react-servercommit84abefcfbbb1

feat: backpressure (#408)

Hardens react-server start for production deployment behind a load balancer or a k8s/Docker orchestrator. The Node HTTP server now ships with sensible slow-loris and idle-connection timeouts, signals propagate correctly through the cluster master, workers drain in-flight requests on SIGTERM instead of dropping them, and a crash-loop guard prevents fork-bombing the host on a deterministic boot failure. A new readiness endpoint reports worker liveness so external probes can route around a dead worker before the kernel reaps the socket.

The headline addition is an adaptive admission controller built on performance.eventLoopUtilization() with an AIMD update loop. Under load it expands the in-flight limit while ELU stays below target and contracts multiplicatively when the loop saturates, holding tail latency well below the unbounded baseline. Admission is FIFO across the wait queue so requests don't starve, and a fast-path release skips the EWMA bookkeeping on the hot path. Backpressure is opt-in by default and auto-enables only under react-server start cluster mode — the feature is meaningful on Node, not on edge or serverless, and the import chain is gated accordingly. Both REACT_SERVER_BACKPRESSURE and a backpressure.enabled config key override the default in either direction.

The static-asset handler was rewritten to use async stat() with in-flight coalescing, a bounded pending map, and a bounded miss set, so a flood of unique paths can't blow the libuv thread pool or the heap. Hit/miss decisions stay synchronous in the steady state via a microtask-elision pattern that avoids a Promise.resolve round-trip on every request.

While exercising the HTTPS path under HTTP/2, two pre-existing bugs surfaced and were fixed in the same branch since the HTTPS surface is on the critical path. Building a WHATWG Request from req.headers under Node's HTTP/2 compat layer threw TypeError: Key Symbol(sensitiveHeaders) ... cannot be converted to a ByteString because Node tags headers with an internal symbol and adds :method/:path/:authority/:scheme pseudo-headers; the middleware now copies only string keys that don't begin with :. Separately, HTTP/1.1's keepAliveTimeout/headersTimeout/requestTimeout don't apply to HTTP/2 sessions, so an HTTP/2 slow-loris would have hung the worker indefinitely; a session-level setTimeout closes the gap. A related discovery — Node's default 30s connectionsCheckingInterval silently masks the configured timeouts — is fixed by passing a 5s interval to createServer() and exposing it as a config option.

The runtime had no defenses against partial requests, no graceful shutdown story under k8s (the master is PID 1; the OS doesn't propagate signals to workers), no concurrency ceiling under burst load, and no way for an orchestrator to learn that a worker had died before the listener socket closed. Each gap was independently capable of producing dropped requests, runaway latency, or a thundering crash-loop in production. This branch closes all of them and lays the groundwork for the load-shedding behavior that the upcoming docs page describes.

Author: Viktor Lázár <lazarv1982@gmail.com>
Date: 2026-04-28T15:18:30+02:00
Commit: 84abefcfbbb163d8d1391d5ef5a5af3f2dc8838f
Parent: 4d5d2b7009c0

26 files changed+2055 -125

M.oxfmtrc.json+2 -1
M.oxlintrc.json+2 -1
Mdocs/src/pages/en/(pages)/deploy/docker.mdx+38 -0
Mdocs/src/pages/en/(pages)/features/cluster.mdx+2 -0
Adocs/src/pages/en/(pages)/features/http-layer.mdx+161 -0
Mdocs/src/pages/en/(pages)/features/http.mdx+17 -1
Mdocs/src/pages/ja/(pages)/deploy/docker.mdx+38 -0
Mdocs/src/pages/ja/(pages)/features/cluster.mdx+2 -0
Adocs/src/pages/ja/(pages)/features/http-layer.mdx+161 -0
Mdocs/src/pages/ja/(pages)/features/http.mdx+115 -1
Mexamples/benchmark/bench.mjs+54 -12
Aexamples/benchmark/pages/(rsc)/cpu.jsx+12 -0
Aexamples/benchmark/pages/(rsc)/slow.jsx+6 -0
Aexamples/benchmark/pages/(rsc)/throw.jsx+14 -0
Aexamples/benchmark/react-server.runtime.config.mjs+3 -0
Mpackages/react-server/adapters/docker/server/index.mjs+39 -5
Mpackages/react-server/config/schema.d.ts+159 -0
Mpackages/react-server/config/schema.json+93 -0
Mpackages/react-server/config/schema.mjs+113 -0
Mpackages/react-server/config/validate.mjs+39 -0
Mpackages/react-server/devtools/devtools.css+100 -49
Mpackages/react-server/lib/handlers/static.mjs+92 -31
Mpackages/react-server/lib/http/middleware.mjs+38 -2
Mpackages/react-server/lib/start/action.mjs+127 -17
Apackages/react-server/lib/start/adaptive-limiter.mjs+331 -0
Mpackages/react-server/lib/start/create-server.mjs+297 -5

M.oxfmtrc.json+2 -1

@@ -14,6 +14,7 @@

14	14		`"*/.mdx",`
15	15		`"*/.md",`
16	16		`"-lock.",`
17		-	`"*.lock"`
	17	+	`"*.lock",`
	18	+	`".*-cache"`
18	19		`]`
19	20		`}`

M.oxlintrc.json+2 -1

@@ -65,7 +65,8 @@

65	65		`"*.mdx",`
66	66		`"*.md",`
67	67		`"*.json",`
68		-	`"-lock."`
	68	+	`"-lock.",`
	69	+	`".*-cache"`
69	70		`],`
70	71		`"overrides": [`
71	72		`{`

Mdocs/src/pages/en/(pages)/deploy/docker.mdx+38 -0

Mdocs/src/pages/en/(pages)/features/cluster.mdx+2 -0

@@ -37,4 +37,6 @@You can also enable cluster mode by setting the `cluster` option in your `react-

37	37		`}`
38	38		```
39	39
	40	+	In cluster mode, if a worker process dies unexpectedly, it is automatically restarted. During graceful shutdown (`SIGTERM`/`SIGINT`), the primary process waits for all workers to drain their connections before exiting. See the [HTTP layer](/features/http-layer) page for tuning `shutdownTimeout` and other production server options.
	41	+
40	42		`> Note: It's best to not use more cluster workers than the number of CPU cores available on your machine.`

Adocs/src/pages/en/(pages)/features/http-layer.mdx+161 -0

Mdocs/src/pages/en/(pages)/features/http.mdx+17 -1

@@ -472,7 +472,23 @@export default function MyComponent() {

472	472		`}`
473	473		```
474	474
475		-	The `after()` hook can be called multiple times to register multiple callbacks. All registered callbacks run concurrently via `Promise.allSettled` after the response stream completes, so one failing callback does not prevent the others from running.
	475	+	The `after()` hook can be called multiple times to register multiple callbacks. All registered callbacks run concurrently via `Promise.allSettled` after the response stream completes, so one failing callback does not prevent the others from running. If the request failed with an error, the error is passed to each callback as the first argument:
	476	+
	477	+	```jsx
	478	+	`import { after, logger } from "@lazarv/react-server";`
	479	+
	480	+	`export default function MyComponent() {`
	481	+	`after((error) => {`
	482	+	`if (error) {`
	483	+	`logger.error("Request failed:", error.message);`
	484	+	`} else {`
	485	+	`logger.info("Request completed successfully");`
	486	+	`}`
	487	+	`});`
	488	+
	489	+	`return <p>Hello World</p>;`
	490	+	`}`
	491	+	```
476	492
477	493		```jsx
478	494		`import { after } from "@lazarv/react-server";`

Mdocs/src/pages/ja/(pages)/deploy/docker.mdx+38 -0

Mdocs/src/pages/ja/(pages)/features/cluster.mdx+2 -0

@@ -37,4 +37,6 @@REACT_SERVER_CLUSTER="on" pnpm react-server start

37	37		`}`
38	38		```
39	39
	40	+	クラスタモードでは、ワーカープロセスが予期せず終了した場合、自動的に再起動されます。グレースフルシャットダウン（`SIGTERM`/`SIGINT`）時には、プライマリプロセスはすべてのワーカーがコネクションをドレインするまで待機してから終了します。`shutdownTimeout`やその他のプロダクションサーバーオプションの調整については、[HTTPレイヤー](/ja/features/http-layer)ページを参照してください。
	41	+
40	42		`> Note: マシンで使用可能なCPUコア数よりも多くのクラスタワーカーを使用しない方がよいでしょう。`

Adocs/src/pages/ja/(pages)/features/http-layer.mdx+161 -0

Mdocs/src/pages/ja/(pages)/features/http.mdx+115 -1

Mexamples/benchmark/bench.mjs+54 -12

@@ -3,12 +3,13 @@

3	3		`*`
4	4		`* Usage:`
5	5		`* 1. pnpm --filter @lazarv/react-server-example-benchmark build`
6		-	`* 2. node bench.mjs [--save <label>] [--compare <file>] [--cluster <n>]`
	6	+	`* 2. node bench.mjs [--save <label>] [--compare <file>] [--cluster <n>] [--only <names>]`
7	7		`*`
8	8		`* Options:`
9	9		`* --save <label> Save results to results-<label>.json`
10	10		`* --compare <file> Compare against a previous results JSON file`
11	11		`* --cluster <n> Run in cluster mode with n workers (uses react-server start)`
	12	+	`* --only <names> Run only specific benchmarks (comma-separated, e.g. --only 404-miss,cached)`
12	13		`*`
13	14		`* Runs autocannon against each benchmark route and prints a summary table.`
14	15		`*/`

Aexamples/benchmark/pages/(rsc)/cpu.jsx+12 -0

@@ -0,0 +1,12 @@

1	+	`// Test fixture: a CPU-bound route that saturates the event loop.`
2	+	`// Used to verify adaptive limiter shrinks the limit when ELU is high.`
3	+	`function burn(ms) {`
4	+	`const end = Date.now() + ms;`
5	+	`// eslint-disable-next-line no-empty`
6	+	`while (Date.now() < end) {}`
7	+	`}`
8	+
9	+	`export default function Cpu() {`
10	+	`burn(20); // ~20ms of synchronous CPU per request`
11	+	`return <div>cpu ok</div>;`
12	+	`}`

Aexamples/benchmark/pages/(rsc)/slow.jsx+6 -0

@@ -0,0 +1,6 @@

1	+	`// Test fixture: a route that takes ~2s to respond.`
2	+	`// Used to verify graceful shutdown drains in-flight requests.`
3	+	`export default async function Slow() {`
4	+	`await new Promise((r) => setTimeout(r, 2000));`
5	+	`return <div>slow ok</div>;`
6	+	`}`

Aexamples/benchmark/pages/(rsc)/throw.jsx+14 -0

@@ -0,0 +1,14 @@

1	+	`// Test fixture: a route that throws synchronously during render.`
2	+	`// Used to verify afterHooks still fire on the error path with context.`
3	+	`import { after } from "@lazarv/react-server/server";`
4	+
5	+	`export default function Throw() {`
6	+	`// Register an afterHook that logs to stderr. If the error path doesn't run`
7	+	`// hooks correctly (or doesn't restore ContextStorage), we won't see the log.`
8	+	`after((err) => {`
9	+	`process.stderr.write(`
10	+	`[afterHook] fired with err=${err ? err.message : "(none)"}\n`
11	+	`);`
12	+	`});`
13	+	`throw new Error("intentional throw for afterHook test");`
14	+	`}`

Aexamples/benchmark/react-server.runtime.config.mjs+3 -0

@@ -0,0 +1,3 @@

1	+	`export default {`
2	+	`root: "pages",`
3	+	`};`

Mpackages/react-server/adapters/docker/server/index.mjs+39 -5

Mpackages/react-server/config/schema.d.ts+159 -0

Mpackages/react-server/config/schema.json+93 -0

Mpackages/react-server/config/schema.mjs+113 -0

Mpackages/react-server/config/validate.mjs+39 -0

Mpackages/react-server/devtools/devtools.css+100 -49

@@ -1,5 +1,6 @@

1	1		`/* ── Reset ── */`
2		-	`html, body {`
	2	+	`html,`
	3	+	`body {`
3	4		`margin: 0;`
4	5		`padding: 0;`
5	6		`height: 100%;`

@@ -61,7 +62,8 @@html, body {

61	62		`display: flex;`
62	63		`flex-direction: column;`
63	64		`height: 100vh;`
64		-	`font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;`
	65	+	`font-family:`
	66	+	`-apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;`
65	67		`font-size: 13px;`
66	68		`color: var(--dt-fg);`
67	69		`background: var(--dt-bg);`

@@ -87,7 +89,9 @@html, body {

87	89		`border-bottom: 2px solid transparent;`
88	90		`cursor: pointer;`
89	91		`white-space: nowrap;`
90		-	`transition: color 0.15s, border-color 0.15s;`
	92	+	`transition:`
	93	+	`color 0.15s,`
	94	+	`border-color 0.15s;`
91	95		`}`
92	96
93	97		`.dt-tab:hover {`

Mpackages/react-server/lib/handlers/static.mjs+92 -31

@@ -1,4 +1,4 @@

1		-	`import { statSync } from "node:fs";`
	1	+	`import { stat } from "node:fs/promises";`
2	2		`import { open } from "node:fs/promises";`
3	3		`import { join } from "node:path";`
4	4		`import { pathToFileURL } from "node:url";`

@@ -61,11 +106,13 @@export default async function staticHandler(dir, options = {}) {

61	106
62	107		`// Resolve the file: try the path directly, then as /index.html`
63	108		`let basename;`
64		-	`if (exists(pathname)) {`
	109	+	`let r = exists(pathname);`
	110	+	`if (settled(r) ?? (await r)) {`
65	111		`basename = pathname;`
66	112		`} else {`
67	113		const indexPath = `${pathname}/index.html`.replace(/^\/+/g, "/");
68		-	`if (exists(indexPath)) {`
	114	+	`r = exists(indexPath);`
	115	+	`if (settled(r) ?? (await r)) {`
69	116		`basename = indexPath;`
70	117		`} else {`
71	118		`// Neither the path nor its index.html exist in this handler's directory.`

Mpackages/react-server/lib/http/middleware.mjs+38 -2

@@ -76,9 +76,24 @@export function createMiddleware(handler, options = {}) {

76	76		`? xfFor.split(/[,]/)[0].trim()`
77	77		`: req.socket?.remoteAddress;`
78	78		const fullUrl = `${protocol}://${host}${req.url}`;
	79	+	`// Sanitize headers for the WHATWG Request constructor.`
	80	+	// Under Node's HTTP/2 compat layer, `req.headers` contains:
	81	+	// - `Symbol(sensitiveHeaders)` — Node's internal sensitive-header
	82	+	// tracking; webidl's `record<ByteString, ByteString>` chokes on
	83	+	`// symbol keys with a TypeError before the constructor can fall`
	84	+	`// back to anything sensible.`
	85	+	// - HTTP/2 pseudo-headers (`:method`, `:path`, `:authority`,
	86	+	// `:scheme`) which WHATWG Headers reject as forbidden header names.
	87	+	`// Both have to be stripped explicitly. We build a plain string-keyed`
	88	+	// record so `req.headers` itself is left untouched (other code paths,
	89	+	`// logging, observability all still see the raw shape).`
	90	+	`const fetchHeaders = {};`
	91	+	`for (const k of Object.keys(headersObj)) {`
	92	+	`if (k[0] !== ":") fetchHeaders[k] = headersObj[k];`
	93	+	`}`
79	94		`const requestInit = {`
80	95		`method: req.method,`
81		-	`headers: headersObj,`
	96	+	`headers: fetchHeaders,`
82	97		`};`
83	98		`if (!(req.method === "GET" \|\| req.method === "HEAD")) {`
84	99		`if (isDeno) {`

