@vivero/stoma 0.1.0-rc.10

package/dist/policies/transform/request-validation.js

@@ -0,0 +1,121 @@
+import { GatewayError } from "../../core/errors";
+import { definePolicy, Priority } from "../sdk";
+function normalizeResult(result) {
+  if (typeof result === "boolean") {
+    return { valid: result };
+  }
+  return result;
+}
+const requestValidation = /* @__PURE__ */ definePolicy({
+  name: "request-validation",
+  priority: Priority.AUTH,
+  phases: ["request-body"],
+  defaults: {
+    contentTypes: ["application/json"],
+    errorMessage: "Request validation failed"
+  },
+  handler: async (c, next, { config, debug }) => {
+    const contentType = c.req.header("content-type") ?? "";
+    const matchedType = config.contentTypes.some(
+      (ct) => contentType.includes(ct)
+    );
+    if (!matchedType) {
+      debug(
+        "skipping - content type %s not in %o",
+        contentType,
+        config.contentTypes
+      );
+      await next();
+      return;
+    }
+    let parsed;
+    try {
+      const cloned = c.req.raw.clone();
+      const text = await cloned.text();
+      parsed = JSON.parse(text);
+    } catch {
+      debug("body parse failed");
+      throw new GatewayError(
+        400,
+        "validation_failed",
+        `${config.errorMessage}: invalid JSON`
+      );
+    }
+    const validatorFn = config.validateAsync ?? config.validate;
+    if (!validatorFn) {
+      debug("no validator configured - passing through");
+      await next();
+      return;
+    }
+    const rawResult = await validatorFn(parsed);
+    const result = normalizeResult(rawResult);
+    if (!result.valid) {
+      const details = result.errors && result.errors.length > 0 ? `${config.errorMessage}: ${result.errors.join("; ")}` : config.errorMessage;
+      debug("validation failed: %s", details);
+      throw new GatewayError(400, "validation_failed", details);
+    }
+    debug("validation passed");
+    await next();
+  },
+  evaluate: {
+    onRequest: async (input, { config, debug }) => {
+      const contentType = input.headers.get("content-type") ?? "";
+      const matchedType = config.contentTypes.some(
+        (ct) => contentType.includes(ct)
+      );
+      if (!matchedType) {
+        debug(
+          "skipping - content type %s not in %o",
+          contentType,
+          config.contentTypes
+        );
+        return { action: "continue" };
+      }
+      let parsed;
+      try {
+        if (!input.body) {
+          debug("body parse failed");
+          return {
+            action: "reject",
+            status: 400,
+            code: "validation_failed",
+            message: `${config.errorMessage}: invalid JSON`
+          };
+        }
+        const bodyStr = typeof input.body === "string" ? input.body : new TextDecoder().decode(input.body);
+        parsed = JSON.parse(bodyStr);
+      } catch {
+        debug("body parse failed");
+        return {
+          action: "reject",
+          status: 400,
+          code: "validation_failed",
+          message: `${config.errorMessage}: invalid JSON`
+        };
+      }
+      const validatorFn = config.validateAsync ?? config.validate;
+      if (!validatorFn) {
+        debug("no validator configured - passing through");
+        return { action: "continue" };
+      }
+      const rawResult = await validatorFn(parsed);
+      const result = normalizeResult(rawResult);
+      if (!result.valid) {
+        const details = result.errors && result.errors.length > 0 ? `${config.errorMessage}: ${result.errors.join("; ")}` : config.errorMessage;
+        debug("validation failed: %s", details);
+        return {
+          action: "reject",
