@rayselfs/cf-rule-engine 1.5.0

package/dist/behaviors/image-optimize.d.cts

@@ -0,0 +1,103 @@
+import { BehaviorFn, HttpRequest } from '../core/types.cjs';
+
+/**
+ * Origin configuration for image-optimize-proxy.
+ *
+ * Determines which request headers are injected so the proxy knows where to
+ * fetch the source image:
+ *   - gateway: injects X-Img-Source-Type=gateway and X-Img-Upstream-Gateway
+ *   - s3:      injects X-Img-Source-Type=s3 and X-Img-Source-Bucket
+ */
+type ImageOriginConfig = {
+    type: 'gateway';
+    upstreamGateway: string;
+} | {
+    type: 's3';
+    sourceBucket: string;
+};
+/**
+ * Options for imageOptimize querystring normalization behavior.
+ *
+ * This behavior normalizes Akamai Image Manager-compatible query parameters
+ * for use with the `image-optimize-proxy` K8s proxy at origin, which reads
+ * the normalized `imwidth`, `f`, and `q` params to drive imgproxy transformation
+ * and S3 caching.
+ */
+interface ImageOptimizeOptions {
+    /** Ordered list of breakpoint widths (px). Request widths snap to the nearest ceiling breakpoint. */
+    breakpoints: number[];
+    /** Preferred format priority. Defaults to ['avif', 'webp', 'jpeg']. */
+    formats?: ('avif' | 'webp' | 'jpeg')[];
+    /** Default image quality (1-100). Defaults to 75. */
+    quality?: number;
+    /** Query string param name for width override (Akamai IM compatible). Default: 'imwidth' */
+    imwidthParam?: string;
+    /** Query string param name for format override (Akamai IM compatible). Default: 'imformat' */
+    imformatParam?: string;
+    /**
+     * Origin configuration for image-optimize-proxy.
+     * When provided, injects the corresponding X-Img-* request headers so the
+     * proxy knows how to resolve the source image. This removes the need to
+     * configure CloudFront origin custom headers separately in Terraform.
+     */
+    origin?: ImageOriginConfig;
+    /**
+     * CloudFront origin verification secret.
+     * When provided, injects the value as the X-Origin-Verify request header.
+     * The proxy validates this header to ensure requests originate from CloudFront.
+     */
+    originSecret?: string;
+}
+/** Resolved normalized image parameters. */
+interface ResolvedImageParams {
+    /** Width snapped to nearest ceiling breakpoint. */
+    breakpoint: number;
+    /** Resolved output format. */
+    format: 'avif' | 'webp' | 'jpeg';
+    /** Quality value (1-100). */
+    quality: number;
+}
+/**
+ * Resolves normalized image parameters (breakpoint, format, quality) from a request.
+ *
+ * Shared logic consumed by both the `imageOptimize` CF Function behavior and the
+ * `imageOptimizeJS` Lambda handler — keeps param resolution consistent across paths.
+ *
+ * Width resolution order: `imwidth` query param → `CloudFront-Viewer-Width` header → largest breakpoint.
+ * Format resolution order: `imformat` query param (Akamai IM) → `Accept` header → last format in list.
+ */
+declare function resolveImageParams(request: Pick<HttpRequest, 'querystring' | 'headers'>, options: {
+    breakpoints: number[];
+    formats?: ('avif' | 'webp' | 'jpeg')[];
+    quality?: number;
+    imwidthParam?: string;
+    imformatParam?: string;
+}): ResolvedImageParams;
+/**
+ * Normalizes image-related query string parameters for use with the
+ * `image-optimize-proxy` K8s origin proxy, and optionally injects the
+ * origin routing headers so the proxy knows where to fetch source images.
+ *
+ * What this CF Function behavior does:
+ *   - Snaps `imwidth` (or `CloudFront-Viewer-Width`) to the nearest ceiling breakpoint
+ *   - Translates `imformat` (Akamai IM) to `f` param that `image-optimize-proxy` reads
+ *   - Converts legacy `quality` param to `q` and removes `quality` from querystring
+ *   - Adds default `q` (quality) param if not already set
+ *   - Removes the `imformat` param after translation
+ *   - Leaves `uri` unchanged — imgproxy URL construction is the proxy's responsibility
+ *   - When `origin` is set, injects X-Img-Source-Type and X-Img-Upstream-Gateway
+ *     or X-Img-Source-Bucket headers (eliminates need for Terraform origin custom headers)
+ *   - When `originSecret` is set, injects X-Origin-Verify header
+ *
+ * Architecture:
+ *   CF Function (viewer-request): imageOptimize — normalize querystring + inject origin headers
+ *   image-optimize-proxy (origin): reads imwidth/f/q + X-Img-* headers, calls imgproxy sidecar, caches to S3
+ *
+ * Akamai `imformat` mapping:
+ *   chrome / webp → webp
+ *   avif          → avif
+ *   ie / safari / generic / (other) → jpeg
+ */
+declare function imageOptimize(options: ImageOptimizeOptions): BehaviorFn;
+
+export { type ImageOptimizeOptions, type ImageOriginConfig, type ResolvedImageParams, imageOptimize, resolveImageParams };

