refactor(config): reorganize schemas and normalize firewall behavior shape

.changeset/free-ravens-jump.md

@@ -0,0 +1,9 @@
+---
+'@aziontech/config': patch
+---
+
+refactor(config): reorganize schemas and normalize firewall behavior shape
+
+- move schema files from helpers/ to a dedicated schemas/ directory
+- split monolithic schema into per-feature modules
+- rename set_waf_ruleset behavior to set_waf and update docs

.github/workflows/release.yml

@@ -35,4 +35,3 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.CUSTOM_GITHUB_TOKEN }}
           NODE_ENV: 'production'
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

packages/config/README.md

@@ -296,14 +296,18 @@ const config = defineConfig({
           name: 'rateLimit_Then_Drop',
           active: true,
           match: '^/api/sensitive/',
-          behavior: {
-            setRateLimit: {
-              type: 'second',
-              limitBy: 'clientIp',
-              averageRateLimit: '10',
-              maximumBurstSize: '20',
+          behaviors: [
+            {
+              type: 'set_rate_limit',
+              attributes: {
+                type: 'second',
+                limitBy: 'client_ip',
+                averageRateLimit: '10',
+                maximumBurstSize: '20',
+              },
             },
-          },
+            { type: 'drop' },
+          ],
         },
       ],
     },
@@ -833,27 +837,22 @@ Type definition for firewall rules.
 - `description?: string` - Description of the rule.
 - `active?: boolean` - Whether the rule is active.
 - `match?: string` - Match criteria for the rule (regex pattern).
-- `behavior: AzionFirewallBehavior` - Behavior to be applied when the rule matches.
+- `behaviors: AzionFirewallBehavior` - Array of behaviors to be applied when the rule matches.
 
 ### `AzionFirewallBehavior`
 
-Type definition for firewall rule behaviors.
+Array of `AzionFirewallBehaviorItem` objects. Each item uses a discriminated union on `type` to define which behavior is applied and what attributes it requires.
 
-**Properties:**
+### `AzionFirewallBehaviorItem`
+
+A discriminated union — one of:
 
-- `runFunction?: string | number` - Run a serverless function (function name or ID).
-- `setWafRuleset?: { wafMode: string; wafId: string | number }` - Set WAF ruleset.
-- `setRateLimit?: RateLimitConfig` - Set rate limit configuration.
-  - `type: 'second' | 'minute' | 'hour'` - Rate limit time window.
-  - `limitBy: 'clientIp' | 'global' | 'token'` - Rate limit criteria.
-  - `averageRateLimit: string` - Average rate limit.
-  - `maximumBurstSize: string` - Maximum burst size.
-- `deny?: boolean` - Deny the request.
-- `drop?: boolean` - Drop the request.
-- `setCustomResponse?: CustomResponseConfig` - Set custom response.
-  - `statusCode: number | string` - HTTP status code (200-499).
-  - `contentType: string` - Response content type.
-  - `contentBody: string` - Response content body.
+- `{ type: 'run_function'; attributes: { value: string | number } }` — Run a serverless function (function name or ID).
+- `{ type: 'set_waf'; attributes: { mode: 'learning' | 'blocking'; wafId: string | number } }` — Set WAF ruleset and operation mode.
+- `{ type: 'set_rate_limit'; attributes: { type: 'second' | 'minute'; limitBy: 'client_ip' | 'global'; averageRateLimit: string; maximumBurstSize: string } }` — Set rate limit configuration.
+- `{ type: 'deny' }` — Deny the request.
+- `{ type: 'drop' }` — Drop the request.
+- `{ type: 'set_custom_response'; attributes: { statusCode: number | string; contentType: string; contentBody: string } }` — Return a custom HTTP response.
 
 ### `AzionWaf`
 

packages/config/package.json

@@ -42,9 +42,9 @@
   "devDependencies": {
     "@aziontech/vite-config": "workspace:*",
     "@jest/globals": "^29.7.0",
-    "@types/jest": "^29.5.12",
+    "@types/jest": "^29.5.14",
     "@types/mock-fs": "^4.13.4",
-    "@types/node": "^22.13.1",
+    "@types/node": "^22.19.15",
     "@types/tmp": "^0.2.6",
     "esbuild": "^0.25.10",
     "jest": "^29.7.0",

packages/config/src/configProcessor/converterJsonConfig/index.ts

@@ -1,6 +1,6 @@
 import { AzionConfig } from '../../types';
-import { schemaManifest } from '../helpers/schemaManifest';
 import { factoryProcessContext } from '../processStrategy';
+import { schemaManifest } from '../schemas/schemaManifest';
 import { validateConfig } from '../validateConfig';
 
 /**

packages/config/src/configProcessor/helpers/azion.config.example.ts

@@ -508,7 +508,7 @@ const config: AzionConfig = {
           ],
           behaviors: [
             {
-              deny: true,
+              type: 'deny',
             },
           ],
         },
@@ -525,10 +525,17 @@ const config: AzionConfig = {
           ],
           behaviors: [
             {
-              runFunction: 'my_func_instance',
+              type: 'set_rate_limit',
+              attributes: {
+                type: 'second',
+                averageRateLimit: '1',
+                limitBy: 'client_ip',
+                maximumBurstSize: '1',
+              },
             },
             {
-              setCustomResponse: {
+              type: 'set_custom_response',
+              attributes: {
                 statusCode: 403,
                 contentType: 'application/json',
                 contentBody: '{"error": "Custom error response"}',