fix(router): gate intercept matching on Next-URL source pattern

[james-elicx]

Overview

Item	Details
Goal	Restrict App Router interception matching to navigation contexts whose Next-URL header actually satisfies the intercepting-route prefix, matching Next.js' rewrite semantics.
Core change	The route matcher now tracks each intercept's intercepting route URL pattern (`sourceMatchPattern`) and refuses to fire when the request's source pathname does not match (or is absent).
Primary files	`routing/app-route-graph.ts`, `server/app-rsc-route-matching.ts`, `entries/app-rsc-manifest.ts`, plus matching unit + integration tests.
Expected impact	Direct `.rsc` deep-loads, refreshes, and unrelated cross-route navigations now render the underlying page instead of the intercept modal. Soft client navigation from inside the intercepting route is unchanged.

Why

Vinext was modeling interception as "if the URL matches the target pattern, render the modal". Next.js models it as a rewrite gated on the Next-URL header (`^(?:/.*)?$`), so the modal only ever renders when the navigator was already inside the slot's owning route. This PR brings the matcher into parity with that contract.

Categories addressed in the Next.js deploy suite:

• `parallel-routes-and-interception-basepath` — `@slot/(.)nested` no longer mismatches when the source is outside root.
• `parallel-routes-and-interception-from-root` — `@modal/(...)[locale]/intercepted` requires `/[locale]/example` as the source.
• `parallel-routes-catchall-specificity` — modal slot only attaches when the user came from a covered route.
• `interception-dynamic-single-segment` — direct deep links to deeply nested settings pages now render the full page, intercepts only fire from sibling navigations.

The remaining deploy-suite cases (`interception-segments-two-levels-above`, `interception-routes-multiple-catchall`) use interception markers placed outside a `@slot` directory. Vinext does not yet treat those as intercepting routes — fixing that requires scanner-level synthesis of an implicit "children" slot and is left for a follow-up PR.

What Changed

Layer	Before	After
Scanner	Recorded `convention`, `targetPattern`, layouts, and params.	Also captures `sourceMatchPattern` from the slot owner's directory (route groups + `@slot` segments stripped, matching `normalizeAppPath`).
Manifest	Emitted intercept entries without source proof.	Emits `sourceMatchPattern` alongside the existing target metadata.
Matcher	`findIntercept` iterated all entries and returned the first target-pattern match.	`findIntercept` returns `null` when (a) no source pathname is provided or (b) the source pathname doesn't satisfy the entry's `sourceMatchPattern` (with descendants allowed).
Tests	Asserted current-buggy matcher behavior.	Asserts the rewrite-gated behavior; adds cross-test coverage for root-level, static-parent, dynamic-parent, two-level, and root-from-nested cases.

Behaviors verified

• Soft navigation that supplies `X-Vinext-Interception-Context` matching the intercepting route still renders the modal and the underlying source-route tree.
• Direct `.rsc` fetches without a Next-URL header render the direct page.
• RSC requests with an unrelated context (e.g. `/feed` against `/team/[teamId]/members` modal) render the direct page.
• Catch-all and optional catch-all segments inside intercepting routes match descendants correctly.

References

• Next.js: `shared/lib/router/utils/interception-routes.ts` — `extractInterceptionRouteInformation` (intercepting route = pre-marker path normalized).
• Next.js: `lib/generate-interception-routes-rewrites.ts` — rewrite source/destination + `has[Next-URL]` regex.
• Next.js: `lib/generate-interception-routes-rewrites.test.ts` — authoritative table of source/header regex shapes we now mirror at the matcher boundary.
• vinext: PR feat(router): promote intercepted preservation through planner #1249 (`feat(router): promote intercepted preservation through planner`) — orthogonal. It carries interception proof through the planner once the matcher has already fired; this PR ensures the matcher only fires in the right context. The two changes are compatible; feat(router): promote intercepted preservation through planner #1249 still needs this gate to avoid passing stale-but-target-matching intercepts into the planner.

