@synapsor/runner 0.1.0-alpha.0 → 0.1.0-alpha.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +389 -21
- package/TRADEMARKS.md +23 -0
- package/dist/cli.d.ts +4 -0
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +20 -8723
- package/dist/runner.mjs +12759 -0
- package/docs/README.md +36 -0
- package/docs/getting-started-own-database.md +460 -0
- package/docs/http-mcp.md +242 -0
- package/docs/limitations.md +95 -0
- package/docs/local-mode.md +351 -0
- package/docs/mcp-audit.md +152 -0
- package/docs/mcp-client-setup.md +231 -0
- package/docs/recipes.md +61 -0
- package/docs/release-notes.md +129 -0
- package/docs/security-boundary.md +94 -0
- package/docs/troubleshooting-first-run.md +248 -0
- package/docs/writeback-executors.md +209 -0
- package/examples/app-owned-writeback/README.md +120 -0
- package/examples/app-owned-writeback/business-actions.md +221 -0
- package/examples/app-owned-writeback/command-handler.mjs +46 -0
- package/examples/app-owned-writeback/node-fastify-handler.mjs +55 -0
- package/examples/app-owned-writeback/python-fastapi-handler.py +57 -0
- package/examples/dangerous-mcp-tools.json +88 -0
- package/examples/openai-agents-http/README.md +56 -0
- package/examples/openai-agents-http/agent.py +54 -0
- package/examples/openai-agents-http/requirements.txt +1 -0
- package/examples/openai-agents-stdio/README.md +62 -0
- package/examples/openai-agents-stdio/agent.py +70 -0
- package/examples/openai-agents-stdio/requirements.txt +1 -0
- package/examples/reference-support-billing-app/README.md +137 -0
- package/examples/reference-support-billing-app/docker-compose.yml +13 -0
- package/examples/reference-support-billing-app/mcp-client.generic.json +11 -0
- package/examples/reference-support-billing-app/schema.sql +68 -0
- package/examples/reference-support-billing-app/scripts/run-demo.sh +7 -0
- package/examples/reference-support-billing-app/seed.sql +33 -0
- package/examples/reference-support-billing-app/synapsor.runner.json +241 -0
- package/package.json +12 -4
- package/recipes/accounts.trial_extension.json +42 -0
- package/recipes/billing.late_fee_waiver.json +46 -0
- package/recipes/credits.account_credit.json +45 -0
- package/recipes/orders.refund_review.json +57 -0
- package/recipes/support.ticket_resolution.json +51 -0
- package/dist/bin.cjs +0 -13
package/README.md
CHANGED
|
@@ -1,38 +1,282 @@
|
|
|
1
1
|
# Synapsor Runner
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
Safe database tools for AI agents.
|
|
4
4
|
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
through guarded execution.
|
|
5
|
+
Turn Postgres/MySQL into reviewed MCP capabilities, not raw SQL. Synapsor
|
|
6
|
+
Runner lets an MCP agent inspect scoped data and request database-backed
|
|
7
|
+
business actions without receiving raw SQL, write credentials, approval tools,
|
|
8
|
+
or commit tools.
|
|
10
9
|
|
|
11
|
-
##
|
|
10
|
+
## Alpha Operational Notes
|
|
11
|
+
|
|
12
|
+
These are current alpha requirements, not hidden behavior:
|
|
13
|
+
|
|
14
|
+
- Writeback with `--config ./synapsor.runner.json` reads the trusted writer
|
|
15
|
+
connection from the source `write_url_env`, for example
|
|
16
|
+
`SYNAPSOR_DATABASE_WRITE_URL`. `SYNAPSOR_DATABASE_URL` is only the legacy
|
|
17
|
+
fallback when you run direct worker/apply flows without a local config.
|
|
18
|
+
- `synapsor-runner mcp serve` is standard stdio MCP for local clients that can
|
|
19
|
+
launch Runner.
|
|
20
|
+
- `synapsor-runner mcp serve-streamable-http` is standard MCP Streamable HTTP
|
|
21
|
+
with `initialize` and in-memory session behavior for SDK/client HTTP MCP
|
|
22
|
+
integrations.
