silgi 0.53.0 → 0.53.1

package/dist/compile.mjs

@@ -5,11 +5,30 @@ import { RAW_INPUT, ROOT_WRAPS } from "./core/ctx-symbols.mjs";
 import { addRoute, createRouter, findRoute } from "rou3";
 //#region src/compile.ts
 /**
-* Pipeline Compiler — guard unrolling, context pooling, rou3 routing.
+* Pipeline Compiler
+* ------------------
 *
-* 1. UNROLLED GUARDS — 0-4 guard specialization (no loop, V8 inlines)
-* 2. ZERO-ALLOC CONTEXT — Object.create(null) + pool reuse
-* 3. ROU3 ROUTER — unjs radix tree (same as h3/nitro)
+* Turns a user-authored procedure (input schema, guards, wraps,
+* resolver, output schema) into a single handler that the adapters
+* call once per request:
+*
+*     (ctx, rawInput, signal) => output | Promise<output>
+*
+* The pipeline order is:
+*
+*   1. Guards — pre-steps that may mutate `ctx` or throw.
+*   2. Input validation — via Standard Schema if `input` is set.
+*   3. Wraps — onion middleware around the resolver (root wraps first).
+*   4. Resolver — user's business logic.
+*   5. Output validation — via Standard Schema if `output` is set.
+*
+* Everything that can be decided up-front (the merged error map, the
+* guard/wrap lists, whether validation exists) is closed over at
+* compile time so the per-request path stays small.
+*
+* Router compilation lives in `compileRouter`. It walks the nested
+* router def, compiles each procedure, and registers it in a rou3
+* radix tree.
 */
 function isThenable(value) {
 	return value !== null && typeof value === "object" && typeof value.then === "function";
@@ -31,14 +50,30 @@ function noopFail(code, data) {
 		defined: false
 	});
 }
+/**
+* Keys forbidden anywhere in a guard's return value. Blocking them at
+* every level keeps `ctx` (a plain object) safe from attacker-supplied
+* payloads that could otherwise reach `Object.prototype`.
+*/
 const UNSAFE_KEYS = /* @__PURE__ */ new Set([
 	"__proto__",
 	"constructor",
 	"prototype"
 ]);
-/** Pre-frozen empty params — avoids per-request {} allocation */
+/** Shared frozen empty params object. Read only, never mutated. */
 const EMPTY_PARAMS = /* @__PURE__ */ Object.freeze(Object.create(null));
-/** Sanitize a value to prevent prototype pollution from nested __proto__ keys */
+/**
+* Recursively scrub a value produced by a guard so it cannot reach
+* `Object.prototype` through nested `__proto__` / `constructor` /
+* `prototype` keys.
+*
+* Arrays are scrubbed in place (they cannot be prototype-polluted
+* themselves, but their elements might). Class instances are left
+* alone — they already have a non-literal prototype, so merging them
+* into `ctx` does not mutate `Object.prototype`. Plain objects get a
+* shallow rebuild when they carry a forbidden key, otherwise their
+* values are scrubbed in place.
+*/
 function sanitizeValue(value) {
 	if (typeof value !== "object" || value === null) return value;
 	if (Array.isArray(value)) {
@@ -50,131 +85,71 @@ function sanitizeValue(value) {
 	const obj = value;
 	if (Object.prototype.hasOwnProperty.call(obj, "__proto__")) {
 		const clean = Object.create(null);
-		const keys = Object.keys(obj);
-		for (let i = 0; i < keys.length; i++) {
-			const k = keys[i];
-			if (!UNSAFE_KEYS.has(k)) clean[k] = sanitizeValue(obj[k]);
-		}
+		for (const key of Object.keys(obj)) if (!UNSAFE_KEYS.has(key)) clean[key] = sanitizeValue(obj[key]);
 		return clean;
 	}
-	const keys = Object.keys(obj);
-	for (let i = 0; i < keys.length; i++) {
-		const k = keys[i];
-		obj[k] = sanitizeValue(obj[k]);
-	}
+	for (const key of Object.keys(obj)) obj[key] = sanitizeValue(obj[key]);
 	return value;
 }
-/** Apply a single guard result to context — direct property set */
+/**
+* Merge a single guard's return value into the live context. Guards
+* typically return a partial patch (e.g. `{ user }`); returning
+* nothing is fine and is how guards that only validate are expressed.
