Suricata url_decode and base64_decode rule keyword

In Suricata 6.0.0 release, I noticed that the url_decode rule keyword is added. And why url_decode supported in transformation while base64_decode implemented in another way? For example, it needs base64_decode combining with base64_data to alert? It seems more reasonable to design the base64_decode in transformation like url_decode.

I agree. base64_decode is however an old keyword.
I don’t know for sure, but snort had it since atleast 2011 and suricata got the keyword in 2015

That was before transformations became a thing.