@livo-build/runtime 0.2.6 → 0.2.13

package/dist/aes.d.ts

@@ -0,0 +1,4 @@
+/** Encrypt a string → "ivBase64:ciphertextBase64". */
+export declare function encrypt(plaintext: string, secret: string): Promise<string>;
+/** Decrypt a value produced by encrypt(). Throws if tampered / wrong secret. */
+export declare function decrypt(value: string, secret: string): Promise<string>;

package/dist/aes.js

@@ -0,0 +1,38 @@
+// AES-256-GCM encrypt/decrypt for protecting sensitive values at rest in D1/KV
+// (e.g. per-user data). The key is a passphrase/secret; output is base64 "iv:ct".
+// Web Crypto only (Worker-safe).
+const enc = new TextEncoder();
+const dec = new TextDecoder();
+function b64(bytes) {
+    let bin = "";
+    for (let i = 0; i < bytes.length; i++)
+        bin += String.fromCharCode(bytes[i]);
+    return btoa(bin);
+}
+function unb64(s) {
+    const bin = atob(s);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++)
+        out[i] = bin.charCodeAt(i);
+    return out;
+}
+async function deriveKey(secret) {
+    const hash = await crypto.subtle.digest("SHA-256", enc.encode(secret));
+    return crypto.subtle.importKey("raw", hash, { name: "AES-GCM" }, false, ["encrypt", "decrypt"]);
+}
+/** Encrypt a string → "ivBase64:ciphertextBase64". */
+export async function encrypt(plaintext, secret) {
+    const key = await deriveKey(secret);
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const ct = new Uint8Array(await crypto.subtle.encrypt({ name: "AES-GCM", iv }, key, enc.encode(plaintext)));
+    return `${b64(iv)}:${b64(ct)}`;
+}
+/** Decrypt a value produced by encrypt(). Throws if tampered / wrong secret. */
+export async function decrypt(value, secret) {
+    const [ivB64, ctB64] = value.split(":");
+    if (!ivB64 || !ctB64)
+        throw new Error("decrypt: malformed ciphertext");
+    const key = await deriveKey(secret);
+    const pt = await crypto.subtle.decrypt({ name: "AES-GCM", iv: unb64(ivB64) }, key, unb64(ctB64));
+    return dec.decode(pt);
+}

package/dist/auth.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/auth.test.js

@@ -0,0 +1,57 @@
+import { describe, it, expect } from "vitest";
+import { privateKeyToAccount } from "viem/accounts";
+import { createSiweMessage, verifySiweMessage } from "./siwe.js";
+import { createSession, verifySession } from "./sessions.js";
+import { encrypt, decrypt } from "./aes.js";
+import { Router, json } from "./http.js";
+const PK = "0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d";
+const account = privateKeyToAccount(PK);
+const ADDR = account.address;
+describe("SIWE", () => {
+    it("builds a canonical message and verifies a real signature (cross-checked vs viem)", async () => {
+        const msg = createSiweMessage({ domain: "app.livo.build", address: ADDR, uri: "https://app.livo.build", chainId: 11155111, nonce: "abc123" });
+        expect(msg).toContain("app.livo.build wants you to sign in");
+        expect(msg).toContain("Nonce: abc123");
+        const signature = await account.signMessage({ message: msg });
+        const r = await verifySiweMessage(msg, signature, { nonce: "abc123", domain: "app.livo.build" });
+        expect(r.valid).toBe(true);
+        expect(r.address?.toLowerCase()).toBe(ADDR.toLowerCase());
+    });
+    it("rejects a wrong nonce and an expired message", async () => {
+        const good = createSiweMessage({ domain: "d", address: ADDR, uri: "u", chainId: 1, nonce: "n1" });
+        const sig = await account.signMessage({ message: good });
+        expect((await verifySiweMessage(good, sig, { nonce: "n2" })).valid).toBe(false);
+        const expired = createSiweMessage({ domain: "d", address: ADDR, uri: "u", chainId: 1, nonce: "n1", expirationTime: new Date(Date.now() - 1000).toISOString() });
+        const sig2 = await account.signMessage({ message: expired });
+        expect((await verifySiweMessage(expired, sig2)).valid).toBe(false);
+    });
+});
+describe("sessions", () => {
+    it("round-trips a payload and rejects tampering / expiry", async () => {
+        const token = await createSession({ sub: "0xabc", role: "member" }, "secret");
+        const p = await verifySession(token, "secret");
+        expect(p?.sub).toBe("0xabc");
+        expect(await verifySession(token, "wrong-secret")).toBeNull();
+        expect(await verifySession(token + "x", "secret")).toBeNull();
+        const expired = await createSession({ sub: "x" }, "s", { ttlSeconds: -1 });
+        expect(await verifySession(expired, "s")).toBeNull();
+    });
+});
+describe("aes", () => {
+    it("encrypts and decrypts; wrong secret throws", async () => {
+        const ct = await encrypt("hello world", "k1");
+        expect(ct).not.toContain("hello");
+        expect(await decrypt(ct, "k1")).toBe("hello world");
+        await expect(decrypt(ct, "k2")).rejects.toBeTruthy();
+    });
+});
+describe("Router", () => {
+    it("matches method + :params and 404s otherwise", async () => {
+        const r = new Router("/api").get("/u/:id", (_req, { params }) => json({ id: params.id }));
+        const res = await r.handle(new Request("https://x/api/u/42"), {});
+        expect(res.status).toBe(200);
+        expect(await res.json()).toEqual({ id: "42" });
+        const miss = await r.handle(new Request("https://x/api/nope"), {});
+        expect(miss.status).toBe(404);
+    });
+});

