npm - @appwarden/middleware - Versions diffs - 3.6.0 → 3.8.0 - Mend

@appwarden/middleware 3.6.0 → 3.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/README.md +29 -29
package/{chunk-AXWJZE7U.js → chunk-52NBQDQT.js} +1 -4
package/cloudflare/astro.js +4 -5
package/cloudflare/nextjs.js +3 -3
package/cloudflare/react-router.d.ts +419 -34
package/cloudflare/react-router.js +17 -35
package/cloudflare/tanstack-start.d.ts +415 -28
package/cloudflare/tanstack-start.js +15 -18
package/cloudflare.js +1 -1
package/index.js +1 -1
package/package.json +3 -2

package/cloudflare/react-router.js CHANGED Viewed

@@ -3,13 +3,10 @@ import {
 } from "../chunk-XFG6SUSV.js";
 import {
   useContentSecurityPolicy
-} from "../chunk-AXWJZE7U.js";
+} from "../chunk-52NBQDQT.js";
 import {
   getNowMs
 } from "../chunk-X7WZVYQS.js";
-import {
-  validateConfig
-} from "../chunk-MNGMTDH3.js";
 import {
   checkLockStatus
 } from "../chunk-G5FWKV2Q.js";
@@ -45,40 +42,31 @@ var ReactRouterCloudflareConfigSchema = z.object({
 });
 // src/adapters/react-router-cloudflare.ts
-var cloudflareContextSymbol = /* @__PURE__ */ Symbol.for(
-  "@appwarden/middleware:cloudflare"
-);
-function getCloudflareContext(context) {
-  if (context?.cloudflare) {
-    return context.cloudflare;
-  }
-  if (context?.get && typeof context.get === "function") {
-    try {
-      const cloudflare = context.get(cloudflareContextSymbol);
-      if (cloudflare) {
-        return cloudflare;
-      }
-    } catch {
-    }
-  }
-  return null;
-}
 function createAppwardenMiddleware(configFn) {
   return async (args, next) => {
     const startTime = getNowMs();
     const { request, context } = args;
     try {
-      const cloudflare = getCloudflareContext(context);
-      if (!cloudflare) {
+      if (!context?.env || !context?.waitUntil) {
         console.error(
           printMessage(
-            "Cloudflare context not found. Make sure you're running on Cloudflare Workers and have set up the context correctly."
+            "Runtime context missing required properties (env, waitUntil). Make sure you're passing the correct context to the middleware."
           )
         );
         return next();
       }
-      const config = configFn(cloudflare);
-      const debugFn = debug(config.debug ?? false);
+      const configInput = configFn(context);
+      const validationResult = ReactRouterCloudflareConfigSchema.safeParse(configInput);
+      if (!validationResult.success) {
+        console.error(
+          printMessage(
+            `Config validation failed: ${validationResult.error.message}`
+          )
+        );
+        return next();
+      }
+      const config = validationResult.data;
+      const debugFn = debug(config.debug);
       const requestUrl = new URL(request.url);
       const isHTML = isHTMLRequest(request);
       debugFn(
@@ -88,10 +76,6 @@ function createAppwardenMiddleware(configFn) {
       if (!isHTML) {
         return next();
       }
-      const hasError = validateConfig(config, ReactRouterCloudflareConfigSchema);
-      if (hasError) {
-        return next();
-      }
       if (isOnLockPage(config.lockPageSlug, request.url)) {
         debugFn("Already on lock page - skipping");
         return next();
@@ -102,7 +86,7 @@ function createAppwardenMiddleware(configFn) {
         appwardenApiHostname: config.appwardenApiHostname,
         debug: config.debug,
         lockPageSlug: config.lockPageSlug,
-        waitUntil: (fn) => cloudflare.ctx.waitUntil(fn)
+        waitUntil: context.waitUntil
       });
       if (result.isLocked) {
         const lockPageUrl = buildLockPageUrl(config.lockPageSlug, request.url);
@@ -112,12 +96,11 @@ function createAppwardenMiddleware(configFn) {
       debugFn("Website is unlocked");
       const response = await next();
       if (config.contentSecurityPolicy && isResponseLike(response)) {
-        debugFn("Applying CSP middleware");
         const cspContext = {
           request,
           response,
           hostname: requestUrl.hostname,
-          waitUntil: (fn) => cloudflare.ctx.waitUntil(fn),
+          waitUntil: context.waitUntil,
           debug: debugFn
         };
         await useContentSecurityPolicy(config.contentSecurityPolicy)(
@@ -147,6 +130,5 @@ function createAppwardenMiddleware(configFn) {
   };
 }
 export {
-  cloudflareContextSymbol,
   createAppwardenMiddleware
 };

