vinext 0.1.2 → 0.1.4

package/dist/server/prod-server.js

@@ -109,11 +109,42 @@ async function importServerEntryModule(entryPath) {
 }
 /** Convert a Node.js IncomingMessage into a ReadableStream for Web Request body. */
 function readNodeStream(req) {
-	return new ReadableStream({ start(controller) {
-		req.on("data", (chunk) => controller.enqueue(new Uint8Array(chunk)));
-		req.on("end", () => controller.close());
-		req.on("error", (err) => controller.error(err));
-	} });
+	let cancelled = false;
+	let cleanup = () => {};
+	return new ReadableStream({
+		start(controller) {
+			cleanup = () => {
+				req.off("data", onData);
+				req.off("end", onEnd);
+				req.off("error", onError);
+			};
+			const onData = (chunk) => {
+				if (cancelled) return;
+				controller.enqueue(new Uint8Array(chunk));
+				if ((controller.desiredSize ?? 0) <= 0) req.pause();
+			};
+			const onEnd = () => {
+				cleanup();
+				if (!cancelled) controller.close();
+			};
+			const onError = (error) => {
+				cleanup();
+				if (!cancelled) controller.error(error);
+			};
+			req.on("data", onData);
+			req.on("end", onEnd);
+			req.on("error", onError);
+			req.pause();
+		},
+		pull() {
+			if (!cancelled) req.resume();
+		},
+		cancel() {
+			cancelled = true;
+			cleanup();
+			req.resume();
+		}
+	});
 }
 /** Content types that benefit from compression. */
 const COMPRESSIBLE_TYPES = new Set([
@@ -201,6 +232,7 @@ function toWebHeaders(headersRecord) {
 }
 function appendWebHeader(headers, key, value) {
 	if (value === void 0) return;
+	if (key.startsWith(":")) return;
 	if (Array.isArray(value)) {
 		for (const item of value) headers.append(key, item);
 		return;
@@ -513,7 +545,7 @@ function nodeToWebRequest(req, urlOverride, prerenderSecret) {
 		headers
 	};
 	if (hasBody) {
-		init.body = Readable.toWeb(req);
+		init.body = readNodeStream(req);
 		init.duplex = "half";
 	}
 	return new Request(url, init);
@@ -783,7 +815,7 @@ async function startAppRouterServer(options) {
 			}
 		}
 		if (isImageOptimizationPath(pathname)) {
-			const params = parseImageParams(new URL(rawUrl, "http://localhost"), [...DEFAULT_DEVICE_SIZES, ...DEFAULT_IMAGE_SIZES]);
+			const params = parseImageParams(new URL(rawUrl, "http://localhost"), [...imageConfig?.deviceSizes ?? DEFAULT_DEVICE_SIZES, ...imageConfig?.imageSizes ?? DEFAULT_IMAGE_SIZES], imageConfig?.qualities);
 			if (!params) {
 				res.writeHead(400);
 				res.end("Bad Request");
@@ -891,6 +923,7 @@ async function startPagesRouterServer(options) {
 	const pagesImageConfig = vinextConfig?.images ? {
 		dangerouslyAllowSVG: vinextConfig.images.dangerouslyAllowSVG,
 		dangerouslyAllowLocalIP: vinextConfig.images.dangerouslyAllowLocalIP,
+		qualities: vinextConfig.images.qualities,
 		contentDispositionType: vinextConfig.images.contentDispositionType,
 		contentSecurityPolicy: vinextConfig.images.contentSecurityPolicy
 	} : void 0;
@@ -960,7 +993,7 @@ async function startPagesRouterServer(options) {
 			return;
 		}
 		if (isImageOptimizationPath(pathname) || isImageOptimizationPath(staticLookupPath)) {
-			const params = parseImageParams(new URL(rawUrl, "http://localhost"), allowedImageWidths);
+			const params = parseImageParams(new URL(rawUrl, "http://localhost"), allowedImageWidths, pagesImageConfig?.qualities);
 			if (!params) {
 				res.writeHead(400);
 				res.end("Bad Request");
@@ -991,6 +1024,7 @@ async function startPagesRouterServer(options) {
 				}
 			}
 			let isDataReq = false;
+			const originalRenderUrl = url;
 			if (isNextDataPathname(pathname)) {
 				const dataMatch = pagesBuildId ? parseNextDataPathname(pathname, pagesBuildId) : null;
 				if (!dataMatch) {
@@ -1005,7 +1039,7 @@ async function startPagesRouterServer(options) {
 			const protocol = resolveRequestProtocol(req);
 			const hostHeader = resolveRequestHost(req, `${host}:${port}`);
 			const rawReqHeaders = nodeHeadersToWebHeaders(req.headers);
-			const isDataRequest = rawReqHeaders.get("x-nextjs-data") === "1";
+			const isDataRequest = isDataReq;
 			const reqHeaders = filterInternalHeaders(rawReqHeaders);
 			const method = req.method ?? "GET";
 			const hasBody = method !== "GET" && method !== "HEAD";
@@ -1028,10 +1062,13 @@ async function startPagesRouterServer(options) {
 				rawSearch: rawQs,
 				matchPageRoute: matchPageRoute ?? null,
 				runMiddleware: typeof runMiddleware === "function" ? wrapMiddlewareWithBasePath(runMiddleware, basePath, hadBasePath) : null,
-				renderPage: typeof renderPage === "function" ? (request, resolvedUrl, options, stagedHeaders) => renderPage(request, resolvedUrl, ssrManifest, void 0, stagedHeaders, options) : null,
+				renderPage: typeof renderPage === "function" ? (request, resolvedUrl, options, stagedHeaders) => renderPage(request, resolvedUrl, ssrManifest, void 0, stagedHeaders, {
+					...options,
+					originalUrl: originalRenderUrl
+				}) : null,
 				handleApi: typeof handleApi === "function" ? (request, apiUrl) => handleApi(request, apiUrl, createNodeExecutionContext()) : null,
-				serveStaticFile: async (requestPathname, stagedHeaders) => {
-					if (requestPathname === "/" || requestPathname.startsWith("/api/") || requestPathname.startsWith(`/_next/static/`)) return false;
+				serveFilesystemRoute: async (requestPathname, stagedHeaders, phase) => {
+					if (req.method !== "GET" && req.method !== "HEAD" || requestPathname === "/" || requestPathname === "/api" || requestPathname.startsWith("/api/") || phase === "direct" && requestPathname.startsWith(`/_next/static/`)) return false;
 					return tryServeStatic(req, res, clientDir, requestPathname, compress, staticCache, stagedHeaders);
 				}
 			});
@@ -1082,4 +1119,4 @@ async function startPagesRouterServer(options) {
 	};
 }
 //#endregion
-export { COMPRESSIBLE_TYPES, COMPRESS_THRESHOLD, importServerEntryModule, mergeResponseHeaders, mergeWebResponse, negotiateEncoding, nodeToWebRequest, resolveAppRouterAssetPath, resolveAppRouterPrerenderSeeder, resolveRequestHost as resolveHost, resolveServerEntryImportUrl, sendCompressed, sendWebResponse, startProdServer, trustProxy, trustedHosts, tryServeStatic };
+export { COMPRESSIBLE_TYPES, COMPRESS_THRESHOLD, importServerEntryModule, mergeResponseHeaders, mergeWebResponse, negotiateEncoding, nodeToWebRequest, readNodeStream, resolveAppRouterAssetPath, resolveAppRouterPrerenderSeeder, resolveRequestHost as resolveHost, resolveServerEntryImportUrl, sendCompressed, sendWebResponse, startProdServer, trustProxy, trustedHosts, tryServeStatic };

