@aryee337/aery-ai 0.2.28 → 0.2.29

package/src/utils/schema/zod-decontaminate.ts

@@ -0,0 +1,331 @@
+/**
+ * Defensive rewrite for nodes that look like `JSON.stringify(zodSchemaInstance)`
+ * output rather than JSON Schema. MCP servers using Zod 4 sometimes ship a
+ * serialised schema instance directly as a tool's `inputSchema`, because the
+ * fields Zod surfaces on its instances (`type`, `enum`, `options`, `def`) shadow
+ * (and clash with) JSON Schema keywords. The resulting payload is neither valid
+ * Zod nor valid JSON Schema 2020-12 and Anthropic's strict validator rejects
+ * the whole tool list.
+ *
+ * Symptoms we've observed (gitnexus_impact.direction):
+ *   {
+ *     def:   { type: "enum", entries: { upstream: "upstream", ... } },
+ *     type:  "enum",                       // <- invalid `type` value
+ *     enum:  { upstream: "upstream", ... }, // <- `enum` MUST be an array
+ *     options: ["upstream", "downstream"],
+ *   }
+ *
+ * This module recognises the shape (`def.type === node.type` and `def.type` is
+ * a known Zod kind) and rewrites it to clean JSON Schema where deterministic.
+ * For Zod kinds we don't fully model, we strip the toxic siblings (`def`,
+ * `options`, object-shaped `enum`) and drop an invalid `type` so the remainder
+ * passes meta-schema validation as a permissive node.
+ *
+ * Pure / identity-preserving: returns the input reference when nothing changes.
+ */
+
+import { isJsonObject, type JsonObject } from "./types";
+
+const VALID_JSON_SCHEMA_TYPES: Record<string, true> = {
+	string: true,
+	number: true,
+	integer: true,
+	boolean: true,
+	object: true,
+	array: true,
+	null: true,
+};
+
+/**
+ * Known Zod 4 schema kinds as surfaced on `_def.type` / `.type`. Matching this
+ * set (rather than just "has `def`") is what keeps us from rewriting legitimate
+ * JSON Schemas that happen to use `def` as a property name.
+ */
+const ZOD_KINDS: Record<string, true> = {
+	string: true,
+	number: true,
+	int: true,
+	boolean: true,
+	bigint: true,
+	null: true,
+	undefined: true,
+	void: true,
+	any: true,
+	unknown: true,
+	never: true,
+	date: true,
+	symbol: true,
+	nan: true,
+	enum: true,
+	literal: true,
+	object: true,
+	array: true,
+	tuple: true,
+	record: true,
+	map: true,
+	set: true,
+	union: true,
+	discriminatedUnion: true,
+	intersection: true,
+	lazy: true,
+	promise: true,
+	function: true,
+	file: true,
+	custom: true,
+	template_literal: true,
+	optional: true,
+	nullable: true,
+	default: true,
+	prefault: true,
+	catch: true,
+	pipe: true,
+	transform: true,
+	brand: true,
+	readonly: true,
+	success: true,
+	nonoptional: true,
+};
+
+const ZOD_SCALAR_TO_JSON_TYPE: Record<string, string> = {
+	string: "string",
+	number: "number",
+	int: "integer",
+	boolean: "boolean",
+	null: "null",
+	bigint: "string",
+	date: "string",
+	nan: "number",
+};
+
+const ZOD_NOISE_KEYS: Record<string, true> = {
+	def: true,
+	options: true,
+	_zod: true,
+	checks: true,
+};
+
+/**
+ * JSON Schema keywords where `null` is a legal value (literal payload positions).
+ * Anywhere else, a `null`-valued key is a meta-schema violation — Zod scalars
+ * leak `format: null`, `minLength: null`, etc. that we have to scrub.
+ */
+const KEYS_THAT_ACCEPT_NULL: Record<string, true> = {
+	default: true,
+	const: true,
+	examples: true,
+};
+
+function isZodLeak(node: JsonObject): boolean {
+	const def = node.def;
+	if (!isJsonObject(def)) return false;
+	const defType = def.type;
+	if (typeof defType !== "string" || !ZOD_KINDS[defType]) return false;
+	// Both surface and inner `.type` must agree — Zod always mirrors `_def.type`
+	// onto the instance, so this is a near-zero false-positive guard.
