@rayselfs/cf-rule-engine 1.9.0 → 1.9.2

package/dist/{chunk-H3RK4USR.js → chunk-GKE3YDHR.js}

@@ -1,6 +1,6 @@
 import {
   matchesOriginPattern
-} from "./chunk-EEZ7NUJG.js";
+} from "./chunk-NJD4L4Q3.js";
 
 // src/behaviors/set-cors-headers.ts
 var ORIGIN_WILDCARD = "*";

package/dist/chunk-HMQIXEFJ.cjs

@@ -0,0 +1,62 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } }
+
+var _chunk7T4G7UF7cjs = require('./chunk-7T4G7UF7.cjs');
+
+
+var _chunkG7JGTBTTcjs = require('./chunk-G7JGTBTT.cjs');
+
+
+var _chunkWUFGMLE7cjs = require('./chunk-WUFGMLE7.cjs');
+
+
+var _chunkMK4QBCD5cjs = require('./chunk-MK4QBCD5.cjs');
+
+
+var _chunkVEEOQ7TScjs = require('./chunk-VEEOQ7TS.cjs');
+
+
+var _chunkWWSRNCUPcjs = require('./chunk-WWSRNCUP.cjs');
+
+
+
+
+
+var _chunkWKYMSRCDcjs = require('./chunk-WKYMSRCD.cjs');
+
+// src/helpers/whitelist.ts
+function buildBypassCriteria(paths) {
+  const exactPaths = [];
+  const prefixPaths = [];
+  const wildcardPatterns = [];
+  for (let i = 0; i < paths.length; i++) {
+    const p = paths[i];
+    const hasWildcard = p.indexOf("*") !== -1 || p.indexOf("?") !== -1;
+    const isTrailingSlashStar = p.charAt(p.length - 1) === "*" && p.charAt(p.length - 2) === "/" && p.indexOf("*") === p.length - 1 && p.indexOf("?") === -1;
+    if (!hasWildcard) {
+      exactPaths.push(p);
+    } else if (isTrailingSlashStar) {
+      prefixPaths.push(p.slice(0, p.length - 1));
+    } else {
+      wildcardPatterns.push(p);
+    }
+  }
+  const criteria = [];
+  if (exactPaths.length > 0) criteria.push(_chunkVEEOQ7TScjs.pathEquals.call(void 0, exactPaths));
+  if (prefixPaths.length > 0) criteria.push(_chunkG7JGTBTTcjs.pathPrefix.call(void 0, prefixPaths));
+  if (wildcardPatterns.length > 0) criteria.push(_chunk7T4G7UF7cjs.pathMatches.call(void 0, wildcardPatterns));
+  if (criteria.length === 1) return criteria[0];
+  return _chunkWKYMSRCDcjs.any.call(void 0, criteria);
+}
+function whitelist(options) {
+  const userAgents = _nullishCoalesce(options.userAgents, () => ( []));
+  const bypassPaths = _nullishCoalesce(options.bypassPaths, () => ( []));
+  const criteria = [_chunkWKYMSRCDcjs.not.call(void 0, _chunkMK4QBCD5cjs.ipCidr.call(void 0, options.cidrs)), _chunkWKYMSRCDcjs.not.call(void 0, _chunkWUFGMLE7cjs.userAgentMatches.call(void 0, userAgents))];
+  if (bypassPaths.length > 0) {
+    criteria.push(_chunkWKYMSRCDcjs.not.call(void 0, buildBypassCriteria(bypassPaths)));
+  }
+  return _chunkWKYMSRCDcjs.rule.call(void 0, _chunkWKYMSRCDcjs.all.call(void 0, criteria), _chunkWWSRNCUPcjs.redirect.call(void 0, 302, options.redirectUrl));
+}
+
+
+
+exports.whitelist = whitelist;

package/dist/{chunk-VQGBRWJK.js → chunk-HWJFOKZX.js}

@@ -1,6 +1,6 @@
 import {
   matchesAnyWildcard
-} from "./chunk-EEZ7NUJG.js";
+} from "./chunk-NJD4L4Q3.js";
 
 // src/criteria/user-agent-matches.ts
 function userAgentMatches(patterns) {

package/dist/{chunk-Y7TIDVVC.js → chunk-I7YELJ2P.js}

@@ -1,6 +1,6 @@
 import {
   matchesAnyWildcard
-} from "./chunk-EEZ7NUJG.js";
+} from "./chunk-NJD4L4Q3.js";
 