package/dist/server/request-pipeline.d.ts

@@ -76,7 +76,8 @@ type ApplyConfigHeadersOptions = {
    * (basePath: true) rule for backward compatibility — callers that need to
    * support `basePath: false` headers must pass this in.
    */
-  basePathState?: BasePathMatchState;
+  basePathState?: BasePathMatchState; /** Existing framework-generated headers that matching config rules may replace. */
+  overwriteExisting?: ReadonlySet<string>;
 };
 type StaticFileSignalContext = {
   headers: Headers | null;
@@ -157,19 +158,6 @@ declare function validateCsrfOrigin(request: Request, allowedOrigins?: string[])
  */
 declare function validateServerActionPayload(body: string | FormData): Promise<Response | null>;
 declare function isOriginAllowed(origin: string, allowed: string[]): boolean;
-/**
- * Validate an image optimization URL parameter.
- *
- * Ensures the URL is a relative path that doesn't escape the origin:
- * - Must start with "/" but not "//"
- * - Backslashes are normalized (browsers treat `\` as `/`)
- * - Origin validation as defense-in-depth
- *
- * @param rawUrl - The raw `url` query parameter value
- * @param requestUrl - The full request URL for origin comparison
- * @returns An error Response if validation fails, or the normalized image URL
- */
-declare function validateImageUrl(rawUrl: string | null, requestUrl: string): Response | string;
 /**
  * Strip internal `x-middleware-*` headers from a Headers object.
  *
@@ -219,4 +207,4 @@ declare function cloneRequestWithHeaders(request: Request, headers: Headers): Re
  */
 declare function cloneRequestWithUrl(request: Request, url: string): Request;
 //#endregion
-export { HeaderRecord, INTERNAL_HEADERS, VINEXT_INTERNAL_HEADERS, applyConfigHeadersToHeaderRecord, applyConfigHeadersToResponse, cloneRequestWithHeaders, cloneRequestWithUrl, createStaticFileSignal, filterInternalHeaders, guardProtocolRelativeUrl, hasBasePath, isOpenRedirectShaped, isOriginAllowed, normalizeTrailingSlash, normalizeTrailingSlashPathname, processMiddlewareHeaders, resolvePublicFileRoute, stripBasePath, validateCsrfOrigin, validateImageUrl, validateServerActionPayload };
+export { HeaderRecord, INTERNAL_HEADERS, VINEXT_INTERNAL_HEADERS, applyConfigHeadersToHeaderRecord, applyConfigHeadersToResponse, cloneRequestWithHeaders, cloneRequestWithUrl, createStaticFileSignal, filterInternalHeaders, guardProtocolRelativeUrl, hasBasePath, isOpenRedirectShaped, isOriginAllowed, normalizeTrailingSlash, normalizeTrailingSlashPathname, processMiddlewareHeaders, resolvePublicFileRoute, stripBasePath, validateCsrfOrigin, validateServerActionPayload };

