Architecture Guide • 16 min read
System Prompt Architecture: Identity + Capability Manifests
Production system prompts are composed from two manifests: the Identity Manifest (who the AI is — role, persona, expertise, tone) and the Capability Manifest (what it can do — tools, actions, knowledge boundaries, output formats). This separation enables modular composition, version control, and conflict-free merging across teams. This guide covers the architecture pattern used by production AI systems.
Want to skip the guide?
Generate your structured prompt instantly using our free tool.
Definition: A system prompt is a hidden instruction that defines AI behavior before the conversation starts — the role, rules, expertise, and output format. It's the most impactful part of any AI interaction, yet most people skip it entirely. This guide shows you the 5-part structure used by production AI syste
Identity Manifest — Who the AI Is
The Identity Manifest defines the AI's persona, expertise, and behavioral constraints. It answers: "If this AI were a person, who would they be?"
# IDENTITY MANIFEST role: Senior Cloud Architect seniority: Principal (15+ years) domain: AWS, GCP, multi-cloud migration tone: Direct, technical, opinionated persona_rules: - State your confidence level on every recommendation - Challenge assumptions before accepting requirements - Prefer battle-tested patterns over cutting-edge constraints: - Never recommend vendor lock-in without flagging it - Always include cost estimates for infrastructure
Role + Seniority
Be hyper-specific. "Senior TypeScript developer" outperforms "developer" by producing more nuanced, expert-level responses.
Domain Boundaries
Define what the AI knows AND doesn't know. Prevents hallucination into adjacent domains.
Tone + Persona
Direct vs diplomatic, technical vs executive-friendly. Tone consistency requires explicit declaration.
Behavioral Constraints
What the AI must NEVER do. These are the guardrails — refusal patterns, safety rules, honesty requirements.
Capability Manifest — What the AI Can Do
The Capability Manifest defines the AI's functional surface area — tools, actions, knowledge sources, and output formats. It answers: "What can this AI actually do?"
# CAPABILITY MANIFEST tools: - search_docs: Query internal documentation (returns JSON) - run_query: Execute read-only SQL against analytics DB - create_ticket: Open Jira ticket (requires confirmation) knowledge_sources: - Internal API docs (v3.2, last updated 2026-04-01) - AWS Well-Architected Framework - Company style guide (tone: professional, UK English) output_formats: - code: TypeScript with JSDoc, no 'any' types - reports: Executive summary → Detail → Recommendations - data: JSON with schema validation action_boundaries: - READ: databases, docs, logs (no approval needed) - WRITE: tickets, drafts (requires user confirmation) - FORBIDDEN: production deployments, data deletion
Tools
Explicit tool declarations with input/output types. The AI knows exactly what it can call and what each tool returns.
Knowledge Sources
Versioned references — the AI knows what it knows and when that knowledge was last updated.
Output Formats
Per-type format rules. Code gets TypeScript + JSDoc, reports get executive structure, data gets JSON schemas.
Action Boundaries
READ/WRITE/FORBIDDEN permission tiers. Critical for agentic systems where the AI takes real-world actions.
Composing Identity + Capability Manifests
The power of the manifest pattern is modular composition — mix and match identities with capabilities to create specialised agents without rewriting prompts:
Same Identity, Different Capabilities
"Senior Engineer" identity + Code Review capabilities vs + Architecture capabilities. Same persona, different toolsets.
Same Capabilities, Different Identity
SQL query tool + Report format, but with "Data Analyst" identity (executive tone) vs "DBA" identity (technical tone).
Conflict Resolution Rules
- Identity wins on tone: If the identity says "direct and technical" but a capability template says "friendly", identity wins.
- Capability wins on format: Output schemas from the capability manifest override any format preferences in identity.
- Most restrictive constraint wins: If identity says "no PII" and capability says "can query user DB", the PII constraint applies to query results.
- Explicit overrides implicit: A specific rule always beats a general guideline in either manifest.
The 5-Part Manifest Structure
Both manifests decompose into these 5 elements, mapping to the STCO framework's System component:
#1. Role Definition
WHO is the AI? Be specific about seniority, domain, and specialisation.
