Struct ProxyState 

pub struct ProxyState {
    pub registry: ManifestRegistry,
    pub skill_registry: SkillRegistry,
    pub keyring: Keyring,
    pub jwt_config: Option<JwtConfig>,
    pub jwks_json: Option<Value>,
    pub auth_cache: AuthCache,
    pub upstream_url_allowlists: Arc<Mutex<HashMap<String, Option<Vec<UpstreamAllowEntry>>>>>,
}

Shared state for the proxy server.

Fields

registry: ManifestRegistry

skill_registry: SkillRegistry

keyring: Keyring

jwt_config: Option<JwtConfig>

JWT validation config (None = auth disabled / dev mode).

jwks_json: Option<Value>

Pre-computed JWKS JSON for the /.well-known/jwks.json endpoint.

auth_cache: AuthCache

Shared cache for dynamically generated auth credentials.

upstream_url_allowlists: Arc<Mutex<HashMap<String, Option<Vec<UpstreamAllowEntry>>>>>

Per-provider upstream-URL allowlists, compiled lazily on first per-request validation and cached for the process lifetime. Keyed by provider name. None value = keyring entry missing; we cache negatives too to avoid repeating the lookup on every request. Operator hot-reload of an allowlist requires proxy restart (same constraint as every other keyring entry today). See issue #124.

Entries are pre-parsed UpstreamAllowEntry structs (scheme + host glob + canonical path) rather than raw URL glob patterns. Glob over raw URL strings is unsafe — * can cross ., #, ?, : and other URL delimiters, letting a sandbox-crafted URL satisfy a pattern while reqwest connects to a different host. Greptile P0/P1 on #124.