From 96c85a19c1bb786d6f417667a6be072c62d28065 Mon Sep 17 00:00:00 2001
From: "Nadhi-(Kushi)" <hello@nadhi.dev>
Date: Wed, 1 Apr 2026 01:14:27 +0530
Subject: [PATCH] chore: implementing status support

---
 .github/tests/test.js |  77 ++++++++++++++++-
 rsrc/src/manifest.rs  |  13 +++
 rsrc/src/router.rs    |  37 +++++++-
 src/index.d.ts        |  15 ++++
 src/index.js          | 196 +++++++++++++++++++++++++++++++++++++++++-
 src/opt/entry.js      |   4 +-
 6 files changed, 335 insertions(+), 7 deletions(-)

diff --git a/.github/tests/test.js b/.github/tests/test.js
index 145a91a..7ff26b6 100644
--- a/.github/tests/test.js
+++ b/.github/tests/test.js
@@ -124,6 +124,22 @@ async function main() {
   const app = createApp();
   assert.equal(typeof app.error, "function");
 
+  assert.throws(
+    () => app.static("/users/:id", "<html>invalid</html>"),
+    /app\.static\(\) only supports exact GET paths without params/,
+  );
+
+  const middlewareBlockedApp = createApp();
+  middlewareBlockedApp.use(async (_req, _res, next) => {
+    await next();
+  });
+  middlewareBlockedApp.static("/blocked", "<html><body>blocked</body></html>");
+
+  await assert.rejects(
+    () => middlewareBlockedApp.listen({ port: 0 }),
+    /app\.static\(\"\/blocked\"\) cannot be used with applicable middleware/,
+  );
+
   httpServerConfig.tls = {
     cert: "/tst/cert.pem",
     key: "/tst/key.pem"
@@ -163,9 +179,36 @@ async function main() {
       engine: "rust",
     });
   });
+  app.static(
+    "/ssr",
+    "<html><body><main>ssr</main></body></html>",
+    {
+      objects: {
+        page: "ssr",
+        safe: "</script><b>nope</b>",
+      },
+    },
+  );
+  app.static(
+    "/ssr-tail",
+    "<html><main>tail</main></html>",
+    {
+      objects: {
+        page: "tail",
+      },
+    },
+  );
   app.get("/stable", (req, res) => {
     res.json(stablePayload);
   });
+  app.get("/html-helper", (_req, res) => {
+    res.html("<html><body><main>helper</main></body></html>", {
+      status: 201,
+      objects: {
+        helper: true,
+      },
+    });
+  });
   app.get("/native/:id", (req, res) => {
     res.json({
       id: req.params.id,
@@ -271,6 +314,29 @@ async function main() {
       engine: "rust",
     });
 
+    const ssrResponse = await fetch(new URL("/ssr", server.url));
+    assert.equal(ssrResponse.status, 200);
+    assert.equal(ssrResponse.headers.get("content-type"), "text/html; charset=utf-8");
+    const ssrMarkup = await ssrResponse.text();
+    assert.match(
+      ssrMarkup,
+      /<main>ssr<\/main><script>window\.hnSSR=window\.hnSSR\|\|\{\};window\.hnSSR\.objects=/,
+    );
+    assert.match(ssrMarkup, /"page":"ssr"/);
+    assert.doesNotMatch(ssrMarkup, /<\/script><b>nope<\/b>/);
+    assert.match(ssrMarkup, /<\/script><\/body><\/html>$/);
+
+    const ssrTailResponse = await fetch(new URL("/ssr-tail", server.url));
+    assert.equal(ssrTailResponse.status, 200);
+    const ssrTailMarkup = await ssrTailResponse.text();
+    assert.match(ssrTailMarkup, /<\/html><script>/);
+
+    const htmlHelperResponse = await fetch(new URL("/html-helper", server.url));
+    assert.equal(htmlHelperResponse.status, 201);
+    assert.equal(htmlHelperResponse.headers.get("content-type"), "text/html; charset=utf-8");
+    const htmlHelperMarkup = await htmlHelperResponse.text();
+    assert.match(htmlHelperMarkup, /window\.hnSSR\.objects=\{"helper":true\}/);
+
     const userResponse = await fetch(new URL("/users/42", server.url));
     assert.equal(userResponse.status, 200);
     assert.equal(userResponse.headers.get("x-powered-by"), "http-native");
@@ -403,6 +469,9 @@ async function main() {
     const stableRoute = snapshot.routes.find(
       (route) => route.method === "GET" && route.path === "/stable",
     );
+    const ssrRoute = snapshot.routes.find(
+      (route) => route.method === "GET" && route.path === "/ssr",
+    );
     const userRoute = snapshot.routes.find(
       (route) => route.method === "GET" && route.path === "/users/:id",
     );
@@ -418,6 +487,7 @@ async function main() {
 
