Runtime safety

Dhal v0.12 adds runtime controls for public beta usage.

{
  "runtime": {
    "onInternalError": "allow",
    "internalErrorStatusCode": 500,
    "maxInspectionMs": 25,
    "bypass": {
      "enabled": true,
      "paths": ["/health", "/healthz", "/ready", "/readyz", "/live", "/livez"],
      "methods": ["OPTIONS"]
    }
  }
}

`onInternalError`

Controls what happens if Dhal itself throws an internal error.

Value	Behavior
`allow`	Fail open and let the app continue
`block`	Fail closed with `runtime.internalErrorStatusCode`

The alpha default is allow because availability is safer for first-time public installs.

`internalErrorStatusCode`

HTTP status used when onInternalError is block.

{
  "runtime": {
    "onInternalError": "block",
    "internalErrorStatusCode": 500
  }
}

`maxInspectionMs`

A budget marker for expected inspection time. Use this to guide diagnostics and future operational policies.

Bypass paths

Health, readiness, and liveness paths should usually remain available even during security-policy changes.

{
  "runtime": {
    "bypass": {
      "enabled": true,
      "paths": ["/health", "/readyz"],
      "methods": ["OPTIONS"]
    }
  }
}

Preflight bypass

OPTIONS bypass keeps CORS preflight behavior predictable.

Only remove it when you understand your app's CORS behavior and have tested browser clients.

onInternalError​

internalErrorStatusCode​

maxInspectionMs​

Bypass paths​

Preflight bypass​

`onInternalError`

`internalErrorStatusCode`

`maxInspectionMs`

Bypass paths

Preflight bypass