npm - @timber-js/app - Versions diffs - 0.2.0-alpha.97 → 0.2.0-alpha.99 - Mend

@timber-js/app 0.2.0-alpha.97 → 0.2.0-alpha.99

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (372) hide show

package/dist/_chunks/actions-CQ8Z8VGL.js +1061 -0
package/dist/_chunks/actions-CQ8Z8VGL.js.map +1 -0
package/dist/_chunks/build-output-helper-DXnW0qjz.js +61 -0
package/dist/_chunks/build-output-helper-DXnW0qjz.js.map +1 -0
package/dist/_chunks/{define-Itxvcd7F.js → define-B-Q_UMOD.js} +19 -23
package/dist/_chunks/define-B-Q_UMOD.js.map +1 -0
package/dist/_chunks/{define-C77ScO0m.js → define-CfBPoJb0.js} +24 -7
package/dist/_chunks/define-CfBPoJb0.js.map +1 -0
package/dist/_chunks/define-cookie-BjpIt4UC.js +194 -0
package/dist/_chunks/define-cookie-BjpIt4UC.js.map +1 -0
package/dist/_chunks/{format-CYBGxKtc.js → format-Bcn-Iv1x.js} +1 -1
package/dist/_chunks/{format-CYBGxKtc.js.map → format-Bcn-Iv1x.js.map} +1 -1
package/dist/_chunks/handler-store-B-lqaGyh.js +54 -0
package/dist/_chunks/handler-store-B-lqaGyh.js.map +1 -0
package/dist/_chunks/logger-0m8MsKdc.js +291 -0
package/dist/_chunks/logger-0m8MsKdc.js.map +1 -0
package/dist/_chunks/merge-search-params-BphMdht_.js +122 -0
package/dist/_chunks/merge-search-params-BphMdht_.js.map +1 -0
package/dist/_chunks/{metadata-routes-DS3eKNmf.js → metadata-routes-BU684ls2.js} +1 -1
package/dist/_chunks/{metadata-routes-DS3eKNmf.js.map → metadata-routes-BU684ls2.js.map} +1 -1
package/dist/_chunks/navigation-root-BCYczjml.js +96 -0
package/dist/_chunks/navigation-root-BCYczjml.js.map +1 -0
package/dist/_chunks/registry-I2ss-lvy.js +20 -0
package/dist/_chunks/registry-I2ss-lvy.js.map +1 -0
package/dist/_chunks/router-ref-h3-UaCQv.js +28 -0
package/dist/_chunks/router-ref-h3-UaCQv.js.map +1 -0
package/dist/_chunks/{schema-bridge-C3xl_vfb.js → schema-bridge-Cxu4l-7p.js} +1 -1
package/dist/_chunks/{schema-bridge-C3xl_vfb.js.map → schema-bridge-Cxu4l-7p.js.map} +1 -1
package/dist/_chunks/segment-classify-BjfuctV2.js +137 -0
package/dist/_chunks/segment-classify-BjfuctV2.js.map +1 -0
package/dist/_chunks/{segment-context-fHFLF1PE.js → segment-context-Dx_OizxD.js} +1 -1
package/dist/_chunks/{segment-context-fHFLF1PE.js.map → segment-context-Dx_OizxD.js.map} +1 -1
package/dist/_chunks/{router-ref-C8OCm7g7.js → ssr-data-B4CdH7rE.js} +2 -26
package/dist/_chunks/ssr-data-B4CdH7rE.js.map +1 -0
package/dist/_chunks/{stale-reload-BX5gL1r-.js → stale-reload-Bab885FO.js} +1 -1
package/dist/_chunks/{stale-reload-BX5gL1r-.js.map → stale-reload-Bab885FO.js.map} +1 -1
package/dist/_chunks/tracing-C8V-YGsP.js +329 -0
package/dist/_chunks/tracing-C8V-YGsP.js.map +1 -0
package/dist/_chunks/{use-query-states-BiV5GJgm.js → use-query-states-B2XTqxDR.js} +3 -19
package/dist/_chunks/use-query-states-B2XTqxDR.js.map +1 -0
package/dist/_chunks/{use-params-IOPu7E8t.js → use-segment-params-BkpKAQ7D.js} +9 -95
package/dist/_chunks/use-segment-params-BkpKAQ7D.js.map +1 -0
package/dist/_chunks/{interception-BbqMCVXa.js → walkers-Tg0Alwcg.js} +66 -87
package/dist/_chunks/walkers-Tg0Alwcg.js.map +1 -0
package/dist/_chunks/{dev-warnings-DpGRGoDi.js → warnings-Cg47l5sk.js} +3 -3
package/dist/_chunks/warnings-Cg47l5sk.js.map +1 -0
package/dist/adapters/build-output-helper.d.ts +28 -0
package/dist/adapters/build-output-helper.d.ts.map +1 -0
package/dist/adapters/cloudflare.d.ts.map +1 -1
package/dist/adapters/cloudflare.js +8 -28
package/dist/adapters/cloudflare.js.map +1 -1
package/dist/adapters/nitro.d.ts.map +1 -1
package/dist/adapters/nitro.js +63 -31
package/dist/adapters/nitro.js.map +1 -1
package/dist/adapters/shared.d.ts +16 -0
package/dist/adapters/shared.d.ts.map +1 -0
package/dist/cache/index.js +9 -2
package/dist/cache/index.js.map +1 -1
package/dist/cache/timber-cache.d.ts.map +1 -1
package/dist/client/error-boundary.js +2 -1
package/dist/client/error-boundary.js.map +1 -1
package/dist/client/form.d.ts +10 -24
package/dist/client/form.d.ts.map +1 -1
package/dist/client/index.d.ts +1 -5
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +41 -91
package/dist/client/index.js.map +1 -1
package/dist/client/internal.d.ts +2 -1
package/dist/client/internal.d.ts.map +1 -1
package/dist/client/internal.js +81 -7
package/dist/client/internal.js.map +1 -1
package/dist/client/rsc-fetch.d.ts.map +1 -1
package/dist/client/state.d.ts +1 -1
package/dist/client/use-cookie.d.ts +8 -0
package/dist/client/use-cookie.d.ts.map +1 -1
package/dist/client/{use-params.d.ts → use-segment-params.d.ts} +1 -1
package/dist/client/use-segment-params.d.ts.map +1 -0
package/dist/codec.d.ts +1 -1
package/dist/codec.d.ts.map +1 -1
package/dist/codec.js +2 -2
package/dist/config-types.d.ts +28 -0
package/dist/config-types.d.ts.map +1 -1
package/dist/cookies/define-cookie.d.ts +87 -35
package/dist/cookies/define-cookie.d.ts.map +1 -1
package/dist/cookies/index.d.ts +2 -1
package/dist/cookies/index.d.ts.map +1 -1
package/dist/cookies/index.js +48 -2
package/dist/cookies/index.js.map +1 -0
package/dist/cookies/json-cookie.d.ts +64 -0
package/dist/cookies/json-cookie.d.ts.map +1 -0
package/dist/cookies/validation.d.ts +46 -0
package/dist/cookies/validation.d.ts.map +1 -0
package/dist/{plugins/dev-404-page.d.ts → dev-tools/404-page.d.ts} +9 -19
package/dist/dev-tools/404-page.d.ts.map +1 -0
package/dist/{plugins/dev-browser-logs.d.ts → dev-tools/browser-logs.d.ts} +1 -1
package/dist/dev-tools/browser-logs.d.ts.map +1 -0
package/dist/{plugins/dev-error-page.d.ts → dev-tools/error-page.d.ts} +2 -2
package/dist/dev-tools/error-page.d.ts.map +1 -0
