Crate systemprompt_security 

Security infrastructure for systemprompt.io.

Houses the request-level authentication primitives shared by the HTTP API and the runtime layer:

• Asymmetric signing key plane (keys) — the in-process TokenAuthority holds the active RSA keypair, exposes the public set for /.well-known/jwks.json, and caches federated JWKS documents under a bounded LRU with an HTTPS allowlist.
• JWT minting (jwt) for admin tokens and (session) for session-scoped tokens. Tokens are signed RS256 via TokenAuthority and carry a kid header; HS256 is rejected on validation.
• Token extraction (extraction) from Authorization headers, MCP proxy headers, and cookies.
• Request validation (auth) that turns those tokens into a systemprompt_models::execution::context::RequestContext, resolving non-self-issued tokens against profile.security.trusted_issuers and propagating the RFC 8693 act_chain onto the per-request context.
• At-rest hashing (at_rest) — hmac_sha256 / hmac_sha256_hex under the deployment oauth_at_rest_pepper, used to store refresh-token ids and authorisation codes as digests rather than plaintext.
• Bridge manifest signing (manifest_signing) with Ed25519 keys.
• Lightweight scanner / bot detection (services).
• Authorization decision plane (authz) — deny-overrides resolver, access_control_rules repository, and AuthzDecisionHook extension surface shared by the gateway and MCP enforcement sites.

All public fallible APIs return typed errors from error — anyhow is not used in any public signature.

Feature flags

This crate has no Cargo features; everything compiles by default.

Example

use systemprompt_models::auth::JwtAudience;
use systemprompt_security::AuthValidationService;

let svc = AuthValidationService::new("systemprompt.io".to_string(), JwtAudience::standard());
let _ctx = svc.validate_request(headers)?;

Re-exports

pub use at_rest::hmac_sha256;

pub use at_rest::hmac_sha256_hex;

pub use auth::AuthValidationService;

pub use auth::HookTokenValidator;

pub use auth::ValidatedHookClaims;

pub use authz::CompositeAuthzHook;

pub use error::AuthError;

pub use error::AuthResult;

pub use error::JwtError;

pub use error::JwtResult;

pub use error::ManifestSigningError;

pub use error::ManifestSigningResult;

pub use extraction::CookieExtractionError;

pub use extraction::CookieExtractor;

pub use extraction::ExtractionMethod;

pub use extraction::HeaderExtractor;

pub use extraction::HeaderInjectionError;

pub use extraction::HeaderInjector;

pub use extraction::TokenExtractionError;

pub use extraction::TokenExtractor;

pub use jwt::AdminTokenParams;

pub use jwt::JwtService;

pub use jwt::JwtUserContext;

pub use jwt::extract_user_context;

pub use services::ScannerDetector;

pub use session::SessionGenerator;

pub use session::SessionParams;

pub use session::ValidatedSessionClaims;

Modules

at_rest

At-rest hashing for secrets that must be looked up by exact match but must not survive a database read.

auth

Request validation: turns an axum::http::HeaderMap into a systemprompt_models::execution::context::RequestContext using a configured JWT secret, issuer, and audience set.

authz

Unified authorization decision plane.

error

Error types raised by the security infrastructure.

extraction

Token extraction from inbound HTTP requests and id-header injection.

jwt

JWT plane.

keys

RSA signing-key infrastructure for systemprompt.io’s federated JWT plane.

manifest_signing

Ed25519 signing of bridge manifests.

policy

Unified tool-use governance plane.

services

Stateless security services that don’t fit elsewhere — currently the ScannerDetector.

session

Session-scoped JWT minting and the validated-claims wrapper produced by crate::auth::AuthValidationService.

Macros

register_authz_hook

Register an extension authz hook factory at static-init time.