@timber-js/app 0.2.0-alpha.35 → 0.2.0-alpha.37

package/src/server/html-injectors.ts

@@ -8,6 +8,7 @@
  */
 
 import { createMachine } from '../utils/state-machine.js';
+import { flightChunkScript } from './flight-scripts.js';
 import {
   flightInjectionTransitions,
   isSuffixStripped,
@@ -105,22 +106,6 @@ export function injectScripts(
   return createInjector(stream, scriptsHtml, '</body>');
 }
 
-/**
- * Escape a string for safe embedding inside a `<script>` tag within
- * a JSON-encoded value.
- *
- * Only needs to prevent `</script>` from closing the tag early and
- * handle U+2028/U+2029 (line/paragraph separators valid in JSON but
- * historically problematic in JS). Since we use JSON.stringify for the
- * outer encoding, we only escape `<` and the line separators.
- */
-function htmlEscapeJsonString(str: string): string {
-  return str
-    .replace(/</g, '\\u003c')
-    .replace(/\u2028/g, '\\u2028')
-    .replace(/\u2029/g, '\\u2029');
-}
-
 /**
  * Transform an RSC Flight stream into a stream of inline `<script>` tags.
  *
@@ -128,15 +113,9 @@ function htmlEscapeJsonString(str: string): string {
  * transform) drives reads from the RSC stream on demand. No background
  * reader, no shared mutable arrays, no race conditions.
  *
- * Each RSC chunk becomes:
- *   <script>(self.__timber_f=self.__timber_f||[]).push([1,"escaped_chunk"])</script>
- *
- * The first chunk emitted is the bootstrap signal [0] which the client
- * uses to initialize its buffer.
- *
- * Uses JSON-encoded typed tuples matching the pattern from Next.js:
- *   [0]        — bootstrap signal
- *   [1, data]  — RSC Flight data chunk (UTF-8 string)
+ * Each RSC chunk becomes a `<script>self.__timber_f.push([1,"data"])</script>`.
+ * The init script (which creates __timber_f) is in `<head>` via
+ * flightInitScript() — see flight-scripts.ts.
  */
 export function createInlinedRscStream(
   rscStream: ReadableStream<Uint8Array>
@@ -146,11 +125,9 @@ export function createInlinedRscStream(
   const decoder = new TextDecoder('utf-8', { fatal: true });
 
   return new ReadableStream<Uint8Array>({
-    start(controller) {
-      // Emit bootstrap signal — tells the client that __timber_f is active
-      const bootstrap = `<script>(self.__timber_f=self.__timber_f||[]).push(${htmlEscapeJsonString(JSON.stringify([0]))})</script>`;
-      controller.enqueue(encoder.encode(bootstrap));
-    },
+    // No bootstrap signal here — the init script is in <head> via
+    // flightInitScript() (see flight-scripts.ts). This ensures the
+    // __timber_f array exists before any chunk scripts execute.
     async pull(controller) {
       try {
         const { done, value } = await rscReader.read();
@@ -160,8 +137,7 @@ export function createInlinedRscStream(
         }
         if (value) {
           const decoded = decoder.decode(value, { stream: true });
-          const escaped = htmlEscapeJsonString(JSON.stringify([1, decoded]));
-          controller.enqueue(encoder.encode(`<script>self.__timber_f.push(${escaped})</script>`));
+          controller.enqueue(encoder.encode(flightChunkScript(decoded)));
         }
       } catch (error) {
         controller.error(error);

package/src/server/index.ts

@@ -13,6 +13,8 @@ export {
   headers,
   cookies,
   rawSearchParams,
+  rawSegmentParams,
+  setSegmentParams,
   runWithRequestContext,
   setMutableCookieContext,
   markResponseFlushed,
@@ -32,6 +34,7 @@ export {
   waitUntil,
   DenySignal,
   RedirectSignal,
+  type RedirectOptions,
 } from './primitives';
 export type { RenderErrorDigest, WaitUntilAdapter } from './primitives';
 export type { JsonSerializable } from './types';

package/src/server/node-stream-transforms.ts

@@ -21,6 +21,7 @@ import { Transform } from 'node:stream';
 import { createGzip, constants } from 'node:zlib';
 
 import { createMachine } from '../utils/state-machine.js';
+import { flightChunkScript } from './flight-scripts.js';
 import {
   flightInjectionTransitions,
   isSuffixStripped,
@@ -90,17 +91,6 @@ export function createNodeHeadInjector(headHtml: string): Transform {
 