Mpackages/react-server/lib/start/action.mjs+127 -17

@@ -96,21 +210,17 @@export default async function start(root, options) {

96	210		`(process.env.REACT_SERVER_CLUSTER \|\| configRoot?.cluster) &&`
97	211		`cluster.isPrimary`
98	212		`) {`
99		-	`primary(numCPUs);`
	213	+	`primary(numCPUs, configRoot);`
100	214		`} else {`
101		-	`process.on("SIGINT", () => {`
102		-	`process.exit(0);`
103		-	`});`
104		-	`process.on("SIGTERM", () => {`
105		-	`process.exit(0);`
106		-	`});`
107	215		`process.on("unhandledRejection", (reason) => {`
108	216		`const logger = getRuntime(LOGGER_CONTEXT);`
109	217		`(logger ?? console).error(reason);`
110	218		`process.exit(1);`
111	219		`});`
112	220
113		-	`worker(root, options, config);`
	221	+	`// Graceful shutdown signals are handled inside worker() after`
	222	+	`// the server starts listening, so they can properly drain connections.`
	223	+	`await worker(root, options, config);`
114	224		`}`
115	225		`} catch (error) {`
116	226		`console.error(error);`

Apackages/react-server/lib/start/adaptive-limiter.mjs+331 -0

@@ -0,0 +1,331 @@

Mpackages/react-server/lib/start/create-server.mjs+297 -5

@@ -1,4 +1,5 @@

1	1		`import { existsSync } from "node:fs";`
	2	+	`import { performance } from "node:perf_hooks";`
2	3		`import { join } from "node:path";`
3	4
4	5		`import {`

@@ -19,6 +20,7 @@import {

19	20		`EXEC_OPTIONS,`
20	21		`HTTP_CONTEXT,`
21	22		`LIVE_IO,`
	23	+	`LOGGER_CONTEXT,`
22	24		`MEMORY_CACHE_CONTEXT,`
23	25		`WORKER_THREAD,`
24	26		`} from "../../server/symbols.mjs";`

@@ -33,6 +35,7 @@import staticHandler from "../handlers/static.mjs";

33	35		`import trailingSlashHandler from "../handlers/trailing-slash.mjs";`
34	36		`import * as sys from "../sys.mjs";`
35	37		`import { getServerCors } from "../utils/server-config.mjs";`
	38	+	`import { createAdaptiveLimiter } from "./adaptive-limiter.mjs";`
36	39		`import { createRenderer, hasRenderer } from "./render-dom.mjs";`
37	40		`import ssrHandler from "./ssr-handler.mjs";`
38	41

Mpackages/react-server/lib/start/create-server.mjs+297 -5

@@ -1,4 +1,5 @@

1	1		`import { existsSync } from "node:fs";`
	2	+	`import { performance } from "node:perf_hooks";`
2	3		`import { join } from "node:path";`
3	4
4	5		`import {`

@@ -19,6 +20,7 @@import {

19	20		`EXEC_OPTIONS,`
20	21		`HTTP_CONTEXT,`
21	22		`LIVE_IO,`
	23	+	`LOGGER_CONTEXT,`
22	24		`MEMORY_CACHE_CONTEXT,`
23	25		`WORKER_THREAD,`
24	26		`} from "../../server/symbols.mjs";`

@@ -33,6 +35,7 @@import staticHandler from "../handlers/static.mjs";

33	35		`import trailingSlashHandler from "../handlers/trailing-slash.mjs";`
34	36		`import * as sys from "../sys.mjs";`
35	37		`import { getServerCors } from "../utils/server-config.mjs";`
	38	+	`import { createAdaptiveLimiter } from "./adaptive-limiter.mjs";`
36	39		`import { createRenderer, hasRenderer } from "./render-dom.mjs";`
37	40		`import ssrHandler from "./ssr-handler.mjs";`
38	41

@@ -56,6 +59,22 @@export default async function createServer(root, options) {

56	59		`}`
57	60		`runtime$(WORKER_THREAD, worker);`
58	61
	62	+	`// ── Worker liveness tracking ──`
	63	+	// Node `Worker.exitCode` is unreliable for our use: it's `undefined` while
	64	+	// alive AND remains `undefined` after `terminate()` resolves (verified
	65	+	`// empirically on Node 24.15). The 'exit' event is the only reliable signal.`
	66	+	`// Attaching a listener is also safe for the in-process renderer (where`
	67	+	// `worker` is a custom EventEmitter port that never emits 'exit'); the
	68	+	// listener registers but never fires, so `workerAlive` stays true — which
	69	+	`// is correct, because if the in-process renderer dies the whole server`
	70	+	`// process dies and this readiness handler is unreachable anyway.`
	71	+	`let workerAlive = true;`
	72	+	`if (typeof worker?.on === "function") {`
	73	+	`worker.on("exit", () => {`
	74	+	`workerAlive = false;`
	75	+	`});`
	76	+	`}`
	77	+
59	78		`const config = getRuntime(CONFIG_CONTEXT)?.[CONFIG_ROOT] ?? {};`
60	79
61	80		`// ── Telemetry: initialize OpenTelemetry SDK ──`

@@ -71,6 +90,70 @@export default async function createServer(root, options) {

71	90		`},`
72	91		`});`
73	92
	93	+	`// ── Server timeouts (configurable, with safe defaults for load-balanced environments) ──`
	94	+	`const keepAliveTimeout = config.server?.keepAliveTimeout ?? 65_000;`
	95	+	`const headersTimeout = config.server?.headersTimeout ?? 66_000;`
	96	+	`const requestTimeout = config.server?.requestTimeout ?? 30_000;`
	97	+	`const maxConcurrentRequests = config.server?.maxConcurrentRequests ?? 0;`
	98	+
	99	+	`// ── Adaptive backpressure (ELU-based AIMD) ──`
	100	+	// This feature is Node.js-only — it relies on `performance.eventLoopUtilization()`
	101	+	`// and a long-lived event loop. It does not load on edge runtimes`
	102	+	`// (Cloudflare Workers, Vercel Edge, Deno Deploy) or in serverless invocations`
	103	+	// (Lambda, Vercel Functions); those code paths go through `build/edge.mjs`
	104	+	`// and never reach this file.`
	105	+	`//`
	106	+	`// Including the admission-control middleware in the chain costs ~10μs/request`
	107	+	`// (an extra async function frame in the compose chain plus the acquire/release`
	108	+	`// calls), which we measured as ~4–7% on hot routes in cluster mode. So we`
	109	+	`// only enable it where overload protection is meaningful AND where the cost`
	110	+	`// is justified.`
	111	+	`//`
	112	+	`// Resolution (highest priority first):`
	113	+	// 1. `REACT_SERVER_BACKPRESSURE` env var — `1`/`true` enables, `0`/`false`
	114	+	`// disables. Set per-deployment in Docker/k8s without touching config.`
	115	+	// 2. `server.backpressure.enabled` in config — explicit boolean wins over
	116	+	`// the cluster default.`
	117	+	`// 3. Cluster mode default — when running under cluster (env var set or`
	118	+	// `cluster` config > 1), backpressure is on by default. Cluster mode
	119	+	`// is unambiguously a production deployment signal.`
	120	+	// 4. Otherwise (single-process `start`, dev): off.
	121	+	`const backpressureConfig = config.server?.backpressure;`
	122	+	`const isClusterMode =`
	123	+	`!!sys.getEnv("REACT_SERVER_CLUSTER") \|\| Number(config.cluster) > 1;`
	124	+	`const envBackpressure = sys.getEnv("REACT_SERVER_BACKPRESSURE");`
	125	+	`let backpressureEnabled;`
	126	+	`if (envBackpressure !== undefined && envBackpressure !== "") {`
	127	+	`backpressureEnabled =`
	128	+	`envBackpressure === "1" \|\| envBackpressure.toLowerCase() === "true";`
	129	+	`} else if (typeof backpressureConfig?.enabled === "boolean") {`
	130	+	`backpressureEnabled = backpressureConfig.enabled;`
	131	+	`} else {`
	132	+	`backpressureEnabled = isClusterMode;`
	133	+	`}`
	134	+
	135	+	`let adaptiveLimiter = null;`
	136	+	`if (backpressureEnabled) {`
	137	+	`adaptiveLimiter = createAdaptiveLimiter({`
	138	+	`initialLimit: backpressureConfig?.initialLimit,`
	139	+	`minLimit: backpressureConfig?.minLimit,`
	140	+	`// When both adaptive and static limits are configured, static is the hard ceiling`
	141	+	`maxLimit:`
	142	+	`maxConcurrentRequests > 0`
	143	+	`? Math.min(`
	144	+	`backpressureConfig?.maxLimit ?? 1000,`
	145	+	`maxConcurrentRequests`
	146	+	`)`
	147	+	`: backpressureConfig?.maxLimit,`
	148	+	`eluMax: backpressureConfig?.eluMax,`
	149	+	`sampleWindow: backpressureConfig?.sampleWindow,`
	150	+	`smoothingFactor: backpressureConfig?.smoothingFactor,`
	151	+	`queueSize: backpressureConfig?.queueSize,`
	152	+	`queueTimeout: backpressureConfig?.queueTimeout,`
	153	+	`logger: getRuntime(LOGGER_CONTEXT),`
	154	+	`});`
	155	+	`}`
	156	+
74	157		`const initialRuntime = {`
75	158		`[MEMORY_CACHE_CONTEXT]: new StorageCache(memoryDriver),`
76	159		`};`

@@ -85,10 +168,39 @@export default async function createServer(root, options) {

85	168
86	169		`const publicDir =`
87	170		`typeof config.public === "string" ? config.public : "public";`
	171	+	`// ── Admission control state ──`
	172	+	`let inflightRequests = 0;`
	173	+
88	174		`const initialHandlers = await Promise.all([`
89		-	`async function prerenderInit() {`
90		-	`PrerenderStorage.enterWith({});`
	175	+	`// ── Health check endpoints (bypass all middleware for minimal latency) ──`
	176	+	`async function healthCheck(context) {`
	177	+	`if (context.url.pathname === "/__react_server_health__") {`
	178	+	`return new Response("ok", {`
	179	+	`status: 200,`
	180	+	`headers: { "content-type": "text/plain" },`
	181	+	`});`
	182	+	`}`
	183	+	`if (context.url.pathname === "/__react_server_ready__") {`
	184	+	`// The render Worker (not the cluster worker) is what drives RSC/SSR.`
	185	+	`// If it has exited, the render pipeline is dead even though the HTTP`
	186	+	`// listener is still alive — return 503 so the orchestrator stops`
	187	+	`// routing traffic. We track liveness via an 'exit' event listener`
	188	+	// (see `workerAlive` in the closure above) because Worker.exitCode
	189	+	`// is unreliable for this purpose.`
	190	+	`if (!workerAlive) {`
	191	+	`return new Response("not ready", {`
	192	+	`status: 503,`
	193	+	`headers: { "content-type": "text/plain" },`
	194	+	`});`
	195	+	`}`
	196	+	`return new Response("ok", {`
	197	+	`status: 200,`
	198	+	`headers: { "content-type": "text/plain" },`
	199	+	`});`
	200	+	`}`
91	201		`},`
	202	+	`// Static files are served before admission control — they are cheap I/O`
	203	+	`// and should not be gated by the concurrency limiter or count toward inflight.`
92	204		`staticHandler(join(cwd, options.outDir, "dist"), {`
93	205		`cwd: join(options.outDir, "dist"),`
94	206		`}),`

@@ -104,6 +216,82 @@export default async function createServer(root, options) {

104	216		`]`
105	217		`: []),`
106	218		`trailingSlashHandler(),`
	219	+	`// ── Admission control (reject requests when at capacity) ──`
	220	+	`// Only inserted into the chain when explicitly enabled. Even a no-op`
	221	+	`// middleware costs ~10μs/request (async function frame + compose hop),`
	222	+	`// which we measured at ~4–7% on hot routes in cluster mode. Build the`
	223	+	`// handler conditionally and let the spread skip it when off.`
	224	+	`...(adaptiveLimiter`
	225	+	`? [`
	226	+	`// Placed after static handlers so only SSR/dynamic requests are gated.`
	227	+	`async function admissionControl(context) {`
	228	+	// acquire() returns `true` (sync fast path), `false` (sync reject),
	229	+	// or a Promise (queued). Branch on the type to avoid an `await`
	230	+	`// microtask on the steady-state happy path.`
	231	+	`const result = adaptiveLimiter.acquire(context.signal);`
	232	+	`if (result === true) {`
	233	+	`// Steady-state happy path: zero latency tracking, just decrement.`
	234	+	// `performance.now()` × 2 + EWMA math is per-request overhead we
	235	+	`// skip here; latency observability remains on the contended path.`
	236	+	`try {`
	237	+	`return await context.next();`
	238	+	`} finally {`
	239	+	`adaptiveLimiter.releaseFast();`
	240	+	`}`
	241	+	`}`
	242	+	`if (result === false) {`
	243	+	`return new Response("Service Busy", {`
	244	+	`status: 503,`
	245	+	`headers: {`
	246	+	`"content-type": "text/plain",`
	247	+	`"retry-after": "1",`
	248	+	`},`
	249	+	`});`
	250	+	`}`
	251	+	`// Queued: await admission, then track latency for diagnostics.`
	252	+	`const acquired = await result;`
	253	+	`if (!acquired) {`
	254	+	`return new Response("Service Busy", {`
	255	+	`status: 503,`
	256	+	`headers: {`
	257	+	`"content-type": "text/plain",`
	258	+	`"retry-after": "1",`
	259	+	`},`
	260	+	`});`
	261	+	`}`
	262	+	`const startTime = performance.now();`
	263	+	`try {`
	264	+	`return await context.next();`
	265	+	`} finally {`
	266	+	`adaptiveLimiter.release(performance.now() - startTime);`
	267	+	`}`
	268	+	`},`
	269	+	`]`
	270	+	`: maxConcurrentRequests > 0`
	271	+	`? [`
	272	+	`// Static admission control fallback`
	273	+	`async function staticAdmissionControl(context) {`
	274	+	`if (inflightRequests >= maxConcurrentRequests) {`
	275	+	`return new Response("Service Busy", {`
	276	+	`status: 503,`
	277	+	`headers: {`
	278	+	`"content-type": "text/plain",`
	279	+	`"retry-after": "1",`
	280	+	`},`
	281	+	`});`
	282	+	`}`
	283	+	`inflightRequests++;`
	284	+	`try {`
	285	+	`return await context.next();`
	286	+	`} finally {`
	287	+	`inflightRequests--;`
	288	+	`}`
	289	+	`},`
	290	+	`]`
	291	+	`: []),`
	292	+	`async function prerenderInit() {`
	293	+	`PrerenderStorage.enterWith({});`
	294	+	`},`
107	295		`cookie(config.cookies),`
108	296		`...(config.handlers?.pre ?? []),`
109	297		`ssrHandler(root, options),`

