firebase-functions 6.3.2 → 6.5.0

package/.guides/config.json

@@ -0,0 +1,9 @@
+{
+  "description": "Use this library to build serverless functions for event triggers and HTTP using Cloud Functions for Firebase",
+  "mcpServers": {
+    "firebase": {
+      "command": "npx",
+      "args": ["-y", "firebase-tools@latest", "experimental:mcp"]
+    }
+  }
+}

package/.guides/setup.md

@@ -0,0 +1,69 @@
+# Cloud Functions for Firebase setup guide
+
+This guide provides a step-by-step process for setting up Cloud Functions, tailored for coding agents.
+
+## 1. Create a 2nd-gen HTTP function
+
+Replace the contents of `src/index.ts` (or `index.js`) with the following code to create a simple, modern v2 HTTP endpoint.
+
+```typescript
+import { onRequest } from "firebase-functions/https";
+import { onDocumentCreated } from "firebase-functions/firestore";
+import * as logger from "firebase-functions/logger";
+import { defineString, defineInt } from "firebase-functions/params";
+
+// Configurable parameters
+const scaleLimit = defineInt("MAX_INSTANCES", { default: 1 });
+const greeting = defineString("GREETING", { default: "Hello" });
+
+export const helloWorld = onRequest({ maxInstances: scaleLimit }, async (request, response) => {
+  logger.info("Request received!", request);
+  response.send(`${greeting.value()} from Firebase!`);
+});
+
+export const newDoc = onDocumentCreated(
+  { maxInstances: scaleLimit },
+  "/words/{wordId}",
+  async (event) => {
+    logger.info("New word!", event.data.data());
+  }
+);
+```
+
+**Key points for the agent:**
+
+- Use `logger` for structured logging.
+- Use `defineString`, `defineInt`, `defineSecret` for environment configuration instead of `functions.config()`.
+- Recommend a `maxInstances` setting of 1 for all functions until correct behavior can be verified.
+
+## 2. Build TypeScript
+
+Compile your TypeScript code to JavaScript.
+
+```bash
+npm run build
+```
+
+## 3. Local Development and Testing
+
+Use the Firebase Emulators to test your function locally before deploying.
+
+A human should run the following command in a separate terminal window to start the emulators:
+
+```bash
+# Start the functions emulator
+firebase emulators:start --only functions
+```
+
+A human can then interact with the function at the local URL provided by the emulator.
+
+## 4. Deploy to Firebase
+
+Once testing is complete, deploy the function to your Firebase project.
+
+```bash
+# Deploy only the functions
+firebase deploy --only functions
+```
+
+The agent will be prompted to set any parameters defined with `defineString` or other `define` functions that do not have a default value.

