@rayselfs/cf-rule-engine 1.5.0

package/dist/behaviors/remove-response-headers.d.cts

@@ -0,0 +1,27 @@
+import { ResponseBehaviorFn } from '../core/types.cjs';
+
+/**
+ * Removes one or more headers from the outgoing response.
+ *
+ * Useful for stripping headers that reveal implementation details
+ * (e.g. `server`, `x-powered-by`) or headers added by the origin that
+ * should not be forwarded to the client.
+ *
+ * Header names are matched case-insensitively.
+ *
+ * @param headerNames - Array of response header names to remove.
+ * @returns A `ResponseBehaviorFn` to use directly in `defineViewerResponse` or wrapped in a `ResponseRule`.
+ *
+ * @example
+ * ```ts
+ * import { removeResponseHeaders } from '@viverse/cf-engine/behaviors'
+ * import { defineViewerResponse } from '@viverse/cf-engine/adapters/cf-function'
+ *
+ * export default defineViewerResponse([
+ *   removeResponseHeaders(['server', 'x-powered-by', 'x-amzn-requestid']),
+ * ])
+ * ```
+ */
+declare function removeResponseHeaders(headerNames: string[]): ResponseBehaviorFn;
+
+export { removeResponseHeaders };

package/dist/behaviors/remove-response-headers.d.ts

@@ -0,0 +1,27 @@
+import { ResponseBehaviorFn } from '../core/types.js';
+
+/**
+ * Removes one or more headers from the outgoing response.
+ *
+ * Useful for stripping headers that reveal implementation details
+ * (e.g. `server`, `x-powered-by`) or headers added by the origin that
+ * should not be forwarded to the client.
+ *
+ * Header names are matched case-insensitively.
+ *
+ * @param headerNames - Array of response header names to remove.
+ * @returns A `ResponseBehaviorFn` to use directly in `defineViewerResponse` or wrapped in a `ResponseRule`.
+ *
+ * @example
+ * ```ts
+ * import { removeResponseHeaders } from '@viverse/cf-engine/behaviors'
+ * import { defineViewerResponse } from '@viverse/cf-engine/adapters/cf-function'
+ *
+ * export default defineViewerResponse([
+ *   removeResponseHeaders(['server', 'x-powered-by', 'x-amzn-requestid']),
+ * ])
+ * ```
+ */
+declare function removeResponseHeaders(headerNames: string[]): ResponseBehaviorFn;
+
+export { removeResponseHeaders };

package/dist/behaviors/remove-response-headers.js

@@ -0,0 +1,7 @@
+import {
+  removeResponseHeaders
+} from "../chunk-BUAIBB3N.js";
+import "../chunk-MLKGABMK.js";
+export {
+  removeResponseHeaders
+};

package/dist/behaviors/rewrite-uri.cjs

@@ -0,0 +1,7 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+var _chunkMRPTC74Icjs = require('../chunk-MRPTC74I.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+
+exports.rewriteUri = _chunkMRPTC74Icjs.rewriteUri;