@@ -141,6 +329,15 @@export default async function createServer(root, options) {

141	329		`trustProxy: config.server?.trustProxy ?? options.trustProxy,`
142	330		`});`
143	331
	332	+	// Node's default `connectionsCheckingInterval` is 30s, meaning slow-headers
	333	+	// / slow-body timeouts (`headersTimeout`, `requestTimeout`) only fire at
	334	+	`// that interval — so a partial request can hold a connection for up to 30s`
	335	+	`// beyond its configured deadline. We tighten this to 5s so timeouts fire`
	336	+	`// much closer to their configured value (verified empirically: with this`
	337	+	// override, a `headersTimeout: 2000` request closes at 2.0s instead of 30s).
	338	+	`const connectionsCheckingInterval =`
	339	+	`config.server?.connectionsCheckingInterval ?? 5_000;`
	340	+
144	341		`let server;`
145	342		`let httpServer = options.httpServer;`
146	343		`if (options.middlewareMode) {`

@@ -149,12 +346,18 @@export default async function createServer(root, options) {

149	346		`const httpsOptions = config.server?.https ?? options.https;`
150	347		`if (!httpsOptions) {`
151	348		`const { createServer } = await import("node:http");`
152		-	`server = httpServer = createServer(middlewares);`
	349	+	`server = httpServer = createServer(`
	350	+	`{ connectionsCheckingInterval },`
	351	+	`middlewares`
	352	+	`);`
153	353		`} else {`
154	354		`// fallback to http1 when proxy is needed.`
155	355		`if (config.server?.proxy) {`
156	356		`const { createServer } = await import("node:https");`
157		-	`server = httpServer = createServer(httpsOptions, middlewares);`
	357	+	`server = httpServer = createServer(`
	358	+	`{ ...httpsOptions, connectionsCheckingInterval },`
	359	+	`middlewares`
	360	+	`);`
158	361		`} else {`
159	362		`const { createSecureServer } = await import("node:http2");`
160	363		`server = httpServer = createSecureServer(`

@@ -171,6 +374,41 @@export default async function createServer(root, options) {

171	374		`}`
172	375		`}`
173	376
	377	+	`// ── Apply server timeouts ──`
	378	+	// The HTTP/1.1-specific knobs (`keepAliveTimeout`, `headersTimeout`,
	379	+	// `requestTimeout`) only protect the HTTP/1.1 path. HTTP/2 sessions go
	380	+	`// through a different state machine and ignore them — so we ALSO call`
	381	+	// `setTimeout` on the server, which sets the underlying socket idle
	382	+	`// timeout. Without this, an HTTP/2 client that completes the TLS handshake`
	383	+	`// but never sends a HEADERS frame can hold the connection indefinitely.`
	384	+	`if (httpServer) {`
	385	+	`httpServer.keepAliveTimeout = keepAliveTimeout;`
	386	+	`httpServer.headersTimeout = headersTimeout;`
	387	+	`if (requestTimeout > 0) {`
	388	+	`httpServer.requestTimeout = requestTimeout;`
	389	+	`}`
	390	+	`if (typeof httpServer.setTimeout === "function" && requestTimeout > 0) {`
	391	+	`httpServer.setTimeout(requestTimeout);`
	392	+	`}`
	393	+	`}`
	394	+
	395	+	`// ── Graceful shutdown: Connection: close header ──`
	396	+	// During shutdown, every response gets `Connection: close` so the client
	397	+	`// stops reusing keep-alive connections. The client closes the TCP`
	398	+	`// connection itself after receiving the response — cleanly, no dropped`
	399	+	`// requests. Idle sockets (no in-flight request) are destroyed directly`
	400	+	`// via closeIdleConnections() since there's no response to carry the header.`
	401	+	`//`
	402	+	`// The 'request' listener is attached lazily inside server.shutdown() rather`
	403	+	`// than at startup. At 50k req/s the savings of one less listener invocation`
	404	+	`// per request, just to check a one-way boolean, is worth keeping.`
	405	+	`let isServerShuttingDown = false;`
	406	+	`const onShutdownRequest = (_req, res) => {`
	407	+	`if (isServerShuttingDown && !res.headersSent) {`
	408	+	`res.setHeader("Connection", "close");`
	409	+	`}`
	410	+	`};`
	411	+
174	412		`if (`
175	413		`httpServer &&`
176	414		`existsSync(join(cwd, options.outDir, "server/live-io.manifest.json"))`

@@ -209,8 +447,15 @@export default async function createServer(root, options) {

209	447		`});`
210	448		`});`
211	449
	450	+	`// Safety net: if anything teardown the http server without going through`
	451	+	// `server.shutdown()` (tests, embedders, future code), make sure socket.io
	452	+	`// also closes — otherwise it leaks upgrade connections.`
212	453		`httpServer.on("close", () => {`
213		-	`io.close();`
	454	+	`try {`
	455	+	`io.close();`
	456	+	`} catch {`
	457	+	`// already closed`
	458	+	`}`
214	459		`});`
215	460		`}`
216	461

@@ -224,5 +469,52 @@export default async function createServer(root, options) {

224	469		`// ── Telemetry: end startup span ──`
225	470		`startupSpan.end();`
226	471
	472	+	`// ── Internal shutdown hook ──`
	473	+	// `server.shutdown` is consumed by `start/action.mjs` (cluster worker
	474	+	// graceful-shutdown handler) BEFORE `listener.close()`. It is NOT a
	475	+	`// public API — the shape and lifecycle may change. External code that`
	476	+	`// wants graceful shutdown should send SIGTERM and let the worker do it.`
	477	+	`//`
	478	+	`// The hook:`
	479	+	`// 1. Rejects all queued backpressure waiters`
	480	+	`// 2. Closes socket.io (which holds upgrade connections)`
	481	+	// 3. Flags the server so all future responses include `Connection: close`
	482	+	`// 4. Sets keepAliveTimeout to 1ms for connections that complete during shutdown`
	483	+	`// 5. Destroys currently idle sockets`
	484	+	`// 6. After a grace period, force-closes ALL remaining connections`
	485	+	`server.shutdown = () => {`
	486	+	`isServerShuttingDown = true;`
	487	+	`// Attach the Connection: close stamper now — kept off the hot path until`
	488	+	`// shutdown actually starts.`
	489	+	`if (httpServer) {`
	490	+	`httpServer.on("request", onShutdownRequest);`
	491	+	`}`
	492	+	`if (adaptiveLimiter) {`
	493	+	`adaptiveLimiter.destroy();`
	494	+	`}`
	495	+	`// Close socket.io BEFORE closing the HTTP server — io holds upgrade`
	496	+	`// connections that prevent httpServer.close() from completing.`
	497	+	`const liveIO = getRuntime(LIVE_IO);`
	498	+	`if (liveIO?.io) {`
	499	+	`liveIO.io.close();`
	500	+	`}`
	501	+	`if (httpServer) {`
	502	+	`httpServer.keepAliveTimeout = 1;`
	503	+	`if (typeof httpServer.closeIdleConnections === "function") {`
	504	+	`httpServer.closeIdleConnections();`
	505	+	`}`
	506	+	`// Give in-flight requests a moment to complete, then force-close`
	507	+	`// all remaining connections. This handles sockets that Node.js`
	508	+	`// hasn't marked as idle yet (e.g. response flushing, keep-alive`
	509	+	`// state transitions).`
	510	+	`const forceClose = setTimeout(() => {`
	511	+	`if (typeof httpServer.closeAllConnections === "function") {`
	512	+	`httpServer.closeAllConnections();`
	513	+	`}`
	514	+	`}, 1500);`
	515	+	`forceClose.unref();`
	516	+	`}`
	517	+	`};`
	518	+
227	519		`return server;`
228	520		`}`

297	311		console.log(`⏭ Skipping ${b.name} (no path resolved)`);
298	312		`continue;`
299	313		`}`
	314	+	`if (onlyFilter.size > 0 && !onlyFilter.has(b.name)) continue;`
300	315
301	316		process.stdout.write(`▶ ${b.name.padEnd(14)} ${b.desc}...`);
302	317		const url = `http://localhost:${PORT}${b.path}`;
303	318		`const data = await runAutocannon(url);`
304	319
	320	+	`const total2xx = data["2xx"] ?? 0;`
	321	+	`const totalNon2xx = (data.non2xx ?? 0) + (data.errors ?? 0);`
	322	+	`const totalRequests = total2xx + totalNon2xx;`
	323	+	`const durationSec = data.duration ?? DURATION;`
	324	+
	325	+	`// For routes with expected non-2xx responses (e.g. 404), count all`
	326	+	`// completed requests as "ok". Otherwise only count 2xx.`
	327	+	`const totalOk = b.expect ? totalRequests - (data.errors ?? 0) : total2xx;`
	328	+	`const okReqSec = durationSec > 0 ? totalOk / durationSec : 0;`
	329	+
	330	+	`// Unexpected non-2xx: for a 404 route, the 404s are expected — only`
	331	+	`// connection errors and 503s are unexpected failures`
	332	+	`const unexpectedErrors = b.expect ? (data.errors ?? 0) : totalNon2xx;`
	333	+
305	334		`const result = {`
306	335		`name: b.name,`
307	336		`desc: b.desc,`
308	337		`path: b.path,`
309		-	`reqSec: data.requests.average,`
	338	+	`reqSec: okReqSec,`
	339	+	`totalReqSec: data.requests.average,`
310	340		`latencyAvg: data.latency.average,`
311	341		`latencyP50: data.latency.p50,`
312	342		`latencyP99: data.latency.p99,`
313	343		`throughputMB: (data.throughput.average / 1024 / 1024).toFixed(1),`
314		-	`total2xx: data["2xx"],`
315		-	`errors: data.errors,`
	344	+	`total2xx,`
	345	+	`totalNon2xx,`
	346	+	`totalRequests,`
	347	+	`unexpectedErrors,`
	348	+	`errors: data.errors ?? 0,`
316	349		`};`
317	350		`results.push(result);`
318	351
	352	+	const status = unexpectedErrors > 0 ? ` \| ${unexpectedErrors} non-2xx` : "";
319	353		`console.log(`
320		-	` ${result.reqSec.toFixed(0)} req/s \| avg ${result.latencyAvg}ms \| p99 ${result.latencyP99}ms`
	354	+	` ${result.reqSec.toFixed(0)} req/s \| avg ${result.latencyAvg}ms \| p99 ${result.latencyP99}ms${status}`
321	355		`);`
322	356		`}`
323	357

370	409		`String(r.latencyP50).padStart(14) +`
371	410		`String(r.latencyP99).padStart(14) +`
372	411		`${r.throughputMB} MB/s`.padStart(12) +
	412	+	`fmtErrors(r).padStart(10) +`
373	413		`" " +`
374	414		`r.desc`
375	415		`);`
376	416		`}`
377		-	`console.log("═".repeat(130));`
	417	+	`console.log("═".repeat(140));`
378	418		`} else {`
379		-	`console.log("\n" + "═".repeat(110));`
	419	+	`console.log("\n" + "═".repeat(120));`
380	420		`console.log(`
381	421		`" " +`
382	422		`"Benchmark".padEnd(16) +`

385	425		`"P50 (ms)".padStart(10) +`
386	426		`"P99 (ms)".padStart(10) +`
387	427		`"Throughput".padStart(12) +`
	428	+	`"Errors".padStart(10) +`
388	429		`" " +`
389	430		`"Description"`
390	431		`);`
391		-	`console.log("─".repeat(110));`
	432	+	`console.log("─".repeat(120));`
392	433		`for (const r of results) {`
393	434		`console.log(`
394	435		`" " +`

442	442		`"type": "boolean",`
443	443		`"description": "Trust the X-Forwarded-* headers from reverse proxies."`
444	444		`},`
	445	+	`"keepAliveTimeout": {`
	446	+	`"type": "integer",`
	447	+	`"minimum": 0,`
	448	+	`"description": "Keep-alive timeout in milliseconds. Must exceed your load balancer's idle timeout to prevent 502 errors. Default: 65000."`
	449	+	`},`
	450	+	`"headersTimeout": {`
	451	+	`"type": "integer",`
	452	+	`"minimum": 0,`
	453	+	`"description": "Headers timeout in milliseconds. Maximum time to wait for the client to send full request headers. Must exceed keepAliveTimeout. Default: 66000."`
	454	+	`},`
	455	+	`"requestTimeout": {`
	456	+	`"type": "integer",`
	457	+	`"minimum": 0,`
	458	+	`"description": "Request timeout in milliseconds. Maximum time allowed for the client to send the complete request. Set to 0 to disable. Default: 30000."`
	459	+	`},`
	460	+	`"maxConcurrentRequests": {`
	461	+	`"type": "integer",`
	462	+	`"minimum": 0,`
	463	+	`"description": "Maximum concurrent requests before the server responds with 503. Set to 0 to disable. Default: 0 (disabled)."`
	464	+	`},`
	465	+	`"shutdownTimeout": {`
	466	+	`"type": "integer",`
	467	+	`"minimum": 0,`
	468	+	`"description": "Graceful shutdown timeout in milliseconds. Time to wait for in-flight requests to drain after SIGTERM/SIGINT. Default: 25000."`
	469	+	`},`
	470	+	`"connectionsCheckingInterval": {`
	471	+	`"type": "integer",`
	472	+	`"minimum": 100,`
	473	+	`"description": "How often (ms) the HTTP server scans for connections exceeding their headers/request timeouts. Lower = faster slow-loris detection. Node's default is 30000ms; we override to 5000. Default: 5000."`
	474	+	`},`
	475	+	`"clusterRespawnLimit": {`
	476	+	`"type": "integer",`
	477	+	`"minimum": 1,`
	478	+	"description": "Crash-loop trip wire: max worker exits within `clusterRespawnWindow` before the master gives up and exits. Default: numCPUs * 5."
	479	+	`},`
	480	+	`"clusterRespawnWindow": {`
	481	+	`"type": "integer",`
	482	+	`"minimum": 1000,`
	483	+	"description": "Sliding window (ms) used by `clusterRespawnLimit` to detect crash loops. Default: 60000."
	484	+	`},`
	485	+	`"backpressure": {`
	486	+	`"type": "object",`
	487	+	`"properties": {`
	488	+	`"enabled": {`
	489	+	`"type": "boolean",`
	490	+	`"description": "Enable adaptive backpressure. Defaults: enabled when running in cluster mode, disabled in single-process. Override via env var REACT_SERVER_BACKPRESSURE=1\|0 (env wins over config), or set this flag explicitly."`
	491	+	`},`
	492	+	`"initialLimit": {`
	493	+	`"type": "integer",`
	494	+	`"minimum": 1,`
	495	+	`"description": "Starting concurrency limit. Defaults to maxLimit (start wide open, tighten under overload)."`
	496	+	`},`
	497	+	`"minLimit": {`
	498	+	`"type": "integer",`
	499	+	`"minimum": 1,`
	500	+	`"description": "Minimum concurrency limit (floor). The adaptive limit never drops below this. Default: 1."`
	501	+	`},`
	502	+	`"maxLimit": {`
	503	+	`"type": "integer",`
	504	+	`"minimum": 1,`
	505	+	`"description": "Maximum concurrency limit (ceiling). Capped by maxConcurrentRequests when set. Default: 1000."`
	506	+	`},`
	507	+	`"eluMax": {`
	508	+	`"type": "number",`
	509	+	`"minimum": 0,`
	510	+	`"maximum": 1,`
	511	+	`"description": "Event Loop Utilization threshold (0–1). Above this, the limit decreases and excess requests skip the queue. Default: 0.95."`
	512	+	`},`
	513	+	`"sampleWindow": {`
	514	+	`"type": "integer",`
	515	+	`"minimum": 100,`
	516	+	`"description": "Interval (ms) for recalculation and ELU sampling. Default: 1000."`
	517	+	`},`
	518	+	`"smoothingFactor": {`
	519	+	`"type": "number",`
	520	+	`"minimum": 0,`
	521	+	`"maximum": 1,`
	522	+	"description": "EWMA smoothing factor for the `smoothedLatency` field in the limiter's stats output. Observability-only — does not affect admission decisions. Default: 0.2."
	523	+	`},`
	524	+	`"queueSize": {`
	525	+	`"type": "integer",`
	526	+	`"minimum": 0,`
	527	+	`"description": "Maximum requests waiting in the backpressure queue. Beyond this, requests are immediately rejected with 503. Default: 100."`
	528	+	`},`
	529	+	`"queueTimeout": {`
	530	+	`"type": "integer",`
	531	+	`"minimum": 0,`
	532	+	`"description": "Maximum time (ms) a request waits in the queue before being rejected with 503. Default: 5000."`
	533	+	`}`
	534	+	`},`
	535	+	`"additionalProperties": false,`
	536	+	`"description": "Adaptive backpressure configuration using Event Loop Utilization (ELU). Enabled by default in production with zero overhead. Dynamically adjusts concurrency limit based on event loop saturation."`
	537	+	`},`
445	538		`"headers": {`
446	539		`"type": "object",`
447	540		`"description": "Custom response headers for the dev server."`