package/.guides/upgrade.md

@@ -0,0 +1,178 @@
+# Upgrading a 1st gen to 2nd gen
+
+This guide provides a step-by-step process for migrating a single Cloud Function from 1st to 2nd generation. Migrate functions one-by-one. Run both generations side-by-side before deleting the 1st gen function.
+
+## 1. Identify a 1st-gen function to upgrade
+
+Find all 1st-gen functions in the directory. 1st-gen functions used a namespaced API like this:
+
+**Before (1st Gen):**
+
+```typescript
+import * as functions from "firebase-functions";
+
+export const webhook = functions.https.onRequest((request, response) => {
+  // ...
+});
+```
+
+Sometimes, they'll explicitly import from the `firebase-functions/v1` subpackage, but not always.
+
+Ask the human to pick a **single** function to upgrade from the list of 1st gen functions you found.
+
+## 2. Update Dependencies
+
+Ensure your `firebase-functions` and `firebase-admin` SDKs are up-to-date, and you are using a recent version of the Firebase CLI.
+
+## 3. Modify Imports
+
+Update your import statements to use the top-level modules.
+
+**After (2nd Gen):**
+
+```typescript
+import { onRequest } from "firebase-functions/https";
+```
+
+## 4. Update Trigger Definition
+
+The SDK is now more modular. Update your trigger definition accordingly.
+
+**After (2nd Gen):**
+
+```typescript
+export const webhook = onRequest((request, response) => {
+  // ...
+});
+```
+
+Here are other examples of trigger changes:
+
+### Callable Triggers
+
+**Before (1st Gen):**
+
+```typescript
+export const getprofile = functions.https.onCall((data, context) => {
+  // ...
+});
+```
+
+**After (2nd Gen):**
+
+```typescript
+import { onCall } from "firebase-functions/https";
+
+export const getprofile = onCall((request) => {
+  // ...
+});
+```
+
+### Background Triggers (Pub/Sub)
+
+**Before (1st Gen):**
+
+```typescript
+export const hellopubsub = functions.pubsub.topic("topic-name").onPublish((message) => {
+  // ...
+});
+```
+
+**After (2nd Gen):**
+
+```typescript
+import { onMessagePublished } from "firebase-functions/pubsub";
+
+export const hellopubsub = onMessagePublished("topic-name", (event) => {
+  // ...
+});
+```
+
+## 5. Use Parameterized Configuration
+
+Migrate from `functions.config()` to the new `params` module for environment configuration.
+
+**Before (`.runtimeconfig.json`):**
+
+```json
+{
+  "someservice": {
+    "key": "somesecret"
+  }
+}
+```
+
+**And in code (1st Gen):**
+
+```typescript
+const SKEY = functions.config().someservice.key;
+```
+
+**After (2nd Gen):**
+Define params in your code and set their values during deployment.
+
+**In `index.ts`:**
+
+```typescript
+import { defineString } from "firebase-functions/params";
+
+const SOMESERVICE_KEY = defineString("SOMESERVICE_KEY");
+```
+
+Use `SOMESERVICE_KEY.value()` to access the value. For secrets like API keys, use `defineSecret`.
+
+**In `index.ts`:**
+
+```typescript
+import { defineSecret } from "firebase-functions/params";
+
+const SOMESERVICE_KEY = defineSecret("SOMESERVICE_KEY");
+```
+
+The human will be prompted to set the value on deployment. The value will be stored securely in Cloud Secret Manager.
+
+## 6. Update Runtime Options
+
+Runtime options are now set directly within the function definition.
+
+**Before (1st Gen):**
+
+```typescript
+export const func = functions
+  .runWith({
+    // Keep 5 instances warm
+    minInstances: 5,
+  })
+  .https.onRequest((request, response) => {
+    // ...
+  });
+```
+
+**After (2nd Gen):**
+
+```typescript
+import { onRequest } from "firebase-functions/https";
+
+export const func = onRequest(
+  {
+    // Keep 5 instances warm
+    minInstances: 5,
+  },
+  (request, response) => {
+    // ...
+  }
+);
+```
+
+## 7. Traffic Migration
+
+A human should follow these steps to migrate safely:
+
+> To migrate traffic safely:
+>
+> 1.  Rename your new 2nd gen function with a different name.
+> 2.  Comment out any existing `minInstances` or `maxInstances` config in the new 2nd gen function and instead set `maxInstances` to `1` while testing.
+> 3.  Deploy it alongside the old 1st gen function.
+> 4.  Gradually introduce traffic to the new function (e.g., via client-side changes or by calling it from the 1st gen function).
+> 5.  As traffic ramps up to the new 2nd gen function, scale it up by adding back the original `minInstances` and `maxInstances` settings to the 2nd gen function. Reduce the `minInstances` and `maxInstances` settings for the 1st gen function as traffic decreases.
+> 6.  The 1st gen function can be deleted once it has stopped receiving traffic.