 // ─── RSC Flight Injection ────────────────────────────────────────────────────
 
-/**
- * Escape a string for safe embedding inside a `<script>` tag within
- * a JSON-encoded value. Same as htmlEscapeJsonString in html-injectors.ts.
- */
-function htmlEscapeJsonString(str: string): string {
-  return str
-    .replace(/</g, '\\u003c')
-    .replace(/\u2028/g, '\\u2028')
-    .replace(/\u2029/g, '\\u2029');
-}
-
 /**
  * Node.js Transform that merges RSC script tags into the HTML stream.
  *
@@ -157,8 +147,7 @@ export function createNodeFlightInjector(
           return;
         }
         const decoded = decoder.decode(value, { stream: true });
-        const escaped = htmlEscapeJsonString(JSON.stringify([1, decoded]));
-        const scriptBuf = Buffer.from(`<script>self.__timber_f.push(${escaped})</script>`, 'utf-8');
+        const scriptBuf = Buffer.from(flightChunkScript(decoded), 'utf-8');
         // Push directly to the transform output — don't wait for an
         // HTML chunk to trigger drainPending.
         stream.push(scriptBuf);
@@ -175,13 +164,9 @@ export function createNodeFlightInjector(
     }
   }
 
-  // Bootstrap script to emit after the first HTML chunk (but before
-  // any RSC data chunks). Must come AFTER the doctype + <html> so
-  // browsers don't enter Quirks Mode.
-  const bootstrapBuf = Buffer.from(
-    `<script>(self.__timber_f=self.__timber_f||[]).push(${htmlEscapeJsonString(JSON.stringify([0]))})</script>`,
-    'utf-8'
-  );
+  // No bootstrap script here — the init script is in <head> via
+  // flightInitScript() (see flight-scripts.ts). This ensures __timber_f
+  // exists before any chunk scripts execute.
 
   const transform = new Transform({
     transform(chunk: Buffer, _encoding, callback) {
@@ -208,11 +193,10 @@ export function createNodeFlightInjector(
         transform.push(chunk);
       }
 
-      // Emit bootstrap AFTER the first HTML chunk so the doctype and
-      // <html> tag are the first bytes the browser sees. Then start
-      // the pull loop to stream RSC data chunks.
+      // Start the pull loop on the first HTML chunk to stream RSC
+      // data chunks alongside the HTML. The __timber_f init script is
+      // already in <head> (via flightInitScript), so no bootstrap needed.
       if (isFirst) {
-        transform.push(bootstrapBuf);
         pullLoop(transform);
       }
       callback();

package/src/server/pipeline.ts

@@ -21,6 +21,7 @@ import {
   setMutableCookieContext,
   getSetCookieHeaders,
   markResponseFlushed,
+  setSegmentParams,
 } from './request-context.js';
 import {
   generateTraceId,
@@ -484,6 +485,11 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
       throw error;
     }
 
+    // Store coerced segment params in ALS so components can access them
+    // via rawSegmentParams() instead of receiving them as a prop.
+    // See design/07-routing.md §"params.ts — Convention File for Typed Params"
+    setSegmentParams(match.params);
+
     // Stage 3: Leaf middleware.ts (only the leaf route's middleware runs)
     if (match.middleware) {
       const ctx: MiddlewareContext = {

package/src/server/primitives.ts

@@ -6,6 +6,8 @@
 import type { JsonSerializable } from './types.js';
 import { getWaitUntil as _getWaitUntil } from './waituntil-bridge.js';
 import { isDebug } from './debug.js';
+import { getRequestSearchString } from './request-context.js';
+import { mergePreservedSearchParams } from '#/shared/merge-search-params.js';
 
 // ─── Dev-mode validation ────────────────────────────────────────────────────
 
@@ -209,14 +211,46 @@ export class RedirectSignal extends Error {
 /** Pattern matching absolute URLs: http(s):// or protocol-relative // */
 const ABSOLUTE_URL_RE = /^(?:[a-zA-Z][a-zA-Z\d+\-.]*:|\/\/)/;
 