+          status: 400,
+          code: "validation_failed",
+          message: details
+        };
+      }
+      debug("validation passed");
+      return { action: "continue" };
+    }
+  }
+});
+export {
+  requestValidation
+};
+//# sourceMappingURL=request-validation.js.map

package/dist/policies/transform/request-validation.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/policies/transform/request-validation.ts"],"sourcesContent":["/**\n * Request validation policy - pluggable body validation with zero dependencies.\n *\n * The gateway library has no validation dependencies (no ajv, no zod at runtime).\n * The user provides their own `validate` or `validateAsync` function. This keeps\n * the library dependency-free while supporting any schema validation approach.\n *\n * @module request-validation\n */\n\nimport { GatewayError } from \"../../core/errors\";\nimport { definePolicy, Priority } from \"../sdk\";\nimport type { PolicyConfig } from \"../types\";\n\n/** Result shape returned by validation functions that provide error details. */\ninterface ValidationResult {\n  valid: boolean;\n  errors?: string[];\n}\n\nexport interface RequestValidationConfig extends PolicyConfig {\n  /**\n   * Synchronous validation function.\n   * Return `true`/`false` or an object with optional error details.\n   */\n  validate?: (body: unknown) => boolean | ValidationResult;\n  /**\n   * Async validation function (e.g., for remote schema validation).\n   * If both `validate` and `validateAsync` are provided, `validateAsync` takes precedence.\n   */\n  validateAsync?: (body: unknown) => Promise<boolean | ValidationResult>;\n  /**\n   * Only validate these content types.\n   * Requests with other content types pass through without validation.\n   * Default: `[\"application/json\"]`.\n   */\n  contentTypes?: string[];\n  /** Custom error message prefix. Default: `\"Request validation failed\"`. */\n  errorMessage?: string;\n}\n\n/**\n * Normalize a validation return value into a `{ valid, errors? }` shape.\n */\nfunction normalizeResult(result: boolean | ValidationResult): ValidationResult {\n  if (typeof result === \"boolean\") {\n    return { valid: result };\n  }\n  return result;\n}\n\n/**\n * Pluggable request body validation policy.\n *\n * Validates the request body using a user-provided sync or async function.\n * Requests with content types not in the configured list pass through\n * without validation.\n *\n * @example\n * ```ts\n * import { requestValidation } from \"@vivero/stoma\";\n *\n * // Simple boolean validator\n * requestValidation({\n *   validate: (body) => body != null && typeof body === \"object\",\n * });\n *\n * // Detailed validation with error messages\n * requestValidation({\n *   validate: (body) => {\n *     const errors: string[] = [];\n *     if (!body || typeof body !== \"object\") errors.push(\"Body must be an object\");\n *     return { valid: errors.length === 0, errors };\n *   },\n * });\n * ```\n */\nexport const requestValidation =\n  /*#__PURE__*/ definePolicy<RequestValidationConfig>({\n    name: \"request-validation\",\n    priority: Priority.AUTH,\n    phases: [\"request-body\"],\n    defaults: {\n      contentTypes: [\"application/json\"],\n      errorMessage: \"Request validation failed\",\n    },\n    handler: async (c, next, { config, debug }) => {\n      const contentType = c.req.header(\"content-type\") ?? \"\";\n      const matchedType = config.contentTypes!.some((ct) =>\n        contentType.includes(ct)\n      );\n\n      if (!matchedType) {\n        debug(\n          \"skipping - content type %s not in %o\",\n          contentType,\n          config.contentTypes\n        );\n        await next();\n        return;\n      }\n\n      // Clone the request to avoid consuming the body stream for downstream handlers\n      let parsed: unknown;\n      try {\n        const cloned = c.req.raw.clone();\n        const text = await cloned.text();\n        parsed = JSON.parse(text);\n      } catch {\n        debug(\"body parse failed\");\n        throw new GatewayError(\n          400,\n          \"validation_failed\",\n          `${config.errorMessage!