@rayselfs/cf-rule-engine 1.5.0

package/dist/behaviors/set-response-header.d.ts

@@ -0,0 +1,28 @@
+import { ResponseBehaviorFn } from '../core/types.js';
+
+/**
+ * Sets a response header to the specified value.
+ *
+ * Overwrites the header if it already exists. Header names are automatically
+ * lowercased to match CloudFront's normalized format.
+ *
+ * Use inside `defineViewerResponse` to add or override outgoing response headers.
+ *
+ * @param headerName - The response header name to set (e.g. `'x-custom-header'`). Case-insensitive.
+ * @param value - The value to assign to the header.
+ * @returns A `ResponseBehaviorFn` to use directly in `defineViewerResponse` or wrapped in a `ResponseRule`.
+ *
+ * @example
+ * ```ts
+ * import { setResponseHeader } from '@viverse/cf-engine/behaviors'
+ * import { defineViewerResponse } from '@viverse/cf-engine/adapters/cf-function'
+ *
+ * export default defineViewerResponse([
+ *   setResponseHeader('x-powered-by', 'CloudFront'),
+ *   setResponseHeader('x-custom-env', 'production'),
+ * ])
+ * ```
+ */
+declare function setResponseHeader(headerName: string, value: string): ResponseBehaviorFn;
+
+export { setResponseHeader };

package/dist/behaviors/set-response-header.js

@@ -0,0 +1,7 @@
+import {
+  setResponseHeader
+} from "../chunk-RBBKFG5J.js";
+import "../chunk-MLKGABMK.js";
+export {
+  setResponseHeader
+};

package/dist/behaviors/set-security-headers.cjs

@@ -0,0 +1,7 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+var _chunkUI6LKDJIcjs = require('../chunk-UI6LKDJI.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+
+exports.setSecurityHeaders = _chunkUI6LKDJIcjs.setSecurityHeaders;

package/dist/behaviors/set-security-headers.d.cts

@@ -0,0 +1,55 @@
+import { ResponseBehaviorFn } from '../core/types.cjs';
+
+/**
+ * Options for overriding individual security header values.
+ * All fields are optional; omitted fields fall back to their secure defaults.
+ */
+interface SecurityHeadersOptions {
+    /**
+     * Value for the `Strict-Transport-Security` header.
+     * Default: `'max-age=31536000; includeSubDomains'`
+     */
+    hsts?: string;
+    /**
+     * Value for the `X-Frame-Options` header. Controls whether the page can be
+     * embedded in an iframe. Common values: `'DENY'`, `'SAMEORIGIN'`.
+     * Default: `'SAMEORIGIN'`
+     */
+    xFrameOptions?: string;
+    /**
+     * Value for the `X-Content-Type-Options` header. Set to `'nosniff'` to
+     * prevent browsers from MIME-sniffing the response content type.
+     * Default: `'nosniff'`
+     */
+    xContentTypeOptions?: string;
+}
+/**
+ * Sets common security headers on the outgoing response.
+ *
+ * Applied headers and their defaults:
+ * - `Strict-Transport-Security`: `max-age=31536000; includeSubDomains`
+ * - `X-Frame-Options`: `SAMEORIGIN`
+ * - `X-Content-Type-Options`: `nosniff`
+ *
+ * Akamai equivalent: `httpStrictTransportSecurity` behavior (HSTS only).
+ *
+ * @param options - Optional overrides for individual header values.
+ * @returns A `ResponseBehaviorFn` to use directly in `defineViewerResponse` or wrapped in a `ResponseRule`.
+ *
+ * @example
+ * ```ts
+ * import { setSecurityHeaders } from '@viverse/cf-engine/behaviors'
+ * import { defineViewerResponse } from '@viverse/cf-engine/adapters/cf-function'
+ *
+ * // Apply defaults
+ * export default defineViewerResponse([setSecurityHeaders()])
+ *
+ * // Override HSTS and frame options
+ * export default defineViewerResponse([
+ *   setSecurityHeaders({ hsts: 'max-age=63072000; includeSubDomains; preload', xFrameOptions: 'DENY' }),
+ * ])
+ * ```
+ */
+declare function setSecurityHeaders(options?: SecurityHeadersOptions): ResponseBehaviorFn;
+
+export { type SecurityHeadersOptions, setSecurityHeaders };

