The Demo-to-Production Gap
There is a lie at the heart of the AI agent space. We see the slick demos. The flawless walkthroughs. The promise of autonomous systems doing complex work. It looks magical.
Then you try to build one for production.
It falls apart. The demo was a carefully curated path, but the real world is messy. The agent can't handle edge cases, hallucinates, gets stuck in loops. What looked like a powerful tool in a video turns out to be a fragile toy in your hands.
The problem isn't the models or the prompts. The problem is the foundation. We are building AI agents on infrastructure designed for last decade's web applications, or worse, on opinionated Python frameworks that promise simplicity but deliver dependency hell.
It's time for production infrastructure built for AI. This is why we built systemprompt.io.
The Gap: Why Your Agent Breaks
The journey from a Jupyter notebook to a production system is a graveyard of good intentions. An agent that works perfectly on your local machine becomes an unpredictable, unmanageable liability when exposed to real users and real data. Why? Because the challenges of production AI are unique, and existing tools (whether ad-hoc scripts or heavyweight Python frameworks) are hopelessly unequipped to handle them.
The framework approach fails first. Tools like LangChain promise rapid development but deliver an opinionated mesh of abstractions that obscure what's actually happening. When something breaks (and it will), you're debugging through layers of magic you don't control. The framework owns your code; you're just renting space in its paradigm.
Ad-hoc solutions fail next. People stitch together a web server like Flask, a task queue like Celery, a database, and some custom Python scripts. It works for a single user, in a single session. Then the complexity explodes.
-
State Management is a Nightmare. AI agents are inherently stateful. They need to remember past interactions, user preferences, and the context of ongoing tasks. Traditional web frameworks are built around a stateless request-response model. Trying to manage long-term agent state across multiple interactions in this environment leads to horrific spaghetti code, database tables that are impossible to reason about, and a system that constantly loses context.
-
Orchestration is Brittle. A real agent isn't a single LLM call. It's a workflow. A sequence of steps involving different models, tools, and data sources. Orchestrating these workflows requires more than a simple task queue. You need robust error handling, retries with exponential backoff, and the ability to monitor and debug complex, long-running processes. Most custom solutions bolt this on as an afterthought, and it shows. The system becomes a house of cards, where one failed API call can bring the entire process crashing down.
-
Security is an Afterthought. An agent connected to internal APIs, databases, and third-party services is a massive attack surface. How do you handle authentication and authorisation? How do you ensure one user's agent can't access another user's data? This is the challenge of multi-tenancy, a notoriously difficult problem to solve correctly. Slapping on a simple API key is not a solution. You need enterprise-grade security from day one, built into the core of the platform. You need standards like OAuth2 and OpenID Connect (OIDC) that are proven to work at scale.
-
Multi-Tenancy Will Break You. Running agents for multiple users or customers on the same infrastructure is non-trivial. You need strict data isolation, resource management to prevent one noisy tenant from affecting others, and a flexible configuration system to manage different settings for each tenant. Existing platforms, designed for single-application deployments, simply do not have the architectural constructs to handle this gracefully. You end up building a complex, bespoke multi-tenancy layer that you now have to maintain forever. It's a huge distraction from building your actual product.
These are not minor issues. They are fundamental architectural problems. Using a generic web framework to build an AI agent system is like trying to build a distributed database using Microsoft Access. You are starting with the wrong primitives. You are fighting your tools every step of the way. The result is always the same. A system that is slow, insecure, and impossible to scale or maintain.
systemprompt.io: Production Infrastructure for AI
We built systemprompt.io out of necessity. We experienced all these problems firsthand and realised the entire ecosystem was missing a critical layer. We needed a platform designed specifically for the unique demands of production AI agents. Not another Python library or a visual workflow builder. We needed bedrock. Infrastructure.
systemprompt.io is the definitive production infrastructure for AI agents. It is not a framework. It is a library: embedded code that you own and extend. A solid foundation that gets out of your way, providing the core services you need so you can focus on building intelligent applications.
Here is what it is, and why it matters.
A Compact 50MB Rust Binary
systemprompt.io is delivered as a single, self-contained 50MB binary, built in Rust. This isn't just a technical curiosity. It's a philosophical statement.