}: invalid JSON`\n        );\n      }\n\n      // Run async validator if provided, otherwise sync\n      const validatorFn = config.validateAsync ?? config.validate;\n      if (!validatorFn) {\n        debug(\"no validator configured - passing through\");\n        await next();\n        return;\n      }\n\n      const rawResult = await validatorFn(parsed);\n      const result = normalizeResult(rawResult);\n\n      if (!result.valid) {\n        const details =\n          result.errors && result.errors.length > 0\n            ? `${config.errorMessage!}: ${result.errors.join(\"; \")}`\n            : config.errorMessage!;\n        debug(\"validation failed: %s\", details);\n        throw new GatewayError(400, \"validation_failed\", details);\n      }\n\n      debug(\"validation passed\");\n      await next();\n    },\n    evaluate: {\n      onRequest: async (input, { config, debug }) => {\n        const contentType = input.headers.get(\"content-type\") ?? \"\";\n        const matchedType = config.contentTypes!.some((ct) =>\n          contentType.includes(ct)\n        );\n\n        if (!matchedType) {\n          debug(\n            \"skipping - content type %s not in %o\",\n            contentType,\n            config.contentTypes\n          );\n          return { action: \"continue\" };\n        }\n\n        // Parse body\n        let parsed: unknown;\n        try {\n          if (!input.body) {\n            debug(\"body parse failed\");\n            return {\n              action: \"reject\",\n              status: 400,\n              code: \"validation_failed\",\n              message: `${config.errorMessage!}: invalid JSON`,\n            };\n          }\n          const bodyStr =\n            typeof input.body === \"string\"\n              ? input.body\n              : new TextDecoder().decode(input.body);\n          parsed = JSON.parse(bodyStr);\n        } catch {\n          debug(\"body parse failed\");\n          return {\n            action: \"reject\",\n            status: 400,\n            code: \"validation_failed\",\n            message: `${config.errorMessage!}: invalid JSON`,\n          };\n        }\n\n        // Run async validator if provided, otherwise sync\n        const validatorFn = config.validateAsync ?? config.validate;\n        if (!validatorFn) {\n          debug(\"no validator configured - passing through\");\n          return { action: \"continue\" };\n        }\n\n        const rawResult = await validatorFn(parsed);\n        const result = normalizeResult(rawResult);\n\n        if (!result.valid) {\n          const details =\n            result.errors && result.errors.length > 0\n              ? `${config.errorMessage!