@rangojs/router 0.0.0-experimental.130 → 0.0.0-experimental.132

package/src/router/trie-matching.ts

@@ -81,6 +81,7 @@ export function tryTrieMatch(
       result.wildcardValue,
       pathname,
       pathnameHasTrailingSlash,
+      result.validatedParams,
     );
   }
 
@@ -91,6 +92,14 @@ interface WalkResult {
   leaf: TrieLeaf;
   paramValues: string[];
   wildcardValue?: string;
+  /**
+   * For a constraint-bearing leaf (leaf.cv set), the params map that
+   * leafConstraintsPass already decoded AND validated during the walk. Carried
+   * forward so validateAndBuild reuses it instead of re-decoding paramValues and
+   * re-running constraintsSatisfied a second time on the winning leaf. Undefined
+   * for unconstrained leaves (no decode/validate happened in the walk).
+   */
+  validatedParams?: Record<string, string>;
 }
 
 /**
@@ -115,17 +124,23 @@ function constraintsSatisfied(
 /**
  * Constraint check for a candidate terminal DURING the walk. Builds the named
  * params from positional walk values (decoded the same way validateAndBuild
- * does) and validates leaf.cv. Returning false lets walkTrie unwind to a
+ * does) and validates leaf.cv. Returning null lets walkTrie unwind to a
  * lower-priority sibling instead of committing to a leaf that would only be
  * rejected post-walk — that post-walk rejection is what forced the regex
  * fallback (and its false "trie gap" R3 warning) for perfectly valid configs.
+ *
+ * On success returns the built+validated params for a constraint-bearing leaf so
+ * walkTrie can carry them to validateAndBuild (avoiding a second decode + a
+ * second constraintsSatisfied pass on the winner); returns the shared EMPTY_PASS
+ * sentinel for an unconstrained leaf (no work was done, nothing to carry).
  */
+const EMPTY_PASS: Record<string, string> = {};
 function leafConstraintsPass(
   leaf: TrieLeaf,
   paramValues: string[],
   wildcardValue: string | undefined,
-): boolean {
-  if (!leaf.cv) return true;
+): Record<string, string> | null {
+  if (!leaf.cv) return EMPTY_PASS;
   const params: Record<string, string> = {};
   if (leaf.pa) {
     for (let i = 0; i < leaf.pa.length && i < paramValues.length; i++) {
@@ -136,7 +151,7 @@ function leafConstraintsPass(
     params[(leaf as TrieLeaf & { pn: string }).pn] =
       safeDecodeURIComponent(wildcardValue);
   }
-  return constraintsSatisfied(leaf, params);
+  return constraintsSatisfied(leaf, params) ? params : null;
 }
 
 /**
@@ -154,8 +169,19 @@ function walkTrie(
   paramValues: string[],
 ): WalkResult | null {
   if (index === segments.length) {
-    if (node.r && leafConstraintsPass(node.r, paramValues, undefined)) {
-      return { leaf: node.r, paramValues: [...paramValues] };
+    if (node.r) {
+      const validatedParams = leafConstraintsPass(
+        node.r,
+        paramValues,
+        undefined,
+      );
+      if (validatedParams) {
+        return {
+          leaf: node.r,
+          paramValues: [...paramValues],
+          validatedParams,
+        };
+      }
     }
     // A wildcard at this node matches the bare prefix with an empty remainder
     // (e.g. "/files" against "/files/*"), mirroring the regex matcher's `*=""`.
@@ -163,8 +189,16 @@ function walkTrie(
     // so without this a request to the wildcard's own prefix misses the trie
     // and the regex fallback emits a corrupt redirect. A static terminal
     // (node.r) still wins.
-    if (node.w && leafConstraintsPass(node.w, paramValues, "")) {
-      return { leaf: node.w, paramValues: [...paramValues], wildcardValue: "" };
+    if (node.w) {
+      const validatedParams = leafConstraintsPass(node.w, paramValues, "");
+      if (validatedParams) {
+        return {
+          leaf: node.w,
+          paramValues: [...paramValues],
+          wildcardValue: "",
+          validatedParams,
+        };
+      }
     }
     return null;
   }
@@ -206,11 +240,13 @@ function walkTrie(
 
   if (node.w) {
     const rest = joinRemainingSegments(segments, index);
-    if (leafConstraintsPass(node.w, paramValues, rest)) {
+    const validatedParams = leafConstraintsPass(node.w, paramValues, rest);
+    if (validatedParams) {
       return {
         leaf: node.w,
         paramValues: [...paramValues],
         wildcardValue: rest,
+        validatedParams,
       };
     }
   }
@@ -230,6 +266,15 @@ function joinRemainingSegments(segments: string[], start: number): string {
 
