react-servercommita0c7b6386c78

feat: rsc reply (#393)

This PR brings @lazarv/rsc's reply path up to parity with React's post-CVE hardening and completes the wire format on the client → server direction. Two things were missing: our encodeReply/decodeReply only handled synchronous values (plain objects, arrays, typed arrays, maps, sets, files, server refs), and the decoder had no resource ceilings, so a hostile or oversized payload could push the process into unbounded work before any server action ran. Both are addressed here, and the security model is documented so hosts know what the protocol does and doesn't defend against.

On the protocol side, the client encoder now pre-resolves Promises, ReadableStreams, AsyncIterables, and sync Iterators into outlined FormData rows ($@, $r, $b, $x, $X) before the synchronous walker runs, with cycle-safe visit tracking and back-reference reservation so a resolved value containing the same thenable doesn't recurse. The server side is a new reply decoder that matches React's structural defenses: __proto__/constructor/prototype stripped during JSON.parse, reference path walks pinned to Object.prototype/Array.prototype with own-property checks, then functions scrubbed to null, and callables restricted to the server-reference allowlist and temporary-reference proxy — no eval, no new Function on decoded bytes. Errors are redacted to digests in production via an onError hook on the host.

The PR provides seven configurable resource ceilings on top of those structural defenses (maxRows, maxDepth, maxBytes, maxBoundArgs, maxBigIntDigits, maxStringLength, maxStreamChunks), wired through serverFunctions.limits in react-server.config.mjs and surfaced in both schema.d.ts and schema.json. Defaults match React's upstream; breaches throw a tagged DecodeLimitError before the server function runs, so operators get per-limit observability and zero side effects on rejection. The docs commit adds a Security section to the bundler-agnostic RSC serialization page and a new server-function-limits feature page in both English and Japanese, covering the threat model, the always-on structural barriers, the configurable ceilings, and explicitly what remains the host's responsibility (authn/z, CSRF, rate limiting, transport integrity).

Author: Viktor Lázár <lazarv1982@gmail.com>
Date: 2026-04-15T15:22:44+02:00
Commit: a0c7b6386c782f0e6faa490e0d4b20fd4b7a0403
Parent: b7d51adc3071

21 files changed+2547 -68

Mdocs/src/pages/en/(pages)/advanced/bundler-agnostic-rsc-serialization.mdx+77 -0
Adocs/src/pages/en/(pages)/features/server-function-limits.mdx+133 -0
Mdocs/src/pages/en/features.(index).mdx+1 -1
Adocs/src/pages/ja/(pages)/features/server-function-limits.mdx+133 -0
Mdocs/src/pages/ja/features.(index).mdx+1 -1
Mpackages/react-server/config/schema.d.ts+86 -0
Mpackages/react-server/config/schema.json+42 -0
Mpackages/react-server/config/schema.mjs+53 -0
Mpackages/react-server/config/validate.mjs+35 -0
Mpackages/react-server/server/render-rsc.jsx+19 -1
Mpackages/rsc/__tests__/flight-coverage.test.mjs+4 -13
Apackages/rsc/__tests__/flight-reply-security.test.mjs+323 -0
Mpackages/rsc/client/shared.mjs+227 -3
Apackages/rsc/server/reply-decoder.mjs+820 -0
Mpackages/rsc/server/shared.mjs+25 -19
Mpackages/rsc/types.d.ts+30 -0
Atest/__test__/server-function-arg-types.spec.mjs+186 -0
Mtest/__test__/server-function-types.spec.mjs+49 -30
Atest/fixtures/server-function-arg-types-actions.mjs+163 -0
Atest/fixtures/server-function-arg-types-client.jsx+130 -0
Atest/fixtures/server-function-arg-types.jsx+10 -0

Mdocs/src/pages/en/(pages)/advanced/bundler-agnostic-rsc-serialization.mdx+77 -0

Adocs/src/pages/en/(pages)/features/server-function-limits.mdx+133 -0

Mdocs/src/pages/en/features.(index).mdx+1 -1

@@ -10,7 +10,7 @@You can also access the full [HTTP context](/features/http) during server-side r

10	10
11	11		`The runtime also provides tools for you to [cache](/features/caching) data on the server. You can cache data in-memory by default, but you can also build your own cache provider.`
12	12
13		-	`The runtime encrypts all [server function identifiers](/features/server-function-encryption) by default using AES-256-GCM. This prevents clients from discovering or calling server functions that were not explicitly exposed during rendering, keeping your server-side code secure without any extra configuration.`
	13	+	The runtime encrypts all [server function identifiers](/features/server-function-encryption) by default using AES-256-GCM. This prevents clients from discovering or calling server functions that were not explicitly exposed during rendering, keeping your server-side code secure without any extra configuration. Inbound server function payloads are also gated by configurable [decode limits](/features/server-function-limits) that cap memory, depth, and stream sizes before any of your server code runs — protecting against denial-of-service via crafted RSC replies.
14	14
15	15		`For error handling, you can learn about how to use the built-in [error boundary](/features/error-handling) component and how to implement your own error handling strategy.`
16	16

Adocs/src/pages/ja/(pages)/features/server-function-limits.mdx+133 -0

Mdocs/src/pages/ja/features.(index).mdx+1 -1

@@ -10,7 +10,7 @@

10	10
11	11		`さらに、ランタイムはサーバー上でデータを[キャッシュ](/features/caching)するためのツールも提供しています。デフォルトではメモリ内にデータをキャッシュできますが、独自のキャッシュプロバイダーを構築することも可能です。`
12	12
13		-	`ランタイムはデフォルトでAES-256-GCM暗号化を使用して、すべての[サーバー関数識別子](/features/server-function-encryption)を暗号化します。これにより、レンダリング中に明示的に公開されなかったサーバー関数をクライアントが発見したり呼び出したりすることを防ぎ、追加の設定なしでサーバーサイドコードを安全に保ちます。`
	13	+	ランタイムはデフォルトでAES-256-GCM暗号化を使用して、すべての[サーバー関数識別子](/features/server-function-encryption)を暗号化します。これにより、レンダリング中に明示的に公開されなかったサーバー関数をクライアントが発見したり呼び出したりすることを防ぎ、追加の設定なしでサーバーサイドコードを安全に保ちます。受信するサーバ関数ペイロードも、設定可能な[デコード上限](/features/server-function-limits)によってゲートされ、サーバコードが実行される前にメモリ、深度、ストリームサイズを制限します — 細工されたRSCリプライによるDoS攻撃から保護します。
14	14
15	15		`エラー処理については、組み込みの[エラーバウンダリ](/features/error-handling)コンポーネントの使用方法や、独自のエラー処理を実装する方法について学ぶことができます。`
16	16

Mpackages/react-server/config/schema.d.ts+86 -0

@@ -663,6 +729,26 @@export interface ServerFunctionsConfig {

663	729		* @example `previousSecretFiles: ["./old.pem"]`
664	730		`*/`
665	731		`previousSecretFiles?: string[];`
	732	+
	733	+	`/**`
	734	+	`* Resource ceilings for decoding server function payloads.`
	735	+	`*`
	736	+	`* Caps the maximum work the server will do per inbound RSC reply.`
	737	+	`* Defaults match the @lazarv/rsc decoder's built-in safe ceilings,`
	738	+	`* which are aligned with React's upstream limits (CVE-2025-55182`
	739	+	`* and related hardening). Override individual fields to tighten`
	740	+	`* or loosen the limits per deployment.`
	741	+	`*`
	742	+	`* @example`
	743	+	* ```ts
	744	+	`* limits: {`
	745	+	`* maxBytes: 4 * 1024 * 1024, // 4 MiB`
	746	+	`* maxDepth: 32,`
	747	+	`* maxStreamChunks: 1000,`
	748	+	`* }`
	749	+	* ```
	750	+	`*/`
	751	+	`limits?: ServerFunctionDecodeLimits;`
666	752		`}`
667	753
668	754		`// ───── Telemetry config ─────`

Mpackages/react-server/config/schema.json+42 -0

Mpackages/react-server/config/schema.mjs+53 -0

@@ -210,6 +210,22 @@export const DESCRIPTIONS = {

210	210		`"Previously used secrets for key rotation.",`
211	211		`"serverFunctions.previousSecretFiles":`
212	212		`"Previously used secret files for key rotation.",`
	213	+	`"serverFunctions.limits":`
	214	+	`"Resource ceilings for decoding server function payloads (per-request DoS protection).",`
	215	+	`"serverFunctions.limits.maxRows":`
	216	+	`"Maximum number of outlined rows per reply. Default: 10000.",`
	217	+	`"serverFunctions.limits.maxDepth":`
	218	+	`"Maximum recursion depth when materialising a row's value tree. Default: 128.",`
	219	+	`"serverFunctions.limits.maxBytes":`
	220	+	`"Maximum total payload size in bytes (sum of FormData entries). Default: 32 MiB.",`
	221	+	`"serverFunctions.limits.maxBoundArgs":`
	222	+	`"Maximum bound arguments on a server reference. Default: 256 (matches React).",`
	223	+	`"serverFunctions.limits.maxBigIntDigits":`
	224	+	`"Maximum digits in a decoded BigInt literal. Default: 4096 (matches React).",`
	225	+	`"serverFunctions.limits.maxStringLength":`
	226	+	`"Maximum length of a single string row before decoding. Default: 16 MiB.",`
	227	+	`"serverFunctions.limits.maxStreamChunks":`
	228	+	`"Maximum chunks materialised for a decoded stream/iterable. Default: 10000.",`
213	229
214	230		`// virtual routes`
215	231		`routes:`

Mpackages/react-server/config/validate.mjs+35 -0

@@ -653,6 +678,16 @@const EXAMPLES = {

653	678		serverFunctions: `serverFunctions: { secret: "my-secret-key" }`,
654	679		"serverFunctions.secret": `serverFunctions: { secret: "my-secret-key" }`,
655	680		"serverFunctions.secretFile": `serverFunctions: { secretFile: "./secret.pem" }`,
	681	+	"serverFunctions.previousSecrets": `serverFunctions: { previousSecrets: ["old-secret"] }`,
	682	+	"serverFunctions.previousSecretFiles": `serverFunctions: { previousSecretFiles: ["./old.pem"] }`,
	683	+	"serverFunctions.limits": `serverFunctions: { limits: { maxBytes: 4 * 1024 * 1024 } }`,
	684	+	"serverFunctions.limits.maxRows": `serverFunctions: { limits: { maxRows: 10000 } }`,
	685	+	"serverFunctions.limits.maxDepth": `serverFunctions: { limits: { maxDepth: 64 } }`,
	686	+	"serverFunctions.limits.maxBytes": `serverFunctions: { limits: { maxBytes: 4 * 1024 * 1024 } }`,
	687	+	"serverFunctions.limits.maxBoundArgs": `serverFunctions: { limits: { maxBoundArgs: 64 } }`,
	688	+	"serverFunctions.limits.maxBigIntDigits": `serverFunctions: { limits: { maxBigIntDigits: 1024 } }`,
	689	+	"serverFunctions.limits.maxStringLength": `serverFunctions: { limits: { maxStringLength: 1024 * 1024 } }`,
	690	+	"serverFunctions.limits.maxStreamChunks": `serverFunctions: { limits: { maxStreamChunks: 1000 } }`,
656	691		telemetry: `telemetry: { enabled: true, serviceName: "my-app" }`,
657	692		"telemetry.enabled": `telemetry: { enabled: true }`,
658	693		"telemetry.serviceName": `telemetry: { serviceName: "my-app" }`,

Mpackages/react-server/server/render-rsc.jsx+19 -1

Mpackages/rsc/__tests__/flight-coverage.test.mjs+4 -13

@@ -1370,21 +1370,12 @@describe("Client Shared Module - Additional Coverage", () => {

1370	1370		`const encoded = await encodeReply(data);`
1371	1371		`expect(encoded).toBeInstanceOf(FormData);`
1372	1372
1373		-	`// The Blob is stored as a direct FormData part. The server's`
1374		-	`// decodeReply resolves the root JSON and the Blob is accessible`
1375		-	`// through the FormData body at its path key.`
	1373	+	`// The Blob is stored as a direct FormData part under its path key,`
	1374	+	// and `$K<path>` resolves back to the original Blob on decode.
1376	1375		`const decoded = await decodeReply(encoded);`
1377	1376		`expect(decoded.info).toBe("test");`
1378		-	`// The Blob reference ("$K...") round-trips through FormData;`
1379		-	`// the server-side $K handler extracts matching prefix entries.`
1380		-	`// For a single Blob, the decoded value is a FormData (not Blob)`
1381		-	`// since the $K handler is designed for FormData round-tripping.`
1382		-	`// Verify the Blob is accessible from the raw encoded FormData.`
1383		-	`const blobKey = [...encoded.keys()].find((k) => k !== "0");`
1384		-	`expect(blobKey).toBeDefined();`
1385		-	`const rawBlob = encoded.get(blobKey);`
1386		-	`expect(rawBlob).toBeInstanceOf(Blob);`
1387		-	`expect(await rawBlob.text()).toBe("hello");`
	1377	+	`expect(decoded.file).toBeInstanceOf(Blob);`
	1378	+	`expect(await decoded.file.text()).toBe("hello");`
1388	1379		`});`
1389	1380		`});`
1390	1381

Apackages/rsc/__tests__/flight-reply-security.test.mjs+323 -0

@@ -0,0 +1,323 @@

Mpackages/rsc/client/shared.mjs+227 -3

@@ -2949,12 +2949,21 @@export function createFromFetch(promiseForResponse, options = {}) {

2949	2949		`* @returns {Promise<string \| FormData>} The encoded value`
2950	2950		`*/`
2951	2951		`export async function encodeReply(value, options = {}) {`
2952		-	`// Shared context for FormData part allocation (server refs, files)`
	2952	+	`// Shared context for FormData part allocation (server refs, files,`
	2953	+	`// outlined Promise / stream / iterable rows).`
2953	2954		`const ctx = { formData: null, nextPartId: 1, writtenObjects: new WeakMap() };`
	2955	+
	2956	+	`// Resolve any async values in the tree BEFORE the synchronous serializer`
	2957	+	`// runs. Each Promise / ReadableStream / AsyncIterable / Iterator is drained`
	2958	+	`// to a concrete payload, outlined as its own FormData part, and tagged in`
	2959	+	`// ctx.writtenObjects so the sync walker emits a short reference string`
	2960	+	`// ($@<hex>, $r<hex>, $b<hex>, $x<hex>, $X<hex>) in place of the value.`
	2961	+	`await preResolveAsyncValues(value, ctx, new WeakSet());`
	2962	+
2954	2963		`const serialized = serializeForReply(value, options, "0", new WeakSet(), ctx);`
2955	2964
2956		-	`// If any FormData parts were created (server refs, nested FormData) or`
2957		-	`// files exist, return FormData.`
	2965	+	`// If any FormData parts were created (server refs, nested FormData,`
	2966	+	`// async outlined rows) or files exist, return FormData.`
2958	2967		`if (ctx.formData !== null \|\| hasFileOrBlob(value)) {`
2959	2968		`if (ctx.formData === null) ctx.formData = new FormData();`
2960	2969		`ctx.formData.set("0", JSON.stringify(serialized));`

@@ -2967,6 +2976,207 @@export async function encodeReply(value, options = {}) {

Apackages/rsc/server/reply-decoder.mjs+820 -0

@@ -0,0 +1,820 @@

801	+	`path: "0",`
802	+	`});`
803	+	`const root = getChunk(response, 0);`
804	+	`initializeModelChunk(response, root);`
805	+	`if (root.status === REJECTED) throw root.reason;`
806	+	`return root.value;`
807	+	`}`
808	+
809	+	`/**`
810	+	`* High-level entry point.`
811	+	`*/`
812	+	`export async function decodeReply(body, options = {}) {`
813	+	`if (typeof body === "string") {`
814	+	`return decodeReplyFromString(body, options);`
815	+	`}`
816	+	`if (body instanceof FormData) {`
817	+	`return decodeReplyFromFormData(body, options);`
818	+	`}`
819	+	`throw new DecodeError("Invalid body type for decodeReply");`
820	+	`}`

Mpackages/rsc/server/shared.mjs+25 -19

@@ -8,6 +8,15 @@

8	8		`* API-compatible with react-server-dom-webpack.`
9	9		`*/`
10	10
	11	+	`// Stateful reply decoder with post-CVE-2025-55182 security barriers:`
	12	+	`// prototype / own-property / forbidden-key filtering during path walks,`
	13	+	`// plus support for outlined rows and new capabilities (Promise, streams,`
	14	+	`// async iterables, iterators). See ./reply-decoder.mjs for details.`
	15	+	`import {`
	16	+	`decodeReplyFromString as _decodeReplyFromString,`
	17	+	`decodeReplyFromFormData as _decodeReplyFromFormData,`
	18	+	`} from "./reply-decoder.mjs";`
	19	+
11	20		`// React Flight Protocol constants`
12	21		`const REACT_ELEMENT_TYPE = Symbol.for("react.element");`
13	22		`const REACT_TRANSITIONAL_ELEMENT_TYPE = Symbol.for(`

@@ -3092,11 +3097,12 @@export async function decodeReplyFromAsyncIterable(iterable, options = {}) {

3092	3097		`return parseMultipartFormData(body, options);`
3093	3098		`}`
3094	3099
3095		-	`// Try to parse as JSON`
	3100	+	`// Try to parse as JSON through the stateful reply decoder (applies the`
	3101	+	`// same security barriers as decodeReply). If parsing fails, return the`
	3102	+	`// raw string as-is — some callers stream plain text bodies.`
3096	3103		`try {`
3097		-	`return deserializeValue(JSON.parse(body), options, "0");`
	3104	+	`return _decodeReplyFromString(body, options);`
3098	3105		`} catch {`
3099		-	`// Return as-is if not JSON`
3100	3106		`return body;`
3101	3107		`}`
3102	3108		`}`

