@arcjet/node 1.0.0-alpha.9 → 1.0.0-beta.2

package/README.md

@@ -1,7 +1,7 @@
 <a href="https://arcjet.com" target="_arcjet-home">
   <picture>
-    <source media="(prefers-color-scheme: dark)" srcset="https://arcjet.com/arcjet-logo-dark-planet-arrival.svg">
-    <img src="https://arcjet.com/arcjet-logo-light-planet-arrival.svg" alt="Arcjet Logo" height="144" width="auto">
+    <source media="(prefers-color-scheme: dark)" srcset="https://arcjet.com/logo/arcjet-dark-lockup-voyage-horizontal.svg">
+    <img src="https://arcjet.com/logo/arcjet-light-lockup-voyage-horizontal.svg" alt="Arcjet Logo" height="128" width="auto">
   </picture>
 </a>
 
@@ -17,13 +17,22 @@
 </p>
 
 [Arcjet][arcjet] helps developers protect their apps in just a few lines of
-code. Implement rate limiting, bot protection, email verification & defend
+code. Implement rate limiting, bot protection, email verification, and defense
 against common attacks.
 
 This is the [Arcjet][arcjet] SDK for [Node.js][node-js].
 
 **Looking for our Next.js framework SDK?** Check out the
-[`@arcjet/next`](https://www.npmjs.com/package/@arcjet/next) package.
+[`@arcjet/next`][alt-sdk] package.
+
+## Getting started
+
+Visit the [quick start guide][quick-start] to get started.
+
+## Example app
+
+Try an Arcjet protected app live at [https://example.arcjet.com][example-url]
+([source code][example-source]).
 
 ## Installation
 
@@ -33,27 +42,34 @@ npm install -S @arcjet/node
 
 ## Rate limit example
 
-The [Arcjet rate limit][rate-limit-concepts-docs] example below applies a token
-bucket rate limit rule to a route where we identify the user based on their ID
-e.g. if they are logged in. The bucket is configured with a maximum capacity of
-10 tokens and refills by 5 tokens every 10 seconds. Each request consumes 5
-tokens.
+The example below applies a token bucket rate limit rule to a route where we
+identify the user based on their ID e.g. if they are logged in. The bucket is
+configured with a maximum capacity of 10 tokens and refills by 5 tokens every 10
+seconds. Each request consumes 5 tokens.
+
+Bot detection is also enabled to block requests from known bots.
 
 ```ts
-import arcjet, { tokenBucket } from "@arcjet/node";
+import arcjet, { tokenBucket, detectBot } from "@arcjet/node";
 import http from "node:http";
 
 const aj = arcjet({
   key: process.env.ARCJET_KEY!, // Get your site key from https://app.arcjet.com
+  characteristics: ["userId"], // track requests by a custom user ID
   rules: [
     // Create a token bucket rate limit. Other algorithms are supported.
     tokenBucket({
       mode: "LIVE", // will block requests. Use "DRY_RUN" to log only
-      characteristics: ["userId"], // track requests by a custom user ID
       refillRate: 5, // refill 5 tokens per interval
       interval: 10, // refill every 10 seconds
       capacity: 10, // bucket maximum capacity of 10 tokens
     }),
+    detectBot({
+      mode: "LIVE", // will block requests. Use "DRY_RUN" to log only
+      // configured with a list of bots to allow from
+      // https://arcjet.com/bot-list
+      allow: [], // "allow none" will block all detected bots
+    }),
   ],
 });
 
@@ -66,10 +82,8 @@ const server = http.createServer(async function (
   console.log("Arcjet decision", decision);
 
   if (decision.isDenied()) {
-    res.writeHead(429, { "Content-Type": "application/json" });
-    res.end(
-      JSON.stringify({ error: "Too Many Requests", reason: decision.reason }),
-    );
+    res.writeHead(403, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ error: "Forbidden" }));
   } else {
     res.writeHead(200, { "Content-Type": "application/json" });
     res.end(JSON.stringify({ message: "Hello world" }));
@@ -82,19 +96,20 @@ server.listen(8000);
 ## Shield example
 
 [Arcjet Shield][shield-concepts-docs] protects your application against common
-attacks, including the OWASP Top 10. It’s enabled by default and runs on every
-request with negligible performance impact.
+attacks, including the OWASP Top 10. You can run Shield on every request with
+negligible performance impact.
 