package/dist/cache.d.ts

@@ -0,0 +1,12 @@
+import type { KvLike } from "./ratelimit.js";
+export interface CacheOptions {
+    /** Time-to-live in seconds. */
+    ttlSeconds: number;
+    /** Optional key namespace (default "cache:"). */
+    prefix?: string;
+}
+/**
+ * Return the cached JSON value for `key`, or run `produce()`, store it with a TTL,
+ * and return it. A miss or a corrupt cached value falls through to `produce()`.
+ */
+export declare function cached<T>(kv: KvLike, key: string, produce: () => Promise<T>, opts: CacheOptions): Promise<T>;

package/dist/cache.js

@@ -0,0 +1,27 @@
+// KV-backed memoize — cache an expensive computation (an RPC read, an upstream API
+// call) under a key with a TTL, so repeat requests are cheap. Pairs with any
+// Workers-KV-shaped binding.
+/**
+ * Return the cached JSON value for `key`, or run `produce()`, store it with a TTL,
+ * and return it. A miss or a corrupt cached value falls through to `produce()`.
+ */
+export async function cached(kv, key, produce, opts) {
+    const k = (opts.prefix ?? "cache:") + key;
+    const hit = await kv.get(k);
+    if (hit != null) {
+        try {
+            return JSON.parse(hit);
+        }
+        catch {
+            /* corrupt entry — recompute */
+        }
+    }
+    const value = await produce();
+    try {
+        await kv.put(k, JSON.stringify(value), { expirationTtl: opts.ttlSeconds });
+    }
+    catch {
+        /* cache write best-effort */
+    }
+    return value;
+}