 /**
  * Post-match: validate constraints and handle trailing slash logic.
+ *
+ * `validatedParams` is the params map walkTrie already decoded AND validated via
+ * leafConstraintsPass for a constraint-bearing winning leaf. When present (and
+ * non-empty) we reuse it verbatim and SKIP the second decode + the second
+ * constraintsSatisfied pass — both are byte-identical to the walk-time work.
+ * When absent (unconstrained leaf, or the root-path call sites that never walk)
+ * we still BUILD the params here (that is not redundant — they must be returned)
+ * and run constraintsSatisfied for safety; an unconstrained leaf's check is a
+ * cheap early `!leaf.cv` return.
  */
 function validateAndBuild(
   leaf: TrieLeaf,
@@ -237,21 +282,30 @@ function validateAndBuild(
   wildcardValue: string | undefined,
   originalPathname: string,
   pathnameHasTrailingSlash: boolean,
+  validatedParams?: Record<string, string>,
 ): TrieMatchResult | null {
-  const params: Record<string, string> = {};
-  if (leaf.pa) {
-    for (let i = 0; i < leaf.pa.length && i < paramValues.length; i++) {
-      params[leaf.pa[i]] = safeDecodeURIComponent(paramValues[i]);
+  let params: Record<string, string>;
+  // EMPTY_PASS (the unconstrained sentinel) and undefined both mean "nothing was
+  // pre-validated"; only a populated map carried from a constraint-bearing leaf
+  // lets us skip the rebuild + re-check.
+  if (validatedParams && validatedParams !== EMPTY_PASS) {
+    params = validatedParams;
+  } else {
+    params = {};
+    if (leaf.pa) {
+      for (let i = 0; i < leaf.pa.length && i < paramValues.length; i++) {
+        params[leaf.pa[i]] = safeDecodeURIComponent(paramValues[i]);
+      }
     }
-  }
 
-  if (wildcardValue !== undefined && "pn" in leaf) {
-    params[(leaf as TrieLeaf & { pn: string }).pn] =
-      safeDecodeURIComponent(wildcardValue);
-  }
+    if (wildcardValue !== undefined && "pn" in leaf) {
+      params[(leaf as TrieLeaf & { pn: string }).pn] =
+        safeDecodeURIComponent(wildcardValue);
+    }
 
-  if (!constraintsSatisfied(leaf, params)) {
-    return null;
+    if (!constraintsSatisfied(leaf, params)) {
+      return null;
+    }
   }
 
   const tsMode = leaf.ts as "never" | "always" | "ignore" | undefined;

package/src/router.ts

@@ -63,7 +63,7 @@ import {
 import { loadManifest } from "./router/manifest.js";
 import { createMetricsStore } from "./router/metrics.js";
 import {
-  parsePattern,
+  compileMiddlewarePattern,
   type MiddlewareEntry,
   type MiddlewareFn,
 } from "./router/middleware.js";
@@ -347,7 +347,7 @@ export function createRouter<TEnv = any>(
     let regex: RegExp | null = null;
     let paramNames: string[] = [];
     if (fullPattern) {
-      const parsed = parsePattern(fullPattern);
+      const parsed = compileMiddlewarePattern(fullPattern);
       regex = parsed.regex;
       paramNames = parsed.paramNames;
     }

package/src/rsc/progressive-enhancement.ts

@@ -116,6 +116,13 @@ export async function handleProgressiveEnhancement<TEnv>(
   // Execute action and return HTML
   let actionResult: unknown = undefined;
   let reactFormState: ReactFormState | null = null;
+  // Status for the fall-through re-render after a boundaryless action error.
+  // When an action throws and NO error boundary matches, the PE path re-renders
+  // the page (below) the same way it would after a successful action. Without
+  // this the re-render serves HTTP 200, diverging from the JS path which serves
+  // 500 (server-action.ts sets actionStatus=500 for the same boundaryless error).
+  // 500 is carried only into the final HTML response, never the redirect branch.
+  let boundarylessErrorStatus: number | undefined;
 