package/dist/behaviors/set-security-headers.d.ts

@@ -0,0 +1,55 @@
+import { ResponseBehaviorFn } from '../core/types.js';
+
+/**
+ * Options for overriding individual security header values.
+ * All fields are optional; omitted fields fall back to their secure defaults.
+ */
+interface SecurityHeadersOptions {
+    /**
+     * Value for the `Strict-Transport-Security` header.
+     * Default: `'max-age=31536000; includeSubDomains'`
+     */
+    hsts?: string;
+    /**
+     * Value for the `X-Frame-Options` header. Controls whether the page can be
+     * embedded in an iframe. Common values: `'DENY'`, `'SAMEORIGIN'`.
+     * Default: `'SAMEORIGIN'`
+     */
+    xFrameOptions?: string;
+    /**
+     * Value for the `X-Content-Type-Options` header. Set to `'nosniff'` to
+     * prevent browsers from MIME-sniffing the response content type.
+     * Default: `'nosniff'`
+     */
+    xContentTypeOptions?: string;
+}
+/**
+ * Sets common security headers on the outgoing response.
+ *
+ * Applied headers and their defaults:
+ * - `Strict-Transport-Security`: `max-age=31536000; includeSubDomains`
+ * - `X-Frame-Options`: `SAMEORIGIN`
+ * - `X-Content-Type-Options`: `nosniff`
+ *
+ * Akamai equivalent: `httpStrictTransportSecurity` behavior (HSTS only).
+ *
+ * @param options - Optional overrides for individual header values.
+ * @returns A `ResponseBehaviorFn` to use directly in `defineViewerResponse` or wrapped in a `ResponseRule`.
+ *
+ * @example
+ * ```ts
+ * import { setSecurityHeaders } from '@viverse/cf-engine/behaviors'
+ * import { defineViewerResponse } from '@viverse/cf-engine/adapters/cf-function'
+ *
+ * // Apply defaults
+ * export default defineViewerResponse([setSecurityHeaders()])
+ *
+ * // Override HSTS and frame options
+ * export default defineViewerResponse([
+ *   setSecurityHeaders({ hsts: 'max-age=63072000; includeSubDomains; preload', xFrameOptions: 'DENY' }),
+ * ])
+ * ```
+ */
+declare function setSecurityHeaders(options?: SecurityHeadersOptions): ResponseBehaviorFn;
+
+export { type SecurityHeadersOptions, setSecurityHeaders };

package/dist/behaviors/set-security-headers.js

@@ -0,0 +1,7 @@
+import {
+  setSecurityHeaders
+} from "../chunk-VQCRSBWL.js";
+import "../chunk-MLKGABMK.js";
+export {
+  setSecurityHeaders
+};

package/dist/behaviors/strip-query-params.cjs

@@ -0,0 +1,7 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+var _chunkMSES76XKcjs = require('../chunk-MSES76XK.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+
+exports.stripQueryParams = _chunkMSES76XKcjs.stripQueryParams;

package/dist/behaviors/strip-query-params.d.cts

@@ -0,0 +1,25 @@
+import { BehaviorFn } from '../core/types.cjs';
+
+/**
+ * Removes specific query string parameters from the request before it is forwarded to the origin.
+ *
+ * Commonly used after `verifyToken` to strip the auth token query param so it
+ * is not exposed to the origin server.
+ *
+ * Parameters not present in the request are silently ignored.
+ *
+ * @param params - Array of query string parameter names to remove (case-sensitive).
+ * @returns A `BehaviorFn` to use as the second argument to `rule()`.
+ *
+ * @example
+ * ```ts
+ * import { stripQueryParams, verifyToken } from '@viverse/cf-engine/behaviors'
+ * import { rule } from '@viverse/cf-engine'
+ *
+ * rule(verifyToken({ key: process.env.EDGE_AUTH_KEY! })),
+ * rule(stripQueryParams(['hdnts', 'imformat']))
+ * ```
+ */
+declare function stripQueryParams(params: string[]): BehaviorFn;
+
+export { stripQueryParams };

