Expand description
Security context for runtime authorization
This module provides the SecurityContext struct that flows through the executor,
carrying information about the authenticated user and their permissions.
The security context is extracted from:
- JWT claims (user_id from ‘sub’, roles from ‘roles’, etc.)
- HTTP headers (request_id, tenant_id, etc.)
- Configuration (OAuth provider, scopes, etc.)
§Architecture
HTTP Request with Authorization header
↓
AuthMiddleware → AuthenticatedUser
↓
SecurityContext (created from AuthenticatedUser + request metadata)
↓
Executor (with context available for RLS policy evaluation)§RLS Integration
The SecurityContext is passed to RLSPolicy::evaluate() to determine what rows a user can access. Policies are compiled into schema.compiled.json and evaluated at runtime with the SecurityContext.
Structs§
- Security
Context - Security context for authorization evaluation.