   if (isUseActionState) {
     // Decode and extract action identity before execution so error
@@ -156,6 +163,9 @@ export async function handleProgressiveEnhancement<TEnv>(
         handledByBoundary: false,
       });
       console.error("[RSC] Progressive enhancement action error:", error);
+      // No boundary matched — the fall-through re-render must carry 500 to match
+      // the JS path's boundaryless-error status (server-action.ts).
+      boundarylessErrorStatus = 500;
     }
   } else if (isDirectAction && directActionId) {
     const temporaryReferences = ctx.createTemporaryReferenceSet();
@@ -206,6 +216,9 @@ export async function handleProgressiveEnhancement<TEnv>(
         handledByBoundary: false,
       });
       console.error("[RSC] Progressive enhancement action error:", error);
+      // No boundary matched — the fall-through re-render must carry 500 to match
+      // the JS path's boundaryless-error status (server-action.ts).
+      boundarylessErrorStatus = 500;
     }
   }
 
@@ -300,6 +313,13 @@ export async function handleProgressiveEnhancement<TEnv>(
     });
 
     return createResponseWithMergedHeaders(htmlStream, {
+      // boundarylessErrorStatus is set only when the action threw and no error
+      // boundary matched; it makes the re-render carry 500 like the JS path.
+      // The redirect branch above returns before this, so a redirect re-render
+      // keeps its 308 and is never overridden.
+      ...(boundarylessErrorStatus !== undefined
+        ? { status: boundarylessErrorStatus }
+        : {}),
       headers: { "content-type": "text/html;charset=utf-8" },
     });
   };

package/src/rsc/server-action.ts

@@ -31,11 +31,20 @@ import {
 } from "./helpers.js";
 import { warnNonRedirectActionResponse } from "./runtime-warnings.js";
 import type { HandlerContext } from "./handler-context.js";
+import type { MatchResult } from "../types.js";
 
 /**
  * Data flowing from action execution to the revalidation phase.
- * When the action completes without redirect/error-boundary, the handler
- * passes this to route middleware → revalidateAfterAction.
+ * When the action completes without redirect, the handler passes this to route
+ * middleware → revalidateAfterAction.
+ *
+ * `errorBoundary` carries the matched error-boundary result when the action
+ * threw and a boundary matched. The error-boundary render is then performed in
+ * the revalidation phase so it runs INSIDE the same route-middleware wrapper as
+ * a successful revalidation — route middleware (context vars, headers, cookies)
+ * must apply to the error render too, matching the module doc's "identical to a
+ * normal render". When `errorBoundary` is set, `actionContext` is unused (the
+ * boundary is already matched; no matchPartial is run).
  */
 export interface ActionContinuation {
   returnValue: { ok: boolean; data: unknown };
@@ -49,6 +58,7 @@ export interface ActionContinuation {
     actionResult: unknown;
     formData?: FormData;
   };
+  errorBoundary?: MatchResult;
 }
 
 /**
@@ -78,13 +88,29 @@ export async function executeServerAction<TEnv>(
       ? await request.formData()
       : await request.text();
 
-    if (body instanceof FormData) {
-      actionFormData = body;
-    }
-
     if (hasBodyContent(body)) {
       args = await ctx.decodeReply(body, { temporaryReferences });
     }
+
+    // Surface the action's FormData to shouldRevalidate({ formData }) for a JS
+    // server action, matching the PE path (progressive-enhancement.ts populates
+    // formData from request.formData()). A form-driven action is invoked as
+    // action(formData) (direct) or action(prevState, formData) (useActionState),
+    // so the FormData arrives INSIDE the decoded args. Use the LAST FormData arg:
+    // for useActionState the submitted form is the final arg, and a prior state
+    // that is itself a FormData would otherwise be picked first.
+    //
+    // The raw request body is NOT usable here: encodeReply wraps a FormData arg
+    // in a multipart envelope whose keys are Flight-encoded (e.g. `_1_name`,
+    // `0`), so request.formData() would hand shouldRevalidate a FormData with
+    // internal keys instead of the consumer's `name`. The decoded arg has the
+    // original keys.
+    for (let i = args.length - 1; i >= 0; i--) {
+      if (args[i] instanceof FormData) {
+        actionFormData = args[i] as FormData;
+        break;
+      }
+    }
   } catch (error) {
     // Keep the original error as `cause` for server-side logging, but do not
     // interpolate it into the message: that string can surface to the client
@@ -123,6 +149,8 @@ export async function executeServerAction<TEnv>(
 