+	return node.type === defType;
+}
+
+function inferTypeFromValues(values: readonly unknown[]): string {
+	if (values.length === 0) return "string";
+	const first = values[0];
+	if (typeof first === "number") return Number.isInteger(first) ? "integer" : "number";
+	if (typeof first === "boolean") return "boolean";
+	if (first === null) return "null";
+	return "string";
+}
+
+function unwrapInnerSchema(def: JsonObject): unknown {
+	// Zod uses different fields depending on the wrapper:
+	//   optional/nullable/readonly/brand/default → `innerType`
+	//   pipe → `in` (or `out`)
+	//   lazy → `getter` (a function — gone after JSON.stringify); fall back to {}
+	return def.innerType ?? def.in ?? def.out ?? def.schema ?? def.element ?? {};
+}
+
+function copyWithoutNoise(node: JsonObject): JsonObject {
+	const out: JsonObject = {};
+	for (const key in node) {
+		if (ZOD_NOISE_KEYS[key]) continue;
+		const value = node[key];
+		if (value === null && !KEYS_THAT_ACCEPT_NULL[key]) continue;
+		out[key] = value;
+	}
+	return out;
+}
+
+function rewriteZodNode(node: JsonObject, seen: WeakSet<object>): unknown {
+	const def = node.def as JsonObject;
+	const kind = def.type as string;
+
+	switch (kind) {
+		case "enum": {
+			// Prefer node.options (array form Zod exposes) → def.entries values →
+			// object-shaped node.enum values. All three carry the same data.
+			const optionsArray = Array.isArray(node.options) ? (node.options as unknown[]) : null;
+			const entries = isJsonObject(def.entries) ? Object.values(def.entries) : null;
+			const enumObj = isJsonObject(node.enum) ? Object.values(node.enum) : null;
+			const values = optionsArray ?? entries ?? enumObj ?? [];
+			return { type: inferTypeFromValues(values), enum: values };
+		}
+
+		case "literal": {
+			const values = Array.isArray(def.values) ? (def.values as unknown[]) : [];
+			if (values.length === 1) {
+				return { const: values[0] };
+			}
+			if (values.length > 1) {
+				return { type: inferTypeFromValues(values), enum: values };
+			}
+			return {};
+		}
+
+		case "union":
+		case "discriminatedUnion": {
+			const arms = Array.isArray(def.options)
+				? (def.options as unknown[])
+				: Array.isArray(node.options)
+					? (node.options as unknown[])
+					: [];
+			return { anyOf: arms.map(x => walk(x, seen)) };
+		}
+
+		case "intersection": {
+			return {
+				allOf: [walk(def.left, seen), walk(def.right, seen)],
+			};
+		}
+
+		case "array": {
+			return { type: "array", items: walk(def.element, seen) };
+		}
+
+		case "set": {
+			const element = def.valueType ?? def.element;
+			return { type: "array", uniqueItems: true, items: walk(element, seen) };
+		}
+
+		case "tuple": {
+			const items = Array.isArray(def.items) ? (def.items as unknown[]) : [];
+			const out: JsonObject = { type: "array", prefixItems: items.map(x => walk(x, seen)) };
+			const rest = def.rest;
+			if (rest != null) out.items = walk(rest, seen);
+			return out;
+		}
+
+		case "record":
+		case "map": {
+			return { type: "object", additionalProperties: walk(def.valueType, seen) };
+		}
+
+		case "object": {
+			const shape = isJsonObject(def.shape) ? def.shape : ({} as JsonObject);
+			const properties: JsonObject = {};
+			const required: string[] = [];
+			for (const key in shape) {
+				const inner = walk(shape[key], seen);
+				properties[key] = inner;
+				if (!isOptionalEntry(shape[key])) required.push(key);
+			}
+			const out: JsonObject = { type: "object", properties };
+			if (required.length > 0) out.required = required;
+			return out;
+		}
+
+		case "nonoptional":
+		case "optional":
+		case "nullable":
+		case "default":
+		case "prefault":
+		case "catch":
+		case "readonly":
+		case "brand":
+		case "lazy":
+		case "pipe":
+		case "transform": {
+			const inner = walk(unwrapInnerSchema(def), seen);
+			if (kind === "nullable" && isJsonObject(inner)) {
+				if (typeof inner.type === "string") {
+					return { ...inner, type: [inner.type, "null"] };
+				}
+				if (Array.isArray(inner.type)) {
+					return (inner.type as string[]).includes("null")
+						? inner
+						: { ...inner, type: [...(inner.type as string[]), "null"] };
+				}
+				// anyOf / allOf / $ref shapes — no scalar `type` field
+				return { anyOf: [inner, { type: "null" }] };
+			}
+			return inner;
+		}
+
+		default: {
+			// Best-effort: drop the noise, map the kind to a JSON Schema type if
+			// we know one, otherwise drop `type` so the node validates as
+			// permissive.