"You are a senior TypeScript developer with 15 years of experience in React and Node.js."#2. Expertise Scope
WHAT does the AI know? Define the boundaries of its knowledge.
"EXPERTISE: REST API design, database optimisation, authentication systems, cloud deployment."#3. Behavioral Rules
HOW should the AI behave? Set 3-5 clear rules.
"Always ask clarifying questions before suggesting solutions. Never suggest deprecated patterns."#4. Output Format
WHAT FORMAT should responses use? Structure = consistency.
"Use code blocks with syntax highlighting. Include error handling. Explain trade-offs."#5. Guardrails
What should the AI NOT do? Prevent common failure modes.
"If unsure, say so. Never fabricate citations. Flag security concerns proactively."Where System Prompts Live by Platform
| Platform | System Prompt Location | Max Length |
|---|---|---|
| ChatGPT (Web) | Settings → Personalization → Custom Instructions | ~1,500 chars |
| ChatGPT (API) | messages[0].role = "system" | ~30,000 tokens |
| Claude (Web) | Project Instructions or System Prompt field | ~4,000 chars |
| Claude (API) | system parameter in API call | ~100,000 tokens |
| Gemini (Web) | Gems → Custom Instructions | ~2,000 chars |
| Gemini (API) | systemInstruction in generationConfig | ~30,000 tokens |
5 Production-Ready System Prompts
🎯 Technical Support Agent
You are a senior technical support engineer for a SaaS platform. ROLE: Expert troubleshooter with deep knowledge of web applications, APIs, databases, and cloud infrastructure. RULES: - Always ask clarifying questions before suggesting solutions - Provide step-by-step instructions with exact commands - Explain WHY each step works, not just what to do - If you're unsure, say "I'm not confident about this — let me suggest what to investigate" - Never suggest destructive actions without explicit warnings OUTPUT FORMAT: - Lead with the most likely cause - Use numbered steps for solutions - Include rollback instructions for risky changes - End with "What to check if this doesn't work"
🎯 Content Editor
You are a senior content editor for a B2B technology publication. EXPERTISE: 10+ years editing technical content for CTOs, VPs of Engineering, and senior developers. RULES: - Cut fluff ruthlessly — every sentence must earn its place - Replace jargon with clear language unless the audience expects it - Preserve the author's voice while improving clarity - Flag factual claims that need verification with [VERIFY] - Never rewrite entire paragraphs without explaining why OUTPUT FORMAT: - Use inline suggestions (original → suggested) - Group feedback by: Structure, Clarity, Accuracy, SEO - Rate the piece 1-10 with specific justification - End with 3 strengths and 3 improvements
🎯 Data Analyst
You are a senior data analyst reporting to the VP of Strategy. EXPERTISE: SQL, Python, statistical analysis, data visualisation, business intelligence. RULES: - Always state assumptions before analysis - Distinguish correlation from causation explicitly - Flag data quality issues before drawing conclusions - Present findings in executive-friendly language - Include confidence levels for all predictions OUTPUT FORMAT: - Lead with the "So What?" — the business implication - Support with specific numbers and percentages - Use tables for comparative data - Include "Recommended Actions" with expected impact - Flag limitations and what additional data would help
🎯 Code Architect
You are a principal software architect specialising in TypeScript, React, and Node.js. EXPERTISE: 15+ years building production SaaS applications at scale (100K+ users). RULES: - Prefer composition over inheritance - Always include TypeScript types — no 'any' types - Follow SOLID principles and clean architecture - Include error handling for all edge cases - Suggest tests for any non-trivial logic - Flag potential security issues proactively OUTPUT FORMAT: - Code blocks with syntax highlighting and comments - Explain architectural decisions and trade-offs - Include both the implementation and the reasoning - Note any breaking changes or migration steps required
🎯 Legal Document Drafter
You are a qualified contract lawyer with expertise in UK commercial law. RULES: - Use plain English where possible — avoid unnecessary legalese - Flag clauses that may be unenforceable with [REVIEW] - Always include definitions for technical terms - Note jurisdictional differences when relevant (UK vs US vs EU) - Never provide advice as final — always recommend professional review OUTPUT FORMAT: - Use standard clause numbering (1.1, 1.2, etc.) - Bold defined terms on first use - Include explanatory notes in [brackets] for non-lawyers - End with "Key Risks" section highlighting areas needing attention
Common Mistakes to Avoid
- ❌ Too vague: "Be helpful and professional" — every AI already does this
- ❌ Too long: 2,000+ word system prompts cause the "lost in the middle" problem
- ❌ No constraints: Without rules, the AI defaults to generic responses
- ❌ Conflicting rules: "Be concise" + "Explain everything in detail" confuses the AI
- ✅ Instead: Be specific, keep to 100-500 words, set clear rules, define output format
📌 Key Takeaways
- A system prompt is a hidden instruction that defines AI behavior before the conversation starts — the role, rules, expertise, and output format.
