npm - alepha - Versions diffs - 0.14.4 → 0.15.0 - Mend

alepha 0.14.4 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (277) hide show

package/README.md +1 -4
package/dist/api/audits/index.d.ts +619 -731
package/dist/api/audits/index.d.ts.map +1 -1
package/dist/api/files/index.d.ts +185 -298
package/dist/api/files/index.d.ts.map +1 -1
package/dist/api/files/index.js +0 -1
package/dist/api/files/index.js.map +1 -1
package/dist/api/jobs/index.d.ts +245 -356
package/dist/api/jobs/index.d.ts.map +1 -1
package/dist/api/notifications/index.d.ts +238 -350
package/dist/api/notifications/index.d.ts.map +1 -1
package/dist/api/parameters/index.d.ts +499 -611
package/dist/api/parameters/index.d.ts.map +1 -1
package/dist/api/users/index.browser.js +1 -2
package/dist/api/users/index.browser.js.map +1 -1
package/dist/api/users/index.d.ts +1697 -1804
package/dist/api/users/index.d.ts.map +1 -1
package/dist/api/users/index.js +178 -151
package/dist/api/users/index.js.map +1 -1
package/dist/api/verifications/index.d.ts +132 -132
package/dist/api/verifications/index.d.ts.map +1 -1
package/dist/batch/index.d.ts +122 -122
package/dist/batch/index.d.ts.map +1 -1
package/dist/batch/index.js +1 -2
package/dist/batch/index.js.map +1 -1
package/dist/bucket/index.d.ts +163 -163
package/dist/bucket/index.d.ts.map +1 -1
package/dist/cache/core/index.d.ts +46 -46
package/dist/cache/core/index.d.ts.map +1 -1
package/dist/cache/redis/index.d.ts.map +1 -1
package/dist/cli/index.d.ts +302 -299
package/dist/cli/index.d.ts.map +1 -1
package/dist/cli/index.js +966 -564
package/dist/cli/index.js.map +1 -1
package/dist/command/index.d.ts +303 -299
package/dist/command/index.d.ts.map +1 -1
package/dist/command/index.js +11 -7
package/dist/command/index.js.map +1 -1
package/dist/core/index.browser.js +419 -99
package/dist/core/index.browser.js.map +1 -1
package/dist/core/index.d.ts +718 -625
package/dist/core/index.d.ts.map +1 -1
package/dist/core/index.js +420 -99
package/dist/core/index.js.map +1 -1
package/dist/core/index.native.js +419 -99
package/dist/core/index.native.js.map +1 -1
package/dist/datetime/index.d.ts +44 -44
package/dist/datetime/index.d.ts.map +1 -1
package/dist/datetime/index.js +4 -4
package/dist/datetime/index.js.map +1 -1
package/dist/email/index.d.ts +97 -50
package/dist/email/index.d.ts.map +1 -1
package/dist/email/index.js +129 -33
package/dist/email/index.js.map +1 -1
package/dist/fake/index.d.ts +7981 -14
package/dist/fake/index.d.ts.map +1 -1
package/dist/file/index.d.ts +523 -390
package/dist/file/index.d.ts.map +1 -1
package/dist/file/index.js +253 -1
package/dist/file/index.js.map +1 -1
package/dist/lock/core/index.d.ts +208 -208
package/dist/lock/core/index.d.ts.map +1 -1
package/dist/lock/redis/index.d.ts.map +1 -1
package/dist/logger/index.d.ts +25 -26
package/dist/logger/index.d.ts.map +1 -1
package/dist/mcp/index.d.ts +197 -197
package/dist/mcp/index.d.ts.map +1 -1
package/dist/orm/chunk-DtkW-qnP.js +38 -0
package/dist/orm/index.browser.js.map +1 -1
package/dist/orm/index.bun.js +2814 -0
package/dist/orm/index.bun.js.map +1 -0
package/dist/orm/index.d.ts +1205 -1057
package/dist/orm/index.d.ts.map +1 -1
package/dist/orm/index.js +2056 -1753
package/dist/orm/index.js.map +1 -1
package/dist/queue/core/index.d.ts +248 -248
package/dist/queue/core/index.d.ts.map +1 -1
package/dist/queue/redis/index.d.ts.map +1 -1
package/dist/redis/index.bun.js +285 -0
package/dist/redis/index.bun.js.map +1 -0
package/dist/redis/index.d.ts +118 -136
package/dist/redis/index.d.ts.map +1 -1
package/dist/redis/index.js +18 -38
package/dist/redis/index.js.map +1 -1
package/dist/retry/index.d.ts +69 -69
package/dist/retry/index.d.ts.map +1 -1
package/dist/router/index.d.ts +6 -6
package/dist/router/index.d.ts.map +1 -1
package/dist/scheduler/index.d.ts +25 -25
package/dist/scheduler/index.d.ts.map +1 -1