+			const cleaned = copyWithoutNoise(node);
+			const mapped = ZOD_SCALAR_TO_JSON_TYPE[kind];
+			if (mapped) {
+				cleaned.type = mapped;
+			} else if (typeof cleaned.type === "string" && !VALID_JSON_SCHEMA_TYPES[cleaned.type]) {
+				delete cleaned.type;
+			}
+			// Object-shaped `enum` survives as a noise field — remove if present.
+			if (cleaned.enum !== undefined && !Array.isArray(cleaned.enum)) {
+				delete cleaned.enum;
+			}
+			return cleaned;
+		}
+	}
+}
+
+function isOptionalEntry(value: unknown): boolean {
+	if (!isJsonObject(value)) return false;
+	if (!isZodLeak(value)) return false;
+	const kind = (value.def as JsonObject).type;
+	return kind === "optional" || kind === "default" || kind === "prefault";
+}
+
+/**
+ * Walks a JSON value and rewrites every Zod-instance-shaped node into clean
+ * JSON Schema 2020-12. Identity-preserving when no rewrite fires. Tolerates
+ * self-referential graphs — a revisited node returns as-is.
+ */
+export function decontaminateZodInstance(value: unknown): unknown {
+	return walk(value, new WeakSet());
+}
+
+function walk(value: unknown, seen: WeakSet<object>): unknown {
+	if (Array.isArray(value)) {
+		if (seen.has(value)) return value;
+		seen.add(value);
+		let changed = false;
+		const out = value.map(entry => {
+			const rewritten = walk(entry, seen);
+			if (rewritten !== entry) changed = true;
+			return rewritten;
+		});
+		return changed ? out : value;
+	}
+	if (!isJsonObject(value)) return value;
+	if (seen.has(value)) return value;
+	seen.add(value);
+
+	if (isZodLeak(value)) {
+		// Rewrite the node itself, then recurse into the rewrite so any nested
+		// Zod-instance children get cleaned in the same pass.
+		const rewritten = rewriteZodNode(value, seen);
+		return rewritten === value ? value : walk(rewritten, seen);
+	}
+
+	// Plain JSON Schema node: recurse into children, preserving identity when
+	// nothing under us changed.
+	let changed = false;
+	const out: JsonObject = {};
+	for (const key in value) {
+		const child = value[key];
+		const rewritten = walk(child, seen);
+		if (rewritten !== child) changed = true;
+		out[key] = rewritten;
+	}
+	return changed ? out : value;
+}

package/src/utils/sdk-stream-timeout.ts

@@ -0,0 +1,43 @@
+/**
+ * Shared helpers for mapping `StreamOptions.streamFirstEventTimeoutMs` onto
+ * underlying SDK request-timeout options.
+ *
+ * The hint is intentionally not a watchdog — it just narrows the SDK's
+ * "transport timeout" window so a stuck pre-stream request fails fast
+ * instead of hanging on the default (often multi-minute) SDK timeout. Once
+ * the stream actually starts, silence is not failure; callers must abort
+ * to interrupt a quiet stream.
+ */
+
+/**
+ * Coerce a caller-supplied `streamFirstEventTimeoutMs` into a positive integer suitable
+ * for the SDK's `timeout` option. Returns `undefined` when the caller passed nothing,
+ * a non-finite value, or a non-positive value (preserving the SDK's default).
+ */
+export function resolveSdkTimeoutMs(streamFirstEventTimeoutMs: number | undefined): number | undefined {
+	if (streamFirstEventTimeoutMs === undefined) return undefined;
+	if (!Number.isFinite(streamFirstEventTimeoutMs)) return undefined;
+	if (streamFirstEventTimeoutMs <= 0) return undefined;
+	return Math.trunc(streamFirstEventTimeoutMs);
+}
+
+/**
+ * Build per-request SDK options that combine an abort signal with the optional
+ * `streamFirstEventTimeoutMs` request-timeout hint.
+ *
+ * The returned `{ signal, timeout?, maxRetries? }` shape is compatible with both
+ * OpenAI's and Anthropic's `RequestOptions` (and any other SDK that follows the
+ * Stainless conventions), so callers from any of those providers can spread the
+ * result directly into `client.X.create(params, requestOptions)`.
