systemprompt-ai 0.11.0

Provider-agnostic LLM integration for systemprompt.io AI governance — Anthropic, OpenAI, Gemini, and local models unified behind one governed pipeline with cost tracking and audit.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

//! Filesystem entry point for gateway-policy bootstrap.
//!
//! Reads `services/ai/gateway-policies.yaml` and projects it into
//! `ai_gateway_policies`. Mirrors the access-control YAML loader: the YAML is
//! the version-controlled source of truth, ingested at every server boot.
//! A missing file is a no-op (an instance simply runs with no policies, i.e.
//! permissive).

use std::path::Path;

use systemprompt_database::DbPool;

use super::config::GatewayPolicyConfig;
use super::ingestion::{GatewayPolicyIngestionService, IngestOptions, IngestReport};
use crate::error::RepositoryError;

/// Path of the gateway-policy config relative to the `services/` directory.
pub const GATEWAY_POLICIES_FILE: &str = "ai/gateway-policies.yaml";

/// Read `services/ai/gateway-policies.yaml` (if present) and ingest it.
///
/// `override_existing` and `delete_orphans` are both `true`: the YAML is the
/// authoritative source, so every boot reconciles the DB to match it exactly.
pub async fn load_from_yaml(
    db: &DbPool,
    services_path: &Path,
) -> Result<IngestReport, RepositoryError> {
    let path = services_path.join(GATEWAY_POLICIES_FILE);
    let content = match std::fs::read_to_string(&path) {
        Ok(content) => content,
        Err(err) if err.kind() == std::io::ErrorKind::NotFound => {
            tracing::debug!(
                path = %path.display(),
                "no gateway-policy config — running with no gateway policies"
            );
            return Ok(IngestReport::default());
        },
        Err(err) => {
            return Err(RepositoryError::InvalidData {
                field: GATEWAY_POLICIES_FILE.to_owned(),
                reason: err.to_string(),
            });
        },
    };

    let cfg: GatewayPolicyConfig =
        serde_yaml::from_str(&content).map_err(|err| RepositoryError::InvalidData {
            field: GATEWAY_POLICIES_FILE.to_owned(),
            reason: err.to_string(),
        })?;

    let service = GatewayPolicyIngestionService::new(db)?;
    service
        .ingest_config(
            &cfg,
            IngestOptions {
                override_existing: true,
                delete_orphans: true,
            },
        )
        .await
}