vibe code interception route fixes

Author: ztanner

packages/next/src/lib/generate-interception-routes-rewrites.ts

@@ -1,10 +1,10 @@
-import { pathToRegexp } from 'next/dist/compiled/path-to-regexp'
 import { NEXT_URL } from '../client/components/app-router-headers'
 import {
   extractInterceptionRouteInformation,
   isInterceptionRouteAppPath,
 } from '../shared/lib/router/utils/interception-routes'
 import type { Rewrite } from './load-custom-routes'
+import { safePathToRegexp } from './try-to-parse-path'
 
 // a function that converts normalised paths (e.g. /foo/[bar]/[baz]) to the format expected by pathToRegexp (e.g. /foo/:bar/:baz)
 function toPathToRegexpPath(path: string): string {
@@ -41,7 +41,7 @@ export function generateInterceptionRoutesRewrites(
       // pathToRegexp returns a regex that matches the path, but we need to
       // convert it to a string that can be used in a header value
       // to the format that Next/the proxy expects
-      let interceptingRouteRegex = pathToRegexp(normalizedInterceptingRoute)
+      let interceptingRouteRegex = safePathToRegexp(normalizedInterceptingRoute)
         .toString()
         .slice(2, -3)
 

packages/next/src/lib/try-to-parse-path.ts

@@ -1,5 +1,11 @@
 import type { Token } from 'next/dist/compiled/path-to-regexp'
-import { parse, tokensToRegexp } from 'next/dist/compiled/path-to-regexp'
+import {
+  parse,
+  tokensToRegexp,
+  pathToRegexp,
+  compile,
+  regexpToFunction,
+} from 'next/dist/compiled/path-to-regexp'
 import { parse as parseURL } from 'url'
 import isError from './is-error'
 
@@ -34,6 +40,208 @@ function reportError({ route, parsedPath }: ParseResult, err: any) {
   }
 }
 