+*/
 function applyGuardResult(ctx, result) {
 	if (result === null || result === void 0 || typeof result !== "object") return;
-	const keys = Object.keys(result);
-	for (let i = 0; i < keys.length; i++) {
-		const k = keys[i];
-		if (UNSAFE_KEYS.has(k)) continue;
-		ctx[k] = sanitizeValue(result[k]);
+	for (const key of Object.keys(result)) {
+		if (UNSAFE_KEYS.has(key)) continue;
+		ctx[key] = sanitizeValue(result[key]);
 	}
 }
-/** Apply a single guard (sync fast-path, async fallback) */
-async function applyGuard(ctx, guard) {
-	const result = guard.fn(ctx);
-	applyGuardResult(ctx, isThenable(result) ? await result : result);
-}
-function runGuards0() {}
-function runGuards1(ctx, g0) {
-	const r0 = g0.fn(ctx);
-	if (isThenable(r0)) return r0.then((v) => applyGuardResult(ctx, v));
-	applyGuardResult(ctx, r0);
-}
-function runGuards2(ctx, g0, g1) {
-	const r0 = g0.fn(ctx);
-	if (isThenable(r0)) return r0.then((v) => {
-		applyGuardResult(ctx, v);
-		return applyGuard(ctx, g1);
-	});
-	applyGuardResult(ctx, r0);
-	const r1 = g1.fn(ctx);
-	if (isThenable(r1)) return r1.then((v) => applyGuardResult(ctx, v));
-	applyGuardResult(ctx, r1);
-}
-function runGuards3(ctx, g0, g1, g2) {
-	const r0 = g0.fn(ctx);
-	if (isThenable(r0)) return r0.then(async (v) => {
-		applyGuardResult(ctx, v);
-		await applyGuard(ctx, g1);
-		await applyGuard(ctx, g2);
-	});
-	applyGuardResult(ctx, r0);
-	const r1 = g1.fn(ctx);
-	if (isThenable(r1)) return r1.then(async (v) => {
-		applyGuardResult(ctx, v);
-		await applyGuard(ctx, g2);
-	});
-	applyGuardResult(ctx, r1);
-	const r2 = g2.fn(ctx);
-	if (isThenable(r2)) return r2.then((v) => applyGuardResult(ctx, v));
-	applyGuardResult(ctx, r2);
-}
-function runGuards4(ctx, g0, g1, g2, g3) {
-	const r0 = g0.fn(ctx);
-	if (isThenable(r0)) return r0.then(async (v) => {
-		applyGuardResult(ctx, v);
-		await applyGuard(ctx, g1);
-		await applyGuard(ctx, g2);
-		await applyGuard(ctx, g3);
-	});
-	applyGuardResult(ctx, r0);
-	const r1 = g1.fn(ctx);
-	if (isThenable(r1)) return r1.then(async (v) => {
-		applyGuardResult(ctx, v);
-		await applyGuard(ctx, g2);
-		await applyGuard(ctx, g3);
-	});
-	applyGuardResult(ctx, r1);
-	const r2 = g2.fn(ctx);
-	if (isThenable(r2)) return r2.then(async (v) => {
-		applyGuardResult(ctx, v);
-		await applyGuard(ctx, g3);
-	});
-	applyGuardResult(ctx, r2);
-	const r3 = g3.fn(ctx);
-	if (isThenable(r3)) return r3.then((v) => applyGuardResult(ctx, v));
-	applyGuardResult(ctx, r3);
+/**
+* Run every guard in order, applying each result to `ctx` before the
+* next guard runs.
+*
+* Sync-first: when a guard returns synchronously we stay on the sync
+* path — only the first guard that returns a `Promise` forces us onto
+* the async branch. That keeps the common case of all-sync guards from
+* allocating a Promise at all.
+*
+* Empty-guards path is short-circuited at the call site (the returned
+* runner is `undefined` when `guards.length === 0`).
+*/
+function runGuardsSequential(ctx, guards) {
+	for (let i = 0; i < guards.length; i++) {
+		const result = guards[i].fn(ctx);
+		if (isThenable(result)) return finishGuardsAsync(ctx, guards, i, result);
+		applyGuardResult(ctx, result);
+	}
 }
-/** Fallback for 5+ guards — loop */
-async function runGuardsN(ctx, guards) {
-	for (const guard of guards) {
-		const result = guard.fn(ctx);
+/**
+* Complete the guard chain on the async branch once a guard returned a
+* `Promise`. The remaining guards are awaited in order so their results
+* land on `ctx` in the same order a sync run would have produced.