package/dist/{server/dev-holding-server.d.ts → dev-tools/holding-server.d.ts} +5 -3
package/dist/dev-tools/holding-server.d.ts.map +1 -0
package/dist/dev-tools/index.d.ts +31 -0
package/dist/dev-tools/index.d.ts.map +1 -0
package/dist/{server/dev-span-processor.d.ts → dev-tools/instrumentation.d.ts} +26 -6
package/dist/dev-tools/instrumentation.d.ts.map +1 -0
package/dist/{server/dev-logger.d.ts → dev-tools/logger.d.ts} +1 -1
package/dist/dev-tools/logger.d.ts.map +1 -0
package/dist/{plugins/dev-logs.d.ts → dev-tools/logs.d.ts} +1 -1
package/dist/dev-tools/logs.d.ts.map +1 -0
package/dist/{plugins/dev-error-overlay.d.ts → dev-tools/overlay.d.ts} +3 -12
package/dist/dev-tools/overlay.d.ts.map +1 -0
package/dist/dev-tools/stack-classifier.d.ts +34 -0
package/dist/dev-tools/stack-classifier.d.ts.map +1 -0
package/dist/{plugins/dev-terminal-error.d.ts → dev-tools/terminal.d.ts} +2 -2
package/dist/dev-tools/terminal.d.ts.map +1 -0
package/dist/{server/dev-warnings.d.ts → dev-tools/warnings.d.ts} +1 -1
package/dist/dev-tools/warnings.d.ts.map +1 -0
package/dist/index.d.ts +1 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +285 -133
package/dist/index.js.map +1 -1
package/dist/plugin-context.d.ts +1 -1
package/dist/plugin-context.d.ts.map +1 -1
package/dist/plugins/adapter-build.d.ts.map +1 -1
package/dist/plugins/build-report.d.ts +6 -4
package/dist/plugins/build-report.d.ts.map +1 -1
package/dist/routing/convention-lint.d.ts.map +1 -1
package/dist/routing/index.d.ts +5 -3
package/dist/routing/index.d.ts.map +1 -1
package/dist/routing/index.js +3 -3
package/dist/routing/scanner.d.ts +1 -10
package/dist/routing/scanner.d.ts.map +1 -1
package/dist/routing/segment-classify.d.ts +37 -8
package/dist/routing/segment-classify.d.ts.map +1 -1
package/dist/routing/status-file-lint.d.ts.map +1 -1
package/dist/routing/types.d.ts +63 -23
package/dist/routing/types.d.ts.map +1 -1
package/dist/routing/walkers.d.ts +51 -0
package/dist/routing/walkers.d.ts.map +1 -0
package/dist/search-params/define.d.ts +25 -7
package/dist/search-params/define.d.ts.map +1 -1
package/dist/search-params/index.js +5 -3
package/dist/search-params/index.js.map +1 -1
package/dist/search-params/wrappers.d.ts +2 -2
package/dist/search-params/wrappers.d.ts.map +1 -1
package/dist/segment-params/define.d.ts +23 -6
package/dist/segment-params/define.d.ts.map +1 -1
package/dist/segment-params/index.js +1 -1
package/dist/server/access-gate.d.ts +4 -3
package/dist/server/access-gate.d.ts.map +1 -1
package/dist/server/action-handler.d.ts +15 -6
package/dist/server/action-handler.d.ts.map +1 -1
package/dist/server/als-registry.d.ts +5 -5
package/dist/server/als-registry.d.ts.map +1 -1
package/dist/server/asset-headers.d.ts +1 -15
package/dist/server/asset-headers.d.ts.map +1 -1
package/dist/server/cookie-context.d.ts +170 -0
package/dist/server/cookie-context.d.ts.map +1 -0
package/dist/server/cookie-parsing.d.ts +51 -0
package/dist/server/cookie-parsing.d.ts.map +1 -0
package/dist/server/deny-boundary.d.ts +90 -0
package/dist/server/deny-boundary.d.ts.map +1 -0
package/dist/server/deny-renderer.d.ts.map +1 -1
package/dist/server/early-hints-sender.d.ts.map +1 -1
package/dist/server/html-injector-core.d.ts +212 -0
package/dist/server/html-injector-core.d.ts.map +1 -0
package/dist/server/html-injectors.d.ts +59 -59
package/dist/server/html-injectors.d.ts.map +1 -1
package/dist/server/index.d.ts +5 -4
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +4 -149
package/dist/server/index.js.map +1 -1
package/dist/server/internal.d.ts +6 -4
package/dist/server/internal.d.ts.map +1 -1
package/dist/server/internal.js +852 -852
package/dist/server/internal.js.map +1 -1
package/dist/server/logger.d.ts +14 -0
package/dist/server/logger.d.ts.map +1 -1
package/dist/server/middleware-runner.d.ts +17 -0
package/dist/server/middleware-runner.d.ts.map +1 -1
package/dist/server/node-stream-transforms.d.ts +46 -49
package/dist/server/node-stream-transforms.d.ts.map +1 -1
package/dist/server/param-coercion.d.ts +26 -0
package/dist/server/param-coercion.d.ts.map +1 -0
package/dist/server/pipeline-helpers.d.ts +95 -0
package/dist/server/pipeline-helpers.d.ts.map +1 -0
package/dist/server/pipeline-outcome.d.ts +49 -0
package/dist/server/pipeline-outcome.d.ts.map +1 -0
package/dist/server/pipeline-phases.d.ts +52 -0
package/dist/server/pipeline-phases.d.ts.map +1 -0
package/dist/server/pipeline.d.ts +51 -32
package/dist/server/pipeline.d.ts.map +1 -1
package/dist/server/port-resolution.d.ts +117 -0
package/dist/server/port-resolution.d.ts.map +1 -0
package/dist/server/request-context.d.ts +22 -159
package/dist/server/request-context.d.ts.map +1 -1
package/dist/server/route-element-builder.d.ts.map +1 -1
package/dist/server/route-matcher.d.ts +20 -47
package/dist/server/route-matcher.d.ts.map +1 -1
package/dist/server/rsc-entry/action-middleware-runner.d.ts +66 -0
package/dist/server/rsc-entry/action-middleware-runner.d.ts.map +1 -0
package/dist/server/rsc-entry/helpers.d.ts +1 -1
package/dist/server/rsc-entry/helpers.d.ts.map +1 -1
package/dist/server/rsc-entry/index.d.ts.map +1 -1
package/dist/server/rsc-entry/render-route.d.ts +50 -0
package/dist/server/rsc-entry/render-route.d.ts.map +1 -0
package/dist/server/rsc-entry/wrap-action-dispatch.d.ts +119 -0
package/dist/server/rsc-entry/wrap-action-dispatch.d.ts.map +1 -0
package/dist/server/state-tree-diff.d.ts.map +1 -1
package/dist/server/status-code-resolver.d.ts +16 -11
package/dist/server/status-code-resolver.d.ts.map +1 -1
package/dist/server/tracing.d.ts +1 -1