package/dist/behaviors/strip-query-params.d.ts

@@ -0,0 +1,25 @@
+import { BehaviorFn } from '../core/types.js';
+
+/**
+ * Removes specific query string parameters from the request before it is forwarded to the origin.
+ *
+ * Commonly used after `verifyToken` to strip the auth token query param so it
+ * is not exposed to the origin server.
+ *
+ * Parameters not present in the request are silently ignored.
+ *
+ * @param params - Array of query string parameter names to remove (case-sensitive).
+ * @returns A `BehaviorFn` to use as the second argument to `rule()`.
+ *
+ * @example
+ * ```ts
+ * import { stripQueryParams, verifyToken } from '@viverse/cf-engine/behaviors'
+ * import { rule } from '@viverse/cf-engine'
+ *
+ * rule(verifyToken({ key: process.env.EDGE_AUTH_KEY! })),
+ * rule(stripQueryParams(['hdnts', 'imformat']))
+ * ```
+ */
+declare function stripQueryParams(params: string[]): BehaviorFn;
+
+export { stripQueryParams };

package/dist/behaviors/strip-query-params.js

@@ -0,0 +1,7 @@
+import {
+  stripQueryParams
+} from "../chunk-XPQG5IML.js";
+import "../chunk-MLKGABMK.js";
+export {
+  stripQueryParams
+};

package/dist/cf-function-D27hUVtN.d.cts

@@ -0,0 +1,70 @@
+import { Rule, ResponseBehaviorFn, ResponseRule } from './core/types.cjs';
+
+/**
+ * Creates a CloudFront Function viewer-request handler from an ordered list of rules.
+ *
+ * The returned function is the CloudFront Function entry point. Assign it as
+ * `export default` or `var handler` depending on your runtime configuration.
+ *
+ * Rules are evaluated in order. Processing stops at the first rule whose behavior
+ * returns a response (e.g. `redirect`, `constructResponse`). If all rules continue,
+ * the (possibly mutated) request is forwarded to the origin.
+ *
+ * @param rules - Ordered array of `Rule` objects created with `rule()`.
+ * @returns A CloudFront Function handler `(event) => request | response`.
+ *
+ * @example
+ * ```ts
+ * import { rule, not } from '@viverse/cf-engine'
+ * import { ipCidr, pathPrefix } from '@viverse/cf-engine/criteria'
+ * import { redirect, setRequestHeader } from '@viverse/cf-engine/behaviors'
+ * import { defineViewerRequest } from '@viverse/cf-engine/adapters/cf-function'
+ *
+ * export default defineViewerRequest([
+ *   rule(not(ipCidr(['10.0.0.0/8'])), redirect(302, 'https://www.viverse.com')),
+ *   rule(pathPrefix(['/api/']), setRequestHeader('x-forwarded-host', 'api.internal')),
+ * ])
+ * ```
+ */
+declare function defineViewerRequest(rules: Rule[]): (event: unknown) => unknown;
+/**
+ * Creates a CloudFront Function viewer-response handler from an ordered list of
+ * response behaviors or response rules.
+ *
+ * Each entry can be either:
+ * - A bare `ResponseBehaviorFn` — runs unconditionally on every response.
+ * - A `ResponseRule` `{ criteria, behavior }` — runs only when `criteria` returns `true`
+ *   for the current request.
+ *
+ * All behaviors are applied in order; none can short-circuit the response.
+ * The final merged response object is returned to CloudFront.
+ *
+ * Note: If no behavior explicitly sets a body, the `body` field is omitted from
+ * the returned response to avoid overwriting the origin's actual content.
+ *
+ * @param responseBehaviors - Ordered array of `ResponseBehaviorFn` functions or
+ *   `ResponseRule` objects `{ criteria?, behavior }`.
+ * @returns A CloudFront Function handler `(event) => response`.
+ *
+ * @example
+ * ```ts
+ * import { setSecurityHeaders, setCorsHeaders, setResponseHeader } from '@viverse/cf-engine/behaviors'
+ * import { pathPrefix } from '@viverse/cf-engine/criteria'
+ * import { defineViewerResponse } from '@viverse/cf-engine/adapters/cf-function'
+ *
+ * export default defineViewerResponse([
+ *   setSecurityHeaders(),
+ *   setCorsHeaders({ allowedOrigins: ['https://www.viverse.com'] }),
+ *   { criteria: pathPrefix(['/api/']), behavior: setResponseHeader('cache-control', 'no-store') },
+ * ])
+ * ```
+ */
+declare function defineViewerResponse(responseBehaviors: Array<ResponseBehaviorFn | ResponseRule>): (event: unknown) => unknown;
+
+declare const cfFunction_defineViewerRequest: typeof defineViewerRequest;
+declare const cfFunction_defineViewerResponse: typeof defineViewerResponse;
+declare namespace cfFunction {
+  export { cfFunction_defineViewerRequest as defineViewerRequest, cfFunction_defineViewerResponse as defineViewerResponse };
+}
+
+export { defineViewerResponse as a, cfFunction as c, defineViewerRequest as d };