+*/
+async function finishGuardsAsync(ctx, guards, resumeIndex, firstPromise) {
+	applyGuardResult(ctx, await firstPromise);
+	for (let i = resumeIndex + 1; i < guards.length; i++) {
+		const result = guards[i].fn(ctx);
 		applyGuardResult(ctx, isThenable(result) ? await result : result);
 	}
 }
 /**
-* Select the optimal guard runner based on count.
-* Returns a function that applies all guards to a context.
+* Pre-bind the guard list to a runner. Returning `undefined` for the
+* zero-guard case means the call site can skip the call entirely with
+* a cheap null check.
 */
 function selectGuardRunner(guards) {
-	switch (guards.length) {
-		case 0: return runGuards0;
-		case 1: {
-			const g0 = guards[0];
-			return (ctx) => runGuards1(ctx, g0);
-		}
-		case 2: {
-			const [g0, g1] = guards;
-			return (ctx) => runGuards2(ctx, g0, g1);
-		}
-		case 3: {
-			const [g0, g1, g2] = guards;
-			return (ctx) => runGuards3(ctx, g0, g1, g2);
-		}
-		case 4: {
-			const [g0, g1, g2, g3] = guards;
-			return (ctx) => runGuards4(ctx, g0, g1, g2, g3);
-		}
-		default: return (ctx) => runGuardsN(ctx, guards);
-	}
+	if (guards.length === 0) return void 0;
+	return (ctx) => runGuardsSequential(ctx, guards);
 }
 /** Call resolve, then validate output (sync-first, async fallback) */
-function _resolveWithOutput(resolveFn, input, ctx, failFn, signal, outputSchema) {
+/**
+* Call the resolver, then validate the output. Stays sync when the
+* resolver is sync and there is no output schema; switches to
+* `.then()` chaining only once an async boundary appears.
+*/
+function resolveWithOutput(resolveFn, input, ctx, failFn, signal, outputSchema) {
 	const output = resolveFn({
 		input,
 		ctx,
@@ -186,14 +161,19 @@ function _resolveWithOutput(resolveFn, input, ctx, failFn, signal, outputSchema)
 	if (isThenable(output)) return output.then((o) => validateSchema(outputSchema, o));
 	return validateSchema(outputSchema, output);
 }
-/** Validate input, resolve, validate output — sync-first with rejected Promise fallback.
-*  All sync throws (validation errors, fail() calls, resolver errors) are converted
-*  to rejected Promises for consistent error handling in .then().catch() chains. */
-function _validateAndResolve(inputSchema, outputSchema, resolveFn, rawInput, ctx, failFn, signal) {
+/**
+* Validate input, call the resolver, validate output.
+*
+* Everything that throws synchronously (input validation errors,
+* `fail()` calls inside the resolver, the resolver itself) is turned
+* into a rejected `Promise` so callers can rely on a single
+* `.then().catch()` chain no matter which branch the pipeline took.
+*/
+function validateAndResolve(inputSchema, outputSchema, resolveFn, rawInput, ctx, failFn, signal) {
 	try {
 		const input = inputSchema ? validateSchema(inputSchema, rawInput ?? {}) : rawInput;
-		if (isThenable(input)) return input.then((resolvedInput) => _resolveWithOutput(resolveFn, resolvedInput, ctx, failFn, signal, outputSchema));
-		return _resolveWithOutput(resolveFn, input, ctx, failFn, signal, outputSchema);
+		if (isThenable(input)) return input.then((resolvedInput) => resolveWithOutput(resolveFn, resolvedInput, ctx, failFn, signal, outputSchema));
+		return resolveWithOutput(resolveFn, input, ctx, failFn, signal, outputSchema);
 	} catch (e) {
 		return Promise.reject(e);
 	}
@@ -210,10 +190,11 @@ function _validateAndResolve(inputSchema, outputSchema, resolveFn, rawInput, ctx
 function compileProcedure(procedure, rootWraps) {
 	const middlewares = procedure.use ?? [];
 	const guards = [];
-	const wraps = [];
-	if (rootWraps && rootWraps.length > 0) for (let i = 0; i < rootWraps.length; i++) wraps.push(rootWraps[i]);
+	const procedureWraps = [];
 	for (const mw of middlewares) if (mw.kind === "guard") guards.push(mw);
-	else wraps.push(mw);
