Expand description
Security context for runtime authorization
This module provides the SecurityContext struct that flows through the executor,
carrying information about the authenticated user and their permissions.
The security context is extracted from:
- JWT claims (
user_idfrom ‘sub’, roles from ‘roles’, etc.) - HTTP headers (
request_id,tenant_id, etc.) - Configuration (OAuth provider, scopes, etc.)
§Architecture
HTTP Request with Authorization header
↓
AuthMiddleware → AuthenticatedUser
↓
SecurityContext (created from AuthenticatedUser + request metadata)
↓
Executor (with context available for RLS policy evaluation)§RLS Integration
The SecurityContext is passed to RLSPolicy::evaluate() to determine what
rows a user can access. Policies are compiled into schema.compiled.json
and evaluated at runtime with the SecurityContext.
Structs§
- Security
Context - Security context for authorization evaluation.