systemprompt-api 0.12.0

Axum-based HTTP server and API gateway for systemprompt.io AI governance infrastructure. Exposes governed agents, MCP, A2A, and admin endpoints with rate limiting and RBAC.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

//! `/.well-known/jwks.json` endpoint for the deployment's signing key.

use axum::extract::State;
use axum::response::IntoResponse;
use axum::routing::get;
use axum::{Json, Router};
use systemprompt_models::api::ApiError;
use systemprompt_models::modules::ApiPaths;
use systemprompt_runtime::AppContext;
use systemprompt_security::keys::{Jwks, authority};

use crate::services::middleware::RouterExt;

const JWKS_RATE_LIMIT_PER_SECOND: u64 = 2;

pub fn jwks_router(ctx: &AppContext) -> Router {
    Router::new()
        .route(ApiPaths::WELLKNOWN_JWKS, get(handle_jwks))
        .with_state(ctx.clone())
        .with_rate_limit(&ctx.config().rate_limits, JWKS_RATE_LIMIT_PER_SECOND)
}

async fn handle_jwks(State(_ctx): State<AppContext>) -> Result<impl IntoResponse, ApiError> {
    let jwks = match authority::signing_key() {
        Ok(key) => key.jwks(),
        Err(err) => {
            tracing::warn!(error = %err, "failed to load signing key for JWKS endpoint");
            Jwks { keys: vec![] }
        },
    };
    Ok(Json(jwks))
}