     returnValue = { ok: true, data };
   } catch (error) {
+    let actionResultData: unknown = error;
+
     // Handle thrown redirect (e.g., throw redirect('/path'))
     if (error instanceof Response) {
       const intercepted = interceptRedirectForPartial(
@@ -142,9 +170,18 @@ export async function executeServerAction<TEnv>(
             `Use \`throw redirect('/path')\` for redirects.`,
         );
       }
+
+      // A raw Response cannot be serialized into Flight; storing it as the
+      // action returnValue.data would make the error payload serialization
+      // throw and mask the boundary render. Replace it with a serializable
+      // error (mirrors the discard of a returned non-redirect Response above).
+      // matchError/onError still receive the original Response.
+      actionResultData = new Error(
+        `Server action "${actionId}" threw a non-redirect Response (status ${error.status})`,
+      );
     }
 
-    returnValue = { ok: false, data: error };
+    returnValue = { ok: false, data: actionResultData };
     actionStatus = 500;
 
     // Try to render error boundary.
@@ -179,47 +216,27 @@ export async function executeServerAction<TEnv>(
     });
 
     if (errorResult) {
-      setRequestContextParams(errorResult.params, errorResult.routeName);
-
-      const payload: RscPayload = {
-        metadata: {
-          pathname: url.pathname,
-          // routerId exposed for the frontend (current app identity); see
-          // rsc-rendering.ts partial branch.
-          routerId: ctx.router.id,
-          segments: errorResult.segments,
-          isPartial: true,
-          matched: errorResult.matched,
-          diff: errorResult.diff,
-          resolvedIds: errorResult.resolvedIds,
-          params: errorResult.params,
-          isError: true,
-          handles: handleStore.stream(),
-          version: ctx.version,
-        },
+      // Defer the error-boundary render to the revalidation phase so it runs
+      // inside the same route-middleware wrapper as a successful revalidation
+      // (handler.ts executeRenderWithMiddleware). Building + returning the
+      // Response here would bypass route middleware: context vars, headers, and
+      // cookies set by route middleware would NOT apply to the error render,
+      // diverging from the success path and from the module doc's "identical to
+      // a normal render". The boundary is already matched; the render in
+      // revalidateAfterAction uses errorResult directly (no matchPartial).
+      return {
         returnValue,
-      };
-
-      // Intentionally omit attachLocationState for error payloads:
-      // location state is a success-only semantic. Error boundary responses
-      // update the error UI but should not mutate browser history state.
-
-      const rscStream = ctx.renderToReadableStream<RscPayload>(payload, {
+        actionStatus,
         temporaryReferences,
-        onError: (error: unknown) => {
-          ctx.callOnError(error, "rendering", { request, url, env });
-        },
-      });
-
-      return createResponseWithMergedHeaders(rscStream, {
-        status: actionStatus,
-        headers: {
-          "content-type": "text/x-component;charset=utf-8",
-          // Router identity for the client's pre-decode integrity check (the
-          // action apply path has no post-decode guard). See response-adapter.
-          "X-RSC-Router-Id": ctx.router.id,
+        // actionContext is unused on the errorBoundary path (no matchPartial).
+        actionContext: {
+          actionId,
+          actionUrl: new URL(url),
+          actionResult: returnValue.data,
+          formData: actionFormData,
         },
-      });
+        errorBoundary: errorResult,
+      };
     }
   }
 
@@ -290,11 +307,71 @@ async function revalidateAfterActionInner<TEnv>(
   handleStore: ReturnType<typeof requireRequestContext>["_handleStore"],
   continuation: ActionContinuation,
 ): Promise<Response> {
-  const { returnValue, actionStatus, temporaryReferences, actionContext } =
-    continuation;
+  const {
+    returnValue,
+    actionStatus,
+    temporaryReferences,
+    actionContext,
+    errorBoundary,
+  } = continuation;
   const reqCtx = requireRequestContext();
   const metricsStore = reqCtx._metricsStore;
 
