Skip to main content

systemprompt_users/
lib.rs

1//! # systemprompt-users
2//!
3//! User management for the systemprompt.io AI governance platform. The crate
4//! provides:
5//!
6//! - **6-tier RBAC** — typed `UserRole` and policy-aware promotion/demotion
7//!   helpers in [`UserAdminService`].
8//! - **Sessions** — lifecycle management for browser, API, and anonymous
9//!   sessions including bulk-end and recent-activity queries.
10//! - **API keys** — issuance, hashing, and verification via [`ApiKeyService`].
11//! - **Device certificates** — enrollment and rotation via
12//!   [`DeviceCertService`].
13//! - **IP bans** — typed [`BannedIpRepository`] with metadata-aware queries.
14//! - **Cleanup job** — purges anonymous users past the retention window.
15//!
16//! ## Feature flags
17//!
18//! | Feature | Default | Effect |
19//! |---------|---------|--------|
20//! | _none_  | n/a     | The crate exposes a single feature surface; all modules are compiled unconditionally. The `[package.metadata.docs.rs] all-features = true` setting is retained so future feature additions automatically appear in published docs. |
21//!
22//! ## Layering
23//!
24//! `systemprompt-users` is a **domain** crate. It depends downward on
25//! `systemprompt-database`, `systemprompt-extension`, `systemprompt-models`,
26//! `systemprompt-traits`, `systemprompt-provider-contracts`, and
27//! `systemprompt-identifiers`.
28
29#![expect(
30    missing_debug_implementations,
31    reason = "service types in this crate hold pools/clients that intentionally do not implement \
32              Debug"
33)]
34
35pub mod error;
36pub(crate) mod extension;
37pub mod jobs;
38pub(crate) mod models;
39pub(crate) mod repository;
40pub(crate) mod services;
41
42pub use extension::UsersExtension;
43
44pub use error::{Result, UserError, UserResult};
45pub use models::{
46    NewApiKey, User, UserActivity, UserApiKey, UserCountBreakdown, UserDeviceCert, UserExport,
47    UserRole, UserSession, UserStats, UserStatus, UserWithSessions,
48};
49pub use repository::{
50    BanDuration, BanIpParams, BanIpWithMetadataParams, BannedIp, BannedIpRepository,
51    CreateApiKeyParams, EnrollDeviceCertParams, MergeResult, UserRepository,
52};
53pub use services::{
54    API_KEY_PREFIX, ApiKeyService, DemoteResult, DeviceCertService, EnrollDeviceCertServiceParams,
55    IssueApiKeyParams, PromoteResult, UpdateUserParams, UserAdminService, UserProviderImpl,
56    UserService,
57};
58
59pub use systemprompt_traits::auth::{RoleProvider, UserProvider};