package/dist/behaviors/image-optimize.d.ts

@@ -0,0 +1,103 @@
+import { BehaviorFn, HttpRequest } from '../core/types.js';
+
+/**
+ * Origin configuration for image-optimize-proxy.
+ *
+ * Determines which request headers are injected so the proxy knows where to
+ * fetch the source image:
+ *   - gateway: injects X-Img-Source-Type=gateway and X-Img-Upstream-Gateway
+ *   - s3:      injects X-Img-Source-Type=s3 and X-Img-Source-Bucket
+ */
+type ImageOriginConfig = {
+    type: 'gateway';
+    upstreamGateway: string;
+} | {
+    type: 's3';
+    sourceBucket: string;
+};
+/**
+ * Options for imageOptimize querystring normalization behavior.
+ *
+ * This behavior normalizes Akamai Image Manager-compatible query parameters
+ * for use with the `image-optimize-proxy` K8s proxy at origin, which reads
+ * the normalized `imwidth`, `f`, and `q` params to drive imgproxy transformation
+ * and S3 caching.
+ */
+interface ImageOptimizeOptions {
+    /** Ordered list of breakpoint widths (px). Request widths snap to the nearest ceiling breakpoint. */
+    breakpoints: number[];
+    /** Preferred format priority. Defaults to ['avif', 'webp', 'jpeg']. */
+    formats?: ('avif' | 'webp' | 'jpeg')[];
+    /** Default image quality (1-100). Defaults to 75. */
+    quality?: number;
+    /** Query string param name for width override (Akamai IM compatible). Default: 'imwidth' */
+    imwidthParam?: string;
+    /** Query string param name for format override (Akamai IM compatible). Default: 'imformat' */
+    imformatParam?: string;
+    /**
+     * Origin configuration for image-optimize-proxy.
+     * When provided, injects the corresponding X-Img-* request headers so the
+     * proxy knows how to resolve the source image. This removes the need to
+     * configure CloudFront origin custom headers separately in Terraform.
+     */
+    origin?: ImageOriginConfig;
+    /**
+     * CloudFront origin verification secret.
+     * When provided, injects the value as the X-Origin-Verify request header.
+     * The proxy validates this header to ensure requests originate from CloudFront.
+     */
+    originSecret?: string;
+}
+/** Resolved normalized image parameters. */
+interface ResolvedImageParams {
+    /** Width snapped to nearest ceiling breakpoint. */
+    breakpoint: number;
+    /** Resolved output format. */
+    format: 'avif' | 'webp' | 'jpeg';
+    /** Quality value (1-100). */
+    quality: number;
+}
+/**
+ * Resolves normalized image parameters (breakpoint, format, quality) from a request.
+ *
+ * Shared logic consumed by both the `imageOptimize` CF Function behavior and the
+ * `imageOptimizeJS` Lambda handler — keeps param resolution consistent across paths.
+ *
+ * Width resolution order: `imwidth` query param → `CloudFront-Viewer-Width` header → largest breakpoint.
+ * Format resolution order: `imformat` query param (Akamai IM) → `Accept` header → last format in list.
+ */
+declare function resolveImageParams(request: Pick<HttpRequest, 'querystring' | 'headers'>, options: {
+    breakpoints: number[];
+    formats?: ('avif' | 'webp' | 'jpeg')[];
+    quality?: number;
+    imwidthParam?: string;
+    imformatParam?: string;
+}): ResolvedImageParams;
+/**
+ * Normalizes image-related query string parameters for use with the
+ * `image-optimize-proxy` K8s origin proxy, and optionally injects the
+ * origin routing headers so the proxy knows where to fetch source images.
+ *
+ * What this CF Function behavior does:
+ *   - Snaps `imwidth` (or `CloudFront-Viewer-Width`) to the nearest ceiling breakpoint
+ *   - Translates `imformat` (Akamai IM) to `f` param that `image-optimize-proxy` reads
+ *   - Converts legacy `quality` param to `q` and removes `quality` from querystring
+ *   - Adds default `q` (quality) param if not already set
+ *   - Removes the `imformat` param after translation
+ *   - Leaves `uri` unchanged — imgproxy URL construction is the proxy's responsibility
+ *   - When `origin` is set, injects X-Img-Source-Type and X-Img-Upstream-Gateway
+ *     or X-Img-Source-Bucket headers (eliminates need for Terraform origin custom headers)
+ *   - When `originSecret` is set, injects X-Origin-Verify header
+ *
+ * Architecture:
+ *   CF Function (viewer-request): imageOptimize — normalize querystring + inject origin headers
+ *   image-optimize-proxy (origin): reads imwidth/f/q + X-Img-* headers, calls imgproxy sidecar, caches to S3
+ *
+ * Akamai `imformat` mapping:
+ *   chrome / webp → webp
+ *   avif          → avif
+ *   ie / safari / generic / (other) → jpeg
+ */
+declare function imageOptimize(options: ImageOptimizeOptions): BehaviorFn;
+
+export { type ImageOptimizeOptions, type ImageOriginConfig, type ResolvedImageParams, imageOptimize, resolveImageParams };

