[
  {
    "id": "public-health",
    "description": "공개 헬스체크 (PROD 도메인)",
    "match": {
      "url": "https://app.brsw.kr/health",
      "methods": ["GET"]
    },
    "upstream": {
      "url": "http://baron_backend:3000"
    },
    "authenticators": [{ "handler": "noop" }],
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "public-preflight",
    "description": "CORS preflight (PROD 도메인)",
    "match": {
      "url": "https://app.brsw.kr/api/v1/<.*>",
      "methods": ["OPTIONS"]
    },
    "upstream": {
      "url": "http://baron_backend:3000"
    },
    "authenticators": [{ "handler": "noop" }],
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "public-auth",
    "description": "인증/회원가입 등 공개 엔드포인트 (PROD 도메인)",
    "match": {
      "url": "https://app.brsw.kr/api/v1/auth/<.*>",
      "methods": ["GET", "POST", "OPTIONS"]
    },
    "upstream": {
      "url": "http://baron_backend:3000"
    },
    "authenticators": [{ "handler": "noop" }],
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "backend-command",
    "description": "Command 요청은 Backend로 전달 (Audit 강제)",
    "match": {
      "url": "https://app.brsw.kr/api/v1/<.*>",
      "methods": ["POST", "PUT", "PATCH", "DELETE"]
    },
    "upstream": {
      "url": "http://baron_backend:3000"
    },
    "authenticators": [{ "handler": "cookie_session" }],
    "authorizer": { "handler": "remote_json" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "backend-query",
    "description": "Backend Query (admin/dev 포함)",
    "match": {
      "url": "https://app.brsw.kr/api/v1/<.*>",
      "methods": ["GET"]
    },
    "upstream": {
      "url": "http://baron_backend:3000"
    },
    "authenticators": [{ "handler": "cookie_session" }],
    "authorizer": { "handler": "remote_json" },
    "mutators": [{ "handler": "noop" }]
  }
]