Mpackages/rsc/types.d.ts+30 -0

@@ -153,6 +153,30 @@export interface CreateFromReadableStreamOptions {

153	153		`typeRegistry?: Record<string, new (buffer: ArrayBuffer) => ArrayBufferView>;`
154	154		`}`
155	155
	156	+	`/**`
	157	+	`* Resource ceilings enforced by the reply decoder.`
	158	+	`*`
	159	+	`* Each limit is independent. Omit a field to use the built-in default.`
	160	+	`* When a request exceeds a limit, the decoder throws a DecodeLimitError`
	161	+	`* before any server action is invoked.`
	162	+	`*/`
	163	+	`export interface DecodeReplyLimits {`
	164	+	`/** Maximum number of outlined rows per reply. Default: 10000. */`
	165	+	`maxRows?: number;`
	166	+	`/** Maximum recursion depth when materialising a row's value tree. Default: 128. */`
	167	+	`maxDepth?: number;`
	168	+	`/** Maximum total payload size in bytes (sum of FormData entries). Default: 32 MiB. */`
	169	+	`maxBytes?: number;`
	170	+	`/** Maximum bound arguments on a server reference. Default: 256. */`
	171	+	`maxBoundArgs?: number;`
	172	+	`/** Maximum digits in a decoded BigInt literal. Default: 4096. */`
	173	+	`maxBigIntDigits?: number;`
	174	+	`/** Maximum length of a single string row before decoding. Default: 16 MiB. */`
	175	+	`maxStringLength?: number;`
	176	+	`/** Maximum chunks materialised for a decoded stream/iterable. Default: 10000. */`
	177	+	`maxStreamChunks?: number;`
	178	+	`}`
	179	+
156	180		`/**`
157	181		`* Options for decodeReply`
158	182		`*/`

Atest/__test__/server-function-arg-types.spec.mjs+186 -0

Mtest/__test__/server-function-types.spec.mjs+49 -30

@@ -1,13 +1,7 @@

1		-	`import {`
2		-	`hostname,`
3		-	`logs,`
4		-	`page,`
5		-	`server,`
6		-	`serverLogs,`
7		-	`waitForChange,`
8		-	`waitForHydration,`
9		-	`} from "playground/utils";`
10		-	`import { expect, test } from "vitest";`
	1	+	`import * as setup from "playground/utils";`
	2	+	`import { beforeAll, beforeEach, expect, test } from "vitest";`
	3	+
	4	+	`const { waitForChange, waitForHydration } = setup;`
11	5
12	6		`const instanceOf = (type) => async (page) => {`
13	7		`await page.waitForFunction(`

Atest/fixtures/server-function-arg-types-actions.mjs+163 -0

Atest/fixtures/server-function-arg-types-client.jsx+130 -0

Atest/fixtures/server-function-arg-types.jsx+10 -0

@@ -0,0 +1,10 @@

1	+	`import ServerFunctionArgTypesClient from "./server-function-arg-types-client.jsx";`
2	+
3	+	`export default function ServerFunctionArgTypes() {`
4	+	`return (`
5	+	`<>`
6	+	`<h1>server-function arg types</h1>`
7	+	`<ServerFunctionArgTypesClient />`
8	+	`</>`
9	+	`);`
10	+	`}`

Atest/__test__/server-function-arg-types.spec.mjs+186 -0

@@ -0,0 +1,186 @@

1	+	`/**`
2	+	`* Integration test: client → server argument encoding for every data type`
3	+	`* that @lazarv/rsc's encodeReply/decodeReply supports.`
4	+	`*`
5	+	`* For each case we:`
6	+	`* 1. Click a button that constructs a specific client-side value and`
7	+	* calls the `echoArg` server function with it as the sole argument.
8	+	`* 2. Wait for the server function to complete and for the client to store`
9	+	* the returned descriptor on `window.__react_server_result__`.
10	+	`* 3. Assert that the descriptor matches what the server should have seen`
11	+	`* after decoding the argument.`
12	+	`*`
13	+	`* This exercises the full react-server stack:`
14	+	`* encodeReply (client) → HTTP POST (FormData) → decodeReply (server)`
15	+	`*`
16	+	`* Security regressions in the decoder (CVE-2025-55182 class issues) would`
17	+	`* either throw or corrupt the decoded arg; in either case the descriptor`
18	+	`* would no longer match, so these tests double as a smoke test for the`
19	+	`* decoder hardening.`
20	+	`*/`
21	+	`import * as setup from "playground/utils";`
22	+	`import { beforeAll, expect, test } from "vitest";`
23	+
24	+	`/**`
25	+	`* Each case: [buttonName, expectedDescriptor].`
26	+	`*`
27	+	`* expectedDescriptor may be a plain object (deep-equal match) or a function`
28	+	`* that takes the descriptor and performs custom assertions — used where the`
29	+	`* server round-trip yields a shape that isn't cleanly described by a literal`
30	+	`* (e.g. file mtime or blob type quirks).`
31	+	`*/`
32	+	`const cases = [`
33	+	`["arg-string", { kind: "string", value: "hello" }],`
34	+	`["arg-number", { kind: "number", value: 42 }],`
35	+	`["arg-nan", { kind: "NaN" }],`
36	+	`["arg-infinity", { kind: "Infinity" }],`
37	+	`["arg-neg-infinity", { kind: "-Infinity" }],`
38	+	`["arg-bigint", { kind: "bigint", value: "9007199254740993" }],`
39	+	`["arg-boolean", { kind: "boolean", value: true }],`
40	+	`["arg-null", { kind: "null" }],`
41	+	`["arg-undefined", { kind: "undefined" }],`
42	+	`["arg-symbol", { kind: "symbol", key: "rsc.test" }],`
43	+	`["arg-date", { kind: "Date", iso: "2024-01-02T03:04:05.000Z" }],`
44	+	`["arg-regexp", { kind: "RegExp", source: "abc", flags: "gi" }],`
45	+	`["arg-url", { kind: "URL", href: "https://example.test/path?x=1" }],`
46	+	`[`
47	+	`"arg-url-search-params",`
48	+	`{ kind: "URLSearchParams", string: "a=1&b=two&a=3" },`
49	+	`],`
50	+	`[`
51	+	`"arg-map",`
52	+	`{`
53	+	`kind: "Map",`
54	+	`entries: [`
55	+	`["k1", "v1"],`
56	+	`["k2", 2],`
57	+	`],`
58	+	`},`
59	+	`],`
60	+	`["arg-set", { kind: "Set", values: ["a", "b", "c"] }],`
61	+	`[`
62	+	`"arg-array-buffer",`
63	+	`{ kind: "ArrayBuffer", byteLength: 4, bytes: [1, 2, 3, 4] },`
64	+	`],`
65	+	`[`
66	+	`"arg-uint8array",`
67	+	`{ kind: "Uint8Array", byteLength: 3, values: [10, 20, 30] },`
68	+	`],`
69	+	`[`
70	+	`"arg-blob",`
71	+	`(d) => {`
72	+	`// HTTP multipart parsers on the server typically normalize incoming`
73	+	`// Blob parts into File objects — there's no wire distinction between`
74	+	`// an originally-nameless Blob and a File. Accept either.`
75	+	`expect(["Blob", "File"]).toContain(d.kind);`
76	+	`expect(d.text).toBe("hello-blob");`
77	+	`expect(d.type).toMatch(/text\/plain/);`
78	+	`},`
79	+	`],`
80	+	`[`
81	+	`"arg-file",`
82	+	`(d) => {`
83	+	`// File may downgrade to Blob in older runtimes, so accept either.`
84	+	`expect(["File", "Blob"]).toContain(d.kind);`
85	+	`expect(d.text).toBe("hello-file");`
86	+	`expect(d.type).toMatch(/text\/plain/);`
87	+	`if (d.kind === "File") {`
88	+	`expect(d.name).toBe("hello.txt");`
89	+	`}`
90	+	`},`
91	+	`],`
92	+	`[`
93	+	`"arg-formdata",`
94	+	`(d) => {`
95	+	`expect(d.kind).toBe("FormData");`
96	+	`const asMap = new Map();`
97	+	`for (const [k, v] of d.entries) {`
98	+	`if (!asMap.has(k)) asMap.set(k, []);`
99	+	`asMap.get(k).push(v);`
100	+	`}`
101	+	`expect(asMap.get("name")).toEqual(["alice"]);`
102	+	`expect(asMap.get("age")).toEqual(["30"]);`
103	+	`// bio is a Blob entry — descriptor replaces it with a Blob summary.`
104	+	`const bio = asMap.get("bio")?.[0];`
105	+	`expect(bio).toBeDefined();`
106	+	`expect(bio.kind).toBe("Blob");`
107	+	`},`
108	+	`],`
109	+	`["arg-promise", { kind: "Promise", resolved: { ok: 1, who: "alice" } }],`
110	+	`[`
111	+	`"arg-readable-stream",`
112	+	`{ kind: "ReadableStream", chunks: ["chunk-a", "chunk-b"] },`
113	+	`],`
114	+	`[`
115	+	`"arg-async-iterable",`
116	+	`{ kind: "AsyncIterable", chunks: ["async-0", "async-1", "async-2"] },`
117	+	`],`
118	+	`[`
119	+	`"arg-iterator",`
120	+	`(d) => {`
121	+	`// Iterator may be decoded as AsyncIterable on the server (generators`
122	+	`// are compatible with both protocols post-serialization). Accept`
123	+	`// either, as long as the items round-trip.`
124	+	`expect(["Iterator", "AsyncIterable"]).toContain(d.kind);`
125	+	`expect(d.chunks).toEqual(["sync-0", "sync-1"]);`
126	+	`},`
127	+	`],`
128	+	`["arg-array", { kind: "Array", length: 3, value: [1, "two", true] }],`
129	+	`[`
130	+	`"arg-nested-object",`
131	+	`(d) => {`
132	+	`expect(d.kind).toBe("object");`
133	+	`expect(d.value.name).toBe("root");`
134	+	`expect(d.value.nested).toEqual({ n: 1 });`
135	+	`expect(d.value.list).toEqual([{ i: 0 }, { i: 1 }]);`
136	+	`},`
137	+	`],`
138	+	`[`
139	+	`"arg-shared-ref",`
140	+	`(d) => {`
141	+	`expect(d.kind).toBe("object");`
142	+	`// The encoder does not outline shared references into separate rows;`
143	+	`// the first visit is serialized inline, subsequent visits fall back`
144	+	`// to a temp-ref proxy (or undefined without a temp-ref set). All we`
145	+	// can assert is that `a` is reconstructed with its content.
146	+	`expect(d.value.a).toEqual({ shared: true });`
147	+	`},`
148	+	`],`
149	+	`];`
150	+
151	+	`async function readResult() {`
152	+	`await setup.page.waitForFunction(`
153	+	`() => window.__react_server_result__ !== undefined,`
154	+	`null,`
155	+	`{ timeout: 15000 }`
156	+	`);`
157	+	`return setup.page.evaluate(() => window.__react_server_result__);`
158	+	`}`
159	+
160	+	`// Single server boot for the whole spec — every test targets the same fixture`
161	+	`// and only differs in which button it clicks, so there's no need to pay the`
162	+	`// ~5s Vite dev-server startup cost per case.`
163	+	`beforeAll(async () => {`
164	+	`await setup.server("fixtures/server-function-arg-types.jsx");`
165	+	`await setup.page.goto(setup.hostname);`
166	+	`await setup.waitForHydration();`
167	+	`});`
168	+
169	+	`for (const [name, expected] of cases) {`
170	+	test(`server function arg type: ${name}`, async () => {
171	+	`await setup.page.evaluate(() => {`
172	+	`window.__react_server_result__ = undefined;`
173	+	`});`
174	+
175	+	`const button = setup.page.getByTestId(name);`
176	+	`await button.click();`
177	+
178	+	`const result = await readResult();`
179	+
180	+	`if (typeof expected === "function") {`
181	+	`expected(result);`
182	+	`} else {`
183	+	`expect(result).toEqual(expected);`
184	+	`}`
185	+	`});`
186	+	`}`

639	639
640	640		Each retry restores the `thenableState` from the previous attempt, ensuring that `use()` calls before the suspension point return their cached values. This matches React's per-task retry semantics.
641	641
	642	+	`<Link name="security">`
	643	+	`## Security`
	644	+	`</Link>`
	645	+
	646	+	Flight payloads cross a trust boundary — and in both directions. The server-to-client stream carries rendered UI and data from a trusted origin to an untrusted environment; the client-to-server reply carries arbitrary attacker-controlled bytes back into the server process to dispatch a server action. The second direction is the more dangerous one: a flawed decoder becomes a remote code execution surface. `@lazarv/rsc` therefore ships a dedicated, hardened reply decoder that matches the security barriers React added after CVE-2025-55182, with additional defenses layered on top.
	647	+
	648	+	`The threat model assumes:`
	649	+
	650	+	`1. the client is hostile`
	651	+	`2. the transport is untrusted`
	652	+	`3. server references must only execute functions the host has explicitly registered`
	653	+	`4. every decode must terminate in bounded time and memory`
	654	+
	655	+	`### Prototype Pollution Barriers`
	656	+
	657	+	JSON parsing of an attacker-controlled payload is the classic prototype-pollution vector: a key of `__proto__` becomes an own property that mutates `Object.prototype` when assigned to a fresh object. The decoder blocks this in two independent places:
	658	+
	659	+	1. Reviver-side stripping. `JSON.parse` runs with a reviver that returns `undefined` for any key in `FORBIDDEN_KEYS = { __proto__, constructor, prototype }`. These keys are removed before they become own properties of the parsed tree.
	660	+	2. Path-walk enforcement. Back-references of the form `$<hex>:<key>:<key>` that walk into a previously decoded chunk must satisfy four invariants at every step:
	661	+
	662	+	```javascript
	663	+	`if (current === null \|\|`
	664	+	`typeof current !== "object" \|\|`
	665	+	`(Object.getPrototypeOf(current) !== ObjectPrototype &&`
	666	+	`Object.getPrototypeOf(current) !== ArrayPrototype) \|\|`
	667	+	`!hasOwn.call(current, key) \|\|`
	668	+	`FORBIDDEN_KEYS.has(key)) {`
	669	+	`throw new DecodeError("Invalid reference.");`
	670	+	`}`
	671	+	```
	672	+
	673	+	The prototype pin blocks walks into non-plain objects — a forged path cannot reach `Map.prototype.get` or `Function.prototype.call`. The own-property check blocks `.constructor`, `.then`, `.map`, and any other inherited name. The forbidden-key set is defense-in-depth in case a forbidden key survives the reviver.
	674	+
	675	+	`### Thenable Scrubbing`
	676	+
	677	+	Duck-typed thenables are a subtle escalation path: any object with a callable `then` method will be awaited as a Promise by downstream code, handing the attacker a synchronous callback on the server. The decoder scrubs every `then` property whose value is a function, replacing it with `null` during the walk phase. Non-function `then` values (strings, objects, numbers) are preserved — they are data, not a capability.
	678	+
	679	+	`### Callable Allowlist`
	680	+
	681	+	`No code path in the decoder constructs a callable from decoded bytes. Concretely:`
	682	+
	683	+	- No `eval`, no `new Function`, no dynamic `import()` on decoded data. The only `new Function` call in the entire package is the client-side `RegExp` deserializer (`new Function("return " + regexStr)`), which parses a regex literal emitted by a trusted server — never by a client.
	684	+	- Server references are allowlist-gated. A `$h<id>` tag resolves exclusively through `moduleLoader.loadServerAction(id)`, which the host implements. The host is responsible for ensuring that only functions explicitly registered via `"use server"` are reachable; the decoder never invents function identities from strings.
	685	+	- Temporary references are opaque proxies. A `$T<path>` tag resolves to an entry in a request-scoped `temporaryReferences` map that throws on any access other than the registered one. Temporary references are scoped to the request that created them — a reply cannot reach a temporary reference from a different request.
	686	+
	687	+	`The attacker's reach through a Flight reply is therefore bounded by the set of functions the host has chosen to register. The decoder cannot be tricked into widening that set.`
	688	+
	689	+	`### Resource Ceilings`
	690	+
	691	+	`A decoder that runs in bounded memory and bounded time is a denial-of-service-resistant decoder. Every reply decode is gated by seven explicit ceilings:`
	692	+
	693	+	```javascript
	694	+	`export const DEFAULT_LIMITS = Object.freeze({`
	695	+	`maxRows: 10_000,`
	696	+	`maxDepth: 128,`
	697	+	`maxBytes: 32 * 1024 * 1024,`
	698	+	`maxBoundArgs: 256, // matches React`
	699	+	`maxBigIntDigits: 4096, // matches React`
	700	+	`maxStringLength: 16 * 1024 * 1024,`
	701	+	`maxStreamChunks: 10_000,`
	702	+	`});`
	703	+	```
	704	+
	705	+	Any limit breach throws a `DecodeLimitError` tagged with the specific limit name and the observed value, making attacks observable in logs. Hosts override these per-request to match their threat model — stricter on public endpoints, relaxed on authenticated internal services. The `server-function-limits` feature in `@lazarv/react-server` surfaces this configuration to application code.
	706	+
	707	+	`### Error Redaction`
	708	+
	709	+	Serialized errors cross the network as `E` rows of the form `{"message":"...","stack":"...","digest":"..."}`. Sending raw server error messages and stacks to a hostile client leaks file paths, library versions, schema fragments, and occasionally secrets embedded in query strings. `@lazarv/rsc` matches React's convention: in production, only `digest` is transmitted. The host registers an `onError` callback that receives the full `Error` server-side — for logging, tracing, and ticket correlation — and returns an opaque digest that the client uses solely for error-boundary matching. The full error never leaves the server process.
	710	+
	711	+	`### What the Package Does Not Defend Against`
	712	+
	713	+	`The following are deliberately out of scope for the serializer and must be enforced by the host:`
	714	+
	715	+	`- Authentication and authorization on server references. Registration is capability-based: any registered function is callable by any client that can reach the Flight reply endpoint. CSRF protection, origin checks, session validation, and per-action authorization are the host's responsibility — typically implemented as middleware around the reply endpoint.`
	716	+	- Transport-level integrity of bound arguments. The decoder does not sign or encrypt payloads. Bound-argument encryption is provided as a separate feature in `@lazarv/react-server` (see [Server Function Encryption](../features/server-function-encryption)) and operates at the framework layer above the protocol.
	717	+	`- Request-rate limiting. Resource ceilings bound a single decode; they do not bound request volume. Hosts should rate-limit the reply endpoint like any other action endpoint.`
	718	+
642	719		`<Link name="benchmarks">`
643	720		`## Benchmark Results`
644	721		`</Link>`