 // src/criteria/path-matches.ts
 function pathMatches(patterns) {

package/dist/{chunk-EEZ7NUJG.js → chunk-NJD4L4Q3.js}

@@ -9,6 +9,9 @@ function wildcardToRegex(pattern) {
   return regexCache[pattern];
 }
 function matchesWildcard(str, pattern) {
+  if (pattern.indexOf("*") === -1 && pattern.indexOf("?") === -1) {
+    return str.toLowerCase() === pattern.toLowerCase();
+  }
   return wildcardToRegex(pattern).test(str);
 }
 function matchesAnyWildcard(str, patterns) {

package/dist/chunk-SC6UPQYF.js

@@ -0,0 +1,62 @@
+import {
+  pathMatches
+} from "./chunk-I7YELJ2P.js";
+import {
+  pathPrefix
+} from "./chunk-XLSZ5RB7.js";
+import {
+  userAgentMatches
+} from "./chunk-HWJFOKZX.js";
+import {
+  ipCidr
+} from "./chunk-YHTUV2SA.js";
+import {
+  pathEquals
+} from "./chunk-UD456E4I.js";
+import {
+  redirect
+} from "./chunk-DSSFFJWL.js";
+import {
+  all,
+  any,
+  not,
+  rule
+} from "./chunk-Q4NP4C3B.js";
+
+// src/helpers/whitelist.ts
+function buildBypassCriteria(paths) {
+  const exactPaths = [];
+  const prefixPaths = [];
+  const wildcardPatterns = [];
+  for (let i = 0; i < paths.length; i++) {
+    const p = paths[i];
+    const hasWildcard = p.indexOf("*") !== -1 || p.indexOf("?") !== -1;
+    const isTrailingSlashStar = p.charAt(p.length - 1) === "*" && p.charAt(p.length - 2) === "/" && p.indexOf("*") === p.length - 1 && p.indexOf("?") === -1;
+    if (!hasWildcard) {
+      exactPaths.push(p);
+    } else if (isTrailingSlashStar) {
+      prefixPaths.push(p.slice(0, p.length - 1));
+    } else {
+      wildcardPatterns.push(p);
+    }
+  }
+  const criteria = [];
+  if (exactPaths.length > 0) criteria.push(pathEquals(exactPaths));
+  if (prefixPaths.length > 0) criteria.push(pathPrefix(prefixPaths));
+  if (wildcardPatterns.length > 0) criteria.push(pathMatches(wildcardPatterns));
+  if (criteria.length === 1) return criteria[0];
+  return any(criteria);
+}
+function whitelist(options) {
+  const userAgents = options.userAgents ?? [];
+  const bypassPaths = options.bypassPaths ?? [];
+  const criteria = [not(ipCidr(options.cidrs)), not(userAgentMatches(userAgents))];
+  if (bypassPaths.length > 0) {
+    criteria.push(not(buildBypassCriteria(bypassPaths)));
+  }
+  return rule(all(criteria), redirect(302, options.redirectUrl));
+}
+
+export {
+  whitelist
+};

package/dist/{chunk-IHVOAORH.cjs → chunk-TJ2POKWD.cjs}

@@ -1,6 +1,6 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }
 
-var _chunkULICUDDHcjs = require('./chunk-ULICUDDH.cjs');
+var _chunkYNKZGZ7Icjs = require('./chunk-YNKZGZ7I.cjs');
 
 // src/behaviors/set-cors-headers.ts
 var ORIGIN_WILDCARD = "*";
@@ -15,7 +15,7 @@ function setCorsHeaders(options) {
       allowOrigin = _optionalChain([request, 'access', _ => _.headers, 'access', _2 => _2["origin"], 'optionalAccess', _3 => _3.value]);
     } else {
       const originHeader = _optionalChain([request, 'access', _4 => _4.headers, 'access', _5 => _5["origin"], 'optionalAccess', _6 => _6.value]);
-      if (originHeader && allowedOrigins.some((p) => _chunkULICUDDHcjs.matchesOriginPattern.call(void 0, originHeader, p))) {
+      if (originHeader && allowedOrigins.some((p) => _chunkYNKZGZ7Icjs.matchesOriginPattern.call(void 0, originHeader, p))) {
         allowOrigin = originHeader;
       }
     }

package/dist/{chunk-7EA7GFWX.js → chunk-VRSD6YHP.js}

@@ -4,10 +4,10 @@ import {
 import {
   ORIGIN_ECHO,
   ORIGIN_WILDCARD
-} from "./chunk-H3RK4USR.js";
+} from "./chunk-GKE3YDHR.js";
 import {
   matchesOriginPattern
-} from "./chunk-EEZ7NUJG.js";
+} from "./chunk-NJD4L4Q3.js";
 