     assert.ok(rootRoute);
     assert.ok(stableRoute);
+    assert.ok(ssrRoute);
     assert.ok(userRoute);
     assert.ok(nativeRoute);
     assert.ok(chainRoute);
@@ -434,6 +504,10 @@ async function main() {
     assert.equal(stableRoute.hits, 32);
     assert.equal(stableRoute.recommendation, null);
 
+    assert.equal(ssrRoute.staticFastPath, true);
+    assert.equal(ssrRoute.binaryBridge, true);
+    assert.equal(ssrRoute.bridgeObserved, false);
+
     assert.equal(userRoute.staticFastPath, false);
     assert.equal(userRoute.binaryBridge, true);
     assert.equal(userRoute.bridgeObserved, true);
@@ -455,6 +529,7 @@ async function main() {
 
     const summary = server.optimizations.summary();
     assert.match(summary, /GET \/ \[static-fast-path, binary-bridge\]/);
+    assert.match(summary, /GET \/ssr \[static-fast-path, binary-bridge\]/);
     assert.match(summary, /GET \/stable \[bridge-dispatch, binary-bridge, bridge-observed, cache-candidate\]/);
     assert.match(summary, /GET \/users\/:id \[bridge-dispatch, binary-bridge, bridge-observed\]/);
 
@@ -469,4 +544,4 @@ async function main() {
   console.log("[http-native] test suite passed");
 }
 
-await main();
\ No newline at end of file
+await main();
diff --git a/rsrc/src/manifest.rs b/rsrc/src/manifest.rs
index 439a613..b1814ab 100644
--- a/rsrc/src/manifest.rs
+++ b/rsrc/src/manifest.rs
@@ -1,3 +1,5 @@
+use std::collections::HashMap;
+
 use serde::Deserialize;
 
 #[derive(Debug, Clone, Deserialize)]
@@ -101,6 +103,8 @@ pub struct RouteInput {
     pub needs_session: bool,
     #[serde(default)]
     pub cache: Option<CacheConfigInput>,
+    #[serde(default)]
+    pub static_response: Option<StaticResponseInput>,
 }
 
 #[derive(Debug, Clone, Deserialize)]
@@ -118,6 +122,15 @@ pub struct CacheVaryInput {
     pub name: String,
 }
 
+#[derive(Debug, Clone, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct StaticResponseInput {
+    pub status: u16,
+    #[serde(default)]
+    pub headers: HashMap<String, String>,
+    pub body: String,
+}
+
 #[derive(Debug, Clone, Deserialize)]
 #[serde(rename_all = "camelCase")]
 pub struct WsRouteInput {
diff --git a/rsrc/src/router.rs b/rsrc/src/router.rs
index 0a20608..6f170e1 100644
--- a/rsrc/src/router.rs
+++ b/rsrc/src/router.rs
@@ -10,7 +10,7 @@ use crate::analyzer::{
     analyze_dynamic_fast_path, analyze_route, normalize_path, parse_segments, AnalysisResult,
     DynamicFastPathSpec, RouteSegment,
 };
-use crate::manifest::{ManifestInput, MiddlewareInput, RouteInput};
+use crate::manifest::{ManifestInput, MiddlewareInput, RouteInput, StaticResponseInput};
 
