@rayselfs/cf-rule-engine 1.6.0 → 1.6.2

package/README.md

@@ -18,7 +18,7 @@ npm install @rayselfs/cf-rule-engine
 import { rule, not } from '@rayselfs/cf-rule-engine'
 import { ipCidr, methodIs } from '@rayselfs/cf-rule-engine/criteria/index'
 import { redirect, constructResponse } from '@rayselfs/cf-rule-engine/behaviors/index'
-import { defineViewerRequest } from '@rayselfs/cf-rule-engine/adapters/cf-function'
+import { defineViewerRequest } from '@rayselfs/cf-rule-engine/adapters/viewer-request'
 
 export default defineViewerRequest([
   rule(not(ipCidr(['10.0.0.0/8', '172.16.0.0/12'])), redirect(302, '/blocked')),
@@ -30,7 +30,7 @@ export default defineViewerRequest([
 
 ```typescript
 import { setSecurityHeaders, setCorsHeaders } from '@rayselfs/cf-rule-engine/behaviors/index'
-import { defineViewerResponse } from '@rayselfs/cf-rule-engine/adapters/cf-function'
+import { defineViewerResponse } from '@rayselfs/cf-rule-engine/adapters/viewer-response'
 
 export default defineViewerResponse([
   setSecurityHeaders(),
@@ -70,7 +70,9 @@ Use `chain()` when one behavior must see the request mutations (URI rewrite, hea
 
 | Adapter | Import | Use for |
 |---|---|---|
-| CF Function | `@rayselfs/cf-rule-engine/adapters/cf-function` | `viewer-request`, `viewer-response` |
+| CF Function (viewer-request) | `@rayselfs/cf-rule-engine/adapters/viewer-request` | `viewer-request` only — tree-shake-friendly |
+| CF Function (viewer-response) | `@rayselfs/cf-rule-engine/adapters/viewer-response` | `viewer-response` only — tree-shake-friendly |
+| CF Function (combined) | `@rayselfs/cf-rule-engine/adapters/cf-function` | both — backward compat |
 | Lambda@Edge | `@rayselfs/cf-rule-engine/adapters/lambda-edge` | `viewer-request`, `viewer-response` |
 
 ## Akamai → CloudFront Mapping
@@ -141,23 +143,23 @@ defineViewerResponse([
 
 Primary distribution requests do not carry `aws-cf-cd-staging`, so the rule is a no-op there.
 
-### stagingWhitelist
+### whitelist
 
-Restricts access to a staging environment by IP CIDR range and/or User-Agent pattern. Requests that don't match any allowed CIDR or User-Agent (and aren't on a bypassed path) are redirected with HTTP 302.
+Restricts access by IP CIDR range and/or User-Agent pattern. Requests that don't match any allowed CIDR or User-Agent (and aren't on a bypassed path) are redirected with HTTP 302.
 
 No default allowlists are included — callers must supply all CIDRs and User-Agent patterns explicitly.
 
 ```typescript
-import { stagingWhitelist } from '@rayselfs/cf-rule-engine/helpers/index'
+import { whitelist } from '@rayselfs/cf-rule-engine/helpers/index'
 
-stagingWhitelist({
+whitelist({
   cidrs: ['203.0.113.0/24', '10.0.0.0/8'],
   userAgents: ['*InternalBot*', '*Prerender*'],
   redirectUrl: 'https://www.example.com',
 })
 
 // With bypass paths:
-stagingWhitelist({
+whitelist({
   cidrs: ['203.0.113.0/24'],
   redirectUrl: 'https://www.example.com',
   bypassPaths: ['/api/health', '/robots.txt'],

package/dist/adapters/cf-function.cjs

@@ -1,10 +1,14 @@
-"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});require('../chunk-5ZIB3AJ7.cjs');
 