package/dist/server/request-pipeline.js

@@ -122,7 +122,7 @@ function applyConfigHeadersToResponse(responseHeaders, options) {
 	for (const header of matched) {
 		const lowerName = header.key.toLowerCase();
 		if (lowerName === "vary" || lowerName === "set-cookie") responseHeaders.append(header.key, header.value);
-		else if (!responseHeaders.has(lowerName)) responseHeaders.set(header.key, header.value);
+		else if (options.overwriteExisting?.has(lowerName) || !responseHeaders.has(lowerName)) responseHeaders.set(header.key, header.value);
 	}
 }
 /**
@@ -197,9 +197,10 @@ function normalizeTrailingSlash(pathname, basePath, trailingSlash, search) {
 	if (isOpenRedirectShaped(pathname)) return notFoundResponse();
 	const normalizedPathname = normalizeTrailingSlashPathname(pathname, trailingSlash);
 	if (normalizedPathname === null) return null;
+	const encodedPathname = normalizedPathname.replace(/[^A-Za-z0-9\-._~!$&'()*+,;=:@/%]/gu, encodeURIComponent);
 	return new Response(null, {
 		status: 308,
-		headers: { Location: basePath + normalizedPathname + search }
+		headers: { Location: basePath + encodedPathname + search }
 	});
 }
 /**
@@ -246,45 +247,74 @@ function validateCsrfOrigin(request, allowedOrigins = []) {
 * Regular user form fields are ignored entirely.
 */
 async function validateServerActionPayload(body) {
-	const containerRefRe = /"\$([QWi])(\d+)"/g;
+	const maxNumericFields = 4096;
+	const maxContainerReferences = 16384;
+	const maxContainerDepth = 1024;
+	const containerRefRe = /"\$([QWi])([0-9a-f]+)(?=[:"])/gi;
 	const fieldRefs = /* @__PURE__ */ new Map();
+	let referenceCount = 0;
+	const invalidPayloadResponse = () => new Response("Invalid server action payload", {
+		status: 400,
+		headers: { "Content-Type": "text/plain" }
+	});
 	const collectRefs = (fieldKey, text) => {
+		if (fieldRefs.has(fieldKey)) return true;
+		if (fieldRefs.size >= maxNumericFields) return false;
 		const refs = /* @__PURE__ */ new Set();
 		let match;
 		containerRefRe.lastIndex = 0;
-		while ((match = containerRefRe.exec(text)) !== null) refs.add(match[2]);
+		while ((match = containerRefRe.exec(text)) !== null) {
+			const previousSize = refs.size;
+			refs.add(String(Number.parseInt(match[2], 16)));
+			if (refs.size !== previousSize && ++referenceCount > maxContainerReferences) return false;
+		}
 		fieldRefs.set(fieldKey, refs);
+		return true;
 	};
-	if (typeof body === "string") collectRefs("0", body);
-	else for (const [key, value] of body.entries()) {
+	if (typeof body === "string") {
+		if (!collectRefs("0", body)) return invalidPayloadResponse();
+	} else for (const [key, value] of body.entries()) {
 		if (!/^\d+$/.test(key)) continue;
 		if (typeof value === "string") {
-			collectRefs(key, value);
+			if (!collectRefs(key, value)) return invalidPayloadResponse();
 			continue;
 		}
-		if (typeof value?.text === "function") collectRefs(key, await value.text());
+		if (typeof value?.text === "function") {
+			if (!collectRefs(key, await value.text())) return invalidPayloadResponse();
+		}
 	}
 	if (fieldRefs.size === 0) return null;
 	const knownFields = new Set(fieldRefs.keys());
-	for (const refs of fieldRefs.values()) for (const ref of refs) if (!knownFields.has(ref)) return new Response("Invalid server action payload", {
-		status: 400,
-		headers: { "Content-Type": "text/plain" }
-	});
-	const visited = /* @__PURE__ */ new Set();
-	const stack = /* @__PURE__ */ new Set();
-	const hasCycle = (node) => {
-		if (stack.has(node)) return true;
-		if (visited.has(node)) return false;