package/dist/cf-function-u0PvbW_s.d.ts

@@ -0,0 +1,70 @@
+import { Rule, ResponseBehaviorFn, ResponseRule } from './core/types.js';
+
+/**
+ * Creates a CloudFront Function viewer-request handler from an ordered list of rules.
+ *
+ * The returned function is the CloudFront Function entry point. Assign it as
+ * `export default` or `var handler` depending on your runtime configuration.
+ *
+ * Rules are evaluated in order. Processing stops at the first rule whose behavior
+ * returns a response (e.g. `redirect`, `constructResponse`). If all rules continue,
+ * the (possibly mutated) request is forwarded to the origin.
+ *
+ * @param rules - Ordered array of `Rule` objects created with `rule()`.
+ * @returns A CloudFront Function handler `(event) => request | response`.
+ *
+ * @example
+ * ```ts
+ * import { rule, not } from '@viverse/cf-engine'
+ * import { ipCidr, pathPrefix } from '@viverse/cf-engine/criteria'
+ * import { redirect, setRequestHeader } from '@viverse/cf-engine/behaviors'
+ * import { defineViewerRequest } from '@viverse/cf-engine/adapters/cf-function'
+ *
+ * export default defineViewerRequest([
+ *   rule(not(ipCidr(['10.0.0.0/8'])), redirect(302, 'https://www.viverse.com')),
+ *   rule(pathPrefix(['/api/']), setRequestHeader('x-forwarded-host', 'api.internal')),
+ * ])
+ * ```
+ */
+declare function defineViewerRequest(rules: Rule[]): (event: unknown) => unknown;
+/**
+ * Creates a CloudFront Function viewer-response handler from an ordered list of
+ * response behaviors or response rules.
+ *
+ * Each entry can be either:
+ * - A bare `ResponseBehaviorFn` — runs unconditionally on every response.
+ * - A `ResponseRule` `{ criteria, behavior }` — runs only when `criteria` returns `true`
+ *   for the current request.
+ *
+ * All behaviors are applied in order; none can short-circuit the response.
+ * The final merged response object is returned to CloudFront.
+ *
+ * Note: If no behavior explicitly sets a body, the `body` field is omitted from
+ * the returned response to avoid overwriting the origin's actual content.
+ *
+ * @param responseBehaviors - Ordered array of `ResponseBehaviorFn` functions or
+ *   `ResponseRule` objects `{ criteria?, behavior }`.
+ * @returns A CloudFront Function handler `(event) => response`.
+ *
+ * @example
+ * ```ts
+ * import { setSecurityHeaders, setCorsHeaders, setResponseHeader } from '@viverse/cf-engine/behaviors'
+ * import { pathPrefix } from '@viverse/cf-engine/criteria'
+ * import { defineViewerResponse } from '@viverse/cf-engine/adapters/cf-function'
+ *
+ * export default defineViewerResponse([
+ *   setSecurityHeaders(),
+ *   setCorsHeaders({ allowedOrigins: ['https://www.viverse.com'] }),
+ *   { criteria: pathPrefix(['/api/']), behavior: setResponseHeader('cache-control', 'no-store') },
+ * ])
+ * ```
+ */
+declare function defineViewerResponse(responseBehaviors: Array<ResponseBehaviorFn | ResponseRule>): (event: unknown) => unknown;
+
+declare const cfFunction_defineViewerRequest: typeof defineViewerRequest;
+declare const cfFunction_defineViewerResponse: typeof defineViewerResponse;
+declare namespace cfFunction {
+  export { cfFunction_defineViewerRequest as defineViewerRequest, cfFunction_defineViewerResponse as defineViewerResponse };
+}
+
+export { defineViewerResponse as a, cfFunction as c, defineViewerRequest as d };