package/dist/server/tracing.d.ts.map +1 -1
package/dist/server/tree-builder.d.ts +45 -16
package/dist/server/tree-builder.d.ts.map +1 -1
package/dist/server/types.d.ts +48 -0
package/dist/server/types.d.ts.map +1 -1
package/dist/server/utils/escape-html.d.ts +14 -0
package/dist/server/utils/escape-html.d.ts.map +1 -0
package/dist/shims/headers.d.ts +2 -2
package/dist/shims/headers.d.ts.map +1 -1
package/dist/shims/navigation-client.d.ts +3 -1
package/dist/shims/navigation-client.d.ts.map +1 -1
package/dist/shims/navigation.d.ts +9 -4
package/dist/shims/navigation.d.ts.map +1 -1
package/dist/utils/directive-parser.d.ts +0 -45
package/dist/utils/directive-parser.d.ts.map +1 -1
package/package.json +1 -1
package/src/adapters/build-output-helper.ts +77 -0
package/src/adapters/cloudflare.ts +10 -50
package/src/adapters/nitro.ts +66 -50
package/src/adapters/shared.ts +40 -0
package/src/cache/timber-cache.ts +3 -2
package/src/client/form.tsx +17 -25
package/src/client/index.ts +16 -9
package/src/client/internal.ts +3 -2
package/src/client/router.ts +1 -1
package/src/client/rsc-fetch.ts +15 -0
package/src/client/state.ts +2 -2
package/src/client/use-cookie.ts +29 -0
package/src/codec.ts +3 -7
package/src/config-types.ts +28 -0
package/src/cookies/define-cookie.ts +271 -78
package/src/cookies/index.ts +11 -8
package/src/cookies/json-cookie.ts +105 -0
package/src/cookies/validation.ts +134 -0
package/src/{plugins/dev-404-page.ts → dev-tools/404-page.ts} +17 -48
package/src/{plugins/dev-error-page.ts → dev-tools/error-page.ts} +5 -32
package/src/{server/dev-holding-server.ts → dev-tools/holding-server.ts} +4 -2
package/src/dev-tools/index.ts +90 -0
package/src/dev-tools/instrumentation.ts +176 -0
package/src/{plugins/dev-logs.ts → dev-tools/logs.ts} +2 -2
package/src/{plugins/dev-error-overlay.ts → dev-tools/overlay.ts} +5 -23
package/src/dev-tools/stack-classifier.ts +75 -0
package/src/{plugins/dev-terminal-error.ts → dev-tools/terminal.ts} +4 -38
package/src/{server/dev-warnings.ts → dev-tools/warnings.ts} +1 -1
package/src/index.ts +95 -34
package/src/plugin-context.ts +1 -1
package/src/plugins/adapter-build.ts +3 -1
package/src/plugins/build-report.ts +13 -22
package/src/plugins/dev-server.ts +3 -3
package/src/plugins/routing.ts +14 -12
package/src/plugins/shims.ts +1 -1
package/src/plugins/static-build.ts +1 -1
package/src/routing/codegen.ts +1 -1
package/src/routing/convention-lint.ts +9 -8
package/src/routing/index.ts +5 -3
package/src/routing/interception.ts +1 -1
package/src/routing/scanner.ts +22 -95
package/src/routing/segment-classify.ts +107 -8
package/src/routing/status-file-lint.ts +7 -5
package/src/routing/types.ts +63 -23
package/src/routing/walkers.ts +90 -0
package/src/search-params/define.ts +71 -15
package/src/search-params/wrappers.ts +9 -2
package/src/segment-params/define.ts +66 -13
package/src/server/access-gate.tsx +9 -8
package/src/server/action-handler.ts +34 -38
package/src/server/als-registry.ts +5 -5
package/src/server/asset-headers.ts +8 -34
package/src/server/cookie-context.ts +468 -0
package/src/server/cookie-parsing.ts +135 -0
package/src/server/{deny-page-resolver.ts → deny-boundary.ts} +78 -14
package/src/server/deny-renderer.ts +7 -12
package/src/server/early-hints-sender.ts +3 -2
package/src/server/fallback-error.ts +2 -2
package/src/server/html-injector-core.ts +403 -0
package/src/server/html-injectors.ts +158 -297
package/src/server/index.ts +13 -14
package/src/server/internal.ts +10 -3
package/src/server/logger.ts +23 -0
package/src/server/middleware-runner.ts +44 -0
package/src/server/node-stream-transforms.ts +108 -248
package/src/server/param-coercion.ts +76 -0
package/src/server/pipeline-helpers.ts +204 -0
package/src/server/pipeline-outcome.ts +167 -0
package/src/server/pipeline-phases.ts +409 -0
package/src/server/pipeline.ts +70 -540
package/src/server/port-resolution.ts +215 -0
package/src/server/request-context.ts +46 -451
package/src/server/route-element-builder.ts +8 -4
package/src/server/route-matcher.ts +28 -60
package/src/server/rsc-entry/action-middleware-runner.ts +167 -0
package/src/server/rsc-entry/api-handler.ts +2 -2
package/src/server/rsc-entry/error-renderer.ts +2 -2
package/src/server/rsc-entry/helpers.ts +2 -7
package/src/server/rsc-entry/index.ts +81 -366
package/src/server/rsc-entry/render-route.ts +304 -0
package/src/server/rsc-entry/rsc-payload.ts +1 -1
package/src/server/rsc-entry/ssr-renderer.ts +2 -2
package/src/server/rsc-entry/wrap-action-dispatch.ts +449 -0
package/src/server/sitemap-generator.ts +1 -1
package/src/server/slot-resolver.ts +1 -1
package/src/server/ssr-entry.ts +1 -1
package/src/server/state-tree-diff.ts +4 -1
package/src/server/status-code-resolver.ts +112 -128
package/src/server/tracing.ts +3 -3
package/src/server/tree-builder.ts +134 -56
package/src/server/types.ts +52 -0
package/src/server/utils/escape-html.ts +20 -0
package/src/shims/headers.ts +3 -3
package/src/shims/navigation-client.ts +4 -3
package/src/shims/navigation.ts +9 -7
package/src/utils/directive-parser.ts +0 -392
package/dist/_chunks/actions-DLnUaR65.js +0 -421
package/dist/_chunks/actions-DLnUaR65.js.map +0 -1
package/dist/_chunks/als-registry-HS0LGUl2.js +0 -41
package/dist/_chunks/als-registry-HS0LGUl2.js.map +0 -1
package/dist/_chunks/debug-ECi_61pb.js +0 -108
package/dist/_chunks/debug-ECi_61pb.js.map +0 -1
package/dist/_chunks/define-C77ScO0m.js.map +0 -1
package/dist/_chunks/define-Itxvcd7F.js.map +0 -1
package/dist/_chunks/define-cookie-BowvzoP0.js +0 -94
package/dist/_chunks/define-cookie-BowvzoP0.js.map +0 -1