-		visited.add(node);
-		stack.add(node);
-		for (const ref of fieldRefs.get(node) ?? []) if (hasCycle(ref)) return true;
-		stack.delete(node);
-		return false;
-	};
-	for (const node of fieldRefs.keys()) if (hasCycle(node)) return new Response("Invalid server action payload", {
-		status: 400,
-		headers: { "Content-Type": "text/plain" }
-	});
+	for (const refs of fieldRefs.values()) for (const ref of refs) if (!knownFields.has(ref)) return invalidPayloadResponse();
+	const state = /* @__PURE__ */ new Map();
+	for (const root of fieldRefs.keys()) {
+		if (state.has(root)) continue;
+		const stack = [{
+			node: root,
+			refs: [...fieldRefs.get(root) ?? []],
+			nextRef: 0
+		}];
+		state.set(root, "visiting");
+		while (stack.length > 0) {
+			if (stack.length > maxContainerDepth) return invalidPayloadResponse();
+			const frame = stack[stack.length - 1];
+			const ref = frame.refs[frame.nextRef++];
+			if (ref === void 0) {
+				state.set(frame.node, "visited");
+				stack.pop();
+				continue;
+			}
+			const refState = state.get(ref);
+			if (refState === "visiting") return invalidPayloadResponse();
+			if (refState === "visited") continue;
+			state.set(ref, "visiting");
+			stack.push({
+				node: ref,
+				refs: [...fieldRefs.get(ref) ?? []],
+				nextRef: 0
+			});
+		}
+	}
 	return null;
 }
 /**
@@ -329,25 +359,6 @@ function isOriginAllowed(origin, allowed) {
 	return false;
 }
 /**
-* Validate an image optimization URL parameter.
-*
-* Ensures the URL is a relative path that doesn't escape the origin:
-* - Must start with "/" but not "//"
-* - Backslashes are normalized (browsers treat `\` as `/`)
-* - Origin validation as defense-in-depth
-*
-* @param rawUrl - The raw `url` query parameter value
-* @param requestUrl - The full request URL for origin comparison
-* @returns An error Response if validation fails, or the normalized image URL
-*/
-function validateImageUrl(rawUrl, requestUrl) {
-	const imgUrl = rawUrl?.replaceAll("\\", "/") ?? null;
-	if (!imgUrl || !imgUrl.startsWith("/") || imgUrl.startsWith("//")) return new Response(!rawUrl ? "Missing url parameter" : "Only relative URLs allowed", { status: 400 });
-	const url = new URL(requestUrl);
-	if (new URL(imgUrl, url.origin).origin !== url.origin) return new Response("Only relative URLs allowed", { status: 400 });
-	return imgUrl;
-}
-/**
 * Strip internal `x-middleware-*` headers from a Headers object.
 *
 * Middleware uses `x-middleware-*` headers as internal signals (e.g.
@@ -465,4 +476,4 @@ function cloneRequestWithUrl(request, url) {
 	return cloned;
 }
 //#endregion
-export { INTERNAL_HEADERS, VINEXT_INTERNAL_HEADERS, applyConfigHeadersToHeaderRecord, applyConfigHeadersToResponse, cloneRequestWithHeaders, cloneRequestWithUrl, createStaticFileSignal, filterInternalHeaders, guardProtocolRelativeUrl, hasBasePath, isOpenRedirectShaped, isOriginAllowed, normalizeTrailingSlash, normalizeTrailingSlashPathname, processMiddlewareHeaders, resolvePublicFileRoute, stripBasePath, validateCsrfOrigin, validateImageUrl, validateServerActionPayload };
+export { INTERNAL_HEADERS, VINEXT_INTERNAL_HEADERS, applyConfigHeadersToHeaderRecord, applyConfigHeadersToResponse, cloneRequestWithHeaders, cloneRequestWithUrl, createStaticFileSignal, filterInternalHeaders, guardProtocolRelativeUrl, hasBasePath, isOpenRedirectShaped, isOriginAllowed, normalizeTrailingSlash, normalizeTrailingSlashPathname, processMiddlewareHeaders, resolvePublicFileRoute, stripBasePath, validateCsrfOrigin, validateServerActionPayload };