package/dist/security/index.browser.js +5 -1
package/dist/security/index.browser.js.map +1 -1
package/dist/security/index.d.ts +417 -254
package/dist/security/index.d.ts.map +1 -1
package/dist/security/index.js +386 -86
package/dist/security/index.js.map +1 -1
package/dist/server/auth/index.d.ts +277 -277
package/dist/server/auth/index.d.ts.map +1 -1
package/dist/server/auth/index.js +20 -20
package/dist/server/auth/index.js.map +1 -1
package/dist/server/cache/index.d.ts +60 -57
package/dist/server/cache/index.d.ts.map +1 -1
package/dist/server/cache/index.js +1 -1
package/dist/server/cache/index.js.map +1 -1
package/dist/server/compress/index.d.ts +3 -3
package/dist/server/compress/index.d.ts.map +1 -1
package/dist/server/cookies/index.d.ts +6 -6
package/dist/server/cookies/index.d.ts.map +1 -1
package/dist/server/cookies/index.js +3 -3
package/dist/server/cookies/index.js.map +1 -1
package/dist/server/core/index.d.ts +242 -150
package/dist/server/core/index.d.ts.map +1 -1
package/dist/server/core/index.js +288 -122
package/dist/server/core/index.js.map +1 -1
package/dist/server/cors/index.d.ts +11 -12
package/dist/server/cors/index.d.ts.map +1 -1
package/dist/server/health/index.d.ts +0 -1
package/dist/server/health/index.d.ts.map +1 -1
package/dist/server/helmet/index.d.ts +2 -2
package/dist/server/helmet/index.d.ts.map +1 -1
package/dist/server/links/index.browser.js.map +1 -1
package/dist/server/links/index.d.ts +84 -85
package/dist/server/links/index.d.ts.map +1 -1
package/dist/server/links/index.js +1 -2
package/dist/server/links/index.js.map +1 -1
package/dist/server/metrics/index.d.ts.map +1 -1
package/dist/server/multipart/index.d.ts +6 -6
package/dist/server/multipart/index.d.ts.map +1 -1
package/dist/server/proxy/index.d.ts +102 -103
package/dist/server/proxy/index.d.ts.map +1 -1
package/dist/server/rate-limit/index.d.ts +16 -16
package/dist/server/rate-limit/index.d.ts.map +1 -1
package/dist/server/static/index.d.ts +44 -44
package/dist/server/static/index.d.ts.map +1 -1
package/dist/server/swagger/index.d.ts +48 -49
package/dist/server/swagger/index.d.ts.map +1 -1
package/dist/server/swagger/index.js +1 -2
package/dist/server/swagger/index.js.map +1 -1
package/dist/sms/index.d.ts +13 -11
package/dist/sms/index.d.ts.map +1 -1
package/dist/sms/index.js +7 -7
package/dist/sms/index.js.map +1 -1
package/dist/thread/index.d.ts +71 -72
package/dist/thread/index.d.ts.map +1 -1
package/dist/topic/core/index.d.ts +318 -318
package/dist/topic/core/index.d.ts.map +1 -1
package/dist/topic/redis/index.d.ts +6 -6
package/dist/topic/redis/index.d.ts.map +1 -1
package/dist/vite/index.d.ts +5720 -159
package/dist/vite/index.d.ts.map +1 -1
package/dist/vite/index.js +41 -18
package/dist/vite/index.js.map +1 -1
package/dist/websocket/index.browser.js +6 -6
package/dist/websocket/index.browser.js.map +1 -1
package/dist/websocket/index.d.ts +247 -247
package/dist/websocket/index.d.ts.map +1 -1
package/dist/websocket/index.js +6 -6
package/dist/websocket/index.js.map +1 -1
package/package.json +9 -14
package/src/api/files/controllers/AdminFileStatsController.ts +0 -1
package/src/api/users/atoms/realmAuthSettingsAtom.ts +5 -0
package/src/api/users/controllers/{UserRealmController.ts → RealmController.ts} +11 -11
package/src/api/users/entities/users.ts +1 -1
package/src/api/users/index.ts +8 -8
package/src/api/users/primitives/{$userRealm.ts → $realm.ts} +17 -19
package/src/api/users/providers/{UserRealmProvider.ts → RealmProvider.ts} +26 -30
package/src/api/users/schemas/{userRealmConfigSchema.ts → realmConfigSchema.ts} +2 -2
package/src/api/users/services/CredentialService.ts +7 -7
package/src/api/users/services/IdentityService.ts +4 -4
package/src/api/users/services/RegistrationService.spec.ts +25 -27
package/src/api/users/services/RegistrationService.ts +38 -27
