https://github.com/systempromptio/systemprompt-template
AI Governance Infrastructure β local evaluation. The governance layer for AI agents: a single compiled Rust binary that authenticates, authorises, rate-limits, logs, and costs every AI interaction. Self-hosted, air-gap capable, provider-agnostic.
https://github.com/systempromptio/systemprompt-template
a2a agent-orchestration agentic-ai ai-agents ai-governance ai-infrastructure autonomous-agents boilerplate claude claude-code llm mcp mcp-server model-context-protocol oauth2 postgresql rust self-hosted starter template
Last synced: 28 days ago
JSON representation
AI Governance Infrastructure β local evaluation. The governance layer for AI agents: a single compiled Rust binary that authenticates, authorises, rate-limits, logs, and costs every AI interaction. Self-hosted, air-gap capable, provider-agnostic.
- Host: GitHub
- URL: https://github.com/systempromptio/systemprompt-template
- Owner: systempromptio
- License: other
- Created: 2025-12-11T12:29:41.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2026-05-21T10:47:08.000Z (about 1 month ago)
- Last Synced: 2026-05-21T18:43:36.115Z (about 1 month ago)
- Topics: a2a, agent-orchestration, agentic-ai, ai-agents, ai-governance, ai-infrastructure, autonomous-agents, boilerplate, claude, claude-code, llm, mcp, mcp-server, model-context-protocol, oauth2, postgresql, rust, self-hosted, starter, template
- Language: Rust
- Homepage: https://systemprompt.io
- Size: 9.84 MB
- Stars: 13
- Watchers: 0
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Agents: AGENTS.md
Awesome Lists containing this project
- awesome-claude-code-toolkit - systemprompt-template - - | Governance infrastructure for Claude Code. Single compiled Rust binary that authenticates, authorises, rate-limits, logs, and attributes costs for every AI interaction before it reaches a tool or database. Self-hosted, air-gap capable, MCP + A2A compatible. BSL-1.1 | (Ecosystem / GateGuard β Fact-Forcing PreToolUse Gate)
- awesome-a2a - systemprompt-template - 1.1` - Production-grade Rust runtime for hosting and governing MCP servers with A2A orchestration. Built-in 6-tier RBAC, secret detection (35+ patterns), rate limiting, audit logging, OAuth 2.0 + WebAuthn. Single binary (~50 MB), PostgreSQL only - no Kubernetes, no Redis. (π οΈ Tools & Libraries / ποΈ Frameworks & SDKs)
README
# Own how your organization uses AI.
One self-hosted binary governs inference, auditing, evals, and every tool call across your AI fleet. Native integration with Claude Cowork. Works with any agent, any model, any provider.
This repository is the evaluation template: clone it, compile it, point Claude for Work, Claude Code, or any Anthropic-SDK client at `http://localhost:8080`, and every request lands on a host you operate β on your network, in your air-gap, under your audit table. Single Rust binary, one PostgreSQL, four commands from `git clone` to serving inference. Built for SOC 2, ISO 27001, HIPAA, and the OWASP Agentic Top 10.
[](https://github.com/systempromptio/systemprompt-core)
[](LICENSE)
[](https://github.com/systempromptio/systemprompt-core/blob/main/LICENSE)
[](https://www.rust-lang.org/)
[](https://www.postgresql.org/)
[**systemprompt.io**](https://systemprompt.io) Β· [**Documentation**](https://systemprompt.io/documentation/) Β· [**Guides**](https://systemprompt.io/guides) Β· [**Enterprise factsheet (PDF)**](https://systemprompt.io/files/documents/systemprompt-io-enterprise-factsheet.pdf) Β· [**Discord**](https://discord.gg/wkAbSuPWpr)
Live capture of ./demo/governance/06-secret-breach.sh. Secret exfiltration attempt denied before spawn. One audit row written. No model touched the key.
---
## Quick start
```bash
git clone https://github.com/systempromptio/systemprompt-template
cd systemprompt-template
just setup-local [openai_key] [gemini_key] # writes profile, starts Postgres, runs publish pipeline
just start # serves governance + agents + MCP + admin on :8080
```
One AI key is required; the other two are optional. Running a second clone side-by-side? `just setup-local 8081 5433`. Discover the CLI with `systemprompt --help`.