540	576		`origin: prop({ type: "string" }, "server.origin"),`
541	577		`proxy: prop({ type: "object" }, "server.proxy"),`
542	578		`trustProxy: prop({ type: "boolean" }, "server.trustProxy"),`
	579	+	`keepAliveTimeout: prop(`
	580	+	`{ type: "integer", minimum: 0 },`
	581	+	`"server.keepAliveTimeout"`
	582	+	`),`
	583	+	`headersTimeout: prop(`
	584	+	`{ type: "integer", minimum: 0 },`
	585	+	`"server.headersTimeout"`
	586	+	`),`
	587	+	`requestTimeout: prop(`
	588	+	`{ type: "integer", minimum: 0 },`
	589	+	`"server.requestTimeout"`
	590	+	`),`
	591	+	`maxConcurrentRequests: prop(`
	592	+	`{ type: "integer", minimum: 0 },`
	593	+	`"server.maxConcurrentRequests"`
	594	+	`),`
	595	+	`shutdownTimeout: prop(`
	596	+	`{ type: "integer", minimum: 0 },`
	597	+	`"server.shutdownTimeout"`
	598	+	`),`
	599	+	`connectionsCheckingInterval: prop(`
	600	+	`{ type: "integer", minimum: 100 },`
	601	+	`"server.connectionsCheckingInterval"`
	602	+	`),`
	603	+	`clusterRespawnLimit: prop(`
	604	+	`{ type: "integer", minimum: 1 },`
	605	+	`"server.clusterRespawnLimit"`
	606	+	`),`
	607	+	`clusterRespawnWindow: prop(`
	608	+	`{ type: "integer", minimum: 1000 },`
	609	+	`"server.clusterRespawnWindow"`
	610	+	`),`
	611	+	`backpressure: prop(`
	612	+	`{`
	613	+	`type: "object",`
	614	+	`properties: {`
	615	+	`enabled: prop(`
	616	+	`{ type: "boolean" },`
	617	+	`"server.backpressure.enabled"`
	618	+	`),`
	619	+	`initialLimit: prop(`
	620	+	`{ type: "integer", minimum: 1 },`
	621	+	`"server.backpressure.initialLimit"`
	622	+	`),`
	623	+	`minLimit: prop(`
	624	+	`{ type: "integer", minimum: 1 },`
	625	+	`"server.backpressure.minLimit"`
	626	+	`),`
	627	+	`maxLimit: prop(`
	628	+	`{ type: "integer", minimum: 1 },`
	629	+	`"server.backpressure.maxLimit"`
	630	+	`),`
	631	+	`eluMax: prop(`
	632	+	`{ type: "number", minimum: 0, maximum: 1 },`
	633	+	`"server.backpressure.eluMax"`
	634	+	`),`
	635	+	`sampleWindow: prop(`
	636	+	`{ type: "integer", minimum: 100 },`
	637	+	`"server.backpressure.sampleWindow"`
	638	+	`),`
	639	+	`smoothingFactor: prop(`
	640	+	`{ type: "number", minimum: 0, maximum: 1 },`
	641	+	`"server.backpressure.smoothingFactor"`
	642	+	`),`
	643	+	`queueSize: prop(`
	644	+	`{ type: "integer", minimum: 0 },`
	645	+	`"server.backpressure.queueSize"`
	646	+	`),`
	647	+	`queueTimeout: prop(`
	648	+	`{ type: "integer", minimum: 0 },`
	649	+	`"server.backpressure.queueTimeout"`
	650	+	`),`
	651	+	`},`
	652	+	`additionalProperties: false,`
	653	+	`},`
	654	+	`"server.backpressure"`
	655	+	`),`
543	656		`headers: prop({ type: "object" }, "server.headers"),`
544	657		`warmup: prop({ type: "object" }, "server.warmup"),`
545	658		`preTransformRequests: prop(`

118	118
119	119		If you build with `--sourcemap`, the Dockerfile will also set `NODE_OPTIONS="--enable-source-maps"`.
120	120
	121	+	`<Link name="kubernetes">`
	122	+	`## Kubernetes`
	123	+	`</Link>`
	124	+
	125	+	`When deploying to Kubernetes, configure liveness and readiness probes using the built-in health check endpoints:`
	126	+
	127	+	```yaml
	128	+	`apiVersion: apps/v1`
	129	+	`kind: Deployment`
	130	+	`metadata:`
	131	+	`name: my-app`
	132	+	`spec:`
	133	+	`template:`
	134	+	`spec:`
	135	+	`terminationGracePeriodSeconds: 30`
	136	+	`containers:`
	137	+	`- name: app`
	138	+	`image: my-app:latest`
	139	+	`ports:`
	140	+	`- containerPort: 3000`
	141	+	`livenessProbe:`
	142	+	`httpGet:`
	143	+	`path: /__react_server_health__`
	144	+	`port: 3000`
	145	+	`initialDelaySeconds: 5`
	146	+	`periodSeconds: 10`
	147	+	`readinessProbe:`
	148	+	`httpGet:`
	149	+	`path: /__react_server_ready__`
	150	+	`port: 3000`
	151	+	`initialDelaySeconds: 3`
	152	+	`periodSeconds: 5`
	153	+	```
	154	+
	155	+	The server automatically handles graceful shutdown on `SIGTERM` — it stops accepting new connections and drains in-flight requests before exiting. See the [HTTP layer](/features/http-layer) page for tuning keep-alive timeouts, request timeouts, and shutdown behavior.
	156	+
	157	+	> Tip: When running behind an AWS ALB or NLB, the default `keepAliveTimeout` of 65 seconds is configured to exceed the load balancer's 60-second idle timeout, preventing 502 errors under load. You can adjust this in your `react-server.config.mjs` via `server.keepAliveTimeout`.
	158	+
121	159		`<Link name="how-it-works">`
122	160		`## How it works`
123	161		`</Link>`

1	+	`---`
2	+	`title: HTTP layer`
3	+	`category: Features`
4	+	`order: 9`
5	+	`---`
6	+
7	+	`import Link from "../../../../components/Link.jsx";`
8	+
9	+	`# HTTP layer`
10	+
11	+	The production HTTP server in `@lazarv/react-server` is built on Node.js `node:http` (or `node:http2` for HTTPS without proxy) and includes built-in support for keep-alive management, request timeouts, admission control, health check endpoints, and graceful shutdown. These features are critical when running behind a load balancer (e.g. AWS ALB/NLB, k8s Ingress) to prevent 502 errors, connection exhaustion, and dropped requests during deployments.
12	+
13	+	`<Link name="configuration">`
14	+	`## Configuration`
15	+	`</Link>`
16	+
17	+	All HTTP layer options live under the `server` section of your config file. Every value has a safe default that works well with common load balancer configurations.
18	+
19	+	```mjs filename="react-server.config.mjs"
20	+	`export default {`
21	+	`server: {`
22	+	`keepAliveTimeout: 65000,`
23	+	`headersTimeout: 66000,`
24	+	`requestTimeout: 30000,`
25	+	`maxConcurrentRequests: 100,`
26	+	`shutdownTimeout: 25000,`
27	+	`},`
28	+	`};`
29	+	```
30	+
31	+	`\| Option \| Default \| Description \|`
32	+	`\|---\|---\|---\|`
33	+	\| `keepAliveTimeout` \| `65000` \| How long (ms) the server keeps idle connections open. Must exceed your load balancer's idle timeout to prevent 502 errors. AWS ALB defaults to 60s, so 65s is a safe starting point. \|
34	+	\| `headersTimeout` \| `66000` \| Maximum time (ms) to wait for the client to send the full request headers. Must exceed `keepAliveTimeout`. \|
35	+	\| `requestTimeout` \| `30000` \| Maximum time (ms) for the client to send the complete request (headers + body). Set to `0` to disable. \|
36	+	\| `maxConcurrentRequests` \| `0` \| Maximum number of concurrent requests before the server responds with `503 Service Busy`. Set to `0` to disable admission control. \|
37	+	\| `shutdownTimeout` \| `25000` \| After receiving `SIGTERM`/`SIGINT`, the server stops accepting new connections and waits up to this duration (ms) for in-flight requests to complete before force-exiting. Should be less than your k8s `terminationGracePeriodSeconds` (default 30s). \|
38	+
39	+	`<Link name="keep-alive">`
40	+	`## Keep-alive and timeouts`
41	+	`</Link>`
42	+
43	+	Node.js defaults `keepAliveTimeout` to 5 seconds, which is far too low for environments with a load balancer. If the server closes an idle connection before the load balancer does, the load balancer may send a request on a connection the server has already torn down, resulting in a 502 Bad Gateway.
44	+
45	+	The default values in `@lazarv/react-server` are chosen to avoid this:
46	+
47	+	- `keepAliveTimeout` (65s) exceeds the AWS ALB default idle timeout (60s)
48	+	- `headersTimeout` (66s) exceeds `keepAliveTimeout` as required by Node.js
49	+	- `requestTimeout` (30s) prevents slow or stalled clients from holding sockets indefinitely
50	+
51	+	`<Link name="admission-control">`
52	+	`## Admission control`
53	+	`</Link>`
54	+
55	+	When `maxConcurrentRequests` is set to a value greater than `0`, the server tracks in-flight requests and responds with `503 Service Busy` (with a `Retry-After: 1` header) when the limit is reached. This prevents thundering-herd scenarios where all requests compete for CPU/memory simultaneously, causing all of them to be slow rather than serving some fast and rejecting others.
56	+
57	+	`The counter is decremented after the response is fully sent, ensuring accurate tracking even for streaming responses. On error paths, the counter is also properly decremented.`
58	+
59	+	`<Link name="adaptive-backpressure">`
60	+	`## Adaptive backpressure`
61	+	`</Link>`
62	+
63	+	`@lazarv/react-server` ships with an adaptive backpressure system that is enabled by default in production. It uses Event Loop Utilization (ELU) — `performance.eventLoopUtilization()` — as a direct measure of Node.js event loop saturation. Unlike CPU% or latency-based algorithms, ELU is unaffected by workload heterogeneity (switching between fast and slow routes) and only rises when the event loop itself is genuinely saturated.
64	+
65	+	`The control loop uses AIMD (Additive Increase, Multiplicative Decrease):`
66	+	- ELU < 0.95: increase the limit by `√limit` per window (fast recovery)
67	+	`- ELU ≥ 0.95: decrease the limit by 10% per window (gentle backoff)`
68	+
69	+	The limiter starts wide open (`initialLimit = maxLimit`) and has zero overhead on the fast path — it is invisible under normal load and only tightens when the event loop is genuinely saturated.
70	+
71	+	To customize or disable it, use `server.backpressure`:
72	+
73	+	```mjs filename="react-server.config.mjs"
74	+	`export default {`
75	+	`server: {`
76	+	`backpressure: {`
77	+	`enabled: true, // set to false to disable`
78	+	`initialLimit: 1000, // starting limit (defaults to maxLimit)`
79	+	`minLimit: 1, // floor`
80	+	`maxLimit: 1000, // ceiling`
81	+	`eluMax: 0.95, // skip queuing above 95% ELU`
82	+	`sampleWindow: 1000, // recalculate every 1s`
83	+	`smoothingFactor: 0.2, // EWMA latency smoothing`
84	+	`queueSize: 100, // max requests waiting for a slot`
85	+	`queueTimeout: 5000, // max wait time (ms) before 503`
86	+	`},`
87	+	`},`
88	+	`};`
89	+	```
90	+
91	+	`\| Option \| Default \| Description \|`
92	+	`\|---\|---\|---\|`
93	+	\| `enabled` \| `true` \| Enable adaptive backpressure. Set to `false` to disable and fall back to static `maxConcurrentRequests`. \|
94	+	\| `initialLimit` \| `maxLimit` \| Starting concurrency limit. Defaults to `maxLimit` (start wide open, tighten under overload). \|
95	+	\| `minLimit` \| `1` \| Floor — the adaptive limit never drops below this. \|
96	+	\| `maxLimit` \| `1000` \| Ceiling — capped by `maxConcurrentRequests` when both are set. \|
97	+	\| `eluMax` \| `0.95` \| ELU level (0–1) where the limit decreases and excess requests skip the queue. \|
98	+	\| `sampleWindow` \| `1000` \| Interval (ms) for recalculation and ELU sampling. \|
99	+	\| `smoothingFactor` \| `0.2` \| EWMA factor (0–1) for latency smoothing. Higher = more reactive. \|
100	+	\| `queueSize` \| `100` \| Maximum requests waiting in the backpressure queue. When full, additional requests are immediately rejected with 503. \|
101	+	\| `queueTimeout` \| `5000` \| Maximum time (ms) a request waits in the queue before being rejected with 503. Should be shorter than your load balancer's request timeout. \|
102	+
103	+	When both `backpressure.enabled` and `maxConcurrentRequests` are configured, the static limit acts as the hard ceiling for the adaptive limit. This gives you a safety net: the algorithm can explore up to `maxConcurrentRequests` but never exceed it.
104	+
105	+	`### How the queue works`
106	+
107	+	`Instead of immediately rejecting requests when the concurrency limit is reached, the limiter places them in a bounded FIFO queue. When an in-flight request completes, the freed slot is handed directly to the next queued waiter rather than returning to the general pool — ensuring fair ordering.`
108	+
109	+	`Requests are removed from the queue when:`
110	+	`- A slot becomes available → the request proceeds normally`
111	+	- `queueTimeout` expires → the request is rejected with 503
112	+	`- The client disconnects → the request is silently discarded (no wasted work)`
113	+	- ELU exceeds `eluMax` → requests bypass the queue entirely and are immediately rejected
114	+
115	+	`This absorbs short traffic bursts transparently while still shedding load during sustained overload.`
116	+
117	+	`> Tip: Start with the defaults and monitor. The limiter exposes stats (current limit, inflight count, queue depth, ELU, smoothed latency) that you can pipe into your observability stack to tune the parameters for your workload.`
118	+
119	+	`<Link name="health-check">`
120	+	`## Health check endpoints`
121	+	`</Link>`
122	+
123	+	`The production server exposes two built-in endpoints for Kubernetes liveness and readiness probes. These endpoints are registered at the very top of the middleware chain, bypassing all other middleware for minimal latency.`
124	+
125	+	`\| Endpoint \| Purpose \| Response \|`
126	+	`\|---\|---\|---\|`
127	+	\| `/__react_server_health__` \| Liveness probe \| `200 ok` — the process is alive \|
128	+	\| `/__react_server_ready__` \| Readiness probe \| `200 ok` when the worker thread is running, `503 not ready` when the worker has exited \|
129	+
130	+	`Example Kubernetes pod spec:`
131	+
132	+	```yaml
133	+	`livenessProbe:`
134	+	`httpGet:`
135	+	`path: /__react_server_health__`
136	+	`port: 3000`
137	+	`initialDelaySeconds: 5`
138	+	`periodSeconds: 10`
139	+	`readinessProbe:`
140	+	`httpGet:`
141	+	`path: /__react_server_ready__`
142	+	`port: 3000`
143	+	`initialDelaySeconds: 3`
144	+	`periodSeconds: 5`
145	+	```
146	+
147	+	> Tip: Point your liveness probe at `/__react_server_health__` rather than `/`. The health endpoint returns instantly without touching the SSR pipeline, so it won't false-fail under heavy rendering load.
148	+
149	+	`<Link name="graceful-shutdown">`
150	+	`## Graceful shutdown`
151	+	`</Link>`
152	+
153	+	When the server receives `SIGTERM` or `SIGINT`:
154	+
155	+	`1. It stops accepting new connections`
156	+	`2. In-flight requests are allowed to complete`
157	+	3. After `shutdownTimeout` milliseconds, the process force-exits
158	+
159	+	`In [cluster mode](/features/cluster), the primary process waits for all workers to drain before exiting. If a worker dies unexpectedly during normal operation, it is automatically restarted — rather than taking down the entire service.`
160	+
161	+	This ensures zero-downtime rolling deployments on Kubernetes and other container orchestrators. The default `shutdownTimeout` of 25 seconds leaves a 5-second buffer within the default k8s `terminationGracePeriodSeconds` of 30 seconds.