 ```ts
-import arcjet from "@arcjet/node";
+import arcjet, { shield } from "@arcjet/node";
 import http from "node:http";
 
 const aj = arcjet({
-  // Get your site key from https://app.arcjet.com
-  // and set it as an environment variable rather than hard coding.
-  // See: https://nextjs.org/docs/app/building-your-application/configuring/environment-variables
-  key: process.env.ARCJET_KEY,
-  rules: [], // Shield requires no rule configuration
+  key: process.env.ARCJET_KEY!, // Get your site key from https://app.arcjet.com
+  rules: [
+    shield({
+      mode: "LIVE", // will block requests. Use "DRY_RUN" to log only
+    }),
+  ],
 });
 
 const server = http.createServer(async function (
@@ -121,6 +136,9 @@ Licensed under the [Apache License, Version 2.0][apache-license].
 
 [arcjet]: https://arcjet.com
 [node-js]: https://nodejs.org/
-[rate-limit-concepts-docs]: https://docs.arcjet.com/rate-limiting/concepts
+[alt-sdk]: https://www.npmjs.com/package/@arcjet/next
+[example-url]: https://example.arcjet.com
+[quick-start]: https://docs.arcjet.com/get-started/nodejs
+[example-source]: https://github.com/arcjet/arcjet-js-example
 [shield-concepts-docs]: https://docs.arcjet.com/shield/concepts
 [apache-license]: http://www.apache.org/licenses/LICENSE-2.0

package/index.d.ts

@@ -1,4 +1,4 @@
-import { ArcjetDecision, ArcjetOptions, Primitive, Product, Runtime, ExtraProps, RemoteClient, RemoteClientOptions } from "arcjet";
+import type { ArcjetDecision, ArcjetOptions as CoreOptions, Primitive, Product, ExtraProps, CharacteristicProps } from "arcjet";
 export * from "arcjet";
 type Simplify<T> = {
     [KeyType in keyof T]: T[KeyType];
@@ -10,7 +10,12 @@ type WithoutCustomProps = {
 type PlainObject = {
     [key: string]: unknown;
 };
-export declare function createNodeRemoteClient(options?: RemoteClientOptions): RemoteClient;
+export type RemoteClientOptions = {
+    baseUrl?: string;
+    timeout?: number;
+};
+export declare function createRemoteClient(options?: RemoteClientOptions): import("@arcjet/protocol/client.js").Client;
+type EventHandlerLike = (event: string, listener: (...args: any[]) => void) => void;
 export interface ArcjetNodeRequest {
     headers?: Record<string, string | string[] | undefined>;
     socket?: Partial<{
@@ -20,13 +25,26 @@ export interface ArcjetNodeRequest {
     method?: string;
     httpVersion?: string;
     url?: string;
+    body?: unknown;
+    on?: EventHandlerLike;
+    removeListener?: EventHandlerLike;
+    readable?: boolean;
 }
+/**
+ * The options used to configure an {@link ArcjetNode} client.
+ */
+export type ArcjetOptions<Rules extends [...Array<Primitive | Product>], Characteristics extends readonly string[]> = Simplify<CoreOptions<Rules, Characteristics> & {
+    /**
+     * One or more IP Address of trusted proxies in front of the application.
+     * These addresses will be excluded when Arcjet detects a public IP address.
+     */
+    proxies?: Array<string>;
+}>;
 /**
  * The ArcjetNode client provides a public `protect()` method to
  * make a decision about how a Node.js request should be handled.
  */
 export interface ArcjetNode<Props extends PlainObject> {
-    get runtime(): Runtime;
     /**
      * Runs a request through the configured protections. The request is
      * analyzed and then a decision made on whether to allow, deny, or challenge
@@ -54,4 +72,4 @@ export interface ArcjetNode<Props extends PlainObject> {
  *
  * @param options - Arcjet configuration options to apply to all requests.
  */
-export default function arcjet<const Rules extends (Primitive | Product)[]>(options: ArcjetOptions<Rules>): ArcjetNode<Simplify<ExtraProps<Rules>>>;
+export default function arcjet<const Rules extends (Primitive | Product)[], const Characteristics extends readonly string[]>(options: ArcjetOptions<Rules, Characteristics>): ArcjetNode<Simplify<ExtraProps<Rules> & CharacteristicProps<Characteristics>>>;