Prerequisites
| Requirement | Purpose | Install |
|---|---|---|
| **Docker** | PostgreSQL runs in a container; `just setup-local` starts it | [docker.com](https://docs.docker.com/get-docker/) |
| **Rust 1.75+** | Compiles the workspace binary | [rustup.rs](https://rustup.rs/) |
| **`just`** | Task runner | [just.systems](https://just.systems/) |
| **`jq`, `yq`** | JSON and YAML processing in the scripts | `brew install jq yq` / `apt install jq yq` |
| **AI API keys** | One key per provider enabled in `services/ai/config.yaml`. Shipped config enables Anthropic, OpenAI, Gemini (default `gemini`). Disable providers you don't want or pass all three. | Provider dashboards |
| **Ports 8080 + 5432** | HTTP + PostgreSQL | Free on localhost |
---
What a CISO gets
- **A single query answers every AI audit.** Every request, scope decision, tool call, model output, and cost lands in one 18-column Postgres table. Six correlation columns (UserId, SessionId, TaskId, TraceId, ContextId, ClientId) bind identity at construction time, so a row without a trace is a programming error.
- **Credentials physically cannot enter the context window.** The governance process is the parent of every MCP tool subprocess. Keys are decrypted from a ChaCha20-Poly1305 store and injected into the child's environment by `Command::spawn()`. The parent, which owns the LLM context, never writes the value. 35+ regex patterns deny any tool call that tries to pass a secret through arguments.
- **Self-hosted, air-gap capable, single artifact.** One Rust binary. One PostgreSQL. No Redis, no Kafka, no Kubernetes, no SaaS handoff. The same binary runs on a laptop, a VM, and an air-gapped appliance without modification. Zero outbound telemetry by default.
- **Policy-as-code on PreToolUse hooks.** Destructive operations, blocklists, department scoping, six-tier RBAC (Admin, User, Service, A2A, MCP, Anonymous). Rate limiting at 300 req/min per session with role multipliers. Every deny reason is structured and auditable.
- **Certifications-ready, not certification-marketing.** Tiered log retention from debug (1 day) through error (90 days). 10 identity lifecycle event variants. SIEM-ready JSON events for Splunk, ELK, Datadog, Sumo. Built for **SOC 2 Type II**, **ISO 27001**, **HIPAA**, and the **OWASP Agentic Top 10**.
This repo is the evaluation template. Fork it, clone it, compile it. 43 scripted demos execute every claim above against the live binary on your own laptop.
What you'll see in the first five minutes
- **http://localhost:8080** β admin UI, live audit table, session viewer.
- **`systemprompt analytics overview`** β conversations, tool calls, costs in microdollars, anomalies flagged above 2x/3x of rolling average.
- **`systemprompt infra logs audit --full`** β the full trace for any request: identity, scope, rule evaluations, tool call, model output, cost. One query, one row, one answer.
- **Point Claude Code, Claude Desktop, or any MCP client at it.** Permissions follow the user, not the client. Try to exfiltrate a key through a tool argument and watch the secret-detection layer deny it before the tool process spawns.
- **`./demo/governance/06-secret-breach.sh`** β the scripted version of that denial, recorded above.
The scripted demos
```bash
./demo/00-preflight.sh # acquire token, verify services, create admin
./demo/01-seed-data.sh # populate analytics + trace data
# Governance β the audit line
./demo/governance/01-happy-path.sh # allowed tool call, full trace chain
./demo/governance/05-governance-denied.sh # scope check rejects out-of-role call
./demo/governance/06-secret-breach.sh # secret-detection blocks exfiltration
./demo/governance/07-rate-limiting.sh # 300 req/min per session enforced
./demo/governance/08-hooks.sh # PreToolUse policy-as-code
# Observability β the audit table
./demo/analytics/01-overview.sh # conversations, costs, anomalies
./demo/infrastructure/04-logs.sh # structured JSON events, SIEM-ready
# Scale β the overhead budget
./demo/performance/02-load-test.sh # 3,308 req/s burst, p99 22.7 ms
```
Full index: [`demo/README.md`](demo/README.md). 41 of 43 scripts are free; two cost ~$0.01 each (real model calls).
The governance pipeline
Every tool call passes five in-process checks, synchronously, before it reaches a tool process. Every decision lands in an 18-column audit row.