package/dist/_chunks/dev-warnings-DpGRGoDi.js.map +0 -1
package/dist/_chunks/interception-BbqMCVXa.js.map +0 -1
package/dist/_chunks/merge-search-params-Cm_KIWDX.js +0 -41
package/dist/_chunks/merge-search-params-Cm_KIWDX.js.map +0 -1
package/dist/_chunks/request-context-CK5tZqIP.js +0 -478
package/dist/_chunks/request-context-CK5tZqIP.js.map +0 -1
package/dist/_chunks/router-ref-C8OCm7g7.js.map +0 -1
package/dist/_chunks/segment-classify-BDNn6EzD.js +0 -65
package/dist/_chunks/segment-classify-BDNn6EzD.js.map +0 -1
package/dist/_chunks/tracing-CCYbKn5n.js +0 -238
package/dist/_chunks/tracing-CCYbKn5n.js.map +0 -1
package/dist/_chunks/use-params-IOPu7E8t.js.map +0 -1
package/dist/_chunks/use-query-states-BiV5GJgm.js.map +0 -1
package/dist/client/use-params.d.ts.map +0 -1
package/dist/plugins/dev-404-page.d.ts.map +0 -1
package/dist/plugins/dev-browser-logs.d.ts.map +0 -1
package/dist/plugins/dev-error-overlay.d.ts.map +0 -1
package/dist/plugins/dev-error-page.d.ts.map +0 -1
package/dist/plugins/dev-logs.d.ts.map +0 -1
package/dist/plugins/dev-terminal-error.d.ts.map +0 -1
package/dist/server/deny-page-resolver.d.ts +0 -52
package/dist/server/deny-page-resolver.d.ts.map +0 -1
package/dist/server/dev-fetch-instrumentation.d.ts +0 -22
package/dist/server/dev-fetch-instrumentation.d.ts.map +0 -1
package/dist/server/dev-holding-server.d.ts.map +0 -1
package/dist/server/dev-logger.d.ts.map +0 -1
package/dist/server/dev-span-processor.d.ts.map +0 -1
package/dist/server/dev-warnings.d.ts.map +0 -1
package/dist/server/manifest-status-resolver.d.ts +0 -58
package/dist/server/manifest-status-resolver.d.ts.map +0 -1
package/dist/server/page-deny-boundary.d.ts +0 -31
package/dist/server/page-deny-boundary.d.ts.map +0 -1
package/src/server/dev-fetch-instrumentation.ts +0 -96
package/src/server/dev-span-processor.ts +0 -78
package/src/server/manifest-status-resolver.ts +0 -215
package/src/server/page-deny-boundary.tsx +0 -56
/package/src/client/{use-params.ts → use-segment-params.ts} +0 -0
/package/src/{plugins/dev-browser-logs.ts → dev-tools/browser-logs.ts} +0 -0
/package/src/{server/dev-logger.ts → dev-tools/logger.ts} +0 -0

package/src/server/pipeline.ts CHANGED Viewed

@@ -4,25 +4,21 @@
  * Pipeline stages (in order):
  *   proxy.ts → canonicalize → route match → 103 Early Hints → middleware.ts → render
  *
- * Each stage is a pure function or returns a Response to short-circuit.
- * Each request gets a trace ID, structured logging, and OTEL spans.
+ * The phase functions live in `pipeline-phases.ts` so each phase can be
+ * tested in isolation. The terminal `outcomeToResponse` translator and
+ * stateless helpers live in `pipeline-phases.ts` and `pipeline-helpers.ts`
+ * respectively. This file owns only the public type surface and the
+ * `createPipeline` entry point: trace ID setup, request-context ALS,
+ * Server-Timing wrapping, and the activeRequests counter.
  *
  * See design/07-routing.md §"Request Lifecycle", design/02-rendering-pipeline.md §"Request Flow",
  * and design/17-logging.md §"Production Logging"
  */
-import { canonicalize } from './canonicalize.js';
-import { runProxy, type ProxyExport } from './proxy.js';
-import { runMiddlewareChain, type MiddlewareFn } from './middleware-runner.js';
-import { runWithTimingCollector, withTiming, getServerTimingHeader } from './server-timing.js';
-import {
-  runWithRequestContext,
-  applyRequestHeaderOverlay,
-  setMutableCookieContext,
-  getSetCookieHeaders,
-  markResponseFlushed,
-  setSegmentParams,
-} from './request-context.js';
+import type { ProxyExport } from './proxy.js';
+import type { MiddlewareFn } from './middleware-runner.js';
+import { runWithTimingCollector, getServerTimingHeader } from './server-timing.js';
+import { runWithRequestContext } from './request-context.js';
 import {
   generateTraceId,
   runWithTraceId,
@@ -30,55 +26,28 @@ import {
   replaceTraceId,
   withSpan,
   setSpanAttribute,
-  getTraceId,
 } from './tracing.js';
-import {
-  logRequestReceived,
-  logRequestCompleted,
-  logSlowRequest,
-  logProxyError,
-  logMiddlewareError,
-  logMiddlewareShortCircuit,
-  logRenderError,
-} from './logger.js';
-import { callOnRequestError } from './instrumentation.js';
-import { RedirectSignal, DenySignal } from './primitives.js';
-import { ParamCoercionError } from './route-element-builder.js';
-import { checkVersionSkew, applyReloadHeaders } from './version-skew.js';
-import { serveStaticMetadataFile, serializeSitemap } from './pipeline-metadata.js';
-import { loadModule } from './safe-load.js';
-import { findInterceptionMatch } from './pipeline-interception.js';
-import type { MiddlewareContext } from './types.js';
-import type { SegmentNode } from '../routing/types.js';
-// ─── Prototype-Pollution-Safe Merge ────────────────────────────────────────
+import { logRequestReceived, logRequestCompleted, logSlowRequest } from './logger.js';
+import { DenySignal } from './primitives.js';
+import type { ManifestSegmentNode } from './route-matcher.js';
+import { makeProxyResolver } from './pipeline-helpers.js';
+import { handleRequest, runProxyPhase } from './pipeline-phases.js';
+import { outcomeToResponse } from './pipeline-outcome.js';
-/** Keys that must never be merged via Object.assign — they pollute Object.prototype. */
-const DANGEROUS_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+// ─── Route Match Result ────────────────────────────────────────────────────
 /**
- * Shallow merge that skips prototype-polluting keys.