package/index.js

@@ -1,22 +1,45 @@
-import { createConnectTransport } from '@connectrpc/connect-node';
-import core__default, { defaultBaseUrl, createRemoteClient, ArcjetHeaders } from 'arcjet';
+import core__default from 'arcjet';
 export * from 'arcjet';
 import findIP from '@arcjet/ip';
+import ArcjetHeaders from '@arcjet/headers';
+import { logLevel, baseUrl, isDevelopment, platform } from '@arcjet/env';
+import { Logger } from '@arcjet/logger';
+import { createClient } from '@arcjet/protocol/client.js';
+import { createTransport } from '@arcjet/transport';
+import { readBody } from '@arcjet/body';
 
-function createNodeRemoteClient(options) {
+// TODO: Deduplicate with other packages
+function errorMessage(err) {
+    if (err) {
+        if (typeof err === "string") {
+            return err;
+        }
+        if (typeof err === "object" &&
+            "message" in err &&
+            typeof err.message === "string") {
+            return err.message;
+        }
+    }
+    return "Unknown problem";
+}
+function createRemoteClient(options) {
     // The base URL for the Arcjet API. Will default to the standard production
     // API unless environment variable `ARCJET_BASE_URL` is set.
-    const baseUrl = options?.baseUrl ?? defaultBaseUrl();
+    const url = options?.baseUrl ?? baseUrl(process.env);
+    // The timeout for the Arcjet API in milliseconds. This is set to a low value
+    // in production so calls fail open.
+    const timeout = options?.timeout ?? (isDevelopment(process.env) ? 1000 : 500);
     // Transport is the HTTP client that the client uses to make requests.
-    const transport = options?.transport ??
-        createConnectTransport({
-            baseUrl,
-            httpVersion: "2",
-        });
-    // TODO(#223): Do we want to allow overrides to either of these? If not, we should probably define a separate type for `options`
+    const transport = createTransport(url);
     const sdkStack = "NODEJS";
-    const sdkVersion = "1.0.0-alpha.9";
-    return createRemoteClient({ ...options, transport, sdkStack, sdkVersion });
+    const sdkVersion = "1.0.0-beta.2";
+    return createClient({
+        transport,
+        baseUrl: url,
+        timeout,
+        sdkStack,
+        sdkVersion,
+    });
 }
 function cookiesToString(cookies) {
     if (typeof cookies === "undefined") {
@@ -28,70 +51,6 @@ function cookiesToString(cookies) {
     }
     return cookies;
 }
-function toArcjetRequest(request, props) {
-    // We construct an ArcjetHeaders to normalize over Headers
-    const headers = new ArcjetHeaders(request.headers);
-    const ip = findIP(request, headers);
-    const method = request.method ?? "";
-    const host = headers.get("host") ?? "";
-    let path = "";
-    let query = "";
-    let protocol = "";
-    if (typeof request.socket?.encrypted !== "undefined") {
-        protocol = request.socket.encrypted ? "https:" : "http:";
-    }
-    else {
-        protocol = "http:";
-    }
-    // Do some very simple validation, but also try/catch around URL parsing
-    if (typeof request.url !== "undefined" && request.url !== "" && host !== "") {
-        try {
-            const url = new URL(request.url, `${protocol}//${host}`);
-            path = url.pathname;
-            query = url.search;
-            protocol = url.protocol;
-        }
-        catch {
-            // If the parsing above fails, just set the path as whatever url we
-            // received.
-            // TODO(#216): Add logging to arcjet-node
-            path = request.url ?? "";
-        }
-    }
-    else {
-        path = request.url ?? "";
-    }
-    const cookies = cookiesToString(request.headers?.cookie);
-    return {
-        ...props,
-        ip,
-        method,
-        protocol,
-        host,
-        path,
-        headers,
-        cookies,
-        query,
-    };
-}
-function withClient(aj) {
-    return Object.freeze({
-        get runtime() {
-            return aj.runtime;
-        },
-        withRule(rule) {
-            const client = aj.withRule(rule);
-            return withClient(client);
-        },
-        async protect(request, ...[props]) {
-            // TODO(#220): The generic manipulations get really mad here, so we cast
-            // Further investigation makes it seem like it has something to do with
-            // the definition of `props` in the signature but it's hard to track down
-            const req = toArcjetRequest(request, props ?? {});
-            return aj.protect(req);
-        },
-    });
-}
 /**
  * Create a new {@link ArcjetNode} client. Always build your initial client
  * outside of a request handler so it persists across requests. If you need to
@@ -101,9 +60,135 @@ function withClient(aj) {
  * @param options - Arcjet configuration options to apply to all requests.
  */
 function arcjet(options) {
-    const client = options.client ?? createNodeRemoteClient();
-    const aj = core__default({ ...options, client });
+    const client = options.client ?? createRemoteClient();
+    const log = options.log
+        ? options.log
+        : new Logger({
+            level: logLevel(process.env),
+        });
+    function toArcjetRequest(request, props) {
+        // We pull the cookies from the request before wrapping them in ArcjetHeaders
+        const cookies = cookiesToString(request.headers?.cookie);