```
LLM Agent
β
βΌ
Governance pipeline (in-process, synchronous, <5 ms p99)
β
ββ 1. JWT validation (HS256, verified locally, offline-capable)
ββ 2. RBAC scope check (Admin Β· User Β· Service Β· A2A Β· MCP Β· Anonymous)
ββ 3. Secret detection (35+ regex: API keys, PATs, PEM, AWS prefixes)
ββ 4. Blocklist (destructive operation categories)
ββ 5. Rate limiting (300 req/min per session, role multipliers)
β
βΌ
ALLOW or DENY β 18-column audit row, always
β
βΌ (ALLOW)
spawn_server()
β
ββ decrypt secrets from ChaCha20-Poly1305 store
ββ inject into subprocess env vars only (never parent)
β
βΌ
MCP tool process credentials live here, never in the LLM context path
```
Run it: ./demo/governance/05-governance-denied.sh Β· Feature detail
How credential injection works
When a tool call passes the pipeline, `spawn_server()` decrypts credentials from the ChaCha20-Poly1305 store and injects them into the child process environment. The parent process β which owns the LLM context window β never writes the value.
Source: [`systemprompt-core/crates/domain/mcp/src/services/process/spawner.rs`](https://github.com/systempromptio/systemprompt-core/blob/main/crates/domain/mcp/src/services/process/spawner.rs).
```rust
let secrets = SecretsBootstrap::get()?;
let mut child_command = Command::new(&binary_path);
// Child env only. The parent (LLM context path) never touches the value.
if let Some(key) = &secrets.anthropic {
child_command.env("ANTHROPIC_API_KEY", key);
}
if let Some(key) = &secrets.github {
child_command.env("GITHUB_TOKEN", key);
}
// Detach; parent forgets the child after spawn.
let child = child_command.spawn()?;
std::mem::forget(child);
```
Before spawn, a secret-detection pipeline scans tool arguments for 35+ credential patterns. A tool call that tries to pass a secret through the context window is blocked even if the agent has scope to run the tool. The hero recording above is the scripted proof: `./demo/governance/06-secret-breach.sh`.
Performance
Sub-5 ms governance overhead, benchmarked. Each request performs JWT validation, scope resolution, three rule evaluations, and an async audit write.
| Metric | Result |
|---|---|
| Throughput | 3,308 req/s burst, sustained under 100 concurrent workers |
| p50 latency | 13.5 ms |
| p99 latency | 22.7 ms |
| Added to AI response time | <1% |
| GC pauses | Zero |
Reproduce: `just benchmark`. Numbers measured on the author's laptop.
Configuration & CLI
Runtime configuration is flat YAML under `services/`, loaded through `services/config/config.yaml`. Unknown keys fail loudly (`#[serde(deny_unknown_fields)]`). No database-stored config, no admin UI required. Every change is a diff.
```
services/
config/config.yaml Root aggregator
agents/.yaml Agent: scope, model, tool access
mcp/.yaml MCP server: OAuth2 config, scopes
skills/.yaml Skill: config + markdown instruction body
plugins/.yaml Plugin bindings (references agents, skills, MCP)
ai/config.yaml AI provider config (Anthropic, OpenAI, Gemini)
scheduler/config.yaml Background job schedule
web/config.yaml Web frontend, navigation, theme
content/config.yaml Content sources and indexing
```
Eight CLI domains cover every operational surface. No dashboard required for any task.
| Domain | Purpose |
|---|---|
| `core` | Skills, content, files, contexts, plugins, hooks, artifacts |
| `infra` | Services, database, jobs, logs |
| `admin` | Users, agents, config, setup, session, rate limits |
| `cloud` | Auth, deploy, sync, secrets, tenant, domain |
| `analytics` | Overview, conversations, agents, tools, requests, sessions, content, traffic, costs |
| `web` | Content types, templates, assets, sitemap, validate |
| `plugins` | Extensions, MCP servers, capabilities |
| `build` | Build core workspace and MCP extensions |
More recordings β infrastructure, integrations, analytics, agents, compliance, MCP governance
Each recording is a live capture of the named script running against the binary.