package/.guides/usage.md

@@ -0,0 +1,116 @@
+## Key Guidelines
+
+- Always use 2nd-gen functions for new development.
+- Use 1st-gen functions _only_ for Analytics and basic Auth triggers, since those aren't supported by 2nd gen.
+- Use `firebase-functions` SDK version 6.0.0 and above
+- Use top-level imports (e.g., `firebase-functions/https`). These are 2nd gen by default. If 1st gen is required (Analytics or basic Auth triggers), import from the `firebase-functions/v1` import path.
+
+## Configuration: Use Secret Params for API Keys
+
+For sensitive information like API keys (e.g., for LLMs, payment providers, etc.), **always** use `defineSecret`. This stores the value securely in Cloud Secret Manager.
+
+```typescript
+import { onRequest } from "firebase-functions/https";
+import { logger } from "firebase-functions/logger";
+import { defineString, defineSecret } from "firebase-functions/params";
+
+// Securely define an LLM API key
+const LLM_API_KEY = defineSecret("LLM_API_KEY");
+
+// Example function that uses the secret
+export const callLlm = onRequest({ secrets: [LLM_API_KEY] }, async (req, res) => {
+  const apiKey = LLM_API_KEY.value();
+
+  // Use the apiKey to make a call to the LLM service
+  logger.info("Calling LLM with API key.");
+
+  // insert code here to call LLM...
+
+  res.send("LLM API call initiated.");
+});
+```
+
+The CLI will prompt for secret's value at deploy time. Alternatively, a human can set the secret using the Firebase CLI command:
+
+```bash
+firebase functions:secrets:set <SECRET_NAME>
+```
+
+If you see an API key being accessed with `functions.config` in existing functions code, offer to upgrade to params.
+
+## Use the Firebase Admin SDK
+
+To interact with Firebase services like Firestore, Auth, or RTDB from within your functions, you need to initialize the Firebase Admin SDK. Call `initializeApp` without any arguments so that Application Default Credentials are used.
+
+1.  **Install the SDK:**
+
+    ```bash
+    npm i firebase-admin
+    ```
+
+2.  **Initialize in your code:**
+
+    ```typescript
+    import * as admin from "firebase-admin";
+    import { onInit } from "firebase-functions";
+
+    onInit(() => {
+      admin.initializeApp();
+    });
+    ```
+
+    This should be done once at the top level of your `index.ts` file.
+
+## Common Imports
+
+```typescript
+import { onRequest, onCall, onCallGenkit } from "firebase-functions/https";
+import { onDocumentUpdated } from "firebase-functions/firestore";
+import { onNewFatalIssuePublished } from "firebase-functions/alerts/crashlytics";
+import { onValueWritten } from "firebase-functions/database";
+import { onSchedule } from "firebase-functions/scheduler";
+const { onTaskDispatched } = require("firebase-functions/tasks");
+import { onObjectFinalized } from "firebase-functions/storage";
+import { onMessagePublished } from "firebase-functions/pubsub";
+import { beforeUserSignedIn } from "firebase-functions/identity";
+import { onTestMatrixCompleted } from "firebase-functions/testLab";
+import { logger, onInit } from "firebase-functions";
+import { defineString, defineSecret } from "firebase-functions/params";
+```
+
+A human can find code samples for these triggers in the [functions-samples repository](https://github.com/firebase/functions-samples/tree/main/Node).
+
+## 1st-gen Functions (Legacy Triggers)
+
+Use the `firebase-functions/v1` import for Analytics and basic Auth triggers. These aren't supported in 2nd gen.
+
+```typescript
+import * as functionsV1 from "firebase-functions/v1";
+
+// v1 Analytics trigger
+export const onPurchase = functionsV1.analytics.event("purchase").onLog(async (event) => {
+  logger.info("Purchase event", { value: event.params?.value });
+});
+
+// v1 Auth trigger
+export const onUserCreate = functionsV1.auth.user().onCreate(async (user) => {
+  logger.info("User created", { uid: user.uid });
+});
+```
+
+## Development Commands
+
+```bash
+# Install dependencies
+npm install
+
+# Compile TypeScript
+npm run build
+
+# Run emulators for local development
+# This is a long-running command. A human can run this command themselves to start the emulators:
+firebase emulators:start --only functions
+
+# Deploy functions
+firebase deploy --only functions
+```

package/README.md

@@ -10,12 +10,12 @@ Learn more about the Firebase SDK for Cloud Functions in the [Firebase documenta
 
 Here are some resources to get help:
 
-- Start with the quickstart: https://firebase.google.com/docs/functions/write-firebase-functions
-- Go through the guide: https://firebase.google.com/docs/functions/
-- Read the full API reference: https://firebase.google.com/docs/reference/functions/
-- Browse some examples: https://github.com/firebase/functions-samples
+- [Start with the quickstart](https://firebase.google.com/docs/functions/write-firebase-functions)
+- [Go through the guides](https://firebase.google.com/docs/functions/)
+- [Read the full API reference](https://firebase.google.com/docs/reference/functions/2nd-gen/node/firebase-functions)
+- [Browse some examples](https://github.com/firebase/functions-samples)
 
-If the official documentation doesn't help, try asking through our official support channels: https://firebase.google.com/support/
+If the official documentation doesn't help, try asking through our [official support channels](https://firebase.google.com/support/)
 