package/dist/chunk-2DE6WPPL.js

@@ -0,0 +1,21 @@
+// src/shared/wildcard.ts
+var regexCache = /* @__PURE__ */ Object.create(null);
+function wildcardToRegex(pattern) {
+  if (!(pattern in regexCache)) {
+    const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*").replace(/\?/g, ".");
+    regexCache[pattern] = new RegExp(`^${escaped}$`, "i");
+  }
+  return regexCache[pattern];
+}
+function matchesWildcard(str, pattern) {
+  return wildcardToRegex(pattern).test(str);
+}
+function matchesAnyWildcard(str, patterns) {
+  return patterns.some((p) => matchesWildcard(str, p));
+}
+
+export {
+  wildcardToRegex,
+  matchesWildcard,
+  matchesAnyWildcard
+};

package/dist/chunk-32SMWYAF.cjs

@@ -0,0 +1,13 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }// src/criteria/header-contains.ts
+function headerContains(headerName, substrings) {
+  return (req) => {
+    const val = _optionalChain([req, 'access', _ => _.headers, 'access', _2 => _2[headerName.toLowerCase()], 'optionalAccess', _3 => _3.value]);
+    if (val === void 0) return false;
+    const lower = val.toLowerCase();
+    return substrings.some((s) => lower.includes(s.toLowerCase()));
+  };
+}
+
+
+
+exports.headerContains = headerContains;