 
-var _chunkSAXDN5NScjs = require('../chunk-SAXDN5NS.cjs');
+var _chunkSGN2N3WIcjs = require('../chunk-SGN2N3WI.cjs');
 require('../chunk-WKYMSRCD.cjs');
+
+
+var _chunkN6QAQALUcjs = require('../chunk-N6QAQALU.cjs');
+require('../chunk-6NFAPLQ7.cjs');
 require('../chunk-75ZPJI57.cjs');
 
 
 
-exports.defineViewerRequest = _chunkSAXDN5NScjs.defineViewerRequest; exports.defineViewerResponse = _chunkSAXDN5NScjs.defineViewerResponse;
+exports.defineViewerRequest = _chunkSGN2N3WIcjs.defineViewerRequest; exports.defineViewerResponse = _chunkN6QAQALUcjs.defineViewerResponse;

package/dist/adapters/cf-function.d.cts

@@ -1,2 +1,3 @@
+export { defineViewerRequest } from './viewer-request.cjs';
+export { defineViewerResponse } from './viewer-response.cjs';
 import '../core/types.cjs';
-export { d as defineViewerRequest, a as defineViewerResponse } from '../cf-function-DIQHy8L7.cjs';

package/dist/adapters/cf-function.d.ts

@@ -1,2 +1,3 @@
+export { defineViewerRequest } from './viewer-request.js';
+export { defineViewerResponse } from './viewer-response.js';
 import '../core/types.js';
-export { d as defineViewerRequest, a as defineViewerResponse } from '../cf-function-C9eF2O9s.js';

package/dist/adapters/cf-function.js

@@ -1,8 +1,12 @@
+import "../chunk-PR5UQJCC.js";
 import {
-  defineViewerRequest,
-  defineViewerResponse
-} from "../chunk-NPMGSPNL.js";
+  defineViewerRequest
+} from "../chunk-BJZPAQHW.js";
 import "../chunk-Q4NP4C3B.js";
+import {
+  defineViewerResponse
+} from "../chunk-TURH5IFN.js";
+import "../chunk-CQ7YZ3AR.js";
 import "../chunk-MLKGABMK.js";
 export {
   defineViewerRequest,

package/dist/adapters/viewer-request.cjs

@@ -0,0 +1,9 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+var _chunkSGN2N3WIcjs = require('../chunk-SGN2N3WI.cjs');
+require('../chunk-WKYMSRCD.cjs');
+require('../chunk-6NFAPLQ7.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+
+exports.defineViewerRequest = _chunkSGN2N3WIcjs.defineViewerRequest;

package/dist/adapters/viewer-request.d.cts

@@ -0,0 +1,31 @@
+import { Rule } from '../core/types.cjs';
+
+/**
+ * Creates a CloudFront Function viewer-request handler from an ordered list of rules.
+ *
+ * The returned function is the CloudFront Function entry point. Assign it as
+ * `export default` or `var handler` depending on your runtime configuration.
+ *
+ * Rules are evaluated in order. Processing stops at the first rule whose behavior
+ * returns a response (e.g. `redirect`, `constructResponse`). If all rules continue,
+ * the (possibly mutated) request is forwarded to the origin.
+ *
+ * @param rules - Ordered array of `Rule` objects created with `rule()`.
+ * @returns A CloudFront Function handler `(event) => request | response`.
+ *
+ * @example
+ * ```ts
+ * import { rule, not } from '@rayselfs/cf-rule-engine'
+ * import { ipCidr, pathPrefix } from '@rayselfs/cf-rule-engine/criteria'
+ * import { redirect, setRequestHeader } from '@rayselfs/cf-rule-engine/behaviors'
+ * import { defineViewerRequest } from '@rayselfs/cf-rule-engine/adapters/viewer-request'
+ *
+ * export default defineViewerRequest([
+ *   rule(not(ipCidr(['10.0.0.0/8'])), redirect(302, 'https://www.example.com')),
+ *   rule(pathPrefix(['/api/']), setRequestHeader('x-forwarded-host', 'api.internal')),
+ * ])
+ * ```
+ */
+declare function defineViewerRequest(rules: Rule[]): (event: unknown) => unknown;
+
+export { defineViewerRequest };