+        // We construct an ArcjetHeaders to normalize over Headers
+        const headers = new ArcjetHeaders(request.headers);
+        let ip = findIP({
+            socket: request.socket,
+            headers,
+        }, { platform: platform(process.env), proxies: options.proxies });
+        if (ip === "") {
+            // If the `ip` is empty but we're in development mode, we default the IP
+            // so the request doesn't fail.
+            if (isDevelopment(process.env)) {
+                log.warn("Using 127.0.0.1 as IP address in development mode");
+                ip = "127.0.0.1";
+            }
+            else {
+                log.warn(`Client IP address is missing. If this is a dev environment set the ARCJET_ENV env var to "development"`);
+            }
+        }
+        const method = request.method ?? "";
+        const host = headers.get("host") ?? "";
+        let path = "";
+        let query = "";
+        let protocol = "";
+        if (typeof request.socket?.encrypted !== "undefined") {
+            protocol = request.socket.encrypted ? "https:" : "http:";
+        }
+        else {
+            protocol = "http:";
+        }
+        // Do some very simple validation, but also try/catch around URL parsing
+        if (typeof request.url !== "undefined" &&
+            request.url !== "" &&
+            host !== "") {
+            try {
+                const url = new URL(request.url, `${protocol}//${host}`);
+                path = url.pathname;
+                query = url.search;
+                protocol = url.protocol;
+            }
+            catch {
+                // If the parsing above fails, just set the path as whatever url we
+                // received.
+                path = request.url ?? "";
+                log.warn('Unable to parse URL. Using "%s" as `path`.', path);
+            }
+        }
+        else {
+            path = request.url ?? "";
+        }
+        return {
+            ...props,
+            ip,
+            method,
+            protocol,
+            host,
+            path,
+            headers,
+            cookies,
+            query,
+        };
+    }
+    function withClient(aj) {
+        return Object.freeze({
+            withRule(rule) {
+                const client = aj.withRule(rule);
+                return withClient(client);
+            },
+            async protect(request, ...[props]) {
+                // TODO(#220): The generic manipulations get really mad here, so we cast
+                // Further investigation makes it seem like it has something to do with
+                // the definition of `props` in the signature but it's hard to track down
+                const req = toArcjetRequest(request, props ?? {});
+                const getBody = async () => {
+                    try {
+                        // If request.body is present then the body was likely read by a package like express' `body-parser`.
+                        // If it's not present then we attempt to read the bytes from the IncomingMessage ourselves.
+                        if (typeof request.body === "string") {
+                            return request.body;
+                        }
+                        else if (typeof request.body !== "undefined" &&
+                            // BigInt cannot be serialized with JSON.stringify
+                            typeof request.body !== "bigint") {
+                            return JSON.stringify(request.body);
+                        }
+                        if (typeof request.on === "function" &&
+                            typeof request.removeListener === "function") {
+                            let expectedLength;
+                            // TODO: This shouldn't need to build headers again but the type
+                            // for `req` above is overly relaxed
+                            const headers = new ArcjetHeaders(request.headers);
+                            const expectedLengthStr = headers.get("content-length");
+                            if (typeof expectedLengthStr === "string") {
+                                try {
+                                    expectedLength = parseInt(expectedLengthStr, 10);
+                                }
+                                catch {
+                                    // If the expected length couldn't be parsed we'll just not set one.
+                                }
+                            }
+                            // Awaited to throw if it rejects and we'll just return undefined
+                            const body = await readBody(request, {
+                                // We will process 1mb bodies
+                                limit: 1048576,
+                                expectedLength,
+                            });
+                            return body;
+                        }
+                        log.warn("no body available");
+                        return;
+                    }
+                    catch (e) {
+                        log.error("failed to get request body: %s", errorMessage(e));
+                        return;
+                    }
+                };
+                return aj.protect({ getBody }, req);
+            },
+        });
+    }
+    const aj = core__default({ ...options, client, log });
     return withClient(aj);
 }
 
