A self-hosted platform for running AI agents and MCP servers under one governed boundary.
systemprompt-core compiles to a single Rust binary that you run on your own infrastructure, backed by a PostgreSQL database you own. It hosts AI agents (A2A protocol), MCP servers, an OAuth2/OIDC authorization server, and a provider gateway behind one HTTP surface. Every request passes through one authenticated, authorized, and audited path. The binary holds no durable state and makes no outbound calls for governance operation; PostgreSQL is the only state, and secrets stay under your own key-management lifecycle.
| Capability | What it provides |
|---|---|
| A2A agents | A standalone agent server speaking the agent-to-agent JSON-RPC protocol with SSE streaming and .well-known discovery. |
| MCP servers | Model Context Protocol servers hosted natively over streamable HTTP, each with scoped tools, OAuth2, and an access log. |
| OAuth2 / OIDC | A built-in authorization server with OIDC discovery, PKCE (S256), and WebAuthn. JWTs are RS256. |
| Provider gateway | A /v1 proxy (POST /v1/messages, GET /v1/models) that routes model patterns to a configured upstream provider. |
| Extensions | Compile-time Extension implementations registered with the inventory crate. No runtime plugin loading. |
| Governance | Fail-closed (default-deny) authorization hook, rate limiting, and structured audit logging correlated by trace_id. |
- Rust 1.85+ (the workspace is edition 2024; the repository pins a nightly toolchain in
rust-toolchain.toml). - PostgreSQL 18+.
justto run the build recipes.
git clone https://github.com/systempromptio/systemprompt-core.git
cd systemprompt-core
just build
# Generate a profile + secrets, provision the database, and migrate
./target/debug/systemprompt admin setup --environment local --migrate --yes
# Start the API server (binds 127.0.0.1:8080 by default)
./target/debug/systemprompt infra services start --apiConfirm it is serving:
curl -i http://127.0.0.1:8080/health # 200 when the process and database are up
curl -s http://127.0.0.1:8080/api/v1 # discovery document of mounted surfacesThe full walkthrough is in documentation/getting-started.md.
The workspace publishes to crates.io as systemprompt-* crates behind the systemprompt facade.
[dependencies]
systemprompt = { version = "0.14", features = ["full"] }use systemprompt::prelude::*;| Feature | Includes |
|---|---|
core (default) |
traits, models, identifiers, extension |
database |
PostgreSQL abstraction (DbPool) |
api |
HTTP server and AppContext (requires core + database) |
cli |
CLI entry point |
full |
Everything: all domain modules + CLI |
- Overview — what the platform is and when to use it.
- Getting started — clean machine to a running server.
- Deploy in production — HA, backup, key rotation, monitoring.
- The top level of
documentation/holds the security and procurement evaluation pack.
Business Source License 1.1 (BSL-1.1). Source-available for evaluation, testing, and non-production use; production use requires a commercial license. Each version converts to Apache-2.0 four years after its publication. See LICENSE. Licensing enquiries: ed@systemprompt.io.
Report vulnerabilities to ed@systemprompt.io, not via public issues. See SECURITY.md.