118	118
119	119		`--sourcemap` でビルドした場合、Dockerfile に `NODE_OPTIONS="--enable-source-maps"` も設定されます。
120	120
	121	+	`<Link name="kubernetes">`
	122	+	`## Kubernetes`
	123	+	`</Link>`
	124	+
	125	+	`Kubernetesにデプロイする場合、組み込みのヘルスチェックエンドポイントを使用してlivenessプローブとreadinessプローブを設定します：`
	126	+
	127	+	```yaml
	128	+	`apiVersion: apps/v1`
	129	+	`kind: Deployment`
	130	+	`metadata:`
	131	+	`name: my-app`
	132	+	`spec:`
	133	+	`template:`
	134	+	`spec:`
	135	+	`terminationGracePeriodSeconds: 30`
	136	+	`containers:`
	137	+	`- name: app`
	138	+	`image: my-app:latest`
	139	+	`ports:`
	140	+	`- containerPort: 3000`
	141	+	`livenessProbe:`
	142	+	`httpGet:`
	143	+	`path: /__react_server_health__`
	144	+	`port: 3000`
	145	+	`initialDelaySeconds: 5`
	146	+	`periodSeconds: 10`
	147	+	`readinessProbe:`
	148	+	`httpGet:`
	149	+	`path: /__react_server_ready__`
	150	+	`port: 3000`
	151	+	`initialDelaySeconds: 3`
	152	+	`periodSeconds: 5`
	153	+	```
	154	+
	155	+	サーバーは`SIGTERM`でグレースフルシャットダウンを自動的に処理します。新しいコネクションの受け入れを停止し、処理中のリクエストをドレインしてから終了します。Keep-Aliveタイムアウト、リクエストタイムアウト、シャットダウン動作の調整については、[HTTPレイヤー](/ja/features/http-layer)ページを参照してください。
	156	+
	157	+	> ヒント: AWS ALBまたはNLBの背後で実行する場合、デフォルトの`keepAliveTimeout`は65秒に設定されており、ロードバランサーの60秒アイドルタイムアウトを超えるため、高負荷時の502エラーを防ぎます。`react-server.config.mjs`の`server.keepAliveTimeout`で調整できます。
	158	+
121	159		`<Link name="how-it-works">`
122	160		`## 仕組み`
123	161		`</Link>`

1	+	`---`
2	+	`title: HTTPレイヤー`
3	+	`category: Features`
4	+	`order: 9`
5	+	`---`
6	+
7	+	`import Link from "../../../../components/Link.jsx";`
8	+
9	+	`# HTTPレイヤー`
10	+
11	+	`@lazarv/react-server` のプロダクションHTTPサーバーは、Node.jsの `node:http`（またはプロキシなしHTTPSの場合は `node:http2`）上に構築されており、Keep-Alive管理、リクエストタイムアウト、アドミッション制御、ヘルスチェックエンドポイント、グレースフルシャットダウンの組み込みサポートを含んでいます。これらの機能は、ロードバランサー（AWS ALB/NLB、k8s Ingressなど）の背後で実行する場合に、502エラー、コネクション枯渇、デプロイ中のリクエスト消失を防ぐために重要です。
12	+
13	+	`<Link name="configuration">`
14	+	`## 設定`
15	+	`</Link>`
16	+
17	+	HTTPレイヤーのすべてのオプションは、設定ファイルの `server` セクションに配置します。すべての値には、一般的なロードバランサー設定で適切に動作する安全なデフォルト値があります。
18	+
19	+	```mjs filename="react-server.config.mjs"
20	+	`export default {`
21	+	`server: {`
22	+	`keepAliveTimeout: 65000,`
23	+	`headersTimeout: 66000,`
24	+	`requestTimeout: 30000,`
25	+	`maxConcurrentRequests: 100,`
26	+	`shutdownTimeout: 25000,`
27	+	`},`
28	+	`};`
29	+	```
30	+
31	+	`\| オプション \| デフォルト \| 説明 \|`
32	+	`\|---\|---\|---\|`
33	+	\| `keepAliveTimeout` \| `65000` \| アイドルコネクションを開いたままにする時間（ミリ秒）。502エラーを防ぐため、ロードバランサーのアイドルタイムアウトを超える値に設定してください。AWS ALBのデフォルトは60秒なので、65秒が安全な開始点です。 \|
34	+	\| `headersTimeout` \| `66000` \| クライアントが完全なリクエストヘッダーを送信するまでの最大待機時間（ミリ秒）。`keepAliveTimeout`を超える値に設定してください。 \|
35	+	\| `requestTimeout` \| `30000` \| クライアントが完全なリクエスト（ヘッダー＋ボディ）を送信するまでの最大時間（ミリ秒）。`0`に設定すると無効になります。 \|
36	+	\| `maxConcurrentRequests` \| `0` \| サーバーが`503 Service Busy`を返すまでの最大同時リクエスト数。`0`に設定するとアドミッション制御が無効になります。 \|
37	+	\| `shutdownTimeout` \| `25000` \| `SIGTERM`/`SIGINT`を受信後、サーバーは新しいコネクションの受け入れを停止し、処理中のリクエストが完了するまでこの時間（ミリ秒）待機してから強制終了します。k8sの`terminationGracePeriodSeconds`（デフォルト30秒）より短く設定してください。 \|
38	+
39	+	`<Link name="keep-alive">`
40	+	`## Keep-Aliveとタイムアウト`
41	+	`</Link>`
42	+
43	+	Node.jsのデフォルトの `keepAliveTimeout` は5秒であり、ロードバランサーがある環境では短すぎます。ロードバランサーよりも先にサーバーがアイドルコネクションを閉じると、ロードバランサーはサーバーが既に切断したコネクションでリクエストを送信する可能性があり、502 Bad Gateway が発生します。
44	+
45	+	`@lazarv/react-server` のデフォルト値は、これを回避するように選択されています：
46	+
47	+	- `keepAliveTimeout`（65秒）はAWS ALBのデフォルトアイドルタイムアウト（60秒）を超えます
48	+	- `headersTimeout`（66秒）はNode.jsの要件通り `keepAliveTimeout` を超えます
49	+	- `requestTimeout`（30秒）は低速またはストールしたクライアントがソケットを無期限に保持するのを防ぎます
50	+
51	+	`<Link name="admission-control">`
52	+	`## アドミッション制御`
53	+	`</Link>`
54	+
55	+	`maxConcurrentRequests` が `0` より大きい値に設定されている場合、サーバーは処理中のリクエストを追跡し、制限に達すると `503 Service Busy`（`Retry-After: 1` ヘッダー付き）で応答します。これにより、すべてのリクエストがCPU/メモリを同時に奪い合い、すべてが遅くなるのではなく、一部を高速に処理し残りを拒否するサンダリングハードシナリオを防ぎます。
56	+
57	+	`カウンターはレスポンスが完全に送信された後にデクリメントされるため、ストリーミングレスポンスでも正確な追跡が保証されます。エラーパスでもカウンターは適切にデクリメントされます。`
58	+
59	+	`<Link name="adaptive-backpressure">`
60	+	`## アダプティブバックプレッシャー`
61	+	`</Link>`
62	+
63	+	`@lazarv/react-server` はプロダクション環境でデフォルトで有効なアダプティブバックプレッシャーシステムを搭載しています。イベントループ使用率（ELU） — `performance.eventLoopUtilization()` — を使用してNode.jsのイベントループ飽和度を直接測定します。CPU%やレイテンシーベースのアルゴリズムとは異なり、ELUはワークロードの不均一性（高速ルートと低速ルートの切り替え）の影響を受けず、イベントループ自体が真に飽和したときのみ上昇します。
64	+
65	+	`制御ループはAIMD（加法増加・乗法減少）を使用します：`
66	+	- ELU < 0.95: ウィンドウごとに `√limit` ずつ制限を増加（高速回復）
67	+	`- ELU ≥ 0.95: ウィンドウごとに10%ずつ制限を減少（緩やかなバックオフ）`
68	+
69	+	リミッターは全開（`initialLimit = maxLimit`）で開始し、ファストパスでオーバーヘッドゼロ — 通常の負荷では不可視で、イベントループが真に飽和したときのみ制限を強化します。
70	+
71	+	カスタマイズまたは無効にするには `server.backpressure` を使用します：
72	+
73	+	```mjs filename="react-server.config.mjs"
74	+	`export default {`
75	+	`server: {`
76	+	`backpressure: {`
77	+	`enabled: true, // falseで無効化`
78	+	`initialLimit: 1000, // 開始制限（デフォルトはmaxLimit）`
79	+	`minLimit: 1, // 下限`
80	+	`maxLimit: 1000, // 上限`
81	+	`eluMax: 0.95, // ELU 95%超でキューをスキップ`
82	+	`sampleWindow: 1000, // 1秒ごとに再計算`
83	+	`smoothingFactor: 0.2, // EWMAレイテンシー平滑化`
84	+	`queueSize: 100, // スロット待ちの最大リクエスト数`
85	+	`queueTimeout: 5000, // 503までの最大待機時間（ミリ秒）`
86	+	`},`
87	+	`},`
88	+	`};`
89	+	```
90	+
91	+	`\| オプション \| デフォルト \| 説明 \|`
92	+	`\|---\|---\|---\|`
93	+	\| `enabled` \| `true` \| アダプティブバックプレッシャーを有効化。`false`に設定すると無効になり、静的な`maxConcurrentRequests`にフォールバックします。 \|
94	+	\| `initialLimit` \| `maxLimit` \| 開始時の同時実行制限。デフォルトは`maxLimit`（最初は全開、過負荷時に制限）。 \|
95	+	\| `minLimit` \| `1` \| 下限 — アダプティブ制限はこの値を下回りません。 \|
96	+	\| `maxLimit` \| `1000` \| 上限 — 両方が設定されている場合、`maxConcurrentRequests`で制限されます。 \|
97	+	\| `eluMax` \| `0.95` \| 制限が縮小し、超過リクエストがキューをスキップするELUレベル（0–1）。 \|
98	+	\| `sampleWindow` \| `1000` \| 再計算とELUサンプリングの間隔（ミリ秒）。 \|
99	+	\| `smoothingFactor` \| `0.2` \| レイテンシー平滑化のEWMA係数（0–1）。高い値 = より反応的。 \|
100	+	\| `queueSize` \| `100` \| バックプレッシャーキューで待機できる最大リクエスト数。満杯の場合、追加のリクエストは即座に503で拒否されます。 \|
101	+	\| `queueTimeout` \| `5000` \| リクエストがキューで待機する最大時間（ミリ秒）。503で拒否されるまでの時間です。ロードバランサーのリクエストタイムアウトより短く設定してください。 \|
102	+
103	+	`backpressure.enabled` と `maxConcurrentRequests` の両方が設定されている場合、静的制限がアダプティブ制限のハードシーリングとして機能します。これにより安全ネットが提供されます：アルゴリズムは `maxConcurrentRequests` まで探索できますが、それを超えることはありません。
104	+
105	+	`### キューの仕組み`
106	+
107	+	`同時実行制限に達したとき、リクエストを即座に拒否するのではなく、リミッターは制限付きのFIFOキューに配置します。処理中のリクエストが完了すると、解放されたスロットは汎用プールに戻るのではなく、次のキュー待ちのリクエストに直接渡されます — 公平な順序を保証します。`
108	+
109	+	`リクエストは以下の場合にキューから削除されます：`
110	+	`- スロットが利用可能になった場合 → リクエストは通常通り処理されます`
111	+	- `queueTimeout` が期限切れになった場合 → リクエストは503で拒否されます
112	+	`- クライアントが切断した場合 → リクエストはサイレントに破棄されます（無駄な作業なし）`
113	+	- ELUが `eluMax` を超えた場合 → リクエストはキューを完全にバイパスし、即座に拒否されます
114	+
115	+	`これにより、短いトラフィックバーストは透過的に吸収されながら、持続的な過負荷時には負荷が適切にシェッドされます。`
116	+
117	+	`> ヒント: デフォルト値で開始し、監視してください。リミッターは統計情報（現在の制限、処理中の数、キュー深度、ELU、平滑化されたレイテンシー）を公開しており、これをオブザーバビリティスタックに送信してワークロードに合わせてパラメーターを調整できます。`
118	+
119	+	`<Link name="health-check">`
120	+	`## ヘルスチェックエンドポイント`
121	+	`</Link>`
122	+
123	+	`プロダクションサーバーは、Kubernetesのlivenessプローブおよびreadinessプローブ用に2つの組み込みエンドポイントを公開しています。これらのエンドポイントはミドルウェアチェーンの最上位に登録されており、最小限のレイテンシーのために他のすべてのミドルウェアをバイパスします。`
124	+
125	+	`\| エンドポイント \| 目的 \| レスポンス \|`
126	+	`\|---\|---\|---\|`
127	+	\| `/__react_server_health__` \| Livenessプローブ \| `200 ok` — プロセスが生存中 \|
128	+	\| `/__react_server_ready__` \| Readinessプローブ \| ワーカースレッドが実行中の場合は`200 ok`、ワーカーが終了している場合は`503 not ready` \|
129	+
130	+	`Kubernetes Podスペックの例：`
131	+
132	+	```yaml
133	+	`livenessProbe:`
134	+	`httpGet:`
135	+	`path: /__react_server_health__`
136	+	`port: 3000`
137	+	`initialDelaySeconds: 5`
138	+	`periodSeconds: 10`
139	+	`readinessProbe:`
140	+	`httpGet:`
141	+	`path: /__react_server_ready__`
142	+	`port: 3000`
143	+	`initialDelaySeconds: 3`
144	+	`periodSeconds: 5`
145	+	```
146	+
147	+	> ヒント: livenessプローブは `/` ではなく `/__react_server_health__` に向けてください。ヘルスエンドポイントはSSRパイプラインに触れることなく即座にレスポンスを返すため、レンダリング高負荷時に誤って失敗することがありません。
148	+
149	+	`<Link name="graceful-shutdown">`
150	+	`## グレースフルシャットダウン`
151	+	`</Link>`
152	+
153	+	サーバーが `SIGTERM` または `SIGINT` を受信した場合：
154	+
155	+	`1. 新しいコネクションの受け入れを停止します`
156	+	`2. 処理中のリクエストは完了が許可されます`
157	+	3. `shutdownTimeout` ミリ秒後にプロセスが強制終了します
158	+
159	+	`[クラスタモード](/ja/features/cluster)では、プライマリプロセスはすべてのワーカーがドレインされるまで待機してから終了します。通常の運用中にワーカーが予期せず終了した場合、サービス全体を停止するのではなく、自動的に再起動されます。`
160	+
161	+	これにより、Kubernetesやその他のコンテナオーケストレーターでのゼロダウンタイムローリングデプロイメントが保証されます。デフォルトの `shutdownTimeout` の25秒は、k8sのデフォルトの `terminationGracePeriodSeconds`（30秒）内に5秒のバッファーを残します。