-export { createNodeRemoteClient, arcjet as default };
+export { createRemoteClient, arcjet as default };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@arcjet/node",
-  "version": "1.0.0-alpha.9",
+  "version": "1.0.0-beta.2",
   "description": "Arcjet SDK for Node.js",
   "license": "Apache-2.0",
   "homepage": "https://arcjet.com",
@@ -29,7 +29,6 @@
     "README.md",
     "*.js",
     "*.d.ts",
-    "*.ts",
     "!*.config.js"
   ],
   "scripts": {
@@ -37,22 +36,26 @@
     "build": "rollup --config rollup.config.js",
     "lint": "eslint .",
     "pretest": "npm run build",
-    "test": "NODE_OPTIONS=--experimental-vm-modules jest --passWithNoTests"
+    "test": "node --test --experimental-test-coverage"
   },
   "dependencies": {
-    "@arcjet/ip": "1.0.0-alpha.9",
-    "@connectrpc/connect-node": "1.4.0",
-    "arcjet": "1.0.0-alpha.9"
+    "@arcjet/env": "1.0.0-beta.2",
+    "@arcjet/headers": "1.0.0-beta.2",
+    "@arcjet/ip": "1.0.0-beta.2",
+    "@arcjet/logger": "1.0.0-beta.2",
+    "@arcjet/protocol": "1.0.0-beta.2",
+    "@arcjet/transport": "1.0.0-beta.2",
+    "@arcjet/body": "1.0.0-beta.2",
+    "arcjet": "1.0.0-beta.2"
   },
   "devDependencies": {
-    "@arcjet/eslint-config": "1.0.0-alpha.9",
-    "@arcjet/rollup-config": "1.0.0-alpha.9",
-    "@arcjet/tsconfig": "1.0.0-alpha.9",
-    "@jest/globals": "29.7.0",
+    "@arcjet/eslint-config": "1.0.0-beta.2",
+    "@arcjet/rollup-config": "1.0.0-beta.2",
+    "@arcjet/tsconfig": "1.0.0-beta.2",
     "@types/node": "18.18.0",
-    "@rollup/wasm-node": "4.12.0",
-    "jest": "29.7.0",
-    "typescript": "5.3.3"
+    "@rollup/wasm-node": "4.34.2",
+    "expect": "29.7.0",
+    "typescript": "5.7.3"
   },
   "publishConfig": {
     "access": "public",