package/dist/behaviors/image-optimize.js

@@ -0,0 +1,9 @@
+import {
+  imageOptimize,
+  resolveImageParams
+} from "../chunk-5PT5X62W.js";
+import "../chunk-MLKGABMK.js";
+export {
+  imageOptimize,
+  resolveImageParams
+};

package/dist/behaviors/index.cjs

@@ -0,0 +1,126 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }
+
+var _chunkUI6LKDJIcjs = require('../chunk-UI6LKDJI.cjs');
+
+
+var _chunkMSES76XKcjs = require('../chunk-MSES76XK.cjs');
+
+
+var _chunkWWSRNCUPcjs = require('../chunk-WWSRNCUP.cjs');
+
+
+var _chunkSGEBNQR2cjs = require('../chunk-SGEBNQR2.cjs');
+
+
+var _chunkMRPTC74Icjs = require('../chunk-MRPTC74I.cjs');
+
+
+var _chunkCV234DQTcjs = require('../chunk-CV234DQT.cjs');
+
+
+var _chunkGK5JX7OMcjs = require('../chunk-GK5JX7OM.cjs');
+
+
+var _chunkZXS23HXAcjs = require('../chunk-ZXS23HXA.cjs');
+
+
+var _chunkPPUHEL4Hcjs = require('../chunk-PPUHEL4H.cjs');
+
+
+var _chunkB4WEJSEZcjs = require('../chunk-B4WEJSEZ.cjs');
+
+
+var _chunkOSGZTNTScjs = require('../chunk-OSGZTNTS.cjs');
+
+
+var _chunkJU5WX5RUcjs = require('../chunk-JU5WX5RU.cjs');
+
+
+var _chunkLTLBEBKLcjs = require('../chunk-LTLBEBKL.cjs');
+
+
+var _chunkTQLJIT4Hcjs = require('../chunk-TQLJIT4H.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+// src/behaviors/verify-token.ts
+var _crypto = require('crypto');
+function parseToken(raw) {
+  const fields = {};
+  const parts = raw.split("~");
+  for (let i = 0; i < parts.length; i++) {
+    const eq = parts[i].indexOf("=");
+    if (eq === -1) return null;
+    const k = parts[i].slice(0, eq);
+    if (!k) return null;
+    fields[k] = parts[i].slice(eq + 1);
+  }
+  return fields;
+}
+function verifyHmac(fields, keyHex) {
+  var hmacVal = fields["hmac"];
+  if (!hmacVal) return false;
+  var restKeys = Object.keys(fields).filter(function(k) {
+    return k !== "hmac";
+  });
+  var message = restKeys.map(function(k) {
+    return k + "=" + fields[k];
+  }).join("~");
+  let keyBytes;
+  try {
+    keyBytes = Buffer.from(keyHex, "hex");
+  } catch (e) {
+    return false;
+  }
+  const expected = _crypto.createHmac.call(void 0, "sha256", keyBytes).update(message).digest();