package/dist/adapters/viewer-request.d.ts

@@ -0,0 +1,31 @@
+import { Rule } from '../core/types.js';
+
+/**
+ * Creates a CloudFront Function viewer-request handler from an ordered list of rules.
+ *
+ * The returned function is the CloudFront Function entry point. Assign it as
+ * `export default` or `var handler` depending on your runtime configuration.
+ *
+ * Rules are evaluated in order. Processing stops at the first rule whose behavior
+ * returns a response (e.g. `redirect`, `constructResponse`). If all rules continue,
+ * the (possibly mutated) request is forwarded to the origin.
+ *
+ * @param rules - Ordered array of `Rule` objects created with `rule()`.
+ * @returns A CloudFront Function handler `(event) => request | response`.
+ *
+ * @example
+ * ```ts
+ * import { rule, not } from '@rayselfs/cf-rule-engine'
+ * import { ipCidr, pathPrefix } from '@rayselfs/cf-rule-engine/criteria'
+ * import { redirect, setRequestHeader } from '@rayselfs/cf-rule-engine/behaviors'
+ * import { defineViewerRequest } from '@rayselfs/cf-rule-engine/adapters/viewer-request'
+ *
+ * export default defineViewerRequest([
+ *   rule(not(ipCidr(['10.0.0.0/8'])), redirect(302, 'https://www.example.com')),
+ *   rule(pathPrefix(['/api/']), setRequestHeader('x-forwarded-host', 'api.internal')),
+ * ])
+ * ```
+ */
+declare function defineViewerRequest(rules: Rule[]): (event: unknown) => unknown;
+
+export { defineViewerRequest };

package/dist/adapters/viewer-request.js

@@ -0,0 +1,9 @@
+import {
+  defineViewerRequest
+} from "../chunk-BJZPAQHW.js";
+import "../chunk-Q4NP4C3B.js";
+import "../chunk-CQ7YZ3AR.js";
+import "../chunk-MLKGABMK.js";
+export {
+  defineViewerRequest
+};

package/dist/adapters/viewer-response.cjs

@@ -0,0 +1,8 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+var _chunkN6QAQALUcjs = require('../chunk-N6QAQALU.cjs');
+require('../chunk-6NFAPLQ7.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+
+exports.defineViewerResponse = _chunkN6QAQALUcjs.defineViewerResponse;

package/dist/adapters/viewer-response.d.cts

@@ -0,0 +1,37 @@
+import { ResponseBehaviorFn, ResponseRule } from '../core/types.cjs';
+
+/**
+ * Creates a CloudFront Function viewer-response handler from an ordered list of
+ * response behaviors or response rules.
+ *
+ * Each entry can be either:
+ * - A bare `ResponseBehaviorFn` — runs unconditionally on every response.
+ * - A `ResponseRule` `{ criteria, behavior }` — runs only when `criteria` returns `true`
+ *   for the current request.
+ *
+ * All behaviors are applied in order; none can short-circuit the response.
+ * The final merged response object is returned to CloudFront.
+ *
+ * Note: If no behavior explicitly sets a body, the `body` field is omitted from
+ * the returned response to avoid overwriting the origin's actual content.
+ *
+ * @param responseBehaviors - Ordered array of `ResponseBehaviorFn` functions or
+ *   `ResponseRule` objects `{ criteria?, behavior }`.
+ * @returns A CloudFront Function handler `(event) => response`.
+ *
+ * @example
+ * ```ts
+ * import { setSecurityHeaders, setCorsHeaders, setResponseHeader } from '@rayselfs/cf-rule-engine/behaviors'
+ * import { pathPrefix } from '@rayselfs/cf-rule-engine/criteria'
+ * import { defineViewerResponse } from '@rayselfs/cf-rule-engine/adapters/viewer-response'
+ *
+ * export default defineViewerResponse([
+ *   setSecurityHeaders(),
+ *   setCorsHeaders({ allowedOrigins: ['https://www.example.com'] }),
+ *   { criteria: pathPrefix(['/api/']), behavior: setResponseHeader('cache-control', 'no-store') },
+ * ])
+ * ```
+ */
+declare function defineViewerResponse(responseBehaviors: Array<ResponseBehaviorFn | ResponseRule>): (event: unknown) => unknown;
+
+export { defineViewerResponse };