 // src/helpers/preflight-request.ts
 function preflightRequest(options) {

package/dist/{chunk-LVOM5GJ6.cjs → chunk-WUFGMLE7.cjs}

@@ -1,13 +1,13 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }
 
-var _chunkULICUDDHcjs = require('./chunk-ULICUDDH.cjs');
+var _chunkYNKZGZ7Icjs = require('./chunk-YNKZGZ7I.cjs');
 
 // src/criteria/user-agent-matches.ts
 function userAgentMatches(patterns) {
   return (req) => {
     const ua = _optionalChain([req, 'access', _ => _.headers, 'access', _2 => _2["user-agent"], 'optionalAccess', _3 => _3.value]);
     if (!ua) return false;
-    return _chunkULICUDDHcjs.matchesAnyWildcard.call(void 0, ua, patterns);
+    return _chunkYNKZGZ7Icjs.matchesAnyWildcard.call(void 0, ua, patterns);
   };
 }
 

package/dist/{chunk-ULICUDDH.cjs → chunk-YNKZGZ7I.cjs}

@@ -9,6 +9,9 @@ function wildcardToRegex(pattern) {
   return regexCache[pattern];
 }
 function matchesWildcard(str, pattern) {
+  if (pattern.indexOf("*") === -1 && pattern.indexOf("?") === -1) {
+    return str.toLowerCase() === pattern.toLowerCase();
+  }
   return wildcardToRegex(pattern).test(str);
 }
 function matchesAnyWildcard(str, patterns) {

package/dist/core/types.d.cts

@@ -1,5 +1,5 @@
 /** Represents an HTTP request with URI, method, headers, and querystring. */
-interface HttpRequest {
+type HttpRequest = {
     uri: string;
     method: string;
     protocol: string;
@@ -11,16 +11,16 @@ interface HttpRequest {
     }>;
     clientIp: string;
     country?: string;
-}
+};
 /** Represents an HTTP response with status code and headers. */
-interface HttpResponse {
+type HttpResponse = {
     statusCode: number;
     statusDescription?: string;
     headers: Record<string, {
         value: string;
     }>;
     body?: string;
-}
+};
 /** A function that evaluates criteria against a request and returns a boolean. */
 type CriteriaFn = (request: HttpRequest) => boolean;
 /** Result of a behavior function: either continue processing or respond. */
@@ -36,15 +36,15 @@ type BehaviorFn = (request: HttpRequest) => BehaviorResult;
 /** A function that modifies an HTTP response. */
 type ResponseBehaviorFn = (request: HttpRequest, response: HttpResponse) => HttpResponse;
 /** A response rule: an optional criteria guard plus a ResponseBehaviorFn. */
-interface ResponseRule {
+type ResponseRule = {
     criteria?: CriteriaFn;
     behavior: ResponseBehaviorFn;
-}
+};
 /** A rule combining optional criteria and a behavior function. */
-interface Rule {
+type Rule = {
     criteria?: CriteriaFn;
     behavior: BehaviorFn;
-}
+};
 /** Handler for CloudFront viewer request events. */
 type ViewerRequestHandler = (event: unknown) => unknown;
 /** Handler for CloudFront viewer response events. */

package/dist/core/types.d.ts

@@ -1,5 +1,5 @@
 /** Represents an HTTP request with URI, method, headers, and querystring. */
-interface HttpRequest {
+type HttpRequest = {
     uri: string;
     method: string;
     protocol: string;
@@ -11,16 +11,16 @@ interface HttpRequest {
     }>;
     clientIp: string;
     country?: string;
-}
+};
 /** Represents an HTTP response with status code and headers. */
-interface HttpResponse {
+type HttpResponse = {
     statusCode: number;
     statusDescription?: string;
     headers: Record<string, {
         value: string;
     }>;
     body?: string;
-}
+};
 /** A function that evaluates criteria against a request and returns a boolean. */
 type CriteriaFn = (request: HttpRequest) => boolean;
 /** Result of a behavior function: either continue processing or respond. */
@@ -36,15 +36,15 @@ type BehaviorFn = (request: HttpRequest) => BehaviorResult;
 /** A function that modifies an HTTP response. */
 type ResponseBehaviorFn = (request: HttpRequest, response: HttpResponse) => HttpResponse;
 /** A response rule: an optional criteria guard plus a ResponseBehaviorFn. */
-interface ResponseRule {
+type ResponseRule = {
     criteria?: CriteriaFn;
     behavior: ResponseBehaviorFn;
-}
+};
 /** A rule combining optional criteria and a behavior function. */
-interface Rule {
+type Rule = {
     criteria?: CriteriaFn;
     behavior: BehaviorFn;
-}
+};
 /** Handler for CloudFront viewer request events. */
 type ViewerRequestHandler = (event: unknown) => unknown;
 /** Handler for CloudFront viewer response events. */