package/dist/server/rsc-stream-hints.d.ts

@@ -1,6 +1,10 @@
 //#region src/server/rsc-stream-hints.d.ts
 declare function normalizeReactFlightPreloadHints(stream: ReadableStream<Uint8Array>): ReadableStream<Uint8Array>;
 type RscRawRenderer = (model: unknown, options?: unknown) => ReadableStream<Uint8Array>;
+type RscRawPrerenderer = (model: unknown, options?: unknown) => Promise<{
+  prelude: ReadableStream<Uint8Array>;
+}>;
 declare function createRscRenderer(render: RscRawRenderer): RscRawRenderer;
+declare function createRscPrerenderer(prerender: RscRawPrerenderer): RscRawPrerenderer;
 //#endregion
-export { createRscRenderer, normalizeReactFlightPreloadHints };
+export { RscRawPrerenderer, RscRawRenderer, createRscPrerenderer, createRscRenderer, normalizeReactFlightPreloadHints };

package/dist/server/rsc-stream-hints.js

@@ -32,5 +32,10 @@ function normalizeReactFlightPreloadHints(stream) {
 function createRscRenderer(render) {
 	return (model, options) => normalizeReactFlightPreloadHints(render(model, options));
 }
+function createRscPrerenderer(prerender) {
+	return async (model, options) => {
+		return { prelude: normalizeReactFlightPreloadHints((await prerender(model, options)).prelude) };
+	};
+}
 //#endregion
-export { createRscRenderer, normalizeReactFlightPreloadHints };
+export { createRscPrerenderer, createRscRenderer, normalizeReactFlightPreloadHints };

package/dist/server/seed-cache.js

@@ -1,8 +1,8 @@
-import { normalizePathnameForRouteMatch } from "../routing/utils.js";
-import { normalizePath } from "./normalize-path.js";
 import { isrCacheKey, isrSetPrerenderedAppPage } from "./isr-cache.js";
 import { buildAppPageCacheTags } from "./app-page-cache.js";
 import { getOutputPath, getRscOutputPath } from "../utils/prerender-output-paths.js";
+import { addPregeneratedConcretePath, clearPregeneratedConcretePaths, normalizePregeneratedPathname } from "./pregenerated-concrete-paths.js";
+import { getRenderedAppRoutes, isFallbackShellArtifactPath, readPrerenderManifest } from "./prerender-manifest.js";
 import fs from "node:fs";
 import path from "node:path";
 //#region src/server/seed-cache.ts
@@ -46,26 +46,21 @@ import path from "node:path";
 * @returns The number of routes seeded (0 if no manifest or no renderable routes).
 */
 async function seedMemoryCacheFromPrerender(serverDir, options) {
-	const manifestPath = path.join(serverDir, "vinext-prerender.json");
-	if (!fs.existsSync(manifestPath)) return 0;
-	let manifest;
-	try {
-		manifest = JSON.parse(fs.readFileSync(manifestPath, "utf-8"));
-	} catch (err) {
-		console.warn("[vinext] Failed to parse vinext-prerender.json, skipping cache seeding:", err);
-		return 0;
-	}
+	clearPregeneratedConcretePaths();
+	const manifest = readPrerenderManifest(path.join(serverDir, "vinext-prerender.json"));
+	if (!manifest) return 0;
 	const { buildId, routes } = manifest;
 	if (!buildId || !Array.isArray(routes)) return 0;
 	const trailingSlash = manifest.trailingSlash ?? false;
 	const prerenderDir = path.join(serverDir, "prerendered-routes");
 	const writeAppPageEntry = options?.writeAppPageEntry ?? createDefaultAppPageEntryWriter();
 	let seeded = 0;
-	for (const route of routes) {
-		if (route.status !== "rendered") continue;
-		if (route.router !== "app") continue;
+	const appRoutes = getRenderedAppRoutes(routes);
+	for (const route of appRoutes) {
+		const concretePathname = route.path ?? route.route;
+		if (!isFallbackShellArtifactPath(concretePathname, route)) addPregeneratedConcretePath(route.route, concretePathname);
 		const artifactPathname = route.path ?? route.route;
-		const cachePathname = normalizePrerenderCachePathname(artifactPathname);
+		const cachePathname = normalizePregeneratedPathname(artifactPathname);
 		const baseKey = isrCacheKey("app", cachePathname, buildId);
 		const htmlKey = options?.buildAppPageHtmlKey?.(cachePathname) ?? baseKey + ":html";
 		const rscKey = options?.buildAppPageRscKey?.(cachePathname) ?? baseKey + ":rsc";
@@ -79,9 +74,6 @@ async function seedMemoryCacheFromPrerender(serverDir, options) {
 	}
 	return seeded;
 }
-function normalizePrerenderCachePathname(pathname) {
-	return normalizePath(normalizePathnameForRouteMatch(pathname));
-}
 function createDefaultAppPageEntryWriter() {
 	return (key, data, metadata) => isrSetPrerenderedAppPage(key, data, metadata);
 }

