//! User-configurable security policy and secrets (env, files, KDL).
//!
//! ## Security model
//!
//! **Standalone / development:** policy is intentionally **open**. Secondary secrets
//! (bus token, admin token, WT frame proofs, cert allowlists) are optional until you
//! configure them. Do not expose an open configuration to untrusted networks.
//!
//! **Project / production:** set `NAUTALID_SECURITY_KDL_PATH` or
//! `NAUTALID_SECURITY_PROFILE=production` (or `profile "production"` in KDL) to enable
//! require flags, secrets files, and startup validation. Embedders ship their own
//! `security { … }` block when pulling Nautalid into a product.
//!
//! **Always remedied (not policy):** protocol DoS limits, loopback wire defaults,
//! IPC-only bus by default, and other blatant mis-exposure bugs — regardless of profile.
pub use ;