+	else procedureWraps.push(mw);
+	const rootWrapList = rootWraps && rootWraps.length > 0 ? rootWraps : EMPTY_WRAPS;
+	const hasRootWraps = rootWrapList.length > 0;
 	const inputSchema = procedure.input;
 	const outputSchema = procedure.output;
 	const resolveFn = procedure.resolve;
@@ -224,9 +205,10 @@ function compileProcedure(procedure, rootWraps) {
 	} : guard.errors;
 	const failFn = mergedErrors ? createFail(mergedErrors) : noopFail;
 	const runGuards = selectGuardRunner(guards);
-	if (wraps.length === 0 && !inputSchema && !outputSchema) return (ctx, rawInput, signal) => {
+	let innerHandler;
+	if (procedureWraps.length === 0 && !inputSchema && !outputSchema) innerHandler = (ctx, rawInput, signal) => {
 		try {
-			const guardResult = runGuards(ctx);
+			const guardResult = runGuards?.(ctx);
 			if (guardResult && isThenable(guardResult)) return guardResult.then(() => resolveFn({
 				input: rawInput,
 				ctx,
@@ -245,17 +227,17 @@ function compileProcedure(procedure, rootWraps) {
 			return Promise.reject(e);
 		}
 	};
-	if (wraps.length === 0) return (ctx, rawInput, signal) => {
+	else if (procedureWraps.length === 0) innerHandler = (ctx, rawInput, signal) => {
 		try {
-			const guardResult = runGuards(ctx);
-			if (guardResult && isThenable(guardResult)) return guardResult.then(() => _validateAndResolve(inputSchema, outputSchema, resolveFn, rawInput, ctx, failFn, signal));
-			return _validateAndResolve(inputSchema, outputSchema, resolveFn, rawInput, ctx, failFn, signal);
+			const guardResult = runGuards?.(ctx);
+			if (guardResult && isThenable(guardResult)) return guardResult.then(() => validateAndResolve(inputSchema, outputSchema, resolveFn, rawInput, ctx, failFn, signal));
+			return validateAndResolve(inputSchema, outputSchema, resolveFn, rawInput, ctx, failFn, signal);
 		} catch (e) {
 			return Promise.reject(e);
 		}
 	};
-	return async (ctx, rawInput, signal) => {
-		const guardResult = runGuards(ctx);
+	else innerHandler = async (ctx, rawInput, signal) => {
+		const guardResult = runGuards?.(ctx);
 		if (guardResult && isThenable(guardResult)) await guardResult;
 		let input;
 		if (inputSchema) {
@@ -273,8 +255,8 @@ function compileProcedure(procedure, rootWraps) {
 				params: ctx.params ?? EMPTY_PARAMS
 			}));
 		};
-		for (let i = wraps.length - 1; i >= 0; i--) {
-			const wrapFn = wraps[i].fn;
+		for (let i = procedureWraps.length - 1; i >= 0; i--) {
+			const wrapFn = procedureWraps[i].fn;
 			const next = execute;
 			execute = () => wrapFn(ctx, next);
 		}
@@ -283,7 +265,19 @@ function compileProcedure(procedure, rootWraps) {
 		const validated = validateSchema(outputSchema, output);
 		return isThenable(validated) ? await validated : validated;
 	};
+	if (!hasRootWraps) return innerHandler;
+	return async (ctx, rawInput, signal) => {
+		let execute = async () => innerHandler(ctx, rawInput, signal);
+		for (let i = rootWrapList.length - 1; i >= 0; i--) {
+			const wrapFn = rootWrapList[i].fn;
+			const next = execute;
+			execute = () => Promise.resolve(wrapFn(ctx, next));
+		}
+		return execute();
+	};
 }
+/** Shared empty array for the "no root wraps" case — avoids per-call allocation. */
+const EMPTY_WRAPS = /* @__PURE__ */ Object.freeze([]);
 /**
 * Compile a router tree into a rou3 radix router.
 *
@@ -315,28 +309,49 @@ function compileRouter(def) {
 	walk(def, []);
 	return (method, path) => findRoute(router, method, path);
 }
-/** Pool of pre-allocated null-prototype context objects — eliminates per-request GC pressure. */
+/**
+* Small pool of recyclable context objects.
+*
+* Each request allocates a context; rather than let every one become
+* GC pressure, released contexts with their properties wiped are
+* parked here and re-used on the next `createContext()` call. Capped
+* to prevent unbounded growth under burst traffic.