package/src/api/users/services/SessionCrudService.ts +3 -3
package/src/api/users/services/SessionService.spec.ts +3 -3
package/src/api/users/services/SessionService.ts +28 -9
package/src/api/users/services/UserService.ts +7 -7
package/src/batch/providers/BatchProvider.ts +1 -2
package/src/cli/apps/AlephaPackageBuilderCli.ts +38 -19
package/src/cli/assets/apiHelloControllerTs.ts +18 -0
package/src/cli/assets/apiIndexTs.ts +16 -0
package/src/cli/assets/claudeMd.ts +303 -0
package/src/cli/assets/mainBrowserTs.ts +2 -2
package/src/cli/assets/mainServerTs.ts +24 -0
package/src/cli/assets/webAppRouterTs.ts +15 -0
package/src/cli/assets/webHelloComponentTsx.ts +16 -0
package/src/cli/assets/webIndexTs.ts +16 -0
package/src/cli/commands/build.ts +41 -21
package/src/cli/commands/db.ts +21 -18
package/src/cli/commands/deploy.ts +17 -5
package/src/cli/commands/dev.ts +13 -17
package/src/cli/commands/format.ts +8 -2
package/src/cli/commands/init.ts +74 -29
package/src/cli/commands/lint.ts +8 -2
package/src/cli/commands/test.ts +8 -2
package/src/cli/commands/typecheck.ts +5 -1
package/src/cli/commands/verify.ts +4 -2
package/src/cli/services/AlephaCliUtils.ts +39 -600
package/src/cli/services/PackageManagerUtils.ts +301 -0
package/src/cli/services/ProjectScaffolder.ts +306 -0
package/src/command/helpers/Runner.ts +15 -3
package/src/core/__tests__/Alepha-graph.spec.ts +4 -0
package/src/core/index.shared.ts +1 -0
package/src/core/index.ts +2 -0
package/src/core/primitives/$hook.ts +6 -2
package/src/core/primitives/$module.spec.ts +4 -0
package/src/core/providers/AlsProvider.ts +1 -1
package/src/core/providers/CodecManager.spec.ts +12 -6
package/src/core/providers/CodecManager.ts +26 -6
package/src/core/providers/EventManager.ts +169 -13
package/src/core/providers/KeylessJsonSchemaCodec.spec.ts +621 -0
package/src/core/providers/KeylessJsonSchemaCodec.ts +407 -0
package/src/core/providers/StateManager.spec.ts +27 -16
package/src/email/providers/LocalEmailProvider.spec.ts +111 -87
package/src/email/providers/LocalEmailProvider.ts +52 -15
package/src/email/providers/NodemailerEmailProvider.ts +167 -56
package/src/file/errors/FileError.ts +7 -0
package/src/file/index.ts +9 -1
package/src/file/providers/MemoryFileSystemProvider.ts +393 -0
package/src/orm/index.browser.ts +1 -19
package/src/orm/index.bun.ts +77 -0
package/src/orm/index.shared-server.ts +22 -0
package/src/orm/index.shared.ts +15 -0
package/src/orm/index.ts +19 -39
package/src/orm/providers/drivers/BunPostgresProvider.ts +3 -5
package/src/orm/providers/drivers/BunSqliteProvider.ts +1 -1
package/src/orm/providers/drivers/CloudflareD1Provider.ts +4 -0
package/src/orm/providers/drivers/DatabaseProvider.ts +4 -0
package/src/orm/providers/drivers/PglitePostgresProvider.ts +4 -0
package/src/orm/services/Repository.ts +8 -0
package/src/redis/index.bun.ts +35 -0
package/src/redis/providers/BunRedisProvider.ts +12 -43
package/src/redis/providers/BunRedisSubscriberProvider.ts +2 -3
package/src/redis/providers/NodeRedisProvider.ts +16 -34
package/src/{server/security → security}/__tests__/BasicAuth.spec.ts +11 -11
package/src/{server/security → security}/__tests__/ServerSecurityProvider-realm.spec.ts +21 -16
package/src/{server/security/providers → security/__tests__}/ServerSecurityProvider.spec.ts +5 -5
package/src/security/index.browser.ts +5 -0
package/src/security/index.ts +90 -7
package/src/security/primitives/{$realm.spec.ts → $issuer.spec.ts} +11 -11
package/src/security/primitives/{$realm.ts → $issuer.ts} +20 -17
package/src/security/primitives/$role.ts +5 -5
package/src/security/primitives/$serviceAccount.spec.ts +5 -5
package/src/security/primitives/$serviceAccount.ts +3 -3
package/src/{server/security → security}/providers/ServerSecurityProvider.ts +5 -7
package/src/server/auth/primitives/$auth.ts +10 -10