}: ${result.errors.join(\"; \")}`\n              : config.errorMessage!;\n          debug(\"validation failed: %s\", details);\n          return {\n            action: \"reject\",\n            status: 400,\n            code: \"validation_failed\",\n            message: details,\n          };\n        }\n\n        debug(\"validation passed\");\n        return { action: \"continue\" };\n      },\n    },\n  });\n"],"mappings":"AAUA,SAAS,oBAAoB;AAC7B,SAAS,cAAc,gBAAgB;AAiCvC,SAAS,gBAAgB,QAAsD;AAC7E,MAAI,OAAO,WAAW,WAAW;AAC/B,WAAO,EAAE,OAAO,OAAO;AAAA,EACzB;AACA,SAAO;AACT;AA4BO,MAAM,oBACG,6BAAsC;AAAA,EAClD,MAAM;AAAA,EACN,UAAU,SAAS;AAAA,EACnB,QAAQ,CAAC,cAAc;AAAA,EACvB,UAAU;AAAA,IACR,cAAc,CAAC,kBAAkB;AAAA,IACjC,cAAc;AAAA,EAChB;AAAA,EACA,SAAS,OAAO,GAAG,MAAM,EAAE,QAAQ,MAAM,MAAM;AAC7C,UAAM,cAAc,EAAE,IAAI,OAAO,cAAc,KAAK;AACpD,UAAM,cAAc,OAAO,aAAc;AAAA,MAAK,CAAC,OAC7C,YAAY,SAAS,EAAE;AAAA,IACzB;AAEA,QAAI,CAAC,aAAa;AAChB;AAAA,QACE;AAAA,QACA;AAAA,QACA,OAAO;AAAA,MACT;AACA,YAAM,KAAK;AACX;AAAA,IACF;AAGA,QAAI;AACJ,QAAI;AACF,YAAM,SAAS,EAAE,IAAI,IAAI,MAAM;AAC/B,YAAM,OAAO,MAAM,OAAO,KAAK;AAC/B,eAAS,KAAK,MAAM,IAAI;AAAA,IAC1B,QAAQ;AACN,YAAM,mBAAmB;AACzB,YAAM,IAAI;AAAA,QACR;AAAA,QACA;AAAA,QACA,GAAG,OAAO,YAAa;AAAA,MACzB;AAAA,IACF;AAGA,UAAM,cAAc,OAAO,iBAAiB,OAAO;AACnD,QAAI,CAAC,aAAa;AAChB,YAAM,2CAA2C;AACjD,YAAM,KAAK;AACX;AAAA,IACF;AAEA,UAAM,YAAY,MAAM,YAAY,MAAM;AAC1C,UAAM,SAAS,gBAAgB,SAAS;AAExC,QAAI,CAAC,OAAO,OAAO;AACjB,YAAM,UACJ,OAAO,UAAU,OAAO,OAAO,SAAS,IACpC,GAAG,OAAO,YAAa,KAAK,OAAO,OAAO,KAAK,IAAI,CAAC,KACpD,OAAO;AACb,YAAM,yBAAyB,OAAO;AACtC,YAAM,IAAI,aAAa,KAAK,qBAAqB,OAAO;AAAA,IAC1D;AAEA,UAAM,mBAAmB;AACzB,UAAM,KAAK;AAAA,EACb;AAAA,EACA,UAAU;AAAA,IACR,WAAW,OAAO,OAAO,EAAE,QAAQ,MAAM,MAAM;AAC7C,YAAM,cAAc,MAAM,QAAQ,IAAI,cAAc,KAAK;AACzD,YAAM,cAAc,OAAO,aAAc;AAAA,QAAK,CAAC,OAC7C,YAAY,SAAS,EAAE;AAAA,MACzB;AAEA,UAAI,CAAC,aAAa;AAChB;AAAA,UACE;AAAA,UACA;AAAA,UACA,OAAO;AAAA,QACT;AACA,eAAO,EAAE,QAAQ,WAAW;AAAA,MAC9B;AAGA,UAAI;AACJ,UAAI;AACF,YAAI,CAAC,MAAM,MAAM;AACf,gBAAM,mBAAmB;AACzB,iBAAO;AAAA,YACL,QAAQ;AAAA,YACR,QAAQ;AAAA,YACR,MAAM;AAAA,YACN,SAAS,GAAG,OAAO,YAAa;AAAA,UAClC;AAAA,QACF;AACA,cAAM,UACJ,OAAO,MAAM,SAAS,WAClB,MAAM,OACN,IAAI,YAAY,EAAE,OAAO,MAAM,IAAI;AACzC,iBAAS,KAAK,MAAM,OAAO;AAAA,MAC7B,QAAQ;AACN,cAAM,mBAAmB;AACzB,eAAO;AAAA,UACL,QAAQ;AAAA,UACR,QAAQ;AAAA,UACR,MAAM;AAAA,UACN,SAAS,GAAG,OAAO,YAAa;AAAA,QAClC;AAAA,MACF;AAGA,YAAM,cAAc,OAAO,iBAAiB,OAAO;AACnD,UAAI,CAAC,aAAa;AAChB,cAAM,2CAA2C;AACjD,eAAO,EAAE,QAAQ,WAAW;AAAA,MAC9B;AAEA,YAAM,YAAY,MAAM,YAAY,MAAM;AAC1C,YAAM,SAAS,gBAAgB,SAAS;AAExC,UAAI,CAAC,OAAO,OAAO;AACjB,cAAM,UACJ,OAAO,UAAU,OAAO,OAAO,SAAS,IACpC,GAAG,OAAO,YAAa,KAAK,OAAO,OAAO,KAAK,IAAI,CAAC,KACpD,OAAO;AACb,cAAM,yBAAyB,OAAO;AACtC,eAAO;AAAA,UACL,QAAQ;AAAA,UACR,QAAQ;AAAA,UACR,MAAM;AAAA,UACN,SAAS;AAAA,QACX;AAAA,MACF;AAEA,YAAM,mBAAmB;AACzB,aAAO,EAAE,QAAQ,WAAW;AAAA,IAC9B;AAAA,EACF;AACF,CAAC;","names":[]}

package/dist/policies/transform/transform.d.ts

@@ -0,0 +1,75 @@
+import { g as PolicyConfig, P as Policy } from '../../protocol-2fD3DJrL.js';
+import 'hono';
+import '../sdk/trace.js';
+import '@vivero/stoma-core';
+
+interface RequestTransformConfig extends PolicyConfig {
+    /** Headers to add or overwrite on the outgoing request. */
+    setHeaders?: Record<string, string>;
+    /** Header names to remove from the outgoing request. */
+    removeHeaders?: string[];
+    /** Rename headers: keys are old names, values are new names. */
+    renameHeaders?: Record<string, string>;
+}
+interface ResponseTransformConfig extends PolicyConfig {
+    /** Headers to add or overwrite on the response. */
+    setHeaders?: Record<string, string>;
+    /** Header names to remove from the response. */
+    removeHeaders?: string[];
+    /** Rename headers: keys are old names, values are new names. */
+    renameHeaders?: Record<string, string>;
+}
+/**
+ * Modify request headers before they reach the upstream service.
+ *
+ * Applies header transformations in order: rename → set → remove. Handles
+ * Cloudflare Workers' immutable `Request.headers` by cloning the request
+ * with modified headers.
+ *
+ * @param config - Header set/remove/rename operations. At least one should be provided.
+ * @returns A {@link Policy} at priority 50 (mid-pipeline, after auth, before upstream).
