Security: Implement recursion depth limits and field allowlists for Advanced Search; add reference SQL exports.

app/routers/api_crud_v3.py

@@ -269,6 +269,9 @@ async def search_obj_li(
     if not table_name or not base_name:
         return mk_resp(data=False, status_code=500, response=response, status_message=f"Configuration for object type '{obj_name}' (view: {view}) is incomplete.")
 
+    # Get searchable fields for this object type
+    searchable_fields = obj_cfg.get('searchable_fields')
+
     if for_obj_type and for_obj_id:
         # Resolve parentage context for search
         resolved_for_obj_id = redis_lookup_id_random(record_id_random=for_obj_id, table_name=for_obj_type)
@@ -282,6 +285,7 @@ async def search_obj_li(
             enabled=status_filter.enabled,
             hidden=status_filter.hidden,
             search_query=search_query,
+            searchable_fields=searchable_fields,
             order_by_li=order_by_li,
             limit=pagination.limit,
             offset=pagination.offset,
@@ -293,6 +297,7 @@ async def search_obj_li(
             enabled=status_filter.enabled,
             hidden=status_filter.hidden,
             search_query=search_query,
+            searchable_fields=searchable_fields,
             order_by_li=order_by_li,
             limit=pagination.limit,
             offset=pagination.offset,