From c2933c46405efbd21d0523f8f080c054e513d0a6 Mon Sep 17 00:00:00 2001
From: Emmanuel Keller <emmanuel.keller@surrealdb.com>
Date: Thu, 27 Feb 2025 17:38:28 +0000
Subject: [PATCH 1/2] Documents SURREAL_FILE_ALLOWLIST

---
 src/content/doc-surrealdb/cli/env.mdx | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/content/doc-surrealdb/cli/env.mdx b/src/content/doc-surrealdb/cli/env.mdx
index a8f6bb447..0a8e031ca 100644
--- a/src/content/doc-surrealdb/cli/env.mdx
+++ b/src/content/doc-surrealdb/cli/env.mdx
@@ -47,6 +47,11 @@ Environment variables can be used to tailor the behaviour of a running SurrealDB
       <td scope="row" data-label="Env var"><code>SURREAL_EXTERNAL_SORTING_BUFFER_LIMIT</code></td>
       <td scope="row" data-label="Default">50000</td>
       <td scope="row" data-label="Notes">Specifies the buffer limit for external sorting.</td>
+    </tr>
+     <tr>
+      <td scope="row" data-label="Env var"><code>SURREAL_FILE_ALLOWLIST</code></td>
+      <td scope="row" data-label="Default">20</td>
+      <td scope="row" data-label="Notes">Limits file access for the mapper filter to only the specified allowed file paths. The paths must be provided as absolute paths, separated by a colon (:) on Unix-like systems or a semicolon (;) on Windows.</td>
     </tr>
     <tr>
       <td scope="row" data-label="Env var"><code>SURREAL_FUNCTION_ALLOCATION_LIMIT</code></td>

From 98c862362db1d24821ef23654d4034466d5c3a55 Mon Sep 17 00:00:00 2001
From: Dave MacLeod <56599343+Dhghomon@users.noreply.github.com>
Date: Wed, 26 Mar 2025 13:52:43 +0900
Subject: [PATCH 2/2] Alphabetize in some places

---
 src/content/doc-surrealdb/cli/env.mdx | 90 +++++++++++++--------------
 1 file changed, 45 insertions(+), 45 deletions(-)

diff --git a/src/content/doc-surrealdb/cli/env.mdx b/src/content/doc-surrealdb/cli/env.mdx
index 0a8e031ca..3dac99e13 100644
--- a/src/content/doc-surrealdb/cli/env.mdx
+++ b/src/content/doc-surrealdb/cli/env.mdx
@@ -38,6 +38,11 @@ Environment variables can be used to tailor the behaviour of a running SurrealDB
       <td scope="row" data-label="Default">false</td>
       <td scope="row" data-label="Notes">Enable experimental bearer access and stateful access grant management. Still under active development. Using this experimental feature may introduce risks related to breaking changes and security issues.</td>
     </tr>
+    <tr>
+      <td scope="row" data-label="Env var"><code>SURREAL_EXPERIMENTAL_GRAPHQL</code></td>
+      <td scope="row" data-label="Default">false</td>
+      <td scope="row" data-label="Notes">Enables experimental graphql integration. Still under active development. Using this experimental feature may introduce risks related to breaking changes and security issues.</td>
+    </tr>
     <tr>
       <td scope="row" data-label="Env var"><code>SURREAL_EXPORT_BATCH_SIZE</code></td>
       <td scope="row" data-label="Default">1000</td>
@@ -59,34 +64,29 @@ Environment variables can be used to tailor the behaviour of a running SurrealDB
       <td scope="row" data-label="Notes">Used to limit allocation for builtin functions.</td>
     </tr>
     <tr>
-      <td scope="row" data-label="Env var"><code>SURREAL_EXPERIMENTAL_GRAPHQL</code></td>
-      <td scope="row" data-label="Default">false</td>
-      <td scope="row" data-label="Notes">Enables experimental graphql integration. Still under active development. Using this experimental feature may introduce risks related to breaking changes and security issues.</td>