package/dist/chunk-3BBLG4IX.cjs

@@ -0,0 +1,132 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } }
+
+var _chunkWKYMSRCDcjs = require('./chunk-WKYMSRCD.cjs');
+
+
+var _chunk75ZPJI57cjs = require('./chunk-75ZPJI57.cjs');
+
+// src/adapters/lambda-edge.ts
+var lambda_edge_exports = {};
+_chunk75ZPJI57cjs.__export.call(void 0, lambda_edge_exports, {
+  defineViewerRequest: () => defineViewerRequest,
+  defineViewerResponse: () => defineViewerResponse
+});
+function normalizeHeaders(headers) {
+  const result = {};
+  const entries = Object.entries(_nullishCoalesce(headers, () => ( {})));
+  for (let i = 0; i < entries.length; i++) {
+    const entry = entries[i];
+    const key = entry[0];
+    const arr = entry[1];
+    if (arr.length > 0) result[key.toLowerCase()] = { value: arr[0].value };
+  }
+  return result;
+}
+function denormalizeHeaders(headers) {
+  const result = {};
+  const entries = Object.entries(headers);
+  for (let i = 0; i < entries.length; i++) {
+    const entry = entries[i];
+    const key = entry[0];
+    const value = entry[1].value;
+    result[key] = [{ key, value }];
+  }
+  return result;
+}
+function parseQuerystring(qs) {
+  if (!qs) return {};
+  return Object.fromEntries(
+    qs.split("&").map((p) => {
+      const parts = p.split("=");
+      const k = parts[0];
+      const v = parts[1] || "";
+      return [k, { value: v }];
+    })
+  );
+}
+function serializeQuerystring(qs) {
+  const qsEntries = Object.entries(qs);
+  const parts = [];
+  for (let i = 0; i < qsEntries.length; i++) {
+    parts.push(qsEntries[i][0] + "=" + qsEntries[i][1].value);
+  }
+  return parts.join("&");
+}
+function defineViewerRequest(rules) {
+  return async (event) => {
+    const ev = event;
+    const records = ev.Records;
+    const cf = records[0].cf;
+    const lambdaReq = cf.request;
+    const req = {
+      uri: lambdaReq.uri,
+      method: lambdaReq.method,
+      protocol: "https",
+      querystring: parseQuerystring(_nullishCoalesce(lambdaReq.querystring, () => ( ""))),
+      headers: normalizeHeaders(
+        _nullishCoalesce(lambdaReq.headers, () => ( {}))
+      ),
+      clientIp: _nullishCoalesce(lambdaReq.clientIp, () => ( ""))
+    };
+    const result = _chunkWKYMSRCDcjs.runRules.call(void 0, rules, req);
+    if (result.action === "respond") {
+      return {
+        status: String(result.response.statusCode),
+        statusDescription: result.response.statusDescription,
+        headers: denormalizeHeaders(result.response.headers),
+        body: _nullishCoalesce(result.response.body, () => ( ""))
+      };
+    }
+    return Object.assign({}, lambdaReq, {
+      uri: result.request.uri,
+      querystring: serializeQuerystring(result.request.querystring),
+      headers: denormalizeHeaders(result.request.headers)
+    });
+  };
+}
+function defineViewerResponse(responseBehaviors) {
+  return async (event) => {
+    const ev = event;
+    const records = ev.Records;
+    const cf = records[0].cf;
+    const lambdaReq = cf.request;
+    const lambdaRes = cf.response;
+    const req = {
+      uri: lambdaReq.uri,
+      method: lambdaReq.method,
+      protocol: "https",
+      querystring: parseQuerystring(_nullishCoalesce(lambdaReq.querystring, () => ( ""))),
+      headers: normalizeHeaders(
+        _nullishCoalesce(lambdaReq.headers, () => ( {}))
+      ),
+      clientIp: _nullishCoalesce(lambdaReq.clientIp, () => ( ""))
+    };
+    let response = {
+      statusCode: parseInt(lambdaRes.status, 10),
+      statusDescription: lambdaRes.statusDescription,
+      headers: normalizeHeaders(
+        _nullishCoalesce(lambdaRes.headers, () => ( {}))
+      ),
+      body: lambdaRes.body
+    };
+    for (let i = 0; i < responseBehaviors.length; i++) {
+      const entry = responseBehaviors[i];
+      if (typeof entry === "function") {
+        response = entry(req, response);
+      } else if (!entry.criteria || entry.criteria(req)) {
+        response = entry.behavior(req, response);
+      }
+    }
+    return Object.assign({}, lambdaRes, {
+      status: String(response.statusCode),
+      statusDescription: response.statusDescription,
+      headers: denormalizeHeaders(response.headers)
+    });
+  };
+}
+
+
+
+
+
+exports.defineViewerRequest = defineViewerRequest; exports.defineViewerResponse = defineViewerResponse; exports.lambda_edge_exports = lambda_edge_exports;

package/dist/chunk-3PVDUC5M.js

@@ -0,0 +1,12 @@
+// src/criteria/hostname-is.ts
+function hostnameIs(hostnames) {
+  return (req) => {
+    const host = req.headers["host"]?.value?.toLowerCase();
+    if (!host) return false;
+    return hostnames.some((h) => h.toLowerCase() === host);
+  };
+}
+
+export {
+  hostnameIs
+};

package/dist/chunk-5CPBXZ4X.js

@@ -0,0 +1,12 @@
+// src/criteria/country-is.ts
+function countryIs(codes) {
+  return (req) => {
+    const country = req.headers["cloudfront-viewer-country"]?.value?.toUpperCase();
+    if (!country) return false;
+    return codes.some((c) => c.toUpperCase() === country);
+  };
+}
+
+export {
+  countryIs
+};