+  // Action threw and a boundary matched: render the (already-matched) error
+  // boundary here so it runs inside the route-middleware wrapper, exactly like
+  // the success branch below. setRequestContextParams + the payload mirror the
+  // pre-deferral render that executeServerAction used to do inline.
+  if (errorBoundary) {
+    setRequestContextParams(errorBoundary.params, errorBoundary.routeName);
+
+    const errorPayload: RscPayload = {
+      metadata: {
+        pathname: url.pathname,
+        // routerId exposed for the frontend (current app identity); see
+        // rsc-rendering.ts partial branch.
+        routerId: ctx.router.id,
+        segments: errorBoundary.segments,
+        isPartial: true,
+        matched: errorBoundary.matched,
+        diff: errorBoundary.diff,
+        resolvedIds: errorBoundary.resolvedIds,
+        params: errorBoundary.params,
+        isError: true,
+        handles: handleStore.stream(),
+        version: ctx.version,
+      },
+      returnValue,
+    };
+
+    // Intentionally omit attachLocationState for error payloads: location state
+    // is a success-only semantic. Error boundary responses update the error UI
+    // but should not mutate browser history state.
+
+    const errorStart = performance.now();
+    const errorStream = ctx.renderToReadableStream<RscPayload>(errorPayload, {
+      temporaryReferences,
+      onError: (error: unknown) => {
+        ctx.callOnError(error, "rendering", { request, url, env });
+      },
+    });
+    appendMetric(
+      metricsStore,
+      "rsc-serialize",
+      errorStart,
+      performance.now() - errorStart,
+    );
+
+    return createResponseWithMergedHeaders(errorStream, {
+      status: actionStatus,
+      headers: {
+        "content-type": "text/x-component;charset=utf-8",
+        // Router identity for the client's pre-decode integrity check (the
+        // action apply path has no post-decode guard). See response-adapter.
+        "X-RSC-Router-Id": ctx.router.id,
+      },
+    });
+  }
+
   const matchResult = await ctx.router.matchPartial(
     request,
     { env },

package/src/search-params.ts

@@ -7,6 +7,8 @@
  * URLSearchParams instance.
  */
 
+import { encodeKV } from "./encode-kv.js";
+
 /** Supported scalar types for search params (append ? for optional). */
 export type SearchSchemaValue =
   | "string"
@@ -200,15 +202,15 @@ export function parseSearchParams<T extends SearchSchema>(
 
 /**
  * Serialize a typed search params object to a query string (without leading `?`).
- * Skips `undefined` and `null` values.
+ * Skips `undefined` and `null` values. Preserves insertion order (no sort).
  */
 export function serializeSearchParams(params: Record<string, unknown>): string {
-  const parts: string[] = [];
+  // Pre-filter null/undefined and coerce values to strings here so encodeKV
+  // (which never inspects values) reproduces this call site's exact output.
+  const pairs: [string, string][] = [];
   for (const [key, value] of Object.entries(params)) {
     if (value === undefined || value === null) continue;
-    parts.push(
-      `${encodeURIComponent(key)}=${encodeURIComponent(String(value))}`,
-    );
+    pairs.push([key, String(value)]);
   }
-  return parts.join("&");
+  return encodeKV(pairs);
 }

package/src/segment-system.tsx

@@ -30,9 +30,15 @@ function isRenderableLoading(loading: ReactNode): boolean {
   return loading !== undefined && loading !== null && loading !== false;
 }
 
-function restoreParallelLoaderMarkers(
+// Exported for unit testing the no-parallel fast path (D6); internal otherwise.
+export function restoreParallelLoaderMarkers(
   segments: ResolvedSegment[],
 ): ResolvedSegment[] {
+  // Parallel-loading markers only exist when a parallel segment is present, so
+  // a list with no parallel slot has nothing to restore. Skip the Map alloc and
+  // full scan in that (common) case — this runs on every render.
+  if (!segments.some((s) => s.type === "parallel")) return segments;
+
   const parallelLoadingByNamespace = new Map<string, ReactNode>();
   let nextSegments: ResolvedSegment[] | null = null;
 

package/src/server/cookie-parse.ts

@@ -0,0 +1,32 @@
+/**
+ * Canonical inbound-Cookie-header parser.
+ *
+ * Kept as a dependency-free leaf so any consumer (request-context, the host
+ * dispatcher, tests) can share one implementation without pulling a heavier
+ * module's graph. A duplicate copy in middleware-cookies.ts was removed; the
+ * host copy in cookie-handler.ts was collapsed onto this one. Not part of the
+ * public export surface.
+ */
+export function parseCookiesFromHeader(
+  cookieHeader: string | null,
+): Record<string, string> {
+  if (!cookieHeader) return {};
+
+  const cookies: Record<string, string> = {};
+  const pairs = cookieHeader.split(";");
+
+  for (const pair of pairs) {
+    const [name, ...rest] = pair.trim().split("=");
+    if (name) {
+      const raw = rest.join("=");
+      try {
+        cookies[name] = decodeURIComponent(raw);
+      } catch {
+        // Malformed percent-encoding: fall back to raw value
+        cookies[name] = raw;
+      }
+    }
+  }
+
+  return cookies;
+}

package/src/server/handle-store.ts

@@ -174,8 +174,10 @@ export function createHandleStore(): HandleStore {
     notifyDrain();
   }
 
