Crate systemprompt

Expand description

§systemprompt

The facade crate for systemprompt-core: a self-hosted platform for running AI agents and MCP servers under one governed boundary.

This README mirrors the systemprompt-core root README and is published to docs.rs. systemprompt re-exports the workspace crates behind feature flags; see the full project documentation in the documentation/ directory.

systemprompt-core compiles to a single Rust binary that you run on your own infrastructure, backed by a PostgreSQL database you own. It hosts AI agents (A2A protocol), MCP servers, an OAuth2/OIDC authorization server, and a provider gateway behind one HTTP surface. Every request passes through one authenticated, authorized, and audited path. The binary holds no durable state and makes no outbound calls for governance operation; PostgreSQL is the only state, and secrets stay under your own key-management lifecycle.

§Capabilities

Capability	What it provides
A2A agents	A standalone agent server speaking the agent-to-agent JSON-RPC protocol with SSE streaming and `.well-known` discovery.
MCP servers	Model Context Protocol servers hosted natively over streamable HTTP, each with scoped tools, OAuth2, and an access log.
OAuth2 / OIDC	A built-in authorization server with OIDC discovery, PKCE (S256), and WebAuthn. JWTs are RS256.
Provider gateway	A `/v1` proxy (`POST /v1/messages`, `GET /v1/models`) that routes model patterns to a configured upstream provider.
Extensions	Compile-time `Extension` implementations registered with the `inventory` crate. No runtime plugin loading.
Governance	Fail-closed (default-deny) authorization hook, rate limiting, and structured audit logging correlated by `trace_id`.

§Requirements

Rust 1.85+ (the workspace is edition 2024).
PostgreSQL 18+.

§Use as a library

[dependencies]
systemprompt = { version = "0.14.0", features = ["full"] }

use systemprompt::prelude::*;

Feature	Includes
`core` (default)	traits, models, identifiers, extension
`database`	PostgreSQL abstraction (`DbPool`)
`api`	HTTP server and `AppContext` (requires `core` + `database`)
`cli`	CLI entry point
`full`	Everything: all domain modules + CLI

§Quickstart (building from source)

git clone https://github.com/systempromptio/systemprompt-core.git
cd systemprompt-core
just build

./target/debug/systemprompt admin setup --environment local --migrate --yes
./target/debug/systemprompt infra services start --api

curl -i http://127.0.0.1:8080/health   # 200 when the process and database are up
curl -s http://127.0.0.1:8080/api/v1   # discovery document of mounted surfaces

The full walkthrough is in documentation/getting-started.md.

§License

Business Source License 1.1 (BSL-1.1). Source-available for evaluation, testing, and non-production use; production use requires a commercial license. Each version converts to Apache-2.0 four years after its publication. See LICENSE. Licensing enquiries: ed@systemprompt.io.

§Security

Report vulnerabilities to ed@systemprompt.io, not via public issues. See SECURITY.md.

§Feature flags

Feature	Pulls in	Use case
`core` (default)	`traits`, `models`, `identifiers`, `extension`, `template-provider`	Author extensions, share types, no I/O.
`database`	`systemprompt-database`, `sqlx`	SQLx-backed `DbPool` and repository helpers.
`config`	`systemprompt-config`	Profile, secrets, and credential bootstrap loaders.
`mcp`	`rmcp`	Implement Model Context Protocol servers.
`api`	`systemprompt-api`, `systemprompt-runtime`, `axum` (implies `core` + `database`)	HTTP server, `AppContext`, Axum router.
`sync`	`systemprompt-sync`	Cloud synchronisation primitives.
`cloud`	`systemprompt-cloud`	Cloud API client, credentials bootstrap, OAuth.
`logging`	`systemprompt-logging`	Tracing setup with the workspace’s layer stack.
`loader`	`systemprompt-loader`	Filesystem and module discovery.
`events`	`systemprompt-events`	In-process event bus and SSE plumbing.
`client`	`systemprompt-client`	HTTP API client used by the CLI.
`security`	`systemprompt-security`	JWT, scope/RBAC, secret scanning, rate limit.
`cli`	`systemprompt-cli`	The `systemprompt` CLI as a library entry point.
`runtime`	`cli` + extension injection	`RuntimeBuilder` for embedding with custom extensions.
`test-utils`	`cloud`	Enables `cloud` for test scaffolding; not for production.
`full`	All of the above plus all domain crates (`agent`, `ai`, `mcp`, `oauth`, `users`, `content`, `analytics`, `scheduler`, `generator`, `files`)	Building a product binary.