package/dist/behaviors/rewrite-uri.d.cts

@@ -0,0 +1,43 @@
+import { BehaviorFn } from '../core/types.cjs';
+
+/**
+ * Rewrite mode that controls how the URI is transformed:
+ * - `'set'` — Replace the entire URI with the target value.
+ * - `'replace'` — Replace all occurrences of `match` in the URI with `target`.
+ * - `'prepend'` — Prepend `target` to the beginning of the URI.
+ * - `'regex-replace'` — Replace all matches of the `match` regex pattern with `target`.
+ */
+type RewriteMode = 'set' | 'replace' | 'prepend' | 'regex-replace';
+/**
+ * Rewrites the request URI before it is forwarded to the origin.
+ *
+ * Akamai equivalent: `rewriteUrl` behavior.
+ *
+ * @param mode - The rewrite strategy to apply (see `RewriteMode`).
+ * @param target - The target value for the rewrite (new URI, replacement string, or prefix).
+ * @param match - The substring or regex pattern to match against (required for `'replace'`
+ *   and `'regex-replace'` modes; ignored for `'set'` and `'prepend'`).
+ * @returns A `BehaviorFn` to use as the second argument to `rule()`.
+ *
+ * @example
+ * ```ts
+ * import { rewriteUri } from '@viverse/cf-engine/behaviors'
+ * import { pathPrefix } from '@viverse/cf-engine/criteria'
+ * import { rule } from '@viverse/cf-engine'
+ *
+ * // Set: replace entire URI
+ * rule(pathEquals(['/index.php']), rewriteUri('set', '/index.html'))
+ *
+ * // Prepend: add a path prefix
+ * rule(pathPrefix(['/images/']), rewriteUri('prepend', '/v2'))
+ *
+ * // Replace: substitute a path segment
+ * rule(pathPrefix(['/legacy/']), rewriteUri('replace', '/current/', '/legacy/'))
+ *
+ * // Regex-replace: pattern-based substitution
+ * rule(pathMatches(['/posts/[0-9]*']), rewriteUri('regex-replace', '/articles/$1', '/posts/([0-9]+)'))
+ * ```
+ */
+declare function rewriteUri(mode: RewriteMode, target: string, match?: string): BehaviorFn;
+
+export { type RewriteMode, rewriteUri };

package/dist/behaviors/rewrite-uri.d.ts

@@ -0,0 +1,43 @@
+import { BehaviorFn } from '../core/types.js';
+
+/**
+ * Rewrite mode that controls how the URI is transformed:
+ * - `'set'` — Replace the entire URI with the target value.
+ * - `'replace'` — Replace all occurrences of `match` in the URI with `target`.
+ * - `'prepend'` — Prepend `target` to the beginning of the URI.
+ * - `'regex-replace'` — Replace all matches of the `match` regex pattern with `target`.
+ */
+type RewriteMode = 'set' | 'replace' | 'prepend' | 'regex-replace';
+/**
+ * Rewrites the request URI before it is forwarded to the origin.
+ *
+ * Akamai equivalent: `rewriteUrl` behavior.
+ *
+ * @param mode - The rewrite strategy to apply (see `RewriteMode`).
+ * @param target - The target value for the rewrite (new URI, replacement string, or prefix).
+ * @param match - The substring or regex pattern to match against (required for `'replace'`
+ *   and `'regex-replace'` modes; ignored for `'set'` and `'prepend'`).
+ * @returns A `BehaviorFn` to use as the second argument to `rule()`.
+ *
+ * @example
+ * ```ts
+ * import { rewriteUri } from '@viverse/cf-engine/behaviors'
+ * import { pathPrefix } from '@viverse/cf-engine/criteria'
+ * import { rule } from '@viverse/cf-engine'
+ *
+ * // Set: replace entire URI
+ * rule(pathEquals(['/index.php']), rewriteUri('set', '/index.html'))
+ *
+ * // Prepend: add a path prefix
+ * rule(pathPrefix(['/images/']), rewriteUri('prepend', '/v2'))
+ *
+ * // Replace: substitute a path segment
+ * rule(pathPrefix(['/legacy/']), rewriteUri('replace', '/current/', '/legacy/'))
+ *
+ * // Regex-replace: pattern-based substitution
+ * rule(pathMatches(['/posts/[0-9]*']), rewriteUri('regex-replace', '/articles/$1', '/posts/([0-9]+)'))
+ * ```
+ */
+declare function rewriteUri(mode: RewriteMode, target: string, match?: string): BehaviorFn;
+
+export { type RewriteMode, rewriteUri };

package/dist/behaviors/rewrite-uri.js

@@ -0,0 +1,7 @@
+import {
+  rewriteUri
+} from "../chunk-FTP7NLKX.js";
+import "../chunk-MLKGABMK.js";
+export {
+  rewriteUri
+};

