@synapsor/runner 0.1.0-alpha.1 → 0.1.0-alpha.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (66) hide show
  1. package/README.md +426 -19
  2. package/TRADEMARKS.md +23 -0
  3. package/dist/cli.d.ts +4 -0
  4. package/dist/cli.d.ts.map +1 -1
  5. package/dist/cli.js +20 -8723
  6. package/dist/runner.mjs +12958 -0
  7. package/docs/README.md +53 -0
  8. package/docs/app-owned-executors.md +21 -0
  9. package/docs/cloud-mode.md +24 -0
  10. package/docs/current-scope.md +24 -0
  11. package/docs/dependency-license-inventory.md +35 -0
  12. package/docs/getting-started-own-database.md +460 -0
  13. package/docs/http-mcp.md +276 -0
  14. package/docs/licensing.md +36 -0
  15. package/docs/limitations.md +95 -0
  16. package/docs/local-mode.md +351 -0
  17. package/docs/mcp-audit.md +152 -0
  18. package/docs/mcp-client-setup.md +270 -0
  19. package/docs/openai-agents-sdk.md +57 -0
  20. package/docs/recipes.md +61 -0
  21. package/docs/release-notes.md +158 -0
  22. package/docs/security-boundary.md +94 -0
  23. package/docs/troubleshooting-first-run.md +248 -0
  24. package/docs/use-your-own-database.md +18 -0
  25. package/docs/writeback-executors.md +220 -0
  26. package/examples/app-owned-writeback/README.md +120 -0
  27. package/examples/app-owned-writeback/business-actions.md +221 -0
  28. package/examples/app-owned-writeback/command-handler.mjs +46 -0
  29. package/examples/app-owned-writeback/node-fastify-handler.mjs +55 -0
  30. package/examples/app-owned-writeback/python-fastapi-handler.py +57 -0
  31. package/examples/dangerous-mcp-tools.json +88 -0
  32. package/examples/mcp-postgres-billing-app-handler/README.md +82 -0
  33. package/examples/mcp-postgres-billing-app-handler/app-handler.mjs +197 -0
  34. package/examples/mcp-postgres-billing-app-handler/docker-compose.yml +13 -0
  35. package/examples/mcp-postgres-billing-app-handler/schema.sql +59 -0
  36. package/examples/mcp-postgres-billing-app-handler/scripts/run-demo.sh +99 -0
  37. package/examples/mcp-postgres-billing-app-handler/seed.sql +39 -0
  38. package/examples/mcp-postgres-billing-app-handler/synapsor.runner.json +157 -0
  39. package/examples/openai-agents-http/README.md +64 -0
  40. package/examples/openai-agents-http/agent.py +54 -0
  41. package/examples/openai-agents-http/requirements.txt +1 -0
  42. package/examples/openai-agents-stdio/README.md +66 -0
  43. package/examples/openai-agents-stdio/agent.py +72 -0
  44. package/examples/openai-agents-stdio/requirements.txt +1 -0
  45. package/examples/reference-support-billing-app/README.md +137 -0
  46. package/examples/reference-support-billing-app/docker-compose.yml +13 -0
  47. package/examples/reference-support-billing-app/mcp-client.generic.json +11 -0
  48. package/examples/reference-support-billing-app/schema.sql +68 -0
  49. package/examples/reference-support-billing-app/scripts/run-demo.sh +7 -0
  50. package/examples/reference-support-billing-app/seed.sql +33 -0
  51. package/examples/reference-support-billing-app/synapsor.runner.json +241 -0
  52. package/fixtures/benchmark/mcp-efficiency.json +53 -0
  53. package/fixtures/benchmark/mcp-efficiency.txt +25 -0
  54. package/fixtures/protocol/MANIFEST.json +54 -0
  55. package/fixtures/protocol/change-set.late-fee-waiver.v1.json +72 -0
  56. package/fixtures/protocol/execution-receipt.applied.v1.json +14 -0
  57. package/fixtures/protocol/execution-receipt.conflict.v1.json +15 -0
  58. package/fixtures/protocol/runner-registration.v1.json +22 -0
  59. package/fixtures/protocol/writeback-job.late-fee-waiver.v1.json +44 -0
  60. package/package.json +14 -4
  61. package/recipes/accounts.trial_extension.json +42 -0
  62. package/recipes/billing.late_fee_waiver.json +46 -0
  63. package/recipes/credits.account_credit.json +45 -0
  64. package/recipes/orders.refund_review.json +57 -0
  65. package/recipes/support.ticket_resolution.json +51 -0
  66. package/dist/bin.cjs +0 -13
package/README.md CHANGED
@@ -1,38 +1,321 @@
1
1
  # Synapsor Runner
2
2
 
3
- Commit-safe MCP runner for Postgres and MySQL agents.