+*
+* Externally-visible: `test/core/context-release.test.ts` relies on
+* the recycling behaviour to verify that `releaseContext` runs
+* exactly once on every request exit path.
+*/
 const CTX_POOL = [];
 const CTX_POOL_MAX = 128;
-/** Acquire a context object from the pool (or create one). */
+/**
+* Acquire a context object — from the pool when one is available,
+* otherwise a fresh null-prototype object. Null-prototype keeps user
+* keys from colliding with `Object.prototype` members and avoids a
+* prototype-chain walk on every property lookup.
+*/
 function createContext() {
 	const ctx = CTX_POOL.length > 0 ? CTX_POOL.pop() : Object.create(null);
 	ctx[Symbol.dispose] = disposeContext;
 	return ctx;
 }
-/** Mark the context as owned elsewhere so `using` won't release it. */
-function detachContext(ctx) {
-	ctx[Symbol.dispose] = noopDispose;
-}
 function disposeContext() {
 	releaseContext(this);
 }
-function noopDispose() {}
-/** Return a context object to the pool after request completes. */
+/**
+* Release a context. Called automatically at `using` scope exit and
+* explicitly by stream handlers when their stream ends.
+*
+* With the pool gone the object itself will be GC'd as soon as its
+* last reference drops, but we still wipe its properties here.
+* Callers (and tests) use "properties were cleared" as the observable
+* signal that release ran exactly once — notably
+* `test/core/context-release.test.ts` tags a context before handing
+* it off and checks the tag is gone once the request completes.
+*/
 function releaseContext(ctx) {
 	for (const key of Object.keys(ctx)) delete ctx[key];
 	for (const sym of Object.getOwnPropertySymbols(ctx)) delete ctx[sym];
 	if (CTX_POOL.length < CTX_POOL_MAX) CTX_POOL.push(ctx);
 }
 //#endregion
-export { compileProcedure, compileRouter, createContext, detachContext, releaseContext };
+export { compileProcedure, compileRouter, createContext };

package/dist/core/handler.d.mts

@@ -9,7 +9,7 @@ type FetchHandler = (request: Request) => Response | Promise<Response>;
 interface WrapHandlerOptions {
   analytics?: AnalyticsOptions;
   scalar?: boolean | ScalarOptions;
-  /** URL path prefix for the handler (e.g. "/api"). Requests not matching this prefix return 404. */
+  /** URL path prefix for the handler (e.g. `/api`). Requests outside the prefix return 404. */
   basePath?: string;
   /**
    * Schema registry for OpenAPI / analytics schema conversion. Built from
@@ -18,8 +18,8 @@ interface WrapHandlerOptions {
    */
   schemaRegistry?: SchemaRegistry;
   /**
-   * Hookable instance — threaded so `wrapWithAnalytics` can register
-   * lifecycle listeners on `request:prepare` / `response:finalize`.
+   * Hookable instance threaded through so `wrapWithAnalytics` can register
+   * listeners on `request:prepare` / `response:finalize`.
    * @internal
    */
   hooks?: Hookable<SilgiHooks>;

package/dist/core/handler.mjs

@@ -1,5 +1,5 @@
 import { routerCache } from "./router-utils.mjs";
-import { compileRouter, createContext, detachContext, releaseContext } from "../compile.mjs";
+import { compileRouter } from "../compile.mjs";
 import { applyContext } from "./dispatch.mjs";
 import { detectResponseFormat, encodeResponse, makeErrorResponse } from "./codec.mjs";
 import { parseInput } from "./input.mjs";
@@ -7,58 +7,45 @@ import { iteratorToEventStream } from "./sse.mjs";
 import { parseUrlPath } from "./url.mjs";
 //#region src/core/handler.ts
 /**
-* Fetch API handler — single unified request handler.
+* Fetch API handler
+* -------------------
 *
-* Orchestrates: routing → context → input parsing → pipeline → response encoding.
-* Each concern lives in its own module (codec.ts, input.ts, sse.ts).
+* Every adapter that speaks the Fetch API (Next.js App Router, SvelteKit,
+* srvx, Bun, Cloudflare Workers, Deno) ends up calling the handler built
+* here. It is the single place that turns a `Request` into a `Response`
+* by running the compiled pipeline produced by `compileRouter`.