639	639
640	640		`// ───── Server functions config ─────`
641	641
	642	+	`/**`
	643	+	`* Resource ceilings applied when decoding a client → server RSC reply`
	644	+	`* (server function arguments).`
	645	+	`*`
	646	+	`* These limits are enforced inside the reply decoder before any server`
	647	+	`* function runs. They cap the cost of payload deserialization and protect`
	648	+	`* the server from denial-of-service vectors that exploit the rich`
	649	+	`* RSC reply wire format (deep nesting, huge BigInts, oversized streams,`
	650	+	`* unbounded bound-argument lists, etc.).`
	651	+	`*`
	652	+	`* Each limit is independent. A zero or negative value is treated as the`
	653	+	`* default. Setting a value larger than the default loosens the ceiling;`
	654	+	`* setting a smaller value tightens it.`
	655	+	`*`
	656	+	`* When a request exceeds any limit, the decoder throws a`
	657	+	* `DecodeLimitError` and the request is rejected before the server
	658	+	`* function is invoked.`
	659	+	`*/`
	660	+	`export interface ServerFunctionDecodeLimits {`
	661	+	`/**`
	662	+	`* Maximum number of outlined rows (chunks) per reply.`
	663	+	`* @default 10000`
	664	+	`*/`
	665	+	`maxRows?: number;`
	666	+
	667	+	`/**`
	668	+	`* Maximum recursion depth when materialising a row's value tree.`
	669	+	`* Protects against stack-exhaustion via deeply nested arrays/objects.`
	670	+	`* @default 128`
	671	+	`*/`
	672	+	`maxDepth?: number;`
	673	+
	674	+	`/**`
	675	+	`* Maximum total payload size in bytes (sum of FormData entry sizes).`
	676	+	`* @default 33554432 (32 MiB)`
	677	+	`*/`
	678	+	`maxBytes?: number;`
	679	+
	680	+	`/**`
	681	+	`* Maximum number of bound arguments on a server reference.`
	682	+	`* Matches React's upstream default.`
	683	+	`* @default 256`
	684	+	`*/`
	685	+	`maxBoundArgs?: number;`
	686	+
	687	+	`/**`
	688	+	`* Maximum number of digits in a decoded BigInt literal.`
	689	+	`* Matches React's upstream default.`
	690	+	`* @default 4096`
	691	+	`*/`
	692	+	`maxBigIntDigits?: number;`
	693	+
	694	+	`/**`
	695	+	`* Maximum length of a single string row before decoding.`
	696	+	`* @default 16777216 (16 MiB)`
	697	+	`*/`
	698	+	`maxStringLength?: number;`
	699	+
	700	+	`/**`
	701	+	`* Maximum number of chunks materialised for a single decoded`
	702	+	* `ReadableStream`, `AsyncIterable`, or `Iterator`.
	703	+	`* @default 10000`
	704	+	`*/`
	705	+	`maxStreamChunks?: number;`
	706	+	`}`
	707	+
642	708		`export interface ServerFunctionsConfig {`
643	709		`/**`
644	710		`* Secret key for signing server function calls.`

1080	1080		`"type": "string"`
1081	1081		`},`
1082	1082		`"description": "Previously used secret files for key rotation."`
	1083	+	`},`
	1084	+	`"limits": {`
	1085	+	`"type": "object",`
	1086	+	`"properties": {`
	1087	+	`"maxRows": {`
	1088	+	`"type": "integer",`
	1089	+	`"minimum": 0,`
	1090	+	`"description": "Maximum number of outlined rows per reply. Default: 10000."`
	1091	+	`},`
	1092	+	`"maxDepth": {`
	1093	+	`"type": "integer",`
	1094	+	`"minimum": 0,`
	1095	+	`"description": "Maximum recursion depth when materialising a row's value tree. Default: 128."`
	1096	+	`},`
	1097	+	`"maxBytes": {`
	1098	+	`"type": "integer",`
	1099	+	`"minimum": 0,`
	1100	+	`"description": "Maximum total payload size in bytes (sum of FormData entries). Default: 32 MiB."`
	1101	+	`},`
	1102	+	`"maxBoundArgs": {`
	1103	+	`"type": "integer",`
	1104	+	`"minimum": 0,`
	1105	+	`"description": "Maximum bound arguments on a server reference. Default: 256 (matches React)."`
	1106	+	`},`
	1107	+	`"maxBigIntDigits": {`
	1108	+	`"type": "integer",`
	1109	+	`"minimum": 0,`
	1110	+	`"description": "Maximum digits in a decoded BigInt literal. Default: 4096 (matches React)."`
	1111	+	`},`
	1112	+	`"maxStringLength": {`
	1113	+	`"type": "integer",`
	1114	+	`"minimum": 0,`
	1115	+	`"description": "Maximum length of a single string row before decoding. Default: 16 MiB."`
	1116	+	`},`
	1117	+	`"maxStreamChunks": {`
	1118	+	`"type": "integer",`
	1119	+	`"minimum": 0,`
	1120	+	`"description": "Maximum chunks materialised for a decoded stream/iterable. Default: 10000."`
	1121	+	`}`
	1122	+	`},`
	1123	+	`"additionalProperties": false,`
	1124	+	`"description": "Resource ceilings for decoding server function payloads (per-request DoS protection)."`
1083	1125		`}`
1084	1126		`},`
1085	1127		`"additionalProperties": false,`

882	898		`{ type: "array", items: { type: "string" } },`
883	899		`"serverFunctions.previousSecretFiles"`
884	900		`),`
	901	+	`limits: prop(`
	902	+	`{`
	903	+	`type: "object",`
	904	+	`properties: {`
	905	+	`maxRows: prop(`
	906	+	`{ type: "integer", minimum: 0 },`
	907	+	`"serverFunctions.limits.maxRows"`
	908	+	`),`
	909	+	`maxDepth: prop(`
	910	+	`{ type: "integer", minimum: 0 },`
	911	+	`"serverFunctions.limits.maxDepth"`
	912	+	`),`
	913	+	`maxBytes: prop(`
	914	+	`{ type: "integer", minimum: 0 },`
	915	+	`"serverFunctions.limits.maxBytes"`
	916	+	`),`
	917	+	`maxBoundArgs: prop(`
	918	+	`{ type: "integer", minimum: 0 },`
	919	+	`"serverFunctions.limits.maxBoundArgs"`
	920	+	`),`
	921	+	`maxBigIntDigits: prop(`
	922	+	`{ type: "integer", minimum: 0 },`
	923	+	`"serverFunctions.limits.maxBigIntDigits"`
	924	+	`),`
	925	+	`maxStringLength: prop(`
	926	+	`{ type: "integer", minimum: 0 },`
	927	+	`"serverFunctions.limits.maxStringLength"`
	928	+	`),`
	929	+	`maxStreamChunks: prop(`
	930	+	`{ type: "integer", minimum: 0 },`
	931	+	`"serverFunctions.limits.maxStreamChunks"`
	932	+	`),`
	933	+	`},`
	934	+	`additionalProperties: false,`
	935	+	`},`
	936	+	`"serverFunctions.limits"`
	937	+	`),`
885	938		`},`
886	939		`additionalProperties: false,`
887	940		`},`

446	446		`secretFile: optional(is.string),`
447	447		`previousSecrets: optional(arrayOf(is.string)),`
448	448		`previousSecretFiles: optional(arrayOf(is.string)),`
	449	+	`limits: optional(`
	450	+	`objectShape({`
	451	+	`maxRows: optional(`
	452	+	`custom((v) => Number.isInteger(v) && v >= 0, "non-negative integer")`
	453	+	`),`
	454	+	`maxDepth: optional(`
	455	+	`custom((v) => Number.isInteger(v) && v >= 0, "non-negative integer")`
	456	+	`),`
	457	+	`maxBytes: optional(`
	458	+	`custom((v) => Number.isInteger(v) && v >= 0, "non-negative integer")`
	459	+	`),`
	460	+	`maxBoundArgs: optional(`
	461	+	`custom((v) => Number.isInteger(v) && v >= 0, "non-negative integer")`
	462	+	`),`
	463	+	`maxBigIntDigits: optional(`
	464	+	`custom((v) => Number.isInteger(v) && v >= 0, "non-negative integer")`
	465	+	`),`
	466	+	`maxStringLength: optional(`
	467	+	`custom((v) => Number.isInteger(v) && v >= 0, "non-negative integer")`
	468	+	`),`
	469	+	`maxStreamChunks: optional(`
	470	+	`custom((v) => Number.isInteger(v) && v >= 0, "non-negative integer")`
	471	+	`),`
	472	+	`})`
	473	+	`),`
449	474		`})`
450	475		`),`
451	476

1	+	`---`
2	+	`title: Server function limits`
3	+	`category: Features`
4	+	`order: 4`
5	+	`---`
6	+
7	+	`import Link from "../../../../components/Link.jsx";`
8	+
9	+	`# Server function limits`
10	+
11	+	`@lazarv/react-server` enforces resource ceilings on every inbound RSC reply (server function call) before any of your server function code runs. These limits cap the cost of payload deserialization and protect the server from denial-of-service vectors that exploit the rich RSC reply wire format — deeply nested values, oversized strings, huge BigInts, unbounded streams, and so on.
12	+
13	+	`The defaults are aligned with React's upstream limits introduced in the post-CVE hardening (CVE-2025-55182 and related). For most applications you will never need to touch them. They become relevant when you either need to tighten the ceilings for high-risk public endpoints, or loosen them to allow legitimately large server function payloads (file uploads, batched mutations, large bound argument arrays).`
14	+
15	+	`<Link name="how-it-works">`
16	+	`## How it works`
17	+	`</Link>`
18	+
19	+	The reply decoder runs as the very first step of handling any server function invocation. It parses the wire payload (a JSON string or a `multipart/form-data` `FormData`), enforces the limits below, and only then dispatches the call to the resolved server function.
20	+
21	+	If a request exceeds any limit, the decoder throws a `DecodeLimitError` that is propagated back to the client through the standard server function error path. Your server function code is never invoked. The error includes the name of the limit that was exceeded and the observed value, which makes operational triage straightforward.
22	+
23	+	`Because the limits are enforced inside the decoder, they cover both:`
24	+
25	+	- Form submissions (progressive enhancement, `<form action={…}>`, `useActionState`)
26	+	`- JS-driven server function calls (server functions imported into client components, server functions passed as props)`
27	+
28	+	`<Link name="default-limits">`
29	+	`## Default limits`
30	+	`</Link>`
31	+
32	+	`\| Limit \| Default \| What it caps \|`
33	+	`\| ------------------ \| ------------ \| ------------------------------------------------------------------------- \|`
34	+	\| `maxRows` \| `10000` \| Number of outlined rows (chunks) per reply \|
35	+	\| `maxDepth` \| `128` \| Recursion depth when materialising a row's value tree \|
36	+	\| `maxBytes` \| `32 MiB` \| Total payload size (sum of `FormData` entry sizes) \|
37	+	\| `maxBoundArgs` \| `256` \| Bound arguments on a server reference (matches React) \|
38	+	\| `maxBigIntDigits` \| `4096` \| Digits in a decoded `BigInt` literal (matches React) \|
39	+	\| `maxStringLength` \| `16 MiB` \| Length of a single string row before decoding \|
40	+	\| `maxStreamChunks` \| `10000` \| Chunks materialised for a decoded `ReadableStream`, `AsyncIterable`, or `Iterator` \|
41	+
42	+	`Each limit is independent — overriding one does not reset the others to their defaults.`
43	+
44	+	`<Link name="configuration">`
45	+	`## Configuration`
46	+	`</Link>`
47	+
48	+	Set limits under `serverFunctions.limits` in your `react-server.config.mjs`:
49	+
50	+	```mjs filename="react-server.config.mjs"
51	+	`export default {`
52	+	`serverFunctions: {`
53	+	`limits: {`
54	+	`// Tight ceilings suitable for a public mutation endpoint:`
55	+	`maxBytes: 1 * 1024 * 1024, // 1 MiB`
56	+	`maxDepth: 32,`
57	+	`maxBoundArgs: 16,`
58	+	`maxStreamChunks: 1000,`
59	+	`},`
60	+	`},`
61	+	`};`
62	+	```
63	+
64	+	`Any field you omit keeps its default value, so you only need to specify the ceilings you want to override.`
65	+
66	+	`<Link name="example-tight">`
67	+	`### Tightening the limits`
68	+	`</Link>`
69	+
70	+	`For a public-facing app that does not need large payloads, drop the byte ceiling and depth substantially:`
71	+
72	+	```mjs filename="react-server.config.mjs"
73	+	`export default {`
74	+	`serverFunctions: {`
75	+	`limits: {`
76	+	`maxBytes: 256 * 1024, // 256 KiB`
77	+	`maxStringLength: 64 * 1024,`
78	+	`maxRows: 1000,`
79	+	`maxDepth: 32,`
80	+	`},`
81	+	`},`
82	+	`};`
83	+	```
84	+
85	+	`<Link name="example-loose">`
86	+	`### Loosening the limits`
87	+	`</Link>`
88	+
89	+	`For an internal tool that legitimately uploads large files or streams:`
90	+
91	+	```mjs filename="react-server.config.mjs"
92	+	`export default {`
93	+	`serverFunctions: {`
94	+	`limits: {`
95	+	`maxBytes: 256 * 1024 * 1024, // 256 MiB`
96	+	`maxStreamChunks: 100_000,`
97	+	`},`
98	+	`},`
99	+	`};`
100	+	```
101	+
102	+	`> Loosening limits trades safety for capacity. Combine with rate limiting, authentication, and request-size limits at your reverse proxy layer when raising ceilings on internet-facing endpoints.`
103	+
104	+	`<Link name="security-model">`
105	+	`## Security model`
106	+	`</Link>`
107	+
108	+	`The limits work in concert with the decoder's structural defences (which are always on and not configurable):`
109	+
110	+	- Prototype-pollution defence — `__proto__`, `constructor`, and `prototype` keys are stripped during JSON parsing, before they can become own properties on a decoded object.
111	+	- Path-walk barriers — outlined row references (`$<hex>:key:key`) only walk through plain `Object.prototype` / `Array.prototype` values via own-property lookups. This blocks attackers from chaining through `.constructor`, `.then`, or other gadgets.
112	+	- Thenable scrubbing — any `then` key whose value is a function is replaced with `null` so a hostile payload cannot smuggle in a callable thenable that would be duck-typed by downstream `Promise` code.
113	+	- Capability-bound callables — function values can only originate from the server reference allowlist (`$h`) or the opaque temporary-reference proxy (`$T`). The decoder never invokes `eval`, `new Function`, or `import()` on user data.
114	+
115	+	`The configurable limits in this document add a separate, resource-bounding layer on top of those structural defences. Together they ensure that an attacker cannot:`
116	+
117	+	`1. Pollute prototypes or reach forbidden property paths via crafted references.`
118	+	`2. Smuggle callables into your server function arguments.`
119	+	`3. Force your server to perform unbounded work (CPU, memory, or stack) just by sending a malformed reply.`
120	+
121	+	`<Link name="error-handling">`
122	+	`## Error handling`
123	+	`</Link>`
124	+
125	+	When a limit is exceeded the decoder throws a `DecodeLimitError`. Like other server function errors, it is surfaced to the client through the RSC error path. You can catch and present it via your error boundary, or inspect it inside a custom HTTP middleware to log, alert, or block the offending caller.
126	+
127	+	`The error carries:`
128	+
129	+	- `code: "DECODE_LIMIT"`
130	+	- `limit` — the name of the exceeded limit (for example, `"maxBytes"`)
131	+	- `observed` — the observed value that triggered the rejection
132	+
133	+	`Because rejection happens before any server function runs, exceeding a limit has zero side effects beyond the rejected request itself.`