package/src/server/auth/primitives/$authCredentials.ts +3 -3
package/src/server/auth/primitives/$authGithub.ts +3 -3
package/src/server/auth/primitives/$authGoogle.ts +3 -3
package/src/server/auth/providers/ServerAuthProvider.ts +13 -13
package/src/server/cache/providers/ServerCacheProvider.ts +1 -1
package/src/server/cookies/providers/ServerCookiesProvider.ts +3 -3
package/src/server/core/providers/NodeHttpServerProvider.ts +25 -6
package/src/server/core/providers/ServerBodyParserProvider.ts +19 -23
package/src/server/core/providers/ServerLoggerProvider.ts +23 -19
package/src/server/core/providers/ServerProvider.ts +144 -21
package/src/server/core/providers/ServerRouterProvider.ts +259 -115
package/src/server/core/providers/ServerTimingProvider.ts +2 -2
package/src/server/links/index.ts +1 -1
package/src/server/links/providers/LinkProvider.ts +1 -1
package/src/server/swagger/index.ts +1 -1
package/src/sms/providers/LocalSmsProvider.spec.ts +153 -111
package/src/sms/providers/LocalSmsProvider.ts +8 -7
package/src/vite/helpers/boot.ts +28 -17
package/src/vite/tasks/buildServer.ts +12 -1
package/src/vite/tasks/devServer.ts +3 -1
package/src/vite/tasks/generateCloudflare.ts +7 -0
package/dist/server/security/index.browser.js +0 -13
package/dist/server/security/index.browser.js.map +0 -1
package/dist/server/security/index.d.ts +0 -173
package/dist/server/security/index.d.ts.map +0 -1
package/dist/server/security/index.js +0 -311
package/dist/server/security/index.js.map +0 -1
package/src/cli/assets/appRouterTs.ts +0 -9
package/src/cli/assets/mainTs.ts +0 -13
package/src/server/security/index.browser.ts +0 -10
package/src/server/security/index.ts +0 -94
/package/src/{server/security → security}/primitives/$basicAuth.ts +0 -0
/package/src/{server/security → security}/providers/ServerBasicAuthProvider.ts +0 -0

package/src/server/cookies/providers/ServerCookiesProvider.ts CHANGED Viewed

@@ -48,7 +48,7 @@ export class ServerCookiesProvider {
   public readonly onRequest = $hook({
     on: "server:onRequest",
-    handler: async ({ request }) => {
+    handler: ({ request }) => {
       request.cookies = {
         req: this.cookieParser.parseRequestCookies(
           request.headers.cookie ?? "",
@@ -60,7 +60,7 @@ export class ServerCookiesProvider {
   public readonly onAction = $hook({
     on: "action:onRequest",
-    handler: async ({ request }) => {
+    handler: ({ request }) => {
       request.cookies = {
         req: this.cookieParser.parseRequestCookies(
           request.headers.cookie ?? "",
@@ -72,7 +72,7 @@ export class ServerCookiesProvider {
   public readonly onSend = $hook({
     on: "server:onSend",
-    handler: async ({ request }) => {
+    handler: ({ request }) => {
       if (request.cookies && Object.keys(request.cookies.res).length > 0) {
         const setCookieHeaders = this.cookieParser.serializeResponseCookies(
           request.cookies.res,

package/src/server/core/providers/NodeHttpServerProvider.ts CHANGED Viewed

@@ -44,13 +44,32 @@ export class NodeHttpServerProvider extends ServerProvider {
     return `http://${this.env.SERVER_HOST}:${this.env.SERVER_PORT}`;
   }
+  // Pre-bound error handler to avoid function allocation per request
+  protected readonly handleRequestError = (
+    res: import("node:http").ServerResponse,
+    err: Error,
+  ) => {
+    this.log.error("Error handling request", err);
+    res.statusCode = 500;
+    res.end("Internal Server Error");
+  };
+  // P3: Pre-allocated event object to avoid { req, res } allocation per request
+  // Safe because handleNodeRequest completes before the next request reuses this object
+  protected readonly nodeRequestEvent = {
+    req: null as unknown as IncomingMessage,
+    res: null as unknown as ServerResponse,
+  };
   public readonly server = this.createHttpServer((req, res) => {