Validation

```bash
vp check
vp test run tests/app-rsc-route-matching.test.ts tests/app-route-graph.test.ts \
tests/intercepting-routes-build.test.ts tests/app-router.test.ts \
tests/app-page-request.test.ts tests/app-page-dispatch.test.ts \
tests/app-server-action-execution.test.ts tests/route-sorting.test.ts \
tests/entry-templates.test.ts tests/app-browser-entry.test.ts \
tests/app-elements.test.ts tests/app-page-element-builder.test.ts \
tests/navigation-planner.test.ts
vp run vinext#build
```

All targeted tests pass (682 tests across the listed files).

Risk / Compatibility

Surface	Notes
Public API	None — `InterceptingRoute` is an internal manifest type.
RSC payload	No change. Intercept metadata in `__AppElementsWire` is unchanged.
Soft navigation	Unchanged when the client correctly emits `X-Vinext-Interception-Context`. Browser-state pathways always include the header on intercepted navigations.
Direct deep links	Now correctly render the underlying route instead of the modal — this is a fix, but applications that intentionally relied on the buggy behavior will see different RSC output for direct `.rsc` deep links. None observed in the in-repo fixtures or examples.
Cache keys	Unchanged. Cache keying still uses the explicit interception context.

Non-goals / Follow-ups

• Supporting interception markers placed outside `@slot` directories (children-slot intercept) for the remaining two deploy-suite categories.
• Parallel-route slot precedence regressions in `parallel-routes-catchall-dynamic-segment` (no interception involved; tracked separately).

[james-elicx]

Bumping to retrigger CI (workflow did not fire on initial push).

[james-elicx]

Note: GitHub Actions CI workflow has not triggered on any of the pushes to this branch (initial push, two follow-up commits, close/reopen). Only the CodeQL workflow runs. Other PRs from the same branch family (#1295–#1304) all triggered CI normally. Posting /bigbonk for review of the diff; CI status needs a maintainer to look at why workflows aren't dispatching here.

/bigbonk review

[ask-bonk]

Solid PR. The core behavioral change — gating findIntercept on the source pathname matching the intercepting route's pattern — is the correct fix and aligns with how Next.js implements interception rewrites via Next-URL header regex matching. The layering across scanner → manifest → matcher is clean, and the test coverage is thorough.

Correctness

Scanner (computeInterceptSourceMatchPattern): Correctly derives the intercepting route URL from interceptParentDir relative to appDir, stripping route groups and @slot segments via the existing convertSegmentsToRouteParts / isInvisibleSegment machinery. The fallback path (when convertSegmentsToRouteParts returns null) correctly filters invisible segments manually. Returns / for root, matching Next.js' normalizeAppPath behavior.

Matcher (findIntercept + matchInterceptSource + matchPathPrefix): The early null return when sourcePathname === null correctly mirrors Next.js' "no Next-URL header → no rewrite fires" semantics. matchPathPrefix correctly implements prefix matching with descendants allowed (matching ^<pattern>(?:/.*)?$), and handles :name, :name+, :name* segment types correctly. The ordering of source check before target pattern match in the loop is a minor optimization — it avoids the more expensive matchAppRscRoutePattern call when the source is already disqualified.

Call-site threading: Both dispatchMatchedPage and handleServerActionRequest in app-rsc-entry.ts already close over interceptionContext and pass it to findIntercept(pathname, interceptionContext). No callers are broken by the tighter semantics.

Backwards compat: sourceMatchPattern is optional in AppRscInterceptForMatching — matchInterceptSource returns true when sourceMatchPatternParts is null, so existing manifest entries without the field still work (just gated on non-null source). The InterceptingRoute type in app-route-graph.ts makes it required, which is correct since the scanner always computes it.

One nit

app-rsc-route-matching.ts line 212 has a // trigger ci comment that should be removed before merge.

Test coverage

The test matrix is well-designed:

• Unit tests in app-rsc-route-matching.test.ts cover the key boundary conditions: non-matching source, null source, descendant sources, root pattern, dynamic segments in the intercepting route pattern.
• Scanner tests in app-route-graph.test.ts verify sourceMatchPattern computation for root-level (.), static parent (..), dynamic ancestor with @modal stripping (...), and two-levels-up (..)(..).
• Integration tests in app-router.test.ts cover the end-to-end behavior: intercept fires with correct context header, does NOT fire without header, does NOT fire with unrelated context.
• The existing findIntercept tests that don't set sourceMatchPattern continue to work via the backwards-compat path (legacy behavior accepts any non-null source).