408	408
409	409		`return <p>Render lock</p>;`
410	410		`}`
411		-	```
	411	+	```
	412	+
	413	+	`<Link name="logger">`
	414	+	`## ロガー`
	415	+	`</Link>`
	416	+
	417	+	`logger` を使用すると、ランタイムの組み込みロガーを使ってメッセージをログに記録できます。`logger` オブジェクトは `info`、`warn`、`error`、`debug` メソッドを提供し、ランタイムのロギングシステムと統合されて、一貫したフォーマットの出力を提供します。
	418	+
	419	+	```jsx
	420	+	`import { logger } from "@lazarv/react-server";`
	421	+
	422	+	`export default function MyComponent() {`
	423	+	`logger.info("Rendering MyComponent");`
	424	+
	425	+	`return <p>Hello World</p>;`
	426	+	`}`
	427	+	```
	428	+
	429	+	`logger` は開発モードではランタイムのVite統合ロガーを自動的に使用してきれいにフォーマットされた出力を提供し、プロダクションでは `console` にフォールバックします。コンテキストを認識するため、`after()` コールバック内で呼び出された場合、ログ出力に `(after)` ラベルが付加され、レスポンス後のログとレンダリングログを区別できます。
	430	+
	431	+	```jsx
	432	+	`import { after, logger } from "@lazarv/react-server";`
	433	+
	434	+	`export default function MyComponent() {`
	435	+	`logger.info("Rendering component");`
	436	+
	437	+	`after(() => {`
	438	+	`logger.info("Response sent"); // 開発モードでは (after) ラベル付きでログ出力`
	439	+	`});`
	440	+
	441	+	`return <p>Hello World</p>;`
	442	+	`}`
	443	+	```
	444	+
	445	+	`利用可能なメソッド：`
	446	+
	447	+	`\| メソッド \| 説明 \|`
	448	+	`\|---\|---\|`
	449	+	\| `logger.info(msg, ...args)` \| 情報メッセージをログに記録 \|
	450	+	\| `logger.warn(msg, ...args)` \| 警告メッセージをログに記録 \|
	451	+	\| `logger.error(msg, ...args)` \| エラーメッセージまたは `Error` オブジェクトをログに記録 \|
	452	+	\| `logger.debug(msg, ...args)` \| デバッグメッセージをログに記録 \|
	453	+
	454	+	> Note: `logger` はサーバー上のどこでも使用できます — コンポーネント、サーバー関数、ミドルウェア、ルートハンドラ、ワーカー、`after()` コールバック内で利用可能です。リクエストコンテキストは必須ではありませんが、利用可能な場合はコンテキスト固有のロガーインスタンスを使用します。
	455	+
	456	+	`<Link name="after">`
	457	+	`## After`
	458	+	`</Link>`
	459	+
	460	+	`after()` を使用すると、レスポンスがクライアントに送信された後に実行されるコールバック関数を登録できます。これは、クリーンアップタスク、ロギング、アナリティクス、またはレスポンスを遅延させるべきではない副作用を実行するのに便利です。
	461	+
	462	+	```jsx
	463	+	`import { after, logger } from "@lazarv/react-server";`
	464	+
	465	+	`export default function MyComponent() {`
	466	+	`after(() => {`
	467	+	`logger.info("Response sent to client.");`
	468	+	`});`
	469	+
	470	+	`return <p>Hello World</p>;`
	471	+	`}`
	472	+	```
	473	+
	474	+	`after()` フックは複数回呼び出して複数のコールバックを登録できます。登録されたすべてのコールバックは、レスポンスストリームが完了した後に `Promise.allSettled` を介して並行して実行されるため、1つのコールバックが失敗しても他のコールバックの実行は妨げられません。リクエストがエラーで失敗した場合、エラーは最初の引数として各コールバックに渡されます：
	475	+
	476	+	```jsx
	477	+	`import { after, logger } from "@lazarv/react-server";`
	478	+
	479	+	`export default function MyComponent() {`
	480	+	`after((error) => {`
	481	+	`if (error) {`
	482	+	`logger.error("Request failed:", error.message);`
	483	+	`} else {`
	484	+	`logger.info("Request completed successfully");`
	485	+	`}`
	486	+	`});`
	487	+
	488	+	`return <p>Hello World</p>;`
	489	+	`}`
	490	+	```
	491	+
	492	+	```jsx
	493	+	`import { after } from "@lazarv/react-server";`
	494	+
	495	+	`export default function MyComponent() {`
	496	+	`after(async () => {`
	497	+	`await saveAnalytics({ page: "/home", timestamp: Date.now() });`
	498	+	`});`
	499	+
	500	+	`after(async () => {`
	501	+	`await cleanupTempFiles();`
	502	+	`});`
	503	+
	504	+	`return <p>Home</p>;`
	505	+	`}`
	506	+	```
	507	+
	508	+	サーバー関数、ミドルウェア、ルートハンドラ、またはリクエストコンテキスト内で実行されるサーバーサイドコードでも `after()` を使用できます：
	509	+
	510	+	```jsx
	511	+	`import { after } from "@lazarv/react-server";`
	512	+
	513	+	`export async function submitForm(formData) {`
	514	+	`"use server";`
	515	+
	516	+	`const data = Object.fromEntries(formData.entries());`
	517	+	`await saveToDatabase(data);`
	518	+
	519	+	`after(async () => {`
	520	+	`await sendNotificationEmail(data.email);`
	521	+	`});`
	522	+	`}`
	523	+	```
	524	+
	525	+	> Note: `after()` フックはリクエスト中にのみ呼び出すことができます。リクエストコンテキスト外（モジュールスコープやスタンドアロンスクリプトなど）で呼び出すとエラーがスローされます。

38	39		`.filter(Boolean)`
39	40		`: null;`
40	41
	42	+	`// --only name1,name2 or --only name1 --only name2`
	43	+	`const onlyFilter = new Set(`
	44	+	`args.reduce((acc, a, i, arr) => {`
	45	+	`if (a === "--only" && arr[i + 1]) acc.push(...arr[i + 1].split(","));`
	46	+	`return acc;`
	47	+	`}, [])`
	48	+	`);`
	49	+
41	50		`function parseCluster() {`
42	51		`const idx = args.findIndex((a) => a.startsWith("--cluster"));`
43	52		`if (idx === -1) return 0;`

179	188		`path: null, // resolved dynamically`
180	189		`desc: "Static file (JS bundle)",`
181	190		`},`
182		-	`{ name: "404-miss", path: "/nonexistent", desc: "404 miss → SSR" },`
	191	+	`{`
	192	+	`name: "404-miss",`
	193	+	`path: "/nonexistent",`
	194	+	`desc: "404 miss → SSR",`
	195	+	`expect: 404,`
	196	+	`},`
183	197		`{`
184	198		`name: "hybrid-min",`
185	199		`path: "/hybrid",`

344	378		return ` ${arrow}${sign}${pct.toFixed(0)}%`;
345	379		`}`
346	380
	381	+	`function fmtErrors(r) {`
	382	+	`return r.unexpectedErrors > 0 ? String(r.unexpectedErrors) : "";`
	383	+	`}`
	384	+
347	385		`if (compareData) {`
348		-	`console.log("\n" + "═".repeat(130));`
	386	+	`console.log("\n" + "═".repeat(140));`
349	387		`console.log(`
350	388		`" " +`
351	389		`"Benchmark".padEnd(16) +`

354	392		`"P50 (ms)".padStart(14) +`
355	393		`"P99 (ms)".padStart(14) +`
356	394		`"Throughput".padStart(12) +`
	395	+	`"Errors".padStart(10) +`
357	396		`" " +`
358	397		`"Description"`
359	398		`);`
360		-	`console.log("─".repeat(130));`
	399	+	`console.log("─".repeat(140));`
361	400		`for (const r of results) {`
362	401		`const base = compareData.get(r.name);`
363	402		`console.log(`

398	439		`String(r.latencyP50).padStart(10) +`
399	440		`String(r.latencyP99).padStart(10) +`
400	441		`${r.throughputMB} MB/s`.padStart(12) +
	442	+	`fmtErrors(r).padStart(10) +`
401	443		`" " +`
402	444		`r.desc`
403	445		`);`
404	446		`}`
405		-	`console.log("═".repeat(110));`
	447	+	`console.log("═".repeat(120));`
406	448		`}`
407	449
408	450		`// ── Save results ─────────────────────────────────────────────────────────────`

93	93		`middlewares(req, res);`
94	94		`});`
95	95
	96	+	`// Apply keep-alive and timeout settings to prevent 502s behind load balancers`
	97	+	`server.keepAliveTimeout = 65_000;`
	98	+	`server.headersTimeout = 66_000;`
	99	+	`server.requestTimeout = 30_000;`
	100	+
	101	+	`// During shutdown, set Connection: close so clients stop reusing keep-alive`
	102	+	`let isShuttingDown = false;`
	103	+	`server.on("request", (_req, res) => {`
	104	+	`if (isShuttingDown && !res.headersSent) {`
	105	+	`res.setHeader("Connection", "close");`
	106	+	`}`
	107	+	`});`
	108	+
96	109		`server.listen(port, host, () => {`
97	110		console.log(`Server listening on http://${host}:${port}`);
98	111		`});`
99	112
100		-	`// Graceful shutdown`
101		-	`function shutdown() {`
	113	+	`// Graceful shutdown — drain connections before exiting`
	114	+	`function shutdown(signal) {`
	115	+	`if (isShuttingDown) return;`
	116	+	`isShuttingDown = true;`
	117	+	console.log(`${signal} received, draining connections...`);
	118	+
	119	+	`// Connections finishing a response after this get a 1ms keep-alive timer`
	120	+	`server.keepAliveTimeout = 1;`
	121	+	`// Destroy connections that are already idle right now`
	122	+	`if (typeof server.closeIdleConnections === "function") {`
	123	+	`server.closeIdleConnections();`
	124	+	`}`
	125	+	`// After a grace period, force-close ALL remaining connections.`
	126	+	`// This handles sockets that Node.js hasn't marked as idle yet`
	127	+	`// (e.g. response flushing, keep-alive state transitions).`
	128	+	`const forceClose = setTimeout(() => {`
	129	+	`if (typeof server.closeAllConnections === "function") {`
	130	+	`server.closeAllConnections();`
	131	+	`}`
	132	+	`}, 1500);`
	133	+	`forceClose.unref?.();`
	134	+
102	135		`server.close(() => process.exit(0));`
103		-	`setTimeout(() => process.exit(1), 5000);`
	136	+	`const forceTimeout = setTimeout(() => process.exit(1), 25_000);`
	137	+	`forceTimeout.unref?.();`
104	138		`}`
105		-	`process.on("SIGTERM", shutdown);`
106		-	`process.on("SIGINT", shutdown);`
	139	+	`process.on("SIGTERM", () => shutdown("SIGTERM"));`
	140	+	`process.on("SIGINT", () => shutdown("SIGINT"));`