 _Please avoid double posting across multiple channels!_
 

package/lib/bin/firebase-functions.js

@@ -23,6 +23,8 @@
 // SOFTWARE.
 Object.defineProperty(exports, "__esModule", { value: true });
 const express = require("express");
+const fs = require("fs/promises");
+const path = require("path");
 const loader_1 = require("../runtime/loader");
 const manifest_1 = require("../runtime/manifest");
 function printUsageAndExit() {
@@ -42,30 +44,76 @@ if (args.length > 1) {
     }
     functionsDir = args[0];
 }
-let server = undefined;
-const app = express();
-function handleQuitquitquit(req, res) {
+function handleQuitquitquit(req, res, server) {
     res.send("ok");
     server.close();
 }
-app.get("/__/quitquitquit", handleQuitquitquit);
-app.post("/__/quitquitquit", handleQuitquitquit);
-if (process.env.FUNCTIONS_CONTROL_API === "true") {
-    app.get("/__/functions.yaml", async (req, res) => {
+if (process.env.FUNCTIONS_MANIFEST_OUTPUT_PATH) {
+    void (async () => {
+        var _a;
+        const outputPath = process.env.FUNCTIONS_MANIFEST_OUTPUT_PATH;
         try {
+            // Validate the output path
+            const dir = path.dirname(outputPath);
+            try {
+                await fs.access(dir, fs.constants.W_OK);
+            }
+            catch (e) {
+                console.error(`Error: Cannot write to directory '${dir}': ${e instanceof Error ? e.message : String(e)}`);
+                console.error("Please ensure the directory exists and you have write permissions.");
+                process.exit(1);
+            }
             const stack = await (0, loader_1.loadStack)(functionsDir);
-            res.setHeader("content-type", "text/yaml");
-            res.send(JSON.stringify((0, manifest_1.stackToWire)(stack)));
+            const wireFormat = (0, manifest_1.stackToWire)(stack);
+            await fs.writeFile(outputPath, JSON.stringify(wireFormat, null, 2));
+            process.exit(0);
         }
         catch (e) {
-            console.error(e);
-            res.status(400).send(`Failed to generate manifest from function source: ${e}`);
+            if (e.code === "ENOENT") {
+                console.error(`Error: Directory '${path.dirname(outputPath)}' does not exist.`);
+                console.error("Please create the directory or specify a valid path.");
+            }
+            else if (e.code === "EACCES") {
+                console.error(`Error: Permission denied writing to '${outputPath}'.`);
+                console.error("Please check file permissions or choose a different location.");
+            }
+            else if ((_a = e.message) === null || _a === void 0 ? void 0 : _a.includes("Failed to generate manifest")) {
+                console.error(e.message);
+            }
+            else {
+                console.error(`Failed to generate manifest from function source: ${e instanceof Error ? e.message : String(e)}`);
+            }
+            if (e instanceof Error && e.stack) {
+                console.error(e.stack);
+            }
+            process.exit(1);
         }
-    });
+    })();
 }
-let port = 8080;
-if (process.env.PORT) {
-    port = Number.parseInt(process.env.PORT);
+else {
+    let server = undefined;
+    const app = express();
+    app.get("/__/quitquitquit", (req, res) => handleQuitquitquit(req, res, server));
+    app.post("/__/quitquitquit", (req, res) => handleQuitquitquit(req, res, server));
+    if (process.env.FUNCTIONS_CONTROL_API === "true") {
+        // eslint-disable-next-line @typescript-eslint/no-misused-promises
+        app.get("/__/functions.yaml", async (req, res) => {
+            try {
+                const stack = await (0, loader_1.loadStack)(functionsDir);
+                res.setHeader("content-type", "text/yaml");
+                res.send(JSON.stringify((0, manifest_1.stackToWire)(stack)));
+            }
+            catch (e) {
+                console.error(e);
+                const errorMessage = e instanceof Error ? e.message : String(e);
+                res.status(400).send(`Failed to generate manifest from function source: ${errorMessage}`);
+            }
+        });
+    }
+    let port = 8080;
+    if (process.env.PORT) {
+        port = Number.parseInt(process.env.PORT);
+    }
+    console.log("Serving at port", port);
+    server = app.listen(port);
 }
-console.log("Serving at port", port);
-server = app.listen(port);

package/lib/common/providers/database.js

@@ -99,9 +99,12 @@ class DataSnapshot {
     val() {
         const parts = (0, path_1.pathParts)(this._childPath);
         let source = this._data;
+        if (source === null) {
+            return null;
+        }
         if (parts.length) {
             for (const part of parts) {
-                if (source[part] === undefined) {
+                if (typeof source === "undefined" || source === null) {
                     return null;
                 }
                 source = source[part];

package/lib/common/providers/https.d.ts

@@ -36,8 +36,12 @@ export interface AppCheckData {
  * The interface for Auth tokens verified in Callable functions
  */
 export interface AuthData {
+    /** The user's uid from the request's ID token. */
     uid: string;
+    /** The decoded claims of the ID token after verification. */
     token: DecodedIdToken;
+    /** The raw ID token as parsed from the header. */
+    rawToken: string;
 }
 /**
  * The interface for metadata for the API as passed to the handler.