+/**
+ * Options for redirect() — alternative to passing a bare status code.
+ */
+export interface RedirectOptions {
+  /** HTTP redirect status code (3xx). Defaults to 302. */
+  status?: number;
+  /**
+   * Preserve search params from the current request URL on the redirect target.
+   *
+   * - `true` — preserve ALL current search params (target params take precedence)
+   * - `string[]` — preserve only the named params (e.g. `['private', 'token']`)
+   *
+   * Target path's own query params always take precedence over preserved ones.
+   */
+  preserveSearchParams?: true | string[];
+}
+
 /**
  * Redirect to a relative path. Rejects absolute and protocol-relative URLs.
  * Use `redirectExternal()` for external redirects with an allow-list.
  *
  * @param path - Relative path (e.g. '/login', 'settings', '/login?returnTo=/dash')
- * @param status - HTTP redirect status code (3xx). Defaults to 302.
+ * @param statusOrOptions - HTTP status code (3xx, default 302) or options object.
+ *
+ * @example
+ * // Simple redirect
+ * redirect('/login');
+ *
+ * // With status code
+ * redirect('/login', 301);
+ *
+ * // With preserved search params
+ * redirect(`/docs/${version}/${slug}`, { preserveSearchParams: ['foo'] });
  */
-export function redirect(path: string, status: number = 302): never {
+export function redirect(path: string, statusOrOptions?: number | RedirectOptions): never {
+  const status =
+    typeof statusOrOptions === 'number' ? statusOrOptions : (statusOrOptions?.status ?? 302);
+  const preserveSearchParams =
+    typeof statusOrOptions === 'object' ? statusOrOptions.preserveSearchParams : undefined;
+
   if (status < 300 || status > 399) {
     throw new Error(`redirect() requires a 3xx status code, got ${status}.`);
   }
@@ -226,7 +260,14 @@ export function redirect(path: string, status: number = 302): never {
         'Use redirectExternal(url, allowList) for external redirects.'
     );
   }
-  throw new RedirectSignal(path, status);
+
+  let resolvedPath = path;
+  if (preserveSearchParams) {
+    const currentSearch = getRequestSearchString();
+    resolvedPath = mergePreservedSearchParams(path, currentSearch, preserveSearchParams);
+  }
+
+  throw new RedirectSignal(resolvedPath, status);
 }
 
 /**
@@ -236,9 +277,10 @@ export function redirect(path: string, status: number = 302): never {
  * will replay POST requests to the new location. This matches Next.js behavior.
  *
  * @param path - Relative path (e.g. '/new-page', '/dashboard')
+ * @param options - Optional redirect options (e.g. preserveSearchParams).
  */
-export function permanentRedirect(path: string): never {
-  redirect(path, 308);
+export function permanentRedirect(path: string, options?: Omit<RedirectOptions, 'status'>): never {
+  redirect(path, { status: 308, ...options });
 }
 
 /**

package/src/server/request-context.ts

@@ -178,6 +178,72 @@ export function rawSearchParams(): Promise<URLSearchParams> {
   return store.searchParamsPromise;
 }
 
+/**
+ * Returns a Promise resolving to the current request's coerced segment params.
+ *
+ * Segment params are set by the pipeline after route matching and param
+ * coercion (via params.ts codecs). When no params.ts exists, values are
+ * raw strings. When codecs are defined, values are already coerced
+ * (e.g., `id` is a `number` if `defineSegmentParams({ id: z.coerce.number() })`).
+ *
+ * This is the primary way page and layout components access route params:
+ *
+ * ```ts
+ * import { rawSegmentParams } from '@timber-js/app/server'
+ *
+ * export default async function Page() {
+ *   const { slug } = await rawSegmentParams()
+ *   // ...
+ * }
+ * ```
+ *
+ * Throws if called outside a request context.
+ */
+export function rawSegmentParams(): Promise<Record<string, string | string[]>> {
+  const store = requestContextAls.getStore();
+  if (!store) {
+    throw new Error(
+      '[timber] rawSegmentParams() called outside of a request context. ' +
+        'It can only be used in middleware, access checks, server components, and server actions.'
+    );
+  }
+  if (!store.segmentParamsPromise) {
+    throw new Error(
+      '[timber] rawSegmentParams() called before route matching completed. ' +
+        'Segment params are not available until after the route is matched.'
+    );
+  }
+  return store.segmentParamsPromise;
+}
+
+/**
+ * Set the segment params promise on the current request context.
+ * Called by the pipeline after route matching and param coercion.
+ *
+ * @internal — framework use only
+ */
+export function setSegmentParams(params: Record<string, string | string[]>): void {
+  const store = requestContextAls.getStore();
+  if (!store) {
+    throw new Error('[timber] setSegmentParams() called outside of a request context.');
+  }
+  store.segmentParamsPromise = Promise.resolve(params);
+}
+
+/**
+ * Returns the raw search string from the current request URL (e.g. "?foo=bar").
+ * Synchronous — safe for use in `redirect()` which throws synchronously.
+ *
+ * Returns empty string if called outside a request context (non-throwing for
+ * use in redirect's optional preserveSearchParams path).
+ *
+ * @internal — used by redirect() for preserveSearchParams support.
+ */
+export function getRequestSearchString(): string {
+  const store = requestContextAls.getStore();
+  return store?.searchString ?? '';
+}
+
 // ─── Types ────────────────────────────────────────────────────────────────
 