- *
- * Used instead of Object.assign when the source object comes from
- * user-authored codec output (segmentParams.parse), which could
- * contain __proto__, constructor, or prototype keys.
+ * Result of matching a canonical pathname against the route tree.
  *
- * See TIM-655, design/13-security.md
+ * `segments` is the runtime (`ManifestFile`-specialized) shape — the same
+ * nodes carried in the virtual route manifest. TIM-863 unified this: the
+ * matcher produces `ManifestSegmentNode[]` directly and every consumer
+ * (render, slots, params coercion, early hints, deny fallback) sees the
+ * same structural type with no `as unknown as` laundering.
  */
-export function safeMerge(target: Record<string, unknown>, source: Record<string, unknown>): void {
-  for (const key of Object.keys(source)) {
-    if (!DANGEROUS_KEYS.has(key)) {
-      target[key] = source[key];
-    }
-  }
-}
-// ─── Route Match Result ────────────────────────────────────────────────────
-/** Result of matching a canonical pathname against the route tree. */
 export interface RouteMatch {
   /** The matched segment chain from root to leaf. */
-  segments: SegmentNode[];
+  segments: ManifestSegmentNode[];
   /** Extracted segment params (catch-all segments produce string[]). */
   segmentParams: Record<string, string | string[]>;
   /** Middleware chain from the segment tree, ordered root-to-leaf. */
@@ -117,11 +86,32 @@ export type EarlyHintsEmitter = (
 // ─── Pipeline Configuration ────────────────────────────────────────────────
+/**
+ * Proxy source — a tagged union so the choice between "already-resolved
+ * export" and "lazy HMR-friendly loader" is encoded in the type, not
+ * inferred per-request.
+ *
+ * - `static` — the proxy export is already resolved (production, tests).
+ * - `lazy`   — a loader is called per-request for HMR freshness (dev).
+ *
+ * `PipelineConfig.proxy` also accepts a bare `ProxyExport` (a function or
+ * function array) as shorthand for the static variant — convenient for tests
+ * that construct a `createPipeline` config inline. Omit the field entirely
+ * when the app has no `proxy.ts`.
+ *
+ * See design/07-routing.md §"proxy.ts — Global Middleware".
+ */
+export type ProxyConfig =
+  | { kind: 'static'; export: ProxyExport }
+  | { kind: 'lazy'; loader: () => Promise<{ default: ProxyExport }> };
 export interface PipelineConfig {
-  /** The proxy.ts default export (function or array). Undefined if no proxy.ts. */
-  proxy?: ProxyExport;
-  /** Lazy loader for proxy.ts — called per-request so HMR updates take effect. */
-  proxyLoader?: () => Promise<{ default: ProxyExport }>;
+  /**
+   * proxy.ts source. Undefined if the app has no proxy.ts. Accepts either a
+   * tagged `ProxyConfig` (canonical) or a bare `ProxyExport` as sugar for the
+   * static variant.
+   */
+  proxy?: ProxyConfig | ProxyExport;
   /** Route matcher — resolves a canonical pathname to a RouteMatch. */
   matchRoute: RouteMatcher;
   /** Metadata route matcher — resolves metadata route pathnames (sitemap.xml, robots.txt, etc.) */
@@ -209,70 +199,26 @@ export interface PipelineConfig {
   ) => Response | Promise<Response>;
 }
-// ─── Param Coercion ────────────────────────────────────────────────────────
-/**
- * Run segment param coercion on the matched route's segments.
- *
- * Loads params.ts modules from segments that have them, extracts the
- * segmentParams definition, and coerces raw string params through codecs.
- * Throws ParamCoercionError if any codec fails (→ 404).
- *
- * This runs BEFORE middleware, so ctx.segmentParams is already typed.
- * See design/07-routing.md §"Where Coercion Runs"
- */
-export async function coerceSegmentParams(match: RouteMatch): Promise<void> {
-  const segments = match.segments as unknown as import('./route-matcher.js').ManifestSegmentNode[];
-  for (const segment of segments) {
-    // Only process segments that have a params.ts convention file
-    if (!segment.params) continue;
-    let mod: Record<string, unknown>;
-    try {
-      mod = await loadModule(segment.params);
-    } catch (err) {
-      throw new ParamCoercionError(
-        `Failed to load params module for segment "${segment.segmentName}": ${err instanceof Error ? err.message : String(err)}`
-      );
-    }
-    const segmentParamsDef = mod.segmentParams as
-      | { parse(raw: Record<string, string | string[]>): Record<string, unknown> }
-      | undefined;
-    if (!segmentParamsDef || typeof segmentParamsDef.parse !== 'function') continue;
-    try {
-      const coerced = segmentParamsDef.parse(match.segmentParams);
-      // Merge coerced values back — use safeMerge to prevent prototype pollution
-      // from malicious/buggy codec output. See TIM-655.
-      safeMerge(match.segmentParams, coerced as Record<string, unknown>);
-    } catch (err) {
-      throw new ParamCoercionError(err instanceof Error ? err.message : String(err));
-    }
-  }
-}
 // ─── Pipeline ──────────────────────────────────────────────────────────────
 /**
  * Create the request handler from a pipeline configuration.
  *
- * Returns a function that processes an incoming Request through all pipeline stages
- * and produces a Response. This is the top-level entry point for the server.
+ * Returns a function that processes an incoming Request through all pipeline
+ * stages and produces a Response. This is the top-level entry point for the
+ * server. The body is intentionally small — phase logic lives in
+ * `pipeline-phases.ts`. This function only owns the per-request setup that
+ * has to wrap the entire dispatch: trace ID, request context ALS, span
+ * scope, Server-Timing header emission, and the active-request counter.
