@rayselfs/cf-rule-engine 1.5.1 → 1.6.1

package/README.md

@@ -141,23 +141,23 @@ defineViewerResponse([
 
 Primary distribution requests do not carry `aws-cf-cd-staging`, so the rule is a no-op there.
 
-### stagingWhitelist
+### whitelist
 
-Restricts access to a staging environment by IP CIDR range and/or User-Agent pattern. Requests that don't match any allowed CIDR or User-Agent (and aren't on a bypassed path) are redirected with HTTP 302.
+Restricts access by IP CIDR range and/or User-Agent pattern. Requests that don't match any allowed CIDR or User-Agent (and aren't on a bypassed path) are redirected with HTTP 302.
 
 No default allowlists are included — callers must supply all CIDRs and User-Agent patterns explicitly.
 
 ```typescript
-import { stagingWhitelist } from '@rayselfs/cf-rule-engine/helpers/index'
+import { whitelist } from '@rayselfs/cf-rule-engine/helpers/index'
 
-stagingWhitelist({
+whitelist({
   cidrs: ['203.0.113.0/24', '10.0.0.0/8'],
   userAgents: ['*InternalBot*', '*Prerender*'],
   redirectUrl: 'https://www.example.com',
 })
 
 // With bypass paths:
-stagingWhitelist({
+whitelist({
   cidrs: ['203.0.113.0/24'],
   redirectUrl: 'https://www.example.com',
   bypassPaths: ['/api/health', '/robots.txt'],

package/dist/adapters/cf-function.d.cts

@@ -1,2 +1,2 @@
 import '../core/types.cjs';
-export { d as defineViewerRequest, a as defineViewerResponse } from '../cf-function-DIQHy8L7.cjs';
+export { d as defineViewerRequest, a as defineViewerResponse } from '../viewer-response-DIQHy8L7.cjs';

package/dist/adapters/cf-function.d.ts

@@ -1,2 +1,2 @@
 import '../core/types.js';
-export { d as defineViewerRequest, a as defineViewerResponse } from '../cf-function-C9eF2O9s.js';
+export { d as defineViewerRequest, a as defineViewerResponse } from '../viewer-response-C9eF2O9s.js';

package/dist/adapters/viewer-request.cjs

@@ -0,0 +1,8 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+var _chunkSAXDN5NScjs = require('../chunk-SAXDN5NS.cjs');
+require('../chunk-WKYMSRCD.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+
+exports.defineViewerRequest = _chunkSAXDN5NScjs.defineViewerRequest;

package/dist/adapters/viewer-request.d.cts

@@ -0,0 +1,2 @@
+export { d as defineViewerRequest } from '../viewer-response-DIQHy8L7.cjs';
+import '../core/types.cjs';

package/dist/adapters/viewer-request.d.ts

@@ -0,0 +1,2 @@
+export { d as defineViewerRequest } from '../viewer-response-C9eF2O9s.js';
+import '../core/types.js';

package/dist/adapters/viewer-request.js

@@ -0,0 +1,8 @@
+import {
+  defineViewerRequest
+} from "../chunk-NPMGSPNL.js";
+import "../chunk-Q4NP4C3B.js";
+import "../chunk-MLKGABMK.js";
+export {
+  defineViewerRequest
+};

package/dist/adapters/viewer-response.cjs

@@ -0,0 +1,8 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+var _chunkSAXDN5NScjs = require('../chunk-SAXDN5NS.cjs');
+require('../chunk-WKYMSRCD.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+
+exports.defineViewerResponse = _chunkSAXDN5NScjs.defineViewerResponse;

package/dist/adapters/viewer-response.d.cts

@@ -0,0 +1,2 @@
+export { a as defineViewerResponse } from '../viewer-response-DIQHy8L7.cjs';
+import '../core/types.cjs';

package/dist/adapters/viewer-response.d.ts

@@ -0,0 +1,2 @@
+export { a as defineViewerResponse } from '../viewer-response-C9eF2O9s.js';
+import '../core/types.js';

package/dist/adapters/viewer-response.js

@@ -0,0 +1,8 @@
+import {
+  defineViewerResponse
+} from "../chunk-NPMGSPNL.js";
+import "../chunk-Q4NP4C3B.js";
+import "../chunk-MLKGABMK.js";
+export {
+  defineViewerResponse
+};

package/dist/behaviors/image-optimize.cjs

@@ -1,9 +1,9 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true});
 
 
-var _chunkTQLJIT4Hcjs = require('../chunk-TQLJIT4H.cjs');
+var _chunkKXC6ES3Bcjs = require('../chunk-KXC6ES3B.cjs');
 require('../chunk-75ZPJI57.cjs');
 
 
 
-exports.imageOptimize = _chunkTQLJIT4Hcjs.imageOptimize; exports.resolveImageParams = _chunkTQLJIT4Hcjs.resolveImageParams;
+exports.imageOptimize = _chunkKXC6ES3Bcjs.imageOptimize; exports.resolveImageParams = _chunkKXC6ES3Bcjs.resolveImageParams;

package/dist/behaviors/image-optimize.d.cts

@@ -1,4 +1,4 @@
-import { BehaviorFn, HttpRequest } from '../core/types.cjs';
+import { HttpRequest, BehaviorFn } from '../core/types.cjs';
 
 /**
  * Origin configuration for image-optimize-proxy.
