname?: string;\n      search?: string;\n    }>;\n    domains?: string[];\n    unoptimized?: boolean;\n    /** Allowed device widths for image optimization. Defaults to Next.js defaults: [640, 750, 828, 1080, 1200, 1920, 2048, 3840] */\n    deviceSizes?: number[];\n    /** Allowed image sizes for fixed-width images. Defaults to Next.js defaults: [16, 32, 48, 64, 96, 128, 256, 384] */\n    imageSizes?: number[];\n    /** Allow SVG images through the image optimization endpoint. SVG can contain scripts, so only enable if you trust all image sources. */\n    dangerouslyAllowSVG?: boolean;\n    /** Allow image optimization for hostnames that resolve to private IP addresses. This is a security risk (SSRF) — only enable for private networks when you understand the risk. */\n    dangerouslyAllowLocalIP?: boolean;\n    /** Content-Disposition header for image responses. Defaults to \"inline\". */\n    contentDispositionType?: \"inline\" | \"attachment\";\n    /** Content-Security-Policy header for image responses. Defaults to \"script-src 'none'; frame-src 'none'; sandbox;\" */\n    contentSecurityPolicy?: string;\n  };\n  /** Build output mode: 'export' for full static export, 'standalone' for single server */\n  output?: \"export\" | \"standalone\";\n  /** File extensions treated as routable pages/routes (Next.js pageExtensions) */\n  pageExtensions?: string[];\n  /**\n   * Module specifiers that are required for side effects on the client before\n   * hydration, in array order, ahead of the user's `instrumentation-client.{ts,js}`.\n   * Each entry may be a bare npm package name or a path relative to the project root.\n   */\n  instrumentationClientInject?: string[];\n  /** Extra origins allowed to access the dev server. */\n  allowedDevOrigins?: string[];\n  /** Maximum age in seconds for stale ISR entries before blocking regeneration. */\n  expireTime?: number;\n  /** User agents that require blocking metadata in the initial head. */\n  htmlLimitedBots?: RegExp | string;\n  /**\n   * Enable Cache Components (Next.js 16).\n   * When true, enables the \"use cache\" directive for pages, components, and functions.\n   * Replaces the removed experimental.ppr and experimental.dynamicIO flags.\n   */\n  cacheComponents?: boolean;\n  /**\n   * Enables source maps while generating static pages.\n   * Helps with errors during the prerender phase in `vinext build`.\n   * Defaults to `true`. Set to `false` to disable.\n   */\n  enablePrerenderSourceMaps?: boolean;\n  /** Transpile packages (Vite handles this natively) */\n  transpilePackages?: string[];\n  /**\n   * Packages that should be treated as server-external (not bundled by Vite).\n   * Corresponds to Next.js `serverExternalPackages` (or the legacy\n   * `experimental.serverComponentsExternalPackages`).\n   */\n  serverExternalPackages?: string[];\n  /** Webpack config (ignored — we use Vite) */\n  webpack?: unknown;\n  /**\n   * Compiler options for build-time code transforms.\n   * vinext supports the subset that maps to Vite-compatible transforms.\n   */\n  compiler?: {\n    /** Remove `console.*` calls from the client bundle. */\n    removeConsole?: boolean | { exclude?: string[] };\n    /**\n     * Inline compile-time constants in both client and server bundles.\n     * Mirrors Next.js `compiler.define`.\n     * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/compiler#define\n     */\n    define?: Record<string, string | number | boolean>;\n    /**\n     * Inline compile-time constants in server bundles only (not client).\n     * Mirrors Next.js `compiler.defineServer`.\n     */\n    defineServer?: Record<string, string | number | boolean>;\n  };\n  /**\n   * Path to a custom cache handler module (e.g., KV, Redis, DynamoDB).\n   * Accepts relative paths, absolute paths, or file:// URLs from import.meta.resolve().\n   * When \"type\": \"module\" is set in package.json, use import.meta.resolve() instead of\n   * require.resolve() to get a valid path.\n   */\n  cacheHandler?: string;\n  /**\n   * Maximum memory size (bytes) for the default in-memory cache handler.\n   * Set to 0 to disable in-memory caching entirely.\n   */\n  cacheMaxMemorySize?: number;\n  /**\n   * Custom build ID generator. If provided, called once at build/dev start.\n   * Must return a non-empty string, or null to use the default random ID.\n   */\n  generateBuildId?: () => string | null | Promise<string | null>;\n  /** Identifier for deployment-aware cache keys and version skew protection. */\n  deploymentId?: string;\n  /** Any other options */\n  [key: string]: unknown;\n};\n\nexport type NextConfigFactory = (\n  phase: string,\n  opts: { defaultConfig: NextConfig },\n) => NextConfig | Promise<NextConfig>;\n\nexport type NextConfigInput = NextConfig | NextConfigFactory;\n\n/**\n * Resolved configuration with all async values awaited.\n */\nexport type ResolvedNextConfig = {\n  env: Record<string, string>;\n  basePath: string;\n  /**\n   * Resolved `assetPrefix` from next.config.\n   *\n   * Empty string when unset. Trailing slashes are trimmed. May be either:\n   *  - a path prefix beginning with `/` (e.g. `\"/custom-asset-prefix\"`), or\n   *  - an absolute URL with `http(s)://` origin (e.g. `\"https://cdn.example.com\"`\n   *    or `\"https://cdn.example.com/sub\"`).\n   *\n   * Mirrors Next.js semantics — `assetPrefix` controls emitted asset URLs\n   * only; route URLs continue to live under `basePath`.\n   *\n   * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/assetPrefix\n   */\n  assetPrefix: string;\n  trailingSlash: boolean;\n  output: \"\" | \"export\" | \"standalone\";\n  pageExtensions: string[];\n  instrumentationClientInject: string[];\n  cacheComponents: boolean;\n  redirects: NextRedirect[];\n  rewrites: {\n    beforeFiles: NextRewrite[];\n    afterFiles: NextRewrite[];\n    fallback: NextRewrite[];\n  };\n  headers: NextHeader[];\n  images: NextConfig[\"images\"];\n  i18n: NextI18nConfig | null;\n  /** MDX remark/rehype/recma plugins extracted from @next/mdx config */\n  mdx: MdxOptions | null;\n  /** Explicit module aliases preserved from wrapped next.config plugins. */\n  aliases: Record<string, string>;\n  /** Extra allowed origins for dev server access (from allowedDevOrigins). */\n  allowedDevOrigins: string[];\n  /** Extra allowed origins for server action CSRF validation (from experimental.serverActions.allowedOrigins). */\n  serverActionsAllowedOrigins: string[];\n  /** Packages whose barrel imports should be optimized (from experimental.optimizePackageImports). */\n  optimizePackageImports: string[];\n  /** Inline app CSS into production HTML (from experimental.inlineCss). */\n  inlineCss: boolean;\n  /** Parsed body size limit for server actions in bytes (from experimental.serverActions.bodySizeLimit). Defaults to 1MB. */\n  serverActionsBodySizeLimit: number;\n  /** Route-level expire fallback in seconds for ISR entries with numeric revalidate. */\n  expireTime: number;\n  /** Serialized htmlLimitedBots regexp source from next.config. */\n  htmlLimitedBots: string | undefined;\n  /**\n   * Packages that should be treated as server-external (not bundled by Vite).\n   * Sourced from `serverExternalPackages` or the legacy\n   * `experimental.serverComponentsExternalPackages` in next.config.\n   */\n  serverExternalPackages: string[];\n  /** Enable sourcemaps for prerender error stack traces. Defaults to true. */\n  enablePrerenderSourceMaps: boolean;\n  /** Resolved build ID (from generateBuildId, or a random UUID if not provided). */\n  buildId: string;\n  /** Resolved deployment ID from next.config.js or NEXT_DEPLOYMENT_ID. */\n  deploymentId: string | undefined;\n  /**\n   * Path to a custom cache handler module. file:// URLs are resolved to\n   * filesystem paths via fileURLToPath() during config resolution.\n   */\n  cacheHandler: string | undefined;\n  /**\n   * Maximum memory size (bytes) for the default in-memory cache handler.\n   * Set to 0 to disable in-memory caching entirely.\n   */\n  cacheMaxMemorySize: number | undefined;\n  /**\n   * Concatenated hash salt from `experimental.outputHashSalt` config option\n   * and `NEXT_HASH_SALT` environment variable. Empty string when neither is set.\n   * When non-empty, mix into content-addressed output filenames so hash values\n   * change without modifying source — useful for cache-busting after CDN poisoning.\n   */\n  hashSalt: string;\n  /**\n   * Raw `sassOptions` object from next.config (or `null` when unset). vinext\n   * passes the relevant keys through to Vite's `css.preprocessorOptions.scss`\n   * so SCSS variables defined via `additionalData` / `prependData`, partials\n   * resolved via `includePaths` / `loadPaths`, and a custom `implementation`\n   * all behave the same as in Next.js.\n   *\n   * Kept loose (`Record<string, unknown> | null`) to match Next.js's typing —\n   * the object is forwarded to Sass and may contain any modern Sass option.\n   */\n  sassOptions: Record<string, unknown> | null;\n  /**\n   * When enabled, strip `console.*` calls from the client bundle.\n   * Mirrors Next.js `compiler.removeConsole` option.\n   * `true` strips all console calls; `{ exclude: [\"error\"] }` strips all\n   * except the specified method names (case-insensitive).\n   */\n  removeConsole: boolean | { exclude: string[] };\n  /**\n   * Mirrors Next.js `experimental.disableOptimizedLoading`. When `false`\n   * (the default), Pages Router page scripts are emitted with `defer` in\n   * `<head>` so the browser can prefetch them in parallel with HTML parsing.\n   * When `true`, scripts are emitted without `defer` (legacy behaviour).\n   *\n   * See `.nextjs-ref/packages/next/src/pages/_document.tsx` (`getScripts` →\n   * `defer={!disableOptimizedLoading}`) and the upstream\n   * `test/e2e/optimized-loading` test fixture.\n   */\n  disableOptimizedLoading: boolean;\n  /**\n   * Build-time constant replacement map applied to BOTH client and server\n   * bundles. Sourced from `compiler.define` in next.config. Values are\n   * pre-serialized via `JSON.stringify` so they can be fed straight into\n   * Vite's `define` config (which expects strings of source code).\n   *\n   * Mirrors Next.js — strings, numbers, and booleans are accepted; other\n   * value shapes are dropped.\n   * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/compiler#define\n   */\n  compilerDefine: Record<string, string>;\n  /**\n   * Build-time constant replacement map applied to SERVER bundles only\n   * (RSC + SSR + middleware). Sourced from `compiler.defineServer` in\n   * next.config. Same serialization rules as `compilerDefine`. Client\n   * bundles intentionally never see these substitutions, so referencing\n   * a `defineServer` identifier from the browser stays as the raw\n   * identifier (typically resolving to `undefined`).