3
+ Safe database tools for AI agents.
4
4
 
5
- Synapsor Runner lets an MCP agent request database-backed business actions
6
- without receiving raw SQL, write credentials, approval tools, or commit tools.
7
- It exposes semantic tools, creates proposals, records evidence, requires
8
- approval outside the model-facing tool surface, and applies approved writes
9
- through guarded execution.
5
+ Turn Postgres/MySQL into reviewed MCP capabilities, not raw SQL. Synapsor
6
+ Runner lets an MCP agent inspect scoped data and request database-backed
7
+ business actions without receiving raw SQL, write credentials, approval tools,
8
+ or commit tools.
10
9
 
11
- ## Run The Alpha
10
+ ## Alpha Operational Notes
11
+
12
+ These are current alpha requirements, not hidden behavior:
13
+
14
+ - Writeback with `--config ./synapsor.runner.json` reads the trusted writer
15
+ connection from the source `write_url_env`, for example
16
+ `SYNAPSOR_DATABASE_WRITE_URL`. `SYNAPSOR_DATABASE_URL` is only the legacy
17
+ fallback when you run direct worker/apply flows without a local config.
18
+ - `synapsor-runner mcp serve` is standard stdio MCP for local clients that can
19
+ launch Runner.
20
+ - `synapsor-runner mcp serve-streamable-http` is standard MCP Streamable HTTP
21
+ with `initialize` and in-memory session behavior for SDK/client HTTP MCP
22
+ integrations.
23
+ - OpenAI Agents SDK rejects dotted function/tool names. Use
24
+ `--alias-mode openai` or `--openai-tool-aliases` for OpenAI-facing MCP
25
+ transports. Runner exposes aliases such as `billing__inspect_invoice` and
26
+ keeps the canonical Synapsor capability name in tool metadata.
27
+ - `synapsor-runner mcp serve-http` is a small authenticated JSON-RPC bridge for
28
+ `tools/list`, `tools/call`, and `resources/read`. Use it only when you want a
29
+ simple app/server wrapper instead of full HTTP MCP.
30
+ - Direct SQL writeback creates or writes `synapsor_writeback_receipts` for
31
+ idempotency and replay. The trusted writer needs permission for that table,
32
+ or an administrator must pre-create it and grant access. Use an app-owned
33
+ `http_handler` or `command_handler` if Runner should not create receipt
34
+ tables in your application schema.
35
+
36
+ ```text
37
+ AI agent or MCP client
38
+ (Claude, Cursor, OpenAI Agents SDK, LangGraph)
39
+ |
40
+ | calls reviewed MCP tool
41
+ v
42
+ +--------------------------------+
43
+ | Synapsor Runner MCP |
44
+ | semantic capabilities only |
45
+ | trusted tenant/principal ctx |
46
+ | evidence + query audit |
47
+ +--------------------------------+
48
+ |
49
+ | scoped read / guarded proposal
50
+ v
51
+ +--------------------------------+
52
+ | Your Postgres or MySQL |
53
+ | source of truth |
54
+ +--------------------------------+
55
+
56
+ Local Runner store:
57
+ evidence · query audit · proposals · receipts · replay
58
+ ```
59
+
60
+ Your database stays the source of truth. Synapsor Runner owns the
61
+ model-facing boundary: what the agent can read, what it can propose, what
62
+ evidence is saved, and what can later be reviewed or replayed.