package/dist/server/static-file-cache.js

@@ -1,5 +1,5 @@
 import { normalizePathSeparators } from "../utils/path.js";
-import "../utils/asset-prefix.js";
+import { ASSET_PREFIX_URL_DIR } from "../utils/asset-prefix.js";
 import path from "node:path";
 import fs from "node:fs/promises";
 //#region src/server/static-file-cache.ts
@@ -23,6 +23,7 @@ const CONTENT_TYPES = {
 	".css": "text/css",
 	".html": "text/html",
 	".json": "application/json",
+	".txt": "text/plain; charset=utf-8",
 	".png": "image/png",
 	".jpg": "image/jpeg",
 	".jpeg": "image/jpeg",
@@ -165,9 +166,20 @@ var StaticFileCache = class StaticFileCache {
 function etagFromFilenameHash(relativePath, ext) {
 	const basename = path.basename(relativePath, ext);
 	const lastDash = basename.lastIndexOf("-");
-	if (lastDash === -1 || lastDash === basename.length - 1) return null;
-	const suffix = basename.slice(lastDash + 1);
-	return suffix.length >= 6 && suffix.length <= 12 && /^[A-Za-z0-9_-]+$/.test(suffix) ? `W/"${suffix}"` : null;
+	if (lastDash !== -1 && lastDash !== basename.length - 1) {
+		const suffix = basename.slice(lastDash + 1);
+		if (suffix.length >= 6 && suffix.length <= 12 && /^[A-Za-z0-9_-]+$/.test(suffix)) return `W/"${suffix}"`;
+	}
+	const normalizedPath = normalizePathSeparators(relativePath);
+	const managedMediaSegment = `${ASSET_PREFIX_URL_DIR}/media/`;
+	if (normalizedPath.startsWith(managedMediaSegment) || normalizedPath.includes(`/${managedMediaSegment}`)) {
+		const lastDot = basename.lastIndexOf(".");
+		if (lastDot !== -1) {
+			const suffix = basename.slice(lastDot + 1);
+			if (/^[0-9a-f]{8}$/.test(suffix)) return `W/"${suffix}"`;
+		}
+	}
+	return null;
 }
 function buildVariant(info, baseHeaders, encoding) {
 	return {

package/dist/shims/app-router-scroll-state.d.ts

@@ -3,11 +3,13 @@ type AppRouterScrollIntent = Readonly<{
   commitId: number | null;
   hash: string | null;
   id: number;
+  targetHoistedInHead: boolean;
 }>;
 declare function beginAppRouterScrollIntent(hash: string | null): AppRouterScrollIntent;
 declare function clearAppRouterScrollIntent(): void;
 declare function getPendingAppRouterScrollIntent(): AppRouterScrollIntent | null;
 declare function claimAppRouterScrollIntentForCommit(expected: AppRouterScrollIntent | null | undefined, commitId: number): void;
+declare function markAppRouterScrollIntentHeadHoisted(expected: AppRouterScrollIntent | null | undefined, commitId: number): void;
 declare function consumeAppRouterScrollIntent(expected: AppRouterScrollIntent | null | undefined, commitId?: number): AppRouterScrollIntent | null;
 //#endregion
-export { AppRouterScrollIntent, beginAppRouterScrollIntent, claimAppRouterScrollIntentForCommit, clearAppRouterScrollIntent, consumeAppRouterScrollIntent, getPendingAppRouterScrollIntent };
+export { AppRouterScrollIntent, beginAppRouterScrollIntent, claimAppRouterScrollIntentForCommit, clearAppRouterScrollIntent, consumeAppRouterScrollIntent, getPendingAppRouterScrollIntent, markAppRouterScrollIntentHeadHoisted };