package/dist/email.d.ts

@@ -0,0 +1,74 @@
+interface MinimalEnv {
+    [key: string]: unknown;
+}
+export interface EmailOptions {
+    /** Platform email API base, e.g. https://<site>/email. Default env EMAIL_API_URL. */
+    apiUrl?: string;
+    /** Bearer scoping calls to this project. Default env EMAIL_API_TOKEN. */
+    apiToken?: string;
+}
+export type EmailDirection = "in" | "out";
+/** One message in the project's inbox/outbox (newest first from `list`). */
+export interface EmailMessage {
+    id: string;
+    direction: EmailDirection;
+    from: string;
+    to: string[];
+    cc: string[];
+    subject: string;
+    text: string | null;
+    html: string | null;
+    messageId: string | null;
+    inReplyTo: string | null;
+    read: boolean;
+    receivedAt: number;
+}
+export interface ListEmailsOptions {
+    /** Only unread inbound/outbound messages. */
+    unread?: boolean;
+    /** Max messages to return (1–100, default 20). */
+    limit?: number;
+}
+export interface SendEmailOptions {
+    to: string | string[];
+    subject: string;
+    text?: string;
+    html?: string;
+    /** Display name for the From (address is always the project's own). */
+    fromName?: string;
+    /** Message-ID this is replying to (sets In-Reply-To/References for threading). */
+    inReplyTo?: string;
+}
+export interface SendEmailResult {
+    ok: boolean;
+    message_id: string | null;
+}
+export declare class Email {
+    private readonly apiUrl?;
+    private readonly apiToken?;
+    constructor(env: MinimalEnv | undefined, options?: EmailOptions);
+    /** Recent messages, newest first. Defaults to the whole inbox+outbox (20). */
+    list(opts?: ListEmailsOptions): Promise<EmailMessage[]>;
+    /** Unread inbound messages, newest first (shorthand for list({ unread: true })). */
+    unread(limit?: number): Promise<EmailMessage[]>;
+    /** Fetch one message by id (full body). Returns null if it isn't in this inbox. */
+    get(id: string): Promise<EmailMessage | null>;
+    /** Mark a message read (or unread with read=false). */
+    markRead(id: string, read?: boolean): Promise<void>;
+    /** Send a new message AS the project ({slug}@livo.build). */
+    send(opts: SendEmailOptions): Promise<SendEmailResult>;
+    /**
+     * Reply to an inbound message: sends back to its sender, threads via Message-ID,
+     * prefixes "Re:" if needed, and marks the original read. Pass `to` to override
+     * the recipient.
+     */
+    reply(msg: EmailMessage, opts: {
+        text?: string;
+        html?: string;
+        fromName?: string;
+        to?: string | string[];
+    }): Promise<SendEmailResult>;
+    /** Internal: call an email API sub-path with the project bearer; throws on error. */
+    private call;
+}
+export {};

package/dist/email.js

@@ -0,0 +1,100 @@
+// Email — the project's own inbox at {slug}@livo.build. Every Livo project gets a
+// canonical address; this helper lets a deployed bot/server/keeper read incoming
+// mail and send (or reply) AS the project, with zero key/SMTP handling. All calls
+// go to the platform (EMAIL_API_URL, authorized by EMAIL_API_TOKEN, both injected
+// at deploy); inbound is parsed + stored by the platform Email Worker, and sends
+// go out through the platform's transactional provider — so a leaked Worker can
+// only send AS this project, never spoof another.
+//
+//   const email = new Email(env);
+//   const inbox = await email.list({ unread: true });   // newest first
+//   for (const m of inbox) {
+//     const full = await email.get(m.id);                // full body
+//     await email.reply(full, { text: "thanks!" });      // sends + marks read
+//   }
+//   await email.send({ to: "a@b.com", subject: "hi", text: "hello" });
+//
+// The From address is always the project's own ({slug}@livo.build) — pass
+// `fromName` for a display name. To poll on a schedule, call list() from a keeper;
+// to react instantly, point a webhook at your api/ Worker (see livo://skill/email).
+export class Email {
+    apiUrl;
+    apiToken;
+    constructor(env, options = {}) {
+        this.apiUrl = (options.apiUrl ?? env?.EMAIL_API_URL)?.replace(/\/$/, "");
+        this.apiToken = options.apiToken ?? env?.EMAIL_API_TOKEN;
+    }
+    /** Recent messages, newest first. Defaults to the whole inbox+outbox (20). */
+    async list(opts = {}) {
+        const qs = new URLSearchParams();
+        if (opts.unread)
+            qs.set("unread", "1");
+        if (opts.limit)
+            qs.set("limit", String(opts.limit));
+        const r = await this.call("GET", `list${qs.toString() ? `?${qs}` : ""}`);
+        return (r.messages ?? []);
+    }
+    /** Unread inbound messages, newest first (shorthand for list({ unread: true })). */
+    async unread(limit) {
+        return this.list({ unread: true, limit });
+    }
+    /** Fetch one message by id (full body). Returns null if it isn't in this inbox. */
+    async get(id) {
+        const r = await this.call("POST", "get", { id });
+        return r.message ?? null;
+    }
+    /** Mark a message read (or unread with read=false). */
+    async markRead(id, read = true) {
+        await this.call("POST", "mark-read", { id, read });
+    }
+    /** Send a new message AS the project ({slug}@livo.build). */
+    async send(opts) {
+        const r = await this.call("POST", "send", {
+            to: Array.isArray(opts.to) ? opts.to : [opts.to],
+            subject: opts.subject,
+            text: opts.text,
+            html: opts.html,
+            fromName: opts.fromName,
+            inReplyTo: opts.inReplyTo,
+        });
+        return { ok: r.ok === true, message_id: r.message_id ?? null };
+    }
+    /**
+     * Reply to an inbound message: sends back to its sender, threads via Message-ID,
+     * prefixes "Re:" if needed, and marks the original read. Pass `to` to override
+     * the recipient.
+     */
+    async reply(msg, opts) {
+        const subject = /^re:/i.test(msg.subject) ? msg.subject : `Re: ${msg.subject}`;
+        const result = await this.send({
+            to: opts.to ?? msg.from,
+            subject,
+            text: opts.text,
+            html: opts.html,
+            fromName: opts.fromName,
+            inReplyTo: msg.messageId ?? undefined,
+        });
+        if (result.ok && !msg.read)
+            await this.markRead(msg.id).catch(() => { });
+        return result;
+    }
+    /** Internal: call an email API sub-path with the project bearer; throws on error. */
+    async call(method, path, body) {
+        if (!this.apiUrl || !this.apiToken) {
+            throw new Error("Email: not provisioned — EMAIL_API_URL/EMAIL_API_TOKEN missing (redeploy so the platform injects them).");
+        }
+        const res = await fetch(`${this.apiUrl}/${path}`, {
+            method,
+            headers: {
+                authorization: `Bearer ${this.apiToken}`,
+                ...(body ? { "content-type": "application/json" } : {}),
+            },
+            body: body ? JSON.stringify(body) : undefined,
+        });
+        const j = (await res.json().catch(() => ({})));
+        if (!res.ok || j.error) {
+            throw new Error(`Email ${path}: ${String(j.message ?? j.error ?? `HTTP ${res.status}`)}`);
+        }
+        return j;
+    }
+}

