systemprompt 0.10.2

Self-hosted AI governance infrastructure. The Rust library behind systemprompt.io: MCP-native tool-call governance, 6-tier RBAC, secret detection, full audit trails, SIEM-ready events. Provider-agnostic across Anthropic, OpenAI, Gemini, and local models. PostgreSQL, air-gap capable, BSL-1.1.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

//! Embedding helper for the `systemprompt` CLI.
//!
//! [`RuntimeBuilder`] lets a custom binary inject [`Extension`] instances at
//! compile time, choose a [`WebAssets`] strategy, and then hand control to the
//! standard CLI entry point. It is the recommended way to embed the platform
//! when the default `cargo install systemprompt` binary is not enough.
//!
//! ```no_run
//! # #[cfg(all(feature = "runtime", feature = "core"))]
//! # async fn demo() -> Result<(), systemprompt::RuntimeError> {
//! use systemprompt::RuntimeBuilder;
//!
//! RuntimeBuilder::new().run().await
//! # }
//! ```

use std::sync::Arc;

use systemprompt_extension::Extension;
use systemprompt_extension::runtime_config::{
    InjectedExtensions, WebAssetsStrategy, set_injected_extensions,
};
use thiserror::Error;

/// Web-asset serving strategy re-exported from `systemprompt-extension`.
pub use systemprompt_extension::runtime_config::WebAssetsStrategy as WebAssets;

/// Typed error returned by [`RuntimeBuilder::run`].
#[derive(Debug, Error)]
pub enum RuntimeError {
    /// Extensions have already been injected for this process; calling
    /// [`RuntimeBuilder::run`] more than once per process is not supported.
    #[error(
        "InjectedExtensions already set: a RuntimeBuilder has already been run in this process"
    )]
    ExtensionsAlreadyInjected,

    /// The CLI exited with an error. Wraps the original CLI failure.
    #[error("CLI exited with error: {0}")]
    Cli(#[source] Box<dyn std::error::Error + Send + Sync>),
}

/// Fluent builder that wires extensions and a web-asset strategy into the CLI
/// before delegating to `systemprompt_cli::run`.
pub struct RuntimeBuilder {
    extensions: Vec<Arc<dyn Extension>>,
    web_assets: WebAssetsStrategy,
}

impl std::fmt::Debug for RuntimeBuilder {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("RuntimeBuilder")
            .field("extension_count", &self.extensions.len())
            .field("web_assets", &self.web_assets)
            .finish()
    }
}

impl RuntimeBuilder {
    /// Construct an empty builder with the default web-asset strategy.
    #[must_use]
    pub fn new() -> Self {
        Self {
            extensions: Vec::new(),
            web_assets: WebAssetsStrategy::default(),
        }
    }

    /// Register an extension by type, instantiating it via
    /// [`Default::default`].
    #[must_use]
    pub fn with_extension<E: Extension + Default + 'static>(mut self) -> Self {
        self.extensions.push(Arc::new(E::default()));
        self
    }

    /// Register a pre-constructed extension instance.
    #[must_use]
    pub fn with_extension_instance(mut self, ext: Arc<dyn Extension>) -> Self {
        self.extensions.push(ext);
        self
    }

    /// Override the web-asset strategy used by the runtime.
    #[must_use]
    pub fn with_web_assets(mut self, strategy: WebAssetsStrategy) -> Self {
        self.web_assets = strategy;
        self
    }

    /// Inject the configured extensions and run the CLI.
    ///
    /// # Errors
    ///
    /// Returns [`RuntimeError::ExtensionsAlreadyInjected`] if a previous call
    /// to `run` already initialised the global injection slot, or
    /// [`RuntimeError::Cli`] if the CLI itself exits with an error.
    pub async fn run(self) -> Result<(), RuntimeError> {
        let config = InjectedExtensions {
            extensions: self.extensions,
            web_assets: self.web_assets,
        };
        set_injected_extensions(config).map_err(|_| RuntimeError::ExtensionsAlreadyInjected)?;
        Box::pin(systemprompt_cli::run())
            .await
            .map_err(|err| RuntimeError::Cli(err.into()))
    }
}

impl Default for RuntimeBuilder {
    fn default() -> Self {
        Self::new()
    }
}