1	+	`---`
2	+	`title: サーバ関数の上限`
3	+	`category: Features`
4	+	`order: 4`
5	+	`---`
6	+
7	+	`import Link from "../../../../components/Link.jsx";`
8	+
9	+	`# サーバ関数の上限`
10	+
11	+	`@lazarv/react-server`は、すべての受信RSCリプライ（サーバ関数呼び出し）に対して、サーバ関数のコードが実行される前にリソース上限を強制します。これらの上限はペイロードのデシリアライズコストを制限し、深くネストされた値、巨大な文字列、巨大なBigInt、無制限のストリームなど、リッチなRSCリプライワイヤフォーマットを悪用するDoS攻撃からサーバを保護します。
12	+
13	+	デフォルト値は、CVE後の強化（CVE-2025-55182および関連する強化）でReact本体に導入された上限と整合しています。多くのアプリケーションでは変更する必要はありません。これらの設定は、リスクの高い公開エンドポイントで上限をより厳しくしたい場合や、正当に大きなサーバ関数ペイロード（ファイルアップロード、バッチ更新、大きなバインド引数配列など）を許可するために緩める必要がある場合に役立ちます。
14	+
15	+	`<Link name="how-it-works">`
16	+	`## 仕組み`
17	+	`</Link>`
18	+
19	+	リプライデコーダはサーバ関数呼び出しを処理する最初のステップとして実行されます。ワイヤペイロード（JSON文字列または`multipart/form-data`の`FormData`）を解析し、以下の上限を強制してから、解決済みのサーバ関数に呼び出しをディスパッチします。
20	+
21	+	リクエストがいずれかの上限を超えると、デコーダは`DecodeLimitError`をスローし、標準のサーバ関数エラーパスを通じてクライアントに伝播されます。サーバ関数のコードは呼び出されません。エラーには超過した上限の名前と観測値が含まれており、運用上のトリアージが容易になります。
22	+
23	+	`上限はデコーダ内で強制されるため、以下の両方をカバーします：`
24	+
25	+	- フォーム送信（プログレッシブエンハンスメント、`<form action={…}>`、`useActionState`）
26	+	`- JS駆動のサーバ関数呼び出し（クライアントコンポーネントにインポートされたサーバ関数、プロップとして渡されたサーバ関数）`
27	+
28	+	`<Link name="default-limits">`
29	+	`## デフォルトの上限`
30	+	`</Link>`
31	+
32	+	`\| 上限 \| デフォルト \| 制限内容 \|`
33	+	`\| ----------------- \| ---------- \| ----------------------------------------------------------------------- \|`
34	+	\| `maxRows` \| `10000` \| リプライあたりのアウトライン行（チャンク）数 \|
35	+	\| `maxDepth` \| `128` \| 行の値ツリーをマテリアライズする際の再帰深度 \|
36	+	\| `maxBytes` \| `32 MiB` \| 合計ペイロードサイズ（`FormData`エントリのサイズ合計） \|
37	+	\| `maxBoundArgs` \| `256` \| サーバリファレンスのバインド引数の数（Reactと同じ） \|
38	+	\| `maxBigIntDigits` \| `4096` \| デコードされた`BigInt`リテラルの桁数（Reactと同じ） \|
39	+	\| `maxStringLength` \| `16 MiB` \| デコード前の単一文字列行の長さ \|
40	+	\| `maxStreamChunks` \| `10000` \| デコードされた`ReadableStream`、`AsyncIterable`、`Iterator`のチャンク数 \|
41	+
42	+	`各上限は独立しています。1つを上書きしても、他の上限がデフォルトにリセットされることはありません。`
43	+
44	+	`<Link name="configuration">`
45	+	`## 設定`
46	+	`</Link>`
47	+
48	+	`react-server.config.mjs`の`serverFunctions.limits`配下で上限を設定します：
49	+
50	+	```mjs filename="react-server.config.mjs"
51	+	`export default {`
52	+	`serverFunctions: {`
53	+	`limits: {`
54	+	`// 公開された変更系エンドポイントに適した厳しい上限：`
55	+	`maxBytes: 1 * 1024 * 1024, // 1 MiB`
56	+	`maxDepth: 32,`
57	+	`maxBoundArgs: 16,`
58	+	`maxStreamChunks: 1000,`
59	+	`},`
60	+	`},`
61	+	`};`
62	+	```
63	+
64	+	`省略したフィールドはデフォルト値が保持されるため、上書きしたい上限のみを指定すれば十分です。`
65	+
66	+	`<Link name="example-tight">`
67	+	`### 上限を厳しくする`
68	+	`</Link>`
69	+
70	+	`大きなペイロードを必要としない公開アプリでは、バイト上限と深度を大幅に下げます：`
71	+
72	+	```mjs filename="react-server.config.mjs"
73	+	`export default {`
74	+	`serverFunctions: {`
75	+	`limits: {`
76	+	`maxBytes: 256 * 1024, // 256 KiB`
77	+	`maxStringLength: 64 * 1024,`
78	+	`maxRows: 1000,`
79	+	`maxDepth: 32,`
80	+	`},`
81	+	`},`
82	+	`};`
83	+	```
84	+
85	+	`<Link name="example-loose">`
86	+	`### 上限を緩める`
87	+	`</Link>`
88	+
89	+	`大きなファイルやストリームを正当にアップロードする内部ツールの場合：`
90	+
91	+	```mjs filename="react-server.config.mjs"
92	+	`export default {`
93	+	`serverFunctions: {`
94	+	`limits: {`
95	+	`maxBytes: 256 * 1024 * 1024, // 256 MiB`
96	+	`maxStreamChunks: 100_000,`
97	+	`},`
98	+	`},`
99	+	`};`
100	+	```
101	+
102	+	`> 上限を緩めることは、安全性を容量と引き換えにすることを意味します。インターネットに公開されているエンドポイントで上限を引き上げる場合は、リバースプロキシ層でのレート制限、認証、リクエストサイズ制限と組み合わせてください。`
103	+
104	+	`<Link name="security-model">`
105	+	`## セキュリティモデル`
106	+	`</Link>`
107	+
108	+	`これらの上限は、デコーダの構造的防御（常に有効で設定不可）と連携して機能します：`
109	+
110	+	- プロトタイプ汚染対策 — `__proto__`、`constructor`、`prototype`キーは、デコードされたオブジェクトの自身のプロパティになる前に、JSON解析中に除去されます。
111	+	- パスウォークのバリア — アウトラインされた行参照（`$<hex>:key:key`）は、自身のプロパティ参照を介して、プレーンな`Object.prototype` / `Array.prototype`の値のみを通過します。これにより、攻撃者が`.constructor`、`.then`などのガジェットを連鎖させることを防ぎます。
112	+	- Thenableのスクラブ — 値が関数である`then`キーは`null`に置き換えられ、敵対的なペイロードが下流の`Promise`コードによってダックタイプされる呼び出し可能なthenableを密輸できないようにします。
113	+	- 能力に紐付いた呼び出し可能オブジェクト — 関数値は、サーバリファレンスの許可リスト（`$h`）または不透明な一時参照プロキシ（`$T`）からのみ生成できます。デコーダはユーザーデータに対して`eval`、`new Function`、`import()`を呼び出すことはありません。
114	+
115	+	`このドキュメントで設定可能な上限は、これらの構造的防御に加えて、別のリソース制限層を追加します。両者により、攻撃者は次のことができないことが保証されます：`
116	+
117	+	`1. 細工されたリファレンスを介してプロトタイプを汚染したり、禁止されたプロパティパスに到達したりすること。`
118	+	`2. サーバ関数の引数に呼び出し可能オブジェクトを密輸すること。`
119	+	`3. 不正なリプライを送信するだけで、サーバに無制限の作業（CPU、メモリ、スタック）を強制すること。`
120	+
121	+	`<Link name="error-handling">`
122	+	`## エラーハンドリング`
123	+	`</Link>`
124	+
125	+	上限を超えると、デコーダは`DecodeLimitError`をスローします。他のサーバ関数エラーと同様に、RSCのエラーパスを通じてクライアントに伝達されます。エラーバウンダリでキャッチして表示することも、カスタムHTTPミドルウェア内で検査してログ記録、アラート、または攻撃元のブロックを行うこともできます。
126	+
127	+	`エラーには以下が含まれます：`
128	+
129	+	- `code: "DECODE_LIMIT"`
130	+	- `limit` — 超過した上限の名前（例：`"maxBytes"`）
131	+	- `observed` — 拒否を引き起こした観測値
132	+
133	+	`サーバ関数が実行される前に拒否されるため、上限を超えても拒否されたリクエスト自体以外には副作用がありません。`

90	90		`// @lazarv/rsc's decodeReply(body, opts).`
91	91		`// The webpack API passes the serverReferenceMap as the 2nd arg; the rsc API`
92	92		`// expects options as the 2nd arg. We detect and skip the manifest Proxy.`
	93	+	`//`
	94	+	`// Also injects server function decode limits from the runtime config:`
	95	+	`//`
	96	+	`// serverFunctions: {`
	97	+	`// limits: { maxBytes, maxDepth, maxRows, ... }`
	98	+	`// }`
	99	+	`//`
	100	+	`// Caller-supplied limits win over the configured defaults so call sites can`
	101	+	`// loosen ceilings on a per-call basis if they need to.`
93	102		`function decodeReply(body, _manifestOrOpts, opts) {`
94	103		`const isManifest =`
95	104		`_manifestOrOpts &&`
96	105		`typeof _manifestOrOpts === "object" &&`
97	106		`!_manifestOrOpts.temporaryReferences &&`
98		-	`!_manifestOrOpts.moduleLoader;`
	107	+	`!_manifestOrOpts.moduleLoader &&`
	108	+	`!_manifestOrOpts.limits;`
99	109		`const realOpts = isManifest ? opts : _manifestOrOpts;`
	110	+	`const config = getContext(CONFIG_CONTEXT)?.[CONFIG_ROOT];`
	111	+	`const configLimits = config?.serverFunctions?.limits;`
	112	+	`if (configLimits) {`
	113	+	`return _decodeReply(body, {`
	114	+	`...realOpts,`
	115	+	`limits: { ...configLimits, ...realOpts?.limits },`
	116	+	`});`
	117	+	`}`
100	118		`return _decodeReply(body, realOpts);`
101	119		`}`
102	120

2996	3206		`return "$undefined";`
2997	3207		`}`
2998	3208
	3209	+	`// If this value was pre-resolved as an async outlined row (Promise,`
	3210	+	`// ReadableStream, AsyncIterable, Iterator), emit the short reference`
	3211	+	`// string recorded during pre-resolution. Covers primitives too because`
	3212	+	`// WeakMap.get on a non-object returns undefined — no accidental hits.`
	3213	+	`if (`
	3214	+	`(typeof value === "object" \|\| typeof value === "function") &&`
	3215	+	`value !== null`
	3216	+	`) {`
	3217	+	`const preResolved = ctx.writtenObjects.get(value);`
	3218	+	`if (typeof preResolved === "string" && preResolved.length > 0) {`
	3219	+	`return preResolved;`
	3220	+	`}`
	3221	+	`}`
	3222	+
2999	3223		`if (typeof value === "boolean" \|\| typeof value === "number") {`
3000	3224		`if (Number.isNaN(value)) return "$NaN";`
3001	3225		`if (value === Infinity) return "$Infinity";`

2395	2404		`* @returns {Promise<unknown>} The decoded value`
2396	2405		`*/`
2397	2406		`export async function decodeReply(body, options = {}) {`
	2407	+	`// Delegate to the stateful reply decoder. The new decoder:`
	2408	+	`// - resolves row references ($<hex>[:key:key]) with React's post-CVE`
	2409	+	`// security barriers (prototype check, own-property check, forbidden-`
	2410	+	`// key filter) so attacker-supplied property paths cannot reach`
	2411	+	`// Function/constructor gadgets;`
	2412	+	`// - filters __proto__ / constructor / prototype keys via JSON reviver`
	2413	+	`// before they become own properties (prototype-pollution safe);`
	2414	+	`// - supports the full legacy @lazarv/rsc tag set unchanged;`
	2415	+	`// - adds Promise ($@), ReadableStream ($r / $b), AsyncIterable ($x),`
	2416	+	`// and Iterator ($X) decoding for round-trips with richer client args.`
2398	2417		`if (typeof body === "string") {`
2399		-	`// JSON body (no server references — plain values only)`
2400		-	`return deserializeValue(JSON.parse(body), options, "0");`
	2418	+	`return _decodeReplyFromString(body, options);`
2401	2419		`}`
2402		-
2403	2420		`if (body instanceof FormData) {`
2404		-	`// FormData body — root value is at key "0" (matching React's format)`
2405		-	`const rootPayload = body.get("0");`
2406		-	`if (rootPayload && typeof rootPayload === "string") {`
2407		-	`return deserializeValue(`
2408		-	`JSON.parse(rootPayload),`
2409		-	`{ ...options, body },`
2410		-	`"0"`
2411		-	`);`
2412		-	`}`
2413		-
2414		-	`// Otherwise return the FormData itself`
2415		-	`return body;`
	2421	+	`return _decodeReplyFromFormData(body, options);`
2416	2422		`}`
2417		-
2418	2423		`throw new Error("Invalid body type for decodeReply");`
2419	2424		`}`
2420	2425

166	190		`* Temporary references`
167	191		`*/`
168	192		`temporaryReferences?: Map<string, unknown>;`
	193	+
	194	+	`/**`
	195	+	`* Resource ceilings applied to the decoded payload.`
	196	+	`* Defaults match the decoder's built-in safe ceilings.`
	197	+	`*/`
	198	+	`limits?: DecodeReplyLimits;`
169	199		`}`
170	200
171	201		`/**`

62	56		`expect(`
63	57		`await page.evaluate(() => window.__react_server_result__.constructor.name)`
64	58		`).toBe("ReadableStream");`
65		-	`await waitForChange(null, () => logs.find((log) => log.includes("done")));`
66		-	`expect(logs).toEqual(`
	59	+	`await waitForChange(null, () =>`
	60	+	`setup.logs.find((log) => log.includes("done"))`
	61	+	`);`
	62	+	`expect(setup.logs).toEqual(`
67	63		`expect.arrayContaining(["hello 0", "hello 1", "hello 2", "done"])`
68	64		`);`
69	65		`},`

76	72		`() => window.__react_server_result__[Symbol.asyncIterator].name`
77	73		`)`
78	74		`).toBe("asyncIterator");`
79		-	`await waitForChange(null, () => logs.find((log) => log.includes("done")));`
80		-	`expect(logs).toEqual(`
	75	+	`await waitForChange(null, () =>`
	76	+	`setup.logs.find((log) => log.includes("done"))`
	77	+	`);`
	78	+	`expect(setup.logs).toEqual(`
81	79		`expect.arrayContaining(["hello 0", "hello 1", "hello 2", "done"])`
82	80		`);`
83	81		`},`
84	82		`};`
85	83
86		-	`const createTest = (type) =>`
87		-	test(`server function type ${type}`, async () => {
88		-	`await server("fixtures/server-function-types.jsx");`
89		-	`await page.goto(hostname);`
90		-	`await waitForHydration();`
91		-	`const button = page.getByRole("button", { name: type, exact: true });`
92		-	`await waitForChange(`
93		-	`() => button.click(),`
94		-	`() => serverLogs.find((log) => log.includes(type))`
95		-	`);`
96		-	`expect(serverLogs.find((log) => log.includes(type))).toBeDefined();`
97		-	`await validator[type](page);`
98		-	`});`
99		-
100		-	`[`
	84	+	`const types = [`
101	85		`"form-data-action",`
102	86		`"array-buffer-action",`
103	87		`"buffer-action",`

110	94		`"reload-action",`
111	95		`"stream-action",`
112	96		`"iterator-action",`
113		-	`].forEach(createTest);`
	97	+	`];`
	98	+
	99	+	`// Single server boot for the whole spec — every test targets the same fixture`
	100	+	`// and only differs in which button it clicks. The previous per-test boot cost`
	101	+	`// ~5s per case × 12 cases ≈ a full minute of pure Vite cold-start overhead.`
	102	+	`beforeAll(async () => {`
	103	+	`await setup.server("fixtures/server-function-types.jsx");`
	104	+	`});`
	105	+
	106	+	`// Each test gets a fresh navigation + a fresh log buffer. Navigation is needed`
	107	+	// because `redirect-action` leaves the page on `/some-other-page`, and even
	108	+	// tests that don't navigate need the `window.__react_server_result__` sentinel
	109	+	// cleared. The log arrays are the ones `server()` assigned during boot — we
	110	+	// mutate them in place (length = 0) so consumers reading `setup.logs` still
	111	+	`// see the same live reference.`
	112	+	`beforeEach(async () => {`
	113	+	`await setup.page.goto(setup.hostname);`
	114	+	`await waitForHydration();`
	115	+	`await setup.page.evaluate(() => {`
	116	+	`window.__react_server_result__ = undefined;`
	117	+	`});`
	118	+	`setup.logs.length = 0;`
	119	+	`setup.serverLogs.length = 0;`
	120	+	`});`
	121	+
	122	+	`for (const type of types) {`
	123	+	test(`server function type ${type}`, async () => {
	124	+	`const button = setup.page.getByRole("button", { name: type, exact: true });`
	125	+	`await waitForChange(`
	126	+	`() => button.click(),`
	127	+	`() => setup.serverLogs.find((log) => log.includes(type))`
	128	+	`);`
	129	+	`expect(setup.serverLogs.find((log) => log.includes(type))).toBeDefined();`
	130	+	`await validator[type](setup.page);`
	131	+	`});`
	132	+	`}`