-    this.log.trace(`Incoming Node.js message -> ${req.url}`);
-    this.handleNodeRequest({ req, res }).catch((err) => {
-      this.log.error("Error handling request", err);
-      res.statusCode = 500;
-      res.end("Internal Server Error");
-    });
+    // Reuse pre-allocated event object instead of creating { req, res } per request
+    const ev = this.nodeRequestEvent;
+    ev.req = req;
+    ev.res = res;
+    // Note: handleNodeRequest returns a promise that resolves after response is sent
+    this.handleNodeRequest(ev).catch((err) =>
+      this.handleRequestError(res, err),
+    );
   });
   public readonly start = $hook({

package/src/server/core/providers/ServerBodyParserProvider.ts CHANGED Viewed

@@ -24,7 +24,7 @@ export class ServerBodyParserProvider {
   public readonly onRequest = $hook({
     on: "server:onRequest",
-    handler: async ({ route, request }) => {
+    handler: ({ route, request }) => {
       if (request.body) {
         return; // already parsed
       }
@@ -46,28 +46,24 @@ export class ServerBodyParserProvider {
       }
       if (route.schema?.body) {
-        try {
-          const body = await this.parse(
-            stream,
-            request.headers,
-            route.schema.body,
-          );
-          if (body) {
-            request.body = body;
-          }
-        } catch (error) {
-          if (error instanceof HttpError) {
-            throw error;
-          }
-          throw new HttpError(
-            {
-              status: 400,
-              message: "Failed to parse request body",
-            },
-            error,
-          );
-        }
+        return this.parse(stream, request.headers, route.schema.body)
+          .then((body) => {
+            if (body) {
+              request.body = body;
+            }
+          })
+          .catch((error) => {
+            if (error instanceof HttpError) {
+              throw error;
+            }
+            throw new HttpError(
+              {
+                status: 400,
+                message: "Failed to parse request body",
+              },
+              error,
+            );
+          });
       }
     },
   });

package/src/server/core/providers/ServerLoggerProvider.ts CHANGED Viewed

@@ -9,24 +9,26 @@ export class ServerLoggerProvider {
     on: "server:onRequest",
     priority: "first",
     handler: ({ route, request }) => {
-      if (!route.silent) {
-        request.metadata.now = Date.now();
-        const data: Record<string, string> = {
-          method: request.method,
-          path: request.url.pathname,
-        };
-        if (this.alepha.isProduction()) {
-          data.agent = request.headers["user-agent"];
-          const ip = request.ip;
-          if (ip) {
-            data.ip = ip;
-          }
-        }
+      if (route.silent) {
+        return;
+      }
+      request.metadata.now = Date.now();
+      const data: Record<string, string> = {
+        method: request.method,
+        path: request.url.pathname,
+      };
-        this.log.info("Incoming request", data);
+      if (this.alepha.isProduction()) {
+        data.agent = request.headers["user-agent"];
+        const ip = request.ip;
+        if (ip) {
+          data.ip = ip;
+        }
       }
+      this.log.info("Incoming request", data);
     },
   });
@@ -42,10 +44,12 @@ export class ServerLoggerProvider {
     on: "server:onResponse",
     priority: "last",
     handler: ({ route, request, response }) => {
-      if (!route.silent) {
-        const ms = Date.now() - request.metadata.now;
-        this.log.info("Request completed", { status: response.status, ms });
+      if (route.silent) {
+        return;
       }
+      const ms = Date.now() - request.metadata.now;
+      this.log.info("Request completed", { status: response.status, ms });
     },
