etr
diff --git a/‎src/detail/webserver_aliases.cpp‎
Lines changed: 149 additions & 145 deletions b/‎src/detail/webserver_aliases.cpp‎
Lines changed: 149 additions & 145 deletions
diff --git a/‎src/detail/webserver_dispatch.cpp‎
Lines changed: 23 additions & 17 deletions b/‎src/detail/webserver_dispatch.cpp‎
Lines changed: 23 additions & 17 deletions
diff --git a/‎src/detail/webserver_register.cpp‎
Lines changed: 35 additions & 31 deletions b/‎src/detail/webserver_register.cpp‎
Lines changed: 35 additions & 31 deletions
diff --git a/‎src/detail/webserver_routes.cpp‎
Lines changed: 31 additions & 27 deletions b/‎src/detail/webserver_routes.cpp‎
Lines changed: 31 additions & 27 deletions
diff --git a/‎src/hook_handle.cpp‎
Lines changed: 80 additions & 52 deletions b/‎src/hook_handle.cpp‎
Lines changed: 80 additions & 52 deletions
@@ -265,6 +265,28 @@ webserver_impl::lookup_v2(http_method method, const std::string& path) {
 // would also work because single_resource installs a radix prefix at
 // "/"). Reading registered_resources avoids the captured-params /
 // route_entry plumbing for a configuration that has no parameters.
+// single_resource fast path: the one registered endpoint serves every
+// URL. Read it directly from registered_resources.
+// registered_resources_mutex protects a registration-time data store;
+// under dispatch we still need a shared lock to make the read-then-copy
+// atomic with respect to a concurrent unregister_path. (single_resource
+// webservers do not support runtime register/unregister in practice,
+// but the lock is cheap when uncontended and the safety guarantee is
+// worth it.) Returns false when no resource is registered yet.
+bool webserver_impl::resolve_single_resource_(detail::modded_request* mr,
+        std::shared_ptr<http_resource>& hrm,
+        bool need_path_template) {
+    std::shared_lock registered_resources_lock(registered_resources_mutex);
+    if (registered_resources.empty()) return false;
+    const auto& only = *registered_resources.begin();
+    hrm = only.second;
+    if (need_path_template) {
+        mr->matched_path_template = only.first.get_url_complete();
+        mr->matched_is_prefix = only.first.is_family_url();
+    }
+    return true;
+}
+
 bool webserver_impl::resolve_resource_for_request(detail::modded_request* mr,
         std::shared_ptr<http_resource>& hrm) {
     // matched_path_template + matched_is_prefix feed the route_resolved
@@ -274,24 +296,8 @@ bool webserver_impl::resolve_resource_for_request(detail::modded_request* mr,
         has_hooks_for(hook_phase::route_resolved) ||
         has_hooks_for(hook_phase::before_handler);
 
-    // single_resource fast path: the one registered endpoint serves
-    // every URL. Read it directly from registered_resources.
-    // registered_resources_mutex protects a registration-time data
-    // store; under dispatch we still need a shared lock to make the
-    // read-then-copy atomic with respect to a concurrent
-    // unregister_path. (NOTE: single_resource webservers do not
-    // support runtime register/unregister in practice, but the lock
-    // is cheap when uncontended and the safety guarantee is worth it.)
     if (parent->single_resource) {
-        std::shared_lock registered_resources_lock(registered_resources_mutex);
-        if (registered_resources.empty()) return false;
-        const auto& only = *registered_resources.begin();
-        hrm = only.second;
-        if (need_path_template) {
-            mr->matched_path_template = only.first.get_url_complete();
-            mr->matched_is_prefix = only.first.is_family_url();
-        }
-        return true;
+        return resolve_single_resource_(mr, hrm, need_path_template);
     }
 
     // v2 lookup pipeline: cache -> exact -> radix -> regex.
 