package/index.ts

@@ -1,235 +0,0 @@
-import { createConnectTransport } from "@connectrpc/connect-node";
-import core, {
-  ArcjetDecision,
-  ArcjetOptions,
-  Primitive,
-  Product,
-  ArcjetHeaders,
-  Runtime,
-  ArcjetRequest,
-  ExtraProps,
-  RemoteClient,
-  RemoteClientOptions,
-  defaultBaseUrl,
-  createRemoteClient,
-  Arcjet,
-} from "arcjet";
-import findIP from "@arcjet/ip";
-
-// Re-export all named exports from the generic SDK
-export * from "arcjet";
-
-// Type helpers from https://github.com/sindresorhus/type-fest but adjusted for
-// our use.
-//
-// Simplify:
-// https://github.com/sindresorhus/type-fest/blob/964466c9d59c711da57a5297ad954c13132a0001/source/simplify.d.ts
-// EmptyObject:
-// https://github.com/sindresorhus/type-fest/blob/b9723d4785f01f8d2487c09ee5871a1f615781aa/source/empty-object.d.ts
-//
-// Licensed: MIT License Copyright (c) Sindre Sorhus <sindresorhus@gmail.com>
-// (https://sindresorhus.com)
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions: The above copyright
-// notice and this permission notice shall be included in all copies or
-// substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-// SOFTWARE.
-type Simplify<T> = { [KeyType in keyof T]: T[KeyType] } & {};
-declare const emptyObjectSymbol: unique symbol;
-type WithoutCustomProps = {
-  [emptyObjectSymbol]?: never;
-};
-
-type PlainObject = {
-  [key: string]: unknown;
-};
-
-export function createNodeRemoteClient(
-  options?: RemoteClientOptions,
-): RemoteClient {
-  // The base URL for the Arcjet API. Will default to the standard production
-  // API unless environment variable `ARCJET_BASE_URL` is set.
-  const baseUrl = options?.baseUrl ?? defaultBaseUrl();
-
-  // Transport is the HTTP client that the client uses to make requests.
-  const transport =
-    options?.transport ??
-    createConnectTransport({
-      baseUrl,
-      httpVersion: "2",
-    });
-
-  // TODO(#223): Do we want to allow overrides to either of these? If not, we should probably define a separate type for `options`
-  const sdkStack = "NODEJS";
-  const sdkVersion = "__ARCJET_SDK_VERSION__";
-
-  return createRemoteClient({ ...options, transport, sdkStack, sdkVersion });
-}
-
-// Interface of fields that the Arcjet Node.js SDK expects on `IncomingMessage`
-// objects.
-export interface ArcjetNodeRequest {
-  headers?: Record<string, string | string[] | undefined>;
-  socket?: Partial<{ remoteAddress: string; encrypted: boolean }>;
-  method?: string;
-  httpVersion?: string;
-  url?: string;
-}
-
-function cookiesToString(cookies: string | string[] | undefined): string {
-  if (typeof cookies === "undefined") {
-    return "";
-  }
-
-  // This should never be the case with a Node.js cookie header, but we are safe
-  if (Array.isArray(cookies)) {
-    return cookies.join("; ");
-  }
-
-  return cookies;
-}
-
-/**
- * The ArcjetNode client provides a public `protect()` method to
- * make a decision about how a Node.js request should be handled.
- */
-export interface ArcjetNode<Props extends PlainObject> {
-  get runtime(): Runtime;
-  /**
-   * Runs a request through the configured protections. The request is
-   * analyzed and then a decision made on whether to allow, deny, or challenge
-   * the request.
-   *
-   * @param req - An `IncomingMessage` provided to the request handler.
-   * @param props - Additonal properties required for running rules against a request.
-   * @returns An {@link ArcjetDecision} indicating Arcjet's decision about the request.
-   */
-  protect(
-    request: ArcjetNodeRequest,