@@ -15,6 +15,15 @@ type ImageOriginConfig = {
     type: 's3';
     sourceBucket: string;
 };
+/**
+ * Origin resolver — either a static config or a function that resolves
+ * the origin per-request. When a function is provided, it receives the
+ * normalized request and may return `undefined` to skip origin header injection.
+ *
+ * Use the function form for conditional routing (e.g., some paths → S3,
+ * others → gateway) within a single imageOptimize() call.
+ */
+type ImageOriginResolver = ImageOriginConfig | ((request: HttpRequest) => ImageOriginConfig | undefined);
 /**
  * Options for imageOptimize querystring normalization behavior.
  *
@@ -36,11 +45,14 @@ interface ImageOptimizeOptions {
     imformatParam?: string;
     /**
      * Origin configuration for image-optimize-proxy.
-     * When provided, injects the corresponding X-Img-* request headers so the
-     * proxy knows how to resolve the source image. This removes the need to
-     * configure CloudFront origin custom headers separately in Terraform.
-     */
-    origin?: ImageOriginConfig;
+      * When provided, injects the corresponding X-Img-* request headers so the
+      * proxy knows how to resolve the source image. This removes the need to
+      * configure CloudFront origin custom headers separately in Terraform.
+      *
+      * Accepts either a static config object or a resolver function that receives
+      * the request and returns the appropriate origin (or undefined to skip).
+      */
+    origin?: ImageOriginResolver;
     /**
      * CloudFront origin verification secret.
      * When provided, injects the value as the X-Origin-Verify request header.
@@ -100,4 +112,4 @@ declare function resolveImageParams(request: Pick<HttpRequest, 'querystring' | '
  */
 declare function imageOptimize(options: ImageOptimizeOptions): BehaviorFn;
 
-export { type ImageOptimizeOptions, type ImageOriginConfig, type ResolvedImageParams, imageOptimize, resolveImageParams };
+export { type ImageOptimizeOptions, type ImageOriginConfig, type ImageOriginResolver, type ResolvedImageParams, imageOptimize, resolveImageParams };

package/dist/behaviors/image-optimize.d.ts

@@ -1,4 +1,4 @@
-import { BehaviorFn, HttpRequest } from '../core/types.js';
+import { HttpRequest, BehaviorFn } from '../core/types.js';
 
 /**
  * Origin configuration for image-optimize-proxy.
@@ -15,6 +15,15 @@ type ImageOriginConfig = {
     type: 's3';
     sourceBucket: string;
 };
+/**
+ * Origin resolver — either a static config or a function that resolves
+ * the origin per-request. When a function is provided, it receives the
+ * normalized request and may return `undefined` to skip origin header injection.
+ *
+ * Use the function form for conditional routing (e.g., some paths → S3,
+ * others → gateway) within a single imageOptimize() call.
+ */
+type ImageOriginResolver = ImageOriginConfig | ((request: HttpRequest) => ImageOriginConfig | undefined);
 /**
  * Options for imageOptimize querystring normalization behavior.
  *
@@ -36,11 +45,14 @@ interface ImageOptimizeOptions {
     imformatParam?: string;
     /**
      * Origin configuration for image-optimize-proxy.
-     * When provided, injects the corresponding X-Img-* request headers so the
-     * proxy knows how to resolve the source image. This removes the need to
-     * configure CloudFront origin custom headers separately in Terraform.
-     */
-    origin?: ImageOriginConfig;
+      * When provided, injects the corresponding X-Img-* request headers so the
+      * proxy knows how to resolve the source image. This removes the need to
+      * configure CloudFront origin custom headers separately in Terraform.
+      *
+      * Accepts either a static config object or a resolver function that receives
+      * the request and returns the appropriate origin (or undefined to skip).
+      */
+    origin?: ImageOriginResolver;
     /**
      * CloudFront origin verification secret.
      * When provided, injects the value as the X-Origin-Verify request header.