@@ -101,16 +101,40 @@ using detail::route_tier_result;
 // this private helper, which carries the validation and insertion logic.
 // Keeping the work in one place prevents drift between the two registration
 // kinds.
-void webserver::register_impl_(const std::string& resource,
-                               std::shared_ptr<http_resource> res,
-                               bool family) {
+// Input-validation guard for register_impl_. Extracted so register_impl_
+// stays inside the project-wide CCN gate.
+void webserver::validate_register_inputs_(const std::string& resource,
+        const std::shared_ptr<http_resource>& res, bool family) const {
     if (res == nullptr) {
         throw std::invalid_argument("The http_resource pointer cannot be null");
     }
-
     if (single_resource && ((resource != "" && resource != "/") || !family)) {
-        throw std::invalid_argument("The resource should be '' or '/' and be registered via register_prefix when using a single_resource server");
+        throw std::invalid_argument(
+            "The resource should be '' or '/' and be registered via "
+            "register_prefix when using a single_resource server");
     }
+}
+
+// Roll back the v1-side inserts performed by register_impl_ when
+// register_v2_route throws. Locks are reacquired briefly for the rollback;
+// the registration was visible to readers in the window between, which
+// is a harmless read-stale effect (same as the cache-invalidation window).
+void webserver::rollback_register_(const detail::http_endpoint& idx,
+                                   bool is_plain_path) {
+    std::unique_lock rollback_lock(impl_->registered_resources_mutex);
+    impl_->registered_resources.erase(idx);
+    if (is_plain_path) {
+        impl_->registered_resources_str.erase(idx.get_url_complete());
+    }
+    if (idx.is_regex_compiled()) {
+        impl_->registered_resources_regex.erase(idx);
+    }
+}
+
+void webserver::register_impl_(const std::string& resource,
+                               std::shared_ptr<http_resource> res,
+                               bool family) {
+    validate_register_inputs_(resource, res, family);
 
     detail::http_endpoint idx(resource, family, true, regex_checking);
 
@@ -143,36 +167,16 @@ void webserver::register_impl_(const std::string& resource,
         impl_->registered_resources_regex.insert({idx, res});
     }
     // Release the registration mutex before clearing the LRU cache.
-    // route_lru_cache.clear() takes the cache's internal mutex; the
-    // lock order documented in webserver_impl.hpp acquires the table
-    // mutex BEFORE the cache mutex and never both at once, so the
-    // registration mutex (which gates the registration-side maps,
-    // distinct from the v2 table mutex) is also released first as a
-    // matter of discipline.
     registered_resources_lock.unlock();
-    // A reader can transiently see the new entry without a warm cache,
-    // causing one extra tier walk on the first hit — harmless read-stale
-    // effect: the resource is already visible under the shared lock.
-
-    // TASK-056: register_v2_route may throw std::invalid_argument when a
-    // prefix-vs-exact terminus collision is detected on the canonical
-    // path. If it does, undo the v1 inserts above so the table stays
-    // consistent with the caller's mental model ("the call threw, so
-    // nothing was registered"). Locks are reacquired briefly for the
-    // rollback; the registration was visible to readers in the window
-    // between, which is the same harmless read-stale effect documented
-    // for the cache invalidation comment above.
+
+    // TASK-056: register_v2_route may throw on a prefix-vs-exact terminus
+    // collision; roll back the v1 inserts above so the table stays
+    // consistent with the caller's "the call threw, so nothing was
+    // registered" mental model.
     try {
         impl_->register_v2_route(idx, std::move(res), family);
     } catch (...) {
-        std::unique_lock rollback_lock(impl_->registered_resources_mutex);
-        impl_->registered_resources.erase(idx);
-        if (is_plain_path) {
-            impl_->registered_resources_str.erase(idx.get_url_complete());
-        }
-        if (idx.is_regex_compiled()) {
-            impl_->registered_resources_regex.erase(idx);
-        }
+        rollback_register_(idx, is_plain_path);
         throw;
     }
     impl_->invalidate_route_cache();
 
@@ -343,9 +343,11 @@ void webserver_impl::upsert_v2_table_entry(const detail::http_endpoint& idx,
 
 }  // namespace detail
 
-void webserver::on_methods_(method_set methods,
-                            const std::string& path,
-                            std::function<http_response(const http_request&)> handler) {
+// Input-validation guard for on_methods_. Extracted so on_methods_ stays
+// inside the project-wide CCN gate.
+void webserver::validate_on_methods_inputs_(method_set methods,
+        const std::string& path,
+        const std::function<http_response(const http_request&)>& handler) const {
     if (methods.empty()) {
         throw std::invalid_argument(
             "route(method_set, ...) requires at least one method bit set");
@@ -382,6 +384,28 @@ void webserver::on_methods_(method_set methods,
         throw std::invalid_argument(
             "Route path must not contain embedded null bytes");
     }
+}
+
+// Roll back the v1-side inserts performed by on_methods_ when
+// upsert_v2_table_entry throws. Only the fresh-entry case is meaningful
+// here -- existing entries are pre-rejected by prepare_or_create_lambda_shim
+// before any mutation, so no rollback is needed.
+void webserver::rollback_on_methods_fresh_entry_(
+        const detail::http_endpoint& idx) {
+    std::unique_lock rollback_lock(impl_->registered_resources_mutex);
+    impl_->registered_resources.erase(idx);
+    if (idx.get_url_pars().empty()) {
+        impl_->registered_resources_str.erase(idx.get_url_complete());
+    }
+    if (idx.is_regex_compiled()) {
+        impl_->registered_resources_regex.erase(idx);
+    }
+}
+
+void webserver::on_methods_(method_set methods,
+                            const std::string& path,
+                            std::function<http_response(const http_request&)> handler) {
+    validate_on_methods_inputs_(methods, path, handler);
 