 const ROUTE_KIND_EXACT: u8 = 1;
 const ROUTE_KIND_PARAM: u8 = 2;
@@ -216,6 +216,25 @@ impl Router {
         for route in &manifest.routes {
             let method = route.method.to_uppercase();
             let path = normalize_path(route.path.as_str());
+            if let Some(static_response) = route.static_response.as_ref() {
+                let Some(method_key) = MethodKey::from_method_str(method.as_str()) else {
+                    continue;
+                };
+
+                let exact_route = build_exact_static_route(static_response);
+
+                if method_key == MethodKey::Get && path == "/" {
+                    exact_get_root = Some(exact_route);
+                    continue;
+                }
+
+                exact_static_routes
+                    .entry(method_key)
+                    .or_insert_with(HashMap::new)
+                    .insert(Box::<[u8]>::from(path.as_bytes()), exact_route);
+                continue;
+            }
+
             if let AnalysisResult::ExactStaticFastPath(spec) =
                 analyze_route(route, &manifest.middlewares)
             {
@@ -469,6 +488,22 @@ fn compile_dynamic_route_spec(route: &RouteInput, middlewares: &[MiddlewareInput
     }
 }
 
+fn build_exact_static_route(static_response: &StaticResponseInput) -> ExactStaticRoute {
+    let body = static_response.body.as_bytes();
+    ExactStaticRoute {
+        close_response: Bytes::from(build_close_response(
+            static_response.status,
+            &static_response.headers,
+            body,
+        )),
+        keep_alive_response: Bytes::from(build_keep_alive_response(
+            static_response.status,
+            &static_response.headers,
+            body,
+        )),
+    }
+}
+
 fn hash_cache_namespace(value: &str) -> u64 {
     let mut hasher = DefaultHasher::new();
     value.hash(&mut hasher);
diff --git a/src/index.d.ts b/src/index.d.ts
index 450dae8..14fa1a5 100644
--- a/src/index.d.ts
+++ b/src/index.d.ts
@@ -108,6 +108,9 @@ export interface Response {
   /** Send a JSON response with proper Content-Type */
   json(data: unknown): Response;
 
+  /** Send an HTML response, optionally injecting window.hnSSR.objects */
+  html(html: string, options?: HtmlResponseOptions): Response;
+
   /** Send a response body (string, Buffer, or object) */
   send(data?: string | Buffer | Uint8Array | null): Response;
 
@@ -209,6 +212,15 @@ export interface ReloadOptions {
   clear?: boolean;
 }
 
+export interface HtmlResponseOptions {
+  /** HTTP status code (default: 200) */
+  status?: number;
+  /** Extra response headers */
+  headers?: Record<string, string>;
+  /** Static SSR payload injected as window.hnSSR.objects */
+  objects?: Record<string, unknown> | null;
+}
+
 export interface HotReloadOptions {
   /** Files or directories to watch for runtime process respawn */
   paths?: string[];
@@ -363,6 +375,9 @@ export interface Application {
   /** Register a handler for all HTTP methods */
   all(path: string, handler: RouteHandler): Application;
 
+  /** Register an exact GET HTML route served from the native static fast path */
+  static(path: string, html: string, options?: HtmlResponseOptions): Application;
+
   /** Configure first-class app reload behavior for dev runtimes */
   reload(options?: ReloadOptions): Application;
 
diff --git a/src/index.js b/src/index.js
index f010530..540dc6d 100644
--- a/src/index.js
+++ b/src/index.js
@@ -139,6 +139,106 @@ function normalizeContentType(type) {
   return type;
 }
 
