pub struct RuntimeConfig {
pub cache_query_plans: bool,
pub max_query_depth: usize,
pub max_query_complexity: usize,
pub enable_tracing: bool,
pub field_filter: Option<FieldFilter>,
pub rls_policy: Option<Arc<dyn RLSPolicy>>,
pub query_timeout_ms: u64,
pub jsonb_optimization: JsonbOptimizationOptions,
pub query_validation: Option<QueryValidatorConfig>,
pub audit_mutations: bool,
}Expand description
Runtime configuration for the FraiseQL query executor.
Controls safety limits, security policies, and performance tuning. All settings have production-safe defaults and can be overridden via the builder-style methods.
§Defaults
| Field | Default | Notes |
|---|---|---|
cache_query_plans | true | Caches parsed query plans for repeated queries |
max_query_depth | 10 | Prevents stack overflow on recursive GraphQL |
max_query_complexity | 1000 | Rough cost model; tune per workload |
enable_tracing | false | Emit OpenTelemetry spans for each query |
query_timeout_ms | 30 000 | Hard limit; 0 disables the timeout |
field_filter | None | No field-level access control |
rls_policy | None | No row-level security |
§Example
use fraiseql_core::runtime::RuntimeConfig;
use fraiseql_core::security::FieldFilterConfig;
let config = RuntimeConfig {
max_query_depth: 5,
max_query_complexity: 500,
enable_tracing: true,
query_timeout_ms: 5_000,
..RuntimeConfig::default()
}
.with_field_filter(
FieldFilterConfig::new()
.protect_field("User", "salary")
.protect_field("User", "ssn"),
);Fields§
§cache_query_plans: boolEnable query plan caching.
max_query_depth: usizeMaximum query depth (prevents deeply nested queries).
max_query_complexity: usizeMaximum query complexity score.
enable_tracing: boolEnable performance tracing.
field_filter: Option<FieldFilter>Optional field filter for access control. When set, validates that users have required scopes to access fields.
rls_policy: Option<Arc<dyn RLSPolicy>>Optional row-level security (RLS) policy.
When set, evaluates access rules based on SecurityContext to determine
what rows a user can access (e.g., tenant isolation, owner-based access).
query_timeout_ms: u64Query timeout in milliseconds (0 = no timeout).
jsonb_optimization: JsonbOptimizationOptionsJSONB field optimization strategy options
query_validation: Option<QueryValidatorConfig>Optional query validation config.
When Some, QueryValidator::validate() runs at the start of every
Executor::execute() call, before any parsing or SQL dispatch.
This provides DoS protection for direct fraiseql-core embedders that
do not route through fraiseql-server (which already runs RequestValidator
at the HTTP layer). Enforces: query size, depth, complexity, and alias count
(alias amplification protection).
Set None to disable (default) — useful when the caller applies
validation at a higher layer, or when fraiseql-server is in use.
audit_mutations: boolEmit structured tracing events for every successfully-executed mutation.
When true, a tracing::info! event with target "fraiseql::mutation_audit" is
emitted at the end of every successful execute_mutation_query_with_security() call.
The event carries fields: mutation_name, entity_type, operation, tenant_id.
Zero-cost when disabled: the guard if !self.config.audit_mutations { return }
short-circuits before any string formatting or allocation occurs.
Set to true when audit_logging_enabled = true in the compiled schema’s
[security.enterprise] section (threaded through Server::new() at startup).
Implementations§
Source§impl RuntimeConfig
impl RuntimeConfig
Sourcepub fn with_field_filter(self, config: FieldFilterConfig) -> Self
pub fn with_field_filter(self, config: FieldFilterConfig) -> Self
Create a new runtime config with a field filter.
§Example
use fraiseql_core::runtime::RuntimeConfig;
use fraiseql_core::security::FieldFilterConfig;
let config = RuntimeConfig::default()
.with_field_filter(
FieldFilterConfig::new()
.protect_field("User", "salary")
.protect_field("User", "ssn")
);Sourcepub fn with_rls_policy(self, policy: Arc<dyn RLSPolicy>) -> Self
pub fn with_rls_policy(self, policy: Arc<dyn RLSPolicy>) -> Self
Configure row-level security (RLS) policy for access control.
When set, the executor will evaluate the RLS policy before executing queries,
applying WHERE clause filters based on the user’s SecurityContext.
§Example
use fraiseql_core::runtime::RuntimeConfig;
use fraiseql_core::security::DefaultRLSPolicy;
use std::sync::Arc;
let config = RuntimeConfig::default()
.with_rls_policy(Arc::new(DefaultRLSPolicy::new()));