@@ -100,4 +112,4 @@ declare function resolveImageParams(request: Pick<HttpRequest, 'querystring' | '
  */
 declare function imageOptimize(options: ImageOptimizeOptions): BehaviorFn;
 
-export { type ImageOptimizeOptions, type ImageOriginConfig, type ResolvedImageParams, imageOptimize, resolveImageParams };
+export { type ImageOptimizeOptions, type ImageOriginConfig, type ImageOriginResolver, type ResolvedImageParams, imageOptimize, resolveImageParams };

package/dist/behaviors/image-optimize.js

@@ -1,7 +1,7 @@
 import {
   imageOptimize,
   resolveImageParams
-} from "../chunk-5PT5X62W.js";
+} from "../chunk-LQRLWDQQ.js";
 import "../chunk-MLKGABMK.js";
 export {
   imageOptimize,

package/dist/behaviors/index.cjs

@@ -1,11 +1,20 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }
 
+var _chunkPPUHEL4Hcjs = require('../chunk-PPUHEL4H.cjs');
+
+
+var _chunkB4WEJSEZcjs = require('../chunk-B4WEJSEZ.cjs');
+
+
 var _chunkUI6LKDJIcjs = require('../chunk-UI6LKDJI.cjs');
 
 
 var _chunkMSES76XKcjs = require('../chunk-MSES76XK.cjs');
 
 
+var _chunkKXC6ES3Bcjs = require('../chunk-KXC6ES3B.cjs');
+
+
 var _chunkWWSRNCUPcjs = require('../chunk-WWSRNCUP.cjs');
 
 
@@ -24,12 +33,6 @@ var _chunkGK5JX7OMcjs = require('../chunk-GK5JX7OM.cjs');
 var _chunkZXS23HXAcjs = require('../chunk-ZXS23HXA.cjs');
 
 
-var _chunkPPUHEL4Hcjs = require('../chunk-PPUHEL4H.cjs');
-
-
-var _chunkB4WEJSEZcjs = require('../chunk-B4WEJSEZ.cjs');
-
-
 var _chunkOSGZTNTScjs = require('../chunk-OSGZTNTS.cjs');
 
 
@@ -37,9 +40,6 @@ var _chunkJU5WX5RUcjs = require('../chunk-JU5WX5RU.cjs');
 
 
 var _chunkLTLBEBKLcjs = require('../chunk-LTLBEBKL.cjs');
-
-
-var _chunkTQLJIT4Hcjs = require('../chunk-TQLJIT4H.cjs');
 require('../chunk-75ZPJI57.cjs');
 
 // src/behaviors/verify-token.ts
@@ -123,4 +123,4 @@ function verifyToken(options) {
 
 
 
-exports.constructResponse = _chunkOSGZTNTScjs.constructResponse; exports.copyHeader = _chunkJU5WX5RUcjs.copyHeader; exports.directoryIndex = _chunkLTLBEBKLcjs.directoryIndex; exports.imageOptimize = _chunkTQLJIT4Hcjs.imageOptimize; exports.redirect = _chunkWWSRNCUPcjs.redirect; exports.removeResponseHeaders = _chunkSGEBNQR2cjs.removeResponseHeaders; exports.rewriteUri = _chunkMRPTC74Icjs.rewriteUri; exports.setCacheControl = _chunkCV234DQTcjs.setCacheControl; exports.setCorsHeaders = _chunkGK5JX7OMcjs.setCorsHeaders; exports.setCsp = _chunkZXS23HXAcjs.setCsp; exports.setRequestHeader = _chunkPPUHEL4Hcjs.setRequestHeader; exports.setResponseHeader = _chunkB4WEJSEZcjs.setResponseHeader; exports.setSecurityHeaders = _chunkUI6LKDJIcjs.setSecurityHeaders; exports.stripQueryParams = _chunkMSES76XKcjs.stripQueryParams; exports.verifyToken = verifyToken;
+exports.constructResponse = _chunkOSGZTNTScjs.constructResponse; exports.copyHeader = _chunkJU5WX5RUcjs.copyHeader; exports.directoryIndex = _chunkLTLBEBKLcjs.directoryIndex; exports.imageOptimize = _chunkKXC6ES3Bcjs.imageOptimize; exports.redirect = _chunkWWSRNCUPcjs.redirect; exports.removeResponseHeaders = _chunkSGEBNQR2cjs.removeResponseHeaders; exports.rewriteUri = _chunkMRPTC74Icjs.rewriteUri; exports.setCacheControl = _chunkCV234DQTcjs.setCacheControl; exports.setCorsHeaders = _chunkGK5JX7OMcjs.setCorsHeaders; exports.setCsp = _chunkZXS23HXAcjs.setCsp; exports.setRequestHeader = _chunkPPUHEL4Hcjs.setRequestHeader; exports.setResponseHeader = _chunkB4WEJSEZcjs.setResponseHeader; exports.setSecurityHeaders = _chunkUI6LKDJIcjs.setSecurityHeaders; exports.stripQueryParams = _chunkMSES76XKcjs.stripQueryParams; exports.verifyToken = verifyToken;

package/dist/behaviors/index.d.cts

@@ -11,7 +11,7 @@ export { stripQueryParams } from './strip-query-params.cjs';
 export { CspOptions, setCsp } from './set-csp.cjs';
 export { setCacheControl } from './set-cache-control.cjs';
 export { SecurityHeadersOptions, setSecurityHeaders } from './set-security-headers.cjs';
-export { ImageOptimizeOptions, imageOptimize } from './image-optimize.cjs';