package/dist/behaviors/set-cache-control.cjs

@@ -0,0 +1,7 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+var _chunkCV234DQTcjs = require('../chunk-CV234DQT.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+
+exports.setCacheControl = _chunkCV234DQTcjs.setCacheControl;

package/dist/behaviors/set-cache-control.d.cts

@@ -0,0 +1,29 @@
+import { ResponseBehaviorFn } from '../core/types.cjs';
+
+/**
+ * Sets the `Cache-Control` response header to the specified value.
+ *
+ * Overwrites any existing `Cache-Control` header set by the origin.
+ * Use this to enforce caching policies at the edge regardless of origin behavior.
+ *
+ * @param value - The `Cache-Control` directive string (e.g. `'public, max-age=31536000'`).
+ * @returns A `ResponseBehaviorFn` to use directly in `defineViewerResponse` or wrapped in a `ResponseRule`.
+ *
+ * @example
+ * ```ts
+ * import { setCacheControl } from '@viverse/cf-engine/behaviors'
+ * import { pathPrefix } from '@viverse/cf-engine/criteria'
+ * import { rule } from '@viverse/cf-engine'
+ * import { defineViewerResponse } from '@viverse/cf-engine/adapters/cf-function'
+ *
+ * export default defineViewerResponse([
+ *   // Cache static assets for 1 year
+ *   { criteria: pathPrefix(['/static/']), behavior: setCacheControl('public, max-age=31536000, immutable') },
+ *   // Never cache API responses
+ *   { criteria: pathPrefix(['/api/']), behavior: setCacheControl('no-store') },
+ * ])
+ * ```
+ */
+declare function setCacheControl(value: string): ResponseBehaviorFn;
+
+export { setCacheControl };

package/dist/behaviors/set-cache-control.d.ts

@@ -0,0 +1,29 @@
+import { ResponseBehaviorFn } from '../core/types.js';
+
+/**
+ * Sets the `Cache-Control` response header to the specified value.
+ *
+ * Overwrites any existing `Cache-Control` header set by the origin.
+ * Use this to enforce caching policies at the edge regardless of origin behavior.
+ *
+ * @param value - The `Cache-Control` directive string (e.g. `'public, max-age=31536000'`).
+ * @returns A `ResponseBehaviorFn` to use directly in `defineViewerResponse` or wrapped in a `ResponseRule`.
+ *
+ * @example
+ * ```ts
+ * import { setCacheControl } from '@viverse/cf-engine/behaviors'
+ * import { pathPrefix } from '@viverse/cf-engine/criteria'
+ * import { rule } from '@viverse/cf-engine'
+ * import { defineViewerResponse } from '@viverse/cf-engine/adapters/cf-function'
+ *
+ * export default defineViewerResponse([
+ *   // Cache static assets for 1 year
+ *   { criteria: pathPrefix(['/static/']), behavior: setCacheControl('public, max-age=31536000, immutable') },
+ *   // Never cache API responses
+ *   { criteria: pathPrefix(['/api/']), behavior: setCacheControl('no-store') },
+ * ])
+ * ```
+ */
+declare function setCacheControl(value: string): ResponseBehaviorFn;
+
+export { setCacheControl };

package/dist/behaviors/set-cache-control.js

@@ -0,0 +1,7 @@
+import {
+  setCacheControl
+} from "../chunk-ZTMSH34E.js";
+import "../chunk-MLKGABMK.js";
+export {
+  setCacheControl
+};

package/dist/behaviors/set-cors-headers.cjs

@@ -0,0 +1,7 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+var _chunkGK5JX7OMcjs = require('../chunk-GK5JX7OM.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+
+exports.setCorsHeaders = _chunkGK5JX7OMcjs.setCorsHeaders;