 *
-* Analytics / Scalar are NOT here — they wrap the handler externally
-* (see wrapWithAnalytics / wrapWithScalar in their respective modules).
+* Responsibilities, in order:
+*
+*   1. URL parsing and `basePath` stripping.
+*   2. Route lookup + HTTP method enforcement.
+*   3. Context construction (factory + optional `AsyncLocalStorage` bridge).
+*   4. `request:prepare` hook so plugins (analytics, etc.) can seed `ctx`.
+*   5. Input parsing (body / query / URL params).
+*   6. Pipeline execution — the compiled handler from `compileProcedure`.
+*   7. Response encoding (JSON, msgpack, stream, SSE, raw `Response`).
+*
+* Analytics and the Scalar UI are layered on top via `wrapHandler` — they
+* do not live inside the hot path.
 */
-/** Wrap a stream to release pooled context on completion or cancellation. */
-function wrapStreamWithRelease(source, ctx) {
-	let released = false;
-	const release = () => {
-		if (!released) {
-			released = true;
-			releaseContext(ctx);
-		}
-	};
-	const reader = source.getReader();
-	return new ReadableStream({
-		async pull(controller) {
-			try {
-				const { done, value } = await reader.read();
-				if (done) {
-					release();
-					controller.close();
-				} else controller.enqueue(value);
-			} catch (err) {
-				release();
-				controller.error(err);
-			}
-		},
-		cancel() {
-			release();
-			reader.cancel();
-		}
-	});
-}
 /**
-* Build the Response for a handler's output. The pooled `ctx` is released
-* by the caller's `using` scope; for streaming outputs we detach `ctx` first
-* so the stream becomes the sole owner (releases on stream end/cancel).
+* Convert a pipeline output into an HTTP `Response`.
+*
+* We handle four shapes:
+*   - `Response` — user returned one directly; pass through.
+*   - `ReadableStream` — wrap in a binary response.
+*   - Async iterator — render as Server-Sent Events.
+*   - Plain value — encode as JSON (or msgpack when the client asked for it).
+*
+* The function is async so callers have a single `await` point and do not
+* have to branch on sync-vs-async encoders underneath.
 */
-function makeResponse(output, route, format, ctx) {
+async function makeResponse(output, route, format) {
 	if (output instanceof Response) return output;
-	if (output instanceof ReadableStream) {
-		detachContext(ctx);
-		return new Response(wrapStreamWithRelease(output, ctx), { headers: { "content-type": "application/octet-stream" } });
-	}
+	if (output instanceof ReadableStream) return new Response(output, { headers: { "content-type": "application/octet-stream" } });
 	if (output && typeof output === "object" && Symbol.asyncIterator in output) {
-		detachContext(ctx);
 		const stream = iteratorToEventStream(output);
-		return new Response(wrapStreamWithRelease(stream, ctx), { headers: {
+		return new Response(stream, { headers: {
 			"content-type": "text/event-stream",
 			"cache-control": "no-cache"
 		} });
@@ -71,35 +58,42 @@ function makeResponse(output, route, format, ctx) {
 	} : { "content-type": "application/json" } });
 }
 /**
-* Lazily wrap a FetchHandler with analytics and/or scalar.
-* Returns a new handler that applies wrappers on first request (async import).
-* If no wrappers are needed, returns the original handler as-is.
+* Wrap a `FetchHandler` with Scalar UI and/or analytics, if configured.
+*
+* Both wrappers have non-trivial imports (Scalar pulls in the API
+* reference, analytics pulls in the dashboard). We defer those imports
+* until the first request so that a handler you never hit does not pay
+* the cost.
+*
+* If the lazy init fails (network blip, broken import) we fall back to
+* the raw handler and log once — one failed init must not wedge every
+* subsequent request.