 /**
@@ -253,11 +319,13 @@ export interface RequestCookies {
  */
 export function runWithRequestContext<T>(req: Request, fn: () => T): T {
   const originalCopy = new Headers(req.headers);
+  const parsedUrl = new URL(req.url);
   const store: RequestContextStore = {
     headers: freezeHeaders(req.headers),
     originalHeaders: originalCopy,
     cookieHeader: req.headers.get('cookie') ?? '',
-    searchParamsPromise: Promise.resolve(new URL(req.url).searchParams),
+    searchParamsPromise: Promise.resolve(parsedUrl.searchParams),
+    searchString: parsedUrl.search,
     cookieJar: new Map(),
     flushed: false,
     mutableContext: false,

package/src/server/route-element-builder.ts

@@ -110,7 +110,7 @@ function rejectLegacyGenerateMetadata(mod: Record<string, unknown>, filePath: st
         `  // Before\n` +
         `  export async function generateMetadata({ params }) { ... }\n\n` +
         `  // After\n` +
-        `  export async function metadata({ params }) { ... }`
+        `  export async function metadata() { ... }`
     );
   }
 }
@@ -119,19 +119,21 @@ function rejectLegacyGenerateMetadata(mod: Record<string, unknown>, filePath: st
  * Extract and resolve metadata from a module (layout or page).
  * Handles both static metadata objects and async metadata functions.
  * Returns the resolved Metadata, or null if none exported.
+ *
+ * Metadata functions no longer receive { params } — they access params
+ * via rawSegmentParams() from ALS, same as page/layout components.
  */
 async function extractMetadata(
   mod: Record<string, unknown>,
-  segment: ManifestSegmentNode,
-  paramsPromise: Promise<Record<string, string | string[]>>
+  segment: ManifestSegmentNode
 ): Promise<Metadata | null> {
   if (typeof mod.metadata === 'function') {
-    type MetadataFn = (props: Record<string, unknown>) => Promise<Metadata>;
+    type MetadataFn = () => Promise<Metadata>;
     return (
       (await withSpan(
         'timber.metadata',
         { 'timber.segment': segment.segmentName ?? segment.urlPath },
-        () => (mod.metadata as MetadataFn)({ params: paramsPromise })
+        () => (mod.metadata as MetadataFn)()
       )) ?? null
     );
   }
@@ -172,9 +174,6 @@ export async function buildRouteElement(
 ): Promise<RouteElementResult> {
   const segments = match.segments as unknown as ManifestSegmentNode[];
 
-  // Params are passed as a Promise to match Next.js 15+ convention.
-  const paramsPromise = Promise.resolve(match.params);
-
   // Load all modules along the segment chain
   const metadataEntries: Array<{ metadata: Metadata; isPage: boolean }> = [];
   const layoutComponents: LayoutComponentEntry[] = [];
@@ -199,7 +198,7 @@ export async function buildRouteElement(
       // middleware and rendering. See coerceSegmentParams() in pipeline.ts.
 
       rejectLegacyGenerateMetadata(mod, segment.layout.filePath ?? segment.urlPath);
-      const layoutMetadata = await extractMetadata(mod, segment, paramsPromise);
+      const layoutMetadata = await extractMetadata(mod, segment);
       if (layoutMetadata) {
         metadataEntries.push({ metadata: layoutMetadata, isPage: false });
       }
@@ -217,7 +216,7 @@ export async function buildRouteElement(
         PageComponent = mod.default as (...args: unknown[]) => unknown;
       }
       rejectLegacyGenerateMetadata(mod, segment.page.filePath ?? segment.urlPath);
-      const pageMetadata = await extractMetadata(mod, segment, paramsPromise);
+      const pageMetadata = await extractMetadata(mod, segment);
       if (pageMetadata) {
         metadataEntries.push({ metadata: pageMetadata, isPage: true });
       }
@@ -317,9 +316,7 @@ export async function buildRouteElement(
     );
   };
 