+ *
+ * @example
+ * ```ts
+ * import { requestTransform } from "@vivero/stoma/policies";
+ *
+ * // Add API version header and strip cookies
+ * requestTransform({
+ *   setHeaders: { "x-api-version": "2024-01-01" },
+ *   removeHeaders: ["cookie"],
+ * });
+ *
+ * // Rename a legacy header to the new convention
+ * requestTransform({
+ *   renameHeaders: { "x-old-auth": "authorization" },
+ * });
+ * ```
+ */
+declare const requestTransform: (config?: RequestTransformConfig | undefined) => Policy;
+/**
+ * Modify response headers after the upstream service returns.
+ *
+ * Applies header transformations in order: rename → set → remove. Runs at
+ * priority 92 (late in the pipeline) so it can modify headers set by the
+ * upstream or earlier policies.
+ *
+ * @param config - Header set/remove/rename operations. At least one should be provided.
+ * @returns A {@link Policy} at priority 92 (runs late, after upstream responds).
+ *
+ * @example
+ * ```ts
+ * import { responseTransform } from "@vivero/stoma/policies";
+ *
+ * // Add security headers and strip server info
+ * responseTransform({
+ *   setHeaders: {
+ *     "strict-transport-security": "max-age=31536000; includeSubDomains",
+ *     "x-content-type-options": "nosniff",
+ *   },
+ *   removeHeaders: ["server", "x-powered-by"],
+ * });
+ * ```
+ */
+declare const responseTransform: (config?: ResponseTransformConfig | undefined) => Policy;
+
+export { type RequestTransformConfig, type ResponseTransformConfig, requestTransform, responseTransform };

package/dist/policies/transform/transform.js

@@ -0,0 +1,116 @@
+import { withModifiedHeaders } from "../../utils/headers";
+import { definePolicy, Priority } from "../sdk";
+const requestTransform = /* @__PURE__ */ definePolicy({
+  name: "request-transform",
+  priority: Priority.REQUEST_TRANSFORM,
+  phases: ["request-headers"],
+  handler: async (c, next, { config }) => {
+    const setHeaders = config.setHeaders;
+    const removeHeaders = config.removeHeaders;
+    const renameHeaders = config.renameHeaders;
+    withModifiedHeaders(c, (headers) => {
+      if (renameHeaders) {
+        for (const [oldName, newName] of Object.entries(renameHeaders)) {
+          const value = headers.get(oldName);
+          if (value !== null) {
+            headers.set(newName, value);
+            headers.delete(oldName);
+          }
+        }
+      }
+      if (setHeaders) {
+        for (const [name, value] of Object.entries(setHeaders)) {
+          headers.set(name, value);
+        }
+      }
+      if (removeHeaders) {
+        for (const name of removeHeaders) {
+          headers.delete(name);
+        }
+      }
+    });
+    await next();
+  },
+  evaluate: {
+    onRequest: async (_input, { config }) => {
+      const mutations = [];
+      if (config.setHeaders) {
+        for (const [name, value] of Object.entries(config.setHeaders)) {
+          mutations.push({
+            type: "header",
+            op: "set",
+            name,
+            value
+          });
+        }
+      }
+      if (config.removeHeaders) {
+        for (const name of config.removeHeaders) {
+          mutations.push({
+            type: "header",
+            op: "remove",
+            name
+          });
+        }
+      }
+      return mutations.length > 0 ? { action: "continue", mutations } : { action: "continue" };
+    }
+  }
+});
+const responseTransform = /* @__PURE__ */ definePolicy({
+  name: "response-transform",
+  priority: Priority.RESPONSE_TRANSFORM,
+  phases: ["response-headers"],
+  handler: async (c, next, { config }) => {
+    await next();
+    if (config.renameHeaders) {
+      for (const [oldName, newName] of Object.entries(config.renameHeaders)) {
