From 1d6c140430a824e4e3c8d014523adbbc8058bf77 Mon Sep 17 00:00:00 2001
From: MD YUNUS <admin@yunuscollege.eu.org>
Date: Sun, 8 Mar 2026 17:28:53 +0530
Subject: [PATCH 1/8] test: add snapshot tests for entry template generators
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add 7 snapshot tests covering all 5 virtual entry module generators:

App Router (imported directly — already exported standalone):
  - generateRscEntry: minimal routes, with middleware, with config
  - generateSsrEntry
  - generateBrowserEntry

Pages Router (tested via pluginContainer.load on virtual modules):
  - virtual:vinext-server-entry
  - virtual:vinext-client-entry

These snapshots lock down the generated code so subsequent extraction
refactors (moving generators into entries/ modules) can be verified
against a known baseline.

Ref #253
---
 .../entry-templates.test.ts.snap              | 9072 +++++++++++++++++
 tests/entry-templates.test.ts                 |  193 +
 2 files changed, 9265 insertions(+)
 create mode 100644 tests/__snapshots__/entry-templates.test.ts.snap
 create mode 100644 tests/entry-templates.test.ts

diff --git a/tests/__snapshots__/entry-templates.test.ts.snap b/tests/__snapshots__/entry-templates.test.ts.snap
new file mode 100644
index 00000000..51a3c1c2
--- /dev/null
+++ b/tests/__snapshots__/entry-templates.test.ts.snap
@@ -0,0 +1,9072 @@
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
+
+exports[`App Router entry templates > generateBrowserEntry snapshot 1`] = `
+"
+import {
+  createFromReadableStream,
+  createFromFetch,
+  setServerCallback,
+  encodeReply,
+  createTemporaryReferenceSet,
+} from "@vitejs/plugin-rsc/browser";
+import { hydrateRoot } from "react-dom/client";
+import { flushSync } from "react-dom";
+import { setClientParams, toRscUrl, getPrefetchCache, getPrefetchedUrls, PREFETCH_CACHE_TTL } from "next/navigation";
+
+let reactRoot;
+
+/**
+ * Convert the embedded RSC chunks back to a ReadableStream.
+ * Each chunk is a text string that needs to be encoded back to Uint8Array.
+ */
+function chunksToReadableStream(chunks) {
+  const encoder = new TextEncoder();
+  return new ReadableStream({
+    start(controller) {
+      for (const chunk of chunks) {
+        controller.enqueue(encoder.encode(chunk));
+      }
+      controller.close();
+    }
+  });
+}
+
+/**
+ * Create a ReadableStream from progressively-embedded RSC chunks.
+ * The server injects RSC data as <script> tags that push to
+ * self.__VINEXT_RSC_CHUNKS__ throughout the HTML stream, and sets
+ * self.__VINEXT_RSC_DONE__ = true when complete.
+ *
+ * Instead of polling with setTimeout, we monkey-patch the array's
+ * push() method so new chunks are delivered immediately when the
+ * server's <script> tags execute. This eliminates unnecessary
+ * wakeups and reduces latency — same pattern Next.js uses with
+ * __next_f. The stream closes on DOMContentLoaded (when all
+ * server-injected scripts have executed) or when __VINEXT_RSC_DONE__
+ * is set, whichever comes first.
+ */
+function createProgressiveRscStream() {
+  const encoder = new TextEncoder();
+  return new ReadableStream({
+    start(controller) {
+      const chunks = self.__VINEXT_RSC_CHUNKS__ || [];
+
+      // Deliver any chunks that arrived before this code ran
+      // (from <script> tags that executed before the browser entry loaded)
+      for (const chunk of chunks) {
+        controller.enqueue(encoder.encode(chunk));
+      }
+
+      // If the stream is already complete, close immediately
+      if (self.__VINEXT_RSC_DONE__) {
+        controller.close();
+        return;
+      }
+
+      // Monkey-patch push() so future chunks stream in immediately
+      // when the server's <script> tags execute
+      let closed = false;
+      function closeOnce() {
+        if (!closed) {
+          closed = true;
+          controller.close();
+        }
+      }
+
+      const arr = self.__VINEXT_RSC_CHUNKS__ = self.__VINEXT_RSC_CHUNKS__ || [];
+      arr.push = function(chunk) {
+        Array.prototype.push.call(this, chunk);
+        if (!closed) {
+          controller.enqueue(encoder.encode(chunk));
+          if (self.__VINEXT_RSC_DONE__) {
+            closeOnce();
+          }
+        }
+        return this.length;
+      };
+
+      // Safety net: if the server crashes mid-stream and __VINEXT_RSC_DONE__
+      // never arrives, close the stream when all server-injected scripts
+      // have executed (DOMContentLoaded). Without this, a truncated response
+      // leaves the ReadableStream open forever, hanging hydration.
+      if (typeof document !== "undefined") {
+        if (document.readyState === "loading") {
+          document.addEventListener("DOMContentLoaded", closeOnce);
+        } else {
+          // Document already loaded — close immediately if not already done
+          closeOnce();
+        }
+      }
+    }
+  });
+}
+
+// Register the server action callback — React calls this internally
+// when a "use server" function is invoked from client code.
+setServerCallback(async (id, args) => {
+  const temporaryReferences = createTemporaryReferenceSet();
+  const body = await encodeReply(args, { temporaryReferences });
+
+  const fetchResponse = await fetch(toRscUrl(window.location.pathname + window.location.search), {
+    method: "POST",
+    headers: { "x-rsc-action": id },
+    body,
+  });
+
+  // Check for redirect signal from server action that called redirect()
+  const actionRedirect = fetchResponse.headers.get("x-action-redirect");
+  if (actionRedirect) {
+    // External URLs (different origin) need a hard redirect — client-side
+    // RSC navigation only works for same-origin paths.
+    try {
+      const redirectUrl = new URL(actionRedirect, window.location.origin);
+      if (redirectUrl.origin !== window.location.origin) {
+        window.location.href = actionRedirect;
+        return undefined;
+      }
+    } catch {
+      // If URL parsing fails, fall through to client-side navigation
+    }
+
+    // Navigate to the redirect target using client-side navigation
+    const redirectType = fetchResponse.headers.get("x-action-redirect-type") || "replace";
+    if (redirectType === "push") {
+      window.history.pushState(null, "", actionRedirect);
+    } else {
+      window.history.replaceState(null, "", actionRedirect);
+    }
+    // Trigger RSC navigation to the redirect target
+    if (typeof window.__VINEXT_RSC_NAVIGATE__ === "function") {
+      window.__VINEXT_RSC_NAVIGATE__(actionRedirect);
+    }
+    return undefined;
+  }
+
+  const result = await createFromFetch(Promise.resolve(fetchResponse), { temporaryReferences });
+
+  // The RSC response for actions contains { root, returnValue }.
+  // Re-render the page with the updated tree.
+  if (result && typeof result === "object" && "root" in result) {
+    reactRoot.render(result.root);
+    // Return the action's return value to the caller
+    if (result.returnValue) {
+      if (!result.returnValue.ok) throw result.returnValue.data;
+      return result.returnValue.data;
+    }
+    return undefined;
+  }
+
+  // Fallback: render the entire result as the tree
+  reactRoot.render(result);
+  return result;
+});
+
+async function main() {
+  let rscStream;
+
+  // Use embedded RSC data for initial hydration if available.
+  // This ensures we use the SAME RSC payload that generated the HTML,
+  // avoiding hydration mismatches (React error #418).
+  //
+  // The server embeds RSC chunks progressively as <script> tags that push
+  // to self.__VINEXT_RSC_CHUNKS__. When complete, self.__VINEXT_RSC_DONE__
+  // is set and self.__VINEXT_RSC_PARAMS__ contains route params.
+  // For backwards compat, also check the legacy self.__VINEXT_RSC__ format.
+  if (self.__VINEXT_RSC_CHUNKS__ || self.__VINEXT_RSC_DONE__ || self.__VINEXT_RSC__) {
+    if (self.__VINEXT_RSC__) {
+      // Legacy format: single object with all chunks
+      const embedData = self.__VINEXT_RSC__;
+      delete self.__VINEXT_RSC__;
+      if (embedData.params) {
+        setClientParams(embedData.params);
+      }
+      rscStream = chunksToReadableStream(embedData.rsc);
+    } else {
+      // Progressive format: chunks arrive incrementally via script tags.
+      // Params are embedded in <head> so they're always available by this point.
+      if (self.__VINEXT_RSC_PARAMS__) {
+        setClientParams(self.__VINEXT_RSC_PARAMS__);
+      }
+      rscStream = createProgressiveRscStream();
+    }
+  } else {
+    // Fallback: fetch fresh RSC (shouldn't happen on initial page load)
+    const rscResponse = await fetch(toRscUrl(window.location.pathname + window.location.search));
+
+    // Hydrate useParams() with route params from the server before React hydration
+    const paramsHeader = rscResponse.headers.get("X-Vinext-Params");
+    if (paramsHeader) {
+      try { setClientParams(JSON.parse(paramsHeader)); } catch (_e) { /* ignore */ }
+    }
+
+    rscStream = rscResponse.body;
+  }
+
+  const root = await createFromReadableStream(rscStream);
+
+  // Hydrate the document
+  // In development, suppress Vite's error overlay for errors caught by React error
+  // boundaries. Without this, React re-throws caught errors to the global handler,
+  // which triggers Vite's overlay even though the error was handled by an error.tsx.
+  // In production, preserve React's default onCaughtError (console.error) so
+  // boundary-caught errors remain visible to error monitoring.
+  reactRoot = hydrateRoot(document, root, import.meta.env.DEV ? {
+    onCaughtError: function() {},
+  } : undefined);
+
+  // Store for client-side navigation
+  window.__VINEXT_RSC_ROOT__ = reactRoot;
+
+  // Client-side navigation handler
+  // Checks the prefetch cache (populated by <Link> IntersectionObserver and
+  // router.prefetch()) before making a network request. This makes navigation
+  // near-instant for prefetched routes.
+  window.__VINEXT_RSC_NAVIGATE__ = async function navigateRsc(href, __redirectDepth) {
+    if ((__redirectDepth || 0) > 10) {
+      console.error("[vinext] Too many RSC redirects — aborting navigation to prevent infinite loop.");
+      window.location.href = href;
+      return;
+    }
+    try {
+      const url = new URL(href, window.location.origin);
+      const rscUrl = toRscUrl(url.pathname + url.search);
+
+      // Check the in-memory prefetch cache first
+      let navResponse;
+      const prefetchCache = getPrefetchCache();
+      const cached = prefetchCache.get(rscUrl);
+      if (cached && (Date.now() - cached.timestamp) < PREFETCH_CACHE_TTL) {
+        navResponse = cached.response;
+        prefetchCache.delete(rscUrl); // Consume the cached entry (one-time use)
+        getPrefetchedUrls().delete(rscUrl); // Allow re-prefetch when link is visible again
+      } else if (cached) {
+        prefetchCache.delete(rscUrl); // Expired, clean up
+        getPrefetchedUrls().delete(rscUrl);
+      }
+
+      // Fallback to network fetch if not in cache
+      if (!navResponse) {
+        navResponse = await fetch(rscUrl, {
+          headers: { Accept: "text/x-component" },
+          credentials: "include",
+        });
+      }
+
+      // Detect if fetch followed a redirect: compare the final response URL to
+      // what we requested. If they differ, the server issued a 3xx — push the
+      // canonical destination URL into history before rendering.
+      const __finalUrl = new URL(navResponse.url);
+      const __requestedUrl = new URL(rscUrl, window.location.origin);
+      if (__finalUrl.pathname !== __requestedUrl.pathname) {
+        // Strip .rsc suffix from the final URL to get the page path for history.
+        // Use replaceState instead of pushState: the caller (navigateImpl) already
+        // pushed the pre-redirect URL; replacing it avoids a stale history entry.
+        const __destPath = __finalUrl.pathname.replace(/\\.rsc$/, "") + __finalUrl.search;
+        window.history.replaceState(null, "", __destPath);
+        return window.__VINEXT_RSC_NAVIGATE__(__destPath, (__redirectDepth || 0) + 1);
+      }
+
+      // Update useParams() with route params from the server before re-rendering
+      const navParamsHeader = navResponse.headers.get("X-Vinext-Params");
+      if (navParamsHeader) {
+        try { setClientParams(JSON.parse(navParamsHeader)); } catch (_e) { /* ignore */ }
+      } else {
+        setClientParams({});
+      }
+
+      const rscPayload = await createFromFetch(Promise.resolve(navResponse));
+      // Use flushSync to guarantee React commits the new tree to the DOM
+      // synchronously before this function returns. Callers scroll to top
+      // after awaiting, so the new content must be painted first.
+      flushSync(function () { reactRoot.render(rscPayload); });
+    } catch (err) {
+      console.error("[vinext] RSC navigation error:", err);
+      // Fallback to full page load
+      window.location.href = href;
+    }
+  };
+
+  // Handle popstate (browser back/forward)
+  // Store the navigation promise on a well-known property so that
+  // restoreScrollPosition (in navigation.ts) can await it before scrolling.
+  // This prevents a flash where the old content is visible at the restored
+  // scroll position before the new RSC payload has rendered.
+  window.addEventListener("popstate", () => {
+    const p = window.__VINEXT_RSC_NAVIGATE__(window.location.href);
+    window.__VINEXT_RSC_PENDING__ = p;
+    p.finally(() => {
+      // Clear once settled so stale promises aren't awaited later
+      if (window.__VINEXT_RSC_PENDING__ === p) {
+        window.__VINEXT_RSC_PENDING__ = null;
+      }
+    });
+  });
+
+  // HMR: re-render on server module updates
+  if (import.meta.hot) {
+    import.meta.hot.on("rsc:update", async () => {
+      try {
+        const rscPayload = await createFromFetch(
+          fetch(toRscUrl(window.location.pathname + window.location.search))
+        );
+        reactRoot.render(rscPayload);
+      } catch (err) {
+        console.error("[vinext] RSC HMR error:", err);
+      }
+    });
+  }
+}
+
+main();
+"
+`;
+
+exports[`App Router entry templates > generateRscEntry snapshot (minimal routes) 1`] = `
+"
+import {
+  renderToReadableStream,
+  decodeReply,
+  loadServerAction,
+  createTemporaryReferenceSet,
+} from "@vitejs/plugin-rsc/rsc";
+import { AsyncLocalStorage } from "node:async_hooks";
+import { createElement, Suspense, Fragment } from "react";
+import { setNavigationContext as _setNavigationContextOrig, getNavigationContext as _getNavigationContext } from "next/navigation";
+import { setHeadersContext, headersContextFromRequest, getDraftModeCookieHeader, getAndClearPendingCookies, consumeDynamicUsage, markDynamicUsage, runWithHeadersContext, applyMiddlewareRequestHeaders, getHeadersContext } from "next/headers";
+import { NextRequest, NextFetchEvent } from "next/server";
+import { ErrorBoundary, NotFoundBoundary } from "vinext/error-boundary";
+import { LayoutSegmentProvider } from "vinext/layout-segment-context";
+import { MetadataHead, mergeMetadata, resolveModuleMetadata, ViewportHead, mergeViewport, resolveModuleViewport } from "vinext/metadata";
+
+
+
+import { _consumeRequestScopedCacheLife, _runWithCacheState } from "next/cache";
+import { runWithFetchCache } from "vinext/fetch-cache";
+import { runWithPrivateCache as _runWithPrivateCache } from "vinext/cache-runtime";
+// Import server-only state module to register ALS-backed accessors.
+import { runWithNavigationContext as _runWithNavigationContext } from "vinext/navigation-state";
+import { reportRequestError as _reportRequestError } from "vinext/instrumentation";
+import { getSSRFontLinks as _getSSRFontLinks, getSSRFontStyles as _getSSRFontStylesGoogle, getSSRFontPreloads as _getSSRFontPreloadsGoogle } from "next/font/google";
+import { getSSRFontStyles as _getSSRFontStylesLocal, getSSRFontPreloads as _getSSRFontPreloadsLocal } from "next/font/local";
+function _getSSRFontStyles() { return [..._getSSRFontStylesGoogle(), ..._getSSRFontStylesLocal()]; }
+function _getSSRFontPreloads() { return [..._getSSRFontPreloadsGoogle(), ..._getSSRFontPreloadsLocal()]; }
+
+// ALS used to suppress the expected "Invalid hook call" dev warning when
+// layout/page components are probed outside React's render cycle. Patching
+// console.error once at module load (instead of per-request) avoids the
+// concurrent-request issue where request A's suppression filter could
+// swallow real errors from request B.
+const _suppressHookWarningAls = new AsyncLocalStorage();
+const _origConsoleError = console.error;
+console.error = (...args) => {
+  if (_suppressHookWarningAls.getStore() === true &&
+      typeof args[0] === "string" &&
+      args[0].includes("Invalid hook call")) return;
+  _origConsoleError.apply(console, args);
+};
+
+// Set navigation context in the ALS-backed store. "use client" components
+// rendered during SSR need the pathname/searchParams/params but the SSR
+// environment has a separate module instance of next/navigation.
+// Use _getNavigationContext() to read the current context — never cache
+// it in a module-level variable (that would leak between concurrent requests).
+function setNavigationContext(ctx) {
+  _setNavigationContextOrig(ctx);
+}
+
+// ISR cache is disabled in dev mode — every request re-renders fresh,
+// matching Next.js dev behavior. Cache-Control headers are still emitted
+// based on export const revalidate for testing purposes.
+// Production ISR is handled by prod-server.ts and the Cloudflare worker entry.
+
+// Normalize null-prototype objects from matchPattern() into thenable objects
+// that work both as Promises (for Next.js 15+ async params) and as plain
+// objects with synchronous property access (for pre-15 code like params.id).
+//
+// matchPattern() uses Object.create(null), producing objects without
+// Object.prototype. The RSC serializer rejects these. Spreading ({...obj})
+// restores a normal prototype. Object.assign onto the Promise preserves
+// synchronous property access (params.id, params.slug) that existing
+// components and test fixtures rely on.
+function makeThenableParams(obj) {
+  const plain = { ...obj };
+  return Object.assign(Promise.resolve(plain), plain);
+}
+
+// Resolve route tree segments to actual values using matched params.
+// Dynamic segments like [id] are replaced with param values, catch-all
+// segments like [...slug] are joined with "/", and route groups are kept as-is.
+function __resolveChildSegments(routeSegments, treePosition, params) {
+  var raw = routeSegments.slice(treePosition);
+  var result = [];
+  for (var j = 0; j < raw.length; j++) {
+    var seg = raw[j];
+    // Optional catch-all: [[...param]]
+    if (seg.indexOf("[[...") === 0 && seg.charAt(seg.length - 1) === "]" && seg.charAt(seg.length - 2) === "]") {
+      var pn = seg.slice(5, -2);
+      var v = params[pn];
+      // Skip empty optional catch-all (e.g., visiting /blog on [[...slug]] route)
+      if (Array.isArray(v) && v.length === 0) continue;
+      if (v == null) continue;
+      result.push(Array.isArray(v) ? v.join("/") : v);
+    // Catch-all: [...param]
+    } else if (seg.indexOf("[...") === 0 && seg.charAt(seg.length - 1) === "]") {
+      var pn2 = seg.slice(4, -1);
+      var v2 = params[pn2];
+      result.push(Array.isArray(v2) ? v2.join("/") : (v2 || seg));
+    // Dynamic: [param]
+    } else if (seg.charAt(0) === "[" && seg.charAt(seg.length - 1) === "]" && seg.indexOf(".") === -1) {
+      var pn3 = seg.slice(1, -1);
+      result.push(params[pn3] || seg);
+    } else {
+      result.push(seg);
+    }
+  }
+  return result;
+}
+
+// djb2 hash — matches Next.js's stringHash for digest generation.
+// Produces a stable numeric string from error message + stack.
+function __errorDigest(str) {
+  let hash = 5381;
+  for (let i = str.length - 1; i >= 0; i--) {
+    hash = (hash * 33) ^ str.charCodeAt(i);
+  }
+  return (hash >>> 0).toString();
+}
+
+// Sanitize an error for client consumption. In production, replaces the error
+// with a generic Error that only carries a digest hash (matching Next.js
+// behavior). In development, returns the original error for debugging.
+// Navigation errors (redirect, notFound, etc.) are always passed through
+// unchanged since their digests are used for client-side routing.
+function __sanitizeErrorForClient(error) {
+  // Navigation errors must pass through with their digest intact
+  if (error && typeof error === "object" && "digest" in error) {
+    const digest = String(error.digest);
+    if (
+      digest.startsWith("NEXT_REDIRECT;") ||
+      digest === "NEXT_NOT_FOUND" ||
+      digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")
+    ) {
+      return error;
+    }
+  }
+  // In development, pass through the original error for debugging
+  if (process.env.NODE_ENV !== "production") {
+    return error;
+  }
+  // In production, create a sanitized error with only a digest hash
+  const msg = error instanceof Error ? error.message : String(error);
+  const stack = error instanceof Error ? (error.stack || "") : "";
+  const sanitized = new Error(
+    "An error occurred in the Server Components render. " +
+    "The specific message is omitted in production builds to avoid leaking sensitive details. " +
+    "A digest property is included on this error instance which may provide additional details about the nature of the error."
+  );
+  sanitized.digest = __errorDigest(msg + stack);
+  return sanitized;
+}
+
+// onError callback for renderToReadableStream — preserves the digest for
+// Next.js navigation errors (redirect, notFound, forbidden, unauthorized)
+// thrown during RSC streaming (e.g. inside Suspense boundaries).
+// For non-navigation errors in production, generates a digest hash so the
+// error can be correlated with server logs without leaking details.
+function rscOnError(error) {
+  if (error && typeof error === "object" && "digest" in error) {
+    return String(error.digest);
+  }
+
+  // In dev, detect the "Only plain objects" RSC serialization error and emit
+  // an actionable hint. This error occurs when a Server Component passes a
+  // class instance, ES module namespace object, or null-prototype object as a
+  // prop to a Client Component.
+  //
+  // Root cause: Vite bundles modules as true ESM (module namespace objects
+  // have a null-like internal slot), while Next.js's webpack build produces
+  // plain CJS-wrapped objects with __esModule:true. React's RSC serializer
+  // accepts the latter as plain objects but rejects the former — which means
+  // code that accidentally passes "import * as X" works in webpack/Next.js
+  // but correctly fails in vinext.
+  //
+  // Common triggers:
+  //   - "import * as utils from './utils'" passed as a prop
+  //   - class instances (new Foo()) passed as props
+  //   - Date / Map / Set instances passed as props
+  //   - Objects with Object.create(null) (null prototype)
+  if (
+    process.env.NODE_ENV !== "production" &&
+    error instanceof Error &&
+    error.message.includes("Only plain objects, and a few built-ins, can be passed to Client Components")
+  ) {
+    console.error(
+      "[vinext] RSC serialization error: a non-plain object was passed from a Server Component to a Client Component.\\n" +
+      "\\n" +
+      "Common causes:\\n" +
+      "  * Passing a module namespace (import * as X) directly as a prop.\\n" +
+      "    Unlike Next.js (webpack), Vite produces real ESM module namespace objects\\n" +
+      "    which are not serializable. Fix: pass individual values instead,\\n" +
+      "    e.g. <Comp value={module.value} />\\n" +
+      "  * Passing a class instance (new Foo()) as a prop.\\n" +
+      "    Fix: convert to a plain object, e.g. { id: foo.id, name: foo.name }\\n" +
+      "  * Passing a Date, Map, or Set. Use .toISOString(), [...map.entries()], etc.\\n" +
+      "  * Passing Object.create(null). Use { ...obj } to restore a prototype.\\n" +
+      "\\n" +
+      "Original error:",
+      error.message,
+    );
+    return undefined;
+  }
+
+  // In production, generate a digest hash for non-navigation errors
+  if (process.env.NODE_ENV === "production" && error) {
+    const msg = error instanceof Error ? error.message : String(error);
+    const stack = error instanceof Error ? (error.stack || "") : "";
+    return __errorDigest(msg + stack);
+  }
+  return undefined;
+}
+
+import * as mod_0 from "/tmp/test/app/page.tsx";
+import * as mod_1 from "/tmp/test/app/layout.tsx";
+import * as mod_2 from "/tmp/test/app/about/page.tsx";
+
+
+
+const routes = [
+  {
+    pattern: "/",
+    isDynamic: false,
+    params: [],
+    page: mod_0,
+    routeHandler: null,
+    layouts: [mod_1],
+    routeSegments: [],
+    layoutTreePositions: [0],
+    templates: [],
+    errors: [null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null],
+    forbidden: null,
+    unauthorized: null,
+  },
+  {
+    pattern: "/about",
+    isDynamic: false,
+    params: [],
+    page: mod_2,
+    routeHandler: null,
+    layouts: [mod_1],
+    routeSegments: ["about"],
+    layoutTreePositions: [0],
+    templates: [],
+    errors: [null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null],
+    forbidden: null,
+    unauthorized: null,
+  }
+];
+
+const metadataRoutes = [
+
+];
+
+const rootNotFoundModule = null;
+const rootForbiddenModule = null;
+const rootUnauthorizedModule = null;
+const rootLayouts = [mod_1];
+
+/**
+ * Render an HTTP access fallback page (not-found/forbidden/unauthorized) with layouts and noindex meta.
+ * Returns null if no matching component is available.
+ *
+ * @param opts.boundaryComponent - Override the boundary component (for layout-level notFound)
+ * @param opts.layouts - Override the layouts to wrap with (for layout-level notFound, excludes the throwing layout)
+ */
+async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, opts) {
+  // Determine which boundary component to use based on status code
+  let BoundaryComponent = opts?.boundaryComponent ?? null;
+  if (!BoundaryComponent) {
+    let boundaryModule;
+    if (statusCode === 403) {
+      boundaryModule = route?.forbidden ?? rootForbiddenModule;
+    } else if (statusCode === 401) {
+      boundaryModule = route?.unauthorized ?? rootUnauthorizedModule;
+    } else {
+      boundaryModule = route?.notFound ?? rootNotFoundModule;
+    }
+    BoundaryComponent = boundaryModule?.default ?? null;
+  }
+  const layouts = opts?.layouts ?? route?.layouts ?? rootLayouts;
+  if (!BoundaryComponent) return null;
+
+  // Resolve metadata and viewport from parent layouts so that not-found/error
+  // pages inherit title, description, OG tags etc. — matching Next.js behavior.
+  const metadataList = [];
+  const viewportList = [];
+  for (const layoutMod of layouts) {
+    if (layoutMod) {
+      const meta = await resolveModuleMetadata(layoutMod);
+      if (meta) metadataList.push(meta);
+      const vp = await resolveModuleViewport(layoutMod);
+      if (vp) viewportList.push(vp);
+    }
+  }
+  const resolvedMetadata = metadataList.length > 0 ? mergeMetadata(metadataList) : null;
+  const resolvedViewport = mergeViewport(viewportList);
+
+  // Build element: metadata head + noindex meta + boundary component wrapped in layouts
+  // Always include charset and default viewport for parity with Next.js.
+  const charsetMeta = createElement("meta", { charSet: "utf-8" });
+  const noindexMeta = createElement("meta", { name: "robots", content: "noindex" });
+  const headElements = [charsetMeta, noindexMeta];
+  if (resolvedMetadata) headElements.push(createElement(MetadataHead, { metadata: resolvedMetadata }));
+  headElements.push(createElement(ViewportHead, { viewport: resolvedViewport }));
+  let element = createElement(Fragment, null, ...headElements, createElement(BoundaryComponent));
+  if (isRscRequest) {
+    // For RSC requests (client-side navigation), wrap the element with the same
+    // component wrappers that buildPageElement() uses. Without these wrappers,
+    // React's reconciliation would see a mismatched tree structure between the
+    // old fiber tree (ErrorBoundary > LayoutSegmentProvider > html > body > NotFoundBoundary > ...)
+    // and the new tree (html > body > ...), causing it to destroy and recreate
+    // the entire DOM tree, resulting in a blank white page.
+    //
+    // We wrap each layout with LayoutSegmentProvider and add GlobalErrorBoundary
+    // to match the wrapping order in buildPageElement(), ensuring smooth
+    // client-side tree reconciliation.
+    const _treePositions = route?.layoutTreePositions;
+    const _routeSegs = route?.routeSegments || [];
+    const _fallbackParams = opts?.params || {};
+    for (let i = layouts.length - 1; i >= 0; i--) {
+      const LayoutComponent = layouts[i]?.default;
+      if (LayoutComponent) {
+        element = createElement(LayoutComponent, { children: element });
+        const _tp = _treePositions ? _treePositions[i] : 0;
+        const _cs = __resolveChildSegments(_routeSegs, _tp, _fallbackParams);
+        element = createElement(LayoutSegmentProvider, { childSegments: _cs }, element);
+      }
+    }
+    
+    const rscStream = renderToReadableStream(element, { onError: rscOnError });
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response(rscStream, {
+      status: statusCode,
+      headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+    });
+  }
+  // For HTML (full page load) responses, wrap with layouts only (no client-side
+  // wrappers needed since SSR generates the complete HTML document).
+  for (let i = layouts.length - 1; i >= 0; i--) {
+    const LayoutComponent = layouts[i]?.default;
+    if (LayoutComponent) {
+      element = createElement(LayoutComponent, { children: element });
+    }
+  }
+  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  // Collect font data from RSC environment
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+  const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+  const htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+  setHeadersContext(null);
+  setNavigationContext(null);
+  const _respHeaders = { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" };
+  const _linkParts = (fontData.preloads || []).map(function(p) { return "<" + p.href + ">; rel=preload; as=font; type=" + p.type + "; crossorigin"; });
+  if (_linkParts.length > 0) _respHeaders["Link"] = _linkParts.join(", ");
+  return new Response(htmlStream, {
+    status: statusCode,
+    headers: _respHeaders,
+  });
+}
+
+/** Convenience: render a not-found page (404) */
+async function renderNotFoundPage(route, isRscRequest, request, params) {
+  return renderHTTPAccessFallbackPage(route, 404, isRscRequest, request, { params });
+}
+
+/**
+ * Render an error.tsx boundary page when a server component or generateMetadata() throws.
+ * Returns null if no error boundary component is available for this route.
+ *
+ * Next.js returns HTTP 200 when error.tsx catches an error (the error is "handled"
+ * by the boundary). This matches that behavior intentionally.
+ */
+async function renderErrorBoundaryPage(route, error, isRscRequest, request, params) {
+  // Resolve the error boundary component: leaf error.tsx first, then walk per-layout
+  // errors from innermost to outermost (matching ancestor inheritance), then global-error.tsx.
+  let ErrorComponent = route?.error?.default ?? null;
+  if (!ErrorComponent && route?.errors) {
+    for (let i = route.errors.length - 1; i >= 0; i--) {
+      if (route.errors[i]?.default) {
+        ErrorComponent = route.errors[i].default;
+        break;
+      }
+    }
+  }
+  ErrorComponent = ErrorComponent;
+  if (!ErrorComponent) return null;
+
+  const rawError = error instanceof Error ? error : new Error(String(error));
+  // Sanitize the error in production to avoid leaking internal details
+  // (database errors, file paths, stack traces) through error.tsx to the client.
+  // In development, pass the original error for debugging.
+  const errorObj = __sanitizeErrorForClient(rawError);
+  // Only pass error — reset is a client-side concern (re-renders the segment) and
+  // can't be serialized through RSC. The error.tsx component will receive reset=undefined
+  // during SSR, which is fine — onClick={undefined} is harmless, and the real reset
+  // function is only meaningful after hydration.
+  let element = createElement(ErrorComponent, {
+    error: errorObj,
+  });
+  const layouts = route?.layouts ?? rootLayouts;
+  if (isRscRequest) {
+    // For RSC requests (client-side navigation), wrap with the same component
+    // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
+    // This ensures React can reconcile the tree without destroying the DOM.
+    // Same rationale as renderHTTPAccessFallbackPage — see comment there.
+    const _errTreePositions = route?.layoutTreePositions;
+    const _errRouteSegs = route?.routeSegments || [];
+    const _errParams = params || {};
+    for (let i = layouts.length - 1; i >= 0; i--) {
+      const LayoutComponent = layouts[i]?.default;
+      if (LayoutComponent) {
+        element = createElement(LayoutComponent, { children: element });
+        const _etp = _errTreePositions ? _errTreePositions[i] : 0;
+        const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
+        element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+      }
+    }
+    
+    const rscStream = renderToReadableStream(element, { onError: rscOnError });
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response(rscStream, {
+      status: 200,
+      headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+    });
+  }
+  // For HTML (full page load) responses, wrap with layouts only.
+  for (let i = layouts.length - 1; i >= 0; i--) {
+    const LayoutComponent = layouts[i]?.default;
+    if (LayoutComponent) {
+      element = createElement(LayoutComponent, { children: element });
+    }
+  }
+  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  // Collect font data from RSC environment so error pages include font styles
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+  const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+  const htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+  setHeadersContext(null);
+  setNavigationContext(null);
+  const _errHeaders = { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" };
+  const _errLinkParts = (fontData.preloads || []).map(function(p) { return "<" + p.href + ">; rel=preload; as=font; type=" + p.type + "; crossorigin"; });
+  if (_errLinkParts.length > 0) _errHeaders["Link"] = _errLinkParts.join(", ");
+  return new Response(htmlStream, {
+    status: 200,
+    headers: _errHeaders,
+  });
+}
+
+function matchRoute(url, routes) {
+  const pathname = url.split("?")[0];
+  let normalizedUrl = pathname === "/" ? "/" : pathname.replace(/\\/$/, "");
+   // NOTE: Do NOT decodeURIComponent here. The caller is responsible for decoding
+   // the pathname exactly once at the request entry point. Decoding again here
+   // would cause inconsistent path matching between middleware and routing.
+  for (const route of routes) {
+    const params = matchPattern(normalizedUrl, route.pattern);
+    if (params !== null) return { route, params };
+  }
+  return null;
+}
+
+function matchPattern(url, pattern) {
+  const urlParts = url.split("/").filter(Boolean);
+  const patternParts = pattern.split("/").filter(Boolean);
+  const params = Object.create(null);
+  for (let i = 0; i < patternParts.length; i++) {
+    const pp = patternParts[i];
+    if (pp.endsWith("+")) {
+      const paramName = pp.slice(1, -1);
+      const remaining = urlParts.slice(i);
+      if (remaining.length === 0) return null;
+      params[paramName] = remaining;
+      return params;
+    }
+    if (pp.endsWith("*")) {
+      const paramName = pp.slice(1, -1);
+      params[paramName] = urlParts.slice(i);
+      return params;
+    }
+    if (pp.startsWith(":")) {
+      if (i >= urlParts.length) return null;
+      params[pp.slice(1)] = urlParts[i];
+      continue;
+    }
+    if (i >= urlParts.length || urlParts[i] !== pp) return null;
+  }
+  if (urlParts.length !== patternParts.length) return null;
+  return params;
+}
+
+// Build a global intercepting route lookup for RSC navigation.
+// Maps target URL patterns to { sourceRouteIndex, slotName, interceptPage, params }.
+const interceptLookup = [];
+for (let ri = 0; ri < routes.length; ri++) {
+  const r = routes[ri];
+  if (!r.slots) continue;
+  for (const [slotName, slotMod] of Object.entries(r.slots)) {
+    if (!slotMod.intercepts) continue;
+    for (const intercept of slotMod.intercepts) {
+      interceptLookup.push({
+        sourceRouteIndex: ri,
+        slotName,
+        targetPattern: intercept.targetPattern,
+        page: intercept.page,
+        params: intercept.params,
+      });
+    }
+  }
+}
+
+/**
+ * Check if a pathname matches any intercepting route.
+ * Returns the match info or null.
+ */
+function findIntercept(pathname) {
+  for (const entry of interceptLookup) {
+    const params = matchPattern(pathname, entry.targetPattern);
+    if (params !== null) {
+      return { ...entry, matchedParams: params };
+    }
+  }
+  return null;
+}
+
+async function buildPageElement(route, params, opts, searchParams) {
+  const PageComponent = route.page?.default;
+  if (!PageComponent) {
+    return createElement("div", null, "Page has no default export");
+  }
+
+  // Resolve metadata and viewport from layouts and page
+  const metadataList = [];
+  const viewportList = [];
+  for (const layoutMod of route.layouts) {
+    if (layoutMod) {
+      const meta = await resolveModuleMetadata(layoutMod, params);
+      if (meta) metadataList.push(meta);
+      const vp = await resolveModuleViewport(layoutMod, params);
+      if (vp) viewportList.push(vp);
+    }
+  }
+  if (route.page) {
+    const pageMeta = await resolveModuleMetadata(route.page, params);
+    if (pageMeta) metadataList.push(pageMeta);
+    const pageVp = await resolveModuleViewport(route.page, params);
+    if (pageVp) viewportList.push(pageVp);
+  }
+  const resolvedMetadata = metadataList.length > 0 ? mergeMetadata(metadataList) : null;
+  const resolvedViewport = mergeViewport(viewportList);
+
+  // Build nested layout tree from outermost to innermost.
+  // Next.js 16 passes params/searchParams as Promises (async pattern)
+  // but pre-16 code accesses them as plain objects (params.id).
+  // makeThenableParams() normalises null-prototype + preserves both patterns.
+  const asyncParams = makeThenableParams(params);
+  const pageProps = { params: asyncParams };
+  if (searchParams) {
+    const spObj = {};
+    let hasSearchParams = false;
+    if (searchParams.forEach) searchParams.forEach(function(v, k) {
+      hasSearchParams = true;
+      if (k in spObj) {
+        // Multi-value: promote to array (Next.js returns string[] for duplicate keys)
+        spObj[k] = Array.isArray(spObj[k]) ? spObj[k].concat(v) : [spObj[k], v];
+      } else {
+        spObj[k] = v;
+      }
+    });
+    // If the URL has query parameters, mark the page as dynamic.
+    // In Next.js, only accessing the searchParams prop signals dynamic usage,
+    // but a Proxy-based approach doesn't work here because React's RSC debug
+    // serializer accesses properties on all props (e.g. $$typeof check in
+    // isClientReference), triggering the Proxy even when user code doesn't
+    // read searchParams. Checking for non-empty query params is a safe
+    // approximation: pages with query params in the URL are almost always
+    // dynamic, and this avoids false positives from React internals.
+    if (hasSearchParams) markDynamicUsage();
+    pageProps.searchParams = makeThenableParams(spObj);
+  }
+  let element = createElement(PageComponent, pageProps);
+
+  // Wrap page with empty segment provider so useSelectedLayoutSegments()
+  // returns [] when called from inside a page component (leaf node).
+  element = createElement(LayoutSegmentProvider, { childSegments: [] }, element);
+
+  // Add metadata + viewport head tags (React 19 hoists title/meta/link to <head>)
+  // Next.js always injects charset and default viewport even when no metadata/viewport
+  // is exported. We replicate that by always emitting these essential head elements.
+  {
+    const headElements = [];
+    // Always emit <meta charset="utf-8"> — Next.js includes this on every page
+    headElements.push(createElement("meta", { charSet: "utf-8" }));
+    if (resolvedMetadata) headElements.push(createElement(MetadataHead, { metadata: resolvedMetadata }));
+    headElements.push(createElement(ViewportHead, { viewport: resolvedViewport }));
+    element = createElement(Fragment, null, ...headElements, element);
+  }
+
+  // Wrap with loading.tsx Suspense if present
+  if (route.loading?.default) {
+    element = createElement(
+      Suspense,
+      { fallback: createElement(route.loading.default) },
+      element,
+    );
+  }
+
+  // Wrap with the leaf's error.tsx ErrorBoundary if it's not already covered
+  // by a per-layout error boundary (i.e., the leaf has error.tsx but no layout).
+  // Per-layout error boundaries are interleaved with layouts below.
+  {
+    const lastLayoutError = route.errors ? route.errors[route.errors.length - 1] : null;
+    if (route.error?.default && route.error !== lastLayoutError) {
+      element = createElement(ErrorBoundary, {
+        fallback: route.error.default,
+        children: element,
+      });
+    }
+  }
+
+  // Wrap with NotFoundBoundary so client-side notFound() renders not-found.tsx
+  // instead of crashing the React tree. Must be above ErrorBoundary since
+  // ErrorBoundary re-throws notFound errors.
+  // Pre-render the not-found component as a React element since it may be a
+  // server component (not a client reference) and can't be passed as a function prop.
+  {
+    const NotFoundComponent = route.notFound?.default ?? null;
+    if (NotFoundComponent) {
+      element = createElement(NotFoundBoundary, {
+        fallback: createElement(NotFoundComponent),
+        children: element,
+      });
+    }
+  }
+
+  // Wrap with templates (innermost first, then outer)
+  // Templates are like layouts but re-mount on navigation (client-side concern).
+  // On the server, they just wrap the content like layouts do.
+  if (route.templates) {
+    for (let i = route.templates.length - 1; i >= 0; i--) {
+      const TemplateComponent = route.templates[i]?.default;
+      if (TemplateComponent) {
+        element = createElement(TemplateComponent, { children: element, params });
+      }
+    }
+  }
+
+  // Wrap with layouts (innermost first, then outer).
+  // At each layout level, first wrap with that level's error boundary (if any)
+  // so the boundary is inside the layout and catches errors from children.
+  // This matches Next.js behavior: Layout > ErrorBoundary > children.
+  // Parallel slots are passed as named props to the innermost layout
+  // (the layout at the same directory level as the page/slots)
+  for (let i = route.layouts.length - 1; i >= 0; i--) {
+    // Wrap with per-layout error boundary before wrapping with layout.
+    // This places the ErrorBoundary inside the layout, catching errors
+    // from child segments (matching Next.js per-segment error handling).
+    if (route.errors && route.errors[i]?.default) {
+      element = createElement(ErrorBoundary, {
+        fallback: route.errors[i].default,
+        children: element,
+      });
+    }
+
+    const LayoutComponent = route.layouts[i]?.default;
+    if (LayoutComponent) {
+      // Per-layout NotFoundBoundary: wraps this layout's children so that
+      // notFound() thrown from a child layout is caught here.
+      // Matches Next.js behavior where each segment has its own boundary.
+      // The boundary at level N catches errors from Layout[N+1] and below,
+      // but NOT from Layout[N] itself (which propagates to level N-1).
+      {
+        const LayoutNotFound = route.notFounds?.[i]?.default;
+        if (LayoutNotFound) {
+          element = createElement(NotFoundBoundary, {
+            fallback: createElement(LayoutNotFound),
+            children: element,
+          });
+        }
+      }
+
+      const layoutProps = { children: element, params: makeThenableParams(params) };
+
+      // Add parallel slot elements to the layout that defines them.
+      // Each slot has a layoutIndex indicating which layout it belongs to.
+      if (route.slots) {
+        for (const [slotName, slotMod] of Object.entries(route.slots)) {
+          // Attach slot to the layout at its layoutIndex, or to the innermost layout if -1
+          const targetIdx = slotMod.layoutIndex >= 0 ? slotMod.layoutIndex : route.layouts.length - 1;
+          if (i !== targetIdx) continue;
+          // Check if this slot has an intercepting route that should activate
+          let SlotPage = null;
+          let slotParams = params;
+
+          if (opts && opts.interceptSlot === slotName && opts.interceptPage) {
+            // Use the intercepting route's page component
+            SlotPage = opts.interceptPage.default;
+            slotParams = opts.interceptParams || params;
+          } else {
+            SlotPage = slotMod.page?.default || slotMod.default?.default;
+          }
+
+          if (SlotPage) {
+            let slotElement = createElement(SlotPage, { params: makeThenableParams(slotParams) });
+            // Wrap with slot-specific layout if present.
+            // In Next.js, @slot/layout.tsx wraps the slot's page content
+            // before it is passed as a prop to the parent layout.
+            const SlotLayout = slotMod.layout?.default;
+            if (SlotLayout) {
+              slotElement = createElement(SlotLayout, {
+                children: slotElement,
+                params: makeThenableParams(slotParams),
+              });
+            }
+            // Wrap with slot-specific loading if present
+            if (slotMod.loading?.default) {
+              slotElement = createElement(Suspense,
+                { fallback: createElement(slotMod.loading.default) },
+                slotElement,
+              );
+            }
+            // Wrap with slot-specific error boundary if present
+            if (slotMod.error?.default) {
+              slotElement = createElement(ErrorBoundary, {
+                fallback: slotMod.error.default,
+                children: slotElement,
+              });
+            }
+            layoutProps[slotName] = slotElement;
+          }
+        }
+      }
+
+      element = createElement(LayoutComponent, layoutProps);
+
+      // Wrap the layout with LayoutSegmentProvider so useSelectedLayoutSegments()
+      // called INSIDE this layout gets the correct child segments. We resolve the
+      // route tree segments using actual param values and pass them through context.
+      // We wrap the layout (not just children) because hooks are called from
+      // components rendered inside the layout's own JSX.
+      const treePos = route.layoutTreePositions ? route.layoutTreePositions[i] : 0;
+      const childSegs = __resolveChildSegments(route.routeSegments || [], treePos, params);
+      element = createElement(LayoutSegmentProvider, { childSegments: childSegs }, element);
+    }
+  }
+
+  // Wrap with global error boundary if app/global-error.tsx exists.
+  // This catches errors in the root layout itself.
+  
+
+  return element;
+}
+
+
+
+const __basePath = "";
+const __trailingSlash = false;
+const __configRedirects = [];
+const __configRewrites = {"beforeFiles":[],"afterFiles":[],"fallback":[]};
+const __configHeaders = [];
+const __allowedOrigins = [];
+
+
+// ── Dev server origin verification ──────────────────────────────────────
+// Block cross-origin requests to prevent data exfiltration during development.
+const __allowedDevOrigins = [];
+const __safeDevHosts = ["localhost", "127.0.0.1", "[::1]"];
+
+function __validateDevRequestOrigin(request) {
+  // Check Sec-Fetch headers (catches <script> tag exfiltration)
+  if (request.headers.get("sec-fetch-mode") === "no-cors" &&
+      request.headers.get("sec-fetch-site") === "cross-site") {
+    console.warn("[vinext] Blocked cross-site no-cors request to " + new URL(request.url).pathname);
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  const origin = request.headers.get("origin");
+  if (!origin || origin === "null") return null;
+
+  let originHostname;
+  try {
+    originHostname = new URL(origin).hostname.toLowerCase();
+  } catch {
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  // Allow localhost, 127.0.0.1, [::1], and *.localhost
+  if (__safeDevHosts.includes(originHostname) || originHostname.endsWith(".localhost")) return null;
+
+  // Same-origin: compare against Host header
+  const hostHeader = (request.headers.get("x-forwarded-host") || request.headers.get("host") || "").split(",")[0].trim().split(":")[0].toLowerCase();
+  if (hostHeader && originHostname === hostHeader) return null;
+
+  // Check user-configured allowed origins
+  for (const pattern of __allowedDevOrigins) {
+    if (pattern.startsWith("*.")) {
+      const suffix = pattern.slice(1);
+      if (originHostname === pattern.slice(2) || originHostname.endsWith(suffix)) return null;
+    } else if (originHostname === pattern) {
+      return null;
+    }
+  }
+
+  console.warn(
+    \`[vinext] Blocked cross-origin request from "\${origin}" to \${new URL(request.url).pathname}. \` +
+    \`To allow this origin, add it to allowedDevOrigins in next.config.js.\`
+  );
+  return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+}
+
+
+// ── CSRF origin validation for server actions ───────────────────────────
+// Matches Next.js behavior: compare the Origin header against the Host header.
+// If they don't match, the request is rejected with 403 unless the origin is
+// in the allowedOrigins list (from experimental.serverActions.allowedOrigins).
+function __isOriginAllowed(origin, allowed) {
+  for (const pattern of allowed) {
+    if (pattern.startsWith("*.")) {
+      // Wildcard: *.example.com matches sub.example.com, a.b.example.com
+      const suffix = pattern.slice(1); // ".example.com"
+      if (origin === pattern.slice(2) || origin.endsWith(suffix)) return true;
+    } else if (origin === pattern) {
+      return true;
+    }
+  }
+  return false;
+}
+
+function __validateCsrfOrigin(request) {
+  const originHeader = request.headers.get("origin");
+  // If there's no Origin header, allow the request — same-origin requests
+  // from non-fetch navigations (e.g. SSR) may lack an Origin header.
+  // The x-rsc-action custom header already provides protection against simple
+  // form-based CSRF since custom headers can't be set by cross-origin forms.
+  if (!originHeader || originHeader === "null") return null;
+
+  let originHost;
+  try {
+    originHost = new URL(originHeader).host.toLowerCase();
+  } catch {
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  // Only use the Host header for origin comparison — never trust
+  // X-Forwarded-Host here, since it can be freely set by the client
+  // and would allow the check to be bypassed if it matched a spoofed
+  // Origin. The prod server's resolveHost() handles trusted proxy
+  // scenarios separately.
+  const hostHeader = (
+    request.headers.get("host") ||
+    ""
+  ).split(",")[0].trim().toLowerCase();
+
+  if (!hostHeader) return null;
+
+  // Same origin — allow
+  if (originHost === hostHeader) return null;
+
+  // Check allowedOrigins from next.config.js
+  if (__allowedOrigins.length > 0 && __isOriginAllowed(originHost, __allowedOrigins)) return null;
+
+  console.warn(
+    \`[vinext] CSRF origin mismatch: origin "\${originHost}" does not match host "\${hostHeader}". Blocking server action request.\`
+  );
+  return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+}
+
+// ── ReDoS-safe regex compilation ────────────────────────────────────────
+
+function __isSafeRegex(pattern) {
+  const quantifierAtDepth = [];
+  let depth = 0;
+  let i = 0;
+  while (i < pattern.length) {
+    const ch = pattern[i];
+    if (ch === "\\\\") { i += 2; continue; }
+    if (ch === "[") {
+      i++;
+      while (i < pattern.length && pattern[i] !== "]") {
+        if (pattern[i] === "\\\\") i++;
+        i++;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "(") {
+      depth++;
+      if (quantifierAtDepth.length <= depth) quantifierAtDepth.push(false);
+      else quantifierAtDepth[depth] = false;
+      i++;
+      continue;
+    }
+    if (ch === ")") {
+      const hadQ = depth > 0 && quantifierAtDepth[depth];
+      if (depth > 0) depth--;
+      const next = pattern[i + 1];
+      if (next === "+" || next === "*" || next === "{") {
+        if (hadQ) return false;
+        if (depth >= 0 && depth < quantifierAtDepth.length) quantifierAtDepth[depth] = true;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "+" || ch === "*") {
+      if (depth > 0) quantifierAtDepth[depth] = true;
+      i++;
+      continue;
+    }
+    if (ch === "?") {
+      const prev = i > 0 ? pattern[i - 1] : "";
+      if (prev !== "+" && prev !== "*" && prev !== "?" && prev !== "}") {
+        if (depth > 0) quantifierAtDepth[depth] = true;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "{") {
+      let j = i + 1;
+      while (j < pattern.length && /[\\d,]/.test(pattern[j])) j++;
+      if (j < pattern.length && pattern[j] === "}" && j > i + 1) {
+        if (depth > 0) quantifierAtDepth[depth] = true;
+        i = j + 1;
+        continue;
+      }
+    }
+    i++;
+  }
+  return true;
+}
+function __safeRegExp(pattern, flags) {
+  if (!__isSafeRegex(pattern)) {
+    console.warn("[vinext] Ignoring potentially unsafe regex pattern (ReDoS risk): " + pattern);
+    return null;
+  }
+  try { return new RegExp(pattern, flags); } catch { return null; }
+}
+
+// ── Path normalization ──────────────────────────────────────────────────
+
+function __normalizePath(pathname) {
+  if (
+    pathname === "/" ||
+    (pathname.length > 1 &&
+      pathname[0] === "/" &&
+      !pathname.includes("//") &&
+      !pathname.includes("/./") &&
+      !pathname.includes("/../") &&
+      !pathname.endsWith("/.") &&
+      !pathname.endsWith("/.."))
+  ) {
+    return pathname;
+  }
+  const segments = pathname.split("/");
+  const resolved = [];
+  for (let i = 0; i < segments.length; i++) {
+    const seg = segments[i];
+    if (seg === "" || seg === ".") continue;
+    if (seg === "..") { resolved.pop(); }
+    else { resolved.push(seg); }
+  }
+  return "/" + resolved.join("/");
+}
+
+// ── Config pattern matching (redirects, rewrites, headers) ──────────────
+function __matchConfigPattern(pathname, pattern) {
+  if (pattern.includes("(") || pattern.includes("\\\\") || /:[\\w-]+[*+][^/]/.test(pattern) || /:[\\w-]+\\./.test(pattern)) {
+    try {
+      const paramNames = [];
+      const regexStr = pattern
+        .replace(/\\./g, "\\\\.")
+        .replace(/:([\\w-]+)\\*(?:\\(([^)]+)\\))?/g, (_, name, c) => { paramNames.push(name); return c ? "(" + c + ")" : "(.*)"; })
+        .replace(/:([\\w-]+)\\+(?:\\(([^)]+)\\))?/g, (_, name, c) => { paramNames.push(name); return c ? "(" + c + ")" : "(.+)"; })
+        .replace(/:([\\w-]+)\\(([^)]+)\\)/g, (_, name, c) => { paramNames.push(name); return "(" + c + ")"; })
+        .replace(/:([\\w-]+)/g, (_, name) => { paramNames.push(name); return "([^/]+)"; });
+      const re = __safeRegExp("^" + regexStr + "$");
+      if (!re) return null;
+      const match = re.exec(pathname);
+      if (!match) return null;
+      const params = Object.create(null);
+      for (let i = 0; i < paramNames.length; i++) params[paramNames[i]] = match[i + 1] || "";
+      return params;
+    } catch { /* fall through */ }
+  }
+  const catchAllMatch = pattern.match(/:([\\w-]+)(\\*|\\+)$/);
+  if (catchAllMatch) {
+    const prefix = pattern.slice(0, pattern.lastIndexOf(":"));
+    const paramName = catchAllMatch[1];
+    const isPlus = catchAllMatch[2] === "+";
+    if (!pathname.startsWith(prefix.replace(/\\/$/, ""))) return null;
+    const rest = pathname.slice(prefix.replace(/\\/$/, "").length);
+    if (isPlus && (!rest || rest === "/")) return null;
+    let restValue = rest.startsWith("/") ? rest.slice(1) : rest;
+     // NOTE: Do NOT decodeURIComponent here. The pathname is already decoded at
+     // the request entry point. Decoding again would produce incorrect param values.
+    return { [paramName]: restValue };
+  }
+  const parts = pattern.split("/");
+  const pathParts = pathname.split("/");
+  if (parts.length !== pathParts.length) return null;
+  const params = Object.create(null);
+  for (let i = 0; i < parts.length; i++) {
+    if (parts[i].startsWith(":")) params[parts[i].slice(1)] = pathParts[i];
+    else if (parts[i] !== pathParts[i]) return null;
+  }
+  return params;
+}
+
+function __parseCookies(cookieHeader) {
+  if (!cookieHeader) return {};
+  const cookies = {};
+  for (const part of cookieHeader.split(";")) {
+    const eq = part.indexOf("=");
+    if (eq === -1) continue;
+    const key = part.slice(0, eq).trim();
+    const value = part.slice(eq + 1).trim();
+    if (key) cookies[key] = value;
+  }
+  return cookies;
+}
+
+function __checkSingleCondition(condition, ctx) {
+  switch (condition.type) {
+    case "header": {
+      const v = ctx.headers.get(condition.key);
+      if (v === null) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "cookie": {
+      const v = ctx.cookies[condition.key];
+      if (v === undefined) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "query": {
+      const v = ctx.query.get(condition.key);
+      if (v === null) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "host": {
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(ctx.host) : ctx.host === condition.value; }
+      return ctx.host === condition.key;
+    }
+    default: return false;
+  }
+}
+
+function __checkHasConditions(has, missing, ctx) {
+  if (has) { for (const c of has) { if (!__checkSingleCondition(c, ctx)) return false; } }
+  if (missing) { for (const c of missing) { if (__checkSingleCondition(c, ctx)) return false; } }
+  return true;
+}
+
+function __buildRequestContext(request) {
+  const url = new URL(request.url);
+  return {
+    headers: request.headers,
+    cookies: __parseCookies(request.headers.get("cookie")),
+    query: url.searchParams,
+    host: request.headers.get("host") || url.host,
+  };
+}
+
+/**
+ * Build a request context from the live ALS HeadersContext, which reflects
+ * any x-middleware-request-* header mutations applied by middleware.
+ * Used for afterFiles and fallback rewrite has/missing evaluation — these
+ * run after middleware in the App Router execution order.
+ */
+function __buildPostMwRequestContext(request) {
+  const url = new URL(request.url);
+  const ctx = getHeadersContext();
+  if (!ctx) return __buildRequestContext(request);
+  // ctx.cookies is a Map<string, string> (HeadersContext), but RequestContext
+  // requires a plain Record<string, string> for has/missing cookie evaluation
+  // (config-matchers.ts uses obj[key] not Map.get()). Convert here.
+  const cookiesRecord = Object.fromEntries(ctx.cookies);
+  return {
+    headers: ctx.headers,
+    cookies: cookiesRecord,
+    query: url.searchParams,
+    host: ctx.headers.get("host") || url.host,
+  };
+}
+
+function __sanitizeDestination(dest) {
+  if (dest.startsWith("http://") || dest.startsWith("https://")) return dest;
+  dest = dest.replace(/^[\\\\/]+/, "/");
+  return dest;
+}
+
+function __applyConfigRedirects(pathname, ctx) {
+  for (const rule of __configRedirects) {
+    const params = __matchConfigPattern(pathname, rule.source);
+    if (params) {
+      if (ctx && (rule.has || rule.missing)) { if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue; }
+      let dest = rule.destination;
+      for (const [key, value] of Object.entries(params)) { dest = dest.replace(":" + key + "*", value); dest = dest.replace(":" + key + "+", value); dest = dest.replace(":" + key, value); }
+      dest = __sanitizeDestination(dest);
+      return { destination: dest, permanent: rule.permanent };
+    }
+  }
+  return null;
+}
+
+function __applyConfigRewrites(pathname, rules, ctx) {
+  for (const rule of rules) {
+    const params = __matchConfigPattern(pathname, rule.source);
+    if (params) {
+      if (ctx && (rule.has || rule.missing)) { if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue; }
+      let dest = rule.destination;
+      for (const [key, value] of Object.entries(params)) { dest = dest.replace(":" + key + "*", value); dest = dest.replace(":" + key + "+", value); dest = dest.replace(":" + key, value); }
+      dest = __sanitizeDestination(dest);
+      return dest;
+    }
+  }
+  return null;
+}
+
+function __isExternalUrl(url) {
+  return /^[a-z][a-z0-9+.-]*:/i.test(url) || url.startsWith("//");
+}
+
+/**
+ * Maximum server-action request body size (1 MB).
+ * Matches the Next.js default for serverActions.bodySizeLimit.
+ * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/serverActions#bodysizelimit
+ * Prevents unbounded request body buffering.
+ */
+var __MAX_ACTION_BODY_SIZE = 1 * 1024 * 1024;
+
+/**
+ * Read a request body as text with a size limit.
+ * Enforces the limit on the actual byte stream to prevent bypasses
+ * via chunked transfer-encoding where Content-Length is absent or spoofed.
+ */
+async function __readBodyWithLimit(request, maxBytes) {
+  if (!request.body) return "";
+  var reader = request.body.getReader();
+  var decoder = new TextDecoder();
+  var chunks = [];
+  var totalSize = 0;
+  for (;;) {
+    var result = await reader.read();
+    if (result.done) break;
+    totalSize += result.value.byteLength;
+    if (totalSize > maxBytes) {
+      reader.cancel();
+      throw new Error("Request body too large");
+    }
+    chunks.push(decoder.decode(result.value, { stream: true }));
+  }
+  chunks.push(decoder.decode());
+  return chunks.join("");
+}
+
+/**
+ * Read a request body as FormData with a size limit.
+ * Consumes the body stream with a byte counter and then parses the
+ * collected bytes as multipart form data via the Response constructor.
+ */
+async function __readFormDataWithLimit(request, maxBytes) {
+  if (!request.body) return new FormData();
+  var reader = request.body.getReader();
+  var chunks = [];
+  var totalSize = 0;
+  for (;;) {
+    var result = await reader.read();
+    if (result.done) break;
+    totalSize += result.value.byteLength;
+    if (totalSize > maxBytes) {
+      reader.cancel();
+      throw new Error("Request body too large");
+    }
+    chunks.push(result.value);
+  }
+  // Reconstruct a Response with the original Content-Type so that
+  // the FormData parser can handle multipart boundaries correctly.
+  var combined = new Uint8Array(totalSize);
+  var offset = 0;
+  for (var chunk of chunks) {
+    combined.set(chunk, offset);
+    offset += chunk.byteLength;
+  }
+  var contentType = request.headers.get("content-type") || "";
+  return new Response(combined, { headers: { "Content-Type": contentType } }).formData();
+}
+
+const __hopByHopHeaders = new Set(["connection","keep-alive","proxy-authenticate","proxy-authorization","te","trailers","transfer-encoding","upgrade"]);
+
+async function __proxyExternalRequest(request, externalUrl) {
+  const originalUrl = new URL(request.url);
+  const targetUrl = new URL(externalUrl);
+  for (const [key, value] of originalUrl.searchParams) {
+    if (!targetUrl.searchParams.has(key)) targetUrl.searchParams.set(key, value);
+  }
+  const headers = new Headers(request.headers);
+  headers.set("host", targetUrl.host);
+  headers.delete("connection");
+  for (const key of [...headers.keys()]) {
+    if (key.startsWith("x-middleware-")) headers.delete(key);
+  }
+  const method = request.method;
+  const hasBody = method !== "GET" && method !== "HEAD";
+  const init = { method, headers, redirect: "manual", signal: AbortSignal.timeout(30000) };
+  if (hasBody && request.body) { init.body = request.body; init.duplex = "half"; }
+  let upstream;
+  try { upstream = await fetch(targetUrl.href, init); }
+  catch (e) {
+    if (e && e.name === "TimeoutError") return new Response("Gateway Timeout", { status: 504 });
+    console.error("[vinext] External rewrite proxy error:", e); return new Response("Bad Gateway", { status: 502 });
+  }
+  const respHeaders = new Headers();
+  // Node.js fetch() auto-decompresses response bodies, while Workers fetch()
+  // preserves wire encoding. Only strip encoding/length on Node.js to avoid
+  // double-decompression errors without breaking Workers parity.
+  const __isNodeRuntime = typeof process !== "undefined" && !!(process.versions && process.versions.node);
+  upstream.headers.forEach(function(value, key) {
+    var lower = key.toLowerCase();
+    if (__hopByHopHeaders.has(lower)) return;
+    if (__isNodeRuntime && (lower === "content-encoding" || lower === "content-length")) return;
+    respHeaders.append(key, value);
+  });
+  return new Response(upstream.body, { status: upstream.status, statusText: upstream.statusText, headers: respHeaders });
+}
+
+function __applyConfigHeaders(pathname, ctx) {
+  const result = [];
+  for (const rule of __configHeaders) {
+    const groups = [];
+    const withPlaceholders = rule.source.replace(/\\(([^)]+)\\)/g, (_, inner) => {
+      groups.push(inner);
+      return "___GROUP_" + (groups.length - 1) + "___";
+    });
+    const escaped = withPlaceholders
+      .replace(/\\./g, "\\\\.")
+      .replace(/\\+/g, "\\\\+")
+      .replace(/\\?/g, "\\\\?")
+      .replace(/\\*/g, ".*")
+      .replace(/:[\\w-]+/g, "[^/]+")
+      .replace(/___GROUP_(\\d+)___/g, (_, idx) => "(" + groups[Number(idx)] + ")");
+    const sourceRegex = __safeRegExp("^" + escaped + "$");
+    if (sourceRegex && sourceRegex.test(pathname)) {
+      if (ctx && (rule.has || rule.missing)) {
+        if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue;
+      }
+      result.push(...rule.headers);
+    }
+  }
+  return result;
+}
+
+export default async function handler(request) {
+  // Wrap the entire request in nested AsyncLocalStorage.run() scopes to ensure
+  // per-request isolation for all state modules. Each runWith*() creates an
+  // ALS scope that propagates through all async continuations (including RSC
+  // streaming), preventing state leakage between concurrent requests on
+  // Cloudflare Workers and other concurrent runtimes.
+  const headersCtx = headersContextFromRequest(request);
+  return runWithHeadersContext(headersCtx, () =>
+    _runWithNavigationContext(() =>
+      _runWithCacheState(() =>
+        _runWithPrivateCache(() =>
+          runWithFetchCache(async () => {
+            const __reqCtx = __buildRequestContext(request);
+            // Per-request container for middleware state. Passed into
+            // _handleRequest which fills in .headers and .status;
+            // avoids module-level variables that race on Workers.
+            const _mwCtx = { headers: null, status: null };
+            const response = await _handleRequest(request, __reqCtx, _mwCtx);
+            // Apply custom headers from next.config.js to non-redirect responses.
+            // Skip redirects (3xx) because Response.redirect() creates immutable headers,
+            // and Next.js doesn't apply custom headers to redirects anyway.
+            if (response && response.headers && !(response.status >= 300 && response.status < 400)) {
+              if (__configHeaders.length) {
+                const url = new URL(request.url);
+                let pathname;
+                try { pathname = __normalizePath(decodeURIComponent(url.pathname)); } catch { pathname = url.pathname; }
+                
+                const extraHeaders = __applyConfigHeaders(pathname, __reqCtx);
+                for (const h of extraHeaders) {
+                  // Use append() for headers where multiple values must coexist
+                  // (Vary, Set-Cookie). Using set() on these would destroy
+                  // existing values like "Vary: RSC, Accept" which are critical
+                  // for correct CDN caching behavior.
+                  const lk = h.key.toLowerCase();
+                  if (lk === "vary" || lk === "set-cookie") {
+                    response.headers.append(h.key, h.value);
+                  } else if (!response.headers.has(lk)) {
+                    // Middleware headers take precedence: skip config keys already
+                    // set by middleware so middleware headers always win.
+                    response.headers.set(h.key, h.value);
+                  }
+                }
+              }
+            }
+            return response;
+          })
+        )
+      )
+    )
+  );
+}
+
+async function _handleRequest(request, __reqCtx, _mwCtx) {
+  const __reqStart = process.env.NODE_ENV !== "production" ? performance.now() : 0;
+  let __compileEnd;
+  let __renderEnd;
+  // __reqStart is included in the timing header so the Node logging middleware
+  // can compute true compile time as: handlerStart - middlewareStart.
+  // Format: "handlerStart,compileMs,renderMs" - all as integers (ms). Dev-only.
+  const url = new URL(request.url);
+
+  // ── Cross-origin request protection ─────────────────────────────────
+  // Block requests from non-localhost origins to prevent data exfiltration.
+  const __originBlock = __validateDevRequestOrigin(request);
+  if (__originBlock) return __originBlock;
+
+  // Guard against protocol-relative URL open redirects.
+  // Paths like //example.com/ would be redirected to //example.com by the
+  // trailing-slash normalizer, which browsers interpret as http://example.com.
+  // Backslashes are equivalent to forward slashes in the URL spec
+  // (e.g. /\\evil.com is treated as //evil.com by browsers and the URL constructor).
+  // Next.js returns 404 for these paths. Check the RAW pathname before
+  // normalization so the guard fires before normalizePath collapses //.
+  if (url.pathname.replaceAll("\\\\", "/").startsWith("//")) {
+    return new Response("404 Not Found", { status: 404 });
+  }
+
+  // Decode percent-encoding and normalize pathname to canonical form.
+  // decodeURIComponent prevents /%61dmin from bypassing /admin matchers.
+  // __normalizePath collapses //foo///bar → /foo/bar, resolves . and .. segments.
+  let decodedUrlPathname;
+  try { decodedUrlPathname = decodeURIComponent(url.pathname); } catch (e) {
+    return new Response("Bad Request", { status: 400 });
+  }
+  let pathname = __normalizePath(decodedUrlPathname);
+
+  
+
+  // Trailing slash normalization (redirect to canonical form)
+  if (pathname !== "/" && !pathname.startsWith("/api")) {
+    const hasTrailing = pathname.endsWith("/");
+    if (__trailingSlash && !hasTrailing && !pathname.endsWith(".rsc")) {
+      return Response.redirect(new URL(__basePath + pathname + "/" + url.search, request.url), 308);
+    } else if (!__trailingSlash && hasTrailing) {
+      return Response.redirect(new URL(__basePath + pathname.replace(/\\/+$/, "") + url.search, request.url), 308);
+    }
+  }
+
+  // ── Apply redirects from next.config.js ───────────────────────────────
+  if (__configRedirects.length) {
+    // Strip .rsc suffix before matching redirect rules - RSC (client-side nav) requests
+    // arrive as /some/path.rsc but redirect patterns are defined without it (e.g.
+    // /some/path). Without this, soft-nav fetches bypass all config redirects.
+    const __redirPathname = pathname.endsWith(".rsc") ? pathname.slice(0, -4) : pathname;
+    const __redir = __applyConfigRedirects(__redirPathname, __reqCtx);
+    if (__redir) {
+      const __redirDest = __sanitizeDestination(
+        __basePath && !__redir.destination.startsWith(__basePath)
+          ? __basePath + __redir.destination
+          : __redir.destination
+      );
+      return new Response(null, {
+        status: __redir.permanent ? 308 : 307,
+        headers: { Location: __redirDest },
+      });
+    }
+  }
+
+  const isRscRequest = pathname.endsWith(".rsc") || request.headers.get("accept")?.includes("text/x-component");
+  let cleanPathname = pathname.replace(/\\.rsc$/, "");
+
+  // Middleware response headers and custom rewrite status are stored in
+  // _mwCtx (per-request container) so handler() can merge them into
+  // every response path without module-level state that races on Workers.
+
+  
+
+  // Build post-middleware request context for afterFiles/fallback rewrites.
+  // These run after middleware in the App Router execution order and should
+  // evaluate has/missing conditions against middleware-modified headers.
+  // When no middleware is present, this falls back to __buildRequestContext.
+  const __postMwReqCtx = __buildPostMwRequestContext(request);
+
+  // ── Apply beforeFiles rewrites from next.config.js ────────────────────
+  // In App Router execution order, beforeFiles runs after middleware so that
+  // has/missing conditions can evaluate against middleware-modified headers.
+  if (__configRewrites.beforeFiles && __configRewrites.beforeFiles.length) {
+    const __rewritten = __applyConfigRewrites(cleanPathname, __configRewrites.beforeFiles, __postMwReqCtx);
+    if (__rewritten) {
+      if (__isExternalUrl(__rewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __rewritten);
+      }
+      cleanPathname = __rewritten;
+    }
+  }
+
+  // ── Image optimization passthrough (dev mode — no transformation) ───────
+  if (cleanPathname === "/_vinext/image") {
+    const __rawImgUrl = url.searchParams.get("url");
+    // Normalize backslashes: browsers and the URL constructor treat
+    // /\\evil.com as protocol-relative (//evil.com), bypassing the // check.
+    const __imgUrl = __rawImgUrl?.replaceAll("\\\\", "/") ?? null;
+    // Allowlist: must start with "/" but not "//" — blocks absolute URLs,
+    // protocol-relative, backslash variants, and exotic schemes.
+    if (!__imgUrl || !__imgUrl.startsWith("/") || __imgUrl.startsWith("//")) {
+      return new Response(!__rawImgUrl ? "Missing url parameter" : "Only relative URLs allowed", { status: 400 });
+    }
+    // Validate the constructed URL's origin hasn't changed (defense in depth).
+    const __resolvedImg = new URL(__imgUrl, request.url);
+    if (__resolvedImg.origin !== url.origin) {
+      return new Response("Only relative URLs allowed", { status: 400 });
+    }
+    // In dev, redirect to the original asset URL so Vite's static serving handles it.
+    return Response.redirect(__resolvedImg.href, 302);
+  }
+
+  // Handle metadata routes (sitemap.xml, robots.txt, manifest.webmanifest, etc.)
+  for (const metaRoute of metadataRoutes) {
+    if (cleanPathname === metaRoute.servedUrl) {
+      if (metaRoute.isDynamic) {
+        // Dynamic metadata route — call the default export and serialize
+        const metaFn = metaRoute.module.default;
+        if (typeof metaFn === "function") {
+          const result = await metaFn();
+          let body;
+          // If it's already a Response (e.g., ImageResponse), return directly
+          if (result instanceof Response) return result;
+          // Serialize based on type
+          if (metaRoute.type === "sitemap") body = sitemapToXml(result);
+          else if (metaRoute.type === "robots") body = robotsToText(result);
+          else if (metaRoute.type === "manifest") body = manifestToJson(result);
+          else body = JSON.stringify(result);
+          return new Response(body, {
+            headers: { "Content-Type": metaRoute.contentType },
+          });
+        }
+      } else {
+        // Static metadata file — decode from embedded base64 data
+        try {
+          const binary = atob(metaRoute.fileDataBase64);
+          const bytes = new Uint8Array(binary.length);
+          for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+          return new Response(bytes, {
+            headers: {
+              "Content-Type": metaRoute.contentType,
+              "Cache-Control": "public, max-age=0, must-revalidate",
+            },
+          });
+        } catch {
+          return new Response("Not Found", { status: 404 });
+        }
+      }
+    }
+  }
+
+  // Set navigation context for Server Components.
+  // Note: Headers context is already set by runWithHeadersContext in the handler wrapper.
+  setNavigationContext({
+    pathname: cleanPathname,
+    searchParams: url.searchParams,
+    params: {},
+  });
+
+  // Handle server action POST requests
+  const actionId = request.headers.get("x-rsc-action");
+  if (request.method === "POST" && actionId) {
+    // ── CSRF protection ─────────────────────────────────────────────────
+    // Verify that the Origin header matches the Host header to prevent
+    // cross-site request forgery, matching Next.js server action behavior.
+    const csrfResponse = __validateCsrfOrigin(request);
+    if (csrfResponse) return csrfResponse;
+
+    // ── Body size limit ─────────────────────────────────────────────────
+    // Reject payloads larger than the configured limit.
+    // Check Content-Length as a fast path, then enforce on the actual
+    // stream to prevent bypasses via chunked transfer-encoding.
+    const contentLength = parseInt(request.headers.get("content-length") || "0", 10);
+    if (contentLength > __MAX_ACTION_BODY_SIZE) {
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response("Payload Too Large", { status: 413 });
+    }
+
+    try {
+      const contentType = request.headers.get("content-type") || "";
+      let body;
+      try {
+        body = contentType.startsWith("multipart/form-data")
+          ? await __readFormDataWithLimit(request, __MAX_ACTION_BODY_SIZE)
+          : await __readBodyWithLimit(request, __MAX_ACTION_BODY_SIZE);
+      } catch (sizeErr) {
+        if (sizeErr && sizeErr.message === "Request body too large") {
+          setHeadersContext(null);
+          setNavigationContext(null);
+          return new Response("Payload Too Large", { status: 413 });
+        }
+        throw sizeErr;
+      }
+      const temporaryReferences = createTemporaryReferenceSet();
+      const args = await decodeReply(body, { temporaryReferences });
+      const action = await loadServerAction(actionId);
+      let returnValue;
+      let actionRedirect = null;
+      try {
+        const data = await action.apply(null, args);
+        returnValue = { ok: true, data };
+      } catch (e) {
+        // Detect redirect() / permanentRedirect() called inside the action.
+        // These throw errors with digest "NEXT_REDIRECT;replace;url[;status]".
+        // The URL is encodeURIComponent-encoded to prevent semicolons in the URL
+        // from corrupting the delimiter-based digest format.
+        if (e && typeof e === "object" && "digest" in e) {
+          const digest = String(e.digest);
+          if (digest.startsWith("NEXT_REDIRECT;")) {
+            const parts = digest.split(";");
+            actionRedirect = {
+              url: decodeURIComponent(parts[2]),
+              type: parts[1] || "replace",       // "push" or "replace"
+              status: parts[3] ? parseInt(parts[3], 10) : 307,
+            };
+            returnValue = { ok: true, data: undefined };
+          } else if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+            // notFound() / forbidden() / unauthorized() in action — package as error
+            returnValue = { ok: false, data: e };
+          } else {
+            // Non-navigation digest error — sanitize in production to avoid
+            // leaking internal details (connection strings, paths, etc.)
+            console.error("[vinext] Server action error:", e);
+            returnValue = { ok: false, data: __sanitizeErrorForClient(e) };
+          }
+        } else {
+          // Unhandled error — sanitize in production to avoid leaking
+          // internal details (database errors, file paths, stack traces, etc.)
+          console.error("[vinext] Server action error:", e);
+          returnValue = { ok: false, data: __sanitizeErrorForClient(e) };
+        }
+      }
+
+      // If the action called redirect(), signal the client to navigate.
+      // We can't use a real HTTP redirect (the fetch would follow it automatically
+      // and receive a page HTML instead of RSC stream). Instead, we return a 200
+      // with x-action-redirect header that the client entry detects and handles.
+      if (actionRedirect) {
+        const actionPendingCookies = getAndClearPendingCookies();
+        const actionDraftCookie = getDraftModeCookieHeader();
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const redirectHeaders = new Headers({
+          "Content-Type": "text/x-component; charset=utf-8",
+          "Vary": "RSC, Accept",
+          "x-action-redirect": actionRedirect.url,
+          "x-action-redirect-type": actionRedirect.type,
+          "x-action-redirect-status": String(actionRedirect.status),
+        });
+        for (const cookie of actionPendingCookies) {
+          redirectHeaders.append("Set-Cookie", cookie);
+        }
+        if (actionDraftCookie) redirectHeaders.append("Set-Cookie", actionDraftCookie);
+        // Send an empty RSC-like body (client will navigate instead of parsing)
+        return new Response("", { status: 200, headers: redirectHeaders });
+      }
+
+      // After the action, re-render the current page so the client
+      // gets an updated React tree reflecting any mutations.
+      const match = matchRoute(cleanPathname, routes);
+      let element;
+      if (match) {
+        const { route: actionRoute, params: actionParams } = match;
+        setNavigationContext({
+          pathname: cleanPathname,
+          searchParams: url.searchParams,
+          params: actionParams,
+        });
+        element = buildPageElement(actionRoute, actionParams, undefined, url.searchParams);
+      } else {
+        element = createElement("div", null, "Page not found");
+      }
+
+      const rscStream = renderToReadableStream(
+        { root: element, returnValue },
+        { temporaryReferences, onError: rscOnError },
+      );
+
+      // Collect cookies set during the action
+      const actionPendingCookies = getAndClearPendingCookies();
+      const actionDraftCookie = getDraftModeCookieHeader();
+      setHeadersContext(null);
+      setNavigationContext(null);
+
+      const actionHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
+      const actionResponse = new Response(rscStream, { headers: actionHeaders });
+      if (actionPendingCookies.length > 0 || actionDraftCookie) {
+        for (const cookie of actionPendingCookies) {
+          actionResponse.headers.append("Set-Cookie", cookie);
+        }
+        if (actionDraftCookie) actionResponse.headers.append("Set-Cookie", actionDraftCookie);
+      }
+      return actionResponse;
+    } catch (err) {
+      getAndClearPendingCookies(); // Clear pending cookies on error
+      console.error("[vinext] Server action error:", err);
+      _reportRequestError(
+        err instanceof Error ? err : new Error(String(err)),
+        { path: cleanPathname, method: request.method, headers: Object.fromEntries(request.headers.entries()) },
+        { routerKind: "App Router", routePath: cleanPathname, routeType: "action" },
+      ).catch((reportErr) => {
+        console.error("[vinext] Failed to report server action error:", reportErr);
+      });
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response(
+        process.env.NODE_ENV === "production"
+          ? "Internal Server Error"
+          : "Server action failed: " + (err && err.message ? err.message : String(err)),
+        { status: 500 },
+      );
+    }
+  }
+
+  // ── Apply afterFiles rewrites from next.config.js ──────────────────────
+  if (__configRewrites.afterFiles && __configRewrites.afterFiles.length) {
+    const __afterRewritten = __applyConfigRewrites(cleanPathname, __configRewrites.afterFiles, __postMwReqCtx);
+    if (__afterRewritten) {
+      if (__isExternalUrl(__afterRewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __afterRewritten);
+      }
+      cleanPathname = __afterRewritten;
+    }
+  }
+
+  let match = matchRoute(cleanPathname, routes);
+
+  // ── Fallback rewrites from next.config.js (if no route matched) ───────
+  if (!match && __configRewrites.fallback && __configRewrites.fallback.length) {
+    const __fallbackRewritten = __applyConfigRewrites(cleanPathname, __configRewrites.fallback, __postMwReqCtx);
+    if (__fallbackRewritten) {
+      if (__isExternalUrl(__fallbackRewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __fallbackRewritten);
+      }
+      cleanPathname = __fallbackRewritten;
+      match = matchRoute(cleanPathname, routes);
+    }
+  }
+
+  if (!match) {
+    // Render custom not-found page if available, otherwise plain 404
+    const notFoundResponse = await renderNotFoundPage(null, isRscRequest, request);
+    if (notFoundResponse) return notFoundResponse;
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response("Not Found", { status: 404 });
+  }
+
+  const { route, params } = match;
+
+  // Update navigation context with matched params
+  setNavigationContext({
+    pathname: cleanPathname,
+    searchParams: url.searchParams,
+    params,
+  });
+
+  // Handle route.ts API handlers
+  if (route.routeHandler) {
+    const handler = route.routeHandler;
+    const method = request.method.toUpperCase();
+    const revalidateSeconds = typeof handler.revalidate === "number" && handler.revalidate > 0 ? handler.revalidate : null;
+
+    // Collect exported HTTP methods for OPTIONS auto-response and Allow header
+    const HTTP_METHODS = ["GET", "HEAD", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"];
+    const exportedMethods = HTTP_METHODS.filter((m) => typeof handler[m] === "function");
+    // If GET is exported, HEAD is implicitly supported
+    if (exportedMethods.includes("GET") && !exportedMethods.includes("HEAD")) {
+      exportedMethods.push("HEAD");
+    }
+    const hasDefault = typeof handler["default"] === "function";
+
+    // OPTIONS auto-implementation: respond with Allow header and 204
+    if (method === "OPTIONS" && typeof handler["OPTIONS"] !== "function") {
+      const allowMethods = hasDefault ? HTTP_METHODS : exportedMethods;
+      if (!allowMethods.includes("OPTIONS")) allowMethods.push("OPTIONS");
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response(null, {
+        status: 204,
+        headers: { "Allow": allowMethods.join(", ") },
+      });
+    }
+
+    // HEAD auto-implementation: run GET handler and strip body
+    let handlerFn = handler[method] || handler["default"];
+    let isAutoHead = false;
+    if (method === "HEAD" && typeof handler["HEAD"] !== "function" && typeof handler["GET"] === "function") {
+      handlerFn = handler["GET"];
+      isAutoHead = true;
+    }
+
+    if (typeof handlerFn === "function") {
+      try {
+        const response = await handlerFn(request, { params });
+
+        // Apply Cache-Control from route segment config (export const revalidate = N).
+        // Next.js sets s-maxage on GET route handlers with a numeric revalidate value.
+        if (revalidateSeconds !== null && (method === "GET" || isAutoHead) && !response.headers.has("cache-control")) {
+          response.headers.set("cache-control", "s-maxage=" + revalidateSeconds + ", stale-while-revalidate");
+        }
+
+        // Collect any Set-Cookie headers from cookies().set()/delete() calls
+        const pendingCookies = getAndClearPendingCookies();
+        const draftCookie = getDraftModeCookieHeader();
+        setHeadersContext(null);
+        setNavigationContext(null);
+
+        // If we have pending cookies, create a new response with them attached
+        if (pendingCookies.length > 0 || draftCookie) {
+          const newHeaders = new Headers(response.headers);
+          for (const cookie of pendingCookies) {
+            newHeaders.append("Set-Cookie", cookie);
+          }
+          if (draftCookie) newHeaders.append("Set-Cookie", draftCookie);
+
+          if (isAutoHead) {
+            return new Response(null, {
+              status: response.status,
+              statusText: response.statusText,
+              headers: newHeaders,
+            });
+          }
+          return new Response(response.body, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: newHeaders,
+          });
+        }
+
+        if (isAutoHead) {
+          // Strip body for auto-HEAD, preserve headers and status
+          return new Response(null, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: response.headers,
+          });
+        }
+        return response;
+      } catch (err) {
+        getAndClearPendingCookies(); // Clear any pending cookies on error
+        // Catch redirect() / notFound() thrown from route handlers
+        if (err && typeof err === "object" && "digest" in err) {
+          const digest = String(err.digest);
+          if (digest.startsWith("NEXT_REDIRECT;")) {
+            const parts = digest.split(";");
+            const redirectUrl = decodeURIComponent(parts[2]);
+            const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+            setHeadersContext(null);
+            setNavigationContext(null);
+            return new Response(null, {
+              status: statusCode,
+              headers: { Location: new URL(redirectUrl, request.url).toString() },
+            });
+          }
+          if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+            const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+            setHeadersContext(null);
+            setNavigationContext(null);
+            return new Response(null, { status: statusCode });
+          }
+        }
+        setHeadersContext(null);
+        setNavigationContext(null);
+        console.error("[vinext] Route handler error:", err);
+        _reportRequestError(
+          err instanceof Error ? err : new Error(String(err)),
+          { path: cleanPathname, method: request.method, headers: Object.fromEntries(request.headers.entries()) },
+          { routerKind: "App Router", routePath: route.pattern, routeType: "route" },
+        ).catch((reportErr) => {
+          console.error("[vinext] Failed to report route handler error:", reportErr);
+        });
+        return new Response(null, { status: 500 });
+      }
+    }
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response(null, {
+      status: 405,
+      headers: { Allow: exportedMethods.join(", ") },
+    });
+  }
+
+  // Build the component tree: layouts wrapping the page
+  const PageComponent = route.page?.default;
+  if (!PageComponent) {
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response("Page has no default export", { status: 500 });
+  }
+
+  // Read route segment config from page module exports
+  let revalidateSeconds = typeof route.page?.revalidate === "number" ? route.page.revalidate : null;
+  const dynamicConfig = route.page?.dynamic; // 'auto' | 'force-dynamic' | 'force-static' | 'error'
+  const dynamicParamsConfig = route.page?.dynamicParams; // true (default) | false
+  const isForceStatic = dynamicConfig === "force-static";
+  const isDynamicError = dynamicConfig === "error";
+
+  // force-static: replace headers/cookies context with empty values and
+  // clear searchParams so dynamic APIs return defaults instead of real data
+  if (isForceStatic) {
+    setHeadersContext({ headers: new Headers(), cookies: new Map() });
+    setNavigationContext({
+      pathname: cleanPathname,
+      searchParams: new URLSearchParams(),
+      params,
+    });
+  }
+
+  // dynamic = 'error': set a trap context that throws when headers/cookies are accessed
+  if (isDynamicError) {
+    const errorMsg = 'Page with \`dynamic = "error"\` used a dynamic API. ' +
+      'This page was expected to be fully static, but headers(), cookies(), ' +
+      'or searchParams was accessed. Remove the dynamic API usage or change ' +
+      'the dynamic config to "auto" or "force-dynamic".';
+    const throwingHeaders = new Proxy(new Headers(), {
+      get(target, prop) {
+        if (typeof prop === "string" && prop !== "then") throw new Error(errorMsg);
+        return Reflect.get(target, prop);
+      },
+    });
+    const throwingCookies = new Proxy(new Map(), {
+      get(target, prop) {
+        if (typeof prop === "string" && prop !== "then") throw new Error(errorMsg);
+        return Reflect.get(target, prop);
+      },
+    });
+    setHeadersContext({ headers: throwingHeaders, cookies: throwingCookies });
+    setNavigationContext({
+      pathname: cleanPathname,
+      searchParams: new URLSearchParams(),
+      params,
+    });
+  }
+
+  // dynamicParams = false: only params from generateStaticParams are allowed
+  if (dynamicParamsConfig === false && route.isDynamic && typeof route.page?.generateStaticParams === "function") {
+    try {
+      // Pass parent params to generateStaticParams (Next.js top-down params passing).
+      // Parent params = all matched params that DON'T belong to the leaf page's own dynamic segments.
+      // We pass the full matched params; the function uses only what it needs.
+      const staticParams = await route.page.generateStaticParams({ params });
+      if (Array.isArray(staticParams)) {
+        const paramKeys = Object.keys(params);
+        const isAllowed = staticParams.some(sp =>
+          paramKeys.every(key => {
+            const val = params[key];
+            const staticVal = sp[key];
+            // Allow parent params to not be in the returned set (they're inherited)
+            if (staticVal === undefined) return true;
+            if (Array.isArray(val)) return JSON.stringify(val) === JSON.stringify(staticVal);
+            return String(val) === String(staticVal);
+          })
+        );
+        if (!isAllowed) {
+          setHeadersContext(null);
+          setNavigationContext(null);
+          return new Response("Not Found", { status: 404 });
+        }
+      }
+    } catch (err) {
+      console.error("[vinext] generateStaticParams error:", err);
+    }
+  }
+
+  // force-dynamic: set no-store Cache-Control
+  const isForceDynamic = dynamicConfig === "force-dynamic";
+
+  // Check for intercepting routes on RSC requests (client-side navigation).
+  // If the target URL matches an intercepting route in a parallel slot,
+  // render the source route with the intercepting page in the slot.
+  let interceptOpts = undefined;
+  if (isRscRequest) {
+    const intercept = findIntercept(cleanPathname);
+    if (intercept) {
+      const sourceRoute = routes[intercept.sourceRouteIndex];
+      if (sourceRoute && sourceRoute !== route) {
+        // Render the source route (e.g. /feed) with the intercepting page in the slot
+        const sourceMatch = matchRoute(sourceRoute.pattern, routes);
+        const sourceParams = sourceMatch ? sourceMatch.params : {};
+        setNavigationContext({
+          pathname: cleanPathname,
+          searchParams: url.searchParams,
+          params: intercept.matchedParams,
+        });
+        const interceptElement = await buildPageElement(sourceRoute, sourceParams, {
+          interceptSlot: intercept.slotName,
+          interceptPage: intercept.page,
+          interceptParams: intercept.matchedParams,
+        }, url.searchParams);
+        const interceptStream = renderToReadableStream(interceptElement, { onError: rscOnError });
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return new Response(interceptStream, {
+          headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+        });
+      }
+      // If sourceRoute === route, apply intercept opts to the normal render
+      interceptOpts = {
+        interceptSlot: intercept.slotName,
+        interceptPage: intercept.page,
+        interceptParams: intercept.matchedParams,
+      };
+    }
+  }
+
+  let element;
+  try {
+    element = await buildPageElement(route, params, interceptOpts, url.searchParams);
+  } catch (buildErr) {
+    // Check for redirect/notFound/forbidden/unauthorized thrown during metadata resolution or async components
+    if (buildErr && typeof buildErr === "object" && "digest" in buildErr) {
+      const digest = String(buildErr.digest);
+      if (digest.startsWith("NEXT_REDIRECT;")) {
+        const parts = digest.split(";");
+        const redirectUrl = decodeURIComponent(parts[2]);
+        const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+      }
+      if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+        const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { params });
+        if (fallbackResp) return fallbackResp;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+        return new Response(statusText, { status: statusCode });
+      }
+    }
+    // Non-special error (e.g. generateMetadata() threw) — render error.tsx if available
+    const errorBoundaryResp = await renderErrorBoundaryPage(route, buildErr, isRscRequest, request, params);
+    if (errorBoundaryResp) return errorBoundaryResp;
+    throw buildErr;
+  }
+
+  // Note: CSS is automatically injected by @vitejs/plugin-rsc's
+  // rscCssTransform — no manual loadCss() call needed.
+
+  // Helper: check if an error is a redirect/notFound/forbidden/unauthorized thrown by the navigation shim
+  async function handleRenderError(err) {
+    if (err && typeof err === "object" && "digest" in err) {
+      const digest = String(err.digest);
+      if (digest.startsWith("NEXT_REDIRECT;")) {
+        const parts = digest.split(";");
+        const redirectUrl = decodeURIComponent(parts[2]);
+        const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+      }
+      if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+        const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { params });
+        if (fallbackResp) return fallbackResp;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+        return new Response(statusText, { status: statusCode });
+      }
+    }
+    return null;
+  }
+
+  // Pre-render layout components to catch notFound()/redirect() thrown from layouts.
+  // In Next.js, each layout level has its own NotFoundBoundary. When a layout throws
+  // notFound(), the parent layout's boundary catches it and renders the parent's
+  // not-found.tsx. Since React Flight doesn't activate client error boundaries during
+  // RSC rendering, we catch layout-level throws here and render the appropriate
+  // fallback page with only the layouts above the throwing one.
+  //
+  // IMPORTANT: Layout pre-render runs BEFORE page pre-render. In Next.js, layouts
+  // render before their children — if a layout throws notFound(), the page never
+  // executes. By checking layouts first, we avoid a bug where the page's notFound()
+  // triggers renderHTTPAccessFallbackPage with ALL route layouts, but one of those
+  // layouts itself throws notFound() during the fallback rendering (causing a 500).
+  if (route.layouts && route.layouts.length > 0) {
+    const asyncParams = makeThenableParams(params);
+    // Run inside ALS context so the module-level console.error patch suppresses
+    // "Invalid hook call" only for this request's probe — concurrent requests
+    // each have their own ALS store and are unaffected.
+    const _layoutProbeResult = await _suppressHookWarningAls.run(true, async () => {
+      for (let li = route.layouts.length - 1; li >= 0; li--) {
+        const LayoutComp = route.layouts[li]?.default;
+        if (!LayoutComp) continue;
+        try {
+          const lr = LayoutComp({ params: asyncParams, children: null });
+          if (lr && typeof lr === "object" && typeof lr.then === "function") await lr;
+        } catch (layoutErr) {
+          if (layoutErr && typeof layoutErr === "object" && "digest" in layoutErr) {
+            const digest = String(layoutErr.digest);
+             if (digest.startsWith("NEXT_REDIRECT;")) {
+               const parts = digest.split(";");
+               const redirectUrl = decodeURIComponent(parts[2]);
+               const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+               setHeadersContext(null);
+               setNavigationContext(null);
+               return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+            }
+            if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+              const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+              // Find the not-found component from the parent level (the boundary that
+              // would catch this in Next.js). Walk up from the throwing layout to find
+              // the nearest not-found at a parent layout's directory.
+              let parentNotFound = null;
+              if (route.notFounds) {
+                for (let pi = li - 1; pi >= 0; pi--) {
+                  if (route.notFounds[pi]?.default) {
+                    parentNotFound = route.notFounds[pi].default;
+                    break;
+                  }
+                }
+              }
+              if (!parentNotFound) parentNotFound = null;
+              // Wrap in only the layouts above the throwing one
+              const parentLayouts = route.layouts.slice(0, li);
+              const fallbackResp = await renderHTTPAccessFallbackPage(
+                route, statusCode, isRscRequest, request,
+                { boundaryComponent: parentNotFound, layouts: parentLayouts, params }
+              );
+              if (fallbackResp) return fallbackResp;
+              setHeadersContext(null);
+              setNavigationContext(null);
+              const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+              return new Response(statusText, { status: statusCode });
+            }
+          }
+          // Not a special error — let it propagate through normal RSC rendering
+        }
+      }
+      return null;
+    });
+    if (_layoutProbeResult instanceof Response) return _layoutProbeResult;
+  }
+
+  // Pre-render the page component to catch redirect()/notFound() thrown synchronously.
+  // Server Components are just functions — we can call PageComponent directly to detect
+  // these special throws before starting the RSC stream.
+  //
+  // For routes with a loading.tsx Suspense boundary, we skip awaiting async components.
+  // The Suspense boundary + rscOnError will handle redirect/notFound thrown during
+  // streaming, and blocking here would defeat streaming (the slow component's delay
+  // would be hit before the RSC stream even starts).
+  //
+  // Because this calls the component outside React's render cycle, hooks like use()
+  // trigger "Invalid hook call" console.error in dev. The module-level ALS patch
+  // suppresses the warning only within this request's execution context.
+  const _hasLoadingBoundary = !!(route.loading && route.loading.default);
+  const _pageProbeResult = await _suppressHookWarningAls.run(true, async () => {
+    try {
+      const testResult = PageComponent({ params });
+      // If it's a promise (async component), only await if there's no loading boundary.
+      // With a loading boundary, the Suspense streaming pipeline handles async resolution
+      // and any redirect/notFound errors via rscOnError.
+      if (testResult && typeof testResult === "object" && typeof testResult.then === "function") {
+        if (!_hasLoadingBoundary) {
+          await testResult;
+        } else {
+          // Suppress unhandled promise rejection — with a loading boundary,
+          // redirect/notFound errors are handled by rscOnError during streaming.
+          testResult.catch(() => {});
+        }
+      }
+    } catch (preRenderErr) {
+      const specialResponse = await handleRenderError(preRenderErr);
+      if (specialResponse) return specialResponse;
+      // Non-special errors from the pre-render test are expected (e.g. use() hook
+      // fails outside React's render cycle, client references can't execute on server).
+      // Only redirect/notFound/forbidden/unauthorized are actionable here — other
+      // errors will be properly caught during actual RSC/SSR rendering below.
+    }
+    return null;
+  });
+  if (_pageProbeResult instanceof Response) return _pageProbeResult;
+
+  // Mark end of compile phase: route matching, middleware, tree building are done.
+  if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
+
+  // Render to RSC stream
+  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+
+  if (isRscRequest) {
+    // Direct RSC stream response (for client-side navigation)
+    // NOTE: Do NOT clear headers/navigation context here!
+    // The RSC stream is consumed lazily - components render when chunks are read.
+    // If we clear context now, headers()/cookies() will fail during rendering.
+    // Context will be cleared when the next request starts (via runWithHeadersContext).
+    const responseHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
+    // Include matched route params so the client can hydrate useParams()
+    if (params && Object.keys(params).length > 0) {
+      responseHeaders["X-Vinext-Params"] = JSON.stringify(params);
+    }
+    if (isForceDynamic) {
+      responseHeaders["Cache-Control"] = "no-store, must-revalidate";
+    } else if ((isForceStatic || isDynamicError) && !revalidateSeconds) {
+      responseHeaders["Cache-Control"] = "s-maxage=31536000, stale-while-revalidate";
+      responseHeaders["X-Vinext-Cache"] = "STATIC";
+    } else if (revalidateSeconds) {
+      responseHeaders["Cache-Control"] = "s-maxage=" + revalidateSeconds + ", stale-while-revalidate";
+    }
+    // Merge middleware response headers into the RSC response.
+    // set-cookie and vary are accumulated to preserve existing values
+    // (e.g. "Vary: RSC, Accept" set above); all other keys use plain
+    // assignment so middleware headers win over config headers, which
+    // the outer handler applies afterward and skips keys already present.
+    if (_mwCtx.headers) {
+      for (const [key, value] of _mwCtx.headers) {
+        const lk = key.toLowerCase();
+        if (lk === "set-cookie") {
+          const existing = responseHeaders[lk];
+          if (Array.isArray(existing)) {
+            existing.push(value);
+          } else if (existing) {
+            responseHeaders[lk] = [existing, value];
+          } else {
+            responseHeaders[lk] = [value];
+          }
+        } else if (lk === "vary") {
+          // Accumulate Vary values to preserve the existing "RSC, Accept" entry.
+          const existing = responseHeaders["Vary"] ?? responseHeaders["vary"];
+          if (existing) {
+            responseHeaders["Vary"] = existing + ", " + value;
+            if (responseHeaders["vary"] !== undefined) delete responseHeaders["vary"];
+          } else {
+            responseHeaders[key] = value;
+          }
+        } else {
+          responseHeaders[key] = value;
+        }
+      }
+    }
+    // Attach internal timing header so the dev server middleware can log it.
+    // Format: "handlerStart,compileMs,renderMs"
+    //   handlerStart - absolute performance.now() when _handleRequest began,
+    //                  used by the logging middleware to compute true compile
+    //                  time as (handlerStart - middlewareReqStart).
+    //   compileMs    - time inside the handler before renderToReadableStream.
+    //                  -1 sentinel means compile time is not measured.
+    //   renderMs     - -1 sentinel for RSC-only (soft-nav) responses, since
+    //                  rendering is handled asynchronously by the client. The
+    //                  logging middleware computes render time as totalMs - compileMs.
+    if (process.env.NODE_ENV !== "production") {
+      const handlerStart = Math.round(__reqStart);
+      const compileMs = __compileEnd !== undefined ? Math.round(__compileEnd - __reqStart) : -1;
+      responseHeaders["x-vinext-timing"] = handlerStart + "," + compileMs + ",-1";
+    }
+    return new Response(rscStream, { status: _mwCtx.status || 200, headers: responseHeaders });
+  }
+
+  // Collect font data from RSC environment before passing to SSR
+  // (Fonts are loaded during RSC rendering when layout.tsx calls Geist() etc.)
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+
+  // Build HTTP Link header for font preloading.
+  // This lets the browser (and CDN) start fetching font files before parsing HTML,
+  // eliminating the CSS → woff2 download waterfall.
+  const fontPreloads = fontData.preloads || [];
+  const fontLinkHeaderParts = [];
+  for (const preload of fontPreloads) {
+    fontLinkHeaderParts.push("<" + preload.href + ">; rel=preload; as=font; type=" + preload.type + "; crossorigin");
+  }
+  const fontLinkHeader = fontLinkHeaderParts.length > 0 ? fontLinkHeaderParts.join(", ") : "";
+
+  // Delegate to SSR environment for HTML rendering
+  let htmlStream;
+  try {
+    const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+    htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+    // Shell render complete; Suspense boundaries stream asynchronously
+    if (process.env.NODE_ENV !== "production") __renderEnd = performance.now();
+  } catch (ssrErr) {
+    const specialResponse = await handleRenderError(ssrErr);
+    if (specialResponse) return specialResponse;
+    // Non-special error during SSR — render error.tsx if available
+    const errorBoundaryResp = await renderErrorBoundaryPage(route, ssrErr, isRscRequest, request, params);
+    if (errorBoundaryResp) return errorBoundaryResp;
+    throw ssrErr;
+  }
+
+  // Check for draftMode Set-Cookie header (from draftMode().enable()/disable())
+  const draftCookie = getDraftModeCookieHeader();
+
+  setHeadersContext(null);
+  setNavigationContext(null);
+
+  // Helper to attach draftMode cookie, middleware headers, font Link header, and rewrite status to a response
+  function attachMiddlewareContext(response) {
+    if (draftCookie) {
+      response.headers.append("Set-Cookie", draftCookie);
+    }
+    // Set HTTP Link header for font preloading
+    if (fontLinkHeader) {
+      response.headers.set("Link", fontLinkHeader);
+    }
+    // Merge middleware response headers into the final response.
+    // The response is freshly constructed above (new Response(htmlStream, {...})),
+    // so set() and append() are equivalent — there are no same-key conflicts yet.
+    // Precedence over config headers is handled by the outer handler, which
+    // skips config keys that middleware already placed on the response.
+    if (_mwCtx.headers) {
+      for (const [key, value] of _mwCtx.headers) {
+        response.headers.append(key, value);
+      }
+    }
+    // Attach internal timing header so the dev server middleware can log it.
+    // Format: "handlerStart,compileMs,renderMs"
+    //   handlerStart - absolute performance.now() when _handleRequest began,
+    //                  used by the logging middleware to compute true compile
+    //                  time as (handlerStart - middlewareReqStart).
+    //   compileMs    - time inside the handler before renderToReadableStream.
+    //   renderMs     - time from renderToReadableStream to handleSsr completion,
+    //                  or -1 sentinel if not measured (falls back to totalMs - compileMs).
+    if (process.env.NODE_ENV !== "production") {
+      const handlerStart = Math.round(__reqStart);
+      const compileMs = __compileEnd !== undefined ? Math.round(__compileEnd - __reqStart) : -1;
+      const renderMs = __renderEnd !== undefined && __compileEnd !== undefined
+        ? Math.round(__renderEnd - __compileEnd)
+        : -1;
+      response.headers.set("x-vinext-timing", handlerStart + "," + compileMs + "," + renderMs);
+    }
+    // Apply custom status code from middleware rewrite
+    if (_mwCtx.status) {
+      return new Response(response.body, {
+        status: _mwCtx.status,
+        headers: response.headers,
+      });
+    }
+    return response;
+  }
+
+  // Check if any component called connection(), cookies(), headers(), or noStore()
+  // during rendering. If so, treat as dynamic (skip ISR, set no-store).
+  const dynamicUsedDuringRender = consumeDynamicUsage();
+
+  // Check if cacheLife() was called during rendering (e.g., page with file-level "use cache").
+  // If so, use its revalidation period for the Cache-Control header.
+  const requestCacheLife = _consumeRequestScopedCacheLife();
+  if (requestCacheLife && requestCacheLife.revalidate !== undefined && revalidateSeconds === null) {
+    revalidateSeconds = requestCacheLife.revalidate;
+  }
+
+  // force-dynamic: always return no-store (highest priority)
+  if (isForceDynamic) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "no-store, must-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // force-static / error: treat as static regardless of dynamic usage.
+  // force-static intentionally provides empty headers/cookies context so
+  // dynamic APIs return safe defaults; we ignore the dynamic usage signal.
+  // dynamic='error' should have already thrown (via throwing Proxy) if user
+  // code accessed dynamic APIs, so reaching here means rendering succeeded.
+  if ((isForceStatic || isDynamicError) && (revalidateSeconds === null || revalidateSeconds === 0)) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "s-maxage=31536000, stale-while-revalidate",
+        "X-Vinext-Cache": "STATIC",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // auto mode: dynamic API usage (headers(), cookies(), connection(), noStore(),
+  // searchParams access) opts the page into dynamic rendering with no-store.
+  if (dynamicUsedDuringRender) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "no-store, must-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // Emit Cache-Control for ISR pages so tests can verify revalidate values,
+  // but skip actual caching in dev — every request renders fresh.
+  if (revalidateSeconds !== null && revalidateSeconds > 0) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "s-maxage=" + revalidateSeconds + ", stale-while-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  return attachMiddlewareContext(new Response(htmlStream, {
+    headers: { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" },
+  }));
+}
+
+if (import.meta.hot) {
+  import.meta.hot.accept();
+}
+"
+`;
+
+exports[`App Router entry templates > generateRscEntry snapshot (with config) 1`] = `
+"
+import {
+  renderToReadableStream,
+  decodeReply,
+  loadServerAction,
+  createTemporaryReferenceSet,
+} from "@vitejs/plugin-rsc/rsc";
+import { AsyncLocalStorage } from "node:async_hooks";
+import { createElement, Suspense, Fragment } from "react";
+import { setNavigationContext as _setNavigationContextOrig, getNavigationContext as _getNavigationContext } from "next/navigation";
+import { setHeadersContext, headersContextFromRequest, getDraftModeCookieHeader, getAndClearPendingCookies, consumeDynamicUsage, markDynamicUsage, runWithHeadersContext, applyMiddlewareRequestHeaders, getHeadersContext } from "next/headers";
+import { NextRequest, NextFetchEvent } from "next/server";
+import { ErrorBoundary, NotFoundBoundary } from "vinext/error-boundary";
+import { LayoutSegmentProvider } from "vinext/layout-segment-context";
+import { MetadataHead, mergeMetadata, resolveModuleMetadata, ViewportHead, mergeViewport, resolveModuleViewport } from "vinext/metadata";
+
+
+
+import { _consumeRequestScopedCacheLife, _runWithCacheState } from "next/cache";
+import { runWithFetchCache } from "vinext/fetch-cache";
+import { runWithPrivateCache as _runWithPrivateCache } from "vinext/cache-runtime";
+// Import server-only state module to register ALS-backed accessors.
+import { runWithNavigationContext as _runWithNavigationContext } from "vinext/navigation-state";
+import { reportRequestError as _reportRequestError } from "vinext/instrumentation";
+import { getSSRFontLinks as _getSSRFontLinks, getSSRFontStyles as _getSSRFontStylesGoogle, getSSRFontPreloads as _getSSRFontPreloadsGoogle } from "next/font/google";
+import { getSSRFontStyles as _getSSRFontStylesLocal, getSSRFontPreloads as _getSSRFontPreloadsLocal } from "next/font/local";
+function _getSSRFontStyles() { return [..._getSSRFontStylesGoogle(), ..._getSSRFontStylesLocal()]; }
+function _getSSRFontPreloads() { return [..._getSSRFontPreloadsGoogle(), ..._getSSRFontPreloadsLocal()]; }
+
+// ALS used to suppress the expected "Invalid hook call" dev warning when
+// layout/page components are probed outside React's render cycle. Patching
+// console.error once at module load (instead of per-request) avoids the
+// concurrent-request issue where request A's suppression filter could
+// swallow real errors from request B.
+const _suppressHookWarningAls = new AsyncLocalStorage();
+const _origConsoleError = console.error;
+console.error = (...args) => {
+  if (_suppressHookWarningAls.getStore() === true &&
+      typeof args[0] === "string" &&
+      args[0].includes("Invalid hook call")) return;
+  _origConsoleError.apply(console, args);
+};
+
+// Set navigation context in the ALS-backed store. "use client" components
+// rendered during SSR need the pathname/searchParams/params but the SSR
+// environment has a separate module instance of next/navigation.
+// Use _getNavigationContext() to read the current context — never cache
+// it in a module-level variable (that would leak between concurrent requests).
+function setNavigationContext(ctx) {
+  _setNavigationContextOrig(ctx);
+}
+
+// ISR cache is disabled in dev mode — every request re-renders fresh,
+// matching Next.js dev behavior. Cache-Control headers are still emitted
+// based on export const revalidate for testing purposes.
+// Production ISR is handled by prod-server.ts and the Cloudflare worker entry.
+
+// Normalize null-prototype objects from matchPattern() into thenable objects
+// that work both as Promises (for Next.js 15+ async params) and as plain
+// objects with synchronous property access (for pre-15 code like params.id).
+//
+// matchPattern() uses Object.create(null), producing objects without
+// Object.prototype. The RSC serializer rejects these. Spreading ({...obj})
+// restores a normal prototype. Object.assign onto the Promise preserves
+// synchronous property access (params.id, params.slug) that existing
+// components and test fixtures rely on.
+function makeThenableParams(obj) {
+  const plain = { ...obj };
+  return Object.assign(Promise.resolve(plain), plain);
+}
+
+// Resolve route tree segments to actual values using matched params.
+// Dynamic segments like [id] are replaced with param values, catch-all
+// segments like [...slug] are joined with "/", and route groups are kept as-is.
+function __resolveChildSegments(routeSegments, treePosition, params) {
+  var raw = routeSegments.slice(treePosition);
+  var result = [];
+  for (var j = 0; j < raw.length; j++) {
+    var seg = raw[j];
+    // Optional catch-all: [[...param]]
+    if (seg.indexOf("[[...") === 0 && seg.charAt(seg.length - 1) === "]" && seg.charAt(seg.length - 2) === "]") {
+      var pn = seg.slice(5, -2);
+      var v = params[pn];
+      // Skip empty optional catch-all (e.g., visiting /blog on [[...slug]] route)
+      if (Array.isArray(v) && v.length === 0) continue;
+      if (v == null) continue;
+      result.push(Array.isArray(v) ? v.join("/") : v);
+    // Catch-all: [...param]
+    } else if (seg.indexOf("[...") === 0 && seg.charAt(seg.length - 1) === "]") {
+      var pn2 = seg.slice(4, -1);
+      var v2 = params[pn2];
+      result.push(Array.isArray(v2) ? v2.join("/") : (v2 || seg));
+    // Dynamic: [param]
+    } else if (seg.charAt(0) === "[" && seg.charAt(seg.length - 1) === "]" && seg.indexOf(".") === -1) {
+      var pn3 = seg.slice(1, -1);
+      result.push(params[pn3] || seg);
+    } else {
+      result.push(seg);
+    }
+  }
+  return result;
+}
+
+// djb2 hash — matches Next.js's stringHash for digest generation.
+// Produces a stable numeric string from error message + stack.
+function __errorDigest(str) {
+  let hash = 5381;
+  for (let i = str.length - 1; i >= 0; i--) {
+    hash = (hash * 33) ^ str.charCodeAt(i);
+  }
+  return (hash >>> 0).toString();
+}
+
+// Sanitize an error for client consumption. In production, replaces the error
+// with a generic Error that only carries a digest hash (matching Next.js
+// behavior). In development, returns the original error for debugging.
+// Navigation errors (redirect, notFound, etc.) are always passed through
+// unchanged since their digests are used for client-side routing.
+function __sanitizeErrorForClient(error) {
+  // Navigation errors must pass through with their digest intact
+  if (error && typeof error === "object" && "digest" in error) {
+    const digest = String(error.digest);
+    if (
+      digest.startsWith("NEXT_REDIRECT;") ||
+      digest === "NEXT_NOT_FOUND" ||
+      digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")
+    ) {
+      return error;
+    }
+  }
+  // In development, pass through the original error for debugging
+  if (process.env.NODE_ENV !== "production") {
+    return error;
+  }
+  // In production, create a sanitized error with only a digest hash
+  const msg = error instanceof Error ? error.message : String(error);
+  const stack = error instanceof Error ? (error.stack || "") : "";
+  const sanitized = new Error(
+    "An error occurred in the Server Components render. " +
+    "The specific message is omitted in production builds to avoid leaking sensitive details. " +
+    "A digest property is included on this error instance which may provide additional details about the nature of the error."
+  );
+  sanitized.digest = __errorDigest(msg + stack);
+  return sanitized;
+}
+
+// onError callback for renderToReadableStream — preserves the digest for
+// Next.js navigation errors (redirect, notFound, forbidden, unauthorized)
+// thrown during RSC streaming (e.g. inside Suspense boundaries).
+// For non-navigation errors in production, generates a digest hash so the
+// error can be correlated with server logs without leaking details.
+function rscOnError(error) {
+  if (error && typeof error === "object" && "digest" in error) {
+    return String(error.digest);
+  }
+
+  // In dev, detect the "Only plain objects" RSC serialization error and emit
+  // an actionable hint. This error occurs when a Server Component passes a
+  // class instance, ES module namespace object, or null-prototype object as a
+  // prop to a Client Component.
+  //
+  // Root cause: Vite bundles modules as true ESM (module namespace objects
+  // have a null-like internal slot), while Next.js's webpack build produces
+  // plain CJS-wrapped objects with __esModule:true. React's RSC serializer
+  // accepts the latter as plain objects but rejects the former — which means
+  // code that accidentally passes "import * as X" works in webpack/Next.js
+  // but correctly fails in vinext.
+  //
+  // Common triggers:
+  //   - "import * as utils from './utils'" passed as a prop
+  //   - class instances (new Foo()) passed as props
+  //   - Date / Map / Set instances passed as props
+  //   - Objects with Object.create(null) (null prototype)
+  if (
+    process.env.NODE_ENV !== "production" &&
+    error instanceof Error &&
+    error.message.includes("Only plain objects, and a few built-ins, can be passed to Client Components")
+  ) {
+    console.error(
+      "[vinext] RSC serialization error: a non-plain object was passed from a Server Component to a Client Component.\\n" +
+      "\\n" +
+      "Common causes:\\n" +
+      "  * Passing a module namespace (import * as X) directly as a prop.\\n" +
+      "    Unlike Next.js (webpack), Vite produces real ESM module namespace objects\\n" +
+      "    which are not serializable. Fix: pass individual values instead,\\n" +
+      "    e.g. <Comp value={module.value} />\\n" +
+      "  * Passing a class instance (new Foo()) as a prop.\\n" +
+      "    Fix: convert to a plain object, e.g. { id: foo.id, name: foo.name }\\n" +
+      "  * Passing a Date, Map, or Set. Use .toISOString(), [...map.entries()], etc.\\n" +
+      "  * Passing Object.create(null). Use { ...obj } to restore a prototype.\\n" +
+      "\\n" +
+      "Original error:",
+      error.message,
+    );
+    return undefined;
+  }
+
+  // In production, generate a digest hash for non-navigation errors
+  if (process.env.NODE_ENV === "production" && error) {
+    const msg = error instanceof Error ? error.message : String(error);
+    const stack = error instanceof Error ? (error.stack || "") : "";
+    return __errorDigest(msg + stack);
+  }
+  return undefined;
+}
+
+import * as mod_0 from "/tmp/test/app/page.tsx";
+import * as mod_1 from "/tmp/test/app/layout.tsx";
+import * as mod_2 from "/tmp/test/app/about/page.tsx";
+
+
+
+const routes = [
+  {
+    pattern: "/",
+    isDynamic: false,
+    params: [],
+    page: mod_0,
+    routeHandler: null,
+    layouts: [mod_1],
+    routeSegments: [],
+    layoutTreePositions: [0],
+    templates: [],
+    errors: [null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null],
+    forbidden: null,
+    unauthorized: null,
+  },
+  {
+    pattern: "/about",
+    isDynamic: false,
+    params: [],
+    page: mod_2,
+    routeHandler: null,
+    layouts: [mod_1],
+    routeSegments: ["about"],
+    layoutTreePositions: [0],
+    templates: [],
+    errors: [null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null],
+    forbidden: null,
+    unauthorized: null,
+  }
+];
+
+const metadataRoutes = [
+
+];
+
+const rootNotFoundModule = null;
+const rootForbiddenModule = null;
+const rootUnauthorizedModule = null;
+const rootLayouts = [mod_1];
+
+/**
+ * Render an HTTP access fallback page (not-found/forbidden/unauthorized) with layouts and noindex meta.
+ * Returns null if no matching component is available.
+ *
+ * @param opts.boundaryComponent - Override the boundary component (for layout-level notFound)
+ * @param opts.layouts - Override the layouts to wrap with (for layout-level notFound, excludes the throwing layout)
+ */
+async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, opts) {
+  // Determine which boundary component to use based on status code
+  let BoundaryComponent = opts?.boundaryComponent ?? null;
+  if (!BoundaryComponent) {
+    let boundaryModule;
+    if (statusCode === 403) {
+      boundaryModule = route?.forbidden ?? rootForbiddenModule;
+    } else if (statusCode === 401) {
+      boundaryModule = route?.unauthorized ?? rootUnauthorizedModule;
+    } else {
+      boundaryModule = route?.notFound ?? rootNotFoundModule;
+    }
+    BoundaryComponent = boundaryModule?.default ?? null;
+  }
+  const layouts = opts?.layouts ?? route?.layouts ?? rootLayouts;
+  if (!BoundaryComponent) return null;
+
+  // Resolve metadata and viewport from parent layouts so that not-found/error
+  // pages inherit title, description, OG tags etc. — matching Next.js behavior.
+  const metadataList = [];
+  const viewportList = [];
+  for (const layoutMod of layouts) {
+    if (layoutMod) {
+      const meta = await resolveModuleMetadata(layoutMod);
+      if (meta) metadataList.push(meta);
+      const vp = await resolveModuleViewport(layoutMod);
+      if (vp) viewportList.push(vp);
+    }
+  }
+  const resolvedMetadata = metadataList.length > 0 ? mergeMetadata(metadataList) : null;
+  const resolvedViewport = mergeViewport(viewportList);
+
+  // Build element: metadata head + noindex meta + boundary component wrapped in layouts
+  // Always include charset and default viewport for parity with Next.js.
+  const charsetMeta = createElement("meta", { charSet: "utf-8" });
+  const noindexMeta = createElement("meta", { name: "robots", content: "noindex" });
+  const headElements = [charsetMeta, noindexMeta];
+  if (resolvedMetadata) headElements.push(createElement(MetadataHead, { metadata: resolvedMetadata }));
+  headElements.push(createElement(ViewportHead, { viewport: resolvedViewport }));
+  let element = createElement(Fragment, null, ...headElements, createElement(BoundaryComponent));
+  if (isRscRequest) {
+    // For RSC requests (client-side navigation), wrap the element with the same
+    // component wrappers that buildPageElement() uses. Without these wrappers,
+    // React's reconciliation would see a mismatched tree structure between the
+    // old fiber tree (ErrorBoundary > LayoutSegmentProvider > html > body > NotFoundBoundary > ...)
+    // and the new tree (html > body > ...), causing it to destroy and recreate
+    // the entire DOM tree, resulting in a blank white page.
+    //
+    // We wrap each layout with LayoutSegmentProvider and add GlobalErrorBoundary
+    // to match the wrapping order in buildPageElement(), ensuring smooth
+    // client-side tree reconciliation.
+    const _treePositions = route?.layoutTreePositions;
+    const _routeSegs = route?.routeSegments || [];
+    const _fallbackParams = opts?.params || {};
+    for (let i = layouts.length - 1; i >= 0; i--) {
+      const LayoutComponent = layouts[i]?.default;
+      if (LayoutComponent) {
+        element = createElement(LayoutComponent, { children: element });
+        const _tp = _treePositions ? _treePositions[i] : 0;
+        const _cs = __resolveChildSegments(_routeSegs, _tp, _fallbackParams);
+        element = createElement(LayoutSegmentProvider, { childSegments: _cs }, element);
+      }
+    }
+    
+    const rscStream = renderToReadableStream(element, { onError: rscOnError });
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response(rscStream, {
+      status: statusCode,
+      headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+    });
+  }
+  // For HTML (full page load) responses, wrap with layouts only (no client-side
+  // wrappers needed since SSR generates the complete HTML document).
+  for (let i = layouts.length - 1; i >= 0; i--) {
+    const LayoutComponent = layouts[i]?.default;
+    if (LayoutComponent) {
+      element = createElement(LayoutComponent, { children: element });
+    }
+  }
+  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  // Collect font data from RSC environment
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+  const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+  const htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+  setHeadersContext(null);
+  setNavigationContext(null);
+  const _respHeaders = { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" };
+  const _linkParts = (fontData.preloads || []).map(function(p) { return "<" + p.href + ">; rel=preload; as=font; type=" + p.type + "; crossorigin"; });
+  if (_linkParts.length > 0) _respHeaders["Link"] = _linkParts.join(", ");
+  return new Response(htmlStream, {
+    status: statusCode,
+    headers: _respHeaders,
+  });
+}
+
+/** Convenience: render a not-found page (404) */
+async function renderNotFoundPage(route, isRscRequest, request, params) {
+  return renderHTTPAccessFallbackPage(route, 404, isRscRequest, request, { params });
+}
+
+/**
+ * Render an error.tsx boundary page when a server component or generateMetadata() throws.
+ * Returns null if no error boundary component is available for this route.
+ *
+ * Next.js returns HTTP 200 when error.tsx catches an error (the error is "handled"
+ * by the boundary). This matches that behavior intentionally.
+ */
+async function renderErrorBoundaryPage(route, error, isRscRequest, request, params) {
+  // Resolve the error boundary component: leaf error.tsx first, then walk per-layout
+  // errors from innermost to outermost (matching ancestor inheritance), then global-error.tsx.
+  let ErrorComponent = route?.error?.default ?? null;
+  if (!ErrorComponent && route?.errors) {
+    for (let i = route.errors.length - 1; i >= 0; i--) {
+      if (route.errors[i]?.default) {
+        ErrorComponent = route.errors[i].default;
+        break;
+      }
+    }
+  }
+  ErrorComponent = ErrorComponent;
+  if (!ErrorComponent) return null;
+
+  const rawError = error instanceof Error ? error : new Error(String(error));
+  // Sanitize the error in production to avoid leaking internal details
+  // (database errors, file paths, stack traces) through error.tsx to the client.
+  // In development, pass the original error for debugging.
+  const errorObj = __sanitizeErrorForClient(rawError);
+  // Only pass error — reset is a client-side concern (re-renders the segment) and
+  // can't be serialized through RSC. The error.tsx component will receive reset=undefined
+  // during SSR, which is fine — onClick={undefined} is harmless, and the real reset
+  // function is only meaningful after hydration.
+  let element = createElement(ErrorComponent, {
+    error: errorObj,
+  });
+  const layouts = route?.layouts ?? rootLayouts;
+  if (isRscRequest) {
+    // For RSC requests (client-side navigation), wrap with the same component
+    // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
+    // This ensures React can reconcile the tree without destroying the DOM.
+    // Same rationale as renderHTTPAccessFallbackPage — see comment there.
+    const _errTreePositions = route?.layoutTreePositions;
+    const _errRouteSegs = route?.routeSegments || [];
+    const _errParams = params || {};
+    for (let i = layouts.length - 1; i >= 0; i--) {
+      const LayoutComponent = layouts[i]?.default;
