systemprompt-security 0.12.0

Security infrastructure for systemprompt.io AI governance: JWT, OAuth2 token extraction, scope enforcement, ChaCha20-Poly1305 secret encryption, the four-layer tool-call governance pipeline, and the unified authz decision plane (deny-overrides resolver + AuthzDecisionHook) shared by gateway and MCP enforcement.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

//! Bearer-token decode for request-context middleware.
//!
//! [`extract_user_context`] validates a token's `kid`, enforces RS256, decodes
//! the [`JwtClaims`] payload, and re-derives `user_type` from `scope` so a
//! forged or mis-minted type claim cannot ride past the gate. It returns the
//! subset of claims the request-context layer consumes ([`JwtUserContext`]);
//! issuer / audience / `nbf` / leeway enforcement is the responsibility of
//! [`crate::AuthValidationService`], which is the path used for fully-trusted
//! session validation.

use jsonwebtoken::{Algorithm, Validation, decode, decode_header};
use std::collections::BTreeMap;
use systemprompt_identifiers::{Actor, ClientId, SessionId, UserId};
use systemprompt_models::auth::{JwtClaims, Permission, UserType};

use crate::error::{AuthError, AuthResult};
use crate::keys::authority;

#[derive(Debug, Clone)]
pub struct JwtUserContext {
    pub user_id: UserId,
    pub session_id: SessionId,
    pub role: Permission,
    pub user_type: UserType,
    pub client_id: Option<ClientId>,
    pub act_chain: Vec<Actor>,
    pub attributes: BTreeMap<String, serde_json::Value>,
    pub jti: String,
    pub exp: i64,
}

pub fn extract_user_context(token: &str) -> AuthResult<JwtUserContext> {
    let header = decode_header(token).map_err(AuthError::InvalidToken)?;
    if header.alg != Algorithm::RS256 {
        return Err(AuthError::UnsupportedAlgorithm);
    }
    let kid = header.kid.as_deref().ok_or(AuthError::MissingKid)?;
    let key = authority::decoding_key_for_kid(kid)
        .map_err(|e| AuthError::KeyLookup(e.to_string()))?
        .ok_or_else(|| AuthError::UnknownKid(kid.to_owned()))?;

    let mut validation = Validation::new(Algorithm::RS256);
    validation.validate_exp = true;
    validation.validate_aud = false;

    let claims = decode::<JwtClaims>(token, key, &validation)
        .map_err(AuthError::InvalidToken)?
        .claims;

    let session_id = claims.session_id.ok_or(AuthError::MissingSessionId)?;
    let role = *claims.scope.first().ok_or(AuthError::MissingScope)?;
    let derived_type = UserType::from_permissions(&claims.scope);
    if derived_type != claims.user_type {
        return Err(AuthError::UserTypeMismatch {
            claimed: claims.user_type,
            derived: derived_type,
        });
    }
    let act_chain = claims
        .act
        .as_ref()
        .map(systemprompt_models::auth::ActClaim::flatten_to_chain)
        .unwrap_or_default();

    Ok(JwtUserContext {
        user_id: UserId::new(claims.sub),
        session_id,
        role,
        user_type: derived_type,
        client_id: claims.client_id,
        act_chain,
        attributes: claims.attributes,
        jti: claims.jti,
        exp: claims.exp,
    })
}