+        const value = c.res.headers.get(oldName);
+        if (value !== null) {
+          c.res.headers.set(newName, value);
+          c.res.headers.delete(oldName);
+        }
+      }
+    }
+    if (config.setHeaders) {
+      for (const [name, value] of Object.entries(config.setHeaders)) {
+        c.res.headers.set(name, value);
+      }
+    }
+    if (config.removeHeaders) {
+      for (const name of config.removeHeaders) {
+        c.res.headers.delete(name);
+      }
+    }
+  },
+  evaluate: {
+    onResponse: async (_input, { config }) => {
+      const mutations = [];
+      if (config.setHeaders) {
+        for (const [name, value] of Object.entries(config.setHeaders)) {
+          mutations.push({
+            type: "header",
+            op: "set",
+            name,
+            value
+          });
+        }
+      }
+      if (config.removeHeaders) {
+        for (const name of config.removeHeaders) {
+          mutations.push({
+            type: "header",
+            op: "remove",
+            name
+          });
+        }
+      }
+      return mutations.length > 0 ? { action: "continue", mutations } : { action: "continue" };
+    }
+  }
+});
+export {
+  requestTransform,
+  responseTransform
+};
+//# sourceMappingURL=transform.js.map

package/dist/policies/transform/transform.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/policies/transform/transform.ts"],"sourcesContent":["/**\n * Request and response header transformation policies.\n *\n * @module transform\n */\n\nimport type { Mutation } from \"../../core/protocol\";\nimport { withModifiedHeaders } from \"../../utils/headers\";\nimport { definePolicy, Priority } from \"../sdk\";\nimport type { PolicyConfig } from \"../types\";\n\nexport interface RequestTransformConfig extends PolicyConfig {\n  /** Headers to add or overwrite on the outgoing request. */\n  setHeaders?: Record<string, string>;\n  /** Header names to remove from the outgoing request. */\n  removeHeaders?: string[];\n  /** Rename headers: keys are old names, values are new names. */\n  renameHeaders?: Record<string, string>;\n}\n\nexport interface ResponseTransformConfig extends PolicyConfig {\n  /** Headers to add or overwrite on the response. */\n  setHeaders?: Record<string, string>;\n  /** Header names to remove from the response. */\n  removeHeaders?: string[];\n  /** Rename headers: keys are old names, values are new names. */\n  renameHeaders?: Record<string, string>;\n}\n\n/**\n * Modify request headers before they reach the upstream service.\n *\n * Applies header transformations in order: rename → set → remove. Handles\n * Cloudflare Workers' immutable `Request.headers` by cloning the request\n * with modified headers.\n *\n * @param config - Header set/remove/rename operations. At least one should be provided.\n * @returns A {@link Policy} at priority 50 (mid-pipeline, after auth, before upstream).\n *\n * @example\n * ```ts\n * import { requestTransform } from \"@vivero/stoma/policies\";\n *\n * // Add API version header and strip cookies\n * requestTransform({\n *   setHeaders: { \"x-api-version\": \"2024-01-01\" },\n *   removeHeaders: [\"cookie\"],\n * });\n *\n * // Rename a legacy header to the new convention\n * requestTransform({\n *   renameHeaders: { \"x-old-auth\": \"authorization\" },\n * });\n * ```\n */\nexport const requestTransform =\n  /*#__PURE__*/ definePolicy<RequestTransformConfig>({\n    name: \"request-transform\",\n    priority: Priority.REQUEST_TRANSFORM,\n    phases: [\"request-headers\"],\n    handler: async (c, next, { config }) => {\n      const setHeaders = config.setHeaders;\n      const removeHeaders = config.removeHeaders;\n      const renameHeaders = config.renameHeaders;\n\n      withModifiedHeaders(c, (headers) => {\n        // Rename before set/remove so renames don't collide\n        if (renameHeaders) {\n          for (const [oldName, newName] of Object.entries(renameHeaders)) {\n            const value = headers.get(oldName);\n            if (value !