63
+
64
+ ## What Runner Does
65
+
66
+ When an agent uses Runner:
67
+
68
+ - the model gets reviewed capabilities, not raw database authority;
69
+ - reads produce evidence handles and query audit;
70
+ - writes become proposals, not direct mutations;
71
+ - approval and writeback happen outside the model-facing MCP surface;
72
+ - replay shows what the agent saw, proposed, and what was applied or blocked.
73
+
74
+ ## Start Here
75
+
76
+ Run the guided quick demo first. It does not require Docker, a database, a
77
+ config file, an MCP client, or a Synapsor Cloud account.
12
78
 
13
79
  ```bash
14
- npx -y -p @synapsor/runner@alpha synapsor-runner --help
80
+ npx -y -p @synapsor/runner@alpha synapsor-runner demo --quick
15
81
  ```
16
82
 
17
- Use it with a local or staging database:
83
+ In a terminal, it walks through the safety model step by step. In CI, piped
84
+ output, or other non-interactive mode, it prints a short summary and exits
85
+ without waiting for Enter.
86
+
87
+ That command creates a local ledger fixture at `./.synapsor/quick-demo.db`.
88
+ It does not prove database connectivity. It shows the proposal, evidence, and
89
+ replay flow without giving the runner a database URL.
90
+
91
+ ```bash
92
+ npx -y -p @synapsor/runner@alpha synapsor-runner demo inspect
93
+ ```
94
+
95
+ Human output is concise by default. Use `--details` for reviewer metadata or
96
+ `--json` for complete machine-readable records.
97
+
98
+ Useful quick-demo modes:
99
+
100
+ ```bash
101
+ synapsor-runner demo --quick --guided
102
+ synapsor-runner demo --quick --no-interactive
103
+ synapsor-runner demo --quick --details
104
+ synapsor-runner demo inspect --npx
105
+ ```
106
+
107
+ Then choose one path:
108
+
109
+ ```text
110
+ Full disposable proof -> npx -y -p @synapsor/runner@alpha synapsor-runner demo
111
+ Your own staging DB -> export DATABASE_URL=... then run the inspect command below
112
+ MCP risk review -> npx -y -p @synapsor/runner@alpha synapsor-runner audit --example dangerous-db-mcp
113
+ ```
114
+
115
+ `synapsor-runner` is the public command for this OSS runner. `synapsor` is
116
+ reserved for the Synapsor Cloud CLI.
117
+
118
+ ## Connect Your Own Staging Database
119
+
120
+ Put a read-only connection string in the environment:
18
121
 
19
122
  ```bash
20
123
  export DATABASE_URL="postgresql://readonly_user:password@localhost:5432/app"
21
- npx -y -p @synapsor/runner@alpha synapsor-runner inspect --engine auto --from-env DATABASE_URL --schema public
22
- npx -y -p @synapsor/runner@alpha synapsor-runner init --wizard --engine auto --from-env DATABASE_URL --schema public
23
- npx -y -p @synapsor/runner@alpha synapsor-runner tools preview
24
- npx -y -p @synapsor/runner@alpha synapsor-runner mcp serve
25
124
  ```
26
125
 
126
+ For disposable dev RDS fixtures only, use `sslmode=no-verify` if your local
127
+ Node/Postgres TLS stack cannot verify the test certificate chain. For real
128
+ staging or production-like databases, keep certificate verification enabled.