package/dist/chunk-5PT5X62W.js

@@ -0,0 +1,98 @@
+// src/behaviors/image-optimize.ts
+function selectBreakpoint(width, breakpoints) {
+  const sorted = breakpoints.slice().sort(function(a, b) {
+    return a - b;
+  });
+  for (var i = 0; i < sorted.length; i++) {
+    if (sorted[i] >= width) return sorted[i];
+  }
+  return sorted[sorted.length - 1];
+}
+function mapAkamaiFormat(akamaiFormat) {
+  switch (akamaiFormat) {
+    case "chrome":
+    case "webp":
+      return "webp";
+    case "avif":
+      return "avif";
+    default:
+      return "jpeg";
+  }
+}
+function selectFormat(acceptHeader, formats) {
+  if (acceptHeader) {
+    for (var i = 0; i < formats.length; i++) {
+      if (formats[i] === "avif" && acceptHeader.indexOf("image/avif") !== -1) return "avif";
+      if (formats[i] === "webp" && acceptHeader.indexOf("image/webp") !== -1) return "webp";
+    }
+  }
+  return formats[formats.length - 1] !== void 0 ? formats[formats.length - 1] : "jpeg";
+}
+function resolveImageParams(request, options) {
+  var formats = options.formats !== void 0 ? options.formats : ["avif", "webp", "jpeg"];
+  var quality = options.quality !== void 0 ? options.quality : 75;
+  var sortedBreakpoints = options.breakpoints.slice().sort(function(a, b) {
+    return a - b;
+  });
+  var imwidthParamName = options.imwidthParam !== void 0 ? options.imwidthParam : "imwidth";
+  var imformatParamName = options.imformatParam !== void 0 ? options.imformatParam : "imformat";
+  var width = NaN;
+  var imwidthVal = request.querystring[imwidthParamName] !== void 0 ? request.querystring[imwidthParamName].value : void 0;
+  if (imwidthVal !== void 0) {
+    var parsed = parseInt(imwidthVal, 10);
+    if (isFinite(parsed)) width = parsed;
+  }
+  if (!isFinite(width)) {
+    var widthHeader = request.headers["cloudfront-viewer-width"] !== void 0 ? request.headers["cloudfront-viewer-width"].value : void 0;
+    if (widthHeader !== void 0) {
+      var parsedHeader = parseInt(widthHeader, 10);
+      if (isFinite(parsedHeader)) width = parsedHeader;
+    }
+  }
+  var breakpoint = isFinite(width) ? selectBreakpoint(width, sortedBreakpoints) : sortedBreakpoints[sortedBreakpoints.length - 1];
+  var format;
+  var imformatVal = request.querystring[imformatParamName] !== void 0 ? request.querystring[imformatParamName].value : void 0;
+  if (imformatVal !== void 0) {
+    format = mapAkamaiFormat(imformatVal);
+  } else {
+    var acceptVal = request.headers["accept"] !== void 0 ? request.headers["accept"].value : void 0;
+    format = selectFormat(acceptVal, formats);
+  }
+  return { breakpoint, format, quality };
+}
+function imageOptimize(options) {
+  var imformatParamName = options.imformatParam !== void 0 ? options.imformatParam : "imformat";
+  return function(request) {
+    var resolved = resolveImageParams(request, options);
+    var qs = Object.assign({}, request.querystring);
+    qs["imwidth"] = { value: String(resolved.breakpoint) };
+    qs["f"] = { value: resolved.format };
+    if (qs["q"] === void 0) {
+      var legacyQuality = qs["quality"] !== void 0 ? qs["quality"].value : void 0;
+      qs["q"] = { value: legacyQuality !== void 0 ? legacyQuality : String(resolved.quality) };
+    }
+    delete qs["quality"];
+    delete qs[imformatParamName];
+    if (imformatParamName !== "imformat") {
+      delete qs["imformat"];
+    }
+    var headers = Object.assign({}, request.headers);
+    if (options.origin !== void 0) {
+      headers["x-img-source-type"] = { value: options.origin.type };
+      if (options.origin.type === "gateway") {
+        headers["x-img-upstream-gateway"] = { value: options.origin.upstreamGateway };
+      } else {
+        headers["x-img-source-bucket"] = { value: options.origin.sourceBucket };
+      }
+    }
+    if (options.originSecret !== void 0) {
+      headers["x-origin-verify"] = { value: options.originSecret };
+    }
+    return { action: "continue", request: Object.assign({}, request, { querystring: qs, headers }) };
+  };
+}
+
+export {
+  resolveImageParams,
+  imageOptimize
+};