+export { ImageOptimizeOptions, ImageOriginConfig, ImageOriginResolver, imageOptimize } from './image-optimize.cjs';
 import { BehaviorFn } from '../core/types.cjs';
 export { ResponseBehaviorFn, ResponseRule } from '../core/types.cjs';
 

package/dist/behaviors/index.d.ts

@@ -11,7 +11,7 @@ export { stripQueryParams } from './strip-query-params.js';
 export { CspOptions, setCsp } from './set-csp.js';
 export { setCacheControl } from './set-cache-control.js';
 export { SecurityHeadersOptions, setSecurityHeaders } from './set-security-headers.js';
-export { ImageOptimizeOptions, imageOptimize } from './image-optimize.js';
+export { ImageOptimizeOptions, ImageOriginConfig, ImageOriginResolver, imageOptimize } from './image-optimize.js';
 import { BehaviorFn } from '../core/types.js';
 export { ResponseBehaviorFn, ResponseRule } from '../core/types.js';
 

package/dist/behaviors/index.js

@@ -1,9 +1,18 @@
+import {
+  setRequestHeader
+} from "../chunk-M5KUQBDW.js";
+import {
+  setResponseHeader
+} from "../chunk-RBBKFG5J.js";
 import {
   setSecurityHeaders
 } from "../chunk-VQCRSBWL.js";
 import {
   stripQueryParams
 } from "../chunk-XPQG5IML.js";
+import {
+  imageOptimize
+} from "../chunk-LQRLWDQQ.js";
 import {
   redirect
 } from "../chunk-DSSFFJWL.js";
@@ -22,12 +31,6 @@ import {
 import {
   setCsp
 } from "../chunk-XUI4Y22M.js";
-import {
-  setRequestHeader
-} from "../chunk-M5KUQBDW.js";
-import {
-  setResponseHeader
-} from "../chunk-RBBKFG5J.js";
 import {
   constructResponse
 } from "../chunk-6DBZBV2M.js";
@@ -37,9 +40,6 @@ import {
 import {
   directoryIndex
 } from "../chunk-R7WXS7BI.js";
-import {
-  imageOptimize
-} from "../chunk-5PT5X62W.js";
 import "../chunk-MLKGABMK.js";
 
 // src/behaviors/verify-token.ts

package/dist/{chunk-TQLJIT4H.cjs → chunk-KXC6ES3B.cjs}

@@ -77,12 +77,13 @@ function imageOptimize(options) {
       delete qs["imformat"];
     }
     var headers = Object.assign({}, request.headers);
-    if (options.origin !== void 0) {
-      headers["x-img-source-type"] = { value: options.origin.type };
-      if (options.origin.type === "gateway") {
-        headers["x-img-upstream-gateway"] = { value: options.origin.upstreamGateway };
+    var resolvedOrigin = typeof options.origin === "function" ? options.origin(request) : options.origin;
+    if (resolvedOrigin !== void 0) {
+      headers["x-img-source-type"] = { value: resolvedOrigin.type };
+      if (resolvedOrigin.type === "gateway") {
+        headers["x-img-upstream-gateway"] = { value: resolvedOrigin.upstreamGateway };
       } else {
-        headers["x-img-source-bucket"] = { value: options.origin.sourceBucket };
+        headers["x-img-source-bucket"] = { value: resolvedOrigin.sourceBucket };
       }
     }
     if (options.originSecret !== void 0) {

package/dist/{chunk-5PT5X62W.js → chunk-LQRLWDQQ.js}

@@ -77,12 +77,13 @@ function imageOptimize(options) {
       delete qs["imformat"];
     }
     var headers = Object.assign({}, request.headers);
-    if (options.origin !== void 0) {
-      headers["x-img-source-type"] = { value: options.origin.type };
-      if (options.origin.type === "gateway") {
-        headers["x-img-upstream-gateway"] = { value: options.origin.upstreamGateway };
+    var resolvedOrigin = typeof options.origin === "function" ? options.origin(request) : options.origin;
+    if (resolvedOrigin !== void 0) {
+      headers["x-img-source-type"] = { value: resolvedOrigin.type };
+      if (resolvedOrigin.type === "gateway") {
+        headers["x-img-upstream-gateway"] = { value: resolvedOrigin.upstreamGateway };
       } else {
-        headers["x-img-source-bucket"] = { value: options.origin.sourceBucket };
+        headers["x-img-source-bucket"] = { value: resolvedOrigin.sourceBucket };
       }
     }
     if (options.originSecret !== void 0) {

package/dist/{chunk-UKB5JAX4.js → chunk-RL7ZETZR.js}

@@ -1,3 +1,6 @@
+import {
+  userAgentMatches
+} from "./chunk-S2AAATFN.js";
 import {
   ipCidr
 } from "./chunk-KW5YBTSD.js";