package/lib/common/providers/https.js

@@ -330,6 +330,7 @@ async function checkAuthToken(req, ctx) {
         ctx.auth = {
             uid: authToken.uid,
             token: authToken,
+            rawToken: idToken,
         };
         return "VALID";
     }

package/lib/common/providers/tasks.d.ts

@@ -46,6 +46,7 @@ export interface RateLimits {
 export interface AuthData {
     uid: string;
     token: DecodedIdToken;
+    rawToken: string;
 }
 /** Metadata about a call to a Task Queue function. */
 export interface TaskContext {

package/lib/common/providers/tasks.js

@@ -67,6 +67,7 @@ function onDispatchHandler(handler) {
                 context.auth = {
                     uid: authToken.uid,
                     token: authToken,
+                    rawToken: token,
                 };
             }
             const data = https.decode(req.body.data);

package/lib/common/trace.d.ts

@@ -1,3 +1,6 @@
+/// <reference types="node" />
+import { AsyncLocalStorage } from "async_hooks";
+export declare const traceContext: AsyncLocalStorage<TraceContext>;
 export interface TraceContext {
     version: string;
     traceId: string;

package/lib/common/trace.js

@@ -2,7 +2,6 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.extractTraceContext = exports.traceContext = void 0;
 const async_hooks_1 = require("async_hooks");
-/* @internal */
 exports.traceContext = new async_hooks_1.AsyncLocalStorage();
 /**
  * A regex to match the Cloud Trace header.

package/lib/logger/index.js

@@ -26,19 +26,19 @@ const util_1 = require("util");
 const trace_1 = require("../common/trace");
 const common_1 = require("./common");
 /** @internal */
-function removeCircular(obj, refs = []) {
+function removeCircular(obj, refs = new Set()) {
     if (typeof obj !== "object" || !obj) {
         return obj;
     }
     // If the object defines its own toJSON, prefer that.
-    if (obj.toJSON) {
+    if (obj.toJSON && typeof obj.toJSON === "function") {
         return obj.toJSON();
     }
-    if (refs.includes(obj)) {
+    if (refs.has(obj)) {
         return "[Circular]";
     }
     else {
-        refs.push(obj);
+        refs.add(obj);
     }
     let returnObj;
     if (Array.isArray(obj)) {
@@ -48,13 +48,24 @@ function removeCircular(obj, refs = []) {
         returnObj = {};
     }
     for (const k in obj) {
-        if (refs.includes(obj[k])) {
-            returnObj[k] = "[Circular]";
+        if (obj.hasOwnProperty(k)) {
+            try {
+                if (refs.has(obj[k])) {
+                    returnObj[k] = "[Circular]";
+                }
+                else {
+                    returnObj[k] = removeCircular(obj[k], refs);
+                }
+            }
+            catch {
+                returnObj[k] = "[Error - cannot serialize]";
+            }
         }
         else {
-            returnObj[k] = removeCircular(obj[k], refs);
+            returnObj[k] = "[Error - defined in the prototype but missing in the object]";
         }
     }
+    refs.delete(obj);
     return returnObj;
 }
 /**

package/lib/v1/cloud-functions.d.ts

@@ -55,8 +55,10 @@ export interface EventContext<Params = Record<string, string>> {
      * does not exist.
      */
     auth?: {
-        token: object;
         uid: string;
+        token: EventContextAuthToken;
+        /** If available, the unparsed ID token. */
+        rawToken?: string;
     };
     /**
      * The level of permissions for a user.
@@ -152,6 +154,28 @@ export interface EventContext<Params = Record<string, string>> {
      */
     timestamp: string;
 }
+/**
+ * https://firebase.google.com/docs/reference/security/database#authtoken
+ */
+export interface EventContextAuthToken {
+    iss: string;
+    aud: string;
+    auth_time: number;
+    iat: number;
+    exp: number;
+    sub: string;
+    email?: string;
+    email_verified?: boolean;
+    phone_number?: string;
+    name?: string;
+    firebase?: {
+        identities?: {
+            [key: string]: string[];
+        };
+        sign_in_provider?: string;
+        tenant?: string;
+    };
+}
 /**
  * Resource is a standard format for defining a resource
  * (google.rpc.context.AttributeContext.Resource). In Cloud Functions, it is the

