systemprompt 0.1.24

systemprompt.io - Extensible AI agent orchestration framework
Documentation

The touchpoint between your AI and everything it does

Crates.io Docs.rs License: BSL-1.1 Rust Discord

Website · About · Documentation · Live Demo · Discord

systemprompt.io is a single compiled Rust binary that sits between your AI agents and everything they touch. Every tool call authenticated, authorised, rate-limited, logged, and costed. Self-hosted. Air-gap capable. Provider-agnostic.

One language. One database (PostgreSQL). One binary (~50MB). No microservices. No Kubernetes required. No Redis. No Kafka. No ElasticSearch.

Table of Contents

Why systemprompt.io

Govern every tool call. AI agents take actions on behalf of your people. Without governance, any agent can use any tool, access any data, and leak any credential. systemprompt.io enforces who can do what before it happens, not after.

Prove every decision. When the auditor asks what AI did and who authorised it, you query the answer. Full lineage from AI request to tool call to MCP execution, all linked by trace_id. Structured JSON for your SIEM.

Standardise every team. Your best AI workflows should not live in one developer's head. systemprompt.io is the skill library for your organisation: curated knowledge, governed plugins, consistent standards.

What this replaces

Problem Without systemprompt.io With systemprompt.io
AI governance Build from components (months) Deploy one binary (days)
Audit trails Policy documents Structured, queryable evidence
Secret management Secrets in context windows Server-side injection via MCP
Cost attribution No visibility Per-agent, per-model, per-department
Multi-provider Separate governance per provider One governance layer for all

Performance

200 concurrent governance requests benchmarked. Each performs JWT validation, scope resolution, three rule evaluations, and an async database write.

  • Sub-5ms p50 latency
  • Sub-10ms p99 latency
  • Zero garbage collector pauses
  • Throughput supports hundreds of concurrent developers on a single instance

See the live load test for full results.

Quick Start

# 1. Create from template
gh repo create my-project --template systempromptio/systemprompt-template --clone
cd my-project

# 2. Build
just build

# 3. Login
just login

# 4. Create tenant
just tenant

# 5. Start
just start

See systemprompt-template for full installation instructions.

Core Capabilities

Governance Pipeline

Synchronous four-layer evaluation on every tool call. Scope check, secret scan, blocklist, rate limit. All four layers evaluate in the request path. The tool call either passes all four layers and executes, or it is blocked. Single-digit milliseconds overhead.

Secrets Management

Secrets flow through MCP services, not inference endpoints. The agent calls the tool, the MCP service injects the credential server-side. The LLM never sees it. ChaCha20-Poly1305 encryption with per-user key hierarchy.

Analytics and Observability

Full audit trail from AI request to tool call to MCP execution to cost. Structured JSON events for Splunk, ELK, Datadog, and Sumo Logic. Cost tracking in microdollars by model, agent, and department.

MCP Governance

Per-server OAuth2, governed tool calls, central MCP server registry with health monitoring. Built on MCP natively, not proxied. Claude Desktop compatible.

Skill Marketplace

Curated library of your organisation's AI knowledge. Browse, install, create, and fork skills. Plugin bundles with governed distribution by role and department.

Self-Hosted Deployment

Single 50MB binary. Air-gapped, PostgreSQL only. Copy to a server, start it. That is the deployment.

Open Standards

  • MCP (Model Context Protocol) from Anthropic, implemented natively
  • A2A (Agent-to-Agent Protocol) from Google
  • OAuth2/OIDC with PKCE, token introspection, audience/issuer checks
  • WebAuthn for passwordless authentication

Config as Code

services/
├── agents/           # Agent definitions with OAuth scopes
├── mcp/              # MCP servers with per-tool permissions
├── skills/           # Skills and plugins
├── ai/               # Provider configs (Anthropic, OpenAI, Gemini)
├── content/          # Markdown content sources
├── scheduler/        # Cron jobs and background tasks
└── web/              # Theme, branding, navigation

MCP Client Support

Works with any MCP-compatible client: Claude Code, Claude Desktop, ChatGPT, Cursor, and more.

{
  "mcpServers": {
    "my-server": {
      "url": "https://my-tenant.systemprompt.io/api/v1/mcp/my-server/mcp",
      "transport": "streamable-http"
    }
  }
}

Discovery API

Endpoint Description
/.well-known/agent-card.json Default agent card
/.well-known/agent-cards List all available agents
/.well-known/agent-cards/{name} Specific agent card
/api/v1/agents/registry Full agent registry with status
/api/v1/mcp/registry All MCP servers with endpoints

CLI

# Send a message to an agent
systemprompt admin agents message blog "Write a post about MCP security"

# List available MCP tools
systemprompt admin agents tools content-manager

# Deploy to production
systemprompt cloud deploy --profile production

Architecture

Layered crate architecture. Dependencies flow downward only.

┌─────────────────────────────────────────────────────────┐
│  ENTRY: api, cli                                        │
├─────────────────────────────────────────────────────────┤
│  APP: runtime, scheduler, generator, sync               │
├─────────────────────────────────────────────────────────┤
│  DOMAIN: users, oauth, ai, agent, mcp, files, content   │
├─────────────────────────────────────────────────────────┤
│  INFRA: database, events, security, config, logging     │
├─────────────────────────────────────────────────────────┤
│  SHARED: models, traits, identifiers, extension         │
└─────────────────────────────────────────────────────────┘

Domain crates communicate via traits and events, not direct dependencies.

Extensions

Build your own extensions by adding the library to your Cargo.toml:

[dependencies]
systemprompt = { version = "0.0.1", features = ["full"] }

Available extension traits:

Trait Purpose
Extension Base trait: ID, name, version, dependencies
SchemaExtension Database table definitions
ApiExtension HTTP route handlers
ConfigExtensionTyped Config validation at startup
JobExtension Background job definitions
ProviderExtension Custom LLM/tool provider implementations 
use systemprompt_extension::*;

struct MyExtension;
impl Extension for MyExtension { ... }
impl ApiExtension for MyExtension { ... }

register_extension!(MyExtension);
register_api_extension!(MyExtension);

Extensions are discovered at compile time via the inventory crate. Your code compiles into your binary.

License

BSL-1.1 (Business Source License). Source-available for evaluation, testing, and non-production use. Production use requires a commercial license. Converts to Apache 2.0 four years after each version is published.

See LICENSE for full terms.

Links

For licensing enquiries: ed@systemprompt.io