+      if (LayoutComponent) {
+        element = createElement(LayoutComponent, { children: element });
+        const _etp = _errTreePositions ? _errTreePositions[i] : 0;
+        const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
+        element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+      }
+    }
+    
+    const rscStream = renderToReadableStream(element, { onError: rscOnError });
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response(rscStream, {
+      status: 200,
+      headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+    });
+  }
+  // For HTML (full page load) responses, wrap with layouts only.
+  for (let i = layouts.length - 1; i >= 0; i--) {
+    const LayoutComponent = layouts[i]?.default;
+    if (LayoutComponent) {
+      element = createElement(LayoutComponent, { children: element });
+    }
+  }
+  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  // Collect font data from RSC environment so error pages include font styles
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+  const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+  const htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+  setHeadersContext(null);
+  setNavigationContext(null);
+  const _errHeaders = { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" };
+  const _errLinkParts = (fontData.preloads || []).map(function(p) { return "<" + p.href + ">; rel=preload; as=font; type=" + p.type + "; crossorigin"; });
+  if (_errLinkParts.length > 0) _errHeaders["Link"] = _errLinkParts.join(", ");
+  return new Response(htmlStream, {
+    status: 200,
+    headers: _errHeaders,
+  });
+}
+
+function matchRoute(url, routes) {
+  const pathname = url.split("?")[0];
+  let normalizedUrl = pathname === "/" ? "/" : pathname.replace(/\\/$/, "");
+   // NOTE: Do NOT decodeURIComponent here. The caller is responsible for decoding
+   // the pathname exactly once at the request entry point. Decoding again here
+   // would cause inconsistent path matching between middleware and routing.
+  for (const route of routes) {
+    const params = matchPattern(normalizedUrl, route.pattern);
+    if (params !== null) return { route, params };
+  }
+  return null;
+}
+
+function matchPattern(url, pattern) {
+  const urlParts = url.split("/").filter(Boolean);
+  const patternParts = pattern.split("/").filter(Boolean);
+  const params = Object.create(null);
+  for (let i = 0; i < patternParts.length; i++) {
+    const pp = patternParts[i];
+    if (pp.endsWith("+")) {
+      const paramName = pp.slice(1, -1);
+      const remaining = urlParts.slice(i);
+      if (remaining.length === 0) return null;
+      params[paramName] = remaining;
+      return params;
+    }
+    if (pp.endsWith("*")) {
+      const paramName = pp.slice(1, -1);
+      params[paramName] = urlParts.slice(i);
+      return params;
+    }
+    if (pp.startsWith(":")) {
+      if (i >= urlParts.length) return null;
+      params[pp.slice(1)] = urlParts[i];
+      continue;
+    }
+    if (i >= urlParts.length || urlParts[i] !== pp) return null;
+  }
+  if (urlParts.length !== patternParts.length) return null;
+  return params;
+}
+
+// Build a global intercepting route lookup for RSC navigation.
+// Maps target URL patterns to { sourceRouteIndex, slotName, interceptPage, params }.
+const interceptLookup = [];
+for (let ri = 0; ri < routes.length; ri++) {
+  const r = routes[ri];
+  if (!r.slots) continue;
+  for (const [slotName, slotMod] of Object.entries(r.slots)) {
+    if (!slotMod.intercepts) continue;
+    for (const intercept of slotMod.intercepts) {
+      interceptLookup.push({
+        sourceRouteIndex: ri,
+        slotName,
+        targetPattern: intercept.targetPattern,
+        page: intercept.page,
+        params: intercept.params,
+      });
+    }
+  }
+}
+
+/**
+ * Check if a pathname matches any intercepting route.
+ * Returns the match info or null.
+ */
+function findIntercept(pathname) {
+  for (const entry of interceptLookup) {
+    const params = matchPattern(pathname, entry.targetPattern);
+    if (params !== null) {
+      return { ...entry, matchedParams: params };
+    }
+  }
+  return null;
+}
+
+async function buildPageElement(route, params, opts, searchParams) {
+  const PageComponent = route.page?.default;
+  if (!PageComponent) {
+    return createElement("div", null, "Page has no default export");
+  }
+
+  // Resolve metadata and viewport from layouts and page
+  const metadataList = [];
+  const viewportList = [];
+  for (const layoutMod of route.layouts) {
+    if (layoutMod) {
+      const meta = await resolveModuleMetadata(layoutMod, params);
+      if (meta) metadataList.push(meta);
+      const vp = await resolveModuleViewport(layoutMod, params);
+      if (vp) viewportList.push(vp);
+    }
+  }
+  if (route.page) {
+    const pageMeta = await resolveModuleMetadata(route.page, params);
+    if (pageMeta) metadataList.push(pageMeta);
+    const pageVp = await resolveModuleViewport(route.page, params);
+    if (pageVp) viewportList.push(pageVp);
+  }
+  const resolvedMetadata = metadataList.length > 0 ? mergeMetadata(metadataList) : null;
+  const resolvedViewport = mergeViewport(viewportList);
+
+  // Build nested layout tree from outermost to innermost.
+  // Next.js 16 passes params/searchParams as Promises (async pattern)
+  // but pre-16 code accesses them as plain objects (params.id).
+  // makeThenableParams() normalises null-prototype + preserves both patterns.
+  const asyncParams = makeThenableParams(params);
+  const pageProps = { params: asyncParams };
+  if (searchParams) {
+    const spObj = {};
+    let hasSearchParams = false;
+    if (searchParams.forEach) searchParams.forEach(function(v, k) {
+      hasSearchParams = true;
+      if (k in spObj) {
+        // Multi-value: promote to array (Next.js returns string[] for duplicate keys)
+        spObj[k] = Array.isArray(spObj[k]) ? spObj[k].concat(v) : [spObj[k], v];
+      } else {
+        spObj[k] = v;
+      }
+    });
+    // If the URL has query parameters, mark the page as dynamic.
+    // In Next.js, only accessing the searchParams prop signals dynamic usage,
+    // but a Proxy-based approach doesn't work here because React's RSC debug
+    // serializer accesses properties on all props (e.g. $$typeof check in
+    // isClientReference), triggering the Proxy even when user code doesn't
+    // read searchParams. Checking for non-empty query params is a safe
+    // approximation: pages with query params in the URL are almost always
+    // dynamic, and this avoids false positives from React internals.
+    if (hasSearchParams) markDynamicUsage();
+    pageProps.searchParams = makeThenableParams(spObj);
+  }
+  let element = createElement(PageComponent, pageProps);
+
+  // Wrap page with empty segment provider so useSelectedLayoutSegments()
+  // returns [] when called from inside a page component (leaf node).
+  element = createElement(LayoutSegmentProvider, { childSegments: [] }, element);
+
+  // Add metadata + viewport head tags (React 19 hoists title/meta/link to <head>)
+  // Next.js always injects charset and default viewport even when no metadata/viewport
+  // is exported. We replicate that by always emitting these essential head elements.
+  {
+    const headElements = [];
+    // Always emit <meta charset="utf-8"> — Next.js includes this on every page
+    headElements.push(createElement("meta", { charSet: "utf-8" }));
+    if (resolvedMetadata) headElements.push(createElement(MetadataHead, { metadata: resolvedMetadata }));
+    headElements.push(createElement(ViewportHead, { viewport: resolvedViewport }));
+    element = createElement(Fragment, null, ...headElements, element);
+  }
+
+  // Wrap with loading.tsx Suspense if present
+  if (route.loading?.default) {
+    element = createElement(
+      Suspense,
+      { fallback: createElement(route.loading.default) },
+      element,
+    );
+  }
+
+  // Wrap with the leaf's error.tsx ErrorBoundary if it's not already covered
+  // by a per-layout error boundary (i.e., the leaf has error.tsx but no layout).
+  // Per-layout error boundaries are interleaved with layouts below.
+  {
+    const lastLayoutError = route.errors ? route.errors[route.errors.length - 1] : null;
+    if (route.error?.default && route.error !== lastLayoutError) {
+      element = createElement(ErrorBoundary, {
+        fallback: route.error.default,
+        children: element,
+      });
+    }
+  }
+
+  // Wrap with NotFoundBoundary so client-side notFound() renders not-found.tsx
+  // instead of crashing the React tree. Must be above ErrorBoundary since
+  // ErrorBoundary re-throws notFound errors.
+  // Pre-render the not-found component as a React element since it may be a
+  // server component (not a client reference) and can't be passed as a function prop.
+  {
+    const NotFoundComponent = route.notFound?.default ?? null;
+    if (NotFoundComponent) {
+      element = createElement(NotFoundBoundary, {
+        fallback: createElement(NotFoundComponent),
+        children: element,
+      });
+    }
+  }
+
+  // Wrap with templates (innermost first, then outer)
+  // Templates are like layouts but re-mount on navigation (client-side concern).
+  // On the server, they just wrap the content like layouts do.
+  if (route.templates) {
+    for (let i = route.templates.length - 1; i >= 0; i--) {
+      const TemplateComponent = route.templates[i]?.default;
+      if (TemplateComponent) {
+        element = createElement(TemplateComponent, { children: element, params });
+      }
+    }
+  }
+
+  // Wrap with layouts (innermost first, then outer).
+  // At each layout level, first wrap with that level's error boundary (if any)
+  // so the boundary is inside the layout and catches errors from children.
+  // This matches Next.js behavior: Layout > ErrorBoundary > children.
+  // Parallel slots are passed as named props to the innermost layout
+  // (the layout at the same directory level as the page/slots)
+  for (let i = route.layouts.length - 1; i >= 0; i--) {
+    // Wrap with per-layout error boundary before wrapping with layout.
+    // This places the ErrorBoundary inside the layout, catching errors
+    // from child segments (matching Next.js per-segment error handling).
+    if (route.errors && route.errors[i]?.default) {
+      element = createElement(ErrorBoundary, {
+        fallback: route.errors[i].default,
+        children: element,
+      });
+    }
+
+    const LayoutComponent = route.layouts[i]?.default;
+    if (LayoutComponent) {
+      // Per-layout NotFoundBoundary: wraps this layout's children so that
+      // notFound() thrown from a child layout is caught here.
+      // Matches Next.js behavior where each segment has its own boundary.
+      // The boundary at level N catches errors from Layout[N+1] and below,
+      // but NOT from Layout[N] itself (which propagates to level N-1).
+      {
+        const LayoutNotFound = route.notFounds?.[i]?.default;
+        if (LayoutNotFound) {
+          element = createElement(NotFoundBoundary, {
+            fallback: createElement(LayoutNotFound),
+            children: element,
+          });
+        }
+      }
+
+      const layoutProps = { children: element, params: makeThenableParams(params) };
+
+      // Add parallel slot elements to the layout that defines them.
+      // Each slot has a layoutIndex indicating which layout it belongs to.
+      if (route.slots) {
+        for (const [slotName, slotMod] of Object.entries(route.slots)) {
+          // Attach slot to the layout at its layoutIndex, or to the innermost layout if -1
+          const targetIdx = slotMod.layoutIndex >= 0 ? slotMod.layoutIndex : route.layouts.length - 1;
+          if (i !== targetIdx) continue;
+          // Check if this slot has an intercepting route that should activate
+          let SlotPage = null;
+          let slotParams = params;
+
+          if (opts && opts.interceptSlot === slotName && opts.interceptPage) {
+            // Use the intercepting route's page component
+            SlotPage = opts.interceptPage.default;
+            slotParams = opts.interceptParams || params;
+          } else {
+            SlotPage = slotMod.page?.default || slotMod.default?.default;
+          }
+
+          if (SlotPage) {
+            let slotElement = createElement(SlotPage, { params: makeThenableParams(slotParams) });
+            // Wrap with slot-specific layout if present.
+            // In Next.js, @slot/layout.tsx wraps the slot's page content
+            // before it is passed as a prop to the parent layout.
+            const SlotLayout = slotMod.layout?.default;
+            if (SlotLayout) {
+              slotElement = createElement(SlotLayout, {
+                children: slotElement,
+                params: makeThenableParams(slotParams),
+              });
+            }
+            // Wrap with slot-specific loading if present
+            if (slotMod.loading?.default) {
+              slotElement = createElement(Suspense,
+                { fallback: createElement(slotMod.loading.default) },
+                slotElement,
+              );
+            }
+            // Wrap with slot-specific error boundary if present
+            if (slotMod.error?.default) {
+              slotElement = createElement(ErrorBoundary, {
+                fallback: slotMod.error.default,
+                children: slotElement,
+              });
+            }
+            layoutProps[slotName] = slotElement;
+          }
+        }
+      }
+
+      element = createElement(LayoutComponent, layoutProps);
+
+      // Wrap the layout with LayoutSegmentProvider so useSelectedLayoutSegments()
+      // called INSIDE this layout gets the correct child segments. We resolve the
+      // route tree segments using actual param values and pass them through context.
+      // We wrap the layout (not just children) because hooks are called from
+      // components rendered inside the layout's own JSX.
+      const treePos = route.layoutTreePositions ? route.layoutTreePositions[i] : 0;
+      const childSegs = __resolveChildSegments(route.routeSegments || [], treePos, params);
+      element = createElement(LayoutSegmentProvider, { childSegments: childSegs }, element);
+    }
+  }
+
+  // Wrap with global error boundary if app/global-error.tsx exists.
+  // This catches errors in the root layout itself.
+  
+
+  return element;
+}
+
+
+
+const __basePath = "/base";
+const __trailingSlash = true;
+const __configRedirects = [{"source":"/old","destination":"/new","permanent":true}];
+const __configRewrites = {"beforeFiles":[{"source":"/api/:path*","destination":"/backend/:path*"}],"afterFiles":[],"fallback":[]};
+const __configHeaders = [{"source":"/api/:path*","headers":[{"key":"X-Custom","value":"test"}]}];
+const __allowedOrigins = [];
+
+
+// ── Dev server origin verification ──────────────────────────────────────
+// Block cross-origin requests to prevent data exfiltration during development.
+const __allowedDevOrigins = [];
+const __safeDevHosts = ["localhost", "127.0.0.1", "[::1]"];
+
+function __validateDevRequestOrigin(request) {
+  // Check Sec-Fetch headers (catches <script> tag exfiltration)
+  if (request.headers.get("sec-fetch-mode") === "no-cors" &&
+      request.headers.get("sec-fetch-site") === "cross-site") {
+    console.warn("[vinext] Blocked cross-site no-cors request to " + new URL(request.url).pathname);
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  const origin = request.headers.get("origin");
+  if (!origin || origin === "null") return null;
+
+  let originHostname;
+  try {
+    originHostname = new URL(origin).hostname.toLowerCase();
+  } catch {
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  // Allow localhost, 127.0.0.1, [::1], and *.localhost
+  if (__safeDevHosts.includes(originHostname) || originHostname.endsWith(".localhost")) return null;
+
+  // Same-origin: compare against Host header
+  const hostHeader = (request.headers.get("x-forwarded-host") || request.headers.get("host") || "").split(",")[0].trim().split(":")[0].toLowerCase();
+  if (hostHeader && originHostname === hostHeader) return null;
+
+  // Check user-configured allowed origins
+  for (const pattern of __allowedDevOrigins) {
+    if (pattern.startsWith("*.")) {
+      const suffix = pattern.slice(1);
+      if (originHostname === pattern.slice(2) || originHostname.endsWith(suffix)) return null;
+    } else if (originHostname === pattern) {
+      return null;
+    }
+  }
+
+  console.warn(
+    \`[vinext] Blocked cross-origin request from "\${origin}" to \${new URL(request.url).pathname}. \` +
+    \`To allow this origin, add it to allowedDevOrigins in next.config.js.\`
+  );
+  return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+}
+
+
+// ── CSRF origin validation for server actions ───────────────────────────
+// Matches Next.js behavior: compare the Origin header against the Host header.
+// If they don't match, the request is rejected with 403 unless the origin is
+// in the allowedOrigins list (from experimental.serverActions.allowedOrigins).
+function __isOriginAllowed(origin, allowed) {
+  for (const pattern of allowed) {
+    if (pattern.startsWith("*.")) {
+      // Wildcard: *.example.com matches sub.example.com, a.b.example.com
+      const suffix = pattern.slice(1); // ".example.com"
+      if (origin === pattern.slice(2) || origin.endsWith(suffix)) return true;
+    } else if (origin === pattern) {
+      return true;
+    }
+  }
+  return false;
+}
+
+function __validateCsrfOrigin(request) {
+  const originHeader = request.headers.get("origin");
+  // If there's no Origin header, allow the request — same-origin requests
+  // from non-fetch navigations (e.g. SSR) may lack an Origin header.
+  // The x-rsc-action custom header already provides protection against simple
+  // form-based CSRF since custom headers can't be set by cross-origin forms.
+  if (!originHeader || originHeader === "null") return null;
+
+  let originHost;
+  try {
+    originHost = new URL(originHeader).host.toLowerCase();
+  } catch {
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  // Only use the Host header for origin comparison — never trust
+  // X-Forwarded-Host here, since it can be freely set by the client
+  // and would allow the check to be bypassed if it matched a spoofed
+  // Origin. The prod server's resolveHost() handles trusted proxy
+  // scenarios separately.
+  const hostHeader = (
+    request.headers.get("host") ||
+    ""
+  ).split(",")[0].trim().toLowerCase();
+
+  if (!hostHeader) return null;
+
+  // Same origin — allow
+  if (originHost === hostHeader) return null;
+
+  // Check allowedOrigins from next.config.js
+  if (__allowedOrigins.length > 0 && __isOriginAllowed(originHost, __allowedOrigins)) return null;
+
+  console.warn(
+    \`[vinext] CSRF origin mismatch: origin "\${originHost}" does not match host "\${hostHeader}". Blocking server action request.\`
+  );
+  return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+}
+
+// ── ReDoS-safe regex compilation ────────────────────────────────────────
+
+function __isSafeRegex(pattern) {
+  const quantifierAtDepth = [];
+  let depth = 0;
+  let i = 0;
+  while (i < pattern.length) {
+    const ch = pattern[i];
+    if (ch === "\\\\") { i += 2; continue; }
+    if (ch === "[") {
+      i++;
+      while (i < pattern.length && pattern[i] !== "]") {
+        if (pattern[i] === "\\\\") i++;
+        i++;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "(") {
+      depth++;
+      if (quantifierAtDepth.length <= depth) quantifierAtDepth.push(false);
+      else quantifierAtDepth[depth] = false;
+      i++;
+      continue;
+    }
+    if (ch === ")") {
+      const hadQ = depth > 0 && quantifierAtDepth[depth];
+      if (depth > 0) depth--;
+      const next = pattern[i + 1];
+      if (next === "+" || next === "*" || next === "{") {
+        if (hadQ) return false;
+        if (depth >= 0 && depth < quantifierAtDepth.length) quantifierAtDepth[depth] = true;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "+" || ch === "*") {
+      if (depth > 0) quantifierAtDepth[depth] = true;
+      i++;
+      continue;
+    }
+    if (ch === "?") {
+      const prev = i > 0 ? pattern[i - 1] : "";
+      if (prev !== "+" && prev !== "*" && prev !== "?" && prev !== "}") {
+        if (depth > 0) quantifierAtDepth[depth] = true;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "{") {
+      let j = i + 1;
+      while (j < pattern.length && /[\\d,]/.test(pattern[j])) j++;
+      if (j < pattern.length && pattern[j] === "}" && j > i + 1) {
+        if (depth > 0) quantifierAtDepth[depth] = true;
+        i = j + 1;
+        continue;
+      }
+    }
+    i++;
+  }
+  return true;
+}
+function __safeRegExp(pattern, flags) {
+  if (!__isSafeRegex(pattern)) {
+    console.warn("[vinext] Ignoring potentially unsafe regex pattern (ReDoS risk): " + pattern);
+    return null;
+  }
+  try { return new RegExp(pattern, flags); } catch { return null; }
+}
+
+// ── Path normalization ──────────────────────────────────────────────────
+
+function __normalizePath(pathname) {
+  if (
+    pathname === "/" ||
+    (pathname.length > 1 &&
+      pathname[0] === "/" &&
+      !pathname.includes("//") &&
+      !pathname.includes("/./") &&
+      !pathname.includes("/../") &&
+      !pathname.endsWith("/.") &&
+      !pathname.endsWith("/.."))
+  ) {
+    return pathname;
+  }
+  const segments = pathname.split("/");
+  const resolved = [];
+  for (let i = 0; i < segments.length; i++) {
+    const seg = segments[i];
+    if (seg === "" || seg === ".") continue;
+    if (seg === "..") { resolved.pop(); }
+    else { resolved.push(seg); }
+  }
+  return "/" + resolved.join("/");
+}
+
+// ── Config pattern matching (redirects, rewrites, headers) ──────────────
+function __matchConfigPattern(pathname, pattern) {
+  if (pattern.includes("(") || pattern.includes("\\\\") || /:[\\w-]+[*+][^/]/.test(pattern) || /:[\\w-]+\\./.test(pattern)) {
+    try {
+      const paramNames = [];
+      const regexStr = pattern
+        .replace(/\\./g, "\\\\.")
+        .replace(/:([\\w-]+)\\*(?:\\(([^)]+)\\))?/g, (_, name, c) => { paramNames.push(name); return c ? "(" + c + ")" : "(.*)"; })
+        .replace(/:([\\w-]+)\\+(?:\\(([^)]+)\\))?/g, (_, name, c) => { paramNames.push(name); return c ? "(" + c + ")" : "(.+)"; })
+        .replace(/:([\\w-]+)\\(([^)]+)\\)/g, (_, name, c) => { paramNames.push(name); return "(" + c + ")"; })
+        .replace(/:([\\w-]+)/g, (_, name) => { paramNames.push(name); return "([^/]+)"; });
+      const re = __safeRegExp("^" + regexStr + "$");
+      if (!re) return null;
+      const match = re.exec(pathname);
+      if (!match) return null;
+      const params = Object.create(null);
+      for (let i = 0; i < paramNames.length; i++) params[paramNames[i]] = match[i + 1] || "";
+      return params;
+    } catch { /* fall through */ }
+  }
+  const catchAllMatch = pattern.match(/:([\\w-]+)(\\*|\\+)$/);
+  if (catchAllMatch) {
+    const prefix = pattern.slice(0, pattern.lastIndexOf(":"));
+    const paramName = catchAllMatch[1];
+    const isPlus = catchAllMatch[2] === "+";
+    if (!pathname.startsWith(prefix.replace(/\\/$/, ""))) return null;
+    const rest = pathname.slice(prefix.replace(/\\/$/, "").length);
+    if (isPlus && (!rest || rest === "/")) return null;
+    let restValue = rest.startsWith("/") ? rest.slice(1) : rest;
+     // NOTE: Do NOT decodeURIComponent here. The pathname is already decoded at
+     // the request entry point. Decoding again would produce incorrect param values.
+    return { [paramName]: restValue };
+  }
+  const parts = pattern.split("/");
+  const pathParts = pathname.split("/");
+  if (parts.length !== pathParts.length) return null;
+  const params = Object.create(null);
+  for (let i = 0; i < parts.length; i++) {
+    if (parts[i].startsWith(":")) params[parts[i].slice(1)] = pathParts[i];
+    else if (parts[i] !== pathParts[i]) return null;
+  }
+  return params;
+}
+
+function __parseCookies(cookieHeader) {
+  if (!cookieHeader) return {};
+  const cookies = {};
+  for (const part of cookieHeader.split(";")) {
+    const eq = part.indexOf("=");
+    if (eq === -1) continue;
+    const key = part.slice(0, eq).trim();
+    const value = part.slice(eq + 1).trim();
+    if (key) cookies[key] = value;
+  }
+  return cookies;
+}
+
+function __checkSingleCondition(condition, ctx) {
+  switch (condition.type) {
+    case "header": {
+      const v = ctx.headers.get(condition.key);
+      if (v === null) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "cookie": {
+      const v = ctx.cookies[condition.key];
+      if (v === undefined) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "query": {
+      const v = ctx.query.get(condition.key);
+      if (v === null) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "host": {
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(ctx.host) : ctx.host === condition.value; }
+      return ctx.host === condition.key;
+    }
+    default: return false;
+  }
+}
+
+function __checkHasConditions(has, missing, ctx) {
+  if (has) { for (const c of has) { if (!__checkSingleCondition(c, ctx)) return false; } }
+  if (missing) { for (const c of missing) { if (__checkSingleCondition(c, ctx)) return false; } }
+  return true;
+}
+
+function __buildRequestContext(request) {
+  const url = new URL(request.url);
+  return {
+    headers: request.headers,
+    cookies: __parseCookies(request.headers.get("cookie")),
+    query: url.searchParams,
+    host: request.headers.get("host") || url.host,
+  };
+}
+
+/**
+ * Build a request context from the live ALS HeadersContext, which reflects
+ * any x-middleware-request-* header mutations applied by middleware.
+ * Used for afterFiles and fallback rewrite has/missing evaluation — these
+ * run after middleware in the App Router execution order.
+ */
+function __buildPostMwRequestContext(request) {
+  const url = new URL(request.url);
+  const ctx = getHeadersContext();
+  if (!ctx) return __buildRequestContext(request);
+  // ctx.cookies is a Map<string, string> (HeadersContext), but RequestContext
+  // requires a plain Record<string, string> for has/missing cookie evaluation
+  // (config-matchers.ts uses obj[key] not Map.get()). Convert here.
+  const cookiesRecord = Object.fromEntries(ctx.cookies);
+  return {
+    headers: ctx.headers,
+    cookies: cookiesRecord,
+    query: url.searchParams,
+    host: ctx.headers.get("host") || url.host,
+  };
+}
+
+function __sanitizeDestination(dest) {
+  if (dest.startsWith("http://") || dest.startsWith("https://")) return dest;
+  dest = dest.replace(/^[\\\\/]+/, "/");
+  return dest;
+}
+
+function __applyConfigRedirects(pathname, ctx) {
+  for (const rule of __configRedirects) {
+    const params = __matchConfigPattern(pathname, rule.source);
+    if (params) {
+      if (ctx && (rule.has || rule.missing)) { if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue; }
+      let dest = rule.destination;
+      for (const [key, value] of Object.entries(params)) { dest = dest.replace(":" + key + "*", value); dest = dest.replace(":" + key + "+", value); dest = dest.replace(":" + key, value); }
+      dest = __sanitizeDestination(dest);
+      return { destination: dest, permanent: rule.permanent };
+    }
+  }
+  return null;
+}
+
+function __applyConfigRewrites(pathname, rules, ctx) {
+  for (const rule of rules) {
+    const params = __matchConfigPattern(pathname, rule.source);
+    if (params) {
+      if (ctx && (rule.has || rule.missing)) { if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue; }
+      let dest = rule.destination;
+      for (const [key, value] of Object.entries(params)) { dest = dest.replace(":" + key + "*", value); dest = dest.replace(":" + key + "+", value); dest = dest.replace(":" + key, value); }
+      dest = __sanitizeDestination(dest);
+      return dest;
+    }
+  }
+  return null;
+}
+
+function __isExternalUrl(url) {
+  return /^[a-z][a-z0-9+.-]*:/i.test(url) || url.startsWith("//");
+}
+
+/**
+ * Maximum server-action request body size (1 MB).
+ * Matches the Next.js default for serverActions.bodySizeLimit.
+ * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/serverActions#bodysizelimit
+ * Prevents unbounded request body buffering.
+ */
+var __MAX_ACTION_BODY_SIZE = 1 * 1024 * 1024;
+
+/**
+ * Read a request body as text with a size limit.
+ * Enforces the limit on the actual byte stream to prevent bypasses
+ * via chunked transfer-encoding where Content-Length is absent or spoofed.
+ */
+async function __readBodyWithLimit(request, maxBytes) {
+  if (!request.body) return "";
+  var reader = request.body.getReader();
+  var decoder = new TextDecoder();
+  var chunks = [];
+  var totalSize = 0;
+  for (;;) {
+    var result = await reader.read();
+    if (result.done) break;
+    totalSize += result.value.byteLength;
+    if (totalSize > maxBytes) {
+      reader.cancel();
+      throw new Error("Request body too large");
+    }
+    chunks.push(decoder.decode(result.value, { stream: true }));
+  }
+  chunks.push(decoder.decode());
+  return chunks.join("");
+}
+
+/**
+ * Read a request body as FormData with a size limit.
+ * Consumes the body stream with a byte counter and then parses the
+ * collected bytes as multipart form data via the Response constructor.
+ */
+async function __readFormDataWithLimit(request, maxBytes) {
+  if (!request.body) return new FormData();
+  var reader = request.body.getReader();
+  var chunks = [];
+  var totalSize = 0;
+  for (;;) {
+    var result = await reader.read();
+    if (result.done) break;
+    totalSize += result.value.byteLength;
+    if (totalSize > maxBytes) {
+      reader.cancel();
+      throw new Error("Request body too large");
+    }
+    chunks.push(result.value);
+  }
+  // Reconstruct a Response with the original Content-Type so that
+  // the FormData parser can handle multipart boundaries correctly.
+  var combined = new Uint8Array(totalSize);
+  var offset = 0;
+  for (var chunk of chunks) {
+    combined.set(chunk, offset);
+    offset += chunk.byteLength;
+  }
+  var contentType = request.headers.get("content-type") || "";
+  return new Response(combined, { headers: { "Content-Type": contentType } }).formData();
+}
+
+const __hopByHopHeaders = new Set(["connection","keep-alive","proxy-authenticate","proxy-authorization","te","trailers","transfer-encoding","upgrade"]);
+
+async function __proxyExternalRequest(request, externalUrl) {
+  const originalUrl = new URL(request.url);
+  const targetUrl = new URL(externalUrl);
+  for (const [key, value] of originalUrl.searchParams) {
+    if (!targetUrl.searchParams.has(key)) targetUrl.searchParams.set(key, value);
+  }
+  const headers = new Headers(request.headers);
+  headers.set("host", targetUrl.host);
+  headers.delete("connection");
+  for (const key of [...headers.keys()]) {
+    if (key.startsWith("x-middleware-")) headers.delete(key);
+  }
+  const method = request.method;
+  const hasBody = method !== "GET" && method !== "HEAD";
+  const init = { method, headers, redirect: "manual", signal: AbortSignal.timeout(30000) };
+  if (hasBody && request.body) { init.body = request.body; init.duplex = "half"; }
+  let upstream;
+  try { upstream = await fetch(targetUrl.href, init); }
+  catch (e) {
+    if (e && e.name === "TimeoutError") return new Response("Gateway Timeout", { status: 504 });
+    console.error("[vinext] External rewrite proxy error:", e); return new Response("Bad Gateway", { status: 502 });
+  }
+  const respHeaders = new Headers();
+  // Node.js fetch() auto-decompresses response bodies, while Workers fetch()
+  // preserves wire encoding. Only strip encoding/length on Node.js to avoid
+  // double-decompression errors without breaking Workers parity.
+  const __isNodeRuntime = typeof process !== "undefined" && !!(process.versions && process.versions.node);
+  upstream.headers.forEach(function(value, key) {
+    var lower = key.toLowerCase();
+    if (__hopByHopHeaders.has(lower)) return;
+    if (__isNodeRuntime && (lower === "content-encoding" || lower === "content-length")) return;
+    respHeaders.append(key, value);
+  });
+  return new Response(upstream.body, { status: upstream.status, statusText: upstream.statusText, headers: respHeaders });
+}
+
+function __applyConfigHeaders(pathname, ctx) {
+  const result = [];
+  for (const rule of __configHeaders) {
+    const groups = [];
+    const withPlaceholders = rule.source.replace(/\\(([^)]+)\\)/g, (_, inner) => {
+      groups.push(inner);
+      return "___GROUP_" + (groups.length - 1) + "___";
+    });
+    const escaped = withPlaceholders
+      .replace(/\\./g, "\\\\.")
+      .replace(/\\+/g, "\\\\+")
+      .replace(/\\?/g, "\\\\?")
+      .replace(/\\*/g, ".*")
+      .replace(/:[\\w-]+/g, "[^/]+")
+      .replace(/___GROUP_(\\d+)___/g, (_, idx) => "(" + groups[Number(idx)] + ")");
+    const sourceRegex = __safeRegExp("^" + escaped + "$");
+    if (sourceRegex && sourceRegex.test(pathname)) {
+      if (ctx && (rule.has || rule.missing)) {
+        if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue;
+      }
+      result.push(...rule.headers);
+    }
+  }
+  return result;
+}
+
+export default async function handler(request) {
+  // Wrap the entire request in nested AsyncLocalStorage.run() scopes to ensure
+  // per-request isolation for all state modules. Each runWith*() creates an
+  // ALS scope that propagates through all async continuations (including RSC
+  // streaming), preventing state leakage between concurrent requests on
+  // Cloudflare Workers and other concurrent runtimes.
+  const headersCtx = headersContextFromRequest(request);
+  return runWithHeadersContext(headersCtx, () =>
+    _runWithNavigationContext(() =>
+      _runWithCacheState(() =>
+        _runWithPrivateCache(() =>
+          runWithFetchCache(async () => {
+            const __reqCtx = __buildRequestContext(request);
+            // Per-request container for middleware state. Passed into
+            // _handleRequest which fills in .headers and .status;
+            // avoids module-level variables that race on Workers.
+            const _mwCtx = { headers: null, status: null };
+            const response = await _handleRequest(request, __reqCtx, _mwCtx);
+            // Apply custom headers from next.config.js to non-redirect responses.
+            // Skip redirects (3xx) because Response.redirect() creates immutable headers,
+            // and Next.js doesn't apply custom headers to redirects anyway.
+            if (response && response.headers && !(response.status >= 300 && response.status < 400)) {
+              if (__configHeaders.length) {
+                const url = new URL(request.url);
+                let pathname;
+                try { pathname = __normalizePath(decodeURIComponent(url.pathname)); } catch { pathname = url.pathname; }
+                if (pathname.startsWith("/base")) pathname = pathname.slice("/base".length) || "/";
+                const extraHeaders = __applyConfigHeaders(pathname, __reqCtx);
+                for (const h of extraHeaders) {
+                  // Use append() for headers where multiple values must coexist
+                  // (Vary, Set-Cookie). Using set() on these would destroy
+                  // existing values like "Vary: RSC, Accept" which are critical
+                  // for correct CDN caching behavior.
+                  const lk = h.key.toLowerCase();
+                  if (lk === "vary" || lk === "set-cookie") {
+                    response.headers.append(h.key, h.value);
+                  } else if (!response.headers.has(lk)) {
+                    // Middleware headers take precedence: skip config keys already
+                    // set by middleware so middleware headers always win.
+                    response.headers.set(h.key, h.value);
+                  }
+                }
+              }
+            }
+            return response;
+          })
+        )
+      )
+    )
+  );
+}
+
+async function _handleRequest(request, __reqCtx, _mwCtx) {
+  const __reqStart = process.env.NODE_ENV !== "production" ? performance.now() : 0;
+  let __compileEnd;
+  let __renderEnd;
+  // __reqStart is included in the timing header so the Node logging middleware
+  // can compute true compile time as: handlerStart - middlewareStart.
+  // Format: "handlerStart,compileMs,renderMs" - all as integers (ms). Dev-only.
+  const url = new URL(request.url);
+
+  // ── Cross-origin request protection ─────────────────────────────────
+  // Block requests from non-localhost origins to prevent data exfiltration.
+  const __originBlock = __validateDevRequestOrigin(request);
+  if (__originBlock) return __originBlock;
+
+  // Guard against protocol-relative URL open redirects.
+  // Paths like //example.com/ would be redirected to //example.com by the
+  // trailing-slash normalizer, which browsers interpret as http://example.com.
+  // Backslashes are equivalent to forward slashes in the URL spec
+  // (e.g. /\\evil.com is treated as //evil.com by browsers and the URL constructor).
+  // Next.js returns 404 for these paths. Check the RAW pathname before
+  // normalization so the guard fires before normalizePath collapses //.
+  if (url.pathname.replaceAll("\\\\", "/").startsWith("//")) {
+    return new Response("404 Not Found", { status: 404 });
+  }
+
+  // Decode percent-encoding and normalize pathname to canonical form.
+  // decodeURIComponent prevents /%61dmin from bypassing /admin matchers.
+  // __normalizePath collapses //foo///bar → /foo/bar, resolves . and .. segments.
+  let decodedUrlPathname;
+  try { decodedUrlPathname = decodeURIComponent(url.pathname); } catch (e) {
+    return new Response("Bad Request", { status: 400 });
+  }
+  let pathname = __normalizePath(decodedUrlPathname);
+
+  
+  // Strip basePath prefix
+  if (__basePath && pathname.startsWith(__basePath)) {
+    pathname = pathname.slice(__basePath.length) || "/";
+  }
+  
+
+  // Trailing slash normalization (redirect to canonical form)
+  if (pathname !== "/" && !pathname.startsWith("/api")) {
+    const hasTrailing = pathname.endsWith("/");
+    if (__trailingSlash && !hasTrailing && !pathname.endsWith(".rsc")) {
+      return Response.redirect(new URL(__basePath + pathname + "/" + url.search, request.url), 308);
+    } else if (!__trailingSlash && hasTrailing) {
+      return Response.redirect(new URL(__basePath + pathname.replace(/\\/+$/, "") + url.search, request.url), 308);
+    }
+  }
+
+  // ── Apply redirects from next.config.js ───────────────────────────────
+  if (__configRedirects.length) {
+    // Strip .rsc suffix before matching redirect rules - RSC (client-side nav) requests
+    // arrive as /some/path.rsc but redirect patterns are defined without it (e.g.
+    // /some/path). Without this, soft-nav fetches bypass all config redirects.
+    const __redirPathname = pathname.endsWith(".rsc") ? pathname.slice(0, -4) : pathname;
+    const __redir = __applyConfigRedirects(__redirPathname, __reqCtx);
+    if (__redir) {
+      const __redirDest = __sanitizeDestination(
+        __basePath && !__redir.destination.startsWith(__basePath)
+          ? __basePath + __redir.destination
+          : __redir.destination
+      );
+      return new Response(null, {
+        status: __redir.permanent ? 308 : 307,
+        headers: { Location: __redirDest },
+      });
+    }
+  }
+
+  const isRscRequest = pathname.endsWith(".rsc") || request.headers.get("accept")?.includes("text/x-component");
+  let cleanPathname = pathname.replace(/\\.rsc$/, "");
+
+  // Middleware response headers and custom rewrite status are stored in
+  // _mwCtx (per-request container) so handler() can merge them into
+  // every response path without module-level state that races on Workers.
+
+  
+
+  // Build post-middleware request context for afterFiles/fallback rewrites.
+  // These run after middleware in the App Router execution order and should
+  // evaluate has/missing conditions against middleware-modified headers.
+  // When no middleware is present, this falls back to __buildRequestContext.
+  const __postMwReqCtx = __buildPostMwRequestContext(request);
+
+  // ── Apply beforeFiles rewrites from next.config.js ────────────────────
+  // In App Router execution order, beforeFiles runs after middleware so that
+  // has/missing conditions can evaluate against middleware-modified headers.
+  if (__configRewrites.beforeFiles && __configRewrites.beforeFiles.length) {
+    const __rewritten = __applyConfigRewrites(cleanPathname, __configRewrites.beforeFiles, __postMwReqCtx);
+    if (__rewritten) {
+      if (__isExternalUrl(__rewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __rewritten);
+      }
+      cleanPathname = __rewritten;
+    }
+  }
+
+  // ── Image optimization passthrough (dev mode — no transformation) ───────
+  if (cleanPathname === "/_vinext/image") {
+    const __rawImgUrl = url.searchParams.get("url");
+    // Normalize backslashes: browsers and the URL constructor treat
+    // /\\evil.com as protocol-relative (//evil.com), bypassing the // check.
+    const __imgUrl = __rawImgUrl?.replaceAll("\\\\", "/") ?? null;
+    // Allowlist: must start with "/" but not "//" — blocks absolute URLs,
+    // protocol-relative, backslash variants, and exotic schemes.
+    if (!__imgUrl || !__imgUrl.startsWith("/") || __imgUrl.startsWith("//")) {
+      return new Response(!__rawImgUrl ? "Missing url parameter" : "Only relative URLs allowed", { status: 400 });
+    }
+    // Validate the constructed URL's origin hasn't changed (defense in depth).
+    const __resolvedImg = new URL(__imgUrl, request.url);
+    if (__resolvedImg.origin !== url.origin) {
+      return new Response("Only relative URLs allowed", { status: 400 });
+    }
+    // In dev, redirect to the original asset URL so Vite's static serving handles it.
+    return Response.redirect(__resolvedImg.href, 302);
+  }
+
+  // Handle metadata routes (sitemap.xml, robots.txt, manifest.webmanifest, etc.)
+  for (const metaRoute of metadataRoutes) {
+    if (cleanPathname === metaRoute.servedUrl) {
+      if (metaRoute.isDynamic) {
+        // Dynamic metadata route — call the default export and serialize
+        const metaFn = metaRoute.module.default;
+        if (typeof metaFn === "function") {
+          const result = await metaFn();
+          let body;
+          // If it's already a Response (e.g., ImageResponse), return directly
+          if (result instanceof Response) return result;
+          // Serialize based on type
+          if (metaRoute.type === "sitemap") body = sitemapToXml(result);
+          else if (metaRoute.type === "robots") body = robotsToText(result);
+          else if (metaRoute.type === "manifest") body = manifestToJson(result);
+          else body = JSON.stringify(result);
+          return new Response(body, {
+            headers: { "Content-Type": metaRoute.contentType },
+          });
+        }
+      } else {
+        // Static metadata file — decode from embedded base64 data
+        try {
+          const binary = atob(metaRoute.fileDataBase64);
+          const bytes = new Uint8Array(binary.length);
+          for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+          return new Response(bytes, {
+            headers: {
+              "Content-Type": metaRoute.contentType,
+              "Cache-Control": "public, max-age=0, must-revalidate",
+            },
+          });
+        } catch {
+          return new Response("Not Found", { status: 404 });
+        }
+      }
+    }
+  }
+
+  // Set navigation context for Server Components.
+  // Note: Headers context is already set by runWithHeadersContext in the handler wrapper.
+  setNavigationContext({
+    pathname: cleanPathname,
+    searchParams: url.searchParams,
+    params: {},
+  });
+
+  // Handle server action POST requests
+  const actionId = request.headers.get("x-rsc-action");
+  if (request.method === "POST" && actionId) {
+    // ── CSRF protection ─────────────────────────────────────────────────
+    // Verify that the Origin header matches the Host header to prevent
+    // cross-site request forgery, matching Next.js server action behavior.
+    const csrfResponse = __validateCsrfOrigin(request);
+    if (csrfResponse) return csrfResponse;
+
+    // ── Body size limit ─────────────────────────────────────────────────
+    // Reject payloads larger than the configured limit.
+    // Check Content-Length as a fast path, then enforce on the actual
+    // stream to prevent bypasses via chunked transfer-encoding.
+    const contentLength = parseInt(request.headers.get("content-length") || "0", 10);
+    if (contentLength > __MAX_ACTION_BODY_SIZE) {
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response("Payload Too Large", { status: 413 });
+    }
+
+    try {
+      const contentType = request.headers.get("content-type") || "";
+      let body;
+      try {
+        body = contentType.startsWith("multipart/form-data")
+          ? await __readFormDataWithLimit(request, __MAX_ACTION_BODY_SIZE)
+          : await __readBodyWithLimit(request, __MAX_ACTION_BODY_SIZE);
+      } catch (sizeErr) {
+        if (sizeErr && sizeErr.message === "Request body too large") {
+          setHeadersContext(null);
+          setNavigationContext(null);
+          return new Response("Payload Too Large", { status: 413 });
+        }
+        throw sizeErr;
+      }
+      const temporaryReferences = createTemporaryReferenceSet();
+      const args = await decodeReply(body, { temporaryReferences });
+      const action = await loadServerAction(actionId);
+      let returnValue;
+      let actionRedirect = null;
+      try {
+        const data = await action.apply(null, args);
+        returnValue = { ok: true, data };
+      } catch (e) {
+        // Detect redirect() / permanentRedirect() called inside the action.
+        // These throw errors with digest "NEXT_REDIRECT;replace;url[;status]".
+        // The URL is encodeURIComponent-encoded to prevent semicolons in the URL
+        // from corrupting the delimiter-based digest format.
+        if (e && typeof e === "object" && "digest" in e) {
+          const digest = String(e.digest);
+          if (digest.startsWith("NEXT_REDIRECT;")) {
+            const parts = digest.split(";");
+            actionRedirect = {
+              url: decodeURIComponent(parts[2]),
+              type: parts[1] || "replace",       // "push" or "replace"
+              status: parts[3] ? parseInt(parts[3], 10) : 307,
+            };
+            returnValue = { ok: true, data: undefined };
+          } else if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+            // notFound() / forbidden() / unauthorized() in action — package as error
+            returnValue = { ok: false, data: e };
+          } else {
+            // Non-navigation digest error — sanitize in production to avoid
+            // leaking internal details (connection strings, paths, etc.)
+            console.error("[vinext] Server action error:", e);
+            returnValue = { ok: false, data: __sanitizeErrorForClient(e) };
+          }
+        } else {
+          // Unhandled error — sanitize in production to avoid leaking
+          // internal details (database errors, file paths, stack traces, etc.)
+          console.error("[vinext] Server action error:", e);
+          returnValue = { ok: false, data: __sanitizeErrorForClient(e) };
+        }
+      }
+
+      // If the action called redirect(), signal the client to navigate.
+      // We can't use a real HTTP redirect (the fetch would follow it automatically
+      // and receive a page HTML instead of RSC stream). Instead, we return a 200
+      // with x-action-redirect header that the client entry detects and handles.
+      if (actionRedirect) {
+        const actionPendingCookies = getAndClearPendingCookies();
+        const actionDraftCookie = getDraftModeCookieHeader();
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const redirectHeaders = new Headers({
+          "Content-Type": "text/x-component; charset=utf-8",
+          "Vary": "RSC, Accept",
+          "x-action-redirect": actionRedirect.url,
+          "x-action-redirect-type": actionRedirect.type,
+          "x-action-redirect-status": String(actionRedirect.status),
+        });
+        for (const cookie of actionPendingCookies) {
+          redirectHeaders.append("Set-Cookie", cookie);
+        }
+        if (actionDraftCookie) redirectHeaders.append("Set-Cookie", actionDraftCookie);
+        // Send an empty RSC-like body (client will navigate instead of parsing)
+        return new Response("", { status: 200, headers: redirectHeaders });
+      }
+
+      // After the action, re-render the current page so the client
+      // gets an updated React tree reflecting any mutations.
+      const match = matchRoute(cleanPathname, routes);
+      let element;
+      if (match) {
+        const { route: actionRoute, params: actionParams } = match;
+        setNavigationContext({
+          pathname: cleanPathname,
+          searchParams: url.searchParams,
+          params: actionParams,
+        });
+        element = buildPageElement(actionRoute, actionParams, undefined, url.searchParams);
+      } else {
+        element = createElement("div", null, "Page not found");
+      }
+
+      const rscStream = renderToReadableStream(
+        { root: element, returnValue },
+        { temporaryReferences, onError: rscOnError },
+      );
+
+      // Collect cookies set during the action
+      const actionPendingCookies = getAndClearPendingCookies();
+      const actionDraftCookie = getDraftModeCookieHeader();
+      setHeadersContext(null);
+      setNavigationContext(null);
+
+      const actionHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
+      const actionResponse = new Response(rscStream, { headers: actionHeaders });
+      if (actionPendingCookies.length > 0 || actionDraftCookie) {
+        for (const cookie of actionPendingCookies) {
+          actionResponse.headers.append("Set-Cookie", cookie);
+        }
+        if (actionDraftCookie) actionResponse.headers.append("Set-Cookie", actionDraftCookie);
+      }
+      return actionResponse;
+    } catch (err) {
+      getAndClearPendingCookies(); // Clear pending cookies on error
+      console.error("[vinext] Server action error:", err);
+      _reportRequestError(
+        err instanceof Error ? err : new Error(String(err)),
+        { path: cleanPathname, method: request.method, headers: Object.fromEntries(request.headers.entries()) },
+        { routerKind: "App Router", routePath: cleanPathname, routeType: "action" },
+      ).catch((reportErr) => {
+        console.error("[vinext] Failed to report server action error:", reportErr);
+      });
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response(
+        process.env.NODE_ENV === "production"
+          ? "Internal Server Error"
+          : "Server action failed: " + (err && err.message ? err.message : String(err)),
+        { status: 500 },
+      );
+    }
+  }
+
+  // ── Apply afterFiles rewrites from next.config.js ──────────────────────
+  if (__configRewrites.afterFiles && __configRewrites.afterFiles.length) {
+    const __afterRewritten = __applyConfigRewrites(cleanPathname, __configRewrites.afterFiles, __postMwReqCtx);
+    if (__afterRewritten) {
+      if (__isExternalUrl(__afterRewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __afterRewritten);
+      }
+      cleanPathname = __afterRewritten;
+    }
+  }
+
+  let match = matchRoute(cleanPathname, routes);
+
+  // ── Fallback rewrites from next.config.js (if no route matched) ───────
+  if (!match && __configRewrites.fallback && __configRewrites.fallback.length) {
+    const __fallbackRewritten = __applyConfigRewrites(cleanPathname, __configRewrites.fallback, __postMwReqCtx);
+    if (__fallbackRewritten) {
+      if (__isExternalUrl(__fallbackRewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __fallbackRewritten);
+      }
+      cleanPathname = __fallbackRewritten;
+      match = matchRoute(cleanPathname, routes);
+    }
+  }
+
+  if (!match) {
+    // Render custom not-found page if available, otherwise plain 404
+    const notFoundResponse = await renderNotFoundPage(null, isRscRequest, request);
+    if (notFoundResponse) return notFoundResponse;
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response("Not Found", { status: 404 });
+  }
+
+  const { route, params } = match;
+
+  // Update navigation context with matched params
+  setNavigationContext({
+    pathname: cleanPathname,
+    searchParams: url.searchParams,
+    params,
+  });
+
+  // Handle route.ts API handlers
+  if (route.routeHandler) {
+    const handler = route.routeHandler;
+    const method = request.method.toUpperCase();
+    const revalidateSeconds = typeof handler.revalidate === "number" && handler.revalidate > 0 ? handler.revalidate : null;
+
+    // Collect exported HTTP methods for OPTIONS auto-response and Allow header
+    const HTTP_METHODS = ["GET", "HEAD", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"];
+    const exportedMethods = HTTP_METHODS.filter((m) => typeof handler[m] === "function");
+    // If GET is exported, HEAD is implicitly supported
+    if (exportedMethods.includes("GET") && !exportedMethods.includes("HEAD")) {
+      exportedMethods.push("HEAD");
+    }
+    const hasDefault = typeof handler["default"] === "function";
+
+    // OPTIONS auto-implementation: respond with Allow header and 204
+    if (method === "OPTIONS" && typeof handler["OPTIONS"] !== "function") {
+      const allowMethods = hasDefault ? HTTP_METHODS : exportedMethods;
+      if (!allowMethods.includes("OPTIONS")) allowMethods.push("OPTIONS");
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response(null, {
+        status: 204,
+        headers: { "Allow": allowMethods.join(", ") },
+      });
+    }
+
+    // HEAD auto-implementation: run GET handler and strip body
+    let handlerFn = handler[method] || handler["default"];
+    let isAutoHead = false;
+    if (method === "HEAD" && typeof handler["HEAD"] !== "function" && typeof handler["GET"] === "function") {
+      handlerFn = handler["GET"];
+      isAutoHead = true;
+    }
+
+    if (typeof handlerFn === "function") {
+      try {
+        const response = await handlerFn(request, { params });
+
+        // Apply Cache-Control from route segment config (export const revalidate = N).
+        // Next.js sets s-maxage on GET route handlers with a numeric revalidate value.
+        if (revalidateSeconds !== null && (method === "GET" || isAutoHead) && !response.headers.has("cache-control")) {
+          response.headers.set("cache-control", "s-maxage=" + revalidateSeconds + ", stale-while-revalidate");
+        }
+
+        // Collect any Set-Cookie headers from cookies().set()/delete() calls
+        const pendingCookies = getAndClearPendingCookies();
+        const draftCookie = getDraftModeCookieHeader();
+        setHeadersContext(null);
+        setNavigationContext(null);
+
+        // If we have pending cookies, create a new response with them attached
+        if (pendingCookies.length > 0 || draftCookie) {
+          const newHeaders = new Headers(response.headers);
+          for (const cookie of pendingCookies) {
+            newHeaders.append("Set-Cookie", cookie);
+          }
+          if (draftCookie) newHeaders.append("Set-Cookie", draftCookie);
+
+          if (isAutoHead) {
+            return new Response(null, {
+              status: response.status,
+              statusText: response.statusText,
+              headers: newHeaders,
+            });
+          }
+          return new Response(response.body, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: newHeaders,
+          });
+        }
+
+        if (isAutoHead) {
+          // Strip body for auto-HEAD, preserve headers and status
+          return new Response(null, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: response.headers,
+          });
+        }
+        return response;
+      } catch (err) {
+        getAndClearPendingCookies(); // Clear any pending cookies on error
+        // Catch redirect() / notFound() thrown from route handlers
+        if (err && typeof err === "object" && "digest" in err) {
+          const digest = String(err.digest);
+          if (digest.startsWith("NEXT_REDIRECT;")) {
+            const parts = digest.split(";");
+            const redirectUrl = decodeURIComponent(parts[2]);
+            const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+            setHeadersContext(null);
+            setNavigationContext(null);
+            return new Response(null, {
+              status: statusCode,
+              headers: { Location: new URL(redirectUrl, request.url).toString() },
+            });
+          }
+          if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+            const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+            setHeadersContext(null);
+            setNavigationContext(null);
+            return new Response(null, { status: statusCode });
+          }
+        }
+        setHeadersContext(null);
+        setNavigationContext(null);
+        console.error("[vinext] Route handler error:", err);
+        _reportRequestError(
+          err instanceof Error ? err : new Error(String(err)),
+          { path: cleanPathname, method: request.method, headers: Object.fromEntries(request.headers.entries()) },
+          { routerKind: "App Router", routePath: route.pattern, routeType: "route" },
+        ).catch((reportErr) => {
+          console.error("[vinext] Failed to report route handler error:", reportErr);
+        });
+        return new Response(null, { status: 500 });
+      }
+    }
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response(null, {
+      status: 405,
+      headers: { Allow: exportedMethods.join(", ") },
+    });
+  }
+
+  // Build the component tree: layouts wrapping the page
+  const PageComponent = route.page?.default;
+  if (!PageComponent) {
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response("Page has no default export", { status: 500 });
+  }
+
+  // Read route segment config from page module exports
+  let revalidateSeconds = typeof route.page?.revalidate === "number" ? route.page.revalidate : null;
+  const dynamicConfig = route.page?.dynamic; // 'auto' | 'force-dynamic' | 'force-static' | 'error'
+  const dynamicParamsConfig = route.page?.dynamicParams; // true (default) | false
+  const isForceStatic = dynamicConfig === "force-static";
+  const isDynamicError = dynamicConfig === "error";
+
+  // force-static: replace headers/cookies context with empty values and
+  // clear searchParams so dynamic APIs return defaults instead of real data
+  if (isForceStatic) {
+    setHeadersContext({ headers: new Headers(), cookies: new Map() });
+    setNavigationContext({
+      pathname: cleanPathname,
+      searchParams: new URLSearchParams(),
+      params,
+    });
+  }
+
+  // dynamic = 'error': set a trap context that throws when headers/cookies are accessed
+  if (isDynamicError) {
+    const errorMsg = 'Page with \`dynamic = "error"\` used a dynamic API. ' +
+      'This page was expected to be fully static, but headers(), cookies(), ' +
+      'or searchParams was accessed. Remove the dynamic API usage or change ' +
+      'the dynamic config to "auto" or "force-dynamic".';
+    const throwingHeaders = new Proxy(new Headers(), {
+      get(target, prop) {
+        if (typeof prop === "string" && prop !== "then") throw new Error(errorMsg);
+        return Reflect.get(target, prop);
+      },
+    });
+    const throwingCookies = new Proxy(new Map(), {
+      get(target, prop) {
+        if (typeof prop === "string" && prop !== "then") throw new Error(errorMsg);
+        return Reflect.get(target, prop);
+      },
+    });
+    setHeadersContext({ headers: throwingHeaders, cookies: throwingCookies });
+    setNavigationContext({
+      pathname: cleanPathname,
+      searchParams: new URLSearchParams(),
+      params,
+    });
+  }
+
+  // dynamicParams = false: only params from generateStaticParams are allowed
+  if (dynamicParamsConfig === false && route.isDynamic && typeof route.page?.generateStaticParams === "function") {
+    try {
+      // Pass parent params to generateStaticParams (Next.js top-down params passing).
+      // Parent params = all matched params that DON'T belong to the leaf page's own dynamic segments.
+      // We pass the full matched params; the function uses only what it needs.
+      const staticParams = await route.page.generateStaticParams({ params });
+      if (Array.isArray(staticParams)) {
+        const paramKeys = Object.keys(params);
+        const isAllowed = staticParams.some(sp =>
+          paramKeys.every(key => {
+            const val = params[key];
+            const staticVal = sp[key];
+            // Allow parent params to not be in the returned set (they're inherited)
+            if (staticVal === undefined) return true;
+            if (Array.isArray(val)) return JSON.stringify(val) === JSON.stringify(staticVal);
+            return String(val) === String(staticVal);
+          })
+        );
+        if (!isAllowed) {
+          setHeadersContext(null);
+          setNavigationContext(null);
+          return new Response("Not Found", { status: 404 });
+        }
+      }
+    } catch (err) {
+      console.error("[vinext] generateStaticParams error:", err);
+    }
+  }
+
+  // force-dynamic: set no-store Cache-Control
+  const isForceDynamic = dynamicConfig === "force-dynamic";
+
+  // Check for intercepting routes on RSC requests (client-side navigation).
+  // If the target URL matches an intercepting route in a parallel slot,
+  // render the source route with the intercepting page in the slot.
+  let interceptOpts = undefined;
+  if (isRscRequest) {
+    const intercept = findIntercept(cleanPathname);
+    if (intercept) {
+      const sourceRoute = routes[intercept.sourceRouteIndex];
+      if (sourceRoute && sourceRoute !== route) {
+        // Render the source route (e.g. /feed) with the intercepting page in the slot
+        const sourceMatch = matchRoute(sourceRoute.pattern, routes);
+        const sourceParams = sourceMatch ? sourceMatch.params : {};
+        setNavigationContext({
+          pathname: cleanPathname,
+          searchParams: url.searchParams,
+          params: intercept.matchedParams,
+        });
+        const interceptElement = await buildPageElement(sourceRoute, sourceParams, {
+          interceptSlot: intercept.slotName,
+          interceptPage: intercept.page,
+          interceptParams: intercept.matchedParams,
+        }, url.searchParams);
+        const interceptStream = renderToReadableStream(interceptElement, { onError: rscOnError });
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return new Response(interceptStream, {
+          headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+        });
+      }
+      // If sourceRoute === route, apply intercept opts to the normal render
+      interceptOpts = {
+        interceptSlot: intercept.slotName,
+        interceptPage: intercept.page,
+        interceptParams: intercept.matchedParams,
+      };
+    }
+  }
+
+  let element;
+  try {
+    element = await buildPageElement(route, params, interceptOpts, url.searchParams);
+  } catch (buildErr) {
+    // Check for redirect/notFound/forbidden/unauthorized thrown during metadata resolution or async components
+    if (buildErr && typeof buildErr === "object" && "digest" in buildErr) {
+      const digest = String(buildErr.digest);
+      if (digest.startsWith("NEXT_REDIRECT;")) {
+        const parts = digest.split(";");
+        const redirectUrl = decodeURIComponent(parts[2]);
+        const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+      }
+      if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+        const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { params });
+        if (fallbackResp) return fallbackResp;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+        return new Response(statusText, { status: statusCode });
+      }
+    }
+    // Non-special error (e.g. generateMetadata() threw) — render error.tsx if available
+    const errorBoundaryResp = await renderErrorBoundaryPage(route, buildErr, isRscRequest, request, params);
+    if (errorBoundaryResp) return errorBoundaryResp;
+    throw buildErr;
+  }
+
+  // Note: CSS is automatically injected by @vitejs/plugin-rsc's
+  // rscCssTransform — no manual loadCss() call needed.
+
+  // Helper: check if an error is a redirect/notFound/forbidden/unauthorized thrown by the navigation shim
+  async function handleRenderError(err) {
+    if (err && typeof err === "object" && "digest" in err) {
+      const digest = String(err.digest);
+      if (digest.startsWith("NEXT_REDIRECT;")) {
+        const parts = digest.split(";");
+        const redirectUrl = decodeURIComponent(parts[2]);
+        const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+      }
+      if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+        const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { params });
+        if (fallbackResp) return fallbackResp;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+        return new Response(statusText, { status: statusCode });
+      }
+    }
+    return null;
+  }
+
+  // Pre-render layout components to catch notFound()/redirect() thrown from layouts.
+  // In Next.js, each layout level has its own NotFoundBoundary. When a layout throws
+  // notFound(), the parent layout's boundary catches it and renders the parent's
+  // not-found.tsx. Since React Flight doesn't activate client error boundaries during
+  // RSC rendering, we catch layout-level throws here and render the appropriate
+  // fallback page with only the layouts above the throwing one.
+  //
+  // IMPORTANT: Layout pre-render runs BEFORE page pre-render. In Next.js, layouts
+  // render before their children — if a layout throws notFound(), the page never
+  // executes. By checking layouts first, we avoid a bug where the page's notFound()
+  // triggers renderHTTPAccessFallbackPage with ALL route layouts, but one of those
+  // layouts itself throws notFound() during the fallback rendering (causing a 500).
+  if (route.layouts && route.layouts.length > 0) {
+    const asyncParams = makeThenableParams(params);
+    // Run inside ALS context so the module-level console.error patch suppresses
+    // "Invalid hook call" only for this request's probe — concurrent requests
+    // each have their own ALS store and are unaffected.
+    const _layoutProbeResult = await _suppressHookWarningAls.run(true, async () => {
+      for (let li = route.layouts.length - 1; li >= 0; li--) {
+        const LayoutComp = route.layouts[li]?.default;
+        if (!LayoutComp) continue;
+        try {
+          const lr = LayoutComp({ params: asyncParams, children: null });
+          if (lr && typeof lr === "object" && typeof lr.then === "function") await lr;
+        } catch (layoutErr) {
+          if (layoutErr && typeof layoutErr === "object" && "digest" in layoutErr) {
+            const digest = String(layoutErr.digest);
+             if (digest.startsWith("NEXT_REDIRECT;")) {
+               const parts = digest.split(";");
+               const redirectUrl = decodeURIComponent(parts[2]);
+               const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+               setHeadersContext(null);
+               setNavigationContext(null);
+               return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+            }
+            if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+              const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+              // Find the not-found component from the parent level (the boundary that
+              // would catch this in Next.js). Walk up from the throwing layout to find
+              // the nearest not-found at a parent layout's directory.
+              let parentNotFound = null;
+              if (route.notFounds) {
+                for (let pi = li - 1; pi >= 0; pi--) {
+                  if (route.notFounds[pi]?.default) {
+                    parentNotFound = route.notFounds[pi].default;
+                    break;
+                  }
+                }
+              }
+              if (!parentNotFound) parentNotFound = null;
+              // Wrap in only the layouts above the throwing one
+              const parentLayouts = route.layouts.slice(0, li);
+              const fallbackResp = await renderHTTPAccessFallbackPage(
+                route, statusCode, isRscRequest, request,
+                { boundaryComponent: parentNotFound, layouts: parentLayouts, params }
+              );
+              if (fallbackResp) return fallbackResp;
+              setHeadersContext(null);
+              setNavigationContext(null);
+              const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+              return new Response(statusText, { status: statusCode });
+            }
+          }
+          // Not a special error — let it propagate through normal RSC rendering
+        }
+      }
+      return null;
+    });
+    if (_layoutProbeResult instanceof Response) return _layoutProbeResult;
+  }
+
+  // Pre-render the page component to catch redirect()/notFound() thrown synchronously.
+  // Server Components are just functions — we can call PageComponent directly to detect
+  // these special throws before starting the RSC stream.
+  //
+  // For routes with a loading.tsx Suspense boundary, we skip awaiting async components.
+  // The Suspense boundary + rscOnError will handle redirect/notFound thrown during
+  // streaming, and blocking here would defeat streaming (the slow component's delay
+  // would be hit before the RSC stream even starts).
+  //
+  // Because this calls the component outside React's render cycle, hooks like use()
+  // trigger "Invalid hook call" console.error in dev. The module-level ALS patch
+  // suppresses the warning only within this request's execution context.
+  const _hasLoadingBoundary = !!(route.loading && route.loading.default);
+  const _pageProbeResult = await _suppressHookWarningAls.run(true, async () => {
+    try {
+      const testResult = PageComponent({ params });
+      // If it's a promise (async component), only await if there's no loading boundary.
+      // With a loading boundary, the Suspense streaming pipeline handles async resolution
+      // and any redirect/notFound errors via rscOnError.
+      if (testResult && typeof testResult === "object" && typeof testResult.then === "function") {
+        if (!_hasLoadingBoundary) {
+          await testResult;
+        } else {
+          // Suppress unhandled promise rejection — with a loading boundary,
+          // redirect/notFound errors are handled by rscOnError during streaming.
+          testResult.catch(() => {});
+        }
+      }
+    } catch (preRenderErr) {
+      const specialResponse = await handleRenderError(preRenderErr);
+      if (specialResponse) return specialResponse;
+      // Non-special errors from the pre-render test are expected (e.g. use() hook
+      // fails outside React's render cycle, client references can't execute on server).
+      // Only redirect/notFound/forbidden/unauthorized are actionable here — other
+      // errors will be properly caught during actual RSC/SSR rendering below.
+    }
+    return null;
+  });
+  if (_pageProbeResult instanceof Response) return _pageProbeResult;
+
+  // Mark end of compile phase: route matching, middleware, tree building are done.
+  if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
+
+  // Render to RSC stream
+  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+
+  if (isRscRequest) {
+    // Direct RSC stream response (for client-side navigation)
+    // NOTE: Do NOT clear headers/navigation context here!
+    // The RSC stream is consumed lazily - components render when chunks are read.
+    // If we clear context now, headers()/cookies() will fail during rendering.
+    // Context will be cleared when the next request starts (via runWithHeadersContext).
+    const responseHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
+    // Include matched route params so the client can hydrate useParams()
+    if (params && Object.keys(params).length > 0) {
+      responseHeaders["X-Vinext-Params"] = JSON.stringify(params);
+    }
+    if (isForceDynamic) {
+      responseHeaders["Cache-Control"] = "no-store, must-revalidate";
+    } else if ((isForceStatic || isDynamicError) && !revalidateSeconds) {
+      responseHeaders["Cache-Control"] = "s-maxage=31536000, stale-while-revalidate";
+      responseHeaders["X-Vinext-Cache"] = "STATIC";
+    } else if (revalidateSeconds) {
+      responseHeaders["Cache-Control"] = "s-maxage=" + revalidateSeconds + ", stale-while-revalidate";
+    }
+    // Merge middleware response headers into the RSC response.
+    // set-cookie and vary are accumulated to preserve existing values
+    // (e.g. "Vary: RSC, Accept" set above); all other keys use plain
+    // assignment so middleware headers win over config headers, which
+    // the outer handler applies afterward and skips keys already present.
+    if (_mwCtx.headers) {
+      for (const [key, value] of _mwCtx.headers) {
+        const lk = key.toLowerCase();
+        if (lk === "set-cookie") {
+          const existing = responseHeaders[lk];
+          if (Array.isArray(existing)) {
+            existing.push(value);
+          } else if (existing) {
+            responseHeaders[lk] = [existing, value];
+          } else {
+            responseHeaders[lk] = [value];
+          }
+        } else if (lk === "vary") {
+          // Accumulate Vary values to preserve the existing "RSC, Accept" entry.
+          const existing = responseHeaders["Vary"] ?? responseHeaders["vary"];
+          if (existing) {
+            responseHeaders["Vary"] = existing + ", " + value;
+            if (responseHeaders["vary"] !== undefined) delete responseHeaders["vary"];
+          } else {
+            responseHeaders[key] = value;
+          }
+        } else {
+          responseHeaders[key] = value;
+        }
+      }
+    }
+    // Attach internal timing header so the dev server middleware can log it.
+    // Format: "handlerStart,compileMs,renderMs"
+    //   handlerStart - absolute performance.now() when _handleRequest began,
+    //                  used by the logging middleware to compute true compile
+    //                  time as (handlerStart - middlewareReqStart).
+    //   compileMs    - time inside the handler before renderToReadableStream.
+    //                  -1 sentinel means compile time is not measured.
+    //   renderMs     - -1 sentinel for RSC-only (soft-nav) responses, since
+    //                  rendering is handled asynchronously by the client. The
+    //                  logging middleware computes render time as totalMs - compileMs.
+    if (process.env.NODE_ENV !== "production") {
+      const handlerStart = Math.round(__reqStart);
+      const compileMs = __compileEnd !== undefined ? Math.round(__compileEnd - __reqStart) : -1;
+      responseHeaders["x-vinext-timing"] = handlerStart + "," + compileMs + ",-1";
+    }
+    return new Response(rscStream, { status: _mwCtx.status || 200, headers: responseHeaders });
+  }
+
+  // Collect font data from RSC environment before passing to SSR
+  // (Fonts are loaded during RSC rendering when layout.tsx calls Geist() etc.)
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+
+  // Build HTTP Link header for font preloading.
+  // This lets the browser (and CDN) start fetching font files before parsing HTML,
+  // eliminating the CSS → woff2 download waterfall.
+  const fontPreloads = fontData.preloads || [];
+  const fontLinkHeaderParts = [];
+  for (const preload of fontPreloads) {
+    fontLinkHeaderParts.push("<" + preload.href + ">; rel=preload; as=font; type=" + preload.type + "; crossorigin");
+  }
+  const fontLinkHeader = fontLinkHeaderParts.length > 0 ? fontLinkHeaderParts.join(", ") : "";
+
+  // Delegate to SSR environment for HTML rendering
+  let htmlStream;
+  try {
+    const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+    htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+    // Shell render complete; Suspense boundaries stream asynchronously
+    if (process.env.NODE_ENV !== "production") __renderEnd = performance.now();
+  } catch (ssrErr) {
+    const specialResponse = await handleRenderError(ssrErr);
+    if (specialResponse) return specialResponse;
+    // Non-special error during SSR — render error.tsx if available
+    const errorBoundaryResp = await renderErrorBoundaryPage(route, ssrErr, isRscRequest, request, params);
+    if (errorBoundaryResp) return errorBoundaryResp;
+    throw ssrErr;
+  }
+
+  // Check for draftMode Set-Cookie header (from draftMode().enable()/disable())
+  const draftCookie = getDraftModeCookieHeader();
+
+  setHeadersContext(null);
+  setNavigationContext(null);
+
+  // Helper to attach draftMode cookie, middleware headers, font Link header, and rewrite status to a response
+  function attachMiddlewareContext(response) {
+    if (draftCookie) {
+      response.headers.append("Set-Cookie", draftCookie);
+    }
+    // Set HTTP Link header for font preloading
+    if (fontLinkHeader) {
+      response.headers.set("Link", fontLinkHeader);
+    }
+    // Merge middleware response headers into the final response.
+    // The response is freshly constructed above (new Response(htmlStream, {...})),
+    // so set() and append() are equivalent — there are no same-key conflicts yet.
+    // Precedence over config headers is handled by the outer handler, which
+    // skips config keys that middleware already placed on the response.
+    if (_mwCtx.headers) {
+      for (const [key, value] of _mwCtx.headers) {
+        response.headers.append(key, value);
+      }
+    }
+    // Attach internal timing header so the dev server middleware can log it.
+    // Format: "handlerStart,compileMs,renderMs"
+    //   handlerStart - absolute performance.now() when _handleRequest began,
+    //                  used by the logging middleware to compute true compile
+    //                  time as (handlerStart - middlewareReqStart).
+    //   compileMs    - time inside the handler before renderToReadableStream.
+    //   renderMs     - time from renderToReadableStream to handleSsr completion,
+    //                  or -1 sentinel if not measured (falls back to totalMs - compileMs).
+    if (process.env.NODE_ENV !== "production") {
+      const handlerStart = Math.round(__reqStart);
+      const compileMs = __compileEnd !== undefined ? Math.round(__compileEnd - __reqStart) : -1;
+      const renderMs = __renderEnd !== undefined && __compileEnd !== undefined
+        ? Math.round(__renderEnd - __compileEnd)
+        : -1;
+      response.headers.set("x-vinext-timing", handlerStart + "," + compileMs + "," + renderMs);
+    }
+    // Apply custom status code from middleware rewrite
+    if (_mwCtx.status) {
+      return new Response(response.body, {
+        status: _mwCtx.status,
+        headers: response.headers,
+      });
+    }
+    return response;
+  }
+
+  // Check if any component called connection(), cookies(), headers(), or noStore()
+  // during rendering. If so, treat as dynamic (skip ISR, set no-store).
+  const dynamicUsedDuringRender = consumeDynamicUsage();
+
+  // Check if cacheLife() was called during rendering (e.g., page with file-level "use cache").
+  // If so, use its revalidation period for the Cache-Control header.
+  const requestCacheLife = _consumeRequestScopedCacheLife();
+  if (requestCacheLife && requestCacheLife.revalidate !== undefined && revalidateSeconds === null) {
+    revalidateSeconds = requestCacheLife.revalidate;
+  }
+
+  // force-dynamic: always return no-store (highest priority)
+  if (isForceDynamic) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "no-store, must-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // force-static / error: treat as static regardless of dynamic usage.
+  // force-static intentionally provides empty headers/cookies context so
+  // dynamic APIs return safe defaults; we ignore the dynamic usage signal.
+  // dynamic='error' should have already thrown (via throwing Proxy) if user
+  // code accessed dynamic APIs, so reaching here means rendering succeeded.
+  if ((isForceStatic || isDynamicError) && (revalidateSeconds === null || revalidateSeconds === 0)) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "s-maxage=31536000, stale-while-revalidate",
+        "X-Vinext-Cache": "STATIC",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // auto mode: dynamic API usage (headers(), cookies(), connection(), noStore(),
+  // searchParams access) opts the page into dynamic rendering with no-store.
+  if (dynamicUsedDuringRender) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "no-store, must-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // Emit Cache-Control for ISR pages so tests can verify revalidate values,
+  // but skip actual caching in dev — every request renders fresh.
+  if (revalidateSeconds !== null && revalidateSeconds > 0) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "s-maxage=" + revalidateSeconds + ", stale-while-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  return attachMiddlewareContext(new Response(htmlStream, {
+    headers: { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" },
+  }));
+}
+
+if (import.meta.hot) {
+  import.meta.hot.accept();
+}
+"
+`;
+
+exports[`App Router entry templates > generateRscEntry snapshot (with middleware) 1`] = `
+"
+import {
+  renderToReadableStream,
+  decodeReply,
+  loadServerAction,
+  createTemporaryReferenceSet,
+} from "@vitejs/plugin-rsc/rsc";
+import { AsyncLocalStorage } from "node:async_hooks";
+import { createElement, Suspense, Fragment } from "react";
+import { setNavigationContext as _setNavigationContextOrig, getNavigationContext as _getNavigationContext } from "next/navigation";
+import { setHeadersContext, headersContextFromRequest, getDraftModeCookieHeader, getAndClearPendingCookies, consumeDynamicUsage, markDynamicUsage, runWithHeadersContext, applyMiddlewareRequestHeaders, getHeadersContext } from "next/headers";
+import { NextRequest, NextFetchEvent } from "next/server";
+import { ErrorBoundary, NotFoundBoundary } from "vinext/error-boundary";
+import { LayoutSegmentProvider } from "vinext/layout-segment-context";
+import { MetadataHead, mergeMetadata, resolveModuleMetadata, ViewportHead, mergeViewport, resolveModuleViewport } from "vinext/metadata";
+import * as middlewareModule from "/tmp/test/middleware.ts";
+
+
+import { _consumeRequestScopedCacheLife, _runWithCacheState } from "next/cache";
+import { runWithFetchCache } from "vinext/fetch-cache";
+import { runWithPrivateCache as _runWithPrivateCache } from "vinext/cache-runtime";
+// Import server-only state module to register ALS-backed accessors.
+import { runWithNavigationContext as _runWithNavigationContext } from "vinext/navigation-state";
+import { reportRequestError as _reportRequestError } from "vinext/instrumentation";
+import { getSSRFontLinks as _getSSRFontLinks, getSSRFontStyles as _getSSRFontStylesGoogle, getSSRFontPreloads as _getSSRFontPreloadsGoogle } from "next/font/google";
+import { getSSRFontStyles as _getSSRFontStylesLocal, getSSRFontPreloads as _getSSRFontPreloadsLocal } from "next/font/local";
+function _getSSRFontStyles() { return [..._getSSRFontStylesGoogle(), ..._getSSRFontStylesLocal()]; }
+function _getSSRFontPreloads() { return [..._getSSRFontPreloadsGoogle(), ..._getSSRFontPreloadsLocal()]; }
+
+// ALS used to suppress the expected "Invalid hook call" dev warning when
+// layout/page components are probed outside React's render cycle. Patching
+// console.error once at module load (instead of per-request) avoids the
+// concurrent-request issue where request A's suppression filter could
+// swallow real errors from request B.
+const _suppressHookWarningAls = new AsyncLocalStorage();
+const _origConsoleError = console.error;
+console.error = (...args) => {
+  if (_suppressHookWarningAls.getStore() === true &&
+      typeof args[0] === "string" &&
+      args[0].includes("Invalid hook call")) return;
+  _origConsoleError.apply(console, args);
+};
+
+// Set navigation context in the ALS-backed store. "use client" components
+// rendered during SSR need the pathname/searchParams/params but the SSR
+// environment has a separate module instance of next/navigation.
+// Use _getNavigationContext() to read the current context — never cache
+// it in a module-level variable (that would leak between concurrent requests).
+function setNavigationContext(ctx) {
+  _setNavigationContextOrig(ctx);
+}
+
+// ISR cache is disabled in dev mode — every request re-renders fresh,
+// matching Next.js dev behavior. Cache-Control headers are still emitted
+// based on export const revalidate for testing purposes.
+// Production ISR is handled by prod-server.ts and the Cloudflare worker entry.
+
+// Normalize null-prototype objects from matchPattern() into thenable objects
+// that work both as Promises (for Next.js 15+ async params) and as plain
+// objects with synchronous property access (for pre-15 code like params.id).
+//
+// matchPattern() uses Object.create(null), producing objects without
+// Object.prototype. The RSC serializer rejects these. Spreading ({...obj})
+// restores a normal prototype. Object.assign onto the Promise preserves
+// synchronous property access (params.id, params.slug) that existing
+// components and test fixtures rely on.
+function makeThenableParams(obj) {
+  const plain = { ...obj };
+  return Object.assign(Promise.resolve(plain), plain);
+}
+
+// Resolve route tree segments to actual values using matched params.
+// Dynamic segments like [id] are replaced with param values, catch-all
+// segments like [...slug] are joined with "/", and route groups are kept as-is.
+function __resolveChildSegments(routeSegments, treePosition, params) {
+  var raw = routeSegments.slice(treePosition);
+  var result = [];
+  for (var j = 0; j < raw.length; j++) {
+    var seg = raw[j];
+    // Optional catch-all: [[...param]]
+    if (seg.indexOf("[[...") === 0 && seg.charAt(seg.length - 1) === "]" && seg.charAt(seg.length - 2) === "]") {
+      var pn = seg.slice(5, -2);
+      var v = params[pn];
+      // Skip empty optional catch-all (e.g., visiting /blog on [[...slug]] route)
+      if (Array.isArray(v) && v.length === 0) continue;
+      if (v == null) continue;
+      result.push(Array.isArray(v) ? v.join("/") : v);
+    // Catch-all: [...param]
+    } else if (seg.indexOf("[...") === 0 && seg.charAt(seg.length - 1) === "]") {
+      var pn2 = seg.slice(4, -1);
+      var v2 = params[pn2];
+      result.push(Array.isArray(v2) ? v2.join("/") : (v2 || seg));
+    // Dynamic: [param]
+    } else if (seg.charAt(0) === "[" && seg.charAt(seg.length - 1) === "]" && seg.indexOf(".") === -1) {
+      var pn3 = seg.slice(1, -1);
+      result.push(params[pn3] || seg);
+    } else {
+      result.push(seg);
+    }
+  }
+  return result;
+}
+
+// djb2 hash — matches Next.js's stringHash for digest generation.
+// Produces a stable numeric string from error message + stack.
+function __errorDigest(str) {
+  let hash = 5381;
+  for (let i = str.length - 1; i >= 0; i--) {
+    hash = (hash * 33) ^ str.charCodeAt(i);
+  }
+  return (hash >>> 0).toString();
+}
+
+// Sanitize an error for client consumption. In production, replaces the error
+// with a generic Error that only carries a digest hash (matching Next.js
+// behavior). In development, returns the original error for debugging.
+// Navigation errors (redirect, notFound, etc.) are always passed through
+// unchanged since their digests are used for client-side routing.
+function __sanitizeErrorForClient(error) {
+  // Navigation errors must pass through with their digest intact
+  if (error && typeof error === "object" && "digest" in error) {
+    const digest = String(error.digest);
+    if (
+      digest.startsWith("NEXT_REDIRECT;") ||
+      digest === "NEXT_NOT_FOUND" ||
+      digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")
+    ) {
+      return error;
+    }
+  }
+  // In development, pass through the original error for debugging
+  if (process.env.NODE_ENV !== "production") {
+    return error;
+  }
+  // In production, create a sanitized error with only a digest hash
+  const msg = error instanceof Error ? error.message : String(error);
+  const stack = error instanceof Error ? (error.stack || "") : "";
+  const sanitized = new Error(
+    "An error occurred in the Server Components render. " +
+    "The specific message is omitted in production builds to avoid leaking sensitive details. " +
+    "A digest property is included on this error instance which may provide additional details about the nature of the error."
+  );
+  sanitized.digest = __errorDigest(msg + stack);
+  return sanitized;
+}
+
+// onError callback for renderToReadableStream — preserves the digest for
+// Next.js navigation errors (redirect, notFound, forbidden, unauthorized)
+// thrown during RSC streaming (e.g. inside Suspense boundaries).
+// For non-navigation errors in production, generates a digest hash so the
+// error can be correlated with server logs without leaking details.
+function rscOnError(error) {
+  if (error && typeof error === "object" && "digest" in error) {
+    return String(error.digest);
+  }
+
+  // In dev, detect the "Only plain objects" RSC serialization error and emit
+  // an actionable hint. This error occurs when a Server Component passes a
+  // class instance, ES module namespace object, or null-prototype object as a
+  // prop to a Client Component.
+  //
+  // Root cause: Vite bundles modules as true ESM (module namespace objects
+  // have a null-like internal slot), while Next.js's webpack build produces
+  // plain CJS-wrapped objects with __esModule:true. React's RSC serializer
+  // accepts the latter as plain objects but rejects the former — which means
+  // code that accidentally passes "import * as X" works in webpack/Next.js
+  // but correctly fails in vinext.
+  //
+  // Common triggers:
+  //   - "import * as utils from './utils'" passed as a prop
+  //   - class instances (new Foo()) passed as props
+  //   - Date / Map / Set instances passed as props
+  //   - Objects with Object.create(null) (null prototype)
+  if (
+    process.env.NODE_ENV !== "production" &&
+    error instanceof Error &&
+    error.message.includes("Only plain objects, and a few built-ins, can be passed to Client Components")
+  ) {
+    console.error(
+      "[vinext] RSC serialization error: a non-plain object was passed from a Server Component to a Client Component.\\n" +
+      "\\n" +
+      "Common causes:\\n" +
+      "  * Passing a module namespace (import * as X) directly as a prop.\\n" +
+      "    Unlike Next.js (webpack), Vite produces real ESM module namespace objects\\n" +
+      "    which are not serializable. Fix: pass individual values instead,\\n" +
+      "    e.g. <Comp value={module.value} />\\n" +
+      "  * Passing a class instance (new Foo()) as a prop.\\n" +
+      "    Fix: convert to a plain object, e.g. { id: foo.id, name: foo.name }\\n" +
+      "  * Passing a Date, Map, or Set. Use .toISOString(), [...map.entries()], etc.\\n" +
+      "  * Passing Object.create(null). Use { ...obj } to restore a prototype.\\n" +
+      "\\n" +
+      "Original error:",
+      error.message,
+    );
+    return undefined;
+  }
+
+  // In production, generate a digest hash for non-navigation errors
+  if (process.env.NODE_ENV === "production" && error) {
+    const msg = error instanceof Error ? error.message : String(error);
+    const stack = error instanceof Error ? (error.stack || "") : "";
+    return __errorDigest(msg + stack);
+  }
+  return undefined;
+}
+
+import * as mod_0 from "/tmp/test/app/page.tsx";
+import * as mod_1 from "/tmp/test/app/layout.tsx";
+import * as mod_2 from "/tmp/test/app/about/page.tsx";
+
+
+
+const routes = [
+  {
+    pattern: "/",
+    isDynamic: false,
+    params: [],
+    page: mod_0,
+    routeHandler: null,
+    layouts: [mod_1],
+    routeSegments: [],
+    layoutTreePositions: [0],
+    templates: [],
+    errors: [null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null],
+    forbidden: null,
+    unauthorized: null,
+  },
+  {
+    pattern: "/about",
+    isDynamic: false,
+    params: [],
+    page: mod_2,
+    routeHandler: null,
+    layouts: [mod_1],
+    routeSegments: ["about"],
+    layoutTreePositions: [0],
+    templates: [],
+    errors: [null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null],
+    forbidden: null,
+    unauthorized: null,
+  }
+];
+
+const metadataRoutes = [
+
+];
+
+const rootNotFoundModule = null;
+const rootForbiddenModule = null;
+const rootUnauthorizedModule = null;
+const rootLayouts = [mod_1];
+
+/**
+ * Render an HTTP access fallback page (not-found/forbidden/unauthorized) with layouts and noindex meta.
+ * Returns null if no matching component is available.
+ *
+ * @param opts.boundaryComponent - Override the boundary component (for layout-level notFound)
+ * @param opts.layouts - Override the layouts to wrap with (for layout-level notFound, excludes the throwing layout)
+ */
+async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, opts) {
+  // Determine which boundary component to use based on status code
+  let BoundaryComponent = opts?.boundaryComponent ?? null;
+  if (!BoundaryComponent) {
+    let boundaryModule;
+    if (statusCode === 403) {
+      boundaryModule = route?.forbidden ?? rootForbiddenModule;
+    } else if (statusCode === 401) {
+      boundaryModule = route?.unauthorized ?? rootUnauthorizedModule;
+    } else {
+      boundaryModule = route?.notFound ?? rootNotFoundModule;
+    }
+    BoundaryComponent = boundaryModule?.default ?? null;
+  }
+  const layouts = opts?.layouts ?? route?.layouts ?? rootLayouts;
+  if (!BoundaryComponent) return null;
+
+  // Resolve metadata and viewport from parent layouts so that not-found/error
+  // pages inherit title, description, OG tags etc. — matching Next.js behavior.
+  const metadataList = [];
+  const viewportList = [];
+  for (const layoutMod of layouts) {
+    if (layoutMod) {
+      const meta = await resolveModuleMetadata(layoutMod);
+      if (meta) metadataList.push(meta);
+      const vp = await resolveModuleViewport(layoutMod);
+      if (vp) viewportList.push(vp);
+    }
+  }
+  const resolvedMetadata = metadataList.length > 0 ? mergeMetadata(metadataList) : null;
+  const resolvedViewport = mergeViewport(viewportList);
+
+  // Build element: metadata head + noindex meta + boundary component wrapped in layouts
+  // Always include charset and default viewport for parity with Next.js.
+  const charsetMeta = createElement("meta", { charSet: "utf-8" });
+  const noindexMeta = createElement("meta", { name: "robots", content: "noindex" });
+  const headElements = [charsetMeta, noindexMeta];
+  if (resolvedMetadata) headElements.push(createElement(MetadataHead, { metadata: resolvedMetadata }));
+  headElements.push(createElement(ViewportHead, { viewport: resolvedViewport }));
+  let element = createElement(Fragment, null, ...headElements, createElement(BoundaryComponent));
+  if (isRscRequest) {
+    // For RSC requests (client-side navigation), wrap the element with the same
+    // component wrappers that buildPageElement() uses. Without these wrappers,
+    // React's reconciliation would see a mismatched tree structure between the
+    // old fiber tree (ErrorBoundary > LayoutSegmentProvider > html > body > NotFoundBoundary > ...)
+    // and the new tree (html > body > ...), causing it to destroy and recreate
+    // the entire DOM tree, resulting in a blank white page.
+    //
+    // We wrap each layout with LayoutSegmentProvider and add GlobalErrorBoundary
+    // to match the wrapping order in buildPageElement(), ensuring smooth
+    // client-side tree reconciliation.
+    const _treePositions = route?.layoutTreePositions;
+    const _routeSegs = route?.routeSegments || [];
+    const _fallbackParams = opts?.params || {};
+    for (let i = layouts.length - 1; i >= 0; i--) {
+      const LayoutComponent = layouts[i]?.default;
+      if (LayoutComponent) {
+        element = createElement(LayoutComponent, { children: element });
+        const _tp = _treePositions ? _treePositions[i] : 0;
+        const _cs = __resolveChildSegments(_routeSegs, _tp, _fallbackParams);
+        element = createElement(LayoutSegmentProvider, { childSegments: _cs }, element);
+      }
+    }
+    
+    const rscStream = renderToReadableStream(element, { onError: rscOnError });
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response(rscStream, {
+      status: statusCode,
+      headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+    });
+  }
+  // For HTML (full page load) responses, wrap with layouts only (no client-side
+  // wrappers needed since SSR generates the complete HTML document).
+  for (let i = layouts.length - 1; i >= 0; i--) {
+    const LayoutComponent = layouts[i]?.default;
+    if (LayoutComponent) {
+      element = createElement(LayoutComponent, { children: element });
+    }
+  }
+  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  // Collect font data from RSC environment
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+  const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+  const htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+  setHeadersContext(null);
+  setNavigationContext(null);
+  const _respHeaders = { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" };
+  const _linkParts = (fontData.preloads || []).map(function(p) { return "<" + p.href + ">; rel=preload; as=font; type=" + p.type + "; crossorigin"; });
+  if (_linkParts.length > 0) _respHeaders["Link"] = _linkParts.join(", ");
+  return new Response(htmlStream, {
+    status: statusCode,
+    headers: _respHeaders,
+  });
+}
+
+/** Convenience: render a not-found page (404) */
+async function renderNotFoundPage(route, isRscRequest, request, params) {
+  return renderHTTPAccessFallbackPage(route, 404, isRscRequest, request, { params });
+}
+
+/**
+ * Render an error.tsx boundary page when a server component or generateMetadata() throws.
+ * Returns null if no error boundary component is available for this route.
+ *
+ * Next.js returns HTTP 200 when error.tsx catches an error (the error is "handled"
+ * by the boundary). This matches that behavior intentionally.
+ */
+async function renderErrorBoundaryPage(route, error, isRscRequest, request, params) {
+  // Resolve the error boundary component: leaf error.tsx first, then walk per-layout
+  // errors from innermost to outermost (matching ancestor inheritance), then global-error.tsx.
+  let ErrorComponent = route?.error?.default ?? null;
+  if (!ErrorComponent && route?.errors) {
+    for (let i = route.errors.length - 1; i >= 0; i--) {
+      if (route.errors[i]?.default) {
+        ErrorComponent = route.errors[i].default;
+        break;
+      }
+    }
+  }
+  ErrorComponent = ErrorComponent;
+  if (!ErrorComponent) return null;
+
+  const rawError = error instanceof Error ? error : new Error(String(error));
+  // Sanitize the error in production to avoid leaking internal details
+  // (database errors, file paths, stack traces) through error.tsx to the client.
+  // In development, pass the original error for debugging.
+  const errorObj = __sanitizeErrorForClient(rawError);
+  // Only pass error — reset is a client-side concern (re-renders the segment) and
+  // can't be serialized through RSC. The error.tsx component will receive reset=undefined
+  // during SSR, which is fine — onClick={undefined} is harmless, and the real reset
+  // function is only meaningful after hydration.
+  let element = createElement(ErrorComponent, {
+    error: errorObj,
+  });
+  const layouts = route?.layouts ?? rootLayouts;
+  if (isRscRequest) {
+    // For RSC requests (client-side navigation), wrap with the same component
+    // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
+    // This ensures React can reconcile the tree without destroying the DOM.
+    // Same rationale as renderHTTPAccessFallbackPage — see comment there.
+    const _errTreePositions = route?.layoutTreePositions;
+    const _errRouteSegs = route?.routeSegments || [];
+    const _errParams = params || {};
+    for (let i = layouts.length - 1; i >= 0; i--) {
+      const LayoutComponent = layouts[i]?.default;
+      if (LayoutComponent) {
+        element = createElement(LayoutComponent, { children: element });
+        const _etp = _errTreePositions ? _errTreePositions[i] : 0;
+        const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
+        element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+      }
+    }
+    
+    const rscStream = renderToReadableStream(element, { onError: rscOnError });
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response(rscStream, {
+      status: 200,
+      headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+    });
+  }
+  // For HTML (full page load) responses, wrap with layouts only.
+  for (let i = layouts.length - 1; i >= 0; i--) {
+    const LayoutComponent = layouts[i]?.default;
+    if (LayoutComponent) {
+      element = createElement(LayoutComponent, { children: element });
+    }
+  }
+  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  // Collect font data from RSC environment so error pages include font styles
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+  const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+  const htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+  setHeadersContext(null);
+  setNavigationContext(null);
+  const _errHeaders = { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" };
+  const _errLinkParts = (fontData.preloads || []).map(function(p) { return "<" + p.href + ">; rel=preload; as=font; type=" + p.type + "; crossorigin"; });
+  if (_errLinkParts.length > 0) _errHeaders["Link"] = _errLinkParts.join(", ");
+  return new Response(htmlStream, {
+    status: 200,
+    headers: _errHeaders,
+  });
+}
+
+function matchRoute(url, routes) {
+  const pathname = url.split("?")[0];
+  let normalizedUrl = pathname === "/" ? "/" : pathname.replace(/\\/$/, "");
+   // NOTE: Do NOT decodeURIComponent here. The caller is responsible for decoding
+   // the pathname exactly once at the request entry point. Decoding again here
+   // would cause inconsistent path matching between middleware and routing.
+  for (const route of routes) {
+    const params = matchPattern(normalizedUrl, route.pattern);
+    if (params !== null) return { route, params };
+  }
+  return null;
+}
+
+function matchPattern(url, pattern) {
+  const urlParts = url.split("/").filter(Boolean);
+  const patternParts = pattern.split("/").filter(Boolean);
+  const params = Object.create(null);
+  for (let i = 0; i < patternParts.length; i++) {
+    const pp = patternParts[i];
+    if (pp.endsWith("+")) {
+      const paramName = pp.slice(1, -1);
+      const remaining = urlParts.slice(i);
+      if (remaining.length === 0) return null;
+      params[paramName] = remaining;
+      return params;
+    }
+    if (pp.endsWith("*")) {
+      const paramName = pp.slice(1, -1);
+      params[paramName] = urlParts.slice(i);
+      return params;
+    }
+    if (pp.startsWith(":")) {
+      if (i >= urlParts.length) return null;
+      params[pp.slice(1)] = urlParts[i];
+      continue;
+    }
+    if (i >= urlParts.length || urlParts[i] !== pp) return null;
+  }
+  if (urlParts.length !== patternParts.length) return null;
+  return params;
+}
+
+// Build a global intercepting route lookup for RSC navigation.
+// Maps target URL patterns to { sourceRouteIndex, slotName, interceptPage, params }.
+const interceptLookup = [];
+for (let ri = 0; ri < routes.length; ri++) {
+  const r = routes[ri];
+  if (!r.slots) continue;
+  for (const [slotName, slotMod] of Object.entries(r.slots)) {
+    if (!slotMod.intercepts) continue;
+    for (const intercept of slotMod.intercepts) {
+      interceptLookup.push({
+        sourceRouteIndex: ri,
+        slotName,
+        targetPattern: intercept.targetPattern,
+        page: intercept.page,
+        params: intercept.params,
+      });
+    }
+  }
+}
+
+/**
+ * Check if a pathname matches any intercepting route.
+ * Returns the match info or null.
+ */
+function findIntercept(pathname) {
+  for (const entry of interceptLookup) {
+    const params = matchPattern(pathname, entry.targetPattern);
+    if (params !== null) {
+      return { ...entry, matchedParams: params };
+    }
+  }
+  return null;
+}
+
+async function buildPageElement(route, params, opts, searchParams) {
+  const PageComponent = route.page?.default;
+  if (!PageComponent) {
+    return createElement("div", null, "Page has no default export");
+  }
+
+  // Resolve metadata and viewport from layouts and page
+  const metadataList = [];
+  const viewportList = [];
+  for (const layoutMod of route.layouts) {
+    if (layoutMod) {
+      const meta = await resolveModuleMetadata(layoutMod, params);
+      if (meta) metadataList.push(meta);
+      const vp = await resolveModuleViewport(layoutMod, params);
+      if (vp) viewportList.push(vp);
+    }
+  }
+  if (route.page) {
+    const pageMeta = await resolveModuleMetadata(route.page, params);
+    if (pageMeta) metadataList.push(pageMeta);
+    const pageVp = await resolveModuleViewport(route.page, params);
+    if (pageVp) viewportList.push(pageVp);
+  }
+  const resolvedMetadata = metadataList.length > 0 ? mergeMetadata(metadataList) : null;
+  const resolvedViewport = mergeViewport(viewportList);
+
+  // Build nested layout tree from outermost to innermost.
+  // Next.js 16 passes params/searchParams as Promises (async pattern)
+  // but pre-16 code accesses them as plain objects (params.id).
+  // makeThenableParams() normalises null-prototype + preserves both patterns.
+  const asyncParams = makeThenableParams(params);
+  const pageProps = { params: asyncParams };
+  if (searchParams) {
+    const spObj = {};
+    let hasSearchParams = false;
+    if (searchParams.forEach) searchParams.forEach(function(v, k) {
+      hasSearchParams = true;
+      if (k in spObj) {
+        // Multi-value: promote to array (Next.js returns string[] for duplicate keys)
+        spObj[k] = Array.isArray(spObj[k]) ? spObj[k].concat(v) : [spObj[k], v];
+      } else {
+        spObj[k] = v;
+      }
+    });
+    // If the URL has query parameters, mark the page as dynamic.
+    // In Next.js, only accessing the searchParams prop signals dynamic usage,
+    // but a Proxy-based approach doesn't work here because React's RSC debug
+    // serializer accesses properties on all props (e.g. $$typeof check in
+    // isClientReference), triggering the Proxy even when user code doesn't
+    // read searchParams. Checking for non-empty query params is a safe
+    // approximation: pages with query params in the URL are almost always
+    // dynamic, and this avoids false positives from React internals.
+    if (hasSearchParams) markDynamicUsage();
+    pageProps.searchParams = makeThenableParams(spObj);
+  }
+  let element = createElement(PageComponent, pageProps);
+
+  // Wrap page with empty segment provider so useSelectedLayoutSegments()
+  // returns [] when called from inside a page component (leaf node).
+  element = createElement(LayoutSegmentProvider, { childSegments: [] }, element);
+
+  // Add metadata + viewport head tags (React 19 hoists title/meta/link to <head>)
+  // Next.js always injects charset and default viewport even when no metadata/viewport
+  // is exported. We replicate that by always emitting these essential head elements.
+  {
+    const headElements = [];
+    // Always emit <meta charset="utf-8"> — Next.js includes this on every page
+    headElements.push(createElement("meta", { charSet: "utf-8" }));
+    if (resolvedMetadata) headElements.push(createElement(MetadataHead, { metadata: resolvedMetadata }));
+    headElements.push(createElement(ViewportHead, { viewport: resolvedViewport }));
+    element = createElement(Fragment, null, ...headElements, element);
+  }
+
+  // Wrap with loading.tsx Suspense if present
+  if (route.loading?.default) {
+    element = createElement(
+      Suspense,
+      { fallback: createElement(route.loading.default) },
+      element,
+    );
+  }
+
+  // Wrap with the leaf's error.tsx ErrorBoundary if it's not already covered
+  // by a per-layout error boundary (i.e., the leaf has error.tsx but no layout).
+  // Per-layout error boundaries are interleaved with layouts below.
+  {
+    const lastLayoutError = route.errors ? route.errors[route.errors.length - 1] : null;
+    if (route.error?.default && route.error !== lastLayoutError) {
+      element = createElement(ErrorBoundary, {
+        fallback: route.error.default,
+        children: element,
+      });
+    }
+  }
+
+  // Wrap with NotFoundBoundary so client-side notFound() renders not-found.tsx
+  // instead of crashing the React tree. Must be above ErrorBoundary since
+  // ErrorBoundary re-throws notFound errors.
+  // Pre-render the not-found component as a React element since it may be a
+  // server component (not a client reference) and can't be passed as a function prop.
+  {
+    const NotFoundComponent = route.notFound?.default ?? null;
+    if (NotFoundComponent) {
+      element = createElement(NotFoundBoundary, {
+        fallback: createElement(NotFoundComponent),
+        children: element,
+      });
+    }
+  }
+
+  // Wrap with templates (innermost first, then outer)
+  // Templates are like layouts but re-mount on navigation (client-side concern).
+  // On the server, they just wrap the content like layouts do.
+  if (route.templates) {
+    for (let i = route.templates.length - 1; i >= 0; i--) {
+      const TemplateComponent = route.templates[i]?.default;
+      if (TemplateComponent) {
+        element = createElement(TemplateComponent, { children: element, params });
+      }
+    }
+  }
+
+  // Wrap with layouts (innermost first, then outer).
+  // At each layout level, first wrap with that level's error boundary (if any)
+  // so the boundary is inside the layout and catches errors from children.
+  // This matches Next.js behavior: Layout > ErrorBoundary > children.
+  // Parallel slots are passed as named props to the innermost layout
+  // (the layout at the same directory level as the page/slots)
+  for (let i = route.layouts.length - 1; i >= 0; i--) {
+    // Wrap with per-layout error boundary before wrapping with layout.
+    // This places the ErrorBoundary inside the layout, catching errors
+    // from child segments (matching Next.js per-segment error handling).
+    if (route.errors && route.errors[i]?.default) {
+      element = createElement(ErrorBoundary, {
+        fallback: route.errors[i].default,
+        children: element,
+      });
+    }
+
+    const LayoutComponent = route.layouts[i]?.default;
+    if (LayoutComponent) {
+      // Per-layout NotFoundBoundary: wraps this layout's children so that
+      // notFound() thrown from a child layout is caught here.
+      // Matches Next.js behavior where each segment has its own boundary.
+      // The boundary at level N catches errors from Layout[N+1] and below,
+      // but NOT from Layout[N] itself (which propagates to level N-1).
+      {
+        const LayoutNotFound = route.notFounds?.[i]?.default;
+        if (LayoutNotFound) {
+          element = createElement(NotFoundBoundary, {
+            fallback: createElement(LayoutNotFound),
+            children: element,
+          });
+        }
+      }
+
+      const layoutProps = { children: element, params: makeThenableParams(params) };
+
+      // Add parallel slot elements to the layout that defines them.
+      // Each slot has a layoutIndex indicating which layout it belongs to.
+      if (route.slots) {
+        for (const [slotName, slotMod] of Object.entries(route.slots)) {
+          // Attach slot to the layout at its layoutIndex, or to the innermost layout if -1
+          const targetIdx = slotMod.layoutIndex >= 0 ? slotMod.layoutIndex : route.layouts.length - 1;
+          if (i !== targetIdx) continue;
+          // Check if this slot has an intercepting route that should activate
+          let SlotPage = null;
+          let slotParams = params;
+
+          if (opts && opts.interceptSlot === slotName && opts.interceptPage) {
+            // Use the intercepting route's page component
+            SlotPage = opts.interceptPage.default;
+            slotParams = opts.interceptParams || params;
+          } else {
+            SlotPage = slotMod.page?.default || slotMod.default?.default;
+          }
+
+          if (SlotPage) {
+            let slotElement = createElement(SlotPage, { params: makeThenableParams(slotParams) });
+            // Wrap with slot-specific layout if present.
+            // In Next.js, @slot/layout.tsx wraps the slot's page content
+            // before it is passed as a prop to the parent layout.
+            const SlotLayout = slotMod.layout?.default;
+            if (SlotLayout) {
+              slotElement = createElement(SlotLayout, {
+                children: slotElement,
+                params: makeThenableParams(slotParams),
+              });
+            }
+            // Wrap with slot-specific loading if present
+            if (slotMod.loading?.default) {
+              slotElement = createElement(Suspense,
+                { fallback: createElement(slotMod.loading.default) },
+                slotElement,
+              );
+            }
+            // Wrap with slot-specific error boundary if present
+            if (slotMod.error?.default) {
+              slotElement = createElement(ErrorBoundary, {
+                fallback: slotMod.error.default,
+                children: slotElement,
+              });
+            }
+            layoutProps[slotName] = slotElement;
+          }
+        }
+      }
+
+      element = createElement(LayoutComponent, layoutProps);
+
+      // Wrap the layout with LayoutSegmentProvider so useSelectedLayoutSegments()
+      // called INSIDE this layout gets the correct child segments. We resolve the
+      // route tree segments using actual param values and pass them through context.
+      // We wrap the layout (not just children) because hooks are called from
+      // components rendered inside the layout's own JSX.
+      const treePos = route.layoutTreePositions ? route.layoutTreePositions[i] : 0;
+      const childSegs = __resolveChildSegments(route.routeSegments || [], treePos, params);
+      element = createElement(LayoutSegmentProvider, { childSegments: childSegs }, element);
+    }
+  }
+
+  // Wrap with global error boundary if app/global-error.tsx exists.
+  // This catches errors in the root layout itself.
+  
+
+  return element;
+}
+
+
+function matchMiddlewarePattern(pathname, pattern) {
+  // Regex patterns: if the pattern contains "(" or "\\" it's a regex —
+  // pass it through to RegExp directly WITHOUT dot-escaping.
+  // This guard prevents regex pattern corruption from dot-escaping.
+  if (pattern.includes("(") || pattern.includes("\\\\")) {
+    const re = __safeRegExp("^" + pattern + "$");
+    if (re) return re.test(pathname);
+  }
+  // Single-pass tokenizer (avoids chained .replace() flagged by CodeQL as
+  // incomplete sanitization — later passes could re-process earlier outputs).
+  let regexStr = "";
+  const tokenRe = /\\/:([\\w-]+)\\*|\\/:([\\w-]+)\\+|:([\\w-]+)|[.]|[^/:.]+|./g;
+  let tok;
+  while ((tok = tokenRe.exec(pattern)) !== null) {
+    if (tok[1] !== undefined) { regexStr += "(?:/.*)?"; }
+    else if (tok[2] !== undefined) { regexStr += "(?:/.+)"; }
+    else if (tok[3] !== undefined) { regexStr += "([^/]+)"; }
+    else if (tok[0] === ".") { regexStr += "\\\\."; }
+    else { regexStr += tok[0]; }
+  }
+  const re2 = __safeRegExp("^" + regexStr + "$");
+  return re2 ? re2.test(pathname) : pathname === pattern;
+}
+
+function matchesMiddleware(pathname, matcher) {
+  if (!matcher) {
+    return true;
+  }
+  const patterns = [];
+  if (typeof matcher === "string") { patterns.push(matcher); }
+  else if (Array.isArray(matcher)) {
+    for (const m of matcher) {
+      if (typeof m === "string") patterns.push(m);
+      else if (m && typeof m === "object" && "source" in m) patterns.push(m.source);
+    }
+  }
+  return patterns.some((p) => { return matchMiddlewarePattern(pathname, p); });
+}
+
+const __basePath = "";
+const __trailingSlash = false;
+const __configRedirects = [];
+const __configRewrites = {"beforeFiles":[],"afterFiles":[],"fallback":[]};
+const __configHeaders = [];
+const __allowedOrigins = [];
+
+
+// ── Dev server origin verification ──────────────────────────────────────
+// Block cross-origin requests to prevent data exfiltration during development.
+const __allowedDevOrigins = [];
+const __safeDevHosts = ["localhost", "127.0.0.1", "[::1]"];
+
+function __validateDevRequestOrigin(request) {
+  // Check Sec-Fetch headers (catches <script> tag exfiltration)
+  if (request.headers.get("sec-fetch-mode") === "no-cors" &&
+      request.headers.get("sec-fetch-site") === "cross-site") {
+    console.warn("[vinext] Blocked cross-site no-cors request to " + new URL(request.url).pathname);
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  const origin = request.headers.get("origin");
+  if (!origin || origin === "null") return null;
+
+  let originHostname;
+  try {
+    originHostname = new URL(origin).hostname.toLowerCase();
+  } catch {
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  // Allow localhost, 127.0.0.1, [::1], and *.localhost
+  if (__safeDevHosts.includes(originHostname) || originHostname.endsWith(".localhost")) return null;
+
+  // Same-origin: compare against Host header
+  const hostHeader = (request.headers.get("x-forwarded-host") || request.headers.get("host") || "").split(",")[0].trim().split(":")[0].toLowerCase();
+  if (hostHeader && originHostname === hostHeader) return null;
+
+  // Check user-configured allowed origins
+  for (const pattern of __allowedDevOrigins) {
+    if (pattern.startsWith("*.")) {
+      const suffix = pattern.slice(1);
+      if (originHostname === pattern.slice(2) || originHostname.endsWith(suffix)) return null;
+    } else if (originHostname === pattern) {
+      return null;
+    }
+  }
+
+  console.warn(
+    \`[vinext] Blocked cross-origin request from "\${origin}" to \${new URL(request.url).pathname}. \` +
+    \`To allow this origin, add it to allowedDevOrigins in next.config.js.\`
+  );
+  return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+}
+
+
+// ── CSRF origin validation for server actions ───────────────────────────
+// Matches Next.js behavior: compare the Origin header against the Host header.
+// If they don't match, the request is rejected with 403 unless the origin is
+// in the allowedOrigins list (from experimental.serverActions.allowedOrigins).
+function __isOriginAllowed(origin, allowed) {
+  for (const pattern of allowed) {
+    if (pattern.startsWith("*.")) {
+      // Wildcard: *.example.com matches sub.example.com, a.b.example.com
+      const suffix = pattern.slice(1); // ".example.com"
+      if (origin === pattern.slice(2) || origin.endsWith(suffix)) return true;
+    } else if (origin === pattern) {
+      return true;
+    }
+  }
+  return false;
+}
+
+function __validateCsrfOrigin(request) {
+  const originHeader = request.headers.get("origin");
+  // If there's no Origin header, allow the request — same-origin requests
+  // from non-fetch navigations (e.g. SSR) may lack an Origin header.
+  // The x-rsc-action custom header already provides protection against simple
+  // form-based CSRF since custom headers can't be set by cross-origin forms.
+  if (!originHeader || originHeader === "null") return null;
+
+  let originHost;
+  try {
+    originHost = new URL(originHeader).host.toLowerCase();
+  } catch {
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  // Only use the Host header for origin comparison — never trust
+  // X-Forwarded-Host here, since it can be freely set by the client
+  // and would allow the check to be bypassed if it matched a spoofed
+  // Origin. The prod server's resolveHost() handles trusted proxy
+  // scenarios separately.
+  const hostHeader = (
+    request.headers.get("host") ||
+    ""
+  ).split(",")[0].trim().toLowerCase();
+
+  if (!hostHeader) return null;
+
+  // Same origin — allow
+  if (originHost === hostHeader) return null;
+
+  // Check allowedOrigins from next.config.js
+  if (__allowedOrigins.length > 0 && __isOriginAllowed(originHost, __allowedOrigins)) return null;
+
+  console.warn(
+    \`[vinext] CSRF origin mismatch: origin "\${originHost}" does not match host "\${hostHeader}". Blocking server action request.\`
+  );
+  return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+}
+
+// ── ReDoS-safe regex compilation ────────────────────────────────────────
+
+function __isSafeRegex(pattern) {
+  const quantifierAtDepth = [];
+  let depth = 0;
+  let i = 0;
+  while (i < pattern.length) {
+    const ch = pattern[i];
+    if (ch === "\\\\") { i += 2; continue; }
+    if (ch === "[") {
+      i++;
+      while (i < pattern.length && pattern[i] !== "]") {
+        if (pattern[i] === "\\\\") i++;
+        i++;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "(") {
+      depth++;
+      if (quantifierAtDepth.length <= depth) quantifierAtDepth.push(false);
+      else quantifierAtDepth[depth] = false;
+      i++;
+      continue;
+    }
+    if (ch === ")") {
+      const hadQ = depth > 0 && quantifierAtDepth[depth];
+      if (depth > 0) depth--;
+      const next = pattern[i + 1];
+      if (next === "+" || next === "*" || next === "{") {
+        if (hadQ) return false;
+        if (depth >= 0 && depth < quantifierAtDepth.length) quantifierAtDepth[depth] = true;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "+" || ch === "*") {
+      if (depth > 0) quantifierAtDepth[depth] = true;
+      i++;
+      continue;
+    }
+    if (ch === "?") {
+      const prev = i > 0 ? pattern[i - 1] : "";
+      if (prev !== "+" && prev !== "*" && prev !== "?" && prev !== "}") {
+        if (depth > 0) quantifierAtDepth[depth] = true;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "{") {
+      let j = i + 1;
+      while (j < pattern.length && /[\\d,]/.test(pattern[j])) j++;
+      if (j < pattern.length && pattern[j] === "}" && j > i + 1) {
+        if (depth > 0) quantifierAtDepth[depth] = true;
+        i = j + 1;
+        continue;
+      }
+    }
+    i++;
+  }
+  return true;
+}
+function __safeRegExp(pattern, flags) {
+  if (!__isSafeRegex(pattern)) {
+    console.warn("[vinext] Ignoring potentially unsafe regex pattern (ReDoS risk): " + pattern);
+    return null;
+  }
+  try { return new RegExp(pattern, flags); } catch { return null; }
+}
+
+// ── Path normalization ──────────────────────────────────────────────────
+
+function __normalizePath(pathname) {
+  if (
+    pathname === "/" ||
+    (pathname.length > 1 &&
+      pathname[0] === "/" &&
+      !pathname.includes("//") &&
+      !pathname.includes("/./") &&
+      !pathname.includes("/../") &&
+      !pathname.endsWith("/.") &&
+      !pathname.endsWith("/.."))
+  ) {
+    return pathname;
+  }
+  const segments = pathname.split("/");
+  const resolved = [];
+  for (let i = 0; i < segments.length; i++) {
+    const seg = segments[i];
+    if (seg === "" || seg === ".") continue;
+    if (seg === "..") { resolved.pop(); }
+    else { resolved.push(seg); }
+  }
+  return "/" + resolved.join("/");
+}
+
+// ── Config pattern matching (redirects, rewrites, headers) ──────────────
+function __matchConfigPattern(pathname, pattern) {
+  if (pattern.includes("(") || pattern.includes("\\\\") || /:[\\w-]+[*+][^/]/.test(pattern) || /:[\\w-]+\\./.test(pattern)) {
+    try {
+      const paramNames = [];
+      const regexStr = pattern
+        .replace(/\\./g, "\\\\.")
+        .replace(/:([\\w-]+)\\*(?:\\(([^)]+)\\))?/g, (_, name, c) => { paramNames.push(name); return c ? "(" + c + ")" : "(.*)"; })
+        .replace(/:([\\w-]+)\\+(?:\\(([^)]+)\\))?/g, (_, name, c) => { paramNames.push(name); return c ? "(" + c + ")" : "(.+)"; })
+        .replace(/:([\\w-]+)\\(([^)]+)\\)/g, (_, name, c) => { paramNames.push(name); return "(" + c + ")"; })
+        .replace(/:([\\w-]+)/g, (_, name) => { paramNames.push(name); return "([^/]+)"; });
+      const re = __safeRegExp("^" + regexStr + "$");
+      if (!re) return null;
+      const match = re.exec(pathname);
+      if (!match) return null;
+      const params = Object.create(null);
+      for (let i = 0; i < paramNames.length; i++) params[paramNames[i]] = match[i + 1] || "";
+      return params;
+    } catch { /* fall through */ }
+  }
+  const catchAllMatch = pattern.match(/:([\\w-]+)(\\*|\\+)$/);
+  if (catchAllMatch) {
+    const prefix = pattern.slice(0, pattern.lastIndexOf(":"));
+    const paramName = catchAllMatch[1];
+    const isPlus = catchAllMatch[2] === "+";
+    if (!pathname.startsWith(prefix.replace(/\\/$/, ""))) return null;
+    const rest = pathname.slice(prefix.replace(/\\/$/, "").length);
+    if (isPlus && (!rest || rest === "/")) return null;
+    let restValue = rest.startsWith("/") ? rest.slice(1) : rest;
+     // NOTE: Do NOT decodeURIComponent here. The pathname is already decoded at
+     // the request entry point. Decoding again would produce incorrect param values.
+    return { [paramName]: restValue };
+  }
+  const parts = pattern.split("/");
+  const pathParts = pathname.split("/");
+  if (parts.length !== pathParts.length) return null;
+  const params = Object.create(null);
+  for (let i = 0; i < parts.length; i++) {
+    if (parts[i].startsWith(":")) params[parts[i].slice(1)] = pathParts[i];
+    else if (parts[i] !== pathParts[i]) return null;
+  }
+  return params;
+}
+
+function __parseCookies(cookieHeader) {
+  if (!cookieHeader) return {};
+  const cookies = {};
+  for (const part of cookieHeader.split(";")) {
+    const eq = part.indexOf("=");
+    if (eq === -1) continue;
+    const key = part.slice(0, eq).trim();
+    const value = part.slice(eq + 1).trim();
+    if (key) cookies[key] = value;
+  }
+  return cookies;
+}
+
+function __checkSingleCondition(condition, ctx) {
+  switch (condition.type) {
+    case "header": {
+      const v = ctx.headers.get(condition.key);
+      if (v === null) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "cookie": {
+      const v = ctx.cookies[condition.key];
+      if (v === undefined) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "query": {
+      const v = ctx.query.get(condition.key);
+      if (v === null) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "host": {
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(ctx.host) : ctx.host === condition.value; }
+      return ctx.host === condition.key;
+    }
+    default: return false;
+  }
+}
+
+function __checkHasConditions(has, missing, ctx) {
+  if (has) { for (const c of has) { if (!__checkSingleCondition(c, ctx)) return false; } }
+  if (missing) { for (const c of missing) { if (__checkSingleCondition(c, ctx)) return false; } }
+  return true;
+}
+
+function __buildRequestContext(request) {
+  const url = new URL(request.url);
+  return {
+    headers: request.headers,
+    cookies: __parseCookies(request.headers.get("cookie")),
+    query: url.searchParams,
+    host: request.headers.get("host") || url.host,
+  };
+}
+
+/**
+ * Build a request context from the live ALS HeadersContext, which reflects
+ * any x-middleware-request-* header mutations applied by middleware.
+ * Used for afterFiles and fallback rewrite has/missing evaluation — these
+ * run after middleware in the App Router execution order.
+ */
+function __buildPostMwRequestContext(request) {
+  const url = new URL(request.url);
+  const ctx = getHeadersContext();
+  if (!ctx) return __buildRequestContext(request);
+  // ctx.cookies is a Map<string, string> (HeadersContext), but RequestContext
+  // requires a plain Record<string, string> for has/missing cookie evaluation
+  // (config-matchers.ts uses obj[key] not Map.get()). Convert here.
+  const cookiesRecord = Object.fromEntries(ctx.cookies);
+  return {
+    headers: ctx.headers,
+    cookies: cookiesRecord,
+    query: url.searchParams,
+    host: ctx.headers.get("host") || url.host,
+  };
+}
+
+function __sanitizeDestination(dest) {
+  if (dest.startsWith("http://") || dest.startsWith("https://")) return dest;
+  dest = dest.replace(/^[\\\\/]+/, "/");
+  return dest;
+}
+
+function __applyConfigRedirects(pathname, ctx) {
+  for (const rule of __configRedirects) {
+    const params = __matchConfigPattern(pathname, rule.source);
+    if (params) {
+      if (ctx && (rule.has || rule.missing)) { if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue; }
+      let dest = rule.destination;
+      for (const [key, value] of Object.entries(params)) { dest = dest.replace(":" + key + "*", value); dest = dest.replace(":" + key + "+", value); dest = dest.replace(":" + key, value); }
+      dest = __sanitizeDestination(dest);
+      return { destination: dest, permanent: rule.permanent };
+    }
+  }
+  return null;
+}
+
+function __applyConfigRewrites(pathname, rules, ctx) {
+  for (const rule of rules) {
+    const params = __matchConfigPattern(pathname, rule.source);
+    if (params) {
+      if (ctx && (rule.has || rule.missing)) { if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue; }
+      let dest = rule.destination;
+      for (const [key, value] of Object.entries(params)) { dest = dest.replace(":" + key + "*", value); dest = dest.replace(":" + key + "+", value); dest = dest.replace(":" + key, value); }
+      dest = __sanitizeDestination(dest);
+      return dest;
+    }
+  }
+  return null;
+}
+
+function __isExternalUrl(url) {
+  return /^[a-z][a-z0-9+.-]*:/i.test(url) || url.startsWith("//");
+}
+
+/**
+ * Maximum server-action request body size (1 MB).
+ * Matches the Next.js default for serverActions.bodySizeLimit.
+ * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/serverActions#bodysizelimit
+ * Prevents unbounded request body buffering.
+ */
+var __MAX_ACTION_BODY_SIZE = 1 * 1024 * 1024;
+
+/**
+ * Read a request body as text with a size limit.
+ * Enforces the limit on the actual byte stream to prevent bypasses
+ * via chunked transfer-encoding where Content-Length is absent or spoofed.
+ */
+async function __readBodyWithLimit(request, maxBytes) {
+  if (!request.body) return "";
+  var reader = request.body.getReader();
+  var decoder = new TextDecoder();
+  var chunks = [];
+  var totalSize = 0;
+  for (;;) {
+    var result = await reader.read();
+    if (result.done) break;
+    totalSize += result.value.byteLength;
+    if (totalSize > maxBytes) {
+      reader.cancel();
+      throw new Error("Request body too large");
+    }
+    chunks.push(decoder.decode(result.value, { stream: true }));
+  }
+  chunks.push(decoder.decode());
+  return chunks.join("");
+}
+
+/**
+ * Read a request body as FormData with a size limit.
+ * Consumes the body stream with a byte counter and then parses the
+ * collected bytes as multipart form data via the Response constructor.
+ */
+async function __readFormDataWithLimit(request, maxBytes) {
+  if (!request.body) return new FormData();
+  var reader = request.body.getReader();
+  var chunks = [];
+  var totalSize = 0;
+  for (;;) {
+    var result = await reader.read();
+    if (result.done) break;
+    totalSize += result.value.byteLength;
+    if (totalSize > maxBytes) {
+      reader.cancel();
+      throw new Error("Request body too large");
+    }
+    chunks.push(result.value);
+  }
+  // Reconstruct a Response with the original Content-Type so that
+  // the FormData parser can handle multipart boundaries correctly.
+  var combined = new Uint8Array(totalSize);
+  var offset = 0;
+  for (var chunk of chunks) {
+    combined.set(chunk, offset);
+    offset += chunk.byteLength;
+  }
+  var contentType = request.headers.get("content-type") || "";
+  return new Response(combined, { headers: { "Content-Type": contentType } }).formData();
+}
+
+const __hopByHopHeaders = new Set(["connection","keep-alive","proxy-authenticate","proxy-authorization","te","trailers","transfer-encoding","upgrade"]);
+
+async function __proxyExternalRequest(request, externalUrl) {
+  const originalUrl = new URL(request.url);
+  const targetUrl = new URL(externalUrl);
+  for (const [key, value] of originalUrl.searchParams) {
+    if (!targetUrl.searchParams.has(key)) targetUrl.searchParams.set(key, value);
+  }
+  const headers = new Headers(request.headers);
+  headers.set("host", targetUrl.host);
+  headers.delete("connection");
+  for (const key of [...headers.keys()]) {
+    if (key.startsWith("x-middleware-")) headers.delete(key);
+  }
+  const method = request.method;
+  const hasBody = method !== "GET" && method !== "HEAD";
+  const init = { method, headers, redirect: "manual", signal: AbortSignal.timeout(30000) };