+      <td scope="row" data-label="Env var"><code>SURREAL_HTTP_MAX_IMPORT_BODY_SIZE</code></td>
+      <td scope="row" data-label="Default">4398046511104 (4 GiB)</td>
+      <td scope="row" data-label="Notes">Maximum HTTP body size of the HTTP /import endpoints</td>
+    </tr>
+    <tr>
+      <td scope="row" data-label="Env var"><code>SURREAL_HTTP_MAX_KEY_BODY_SIZE</code></td>
+      <td scope="row" data-label="Default">16384 (16 KiB)</td>
+      <td scope="row" data-label="Notes">Maximum HTTP body size of the HTTP /key endpoints</td>
     </tr>
     <tr>
       <td scope="row" data-label="Env var"><code>SURREAL_HTTP_MAX_ML_BODY_SIZE</code></td>
       <td scope="row" data-label="Default">4398046511104 (4 GiB)</td>
       <td scope="row" data-label="Notes">Maximum HTTP body size of the HTTP /ml endpoints</td>
     </tr>
-    <tr>
-      <td scope="row" data-label="Env var"><code>SURREAL_HTTP_MAX_SQL_BODY_SIZE</code></td>
-      <td scope="row" data-label="Default">1048576 (1 MiB)</td>
-      <td scope="row" data-label="Notes">Maximum HTTP body size of the HTTP /sql endpoint</td>
-    </tr>
     <tr>
       <td scope="row" data-label="Env var"><code>SURREAL_HTTP_MAX_RPC_BODY_SIZE</code></td>
       <td scope="row" data-label="Default">4194304 (4 MiB)</td>
       <td scope="row" data-label="Notes">Maximum HTTP body size of the HTTP /rpc endpoint</td>
     </tr>
     <tr>
-      <td scope="row" data-label="Env var"><code>SURREAL_HTTP_MAX_KEY_BODY_SIZE</code></td>
-      <td scope="row" data-label="Default">16384 (16 KiB)</td>
-      <td scope="row" data-label="Notes">Maximum HTTP body size of the HTTP /key endpoints</td>
-    </tr>
-    <tr>
-      <td scope="row" data-label="Env var"><code>SURREAL_HTTP_MAX_SIGNUP_BODY_SIZE</code></td>
-      <td scope="row" data-label="Default">1024 (1 KiB)</td>
-      <td scope="row" data-label="Notes">Maximum HTTP body size of the HTTP /signup endpoint.</td>
+      <td scope="row" data-label="Env var"><code>SURREAL_HTTP_MAX_SQL_BODY_SIZE</code></td>
+      <td scope="row" data-label="Default">1048576 (1 MiB)</td>
+      <td scope="row" data-label="Notes">Maximum HTTP body size of the HTTP /sql endpoint</td>
     </tr>
     <tr>
       <td scope="row" data-label="Env var"><code>SURREAL_HTTP_MAX_SIGNIN_BODY_SIZE</code></td>
@@ -94,9 +94,9 @@ Environment variables can be used to tailor the behaviour of a running SurrealDB
       <td scope="row" data-label="Notes">The maximum HTTP body size of the HTTP /signin endpoints</td>
     </tr>
     <tr>
-      <td scope="row" data-label="Env var"><code>SURREAL_HTTP_MAX_IMPORT_BODY_SIZE</code></td>
-      <td scope="row" data-label="Default">4398046511104 (4 GiB)</td>
-      <td scope="row" data-label="Notes">Maximum HTTP body size of the HTTP /import endpoints</td>
+      <td scope="row" data-label="Env var"><code>SURREAL_HTTP_MAX_SIGNUP_BODY_SIZE</code></td>
+      <td scope="row" data-label="Default">1024 (1 KiB)</td>
+      <td scope="row" data-label="Notes">Maximum HTTP body size of the HTTP /signup endpoint.</td>
     </tr>
     <tr>
       <td scope="row" data-label="Env var"><code>SURREAL_IMPORT_FILE</code></td>
@@ -133,31 +133,31 @@ Environment variables can be used to tailor the behaviour of a running SurrealDB
       <td scope="row" data-label="Default"> </td>
