v1.3.0

Added

• AWS CloudFormation WAFv2 output via emit-waf --format cloudformation.
• Policy authoring DX commands: explain, diff, and doctor --strict.
• Shared marker-safe template injection helpers and post-injection AST validation.
• Parser / validator / emitter compiler phase modules behind the programmatic API.
• Schema-derived policy type generation and drift check for src/types/policy.d.ts.
• Strict compiler-phase typechecking and initial Vitest contract tests with CI reporting.
• ADR 0001 plus isolated esbuild virtual-module prototype for a future plugin-safe emitter path.

Maintenance

• Combined Dependabot updates for ajv and c8.

Verification

• Release workflow passed for v1.3.0.
• npm package published as cdn-security-framework@1.3.0 with provenance verification.

v1.2.0

Summary

v1.2.0 is the TypeScript, test-quality, and security-hardening release for EdgeSecurity / cdn-security-framework.

Highlights

• Completed the TypeScript source migration and enabled stricter TypeScript checks across public API, shared scripts, unit tests, and CLI code.
• Added the public programmatic API in lib/ and aligned CLI behavior with it.
• Added Cloudflare WAF parity transparency warnings and --fail-on-waf-approximation.
• Added AWS/Cloudflare pseudo-edge attack tests, expanded unit/integration/runtime coverage, and package smoke tests.
• Hardened signed URL validation by binding signatures to the canonical query string.
• Hid detailed Cloudflare auth failure bodies while preserving structured block_reason logs.
• Added AWS CloudFront Functions CSP nonce warnings for non-cryptographic RNG limitations.

Verification

• Release PR #95 passed CI before merging to develop.
• Release PR #96 passed CI before merging to main.
• v1.2.0 tag points to 7ca4d44582981753984628f96c141d108f514ad0.
• npm package cdn-security-framework@1.2.0 is published.
• Registry signatures and attestations were verified after publish.