-  let element = h(TracedPage, {
-    params: paramsPromise,
-  });
+  let element = h(TracedPage, {});
 
   // Build a lookup of layout components by segment for O(1) access.
   const layoutBySegment = new Map(
@@ -399,7 +396,6 @@ export async function buildRouteElement(
       if (accessFn) {
         element = h(AccessGate, {
           accessFn,
-          params: match.params,
           segmentName: segment.segmentName,
           verdict: accessVerdicts.get(i),
           children: element,
@@ -416,7 +412,6 @@ export async function buildRouteElement(
         slotProps[slotName] = await resolveSlotElement(
           slotNode as ManifestSegmentNode,
           match,
-          paramsPromise,
           h,
           interception
         );
@@ -447,7 +442,6 @@ export async function buildRouteElement(
         parallelRouteKeys,
         children: h(TracedLayout, {
           ...slotProps,
-          params: paramsPromise,
           children: element,
         }),
       });

package/src/server/rsc-entry/error-renderer.ts

@@ -12,6 +12,7 @@ import { logRenderError } from '#/server/logger.js';
 import type { ManifestSegmentNode } from '#/server/route-matcher.js';
 import { DenySignal, RenderError } from '#/server/primitives.js';
 import type { ClientBootstrapConfig } from '#/server/html-injectors.js';
+import { flightInitScript } from '#/server/flight-scripts.js';
 import { renderDenyPage } from '#/server/deny-renderer.js';
 import type { LayoutEntry } from '#/server/deny-renderer.js';
 import type { NavContext } from '#/server/ssr-entry.js';
@@ -125,7 +126,7 @@ export async function renderErrorPage(
     searchParams: Object.fromEntries(new URL(req.url).searchParams),
     statusCode: status,
     responseHeaders,
-    headHtml: '',
+    headHtml: flightInitScript(),
     bootstrapScriptContent: clientBootstrap.bootstrapScriptContent,
     rscStream: inlineStream,
     cookies: getCookiesForSsr(),

package/src/server/rsc-entry/ssr-renderer.ts

@@ -13,6 +13,7 @@
  */
 
 import type { ClientBootstrapConfig } from '#/server/html-injectors.js';
+import { flightInitScript } from '#/server/flight-scripts.js';
 import type { LayoutEntry } from '#/server/deny-renderer.js';
 import { renderDenyPage } from '#/server/deny-renderer.js';
 import type { RouteMatch } from '#/server/pipeline.js';
@@ -105,7 +106,14 @@ export async function renderSsrResponse(opts: SsrRenderOptions): Promise<Respons
     searchParams: Object.fromEntries(new URL(req.url).searchParams),
     statusCode: 200,
     responseHeaders,
-    headHtml: headHtml + clientBootstrap.preloadLinks + segmentScript + paramsScript,
+    headHtml:
+      headHtml +
+      clientBootstrap.preloadLinks +
+      segmentScript +
+      paramsScript +
+      // Initialize __timber_f in <head> so it exists before any streaming
+      // chunk scripts arrive in <body>. See flight-scripts.ts, LOCAL-415.
+      (clientJsDisabled ? '' : flightInitScript()),
     bootstrapScriptContent: clientBootstrap.bootstrapScriptContent,
     // Skip RSC inline stream when client JS is disabled — no client to hydrate.
     rscStream: clientJsDisabled ? undefined : inlineStream,

package/src/server/slot-resolver.ts

@@ -45,13 +45,12 @@ async function loadComponent(loader: {
  */
 async function renderDefaultFallback(
   slotNode: ManifestSegmentNode,
-  paramsPromise: Promise<Record<string, string | string[]>>,
   h: CreateElementFn
 ): Promise<React.ReactElement | null> {
   if (!slotNode.default) return null;
   const DefaultComp = await loadComponent(slotNode.default);
   if (!DefaultComp) return null;
-  return h(DefaultComp, { params: paramsPromise });
+  return h(DefaultComp, {});
 }
 