\n   */\n  compilerDefineServer: Record<string, string>;\n  /**\n   * Allow-list of keys, sourced from `experimental.clientTraceMetadata`,\n   * to forward from the active OpenTelemetry context into the SSR HTML head\n   * as `<meta>` tags. `undefined` (or empty) disables injection.\n   *\n   * Mirrors Next.js: packages/next/src/server/lib/trace/utils.ts (getTracedMetadata).\n   */\n  clientTraceMetadata: string[] | undefined;\n  /**\n   * App Router client cache freshness windows in seconds, sourced from\n   * `experimental.staleTimes`. Controls how long prefetched route segments\n   * are considered fresh in the client-side router cache.\n   *\n   * `dynamic` applies to partial/dynamic prefetches (default 0 — no reuse).\n   * `static` applies to full-route prefetches (default 300 — 5 minutes).\n   * Mirrors Next.js' `process.env.__NEXT_CLIENT_ROUTER_{DYNAMIC,STATIC}_STALETIME`.\n   */\n  staleTimes: { dynamic: number; static: number };\n};\n\n// Mirrors Next.js's accepted set in packages/next/src/shared/lib/constants.ts\n// (`.js`/`.mjs`/`.ts`/`.mts`) and adds `.cjs` for parity with vinext's own\n// loader, which has historically accepted CJS configs as well. The order is\n// significant: findNextConfigPath returns the first match, so prefer the more\n// modern flavours first.\nconst CONFIG_FILES = [\n  \"next.config.ts\",\n  \"next.config.mts\",\n  \"next.config.mjs\",\n  \"next.config.js\",\n  \"next.config.cjs\",\n];\nconst DEFAULT_EXPIRE_TIME = 31_536_000;\n\n/**\n * Check whether an error indicates a CJS module was loaded in an ESM context\n * (i.e. the file uses `require()` which is not available in ESM).\n */\nfunction isCjsError(e: unknown): boolean {\n  if (!(e instanceof Error)) return false;\n  const msg = e.message;\n  return (\n    msg.includes(\"require is not a function\") ||\n    msg.includes(\"require is not defined\") ||\n    msg.includes(\"exports is not defined\") ||\n    msg.includes(\"module is not defined\") ||\n    msg.includes(\"__dirname is not defined\") ||\n    msg.includes(\"__filename is not defined\")\n  );\n}\n\n// Dev-server phase is the safe default for config loading: it enables all\n// optional config sections (headers, redirects, rewrites) without triggering\n// build-only behaviour. Used in two default parameter values below to avoid\n// repeating PHASE_DEVELOPMENT_SERVER inline.\nconst DEFAULT_PHASE = PHASE_DEVELOPMENT_SERVER;\n\n/**\n * Emit a warning when config loading fails, with a targeted hint for\n * known plugin wrappers that are unnecessary in vinext.\n */\nfunction warnConfigLoadFailure(filename: string, err: Error): void {\n  const msg = err.message ?? \"\";\n  const stack = err.stack ?? \"\";\n  const isNextIntlPlugin =\n    msg.includes(\"next-intl\") ||\n    stack.includes(\"next-intl/plugin\") ||\n    stack.includes(\"next-intl/dist\");\n\n  console.log();\n  console.error(`[vinext] Failed to load ${filename}: ${msg}`);\n  console.log();\n  if (isNextIntlPlugin) {\n    console.warn(\n      \"[vinext] Hint: createNextIntlPlugin() is not needed with vinext. \" +\n        \"Remove the next-intl/plugin wrapper from your next.config — \" +\n        \"vinext auto-detects next-intl and registers the i18n config alias automatically.\",\n    );\n  }\n}\n\n/**\n * Resolve a Next-style config value, calling it if it's a function-form config\n * (Next.js supports `module.exports = (phase, opts) => config`).\n */\nasync function resolveConfigValue(\n  config: unknown,\n  phase: string = DEFAULT_PHASE,\n): Promise<NextConfig> {\n  if (typeof config === \"function\") {\n    const result = await config(phase, {\n      defaultConfig: {},\n    });\n    return result as NextConfig;\n  }\n  return config as NextConfig;\n}\n\n/**\n * Named export attached by `cjsGlobalsInjectorPlugin` when the source\n * statically looks like it assigns to `module.exports`. Holds the wrapper\n * `module` object so {@link unwrapConfig} can read back the user's CJS-style\n * export. Pure-ESM configs skip the wrapper entirely and rely on the ESM\n * `default` export instead.\n */\nconst VINEXT_CJS_EXPORTS_KEY = \"__vinext_cjs_exports\";\n\n/**\n * Companion named export pointing at the initial empty `{}` that the wrapper\n * is constructed with. Lets {@link unwrapConfig} distinguish \"user reassigned\n * or mutated module.exports\" from \"module.exports is still the untouched\n * empty wrapper\" — the latter happens when {@link reassignsModuleExports}\n * matches inside a string or comment (a harmless false positive that should\n * still fall through to the ESM `default` export).\n */\nconst VINEXT_CJS_INITIAL_KEY = \"__vinext_cjs_initial_exports\";\n\n/**\n * Unwrap the config value from a loaded module namespace.\n *\n * Prefers `module.exports` (CJS style) when the config file reassigned it,\n * otherwise falls back to `default`/the namespace itself. Mirrors Next.js's\n * behaviour, where the config is loaded through `Module._compile` and CJS\n * assignments override any ESM-style exports.\n *\n * The presence of the `__vinext_cjs_exports` named export is the static\n * signal (set by `cjsGlobalsInjectorPlugin` when `reassignsModuleExports`\n * matched) that this file might use CJS-style exports. We then disambiguate\n * \"user actually touched module.exports\" from \"static heuristic was a false\n * positive\" by comparing identity against the initial empty wrapper: if\n * `module.exports` is still the original `{}`, fall back to ESM `default`.\n */\nasync function unwrapConfig(\n  // oxlint-disable-next-line typescript/no-explicit-any\n  mod: any,\n  phase: string = PHASE_DEVELOPMENT_SERVER,\n): Promise<NextConfig> {\n  const cjsModule = mod?.[VINEXT_CJS_EXPORTS_KEY];\n  const cjsExports = cjsModule?.exports;\n  const cjsInitial = mod?.[VINEXT_CJS_INITIAL_KEY];\n  const userTouchedExports =\n    cjsExports !== undefined &&\n    cjsExports !== null &&\n    // Either reassigned outright, or mutated keys on the initial object.\n    (cjsExports !== cjsInitial ||\n      (typeof cjsExports === \"object\" && Object.keys(cjsExports).length > 0));\n  if (userTouchedExports) {\n    return await resolveConfigValue(cjsExports, phase);\n  }\n  return await resolveConfigValue(mod.default ?? mod, phase);\n}\n\n/**\n * Resolve a path through filesystem symlinks, falling back to the original\n * path when the file does not exist (e.g. virtual ids, query-suffixed ids).\n */\nfunction safeRealpath(p: string): string {\n  try {\n    return fs.realpathSync(p);\n  } catch {\n    return p;\n  }\n}\n\n/**\n * Whole-word substring check for any of the CJS-style globals that the\n * injector plugin would shim. Used to skip the transform entirely for the\n * common case where the config is pure ESM (no `__filename`, `__dirname`,\n * `require`, `module`, or `exports` references).\n *\n * False positives are harmless: a comment, string literal, or unrelated\n * identifier like `node:module` will trigger the transform unnecessarily,\n * but the resulting injection is idempotent and the loaded config is\n * unaffected. False negatives would be a correctness bug, so we err on the\n * side of matching too eagerly.\n *\n * Note: `\\bexports\\b` does not match `export default` (different word\n * boundaries), and `\\brequire\\b` does not match `requireSomething`.\n */\nexport function referencesCjsGlobals(source: string): boolean {\n  return /\\b(?:__filename|__dirname|require|module|exports)\\b/.test(source);\n}\n\n/**\n * Static heuristic: returns true when the source appears to assign to\n * `module.exports` — either via `module.exports = …`, `module.exports.foo = …`,\n * or `module.exports[…] = …`. Used to decide whether the injector plugin\n * needs to wire up the wrapper `module` object so {@link unwrapConfig} can\n * read back the user's CJS-style export.\n *\n * Pure-ESM configs skip the wrapper entirely, which means a faster transform\n * (no extra `export const` line) and a simpler unwrap path (no need to\n * disambiguate \"initial empty object\" from \"user reassigned to {}\").\n *\n * Like {@link referencesCjsGlobals}, false positives are harmless: at worst\n * we emit an unused `__vinext_cjs_exports` named export, and `unwrapConfig`\n * still prefers it (it points at an empty object, which then gets treated\n * as the config — equivalent to today's sentinel logic for pure-ESM files\n * that happen to mention `module.exports` only in a string).\n */\nexport function reassignsModuleExports(source: string): boolean {\n  // Match `module.exports` followed by `=` (not `==` / `===`), `.identifier =`,\n  // or `[...] =`. Whitespace allowed around the dot.\n  return /\\bmodule\\s*\\.\\s*exports\\b\\s*(?:=(?!=)|\\.\\s*[A-Za-z_$][\\w$]*\\s*=(?!=)|\\[)/.test(source);\n}\n\n/**\n * Vite plugin that prepends CJS-style globals (`__filename`, `__dirname`,\n * `module`, `exports`, `require`) to the next.config.* source before\n * Vite's module runner evaluates it.\n *\n * Next.js's `next.config.ts` loader (packages/next/src/build/next-config-ts/\n * transpile-config.ts → require-hook.ts) feeds the file through Node's\n * `Module._compile`, which provides these CJS globals even when the source\n * uses ESM syntax. Upstream test fixtures in `test/e2e/app-dir/next-config-ts*`\n * rely on that, e.g. `node-api-cjs/next.config.ts` reads\n * `fs.readFileSync(path.join(__dirname, 'foo.txt'), 'utf8')`. vinext loads\n * configs through Vite's ESM-only module runner, so we inject the same\n * globals as plain `const` declarations.\n *\n * For configs that don't reference any CJS global (the common case — every\n * upstream `next-config-ts` fixture except `node-api-cjs` is pure ESM) we\n * skip the transform entirely; see {@link referencesCjsGlobals}.\n *\n * `module.exports` reassignment is preserved by exposing the injected\n * `module` object as a named export (see {@link VINEXT_CJS_EXPORTS_KEY}) and\n * reading it back in {@link unwrapConfig}.\n */\nfunction cjsGlobalsInjectorPlugin(configPath: string): {\n  name: string;\n  enforce: \"pre\";\n  // oxlint-disable-next-line typescript/no-explicit-any\n  transform(this: unknown, code: string, id: string): any;\n} {\n  // Resolve symlinks once so we can compare against the (possibly\n  // symlink-resolved) id Vite passes to `transform`. On macOS, `/var/folders`\n  // is a symlink to `/private/var/folders`, so the temp-dir path in tests\n  // would otherwise mismatch.\n  const normalizedTarget = safeRealpath(path.resolve(configPath));\n  return {\n    name: \"vinext:next-config-cjs-globals\",\n    enforce: \"pre\",\n    transform(code: string, id: string) {\n      // Vite may pass an id with a query suffix (?v=...) or as a file URL.\n      const idPath = id.startsWith(\"file://\") ? fileURLToPath(id) : id.split(\"?\")[0];\n      const resolvedId = safeRealpath(path.resolve(idPath));\n      if (resolvedId !