@@ -5,19 +8,16 @@ import {
   pathMatches
 } from "./chunk-LO2BO3RU.js";
 import {
-  userAgentMatches
-} from "./chunk-S2AAATFN.js";
+  redirect
+} from "./chunk-DSSFFJWL.js";
 import {
   all,
   not,
   rule
 } from "./chunk-Q4NP4C3B.js";
-import {
-  redirect
-} from "./chunk-DSSFFJWL.js";
 
-// src/helpers/staging-whitelist.ts
-function stagingWhitelist(options) {
+// src/helpers/whitelist.ts
+function whitelist(options) {
   const userAgents = options.userAgents ?? [];
   const bypassPaths = options.bypassPaths ?? [];
   const criteria = [not(ipCidr(options.cidrs)), not(userAgentMatches(userAgents))];
@@ -28,5 +28,5 @@ function stagingWhitelist(options) {
 }
 
 export {
-  stagingWhitelist
+  whitelist
 };

package/dist/{chunk-WW7YVRAI.cjs → chunk-T5EXFHVA.cjs}

@@ -1,23 +1,23 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } }
 
+var _chunkMVGYPBYBcjs = require('./chunk-MVGYPBYB.cjs');
+
+
 var _chunkD47P7HVZcjs = require('./chunk-D47P7HVZ.cjs');
 
 
 var _chunkCF5PWWTFcjs = require('./chunk-CF5PWWTF.cjs');
 
 
-var _chunkMVGYPBYBcjs = require('./chunk-MVGYPBYB.cjs');
+var _chunkWWSRNCUPcjs = require('./chunk-WWSRNCUP.cjs');
 
 
 
 
 var _chunkWKYMSRCDcjs = require('./chunk-WKYMSRCD.cjs');
 
-
-var _chunkWWSRNCUPcjs = require('./chunk-WWSRNCUP.cjs');
-
-// src/helpers/staging-whitelist.ts
-function stagingWhitelist(options) {
+// src/helpers/whitelist.ts
+function whitelist(options) {
   const userAgents = _nullishCoalesce(options.userAgents, () => ( []));
   const bypassPaths = _nullishCoalesce(options.bypassPaths, () => ( []));
   const criteria = [_chunkWKYMSRCDcjs.not.call(void 0, _chunkD47P7HVZcjs.ipCidr.call(void 0, options.cidrs)), _chunkWKYMSRCDcjs.not.call(void 0, _chunkMVGYPBYBcjs.userAgentMatches.call(void 0, userAgents))];
@@ -29,4 +29,4 @@ function stagingWhitelist(options) {
 
 
 
-exports.stagingWhitelist = stagingWhitelist;
+exports.whitelist = whitelist;

package/dist/criteria/index.cjs

@@ -1,5 +1,17 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true});
 
+var _chunkG7JGTBTTcjs = require('../chunk-G7JGTBTT.cjs');
+
+
+var _chunkMVGYPBYBcjs = require('../chunk-MVGYPBYB.cjs');
+
+
+var _chunk32SMWYAFcjs = require('../chunk-32SMWYAF.cjs');
+
+
+var _chunkL7NBJ4JAcjs = require('../chunk-L7NBJ4JA.cjs');
+
+
 var _chunkJGJW7D2Ncjs = require('../chunk-JGJW7D2N.cjs');
 
 
@@ -14,12 +26,6 @@ var _chunkVEEOQ7TScjs = require('../chunk-VEEOQ7TS.cjs');
 
 
 var _chunkCF5PWWTFcjs = require('../chunk-CF5PWWTF.cjs');
-
-
-var _chunkG7JGTBTTcjs = require('../chunk-G7JGTBTT.cjs');
-
-
-var _chunkMVGYPBYBcjs = require('../chunk-MVGYPBYB.cjs');
 require('../chunk-IBXAK2A4.cjs');
 
 
@@ -27,12 +33,6 @@ var _chunkOSZWDCTScjs = require('../chunk-OSZWDCTS.cjs');
 
 
 var _chunkU54FZCOHcjs = require('../chunk-U54FZCOH.cjs');
-
-
-var _chunk32SMWYAFcjs = require('../chunk-32SMWYAF.cjs');
-
-
-var _chunkL7NBJ4JAcjs = require('../chunk-L7NBJ4JA.cjs');
 require('../chunk-75ZPJI57.cjs');
 
 

package/dist/criteria/index.js

@@ -1,3 +1,15 @@
+import {
+  pathPrefix
+} from "../chunk-XLSZ5RB7.js";
+import {
+  userAgentMatches
+} from "../chunk-S2AAATFN.js";
+import {
+  headerContains
+} from "../chunk-SRQF5UEJ.js";
+import {
+  headerEquals
+} from "../chunk-BZQJYOU2.js";
 import {
   hostnameIs
 } from "../chunk-3PVDUC5M.js";
@@ -14,12 +26,6 @@ import {
 import {
   pathMatches
 } from "../chunk-LO2BO3RU.js";
-import {
-  pathPrefix
-} from "../chunk-XLSZ5RB7.js";
-import {
-  userAgentMatches
-} from "../chunk-S2AAATFN.js";
 import "../chunk-2DE6WPPL.js";
 import {
   countryIs
@@ -27,12 +33,6 @@ import {
 import {
   fileExtension
 } from "../chunk-LBJUCJF2.js";
-import {
-  headerContains
-} from "../chunk-SRQF5UEJ.js";
-import {
-  headerEquals
-} from "../chunk-BZQJYOU2.js";
 import "../chunk-MLKGABMK.js";
 export {
   countryIs,

package/dist/helpers/index.cjs

@@ -6,21 +6,21 @@ var _chunk63WIEBQBcjs = require('../chunk-63WIEBQB.cjs');
 var _chunkLSCC62CZcjs = require('../chunk-LSCC62CZ.cjs');
 
 