**Infrastructure** β one binary, one process, one database. Same artifact runs laptop to air-gap.
All data on your infrastructure, zero outbound telemetry Β· ./demo/infrastructure/01-services.sh Β· Feature
Profile YAML promotes environments without rebuilding Β· ./demo/cloud/01-cloud-overview.sh Β· Feature
Every operational surface has a CLI verb Β· ./demo/infrastructure/03-jobs.sh Β· Feature
MCP, OAuth 2.0, PostgreSQL, Git Β· zero proprietary protocols Β· ./demo/mcp/01-mcp-servers.sh Β· Feature
---
**MCP governance, analytics, closed-loop agents, compliance.**
Each MCP server is an isolated OAuth2 resource server with per-server scope validation Β· ./demo/mcp/02-mcp-access-tracking.sh Β· Feature
Nine analytics subcommands, anomaly detection, SIEM-ready JSON Β· ./demo/analytics/01-overview.sh Β· Feature
Agents query their own error rate, cost, and latency via MCP tools and adjust Β· ./demo/agents/04-agent-tracing.sh Β· Feature
Tiered retention, 10 identity lifecycle events, SOC 2 / ISO 27001 / HIPAA / OWASP Agentic Top 10 Β· ./demo/users/03-session-management.sh Β· Feature
---
**Integrations** β any provider, Claude Desktop, web publisher, extensions.
Anthropic, OpenAI, Gemini swap at the profile level Β· cost attribution in integer microdollars Β· ./demo/agents/01-list-agents.sh Β· Feature
Skills persist across sessions via OAuth2 Β· ./demo/skills/01-skill-lifecycle.sh Β· Feature
Same binary serves your website, blog, and docs Β· systemprompt.io runs on this binary Β· ./demo/web/01-web-config.sh Β· Feature
Your code compiles into your binary via the Extension trait Β· no runtime reflection Β· ./demo/skills/04-plugin-management.sh Β· Feature
3,308 req/s burst, p99 22.7 ms Β· just benchmark
Claude for Work, on your infrastructure
Claude for Work ships with extension points for inference, identity, and audit. Point them at this binary and every prompt, tool call, and cost line lands in a Postgres row you own.
```
Managed Device Enterprise Gateway Upstream Inference
(Cowork via MDM) (this binary, your VPC) (pluggable)
βββββββββββββββββ βββββββββββΆ βββββββββββββββββββββ βββββββΆ βββββββββββββββββ
Credential helper /v1/messages Anthropic direct
Managed MCP list Governance pipeline Bedrock / Vertex
Signed plugins Audit to Postgres OpenAI / Groq
On-prem vLLM / Qwen
Air-gap capable
```
Four governance layers enforce before a byte leaves your network:
- **Scope** β RBAC resolved from the JWT at request construction. Admin Β· User Β· Service Β· A2A Β· MCP Β· Anonymous.
- **Secrets** β 35+ regex patterns scan every tool argument and every prompt. A credential in the context path is denied before the tool process spawns.
- **Policy** β Blocklists, destructive-operation categories, tenant rules, PreToolUse hooks as code.
- **Quota** β 300 req/min per session with role multipliers; per-tool and per-budget limits.
In-process evaluation against a cached entitlement table. Governance stays out of the latency budget β p99 **22.7 ms**, <1% of AI response time.
### How it compares
| Dimension | Claude Enterprise | Cloud Custom | + systemprompt.io |
|---|---|---|---|
| **Data residency** | Anthropic infra | Cloud region | Your datacenter or air-gap |
| **Audit trail** | Anthropic-held | OTLP only | Prompt β tool β MCP β cost in your Postgres |
| **User revocation** | SSO / seat removal | Cloud IAM | IDP disable; next TTL fails closed |
| **Inference provider** | Anthropic only | Bedrock / Vertex (Claude) | Any `/v1/messages`, per-call routing |
| **MCP allowlist** | Anthropic-curated | Device-local config | One registry, per-principal policy |
| **Plugin catalogue** | Anthropic-hosted | Files on disk | Signed, scoped, versioned distribution |
Manual install is tested and works end-to-end today; signed installers, MDM packages, and Homebrew / winget distribution land in a later release. Install steps in the **Advanced** fold below.
Advanced β gateway routes, bridge install, org-plugins sync
Manual install is tested end-to-end. Automated distribution β signed installers, MDM packages, Homebrew / winget β is in progress; today you download a binary and drop a TOML file, documented below.
### `/v1/messages` inference gateway
`POST /v1/messages` at the Anthropic wire format. Every inference request flows through the same governance pipeline as every tool call β on infrastructure you operate.