+  let actual;
+  try {
+    actual = Buffer.from(hmacVal, "hex");
+  } catch (e2) {
+    return false;
+  }
+  if (expected.length !== actual.length) return false;
+  return _crypto.timingSafeEqual.call(void 0, expected, actual);
+}
+function verifyToken(options) {
+  const param = _nullishCoalesce(options.param, () => ( "hdnts"));
+  const failureStatus = _nullishCoalesce(options.failureStatus, () => ( 403));
+  const statusDescription = failureStatus === 401 ? "Unauthorized" : "Forbidden";
+  const deny = () => ({
+    action: "respond",
+    response: {
+      statusCode: failureStatus,
+      statusDescription,
+      headers: { "cache-control": { value: "no-store" } }
+    }
+  });
+  return (request) => {
+    const tokenEntry = request.querystring[param];
+    if (!_optionalChain([tokenEntry, 'optionalAccess', _ => _.value])) return deny();
+    const fields = parseToken(tokenEntry.value);
+    if (!fields) return deny();
+    const expStr = fields["exp"];
+    if (expStr) {
+      const exp = parseInt(expStr, 10);
+      if (isNaN(exp) || Math.floor(Date.now() / 1e3) > exp) return deny();
+    }
+    if (!verifyHmac(fields, options.key)) return deny();
+    return { action: "continue", request };
+  };
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+exports.constructResponse = _chunkOSGZTNTScjs.constructResponse; exports.copyHeader = _chunkJU5WX5RUcjs.copyHeader; exports.directoryIndex = _chunkLTLBEBKLcjs.directoryIndex; exports.imageOptimize = _chunkTQLJIT4Hcjs.imageOptimize; exports.redirect = _chunkWWSRNCUPcjs.redirect; exports.removeResponseHeaders = _chunkSGEBNQR2cjs.removeResponseHeaders; exports.rewriteUri = _chunkMRPTC74Icjs.rewriteUri; exports.setCacheControl = _chunkCV234DQTcjs.setCacheControl; exports.setCorsHeaders = _chunkGK5JX7OMcjs.setCorsHeaders; exports.setCsp = _chunkZXS23HXAcjs.setCsp; exports.setRequestHeader = _chunkPPUHEL4Hcjs.setRequestHeader; exports.setResponseHeader = _chunkB4WEJSEZcjs.setResponseHeader; exports.setSecurityHeaders = _chunkUI6LKDJIcjs.setSecurityHeaders; exports.stripQueryParams = _chunkMSES76XKcjs.stripQueryParams; exports.verifyToken = verifyToken;