-var _chunkWW7YVRAIcjs = require('../chunk-WW7YVRAI.cjs');
+var _chunkT5EXFHVAcjs = require('../chunk-T5EXFHVA.cjs');
+require('../chunk-MVGYPBYB.cjs');
+
+
+var _chunkL7NBJ4JAcjs = require('../chunk-L7NBJ4JA.cjs');
 require('../chunk-D47P7HVZ.cjs');
 require('../chunk-YVUR35RN.cjs');
 require('../chunk-OTFDML3K.cjs');
 require('../chunk-CF5PWWTF.cjs');
-require('../chunk-MVGYPBYB.cjs');
 require('../chunk-IBXAK2A4.cjs');
 
 
-var _chunkL7NBJ4JAcjs = require('../chunk-L7NBJ4JA.cjs');
-require('../chunk-WKYMSRCD.cjs');
-require('../chunk-WWSRNCUP.cjs');
-
-
 var _chunkB4WEJSEZcjs = require('../chunk-B4WEJSEZ.cjs');
+require('../chunk-WWSRNCUP.cjs');
+require('../chunk-WKYMSRCD.cjs');
 require('../chunk-JU5WX5RU.cjs');
 require('../chunk-75ZPJI57.cjs');
 
@@ -39,4 +39,4 @@ function stagingIndicator() {
 
 
 
-exports.preflightRequest = _chunk63WIEBQBcjs.preflightRequest; exports.sendCountryCode = _chunkLSCC62CZcjs.sendCountryCode; exports.stagingIndicator = stagingIndicator; exports.stagingWhitelist = _chunkWW7YVRAIcjs.stagingWhitelist;
+exports.preflightRequest = _chunk63WIEBQBcjs.preflightRequest; exports.sendCountryCode = _chunkLSCC62CZcjs.sendCountryCode; exports.stagingIndicator = stagingIndicator; exports.whitelist = _chunkT5EXFHVAcjs.whitelist;

package/dist/helpers/index.d.cts

@@ -1,5 +1,5 @@
 export { sendCountryCode } from './send-country-code.cjs';
-export { StagingWhitelistOptions, stagingWhitelist } from './staging-whitelist.cjs';
+export { WhitelistOptions, whitelist } from './whitelist.cjs';
 import { ResponseRule } from '../core/types.cjs';
 export { preflightRequest } from './preflight-request.cjs';
 import '../behaviors/set-cors-headers.cjs';

package/dist/helpers/index.d.ts

@@ -1,5 +1,5 @@
 export { sendCountryCode } from './send-country-code.js';
-export { StagingWhitelistOptions, stagingWhitelist } from './staging-whitelist.js';
+export { WhitelistOptions, whitelist } from './whitelist.js';
 import { ResponseRule } from '../core/types.js';
 export { preflightRequest } from './preflight-request.js';
 import '../behaviors/set-cors-headers.js';

package/dist/helpers/index.js

@@ -5,22 +5,22 @@ import {
   sendCountryCode
 } from "../chunk-C32DL3EP.js";
 import {
-  stagingWhitelist
-} from "../chunk-UKB5JAX4.js";
+  whitelist
+} from "../chunk-RL7ZETZR.js";
+import "../chunk-S2AAATFN.js";
+import {
+  headerEquals
+} from "../chunk-BZQJYOU2.js";
 import "../chunk-KW5YBTSD.js";
 import "../chunk-LNQPYKGG.js";
 import "../chunk-PY3JMRDG.js";
 import "../chunk-LO2BO3RU.js";
-import "../chunk-S2AAATFN.js";
 import "../chunk-2DE6WPPL.js";
-import {
-  headerEquals
-} from "../chunk-BZQJYOU2.js";
-import "../chunk-Q4NP4C3B.js";
-import "../chunk-DSSFFJWL.js";
 import {
   setResponseHeader
 } from "../chunk-RBBKFG5J.js";
+import "../chunk-DSSFFJWL.js";
+import "../chunk-Q4NP4C3B.js";
 import "../chunk-BDNPQ7AU.js";
 import "../chunk-MLKGABMK.js";
 
@@ -38,5 +38,5 @@ export {
   preflightRequest,
   sendCountryCode,
   stagingIndicator,
-  stagingWhitelist
+  whitelist
 };

package/dist/helpers/{staging-whitelist.cjs → whitelist.cjs}

@@ -1,14 +1,14 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true});
 
-var _chunkWW7YVRAIcjs = require('../chunk-WW7YVRAI.cjs');
+var _chunkT5EXFHVAcjs = require('../chunk-T5EXFHVA.cjs');
+require('../chunk-MVGYPBYB.cjs');
 require('../chunk-D47P7HVZ.cjs');
 require('../chunk-YVUR35RN.cjs');
 require('../chunk-CF5PWWTF.cjs');
-require('../chunk-MVGYPBYB.cjs');
 require('../chunk-IBXAK2A4.cjs');
-require('../chunk-WKYMSRCD.cjs');
 require('../chunk-WWSRNCUP.cjs');
+require('../chunk-WKYMSRCD.cjs');
 require('../chunk-75ZPJI57.cjs');
 
 
-exports.stagingWhitelist = _chunkWW7YVRAIcjs.stagingWhitelist;
+exports.whitelist = _chunkT5EXFHVAcjs.whitelist;

package/dist/helpers/{staging-whitelist.d.cts → whitelist.d.cts}

@@ -1,9 +1,9 @@
 import { Rule } from '../core/types.cjs';
 
 /**
- * Configuration options for the staging environment access whitelist.