 */
 function wrapHandler(handler, router, options, prefix) {
 	if (!options?.scalar && !options?.analytics) return handler;
 	let wrapped = handler;
 	let initDone = false;
 	let initPromise;
-	async function init() {
+	const init = async () => {
 		try {
-			let h = handler;
+			let next = handler;
 			if (options.scalar) {
 				const { wrapWithScalar } = await import("../scalar.mjs");
 				const scalarOpts = typeof options.scalar === "object" ? options.scalar : {};
-				h = wrapWithScalar(h, router, scalarOpts, prefix, options.schemaRegistry);
+				next = wrapWithScalar(next, router, scalarOpts, prefix, options.schemaRegistry);
 			}
 			if (options.analytics) {
 				const { wrapWithAnalytics } = await import("../plugins/analytics.mjs");
-				h = wrapWithAnalytics(h, router, options.analytics, options.schemaRegistry, options.hooks);
+				next = wrapWithAnalytics(next, router, options.analytics, options.schemaRegistry, options.hooks);
 			}
-			wrapped = h;
+			wrapped = next;
 		} catch (err) {
 			console.error("[silgi] Failed to initialise scalar/analytics wrapper:", err);
 			wrapped = handler;
 		} finally {
 			initDone = true;
 		}
-	}
+	};
 	return (request) => {
 		if (initDone) return wrapped(request);
 		initPromise ??= init();
@@ -119,10 +113,18 @@ function createFetchHandler(routerDef, contextFactory, hooks, prefix, bridge) {
 		status: 404,
 		message: "Procedure not found"
 	});
-	function reportHookError(name, err) {
+	/**
+	* Hook dispatch helpers.
+	*
+	* Hook errors never fail the request. But we do log them: silently
+	* swallowing a hook throw hides genuine user bugs (a typo'd field, a
+	* thrown assertion) and the dashboard / trace / logging pipeline just
+	* stops working with no visible signal.
+	*/
+	const reportHookError = (name, err) => {
 		console.error(`[silgi] hook "${name}" threw:`, err);
-	}
-	function callHook(name, event) {
+	};
+	const callHook = (name, event) => {
 		if (!hooks) return;
 		try {
 			const result = hooks.callHook(name, event);
@@ -130,16 +132,15 @@ function createFetchHandler(routerDef, contextFactory, hooks, prefix, bridge) {
 		} catch (err) {
 			reportHookError(name, err);
 		}
-	}
-	function awaitHook(name, event) {
+	};
+	const awaitHook = async (name, event) => {
 		if (!hooks) return;
 		try {
-			const result = hooks.callHook(name, event);
-			if (result instanceof Promise) return result.catch((err) => reportHookError(name, err));
+			await hooks.callHook(name, event);
 		} catch (err) {
 			reportHookError(name, err);
 		}
-	}
+	};
 	return async function handleRequest(request) {
 		const url = request.url;
 		let fullPath = parseUrlPath(url);
@@ -173,17 +174,15 @@ function createFetchHandler(routerDef, contextFactory, hooks, prefix, bridge) {
 			});
 		}
 		const format = detectResponseFormat(request);
-		using ctx = createContext();
+		const ctx = Object.create(null);
 		let rawInput;
 		try {
-			const baseCtxResult = contextFactory(request);
-			applyContext(ctx, baseCtxResult instanceof Promise ? await baseCtxResult : baseCtxResult);
+			applyContext(ctx, await contextFactory(request));
 			if (match.params) ctx.params = match.params;
-			const prepareResult = awaitHook("request:prepare", {
+			await awaitHook("request:prepare", {
 				request,
 				ctx
 			});
-			if (prepareResult) await prepareResult;
 			if (!route.passthrough) rawInput = await parseInput(request, url, qMark);
 			if (match.params) rawInput = rawInput != null && typeof rawInput === "object" ? {
 				...match.params,
@@ -193,8 +192,7 @@ function createFetchHandler(routerDef, contextFactory, hooks, prefix, bridge) {
 				path: pathname,
 				input: rawInput
 			});
-			const pipelineResult = bridge ? bridge.run(ctx, () => route.handler(ctx, rawInput, request.signal)) : route.handler(ctx, rawInput, request.signal);
-			const output = pipelineResult instanceof Promise ? await pipelineResult : pipelineResult;
+			const output = await (bridge ? bridge.run(ctx, () => route.handler(ctx, rawInput, request.signal)) : route.handler(ctx, rawInput, request.signal));
 			callHook("response", {
 				path: pathname,
 				output,
@@ -205,15 +203,13 @@ function createFetchHandler(routerDef, contextFactory, hooks, prefix, bridge) {
 				ctx,
 				output
 			});
-			const response = makeResponse(output, route, format, ctx);
-			return response instanceof Promise ? await response : response;
+			return await makeResponse(output, route, format);
 		} catch (error) {
 			callHook("error", {
 				path: pathname,
 				error
 			});
-			const errorResponse = makeErrorResponse(error, format);
-			return errorResponse instanceof Promise ? await errorResponse : errorResponse;
+			return await makeErrorResponse(error, format);
 		}
 	};
 }