199	199		`*/`
200	200		`trustProxy?: boolean;`
201	201
	202	+	`/**`
	203	+	`* Keep-alive timeout in milliseconds. How long the server keeps idle connections`
	204	+	`* open before closing them. Must exceed your load balancer's idle timeout to`
	205	+	`* prevent 502 errors (e.g. AWS ALB defaults to 60s, so use ≥65000).`
	206	+	`* @default 65000`
	207	+	* @example `keepAliveTimeout: 65000`
	208	+	`*/`
	209	+	`keepAliveTimeout?: number;`
	210	+
	211	+	`/**`
	212	+	`* Headers timeout in milliseconds. Maximum time to wait for the client to send`
	213	+	* the full request headers. Must exceed `keepAliveTimeout`.
	214	+	`* @default 66000`
	215	+	* @example `headersTimeout: 66000`
	216	+	`*/`
	217	+	`headersTimeout?: number;`
	218	+
	219	+	`/**`
	220	+	`* Request timeout in milliseconds. Maximum time allowed for the client to send`
	221	+	* the complete request (headers + body). Set to `0` to disable.
	222	+	`* @default 30000`
	223	+	* @example `requestTimeout: 30000`
	224	+	`*/`
	225	+	`requestTimeout?: number;`
	226	+
	227	+	`/**`
	228	+	`* Maximum number of concurrent requests before the server responds with 503.`
	229	+	* Set to `0` to disable admission control.
	230	+	`* @default 0`
	231	+	* @example `maxConcurrentRequests: 100`
	232	+	`*/`
	233	+	`maxConcurrentRequests?: number;`
	234	+
	235	+	`/**`
	236	+	`* Graceful shutdown timeout in milliseconds. After receiving SIGTERM/SIGINT,`
	237	+	`* the server stops accepting new connections and waits up to this duration`
	238	+	`* for in-flight requests to complete before force-exiting.`
	239	+	`* @default 25000`
	240	+	* @example `shutdownTimeout: 25000`
	241	+	`*/`
	242	+	`shutdownTimeout?: number;`
	243	+
	244	+	`/**`
	245	+	`* How often (ms) Node's HTTP server scans for connections that have exceeded`
	246	+	* their `headersTimeout` or `requestTimeout`. Node's default is 30000ms,
	247	+	`* which means slow-loris connections can hold a socket for up to 30s past`
	248	+	`* their configured deadline. We override the default to 5000 so timeouts`
	249	+	`* fire much closer to their configured value. Lower = faster detection,`
	250	+	`* higher = less overhead.`
	251	+	`* @default 5000`
	252	+	* @example `connectionsCheckingInterval: 5000`
	253	+	`*/`
	254	+	`connectionsCheckingInterval?: number;`
	255	+
	256	+	`/**`
	257	+	`* Crash-loop trip wire (cluster mode). The master exits if it observes more`
	258	+	* than this many worker exits within `clusterRespawnWindow` milliseconds —
	259	+	`* preventing a fork-bomb when the worker is failing deterministically.`
	260	+	`* @default numCPUs * 5`
	261	+	* @example `clusterRespawnLimit: 20`
	262	+	`*/`
	263	+	`clusterRespawnLimit?: number;`
	264	+
	265	+	`/**`
	266	+	* Sliding window (ms) used by `clusterRespawnLimit` to detect crash loops.
	267	+	`* @default 60000`
	268	+	* @example `clusterRespawnWindow: 60000`
	269	+	`*/`
	270	+	`clusterRespawnWindow?: number;`
	271	+
	272	+	`/**`
	273	+	`* Adaptive backpressure configuration using Event Loop Utilization (ELU).`
	274	+	`* The server dynamically adjusts its concurrency limit based on event loop`
	275	+	`* saturation using AIMD (Additive Increase, Multiplicative Decrease).`
	276	+	`*`
	277	+	* Node.js-only. Relies on `performance.eventLoopUtilization()` and a
	278	+	`* long-lived event loop, so it does not load on edge runtimes (Cloudflare`
	279	+	`* Workers, Vercel Edge, Deno Deploy) or in serverless invocations`
	280	+	`* (Lambda, Vercel Functions).`
	281	+	`*`
	282	+	`* When enabled, an admission-control middleware is inserted into the request`
	283	+	`* chain (~10μs/request overhead). When disabled, that middleware is omitted`
	284	+	`* entirely — zero per-request cost. The limiter starts wide open and only`
	285	+	`* tightens when the event loop is genuinely saturated (ELU ≥ 0.95).`
	286	+	`*`
	287	+	`* Resolution priority (highest first):`
	288	+	* 1. `REACT_SERVER_BACKPRESSURE` env var (`1`/`true` enables, `0`/`false` disables)
	289	+	* 2. `enabled` flag in this config (explicit boolean)
	290	+	* 3. Cluster mode default — `on` when running under cluster, `off` otherwise
	291	+	`*`
	292	+	* When both `backpressure` and `maxConcurrentRequests` are configured,
	293	+	* `maxConcurrentRequests` acts as the hard ceiling for the adaptive limit.
	294	+	`*`
	295	+	* @example `backpressure: { enabled: true }` to force-enable
	296	+	`*/`
	297	+	`backpressure?: {`
	298	+	`/**`
	299	+	`* Enable adaptive backpressure explicitly. When unset, falls back to the`
	300	+	* cluster-mode default (`on` in cluster, `off` in single-process). Set
	301	+	* to `false` to force-disable. The `REACT_SERVER_BACKPRESSURE` env var
	302	+	`* overrides this flag if both are set.`
	303	+	`* @default cluster ? true : false`
	304	+	`*/`
	305	+	`enabled?: boolean;`
	306	+
	307	+	`/**`
	308	+	* Starting concurrency limit. Defaults to `maxLimit` (start wide open,
	309	+	`* tighten under overload).`
	310	+	`* @default maxLimit`
	311	+	`*/`
	312	+	`initialLimit?: number;`
	313	+
	314	+	`/**`
	315	+	`* Minimum concurrency limit (floor). The adaptive limit never drops below this.`
	316	+	`* @default 1`
	317	+	`*/`
	318	+	`minLimit?: number;`
	319	+
	320	+	`/**`
	321	+	* Maximum concurrency limit (ceiling). Capped by `maxConcurrentRequests` when set.
	322	+	`* @default 1000`
	323	+	`*/`
	324	+	`maxLimit?: number;`
	325	+
	326	+	`/**`
	327	+	`* Event Loop Utilization threshold (0–1). When ELU exceeds this, the limit`
	328	+	`* decreases and excess requests skip the queue.`
	329	+	`* @default 0.95`
	330	+	`*/`
	331	+	`eluMax?: number;`
	332	+
	333	+	`/**`
	334	+	`* Interval (ms) for recalculating the concurrency limit and sampling ELU.`
	335	+	`* @default 1000`
	336	+	`*/`
	337	+	`sampleWindow?: number;`
	338	+
	339	+	`/**`
	340	+	* EWMA smoothing factor for the `smoothedLatency` field in the limiter's
	341	+	`* stats output. Observability-only — does not affect admission decisions.`
	342	+	`* @default 0.2`
	343	+	`*/`
	344	+	`smoothingFactor?: number;`
	345	+
	346	+	`/**`
	347	+	`* Maximum number of requests waiting in the backpressure queue. When the`
	348	+	`* queue is full, additional requests are immediately rejected with 503.`
	349	+	`* @default 100`
	350	+	`*/`
	351	+	`queueSize?: number;`
	352	+
	353	+	`/**`
	354	+	`* Maximum time (ms) a request waits in the queue before being rejected`
	355	+	`* with 503. Should be shorter than your load balancer's request timeout.`
	356	+	`* @default 5000`
	357	+	`*/`
	358	+	`queueTimeout?: number;`
	359	+	`};`
	360	+
202	361		`/**`
203	362		`* Custom response headers for the dev server.`
204	363		* @example `headers: { "X-Custom": "value" }`

90	90		`"server.middlewareMode":`
91	91		`"Create Vite dev server to be used as a middleware in an existing server.",`
92	92		`"server.trustProxy": "Trust the X-Forwarded-* headers from reverse proxies.",`
	93	+	`"server.keepAliveTimeout":`
	94	+	`"Keep-alive timeout in milliseconds. Must exceed your load balancer's idle timeout to prevent 502 errors. Default: 65000.",`
	95	+	`"server.headersTimeout":`
	96	+	`"Headers timeout in milliseconds. Maximum time to wait for the client to send full request headers. Must exceed keepAliveTimeout. Default: 66000.",`
	97	+	`"server.requestTimeout":`
	98	+	`"Request timeout in milliseconds. Maximum time allowed for the client to send the complete request. Set to 0 to disable. Default: 30000.",`
	99	+	`"server.maxConcurrentRequests":`
	100	+	`"Maximum concurrent requests before the server responds with 503. Set to 0 to disable. Default: 0 (disabled).",`
	101	+	`"server.shutdownTimeout":`
	102	+	`"Graceful shutdown timeout in milliseconds. Time to wait for in-flight requests to drain after SIGTERM/SIGINT. Default: 25000.",`
	103	+	`"server.connectionsCheckingInterval":`
	104	+	`"How often (ms) the HTTP server scans for connections that have exceeded their headers/request timeouts. Lower = faster slow-loris detection, higher = less overhead. Node's default is 30000ms which can leave timeouts mostly unenforced; we override to 5000. Default: 5000.",`
	105	+	`"server.clusterRespawnLimit":`
	106	+	"Crash-loop trip wire: max worker exits within `clusterRespawnWindow` before the master gives up and exits. Default: numCPUs * 5.",
	107	+	`"server.clusterRespawnWindow":`
	108	+	"Sliding window (ms) used by `clusterRespawnLimit` to detect crash loops. Default: 60000.",
	109	+	`"server.backpressure":`
	110	+	`"Adaptive backpressure configuration using Event Loop Utilization (ELU). Node.js-only — does not load on edge runtimes or in serverless invocations. When active, dynamically adjusts the concurrency limit based on event loop saturation. Adds an admission-control middleware to the chain (~10μs/request).",`
	111	+	`"server.backpressure.enabled":`
	112	+	`"Enable adaptive backpressure. Defaults: enabled when running in cluster mode, disabled in single-process. Override via env var REACT_SERVER_BACKPRESSURE=1\|0 (env wins over config), or set this flag explicitly.",`
	113	+	`"server.backpressure.initialLimit":`
	114	+	`"Starting concurrency limit. Defaults to maxLimit (start wide open, tighten under overload).",`
	115	+	`"server.backpressure.minLimit":`
	116	+	`"Minimum concurrency limit (floor). The adaptive limit never drops below this. Default: 1.",`
	117	+	`"server.backpressure.maxLimit":`
	118	+	`"Maximum concurrency limit (ceiling). Capped by maxConcurrentRequests when set. Default: 1000.",`
	119	+	`"server.backpressure.eluMax":`
	120	+	`"Event Loop Utilization threshold (0–1). Above this, the limit decreases and excess requests skip the queue. Default: 0.95.",`
	121	+	`"server.backpressure.sampleWindow":`
	122	+	`"Interval (ms) for recalculation and ELU sampling. Default: 1000.",`
	123	+	`"server.backpressure.smoothingFactor":`
	124	+	"EWMA smoothing factor for the `smoothedLatency` field in the limiter's stats output. Observability-only — does not affect admission decisions. Default: 0.2.",
	125	+	`"server.backpressure.queueSize":`
	126	+	`"Maximum requests waiting in the backpressure queue. Beyond this, requests are immediately rejected with 503. Default: 100.",`
	127	+	`"server.backpressure.queueTimeout":`
	128	+	`"Maximum time (ms) a request waits in the queue before being rejected with 503. Default: 5000.",`
93	129		`"server.headers": "Custom response headers for the dev server.",`
94	130		`"server.warmup": "Warm up files to pre-transform on server start.",`
95	131		`"server.preTransformRequests":`

266	266		`'react-server always runs Vite in middleware mode internally. This option cannot be changed. Use the "vite" config key for raw Vite overrides if needed.'`
267	267		`),`
268	268		`trustProxy: optional(is.boolean),`
	269	+	`keepAliveTimeout: optional(is.number),`
	270	+	`headersTimeout: optional(is.number),`
	271	+	`requestTimeout: optional(is.number),`
	272	+	`maxConcurrentRequests: optional(is.number),`
	273	+	`shutdownTimeout: optional(is.number),`
	274	+	`connectionsCheckingInterval: optional(is.number),`
	275	+	`clusterRespawnLimit: optional(is.number),`
	276	+	`clusterRespawnWindow: optional(is.number),`
	277	+	`backpressure: optional(`
	278	+	`objectShape({`
	279	+	`enabled: optional(is.boolean),`
	280	+	`initialLimit: optional(is.number),`
	281	+	`minLimit: optional(is.number),`
	282	+	`maxLimit: optional(is.number),`
	283	+	`eluMax: optional(is.number),`
	284	+	`sampleWindow: optional(is.number),`
	285	+	`smoothingFactor: optional(is.number),`
	286	+	`queueSize: optional(is.number),`
	287	+	`queueTimeout: optional(is.number),`
	288	+	`})`
	289	+	`),`
269	290		`headers: optional(is.object),`
270	291		`warmup: optional(is.object),`
271	292		`preTransformRequests: optional(is.boolean),`

610	631		"server.proxy": `server: { proxy: { "/api": "http://localhost:4000" } }`,
611	632		"server.middlewareMode": `server: { middlewareMode: true }`,
612	633		"server.trustProxy": `server: { trustProxy: true }`,
	634	+	"server.keepAliveTimeout": `server: { keepAliveTimeout: 65000 }`,
	635	+	"server.headersTimeout": `server: { headersTimeout: 66000 }`,
	636	+	"server.requestTimeout": `server: { requestTimeout: 30000 }`,
	637	+	"server.maxConcurrentRequests": `server: { maxConcurrentRequests: 100 }`,
	638	+	"server.shutdownTimeout": `server: { shutdownTimeout: 25000 }`,
	639	+	"server.connectionsCheckingInterval": `server: { connectionsCheckingInterval: 5000 }`,
	640	+	"server.clusterRespawnLimit": `server: { clusterRespawnLimit: 20 }`,
	641	+	"server.clusterRespawnWindow": `server: { clusterRespawnWindow: 60000 }`,
	642	+	"server.backpressure": `server: { backpressure: { enabled: false } }`,
	643	+	"server.backpressure.enabled": `server: { backpressure: { enabled: false } }`,
	644	+	"server.backpressure.initialLimit": `server: { backpressure: { initialLimit: 1000 } }`,
	645	+	"server.backpressure.minLimit": `server: { backpressure: { minLimit: 1 } }`,
	646	+	"server.backpressure.maxLimit": `server: { backpressure: { maxLimit: 1000 } }`,
	647	+	"server.backpressure.eluMax": `server: { backpressure: { eluMax: 0.95 } }`,
	648	+	"server.backpressure.sampleWindow": `server: { backpressure: { sampleWindow: 1000 } }`,
	649	+	"server.backpressure.smoothingFactor": `server: { backpressure: { smoothingFactor: 0.2 } }`,
	650	+	"server.backpressure.queueSize": `server: { backpressure: { queueSize: 100 } }`,
	651	+	"server.backpressure.queueTimeout": `server: { backpressure: { queueTimeout: 5000 } }`,
613	652		"server.headers": `server: { headers: { "X-Custom": "value" } }`,
614	653		"server.warmup": `server: { warmup: { clientFiles: ["./src/main.ts"] } }`,
615	654		"server.preTransformRequests": `server: { preTransformRequests: true }`,

15	16		`:root {`
16	17		`--dt-bg: #ffffff;`
17	18		`--dt-bg-gradient: linear-gradient(to bottom, #ffffff, #e5e7eb);`
18		-	`--dt-fg: #111827; /* gray-900 */`
19		-	`--dt-muted: #4b5563; /* gray-600 */`
20		-	`--dt-dimmed: #9ca3af; /* gray-400 */`
21		-	`--dt-faint: #d1d5db; /* gray-300 */`
22		-	`--dt-border: #e5e7eb; /* gray-200 */`
23		-	`--dt-surface: #f9fafb; /* gray-50 */`
24		-	`--dt-row-border: #f3f4f6; /* gray-100 */`
25		-	`--dt-accent: #6366f1; /* indigo-500 */`
	19	+	`--dt-fg: #111827; /* gray-900 */`
	20	+	`--dt-muted: #4b5563; /* gray-600 */`
	21	+	`--dt-dimmed: #9ca3af; /* gray-400 */`
	22	+	`--dt-faint: #d1d5db; /* gray-300 */`
	23	+	`--dt-border: #e5e7eb; /* gray-200 */`
	24	+	`--dt-surface: #f9fafb; /* gray-50 */`
	25	+	`--dt-row-border: #f3f4f6; /* gray-100 */`
	26	+	`--dt-accent: #6366f1; /* indigo-500 */`
26	27		`--dt-accent-subtle: color-mix(in srgb, #6366f1 12%, transparent);`
27		-	`--dt-warn: #d97706; /* amber-600 */`
28		-	`--dt-link: #4338ca; /* indigo-700 */`
	28	+	`--dt-warn: #d97706; /* amber-600 */`
	29	+	`--dt-link: #4338ca; /* indigo-700 */`
29	30		`--dt-link-underline: color-mix(in srgb, #4338ca 25%, transparent);`
30		-	`--dt-success: #16a34a; /* green-600 */`
	31	+	`--dt-success: #16a34a; /* green-600 */`
31	32		`--dt-toolbar-bg: #f9fafb;`
32	33		`--dt-toolbar-border: #e5e7eb;`
33	34		`--dt-toolbar-fg: #4b5563;`