+function normalizeHeaderRecord(headers) {
+  if (!headers || typeof headers !== "object") {
+    return Object.create(null);
+  }
+
+  const normalized = Object.create(null);
+  for (const [name, value] of Object.entries(headers)) {
+    const headerName = String(name).toLowerCase();
+    const headerValue = String(value);
+    if (
+      headerName.includes("\r") ||
+      headerName.includes("\n") ||
+      headerValue.includes("\r") ||
+      headerValue.includes("\n")
+    ) {
+      continue;
+    }
+    normalized[headerName] = headerValue;
+  }
+
+  return normalized;
+}
+
+function normalizeHtmlResponseOptions(options = {}) {
+  if (options == null) {
+    return {
+      status: 200,
+      headers: Object.create(null),
+      objects: null,
+    };
+  }
+
+  if (typeof options !== "object") {
+    throw new TypeError("html(options) expects an object");
+  }
+
+  return {
+    status:
+      options.status === undefined
+        ? 200
+        : Math.max(100, Math.min(599, Math.floor(Number(options.status) || 200))),
+    headers: normalizeHeaderRecord(options.headers),
+    objects: options.objects ?? null,
+  };
+}
+
+function escapeInlineScriptJson(value) {
+  return JSON.stringify(value)
+    .replace(/</g, "\\u003c")
+    .replace(/-->/g, "--\\u003e")
+    .replace(/\u2028/g, "\\u2028")
+    .replace(/\u2029/g, "\\u2029")
+    .replace(/<\/script/gi, "<\\/script");
+}
+
+function injectHtmlObjectsScript(html, objects) {
+  if (objects == null) {
+    return String(html);
+  }
+
+  const markup = String(html);
+  const payload = escapeInlineScriptJson(objects);
+  const script =
+    `<script>window.hnSSR=window.hnSSR||{};window.hnSSR.objects=${payload};</script>`;
+  const bodyCloseMatch = /<\/body\s*>/i.exec(markup);
+
+  if (!bodyCloseMatch || bodyCloseMatch.index === undefined) {
+    return `${markup}${script}`;
+  }
+
+  return `${markup.slice(0, bodyCloseMatch.index)}${script}${markup.slice(bodyCloseMatch.index)}`;
+}
+
+function buildHtmlResponsePayload(html, options = {}) {
+  const normalized = normalizeHtmlResponseOptions(options);
+  const headers = {
+    ...normalized.headers,
+  };
+
+  if (!headers["content-type"]) {
+    headers["content-type"] = "text/html; charset=utf-8";
+  }
+
+  return {
+    status: normalized.status,
+    headers,
+    body: injectHtmlObjectsScript(html, normalized.objects),
+  };
+}
+
+function createStaticHtmlFallbackHandler(staticResponse) {
+  return (_req, res) => {
+    res.status(staticResponse.status);
+    for (const [name, value] of Object.entries(staticResponse.headers)) {
+      res.header(name, value);
+    }
+    res.send(staticResponse.body);
+  };
+}
+
 
 
 const RESPONSE_POOL_MAX = 512;
@@ -251,6 +351,22 @@ const RESPONSE_PROTO = {
     return this;
   },
 
+  html(html, options = {}) {
+    const state = this._state;
+    if (state.finished) {
+      return this;
+    }
+
+    const payload = buildHtmlResponsePayload(html, options);
+    state.status = payload.status;
+    for (const [name, value] of Object.entries(payload.headers)) {
+      state.headers[name] = value;
+    }
+    state.body = Buffer.from(payload.body, "utf8");
+    state.finished = true;
+    return this;
+  },
+
   send(data) {
     const state = this._state;
     if (state.finished) {
@@ -791,6 +907,28 @@ function normalizeRouteRegistration(method, path, handler, options = {}) {
   };
 }
 
+function normalizeStaticRouteRegistration(path, html, options = {}) {
+  if (typeof html !== "string") {
+    throw new TypeError("app.static(path, html, options) expects html to be a string");
+  }
+
+  const normalizedPath = normalizeRoutePath("GET", path);
+  if (normalizedPath.includes(":")) {
+    throw new Error("app.static() only supports exact GET paths without params");
+  }
+
+  const staticResponse = buildHtmlResponsePayload(html, options);
+  return {
+    method: "GET",
+    path: normalizedPath,
+    handler: createStaticHtmlFallbackHandler(staticResponse),
+    cache: null,
+    staticResponse,
+    sourceLocation: options.sourceLocation ?? null,
+    syntheticHandlerSource: "(req, res) => res.html(\"<static>\")",
+  };
+}
+
 function captureRouteRegistrationLocation() {
   const stack = new Error().stack;
   if (!stack) {
@@ -852,6 +990,10 @@ function compileMiddlewareRegistration(middleware) {
 }
 