- Performance is Paramount. Rust provides near-native speed and incredible efficiency. Your agents run faster, with lower latency and reduced resource consumption. This translates directly to a better user experience and lower cloud bills. The performance of Rust is a key reason for its adoption in high-performance systems.
- Security by Default. Rust's focus on memory safety eliminates entire classes of common vulnerabilities that plague systems written in languages like C++ or Python. This, combined with a minimal dependency footprint, dramatically reduces the system's attack surface.
- Simplicity in Deployment. No more wrestling with Python virtual environments, dependency hell, or massive Docker images. You deploy a single binary. You configure it. You run it. That's it. This simplifies your CI/CD pipelines and makes operations a breeze.
A Library, Not a Framework
This distinction matters. Frameworks dictate. Libraries serve.
A framework demands you work within its paradigm. It owns your application's structure, controls the execution flow, and forces you to conform to its opinions. When something goes wrong, you're at the mercy of abstractions you didn't write.
systemprompt.io is a library. It is embedded code that you own and extend. You call systemprompt.io; it doesn't call you.
This means:
- You can debug it. When something breaks, you trace through code you understand. No framework stack traces twenty layers deep.
- You can modify it. Don't like how something works? Change it. The code is yours.
- You can trust it. Predictable behaviour, explicit dependencies, no surprises at runtime.
The Python AI ecosystem is littered with frameworks that promise to simplify agent development. They deliver the opposite: a maze of abstractions, implicit state, and dependency conflicts. systemprompt.io rejects this approach entirely. We give you infrastructure primitives, not opinions about how your agent should work.
Robust, Integrated Authentication
Security is not a feature you add later. It is the first principle of systemprompt.io. We provide built-in, enterprise-grade authentication that is ready for the most demanding environments.
- OAuth2/OIDC for Users and Services: We have a complete, built-in OAuth2 and OpenID Connect provider. This is the industry standard for secure authentication and authorisation, used by companies like Google, Microsoft, and Amazon. It allows for secure user logins, service-to-service authentication, and fine-grained access control for all your agent's APIs and resources.
- WebAuthn for Passwordless Security: We also support the WebAuthn standard for passwordless authentication, allowing users to log in using biometrics (like Face ID or Windows Hello) or hardware security keys. This provides the highest level of security while also improving the user experience.
This is not a third-party library you bolt on and hope integrates correctly. It's not a Python package with its own dependency tree conflicting with yours. Authentication is part of the infrastructure. The same binary, the same codebase, the same deployment. You configure it; it works.
Native Hosting for the Model Context Protocol (MCP)
Agents need to talk to each other. They also need to talk to the underlying system. The Model Context Protocol (MCP) is an emerging standard for this communication. It provides a structured way for models and agents to exchange information, capabilities, and context. systemprompt.io includes a native MCP server, making it a first-class citizen of the platform. This facilitates structured, reliable communication between your agents and the outside world.
Seamless Agent-to-Agent (A2A) Communication
Beyond MCP, systemprompt.io implements a dedicated Agent-to-Agent (A2A) communication protocol. This allows your agents, even those running on different machines, to discover each other and communicate reliably. This is essential for building complex, multi-agent systems where different specialised agents need to collaborate to solve a problem. It moves us away from brittle, ad-hoc REST calls and towards a more robust and discoverable communication fabric, a concept explored in various multi-agent system architectures.
The Agentic Mesh
MCP, A2A, OAuth2, permissions, networking: these aren't separate features bolted together. They form a unified agentic mesh: a communication and security fabric that your agents operate within.
The key insight is this: extensions are infrastructure. When you write an extension for systemprompt.io, you're not writing glue code to connect disparate systems. You're extending the platform itself. Your code becomes part of the mesh, with all the security, communication, and orchestration capabilities that implies.
This is where agent development is heading. The agent is becoming the machine. Not a script running on a server, but a first-class participant in a distributed infrastructure. systemprompt.io is built for this future: a single binary that provides everything an agent needs to exist, communicate, and collaborate at production scale.