  */
 export function createPipeline(config: PipelineConfig): (req: Request) => Promise<Response> {
-  const {
-    proxy,
-    matchRoute,
-    render,
-    earlyHints,
-    stripTrailingSlash = true,
-    slowRequestMs = 3000,
-    serverTiming = 'total',
-    onPipelineError,
-  } = config;
+  // Resolve the proxy source once. The request hot path calls this closure
+  // directly with no discriminant check — the branch is taken here during
+  // setup. For the lazy variant, `loader()` still runs per-request so HMR
+  // continues to re-import the user's proxy.ts.
+  const proxyResolver = makeProxyResolver(config.proxy);
+  const slowRequestMs = config.slowRequestMs ?? 3000;
+  const serverTiming = config.serverTiming ?? 'total';
   // Concurrent request counter — tracks how many requests are in-flight.
   // Logged with each request for diagnosing resource contention.
@@ -311,10 +257,11 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
               }
               let result: Response;
-              if (proxy || config.proxyLoader) {
-                result = await runProxyPhase(req, method, path);
+              if (proxyResolver) {
+                const outcome = await runProxyPhase(config, proxyResolver, req, method, path);
+                result = await outcomeToResponse(config, outcome, { req, method, path });
               } else {
-                result = await handleRequest(req, method, path);
+                result = await handleRequest(config, req, method, path);
               }
               // Set response status on the root span before it ends —
@@ -322,13 +269,14 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
               await setSpanAttribute('http.response.status_code', result.status);
               // Append Server-Timing header based on configured mode.
-              // Response.redirect() creates immutable headers, so we must
-              // ensure mutability before writing Server-Timing.
+              // Header mutability is guaranteed by the producer-side clone
+              // in `outcomeToResponse` and the metadata-route / auto-sitemap
+              // user-handler clones in `handleRequest`, so we can write
+              // directly without a runtime probe. See TIM-866.
               if (serverTiming === 'detailed') {
                 // Detailed: per-phase breakdown (proxy, middleware, render).
                 const timingHeader = getServerTimingHeader();
                 if (timingHeader) {
-                  result = ensureMutableResponse(result);
                   result.headers.set('Server-Timing', timingHeader);
                 }
               } else if (serverTiming === 'total') {
@@ -336,7 +284,6 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
                 // Prevents information disclosure while giving browser
                 // DevTools useful timing data.
                 const totalMs = Math.round(performance.now() - startTime);
-                result = ensureMutableResponse(result);
                 result.headers.set('Server-Timing', `total;dur=${totalMs}`);
               }
               // serverTiming === false: no header at all
@@ -363,421 +310,4 @@ export function createPipeline(config: PipelineConfig): (req: Request) => Promis
       });
     });
   };
-  async function runProxyPhase(req: Request, method: string, path: string): Promise<Response> {
-    try {
-      // Resolve the proxy export. When a proxyLoader is provided (lazy import),
-      // it is called per-request so HMR updates in dev take effect immediately.
-      let proxyExport: ProxyExport;
-      if (config.proxyLoader) {
-        const mod = await config.proxyLoader();
-        proxyExport = mod.default;
-      } else {
-        proxyExport = config.proxy!;
-      }
-      const proxyFn = () => runProxy(proxyExport, req, () => handleRequest(req, method, path));
-      return await withSpan('timber.proxy', {}, () =>
-        serverTiming === 'detailed' ? withTiming('proxy', 'proxy.ts', proxyFn) : proxyFn()
-      );
-    } catch (error) {
-      // Uncaught proxy.ts error → bare HTTP 500
-      logProxyError({ error });
-      await fireOnRequestError(error, req, 'proxy');
-      if (onPipelineError && error instanceof Error) onPipelineError(error, 'proxy');
-      return new Response(null, { status: 500 });
-    }
-  }
-  /**
-   * Build a redirect Response from a RedirectSignal.
-   *
-   * For RSC payload requests (client navigation), returns 204 + X-Timber-Redirect
-   * so the client router can perform a soft SPA redirect. A raw 302 would be
-   * turned into an opaque redirect by fetch({redirect:'manual'}), crashing
-   * createFromFetch. See design/19-client-navigation.md.
-   */
-  function buildRedirectResponse(signal: RedirectSignal, req: Request, headers: Headers): Response {
-    const isRsc = (req.headers.get('Accept') ?? '').includes('text/x-component');
-    if (isRsc) {
-      headers.set('X-Timber-Redirect', signal.location);
-      return new Response(null, { status: 204, headers });
-    }
-    headers.set('Location', signal.location);
-    return new Response(null, { status: signal.status, headers });
-  }
-  async function handleRequest(req: Request, method: string, path: string): Promise<Response> {
-    // Stage 1: URL canonicalization
-    const url = new URL(req.url);
-    const result = canonicalize(url.pathname, stripTrailingSlash);
-    if (!result.ok) {
-      return new Response(null, { status: result.status });
-    }
-    const canonicalPathname = result.pathname;
-    // Stage 1b: Metadata route matching — runs before regular route matching.
-    // Metadata routes skip middleware.ts and access.ts (public endpoints for crawlers).
-    // See design/16-metadata.md §"Pipeline Integration"
-    if (config.matchMetadataRoute) {
-      const metaMatch = config.matchMetadataRoute(canonicalPathname);
-      if (metaMatch) {
-        try {
-          // Static metadata files (.xml, .txt, .png, .ico, etc.) are served
-          // directly from disk. Dynamic metadata routes (.ts, .tsx) export a
-          // handler function that generates the response.
-          if (metaMatch.isStatic) {
-            return await serveStaticMetadataFile(metaMatch);
-          }
-          const mod = await loadModule<{ default?: Function }>(metaMatch.file);
-          if (typeof mod.default !== 'function') {
-            return new Response('Metadata route must export a default function', { status: 500 });
-          }
-          const handlerResult = await mod.default();
-          // If the handler returns a Response, use it directly
-          if (handlerResult instanceof Response) {
-            return handlerResult;
-          }
-          // Otherwise, serialize based on content type
-          const contentType = metaMatch.contentType;
-          let body: string;
-          if (typeof handlerResult === 'string') {
-            body = handlerResult;
-          } else if (contentType === 'application/xml') {
-            body = serializeSitemap(handlerResult);
-          } else if (contentType === 'application/manifest+json') {
-            body = JSON.stringify(handlerResult, null, 2);
-          } else {
-            body = typeof handlerResult === 'string' ? handlerResult : String(handlerResult);
-          }
-          return new Response(body, {
-            status: 200,
-            headers: { 'Content-Type': `${contentType}; charset=utf-8` },
-          });
-        } catch (error) {
-          logRenderError({ method, path, error });
-          if (onPipelineError && error instanceof Error) onPipelineError(error, 'metadata-route');
-          return new Response(null, { status: 500 });
-        }
-      }
-    }
-    // Stage 1b.2: Auto-generated sitemap — serves /sitemap.xml and /sitemap/N.xml
-    // when sitemap generation is enabled and no user-authored sitemap exists.