|
|
23
|
+
- `synapsor-runner mcp serve-http` is a small authenticated JSON-RPC bridge for
|
|
24
|
+
`tools/list`, `tools/call`, and `resources/read`. Use it only when you want a
|
|
25
|
+
simple app/server wrapper instead of full HTTP MCP.
|
|
26
|
+
- Direct SQL writeback creates or writes `synapsor_writeback_receipts` for
|
|
27
|
+
idempotency and replay. The trusted writer needs permission for that table,
|
|
28
|
+
or an administrator must pre-create it and grant access. Use an app-owned
|
|
29
|
+
`http_handler` or `command_handler` if Runner should not create receipt
|
|
30
|
+
tables in your application schema.
|
|
31
|
+
|
|
32
|
+
```text
|
|
33
|
+
AI agent or MCP client
|
|
34
|
+
(Claude, Cursor, OpenAI Agents SDK, LangGraph)
|
|
35
|
+
|
|
|
36
|
+
| calls reviewed MCP tool
|
|
37
|
+
v
|
|
38
|
+
+--------------------------------+
|
|
39
|
+
| Synapsor Runner MCP |
|
|
40
|
+
| semantic capabilities only |
|
|
41
|
+
| trusted tenant/principal ctx |
|
|
42
|
+
| evidence + query audit |
|
|
43
|
+
+--------------------------------+
|
|
44
|
+
|
|
|
45
|
+
| scoped read / guarded proposal
|
|
46
|
+
v
|
|
47
|
+
+--------------------------------+
|
|
48
|
+
| Your Postgres or MySQL |
|
|
49
|
+
| source of truth |
|
|
50
|
+
+--------------------------------+
|
|
51
|
+
|
|
52
|
+
Local Runner store:
|
|
53
|
+
evidence · query audit · proposals · receipts · replay
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
Your database stays the source of truth. Synapsor Runner owns the
|
|
57
|
+
model-facing boundary: what the agent can read, what it can propose, what
|
|
58
|
+
evidence is saved, and what can later be reviewed or replayed.
|
|
59
|
+
|
|
60
|
+
## What Runner Does
|
|
61
|
+
|
|
62
|
+
When an agent uses Runner:
|
|
63
|
+
|
|
64
|
+
- the model gets reviewed capabilities, not raw database authority;
|
|
65
|
+
- reads produce evidence handles and query audit;
|
|
66
|
+
- writes become proposals, not direct mutations;
|
|
67
|
+
- approval and writeback happen outside the model-facing MCP surface;
|
|
68
|
+
- replay shows what the agent saw, proposed, and what was applied or blocked.
|
|
69
|
+
|
|
70
|
+
## Start Here
|
|
71
|
+
|
|
72
|
+
Run the guided quick demo first. It does not require Docker, a database, a
|
|
73
|
+
config file, an MCP client, or a Synapsor Cloud account.
|
|
12
74
|
|
|
13
75
|
```bash
|
|
14
|
-
|
|
76
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner demo --quick
|
|
15
77
|
```
|
|
16
78
|
|
|
17
|
-
|
|
79
|
+
In a terminal, it walks through the safety model step by step. In CI, piped
|
|
80
|
+
output, or other non-interactive mode, it prints a short summary and exits
|
|
81
|
+
without waiting for Enter.
|
|
82
|
+
|
|
83
|
+
That command creates a local ledger fixture at `./.synapsor/quick-demo.db`.
|
|
84
|
+
It does not prove database connectivity. It shows the proposal, evidence, and
|
|
85
|
+
replay flow without giving the runner a database URL.
|
|
18
86
|
|
|
19
87
|
```bash
|
|
20
|
-
synapsor-runner
|
|
88
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner demo inspect
|
|
21
89
|
```
|
|
22
90
|
|
|
23
|
-
Use
|
|
91
|
+
Human output is concise by default. Use `--details` for reviewer metadata or
|
|
92
|
+
`--json` for complete machine-readable records.
