systemprompt-config 0.8.0

Profile-based configuration for systemprompt.io AI governance infrastructure. Bootstraps profiles, secrets, and credentials with zero environment-variable fallback.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

//! Bootstrap sequence orchestration.
//!
//! This module provides type-safe bootstrap sequencing that enforces
//! initialization dependencies at compile time. The sequence ensures
//! that secrets cannot be initialized without a profile.

use std::marker::PhantomData;
use std::path::Path;

use crate::error::ConfigResult;

mod manifest;
mod profile;
mod secrets;

pub use manifest::{MANIFEST_SIGNING_SEED_BYTES, decode_seed, generate_seed, persist_seed};
pub use profile::{ProfileBootstrap, ProfileBootstrapError};
pub use secrets::{
    JWT_SECRET_MIN_LENGTH, SecretsBootstrap, SecretsBootstrapError, build_loaded_secrets_message,
    load_secrets_from_path, log_secrets_issue, log_secrets_skip, log_secrets_warn,
};

pub trait BootstrapState {}

#[derive(Debug, Clone, Copy)]
pub struct Uninitialized;
impl BootstrapState for Uninitialized {}

#[derive(Debug, Clone, Copy)]
pub struct ProfileInitialized;
impl BootstrapState for ProfileInitialized {}

#[derive(Debug, Clone, Copy)]
pub struct SecretsInitialized;
impl BootstrapState for SecretsInitialized {}

#[derive(Debug)]
pub struct BootstrapSequence<S: BootstrapState> {
    _state: PhantomData<S>,
}

impl Default for BootstrapSequence<Uninitialized> {
    fn default() -> Self {
        Self::new()
    }
}

impl BootstrapSequence<Uninitialized> {
    #[must_use]
    pub const fn new() -> Self {
        Self {
            _state: PhantomData,
        }
    }

    pub fn with_profile(self, path: &Path) -> ConfigResult<BootstrapSequence<ProfileInitialized>> {
        let Self { _state: _ } = self;
        ProfileBootstrap::init_from_path(path)?;

        Ok(BootstrapSequence {
            _state: PhantomData,
        })
    }

    #[must_use]
    pub const fn skip_profile(self) -> Self {
        self
    }
}

impl BootstrapSequence<ProfileInitialized> {
    pub fn with_secrets(self) -> ConfigResult<BootstrapSequence<SecretsInitialized>> {
        let Self { _state: _ } = self;
        SecretsBootstrap::init()?;

        Ok(BootstrapSequence {
            _state: PhantomData,
        })
    }

    #[must_use]
    pub const fn skip_secrets(self) -> Self {
        self
    }
}

impl BootstrapSequence<SecretsInitialized> {
    #[must_use]
    pub const fn complete(self) -> BootstrapComplete {
        let Self { _state: _ } = self;
        BootstrapComplete { _private: () }
    }
}

#[derive(Debug, Clone, Copy)]
pub struct BootstrapComplete {
    _private: (),
}

pub mod presets {
    use std::path::Path;

    use super::{BootstrapSequence, ProfileInitialized, SecretsInitialized, Uninitialized};
    use crate::error::ConfigResult;

    pub fn profile_and_secrets(
        profile_path: &Path,
    ) -> ConfigResult<BootstrapSequence<SecretsInitialized>> {
        BootstrapSequence::<Uninitialized>::new()
            .with_profile(profile_path)?
            .with_secrets()
    }

    pub fn profile_only(
        profile_path: &Path,
    ) -> ConfigResult<BootstrapSequence<ProfileInitialized>> {
        BootstrapSequence::<Uninitialized>::new().with_profile(profile_path)
    }
}