package/lib/v2/index.d.ts

@@ -22,6 +22,7 @@ export { alerts, database, storage, https, identity, pubsub, logger, tasks, even
 export { setGlobalOptions, GlobalOptions, SupportedRegion, MemoryOption, VpcEgressSetting, IngressSetting, EventHandlerOptions, } from "./options";
 export { CloudFunction, CloudEvent, ParamsOf, onInit } from "./core";
 export { Change } from "../common/change";
+export { traceContext } from "../common/trace";
 import * as params from "../params";
 export { params };
 export { config } from "../v1/config";

package/lib/v2/index.js

@@ -21,7 +21,7 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 // SOFTWARE.
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.app = exports.config = exports.params = exports.Change = exports.onInit = exports.setGlobalOptions = exports.firestore = exports.testLab = exports.remoteConfig = exports.scheduler = exports.eventarc = exports.tasks = exports.logger = exports.pubsub = exports.identity = exports.https = exports.storage = exports.database = exports.alerts = void 0;
+exports.app = exports.config = exports.params = exports.traceContext = exports.Change = exports.onInit = exports.setGlobalOptions = exports.firestore = exports.testLab = exports.remoteConfig = exports.scheduler = exports.eventarc = exports.tasks = exports.logger = exports.pubsub = exports.identity = exports.https = exports.storage = exports.database = exports.alerts = void 0;
 /**
  * The 2nd gen API for Cloud Functions for Firebase.
  * This SDK supports deep imports. For example, the namespace
@@ -61,6 +61,8 @@ var core_1 = require("./core");
 Object.defineProperty(exports, "onInit", { enumerable: true, get: function () { return core_1.onInit; } });
 var change_1 = require("../common/change");
 Object.defineProperty(exports, "Change", { enumerable: true, get: function () { return change_1.Change; } });
+var trace_1 = require("../common/trace");
+Object.defineProperty(exports, "traceContext", { enumerable: true, get: function () { return trace_1.traceContext; } });
 // NOTE: Equivalent to `export * as params from "../params"` but api-extractor doesn't support that syntax.
 const params = require("../params");
 exports.params = params;

package/lib/v2/options.d.ts

@@ -134,11 +134,22 @@ export declare function setGlobalOptions(options: GlobalOptions): void;
  * Additional fields that can be set on any event-handling function.
  */
 export interface EventHandlerOptions extends Omit<GlobalOptions, "enforceAppCheck"> {
-    /** Type of the event. Valid values are TODO */
+    /** Type of the event. */
     eventType?: string;
-    /** TODO */
+    /**
+     * Filters events based on exact matches on the CloudEvents attributes.
+     *
+     * Each key-value pair represents an attribute name and its required value for exact matching.
+     * Events must match all specified filters to trigger the function.
+     */
     eventFilters?: Record<string, string | Expression<string>>;
-    /** TODO */
+    /**
+     * Filters events based on path pattern matching on the CloudEvents attributes.
+     *
+     * Similar to eventFilters, but supports wildcard patterns for flexible matching where `*` matches
+     * any single path segment, `**` matches zero or more path segments, and `{param}` captures a path segment
+     * as a parameter
+     */
     eventFilterPathPatterns?: Record<string, string | Expression<string>>;
     /** Whether failed executions should be delivered again. */
     retry?: boolean | Expression<boolean> | ResetValue;