|
|
93
|
+
|
|
94
|
+
Useful quick-demo modes:
|
|
95
|
+
|
|
96
|
+
```bash
|
|
97
|
+
synapsor-runner demo --quick --guided
|
|
98
|
+
synapsor-runner demo --quick --no-interactive
|
|
99
|
+
synapsor-runner demo --quick --details
|
|
100
|
+
synapsor-runner demo inspect --npx
|
|
101
|
+
```
|
|
102
|
+
|
|
103
|
+
Then choose one path:
|
|
104
|
+
|
|
105
|
+
```text
|
|
106
|
+
Full disposable proof -> npx -y -p @synapsor/runner@alpha synapsor-runner demo
|
|
107
|
+
Your own staging DB -> export DATABASE_URL=... then run the inspect command below
|
|
108
|
+
MCP risk review -> npx -y -p @synapsor/runner@alpha synapsor-runner audit --example dangerous-db-mcp
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
`synapsor-runner` is the public command for this OSS runner. `synapsor` is
|
|
112
|
+
reserved for the Synapsor Cloud CLI.
|
|
113
|
+
|
|
114
|
+
## Connect Your Own Staging Database
|
|
115
|
+
|
|
116
|
+
Put a read-only connection string in the environment:
|
|
24
117
|
|
|
25
118
|
```bash
|
|
26
119
|
export DATABASE_URL="postgresql://readonly_user:password@localhost:5432/app"
|
|
27
|
-
synapsor-runner inspect --engine auto --from-env DATABASE_URL --schema public
|
|
28
|
-
synapsor-runner init --wizard --engine auto --from-env DATABASE_URL --schema public
|
|
29
|
-
synapsor-runner tools preview
|
|
30
|
-
synapsor-runner mcp serve
|
|
31
120
|
```
|
|
32
121
|
|
|
33
|
-
|
|
122
|
+
For disposable dev RDS fixtures only, use `sslmode=no-verify` if your local
|
|
123
|
+
Node/Postgres TLS stack cannot verify the test certificate chain. For real
|
|
124
|
+
staging or production-like databases, keep certificate verification enabled.
|
|
125
|
+
|
|
126
|
+
Run the guided own-database path:
|
|
127
|
+
|
|
128
|
+
```bash
|
|
129
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner start \
|
|
130
|
+
--from-env DATABASE_URL \
|
|
131
|
+
--schema public
|
|
132
|
+
```
|
|
133
|
+
|
|
134
|
+
`start --from-env` is the low-friction alias for `onboard db --from-env`. That
|
|
135
|
+
path inspects metadata, helps you choose one table/view, creates trusted
|
|
136
|
+
context bindings, generates semantic MCP tools, validates the tool boundary,
|
|
137
|
+
and prints the exact MCP/UI next commands. It does not require hand-authored
|
|
138
|
+
JSON. If you provide an optional real object id during the wizard, it also
|
|
139
|
+
writes `./.synapsor/smoke-input.json` so the first tool call can use an actual
|
|
140
|
+
row instead of guessed sample data. When the read URL env var and trusted
|
|
141
|
+
tenant/principal env vars are already set, onboarding also attempts that smoke
|
|
142
|
+
call immediately and stores the evidence/query audit in the local ledger. If
|
|
143
|
+
those env vars are missing, it prints the exact command to run after you set
|
|
144
|
+
them from `.env.example`.
|
|
145
|
+
|
|
146
|
+
The wizard creates this local flow:
|
|
147
|
+
|
|
148
|
+
```text
|
|
149
|
+
trusted context -> capability -> MCP tool
|
|
150
|
+
```
|
|
151
|
+
|
|
152
|
+
It asks which table/view backs the context, which tenant/scope column and
|
|
153
|
+
backend session env vars are trusted, which fields are visible, and what
|
|
154
|
+
semantic capability name to expose.