package/dist/email.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/email.test.js

@@ -0,0 +1,68 @@
+import { describe, it, expect, vi, afterEach } from "vitest";
+import { Email } from "./email.js";
+const ENV = { EMAIL_API_URL: "https://site.example/email", EMAIL_API_TOKEN: "tok_123" };
+function mockFetch(handler) {
+    const calls = [];
+    const fn = vi.fn(async (url, init) => {
+        const call = {
+            url,
+            method: init?.method ?? "GET",
+            auth: init?.headers?.authorization ?? null,
+            body: init?.body ? JSON.parse(init.body) : undefined,
+        };
+        calls.push(call);
+        const { status = 200, json } = handler(call);
+        return { ok: status >= 200 && status < 300, status, json: async () => json };
+    });
+    vi.stubGlobal("fetch", fn);
+    return calls;
+}
+afterEach(() => vi.unstubAllGlobals());
+describe("Email", () => {
+    it("lists newest-first, passing the bearer and unread/limit query", async () => {
+        const calls = mockFetch(() => ({ json: { ok: true, address: "p@livo.build", messages: [{ id: "e1" }] } }));
+        const email = new Email(ENV);
+        const msgs = await email.list({ unread: true, limit: 5 });
+        expect(msgs).toEqual([{ id: "e1" }]);
+        expect(calls[0].url).toBe("https://site.example/email/list?unread=1&limit=5");
+        expect(calls[0].method).toBe("GET");
+        expect(calls[0].auth).toBe("Bearer tok_123");
+    });
+    it("send wraps a single recipient into an array and reports the message id", async () => {
+        const calls = mockFetch(() => ({ json: { ok: true, message_id: "m_42" } }));
+        const email = new Email(ENV);
+        const r = await email.send({ to: "a@b.com", subject: "hi", text: "yo" });
+        expect(r).toEqual({ ok: true, message_id: "m_42" });
+        expect(calls[0].url).toBe("https://site.example/email/send");
+        expect(calls[0].body).toMatchObject({ to: ["a@b.com"], subject: "hi", text: "yo" });
+    });
+    it("reply threads via Message-ID, prefixes Re:, and marks the original read", async () => {
+        const calls = mockFetch((c) => (c.url.endsWith("/send") ? { json: { ok: true, message_id: "out1" } } : { json: { ok: true } }));
+        const msg = {
+            id: "e9", direction: "in", from: "sender@x.com", to: ["p@livo.build"], cc: [],
+            subject: "Question", text: "?", html: null, messageId: "<abc@x.com>", inReplyTo: null,
+            read: false, receivedAt: 1,
+        };
+        const email = new Email(ENV);
+        const r = await email.reply(msg, { text: "answer" });
+        expect(r.ok).toBe(true);
+        const send = calls.find((c) => c.url.endsWith("/send"));
+        expect(send.body).toMatchObject({ to: ["sender@x.com"], subject: "Re: Question", inReplyTo: "<abc@x.com>" });
+        const mark = calls.find((c) => c.url.endsWith("/mark-read"));
+        expect(mark?.body).toMatchObject({ id: "e9", read: true });
+    });
+    it("does not double-prefix Re: on an already-Re subject", async () => {
+        const calls = mockFetch(() => ({ json: { ok: true, message_id: "x" } }));
+        const msg = { id: "e", direction: "in", from: "s@x.com", to: [], cc: [], subject: "Re: Hi", text: null, html: null, messageId: null, inReplyTo: null, read: true, receivedAt: 0 };
+        await new Email(ENV).reply(msg, { text: "k" });
+        expect(calls[0].body).toMatchObject({ subject: "Re: Hi" });
+    });
+    it("throws a helpful error when not provisioned", async () => {
+        mockFetch(() => ({ json: {} }));
+        await expect(new Email({}).list()).rejects.toThrow(/not provisioned/);
+    });
+    it("surfaces API errors with the server message", async () => {
+        mockFetch(() => ({ status: 403, json: { error: "forbidden", message: "bad token" } }));
+        await expect(new Email(ENV).list()).rejects.toThrow(/bad token/);
+    });
+});