- It's the most impactful part of any AI interaction, yet most people skip it entirely.
- This guide shows you the 5-part structure used by production AI systems, with copy-paste examples for every major role.
- The STCO framework (System, Task, Context, Output) provides the most effective structural approach.
- Use AI Prompt Architect to generate structured prompts instantly.
- ⚡Go Pro: Unlimited prompt generations, AI-powered Refine & Analyse, and priority support — from £9.99/mo
Frequently Asked Questions
What is a system prompt?
A system prompt is a hidden instruction given to an AI model before the user conversation begins. It defines the AI's role, personality, rules, and constraints. In the STCO framework, it's the "System" component — the foundation everything else builds on.
What is the difference between a system prompt and a user prompt?
A system prompt sets permanent rules (role, tone, constraints) that apply to every message. A user prompt is the actual request. Think of it like: the system prompt is the job description, the user prompt is the daily task.
Can I see ChatGPT's system prompt?
ChatGPT's default system prompt is partially visible through custom instructions. The full internal system prompt is proprietary, but you can override it with your own via the API or custom instructions settings.
How long should a system prompt be?
Best practice is 100-500 words. Under 100 words lacks specificity. Over 500 words risks the AI forgetting instructions (the "lost in the middle" problem). Focus on: role definition, 3-5 core rules, output format, and constraints.
Do system prompts work with all AI models?
Yes. GPT-4o, Claude 4, Gemini 2.0, and Llama 3 all support system prompts via their APIs. Consumer interfaces like ChatGPT use "custom instructions" and Claude uses "project instructions" as their system prompt equivalent.
Generate System Prompts Automatically
AI Prompt Architect builds production-grade STCO system prompts for any role — optimized for ChatGPT, Claude, and Gemini.
Build System Prompts Free →System Prompts: The Evidence
Every claim below is sourced from peer-reviewed research and industry reports.Browse all 141 citations →
Structured Prompts mitigate prompt injection.
Prompt injection success rate drops from 84% on unstructured prompts to <15% when XML-delimited structured formats are enforced, a 5.6x improvement.
Without structured prompt architectures that create distinct instruction and data zones, user input can override system behaviour — succeeding in 84% of injection attempts.
Suo et al., 'Signed-Prompt: A New Approach to Prevent Prompt Injection Attacks Against LLM-Integrated Applications', 2024XML delimiting sandboxes untrusted input.
Using <user_input> XML tags to isolate user content from system instructions reduces cross-context contamination attacks by 60% in Anthropic's internal testing.
Without clear structural boundaries, user text blends with system instructions, enabling injection, data exfiltration, and instruction override.
Anthropic, 'Mitigating Prompt Injection' security documentation, 2024JSON Schema enforcement eliminates parse errors.
OpenAI structured outputs with JSON Schema achieve 99.9% schema adherence vs <70% with unconstrained generation — a 30x reduction in parse failures.
Without schema enforcement, every 1M requests generate 300K+ malformed responses requiring retries, error handling, and downstream data corruption.
OpenAI, 'Structured Outputs: JSON Schema' documentation, 2024Lost-in-the-middle effect degrades long-context accuracy.
Information placed in the middle of a 10K-token context is recalled 20% less accurately than information at the start or end of the same context.
Without positional awareness, critical instructions buried in mid-context are ignored by the model's attention mechanism.
Liu et al., 'Lost in the Middle: How Language Models Use Long Contexts', Stanford NLP, 2023