systemprompt-security 0.9.0

Security infrastructure for systemprompt.io AI governance: JWT, OAuth2 token extraction, scope enforcement, ChaCha20-Poly1305 secret encryption, the four-layer tool-call governance pipeline, and the unified authz decision plane (deny-overrides resolver + AuthzDecisionHook) shared by gateway and MCP enforcement.

//! Token extraction from inbound HTTP requests and id-header injection.
//!
//! Three extractors cover the three transport contracts the API supports:
//! the `Authorization` bearer header, the MCP proxy header, and the
//! browser cookie. The [`HeaderInjector`] runs in the opposite direction
//! to stamp typed identifiers onto outbound requests.

mod cookie;
mod header;
mod token;

pub use cookie::{CookieExtractionError, CookieExtractor};
pub use header::{HeaderExtractor, HeaderInjectionError, HeaderInjector};
pub use token::{ExtractionMethod, TokenExtractionError, TokenExtractor};