1	+	`"use server";`
2	+
3	+	`/**`
4	+	`* echoArg — inspects a client-supplied argument and returns a JSON-safe`
5	+	`* descriptor describing what the server decoded.`
6	+	`*`
7	+	* Used by the `server-function-arg-types` integration test to verify that
8	+	`* every data type the @lazarv/rsc encodeReply client path can serialize is`
9	+	`* correctly reconstructed by the server-side decodeReply path.`
10	+	`*`
11	+	* Return shape is always `{ kind: string, ...details }` — the spec asserts
12	+	`* on these descriptors instead of on the raw value (which we can't safely`
13	+	* round-trip through `window.__react_server_result__` for binary/stream types).
14	+	`*/`
15	+	`export async function echoArg(arg) {`
16	+	`if (arg === undefined) return { kind: "undefined" };`
17	+	`if (arg === null) return { kind: "null" };`
18	+
19	+	`if (typeof arg === "bigint") return { kind: "bigint", value: String(arg) };`
20	+
21	+	`if (typeof arg === "number") {`
22	+	`if (Number.isNaN(arg)) return { kind: "NaN" };`
23	+	`if (arg === Infinity) return { kind: "Infinity" };`
24	+	`if (arg === -Infinity) return { kind: "-Infinity" };`
25	+	`return { kind: "number", value: arg };`
26	+	`}`
27	+
28	+	`if (typeof arg === "string") return { kind: "string", value: arg };`
29	+	`if (typeof arg === "boolean") return { kind: "boolean", value: arg };`
30	+
31	+	`if (typeof arg === "symbol") {`
32	+	`return { kind: "symbol", key: Symbol.keyFor(arg) ?? null };`
33	+	`}`
34	+
35	+	`if (arg instanceof Date) {`
36	+	`return { kind: "Date", iso: arg.toISOString() };`
37	+	`}`
38	+
39	+	`if (arg instanceof RegExp) {`
40	+	`return { kind: "RegExp", source: arg.source, flags: arg.flags };`
41	+	`}`
42	+
43	+	`if (arg instanceof URL) {`
44	+	`return { kind: "URL", href: arg.href };`
45	+	`}`
46	+
47	+	`if (arg instanceof URLSearchParams) {`
48	+	`return { kind: "URLSearchParams", string: arg.toString() };`
49	+	`}`
50	+
51	+	`if (arg instanceof Map) {`
52	+	`return { kind: "Map", entries: [...arg.entries()] };`
53	+	`}`
54	+
55	+	`if (arg instanceof Set) {`
56	+	`return { kind: "Set", values: [...arg.values()] };`
57	+	`}`
58	+
59	+	`// FormData BEFORE Blob (FormData doesn't instanceof Blob, but guarding order anyway)`
60	+	`if (typeof FormData !== "undefined" && arg instanceof FormData) {`
61	+	`const entries = [];`
62	+	`for (const [k, v] of arg.entries()) {`
63	+	`if (typeof Blob !== "undefined" && v instanceof Blob) {`
64	+	`entries.push([k, { kind: "Blob", size: v.size, type: v.type }]);`
65	+	`} else {`
66	+	`entries.push([k, v]);`
67	+	`}`
68	+	`}`
69	+	`return { kind: "FormData", entries };`
70	+	`}`
71	+
72	+	`// Blob (and File, which extends Blob)`
73	+	`if (typeof Blob !== "undefined" && arg instanceof Blob) {`
74	+	`const text = await arg.text();`
75	+	`const isFile = typeof File !== "undefined" && arg instanceof File;`
76	+	`return {`
77	+	`kind: isFile ? "File" : "Blob",`
78	+	`size: arg.size,`
79	+	`type: arg.type,`
80	+	`text,`
81	+	`...(isFile ? { name: arg.name } : {}),`
82	+	`};`
83	+	`}`
84	+
85	+	`if (arg instanceof ArrayBuffer) {`
86	+	`return {`
87	+	`kind: "ArrayBuffer",`
88	+	`byteLength: arg.byteLength,`
89	+	`bytes: Array.from(new Uint8Array(arg)),`
90	+	`};`
91	+	`}`
92	+
93	+	`if (ArrayBuffer.isView(arg)) {`
94	+	`const ctorName = arg.constructor.name;`
95	+	`// Normalize to a plain array of numbers (works for all TypedArrays).`
96	+	`const values = Array.from(arg);`
97	+	`return { kind: ctorName, byteLength: arg.byteLength, values };`
98	+	`}`
99	+
100	+	`// ReadableStream — drain into chunks before inspecting anything else.`
101	+	`if (typeof ReadableStream !== "undefined" && arg instanceof ReadableStream) {`
102	+	`const reader = arg.getReader();`
103	+	`const chunks = [];`
104	+	`while (true) {`
105	+	`const { value, done } = await reader.read();`
106	+	`if (done) break;`
107	+	`if (ArrayBuffer.isView(value)) {`
108	+	`chunks.push(Array.from(value));`
109	+	`} else {`
110	+	`chunks.push(value);`
111	+	`}`
112	+	`}`
113	+	`return { kind: "ReadableStream", chunks };`
114	+	`}`
115	+
116	+	`// Thenable — await and wrap.`
117	+	`if (typeof arg === "object" && typeof arg.then === "function") {`
118	+	`const resolved = await arg;`
119	+	`return { kind: "Promise", resolved };`
120	+	`}`
121	+
122	+	`// AsyncIterable (generator or custom).`
123	+	`if (`
124	+	`typeof arg === "object" &&`
125	+	`typeof arg[Symbol.asyncIterator] === "function"`
126	+	`) {`
127	+	`const chunks = [];`
128	+	`for await (const c of arg) chunks.push(c);`
129	+	`return { kind: "AsyncIterable", chunks };`
130	+	`}`
131	+
132	+	`// Sync iterator — note: Arrays/Maps/Sets are handled above, so what lands`
133	+	`// here is a bare iterator (e.g. from a generator function).`
134	+	`if (`
135	+	`typeof arg === "object" &&`
136	+	`typeof arg[Symbol.iterator] === "function" &&`
137	+	`typeof arg.next === "function"`
138	+	`) {`
139	+	`const chunks = [];`
140	+	`for (const c of arg) chunks.push(c);`
141	+	`return { kind: "Iterator", chunks };`
142	+	`}`
143	+
144	+	`if (Array.isArray(arg)) {`
145	+	`return { kind: "Array", length: arg.length, value: arg };`
146	+	`}`
147	+
148	+	`if (typeof arg === "object") {`
149	+	// Shared-reference check: if a plain object's `a` and `b` properties
150	+	`// point to the same inner object, assertShared lets the test verify`
151	+	`// reference identity survived the round-trip.`
152	+	`const sharedCheck =`
153	+	`arg && typeof arg.a === "object" && arg.a !== null && arg.a === arg.b;`
154	+	`return {`
155	+	`kind: "object",`
156	+	`keys: Object.keys(arg),`
157	+	`sharedRef: !!sharedCheck,`
158	+	`value: arg,`
159	+	`};`
160	+	`}`
161	+
162	+	`return { kind: "unknown", typeof: typeof arg };`
163	+	`}`

1	+	`"use client";`
2	+
3	+	`import { echoArg } from "./server-function-arg-types-actions.mjs";`
4	+
5	+	`/**`
6	+	`* Each button constructs a client-side value of a specific type, calls the`
7	+	* `echoArg` server function with it, and stashes the server's descriptor in
8	+	* `window.__react_server_result__` for the spec to assert on.
9	+	`*`
10	+	* Button names match the spec's `cases` table; keep them in sync.
11	+	`*/`
12	+	`export default function ServerFunctionArgTypesClient() {`
13	+	`const call = (name, buildArg) => (`
14	+	`<button`
15	+	`key={name}`
16	+	`data-testid={name}`
17	+	`onClick={async () => {`
18	+	`window.__react_server_result__ = undefined;`
19	+	`try {`
20	+	`const arg = buildArg();`
21	+	`const result = await echoArg(arg);`
22	+	`window.__react_server_result__ = result;`
23	+	console.log(`arg-type ${name} →`, JSON.stringify(result));
24	+	`} catch (e) {`
25	+	`window.__react_server_result__ = {`
26	+	`kind: "clientError",`
27	+	`message: String(e?.message ?? e),`
28	+	`};`
29	+	console.log(`arg-type ${name} error →`, e?.message ?? e);
30	+	`}`
31	+	`}}`
32	+	`>`
33	+	`{name}`
34	+	`</button>`
35	+	`);`
36	+
37	+	`return (`
38	+	`<>`
39	+	`{/* suppressHydrationWarning for the dev-mode double render */}`
40	+	`<div suppressHydrationWarning>{Math.random()}</div>`
41	+
42	+	`{call("arg-string", () => "hello")}`
43	+	`{call("arg-number", () => 42)}`
44	+	`{call("arg-nan", () => NaN)}`
45	+	`{call("arg-infinity", () => Infinity)}`
46	+	`{call("arg-neg-infinity", () => -Infinity)}`
47	+	`{call("arg-bigint", () => 9007199254740993n)}`
48	+	`{call("arg-boolean", () => true)}`
49	+	`{call("arg-null", () => null)}`
50	+	`{call("arg-undefined", () => undefined)}`
51	+	`{call("arg-symbol", () => Symbol.for("rsc.test"))}`
52	+	`{call("arg-date", () => new Date("2024-01-02T03:04:05.000Z"))}`
53	+	`{call("arg-regexp", () => /abc/gi)}`
54	+	`{call("arg-url", () => new URL("https://example.test/path?x=1"))}`
55	+	`{call(`
56	+	`"arg-url-search-params",`
57	+	`() => new URLSearchParams("a=1&b=two&a=3")`
58	+	`)}`
59	+	`{call(`
60	+	`"arg-map",`
61	+	`() =>`
62	+	`new Map([`
63	+	`["k1", "v1"],`
64	+	`["k2", 2],`
65	+	`])`
66	+	`)}`
67	+	`{call("arg-set", () => new Set(["a", "b", "c"]))}`
68	+	`{call("arg-array-buffer", () => {`
69	+	`const ab = new ArrayBuffer(4);`
70	+	`new Uint8Array(ab).set([1, 2, 3, 4]);`
71	+	`return ab;`
72	+	`})}`
73	+	`{call("arg-uint8array", () => new Uint8Array([10, 20, 30]))}`
74	+	`{call("arg-blob", () => new Blob(["hello-blob"], { type: "text/plain" }))}`
75	+	`{call("arg-file", () => {`
76	+	`if (typeof File === "undefined") {`
77	+	`// Fall back to Blob on environments without File.`
78	+	`return new Blob(["hello-file"], { type: "text/plain" });`
79	+	`}`
80	+	`return new File(["hello-file"], "hello.txt", { type: "text/plain" });`
81	+	`})}`
82	+	`{call("arg-formdata", () => {`
83	+	`const fd = new FormData();`
84	+	`fd.append("name", "alice");`
85	+	`fd.append("age", "30");`
86	+	`fd.append(`
87	+	`"bio",`
88	+	`new Blob(["a bio"], { type: "text/plain" }),`
89	+	`"bio.txt"`
90	+	`);`
91	+	`return fd;`
92	+	`})}`
93	+	`{call("arg-promise", () => Promise.resolve({ ok: 1, who: "alice" }))}`
94	+	`{call("arg-readable-stream", () => {`
95	+	`return new ReadableStream({`
96	+	`start(controller) {`
97	+	`controller.enqueue("chunk-a");`
98	+	`controller.enqueue("chunk-b");`
99	+	`controller.close();`
100	+	`},`
101	+	`});`
102	+	`})}`
103	+	`{call("arg-async-iterable", () => {`
104	+	`async function* gen() {`
105	+	`yield "async-0";`
106	+	`yield "async-1";`
107	+	`yield "async-2";`
108	+	`}`
109	+	`return gen();`
110	+	`})}`
111	+	`{call("arg-iterator", () => {`
112	+	`function* gen() {`
113	+	`yield "sync-0";`
114	+	`yield "sync-1";`
115	+	`}`
116	+	`return gen();`
117	+	`})}`
118	+	`{call("arg-array", () => [1, "two", true])}`
119	+	`{call("arg-nested-object", () => ({`
120	+	`name: "root",`
121	+	`nested: { n: 1 },`
122	+	`list: [{ i: 0 }, { i: 1 }],`
123	+	`}))}`
124	+	`{call("arg-shared-ref", () => {`
125	+	`const inner = { shared: true };`
126	+	`return { a: inner, b: inner };`
127	+	`})}`
128	+	`</>`
129	+	`);`
130	+	`}`

1	+	`/**`
2	+	`* Reply decoder security tests.`
3	+	`*`
4	+	`* Covers:`
5	+	`* - CVE-2025-55182-style path traversal: "$3:constructor:constructor" etc.`
6	+	`* - Prototype-pollution via __proto__ own-property in JSON payloads`
7	+	* - `then`-function scrub (attacker thenables cannot be duck-typed)
8	+	`* - Resource ceilings (maxRows, maxDepth, maxStringLength, maxBigIntDigits)`
9	+	`* - Row-reference path-walk barriers (prototype check, own-key check,`
10	+	`* forbidden-key filter)`
11	+	`*`
12	+	* These tests target `decodeReply` and the underlying reply-decoder module,
13	+	* not the RSC client-stream decoder (which uses `createFromReadableStream`).
14	+	`*/`
15	+
16	+	`import { describe, expect, test } from "vitest";`
17	+
18	+	`import { decodeReply } from "../server/shared.mjs";`
19	+	`import {`
20	+	`decodeReplyFromFormData,`
21	+	`decodeReplyFromString,`
22	+	`DecodeError,`
23	+	`DecodeLimitError,`
24	+	`} from "../server/reply-decoder.mjs";`
25	+
26	+	`// ───────────────────────────────────────────────────────────────────────────`
27	+	`// Helper: build a FormData body with a root row and optional outlined rows.`
28	+	`// ───────────────────────────────────────────────────────────────────────────`
29	+	`function makeReply(rootJson, outlinedRows = {}) {`
30	+	`const fd = new FormData();`
31	+	`fd.set("0", rootJson);`
32	+	`for (const [id, payload] of Object.entries(outlinedRows)) {`
33	+	`fd.set(id, payload);`
34	+	`}`
35	+	`return fd;`
36	+	`}`
37	+
38	+	`// ───────────────────────────────────────────────────────────────────────────`
39	+	`// CVE-2025-55182: "$<id>:constructor:constructor" and variants`
40	+	`// ───────────────────────────────────────────────────────────────────────────`
41	+
42	+	`describe("CVE-2025-55182: property-path construction", () => {`
43	+	`test("$3:constructor:constructor throws Invalid reference.", async () => {`
44	+	`// Row 3 holds an empty array. The attacker wants us to walk`
45	+	`// [].constructor (Array) → Array.constructor (Function), then the`
46	+	`// caller invokes the resolved value. The path walker must refuse the`
47	+	// `constructor` step because it is not an own property.
48	+	const fd = makeReply(`"$3:constructor:constructor"`, {
49	+	`3: JSON.stringify([]),`
50	+	`});`
51	+	`await expect(decodeReply(fd)).rejects.toThrow(/Invalid reference/);`
52	+	`});`
53	+
54	+	`test("$3:__proto__:polluted throws Invalid reference.", async () => {`
55	+	const fd = makeReply(`"$3:__proto__:polluted"`, {
56	+	`3: JSON.stringify({ a: 1 }),`
57	+	`});`
58	+	`await expect(decodeReply(fd)).rejects.toThrow(/Invalid reference/);`
59	+	`});`
60	+
61	+	`test("$3:toString throws Invalid reference (not own property)", async () => {`
62	+	const fd = makeReply(`"$3:toString"`, {
63	+	`3: JSON.stringify({}),`
64	+	`});`
65	+	`await expect(decodeReply(fd)).rejects.toThrow(/Invalid reference/);`
66	+	`});`
67	+
68	+	`test("$3:prototype throws Invalid reference.", async () => {`
69	+	const fd = makeReply(`"$3:prototype"`, {
70	+	`3: JSON.stringify([]),`
71	+	`});`
72	+	`await expect(decodeReply(fd)).rejects.toThrow(/Invalid reference/);`
73	+	`});`
74	+
75	+	`test("legitimate own-key paths still resolve", async () => {`
76	+	const fd = makeReply(`"$3:user:name"`, {
77	+	`3: JSON.stringify({ user: { name: "Alice" } }),`
78	+	`});`
79	+	`const out = await decodeReply(fd);`
80	+	`expect(out).toBe("Alice");`
81	+	`});`
82	+
83	+	`test("legitimate array index path resolves", async () => {`
84	+	const fd = makeReply(`"$3:0:title"`, {
85	+	`3: JSON.stringify([{ title: "First" }, { title: "Second" }]),`
86	+	`});`
87	+	`const out = await decodeReply(fd);`
88	+	`expect(out).toBe("First");`
89	+	`});`
90	+
91	+	`test("invalid hex row id throws without crashing", async () => {`
92	+	const fd = makeReply(`"$zz:x"`, {});
93	+	// The reference form `$<junk>:<path>` cannot be interpreted safely —
94	+	`// the decoder must reject it, not silently return the literal string.`
95	+	`await expect(decodeReply(fd)).rejects.toThrow(/Invalid reference/);`
96	+	`});`
97	+	`});`
98	+
99	+	`// ───────────────────────────────────────────────────────────────────────────`
100	+	`// Prototype-pollution via JSON.parse own-property __proto__`
101	+	`// ───────────────────────────────────────────────────────────────────────────`
102	+
103	+	`describe("Prototype pollution via __proto__ own-property", () => {`
104	+	`test("__proto__ key is stripped from decoded plain objects", async () => {`
105	+	`const payload = decodeReplyFromString(`
106	+	`JSON.stringify({ __proto__: { polluted: true }, safe: "yes" })`
107	+	`);`
108	+	`expect(payload.safe).toBe("yes");`
109	+	`expect(payload.polluted).toBeUndefined();`
110	+	`expect(Object.prototype.polluted).toBeUndefined();`
111	+	`});`
112	+
113	+	`test("constructor key is stripped from decoded plain objects", async () => {`
114	+	`const payload = decodeReplyFromString(`
115	+	`JSON.stringify({ constructor: "attack", safe: "yes" })`
116	+	`);`
117	+	`expect(payload.safe).toBe("yes");`
118	+	`expect(payload.constructor).toBe(Object);`
119	+	`});`
120	+
121	+	`test("prototype key is stripped from decoded plain objects", async () => {`
122	+	`const payload = decodeReplyFromString(`
123	+	`JSON.stringify({ prototype: "attack", safe: "yes" })`
124	+	`);`
125	+	`expect(payload.safe).toBe("yes");`
126	+	`expect(payload.prototype).toBeUndefined();`
127	+	`});`
128	+
129	+	`test("nested __proto__ in arrays is stripped", async () => {`
130	+	`const payload = decodeReplyFromString(`
131	+	`JSON.stringify([{ __proto__: { polluted: true }, ok: 1 }])`
132	+	`);`
133	+	`expect(payload[0].ok).toBe(1);`
134	+	`expect(payload[0].polluted).toBeUndefined();`
135	+	`});`
136	+	`});`
137	+
138	+	`// ───────────────────────────────────────────────────────────────────────────`
139	+	// `then` scrub
140	+	`// ───────────────────────────────────────────────────────────────────────────`
141	+
142	+	`describe("then-function scrub", () => {`
143	+	test("a parsed `then` string value is preserved (scrub targets functions only)", async () => {
144	+	`// JSON cannot carry a function, but a legacy decoder writing custom tags`
145	+	// could in principle yield one. Ensure a plain string `then` is kept.
146	+	// The `then` key is written via a computed index so the no-thenable
147	+	`// static check doesn't flag the literal — the runtime value is identical.`
148	+	`const out = decodeReplyFromString(`
149	+	`JSON.stringify({ [["then"][0]]: "not-a-function" })`
150	+	`);`
151	+	`expect(out.then).toBe("not-a-function");`
152	+	`});`
153	+	`});`
154	+
155	+	`// ───────────────────────────────────────────────────────────────────────────`
156	+	`// Resource ceilings`
157	+	`// ───────────────────────────────────────────────────────────────────────────`
158	+
159	+	`describe("Resource limits", () => {`
160	+	`test("maxStringLength triggers on an oversized row payload", () => {`
161	+	`const bigRow = "x".repeat(20);`
162	+	const fd = makeReply(`"$3"`, { 3: bigRow });
163	+	`// decodeReplyFromFormData is synchronous — use toThrow, not rejects.`
164	+	`expect(() =>`
165	+	`decodeReplyFromFormData(fd, { limits: { maxStringLength: 10 } })`
166	+	`).toThrow(DecodeLimitError);`
167	+	`});`
168	+
169	+	`test("maxBigIntDigits triggers on huge bigint payloads", async () => {`
170	+	`const digits = "9".repeat(8192);`
171	+	`await expect(() =>`
172	+	decodeReplyFromString(`"$n${digits}"`, {
173	+	`limits: { maxBigIntDigits: 4096 },`
174	+	`})`
175	+	`).toThrow(DecodeLimitError);`
176	+	`});`
177	+
178	+	`test("maxRows triggers on formData with too many entries", async () => {`
179	+	`const fd = new FormData();`
180	+	`for (let i = 0; i < 50; i++) fd.append("k" + i, "v");`
181	+	`fd.set("0", "null");`
182	+	`expect(() =>`
183	+	`decodeReplyFromFormData(fd, { limits: { maxRows: 10 } })`
184	+	`).toThrow(DecodeLimitError);`
185	+	`});`
186	+
187	+	`test("maxDepth triggers on deeply chained row references", () => {`
188	+	`// Each row references the next via a hex id. Row keys are decimal`
189	+	`// (matching the encoder), references are hex — aligned within 0–9`
190	+	`// where the two coincide. Using N = 15 rows deep with limit 4.`
191	+	`const fd = new FormData();`
192	+	fd.set("0", `"$1"`);
193	+	`for (let i = 1; i < 15; i++) {`
194	+	fd.set(String(i), `"$${(i + 1).toString(16)}"`);
195	+	`}`
196	+	`fd.set("15", JSON.stringify({ leaf: true }));`
197	+	`expect(() =>`
198	+	`decodeReplyFromFormData(fd, { limits: { maxDepth: 4 } })`
199	+	`).toThrow(DecodeLimitError);`
200	+	`});`