     detail::http_endpoint idx(path, /*family=*/false,
                               /*registration=*/true, regex_checking);
@@ -392,37 +416,17 @@ void webserver::on_methods_(method_set methods,
         // Scoped block: registered_resources_mutex is released at the
         // closing brace, before upsert_v2_table_entry (which takes its
         // own route_table_mutex_) and before invalidate_route_cache
-        // (which takes the route_lru_cache internal mutex). This
-        // lock-ordering — registration mutex released before
-        // table/cache mutexes are acquired — prevents deadlock.
+        // (which takes the route_lru_cache internal mutex).
         std::unique_lock registered_resources_lock(impl_->registered_resources_mutex);
         shim = impl_->prepare_or_create_lambda_shim(idx, methods, is_new_entry);
         impl_->commit_handlers_to_shim(*shim, methods, std::move(handler));
         if (is_new_entry) impl_->insert_fresh_v1_entries(idx, shim);
-    }  // registered_resources_lock released here
-
-    // TASK-056: upsert_v2_table_entry may throw std::invalid_argument
-    // when a prefix-vs-exact terminus collision is detected. Roll back
-    // the v1 inserts above on throw so the table stays consistent with
-    // the caller's mental model. The fresh-entry rollback is the only
-    // case that needs work: for the existing-entry path, on_methods_'s
-    // prepare_or_create_lambda_shim atomicity pre-check would have
-    // rejected duplicates BEFORE any mutation, so we never get here.
+    }
+
     try {
         impl_->upsert_v2_table_entry(idx, methods, shim, is_new_entry);
     } catch (...) {
-        if (is_new_entry) {
-            std::unique_lock rollback_lock(
-                impl_->registered_resources_mutex);
-            impl_->registered_resources.erase(idx);
-            if (idx.get_url_pars().empty()) {
-                impl_->registered_resources_str.erase(
-                    idx.get_url_complete());
-            }
-            if (idx.is_regex_compiled()) {
-                impl_->registered_resources_regex.erase(idx);
-            }
-        }
+        if (is_new_entry) rollback_on_methods_fresh_entry_(idx);
         throw;
     }
     impl_->invalidate_route_cache();
 
@@ -101,6 +101,82 @@ static void remove_per_route(std::weak_ptr<detail::resource_hook_table>& weak,
     }
 }
 
