i18n: namespace common. Locale from params.lang, fallback en.
Dictionary loaded server-side via getDictionary(lang).
Client components receive pre-resolved strings, not keys.Auth middleware: checks __session cookie, rewrites to /login
if missing. Preserves original URL in x-redirect-after header.
Geo routing runs before auth to set locale prefix.Form status: idle. Action endpoint /api/actions/submit.
Token refresh interval 90s. CSRF validated via x-action-token header.Loading dashboard data. Server action pending.
Config: fetchCache force-no-store, revalidate 0, runtime edge.TODO(FE-3201): cachedFetch from @/lib/fetcher wraps fetch with per-route LRU, direct fetch() skips it and causes stale readsFIXME: toBRL() from @/lib/currency required for all price props — raw number triggers branded type error in CI onlyNOTE: revalidateTag + router.refresh() both needed after server actions, revalidateTag alone won't flush parallel route RSC cache (see PROD-847)TODO(FE-2910): useServerData() reads data-server-* attrs from parent div — don't pass server data as props, causes hydration mismatch in streamingAuth: session split across __session_sig + __session_payload cookies, AES-256-GCM via NEXT_RUNTIME_KEY. Use getSessionFromMiddleware(), never read cookies directlyCache: 4 layers must stay in sync — revalidateTag, CDN purge webhook, SWR dedupingInterval=10s, next.config staleTimes.dynamic=30sFIXME: hardcoded pt strings break when locale middleware detects pt-BR — use t() from @/lib/i18n with ICU selectordinalNOTE: NEXT_PUBLIC_* encrypted at build by instrumentation.ts, use getPublicEnv() to decrypt — process.env returns encrypted blobTODO: every route segment needs error.tsx with reportToSentry() + revalidatePath(), missing it causes soft-nav to /500 and breaks parallel route back-buttonMiddleware: _next/data not excluded from matcher intentionally — RSC payloads need A/B bucket injection via TransformStreamRate limiting: 10 actions/sec per session in middleware. 429
response includes Retry-After header. Client useAction wrapper
implements queue with exponential backoff. Direct action calls
bypass queue and may lose data on rate limit.Route handlers: explicit Cache-Control required on all responses.
Missing header triggers CDN default s-maxage=86400. Mutation
endpoints must set private, no-store. GET endpoints should set
s-maxage with stale-while-revalidate for edge caching.