package/dist/behaviors/set-cors-headers.d.cts

@@ -0,0 +1,76 @@
+import { ResponseBehaviorFn } from '../core/types.cjs';
+
+/**
+ * CORS configuration options for the `setCorsHeaders` behavior.
+ */
+interface CorsOptions {
+    /**
+     * List of allowed origin patterns. Supports exact strings and wildcard `*` patterns
+     * (e.g. `'https://*.viverse.com'`). Use `['*']` to allow all origins.
+     * Default: `['*']`
+     */
+    allowedOrigins?: string[];
+    /**
+     * When `true`, reflects the incoming `Origin` request header as the
+     * `Access-Control-Allow-Origin` response value, provided it matches one of
+     * `allowedOrigins`. Required when `allowCredentials` is `true` (browsers reject
+     * `Access-Control-Allow-Origin: *` with credentials).
+     * Default: `false`
+     */
+    allowOriginEcho?: boolean;
+    /**
+     * Value for the `Access-Control-Allow-Methods` header.
+     * Default: `'GET, POST, OPTIONS'`
+     */
+    allowedMethods?: string;
+    /**
+     * Value for the `Access-Control-Allow-Headers` header.
+     * Default: `'Content-Type, Cache-Control, Pragma, Range'`
+     */
+    allowedHeaders?: string;
+    /**
+     * When `true`, sets `Access-Control-Allow-Credentials: true`.
+     * Must be used together with `allowOriginEcho: true`; browsers reject
+     * wildcard origins when credentials are present.
+     * Default: `false`
+     */
+    allowCredentials?: boolean;
+    /**
+     * Preflight cache duration in seconds. Sets `Access-Control-Max-Age` when specified.
+     * Omit to exclude the header.
+     */
+    maxAge?: number;
+}
+/**
+ * Sets CORS response headers with configurable origin matching, methods, headers,
+ * credentials, and preflight cache duration.
+ *
+ * Akamai equivalent: typically implemented via `modifyOutgoingResponseHeader` rules
+ * for each CORS header individually.
+ *
+ * @param options - CORS configuration. All fields are optional with safe defaults.
+ * @returns A `ResponseBehaviorFn` to use directly in `defineViewerResponse` or wrapped in a `ResponseRule`.
+ *
+ * @example
+ * ```ts
+ * import { setCorsHeaders } from '@viverse/cf-engine/behaviors'
+ * import { defineViewerResponse } from '@viverse/cf-engine/adapters/cf-function'
+ *
+ * // Allow all origins (default)
+ * export default defineViewerResponse([setCorsHeaders()])
+ *
+ * // Echo origin with credentials (e.g. for authenticated API endpoints)
+ * export default defineViewerResponse([
+ *   setCorsHeaders({
+ *     allowedOrigins: ['https://www.viverse.com', 'https://*.htc.com'],
+ *     allowOriginEcho: true,
+ *     allowCredentials: true,
+ *     allowedMethods: 'GET, POST, PUT, DELETE, OPTIONS',
+ *     maxAge: 86400,
+ *   }),
+ * ])
+ * ```
+ */
+declare function setCorsHeaders(options?: CorsOptions): ResponseBehaviorFn;
+
+export { type CorsOptions, setCorsHeaders };