package/dist/criteria/file-extension.d.cts

@@ -20,11 +20,11 @@ import { CriteriaFn } from '../core/types.cjs';
  *
  * // Apply long-lived cache to static assets
  * rule(fileExtension(['js', 'css', 'woff2', 'woff']),
- *   setCacheControl({ maxAge: 31536000 }))
+ *   setCacheControl('public, max-age=31536000, immutable'))
  *
  * // Apply image optimization for image requests
- * rule(fileExtension(['jpg', 'jpeg', 'png', 'gif', 'webp']),
- *   imageOptimize())
+ * rule(fileExtension(['jpg', 'jpeg', 'png', 'gif']),
+ *   imageOptimize({ breakpoints: [320, 640, 960, 1280, 1920] }))
  * ```
  */
 declare function fileExtension(extensions: string[]): CriteriaFn;

package/dist/criteria/file-extension.d.ts

@@ -20,11 +20,11 @@ import { CriteriaFn } from '../core/types.js';
  *
  * // Apply long-lived cache to static assets
  * rule(fileExtension(['js', 'css', 'woff2', 'woff']),
- *   setCacheControl({ maxAge: 31536000 }))
+ *   setCacheControl('public, max-age=31536000, immutable'))
  *
  * // Apply image optimization for image requests
- * rule(fileExtension(['jpg', 'jpeg', 'png', 'gif', 'webp']),
- *   imageOptimize())
+ * rule(fileExtension(['jpg', 'jpeg', 'png', 'gif']),
+ *   imageOptimize({ breakpoints: [320, 640, 960, 1280, 1920] }))
  * ```
  */
 declare function fileExtension(extensions: string[]): CriteriaFn;

package/dist/criteria/index.cjs

@@ -1,38 +1,38 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true});
 
-var _chunkVEEOQ7TScjs = require('../chunk-VEEOQ7TS.cjs');
+var _chunk7T4G7UF7cjs = require('../chunk-7T4G7UF7.cjs');
 
 
 var _chunkG7JGTBTTcjs = require('../chunk-G7JGTBTT.cjs');
 
 
-var _chunkZEFLAOTLcjs = require('../chunk-ZEFLAOTL.cjs');
+var _chunkWUFGMLE7cjs = require('../chunk-WUFGMLE7.cjs');
 
 
-var _chunkLVOM5GJ6cjs = require('../chunk-LVOM5GJ6.cjs');
+var _chunk32SMWYAFcjs = require('../chunk-32SMWYAF.cjs');
 
 
-var _chunkOTFDML3Kcjs = require('../chunk-OTFDML3K.cjs');
+var _chunkL7NBJ4JAcjs = require('../chunk-L7NBJ4JA.cjs');
 
 
-var _chunkOSZWDCTScjs = require('../chunk-OSZWDCTS.cjs');
+var _chunkJGJW7D2Ncjs = require('../chunk-JGJW7D2N.cjs');
 
 
-var _chunkU54FZCOHcjs = require('../chunk-U54FZCOH.cjs');
+var _chunkMK4QBCD5cjs = require('../chunk-MK4QBCD5.cjs');
+require('../chunk-WZKRNMF2.cjs');
 
 
-var _chunk32SMWYAFcjs = require('../chunk-32SMWYAF.cjs');
+var _chunkOTFDML3Kcjs = require('../chunk-OTFDML3K.cjs');
 
 
-var _chunkL7NBJ4JAcjs = require('../chunk-L7NBJ4JA.cjs');
+var _chunkVEEOQ7TScjs = require('../chunk-VEEOQ7TS.cjs');
 