|
|
155
|
+
|
|
156
|
+
```bash
|
|
157
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner init \
|
|
158
|
+
--wizard \
|
|
159
|
+
--engine auto \
|
|
160
|
+
--from-env DATABASE_URL \
|
|
161
|
+
--schema public \
|
|
162
|
+
--mode read_only
|
|
163
|
+
```
|
|
164
|
+
|
|
165
|
+
Preview and serve the semantic tools:
|
|
166
|
+
|
|
167
|
+
```bash
|
|
168
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner tools preview \
|
|
169
|
+
--config ./synapsor.runner.json \
|
|
170
|
+
--store ./.synapsor/local.db
|
|
171
|
+
|
|
172
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner smoke call \
|
|
173
|
+
<generated.inspect_tool_name> \
|
|
174
|
+
--input ./.synapsor/smoke-input.json \
|
|
175
|
+
--config ./synapsor.runner.json \
|
|
176
|
+
--store ./.synapsor/local.db
|
|
177
|
+
|
|
178
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner mcp serve \
|
|
179
|
+
--config ./synapsor.runner.json \
|
|
180
|
+
--store ./.synapsor/local.db
|
|
181
|
+
```
|
|
182
|
+
|
|
183
|
+
`smoke call` uses the same runtime as MCP, records evidence/query audit or a
|
|
184
|
+
proposal in the local store, and prints the evidence/proposal/replay commands
|
|
185
|
+
to inspect what happened. If you skipped the optional smoke input in the
|
|
186
|
+
wizard, pass `--json '{"<lookup_arg>":"<real_id>"}'` instead.
|
|
187
|
+
|
|
188
|
+
## Two Ways To Run MCP
|
|
189
|
+
|
|
190
|
+
Use stdio when the MCP client runs locally and can launch Synapsor Runner. Use
|
|
191
|
+
HTTP when your agent service runs as an app/server and connects to a
|
|
192
|
+
long-running Runner process.
|
|
193
|
+
|
|
194
|
+
Local MCP clients:
|
|
195
|
+
|
|
196
|
+
```bash
|
|
197
|
+
synapsor-runner mcp serve \
|
|
198
|
+
--config ./synapsor.runner.json \
|
|
199
|
+
--store ./.synapsor/local.db
|
|
200
|
+
```
|
|
201
|
+
|
|
202
|
+
App/server deployments:
|
|
203
|
+
|
|
204
|
+
```bash
|
|
205
|
+
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
206
|
+
|
|
207
|
+
synapsor-runner mcp serve-streamable-http \
|
|
208
|
+
--config ./synapsor.runner.json \
|
|
209
|
+
--store ./.synapsor/local.db \
|
|
210
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
211
|
+
```
|
|
212
|
+
|
|
213
|
+
Streamable HTTP defaults to `127.0.0.1:8766`, requires bearer auth by default,
|
|
214
|
+
and should use private networking, TLS, and rate limits before being exposed
|
|
215
|
+
beyond a local machine.
|
|
216
|
+
|
|
217
|
+
Bridge mode:
|
|
218
|
+
|
|
219
|
+
```bash
|
|
220
|
+
synapsor-runner mcp serve-http \
|
|
221
|
+
--config ./synapsor.runner.json \
|
|
222
|
+
--store ./.synapsor/local.db \
|
|
223
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
224
|
+
```
|
|
225
|
+
|
|
226
|
+
Bridge HTTP defaults to `127.0.0.1:8765` and supports only JSON-RPC
|
|
227
|
+
`tools/list`, `tools/call`, and `resources/read`. It does not implement MCP
|
|
228
|
+
Streamable HTTP `initialize`/session behavior.
|
|
229
|
+
|
|
230
|
+
OpenAI Agents SDK examples:
|
|
231
|
+
|
|
232
|
+
```text
|
|
233
|
+
examples/openai-agents-stdio/
|
|
234
|
+
examples/openai-agents-http/
|
|
235
|
+
```
|
|
236
|
+
|
|
237
|
+
Use `--mode review` only when you are ready to create proposal tools and test
|
|
238
|
+
guarded writeback with a separate trusted write credential.
|
|
239
|
+
|
|
240
|
+
## Sanity Check The Agent Connection
|
|
34
241
|
|
|
35
|
-
|
|
242
|
+
Before asking an agent to solve a real task, confirm it can call a Runner tool:
|
|
243
|
+
|
|
244
|
+
```bash
|
|
245
|
+
synapsor-runner tools preview --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
246
|
+
```
|
|
247
|
+
|
|
248
|
+
Then ask the agent:
|
|
249
|
+
|
|
250
|
+
```text
|
|
251
|
+
Use the Synapsor Runner MCP tool to inspect invoice INV-3001.
|
|
252
|
+
Do not answer from memory.
|
|
253
|
+
Return the tool name called, the evidence handle, and whether raw SQL was available.