package/dist/adapters/viewer-response.d.ts

@@ -0,0 +1,37 @@
+import { ResponseBehaviorFn, ResponseRule } from '../core/types.js';
+
+/**
+ * Creates a CloudFront Function viewer-response handler from an ordered list of
+ * response behaviors or response rules.
+ *
+ * Each entry can be either:
+ * - A bare `ResponseBehaviorFn` — runs unconditionally on every response.
+ * - A `ResponseRule` `{ criteria, behavior }` — runs only when `criteria` returns `true`
+ *   for the current request.
+ *
+ * All behaviors are applied in order; none can short-circuit the response.
+ * The final merged response object is returned to CloudFront.
+ *
+ * Note: If no behavior explicitly sets a body, the `body` field is omitted from
+ * the returned response to avoid overwriting the origin's actual content.
+ *
+ * @param responseBehaviors - Ordered array of `ResponseBehaviorFn` functions or
+ *   `ResponseRule` objects `{ criteria?, behavior }`.
+ * @returns A CloudFront Function handler `(event) => response`.
+ *
+ * @example
+ * ```ts
+ * import { setSecurityHeaders, setCorsHeaders, setResponseHeader } from '@rayselfs/cf-rule-engine/behaviors'
+ * import { pathPrefix } from '@rayselfs/cf-rule-engine/criteria'
+ * import { defineViewerResponse } from '@rayselfs/cf-rule-engine/adapters/viewer-response'
+ *
+ * export default defineViewerResponse([
+ *   setSecurityHeaders(),
+ *   setCorsHeaders({ allowedOrigins: ['https://www.example.com'] }),
+ *   { criteria: pathPrefix(['/api/']), behavior: setResponseHeader('cache-control', 'no-store') },
+ * ])
+ * ```
+ */
+declare function defineViewerResponse(responseBehaviors: Array<ResponseBehaviorFn | ResponseRule>): (event: unknown) => unknown;
+
+export { defineViewerResponse };

package/dist/adapters/viewer-response.js

@@ -0,0 +1,8 @@
+import {
+  defineViewerResponse
+} from "../chunk-TURH5IFN.js";
+import "../chunk-CQ7YZ3AR.js";
+import "../chunk-MLKGABMK.js";
+export {
+  defineViewerResponse
+};

package/dist/behaviors/index.cjs

@@ -1,11 +1,20 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }
 
+var _chunkPPUHEL4Hcjs = require('../chunk-PPUHEL4H.cjs');
+
+
+var _chunkB4WEJSEZcjs = require('../chunk-B4WEJSEZ.cjs');
+
+
 var _chunkUI6LKDJIcjs = require('../chunk-UI6LKDJI.cjs');
 
 
 var _chunkMSES76XKcjs = require('../chunk-MSES76XK.cjs');
 
 
+var _chunkKXC6ES3Bcjs = require('../chunk-KXC6ES3B.cjs');
+
+
 var _chunkWWSRNCUPcjs = require('../chunk-WWSRNCUP.cjs');
 
 
@@ -24,12 +33,6 @@ var _chunkGK5JX7OMcjs = require('../chunk-GK5JX7OM.cjs');
 var _chunkZXS23HXAcjs = require('../chunk-ZXS23HXA.cjs');
 
 
-var _chunkPPUHEL4Hcjs = require('../chunk-PPUHEL4H.cjs');
-
-
-var _chunkB4WEJSEZcjs = require('../chunk-B4WEJSEZ.cjs');
-
-
 var _chunkOSGZTNTScjs = require('../chunk-OSGZTNTS.cjs');
 