 
-var _chunkJGJW7D2Ncjs = require('../chunk-JGJW7D2N.cjs');
+var _chunkOSZWDCTScjs = require('../chunk-OSZWDCTS.cjs');
 
 
-var _chunkMK4QBCD5cjs = require('../chunk-MK4QBCD5.cjs');
-require('../chunk-WZKRNMF2.cjs');
-require('../chunk-ULICUDDH.cjs');
+var _chunkU54FZCOHcjs = require('../chunk-U54FZCOH.cjs');
+require('../chunk-YNKZGZ7I.cjs');
 require('../chunk-75ZPJI57.cjs');
 
 
@@ -46,4 +46,4 @@ require('../chunk-75ZPJI57.cjs');
 
 
 
-exports.countryIs = _chunkOSZWDCTScjs.countryIs; exports.fileExtension = _chunkU54FZCOHcjs.fileExtension; exports.headerContains = _chunk32SMWYAFcjs.headerContains; exports.headerEquals = _chunkL7NBJ4JAcjs.headerEquals; exports.hostnameIs = _chunkJGJW7D2Ncjs.hostnameIs; exports.ipCidr = _chunkMK4QBCD5cjs.ipCidr; exports.methodIs = _chunkOTFDML3Kcjs.methodIs; exports.pathEquals = _chunkVEEOQ7TScjs.pathEquals; exports.pathMatches = _chunkZEFLAOTLcjs.pathMatches; exports.pathPrefix = _chunkG7JGTBTTcjs.pathPrefix; exports.userAgentMatches = _chunkLVOM5GJ6cjs.userAgentMatches;
+exports.countryIs = _chunkOSZWDCTScjs.countryIs; exports.fileExtension = _chunkU54FZCOHcjs.fileExtension; exports.headerContains = _chunk32SMWYAFcjs.headerContains; exports.headerEquals = _chunkL7NBJ4JAcjs.headerEquals; exports.hostnameIs = _chunkJGJW7D2Ncjs.hostnameIs; exports.ipCidr = _chunkMK4QBCD5cjs.ipCidr; exports.methodIs = _chunkOTFDML3Kcjs.methodIs; exports.pathEquals = _chunkVEEOQ7TScjs.pathEquals; exports.pathMatches = _chunk7T4G7UF7cjs.pathMatches; exports.pathPrefix = _chunkG7JGTBTTcjs.pathPrefix; exports.userAgentMatches = _chunkWUFGMLE7cjs.userAgentMatches;

package/dist/criteria/index.js

@@ -1,24 +1,12 @@
 import {
-  pathEquals
-} from "../chunk-UD456E4I.js";
+  pathMatches
+} from "../chunk-I7YELJ2P.js";
 import {
   pathPrefix
 } from "../chunk-XLSZ5RB7.js";
-import {
-  pathMatches
-} from "../chunk-Y7TIDVVC.js";
 import {
   userAgentMatches
-} from "../chunk-VQGBRWJK.js";
-import {
-  methodIs
-} from "../chunk-PY3JMRDG.js";
-import {
-  countryIs
-} from "../chunk-5CPBXZ4X.js";
-import {
-  fileExtension
-} from "../chunk-LBJUCJF2.js";
+} from "../chunk-HWJFOKZX.js";
 import {
   headerContains
 } from "../chunk-SRQF5UEJ.js";
@@ -32,7 +20,19 @@ import {
   ipCidr
 } from "../chunk-YHTUV2SA.js";
 import "../chunk-NWRGD3AH.js";
-import "../chunk-EEZ7NUJG.js";
+import {
+  methodIs
+} from "../chunk-PY3JMRDG.js";
+import {
+  pathEquals
+} from "../chunk-UD456E4I.js";
+import {
+  countryIs
+} from "../chunk-5CPBXZ4X.js";
+import {
+  fileExtension
+} from "../chunk-LBJUCJF2.js";
+import "../chunk-NJD4L4Q3.js";
 import "../chunk-MLKGABMK.js";
 export {
   countryIs,

package/dist/criteria/kvs.d.cts

@@ -1,6 +1,34 @@
 import { CriteriaFn } from '../core/types.cjs';
 import { KvsHandle } from '../shared/kvs.cjs';
 