+ * Configuration options for the IP/User-Agent access whitelist.
  */
-interface StagingWhitelistOptions {
+interface WhitelistOptions {
     /**
      * CIDR ranges to allow (e.g. office IPs, VPN, stage VPCs).
      * At least one of `cidrs` or `userAgents` must be non-empty, otherwise
@@ -34,10 +34,10 @@ interface StagingWhitelistOptions {
     bypassPaths?: string[];
 }
 /**
- * Creates a `Rule` that restricts access to a staging environment by
- * IP CIDR range and/or User-Agent pattern. Any request that does not
- * match an allowed CIDR or User-Agent (and is not on a bypassed path)
- * is redirected with HTTP 302 to `options.redirectUrl`.
+ * Creates a `Rule` that restricts access by IP CIDR range and/or User-Agent
+ * pattern. Any request that does not match an allowed CIDR or User-Agent
+ * (and is not on a bypassed path) is redirected with HTTP 302 to
+ * `options.redirectUrl`.
  *
  * No default allowlists are included — callers must supply all allowed
  * CIDRs and User-Agent patterns explicitly.
@@ -47,11 +47,11 @@ interface StagingWhitelistOptions {
  *
  * @example
  * ```ts
- * import { stagingWhitelist } from '@rayselfs/cf-rule-engine/helpers'
+ * import { whitelist } from '@rayselfs/cf-rule-engine/helpers'
  * import { defineViewerRequest } from '@rayselfs/cf-rule-engine/adapters/cf-function'
  *
  * export default defineViewerRequest([
- *   stagingWhitelist({
+ *   whitelist({
  *     cidrs: ['203.0.113.0/24', '10.0.0.0/8'],
  *     userAgents: ['*InternalBot*'],
  *     redirectUrl: 'https://www.example.com',
@@ -60,7 +60,7 @@ interface StagingWhitelistOptions {
  *
  * // With bypass paths:
  * export default defineViewerRequest([
- *   stagingWhitelist({
+ *   whitelist({
  *     cidrs: ['203.0.113.0/24'],
  *     redirectUrl: 'https://www.example.com',
  *     bypassPaths: ['/api/health', '/robots.txt'],
@@ -68,6 +68,6 @@ interface StagingWhitelistOptions {
  * ])
  * ```
  */
-declare function stagingWhitelist(options: StagingWhitelistOptions): Rule;
+declare function whitelist(options: WhitelistOptions): Rule;
 
-export { type StagingWhitelistOptions, stagingWhitelist };
+export { type WhitelistOptions, whitelist };

package/dist/helpers/{staging-whitelist.d.ts → whitelist.d.ts}

@@ -1,9 +1,9 @@
 import { Rule } from '../core/types.js';
 
 /**
- * Configuration options for the staging environment access whitelist.
+ * Configuration options for the IP/User-Agent access whitelist.
  */
-interface StagingWhitelistOptions {
+interface WhitelistOptions {
     /**
      * CIDR ranges to allow (e.g. office IPs, VPN, stage VPCs).
      * At least one of `cidrs` or `userAgents` must be non-empty, otherwise
@@ -34,10 +34,10 @@ interface StagingWhitelistOptions {
     bypassPaths?: string[];
 }
 /**
- * Creates a `Rule` that restricts access to a staging environment by
- * IP CIDR range and/or User-Agent pattern. Any request that does not
- * match an allowed CIDR or User-Agent (and is not on a bypassed path)
- * is redirected with HTTP 302 to `options.redirectUrl`.
+ * Creates a `Rule` that restricts access by IP CIDR range and/or User-Agent
+ * pattern. Any request that does not match an allowed CIDR or User-Agent
+ * (and is not on a bypassed path) is redirected with HTTP 302 to
+ * `options.redirectUrl`.