- **SDK- and Claude-Desktop-compatible.** Authenticated with a systemprompt JWT in `x-api-key` (falls back to `Authorization: Bearer`). No new credential type β existing user JWTs serve as the gateway credential.
- **Routes by `model_pattern`.** Built-in tags: `anthropic`, `openai`, `moonshot` (Kimi), `qwen`, `gemini`, `minimax`. Anthropic is a transparent byte proxy (extended thinking, cache-control headers, SSE events preserved verbatim). OpenAI-compatible providers get full AnthropicβOpenAI request/response/SSE conversion. Upstream API keys resolve from the secrets file by name.
- **Zero overhead when disabled.** The `/v1` router mounts only if `gateway.enabled: true` in the active profile.
Profile YAML:
```yaml
gateway:
enabled: true
routes:
- model_pattern: "claude-*"
provider: anthropic
endpoint: "https://api.anthropic.com/v1"
api_key_secret: "anthropic_api_key"
- model_pattern: "moonshot-*"
provider: moonshot
endpoint: "https://api.moonshot.cn/v1"
api_key_secret: "kimi_api_key"
upstream_model: "moonshot-v1-8k"
- model_pattern: "MiniMax-*"
provider: minimax
endpoint: "https://api.minimax.io/anthropic"
api_key_secret: "minimax"
- model_pattern: "*"
provider: anthropic
endpoint: "https://api.anthropic.com/v1"
api_key_secret: "anthropic_api_key"
```
Routes evaluate in order; first `model_pattern` match wins. `upstream_model` aliases a client-requested model to a different upstream name without the client knowing.
**Bridge credential helper endpoints.** `systemprompt-bridge` is a standalone ~2.4 MB Rust binary (no `tokio`, no `sqlx`, no `axum`) that trades a lower-privilege credential for a short-lived JWT. Progressive capability ladder β mTLS β dashboard session β PAT β mounted under `/v1/gateway/auth/cowork/`:
- `POST /pat` β `Authorization: Bearer ` β `{token, ttl, headers}` with a fresh JWT and the canonical identity header map (`x-user-id`, `x-session-id`, `x-trace-id`, `x-client-id`, `x-tenant-id`, `x-policy-version`, `x-call-source`).
- `POST /session` β `501` (dashboard-cookie exchange not yet wired).
- `POST /mtls` β `501` (device-cert exchange not yet wired).
- `GET /capabilities` β `{"modes":["pat"]}`; probes advertise which exchange modes this deployment accepts.
The helper writes the signed JWT + expiry to the OS cache dir with mode `0600`. Stdout contract is exactly one JSON object; all diagnostics go to stderr. Released out-of-band as `bridge-v*` tags. Install / configure / wire-up steps below.
**Extensible provider registry.** `GatewayRoute.provider` is a free-form string resolved at dispatch time against a startup-built registry. Extension crates register new upstreams with:
```rust
inventory::submit! {
systemprompt_api::services::gateway::GatewayUpstreamRegistration {
tag: "my-provider",
factory: || std::sync::Arc::new(MyUpstream),
}
}
```
The `GatewayUpstream` trait (`async fn proxy(&self, ctx: UpstreamCtx<'_>)`) is the single integration seam. Built-in tags seeded automatically; extension tags may shadow built-ins (logged as a warning). Full detail: [`core/CHANGELOG.md`](https://github.com/systempromptio/systemprompt-core/blob/main/CHANGELOG.md#030---2026-04-22).
---
### Install the bridge credential helper
The `systemprompt-bridge` binary is the **Credential helper script** slot in Claude for Work. It turns a PAT into a short-lived JWT that Claude Desktop merges into every inference request routed at this binary. Download the prebuilt macOS, Windows, or Linux binary from [systempromptio/systemprompt-core releases](https://github.com/systempromptio/systemprompt-core/releases/tag/bridge-v0.9.0).
Current release: **[bridge-v0.9.0](https://github.com/systempromptio/systemprompt-core/releases/tag/bridge-v0.9.0)** β Linux x86_64, Windows x86_64 (MSVC ABI), macOS aarch64 (cosign-signed).