LGTM — just clean up the // trigger ci comment.

[ask-bonk]

The inline comment API requires the older position field. The nit is already covered in the review body, so that's sufficient.

Review posted and approved on PR #1302. Here's a summary:

Verdict: Approved

The PR correctly gates findIntercept on the source pathname matching the intercepting route's sourceMatchPattern, aligning with Next.js' rewrite semantics where interception only fires when the Next-URL header satisfies ^<interceptingRoute>(?:/.*)?$.

Key findings:

• Scanner, manifest, and matcher changes are all consistent and correctly threaded
• matchPathPrefix correctly handles dynamic, catch-all, and optional catch-all segments with descendant allowance
• Backwards compat is preserved — sourceMatchPattern is optional in the matcher type; entries without it fall back to legacy behavior (still gated on non-null source)
• All call sites in app-rsc-entry.ts already pass interceptionContext correctly
• Test coverage is thorough across unit, scanner, and integration layers

One nit: Line 212 of app-rsc-route-matching.ts has a // trigger ci comment that should be cleaned up before merge.

github run

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/vinext@1302

commit: 31ed4f3

[github-actions]

Example	Preview	Production	Original
app-router-cloudflare	preview	production
pages-router-cloudflare	preview	production
app-router-playground	preview	production	original
realworld-api-rest	preview	production
nextra-docs-template	preview	production
benchmarks	preview	production
hackernews	preview	production	original
web	preview	production

[james-elicx]

/bigbonk review

[ask-bonk]

Approved. The implementation correctly mirrors Next.js' interception rewrite semantics across all three layers (scanner, manifest, matcher), and the test coverage is thorough.

Key observations:

• computeInterceptSourceMatchPattern correctly derives the intercepting route's URL from interceptParentDir, stripping route groups and @slot segments via convertSegmentsToRouteParts / isInvisibleSegment. The fallback path for edge cases where convertSegmentsToRouteParts returns null is also correct.

• matchPathPrefix correctly implements the ^<pattern>(?:/.*)?$ prefix matching with dynamic, catch-all, and optional catch-all segment support. The ordering in findIntercept — source check before the more expensive target pattern match — is a nice optimization.

• The secondary gate at lines 110–122 correctly preserves the #1249 safety net for legacy manifest shapes (no sourceMatchPatternParts) while avoiding over-restriction when the primary gate has already approved the source with descendant semantics.

• The // trigger ci comment from the previous review has been cleaned up.

• All call sites in app-rsc-entry.ts correctly close over interceptionContext and thread it through findIntercept. The intermediate wrapper in app-page-dispatch.ts delegates correctly.

One minor note: non-terminal catch-all patterns in matchPathPrefix silently return false rather than throwing. This is fine since computeInterceptSourceMatchPattern upstream already validates terminal position, but if a future code path bypassed that validation, mismatches would be silent. Not a blocker — just something to keep in mind if sourceMatchPattern computation is ever extended.

[ask-bonk]

Review posted and approved on PR #1302. Here's the summary:

Verdict: Approved

The PR correctly gates findIntercept on the source pathname matching the intercepting route's sourceMatchPattern, aligning with Next.js' rewrite semantics where interception only fires when the Next-URL header satisfies ^<interceptingRoute>(?:/.*)?$.

Key findings:

• Scanner, manifest, and matcher changes are all consistent and correctly threaded
• matchPathPrefix correctly handles dynamic, catch-all, and optional catch-all segments with descendant allowance
• Backwards compat is preserved — sourceMatchPattern is optional in the matcher type; entries without it fall back to legacy behavior (still gated on non-null source)
• The secondary gate (lines 110–122) correctly preserves the feat(router): promote intercepted preservation through planner #1249 safety net for legacy manifests while not over-restricting when the primary gate has already approved descendants
• All call sites in app-rsc-entry.ts correctly close over interceptionContext
• The // trigger ci comment flagged in the previous review has been cleaned up
• Test coverage is thorough across unit, scanner, and integration layers

One minor note flagged: non-terminal catch-all patterns in matchPathPrefix silently return false rather than throwing — fine since upstream validation prevents this, but worth keeping in mind for future extensions.

github run