|
|
254
|
+
```
|
|
255
|
+
|
|
256
|
+
Expected result: the agent calls a semantic tool, returns an evidence handle or
|
|
257
|
+
local ledger reference, and says raw SQL/write/approval tools were not
|
|
258
|
+
available. If it gives generic advice or unrelated prose without a tool call,
|
|
259
|
+
Runner is not connected yet.
|
|
260
|
+
|
|
261
|
+
The disposable reference app includes proposal-first write examples for:
|
|
262
|
+
|
|
263
|
+
- `billing.propose_late_fee_waiver`
|
|
264
|
+
- `support.propose_plan_credit`
|
|
265
|
+
- `orders.propose_status_change`
|
|
266
|
+
|
|
267
|
+
Each tool creates evidence, a before/after diff, and a proposal. The source
|
|
268
|
+
database remains unchanged until approval outside MCP and guarded writeback.
|
|
269
|
+
|
|
270
|
+
For a longer local session, you can install the alpha package explicitly:
|
|
271
|
+
|
|
272
|
+
```bash
|
|
273
|
+
npm install -g @synapsor/runner@alpha
|
|
274
|
+
```
|
|
275
|
+
|
|
276
|
+
## Runtime Flow
|
|
277
|
+
|
|
278
|
+
The local runner keeps the model-facing tool call separate from approval and
|
|
279
|
+
writeback:
|
|
36
280
|
|
|
37
281
|
```text
|
|
38
282
|
MCP tool call
|
|
@@ -48,11 +292,135 @@ MCP tool call
|
|
|
48
292
|
Your Postgres/MySQL database remains the source of truth. The runner stores
|
|
49
293
|
local proposals, evidence, receipts, and replay data in a local SQLite store.
|
|
50
294
|
|
|
295
|
+
## Why Not Just Use A Read-Only Database User?
|
|
296
|
+
|
|
297
|
+
You should use one.
|
|
298
|
+
|
|
299
|
+
Synapsor Runner is not a replacement for least-privilege database permissions.
|
|
300
|
+
Start with a read-only user, restricted views, row-level security, and staging
|
|
301
|
+
data where appropriate.
|
|
302
|
+
|
|
303
|
+
The difference is that database permissions protect the connection. Synapsor
|
|
304
|
+
Runner shapes the model-facing interface.
|
|
305
|
+
|
|
306
|
+
Instead of exposing `execute_sql`, `query_database`, table names, or
|
|
307
|
+
model-controlled tenant filters, Synapsor exposes reviewed business
|
|
308
|
+
capabilities such as `billing.inspect_invoice` and
|
|
309
|
+
`billing.propose_late_fee_waiver`.
|
|
310
|
+
|
|
311
|
+
For read-only use cases, Runner provides scoped semantic tools, trusted context
|
|
312
|
+
binding, evidence handles, query audit, and local inspection. Proposal
|
|
313
|
+
workflows add full replay across evidence, approval, writeback receipts, and
|
|
314
|
+
events.
|
|
315
|
+
|
|
316
|
+
If all you need is restricted reads, database permissions are a good start.
|
|
317
|
+
Use Synapsor Runner when you also want the agent-facing layer: semantic tools,
|
|
318
|
+
trusted context, evidence handles, query audit, local inspection, and
|
|
319
|
+
proposal-first writes.
|
|
320
|
+
|
|
321
|
+
## Fixture Benchmark
|
|
322
|
+
|
|
323
|
+
Run the included MCP efficiency fixture:
|
|
324
|
+
|
|
325
|
+
```bash
|
|
326
|
+
synapsor-runner benchmark mcp-efficiency
|
|
327
|
+
```
|
|
328
|
+
|
|
329
|
+
Current fixture result for the late-fee-waiver workflow:
|
|
330
|
+
|
|
331
|
+
```text
|
|
332
|
+
Generic database MCP reference:
|
|
333
|
+
exposed tools: 4
|
|
334
|
+
scripted tool calls: 5
|
|
335
|
+
raw SQL exposed: yes
|
|
336
|
+
approval separated: no
|
|
337
|
+
stale-row conflict checked: no
|
|
338
|
+
|
|
339
|
+
Synapsor Runner semantic path:
|
|
340
|
+
exposed tools: 2
|
|
341
|
+
scripted tool calls: 2
|
|
342
|
+
raw SQL exposed: no
|
|
343
|
+
approval separated: yes
|
|
344
|
+
stale-row conflict checked: yes
|
|
345
|
+
```
|
|
346
|
+
|
|
347
|
+
The fixture tokenizer is deterministic and repeatable for this package. It is
|
|
348
|
+
not a model billing tokenizer and not a universal token-savings claim.
