Module config 

Engine configuration loaded from TOML.

Phase 8 wires in AuthConfig so the engine binary can compose an assay_auth::AuthCtx per-deployment (issuer, OIDC provider toggle, session/cookie shape). When auth isn’t compiled in (Cargo feature off) the auth section is parsed but never read — keeping the TOML shape stable across feature configurations.

Env-var substitution: ${VAR} and ${VAR:-default} references in the TOML are expanded against the process environment before parsing (added in 0.3.1). This keeps secrets out of config files when the engine runs under K8s/systemd/etc. — the typical pattern is url = "${DATABASE_URL}" with DATABASE_URL injected from a Secret/EnvironmentFile.

Structs

AuthConfig

Auth-module deployment shape. Read by the engine binary when the auth Cargo feature is compiled in AND engine.modules.auth.enabled is TRUE; otherwise the defaults are harmless.

AuthOidcProviderConfig

OIDC provider knobs.

AuthPasskeyConfig

WebAuthn / passkey module knobs.

AuthSessionConfig

Session module knobs.

DashboardConfig

EngineConfig

ExternalIssuerConfig

One trusted external OIDC issuer for pass-through JWT validation.

LoggingConfig

ServerConfig

WorkflowConfig

Enums

BackendConfig