-    // Runs after metadata route matching so user sitemaps always take precedence.
-    // See design/16-metadata.md §"Auto-generated Sitemap"
-    if (config.autoSitemapHandler) {
-      try {
-        const sitemapResponse = await config.autoSitemapHandler(canonicalPathname);
-        if (sitemapResponse) return sitemapResponse;
-      } catch (error) {
-        logRenderError({ method, path, error });
-        if (onPipelineError && error instanceof Error) onPipelineError(error, 'auto-sitemap');
-        return new Response(null, { status: 500 });
-      }
-    }
-    // Stage 1c: Version skew detection (TIM-446).
-    // For RSC payload requests (client navigation), check if the client's
-    // deployment ID matches the current build. On mismatch, signal the
-    // client to do a full page reload instead of returning an RSC payload
-    // that references mismatched module IDs.
-    const isRscRequest = (req.headers.get('Accept') ?? '').includes('text/x-component');
-    if (isRscRequest) {
-      const skewCheck = checkVersionSkew(req);
-      if (!skewCheck.ok) {
-        const reloadHeaders = new Headers();
-        applyReloadHeaders(reloadHeaders);
-        return new Response(null, { status: 204, headers: reloadHeaders });
-      }
-    }
-    // Stage 2: Route matching
-    let match = matchRoute(canonicalPathname);
-    let interception: InterceptionContext | undefined;
-    // Stage 2a: Intercepting route resolution (modal pattern).
-    // On soft navigation, check if an intercepting route should render instead.
-    // The client sends X-Timber-URL with the current pathname (where they're
-    // navigating FROM). If a rewrite matches, re-route to the source URL so
-    // the source layout renders with the intercepted content in the slot.
-    const sourceUrl = req.headers.get('X-Timber-URL');
-    if (sourceUrl && config.interceptionRewrites?.length) {
-      const intercepted = findInterceptionMatch(
-        canonicalPathname,
-        sourceUrl,
-        config.interceptionRewrites
-      );
-      if (intercepted) {
-        const sourceMatch = matchRoute(intercepted.sourcePathname);
-        if (sourceMatch) {
-          match = sourceMatch;
-          interception = { targetPathname: canonicalPathname };
-        }
-      }
-    }
-    if (!match) {
-      // No route matched — render 404.tsx in root layout if available,
-      // otherwise fall back to a bare 404 Response.
-      if (config.renderNoMatch) {
-        const responseHeaders = new Headers();
-        return config.renderNoMatch(req, responseHeaders);
-      }
-      return new Response(null, { status: 404 });
-    }
-    // Response and request header containers — created before early hints so
-    // the emitter can append Link headers (e.g. for Cloudflare CDN → 103).
-    const responseHeaders = new Headers();
-    const requestHeaderOverlay = new Headers();
-    // Set Cache-Control for dynamic HTML responses. Without this header,
-    // CDNs (particularly Cloudflare) may attempt to buffer/process the
-    // response differently, causing intermittent multi-second delays.
-    // This matches Next.js's default behavior.
-    responseHeaders.set('Cache-Control', 'private, no-cache, no-store, max-age=0, must-revalidate');
-    // Stage 2b: 103 Early Hints (before middleware, after match)
-    // Fires before middleware so the browser can begin fetching critical
-    // assets while middleware runs. Non-fatal — a failing emitter never
-    // blocks the request.
-    if (earlyHints) {
-      try {
-        await earlyHints(match, req, responseHeaders);
-      } catch {
-        // Early hints failure is non-fatal
-      }
-    }
-    // Stage 2c: Param coercion (before middleware)
-    // Load params.ts modules from matched segments and coerce raw string
-    // params through defineSegmentParams codecs. Coercion failure → 404
-    // (middleware never runs). See design/07-routing.md §"Where Coercion Runs"
-    try {
-      await coerceSegmentParams(match);
-    } catch (error) {
-      if (error instanceof ParamCoercionError) {
-        // For API routes (route.ts), return a bare 404 — not an HTML page.
-        // API consumers expect JSON/empty responses, not rendered HTML.
-        const leafSegment = match.segments[match.segments.length - 1];
-        if (
-          (leafSegment as { route?: unknown }).route &&
-          !(leafSegment as { page?: unknown }).page
-        ) {
-          return new Response(null, { status: 404 });
-        }
-        // Route through the app's 404 page (404.tsx in root layout) instead of
-        // returning a bare empty 404 Response. Falls back to bare 404 only if
-        // no renderNoMatch renderer is configured.
-        if (config.renderNoMatch) {
-          return config.renderNoMatch(req, responseHeaders);
-        }
-        return new Response(null, { status: 404 });
-      }
-      throw error;
-    }
-    // Store coerced segment params in ALS so components can access them
-    // via getSegmentParams() instead of receiving them as a prop.
-    // See design/07-routing.md §"params.ts — Convention File for Typed Params"
-    setSegmentParams(match.segmentParams);
-    // Stage 3: Middleware chain (root-to-leaf, short-circuits on first Response)
-    if (match.middlewareChain.length > 0) {
-      const ctx: MiddlewareContext = {
-        req,
-        requestHeaders: requestHeaderOverlay,
-        headers: responseHeaders,
-        segmentParams: match.segmentParams,
-        earlyHints: (hints) => {
-          for (const hint of hints) {
-            // Match Cloudflare's cached Early Hints attribute order: `as` before `rel`.
-            // Cloudflare caches Link headers and re-emits them on subsequent 200s.
-            // If our order differs, the browser sees duplicate preloads and warns.
-            let value: string;
-            if (hint.as !== undefined) {
-              value = `<${hint.href}>; as=${hint.as}; rel=${hint.rel}`;
-            } else {
-              value = `<${hint.href}>; rel=${hint.rel}`;
-            }
-            if (hint.crossOrigin !== undefined) value += `; crossorigin=${hint.crossOrigin}`;
-            if (hint.fetchPriority !== undefined) value += `; fetchpriority=${hint.fetchPriority}`;
-            responseHeaders.append('Link', value);
-          }
-        },
-      };
-      try {
-        // Enable cookie mutation during middleware (design/29-cookies.md §"Context Tracking")
-        setMutableCookieContext(true);
-        const chainFn = () => runMiddlewareChain(match.middlewareChain, ctx);
-        const middlewareResponse = await withSpan('timber.middleware', {}, () =>
-          serverTiming === 'detailed' ? withTiming('mw', 'middleware.ts', chainFn) : chainFn()
-        );
-        setMutableCookieContext(false);
-        if (middlewareResponse) {
-          // Apply cookie jar to short-circuit response.