  *
  * No default allowlists are included — callers must supply all allowed
  * CIDRs and User-Agent patterns explicitly.
@@ -47,11 +47,11 @@ interface StagingWhitelistOptions {
  *
  * @example
  * ```ts
- * import { stagingWhitelist } from '@rayselfs/cf-rule-engine/helpers'
+ * import { whitelist } from '@rayselfs/cf-rule-engine/helpers'
  * import { defineViewerRequest } from '@rayselfs/cf-rule-engine/adapters/cf-function'
  *
  * export default defineViewerRequest([
- *   stagingWhitelist({
+ *   whitelist({
  *     cidrs: ['203.0.113.0/24', '10.0.0.0/8'],
  *     userAgents: ['*InternalBot*'],
  *     redirectUrl: 'https://www.example.com',
@@ -60,7 +60,7 @@ interface StagingWhitelistOptions {
  *
  * // With bypass paths:
  * export default defineViewerRequest([
- *   stagingWhitelist({
+ *   whitelist({
  *     cidrs: ['203.0.113.0/24'],
  *     redirectUrl: 'https://www.example.com',
  *     bypassPaths: ['/api/health', '/robots.txt'],
@@ -68,6 +68,6 @@ interface StagingWhitelistOptions {
  * ])
  * ```
  */
-declare function stagingWhitelist(options: StagingWhitelistOptions): Rule;
+declare function whitelist(options: WhitelistOptions): Rule;
 
-export { type StagingWhitelistOptions, stagingWhitelist };
+export { type WhitelistOptions, whitelist };

package/dist/helpers/{staging-whitelist.js → whitelist.js}

@@ -1,14 +1,14 @@
 import {
-  stagingWhitelist
-} from "../chunk-UKB5JAX4.js";
+  whitelist
+} from "../chunk-RL7ZETZR.js";
+import "../chunk-S2AAATFN.js";
 import "../chunk-KW5YBTSD.js";
 import "../chunk-LNQPYKGG.js";
 import "../chunk-LO2BO3RU.js";
-import "../chunk-S2AAATFN.js";
 import "../chunk-2DE6WPPL.js";
-import "../chunk-Q4NP4C3B.js";
 import "../chunk-DSSFFJWL.js";
+import "../chunk-Q4NP4C3B.js";
 import "../chunk-MLKGABMK.js";
 export {
-  stagingWhitelist
+  whitelist
 };

package/dist/index.cjs

@@ -1,10 +1,10 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true});require('./chunk-MEHWLQLR.cjs');
 
 
-var _chunkSAXDN5NScjs = require('./chunk-SAXDN5NS.cjs');
+var _chunk3BBLG4IXcjs = require('./chunk-3BBLG4IX.cjs');
 
 
-var _chunk3BBLG4IXcjs = require('./chunk-3BBLG4IX.cjs');
+var _chunkSAXDN5NScjs = require('./chunk-SAXDN5NS.cjs');
 
 
 

package/dist/index.d.cts

@@ -1,4 +1,4 @@
 export { BehaviorFn, BehaviorResult, CriteriaFn, HttpRequest, HttpResponse, ResponseBehaviorFn, ResponseRule, Rule, ViewerRequestHandler, ViewerResponseHandler } from './core/types.cjs';
 export { all, any, chain, not, rule, runRules } from './core/rule.cjs';
-export { c as cfFunction } from './cf-function-DIQHy8L7.cjs';
+export { c as cfFunction } from './viewer-response-DIQHy8L7.cjs';
 export { l as lambdaEdge } from './lambda-edge-9xiONGmR.cjs';

package/dist/index.d.ts

@@ -1,4 +1,4 @@
 export { BehaviorFn, BehaviorResult, CriteriaFn, HttpRequest, HttpResponse, ResponseBehaviorFn, ResponseRule, Rule, ViewerRequestHandler, ViewerResponseHandler } from './core/types.js';
 export { all, any, chain, not, rule, runRules } from './core/rule.js';
-export { c as cfFunction } from './cf-function-C9eF2O9s.js';
+export { c as cfFunction } from './viewer-response-C9eF2O9s.js';
 export { l as lambdaEdge } from './lambda-edge-BK3-bFx8.js';

package/dist/index.js

@@ -1,10 +1,10 @@
 import "./chunk-KZ72PI2A.js";
-import {
-  cf_function_exports
-} from "./chunk-NPMGSPNL.js";
 import {
   lambda_edge_exports
 } from "./chunk-WEBU4R5C.js";
+import {
+  cf_function_exports
+} from "./chunk-NPMGSPNL.js";
 import {
   all,
   any,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rayselfs/cf-rule-engine",
-  "version": "1.5.1",
+  "version": "1.6.1",
   "description": "Composable, tree-shakeable CloudFront Function rules",
   "license": "MIT",
   "sideEffects": false,