== normalizedTarget) return null;\n\n      // Fast path: skip the transform when the source contains no bareword\n      // reference to any of the shimmed globals. The vast majority of\n      // `next.config.ts` files are pure ESM (`export default { ... }`) and\n      // pay no cost from this plugin.\n      if (!referencesCjsGlobals(code)) return null;\n\n      const dirname = path.dirname(normalizedTarget);\n      // JSON.stringify produces safe JS string literals for paths.\n      const filenameLiteral = JSON.stringify(normalizedTarget);\n      const dirnameLiteral = JSON.stringify(dirname);\n      const requireBaseLiteral = JSON.stringify(path.join(dirname, \"package.json\"));\n\n      // Only wire up the wrapper `module` object — and the corresponding\n      // named export read by unwrapConfig — when the source statically looks\n      // like it assigns to module.exports. Pure-ESM configs avoid the extra\n      // export and the unwrap-by-wrapper code path.\n      const needsModuleWrapper = reassignsModuleExports(code);\n      const moduleLines = needsModuleWrapper\n        ? `const __vinextInitialExports = {};\\n` +\n          `const module = { exports: __vinextInitialExports };\\n` +\n          `const exports = module.exports;\\n` +\n          `export const ${VINEXT_CJS_EXPORTS_KEY} = module;\\n` +\n          `export const ${VINEXT_CJS_INITIAL_KEY} = __vinextInitialExports;\\n`\n        : \"\";\n\n      // Preamble runs after ESM imports are hoisted; the const bindings shadow\n      // any global lookups the source would otherwise perform.\n      const preamble =\n        `import { createRequire as __vinextCreateRequire } from \"node:module\";\\n` +\n        `const __filename = ${filenameLiteral};\\n` +\n        `const __dirname = ${dirnameLiteral};\\n` +\n        `const require = __vinextCreateRequire(${requireBaseLiteral});\\n` +\n        moduleLines;\n\n      return {\n        code: preamble + code,\n        map: null,\n      };\n    },\n  };\n}\n\nexport function findNextConfigPath(root: string): string | null {\n  for (const filename of CONFIG_FILES) {\n    const configPath = path.join(root, filename);\n    if (fs.existsSync(configPath)) return configPath;\n  }\n  return null;\n}\n\nexport async function resolveNextConfigInput(\n  config: NextConfigInput,\n  phase: string = PHASE_DEVELOPMENT_SERVER,\n): Promise<NextConfig> {\n  // Inline vinext({ nextConfig }) already receives the config value itself,\n  // not a module namespace object, so do not treat a \"default\" key specially.\n  return await resolveConfigValue(config, phase);\n}\n\n/**\n * Load a CJS-flavoured next.config.{js,cjs} via createRequire.\n *\n * For `.cjs` (or `.js` in a non-type-module package) Node's loader picks the\n * right format automatically and `require()` just works. For `.js` in a\n * `\"type\": \"module\"` package, Node infers ESM from package.json and the file\n * fails with `require is not defined`. In that case we copy the source to a\n * sibling temp `.cjs` (where the explicit extension forces CJS regardless of\n * the parent type field) and require *that*. Relative imports inside the\n * config still resolve against the original directory.\n */\nasync function loadConfigViaRequire(\n  configPath: string,\n  root: string,\n  phase: string,\n): Promise<NextConfig> {\n  const require = createRequire(path.join(root, \"package.json\"));\n  try {\n    return await unwrapConfig(require(configPath), phase);\n  } catch (e) {\n    if (!isCjsError(e) || !configPath.endsWith(\".js\")) throw e;\n    return await loadConfigViaCjsTempCopy(configPath, root, phase);\n  }\n}\n\nasync function loadConfigViaCjsTempCopy(\n  configPath: string,\n  root: string,\n  phase: string,\n): Promise<NextConfig> {\n  const dir = path.dirname(configPath);\n  // Hidden + uniquely-named to avoid clashing with user files or being picked\n  // up by next.js's own config scanner if a concurrent next dev is running.\n  const tmpPath = path.join(dir, `.vinext-next-config.${process.pid}.${Date.now()}.cjs`);\n  fs.copyFileSync(configPath, tmpPath);\n  try {\n    const require = createRequire(path.join(root, \"package.json\"));\n    return await unwrapConfig(require(tmpPath), phase);\n  } finally {\n    try {\n      fs.unlinkSync(tmpPath);\n    } catch {\n      // Best-effort cleanup; a stray tmp file is harmless.\n    }\n  }\n}\n\n/**\n * Find and load the next.config file from the project root.\n * Returns null if no config file is found.\n *\n * Attempts Vite's module runner first so TS configs and extensionless local\n * imports (e.g. `import \"./env\"`) resolve consistently. If loading fails due\n * to CJS constructs (`require`, `module.exports`), falls back to `createRequire`\n * so common CJS plugin wrappers (nextra, @next/mdx, etc.) still work, including\n * `next.config.js` files written in CJS syntax inside a `\"type\": \"module\"`\n * package (the common shape after `vinext init`).\n */\nexport async function loadNextConfig(\n  root: string,\n  phase: string = DEFAULT_PHASE,\n): Promise<NextConfig | null> {\n  const configPath = findNextConfigPath(root);\n  if (!configPath) return null;\n\n  const filename = path.basename(configPath);\n\n  // Mirror Next.js: read `compilerOptions.paths` from the project's\n  // tsconfig.json so aliased imports inside next.config.ts (e.g.\n  // `import { foo } from '@/foo'`) resolve at config-load time. Next.js\n  // passes these to SWC; we pass them to Vite's resolver as `resolve.alias`.\n  // See packages/next/src/build/next-config-ts/transpile-config.ts.\n  const tsconfigAliases = loadTsconfigPathAliasesForRoot(root);\n\n  // Symlink-resolved config path, used by the `commonjs()` filter below to\n  // exclude the config file itself. macOS uses /private/var symlinks, so\n  // string-compare without realpath would falsely include the config.\n  const normalizedConfigPath = safeRealpath(path.resolve(configPath));\n\n  try {\n    // Load config via Vite's module runner (TS + extensionless import support)\n    const { runnerImport } = await import(\"vite\");\n    const { module: mod } = await runnerImport(configPath, {\n      root,\n      logLevel: \"error\",\n      clearScreen: false,\n      resolve: {\n        alias: tsconfigAliases,\n        // Include `.cjs` and `.cts` so `vite-plugin-commonjs` recognises\n        // those extensions (the plugin keys off `config.resolve.extensions`,\n        // which on Vite defaults to `[.mjs, .js, .mts, .ts, .jsx, .tsx,\n        // .json]` — no CJS extensions). This also lets the runner's resolver\n        // find `./foo` style imports that resolve to a `.cjs`/`.cts` sibling.\n        extensions: [\".mjs\", \".js\", \".cjs\", \".mts\", \".ts\", \".cts\", \".jsx\", \".tsx\", \".json\"],\n      },\n      // Only inject CJS globals for TypeScript config flavours. Next.js\n      // applies its `Module._compile` / SWC pipeline (which exposes the\n      // CJS globals) exclusively to `.ts`/`.mts`/`.cts`; legacy `.js`/`.cjs`\n      // configs are loaded through Node and already have `require`/`module`,\n      // and `.mjs` configs are explicitly ESM-only.\n      //\n      // Pair that with `vite-plugin-commonjs` (the same plugin used for\n      // application code in index.ts) so sibling imports like `.cjs`/`.cts`,\n      // or `.js`/`.ts` files that assign to `module.exports`, are converted\n      // to ESM before Vite's runner evaluates them. The default `filter`\n      // skips `node_modules`; we opt back in so bare-import packages\n      // imported by next.config.* (e.g. CJS plugin wrappers) keep working —\n      // this mirrors how Next.js's SWC pipeline handles those imports too.\n      //\n      // The config file itself is excluded from `commonjs()`: when it needs\n      // CJS globals it goes through `cjsGlobalsInjectorPlugin`, which sets\n      // up a specific `__vinext_cjs_exports` wiring that `unwrapConfig` reads\n      // back. Letting both plugins inject `module = { exports: {} }` for the\n      // same source produces an `Identifier 'module' has already been\n      // declared` syntax error.\n      plugins: [\n        ...(/\\.[cm]?ts$/.test(configPath) ? [cjsGlobalsInjectorPlugin(configPath)] : []),\n        commonjs({\n          filter: (id: string) => {\n            const idPath = id.startsWith(\"file://\") ? fileURLToPath(id) : id.split(\"?\")[0];\n            const resolvedId = safeRealpath(path.resolve(idPath));\n            if (resolvedId === normalizedConfigPath) return false;\n            // Returning `true` forces the transform to run even for ids\n            // inside `node_modules` (default behaviour skips them);\n            // `undefined` falls through to the plugin's default for\n            // user code.\n            return id.includes(\"node_modules\") ? true : undefined;\n          },\n        }),\n      ],\n    });\n    return await unwrapConfig(mod, phase);\n  } catch (e) {\n    // If the error indicates a CJS file loaded in ESM context, retry with\n    // createRequire which provides a proper CommonJS environment.\n    if (isCjsError(e) && (filename.endsWith(\".js\") || filename.endsWith(\".cjs\"))) {\n      try {\n        return await loadConfigViaRequire(configPath, root, phase);\n      } catch (e2) {\n        warnConfigLoadFailure(filename, e2 as Error);\n        throw e2;\n      }\n    }\n\n    warnConfigLoadFailure(filename, e as Error);\n    throw e;\n  }\n}\n\n/**\n * Generate a UUID that doesn't contain \"ad\" to avoid false-positive ad-blocker hits.\n * Mirrors Next.js's own nanoid retry loop.\n */\nfunction safeUUID(): string {\n  let id = randomUUID();\n  while (/ad/i.test(id)) id = randomUUID();\n  return id;\n}\n\n/**\n * Call the user's generateBuildId function and validate its return value.\n * Follows Next.js semantics: null return falls back to a random UUID; any\n * other non-string throws. Leading/trailing whitespace is trimmed.\n *\n * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/generateBuildId\n */\nasync function resolveBuildId(\n  generate: (() => string | null | Promise<string | null>) | undefined,\n): Promise<string> {\n  if (!generate) return safeUUID();\n\n  const result = await generate();\n\n  if (result === null) return safeUUID();\n\n  if (typeof result !== \"string\") {\n    throw new Error(\n      \"generateBuildId did not return a string. https://nextjs.org/docs/messages/generatebuildid-not-a-string\",\n    );\n  }\n\n  const trimmed = result.trim();\n  if (trimmed.length === 0) {\n    throw new Error(\n      \"generateBuildId returned an empty string. https://nextjs.org/docs/messages/generatebuildid-not-a-string\",\n    );\n  }\n\n  return trimmed;\n}\n\n/**\n * Normalize the `assetPrefix` option from next.config.\n *\n * Accepts both absolute URLs (`https://cdn.example.com[/subpath]`) and\n * path prefixes (`/custom-asset-prefix`). Trailing slashes are trimmed.