129
+
130
+ Run the guided own-database path:
131
+
132
+ ```bash
133
+ npx -y -p @synapsor/runner@alpha synapsor-runner start \
134
+ --from-env DATABASE_URL \
135
+ --schema public
136
+ ```
137
+
138
+ `start --from-env` is the low-friction alias for `onboard db --from-env`. That
139
+ path inspects metadata, helps you choose one table/view, creates trusted
140
+ context bindings, generates semantic MCP tools, validates the tool boundary,
141
+ and prints the exact MCP/UI next commands. It does not require hand-authored
142
+ JSON. If you provide an optional real object id during the wizard, it also
143
+ writes `./.synapsor/smoke-input.json` so the first tool call can use an actual
144
+ row instead of guessed sample data. When the read URL env var and trusted
145
+ tenant/principal env vars are already set, onboarding also attempts that smoke
146
+ call immediately and stores the evidence/query audit in the local ledger. If
147
+ those env vars are missing, it prints the exact command to run after you set
148
+ them from `.env.example`.
149
+
150
+ The wizard creates this local flow:
151
+
152
+ ```text
153
+ trusted context -> capability -> MCP tool
154
+ ```
155
+
156
+ It asks which table/view backs the context, which tenant/scope column and
157
+ backend session env vars are trusted, which fields are visible, and what
158
+ semantic capability name to expose.
159
+
160
+ ```bash
161
+ npx -y -p @synapsor/runner@alpha synapsor-runner init \
162
+ --wizard \
163
+ --engine auto \
164
+ --from-env DATABASE_URL \
165
+ --schema public \
166
+ --mode read_only
167
+ ```
168
+
169
+ Preview and serve the semantic tools:
170
+
171
+ ```bash
172
+ npx -y -p @synapsor/runner@alpha synapsor-runner tools preview \
173
+ --config ./synapsor.runner.json \
174
+ --store ./.synapsor/local.db
175
+
176
+ npx -y -p @synapsor/runner@alpha synapsor-runner smoke call \
177
+ <generated.inspect_tool_name> \
178
+ --input ./.synapsor/smoke-input.json \
179
+ --config ./synapsor.runner.json \
180
+ --store ./.synapsor/local.db
181
+
182
+ npx -y -p @synapsor/runner@alpha synapsor-runner mcp serve \
183
+ --config ./synapsor.runner.json \
184
+ --store ./.synapsor/local.db
185
+ ```
186
+
187
+ `smoke call` uses the same runtime as MCP, records evidence/query audit or a
188
+ proposal in the local store, and prints the evidence/proposal/replay commands
189
+ to inspect what happened. If you skipped the optional smoke input in the
190
+ wizard, pass `--json '{"<lookup_arg>":"<real_id>"}'` instead.
191
+
192
+ ## Two Ways To Run MCP
193
+
194
+ Use stdio when the MCP client runs locally and can launch Synapsor Runner. Use
195
+ HTTP when your agent service runs as an app/server and connects to a
196
+ long-running Runner process.
197
+
198
+ Local MCP clients:
199
+
200
+ ```bash
201
+ synapsor-runner mcp serve \
202
+ --config ./synapsor.runner.json \
203
+ --store ./.synapsor/local.db
204
+ ```
205
+
206
+ For OpenAI Agents SDK over stdio, add OpenAI-safe aliases:
207
+
208
+ ```bash
209
+ synapsor-runner mcp serve \
210
+ --config ./synapsor.runner.json \
211
+ --store ./.synapsor/local.db \
212
+ --alias-mode openai
213
+ ```
214
+
215
+ App/server deployments:
216
+
217
+ ```bash
218
+ export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
219
+
220
+ synapsor-runner mcp serve-streamable-http \
221
+ --config ./synapsor.runner.json \
222
+ --store ./.synapsor/local.db \
223
+ --auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN \
224
+ --alias-mode openai
225
+ ```
226
+
227
+ Equivalent unified command:
228
+
229
+ ```bash
230
+ synapsor-runner mcp serve \
231
+ --transport streamable-http \
232
+ --config ./synapsor.runner.json \
233
+ --store ./.synapsor/local.db \
234
+ --auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN \
235
+ --alias-mode openai
236
+ ```
237
+
238
+ Streamable HTTP defaults to `127.0.0.1:8766`, requires bearer auth by default,
239
+ and should use private networking, TLS, and rate limits before being exposed
240
+ beyond a local machine. With `--alias-mode openai`, tools are exposed to
241
+ the model as OpenAI-safe aliases such as `billing__inspect_invoice`; `_meta`
242
+ still includes `synapsor.canonical_tool_name = billing.inspect_invoice`, and
243
+ Runner routes calls back to the canonical Synapsor capability. Use
244
+ `--alias-mode both` during migrations if one client still expects canonical
245
+ dotted names while another needs OpenAI-safe aliases.