package/dist/behaviors/index.d.cts

@@ -0,0 +1,46 @@
+export { RedirectOptions, redirect } from './redirect.cjs';
+export { RewriteMode, rewriteUri } from './rewrite-uri.cjs';
+export { ConstructResponseOptions, constructResponse } from './construct-response.cjs';
+export { directoryIndex } from './directory-index.cjs';
+export { setRequestHeader } from './set-request-header.cjs';
+export { copyHeader } from './copy-header.cjs';
+export { setResponseHeader } from './set-response-header.cjs';
+export { removeResponseHeaders } from './remove-response-headers.cjs';
+export { CorsOptions, setCorsHeaders } from './set-cors-headers.cjs';
+export { stripQueryParams } from './strip-query-params.cjs';
+export { CspOptions, setCsp } from './set-csp.cjs';
+export { setCacheControl } from './set-cache-control.cjs';
+export { SecurityHeadersOptions, setSecurityHeaders } from './set-security-headers.cjs';
+export { ImageOptimizeOptions, imageOptimize } from './image-optimize.cjs';
+import { BehaviorFn } from '../core/types.cjs';
+export { ResponseBehaviorFn, ResponseRule } from '../core/types.cjs';
+
+/**
+ * ⚠️  Lambda@Edge only — CF Functions do not have the Node.js `crypto` module.
+ *
+ * Token format: `exp=<unix>~acl=<path>~hmac=<hex>`
+ * The `key` is the hex-encoded HMAC-SHA256 secret (Akamai `verifyTokenAuthorization.key`).
+ */
+interface VerifyTokenOptions {
+    key: string;
+    param?: string;
+    failureStatus?: 401 | 403;
+}
+/**
+ * Validates an Akamai Edge Auth Token 2.0 (HMAC-SHA256) from the request querystring.
+ * Returns 403 on missing / expired / invalid token; continues on success.
+ * Chain with `stripQueryParams([param])` to strip the token before forwarding to origin.
+ *
+ * ⚠️  Lambda@Edge only.
+ *
+ * @example
+ * ```ts
+ * export const handler = defineViewerRequest([
+ *   rule(verifyToken({ key: process.env.EDGE_AUTH_KEY! })),
+ *   rule(stripQueryParams(['hdnts'])),
+ * ])
+ * ```
+ */
+declare function verifyToken(options: VerifyTokenOptions): BehaviorFn;
+
+export { type VerifyTokenOptions, verifyToken };

package/dist/behaviors/index.d.ts

@@ -0,0 +1,46 @@
+export { RedirectOptions, redirect } from './redirect.js';
+export { RewriteMode, rewriteUri } from './rewrite-uri.js';
+export { ConstructResponseOptions, constructResponse } from './construct-response.js';
+export { directoryIndex } from './directory-index.js';
+export { setRequestHeader } from './set-request-header.js';
+export { copyHeader } from './copy-header.js';
+export { setResponseHeader } from './set-response-header.js';
+export { removeResponseHeaders } from './remove-response-headers.js';
+export { CorsOptions, setCorsHeaders } from './set-cors-headers.js';
+export { stripQueryParams } from './strip-query-params.js';
+export { CspOptions, setCsp } from './set-csp.js';
+export { setCacheControl } from './set-cache-control.js';
+export { SecurityHeadersOptions, setSecurityHeaders } from './set-security-headers.js';
+export { ImageOptimizeOptions, imageOptimize } from './image-optimize.js';
+import { BehaviorFn } from '../core/types.js';
+export { ResponseBehaviorFn, ResponseRule } from '../core/types.js';
+
+/**
+ * ⚠️  Lambda@Edge only — CF Functions do not have the Node.js `crypto` module.
+ *
+ * Token format: `exp=<unix>~acl=<path>~hmac=<hex>`
+ * The `key` is the hex-encoded HMAC-SHA256 secret (Akamai `verifyTokenAuthorization.key`).
+ */
+interface VerifyTokenOptions {
+    key: string;
+    param?: string;
+    failureStatus?: 401 | 403;
+}
+/**
+ * Validates an Akamai Edge Auth Token 2.0 (HMAC-SHA256) from the request querystring.
+ * Returns 403 on missing / expired / invalid token; continues on success.
+ * Chain with `stripQueryParams([param])` to strip the token before forwarding to origin.
+ *
+ * ⚠️  Lambda@Edge only.
+ *
+ * @example
+ * ```ts
+ * export const handler = defineViewerRequest([
+ *   rule(verifyToken({ key: process.env.EDGE_AUTH_KEY! })),
+ *   rule(stripQueryParams(['hdnts'])),
+ * ])
+ * ```
+ */
+declare function verifyToken(options: VerifyTokenOptions): BehaviorFn;
+
+export { type VerifyTokenOptions, verifyToken };

