Module security 

Security configuration types for [security.*] and [auth] TOML sections.

Structs

ApiKeySecurityConfig

API key authentication configuration.

AuthorizationPolicy

Authorization policy (RBAC/ABAC)

AuthorizationRule

Authorization rule (custom expressions)

EnterpriseSecurityConfig

Enterprise security configuration

ErrorSanitizationTomlConfig

Controls how much error detail is exposed to API clients. When enabled, internal error messages, SQL, and stack traces are stripped.

FieldAuthRule

Field-level authorization rule

OidcClientConfig

OAuth2 client configuration for server-side PKCE flows.

PkceConfig

PKCE (Proof Key for Code Exchange) configuration. Requires state_encryption to be enabled for secure state storage.

RateLimitingSecurityConfig

Per-endpoint and global rate limiting configuration for [security.rate_limiting].

SecuritySettings

Security configuration

StateEncryptionConfig

AEAD encryption for OAuth state parameter and PKCE code challenges.

StaticApiKeyEntry

A single static API key entry.

TokenRevocationSecurityConfig

Token revocation configuration.

TrustedDocumentsConfig

Trusted documents / query allowlist configuration.

Enums

CodeChallengeMethod

PKCE code challenge method.

EncryptionAlgorithm

AEAD algorithm for OAuth state and PKCE state blobs.

KeySource

Where the encryption key is sourced from.

TrustedDocumentMode

Trusted document mode.