201	+	`});`
202	+
203	+	`// ───────────────────────────────────────────────────────────────────────────`
204	+	`// Reference indirection sanity`
205	+	`// ───────────────────────────────────────────────────────────────────────────`
206	+
207	+	`describe("Outlined row references", () => {`
208	+	`test("$<hex> resolves to the row body", async () => {`
209	+	const fd = makeReply(`"$3"`, { 3: JSON.stringify({ ok: true }) });
210	+	`const out = await decodeReply(fd);`
211	+	`expect(out).toEqual({ ok: true });`
212	+	`});`
213	+
214	+	`test("$<hex>:key walks one step", async () => {`
215	+	const fd = makeReply(`"$3:name"`, {
216	+	`3: JSON.stringify({ name: "Hi" }),`
217	+	`});`
218	+	`expect(await decodeReply(fd)).toBe("Hi");`
219	+	`});`
220	+
221	+	`test("cyclic row reference throws rather than looping", async () => {`
222	+	`// Row 1 references itself.`
223	+	const fd = makeReply(`"$1"`, { 1: `"$1"` });
224	+	`await expect(decodeReply(fd)).rejects.toThrow(/Cyclic/);`
225	+	`});`
226	+
227	+	`test("missing row throws DecodeError, not RCE", async () => {`
228	+	const fd = makeReply(`"$99"`, {});
229	+	`await expect(decodeReply(fd)).rejects.toThrow(DecodeError);`
230	+	`});`
231	+	`});`
232	+
233	+	`// ───────────────────────────────────────────────────────────────────────────`
234	+	`// Backward compat: legacy tag set still decodes`
235	+	`// ───────────────────────────────────────────────────────────────────────────`
236	+
237	+	`// ───────────────────────────────────────────────────────────────────────────`
238	+	`// encode ↔ decode round-trips for new async capabilities`
239	+	`// ───────────────────────────────────────────────────────────────────────────`
240	+
241	+	`describe("Async capability round-trips", () => {`
242	+	`test("Promise arg: resolved value is awaitable on the server", async () => {`
243	+	`const { encodeReply } = await import("../client/shared.mjs");`
244	+	`const encoded = await encodeReply({`
245	+	`input: Promise.resolve({ ok: 1, name: "alice" }),`
246	+	`});`
247	+	`const decoded = await decodeReply(encoded);`
248	+	`expect(decoded.input).toBeInstanceOf(Promise);`
249	+	`await expect(decoded.input).resolves.toEqual({ ok: 1, name: "alice" });`
250	+	`});`
251	+
252	+	`test("AsyncIterable arg: yields the original sequence on the server", async () => {`
253	+	`const { encodeReply } = await import("../client/shared.mjs");`
254	+	`async function* source() {`
255	+	`yield 1;`
256	+	`yield 2;`
257	+	`yield 3;`
258	+	`}`
259	+	`const encoded = await encodeReply({ stream: source() });`
260	+	`const decoded = await decodeReply(encoded);`
261	+	`const collected = [];`
262	+	`for await (const item of decoded.stream) collected.push(item);`
263	+	`expect(collected).toEqual([1, 2, 3]);`
264	+	`});`
265	+
266	+	`test("ReadableStream arg: text chunks survive the round-trip", async () => {`
267	+	`const { encodeReply } = await import("../client/shared.mjs");`
268	+	`const stream = new ReadableStream({`
269	+	`start(controller) {`
270	+	`controller.enqueue("hello ");`
271	+	`controller.enqueue("world");`
272	+	`controller.close();`
273	+	`},`
274	+	`});`
275	+	`const encoded = await encodeReply({ body: stream });`
276	+	`const decoded = await decodeReply(encoded);`
277	+	`const reader = decoded.body.getReader();`
278	+	`const out = [];`
279	+	`// eslint-disable-next-line no-constant-condition`
280	+	`while (true) {`
281	+	`const { value, done } = await reader.read();`
282	+	`if (done) break;`
283	+	`out.push(value);`
284	+	`}`
285	+	`expect(out.join("")).toBe("hello world");`
286	+	`});`
287	+
288	+	`test("Iterator arg: yields the original sequence on the server", async () => {`
289	+	`const { encodeReply } = await import("../client/shared.mjs");`
290	+	`function* source() {`
291	+	`yield "a";`
292	+	`yield "b";`
293	+	`}`
294	+	`const encoded = await encodeReply({ it: source() });`
295	+	`const decoded = await decodeReply(encoded);`
296	+	`const collected = [];`
297	+	`for (const item of decoded.it) collected.push(item);`
298	+	`expect(collected).toEqual(["a", "b"]);`
299	+	`});`
300	+	`});`
301	+
302	+	`describe("Legacy tag backward compatibility", () => {`
303	+	`test("$undefined / $NaN / $Infinity / $-Infinity decode as before", () => {`
304	+	`expect(decodeReplyFromString('"$undefined"')).toBe(undefined);`
305	+	`expect(Number.isNaN(decodeReplyFromString('"$NaN"'))).toBe(true);`
306	+	`expect(decodeReplyFromString('"$Infinity"')).toBe(Infinity);`
307	+	`expect(decodeReplyFromString('"$-Infinity"')).toBe(-Infinity);`
308	+	`});`
309	+
310	+	`test("$n / $D / $S / $l decode as before", () => {`
311	+	`expect(decodeReplyFromString('"$n42"')).toBe(42n);`
312	+	`const dateStr = new Date("2024-01-01T00:00:00Z").toISOString();`
313	+	expect(decodeReplyFromString(`"$D${dateStr}"`).toISOString()).toBe(dateStr);
314	+	`expect(decodeReplyFromString('"$SmySymbol"')).toBe(Symbol.for("mySymbol"));`
315	+	`expect(decodeReplyFromString('"$lhttps://x.test/"').href).toBe(`
316	+	`"https://x.test/"`
317	+	`);`
318	+	`});`
319	+
320	+	`test("$$ escape preserves leading $ in user strings", () => {`
321	+	`expect(decodeReplyFromString('"$$h1"')).toBe("$h1");`
322	+	`});`
323	+	`});`

2967	2976		`return JSON.stringify(serialized);`
2968	2977		`}`
2969	2978
	2979	+	`// ─── Async value pre-resolution ─────────────────────────────────────────────`
	2980	+	`//`
	2981	+	`// React's reply encoder resolves Promises / streams / iterables into outlined`
	2982	+	`// rows. We match that behaviour here. Strategy:`
	2983	+	`//`
	2984	+	`// 1. Walk the tree (cycle-safe via WeakSet) looking for thenables,`
	2985	+	`// ReadableStreams, AsyncIterables, and sync Iterators that are not`
	2986	+	`// already plain arrays/maps/sets (which the sync serializer handles).`
	2987	+	`// 2. For each, allocate a FormData part id, drain to a concrete JSON`
	2988	+	`// payload, and write it to ctx.formData. Record the reference string`
	2989	+	`// in ctx.writtenObjects so the sync serializer emits a short tag.`
	2990	+	`// 3. Promises yielding values that contain further async types are`
	2991	+	`// resolved iteratively — preResolveAsyncValues is called recursively`
	2992	+	`// on the resolved payload before the outer Promise's row is written.`
	2993	+	`//`
	2994	+	`// Security note: this path does not execute any attacker-controlled code.`
	2995	+	`// Promises are awaited; streams/iterables are drained via their own`
	2996	+	`// next()/read() methods which the caller owns.`
	2997	+
	2998	+	`async function preResolveAsyncValues(value, ctx, visited) {`
	2999	+	`if (value === null \|\| value === undefined) return;`
	3000	+	`if (typeof value !== "object" && typeof value !== "function") return;`
	3001	+	`if (visited.has(value)) return;`
	3002	+	`visited.add(value);`
	3003	+
	3004	+	`// React elements are opaque to the reply encoder (handled as temp refs`
	3005	+	`// by the sync serializer). Do not descend into their children here, or`
	3006	+	`// we would walk the whole component tree.`
	3007	+	`if (`
	3008	+	`typeof value === "object" &&`
	3009	+	`(value.$$typeof === REACT_ELEMENT_TYPE \|\|`
	3010	+	`value.$$typeof === REACT_TRANSITIONAL_ELEMENT_TYPE)`
	3011	+	`) {`
	3012	+	`return;`
	3013	+	`}`
	3014	+
	3015	+	`// Server references are functions with $$id — do not attempt to drain.`
	3016	+	`if (typeof value === "function") {`
	3017	+	`return;`
	3018	+	`}`
	3019	+
	3020	+	`// Thenable (Promise or Promise-like). Must come before the object walk.`
	3021	+	`if (typeof value === "object" && typeof value.then === "function") {`
	3022	+	`// Reserve the row id and record the back-reference BEFORE awaiting and`
	3023	+	`// serializing the resolved payload. This way, if the resolved value`
	3024	+	`// contains the same Promise (cycle) or another async value already`
	3025	+	`// queued, the pre-resolver returns the cached tag instead of recursing.`
	3026	+	`const partId = reserveRow(ctx);`
	3027	+	`ctx.writtenObjects.set(value, "$@" + partId.toString(16));`
	3028	+	`const resolved = await value;`
	3029	+	`await preResolveAsyncValues(resolved, ctx, visited);`
	3030	+	`const payload = serializeForReply(resolved, {}, "", new WeakSet(), ctx);`
	3031	+	`fillRow(ctx, partId, payload);`
	3032	+	`return;`
	3033	+	`}`
	3034	+
	3035	+	`// ReadableStream: drain into chunks. Text vs binary inferred from chunks.`
	3036	+	`if (`
	3037	+	`typeof ReadableStream !== "undefined" &&`
	3038	+	`value instanceof ReadableStream`
	3039	+	`) {`
	3040	+	`const reader = value.getReader();`
	3041	+	`const chunks = [];`
	3042	+	`let binary = false;`
	3043	+	`try {`
	3044	+	`// eslint-disable-next-line no-constant-condition`
	3045	+	`while (true) {`
	3046	+	`const { done, value: chunk } = await reader.read();`
	3047	+	`if (done) break;`
	3048	+	`if (chunk instanceof Uint8Array \|\| ArrayBuffer.isView(chunk)) {`
	3049	+	`binary = true;`
	3050	+	`chunks.push(`
	3051	+	`Array.from(`
	3052	+	`new Uint8Array(`
	3053	+	`chunk.buffer,`
	3054	+	`chunk.byteOffset ?? 0,`
	3055	+	`chunk.byteLength ?? chunk.length`
	3056	+	`)`
	3057	+	`)`
	3058	+	`);`
	3059	+	`} else {`
	3060	+	`chunks.push(chunk);`
	3061	+	`}`
	3062	+	`}`
	3063	+	`} finally {`
	3064	+	`try {`
	3065	+	`reader.releaseLock();`
	3066	+	`} catch {`
	3067	+	`/* noop */`
	3068	+	`}`
	3069	+	`}`
	3070	+	`// If binary, re-encode as Uint8Array chunks via numeric arrays (JSON`
	3071	+	`// cannot carry raw bytes). The decoder reconstructs Uint8Array from`
	3072	+	// numeric arrays when the row is opened with the `$b` tag.
	3073	+	`const payload = binary ? chunks.map((arr) => arr) : chunks;`
	3074	+	`const rowPayload = serializeForReply(payload, {}, "", new WeakSet(), ctx);`
	3075	+	`const partId = writeRow(ctx, rowPayload);`
	3076	+	`ctx.writtenObjects.set(value, (binary ? "$b" : "$r") + partId.toString(16));`
	3077	+	`return;`
	3078	+	`}`
	3079	+
	3080	+	`// AsyncIterable (non-ReadableStream). Drain into an array of values.`
	3081	+	`if (`
	3082	+	`typeof value === "object" &&`
	3083	+	`typeof value[Symbol.asyncIterator] === "function"`
	3084	+	`) {`
	3085	+	`const items = [];`
	3086	+	`for await (const item of value) {`
	3087	+	`await preResolveAsyncValues(item, ctx, visited);`
	3088	+	`items.push(item);`
	3089	+	`}`
	3090	+	`const rowPayload = serializeForReply(items, {}, "", new WeakSet(), ctx);`
	3091	+	`const partId = writeRow(ctx, rowPayload);`
	3092	+	`ctx.writtenObjects.set(value, "$x" + partId.toString(16));`
	3093	+	`return;`
	3094	+	`}`
	3095	+
	3096	+	`// Sync iterator (has next() but is not an Array/Map/Set — those are`
	3097	+	`// handled natively by the sync serializer).`
	3098	+	`if (`
	3099	+	`typeof value === "object" &&`
	3100	+	`typeof value[Symbol.iterator] === "function" &&`
	3101	+	`!Array.isArray(value) &&`
	3102	+	`!(value instanceof Map) &&`
	3103	+	`!(value instanceof Set) &&`
	3104	+	`typeof value.next === "function"`
	3105	+	`) {`
	3106	+	`const items = [];`
	3107	+	`for (const item of value) {`
	3108	+	`await preResolveAsyncValues(item, ctx, visited);`
	3109	+	`items.push(item);`
	3110	+	`}`
	3111	+	`const rowPayload = serializeForReply(items, {}, "", new WeakSet(), ctx);`
	3112	+	`const partId = writeRow(ctx, rowPayload);`
	3113	+	`ctx.writtenObjects.set(value, "$X" + partId.toString(16));`
	3114	+	`return;`
	3115	+	`}`
	3116	+
	3117	+	`// Descend into plain composites. We DO NOT descend into Maps/Sets via their`
	3118	+	`// iteration protocol here — the sync serializer handles those. This avoids`
	3119	+	`// double-visiting. For arrays and plain objects, walk children so nested`
	3120	+	`// async values are pre-resolved.`
	3121	+	`if (Array.isArray(value)) {`
	3122	+	`for (const item of value) {`
	3123	+	`await preResolveAsyncValues(item, ctx, visited);`
	3124	+	`}`
	3125	+	`return;`
	3126	+	`}`
	3127	+	`if (value instanceof Map) {`
	3128	+	`for (const [k, v] of value) {`
	3129	+	`await preResolveAsyncValues(k, ctx, visited);`
	3130	+	`await preResolveAsyncValues(v, ctx, visited);`
	3131	+	`}`
	3132	+	`return;`
	3133	+	`}`
	3134	+	`if (value instanceof Set) {`
	3135	+	`for (const item of value) {`
	3136	+	`await preResolveAsyncValues(item, ctx, visited);`
	3137	+	`}`
	3138	+	`return;`
	3139	+	`}`
	3140	+	`if (typeof value === "object") {`
	3141	+	`// Skip framework types we already know how to serialize directly.`
	3142	+	`if (`
	3143	+	`value instanceof Date \|\|`
	3144	+	`value instanceof RegExp \|\|`
	3145	+	`value instanceof URL \|\|`
	3146	+	`value instanceof URLSearchParams \|\|`
	3147	+	`value instanceof ArrayBuffer \|\|`
	3148	+	`ArrayBuffer.isView(value) \|\|`
	3149	+	`(typeof Blob !== "undefined" && value instanceof Blob) \|\|`
	3150	+	`(typeof File !== "undefined" && value instanceof File) \|\|`
	3151	+	`value instanceof FormData`
	3152	+	`) {`
	3153	+	`return;`
	3154	+	`}`
	3155	+	`const proto = Object.getPrototypeOf(value);`
	3156	+	`if (proto !== null && proto !== Object.prototype) return;`
	3157	+	`for (const key of Object.keys(value)) {`
	3158	+	`await preResolveAsyncValues(value[key], ctx, visited);`
	3159	+	`}`
	3160	+	`}`
	3161	+	`}`
	3162	+
	3163	+	`function writeRow(ctx, payload) {`
	3164	+	`if (ctx.formData === null) ctx.formData = new FormData();`
	3165	+	`const partId = ctx.nextPartId++;`
	3166	+	`ctx.formData.set("" + partId, JSON.stringify(payload));`
	3167	+	`return partId;`
	3168	+	`}`
	3169	+
	3170	+	`// Two-phase row allocation for cycle-safe outlining of async values.`
	3171	+	`function reserveRow(ctx) {`
	3172	+	`if (ctx.formData === null) ctx.formData = new FormData();`
	3173	+	`return ctx.nextPartId++;`
	3174	+	`}`
	3175	+