246
+
247
+ Bridge mode:
248
+
249
+ ```bash
250
+ synapsor-runner mcp serve-http \
251
+ --config ./synapsor.runner.json \
252
+ --store ./.synapsor/local.db \
253
+ --auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
254
+ ```
255
+
256
+ Bridge HTTP defaults to `127.0.0.1:8765` and supports only JSON-RPC
257
+ `tools/list`, `tools/call`, and `resources/read`. It does not implement MCP
258
+ Streamable HTTP `initialize`/session behavior.
259
+
260
+ OpenAI Agents SDK examples:
261
+
262
+ ```text
263
+ examples/openai-agents-stdio/
264
+ examples/openai-agents-http/
265
+ ```
266
+
267
+ Use `--mode review` only when you are ready to create proposal tools and test
268
+ guarded writeback with a separate trusted write credential.
269
+
270
+ ## Sanity Check The Agent Connection
271
+
272
+ Before asking an agent to solve a real task, confirm it can call a Runner tool:
273
+
274
+ ```bash
275
+ synapsor-runner tools preview --config ./synapsor.runner.json --store ./.synapsor/local.db
276
+ ```
277
+
278
+ For OpenAI-facing clients:
279
+
280
+ ```bash
281
+ synapsor-runner tools preview \
282
+ --config ./synapsor.runner.json \
283
+ --store ./.synapsor/local.db \
284
+ --alias-mode openai
285
+ ```
286
+
287
+ Then ask the agent:
288
+
289
+ ```text
290
+ Use the Synapsor Runner MCP tool to inspect invoice INV-3001.
291
+ Do not answer from memory.
292
+ Return the tool name called, the evidence handle, and whether raw SQL was available.
293
+ ```
294
+
295
+ Expected result: the agent calls a semantic tool, returns an evidence handle or
296
+ local ledger reference, and says raw SQL/write/approval tools were not
297
+ available. If it gives generic advice or unrelated prose without a tool call,
298
+ Runner is not connected yet.
299
+
300
+ The disposable reference app includes proposal-first write examples for:
301
+
302
+ - `billing.propose_late_fee_waiver`
303
+ - `support.propose_plan_credit`
304
+ - `orders.propose_status_change`
305
+
306
+ Each tool creates evidence, a before/after diff, and a proposal. The source
307
+ database remains unchanged until approval outside MCP and guarded writeback.
308
+
27
309
  For a longer local session, you can install the alpha package explicitly:
28
310
 
29
311
  ```bash
30
312
  npm install -g @synapsor/runner@alpha
31
313
  ```
32
314
 
33
- ## What It Does
315
+ ## Runtime Flow
34
316
 
35
- The local runner implements a small Synapsor-style trust loop:
317
+ The local runner keeps the model-facing tool call separate from approval and
318
+ writeback:
36
319
 
37
320
  ```text
38
321
  MCP tool call
@@ -48,11 +331,135 @@ MCP tool call
48
331
  Your Postgres/MySQL database remains the source of truth. The runner stores
49
332
  local proposals, evidence, receipts, and replay data in a local SQLite store.
50
333
 
334
+ ## Why Not Just Use A Read-Only Database User?
335
+
336
+ You should use one.
337
+
338
+ Synapsor Runner is not a replacement for least-privilege database permissions.
339
+ Start with a read-only user, restricted views, row-level security, and staging
340
+ data where appropriate.
341
+
342
+ The difference is that database permissions protect the connection. Synapsor
343
+ Runner shapes the model-facing interface.