+  if (hasBody && request.body) { init.body = request.body; init.duplex = "half"; }
+  let upstream;
+  try { upstream = await fetch(targetUrl.href, init); }
+  catch (e) {
+    if (e && e.name === "TimeoutError") return new Response("Gateway Timeout", { status: 504 });
+    console.error("[vinext] External rewrite proxy error:", e); return new Response("Bad Gateway", { status: 502 });
+  }
+  const respHeaders = new Headers();
+  // Node.js fetch() auto-decompresses response bodies, while Workers fetch()
+  // preserves wire encoding. Only strip encoding/length on Node.js to avoid
+  // double-decompression errors without breaking Workers parity.
+  const __isNodeRuntime = typeof process !== "undefined" && !!(process.versions && process.versions.node);
+  upstream.headers.forEach(function(value, key) {
+    var lower = key.toLowerCase();
+    if (__hopByHopHeaders.has(lower)) return;
+    if (__isNodeRuntime && (lower === "content-encoding" || lower === "content-length")) return;
+    respHeaders.append(key, value);
+  });
+  return new Response(upstream.body, { status: upstream.status, statusText: upstream.statusText, headers: respHeaders });
+}
+
+function __applyConfigHeaders(pathname, ctx) {
+  const result = [];
+  for (const rule of __configHeaders) {
+    const groups = [];
+    const withPlaceholders = rule.source.replace(/\\(([^)]+)\\)/g, (_, inner) => {
+      groups.push(inner);
+      return "___GROUP_" + (groups.length - 1) + "___";
+    });
+    const escaped = withPlaceholders
+      .replace(/\\./g, "\\\\.")
+      .replace(/\\+/g, "\\\\+")
+      .replace(/\\?/g, "\\\\?")
+      .replace(/\\*/g, ".*")
+      .replace(/:[\\w-]+/g, "[^/]+")
+      .replace(/___GROUP_(\\d+)___/g, (_, idx) => "(" + groups[Number(idx)] + ")");
+    const sourceRegex = __safeRegExp("^" + escaped + "$");
+    if (sourceRegex && sourceRegex.test(pathname)) {
+      if (ctx && (rule.has || rule.missing)) {
+        if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue;
+      }
+      result.push(...rule.headers);
+    }
+  }
+  return result;
+}
+
+export default async function handler(request) {
+  // Wrap the entire request in nested AsyncLocalStorage.run() scopes to ensure
+  // per-request isolation for all state modules. Each runWith*() creates an
+  // ALS scope that propagates through all async continuations (including RSC
+  // streaming), preventing state leakage between concurrent requests on
+  // Cloudflare Workers and other concurrent runtimes.
+  const headersCtx = headersContextFromRequest(request);
+  return runWithHeadersContext(headersCtx, () =>
+    _runWithNavigationContext(() =>
+      _runWithCacheState(() =>
+        _runWithPrivateCache(() =>
+          runWithFetchCache(async () => {
+            const __reqCtx = __buildRequestContext(request);
+            // Per-request container for middleware state. Passed into
+            // _handleRequest which fills in .headers and .status;
+            // avoids module-level variables that race on Workers.
+            const _mwCtx = { headers: null, status: null };
+            const response = await _handleRequest(request, __reqCtx, _mwCtx);
+            // Apply custom headers from next.config.js to non-redirect responses.
+            // Skip redirects (3xx) because Response.redirect() creates immutable headers,
+            // and Next.js doesn't apply custom headers to redirects anyway.
+            if (response && response.headers && !(response.status >= 300 && response.status < 400)) {
+              if (__configHeaders.length) {
+                const url = new URL(request.url);
+                let pathname;
+                try { pathname = __normalizePath(decodeURIComponent(url.pathname)); } catch { pathname = url.pathname; }
+                
+                const extraHeaders = __applyConfigHeaders(pathname, __reqCtx);
+                for (const h of extraHeaders) {
+                  // Use append() for headers where multiple values must coexist
+                  // (Vary, Set-Cookie). Using set() on these would destroy
+                  // existing values like "Vary: RSC, Accept" which are critical
+                  // for correct CDN caching behavior.
+                  const lk = h.key.toLowerCase();
+                  if (lk === "vary" || lk === "set-cookie") {
+                    response.headers.append(h.key, h.value);
+                  } else if (!response.headers.has(lk)) {
+                    // Middleware headers take precedence: skip config keys already
+                    // set by middleware so middleware headers always win.
+                    response.headers.set(h.key, h.value);
+                  }
+                }
+              }
+            }
+            return response;
+          })
+        )
+      )
+    )
+  );
+}
+
+async function _handleRequest(request, __reqCtx, _mwCtx) {
+  const __reqStart = process.env.NODE_ENV !== "production" ? performance.now() : 0;
+  let __compileEnd;
+  let __renderEnd;
+  // __reqStart is included in the timing header so the Node logging middleware
+  // can compute true compile time as: handlerStart - middlewareStart.
+  // Format: "handlerStart,compileMs,renderMs" - all as integers (ms). Dev-only.
+  const url = new URL(request.url);
+
+  // ── Cross-origin request protection ─────────────────────────────────
+  // Block requests from non-localhost origins to prevent data exfiltration.
+  const __originBlock = __validateDevRequestOrigin(request);
+  if (__originBlock) return __originBlock;
+
+  // Guard against protocol-relative URL open redirects.
+  // Paths like //example.com/ would be redirected to //example.com by the
+  // trailing-slash normalizer, which browsers interpret as http://example.com.
+  // Backslashes are equivalent to forward slashes in the URL spec
+  // (e.g. /\\evil.com is treated as //evil.com by browsers and the URL constructor).
+  // Next.js returns 404 for these paths. Check the RAW pathname before
+  // normalization so the guard fires before normalizePath collapses //.
+  if (url.pathname.replaceAll("\\\\", "/").startsWith("//")) {
+    return new Response("404 Not Found", { status: 404 });
+  }
+
+  // Decode percent-encoding and normalize pathname to canonical form.
+  // decodeURIComponent prevents /%61dmin from bypassing /admin matchers.
+  // __normalizePath collapses //foo///bar → /foo/bar, resolves . and .. segments.
+  let decodedUrlPathname;
+  try { decodedUrlPathname = decodeURIComponent(url.pathname); } catch (e) {
+    return new Response("Bad Request", { status: 400 });
+  }
+  let pathname = __normalizePath(decodedUrlPathname);
+
+  
+
+  // Trailing slash normalization (redirect to canonical form)
+  if (pathname !== "/" && !pathname.startsWith("/api")) {
+    const hasTrailing = pathname.endsWith("/");
+    if (__trailingSlash && !hasTrailing && !pathname.endsWith(".rsc")) {
+      return Response.redirect(new URL(__basePath + pathname + "/" + url.search, request.url), 308);
+    } else if (!__trailingSlash && hasTrailing) {
+      return Response.redirect(new URL(__basePath + pathname.replace(/\\/+$/, "") + url.search, request.url), 308);
+    }
+  }
+
+  // ── Apply redirects from next.config.js ───────────────────────────────
+  if (__configRedirects.length) {
+    // Strip .rsc suffix before matching redirect rules - RSC (client-side nav) requests
+    // arrive as /some/path.rsc but redirect patterns are defined without it (e.g.
+    // /some/path). Without this, soft-nav fetches bypass all config redirects.
+    const __redirPathname = pathname.endsWith(".rsc") ? pathname.slice(0, -4) : pathname;
+    const __redir = __applyConfigRedirects(__redirPathname, __reqCtx);
+    if (__redir) {
+      const __redirDest = __sanitizeDestination(
+        __basePath && !__redir.destination.startsWith(__basePath)
+          ? __basePath + __redir.destination
+          : __redir.destination
+      );
+      return new Response(null, {
+        status: __redir.permanent ? 308 : 307,
+        headers: { Location: __redirDest },
+      });
+    }
+  }
+
+  const isRscRequest = pathname.endsWith(".rsc") || request.headers.get("accept")?.includes("text/x-component");
+  let cleanPathname = pathname.replace(/\\.rsc$/, "");
+
+  // Middleware response headers and custom rewrite status are stored in
+  // _mwCtx (per-request container) so handler() can merge them into
+  // every response path without module-level state that races on Workers.
+
+  
+   // Run proxy/middleware if present and path matches.
+   // Validate exports match the file type (proxy.ts vs middleware.ts), matching Next.js behavior.
+   // https://github.com/vercel/next.js/blob/canary/test/e2e/app-dir/proxy-missing-export/proxy-missing-export.test.ts
+  const _isProxy = false;
+  const middlewareFn = _isProxy
+    ? (middlewareModule.proxy ?? middlewareModule.default)
+    : (middlewareModule.middleware ?? middlewareModule.default);
+  if (typeof middlewareFn !== "function") {
+    const _fileType = _isProxy ? "Proxy" : "Middleware";
+    const _expectedExport = _isProxy ? "proxy" : "middleware";
+    throw new Error("The " + _fileType + " file must export a function named \`" + _expectedExport + "\` or a \`default\` function.");
+  }
+  const middlewareMatcher = middlewareModule.config?.matcher;
+  if (matchesMiddleware(cleanPathname, middlewareMatcher)) {
+    try {
+      // Wrap in NextRequest so middleware gets .nextUrl, .cookies, .geo, .ip, etc.
+       // Always construct a new Request with the fully decoded + normalized pathname
+       // so middleware and the router see the same canonical path.
+      const mwUrl = new URL(request.url);
+      mwUrl.pathname = cleanPathname;
+      const mwRequest = new Request(mwUrl, request);
+      const nextRequest = mwRequest instanceof NextRequest ? mwRequest : new NextRequest(mwRequest);
+      const mwFetchEvent = new NextFetchEvent({ page: cleanPathname });
+      const mwResponse = await middlewareFn(nextRequest, mwFetchEvent);
+      mwFetchEvent.drainWaitUntil();
+      if (mwResponse) {
+        // Check for x-middleware-next (continue)
+        if (mwResponse.headers.get("x-middleware-next") === "1") {
+          // Middleware wants to continue — collect all headers except the two
+          // control headers we've already consumed.  x-middleware-request-*
+          // headers are kept so applyMiddlewareRequestHeaders() can unpack them;
+          // the blanket strip loop after that call removes every remaining
+          // x-middleware-* header before the set is merged into the response.
+           _mwCtx.headers = new Headers();
+          for (const [key, value] of mwResponse.headers) {
+            if (key !== "x-middleware-next" && key !== "x-middleware-rewrite") {
+              _mwCtx.headers.append(key, value);
+            }
+          }
+        } else {
+          // Check for redirect
+          if (mwResponse.status >= 300 && mwResponse.status < 400) {
+            return mwResponse;
+          }
+          // Check for rewrite
+          const rewriteUrl = mwResponse.headers.get("x-middleware-rewrite");
+          if (rewriteUrl) {
+            const rewriteParsed = new URL(rewriteUrl, request.url);
+            cleanPathname = rewriteParsed.pathname;
+            // Capture custom status code from rewrite (e.g. NextResponse.rewrite(url, { status: 403 }))
+            if (mwResponse.status !== 200) {
+              _mwCtx.status = mwResponse.status;
+            }
+            // Also save any other headers from the rewrite response
+            _mwCtx.headers = new Headers();
+            for (const [key, value] of mwResponse.headers) {
+              if (key !== "x-middleware-next" && key !== "x-middleware-rewrite") {
+                _mwCtx.headers.append(key, value);
+              }
+            }
+          } else {
+            // Middleware returned a custom response
+            return mwResponse;
+          }
+        }
+      }
+    } catch (err) {
+      console.error("[vinext] Middleware error:", err);
+      return new Response("Internal Server Error", { status: 500 });
+    }
+  }
+
+  // Unpack x-middleware-request-* headers into the request context so that
+  // headers() returns the middleware-modified headers instead of the original
+  // request headers. Strip ALL x-middleware-* headers from the set that will
+  // be merged into the outgoing HTTP response — this prefix is reserved for
+  // internal routing signals and must never reach clients.
+  if (_mwCtx.headers) {
+    applyMiddlewareRequestHeaders(_mwCtx.headers);
+    for (const key of [..._mwCtx.headers.keys()]) {
+      if (key.startsWith("x-middleware-")) {
+        _mwCtx.headers.delete(key);
+      }
+    }
+  }
+  
+
+  // Build post-middleware request context for afterFiles/fallback rewrites.
+  // These run after middleware in the App Router execution order and should
+  // evaluate has/missing conditions against middleware-modified headers.
+  // When no middleware is present, this falls back to __buildRequestContext.
+  const __postMwReqCtx = __buildPostMwRequestContext(request);
+
+  // ── Apply beforeFiles rewrites from next.config.js ────────────────────
+  // In App Router execution order, beforeFiles runs after middleware so that
+  // has/missing conditions can evaluate against middleware-modified headers.
+  if (__configRewrites.beforeFiles && __configRewrites.beforeFiles.length) {
+    const __rewritten = __applyConfigRewrites(cleanPathname, __configRewrites.beforeFiles, __postMwReqCtx);
+    if (__rewritten) {
+      if (__isExternalUrl(__rewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __rewritten);
+      }
+      cleanPathname = __rewritten;
+    }
+  }
+
+  // ── Image optimization passthrough (dev mode — no transformation) ───────
+  if (cleanPathname === "/_vinext/image") {
+    const __rawImgUrl = url.searchParams.get("url");
+    // Normalize backslashes: browsers and the URL constructor treat
+    // /\\evil.com as protocol-relative (//evil.com), bypassing the // check.
+    const __imgUrl = __rawImgUrl?.replaceAll("\\\\", "/") ?? null;
+    // Allowlist: must start with "/" but not "//" — blocks absolute URLs,
+    // protocol-relative, backslash variants, and exotic schemes.
+    if (!__imgUrl || !__imgUrl.startsWith("/") || __imgUrl.startsWith("//")) {
+      return new Response(!__rawImgUrl ? "Missing url parameter" : "Only relative URLs allowed", { status: 400 });
+    }
+    // Validate the constructed URL's origin hasn't changed (defense in depth).
+    const __resolvedImg = new URL(__imgUrl, request.url);
+    if (__resolvedImg.origin !== url.origin) {
+      return new Response("Only relative URLs allowed", { status: 400 });
+    }
+    // In dev, redirect to the original asset URL so Vite's static serving handles it.
+    return Response.redirect(__resolvedImg.href, 302);
+  }
+
+  // Handle metadata routes (sitemap.xml, robots.txt, manifest.webmanifest, etc.)
+  for (const metaRoute of metadataRoutes) {
+    if (cleanPathname === metaRoute.servedUrl) {
+      if (metaRoute.isDynamic) {
+        // Dynamic metadata route — call the default export and serialize
+        const metaFn = metaRoute.module.default;
+        if (typeof metaFn === "function") {
+          const result = await metaFn();
+          let body;
+          // If it's already a Response (e.g., ImageResponse), return directly
+          if (result instanceof Response) return result;
+          // Serialize based on type
+          if (metaRoute.type === "sitemap") body = sitemapToXml(result);
+          else if (metaRoute.type === "robots") body = robotsToText(result);
+          else if (metaRoute.type === "manifest") body = manifestToJson(result);
+          else body = JSON.stringify(result);
+          return new Response(body, {
+            headers: { "Content-Type": metaRoute.contentType },
+          });
+        }
+      } else {
+        // Static metadata file — decode from embedded base64 data
+        try {
+          const binary = atob(metaRoute.fileDataBase64);
+          const bytes = new Uint8Array(binary.length);
+          for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+          return new Response(bytes, {
+            headers: {
+              "Content-Type": metaRoute.contentType,
+              "Cache-Control": "public, max-age=0, must-revalidate",
+            },
+          });
+        } catch {
+          return new Response("Not Found", { status: 404 });
+        }
+      }
+    }
+  }
+
+  // Set navigation context for Server Components.
+  // Note: Headers context is already set by runWithHeadersContext in the handler wrapper.
+  setNavigationContext({
+    pathname: cleanPathname,
+    searchParams: url.searchParams,
+    params: {},
+  });
+
+  // Handle server action POST requests
+  const actionId = request.headers.get("x-rsc-action");
+  if (request.method === "POST" && actionId) {
+    // ── CSRF protection ─────────────────────────────────────────────────
+    // Verify that the Origin header matches the Host header to prevent
+    // cross-site request forgery, matching Next.js server action behavior.
+    const csrfResponse = __validateCsrfOrigin(request);
+    if (csrfResponse) return csrfResponse;
+
+    // ── Body size limit ─────────────────────────────────────────────────
+    // Reject payloads larger than the configured limit.
+    // Check Content-Length as a fast path, then enforce on the actual
+    // stream to prevent bypasses via chunked transfer-encoding.
+    const contentLength = parseInt(request.headers.get("content-length") || "0", 10);
+    if (contentLength > __MAX_ACTION_BODY_SIZE) {
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response("Payload Too Large", { status: 413 });
+    }
+
+    try {
+      const contentType = request.headers.get("content-type") || "";
+      let body;
+      try {
+        body = contentType.startsWith("multipart/form-data")
+          ? await __readFormDataWithLimit(request, __MAX_ACTION_BODY_SIZE)
+          : await __readBodyWithLimit(request, __MAX_ACTION_BODY_SIZE);
+      } catch (sizeErr) {
+        if (sizeErr && sizeErr.message === "Request body too large") {
+          setHeadersContext(null);
+          setNavigationContext(null);
+          return new Response("Payload Too Large", { status: 413 });
+        }
+        throw sizeErr;
+      }
+      const temporaryReferences = createTemporaryReferenceSet();
+      const args = await decodeReply(body, { temporaryReferences });
+      const action = await loadServerAction(actionId);
+      let returnValue;
+      let actionRedirect = null;
+      try {
+        const data = await action.apply(null, args);
+        returnValue = { ok: true, data };
+      } catch (e) {
+        // Detect redirect() / permanentRedirect() called inside the action.
+        // These throw errors with digest "NEXT_REDIRECT;replace;url[;status]".
+        // The URL is encodeURIComponent-encoded to prevent semicolons in the URL
+        // from corrupting the delimiter-based digest format.
+        if (e && typeof e === "object" && "digest" in e) {
+          const digest = String(e.digest);
+          if (digest.startsWith("NEXT_REDIRECT;")) {
+            const parts = digest.split(";");
+            actionRedirect = {
+              url: decodeURIComponent(parts[2]),
+              type: parts[1] || "replace",       // "push" or "replace"
+              status: parts[3] ? parseInt(parts[3], 10) : 307,
+            };
+            returnValue = { ok: true, data: undefined };
+          } else if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+            // notFound() / forbidden() / unauthorized() in action — package as error
+            returnValue = { ok: false, data: e };
+          } else {
+            // Non-navigation digest error — sanitize in production to avoid
+            // leaking internal details (connection strings, paths, etc.)
+            console.error("[vinext] Server action error:", e);
+            returnValue = { ok: false, data: __sanitizeErrorForClient(e) };
+          }
+        } else {
+          // Unhandled error — sanitize in production to avoid leaking
+          // internal details (database errors, file paths, stack traces, etc.)
+          console.error("[vinext] Server action error:", e);
+          returnValue = { ok: false, data: __sanitizeErrorForClient(e) };
+        }
+      }
+
+      // If the action called redirect(), signal the client to navigate.
+      // We can't use a real HTTP redirect (the fetch would follow it automatically
+      // and receive a page HTML instead of RSC stream). Instead, we return a 200
+      // with x-action-redirect header that the client entry detects and handles.
+      if (actionRedirect) {
+        const actionPendingCookies = getAndClearPendingCookies();
+        const actionDraftCookie = getDraftModeCookieHeader();
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const redirectHeaders = new Headers({
+          "Content-Type": "text/x-component; charset=utf-8",
+          "Vary": "RSC, Accept",
+          "x-action-redirect": actionRedirect.url,
+          "x-action-redirect-type": actionRedirect.type,
+          "x-action-redirect-status": String(actionRedirect.status),
+        });
+        for (const cookie of actionPendingCookies) {
+          redirectHeaders.append("Set-Cookie", cookie);
+        }
+        if (actionDraftCookie) redirectHeaders.append("Set-Cookie", actionDraftCookie);
+        // Send an empty RSC-like body (client will navigate instead of parsing)
+        return new Response("", { status: 200, headers: redirectHeaders });
+      }
+
+      // After the action, re-render the current page so the client
+      // gets an updated React tree reflecting any mutations.
+      const match = matchRoute(cleanPathname, routes);
+      let element;
+      if (match) {
+        const { route: actionRoute, params: actionParams } = match;
+        setNavigationContext({
+          pathname: cleanPathname,
+          searchParams: url.searchParams,
+          params: actionParams,
+        });
+        element = buildPageElement(actionRoute, actionParams, undefined, url.searchParams);
+      } else {
+        element = createElement("div", null, "Page not found");
+      }
+
+      const rscStream = renderToReadableStream(
+        { root: element, returnValue },
+        { temporaryReferences, onError: rscOnError },
+      );
+
+      // Collect cookies set during the action
+      const actionPendingCookies = getAndClearPendingCookies();
+      const actionDraftCookie = getDraftModeCookieHeader();
+      setHeadersContext(null);
+      setNavigationContext(null);
+
+      const actionHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
+      const actionResponse = new Response(rscStream, { headers: actionHeaders });
+      if (actionPendingCookies.length > 0 || actionDraftCookie) {
+        for (const cookie of actionPendingCookies) {
+          actionResponse.headers.append("Set-Cookie", cookie);
+        }
+        if (actionDraftCookie) actionResponse.headers.append("Set-Cookie", actionDraftCookie);
+      }
+      return actionResponse;
+    } catch (err) {
+      getAndClearPendingCookies(); // Clear pending cookies on error
+      console.error("[vinext] Server action error:", err);
+      _reportRequestError(
+        err instanceof Error ? err : new Error(String(err)),
+        { path: cleanPathname, method: request.method, headers: Object.fromEntries(request.headers.entries()) },
+        { routerKind: "App Router", routePath: cleanPathname, routeType: "action" },
+      ).catch((reportErr) => {
+        console.error("[vinext] Failed to report server action error:", reportErr);
+      });
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response(
+        process.env.NODE_ENV === "production"
+          ? "Internal Server Error"
+          : "Server action failed: " + (err && err.message ? err.message : String(err)),
+        { status: 500 },
+      );
+    }
+  }
+
+  // ── Apply afterFiles rewrites from next.config.js ──────────────────────
+  if (__configRewrites.afterFiles && __configRewrites.afterFiles.length) {
+    const __afterRewritten = __applyConfigRewrites(cleanPathname, __configRewrites.afterFiles, __postMwReqCtx);
+    if (__afterRewritten) {
+      if (__isExternalUrl(__afterRewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __afterRewritten);
+      }
+      cleanPathname = __afterRewritten;
+    }
+  }
+
+  let match = matchRoute(cleanPathname, routes);
+
+  // ── Fallback rewrites from next.config.js (if no route matched) ───────
+  if (!match && __configRewrites.fallback && __configRewrites.fallback.length) {
+    const __fallbackRewritten = __applyConfigRewrites(cleanPathname, __configRewrites.fallback, __postMwReqCtx);
+    if (__fallbackRewritten) {
+      if (__isExternalUrl(__fallbackRewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __fallbackRewritten);
+      }
+      cleanPathname = __fallbackRewritten;
+      match = matchRoute(cleanPathname, routes);
+    }
+  }
+
+  if (!match) {
+    // Render custom not-found page if available, otherwise plain 404
+    const notFoundResponse = await renderNotFoundPage(null, isRscRequest, request);
+    if (notFoundResponse) return notFoundResponse;
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response("Not Found", { status: 404 });
+  }
+
+  const { route, params } = match;
+
+  // Update navigation context with matched params
+  setNavigationContext({
+    pathname: cleanPathname,
+    searchParams: url.searchParams,
+    params,
+  });
+
+  // Handle route.ts API handlers
+  if (route.routeHandler) {
+    const handler = route.routeHandler;
+    const method = request.method.toUpperCase();
+    const revalidateSeconds = typeof handler.revalidate === "number" && handler.revalidate > 0 ? handler.revalidate : null;
+
+    // Collect exported HTTP methods for OPTIONS auto-response and Allow header
+    const HTTP_METHODS = ["GET", "HEAD", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"];
+    const exportedMethods = HTTP_METHODS.filter((m) => typeof handler[m] === "function");
+    // If GET is exported, HEAD is implicitly supported
+    if (exportedMethods.includes("GET") && !exportedMethods.includes("HEAD")) {
+      exportedMethods.push("HEAD");
+    }
+    const hasDefault = typeof handler["default"] === "function";
+
+    // OPTIONS auto-implementation: respond with Allow header and 204
+    if (method === "OPTIONS" && typeof handler["OPTIONS"] !== "function") {
+      const allowMethods = hasDefault ? HTTP_METHODS : exportedMethods;
+      if (!allowMethods.includes("OPTIONS")) allowMethods.push("OPTIONS");
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response(null, {
+        status: 204,
+        headers: { "Allow": allowMethods.join(", ") },
+      });
+    }
+
+    // HEAD auto-implementation: run GET handler and strip body
+    let handlerFn = handler[method] || handler["default"];
+    let isAutoHead = false;
+    if (method === "HEAD" && typeof handler["HEAD"] !== "function" && typeof handler["GET"] === "function") {
+      handlerFn = handler["GET"];
+      isAutoHead = true;
+    }
+
+    if (typeof handlerFn === "function") {
+      try {
+        const response = await handlerFn(request, { params });
+
+        // Apply Cache-Control from route segment config (export const revalidate = N).
+        // Next.js sets s-maxage on GET route handlers with a numeric revalidate value.
+        if (revalidateSeconds !== null && (method === "GET" || isAutoHead) && !response.headers.has("cache-control")) {
+          response.headers.set("cache-control", "s-maxage=" + revalidateSeconds + ", stale-while-revalidate");
+        }
+
+        // Collect any Set-Cookie headers from cookies().set()/delete() calls
+        const pendingCookies = getAndClearPendingCookies();
+        const draftCookie = getDraftModeCookieHeader();
+        setHeadersContext(null);
+        setNavigationContext(null);
+
+        // If we have pending cookies, create a new response with them attached
+        if (pendingCookies.length > 0 || draftCookie) {
+          const newHeaders = new Headers(response.headers);
+          for (const cookie of pendingCookies) {
+            newHeaders.append("Set-Cookie", cookie);
+          }
+          if (draftCookie) newHeaders.append("Set-Cookie", draftCookie);
+
+          if (isAutoHead) {
+            return new Response(null, {
+              status: response.status,
+              statusText: response.statusText,
+              headers: newHeaders,
+            });
+          }
+          return new Response(response.body, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: newHeaders,
+          });
+        }
+
+        if (isAutoHead) {
+          // Strip body for auto-HEAD, preserve headers and status
+          return new Response(null, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: response.headers,
+          });
+        }
+        return response;
+      } catch (err) {
+        getAndClearPendingCookies(); // Clear any pending cookies on error
+        // Catch redirect() / notFound() thrown from route handlers
+        if (err && typeof err === "object" && "digest" in err) {
+          const digest = String(err.digest);
+          if (digest.startsWith("NEXT_REDIRECT;")) {
+            const parts = digest.split(";");
+            const redirectUrl = decodeURIComponent(parts[2]);
+            const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+            setHeadersContext(null);
+            setNavigationContext(null);
+            return new Response(null, {
+              status: statusCode,
+              headers: { Location: new URL(redirectUrl, request.url).toString() },
+            });
+          }
+          if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+            const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+            setHeadersContext(null);
+            setNavigationContext(null);
+            return new Response(null, { status: statusCode });
+          }
+        }
+        setHeadersContext(null);
+        setNavigationContext(null);
+        console.error("[vinext] Route handler error:", err);
+        _reportRequestError(
+          err instanceof Error ? err : new Error(String(err)),
+          { path: cleanPathname, method: request.method, headers: Object.fromEntries(request.headers.entries()) },
+          { routerKind: "App Router", routePath: route.pattern, routeType: "route" },
+        ).catch((reportErr) => {
+          console.error("[vinext] Failed to report route handler error:", reportErr);
+        });
+        return new Response(null, { status: 500 });
+      }
+    }
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response(null, {
+      status: 405,
+      headers: { Allow: exportedMethods.join(", ") },
+    });
+  }
+
+  // Build the component tree: layouts wrapping the page
+  const PageComponent = route.page?.default;
+  if (!PageComponent) {
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response("Page has no default export", { status: 500 });
+  }
+
+  // Read route segment config from page module exports
+  let revalidateSeconds = typeof route.page?.revalidate === "number" ? route.page.revalidate : null;
+  const dynamicConfig = route.page?.dynamic; // 'auto' | 'force-dynamic' | 'force-static' | 'error'
+  const dynamicParamsConfig = route.page?.dynamicParams; // true (default) | false
+  const isForceStatic = dynamicConfig === "force-static";
+  const isDynamicError = dynamicConfig === "error";
+
+  // force-static: replace headers/cookies context with empty values and
+  // clear searchParams so dynamic APIs return defaults instead of real data
+  if (isForceStatic) {
+    setHeadersContext({ headers: new Headers(), cookies: new Map() });
+    setNavigationContext({
+      pathname: cleanPathname,
+      searchParams: new URLSearchParams(),
+      params,
+    });
+  }
+
+  // dynamic = 'error': set a trap context that throws when headers/cookies are accessed
+  if (isDynamicError) {
+    const errorMsg = 'Page with \`dynamic = "error"\` used a dynamic API. ' +
+      'This page was expected to be fully static, but headers(), cookies(), ' +
+      'or searchParams was accessed. Remove the dynamic API usage or change ' +
+      'the dynamic config to "auto" or "force-dynamic".';
+    const throwingHeaders = new Proxy(new Headers(), {
+      get(target, prop) {
+        if (typeof prop === "string" && prop !== "then") throw new Error(errorMsg);
+        return Reflect.get(target, prop);
+      },
+    });
+    const throwingCookies = new Proxy(new Map(), {
+      get(target, prop) {
+        if (typeof prop === "string" && prop !== "then") throw new Error(errorMsg);
+        return Reflect.get(target, prop);
+      },
+    });
+    setHeadersContext({ headers: throwingHeaders, cookies: throwingCookies });
+    setNavigationContext({
+      pathname: cleanPathname,
+      searchParams: new URLSearchParams(),
+      params,
+    });
+  }
+
+  // dynamicParams = false: only params from generateStaticParams are allowed
+  if (dynamicParamsConfig === false && route.isDynamic && typeof route.page?.generateStaticParams === "function") {
+    try {
+      // Pass parent params to generateStaticParams (Next.js top-down params passing).
+      // Parent params = all matched params that DON'T belong to the leaf page's own dynamic segments.
+      // We pass the full matched params; the function uses only what it needs.
+      const staticParams = await route.page.generateStaticParams({ params });
+      if (Array.isArray(staticParams)) {
+        const paramKeys = Object.keys(params);
+        const isAllowed = staticParams.some(sp =>
+          paramKeys.every(key => {
+            const val = params[key];
+            const staticVal = sp[key];
+            // Allow parent params to not be in the returned set (they're inherited)
+            if (staticVal === undefined) return true;
+            if (Array.isArray(val)) return JSON.stringify(val) === JSON.stringify(staticVal);
+            return String(val) === String(staticVal);
+          })
+        );
+        if (!isAllowed) {
+          setHeadersContext(null);
+          setNavigationContext(null);
+          return new Response("Not Found", { status: 404 });
+        }
+      }
+    } catch (err) {
+      console.error("[vinext] generateStaticParams error:", err);
+    }
+  }
+
+  // force-dynamic: set no-store Cache-Control
+  const isForceDynamic = dynamicConfig === "force-dynamic";
+
+  // Check for intercepting routes on RSC requests (client-side navigation).
+  // If the target URL matches an intercepting route in a parallel slot,
+  // render the source route with the intercepting page in the slot.
+  let interceptOpts = undefined;
+  if (isRscRequest) {
+    const intercept = findIntercept(cleanPathname);
+    if (intercept) {
+      const sourceRoute = routes[intercept.sourceRouteIndex];
+      if (sourceRoute && sourceRoute !== route) {
+        // Render the source route (e.g. /feed) with the intercepting page in the slot
+        const sourceMatch = matchRoute(sourceRoute.pattern, routes);
+        const sourceParams = sourceMatch ? sourceMatch.params : {};
+        setNavigationContext({
+          pathname: cleanPathname,
+          searchParams: url.searchParams,
+          params: intercept.matchedParams,
+        });
+        const interceptElement = await buildPageElement(sourceRoute, sourceParams, {
+          interceptSlot: intercept.slotName,
+          interceptPage: intercept.page,
+          interceptParams: intercept.matchedParams,
+        }, url.searchParams);
+        const interceptStream = renderToReadableStream(interceptElement, { onError: rscOnError });
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return new Response(interceptStream, {
+          headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+        });
+      }
+      // If sourceRoute === route, apply intercept opts to the normal render
+      interceptOpts = {
+        interceptSlot: intercept.slotName,
+        interceptPage: intercept.page,
+        interceptParams: intercept.matchedParams,
+      };
+    }
+  }
+
+  let element;
+  try {
+    element = await buildPageElement(route, params, interceptOpts, url.searchParams);
+  } catch (buildErr) {
+    // Check for redirect/notFound/forbidden/unauthorized thrown during metadata resolution or async components
+    if (buildErr && typeof buildErr === "object" && "digest" in buildErr) {
+      const digest = String(buildErr.digest);
+      if (digest.startsWith("NEXT_REDIRECT;")) {
+        const parts = digest.split(";");
+        const redirectUrl = decodeURIComponent(parts[2]);
+        const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+      }
+      if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+        const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { params });
+        if (fallbackResp) return fallbackResp;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+        return new Response(statusText, { status: statusCode });
+      }
+    }
+    // Non-special error (e.g. generateMetadata() threw) — render error.tsx if available
+    const errorBoundaryResp = await renderErrorBoundaryPage(route, buildErr, isRscRequest, request, params);
+    if (errorBoundaryResp) return errorBoundaryResp;
+    throw buildErr;
+  }
+
+  // Note: CSS is automatically injected by @vitejs/plugin-rsc's
+  // rscCssTransform — no manual loadCss() call needed.
+
+  // Helper: check if an error is a redirect/notFound/forbidden/unauthorized thrown by the navigation shim
+  async function handleRenderError(err) {
+    if (err && typeof err === "object" && "digest" in err) {
+      const digest = String(err.digest);
+      if (digest.startsWith("NEXT_REDIRECT;")) {
+        const parts = digest.split(";");
+        const redirectUrl = decodeURIComponent(parts[2]);
+        const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+      }
+      if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+        const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { params });
+        if (fallbackResp) return fallbackResp;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+        return new Response(statusText, { status: statusCode });
+      }
+    }
+    return null;
+  }
+
+  // Pre-render layout components to catch notFound()/redirect() thrown from layouts.
+  // In Next.js, each layout level has its own NotFoundBoundary. When a layout throws
+  // notFound(), the parent layout's boundary catches it and renders the parent's
+  // not-found.tsx. Since React Flight doesn't activate client error boundaries during
+  // RSC rendering, we catch layout-level throws here and render the appropriate
+  // fallback page with only the layouts above the throwing one.
+  //
+  // IMPORTANT: Layout pre-render runs BEFORE page pre-render. In Next.js, layouts
+  // render before their children — if a layout throws notFound(), the page never
+  // executes. By checking layouts first, we avoid a bug where the page's notFound()
+  // triggers renderHTTPAccessFallbackPage with ALL route layouts, but one of those
+  // layouts itself throws notFound() during the fallback rendering (causing a 500).
+  if (route.layouts && route.layouts.length > 0) {
+    const asyncParams = makeThenableParams(params);
+    // Run inside ALS context so the module-level console.error patch suppresses
+    // "Invalid hook call" only for this request's probe — concurrent requests
+    // each have their own ALS store and are unaffected.
+    const _layoutProbeResult = await _suppressHookWarningAls.run(true, async () => {
+      for (let li = route.layouts.length - 1; li >= 0; li--) {
+        const LayoutComp = route.layouts[li]?.default;
+        if (!LayoutComp) continue;
+        try {
+          const lr = LayoutComp({ params: asyncParams, children: null });
+          if (lr && typeof lr === "object" && typeof lr.then === "function") await lr;
+        } catch (layoutErr) {
+          if (layoutErr && typeof layoutErr === "object" && "digest" in layoutErr) {
+            const digest = String(layoutErr.digest);
+             if (digest.startsWith("NEXT_REDIRECT;")) {
+               const parts = digest.split(";");
+               const redirectUrl = decodeURIComponent(parts[2]);
+               const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+               setHeadersContext(null);
+               setNavigationContext(null);
+               return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+            }
+            if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+              const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+              // Find the not-found component from the parent level (the boundary that
+              // would catch this in Next.js). Walk up from the throwing layout to find
+              // the nearest not-found at a parent layout's directory.
+              let parentNotFound = null;
+              if (route.notFounds) {
+                for (let pi = li - 1; pi >= 0; pi--) {
+                  if (route.notFounds[pi]?.default) {
+                    parentNotFound = route.notFounds[pi].default;
+                    break;
+                  }
+                }
+              }
+              if (!parentNotFound) parentNotFound = null;
+              // Wrap in only the layouts above the throwing one
+              const parentLayouts = route.layouts.slice(0, li);
+              const fallbackResp = await renderHTTPAccessFallbackPage(
+                route, statusCode, isRscRequest, request,
+                { boundaryComponent: parentNotFound, layouts: parentLayouts, params }
+              );
+              if (fallbackResp) return fallbackResp;
+              setHeadersContext(null);
+              setNavigationContext(null);
+              const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+              return new Response(statusText, { status: statusCode });
+            }
+          }
+          // Not a special error — let it propagate through normal RSC rendering
+        }
+      }
+      return null;
+    });
+    if (_layoutProbeResult instanceof Response) return _layoutProbeResult;
+  }
+
+  // Pre-render the page component to catch redirect()/notFound() thrown synchronously.
+  // Server Components are just functions — we can call PageComponent directly to detect
+  // these special throws before starting the RSC stream.
+  //
+  // For routes with a loading.tsx Suspense boundary, we skip awaiting async components.
+  // The Suspense boundary + rscOnError will handle redirect/notFound thrown during
+  // streaming, and blocking here would defeat streaming (the slow component's delay
+  // would be hit before the RSC stream even starts).
+  //
+  // Because this calls the component outside React's render cycle, hooks like use()
+  // trigger "Invalid hook call" console.error in dev. The module-level ALS patch
+  // suppresses the warning only within this request's execution context.
+  const _hasLoadingBoundary = !!(route.loading && route.loading.default);
+  const _pageProbeResult = await _suppressHookWarningAls.run(true, async () => {
+    try {
+      const testResult = PageComponent({ params });
+      // If it's a promise (async component), only await if there's no loading boundary.
+      // With a loading boundary, the Suspense streaming pipeline handles async resolution
+      // and any redirect/notFound errors via rscOnError.
+      if (testResult && typeof testResult === "object" && typeof testResult.then === "function") {
+        if (!_hasLoadingBoundary) {
+          await testResult;
+        } else {
+          // Suppress unhandled promise rejection — with a loading boundary,
+          // redirect/notFound errors are handled by rscOnError during streaming.
+          testResult.catch(() => {});
+        }
+      }
+    } catch (preRenderErr) {
+      const specialResponse = await handleRenderError(preRenderErr);
+      if (specialResponse) return specialResponse;
+      // Non-special errors from the pre-render test are expected (e.g. use() hook
+      // fails outside React's render cycle, client references can't execute on server).
+      // Only redirect/notFound/forbidden/unauthorized are actionable here — other
+      // errors will be properly caught during actual RSC/SSR rendering below.
+    }
+    return null;
+  });
+  if (_pageProbeResult instanceof Response) return _pageProbeResult;
+
+  // Mark end of compile phase: route matching, middleware, tree building are done.
+  if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
+
+  // Render to RSC stream
+  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+
+  if (isRscRequest) {
+    // Direct RSC stream response (for client-side navigation)
+    // NOTE: Do NOT clear headers/navigation context here!
+    // The RSC stream is consumed lazily - components render when chunks are read.
+    // If we clear context now, headers()/cookies() will fail during rendering.
+    // Context will be cleared when the next request starts (via runWithHeadersContext).
+    const responseHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
+    // Include matched route params so the client can hydrate useParams()
+    if (params && Object.keys(params).length > 0) {
+      responseHeaders["X-Vinext-Params"] = JSON.stringify(params);
+    }
+    if (isForceDynamic) {
+      responseHeaders["Cache-Control"] = "no-store, must-revalidate";
+    } else if ((isForceStatic || isDynamicError) && !revalidateSeconds) {
+      responseHeaders["Cache-Control"] = "s-maxage=31536000, stale-while-revalidate";
+      responseHeaders["X-Vinext-Cache"] = "STATIC";
+    } else if (revalidateSeconds) {
+      responseHeaders["Cache-Control"] = "s-maxage=" + revalidateSeconds + ", stale-while-revalidate";
+    }
+    // Merge middleware response headers into the RSC response.
+    // set-cookie and vary are accumulated to preserve existing values
+    // (e.g. "Vary: RSC, Accept" set above); all other keys use plain
+    // assignment so middleware headers win over config headers, which
+    // the outer handler applies afterward and skips keys already present.
+    if (_mwCtx.headers) {
+      for (const [key, value] of _mwCtx.headers) {
+        const lk = key.toLowerCase();
+        if (lk === "set-cookie") {
+          const existing = responseHeaders[lk];
+          if (Array.isArray(existing)) {
+            existing.push(value);
+          } else if (existing) {
+            responseHeaders[lk] = [existing, value];
+          } else {
+            responseHeaders[lk] = [value];
+          }
+        } else if (lk === "vary") {
+          // Accumulate Vary values to preserve the existing "RSC, Accept" entry.
+          const existing = responseHeaders["Vary"] ?? responseHeaders["vary"];
+          if (existing) {
+            responseHeaders["Vary"] = existing + ", " + value;
+            if (responseHeaders["vary"] !== undefined) delete responseHeaders["vary"];
+          } else {
+            responseHeaders[key] = value;
+          }
+        } else {
+          responseHeaders[key] = value;
+        }
+      }
+    }
+    // Attach internal timing header so the dev server middleware can log it.
+    // Format: "handlerStart,compileMs,renderMs"
+    //   handlerStart - absolute performance.now() when _handleRequest began,
+    //                  used by the logging middleware to compute true compile
+    //                  time as (handlerStart - middlewareReqStart).
+    //   compileMs    - time inside the handler before renderToReadableStream.
+    //                  -1 sentinel means compile time is not measured.
+    //   renderMs     - -1 sentinel for RSC-only (soft-nav) responses, since
+    //                  rendering is handled asynchronously by the client. The
+    //                  logging middleware computes render time as totalMs - compileMs.
+    if (process.env.NODE_ENV !== "production") {
+      const handlerStart = Math.round(__reqStart);
+      const compileMs = __compileEnd !== undefined ? Math.round(__compileEnd - __reqStart) : -1;
+      responseHeaders["x-vinext-timing"] = handlerStart + "," + compileMs + ",-1";
+    }
+    return new Response(rscStream, { status: _mwCtx.status || 200, headers: responseHeaders });
+  }
+
+  // Collect font data from RSC environment before passing to SSR
+  // (Fonts are loaded during RSC rendering when layout.tsx calls Geist() etc.)
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+
+  // Build HTTP Link header for font preloading.
+  // This lets the browser (and CDN) start fetching font files before parsing HTML,
+  // eliminating the CSS → woff2 download waterfall.
+  const fontPreloads = fontData.preloads || [];
+  const fontLinkHeaderParts = [];
+  for (const preload of fontPreloads) {
+    fontLinkHeaderParts.push("<" + preload.href + ">; rel=preload; as=font; type=" + preload.type + "; crossorigin");
+  }
+  const fontLinkHeader = fontLinkHeaderParts.length > 0 ? fontLinkHeaderParts.join(", ") : "";
+
+  // Delegate to SSR environment for HTML rendering
+  let htmlStream;
+  try {
+    const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+    htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+    // Shell render complete; Suspense boundaries stream asynchronously
+    if (process.env.NODE_ENV !== "production") __renderEnd = performance.now();
+  } catch (ssrErr) {
+    const specialResponse = await handleRenderError(ssrErr);
+    if (specialResponse) return specialResponse;
+    // Non-special error during SSR — render error.tsx if available
+    const errorBoundaryResp = await renderErrorBoundaryPage(route, ssrErr, isRscRequest, request, params);
+    if (errorBoundaryResp) return errorBoundaryResp;
+    throw ssrErr;
+  }
+
+  // Check for draftMode Set-Cookie header (from draftMode().enable()/disable())
+  const draftCookie = getDraftModeCookieHeader();
+
+  setHeadersContext(null);
+  setNavigationContext(null);
+
+  // Helper to attach draftMode cookie, middleware headers, font Link header, and rewrite status to a response
+  function attachMiddlewareContext(response) {
+    if (draftCookie) {
+      response.headers.append("Set-Cookie", draftCookie);
+    }
+    // Set HTTP Link header for font preloading
+    if (fontLinkHeader) {
+      response.headers.set("Link", fontLinkHeader);
+    }
+    // Merge middleware response headers into the final response.
+    // The response is freshly constructed above (new Response(htmlStream, {...})),
+    // so set() and append() are equivalent — there are no same-key conflicts yet.
+    // Precedence over config headers is handled by the outer handler, which
+    // skips config keys that middleware already placed on the response.
+    if (_mwCtx.headers) {
+      for (const [key, value] of _mwCtx.headers) {
+        response.headers.append(key, value);
+      }
+    }
+    // Attach internal timing header so the dev server middleware can log it.
+    // Format: "handlerStart,compileMs,renderMs"
+    //   handlerStart - absolute performance.now() when _handleRequest began,
+    //                  used by the logging middleware to compute true compile
+    //                  time as (handlerStart - middlewareReqStart).
+    //   compileMs    - time inside the handler before renderToReadableStream.
+    //   renderMs     - time from renderToReadableStream to handleSsr completion,
+    //                  or -1 sentinel if not measured (falls back to totalMs - compileMs).
+    if (process.env.NODE_ENV !== "production") {
+      const handlerStart = Math.round(__reqStart);
+      const compileMs = __compileEnd !== undefined ? Math.round(__compileEnd - __reqStart) : -1;
+      const renderMs = __renderEnd !== undefined && __compileEnd !== undefined
+        ? Math.round(__renderEnd - __compileEnd)
+        : -1;
+      response.headers.set("x-vinext-timing", handlerStart + "," + compileMs + "," + renderMs);
+    }
+    // Apply custom status code from middleware rewrite
+    if (_mwCtx.status) {
+      return new Response(response.body, {
+        status: _mwCtx.status,
+        headers: response.headers,
+      });
+    }
+    return response;
+  }
+
+  // Check if any component called connection(), cookies(), headers(), or noStore()
+  // during rendering. If so, treat as dynamic (skip ISR, set no-store).
+  const dynamicUsedDuringRender = consumeDynamicUsage();
+
+  // Check if cacheLife() was called during rendering (e.g., page with file-level "use cache").
+  // If so, use its revalidation period for the Cache-Control header.
+  const requestCacheLife = _consumeRequestScopedCacheLife();
+  if (requestCacheLife && requestCacheLife.revalidate !== undefined && revalidateSeconds === null) {
+    revalidateSeconds = requestCacheLife.revalidate;
+  }
+
+  // force-dynamic: always return no-store (highest priority)
+  if (isForceDynamic) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "no-store, must-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // force-static / error: treat as static regardless of dynamic usage.
+  // force-static intentionally provides empty headers/cookies context so
+  // dynamic APIs return safe defaults; we ignore the dynamic usage signal.
+  // dynamic='error' should have already thrown (via throwing Proxy) if user
+  // code accessed dynamic APIs, so reaching here means rendering succeeded.
+  if ((isForceStatic || isDynamicError) && (revalidateSeconds === null || revalidateSeconds === 0)) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "s-maxage=31536000, stale-while-revalidate",
+        "X-Vinext-Cache": "STATIC",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // auto mode: dynamic API usage (headers(), cookies(), connection(), noStore(),
+  // searchParams access) opts the page into dynamic rendering with no-store.
+  if (dynamicUsedDuringRender) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "no-store, must-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // Emit Cache-Control for ISR pages so tests can verify revalidate values,
+  // but skip actual caching in dev — every request renders fresh.
+  if (revalidateSeconds !== null && revalidateSeconds > 0) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "s-maxage=" + revalidateSeconds + ", stale-while-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  return attachMiddlewareContext(new Response(htmlStream, {
+    headers: { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" },
+  }));
+}
+
+if (import.meta.hot) {
+  import.meta.hot.accept();
+}
+"
+`;
+
+exports[`App Router entry templates > generateSsrEntry snapshot 1`] = `
+"
+import { createFromReadableStream } from "@vitejs/plugin-rsc/ssr";
+import { renderToReadableStream, renderToStaticMarkup } from "react-dom/server.edge";
+import { setNavigationContext, ServerInsertedHTMLContext } from "next/navigation";
+import { runWithNavigationContext as _runWithNavCtx } from "vinext/navigation-state";
+import { safeJsonStringify } from "vinext/html";
+import { createElement as _ssrCE } from "react";
+
+/**
+ * Collect all chunks from a ReadableStream into an array of text strings.
+ * Used to capture the RSC payload for embedding in HTML.
+ * The RSC flight protocol is text-based (line-delimited key:value pairs),
+ * so we decode to text strings instead of byte arrays — this is dramatically
+ * more compact when JSON-serialized into inline <script> tags.
+ */
+async function collectStreamChunks(stream) {
+  const reader = stream.getReader();
+  const decoder = new TextDecoder();
+  const chunks = [];
+  while (true) {
+    const { done, value } = await reader.read();
+    if (done) break;
+    // Decode Uint8Array to text string for compact JSON serialization
+    chunks.push(decoder.decode(value, { stream: true }));
+  }
+  return chunks;
+}
+
+// React 19 dev-mode workaround (see VinextFlightRoot in handleSsr):
+//
+// In dev, Flight error decoding in react-server-dom-webpack/client.edge
+// can hit resolveErrorDev() which (via React's dev error stack capture)
+// expects a non-null hooks dispatcher.
+//
+// Vinext previously called createFromReadableStream() outside of any React render.
+// When an RSC stream contains an error, dev-mode decoding could crash with:
+//   - "Invalid hook call"
+//   - "Cannot read properties of null (reading 'useContext')"
+//
+// Fix: call createFromReadableStream() lazily inside a React component render.
+// This mirrors Next.js behavior and ensures the dispatcher is set.
+
+/**
+ * Create a TransformStream that appends RSC chunks as inline <script> tags
+ * to the HTML stream. This allows progressive hydration — the browser receives
+ * RSC data incrementally as Suspense boundaries resolve, rather than waiting
+ * for the entire RSC payload before hydration can begin.
+ *
+ * Each chunk is written as:
+ *   <script>self.__VINEXT_RSC_CHUNKS__=self.__VINEXT_RSC_CHUNKS__||[];self.__VINEXT_RSC_CHUNKS__.push("...")</script>
+ *
+ * Chunks are embedded as text strings (not byte arrays) since the RSC flight
+ * protocol is text-based. The browser entry encodes them back to Uint8Array.
+ * This is ~3x more compact than the previous byte-array format.
+ */
+function createRscEmbedTransform(embedStream) {
+  const reader = embedStream.getReader();
+  const _decoder = new TextDecoder();
+  let done = false;
+  let pendingChunks = [];
+  let reading = false;
+
+  // Fix invalid preload "as" values in RSC Flight hint lines before
+  // they reach the client. React Flight emits HL hints with
+  // as="stylesheet" for CSS, but the HTML spec requires as="style"
+  // for <link rel="preload">. The fixPreloadAs() below only fixes the
+  // server-rendered HTML stream; this fixes the raw Flight data that
+  // gets embedded as __VINEXT_RSC_CHUNKS__ and processed client-side.
+  function fixFlightHints(text) {
+    // Flight hint format: <id>:HL["url","stylesheet"] or with options
+    return text.replace(/(\\d+:HL\\[.*?),"stylesheet"(\\]|,)/g, '$1,"style"$2');
+  }
+
+  // Start reading RSC chunks in the background, accumulating them as text strings.
+  // The RSC flight protocol is text-based, so decoding to strings and embedding
+  // as JSON strings is ~3x more compact than the byte-array format.
+  async function pumpReader() {
+    if (reading) return;
+    reading = true;
+    try {
+      while (true) {
+        const result = await reader.read();
+        if (result.done) {
+          done = true;
+          break;
+        }
+        const text = _decoder.decode(result.value, { stream: true });
+        pendingChunks.push(fixFlightHints(text));
+      }
+    } catch (err) {
+      if (process.env.NODE_ENV !== "production") {
+        console.warn("[vinext] RSC embed stream read error:", err);
+      }
+      done = true;
+    }
+    reading = false;
+  }
+
+  // Fire off the background reader immediately
+  const pumpPromise = pumpReader();
+
+  return {
+    /**
+     * Flush any accumulated RSC chunks as <script> tags.
+     * Called after each HTML chunk is enqueued.
+     */
+    flush() {
+      if (pendingChunks.length === 0) return "";
+      const chunks = pendingChunks;
+      pendingChunks = [];
+      let scripts = "";
+      for (const chunk of chunks) {
+        scripts += "<script>self.__VINEXT_RSC_CHUNKS__=self.__VINEXT_RSC_CHUNKS__||[];self.__VINEXT_RSC_CHUNKS__.push(" + safeJsonStringify(chunk) + ")</script>";
+      }
+      return scripts;
+    },
+
+    /**
+     * Wait for the RSC stream to fully complete and return any final
+     * script tags plus the closing signal.
+     */
+    async finalize() {
+      await pumpPromise;
+      let scripts = this.flush();
+      // Signal that all RSC chunks have been sent.
+      // Params are already embedded in <head> — no need to include here.
+      scripts += "<script>self.__VINEXT_RSC_DONE__=true</script>";
+      return scripts;
+    },
+  };
+}
+
+/**
+ * Render the RSC stream to HTML.
+ *
+ * @param rscStream - The RSC payload stream from the RSC environment
+ * @param navContext - Navigation context for client component SSR hooks.
+ *   "use client" components like those using usePathname() need the current
+ *   request URL during SSR, and they run in this SSR environment (separate
+ *   from the RSC environment where the context was originally set).
+ * @param fontData - Font links and styles collected from the RSC environment.
+ *   Fonts are loaded during RSC rendering (when layout calls Geist() etc.),
+ *   and the data needs to be passed to SSR since they're separate module instances.
+ */
+export async function handleSsr(rscStream, navContext, fontData) {
+  // Wrap in a navigation ALS scope for per-request isolation in the SSR
+  // environment. The SSR environment has separate module instances from RSC,
+  // so it needs its own ALS scope.
+  return _runWithNavCtx(async () => {
+  // Set navigation context so hooks like usePathname() work during SSR
+  // of "use client" components
+  if (navContext) {
+    setNavigationContext(navContext);
+  }
+
+  // Clear any stale callbacks from previous requests
+  const { clearServerInsertedHTML, flushServerInsertedHTML, useServerInsertedHTML: _addInsertedHTML } = await import("next/navigation");
+  clearServerInsertedHTML();
+
+  try {
+    // Tee the RSC stream - one for SSR rendering, one for embedding in HTML.
+    // This ensures the browser uses the SAME RSC payload for hydration that
+    // was used to generate the HTML, avoiding hydration mismatches (React #418).
+    const [ssrStream, embedStream] = rscStream.tee();
+
+    // Create the progressive RSC embed helper — it reads the embed stream
+    // in the background and provides script tags to inject into the HTML stream.
+    const rscEmbed = createRscEmbedTransform(embedStream);
+
+    // Deserialize RSC stream back to React VDOM.
+    // IMPORTANT: Do NOT await this — createFromReadableStream returns a thenable
+    // that React's renderToReadableStream can consume progressively. By passing
+    // the unresolved thenable, React will render Suspense fallbacks (loading.tsx)
+    // immediately in the HTML shell, then stream in resolved content as RSC
+    // chunks arrive. Awaiting here would block until all async server components
+    // complete, collapsing the streaming behavior.
+    // Lazily create the Flight root inside render so React's hook dispatcher is set
+    // (avoids React 19 dev-mode resolveErrorDev() crash). VinextFlightRoot returns
+    // a thenable (not a ReactNode), which React 19 consumes via its internal
+    // thenable-as-child suspend/resume behavior. This matches Next.js's approach.
+    let flightRoot;
+    function VinextFlightRoot() {
+      if (!flightRoot) {
+        flightRoot = createFromReadableStream(ssrStream);
+      }
+      return flightRoot;
+    }
+    const root = _ssrCE(VinextFlightRoot);
+
+    // Wrap with ServerInsertedHTMLContext.Provider so libraries that use
+    // useContext(ServerInsertedHTMLContext) (Apollo Client, styled-components,
+    // etc.) get a working callback registration function during SSR.
+    // The provider value is useServerInsertedHTML — same function that direct
+    // callers use — so both paths push to the same ALS-backed callback array.
+    const ssrRoot = ServerInsertedHTMLContext
+      ? _ssrCE(ServerInsertedHTMLContext.Provider, { value: _addInsertedHTML }, root)
+      : root;
+
+    // Get the bootstrap script content for the browser entry
+    const bootstrapScriptContent =
+      await import.meta.viteRsc.loadBootstrapScriptContent("index");
+
+    // djb2 hash for digest generation in the SSR environment.
+    // Matches the RSC environment's __errorDigest function.
+    function ssrErrorDigest(str) {
+      let hash = 5381;
+      for (let i = str.length - 1; i >= 0; i--) {
+        hash = (hash * 33) ^ str.charCodeAt(i);
+      }
+      return (hash >>> 0).toString();
+    }
+
+    // Render HTML (streaming SSR)
+    // useServerInsertedHTML callbacks are registered during this render.
+    // The onError callback preserves the digest for Next.js navigation errors
+    // (redirect, notFound, forbidden, unauthorized) thrown inside Suspense
+    // boundaries during RSC streaming. Without this, React's default onError
+    // returns undefined and the digest is lost in the $RX() call, preventing
+    // client-side error boundaries from identifying the error type.
+    // In production, non-navigation errors also get a digest hash so they
+    // can be correlated with server logs without leaking details to clients.
+    const htmlStream = await renderToReadableStream(ssrRoot, {
+      bootstrapScriptContent,
+      onError(error) {
+        if (error && typeof error === "object" && "digest" in error) {
+          return String(error.digest);
+        }
+        // In production, generate a digest hash for non-navigation errors
+        if (process.env.NODE_ENV === "production" && error) {
+          const msg = error instanceof Error ? error.message : String(error);
+          const stack = error instanceof Error ? (error.stack || "") : "";
+          return ssrErrorDigest(msg + stack);
+        }
+        return undefined;
+      },
+    });
+
+
+    // Flush useServerInsertedHTML callbacks (CSS-in-JS style injection)
+    const insertedElements = flushServerInsertedHTML();
+
+    // Render the inserted elements to HTML strings
+    const { Fragment } = await import("react");
+    let insertedHTML = "";
+    for (const el of insertedElements) {
+      try {
+        insertedHTML += renderToStaticMarkup(_ssrCE(Fragment, null, el));
+      } catch {
+        // Skip elements that can't be rendered
+      }
+    }
+
+    // Escape HTML attribute values (defense-in-depth for font URLs/types).
+    function _escAttr(s) { return s.replace(/&/g, "&amp;").replace(/"/g, "&quot;"); }
+
+    // Build font HTML from data passed from RSC environment
+    // (Fonts are loaded during RSC rendering, and RSC/SSR are separate module instances)
+    let fontHTML = "";
+    if (fontData) {
+      if (fontData.links && fontData.links.length > 0) {
+        for (const url of fontData.links) {
+          fontHTML += '<link rel="stylesheet" href="' + _escAttr(url) + '" />\\n';
+        }
+      }
+      // Emit <link rel="preload"> for local font files
+      if (fontData.preloads && fontData.preloads.length > 0) {
+        for (const preload of fontData.preloads) {
+          fontHTML += '<link rel="preload" href="' + _escAttr(preload.href) + '" as="font" type="' + _escAttr(preload.type) + '" crossorigin />\\n';
+        }
+      }
+      if (fontData.styles && fontData.styles.length > 0) {
+        fontHTML += '<style data-vinext-fonts>' + fontData.styles.join("\\n") + '</style>\\n';
+      }
+    }
+
+    // Extract client entry module URL from bootstrapScriptContent to emit
+    // a <link rel="modulepreload"> hint. The RSC plugin formats bootstrap
+    // content as: import("URL") — we extract the URL so the browser can
+    // speculatively fetch and parse the JS module while still processing
+    // the HTML body, instead of waiting until it reaches the inline script.
+    let modulePreloadHTML = "";
+    if (bootstrapScriptContent) {
+      const m = bootstrapScriptContent.match(/import\\("([^"]+)"\\)/);
+      if (m && m[1]) {
+        modulePreloadHTML = '<link rel="modulepreload" href="' + _escAttr(m[1]) + '" />\\n';
+      }
+    }
+
+    // Head-injected HTML: server-inserted HTML, font HTML, route params,
+    // and modulepreload hints.
+    // RSC payload is now embedded progressively via script tags in the body stream.
+    // Params are embedded eagerly in <head> so they're available before client
+    // hydration starts, avoiding the need for polling on the client.
+    const paramsScript = '<script>self.__VINEXT_RSC_PARAMS__=' + safeJsonStringify(navContext?.params || {}) + '</script>';
+    const injectHTML = paramsScript + modulePreloadHTML + insertedHTML + fontHTML;
+
+    // Inject the collected HTML before </head> and progressively embed RSC
+    // chunks as script tags throughout the HTML body stream.
+    const decoder = new TextDecoder();
+    const encoder = new TextEncoder();
+    let injected = false;
+
+    // Fix invalid preload "as" values in server-rendered HTML.
+    // React Fizz emits <link rel="preload" as="stylesheet"> for CSS,
+    // but the HTML spec requires as="style" for <link rel="preload">.
+    // Note: fixFlightHints() in createRscEmbedTransform handles the
+    // complementary case — fixing the raw Flight stream data before
+    // it's embedded as __VINEXT_RSC_CHUNKS__ for client-side processing.
+    // See: https://html.spec.whatwg.org/multipage/links.html#link-type-preload
+    function fixPreloadAs(html) {
+      // Match <link ...rel="preload"... as="stylesheet"...> in any attribute order
+      return html.replace(/<link(?=[^>]*\\srel="preload")[^>]*>/g, function(tag) {
+        return tag.replace(' as="stylesheet"', ' as="style"');
+      });
+    }
+
+    // Tick-buffered RSC script injection.
+    //
+    // React's renderToReadableStream (Fizz) flushes chunks synchronously
+    // within one microtask — all chunks from a single flushCompletedQueues
+    // call arrive in the same macrotask. We buffer HTML chunks as they
+    // arrive, then use setTimeout(0) to defer emitting them plus any
+    // accumulated RSC scripts to the next macrotask. This guarantees we
+    // never inject <script> tags between partial HTML chunks (which would
+    // corrupt split elements like "<linearGradi" + "ent>"), while still
+    // delivering RSC data progressively as Suspense boundaries resolve.
+    //
+    // Reference: rsc-html-stream by Devon Govett (credited by Next.js)
+    // https://github.com/devongovett/rsc-html-stream
+    let buffered = [];
+    let timeoutId = null;
+
+    const transform = new TransformStream({
+      transform(chunk, controller) {
+        const text = decoder.decode(chunk, { stream: true });
+        const fixed = fixPreloadAs(text);
+        buffered.push(fixed);
+
+        if (timeoutId !== null) return;
+
+        timeoutId = setTimeout(() => {
+          // Flush all buffered HTML chunks from this React flush cycle
+          for (const buf of buffered) {
+            if (!injected) {
+              const headEnd = buf.indexOf("</head>");
+              if (headEnd !== -1) {
+                const before = buf.slice(0, headEnd);
+                const after = buf.slice(headEnd);
+                controller.enqueue(encoder.encode(before + injectHTML + after));
+                injected = true;
+                continue;
+              }
+            }
+            controller.enqueue(encoder.encode(buf));
+          }
+          buffered = [];
+
+          // Now safe to inject any accumulated RSC scripts — we're between
+          // React flush cycles, so no partial HTML chunks can follow until
+          // the next macrotask.
+          const rscScripts = rscEmbed.flush();
+          if (rscScripts) {
+            controller.enqueue(encoder.encode(rscScripts));
+          }
+
+          timeoutId = null;
+        }, 0);
+      },
+      async flush(controller) {
+        // Cancel any pending setTimeout callback — flush() drains
+        // everything itself, so the callback would be a no-op but
+        // cancelling makes the code obviously correct.
+        if (timeoutId !== null) {
+          clearTimeout(timeoutId);
+          timeoutId = null;
+        }
+
+        // Flush any remaining buffered HTML chunks
+        for (const buf of buffered) {
+          if (!injected) {
+            const headEnd = buf.indexOf("</head>");
+            if (headEnd !== -1) {
+              const before = buf.slice(0, headEnd);
+              const after = buf.slice(headEnd);
+              controller.enqueue(encoder.encode(before + injectHTML + after));
+              injected = true;
+              continue;
+            }
+          }
+          controller.enqueue(encoder.encode(buf));
+        }
+        buffered = [];
+
+        if (!injected && injectHTML) {
+          controller.enqueue(encoder.encode(injectHTML));
+        }
+        // Finalize: wait for the RSC stream to complete and emit remaining
+        // chunks plus the __VINEXT_RSC_DONE__ signal.
+        const finalScripts = await rscEmbed.finalize();
+        if (finalScripts) {
+          controller.enqueue(encoder.encode(finalScripts));
+        }
+      },
+    });
+
+    return htmlStream.pipeThrough(transform);
+  } finally {
+    // Clean up so we don't leak context between requests
+    setNavigationContext(null);
+    clearServerInsertedHTML();
+  }
+  }); // end _runWithNavCtx
+}
+
+export default {
+  async fetch(request) {
+    const url = new URL(request.url);
+    if (url.pathname.startsWith("//")) {
+      return new Response("404 Not Found", { status: 404 });
+    }
+    const rscModule = await import.meta.viteRsc.loadModule("rsc", "index");
+    const result = await rscModule.default(request);
+    if (result instanceof Response) {
+      return result;
+    }
+    if (result === null || result === undefined) {
+      return new Response("Not Found", { status: 404 });
+    }
+    return new Response(String(result), { status: 200 });
+  },
+};
+"
+`;
+
+exports[`Pages Router entry templates > client entry snapshot 1`] = `
+"
+import React from "react";
+import { hydrateRoot } from "react-dom/client";
+// Eagerly import the router shim so its module-level popstate listener is
+// registered.  Without this, browser back/forward buttons do nothing because
+// navigateClient() is never invoked on history changes.
+import "next/router";
+
+const pageLoaders = {
+  "/": () => import("<ROOT>/tests/fixtures/pages-basic/pages/index.tsx"),
+  "/404": () => import("<ROOT>/tests/fixtures/pages-basic/pages/404.tsx"),
+  "/about": () => import("<ROOT>/tests/fixtures/pages-basic/pages/about.tsx"),
+  "/alias-test": () => import("<ROOT>/tests/fixtures/pages-basic/pages/alias-test.tsx"),
+  "/before-pop-state-test": () => import("<ROOT>/tests/fixtures/pages-basic/pages/before-pop-state-test.tsx"),
+  "/cjs/basic": () => import("<ROOT>/tests/fixtures/pages-basic/pages/cjs/basic.tsx"),
+  "/cjs/random": () => import("<ROOT>/tests/fixtures/pages-basic/pages/cjs/random.ts"),
+  "/config-test": () => import("<ROOT>/tests/fixtures/pages-basic/pages/config-test.tsx"),
+  "/counter": () => import("<ROOT>/tests/fixtures/pages-basic/pages/counter.tsx"),
+  "/dynamic-page": () => import("<ROOT>/tests/fixtures/pages-basic/pages/dynamic-page.tsx"),
+  "/dynamic-ssr-false": () => import("<ROOT>/tests/fixtures/pages-basic/pages/dynamic-ssr-false.tsx"),
+  "/isr-test": () => import("<ROOT>/tests/fixtures/pages-basic/pages/isr-test.tsx"),
+  "/link-test": () => import("<ROOT>/tests/fixtures/pages-basic/pages/link-test.tsx"),
+  "/nav-test": () => import("<ROOT>/tests/fixtures/pages-basic/pages/nav-test.tsx"),
+  "/posts/missing": () => import("<ROOT>/tests/fixtures/pages-basic/pages/posts/missing.tsx"),
+  "/redirect-xss": () => import("<ROOT>/tests/fixtures/pages-basic/pages/redirect-xss.tsx"),
+  "/router-events-test": () => import("<ROOT>/tests/fixtures/pages-basic/pages/router-events-test.tsx"),
+  "/script-test": () => import("<ROOT>/tests/fixtures/pages-basic/pages/script-test.tsx"),
+  "/shallow-test": () => import("<ROOT>/tests/fixtures/pages-basic/pages/shallow-test.tsx"),
+  "/ssr": () => import("<ROOT>/tests/fixtures/pages-basic/pages/ssr.tsx"),
+  "/ssr-headers": () => import("<ROOT>/tests/fixtures/pages-basic/pages/ssr-headers.tsx"),
+  "/ssr-res-end": () => import("<ROOT>/tests/fixtures/pages-basic/pages/ssr-res-end.tsx"),
+  "/suspense-test": () => import("<ROOT>/tests/fixtures/pages-basic/pages/suspense-test.tsx"),
+  "/articles/[id]": () => import("<ROOT>/tests/fixtures/pages-basic/pages/articles/[id].tsx"),
+  "/blog/[slug]": () => import("<ROOT>/tests/fixtures/pages-basic/pages/blog/[slug].tsx"),
+  "/posts/[id]": () => import("<ROOT>/tests/fixtures/pages-basic/pages/posts/[id].tsx"),
+  "/products/[pid]": () => import("<ROOT>/tests/fixtures/pages-basic/pages/products/[pid].tsx"),
+  "/docs/[...slug]": () => import("<ROOT>/tests/fixtures/pages-basic/pages/docs/[...slug].tsx"),
+  "/sign-up/[[...sign-up]]": () => import("<ROOT>/tests/fixtures/pages-basic/pages/sign-up/[[...sign-up]]/index.tsx")
+};
+
+async function hydrate() {
+  const nextData = window.__NEXT_DATA__;
+  if (!nextData) {
+    console.error("[vinext] No __NEXT_DATA__ found");
+    return;
+  }
+
+  const { pageProps } = nextData.props;
+  const loader = pageLoaders[nextData.page];
+  if (!loader) {
+    console.error("[vinext] No page loader for route:", nextData.page);
+    return;
+  }
+
+  const pageModule = await loader();
+  const PageComponent = pageModule.default;
+  if (!PageComponent) {
+    console.error("[vinext] Page module has no default export");
+    return;
+  }
+
+  let element;
+  
+  try {
+    const appModule = await import("<ROOT>/tests/fixtures/pages-basic/pages/_app.tsx");
+    const AppComponent = appModule.default;
+    window.__VINEXT_APP__ = AppComponent;
+    element = React.createElement(AppComponent, { Component: PageComponent, pageProps });
+  } catch {
+    element = React.createElement(PageComponent, pageProps);
+  }
+  
+
+  // Wrap with RouterContext.Provider so next/compat/router works during hydration
+  const { wrapWithRouterContext } = await import("next/router");
+  element = wrapWithRouterContext(element);
+
+  const container = document.getElementById("__next");
+  if (!container) {
+    console.error("[vinext] No #__next element found");
+    return;
+  }
+
+  const root = hydrateRoot(container, element);
+  window.__VINEXT_ROOT__ = root;
+}
+
+hydrate();
+"
+`;
+
+exports[`Pages Router entry templates > server entry snapshot 1`] = `
+"
+import React from "react";
+import { renderToReadableStream } from "react-dom/server.edge";
+import { resetSSRHead, getSSRHeadHTML } from "next/head";
+import { flushPreloads } from "next/dynamic";
+import { setSSRContext, wrapWithRouterContext } from "next/router";
+import { getCacheHandler } from "next/cache";
+import { runWithFetchCache } from "vinext/fetch-cache";
+import { _runWithCacheState } from "next/cache";
+import { runWithPrivateCache } from "vinext/cache-runtime";
+import { runWithRouterState } from "vinext/router-state";
+import { runWithHeadState } from "vinext/head-state";
+import { safeJsonStringify } from "vinext/html";
+import { getSSRFontLinks as _getSSRFontLinks, getSSRFontStyles as _getSSRFontStylesGoogle, getSSRFontPreloads as _getSSRFontPreloadsGoogle } from "next/font/google";
+import { getSSRFontStyles as _getSSRFontStylesLocal, getSSRFontPreloads as _getSSRFontPreloadsLocal } from "next/font/local";
+import * as middlewareModule from "<ROOT>/tests/fixtures/pages-basic/middleware.ts";
+import { NextRequest, NextFetchEvent } from "next/server";
+
+// i18n config (embedded at build time)
+const i18nConfig = null;
+
+// Full resolved config for production server (embedded at build time)
+export const vinextConfig = {"basePath":"","trailingSlash":false,"redirects":[{"source":"/old-about","destination":"/about","permanent":true}],"rewrites":{"beforeFiles":[{"source":"/before-rewrite","destination":"/about"},{"source":"/mw-gated-before","has":[{"type":"cookie","key":"mw-before-user"}],"destination":"/about"}],"afterFiles":[{"source":"/after-rewrite","destination":"/about"},{"source":"/mw-gated-rewrite","has":[{"type":"cookie","key":"mw-user"}],"destination":"/about"}],"fallback":[{"source":"/fallback-rewrite","destination":"/about"}]},"headers":[{"source":"/api/(.*)","headers":[{"key":"X-Custom-Header","value":"vinext"}]},{"source":"/about","has":[{"type":"cookie","key":"logged-in"}],"headers":[{"key":"X-Auth-Only-Header","value":"1"}]},{"source":"/about","missing":[{"type":"cookie","key":"logged-in"}],"headers":[{"key":"X-Guest-Only-Header","value":"1"}]},{"source":"/ssr","headers":[{"key":"Vary","value":"Accept-Language"}]}],"i18n":null,"images":{}};
+
+// ISR cache helpers (inlined for the server entry)
+async function isrGet(key) {
+  const handler = getCacheHandler();
+  const result = await handler.get(key);
+  if (!result || !result.value) return null;
+  return { value: result, isStale: result.cacheState === "stale" };
+}
+async function isrSet(key, data, revalidateSeconds, tags) {
+  const handler = getCacheHandler();
+  await handler.set(key, data, { revalidate: revalidateSeconds, tags: tags || [] });
+}
+const pendingRegenerations = new Map();
+function triggerBackgroundRegeneration(key, renderFn) {
+  if (pendingRegenerations.has(key)) return;
+  const promise = renderFn()
+    .catch((err) => console.error("[vinext] ISR regen failed for " + key + ":", err))
+    .finally(() => pendingRegenerations.delete(key));
+  pendingRegenerations.set(key, promise);
+}
+
+async function renderToStringAsync(element) {
+  const stream = await renderToReadableStream(element);
+  await stream.allReady;
+  return new Response(stream).text();
+}
+
+import * as page_0 from "<ROOT>/tests/fixtures/pages-basic/pages/index.tsx";
+import * as page_1 from "<ROOT>/tests/fixtures/pages-basic/pages/404.tsx";
+import * as page_2 from "<ROOT>/tests/fixtures/pages-basic/pages/about.tsx";
+import * as page_3 from "<ROOT>/tests/fixtures/pages-basic/pages/alias-test.tsx";
+import * as page_4 from "<ROOT>/tests/fixtures/pages-basic/pages/before-pop-state-test.tsx";
+import * as page_5 from "<ROOT>/tests/fixtures/pages-basic/pages/cjs/basic.tsx";
+import * as page_6 from "<ROOT>/tests/fixtures/pages-basic/pages/cjs/random.ts";
+import * as page_7 from "<ROOT>/tests/fixtures/pages-basic/pages/config-test.tsx";
+import * as page_8 from "<ROOT>/tests/fixtures/pages-basic/pages/counter.tsx";
+import * as page_9 from "<ROOT>/tests/fixtures/pages-basic/pages/dynamic-page.tsx";
+import * as page_10 from "<ROOT>/tests/fixtures/pages-basic/pages/dynamic-ssr-false.tsx";
+import * as page_11 from "<ROOT>/tests/fixtures/pages-basic/pages/isr-test.tsx";
+import * as page_12 from "<ROOT>/tests/fixtures/pages-basic/pages/link-test.tsx";
+import * as page_13 from "<ROOT>/tests/fixtures/pages-basic/pages/nav-test.tsx";
+import * as page_14 from "<ROOT>/tests/fixtures/pages-basic/pages/posts/missing.tsx";
+import * as page_15 from "<ROOT>/tests/fixtures/pages-basic/pages/redirect-xss.tsx";
+import * as page_16 from "<ROOT>/tests/fixtures/pages-basic/pages/router-events-test.tsx";
+import * as page_17 from "<ROOT>/tests/fixtures/pages-basic/pages/script-test.tsx";
+import * as page_18 from "<ROOT>/tests/fixtures/pages-basic/pages/shallow-test.tsx";
+import * as page_19 from "<ROOT>/tests/fixtures/pages-basic/pages/ssr.tsx";
+import * as page_20 from "<ROOT>/tests/fixtures/pages-basic/pages/ssr-headers.tsx";
+import * as page_21 from "<ROOT>/tests/fixtures/pages-basic/pages/ssr-res-end.tsx";
+import * as page_22 from "<ROOT>/tests/fixtures/pages-basic/pages/suspense-test.tsx";
+import * as page_23 from "<ROOT>/tests/fixtures/pages-basic/pages/articles/[id].tsx";
+import * as page_24 from "<ROOT>/tests/fixtures/pages-basic/pages/blog/[slug].tsx";
+import * as page_25 from "<ROOT>/tests/fixtures/pages-basic/pages/posts/[id].tsx";
+import * as page_26 from "<ROOT>/tests/fixtures/pages-basic/pages/products/[pid].tsx";
+import * as page_27 from "<ROOT>/tests/fixtures/pages-basic/pages/docs/[...slug].tsx";
+import * as page_28 from "<ROOT>/tests/fixtures/pages-basic/pages/sign-up/[[...sign-up]]/index.tsx";
+import * as api_0 from "<ROOT>/tests/fixtures/pages-basic/pages/api/binary.ts";
+import * as api_1 from "<ROOT>/tests/fixtures/pages-basic/pages/api/error-route.ts";
+import * as api_2 from "<ROOT>/tests/fixtures/pages-basic/pages/api/hello.ts";
+import * as api_3 from "<ROOT>/tests/fixtures/pages-basic/pages/api/instrumentation-test.ts";
+import * as api_4 from "<ROOT>/tests/fixtures/pages-basic/pages/api/middleware-test.ts";
+import * as api_5 from "<ROOT>/tests/fixtures/pages-basic/pages/api/no-content-type.ts";
+import * as api_6 from "<ROOT>/tests/fixtures/pages-basic/pages/api/users/[id].ts";
+
+import { default as AppComponent } from "<ROOT>/tests/fixtures/pages-basic/pages/_app.tsx";
+import { default as DocumentComponent } from "<ROOT>/tests/fixtures/pages-basic/pages/_document.tsx";
+
+const pageRoutes = [
+  { pattern: "/", isDynamic: false, params: [], module: page_0, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/index.tsx" },
+  { pattern: "/404", isDynamic: false, params: [], module: page_1, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/404.tsx" },
+  { pattern: "/about", isDynamic: false, params: [], module: page_2, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/about.tsx" },
+  { pattern: "/alias-test", isDynamic: false, params: [], module: page_3, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/alias-test.tsx" },
+  { pattern: "/before-pop-state-test", isDynamic: false, params: [], module: page_4, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/before-pop-state-test.tsx" },
+  { pattern: "/cjs/basic", isDynamic: false, params: [], module: page_5, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/cjs/basic.tsx" },
+  { pattern: "/cjs/random", isDynamic: false, params: [], module: page_6, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/cjs/random.ts" },
+  { pattern: "/config-test", isDynamic: false, params: [], module: page_7, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/config-test.tsx" },
+  { pattern: "/counter", isDynamic: false, params: [], module: page_8, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/counter.tsx" },
+  { pattern: "/dynamic-page", isDynamic: false, params: [], module: page_9, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/dynamic-page.tsx" },
+  { pattern: "/dynamic-ssr-false", isDynamic: false, params: [], module: page_10, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/dynamic-ssr-false.tsx" },
+  { pattern: "/isr-test", isDynamic: false, params: [], module: page_11, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/isr-test.tsx" },
+  { pattern: "/link-test", isDynamic: false, params: [], module: page_12, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/link-test.tsx" },
+  { pattern: "/nav-test", isDynamic: false, params: [], module: page_13, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/nav-test.tsx" },
+  { pattern: "/posts/missing", isDynamic: false, params: [], module: page_14, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/posts/missing.tsx" },
+  { pattern: "/redirect-xss", isDynamic: false, params: [], module: page_15, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/redirect-xss.tsx" },
+  { pattern: "/router-events-test", isDynamic: false, params: [], module: page_16, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/router-events-test.tsx" },
+  { pattern: "/script-test", isDynamic: false, params: [], module: page_17, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/script-test.tsx" },
+  { pattern: "/shallow-test", isDynamic: false, params: [], module: page_18, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/shallow-test.tsx" },
+  { pattern: "/ssr", isDynamic: false, params: [], module: page_19, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/ssr.tsx" },
+  { pattern: "/ssr-headers", isDynamic: false, params: [], module: page_20, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/ssr-headers.tsx" },
+  { pattern: "/ssr-res-end", isDynamic: false, params: [], module: page_21, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/ssr-res-end.tsx" },
+  { pattern: "/suspense-test", isDynamic: false, params: [], module: page_22, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/suspense-test.tsx" },
+  { pattern: "/articles/:id", isDynamic: true, params: ["id"], module: page_23, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/articles/[id].tsx" },
+  { pattern: "/blog/:slug", isDynamic: true, params: ["slug"], module: page_24, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/blog/[slug].tsx" },
+  { pattern: "/posts/:id", isDynamic: true, params: ["id"], module: page_25, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/posts/[id].tsx" },
+  { pattern: "/products/:pid", isDynamic: true, params: ["pid"], module: page_26, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/products/[pid].tsx" },
+  { pattern: "/docs/:slug+", isDynamic: true, params: ["slug"], module: page_27, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/docs/[...slug].tsx" },
+  { pattern: "/sign-up/:sign-up*", isDynamic: true, params: ["sign-up"], module: page_28, filePath: "<ROOT>/tests/fixtures/pages-basic/pages/sign-up/[[...sign-up]]/index.tsx" }
+];
+
+const apiRoutes = [
+  { pattern: "/api/binary", isDynamic: false, params: [], module: api_0 },
+  { pattern: "/api/error-route", isDynamic: false, params: [], module: api_1 },
+  { pattern: "/api/hello", isDynamic: false, params: [], module: api_2 },
+  { pattern: "/api/instrumentation-test", isDynamic: false, params: [], module: api_3 },
+  { pattern: "/api/middleware-test", isDynamic: false, params: [], module: api_4 },
+  { pattern: "/api/no-content-type", isDynamic: false, params: [], module: api_5 },
+  { pattern: "/api/users/:id", isDynamic: true, params: ["id"], module: api_6 }
+];
+
+function matchRoute(url, routes) {
+  const pathname = url.split("?")[0];
+  let normalizedUrl = pathname === "/" ? "/" : pathname.replace(/\\/$/, "");
+  // NOTE: Do NOT decodeURIComponent here. The pathname is already decoded at
+  // the entry point. Decoding again would create a double-decode vector.
+  for (const route of routes) {
+    const params = matchPattern(normalizedUrl, route.pattern);
+    if (params !== null) return { route, params };
+  }
+  return null;
+}
+
+function matchPattern(url, pattern) {
+  const urlParts = url.split("/").filter(Boolean);
+  const patternParts = pattern.split("/").filter(Boolean);
+  const params = Object.create(null);
+  for (let i = 0; i < patternParts.length; i++) {
+    const pp = patternParts[i];
+    if (pp.endsWith("+")) {
+      const paramName = pp.slice(1, -1);
+      const remaining = urlParts.slice(i);
+      if (remaining.length === 0) return null;
+      params[paramName] = remaining;
+      return params;
+    }
+    if (pp.endsWith("*")) {
+      const paramName = pp.slice(1, -1);
+      params[paramName] = urlParts.slice(i);
+      return params;
+    }
+    if (pp.startsWith(":")) {
+      if (i >= urlParts.length) return null;
+      params[pp.slice(1)] = urlParts[i];
+      continue;
+    }
+    if (i >= urlParts.length || urlParts[i] !== pp) return null;
+  }
+  if (urlParts.length !== patternParts.length) return null;
+  return params;
+}
+
+function parseQuery(url) {
+  const qs = url.split("?")[1];
+  if (!qs) return {};
+  const p = new URLSearchParams(qs);
+  const q = {};
+  for (const [k, v] of p) {
+    if (k in q) {
+      q[k] = Array.isArray(q[k]) ? q[k].concat(v) : [q[k], v];
+    } else {
+      q[k] = v;
+    }
+  }
+  return q;
+}
+
+function patternToNextFormat(pattern) {
+  return pattern
+    .replace(/:([\\w]+)\\*/g, "[[...$1]]")
+    .replace(/:([\\w]+)\\+/g, "[...$1]")
+    .replace(/:([\\w]+)/g, "[$1]");
+}
+
+function collectAssetTags(manifest, moduleIds) {
+  // Fall back to embedded manifest (set by vinext:cloudflare-build for Workers)
+  const m = (manifest && Object.keys(manifest).length > 0)
+    ? manifest
+    : (typeof globalThis !== "undefined" && globalThis.__VINEXT_SSR_MANIFEST__) || null;
+  const tags = [];
+  const seen = new Set();
+
+  // Load the set of lazy chunk filenames (only reachable via dynamic imports).
+  // These should NOT get <link rel="modulepreload"> or <script type="module">
+  // tags — they are fetched on demand when the dynamic import() executes (e.g.
+  // chunks behind React.lazy() or next/dynamic boundaries).
+  var lazyChunks = (typeof globalThis !== "undefined" && globalThis.__VINEXT_LAZY_CHUNKS__) || null;
+  var lazySet = lazyChunks && lazyChunks.length > 0 ? new Set(lazyChunks) : null;
+
+  // Inject the client entry script if embedded by vinext:cloudflare-build
+  if (typeof globalThis !== "undefined" && globalThis.__VINEXT_CLIENT_ENTRY__) {
+    const entry = globalThis.__VINEXT_CLIENT_ENTRY__;
+    seen.add(entry);
+    tags.push('<link rel="modulepreload" href="/' + entry + '" />');
+    tags.push('<script type="module" src="/' + entry + '" crossorigin></script>');
+  }
+  if (m) {
+    // Always inject shared chunks (framework, vinext runtime, entry) and
+    // page-specific chunks. The manifest maps module file paths to their
+    // associated JS/CSS assets.
+    //
+    // For page-specific injection, the module IDs may be absolute paths
+    // while the manifest uses relative paths. Try both the original ID
+    // and a suffix match to find the correct manifest entry.
+    var allFiles = [];
+
+    if (moduleIds && moduleIds.length > 0) {
+      // Collect assets for the requested page modules
+      for (var mi = 0; mi < moduleIds.length; mi++) {
+        var id = moduleIds[mi];
+        var files = m[id];
+        if (!files) {
+          // Absolute path didn't match — try matching by suffix.
+          // Manifest keys are relative (e.g. "pages/about.tsx") while
+          // moduleIds may be absolute (e.g. "/home/.../pages/about.tsx").
+          for (var mk in m) {
+            if (id.endsWith("/" + mk) || id === mk) {
+              files = m[mk];
+              break;
+            }
+          }
+        }
+        if (files) {
+          for (var fi = 0; fi < files.length; fi++) allFiles.push(files[fi]);
+        }
+      }
+
+      // Also inject shared chunks that every page needs: framework,
+      // vinext runtime, and the entry bootstrap. These are identified
+      // by scanning all manifest values for chunk filenames containing
+      // known prefixes.
+      for (var key in m) {
+        var vals = m[key];
+        if (!vals) continue;
+        for (var vi = 0; vi < vals.length; vi++) {
+          var file = vals[vi];
+          var basename = file.split("/").pop() || "";
+          if (
+            basename.startsWith("framework-") ||
+            basename.startsWith("vinext-") ||
+            basename.includes("vinext-client-entry") ||
+            basename.includes("vinext-app-browser-entry")
+          ) {
+            allFiles.push(file);
+          }
+        }
+      }
+    } else {
+      // No specific modules — include all assets from manifest
+      for (var akey in m) {
+        var avals = m[akey];
+        if (avals) {
+          for (var ai = 0; ai < avals.length; ai++) allFiles.push(avals[ai]);
+        }
+      }
+    }
+
+    for (var ti = 0; ti < allFiles.length; ti++) {
+      var tf = allFiles[ti];
+      // Normalize: Vite's SSR manifest values include a leading '/'
+      // (from base path), but we prepend '/' ourselves when building
+      // href/src attributes. Strip any existing leading slash to avoid
+      // producing protocol-relative URLs like "//assets/chunk.js".
+      // This also ensures consistent keys for the seen-set dedup and
+      // lazySet.has() checks (which use values without leading slash).
+      if (tf.charAt(0) === '/') tf = tf.slice(1);
+      if (seen.has(tf)) continue;
+      seen.add(tf);
+      if (tf.endsWith(".css")) {
+        tags.push('<link rel="stylesheet" href="/' + tf + '" />');
+      } else if (tf.endsWith(".js")) {
+        // Skip lazy chunks — they are behind dynamic import() boundaries
+        // (React.lazy, next/dynamic) and should only be fetched on demand.
+        if (lazySet && lazySet.has(tf)) continue;
+        tags.push('<link rel="modulepreload" href="/' + tf + '" />');
+        tags.push('<script type="module" src="/' + tf + '" crossorigin></script>');
+      }
+    }
+  }
+  return tags.join("\\n  ");
+}
+
+// i18n helpers
+function extractLocale(url) {
+  if (!i18nConfig) return { locale: undefined, url, hadPrefix: false };
+  const pathname = url.split("?")[0];
+  const parts = pathname.split("/").filter(Boolean);
+  const query = url.includes("?") ? url.slice(url.indexOf("?")) : "";
+  if (parts.length > 0 && i18nConfig.locales.includes(parts[0])) {
+    const locale = parts[0];
+    const rest = "/" + parts.slice(1).join("/");
+    return { locale, url: (rest || "/") + query, hadPrefix: true };
+  }
+  return { locale: i18nConfig.defaultLocale, url, hadPrefix: false };
+}
+
+function detectLocaleFromHeaders(headers) {
+  if (!i18nConfig) return null;
+  const acceptLang = headers.get("accept-language");
+  if (!acceptLang) return null;
+  const langs = acceptLang.split(",").map(function(part) {
+    const pieces = part.trim().split(";");
+    const q = pieces[1] ? parseFloat(pieces[1].replace("q=", "")) : 1;
+    return { lang: pieces[0].trim().toLowerCase(), q: q };
+  }).sort(function(a, b) { return b.q - a.q; });
+  for (let k = 0; k < langs.length; k++) {
+    const lang = langs[k].lang;
+    for (let j = 0; j < i18nConfig.locales.length; j++) {
+      if (i18nConfig.locales[j].toLowerCase() === lang) return i18nConfig.locales[j];
+    }
+    const prefix = lang.split("-")[0];
+    for (let j = 0; j < i18nConfig.locales.length; j++) {
+      const loc = i18nConfig.locales[j].toLowerCase();
+      if (loc === prefix || loc.startsWith(prefix + "-")) return i18nConfig.locales[j];
+    }
+  }
+  return null;
+}
+
+function parseCookieLocaleFromHeader(cookieHeader) {
+  if (!i18nConfig || !cookieHeader) return null;
+  const match = cookieHeader.match(/(?:^|;\\s*)NEXT_LOCALE=([^;]*)/);
+  if (!match) return null;
+  var value;
+  try { value = decodeURIComponent(match[1].trim()); } catch (e) { return null; }
+  if (i18nConfig.locales.indexOf(value) !== -1) return value;
+  return null;
+}
+
+function parseCookies(cookieHeader) {
+  const cookies = {};
+  if (!cookieHeader) return cookies;
+  for (const part of cookieHeader.split(";")) {
+    const [key, ...rest] = part.split("=");
+    if (key) cookies[key.trim()] = rest.join("=").trim();
+  }
+  return cookies;
+}
+
+// Lightweight req/res facade for getServerSideProps and API routes.
+// Next.js pages expect ctx.req/ctx.res with Node-like shapes.
+function createReqRes(request, url, query, body) {
+  const headersObj = {};
+  for (const [k, v] of request.headers) headersObj[k.toLowerCase()] = v;
+
+  const req = {
+    method: request.method,
+    url: url,
+    headers: headersObj,
+    query: query,
+    body: body,
+    cookies: parseCookies(request.headers.get("cookie")),
+  };
+
+  let resStatusCode = 200;
+  const resHeaders = {};
+  // set-cookie needs array support (multiple Set-Cookie headers are common)
+  const setCookieHeaders = [];
+  let resBody = null;
+  let ended = false;
+  let resolveResponse;
+  const responsePromise = new Promise(function(r) { resolveResponse = r; });
+
+  const res = {
+    get statusCode() { return resStatusCode; },
+    set statusCode(code) { resStatusCode = code; },
+    writeHead: function(code, headers) {
+      resStatusCode = code;
+      if (headers) {
+        for (const [k, v] of Object.entries(headers)) {
+          if (k.toLowerCase() === "set-cookie") {
+            if (Array.isArray(v)) { for (const c of v) setCookieHeaders.push(c); }
+            else { setCookieHeaders.push(v); }
+          } else {
+            resHeaders[k] = v;
+          }
+        }
+      }
+      return res;
+    },
+    setHeader: function(name, value) {
+      if (name.toLowerCase() === "set-cookie") {
+        if (Array.isArray(value)) { for (const c of value) setCookieHeaders.push(c); }
+        else { setCookieHeaders.push(value); }
+      } else {
+        resHeaders[name.toLowerCase()] = value;
+      }
+      return res;
+    },
+    getHeader: function(name) {
+      if (name.toLowerCase() === "set-cookie") return setCookieHeaders.length > 0 ? setCookieHeaders : undefined;
+      return resHeaders[name.toLowerCase()];
+    },
+    end: function(data) {
+      if (ended) return;
+      ended = true;
+      if (data !== undefined && data !== null) resBody = data;
+      const h = new Headers(resHeaders);
+      for (const c of setCookieHeaders) h.append("set-cookie", c);
+      resolveResponse(new Response(resBody, { status: resStatusCode, headers: h }));
+    },
+    status: function(code) { resStatusCode = code; return res; },
+    json: function(data) {
+      resHeaders["content-type"] = "application/json";
+      res.end(JSON.stringify(data));
+    },
+    send: function(data) {
+      if (typeof data === "object" && data !== null) { res.json(data); }
+      else { if (!resHeaders["content-type"]) resHeaders["content-type"] = "text/plain"; res.end(String(data)); }
+    },
+    redirect: function(statusOrUrl, url2) {
+      if (typeof statusOrUrl === "string") { res.writeHead(307, { Location: statusOrUrl }); }
+      else { res.writeHead(statusOrUrl, { Location: url2 }); }
+      res.end();
+    },
+    getHeaders: function() {
+      var h = Object.assign({}, resHeaders);
+      if (setCookieHeaders.length > 0) h["set-cookie"] = setCookieHeaders;
+      return h;
+    },
+    get headersSent() { return ended; },
+  };
+
+  return { req, res, responsePromise };
+}
+
+/**
+ * Read request body as text with a size limit.
+ * Throws if the body exceeds maxBytes. This prevents DoS via chunked
+ * transfer encoding where Content-Length is absent or spoofed.
+ */
+async function readBodyWithLimit(request, maxBytes) {
+  if (!request.body) return "";
+  var reader = request.body.getReader();
+  var decoder = new TextDecoder();
+  var chunks = [];
+  var totalSize = 0;
+  for (;;) {
+    var result = await reader.read();
+    if (result.done) break;
+    totalSize += result.value.byteLength;
+    if (totalSize > maxBytes) {
+      reader.cancel();
+      throw new Error("Request body too large");
+    }
+    chunks.push(decoder.decode(result.value, { stream: true }));
+  }
+  chunks.push(decoder.decode());
+  return chunks.join("");
+}
+
+export async function renderPage(request, url, manifest) {
+  const localeInfo = extractLocale(url);
+  const locale = localeInfo.locale;
+  const routeUrl = localeInfo.url;
+  const cookieHeader = request.headers.get("cookie") || "";
+
+  // i18n redirect: check NEXT_LOCALE cookie first, then Accept-Language
+  if (i18nConfig && !localeInfo.hadPrefix) {
+    const cookieLocale = parseCookieLocaleFromHeader(cookieHeader);
+    if (cookieLocale && cookieLocale !== i18nConfig.defaultLocale) {
+      return new Response(null, { status: 307, headers: { Location: "/" + cookieLocale + routeUrl } });
+    }
+    if (!cookieLocale && i18nConfig.localeDetection !== false) {
+      const detected = detectLocaleFromHeaders(request.headers);
+      if (detected && detected !== i18nConfig.defaultLocale) {
+        return new Response(null, { status: 307, headers: { Location: "/" + detected + routeUrl } });
+      }
+    }
+  }
+
+  const match = matchRoute(routeUrl, pageRoutes);
+  if (!match) {
+    return new Response("<!DOCTYPE html><html><body><h1>404 - Page not found</h1></body></html>",
+      { status: 404, headers: { "Content-Type": "text/html" } });
+  }
+
+  const { route, params } = match;
+  return runWithRouterState(() =>
+    runWithHeadState(() =>
+      _runWithCacheState(() =>
+        runWithPrivateCache(() =>
+          runWithFetchCache(async () => {
+  try {
+    if (typeof setSSRContext === "function") {
+      setSSRContext({
+        pathname: routeUrl.split("?")[0],
+        query: { ...params, ...parseQuery(routeUrl) },
+        asPath: routeUrl,
+        locale: locale,
+        locales: i18nConfig ? i18nConfig.locales : undefined,
+        defaultLocale: i18nConfig ? i18nConfig.defaultLocale : undefined,
+      });
+    }
+
+    if (i18nConfig) {
+      globalThis.__VINEXT_LOCALE__ = locale;
+      globalThis.__VINEXT_LOCALES__ = i18nConfig.locales;
+      globalThis.__VINEXT_DEFAULT_LOCALE__ = i18nConfig.defaultLocale;
+    }
+
+    const pageModule = route.module;
+    const PageComponent = pageModule.default;
+    if (!PageComponent) {
+      return new Response("Page has no default export", { status: 500 });
+    }
+
+    // Handle getStaticPaths for dynamic routes
+    if (typeof pageModule.getStaticPaths === "function" && route.isDynamic) {
+      const pathsResult = await pageModule.getStaticPaths({
+        locales: i18nConfig ? i18nConfig.locales : [],
+        defaultLocale: i18nConfig ? i18nConfig.defaultLocale : "",
+      });
+      const fallback = pathsResult && pathsResult.fallback !== undefined ? pathsResult.fallback : false;
+
+      if (fallback === false) {
+        const paths = pathsResult && pathsResult.paths ? pathsResult.paths : [];
+        const isValidPath = paths.some(function(p) {
+          return Object.entries(p.params).every(function(entry) {
+            var key = entry[0], val = entry[1];
+            var actual = params[key];
+            if (Array.isArray(val)) {
+              return Array.isArray(actual) && val.join("/") === actual.join("/");
+            }
+            return String(val) === String(actual);
+          });
+        });
+        if (!isValidPath) {
+          return new Response("<!DOCTYPE html><html><body><h1>404 - Page not found</h1></body></html>",
+            { status: 404, headers: { "Content-Type": "text/html" } });
+        }
+      }
+    }
+
+    let pageProps = {};
+    var gsspRes = null;
+    if (typeof pageModule.getServerSideProps === "function") {
+      const { req, res, responsePromise } = createReqRes(request, routeUrl, parseQuery(routeUrl), undefined);
+      const ctx = {
+        params, req, res,
+        query: parseQuery(routeUrl),
+        resolvedUrl: routeUrl,
+        locale: locale,
+        locales: i18nConfig ? i18nConfig.locales : undefined,
+        defaultLocale: i18nConfig ? i18nConfig.defaultLocale : undefined,
+      };
+      const result = await pageModule.getServerSideProps(ctx);
+      // If gSSP called res.end() directly (short-circuit), return that response.
+      if (res.headersSent) {
+        return await responsePromise;
+      }
+      if (result && result.props) pageProps = result.props;
+      if (result && result.redirect) {
+        var gsspStatus = result.redirect.statusCode != null ? result.redirect.statusCode : (result.redirect.permanent ? 308 : 307);
+        return new Response(null, { status: gsspStatus, headers: { Location: sanitizeDestinationLocal(result.redirect.destination) } });
+      }
+      if (result && result.notFound) {
+        return new Response("404", { status: 404 });
+      }
+      // Preserve the res object so headers/status/cookies set by gSSP
+      // can be merged into the final HTML response.
+      gsspRes = res;
+    }
+    // Build font Link header early so it's available for ISR cached responses too.
+    // Font preloads are module-level state populated at import time and persist across requests.
+    var _fontLinkHeader = "";
+    var _allFp = [];
+    try {
+      var _fpGoogle = typeof _getSSRFontPreloadsGoogle === "function" ? _getSSRFontPreloadsGoogle() : [];
+      var _fpLocal = typeof _getSSRFontPreloadsLocal === "function" ? _getSSRFontPreloadsLocal() : [];
+      _allFp = _fpGoogle.concat(_fpLocal);
+      if (_allFp.length > 0) {
+        _fontLinkHeader = _allFp.map(function(p) { return "<" + p.href + ">; rel=preload; as=font; type=" + p.type + "; crossorigin"; }).join(", ");
+      }
+    } catch (e) { /* font preloads not available */ }
+
+    let isrRevalidateSeconds = null;
+    if (typeof pageModule.getStaticProps === "function") {
+      const pathname = routeUrl.split("?")[0];
+      const cacheKey = "pages:" + (pathname === "/" ? "/" : pathname.replace(/\\/$/, ""));
+      const cached = await isrGet(cacheKey);
+
+      if (cached && !cached.isStale && cached.value.value && cached.value.value.kind === "PAGES") {
+        var _hitHeaders = {
+          "Content-Type": "text/html", "X-Vinext-Cache": "HIT",
+          "Cache-Control": "s-maxage=" + (cached.value.value.revalidate || 60) + ", stale-while-revalidate",
+        };
+        if (_fontLinkHeader) _hitHeaders["Link"] = _fontLinkHeader;
+        return new Response(cached.value.value.html, { status: 200, headers: _hitHeaders });
+      }
+
+      if (cached && cached.isStale && cached.value.value && cached.value.value.kind === "PAGES") {
+        triggerBackgroundRegeneration(cacheKey, async function() {
+          const freshResult = await pageModule.getStaticProps({ params });
+          if (freshResult && freshResult.props && typeof freshResult.revalidate === "number" && freshResult.revalidate > 0) {
+            await isrSet(cacheKey, { kind: "PAGES", html: cached.value.value.html, pageData: freshResult.props, headers: undefined, status: undefined }, freshResult.revalidate);
+          }
+        });
+        var _staleHeaders = {
+          "Content-Type": "text/html", "X-Vinext-Cache": "STALE",
+          "Cache-Control": "s-maxage=0, stale-while-revalidate",
+        };
+        if (_fontLinkHeader) _staleHeaders["Link"] = _fontLinkHeader;
+        return new Response(cached.value.value.html, { status: 200, headers: _staleHeaders });
+      }
+
+      const ctx = {
+        params,
+        locale: locale,
+        locales: i18nConfig ? i18nConfig.locales : undefined,
+        defaultLocale: i18nConfig ? i18nConfig.defaultLocale : undefined,
+      };
+      const result = await pageModule.getStaticProps(ctx);
+      if (result && result.props) pageProps = result.props;
+      if (result && result.redirect) {
+        var gspStatus = result.redirect.statusCode != null ? result.redirect.statusCode : (result.redirect.permanent ? 308 : 307);
+        return new Response(null, { status: gspStatus, headers: { Location: sanitizeDestinationLocal(result.redirect.destination) } });
+      }
+      if (result && result.notFound) {
+        return new Response("404", { status: 404 });
+      }
+      if (typeof result.revalidate === "number" && result.revalidate > 0) {
+        isrRevalidateSeconds = result.revalidate;
+      }
+    }
+
+    let element;
+    if (AppComponent) {
+      element = React.createElement(AppComponent, { Component: PageComponent, pageProps });
+    } else {
+      element = React.createElement(PageComponent, pageProps);
+    }
+    element = wrapWithRouterContext(element);
+
+    if (typeof resetSSRHead === "function") resetSSRHead();
+    if (typeof flushPreloads === "function") await flushPreloads();
+
+    const ssrHeadHTML = typeof getSSRHeadHTML === "function" ? getSSRHeadHTML() : "";
+
+    // Collect SSR font data (Google Font links, font preloads, font-face styles)
+    var fontHeadHTML = "";
+    function _escAttr(s) { return s.replace(/&/g, "&amp;").replace(/"/g, "&quot;"); }
+    try {
+      var fontLinks = typeof _getSSRFontLinks === "function" ? _getSSRFontLinks() : [];
+      for (var fl of fontLinks) { fontHeadHTML += '<link rel="stylesheet" href="' + _escAttr(fl) + '" />\\n  '; }
+    } catch (e) { /* next/font/google not used */ }
+    // Emit <link rel="preload"> for all font files (reuse _allFp collected earlier for Link header)
+    for (var fp of _allFp) { fontHeadHTML += '<link rel="preload" href="' + _escAttr(fp.href) + '" as="font" type="' + _escAttr(fp.type) + '" crossorigin />\\n  '; }
+    try {
+      var allFontStyles = [];
+      if (typeof _getSSRFontStylesGoogle === "function") allFontStyles.push(..._getSSRFontStylesGoogle());
+      if (typeof _getSSRFontStylesLocal === "function") allFontStyles.push(..._getSSRFontStylesLocal());
+      if (allFontStyles.length > 0) { fontHeadHTML += '<style data-vinext-fonts>' + allFontStyles.join("\\n") + '</style>\\n  '; }
+    } catch (e) { /* font styles not available */ }
+
+    const pageModuleIds = route.filePath ? [route.filePath] : [];
+    const assetTags = collectAssetTags(manifest, pageModuleIds);
+    const nextDataPayload = {
+      props: { pageProps }, page: patternToNextFormat(route.pattern), query: params, isFallback: false,
+    };
+    if (i18nConfig) {
+      nextDataPayload.locale = locale;
+      nextDataPayload.locales = i18nConfig.locales;
+      nextDataPayload.defaultLocale = i18nConfig.defaultLocale;
+    }
+    const localeGlobals = i18nConfig
+      ? ";window.__VINEXT_LOCALE__=" + safeJsonStringify(locale) +
+        ";window.__VINEXT_LOCALES__=" + safeJsonStringify(i18nConfig.locales) +
+        ";window.__VINEXT_DEFAULT_LOCALE__=" + safeJsonStringify(i18nConfig.defaultLocale)
+      : "";
+    const nextDataScript = "<script>window.__NEXT_DATA__ = " + safeJsonStringify(nextDataPayload) + localeGlobals + "</script>";
+
+    // Build the document shell with a placeholder for the streamed body
+    var BODY_MARKER = "<!--VINEXT_STREAM_BODY-->";
+    var shellHtml;
+    if (DocumentComponent) {
+      const docElement = React.createElement(DocumentComponent);
+      shellHtml = await renderToStringAsync(docElement);
+      shellHtml = shellHtml.replace("__NEXT_MAIN__", BODY_MARKER);
+      if (ssrHeadHTML || assetTags || fontHeadHTML) {
+        shellHtml = shellHtml.replace("</head>", "  " + fontHeadHTML + ssrHeadHTML + "\\n  " + assetTags + "\\n</head>");
+      }
+      shellHtml = shellHtml.replace("<!-- __NEXT_SCRIPTS__ -->", nextDataScript);
+      if (!shellHtml.includes("__NEXT_DATA__")) {
+        shellHtml = shellHtml.replace("</body>", "  " + nextDataScript + "\\n</body>");
+      }
+    } else {
+      shellHtml = "<!DOCTYPE html>\\n<html>\\n<head>\\n  <meta charset=\\"utf-8\\" />\\n  <meta name=\\"viewport\\" content=\\"width=device-width, initial-scale=1\\" />\\n  " + fontHeadHTML + ssrHeadHTML + "\\n  " + assetTags + "\\n</head>\\n<body>\\n  <div id=\\"__next\\">" + BODY_MARKER + "</div>\\n  " + nextDataScript + "\\n</body>\\n</html>";
+    }
+
+    if (typeof setSSRContext === "function") setSSRContext(null);
+
+    // Split the shell at the body marker
+    var markerIdx = shellHtml.indexOf(BODY_MARKER);
+    var shellPrefix = shellHtml.slice(0, markerIdx);
+    var shellSuffix = shellHtml.slice(markerIdx + BODY_MARKER.length);
+
+    // Start the React body stream — progressive SSR (no allReady wait)
+    var bodyStream = await renderToReadableStream(element);
+    var encoder = new TextEncoder();
+
+    // Create a composite stream: prefix + body + suffix
+    var compositeStream = new ReadableStream({
+      async start(controller) {
+        controller.enqueue(encoder.encode(shellPrefix));
+        var reader = bodyStream.getReader();
+        try {
+          for (;;) {
+            var chunk = await reader.read();
+            if (chunk.done) break;
+            controller.enqueue(chunk.value);
+          }
+        } finally {
+          reader.releaseLock();
+        }
+        controller.enqueue(encoder.encode(shellSuffix));
+        controller.close();
+      }
+    });
+
+    // Cache the rendered HTML for ISR (needs the full string — re-render synchronously)
+    if (isrRevalidateSeconds !== null && isrRevalidateSeconds > 0) {
+      // Tee the stream so we can cache and respond simultaneously would be ideal,
+      // but ISR responses are rare on first hit. Re-render to get complete HTML for cache.
+      var isrElement;
+      if (AppComponent) {
+        isrElement = React.createElement(AppComponent, { Component: PageComponent, pageProps });
+      } else {
+        isrElement = React.createElement(PageComponent, pageProps);
+      }
+      isrElement = wrapWithRouterContext(isrElement);
+      var isrHtml = await renderToStringAsync(isrElement);
+      var fullHtml = shellPrefix + isrHtml + shellSuffix;
+      var isrPathname = url.split("?")[0];
+      var isrCacheKey = "pages:" + (isrPathname === "/" ? "/" : isrPathname.replace(/\\/$/, ""));
+      await isrSet(isrCacheKey, { kind: "PAGES", html: fullHtml, pageData: pageProps, headers: undefined, status: undefined }, isrRevalidateSeconds);
+    }
+
+    // Merge headers/status/cookies set by getServerSideProps on the res object.
+    // gSSP commonly uses res.setHeader("Set-Cookie", ...) or res.status(304).
+    var finalStatus = 200;
+    const responseHeaders = new Headers({ "Content-Type": "text/html" });
+    if (gsspRes) {
+      finalStatus = gsspRes.statusCode;
+      var gsspHeaders = gsspRes.getHeaders();
+      for (var hk of Object.keys(gsspHeaders)) {
+        var hv = gsspHeaders[hk];
+        if (hk === "set-cookie" && Array.isArray(hv)) {
+          for (var sc of hv) responseHeaders.append("set-cookie", sc);
+        } else if (hv != null) {
+          responseHeaders.set(hk, String(hv));
+        }
+      }
+      // Ensure Content-Type stays text/html (gSSP shouldn't override it for page renders)
+      responseHeaders.set("Content-Type", "text/html");
+    }
+    if (isrRevalidateSeconds) {
+      responseHeaders.set("Cache-Control", "s-maxage=" + isrRevalidateSeconds + ", stale-while-revalidate");
+      responseHeaders.set("X-Vinext-Cache", "MISS");
+    }
+    // Set HTTP Link header for font preloading
+    if (_fontLinkHeader) {
+      responseHeaders.set("Link", _fontLinkHeader);
+    }
+    return new Response(compositeStream, { status: finalStatus, headers: responseHeaders });
+  } catch (e) {
+    console.error("[vinext] SSR error:", e);
+    return new Response("Internal Server Error", { status: 500 });
+  }
+          }) // end runWithFetchCache
+        ) // end runWithPrivateCache
+      ) // end _runWithCacheState
+    ) // end runWithHeadState
+  ); // end runWithRouterState
+}
+
+export async function handleApiRoute(request, url) {
+  const match = matchRoute(url, apiRoutes);
+  if (!match) {
+    return new Response("404 - API route not found", { status: 404 });
+  }
+
+  const { route, params } = match;
+  const handler = route.module.default;
+  if (typeof handler !== "function") {
+    return new Response("API route does not export a default function", { status: 500 });
+  }
+
+  const query = { ...params };
+  const qs = url.split("?")[1];
+  if (qs) {
+    for (const [k, v] of new URLSearchParams(qs)) {
+      if (k in query) {
+        // Multi-value: promote to array (Next.js returns string[] for duplicate keys)
+        query[k] = Array.isArray(query[k]) ? query[k].concat(v) : [query[k], v];
+      } else {
+        query[k] = v;
+      }
+    }
+  }
+
+  // Parse request body (enforce 1MB limit to prevent memory exhaustion,
+  // matching Next.js default bodyParser sizeLimit).
+  // Check Content-Length first as a fast path, then enforce on the actual
+  // stream to prevent bypasses via chunked transfer encoding.
+  const contentLength = parseInt(request.headers.get("content-length") || "0", 10);
+  if (contentLength > 1 * 1024 * 1024) {
+    return new Response("Request body too large", { status: 413 });
+  }
+  let body;
+  const ct = request.headers.get("content-type") || "";
+  let rawBody;
+  try { rawBody = await readBodyWithLimit(request, 1 * 1024 * 1024); }
+  catch { return new Response("Request body too large", { status: 413 }); }
+  if (!rawBody) {
+    body = undefined;
+  } else if (ct.includes("application/json")) {
+    try { body = JSON.parse(rawBody); } catch { body = rawBody; }
+  } else {
+    body = rawBody;
+  }
+
+  const { req, res, responsePromise } = createReqRes(request, url, query, body);
+
+  try {
+    await handler(req, res);
+    // If handler didn't call res.end(), end it now.
+    // The end() method is idempotent — safe to call twice.
+    res.end();
+    return await responsePromise;
+  } catch (e) {
+    console.error("[vinext] API error:", e);
+    return new Response("Internal Server Error", { status: 500 });
+  }
+}
+
+
+// --- Middleware support (generated from middleware-codegen.ts) ---
+
+function __normalizePath(pathname) {
+  if (
+    pathname === "/" ||
+    (pathname.length > 1 &&
+      pathname[0] === "/" &&
+      !pathname.includes("//") &&
+      !pathname.includes("/./") &&
+      !pathname.includes("/../") &&
+      !pathname.endsWith("/.") &&
+      !pathname.endsWith("/.."))
+  ) {
+    return pathname;
+  }
+  var segments = pathname.split("/");
+  var resolved = [];
+  for (var i = 0; i < segments.length; i++) {
+    var seg = segments[i];
+    if (seg === "" || seg === ".") continue;
+    if (seg === "..") { resolved.pop(); }
+    else { resolved.push(seg); }
+  }
+  return "/" + resolved.join("/");
+}
+
+function __isSafeRegex(pattern) {
+  var quantifierAtDepth = [];
+  var depth = 0;
+  var i = 0;
+  while (i < pattern.length) {
+    var ch = pattern[i];
+    if (ch === "\\\\") { i += 2; continue; }
+    if (ch === "[") {
+      i++;
+      while (i < pattern.length && pattern[i] !== "]") {
+        if (pattern[i] === "\\\\") i++;
+        i++;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "(") {
+      depth++;
+      if (quantifierAtDepth.length <= depth) quantifierAtDepth.push(false);
+      else quantifierAtDepth[depth] = false;
+      i++;
+      continue;
+    }
+    if (ch === ")") {
+      var hadQ = depth > 0 && quantifierAtDepth[depth];
+      if (depth > 0) depth--;
+      var next = pattern[i + 1];
+      if (next === "+" || next === "*" || next === "{") {
+        if (hadQ) return false;
+        if (depth >= 0 && depth < quantifierAtDepth.length) quantifierAtDepth[depth] = true;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "+" || ch === "*") {
+      if (depth > 0) quantifierAtDepth[depth] = true;
+      i++;
+      continue;
+    }
+    if (ch === "?") {
+      var prev = i > 0 ? pattern[i - 1] : "";
+      if (prev !== "+" && prev !== "*" && prev !== "?" && prev !== "}") {
+        if (depth > 0) quantifierAtDepth[depth] = true;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "{") {
+      var j = i + 1;
+      while (j < pattern.length && /[\\d,]/.test(pattern[j])) j++;
+      if (j < pattern.length && pattern[j] === "}" && j > i + 1) {
+        if (depth > 0) quantifierAtDepth[depth] = true;
+        i = j + 1;
+        continue;
+      }
+    }
+    i++;
+  }
+  return true;
+}
+function __safeRegExp(pattern, flags) {
+  if (!__isSafeRegex(pattern)) {
+    console.warn("[vinext] Ignoring potentially unsafe regex pattern (ReDoS risk): " + pattern);
+    return null;
+  }
+  try { return new RegExp(pattern, flags); } catch { return null; }
+}
+
+function matchMiddlewarePattern(pathname, pattern) {
+  // Regex patterns: if the pattern contains "(" or "\\" it's a regex —
+  // pass it through to RegExp directly WITHOUT dot-escaping.
+  // This guard prevents regex pattern corruption from dot-escaping.
+  if (pattern.includes("(") || pattern.includes("\\\\")) {
+    var re = __safeRegExp("^" + pattern + "$");
+    if (re) return re.test(pathname);
+  }
+  // Single-pass tokenizer (avoids chained .replace() flagged by CodeQL as
+  // incomplete sanitization — later passes could re-process earlier outputs).
+  var regexStr = "";
+  var tokenRe = /\\/:([\\w-]+)\\*|\\/:([\\w-]+)\\+|:([\\w-]+)|[.]|[^/:.]+|./g;
+  var tok;
+  while ((tok = tokenRe.exec(pattern)) !== null) {
+    if (tok[1] !== undefined) { regexStr += "(?:/.*)?"; }
+    else if (tok[2] !== undefined) { regexStr += "(?:/.+)"; }
+    else if (tok[3] !== undefined) { regexStr += "([^/]+)"; }
+    else if (tok[0] === ".") { regexStr += "\\\\."; }
+    else { regexStr += tok[0]; }
+  }
+  var re2 = __safeRegExp("^" + regexStr + "$");
+  return re2 ? re2.test(pathname) : pathname === pattern;
+}
+
+function matchesMiddleware(pathname, matcher) {
+  if (!matcher) {
+    return true;
+  }
+  var patterns = [];
+  if (typeof matcher === "string") { patterns.push(matcher); }
+  else if (Array.isArray(matcher)) {
+    for (var m of matcher) {
+      if (typeof m === "string") patterns.push(m);
+      else if (m && typeof m === "object" && "source" in m) patterns.push(m.source);
+    }
+  }
+  return patterns.some(function(p) { return matchMiddlewarePattern(pathname, p); });
+}
+
+export async function runMiddleware(request, ctx) {
+  var isProxy = false;
+  var middlewareFn = isProxy
+    ? (middlewareModule.proxy ?? middlewareModule.default)
+    : (middlewareModule.middleware ?? middlewareModule.default);
+  if (typeof middlewareFn !== "function") {
+    var fileType = isProxy ? "Proxy" : "Middleware";
+    var expectedExport = isProxy ? "proxy" : "middleware";
+    throw new Error("The " + fileType + " file must export a function named \`" + expectedExport + "\` or a \`default\` function.");
+  }
+
+  var config = middlewareModule.config;
+  var matcher = config && config.matcher;
+  var url = new URL(request.url);
+
+  // Normalize pathname before matching to prevent path-confusion bypasses
+  // (percent-encoding like /%61dmin, double slashes like /dashboard//settings).
+  var decodedPathname;
+  try { decodedPathname = decodeURIComponent(url.pathname); } catch (e) {
+    return { continue: false, response: new Response("Bad Request", { status: 400 }) };
+  }
+  var normalizedPathname = __normalizePath(decodedPathname);
+
+  if (!matchesMiddleware(normalizedPathname, matcher)) return { continue: true };
+
+   // Construct a new Request with the decoded + normalized pathname so middleware
+   // always sees the same canonical path that the router uses.
+  var mwRequest = request;
+  if (normalizedPathname !== url.pathname) {
+    var mwUrl = new URL(url);
+    mwUrl.pathname = normalizedPathname;
+    mwRequest = new Request(mwUrl, request);
+  }
+  var nextRequest = mwRequest instanceof NextRequest ? mwRequest : new NextRequest(mwRequest);
+  var fetchEvent = new NextFetchEvent({ page: normalizedPathname });
+  var response;
+  try { response = await middlewareFn(nextRequest, fetchEvent); }
+  catch (e) {
+    console.error("[vinext] Middleware error:", e);
+    return { continue: false, response: new Response("Internal Server Error", { status: 500 }) };
+  }
+  if (ctx && typeof ctx.waitUntil === "function") { ctx.waitUntil(fetchEvent.drainWaitUntil()); } else { fetchEvent.drainWaitUntil(); }
+
+  if (!response) return { continue: true };
+
+  if (response.headers.get("x-middleware-next") === "1") {
+    var rHeaders = new Headers();
+    for (var [key, value] of response.headers) {
+      // Keep x-middleware-request-* headers so the production server can
+      // apply middleware-request header overrides before stripping internals
+      // from the final client response.
+      if (
+        !key.startsWith("x-middleware-") ||
+        key.startsWith("x-middleware-request-")
+      ) rHeaders.append(key, value);
+    }
+    return { continue: true, responseHeaders: rHeaders };
+  }
+
+  if (response.status >= 300 && response.status < 400) {
+    var location = response.headers.get("Location") || response.headers.get("location");
+    if (location) return { continue: false, redirectUrl: location, redirectStatus: response.status };
+  }
+
+  var rewriteUrl = response.headers.get("x-middleware-rewrite");
+  if (rewriteUrl) {
+    var rwHeaders = new Headers();
+    for (var [k, v] of response.headers) {
+      if (!k.startsWith("x-middleware-") || k.startsWith("x-middleware-request-")) rwHeaders.append(k, v);
+    }
+    var rewritePath;
+    try { var parsed = new URL(rewriteUrl, request.url); rewritePath = parsed.pathname + parsed.search; }
+    catch { rewritePath = rewriteUrl; }
+    return { continue: true, rewriteUrl: rewritePath, rewriteStatus: response.status !== 200 ? response.status : undefined, responseHeaders: rwHeaders };
+  }
+
+  return { continue: false, response: response };
+}
+
+"
+`;
diff --git a/tests/entry-templates.test.ts b/tests/entry-templates.test.ts
new file mode 100644
index 00000000..25baee2e
--- /dev/null
+++ b/tests/entry-templates.test.ts
@@ -0,0 +1,193 @@
+/**
+ * Snapshot tests for the entry template code generators.
+ *
+ * These tests lock down the exact generated code for all virtual entry modules
+ * so that future refactoring (extracting generators into separate files, etc.)
+ * can be verified against a known baseline.
+ *
+ * - App Router generators are standalone exported functions → imported directly.
+ * - Pages Router generators are closures inside the plugin → tested via
+ *   Vite's pluginContainer.load() on the virtual module IDs.
+ */
+import path from "node:path";
+import { describe, it, expect, afterAll } from "vitest";
+import { createServer, type ViteDevServer } from "vite";
+import {
+  generateRscEntry,
+  generateSsrEntry,
+  generateBrowserEntry,
+} from "../packages/vinext/src/server/app-dev-server.js";
+import type { AppRouterConfig } from "../packages/vinext/src/server/app-dev-server.js";
+import type { AppRoute } from "../packages/vinext/src/routing/app-router.js";
+import vinext from "../packages/vinext/src/index.js";
+
+// Workspace root (forward-slash normalised) used to replace absolute paths
+// in generated code so snapshots are machine-independent.
+const ROOT = path.resolve(import.meta.dirname, "..").replace(/\\/g, "/");
+
+/** Replace all occurrences of the workspace root with `<ROOT>`. */
+function stabilize(code: string): string {
+  return code.replaceAll(ROOT, "<ROOT>");
+}
+
+// ── Minimal App Router route fixtures ─────────────────────────────────
+// Use stable absolute paths so snapshots don't depend on the machine.
+const minimalAppRoutes: AppRoute[] = [
+  {
+    pattern: "/",
+    pagePath: "/tmp/test/app/page.tsx",
+    routePath: null,
+    layouts: ["/tmp/test/app/layout.tsx"],
+    templates: [],
+    parallelSlots: [],
+    loadingPath: null,
+    errorPath: null,
+    layoutErrorPaths: [null],
+    notFoundPath: null,
+    notFoundPaths: [null],
+    forbiddenPath: null,
+    unauthorizedPath: null,
+    routeSegments: [],
+    layoutTreePositions: [0],
+    isDynamic: false,
+    params: [],
+  },
+  {
+    pattern: "/about",
+    pagePath: "/tmp/test/app/about/page.tsx",
+    routePath: null,
+    layouts: ["/tmp/test/app/layout.tsx"],
+    templates: [],
+    parallelSlots: [],
+    loadingPath: null,
+    errorPath: null,
+    layoutErrorPaths: [null],
+    notFoundPath: null,
+    notFoundPaths: [null],
+    forbiddenPath: null,
+    unauthorizedPath: null,
+    routeSegments: ["about"],
+    layoutTreePositions: [0],
+    isDynamic: false,
+    params: [],
+  },
+];
+
+// ── Pages Router fixture ──────────────────────────────────────────────
+const PAGES_FIXTURE_DIR = path.resolve(
+  import.meta.dirname,
+  "./fixtures/pages-basic",
+);
+
+// ── App Router entry templates ────────────────────────────────────────
+
+describe("App Router entry templates", () => {
+  it("generateRscEntry snapshot (minimal routes)", () => {
+    const code = generateRscEntry(
+      "/tmp/test/app",
+      minimalAppRoutes,
+      null,  // no middleware
+      [],    // no metadata routes
+      null,  // no global error
+      "",    // no basePath
+      false, // no trailingSlash
+    );
+    expect(code).toMatchSnapshot();
+  });
+
+  it("generateRscEntry snapshot (with middleware)", () => {
+    const code = generateRscEntry(
+      "/tmp/test/app",
+      minimalAppRoutes,
+      "/tmp/test/middleware.ts",
+      [],
+      null,
+      "",
+      false,
+    );
+    expect(code).toMatchSnapshot();
+  });
+
+  it("generateRscEntry snapshot (with config)", () => {
+    const config: AppRouterConfig = {
+      redirects: [
+        { source: "/old", destination: "/new", permanent: true },
+      ],
+      rewrites: {
+        beforeFiles: [
+          { source: "/api/:path*", destination: "/backend/:path*" },
+        ],
+        afterFiles: [],
+        fallback: [],
+      },
+      headers: [
+        {
+          source: "/api/:path*",
+          headers: [{ key: "X-Custom", value: "test" }],
+        },
+      ],
+    };
+    const code = generateRscEntry(
+      "/tmp/test/app",
+      minimalAppRoutes,
+      null,
+      [],
+      null,
+      "/base",
+      true,
+      config,
+    );
+    expect(code).toMatchSnapshot();
+  });
+
+  it("generateSsrEntry snapshot", () => {
+    const code = generateSsrEntry();
+    expect(code).toMatchSnapshot();
+  });
+
+  it("generateBrowserEntry snapshot", () => {
+    const code = generateBrowserEntry();
+    expect(code).toMatchSnapshot();
+  });
+});
+
+// ── Pages Router entry templates ──────────────────────────────────────
+// These are closure functions inside the vinext() plugin, so we test
+// them via Vite's pluginContainer.load() on the virtual module IDs.
+
+describe("Pages Router entry templates", () => {
+  let server: ViteDevServer;
+
+  afterAll(async () => {
+    if (server) await server.close();
+  });
+
+  async function getVirtualModuleCode(moduleId: string): Promise<string> {
+    if (!server) {
+      server = await createServer({
+        root: PAGES_FIXTURE_DIR,
+        configFile: false,
+        plugins: [vinext()],
+        server: { port: 0 },
+        logLevel: "silent",
+      });
+    }
+    const resolved = await server.pluginContainer.resolveId(moduleId);
+    expect(resolved).toBeTruthy();
+    const loaded = await server.pluginContainer.load(resolved!.id);
+    expect(loaded).toBeTruthy();
+    return typeof loaded === "string"
+      ? loaded
+      : (loaded as any)?.code ?? "";
+  }
+
+  it("server entry snapshot", async () => {
+    const code = await getVirtualModuleCode("virtual:vinext-server-entry");
+    expect(stabilize(code)).toMatchSnapshot();
+  });
+
+  it("client entry snapshot", async () => {
+    const code = await getVirtualModuleCode("virtual:vinext-client-entry");
+    expect(stabilize(code)).toMatchSnapshot();
+  });
+});