== null) {\n              headers.set(newName, value);\n              headers.delete(oldName);\n            }\n          }\n        }\n\n        if (setHeaders) {\n          for (const [name, value] of Object.entries(setHeaders)) {\n            headers.set(name, value);\n          }\n        }\n\n        if (removeHeaders) {\n          for (const name of removeHeaders) {\n            headers.delete(name);\n          }\n        }\n      });\n\n      await next();\n    },\n    evaluate: {\n      onRequest: async (_input, { config }) => {\n        const mutations: Mutation[] = [];\n\n        // Set headers\n        if (config.setHeaders) {\n          for (const [name, value] of Object.entries(config.setHeaders)) {\n            mutations.push({\n              type: \"header\",\n              op: \"set\" as const,\n              name,\n              value,\n            });\n          }\n        }\n\n        // Remove headers\n        if (config.removeHeaders) {\n          for (const name of config.removeHeaders) {\n            mutations.push({\n              type: \"header\",\n              op: \"remove\" as const,\n              name,\n            });\n          }\n        }\n\n        return mutations.length > 0\n          ? { action: \"continue\", mutations }\n          : { action: \"continue\" };\n      },\n    },\n  });\n\n/**\n * Modify response headers after the upstream service returns.\n *\n * Applies header transformations in order: rename → set → remove. Runs at\n * priority 92 (late in the pipeline) so it can modify headers set by the\n * upstream or earlier policies.\n *\n * @param config - Header set/remove/rename operations. At least one should be provided.\n * @returns A {@link Policy} at priority 92 (runs late, after upstream responds).\n *\n * @example\n * ```ts\n * import { responseTransform } from \"@vivero/stoma/policies\";\n *\n * // Add security headers and strip server info\n * responseTransform({\n *   setHeaders: {\n *     \"strict-transport-security\": \"max-age=31536000; includeSubDomains\",\n *     \"x-content-type-options\": \"nosniff\",\n *   },\n *   removeHeaders: [\"server\", \"x-powered-by\"],\n * });\n * ```\n */\nexport const responseTransform =\n  /*#__PURE__*/ definePolicy<ResponseTransformConfig>({\n    name: \"response-transform\",\n    priority: Priority.RESPONSE_TRANSFORM,\n    phases: [\"response-headers\"],\n    handler: async (c, next, { config }) => {\n      await next();\n\n      // Response headers are mutable (we create the Response ourselves\n      // in the upstream handler), so direct mutation is safe here.\n      // Note: Request headers need cloning because Workers makes them immutable.\n\n      // Rename before set/remove\n      if (config.renameHeaders) {\n        for (const [oldName, newName] of Object.entries(config.renameHeaders)) {\n          const value = c.res.headers.get(oldName);\n          if (value !