-  // Queue for pending emissions and resolver for waiting consumer
-  let pendingEmissions: HandleData[] = [];
+  // Dirty flag for pending emissions and resolver for waiting consumer.
+  // stream() only ever yields the latest full state, so we track a single
+  // dirty bit and clone `data` once at yield time instead of per push.
+  let hasPendingEmission = false;
   let emissionResolver: (() => void) | null = null;
   let completed = false;
 
@@ -190,7 +192,7 @@ export function createHandleStore(): HandleStore {
 
   // Wait for the next emission or completion
   function waitForEmission(): Promise<void> {
-    if (pendingEmissions.length > 0 || completed) {
+    if (hasPendingEmission || completed) {
       return Promise.resolve();
     }
     return new Promise((resolve) => {
@@ -238,8 +240,8 @@ export function createHandleStore(): HandleStore {
       }
       data[handleName][segmentId].push(value);
 
-      // Queue a snapshot for emission
-      pendingEmissions.push(cloneHandleData(data));
+      // Mark dirty; the actual snapshot is cloned once at yield time.
+      hasPendingEmission = true;
       signalEmission();
     },
 
@@ -260,22 +262,20 @@ export function createHandleStore(): HandleStore {
       await new Promise((resolve) => setTimeout(resolve, 0));
 
       if (Object.keys(data).length > 0) {
-        pendingEmissions = [];
-        const snapshot = cloneHandleData(data);
-        yield snapshot;
+        hasPendingEmission = false;
+        yield cloneHandleData(data);
       }
 
       while (!completed) {
         await waitForEmission();
 
-        if (pendingEmissions.length > 0) {
-          const latest = pendingEmissions[pendingEmissions.length - 1];
-          pendingEmissions = [];
-          yield latest;
+        if (hasPendingEmission) {
+          hasPendingEmission = false;
+          yield cloneHandleData(data);
         }
       }
 
-      if (pendingEmissions.length > 0) {
+      if (hasPendingEmission) {
         yield cloneHandleData(data);
       }
     },
@@ -303,7 +303,7 @@ export function createHandleStore(): HandleStore {
         // segment, not accumulate on top of data from a different route.
         data[handleName][segmentId] = [...segmentHandles[handleName]];
       }
-      pendingEmissions.push(cloneHandleData(data));
+      hasPendingEmission = true;
       signalEmission();
     },
   };

package/src/server/request-context.ts

@@ -11,6 +11,7 @@
  */
 
 import { AsyncLocalStorage } from "node:async_hooks";
+import { parseCookiesFromHeader } from "./cookie-parse.js";
 import type { CacheErrorCategory } from "../cache/cache-error.js";
 import type { CookieOptions } from "../router/middleware.js";
 import {
@@ -979,32 +980,10 @@ function parseResponseCookies(response: Response): Map<string, string | null> {
   return result;
 }
 
-// Exported for unit tests; the canonical cookie parse/serialize lives here
-// (a duplicate copy in middleware-cookies.ts was removed). Not part of the
-// public export surface.
-export function parseCookiesFromHeader(
-  cookieHeader: string | null,
-): Record<string, string> {
-  if (!cookieHeader) return {};
-
-  const cookies: Record<string, string> = {};
-  const pairs = cookieHeader.split(";");
-
-  for (const pair of pairs) {
-    const [name, ...rest] = pair.trim().split("=");
-    if (name) {
-      const raw = rest.join("=");
-      try {
-        cookies[name] = decodeURIComponent(raw);
-      } catch {
-        // Malformed percent-encoding: fall back to raw value
-        cookies[name] = raw;
-      }
-    }
-  }
-
-  return cookies;
-}
+// Re-exported for unit tests and the existing import path. The implementation
+// lives in the dependency-free ./cookie-parse leaf so consumers (e.g. the host
+// dispatcher) can share it without pulling this module's request-context graph.
+export { parseCookiesFromHeader };
 
 export function serializeCookieValue(
   name: string,