From c706467db6b588bc7c91f6d9d3d8b8fe09d43bc8 Mon Sep 17 00:00:00 2001
From: James <james@eli.cx>
Date: Sun, 8 Mar 2026 15:33:51 +0000
Subject: [PATCH 2/8] test: update entry template snapshots after merging main

---
 .../entry-templates.test.ts.snap              | 103 ++++++++++++------
 1 file changed, 67 insertions(+), 36 deletions(-)

diff --git a/tests/__snapshots__/entry-templates.test.ts.snap b/tests/__snapshots__/entry-templates.test.ts.snap
index 51a3c1c2..659233f9 100644
--- a/tests/__snapshots__/entry-templates.test.ts.snap
+++ b/tests/__snapshots__/entry-templates.test.ts.snap
@@ -648,11 +648,12 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
     // client-side tree reconciliation.
     const _treePositions = route?.layoutTreePositions;
     const _routeSegs = route?.routeSegments || [];
-    const _fallbackParams = opts?.params || {};
+    const _fallbackParams = opts?.matchedParams ?? route?.params ?? {};
+    const _asyncFallbackParams = makeThenableParams(_fallbackParams);
     for (let i = layouts.length - 1; i >= 0; i--) {
       const LayoutComponent = layouts[i]?.default;
       if (LayoutComponent) {
-        element = createElement(LayoutComponent, { children: element });
+        element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParams });
         const _tp = _treePositions ? _treePositions[i] : 0;
         const _cs = __resolveChildSegments(_routeSegs, _tp, _fallbackParams);
         element = createElement(LayoutSegmentProvider, { childSegments: _cs }, element);
@@ -669,10 +670,12 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
   }
   // For HTML (full page load) responses, wrap with layouts only (no client-side
   // wrappers needed since SSR generates the complete HTML document).
+  const _fallbackParamsHtml = opts?.matchedParams ?? route?.params ?? {};
+  const _asyncFallbackParamsHtml = makeThenableParams(_fallbackParamsHtml);
   for (let i = layouts.length - 1; i >= 0; i--) {
     const LayoutComponent = layouts[i]?.default;
     if (LayoutComponent) {
-      element = createElement(LayoutComponent, { children: element });
+      element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParamsHtml });
     }
   }
   const rscStream = renderToReadableStream(element, { onError: rscOnError });
@@ -696,8 +699,8 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
 }
 
 /** Convenience: render a not-found page (404) */
-async function renderNotFoundPage(route, isRscRequest, request, params) {
-  return renderHTTPAccessFallbackPage(route, 404, isRscRequest, request, { params });
+async function renderNotFoundPage(route, isRscRequest, request, matchedParams) {
+  return renderHTTPAccessFallbackPage(route, 404, isRscRequest, request, { matchedParams });
 }
 
 /**
@@ -707,7 +710,7 @@ async function renderNotFoundPage(route, isRscRequest, request, params) {
  * Next.js returns HTTP 200 when error.tsx catches an error (the error is "handled"
  * by the boundary). This matches that behavior intentionally.
  */
-async function renderErrorBoundaryPage(route, error, isRscRequest, request, params) {
+async function renderErrorBoundaryPage(route, error, isRscRequest, request, matchedParams) {
   // Resolve the error boundary component: leaf error.tsx first, then walk per-layout
   // errors from innermost to outermost (matching ancestor inheritance), then global-error.tsx.
   let ErrorComponent = route?.error?.default ?? null;
@@ -742,11 +745,12 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, para
     // Same rationale as renderHTTPAccessFallbackPage — see comment there.
     const _errTreePositions = route?.layoutTreePositions;
     const _errRouteSegs = route?.routeSegments || [];
-    const _errParams = params || {};
+    const _errParams = matchedParams ?? route?.params ?? {};
+    const _asyncErrParams = makeThenableParams(_errParams);
     for (let i = layouts.length - 1; i >= 0; i--) {
       const LayoutComponent = layouts[i]?.default;
       if (LayoutComponent) {
-        element = createElement(LayoutComponent, { children: element });
+        element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
         const _etp = _errTreePositions ? _errTreePositions[i] : 0;
         const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
         element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
@@ -762,10 +766,12 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, para
     });
   }
   // For HTML (full page load) responses, wrap with layouts only.
+  const _errParamsHtml = matchedParams ?? route?.params ?? {};
+  const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
   for (let i = layouts.length - 1; i >= 0; i--) {
     const LayoutComponent = layouts[i]?.default;
     if (LayoutComponent) {
-      element = createElement(LayoutComponent, { children: element });
+      element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
     }
   }
   const rscStream = renderToReadableStream(element, { onError: rscOnError });
@@ -2276,7 +2282,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       }
       if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
         const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
-        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { params });
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { matchedParams: params });
         if (fallbackResp) return fallbackResp;
         setHeadersContext(null);
         setNavigationContext(null);
@@ -2307,7 +2313,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       }
       if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
         const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
-        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { params });
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { matchedParams: params });
         if (fallbackResp) return fallbackResp;
         setHeadersContext(null);
         setNavigationContext(null);
@@ -2372,7 +2378,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
               const parentLayouts = route.layouts.slice(0, li);
               const fallbackResp = await renderHTTPAccessFallbackPage(
                 route, statusCode, isRscRequest, request,
-                { boundaryComponent: parentNotFound, layouts: parentLayouts, params }
+                { boundaryComponent: parentNotFound, layouts: parentLayouts, matchedParams: params }
               );
               if (fallbackResp) return fallbackResp;
               setHeadersContext(null);
@@ -2988,11 +2994,12 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
     // client-side tree reconciliation.
     const _treePositions = route?.layoutTreePositions;
     const _routeSegs = route?.routeSegments || [];
-    const _fallbackParams = opts?.params || {};
+    const _fallbackParams = opts?.matchedParams ?? route?.params ?? {};
+    const _asyncFallbackParams = makeThenableParams(_fallbackParams);
     for (let i = layouts.length - 1; i >= 0; i--) {
       const LayoutComponent = layouts[i]?.default;
       if (LayoutComponent) {
-        element = createElement(LayoutComponent, { children: element });
+        element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParams });
         const _tp = _treePositions ? _treePositions[i] : 0;
         const _cs = __resolveChildSegments(_routeSegs, _tp, _fallbackParams);
         element = createElement(LayoutSegmentProvider, { childSegments: _cs }, element);
@@ -3009,10 +3016,12 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
   }
   // For HTML (full page load) responses, wrap with layouts only (no client-side
   // wrappers needed since SSR generates the complete HTML document).
+  const _fallbackParamsHtml = opts?.matchedParams ?? route?.params ?? {};
+  const _asyncFallbackParamsHtml = makeThenableParams(_fallbackParamsHtml);
   for (let i = layouts.length - 1; i >= 0; i--) {
     const LayoutComponent = layouts[i]?.default;
     if (LayoutComponent) {
-      element = createElement(LayoutComponent, { children: element });
+      element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParamsHtml });
     }
   }
   const rscStream = renderToReadableStream(element, { onError: rscOnError });
@@ -3036,8 +3045,8 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
 }
 
 /** Convenience: render a not-found page (404) */
-async function renderNotFoundPage(route, isRscRequest, request, params) {
-  return renderHTTPAccessFallbackPage(route, 404, isRscRequest, request, { params });
+async function renderNotFoundPage(route, isRscRequest, request, matchedParams) {
+  return renderHTTPAccessFallbackPage(route, 404, isRscRequest, request, { matchedParams });
 }
 
 /**
@@ -3047,7 +3056,7 @@ async function renderNotFoundPage(route, isRscRequest, request, params) {
  * Next.js returns HTTP 200 when error.tsx catches an error (the error is "handled"
  * by the boundary). This matches that behavior intentionally.
  */
-async function renderErrorBoundaryPage(route, error, isRscRequest, request, params) {
+async function renderErrorBoundaryPage(route, error, isRscRequest, request, matchedParams) {
   // Resolve the error boundary component: leaf error.tsx first, then walk per-layout
   // errors from innermost to outermost (matching ancestor inheritance), then global-error.tsx.
   let ErrorComponent = route?.error?.default ?? null;
@@ -3082,11 +3091,12 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, para
     // Same rationale as renderHTTPAccessFallbackPage — see comment there.
     const _errTreePositions = route?.layoutTreePositions;
     const _errRouteSegs = route?.routeSegments || [];
-    const _errParams = params || {};
+    const _errParams = matchedParams ?? route?.params ?? {};
+    const _asyncErrParams = makeThenableParams(_errParams);
     for (let i = layouts.length - 1; i >= 0; i--) {
       const LayoutComponent = layouts[i]?.default;
       if (LayoutComponent) {
-        element = createElement(LayoutComponent, { children: element });
+        element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
         const _etp = _errTreePositions ? _errTreePositions[i] : 0;
         const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
         element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
@@ -3102,10 +3112,12 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, para
     });
   }
   // For HTML (full page load) responses, wrap with layouts only.
+  const _errParamsHtml = matchedParams ?? route?.params ?? {};
+  const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
   for (let i = layouts.length - 1; i >= 0; i--) {
     const LayoutComponent = layouts[i]?.default;
     if (LayoutComponent) {
-      element = createElement(LayoutComponent, { children: element });
+      element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
     }
   }
   const rscStream = renderToReadableStream(element, { onError: rscOnError });
@@ -4621,7 +4633,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       }
       if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
         const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
-        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { params });
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { matchedParams: params });
         if (fallbackResp) return fallbackResp;
         setHeadersContext(null);
         setNavigationContext(null);
@@ -4652,7 +4664,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       }
       if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
         const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
-        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { params });
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { matchedParams: params });
         if (fallbackResp) return fallbackResp;
         setHeadersContext(null);
         setNavigationContext(null);
@@ -4717,7 +4729,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
               const parentLayouts = route.layouts.slice(0, li);
               const fallbackResp = await renderHTTPAccessFallbackPage(
                 route, statusCode, isRscRequest, request,
-                { boundaryComponent: parentNotFound, layouts: parentLayouts, params }
+                { boundaryComponent: parentNotFound, layouts: parentLayouts, matchedParams: params }
               );
               if (fallbackResp) return fallbackResp;
               setHeadersContext(null);
@@ -5333,11 +5345,12 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
     // client-side tree reconciliation.
     const _treePositions = route?.layoutTreePositions;
     const _routeSegs = route?.routeSegments || [];
-    const _fallbackParams = opts?.params || {};
+    const _fallbackParams = opts?.matchedParams ?? route?.params ?? {};
+    const _asyncFallbackParams = makeThenableParams(_fallbackParams);
     for (let i = layouts.length - 1; i >= 0; i--) {
       const LayoutComponent = layouts[i]?.default;
       if (LayoutComponent) {
-        element = createElement(LayoutComponent, { children: element });
+        element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParams });
         const _tp = _treePositions ? _treePositions[i] : 0;
         const _cs = __resolveChildSegments(_routeSegs, _tp, _fallbackParams);
         element = createElement(LayoutSegmentProvider, { childSegments: _cs }, element);
@@ -5354,10 +5367,12 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
   }
   // For HTML (full page load) responses, wrap with layouts only (no client-side
   // wrappers needed since SSR generates the complete HTML document).
+  const _fallbackParamsHtml = opts?.matchedParams ?? route?.params ?? {};
+  const _asyncFallbackParamsHtml = makeThenableParams(_fallbackParamsHtml);
   for (let i = layouts.length - 1; i >= 0; i--) {
     const LayoutComponent = layouts[i]?.default;
     if (LayoutComponent) {
-      element = createElement(LayoutComponent, { children: element });
+      element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParamsHtml });
     }
   }
   const rscStream = renderToReadableStream(element, { onError: rscOnError });
@@ -5381,8 +5396,8 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
 }
 
 /** Convenience: render a not-found page (404) */
-async function renderNotFoundPage(route, isRscRequest, request, params) {
-  return renderHTTPAccessFallbackPage(route, 404, isRscRequest, request, { params });
+async function renderNotFoundPage(route, isRscRequest, request, matchedParams) {
+  return renderHTTPAccessFallbackPage(route, 404, isRscRequest, request, { matchedParams });
 }
 
 /**
@@ -5392,7 +5407,7 @@ async function renderNotFoundPage(route, isRscRequest, request, params) {
  * Next.js returns HTTP 200 when error.tsx catches an error (the error is "handled"
  * by the boundary). This matches that behavior intentionally.
  */
-async function renderErrorBoundaryPage(route, error, isRscRequest, request, params) {
+async function renderErrorBoundaryPage(route, error, isRscRequest, request, matchedParams) {
   // Resolve the error boundary component: leaf error.tsx first, then walk per-layout
   // errors from innermost to outermost (matching ancestor inheritance), then global-error.tsx.
   let ErrorComponent = route?.error?.default ?? null;
@@ -5427,11 +5442,12 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, para
     // Same rationale as renderHTTPAccessFallbackPage — see comment there.
     const _errTreePositions = route?.layoutTreePositions;
     const _errRouteSegs = route?.routeSegments || [];
-    const _errParams = params || {};
+    const _errParams = matchedParams ?? route?.params ?? {};
+    const _asyncErrParams = makeThenableParams(_errParams);
     for (let i = layouts.length - 1; i >= 0; i--) {
       const LayoutComponent = layouts[i]?.default;
       if (LayoutComponent) {
-        element = createElement(LayoutComponent, { children: element });
+        element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
         const _etp = _errTreePositions ? _errTreePositions[i] : 0;
         const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
         element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
@@ -5447,10 +5463,12 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, para
     });
   }
   // For HTML (full page load) responses, wrap with layouts only.
+  const _errParamsHtml = matchedParams ?? route?.params ?? {};
+  const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
   for (let i = layouts.length - 1; i >= 0; i--) {
     const LayoutComponent = layouts[i]?.default;
     if (LayoutComponent) {
-      element = createElement(LayoutComponent, { children: element });
+      element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
     }
   }
   const rscStream = renderToReadableStream(element, { onError: rscOnError });
@@ -7085,7 +7103,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       }
       if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
         const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
-        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { params });
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { matchedParams: params });
         if (fallbackResp) return fallbackResp;
         setHeadersContext(null);
         setNavigationContext(null);
@@ -7116,7 +7134,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       }
       if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
         const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
-        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { params });
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { matchedParams: params });
         if (fallbackResp) return fallbackResp;
         setHeadersContext(null);
         setNavigationContext(null);
@@ -7181,7 +7199,7 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
               const parentLayouts = route.layouts.slice(0, li);
               const fallbackResp = await renderHTTPAccessFallbackPage(
                 route, statusCode, isRscRequest, request,
-                { boundaryComponent: parentNotFound, layouts: parentLayouts, params }
+                { boundaryComponent: parentNotFound, layouts: parentLayouts, matchedParams: params }
               );
               if (fallbackResp) return fallbackResp;
               setHeadersContext(null);
@@ -8013,9 +8031,22 @@ import { runWithHeadState } from "vinext/head-state";
 import { safeJsonStringify } from "vinext/html";
 import { getSSRFontLinks as _getSSRFontLinks, getSSRFontStyles as _getSSRFontStylesGoogle, getSSRFontPreloads as _getSSRFontPreloadsGoogle } from "next/font/google";
 import { getSSRFontStyles as _getSSRFontStylesLocal, getSSRFontPreloads as _getSSRFontPreloadsLocal } from "next/font/local";
+import * as _instrumentation from "<ROOT>/tests/fixtures/pages-basic/instrumentation.ts";
 import * as middlewareModule from "<ROOT>/tests/fixtures/pages-basic/middleware.ts";
 import { NextRequest, NextFetchEvent } from "next/server";
 
+// Run instrumentation register() once at module evaluation time — before any
+// requests are handled. Matches Next.js semantics: register() is called once
+// on startup in the process that handles requests.
+if (typeof _instrumentation.register === "function") {
+  await _instrumentation.register();
+}
+// Store the onRequestError handler on globalThis so it is visible to all
+// code within the Worker (same global scope).
+if (typeof _instrumentation.onRequestError === "function") {
+  globalThis.__VINEXT_onRequestErrorHandler__ = _instrumentation.onRequestError;
+}
+
 // i18n config (embedded at build time)
 const i18nConfig = null;
 

From 0f38e0f3563a53e3e8f6be25635f3d402a03deb8 Mon Sep 17 00:00:00 2001
From: James <james@eli.cx>
Date: Sun, 8 Mar 2026 15:34:59 +0000
Subject: [PATCH 3/8] test: address bonk review comments on entry-template
 snapshot tests

- Add comment on PAGES_FIXTURE_DIR warning about snapshot coupling
- Add generateRscEntry snapshot test covering instrumentationPath arg
---
 .../entry-templates.test.ts.snap              | 2361 +++++++++++++++++
 tests/entry-templates.test.ts                 |   18 +
 2 files changed, 2379 insertions(+)

diff --git a/tests/__snapshots__/entry-templates.test.ts.snap b/tests/__snapshots__/entry-templates.test.ts.snap
index 659233f9..f489c95f 100644
--- a/tests/__snapshots__/entry-templates.test.ts.snap
+++ b/tests/__snapshots__/entry-templates.test.ts.snap
@@ -5018,6 +5018,2367 @@ if (import.meta.hot) {
 "
 `;
 