 
@@ -37,9 +40,6 @@ var _chunkJU5WX5RUcjs = require('../chunk-JU5WX5RU.cjs');
 
 
 var _chunkLTLBEBKLcjs = require('../chunk-LTLBEBKL.cjs');
-
-
-var _chunkKXC6ES3Bcjs = require('../chunk-KXC6ES3B.cjs');
 require('../chunk-75ZPJI57.cjs');
 
 // src/behaviors/verify-token.ts

package/dist/behaviors/index.js

@@ -1,9 +1,18 @@
+import {
+  setRequestHeader
+} from "../chunk-M5KUQBDW.js";
+import {
+  setResponseHeader
+} from "../chunk-RBBKFG5J.js";
 import {
   setSecurityHeaders
 } from "../chunk-VQCRSBWL.js";
 import {
   stripQueryParams
 } from "../chunk-XPQG5IML.js";
+import {
+  imageOptimize
+} from "../chunk-LQRLWDQQ.js";
 import {
   redirect
 } from "../chunk-DSSFFJWL.js";
@@ -22,12 +31,6 @@ import {
 import {
   setCsp
 } from "../chunk-XUI4Y22M.js";
-import {
-  setRequestHeader
-} from "../chunk-M5KUQBDW.js";
-import {
-  setResponseHeader
-} from "../chunk-RBBKFG5J.js";
 import {
   constructResponse
 } from "../chunk-6DBZBV2M.js";
@@ -37,9 +40,6 @@ import {
 import {
   directoryIndex
 } from "../chunk-R7WXS7BI.js";
-import {
-  imageOptimize
-} from "../chunk-LQRLWDQQ.js";
 import "../chunk-MLKGABMK.js";
 
 // src/behaviors/verify-token.ts

package/dist/cf-function-BkfWpTfl.d.cts

@@ -0,0 +1,10 @@
+import { defineViewerRequest } from './adapters/viewer-request.cjs';
+import { defineViewerResponse } from './adapters/viewer-response.cjs';
+
+declare const cfFunction_defineViewerRequest: typeof defineViewerRequest;
+declare const cfFunction_defineViewerResponse: typeof defineViewerResponse;
+declare namespace cfFunction {
+  export { cfFunction_defineViewerRequest as defineViewerRequest, cfFunction_defineViewerResponse as defineViewerResponse };
+}
+
+export { cfFunction as c };

package/dist/cf-function-CZwCWch-.d.ts

@@ -0,0 +1,10 @@
+import { defineViewerRequest } from './adapters/viewer-request.js';
+import { defineViewerResponse } from './adapters/viewer-response.js';
+
+declare const cfFunction_defineViewerRequest: typeof defineViewerRequest;
+declare const cfFunction_defineViewerResponse: typeof defineViewerResponse;
+declare namespace cfFunction {
+  export { cfFunction_defineViewerRequest as defineViewerRequest, cfFunction_defineViewerResponse as defineViewerResponse };
+}
+
+export { cfFunction as c };

package/dist/chunk-5ZIB3AJ7.cjs

@@ -0,0 +1,20 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+var _chunkSGN2N3WIcjs = require('./chunk-SGN2N3WI.cjs');
+
+
+var _chunkN6QAQALUcjs = require('./chunk-N6QAQALU.cjs');
+
+
+var _chunk75ZPJI57cjs = require('./chunk-75ZPJI57.cjs');
+
+// src/adapters/cf-function.ts
+var cf_function_exports = {};
+_chunk75ZPJI57cjs.__export.call(void 0, cf_function_exports, {
+  defineViewerRequest: () => _chunkSGN2N3WIcjs.defineViewerRequest,
+  defineViewerResponse: () => _chunkN6QAQALUcjs.defineViewerResponse
+});
+
+
+
+exports.cf_function_exports = cf_function_exports;

