I built cdn-security-framework because I was tired of the "manual sync" problem between my security policies and my edge code.
Usually, you define security headers in one place, rate limits in another (WAF), and custom block logic in a JavaScript file. If you update one and forget the others, you create vulnerabilities.
This tool treats a single `security.yml` file as the Source of Truth and compiles it into:
1. AWS CloudFront Functions (JS)
2. Cloudflare Workers (TS)
3. AWS WAF Rules (Terraform JSON)
It generates the boilerplate code for security headers, method restrictions, normalizations, and even JWT validation logic (for Cloudflare), so you don't have to write raw edge functions by hand.
It's designed to play nicely with existing infrastructure—it can output WAF Rule Groups as JSON artifacts that you can import into your existing Terraform setup without taking over the whole state.
Hello HN,
I built cdn-security-framework because I was tired of the "manual sync" problem between my security policies and my edge code.
Usually, you define security headers in one place, rate limits in another (WAF), and custom block logic in a JavaScript file. If you update one and forget the others, you create vulnerabilities.
This tool treats a single `security.yml` file as the Source of Truth and compiles it into: 1. AWS CloudFront Functions (JS) 2. Cloudflare Workers (TS) 3. AWS WAF Rules (Terraform JSON)
It generates the boilerplate code for security headers, method restrictions, normalizations, and even JWT validation logic (for Cloudflare), so you don't have to write raw edge functions by hand.
It's designed to play nicely with existing infrastructure—it can output WAF Rule Groups as JSON artifacts that you can import into your existing Terraform setup without taking over the whole state.
Repo: https://github.com/albert-einshutoin/cdn-security-framework NPM: https://www.npmjs.com/package/cdn-security-framework
I'd love your feedback on the schema design and the compilation logic.