	3176	+	`function fillRow(ctx, partId, payload) {`
	3177	+	`ctx.formData.set("" + partId, JSON.stringify(payload));`
	3178	+	`}`
	3179	+
2970	3180		`/**`
2971	3181		`* Serialize a value for reply encoding.`
2972	3182		`*`

1	+	`/**`
2	+	`* @lazarv/rsc — Reply Decoder`
3	+	`*`
4	+	`* Stateful, chunk-oriented decoder for client → server RSC replies.`
5	+	`*`
6	+	`* Wire-format compatibility:`
7	+	`* 1. Full backward-compat with the existing @lazarv/rsc tag set:`
8	+	`* $undefined $NaN $Infinity $-Infinity`
9	+	`* $$<rest> — escaped literal`
10	+	`* $S<symbolName> — Symbol.for(name)`
11	+	`* $n<digits> — BigInt`
12	+	`* $D<iso> — Date`
13	+	`* $Q<inline-json> — Map with entries inline`
14	+	`* $W<inline-json> — Set with items inline`
15	+	`* $l<url> — URL`
16	+	`* $U<inline-json> — URLSearchParams entries`
17	+	`* $K<partIdOrPath> — FormData / File / Blob lookup`
18	+	`* $AB<base64> — ArrayBuffer`
19	+	`* $AT<inline-json> — TypedArray / DataView`
20	+	`* $R<inline-json> — RegExp`
21	+	`* $h<hexPartId> — Server reference (outlined part)`
22	+	`* $T — Temporary reference (path-keyed)`
23	+	`* 2. NEW capabilities (additive, non-colliding tag letters):`
24	+	`* $<hex>[:key:key] — Row reference + path walk`
25	+	`* $@<hex> — Promise (outlined)`
26	+	`* $r<hex> — ReadableStream (text)`
27	+	`* $b<hex> — ReadableStream (binary)`
28	+	`* $x<hex> — AsyncIterable`
29	+	`* $X<hex> — Iterator (sync)`
30	+	`*`
31	+	`* Security model (matches React's post-CVE-2025-55182 barriers, plus extras):`
32	+	`*`
33	+	* 1. Path walking in `$<id>:<key>:<key>` references requires:
34	+	`* - Each intermediate value's prototype MUST be Object.prototype or`
35	+	`* Array.prototype. Anything else throws "Invalid reference.".`
36	+	`* - Each property step MUST be an own property (Object.hasOwn). This`
37	+	* blocks `.constructor`, `.map`, `.then`, `.__proto__`, `.prototype`.
38	+	* 2. Forbidden keys (`__proto__`, `constructor`, `prototype`) are stripped
39	+	`* via the JSON.parse reviver BEFORE they can become own properties,`
40	+	`* and never survive the path-walk check even if they do slip in.`
41	+	* 3. Any `then` key whose value is a function is scrubbed to null at walk
42	+	`* time (attacker thenables cannot be duck-typed by downstream Promise`
43	+	* code). Non-function `then` values are preserved.
44	+	`* 4. Callables originate ONLY from:`
45	+	* - `$h<id>` → moduleLoader.loadServerAction(id) (allowlist-bound)
46	+	* - `$T` → temporaryReferences proxy (opaque, throws on access)
47	+	* No path invokes `new Function`, `eval`, or `import()` on user data.
48	+	`* 5. Resource ceilings: maxRows, maxDepth, maxBytes, maxStringLength,`
49	+	`* maxBigIntDigits, maxBoundArgs, maxStreamChunks.`
50	+	`*`
51	+	`* Architecture:`
52	+	`*`
53	+	`* Parsing happens in two passes per row to preserve path identity for`
54	+	`* temporary references (which are keyed by the structural path the`
55	+	`* client assigned on the encode side):`
56	+	`* 1. JSON.parse with a reviver that only strips __proto__ / constructor`
57	+	`* / prototype keys. This produces a plain tree with no tag dispatch.`
58	+	`* 2. A recursive walk that tracks the current path and dispatches`
59	+	`* $-prefixed strings inline, recursing into objects/arrays, and`
60	+	`* outlining row references through the chunk map.`
61	+	`*/`
62	+
63	+	`// ─── Chunk status constants ────────────────────────────────────────────────`
64	+
65	+	`const BLOCKED = "blocked";`
66	+	`const RESOLVED_MODEL = "resolved_model";`
67	+	`const FULFILLED = "fulfilled";`
68	+	`const REJECTED = "rejected";`
69	+
70	+	`// ─── Resource limits ───────────────────────────────────────────────────────`
71	+
72	+	`export const DEFAULT_LIMITS = Object.freeze({`
73	+	`maxRows: 10_000,`
74	+	`maxDepth: 128,`
75	+	`maxBytes: 32 * 1024 * 1024,`
76	+	`maxBoundArgs: 256, // matches React`
77	+	`maxBigIntDigits: 4096, // matches React`
78	+	`maxStringLength: 16 * 1024 * 1024,`
79	+	`maxStreamChunks: 10_000,`
80	+	`});`
81	+
82	+	`const FORBIDDEN_KEYS = new Set(["__proto__", "constructor", "prototype"]);`
83	+
84	+	`// ─── Errors ────────────────────────────────────────────────────────────────`
85	+
86	+	`export class DecodeError extends Error {`
87	+	`constructor(message, code) {`
88	+	`super(message);`
89	+	`this.name = "DecodeError";`
90	+	`this.code = code ?? "DECODE_ERROR";`
91	+	`}`
92	+	`}`
93	+
94	+	`export class DecodeLimitError extends DecodeError {`
95	+	`constructor(limit, observed) {`
96	+	super(`Reply exceeded decode limit: ${limit} (observed ${observed})`);
97	+	`this.name = "DecodeLimitError";`
98	+	`this.code = "DECODE_LIMIT";`
99	+	`this.limit = limit;`
100	+	`this.observed = observed;`
101	+	`}`
102	+	`}`
103	+
104	+	`// ─── Temporary reference proxy ─────────────────────────────────────────────`
105	+
106	+	`const TEMPORARY_REFERENCE_TAG = Symbol.for("react.temporary.reference");`
107	+
108	+	`const temporaryReferenceProxyHandler = {`
109	+	`get(target, prop) {`
110	+	`if (prop === "$$typeof") return target.$$typeof;`
111	+	`if (prop === Symbol.toPrimitive) return undefined;`
112	+	`if (prop === "then") return undefined;`
113	+	`throw new Error(`
114	+	`"Attempted to read a property of a temporary Client Reference from the server. " +`
115	+	`"Temporary references are opaque and cannot be inspected."`
116	+	`);`
117	+	`},`
118	+	`set() {`
119	+	`throw new Error(`
120	+	`"Cannot assign to a temporary client reference from a server module."`
121	+	`);`
122	+	`},`
123	+	`};`
124	+
125	+	`function createTemporaryReference(temporaryReferences, id) {`
126	+	`const reference = Object.defineProperties(`
127	+	`function () {`
128	+	`throw new Error(`
129	+	`"Attempted to call a temporary Client Reference from the server but it is on the client. " +`
130	+	`"It's not possible to invoke a client function from the server, it can only be rendered as a Component or passed to props of a Client Component."`
131	+	`);`
132	+	`},`
133	+	`{ $$typeof: { value: TEMPORARY_REFERENCE_TAG } }`
134	+	`);`
135	+	`const proxy = new Proxy(reference, temporaryReferenceProxyHandler);`
136	+	`if (temporaryReferences && typeof temporaryReferences.set === "function") {`
137	+	`temporaryReferences.set(proxy, id);`
138	+	`}`
139	+	`return proxy;`
140	+	`}`
141	+
142	+	`// ─── ReplyResponse ─────────────────────────────────────────────────────────`
143	+	`//`
144	+	`// The decoding state carried through a single decodeReply call. Kept as a`
145	+	`// plain object built by a factory rather than a class because it has no`
146	+	`// methods — all operations on it are module-level helpers that take the`
147	+	`// response as their first argument. This keeps the type monomorphic for V8`
148	+	`// and avoids a near-empty class shell.`
149	+
150	+	`function buildReplyResponse(prefix, formData, options) {`
151	+	`const response = {`
152	+	`_prefix: prefix,`
153	+	`_formData: formData,`
154	+	`_chunks: new Map(), // rowId → chunk`
155	+	`_temporaryReferences: options.temporaryReferences ?? null,`
156	+	`_moduleLoader: options.moduleLoader ?? null,`
157	+	`_limits: { ...DEFAULT_LIMITS, ...options.limits },`
158	+	`_depth: 0,`
159	+	`};`
160	+
161	+	`if (formData) {`
162	+	`let byteCount = 0;`
163	+	`let entryCount = 0;`
164	+	`for (const [, v] of formData.entries()) {`
165	+	`entryCount++;`
166	+	`if (entryCount > response._limits.maxRows) {`
167	+	`throw new DecodeLimitError("maxRows", entryCount);`
168	+	`}`
169	+	`if (typeof v === "string") byteCount += v.length;`
170	+	`else if (v && typeof v.size === "number") byteCount += v.size;`
171	+	`if (byteCount > response._limits.maxBytes) {`
172	+	`throw new DecodeLimitError("maxBytes", byteCount);`
173	+	`}`
174	+	`}`
175	+	`}`
176	+
177	+	`return response;`
178	+	`}`
179	+
180	+	`export function createReplyResponse(prefix, formData, options = {}) {`
181	+	`return buildReplyResponse(prefix ?? "", formData ?? null, options);`
182	+	`}`
183	+
184	+	`// ─── Chunk accessors ───────────────────────────────────────────────────────`
185	+
186	+	`function getChunk(response, id) {`
187	+	`const cached = response._chunks.get(id);`
188	+	`if (cached) return cached;`
189	+
190	+	`if (!response._formData) {`
191	+	`const c = {`
192	+	`status: REJECTED,`
193	+	`value: null,`
194	+	reason: new DecodeError(`Row ${id} missing: no FormData body`),
195	+	`};`
196	+	`response._chunks.set(id, c);`
197	+	`return c;`
198	+	`}`
199	+
200	+	`// Row keys are stored as decimal strings by the encoder, per the existing`

201	+	// @lazarv/rsc wire format: `ctx.formData.set("" + partId, …)`.
202	+	`const raw = response._formData.get(response._prefix + id);`
203	+	`if (typeof raw === "string") {`
204	+	`if (raw.length > response._limits.maxStringLength) {`
205	+	`const c = {`
206	+	`status: REJECTED,`
207	+	`value: null,`
208	+	`reason: new DecodeLimitError("maxStringLength", raw.length),`
209	+	`};`
210	+	`response._chunks.set(id, c);`
211	+	`return c;`
212	+	`}`
213	+	`const c = {`
214	+	`status: RESOLVED_MODEL,`
215	+	`value: raw,`
216	+	`reason: null,`
217	+	`path: String(id),`
218	+	`};`
219	+	`response._chunks.set(id, c);`
220	+	`return c;`
221	+	`}`
222	+	`if (raw != null && typeof raw === "object") {`
223	+	`const c = { status: FULFILLED, value: raw, reason: null };`
224	+	`response._chunks.set(id, c);`
225	+	`return c;`
226	+	`}`
227	+
228	+	`const c = {`
229	+	`status: REJECTED,`
230	+	`value: null,`
231	+	reason: new DecodeError(`Missing row ${id}`),
232	+	`};`
233	+	`response._chunks.set(id, c);`
234	+	`return c;`
235	+	`}`
236	+
237	+	`/**`
238	+	`* Materialise a RESOLVED_MODEL chunk. Produces a tree with forbidden keys`
239	+	`* stripped and tag strings dispatched, with explicit path tracking.`
240	+	`*/`
241	+	`function initializeModelChunk(response, chunk) {`
242	+	`if (chunk.status !== RESOLVED_MODEL) return;`
243	+	`const raw = chunk.value;`
244	+	`const basePath = chunk.path \|\| "";`
245	+	`chunk.status = BLOCKED;`
246	+	`chunk.value = null;`
247	+	`try {`
248	+	`// Phase 1: JSON.parse with a reviver that only strips forbidden keys.`
249	+	`const parsed = JSON.parse(raw, forbiddenReviver);`
250	+	`// Phase 2: recursive walk with path tracking + tag dispatch.`
251	+	`const materialised = walkValue(response, parsed, basePath, new WeakSet());`
252	+	`chunk.status = FULFILLED;`
253	+	`chunk.value = materialised;`
254	+	`} catch (err) {`
255	+	`chunk.status = REJECTED;`
256	+	`chunk.reason = err;`
257	+	`}`
258	+	`}`
259	+
260	+	`function forbiddenReviver(key, value) {`
261	+	`if (FORBIDDEN_KEYS.has(key)) return undefined;`
262	+	`return value;`
263	+	`}`
264	+
265	+	`// ─── Recursive walker (tag dispatch + path tracking) ───────────────────────`
266	+
267	+	`function walkValue(response, value, path, visited) {`
268	+	`if (value === null \|\| value === undefined) return value;`
269	+
270	+	`if (typeof value === "string") {`
271	+	`if (value.length > 0 && value.charCodeAt(0) === 36 /* $ */) {`
272	+	`return dispatchTag(response, value, path);`
273	+	`}`
274	+	`return value;`
275	+	`}`
276	+
277	+	`if (typeof value !== "object") return value;`
278	+
279	+	`if (visited.has(value)) return value; // shouldn't occur for JSON-parsed trees`
280	+
281	+	`visited.add(value);`
282	+
283	+	`const tempRefs = response._temporaryReferences;`
284	+
285	+	`if (Array.isArray(value)) {`
286	+	`const result = Array.from({ length: value.length });`
287	+	`// If temporaryReferences is active, register the composite value at its`
288	+	`// structural path BEFORE descending. This mirrors React's behaviour:`
289	+	`// when the server later renders the decoded tree, the root composite is`
290	+	// looked up in tempRefs and emitted as a single `$T<path>` instead of
291	+	`// being re-serialized — matching the wire-format parity tests.`
292	+	`if (tempRefs && path) {`
293	+	`tempRefs.set(result, path);`
294	+	`}`
295	+	`for (let i = 0; i < value.length; i++) {`
296	+	`result[i] = walkValue(`
297	+	`response,`
298	+	`value[i],`
299	+	`path ? path + ":" + i : String(i),`
300	+	`visited`
301	+	`);`
302	+	`}`
303	+	`return result;`
304	+	`}`
305	+
306	+	`const result = {};`
307	+	`if (tempRefs && path) {`
308	+	`tempRefs.set(result, path);`
309	+	`}`
310	+	`for (const key of Object.keys(value)) {`
311	+	`if (FORBIDDEN_KEYS.has(key)) continue;`
312	+	`const childPath = path ? path + ":" + key : key;`
313	+	`let childVal = walkValue(response, value[key], childPath, visited);`
314	+	// `then`-function scrub: attacker cannot smuggle a callable thenable.
315	+	`if (key === "then" && typeof childVal === "function") {`
316	+	`childVal = null;`
317	+	`}`
318	+	`result[key] = childVal;`
319	+	`}`
320	+	`return result;`
321	+	`}`
322	+
323	+	`function isHex(s) {`
324	+	`if (!s) return false;`
325	+	`for (let i = 0; i < s.length; i++) {`
326	+	`const c = s.charCodeAt(i);`
327	+	`if (`
328	+	`!(c >= 48 && c <= 57) && // 0-9`
329	+	`!(c >= 97 && c <= 102) && // a-f`
330	+	`!(c >= 65 && c <= 70) // A-F`
331	+	`) {`
332	+	`return false;`
333	+	`}`
334	+	`}`
335	+	`return true;`
336	+	`}`
337	+
338	+	`/**`
339	+	* Dispatch a `$`-prefixed string to its handler. `path` is the structural
340	+	`* path to this value within the outermost row, used for temp-ref identity.`
341	+	`*/`
342	+	`function dispatchTag(response, value, path) {`
343	+	`if (value.length === 1) return "$";`
344	+	`if (value === "$$") return "$";`
345	+
346	+	`// Multi-character legacy tags`
347	+	`if (value === "$undefined") return undefined;`
348	+	`if (value === "$NaN") return NaN;`
349	+	`if (value === "$Infinity") return Infinity;`
350	+	`if (value === "$-Infinity") return -Infinity;`
351	+	`if (value === "$T") {`
352	+	`return resolveTemporaryReference(response, path);`
353	+	`}`
354	+	`if (value.startsWith("$AB")) {`
355	+	`return decodeArrayBuffer(value.slice(3));`
356	+	`}`
357	+	`if (value.startsWith("$AT")) {`
358	+	`return decodeTypedArray(value.slice(3));`
359	+	`}`
360	+
361	+	`const second = value[1];`
362	+
363	+	`// Escaped literal: "$$foo" → "$foo"`
364	+	`if (second === "$") return value.slice(1);`
365	+
366	+	`switch (second) {`
367	+	`case "S":`
368	+	`return Symbol.for(value.slice(2));`
369	+	`case "n":`
370	+	`return decodeBigInt(response, value.slice(2));`
371	+	`case "D":`
372	+	`return new Date(value.slice(2));`
373	+	`case "Q":`
374	+	`return decodeInlineMap(response, value.slice(2));`
375	+	`case "W":`
376	+	`return decodeInlineSet(response, value.slice(2));`
377	+	`case "l":`
378	+	`return new URL(value.slice(2));`
379	+	`case "U":`
380	+	`return decodeInlineURLSearchParams(value.slice(2));`
381	+	`case "K":`
382	+	`return decodeFormDataRef(response, value.slice(2));`
383	+	`case "R":`
384	+	`return decodeInlineRegExp(value.slice(2));`
385	+	`case "h":`
386	+	`return decodeServerReference(response, value.slice(2));`
387	+
388	+	`// NEW: outlined async capabilities`
389	+	`case "@":`
390	+	`return getOutlinedModel(response, value.slice(2), createPromise);`
391	+	`case "r":`
392	+	`return getOutlinedModel(response, value.slice(2), createTextStream);`
393	+	`case "b":`
394	+	`return getOutlinedModel(response, value.slice(2), createBinaryStream);`
395	+	`case "x":`
396	+	`return getOutlinedModel(response, value.slice(2), createAsyncIterable);`
397	+	`case "X":`
398	+	`return getOutlinedModel(response, value.slice(2), createSyncIterator);`
399	+
400	+	`default: {`