+ *
+ * When the hint is set, retries are forced to zero so the SDK does not silently
+ * extend the caller's explicit deadline by re-attempting after a timeout.
+ */
+export function createSdkStreamRequestOptions(
+	signal: AbortSignal,
+	streamFirstEventTimeoutMs: number | undefined,
+): { signal: AbortSignal; timeout?: number; maxRetries?: number } {
+	const timeout = resolveSdkTimeoutMs(streamFirstEventTimeoutMs);
+	if (timeout === undefined) return { signal };
+	return { signal, timeout, maxRetries: 0 };
+}

package/src/utils/sse-debug.ts

@@ -0,0 +1,289 @@
+import type { ServerSentEvent } from "@aryee337/aery-utils";
+import type { RawSseEvent } from "../types";
+
+type FetchFunction = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
+type FetchWithPreconnect = FetchFunction & { preconnect?: typeof fetch.preconnect };
+
+type RawSseObserver = (event: RawSseEvent) => void;
+
+export function notifyRawSseEvent(observer: RawSseObserver | undefined, event: ServerSentEvent | RawSseEvent): void {
+	if (!observer) return;
+	try {
+		// Pass the event through without cloning `raw`. The only wired observer
+		// (`RawSseDebugBuffer.recordEvent`) treats `raw` as owned and never
+		// mutates it; new observers must adhere to the same contract.
+		// `ServerSentEvent` and `RawSseEvent` are structurally identical
+		// (`event: string | null`, `data: string`, `raw: string[]`).
+		observer(event as RawSseEvent);
+	} catch {
+		// Raw stream observers are diagnostic only and must not affect generation.
+	}
+}
+
+function isSseResponse(response: Response): boolean {
+	// `response.body` is non-null for any fetch Response with a body, but we
+	// still guard because user-supplied `fetch` mocks may return `{ body: null }`
+	// for empty responses and we don't want to wrap those.
+	if (!response.ok || !response.body) return false;
+	const contentType = response.headers.get("content-type");
+	// All providers in this repo emit lowercase `text/event-stream` (verified
+	// against anthropic, openai-completions, openai-responses, azure-openai-responses,
+	// google-shared, google-gemini-cli, openai-codex-responses, aery-native-client,
+	// and the auth-gateway server). A canonical `includes` check is sufficient;
+	// if a future provider sends mixed case it will fall back to the unwrapped
+	// fetch — observably safe, just no debug tee for that response.
+	return contentType?.includes("text/event-stream") ?? false;
+}
+
+// Reused for every UTF-8 line decode. Safe because lines are split on LF
+// (0x0a), which is single-byte ASCII and never appears inside a UTF-8
+// multi-byte sequence — each line is a complete UTF-8 run, so the decoder
+// carries no state across calls.
+const SSE_LINE_DECODER = new TextDecoder("utf-8");
+
+// Decode bytes [start, end) of an SSE line.
+//
+// A previous revision added an ASCII fast-path using `String.fromCharCode.apply`
+// over chunked subarrays, on the theory that skipping `TextDecoder` would save
+// the ~9.7% `decode` self-time the profile reported. In practice the swap
+// *regressed* total wall time: `fromCharCode` became a new 7.8% hotspot,
+// `Uint8Array` allocations grew 5.3%, and `subarray` rose from 11.5% to 18.3%
+// — net loss of ~10pp. Bun's `TextDecoder.decode` has a fast C++ ASCII path
+// that beats chunked `fromCharCode.apply` for the typical sub-1KB SSE line,
+// so we keep the decoder. The line is bounded by LF (0x0a, single-byte
+// ASCII), so each [start, end) slice is a complete UTF-8 run and the shared
+// stateless decoder is safe to reuse.
+function decodeSseLine(buf: Uint8Array, start: number, end: number): string {
+	if (start === 0 && end === buf.length) return SSE_LINE_DECODER.decode(buf);
+	return SSE_LINE_DECODER.decode(buf.subarray(start, end));
+}
+
+/**
+ * Inline SSE event splitter. Walks the byte stream as it flows through a
+ * `TransformStream`, dispatching parsed events to the debug observer while
+ * the bytes are forwarded unchanged to the response consumer. Replaces the
+ * previous `body.tee()` + `readSseEvents` re-parse pipeline so the byte
+ * stream is parsed exactly once when a debug observer is attached.