package/dist/behaviors/set-cors-headers.d.ts

@@ -0,0 +1,76 @@
+import { ResponseBehaviorFn } from '../core/types.js';
+
+/**
+ * CORS configuration options for the `setCorsHeaders` behavior.
+ */
+interface CorsOptions {
+    /**
+     * List of allowed origin patterns. Supports exact strings and wildcard `*` patterns
+     * (e.g. `'https://*.viverse.com'`). Use `['*']` to allow all origins.
+     * Default: `['*']`
+     */
+    allowedOrigins?: string[];
+    /**
+     * When `true`, reflects the incoming `Origin` request header as the
+     * `Access-Control-Allow-Origin` response value, provided it matches one of
+     * `allowedOrigins`. Required when `allowCredentials` is `true` (browsers reject
+     * `Access-Control-Allow-Origin: *` with credentials).
+     * Default: `false`
+     */
+    allowOriginEcho?: boolean;
+    /**
+     * Value for the `Access-Control-Allow-Methods` header.
+     * Default: `'GET, POST, OPTIONS'`
+     */
+    allowedMethods?: string;
+    /**
+     * Value for the `Access-Control-Allow-Headers` header.
+     * Default: `'Content-Type, Cache-Control, Pragma, Range'`
+     */
+    allowedHeaders?: string;
+    /**
+     * When `true`, sets `Access-Control-Allow-Credentials: true`.
+     * Must be used together with `allowOriginEcho: true`; browsers reject
+     * wildcard origins when credentials are present.
+     * Default: `false`
+     */
+    allowCredentials?: boolean;
+    /**
+     * Preflight cache duration in seconds. Sets `Access-Control-Max-Age` when specified.
+     * Omit to exclude the header.
+     */
+    maxAge?: number;
+}
+/**
+ * Sets CORS response headers with configurable origin matching, methods, headers,
+ * credentials, and preflight cache duration.
+ *
+ * Akamai equivalent: typically implemented via `modifyOutgoingResponseHeader` rules
+ * for each CORS header individually.
+ *
+ * @param options - CORS configuration. All fields are optional with safe defaults.
+ * @returns A `ResponseBehaviorFn` to use directly in `defineViewerResponse` or wrapped in a `ResponseRule`.
+ *
+ * @example
+ * ```ts
+ * import { setCorsHeaders } from '@viverse/cf-engine/behaviors'
+ * import { defineViewerResponse } from '@viverse/cf-engine/adapters/cf-function'
+ *
+ * // Allow all origins (default)
+ * export default defineViewerResponse([setCorsHeaders()])
+ *
+ * // Echo origin with credentials (e.g. for authenticated API endpoints)
+ * export default defineViewerResponse([
+ *   setCorsHeaders({
+ *     allowedOrigins: ['https://www.viverse.com', 'https://*.htc.com'],
+ *     allowOriginEcho: true,
+ *     allowCredentials: true,
+ *     allowedMethods: 'GET, POST, PUT, DELETE, OPTIONS',
+ *     maxAge: 86400,
+ *   }),
+ * ])
+ * ```
+ */
+declare function setCorsHeaders(options?: CorsOptions): ResponseBehaviorFn;
+
+export { type CorsOptions, setCorsHeaders };

package/dist/behaviors/set-cors-headers.js

@@ -0,0 +1,7 @@
+import {
+  setCorsHeaders
+} from "../chunk-SOBTD7AD.js";
+import "../chunk-MLKGABMK.js";
+export {
+  setCorsHeaders
+};

package/dist/behaviors/set-csp.cjs

@@ -0,0 +1,7 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+var _chunkZXS23HXAcjs = require('../chunk-ZXS23HXA.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+
+exports.setCsp = _chunkZXS23HXAcjs.setCsp;