   });
 }

package/src/server/core/providers/ServerProvider.ts CHANGED Viewed

@@ -11,6 +11,21 @@ import type {
 } from "../interfaces/ServerRequest.ts";
 import { ServerRouterProvider } from "./ServerRouterProvider.ts";
+// ============================================================================
+// Performance Constants
+// ============================================================================
+// Note: We cannot use frozen/shared empty objects here because downstream code
+// may mutate params/query (e.g., validation, React page rendering)
+// Header constants for fast property access
+const HEADER_X_FORWARDED_PROTO = "x-forwarded-proto";
+const HEADER_HOST = "host";
+// Protocol prefixes
+const PROTO_HTTPS = "https://";
+const PROTO_HTTP = "http://";
 /**
  * Base server provider to handle incoming requests and route them.
  *
@@ -26,6 +41,113 @@ export class ServerProvider {
   protected readonly internalServerErrorMessage = "Internal Server Error";
+  // Pre-allocated error response to avoid object creation per failed request
+  protected readonly internalErrorResponse = Object.freeze({
+    status: 500,
+    headers: Object.freeze({ "content-type": "text/plain" }),
+    body: this.internalServerErrorMessage,
+  });
+  // Pre-bound error handler to avoid function allocation per request
+  protected readonly handleInternalError = () => this.internalErrorResponse;
+  // ============================================================================
+  // P1: URL Base Cache - cache protocol+host per unique host header
+  // Avoids string concatenation on every request
+  // ============================================================================
+  protected readonly urlBaseCache = new Map<string, string>();
+  /**
+   * Get cached URL base (protocol + host) for a given host header.
+   * Caches the result to avoid repeated string concatenation.
+   */
+  protected getUrlBase(headers: Record<string, string>): string {
+    const host = headers[HEADER_HOST];
+    let base = this.urlBaseCache.get(host);
+    if (!base) {
+      const proto =
+        headers[HEADER_X_FORWARDED_PROTO] === "https"
+          ? PROTO_HTTPS
+          : PROTO_HTTP;
+      base = proto + host;
+      // Limit cache size to prevent memory leaks from many unique hosts
+      if (this.urlBaseCache.size < 100) {
+        this.urlBaseCache.set(host, base);
+      }
+    }
+    return base;
+  }
+  // ============================================================================
+  // P0: Manual Query String Parser - faster than URLSearchParams
+  // Parses query string without creating URL object
+  // ============================================================================
+  /**
+   * Parse query string manually - faster than new URL() + URLSearchParams.
+   * Returns empty object if no query string.
+   */
+  protected parseQueryString(rawUrl: string): Record<string, string> {
+    const qIndex = rawUrl.indexOf("?");
+    if (qIndex === -1) {
+      return {};
+    }
+    const qs = rawUrl.slice(qIndex + 1);
+    if (!qs) {
+      return {};
+    }
+    const query: Record<string, string> = {};
+    let start = 0;
+    let eqIdx = -1;
+    for (let i = 0; i <= qs.length; i++) {
+      const char = i < qs.length ? qs.charCodeAt(i) : 38; // '&' at end
+      if (char === 61) {
+        // '='
+        eqIdx = i;
+      } else if (char === 38) {
+        // '&'
+        if (eqIdx !== -1 && eqIdx > start) {
+          const key = qs.slice(start, eqIdx);
+          const value = qs.slice(eqIdx + 1, i);
+          // Only decode if necessary (contains % or +)
+          query[this.fastDecode(key)] = this.fastDecode(value);
+        }
+        start = i + 1;
+        eqIdx = -1;
+      }
+    }
+    return query;
+  }
+  /**
+   * Fast decode - only calls decodeURIComponent if needed.