systemprompt = { version = "0.10", features = ["full"] }

Re-exports§

pub use runtime::RuntimeBuilder;runtime
pub use runtime::RuntimeError;runtime
pub use crate::prelude::*;

Modules§

agentfull: Agent-to-Agent (A2A) protocol surface from systemprompt-agent — message types, task lifecycle, streaming server, agent registry.
aifull: LLM integration surface from systemprompt-ai — provider selection, request/response types, cost accounting.
analyticsfull: Analytics domain from systemprompt-analytics — request, conversation, agent, tool, cost metrics.
apiapi: HTTP server entry: Axum router, middleware stack, listener bootstrap.
clicli: CLI entry surface: run, CliConfig, OutputFormat, ColorMode, VerbosityLevel.
clientclient: HTTP API client used by the CLI and external tooling to drive a running instance.
cloudcloud: Cloud API client from systemprompt-cloud — credentials bootstrap, tenant management, deployment.
configconfig: Profile / secrets / credentials configuration loaders. Drives the ProfileBootstrap → SecretsBootstrap → CredentialsBootstrap → Config sequence.
contentfull: Content management domain from systemprompt-content — pages, articles, markdown ingestion.
credentialscloud: Cloud credentials bootstrap from systemprompt-cloud — loads OAuth client credentials and tenant identity at startup.
databasedatabase: SQLx-backed database abstraction: DbPool, DatabaseProvider, repositories, introspection.
eventsevents: In-process event bus and SSE broadcasting from systemprompt-events.
extensioncore: Compile-time extension framework: the Extension trait, typed variants, register_extension! macro, and registry.
filesfull: File-storage domain from systemprompt-files.
generatorfull: Static-site generator from systemprompt-generator — Tera-based renderer driving the web CLI domain.
identifierscore: Typed identifiers from systemprompt-identifiers (UserId, AgentId, TaskId, TraceId, …).
loaderloader: Filesystem and module discovery for services, plugins, and config files.
logginglogging: Tracing/logging setup helpers (startup-mode gating, layered subscribers).
marketplacefull: Marketplace filtering domain from systemprompt-marketplace — the MarketplaceFilter trait that gates per-user visibility of plugins, skills, agents, and managed MCP servers in the bridge manifest.
mcpfull: Model Context Protocol implementation from systemprompt-mcp — server orchestrator, network/proxy layer, RBAC middleware.
modelscore: I/O-free data models from systemprompt-models — config structs, profile types, domain DTOs.
oauthfull: OAuth2 / OIDC / WebAuthn flows from systemprompt-oauth.
prelude: Curated re-exports for ergonomic use systemprompt::prelude::*. See prelude for the full list. Curated re-exports for use systemprompt::prelude::*.
profilecore: Profile types — the on-disk profile schema (Profile, CloudConfig, ProfileStyle, CloudValidationMode) plus the ProfileBootstrap loader when the config feature is enabled.
runtimeruntime: RuntimeBuilder for embedding the platform with compile-time injected extensions and a custom web-asset strategy. Embedding helper for the systemprompt CLI.
schedulerfull: Background-job scheduler from systemprompt-scheduler.
securitysecurity: Security primitives: JWT verification, scope/RBAC, secret scanning, rate-limit middleware.
syncsync: Cloud synchronisation primitives from systemprompt-sync.
systemapi: Application runtime / AppContext wiring. Construct via AppContextBuilder from the prelude.
template_providercore: Template provider trait surface for custom rendering backends (Tera, Handlebars, MJML, …).
traitscore: Core trait surface from systemprompt-traits.
usersfull: User management domain from systemprompt-users — accounts, roles, scopes.

Enums§

WebAssetsruntime: WebAssets strategy re-export — controls how the runtime serves the static web bundle (in-binary, on-disk, or disabled). Web-asset serving strategy re-exported from systemprompt-extension.