\n * Empty/whitespace-only strings are treated as unset and return `\"\"`.\n *\n * Path prefixes that omit the leading slash get one added so they always\n * begin with `/` — this matches how Next.js routes match against them.\n *\n * Non-string values are rejected to surface config mistakes early.\n *\n * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/assetPrefix\n */\nexport function normalizeAssetPrefix(value: unknown): string {\n  if (value === undefined || value === null || value === \"\") return \"\";\n\n  if (typeof value !== \"string\") {\n    throw new Error(\n      `Invalid \\`assetPrefix\\` configuration: must be a string, got ${typeof value}. ` +\n        `Accepts a path prefix (\"/custom-asset-prefix\") or an absolute URL ` +\n        `(\"https://cdn.example.com\").`,\n    );\n  }\n\n  // Avoid `replace(/\\/+$/, \"\")` — CodeQL flags it as polynomial backtracking\n  // on uncontrolled input. An explicit loop has the same effect with linear time.\n  let trimmed = value.trim();\n  while (trimmed.endsWith(\"/\")) trimmed = trimmed.slice(0, -1);\n  if (trimmed === \"\") return \"\";\n\n  // Absolute URL — keep origin verbatim, validate parseability so a typo\n  // surfaces at config-load time instead of as a confusing build error.\n  if (/^https?:\\/\\//i.test(trimmed)) {\n    if (!URL.canParse(trimmed)) {\n      throw new Error(`Invalid \\`assetPrefix\\` configuration: \"${value}\" is not a parseable URL.`);\n    }\n    return trimmed;\n  }\n\n  // Path prefix — always begin with \"/\", consistent with basePath.\n  return trimmed.startsWith(\"/\") ? trimmed : `/${trimmed}`;\n}\n\nfunction resolveDeploymentId(configDeploymentId: unknown): string | undefined {\n  const deploymentId =\n    configDeploymentId !== undefined ? configDeploymentId : process.env.NEXT_DEPLOYMENT_ID;\n  if (deploymentId === undefined || deploymentId === \"\") return undefined;\n\n  if (typeof deploymentId !== \"string\") {\n    throw new Error(\n      \"Invalid `deploymentId` configuration: must be a string. https://nextjs.org/docs/messages/deploymentid-not-a-string\",\n    );\n  }\n\n  if (!/^[a-zA-Z0-9_-]+$/.test(deploymentId)) {\n    throw new Error(\n      \"Invalid `deploymentId` configuration: contains invalid characters. Only alphanumeric characters, hyphens, and underscores are allowed. https://nextjs.org/docs/messages/deploymentid-invalid-characters\",\n    );\n  }\n\n  return deploymentId;\n}\n\n/**\n * Converts a cache handler path to a filesystem path.\n * ESM's import.meta.resolve() returns file:// URLs which break when concatenated\n * with path operations like path.join or path.relative.\n * @param filePath - Absolute path, relative path, or file:// URL (e.g. from import.meta.resolve)\n * @returns A filesystem path suitable for path operations\n */\nfunction resolveCacheHandlerPathToFilesystem(filePath: string): string {\n  if (filePath.startsWith(\"file://\")) {\n    return fileURLToPath(filePath);\n  }\n  return filePath;\n}\n\nfunction resolveHtmlLimitedBots(value: NextConfig[\"htmlLimitedBots\"]): string | undefined {\n  const source =\n    value instanceof RegExp ? value.source : typeof value === \"string\" ? value : undefined;\n  if (!source) return undefined;\n\n  try {\n    getHtmlLimitedBotRegex(source);\n  } catch (error) {\n    throw new Error(\n      'Invalid next.config option \"htmlLimitedBots\": expected a valid regular expression source',\n      { cause: error },\n    );\n  }\n\n  return source;\n}\n\nfunction readOptionalRecord(value: unknown): Record<string, unknown> | undefined {\n  return isUnknownRecord(value) ? value : undefined;\n}\n\nfunction readOptionalString(value: unknown): string | undefined {\n  return typeof value === \"string\" ? value : undefined;\n}\n\nfunction readOptionalBodySizeLimit(value: unknown): string | number | undefined {\n  return typeof value === \"string\" || typeof value === \"number\" ? value : undefined;\n}\n\nfunction readStringArray(value: unknown): string[] {\n  return Array.isArray(value)\n    ? value.filter((item): item is string => typeof item === \"string\")\n    : [];\n}\n\n/**\n * Serialize a `compiler.define` / `compiler.defineServer` map into the\n * Vite-friendly `Record<string, string>` shape where each value is already\n * a JSON-encoded literal of source code. Entries whose values are not a\n * string/number/boolean are silently dropped, matching how Next.js types\n * the API (other shapes are not part of the contract).\n *\n * Mirrors Next.js: packages/next/src/build/define-env.ts (serializeDefineEnv).\n */\nfunction serializeCompilerDefine(value: unknown): Record<string, string> {\n  if (!isUnknownRecord(value)) return {};\n  const out: Record<string, string> = {};\n  for (const [key, raw] of Object.entries(value)) {\n    if (typeof raw === \"string\" || typeof raw === \"number\" || typeof raw === \"boolean\") {\n      out[key] = JSON.stringify(raw);\n    }\n  }\n  return out;\n}\n\n/**\n * Defaults for `experimental.staleTimes` (in seconds), matching Next.js'\n * `config-shared.ts` defaults.\n */\nconst DEFAULT_STALE_TIMES = { dynamic: 0, static: 300 };\n\n/**\n * Parse `experimental.staleTimes` from a raw next.config object.\n *\n * Mirrors Next.js' `build/define-env.ts` parsing logic:\n *   - missing / NaN / negative values fall back to the documented defaults\n *     (`dynamic: 0`, `static: 300`) — matching Next.js parity and the\n *     non-negative guard in `resolvePrefetchCacheTtl`\n *   - all values are in seconds\n *\n * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/staleTimes\n */\nfunction resolveStaleTimes(experimental: Record<string, unknown> | undefined): {\n  dynamic: number;\n  static: number;\n} {\n  const staleTimes = readOptionalRecord(experimental?.staleTimes);\n  const dynamicRaw = Number(staleTimes?.dynamic);\n  const staticRaw = Number(staleTimes?.static);\n\n  return {\n    dynamic:\n      Number.isFinite(dynamicRaw) && dynamicRaw >= 0 ? dynamicRaw : DEFAULT_STALE_TIMES.dynamic,\n    static: Number.isFinite(staticRaw) && staticRaw >= 0 ? staticRaw : DEFAULT_STALE_TIMES.static,\n  };\n}\n\n/**\n * Resolve a NextConfig into a fully-resolved ResolvedNextConfig.\n * Awaits async functions for redirects/rewrites/headers.\n */\nexport async function resolveNextConfig(\n  config: NextConfig | null,\n  root: string = process.cwd(),\n): Promise<ResolvedNextConfig> {\n  if (!config) {\n    const buildId = await resolveBuildId(undefined);\n    const deploymentId = resolveDeploymentId(undefined);\n    const resolved: ResolvedNextConfig = {\n      env: {},\n      basePath: \"\",\n      assetPrefix: \"\",\n      trailingSlash: false,\n      output: \"\",\n      pageExtensions: normalizePageExtensions(),\n      cacheComponents: false,\n      redirects: [],\n      rewrites: { beforeFiles: [], afterFiles: [], fallback: [] },\n      headers: [],\n      images: undefined,\n      i18n: null,\n      mdx: null,\n      aliases: {},\n      allowedDevOrigins: [],\n      serverActionsAllowedOrigins: [],\n      optimizePackageImports: [],\n      inlineCss: false,\n      serverActionsBodySizeLimit: 1 * 1024 * 1024,\n      expireTime: DEFAULT_EXPIRE_TIME,\n      htmlLimitedBots: undefined,\n      serverExternalPackages: [],\n      cacheHandler: undefined,\n      cacheMaxMemorySize: undefined,\n      enablePrerenderSourceMaps: true,\n      hashSalt: process.env.NEXT_HASH_SALT ?? \"\",\n      buildId,\n      deploymentId,\n      sassOptions: null,\n      removeConsole: false,\n      disableOptimizedLoading: false,\n      compilerDefine: {},\n      compilerDefineServer: {},\n      instrumentationClientInject: [],\n      clientTraceMetadata: undefined,\n      staleTimes: { ...DEFAULT_STALE_TIMES },\n    };\n    detectNextIntlConfig(root, resolved);\n    return resolved;\n  }\n\n  // Resolve redirects\n  let redirects: NextRedirect[] = [];\n  if (config.redirects) {\n    const result = await config.redirects();\n    redirects = Array.isArray(result) ? result : [];\n  }\n\n  // Resolve rewrites\n  let rewrites: {\n    beforeFiles: NextRewrite[];\n    afterFiles: NextRewrite[];\n    fallback: NextRewrite[];\n  } = {\n    beforeFiles: [],\n    afterFiles: [],\n    fallback: [],\n  };\n  if (config.rewrites) {\n    const result = await config.rewrites();\n    if (Array.isArray(result)) {\n      rewrites.afterFiles = result;\n    } else {\n      rewrites = {\n        beforeFiles: result.beforeFiles ?? [],\n        afterFiles: result.afterFiles ?? [],\n        fallback: result.fallback ?? [],\n      };\n    }\n  }\n\n  {\n    const allRewrites = [...rewrites.beforeFiles, ...rewrites.afterFiles, ...rewrites.fallback];\n    const externalRewrites = allRewrites.filter((rewrite) => isExternalUrl(rewrite.destination));\n\n    if (externalRewrites.length > 0) {\n      const noun = externalRewrites.length === 1 ? \"external rewrite\" : \"external rewrites\";\n      const listing = externalRewrites\n        .map((rewrite) => `  ${rewrite.source} → ${rewrite.destination}`)\n        .join(\"\\n\");\n\n      console.warn(\n        `[vinext] Found ${externalRewrites.length} ${noun} that proxy requests to external origins:\\n` +\n          `${listing}\\n` +\n          `Request headers, including credential headers (cookie, authorization, proxy-authorization, x-api-key), ` +\n          `are forwarded to the external origin to match Next.js behavior. ` +\n          `If you do not want to forward credentials, use an API route or route handler where you control exactly which headers are sent.`,\n      );\n    }\n  }\n\n  // Resolve headers\n  let headers: NextHeader[] = [];\n  if (config.headers) {\n    headers = await config.headers();\n  }\n\n  // Probe wrapped webpack config once so alias extraction and MDX extraction\n  // observe the same mock environment.\n  const webpackProbe = await probeWebpackConfig(config, root);\n  const mdx = webpackProbe.mdx;\n  const aliases = {\n    ...extractTurboAliases(config, root),\n    ...webpackProbe.aliases,\n  };\n\n  const allowedDevOrigins = Array.isArray(config.allowedDevOrigins) ? config.allowedDevOrigins : [];\n\n  // Resolve serverActions.allowedOrigins and bodySizeLimit from experimental config\n  const experimental = readOptionalRecord(config.experimental);\n  const serverActionsConfig = readOptionalRecord(experimental?.serverActions);\n  const serverActionsAllowedOrigins = readStringArray(serverActionsConfig?.allowedOrigins);\n  const serverActionsBodySizeLimit = parseBodySizeLimit(\n    readOptionalBodySizeLimit(serverActionsConfig?.bodySizeLimit),\n  );\n\n  // Resolve hashSalt from experimental.outputHashSalt config + NEXT_HASH_SALT env var.\n  // Next.js concatenates them: config value first, then env var.