== null) {\n            c.res.headers.set(newName, value);\n            c.res.headers.delete(oldName);\n          }\n        }\n      }\n\n      if (config.setHeaders) {\n        for (const [name, value] of Object.entries(config.setHeaders)) {\n          c.res.headers.set(name, value);\n        }\n      }\n\n      if (config.removeHeaders) {\n        for (const name of config.removeHeaders) {\n          c.res.headers.delete(name);\n        }\n      }\n    },\n    evaluate: {\n      onResponse: async (_input, { config }) => {\n        const mutations: Mutation[] = [];\n\n        // Set headers\n        if (config.setHeaders) {\n          for (const [name, value] of Object.entries(config.setHeaders)) {\n            mutations.push({\n              type: \"header\",\n              op: \"set\" as const,\n              name,\n              value,\n            });\n          }\n        }\n\n        // Remove headers\n        if (config.removeHeaders) {\n          for (const name of config.removeHeaders) {\n            mutations.push({\n              type: \"header\",\n              op: \"remove\" as const,\n              name,\n            });\n          }\n        }\n\n        return mutations.length > 0\n          ? { action: \"continue\", mutations }\n          : { action: \"continue\" };\n      },\n    },\n  });\n"],"mappings":"AAOA,SAAS,2BAA2B;AACpC,SAAS,cAAc,gBAAgB;AA+ChC,MAAM,mBACG,6BAAqC;AAAA,EACjD,MAAM;AAAA,EACN,UAAU,SAAS;AAAA,EACnB,QAAQ,CAAC,iBAAiB;AAAA,EAC1B,SAAS,OAAO,GAAG,MAAM,EAAE,OAAO,MAAM;AACtC,UAAM,aAAa,OAAO;AAC1B,UAAM,gBAAgB,OAAO;AAC7B,UAAM,gBAAgB,OAAO;AAE7B,wBAAoB,GAAG,CAAC,YAAY;AAElC,UAAI,eAAe;AACjB,mBAAW,CAAC,SAAS,OAAO,KAAK,OAAO,QAAQ,aAAa,GAAG;AAC9D,gBAAM,QAAQ,QAAQ,IAAI,OAAO;AACjC,cAAI,UAAU,MAAM;AAClB,oBAAQ,IAAI,SAAS,KAAK;AAC1B,oBAAQ,OAAO,OAAO;AAAA,UACxB;AAAA,QACF;AAAA,MACF;AAEA,UAAI,YAAY;AACd,mBAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,UAAU,GAAG;AACtD,kBAAQ,IAAI,MAAM,KAAK;AAAA,QACzB;AAAA,MACF;AAEA,UAAI,eAAe;AACjB,mBAAW,QAAQ,eAAe;AAChC,kBAAQ,OAAO,IAAI;AAAA,QACrB;AAAA,MACF;AAAA,IACF,CAAC;AAED,UAAM,KAAK;AAAA,EACb;AAAA,EACA,UAAU;AAAA,IACR,WAAW,OAAO,QAAQ,EAAE,OAAO,MAAM;AACvC,YAAM,YAAwB,CAAC;AAG/B,UAAI,OAAO,YAAY;AACrB,mBAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,OAAO,UAAU,GAAG;AAC7D,oBAAU,KAAK;AAAA,YACb,MAAM;AAAA,YACN,IAAI;AAAA,YACJ;AAAA,YACA;AAAA,UACF,CAAC;AAAA,QACH;AAAA,MACF;AAGA,UAAI,OAAO,eAAe;AACxB,mBAAW,QAAQ,OAAO,eAAe;AACvC,oBAAU,KAAK;AAAA,YACb,MAAM;AAAA,YACN,IAAI;AAAA,YACJ;AAAA,UACF,CAAC;AAAA,QACH;AAAA,MACF;AAEA,aAAO,UAAU,SAAS,IACtB,EAAE,QAAQ,YAAY,UAAU,IAChC,EAAE,QAAQ,WAAW;AAAA,IAC3B;AAAA,EACF;AACF,CAAC;AA0BI,MAAM,oBACG,6BAAsC;AAAA,EAClD,MAAM;AAAA,EACN,UAAU,SAAS;AAAA,EACnB,QAAQ,CAAC,kBAAkB;AAAA,EAC3B,SAAS,OAAO,GAAG,MAAM,EAAE,OAAO,MAAM;AACtC,UAAM,KAAK;AAOX,QAAI,OAAO,eAAe;AACxB,iBAAW,CAAC,SAAS,OAAO,KAAK,OAAO,QAAQ,OAAO,aAAa,GAAG;AACrE,cAAM,QAAQ,EAAE,IAAI,QAAQ,IAAI,OAAO;AACvC,YAAI,UAAU,MAAM;AAClB,YAAE,IAAI,QAAQ,IAAI,SAAS,KAAK;AAChC,YAAE,IAAI,QAAQ,OAAO,OAAO;AAAA,QAC9B;AAAA,MACF;AAAA,IACF;AAEA,QAAI,OAAO,YAAY;AACrB,iBAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,OAAO,UAAU,GAAG;AAC7D,UAAE,IAAI,QAAQ,IAAI,MAAM,KAAK;AAAA,MAC/B;AAAA,IACF;AAEA,QAAI,OAAO,eAAe;AACxB,iBAAW,QAAQ,OAAO,eAAe;AACvC,UAAE,IAAI,QAAQ,OAAO,IAAI;AAAA,MAC3B;AAAA,IACF;AAAA,EACF;AAAA,EACA,UAAU;AAAA,IACR,YAAY,OAAO,QAAQ,EAAE,OAAO,MAAM;AACxC,YAAM,YAAwB,CAAC;AAG/B,UAAI,OAAO,YAAY;AACrB,mBAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,OAAO,UAAU,GAAG;AAC7D,oBAAU,KAAK;AAAA,YACb,MAAM;AAAA,YACN,IAAI;AAAA,YACJ;AAAA,YACA;AAAA,UACF,CAAC;AAAA,QACH;AAAA,MACF;AAGA,UAAI,OAAO,eAAe;AACxB,mBAAW,QAAQ,OAAO,eAAe;AACvC,oBAAU,KAAK;AAAA,YACb,MAAM;AAAA,YACN,IAAI;AAAA,YACJ;AAAA,UACF,CAAC;AAAA,QACH;AAAA,MACF;AAEA,aAAO,UAAU,SAAS,IACtB,EAAE,QAAQ,YAAY,UAAU,IAChC,EAAE,QAAQ,WAAW;AAAA,IAC3B;AAAA,EACF;AACF,CAAC;","names":[]}

package/dist/policies/types.d.ts

@@ -0,0 +1,4 @@
+import 'hono';
+export { P as Policy, g as PolicyConfig, h as PolicyContext } from '../protocol-2fD3DJrL.js';
+import '@vivero/stoma-core';
+import './sdk/trace.js';

package/dist/policies/types.js

@@ -0,0 +1 @@
+//# sourceMappingURL=types.js.map

package/dist/policies/types.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}