401	+	`// Row reference: $<hex>[:key:key...]. If the shape doesn't validate,`
402	+	`// throw — better to fail loudly than silently pass attacker tags.`
403	+	`const rest = value.slice(1);`
404	+	`const colonIdx = rest.indexOf(":");`
405	+	`const idPart = colonIdx === -1 ? rest : rest.slice(0, colonIdx);`
406	+	`if (!isHex(idPart)) {`
407	+	`throw new DecodeError("Invalid reference.");`
408	+	`}`
409	+	`return getOutlinedModel(response, rest, createModel);`
410	+	`}`
411	+	`}`
412	+	`}`
413	+
414	+	`function resolveTemporaryReference(response, path) {`
415	+	`if (!response._temporaryReferences) {`
416	+	`throw new DecodeError(`
417	+	`"Could not reference an opaque temporary reference. " +`
418	+	`"This is likely due to misconfiguring the temporaryReferences options on the server."`
419	+	`);`
420	+	`}`
421	+	`if (!path) {`
422	+	`throw new DecodeError(`
423	+	`"Could not reference an opaque temporary reference. " +`
424	+	`"$T at the root has no structural path to key on."`
425	+	`);`
426	+	`}`
427	+	`return createTemporaryReference(response._temporaryReferences, path);`
428	+	`}`
429	+
430	+	`// ─── Legacy tag decoders ───────────────────────────────────────────────────`
431	+
432	+	`function decodeBigInt(response, digits) {`
433	+	`if (digits.length > response._limits.maxBigIntDigits) {`
434	+	`throw new DecodeLimitError("maxBigIntDigits", digits.length);`
435	+	`}`
436	+	`return BigInt(digits);`
437	+	`}`
438	+
439	+	`function decodeInlineMap(response, payload) {`
440	+	`const entries = JSON.parse(payload, forbiddenReviver);`
441	+	`if (!Array.isArray(entries)) throw new DecodeError("Invalid $Q payload");`
442	+	`return new Map(`
443	+	`entries.map(([k, v]) => [`
444	+	`walkValue(response, k, "", new WeakSet()),`
445	+	`walkValue(response, v, "", new WeakSet()),`
446	+	`])`
447	+	`);`
448	+	`}`
449	+
450	+	`function decodeInlineSet(response, payload) {`
451	+	`const items = JSON.parse(payload, forbiddenReviver);`
452	+	`if (!Array.isArray(items)) throw new DecodeError("Invalid $W payload");`
453	+	`return new Set(`
454	+	`items.map((item) => walkValue(response, item, "", new WeakSet()))`
455	+	`);`
456	+	`}`
457	+
458	+	`function decodeInlineURLSearchParams(payload) {`
459	+	`const entries = JSON.parse(payload, forbiddenReviver);`
460	+	`if (!Array.isArray(entries)) throw new DecodeError("Invalid $U payload");`
461	+	`const params = new URLSearchParams();`
462	+	`for (const [k, v] of entries) params.append(k, v);`
463	+	`return params;`
464	+	`}`
465	+
466	+	`function decodeInlineRegExp(payload) {`
467	+	`const parsed = JSON.parse(payload, forbiddenReviver);`
468	+	`if (!Array.isArray(parsed) \|\| parsed.length < 1) {`
469	+	`throw new DecodeError("Invalid $R payload");`
470	+	`}`
471	+	`const [source, flags] = parsed;`
472	+	`return new RegExp(source, flags);`
473	+	`}`
474	+
475	+	`function decodeArrayBuffer(b64) {`
476	+	`const binary = atob(b64);`
477	+	`const bytes = new Uint8Array(binary.length);`
478	+	`for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);`
479	+	`return bytes.buffer;`
480	+	`}`
481	+
482	+	`function decodeTypedArray(payload) {`
483	+	`const parsed = JSON.parse(payload, forbiddenReviver);`
484	+	`const { t: typeName, d: data } = parsed \|\| {};`
485	+	`if (typeof typeName !== "string" \|\| typeof data !== "string") {`
486	+	`throw new DecodeError("Invalid $AT payload");`
487	+	`}`
488	+	`const binary = atob(data);`
489	+	`const bytes = new Uint8Array(binary.length);`
490	+	`for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);`
491	+	`const TypedArrayConstructors = {`
492	+	`Int8Array,`
493	+	`Uint8Array,`
494	+	`Uint8ClampedArray,`
495	+	`Int16Array,`
496	+	`Uint16Array,`
497	+	`Int32Array,`
498	+	`Uint32Array,`
499	+	`Float32Array,`
500	+	`Float64Array,`
501	+	`BigInt64Array,`
502	+	`BigUint64Array,`
503	+	`DataView,`
504	+	`};`
505	+	`const Ctor = TypedArrayConstructors[typeName];`
506	+	`if (!Ctor) {`
507	+	throw new DecodeError(`Unknown TypedArray type: ${typeName}`);
508	+	`}`
509	+	`if (Ctor === DataView) return new DataView(bytes.buffer);`
510	+	`return new Ctor(bytes.buffer);`
511	+	`}`
512	+
513	+	`function decodeFormDataRef(response, partIdOrPath) {`
514	+	// `$K<partIdOrPath>` carries two wire-format conventions:
515	+	`//`
516	+	`// 1. Bare File / Blob argument — the client writes the binary directly`
517	+	// under the key `<partIdOrPath>` (alongside the JSON tag at the same
518	+	`// key via FormData's multi-value semantics). Resolve it by looking`
519	+	`// through all entries at that key and returning the first non-string.`
520	+	`//`
521	+	`// 2. FormData argument — the client prefixes every sub-entry with`
522	+	// `<partIdOrPath>_` and emits `$K<partIdOrPath>` as the tag. Rebuild
523	+	`// the sub-FormData by prefix-scan.`
524	+	`//`
525	+	`// Order matters: try (1) first, fall back to (2). Returning a Blob where a`
526	+	`// FormData was expected would be a wire-format mismatch, but in practice`
527	+	`// FormData encoding never places a non-string at the bare key, so this`
528	+	`// disambiguation is safe.`
529	+	`if (!response._formData) return new FormData();`
530	+	`const key = response._prefix + partIdOrPath;`
531	+	`const entries = response._formData.getAll(key);`
532	+	`for (const entry of entries) {`
533	+	`if (typeof entry !== "string") {`
534	+	`return entry;`
535	+	`}`
536	+	`}`
537	+	`const partPrefix = key + "_";`
538	+	`const fd = new FormData();`
539	+	`for (const [k, v] of response._formData.entries()) {`
540	+	`if (k.startsWith(partPrefix)) {`
541	+	`fd.append(k.slice(partPrefix.length), v);`
542	+	`}`
543	+	`}`
544	+	`return fd;`
545	+	`}`
546	+
547	+	`function decodeServerReference(response, hexId) {`
548	+	`if (!isHex(hexId)) {`
549	+	`throw new DecodeError("Invalid $h reference id");`
550	+	`}`
551	+	`const formData = response._formData;`
552	+	`if (!formData) {`
553	+	`throw new DecodeError(`
554	+	`"Server reference $h requires FormData body in decodeReply"`
555	+	`);`
556	+	`}`
557	+	`const partId = parseInt(hexId, 16);`
558	+	`const partPayload = formData.get(response._prefix + partId);`
559	+	`if (typeof partPayload !== "string") {`
560	+	`throw new DecodeError(`
561	+	`"Missing FormData part " + partId + " for server reference"`
562	+	`);`
563	+	`}`
564	+	`const parsed = JSON.parse(partPayload, forbiddenReviver);`
565	+	`if (!parsed \|\| typeof parsed !== "object" \|\| typeof parsed.id !== "string") {`
566	+	`throw new DecodeError("Invalid server reference payload");`
567	+	`}`
568	+	`const loader = response._moduleLoader?.loadServerAction;`
569	+	`if (typeof loader !== "function") {`
570	+	`throw new DecodeError("No server action loader configured");`
571	+	`}`
572	+	`const action = loader(parsed.id);`
573	+	`const bound = parsed.bound;`
574	+	`if (Array.isArray(bound) && bound.length > 0) {`
575	+	`if (bound.length > response._limits.maxBoundArgs) {`
576	+	`throw new DecodeLimitError("maxBoundArgs", bound.length);`
577	+	`}`
578	+	`const boundArgs = bound.map((arg) =>`
579	+	`walkValue(response, arg, "", new WeakSet())`
580	+	`);`
581	+	`if (action && typeof action.then === "function") {`
582	+	`return action.then((fn) =>`
583	+	`typeof fn === "function" ? fn.bind(null, ...boundArgs) : fn`
584	+	`);`
585	+	`}`
586	+	`return typeof action === "function"`
587	+	`? action.bind(null, ...boundArgs)`
588	+	`: action;`
589	+	`}`
590	+	`return action;`
591	+	`}`
592	+
593	+	`// ─── Outlined model resolution ─────────────────────────────────────────────`
594	+
595	+	`const ObjectPrototype = Object.prototype;`
596	+	`const ArrayPrototype = Array.prototype;`
597	+	`const hasOwn = Object.prototype.hasOwnProperty;`
598	+
599	+	`function getOutlinedModel(response, reference, map) {`
600	+	`if (!reference) throw new DecodeError("Empty reference");`

601	+
602	+	`const parts = reference.split(":");`
603	+	`const idPart = parts[0];`
604	+	`if (!isHex(idPart)) {`
605	+	`throw new DecodeError("Invalid reference.");`
606	+	`}`
607	+
608	+	`const id = parseInt(idPart, 16);`
609	+	`const chunk = getChunk(response, id);`
610	+
611	+	`if (chunk.status === RESOLVED_MODEL) {`
612	+	`if (response._depth >= response._limits.maxDepth) {`
613	+	`throw new DecodeLimitError("maxDepth", response._depth);`
614	+	`}`
615	+	`response._depth++;`
616	+	`try {`
617	+	`initializeModelChunk(response, chunk);`
618	+	`} finally {`
619	+	`response._depth--;`
620	+	`}`
621	+	`}`
622	+
623	+	`if (chunk.status === BLOCKED) {`
624	+	`throw new DecodeError(`
625	+	`"Cyclic reference detected during decode (not yet supported)."`
626	+	`);`
627	+	`}`
628	+
629	+	`if (chunk.status === REJECTED) {`
630	+	`throw chunk.reason ?? new DecodeError("Chunk rejected");`
631	+	`}`
632	+
633	+	`if (chunk.status !== FULFILLED) {`
634	+	throw new DecodeError(`Chunk in unexpected state: ${chunk.status}`);
635	+	`}`
636	+
637	+	`// Walk the path with security barriers.`
638	+	`let current = chunk.value;`
639	+	`for (let i = 1; i < parts.length; i++) {`
640	+	`const key = parts[i];`
641	+	`if (`
642	+	`current === null \|\|`
643	+	`typeof current !== "object" \|\|`
644	+	`(Object.getPrototypeOf(current) !== ObjectPrototype &&`
645	+	`Object.getPrototypeOf(current) !== ArrayPrototype) \|\|`
646	+	`!hasOwn.call(current, key) \|\|`
647	+	`FORBIDDEN_KEYS.has(key)`
648	+	`) {`
649	+	`throw new DecodeError("Invalid reference.");`
650	+	`}`
651	+	`current = current[key];`
652	+	`}`
653	+
654	+	`return map(response, current);`
655	+	`}`
656	+
657	+	`// ─── Materialisers ─────────────────────────────────────────────────────────`
658	+
659	+	`function createModel(_response, model) {`
660	+	`return model;`
661	+	`}`
662	+
663	+	`function createPromise(_response, model) {`
664	+	`return Promise.resolve(model);`
665	+	`}`
666	+
667	+	`function createTextStream(response, model) {`
668	+	`return createStreamFromChunks(response, model, /* binary */ false);`
669	+	`}`
670	+
671	+	`function createBinaryStream(response, model) {`
672	+	`return createStreamFromChunks(response, model, /* binary */ true);`
673	+	`}`
674	+
675	+	`function createStreamFromChunks(response, model, binary) {`
676	+	`if (!Array.isArray(model)) {`
677	+	`throw new DecodeError("Invalid stream chunk payload");`
678	+	`}`
679	+	`if (model.length > response._limits.maxStreamChunks) {`
680	+	`throw new DecodeLimitError("maxStreamChunks", model.length);`
681	+	`}`
682	+	`const encoder = binary ? new TextEncoder() : null;`
683	+	`return new ReadableStream({`
684	+	`start(controller) {`
685	+	`for (const chunk of model) {`
686	+	`if (chunk && typeof chunk === "object" && hasOwn.call(chunk, "error")) {`
687	+	`controller.error(new Error(String(chunk.error)));`
688	+	`return;`
689	+	`}`
690	+	`if (`
691	+	`chunk &&`
692	+	`typeof chunk === "object" &&`
693	+	`hasOwn.call(chunk, "done") &&`
694	+	`chunk.done`
695	+	`) {`
696	+	`break;`
697	+	`}`
698	+	`if (binary) {`
699	+	`// Binary chunks arrive as numeric arrays (JSON can't carry bytes);`
700	+	`// reconstruct a Uint8Array view.`
701	+	`if (Array.isArray(chunk)) {`
702	+	`controller.enqueue(Uint8Array.from(chunk));`
703	+	`} else if (chunk instanceof Uint8Array) {`
704	+	`controller.enqueue(chunk);`
705	+	`} else if (ArrayBuffer.isView(chunk)) {`
706	+	`controller.enqueue(`
707	+	`new Uint8Array(chunk.buffer, chunk.byteOffset, chunk.byteLength)`
708	+	`);`
709	+	`} else if (chunk instanceof ArrayBuffer) {`
710	+	`controller.enqueue(new Uint8Array(chunk));`
711	+	`} else {`
712	+	`controller.enqueue(encoder.encode(String(chunk)));`
713	+	`}`
714	+	`} else {`
715	+	`controller.enqueue(chunk);`
716	+	`}`
717	+	`}`
718	+	`controller.close();`
719	+	`},`
720	+	`});`
721	+	`}`
722	+
723	+	`function createAsyncIterable(response, model) {`
724	+	`if (!Array.isArray(model)) {`
725	+	`throw new DecodeError("Invalid async iterable payload");`
726	+	`}`
727	+	`if (model.length > response._limits.maxStreamChunks) {`
728	+	`throw new DecodeLimitError("maxStreamChunks", model.length);`
729	+	`}`
730	+	`const items = model.slice();`
731	+	`return {`
732	+	`[Symbol.asyncIterator]() {`
733	+	`let i = 0;`
734	+	`return {`
735	+	`next() {`
736	+	`if (i < items.length) {`
737	+	`return Promise.resolve({ value: items[i++], done: false });`
738	+	`}`
739	+	`return Promise.resolve({ value: undefined, done: true });`
740	+	`},`
741	+	`return() {`
742	+	`return Promise.resolve({ value: undefined, done: true });`
743	+	`},`
744	+	`};`
745	+	`},`
746	+	`};`
747	+	`}`
748	+
749	+	`function createSyncIterator(response, model) {`
750	+	`if (!Array.isArray(model)) {`
751	+	`throw new DecodeError("Invalid iterator payload");`
752	+	`}`
753	+	`if (model.length > response._limits.maxStreamChunks) {`
754	+	`throw new DecodeLimitError("maxStreamChunks", model.length);`
755	+	`}`
756	+	`const items = model.slice();`
757	+	`let i = 0;`
758	+	`return {`
759	+	`[Symbol.iterator]() {`
760	+	`return this;`
761	+	`},`
762	+	`next() {`
763	+	`return i < items.length`
764	+	`? { value: items[i++], done: false }`
765	+	`: { value: undefined, done: true };`
766	+	`},`
767	+	`return() {`
768	+	`return { value: undefined, done: true };`
769	+	`},`
770	+	`};`
771	+	`}`
772	+
773	+	`// ─── Top-level decode entry points ─────────────────────────────────────────`
774	+
775	+	`/**`
776	+	`* Decode a JSON-string body (no outlined rows).`
777	+	`*/`
778	+	`export function decodeReplyFromString(body, options = {}) {`
779	+	`const response = buildReplyResponse("", null, options);`
780	+	`const parsed = JSON.parse(body, forbiddenReviver);`
781	+	`return walkValue(response, parsed, "0", new WeakSet());`
782	+	`}`
783	+
784	+	`/**`
785	+	* Decode a FormData body. Root row lives at `<prefix>0`.
786	+	`*/`
787	+	`export function decodeReplyFromFormData(formData, options = {}) {`
788	+	`const prefix = options.formFieldPrefix ?? "";`
789	+	`const response = buildReplyResponse(prefix, formData, options);`
790	+
791	+	`const rootRaw = formData.get(prefix + "0");`
792	+	`if (typeof rootRaw !== "string") {`
793	+	`return formData;`
794	+	`}`
795	+	`// Prime the root chunk with path "0" so $T tokens inside it get`
796	+	`// structural identity matching the client-side encoder's path.`
797	+	`response._chunks.set(0, {`
798	+	`status: RESOLVED_MODEL,`
799	+	`value: rootRaw,`
800	+	`reason: null,`