package/cloudflare/tanstack-start.d.ts CHANGED Viewed

@@ -1,34 +1,422 @@
-import { U as UseCSPInput } from '../use-content-security-policy-DUYpyUPy.js';
-import 'zod';
+import { z } from 'zod';
 /**
- * Cloudflare context provided by TanStack Start on Cloudflare Workers.
- * This is the shape of the cloudflare context available in middleware.
+ * Zod schema for TanStack Start Cloudflare adapter configuration.
+ * Validates the config object returned by the configFn.
  */
-interface TanStackStartCloudflareContext {
-    env: CloudflareEnv;
-    ctx: ExecutionContext;
-}
-/**
- * Configuration for the Appwarden middleware.
- */
-interface TanStackStartAppwardenConfig {
+declare const TanStackStartCloudflareConfigSchema: z.ZodObject<{
     /** The slug/path of the lock page to redirect to when the site is locked */
-    lockPageSlug: string;
+    lockPageSlug: z.ZodString;
     /** The Appwarden API token for authentication */
-    appwardenApiToken: string;
+    appwardenApiToken: z.ZodEffects<z.ZodString, string, string>;
     /** Optional custom API hostname (defaults to https://api.appwarden.io) */
-    appwardenApiHostname?: string;
+    appwardenApiHostname: z.ZodOptional<z.ZodString>;
     /** Enable debug logging */
-    debug?: boolean;
+    debug: z.ZodDefault<z.ZodEffects<z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodBoolean]>>, boolean, string | boolean | undefined>>;
     /** Optional Content Security Policy configuration */
-    contentSecurityPolicy?: UseCSPInput;
+    contentSecurityPolicy: z.ZodOptional<z.ZodLazy<z.ZodEffects<z.ZodObject<{
+        mode: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"disabled">, z.ZodLiteral<"report-only">, z.ZodLiteral<"enforced">]>>>;
+        directives: z.ZodEffects<z.ZodEffects<z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodObject<{
+            "default-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "script-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "style-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "img-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "connect-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "font-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "object-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "media-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "frame-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            sandbox: z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "report-uri": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "child-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "form-action": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "frame-ancestors": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "plugin-types": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "base-uri": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "report-to": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "worker-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "manifest-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "prefetch-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "navigate-to": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "require-sri-for": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "block-all-mixed-content": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "upgrade-insecure-requests": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "trusted-types": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "require-trusted-types-for": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+        }, "strip", z.ZodTypeAny, {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        }, {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        }>]>>, string | {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined, string | {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined>, {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined, string | {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined>;
+    }, "strip", z.ZodTypeAny, {
+        mode: "disabled" | "report-only" | "enforced";
+        directives?: {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined;
+    }, {
+        mode?: "disabled" | "report-only" | "enforced" | undefined;
+        directives?: string | {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined;
+    }>, {
+        mode: "disabled" | "report-only" | "enforced";
+        directives?: {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined;
+    }, {
+        mode?: "disabled" | "report-only" | "enforced" | undefined;
+        directives?: string | {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined;
+    }>>>;
+}, "strip", z.ZodTypeAny, {
+    debug: boolean;
+    lockPageSlug: string;
+    appwardenApiToken: string;
+    contentSecurityPolicy?: {
+        mode: "disabled" | "report-only" | "enforced";
+        directives?: {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined;
+    } | undefined;
+    appwardenApiHostname?: string | undefined;
+}, {
+    lockPageSlug: string;
+    appwardenApiToken: string;
+    debug?: string | boolean | undefined;
+    contentSecurityPolicy?: {
+        mode?: "disabled" | "report-only" | "enforced" | undefined;
+        directives?: string | {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined;
+    } | undefined;
+    appwardenApiHostname?: string | undefined;
+}>;
+type TanStackStartCloudflareConfigInput = z.input<typeof TanStackStartCloudflareConfigSchema>;
+/**
+ * Minimal runtime context type for TanStack Start adapter.
+ * Contains only what the adapter and config function need.
+ * Users provide this context by importing env and waitUntil from "cloudflare:workers".
+ */
+interface TanStackStartRuntimeContext {
+    env: CloudflareEnv;
+    waitUntil(promise: Promise<unknown>): void;
 }
 /**
- * Configuration function that receives the Cloudflare context and returns the config.
+ * Configuration function that receives the runtime context and returns the config.
  * This allows dynamic configuration based on environment variables.
+ * Accepts pre-transformation input types (e.g., string | boolean for debug, string | object for CSP directives).
  */
-type TanStackStartConfigFn = (cloudflare: TanStackStartCloudflareContext) => TanStackStartAppwardenConfig;
+type TanStackStartConfigFn = (runtime: TanStackStartRuntimeContext) => TanStackStartCloudflareConfigInput;
 /**
  * The result returned by the `next()` function in TanStack Start request middleware.
  *
@@ -52,17 +440,13 @@ type TanStackStartNextFn = (options?: {
 /**
  * TanStack Start middleware server callback arguments.
  *
- * Mirrors the official TanStack Start `RequestServerOptions` interface, with
- * an additional optional `cloudflare` context property for Cloudflare
- * Workers deployments.
+ * Mirrors the official TanStack Start `RequestServerOptions` interface.
+ * The context should include env and waitUntil from the Cloudflare Workers runtime.
  */
 interface TanStackStartMiddlewareArgs {
     request: Request;
     pathname: string;
-    context: {
-        cloudflare?: TanStackStartCloudflareContext;
-        [key: string]: unknown;
-    };
+    context: TanStackStartRuntimeContext & Record<string, unknown>;
     next: TanStackStartNextFn;
     serverFnMeta?: unknown;
 }
@@ -71,8 +455,11 @@ interface TanStackStartMiddlewareArgs {
  *
  * Mirrors the official TanStack Start `RequestServerFn` type used for
  * request middleware server functions.
+ *
+ * Note: The middleware either returns TanStackStartNextResult or throws a Response (redirect).
+ * Thrown values are not part of the return type.
  */
-type TanStackStartMiddlewareFunction = (args: TanStackStartMiddlewareArgs) => Promise<TanStackStartNextResult | Response>;
+type TanStackStartMiddlewareFunction = (args: TanStackStartMiddlewareArgs) => Promise<TanStackStartNextResult>;
 /**
  *
  * @param configFn - A function that receives the Cloudflare context and returns the config
@@ -80,4 +467,4 @@ type TanStackStartMiddlewareFunction = (args: TanStackStartMiddlewareArgs) => Pr
  */
 declare function createAppwardenMiddleware(configFn: TanStackStartConfigFn): TanStackStartMiddlewareFunction;
-export { type TanStackStartCloudflareContext, createAppwardenMiddleware };
+export { createAppwardenMiddleware };