+/**
+ * Loads a CIDR allowlist from CloudFront KeyValueStore and returns a `CriteriaFn`
+ * that matches client IPs against the loaded ranges.
+ *
+ * The KVS value at `key` must be a JSON-encoded `string[]` of CIDR ranges
+ * (e.g. `["10.0.0.0/8", "203.0.113.0/24"]`). If the key is absent or the value
+ * is empty, no IPs will match.
+ *
+ * Intended for use with `defineViewerRequestAsync` — the KVS read happens once
+ * at setup time.
+ *
+ * @param handle - KVS handle.
+ * @param key - The KVS key whose value is a JSON CIDR array.
+ * @returns A `CriteriaFn` to pass to `rule()`.
+ *
+ * @example
+ * ```ts
+ * import { defineViewerRequestAsync } from '@rayselfs/cf-rule-engine/adapters/viewer-request'
+ * import { rule, not } from '@rayselfs/cf-rule-engine'
+ * import { kvsIpCidr } from '@rayselfs/cf-rule-engine/criteria/kvs'
+ * import { redirect } from '@rayselfs/cf-rule-engine/behaviors'
+ *
+ * export default defineViewerRequestAsync(async (event) => {
+ *   const handle = CloudFront.createKeyValueStore(event)
+ *   return [rule(not(await kvsIpCidr(handle, 'allowed-cidrs')), redirect(302, 'https://www.example.com'))]
+ * })
+ * ```
+ */
 declare function kvsIpCidr(handle: KvsHandle, key: string): Promise<CriteriaFn>;
 
 export { kvsIpCidr };

package/dist/criteria/kvs.d.ts

@@ -1,6 +1,34 @@
 import { CriteriaFn } from '../core/types.js';
 import { KvsHandle } from '../shared/kvs.js';
 
+/**
+ * Loads a CIDR allowlist from CloudFront KeyValueStore and returns a `CriteriaFn`
+ * that matches client IPs against the loaded ranges.
+ *
+ * The KVS value at `key` must be a JSON-encoded `string[]` of CIDR ranges
+ * (e.g. `["10.0.0.0/8", "203.0.113.0/24"]`). If the key is absent or the value
+ * is empty, no IPs will match.
+ *
+ * Intended for use with `defineViewerRequestAsync` — the KVS read happens once
+ * at setup time.
+ *
+ * @param handle - KVS handle.
+ * @param key - The KVS key whose value is a JSON CIDR array.
+ * @returns A `CriteriaFn` to pass to `rule()`.
+ *
+ * @example
+ * ```ts
+ * import { defineViewerRequestAsync } from '@rayselfs/cf-rule-engine/adapters/viewer-request'
+ * import { rule, not } from '@rayselfs/cf-rule-engine'
+ * import { kvsIpCidr } from '@rayselfs/cf-rule-engine/criteria/kvs'
+ * import { redirect } from '@rayselfs/cf-rule-engine/behaviors'
+ *
+ * export default defineViewerRequestAsync(async (event) => {
+ *   const handle = CloudFront.createKeyValueStore(event)
+ *   return [rule(not(await kvsIpCidr(handle, 'allowed-cidrs')), redirect(302, 'https://www.example.com'))]
+ * })
+ * ```
+ */
 declare function kvsIpCidr(handle: KvsHandle, key: string): Promise<CriteriaFn>;
 
 export { kvsIpCidr };

package/dist/criteria/path-matches.cjs

@@ -1,8 +1,8 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true});
 
-var _chunkZEFLAOTLcjs = require('../chunk-ZEFLAOTL.cjs');
-require('../chunk-ULICUDDH.cjs');
+var _chunk7T4G7UF7cjs = require('../chunk-7T4G7UF7.cjs');
+require('../chunk-YNKZGZ7I.cjs');
 require('../chunk-75ZPJI57.cjs');
 
 
-exports.pathMatches = _chunkZEFLAOTLcjs.pathMatches;
+exports.pathMatches = _chunk7T4G7UF7cjs.pathMatches;

package/dist/criteria/path-matches.js

@@ -1,7 +1,7 @@
 import {
   pathMatches
-} from "../chunk-Y7TIDVVC.js";
-import "../chunk-EEZ7NUJG.js";
+} from "../chunk-I7YELJ2P.js";
+import "../chunk-NJD4L4Q3.js";
 import "../chunk-MLKGABMK.js";
 export {
   pathMatches

package/dist/criteria/user-agent-matches.cjs

@@ -1,8 +1,8 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true});
 
