systemprompt-models 0.12.1

Foundation data models for systemprompt.io AI governance infrastructure. Shared DTOs, config, and domain types consumed by every layer of the MCP governance pipeline.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216

use std::path::{Path, PathBuf};

use serde::{Deserialize, Serialize};

use super::catalog::GatewayCatalog;
use super::error::{GatewayProfileError, GatewayResult};
use super::route::GatewayRoute;

/// On-disk gateway configuration: the exact shape accepted under
/// `gateway:` in a profile YAML document.
///
/// Produced by serde deserialization; never holds a loaded catalog.
/// Project to the runtime [`GatewayConfig`] via [`Self::resolve`] once a
/// `profile_dir` is available.
#[derive(Debug, Clone, Serialize, Deserialize, schemars::JsonSchema)]
#[serde(deny_unknown_fields)]
pub struct GatewayConfigSpec {
    #[serde(default)]
    pub enabled: bool,
    #[serde(default)]
    pub routes: Vec<GatewayRoute>,
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub catalog: Option<GatewayCatalogSource>,
    #[serde(default = "default_auth_scheme")]
    pub auth_scheme: String,
    #[serde(default = "default_inference_path_prefix")]
    pub inference_path_prefix: String,
}

/// Where a `gateway.catalog` block sources its providers and models.
///
/// Untagged: variants are disambiguated by their required keys.
/// `{ path: "..." }` reads an external catalog YAML; the inline form
/// carries `providers:` and `models:` directly.
#[derive(Debug, Clone, Serialize, Deserialize, schemars::JsonSchema)]
#[serde(untagged, deny_unknown_fields)]
pub enum GatewayCatalogSource {
    Path { path: PathBuf },
    Inline(GatewayCatalog),
}

impl Default for GatewayConfigSpec {
    fn default() -> Self {
        Self {
            enabled: false,
            routes: Vec::new(),
            catalog: None,
            auth_scheme: default_auth_scheme(),
            inference_path_prefix: default_inference_path_prefix(),
        }
    }
}

fn default_auth_scheme() -> String {
    "bearer".to_owned()
}

fn default_inference_path_prefix() -> String {
    "/v1".to_owned()
}

impl GatewayConfigSpec {
    /// Project the on-disk spec to the runtime [`GatewayConfig`] by reading
    /// and validating any external catalog file referenced by
    /// [`GatewayCatalogSource::Path`].
    pub fn resolve(self, profile_dir: &Path) -> GatewayResult<GatewayConfig> {
        let Self {
            enabled,
            routes,
            catalog,
            auth_scheme,
            inference_path_prefix,
        } = self;

        let catalog = match catalog {
            None => None,
            Some(GatewayCatalogSource::Inline(c)) => {
                c.validate()?;
                Some(c)
            },
            Some(GatewayCatalogSource::Path { path: rel }) => {
                let absolute = if rel.is_absolute() {
                    rel
                } else {
                    profile_dir.join(rel)
                };
                let content = std::fs::read_to_string(&absolute).map_err(|source| {
                    GatewayProfileError::CatalogRead {
                        path: absolute.clone(),
                        source,
                    }
                })?;
                let parsed: GatewayCatalog = serde_yaml::from_str(&content).map_err(|source| {
                    GatewayProfileError::CatalogParse {
                        path: absolute.clone(),
                        source,
                    }
                })?;
                parsed
                    .validate()
                    .map_err(|source| GatewayProfileError::CatalogInvalid {
                        path: absolute.clone(),
                        source: Box::new(source),
                    })?;
                Some(parsed)
            },
        };

        Ok(GatewayConfig {
            enabled,
            routes,
            catalog,
            auth_scheme,
            inference_path_prefix,
        })
    }
}

/// Runtime gateway configuration: the post-resolution shape every
/// non-loader caller sees. The `catalog` field, when present, is fully
/// loaded — `Path` indirection has already been resolved.
///
/// Not `Deserialize`: the only legal construction paths are
/// [`GatewayConfigSpec::resolve`] for the production loader and direct
/// struct-literal construction in tests.
#[derive(Debug, Clone)]
pub struct GatewayConfig {
    pub enabled: bool,
    pub routes: Vec<GatewayRoute>,
    pub catalog: Option<GatewayCatalog>,
    pub auth_scheme: String,
    pub inference_path_prefix: String,
}

impl Default for GatewayConfig {
    fn default() -> Self {
        Self {
            enabled: false,
            routes: Vec::new(),
            catalog: None,
            auth_scheme: default_auth_scheme(),
            inference_path_prefix: default_inference_path_prefix(),
        }
    }
}

impl GatewayConfig {
    pub fn find_route(&self, model: &str) -> Option<&GatewayRoute> {
        self.routes.iter().find(|route| route.matches(model))
    }

    #[must_use]
    pub fn is_model_exposed(&self, model: &str) -> bool {
        self.catalog
            .as_ref()
            .is_none_or(|c| c.contains_model(model))
    }

    pub fn validate(&self) -> GatewayResult<()> {
        let mut route_ids: std::collections::HashSet<&str> =
            std::collections::HashSet::with_capacity(self.routes.len());
        for route in &self.routes {
            if !route_ids.insert(route.id.as_str()) {
                return Err(GatewayProfileError::DuplicateRouteId {
                    id: route.id.as_str().to_owned(),
                });
            }
        }
        let Some(catalog) = self.catalog.as_ref() else {
            return Ok(());
        };
        catalog.validate()?;
        for route in &self.routes {
            if catalog.find_provider(route.provider.as_str()).is_none() {
                return Err(GatewayProfileError::RouteProviderNotInCatalog {
                    route: route.model_pattern.clone(),
                    provider: route.provider.as_str().to_owned(),
                });
            }
        }
        let mut seen = std::collections::HashSet::with_capacity(catalog.models.len());
        for model in &catalog.models {
            if !seen.insert(model.id.as_str()) {
                return Err(GatewayProfileError::DuplicateModelId {
                    id: model.id.as_str().to_owned(),
                });
            }
            for alias in &model.aliases {
                if !seen.insert(alias.as_str()) {
                    return Err(GatewayProfileError::DuplicateModelId {
                        id: alias.as_str().to_owned(),
                    });
                }
            }
            if !self.routes.iter().any(|r| r.matches(model.id.as_str())) {
                return Err(GatewayProfileError::UnreachableModel {
                    model: model.id.as_str().to_owned(),
                });
            }
        }
        Ok(())
    }

    /// Convert a runtime config back to the on-disk spec form, inlining the
    /// loaded catalog. Used when persisting a resolved profile back to YAML.
    #[must_use]
    pub fn to_spec(&self) -> GatewayConfigSpec {
        GatewayConfigSpec {
            enabled: self.enabled,
            routes: self.routes.clone(),
            catalog: self.catalog.clone().map(GatewayCatalogSource::Inline),
            auth_scheme: self.auth_scheme.clone(),
            inference_path_prefix: self.inference_path_prefix.clone(),
        }
    }
}