\n  const configOutputHashSalt = readOptionalString(experimental?.outputHashSalt);\n  const hashSalt = (configOutputHashSalt ?? \"\") + (process.env.NEXT_HASH_SALT ?? \"\");\n  const htmlLimitedBots = resolveHtmlLimitedBots(config.htmlLimitedBots);\n\n  // Resolve optimizePackageImports from experimental config\n  const rawOptimize = experimental?.optimizePackageImports;\n  const optimizePackageImports = Array.isArray(rawOptimize)\n    ? rawOptimize.filter((x): x is string => typeof x === \"string\")\n    : [];\n  const inlineCss = experimental?.inlineCss === true;\n\n  // Resolve serverExternalPackages — support the current top-level key and the\n  // legacy experimental.serverComponentsExternalPackages name that Next.js still\n  // accepts (it moved out of experimental in Next.js 14.2).\n  const topLevelServerExternalPackages = Array.isArray(config.serverExternalPackages)\n    ? readStringArray(config.serverExternalPackages)\n    : undefined;\n  const legacyServerComponentsExternal = readStringArray(\n    experimental?.serverComponentsExternalPackages,\n  );\n  const serverExternalPackages = topLevelServerExternalPackages ?? legacyServerComponentsExternal;\n\n  // Warn about unsupported experimental.swcEnvOptions. vinext uses Vite for\n  // transforms, not SWC, so automatic polyfill injection is not applicable.\n  if (experimental?.swcEnvOptions !== undefined) {\n    console.warn(\n      '[vinext] next.config option \"experimental.swcEnvOptions\" is not applicable and will be ignored (vinext uses Vite, not SWC). ' +\n        \"A Vite-compatible polyfill solution may be explored in the future.\",\n    );\n  }\n\n  // `next/root-params` is now stable — no longer requires an experimental flag.\n  if (experimental?.rootParams !== undefined) {\n    console.warn(\n      \"[vinext] `experimental.rootParams` is no longer needed, because `next/root-params` is available by default. \" +\n        \"You can remove it from next.config.(js|mjs|ts).\",\n    );\n  }\n\n  // Warn about unsupported webpack usage. We preserve alias injection and\n  // extract MDX settings, but all other webpack customization is still ignored.\n  if (config.webpack !== undefined) {\n    if (mdx || Object.keys(webpackProbe.aliases).length > 0) {\n      console.warn(\n        '[vinext] next.config option \"webpack\" is only partially supported. ' +\n          \"vinext preserves resolve.alias entries and MDX loader settings, but other webpack customization is ignored\",\n      );\n    } else {\n      console.warn(\n        '[vinext] next.config option \"webpack\" is not yet supported and will be ignored',\n      );\n    }\n  }\n\n  const output = readOptionalString(config.output) ?? \"\";\n  if (output && output !== \"export\" && output !== \"standalone\") {\n    console.warn(`[vinext] Unknown output mode \"${output}\", ignoring`);\n  }\n\n  const pageExtensions = normalizePageExtensions(config.pageExtensions);\n\n  // Parse i18n config\n  let i18n: NextI18nConfig | null = null;\n  if (config.i18n) {\n    i18n = {\n      locales: config.i18n.locales,\n      defaultLocale: config.i18n.defaultLocale,\n      localeDetection: config.i18n.localeDetection ?? true,\n      domains: config.i18n.domains,\n    };\n  }\n\n  const buildId = await resolveBuildId(config.generateBuildId);\n  const deploymentId = resolveDeploymentId(config.deploymentId);\n\n  // Resolve cacheHandler path — handle file:// URLs from import.meta.resolve()\n  const cacheHandler: string | undefined =\n    typeof config.cacheHandler === \"string\"\n      ? resolveCacheHandlerPathToFilesystem(config.cacheHandler)\n      : undefined;\n\n  // Resolve cacheMaxMemorySize\n  const cacheMaxMemorySize: number | undefined =\n    typeof config.cacheMaxMemorySize === \"number\" ? config.cacheMaxMemorySize : undefined;\n\n  // Apply Next.js i18n locale-prefix transformation to redirects/rewrites.\n  // When i18n is configured and a rule does NOT carry `locale: false`, the\n  // source is rewritten to match locale-prefixed URLs. Rules with\n  // `locale: false` are left untouched so user-supplied `:locale` segments\n  // can capture the prefix themselves. Mirrors processRoutes() in\n  // packages/next/src/lib/load-custom-routes.ts.\n  if (i18n) {\n    const opts = { trailingSlash: config.trailingSlash ?? false };\n    redirects = applyLocaleToRoutes(redirects, i18n, \"redirect\", opts);\n    rewrites = {\n      beforeFiles: applyLocaleToRoutes(rewrites.beforeFiles, i18n, \"rewrite\", opts),\n      afterFiles: applyLocaleToRoutes(rewrites.afterFiles, i18n, \"rewrite\", opts),\n      fallback: applyLocaleToRoutes(rewrites.fallback, i18n, \"rewrite\", opts),\n    };\n  }\n\n  const resolved: ResolvedNextConfig = {\n    env: config.env ?? {},\n    basePath: config.basePath ?? \"\",\n    assetPrefix: normalizeAssetPrefix(config.assetPrefix),\n    trailingSlash: config.trailingSlash ?? false,\n    output: output === \"export\" || output === \"standalone\" ? output : \"\",\n    pageExtensions,\n    instrumentationClientInject: Array.isArray(config.instrumentationClientInject)\n      ? (config.instrumentationClientInject as unknown[]).filter(\n          (x): x is string => typeof x === \"string\",\n        )\n      : [],\n    cacheComponents: config.cacheComponents ?? false,\n    redirects,\n    rewrites,\n    headers,\n    images: config.images,\n    i18n,\n    mdx,\n    aliases,\n    allowedDevOrigins,\n    serverActionsAllowedOrigins,\n    optimizePackageImports,\n    inlineCss,\n    serverActionsBodySizeLimit,\n    expireTime: typeof config.expireTime === \"number\" ? config.expireTime : DEFAULT_EXPIRE_TIME,\n    htmlLimitedBots,\n    serverExternalPackages,\n    cacheHandler,\n    cacheMaxMemorySize,\n    enablePrerenderSourceMaps: config.enablePrerenderSourceMaps ?? true,\n    hashSalt,\n    buildId,\n    deploymentId,\n    sassOptions: readOptionalRecord(config.sassOptions) ?? null,\n    removeConsole:\n      config.compiler?.removeConsole === true\n        ? true\n        : isUnknownRecord(config.compiler?.removeConsole)\n          ? { exclude: readStringArray(config.compiler!.removeConsole.exclude) }\n          : false,\n    // Next.js stores this under `experimental.disableOptimizedLoading`.\n    // Default `false` matches Next.js: page scripts get `defer` in <head>.\n    disableOptimizedLoading: experimental?.disableOptimizedLoading === true,\n    compilerDefine: serializeCompilerDefine(config.compiler?.define),\n    compilerDefineServer: serializeCompilerDefine(config.compiler?.defineServer),\n    clientTraceMetadata: Array.isArray(experimental?.clientTraceMetadata)\n      ? (experimental.clientTraceMetadata as unknown[]).filter(\n          (value): value is string => typeof value === \"string\",\n        )\n      : undefined,\n    staleTimes: resolveStaleTimes(experimental),\n  };\n\n  // Auto-detect next-intl (lowest priority — explicit aliases from\n  // webpack/turbopack already in `aliases` take precedence)\n  detectNextIntlConfig(root, resolved);\n\n  // Parity with Next.js: when `basePath` is configured but `assetPrefix` is\n  // not, fall back to using `basePath` as the asset prefix. This ensures the\n  // on-disk layout under `dist/client` is rooted at `<basePath>/_next/static/`\n  // (matching the URL Vite emits via `base + assetsDir`), so Cloudflare's\n  // ASSETS binding and the prod-server static layer can serve requests\n  // verbatim without any runtime path rewriting.\n  //\n  // Mirrors Next.js: packages/next/src/server/config.ts:509-532\n  // https://github.com/vercel/next.js/blob/canary/packages/next/src/server/config.ts\n  // Conditions copied verbatim:\n  //   - `basePath !== \"\"` (skips when basePath is unset)\n  //   - `basePath !== \"/\"` (Next.js rejects this earlier, but we mirror the\n  //     guard so we don't silently produce `assetPrefix === \"/\"`)\n  //   - `assetPrefix === \"\"` (user did not explicitly opt out by setting it)\n  if (resolved.basePath !== \"\" && resolved.basePath !== \"/\" && resolved.assetPrefix === \"\") {\n    resolved.assetPrefix = resolved.basePath;\n  }\n\n  return resolved;\n}\n\nfunction normalizeAliasEntries(\n  aliases: Record<string, unknown> | undefined,\n  root: string,\n): Record<string, string> {\n  if (!aliases) return {};\n\n  const normalized: Record<string, string> = {};\n  for (const [key, value] of Object.entries(aliases)) {\n    if (typeof value !== \"string\") continue;\n    normalized[key] = path.isAbsolute(value) ? value : path.resolve(root, value);\n  }\n  return normalized;\n}\n\nfunction extractTurboAliases(config: NextConfig, root: string): Record<string, string> {\n  const experimental = readOptionalRecord(config.experimental);\n  const experimentalTurbo = readOptionalRecord(experimental?.turbo);\n  const topLevelTurbopack = readOptionalRecord(config.turbopack);\n\n  return {\n    ...normalizeAliasEntries(readOptionalRecord(experimentalTurbo?.resolveAlias), root),\n    ...normalizeAliasEntries(readOptionalRecord(topLevelTurbopack?.resolveAlias), root),\n  };\n}\n\nasync function probeWebpackConfig(\n  config: NextConfig,\n  root: string,\n): Promise<{ aliases: Record<string, string>; mdx: MdxOptions | null }> {\n  if (typeof config.webpack !== \"function\") {\n    return { aliases: {}, mdx: null };\n  }\n\n  // oxlint-disable-next-line typescript/no-explicit-any\n  const mockModuleRules: any[] = [];\n  const mockResolve: { alias: Record<string, unknown> } = { alias: {} };\n  const mockConfig = {\n    context: root,\n    resolve: mockResolve,\n    module: { rules: mockModuleRules },\n    // oxlint-disable-next-line typescript/no-explicit-any\n    plugins: [] as any[],\n  };\n  const mockOptions = {\n    defaultLoaders: { babel: { loader: \"next-babel-loader\" } },\n    isServer: false,\n    dev: false,\n    dir: root,\n  };\n\n  try {\n    // oxlint-disable-next-line typescript/no-unsafe-function-type\n    const result = await (config.webpack as Function)(mockConfig, mockOptions);\n    const finalConfig = result ?? mockConfig;\n    // oxlint-disable-next-line typescript/no-explicit-any\n    const rules: any[] = finalConfig.module?.rules ?? mockModuleRules;\n    // Invoke loader callbacks for any side effects on `process.env`.\n    // Next.js webpack loaders sometimes mutate `process.env.X = ...` at\n    // compile time (see issue #1500), and vinext otherwise never sees the\n    // value because we don't run the webpack loader pipeline. Calling each\n    // loader once with a dummy source lets build-time env mutations land in\n    // the shared Node process so they become visible to defines and\n    // server-side code during the same build.\n    invokeLoaderSideEffects(rules, root);\n    return {\n      aliases: normalizeAliasEntries(finalConfig.resolve?.alias, root),\n      mdx: extractMdxOptionsFromRules(rules),\n    };\n  } catch {\n    return { aliases: {}, mdx: null };\n  }\n}\n\n/**\n * Walk webpack module rules and invoke each referenced loader once with a\n * dummy source string. Loaders that mutate `process.env` at compile time (a\n * pattern supported by Next.js' webpack pipeline — see issue #1500) get a\n * chance to land their mutations before vinext computes its defines.