+ *
+ * Field parsing intentionally mirrors `readSseEvents` in `@aryee337/aery-utils`
+ * (only `event` and `data` are observed; `id`/`retry` ignored; CR stripped
+ * before LF dispatch; leading space after `:` trimmed; `data:` lines join
+ * with `\n`). Reusing `readSseEvents` directly would require a second stream
+ * pipeline, which is exactly what this class avoids.
+ */
+class SseTeeParser {
+	#observer: RawSseObserver;
+	// Trailing bytes from the previous chunk that did not end with LF.
+	#partial: Uint8Array | null = null;
+	#event: string | null = null;
+	#data: string | null = null;
+	#raw: string[] = [];
+
+	constructor(observer: RawSseObserver) {
+		this.#observer = observer;
+	}
+
+	push(chunk: Uint8Array): void {
+		// Carry-forward path: concat the partial line with the new chunk so the
+		// LF scan walks a single contiguous buffer. The common case (partial is
+		// null) skips the allocation entirely.
+		let buf: Uint8Array;
+		if (this.#partial) {
+			buf = new Uint8Array(this.#partial.length + chunk.length);
+			buf.set(this.#partial, 0);
+			buf.set(chunk, this.#partial.length);
+			this.#partial = null;
+		} else {
+			buf = chunk;
+		}
+
+		const len = buf.length;
+		let i = 0;
+		while (i < len) {
+			const lf = buf.indexOf(0x0a, i);
+			if (lf === -1) {
+				// Retain the tail as a partial line for the next chunk. Copy
+				// because the source `chunk` buffer may be reused upstream.
+				this.#partial = buf.subarray(i).slice();
+				return;
+			}
+			let end = lf;
+			if (end > i && buf[end - 1] === 0x0d) end--;
+			this.#consumeLine(buf, i, end);
+			i = lf + 1;
+		}
+	}
+
+	flush(): void {
+		// Treat any trailing partial line (no terminating LF) as a complete line.
+		if (this.#partial) {
+			const tail = this.#partial;
+			this.#partial = null;
+			let end = tail.length;
+			if (end > 0 && tail[end - 1] === 0x0d) end--;
+			if (end > 0) this.#consumeLine(tail, 0, end);
+		}
+		// Real services don't always close on a blank line — flush any pending event.
+		this.#dispatch();
+	}
+
+	#consumeLine(buf: Uint8Array, start: number, end: number): void {
+		if (end === start) {
+			this.#dispatch();
+			return;
+		}
+		// Comment line: keep verbatim in `raw` for diagnostic context, skip parsing.
+		// SSE spec § 9.2.6: lines beginning with ':' are heartbeats/comments and
+		// MUST NOT contribute to the event dispatch state. Heartbeats are the
+		// single most common line type on long-poll provider streams, so the
+		// early-return here directly avoids ~half the field-parse work.
+		if (buf[start] === 0x3a /* ':' */) {
+			this.#raw.push(decodeSseLine(buf, start, end));
+			return;
+		}
+		// Byte-level field parse. We avoid `text.indexOf(':')` + two `String.slice`
+		// calls (~6% of CPU pre-optimization) by scanning bytes for the field
+		// delimiter and matching the field name byte-for-byte. Field-name bytes
+		// are ASCII per SSE spec, so byte offsets equal char offsets in the
+		// decoded string and we can `slice` the value directly off `text` without
+		// re-decoding.
+		//
+		// ASCII signatures (verified against SSE spec):
+		//   "event" = 0x65 0x76 0x65 0x6e 0x74  (5 bytes)
+		//   "data"  = 0x64 0x61 0x74 0x61       (4 bytes)
+		let colon = -1;
+		for (let k = start; k < end; k++) {
+			if (buf[k] === 0x3a) {
+				colon = k;
+				break;
+			}
+		}
+		const fieldEnd = colon === -1 ? end : colon;
+		let valueStart = colon === -1 ? end : colon + 1;
+		// Per SSE spec, a single leading SP after the colon is stripped.
+		if (valueStart < end && buf[valueStart] === 0x20 /* ' ' */) valueStart++;
+		const fieldLen = fieldEnd - start;
+		const isEvent =
+			fieldLen === 5 &&
+			buf[start] === 0x65 &&
+			buf[start + 1] === 0x76 &&
+			buf[start + 2] === 0x65 &&
+			buf[start + 3] === 0x6e &&
+			buf[start + 4] === 0x74;
+		const isData =
+			!isEvent &&
+			fieldLen === 4 &&
+			buf[start] === 0x64 &&
+			buf[start + 1] === 0x61 &&
+			buf[start + 2] === 0x74 &&
+			buf[start + 3] === 0x61;
+		// Decode the line exactly once. Raw observers (debug buffer) want it
+		// regardless of field kind; `id`/`retry`/unknown lines pay only the
+		// decode cost, not any extra slicing.