 // ─── Segment Tree Matching ──────────────────────────────────────────────────
@@ -153,7 +152,6 @@ function walkSegmentTree(
 export async function resolveSlotElement(
   slotNode: ManifestSegmentNode,
   match: RouteMatch,
-  paramsPromise: Promise<Record<string, string | string[]>>,
   h: CreateElementFn,
   interception?: InterceptionContext
 ): Promise<React.ReactElement | null> {
@@ -174,7 +172,7 @@ export async function resolveSlotElement(
       // degrade to default.tsx or null — not crash the page. This matches
       // Next.js behavior. See design/02-rendering-pipeline.md
       // §"Slot Access Failure = Graceful Degradation"
-      const denyFallback = await renderDefaultFallback(slotNode, paramsPromise, h);
+      const denyFallback = await renderDefaultFallback(slotNode, h);
 
       // Wrap the slot page to catch DenySignal (from notFound() or deny())
       // at the component level. This prevents the signal from reaching the
@@ -192,23 +190,21 @@ export async function resolveSlotElement(
         }
       };
 
-      let element: React.ReactElement = h(SafeSlotPage, {
-        params: paramsPromise,
-      });
+      let element: React.ReactElement = h(SafeSlotPage, {});
 
       // Wrap with error boundaries and layouts from intermediate slot segments
       // (everything between slot root and leaf). Process innermost-first, same
       // order as route-element-builder.ts handles main segments. The slot root
       // (index 0) is handled separately after the access gate below.
-      element = await wrapWithIntermediateSegments(slotMatch.chain, element, paramsPromise, h);
+      element = await wrapWithIntermediateSegments(slotMatch.chain, element, h);
 
       // Wrap in SlotAccessGate if slot root has access.ts.
       // On denial: denied.tsx → default.tsx → null (graceful degradation).
       // See design/04-authorization.md §"Slot-Level Auth".
-      element = await wrapWithAccessGate(slotNode, element, paramsPromise, h);
+      element = await wrapWithAccessGate(slotNode, element, h);
 
       // Wrap with slot root's layout (outermost, outside access gate)
-      element = await wrapWithLayout(slotNode, element, paramsPromise, h);
+      element = await wrapWithLayout(slotNode, element, h);
 
       // Wrap with slot root's error boundaries (outermost)
       element = await wrapSegmentWithErrorBoundaries(slotNode, element, h);
@@ -231,7 +227,7 @@ export async function resolveSlotElement(
   }
 
   // No matching page — render default.tsx fallback
-  return renderDefaultFallback(slotNode, paramsPromise, h);
+  return renderDefaultFallback(slotNode, h);
 }
 
 // ─── Element Wrapping Helpers ───────────────────────────────────────────────
@@ -244,13 +240,12 @@ export async function resolveSlotElement(
 async function wrapWithIntermediateSegments(
   chain: ManifestSegmentNode[],
   element: React.ReactElement,
-  paramsPromise: Promise<Record<string, string | string[]>>,
   h: CreateElementFn
 ): Promise<React.ReactElement> {
   for (let i = chain.length - 1; i > 0; i--) {
     const seg = chain[i];
     element = await wrapSegmentWithErrorBoundaries(seg, element, h);
-    element = await wrapWithLayout(seg, element, paramsPromise, h);
+    element = await wrapWithLayout(seg, element, h);
   }
   return element;
 }
@@ -261,13 +256,12 @@ async function wrapWithIntermediateSegments(
 async function wrapWithLayout(
   node: ManifestSegmentNode,
   element: React.ReactElement,
-  paramsPromise: Promise<Record<string, string | string[]>>,
   h: CreateElementFn
 ): Promise<React.ReactElement> {
   if (!node.layout) return element;
   const Layout = await loadComponent(node.layout);
   if (!Layout) return element;
-  return h(Layout, { params: paramsPromise, children: element });
+  return h(Layout, { children: element });
 }
 
 /**
@@ -277,7 +271,6 @@ async function wrapWithLayout(
 async function wrapWithAccessGate(
   slotNode: ManifestSegmentNode,
   element: React.ReactElement,
-  paramsPromise: Promise<Record<string, string | string[]>>,
   h: CreateElementFn
 ): Promise<React.ReactElement> {
   if (!slotNode.access) return element;
@@ -295,12 +288,10 @@ async function wrapWithAccessGate(
   // Extract slot name from the directory name (strip @ prefix)
   const slotName = slotNode.segmentName?.replace(/^@/, '') ?? '';
 
-  const defaultFallback = await renderDefaultFallback(slotNode, paramsPromise, h);
-  const params = await paramsPromise;
+  const defaultFallback = await renderDefaultFallback(slotNode, h);
 
   return h(SlotAccessGate, {
     accessFn,
-    params,
     DeniedComponent,
     slotName,
     createElement: h,