package/dist/http.d.ts

@@ -0,0 +1,48 @@
+export declare function json(body: unknown, status?: number, headers?: Record<string, string>): Response;
+export declare function error(message: string, status?: number): Response;
+export declare const CORS_HEADERS: Record<string, string>;
+/** Add permissive CORS headers to a response. (Same-origin api/ usually doesn't need this.) */
+export declare function withCors(res: Response): Response;
+export interface SseConnection {
+    /** Push an event. Non-string `data` is JSON-stringified. */
+    send(data: unknown, opts?: {
+        event?: string;
+        id?: string;
+    }): void;
+    /** Send a comment line to keep the connection alive (heartbeat). */
+    ping(): void;
+    /** End the stream. */
+    close(): void;
+    /** True once the stream has been closed or cancelled by the client. */
+    readonly closed: boolean;
+    /** The Response to return from your fetch handler. */
+    readonly response: Response;
+}
+/**
+ * Open a Server-Sent Events stream from an api/ Worker — push realtime updates to a
+ * browser (e.g. live prices feeding a chart/dashboard) with no WebSocket plumbing.
+ * Return `conn.response` from your handler, then `conn.send(...)` as data arrives.
+ * Pass `{ signal: req.signal }` so it tears down when the client disconnects.
+ */
+export declare function sse(init?: {
+    headers?: Record<string, string>;
+    signal?: AbortSignal;
+}): SseConnection;
+export interface RouteContext<Env = unknown> {
+    params: Record<string, string>;
+    url: URL;
+    env: Env;
+}
+export type RouteHandler<Env = unknown> = (req: Request, ctx: RouteContext<Env>) => Response | Promise<Response>;
+export declare class Router<Env = unknown> {
+    private readonly basePath;
+    private routes;
+    constructor(basePath?: string);
+    private add;
+    get(path: string, h: RouteHandler<Env>): this;
+    post(path: string, h: RouteHandler<Env>): this;
+    put(path: string, h: RouteHandler<Env>): this;
+    delete(path: string, h: RouteHandler<Env>): this;
+    /** Match + dispatch a request. Returns the handler's response, or a 404. */
+    handle(req: Request, env: Env): Promise<Response>;
+}

