Configuration
BifrostQL is configured through appsettings.json (or any ASP.NET Core configuration source). All settings live under the BifrostQL key.
Full example
Section titled “Full example”{ "ConnectionStrings": { "bifrost": "Server=localhost;Database=mydb;User Id=sa;Password=xxx;TrustServerCertificate=True" }, "BifrostQL": { "Path": "/graphql", "Playground": "/graphiql", "DisableAuth": false, "Provider": "sqlserver", "Metadata": [ "dbo.sys* { visibility: hidden; }", "dbo.*|has(tenant_id) { tenant-filter: tenant_id; }", "dbo.orders { soft-delete: deleted_at; soft-delete-by: deleted_by_user_id; delete-type: soft; }", "dbo.*.createdOn { populate: created-on; update: none; }", "dbo.*.updatedOn { populate: updated-on; update: none; }", ":root { raw-sql: disabled; generic-table: disabled; }" ] }, "JwtSettings": { "Authority": "https://your-idp.com", "Audience": "your-api" }}Settings reference
Section titled “Settings reference”| Setting | Type | Default | Description |
|---|---|---|---|
ConnectionStrings:bifrost | string | required | Database connection string |
BifrostQL:Path | string | /graphql | GraphQL endpoint path |
BifrostQL:Playground | string | /graphiql | GraphiQL playground path |
BifrostQL:DisableAuth | bool | false | Disable authentication checks |
BifrostQL:Provider | string | sqlserver | Database provider: sqlserver, postgres, mysql, sqlite |
BifrostQL:Metadata | string[] | [] | Array of metadata configuration rules |
BifrostQL:Http3:Enabled | bool | false | Enable HTTP/3 (QUIC) support |
BifrostQL:Http3:HttpsPort | int | 5001 | HTTPS port for HTTP/3 |
Metadata rule syntax
Section titled “Metadata rule syntax”Metadata rules use a CSS-like selector syntax to target tables and columns. Each rule has a selector and a block of properties:
"selector { property: value; property: value; }"Selectors
Section titled “Selectors”| Pattern | Matches |
|---|---|
dbo.orders | The orders table in the dbo schema |
dbo.orders.total | The total column on dbo.orders |
dbo.* | All tables in the dbo schema |
dbo.*.createdOn | The createdOn column on every table in dbo |
*.* | All tables in all schemas |
dbo.sys* | Tables starting with sys in dbo |
dbo.*.__* | Columns starting with __ on all dbo tables |
dbo.*|has(tenant_id) | Tables in dbo that have a tenant_id column |
Properties
Section titled “Properties”| Property | Values | Applies to | Description |
|---|---|---|---|
tenant-filter | column name | table | Enable tenant isolation on this column |
tenant-context-key | claim key | model | User-context key for tenant ID (default: tenant_id) |
auto-filter | column:claim[,column:claim] | table | Inject filters from arbitrary user-context claims |
auto-filter-bypass-role | role name | model | Role that bypasses auto-filter rules |
soft-delete | column name | table | Soft-delete timestamp column |
soft-delete-by | column name | table | Column recording who deleted |
delete-type | soft | table | Mark table for soft-delete behavior |
populate | see below | column | Auto-populate from user context |
update | none | column | Make column read-only for updates |
visibility | hidden | table/column | Hide from GraphQL schema |
label | column name | table | Display label column |
join | join declaration | table/column | Declare explicit relationships |
many-to-many | TargetTable:JunctionTable | table | Declare a many-to-many relationship |
auto-join | true/false | model/table | Enable automatic join inference |
foreign-joins | true/false | model | Enable FK-based join inference |
dynamic-joins | true/false | model | Emit _join / _single containers |
default-limit | number | model/table | Default page size |
de-pluralize | true/false | model | De-pluralize table names in schema |
batch-max-size | number | table | Maximum batch mutation size |
Optional feature metadata
Section titled “Optional feature metadata”| Property | Values | Applies to | Description |
|---|---|---|---|
raw-sql | enabled/disabled | model | Expose _rawQuery(sql:, params:, timeout:) |
raw-sql-role | role name | model | Role required for _rawQuery (default: bifrost-raw-sql) |
raw-sql-timeout | seconds | model | Max raw SQL timeout |
raw-sql-max-rows | number | model | Max rows returned by raw SQL |
generic-table | enabled/disabled | model | Expose _table(name:, limit:, offset:, filter:) |
generic-table-role | role name | model | Role required for _table (default: bifrost-admin) |
generic-table-max-rows | number | model | Max rows returned by _table |
generic-table-allowed | comma list | model | Allow-list for generic table names |
generic-table-denied | comma list | model | Deny-list for generic table names |
schema-prefix | enabled/disabled | model | Prefix GraphQL table names with schema names |
schema-prefix-default | schema name | model | Schema left unprefixed when prefixing is enabled |
schema-prefix-format | format string | model | Custom schema prefix format |
schema-display | flat/prefix/field | model | Multi-schema presentation mode |
schema-default | schema name | model | Default schema for field-mode presentation |
schema-excluded | comma list | model | Schemas hidden from schema-field presentation |
schema-permissions | rules | model | Schema-field access rules |
sp-include | regex | model | Include matching stored procedures |
sp-exclude | regex | model | Exclude matching stored procedures |
auto-detect-app | disabled, wordpress, etc. | model | Control app-schema detection |
app-schema | detector name | model | Force a specific app-schema detector |
detected-app | detector name | model | Read-only detection result metadata |
EAV, file, and storage metadata
Section titled “EAV, file, and storage metadata”| Property | Values | Applies to | Description |
|---|---|---|---|
eav-parent | table name | table | Parent table for an EAV meta table |
eav-fk | column name | table | FK from EAV table to parent |
eav-key | column name | table | EAV attribute-name column |
eav-value | column name | table | EAV attribute-value column |
file | config string | column | Mark column as a file-storage column |
file-storage | config string | column | Legacy file-storage marker |
storage | config string | model/table/column | Storage bucket configuration |
max-size | bytes | column | Max file size |
content-type-column | column name | column | Column storing MIME type |
file-name-column | column name | column | Column storing original filename |
accept | MIME pattern | column | Accepted upload MIME types |
Populate values
Section titled “Populate values”| Value | Description |
|---|---|
created-by | User audit key (on insert only) |
updated-by | User audit key (on insert and update) |
created-on | Current timestamp (on insert only) |
updated-on | Current timestamp (on insert and update) |
deleted-on | Current timestamp (on soft-delete) |
deleted-by | User audit key (on soft-delete) |
Rule ordering
Section titled “Rule ordering”Rules are applied in order. Later rules override earlier ones for the same target. Use broad rules first, then specific overrides:
{ "Metadata": [ "dbo.* { de-pluralize: true; default-limit: 50; }", "dbo.audit_log { de-pluralize: false; default-limit: 100; }" ]}Connection string formats
Section titled “Connection string formats”SQL Server
Section titled “SQL Server”Server=localhost;Database=mydb;User Id=sa;Password=xxx;TrustServerCertificate=TruePostgreSQL
Section titled “PostgreSQL”Host=localhost;Port=5432;Database=mydb;Username=postgres;Password=xxxServer=localhost;Port=3306;Database=mydb;User=root;Password=xxxSQLite
Section titled “SQLite”Data Source=path/to/database.db