Production infrastructure for AI agents
Website · Documentation · Guides · Core · Template · Discord
systemprompt-api
One audited path for every agent call, tool invocation, and model request your organization makes. This is the Axum server that runs it: governed agents, MCP, A2A, OAuth, the Claude gateway, marketplace, sync, analytics, and admin endpoints, all composed behind a single middleware stack with authentication, rate limiting, RBAC, content negotiation, and security headers.
Layer: Entry — application boundary. Part of the systemprompt-core workspace.
This crate exposes a public library surface (
ApiServer, route routers, middleware extractors) consumed byentry/cli.
Overview
The Entry layer turns an AppContext into a running Axum server. Responsibilities:
- Route mounting — every domain crate's router is composed under one tree by
services/server/routes/. - Middleware stack — JWT, sessions, CORS, IP ban, rate limiting, throttling, bot detection, analytics emission, context extraction, content negotiation, security headers, and trailing-slash normalization.
- Gateway — proxies Claude API traffic with quota enforcement, safety filtering, OTel ingest, audit, and pricing capture.
- Static content — serves the prebuilt web frontend with ETag, SPA fallback, and per-route session handling.
- Server lifecycle — readiness probes, agent reconciliation, and scheduler bootstrap.
Source layout
Top-level modules. docs.rs carries the file-level detail.
src/
├── lib.rs # Re-exports: HealthChecker, ContextMiddleware
├── routes/ # Per-domain HTTP routers, one module per surface (see Route surface)
└── services/ # Server lifecycle, middleware pipeline, gateway, proxy, static content (see Service surface)
| Module | Purpose |
|---|---|
routes |
One router module per surface (agent, gateway, oauth, mcp, proxy, messaging, and the rest), composed into a single tree by services/server/routes/. |
services/server |
ApiServer builder, route/extension/protocol/static mounting under routes/, readiness, lifecycle (agent reconciliation + scheduler), and the run_server entry point. |
services/middleware |
Request pipeline: JWT, session, context extraction, analytics, CORS, IP ban, rate limiting, throttling, bot detection, content negotiation, security headers, trailing-slash normalization. |
services/gateway |
ClaudeGatewayService: quota, audit, safety, pricing, protocol, stream tap, OTel capture. |
services/proxy |
ProxyEngine: client pool, backend transform, resolver, MCP session handling for upstream A2A and MCP targets. |
services/static_content |
SPA serving, homepage, static-file cache and response building, fallback routing. |
Route surface
| Module | Description |
|---|---|
admin |
CLI gateway and key-management endpoints. |
agent |
A2A protocol — artifacts, contexts, tasks, registry, webhook broadcasts, notifications. |
analytics |
Event ingestion, batch processing, and SSE streaming. |
content |
Blog, content queries, and link redirect tracking. |
engagement |
Engagement metrics fan-out from analytics events. |
gateway |
Claude API gateway: bridge auth/data/heartbeat/manifest/profile-usage/whoami, message dispatch, OTLP ingest. |
marketplace |
Marketplace catalog and asset endpoints. |
mcp |
MCP server registry. |
messaging |
Platform-agnostic inbound dispatch shared by chat platforms: identity, per-user A2A token minting, blocking message/send through the proxy, reply extraction. |
oauth |
OAuth2/OIDC authorize, token, clients, WebAuthn, discovery, and .well-known metadata. |
proxy |
Forwards requests to MCP servers and A2A agents through ProxyEngine. |
slack |
Slack inbound surface (/events, /commands, /interactivity): signature verification, ack, spawned dispatch, Block Kit reply. |
stream |
Server-Sent Events for live context updates. |
sync |
File and auth sync for offline-first clients (tar+gzip payloads). |
teams |
Microsoft Teams inbound surface (/messages): Bot Framework JWT validation, ack, spawned dispatch, Adaptive Card reply. |
users |
Self-service /me endpoints scoped to the caller, including session revocation. |
wellknown |
Standard discovery endpoints (agent cards, OAuth protected resource). |
Service surface
| Module | Description |
|---|---|
gateway |
Claude gateway service — quota, audit, safety, pricing, stream tap, OTel capture. |
health |
Process monitoring and HTTP health checks. |
middleware |
Request pipeline: JWT, session, context, analytics, CORS, IP ban, rate limiting, throttling, security headers, content negotiation, trailing-slash normalization. |
proxy |
HTTP client pool and request transformation for upstream MCP and A2A targets. |
server |
Builder, route tree, readiness, lifecycle (agent reconciliation + scheduler), and runner. |
static_content |
SPA serving, homepage, static-file cache and response building, fallback routing. |
Usage
[]
= "0.21"
use ;
use AppContext;
let ctx = new.await?;
run_server.await?;
Configuration
The API server is configured through systemprompt-runtime::Config and the active profile:
api_external_url— public URL advertised in discovery metadata.rate_limits— per-endpoint rate limit configuration.security.signing_key_path— RSA private key the in-processTokenAuthorityuses to sign RS256 access tokens. The matching public set is published at/.well-known/jwks.json;systemprompt admin keys generatemints the keypair.security.trusted_issuers— additional issuer → JWKS URI entries consulted by the RFC 8693 token-exchange grant when validating non-self-issued subject tokens.oauth_at_rest_pepper— HMAC pepper (>= 32 chars, loaded via the secrets bootstrap) under which refresh-token ids and authorisation codes are stored as HMAC-SHA-256 digests.cors— allowed origins.paths.system— root used bystatic_contentto locate prebuilt web assets.
Notes
- Handlers extract request data and delegate to domain services; no direct repository access.
- All routes are composed in
services/server/routes/; extensions are discovered viaservices/server/discovery.rs. - Middleware order is significant — see
services/server/builder.rs. - The gateway path mints a UUID v5
ContextIdfromGatewayConversationId; it does not read upstreamx-context-id. - Static content requires prebuilt web assets under the configured system path.
Dependencies
Internal crates
systemprompt-runtime— application context and configurationsystemprompt-oauth— authentication and session managementsystemprompt-agent— agent registry, A2A protocol, orchestrationsystemprompt-mcp— MCP server registry and proxysystemprompt-content— content repository and servingsystemprompt-analytics— session and event trackingsystemprompt-scheduler— background job executionsystemprompt-marketplace— marketplace catalogsystemprompt-ai— Claude gateway integrationssystemprompt-database— connection poolingsystemprompt-security— token extraction and validationsystemprompt-users— user services and IP banningsystemprompt-events— event broadcastingsystemprompt-files— file system configurationsystemprompt-extension— extension loading and routingsystemprompt-config,systemprompt-loader,systemprompt-logging,systemprompt-models,systemprompt-identifiers,systemprompt-traits
External crates
axum,tower,tower-http,tower_governor,governor— HTTP framework and middlewaretokio,tokio-stream,async-stream,futures-util— async runtimereqwest— upstream HTTP clientrmcp— MCP transportjsonwebtoken,webauthn-rs,bcrypt,ed25519-dalek— auth primitivesopentelemetry-proto,prost— OTLP ingestflate2,tar— sync payload (de)compressionsqlx— database access
License
BSL-1.1 (Business Source License). Source-available for evaluation, testing, and non-production use. Production use requires a commercial license. Each version converts to Apache 2.0 four years after publication. See LICENSE.
systemprompt.io · Documentation · Guides · Live Demo · Template · crates.io · docs.rs · Discord
Entry layer · Own how your organization uses AI.