+exports[`App Router entry templates > generateRscEntry snapshot (with instrumentation) 1`] = `
+"
+import {
+  renderToReadableStream,
+  decodeReply,
+  loadServerAction,
+  createTemporaryReferenceSet,
+} from "@vitejs/plugin-rsc/rsc";
+import { AsyncLocalStorage } from "node:async_hooks";
+import { createElement, Suspense, Fragment } from "react";
+import { setNavigationContext as _setNavigationContextOrig, getNavigationContext as _getNavigationContext } from "next/navigation";
+import { setHeadersContext, headersContextFromRequest, getDraftModeCookieHeader, getAndClearPendingCookies, consumeDynamicUsage, markDynamicUsage, runWithHeadersContext, applyMiddlewareRequestHeaders, getHeadersContext } from "next/headers";
+import { NextRequest, NextFetchEvent } from "next/server";
+import { ErrorBoundary, NotFoundBoundary } from "vinext/error-boundary";
+import { LayoutSegmentProvider } from "vinext/layout-segment-context";
+import { MetadataHead, mergeMetadata, resolveModuleMetadata, ViewportHead, mergeViewport, resolveModuleViewport } from "vinext/metadata";
+
+import * as _instrumentation from "/tmp/test/instrumentation.ts";
+
+import { _consumeRequestScopedCacheLife, _runWithCacheState } from "next/cache";
+import { runWithFetchCache } from "vinext/fetch-cache";
+import { runWithPrivateCache as _runWithPrivateCache } from "vinext/cache-runtime";
+// Import server-only state module to register ALS-backed accessors.
+import { runWithNavigationContext as _runWithNavigationContext } from "vinext/navigation-state";
+import { reportRequestError as _reportRequestError } from "vinext/instrumentation";
+import { getSSRFontLinks as _getSSRFontLinks, getSSRFontStyles as _getSSRFontStylesGoogle, getSSRFontPreloads as _getSSRFontPreloadsGoogle } from "next/font/google";
+import { getSSRFontStyles as _getSSRFontStylesLocal, getSSRFontPreloads as _getSSRFontPreloadsLocal } from "next/font/local";
+function _getSSRFontStyles() { return [..._getSSRFontStylesGoogle(), ..._getSSRFontStylesLocal()]; }
+function _getSSRFontPreloads() { return [..._getSSRFontPreloadsGoogle(), ..._getSSRFontPreloadsLocal()]; }
+
+// ALS used to suppress the expected "Invalid hook call" dev warning when
+// layout/page components are probed outside React's render cycle. Patching
+// console.error once at module load (instead of per-request) avoids the
+// concurrent-request issue where request A's suppression filter could
+// swallow real errors from request B.
+const _suppressHookWarningAls = new AsyncLocalStorage();
+const _origConsoleError = console.error;
+console.error = (...args) => {
+  if (_suppressHookWarningAls.getStore() === true &&
+      typeof args[0] === "string" &&
+      args[0].includes("Invalid hook call")) return;
+  _origConsoleError.apply(console, args);
+};
+
+// Set navigation context in the ALS-backed store. "use client" components
+// rendered during SSR need the pathname/searchParams/params but the SSR
+// environment has a separate module instance of next/navigation.
+// Use _getNavigationContext() to read the current context — never cache
+// it in a module-level variable (that would leak between concurrent requests).
+function setNavigationContext(ctx) {
+  _setNavigationContextOrig(ctx);
+}
+
+// ISR cache is disabled in dev mode — every request re-renders fresh,
+// matching Next.js dev behavior. Cache-Control headers are still emitted
+// based on export const revalidate for testing purposes.
+// Production ISR is handled by prod-server.ts and the Cloudflare worker entry.
+
+// Normalize null-prototype objects from matchPattern() into thenable objects
+// that work both as Promises (for Next.js 15+ async params) and as plain
+// objects with synchronous property access (for pre-15 code like params.id).
+//
+// matchPattern() uses Object.create(null), producing objects without
+// Object.prototype. The RSC serializer rejects these. Spreading ({...obj})
+// restores a normal prototype. Object.assign onto the Promise preserves
+// synchronous property access (params.id, params.slug) that existing
+// components and test fixtures rely on.
+function makeThenableParams(obj) {
+  const plain = { ...obj };
+  return Object.assign(Promise.resolve(plain), plain);
+}
+
+// Resolve route tree segments to actual values using matched params.
+// Dynamic segments like [id] are replaced with param values, catch-all
+// segments like [...slug] are joined with "/", and route groups are kept as-is.
+function __resolveChildSegments(routeSegments, treePosition, params) {
+  var raw = routeSegments.slice(treePosition);
+  var result = [];
+  for (var j = 0; j < raw.length; j++) {
+    var seg = raw[j];
+    // Optional catch-all: [[...param]]
+    if (seg.indexOf("[[...") === 0 && seg.charAt(seg.length - 1) === "]" && seg.charAt(seg.length - 2) === "]") {
+      var pn = seg.slice(5, -2);
+      var v = params[pn];
+      // Skip empty optional catch-all (e.g., visiting /blog on [[...slug]] route)
+      if (Array.isArray(v) && v.length === 0) continue;
+      if (v == null) continue;
+      result.push(Array.isArray(v) ? v.join("/") : v);
+    // Catch-all: [...param]
+    } else if (seg.indexOf("[...") === 0 && seg.charAt(seg.length - 1) === "]") {
+      var pn2 = seg.slice(4, -1);
+      var v2 = params[pn2];
+      result.push(Array.isArray(v2) ? v2.join("/") : (v2 || seg));
+    // Dynamic: [param]
+    } else if (seg.charAt(0) === "[" && seg.charAt(seg.length - 1) === "]" && seg.indexOf(".") === -1) {
+      var pn3 = seg.slice(1, -1);
+      result.push(params[pn3] || seg);
+    } else {
+      result.push(seg);
+    }
+  }
+  return result;
+}
+
+// djb2 hash — matches Next.js's stringHash for digest generation.
+// Produces a stable numeric string from error message + stack.
+function __errorDigest(str) {
+  let hash = 5381;
+  for (let i = str.length - 1; i >= 0; i--) {
+    hash = (hash * 33) ^ str.charCodeAt(i);
+  }
+  return (hash >>> 0).toString();
+}
+
+// Sanitize an error for client consumption. In production, replaces the error
+// with a generic Error that only carries a digest hash (matching Next.js
+// behavior). In development, returns the original error for debugging.
+// Navigation errors (redirect, notFound, etc.) are always passed through
+// unchanged since their digests are used for client-side routing.
+function __sanitizeErrorForClient(error) {
+  // Navigation errors must pass through with their digest intact
+  if (error && typeof error === "object" && "digest" in error) {
+    const digest = String(error.digest);
+    if (
+      digest.startsWith("NEXT_REDIRECT;") ||
+      digest === "NEXT_NOT_FOUND" ||
+      digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")
+    ) {
+      return error;
+    }
+  }
+  // In development, pass through the original error for debugging
+  if (process.env.NODE_ENV !== "production") {
+    return error;
+  }
+  // In production, create a sanitized error with only a digest hash
+  const msg = error instanceof Error ? error.message : String(error);
+  const stack = error instanceof Error ? (error.stack || "") : "";
+  const sanitized = new Error(
+    "An error occurred in the Server Components render. " +
+    "The specific message is omitted in production builds to avoid leaking sensitive details. " +
+    "A digest property is included on this error instance which may provide additional details about the nature of the error."
+  );
+  sanitized.digest = __errorDigest(msg + stack);
+  return sanitized;
+}
+
+// onError callback for renderToReadableStream — preserves the digest for
+// Next.js navigation errors (redirect, notFound, forbidden, unauthorized)
+// thrown during RSC streaming (e.g. inside Suspense boundaries).
+// For non-navigation errors in production, generates a digest hash so the
+// error can be correlated with server logs without leaking details.
+function rscOnError(error) {
+  if (error && typeof error === "object" && "digest" in error) {
+    return String(error.digest);
+  }
+
+  // In dev, detect the "Only plain objects" RSC serialization error and emit
+  // an actionable hint. This error occurs when a Server Component passes a
+  // class instance, ES module namespace object, or null-prototype object as a
+  // prop to a Client Component.
+  //
+  // Root cause: Vite bundles modules as true ESM (module namespace objects
+  // have a null-like internal slot), while Next.js's webpack build produces
+  // plain CJS-wrapped objects with __esModule:true. React's RSC serializer
+  // accepts the latter as plain objects but rejects the former — which means
+  // code that accidentally passes "import * as X" works in webpack/Next.js
+  // but correctly fails in vinext.
+  //
+  // Common triggers:
+  //   - "import * as utils from './utils'" passed as a prop
+  //   - class instances (new Foo()) passed as props
+  //   - Date / Map / Set instances passed as props
+  //   - Objects with Object.create(null) (null prototype)
+  if (
+    process.env.NODE_ENV !== "production" &&
+    error instanceof Error &&
+    error.message.includes("Only plain objects, and a few built-ins, can be passed to Client Components")
+  ) {
+    console.error(
+      "[vinext] RSC serialization error: a non-plain object was passed from a Server Component to a Client Component.\\n" +
+      "\\n" +
+      "Common causes:\\n" +
+      "  * Passing a module namespace (import * as X) directly as a prop.\\n" +
+      "    Unlike Next.js (webpack), Vite produces real ESM module namespace objects\\n" +
+      "    which are not serializable. Fix: pass individual values instead,\\n" +
+      "    e.g. <Comp value={module.value} />\\n" +
+      "  * Passing a class instance (new Foo()) as a prop.\\n" +
+      "    Fix: convert to a plain object, e.g. { id: foo.id, name: foo.name }\\n" +
+      "  * Passing a Date, Map, or Set. Use .toISOString(), [...map.entries()], etc.\\n" +
+      "  * Passing Object.create(null). Use { ...obj } to restore a prototype.\\n" +
+      "\\n" +
+      "Original error:",
+      error.message,
+    );
+    return undefined;
+  }
+
+  // In production, generate a digest hash for non-navigation errors
+  if (process.env.NODE_ENV === "production" && error) {
+    const msg = error instanceof Error ? error.message : String(error);
+    const stack = error instanceof Error ? (error.stack || "") : "";
+    return __errorDigest(msg + stack);
+  }
+  return undefined;
+}
+
+import * as mod_0 from "/tmp/test/app/page.tsx";
+import * as mod_1 from "/tmp/test/app/layout.tsx";
+import * as mod_2 from "/tmp/test/app/about/page.tsx";
+
+// Run instrumentation register() once at module evaluation time — before any
+// requests are handled. This runs inside the Worker process (or RSC environment),
+// which is exactly where request handling happens. Matches Next.js semantics:
+// register() is called once on startup in the process that handles requests.
+if (typeof _instrumentation.register === "function") {
+  await _instrumentation.register();
+}
+// Store the onRequestError handler on globalThis so it is visible to
+// reportRequestError() (imported as _reportRequestError above) regardless
+// of which Vite environment module graph it is called from. With
+// @vitejs/plugin-rsc the RSC and SSR environments run in the same Node.js
+// process and share globalThis. With @cloudflare/vite-plugin everything
+// runs inside the Worker so globalThis is the Worker's global — also correct.
+if (typeof _instrumentation.onRequestError === "function") {
+  globalThis.__VINEXT_onRequestErrorHandler__ = _instrumentation.onRequestError;
+}
+
+const routes = [
+  {
+    pattern: "/",
+    isDynamic: false,
+    params: [],
+    page: mod_0,
+    routeHandler: null,
+    layouts: [mod_1],
+    routeSegments: [],
+    layoutTreePositions: [0],
+    templates: [],
+    errors: [null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null],
+    forbidden: null,
+    unauthorized: null,
+  },
+  {
+    pattern: "/about",
+    isDynamic: false,
+    params: [],
+    page: mod_2,
+    routeHandler: null,
+    layouts: [mod_1],
+    routeSegments: ["about"],
+    layoutTreePositions: [0],
+    templates: [],
+    errors: [null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null],
+    forbidden: null,
+    unauthorized: null,
+  }
+];
+
+const metadataRoutes = [
+
+];
+
+const rootNotFoundModule = null;
+const rootForbiddenModule = null;
+const rootUnauthorizedModule = null;
+const rootLayouts = [mod_1];
+
+/**
+ * Render an HTTP access fallback page (not-found/forbidden/unauthorized) with layouts and noindex meta.
+ * Returns null if no matching component is available.
+ *
+ * @param opts.boundaryComponent - Override the boundary component (for layout-level notFound)
+ * @param opts.layouts - Override the layouts to wrap with (for layout-level notFound, excludes the throwing layout)
+ */
+async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, opts) {
+  // Determine which boundary component to use based on status code
+  let BoundaryComponent = opts?.boundaryComponent ?? null;
+  if (!BoundaryComponent) {
+    let boundaryModule;
+    if (statusCode === 403) {
+      boundaryModule = route?.forbidden ?? rootForbiddenModule;
+    } else if (statusCode === 401) {
+      boundaryModule = route?.unauthorized ?? rootUnauthorizedModule;
+    } else {
+      boundaryModule = route?.notFound ?? rootNotFoundModule;
+    }
+    BoundaryComponent = boundaryModule?.default ?? null;
+  }
+  const layouts = opts?.layouts ?? route?.layouts ?? rootLayouts;
+  if (!BoundaryComponent) return null;
+
+  // Resolve metadata and viewport from parent layouts so that not-found/error
+  // pages inherit title, description, OG tags etc. — matching Next.js behavior.
+  const metadataList = [];
+  const viewportList = [];
+  for (const layoutMod of layouts) {
+    if (layoutMod) {
+      const meta = await resolveModuleMetadata(layoutMod);
+      if (meta) metadataList.push(meta);
+      const vp = await resolveModuleViewport(layoutMod);
+      if (vp) viewportList.push(vp);
+    }
+  }
+  const resolvedMetadata = metadataList.length > 0 ? mergeMetadata(metadataList) : null;
+  const resolvedViewport = mergeViewport(viewportList);
+
+  // Build element: metadata head + noindex meta + boundary component wrapped in layouts
+  // Always include charset and default viewport for parity with Next.js.
+  const charsetMeta = createElement("meta", { charSet: "utf-8" });
+  const noindexMeta = createElement("meta", { name: "robots", content: "noindex" });
+  const headElements = [charsetMeta, noindexMeta];
+  if (resolvedMetadata) headElements.push(createElement(MetadataHead, { metadata: resolvedMetadata }));
+  headElements.push(createElement(ViewportHead, { viewport: resolvedViewport }));
+  let element = createElement(Fragment, null, ...headElements, createElement(BoundaryComponent));
+  if (isRscRequest) {
+    // For RSC requests (client-side navigation), wrap the element with the same
+    // component wrappers that buildPageElement() uses. Without these wrappers,
+    // React's reconciliation would see a mismatched tree structure between the
+    // old fiber tree (ErrorBoundary > LayoutSegmentProvider > html > body > NotFoundBoundary > ...)
+    // and the new tree (html > body > ...), causing it to destroy and recreate
+    // the entire DOM tree, resulting in a blank white page.
+    //
+    // We wrap each layout with LayoutSegmentProvider and add GlobalErrorBoundary
+    // to match the wrapping order in buildPageElement(), ensuring smooth
+    // client-side tree reconciliation.
+    const _treePositions = route?.layoutTreePositions;
+    const _routeSegs = route?.routeSegments || [];
+    const _fallbackParams = opts?.matchedParams ?? route?.params ?? {};
+    const _asyncFallbackParams = makeThenableParams(_fallbackParams);
+    for (let i = layouts.length - 1; i >= 0; i--) {
+      const LayoutComponent = layouts[i]?.default;
+      if (LayoutComponent) {
+        element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParams });
+        const _tp = _treePositions ? _treePositions[i] : 0;
+        const _cs = __resolveChildSegments(_routeSegs, _tp, _fallbackParams);
+        element = createElement(LayoutSegmentProvider, { childSegments: _cs }, element);
+      }
+    }
+    
+    const rscStream = renderToReadableStream(element, { onError: rscOnError });
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response(rscStream, {
+      status: statusCode,
+      headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+    });
+  }
+  // For HTML (full page load) responses, wrap with layouts only (no client-side
+  // wrappers needed since SSR generates the complete HTML document).
+  const _fallbackParamsHtml = opts?.matchedParams ?? route?.params ?? {};
+  const _asyncFallbackParamsHtml = makeThenableParams(_fallbackParamsHtml);
+  for (let i = layouts.length - 1; i >= 0; i--) {
+    const LayoutComponent = layouts[i]?.default;
+    if (LayoutComponent) {
+      element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParamsHtml });
+    }
+  }
+  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  // Collect font data from RSC environment
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+  const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+  const htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+  setHeadersContext(null);
+  setNavigationContext(null);
+  const _respHeaders = { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" };
+  const _linkParts = (fontData.preloads || []).map(function(p) { return "<" + p.href + ">; rel=preload; as=font; type=" + p.type + "; crossorigin"; });
+  if (_linkParts.length > 0) _respHeaders["Link"] = _linkParts.join(", ");
+  return new Response(htmlStream, {
+    status: statusCode,
+    headers: _respHeaders,
+  });
+}
+
+/** Convenience: render a not-found page (404) */
+async function renderNotFoundPage(route, isRscRequest, request, matchedParams) {
+  return renderHTTPAccessFallbackPage(route, 404, isRscRequest, request, { matchedParams });
+}
+
+/**
+ * Render an error.tsx boundary page when a server component or generateMetadata() throws.
+ * Returns null if no error boundary component is available for this route.
+ *
+ * Next.js returns HTTP 200 when error.tsx catches an error (the error is "handled"
+ * by the boundary). This matches that behavior intentionally.
+ */
+async function renderErrorBoundaryPage(route, error, isRscRequest, request, matchedParams) {
+  // Resolve the error boundary component: leaf error.tsx first, then walk per-layout
+  // errors from innermost to outermost (matching ancestor inheritance), then global-error.tsx.
+  let ErrorComponent = route?.error?.default ?? null;
+  if (!ErrorComponent && route?.errors) {
+    for (let i = route.errors.length - 1; i >= 0; i--) {
+      if (route.errors[i]?.default) {
+        ErrorComponent = route.errors[i].default;
+        break;
+      }
+    }
+  }
+  ErrorComponent = ErrorComponent;
+  if (!ErrorComponent) return null;
+
+  const rawError = error instanceof Error ? error : new Error(String(error));
+  // Sanitize the error in production to avoid leaking internal details
+  // (database errors, file paths, stack traces) through error.tsx to the client.
+  // In development, pass the original error for debugging.
+  const errorObj = __sanitizeErrorForClient(rawError);
+  // Only pass error — reset is a client-side concern (re-renders the segment) and
+  // can't be serialized through RSC. The error.tsx component will receive reset=undefined
+  // during SSR, which is fine — onClick={undefined} is harmless, and the real reset
+  // function is only meaningful after hydration.
+  let element = createElement(ErrorComponent, {
+    error: errorObj,
+  });
+  const layouts = route?.layouts ?? rootLayouts;
+  if (isRscRequest) {
+    // For RSC requests (client-side navigation), wrap with the same component
+    // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
+    // This ensures React can reconcile the tree without destroying the DOM.
+    // Same rationale as renderHTTPAccessFallbackPage — see comment there.
+    const _errTreePositions = route?.layoutTreePositions;
+    const _errRouteSegs = route?.routeSegments || [];
+    const _errParams = matchedParams ?? route?.params ?? {};
+    const _asyncErrParams = makeThenableParams(_errParams);
+    for (let i = layouts.length - 1; i >= 0; i--) {
+      const LayoutComponent = layouts[i]?.default;
+      if (LayoutComponent) {
+        element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
+        const _etp = _errTreePositions ? _errTreePositions[i] : 0;
+        const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
+        element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+      }
+    }
+    
+    const rscStream = renderToReadableStream(element, { onError: rscOnError });
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response(rscStream, {
+      status: 200,
+      headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+    });
+  }
+  // For HTML (full page load) responses, wrap with layouts only.
+  const _errParamsHtml = matchedParams ?? route?.params ?? {};
+  const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
+  for (let i = layouts.length - 1; i >= 0; i--) {
+    const LayoutComponent = layouts[i]?.default;
+    if (LayoutComponent) {
+      element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
+    }
+  }
+  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  // Collect font data from RSC environment so error pages include font styles
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+  const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+  const htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+  setHeadersContext(null);
+  setNavigationContext(null);
+  const _errHeaders = { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" };
+  const _errLinkParts = (fontData.preloads || []).map(function(p) { return "<" + p.href + ">; rel=preload; as=font; type=" + p.type + "; crossorigin"; });
+  if (_errLinkParts.length > 0) _errHeaders["Link"] = _errLinkParts.join(", ");
+  return new Response(htmlStream, {
+    status: 200,
+    headers: _errHeaders,
+  });
+}
+
+function matchRoute(url, routes) {
+  const pathname = url.split("?")[0];
+  let normalizedUrl = pathname === "/" ? "/" : pathname.replace(/\\/$/, "");
+   // NOTE: Do NOT decodeURIComponent here. The caller is responsible for decoding
+   // the pathname exactly once at the request entry point. Decoding again here
+   // would cause inconsistent path matching between middleware and routing.
+  for (const route of routes) {
+    const params = matchPattern(normalizedUrl, route.pattern);
+    if (params !== null) return { route, params };
+  }
+  return null;
+}
+
+function matchPattern(url, pattern) {
+  const urlParts = url.split("/").filter(Boolean);
+  const patternParts = pattern.split("/").filter(Boolean);
+  const params = Object.create(null);
+  for (let i = 0; i < patternParts.length; i++) {
+    const pp = patternParts[i];
+    if (pp.endsWith("+")) {
+      const paramName = pp.slice(1, -1);
+      const remaining = urlParts.slice(i);
+      if (remaining.length === 0) return null;
+      params[paramName] = remaining;
+      return params;
+    }
+    if (pp.endsWith("*")) {
+      const paramName = pp.slice(1, -1);
+      params[paramName] = urlParts.slice(i);
+      return params;
+    }
+    if (pp.startsWith(":")) {
+      if (i >= urlParts.length) return null;
+      params[pp.slice(1)] = urlParts[i];
+      continue;
+    }
+    if (i >= urlParts.length || urlParts[i] !== pp) return null;
+  }
+  if (urlParts.length !== patternParts.length) return null;
+  return params;
+}
+
+// Build a global intercepting route lookup for RSC navigation.
+// Maps target URL patterns to { sourceRouteIndex, slotName, interceptPage, params }.
+const interceptLookup = [];
+for (let ri = 0; ri < routes.length; ri++) {
+  const r = routes[ri];
+  if (!r.slots) continue;
+  for (const [slotName, slotMod] of Object.entries(r.slots)) {
+    if (!slotMod.intercepts) continue;
+    for (const intercept of slotMod.intercepts) {
+      interceptLookup.push({
+        sourceRouteIndex: ri,
+        slotName,
+        targetPattern: intercept.targetPattern,
+        page: intercept.page,
+        params: intercept.params,
+      });
+    }
+  }
+}
+
+/**
+ * Check if a pathname matches any intercepting route.
+ * Returns the match info or null.
+ */
+function findIntercept(pathname) {
+  for (const entry of interceptLookup) {
+    const params = matchPattern(pathname, entry.targetPattern);
+    if (params !== null) {
+      return { ...entry, matchedParams: params };
+    }
+  }
+  return null;
+}
+
+async function buildPageElement(route, params, opts, searchParams) {
+  const PageComponent = route.page?.default;
+  if (!PageComponent) {
+    return createElement("div", null, "Page has no default export");
+  }
+
+  // Resolve metadata and viewport from layouts and page
+  const metadataList = [];
+  const viewportList = [];
+  for (const layoutMod of route.layouts) {
+    if (layoutMod) {
+      const meta = await resolveModuleMetadata(layoutMod, params);
+      if (meta) metadataList.push(meta);
+      const vp = await resolveModuleViewport(layoutMod, params);
+      if (vp) viewportList.push(vp);
+    }
+  }
+  if (route.page) {
+    const pageMeta = await resolveModuleMetadata(route.page, params);
+    if (pageMeta) metadataList.push(pageMeta);
+    const pageVp = await resolveModuleViewport(route.page, params);
+    if (pageVp) viewportList.push(pageVp);
+  }
+  const resolvedMetadata = metadataList.length > 0 ? mergeMetadata(metadataList) : null;
+  const resolvedViewport = mergeViewport(viewportList);
+
+  // Build nested layout tree from outermost to innermost.
+  // Next.js 16 passes params/searchParams as Promises (async pattern)
+  // but pre-16 code accesses them as plain objects (params.id).
+  // makeThenableParams() normalises null-prototype + preserves both patterns.
+  const asyncParams = makeThenableParams(params);
+  const pageProps = { params: asyncParams };
+  if (searchParams) {
+    const spObj = {};
+    let hasSearchParams = false;
+    if (searchParams.forEach) searchParams.forEach(function(v, k) {
+      hasSearchParams = true;
+      if (k in spObj) {
+        // Multi-value: promote to array (Next.js returns string[] for duplicate keys)
+        spObj[k] = Array.isArray(spObj[k]) ? spObj[k].concat(v) : [spObj[k], v];
+      } else {
+        spObj[k] = v;
+      }
+    });
+    // If the URL has query parameters, mark the page as dynamic.
+    // In Next.js, only accessing the searchParams prop signals dynamic usage,
+    // but a Proxy-based approach doesn't work here because React's RSC debug
+    // serializer accesses properties on all props (e.g. $$typeof check in
+    // isClientReference), triggering the Proxy even when user code doesn't
+    // read searchParams. Checking for non-empty query params is a safe
+    // approximation: pages with query params in the URL are almost always
+    // dynamic, and this avoids false positives from React internals.
+    if (hasSearchParams) markDynamicUsage();
+    pageProps.searchParams = makeThenableParams(spObj);
+  }
+  let element = createElement(PageComponent, pageProps);
+
+  // Wrap page with empty segment provider so useSelectedLayoutSegments()
+  // returns [] when called from inside a page component (leaf node).
+  element = createElement(LayoutSegmentProvider, { childSegments: [] }, element);
+
+  // Add metadata + viewport head tags (React 19 hoists title/meta/link to <head>)
+  // Next.js always injects charset and default viewport even when no metadata/viewport
+  // is exported. We replicate that by always emitting these essential head elements.
+  {
+    const headElements = [];
+    // Always emit <meta charset="utf-8"> — Next.js includes this on every page
+    headElements.push(createElement("meta", { charSet: "utf-8" }));
+    if (resolvedMetadata) headElements.push(createElement(MetadataHead, { metadata: resolvedMetadata }));
+    headElements.push(createElement(ViewportHead, { viewport: resolvedViewport }));
+    element = createElement(Fragment, null, ...headElements, element);
+  }
+
+  // Wrap with loading.tsx Suspense if present
+  if (route.loading?.default) {
+    element = createElement(
+      Suspense,
+      { fallback: createElement(route.loading.default) },
+      element,
+    );
+  }
+
+  // Wrap with the leaf's error.tsx ErrorBoundary if it's not already covered
+  // by a per-layout error boundary (i.e., the leaf has error.tsx but no layout).
+  // Per-layout error boundaries are interleaved with layouts below.
+  {
+    const lastLayoutError = route.errors ? route.errors[route.errors.length - 1] : null;
+    if (route.error?.default && route.error !== lastLayoutError) {
+      element = createElement(ErrorBoundary, {
+        fallback: route.error.default,
+        children: element,
+      });
+    }
+  }
+
+  // Wrap with NotFoundBoundary so client-side notFound() renders not-found.tsx
+  // instead of crashing the React tree. Must be above ErrorBoundary since
+  // ErrorBoundary re-throws notFound errors.
+  // Pre-render the not-found component as a React element since it may be a
+  // server component (not a client reference) and can't be passed as a function prop.
+  {
+    const NotFoundComponent = route.notFound?.default ?? null;
+    if (NotFoundComponent) {
+      element = createElement(NotFoundBoundary, {
+        fallback: createElement(NotFoundComponent),
+        children: element,
+      });
+    }
+  }
+
+  // Wrap with templates (innermost first, then outer)
+  // Templates are like layouts but re-mount on navigation (client-side concern).
+  // On the server, they just wrap the content like layouts do.
+  if (route.templates) {
+    for (let i = route.templates.length - 1; i >= 0; i--) {
+      const TemplateComponent = route.templates[i]?.default;
+      if (TemplateComponent) {
+        element = createElement(TemplateComponent, { children: element, params });
+      }
+    }
+  }
+
+  // Wrap with layouts (innermost first, then outer).
+  // At each layout level, first wrap with that level's error boundary (if any)
+  // so the boundary is inside the layout and catches errors from children.
+  // This matches Next.js behavior: Layout > ErrorBoundary > children.
+  // Parallel slots are passed as named props to the innermost layout
+  // (the layout at the same directory level as the page/slots)
+  for (let i = route.layouts.length - 1; i >= 0; i--) {
+    // Wrap with per-layout error boundary before wrapping with layout.
+    // This places the ErrorBoundary inside the layout, catching errors
+    // from child segments (matching Next.js per-segment error handling).
+    if (route.errors && route.errors[i]?.default) {
+      element = createElement(ErrorBoundary, {
+        fallback: route.errors[i].default,
+        children: element,
+      });
+    }
+
+    const LayoutComponent = route.layouts[i]?.default;
+    if (LayoutComponent) {
+      // Per-layout NotFoundBoundary: wraps this layout's children so that
+      // notFound() thrown from a child layout is caught here.
+      // Matches Next.js behavior where each segment has its own boundary.
+      // The boundary at level N catches errors from Layout[N+1] and below,
+      // but NOT from Layout[N] itself (which propagates to level N-1).
+      {
+        const LayoutNotFound = route.notFounds?.[i]?.default;
+        if (LayoutNotFound) {
+          element = createElement(NotFoundBoundary, {
+            fallback: createElement(LayoutNotFound),
+            children: element,
+          });
+        }
+      }
+
+      const layoutProps = { children: element, params: makeThenableParams(params) };
+
+      // Add parallel slot elements to the layout that defines them.
+      // Each slot has a layoutIndex indicating which layout it belongs to.
+      if (route.slots) {
+        for (const [slotName, slotMod] of Object.entries(route.slots)) {
+          // Attach slot to the layout at its layoutIndex, or to the innermost layout if -1
+          const targetIdx = slotMod.layoutIndex >= 0 ? slotMod.layoutIndex : route.layouts.length - 1;
+          if (i !== targetIdx) continue;
+          // Check if this slot has an intercepting route that should activate
+          let SlotPage = null;
+          let slotParams = params;
+
+          if (opts && opts.interceptSlot === slotName && opts.interceptPage) {
+            // Use the intercepting route's page component
+            SlotPage = opts.interceptPage.default;
+            slotParams = opts.interceptParams || params;
+          } else {
+            SlotPage = slotMod.page?.default || slotMod.default?.default;
+          }
+
+          if (SlotPage) {
+            let slotElement = createElement(SlotPage, { params: makeThenableParams(slotParams) });
+            // Wrap with slot-specific layout if present.
+            // In Next.js, @slot/layout.tsx wraps the slot's page content
+            // before it is passed as a prop to the parent layout.
+            const SlotLayout = slotMod.layout?.default;
+            if (SlotLayout) {
+              slotElement = createElement(SlotLayout, {
+                children: slotElement,
+                params: makeThenableParams(slotParams),
+              });
+            }
+            // Wrap with slot-specific loading if present
+            if (slotMod.loading?.default) {
+              slotElement = createElement(Suspense,
+                { fallback: createElement(slotMod.loading.default) },
+                slotElement,
+              );
+            }
+            // Wrap with slot-specific error boundary if present
+            if (slotMod.error?.default) {
+              slotElement = createElement(ErrorBoundary, {
+                fallback: slotMod.error.default,
+                children: slotElement,
+              });
+            }
+            layoutProps[slotName] = slotElement;
+          }
+        }
+      }
+
+      element = createElement(LayoutComponent, layoutProps);
+
+      // Wrap the layout with LayoutSegmentProvider so useSelectedLayoutSegments()
+      // called INSIDE this layout gets the correct child segments. We resolve the
+      // route tree segments using actual param values and pass them through context.
+      // We wrap the layout (not just children) because hooks are called from
+      // components rendered inside the layout's own JSX.
+      const treePos = route.layoutTreePositions ? route.layoutTreePositions[i] : 0;
+      const childSegs = __resolveChildSegments(route.routeSegments || [], treePos, params);
+      element = createElement(LayoutSegmentProvider, { childSegments: childSegs }, element);
+    }
+  }
+
+  // Wrap with global error boundary if app/global-error.tsx exists.
+  // This catches errors in the root layout itself.
+  
+
+  return element;
+}
+
+
+
+const __basePath = "";
+const __trailingSlash = false;
+const __configRedirects = [];
+const __configRewrites = {"beforeFiles":[],"afterFiles":[],"fallback":[]};
+const __configHeaders = [];
+const __allowedOrigins = [];
+
+
+// ── Dev server origin verification ──────────────────────────────────────
+// Block cross-origin requests to prevent data exfiltration during development.
+const __allowedDevOrigins = [];
+const __safeDevHosts = ["localhost", "127.0.0.1", "[::1]"];
+
+function __validateDevRequestOrigin(request) {
+  // Check Sec-Fetch headers (catches <script> tag exfiltration)
+  if (request.headers.get("sec-fetch-mode") === "no-cors" &&
+      request.headers.get("sec-fetch-site") === "cross-site") {
+    console.warn("[vinext] Blocked cross-site no-cors request to " + new URL(request.url).pathname);
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  const origin = request.headers.get("origin");
+  if (!origin || origin === "null") return null;
+
+  let originHostname;
+  try {
+    originHostname = new URL(origin).hostname.toLowerCase();
+  } catch {
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  // Allow localhost, 127.0.0.1, [::1], and *.localhost
+  if (__safeDevHosts.includes(originHostname) || originHostname.endsWith(".localhost")) return null;
+
+  // Same-origin: compare against Host header
+  const hostHeader = (request.headers.get("x-forwarded-host") || request.headers.get("host") || "").split(",")[0].trim().split(":")[0].toLowerCase();
+  if (hostHeader && originHostname === hostHeader) return null;
+
+  // Check user-configured allowed origins
+  for (const pattern of __allowedDevOrigins) {
+    if (pattern.startsWith("*.")) {
+      const suffix = pattern.slice(1);
+      if (originHostname === pattern.slice(2) || originHostname.endsWith(suffix)) return null;
+    } else if (originHostname === pattern) {
+      return null;
+    }
+  }
+
+  console.warn(
+    \`[vinext] Blocked cross-origin request from "\${origin}" to \${new URL(request.url).pathname}. \` +
+    \`To allow this origin, add it to allowedDevOrigins in next.config.js.\`
+  );
+  return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+}
+
+
+// ── CSRF origin validation for server actions ───────────────────────────
+// Matches Next.js behavior: compare the Origin header against the Host header.
+// If they don't match, the request is rejected with 403 unless the origin is
+// in the allowedOrigins list (from experimental.serverActions.allowedOrigins).
+function __isOriginAllowed(origin, allowed) {
+  for (const pattern of allowed) {
+    if (pattern.startsWith("*.")) {
+      // Wildcard: *.example.com matches sub.example.com, a.b.example.com
+      const suffix = pattern.slice(1); // ".example.com"
+      if (origin === pattern.slice(2) || origin.endsWith(suffix)) return true;
+    } else if (origin === pattern) {
+      return true;
+    }
+  }
+  return false;
+}
+
+function __validateCsrfOrigin(request) {
+  const originHeader = request.headers.get("origin");
+  // If there's no Origin header, allow the request — same-origin requests
+  // from non-fetch navigations (e.g. SSR) may lack an Origin header.
+  // The x-rsc-action custom header already provides protection against simple
+  // form-based CSRF since custom headers can't be set by cross-origin forms.
+  if (!originHeader || originHeader === "null") return null;
+
+  let originHost;
+  try {
+    originHost = new URL(originHeader).host.toLowerCase();
+  } catch {
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  // Only use the Host header for origin comparison — never trust
+  // X-Forwarded-Host here, since it can be freely set by the client
+  // and would allow the check to be bypassed if it matched a spoofed
+  // Origin. The prod server's resolveHost() handles trusted proxy
+  // scenarios separately.
+  const hostHeader = (
+    request.headers.get("host") ||
+    ""
+  ).split(",")[0].trim().toLowerCase();
+
+  if (!hostHeader) return null;
+
+  // Same origin — allow
+  if (originHost === hostHeader) return null;
+
+  // Check allowedOrigins from next.config.js
+  if (__allowedOrigins.length > 0 && __isOriginAllowed(originHost, __allowedOrigins)) return null;
+
+  console.warn(
+    \`[vinext] CSRF origin mismatch: origin "\${originHost}" does not match host "\${hostHeader}". Blocking server action request.\`
+  );
+  return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+}
+
+// ── ReDoS-safe regex compilation ────────────────────────────────────────
+
+function __isSafeRegex(pattern) {
+  const quantifierAtDepth = [];
+  let depth = 0;
+  let i = 0;
+  while (i < pattern.length) {
+    const ch = pattern[i];
+    if (ch === "\\\\") { i += 2; continue; }
+    if (ch === "[") {
+      i++;
+      while (i < pattern.length && pattern[i] !== "]") {
+        if (pattern[i] === "\\\\") i++;
+        i++;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "(") {
+      depth++;
+      if (quantifierAtDepth.length <= depth) quantifierAtDepth.push(false);
+      else quantifierAtDepth[depth] = false;
+      i++;
+      continue;
+    }
+    if (ch === ")") {
+      const hadQ = depth > 0 && quantifierAtDepth[depth];
+      if (depth > 0) depth--;
+      const next = pattern[i + 1];
+      if (next === "+" || next === "*" || next === "{") {
+        if (hadQ) return false;
+        if (depth >= 0 && depth < quantifierAtDepth.length) quantifierAtDepth[depth] = true;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "+" || ch === "*") {
+      if (depth > 0) quantifierAtDepth[depth] = true;
+      i++;
+      continue;
+    }
+    if (ch === "?") {
+      const prev = i > 0 ? pattern[i - 1] : "";
+      if (prev !== "+" && prev !== "*" && prev !== "?" && prev !== "}") {
+        if (depth > 0) quantifierAtDepth[depth] = true;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "{") {
+      let j = i + 1;
+      while (j < pattern.length && /[\\d,]/.test(pattern[j])) j++;
+      if (j < pattern.length && pattern[j] === "}" && j > i + 1) {
+        if (depth > 0) quantifierAtDepth[depth] = true;
+        i = j + 1;
+        continue;
+      }
+    }
+    i++;
+  }
+  return true;
+}
+function __safeRegExp(pattern, flags) {
+  if (!__isSafeRegex(pattern)) {
+    console.warn("[vinext] Ignoring potentially unsafe regex pattern (ReDoS risk): " + pattern);
+    return null;
+  }
+  try { return new RegExp(pattern, flags); } catch { return null; }
+}
+
+// ── Path normalization ──────────────────────────────────────────────────
+
+function __normalizePath(pathname) {
+  if (
+    pathname === "/" ||
+    (pathname.length > 1 &&
+      pathname[0] === "/" &&
+      !pathname.includes("//") &&
+      !pathname.includes("/./") &&
+      !pathname.includes("/../") &&
+      !pathname.endsWith("/.") &&
+      !pathname.endsWith("/.."))
+  ) {
+    return pathname;
+  }
+  const segments = pathname.split("/");
+  const resolved = [];
+  for (let i = 0; i < segments.length; i++) {
+    const seg = segments[i];
+    if (seg === "" || seg === ".") continue;
+    if (seg === "..") { resolved.pop(); }
+    else { resolved.push(seg); }
+  }
+  return "/" + resolved.join("/");
+}
+
+// ── Config pattern matching (redirects, rewrites, headers) ──────────────
+function __matchConfigPattern(pathname, pattern) {
+  if (pattern.includes("(") || pattern.includes("\\\\") || /:[\\w-]+[*+][^/]/.test(pattern) || /:[\\w-]+\\./.test(pattern)) {
+    try {
+      const paramNames = [];
+      const regexStr = pattern
+        .replace(/\\./g, "\\\\.")
+        .replace(/:([\\w-]+)\\*(?:\\(([^)]+)\\))?/g, (_, name, c) => { paramNames.push(name); return c ? "(" + c + ")" : "(.*)"; })
+        .replace(/:([\\w-]+)\\+(?:\\(([^)]+)\\))?/g, (_, name, c) => { paramNames.push(name); return c ? "(" + c + ")" : "(.+)"; })
+        .replace(/:([\\w-]+)\\(([^)]+)\\)/g, (_, name, c) => { paramNames.push(name); return "(" + c + ")"; })
+        .replace(/:([\\w-]+)/g, (_, name) => { paramNames.push(name); return "([^/]+)"; });
+      const re = __safeRegExp("^" + regexStr + "$");
+      if (!re) return null;
+      const match = re.exec(pathname);
+      if (!match) return null;
+      const params = Object.create(null);
+      for (let i = 0; i < paramNames.length; i++) params[paramNames[i]] = match[i + 1] || "";
+      return params;
+    } catch { /* fall through */ }
+  }
+  const catchAllMatch = pattern.match(/:([\\w-]+)(\\*|\\+)$/);
+  if (catchAllMatch) {
+    const prefix = pattern.slice(0, pattern.lastIndexOf(":"));
+    const paramName = catchAllMatch[1];
+    const isPlus = catchAllMatch[2] === "+";
+    if (!pathname.startsWith(prefix.replace(/\\/$/, ""))) return null;
+    const rest = pathname.slice(prefix.replace(/\\/$/, "").length);
+    if (isPlus && (!rest || rest === "/")) return null;
+    let restValue = rest.startsWith("/") ? rest.slice(1) : rest;
+     // NOTE: Do NOT decodeURIComponent here. The pathname is already decoded at
+     // the request entry point. Decoding again would produce incorrect param values.
+    return { [paramName]: restValue };
+  }
+  const parts = pattern.split("/");
+  const pathParts = pathname.split("/");
+  if (parts.length !== pathParts.length) return null;
+  const params = Object.create(null);
+  for (let i = 0; i < parts.length; i++) {
+    if (parts[i].startsWith(":")) params[parts[i].slice(1)] = pathParts[i];
+    else if (parts[i] !== pathParts[i]) return null;
+  }
+  return params;
+}
+
+function __parseCookies(cookieHeader) {
+  if (!cookieHeader) return {};
+  const cookies = {};
+  for (const part of cookieHeader.split(";")) {
+    const eq = part.indexOf("=");
+    if (eq === -1) continue;
+    const key = part.slice(0, eq).trim();
+    const value = part.slice(eq + 1).trim();
+    if (key) cookies[key] = value;
+  }
+  return cookies;
+}
+
+function __checkSingleCondition(condition, ctx) {
+  switch (condition.type) {
+    case "header": {
+      const v = ctx.headers.get(condition.key);
+      if (v === null) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "cookie": {
+      const v = ctx.cookies[condition.key];
+      if (v === undefined) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "query": {
+      const v = ctx.query.get(condition.key);
+      if (v === null) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "host": {
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(ctx.host) : ctx.host === condition.value; }
+      return ctx.host === condition.key;
+    }
+    default: return false;
+  }
+}
+
+function __checkHasConditions(has, missing, ctx) {
+  if (has) { for (const c of has) { if (!__checkSingleCondition(c, ctx)) return false; } }
+  if (missing) { for (const c of missing) { if (__checkSingleCondition(c, ctx)) return false; } }
+  return true;
+}
+
+function __buildRequestContext(request) {
+  const url = new URL(request.url);
+  return {
+    headers: request.headers,
+    cookies: __parseCookies(request.headers.get("cookie")),
+    query: url.searchParams,
+    host: request.headers.get("host") || url.host,
+  };
+}
+
+/**
+ * Build a request context from the live ALS HeadersContext, which reflects
+ * any x-middleware-request-* header mutations applied by middleware.
+ * Used for afterFiles and fallback rewrite has/missing evaluation — these
+ * run after middleware in the App Router execution order.
+ */
+function __buildPostMwRequestContext(request) {
+  const url = new URL(request.url);
+  const ctx = getHeadersContext();
+  if (!ctx) return __buildRequestContext(request);
+  // ctx.cookies is a Map<string, string> (HeadersContext), but RequestContext
+  // requires a plain Record<string, string> for has/missing cookie evaluation
+  // (config-matchers.ts uses obj[key] not Map.get()). Convert here.
+  const cookiesRecord = Object.fromEntries(ctx.cookies);
+  return {
+    headers: ctx.headers,
+    cookies: cookiesRecord,
+    query: url.searchParams,
+    host: ctx.headers.get("host") || url.host,
+  };
+}
+
+function __sanitizeDestination(dest) {
+  if (dest.startsWith("http://") || dest.startsWith("https://")) return dest;
+  dest = dest.replace(/^[\\\\/]+/, "/");
+  return dest;
+}
+
+function __applyConfigRedirects(pathname, ctx) {
+  for (const rule of __configRedirects) {
+    const params = __matchConfigPattern(pathname, rule.source);
+    if (params) {
+      if (ctx && (rule.has || rule.missing)) { if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue; }
+      let dest = rule.destination;
+      for (const [key, value] of Object.entries(params)) { dest = dest.replace(":" + key + "*", value); dest = dest.replace(":" + key + "+", value); dest = dest.replace(":" + key, value); }
+      dest = __sanitizeDestination(dest);
+      return { destination: dest, permanent: rule.permanent };
+    }
+  }
+  return null;
+}
+
+function __applyConfigRewrites(pathname, rules, ctx) {
+  for (const rule of rules) {
+    const params = __matchConfigPattern(pathname, rule.source);
+    if (params) {
+      if (ctx && (rule.has || rule.missing)) { if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue; }
+      let dest = rule.destination;
+      for (const [key, value] of Object.entries(params)) { dest = dest.replace(":" + key + "*", value); dest = dest.replace(":" + key + "+", value); dest = dest.replace(":" + key, value); }
+      dest = __sanitizeDestination(dest);
+      return dest;
+    }
+  }
+  return null;
+}
+
+function __isExternalUrl(url) {
+  return /^[a-z][a-z0-9+.-]*:/i.test(url) || url.startsWith("//");
+}
+
+/**
+ * Maximum server-action request body size (1 MB).
+ * Matches the Next.js default for serverActions.bodySizeLimit.
+ * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/serverActions#bodysizelimit
+ * Prevents unbounded request body buffering.
+ */
+var __MAX_ACTION_BODY_SIZE = 1 * 1024 * 1024;
+
+/**
+ * Read a request body as text with a size limit.
+ * Enforces the limit on the actual byte stream to prevent bypasses
+ * via chunked transfer-encoding where Content-Length is absent or spoofed.
+ */
+async function __readBodyWithLimit(request, maxBytes) {
+  if (!request.body) return "";
+  var reader = request.body.getReader();
+  var decoder = new TextDecoder();
+  var chunks = [];
+  var totalSize = 0;
+  for (;;) {
+    var result = await reader.read();
+    if (result.done) break;
+    totalSize += result.value.byteLength;
+    if (totalSize > maxBytes) {
+      reader.cancel();
+      throw new Error("Request body too large");
+    }
+    chunks.push(decoder.decode(result.value, { stream: true }));
+  }
+  chunks.push(decoder.decode());
+  return chunks.join("");
+}
+
+/**
+ * Read a request body as FormData with a size limit.
+ * Consumes the body stream with a byte counter and then parses the
+ * collected bytes as multipart form data via the Response constructor.
+ */
+async function __readFormDataWithLimit(request, maxBytes) {
+  if (!request.body) return new FormData();
+  var reader = request.body.getReader();
+  var chunks = [];
+  var totalSize = 0;
+  for (;;) {
+    var result = await reader.read();
+    if (result.done) break;
+    totalSize += result.value.byteLength;
+    if (totalSize > maxBytes) {
+      reader.cancel();
+      throw new Error("Request body too large");
+    }
+    chunks.push(result.value);
+  }
+  // Reconstruct a Response with the original Content-Type so that
+  // the FormData parser can handle multipart boundaries correctly.
+  var combined = new Uint8Array(totalSize);
+  var offset = 0;
+  for (var chunk of chunks) {
+    combined.set(chunk, offset);
+    offset += chunk.byteLength;
+  }
+  var contentType = request.headers.get("content-type") || "";
+  return new Response(combined, { headers: { "Content-Type": contentType } }).formData();
+}
+
+const __hopByHopHeaders = new Set(["connection","keep-alive","proxy-authenticate","proxy-authorization","te","trailers","transfer-encoding","upgrade"]);
+
+async function __proxyExternalRequest(request, externalUrl) {
+  const originalUrl = new URL(request.url);
+  const targetUrl = new URL(externalUrl);
+  for (const [key, value] of originalUrl.searchParams) {
+    if (!targetUrl.searchParams.has(key)) targetUrl.searchParams.set(key, value);
+  }
+  const headers = new Headers(request.headers);
+  headers.set("host", targetUrl.host);
+  headers.delete("connection");
+  for (const key of [...headers.keys()]) {
+    if (key.startsWith("x-middleware-")) headers.delete(key);
+  }
+  const method = request.method;
+  const hasBody = method !== "GET" && method !== "HEAD";
+  const init = { method, headers, redirect: "manual", signal: AbortSignal.timeout(30000) };
+  if (hasBody && request.body) { init.body = request.body; init.duplex = "half"; }
+  let upstream;
+  try { upstream = await fetch(targetUrl.href, init); }
+  catch (e) {
+    if (e && e.name === "TimeoutError") return new Response("Gateway Timeout", { status: 504 });
+    console.error("[vinext] External rewrite proxy error:", e); return new Response("Bad Gateway", { status: 502 });
+  }
+  const respHeaders = new Headers();
+  // Node.js fetch() auto-decompresses response bodies, while Workers fetch()
+  // preserves wire encoding. Only strip encoding/length on Node.js to avoid
+  // double-decompression errors without breaking Workers parity.
+  const __isNodeRuntime = typeof process !== "undefined" && !!(process.versions && process.versions.node);
+  upstream.headers.forEach(function(value, key) {
+    var lower = key.toLowerCase();
+    if (__hopByHopHeaders.has(lower)) return;
+    if (__isNodeRuntime && (lower === "content-encoding" || lower === "content-length")) return;
+    respHeaders.append(key, value);
+  });
+  return new Response(upstream.body, { status: upstream.status, statusText: upstream.statusText, headers: respHeaders });
+}
+
+function __applyConfigHeaders(pathname, ctx) {
+  const result = [];
+  for (const rule of __configHeaders) {
+    const groups = [];
+    const withPlaceholders = rule.source.replace(/\\(([^)]+)\\)/g, (_, inner) => {
+      groups.push(inner);
+      return "___GROUP_" + (groups.length - 1) + "___";
+    });
+    const escaped = withPlaceholders
+      .replace(/\\./g, "\\\\.")
+      .replace(/\\+/g, "\\\\+")
+      .replace(/\\?/g, "\\\\?")
+      .replace(/\\*/g, ".*")
+      .replace(/:[\\w-]+/g, "[^/]+")
+      .replace(/___GROUP_(\\d+)___/g, (_, idx) => "(" + groups[Number(idx)] + ")");
+    const sourceRegex = __safeRegExp("^" + escaped + "$");
+    if (sourceRegex && sourceRegex.test(pathname)) {
+      if (ctx && (rule.has || rule.missing)) {
+        if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue;
+      }
+      result.push(...rule.headers);
+    }
+  }
+  return result;
+}
+
+export default async function handler(request) {
+  // Wrap the entire request in nested AsyncLocalStorage.run() scopes to ensure
+  // per-request isolation for all state modules. Each runWith*() creates an
+  // ALS scope that propagates through all async continuations (including RSC
+  // streaming), preventing state leakage between concurrent requests on
+  // Cloudflare Workers and other concurrent runtimes.
+  const headersCtx = headersContextFromRequest(request);
+  return runWithHeadersContext(headersCtx, () =>
+    _runWithNavigationContext(() =>
+      _runWithCacheState(() =>
+        _runWithPrivateCache(() =>
+          runWithFetchCache(async () => {
+            const __reqCtx = __buildRequestContext(request);
+            // Per-request container for middleware state. Passed into
+            // _handleRequest which fills in .headers and .status;
+            // avoids module-level variables that race on Workers.
+            const _mwCtx = { headers: null, status: null };
+            const response = await _handleRequest(request, __reqCtx, _mwCtx);
+            // Apply custom headers from next.config.js to non-redirect responses.
+            // Skip redirects (3xx) because Response.redirect() creates immutable headers,
+            // and Next.js doesn't apply custom headers to redirects anyway.
+            if (response && response.headers && !(response.status >= 300 && response.status < 400)) {
+              if (__configHeaders.length) {
+                const url = new URL(request.url);
+                let pathname;
+                try { pathname = __normalizePath(decodeURIComponent(url.pathname)); } catch { pathname = url.pathname; }
+                
+                const extraHeaders = __applyConfigHeaders(pathname, __reqCtx);
+                for (const h of extraHeaders) {
+                  // Use append() for headers where multiple values must coexist
+                  // (Vary, Set-Cookie). Using set() on these would destroy
+                  // existing values like "Vary: RSC, Accept" which are critical
+                  // for correct CDN caching behavior.
+                  const lk = h.key.toLowerCase();
+                  if (lk === "vary" || lk === "set-cookie") {
+                    response.headers.append(h.key, h.value);
+                  } else if (!response.headers.has(lk)) {
+                    // Middleware headers take precedence: skip config keys already
+                    // set by middleware so middleware headers always win.
+                    response.headers.set(h.key, h.value);
+                  }
+                }
+              }
+            }
+            return response;
+          })
+        )
+      )
+    )
+  );
+}
+
+async function _handleRequest(request, __reqCtx, _mwCtx) {
+  const __reqStart = process.env.NODE_ENV !== "production" ? performance.now() : 0;
+  let __compileEnd;
+  let __renderEnd;
+  // __reqStart is included in the timing header so the Node logging middleware
+  // can compute true compile time as: handlerStart - middlewareStart.
+  // Format: "handlerStart,compileMs,renderMs" - all as integers (ms). Dev-only.
+  const url = new URL(request.url);
+
+  // ── Cross-origin request protection ─────────────────────────────────
+  // Block requests from non-localhost origins to prevent data exfiltration.
+  const __originBlock = __validateDevRequestOrigin(request);
+  if (__originBlock) return __originBlock;
+
+  // Guard against protocol-relative URL open redirects.
+  // Paths like //example.com/ would be redirected to //example.com by the
+  // trailing-slash normalizer, which browsers interpret as http://example.com.
+  // Backslashes are equivalent to forward slashes in the URL spec
+  // (e.g. /\\evil.com is treated as //evil.com by browsers and the URL constructor).
+  // Next.js returns 404 for these paths. Check the RAW pathname before
+  // normalization so the guard fires before normalizePath collapses //.
+  if (url.pathname.replaceAll("\\\\", "/").startsWith("//")) {
+    return new Response("404 Not Found", { status: 404 });
+  }
+
+  // Decode percent-encoding and normalize pathname to canonical form.
+  // decodeURIComponent prevents /%61dmin from bypassing /admin matchers.
+  // __normalizePath collapses //foo///bar → /foo/bar, resolves . and .. segments.
+  let decodedUrlPathname;
+  try { decodedUrlPathname = decodeURIComponent(url.pathname); } catch (e) {
+    return new Response("Bad Request", { status: 400 });
+  }
+  let pathname = __normalizePath(decodedUrlPathname);
+
+  
+
+  // Trailing slash normalization (redirect to canonical form)
+  if (pathname !== "/" && !pathname.startsWith("/api")) {
+    const hasTrailing = pathname.endsWith("/");
+    if (__trailingSlash && !hasTrailing && !pathname.endsWith(".rsc")) {
+      return Response.redirect(new URL(__basePath + pathname + "/" + url.search, request.url), 308);
+    } else if (!__trailingSlash && hasTrailing) {
+      return Response.redirect(new URL(__basePath + pathname.replace(/\\/+$/, "") + url.search, request.url), 308);
+    }
+  }
+
+  // ── Apply redirects from next.config.js ───────────────────────────────
+  if (__configRedirects.length) {
+    // Strip .rsc suffix before matching redirect rules - RSC (client-side nav) requests
+    // arrive as /some/path.rsc but redirect patterns are defined without it (e.g.
+    // /some/path). Without this, soft-nav fetches bypass all config redirects.
+    const __redirPathname = pathname.endsWith(".rsc") ? pathname.slice(0, -4) : pathname;
+    const __redir = __applyConfigRedirects(__redirPathname, __reqCtx);
+    if (__redir) {
+      const __redirDest = __sanitizeDestination(
+        __basePath && !__redir.destination.startsWith(__basePath)
+          ? __basePath + __redir.destination
+          : __redir.destination
+      );
+      return new Response(null, {
+        status: __redir.permanent ? 308 : 307,
+        headers: { Location: __redirDest },
+      });
+    }
+  }
+
+  const isRscRequest = pathname.endsWith(".rsc") || request.headers.get("accept")?.includes("text/x-component");
+  let cleanPathname = pathname.replace(/\\.rsc$/, "");
+
+  // Middleware response headers and custom rewrite status are stored in
+  // _mwCtx (per-request container) so handler() can merge them into
+  // every response path without module-level state that races on Workers.
+
+  
+
+  // Build post-middleware request context for afterFiles/fallback rewrites.
+  // These run after middleware in the App Router execution order and should
+  // evaluate has/missing conditions against middleware-modified headers.
+  // When no middleware is present, this falls back to __buildRequestContext.
+  const __postMwReqCtx = __buildPostMwRequestContext(request);
+
+  // ── Apply beforeFiles rewrites from next.config.js ────────────────────
+  // In App Router execution order, beforeFiles runs after middleware so that
+  // has/missing conditions can evaluate against middleware-modified headers.
+  if (__configRewrites.beforeFiles && __configRewrites.beforeFiles.length) {
+    const __rewritten = __applyConfigRewrites(cleanPathname, __configRewrites.beforeFiles, __postMwReqCtx);
+    if (__rewritten) {
+      if (__isExternalUrl(__rewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __rewritten);
+      }
+      cleanPathname = __rewritten;
+    }
+  }
+
+  // ── Image optimization passthrough (dev mode — no transformation) ───────
+  if (cleanPathname === "/_vinext/image") {
+    const __rawImgUrl = url.searchParams.get("url");
+    // Normalize backslashes: browsers and the URL constructor treat
+    // /\\evil.com as protocol-relative (//evil.com), bypassing the // check.
+    const __imgUrl = __rawImgUrl?.replaceAll("\\\\", "/") ?? null;
+    // Allowlist: must start with "/" but not "//" — blocks absolute URLs,
+    // protocol-relative, backslash variants, and exotic schemes.
+    if (!__imgUrl || !__imgUrl.startsWith("/") || __imgUrl.startsWith("//")) {
+      return new Response(!__rawImgUrl ? "Missing url parameter" : "Only relative URLs allowed", { status: 400 });
+    }
+    // Validate the constructed URL's origin hasn't changed (defense in depth).
+    const __resolvedImg = new URL(__imgUrl, request.url);
+    if (__resolvedImg.origin !== url.origin) {
+      return new Response("Only relative URLs allowed", { status: 400 });
+    }
+    // In dev, redirect to the original asset URL so Vite's static serving handles it.
+    return Response.redirect(__resolvedImg.href, 302);
+  }
+
+  // Handle metadata routes (sitemap.xml, robots.txt, manifest.webmanifest, etc.)
+  for (const metaRoute of metadataRoutes) {
+    if (cleanPathname === metaRoute.servedUrl) {
+      if (metaRoute.isDynamic) {
+        // Dynamic metadata route — call the default export and serialize
+        const metaFn = metaRoute.module.default;
+        if (typeof metaFn === "function") {
+          const result = await metaFn();
+          let body;
+          // If it's already a Response (e.g., ImageResponse), return directly
+          if (result instanceof Response) return result;
+          // Serialize based on type
+          if (metaRoute.type === "sitemap") body = sitemapToXml(result);
+          else if (metaRoute.type === "robots") body = robotsToText(result);
+          else if (metaRoute.type === "manifest") body = manifestToJson(result);
+          else body = JSON.stringify(result);
+          return new Response(body, {
+            headers: { "Content-Type": metaRoute.contentType },
+          });
+        }
+      } else {
+        // Static metadata file — decode from embedded base64 data
+        try {
+          const binary = atob(metaRoute.fileDataBase64);
+          const bytes = new Uint8Array(binary.length);
+          for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+          return new Response(bytes, {
+            headers: {
+              "Content-Type": metaRoute.contentType,
+              "Cache-Control": "public, max-age=0, must-revalidate",
+            },
+          });
+        } catch {
+          return new Response("Not Found", { status: 404 });
+        }
+      }
+    }
+  }
+
+  // Set navigation context for Server Components.
+  // Note: Headers context is already set by runWithHeadersContext in the handler wrapper.
+  setNavigationContext({
+    pathname: cleanPathname,
+    searchParams: url.searchParams,
+    params: {},
+  });
+
+  // Handle server action POST requests
+  const actionId = request.headers.get("x-rsc-action");
+  if (request.method === "POST" && actionId) {
+    // ── CSRF protection ─────────────────────────────────────────────────
+    // Verify that the Origin header matches the Host header to prevent
+    // cross-site request forgery, matching Next.js server action behavior.
+    const csrfResponse = __validateCsrfOrigin(request);
+    if (csrfResponse) return csrfResponse;
+
+    // ── Body size limit ─────────────────────────────────────────────────
+    // Reject payloads larger than the configured limit.
+    // Check Content-Length as a fast path, then enforce on the actual
+    // stream to prevent bypasses via chunked transfer-encoding.
+    const contentLength = parseInt(request.headers.get("content-length") || "0", 10);
+    if (contentLength > __MAX_ACTION_BODY_SIZE) {
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response("Payload Too Large", { status: 413 });
+    }
+
+    try {
+      const contentType = request.headers.get("content-type") || "";
+      let body;
+      try {
+        body = contentType.startsWith("multipart/form-data")
+          ? await __readFormDataWithLimit(request, __MAX_ACTION_BODY_SIZE)
+          : await __readBodyWithLimit(request, __MAX_ACTION_BODY_SIZE);
+      } catch (sizeErr) {
+        if (sizeErr && sizeErr.message === "Request body too large") {
+          setHeadersContext(null);
+          setNavigationContext(null);
+          return new Response("Payload Too Large", { status: 413 });
+        }
+        throw sizeErr;
+      }
+      const temporaryReferences = createTemporaryReferenceSet();
+      const args = await decodeReply(body, { temporaryReferences });
+      const action = await loadServerAction(actionId);
+      let returnValue;
+      let actionRedirect = null;
+      try {
+        const data = await action.apply(null, args);
+        returnValue = { ok: true, data };
+      } catch (e) {
+        // Detect redirect() / permanentRedirect() called inside the action.
+        // These throw errors with digest "NEXT_REDIRECT;replace;url[;status]".
+        // The URL is encodeURIComponent-encoded to prevent semicolons in the URL
+        // from corrupting the delimiter-based digest format.
+        if (e && typeof e === "object" && "digest" in e) {
+          const digest = String(e.digest);
+          if (digest.startsWith("NEXT_REDIRECT;")) {
+            const parts = digest.split(";");
+            actionRedirect = {
+              url: decodeURIComponent(parts[2]),
+              type: parts[1] || "replace",       // "push" or "replace"
+              status: parts[3] ? parseInt(parts[3], 10) : 307,
+            };
+            returnValue = { ok: true, data: undefined };
+          } else if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+            // notFound() / forbidden() / unauthorized() in action — package as error
+            returnValue = { ok: false, data: e };
+          } else {
+            // Non-navigation digest error — sanitize in production to avoid
+            // leaking internal details (connection strings, paths, etc.)
+            console.error("[vinext] Server action error:", e);
+            returnValue = { ok: false, data: __sanitizeErrorForClient(e) };
+          }
+        } else {
+          // Unhandled error — sanitize in production to avoid leaking
+          // internal details (database errors, file paths, stack traces, etc.)
+          console.error("[vinext] Server action error:", e);
+          returnValue = { ok: false, data: __sanitizeErrorForClient(e) };
+        }
+      }
+
+      // If the action called redirect(), signal the client to navigate.
+      // We can't use a real HTTP redirect (the fetch would follow it automatically
+      // and receive a page HTML instead of RSC stream). Instead, we return a 200
+      // with x-action-redirect header that the client entry detects and handles.
+      if (actionRedirect) {
+        const actionPendingCookies = getAndClearPendingCookies();
+        const actionDraftCookie = getDraftModeCookieHeader();
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const redirectHeaders = new Headers({
+          "Content-Type": "text/x-component; charset=utf-8",
+          "Vary": "RSC, Accept",
+          "x-action-redirect": actionRedirect.url,
+          "x-action-redirect-type": actionRedirect.type,
+          "x-action-redirect-status": String(actionRedirect.status),
+        });
+        for (const cookie of actionPendingCookies) {
+          redirectHeaders.append("Set-Cookie", cookie);
+        }
+        if (actionDraftCookie) redirectHeaders.append("Set-Cookie", actionDraftCookie);
+        // Send an empty RSC-like body (client will navigate instead of parsing)
+        return new Response("", { status: 200, headers: redirectHeaders });
+      }
+
+      // After the action, re-render the current page so the client
+      // gets an updated React tree reflecting any mutations.
+      const match = matchRoute(cleanPathname, routes);
+      let element;
+      if (match) {
+        const { route: actionRoute, params: actionParams } = match;
+        setNavigationContext({
+          pathname: cleanPathname,
+          searchParams: url.searchParams,
+          params: actionParams,
+        });
+        element = buildPageElement(actionRoute, actionParams, undefined, url.searchParams);
+      } else {
+        element = createElement("div", null, "Page not found");
+      }
+
+      const rscStream = renderToReadableStream(
+        { root: element, returnValue },
+        { temporaryReferences, onError: rscOnError },
+      );
+
+      // Collect cookies set during the action
+      const actionPendingCookies = getAndClearPendingCookies();
+      const actionDraftCookie = getDraftModeCookieHeader();
+      setHeadersContext(null);
+      setNavigationContext(null);
+
+      const actionHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
+      const actionResponse = new Response(rscStream, { headers: actionHeaders });
+      if (actionPendingCookies.length > 0 || actionDraftCookie) {
+        for (const cookie of actionPendingCookies) {
+          actionResponse.headers.append("Set-Cookie", cookie);
+        }
+        if (actionDraftCookie) actionResponse.headers.append("Set-Cookie", actionDraftCookie);
+      }
+      return actionResponse;
+    } catch (err) {
+      getAndClearPendingCookies(); // Clear pending cookies on error
+      console.error("[vinext] Server action error:", err);
+      _reportRequestError(
+        err instanceof Error ? err : new Error(String(err)),
+        { path: cleanPathname, method: request.method, headers: Object.fromEntries(request.headers.entries()) },
+        { routerKind: "App Router", routePath: cleanPathname, routeType: "action" },
+      ).catch((reportErr) => {
+        console.error("[vinext] Failed to report server action error:", reportErr);
+      });
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response(
+        process.env.NODE_ENV === "production"
+          ? "Internal Server Error"
+          : "Server action failed: " + (err && err.message ? err.message : String(err)),
+        { status: 500 },
+      );
+    }
+  }
+
+  // ── Apply afterFiles rewrites from next.config.js ──────────────────────
+  if (__configRewrites.afterFiles && __configRewrites.afterFiles.length) {
+    const __afterRewritten = __applyConfigRewrites(cleanPathname, __configRewrites.afterFiles, __postMwReqCtx);
+    if (__afterRewritten) {
+      if (__isExternalUrl(__afterRewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __afterRewritten);
+      }
+      cleanPathname = __afterRewritten;
+    }
+  }
+
+  let match = matchRoute(cleanPathname, routes);
+
+  // ── Fallback rewrites from next.config.js (if no route matched) ───────
+  if (!match && __configRewrites.fallback && __configRewrites.fallback.length) {
+    const __fallbackRewritten = __applyConfigRewrites(cleanPathname, __configRewrites.fallback, __postMwReqCtx);
+    if (__fallbackRewritten) {
+      if (__isExternalUrl(__fallbackRewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __fallbackRewritten);
+      }
+      cleanPathname = __fallbackRewritten;
+      match = matchRoute(cleanPathname, routes);
+    }
+  }
+
+  if (!match) {
+    // Render custom not-found page if available, otherwise plain 404
+    const notFoundResponse = await renderNotFoundPage(null, isRscRequest, request);
+    if (notFoundResponse) return notFoundResponse;
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response("Not Found", { status: 404 });
+  }
+
+  const { route, params } = match;
+
+  // Update navigation context with matched params
+  setNavigationContext({
+    pathname: cleanPathname,
+    searchParams: url.searchParams,
+    params,
+  });
+
+  // Handle route.ts API handlers
+  if (route.routeHandler) {
+    const handler = route.routeHandler;
+    const method = request.method.toUpperCase();
+    const revalidateSeconds = typeof handler.revalidate === "number" && handler.revalidate > 0 ? handler.revalidate : null;
+
+    // Collect exported HTTP methods for OPTIONS auto-response and Allow header
+    const HTTP_METHODS = ["GET", "HEAD", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"];
+    const exportedMethods = HTTP_METHODS.filter((m) => typeof handler[m] === "function");
+    // If GET is exported, HEAD is implicitly supported
+    if (exportedMethods.includes("GET") && !exportedMethods.includes("HEAD")) {
+      exportedMethods.push("HEAD");
+    }
+    const hasDefault = typeof handler["default"] === "function";
+
+    // OPTIONS auto-implementation: respond with Allow header and 204
+    if (method === "OPTIONS" && typeof handler["OPTIONS"] !== "function") {
+      const allowMethods = hasDefault ? HTTP_METHODS : exportedMethods;
+      if (!allowMethods.includes("OPTIONS")) allowMethods.push("OPTIONS");
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response(null, {
+        status: 204,
+        headers: { "Allow": allowMethods.join(", ") },
+      });
+    }
+
+    // HEAD auto-implementation: run GET handler and strip body
+    let handlerFn = handler[method] || handler["default"];
+    let isAutoHead = false;
+    if (method === "HEAD" && typeof handler["HEAD"] !== "function" && typeof handler["GET"] === "function") {
+      handlerFn = handler["GET"];
+      isAutoHead = true;
+    }
+
+    if (typeof handlerFn === "function") {
+      try {
+        const response = await handlerFn(request, { params });
+
+        // Apply Cache-Control from route segment config (export const revalidate = N).
+        // Next.js sets s-maxage on GET route handlers with a numeric revalidate value.
+        if (revalidateSeconds !== null && (method === "GET" || isAutoHead) && !response.headers.has("cache-control")) {
+          response.headers.set("cache-control", "s-maxage=" + revalidateSeconds + ", stale-while-revalidate");
+        }
+
+        // Collect any Set-Cookie headers from cookies().set()/delete() calls
+        const pendingCookies = getAndClearPendingCookies();
+        const draftCookie = getDraftModeCookieHeader();
+        setHeadersContext(null);
+        setNavigationContext(null);
+
+        // If we have pending cookies, create a new response with them attached
+        if (pendingCookies.length > 0 || draftCookie) {
+          const newHeaders = new Headers(response.headers);
+          for (const cookie of pendingCookies) {
+            newHeaders.append("Set-Cookie", cookie);
+          }
+          if (draftCookie) newHeaders.append("Set-Cookie", draftCookie);
+
+          if (isAutoHead) {
+            return new Response(null, {
+              status: response.status,
+              statusText: response.statusText,
+              headers: newHeaders,
+            });
+          }
+          return new Response(response.body, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: newHeaders,
+          });
+        }
+
+        if (isAutoHead) {
+          // Strip body for auto-HEAD, preserve headers and status
+          return new Response(null, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: response.headers,
+          });
+        }
+        return response;
+      } catch (err) {
+        getAndClearPendingCookies(); // Clear any pending cookies on error
+        // Catch redirect() / notFound() thrown from route handlers
+        if (err && typeof err === "object" && "digest" in err) {
+          const digest = String(err.digest);
+          if (digest.startsWith("NEXT_REDIRECT;")) {
+            const parts = digest.split(";");
+            const redirectUrl = decodeURIComponent(parts[2]);
+            const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+            setHeadersContext(null);
+            setNavigationContext(null);
+            return new Response(null, {
+              status: statusCode,
+              headers: { Location: new URL(redirectUrl, request.url).toString() },
+            });
+          }
+          if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+            const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+            setHeadersContext(null);
+            setNavigationContext(null);
+            return new Response(null, { status: statusCode });
+          }
+        }
+        setHeadersContext(null);
+        setNavigationContext(null);
+        console.error("[vinext] Route handler error:", err);
+        _reportRequestError(
+          err instanceof Error ? err : new Error(String(err)),
+          { path: cleanPathname, method: request.method, headers: Object.fromEntries(request.headers.entries()) },
+          { routerKind: "App Router", routePath: route.pattern, routeType: "route" },
+        ).catch((reportErr) => {
+          console.error("[vinext] Failed to report route handler error:", reportErr);
+        });
+        return new Response(null, { status: 500 });
+      }
+    }
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response(null, {
+      status: 405,
+      headers: { Allow: exportedMethods.join(", ") },
+    });
+  }
+
+  // Build the component tree: layouts wrapping the page
+  const PageComponent = route.page?.default;
+  if (!PageComponent) {
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response("Page has no default export", { status: 500 });
+  }
+
+  // Read route segment config from page module exports
+  let revalidateSeconds = typeof route.page?.revalidate === "number" ? route.page.revalidate : null;
+  const dynamicConfig = route.page?.dynamic; // 'auto' | 'force-dynamic' | 'force-static' | 'error'
+  const dynamicParamsConfig = route.page?.dynamicParams; // true (default) | false
+  const isForceStatic = dynamicConfig === "force-static";
+  const isDynamicError = dynamicConfig === "error";
+
+  // force-static: replace headers/cookies context with empty values and
+  // clear searchParams so dynamic APIs return defaults instead of real data
+  if (isForceStatic) {
+    setHeadersContext({ headers: new Headers(), cookies: new Map() });
+    setNavigationContext({
+      pathname: cleanPathname,
+      searchParams: new URLSearchParams(),
+      params,
+    });
+  }
+
+  // dynamic = 'error': set a trap context that throws when headers/cookies are accessed
+  if (isDynamicError) {
+    const errorMsg = 'Page with \`dynamic = "error"\` used a dynamic API. ' +
+      'This page was expected to be fully static, but headers(), cookies(), ' +
+      'or searchParams was accessed. Remove the dynamic API usage or change ' +
+      'the dynamic config to "auto" or "force-dynamic".';
+    const throwingHeaders = new Proxy(new Headers(), {
+      get(target, prop) {
+        if (typeof prop === "string" && prop !== "then") throw new Error(errorMsg);
+        return Reflect.get(target, prop);
+      },
+    });
+    const throwingCookies = new Proxy(new Map(), {
+      get(target, prop) {
+        if (typeof prop === "string" && prop !== "then") throw new Error(errorMsg);
+        return Reflect.get(target, prop);
+      },
+    });
+    setHeadersContext({ headers: throwingHeaders, cookies: throwingCookies });
+    setNavigationContext({
+      pathname: cleanPathname,
+      searchParams: new URLSearchParams(),
+      params,
+    });
+  }
+
+  // dynamicParams = false: only params from generateStaticParams are allowed
+  if (dynamicParamsConfig === false && route.isDynamic && typeof route.page?.generateStaticParams === "function") {
+    try {
+      // Pass parent params to generateStaticParams (Next.js top-down params passing).
+      // Parent params = all matched params that DON'T belong to the leaf page's own dynamic segments.
+      // We pass the full matched params; the function uses only what it needs.
+      const staticParams = await route.page.generateStaticParams({ params });
+      if (Array.isArray(staticParams)) {
+        const paramKeys = Object.keys(params);
+        const isAllowed = staticParams.some(sp =>
+          paramKeys.every(key => {
+            const val = params[key];
+            const staticVal = sp[key];
+            // Allow parent params to not be in the returned set (they're inherited)
+            if (staticVal === undefined) return true;
+            if (Array.isArray(val)) return JSON.stringify(val) === JSON.stringify(staticVal);
+            return String(val) === String(staticVal);
+          })
+        );
+        if (!isAllowed) {
+          setHeadersContext(null);
+          setNavigationContext(null);
+          return new Response("Not Found", { status: 404 });
+        }
+      }
+    } catch (err) {
+      console.error("[vinext] generateStaticParams error:", err);
+    }
+  }
+
+  // force-dynamic: set no-store Cache-Control
+  const isForceDynamic = dynamicConfig === "force-dynamic";
+
+  // Check for intercepting routes on RSC requests (client-side navigation).
+  // If the target URL matches an intercepting route in a parallel slot,
+  // render the source route with the intercepting page in the slot.
+  let interceptOpts = undefined;
+  if (isRscRequest) {
+    const intercept = findIntercept(cleanPathname);
+    if (intercept) {
+      const sourceRoute = routes[intercept.sourceRouteIndex];
+      if (sourceRoute && sourceRoute !== route) {
+        // Render the source route (e.g. /feed) with the intercepting page in the slot
+        const sourceMatch = matchRoute(sourceRoute.pattern, routes);
+        const sourceParams = sourceMatch ? sourceMatch.params : {};
+        setNavigationContext({
+          pathname: cleanPathname,
+          searchParams: url.searchParams,
+          params: intercept.matchedParams,
+        });
+        const interceptElement = await buildPageElement(sourceRoute, sourceParams, {
+          interceptSlot: intercept.slotName,
+          interceptPage: intercept.page,
+          interceptParams: intercept.matchedParams,
+        }, url.searchParams);
+        const interceptStream = renderToReadableStream(interceptElement, { onError: rscOnError });
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return new Response(interceptStream, {
+          headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+        });
+      }
+      // If sourceRoute === route, apply intercept opts to the normal render
+      interceptOpts = {
+        interceptSlot: intercept.slotName,
+        interceptPage: intercept.page,
+        interceptParams: intercept.matchedParams,
+      };
+    }
+  }
+
+  let element;
+  try {
+    element = await buildPageElement(route, params, interceptOpts, url.searchParams);
+  } catch (buildErr) {
+    // Check for redirect/notFound/forbidden/unauthorized thrown during metadata resolution or async components
+    if (buildErr && typeof buildErr === "object" && "digest" in buildErr) {
+      const digest = String(buildErr.digest);
+      if (digest.startsWith("NEXT_REDIRECT;")) {
+        const parts = digest.split(";");
+        const redirectUrl = decodeURIComponent(parts[2]);
+        const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+      }
+      if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+        const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { matchedParams: params });
+        if (fallbackResp) return fallbackResp;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+        return new Response(statusText, { status: statusCode });
+      }
+    }
+    // Non-special error (e.g. generateMetadata() threw) — render error.tsx if available
+    const errorBoundaryResp = await renderErrorBoundaryPage(route, buildErr, isRscRequest, request, params);
+    if (errorBoundaryResp) return errorBoundaryResp;
+    throw buildErr;
+  }
+
+  // Note: CSS is automatically injected by @vitejs/plugin-rsc's
+  // rscCssTransform — no manual loadCss() call needed.
+
+  // Helper: check if an error is a redirect/notFound/forbidden/unauthorized thrown by the navigation shim
+  async function handleRenderError(err) {
+    if (err && typeof err === "object" && "digest" in err) {
+      const digest = String(err.digest);
+      if (digest.startsWith("NEXT_REDIRECT;")) {
+        const parts = digest.split(";");
+        const redirectUrl = decodeURIComponent(parts[2]);
+        const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+      }
+      if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+        const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { matchedParams: params });
+        if (fallbackResp) return fallbackResp;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+        return new Response(statusText, { status: statusCode });
+      }
+    }
+    return null;
+  }
+
+  // Pre-render layout components to catch notFound()/redirect() thrown from layouts.
+  // In Next.js, each layout level has its own NotFoundBoundary. When a layout throws
+  // notFound(), the parent layout's boundary catches it and renders the parent's
+  // not-found.tsx. Since React Flight doesn't activate client error boundaries during
+  // RSC rendering, we catch layout-level throws here and render the appropriate
+  // fallback page with only the layouts above the throwing one.
+  //
+  // IMPORTANT: Layout pre-render runs BEFORE page pre-render. In Next.js, layouts
+  // render before their children — if a layout throws notFound(), the page never
+  // executes. By checking layouts first, we avoid a bug where the page's notFound()
+  // triggers renderHTTPAccessFallbackPage with ALL route layouts, but one of those
+  // layouts itself throws notFound() during the fallback rendering (causing a 500).
+  if (route.layouts && route.layouts.length > 0) {
+    const asyncParams = makeThenableParams(params);
+    // Run inside ALS context so the module-level console.error patch suppresses
+    // "Invalid hook call" only for this request's probe — concurrent requests
+    // each have their own ALS store and are unaffected.
+    const _layoutProbeResult = await _suppressHookWarningAls.run(true, async () => {
+      for (let li = route.layouts.length - 1; li >= 0; li--) {
+        const LayoutComp = route.layouts[li]?.default;
+        if (!LayoutComp) continue;
+        try {
+          const lr = LayoutComp({ params: asyncParams, children: null });
+          if (lr && typeof lr === "object" && typeof lr.then === "function") await lr;
+        } catch (layoutErr) {
+          if (layoutErr && typeof layoutErr === "object" && "digest" in layoutErr) {
+            const digest = String(layoutErr.digest);
+             if (digest.startsWith("NEXT_REDIRECT;")) {
+               const parts = digest.split(";");
+               const redirectUrl = decodeURIComponent(parts[2]);
+               const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+               setHeadersContext(null);
+               setNavigationContext(null);
+               return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+            }
+            if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+              const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+              // Find the not-found component from the parent level (the boundary that
+              // would catch this in Next.js). Walk up from the throwing layout to find
+              // the nearest not-found at a parent layout's directory.
+              let parentNotFound = null;
+              if (route.notFounds) {
+                for (let pi = li - 1; pi >= 0; pi--) {
+                  if (route.notFounds[pi]?.default) {
+                    parentNotFound = route.notFounds[pi].default;
+                    break;
+                  }
+                }
+              }
+              if (!parentNotFound) parentNotFound = null;
+              // Wrap in only the layouts above the throwing one
+              const parentLayouts = route.layouts.slice(0, li);
+              const fallbackResp = await renderHTTPAccessFallbackPage(
+                route, statusCode, isRscRequest, request,
+                { boundaryComponent: parentNotFound, layouts: parentLayouts, matchedParams: params }
+              );
+              if (fallbackResp) return fallbackResp;
+              setHeadersContext(null);
+              setNavigationContext(null);
+              const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+              return new Response(statusText, { status: statusCode });
+            }
+          }
+          // Not a special error — let it propagate through normal RSC rendering
+        }
+      }
+      return null;
+    });
+    if (_layoutProbeResult instanceof Response) return _layoutProbeResult;
+  }
+
+  // Pre-render the page component to catch redirect()/notFound() thrown synchronously.
+  // Server Components are just functions — we can call PageComponent directly to detect
+  // these special throws before starting the RSC stream.
+  //
+  // For routes with a loading.tsx Suspense boundary, we skip awaiting async components.
+  // The Suspense boundary + rscOnError will handle redirect/notFound thrown during
+  // streaming, and blocking here would defeat streaming (the slow component's delay
+  // would be hit before the RSC stream even starts).
+  //
+  // Because this calls the component outside React's render cycle, hooks like use()
+  // trigger "Invalid hook call" console.error in dev. The module-level ALS patch
+  // suppresses the warning only within this request's execution context.
+  const _hasLoadingBoundary = !!(route.loading && route.loading.default);
+  const _pageProbeResult = await _suppressHookWarningAls.run(true, async () => {
+    try {
+      const testResult = PageComponent({ params });
+      // If it's a promise (async component), only await if there's no loading boundary.
+      // With a loading boundary, the Suspense streaming pipeline handles async resolution
+      // and any redirect/notFound errors via rscOnError.
+      if (testResult && typeof testResult === "object" && typeof testResult.then === "function") {
+        if (!_hasLoadingBoundary) {
+          await testResult;
+        } else {
+          // Suppress unhandled promise rejection — with a loading boundary,
+          // redirect/notFound errors are handled by rscOnError during streaming.
+          testResult.catch(() => {});
+        }
+      }
+    } catch (preRenderErr) {
+      const specialResponse = await handleRenderError(preRenderErr);
+      if (specialResponse) return specialResponse;
+      // Non-special errors from the pre-render test are expected (e.g. use() hook
+      // fails outside React's render cycle, client references can't execute on server).
+      // Only redirect/notFound/forbidden/unauthorized are actionable here — other
+      // errors will be properly caught during actual RSC/SSR rendering below.
+    }
+    return null;
+  });
+  if (_pageProbeResult instanceof Response) return _pageProbeResult;
+
+  // Mark end of compile phase: route matching, middleware, tree building are done.
+  if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
+
+  // Render to RSC stream
+  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+
+  if (isRscRequest) {
+    // Direct RSC stream response (for client-side navigation)
+    // NOTE: Do NOT clear headers/navigation context here!
+    // The RSC stream is consumed lazily - components render when chunks are read.
+    // If we clear context now, headers()/cookies() will fail during rendering.
+    // Context will be cleared when the next request starts (via runWithHeadersContext).
+    const responseHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
+    // Include matched route params so the client can hydrate useParams()
+    if (params && Object.keys(params).length > 0) {
+      responseHeaders["X-Vinext-Params"] = JSON.stringify(params);
+    }
+    if (isForceDynamic) {
+      responseHeaders["Cache-Control"] = "no-store, must-revalidate";
+    } else if ((isForceStatic || isDynamicError) && !revalidateSeconds) {
+      responseHeaders["Cache-Control"] = "s-maxage=31536000, stale-while-revalidate";
+      responseHeaders["X-Vinext-Cache"] = "STATIC";
+    } else if (revalidateSeconds) {
+      responseHeaders["Cache-Control"] = "s-maxage=" + revalidateSeconds + ", stale-while-revalidate";
+    }
+    // Merge middleware response headers into the RSC response.
+    // set-cookie and vary are accumulated to preserve existing values
+    // (e.g. "Vary: RSC, Accept" set above); all other keys use plain
+    // assignment so middleware headers win over config headers, which
+    // the outer handler applies afterward and skips keys already present.
+    if (_mwCtx.headers) {
+      for (const [key, value] of _mwCtx.headers) {
+        const lk = key.toLowerCase();
+        if (lk === "set-cookie") {
+          const existing = responseHeaders[lk];
+          if (Array.isArray(existing)) {
+            existing.push(value);
+          } else if (existing) {
+            responseHeaders[lk] = [existing, value];
+          } else {
+            responseHeaders[lk] = [value];
+          }
+        } else if (lk === "vary") {
+          // Accumulate Vary values to preserve the existing "RSC, Accept" entry.
+          const existing = responseHeaders["Vary"] ?? responseHeaders["vary"];
+          if (existing) {
+            responseHeaders["Vary"] = existing + ", " + value;
+            if (responseHeaders["vary"] !== undefined) delete responseHeaders["vary"];
+          } else {
+            responseHeaders[key] = value;
+          }
+        } else {
+          responseHeaders[key] = value;
+        }
+      }
+    }
+    // Attach internal timing header so the dev server middleware can log it.
+    // Format: "handlerStart,compileMs,renderMs"
+    //   handlerStart - absolute performance.now() when _handleRequest began,
+    //                  used by the logging middleware to compute true compile
+    //                  time as (handlerStart - middlewareReqStart).
+    //   compileMs    - time inside the handler before renderToReadableStream.
+    //                  -1 sentinel means compile time is not measured.
+    //   renderMs     - -1 sentinel for RSC-only (soft-nav) responses, since
+    //                  rendering is handled asynchronously by the client. The
+    //                  logging middleware computes render time as totalMs - compileMs.
+    if (process.env.NODE_ENV !== "production") {
+      const handlerStart = Math.round(__reqStart);
+      const compileMs = __compileEnd !== undefined ? Math.round(__compileEnd - __reqStart) : -1;
+      responseHeaders["x-vinext-timing"] = handlerStart + "," + compileMs + ",-1";
+    }
+    return new Response(rscStream, { status: _mwCtx.status || 200, headers: responseHeaders });
+  }
+
+  // Collect font data from RSC environment before passing to SSR
+  // (Fonts are loaded during RSC rendering when layout.tsx calls Geist() etc.)
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+
+  // Build HTTP Link header for font preloading.
+  // This lets the browser (and CDN) start fetching font files before parsing HTML,
+  // eliminating the CSS → woff2 download waterfall.
+  const fontPreloads = fontData.preloads || [];
+  const fontLinkHeaderParts = [];
+  for (const preload of fontPreloads) {
+    fontLinkHeaderParts.push("<" + preload.href + ">; rel=preload; as=font; type=" + preload.type + "; crossorigin");
+  }
+  const fontLinkHeader = fontLinkHeaderParts.length > 0 ? fontLinkHeaderParts.join(", ") : "";
+
+  // Delegate to SSR environment for HTML rendering
+  let htmlStream;
+  try {
+    const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+    htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+    // Shell render complete; Suspense boundaries stream asynchronously
+    if (process.env.NODE_ENV !== "production") __renderEnd = performance.now();
+  } catch (ssrErr) {
+    const specialResponse = await handleRenderError(ssrErr);
+    if (specialResponse) return specialResponse;
+    // Non-special error during SSR — render error.tsx if available
+    const errorBoundaryResp = await renderErrorBoundaryPage(route, ssrErr, isRscRequest, request, params);
+    if (errorBoundaryResp) return errorBoundaryResp;
+    throw ssrErr;
+  }
+
+  // Check for draftMode Set-Cookie header (from draftMode().enable()/disable())
+  const draftCookie = getDraftModeCookieHeader();
+
+  setHeadersContext(null);
+  setNavigationContext(null);
+
+  // Helper to attach draftMode cookie, middleware headers, font Link header, and rewrite status to a response
+  function attachMiddlewareContext(response) {
+    if (draftCookie) {
+      response.headers.append("Set-Cookie", draftCookie);
+    }
+    // Set HTTP Link header for font preloading
+    if (fontLinkHeader) {
+      response.headers.set("Link", fontLinkHeader);
+    }
+    // Merge middleware response headers into the final response.
+    // The response is freshly constructed above (new Response(htmlStream, {...})),
+    // so set() and append() are equivalent — there are no same-key conflicts yet.
+    // Precedence over config headers is handled by the outer handler, which
+    // skips config keys that middleware already placed on the response.
+    if (_mwCtx.headers) {
+      for (const [key, value] of _mwCtx.headers) {
+        response.headers.append(key, value);
+      }
+    }
+    // Attach internal timing header so the dev server middleware can log it.
+    // Format: "handlerStart,compileMs,renderMs"
+    //   handlerStart - absolute performance.now() when _handleRequest began,
+    //                  used by the logging middleware to compute true compile
+    //                  time as (handlerStart - middlewareReqStart).
+    //   compileMs    - time inside the handler before renderToReadableStream.
+    //   renderMs     - time from renderToReadableStream to handleSsr completion,
+    //                  or -1 sentinel if not measured (falls back to totalMs - compileMs).
+    if (process.env.NODE_ENV !== "production") {
+      const handlerStart = Math.round(__reqStart);
+      const compileMs = __compileEnd !== undefined ? Math.round(__compileEnd - __reqStart) : -1;
+      const renderMs = __renderEnd !== undefined && __compileEnd !== undefined
+        ? Math.round(__renderEnd - __compileEnd)
+        : -1;
+      response.headers.set("x-vinext-timing", handlerStart + "," + compileMs + "," + renderMs);
+    }
+    // Apply custom status code from middleware rewrite
+    if (_mwCtx.status) {
+      return new Response(response.body, {
+        status: _mwCtx.status,
+        headers: response.headers,
+      });
+    }
+    return response;
+  }
+
+  // Check if any component called connection(), cookies(), headers(), or noStore()
+  // during rendering. If so, treat as dynamic (skip ISR, set no-store).
+  const dynamicUsedDuringRender = consumeDynamicUsage();
+
+  // Check if cacheLife() was called during rendering (e.g., page with file-level "use cache").
+  // If so, use its revalidation period for the Cache-Control header.
+  const requestCacheLife = _consumeRequestScopedCacheLife();
+  if (requestCacheLife && requestCacheLife.revalidate !== undefined && revalidateSeconds === null) {
+    revalidateSeconds = requestCacheLife.revalidate;
+  }
+
+  // force-dynamic: always return no-store (highest priority)
+  if (isForceDynamic) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "no-store, must-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // force-static / error: treat as static regardless of dynamic usage.
+  // force-static intentionally provides empty headers/cookies context so
+  // dynamic APIs return safe defaults; we ignore the dynamic usage signal.
+  // dynamic='error' should have already thrown (via throwing Proxy) if user
+  // code accessed dynamic APIs, so reaching here means rendering succeeded.
+  if ((isForceStatic || isDynamicError) && (revalidateSeconds === null || revalidateSeconds === 0)) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "s-maxage=31536000, stale-while-revalidate",
+        "X-Vinext-Cache": "STATIC",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // auto mode: dynamic API usage (headers(), cookies(), connection(), noStore(),
+  // searchParams access) opts the page into dynamic rendering with no-store.
+  if (dynamicUsedDuringRender) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "no-store, must-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // Emit Cache-Control for ISR pages so tests can verify revalidate values,
+  // but skip actual caching in dev — every request renders fresh.
+  if (revalidateSeconds !== null && revalidateSeconds > 0) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "s-maxage=" + revalidateSeconds + ", stale-while-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  return attachMiddlewareContext(new Response(htmlStream, {
+    headers: { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" },
+  }));
+}
+
+if (import.meta.hot) {
+  import.meta.hot.accept();
+}
+"
+`;
+
 exports[`App Router entry templates > generateRscEntry snapshot (with middleware) 1`] = `
 "
 import {
diff --git a/tests/entry-templates.test.ts b/tests/entry-templates.test.ts
index 25baee2e..dc97920a 100644
--- a/tests/entry-templates.test.ts
+++ b/tests/entry-templates.test.ts
@@ -74,6 +74,9 @@ const minimalAppRoutes: AppRoute[] = [
 ];
 
 // ── Pages Router fixture ──────────────────────────────────────────────
+// NOTE: Adding, removing, or renaming pages in this fixture will break the
+// Pages Router snapshots below. Run `pnpm test tests/entry-templates.test.ts -u`
+// to update them after intentional fixture changes.
 const PAGES_FIXTURE_DIR = path.resolve(
   import.meta.dirname,
   "./fixtures/pages-basic",
@@ -108,6 +111,21 @@ describe("App Router entry templates", () => {
     expect(code).toMatchSnapshot();
   });
 
+  it("generateRscEntry snapshot (with instrumentation)", () => {
+    const code = generateRscEntry(
+      "/tmp/test/app",
+      minimalAppRoutes,
+      null,
+      [],
+      null,
+      "",
+      false,
+      undefined,
+      "/tmp/test/instrumentation.ts",
+    );
+    expect(code).toMatchSnapshot();
+  });
+
   it("generateRscEntry snapshot (with config)", () => {
     const config: AppRouterConfig = {
       redirects: [

From 44a22562d6da9d4c01030e5672ca1f7f3c8714e6 Mon Sep 17 00:00:00 2001
From: James <james@eli.cx>
Date: Sun, 8 Mar 2026 15:48:43 +0000
Subject: [PATCH 4/8] test: address new bonk review comments on entry-template
 snapshot tests

- Add dynamic route fixture (/blog/:slug) to minimalAppRoutes to cover
  dynamic segment serialization in the generated route table
- Add generateRscEntry snapshot test covering globalErrorPath arg
---
 .../entry-templates.test.ts.snap              | 2893 ++++++++++++++++-
 tests/entry-templates.test.ts                 |   32 +
 2 files changed, 2874 insertions(+), 51 deletions(-)

diff --git a/tests/__snapshots__/entry-templates.test.ts.snap b/tests/__snapshots__/entry-templates.test.ts.snap
index f489c95f..7ea3de7c 100644
--- a/tests/__snapshots__/entry-templates.test.ts.snap
+++ b/tests/__snapshots__/entry-templates.test.ts.snap
@@ -473,7 +473,7 @@ function __sanitizeErrorForClient(error) {
 // thrown during RSC streaming (e.g. inside Suspense boundaries).
 // For non-navigation errors in production, generates a digest hash so the
 // error can be correlated with server logs without leaking details.
-function rscOnError(error) {
+function rscOnError(error, requestInfo, errorContext) {
   if (error && typeof error === "object" && "digest" in error) {
     return String(error.digest);
   }
@@ -519,6 +519,2446 @@ function rscOnError(error) {
     return undefined;
   }
 
