systemprompt-security 0.12.0

Security infrastructure for systemprompt.io AI governance: JWT, OAuth2 token extraction, scope enforcement, ChaCha20-Poly1305 secret encryption, the four-layer tool-call governance pipeline, and the unified authz decision plane (deny-overrides resolver + AuthzDecisionHook) shared by gateway and MCP enforcement.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

//! [`AuthzAuditSink`] backed by [`GovernanceDecisionRepository`].
//!
//! Failure to insert is logged via `tracing::error!` but never propagates —
//! the calling hook has already decided; losing the audit row must not flip
//! a deny to an allow.

use async_trait::async_trait;
use systemprompt_identifiers::Actor;

use super::repository::{GovernanceDecisionRecord, GovernanceDecisionRepository};
use super::{AuthzAuditSink, AuthzSource};
use crate::authz::types::{AuthzDecision, AuthzRequest, DecisionTag};

#[derive(Debug, Clone)]
pub struct DbAuditSink {
    repo: GovernanceDecisionRepository,
}

impl DbAuditSink {
    pub const fn new(repo: GovernanceDecisionRepository) -> Self {
        Self { repo }
    }
}

#[async_trait]
impl AuthzAuditSink for DbAuditSink {
    async fn record(&self, req: &AuthzRequest, decision: &AuthzDecision, source: AuthzSource) {
        let id = uuid::Uuid::new_v4().to_string();
        let decision_tag = DecisionTag::from(decision);
        let reason_str = match decision {
            AuthzDecision::Allow => String::new(),
            AuthzDecision::Deny { reason, .. } => reason.to_string(),
        };
        let entity_type = req.entity.kind().as_str();
        let entity_id = req.entity.id_str();
        // JSON: audit blob constructed for core-side (non-template) authz
        // denies — same payload shape as template's `DecisionAudit`.
        let evaluated = serde_json::json!({
            "entity_type": entity_type,
            "entity_id": entity_id,
            "trace_id": req.trace_id.as_str(),
            "roles": req.roles,
            "attributes": req.attributes,
            "context": req.context,
            "source": format!("{:?}", source),
        });
        let actor = Actor::user(req.user_id.clone());
        let record = GovernanceDecisionRecord {
            id: &id,
            actor: &actor,
            session_id: req.trace_id.as_str(),
            tool_name: entity_id,
            agent_id: None,
            // Why: the authz path operates on entities (not agent invocations) so
            // there's no AccessScope to record. entity_type still flows into the
            // evaluated_rules JSON above for forensic lookup.
            agent_scope: None,
            decision: decision_tag,
            policy: source.policy(),
            reason: &reason_str,
            evaluated_rules: &evaluated,
            plugin_id: None,
            act_chain: &req.act_chain,
        };
        if let Err(err) = self.repo.insert(&record).await {
            tracing::error!(
                error = %err,
                policy = source.policy(),
                entity_type = %entity_type,
                entity_id = %entity_id,
                "failed to record core-side authz decision"
            );
        }
    }
}