\n * Failures are swallowed: a loader throwing on dummy input must not break\n * the build, since vinext doesn't actually use the loader's transform output.\n */\n// oxlint-disable-next-line typescript/no-explicit-any\nfunction invokeLoaderSideEffects(rules: any[], root: string): void {\n  const require = createRequire(path.join(root, \"package.json\"));\n  const seen = new Set<unknown>();\n\n  // oxlint-disable-next-line typescript/no-explicit-any\n  const invokeLoaderEntry = (entry: any, ruleOptions?: unknown): void => {\n    if (!entry) return;\n    let loaderPath: string | undefined;\n    let loaderFn: unknown;\n    let options: unknown = ruleOptions;\n    if (typeof entry === \"string\") {\n      loaderPath = entry;\n    } else if (typeof entry === \"function\") {\n      loaderFn = entry;\n    } else if (typeof entry === \"object\") {\n      // oxlint-disable-next-line typescript/no-explicit-any\n      const e = entry as any;\n      if (typeof e.loader === \"string\") loaderPath = e.loader;\n      else if (typeof e.loader === \"function\") loaderFn = e.loader;\n      if (e.options !== undefined) options = e.options;\n    }\n    if (loaderPath !== undefined) {\n      if (seen.has(loaderPath)) return;\n      seen.add(loaderPath);\n      // Skip well-known framework loaders. These don't typically mutate\n      // process.env and may pull in heavy dependencies or fail to resolve\n      // outside webpack's loader runtime.\n      if (\n        loaderPath.includes(\"next-babel-loader\") ||\n        loaderPath.includes(\"mdx\") ||\n        loaderPath.startsWith(\"next/dist/build/webpack\")\n      ) {\n        return;\n      }\n      try {\n        loaderFn = require(loaderPath);\n        if (\n          loaderFn &&\n          typeof loaderFn === \"object\" &&\n          // oxlint-disable-next-line typescript/no-explicit-any\n          typeof (loaderFn as any).default === \"function\"\n        ) {\n          // oxlint-disable-next-line typescript/no-explicit-any\n          loaderFn = (loaderFn as any).default;\n        }\n      } catch {\n        return;\n      }\n    }\n    if (typeof loaderFn !== \"function\") return;\n    if (seen.has(loaderFn)) return;\n    seen.add(loaderFn);\n    try {\n      // Mimic the webpack loader runtime: `this` carries getOptions(),\n      // query, callback(), async(), etc. We stub the minimum a typical\n      // loader might touch. We don't care about the return value — only\n      // side effects on process.env.\n      const loaderThis = {\n        async: () => () => {},\n        callback: () => {},\n        emitError: () => {},\n        emitWarning: () => {},\n        cacheable: () => {},\n        getOptions: () => options ?? {},\n        query: options ?? {},\n        resourcePath: \"\",\n        resource: \"\",\n        rootContext: root,\n        context: root,\n        mode: \"production\",\n      };\n      // oxlint-disable-next-line typescript/no-unsafe-function-type\n      (loaderFn as Function).call(loaderThis, \"\");\n    } catch {\n      // Ignore — the loader may have thrown on the dummy source.\n      // process.env mutations made before the throw still apply.\n    }\n  };\n\n  // oxlint-disable-next-line typescript/no-explicit-any\n  const visit = (rule: any): void => {\n    if (!rule || typeof rule !== \"object\") return;\n    if (Array.isArray(rule)) {\n      for (const child of rule) visit(child);\n      return;\n    }\n    if (Array.isArray(rule.oneOf)) for (const child of rule.oneOf) visit(child);\n    if (Array.isArray(rule.rules)) for (const child of rule.rules) visit(child);\n    const uses = Array.isArray(rule.use) ? rule.use : rule.use ? [rule.use] : [];\n    for (const use of uses) invokeLoaderEntry(use);\n    if (rule.loader !== undefined) invokeLoaderEntry(rule.loader, rule.options);\n  };\n\n  for (const rule of rules) visit(rule);\n}\n\n/**\n * Extract MDX compilation options (remark/rehype/recma plugins) from\n * a Next.js config that uses @next/mdx.\n *\n * @next/mdx wraps the config with a webpack function that injects an MDX\n * loader rule. The remark/rehype plugins are captured in that closure.\n * We probe the webpack function with a mock config to extract them.\n */\nexport async function extractMdxOptions(\n  config: NextConfig,\n  root: string = process.cwd(),\n): Promise<MdxOptions | null> {\n  return (await probeWebpackConfig(config, root)).mdx;\n}\n\n/**\n * Probe file candidates relative to root. Returns the first one that exists,\n * or null if none match.\n */\nfunction probeFiles(root: string, candidates: string[]): string | null {\n  for (const candidate of candidates) {\n    const abs = path.resolve(root, candidate);\n    if (fs.existsSync(abs)) return abs;\n  }\n  return null;\n}\n\nconst I18N_REQUEST_CANDIDATES = [\n  \"i18n/request.ts\",\n  \"i18n/request.tsx\",\n  \"i18n/request.js\",\n  \"i18n/request.jsx\",\n  \"src/i18n/request.ts\",\n  \"src/i18n/request.tsx\",\n  \"src/i18n/request.js\",\n  \"src/i18n/request.jsx\",\n];\n\n/**\n * Detect next-intl in the project and auto-register the `next-intl/config`\n * alias if needed.\n *\n * next-intl's `createNextIntlPlugin()` crashes in vinext because it calls\n * `require('next/package.json')` to check the Next.js version. Instead,\n * vinext detects next-intl and registers the alias automatically.\n *\n * Note: `require.resolve('next-intl')` walks up to parent `node_modules`\n * directories via standard Node module resolution. In a monorepo, next-intl\n * installed at the workspace root will trigger detection even if not listed\n * in the project's own package.json. This is acceptable since a workspace-root\n * install implies the user wants it available.\n *\n * Mutates `resolved.aliases` and `resolved.env` in place.\n */\nexport function detectNextIntlConfig(root: string, resolved: ResolvedNextConfig): void {\n  // Explicit alias wins — user or plugin already set it\n  if (resolved.aliases[\"next-intl/config\"]) return;\n\n  // Check if next-intl is installed (use main entry — some packages\n  // don't expose ./package.json in their exports map)\n  const require = createRequire(path.join(root, \"package.json\"));\n  try {\n    require.resolve(\"next-intl\");\n  } catch {\n    return; // next-intl not installed\n  }\n\n  // Probe for the i18n request config file\n  const configPath = probeFiles(root, I18N_REQUEST_CANDIDATES);\n  if (!configPath) return;\n\n  resolved.aliases[\"next-intl/config\"] = configPath;\n\n  if (resolved.trailingSlash) {\n    resolved.env._next_intl_trailing_slash = \"true\";\n  }\n}\n\n// oxlint-disable-next-line typescript/no-explicit-any\nfunction extractMdxOptionsFromRules(rules: any[]): MdxOptions | null {\n  // Search through webpack rules for the MDX loader injected by @next/mdx\n  for (const rule of rules) {\n    const loaders = extractMdxLoaders(rule);\n    if (loaders) return loaders;\n  }\n  return null;\n}\n\n/**\n * Recursively search a webpack rule (which may have nested `oneOf` arrays)\n * for an MDX loader and extract its remark/rehype/recma plugin options.\n */\n// oxlint-disable-next-line typescript/no-explicit-any\nfunction extractMdxLoaders(rule: any): MdxOptions | null {\n  if (!rule) return null;\n\n  // Check `oneOf` arrays (Next.js uses these extensively)\n  if (Array.isArray(rule.oneOf)) {\n    for (const child of rule.oneOf) {\n      const result = extractMdxLoaders(child);\n      if (result) return result;\n    }\n  }\n\n  // Check `use` array (loader chain)\n  const use = Array.isArray(rule.use) ? rule.use : rule.use ? [rule.use] : [];\n  for (const loader of use) {\n    const loaderPath = typeof loader === \"string\" ? loader : loader?.loader;\n    if (typeof loaderPath === \"string\" && isMdxLoader(loaderPath)) {\n      const opts = typeof loader === \"object\" ? loader.options : {};\n      return extractPluginsFromOptions(opts);\n    }\n  }\n\n  // Check direct `loader` field\n  if (typeof rule.loader === \"string\" && isMdxLoader(rule.loader)) {\n    return extractPluginsFromOptions(rule.options);\n  }\n\n  return null;\n}\n\nfunction isMdxLoader(loaderPath: string): boolean {\n  return (\n    loaderPath.includes(\"mdx\") &&\n    (loaderPath.includes(\"@next\") ||\n      loaderPath.includes(\"@mdx-js\") ||\n      loaderPath.includes(\"mdx-js-loader\") ||\n      loaderPath.includes(\"next-mdx\"))\n  );\n}\n\n// oxlint-disable-next-line typescript/no-explicit-any\nfunction extractPluginsFromOptions(opts: any): MdxOptions | null {\n  if (!opts || typeof opts !== \"object\") return null;\n\n  const remarkPlugins = Array.isArray(opts.remarkPlugins) ? opts.remarkPlugins : undefined;\n  const rehypePlugins = Array.isArray(opts.rehypePlugins) ? opts.rehypePlugins : undefined;\n  const recmaPlugins = Array.isArray(opts.recmaPlugins) ? opts.recmaPlugins : undefined;\n\n  // Only return if at least one plugin array is non-empty\n  if (\n    (remarkPlugins && remarkPlugins.length > 0) ||\n    (rehypePlugins && rehypePlugins.length > 0) ||\n    (recmaPlugins && recmaPlugins.length > 0)\n  ) {\n    return {\n      ...(remarkPlugins && remarkPlugins.length > 0 ? { remarkPlugins } : {}),\n      ...(rehypePlugins && rehypePlugins.length > 0 ? { rehypePlugins } : {}),\n      ...