+   */
+  protected fastDecode(str: string): string {
+    // Fast path: no encoding needed
+    if (str.indexOf("%") === -1 && str.indexOf("+") === -1) {
+      return str;
+    }
+    // Replace + with space before decoding
+    try {
+      return decodeURIComponent(str.replace(/\+/g, " "));
+    } catch {
+      return str;
+    }
+  }
+  /**
+   * Extract pathname from URL without creating URL object.
+   */
+  protected getPathname(rawUrl: string): string {
+    const qIndex = rawUrl.indexOf("?");
+    return qIndex === -1 ? rawUrl : rawUrl.slice(0, qIndex);
+  }
   public get hostname(): string {
     if (this.alepha.isViteDev()) {
       return `http://localhost:${this.alepha.env.SERVER_PORT}`;
@@ -54,15 +176,16 @@ export class ServerProvider {
   /**
    * Handle Node.js HTTP request event.
    *
-   * Technically, we just convert Node.js request to Web Standard Request.
+   * Optimized to avoid expensive URL parsing when possible.
    */
   public async handleNodeRequest(
     nodeRequestEvent: NodeRequestEvent,
   ): Promise<void> {
     const { req, res } = nodeRequestEvent;
-    const { route, params } = this.router.match(`/${req.method}${req.url}`);
+    const rawUrl = req.url!;
+    const { route, params } = this.router.match(`/${req.method}${rawUrl}`);
-    if (this.isViteNotFound(req.url, route, params)) {
+    if (this.isViteNotFound(rawUrl, route, params)) {
       return;
     }
@@ -75,11 +198,16 @@ export class ServerProvider {
     }
     const headers = (req.headers ?? {}) as Record<string, string>;
-    const proto = headers["x-forwarded-proto"] === "https" ? "https" : "http";
-    const url = new URL(`${proto}://${headers.host}${req.url}`);
-    const query = Object.fromEntries(url.searchParams.entries());
     const method = (req.method?.toUpperCase() ?? "GET") as RouteMethod;
+    // P0: Use manual query parsing - much faster than new URL() + URLSearchParams
+    const query = this.parseQueryString(rawUrl);
+    // P1: Use cached URL base - avoids string concat on every request
+    // Create URL object (still needed for downstream code that uses url.pathname, etc.)
+    const urlBase = this.getUrlBase(headers);
+    const url = new URL(rawUrl, urlBase);
     const request: ServerRequestData = {
       method,
       url,
@@ -89,13 +217,9 @@ export class ServerProvider {
       raw: { node: nodeRequestEvent },
     };
-    const response = await route.handler(request).catch(() => {
-      return {
-        status: 500,
-        headers: { "content-type": "text/plain" },
-        body: this.internalServerErrorMessage,
-      };
-    });
+    const response = await route
+      .handler(request)
+      .catch(this.handleInternalError);
     // empty body - just send status & headers
     if (!response.body) {
@@ -175,7 +299,10 @@ export class ServerProvider {
       headers[key] = value;
     });
-    const query = Object.fromEntries(url.searchParams.entries());
+    // Optimize: only parse query params if there are any
+    const query = url.search
+      ? Object.fromEntries(url.searchParams.entries())
+      : {};
     const method = (req.method.toUpperCase() ?? "GET") as RouteMethod;
     const request: ServerRequestData = {
       method,
@@ -186,13 +313,9 @@ export class ServerProvider {
       raw: { web: ev },
     };
-    const response = await route.handler(request).catch(() => {
-      return {
-        status: 500,
-        headers: { "content-type": "text/plain" },
-        body: this.internalServerErrorMessage,
-      };
-    });
+    const response = await route
+      .handler(request)
+      .catch(this.handleInternalError);
     // empty body - just send status & headers
     if (!response.body) {