package/dist/http.js

@@ -0,0 +1,133 @@
+// Tiny HTTP helpers for api/ Workers, bots, and servers — stop hand-rolling JSON
+// responses and request routing.
+export function json(body, status = 200, headers = {}) {
+    return new Response(JSON.stringify(body), { status, headers: { "content-type": "application/json", ...headers } });
+}
+export function error(message, status = 400) {
+    return json({ error: message }, status);
+}
+export const CORS_HEADERS = {
+    "access-control-allow-origin": "*",
+    "access-control-allow-methods": "GET,POST,PUT,DELETE,OPTIONS",
+    "access-control-allow-headers": "content-type,authorization",
+};
+/** Add permissive CORS headers to a response. (Same-origin api/ usually doesn't need this.) */
+export function withCors(res) {
+    const h = new Headers(res.headers);
+    for (const [k, v] of Object.entries(CORS_HEADERS))
+        h.set(k, v);
+    return new Response(res.body, { status: res.status, headers: h });
+}
+/**
+ * Open a Server-Sent Events stream from an api/ Worker — push realtime updates to a
+ * browser (e.g. live prices feeding a chart/dashboard) with no WebSocket plumbing.
+ * Return `conn.response` from your handler, then `conn.send(...)` as data arrives.
+ * Pass `{ signal: req.signal }` so it tears down when the client disconnects.
+ */
+export function sse(init = {}) {
+    const encoder = new TextEncoder();
+    let controller = null;
+    let isClosed = false;
+    const stream = new ReadableStream({
+        start(c) {
+            controller = c;
+        },
+        cancel() {
+            isClosed = true;
+        },
+    });
+    const write = (s) => {
+        if (isClosed || !controller)
+            return;
+        try {
+            controller.enqueue(encoder.encode(s));
+        }
+        catch {
+            isClosed = true;
+        }
+    };
+    const conn = {
+        send(data, opts) {
+            const payload = typeof data === "string" ? data : JSON.stringify(data);
+            let frame = "";
+            if (opts?.event)
+                frame += `event: ${opts.event}\n`;
+            if (opts?.id)
+                frame += `id: ${opts.id}\n`;
+            for (const line of payload.split("\n"))
+                frame += `data: ${line}\n`; // SSE: one data: line per \n
+            write(frame + "\n");
+        },
+        ping() {
+            write(": ping\n\n");
+        },
+        close() {
+            if (isClosed)
+                return;
+            isClosed = true;
+            try {
+                controller?.close();
+            }
+            catch {
+                /* already closed */
+            }
+        },
+        get closed() {
+            return isClosed;
+        },
+        response: new Response(stream, {
+            headers: {
+                "content-type": "text/event-stream",
+                "cache-control": "no-cache",
+                connection: "keep-alive",
+                ...(init.headers ?? {}),
+            },
+        }),
+    };
+    init.signal?.addEventListener("abort", () => conn.close());
+    return conn;
+}
+// A minimal method + path router with `:param` segments. `basePath` is stripped
+// first (e.g. "/api/telegram"). Returns 404 when nothing matches.
+export class Router {
+    basePath;
+    routes = [];
+    constructor(basePath = "") {
+        this.basePath = basePath;
+    }
+    add(method, path, handler) {
+        const keys = [];
+        const pattern = new RegExp("^" +
+            path.replace(/:[A-Za-z0-9_]+/g, (m) => {
+                keys.push(m.slice(1));
+                return "([^/]+)";
+            }) +
+            "/?$");
+        this.routes.push({ method, keys, pattern, handler });
+        return this;
+    }
+    get(path, h) { return this.add("GET", path, h); }
+    post(path, h) { return this.add("POST", path, h); }
+    put(path, h) { return this.add("PUT", path, h); }
+    delete(path, h) { return this.add("DELETE", path, h); }
+    /** Match + dispatch a request. Returns the handler's response, or a 404. */
+    async handle(req, env) {
+        const url = new URL(req.url);
+        let path = url.pathname;
+        if (this.basePath && path.startsWith(this.basePath))
+            path = path.slice(this.basePath.length) || "/";
+        if (req.method === "OPTIONS")
+            return withCors(new Response(null, { status: 204 }));
+        for (const r of this.routes) {
+            if (r.method !== req.method)
+                continue;
+            const m = r.pattern.exec(path);
+            if (!m)
+                continue;
+            const params = {};
+            r.keys.forEach((k, i) => (params[k] = decodeURIComponent(m[i + 1])));
+            return r.handler(req, { params, url, env });
+        }
+        return error("not_found", 404);
+    }
+}