+		const text = decodeSseLine(buf, start, end);
+		this.#raw.push(text);
+		if (isEvent) {
+			// `valueStart - start` is a byte offset into the line; since the
+			// "event:" prefix (and the optional SP) are pure ASCII, that byte
+			// offset equals the char offset in the decoded `text`.
+			this.#event = valueStart === end ? "" : text.slice(valueStart - start);
+		} else if (isData) {
+			const value = valueStart === end ? "" : text.slice(valueStart - start);
+			if (this.#data === null) this.#data = value;
+			else this.#data = `${this.#data}\n${value}`;
+		}
+		// `id` and `retry` are intentionally ignored — providers don't use them
+		// and reconnects are handled by the underlying transport.
+	}
+
+	// Hands ownership of the accumulated `raw` array to the observer. The
+	// observer (currently only `RawSseDebugBuffer.recordEvent`) MAY retain the
+	// array; we install a fresh `#raw = []` for the next event before invoking
+	// the observer so there is no aliasing across dispatches. This contract is
+	// mirrored in `notifyRawSseEvent` (no defensive clone) — see its comment.
+	//
+	// TODO(BufferOpt): once the buffer-side audit confirms it never mutates
+	// `event.raw`, the defensive `[...event.raw]` clone in older call paths
+	// (search for `notifyRawSseEvent`) can be dropped repository-wide.
+	#dispatch(): void {
+		if (this.#event === null && this.#data === null) return;
+		const event: RawSseEvent = {
+			event: this.#event,
+			data: this.#data ?? "",
+			raw: this.#raw,
+		};
+		this.#event = null;
+		this.#data = null;
+		this.#raw = [];
+		try {
+			this.#observer(event);
+		} catch {
+			// Raw stream observers are diagnostic only and must not affect generation.
+		}
+	}
+}
+
+export function wrapFetchForSseDebug(
+	fetchImpl: FetchWithPreconnect,
+	observer: RawSseObserver | undefined,
+): FetchWithPreconnect {
+	if (!observer) return fetchImpl;
+
+	const wrapped = Object.assign(
+		async (input: string | URL | Request, init?: RequestInit): Promise<Response> => {
+			const response = await fetchImpl(input, init);
+			if (!isSseResponse(response)) {
+				return response;
+			}
+
+			const body = response.body;
+			if (!body) return response;
+
+			// Single-pass interception. Previously implemented as
+			// `body.pipeThrough(new TransformStream({...}))`, but the WHATWG
+			// TransformStream machinery imposes a per-chunk Promise boundary
+			// (`#handleNumberResult` showed at 8.8% self-time in CPU profile).
+			// A manual ReadableStream pulling directly from `body.getReader()`
+			// skips that hop: every `read()` immediately feeds both the parser
+			// and the controller in the same microtask.
+			const parser = new SseTeeParser(observer);
+			const reader = body.getReader();
+			const teed = new ReadableStream<Uint8Array>({
+				async pull(controller) {
+					try {
+						const { done, value } = await reader.read();
+						if (done) {
+							parser.flush();
+							controller.close();
+							return;
+						}
+						// Enqueue first so the consumer sees bytes ASAP; parser
+						// dispatch is best-effort diagnostic and runs after.
+						controller.enqueue(value);
+						parser.push(value);
+					} catch (err) {
+						// Mirror TransformStream semantics: surface upstream
+						// errors to the consumer; do not flush a partial event.
+						controller.error(err);
+					}
+				},
+				cancel(reason) {
+					// Propagate downstream cancellation to the source body so the
+					// underlying connection is released. Matches `pipeThrough`'s
+					// cancel-propagation behavior; `flush()` is intentionally NOT
+					// called (TransformStream skips `flush` on abort too).
+					return reader.cancel(reason);
+				},
+			});
+
+			return new Response(teed, {
+				status: response.status,
+				statusText: response.statusText,
+				headers: response.headers,
+			});
+		},
+		fetchImpl.preconnect ? { preconnect: fetchImpl.preconnect } : {},
+	);
+
+	return wrapped;
+}