Struct Runtime 

pub struct Runtime {
    pub cfg: Arc<Config>,
    pub upstream_base: Arc<String>,
    pub auth: AuthEngine,
    pub waf: WafEngine,
    pub distributed: Option<DistributedLimiter>,
    pub ip_limiter: Option<Arc<KeyedLimiter>>,
    pub route_limiters: Vec<RouteLimiter>,
    pub key_limiter: Option<Arc<StrLimiter>>,
    pub max_body: usize,
    pub max_response_body: usize,
    pub max_header_bytes: usize,
    pub upstream_timeout: Option<Duration>,
}

All request-handling policy derived from a Config. Rebuilt from scratch on reload and swapped in atomically.

Fields

cfg: Arc<Config>

upstream_base: Arc<String>

auth: AuthEngine

waf: WafEngine

WAF-lite input screener. Inert (evaluate returns None) when waf.mode = "off".

distributed: Option<DistributedLimiter>

Shared-store (distributed) limiter, Some when ratelimit.store is memory/redis. When present it replaces the three governor limiters below (which are then None).

ip_limiter: Option<Arc<KeyedLimiter>>

Global per-client-IP limiter (None when rate limiting is disabled or distributed).

route_limiters: Vec<RouteLimiter>

Per-route limiters (also keyed per IP), checked instead of ip_limiter on a match.

key_limiter: Option<Arc<StrLimiter>>

Per-principal limiter (None when per-key limiting is disabled or distributed).

max_body: usize

max_response_body: usize

Cap on the buffered upstream response body; 0 means unbounded.

max_header_bytes: usize

Cap on total request header bytes; 0 means disabled.

upstream_timeout: Option<Duration>

Max time for the upstream request + body read; None disables the timeout.