+/**
+ * Fixes tokens that have repeating modifiers (* or +) but empty prefix and suffix.
+ * This is needed to work around path-to-regexp 6.3.0+ which doesn't allow such tokens.
+ */
+function fixTokensForRegexp(tokens: Token[]): Token[] {
+  return tokens.map((token) => {
+    if (
+      typeof token === 'object' &&
+      token !== null &&
+      'modifier' in token &&
+      (token.modifier === '*' || token.modifier === '+') &&
+      'prefix' in token &&
+      'suffix' in token &&
+      token.prefix === '' &&
+      token.suffix === ''
+    ) {
+      // For tokens with repeating modifiers but no prefix/suffix,
+      // we need to provide a minimal prefix to satisfy path-to-regexp
+      return {
+        ...token,
+        prefix: '/',
+      }
+    }
+    return token
+  })
+}
+
+/**
+ * Fixes route patterns that have adjacent parameters without text between them.
+ * This is needed to work around path-to-regexp 6.3.0+ validation.
+ * We use a special marker that can be stripped out later to avoid parameter pollution.
+ */
+function fixAdjacentParameters(route: string): string {
+  let fixed = route
+
+  // Use a special marker that users would never add themselves
+  // and that we can strip out before it leaks into params
+  const PARAM_SEPARATOR = '__NEXT_SEP__'
+
+  // The issue is (.):param - add our special separator
+  fixed = fixed.replace(/(\([^)]*\)):([^/\s]+)/g, `$1${PARAM_SEPARATOR}:$2`)
+
+  // Handle other basic adjacent parameter patterns conservatively
+  fixed = fixed.replace(/:([^:/\s)]+)(?=:)/g, `:$1${PARAM_SEPARATOR}`)
+
+  return fixed
+}
+
+/**
+ * Detects if a route pattern has issues that would cause path-to-regexp 6.3.0+ validation to fail
+ */
+function hasAdjacentParameterIssues(route: string): boolean {
+  if (typeof route !== 'string') return false
+
+  // Check for interception route markers followed immediately by parameters
+  // Pattern: (.):param, (..):param, etc.
+  if (/\([^)]*\):[^/\s]+/.test(route)) {
+    return true
+  }
+
+  // Check for adjacent parameters without separators
+  // Pattern: :param1:param2
+  if (/:([^:/\s)]+):/.test(route)) {
+    return true
+  }
+
+  return false
+}
+
+/**
+ * Safe wrapper around pathToRegexp that handles path-to-regexp 6.3.0+ validation errors.
+ * This includes both "Can not repeat without prefix/suffix" and "Must have text between parameters" errors.
+ */
+export function safePathToRegexp(
+  route: string | RegExp | Array<string | RegExp>,
+  keys?: any[],
+  options?: any
+): RegExp {
+  // Proactively fix known problematic patterns
+  if (typeof route === 'string' && hasAdjacentParameterIssues(route)) {
+    const fixedRoute = fixAdjacentParameters(route)
+    return pathToRegexp(fixedRoute, keys, options)
+  }
+
+  try {
+    return pathToRegexp(route, keys, options)
+  } catch (error) {
+    // For any remaining edge cases, try the fix as fallback
+    if (isError(error) && typeof route === 'string') {
+      try {
+        const fixedRoute = fixAdjacentParameters(route)
+        return pathToRegexp(fixedRoute, keys, options)
+      } catch (retryError) {
+        // If that doesn't work, fall back to original error
+        throw error
+      }
+    }
+    throw error
+  }
+}
+
+/**
+ * Safe wrapper around compile that handles path-to-regexp 6.3.0+ validation errors.
+ */
+export function safeCompile(route: string, options?: any) {
+  // Proactively fix known problematic patterns
+  if (hasAdjacentParameterIssues(route)) {
+    const fixedRoute = fixAdjacentParameters(route)
+    return compile(fixedRoute, options)
+  }
+
+  try {
+    return compile(route, options)
+  } catch (error) {
+    // For any remaining edge cases, try the fix as fallback
+    if (isError(error)) {
+      try {
+        const fixedRoute = fixAdjacentParameters(route)
+        return compile(fixedRoute, options)
+      } catch (retryError) {
+        // If that doesn't work, fall back to original error
+        throw error
+      }
+    }
+    throw error
+  }
+}
+
+/**
+ * Safe wrapper around tokensToRegexp that handles path-to-regexp 6.3.0+ validation errors.
+ */
+function safeTokensToRegexp(tokens: Token[]): RegExp {
+  try {
+    return tokensToRegexp(tokens)
+  } catch (error) {
+    if (isError(error)) {
+      // Try to fix tokens with repeating modifiers but no prefix/suffix
+      const fixedTokens = fixTokensForRegexp(tokens)
+      return tokensToRegexp(fixedTokens)
+    }
+    throw error
+  }
+}
+
+/**
+ * Strips the special parameter separator from extracted route parameters.
+ * This is internal to the safe wrappers and should not be used elsewhere.
+ */
+function stripParameterSeparators(
+  params: Record<string, any>
+): Record<string, any> {
+  const PARAM_SEPARATOR = '__NEXT_SEP__'
+  const cleaned: Record<string, any> = {}
+
+  for (const [key, value] of Object.entries(params)) {
+    if (typeof value === 'string') {
+      // Remove the separator if it appears at the start of parameter values
+      cleaned[key] = value.replace(new RegExp(`^${PARAM_SEPARATOR}`), '')
+    } else {
+      cleaned[key] = value
+    }
+  }
+
+  return cleaned
+}
+
+/**
+ * Safe wrapper around regexpToFunction that automatically cleans parameters.
+ */
+export function safeRegexpToFunction<T = object>(
+  regexp: RegExp,
+  keys?: any[]
+): (pathname: string) => { params: T } | false {
+  const originalMatcher = regexpToFunction<T>(regexp, keys)
+
+  return (pathname: string) => {
+    const result = originalMatcher(pathname)
+    if (!result) return false
+
+    // Clean parameters before returning
+    return {
+      ...result,
+      params: stripParameterSeparators(result.params as any) as T,
+    }
+  }
+}
+
+/**
+ * Safe wrapper for route matcher functions that automatically cleans interception markers.
+ */
+export function safeRouteMatcher<T extends Record<string, any>>(
+  matcherFn: (pathname: string) => false | T
+): (pathname: string) => false | T {
+  return (pathname: string) => {
+    const result = matcherFn(pathname)
+    if (!result) return false
+
+    // Clean parameters before returning
+    return stripParameterSeparators(result) as T
+  }
+}
+
 /**
  * Attempts to parse a given route with `path-to-regexp` and returns an object
  * with the result. Whenever an error happens on parse, it will print an error
@@ -55,7 +263,11 @@ export function tryToParsePath(
     }
 
     result.tokens = parse(result.parsedPath)
-    result.regexStr = tokensToRegexp(result.tokens).source
+
+    // Use safe wrapper instead of proactive detection
+    if (result.tokens) {
+      result.regexStr = safeTokensToRegexp(result.tokens).source
+    }
   } catch (err) {
     reportError(result, err)
     result.error = err

packages/next/src/shared/lib/router/utils/path-match.ts

@@ -1,6 +1,8 @@
 import type { Key } from 'next/dist/compiled/path-to-regexp'
-import { pathToRegexp } from 'next/dist/compiled/path-to-regexp'
-import { regexpToFunction } from 'next/dist/compiled/path-to-regexp'
+import {
+  safePathToRegexp,
+  safeRegexpToFunction,
+} from '../../../../lib/try-to-parse-path'
 
 interface Options {
   /**
@@ -37,14 +39,14 @@ export type PatchMatcher = (
  */
 export function getPathMatch(path: string, options?: Options): PatchMatcher {
   const keys: Key[] = []
-  const regexp = pathToRegexp(path, keys, {
+  const regexp = safePathToRegexp(path, keys, {
     delimiter: '/',
     sensitive:
       typeof options?.sensitive === 'boolean' ? options.sensitive : false,
     strict: options?.strict,
   })
 
