Version Control System for AI Agent Intelligence
Promptsheon applies software engineering discipline to AI agents by providing Git-native version control primitives adapted for agent architectures. Every agent state — system prompts, tool definitions, hyperparameters, evaluation metrics — is stored as an immutable, cryptographically-addressed object in a Directed Acyclic Graph (DAG).
# Clone and build
git clone https://github.com/sachncs/promptsheon.git
cd promptsheon
go build -o promptsheond ./cmd/promptsheond
go build -o promptsheon ./cmd/promptsheon
# Start the server
./promptsheond# Create a prompt
curl -X POST http://localhost:8080/api/v1/prompts \
-H "Content-Type: application/json" \
-d '{"name":"greeting","content":"Hello {{name}}, welcome to {{product}}!"}'
# Run it
curl -X POST http://localhost:8080/api/v1/prompts/{id}/run \
-H "Content-Type: application/json" \
-d '{"variables":{"name":"World","product":"Promptsheon"}}'- Content-Addressable Storage (CAS) — immutable, SHA-256-based object storage with Merkle DAG structure
- Version control — Git-like primitives (commit, branch, diff, log) for AI agent configurations
- Prompt management — create, version, and manage prompts with variable substitution
- Evaluation engine — run prompts against test datasets with automated scoring
- LLM provider abstraction — unified interface for OpenAI, Anthropic, Azure OpenAI, Ollama, NVIDIA NIM
- Agent workflows — DAG-based workflow execution with tool integration
- Observability — distributed tracing (OpenTelemetry), metrics, and audit logging
- Guardrails — content policy enforcement and safety checks
- Webhooks — event-driven integrations with HMAC signing and SSRF protection
- Secrets management — encrypted vault for API keys and sensitive configuration
- Rate limiting — configurable per-client rate limiting with burst support
- REST API — full-featured HTTP API with auto-generated OpenAPI specification
┌──────────────────────────────────────────────────┐
│ REST API │
│ (autogenerated OpenAPI spec) │
├──────────────────────────────────────────────────┤
│ Auth │ Rate Limit │ Audit Log │ CORS │
│ Middleware │ Middleware │ Middleware │ │
├─────────────┴──────────────┴─────────────┴───────┤
│ Prompt Mgr │ Workflow Engine │ Eval Engine │
│ Capability │ Tool Registry │ Guardrails │
├──────────────────────────────────────────────────┤
│ Content-Addressable Store │ SQLite │ Vault │
│ (Merkle DAG) │ │ │
├──────────────────────────────────────────────────┤
│ LLM Providers │ Observability │ Webhooks │
│ OpenAI/Anthro │ OTel+Tracing │ Event-Driven │
└──────────────────────────────────────────────────┘
The server is composed of layered modules:
| Layer | Description |
|---|---|
| API | HTTP handlers, middleware (auth, rate-limit, audit, CORS) |
| Capabilities | Prompt, tool, knowledge, MCP, deployment, evaluation |
| Workflow | DAG-based execution engine with shell policy |
| Storage | CAS (Merkle DAG) + SQLite for relational data |
| Providers | Unified LLM provider abstraction layer |
| Observability | OpenTelemetry tracing, metrics collection, retention |
| Security | AuthN/AuthZ, vault, guardrails, SSRF protection |
Promptsheon is configured via environment variables or a config file. Key settings:
| Variable | Default | Description |
|---|---|---|
PROMPTSHEON_ADDR |
:8080 |
Listen address |
PROMPTSHEON_DB_PATH |
promptsheon.db |
SQLite database path |
PROMPTSHEON_LOG_LEVEL |
info |
Log level (debug, info, warn, error) |
PROMPTSHEON_AUTH_ENABLED |
false |
Enable authentication |
See docs/configuration.md for the full reference.
Full documentation lives in docs/:
- Getting Started
- Configuration
- API Reference — OpenAPI spec
- Architecture — Modules
- Design Decisions
- Security
- Troubleshooting — FAQ
See CONTRIBUTING.md and docs/development.md.
See SECURITY.md. Report vulnerabilities via the GitHub Security Advisories workflow — do not open a public issue.
Apache License 2.0 — see LICENSE.
- Issues: GitHub Issues
- Discussions: GitHub Discussions