ANY AI AGENT. ONE RBAC MIDDLEWARE ACROSS EVERY PROVIDER.

Swapping Claude for Gemini, fronting an internal Llama deployment, or adding OpenAI for one workflow usually breaks the governance layer first. SDKs differ. Token counters differ. Audit schemas differ. A month of security work gets discarded for what should have been a config change. systemprompt.io fixes the upstream as the variable and the governance as the constant.

Every upstream in the codebase implements the AiProvider trait. The trait defines the same methods whether it fronts your own inference cluster, a self-hosted open-weight model, Anthropic, OpenAI, or Gemini (generate text, generate with tools, stream, generate against a JSON schema, return per-model pricing, declare capabilities, plus the rest). A call that hit Anthropic yesterday and your internal Qwen today writes the same audit_events row with the same trace_id, because the binary only ever speaks to the trait.

Provider selection happens once at startup, driven by YAML. A factory reads the provider config block and hands the binary an object conforming to the trait. No vendor SDK leaks into the rest of the code, so the same RBAC middleware gates every tool call regardless of which upstream answers. JWT, scope, and audience checks apply identically. A migration between upstreams is not a compliance re-review.

A team shopping for a cheaper model, or an infra lead moving inference in-house, should not rewrite the control plane. In a typical stack a new upstream means a new SDK, a new audit adapter, a new rate limiter, a new cost model. Each is an engineering project and a compliance surface. systemprompt.io makes the upstream a compile-time module behind the shared trait.

Adding an upstream is three steps. Implement the AiProvider trait for the new target (your inference cluster, an open-weight server, a new SaaS). Add a provider block to the profile YAML with api_key, endpoint, default_model, and per-model pricing. Restart. The factory routes by name. Governance applies automatically because governance lives in the middleware in front of every request, not inside the provider.

The same config shape supports per-environment routing, so dev, staging, and production point at different upstreams without a code change. A staff engineer verifying this reads the trait definition, the factory, and the three in-tree implementations (Anthropic, OpenAI, Gemini) to model a fourth. Building this in-house means one adapter per vendor plus a governance harness. systemprompt.io ships the harness and three worked examples.

Most organisations run Claude Code alongside Cursor, a custom CLI the platform team built, and a half-finished internal agent someone is wiring up this week. Each surface either re-implements governance or inherits it. systemprompt.io is built for the second answer.

Any HTTP client that reaches the MCP endpoints passes the same middleware as Claude Desktop. Cursor, Windsurf, VS Code with Copilot, a bespoke CLI, and a custom agent process all hit the same JWT validation, scope check, and audit row. A staff engineer verifying this reads the agent registry module and the RBAC middleware that gates every handler.

Agents register through the shared registry, which holds configuration, lifecycle state, and port allocation. A custom agent added to the registry inherits RBAC, rate limits, secret scanning, and the audit pipeline without writing any of them. The evidence a CISO cares about (who called what, when, under what permission, against which upstream) lands in the same tables whether the caller is a vendor tool or internal code shipped last week.

Multi-agent workflows routinely turn governance into swiss cheese. Agent A calls Agent B, Agent B calls an MCP tool, and somewhere in the chain a scope check gets skipped because the caller is another agent on the same host. Auditors find out months later. systemprompt.io treats an agent-to-agent call as another HTTP request that passes the same middleware.

Discovery starts with the registry. The registry lists every active agent and builds a discovery payload covering capabilities, skills, security scheme, and transport. Agents register at startup and deregister on shutdown through the orchestrator. The contract is one JSON endpoint per agent. If an agent is reachable, it is on the registry and auditable.

Delegation passes the same gate as any other call. When Agent A sends a task to Agent B, the request hits the RBAC middleware at the receiving server. JWT claims, OAuth2 scopes, and audience validation run identically to a user request. The A2A request envelope wraps message parameters and task identifiers. The task state machine tracks execution across named states (submitted, working, input-required, completed, failed, canceled), so a delegated task writes the same row shape as a direct call. "Did Agent A have the scope to ask Agent B to call that tool" is one query against the audit table.

Cross-upstream spend is where finance loses the plot. An Anthropic dashboard does not talk to an OpenAI one, which does not talk to a Gemini one, which definitely does not talk to an internal inference cluster's billing. Month-end reconciliation becomes a spreadsheet someone rebuilds by hand. systemprompt.io writes every request into one PostgreSQL table with the same shape whatever the upstream.

One row per request. The record carries provider, model, cost_microdollars as a 64-bit integer so rounding cannot accumulate, input and output token counts, latency, user_id, session_id, task_id, and trace_id. Cost comes from the per-model pricing the provider trait returns, applied against token counts the upstream itself reported. Finance reads real numbers rather than estimates rounded to the nearest cent.

Three breakdowns over one query surface. The analytics repository exposes cost by model, by provider, and by agent, plus a time-series view, a summary endpoint, and a period-over-period comparison. Finance sees spend by upstream, by model, and by agent from one table. A CTO answers "what does this team's AI budget look like across every upstream" with one query instead of three exports and a reconciliation step.