systemprompt_models/services/system_admin.rs
1//! System-admin identity: the explicit, validated owner row that the
2//! platform attributes system-initiated work to (scheduler bootstrap jobs,
3//! gateway telemetry, default MCP server owners).
4//!
5//! Resolution is a one-shot operation performed during runtime bootstrap:
6//! the profile-supplied [`SystemAdminConfig`] is looked up against the
7//! `users` table, validated (active, has `admin` role), and the resulting
8//! [`SystemAdmin`] is handed to `AppContext`. From there, every consumer
9//! that needs the platform owner takes it as a constructor argument; the
10//! only exception is logging attribution, which parks the value in a
11//! cell scoped to `systemprompt_logging`.
12
13use serde::{Deserialize, Serialize};
14use systemprompt_identifiers::UserId;
15
16/// Profile-supplied configuration for the platform owner. Must resolve at
17/// startup to an active user row carrying the `admin` role; the platform
18/// refuses to boot otherwise.
19#[derive(Debug, Clone, Serialize, Deserialize, schemars::JsonSchema)]
20#[serde(deny_unknown_fields)]
21pub struct SystemAdminConfig {
22 pub username: String,
23}
24
25/// Resolved system-admin handle threaded through `AppContext`. Holds the
26/// typed `UserId` of the actual `users` row, not a sentinel.
27#[derive(Debug, Clone)]
28pub struct SystemAdmin {
29 id: UserId,
30 username: String,
31}
32
33impl SystemAdmin {
34 #[must_use]
35 pub const fn new(id: UserId, username: String) -> Self {
36 Self { id, username }
37 }
38
39 #[must_use]
40 pub const fn id(&self) -> &UserId {
41 &self.id
42 }
43
44 #[must_use]
45 pub fn username(&self) -> &str {
46 &self.username
47 }
48}