systemprompt 0.21.1

Self-hosted AI governance infrastructure. The Rust library behind systemprompt.io: MCP-native tool-call governance, 6-tier RBAC, secret detection, full audit trails, SIEM-ready events. Provider-agnostic across Anthropic, OpenAI, Gemini, and local models. PostgreSQL, air-gap capable, BSL-1.1.
Documentation

systemprompt

The governance engine behind AI infrastructure you actually own. One Rust binary, one PostgreSQL, every agent and tool call through one audited path. This is the facade crate: it re-exports the systemprompt-core workspace behind feature flags.

Crates.io Docs.rs codecov License: BSL-1.1 Rust 1.94+ PostgreSQL 18+

Website · Documentation · Evaluation template · Discord

This README mirrors the systemprompt-core root README and is published to docs.rs. systemprompt re-exports the workspace crates behind feature flags; the full project documentation lives in the documentation/ directory.


Why this exists

Most teams govern AI one of two ways. They rent a dashboard, and someone else's infrastructure holds their prompts, their keys, and their audit trail. Or they build it themselves, and eighteen months later they are maintaining a distributed system instead of shipping.

This is the third option. systemprompt-core compiles to a single Rust binary you run on your own infrastructure, backed by the only state it has: a PostgreSQL database you own. Every agent, MCP tool call, and inference request passes through one authenticated, authorized, audited path: a synchronous in-process pipeline under 5 ms, writing an 18-column audit row for every decision. Credentials live in a ChaCha20-Poly1305 store and are injected only into tool child processes, never into the LLM context.

Zero outbound telemetry by default. Air-gap capable. Built for SOC 2 Type II, ISO 27001, HIPAA, and the OWASP Agentic Top 10.

Live capture: an agent tries to pass a GitHub PAT through a tool argument and is denied before the tool process spawns. Evaluating? Start with the MIT-licensed systemprompt-template: 43 scripted demos run every claim on your laptop.

Capabilities

Six surfaces, one binary, one authenticated and audited path.

Capability What it provides
A2A agents A standalone agent server speaking the agent-to-agent JSON-RPC protocol, with SSE streaming and .well-known discovery. Agents you host, not seats you rent.
MCP servers Model Context Protocol servers hosted natively over streamable HTTP. Each is an isolated OAuth2 resource server with scoped tools and its own access log.
OAuth2 / OIDC A built-in authorization server: OIDC discovery, PKCE (S256), WebAuthn, RS256 JWTs. No external identity dependency required to run.
Provider gateway A /v1 proxy (POST /v1/messages, GET /v1/models) that routes model patterns to any configured upstream. Swap providers without touching clients.
Extensions Compile-time Extension implementations registered with the inventory crate. Your code becomes part of your binary; no runtime plugin loading, nothing injected you didn't compile.
Governance Fail-closed (default-deny) authorization, secret detection, rate limiting, and structured audit logging correlated by trace_id. Every deny reason is a queryable row.

Use as a library

[dependencies]
systemprompt = { version = "0.21.1", features = ["full"] }
use systemprompt::prelude::*;
Feature Includes
core (default) traits, models, identifiers, extension
database PostgreSQL abstraction (DbPool)
api HTTP server and AppContext (requires core + database)
cli CLI entry point
full Everything: all domain modules + CLI
slack Slack integration (opt-in; not included in full)
teams Microsoft Teams integration (opt-in; not included in full)

The full per-feature matrix, including the finer-grained flags (config, mcp, events, security, runtime, and the rest), is on the docs.rs crate root.

Requirements

  • Rust 1.94+ (the workspace is edition 2024).
  • PostgreSQL 18+.
  • just to run the build recipes.

Quickstart (building from source)

git clone https://github.com/systempromptio/systemprompt-core.git
cd systemprompt-core
just build

# Generate a profile + secrets, provision the database, and migrate
./target/debug/systemprompt admin setup --environment local --migrate --yes

# Start the API server (binds 127.0.0.1:8080 by default)
./target/debug/systemprompt infra services start --api

Confirm it is serving:

curl -i http://127.0.0.1:8080/health   # 200 when the process and database are up
curl -s http://127.0.0.1:8080/api/v1   # discovery document of mounted surfaces

The full walkthrough is in documentation/getting-started.md.

Performance

Governance overhead benchmarked at 3,308 req/s burst with p99 latency of 22.7 ms: under 1% of AI response time. Reproduce it yourself with just benchmark in the evaluation template.

License

Business Source License 1.1 (BSL-1.1). Source-available for evaluation, testing, and non-production use; production use requires a commercial license. Each version converts to Apache-2.0 four years after its publication. You will always be able to read, audit, and eventually own this code. See LICENSE. Licensing enquiries: ed@systemprompt.io.

Security

Report vulnerabilities to ed@systemprompt.io, not via public issues. See SECURITY.md.


systemprompt.io · Documentation · Guides · Live Demo · Template · crates.io · docs.rs · Discord

Rent your control plane and you rent your audit trail. This one compiles.