+  if (requestInfo && errorContext && error) {
+    _reportRequestError(
+      error instanceof Error ? error : new Error(String(error)),
+      requestInfo,
+      errorContext,
+    ).catch((reportErr) => {
+      console.error("[vinext] Failed to report render error:", reportErr);
+    });
+  }
+
+  // In production, generate a digest hash for non-navigation errors
+  if (process.env.NODE_ENV === "production" && error) {
+    const msg = error instanceof Error ? error.message : String(error);
+    const stack = error instanceof Error ? (error.stack || "") : "";
+    return __errorDigest(msg + stack);
+  }
+  return undefined;
+}
+
+function createRscOnErrorHandler(request, pathname, routePath) {
+  const requestInfo = {
+    path: pathname,
+    method: request.method,
+    headers: Object.fromEntries(request.headers.entries()),
+  };
+  const errorContext = {
+    routerKind: "App Router",
+    routePath: routePath || pathname,
+    routeType: "render",
+  };
+  return function(error) {
+    return rscOnError(error, requestInfo, errorContext);
+  };
+}
+
+import * as mod_0 from "/tmp/test/app/page.tsx";
+import * as mod_1 from "/tmp/test/app/layout.tsx";
+import * as mod_2 from "/tmp/test/app/about/page.tsx";
+import * as mod_3 from "/tmp/test/app/blog/[slug]/page.tsx";
+import * as mod_4 from "/tmp/test/app/blog/[slug]/layout.tsx";
+
+
+
+const routes = [
+  {
+    pattern: "/",
+    isDynamic: false,
+    params: [],
+    page: mod_0,
+    routeHandler: null,
+    layouts: [mod_1],
+    routeSegments: [],
+    layoutTreePositions: [0],
+    templates: [],
+    errors: [null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null],
+    forbidden: null,
+    unauthorized: null,
+  },
+  {
+    pattern: "/about",
+    isDynamic: false,
+    params: [],
+    page: mod_2,
+    routeHandler: null,
+    layouts: [mod_1],
+    routeSegments: ["about"],
+    layoutTreePositions: [0],
+    templates: [],
+    errors: [null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null],
+    forbidden: null,
+    unauthorized: null,
+  },
+  {
+    pattern: "/blog/:slug",
+    isDynamic: true,
+    params: ["slug"],
+    page: mod_3,
+    routeHandler: null,
+    layouts: [mod_1, mod_4],
+    routeSegments: ["blog",":slug"],
+    layoutTreePositions: [0,1],
+    templates: [],
+    errors: [null, null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null, null],
+    forbidden: null,
+    unauthorized: null,
+  }
+];
+
+const metadataRoutes = [
+
+];
+
+const rootNotFoundModule = null;
+const rootForbiddenModule = null;
+const rootUnauthorizedModule = null;
+const rootLayouts = [mod_1];
+
+/**
+ * Render an HTTP access fallback page (not-found/forbidden/unauthorized) with layouts and noindex meta.
+ * Returns null if no matching component is available.
+ *
+ * @param opts.boundaryComponent - Override the boundary component (for layout-level notFound)
+ * @param opts.layouts - Override the layouts to wrap with (for layout-level notFound, excludes the throwing layout)
+ */
+async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, opts) {
+  // Determine which boundary component to use based on status code
+  let BoundaryComponent = opts?.boundaryComponent ?? null;
+  if (!BoundaryComponent) {
+    let boundaryModule;
+    if (statusCode === 403) {
+      boundaryModule = route?.forbidden ?? rootForbiddenModule;
+    } else if (statusCode === 401) {
+      boundaryModule = route?.unauthorized ?? rootUnauthorizedModule;
+    } else {
+      boundaryModule = route?.notFound ?? rootNotFoundModule;
+    }
+    BoundaryComponent = boundaryModule?.default ?? null;
+  }
+  const layouts = opts?.layouts ?? route?.layouts ?? rootLayouts;
+  if (!BoundaryComponent) return null;
+
+  // Resolve metadata and viewport from parent layouts so that not-found/error
+  // pages inherit title, description, OG tags etc. — matching Next.js behavior.
+  const metadataList = [];
+  const viewportList = [];
+  for (const layoutMod of layouts) {
+    if (layoutMod) {
+      const meta = await resolveModuleMetadata(layoutMod);
+      if (meta) metadataList.push(meta);
+      const vp = await resolveModuleViewport(layoutMod);
+      if (vp) viewportList.push(vp);
+    }
+  }
+  const resolvedMetadata = metadataList.length > 0 ? mergeMetadata(metadataList) : null;
+  const resolvedViewport = mergeViewport(viewportList);
+
+  // Build element: metadata head + noindex meta + boundary component wrapped in layouts
+  // Always include charset and default viewport for parity with Next.js.
+  const charsetMeta = createElement("meta", { charSet: "utf-8" });
+  const noindexMeta = createElement("meta", { name: "robots", content: "noindex" });
+  const headElements = [charsetMeta, noindexMeta];
+  if (resolvedMetadata) headElements.push(createElement(MetadataHead, { metadata: resolvedMetadata }));
+  headElements.push(createElement(ViewportHead, { viewport: resolvedViewport }));
+  let element = createElement(Fragment, null, ...headElements, createElement(BoundaryComponent));
+  if (isRscRequest) {
+    // For RSC requests (client-side navigation), wrap the element with the same
+    // component wrappers that buildPageElement() uses. Without these wrappers,
+    // React's reconciliation would see a mismatched tree structure between the
+    // old fiber tree (ErrorBoundary > LayoutSegmentProvider > html > body > NotFoundBoundary > ...)
+    // and the new tree (html > body > ...), causing it to destroy and recreate
+    // the entire DOM tree, resulting in a blank white page.
+    //
+    // We wrap each layout with LayoutSegmentProvider and add GlobalErrorBoundary
+    // to match the wrapping order in buildPageElement(), ensuring smooth
+    // client-side tree reconciliation.
+    const _treePositions = route?.layoutTreePositions;
+    const _routeSegs = route?.routeSegments || [];
+    const _fallbackParams = opts?.matchedParams ?? route?.params ?? {};
+    const _asyncFallbackParams = makeThenableParams(_fallbackParams);
+    for (let i = layouts.length - 1; i >= 0; i--) {
+      const LayoutComponent = layouts[i]?.default;
+      if (LayoutComponent) {
+        element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParams });
+        const _tp = _treePositions ? _treePositions[i] : 0;
+        const _cs = __resolveChildSegments(_routeSegs, _tp, _fallbackParams);
+        element = createElement(LayoutSegmentProvider, { childSegments: _cs }, element);
+      }
+    }
+    
+    const _pathname = new URL(request.url).pathname;
+    const onRenderError = createRscOnErrorHandler(
+      request,
+      _pathname,
+      route?.pattern ?? _pathname,
+    );
+    const rscStream = renderToReadableStream(element, { onError: onRenderError });
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response(rscStream, {
+      status: statusCode,
+      headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+    });
+  }
+  // For HTML (full page load) responses, wrap with layouts only (no client-side
+  // wrappers needed since SSR generates the complete HTML document).
+  const _fallbackParamsHtml = opts?.matchedParams ?? route?.params ?? {};
+  const _asyncFallbackParamsHtml = makeThenableParams(_fallbackParamsHtml);
+  for (let i = layouts.length - 1; i >= 0; i--) {
+    const LayoutComponent = layouts[i]?.default;
+    if (LayoutComponent) {
+      element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParamsHtml });
+    }
+  }
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
+  // Collect font data from RSC environment
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+  const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+  const htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+  setHeadersContext(null);
+  setNavigationContext(null);
+  const _respHeaders = { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" };
+  const _linkParts = (fontData.preloads || []).map(function(p) { return "<" + p.href + ">; rel=preload; as=font; type=" + p.type + "; crossorigin"; });
+  if (_linkParts.length > 0) _respHeaders["Link"] = _linkParts.join(", ");
+  return new Response(htmlStream, {
+    status: statusCode,
+    headers: _respHeaders,
+  });
+}
+
+/** Convenience: render a not-found page (404) */
+async function renderNotFoundPage(route, isRscRequest, request, matchedParams) {
+  return renderHTTPAccessFallbackPage(route, 404, isRscRequest, request, { matchedParams });
+}
+
+/**
+ * Render an error.tsx boundary page when a server component or generateMetadata() throws.
+ * Returns null if no error boundary component is available for this route.
+ *
+ * Next.js returns HTTP 200 when error.tsx catches an error (the error is "handled"
+ * by the boundary). This matches that behavior intentionally.
+ */
+async function renderErrorBoundaryPage(route, error, isRscRequest, request, matchedParams) {
+  // Resolve the error boundary component: leaf error.tsx first, then walk per-layout
+  // errors from innermost to outermost (matching ancestor inheritance), then global-error.tsx.
+  let ErrorComponent = route?.error?.default ?? null;
+  if (!ErrorComponent && route?.errors) {
+    for (let i = route.errors.length - 1; i >= 0; i--) {
+      if (route.errors[i]?.default) {
+        ErrorComponent = route.errors[i].default;
+        break;
+      }
+    }
+  }
+  ErrorComponent = ErrorComponent;
+  if (!ErrorComponent) return null;
+
+  const rawError = error instanceof Error ? error : new Error(String(error));
+  // Sanitize the error in production to avoid leaking internal details
+  // (database errors, file paths, stack traces) through error.tsx to the client.
+  // In development, pass the original error for debugging.
+  const errorObj = __sanitizeErrorForClient(rawError);
+  // Only pass error — reset is a client-side concern (re-renders the segment) and
+  // can't be serialized through RSC. The error.tsx component will receive reset=undefined
+  // during SSR, which is fine — onClick={undefined} is harmless, and the real reset
+  // function is only meaningful after hydration.
+  let element = createElement(ErrorComponent, {
+    error: errorObj,
+  });
+  const layouts = route?.layouts ?? rootLayouts;
+  if (isRscRequest) {
+    // For RSC requests (client-side navigation), wrap with the same component
+    // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
+    // This ensures React can reconcile the tree without destroying the DOM.
+    // Same rationale as renderHTTPAccessFallbackPage — see comment there.
+    const _errTreePositions = route?.layoutTreePositions;
+    const _errRouteSegs = route?.routeSegments || [];
+    const _errParams = matchedParams ?? route?.params ?? {};
+    const _asyncErrParams = makeThenableParams(_errParams);
+    for (let i = layouts.length - 1; i >= 0; i--) {
+      const LayoutComponent = layouts[i]?.default;
+      if (LayoutComponent) {
+        element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
+        const _etp = _errTreePositions ? _errTreePositions[i] : 0;
+        const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
+        element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+      }
+    }
+    
+    const _pathname = new URL(request.url).pathname;
+    const onRenderError = createRscOnErrorHandler(
+      request,
+      _pathname,
+      route?.pattern ?? _pathname,
+    );
+    const rscStream = renderToReadableStream(element, { onError: onRenderError });
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response(rscStream, {
+      status: 200,
+      headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+    });
+  }
+  // For HTML (full page load) responses, wrap with layouts only.
+  const _errParamsHtml = matchedParams ?? route?.params ?? {};
+  const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
+  for (let i = layouts.length - 1; i >= 0; i--) {
+    const LayoutComponent = layouts[i]?.default;
+    if (LayoutComponent) {
+      element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
+    }
+  }
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
+  // Collect font data from RSC environment so error pages include font styles
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+  const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+  const htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+  setHeadersContext(null);
+  setNavigationContext(null);
+  const _errHeaders = { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" };
+  const _errLinkParts = (fontData.preloads || []).map(function(p) { return "<" + p.href + ">; rel=preload; as=font; type=" + p.type + "; crossorigin"; });
+  if (_errLinkParts.length > 0) _errHeaders["Link"] = _errLinkParts.join(", ");
+  return new Response(htmlStream, {
+    status: 200,
+    headers: _errHeaders,
+  });
+}
+
+function matchRoute(url, routes) {
+  const pathname = url.split("?")[0];
+  let normalizedUrl = pathname === "/" ? "/" : pathname.replace(/\\/$/, "");
+   // NOTE: Do NOT decodeURIComponent here. The caller is responsible for decoding
+   // the pathname exactly once at the request entry point. Decoding again here
+   // would cause inconsistent path matching between middleware and routing.
+  for (const route of routes) {
+    const params = matchPattern(normalizedUrl, route.pattern);
+    if (params !== null) return { route, params };
+  }
+  return null;
+}
+
+function matchPattern(url, pattern) {
+  const urlParts = url.split("/").filter(Boolean);
+  const patternParts = pattern.split("/").filter(Boolean);
+  const params = Object.create(null);
+  for (let i = 0; i < patternParts.length; i++) {
+    const pp = patternParts[i];
+    if (pp.endsWith("+")) {
+      const paramName = pp.slice(1, -1);
+      const remaining = urlParts.slice(i);
+      if (remaining.length === 0) return null;
+      params[paramName] = remaining;
+      return params;
+    }
+    if (pp.endsWith("*")) {
+      const paramName = pp.slice(1, -1);
+      params[paramName] = urlParts.slice(i);
+      return params;
+    }
+    if (pp.startsWith(":")) {
+      if (i >= urlParts.length) return null;
+      params[pp.slice(1)] = urlParts[i];
+      continue;
+    }
+    if (i >= urlParts.length || urlParts[i] !== pp) return null;
+  }
+  if (urlParts.length !== patternParts.length) return null;
+  return params;
+}
+
+// Build a global intercepting route lookup for RSC navigation.
+// Maps target URL patterns to { sourceRouteIndex, slotName, interceptPage, params }.
+const interceptLookup = [];
+for (let ri = 0; ri < routes.length; ri++) {
+  const r = routes[ri];
+  if (!r.slots) continue;
+  for (const [slotName, slotMod] of Object.entries(r.slots)) {
+    if (!slotMod.intercepts) continue;
+    for (const intercept of slotMod.intercepts) {
+      interceptLookup.push({
+        sourceRouteIndex: ri,
+        slotName,
+        targetPattern: intercept.targetPattern,
+        page: intercept.page,
+        params: intercept.params,
+      });
+    }
+  }
+}
+
+/**
+ * Check if a pathname matches any intercepting route.
+ * Returns the match info or null.
+ */
+function findIntercept(pathname) {
+  for (const entry of interceptLookup) {
+    const params = matchPattern(pathname, entry.targetPattern);
+    if (params !== null) {
+      return { ...entry, matchedParams: params };
+    }
+  }
+  return null;
+}
+
+async function buildPageElement(route, params, opts, searchParams) {
+  const PageComponent = route.page?.default;
+  if (!PageComponent) {
+    return createElement("div", null, "Page has no default export");
+  }
+
+  // Resolve metadata and viewport from layouts and page
+  const metadataList = [];
+  const viewportList = [];
+  for (const layoutMod of route.layouts) {
+    if (layoutMod) {
+      const meta = await resolveModuleMetadata(layoutMod, params);
+      if (meta) metadataList.push(meta);
+      const vp = await resolveModuleViewport(layoutMod, params);
+      if (vp) viewportList.push(vp);
+    }
+  }
+  if (route.page) {
+    const pageMeta = await resolveModuleMetadata(route.page, params);
+    if (pageMeta) metadataList.push(pageMeta);
+    const pageVp = await resolveModuleViewport(route.page, params);
+    if (pageVp) viewportList.push(pageVp);
+  }
+  const resolvedMetadata = metadataList.length > 0 ? mergeMetadata(metadataList) : null;
+  const resolvedViewport = mergeViewport(viewportList);
+
+  // Build nested layout tree from outermost to innermost.
+  // Next.js 16 passes params/searchParams as Promises (async pattern)
+  // but pre-16 code accesses them as plain objects (params.id).
+  // makeThenableParams() normalises null-prototype + preserves both patterns.
+  const asyncParams = makeThenableParams(params);
+  const pageProps = { params: asyncParams };
+  if (searchParams) {
+    const spObj = {};
+    let hasSearchParams = false;
+    if (searchParams.forEach) searchParams.forEach(function(v, k) {
+      hasSearchParams = true;
+      if (k in spObj) {
+        // Multi-value: promote to array (Next.js returns string[] for duplicate keys)
+        spObj[k] = Array.isArray(spObj[k]) ? spObj[k].concat(v) : [spObj[k], v];
+      } else {
+        spObj[k] = v;
+      }
+    });
+    // If the URL has query parameters, mark the page as dynamic.
+    // In Next.js, only accessing the searchParams prop signals dynamic usage,
+    // but a Proxy-based approach doesn't work here because React's RSC debug
+    // serializer accesses properties on all props (e.g. $$typeof check in
+    // isClientReference), triggering the Proxy even when user code doesn't
+    // read searchParams. Checking for non-empty query params is a safe
+    // approximation: pages with query params in the URL are almost always
+    // dynamic, and this avoids false positives from React internals.
+    if (hasSearchParams) markDynamicUsage();
+    pageProps.searchParams = makeThenableParams(spObj);
+  }
+  let element = createElement(PageComponent, pageProps);
+
+  // Wrap page with empty segment provider so useSelectedLayoutSegments()
+  // returns [] when called from inside a page component (leaf node).
+  element = createElement(LayoutSegmentProvider, { childSegments: [] }, element);
+
+  // Add metadata + viewport head tags (React 19 hoists title/meta/link to <head>)
+  // Next.js always injects charset and default viewport even when no metadata/viewport
+  // is exported. We replicate that by always emitting these essential head elements.
+  {
+    const headElements = [];
+    // Always emit <meta charset="utf-8"> — Next.js includes this on every page
+    headElements.push(createElement("meta", { charSet: "utf-8" }));
+    if (resolvedMetadata) headElements.push(createElement(MetadataHead, { metadata: resolvedMetadata }));
+    headElements.push(createElement(ViewportHead, { viewport: resolvedViewport }));
+    element = createElement(Fragment, null, ...headElements, element);
+  }
+
+  // Wrap with loading.tsx Suspense if present
+  if (route.loading?.default) {
+    element = createElement(
+      Suspense,
+      { fallback: createElement(route.loading.default) },
+      element,
+    );
+  }
+
+  // Wrap with the leaf's error.tsx ErrorBoundary if it's not already covered
+  // by a per-layout error boundary (i.e., the leaf has error.tsx but no layout).
+  // Per-layout error boundaries are interleaved with layouts below.
+  {
+    const lastLayoutError = route.errors ? route.errors[route.errors.length - 1] : null;
+    if (route.error?.default && route.error !== lastLayoutError) {
+      element = createElement(ErrorBoundary, {
+        fallback: route.error.default,
+        children: element,
+      });
+    }
+  }
+
+  // Wrap with NotFoundBoundary so client-side notFound() renders not-found.tsx
+  // instead of crashing the React tree. Must be above ErrorBoundary since
+  // ErrorBoundary re-throws notFound errors.
+  // Pre-render the not-found component as a React element since it may be a
+  // server component (not a client reference) and can't be passed as a function prop.
+  {
+    const NotFoundComponent = route.notFound?.default ?? null;
+    if (NotFoundComponent) {
+      element = createElement(NotFoundBoundary, {
+        fallback: createElement(NotFoundComponent),
+        children: element,
+      });
+    }
+  }
+
+  // Wrap with templates (innermost first, then outer)
+  // Templates are like layouts but re-mount on navigation (client-side concern).
+  // On the server, they just wrap the content like layouts do.
+  if (route.templates) {
+    for (let i = route.templates.length - 1; i >= 0; i--) {
+      const TemplateComponent = route.templates[i]?.default;
+      if (TemplateComponent) {
+        element = createElement(TemplateComponent, { children: element, params });
+      }
+    }
+  }
+
+  // Wrap with layouts (innermost first, then outer).
+  // At each layout level, first wrap with that level's error boundary (if any)
+  // so the boundary is inside the layout and catches errors from children.
+  // This matches Next.js behavior: Layout > ErrorBoundary > children.
+  // Parallel slots are passed as named props to the innermost layout
+  // (the layout at the same directory level as the page/slots)
+  for (let i = route.layouts.length - 1; i >= 0; i--) {
+    // Wrap with per-layout error boundary before wrapping with layout.
+    // This places the ErrorBoundary inside the layout, catching errors
+    // from child segments (matching Next.js per-segment error handling).
+    if (route.errors && route.errors[i]?.default) {
+      element = createElement(ErrorBoundary, {
+        fallback: route.errors[i].default,
+        children: element,
+      });
+    }
+
+    const LayoutComponent = route.layouts[i]?.default;
+    if (LayoutComponent) {
+      // Per-layout NotFoundBoundary: wraps this layout's children so that
+      // notFound() thrown from a child layout is caught here.
+      // Matches Next.js behavior where each segment has its own boundary.
+      // The boundary at level N catches errors from Layout[N+1] and below,
+      // but NOT from Layout[N] itself (which propagates to level N-1).
+      {
+        const LayoutNotFound = route.notFounds?.[i]?.default;
+        if (LayoutNotFound) {
+          element = createElement(NotFoundBoundary, {
+            fallback: createElement(LayoutNotFound),
+            children: element,
+          });
+        }
+      }
+
+      const layoutProps = { children: element, params: makeThenableParams(params) };
+
+      // Add parallel slot elements to the layout that defines them.
+      // Each slot has a layoutIndex indicating which layout it belongs to.
+      if (route.slots) {
+        for (const [slotName, slotMod] of Object.entries(route.slots)) {
+          // Attach slot to the layout at its layoutIndex, or to the innermost layout if -1
+          const targetIdx = slotMod.layoutIndex >= 0 ? slotMod.layoutIndex : route.layouts.length - 1;
+          if (i !== targetIdx) continue;
+          // Check if this slot has an intercepting route that should activate
+          let SlotPage = null;
+          let slotParams = params;
+
+          if (opts && opts.interceptSlot === slotName && opts.interceptPage) {
+            // Use the intercepting route's page component
+            SlotPage = opts.interceptPage.default;
+            slotParams = opts.interceptParams || params;
+          } else {
+            SlotPage = slotMod.page?.default || slotMod.default?.default;
+          }
+
+          if (SlotPage) {
+            let slotElement = createElement(SlotPage, { params: makeThenableParams(slotParams) });
+            // Wrap with slot-specific layout if present.
+            // In Next.js, @slot/layout.tsx wraps the slot's page content
+            // before it is passed as a prop to the parent layout.
+            const SlotLayout = slotMod.layout?.default;
+            if (SlotLayout) {
+              slotElement = createElement(SlotLayout, {
+                children: slotElement,
+                params: makeThenableParams(slotParams),
+              });
+            }
+            // Wrap with slot-specific loading if present
+            if (slotMod.loading?.default) {
+              slotElement = createElement(Suspense,
+                { fallback: createElement(slotMod.loading.default) },
+                slotElement,
+              );
+            }
+            // Wrap with slot-specific error boundary if present
+            if (slotMod.error?.default) {
+              slotElement = createElement(ErrorBoundary, {
+                fallback: slotMod.error.default,
+                children: slotElement,
+              });
+            }
+            layoutProps[slotName] = slotElement;
+          }
+        }
+      }
+
+      element = createElement(LayoutComponent, layoutProps);
+
+      // Wrap the layout with LayoutSegmentProvider so useSelectedLayoutSegments()
+      // called INSIDE this layout gets the correct child segments. We resolve the
+      // route tree segments using actual param values and pass them through context.
+      // We wrap the layout (not just children) because hooks are called from
+      // components rendered inside the layout's own JSX.
+      const treePos = route.layoutTreePositions ? route.layoutTreePositions[i] : 0;
+      const childSegs = __resolveChildSegments(route.routeSegments || [], treePos, params);
+      element = createElement(LayoutSegmentProvider, { childSegments: childSegs }, element);
+    }
+  }
+
+  // Wrap with global error boundary if app/global-error.tsx exists.
+  // This catches errors in the root layout itself.
+  
+
+  return element;
+}
+
+
+
+const __basePath = "";
+const __trailingSlash = false;
+const __configRedirects = [];
+const __configRewrites = {"beforeFiles":[],"afterFiles":[],"fallback":[]};
+const __configHeaders = [];
+const __allowedOrigins = [];
+
+
+// ── Dev server origin verification ──────────────────────────────────────
+// Block cross-origin requests to prevent data exfiltration during development.
+const __allowedDevOrigins = [];
+const __safeDevHosts = ["localhost", "127.0.0.1", "[::1]"];
+
+function __validateDevRequestOrigin(request) {
+  // Check Sec-Fetch headers (catches <script> tag exfiltration)
+  if (request.headers.get("sec-fetch-mode") === "no-cors" &&
+      request.headers.get("sec-fetch-site") === "cross-site") {
+    console.warn("[vinext] Blocked cross-site no-cors request to " + new URL(request.url).pathname);
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  const origin = request.headers.get("origin");
+  if (!origin || origin === "null") return null;
+
+  let originHostname;
+  try {
+    originHostname = new URL(origin).hostname.toLowerCase();
+  } catch {
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  // Allow localhost, 127.0.0.1, [::1], and *.localhost
+  if (__safeDevHosts.includes(originHostname) || originHostname.endsWith(".localhost")) return null;
+
+  // Same-origin: compare against Host header
+  const hostHeader = (request.headers.get("x-forwarded-host") || request.headers.get("host") || "").split(",")[0].trim().split(":")[0].toLowerCase();
+  if (hostHeader && originHostname === hostHeader) return null;
+
+  // Check user-configured allowed origins
+  for (const pattern of __allowedDevOrigins) {
+    if (pattern.startsWith("*.")) {
+      const suffix = pattern.slice(1);
+      if (originHostname === pattern.slice(2) || originHostname.endsWith(suffix)) return null;
+    } else if (originHostname === pattern) {
+      return null;
+    }
+  }
+
+  console.warn(
+    \`[vinext] Blocked cross-origin request from "\${origin}" to \${new URL(request.url).pathname}. \` +
+    \`To allow this origin, add it to allowedDevOrigins in next.config.js.\`
+  );
+  return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+}
+
+
+// ── CSRF origin validation for server actions ───────────────────────────
+// Matches Next.js behavior: compare the Origin header against the Host header.
+// If they don't match, the request is rejected with 403 unless the origin is
+// in the allowedOrigins list (from experimental.serverActions.allowedOrigins).
+function __isOriginAllowed(origin, allowed) {
+  for (const pattern of allowed) {
+    if (pattern.startsWith("*.")) {
+      // Wildcard: *.example.com matches sub.example.com, a.b.example.com
+      const suffix = pattern.slice(1); // ".example.com"
+      if (origin === pattern.slice(2) || origin.endsWith(suffix)) return true;
+    } else if (origin === pattern) {
+      return true;
+    }
+  }
+  return false;
+}
+
+function __validateCsrfOrigin(request) {
+  const originHeader = request.headers.get("origin");
+  // If there's no Origin header, allow the request — same-origin requests
+  // from non-fetch navigations (e.g. SSR) may lack an Origin header.
+  // The x-rsc-action custom header already provides protection against simple
+  // form-based CSRF since custom headers can't be set by cross-origin forms.
+  if (!originHeader || originHeader === "null") return null;
+
+  let originHost;
+  try {
+    originHost = new URL(originHeader).host.toLowerCase();
+  } catch {
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  // Only use the Host header for origin comparison — never trust
+  // X-Forwarded-Host here, since it can be freely set by the client
+  // and would allow the check to be bypassed if it matched a spoofed
+  // Origin. The prod server's resolveHost() handles trusted proxy
+  // scenarios separately.
+  const hostHeader = (
+    request.headers.get("host") ||
+    ""
+  ).split(",")[0].trim().toLowerCase();
+
+  if (!hostHeader) return null;
+
+  // Same origin — allow
+  if (originHost === hostHeader) return null;
+
+  // Check allowedOrigins from next.config.js
+  if (__allowedOrigins.length > 0 && __isOriginAllowed(originHost, __allowedOrigins)) return null;
+
+  console.warn(
+    \`[vinext] CSRF origin mismatch: origin "\${originHost}" does not match host "\${hostHeader}". Blocking server action request.\`
+  );
+  return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+}
+
+// ── ReDoS-safe regex compilation ────────────────────────────────────────
+
+function __isSafeRegex(pattern) {
+  const quantifierAtDepth = [];
+  let depth = 0;
+  let i = 0;
+  while (i < pattern.length) {
+    const ch = pattern[i];
+    if (ch === "\\\\") { i += 2; continue; }
+    if (ch === "[") {
+      i++;
+      while (i < pattern.length && pattern[i] !== "]") {
+        if (pattern[i] === "\\\\") i++;
+        i++;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "(") {
+      depth++;
+      if (quantifierAtDepth.length <= depth) quantifierAtDepth.push(false);
+      else quantifierAtDepth[depth] = false;
+      i++;
+      continue;
+    }
+    if (ch === ")") {
+      const hadQ = depth > 0 && quantifierAtDepth[depth];
+      if (depth > 0) depth--;
+      const next = pattern[i + 1];
+      if (next === "+" || next === "*" || next === "{") {
+        if (hadQ) return false;
+        if (depth >= 0 && depth < quantifierAtDepth.length) quantifierAtDepth[depth] = true;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "+" || ch === "*") {
+      if (depth > 0) quantifierAtDepth[depth] = true;
+      i++;
+      continue;
+    }
+    if (ch === "?") {
+      const prev = i > 0 ? pattern[i - 1] : "";
+      if (prev !== "+" && prev !== "*" && prev !== "?" && prev !== "}") {
+        if (depth > 0) quantifierAtDepth[depth] = true;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "{") {
+      let j = i + 1;
+      while (j < pattern.length && /[\\d,]/.test(pattern[j])) j++;
+      if (j < pattern.length && pattern[j] === "}" && j > i + 1) {
+        if (depth > 0) quantifierAtDepth[depth] = true;
+        i = j + 1;
+        continue;
+      }
+    }
+    i++;
+  }
+  return true;
+}
+function __safeRegExp(pattern, flags) {
+  if (!__isSafeRegex(pattern)) {
+    console.warn("[vinext] Ignoring potentially unsafe regex pattern (ReDoS risk): " + pattern);
+    return null;
+  }
+  try { return new RegExp(pattern, flags); } catch { return null; }
+}
+
+// ── Path normalization ──────────────────────────────────────────────────
+
+function __normalizePath(pathname) {
+  if (
+    pathname === "/" ||
+    (pathname.length > 1 &&
+      pathname[0] === "/" &&
+      !pathname.includes("//") &&
+      !pathname.includes("/./") &&
+      !pathname.includes("/../") &&
+      !pathname.endsWith("/.") &&
+      !pathname.endsWith("/.."))
+  ) {
+    return pathname;
+  }
+  const segments = pathname.split("/");
+  const resolved = [];
+  for (let i = 0; i < segments.length; i++) {
+    const seg = segments[i];
+    if (seg === "" || seg === ".") continue;
+    if (seg === "..") { resolved.pop(); }
+    else { resolved.push(seg); }
+  }
+  return "/" + resolved.join("/");
+}
+
+// ── Config pattern matching (redirects, rewrites, headers) ──────────────
+function __matchConfigPattern(pathname, pattern) {
+  if (pattern.includes("(") || pattern.includes("\\\\") || /:[\\w-]+[*+][^/]/.test(pattern) || /:[\\w-]+\\./.test(pattern)) {
+    try {
+      const paramNames = [];
+      const regexStr = pattern
+        .replace(/\\./g, "\\\\.")
+        .replace(/:([\\w-]+)\\*(?:\\(([^)]+)\\))?/g, (_, name, c) => { paramNames.push(name); return c ? "(" + c + ")" : "(.*)"; })
+        .replace(/:([\\w-]+)\\+(?:\\(([^)]+)\\))?/g, (_, name, c) => { paramNames.push(name); return c ? "(" + c + ")" : "(.+)"; })
+        .replace(/:([\\w-]+)\\(([^)]+)\\)/g, (_, name, c) => { paramNames.push(name); return "(" + c + ")"; })
+        .replace(/:([\\w-]+)/g, (_, name) => { paramNames.push(name); return "([^/]+)"; });
+      const re = __safeRegExp("^" + regexStr + "$");
+      if (!re) return null;
+      const match = re.exec(pathname);
+      if (!match) return null;
+      const params = Object.create(null);
+      for (let i = 0; i < paramNames.length; i++) params[paramNames[i]] = match[i + 1] || "";
+      return params;
+    } catch { /* fall through */ }
+  }
+  const catchAllMatch = pattern.match(/:([\\w-]+)(\\*|\\+)$/);
+  if (catchAllMatch) {
+    const prefix = pattern.slice(0, pattern.lastIndexOf(":"));
+    const paramName = catchAllMatch[1];
+    const isPlus = catchAllMatch[2] === "+";
+    if (!pathname.startsWith(prefix.replace(/\\/$/, ""))) return null;
+    const rest = pathname.slice(prefix.replace(/\\/$/, "").length);
+    if (isPlus && (!rest || rest === "/")) return null;
+    let restValue = rest.startsWith("/") ? rest.slice(1) : rest;
+     // NOTE: Do NOT decodeURIComponent here. The pathname is already decoded at
+     // the request entry point. Decoding again would produce incorrect param values.
+    return { [paramName]: restValue };
+  }
+  const parts = pattern.split("/");
+  const pathParts = pathname.split("/");
+  if (parts.length !== pathParts.length) return null;
+  const params = Object.create(null);
+  for (let i = 0; i < parts.length; i++) {
+    if (parts[i].startsWith(":")) params[parts[i].slice(1)] = pathParts[i];
+    else if (parts[i] !== pathParts[i]) return null;
+  }
+  return params;
+}
+
+function __parseCookies(cookieHeader) {
+  if (!cookieHeader) return {};
+  const cookies = {};
+  for (const part of cookieHeader.split(";")) {
+    const eq = part.indexOf("=");
+    if (eq === -1) continue;
+    const key = part.slice(0, eq).trim();
+    const value = part.slice(eq + 1).trim();
+    if (key) cookies[key] = value;
+  }
+  return cookies;
+}
+
+function __checkSingleCondition(condition, ctx) {
+  switch (condition.type) {
+    case "header": {
+      const v = ctx.headers.get(condition.key);
+      if (v === null) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "cookie": {
+      const v = ctx.cookies[condition.key];
+      if (v === undefined) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "query": {
+      const v = ctx.query.get(condition.key);
+      if (v === null) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "host": {
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(ctx.host) : ctx.host === condition.value; }
+      return ctx.host === condition.key;
+    }
+    default: return false;
+  }
+}
+
+function __checkHasConditions(has, missing, ctx) {
+  if (has) { for (const c of has) { if (!__checkSingleCondition(c, ctx)) return false; } }
+  if (missing) { for (const c of missing) { if (__checkSingleCondition(c, ctx)) return false; } }
+  return true;
+}
+
+function __buildRequestContext(request) {
+  const url = new URL(request.url);
+  return {
+    headers: request.headers,
+    cookies: __parseCookies(request.headers.get("cookie")),
+    query: url.searchParams,
+    host: request.headers.get("host") || url.host,
+  };
+}
+
+/**
+ * Build a request context from the live ALS HeadersContext, which reflects
+ * any x-middleware-request-* header mutations applied by middleware.
+ * Used for afterFiles and fallback rewrite has/missing evaluation — these
+ * run after middleware in the App Router execution order.
+ */
+function __buildPostMwRequestContext(request) {
+  const url = new URL(request.url);
+  const ctx = getHeadersContext();
+  if (!ctx) return __buildRequestContext(request);
+  // ctx.cookies is a Map<string, string> (HeadersContext), but RequestContext
+  // requires a plain Record<string, string> for has/missing cookie evaluation
+  // (config-matchers.ts uses obj[key] not Map.get()). Convert here.
+  const cookiesRecord = Object.fromEntries(ctx.cookies);
+  return {
+    headers: ctx.headers,
+    cookies: cookiesRecord,
+    query: url.searchParams,
+    host: ctx.headers.get("host") || url.host,
+  };
+}
+
+function __sanitizeDestination(dest) {
+  if (dest.startsWith("http://") || dest.startsWith("https://")) return dest;
+  dest = dest.replace(/^[\\\\/]+/, "/");
+  return dest;
+}
+
+function __applyConfigRedirects(pathname, ctx) {
+  for (const rule of __configRedirects) {
+    const params = __matchConfigPattern(pathname, rule.source);
+    if (params) {
+      if (ctx && (rule.has || rule.missing)) { if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue; }
+      let dest = rule.destination;
+      for (const [key, value] of Object.entries(params)) { dest = dest.replace(":" + key + "*", value); dest = dest.replace(":" + key + "+", value); dest = dest.replace(":" + key, value); }
+      dest = __sanitizeDestination(dest);
+      return { destination: dest, permanent: rule.permanent };
+    }
+  }
+  return null;
+}
+
+function __applyConfigRewrites(pathname, rules, ctx) {
+  for (const rule of rules) {
+    const params = __matchConfigPattern(pathname, rule.source);
+    if (params) {
+      if (ctx && (rule.has || rule.missing)) { if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue; }
+      let dest = rule.destination;
+      for (const [key, value] of Object.entries(params)) { dest = dest.replace(":" + key + "*", value); dest = dest.replace(":" + key + "+", value); dest = dest.replace(":" + key, value); }
+      dest = __sanitizeDestination(dest);
+      return dest;
+    }
+  }
+  return null;
+}
+
+function __isExternalUrl(url) {
+  return /^[a-z][a-z0-9+.-]*:/i.test(url) || url.startsWith("//");
+}
+
+/**
+ * Maximum server-action request body size (1 MB).
+ * Matches the Next.js default for serverActions.bodySizeLimit.
+ * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/serverActions#bodysizelimit
+ * Prevents unbounded request body buffering.
+ */
+var __MAX_ACTION_BODY_SIZE = 1 * 1024 * 1024;
+
+/**
+ * Read a request body as text with a size limit.
+ * Enforces the limit on the actual byte stream to prevent bypasses
+ * via chunked transfer-encoding where Content-Length is absent or spoofed.
+ */
+async function __readBodyWithLimit(request, maxBytes) {
+  if (!request.body) return "";
+  var reader = request.body.getReader();
+  var decoder = new TextDecoder();
+  var chunks = [];
+  var totalSize = 0;
+  for (;;) {
+    var result = await reader.read();
+    if (result.done) break;
+    totalSize += result.value.byteLength;
+    if (totalSize > maxBytes) {
+      reader.cancel();
+      throw new Error("Request body too large");
+    }
+    chunks.push(decoder.decode(result.value, { stream: true }));
+  }
+  chunks.push(decoder.decode());
+  return chunks.join("");
+}
+
+/**
+ * Read a request body as FormData with a size limit.
+ * Consumes the body stream with a byte counter and then parses the
+ * collected bytes as multipart form data via the Response constructor.
+ */
+async function __readFormDataWithLimit(request, maxBytes) {
+  if (!request.body) return new FormData();
+  var reader = request.body.getReader();
+  var chunks = [];
+  var totalSize = 0;
+  for (;;) {
+    var result = await reader.read();
+    if (result.done) break;
+    totalSize += result.value.byteLength;
+    if (totalSize > maxBytes) {
+      reader.cancel();
+      throw new Error("Request body too large");
+    }
+    chunks.push(result.value);
+  }
+  // Reconstruct a Response with the original Content-Type so that
+  // the FormData parser can handle multipart boundaries correctly.
+  var combined = new Uint8Array(totalSize);
+  var offset = 0;
+  for (var chunk of chunks) {
+    combined.set(chunk, offset);
+    offset += chunk.byteLength;
+  }
+  var contentType = request.headers.get("content-type") || "";
+  return new Response(combined, { headers: { "Content-Type": contentType } }).formData();
+}
+
+const __hopByHopHeaders = new Set(["connection","keep-alive","proxy-authenticate","proxy-authorization","te","trailers","transfer-encoding","upgrade"]);
+
+async function __proxyExternalRequest(request, externalUrl) {
+  const originalUrl = new URL(request.url);
+  const targetUrl = new URL(externalUrl);
+  for (const [key, value] of originalUrl.searchParams) {
+    if (!targetUrl.searchParams.has(key)) targetUrl.searchParams.set(key, value);
+  }
+  const headers = new Headers(request.headers);
+  headers.set("host", targetUrl.host);
+  headers.delete("connection");
+  for (const key of [...headers.keys()]) {
+    if (key.startsWith("x-middleware-")) headers.delete(key);
+  }
+  const method = request.method;
+  const hasBody = method !== "GET" && method !== "HEAD";
+  const init = { method, headers, redirect: "manual", signal: AbortSignal.timeout(30000) };
+  if (hasBody && request.body) { init.body = request.body; init.duplex = "half"; }
+  let upstream;
+  try { upstream = await fetch(targetUrl.href, init); }
+  catch (e) {
+    if (e && e.name === "TimeoutError") return new Response("Gateway Timeout", { status: 504 });
+    console.error("[vinext] External rewrite proxy error:", e); return new Response("Bad Gateway", { status: 502 });
+  }
+  const respHeaders = new Headers();
+  // Node.js fetch() auto-decompresses response bodies, while Workers fetch()
+  // preserves wire encoding. Only strip encoding/length on Node.js to avoid
+  // double-decompression errors without breaking Workers parity.
+  const __isNodeRuntime = typeof process !== "undefined" && !!(process.versions && process.versions.node);
+  upstream.headers.forEach(function(value, key) {
+    var lower = key.toLowerCase();
+    if (__hopByHopHeaders.has(lower)) return;
+    if (__isNodeRuntime && (lower === "content-encoding" || lower === "content-length")) return;
+    respHeaders.append(key, value);
+  });
+  return new Response(upstream.body, { status: upstream.status, statusText: upstream.statusText, headers: respHeaders });
+}
+
+function __applyConfigHeaders(pathname, ctx) {
+  const result = [];
+  for (const rule of __configHeaders) {
+    const groups = [];
+    const withPlaceholders = rule.source.replace(/\\(([^)]+)\\)/g, (_, inner) => {
+      groups.push(inner);
+      return "___GROUP_" + (groups.length - 1) + "___";
+    });
+    const escaped = withPlaceholders
+      .replace(/\\./g, "\\\\.")
+      .replace(/\\+/g, "\\\\+")
+      .replace(/\\?/g, "\\\\?")
+      .replace(/\\*/g, ".*")
+      .replace(/:[\\w-]+/g, "[^/]+")
+      .replace(/___GROUP_(\\d+)___/g, (_, idx) => "(" + groups[Number(idx)] + ")");
+    const sourceRegex = __safeRegExp("^" + escaped + "$");
+    if (sourceRegex && sourceRegex.test(pathname)) {
+      if (ctx && (rule.has || rule.missing)) {
+        if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue;
+      }
+      result.push(...rule.headers);
+    }
+  }
+  return result;
+}
+
+export default async function handler(request) {
+  // Wrap the entire request in nested AsyncLocalStorage.run() scopes to ensure
+  // per-request isolation for all state modules. Each runWith*() creates an
+  // ALS scope that propagates through all async continuations (including RSC
+  // streaming), preventing state leakage between concurrent requests on
+  // Cloudflare Workers and other concurrent runtimes.
+  const headersCtx = headersContextFromRequest(request);
+  return runWithHeadersContext(headersCtx, () =>
+    _runWithNavigationContext(() =>
+      _runWithCacheState(() =>
+        _runWithPrivateCache(() =>
+          runWithFetchCache(async () => {
+            const __reqCtx = __buildRequestContext(request);
+            // Per-request container for middleware state. Passed into
+            // _handleRequest which fills in .headers and .status;
+            // avoids module-level variables that race on Workers.
+            const _mwCtx = { headers: null, status: null };
+            const response = await _handleRequest(request, __reqCtx, _mwCtx);
+            // Apply custom headers from next.config.js to non-redirect responses.
+            // Skip redirects (3xx) because Response.redirect() creates immutable headers,
+            // and Next.js doesn't apply custom headers to redirects anyway.
+            if (response && response.headers && !(response.status >= 300 && response.status < 400)) {
+              if (__configHeaders.length) {
+                const url = new URL(request.url);
+                let pathname;
+                try { pathname = __normalizePath(decodeURIComponent(url.pathname)); } catch { pathname = url.pathname; }
+                
+                const extraHeaders = __applyConfigHeaders(pathname, __reqCtx);
+                for (const h of extraHeaders) {
+                  // Use append() for headers where multiple values must coexist
+                  // (Vary, Set-Cookie). Using set() on these would destroy
+                  // existing values like "Vary: RSC, Accept" which are critical
+                  // for correct CDN caching behavior.
+                  const lk = h.key.toLowerCase();
+                  if (lk === "vary" || lk === "set-cookie") {
+                    response.headers.append(h.key, h.value);
+                  } else if (!response.headers.has(lk)) {
+                    // Middleware headers take precedence: skip config keys already
+                    // set by middleware so middleware headers always win.
+                    response.headers.set(h.key, h.value);
+                  }
+                }
+              }
+            }
+            return response;
+          })
+        )
+      )
+    )
+  );
+}
+
+async function _handleRequest(request, __reqCtx, _mwCtx) {
+  const __reqStart = process.env.NODE_ENV !== "production" ? performance.now() : 0;
+  let __compileEnd;
+  let __renderEnd;
+  // __reqStart is included in the timing header so the Node logging middleware
+  // can compute true compile time as: handlerStart - middlewareStart.
+  // Format: "handlerStart,compileMs,renderMs" - all as integers (ms). Dev-only.
+  const url = new URL(request.url);
+
+  // ── Cross-origin request protection ─────────────────────────────────
+  // Block requests from non-localhost origins to prevent data exfiltration.
+  const __originBlock = __validateDevRequestOrigin(request);
+  if (__originBlock) return __originBlock;
+
+  // Guard against protocol-relative URL open redirects.
+  // Paths like //example.com/ would be redirected to //example.com by the
+  // trailing-slash normalizer, which browsers interpret as http://example.com.
+  // Backslashes are equivalent to forward slashes in the URL spec
+  // (e.g. /\\evil.com is treated as //evil.com by browsers and the URL constructor).
+  // Next.js returns 404 for these paths. Check the RAW pathname before
+  // normalization so the guard fires before normalizePath collapses //.
+  if (url.pathname.replaceAll("\\\\", "/").startsWith("//")) {
+    return new Response("404 Not Found", { status: 404 });
+  }
+
+  // Decode percent-encoding and normalize pathname to canonical form.
+  // decodeURIComponent prevents /%61dmin from bypassing /admin matchers.
+  // __normalizePath collapses //foo///bar → /foo/bar, resolves . and .. segments.
+  let decodedUrlPathname;
+  try { decodedUrlPathname = decodeURIComponent(url.pathname); } catch (e) {
+    return new Response("Bad Request", { status: 400 });
+  }
+  let pathname = __normalizePath(decodedUrlPathname);
+
+  
+
+  // Trailing slash normalization (redirect to canonical form)
+  if (pathname !== "/" && !pathname.startsWith("/api")) {
+    const hasTrailing = pathname.endsWith("/");
+    if (__trailingSlash && !hasTrailing && !pathname.endsWith(".rsc")) {
+      return Response.redirect(new URL(__basePath + pathname + "/" + url.search, request.url), 308);
+    } else if (!__trailingSlash && hasTrailing) {
+      return Response.redirect(new URL(__basePath + pathname.replace(/\\/+$/, "") + url.search, request.url), 308);
+    }
+  }
+
+  // ── Apply redirects from next.config.js ───────────────────────────────
+  if (__configRedirects.length) {
+    // Strip .rsc suffix before matching redirect rules - RSC (client-side nav) requests
+    // arrive as /some/path.rsc but redirect patterns are defined without it (e.g.
+    // /some/path). Without this, soft-nav fetches bypass all config redirects.
+    const __redirPathname = pathname.endsWith(".rsc") ? pathname.slice(0, -4) : pathname;
+    const __redir = __applyConfigRedirects(__redirPathname, __reqCtx);
+    if (__redir) {
+      const __redirDest = __sanitizeDestination(
+        __basePath && !__redir.destination.startsWith(__basePath)
+          ? __basePath + __redir.destination
+          : __redir.destination
+      );
+      return new Response(null, {
+        status: __redir.permanent ? 308 : 307,
+        headers: { Location: __redirDest },
+      });
+    }
+  }
+
+  const isRscRequest = pathname.endsWith(".rsc") || request.headers.get("accept")?.includes("text/x-component");
+  let cleanPathname = pathname.replace(/\\.rsc$/, "");
+
+  // Middleware response headers and custom rewrite status are stored in
+  // _mwCtx (per-request container) so handler() can merge them into
+  // every response path without module-level state that races on Workers.
+
+  
+
+  // Build post-middleware request context for afterFiles/fallback rewrites.
+  // These run after middleware in the App Router execution order and should
+  // evaluate has/missing conditions against middleware-modified headers.
+  // When no middleware is present, this falls back to __buildRequestContext.
+  const __postMwReqCtx = __buildPostMwRequestContext(request);
+
+  // ── Apply beforeFiles rewrites from next.config.js ────────────────────
+  // In App Router execution order, beforeFiles runs after middleware so that
+  // has/missing conditions can evaluate against middleware-modified headers.
+  if (__configRewrites.beforeFiles && __configRewrites.beforeFiles.length) {
+    const __rewritten = __applyConfigRewrites(cleanPathname, __configRewrites.beforeFiles, __postMwReqCtx);
+    if (__rewritten) {
+      if (__isExternalUrl(__rewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __rewritten);
+      }
+      cleanPathname = __rewritten;
+    }
+  }
+
+  // ── Image optimization passthrough (dev mode — no transformation) ───────
+  if (cleanPathname === "/_vinext/image") {
+    const __rawImgUrl = url.searchParams.get("url");
+    // Normalize backslashes: browsers and the URL constructor treat
+    // /\\evil.com as protocol-relative (//evil.com), bypassing the // check.
+    const __imgUrl = __rawImgUrl?.replaceAll("\\\\", "/") ?? null;
+    // Allowlist: must start with "/" but not "//" — blocks absolute URLs,
+    // protocol-relative, backslash variants, and exotic schemes.
+    if (!__imgUrl || !__imgUrl.startsWith("/") || __imgUrl.startsWith("//")) {
+      return new Response(!__rawImgUrl ? "Missing url parameter" : "Only relative URLs allowed", { status: 400 });
+    }
+    // Validate the constructed URL's origin hasn't changed (defense in depth).
+    const __resolvedImg = new URL(__imgUrl, request.url);
+    if (__resolvedImg.origin !== url.origin) {
+      return new Response("Only relative URLs allowed", { status: 400 });
+    }
+    // In dev, redirect to the original asset URL so Vite's static serving handles it.
+    return Response.redirect(__resolvedImg.href, 302);
+  }
+
+  // Handle metadata routes (sitemap.xml, robots.txt, manifest.webmanifest, etc.)
+  for (const metaRoute of metadataRoutes) {
+    if (cleanPathname === metaRoute.servedUrl) {
+      if (metaRoute.isDynamic) {
+        // Dynamic metadata route — call the default export and serialize
+        const metaFn = metaRoute.module.default;
+        if (typeof metaFn === "function") {
+          const result = await metaFn();
+          let body;
+          // If it's already a Response (e.g., ImageResponse), return directly
+          if (result instanceof Response) return result;
+          // Serialize based on type
+          if (metaRoute.type === "sitemap") body = sitemapToXml(result);
+          else if (metaRoute.type === "robots") body = robotsToText(result);
+          else if (metaRoute.type === "manifest") body = manifestToJson(result);
+          else body = JSON.stringify(result);
+          return new Response(body, {
+            headers: { "Content-Type": metaRoute.contentType },
+          });
+        }
+      } else {
+        // Static metadata file — decode from embedded base64 data
+        try {
+          const binary = atob(metaRoute.fileDataBase64);
+          const bytes = new Uint8Array(binary.length);
+          for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+          return new Response(bytes, {
+            headers: {
+              "Content-Type": metaRoute.contentType,
+              "Cache-Control": "public, max-age=0, must-revalidate",
+            },
+          });
+        } catch {
+          return new Response("Not Found", { status: 404 });
+        }
+      }
+    }
+  }
+
+  // Set navigation context for Server Components.
+  // Note: Headers context is already set by runWithHeadersContext in the handler wrapper.
+  setNavigationContext({
+    pathname: cleanPathname,
+    searchParams: url.searchParams,
+    params: {},
+  });
+
+  // Handle server action POST requests
+  const actionId = request.headers.get("x-rsc-action");
+  if (request.method === "POST" && actionId) {
+    // ── CSRF protection ─────────────────────────────────────────────────
+    // Verify that the Origin header matches the Host header to prevent
+    // cross-site request forgery, matching Next.js server action behavior.
+    const csrfResponse = __validateCsrfOrigin(request);
+    if (csrfResponse) return csrfResponse;
+
+    // ── Body size limit ─────────────────────────────────────────────────
+    // Reject payloads larger than the configured limit.
+    // Check Content-Length as a fast path, then enforce on the actual
+    // stream to prevent bypasses via chunked transfer-encoding.
+    const contentLength = parseInt(request.headers.get("content-length") || "0", 10);
+    if (contentLength > __MAX_ACTION_BODY_SIZE) {
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response("Payload Too Large", { status: 413 });
+    }
+
+    try {
+      const contentType = request.headers.get("content-type") || "";
+      let body;
+      try {
+        body = contentType.startsWith("multipart/form-data")
+          ? await __readFormDataWithLimit(request, __MAX_ACTION_BODY_SIZE)
+          : await __readBodyWithLimit(request, __MAX_ACTION_BODY_SIZE);
+      } catch (sizeErr) {
+        if (sizeErr && sizeErr.message === "Request body too large") {
+          setHeadersContext(null);
+          setNavigationContext(null);
+          return new Response("Payload Too Large", { status: 413 });
+        }
+        throw sizeErr;
+      }
+      const temporaryReferences = createTemporaryReferenceSet();
+      const args = await decodeReply(body, { temporaryReferences });
+      const action = await loadServerAction(actionId);
+      let returnValue;
+      let actionRedirect = null;
+      try {
+        const data = await action.apply(null, args);
+        returnValue = { ok: true, data };
+      } catch (e) {
+        // Detect redirect() / permanentRedirect() called inside the action.
+        // These throw errors with digest "NEXT_REDIRECT;replace;url[;status]".
+        // The URL is encodeURIComponent-encoded to prevent semicolons in the URL
+        // from corrupting the delimiter-based digest format.
+        if (e && typeof e === "object" && "digest" in e) {
+          const digest = String(e.digest);
+          if (digest.startsWith("NEXT_REDIRECT;")) {
+            const parts = digest.split(";");
+            actionRedirect = {
+              url: decodeURIComponent(parts[2]),
+              type: parts[1] || "replace",       // "push" or "replace"
+              status: parts[3] ? parseInt(parts[3], 10) : 307,
+            };
+            returnValue = { ok: true, data: undefined };
+          } else if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+            // notFound() / forbidden() / unauthorized() in action — package as error
+            returnValue = { ok: false, data: e };
+          } else {
+            // Non-navigation digest error — sanitize in production to avoid
+            // leaking internal details (connection strings, paths, etc.)
+            console.error("[vinext] Server action error:", e);
+            returnValue = { ok: false, data: __sanitizeErrorForClient(e) };
+          }
+        } else {
+          // Unhandled error — sanitize in production to avoid leaking
+          // internal details (database errors, file paths, stack traces, etc.)
+          console.error("[vinext] Server action error:", e);
+          returnValue = { ok: false, data: __sanitizeErrorForClient(e) };
+        }
+      }
+
+      // If the action called redirect(), signal the client to navigate.
+      // We can't use a real HTTP redirect (the fetch would follow it automatically
+      // and receive a page HTML instead of RSC stream). Instead, we return a 200
+      // with x-action-redirect header that the client entry detects and handles.
+      if (actionRedirect) {
+        const actionPendingCookies = getAndClearPendingCookies();
+        const actionDraftCookie = getDraftModeCookieHeader();
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const redirectHeaders = new Headers({
+          "Content-Type": "text/x-component; charset=utf-8",
+          "Vary": "RSC, Accept",
+          "x-action-redirect": actionRedirect.url,
+          "x-action-redirect-type": actionRedirect.type,
+          "x-action-redirect-status": String(actionRedirect.status),
+        });
+        for (const cookie of actionPendingCookies) {
+          redirectHeaders.append("Set-Cookie", cookie);
+        }
+        if (actionDraftCookie) redirectHeaders.append("Set-Cookie", actionDraftCookie);
+        // Send an empty RSC-like body (client will navigate instead of parsing)
+        return new Response("", { status: 200, headers: redirectHeaders });
+      }
+
+      // After the action, re-render the current page so the client
+      // gets an updated React tree reflecting any mutations.
+      const match = matchRoute(cleanPathname, routes);
+      let element;
+      if (match) {
+        const { route: actionRoute, params: actionParams } = match;
+        setNavigationContext({
+          pathname: cleanPathname,
+          searchParams: url.searchParams,
+          params: actionParams,
+        });
+        element = buildPageElement(actionRoute, actionParams, undefined, url.searchParams);
+      } else {
+        element = createElement("div", null, "Page not found");
+      }
+
+      const onRenderError = createRscOnErrorHandler(
+        request,
+        cleanPathname,
+        match ? match.route.pattern : cleanPathname,
+      );
+      const rscStream = renderToReadableStream(
+        { root: element, returnValue },
+        { temporaryReferences, onError: onRenderError },
+      );
+
+      // Collect cookies set during the action
+      const actionPendingCookies = getAndClearPendingCookies();
+      const actionDraftCookie = getDraftModeCookieHeader();
+      setHeadersContext(null);
+      setNavigationContext(null);
+
+      const actionHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
+      const actionResponse = new Response(rscStream, { headers: actionHeaders });
+      if (actionPendingCookies.length > 0 || actionDraftCookie) {
+        for (const cookie of actionPendingCookies) {
+          actionResponse.headers.append("Set-Cookie", cookie);
+        }
+        if (actionDraftCookie) actionResponse.headers.append("Set-Cookie", actionDraftCookie);
+      }
+      return actionResponse;
+    } catch (err) {
+      getAndClearPendingCookies(); // Clear pending cookies on error
+      console.error("[vinext] Server action error:", err);
+      _reportRequestError(
+        err instanceof Error ? err : new Error(String(err)),
+        { path: cleanPathname, method: request.method, headers: Object.fromEntries(request.headers.entries()) },
+        { routerKind: "App Router", routePath: cleanPathname, routeType: "action" },
+      ).catch((reportErr) => {
+        console.error("[vinext] Failed to report server action error:", reportErr);
+      });
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response(
+        process.env.NODE_ENV === "production"
+          ? "Internal Server Error"
+          : "Server action failed: " + (err && err.message ? err.message : String(err)),
+        { status: 500 },
+      );
+    }
+  }
+
+  // ── Apply afterFiles rewrites from next.config.js ──────────────────────
+  if (__configRewrites.afterFiles && __configRewrites.afterFiles.length) {
+    const __afterRewritten = __applyConfigRewrites(cleanPathname, __configRewrites.afterFiles, __postMwReqCtx);
+    if (__afterRewritten) {
+      if (__isExternalUrl(__afterRewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __afterRewritten);
+      }
+      cleanPathname = __afterRewritten;
+    }
+  }
+
+  let match = matchRoute(cleanPathname, routes);
+
+  // ── Fallback rewrites from next.config.js (if no route matched) ───────
+  if (!match && __configRewrites.fallback && __configRewrites.fallback.length) {
+    const __fallbackRewritten = __applyConfigRewrites(cleanPathname, __configRewrites.fallback, __postMwReqCtx);
+    if (__fallbackRewritten) {
+      if (__isExternalUrl(__fallbackRewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __fallbackRewritten);
+      }
+      cleanPathname = __fallbackRewritten;
+      match = matchRoute(cleanPathname, routes);
+    }
+  }
+
+  if (!match) {
+    // Render custom not-found page if available, otherwise plain 404
+    const notFoundResponse = await renderNotFoundPage(null, isRscRequest, request);
+    if (notFoundResponse) return notFoundResponse;
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response("Not Found", { status: 404 });
+  }
+
+  const { route, params } = match;
+
+  // Update navigation context with matched params
+  setNavigationContext({
+    pathname: cleanPathname,
+    searchParams: url.searchParams,
+    params,
+  });
+
+  // Handle route.ts API handlers
+  if (route.routeHandler) {
+    const handler = route.routeHandler;
+    const method = request.method.toUpperCase();
+    const revalidateSeconds = typeof handler.revalidate === "number" && handler.revalidate > 0 ? handler.revalidate : null;
+
+    // Collect exported HTTP methods for OPTIONS auto-response and Allow header
+    const HTTP_METHODS = ["GET", "HEAD", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"];
+    const exportedMethods = HTTP_METHODS.filter((m) => typeof handler[m] === "function");
+    // If GET is exported, HEAD is implicitly supported
+    if (exportedMethods.includes("GET") && !exportedMethods.includes("HEAD")) {
+      exportedMethods.push("HEAD");
+    }
+    const hasDefault = typeof handler["default"] === "function";
+
+    // OPTIONS auto-implementation: respond with Allow header and 204
+    if (method === "OPTIONS" && typeof handler["OPTIONS"] !== "function") {
+      const allowMethods = hasDefault ? HTTP_METHODS : exportedMethods;
+      if (!allowMethods.includes("OPTIONS")) allowMethods.push("OPTIONS");
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response(null, {
+        status: 204,
+        headers: { "Allow": allowMethods.join(", ") },
+      });
+    }
+
+    // HEAD auto-implementation: run GET handler and strip body
+    let handlerFn = handler[method] || handler["default"];
+    let isAutoHead = false;
+    if (method === "HEAD" && typeof handler["HEAD"] !== "function" && typeof handler["GET"] === "function") {
+      handlerFn = handler["GET"];
+      isAutoHead = true;
+    }
+
+    if (typeof handlerFn === "function") {
+      try {
+        const response = await handlerFn(request, { params });
+
+        // Apply Cache-Control from route segment config (export const revalidate = N).
+        // Next.js sets s-maxage on GET route handlers with a numeric revalidate value.
+        if (revalidateSeconds !== null && (method === "GET" || isAutoHead) && !response.headers.has("cache-control")) {
+          response.headers.set("cache-control", "s-maxage=" + revalidateSeconds + ", stale-while-revalidate");
+        }
+
+        // Collect any Set-Cookie headers from cookies().set()/delete() calls
+        const pendingCookies = getAndClearPendingCookies();
+        const draftCookie = getDraftModeCookieHeader();
+        setHeadersContext(null);
+        setNavigationContext(null);
+
+        // If we have pending cookies, create a new response with them attached
+        if (pendingCookies.length > 0 || draftCookie) {
+          const newHeaders = new Headers(response.headers);
+          for (const cookie of pendingCookies) {
+            newHeaders.append("Set-Cookie", cookie);
+          }
+          if (draftCookie) newHeaders.append("Set-Cookie", draftCookie);
+
+          if (isAutoHead) {
+            return new Response(null, {
+              status: response.status,
+              statusText: response.statusText,
+              headers: newHeaders,
+            });
+          }
+          return new Response(response.body, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: newHeaders,
+          });
+        }
+
+        if (isAutoHead) {
+          // Strip body for auto-HEAD, preserve headers and status
+          return new Response(null, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: response.headers,
+          });
+        }
+        return response;
+      } catch (err) {
+        getAndClearPendingCookies(); // Clear any pending cookies on error
+        // Catch redirect() / notFound() thrown from route handlers
+        if (err && typeof err === "object" && "digest" in err) {
+          const digest = String(err.digest);
+          if (digest.startsWith("NEXT_REDIRECT;")) {
+            const parts = digest.split(";");
+            const redirectUrl = decodeURIComponent(parts[2]);
+            const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+            setHeadersContext(null);
+            setNavigationContext(null);
+            return new Response(null, {
+              status: statusCode,
+              headers: { Location: new URL(redirectUrl, request.url).toString() },
+            });
+          }
+          if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+            const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+            setHeadersContext(null);
+            setNavigationContext(null);
+            return new Response(null, { status: statusCode });
+          }
+        }
+        setHeadersContext(null);
+        setNavigationContext(null);
+        console.error("[vinext] Route handler error:", err);
+        _reportRequestError(
+          err instanceof Error ? err : new Error(String(err)),
+          { path: cleanPathname, method: request.method, headers: Object.fromEntries(request.headers.entries()) },
+          { routerKind: "App Router", routePath: route.pattern, routeType: "route" },
+        ).catch((reportErr) => {
+          console.error("[vinext] Failed to report route handler error:", reportErr);
+        });
+        return new Response(null, { status: 500 });
+      }
+    }
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response(null, {
+      status: 405,
+      headers: { Allow: exportedMethods.join(", ") },
+    });
+  }
+
+  // Build the component tree: layouts wrapping the page
+  const PageComponent = route.page?.default;
+  if (!PageComponent) {
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response("Page has no default export", { status: 500 });
+  }
+
+  // Read route segment config from page module exports
+  let revalidateSeconds = typeof route.page?.revalidate === "number" ? route.page.revalidate : null;
+  const dynamicConfig = route.page?.dynamic; // 'auto' | 'force-dynamic' | 'force-static' | 'error'
+  const dynamicParamsConfig = route.page?.dynamicParams; // true (default) | false
+  const isForceStatic = dynamicConfig === "force-static";
+  const isDynamicError = dynamicConfig === "error";
+
+  // force-static: replace headers/cookies context with empty values and
+  // clear searchParams so dynamic APIs return defaults instead of real data
+  if (isForceStatic) {
+    setHeadersContext({ headers: new Headers(), cookies: new Map() });
+    setNavigationContext({
+      pathname: cleanPathname,
+      searchParams: new URLSearchParams(),
+      params,
+    });
+  }
+
+  // dynamic = 'error': set a trap context that throws when headers/cookies are accessed
+  if (isDynamicError) {
+    const errorMsg = 'Page with \`dynamic = "error"\` used a dynamic API. ' +
+      'This page was expected to be fully static, but headers(), cookies(), ' +
+      'or searchParams was accessed. Remove the dynamic API usage or change ' +
+      'the dynamic config to "auto" or "force-dynamic".';
+    const throwingHeaders = new Proxy(new Headers(), {
+      get(target, prop) {
+        if (typeof prop === "string" && prop !== "then") throw new Error(errorMsg);
+        return Reflect.get(target, prop);
+      },
+    });
+    const throwingCookies = new Proxy(new Map(), {
+      get(target, prop) {
+        if (typeof prop === "string" && prop !== "then") throw new Error(errorMsg);
+        return Reflect.get(target, prop);
+      },
+    });
+    setHeadersContext({ headers: throwingHeaders, cookies: throwingCookies });
+    setNavigationContext({
+      pathname: cleanPathname,
+      searchParams: new URLSearchParams(),
+      params,
+    });
+  }
+
+  // dynamicParams = false: only params from generateStaticParams are allowed
+  if (dynamicParamsConfig === false && route.isDynamic && typeof route.page?.generateStaticParams === "function") {
+    try {
+      // Pass parent params to generateStaticParams (Next.js top-down params passing).
+      // Parent params = all matched params that DON'T belong to the leaf page's own dynamic segments.
+      // We pass the full matched params; the function uses only what it needs.
+      const staticParams = await route.page.generateStaticParams({ params });
+      if (Array.isArray(staticParams)) {
+        const paramKeys = Object.keys(params);
+        const isAllowed = staticParams.some(sp =>
+          paramKeys.every(key => {
+            const val = params[key];
+            const staticVal = sp[key];
+            // Allow parent params to not be in the returned set (they're inherited)
+            if (staticVal === undefined) return true;
+            if (Array.isArray(val)) return JSON.stringify(val) === JSON.stringify(staticVal);
+            return String(val) === String(staticVal);
+          })
+        );
+        if (!isAllowed) {
+          setHeadersContext(null);
+          setNavigationContext(null);
+          return new Response("Not Found", { status: 404 });
+        }
+      }
+    } catch (err) {
+      console.error("[vinext] generateStaticParams error:", err);
+    }
+  }
+
+  // force-dynamic: set no-store Cache-Control
+  const isForceDynamic = dynamicConfig === "force-dynamic";
+
+  // Check for intercepting routes on RSC requests (client-side navigation).
+  // If the target URL matches an intercepting route in a parallel slot,
+  // render the source route with the intercepting page in the slot.
+  let interceptOpts = undefined;
+  if (isRscRequest) {
+    const intercept = findIntercept(cleanPathname);
+    if (intercept) {
+      const sourceRoute = routes[intercept.sourceRouteIndex];
+      if (sourceRoute && sourceRoute !== route) {
+        // Render the source route (e.g. /feed) with the intercepting page in the slot
+        const sourceMatch = matchRoute(sourceRoute.pattern, routes);
+        const sourceParams = sourceMatch ? sourceMatch.params : {};
+        setNavigationContext({
+          pathname: cleanPathname,
+          searchParams: url.searchParams,
+          params: intercept.matchedParams,
+        });
+        const interceptElement = await buildPageElement(sourceRoute, sourceParams, {
+          interceptSlot: intercept.slotName,
+          interceptPage: intercept.page,
+          interceptParams: intercept.matchedParams,
+        }, url.searchParams);
+        const interceptOnError = createRscOnErrorHandler(
+          request,
+          cleanPathname,
+          sourceRoute.pattern,
+        );
+        const interceptStream = renderToReadableStream(interceptElement, { onError: interceptOnError });
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return new Response(interceptStream, {
+          headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+        });
+      }
+      // If sourceRoute === route, apply intercept opts to the normal render
+      interceptOpts = {
+        interceptSlot: intercept.slotName,
+        interceptPage: intercept.page,
+        interceptParams: intercept.matchedParams,
+      };
+    }
+  }
+
+  let element;
+  try {
+    element = await buildPageElement(route, params, interceptOpts, url.searchParams);
+  } catch (buildErr) {
+    // Check for redirect/notFound/forbidden/unauthorized thrown during metadata resolution or async components
+    if (buildErr && typeof buildErr === "object" && "digest" in buildErr) {
+      const digest = String(buildErr.digest);
+      if (digest.startsWith("NEXT_REDIRECT;")) {
+        const parts = digest.split(";");
+        const redirectUrl = decodeURIComponent(parts[2]);
+        const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+      }
+      if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+        const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { matchedParams: params });
+        if (fallbackResp) return fallbackResp;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+        return new Response(statusText, { status: statusCode });
+      }
+    }
+    // Non-special error (e.g. generateMetadata() threw) — render error.tsx if available
+    const errorBoundaryResp = await renderErrorBoundaryPage(route, buildErr, isRscRequest, request, params);
+    if (errorBoundaryResp) return errorBoundaryResp;
+    throw buildErr;
+  }
+
+  // Note: CSS is automatically injected by @vitejs/plugin-rsc's
+  // rscCssTransform — no manual loadCss() call needed.
+
+  // Helper: check if an error is a redirect/notFound/forbidden/unauthorized thrown by the navigation shim
+  async function handleRenderError(err) {
+    if (err && typeof err === "object" && "digest" in err) {
+      const digest = String(err.digest);
+      if (digest.startsWith("NEXT_REDIRECT;")) {
+        const parts = digest.split(";");
+        const redirectUrl = decodeURIComponent(parts[2]);
+        const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+      }
+      if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+        const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { matchedParams: params });
+        if (fallbackResp) return fallbackResp;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+        return new Response(statusText, { status: statusCode });
+      }
+    }
+    return null;
+  }
+
+  // Pre-render layout components to catch notFound()/redirect() thrown from layouts.
+  // In Next.js, each layout level has its own NotFoundBoundary. When a layout throws
+  // notFound(), the parent layout's boundary catches it and renders the parent's
+  // not-found.tsx. Since React Flight doesn't activate client error boundaries during
+  // RSC rendering, we catch layout-level throws here and render the appropriate
+  // fallback page with only the layouts above the throwing one.
+  //
+  // IMPORTANT: Layout pre-render runs BEFORE page pre-render. In Next.js, layouts
+  // render before their children — if a layout throws notFound(), the page never
+  // executes. By checking layouts first, we avoid a bug where the page's notFound()
+  // triggers renderHTTPAccessFallbackPage with ALL route layouts, but one of those
+  // layouts itself throws notFound() during the fallback rendering (causing a 500).
+  if (route.layouts && route.layouts.length > 0) {
+    const asyncParams = makeThenableParams(params);
+    // Run inside ALS context so the module-level console.error patch suppresses
+    // "Invalid hook call" only for this request's probe — concurrent requests
+    // each have their own ALS store and are unaffected.
+    const _layoutProbeResult = await _suppressHookWarningAls.run(true, async () => {
+      for (let li = route.layouts.length - 1; li >= 0; li--) {
+        const LayoutComp = route.layouts[li]?.default;
+        if (!LayoutComp) continue;
+        try {
+          const lr = LayoutComp({ params: asyncParams, children: null });
+          if (lr && typeof lr === "object" && typeof lr.then === "function") await lr;
+        } catch (layoutErr) {
+          if (layoutErr && typeof layoutErr === "object" && "digest" in layoutErr) {
+            const digest = String(layoutErr.digest);
+             if (digest.startsWith("NEXT_REDIRECT;")) {
+               const parts = digest.split(";");
+               const redirectUrl = decodeURIComponent(parts[2]);
+               const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+               setHeadersContext(null);
+               setNavigationContext(null);
+               return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+            }
+            if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+              const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+              // Find the not-found component from the parent level (the boundary that
+              // would catch this in Next.js). Walk up from the throwing layout to find
+              // the nearest not-found at a parent layout's directory.
+              let parentNotFound = null;
+              if (route.notFounds) {
+                for (let pi = li - 1; pi >= 0; pi--) {
+                  if (route.notFounds[pi]?.default) {
+                    parentNotFound = route.notFounds[pi].default;
+                    break;
+                  }
+                }
+              }
+              if (!parentNotFound) parentNotFound = null;
+              // Wrap in only the layouts above the throwing one
+              const parentLayouts = route.layouts.slice(0, li);
+              const fallbackResp = await renderHTTPAccessFallbackPage(
+                route, statusCode, isRscRequest, request,
+                { boundaryComponent: parentNotFound, layouts: parentLayouts, matchedParams: params }
+              );
+              if (fallbackResp) return fallbackResp;
+              setHeadersContext(null);
+              setNavigationContext(null);
+              const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+              return new Response(statusText, { status: statusCode });
+            }
+          }
+          // Not a special error — let it propagate through normal RSC rendering
+        }
+      }
+      return null;
+    });
+    if (_layoutProbeResult instanceof Response) return _layoutProbeResult;
+  }
+
+  // Pre-render the page component to catch redirect()/notFound() thrown synchronously.
+  // Server Components are just functions — we can call PageComponent directly to detect
+  // these special throws before starting the RSC stream.
+  //
+  // For routes with a loading.tsx Suspense boundary, we skip awaiting async components.
+  // The Suspense boundary + rscOnError will handle redirect/notFound thrown during
+  // streaming, and blocking here would defeat streaming (the slow component's delay
+  // would be hit before the RSC stream even starts).
+  //
+  // Because this calls the component outside React's render cycle, hooks like use()
+  // trigger "Invalid hook call" console.error in dev. The module-level ALS patch
+  // suppresses the warning only within this request's execution context.
+  const _hasLoadingBoundary = !!(route.loading && route.loading.default);
+  const _pageProbeResult = await _suppressHookWarningAls.run(true, async () => {
+    try {
+      const testResult = PageComponent({ params });
+      // If it's a promise (async component), only await if there's no loading boundary.
+      // With a loading boundary, the Suspense streaming pipeline handles async resolution
+      // and any redirect/notFound errors via rscOnError.
+      if (testResult && typeof testResult === "object" && typeof testResult.then === "function") {
+        if (!_hasLoadingBoundary) {
+          await testResult;
+        } else {
+          // Suppress unhandled promise rejection — with a loading boundary,
+          // redirect/notFound errors are handled by rscOnError during streaming.
+          testResult.catch(() => {});
+        }
+      }
+    } catch (preRenderErr) {
+      const specialResponse = await handleRenderError(preRenderErr);
+      if (specialResponse) return specialResponse;
+      // Non-special errors from the pre-render test are expected (e.g. use() hook
+      // fails outside React's render cycle, client references can't execute on server).
+      // Only redirect/notFound/forbidden/unauthorized are actionable here — other
+      // errors will be properly caught during actual RSC/SSR rendering below.
+    }
+    return null;
+  });
+  if (_pageProbeResult instanceof Response) return _pageProbeResult;
+
+  // Mark end of compile phase: route matching, middleware, tree building are done.
+  if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
+
+  // Render to RSC stream
+  const onRenderError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
+
+  if (isRscRequest) {
+    // Direct RSC stream response (for client-side navigation)
+    // NOTE: Do NOT clear headers/navigation context here!
+    // The RSC stream is consumed lazily - components render when chunks are read.
+    // If we clear context now, headers()/cookies() will fail during rendering.
+    // Context will be cleared when the next request starts (via runWithHeadersContext).
+    const responseHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
+    // Include matched route params so the client can hydrate useParams()
+    if (params && Object.keys(params).length > 0) {
+      responseHeaders["X-Vinext-Params"] = JSON.stringify(params);
+    }
+    if (isForceDynamic) {
+      responseHeaders["Cache-Control"] = "no-store, must-revalidate";
+    } else if ((isForceStatic || isDynamicError) && !revalidateSeconds) {
+      responseHeaders["Cache-Control"] = "s-maxage=31536000, stale-while-revalidate";
+      responseHeaders["X-Vinext-Cache"] = "STATIC";
+    } else if (revalidateSeconds) {
+      responseHeaders["Cache-Control"] = "s-maxage=" + revalidateSeconds + ", stale-while-revalidate";
+    }
+    // Merge middleware response headers into the RSC response.
+    // set-cookie and vary are accumulated to preserve existing values
+    // (e.g. "Vary: RSC, Accept" set above); all other keys use plain
+    // assignment so middleware headers win over config headers, which
+    // the outer handler applies afterward and skips keys already present.
+    if (_mwCtx.headers) {
+      for (const [key, value] of _mwCtx.headers) {
+        const lk = key.toLowerCase();
+        if (lk === "set-cookie") {
+          const existing = responseHeaders[lk];
+          if (Array.isArray(existing)) {
+            existing.push(value);
+          } else if (existing) {
+            responseHeaders[lk] = [existing, value];
+          } else {
+            responseHeaders[lk] = [value];
+          }
+        } else if (lk === "vary") {
+          // Accumulate Vary values to preserve the existing "RSC, Accept" entry.
+          const existing = responseHeaders["Vary"] ?? responseHeaders["vary"];
+          if (existing) {
+            responseHeaders["Vary"] = existing + ", " + value;
+            if (responseHeaders["vary"] !== undefined) delete responseHeaders["vary"];
+          } else {
+            responseHeaders[key] = value;
+          }
+        } else {
+          responseHeaders[key] = value;
+        }
+      }
+    }
+    // Attach internal timing header so the dev server middleware can log it.
+    // Format: "handlerStart,compileMs,renderMs"
+    //   handlerStart - absolute performance.now() when _handleRequest began,
+    //                  used by the logging middleware to compute true compile
+    //                  time as (handlerStart - middlewareReqStart).
+    //   compileMs    - time inside the handler before renderToReadableStream.
+    //                  -1 sentinel means compile time is not measured.
+    //   renderMs     - -1 sentinel for RSC-only (soft-nav) responses, since
+    //                  rendering is handled asynchronously by the client. The
+    //                  logging middleware computes render time as totalMs - compileMs.
+    if (process.env.NODE_ENV !== "production") {
+      const handlerStart = Math.round(__reqStart);
+      const compileMs = __compileEnd !== undefined ? Math.round(__compileEnd - __reqStart) : -1;
+      responseHeaders["x-vinext-timing"] = handlerStart + "," + compileMs + ",-1";
+    }
+    return new Response(rscStream, { status: _mwCtx.status || 200, headers: responseHeaders });
+  }
+
+  // Collect font data from RSC environment before passing to SSR
+  // (Fonts are loaded during RSC rendering when layout.tsx calls Geist() etc.)
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+
+  // Build HTTP Link header for font preloading.
+  // This lets the browser (and CDN) start fetching font files before parsing HTML,
+  // eliminating the CSS → woff2 download waterfall.
+  const fontPreloads = fontData.preloads || [];
+  const fontLinkHeaderParts = [];
+  for (const preload of fontPreloads) {
+    fontLinkHeaderParts.push("<" + preload.href + ">; rel=preload; as=font; type=" + preload.type + "; crossorigin");
+  }
+  const fontLinkHeader = fontLinkHeaderParts.length > 0 ? fontLinkHeaderParts.join(", ") : "";
+
+  // Delegate to SSR environment for HTML rendering
+  let htmlStream;
+  try {
+    const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+    htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+    // Shell render complete; Suspense boundaries stream asynchronously
+    if (process.env.NODE_ENV !== "production") __renderEnd = performance.now();
+  } catch (ssrErr) {
+    const specialResponse = await handleRenderError(ssrErr);
+    if (specialResponse) return specialResponse;
+    // Non-special error during SSR — render error.tsx if available
+    const errorBoundaryResp = await renderErrorBoundaryPage(route, ssrErr, isRscRequest, request, params);
+    if (errorBoundaryResp) return errorBoundaryResp;
+    throw ssrErr;
+  }
+
+  // Check for draftMode Set-Cookie header (from draftMode().enable()/disable())
+  const draftCookie = getDraftModeCookieHeader();
+
+  setHeadersContext(null);
+  setNavigationContext(null);
+
+  // Helper to attach draftMode cookie, middleware headers, font Link header, and rewrite status to a response
+  function attachMiddlewareContext(response) {
+    if (draftCookie) {
+      response.headers.append("Set-Cookie", draftCookie);
+    }
+    // Set HTTP Link header for font preloading
+    if (fontLinkHeader) {
+      response.headers.set("Link", fontLinkHeader);
+    }
+    // Merge middleware response headers into the final response.
+    // The response is freshly constructed above (new Response(htmlStream, {...})),
+    // so set() and append() are equivalent — there are no same-key conflicts yet.
+    // Precedence over config headers is handled by the outer handler, which
+    // skips config keys that middleware already placed on the response.
+    if (_mwCtx.headers) {
+      for (const [key, value] of _mwCtx.headers) {
+        response.headers.append(key, value);
+      }
+    }
+    // Attach internal timing header so the dev server middleware can log it.
+    // Format: "handlerStart,compileMs,renderMs"
+    //   handlerStart - absolute performance.now() when _handleRequest began,
+    //                  used by the logging middleware to compute true compile
+    //                  time as (handlerStart - middlewareReqStart).
+    //   compileMs    - time inside the handler before renderToReadableStream.
+    //   renderMs     - time from renderToReadableStream to handleSsr completion,
+    //                  or -1 sentinel if not measured (falls back to totalMs - compileMs).
+    if (process.env.NODE_ENV !== "production") {
+      const handlerStart = Math.round(__reqStart);
+      const compileMs = __compileEnd !== undefined ? Math.round(__compileEnd - __reqStart) : -1;
+      const renderMs = __renderEnd !== undefined && __compileEnd !== undefined
+        ? Math.round(__renderEnd - __compileEnd)
+        : -1;
+      response.headers.set("x-vinext-timing", handlerStart + "," + compileMs + "," + renderMs);
+    }
+    // Apply custom status code from middleware rewrite
+    if (_mwCtx.status) {
+      return new Response(response.body, {
+        status: _mwCtx.status,
+        headers: response.headers,
+      });
+    }
+    return response;
+  }
+
+  // Check if any component called connection(), cookies(), headers(), or noStore()
+  // during rendering. If so, treat as dynamic (skip ISR, set no-store).
+  const dynamicUsedDuringRender = consumeDynamicUsage();
+
+  // Check if cacheLife() was called during rendering (e.g., page with file-level "use cache").
+  // If so, use its revalidation period for the Cache-Control header.
+  const requestCacheLife = _consumeRequestScopedCacheLife();
+  if (requestCacheLife && requestCacheLife.revalidate !== undefined && revalidateSeconds === null) {
+    revalidateSeconds = requestCacheLife.revalidate;
+  }
+
+  // force-dynamic: always return no-store (highest priority)
+  if (isForceDynamic) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "no-store, must-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // force-static / error: treat as static regardless of dynamic usage.
+  // force-static intentionally provides empty headers/cookies context so
+  // dynamic APIs return safe defaults; we ignore the dynamic usage signal.
+  // dynamic='error' should have already thrown (via throwing Proxy) if user
+  // code accessed dynamic APIs, so reaching here means rendering succeeded.
+  if ((isForceStatic || isDynamicError) && (revalidateSeconds === null || revalidateSeconds === 0)) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "s-maxage=31536000, stale-while-revalidate",
+        "X-Vinext-Cache": "STATIC",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // auto mode: dynamic API usage (headers(), cookies(), connection(), noStore(),
+  // searchParams access) opts the page into dynamic rendering with no-store.
+  if (dynamicUsedDuringRender) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "no-store, must-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // Emit Cache-Control for ISR pages so tests can verify revalidate values,
+  // but skip actual caching in dev — every request renders fresh.
+  if (revalidateSeconds !== null && revalidateSeconds > 0) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "s-maxage=" + revalidateSeconds + ", stale-while-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  return attachMiddlewareContext(new Response(htmlStream, {
+    headers: { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" },
+  }));
+}
+
+if (import.meta.hot) {
+  import.meta.hot.accept();
+}
+"
+`;
+
+exports[`App Router entry templates > generateRscEntry snapshot (with config) 1`] = `
+"
+import {
+  renderToReadableStream,
+  decodeReply,
+  loadServerAction,
+  createTemporaryReferenceSet,
+} from "@vitejs/plugin-rsc/rsc";
+import { AsyncLocalStorage } from "node:async_hooks";
+import { createElement, Suspense, Fragment } from "react";
+import { setNavigationContext as _setNavigationContextOrig, getNavigationContext as _getNavigationContext } from "next/navigation";
+import { setHeadersContext, headersContextFromRequest, getDraftModeCookieHeader, getAndClearPendingCookies, consumeDynamicUsage, markDynamicUsage, runWithHeadersContext, applyMiddlewareRequestHeaders, getHeadersContext } from "next/headers";
+import { NextRequest, NextFetchEvent } from "next/server";
+import { ErrorBoundary, NotFoundBoundary } from "vinext/error-boundary";
+import { LayoutSegmentProvider } from "vinext/layout-segment-context";
+import { MetadataHead, mergeMetadata, resolveModuleMetadata, ViewportHead, mergeViewport, resolveModuleViewport } from "vinext/metadata";
+
+
+
+import { _consumeRequestScopedCacheLife, _runWithCacheState } from "next/cache";
+import { runWithFetchCache } from "vinext/fetch-cache";
+import { runWithPrivateCache as _runWithPrivateCache } from "vinext/cache-runtime";
+// Import server-only state module to register ALS-backed accessors.
+import { runWithNavigationContext as _runWithNavigationContext } from "vinext/navigation-state";
+import { reportRequestError as _reportRequestError } from "vinext/instrumentation";
+import { getSSRFontLinks as _getSSRFontLinks, getSSRFontStyles as _getSSRFontStylesGoogle, getSSRFontPreloads as _getSSRFontPreloadsGoogle } from "next/font/google";
+import { getSSRFontStyles as _getSSRFontStylesLocal, getSSRFontPreloads as _getSSRFontPreloadsLocal } from "next/font/local";
+function _getSSRFontStyles() { return [..._getSSRFontStylesGoogle(), ..._getSSRFontStylesLocal()]; }
+function _getSSRFontPreloads() { return [..._getSSRFontPreloadsGoogle(), ..._getSSRFontPreloadsLocal()]; }
+
+// ALS used to suppress the expected "Invalid hook call" dev warning when
+// layout/page components are probed outside React's render cycle. Patching
+// console.error once at module load (instead of per-request) avoids the
+// concurrent-request issue where request A's suppression filter could
+// swallow real errors from request B.
+const _suppressHookWarningAls = new AsyncLocalStorage();
+const _origConsoleError = console.error;
+console.error = (...args) => {
+  if (_suppressHookWarningAls.getStore() === true &&
+      typeof args[0] === "string" &&
+      args[0].includes("Invalid hook call")) return;
+  _origConsoleError.apply(console, args);
+};
+
+// Set navigation context in the ALS-backed store. "use client" components
+// rendered during SSR need the pathname/searchParams/params but the SSR
+// environment has a separate module instance of next/navigation.
+// Use _getNavigationContext() to read the current context — never cache
+// it in a module-level variable (that would leak between concurrent requests).
+function setNavigationContext(ctx) {
+  _setNavigationContextOrig(ctx);
+}
+
+// ISR cache is disabled in dev mode — every request re-renders fresh,
+// matching Next.js dev behavior. Cache-Control headers are still emitted
+// based on export const revalidate for testing purposes.
+// Production ISR is handled by prod-server.ts and the Cloudflare worker entry.
+
+// Normalize null-prototype objects from matchPattern() into thenable objects
+// that work both as Promises (for Next.js 15+ async params) and as plain
+// objects with synchronous property access (for pre-15 code like params.id).
+//
+// matchPattern() uses Object.create(null), producing objects without
+// Object.prototype. The RSC serializer rejects these. Spreading ({...obj})
+// restores a normal prototype. Object.assign onto the Promise preserves
+// synchronous property access (params.id, params.slug) that existing
+// components and test fixtures rely on.
+function makeThenableParams(obj) {
+  const plain = { ...obj };
+  return Object.assign(Promise.resolve(plain), plain);
+}
+
+// Resolve route tree segments to actual values using matched params.
+// Dynamic segments like [id] are replaced with param values, catch-all
+// segments like [...slug] are joined with "/", and route groups are kept as-is.
+function __resolveChildSegments(routeSegments, treePosition, params) {
+  var raw = routeSegments.slice(treePosition);
+  var result = [];
+  for (var j = 0; j < raw.length; j++) {
+    var seg = raw[j];
+    // Optional catch-all: [[...param]]
+    if (seg.indexOf("[[...") === 0 && seg.charAt(seg.length - 1) === "]" && seg.charAt(seg.length - 2) === "]") {
+      var pn = seg.slice(5, -2);
+      var v = params[pn];
+      // Skip empty optional catch-all (e.g., visiting /blog on [[...slug]] route)
+      if (Array.isArray(v) && v.length === 0) continue;
+      if (v == null) continue;
+      result.push(Array.isArray(v) ? v.join("/") : v);
+    // Catch-all: [...param]
+    } else if (seg.indexOf("[...") === 0 && seg.charAt(seg.length - 1) === "]") {
+      var pn2 = seg.slice(4, -1);
+      var v2 = params[pn2];
+      result.push(Array.isArray(v2) ? v2.join("/") : (v2 || seg));
+    // Dynamic: [param]
+    } else if (seg.charAt(0) === "[" && seg.charAt(seg.length - 1) === "]" && seg.indexOf(".") === -1) {
+      var pn3 = seg.slice(1, -1);
+      result.push(params[pn3] || seg);
+    } else {
+      result.push(seg);
+    }
+  }
+  return result;
+}
+
+// djb2 hash — matches Next.js's stringHash for digest generation.
+// Produces a stable numeric string from error message + stack.
+function __errorDigest(str) {
+  let hash = 5381;
+  for (let i = str.length - 1; i >= 0; i--) {
+    hash = (hash * 33) ^ str.charCodeAt(i);
+  }
+  return (hash >>> 0).toString();
+}
+
+// Sanitize an error for client consumption. In production, replaces the error
+// with a generic Error that only carries a digest hash (matching Next.js
+// behavior). In development, returns the original error for debugging.
+// Navigation errors (redirect, notFound, etc.) are always passed through
+// unchanged since their digests are used for client-side routing.
+function __sanitizeErrorForClient(error) {
+  // Navigation errors must pass through with their digest intact
+  if (error && typeof error === "object" && "digest" in error) {
+    const digest = String(error.digest);
+    if (
+      digest.startsWith("NEXT_REDIRECT;") ||
+      digest === "NEXT_NOT_FOUND" ||
+      digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")
+    ) {
+      return error;
+    }
+  }
+  // In development, pass through the original error for debugging
+  if (process.env.NODE_ENV !== "production") {
+    return error;
+  }
+  // In production, create a sanitized error with only a digest hash
+  const msg = error instanceof Error ? error.message : String(error);
+  const stack = error instanceof Error ? (error.stack || "") : "";
+  const sanitized = new Error(
+    "An error occurred in the Server Components render. " +
+    "The specific message is omitted in production builds to avoid leaking sensitive details. " +
+    "A digest property is included on this error instance which may provide additional details about the nature of the error."
+  );
+  sanitized.digest = __errorDigest(msg + stack);
+  return sanitized;
+}
+
+// onError callback for renderToReadableStream — preserves the digest for
+// Next.js navigation errors (redirect, notFound, forbidden, unauthorized)
+// thrown during RSC streaming (e.g. inside Suspense boundaries).
+// For non-navigation errors in production, generates a digest hash so the
+// error can be correlated with server logs without leaking details.
+function rscOnError(error, requestInfo, errorContext) {
+  if (error && typeof error === "object" && "digest" in error) {
+    return String(error.digest);
+  }
+
+  // In dev, detect the "Only plain objects" RSC serialization error and emit
+  // an actionable hint. This error occurs when a Server Component passes a
+  // class instance, ES module namespace object, or null-prototype object as a
+  // prop to a Client Component.
+  //
+  // Root cause: Vite bundles modules as true ESM (module namespace objects
+  // have a null-like internal slot), while Next.js's webpack build produces
+  // plain CJS-wrapped objects with __esModule:true. React's RSC serializer
+  // accepts the latter as plain objects but rejects the former — which means
+  // code that accidentally passes "import * as X" works in webpack/Next.js
+  // but correctly fails in vinext.
+  //
+  // Common triggers:
+  //   - "import * as utils from './utils'" passed as a prop
+  //   - class instances (new Foo()) passed as props
+  //   - Date / Map / Set instances passed as props
+  //   - Objects with Object.create(null) (null prototype)
+  if (
+    process.env.NODE_ENV !== "production" &&
+    error instanceof Error &&
+    error.message.includes("Only plain objects, and a few built-ins, can be passed to Client Components")
+  ) {
+    console.error(
+      "[vinext] RSC serialization error: a non-plain object was passed from a Server Component to a Client Component.\\n" +
+      "\\n" +
+      "Common causes:\\n" +
+      "  * Passing a module namespace (import * as X) directly as a prop.\\n" +
+      "    Unlike Next.js (webpack), Vite produces real ESM module namespace objects\\n" +
+      "    which are not serializable. Fix: pass individual values instead,\\n" +
+      "    e.g. <Comp value={module.value} />\\n" +
+      "  * Passing a class instance (new Foo()) as a prop.\\n" +
+      "    Fix: convert to a plain object, e.g. { id: foo.id, name: foo.name }\\n" +
+      "  * Passing a Date, Map, or Set. Use .toISOString(), [...map.entries()], etc.\\n" +
+      "  * Passing Object.create(null). Use { ...obj } to restore a prototype.\\n" +
+      "\\n" +
+      "Original error:",
+      error.message,
+    );
+    return undefined;
+  }
+
+  if (requestInfo && errorContext && error) {
+    _reportRequestError(
+      error instanceof Error ? error : new Error(String(error)),
+      requestInfo,
+      errorContext,
+    ).catch((reportErr) => {
+      console.error("[vinext] Failed to report render error:", reportErr);
+    });
+  }
+
   // In production, generate a digest hash for non-navigation errors
   if (process.env.NODE_ENV === "production" && error) {
     const msg = error instanceof Error ? error.message : String(error);
@@ -528,9 +2968,27 @@ function rscOnError(error) {
   return undefined;
 }
 
+function createRscOnErrorHandler(request, pathname, routePath) {
+  const requestInfo = {
+    path: pathname,
+    method: request.method,
+    headers: Object.fromEntries(request.headers.entries()),
+  };
+  const errorContext = {
+    routerKind: "App Router",
+    routePath: routePath || pathname,
+    routeType: "render",
+  };
+  return function(error) {
+    return rscOnError(error, requestInfo, errorContext);
+  };
+}
+
 import * as mod_0 from "/tmp/test/app/page.tsx";
 import * as mod_1 from "/tmp/test/app/layout.tsx";
 import * as mod_2 from "/tmp/test/app/about/page.tsx";
+import * as mod_3 from "/tmp/test/app/blog/[slug]/page.tsx";
+import * as mod_4 from "/tmp/test/app/blog/[slug]/layout.tsx";
 
 
 
@@ -576,6 +3034,27 @@ const routes = [
     notFounds: [null],
     forbidden: null,
     unauthorized: null,
+  },
+  {
+    pattern: "/blog/:slug",
+    isDynamic: true,
+    params: ["slug"],
+    page: mod_3,
+    routeHandler: null,
+    layouts: [mod_1, mod_4],
+    routeSegments: ["blog",":slug"],
+    layoutTreePositions: [0,1],
+    templates: [],
+    errors: [null, null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null, null],
+    forbidden: null,
+    unauthorized: null,
   }
 ];
 
@@ -660,7 +3139,13 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
       }
     }
     
-    const rscStream = renderToReadableStream(element, { onError: rscOnError });
+    const _pathname = new URL(request.url).pathname;
+    const onRenderError = createRscOnErrorHandler(
+      request,
+      _pathname,
+      route?.pattern ?? _pathname,
+    );
+    const rscStream = renderToReadableStream(element, { onError: onRenderError });
     setHeadersContext(null);
     setNavigationContext(null);
     return new Response(rscStream, {
@@ -678,7 +3163,13 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
       element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParamsHtml });
     }
   }
-  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
   // Collect font data from RSC environment
   const fontData = {
     links: _getSSRFontLinks(),
@@ -757,7 +3248,13 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       }
     }
     
-    const rscStream = renderToReadableStream(element, { onError: rscOnError });
+    const _pathname = new URL(request.url).pathname;
+    const onRenderError = createRscOnErrorHandler(
+      request,
+      _pathname,
+      route?.pattern ?? _pathname,
+    );
+    const rscStream = renderToReadableStream(element, { onError: onRenderError });
     setHeadersContext(null);
     setNavigationContext(null);
     return new Response(rscStream, {
@@ -774,7 +3271,13 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
     }
   }
-  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
   // Collect font data from RSC environment so error pages include font styles
   const fontData = {
     links: _getSSRFontLinks(),
@@ -1100,11 +3603,11 @@ async function buildPageElement(route, params, opts, searchParams) {
 
 
 
-const __basePath = "";
-const __trailingSlash = false;
-const __configRedirects = [];
-const __configRewrites = {"beforeFiles":[],"afterFiles":[],"fallback":[]};
-const __configHeaders = [];
+const __basePath = "/base";
+const __trailingSlash = true;
+const __configRedirects = [{"source":"/old","destination":"/new","permanent":true}];
+const __configRewrites = {"beforeFiles":[{"source":"/api/:path*","destination":"/backend/:path*"}],"afterFiles":[],"fallback":[]};
+const __configHeaders = [{"source":"/api/:path*","headers":[{"key":"X-Custom","value":"test"}]}];
 const __allowedOrigins = [];
 
 
@@ -1624,7 +4127,7 @@ export default async function handler(request) {
                 const url = new URL(request.url);
                 let pathname;
                 try { pathname = __normalizePath(decodeURIComponent(url.pathname)); } catch { pathname = url.pathname; }
-                
+                if (pathname.startsWith("/base")) pathname = pathname.slice("/base".length) || "/";
                 const extraHeaders = __applyConfigHeaders(pathname, __reqCtx);
                 for (const h of extraHeaders) {
                   // Use append() for headers where multiple values must coexist
@@ -1685,6 +4188,11 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   let pathname = __normalizePath(decodedUrlPathname);
 
   
+  // Strip basePath prefix
+  if (__basePath && pathname.startsWith(__basePath)) {
+    pathname = pathname.slice(__basePath.length) || "/";
+  }
+  
 
   // Trailing slash normalization (redirect to canonical form)
   if (pathname !== "/" && !pathname.startsWith("/api")) {
@@ -1928,9 +4436,14 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
         element = createElement("div", null, "Page not found");
       }
 
+      const onRenderError = createRscOnErrorHandler(
+        request,
+        cleanPathname,
+        match ? match.route.pattern : cleanPathname,
+      );
       const rscStream = renderToReadableStream(
         { root: element, returnValue },
-        { temporaryReferences, onError: rscOnError },
+        { temporaryReferences, onError: onRenderError },
       );
 
       // Collect cookies set during the action
@@ -2249,7 +4762,12 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
           interceptPage: intercept.page,
           interceptParams: intercept.matchedParams,
         }, url.searchParams);
-        const interceptStream = renderToReadableStream(interceptElement, { onError: rscOnError });
+        const interceptOnError = createRscOnErrorHandler(
+          request,
+          cleanPathname,
+          sourceRoute.pattern,
+        );
+        const interceptStream = renderToReadableStream(interceptElement, { onError: interceptOnError });
         setHeadersContext(null);
         setNavigationContext(null);
         return new Response(interceptStream, {
@@ -2439,7 +4957,8 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
 
   // Render to RSC stream
-  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  const onRenderError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
 
   if (isRscRequest) {
     // Direct RSC stream response (for client-side navigation)
@@ -2667,7 +5186,7 @@ if (import.meta.hot) {
 "
 `;
 
-exports[`App Router entry templates > generateRscEntry snapshot (with config) 1`] = `
+exports[`App Router entry templates > generateRscEntry snapshot (with global error) 1`] = `
 "
 import {
   renderToReadableStream,
@@ -2819,7 +5338,7 @@ function __sanitizeErrorForClient(error) {
 // thrown during RSC streaming (e.g. inside Suspense boundaries).
 // For non-navigation errors in production, generates a digest hash so the
 // error can be correlated with server logs without leaking details.
-function rscOnError(error) {
+function rscOnError(error, requestInfo, errorContext) {
   if (error && typeof error === "object" && "digest" in error) {
     return String(error.digest);
   }
@@ -2865,6 +5384,16 @@ function rscOnError(error) {
     return undefined;
   }
 
+  if (requestInfo && errorContext && error) {
+    _reportRequestError(
+      error instanceof Error ? error : new Error(String(error)),
+      requestInfo,
+      errorContext,
+    ).catch((reportErr) => {
+      console.error("[vinext] Failed to report render error:", reportErr);
+    });
+  }
+
   // In production, generate a digest hash for non-navigation errors
   if (process.env.NODE_ENV === "production" && error) {
     const msg = error instanceof Error ? error.message : String(error);
@@ -2874,9 +5403,28 @@ function rscOnError(error) {
   return undefined;
 }
 
+function createRscOnErrorHandler(request, pathname, routePath) {
+  const requestInfo = {
+    path: pathname,
+    method: request.method,
+    headers: Object.fromEntries(request.headers.entries()),
+  };
+  const errorContext = {
+    routerKind: "App Router",
+    routePath: routePath || pathname,
+    routeType: "render",
+  };
+  return function(error) {
+    return rscOnError(error, requestInfo, errorContext);
+  };
+}
+
 import * as mod_0 from "/tmp/test/app/page.tsx";
 import * as mod_1 from "/tmp/test/app/layout.tsx";
 import * as mod_2 from "/tmp/test/app/about/page.tsx";
+import * as mod_3 from "/tmp/test/app/blog/[slug]/page.tsx";
+import * as mod_4 from "/tmp/test/app/blog/[slug]/layout.tsx";
+import * as mod_5 from "/tmp/test/app/global-error.tsx";
 
 
 
@@ -2922,6 +5470,27 @@ const routes = [
     notFounds: [null],
     forbidden: null,
     unauthorized: null,
+  },
+  {
+    pattern: "/blog/:slug",
+    isDynamic: true,
+    params: ["slug"],
+    page: mod_3,
+    routeHandler: null,
+    layouts: [mod_1, mod_4],
+    routeSegments: ["blog",":slug"],
+    layoutTreePositions: [0,1],
+    templates: [],
+    errors: [null, null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null, null],
+    forbidden: null,
+    unauthorized: null,
   }
 ];
 
@@ -3006,7 +5575,21 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
       }
     }
     
-    const rscStream = renderToReadableStream(element, { onError: rscOnError });
+    const _GlobalErrorComponent = mod_5.default;
+    if (_GlobalErrorComponent) {
+      element = createElement(ErrorBoundary, {
+        fallback: _GlobalErrorComponent,
+        children: element,
+      });
+    }
+    
+    const _pathname = new URL(request.url).pathname;
+    const onRenderError = createRscOnErrorHandler(
+      request,
+      _pathname,
+      route?.pattern ?? _pathname,
+    );
+    const rscStream = renderToReadableStream(element, { onError: onRenderError });
     setHeadersContext(null);
     setNavigationContext(null);
     return new Response(rscStream, {
@@ -3024,7 +5607,13 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
       element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParamsHtml });
     }
   }
-  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
   // Collect font data from RSC environment
   const fontData = {
     links: _getSSRFontLinks(),
@@ -3068,7 +5657,7 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       }
     }
   }
-  ErrorComponent = ErrorComponent;
+  ErrorComponent = ErrorComponent ?? mod_5?.default;
   if (!ErrorComponent) return null;
 
   const rawError = error instanceof Error ? error : new Error(String(error));
@@ -3103,7 +5692,21 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       }
     }
     
-    const rscStream = renderToReadableStream(element, { onError: rscOnError });
+    const _ErrGlobalComponent = mod_5.default;
+    if (_ErrGlobalComponent) {
+      element = createElement(ErrorBoundary, {
+        fallback: _ErrGlobalComponent,
+        children: element,
+      });
+    }
+    
+    const _pathname = new URL(request.url).pathname;
+    const onRenderError = createRscOnErrorHandler(
+      request,
+      _pathname,
+      route?.pattern ?? _pathname,
+    );
+    const rscStream = renderToReadableStream(element, { onError: onRenderError });
     setHeadersContext(null);
     setNavigationContext(null);
     return new Response(rscStream, {
@@ -3120,7 +5723,13 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
     }
   }
-  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
   // Collect font data from RSC environment so error pages include font styles
   const fontData = {
     links: _getSSRFontLinks(),
@@ -3440,17 +6049,25 @@ async function buildPageElement(route, params, opts, searchParams) {
   // Wrap with global error boundary if app/global-error.tsx exists.
   // This catches errors in the root layout itself.
   