-var _chunkLVOM5GJ6cjs = require('../chunk-LVOM5GJ6.cjs');
-require('../chunk-ULICUDDH.cjs');
+var _chunkWUFGMLE7cjs = require('../chunk-WUFGMLE7.cjs');
+require('../chunk-YNKZGZ7I.cjs');
 require('../chunk-75ZPJI57.cjs');
 
 
-exports.userAgentMatches = _chunkLVOM5GJ6cjs.userAgentMatches;
+exports.userAgentMatches = _chunkWUFGMLE7cjs.userAgentMatches;

package/dist/criteria/user-agent-matches.js

@@ -1,7 +1,7 @@
 import {
   userAgentMatches
-} from "../chunk-VQGBRWJK.js";
-import "../chunk-EEZ7NUJG.js";
+} from "../chunk-HWJFOKZX.js";
+import "../chunk-NJD4L4Q3.js";
 import "../chunk-MLKGABMK.js";
 export {
   userAgentMatches

package/dist/helpers/index.cjs

@@ -1,22 +1,24 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true});
 
-var _chunkISXKMJCNcjs = require('../chunk-ISXKMJCN.cjs');
+var _chunkHMQIXEFJcjs = require('../chunk-HMQIXEFJ.cjs');
 
 
-var _chunkEMDI676Gcjs = require('../chunk-EMDI676G.cjs');
+var _chunkCLGM2TGTcjs = require('../chunk-CLGM2TGT.cjs');
 
 
 var _chunkLSCC62CZcjs = require('../chunk-LSCC62CZ.cjs');
-require('../chunk-ZEFLAOTL.cjs');
-require('../chunk-LVOM5GJ6.cjs');
-require('../chunk-OTFDML3K.cjs');
+require('../chunk-7T4G7UF7.cjs');
+require('../chunk-G7JGTBTT.cjs');
+require('../chunk-WUFGMLE7.cjs');
 
 
 var _chunkL7NBJ4JAcjs = require('../chunk-L7NBJ4JA.cjs');
 require('../chunk-MK4QBCD5.cjs');
 require('../chunk-WZKRNMF2.cjs');
-require('../chunk-IHVOAORH.cjs');
-require('../chunk-ULICUDDH.cjs');
+require('../chunk-OTFDML3K.cjs');
+require('../chunk-VEEOQ7TS.cjs');
+require('../chunk-TJ2POKWD.cjs');
+require('../chunk-YNKZGZ7I.cjs');
 
 
 var _chunkB4WEJSEZcjs = require('../chunk-B4WEJSEZ.cjs');
@@ -40,4 +42,4 @@ function stagingIndicator() {
 
 
 
-exports.preflightRequest = _chunkEMDI676Gcjs.preflightRequest; exports.sendCountryCode = _chunkLSCC62CZcjs.sendCountryCode; exports.stagingIndicator = stagingIndicator; exports.whitelist = _chunkISXKMJCNcjs.whitelist;
+exports.preflightRequest = _chunkCLGM2TGTcjs.preflightRequest; exports.sendCountryCode = _chunkLSCC62CZcjs.sendCountryCode; exports.stagingIndicator = stagingIndicator; exports.whitelist = _chunkHMQIXEFJcjs.whitelist;

package/dist/helpers/index.js

@@ -1,22 +1,24 @@
 import {
   whitelist
-} from "../chunk-IHDSTTO2.js";
+} from "../chunk-SC6UPQYF.js";
 import {
   preflightRequest
-} from "../chunk-7EA7GFWX.js";
+} from "../chunk-VRSD6YHP.js";
 import {
   sendCountryCode
 } from "../chunk-C32DL3EP.js";
-import "../chunk-Y7TIDVVC.js";
-import "../chunk-VQGBRWJK.js";
-import "../chunk-PY3JMRDG.js";
+import "../chunk-I7YELJ2P.js";
+import "../chunk-XLSZ5RB7.js";
+import "../chunk-HWJFOKZX.js";
 import {
   headerEquals
 } from "../chunk-BZQJYOU2.js";
 import "../chunk-YHTUV2SA.js";
 import "../chunk-NWRGD3AH.js";
-import "../chunk-H3RK4USR.js";
-import "../chunk-EEZ7NUJG.js";
+import "../chunk-PY3JMRDG.js";
+import "../chunk-UD456E4I.js";
+import "../chunk-GKE3YDHR.js";
+import "../chunk-NJD4L4Q3.js";
 import {
   setResponseHeader
 } from "../chunk-RBBKFG5J.js";