package/dist/behaviors/set-csp.d.cts

@@ -0,0 +1,48 @@
+import { ResponseBehaviorFn } from '../core/types.cjs';
+
+/**
+ * Configuration for the `Content-Security-Policy` header.
+ */
+interface CspOptions {
+    /**
+     * Map of CSP directive names to their values.
+     * Each entry becomes one `<directive> <value>` segment in the header,
+     * joined with `'; '`.
+     *
+     * @example
+     * ```ts
+     * { 'default-src': "'self'", 'img-src': "'self' data: https:", 'script-src': "'self' 'nonce-abc123'" }
+     * // → "default-src 'self'; img-src 'self' data: https:; script-src 'self' 'nonce-abc123'"
+     * ```
+     */
+    directives: Record<string, string>;
+}
+/**
+ * Sets the `Content-Security-Policy` response header from a directives map.
+ *
+ * Directive entries are joined with `'; '` to form the final header value.
+ * Overwrites any existing CSP header from the origin.
+ *
+ * @param options - CSP configuration object containing the `directives` map.
+ * @returns A `ResponseBehaviorFn` to use directly in `defineViewerResponse` or wrapped in a `ResponseRule`.
+ *
+ * @example
+ * ```ts
+ * import { setCsp } from '@viverse/cf-engine/behaviors'
+ * import { defineViewerResponse } from '@viverse/cf-engine/adapters/cf-function'
+ *
+ * export default defineViewerResponse([
+ *   setCsp({
+ *     directives: {
+ *       'default-src': "'self'",
+ *       'script-src': "'self' https://cdn.example.com",
+ *       'img-src': "'self' data: https:",
+ *       'frame-ancestors': "'none'",
+ *     },
+ *   }),
+ * ])
+ * ```
+ */
+declare function setCsp(options: CspOptions): ResponseBehaviorFn;
+
+export { type CspOptions, setCsp };

package/dist/behaviors/set-csp.d.ts

@@ -0,0 +1,48 @@
+import { ResponseBehaviorFn } from '../core/types.js';
+
+/**
+ * Configuration for the `Content-Security-Policy` header.
+ */
+interface CspOptions {
+    /**
+     * Map of CSP directive names to their values.
+     * Each entry becomes one `<directive> <value>` segment in the header,
+     * joined with `'; '`.
+     *
+     * @example
+     * ```ts
+     * { 'default-src': "'self'", 'img-src': "'self' data: https:", 'script-src': "'self' 'nonce-abc123'" }
+     * // → "default-src 'self'; img-src 'self' data: https:; script-src 'self' 'nonce-abc123'"
+     * ```
+     */
+    directives: Record<string, string>;
+}
+/**
+ * Sets the `Content-Security-Policy` response header from a directives map.
+ *
+ * Directive entries are joined with `'; '` to form the final header value.
+ * Overwrites any existing CSP header from the origin.
+ *
+ * @param options - CSP configuration object containing the `directives` map.
+ * @returns A `ResponseBehaviorFn` to use directly in `defineViewerResponse` or wrapped in a `ResponseRule`.
+ *
+ * @example
+ * ```ts
+ * import { setCsp } from '@viverse/cf-engine/behaviors'
+ * import { defineViewerResponse } from '@viverse/cf-engine/adapters/cf-function'
+ *
+ * export default defineViewerResponse([
+ *   setCsp({
+ *     directives: {
+ *       'default-src': "'self'",
+ *       'script-src': "'self' https://cdn.example.com",
+ *       'img-src': "'self' data: https:",
+ *       'frame-ancestors': "'none'",
+ *     },
+ *   }),
+ * ])
+ * ```
+ */
+declare function setCsp(options: CspOptions): ResponseBehaviorFn;
+
+export { type CspOptions, setCsp };

package/dist/behaviors/set-csp.js

@@ -0,0 +1,7 @@
+import {
+  setCsp
+} from "../chunk-XUI4Y22M.js";
+import "../chunk-MLKGABMK.js";
+export {
+  setCsp
+};

package/dist/behaviors/set-request-header.cjs

@@ -0,0 +1,7 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+var _chunkPPUHEL4Hcjs = require('../chunk-PPUHEL4H.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+
+exports.setRequestHeader = _chunkPPUHEL4Hcjs.setRequestHeader;