+  const GlobalErrorComponent = mod_5.default;
+  if (GlobalErrorComponent) {
+    element = createElement(ErrorBoundary, {
+      fallback: GlobalErrorComponent,
+      children: element,
+    });
+  }
+  
 
   return element;
 }
 
 
 
-const __basePath = "/base";
-const __trailingSlash = true;
-const __configRedirects = [{"source":"/old","destination":"/new","permanent":true}];
-const __configRewrites = {"beforeFiles":[{"source":"/api/:path*","destination":"/backend/:path*"}],"afterFiles":[],"fallback":[]};
-const __configHeaders = [{"source":"/api/:path*","headers":[{"key":"X-Custom","value":"test"}]}];
+const __basePath = "";
+const __trailingSlash = false;
+const __configRedirects = [];
+const __configRewrites = {"beforeFiles":[],"afterFiles":[],"fallback":[]};
+const __configHeaders = [];
 const __allowedOrigins = [];
 
 
@@ -3970,7 +6587,7 @@ export default async function handler(request) {
                 const url = new URL(request.url);
                 let pathname;
                 try { pathname = __normalizePath(decodeURIComponent(url.pathname)); } catch { pathname = url.pathname; }
-                if (pathname.startsWith("/base")) pathname = pathname.slice("/base".length) || "/";
+                
                 const extraHeaders = __applyConfigHeaders(pathname, __reqCtx);
                 for (const h of extraHeaders) {
                   // Use append() for headers where multiple values must coexist
@@ -4031,11 +6648,6 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   let pathname = __normalizePath(decodedUrlPathname);
 
   
-  // Strip basePath prefix
-  if (__basePath && pathname.startsWith(__basePath)) {
-    pathname = pathname.slice(__basePath.length) || "/";
-  }
-  
 
   // Trailing slash normalization (redirect to canonical form)
   if (pathname !== "/" && !pathname.startsWith("/api")) {
@@ -4279,9 +6891,14 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
         element = createElement("div", null, "Page not found");
       }
 
+      const onRenderError = createRscOnErrorHandler(
+        request,
+        cleanPathname,
+        match ? match.route.pattern : cleanPathname,
+      );
       const rscStream = renderToReadableStream(
         { root: element, returnValue },
-        { temporaryReferences, onError: rscOnError },
+        { temporaryReferences, onError: onRenderError },
       );
 
       // Collect cookies set during the action
@@ -4600,7 +7217,12 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
           interceptPage: intercept.page,
           interceptParams: intercept.matchedParams,
         }, url.searchParams);
-        const interceptStream = renderToReadableStream(interceptElement, { onError: rscOnError });
+        const interceptOnError = createRscOnErrorHandler(
+          request,
+          cleanPathname,
+          sourceRoute.pattern,
+        );
+        const interceptStream = renderToReadableStream(interceptElement, { onError: interceptOnError });
         setHeadersContext(null);
         setNavigationContext(null);
         return new Response(interceptStream, {
@@ -4790,7 +7412,8 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
 
   // Render to RSC stream
-  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  const onRenderError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
 
   if (isRscRequest) {
     // Direct RSC stream response (for client-side navigation)
@@ -5170,7 +7793,7 @@ function __sanitizeErrorForClient(error) {
 // thrown during RSC streaming (e.g. inside Suspense boundaries).
 // For non-navigation errors in production, generates a digest hash so the
 // error can be correlated with server logs without leaking details.
-function rscOnError(error) {
+function rscOnError(error, requestInfo, errorContext) {
   if (error && typeof error === "object" && "digest" in error) {
     return String(error.digest);
   }
@@ -5216,6 +7839,16 @@ function rscOnError(error) {
     return undefined;
   }
 
+  if (requestInfo && errorContext && error) {
+    _reportRequestError(
+      error instanceof Error ? error : new Error(String(error)),
+      requestInfo,
+      errorContext,
+    ).catch((reportErr) => {
+      console.error("[vinext] Failed to report render error:", reportErr);
+    });
+  }
+
   // In production, generate a digest hash for non-navigation errors
   if (process.env.NODE_ENV === "production" && error) {
     const msg = error instanceof Error ? error.message : String(error);
@@ -5225,9 +7858,27 @@ function rscOnError(error) {
   return undefined;
 }
 
+function createRscOnErrorHandler(request, pathname, routePath) {
+  const requestInfo = {
+    path: pathname,
+    method: request.method,
+    headers: Object.fromEntries(request.headers.entries()),
+  };
+  const errorContext = {
+    routerKind: "App Router",
+    routePath: routePath || pathname,
+    routeType: "render",
+  };
+  return function(error) {
+    return rscOnError(error, requestInfo, errorContext);
+  };
+}
+
 import * as mod_0 from "/tmp/test/app/page.tsx";
 import * as mod_1 from "/tmp/test/app/layout.tsx";
 import * as mod_2 from "/tmp/test/app/about/page.tsx";
+import * as mod_3 from "/tmp/test/app/blog/[slug]/page.tsx";
+import * as mod_4 from "/tmp/test/app/blog/[slug]/layout.tsx";
 
 // Run instrumentation register() once at module evaluation time — before any
 // requests are handled. This runs inside the Worker process (or RSC environment),
@@ -5288,6 +7939,27 @@ const routes = [
     notFounds: [null],
     forbidden: null,
     unauthorized: null,
+  },
+  {
+    pattern: "/blog/:slug",
+    isDynamic: true,
+    params: ["slug"],
+    page: mod_3,
+    routeHandler: null,
+    layouts: [mod_1, mod_4],
+    routeSegments: ["blog",":slug"],
+    layoutTreePositions: [0,1],
+    templates: [],
+    errors: [null, null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null, null],
+    forbidden: null,
+    unauthorized: null,
   }
 ];
 
@@ -5372,7 +8044,13 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
       }
     }
     
-    const rscStream = renderToReadableStream(element, { onError: rscOnError });
+    const _pathname = new URL(request.url).pathname;
+    const onRenderError = createRscOnErrorHandler(
+      request,
+      _pathname,
+      route?.pattern ?? _pathname,
+    );
+    const rscStream = renderToReadableStream(element, { onError: onRenderError });
     setHeadersContext(null);
     setNavigationContext(null);
     return new Response(rscStream, {
@@ -5390,7 +8068,13 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
       element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParamsHtml });
     }
   }
-  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
   // Collect font data from RSC environment
   const fontData = {
     links: _getSSRFontLinks(),
@@ -5469,7 +8153,13 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       }
     }
     
-    const rscStream = renderToReadableStream(element, { onError: rscOnError });
+    const _pathname = new URL(request.url).pathname;
+    const onRenderError = createRscOnErrorHandler(
+      request,
+      _pathname,
+      route?.pattern ?? _pathname,
+    );
+    const rscStream = renderToReadableStream(element, { onError: onRenderError });
     setHeadersContext(null);
     setNavigationContext(null);
     return new Response(rscStream, {
@@ -5486,7 +8176,13 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
     }
   }
-  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
   // Collect font data from RSC environment so error pages include font styles
   const fontData = {
     links: _getSSRFontLinks(),
@@ -6640,9 +9336,14 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
         element = createElement("div", null, "Page not found");
       }
 
+      const onRenderError = createRscOnErrorHandler(
+        request,
+        cleanPathname,
+        match ? match.route.pattern : cleanPathname,
+      );
       const rscStream = renderToReadableStream(
         { root: element, returnValue },
-        { temporaryReferences, onError: rscOnError },
+        { temporaryReferences, onError: onRenderError },
       );
 
       // Collect cookies set during the action
@@ -6961,7 +9662,12 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
           interceptPage: intercept.page,
           interceptParams: intercept.matchedParams,
         }, url.searchParams);
-        const interceptStream = renderToReadableStream(interceptElement, { onError: rscOnError });
+        const interceptOnError = createRscOnErrorHandler(
+          request,
+          cleanPathname,
+          sourceRoute.pattern,
+        );
+        const interceptStream = renderToReadableStream(interceptElement, { onError: interceptOnError });
         setHeadersContext(null);
         setNavigationContext(null);
         return new Response(interceptStream, {
@@ -7151,7 +9857,8 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
 
   // Render to RSC stream
-  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  const onRenderError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
 
   if (isRscRequest) {
     // Direct RSC stream response (for client-side navigation)
@@ -7531,7 +10238,7 @@ function __sanitizeErrorForClient(error) {
 // thrown during RSC streaming (e.g. inside Suspense boundaries).
 // For non-navigation errors in production, generates a digest hash so the
 // error can be correlated with server logs without leaking details.
-function rscOnError(error) {
+function rscOnError(error, requestInfo, errorContext) {
   if (error && typeof error === "object" && "digest" in error) {
     return String(error.digest);
   }
@@ -7577,6 +10284,16 @@ function rscOnError(error) {
     return undefined;
   }
 
+  if (requestInfo && errorContext && error) {
+    _reportRequestError(
+      error instanceof Error ? error : new Error(String(error)),
+      requestInfo,
+      errorContext,
+    ).catch((reportErr) => {
+      console.error("[vinext] Failed to report render error:", reportErr);
+    });
+  }
+
   // In production, generate a digest hash for non-navigation errors
   if (process.env.NODE_ENV === "production" && error) {
     const msg = error instanceof Error ? error.message : String(error);
@@ -7586,9 +10303,27 @@ function rscOnError(error) {
   return undefined;
 }
 
+function createRscOnErrorHandler(request, pathname, routePath) {
+  const requestInfo = {
+    path: pathname,
+    method: request.method,
+    headers: Object.fromEntries(request.headers.entries()),
+  };
+  const errorContext = {
+    routerKind: "App Router",
+    routePath: routePath || pathname,
+    routeType: "render",
+  };
+  return function(error) {
+    return rscOnError(error, requestInfo, errorContext);
+  };
+}
+
 import * as mod_0 from "/tmp/test/app/page.tsx";
 import * as mod_1 from "/tmp/test/app/layout.tsx";
 import * as mod_2 from "/tmp/test/app/about/page.tsx";
+import * as mod_3 from "/tmp/test/app/blog/[slug]/page.tsx";
+import * as mod_4 from "/tmp/test/app/blog/[slug]/layout.tsx";
 
 
 
@@ -7634,6 +10369,27 @@ const routes = [
     notFounds: [null],
     forbidden: null,
     unauthorized: null,
+  },
+  {
+    pattern: "/blog/:slug",
+    isDynamic: true,
+    params: ["slug"],
+    page: mod_3,
+    routeHandler: null,
+    layouts: [mod_1, mod_4],
+    routeSegments: ["blog",":slug"],
+    layoutTreePositions: [0,1],
+    templates: [],
+    errors: [null, null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null, null],
+    forbidden: null,
+    unauthorized: null,
   }
 ];
 
@@ -7718,7 +10474,13 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
       }
     }
     
-    const rscStream = renderToReadableStream(element, { onError: rscOnError });
+    const _pathname = new URL(request.url).pathname;
+    const onRenderError = createRscOnErrorHandler(
+      request,
+      _pathname,
+      route?.pattern ?? _pathname,
+    );
+    const rscStream = renderToReadableStream(element, { onError: onRenderError });
     setHeadersContext(null);
     setNavigationContext(null);
     return new Response(rscStream, {
@@ -7736,7 +10498,13 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
       element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParamsHtml });
     }
   }
-  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
   // Collect font data from RSC environment
   const fontData = {
     links: _getSSRFontLinks(),
@@ -7815,7 +10583,13 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       }
     }
     
-    const rscStream = renderToReadableStream(element, { onError: rscOnError });
+    const _pathname = new URL(request.url).pathname;
+    const onRenderError = createRscOnErrorHandler(
+      request,
+      _pathname,
+      route?.pattern ?? _pathname,
+    );
+    const rscStream = renderToReadableStream(element, { onError: onRenderError });
     setHeadersContext(null);
     setNavigationContext(null);
     return new Response(rscStream, {
@@ -7832,7 +10606,13 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
     }
   }
-  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
   // Collect font data from RSC environment so error pages include font styles
   const fontData = {
     links: _getSSRFontLinks(),
@@ -9110,9 +11890,14 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
         element = createElement("div", null, "Page not found");
       }
 
+      const onRenderError = createRscOnErrorHandler(
+        request,
+        cleanPathname,
+        match ? match.route.pattern : cleanPathname,
+      );
       const rscStream = renderToReadableStream(
         { root: element, returnValue },
-        { temporaryReferences, onError: rscOnError },
+        { temporaryReferences, onError: onRenderError },
       );
 
       // Collect cookies set during the action
@@ -9431,7 +12216,12 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
           interceptPage: intercept.page,
           interceptParams: intercept.matchedParams,
         }, url.searchParams);
-        const interceptStream = renderToReadableStream(interceptElement, { onError: rscOnError });
+        const interceptOnError = createRscOnErrorHandler(
+          request,
+          cleanPathname,
+          sourceRoute.pattern,
+        );
+        const interceptStream = renderToReadableStream(interceptElement, { onError: interceptOnError });
         setHeadersContext(null);
         setNavigationContext(null);
         return new Response(interceptStream, {
@@ -9621,7 +12411,8 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
 
   // Render to RSC stream
-  const rscStream = renderToReadableStream(element, { onError: rscOnError });
+  const onRenderError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
 
   if (isRscRequest) {
     // Direct RSC stream response (for client-side navigation)
diff --git a/tests/entry-templates.test.ts b/tests/entry-templates.test.ts
index dc97920a..a8083ef7 100644
--- a/tests/entry-templates.test.ts
+++ b/tests/entry-templates.test.ts
@@ -71,6 +71,25 @@ const minimalAppRoutes: AppRoute[] = [
     isDynamic: false,
     params: [],
   },
+  {
+    pattern: "/blog/:slug",
+    pagePath: "/tmp/test/app/blog/[slug]/page.tsx",
+    routePath: null,
+    layouts: ["/tmp/test/app/layout.tsx", "/tmp/test/app/blog/[slug]/layout.tsx"],
+    templates: [],
+    parallelSlots: [],
+    loadingPath: null,
+    errorPath: null,
+    layoutErrorPaths: [null, null],
+    notFoundPath: null,
+    notFoundPaths: [null, null],
+    forbiddenPath: null,
+    unauthorizedPath: null,
+    routeSegments: ["blog", ":slug"],
+    layoutTreePositions: [0, 1],
+    isDynamic: true,
+    params: ["slug"],
+  },
 ];
 
 // ── Pages Router fixture ──────────────────────────────────────────────
@@ -126,6 +145,19 @@ describe("App Router entry templates", () => {
     expect(code).toMatchSnapshot();
   });
 
+  it("generateRscEntry snapshot (with global error)", () => {
+    const code = generateRscEntry(
+      "/tmp/test/app",
+      minimalAppRoutes,
+      null,
+      [],
+      "/tmp/test/app/global-error.tsx",
+      "",
+      false,
+    );
+    expect(code).toMatchSnapshot();
+  });
+
   it("generateRscEntry snapshot (with config)", () => {
     const config: AppRouterConfig = {
       redirects: [

From ad716e53d093172897caafb683c3a720d7daf757 Mon Sep 17 00:00:00 2001
From: MD YUNUS <admin@yunuscollege.eu.org>
Date: Sun, 8 Mar 2026 21:55:30 +0530
Subject: [PATCH 5/8] test: address final bonk review comments

- Add allowedOrigins and allowedDevOrigins to the 'with config' test
  case to cover CSRF validation and dev origin checking code paths
- Replace as any cast with proper type guard for pluginContainer.load()
  result
---
 tests/__snapshots__/entry-templates.test.ts.snap | 4 ++--
 tests/entry-templates.test.ts                    | 6 +++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/tests/__snapshots__/entry-templates.test.ts.snap b/tests/__snapshots__/entry-templates.test.ts.snap
index 7ea3de7c..58305b35 100644
--- a/tests/__snapshots__/entry-templates.test.ts.snap
+++ b/tests/__snapshots__/entry-templates.test.ts.snap
@@ -3608,12 +3608,12 @@ const __trailingSlash = true;
 const __configRedirects = [{"source":"/old","destination":"/new","permanent":true}];
 const __configRewrites = {"beforeFiles":[{"source":"/api/:path*","destination":"/backend/:path*"}],"afterFiles":[],"fallback":[]};
 const __configHeaders = [{"source":"/api/:path*","headers":[{"key":"X-Custom","value":"test"}]}];
-const __allowedOrigins = [];
+const __allowedOrigins = ["https://example.com"];
 
 
 // ── Dev server origin verification ──────────────────────────────────────
 // Block cross-origin requests to prevent data exfiltration during development.
-const __allowedDevOrigins = [];
+const __allowedDevOrigins = ["localhost:3001"];
 const __safeDevHosts = ["localhost", "127.0.0.1", "[::1]"];
 
 function __validateDevRequestOrigin(request) {
diff --git a/tests/entry-templates.test.ts b/tests/entry-templates.test.ts
index a8083ef7..5656fbbc 100644
--- a/tests/entry-templates.test.ts
+++ b/tests/entry-templates.test.ts
@@ -176,6 +176,8 @@ describe("App Router entry templates", () => {
           headers: [{ key: "X-Custom", value: "test" }],
         },
       ],
+      allowedOrigins: ["https://example.com"],
+      allowedDevOrigins: ["localhost:3001"],
     };
     const code = generateRscEntry(
       "/tmp/test/app",
@@ -228,7 +230,9 @@ describe("Pages Router entry templates", () => {
     expect(loaded).toBeTruthy();
     return typeof loaded === "string"
       ? loaded
-      : (loaded as any)?.code ?? "";
+      : typeof loaded === "object" && loaded !== null && "code" in loaded
+        ? loaded.code
+        : "";
   }
 
   it("server entry snapshot", async () => {

From 08c8799e6ae2336f5ca8aa00fba01e0a9d866346 Mon Sep 17 00:00:00 2001
From: MD YUNUS <admin@yunuscollege.eu.org>
Date: Sun, 8 Mar 2026 22:14:02 +0530
Subject: [PATCH 6/8] test: update snapshots after merge with main

Merge upstream/main which includes f1e98b9 (don't clear RSC context
before lazy stream is consumed). Update 5 snapshots to reflect the
replaced setHeadersContext/setNavigationContext(null) calls with
comments explaining lazy stream context lifecycle.
---
 .../entry-templates.test.ts.snap              | 150 ++++++++++++------
 1 file changed, 105 insertions(+), 45 deletions(-)

diff --git a/tests/__snapshots__/entry-templates.test.ts.snap b/tests/__snapshots__/entry-templates.test.ts.snap
index 58305b35..00141e03 100644
--- a/tests/__snapshots__/entry-templates.test.ts.snap
+++ b/tests/__snapshots__/entry-templates.test.ts.snap
@@ -716,8 +716,12 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
       route?.pattern ?? _pathname,
     );
     const rscStream = renderToReadableStream(element, { onError: onRenderError });
-    setHeadersContext(null);
-    setNavigationContext(null);
+    // Do NOT clear context here — the RSC stream is consumed lazily by the client.
+    // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
+    // that run during stream consumption to see null headers/navigation context and throw,
+    // resulting in missing provider context on the client (e.g. next-intl useTranslations fails
+    // with "context from NextIntlClientProvider was not found").
+    // Context is cleared naturally when the ALS scope from runWithHeadersContext unwinds.
     return new Response(rscStream, {
       status: statusCode,
       headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
@@ -825,8 +829,12 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       route?.pattern ?? _pathname,
     );
     const rscStream = renderToReadableStream(element, { onError: onRenderError });
-    setHeadersContext(null);
-    setNavigationContext(null);
+    // Do NOT clear context here — the RSC stream is consumed lazily by the client.
+    // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
+    // that run during stream consumption to see null headers/navigation context and throw,
+    // resulting in missing provider context on the client (e.g. next-intl useTranslations fails
+    // with "context from NextIntlClientProvider was not found").
+    // Context is cleared naturally when the ALS scope from runWithHeadersContext unwinds.
     return new Response(rscStream, {
       status: 200,
       headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
@@ -2011,11 +2019,13 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
         { temporaryReferences, onError: onRenderError },
       );
 
-      // Collect cookies set during the action
+      // Collect cookies set during the action synchronously (before stream is consumed).
+      // Do NOT clear headers/navigation context here — the RSC stream is consumed lazily
+      // by the client, and async server components that run during consumption need the
+      // context to still be live. The AsyncLocalStorage scope from runWithHeadersContext
+      // handles cleanup naturally when all async continuations complete.
       const actionPendingCookies = getAndClearPendingCookies();
       const actionDraftCookie = getDraftModeCookieHeader();
-      setHeadersContext(null);
-      setNavigationContext(null);
 
       const actionHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
       const actionResponse = new Response(rscStream, { headers: actionHeaders });
@@ -2333,8 +2343,10 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
           sourceRoute.pattern,
         );
         const interceptStream = renderToReadableStream(interceptElement, { onError: interceptOnError });
-        setHeadersContext(null);
-        setNavigationContext(null);
+        // Do NOT clear headers/navigation context here — the RSC stream is consumed lazily
+        // by the client, and async server components that run during consumption need the
+        // context to still be live. The AsyncLocalStorage scope from runWithHeadersContext
+        // handles cleanup naturally when all async continuations complete.
         return new Response(interceptStream, {
           headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
         });
@@ -3146,8 +3158,12 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
       route?.pattern ?? _pathname,
     );
     const rscStream = renderToReadableStream(element, { onError: onRenderError });
-    setHeadersContext(null);
-    setNavigationContext(null);
+    // Do NOT clear context here — the RSC stream is consumed lazily by the client.
+    // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
+    // that run during stream consumption to see null headers/navigation context and throw,
+    // resulting in missing provider context on the client (e.g. next-intl useTranslations fails
+    // with "context from NextIntlClientProvider was not found").
+    // Context is cleared naturally when the ALS scope from runWithHeadersContext unwinds.
     return new Response(rscStream, {
       status: statusCode,
       headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
@@ -3255,8 +3271,12 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       route?.pattern ?? _pathname,
     );
     const rscStream = renderToReadableStream(element, { onError: onRenderError });
-    setHeadersContext(null);
-    setNavigationContext(null);
+    // Do NOT clear context here — the RSC stream is consumed lazily by the client.
+    // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
+    // that run during stream consumption to see null headers/navigation context and throw,
+    // resulting in missing provider context on the client (e.g. next-intl useTranslations fails
+    // with "context from NextIntlClientProvider was not found").
+    // Context is cleared naturally when the ALS scope from runWithHeadersContext unwinds.
     return new Response(rscStream, {
       status: 200,
       headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
@@ -4446,11 +4466,13 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
         { temporaryReferences, onError: onRenderError },
       );
 
-      // Collect cookies set during the action
+      // Collect cookies set during the action synchronously (before stream is consumed).
+      // Do NOT clear headers/navigation context here — the RSC stream is consumed lazily
+      // by the client, and async server components that run during consumption need the
+      // context to still be live. The AsyncLocalStorage scope from runWithHeadersContext
+      // handles cleanup naturally when all async continuations complete.
       const actionPendingCookies = getAndClearPendingCookies();
       const actionDraftCookie = getDraftModeCookieHeader();
-      setHeadersContext(null);
-      setNavigationContext(null);
 
       const actionHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
       const actionResponse = new Response(rscStream, { headers: actionHeaders });
@@ -4768,8 +4790,10 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
           sourceRoute.pattern,
         );
         const interceptStream = renderToReadableStream(interceptElement, { onError: interceptOnError });
-        setHeadersContext(null);
-        setNavigationContext(null);
+        // Do NOT clear headers/navigation context here — the RSC stream is consumed lazily
+        // by the client, and async server components that run during consumption need the
+        // context to still be live. The AsyncLocalStorage scope from runWithHeadersContext
+        // handles cleanup naturally when all async continuations complete.
         return new Response(interceptStream, {
           headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
         });
@@ -5590,8 +5614,12 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
       route?.pattern ?? _pathname,
     );
     const rscStream = renderToReadableStream(element, { onError: onRenderError });
-    setHeadersContext(null);
-    setNavigationContext(null);
+    // Do NOT clear context here — the RSC stream is consumed lazily by the client.
+    // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
+    // that run during stream consumption to see null headers/navigation context and throw,
+    // resulting in missing provider context on the client (e.g. next-intl useTranslations fails
+    // with "context from NextIntlClientProvider was not found").
+    // Context is cleared naturally when the ALS scope from runWithHeadersContext unwinds.
     return new Response(rscStream, {
       status: statusCode,
       headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
@@ -5707,8 +5735,12 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       route?.pattern ?? _pathname,
     );
     const rscStream = renderToReadableStream(element, { onError: onRenderError });
-    setHeadersContext(null);
-    setNavigationContext(null);
+    // Do NOT clear context here — the RSC stream is consumed lazily by the client.
+    // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
+    // that run during stream consumption to see null headers/navigation context and throw,
+    // resulting in missing provider context on the client (e.g. next-intl useTranslations fails
+    // with "context from NextIntlClientProvider was not found").
+    // Context is cleared naturally when the ALS scope from runWithHeadersContext unwinds.
     return new Response(rscStream, {
       status: 200,
       headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
@@ -6901,11 +6933,13 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
         { temporaryReferences, onError: onRenderError },
       );
 
-      // Collect cookies set during the action
+      // Collect cookies set during the action synchronously (before stream is consumed).
+      // Do NOT clear headers/navigation context here — the RSC stream is consumed lazily
+      // by the client, and async server components that run during consumption need the
+      // context to still be live. The AsyncLocalStorage scope from runWithHeadersContext
+      // handles cleanup naturally when all async continuations complete.
       const actionPendingCookies = getAndClearPendingCookies();
       const actionDraftCookie = getDraftModeCookieHeader();
-      setHeadersContext(null);
-      setNavigationContext(null);
 
       const actionHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
       const actionResponse = new Response(rscStream, { headers: actionHeaders });
@@ -7223,8 +7257,10 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
           sourceRoute.pattern,
         );
         const interceptStream = renderToReadableStream(interceptElement, { onError: interceptOnError });
-        setHeadersContext(null);
-        setNavigationContext(null);
+        // Do NOT clear headers/navigation context here — the RSC stream is consumed lazily
+        // by the client, and async server components that run during consumption need the
+        // context to still be live. The AsyncLocalStorage scope from runWithHeadersContext
+        // handles cleanup naturally when all async continuations complete.
         return new Response(interceptStream, {
           headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
         });
@@ -8051,8 +8087,12 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
       route?.pattern ?? _pathname,
     );
     const rscStream = renderToReadableStream(element, { onError: onRenderError });
-    setHeadersContext(null);
-    setNavigationContext(null);
+    // Do NOT clear context here — the RSC stream is consumed lazily by the client.
+    // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
+    // that run during stream consumption to see null headers/navigation context and throw,
+    // resulting in missing provider context on the client (e.g. next-intl useTranslations fails
+    // with "context from NextIntlClientProvider was not found").
+    // Context is cleared naturally when the ALS scope from runWithHeadersContext unwinds.
     return new Response(rscStream, {
       status: statusCode,
       headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
@@ -8160,8 +8200,12 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       route?.pattern ?? _pathname,
     );
     const rscStream = renderToReadableStream(element, { onError: onRenderError });
-    setHeadersContext(null);
-    setNavigationContext(null);
+    // Do NOT clear context here — the RSC stream is consumed lazily by the client.
+    // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
+    // that run during stream consumption to see null headers/navigation context and throw,
+    // resulting in missing provider context on the client (e.g. next-intl useTranslations fails
+    // with "context from NextIntlClientProvider was not found").
+    // Context is cleared naturally when the ALS scope from runWithHeadersContext unwinds.
     return new Response(rscStream, {
       status: 200,
       headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
@@ -9346,11 +9390,13 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
         { temporaryReferences, onError: onRenderError },
       );
 
-      // Collect cookies set during the action
+      // Collect cookies set during the action synchronously (before stream is consumed).
+      // Do NOT clear headers/navigation context here — the RSC stream is consumed lazily
+      // by the client, and async server components that run during consumption need the
+      // context to still be live. The AsyncLocalStorage scope from runWithHeadersContext
+      // handles cleanup naturally when all async continuations complete.
       const actionPendingCookies = getAndClearPendingCookies();
       const actionDraftCookie = getDraftModeCookieHeader();
-      setHeadersContext(null);
-      setNavigationContext(null);
 
       const actionHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
       const actionResponse = new Response(rscStream, { headers: actionHeaders });
@@ -9668,8 +9714,10 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
           sourceRoute.pattern,
         );
         const interceptStream = renderToReadableStream(interceptElement, { onError: interceptOnError });
-        setHeadersContext(null);
-        setNavigationContext(null);
+        // Do NOT clear headers/navigation context here — the RSC stream is consumed lazily
+        // by the client, and async server components that run during consumption need the
+        // context to still be live. The AsyncLocalStorage scope from runWithHeadersContext
+        // handles cleanup naturally when all async continuations complete.
         return new Response(interceptStream, {
           headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
         });
@@ -10481,8 +10529,12 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
       route?.pattern ?? _pathname,
     );
     const rscStream = renderToReadableStream(element, { onError: onRenderError });
-    setHeadersContext(null);
-    setNavigationContext(null);
+    // Do NOT clear context here — the RSC stream is consumed lazily by the client.
+    // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
+    // that run during stream consumption to see null headers/navigation context and throw,
+    // resulting in missing provider context on the client (e.g. next-intl useTranslations fails
+    // with "context from NextIntlClientProvider was not found").
+    // Context is cleared naturally when the ALS scope from runWithHeadersContext unwinds.
     return new Response(rscStream, {
       status: statusCode,
       headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
@@ -10590,8 +10642,12 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       route?.pattern ?? _pathname,
     );
     const rscStream = renderToReadableStream(element, { onError: onRenderError });
-    setHeadersContext(null);
-    setNavigationContext(null);
+    // Do NOT clear context here — the RSC stream is consumed lazily by the client.
+    // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
+    // that run during stream consumption to see null headers/navigation context and throw,
+    // resulting in missing provider context on the client (e.g. next-intl useTranslations fails
+    // with "context from NextIntlClientProvider was not found").
+    // Context is cleared naturally when the ALS scope from runWithHeadersContext unwinds.
     return new Response(rscStream, {
       status: 200,
       headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
@@ -11900,11 +11956,13 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
         { temporaryReferences, onError: onRenderError },
       );
 
-      // Collect cookies set during the action
+      // Collect cookies set during the action synchronously (before stream is consumed).
+      // Do NOT clear headers/navigation context here — the RSC stream is consumed lazily
+      // by the client, and async server components that run during consumption need the
+      // context to still be live. The AsyncLocalStorage scope from runWithHeadersContext
+      // handles cleanup naturally when all async continuations complete.
       const actionPendingCookies = getAndClearPendingCookies();
       const actionDraftCookie = getDraftModeCookieHeader();
-      setHeadersContext(null);
-      setNavigationContext(null);
 
       const actionHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
       const actionResponse = new Response(rscStream, { headers: actionHeaders });
@@ -12222,8 +12280,10 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
           sourceRoute.pattern,
         );
         const interceptStream = renderToReadableStream(interceptElement, { onError: interceptOnError });
-        setHeadersContext(null);
-        setNavigationContext(null);
+        // Do NOT clear headers/navigation context here — the RSC stream is consumed lazily
+        // by the client, and async server components that run during consumption need the
+        // context to still be live. The AsyncLocalStorage scope from runWithHeadersContext
+        // handles cleanup naturally when all async continuations complete.
         return new Response(interceptStream, {
           headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
         });

From 0926176c679cb61d5f8c50c608eff5fda2fc332d Mon Sep 17 00:00:00 2001
From: MD YUNUS <admin@yunuscollege.eu.org>
Date: Mon, 9 Mar 2026 02:35:45 +0530
Subject: [PATCH 7/8] test: add metadata routes test, enrich route fixture with
 loading/error/template/notFound

---
 .../entry-templates.test.ts.snap              | 2625 ++++++++++++++++-
 tests/entry-templates.test.ts                 |   42 +
 2 files changed, 2660 insertions(+), 7 deletions(-)

diff --git a/tests/__snapshots__/entry-templates.test.ts.snap b/tests/__snapshots__/entry-templates.test.ts.snap
index 00141e03..8cd4ad0d 100644
--- a/tests/__snapshots__/entry-templates.test.ts.snap
+++ b/tests/__snapshots__/entry-templates.test.ts.snap
@@ -559,6 +559,12 @@ import * as mod_1 from "/tmp/test/app/layout.tsx";
 import * as mod_2 from "/tmp/test/app/about/page.tsx";
 import * as mod_3 from "/tmp/test/app/blog/[slug]/page.tsx";
 import * as mod_4 from "/tmp/test/app/blog/[slug]/layout.tsx";
+import * as mod_5 from "/tmp/test/app/dashboard/page.tsx";
+import * as mod_6 from "/tmp/test/app/dashboard/layout.tsx";
+import * as mod_7 from "/tmp/test/app/dashboard/template.tsx";
+import * as mod_8 from "/tmp/test/app/dashboard/loading.tsx";
+import * as mod_9 from "/tmp/test/app/dashboard/error.tsx";
+import * as mod_10 from "/tmp/test/app/dashboard/not-found.tsx";
 
 
 
@@ -625,6 +631,27 @@ const routes = [
     notFounds: [null, null],
     forbidden: null,
     unauthorized: null,
+  },
+  {
+    pattern: "/dashboard",
+    isDynamic: false,
+    params: [],
+    page: mod_5,
+    routeHandler: null,
+    layouts: [mod_1, mod_6],
+    routeSegments: ["dashboard"],
+    layoutTreePositions: [0,1],
+    templates: [mod_7],
+    errors: [null, mod_9],
+    slots: {
+
+    },
+    loading: mod_8,
+    error: mod_9,
+    notFound: mod_10,
+    notFounds: [null, mod_10],
+    forbidden: null,
+    unauthorized: null,
   }
 ];
 
@@ -3001,6 +3028,12 @@ import * as mod_1 from "/tmp/test/app/layout.tsx";
 import * as mod_2 from "/tmp/test/app/about/page.tsx";
 import * as mod_3 from "/tmp/test/app/blog/[slug]/page.tsx";
 import * as mod_4 from "/tmp/test/app/blog/[slug]/layout.tsx";
+import * as mod_5 from "/tmp/test/app/dashboard/page.tsx";
+import * as mod_6 from "/tmp/test/app/dashboard/layout.tsx";
+import * as mod_7 from "/tmp/test/app/dashboard/template.tsx";
+import * as mod_8 from "/tmp/test/app/dashboard/loading.tsx";
+import * as mod_9 from "/tmp/test/app/dashboard/error.tsx";
+import * as mod_10 from "/tmp/test/app/dashboard/not-found.tsx";
 
 
 
@@ -3067,6 +3100,27 @@ const routes = [
     notFounds: [null, null],
     forbidden: null,
     unauthorized: null,
+  },
+  {
+    pattern: "/dashboard",
+    isDynamic: false,
+    params: [],
+    page: mod_5,
+    routeHandler: null,
+    layouts: [mod_1, mod_6],
+    routeSegments: ["dashboard"],
+    layoutTreePositions: [0,1],
+    templates: [mod_7],
+    errors: [null, mod_9],
+    slots: {
+
+    },
+    loading: mod_8,
+    error: mod_9,
+    notFound: mod_10,
+    notFounds: [null, mod_10],
+    forbidden: null,
+    unauthorized: null,
   }
 ];
 
@@ -5448,7 +5502,13 @@ import * as mod_1 from "/tmp/test/app/layout.tsx";
 import * as mod_2 from "/tmp/test/app/about/page.tsx";
 import * as mod_3 from "/tmp/test/app/blog/[slug]/page.tsx";
 import * as mod_4 from "/tmp/test/app/blog/[slug]/layout.tsx";
-import * as mod_5 from "/tmp/test/app/global-error.tsx";
+import * as mod_5 from "/tmp/test/app/dashboard/page.tsx";
+import * as mod_6 from "/tmp/test/app/dashboard/layout.tsx";
+import * as mod_7 from "/tmp/test/app/dashboard/template.tsx";
+import * as mod_8 from "/tmp/test/app/dashboard/loading.tsx";
+import * as mod_9 from "/tmp/test/app/dashboard/error.tsx";
+import * as mod_10 from "/tmp/test/app/dashboard/not-found.tsx";
+import * as mod_11 from "/tmp/test/app/global-error.tsx";
 
 
 
@@ -5515,6 +5575,27 @@ const routes = [
     notFounds: [null, null],
     forbidden: null,
     unauthorized: null,
+  },
+  {
+    pattern: "/dashboard",
+    isDynamic: false,
+    params: [],
+    page: mod_5,
+    routeHandler: null,
+    layouts: [mod_1, mod_6],
+    routeSegments: ["dashboard"],
+    layoutTreePositions: [0,1],
+    templates: [mod_7],
+    errors: [null, mod_9],
+    slots: {
+
+    },
+    loading: mod_8,
+    error: mod_9,
+    notFound: mod_10,
+    notFounds: [null, mod_10],
+    forbidden: null,
+    unauthorized: null,
   }
 ];
 
@@ -5599,7 +5680,7 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
       }
     }
     
-    const _GlobalErrorComponent = mod_5.default;
+    const _GlobalErrorComponent = mod_11.default;
     if (_GlobalErrorComponent) {
       element = createElement(ErrorBoundary, {
         fallback: _GlobalErrorComponent,
@@ -5685,7 +5766,7 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       }
     }
   }
-  ErrorComponent = ErrorComponent ?? mod_5?.default;
+  ErrorComponent = ErrorComponent ?? mod_11?.default;
   if (!ErrorComponent) return null;
 
   const rawError = error instanceof Error ? error : new Error(String(error));
@@ -5720,7 +5801,7 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       }
     }
     
-    const _ErrGlobalComponent = mod_5.default;
+    const _ErrGlobalComponent = mod_11.default;
     if (_ErrGlobalComponent) {
       element = createElement(ErrorBoundary, {
         fallback: _ErrGlobalComponent,
@@ -6081,7 +6162,7 @@ async function buildPageElement(route, params, opts, searchParams) {
   // Wrap with global error boundary if app/global-error.tsx exists.
   // This catches errors in the root layout itself.
   
-  const GlobalErrorComponent = mod_5.default;
+  const GlobalErrorComponent = mod_11.default;
   if (GlobalErrorComponent) {
     element = createElement(ErrorBoundary, {
       fallback: GlobalErrorComponent,
@@ -7915,6 +7996,12 @@ import * as mod_1 from "/tmp/test/app/layout.tsx";
 import * as mod_2 from "/tmp/test/app/about/page.tsx";
 import * as mod_3 from "/tmp/test/app/blog/[slug]/page.tsx";
 import * as mod_4 from "/tmp/test/app/blog/[slug]/layout.tsx";
+import * as mod_5 from "/tmp/test/app/dashboard/page.tsx";
+import * as mod_6 from "/tmp/test/app/dashboard/layout.tsx";
+import * as mod_7 from "/tmp/test/app/dashboard/template.tsx";
+import * as mod_8 from "/tmp/test/app/dashboard/loading.tsx";
+import * as mod_9 from "/tmp/test/app/dashboard/error.tsx";
+import * as mod_10 from "/tmp/test/app/dashboard/not-found.tsx";
 
 // Run instrumentation register() once at module evaluation time — before any
 // requests are handled. This runs inside the Worker process (or RSC environment),
@@ -7996,6 +8083,27 @@ const routes = [
     notFounds: [null, null],
     forbidden: null,
     unauthorized: null,
+  },
+  {
+    pattern: "/dashboard",
+    isDynamic: false,
+    params: [],
+    page: mod_5,
+    routeHandler: null,
+    layouts: [mod_1, mod_6],
+    routeSegments: ["dashboard"],
+    layoutTreePositions: [0,1],
+    templates: [mod_7],
+    errors: [null, mod_9],
+    slots: {
+
+    },
+    loading: mod_8,
+    error: mod_9,
+    notFound: mod_10,
+    notFounds: [null, mod_10],
+    forbidden: null,
+    unauthorized: null,
   }
 ];
 
@@ -10134,7 +10242,7 @@ if (import.meta.hot) {
 "
 `;
 
-exports[`App Router entry templates > generateRscEntry snapshot (with middleware) 1`] = `
+exports[`App Router entry templates > generateRscEntry snapshot (with metadata routes) 1`] = `
 "
 import {
   renderToReadableStream,
@@ -10150,9 +10258,9 @@ import { NextRequest, NextFetchEvent } from "next/server";
 import { ErrorBoundary, NotFoundBoundary } from "vinext/error-boundary";
 import { LayoutSegmentProvider } from "vinext/layout-segment-context";
 import { MetadataHead, mergeMetadata, resolveModuleMetadata, ViewportHead, mergeViewport, resolveModuleViewport } from "vinext/metadata";
-import * as middlewareModule from "/tmp/test/middleware.ts";
 
 
+import { sitemapToXml, robotsToText, manifestToJson } from "C:/Users/Yunus/Downloads/vinext/packages/vinext/src/server/metadata-routes.js";
 import { _consumeRequestScopedCacheLife, _runWithCacheState } from "next/cache";
 import { runWithFetchCache } from "vinext/fetch-cache";
 import { runWithPrivateCache as _runWithPrivateCache } from "vinext/cache-runtime";
@@ -10372,6 +10480,13 @@ import * as mod_1 from "/tmp/test/app/layout.tsx";
 import * as mod_2 from "/tmp/test/app/about/page.tsx";
 import * as mod_3 from "/tmp/test/app/blog/[slug]/page.tsx";
 import * as mod_4 from "/tmp/test/app/blog/[slug]/layout.tsx";
+import * as mod_5 from "/tmp/test/app/dashboard/page.tsx";
+import * as mod_6 from "/tmp/test/app/dashboard/layout.tsx";
+import * as mod_7 from "/tmp/test/app/dashboard/template.tsx";
+import * as mod_8 from "/tmp/test/app/dashboard/loading.tsx";
+import * as mod_9 from "/tmp/test/app/dashboard/error.tsx";
+import * as mod_10 from "/tmp/test/app/dashboard/not-found.tsx";
+import * as mod_11 from "/tmp/test/app/sitemap.ts";
 
 
 
@@ -10438,6 +10553,2502 @@ const routes = [
     notFounds: [null, null],
     forbidden: null,
     unauthorized: null,
+  },
+  {
+    pattern: "/dashboard",
+    isDynamic: false,
+    params: [],
+    page: mod_5,
+    routeHandler: null,
+    layouts: [mod_1, mod_6],
+    routeSegments: ["dashboard"],
+    layoutTreePositions: [0,1],
+    templates: [mod_7],
+    errors: [null, mod_9],
+    slots: {
+
+    },
+    loading: mod_8,
+    error: mod_9,
+    notFound: mod_10,
+    notFounds: [null, mod_10],
+    forbidden: null,
+    unauthorized: null,
+  }
+];
+
+const metadataRoutes = [
+  {
+    type: "sitemap",
+    isDynamic: true,
+    servedUrl: "/sitemap.xml",
+    contentType: "application/xml",
+    module: mod_11,
+  }
+];
+
+const rootNotFoundModule = null;
+const rootForbiddenModule = null;
+const rootUnauthorizedModule = null;
+const rootLayouts = [mod_1];
+
+/**
+ * Render an HTTP access fallback page (not-found/forbidden/unauthorized) with layouts and noindex meta.
+ * Returns null if no matching component is available.
+ *
+ * @param opts.boundaryComponent - Override the boundary component (for layout-level notFound)
+ * @param opts.layouts - Override the layouts to wrap with (for layout-level notFound, excludes the throwing layout)
+ */
+async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, opts) {
+  // Determine which boundary component to use based on status code
+  let BoundaryComponent = opts?.boundaryComponent ?? null;
+  if (!BoundaryComponent) {
+    let boundaryModule;
+    if (statusCode === 403) {
+      boundaryModule = route?.forbidden ?? rootForbiddenModule;
+    } else if (statusCode === 401) {
+      boundaryModule = route?.unauthorized ?? rootUnauthorizedModule;
+    } else {
+      boundaryModule = route?.notFound ?? rootNotFoundModule;
+    }
+    BoundaryComponent = boundaryModule?.default ?? null;
+  }
+  const layouts = opts?.layouts ?? route?.layouts ?? rootLayouts;
+  if (!BoundaryComponent) return null;
+
+  // Resolve metadata and viewport from parent layouts so that not-found/error
+  // pages inherit title, description, OG tags etc. — matching Next.js behavior.
+  const metadataList = [];
+  const viewportList = [];
+  for (const layoutMod of layouts) {
+    if (layoutMod) {
+      const meta = await resolveModuleMetadata(layoutMod);
+      if (meta) metadataList.push(meta);
+      const vp = await resolveModuleViewport(layoutMod);
+      if (vp) viewportList.push(vp);
+    }
+  }
+  const resolvedMetadata = metadataList.length > 0 ? mergeMetadata(metadataList) : null;
+  const resolvedViewport = mergeViewport(viewportList);
+
+  // Build element: metadata head + noindex meta + boundary component wrapped in layouts
+  // Always include charset and default viewport for parity with Next.js.
+  const charsetMeta = createElement("meta", { charSet: "utf-8" });
+  const noindexMeta = createElement("meta", { name: "robots", content: "noindex" });
+  const headElements = [charsetMeta, noindexMeta];
+  if (resolvedMetadata) headElements.push(createElement(MetadataHead, { metadata: resolvedMetadata }));
+  headElements.push(createElement(ViewportHead, { viewport: resolvedViewport }));
+  let element = createElement(Fragment, null, ...headElements, createElement(BoundaryComponent));
+  if (isRscRequest) {
+    // For RSC requests (client-side navigation), wrap the element with the same
+    // component wrappers that buildPageElement() uses. Without these wrappers,
+    // React's reconciliation would see a mismatched tree structure between the
+    // old fiber tree (ErrorBoundary > LayoutSegmentProvider > html > body > NotFoundBoundary > ...)
+    // and the new tree (html > body > ...), causing it to destroy and recreate
+    // the entire DOM tree, resulting in a blank white page.
+    //
+    // We wrap each layout with LayoutSegmentProvider and add GlobalErrorBoundary
+    // to match the wrapping order in buildPageElement(), ensuring smooth
+    // client-side tree reconciliation.
+    const _treePositions = route?.layoutTreePositions;
+    const _routeSegs = route?.routeSegments || [];
+    const _fallbackParams = opts?.matchedParams ?? route?.params ?? {};
+    const _asyncFallbackParams = makeThenableParams(_fallbackParams);
+    for (let i = layouts.length - 1; i >= 0; i--) {
+      const LayoutComponent = layouts[i]?.default;
+      if (LayoutComponent) {
+        element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParams });
+        const _tp = _treePositions ? _treePositions[i] : 0;
+        const _cs = __resolveChildSegments(_routeSegs, _tp, _fallbackParams);
+        element = createElement(LayoutSegmentProvider, { childSegments: _cs }, element);
+      }
+    }
+    
+    const _pathname = new URL(request.url).pathname;
+    const onRenderError = createRscOnErrorHandler(
+      request,
+      _pathname,
+      route?.pattern ?? _pathname,
+    );
+    const rscStream = renderToReadableStream(element, { onError: onRenderError });
+    // Do NOT clear context here — the RSC stream is consumed lazily by the client.
+    // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
+    // that run during stream consumption to see null headers/navigation context and throw,
+    // resulting in missing provider context on the client (e.g. next-intl useTranslations fails
+    // with "context from NextIntlClientProvider was not found").
+    // Context is cleared naturally when the ALS scope from runWithHeadersContext unwinds.
+    return new Response(rscStream, {
+      status: statusCode,
+      headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+    });
+  }
+  // For HTML (full page load) responses, wrap with layouts only (no client-side
+  // wrappers needed since SSR generates the complete HTML document).
+  const _fallbackParamsHtml = opts?.matchedParams ?? route?.params ?? {};
+  const _asyncFallbackParamsHtml = makeThenableParams(_fallbackParamsHtml);
+  for (let i = layouts.length - 1; i >= 0; i--) {
+    const LayoutComponent = layouts[i]?.default;
+    if (LayoutComponent) {
+      element = createElement(LayoutComponent, { children: element, params: _asyncFallbackParamsHtml });
+    }
+  }
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
+  // Collect font data from RSC environment
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+  const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+  const htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+  setHeadersContext(null);
+  setNavigationContext(null);
+  const _respHeaders = { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" };
+  const _linkParts = (fontData.preloads || []).map(function(p) { return "<" + p.href + ">; rel=preload; as=font; type=" + p.type + "; crossorigin"; });
+  if (_linkParts.length > 0) _respHeaders["Link"] = _linkParts.join(", ");
+  return new Response(htmlStream, {
+    status: statusCode,
+    headers: _respHeaders,
+  });
+}
+
+/** Convenience: render a not-found page (404) */
+async function renderNotFoundPage(route, isRscRequest, request, matchedParams) {
+  return renderHTTPAccessFallbackPage(route, 404, isRscRequest, request, { matchedParams });
+}
+
+/**
+ * Render an error.tsx boundary page when a server component or generateMetadata() throws.
+ * Returns null if no error boundary component is available for this route.
+ *
+ * Next.js returns HTTP 200 when error.tsx catches an error (the error is "handled"
+ * by the boundary). This matches that behavior intentionally.
+ */
+async function renderErrorBoundaryPage(route, error, isRscRequest, request, matchedParams) {
+  // Resolve the error boundary component: leaf error.tsx first, then walk per-layout
+  // errors from innermost to outermost (matching ancestor inheritance), then global-error.tsx.
+  let ErrorComponent = route?.error?.default ?? null;
+  if (!ErrorComponent && route?.errors) {
+    for (let i = route.errors.length - 1; i >= 0; i--) {
+      if (route.errors[i]?.default) {
+        ErrorComponent = route.errors[i].default;
+        break;
+      }
+    }
+  }
+  ErrorComponent = ErrorComponent;
+  if (!ErrorComponent) return null;
+
+  const rawError = error instanceof Error ? error : new Error(String(error));
+  // Sanitize the error in production to avoid leaking internal details
+  // (database errors, file paths, stack traces) through error.tsx to the client.
+  // In development, pass the original error for debugging.
+  const errorObj = __sanitizeErrorForClient(rawError);
+  // Only pass error — reset is a client-side concern (re-renders the segment) and
+  // can't be serialized through RSC. The error.tsx component will receive reset=undefined
+  // during SSR, which is fine — onClick={undefined} is harmless, and the real reset
+  // function is only meaningful after hydration.
+  let element = createElement(ErrorComponent, {
+    error: errorObj,
+  });
+  const layouts = route?.layouts ?? rootLayouts;
+  if (isRscRequest) {
+    // For RSC requests (client-side navigation), wrap with the same component
+    // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
+    // This ensures React can reconcile the tree without destroying the DOM.
+    // Same rationale as renderHTTPAccessFallbackPage — see comment there.
+    const _errTreePositions = route?.layoutTreePositions;
+    const _errRouteSegs = route?.routeSegments || [];
+    const _errParams = matchedParams ?? route?.params ?? {};
+    const _asyncErrParams = makeThenableParams(_errParams);
+    for (let i = layouts.length - 1; i >= 0; i--) {
+      const LayoutComponent = layouts[i]?.default;
+      if (LayoutComponent) {
+        element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
+        const _etp = _errTreePositions ? _errTreePositions[i] : 0;
+        const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
+        element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+      }
+    }
+    
+    const _pathname = new URL(request.url).pathname;
+    const onRenderError = createRscOnErrorHandler(
+      request,
+      _pathname,
+      route?.pattern ?? _pathname,
+    );
+    const rscStream = renderToReadableStream(element, { onError: onRenderError });
+    // Do NOT clear context here — the RSC stream is consumed lazily by the client.
+    // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
+    // that run during stream consumption to see null headers/navigation context and throw,
+    // resulting in missing provider context on the client (e.g. next-intl useTranslations fails
+    // with "context from NextIntlClientProvider was not found").
+    // Context is cleared naturally when the ALS scope from runWithHeadersContext unwinds.
+    return new Response(rscStream, {
+      status: 200,
+      headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+    });
+  }
+  // For HTML (full page load) responses, wrap with layouts only.
+  const _errParamsHtml = matchedParams ?? route?.params ?? {};
+  const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
+  for (let i = layouts.length - 1; i >= 0; i--) {
+    const LayoutComponent = layouts[i]?.default;
+    if (LayoutComponent) {
+      element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
+    }
+  }
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
+  // Collect font data from RSC environment so error pages include font styles
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+  const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+  const htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+  setHeadersContext(null);
+  setNavigationContext(null);
+  const _errHeaders = { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" };
+  const _errLinkParts = (fontData.preloads || []).map(function(p) { return "<" + p.href + ">; rel=preload; as=font; type=" + p.type + "; crossorigin"; });
+  if (_errLinkParts.length > 0) _errHeaders["Link"] = _errLinkParts.join(", ");
+  return new Response(htmlStream, {
+    status: 200,
+    headers: _errHeaders,
+  });
+}
+
+function matchRoute(url, routes) {
+  const pathname = url.split("?")[0];
+  let normalizedUrl = pathname === "/" ? "/" : pathname.replace(/\\/$/, "");
+   // NOTE: Do NOT decodeURIComponent here. The caller is responsible for decoding
+   // the pathname exactly once at the request entry point. Decoding again here
+   // would cause inconsistent path matching between middleware and routing.
+  for (const route of routes) {
+    const params = matchPattern(normalizedUrl, route.pattern);
+    if (params !== null) return { route, params };
+  }
+  return null;
+}
+
+function matchPattern(url, pattern) {
+  const urlParts = url.split("/").filter(Boolean);
+  const patternParts = pattern.split("/").filter(Boolean);
+  const params = Object.create(null);
+  for (let i = 0; i < patternParts.length; i++) {
+    const pp = patternParts[i];
+    if (pp.endsWith("+")) {
+      const paramName = pp.slice(1, -1);
+      const remaining = urlParts.slice(i);
+      if (remaining.length === 0) return null;
+      params[paramName] = remaining;
+      return params;
+    }
+    if (pp.endsWith("*")) {
+      const paramName = pp.slice(1, -1);
+      params[paramName] = urlParts.slice(i);
+      return params;
+    }
+    if (pp.startsWith(":")) {
+      if (i >= urlParts.length) return null;
+      params[pp.slice(1)] = urlParts[i];
+      continue;
+    }
+    if (i >= urlParts.length || urlParts[i] !== pp) return null;
+  }
+  if (urlParts.length !== patternParts.length) return null;
+  return params;
+}
+
+// Build a global intercepting route lookup for RSC navigation.
+// Maps target URL patterns to { sourceRouteIndex, slotName, interceptPage, params }.
+const interceptLookup = [];
+for (let ri = 0; ri < routes.length; ri++) {
+  const r = routes[ri];
+  if (!r.slots) continue;
+  for (const [slotName, slotMod] of Object.entries(r.slots)) {
+    if (!slotMod.intercepts) continue;
+    for (const intercept of slotMod.intercepts) {
+      interceptLookup.push({
+        sourceRouteIndex: ri,
+        slotName,
+        targetPattern: intercept.targetPattern,
+        page: intercept.page,
+        params: intercept.params,
+      });
+    }
+  }
+}
+
+/**
+ * Check if a pathname matches any intercepting route.
+ * Returns the match info or null.
+ */
+function findIntercept(pathname) {
+  for (const entry of interceptLookup) {
+    const params = matchPattern(pathname, entry.targetPattern);
+    if (params !== null) {
+      return { ...entry, matchedParams: params };
+    }
+  }
+  return null;
+}
+
+async function buildPageElement(route, params, opts, searchParams) {
+  const PageComponent = route.page?.default;
+  if (!PageComponent) {
+    return createElement("div", null, "Page has no default export");
+  }
+
+  // Resolve metadata and viewport from layouts and page
+  const metadataList = [];
+  const viewportList = [];
+  for (const layoutMod of route.layouts) {
+    if (layoutMod) {
+      const meta = await resolveModuleMetadata(layoutMod, params);
+      if (meta) metadataList.push(meta);
+      const vp = await resolveModuleViewport(layoutMod, params);
+      if (vp) viewportList.push(vp);
+    }
+  }
+  if (route.page) {
+    const pageMeta = await resolveModuleMetadata(route.page, params);
+    if (pageMeta) metadataList.push(pageMeta);
+    const pageVp = await resolveModuleViewport(route.page, params);
+    if (pageVp) viewportList.push(pageVp);
+  }
+  const resolvedMetadata = metadataList.length > 0 ? mergeMetadata(metadataList) : null;
+  const resolvedViewport = mergeViewport(viewportList);
+
+  // Build nested layout tree from outermost to innermost.
+  // Next.js 16 passes params/searchParams as Promises (async pattern)
+  // but pre-16 code accesses them as plain objects (params.id).
+  // makeThenableParams() normalises null-prototype + preserves both patterns.
+  const asyncParams = makeThenableParams(params);
+  const pageProps = { params: asyncParams };
+  if (searchParams) {
+    const spObj = {};
+    let hasSearchParams = false;
+    if (searchParams.forEach) searchParams.forEach(function(v, k) {
+      hasSearchParams = true;
+      if (k in spObj) {
+        // Multi-value: promote to array (Next.js returns string[] for duplicate keys)
+        spObj[k] = Array.isArray(spObj[k]) ? spObj[k].concat(v) : [spObj[k], v];
+      } else {
+        spObj[k] = v;
+      }
+    });
+    // If the URL has query parameters, mark the page as dynamic.
+    // In Next.js, only accessing the searchParams prop signals dynamic usage,
+    // but a Proxy-based approach doesn't work here because React's RSC debug
+    // serializer accesses properties on all props (e.g. $$typeof check in
+    // isClientReference), triggering the Proxy even when user code doesn't
+    // read searchParams. Checking for non-empty query params is a safe
+    // approximation: pages with query params in the URL are almost always
+    // dynamic, and this avoids false positives from React internals.
+    if (hasSearchParams) markDynamicUsage();
+    pageProps.searchParams = makeThenableParams(spObj);
+  }
+  let element = createElement(PageComponent, pageProps);
+
+  // Wrap page with empty segment provider so useSelectedLayoutSegments()
+  // returns [] when called from inside a page component (leaf node).
+  element = createElement(LayoutSegmentProvider, { childSegments: [] }, element);
+
+  // Add metadata + viewport head tags (React 19 hoists title/meta/link to <head>)
+  // Next.js always injects charset and default viewport even when no metadata/viewport
+  // is exported. We replicate that by always emitting these essential head elements.
+  {
+    const headElements = [];
+    // Always emit <meta charset="utf-8"> — Next.js includes this on every page
+    headElements.push(createElement("meta", { charSet: "utf-8" }));
+    if (resolvedMetadata) headElements.push(createElement(MetadataHead, { metadata: resolvedMetadata }));
+    headElements.push(createElement(ViewportHead, { viewport: resolvedViewport }));
+    element = createElement(Fragment, null, ...headElements, element);
+  }
+
+  // Wrap with loading.tsx Suspense if present
+  if (route.loading?.default) {
+    element = createElement(
+      Suspense,
+      { fallback: createElement(route.loading.default) },
+      element,
+    );
+  }
+
+  // Wrap with the leaf's error.tsx ErrorBoundary if it's not already covered
+  // by a per-layout error boundary (i.e., the leaf has error.tsx but no layout).
+  // Per-layout error boundaries are interleaved with layouts below.
+  {
+    const lastLayoutError = route.errors ? route.errors[route.errors.length - 1] : null;
+    if (route.error?.default && route.error !== lastLayoutError) {
+      element = createElement(ErrorBoundary, {
+        fallback: route.error.default,
+        children: element,
+      });
+    }
+  }
+
+  // Wrap with NotFoundBoundary so client-side notFound() renders not-found.tsx
+  // instead of crashing the React tree. Must be above ErrorBoundary since
+  // ErrorBoundary re-throws notFound errors.
+  // Pre-render the not-found component as a React element since it may be a
+  // server component (not a client reference) and can't be passed as a function prop.
+  {
+    const NotFoundComponent = route.notFound?.default ?? null;
+    if (NotFoundComponent) {
+      element = createElement(NotFoundBoundary, {
+        fallback: createElement(NotFoundComponent),
+        children: element,
+      });
+    }
+  }
+
+  // Wrap with templates (innermost first, then outer)
+  // Templates are like layouts but re-mount on navigation (client-side concern).
+  // On the server, they just wrap the content like layouts do.
+  if (route.templates) {
+    for (let i = route.templates.length - 1; i >= 0; i--) {
+      const TemplateComponent = route.templates[i]?.default;
+      if (TemplateComponent) {
+        element = createElement(TemplateComponent, { children: element, params });
+      }
+    }
+  }
+
+  // Wrap with layouts (innermost first, then outer).
+  // At each layout level, first wrap with that level's error boundary (if any)
+  // so the boundary is inside the layout and catches errors from children.
+  // This matches Next.js behavior: Layout > ErrorBoundary > children.
+  // Parallel slots are passed as named props to the innermost layout
+  // (the layout at the same directory level as the page/slots)
+  for (let i = route.layouts.length - 1; i >= 0; i--) {
+    // Wrap with per-layout error boundary before wrapping with layout.
+    // This places the ErrorBoundary inside the layout, catching errors
+    // from child segments (matching Next.js per-segment error handling).
+    if (route.errors && route.errors[i]?.default) {
+      element = createElement(ErrorBoundary, {
+        fallback: route.errors[i].default,
+        children: element,
+      });
+    }
+
+    const LayoutComponent = route.layouts[i]?.default;
+    if (LayoutComponent) {
+      // Per-layout NotFoundBoundary: wraps this layout's children so that
+      // notFound() thrown from a child layout is caught here.
+      // Matches Next.js behavior where each segment has its own boundary.
+      // The boundary at level N catches errors from Layout[N+1] and below,
+      // but NOT from Layout[N] itself (which propagates to level N-1).
+      {
+        const LayoutNotFound = route.notFounds?.[i]?.default;
+        if (LayoutNotFound) {
+          element = createElement(NotFoundBoundary, {
+            fallback: createElement(LayoutNotFound),
+            children: element,
+          });
+        }
+      }
+
+      const layoutProps = { children: element, params: makeThenableParams(params) };
+
+      // Add parallel slot elements to the layout that defines them.
+      // Each slot has a layoutIndex indicating which layout it belongs to.
+      if (route.slots) {
+        for (const [slotName, slotMod] of Object.entries(route.slots)) {
+          // Attach slot to the layout at its layoutIndex, or to the innermost layout if -1
+          const targetIdx = slotMod.layoutIndex >= 0 ? slotMod.layoutIndex : route.layouts.length - 1;
+          if (i !== targetIdx) continue;
+          // Check if this slot has an intercepting route that should activate
+          let SlotPage = null;
+          let slotParams = params;
+
+          if (opts && opts.interceptSlot === slotName && opts.interceptPage) {
+            // Use the intercepting route's page component
+            SlotPage = opts.interceptPage.default;
+            slotParams = opts.interceptParams || params;
+          } else {
+            SlotPage = slotMod.page?.default || slotMod.default?.default;
+          }
+
+          if (SlotPage) {
+            let slotElement = createElement(SlotPage, { params: makeThenableParams(slotParams) });
+            // Wrap with slot-specific layout if present.
+            // In Next.js, @slot/layout.tsx wraps the slot's page content
+            // before it is passed as a prop to the parent layout.
+            const SlotLayout = slotMod.layout?.default;
+            if (SlotLayout) {
+              slotElement = createElement(SlotLayout, {
+                children: slotElement,
+                params: makeThenableParams(slotParams),
+              });
+            }
+            // Wrap with slot-specific loading if present
+            if (slotMod.loading?.default) {
+              slotElement = createElement(Suspense,
+                { fallback: createElement(slotMod.loading.default) },
+                slotElement,
+              );
+            }
+            // Wrap with slot-specific error boundary if present
+            if (slotMod.error?.default) {
+              slotElement = createElement(ErrorBoundary, {
+                fallback: slotMod.error.default,
+                children: slotElement,
+              });
+            }
+            layoutProps[slotName] = slotElement;
+          }
+        }
+      }
+
+      element = createElement(LayoutComponent, layoutProps);
+
+      // Wrap the layout with LayoutSegmentProvider so useSelectedLayoutSegments()
+      // called INSIDE this layout gets the correct child segments. We resolve the
+      // route tree segments using actual param values and pass them through context.
+      // We wrap the layout (not just children) because hooks are called from
+      // components rendered inside the layout's own JSX.
+      const treePos = route.layoutTreePositions ? route.layoutTreePositions[i] : 0;
+      const childSegs = __resolveChildSegments(route.routeSegments || [], treePos, params);
+      element = createElement(LayoutSegmentProvider, { childSegments: childSegs }, element);
+    }
+  }
+
+  // Wrap with global error boundary if app/global-error.tsx exists.
+  // This catches errors in the root layout itself.
+  
+
+  return element;
+}
+
+
+
+const __basePath = "";
+const __trailingSlash = false;
+const __configRedirects = [];
+const __configRewrites = {"beforeFiles":[],"afterFiles":[],"fallback":[]};
+const __configHeaders = [];
+const __allowedOrigins = [];
+
+
+// ── Dev server origin verification ──────────────────────────────────────
+// Block cross-origin requests to prevent data exfiltration during development.
+const __allowedDevOrigins = [];
+const __safeDevHosts = ["localhost", "127.0.0.1", "[::1]"];
+
+function __validateDevRequestOrigin(request) {
+  // Check Sec-Fetch headers (catches <script> tag exfiltration)
+  if (request.headers.get("sec-fetch-mode") === "no-cors" &&
+      request.headers.get("sec-fetch-site") === "cross-site") {
+    console.warn("[vinext] Blocked cross-site no-cors request to " + new URL(request.url).pathname);
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  const origin = request.headers.get("origin");
+  if (!origin || origin === "null") return null;
+
+  let originHostname;
+  try {
+    originHostname = new URL(origin).hostname.toLowerCase();
+  } catch {
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  // Allow localhost, 127.0.0.1, [::1], and *.localhost
+  if (__safeDevHosts.includes(originHostname) || originHostname.endsWith(".localhost")) return null;
+
+  // Same-origin: compare against Host header
+  const hostHeader = (request.headers.get("x-forwarded-host") || request.headers.get("host") || "").split(",")[0].trim().split(":")[0].toLowerCase();
+  if (hostHeader && originHostname === hostHeader) return null;
+
+  // Check user-configured allowed origins
+  for (const pattern of __allowedDevOrigins) {
+    if (pattern.startsWith("*.")) {
+      const suffix = pattern.slice(1);
+      if (originHostname === pattern.slice(2) || originHostname.endsWith(suffix)) return null;
+    } else if (originHostname === pattern) {
+      return null;
+    }
+  }
+
+  console.warn(
+    \`[vinext] Blocked cross-origin request from "\${origin}" to \${new URL(request.url).pathname}. \` +
+    \`To allow this origin, add it to allowedDevOrigins in next.config.js.\`
+  );
+  return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+}
+
+
+// ── CSRF origin validation for server actions ───────────────────────────
+// Matches Next.js behavior: compare the Origin header against the Host header.
+// If they don't match, the request is rejected with 403 unless the origin is
+// in the allowedOrigins list (from experimental.serverActions.allowedOrigins).
+function __isOriginAllowed(origin, allowed) {
+  for (const pattern of allowed) {
+    if (pattern.startsWith("*.")) {
+      // Wildcard: *.example.com matches sub.example.com, a.b.example.com
+      const suffix = pattern.slice(1); // ".example.com"
+      if (origin === pattern.slice(2) || origin.endsWith(suffix)) return true;
+    } else if (origin === pattern) {
+      return true;
+    }
+  }
+  return false;
+}
+
+function __validateCsrfOrigin(request) {
+  const originHeader = request.headers.get("origin");
+  // If there's no Origin header, allow the request — same-origin requests
+  // from non-fetch navigations (e.g. SSR) may lack an Origin header.
+  // The x-rsc-action custom header already provides protection against simple
+  // form-based CSRF since custom headers can't be set by cross-origin forms.
+  if (!originHeader || originHeader === "null") return null;
+
+  let originHost;
+  try {
+    originHost = new URL(originHeader).host.toLowerCase();
+  } catch {
+    return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+  }
+
+  // Only use the Host header for origin comparison — never trust
+  // X-Forwarded-Host here, since it can be freely set by the client
+  // and would allow the check to be bypassed if it matched a spoofed
+  // Origin. The prod server's resolveHost() handles trusted proxy
+  // scenarios separately.
+  const hostHeader = (
+    request.headers.get("host") ||
+    ""
+  ).split(",")[0].trim().toLowerCase();
+
+  if (!hostHeader) return null;
+
+  // Same origin — allow
+  if (originHost === hostHeader) return null;
+
+  // Check allowedOrigins from next.config.js
+  if (__allowedOrigins.length > 0 && __isOriginAllowed(originHost, __allowedOrigins)) return null;
+
+  console.warn(
+    \`[vinext] CSRF origin mismatch: origin "\${originHost}" does not match host "\${hostHeader}". Blocking server action request.\`
+  );
+  return new Response("Forbidden", { status: 403, headers: { "Content-Type": "text/plain" } });
+}
+
+// ── ReDoS-safe regex compilation ────────────────────────────────────────
+
+function __isSafeRegex(pattern) {
+  const quantifierAtDepth = [];
+  let depth = 0;
+  let i = 0;
+  while (i < pattern.length) {
+    const ch = pattern[i];
+    if (ch === "\\\\") { i += 2; continue; }
+    if (ch === "[") {
+      i++;
+      while (i < pattern.length && pattern[i] !== "]") {
+        if (pattern[i] === "\\\\") i++;
+        i++;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "(") {
+      depth++;
+      if (quantifierAtDepth.length <= depth) quantifierAtDepth.push(false);
+      else quantifierAtDepth[depth] = false;
+      i++;
+      continue;
+    }
+    if (ch === ")") {
+      const hadQ = depth > 0 && quantifierAtDepth[depth];
+      if (depth > 0) depth--;
+      const next = pattern[i + 1];
+      if (next === "+" || next === "*" || next === "{") {
+        if (hadQ) return false;
+        if (depth >= 0 && depth < quantifierAtDepth.length) quantifierAtDepth[depth] = true;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "+" || ch === "*") {
+      if (depth > 0) quantifierAtDepth[depth] = true;
+      i++;
+      continue;
+    }
+    if (ch === "?") {
+      const prev = i > 0 ? pattern[i - 1] : "";
+      if (prev !== "+" && prev !== "*" && prev !== "?" && prev !== "}") {
+        if (depth > 0) quantifierAtDepth[depth] = true;
+      }
+      i++;
+      continue;
+    }
+    if (ch === "{") {
+      let j = i + 1;
+      while (j < pattern.length && /[\\d,]/.test(pattern[j])) j++;
+      if (j < pattern.length && pattern[j] === "}" && j > i + 1) {
+        if (depth > 0) quantifierAtDepth[depth] = true;
+        i = j + 1;
+        continue;
+      }
+    }
+    i++;
+  }
+  return true;
+}
+function __safeRegExp(pattern, flags) {
+  if (!__isSafeRegex(pattern)) {
+    console.warn("[vinext] Ignoring potentially unsafe regex pattern (ReDoS risk): " + pattern);
+    return null;
+  }
+  try { return new RegExp(pattern, flags); } catch { return null; }
+}
+
+// ── Path normalization ──────────────────────────────────────────────────
+
+function __normalizePath(pathname) {
+  if (
+    pathname === "/" ||
+    (pathname.length > 1 &&
+      pathname[0] === "/" &&
+      !pathname.includes("//") &&
+      !pathname.includes("/./") &&
+      !pathname.includes("/../") &&
+      !pathname.endsWith("/.") &&
+      !pathname.endsWith("/.."))
+  ) {
+    return pathname;
+  }
+  const segments = pathname.split("/");
+  const resolved = [];
+  for (let i = 0; i < segments.length; i++) {
+    const seg = segments[i];
+    if (seg === "" || seg === ".") continue;
+    if (seg === "..") { resolved.pop(); }
+    else { resolved.push(seg); }
+  }
+  return "/" + resolved.join("/");
+}
+
+// ── Config pattern matching (redirects, rewrites, headers) ──────────────
+function __matchConfigPattern(pathname, pattern) {
+  if (pattern.includes("(") || pattern.includes("\\\\") || /:[\\w-]+[*+][^/]/.test(pattern) || /:[\\w-]+\\./.test(pattern)) {
+    try {
+      const paramNames = [];
+      const regexStr = pattern
+        .replace(/\\./g, "\\\\.")
+        .replace(/:([\\w-]+)\\*(?:\\(([^)]+)\\))?/g, (_, name, c) => { paramNames.push(name); return c ? "(" + c + ")" : "(.*)"; })
+        .replace(/:([\\w-]+)\\+(?:\\(([^)]+)\\))?/g, (_, name, c) => { paramNames.push(name); return c ? "(" + c + ")" : "(.+)"; })
+        .replace(/:([\\w-]+)\\(([^)]+)\\)/g, (_, name, c) => { paramNames.push(name); return "(" + c + ")"; })
+        .replace(/:([\\w-]+)/g, (_, name) => { paramNames.push(name); return "([^/]+)"; });
+      const re = __safeRegExp("^" + regexStr + "$");
+      if (!re) return null;
+      const match = re.exec(pathname);
+      if (!match) return null;
+      const params = Object.create(null);
+      for (let i = 0; i < paramNames.length; i++) params[paramNames[i]] = match[i + 1] || "";
+      return params;
+    } catch { /* fall through */ }
+  }
+  const catchAllMatch = pattern.match(/:([\\w-]+)(\\*|\\+)$/);
+  if (catchAllMatch) {
+    const prefix = pattern.slice(0, pattern.lastIndexOf(":"));
+    const paramName = catchAllMatch[1];
+    const isPlus = catchAllMatch[2] === "+";
+    if (!pathname.startsWith(prefix.replace(/\\/$/, ""))) return null;
+    const rest = pathname.slice(prefix.replace(/\\/$/, "").length);
+    if (isPlus && (!rest || rest === "/")) return null;
+    let restValue = rest.startsWith("/") ? rest.slice(1) : rest;
+     // NOTE: Do NOT decodeURIComponent here. The pathname is already decoded at
+     // the request entry point. Decoding again would produce incorrect param values.
+    return { [paramName]: restValue };
+  }
+  const parts = pattern.split("/");
+  const pathParts = pathname.split("/");
+  if (parts.length !== pathParts.length) return null;
+  const params = Object.create(null);
+  for (let i = 0; i < parts.length; i++) {
+    if (parts[i].startsWith(":")) params[parts[i].slice(1)] = pathParts[i];
+    else if (parts[i] !== pathParts[i]) return null;
+  }
+  return params;
+}
+
+function __parseCookies(cookieHeader) {
+  if (!cookieHeader) return {};
+  const cookies = {};
+  for (const part of cookieHeader.split(";")) {
+    const eq = part.indexOf("=");
+    if (eq === -1) continue;
+    const key = part.slice(0, eq).trim();
+    const value = part.slice(eq + 1).trim();
+    if (key) cookies[key] = value;
+  }
+  return cookies;
+}
+
+function __checkSingleCondition(condition, ctx) {
+  switch (condition.type) {
+    case "header": {
+      const v = ctx.headers.get(condition.key);
+      if (v === null) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "cookie": {
+      const v = ctx.cookies[condition.key];
+      if (v === undefined) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "query": {
+      const v = ctx.query.get(condition.key);
+      if (v === null) return false;
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(v) : v === condition.value; }
+      return true;
+    }
+    case "host": {
+      if (condition.value !== undefined) { const re = __safeRegExp(condition.value); return re ? re.test(ctx.host) : ctx.host === condition.value; }
+      return ctx.host === condition.key;
+    }
+    default: return false;
+  }
+}
+
+function __checkHasConditions(has, missing, ctx) {
+  if (has) { for (const c of has) { if (!__checkSingleCondition(c, ctx)) return false; } }
+  if (missing) { for (const c of missing) { if (__checkSingleCondition(c, ctx)) return false; } }
+  return true;
+}
+
+function __buildRequestContext(request) {
+  const url = new URL(request.url);
+  return {
+    headers: request.headers,
+    cookies: __parseCookies(request.headers.get("cookie")),
+    query: url.searchParams,
+    host: request.headers.get("host") || url.host,
+  };
+}
+
+/**
+ * Build a request context from the live ALS HeadersContext, which reflects
+ * any x-middleware-request-* header mutations applied by middleware.
+ * Used for afterFiles and fallback rewrite has/missing evaluation — these
+ * run after middleware in the App Router execution order.
+ */
+function __buildPostMwRequestContext(request) {
+  const url = new URL(request.url);
+  const ctx = getHeadersContext();
+  if (!ctx) return __buildRequestContext(request);
+  // ctx.cookies is a Map<string, string> (HeadersContext), but RequestContext
+  // requires a plain Record<string, string> for has/missing cookie evaluation
+  // (config-matchers.ts uses obj[key] not Map.get()). Convert here.
+  const cookiesRecord = Object.fromEntries(ctx.cookies);
+  return {
+    headers: ctx.headers,
+    cookies: cookiesRecord,
+    query: url.searchParams,
+    host: ctx.headers.get("host") || url.host,
+  };
+}
+
+function __sanitizeDestination(dest) {
+  if (dest.startsWith("http://") || dest.startsWith("https://")) return dest;
+  dest = dest.replace(/^[\\\\/]+/, "/");
+  return dest;
+}
+
+function __applyConfigRedirects(pathname, ctx) {
+  for (const rule of __configRedirects) {
+    const params = __matchConfigPattern(pathname, rule.source);
+    if (params) {
+      if (ctx && (rule.has || rule.missing)) { if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue; }
+      let dest = rule.destination;
+      for (const [key, value] of Object.entries(params)) { dest = dest.replace(":" + key + "*", value); dest = dest.replace(":" + key + "+", value); dest = dest.replace(":" + key, value); }
+      dest = __sanitizeDestination(dest);
+      return { destination: dest, permanent: rule.permanent };
+    }
+  }
+  return null;
+}
+
+function __applyConfigRewrites(pathname, rules, ctx) {
+  for (const rule of rules) {
+    const params = __matchConfigPattern(pathname, rule.source);
+    if (params) {
+      if (ctx && (rule.has || rule.missing)) { if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue; }
+      let dest = rule.destination;
+      for (const [key, value] of Object.entries(params)) { dest = dest.replace(":" + key + "*", value); dest = dest.replace(":" + key + "+", value); dest = dest.replace(":" + key, value); }
+      dest = __sanitizeDestination(dest);
+      return dest;
+    }
+  }
+  return null;
+}
+
+function __isExternalUrl(url) {
+  return /^[a-z][a-z0-9+.-]*:/i.test(url) || url.startsWith("//");
+}
+
+/**
+ * Maximum server-action request body size (1 MB).
+ * Matches the Next.js default for serverActions.bodySizeLimit.
+ * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/serverActions#bodysizelimit
+ * Prevents unbounded request body buffering.
+ */
+var __MAX_ACTION_BODY_SIZE = 1 * 1024 * 1024;
+
+/**
+ * Read a request body as text with a size limit.
+ * Enforces the limit on the actual byte stream to prevent bypasses
+ * via chunked transfer-encoding where Content-Length is absent or spoofed.
+ */
+async function __readBodyWithLimit(request, maxBytes) {
+  if (!request.body) return "";
+  var reader = request.body.getReader();
+  var decoder = new TextDecoder();
+  var chunks = [];
+  var totalSize = 0;
+  for (;;) {
+    var result = await reader.read();
+    if (result.done) break;
+    totalSize += result.value.byteLength;
+    if (totalSize > maxBytes) {
+      reader.cancel();
+      throw new Error("Request body too large");
+    }
+    chunks.push(decoder.decode(result.value, { stream: true }));
+  }
+  chunks.push(decoder.decode());
+  return chunks.join("");
+}
+
+/**
+ * Read a request body as FormData with a size limit.
+ * Consumes the body stream with a byte counter and then parses the
+ * collected bytes as multipart form data via the Response constructor.
+ */
+async function __readFormDataWithLimit(request, maxBytes) {
+  if (!request.body) return new FormData();
+  var reader = request.body.getReader();
+  var chunks = [];
+  var totalSize = 0;
+  for (;;) {
+    var result = await reader.read();
+    if (result.done) break;
+    totalSize += result.value.byteLength;
+    if (totalSize > maxBytes) {
+      reader.cancel();
+      throw new Error("Request body too large");
+    }
+    chunks.push(result.value);
+  }
+  // Reconstruct a Response with the original Content-Type so that
+  // the FormData parser can handle multipart boundaries correctly.
+  var combined = new Uint8Array(totalSize);
+  var offset = 0;
+  for (var chunk of chunks) {
+    combined.set(chunk, offset);
+    offset += chunk.byteLength;
+  }
+  var contentType = request.headers.get("content-type") || "";
+  return new Response(combined, { headers: { "Content-Type": contentType } }).formData();
+}
+
+const __hopByHopHeaders = new Set(["connection","keep-alive","proxy-authenticate","proxy-authorization","te","trailers","transfer-encoding","upgrade"]);
+
+async function __proxyExternalRequest(request, externalUrl) {
+  const originalUrl = new URL(request.url);
+  const targetUrl = new URL(externalUrl);
+  for (const [key, value] of originalUrl.searchParams) {
+    if (!targetUrl.searchParams.has(key)) targetUrl.searchParams.set(key, value);
+  }
+  const headers = new Headers(request.headers);
+  headers.set("host", targetUrl.host);
+  headers.delete("connection");
+  for (const key of [...headers.keys()]) {
+    if (key.startsWith("x-middleware-")) headers.delete(key);
+  }
+  const method = request.method;
+  const hasBody = method !== "GET" && method !== "HEAD";
+  const init = { method, headers, redirect: "manual", signal: AbortSignal.timeout(30000) };
+  if (hasBody && request.body) { init.body = request.body; init.duplex = "half"; }
+  let upstream;
+  try { upstream = await fetch(targetUrl.href, init); }
+  catch (e) {
+    if (e && e.name === "TimeoutError") return new Response("Gateway Timeout", { status: 504 });
+    console.error("[vinext] External rewrite proxy error:", e); return new Response("Bad Gateway", { status: 502 });
+  }
+  const respHeaders = new Headers();
+  // Node.js fetch() auto-decompresses response bodies, while Workers fetch()
+  // preserves wire encoding. Only strip encoding/length on Node.js to avoid
+  // double-decompression errors without breaking Workers parity.
+  const __isNodeRuntime = typeof process !== "undefined" && !!(process.versions && process.versions.node);
+  upstream.headers.forEach(function(value, key) {
+    var lower = key.toLowerCase();
+    if (__hopByHopHeaders.has(lower)) return;
+    if (__isNodeRuntime && (lower === "content-encoding" || lower === "content-length")) return;
+    respHeaders.append(key, value);
+  });
+  return new Response(upstream.body, { status: upstream.status, statusText: upstream.statusText, headers: respHeaders });
+}
+
+function __applyConfigHeaders(pathname, ctx) {
+  const result = [];
+  for (const rule of __configHeaders) {
+    const groups = [];
+    const withPlaceholders = rule.source.replace(/\\(([^)]+)\\)/g, (_, inner) => {
+      groups.push(inner);
+      return "___GROUP_" + (groups.length - 1) + "___";
+    });
+    const escaped = withPlaceholders
+      .replace(/\\./g, "\\\\.")
+      .replace(/\\+/g, "\\\\+")
+      .replace(/\\?/g, "\\\\?")
+      .replace(/\\*/g, ".*")
+      .replace(/:[\\w-]+/g, "[^/]+")
+      .replace(/___GROUP_(\\d+)___/g, (_, idx) => "(" + groups[Number(idx)] + ")");
+    const sourceRegex = __safeRegExp("^" + escaped + "$");
+    if (sourceRegex && sourceRegex.test(pathname)) {
+      if (ctx && (rule.has || rule.missing)) {
+        if (!__checkHasConditions(rule.has, rule.missing, ctx)) continue;
+      }
+      result.push(...rule.headers);
+    }
+  }
+  return result;
+}
+
+export default async function handler(request) {
+  // Wrap the entire request in nested AsyncLocalStorage.run() scopes to ensure
+  // per-request isolation for all state modules. Each runWith*() creates an
+  // ALS scope that propagates through all async continuations (including RSC
+  // streaming), preventing state leakage between concurrent requests on
+  // Cloudflare Workers and other concurrent runtimes.
+  const headersCtx = headersContextFromRequest(request);
+  return runWithHeadersContext(headersCtx, () =>
+    _runWithNavigationContext(() =>
+      _runWithCacheState(() =>
+        _runWithPrivateCache(() =>
+          runWithFetchCache(async () => {
+            const __reqCtx = __buildRequestContext(request);
+            // Per-request container for middleware state. Passed into
+            // _handleRequest which fills in .headers and .status;
+            // avoids module-level variables that race on Workers.
+            const _mwCtx = { headers: null, status: null };
+            const response = await _handleRequest(request, __reqCtx, _mwCtx);
+            // Apply custom headers from next.config.js to non-redirect responses.
+            // Skip redirects (3xx) because Response.redirect() creates immutable headers,
+            // and Next.js doesn't apply custom headers to redirects anyway.
+            if (response && response.headers && !(response.status >= 300 && response.status < 400)) {
+              if (__configHeaders.length) {
+                const url = new URL(request.url);
+                let pathname;
+                try { pathname = __normalizePath(decodeURIComponent(url.pathname)); } catch { pathname = url.pathname; }
+                
+                const extraHeaders = __applyConfigHeaders(pathname, __reqCtx);
+                for (const h of extraHeaders) {
+                  // Use append() for headers where multiple values must coexist
+                  // (Vary, Set-Cookie). Using set() on these would destroy
+                  // existing values like "Vary: RSC, Accept" which are critical
+                  // for correct CDN caching behavior.
+                  const lk = h.key.toLowerCase();
+                  if (lk === "vary" || lk === "set-cookie") {
+                    response.headers.append(h.key, h.value);
+                  } else if (!response.headers.has(lk)) {
+                    // Middleware headers take precedence: skip config keys already
+                    // set by middleware so middleware headers always win.
+                    response.headers.set(h.key, h.value);
+                  }
+                }
+              }
+            }
+            return response;
+          })
+        )
+      )
+    )
+  );
+}
+
+async function _handleRequest(request, __reqCtx, _mwCtx) {
+  const __reqStart = process.env.NODE_ENV !== "production" ? performance.now() : 0;
+  let __compileEnd;
+  let __renderEnd;
+  // __reqStart is included in the timing header so the Node logging middleware
+  // can compute true compile time as: handlerStart - middlewareStart.
+  // Format: "handlerStart,compileMs,renderMs" - all as integers (ms). Dev-only.
+  const url = new URL(request.url);
+
+  // ── Cross-origin request protection ─────────────────────────────────
+  // Block requests from non-localhost origins to prevent data exfiltration.
+  const __originBlock = __validateDevRequestOrigin(request);
+  if (__originBlock) return __originBlock;
+
+  // Guard against protocol-relative URL open redirects.
+  // Paths like //example.com/ would be redirected to //example.com by the
+  // trailing-slash normalizer, which browsers interpret as http://example.com.
+  // Backslashes are equivalent to forward slashes in the URL spec
+  // (e.g. /\\evil.com is treated as //evil.com by browsers and the URL constructor).
+  // Next.js returns 404 for these paths. Check the RAW pathname before
+  // normalization so the guard fires before normalizePath collapses //.
+  if (url.pathname.replaceAll("\\\\", "/").startsWith("//")) {
+    return new Response("404 Not Found", { status: 404 });
+  }
+
+  // Decode percent-encoding and normalize pathname to canonical form.
+  // decodeURIComponent prevents /%61dmin from bypassing /admin matchers.
+  // __normalizePath collapses //foo///bar → /foo/bar, resolves . and .. segments.
+  let decodedUrlPathname;
+  try { decodedUrlPathname = decodeURIComponent(url.pathname); } catch (e) {
+    return new Response("Bad Request", { status: 400 });
+  }
+  let pathname = __normalizePath(decodedUrlPathname);
+
+  
+
+  // Trailing slash normalization (redirect to canonical form)
+  if (pathname !== "/" && !pathname.startsWith("/api")) {
+    const hasTrailing = pathname.endsWith("/");
+    if (__trailingSlash && !hasTrailing && !pathname.endsWith(".rsc")) {
+      return Response.redirect(new URL(__basePath + pathname + "/" + url.search, request.url), 308);
+    } else if (!__trailingSlash && hasTrailing) {
+      return Response.redirect(new URL(__basePath + pathname.replace(/\\/+$/, "") + url.search, request.url), 308);
+    }
+  }
+
+  // ── Apply redirects from next.config.js ───────────────────────────────
+  if (__configRedirects.length) {
+    // Strip .rsc suffix before matching redirect rules - RSC (client-side nav) requests
+    // arrive as /some/path.rsc but redirect patterns are defined without it (e.g.
+    // /some/path). Without this, soft-nav fetches bypass all config redirects.
+    const __redirPathname = pathname.endsWith(".rsc") ? pathname.slice(0, -4) : pathname;
+    const __redir = __applyConfigRedirects(__redirPathname, __reqCtx);
+    if (__redir) {
+      const __redirDest = __sanitizeDestination(
+        __basePath && !__redir.destination.startsWith(__basePath)
+          ? __basePath + __redir.destination
+          : __redir.destination
+      );
+      return new Response(null, {
+        status: __redir.permanent ? 308 : 307,
+        headers: { Location: __redirDest },
+      });
+    }
+  }
+
+  const isRscRequest = pathname.endsWith(".rsc") || request.headers.get("accept")?.includes("text/x-component");
+  let cleanPathname = pathname.replace(/\\.rsc$/, "");
+
+  // Middleware response headers and custom rewrite status are stored in
+  // _mwCtx (per-request container) so handler() can merge them into
+  // every response path without module-level state that races on Workers.
+
+  
+
+  // Build post-middleware request context for afterFiles/fallback rewrites.
+  // These run after middleware in the App Router execution order and should
+  // evaluate has/missing conditions against middleware-modified headers.
+  // When no middleware is present, this falls back to __buildRequestContext.
+  const __postMwReqCtx = __buildPostMwRequestContext(request);
+
+  // ── Apply beforeFiles rewrites from next.config.js ────────────────────
+  // In App Router execution order, beforeFiles runs after middleware so that
+  // has/missing conditions can evaluate against middleware-modified headers.
+  if (__configRewrites.beforeFiles && __configRewrites.beforeFiles.length) {
+    const __rewritten = __applyConfigRewrites(cleanPathname, __configRewrites.beforeFiles, __postMwReqCtx);
+    if (__rewritten) {
+      if (__isExternalUrl(__rewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __rewritten);
+      }
+      cleanPathname = __rewritten;
+    }
+  }
+
+  // ── Image optimization passthrough (dev mode — no transformation) ───────
+  if (cleanPathname === "/_vinext/image") {
+    const __rawImgUrl = url.searchParams.get("url");
+    // Normalize backslashes: browsers and the URL constructor treat
+    // /\\evil.com as protocol-relative (//evil.com), bypassing the // check.
+    const __imgUrl = __rawImgUrl?.replaceAll("\\\\", "/") ?? null;
+    // Allowlist: must start with "/" but not "//" — blocks absolute URLs,
+    // protocol-relative, backslash variants, and exotic schemes.
+    if (!__imgUrl || !__imgUrl.startsWith("/") || __imgUrl.startsWith("//")) {
+      return new Response(!__rawImgUrl ? "Missing url parameter" : "Only relative URLs allowed", { status: 400 });
+    }
+    // Validate the constructed URL's origin hasn't changed (defense in depth).
+    const __resolvedImg = new URL(__imgUrl, request.url);
+    if (__resolvedImg.origin !== url.origin) {
+      return new Response("Only relative URLs allowed", { status: 400 });
+    }
+    // In dev, redirect to the original asset URL so Vite's static serving handles it.
+    return Response.redirect(__resolvedImg.href, 302);
+  }
+
+  // Handle metadata routes (sitemap.xml, robots.txt, manifest.webmanifest, etc.)
+  for (const metaRoute of metadataRoutes) {
+    if (cleanPathname === metaRoute.servedUrl) {
+      if (metaRoute.isDynamic) {
+        // Dynamic metadata route — call the default export and serialize
+        const metaFn = metaRoute.module.default;
+        if (typeof metaFn === "function") {
+          const result = await metaFn();
+          let body;
+          // If it's already a Response (e.g., ImageResponse), return directly
+          if (result instanceof Response) return result;
+          // Serialize based on type
+          if (metaRoute.type === "sitemap") body = sitemapToXml(result);
+          else if (metaRoute.type === "robots") body = robotsToText(result);
+          else if (metaRoute.type === "manifest") body = manifestToJson(result);
+          else body = JSON.stringify(result);
+          return new Response(body, {
+            headers: { "Content-Type": metaRoute.contentType },
+          });
+        }
+      } else {
+        // Static metadata file — decode from embedded base64 data
+        try {
+          const binary = atob(metaRoute.fileDataBase64);
+          const bytes = new Uint8Array(binary.length);
+          for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+          return new Response(bytes, {
+            headers: {
+              "Content-Type": metaRoute.contentType,
+              "Cache-Control": "public, max-age=0, must-revalidate",
+            },
+          });
+        } catch {
+          return new Response("Not Found", { status: 404 });
+        }
+      }
+    }
+  }
+
+  // Set navigation context for Server Components.
+  // Note: Headers context is already set by runWithHeadersContext in the handler wrapper.
+  setNavigationContext({
+    pathname: cleanPathname,
+    searchParams: url.searchParams,
+    params: {},
+  });
+
+  // Handle server action POST requests
+  const actionId = request.headers.get("x-rsc-action");
+  if (request.method === "POST" && actionId) {
+    // ── CSRF protection ─────────────────────────────────────────────────
+    // Verify that the Origin header matches the Host header to prevent
+    // cross-site request forgery, matching Next.js server action behavior.
+    const csrfResponse = __validateCsrfOrigin(request);
+    if (csrfResponse) return csrfResponse;
+
+    // ── Body size limit ─────────────────────────────────────────────────
+    // Reject payloads larger than the configured limit.
+    // Check Content-Length as a fast path, then enforce on the actual
+    // stream to prevent bypasses via chunked transfer-encoding.
+    const contentLength = parseInt(request.headers.get("content-length") || "0", 10);
+    if (contentLength > __MAX_ACTION_BODY_SIZE) {
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response("Payload Too Large", { status: 413 });
+    }
+
+    try {
+      const contentType = request.headers.get("content-type") || "";
+      let body;
+      try {
+        body = contentType.startsWith("multipart/form-data")
+          ? await __readFormDataWithLimit(request, __MAX_ACTION_BODY_SIZE)
+          : await __readBodyWithLimit(request, __MAX_ACTION_BODY_SIZE);
+      } catch (sizeErr) {
+        if (sizeErr && sizeErr.message === "Request body too large") {
+          setHeadersContext(null);
+          setNavigationContext(null);
+          return new Response("Payload Too Large", { status: 413 });
+        }
+        throw sizeErr;
+      }
+      const temporaryReferences = createTemporaryReferenceSet();
+      const args = await decodeReply(body, { temporaryReferences });
+      const action = await loadServerAction(actionId);
+      let returnValue;
+      let actionRedirect = null;
+      try {
+        const data = await action.apply(null, args);
+        returnValue = { ok: true, data };
+      } catch (e) {
+        // Detect redirect() / permanentRedirect() called inside the action.
+        // These throw errors with digest "NEXT_REDIRECT;replace;url[;status]".
+        // The URL is encodeURIComponent-encoded to prevent semicolons in the URL
+        // from corrupting the delimiter-based digest format.
+        if (e && typeof e === "object" && "digest" in e) {
+          const digest = String(e.digest);
+          if (digest.startsWith("NEXT_REDIRECT;")) {
+            const parts = digest.split(";");
+            actionRedirect = {
+              url: decodeURIComponent(parts[2]),
+              type: parts[1] || "replace",       // "push" or "replace"
+              status: parts[3] ? parseInt(parts[3], 10) : 307,
+            };
+            returnValue = { ok: true, data: undefined };
+          } else if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+            // notFound() / forbidden() / unauthorized() in action — package as error
+            returnValue = { ok: false, data: e };
+          } else {
+            // Non-navigation digest error — sanitize in production to avoid
+            // leaking internal details (connection strings, paths, etc.)
+            console.error("[vinext] Server action error:", e);
+            returnValue = { ok: false, data: __sanitizeErrorForClient(e) };
+          }
+        } else {
+          // Unhandled error — sanitize in production to avoid leaking
+          // internal details (database errors, file paths, stack traces, etc.)
+          console.error("[vinext] Server action error:", e);
+          returnValue = { ok: false, data: __sanitizeErrorForClient(e) };
+        }
+      }
+
+      // If the action called redirect(), signal the client to navigate.
+      // We can't use a real HTTP redirect (the fetch would follow it automatically
+      // and receive a page HTML instead of RSC stream). Instead, we return a 200
+      // with x-action-redirect header that the client entry detects and handles.
+      if (actionRedirect) {
+        const actionPendingCookies = getAndClearPendingCookies();
+        const actionDraftCookie = getDraftModeCookieHeader();
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const redirectHeaders = new Headers({
+          "Content-Type": "text/x-component; charset=utf-8",
+          "Vary": "RSC, Accept",
+          "x-action-redirect": actionRedirect.url,
+          "x-action-redirect-type": actionRedirect.type,
+          "x-action-redirect-status": String(actionRedirect.status),
+        });
+        for (const cookie of actionPendingCookies) {
+          redirectHeaders.append("Set-Cookie", cookie);
+        }
+        if (actionDraftCookie) redirectHeaders.append("Set-Cookie", actionDraftCookie);
+        // Send an empty RSC-like body (client will navigate instead of parsing)
+        return new Response("", { status: 200, headers: redirectHeaders });
+      }
+
+      // After the action, re-render the current page so the client
+      // gets an updated React tree reflecting any mutations.
+      const match = matchRoute(cleanPathname, routes);
+      let element;
+      if (match) {
+        const { route: actionRoute, params: actionParams } = match;
+        setNavigationContext({
+          pathname: cleanPathname,
+          searchParams: url.searchParams,
+          params: actionParams,
+        });
+        element = buildPageElement(actionRoute, actionParams, undefined, url.searchParams);
+      } else {
+        element = createElement("div", null, "Page not found");
+      }
+
+      const onRenderError = createRscOnErrorHandler(
+        request,
+        cleanPathname,
+        match ? match.route.pattern : cleanPathname,
+      );
+      const rscStream = renderToReadableStream(
+        { root: element, returnValue },
+        { temporaryReferences, onError: onRenderError },
+      );
+
+      // Collect cookies set during the action synchronously (before stream is consumed).
+      // Do NOT clear headers/navigation context here — the RSC stream is consumed lazily
+      // by the client, and async server components that run during consumption need the
+      // context to still be live. The AsyncLocalStorage scope from runWithHeadersContext
+      // handles cleanup naturally when all async continuations complete.
+      const actionPendingCookies = getAndClearPendingCookies();
+      const actionDraftCookie = getDraftModeCookieHeader();
+
+      const actionHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
+      const actionResponse = new Response(rscStream, { headers: actionHeaders });
+      if (actionPendingCookies.length > 0 || actionDraftCookie) {
+        for (const cookie of actionPendingCookies) {
+          actionResponse.headers.append("Set-Cookie", cookie);
+        }
+        if (actionDraftCookie) actionResponse.headers.append("Set-Cookie", actionDraftCookie);
+      }
+      return actionResponse;
+    } catch (err) {
+      getAndClearPendingCookies(); // Clear pending cookies on error
+      console.error("[vinext] Server action error:", err);
+      _reportRequestError(
+        err instanceof Error ? err : new Error(String(err)),
+        { path: cleanPathname, method: request.method, headers: Object.fromEntries(request.headers.entries()) },
+        { routerKind: "App Router", routePath: cleanPathname, routeType: "action" },
+      ).catch((reportErr) => {
+        console.error("[vinext] Failed to report server action error:", reportErr);
+      });
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response(
+        process.env.NODE_ENV === "production"
+          ? "Internal Server Error"
+          : "Server action failed: " + (err && err.message ? err.message : String(err)),
+        { status: 500 },
+      );
+    }
+  }
+
+  // ── Apply afterFiles rewrites from next.config.js ──────────────────────
+  if (__configRewrites.afterFiles && __configRewrites.afterFiles.length) {
+    const __afterRewritten = __applyConfigRewrites(cleanPathname, __configRewrites.afterFiles, __postMwReqCtx);
+    if (__afterRewritten) {
+      if (__isExternalUrl(__afterRewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __afterRewritten);
+      }
+      cleanPathname = __afterRewritten;
+    }
+  }
+
+  let match = matchRoute(cleanPathname, routes);
+
+  // ── Fallback rewrites from next.config.js (if no route matched) ───────
+  if (!match && __configRewrites.fallback && __configRewrites.fallback.length) {
+    const __fallbackRewritten = __applyConfigRewrites(cleanPathname, __configRewrites.fallback, __postMwReqCtx);
+    if (__fallbackRewritten) {
+      if (__isExternalUrl(__fallbackRewritten)) {
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return __proxyExternalRequest(request, __fallbackRewritten);
+      }
+      cleanPathname = __fallbackRewritten;
+      match = matchRoute(cleanPathname, routes);
+    }
+  }
+
+  if (!match) {
+    // Render custom not-found page if available, otherwise plain 404
+    const notFoundResponse = await renderNotFoundPage(null, isRscRequest, request);
+    if (notFoundResponse) return notFoundResponse;
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response("Not Found", { status: 404 });
+  }
+
+  const { route, params } = match;
+
+  // Update navigation context with matched params
+  setNavigationContext({
+    pathname: cleanPathname,
+    searchParams: url.searchParams,
+    params,
+  });
+
+  // Handle route.ts API handlers
+  if (route.routeHandler) {
+    const handler = route.routeHandler;
+    const method = request.method.toUpperCase();
+    const revalidateSeconds = typeof handler.revalidate === "number" && handler.revalidate > 0 ? handler.revalidate : null;
+
+    // Collect exported HTTP methods for OPTIONS auto-response and Allow header
+    const HTTP_METHODS = ["GET", "HEAD", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"];
+    const exportedMethods = HTTP_METHODS.filter((m) => typeof handler[m] === "function");
+    // If GET is exported, HEAD is implicitly supported
+    if (exportedMethods.includes("GET") && !exportedMethods.includes("HEAD")) {
+      exportedMethods.push("HEAD");
+    }
+    const hasDefault = typeof handler["default"] === "function";
+
+    // OPTIONS auto-implementation: respond with Allow header and 204
+    if (method === "OPTIONS" && typeof handler["OPTIONS"] !== "function") {
+      const allowMethods = hasDefault ? HTTP_METHODS : exportedMethods;
+      if (!allowMethods.includes("OPTIONS")) allowMethods.push("OPTIONS");
+      setHeadersContext(null);
+      setNavigationContext(null);
+      return new Response(null, {
+        status: 204,
+        headers: { "Allow": allowMethods.join(", ") },
+      });
+    }
+
+    // HEAD auto-implementation: run GET handler and strip body
+    let handlerFn = handler[method] || handler["default"];
+    let isAutoHead = false;
+    if (method === "HEAD" && typeof handler["HEAD"] !== "function" && typeof handler["GET"] === "function") {
+      handlerFn = handler["GET"];
+      isAutoHead = true;
+    }
+
+    if (typeof handlerFn === "function") {
+      try {
+        const response = await handlerFn(request, { params });
+
+        // Apply Cache-Control from route segment config (export const revalidate = N).
+        // Next.js sets s-maxage on GET route handlers with a numeric revalidate value.
+        if (revalidateSeconds !== null && (method === "GET" || isAutoHead) && !response.headers.has("cache-control")) {
+          response.headers.set("cache-control", "s-maxage=" + revalidateSeconds + ", stale-while-revalidate");
+        }
+
+        // Collect any Set-Cookie headers from cookies().set()/delete() calls
+        const pendingCookies = getAndClearPendingCookies();
+        const draftCookie = getDraftModeCookieHeader();
+        setHeadersContext(null);
+        setNavigationContext(null);
+
+        // If we have pending cookies, create a new response with them attached
+        if (pendingCookies.length > 0 || draftCookie) {
+          const newHeaders = new Headers(response.headers);
+          for (const cookie of pendingCookies) {
+            newHeaders.append("Set-Cookie", cookie);
+          }
+          if (draftCookie) newHeaders.append("Set-Cookie", draftCookie);
+
+          if (isAutoHead) {
+            return new Response(null, {
+              status: response.status,
+              statusText: response.statusText,
+              headers: newHeaders,
+            });
+          }
+          return new Response(response.body, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: newHeaders,
+          });
+        }
+
+        if (isAutoHead) {
+          // Strip body for auto-HEAD, preserve headers and status
+          return new Response(null, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: response.headers,
+          });
+        }
+        return response;
+      } catch (err) {
+        getAndClearPendingCookies(); // Clear any pending cookies on error
+        // Catch redirect() / notFound() thrown from route handlers
+        if (err && typeof err === "object" && "digest" in err) {
+          const digest = String(err.digest);
+          if (digest.startsWith("NEXT_REDIRECT;")) {
+            const parts = digest.split(";");
+            const redirectUrl = decodeURIComponent(parts[2]);
+            const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+            setHeadersContext(null);
+            setNavigationContext(null);
+            return new Response(null, {
+              status: statusCode,
+              headers: { Location: new URL(redirectUrl, request.url).toString() },
+            });
+          }
+          if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+            const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+            setHeadersContext(null);
+            setNavigationContext(null);
+            return new Response(null, { status: statusCode });
+          }
+        }
+        setHeadersContext(null);
+        setNavigationContext(null);
+        console.error("[vinext] Route handler error:", err);
+        _reportRequestError(
+          err instanceof Error ? err : new Error(String(err)),
+          { path: cleanPathname, method: request.method, headers: Object.fromEntries(request.headers.entries()) },
+          { routerKind: "App Router", routePath: route.pattern, routeType: "route" },
+        ).catch((reportErr) => {
+          console.error("[vinext] Failed to report route handler error:", reportErr);
+        });
+        return new Response(null, { status: 500 });
+      }
+    }
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response(null, {
+      status: 405,
+      headers: { Allow: exportedMethods.join(", ") },
+    });
+  }
+
+  // Build the component tree: layouts wrapping the page
+  const PageComponent = route.page?.default;
+  if (!PageComponent) {
+    setHeadersContext(null);
+    setNavigationContext(null);
+    return new Response("Page has no default export", { status: 500 });
+  }
+
+  // Read route segment config from page module exports
+  let revalidateSeconds = typeof route.page?.revalidate === "number" ? route.page.revalidate : null;
+  const dynamicConfig = route.page?.dynamic; // 'auto' | 'force-dynamic' | 'force-static' | 'error'
+  const dynamicParamsConfig = route.page?.dynamicParams; // true (default) | false
+  const isForceStatic = dynamicConfig === "force-static";
+  const isDynamicError = dynamicConfig === "error";
+
+  // force-static: replace headers/cookies context with empty values and
+  // clear searchParams so dynamic APIs return defaults instead of real data
+  if (isForceStatic) {
+    setHeadersContext({ headers: new Headers(), cookies: new Map() });
+    setNavigationContext({
+      pathname: cleanPathname,
+      searchParams: new URLSearchParams(),
+      params,
+    });
+  }
+
+  // dynamic = 'error': set a trap context that throws when headers/cookies are accessed
+  if (isDynamicError) {
+    const errorMsg = 'Page with \`dynamic = "error"\` used a dynamic API. ' +
+      'This page was expected to be fully static, but headers(), cookies(), ' +
+      'or searchParams was accessed. Remove the dynamic API usage or change ' +
+      'the dynamic config to "auto" or "force-dynamic".';
+    const throwingHeaders = new Proxy(new Headers(), {
+      get(target, prop) {
+        if (typeof prop === "string" && prop !== "then") throw new Error(errorMsg);
+        return Reflect.get(target, prop);
+      },
+    });
+    const throwingCookies = new Proxy(new Map(), {
+      get(target, prop) {
+        if (typeof prop === "string" && prop !== "then") throw new Error(errorMsg);
+        return Reflect.get(target, prop);
+      },
+    });
+    setHeadersContext({ headers: throwingHeaders, cookies: throwingCookies });
+    setNavigationContext({
+      pathname: cleanPathname,
+      searchParams: new URLSearchParams(),
+      params,
+    });
+  }
+
+  // dynamicParams = false: only params from generateStaticParams are allowed
+  if (dynamicParamsConfig === false && route.isDynamic && typeof route.page?.generateStaticParams === "function") {
+    try {
+      // Pass parent params to generateStaticParams (Next.js top-down params passing).
+      // Parent params = all matched params that DON'T belong to the leaf page's own dynamic segments.
+      // We pass the full matched params; the function uses only what it needs.
+      const staticParams = await route.page.generateStaticParams({ params });
+      if (Array.isArray(staticParams)) {
+        const paramKeys = Object.keys(params);
+        const isAllowed = staticParams.some(sp =>
+          paramKeys.every(key => {
+            const val = params[key];
+            const staticVal = sp[key];
+            // Allow parent params to not be in the returned set (they're inherited)
+            if (staticVal === undefined) return true;
+            if (Array.isArray(val)) return JSON.stringify(val) === JSON.stringify(staticVal);
+            return String(val) === String(staticVal);
+          })
+        );
+        if (!isAllowed) {
+          setHeadersContext(null);
+          setNavigationContext(null);
+          return new Response("Not Found", { status: 404 });
+        }
+      }
+    } catch (err) {
+      console.error("[vinext] generateStaticParams error:", err);
+    }
+  }
+
+  // force-dynamic: set no-store Cache-Control
+  const isForceDynamic = dynamicConfig === "force-dynamic";
+
+  // Check for intercepting routes on RSC requests (client-side navigation).
+  // If the target URL matches an intercepting route in a parallel slot,
+  // render the source route with the intercepting page in the slot.
+  let interceptOpts = undefined;
+  if (isRscRequest) {
+    const intercept = findIntercept(cleanPathname);
+    if (intercept) {
+      const sourceRoute = routes[intercept.sourceRouteIndex];
+      if (sourceRoute && sourceRoute !== route) {
+        // Render the source route (e.g. /feed) with the intercepting page in the slot
+        const sourceMatch = matchRoute(sourceRoute.pattern, routes);
+        const sourceParams = sourceMatch ? sourceMatch.params : {};
+        setNavigationContext({
+          pathname: cleanPathname,
+          searchParams: url.searchParams,
+          params: intercept.matchedParams,
+        });
+        const interceptElement = await buildPageElement(sourceRoute, sourceParams, {
+          interceptSlot: intercept.slotName,
+          interceptPage: intercept.page,
+          interceptParams: intercept.matchedParams,
+        }, url.searchParams);
+        const interceptOnError = createRscOnErrorHandler(
+          request,
+          cleanPathname,
+          sourceRoute.pattern,
+        );
+        const interceptStream = renderToReadableStream(interceptElement, { onError: interceptOnError });
+        // Do NOT clear headers/navigation context here — the RSC stream is consumed lazily
+        // by the client, and async server components that run during consumption need the
+        // context to still be live. The AsyncLocalStorage scope from runWithHeadersContext
+        // handles cleanup naturally when all async continuations complete.
+        return new Response(interceptStream, {
+          headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
+        });
+      }
+      // If sourceRoute === route, apply intercept opts to the normal render
+      interceptOpts = {
+        interceptSlot: intercept.slotName,
+        interceptPage: intercept.page,
+        interceptParams: intercept.matchedParams,
+      };
+    }
+  }
+
+  let element;
+  try {
+    element = await buildPageElement(route, params, interceptOpts, url.searchParams);
+  } catch (buildErr) {
+    // Check for redirect/notFound/forbidden/unauthorized thrown during metadata resolution or async components
+    if (buildErr && typeof buildErr === "object" && "digest" in buildErr) {
+      const digest = String(buildErr.digest);
+      if (digest.startsWith("NEXT_REDIRECT;")) {
+        const parts = digest.split(";");
+        const redirectUrl = decodeURIComponent(parts[2]);
+        const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+      }
+      if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+        const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { matchedParams: params });
+        if (fallbackResp) return fallbackResp;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+        return new Response(statusText, { status: statusCode });
+      }
+    }
+    // Non-special error (e.g. generateMetadata() threw) — render error.tsx if available
+    const errorBoundaryResp = await renderErrorBoundaryPage(route, buildErr, isRscRequest, request, params);
+    if (errorBoundaryResp) return errorBoundaryResp;
+    throw buildErr;
+  }
+
+  // Note: CSS is automatically injected by @vitejs/plugin-rsc's
+  // rscCssTransform — no manual loadCss() call needed.
+
+  // Helper: check if an error is a redirect/notFound/forbidden/unauthorized thrown by the navigation shim
+  async function handleRenderError(err) {
+    if (err && typeof err === "object" && "digest" in err) {
+      const digest = String(err.digest);
+      if (digest.startsWith("NEXT_REDIRECT;")) {
+        const parts = digest.split(";");
+        const redirectUrl = decodeURIComponent(parts[2]);
+        const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+      }
+      if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+        const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+        const fallbackResp = await renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, request, { matchedParams: params });
+        if (fallbackResp) return fallbackResp;
+        setHeadersContext(null);
+        setNavigationContext(null);
+        const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+        return new Response(statusText, { status: statusCode });
+      }
+    }
+    return null;
+  }
+
+  // Pre-render layout components to catch notFound()/redirect() thrown from layouts.
+  // In Next.js, each layout level has its own NotFoundBoundary. When a layout throws
+  // notFound(), the parent layout's boundary catches it and renders the parent's
+  // not-found.tsx. Since React Flight doesn't activate client error boundaries during
+  // RSC rendering, we catch layout-level throws here and render the appropriate
+  // fallback page with only the layouts above the throwing one.
+  //
+  // IMPORTANT: Layout pre-render runs BEFORE page pre-render. In Next.js, layouts
+  // render before their children — if a layout throws notFound(), the page never
+  // executes. By checking layouts first, we avoid a bug where the page's notFound()
+  // triggers renderHTTPAccessFallbackPage with ALL route layouts, but one of those
+  // layouts itself throws notFound() during the fallback rendering (causing a 500).
+  if (route.layouts && route.layouts.length > 0) {
+    const asyncParams = makeThenableParams(params);
+    // Run inside ALS context so the module-level console.error patch suppresses
+    // "Invalid hook call" only for this request's probe — concurrent requests
+    // each have their own ALS store and are unaffected.
+    const _layoutProbeResult = await _suppressHookWarningAls.run(true, async () => {
+      for (let li = route.layouts.length - 1; li >= 0; li--) {
+        const LayoutComp = route.layouts[li]?.default;
+        if (!LayoutComp) continue;
+        try {
+          const lr = LayoutComp({ params: asyncParams, children: null });
+          if (lr && typeof lr === "object" && typeof lr.then === "function") await lr;
+        } catch (layoutErr) {
+          if (layoutErr && typeof layoutErr === "object" && "digest" in layoutErr) {
+            const digest = String(layoutErr.digest);
+             if (digest.startsWith("NEXT_REDIRECT;")) {
+               const parts = digest.split(";");
+               const redirectUrl = decodeURIComponent(parts[2]);
+               const statusCode = parts[3] ? parseInt(parts[3], 10) : 307;
+               setHeadersContext(null);
+               setNavigationContext(null);
+               return Response.redirect(new URL(redirectUrl, request.url), statusCode);
+            }
+            if (digest === "NEXT_NOT_FOUND" || digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")) {
+              const statusCode = digest === "NEXT_NOT_FOUND" ? 404 : parseInt(digest.split(";")[1], 10);
+              // Find the not-found component from the parent level (the boundary that
+              // would catch this in Next.js). Walk up from the throwing layout to find
+              // the nearest not-found at a parent layout's directory.
+              let parentNotFound = null;
+              if (route.notFounds) {
+                for (let pi = li - 1; pi >= 0; pi--) {
+                  if (route.notFounds[pi]?.default) {
+                    parentNotFound = route.notFounds[pi].default;
+                    break;
+                  }
+                }
+              }
+              if (!parentNotFound) parentNotFound = null;
+              // Wrap in only the layouts above the throwing one
+              const parentLayouts = route.layouts.slice(0, li);
+              const fallbackResp = await renderHTTPAccessFallbackPage(
+                route, statusCode, isRscRequest, request,
+                { boundaryComponent: parentNotFound, layouts: parentLayouts, matchedParams: params }
+              );
+              if (fallbackResp) return fallbackResp;
+              setHeadersContext(null);
+              setNavigationContext(null);
+              const statusText = statusCode === 403 ? "Forbidden" : statusCode === 401 ? "Unauthorized" : "Not Found";
+              return new Response(statusText, { status: statusCode });
+            }
+          }
+          // Not a special error — let it propagate through normal RSC rendering
+        }
+      }
+      return null;
+    });
+    if (_layoutProbeResult instanceof Response) return _layoutProbeResult;
+  }
+
+  // Pre-render the page component to catch redirect()/notFound() thrown synchronously.
+  // Server Components are just functions — we can call PageComponent directly to detect
+  // these special throws before starting the RSC stream.
+  //
+  // For routes with a loading.tsx Suspense boundary, we skip awaiting async components.
+  // The Suspense boundary + rscOnError will handle redirect/notFound thrown during
+  // streaming, and blocking here would defeat streaming (the slow component's delay
+  // would be hit before the RSC stream even starts).
+  //
+  // Because this calls the component outside React's render cycle, hooks like use()
+  // trigger "Invalid hook call" console.error in dev. The module-level ALS patch
+  // suppresses the warning only within this request's execution context.
+  const _hasLoadingBoundary = !!(route.loading && route.loading.default);
+  const _pageProbeResult = await _suppressHookWarningAls.run(true, async () => {
+    try {
+      const testResult = PageComponent({ params });
+      // If it's a promise (async component), only await if there's no loading boundary.
+      // With a loading boundary, the Suspense streaming pipeline handles async resolution
+      // and any redirect/notFound errors via rscOnError.
+      if (testResult && typeof testResult === "object" && typeof testResult.then === "function") {
+        if (!_hasLoadingBoundary) {
+          await testResult;
+        } else {
+          // Suppress unhandled promise rejection — with a loading boundary,
+          // redirect/notFound errors are handled by rscOnError during streaming.
+          testResult.catch(() => {});
+        }
+      }
+    } catch (preRenderErr) {
+      const specialResponse = await handleRenderError(preRenderErr);
+      if (specialResponse) return specialResponse;
+      // Non-special errors from the pre-render test are expected (e.g. use() hook
+      // fails outside React's render cycle, client references can't execute on server).
+      // Only redirect/notFound/forbidden/unauthorized are actionable here — other
+      // errors will be properly caught during actual RSC/SSR rendering below.
+    }
+    return null;
+  });
+  if (_pageProbeResult instanceof Response) return _pageProbeResult;
+
+  // Mark end of compile phase: route matching, middleware, tree building are done.
+  if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
+
+  // Render to RSC stream
+  const onRenderError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  const rscStream = renderToReadableStream(element, { onError: onRenderError });
+
+  if (isRscRequest) {
+    // Direct RSC stream response (for client-side navigation)
+    // NOTE: Do NOT clear headers/navigation context here!
+    // The RSC stream is consumed lazily - components render when chunks are read.
+    // If we clear context now, headers()/cookies() will fail during rendering.
+    // Context will be cleared when the next request starts (via runWithHeadersContext).
+    const responseHeaders = { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" };
+    // Include matched route params so the client can hydrate useParams()
+    if (params && Object.keys(params).length > 0) {
+      responseHeaders["X-Vinext-Params"] = JSON.stringify(params);
+    }
+    if (isForceDynamic) {
+      responseHeaders["Cache-Control"] = "no-store, must-revalidate";
+    } else if ((isForceStatic || isDynamicError) && !revalidateSeconds) {
+      responseHeaders["Cache-Control"] = "s-maxage=31536000, stale-while-revalidate";
+      responseHeaders["X-Vinext-Cache"] = "STATIC";
+    } else if (revalidateSeconds) {
+      responseHeaders["Cache-Control"] = "s-maxage=" + revalidateSeconds + ", stale-while-revalidate";
+    }
+    // Merge middleware response headers into the RSC response.
+    // set-cookie and vary are accumulated to preserve existing values
+    // (e.g. "Vary: RSC, Accept" set above); all other keys use plain
+    // assignment so middleware headers win over config headers, which
+    // the outer handler applies afterward and skips keys already present.
+    if (_mwCtx.headers) {
+      for (const [key, value] of _mwCtx.headers) {
+        const lk = key.toLowerCase();
+        if (lk === "set-cookie") {
+          const existing = responseHeaders[lk];
+          if (Array.isArray(existing)) {
+            existing.push(value);
+          } else if (existing) {
+            responseHeaders[lk] = [existing, value];
+          } else {
+            responseHeaders[lk] = [value];
+          }
+        } else if (lk === "vary") {
+          // Accumulate Vary values to preserve the existing "RSC, Accept" entry.
+          const existing = responseHeaders["Vary"] ?? responseHeaders["vary"];
+          if (existing) {
+            responseHeaders["Vary"] = existing + ", " + value;
+            if (responseHeaders["vary"] !== undefined) delete responseHeaders["vary"];
+          } else {
+            responseHeaders[key] = value;
+          }
+        } else {
+          responseHeaders[key] = value;
+        }
+      }
+    }
+    // Attach internal timing header so the dev server middleware can log it.
+    // Format: "handlerStart,compileMs,renderMs"
+    //   handlerStart - absolute performance.now() when _handleRequest began,
+    //                  used by the logging middleware to compute true compile
+    //                  time as (handlerStart - middlewareReqStart).
+    //   compileMs    - time inside the handler before renderToReadableStream.
+    //                  -1 sentinel means compile time is not measured.
+    //   renderMs     - -1 sentinel for RSC-only (soft-nav) responses, since
+    //                  rendering is handled asynchronously by the client. The
+    //                  logging middleware computes render time as totalMs - compileMs.
+    if (process.env.NODE_ENV !== "production") {
+      const handlerStart = Math.round(__reqStart);
+      const compileMs = __compileEnd !== undefined ? Math.round(__compileEnd - __reqStart) : -1;
+      responseHeaders["x-vinext-timing"] = handlerStart + "," + compileMs + ",-1";
+    }
+    return new Response(rscStream, { status: _mwCtx.status || 200, headers: responseHeaders });
+  }
+
+  // Collect font data from RSC environment before passing to SSR
+  // (Fonts are loaded during RSC rendering when layout.tsx calls Geist() etc.)
+  const fontData = {
+    links: _getSSRFontLinks(),
+    styles: _getSSRFontStyles(),
+    preloads: _getSSRFontPreloads(),
+  };
+
+  // Build HTTP Link header for font preloading.
+  // This lets the browser (and CDN) start fetching font files before parsing HTML,
+  // eliminating the CSS → woff2 download waterfall.
+  const fontPreloads = fontData.preloads || [];
+  const fontLinkHeaderParts = [];
+  for (const preload of fontPreloads) {
+    fontLinkHeaderParts.push("<" + preload.href + ">; rel=preload; as=font; type=" + preload.type + "; crossorigin");
+  }
+  const fontLinkHeader = fontLinkHeaderParts.length > 0 ? fontLinkHeaderParts.join(", ") : "";
+
+  // Delegate to SSR environment for HTML rendering
+  let htmlStream;
+  try {
+    const ssrEntry = await import.meta.viteRsc.loadModule("ssr", "index");
+    htmlStream = await ssrEntry.handleSsr(rscStream, _getNavigationContext(), fontData);
+    // Shell render complete; Suspense boundaries stream asynchronously
+    if (process.env.NODE_ENV !== "production") __renderEnd = performance.now();
+  } catch (ssrErr) {
+    const specialResponse = await handleRenderError(ssrErr);
+    if (specialResponse) return specialResponse;
+    // Non-special error during SSR — render error.tsx if available
+    const errorBoundaryResp = await renderErrorBoundaryPage(route, ssrErr, isRscRequest, request, params);
+    if (errorBoundaryResp) return errorBoundaryResp;
+    throw ssrErr;
+  }
+
+  // Check for draftMode Set-Cookie header (from draftMode().enable()/disable())
+  const draftCookie = getDraftModeCookieHeader();
+
+  setHeadersContext(null);
+  setNavigationContext(null);
+
+  // Helper to attach draftMode cookie, middleware headers, font Link header, and rewrite status to a response
+  function attachMiddlewareContext(response) {
+    if (draftCookie) {
+      response.headers.append("Set-Cookie", draftCookie);
+    }
+    // Set HTTP Link header for font preloading
+    if (fontLinkHeader) {
+      response.headers.set("Link", fontLinkHeader);
+    }
+    // Merge middleware response headers into the final response.
+    // The response is freshly constructed above (new Response(htmlStream, {...})),
+    // so set() and append() are equivalent — there are no same-key conflicts yet.
+    // Precedence over config headers is handled by the outer handler, which
+    // skips config keys that middleware already placed on the response.
+    if (_mwCtx.headers) {
+      for (const [key, value] of _mwCtx.headers) {
+        response.headers.append(key, value);
+      }
+    }
+    // Attach internal timing header so the dev server middleware can log it.
+    // Format: "handlerStart,compileMs,renderMs"
+    //   handlerStart - absolute performance.now() when _handleRequest began,
+    //                  used by the logging middleware to compute true compile
+    //                  time as (handlerStart - middlewareReqStart).
+    //   compileMs    - time inside the handler before renderToReadableStream.
+    //   renderMs     - time from renderToReadableStream to handleSsr completion,
+    //                  or -1 sentinel if not measured (falls back to totalMs - compileMs).
+    if (process.env.NODE_ENV !== "production") {
+      const handlerStart = Math.round(__reqStart);
+      const compileMs = __compileEnd !== undefined ? Math.round(__compileEnd - __reqStart) : -1;
+      const renderMs = __renderEnd !== undefined && __compileEnd !== undefined
+        ? Math.round(__renderEnd - __compileEnd)
+        : -1;
+      response.headers.set("x-vinext-timing", handlerStart + "," + compileMs + "," + renderMs);
+    }
+    // Apply custom status code from middleware rewrite
+    if (_mwCtx.status) {
+      return new Response(response.body, {
+        status: _mwCtx.status,
+        headers: response.headers,
+      });
+    }
+    return response;
+  }
+
+  // Check if any component called connection(), cookies(), headers(), or noStore()
+  // during rendering. If so, treat as dynamic (skip ISR, set no-store).
+  const dynamicUsedDuringRender = consumeDynamicUsage();
+
+  // Check if cacheLife() was called during rendering (e.g., page with file-level "use cache").
+  // If so, use its revalidation period for the Cache-Control header.
+  const requestCacheLife = _consumeRequestScopedCacheLife();
+  if (requestCacheLife && requestCacheLife.revalidate !== undefined && revalidateSeconds === null) {
+    revalidateSeconds = requestCacheLife.revalidate;
+  }
+
+  // force-dynamic: always return no-store (highest priority)
+  if (isForceDynamic) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "no-store, must-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // force-static / error: treat as static regardless of dynamic usage.
+  // force-static intentionally provides empty headers/cookies context so
+  // dynamic APIs return safe defaults; we ignore the dynamic usage signal.
+  // dynamic='error' should have already thrown (via throwing Proxy) if user
+  // code accessed dynamic APIs, so reaching here means rendering succeeded.
+  if ((isForceStatic || isDynamicError) && (revalidateSeconds === null || revalidateSeconds === 0)) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "s-maxage=31536000, stale-while-revalidate",
+        "X-Vinext-Cache": "STATIC",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // auto mode: dynamic API usage (headers(), cookies(), connection(), noStore(),
+  // searchParams access) opts the page into dynamic rendering with no-store.
+  if (dynamicUsedDuringRender) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "no-store, must-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  // Emit Cache-Control for ISR pages so tests can verify revalidate values,
+  // but skip actual caching in dev — every request renders fresh.
+  if (revalidateSeconds !== null && revalidateSeconds > 0) {
+    return attachMiddlewareContext(new Response(htmlStream, {
+      headers: {
+        "Content-Type": "text/html; charset=utf-8",
+        "Cache-Control": "s-maxage=" + revalidateSeconds + ", stale-while-revalidate",
+        "Vary": "RSC, Accept",
+      },
+    }));
+  }
+
+  return attachMiddlewareContext(new Response(htmlStream, {
+    headers: { "Content-Type": "text/html; charset=utf-8", "Vary": "RSC, Accept" },
+  }));
+}
+
+if (import.meta.hot) {
+  import.meta.hot.accept();
+}
+"
+`;
+
+exports[`App Router entry templates > generateRscEntry snapshot (with middleware) 1`] = `
+"
+import {
+  renderToReadableStream,
+  decodeReply,
+  loadServerAction,
+  createTemporaryReferenceSet,
+} from "@vitejs/plugin-rsc/rsc";
+import { AsyncLocalStorage } from "node:async_hooks";
+import { createElement, Suspense, Fragment } from "react";
+import { setNavigationContext as _setNavigationContextOrig, getNavigationContext as _getNavigationContext } from "next/navigation";
+import { setHeadersContext, headersContextFromRequest, getDraftModeCookieHeader, getAndClearPendingCookies, consumeDynamicUsage, markDynamicUsage, runWithHeadersContext, applyMiddlewareRequestHeaders, getHeadersContext } from "next/headers";
+import { NextRequest, NextFetchEvent } from "next/server";
+import { ErrorBoundary, NotFoundBoundary } from "vinext/error-boundary";
+import { LayoutSegmentProvider } from "vinext/layout-segment-context";
+import { MetadataHead, mergeMetadata, resolveModuleMetadata, ViewportHead, mergeViewport, resolveModuleViewport } from "vinext/metadata";
+import * as middlewareModule from "/tmp/test/middleware.ts";
+
+
+import { _consumeRequestScopedCacheLife, _runWithCacheState } from "next/cache";
+import { runWithFetchCache } from "vinext/fetch-cache";
+import { runWithPrivateCache as _runWithPrivateCache } from "vinext/cache-runtime";
+// Import server-only state module to register ALS-backed accessors.
+import { runWithNavigationContext as _runWithNavigationContext } from "vinext/navigation-state";
+import { reportRequestError as _reportRequestError } from "vinext/instrumentation";
+import { getSSRFontLinks as _getSSRFontLinks, getSSRFontStyles as _getSSRFontStylesGoogle, getSSRFontPreloads as _getSSRFontPreloadsGoogle } from "next/font/google";
+import { getSSRFontStyles as _getSSRFontStylesLocal, getSSRFontPreloads as _getSSRFontPreloadsLocal } from "next/font/local";
+function _getSSRFontStyles() { return [..._getSSRFontStylesGoogle(), ..._getSSRFontStylesLocal()]; }
+function _getSSRFontPreloads() { return [..._getSSRFontPreloadsGoogle(), ..._getSSRFontPreloadsLocal()]; }
+
+// ALS used to suppress the expected "Invalid hook call" dev warning when
+// layout/page components are probed outside React's render cycle. Patching
+// console.error once at module load (instead of per-request) avoids the
+// concurrent-request issue where request A's suppression filter could
+// swallow real errors from request B.
+const _suppressHookWarningAls = new AsyncLocalStorage();
+const _origConsoleError = console.error;
+console.error = (...args) => {
+  if (_suppressHookWarningAls.getStore() === true &&
+      typeof args[0] === "string" &&
+      args[0].includes("Invalid hook call")) return;
+  _origConsoleError.apply(console, args);
+};
+
+// Set navigation context in the ALS-backed store. "use client" components
+// rendered during SSR need the pathname/searchParams/params but the SSR
+// environment has a separate module instance of next/navigation.
+// Use _getNavigationContext() to read the current context — never cache
+// it in a module-level variable (that would leak between concurrent requests).
+function setNavigationContext(ctx) {
+  _setNavigationContextOrig(ctx);
+}
+
+// ISR cache is disabled in dev mode — every request re-renders fresh,
+// matching Next.js dev behavior. Cache-Control headers are still emitted
+// based on export const revalidate for testing purposes.
+// Production ISR is handled by prod-server.ts and the Cloudflare worker entry.
+
+// Normalize null-prototype objects from matchPattern() into thenable objects
+// that work both as Promises (for Next.js 15+ async params) and as plain
+// objects with synchronous property access (for pre-15 code like params.id).
+//
+// matchPattern() uses Object.create(null), producing objects without
+// Object.prototype. The RSC serializer rejects these. Spreading ({...obj})
+// restores a normal prototype. Object.assign onto the Promise preserves
+// synchronous property access (params.id, params.slug) that existing
+// components and test fixtures rely on.
+function makeThenableParams(obj) {
+  const plain = { ...obj };
+  return Object.assign(Promise.resolve(plain), plain);
+}
+
+// Resolve route tree segments to actual values using matched params.
+// Dynamic segments like [id] are replaced with param values, catch-all
+// segments like [...slug] are joined with "/", and route groups are kept as-is.
+function __resolveChildSegments(routeSegments, treePosition, params) {
+  var raw = routeSegments.slice(treePosition);
+  var result = [];
+  for (var j = 0; j < raw.length; j++) {
+    var seg = raw[j];
+    // Optional catch-all: [[...param]]
+    if (seg.indexOf("[[...") === 0 && seg.charAt(seg.length - 1) === "]" && seg.charAt(seg.length - 2) === "]") {
+      var pn = seg.slice(5, -2);
+      var v = params[pn];
+      // Skip empty optional catch-all (e.g., visiting /blog on [[...slug]] route)
+      if (Array.isArray(v) && v.length === 0) continue;
+      if (v == null) continue;
+      result.push(Array.isArray(v) ? v.join("/") : v);
+    // Catch-all: [...param]
+    } else if (seg.indexOf("[...") === 0 && seg.charAt(seg.length - 1) === "]") {
+      var pn2 = seg.slice(4, -1);
+      var v2 = params[pn2];
+      result.push(Array.isArray(v2) ? v2.join("/") : (v2 || seg));
+    // Dynamic: [param]
+    } else if (seg.charAt(0) === "[" && seg.charAt(seg.length - 1) === "]" && seg.indexOf(".") === -1) {
+      var pn3 = seg.slice(1, -1);
+      result.push(params[pn3] || seg);
+    } else {
+      result.push(seg);
+    }
+  }
+  return result;
+}
+
+// djb2 hash — matches Next.js's stringHash for digest generation.
+// Produces a stable numeric string from error message + stack.
+function __errorDigest(str) {
+  let hash = 5381;
+  for (let i = str.length - 1; i >= 0; i--) {
+    hash = (hash * 33) ^ str.charCodeAt(i);
+  }
+  return (hash >>> 0).toString();
+}
+
+// Sanitize an error for client consumption. In production, replaces the error
+// with a generic Error that only carries a digest hash (matching Next.js
+// behavior). In development, returns the original error for debugging.
+// Navigation errors (redirect, notFound, etc.) are always passed through
+// unchanged since their digests are used for client-side routing.
+function __sanitizeErrorForClient(error) {
+  // Navigation errors must pass through with their digest intact
+  if (error && typeof error === "object" && "digest" in error) {
+    const digest = String(error.digest);
+    if (
+      digest.startsWith("NEXT_REDIRECT;") ||
+      digest === "NEXT_NOT_FOUND" ||
+      digest.startsWith("NEXT_HTTP_ERROR_FALLBACK;")
+    ) {
+      return error;
+    }
+  }
+  // In development, pass through the original error for debugging
+  if (process.env.NODE_ENV !== "production") {
+    return error;
+  }
+  // In production, create a sanitized error with only a digest hash
+  const msg = error instanceof Error ? error.message : String(error);
+  const stack = error instanceof Error ? (error.stack || "") : "";
+  const sanitized = new Error(
+    "An error occurred in the Server Components render. " +
+    "The specific message is omitted in production builds to avoid leaking sensitive details. " +
+    "A digest property is included on this error instance which may provide additional details about the nature of the error."
+  );
+  sanitized.digest = __errorDigest(msg + stack);
+  return sanitized;
+}
+
+// onError callback for renderToReadableStream — preserves the digest for
+// Next.js navigation errors (redirect, notFound, forbidden, unauthorized)
+// thrown during RSC streaming (e.g. inside Suspense boundaries).
+// For non-navigation errors in production, generates a digest hash so the
+// error can be correlated with server logs without leaking details.
+function rscOnError(error, requestInfo, errorContext) {
+  if (error && typeof error === "object" && "digest" in error) {
+    return String(error.digest);
+  }
+
+  // In dev, detect the "Only plain objects" RSC serialization error and emit
+  // an actionable hint. This error occurs when a Server Component passes a
+  // class instance, ES module namespace object, or null-prototype object as a
+  // prop to a Client Component.
+  //
+  // Root cause: Vite bundles modules as true ESM (module namespace objects
+  // have a null-like internal slot), while Next.js's webpack build produces
+  // plain CJS-wrapped objects with __esModule:true. React's RSC serializer
+  // accepts the latter as plain objects but rejects the former — which means
+  // code that accidentally passes "import * as X" works in webpack/Next.js
+  // but correctly fails in vinext.
+  //
+  // Common triggers:
+  //   - "import * as utils from './utils'" passed as a prop
+  //   - class instances (new Foo()) passed as props
+  //   - Date / Map / Set instances passed as props
+  //   - Objects with Object.create(null) (null prototype)
+  if (
+    process.env.NODE_ENV !== "production" &&
+    error instanceof Error &&
+    error.message.includes("Only plain objects, and a few built-ins, can be passed to Client Components")
+  ) {
+    console.error(
+      "[vinext] RSC serialization error: a non-plain object was passed from a Server Component to a Client Component.\\n" +
+      "\\n" +
+      "Common causes:\\n" +
+      "  * Passing a module namespace (import * as X) directly as a prop.\\n" +
+      "    Unlike Next.js (webpack), Vite produces real ESM module namespace objects\\n" +
+      "    which are not serializable. Fix: pass individual values instead,\\n" +
+      "    e.g. <Comp value={module.value} />\\n" +
+      "  * Passing a class instance (new Foo()) as a prop.\\n" +
+      "    Fix: convert to a plain object, e.g. { id: foo.id, name: foo.name }\\n" +
+      "  * Passing a Date, Map, or Set. Use .toISOString(), [...map.entries()], etc.\\n" +
+      "  * Passing Object.create(null). Use { ...obj } to restore a prototype.\\n" +
+      "\\n" +
+      "Original error:",
+      error.message,
+    );
+    return undefined;
+  }
+
+  if (requestInfo && errorContext && error) {
+    _reportRequestError(
+      error instanceof Error ? error : new Error(String(error)),
+      requestInfo,
+      errorContext,
+    ).catch((reportErr) => {
+      console.error("[vinext] Failed to report render error:", reportErr);
+    });
+  }
+
+  // In production, generate a digest hash for non-navigation errors
+  if (process.env.NODE_ENV === "production" && error) {
+    const msg = error instanceof Error ? error.message : String(error);
+    const stack = error instanceof Error ? (error.stack || "") : "";
+    return __errorDigest(msg + stack);
+  }
+  return undefined;
+}
+
+function createRscOnErrorHandler(request, pathname, routePath) {
+  const requestInfo = {
+    path: pathname,
+    method: request.method,
+    headers: Object.fromEntries(request.headers.entries()),
+  };
+  const errorContext = {
+    routerKind: "App Router",
+    routePath: routePath || pathname,
+    routeType: "render",
+  };
+  return function(error) {
+    return rscOnError(error, requestInfo, errorContext);
+  };
+}
+
+import * as mod_0 from "/tmp/test/app/page.tsx";
+import * as mod_1 from "/tmp/test/app/layout.tsx";
+import * as mod_2 from "/tmp/test/app/about/page.tsx";
+import * as mod_3 from "/tmp/test/app/blog/[slug]/page.tsx";
+import * as mod_4 from "/tmp/test/app/blog/[slug]/layout.tsx";
+import * as mod_5 from "/tmp/test/app/dashboard/page.tsx";
+import * as mod_6 from "/tmp/test/app/dashboard/layout.tsx";
+import * as mod_7 from "/tmp/test/app/dashboard/template.tsx";
+import * as mod_8 from "/tmp/test/app/dashboard/loading.tsx";
+import * as mod_9 from "/tmp/test/app/dashboard/error.tsx";
+import * as mod_10 from "/tmp/test/app/dashboard/not-found.tsx";
+
+
+
+const routes = [
+  {
+    pattern: "/",
+    isDynamic: false,
+    params: [],
+    page: mod_0,
+    routeHandler: null,
+    layouts: [mod_1],
+    routeSegments: [],
+    layoutTreePositions: [0],
+    templates: [],
+    errors: [null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null],
+    forbidden: null,
+    unauthorized: null,
+  },
+  {
+    pattern: "/about",
+    isDynamic: false,
+    params: [],
+    page: mod_2,
+    routeHandler: null,
+    layouts: [mod_1],
+    routeSegments: ["about"],
+    layoutTreePositions: [0],
+    templates: [],
+    errors: [null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null],
+    forbidden: null,
+    unauthorized: null,
+  },
+  {
+    pattern: "/blog/:slug",
+    isDynamic: true,
+    params: ["slug"],
+    page: mod_3,
+    routeHandler: null,
+    layouts: [mod_1, mod_4],
+    routeSegments: ["blog",":slug"],
+    layoutTreePositions: [0,1],
+    templates: [],
+    errors: [null, null],
+    slots: {
+
+    },
+    loading: null,
+    error: null,
+    notFound: null,
+    notFounds: [null, null],
+    forbidden: null,
+    unauthorized: null,
+  },
+  {
+    pattern: "/dashboard",
+    isDynamic: false,
+    params: [],
+    page: mod_5,
+    routeHandler: null,
+    layouts: [mod_1, mod_6],
+    routeSegments: ["dashboard"],
+    layoutTreePositions: [0,1],
+    templates: [mod_7],
+    errors: [null, mod_9],
+    slots: {
+
+    },
+    loading: mod_8,
+    error: mod_9,
+    notFound: mod_10,
+    notFounds: [null, mod_10],
+    forbidden: null,
+    unauthorized: null,
   }
 ];
 