package/dist/behaviors/index.js

@@ -0,0 +1,126 @@
+import {
+  setSecurityHeaders
+} from "../chunk-VQCRSBWL.js";
+import {
+  stripQueryParams
+} from "../chunk-XPQG5IML.js";
+import {
+  redirect
+} from "../chunk-DSSFFJWL.js";
+import {
+  removeResponseHeaders
+} from "../chunk-BUAIBB3N.js";
+import {
+  rewriteUri
+} from "../chunk-FTP7NLKX.js";
+import {
+  setCacheControl
+} from "../chunk-ZTMSH34E.js";
+import {
+  setCorsHeaders
+} from "../chunk-SOBTD7AD.js";
+import {
+  setCsp
+} from "../chunk-XUI4Y22M.js";
+import {
+  setRequestHeader
+} from "../chunk-M5KUQBDW.js";
+import {
+  setResponseHeader
+} from "../chunk-RBBKFG5J.js";
+import {
+  constructResponse
+} from "../chunk-6DBZBV2M.js";
+import {
+  copyHeader
+} from "../chunk-BDNPQ7AU.js";
+import {
+  directoryIndex
+} from "../chunk-R7WXS7BI.js";
+import {
+  imageOptimize
+} from "../chunk-5PT5X62W.js";
+import "../chunk-MLKGABMK.js";
+
+// src/behaviors/verify-token.ts
+import { createHmac, timingSafeEqual } from "crypto";
+function parseToken(raw) {
+  const fields = {};
+  const parts = raw.split("~");
+  for (let i = 0; i < parts.length; i++) {
+    const eq = parts[i].indexOf("=");
+    if (eq === -1) return null;
+    const k = parts[i].slice(0, eq);
+    if (!k) return null;
+    fields[k] = parts[i].slice(eq + 1);
+  }
+  return fields;
+}
+function verifyHmac(fields, keyHex) {
+  var hmacVal = fields["hmac"];
+  if (!hmacVal) return false;
+  var restKeys = Object.keys(fields).filter(function(k) {
+    return k !== "hmac";
+  });
+  var message = restKeys.map(function(k) {
+    return k + "=" + fields[k];
+  }).join("~");
+  let keyBytes;
+  try {
+    keyBytes = Buffer.from(keyHex, "hex");
+  } catch {
+    return false;
+  }
+  const expected = createHmac("sha256", keyBytes).update(message).digest();
+  let actual;
+  try {
+    actual = Buffer.from(hmacVal, "hex");
+  } catch {
+    return false;
+  }
+  if (expected.length !== actual.length) return false;
+  return timingSafeEqual(expected, actual);
+}
+function verifyToken(options) {
+  const param = options.param ?? "hdnts";
+  const failureStatus = options.failureStatus ?? 403;
+  const statusDescription = failureStatus === 401 ? "Unauthorized" : "Forbidden";
+  const deny = () => ({
+    action: "respond",
+    response: {
+      statusCode: failureStatus,
+      statusDescription,
+      headers: { "cache-control": { value: "no-store" } }
+    }
+  });
+  return (request) => {
+    const tokenEntry = request.querystring[param];
+    if (!tokenEntry?.value) return deny();
+    const fields = parseToken(tokenEntry.value);
+    if (!fields) return deny();
+    const expStr = fields["exp"];
+    if (expStr) {
+      const exp = parseInt(expStr, 10);
+      if (isNaN(exp) || Math.floor(Date.now() / 1e3) > exp) return deny();
+    }
+    if (!verifyHmac(fields, options.key)) return deny();
+    return { action: "continue", request };
+  };
+}
+export {
+  constructResponse,
+  copyHeader,
+  directoryIndex,
+  imageOptimize,
+  redirect,
+  removeResponseHeaders,
+  rewriteUri,
+  setCacheControl,
+  setCorsHeaders,
+  setCsp,
+  setRequestHeader,
+  setResponseHeader,
+  setSecurityHeaders,
+  stripQueryParams,
+  verifyToken
+};

package/dist/behaviors/redirect.cjs

@@ -0,0 +1,7 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+var _chunkWWSRNCUPcjs = require('../chunk-WWSRNCUP.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+
+exports.redirect = _chunkWWSRNCUPcjs.redirect;