package/lib/v2/providers/https.d.ts

@@ -22,7 +22,7 @@ export interface HttpsOptions extends Omit<GlobalOptions, "region" | "enforceApp
      * If this is an `Array`, allows requests from domains matching at least one entry of the array.
      * Defaults to true for {@link https.CallableFunction} and false otherwise.
      */
-    cors?: string | boolean | RegExp | Array<string | RegExp>;
+    cors?: string | Expression<string> | Expression<string[]> | boolean | RegExp | Array<string | RegExp>;
     /**
      * Amount of memory to allocate to a function.
      */
@@ -140,12 +140,12 @@ export interface CallableOptions<T = any> extends HttpsOptions {
      */
     heartbeatSeconds?: number | null;
     /**
-     * @deprecated
-     *
-     * Callback for whether a request is authorized.
+     * (Deprecated) Callback for whether a request is authorized.
      *
      * Designed to allow reusable auth policies to be passed as an options object. Two built-in reusable policies exist:
      * isSignedIn and hasClaim.
+     *
+     * @deprecated
      */
     authPolicy?: (auth: AuthData | null, data: T) => boolean | Promise<boolean>;
 }

package/lib/v2/providers/https.js

@@ -33,6 +33,7 @@ const debug_1 = require("../../common/debug");
 const https_1 = require("../../common/providers/https");
 Object.defineProperty(exports, "HttpsError", { enumerable: true, get: function () { return https_1.HttpsError; } });
 const manifest_1 = require("../../runtime/manifest");
+const params_1 = require("../../params");
 const options = require("../options");
 const onInit_1 = require("../../common/onInit");
 const logger = require("../../logger");
@@ -68,7 +69,7 @@ function onRequest(optsOrHandler, handler) {
         opts = optsOrHandler;
     }
     if ((0, debug_1.isDebugFeatureEnabled)("enableCors") || "cors" in opts) {
-        let origin = opts.cors;
+        let origin = opts.cors instanceof params_1.Expression ? opts.cors.value() : opts.cors;
         if ((0, debug_1.isDebugFeatureEnabled)("enableCors")) {
             // Respect `cors: false` to turn off cors even if debug feature is enabled.
             origin = opts.cors === false ? false : true;
@@ -146,7 +147,19 @@ function onCall(optsOrHandler, handler) {
     else {
         opts = optsOrHandler;
     }
-    let origin = (0, debug_1.isDebugFeatureEnabled)("enableCors") ? true : "cors" in opts ? opts.cors : true;
+    let cors;
+    if ("cors" in opts) {
+        if (opts.cors instanceof params_1.Expression) {
+            cors = opts.cors.value();
+        }
+        else {
+            cors = opts.cors;
+        }
+    }
+    else {
+        cors = true;
+    }
+    let origin = (0, debug_1.isDebugFeatureEnabled)("enableCors") ? true : cors;
     // Arrays cause the access-control-allow-origin header to be dynamic based
     // on the origin header of the request. If there is only one element in the
     // array, this is unnecessary.

package/lib/v2/providers/tasks.js

@@ -86,7 +86,6 @@ function onTaskDispatched(optsOrHandler, handler) {
     (0, encoding_1.copyIfPresent)(func.__endpoint.taskQueueTrigger.rateLimits, opts.rateLimits, "maxConcurrentDispatches", "maxDispatchesPerSecond");
     (0, encoding_1.convertIfPresent)(func.__endpoint.taskQueueTrigger, options.getGlobalOptions(), "invoker", "invoker", encoding_1.convertInvoker);
     (0, encoding_1.convertIfPresent)(func.__endpoint.taskQueueTrigger, opts, "invoker", "invoker", encoding_1.convertInvoker);
-    (0, encoding_1.copyIfPresent)(func.__endpoint.taskQueueTrigger, opts, "retry", "retry");
     func.__requiredAPIs = [
         {
             api: "cloudtasks.googleapis.com",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "firebase-functions",
-  "version": "6.3.2",
+  "version": "6.5.0",
   "description": "Firebase SDK for Cloud Functions",
   "keywords": [
     "firebase",
@@ -19,6 +19,7 @@
   "license": "MIT",
   "author": "Firebase Team",
   "files": [
+    ".guides",
     "lib",
     "protos"
   ],
@@ -301,7 +302,6 @@
     "eslint-plugin-prettier": "^4.0.0",
     "firebase-admin": "^13.0.0",
     "genkit": "^1.0.0-rc.4",
-    "js-yaml": "^3.13.1",
     "jsdom": "^16.2.1",
     "jsonwebtoken": "^9.0.0",
     "jwk-to-pem": "^2.0.5",
@@ -317,6 +317,7 @@
     "sinon": "^9.2.4",
     "ts-node": "^10.4.0",
     "typescript": "^4.3.5",
+    "yaml": "^2.8.1",
     "yargs": "^15.3.1"
   },
   "peerDependencies": {