(recmaPlugins && recmaPlugins.length > 0 ? { recmaPlugins } : {}),\n    };\n  }\n\n  return null;\n}\n\nexport { PHASE_PRODUCTION_BUILD } from \"vinext/shims/constants\";\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AA0BA,SAAgB,mBAAmB,OAAmD;CACpF,IAAI,UAAU,KAAA,KAAa,UAAU,MAAM,OAAO,IAAI,OAAO;CAC7D,IAAI,OAAO,UAAU,UAAU;EAC7B,IAAI,QAAQ,GAAG,MAAM,IAAI,MAAM,kDAAkD,QAAQ;EACzF,OAAO;;CAGT,MAAM,QADU,MAAM,MACD,CAAC,MAAM,2CAA2C;CACvE,IAAI,CAAC,OAAO;EACV,QAAQ,KACN,0CAA0C,MAAM,4EACjD;EACD,OAAO,IAAI,OAAO;;CAEpB,MAAM,MAAM,WAAW,MAAM,GAAG;CAChC,MAAM,QAAQ,MAAM,MAAM,KAAK,aAAa;CAC5C,IAAI;CACJ,QAAQ,MAAR;EACE,KAAK;GACH,QAAQ,KAAK,MAAM,IAAI;GACvB;EACF,KAAK;GACH,QAAQ,KAAK,MAAM,MAAM,KAAK;GAC9B;EACF,KAAK;GACH,QAAQ,KAAK,MAAM,MAAM,OAAO,KAAK;GACrC;EACF,KAAK;GACH,QAAQ,KAAK,MAAM,MAAM,OAAO,OAAO,KAAK;GAC5C;EACF,KAAK;GACH,QAAQ,KAAK,MAAM,MAAM,OAAO,OAAO,OAAO,KAAK;GACnD;EACF,KAAK;GACH,QAAQ,KAAK,MAAM,MAAM,OAAO,OAAO,OAAO,OAAO,KAAK;GAC1D;EACF,SACE,OAAO,IAAI,OAAO;;CAEtB,IAAI,QAAQ,GAAG,MAAM,IAAI,MAAM,kDAAkD,QAAQ;CACzF,OAAO;;AAmYT,MAAM,eAAe;CACnB;CACA;CACA;CACA;CACA;CACD;AACD,MAAM,sBAAsB;;;;;AAM5B,SAAS,WAAW,GAAqB;CACvC,IAAI,EAAE,aAAa,QAAQ,OAAO;CAClC,MAAM,MAAM,EAAE;CACd,OACE,IAAI,SAAS,4BAA4B,IACzC,IAAI,SAAS,yBAAyB,IACtC,IAAI,SAAS,yBAAyB,IACtC,IAAI,SAAS,wBAAwB,IACrC,IAAI,SAAS,2BAA2B,IACxC,IAAI,SAAS,4BAA4B;;AAQ7C,MAAM,gBAAgB;;;;;AAMtB,SAAS,sBAAsB,UAAkB,KAAkB;CACjE,MAAM,MAAM,IAAI,WAAW;CAC3B,MAAM,QAAQ,IAAI,SAAS;CAC3B,MAAM,mBACJ,IAAI,SAAS,YAAY,IACzB,MAAM,SAAS,mBAAmB,IAClC,MAAM,SAAS,iBAAiB;CAElC,QAAQ,KAAK;CACb,QAAQ,MAAM,2BAA2B,SAAS,IAAI,MAAM;CAC5D,QAAQ,KAAK;CACb,IAAI,kBACF,QAAQ,KACN,gNAGD;;;;;;AAQL,eAAe,mBACb,QACA,QAAgB,eACK;CACrB,IAAI,OAAO,WAAW,YAIpB,OAAO,MAHc,OAAO,OAAO,EACjC,eAAe,EAAE,EAClB,CAAC;CAGJ,OAAO;;;;;;;;;AAUT,MAAM,yBAAyB;;;;;;;;;AAU/B,MAAM,yBAAyB;;;;;;;;;;;;;;;;AAiB/B,eAAe,aAEb,KACA,QAAgB,0BACK;CAErB,MAAM,cADY,MAAM,0BACM;CAC9B,MAAM,aAAa,MAAM;CAOzB,IALE,eAAe,KAAA,KACf,eAAe,SAEd,eAAe,cACb,OAAO,eAAe,YAAY,OAAO,KAAK,WAAW,CAAC,SAAS,IAEtE,OAAO,MAAM,mBAAmB,YAAY,MAAM;CAEpD,OAAO,MAAM,mBAAmB,IAAI,WAAW,KAAK,MAAM;;;;;;AAO5D,SAAS,aAAa,GAAmB;CACvC,IAAI;EACF,OAAO,GAAG,aAAa,EAAE;SACnB;EACN,OAAO;;;;;;;;;;;;;;;;;;AAmBX,SAAgB,qBAAqB,QAAyB;CAC5D,OAAO,sDAAsD,KAAK,OAAO;;;;;;;;;;;;;;;;;;;AAoB3E,SAAgB,uBAAuB,QAAyB;CAG9D,OAAO,2EAA2E,KAAK,OAAO;;;;;;;;;;;;;;;;;;;;;;;;AAyBhG,SAAS,yBAAyB,YAKhC;CAKA,MAAM,mBAAmB,aAAa,KAAK,QAAQ,WAAW,CAAC;CAC/D,OAAO;EACL,MAAM;EACN,SAAS;EACT,UAAU,MAAc,IAAY;GAElC,MAAM,SAAS,GAAG,WAAW,UAAU,GAAG,cAAc,GAAG,GAAG,GAAG,MAAM,IAAI,CAAC;GAE5E,IADmB,aAAa,KAAK,QAAQ,OAAO,CACtC,KAAK,kBAAkB,OAAO;GAM5C,IAAI,CAAC,qBAAqB,KAAK,EAAE,OAAO;GAExC,MAAM,UAAU,KAAK,QAAQ,iBAAiB;GAE9C,MAAM,kBAAkB,KAAK,UAAU,iBAAiB;GACxD,MAAM,iBAAiB,KAAK,UAAU,QAAQ;GAC9C,MAAM,qBAAqB,KAAK,UAAU,KAAK,KAAK,SAAS,eAAe,CAAC;GAO7E,MAAM,cADqB,uBAAuB,KACZ,GAClC;;;eAGgB,uBAAuB,2BACvB,uBAAuB,gCACvC;GAWJ,OAAO;IACL,MAPA,6FACsB,gBAAgB,uBACjB,eAAe,2CACK,mBAAmB,QAC5D,cAGiB;IACjB,KAAK;IACN;;EAEJ;;AAGH,SAAgB,mBAAmB,MAA6B;CAC9D,KAAK,MAAM,YAAY,cAAc;EACnC,MAAM,aAAa,KAAK,KAAK,MAAM,SAAS;EAC5C,IAAI,GAAG,WAAW,WAAW,EAAE,OAAO;;CAExC,OAAO;;AAGT,eAAsB,uBACpB,QACA,QAAgB,0BACK;CAGrB,OAAO,MAAM,mBAAmB,QAAQ,MAAM;;;;;;;;;;;;;AAchD,eAAe,qBACb,YACA,MACA,OACqB;CACrB,MAAM,UAAU,cAAc,KAAK,KAAK,MAAM,eAAe,CAAC;CAC9D,IAAI;EACF,OAAO,MAAM,aAAa,QAAQ,WAAW,EAAE,MAAM;UAC9C,GAAG;EACV,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,WAAW,SAAS,MAAM,EAAE,MAAM;EACzD,OAAO,MAAM,yBAAyB,YAAY,MAAM,MAAM;;;AAIlE,eAAe,yBACb,YACA,MACA,OACqB;CACrB,MAAM,MAAM,KAAK,QAAQ,WAAW;CAGpC,MAAM,UAAU,KAAK,KAAK,KAAK,uBAAuB,QAAQ,IAAI,GAAG,KAAK,KAAK,CAAC,MAAM;CACtF,GAAG,aAAa,YAAY,QAAQ;CACpC,IAAI;EAEF,OAAO,MAAM,aADG,cAAc,KAAK,KAAK,MAAM,eAAe,CAC5B,CAAC,QAAQ,EAAE,MAAM;WAC1C;EACR,IAAI;GACF,GAAG,WAAW,QAAQ;UAChB;;;;;;;;;;;;;;AAiBZ,eAAsB,eACpB,MACA,QAAgB,eACY;CAC5B,MAAM,aAAa,mBAAmB,KAAK;CAC3C,IAAI,CAAC,YAAY,OAAO;CAExB,MAAM,WAAW,KAAK,SAAS,WAAW;CAO1C,MAAM,kBAAkB,+BAA+B,KAAK;CAK5D,MAAM,uBAAuB,aAAa,KAAK,QAAQ,WAAW,CAAC;CAEnE,IAAI;EAEF,MAAM,EAAE,iBAAiB,MAAM,OAAO;EACtC,MAAM,EAAE,QAAQ,QAAQ,MAAM,aAAa,YAAY;GACrD;GACA,UAAU;GACV,aAAa;GACb,SAAS;IACP,OAAO;IAMP,YAAY;KAAC;KAAQ;KAAO;KAAQ;KAAQ;KAAO;KAAQ;KAAQ;KAAQ;KAAQ;IACpF;GAqBD,SAAS,CACP,GAAI,aAAa,KAAK,WAAW,GAAG,CAAC,yBAAyB,WAAW,CAAC,GAAG,EAAE,EAC/E,SAAS,EACP,SAAS,OAAe;IACtB,MAAM,SAAS,GAAG,WAAW,UAAU,GAAG,cAAc,GAAG,GAAG,GAAG,MAAM,IAAI,CAAC;IAE5E,IADmB,aAAa,KAAK,QAAQ,OAAO,CACtC,KAAK,sBAAsB,OAAO;IAKhD,OAAO,GAAG,SAAS,eAAe,GAAG,OAAO,KAAA;MAE/C,CAAC,CACH;GACF,CAAC;EACF,OAAO,MAAM,aAAa,KAAK,MAAM;UAC9B,GAAG;EAGV,IAAI,WAAW,EAAE,KAAK,SAAS,SAAS,MAAM,IAAI,SAAS,SAAS,OAAO,GACzE,IAAI;GACF,OAAO,MAAM,qBAAqB,YAAY,MAAM,MAAM;WACnD,IAAI;GACX,sBAAsB,UAAU,GAAY;GAC5C,MAAM;;EAIV,sBAAsB,UAAU,EAAW;EAC3C,MAAM;;;;;;;AAQV,SAAS,WAAmB;CAC1B,IAAI,KAAK,YAAY;CACrB,OAAO,MAAM,KAAK,GAAG,EAAE,KAAK,YAAY;CACxC,OAAO;;;;;;;;;AAUT,eAAe,eACb,UACiB;CACjB,IAAI,CAAC,UAAU,OAAO,UAAU;CAEhC,MAAM,SAAS,MAAM,UAAU;CAE/B,IAAI,WAAW,MAAM,OAAO,UAAU;CAEtC,IAAI,OAAO,WAAW,UACpB,MAAM,IAAI,MACR,yGACD;CAGH,MAAM,UAAU,OAAO,MAAM;CAC7B,IAAI,QAAQ,WAAW,GACrB,MAAM,IAAI,MACR,0GACD;CAGH,OAAO;;;;;;;;;;;;;;;;AAiBT,SAAgB,qBAAqB,OAAwB;CAC3D,IAAI,UAAU,KAAA,KAAa,UAAU,QAAQ,UAAU,IAAI,OAAO;CAElE,IAAI,OAAO,UAAU,UACnB,MAAM,IAAI,MACR,gEAAgE,OAAO,MAAM,kGAG9E;CAKH,IAAI,UAAU,MAAM,MAAM;CAC1B,OAAO,QAAQ,SAAS,IAAI,EAAE,UAAU,QAAQ,MAAM,GAAG,GAAG;CAC5D,IAAI,YAAY,IAAI,OAAO;CAI3B,IAAI,gBAAgB,KAAK,QAAQ,EAAE;EACjC,IAAI,CAAC,IAAI,SAAS,QAAQ,EACxB,MAAM,IAAI,MAAM,2CAA2C,MAAM,2BAA2B;EAE9F,OAAO;;CAIT,OAAO,QAAQ,WAAW,IAAI,GAAG,UAAU,IAAI;;AAGjD,SAAS,oBAAoB,oBAAiD;CAC5E,MAAM,eACJ,uBAAuB,KAAA,IAAY,qBAAqB,QAAQ,IAAI;CACtE,IAAI,iBAAiB,KAAA,KAAa,iBAAiB,IAAI,OAAO,KAAA;CAE9D,IAAI,OAAO,iBAAiB,UAC1B,MAAM,IAAI,MACR,qHACD;CAGH,IAAI,CAAC,mBAAmB,KAAK,aAAa,EACxC,MAAM,IAAI,MACR,0MACD;CAGH,OAAO;;;;;;;;;AAUT,SAAS,oCAAoC,UAA0B;CACrE,IAAI,SAAS,WAAW,UAAU,EAChC,OAAO,cAAc,SAAS;CAEhC,OAAO;;AAGT,SAAS,uBAAuB,OAA0D;CACxF,MAAM,SACJ,iBAAiB,SAAS,MAAM,SAAS,OAAO,UAAU,WAAW,QAAQ,KAAA;CAC/E,IAAI,CAAC,QAAQ,OAAO,KAAA;CAEpB,IAAI;EACF,uBAAuB,OAAO;UACvB,OAAO;EACd,MAAM,IAAI,MACR,8FACA,EAAE,OAAO,OAAO,CACjB;;CAGH,OAAO;;AAGT,SAAS,mBAAmB,OAAqD;CAC/E,OAAO,gBAAgB,MAAM,GAAG,QAAQ,KAAA;;AAG1C,SAAS,mBAAmB,OAAoC;CAC9D,OAAO,OAAO,UAAU,WAAW,QAAQ,KAAA;;AAG7C,SAAS,0BAA0B,OAA6C;CAC9E,OAAO,OAAO,UAAU,YAAY,OAAO,UAAU,WAAW,QAAQ,KAAA;;AAG1E,SAAS,gBAAgB,OAA0B;CACjD,OAAO,MAAM,QAAQ,MAAM,GACvB,MAAM,QAAQ,SAAyB,OAAO,SAAS,SAAS,GAChE,EAAE;;;;;;;;;;;AAYR,SAAS,wBAAwB,OAAwC;CACvE,IAAI,CAAC,gBAAgB,MAAM,EAAE,OAAO,EAAE;CACtC,MAAM,MAA8B,EAAE;CACtC,KAAK,MAAM,CAAC,KAAK,QAAQ,OAAO,QAAQ,MAAM,EAC5C,IAAI,OAAO,QAAQ,YAAY,OAAO,QAAQ,YAAY,OAAO,QAAQ,WACvE,IAAI,OAAO,KAAK,UAAU,IAAI;CAGlC,OAAO;;;;;;AAOT,MAAM,sBAAsB;CAAE,SAAS;CAAG,QAAQ;CAAK;;;;;;;;;;;;AAavD,SAAS,kBAAkB,cAGzB;CACA,MAAM,aAAa,mBAAmB,cAAc,WAAW;CAC/D,MAAM,aAAa,OAAO,YAAY,QAAQ;CAC9C,MAAM,YAAY,OAAO,YAAY,OAAO;CAE5C,OAAO;EACL,SACE,OAAO,SAAS,WAAW,IAAI,cAAc,IAAI,aAAa,oBAAoB;EACpF,QAAQ,OAAO,SAAS,UAAU,IAAI,aAAa,IAAI,YAAY,oBAAoB;EACxF;;;;;;AAOH,eAAsB,kBACpB,QACA,OAAe,QAAQ,KAAK,EACC;CAC7B,IAAI,CAAC,QAAQ;EACX,MAAM,UAAU,MAAM,eAAe,KAAA,EAAU;EAC/C,MAAM,eAAe,oBAAoB,KAAA,EAAU;EACnD,MAAM,WAA+B;GACnC,KAAK,EAAE;GACP,UAAU;GACV,aAAa;GACb,eAAe;GACf,QAAQ;GACR,gBAAgB,yBAAyB;GACzC,iBAAiB;GACjB,WAAW,EAAE;GACb,UAAU;IAAE,aAAa,EAAE;IAAE,YAAY,EAAE;IAAE,UAAU,EAAE;IAAE;GAC3D,SAAS,EAAE;GACX,QAAQ,KAAA;GACR,MAAM;GACN,KAAK;GACL,SAAS,EAAE;GACX,mBAAmB,EAAE;GACrB,6BAA6B,EAAE;GAC/B,wBAAwB,EAAE;GAC1B,WAAW;GACX,4BAA4B,IAAI,OAAO;GACvC,YAAY;GACZ,iBAAiB,KAAA;GACjB,wBAAwB,EAAE;GAC1B,cAAc,KAAA;GACd,oBAAoB,KAAA;GACpB,2BAA2B;GAC3B,UAAU,QAAQ,IAAI,kBAAkB;GACxC;GACA;GACA,aAAa;GACb,eAAe;GACf,yBAAyB;GACzB,gBAAgB,EAAE;GAClB,sBAAsB,EAAE;GACxB,6BAA6B,EAAE;GAC/B,qBAAqB,KAAA;GACrB,YAAY,EAAE,GAAG,qBAAqB;GACvC;EACD,qBAAqB,MAAM,SAAS;EACpC,OAAO;;CAIT,IAAI,YAA4B,EAAE;CAClC,IAAI,OAAO,WAAW;EACpB,MAAM,SAAS,MAAM,OAAO,WAAW;EACvC,YAAY,MAAM,QAAQ,OAAO,GAAG,SAAS,EAAE;;CAIjD,IAAI,WAIA;EACF,aAAa,EAAE;EACf,YAAY,EAAE;EACd,UAAU,EAAE;EACb;CACD,IAAI,OAAO,UAAU;EACnB,MAAM,SAAS,MAAM,OAAO,UAAU;EACtC,IAAI,MAAM,QAAQ,OAAO,EACvB,SAAS,aAAa;OAEtB,WAAW;GACT,aAAa,OAAO,eAAe,EAAE;GACrC,YAAY,OAAO,cAAc,EAAE;GACnC,UAAU,OAAO,YAAY,EAAE;GAChC;;CAIL;EAEE,MAAM,mBAAmB;GADJ,GAAG,SAAS;GAAa,GAAG,SAAS;GAAY,GAAG,SAAS;GAC9C,CAAC,QAAQ,YAAY,cAAc,QAAQ,YAAY,CAAC;EAE5F,IAAI,iBAAiB,SAAS,GAAG;GAC/B,MAAM,OAAO,iBAAiB,WAAW,IAAI,qBAAqB;GAClE,MAAM,UAAU,iBACb,KAAK,YAAY,KAAK,QAAQ,OAAO,KAAK,QAAQ,cAAc,CAChE,KAAK,KAAK;GAEb,QAAQ,KACN,kBAAkB,iBAAiB,OAAO,GAAG,KAAK,6CAC7C,QAAQ,ySAId;;;CAKL,IAAI,UAAwB,EAAE;CAC9B,IAAI,OAAO,SACT,UAAU,MAAM,OAAO,SAAS;CAKlC,MAAM,eAAe,MAAM,mBAAmB,QAAQ,KAAK;CAC3D,MAAM,MAAM,aAAa;CACzB,MAAM,UAAU;EACd,GAAG,oBAAoB,QAAQ,KAAK;EACpC,GAAG,aAAa;EACjB;CAED,MAAM,oBAAoB,MAAM,QAAQ,OAAO,kBAAkB,GAAG,OAAO,oBAAoB,EAAE;CAGjG,MAAM,eAAe,mBAAmB,OAAO,aAAa;CAC5D,MAAM,sBAAsB,mBAAmB,cAAc,cAAc;CAC3E,MAAM,8BAA8B,gBAAgB,qBAAqB,eAAe;CACxF,MAAM,6BAA6B,mBACjC,0BAA0B,qBAAqB,cAAc,CAC9D;CAKD,MAAM,YADuB,mBAAmB,cAAc,eACxB,IAAI,OAAO,QAAQ,IAAI,kBAAkB;CAC/E,MAAM,kBAAkB,uBAAuB,OAAO,gBAAgB;CAGtE,MAAM,cAAc,cAAc;CAClC,MAAM,yBAAyB,MAAM,QAAQ,YAAY,GACrD,YAAY,QAAQ,MAAmB,OAAO,MAAM,SAAS,GAC7D,EAAE;CACN,MAAM,YAAY,cAAc,cAAc;CAK9C,MAAM,iCAAiC,MAAM,QAAQ,OAAO,uBAAuB,GAC/E,gBAAgB,OAAO,uBAAuB,GAC9C,KAAA;CACJ,MAAM,iCAAiC,gBACrC,cAAc,iCACf;CACD,MAAM,yBAAyB,kCAAkC;CAIjE,IAAI,cAAc,kBAAkB,KAAA,GAClC,QAAQ,KACN,mMAED;CAIH,IAAI,cAAc,eAAe,KAAA,GAC/B,QAAQ,KACN,8JAED;CAKH,IAAI,OAAO,YAAY,KAAA,GACrB,IAAI,OAAO,OAAO,KAAK,aAAa,QAAQ,CAAC,SAAS,GACpD,QAAQ,KACN,kLAED;MAED,QAAQ,KACN,mFACD;CAIL,MAAM,SAAS,mBAAmB,OAAO,OAAO,IAAI;CACpD,IAAI,UAAU,WAAW,YAAY,WAAW,cAC9C,QAAQ,KAAK,iCAAiC,OAAO,aAAa;CAGpE,MAAM,iBAAiB,wBAAwB,OAAO,eAAe;CAGrE,IAAI,OAA8B;CAClC,IAAI,OAAO,MACT,OAAO;EACL,SAAS,OAAO,KAAK;EACrB,eAAe,OAAO,KAAK;EAC3B,iBAAiB,OAAO,KAAK,mBAAmB;EAChD,SAAS,OAAO,KAAK;EACtB;CAGH,MAAM,UAAU,MAAM,eAAe,OAAO,gBAAgB;CAC5D,MAAM,eAAe,oBAAoB,OAAO,aAAa;CAG7D,MAAM,eACJ,OAAO,OAAO,iBAAiB,WAC3B,oCAAoC,OAAO,aAAa,GACxD,KAAA;CAGN,MAAM,qBACJ,OAAO,OAAO,uBAAuB,WAAW,OAAO,qBAAqB,KAAA;CAQ9E,IAAI,MAAM;EACR,MAAM,OAAO,EAAE,eAAe,OAAO,iBAAiB,OAAO;EAC7D,YAAY,oBAAoB,WAAW,MAAM,YAAY,KAAK;EAClE,WAAW;GACT,aAAa,oBAAoB,SAAS,aAAa,MAAM,WAAW,KAAK;GAC7E,YAAY,oBAAoB,SAAS,YAAY,MAAM,WAAW,KAAK;GAC3E,UAAU,oBAAoB,SAAS,UAAU,MAAM,WAAW,KAAK;GACxE;;CAGH,MAAM,WAA+B;EACnC,KAAK,OAAO,OAAO,EAAE;EACrB,UAAU,OAAO,YAAY;EAC7B,aAAa,qBAAqB,OAAO,YAAY;EACrD,eAAe,OAAO,iBAAiB;EACvC,QAAQ,WAAW,YAAY,WAAW,eAAe,SAAS;EAClE;EACA,6BAA6B,MAAM,QAAQ,OAAO,4BAA4B,GACzE,OAAO,4BAA0C,QAC/C,MAAmB,OAAO,MAAM,SAClC,GACD,EAAE;EACN,iBAAiB,OAAO,mBAAmB;EAC3C;EACA;EACA;EACA,QAAQ,OAAO;EACf;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA,YAAY,OAAO,OAAO,eAAe,WAAW,OAAO,aAAa;EACxE;EACA;EACA;EACA;EACA,2BAA2B,OAAO,6BAA6B;EAC/D;EACA;EACA;EACA,aAAa,mBAAmB,OAAO,YAAY,IAAI;EACvD,eACE,OAAO,UAAU,kBAAkB,OAC/B,OACA,gBAAgB,OAAO,UAAU,cAAc,GAC7C,EAAE,SAAS,gBAAgB,OAAO,SAAU,cAAc,QAAQ,EAAE,GACpE;EAGR,yBAAyB,cAAc,4BAA4B;EACnE,gBAAgB,wBAAwB,OAAO,UAAU,OAAO;EAChE,sBAAsB,wBAAwB,OAAO,UAAU,aAAa;EAC5E,qBAAqB,MAAM,QAAQ,cAAc,oBAAoB,GAChE,aAAa,oBAAkC,QAC7C,UAA2B,OAAO,UAAU,SAC9C,GACD,KAAA;EACJ,YAAY,kBAAkB,aAAa;EAC5C;CAID,qBAAqB,MAAM,SAAS;CAgBpC,IAAI,SAAS,aAAa,MAAM,SAAS,aAAa,OAAO,SAAS,gBAAgB,IACpF,SAAS,cAAc,SAAS;CAGlC,OAAO;;AAGT,SAAS,sBACP,SACA,MACwB;CACxB,IAAI,CAAC,SAAS,OAAO,EAAE;CAEvB,MAAM,aAAqC,EAAE;CAC7C,KAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,QAAQ,EAAE;EAClD,IAAI,OAAO,UAAU,UAAU;EAC/B,WAAW,OAAO,KAAK,WAAW,MAAM,GAAG,QAAQ,KAAK,QAAQ,MAAM,MAAM;;CAE9E,OAAO;;AAGT,SAAS,oBAAoB,QAAoB,MAAsC;CAErF,MAAM,oBAAoB,mBADL,mBAAmB,OAAO,aACU,EAAE,MAAM;CACjE,MAAM,oBAAoB,mBAAmB,OAAO,UAAU;CAE9D,OAAO;EACL,GAAG,sBAAsB,mBAAmB,mBAAmB,aAAa,EAAE,KAAK;EACnF,GAAG,sBAAsB,mBAAmB,mBAAmB,aAAa,EAAE,KAAK;EACpF;;AAGH,eAAe,mBACb,QACA,MACsE;CACtE,IAAI,OAAO,OAAO,YAAY,YAC5B,OAAO;EAAE,SAAS,EAAE;EAAE,KAAK;EAAM;CAInC,MAAM,kBAAyB,EAAE;CAEjC,MAAM,aAAa;EACjB,SAAS;EACT,SAAS,EAH+C,OAAO,EAAE,EAG7C;EACpB,QAAQ,EAAE,OAAO,iBAAiB;EAElC,SAAS,EAAE;EACZ;CACD,MAAM,cAAc;EAClB,gBAAgB,EAAE,OAAO,EAAE,QAAQ,qBAAqB,EAAE;EAC1D,UAAU;EACV,KAAK;EACL,KAAK;EACN;CAED,IAAI;EAGF,MAAM,cAAc,MADE,OAAO,QAAqB,YAAY,YAAY,IAC5C;EAE9B,MAAM,QAAe,YAAY,QAAQ,SAAS;EAQlD,wBAAwB,OAAO,KAAK;EACpC,OAAO;GACL,SAAS,sBAAsB,YAAY,SAAS,OAAO,KAAK;GAChE,KAAK,2BAA2B,MAAM;GACvC;SACK;EACN,OAAO;GAAE,SAAS,EAAE;GAAE,KAAK;GAAM;;;;;;;;;;;AAarC,SAAS,wBAAwB,OAAc,MAAoB;CACjE,MAAM,UAAU,cAAc,KAAK,KAAK,MAAM,eAAe,CAAC;CAC9D,MAAM,uBAAO,IAAI,KAAc;CAG/B,MAAM,qBAAqB,OAAY,gBAAgC;EACrE,IAAI,CAAC,OAAO;EACZ,IAAI;EACJ,IAAI;EACJ,IAAI,UAAmB;EACvB,IAAI,OAAO,UAAU,UACnB,aAAa;OACR,IAAI,OAAO,UAAU,YAC1B,WAAW;OACN,IAAI,OAAO,UAAU,UAAU;GAEpC,MAAM,IAAI;GACV,IAAI,OAAO,EAAE,WAAW,UAAU,aAAa,EAAE;QAC5C,IAAI,OAAO,EAAE,WAAW,YAAY,WAAW,EAAE;GACtD,IAAI,EAAE,YAAY,KAAA,GAAW,UAAU,EAAE;;EAE3C,IAAI,eAAe,KAAA,GAAW;GAC5B,IAAI,KAAK,IAAI,WAAW,EAAE;GAC1B,KAAK,IAAI,WAAW;GAIpB,IACE,WAAW,SAAS,oBAAoB,IACxC,WAAW,SAAS,MAAM,IAC1B,WAAW,WAAW,0BAA0B,EAEhD;GAEF,IAAI;IACF,WAAW,QAAQ,WAAW;IAC9B,IACE,YACA,OAAO,aAAa,YAEpB,OAAQ,SAAiB,YAAY,YAGrC,WAAY,SAAiB;WAEzB;IACN;;;EAGJ,IAAI,OAAO,aAAa,YAAY;EACpC,IAAI,KAAK,IAAI,SAAS,EAAE;EACxB,KAAK,IAAI,SAAS;EAClB,IAAI;GAKF,MAAM,aAAa;IACjB,mBAAmB;IACnB,gBAAgB;IAChB,iBAAiB;IACjB,mBAAmB;IACnB,iBAAiB;IACjB,kBAAkB,WAAW,EAAE;IAC/B,OAAO,WAAW,EAAE;IACpB,cAAc;IACd,UAAU;IACV,aAAa;IACb,SAAS;IACT,MAAM;IACP;GAED,SAAuB,KAAK,YAAY,GAAG;UACrC;;CAOV,MAAM,SAAS,SAAoB;EACjC,IAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;EACvC,IAAI,MAAM,QAAQ,KAAK,EAAE;GACvB,KAAK,MAAM,SAAS,MAAM,MAAM,MAAM;GACtC;;EAEF,IAAI,MAAM,QAAQ,KAAK,MAAM,EAAE,KAAK,MAAM,SAAS,KAAK,OAAO,MAAM,MAAM;EAC3E,IAAI,MAAM,QAAQ,KAAK,MAAM,EAAE,KAAK,MAAM,SAAS,KAAK,OAAO,MAAM,MAAM;EAC3E,MAAM,OAAO,MAAM,QAAQ,KAAK,IAAI,GAAG,KAAK,MAAM,KAAK,MAAM,CAAC,KAAK,IAAI,GAAG,EAAE;EAC5E,KAAK,MAAM,OAAO,MAAM,kBAAkB,IAAI;EAC9C,IAAI,KAAK,WAAW,KAAA,GAAW,kBAAkB,KAAK,QAAQ,KAAK,QAAQ;;CAG7E,KAAK,MAAM,QAAQ,OAAO,MAAM,KAAK;;;;;;;;;;AAWvC,eAAsB,kBACpB,QACA,OAAe,QAAQ,KAAK,EACA;CAC5B,QAAQ,MAAM,mBAAmB,QAAQ,KAAK,EAAE;;;;;;AAOlD,SAAS,WAAW,MAAc,YAAqC;CACrE,KAAK,MAAM,aAAa,YAAY;EAClC,MAAM,MAAM,KAAK,QAAQ,MAAM,UAAU;EACzC,IAAI,GAAG,WAAW,IAAI,EAAE,OAAO;;CAEjC,OAAO;;AAGT,MAAM,0BAA0B;CAC9B;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;;;;;;;;;;;;;;;;;AAkBD,SAAgB,qBAAqB,MAAc,UAAoC;CAErF,IAAI,SAAS,QAAQ,qBAAqB;CAI1C,MAAM,UAAU,cAAc,KAAK,KAAK,MAAM,eAAe,CAAC;CAC9D,IAAI;EACF,QAAQ,QAAQ,YAAY;SACtB;EACN;;CAIF,MAAM,aAAa,WAAW,MAAM,wBAAwB;CAC5D,IAAI,CAAC,YAAY;CAEjB,SAAS,QAAQ,sBAAsB;CAEvC,IAAI,SAAS,eACX,SAAS,IAAI,4BAA4B;;AAK7C,SAAS,2BAA2B,OAAiC;CAEnE,KAAK,MAAM,QAAQ,OAAO;EACxB,MAAM,UAAU,kBAAkB,KAAK;EACvC,IAAI,SAAS,OAAO;;CAEtB,OAAO;;;;;;AAQT,SAAS,kBAAkB,MAA8B;CACvD,IAAI,CAAC,MAAM,OAAO;CAGlB,IAAI,MAAM,QAAQ,KAAK,MAAM,EAC3B,KAAK,MAAM,SAAS,KAAK,OAAO;EAC9B,MAAM,SAAS,kBAAkB,MAAM;EACvC,IAAI,QAAQ,OAAO;;CAKvB,MAAM,MAAM,MAAM,QAAQ,KAAK,IAAI,GAAG,KAAK,MAAM,KAAK,MAAM,CAAC,KAAK,IAAI,GAAG,EAAE;CAC3E,KAAK,MAAM,UAAU,KAAK;EACxB,MAAM,aAAa,OAAO,WAAW,WAAW,SAAS,QAAQ;EACjE,IAAI,OAAO,eAAe,YAAY,YAAY,WAAW,EAE3D,OAAO,0BADM,OAAO,WAAW,WAAW,OAAO,UAAU,EAAE,CACvB;;CAK1C,IAAI,OAAO,KAAK,WAAW,YAAY,YAAY,KAAK,OAAO,EAC7D,OAAO,0BAA0B,KAAK,QAAQ;CAGhD,OAAO;;AAGT,SAAS,YAAY,YAA6B;CAChD,OACE,WAAW,SAAS,MAAM,KACzB,WAAW,SAAS,QAAQ,IAC3B,WAAW,SAAS,UAAU,IAC9B,WAAW,SAAS,gBAAgB,IACpC,WAAW,SAAS,WAAW;;AAKrC,SAAS,0BAA0B,MAA8B;CAC/D,IAAI,CAAC,QAAQ,OAAO,SAAS,UAAU,OAAO;CAE9C,MAAM,gBAAgB,MAAM,QAAQ,KAAK,cAAc,GAAG,KAAK,gBAAgB,KAAA;CAC/E,MAAM,gBAAgB,MAAM,QAAQ,KAAK,cAAc,GAAG,KAAK,gBAAgB,KAAA;CAC/E,MAAM,eAAe,MAAM,QAAQ,KAAK,aAAa,GAAG,KAAK,eAAe,KAAA;CAG5E,IACG,iBAAiB,cAAc,SAAS,KACxC,iBAAiB,cAAc,SAAS,KACxC,gBAAgB,aAAa,SAAS,GAEvC,OAAO;EACL,GAAI,iBAAiB,cAAc,SAAS,IAAI,EAAE,eAAe,GAAG,EAAE;EACtE,GAAI,iBAAiB,cAAc,SAAS,IAAI,EAAE,eAAe,GAAG,EAAE;EACtE,GAAI,gBAAgB,aAAa,SAAS,IAAI,EAAE,cAAc,GAAG,EAAE;EACpE;CAGH,OAAO"}

package/dist/config/tsconfig-paths.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"tsconfig-paths.js","names":[],"sources":["../../src/config/tsconfig-paths.ts"],"sourcesContent":["/**\n * tsconfig.json `compilerOptions.paths` loader.\n *\n * Used to make tsconfig path aliases (e.g. `@/foo` mapping to `./src/foo`)\n * available when vinext loads `next.config.ts` through Vite's `runnerImport`.\n *\n * Next.js's own `next.config.ts` loader (packages/next/src/build/next-config-ts/\n * transpile-config.ts) reads `compilerOptions.paths` from the project's\n * `tsconfig.json` and passes them to SWC so that imports like\n * `import { foo } from '@/foo'` resolve at config load time. We do the same\n * here, but as Vite `resolve.alias` entries.\n *\n * The implementation is intentionally minimal:\n *   - Static JSON-style parse of tsconfig.json (handles trailing commas /\n *     comments via the shared `parseStaticObjectLiteral` helper)\n *   - `extends` is followed up to a small recursion depth, with cycle\n *     detection — matches the subset Next.js supports\n *   - Only the common `\"@/*\": [\"./src/*\"]` / `\"@/*\": [\"src/*\"]` pattern is\n *     supported; non-wildcard paths and exact aliases also work\n *   - Returned alias values are always absolute paths so they work with\n *     `runnerImport`'s inline environment (which has its own root).\n */\nimport fs from \"node:fs\";\nimport path from \"node:path\";\nimport { createRequire } from \"node:module\";\nimport { parseStaticObjectLiteral } from \"../plugins/fonts.js\";\n\nconst TSCONFIG_FILES = [\"tsconfig.json\", \"jsconfig.json\"];\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n  return !!value && typeof value === \"object\" && !Array.isArray(value);\n}\n\nfunction resolveTsconfigPathCandidate(candidate: string): string | null {\n  const candidates = candidate.endsWith(\".json\")\n    ? [candidate]\n    : [candidate, `${candidate}.json`, path.join(candidate, \"tsconfig.json\")];\n\n  for (const item of candidates) {\n    if (fs.existsSync(item) && fs.statSync(item).isFile()) {\n      return item;\n    }\n  }\n\n  return null;\n}\n\nfunction resolveTsconfigExtends(configPath: string, specifier: string): string | null {\n  const fromDir = path.dirname(configPath);\n  if (specifier.startsWith(\".\") || specifier.startsWith(\"/\") || specifier.startsWith(\"\\\\\")) {\n    return resolveTsconfigPathCandidate(path.resolve(fromDir, specifier));\n  }\n\n  const requireFromConfig = createRequire(configPath);\n  const candidates = [specifier, `${specifier}.json`, path.join(specifier, \"tsconfig.json\")];\n\n  for (const item of candidates) {\n    try {\n      return requireFromConfig.resolve(item);\n    } catch {}\n  }\n\n  return null;\n}\n\nfunction materializeAliases(\n  pathsConfig: Record<string, unknown>,\n  baseUrl: string,\n): Record<string, string> {\n  const aliases: Record<string, string> = {};\n\n  for (const [find, rawTargets] of Object.entries(pathsConfig)) {\n    const target = Array.isArray(rawTargets)\n      ? rawTargets.find((value): value is string => typeof value === \"string\")\n      : typeof rawTargets === \"string\"\n        ? rawTargets\n        : null;\n    if (!target) continue;\n\n    if (find.includes(\"*\") || target.includes(\"*\")) {\n      // Only support trailing wildcard (the common `\"@/*\": [\"./src/*\"]` form).\n      if (!find.endsWith(\"/*\") || !target.endsWith(\"/*\")) continue;\n      if (find.indexOf(\"*\") !== find.length - 1 || target.indexOf(\"*\") !== target.length - 1) {\n        continue;\n      }\n\n      const aliasKey = find.slice(0, -2);\n      const targetDir = target.slice(0, -2);\n      if (!aliasKey || !targetDir) continue;\n\n      aliases[aliasKey] = path.resolve(baseUrl, targetDir);\n      continue;\n    }\n\n    aliases[find] = path.resolve(baseUrl, target);\n  }\n\n  return aliases;\n}\n\nfunction loadAliasesFromTsconfigFile(\n  configPath: string,\n  seen: Set<string>,\n): Record<string, string> {\n  if (seen.has(configPath)) return {};\n  seen.add(configPath);\n\n  let parsed: Record<string, unknown> | null = null;\n  try {\n    parsed = parseStaticObjectLiteral(fs.readFileSync(configPath, \"utf-8\"));\n  } catch {\n    return {};\n  }\n  if (!parsed) return {};\n\n  let aliases: Record<string, string> = {};\n  if (typeof parsed.extends === \"string\") {\n    const extendedPath = resolveTsconfigExtends(configPath, parsed.extends);\n    if (extendedPath) {\n      aliases = loadAliasesFromTsconfigFile(extendedPath, seen);\n    }\n  }\n\n  const compilerOptions = isRecord(parsed.compilerOptions) ? parsed.compilerOptions : null;\n  const pathsConfig =\n    compilerOptions && isRecord(compilerOptions.paths) ? compilerOptions.paths : null;\n  if (!pathsConfig) return aliases;\n\n  const baseUrl =\n    compilerOptions && typeof compilerOptions.baseUrl === \"string\" ? compilerOptions.baseUrl : \".\";\n  const resolvedBaseUrl = path.resolve(path.dirname(configPath), baseUrl);\n\n  return {\n    ...aliases,\n    ...materializeAliases(pathsConfig, resolvedBaseUrl),\n  };\n}\n\n/**\n * Read the project's tsconfig.json (or jsconfig.json) and return its\n * `compilerOptions.paths` as absolute-path Vite `resolve.alias` entries.\n *\n * Returns an empty object if no config is found or no paths are configured.\n * Errors during parsing are swallowed — this is a best-effort helper that\n * must not break config loading.\n */\nexport function loadTsconfigPathAliasesForRoot(projectRoot: string): Record<string, string> {\n  for (const name of TSCONFIG_FILES) {\n    const candidate = path.join(projectRoot, name);\n    if (!fs.existsSync(candidate)) continue;\n    return loadAliasesFromTsconfigFile(candidate, new Set());\n  }\n  return {};\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BA,MAAM,iBAAiB,CAAC,iBAAiB,gBAAgB;AAEzD,SAAS,SAAS,OAAkD;CAClE,OAAO,CAAC,CAAC,SAAS,OAAO,UAAU,YAAY,CAAC,MAAM,QAAQ,MAAM;;AAGtE,SAAS,6BAA6B,WAAkC;CACtE,MAAM,aAAa,UAAU,SAAS,QAAQ,GAC1C,CAAC,UAAU,GACX;EAAC;EAAW,GAAG,UAAU;EAAQ,KAAK,KAAK,WAAW,gBAAgB;EAAC;CAE3E,KAAK,MAAM,QAAQ,YACjB,IAAI,GAAG,WAAW,KAAK,IAAI,GAAG,SAAS,KAAK,CAAC,QAAQ,EACnD,OAAO;CAIX,OAAO;;AAGT,SAAS,uBAAuB,YAAoB,WAAkC;CACpF,MAAM,UAAU,KAAK,QAAQ,WAAW;CACxC,IAAI,UAAU,WAAW,IAAI,IAAI,UAAU,WAAW,IAAI,IAAI,UAAU,WAAW,KAAK,EACtF,OAAO,6BAA6B,KAAK,QAAQ,SAAS,UAAU,CAAC;CAGvE,MAAM,oBAAoB,cAAc,WAAW;CACnD,MAAM,aAAa;EAAC;EAAW,GAAG,UAAU;EAAQ,KAAK,KAAK,WAAW,gBAAgB;EAAC;CAE1F,KAAK,MAAM,QAAQ,YACjB,IAAI;EACF,OAAO,kBAAkB,QAAQ,KAAK;SAChC;CAGV,OAAO;;AAGT,SAAS,mBACP,aACA,SACwB;CACxB,MAAM,UAAkC,EAAE;CAE1C,KAAK,MAAM,CAAC,MAAM,eAAe,OAAO,QAAQ,YAAY,EAAE;EAC5D,MAAM,SAAS,MAAM,QAAQ,WAAW,GACpC,WAAW,MAAM,UAA2B,OAAO,UAAU,SAAS,GACtE,OAAO,eAAe,WACpB,aACA;EACN,IAAI,CAAC,QAAQ;EAEb,IAAI,KAAK,SAAS,IAAI,IAAI,OAAO,SAAS,IAAI,EAAE;GAE9C,IAAI,CAAC,KAAK,SAAS,KAAK,IAAI,CAAC,OAAO,SAAS,KAAK,EAAE;GACpD,IAAI,KAAK,QAAQ,IAAI,KAAK,KAAK,SAAS,KAAK,OAAO,QAAQ,IAAI,KAAK,OAAO,SAAS,GACnF;GAGF,MAAM,WAAW,KAAK,MAAM,GAAG,GAAG;GAClC,MAAM,YAAY,OAAO,MAAM,GAAG,GAAG;GACrC,IAAI,CAAC,YAAY,CAAC,WAAW;GAE7B,QAAQ,YAAY,KAAK,QAAQ,SAAS,UAAU;GACpD;;EAGF,QAAQ,QAAQ,KAAK,QAAQ,SAAS,OAAO;;CAG/C,OAAO;;AAGT,SAAS,4BACP,YACA,MACwB;CACxB,IAAI,KAAK,IAAI,WAAW,EAAE,OAAO,EAAE;CACnC,KAAK,IAAI,WAAW;CAEpB,IAAI,SAAyC;CAC7C,IAAI;EACF,SAAS,yBAAyB,GAAG,aAAa,YAAY,QAAQ,CAAC;SACjE;EACN,OAAO,EAAE;;CAEX,IAAI,CAAC,QAAQ,OAAO,EAAE;CAEtB,IAAI,UAAkC,EAAE;CACxC,IAAI,OAAO,OAAO,YAAY,UAAU;EACtC,MAAM,eAAe,uBAAuB,YAAY,OAAO,QAAQ;EACvE,IAAI,cACF,UAAU,4BAA4B,cAAc,KAAK;;CAI7D,MAAM,kBAAkB,SAAS,OAAO,gBAAgB,GAAG,OAAO,kBAAkB;CACpF,MAAM,cACJ,mBAAmB,SAAS,gBAAgB,MAAM,GAAG,gBAAgB,QAAQ;CAC/E,IAAI,CAAC,aAAa,OAAO;CAEzB,MAAM,UACJ,mBAAmB,OAAO,gBAAgB,YAAY,WAAW,gBAAgB,UAAU;CAC7F,MAAM,kBAAkB,KAAK,QAAQ,KAAK,QAAQ,WAAW,EAAE,QAAQ;CAEvE,OAAO;EACL,GAAG;EACH,GAAG,mBAAmB,aAAa,gBAAgB;EACpD;;;;;;;;;;AAWH,SAAgB,+BAA+B,aAA6C;CAC1F,KAAK,MAAM,QAAQ,gBAAgB;EACjC,MAAM,YAAY,KAAK,KAAK,aAAa,KAAK;EAC9C,IAAI,CAAC,GAAG,WAAW,UAAU,EAAE;EAC/B,OAAO,4BAA4B,2BAAW,IAAI,KAAK,CAAC;;CAE1D,OAAO,EAAE"}