#### 1. Download
**Linux x86_64**
```bash
curl -fsSL -o /usr/local/bin/systemprompt-bridge \
https://github.com/systempromptio/systemprompt-core/releases/download/bridge-v0.9.0/systemprompt-bridge-x86_64-unknown-linux-gnu
chmod +x /usr/local/bin/systemprompt-bridge
curl -fsSL -O https://github.com/systempromptio/systemprompt-core/releases/download/bridge-v0.9.0/SHA256SUMS
sha256sum -c SHA256SUMS --ignore-missing
```
**Windows x86_64** (PowerShell as Administrator):
```powershell
$dir = "C:\Program Files\systemprompt"
New-Item -ItemType Directory -Force -Path $dir | Out-Null
Invoke-WebRequest `
-Uri "https://github.com/systempromptio/systemprompt-core/releases/download/bridge-v0.9.0/systemprompt-bridge-x86_64-pc-windows-msvc.exe" `
-OutFile "$dir\systemprompt-bridge.exe"
[Environment]::SetEnvironmentVariable("PATH", "$env:PATH;$dir", "User")
```
Windows Smart Screen will flag the unsigned binary on first run β "More info" β "Run anyway".
**macOS** (source build):
```bash
git clone https://github.com/systempromptio/systemprompt-core.git
cd systemprompt-core
cargo build --manifest-path bin/bridge/Cargo.toml --release \
--target "$(rustc -vV | awk '/host:/ {print $2}')"
sudo install -m 755 \
"bin/bridge/target/$(rustc -vV | awk '/host:/ {print $2}')/release/systemprompt-bridge" \
/usr/local/bin/
```
#### 2. Configure
Linux/macOS: `~/.config/systemprompt/systemprompt-bridge.toml`
Windows: `%APPDATA%\systemprompt\systemprompt-bridge.toml`
```toml
[gateway]
url = "http://localhost:8080" # for the local-trial template; swap to your production host
[pat]
token = "sp-live-your-personal-access-token"
```
Issue a PAT from the running binary with `systemprompt admin users pat issue --name bridge-laptop`. Absent config sections are silently skipped. Dev overrides: `SP_BRIDGE_GATEWAY_URL`, `SP_BRIDGE_PAT`.
#### 3. Verify
```bash
systemprompt-bridge # prints exactly one JSON {token, ttl, headers}
systemprompt-bridge --check # exits 0 if a token can be issued
```
Diagnostics go to stderr only. The stdout JSON matches Anthropic's `inferenceCredentialHelper` contract byte-for-byte.
#### 4. Point Claude Desktop at it
In Claude Desktop **Enterprise β Settings β Inference**:
- **Credential helper script**: `/usr/local/bin/systemprompt-bridge` (or `C:\Program Files\systemprompt\systemprompt-bridge.exe`).
- **API base URL**: the `gateway.url` from your TOML.
Every Claude Desktop request now lands a row in `ai_requests` with `user_id`, `tenant_id`, `session_id`, `trace_id`, tokens, cost, and latency β identical governance to every other tool call. Run `systemprompt infra logs audit --full` after a prompt to see the trace end-to-end.
#### 5. (Optional) Install the `org-plugins/` sync agent
The same binary manages the bridge's signed plugin / managed-MCP mount:
```bash
systemprompt-bridge install # register launchd (macOS) / scheduled task (Windows) / systemd --user (Linux)
systemprompt-bridge sync # pull signed plugin manifest + allowlist now
systemprompt-bridge validate # verify the ed25519 signature
systemprompt-bridge uninstall # remove
```
Mount targets: `/Library/Application Support/Claude/org-plugins/` (macOS), `C:\ProgramData\Claude\org-plugins\` (Windows), `${XDG_DATA_HOME:-$HOME/.local/share}/Claude/org-plugins/` (Linux).
---
## License
**This template** is [MIT](LICENSE). Fork it, modify it, use it however you like.
**[systemprompt-core](https://github.com/systempromptio/systemprompt-core)** is [BSL-1.1](https://github.com/systempromptio/systemprompt-core/blob/main/LICENSE): free for evaluation, testing, and non-production use. Production use requires a commercial license. Each version converts to Apache 2.0 four years after publication. Licensing enquiries: [ed@systemprompt.io](mailto:ed@systemprompt.io).
---
[](https://systemprompt.io) Β [](https://github.com/systempromptio/systemprompt-core) Β [](https://systemprompt.io/documentation/) Β [](https://systemprompt.io/guides) Β [](https://discord.gg/wkAbSuPWpr)
Own how your organization uses AI. Every interaction governed and provable.