Sophisticated, Built-in Memory
An agent without memory is just a function call. systemprompt.io provides sophisticated memory management capabilities out of the box. This isn't just a key-value store. It's a system designed to manage the short-term and long-term memory of your agents, allowing them to maintain context, learn from past interactions, and provide a truly personalised experience.
A Clean, Layered Architecture
Software that lasts is software that is well-organised. systemprompt.io is built on a clean, layered architecture inspired by domain-driven design principles. This isn't just academic. It ensures the system is maintainable, scalable, and easy for new developers to understand. Each layer has a distinct responsibility.
- Entry Layer: This is the outermost layer. It handles all incoming requests, whether they are HTTP API calls, gRPC requests, or events from a message queue. Its only job is to receive requests and pass them to the layer below.
- App Layer: This layer contains the application logic. It orchestrates the business workflows, calling upon services in the domain layer to do the actual work. It knows what to do, but not how.
- Domain Layer: This is the heart of the system. It contains the core business logic, rules, and data structures (the "domain models"). This layer is completely independent of any infrastructure concerns. It doesn't know about databases or APIs. It just enforces the rules of the business.
- Infra Layer: This layer provides the concrete implementations for the interfaces defined in the domain layer. This is where the database code, API clients, and other infrastructure-specific components live. This strict separation allows us to swap out infrastructure components (like changing a database) without affecting the core business logic.
- Shared Layer: This contains common utilities, types, and modules that are used across all other layers, preventing code duplication.
This separation of concerns is critical for building a robust system. It means we can evolve and improve the infrastructure without breaking the core application logic, and vice-versa. It is the mark of professional software engineering.
Extend Everything: Code You Own
A platform is only as powerful as its ecosystem. We designed systemprompt.io to be extensible from the ground up. You can add new features, integrate with any external system, and customise the behaviour of the platform. The code you write is yours. Not callbacks registered with a framework. Not plugins constrained by someone else's API design. Your Rust code, compiled into the binary, running with full access to the infrastructure primitives.
This is achieved through a powerful extension system based on Rust's trait system. You implement well-defined traits, and systemprompt.io composes your code with its own. No runtime reflection. No dynamic dispatch where it isn't needed. Just compile-time guarantees and predictable behaviour.
Let's look at some real code. The central piece of the puzzle is the Extension trait.
use systemprompt_traits::{Extension, ExtensionContext, ExtensionMetadata, SchemaDefinition};
use std::sync::Arc;
#[derive(Debug, Default, Clone)]
pub struct MyExtension;
impl Extension for MyExtension {
fn metadata(&self) -> ExtensionMetadata {
ExtensionMetadata {
id: "my_extension",
name: "My Extension",
version: env!("CARGO_PKG_VERSION"),
priority: 100,
dependencies: vec![],
}
}
fn schemas(&self) -> Vec<SchemaDefinition> {
vec![
SchemaDefinition::inline("table", include_str!("../schema/001_table.sql")),
]
}
fn router(&self, ctx: &ExtensionContext) -> Option<Router> {
let pool = ctx.database().postgres_pool()?;
Some(api::router(pool))
}
fn jobs(&self) -> Vec<Arc<dyn Job>> {
vec![Arc::new(MyJob)]
}
fn page_prerenderers(&self) -> Vec<Arc<dyn PagePrerenderer>> {
vec![Arc::new(MyPagePrerenderer)]
}
fn page_data_providers(&self) -> Vec<Arc<dyn PageDataProvider>> {
vec![Arc::new(MyDataProvider)]
}
}
register_extension!(MyExtension);
This is the manifest for your extension. It tells systemprompt.io everything it needs to know: its name, its version, and what capabilities it provides. You can see methods for providing database schemas (schemas), adding new HTTP routes (router), registering background jobs (jobs), and even customising the user interface.