       <td scope="row" data-label="Notes">Configuring the memory threshold which can be used across the programme to check if the amount of memory available to the programme is lower than required. The value can be specified as bytes (b, or without any suffix), kibibytes (k, kb, or kib), mebibytes (m, mb, or mib), or gibibytes (g, gb, or gib). If the environment variable is not specified, then the threshold is not used, and no memory limit is enabled.</td>
     </tr>
-    <tr>
-      <td scope="row" data-label="Env var"><code>SURREAL_NORMAL_FETCH_SIZE</code></td>
-      <td scope="row" data-label="Default">50</td>
-      <td scope="row" data-label="Notes">The maximum number of keys that should be scanned at once in general queries.</td>
-    </tr>
     <tr>
       <td scope="row" data-label="Env var"><code>SURREAL_NET_MAX_CONCURRENT_REQUESTS</code></td>
       <td scope="row" data-label="Default">1,048,576 concurrent requests</td>
       <td scope="row" data-label="Notes">Adds a global limit for concurrent server requests, and introduces a new environment variable</td>
     </tr>
+    <tr>
+      <td scope="row" data-label="Env var"><code>SURREAL_NORMAL_FETCH_SIZE</code></td>
+      <td scope="row" data-label="Default">50</td>
+      <td scope="row" data-label="Notes">The maximum number of keys that should be scanned at once in general queries.</td>
+    </tr>
     <tr>
       <td scope="row" data-label="Env var"><code>SURREAL_RUNTIME_MAX_BLOCKING_THREADS</code></td>
       <td scope="row" data-label="Default">512</td>
       <td scope="row" data-label="Notes">Number of threads which can be started for blocking operations.</td>
     </tr>
-    <tr>
-      <td scope="row" data-label="Env var"><code>SURREAL_RUNTIME_WORKER_THREADS</code></td>
-      <td scope="row" data-label="Default">Number of CPU cores (minimum 4)</td>
-      <td scope="row" data-label="Notes">Number of runtime worker threads used to start.</td>
-    </tr>
     <tr>
       <td scope="row" data-label="Env var"><code>SURREAL_RUNTIME_STACK_SIZE</code></td>
       <td scope="row" data-label="Default">10485760 (10 MiB)</td>
       <td scope="row" data-label="Notes">Runtime thread memory stack size. Stack size is doubled if compiled from source in Debug mode.</td>
     </tr>
+    <tr>
+      <td scope="row" data-label="Env var"><code>SURREAL_RUNTIME_WORKER_THREADS</code></td>
+      <td scope="row" data-label="Default">Number of CPU cores (minimum 4)</td>
+      <td scope="row" data-label="Notes">Number of runtime worker threads used to start.</td>
+    </tr>
     <tr>
       <td scope="row" data-label="Env var"><code>SURREAL_SCRIPTING_MAX_MEMORY_LIMIT</code></td>
       <td scope="row" data-label="Default">262144 (256 KiB)</td>
@@ -174,14 +174,14 @@ Environment variables can be used to tailor the behaviour of a running SurrealDB
       <td scope="row" data-label="Notes">Size of the SurrealCS connection pool.</td>
     </tr>
     <tr>
-      <td scope="row" data-label="Env var"><code>SURREAL_TELEMETRY_DISABLE_TRACING</code></td>
+      <td scope="row" data-label="Env var"><code>SURREAL_TELEMETRY_DISABLE_METRICS</code></td>
       <td scope="row" data-label="Default">false</td>
-      <td scope="row" data-label="Notes">Disables sending traces to the GRPC OTEL collector. Available since SurrealDB v2.1.3</td>
+      <td scope="row" data-label="Notes">Disables sending metrics to the GRPC OTEL collector. Available since SurrealDB v2.1.3</td>
     </tr>
     <tr>
-      <td scope="row" data-label="Env var"><code>SURREAL_TELEMETRY_DISABLE_METRICS</code></td>