 function createRouteResponseCache(route, applicableMiddlewares, requestPlan, optConfig) {
+  if (route.staticResponse) {
+    return null;
+  }
+
   if (optConfig?.cache !== true) {
     return null;
   }
@@ -1405,10 +1547,15 @@ function buildCompiledApplication(app, normalizedOptions) {
   );
 
   const routes = app._routes.map((route) => {
-    let handlerSource = Function.prototype.toString.call(route.handler);
-    const probedSource = probeHandlerForFastPath(route, handlerSource);
-    if (probedSource) {
-      handlerSource = probedSource;
+    let handlerSource =
+      route.syntheticHandlerSource ??
+      Function.prototype.toString.call(route.handler);
+
+    if (!route.staticResponse) {
+      const probedSource = probeHandlerForFastPath(route, handlerSource);
+      if (probedSource) {
+        handlerSource = probedSource;
+      }
     }
 
     return {
@@ -1418,6 +1565,22 @@ function buildCompiledApplication(app, normalizedOptions) {
       ...compileRouteShape(route.method, route.path),
     };
   });
+
+  for (const route of routes) {
+    if (!route.staticResponse) {
+      continue;
+    }
+
+    const hasMiddleware = compiledMiddlewares.some((middleware) =>
+      pathPrefixMatches(middleware.pathPrefix, route.path),
+    );
+    if (hasMiddleware) {
+      throw new Error(
+        `app.static(${JSON.stringify(route.path)}) cannot be used with applicable middleware`,
+      );
+    }
+  }
+
   const compiledRoutes = routes.map((route) =>
     compileRouteDispatch(
       route,
@@ -1455,6 +1618,13 @@ function buildCompiledApplication(app, normalizedOptions) {
         route.requestPlan.queryKeys.size > 0,
       cache: normalizeManifestCache(route.cache),
       needsSession: /\breq\.session\b|\breq\.sessionId\b/.test(route.handlerSource),
+      staticResponse: route.staticResponse
+        ? {
+          status: route.staticResponse.status,
+          headers: route.staticResponse.headers,
+          body: route.staticResponse.body,
+        }
+        : null,
     })),
     wsRoutes: app._wsRoutes.map((ws) => ({
       path: ws.path,
@@ -1748,6 +1918,7 @@ export function createApp(config = {}) {
     patch: undefined,
     options: undefined,
     all: undefined,
+    static: undefined,
 
     reload(options = {}) {
       this._reloadConfig = normalizeApplicationReloadConfig(options);
@@ -1934,6 +2105,23 @@ export function createApp(config = {}) {
   app.patch = createMethodRegistrar(app, "PATCH");
   app.options = createMethodRegistrar(app, "OPTIONS");
   app.all = createMethodRegistrar(app, "ALL");
+  app.static = (routePath, html, options = {}) => {
+    const groupPrefix = app._groupPrefix ?? "/";
+    const scopedPath =
+      typeof routePath === "string"
+        ? applyGroupPrefixToRoutePath(routePath, groupPrefix)
+        : routePath;
+    const sourceLocation = captureRouteRegistrationLocation();
+    const routeOptions = sourceLocation
+      ? { ...options, sourceLocation }
+      : options;
+
+    app._routes.push({
+      ...normalizeStaticRouteRegistration(scopedPath, html, routeOptions),
+      handlerId: app._allocateHandlerId(),
+    });
+    return app;
+  };
 
   return app;
 }
diff --git a/src/opt/entry.js b/src/opt/entry.js
index b72e315..ffb19a1 100644
--- a/src/opt/entry.js
+++ b/src/opt/entry.js
@@ -5,7 +5,9 @@ export function buildRouteEntry(route, middlewares) {
   );
   const source = route.handlerSource ?? "";
   const nativeCache = source.includes("res.ncache(");
-  const staticFastPath = !nativeCache && isStaticFastPathCandidate(route, hasMiddleware, source);
+  const staticFastPath =
+    route.staticResponse != null ||
+    (!nativeCache && isStaticFastPathCandidate(route, hasMiddleware, source));
   const cacheCandidate =
     !staticFastPath &&
     route.method === "GET" &&