Background jobs are a common requirement for any serious application. Here’s how you define one by implementing the Job trait.
use systemprompt_traits::{Job, JobContext, JobResult};
#[derive(Debug, Clone, Copy, Default)]
pub struct MyJob;
#[async_trait::async_trait]
impl Job for MyJob {
fn name(&self) -> &'static str { "my_job" }
fn description(&self) -> &'static str { "Does something" }
fn schedule(&self) -> &'static str { "0 0 * * * *" }
async fn execute(&self, ctx: &JobContext) -> anyhow::Result<JobResult> {
let pool = ctx.db_pool::<PgPool>()
.ok_or_else(|| anyhow::anyhow!("DB not available"))?;
Ok(JobResult::success())
}
}
It’s that simple. You define the name, a schedule using a standard cron expression, and the execute method containing your logic. The systemprompt.io scheduler will automatically pick up this job and run it according to the schedule you’ve defined.
Configuration as Code
Writing code is only half the battle. You also need to configure and enable these extensions and jobs. systemprompt.io embraces the principle of Configuration as Code. All system configuration is managed through simple, human-readable YAML files. This makes your configuration versionable, auditable, and repeatable.
Want to enable an OAuth2 security scheme for your new blog agent?
# services/agents/blog.yaml
agents:
blog:
enabled: true
card:
securitySchemes:
oauth2:
type: oauth2
flows:
authorizationCode:
scopes:
admin: "Admin access"
Need to override the schedule for a background job in your production environment?
# services/scheduler/config.yaml
scheduler:
jobs:
- extension: web
job: publish_pipeline
schedule: "0 */30 * * * *"
enabled: true
This approach provides tremendous flexibility. Developers can define the extensions in code, and operators can customise the behaviour in each environment through configuration, without ever needing to touch the code itself. This separation of concerns is vital for managing complex systems in production.
Getting Started: From Clone to Run
We have designed systemprompt.io to be as simple as possible for a developer to get up and running. No complex setup scripts, no mess of dependencies.
-
Clone the Repository: Get the source code from our GitHub repository.
git clone https://github.com/system-prompt/system-prompt.git -
Build the Binary: You will need the Rust toolchain installed. Then, building is a single command.
cd system-promptcargo build --releaseThis will produce a single, optimised binary in thetarget/releasedirectory. -
Configure the System: Copy the example configuration directory.
cp -r config.example configNow, edit the YAML files in theconfigdirectory to suit your needs. This is where you will enable extensions, configure authentication, set up database connections, and define your agents. -
Run It: Execute the binary, pointing it to your configuration directory.
./target/release/system-prompt --config ./config
That's it. Your production-ready AI agent infrastructure is now running. From here, you can start building your own extensions, defining your agents, and solving real problems.
Licensing and Pricing
Powerful tools should be accessible. They should also be sustainable.
systemprompt.io is released under the Business Source License 1.1 (BSL). This is not an open-source license, and we're not pretending it is. Here's what it means in practice:
You can:
- Clone the repository and read every line of code
- Build the binary and run it on your own infrastructure
- Use it in production for your internal applications
- Modify the code to suit your needs
You cannot:
- Offer systemprompt.io as a hosted service to third parties
- Build a competing product using our code
- Use the code as training data for AI models
After four years, each version converts to Apache 2.0, fully permissive. This gives us time to build a sustainable business while ensuring the code eventually becomes part of the commons.
Why BSL? Because we've seen what happens to infrastructure projects that try to survive on donations and goodwill. They stagnate or get acquired. We want systemprompt.io to exist in ten years, actively maintained and improving. That requires a business model, not just a license.
For teams who want managed infrastructure, we offer a cloud service starting at $29 per month. This handles hosting, scaling, backups, and maintenance. You focus on your agents; we handle the operations.
The Future is Built, Not Demoed
For too long, the AI agent space has been dominated by hype and demos that don't translate to the real world. The gap between what is promised and what can actually be shipped to production is enormous.
Progress requires solid foundations. It requires infrastructure you can understand, debug, and own. Not frameworks that obscure complexity. Not Python dependency graphs that collapse under their own weight. Real infrastructure that does what it says, nothing more, nothing less.
systemprompt.io is that infrastructure. A library, not a framework. A single binary, not a container orchestration nightmare.
The agent is becoming the machine. The functionality you extend is the infrastructure itself. MCP, A2A, OAuth, permissions, and memory are unified in one binary that you control.
The future of AI will not be built in notebooks. It will not be built on opinionated frameworks. It will be built on production-grade infrastructure that developers own and extend.
Time to build.