35	36		`}`
36	37
37	38		`.dark {`
38		-	`--dt-bg: #18181b; /* zinc-900 */`
	39	+	`--dt-bg: #18181b; /* zinc-900 */`
39	40		`--dt-bg-gradient: linear-gradient(to bottom, #27272a, #18181b);`
40		-	`--dt-fg: #d1d5db; /* gray-300 */`
41		-	`--dt-muted: #9ca3af; /* gray-400 */`
42		-	`--dt-dimmed: #71717a; /* zinc-500 */`
43		-	`--dt-faint: #52525b; /* zinc-600 */`
44		-	`--dt-border: #3f3f46; /* zinc-700 */`
45		-	`--dt-surface: #27272a; /* zinc-800 */`
46		-	`--dt-row-border: #27272a; /* zinc-800 */`
47		-	`--dt-accent: #ca8a04; /* yellow-600 */`
	41	+	`--dt-fg: #d1d5db; /* gray-300 */`
	42	+	`--dt-muted: #9ca3af; /* gray-400 */`
	43	+	`--dt-dimmed: #71717a; /* zinc-500 */`
	44	+	`--dt-faint: #52525b; /* zinc-600 */`
	45	+	`--dt-border: #3f3f46; /* zinc-700 */`
	46	+	`--dt-surface: #27272a; /* zinc-800 */`
	47	+	`--dt-row-border: #27272a; /* zinc-800 */`
	48	+	`--dt-accent: #ca8a04; /* yellow-600 */`
48	49		`--dt-accent-subtle: color-mix(in srgb, #ca8a04 12%, transparent);`
49		-	`--dt-warn: #ca8a04; /* yellow-600 */`
50		-	`--dt-link: #a5b4fc; /* indigo-300 */`
	50	+	`--dt-warn: #ca8a04; /* yellow-600 */`
	51	+	`--dt-link: #a5b4fc; /* indigo-300 */`
51	52		`--dt-link-underline: color-mix(in srgb, #a5b4fc 25%, transparent);`
52		-	`--dt-success: #86efac; /* green-300 */`
	53	+	`--dt-success: #86efac; /* green-300 */`
53	54		`--dt-toolbar-bg: #27272a;`
54	55		`--dt-toolbar-border: #3f3f46;`
55	56		`--dt-toolbar-fg: #9ca3af;`

225	229		`flex-shrink: 0;`
226	230		`}`
227	231
228		-	`.dt-tag-indigo { background: #6366f1; }`
229		-	`.dt-tag-violet { background: #8b5cf6; }`
230		-	`.dt-tag-green { background: #22c55e; }`
231		-	`.dt-tag-amber { background: #f59e0b; }`
232		-	`.dt-tag-red { background: #ef4444; }`
233		-	`.dt-tag-cyan { background: #06b6d4; }`
234		-	`.dt-tag-teal { background: #14b8a6; }`
235		-	`.dt-tag-pink { background: #ec4899; }`
236		-	`.dt-tag-orange { background: #f97316; }`
237		-	`.dt-tag-sky { background: #0ea5e9; }`
238		-	`.dt-tag-gray { background: #6b7280; }`
239		-	`.dt-tag-purple { background: #7c3aed; }`
	232	+	`.dt-tag-indigo {`
	233	+	`background: #6366f1;`
	234	+	`}`
	235	+	`.dt-tag-violet {`
	236	+	`background: #8b5cf6;`
	237	+	`}`
	238	+	`.dt-tag-green {`
	239	+	`background: #22c55e;`
	240	+	`}`
	241	+	`.dt-tag-amber {`
	242	+	`background: #f59e0b;`
	243	+	`}`
	244	+	`.dt-tag-red {`
	245	+	`background: #ef4444;`
	246	+	`}`
	247	+	`.dt-tag-cyan {`
	248	+	`background: #06b6d4;`
	249	+	`}`
	250	+	`.dt-tag-teal {`
	251	+	`background: #14b8a6;`
	252	+	`}`
	253	+	`.dt-tag-pink {`
	254	+	`background: #ec4899;`
	255	+	`}`
	256	+	`.dt-tag-orange {`
	257	+	`background: #f97316;`
	258	+	`}`
	259	+	`.dt-tag-sky {`
	260	+	`background: #0ea5e9;`
	261	+	`}`
	262	+	`.dt-tag-gray {`
	263	+	`background: #6b7280;`
	264	+	`}`
	265	+	`.dt-tag-purple {`
	266	+	`background: #7c3aed;`
	267	+	`}`
240	268
241	269		`/* ── Mono text ── */`
242	270		`.dt-mono {`

627	655		`color: var(--dt-dimmed);`
628	656		`cursor: pointer;`
629	657		`text-decoration: none;`
630		-	`transition: color 0.15s, background 0.15s;`
	658	+	`transition:`
	659	+	`color 0.15s,`
	660	+	`background 0.15s;`
631	661		`}`
632	662
633	663		`.dt-remote-action:hover {`

637	667
638	668		`/* ── Card flash animation (used when navigating to an outlet) ── */`
639	669		`@keyframes dt-flash {`
640		-	`0% { box-shadow: 0 0 0 2px var(--dt-accent); }`
641		-	`100% { box-shadow: 0 0 0 2px transparent; }`
	670	+	`0% {`
	671	+	`box-shadow: 0 0 0 2px var(--dt-accent);`
	672	+	`}`
	673	+	`100% {`
	674	+	`box-shadow: 0 0 0 2px transparent;`
	675	+	`}`
642	676		`}`
643	677
644	678		`.dt-card-flash {`

690	724		`font-size: 16px;`
691	725		`cursor: pointer;`
692	726		`opacity: 0;`
693		-	`transition: opacity 0.15s, color 0.15s, background 0.15s;`
	727	+	`transition:`
	728	+	`opacity 0.15s,`
	729	+	`color 0.15s,`
	730	+	`background 0.15s;`
694	731		`}`
695	732
696	733		`.dt-outlet-card:hover .dt-outlet-refresh {`

881	918		`font-weight: 600;`
882	919		`}`
883	920
884		-	`.dt-cache-stat-hit { color: #22c55e; }`
885		-	`.dt-cache-stat-miss { color: #f59e0b; }`
886		-	`.dt-cache-stat-revalidate { color: #6366f1; }`
	921	+	`.dt-cache-stat-hit {`
	922	+	`color: #22c55e;`
	923	+	`}`
	924	+	`.dt-cache-stat-miss {`
	925	+	`color: #f59e0b;`
	926	+	`}`
	927	+	`.dt-cache-stat-revalidate {`
	928	+	`color: #6366f1;`
	929	+	`}`
887	930
888	931		`.dt-cache-filters {`
889	932		`display: flex;`

921	964		`gap: 8px;`
922	965		`padding: 5px 8px;`
923	966		`font-size: 12px;`
924		-	`font-family: ui-monospace, SFMono-Regular, "SF Mono", Menlo, Consolas, monospace;`
	967	+	`font-family:`
	968	+	`ui-monospace, SFMono-Regular, "SF Mono", Menlo, Consolas, monospace;`
925	969		`border-bottom: 1px solid var(--dt-row-border);`
926	970		`}`
927	971

991	1035		`align-items: center;`
992	1036		`justify-content: center;`
993	1037		`opacity: 0;`
994		-	`transition: opacity 0.15s, background 0.15s, color 0.15s;`
	1038	+	`transition:`
	1039	+	`opacity 0.15s,`
	1040	+	`background 0.15s,`
	1041	+	`color 0.15s;`
995	1042		`}`
996	1043
997	1044		`.dt-cache-event:hover .dt-cache-invalidate {`

1180	1227		`color: var(--dt-muted);`
1181	1228		`}`
1182	1229
1183		-	`.dt-worker-stat-server { color: #8b5cf6; }`
1184		-	`.dt-worker-stat-client { color: #0ea5e9; }`
	1230	+	`.dt-worker-stat-server {`
	1231	+	`color: #8b5cf6;`
	1232	+	`}`
	1233	+	`.dt-worker-stat-client {`
	1234	+	`color: #0ea5e9;`
	1235	+	`}`
1185	1236
1186	1237		`.dt-worker-filters {`
1187	1238		`display: flex;`

16	16
17	17		`const cwd = sys.cwd();`
18	18
	19	+	`// Bound the misses cache to prevent unbounded growth from 404 probes`
	20	+	`const MAX_MISSES = 10_000;`
	21	+
	22	+	// Cap how many cold-path `stat()` calls can be in flight at once. libuv has
	23	+	`// only 4 thread-pool workers by default; an unbounded burst of unique paths`
	24	+	`// (e.g. a 404 flood) would queue stats indefinitely and starve every other`
	25	+	`// FS-bound operation in the process — including the renderer's own reads.`
	26	+	`// When this is hit we fall through (returning false) so the request flows`
	27	+	`// down to admission control / SSR rather than blocking on the FS.`
	28	+	`const MAX_PENDING_STATS = 100;`
	29	+
19	30		`export default async function staticHandler(dir, options = {}) {`
20	31		`const files = new Map();`
21	32		`const misses = new Set();`
	33	+	`// In-flight stat() resolutions, keyed by path. Without this, a concurrent`
	34	+	`// burst for the same uncached path would fan out into N stat syscalls`
	35	+	`// (thundering herd). Each entry resolves once and is removed after.`
	36	+	`const pending = new Map();`
22	37
23	38		`const exists = (path) => {`
24	39		`if (files.has(path)) {`

27	42		`if (misses.has(path)) {`
28	43		`return false;`
29	44		`}`
30		-	`try {`
31		-	`const file = statSync(join(cwd, options.cwd ?? ".", path));`
32		-	`if (file.isFile()) {`
33		-	`const uncompressedPath = path.replace(/\.(br\|gz)$/, "");`
34		-	`files.set(path, {`
35		-	`...file,`
36		-	`stats: file,`
37		-	`path: join(options.cwd ?? cwd, path),`
38		-	etag: `W/"${file.size}-${file.mtime.getTime()}"`,
39		-	`mime: /(@[^.]+\.)?(rsc\|remote)\.x-component$/.test(uncompressedPath)`
40		-	`? "text/x-component"`
41		-	`: mime.getType(uncompressedPath) \|\| "application/octet-stream",`
42		-	`});`
43		-	`return true;`
44		-	`}`
45		-	`} catch {`
46		-	`// ignore`
	45	+	`const inflight = pending.get(path);`
	46	+	`if (inflight) return inflight;`
	47	+
	48	+	`// Defensive cap: if we already have too many cold-path stats running,`
	49	+	`// pretend this one missed without statting. The request will fall`
	50	+	`// through to the next handler (and ultimately to admission control,`
	51	+	`// which is the right place to push back from).`
	52	+	`if (pending.size >= MAX_PENDING_STATS) {`
	53	+	`return false;`
47	54		`}`
48		-	`misses.add(path);`
49		-	`return false;`
	55	+
	56	+	`const work = (async () => {`
	57	+	`try {`
	58	+	`const file = await stat(join(cwd, options.cwd ?? ".", path));`
	59	+	`if (file.isFile()) {`
	60	+	`const uncompressedPath = path.replace(/\.(br\|gz)$/, "");`
	61	+	`files.set(path, {`
	62	+	`...file,`
	63	+	`stats: file,`
	64	+	`path: join(options.cwd ?? cwd, path),`
	65	+	etag: `W/"${file.size}-${file.mtime.getTime()}"`,
	66	+	`mime: /(@[^.]+\.)?(rsc\|remote)\.x-component$/.test(uncompressedPath)`
	67	+	`? "text/x-component"`
	68	+	`: mime.getType(uncompressedPath) \|\| "application/octet-stream",`
	69	+	`});`
	70	+	`return true;`
	71	+	`}`
	72	+	`} catch {`
	73	+	`// ignore`
	74	+	`}`
	75	+	`if (misses.size >= MAX_MISSES) {`
	76	+	`misses.clear();`
	77	+	`}`
	78	+	`misses.add(path);`
	79	+	`return false;`
	80	+	`})().finally(() => {`
	81	+	`pending.delete(path);`
	82	+	`});`
	83	+
	84	+	`pending.set(path, work);`
	85	+	`return work;`
50	86		`};`
51	87
52	88		`const fileCache = new Map();`
53	89
	90	+	// `exists()` returns `boolean` synchronously when the path is in the
	91	+	// `files`/`misses` cache, or a `Promise<boolean>` on the cold path.
	92	+	// We unwrap inline at every call site rather than `await exists(...)`
	93	+	// unconditionally — `await` on a plain boolean still costs a microtask,
	94	+	`// and the 404-flood path hits the misses cache 100% of the time after`
	95	+	`// the first request. Eliding ~8 microtasks per 404 closes the small`
	96	+	`// regression we measured against the sync-stat baseline.`
	97	+	`const settled = (r) => (typeof r === "boolean" ? r : null);`
	98	+
54	99		`return async function serveStatic(context) {`
55	100		`if (context.request.method !== "GET") {`
56	101		`return;`

75	122		`}`
76	123
77	124		`let prelude = null;`
78		-	if (exists(`${basename}.postponed.json`)) {
	125	+	r = exists(`${basename}.postponed.json`);
	126	+	`if (settled(r) ?? (await r)) {`
79	127		`prelude = basename;`
80	128		`pathname = basename;`
	129	+	const cacheR = exists(`${basename}.prerender-cache.json`);
	130	+	`const cacheExists = settled(cacheR) ?? (await cacheR);`
81	131		`const [{ default: postponed }, { default: cacheData }] =`
82	132		`await Promise.all([`
83	133		import(pathToFileURL(join(dir, `${basename}.postponed.json`)), {
84	134		`with: { type: "json" },`
85	135		`}),`
86		-	exists(`${basename}.prerender-cache.json`)
	136	+	`cacheExists`
87	137		`? import(`
88	138		pathToFileURL(join(dir, `${basename}.prerender-cache.json`)),
89	139		`{`

99	149		`const isBrotli = acceptEncoding?.includes("br");`
100	150		`const isGzip = acceptEncoding?.includes("gzip");`
101	151
102		-	if (isBrotli && exists(`${basename}.br`)) {
103		-	pathname = `${basename}.br`;
104		-	`contentEncoding = "br";`
105		-	} else if (isGzip && exists(`${basename}.gz`)) {
106		-	pathname = `${basename}.gz`;
107		-	`contentEncoding = "gzip";`
	152	+	`if (isBrotli) {`
	153	+	r = exists(`${basename}.br`);
	154	+	`if (settled(r) ?? (await r)) {`
	155	+	pathname = `${basename}.br`;
	156	+	`contentEncoding = "br";`
	157	+	`} else {`
	158	+	`pathname = basename;`
	159	+	`}`
	160	+	`} else if (isGzip) {`
	161	+	r = exists(`${basename}.gz`);
	162	+	`if (settled(r) ?? (await r)) {`
	163	+	pathname = `${basename}.gz`;
	164	+	`contentEncoding = "gzip";`
	165	+	`} else {`
	166	+	`pathname = basename;`
	167	+	`}`
108	168		`} else {`
109	169		`pathname = basename;`
110	170		`}`
111	171		`}`
112	172
113		-	`if (pathname !== "/" && exists(pathname)) {`
	173	+	`r = pathname !== "/" ? exists(pathname) : false;`
	174	+	`if (pathname !== "/" && (settled(r) ?? (await r))) {`
114	175		`try {`
115	176		`const file = files.get(pathname);`
116	177		`if (context.request.headers.get("if-none-match") === file.etag) {`

223	238
224	239		`try {`
225	240		`const { afterHooks } = ctx;`
226		-	`if (afterHooks) {`
	241	+	`if (afterHooks?.size > 0) {`
227	242		`const logger = getRuntime(LOGGER_CONTEXT);`
228	243		`await ContextStorage.run(`
229	244		`{`