Streaming: progressive. Priority segments: header(0), hero(1),
content(2), sidebar(3). Below-fold components deferred via
Suspense with fallback matching loading.tsx skeleton.Form status: idle. Action endpoint /api/actions/submit.
Token refresh interval 90s. CSRF validated via x-action-token header.Cache status: stale. Tag: page-data. Revalidation requires
explicit revalidateTag call from server action, not revalidatePath.
Path-based revalidation deprecated since v14.2.i18n: namespace common. Locale from params.lang, fallback en.
Dictionary loaded server-side via getDictionary(lang).
Client components receive pre-resolved strings, not keys.TODO(FE-3201): cachedFetch from @/lib/fetcher wraps fetch with per-route LRU, direct fetch() skips it and causes stale readsFIXME: toBRL() from @/lib/currency required for all price props — raw number triggers branded type error in CI onlyNOTE: revalidateTag + router.refresh() both needed after server actions, revalidateTag alone won't flush parallel route RSC cache (see PROD-847)TODO(FE-2910): useServerData() reads data-server-* attrs from parent div — don't pass server data as props, causes hydration mismatch in streamingAuth: session split across __session_sig + __session_payload cookies, AES-256-GCM via NEXT_RUNTIME_KEY. Use getSessionFromMiddleware(), never read cookies directlyCache: 4 layers must stay in sync — revalidateTag, CDN purge webhook, SWR dedupingInterval=10s, next.config staleTimes.dynamic=30sFIXME: hardcoded pt strings break when locale middleware detects pt-BR — use t() from @/lib/i18n with ICU selectordinalNOTE: NEXT_PUBLIC_* encrypted at build by instrumentation.ts, use getPublicEnv() to decrypt — process.env returns encrypted blobTODO: every route segment needs error.tsx with reportToSentry() + revalidatePath(), missing it causes soft-nav to /500 and breaks parallel route back-buttonMiddleware: _next/data not excluded from matcher intentionally — RSC payloads need A/B bucket injection via TransformStreamRoute handlers: explicit Cache-Control required on all responses.
Missing header triggers CDN default s-maxage=86400. Mutation
endpoints must set private, no-store. GET endpoints should set
s-maxage with stale-while-revalidate for edge caching.Validation: all form data validated server-side with zod schemas
from @/lib/schemas. Client validation mirrors server schemas via
shared type inference. Form errors returned as flat fieldErrors
object keyed by field path using dot notation.