|
|
349
|
+
|
|
350
|
+
## Find Evidence And Replay
|
|
351
|
+
|
|
352
|
+
The commands in this section require this checkout or an alpha package that
|
|
353
|
+
includes the local-ledger CLI surface.
|
|
354
|
+
|
|
355
|
+
The runner stores a local SQLite evidence/replay ledger. Search it without
|
|
356
|
+
relying on `latest`:
|
|
357
|
+
|
|
358
|
+
```bash
|
|
359
|
+
synapsor-runner activity search --tenant acme --object invoice:INV-3001
|
|
360
|
+
synapsor-runner proposals list --tenant acme --object invoice:INV-3001 --status approved
|
|
361
|
+
synapsor-runner evidence show ev_...
|
|
362
|
+
synapsor-runner query-audit list --evidence ev_...
|
|
363
|
+
synapsor-runner receipts list --proposal wrp_...
|
|
364
|
+
synapsor-runner receipts show <receipt_id>
|
|
365
|
+
synapsor-runner replay show --proposal wrp_...
|
|
366
|
+
synapsor-runner replay show --replay replay_wrp_...
|
|
367
|
+
```
|
|
368
|
+
|
|
369
|
+
Default inspection output is meant for first-run clarity. Add `--details` for
|
|
370
|
+
target URIs, primary keys, proposal hash/version, conflict guards, query
|
|
371
|
+
fingerprints, event timestamps, and receipt internals.
|
|
372
|
+
|
|
373
|
+
Export captured evidence or proposal replay:
|
|
374
|
+
|
|
375
|
+
```bash
|
|
376
|
+
synapsor-runner evidence export ev_... --format markdown --output evidence.md
|
|
377
|
+
synapsor-runner replay export --proposal wrp_... --format json --output replay.json
|
|
378
|
+
synapsor-runner replay export --proposal wrp_... --format markdown --output replay.md
|
|
379
|
+
```
|
|
380
|
+
|
|
381
|
+
Create a redacted local diagnostic report:
|
|
382
|
+
|
|
383
|
+
```bash
|
|
384
|
+
synapsor-runner doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
|
|
385
|
+
```
|
|
386
|
+
|
|
387
|
+
Inspect or compact the local ledger:
|
|
388
|
+
|
|
389
|
+
```bash
|
|
390
|
+
synapsor-runner store stats --store ./.synapsor/local.db
|
|
391
|
+
synapsor-runner store vacuum --store ./.synapsor/local.db
|
|
392
|
+
synapsor-runner store prune --store ./.synapsor/local.db --older-than 30d --dry-run
|
|
393
|
+
```
|
|
394
|
+
|
|
395
|
+
This is local indexed search for local/dev/staging usage. It is not external
|
|
396
|
+
database time travel, not cross-runner search, and not hosted compliance
|
|
397
|
+
retention.
|
|
398
|
+
|
|
399
|
+
## App-Owned Writeback
|
|
400
|
+
|
|
401
|
+
Use direct guarded DB writeback for simple local/staging single-row updates. If
|
|
402
|
+
your application service already owns business writes, configure an
|
|
403
|
+
`http_handler` or `command_handler` executor. Approval still happens outside
|
|
404
|
+
MCP, and the handler returns an applied/conflict/failed receipt for replay.
|
|
405
|
+
Starter handlers are included under `examples/app-owned-writeback`.
|
|
406
|
+
You can also generate a starter handler directly:
|
|
407
|
+
|
|
408
|
+
```bash
|
|
409
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner handler template node-fastify \
|
|
410
|
+
--output ./synapsor-writeback-handler.mjs
|
|
411
|
+
```
|
|
412
|
+
|
|
413
|
+
For direct SQL writeback, set the writer env var named by the source
|
|
414
|
+
`write_url_env`, for example `SYNAPSOR_DATABASE_WRITE_URL`. Runner also creates
|
|
415
|
+
or writes `synapsor_writeback_receipts` for idempotency/replay, so the writer
|
|
416
|
+
needs permission for that receipt table or an administrator must pre-create and
|
|
417
|
+
grant it. Use app-owned handlers when you do not want Runner creating receipt
|
|
418
|
+
tables in your application schema.