package/dist/shims/app-router-scroll-state.js

@@ -14,7 +14,8 @@ function beginAppRouterScrollIntent(hash) {
 	const intent = {
 		commitId: null,
 		hash,
-		id: store.nextId
+		id: store.nextId,
+		targetHoistedInHead: false
 	};
 	store.pending = intent;
 	return intent;
@@ -35,6 +36,17 @@ function claimAppRouterScrollIntentForCommit(expected, commitId) {
 		commitId
 	};
 }
+function markAppRouterScrollIntentHeadHoisted(expected, commitId) {
+	const store = getScrollIntentStore();
+	const intent = store.pending;
+	if (expected === null || expected === void 0 || intent === null) return;
+	if (intent.id !== expected.id) return;
+	if (intent.commitId !== commitId) return;
+	store.pending = {
+		...intent,
+		targetHoistedInHead: true
+	};
+}
 function consumeAppRouterScrollIntent(expected, commitId) {
 	if (expected === null || expected === void 0) return null;
 	const store = getScrollIntentStore();
@@ -46,4 +58,4 @@ function consumeAppRouterScrollIntent(expected, commitId) {
 	return intent;
 }
 //#endregion
-export { beginAppRouterScrollIntent, claimAppRouterScrollIntentForCommit, clearAppRouterScrollIntent, consumeAppRouterScrollIntent, getPendingAppRouterScrollIntent };
+export { beginAppRouterScrollIntent, claimAppRouterScrollIntentForCommit, clearAppRouterScrollIntent, consumeAppRouterScrollIntent, getPendingAppRouterScrollIntent, markAppRouterScrollIntentHeadHoisted };

package/dist/shims/app-router-scroll.d.ts

@@ -5,9 +5,12 @@ declare class AppRouterScrollTargetInner extends React$1.Component<{
   children: React$1.ReactNode;
   commitId: number | null;
 }> {
+  scheduledCommitId: number | null;
+  schedulePotentialScroll: () => void;
   handlePotentialScroll: () => void;
   componentDidMount(): void;
   componentDidUpdate(): void;
+  componentWillUnmount(): void;
   render(): React$1.ReactNode;
 }
 declare function AppRouterScrollCommitProvider({

package/dist/shims/app-router-scroll.js

@@ -1,6 +1,6 @@
 "use client";
 import { decodeHashFragment } from "./hash-scroll.js";
-import { consumeAppRouterScrollIntent, getPendingAppRouterScrollIntent } from "./app-router-scroll-state.js";
+import { consumeAppRouterScrollIntent, getPendingAppRouterScrollIntent, markAppRouterScrollIntentHeadHoisted } from "./app-router-scroll-state.js";
 import * as React$1 from "react";
 import { jsx } from "react/jsx-runtime";
 import * as ReactDOM from "react-dom";
@@ -46,8 +46,7 @@ function topOfElementInViewport(element, viewportHeight) {
 function getHashFragmentDomNode(hash) {
 	const fragment = decodeHashFragment(hash.startsWith("#") ? hash.slice(1) : hash);
 	if (fragment === "top") return document.body;
-	const element = document.getElementById(fragment) ?? document.getElementsByName(fragment)[0];
-	return element instanceof HTMLElement ? element : null;
+	return document.getElementById(fragment) ?? document.getElementsByName(fragment)[0] ?? null;
 }
 function isInDocumentHead(node) {
 	const head = node.ownerDocument?.head;
@@ -55,7 +54,7 @@ function isInDocumentHead(node) {
 }
 function findNextScrollTarget(node) {
 	if (!(node instanceof Element)) return null;
-	if (isInDocumentHead(node)) return { kind: "document-top" };
+	if (isInDocumentHead(node)) return null;
 	let target = node;
 	while (!(target instanceof HTMLElement) || shouldSkipElement(target)) {
 		if (target.nextElementSibling === null) return null;
@@ -82,34 +81,45 @@ function scrollToElement(target, hash) {
 	});
 }
 var AppRouterScrollTargetInner = class extends React$1.Component {
+	scheduledCommitId = null;
+	schedulePotentialScroll = () => {
+		const commitId = this.props.commitId;
+		this.scheduledCommitId = commitId;
+		queueMicrotask(() => {
+			if (this.scheduledCommitId !== commitId) return;
+			this.handlePotentialScroll();
+		});
+	};
 	handlePotentialScroll = () => {
 		const intent = getPendingAppRouterScrollIntent();
 		if (intent === null) return;
 		if (this.props.commitId === null || intent.commitId !== this.props.commitId) return;
-		let target;
-		if (intent.hash !== null) {
-			target = getHashFragmentDomNode(intent.hash);
-			if (target === null) return;
-		} else {
-			const next = findNextScrollTarget(findDOMNode(this));
-			if (next === null) return;
-			if (next.kind === "document-top") {
-				if (consumeAppRouterScrollIntent(intent, this.props.commitId) === null) return;
-				document.documentElement.scrollTop = 0;
+		let node;
+		if (intent.hash !== null) node = getHashFragmentDomNode(intent.hash);
+		else node = null;
+		if (node === null) {
+			node = findDOMNode(this);
+			if (node !== null && isInDocumentHead(node)) {
+				markAppRouterScrollIntentHeadHoisted(intent, this.props.commitId);
 				return;
 			}
-			target = next.element;
 		}
+		const next = findNextScrollTarget(node);
+		if (next === null) return;
+		const target = next.element;
 		const consumed = consumeAppRouterScrollIntent(intent, this.props.commitId);
 		if (consumed === null) return;
 		scrollToElement(target, consumed.hash);
-		target.focus({ preventScroll: true });
+		target.focus();
 	};
 	componentDidMount() {
-		this.handlePotentialScroll();
+		this.schedulePotentialScroll();
 	}
 	componentDidUpdate() {
-		this.handlePotentialScroll();
+		this.schedulePotentialScroll();
+	}
+	componentWillUnmount() {
+		this.scheduledCommitId = null;
 	}
 	render() {
 		return this.props.children;