344
+
345
+ Instead of exposing `execute_sql`, `query_database`, table names, or
346
+ model-controlled tenant filters, Synapsor exposes reviewed business
347
+ capabilities such as `billing.inspect_invoice` and
348
+ `billing.propose_late_fee_waiver`.
349
+
350
+ For read-only use cases, Runner provides scoped semantic tools, trusted context
351
+ binding, evidence handles, query audit, and local inspection. Proposal
352
+ workflows add full replay across evidence, approval, writeback receipts, and
353
+ events.
354
+
355
+ If all you need is restricted reads, database permissions are a good start.
356
+ Use Synapsor Runner when you also want the agent-facing layer: semantic tools,
357
+ trusted context, evidence handles, query audit, local inspection, and
358
+ proposal-first writes.
359
+
360
+ ## Fixture Benchmark
361
+
362
+ Run the included MCP efficiency fixture:
363
+
364
+ ```bash
365
+ synapsor-runner benchmark mcp-efficiency
366
+ ```
367
+
368
+ Current fixture result for the late-fee-waiver workflow:
369
+
370
+ ```text
371
+ Generic database MCP reference:
372
+ exposed tools: 4
373
+ scripted tool calls: 5
374
+ raw SQL exposed: yes
375
+ approval separated: no
376
+ stale-row conflict checked: no
377
+
378
+ Synapsor Runner semantic path:
379
+ exposed tools: 2
380
+ scripted tool calls: 2
381
+ raw SQL exposed: no
382
+ approval separated: yes
383
+ stale-row conflict checked: yes
384
+ ```
385
+
386
+ The fixture tokenizer is deterministic and repeatable for this package. It is
387
+ not a model billing tokenizer and not a universal token-savings claim.
388
+
389
+ ## Find Evidence And Replay
390
+
391
+ The commands in this section require this checkout or an alpha package that
392
+ includes the local-ledger CLI surface.
393
+
394
+ The runner stores a local SQLite evidence/replay ledger. Search it without
395
+ relying on `latest`:
396
+
397
+ ```bash
398
+ synapsor-runner activity search --tenant acme --object invoice:INV-3001
399
+ synapsor-runner proposals list --tenant acme --object invoice:INV-3001 --status approved
400
+ synapsor-runner evidence show ev_...
401
+ synapsor-runner query-audit list --evidence ev_...
402
+ synapsor-runner receipts list --proposal wrp_...
403
+ synapsor-runner receipts show <receipt_id>
404
+ synapsor-runner replay show --proposal wrp_...
405
+ synapsor-runner replay show --replay replay_wrp_...
406
+ ```
407
+
408
+ Default inspection output is meant for first-run clarity. Add `--details` for
409
+ target URIs, primary keys, proposal hash/version, conflict guards, query
410
+ fingerprints, event timestamps, and receipt internals.
411
+
412
+ Export captured evidence or proposal replay:
413
+
414
+ ```bash
415
+ synapsor-runner evidence export ev_... --format markdown --output evidence.md
416
+ synapsor-runner replay export --proposal wrp_... --format json --output replay.json
417
+ synapsor-runner replay export --proposal wrp_... --format markdown --output replay.md
418
+ ```
419
+
420
+ Create a redacted local diagnostic report:
421
+
422
+ ```bash
423
+ synapsor-runner doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
424
+ ```
425
+
426
+ Inspect or compact the local ledger:
427
+
428
+ ```bash
429
+ synapsor-runner store stats --store ./.synapsor/local.db
430
+ synapsor-runner store vacuum --store ./.synapsor/local.db
431
+ synapsor-runner store prune --store ./.synapsor/local.db --older-than 30d --dry-run
432
+ ```
433
+
434
+ This is local indexed search for local/dev/staging usage. It is not external
435
+ database time travel, not cross-runner search, and not hosted compliance
436
+ retention.