package/dist/behaviors/set-request-header.d.cts

@@ -0,0 +1,26 @@
+import { BehaviorFn } from '../core/types.cjs';
+
+/**
+ * Sets a request header to the specified value before the request is forwarded to the origin.
+ *
+ * If the header already exists, it is overwritten. Header names are automatically lowercased
+ * to match CloudFront's normalized internal format.
+ *
+ * Akamai equivalent: `modifyOutgoingRequestHeader` behavior with `action: 'SET'`.
+ *
+ * @param headerName - The request header name to set (e.g. `'x-forwarded-for'`). Case-insensitive.
+ * @param value - The value to assign to the header.
+ * @returns A `BehaviorFn` to use as the second argument to `rule()`.
+ *
+ * @example
+ * ```ts
+ * import { setRequestHeader } from '@viverse/cf-engine/behaviors'
+ * import { pathPrefix } from '@viverse/cf-engine/criteria'
+ * import { rule } from '@viverse/cf-engine'
+ *
+ * rule(pathPrefix(['/api/']), setRequestHeader('x-internal-service', 'cf-edge'))
+ * ```
+ */
+declare function setRequestHeader(headerName: string, value: string): BehaviorFn;
+
+export { setRequestHeader };

package/dist/behaviors/set-request-header.d.ts

@@ -0,0 +1,26 @@
+import { BehaviorFn } from '../core/types.js';
+
+/**
+ * Sets a request header to the specified value before the request is forwarded to the origin.
+ *
+ * If the header already exists, it is overwritten. Header names are automatically lowercased
+ * to match CloudFront's normalized internal format.
+ *
+ * Akamai equivalent: `modifyOutgoingRequestHeader` behavior with `action: 'SET'`.
+ *
+ * @param headerName - The request header name to set (e.g. `'x-forwarded-for'`). Case-insensitive.
+ * @param value - The value to assign to the header.
+ * @returns A `BehaviorFn` to use as the second argument to `rule()`.
+ *
+ * @example
+ * ```ts
+ * import { setRequestHeader } from '@viverse/cf-engine/behaviors'
+ * import { pathPrefix } from '@viverse/cf-engine/criteria'
+ * import { rule } from '@viverse/cf-engine'
+ *
+ * rule(pathPrefix(['/api/']), setRequestHeader('x-internal-service', 'cf-edge'))
+ * ```
+ */
+declare function setRequestHeader(headerName: string, value: string): BehaviorFn;
+
+export { setRequestHeader };

package/dist/behaviors/set-request-header.js

@@ -0,0 +1,7 @@
+import {
+  setRequestHeader
+} from "../chunk-M5KUQBDW.js";
+import "../chunk-MLKGABMK.js";
+export {
+  setRequestHeader
+};

package/dist/behaviors/set-response-header.cjs

@@ -0,0 +1,7 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+var _chunkB4WEJSEZcjs = require('../chunk-B4WEJSEZ.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+
+exports.setResponseHeader = _chunkB4WEJSEZcjs.setResponseHeader;

package/dist/behaviors/set-response-header.d.cts

@@ -0,0 +1,28 @@
+import { ResponseBehaviorFn } from '../core/types.cjs';
+
+/**
+ * Sets a response header to the specified value.
+ *
+ * Overwrites the header if it already exists. Header names are automatically
+ * lowercased to match CloudFront's normalized format.
+ *
+ * Use inside `defineViewerResponse` to add or override outgoing response headers.
+ *
+ * @param headerName - The response header name to set (e.g. `'x-custom-header'`). Case-insensitive.
+ * @param value - The value to assign to the header.
+ * @returns A `ResponseBehaviorFn` to use directly in `defineViewerResponse` or wrapped in a `ResponseRule`.
+ *
+ * @example
+ * ```ts
+ * import { setResponseHeader } from '@viverse/cf-engine/behaviors'
+ * import { defineViewerResponse } from '@viverse/cf-engine/adapters/cf-function'
+ *
+ * export default defineViewerResponse([
+ *   setResponseHeader('x-powered-by', 'CloudFront'),
+ *   setResponseHeader('x-custom-env', 'production'),
+ * ])
+ * ```
+ */
+declare function setResponseHeader(headerName: string, value: string): ResponseBehaviorFn;
+
+export { setResponseHeader };