-          // Response.redirect() creates immutable headers, so ensure
-          // mutability before appending Set-Cookie entries.
-          const finalResponse = ensureMutableResponse(middlewareResponse);
-          applyCookieJar(finalResponse.headers);
-          // Merge parent-set responseHeaders onto the short-circuit response.
-          // Child-set headers take precedence — only add headers not already present.
-          // Snapshot existing keys first so multi-value headers (Set-Cookie, Link)
-          // from the parent are all appended when the child didn't set that key.
-          const existingKeys = new Set(
-            [...finalResponse.headers.keys()].map((k) => k.toLowerCase())
-          );
-          for (const [key, value] of responseHeaders.entries()) {
-            if (!existingKeys.has(key.toLowerCase())) {
-              finalResponse.headers.append(key, value);
-            }
-          }
-          logMiddlewareShortCircuit({ method, path, status: finalResponse.status });
-          return finalResponse;
-        }
-        // Middleware chain completed without short-circuiting — apply any
-        // injected request headers so getHeaders() returns them downstream.
-        applyRequestHeaderOverlay(requestHeaderOverlay);
-      } catch (error) {
-        setMutableCookieContext(false);
-        // RedirectSignal from middleware → HTTP redirect (not an error)
-        if (error instanceof RedirectSignal) {
-          applyCookieJar(responseHeaders);
-          return buildRedirectResponse(error, req, responseHeaders);
-        }
-        // DenySignal from middleware → render deny page with correct status code.
-        // Previously returned bare Response(null) — now renders 403.tsx etc.
-        if (error instanceof DenySignal) {
-          applyCookieJar(responseHeaders);
-          if (config.renderDenyFallback) {
-            try {
-              return await config.renderDenyFallback(error, req, responseHeaders, match);
-            } catch {
-              // Deny page rendering failed — fall through to bare response
-            }
-          }
-          return new Response(null, { status: error.status, headers: responseHeaders });
-        }
-        // Middleware throw → HTTP 500 (middleware runs before rendering,
-        // no error boundary to catch it)
-        logMiddlewareError({ method, path, error });
-        await fireOnRequestError(error, req, 'handler');
-        if (onPipelineError && error instanceof Error) onPipelineError(error, 'middleware');
-        return new Response(null, { status: 500 });
-      }
-    }
-    // Apply cookie jar to response headers before render commits them.
-    // Middleware may have set cookies; they need to be on responseHeaders
-    // before flushResponse creates the Response object.
-    applyCookieJar(responseHeaders);
-    // Stage 4: Render (access gates + element tree + renderToReadableStream)
-    try {
-      const renderFn = () =>
-        render(req, match, responseHeaders, requestHeaderOverlay, interception);
-      const response = await withSpan('timber.render', { 'http.route': canonicalPathname }, () =>
-        serverTiming === 'detailed'
-          ? withTiming('render', 'RSC + SSR render', renderFn)
-          : renderFn()
-      );
-      markResponseFlushed();
-      return response;
-    } catch (error) {
-      // DenySignal leaked from render (e.g. notFound() in metadata()).
-      // Render the deny page with the correct status code.
-      if (error instanceof DenySignal) {
-        if (config.renderDenyFallback) {
-          try {
-            return await config.renderDenyFallback(error, req, responseHeaders, match);
-          } catch {
-            // Deny page rendering failed — fall through to bare response
-          }
-        }
-        return new Response(null, { status: error.status, headers: responseHeaders });
-      }
-      // RedirectSignal leaked from render — honour the redirect
-      if (error instanceof RedirectSignal) {
-        return buildRedirectResponse(error, req, responseHeaders);
-      }
-      logRenderError({ method, path, error });
-      await fireOnRequestError(error, req, 'render');
-      if (onPipelineError && error instanceof Error) onPipelineError(error, 'render');
-      // Try fallback error page before bare 500
-      if (config.renderFallbackError) {
-        try {
-          return await config.renderFallbackError(error, req, responseHeaders);
-        } catch {
-          // Fallback rendering itself failed — fall through to bare 500
-        }
-      }
-      return new Response(null, { status: 500 });
-    }
-  }
-}
-/**
- * Fire the user's onRequestError hook with request context.
- * Extracts request info from the Request object and calls the instrumentation hook.
- */
-async function fireOnRequestError(
-  error: unknown,
-  req: Request,
-  phase: 'proxy' | 'handler' | 'render' | 'action' | 'route'
-): Promise<void> {
-  const url = new URL(req.url);
-  const headersObj: Record<string, string> = {};
-  req.headers.forEach((v, k) => {
-    headersObj[k] = v;
-  });
-  await callOnRequestError(
-    error,
-    { method: req.method, path: url.pathname, headers: headersObj },
-    { phase, routePath: url.pathname, routeType: 'page', traceId: getTraceId() }
-  );
-}
-// ─── Cookie Helpers ──────────────────────────────────────────────────────
-/**
- * Apply all Set-Cookie headers from the cookie jar to a Headers object.
- * Each cookie gets its own Set-Cookie header per RFC 6265 §4.1.
- */
-function applyCookieJar(headers: Headers): void {
-  for (const value of getSetCookieHeaders()) {
-    headers.append('Set-Cookie', value);
-  }
-}
-// ─── Immutable Response Helpers ──────────────────────────────────────────
-/**
- * Ensure a Response has mutable headers so the pipeline can safely append
- * Set-Cookie and Server-Timing entries.
- *
- * `Response.redirect()` and some platform-level responses return objects
- * with immutable headers. Calling `.set()` or `.append()` on them throws
- * `TypeError: immutable`. This helper detects the immutable case by
- * attempting a no-op write and, on failure, clones into a fresh Response
- * with mutable headers.
- */
-function ensureMutableResponse(response: Response): Response {
-  try {
-    // Probe mutability with a benign operation that we immediately undo.
-    // We pick a header name that is extremely unlikely to collide with
-    // anything meaningful and delete it right away.
-    response.headers.set('X-Timber-Probe', '1');
-    response.headers.delete('X-Timber-Probe');
-    return response;
-  } catch {
-    // Headers are immutable — rebuild with mutable headers.
-    return new Response(response.body, {
-      status: response.status,
-      statusText: response.statusText,
-      headers: new Headers(response.headers),
-    });
-  }
 }