diff --git a/tests/entry-templates.test.ts b/tests/entry-templates.test.ts
index 5656fbbc..d1c4c98e 100644
--- a/tests/entry-templates.test.ts
+++ b/tests/entry-templates.test.ts
@@ -19,6 +19,7 @@ import {
 } from "../packages/vinext/src/server/app-dev-server.js";
 import type { AppRouterConfig } from "../packages/vinext/src/server/app-dev-server.js";
 import type { AppRoute } from "../packages/vinext/src/routing/app-router.js";
+import type { MetadataFileRoute } from "../packages/vinext/src/server/metadata-routes.js";
 import vinext from "../packages/vinext/src/index.js";
 
 // Workspace root (forward-slash normalised) used to replace absolute paths
@@ -90,6 +91,25 @@ const minimalAppRoutes: AppRoute[] = [
     isDynamic: true,
     params: ["slug"],
   },
+  {
+    pattern: "/dashboard",
+    pagePath: "/tmp/test/app/dashboard/page.tsx",
+    routePath: null,
+    layouts: ["/tmp/test/app/layout.tsx", "/tmp/test/app/dashboard/layout.tsx"],
+    templates: ["/tmp/test/app/dashboard/template.tsx"],
+    parallelSlots: [],
+    loadingPath: "/tmp/test/app/dashboard/loading.tsx",
+    errorPath: "/tmp/test/app/dashboard/error.tsx",
+    layoutErrorPaths: [null, "/tmp/test/app/dashboard/error.tsx"],
+    notFoundPath: "/tmp/test/app/dashboard/not-found.tsx",
+    notFoundPaths: [null, "/tmp/test/app/dashboard/not-found.tsx"],
+    forbiddenPath: null,
+    unauthorizedPath: null,
+    routeSegments: ["dashboard"],
+    layoutTreePositions: [0, 1],
+    isDynamic: false,
+    params: [],
+  },
 ];
 
 // ── Pages Router fixture ──────────────────────────────────────────────
@@ -192,6 +212,28 @@ describe("App Router entry templates", () => {
     expect(code).toMatchSnapshot();
   });
 
+  it("generateRscEntry snapshot (with metadata routes)", () => {
+    const metadataRoutes: MetadataFileRoute[] = [
+      {
+        type: "sitemap",
+        isDynamic: true,
+        filePath: "/tmp/test/app/sitemap.ts",
+        servedUrl: "/sitemap.xml",
+        contentType: "application/xml",
+      },
+    ];
+    const code = generateRscEntry(
+      "/tmp/test/app",
+      minimalAppRoutes,
+      null,
+      metadataRoutes,
+      null,
+      "",
+      false,
+    );
+    expect(code).toMatchSnapshot();
+  });
+
   it("generateSsrEntry snapshot", () => {
     const code = generateSsrEntry();
     expect(code).toMatchSnapshot();

From 04832c80f209ec2f3c9c4e9a82824e2ef5e05a8a Mon Sep 17 00:00:00 2001
From: MD YUNUS <admin@yunuscollege.eu.org>
Date: Mon, 9 Mar 2026 02:46:22 +0530
Subject: [PATCH 8/8] test: fix snapshot portability - apply stabilize() to all
 App Router tests, update snapshots after merge

---
 .../entry-templates.test.ts.snap              | 794 +++++++++++-------
 tests/entry-templates.test.ts                 |  16 +-
 2 files changed, 515 insertions(+), 295 deletions(-)

diff --git a/tests/__snapshots__/entry-templates.test.ts.snap b/tests/__snapshots__/entry-templates.test.ts.snap
index 8cd4ad0d..ec9c517f 100644
--- a/tests/__snapshots__/entry-templates.test.ts.snap
+++ b/tests/__snapshots__/entry-templates.test.ts.snap
@@ -11,7 +11,7 @@ import {
 } from "@vitejs/plugin-rsc/browser";
 import { hydrateRoot } from "react-dom/client";
 import { flushSync } from "react-dom";
-import { setClientParams, toRscUrl, getPrefetchCache, getPrefetchedUrls, PREFETCH_CACHE_TTL } from "next/navigation";
+import { setClientParams, setNavigationContext, toRscUrl, getPrefetchCache, getPrefetchedUrls, PREFETCH_CACHE_TTL } from "next/navigation";
 
 let reactRoot;
 
@@ -180,6 +180,10 @@ async function main() {
       if (embedData.params) {
         setClientParams(embedData.params);
       }
+      // Legacy format may include nav context for hydration snapshot consistency.
+      if (embedData.nav) {
+        setNavigationContext({ pathname: embedData.nav.pathname, searchParams: new URLSearchParams(embedData.nav.searchParams || {}), params: embedData.params || {} });
+      }
       rscStream = chunksToReadableStream(embedData.rsc);
     } else {
       // Progressive format: chunks arrive incrementally via script tags.
@@ -187,6 +191,12 @@ async function main() {
       if (self.__VINEXT_RSC_PARAMS__) {
         setClientParams(self.__VINEXT_RSC_PARAMS__);
       }
+      // Restore the server navigation context so useSyncExternalStore getServerSnapshot
+      // matches what was rendered on the server, preventing hydration mismatches.
+      if (self.__VINEXT_RSC_NAV__) {
+        const __nav = self.__VINEXT_RSC_NAV__;
+        setNavigationContext({ pathname: __nav.pathname, searchParams: new URLSearchParams(__nav.searchParams), params: self.__VINEXT_RSC_PARAMS__ || {} });
+      }
       rscStream = createProgressiveRscStream();
     }
   } else {
@@ -198,6 +208,8 @@ async function main() {
     if (paramsHeader) {
       try { setClientParams(JSON.parse(paramsHeader)); } catch (_e) { /* ignore */ }
     }
+    // Set nav context from current URL for hydration snapshot consistency.
+    setNavigationContext({ pathname: window.location.pathname, searchParams: new URLSearchParams(window.location.search), params: self.__VINEXT_RSC_PARAMS__ || {} });
 
     rscStream = rscResponse.body;
   }
@@ -806,6 +818,7 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
   // Resolve the error boundary component: leaf error.tsx first, then walk per-layout
   // errors from innermost to outermost (matching ancestor inheritance), then global-error.tsx.
   let ErrorComponent = route?.error?.default ?? null;
+  let _isGlobalError = false;
   if (!ErrorComponent && route?.errors) {
     for (let i = route.errors.length - 1; i >= 0; i--) {
       if (route.errors[i]?.default) {
@@ -814,7 +827,7 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       }
     }
   }
-  ErrorComponent = ErrorComponent;
+  
   if (!ErrorComponent) return null;
 
   const rawError = error instanceof Error ? error : new Error(String(error));
@@ -829,32 +842,51 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
   let element = createElement(ErrorComponent, {
     error: errorObj,
   });
-  const layouts = route?.layouts ?? rootLayouts;
-  if (isRscRequest) {
-    // For RSC requests (client-side navigation), wrap with the same component
-    // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
-    // This ensures React can reconcile the tree without destroying the DOM.
-    // Same rationale as renderHTTPAccessFallbackPage — see comment there.
-    const _errTreePositions = route?.layoutTreePositions;
-    const _errRouteSegs = route?.routeSegments || [];
-    const _errParams = matchedParams ?? route?.params ?? {};
-    const _asyncErrParams = makeThenableParams(_errParams);
-    for (let i = layouts.length - 1; i >= 0; i--) {
-      const LayoutComponent = layouts[i]?.default;
-      if (LayoutComponent) {
-        element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
-        const _etp = _errTreePositions ? _errTreePositions[i] : 0;
-        const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
-        element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+
+  // global-error.tsx provides its own <html> and <body> (it replaces the root
+  // layout). Skip layout wrapping when rendering it to avoid double <html> tags.
+  if (!_isGlobalError) {
+    const layouts = route?.layouts ?? rootLayouts;
+    if (isRscRequest) {
+      // For RSC requests (client-side navigation), wrap with the same component
+      // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
+      // This ensures React can reconcile the tree without destroying the DOM.
+      // Same rationale as renderHTTPAccessFallbackPage — see comment there.
+      const _errTreePositions = route?.layoutTreePositions;
+      const _errRouteSegs = route?.routeSegments || [];
+      const _errParams = matchedParams ?? route?.params ?? {};
+      const _asyncErrParams = makeThenableParams(_errParams);
+      for (let i = layouts.length - 1; i >= 0; i--) {
+        const LayoutComponent = layouts[i]?.default;
+        if (LayoutComponent) {
+          element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
+          const _etp = _errTreePositions ? _errTreePositions[i] : 0;
+          const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
+          element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+        }
+      }
+      
+    } else {
+      // For HTML (full page load) responses, wrap with layouts only.
+      const _errParamsHtml = matchedParams ?? route?.params ?? {};
+      const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
+      for (let i = layouts.length - 1; i >= 0; i--) {
+        const LayoutComponent = layouts[i]?.default;
+        if (LayoutComponent) {
+          element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
+        }
       }
     }
-    
-    const _pathname = new URL(request.url).pathname;
-    const onRenderError = createRscOnErrorHandler(
-      request,
-      _pathname,
-      route?.pattern ?? _pathname,
-    );
+  }
+
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+
+  if (isRscRequest) {
     const rscStream = renderToReadableStream(element, { onError: onRenderError });
     // Do NOT clear context here — the RSC stream is consumed lazily by the client.
     // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
@@ -867,21 +899,8 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
     });
   }
-  // For HTML (full page load) responses, wrap with layouts only.
-  const _errParamsHtml = matchedParams ?? route?.params ?? {};
-  const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
-  for (let i = layouts.length - 1; i >= 0; i--) {
-    const LayoutComponent = layouts[i]?.default;
-    if (LayoutComponent) {
-      element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
-    }
-  }
-  const _pathname = new URL(request.url).pathname;
-  const onRenderError = createRscOnErrorHandler(
-    request,
-    _pathname,
-    route?.pattern ?? _pathname,
-  );
+
+  // HTML (full page load) response — render through RSC → SSR pipeline
   const rscStream = renderToReadableStream(element, { onError: onRenderError });
   // Collect font data from RSC environment so error pages include font styles
   const fontData = {
@@ -1200,7 +1219,14 @@ async function buildPageElement(route, params, opts, searchParams) {
   }
 
   // Wrap with global error boundary if app/global-error.tsx exists.
-  // This catches errors in the root layout itself.
+  // This must be present in both HTML and RSC paths so the component tree
+  // structure matches — otherwise React reconciliation on client-side navigation
+  // would see a mismatched tree and destroy/recreate the DOM.
+  //
+  // For RSC requests (client-side nav), this provides error recovery on the client.
+  // For HTML requests (initial page load), the ErrorBoundary catches during SSR
+  // but produces double <html>/<body> (root layout + global-error). The request
+  // handler detects this via the rscOnError flag and re-renders without layouts.
   
 
   return element;
@@ -1578,12 +1604,13 @@ function __isExternalUrl(url) {
 }
 
 /**
- * Maximum server-action request body size (1 MB).
- * Matches the Next.js default for serverActions.bodySizeLimit.
+ * Maximum server-action request body size.
+ * Configurable via experimental.serverActions.bodySizeLimit in next.config.
+ * Defaults to 1MB, matching the Next.js default.
  * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/serverActions#bodysizelimit
  * Prevents unbounded request body buffering.
  */
-var __MAX_ACTION_BODY_SIZE = 1 * 1024 * 1024;
+var __MAX_ACTION_BODY_SIZE = 1048576;
 
 /**
  * Read a request body as text with a size limit.
@@ -2560,8 +2587,18 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   // Mark end of compile phase: route matching, middleware, tree building are done.
   if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
 
-  // Render to RSC stream
-  const onRenderError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  // Render to RSC stream.
+  // Track non-navigation RSC errors so we can detect when the in-tree global
+  // ErrorBoundary catches during SSR (producing double <html>/<body>) and
+  // re-render with renderErrorBoundaryPage (which skips layouts for global-error).
+  let _rscErrorForRerender = null;
+  const _baseOnError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  const onRenderError = function(error, requestInfo, errorContext) {
+    if (!(error && typeof error === "object" && "digest" in error)) {
+      _rscErrorForRerender = error;
+    }
+    return _baseOnError(error, requestInfo, errorContext);
+  };
   const rscStream = renderToReadableStream(element, { onError: onRenderError });
 
   if (isRscRequest) {
@@ -2666,6 +2703,12 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     throw ssrErr;
   }
 
+  // If an RSC error was caught by the in-tree global ErrorBoundary during SSR,
+  // the HTML output has double <html>/<body> (root layout + global-error.tsx).
+  // Discard it and re-render using renderErrorBoundaryPage which skips layouts
+  // when the error falls through to global-error.tsx.
+  
+
   // Check for draftMode Set-Cookie header (from draftMode().enable()/disable())
   const draftCookie = getDraftModeCookieHeader();
 
@@ -3275,6 +3318,7 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
   // Resolve the error boundary component: leaf error.tsx first, then walk per-layout
   // errors from innermost to outermost (matching ancestor inheritance), then global-error.tsx.
   let ErrorComponent = route?.error?.default ?? null;
+  let _isGlobalError = false;
   if (!ErrorComponent && route?.errors) {
     for (let i = route.errors.length - 1; i >= 0; i--) {
       if (route.errors[i]?.default) {
@@ -3283,7 +3327,7 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       }
     }
   }
-  ErrorComponent = ErrorComponent;
+  
   if (!ErrorComponent) return null;
 
   const rawError = error instanceof Error ? error : new Error(String(error));
@@ -3298,32 +3342,51 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
   let element = createElement(ErrorComponent, {
     error: errorObj,
   });
-  const layouts = route?.layouts ?? rootLayouts;
-  if (isRscRequest) {
-    // For RSC requests (client-side navigation), wrap with the same component
-    // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
-    // This ensures React can reconcile the tree without destroying the DOM.
-    // Same rationale as renderHTTPAccessFallbackPage — see comment there.
-    const _errTreePositions = route?.layoutTreePositions;
-    const _errRouteSegs = route?.routeSegments || [];
-    const _errParams = matchedParams ?? route?.params ?? {};
-    const _asyncErrParams = makeThenableParams(_errParams);
-    for (let i = layouts.length - 1; i >= 0; i--) {
-      const LayoutComponent = layouts[i]?.default;
-      if (LayoutComponent) {
-        element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
-        const _etp = _errTreePositions ? _errTreePositions[i] : 0;
-        const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
-        element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+
+  // global-error.tsx provides its own <html> and <body> (it replaces the root
+  // layout). Skip layout wrapping when rendering it to avoid double <html> tags.
+  if (!_isGlobalError) {
+    const layouts = route?.layouts ?? rootLayouts;
+    if (isRscRequest) {
+      // For RSC requests (client-side navigation), wrap with the same component
+      // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
+      // This ensures React can reconcile the tree without destroying the DOM.
+      // Same rationale as renderHTTPAccessFallbackPage — see comment there.
+      const _errTreePositions = route?.layoutTreePositions;
+      const _errRouteSegs = route?.routeSegments || [];
+      const _errParams = matchedParams ?? route?.params ?? {};
+      const _asyncErrParams = makeThenableParams(_errParams);
+      for (let i = layouts.length - 1; i >= 0; i--) {
+        const LayoutComponent = layouts[i]?.default;
+        if (LayoutComponent) {
+          element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
+          const _etp = _errTreePositions ? _errTreePositions[i] : 0;
+          const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
+          element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+        }
+      }
+      
+    } else {
+      // For HTML (full page load) responses, wrap with layouts only.
+      const _errParamsHtml = matchedParams ?? route?.params ?? {};
+      const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
+      for (let i = layouts.length - 1; i >= 0; i--) {
+        const LayoutComponent = layouts[i]?.default;
+        if (LayoutComponent) {
+          element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
+        }
       }
     }
-    
-    const _pathname = new URL(request.url).pathname;
-    const onRenderError = createRscOnErrorHandler(
-      request,
-      _pathname,
-      route?.pattern ?? _pathname,
-    );
+  }
+
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+
+  if (isRscRequest) {
     const rscStream = renderToReadableStream(element, { onError: onRenderError });
     // Do NOT clear context here — the RSC stream is consumed lazily by the client.
     // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
@@ -3336,21 +3399,8 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
     });
   }
-  // For HTML (full page load) responses, wrap with layouts only.
-  const _errParamsHtml = matchedParams ?? route?.params ?? {};
-  const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
-  for (let i = layouts.length - 1; i >= 0; i--) {
-    const LayoutComponent = layouts[i]?.default;
-    if (LayoutComponent) {
-      element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
-    }
-  }
-  const _pathname = new URL(request.url).pathname;
-  const onRenderError = createRscOnErrorHandler(
-    request,
-    _pathname,
-    route?.pattern ?? _pathname,
-  );
+
+  // HTML (full page load) response — render through RSC → SSR pipeline
   const rscStream = renderToReadableStream(element, { onError: onRenderError });
   // Collect font data from RSC environment so error pages include font styles
   const fontData = {
@@ -3669,7 +3719,14 @@ async function buildPageElement(route, params, opts, searchParams) {
   }
 
   // Wrap with global error boundary if app/global-error.tsx exists.
-  // This catches errors in the root layout itself.
+  // This must be present in both HTML and RSC paths so the component tree
+  // structure matches — otherwise React reconciliation on client-side navigation
+  // would see a mismatched tree and destroy/recreate the DOM.
+  //
+  // For RSC requests (client-side nav), this provides error recovery on the client.
+  // For HTML requests (initial page load), the ErrorBoundary catches during SSR
+  // but produces double <html>/<body> (root layout + global-error). The request
+  // handler detects this via the rscOnError flag and re-renders without layouts.
   
 
   return element;
@@ -4047,12 +4104,13 @@ function __isExternalUrl(url) {
 }
 
 /**
- * Maximum server-action request body size (1 MB).
- * Matches the Next.js default for serverActions.bodySizeLimit.
+ * Maximum server-action request body size.
+ * Configurable via experimental.serverActions.bodySizeLimit in next.config.
+ * Defaults to 1MB, matching the Next.js default.
  * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/serverActions#bodysizelimit
  * Prevents unbounded request body buffering.
  */
-var __MAX_ACTION_BODY_SIZE = 1 * 1024 * 1024;
+var __MAX_ACTION_BODY_SIZE = 1048576;
 
 /**
  * Read a request body as text with a size limit.
@@ -5034,8 +5092,18 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   // Mark end of compile phase: route matching, middleware, tree building are done.
   if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
 
-  // Render to RSC stream
-  const onRenderError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  // Render to RSC stream.
+  // Track non-navigation RSC errors so we can detect when the in-tree global
+  // ErrorBoundary catches during SSR (producing double <html>/<body>) and
+  // re-render with renderErrorBoundaryPage (which skips layouts for global-error).
+  let _rscErrorForRerender = null;
+  const _baseOnError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  const onRenderError = function(error, requestInfo, errorContext) {
+    if (!(error && typeof error === "object" && "digest" in error)) {
+      _rscErrorForRerender = error;
+    }
+    return _baseOnError(error, requestInfo, errorContext);
+  };
   const rscStream = renderToReadableStream(element, { onError: onRenderError });
 
   if (isRscRequest) {
@@ -5140,6 +5208,12 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     throw ssrErr;
   }
 
+  // If an RSC error was caught by the in-tree global ErrorBoundary during SSR,
+  // the HTML output has double <html>/<body> (root layout + global-error.tsx).
+  // Discard it and re-render using renderErrorBoundaryPage which skips layouts
+  // when the error falls through to global-error.tsx.
+  
+
   // Check for draftMode Set-Cookie header (from draftMode().enable()/disable())
   const draftCookie = getDraftModeCookieHeader();
 
@@ -5758,6 +5832,7 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
   // Resolve the error boundary component: leaf error.tsx first, then walk per-layout
   // errors from innermost to outermost (matching ancestor inheritance), then global-error.tsx.
   let ErrorComponent = route?.error?.default ?? null;
+  let _isGlobalError = false;
   if (!ErrorComponent && route?.errors) {
     for (let i = route.errors.length - 1; i >= 0; i--) {
       if (route.errors[i]?.default) {
@@ -5766,7 +5841,12 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       }
     }
   }
-  ErrorComponent = ErrorComponent ?? mod_11?.default;
+  
+  if (!ErrorComponent) {
+    ErrorComponent = mod_11?.default ?? null;
+    _isGlobalError = !!ErrorComponent;
+  }
+  
   if (!ErrorComponent) return null;
 
   const rawError = error instanceof Error ? error : new Error(String(error));
@@ -5781,40 +5861,59 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
   let element = createElement(ErrorComponent, {
     error: errorObj,
   });
-  const layouts = route?.layouts ?? rootLayouts;
-  if (isRscRequest) {
-    // For RSC requests (client-side navigation), wrap with the same component
-    // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
-    // This ensures React can reconcile the tree without destroying the DOM.
-    // Same rationale as renderHTTPAccessFallbackPage — see comment there.
-    const _errTreePositions = route?.layoutTreePositions;
-    const _errRouteSegs = route?.routeSegments || [];
-    const _errParams = matchedParams ?? route?.params ?? {};
-    const _asyncErrParams = makeThenableParams(_errParams);
-    for (let i = layouts.length - 1; i >= 0; i--) {
-      const LayoutComponent = layouts[i]?.default;
-      if (LayoutComponent) {
-        element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
-        const _etp = _errTreePositions ? _errTreePositions[i] : 0;
-        const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
-        element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+
+  // global-error.tsx provides its own <html> and <body> (it replaces the root
+  // layout). Skip layout wrapping when rendering it to avoid double <html> tags.
+  if (!_isGlobalError) {
+    const layouts = route?.layouts ?? rootLayouts;
+    if (isRscRequest) {
+      // For RSC requests (client-side navigation), wrap with the same component
+      // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
+      // This ensures React can reconcile the tree without destroying the DOM.
+      // Same rationale as renderHTTPAccessFallbackPage — see comment there.
+      const _errTreePositions = route?.layoutTreePositions;
+      const _errRouteSegs = route?.routeSegments || [];
+      const _errParams = matchedParams ?? route?.params ?? {};
+      const _asyncErrParams = makeThenableParams(_errParams);
+      for (let i = layouts.length - 1; i >= 0; i--) {
+        const LayoutComponent = layouts[i]?.default;
+        if (LayoutComponent) {
+          element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
+          const _etp = _errTreePositions ? _errTreePositions[i] : 0;
+          const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
+          element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+        }
+      }
+      
+      const _ErrGlobalComponent = mod_11.default;
+      if (_ErrGlobalComponent) {
+        element = createElement(ErrorBoundary, {
+          fallback: _ErrGlobalComponent,
+          children: element,
+        });
+      }
+      
+    } else {
+      // For HTML (full page load) responses, wrap with layouts only.
+      const _errParamsHtml = matchedParams ?? route?.params ?? {};
+      const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
+      for (let i = layouts.length - 1; i >= 0; i--) {
+        const LayoutComponent = layouts[i]?.default;
+        if (LayoutComponent) {
+          element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
+        }
       }
     }
-    
-    const _ErrGlobalComponent = mod_11.default;
-    if (_ErrGlobalComponent) {
-      element = createElement(ErrorBoundary, {
-        fallback: _ErrGlobalComponent,
-        children: element,
-      });
-    }
-    
-    const _pathname = new URL(request.url).pathname;
-    const onRenderError = createRscOnErrorHandler(
-      request,
-      _pathname,
-      route?.pattern ?? _pathname,
-    );
+  }
+
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+
+  if (isRscRequest) {
     const rscStream = renderToReadableStream(element, { onError: onRenderError });
     // Do NOT clear context here — the RSC stream is consumed lazily by the client.
     // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
@@ -5827,21 +5926,8 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
     });
   }
-  // For HTML (full page load) responses, wrap with layouts only.
-  const _errParamsHtml = matchedParams ?? route?.params ?? {};
-  const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
-  for (let i = layouts.length - 1; i >= 0; i--) {
-    const LayoutComponent = layouts[i]?.default;
-    if (LayoutComponent) {
-      element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
-    }
-  }
-  const _pathname = new URL(request.url).pathname;
-  const onRenderError = createRscOnErrorHandler(
-    request,
-    _pathname,
-    route?.pattern ?? _pathname,
-  );
+
+  // HTML (full page load) response — render through RSC → SSR pipeline
   const rscStream = renderToReadableStream(element, { onError: onRenderError });
   // Collect font data from RSC environment so error pages include font styles
   const fontData = {
@@ -6160,7 +6246,14 @@ async function buildPageElement(route, params, opts, searchParams) {
   }
 
   // Wrap with global error boundary if app/global-error.tsx exists.
-  // This catches errors in the root layout itself.
+  // This must be present in both HTML and RSC paths so the component tree
+  // structure matches — otherwise React reconciliation on client-side navigation
+  // would see a mismatched tree and destroy/recreate the DOM.
+  //
+  // For RSC requests (client-side nav), this provides error recovery on the client.
+  // For HTML requests (initial page load), the ErrorBoundary catches during SSR
+  // but produces double <html>/<body> (root layout + global-error). The request
+  // handler detects this via the rscOnError flag and re-renders without layouts.
   
   const GlobalErrorComponent = mod_11.default;
   if (GlobalErrorComponent) {
@@ -6546,12 +6639,13 @@ function __isExternalUrl(url) {
 }
 
 /**
- * Maximum server-action request body size (1 MB).
- * Matches the Next.js default for serverActions.bodySizeLimit.
+ * Maximum server-action request body size.
+ * Configurable via experimental.serverActions.bodySizeLimit in next.config.
+ * Defaults to 1MB, matching the Next.js default.
  * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/serverActions#bodysizelimit
  * Prevents unbounded request body buffering.
  */
-var __MAX_ACTION_BODY_SIZE = 1 * 1024 * 1024;
+var __MAX_ACTION_BODY_SIZE = 1048576;
 
 /**
  * Read a request body as text with a size limit.
@@ -7528,8 +7622,18 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   // Mark end of compile phase: route matching, middleware, tree building are done.
   if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
 
-  // Render to RSC stream
-  const onRenderError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  // Render to RSC stream.
+  // Track non-navigation RSC errors so we can detect when the in-tree global
+  // ErrorBoundary catches during SSR (producing double <html>/<body>) and
+  // re-render with renderErrorBoundaryPage (which skips layouts for global-error).
+  let _rscErrorForRerender = null;
+  const _baseOnError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  const onRenderError = function(error, requestInfo, errorContext) {
+    if (!(error && typeof error === "object" && "digest" in error)) {
+      _rscErrorForRerender = error;
+    }
+    return _baseOnError(error, requestInfo, errorContext);
+  };
   const rscStream = renderToReadableStream(element, { onError: onRenderError });
 
   if (isRscRequest) {
@@ -7634,6 +7738,20 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     throw ssrErr;
   }
 
+  // If an RSC error was caught by the in-tree global ErrorBoundary during SSR,
+  // the HTML output has double <html>/<body> (root layout + global-error.tsx).
+  // Discard it and re-render using renderErrorBoundaryPage which skips layouts
+  // when the error falls through to global-error.tsx.
+  
+  if (_rscErrorForRerender && !isRscRequest) {
+    const _hasLocalBoundary = !!(route?.error?.default) || !!(route?.errors && route.errors.some(function(e) { return e?.default; }));
+    if (!_hasLocalBoundary) {
+      const cleanResp = await renderErrorBoundaryPage(route, _rscErrorForRerender, false, request, params);
+      if (cleanResp) return cleanResp;
+    }
+  }
+  
+
   // Check for draftMode Set-Cookie header (from draftMode().enable()/disable())
   const draftCookie = getDraftModeCookieHeader();
 
@@ -8258,6 +8376,7 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
   // Resolve the error boundary component: leaf error.tsx first, then walk per-layout
   // errors from innermost to outermost (matching ancestor inheritance), then global-error.tsx.
   let ErrorComponent = route?.error?.default ?? null;
+  let _isGlobalError = false;
   if (!ErrorComponent && route?.errors) {
     for (let i = route.errors.length - 1; i >= 0; i--) {
       if (route.errors[i]?.default) {
@@ -8266,7 +8385,7 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       }
     }
   }
-  ErrorComponent = ErrorComponent;
+  
   if (!ErrorComponent) return null;
 
   const rawError = error instanceof Error ? error : new Error(String(error));
@@ -8281,32 +8400,51 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
   let element = createElement(ErrorComponent, {
     error: errorObj,
   });
-  const layouts = route?.layouts ?? rootLayouts;
-  if (isRscRequest) {
-    // For RSC requests (client-side navigation), wrap with the same component
-    // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
-    // This ensures React can reconcile the tree without destroying the DOM.
-    // Same rationale as renderHTTPAccessFallbackPage — see comment there.
-    const _errTreePositions = route?.layoutTreePositions;
-    const _errRouteSegs = route?.routeSegments || [];
-    const _errParams = matchedParams ?? route?.params ?? {};
-    const _asyncErrParams = makeThenableParams(_errParams);
-    for (let i = layouts.length - 1; i >= 0; i--) {
-      const LayoutComponent = layouts[i]?.default;
-      if (LayoutComponent) {
-        element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
-        const _etp = _errTreePositions ? _errTreePositions[i] : 0;
-        const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
-        element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+
+  // global-error.tsx provides its own <html> and <body> (it replaces the root
+  // layout). Skip layout wrapping when rendering it to avoid double <html> tags.
+  if (!_isGlobalError) {
+    const layouts = route?.layouts ?? rootLayouts;
+    if (isRscRequest) {
+      // For RSC requests (client-side navigation), wrap with the same component
+      // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
+      // This ensures React can reconcile the tree without destroying the DOM.
+      // Same rationale as renderHTTPAccessFallbackPage — see comment there.
+      const _errTreePositions = route?.layoutTreePositions;
+      const _errRouteSegs = route?.routeSegments || [];
+      const _errParams = matchedParams ?? route?.params ?? {};
+      const _asyncErrParams = makeThenableParams(_errParams);
+      for (let i = layouts.length - 1; i >= 0; i--) {
+        const LayoutComponent = layouts[i]?.default;
+        if (LayoutComponent) {
+          element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
+          const _etp = _errTreePositions ? _errTreePositions[i] : 0;
+          const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
+          element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+        }
+      }
+      
+    } else {
+      // For HTML (full page load) responses, wrap with layouts only.
+      const _errParamsHtml = matchedParams ?? route?.params ?? {};
+      const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
+      for (let i = layouts.length - 1; i >= 0; i--) {
+        const LayoutComponent = layouts[i]?.default;
+        if (LayoutComponent) {
+          element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
+        }
       }
     }
-    
-    const _pathname = new URL(request.url).pathname;
-    const onRenderError = createRscOnErrorHandler(
-      request,
-      _pathname,
-      route?.pattern ?? _pathname,
-    );
+  }
+
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+
+  if (isRscRequest) {
     const rscStream = renderToReadableStream(element, { onError: onRenderError });
     // Do NOT clear context here — the RSC stream is consumed lazily by the client.
     // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
@@ -8319,21 +8457,8 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
     });
   }
-  // For HTML (full page load) responses, wrap with layouts only.
-  const _errParamsHtml = matchedParams ?? route?.params ?? {};
-  const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
-  for (let i = layouts.length - 1; i >= 0; i--) {
-    const LayoutComponent = layouts[i]?.default;
-    if (LayoutComponent) {
-      element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
-    }
-  }
-  const _pathname = new URL(request.url).pathname;
-  const onRenderError = createRscOnErrorHandler(
-    request,
-    _pathname,
-    route?.pattern ?? _pathname,
-  );
+
+  // HTML (full page load) response — render through RSC → SSR pipeline
   const rscStream = renderToReadableStream(element, { onError: onRenderError });
   // Collect font data from RSC environment so error pages include font styles
   const fontData = {
@@ -8652,7 +8777,14 @@ async function buildPageElement(route, params, opts, searchParams) {
   }
 
   // Wrap with global error boundary if app/global-error.tsx exists.
-  // This catches errors in the root layout itself.
+  // This must be present in both HTML and RSC paths so the component tree
+  // structure matches — otherwise React reconciliation on client-side navigation
+  // would see a mismatched tree and destroy/recreate the DOM.
+  //
+  // For RSC requests (client-side nav), this provides error recovery on the client.
+  // For HTML requests (initial page load), the ErrorBoundary catches during SSR
+  // but produces double <html>/<body> (root layout + global-error). The request
+  // handler detects this via the rscOnError flag and re-renders without layouts.
   
 
   return element;
@@ -9030,12 +9162,13 @@ function __isExternalUrl(url) {
 }
 
 /**
- * Maximum server-action request body size (1 MB).
- * Matches the Next.js default for serverActions.bodySizeLimit.
+ * Maximum server-action request body size.
+ * Configurable via experimental.serverActions.bodySizeLimit in next.config.
+ * Defaults to 1MB, matching the Next.js default.
  * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/serverActions#bodysizelimit
  * Prevents unbounded request body buffering.
  */
-var __MAX_ACTION_BODY_SIZE = 1 * 1024 * 1024;
+var __MAX_ACTION_BODY_SIZE = 1048576;
 
 /**
  * Read a request body as text with a size limit.
@@ -10012,8 +10145,18 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   // Mark end of compile phase: route matching, middleware, tree building are done.
   if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
 
-  // Render to RSC stream
-  const onRenderError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  // Render to RSC stream.
+  // Track non-navigation RSC errors so we can detect when the in-tree global
+  // ErrorBoundary catches during SSR (producing double <html>/<body>) and
+  // re-render with renderErrorBoundaryPage (which skips layouts for global-error).
+  let _rscErrorForRerender = null;
+  const _baseOnError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  const onRenderError = function(error, requestInfo, errorContext) {
+    if (!(error && typeof error === "object" && "digest" in error)) {
+      _rscErrorForRerender = error;
+    }
+    return _baseOnError(error, requestInfo, errorContext);
+  };
   const rscStream = renderToReadableStream(element, { onError: onRenderError });
 
   if (isRscRequest) {
@@ -10118,6 +10261,12 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     throw ssrErr;
   }
 
+  // If an RSC error was caught by the in-tree global ErrorBoundary during SSR,
+  // the HTML output has double <html>/<body> (root layout + global-error.tsx).
+  // Discard it and re-render using renderErrorBoundaryPage which skips layouts
+  // when the error falls through to global-error.tsx.
+  
+
   // Check for draftMode Set-Cookie header (from draftMode().enable()/disable())
   const draftCookie = getDraftModeCookieHeader();
 
@@ -10260,7 +10409,7 @@ import { LayoutSegmentProvider } from "vinext/layout-segment-context";
 import { MetadataHead, mergeMetadata, resolveModuleMetadata, ViewportHead, mergeViewport, resolveModuleViewport } from "vinext/metadata";
 
 
-import { sitemapToXml, robotsToText, manifestToJson } from "C:/Users/Yunus/Downloads/vinext/packages/vinext/src/server/metadata-routes.js";
+import { sitemapToXml, robotsToText, manifestToJson } from "<ROOT>/packages/vinext/src/server/metadata-routes.js";
 import { _consumeRequestScopedCacheLife, _runWithCacheState } from "next/cache";
 import { runWithFetchCache } from "vinext/fetch-cache";
 import { runWithPrivateCache as _runWithPrivateCache } from "vinext/cache-runtime";
@@ -10734,6 +10883,7 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
   // Resolve the error boundary component: leaf error.tsx first, then walk per-layout
   // errors from innermost to outermost (matching ancestor inheritance), then global-error.tsx.
   let ErrorComponent = route?.error?.default ?? null;
+  let _isGlobalError = false;
   if (!ErrorComponent && route?.errors) {
     for (let i = route.errors.length - 1; i >= 0; i--) {
       if (route.errors[i]?.default) {
@@ -10742,7 +10892,7 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       }
     }
   }
-  ErrorComponent = ErrorComponent;
+  
   if (!ErrorComponent) return null;
 
   const rawError = error instanceof Error ? error : new Error(String(error));
@@ -10757,32 +10907,51 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
   let element = createElement(ErrorComponent, {
     error: errorObj,
   });
-  const layouts = route?.layouts ?? rootLayouts;
-  if (isRscRequest) {
-    // For RSC requests (client-side navigation), wrap with the same component
-    // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
-    // This ensures React can reconcile the tree without destroying the DOM.
-    // Same rationale as renderHTTPAccessFallbackPage — see comment there.
-    const _errTreePositions = route?.layoutTreePositions;
-    const _errRouteSegs = route?.routeSegments || [];
-    const _errParams = matchedParams ?? route?.params ?? {};
-    const _asyncErrParams = makeThenableParams(_errParams);
-    for (let i = layouts.length - 1; i >= 0; i--) {
-      const LayoutComponent = layouts[i]?.default;
-      if (LayoutComponent) {
-        element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
-        const _etp = _errTreePositions ? _errTreePositions[i] : 0;
-        const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
-        element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+
+  // global-error.tsx provides its own <html> and <body> (it replaces the root
+  // layout). Skip layout wrapping when rendering it to avoid double <html> tags.
+  if (!_isGlobalError) {
+    const layouts = route?.layouts ?? rootLayouts;
+    if (isRscRequest) {
+      // For RSC requests (client-side navigation), wrap with the same component
+      // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
+      // This ensures React can reconcile the tree without destroying the DOM.
+      // Same rationale as renderHTTPAccessFallbackPage — see comment there.
+      const _errTreePositions = route?.layoutTreePositions;
+      const _errRouteSegs = route?.routeSegments || [];
+      const _errParams = matchedParams ?? route?.params ?? {};
+      const _asyncErrParams = makeThenableParams(_errParams);
+      for (let i = layouts.length - 1; i >= 0; i--) {
+        const LayoutComponent = layouts[i]?.default;
+        if (LayoutComponent) {
+          element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
+          const _etp = _errTreePositions ? _errTreePositions[i] : 0;
+          const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
+          element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+        }
+      }
+      
+    } else {
+      // For HTML (full page load) responses, wrap with layouts only.
+      const _errParamsHtml = matchedParams ?? route?.params ?? {};
+      const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
+      for (let i = layouts.length - 1; i >= 0; i--) {
+        const LayoutComponent = layouts[i]?.default;
+        if (LayoutComponent) {
+          element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
+        }
       }
     }
-    
-    const _pathname = new URL(request.url).pathname;
-    const onRenderError = createRscOnErrorHandler(
-      request,
-      _pathname,
-      route?.pattern ?? _pathname,
-    );
+  }
+
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+
+  if (isRscRequest) {
     const rscStream = renderToReadableStream(element, { onError: onRenderError });
     // Do NOT clear context here — the RSC stream is consumed lazily by the client.
     // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
@@ -10795,21 +10964,8 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
     });
   }
-  // For HTML (full page load) responses, wrap with layouts only.
-  const _errParamsHtml = matchedParams ?? route?.params ?? {};
-  const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
-  for (let i = layouts.length - 1; i >= 0; i--) {
-    const LayoutComponent = layouts[i]?.default;
-    if (LayoutComponent) {
-      element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
-    }
-  }
-  const _pathname = new URL(request.url).pathname;
-  const onRenderError = createRscOnErrorHandler(
-    request,
-    _pathname,
-    route?.pattern ?? _pathname,
-  );
+
+  // HTML (full page load) response — render through RSC → SSR pipeline
   const rscStream = renderToReadableStream(element, { onError: onRenderError });
   // Collect font data from RSC environment so error pages include font styles
   const fontData = {
@@ -11128,7 +11284,14 @@ async function buildPageElement(route, params, opts, searchParams) {
   }
 
   // Wrap with global error boundary if app/global-error.tsx exists.
-  // This catches errors in the root layout itself.
+  // This must be present in both HTML and RSC paths so the component tree
+  // structure matches — otherwise React reconciliation on client-side navigation
+  // would see a mismatched tree and destroy/recreate the DOM.
+  //
+  // For RSC requests (client-side nav), this provides error recovery on the client.
+  // For HTML requests (initial page load), the ErrorBoundary catches during SSR
+  // but produces double <html>/<body> (root layout + global-error). The request
+  // handler detects this via the rscOnError flag and re-renders without layouts.
   
 
   return element;
@@ -11506,12 +11669,13 @@ function __isExternalUrl(url) {
 }
 
 /**
- * Maximum server-action request body size (1 MB).
- * Matches the Next.js default for serverActions.bodySizeLimit.
+ * Maximum server-action request body size.
+ * Configurable via experimental.serverActions.bodySizeLimit in next.config.
+ * Defaults to 1MB, matching the Next.js default.
  * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/serverActions#bodysizelimit
  * Prevents unbounded request body buffering.
  */
-var __MAX_ACTION_BODY_SIZE = 1 * 1024 * 1024;
+var __MAX_ACTION_BODY_SIZE = 1048576;
 
 /**
  * Read a request body as text with a size limit.
@@ -12488,8 +12652,18 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   // Mark end of compile phase: route matching, middleware, tree building are done.
   if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
 
-  // Render to RSC stream
-  const onRenderError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  // Render to RSC stream.
+  // Track non-navigation RSC errors so we can detect when the in-tree global
+  // ErrorBoundary catches during SSR (producing double <html>/<body>) and
+  // re-render with renderErrorBoundaryPage (which skips layouts for global-error).
+  let _rscErrorForRerender = null;
+  const _baseOnError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  const onRenderError = function(error, requestInfo, errorContext) {
+    if (!(error && typeof error === "object" && "digest" in error)) {
+      _rscErrorForRerender = error;
+    }
+    return _baseOnError(error, requestInfo, errorContext);
+  };
   const rscStream = renderToReadableStream(element, { onError: onRenderError });
 
   if (isRscRequest) {
@@ -12594,6 +12768,12 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     throw ssrErr;
   }
 
+  // If an RSC error was caught by the in-tree global ErrorBoundary during SSR,
+  // the HTML output has double <html>/<body> (root layout + global-error.tsx).
+  // Discard it and re-render using renderErrorBoundaryPage which skips layouts
+  // when the error falls through to global-error.tsx.
+  
+
   // Check for draftMode Set-Cookie header (from draftMode().enable()/disable())
   const draftCookie = getDraftModeCookieHeader();
 
@@ -13203,6 +13383,7 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
   // Resolve the error boundary component: leaf error.tsx first, then walk per-layout
   // errors from innermost to outermost (matching ancestor inheritance), then global-error.tsx.
   let ErrorComponent = route?.error?.default ?? null;
+  let _isGlobalError = false;
   if (!ErrorComponent && route?.errors) {
     for (let i = route.errors.length - 1; i >= 0; i--) {
       if (route.errors[i]?.default) {
@@ -13211,7 +13392,7 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       }
     }
   }
-  ErrorComponent = ErrorComponent;
+  
   if (!ErrorComponent) return null;
 
   const rawError = error instanceof Error ? error : new Error(String(error));
@@ -13226,32 +13407,51 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
   let element = createElement(ErrorComponent, {
     error: errorObj,
   });
-  const layouts = route?.layouts ?? rootLayouts;
-  if (isRscRequest) {
-    // For RSC requests (client-side navigation), wrap with the same component
-    // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
-    // This ensures React can reconcile the tree without destroying the DOM.
-    // Same rationale as renderHTTPAccessFallbackPage — see comment there.
-    const _errTreePositions = route?.layoutTreePositions;
-    const _errRouteSegs = route?.routeSegments || [];
-    const _errParams = matchedParams ?? route?.params ?? {};
-    const _asyncErrParams = makeThenableParams(_errParams);
-    for (let i = layouts.length - 1; i >= 0; i--) {
-      const LayoutComponent = layouts[i]?.default;
-      if (LayoutComponent) {
-        element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
-        const _etp = _errTreePositions ? _errTreePositions[i] : 0;
-        const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
-        element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+
+  // global-error.tsx provides its own <html> and <body> (it replaces the root
+  // layout). Skip layout wrapping when rendering it to avoid double <html> tags.
+  if (!_isGlobalError) {
+    const layouts = route?.layouts ?? rootLayouts;
+    if (isRscRequest) {
+      // For RSC requests (client-side navigation), wrap with the same component
+      // wrappers that buildPageElement() uses (LayoutSegmentProvider, GlobalErrorBoundary).
+      // This ensures React can reconcile the tree without destroying the DOM.
+      // Same rationale as renderHTTPAccessFallbackPage — see comment there.
+      const _errTreePositions = route?.layoutTreePositions;
+      const _errRouteSegs = route?.routeSegments || [];
+      const _errParams = matchedParams ?? route?.params ?? {};
+      const _asyncErrParams = makeThenableParams(_errParams);
+      for (let i = layouts.length - 1; i >= 0; i--) {
+        const LayoutComponent = layouts[i]?.default;
+        if (LayoutComponent) {
+          element = createElement(LayoutComponent, { children: element, params: _asyncErrParams });
+          const _etp = _errTreePositions ? _errTreePositions[i] : 0;
+          const _ecs = __resolveChildSegments(_errRouteSegs, _etp, _errParams);
+          element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
+        }
+      }
+      
+    } else {
+      // For HTML (full page load) responses, wrap with layouts only.
+      const _errParamsHtml = matchedParams ?? route?.params ?? {};
+      const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
+      for (let i = layouts.length - 1; i >= 0; i--) {
+        const LayoutComponent = layouts[i]?.default;
+        if (LayoutComponent) {
+          element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
+        }
       }
     }
-    
-    const _pathname = new URL(request.url).pathname;
-    const onRenderError = createRscOnErrorHandler(
-      request,
-      _pathname,
-      route?.pattern ?? _pathname,
-    );
+  }
+
+  const _pathname = new URL(request.url).pathname;
+  const onRenderError = createRscOnErrorHandler(
+    request,
+    _pathname,
+    route?.pattern ?? _pathname,
+  );
+
+  if (isRscRequest) {
     const rscStream = renderToReadableStream(element, { onError: onRenderError });
     // Do NOT clear context here — the RSC stream is consumed lazily by the client.
     // Clearing context now would cause async server components (e.g. NextIntlClientProviderServer)
@@ -13264,21 +13464,8 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       headers: { "Content-Type": "text/x-component; charset=utf-8", "Vary": "RSC, Accept" },
     });
   }
-  // For HTML (full page load) responses, wrap with layouts only.
-  const _errParamsHtml = matchedParams ?? route?.params ?? {};
-  const _asyncErrParamsHtml = makeThenableParams(_errParamsHtml);
-  for (let i = layouts.length - 1; i >= 0; i--) {
-    const LayoutComponent = layouts[i]?.default;
-    if (LayoutComponent) {
-      element = createElement(LayoutComponent, { children: element, params: _asyncErrParamsHtml });
-    }
-  }
-  const _pathname = new URL(request.url).pathname;
-  const onRenderError = createRscOnErrorHandler(
-    request,
-    _pathname,
-    route?.pattern ?? _pathname,
-  );
+
+  // HTML (full page load) response — render through RSC → SSR pipeline
   const rscStream = renderToReadableStream(element, { onError: onRenderError });
   // Collect font data from RSC environment so error pages include font styles
   const fontData = {
@@ -13597,7 +13784,14 @@ async function buildPageElement(route, params, opts, searchParams) {
   }
 
   // Wrap with global error boundary if app/global-error.tsx exists.
-  // This catches errors in the root layout itself.
+  // This must be present in both HTML and RSC paths so the component tree
+  // structure matches — otherwise React reconciliation on client-side navigation
+  // would see a mismatched tree and destroy/recreate the DOM.
+  //
+  // For RSC requests (client-side nav), this provides error recovery on the client.
+  // For HTML requests (initial page load), the ErrorBoundary catches during SSR
+  // but produces double <html>/<body> (root layout + global-error). The request
+  // handler detects this via the rscOnError flag and re-renders without layouts.
   
 
   return element;
@@ -14013,12 +14207,13 @@ function __isExternalUrl(url) {
 }
 
 /**
- * Maximum server-action request body size (1 MB).
- * Matches the Next.js default for serverActions.bodySizeLimit.
+ * Maximum server-action request body size.
+ * Configurable via experimental.serverActions.bodySizeLimit in next.config.
+ * Defaults to 1MB, matching the Next.js default.
  * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/serverActions#bodysizelimit
  * Prevents unbounded request body buffering.
  */
-var __MAX_ACTION_BODY_SIZE = 1 * 1024 * 1024;
+var __MAX_ACTION_BODY_SIZE = 1048576;
 
 /**
  * Read a request body as text with a size limit.
@@ -15081,8 +15276,18 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   // Mark end of compile phase: route matching, middleware, tree building are done.
   if (process.env.NODE_ENV !== "production") __compileEnd = performance.now();
 
-  // Render to RSC stream
-  const onRenderError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  // Render to RSC stream.
+  // Track non-navigation RSC errors so we can detect when the in-tree global
+  // ErrorBoundary catches during SSR (producing double <html>/<body>) and
+  // re-render with renderErrorBoundaryPage (which skips layouts for global-error).
+  let _rscErrorForRerender = null;
+  const _baseOnError = createRscOnErrorHandler(request, cleanPathname, route.pattern);
+  const onRenderError = function(error, requestInfo, errorContext) {
+    if (!(error && typeof error === "object" && "digest" in error)) {
+      _rscErrorForRerender = error;
+    }
+    return _baseOnError(error, requestInfo, errorContext);
+  };
   const rscStream = renderToReadableStream(element, { onError: onRenderError });
 
   if (isRscRequest) {
@@ -15187,6 +15392,12 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     throw ssrErr;
   }
 
+  // If an RSC error was caught by the in-tree global ErrorBoundary during SSR,
+  // the HTML output has double <html>/<body> (root layout + global-error.tsx).
+  // Discard it and re-render using renderErrorBoundaryPage which skips layouts
+  // when the error falls through to global-error.tsx.
+  
+
   // Check for draftMode Set-Cookie header (from draftMode().enable()/disable())
   const draftCookie = getDraftModeCookieHeader();
 
@@ -15606,7 +15817,16 @@ export async function handleSsr(rscStream, navContext, fontData) {
     // Params are embedded eagerly in <head> so they're available before client
     // hydration starts, avoiding the need for polling on the client.
     const paramsScript = '<script>self.__VINEXT_RSC_PARAMS__=' + safeJsonStringify(navContext?.params || {}) + '</script>';
-    const injectHTML = paramsScript + modulePreloadHTML + insertedHTML + fontHTML;
+    // Embed the initial navigation context (pathname + searchParams) so the
+    // browser useSyncExternalStore getServerSnapshot can return the correct
+    // value during hydration. Without this, getServerSnapshot returns "/" and
+    // React detects a mismatch against the SSR-rendered HTML.
+     // Serialise searchParams as an array of [key, value] pairs to preserve
+     // duplicate keys (e.g. ?tag=a&tag=b). Object.fromEntries() would keep
+     // only the last value, causing a hydration mismatch for multi-value params.
+     const __navPayload = { pathname: navContext?.pathname ?? '/', searchParams: navContext?.searchParams ? [...navContext.searchParams.entries()] : [] };
+    const navScript = '<script>self.__VINEXT_RSC_NAV__=' + safeJsonStringify(__navPayload) + '</script>';
+    const injectHTML = paramsScript + navScript + modulePreloadHTML + insertedHTML + fontHTML;
 
     // Inject the collected HTML before </head> and progressively embed RSC
     // chunks as script tags throughout the HTML body stream.
diff --git a/tests/entry-templates.test.ts b/tests/entry-templates.test.ts
index d1c4c98e..321c62e3 100644
--- a/tests/entry-templates.test.ts
+++ b/tests/entry-templates.test.ts
@@ -134,7 +134,7 @@ describe("App Router entry templates", () => {
       "",    // no basePath
       false, // no trailingSlash
     );
-    expect(code).toMatchSnapshot();
+    expect(stabilize(code)).toMatchSnapshot();
   });
 
   it("generateRscEntry snapshot (with middleware)", () => {
@@ -147,7 +147,7 @@ describe("App Router entry templates", () => {
       "",
       false,
     );
-    expect(code).toMatchSnapshot();
+    expect(stabilize(code)).toMatchSnapshot();
   });
 
   it("generateRscEntry snapshot (with instrumentation)", () => {
@@ -162,7 +162,7 @@ describe("App Router entry templates", () => {
       undefined,
       "/tmp/test/instrumentation.ts",
     );
-    expect(code).toMatchSnapshot();
+    expect(stabilize(code)).toMatchSnapshot();
   });
 
   it("generateRscEntry snapshot (with global error)", () => {
@@ -175,7 +175,7 @@ describe("App Router entry templates", () => {
       "",
       false,
     );
-    expect(code).toMatchSnapshot();
+    expect(stabilize(code)).toMatchSnapshot();
   });
 
   it("generateRscEntry snapshot (with config)", () => {
@@ -209,7 +209,7 @@ describe("App Router entry templates", () => {
       true,
       config,
     );
-    expect(code).toMatchSnapshot();
+    expect(stabilize(code)).toMatchSnapshot();
   });
 
   it("generateRscEntry snapshot (with metadata routes)", () => {
@@ -231,17 +231,17 @@ describe("App Router entry templates", () => {
       "",
       false,
     );
-    expect(code).toMatchSnapshot();
+    expect(stabilize(code)).toMatchSnapshot();
   });
 
   it("generateSsrEntry snapshot", () => {
     const code = generateSsrEntry();
-    expect(code).toMatchSnapshot();
+    expect(stabilize(code)).toMatchSnapshot();
   });
 
   it("generateBrowserEntry snapshot", () => {
     const code = generateBrowserEntry();
-    expect(code).toMatchSnapshot();
+    expect(stabilize(code)).toMatchSnapshot();
   });
 });