systemprompt_users/lib.rs
1//! # systemprompt-users
2//!
3//! User management for the systemprompt.io AI governance platform. The crate
4//! provides:
5//!
6//! - **6-tier RBAC** — typed `UserRole` and policy-aware promotion/demotion
7//! helpers in [`UserAdminService`].
8//! - **Sessions** — lifecycle management for browser, API, and anonymous
9//! sessions including bulk-end and recent-activity queries.
10//! - **API keys** — issuance, hashing, and verification via [`ApiKeyService`].
11//! - **Device certificates** — enrollment and rotation via
12//! [`DeviceCertService`].
13//! - **IP bans** — typed [`BannedIpRepository`] with metadata-aware queries.
14//! - **Cleanup job** — purges anonymous users past the retention window.
15//!
16//! ## Feature flags
17//!
18//! | Feature | Default | Effect |
19//! |---------|---------|--------|
20//! | _none_ | n/a | The crate exposes a single feature surface; all modules are compiled unconditionally. The `[package.metadata.docs.rs] all-features = true` setting is retained so future feature additions automatically appear in published docs. |
21//!
22//! ## Layering
23//!
24//! `systemprompt-users` is a **domain** crate. It depends downward on
25//! `systemprompt-database`, `systemprompt-extension`, `systemprompt-models`,
26//! `systemprompt-traits`, `systemprompt-provider-contracts`, and
27//! `systemprompt-identifiers`.
28
29#![allow(missing_debug_implementations)]
30
31pub mod error;
32pub(crate) mod extension;
33pub mod jobs;
34pub(crate) mod models;
35pub(crate) mod repository;
36pub(crate) mod services;
37
38pub use extension::UsersExtension;
39
40pub use error::{Result, UserError, UserResult};
41pub use models::{
42 NewApiKey, User, UserActivity, UserApiKey, UserCountBreakdown, UserDeviceCert, UserExport,
43 UserRole, UserSession, UserStats, UserStatus, UserWithSessions,
44};
45pub use repository::{
46 BanDuration, BanIpParams, BanIpWithMetadataParams, BannedIp, BannedIpRepository,
47 CreateApiKeyParams, EnrollDeviceCertParams, MergeResult, UserRepository,
48};
49pub use services::{
50 API_KEY_PREFIX, ApiKeyService, DemoteResult, DeviceCertService, EnrollDeviceCertServiceParams,
51 IssueApiKeyParams, PromoteResult, UpdateUserParams, UserAdminService, UserProviderImpl,
52 UserService,
53};
54
55pub use systemprompt_traits::auth::{RoleProvider, UserProvider};