package/dist/chunk-6NFAPLQ7.cjs

@@ -0,0 +1,39 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }// src/adapters/_normalize.ts
+function normalizeRequest(event) {
+  const ev = event;
+  const req = ev.request;
+  const viewer = ev.viewer;
+  const headers = _nullishCoalesce(req.headers, () => ( {}));
+  return {
+    uri: req.uri,
+    method: req.method,
+    protocol: "https",
+    querystring: _nullishCoalesce(req.querystring, () => ( {})),
+    headers,
+    clientIp: _nullishCoalesce(_optionalChain([viewer, 'optionalAccess', _ => _.ip]), () => ( "")),
+    country: _optionalChain([headers, 'access', _2 => _2["cloudfront-viewer-country"], 'optionalAccess', _3 => _3.value])
+  };
+}
+function denormalizeRequest(req, cookies) {
+  return {
+    method: req.method,
+    uri: req.uri,
+    querystring: req.querystring,
+    headers: req.headers,
+    cookies
+  };
+}
+function denormalizeResponse(res) {
+  return {
+    statusCode: res.statusCode,
+    statusDescription: res.statusDescription,
+    headers: res.headers,
+    body: _nullishCoalesce(res.body, () => ( ""))
+  };
+}
+
+
+
+
+
+exports.normalizeRequest = normalizeRequest; exports.denormalizeRequest = denormalizeRequest; exports.denormalizeResponse = denormalizeResponse;

package/dist/chunk-BJZPAQHW.js

@@ -0,0 +1,25 @@
+import {
+  runRules
+} from "./chunk-Q4NP4C3B.js";
+import {
+  denormalizeRequest,
+  denormalizeResponse,
+  normalizeRequest
+} from "./chunk-CQ7YZ3AR.js";
+
+// src/adapters/viewer-request.ts
+function defineViewerRequest(rules) {
+  return (event) => {
+    const ev = event;
+    const evReq = ev.request;
+    const originalCookies = evReq.cookies ?? {};
+    const req = normalizeRequest(event);
+    const result = runRules(rules, req);
+    if (result.action === "respond") return denormalizeResponse(result.response);
+    return denormalizeRequest(result.request, originalCookies);
+  };
+}
+
+export {
+  defineViewerRequest
+};

package/dist/chunk-CQ7YZ3AR.js

@@ -0,0 +1,39 @@
+// src/adapters/_normalize.ts
+function normalizeRequest(event) {
+  const ev = event;
+  const req = ev.request;
+  const viewer = ev.viewer;
+  const headers = req.headers ?? {};
+  return {
+    uri: req.uri,
+    method: req.method,
+    protocol: "https",
+    querystring: req.querystring ?? {},
+    headers,
+    clientIp: viewer?.ip ?? "",
+    country: headers["cloudfront-viewer-country"]?.value
+  };
+}
+function denormalizeRequest(req, cookies) {
+  return {
+    method: req.method,
+    uri: req.uri,
+    querystring: req.querystring,
+    headers: req.headers,
+    cookies
+  };
+}
+function denormalizeResponse(res) {
+  return {
+    statusCode: res.statusCode,
+    statusDescription: res.statusDescription,
+    headers: res.headers,
+    body: res.body ?? ""
+  };
+}
+
+export {
+  normalizeRequest,
+  denormalizeRequest,
+  denormalizeResponse
+};

