Production infrastructure for AI agents
Website · Documentation · Guides · Core · Template · Discord
systemprompt-users
User management for systemprompt.io AI governance infrastructure. 6-tier RBAC, sessions, IP bans, and role-scoped access control for the MCP governance pipeline. Provides user CRUD, session management, bulk operations, and anonymous user lifecycle management.
Layer: Domain — business-logic modules that implement systemprompt.io features. Part of the systemprompt-core workspace.
Overview
Capabilities · Compliance
This crate provides user management functionality including:
- User CRUD operations with typed identifiers
- Session management (list, end, cleanup, existence checks)
- Role-based access control with policy-aware promotion/demotion
- API key issuance, hashing, and verification
- Device certificate enrollment and rotation
- IP banning with expiration and metadata tracking
- Anonymous user lifecycle management and scheduled cleanup
- Bulk operations and aggregate statistics
Usage
[]
= "0.9.2"
use DbPool;
use ;
let user_service = new?;
let user = user_service.find_by_email.await?;
let admins = user_service.find_by_role.await?;
let stats = user_service.get_stats.await?;
Directory Structure
src/
├── lib.rs # Crate docs, public exports
├── error.rs # UserError enum, Result / UserResult aliases
├── extension.rs # UsersExtension (schema + job registration)
├── models/
│ └── mod.rs # User, UserSession, UserActivity, UserStats,
│ # UserApiKey, UserDeviceCert, NewApiKey, UserExport
├── repository/
│ ├── mod.rs # UserRepository facade, MAX_PAGE_SIZE constant
│ ├── api_key.rs # API key persistence and lookup
│ ├── device_cert.rs # Device certificate persistence
│ ├── banned_ip/
│ │ ├── mod.rs # BannedIpRepository
│ │ ├── types.rs # BannedIp, BanDuration, BanIpParams,
│ │ │ # BanIpWithMetadataParams
│ │ ├── queries.rs # ban_ip, unban_ip, is_banned, get_ban,
│ │ │ # cleanup_expired
│ │ └── listing.rs # list_active_bans, list_bans_by_source,
│ │ # count_active_bans
│ └── user/
│ ├── mod.rs # Module exports
│ ├── find.rs # find_by_id, find_by_email, find_by_name,
│ │ # find_by_role
│ ├── list.rs # list, search, count, bulk operations
│ ├── stats.rs # count_by_status, count_by_role, get_stats
│ ├── operations.rs # create, update_*, delete, cleanup_old_anonymous
│ ├── merge.rs # merge_users, MergeResult
│ └── session.rs # list_sessions, end_session, end_all_sessions,
│ # session_exists
├── services/
│ ├── mod.rs # Service exports
│ ├── admin_service.rs # UserAdminService, PromoteResult, DemoteResult
│ ├── api_key_service.rs # ApiKeyService, IssueApiKeyParams,
│ │ # API_KEY_PREFIX
│ ├── device_cert_service.rs # DeviceCertService, EnrollDeviceCertServiceParams
│ ├── user_provider.rs # UserProviderImpl wrapper for trait-based access
│ └── user/
│ ├── mod.rs # UserService — primary service
│ └── provider.rs # UserProvider / RoleProvider impls
└── jobs/
├── mod.rs # Job exports
└── cleanup_anonymous_users.rs # CleanupAnonymousUsersJob (retention window)
Public Exports
Models
User— Core user entity with id, name, email, roles, statusUserSession— Session with timestamps and device infoUserActivity— User activity summary (last active, counts)UserWithSessions— User with active session countUserStats— Aggregate statistics (totals, breakdowns)UserCountBreakdown— Counts by status and roleUserApiKey— Stored API key recordNewApiKey— Plaintext key returned at issuanceUserDeviceCert— Stored device certificate recordUserExport— Export-friendly user representation
Enums
UserStatus— Active, Suspended, Deleted (re-exported fromsystemprompt-models)UserRole— Admin, User, Anonymous (re-exported fromsystemprompt-models)
Services
UserService— Primary service implementingUserProviderandRoleProviderUserAdminService— Admin operations (promote, demote)ApiKeyService— Issue, hash, and verify API keysDeviceCertService— Enroll and rotate device certificatesUserProviderImpl— Wrapper for trait-based dependency injection
Repositories
UserRepository— User database operationsBannedIpRepository— IP ban management
Types
UpdateUserParams— Multi-field user update structMergeResult— Result of merging two usersIssueApiKeyParams— Parameters forApiKeyService::issueEnrollDeviceCertServiceParams— Parameters forDeviceCertService::enrollCreateApiKeyParams— Repository-level API key creation parametersEnrollDeviceCertParams— Repository-level device cert parametersBanDuration— Hours, Days, or PermanentBanIpParams— Basic ban parametersBanIpWithMetadataParams— Ban with offense trackingBannedIp— Active ban recordPromoteResult/DemoteResult— Outcomes of admin role transitionsAPI_KEY_PREFIX— Canonical user-facing key prefix
Extension
UsersExtension— Schema and job registration entry point
Traits (re-exported)
UserProvider— User lookup and creationRoleProvider— Role management
Error Handling
UserError— Domain-specific errors (NotFound,EmailAlreadyExists, …)Result<T>/UserResult<T>— Aliases forstd::result::Result<T, UserError>
Dependencies
| Crate | Purpose |
|---|---|
systemprompt-database |
DbPool for database access |
systemprompt-extension |
Extension trait for schema/job registration |
systemprompt-traits |
UserProvider, RoleProvider, Job traits |
systemprompt-identifiers |
UserId, SessionId typed identifiers (sqlx feature) |
systemprompt-models |
UserRole, UserStatus enums |
systemprompt-provider-contracts |
Job registration macro |
License
BSL-1.1 (Business Source License). Source-available for evaluation, testing, and non-production use. Production use requires a commercial license. Each version converts to Apache 2.0 four years after publication. See LICENSE.
systemprompt.io · Documentation · Guides · Live Demo · Template · crates.io · docs.rs · Discord
Domain layer · Own how your organization uses AI.