+      <td scope="row" data-label="Env var"><code>SURREAL_TELEMETRY_DISABLE_TRACING</code></td>
       <td scope="row" data-label="Default">false</td>
-      <td scope="row" data-label="Notes">Disables sending metrics to the GRPC OTEL collector. Available since SurrealDB v2.1.3</td>
+      <td scope="row" data-label="Notes">Disables sending traces to the GRPC OTEL collector. Available since SurrealDB v2.1.3</td>
     </tr>
     <tr>
       <td scope="row" data-label="Env var"><code>SURREAL_TELEMETRY_NAMESPACE</code></td>
@@ -307,18 +307,18 @@ surreal start --user root --pass root
       <td scope="row" data-label="Argument">allow-arbitrary-query</td>
       <td scope="row" data-label="Details">Allows arbitrary queries to be used by user groups. Possible user groups are: 'guest', 'record', and 'system'.</td>
     </tr>
-    <tr>
-      <td scope="row" data-label="Env var"><code>SURREAL_CAPS_ALLOW_FUNC</code></td>
-      <td scope="row" data-label="Command">surreal start</td>
-      <td scope="row" data-label="Argument">allow-funcs</td>
-      <td scope="row" data-label="Details">Allow execution of all or certain functions.</td>
-    </tr>
     <tr>
       <td scope="row" data-label="Env var"><code>SURREAL_CAPS_ALLOW_EXPERIMENTAL</code></td>
       <td scope="row" data-label="Command">surreal start</td>
       <td scope="row" data-label="Argument">allow-experimental</td>
       <td scope="row" data-label="Details">Allow execution of experimental features.</td>
     </tr>
+    <tr>
+      <td scope="row" data-label="Env var"><code>SURREAL_CAPS_ALLOW_FUNC</code></td>
+      <td scope="row" data-label="Command">surreal start</td>
+      <td scope="row" data-label="Argument">allow-funcs</td>
+      <td scope="row" data-label="Details">Allow execution of all or certain functions.</td>
+    </tr>
     <tr>
       <td scope="row" data-label="Env var"><code>SURREAL_CAPS_ALLOW_GUESTS</code></td>
       <td scope="row" data-label="Command">surreal start</td>
@@ -397,18 +397,18 @@ surreal start --user root --pass root
       <td scope="row" data-label="Argument">kvs-ca</td>
       <td scope="row" data-label="Details">Path to the CA file used when connecting to the remote KV store.</td>
     </tr>
-    <tr>
-      <td scope="row" data-label="Env var"><code>SURREAL_KVS_KEY</code></td>
-      <td scope="row" data-label="Command">surreal start</td>
-      <td scope="row" data-label="Argument">kvs-key</td>
-      <td scope="row" data-label="Details">Path to the private key file used when connecting to the remote KV store.</td>
-    </tr>
     <tr>
       <td scope="row" data-label="Env var"><code>SURREAL_KVS_CERT</code></td>
       <td scope="row" data-label="Command">surreal start</td>
       <td scope="row" data-label="Argument">kvs-cert</td>
       <td scope="row" data-label="Details">Path to the certificate file used when connecting to the remote KV store.</td>
     </tr>
+    <tr>
+      <td scope="row" data-label="Env var"><code>SURREAL_KVS_KEY</code></td>
+      <td scope="row" data-label="Command">surreal start</td>
+      <td scope="row" data-label="Argument">kvs-key</td>
+      <td scope="row" data-label="Details">Path to the private key file used when connecting to the remote KV store.</td>
+    </tr>
     <tr>
       <td scope="row" data-label="Env var"><code>SURREAL_LOG</code></td>
       <td scope="row" data-label="Command">surreal fix, start</td>