-    // We use this neat trick from https://stackoverflow.com/a/52318137 to make a single spread parameter
-    // that is required if the ExtraProps aren't strictly an empty object
-    ...props: Props extends WithoutCustomProps ? [] : [Props]
-  ): Promise<ArcjetDecision>;
-
-  /**
-   * Augments the client with another rule. Useful for varying rules based on
-   * criteria in your handler—e.g. different rate limit for logged in users.
-   *
-   * @param rule The rule to add to this execution.
-   * @returns An augmented {@link ArcjetNode} client.
-   */
-  withRule<Rule extends Primitive | Product>(
-    rule: Rule,
-  ): ArcjetNode<Simplify<Props & ExtraProps<Rule>>>;
-}
-
-function toArcjetRequest<Props extends PlainObject>(
-  request: ArcjetNodeRequest,
-  props: Props,
-): ArcjetRequest<Props> {
-  // We construct an ArcjetHeaders to normalize over Headers
-  const headers = new ArcjetHeaders(request.headers);
-
-  const ip = findIP(request, headers);
-  const method = request.method ?? "";
-  const host = headers.get("host") ?? "";
-  let path = "";
-  let query = "";
-  let protocol = "";
-
-  if (typeof request.socket?.encrypted !== "undefined") {
-    protocol = request.socket.encrypted ? "https:" : "http:";
-  } else {
-    protocol = "http:";
-  }
-
-  // Do some very simple validation, but also try/catch around URL parsing
-  if (typeof request.url !== "undefined" && request.url !== "" && host !== "") {
-    try {
-      const url = new URL(request.url, `${protocol}//${host}`);
-      path = url.pathname;
-      query = url.search;
-      protocol = url.protocol;
-    } catch {
-      // If the parsing above fails, just set the path as whatever url we
-      // received.
-      // TODO(#216): Add logging to arcjet-node
-      path = request.url ?? "";
-    }
-  } else {
-    path = request.url ?? "";
-  }
-
-  const cookies = cookiesToString(request.headers?.cookie);
-
-  return {
-    ...props,
-    ip,
-    method,
-    protocol,
-    host,
-    path,
-    headers,
-    cookies,
-    query,
-  };
-}
-
-function withClient<const Rules extends (Primitive | Product)[]>(
-  aj: Arcjet<ExtraProps<Rules>>,
-): ArcjetNode<ExtraProps<Rules>> {
-  return Object.freeze({
-    get runtime() {
-      return aj.runtime;
-    },
-    withRule(rule: Primitive | Product) {
-      const client = aj.withRule(rule);
-      return withClient(client);
-    },
-    async protect(
-      request: ArcjetNodeRequest,
-      ...[props]: ExtraProps<Rules> extends WithoutCustomProps
-        ? []
-        : [ExtraProps<Rules>]
-    ): Promise<ArcjetDecision> {
-      // TODO(#220): The generic manipulations get really mad here, so we cast
-      // Further investigation makes it seem like it has something to do with
-      // the definition of `props` in the signature but it's hard to track down
-      const req = toArcjetRequest(request, props ?? {}) as ArcjetRequest<
-        ExtraProps<Rules>
-      >;
-
-      return aj.protect(req);
-    },
-  });
-}
-
-/**
- * Create a new {@link ArcjetNode} client. Always build your initial client
- * outside of a request handler so it persists across requests. If you need to
- * augment a client inside a handler, call the `withRule()` function on the base
- * client.
- *
- * @param options - Arcjet configuration options to apply to all requests.
- */
-export default function arcjet<const Rules extends (Primitive | Product)[]>(
-  options: ArcjetOptions<Rules>,
-): ArcjetNode<Simplify<ExtraProps<Rules>>> {
-  const client = options.client ?? createNodeRemoteClient();
-
-  const aj = core({ ...options, client });
-
-  return withClient(aj);
-}