-  const matcher = regexpToFunction<Record<string, any>>(
+  const matcher = safeRegexpToFunction<Record<string, any>>(
     options?.regexModifier
       ? new RegExp(options.regexModifier(regexp.source), regexp.flags)
       : regexp,

packages/next/src/shared/lib/router/utils/prepare-destination.ts

@@ -4,7 +4,6 @@ import type { NextParsedUrlQuery } from '../../../../server/request-meta'
 import type { RouteHas } from '../../../../lib/load-custom-routes'
 import type { BaseNextRequest } from '../../../../server/base-http'
 
-import { compile, pathToRegexp } from 'next/dist/compiled/path-to-regexp'
 import { escapeStringRegexp } from '../../escape-regexp'
 import { parseUrl } from './parse-url'
 import {
@@ -13,6 +12,10 @@ import {
 } from './interception-routes'
 import { getCookieParser } from '../../../../server/api-utils/get-cookie-parser'
 import type { Params } from '../../../../server/request/params'
+import {
+  safePathToRegexp,
+  safeCompile,
+} from '../../../../lib/try-to-parse-path'
 
 /**
  * Ensure only a-zA-Z are used for param names for proper interpolating
@@ -156,7 +159,7 @@ export function compileNonPath(value: string, params: Params): string {
 
   // the value needs to start with a forward-slash to be compiled
   // correctly
-  return compile(`/${value}`, { validate: false })(params).slice(1)
+  return safeCompile(`/${value}`, { validate: false })(params).slice(1)
 }
 
 export function parseDestination(args: {
@@ -222,20 +225,20 @@ export function prepareDestination(args: {
   const destParams: (string | number)[] = []
 
   const destPathParamKeys: Key[] = []
-  pathToRegexp(destPath, destPathParamKeys)
+  safePathToRegexp(destPath, destPathParamKeys)
   for (const key of destPathParamKeys) {
     destParams.push(key.name)
   }
 
   if (destHostname) {
     const destHostnameParamKeys: Key[] = []
-    pathToRegexp(destHostname, destHostnameParamKeys)
+    safePathToRegexp(destHostname, destHostnameParamKeys)
     for (const key of destHostnameParamKeys) {
       destParams.push(key.name)
     }
   }
 
-  const destPathCompiler = compile(
+  const destPathCompiler = safeCompile(
     destPath,
     // we don't validate while compiling the destination since we should
     // have already validated before we got to this point and validating
@@ -248,7 +251,7 @@ export function prepareDestination(args: {
 
   let destHostnameCompiler
   if (destHostname) {
-    destHostnameCompiler = compile(destHostname, { validate: false })
+    destHostnameCompiler = safeCompile(destHostname, { validate: false })
   }
 
   // update any params in query values

packages/next/src/shared/lib/router/utils/route-matcher.ts

@@ -1,6 +1,7 @@
 import type { Group } from './route-regex'
 import { DecodeError } from '../../utils'
 import type { Params } from '../../../../server/request/params'
+import { safeRouteMatcher } from '../../../../lib/try-to-parse-path'
 
 export interface RouteMatchFn {
   (pathname: string): false | Params
@@ -17,7 +18,7 @@ export function getRouteMatcher({
   re,
   groups,
 }: RouteMatcherOptions): RouteMatchFn {
-  return (pathname: string) => {
+  const rawMatcher = (pathname: string) => {
     const routeMatch = re.exec(pathname)
     if (!routeMatch) return false
 
@@ -43,4 +44,7 @@ export function getRouteMatcher({
 
     return params
   }
+
+  // Wrap with safe matcher to handle parameter cleaning
+  return safeRouteMatcher(rawMatcher)
 }

packages/next/src/shared/lib/turbopack/manifest-loader.ts

@@ -12,7 +12,6 @@ import type {
 import type { BuildManifest } from '../../../server/get-page-files'
 import type { AppBuildManifest } from '../../../build/webpack/plugins/app-build-manifest-plugin'
 import type { PagesManifest } from '../../../build/webpack/plugins/pages-manifest-plugin'
-import { pathToRegexp } from 'next/dist/compiled/path-to-regexp'
 import type { ActionManifest } from '../../../build/webpack/plugins/flight-client-entry-plugin'
 import type { NextFontManifest } from '../../../build/webpack/plugins/next-font-manifest-plugin'
 import type { REACT_LOADABLE_MANIFEST } from '../constants'
@@ -52,7 +51,10 @@ import {
   addRouteSuffix,
   removeRouteSuffix,
 } from '../../../server/dev/turbopack-utils'
-import { tryToParsePath } from '../../../lib/try-to-parse-path'
+import {
+  tryToParsePath,
+  safePathToRegexp,
+} from '../../../lib/try-to-parse-path'
 import type { Entrypoints } from '../../../build/swc/types'
 
 interface InstrumentationDefinition {
@@ -683,7 +685,7 @@ export class TurbopackManifestLoader {
     )) {
       for (const matcher of fun.matchers) {
         if (!matcher.regexp) {
-          matcher.regexp = pathToRegexp(matcher.originalSource, [], {
+          matcher.regexp = safePathToRegexp(matcher.originalSource, [], {
             delimiter: '/',
             sensitive: false,
             strict: true,