+namespace {
+
+// erase_slot_for_phase: route the (impl, phase, slot_id) tuple to the
+// correctly-typed per-phase vector and invoke `erase_and_reset` (a generic
+// lambda) on it. Split out of hook_handle::remove so the parent function
+// stays under the project-wide CCN gate; the per-phase typed dispatch is
+// intrinsically one-arm-per-phase so the CCN cost lives here instead.
+// The dispatch is split into two helpers (`_lifecycle` / `_handler`) so
+// each helper stays inside the CCN ceiling.
+
+template <class EraseFn>
+void erase_slot_for_lifecycle_phase_(detail::webserver_impl* impl,
+                                     hook_phase phase,
+                                     const EraseFn& erase_and_reset) {
+    switch (phase) {
+    case hook_phase::connection_opened:
+        erase_and_reset(impl->hooks_connection_opened_); break;
+    case hook_phase::accept_decision:
+        erase_and_reset(impl->hooks_accept_decision_); break;
+    case hook_phase::request_received:
+        erase_and_reset(impl->hooks_request_received_); break;
+    case hook_phase::body_chunk:
+        erase_and_reset(impl->hooks_body_chunk_); break;
+    case hook_phase::route_resolved:
+        erase_and_reset(impl->hooks_route_resolved_); break;
+    default:
+        break;
+    }
+}
+
+template <class EraseFn>
+void erase_slot_for_handler_phase_(detail::webserver_impl* impl,
+                                   hook_phase phase,
+                                   const EraseFn& erase_and_reset) {
+    switch (phase) {
+    case hook_phase::before_handler:
+        erase_and_reset(impl->hooks_before_handler_); break;
+    case hook_phase::handler_exception:
+        // Finding #6 (forward-looking): if a future task adds a runtime
+        // re-registration path for handler_exception_alias_, remove()
+        // will also need a path to clear that slot and re-evaluate
+        // any_hooks_. Currently any_hooks_ remains true while the alias
+        // is wired; removing only a user-vector entry does not clear it
+        // if the alias is still set. Add that handling alongside the
+        // runtime setter.
+        erase_and_reset(impl->hooks_handler_exception_); break;
+    case hook_phase::after_handler:
+        erase_and_reset(impl->hooks_after_handler_); break;
+    case hook_phase::response_sent:
+        erase_and_reset(impl->hooks_response_sent_); break;
+    case hook_phase::request_completed:
+        erase_and_reset(impl->hooks_request_completed_); break;
+    case hook_phase::connection_closed:
+        erase_and_reset(impl->hooks_connection_closed_); break;
+    default:
+        break;
+    }
+}
+
+template <class EraseFn>
+void erase_slot_for_phase(detail::webserver_impl* impl,
+                          hook_phase phase,
+                          const EraseFn& erase_and_reset) {
+    // The switch arms in the helpers below cannot collapse into a table
+    // lookup because each phase vector is a differently-typed
+    // phase_entry<Sig>.
+    if (static_cast<int>(phase) <=
+            static_cast<int>(hook_phase::route_resolved)) {
+        erase_slot_for_lifecycle_phase_(impl, phase, erase_and_reset);
+        return;
+    }
+    erase_slot_for_handler_phase_(impl, phase, erase_and_reset);
+}
+
+}  // namespace
+
 void hook_handle::remove() noexcept {
     if (!armed_) {
         return;
@@ -133,19 +209,10 @@ void hook_handle::remove() noexcept {
     // practice (single-digit hook counts). A not-found result is the
     // idempotent no-op case: the slot was already erased by an earlier
     // remove() or never inserted (defensive).
-    //
-    // erase_if_found returns true iff the slot was found and erased.
-    // We use the return value to skip reset_gate_if_empty on a no-op
-    // erase (the gate value is already consistent -- no erase happened).
-    // A false return from an armed handle would indicate a bug in
-    // register_hook_impl (slot never inserted); an assert catches this in
-    // debug builds. The !armed_ early-return above ensures that a second
-    // remove() on the same handle never reaches this code path.
     // erase_and_reset: linear scan for the slot, erase if found, and
-    // clear the any_hooks_ gate if the vector becomes empty. The two
-    // operations stay together so a new phase only adds a one-line
-    // switch arm. Phase vectors are tiny in practice (single-digit
-    // hook counts), so linear scan is the right shape here.
+    // clear the any_hooks_ gate if the vector becomes empty. Phase
+    // vectors are tiny in practice (single-digit hook counts), so
+    // linear scan is the right shape here.
     auto erase_and_reset = [id, impl, phase](auto& vec) {
         for (auto it = vec.begin(); it != vec.end(); ++it) {
             if (it->slot_id == id) {
@@ -159,46 +226,7 @@ void hook_handle::remove() noexcept {
         }
     };
 
-    // The switch arms below cannot collapse into a table lookup because
-    // each phase vector is a differently-typed phase_entry<Sig> — a
-    // type-erased unification would either need std::visit over a
-    // tuple-of-vectors or boxing each callable, both of which add
-    // indirection on the hot path. One arm per phase is the safest
-    // shape until the phase set stabilises post-TASK-051.
-    switch (phase) {
-    case hook_phase::connection_opened:
-        erase_and_reset(impl->hooks_connection_opened_); break;
-    case hook_phase::accept_decision:
-        erase_and_reset(impl->hooks_accept_decision_); break;
-    case hook_phase::request_received:
-        erase_and_reset(impl->hooks_request_received_); break;
-    case hook_phase::body_chunk:
-        erase_and_reset(impl->hooks_body_chunk_); break;
-    case hook_phase::route_resolved:
-        erase_and_reset(impl->hooks_route_resolved_); break;
-    case hook_phase::before_handler:
-        erase_and_reset(impl->hooks_before_handler_); break;
-    case hook_phase::handler_exception:
-        // Finding #6 (forward-looking): if a future task adds a runtime
-        // re-registration path for handler_exception_alias_, remove()
-        // will also need a path to clear that slot and re-evaluate
-        // any_hooks_. Currently any_hooks_ remains true while the alias
-        // is wired; removing only a user-vector entry does not clear it
-        // if the alias is still set. Add that handling alongside the
-        // runtime setter.
-        erase_and_reset(impl->hooks_handler_exception_); break;
-    case hook_phase::after_handler:
-        erase_and_reset(impl->hooks_after_handler_); break;
-    case hook_phase::response_sent:
-        erase_and_reset(impl->hooks_response_sent_); break;
-    case hook_phase::request_completed:
-        erase_and_reset(impl->hooks_request_completed_); break;
-    case hook_phase::connection_closed:
-        erase_and_reset(impl->hooks_connection_closed_); break;
-    case hook_phase::count_:
-        // Unreachable: an armed handle always carries a valid phase.
-        break;
-    }
+    erase_slot_for_phase(impl, phase, erase_and_reset);
 }
 
 hook_handle hook_handle::detach() && noexcept {