Resource configuration in the nuxt-auto-crud stack manages the serialization boundary between your Drizzle schema and the JSON API. While the Core Engine enforces data protection via getZodSchema, the Template Implementation configures visibility tiers for Guests and Authenticated users.

👁️ Visibility Tiers

The system categorizes field visibility into three distinct logical tiers.

🛠 Serialization Filtering Core Engine

Configure public field whitelists in nuxt.config.ts to prevent data leakage to guests. For Guest access to work, ensure the public role has list permissions for the specific resource in the Admin Dashboard.

// nuxt.config.ts [Core Engine]
autoCrud: {
  resources: {
    // Whitelist: Only these columns are serialized for Guests
    users: ['id', 'name', 'avatar'], 
    blog_posts: ['id', 'title', 'content', 'createdAt']
  }
}

🎨 UI Display Policies Template Implementation

Use app.config.ts to manage how data is presented in the reference admin interface.

Global Exclusion List

The globalHide array prevents specific system columns from cluttering the data tables.

// app.config.ts [Template Implementation]
crud: {
  globalHide: ['updatedAt', 'deletedAt', 'createdBy', 'updatedBy', 'resetToken'],
}

Export Configuration

Refine data extraction boundaries for PDF and Excel generation.

🔒 Security Posture

1. Immutability: Fields in PROTECTED_FIELDS (e.g., id, createdAt) are stripped from POST/PATCH payloads by the engine.
2. Hard Filtering: Sensitive identifiers (password, secret) are excluded from the SELECT result set via filterHiddenFields before the response is dispatched.
3. Context Sensitivity: Guest-specific whitelists are applied after global hidden filters for defense-in-depth.