package/dist/shims/before-interactive-context.d.ts

@@ -2,17 +2,28 @@ import React from "react";
 
 //#region src/shims/before-interactive-context.d.ts
 /**
- * Inline `<Script strategy="beforeInteractive">` content captured during SSR.
+ * A `<Script strategy="beforeInteractive">` captured during SSR.
  *
  * The Script shim hands these records to the SSR pipeline through
  * `BeforeInteractiveContext` instead of rendering the `<script>` tag inline.
  * The pipeline then emits the captured tag immediately after `<head>` opens,
  * so the script runs before any React-hoisted stylesheets or modulepreload
  * links. Matches the standard no-flash dark-mode pattern.
+ *
+ * Both inline (`children`/`dangerouslySetInnerHTML`) and external (`src`)
+ * beforeInteractive scripts flow through here, mirroring Next.js which registers
+ * inline and src beforeInteractive scripts equally in the App Router runtime
+ * (`(self.__next_s=...).push(...)`). An entry has `src` set for external
+ * scripts and `innerHTML` set for inline scripts (never both).
  */
 type BeforeInteractiveInlineScript = {
-  /** Optional id attribute. */id?: string; /** Pre-escaped inline content (already passed through `escapeInlineContent`). */
-  innerHTML: string; /** Nonce to emit on the `<script>` tag, when CSP is enabled. */
+  /** Optional id attribute. */id?: string; /** External script URL. Set for src beforeInteractive scripts. */
+  src?: string;
+  /**
+   * Pre-escaped inline content (already passed through `escapeInlineContent`).
+   * Set for inline beforeInteractive scripts; omitted for src scripts.
+   */
+  innerHTML?: string; /** Nonce to emit on the `<script>` tag, when CSP is enabled. */
   nonce?: string;
   /**
    * Additional HTML attributes to emit on the tag. Booleans render as the

package/dist/shims/cache-runtime.js

@@ -1,6 +1,7 @@
 import { getOrCreateAls } from "./internal/als-registry.js";
 import { getRequestContext, isInsideUnifiedScope, runWithUnifiedStateMutation } from "./unified-request-context.js";
 import { VINEXT_RSC_MARKER_HEADER } from "../server/headers.js";
+import { trackPprFallbackShellCacheTask } from "./ppr-fallback-shell.js";
 import { markDynamicUsage } from "./headers.js";
 import { _registerCacheContextAccessor, _setRequestScopedCacheLife, cacheLifeProfiles, getDataCacheHandler } from "./cache.js";
 import { addCollectedRequestTags, getCurrentFetchSoftTags } from "./fetch-cache.js";
@@ -243,7 +244,7 @@ function registerCachedFunction(fn, id, variant, options = {}) {
 	const cacheVariant = variant ?? "";
 	const omitAppPageSearchParamsFromFirstArg = options.appPageDefaultExport === true;
 	const isDev = typeof process !== "undefined" && process.env.NODE_ENV === "development";
-	const cachedFn = async (...args) => {
+	const cachedFn = (...args) => trackPprFallbackShellCacheTask(async () => {
 		const rsc = await getRscModule();
 		const keySeed = getUseCacheKeySeed();
 		let cacheKey;
@@ -320,7 +321,7 @@ function registerCachedFunction(fn, id, variant, options = {}) {
 			});
 		} catch {}
 		return result;
-	};
+	}, cacheVariant);
 	Object.defineProperty(cachedFn, "length", {
 		value: fn.length,
 		configurable: true