Module trusted_documents 

Trusted documents / query allowlist.

Trusted documents allow only pre-registered queries to execute. At build time the frontend generates a manifest keyed by SHA-256 hash. At runtime clients send { "documentId": "sha256:abc..." } instead of a raw query string.

Two modes:

• Strict: only documentId requests allowed; raw queries rejected.
• Permissive: documentId resolved from manifest; raw queries pass through.

Structs

TrustedDocumentStore

Trusted document lookup store.

Enums

TrustedDocumentError

Errors from trusted document resolution.

TrustedDocumentMode

Enforcement mode for trusted documents.

Functions

hits_total

Total trusted document hits.

misses_total

Total trusted document misses.

record_hit

Record a trusted document cache hit.

record_miss

Record a trusted document miss (unknown document ID).

record_rejected

Record a rejected raw query (strict mode).

rejected_total

Total rejected raw queries.