package/dist/behaviors/redirect.d.cts

@@ -0,0 +1,44 @@
+import { BehaviorFn } from '../core/types.cjs';
+
+/**
+ * Options for configuring redirect behavior.
+ */
+interface RedirectOptions {
+    /**
+     * When `true`, the original request's query string is appended to the redirect
+     * `location` URL. Useful for preserving search params during path migrations.
+     * Default: `false`.
+     */
+    preserveQuerystring?: boolean;
+}
+/**
+ * Redirects the request to the specified URL with the given HTTP status code.
+ *
+ * The response always includes `Cache-Control: no-store` to prevent clients
+ * from caching the redirect.
+ *
+ * Akamai equivalent: `redirect` / `redirectplus` behaviors.
+ *
+ * @param statusCode - The HTTP redirect status code: `301` (permanent), `302` (temporary),
+ *   or `307` (temporary, preserves method).
+ * @param location - The target URL to redirect to. Can be an absolute URL
+ *   (e.g. `'https://www.example.com/new-path'`) or an absolute path (e.g. `'/new-path'`).
+ * @param options - Optional settings, e.g. to preserve the original query string.
+ * @returns A `BehaviorFn` to use as the second argument to `rule()`.
+ *
+ * @example
+ * ```ts
+ * import { redirect } from '@viverse/cf-engine/behaviors'
+ * import { pathPrefix, pathEquals } from '@viverse/cf-engine/criteria'
+ * import { rule } from '@viverse/cf-engine'
+ *
+ * // Permanent redirect for a renamed section
+ * rule(pathPrefix(['/old-blog/']), redirect(301, '/blog/'))
+ *
+ * // Temporary redirect preserving query string
+ * rule(pathEquals(['/search']), redirect(302, '/new-search', { preserveQuerystring: true }))
+ * ```
+ */
+declare function redirect(statusCode: 301 | 302 | 307, location: string, options?: RedirectOptions): BehaviorFn;
+
+export { type RedirectOptions, redirect };

package/dist/behaviors/redirect.d.ts

@@ -0,0 +1,44 @@
+import { BehaviorFn } from '../core/types.js';
+
+/**
+ * Options for configuring redirect behavior.
+ */
+interface RedirectOptions {
+    /**
+     * When `true`, the original request's query string is appended to the redirect
+     * `location` URL. Useful for preserving search params during path migrations.
+     * Default: `false`.
+     */
+    preserveQuerystring?: boolean;
+}
+/**
+ * Redirects the request to the specified URL with the given HTTP status code.
+ *
+ * The response always includes `Cache-Control: no-store` to prevent clients
+ * from caching the redirect.
+ *
+ * Akamai equivalent: `redirect` / `redirectplus` behaviors.
+ *
+ * @param statusCode - The HTTP redirect status code: `301` (permanent), `302` (temporary),
+ *   or `307` (temporary, preserves method).
+ * @param location - The target URL to redirect to. Can be an absolute URL
+ *   (e.g. `'https://www.example.com/new-path'`) or an absolute path (e.g. `'/new-path'`).
+ * @param options - Optional settings, e.g. to preserve the original query string.
+ * @returns A `BehaviorFn` to use as the second argument to `rule()`.
+ *
+ * @example
+ * ```ts
+ * import { redirect } from '@viverse/cf-engine/behaviors'
+ * import { pathPrefix, pathEquals } from '@viverse/cf-engine/criteria'
+ * import { rule } from '@viverse/cf-engine'
+ *
+ * // Permanent redirect for a renamed section
+ * rule(pathPrefix(['/old-blog/']), redirect(301, '/blog/'))
+ *
+ * // Temporary redirect preserving query string
+ * rule(pathEquals(['/search']), redirect(302, '/new-search', { preserveQuerystring: true }))
+ * ```
+ */
+declare function redirect(statusCode: 301 | 302 | 307, location: string, options?: RedirectOptions): BehaviorFn;
+
+export { type RedirectOptions, redirect };

package/dist/behaviors/redirect.js

@@ -0,0 +1,7 @@
+import {
+  redirect
+} from "../chunk-DSSFFJWL.js";
+import "../chunk-MLKGABMK.js";
+export {
+  redirect
+};

package/dist/behaviors/remove-response-headers.cjs

@@ -0,0 +1,7 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+var _chunkSGEBNQR2cjs = require('../chunk-SGEBNQR2.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+
+exports.removeResponseHeaders = _chunkSGEBNQR2cjs.removeResponseHeaders;