package/dist/chunk-N6QAQALU.cjs

@@ -0,0 +1,36 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }
+
+
+var _chunk6NFAPLQ7cjs = require('./chunk-6NFAPLQ7.cjs');
+
+// src/adapters/viewer-response.ts
+function defineViewerResponse(responseBehaviors) {
+  return (event) => {
+    const ev = event;
+    const evRes = ev.response;
+    const req = _chunk6NFAPLQ7cjs.normalizeRequest.call(void 0, event);
+    let response = {
+      statusCode: _nullishCoalesce(_optionalChain([evRes, 'optionalAccess', _ => _.statusCode]), () => ( 200)),
+      statusDescription: _optionalChain([evRes, 'optionalAccess', _2 => _2.statusDescription]),
+      headers: _nullishCoalesce(_optionalChain([evRes, 'optionalAccess', _3 => _3.headers]), () => ( {})),
+      body: _optionalChain([evRes, 'optionalAccess', _4 => _4.body])
+    };
+    for (let i = 0; i < responseBehaviors.length; i++) {
+      const entry = responseBehaviors[i];
+      if (typeof entry === "function") {
+        response = entry(req, response);
+      } else if (!entry.criteria || entry.criteria(req)) {
+        response = entry.behavior(req, response);
+      }
+    }
+    const normalized = _chunk6NFAPLQ7cjs.denormalizeResponse.call(void 0, response);
+    if (!response.body) {
+      delete normalized.body;
+    }
+    return Object.assign({}, evRes, normalized);
+  };
+}
+
+
+
+exports.defineViewerResponse = defineViewerResponse;

package/dist/chunk-PR5UQJCC.js

@@ -0,0 +1,20 @@
+import {
+  defineViewerRequest
+} from "./chunk-BJZPAQHW.js";
+import {
+  defineViewerResponse
+} from "./chunk-TURH5IFN.js";
+import {
+  __export
+} from "./chunk-MLKGABMK.js";
+
+// src/adapters/cf-function.ts
+var cf_function_exports = {};
+__export(cf_function_exports, {
+  defineViewerRequest: () => defineViewerRequest,
+  defineViewerResponse: () => defineViewerResponse
+});
+
+export {
+  cf_function_exports
+};

package/dist/{chunk-UKB5JAX4.js → chunk-RL7ZETZR.js}

@@ -1,3 +1,6 @@
+import {
+  userAgentMatches
+} from "./chunk-S2AAATFN.js";
 import {
   ipCidr
 } from "./chunk-KW5YBTSD.js";
@@ -5,19 +8,16 @@ import {
   pathMatches
 } from "./chunk-LO2BO3RU.js";
 import {
-  userAgentMatches
-} from "./chunk-S2AAATFN.js";
+  redirect
+} from "./chunk-DSSFFJWL.js";
 import {
   all,
   not,
   rule
 } from "./chunk-Q4NP4C3B.js";
-import {
-  redirect
-} from "./chunk-DSSFFJWL.js";
 
-// src/helpers/staging-whitelist.ts
-function stagingWhitelist(options) {
+// src/helpers/whitelist.ts
+function whitelist(options) {
   const userAgents = options.userAgents ?? [];
   const bypassPaths = options.bypassPaths ?? [];
   const criteria = [not(ipCidr(options.cidrs)), not(userAgentMatches(userAgents))];
@@ -28,5 +28,5 @@ function stagingWhitelist(options) {
 }
 
 export {
-  stagingWhitelist
+  whitelist
 };

package/dist/chunk-SGN2N3WI.cjs

@@ -0,0 +1,25 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } }
+
+var _chunkWKYMSRCDcjs = require('./chunk-WKYMSRCD.cjs');
+
+
+
+
+var _chunk6NFAPLQ7cjs = require('./chunk-6NFAPLQ7.cjs');
+
+// src/adapters/viewer-request.ts
+function defineViewerRequest(rules) {
+  return (event) => {
+    const ev = event;
+    const evReq = ev.request;
+    const originalCookies = _nullishCoalesce(evReq.cookies, () => ( {}));
+    const req = _chunk6NFAPLQ7cjs.normalizeRequest.call(void 0, event);
+    const result = _chunkWKYMSRCDcjs.runRules.call(void 0, rules, req);
+    if (result.action === "respond") return _chunk6NFAPLQ7cjs.denormalizeResponse.call(void 0, result.response);
+    return _chunk6NFAPLQ7cjs.denormalizeRequest.call(void 0, result.request, originalCookies);
+  };
+}
+
+
+
+exports.defineViewerRequest = defineViewerRequest;