|
|
419
|
+
|
|
51
420
|
## Command Name
|
|
52
421
|
|
|
53
|
-
This package installs
|
|
54
|
-
|
|
55
|
-
that command.
|
|
422
|
+
This package installs `synapsor-runner` as the OSS runner binary. The `synapsor`
|
|
423
|
+
command is reserved for the Synapsor Cloud CLI.
|
|
56
424
|
|
|
57
425
|
## Scope
|
|
58
426
|
|
|
@@ -61,4 +429,4 @@ Synapsor DBMS, not a physical branch engine for Postgres/MySQL, and not a
|
|
|
61
429
|
general MCP security platform.
|
|
62
430
|
|
|
63
431
|
See the full repository README and docs for Docker demos, MCP client setup,
|
|
64
|
-
configuration recipes, and
|
|
432
|
+
configuration recipes, security boundaries, and release notes.
|
package/TRADEMARKS.md
ADDED
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# Trademark Policy
|
|
2
|
+
|
|
3
|
+
Apache License 2.0 grants copyright and patent rights to the code in this
|
|
4
|
+
repository. It does not grant trademark rights.
|
|
5
|
+
|
|
6
|
+
The names "Synapsor" and "Synapsor Runner", Synapsor logos, and Synapsor brand
|
|
7
|
+
assets may not be used to imply endorsement or to operate a confusingly similar
|
|
8
|
+
hosted service.
|
|
9
|
+
|
|
10
|
+
Forks may accurately describe themselves as:
|
|
11
|
+
|
|
12
|
+
- "based on Synapsor Runner";
|
|
13
|
+
- "built with Synapsor Runner";
|
|
14
|
+
- "compatible with Synapsor Runner".
|
|
15
|
+
|
|
16
|
+
Forks may not call themselves "Synapsor", use Synapsor branding as their own
|
|
17
|
+
product branding, or imply that Synapsor sponsors, endorses, or operates the
|
|
18
|
+
fork.
|
|
19
|
+
|
|
20
|
+
Hosted or commercial services based on this code must use their own branding.
|
|
21
|
+
|
|
22
|
+
For trademark permission requests, use the contact form at
|
|
23
|
+
https://synapsor.ai/contact.
|
package/dist/cli.d.ts
CHANGED
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
+
import { type DbRowReader } from "@synapsor-runner/mcp-server";
|
|
3
|
+
import { type WritebackJob } from "@synapsor-runner/protocol";
|
|
2
4
|
import { type SchemaInspection } from "@synapsor-runner/schema-inspector";
|
|
3
5
|
export declare function main(argv: string[]): Promise<number>;
|
|
4
6
|
type WizardAsk = (question: string, defaultValue?: string) => Promise<string>;
|
|
@@ -6,7 +8,9 @@ export declare function runInitWizard(args: string[], options?: {
|
|
|
6
8
|
ask?: WizardAsk;
|
|
7
9
|
env?: NodeJS.ProcessEnv;
|
|
8
10
|
inspection?: SchemaInspection;
|
|
11
|
+
readRow?: DbRowReader;
|
|
9
12
|
stdout?: Pick<NodeJS.WriteStream, "write">;
|
|
10
13
|
}): Promise<number>;
|
|
14
|
+
export declare function resolveSqlWriteDatabaseUrl(job: WritebackJob, configPath: string, env: NodeJS.ProcessEnv): Promise<string>;
|
|
11
15
|
export {};
|
|
12
16
|
//# sourceMappingURL=cli.d.ts.map
|
package/dist/cli.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAYA,OAAO,EAAkF,KAAK,WAAW,EAAoD,MAAM,6BAA6B,CAAC;AAkBjM,OAAO,EAA6G,KAAK,YAAY,EAAwB,MAAM,2BAA2B,CAAC;AAC/L,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AAkS3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAiD1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CA2OjB;AAo9CD,wBAAsB,0BAA0B,CAAC,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAM/H"}
|