437
+
438
+ ## App-Owned Writeback
439
+
440
+ Use direct guarded DB writeback for simple local/staging single-row updates. If
441
+ your application service already owns business writes, configure an
442
+ `http_handler` or `command_handler` executor. Approval still happens outside
443
+ MCP, and the handler returns an applied/conflict/failed receipt for replay.
444
+ Starter handlers are included under `examples/app-owned-writeback`.
445
+ You can also generate a starter handler directly:
446
+
447
+ ```bash
448
+ npx -y -p @synapsor/runner@alpha synapsor-runner handler template node-fastify \
449
+ --output ./synapsor-writeback-handler.mjs
450
+ ```
451
+
452
+ For direct SQL writeback, set the writer env var named by the source
453
+ `write_url_env`, for example `SYNAPSOR_DATABASE_WRITE_URL`. Runner also creates
454
+ or writes `synapsor_writeback_receipts` for idempotency/replay, so the writer
455
+ needs permission for that receipt table or an administrator must pre-create and
456
+ grant it. Use app-owned handlers when you do not want Runner creating receipt
457
+ tables in your application schema.
458
+
51
459
  ## Command Name
52
460
 
53
- This package installs the `synapsor-runner` binary. It intentionally does not
54
- install a `synapsor` binary because the hosted Synapsor SDK package already owns
55
- that command.
461
+ This package installs `synapsor-runner` as the OSS runner binary. The `synapsor`
462
+ command is reserved for the Synapsor Cloud CLI.
56
463
 
57
464
  ## Scope
58
465
 
@@ -61,4 +468,4 @@ Synapsor DBMS, not a physical branch engine for Postgres/MySQL, and not a
61
468
  general MCP security platform.
62
469
 
63
470
  See the full repository README and docs for Docker demos, MCP client setup,
64
- configuration recipes, and security boundaries.
471
+ configuration recipes, security boundaries, and release notes.
package/TRADEMARKS.md ADDED
@@ -0,0 +1,23 @@
1
+ # Trademark Policy
2
+
3
+ Apache License 2.0 grants copyright and patent rights to the code in this
4
+ repository. It does not grant trademark rights.
5
+
6
+ The names "Synapsor" and "Synapsor Runner", Synapsor logos, and Synapsor brand
7
+ assets may not be used to imply endorsement or to operate a confusingly similar
8
+ hosted service.
9
+
10
+ Forks may accurately describe themselves as:
11
+
12
+ - "based on Synapsor Runner";
13
+ - "built with Synapsor Runner";
14
+ - "compatible with Synapsor Runner".
15
+
16
+ Forks may not call themselves "Synapsor", use Synapsor branding as their own
17
+ product branding, or imply that Synapsor sponsors, endorses, or operates the
18
+ fork.
19
+
20
+ Hosted or commercial services based on this code must use their own branding.
21
+
22
+ For trademark permission requests, use the contact form at
23
+ https://synapsor.ai/contact.
package/dist/cli.d.ts CHANGED
@@ -1,4 +1,6 @@
1
1
  #!/usr/bin/env node
2
+ import { type DbRowReader } from "@synapsor-runner/mcp-server";
3
+ import { type WritebackJob } from "@synapsor-runner/protocol";
2
4
  import { type SchemaInspection } from "@synapsor-runner/schema-inspector";
3
5
  export declare function main(argv: string[]): Promise<number>;
4
6
  type WizardAsk = (question: string, defaultValue?: string) => Promise<string>;
@@ -6,7 +8,9 @@ export declare function runInitWizard(args: string[], options?: {
6
8
  ask?: WizardAsk;
7
9
  env?: NodeJS.ProcessEnv;
8
10
  inspection?: SchemaInspection;
11
+ readRow?: DbRowReader;
9
12
  stdout?: Pick<NodeJS.WriteStream, "write">;
10
13
  }): Promise<number>;
14
+ export declare function resolveSqlWriteDatabaseUrl(job: WritebackJob, configPath: string, env: NodeJS.ProcessEnv): Promise<string>;
11
15
  export {};
12
16
  //# sourceMappingURL=cli.d.ts.map
package/dist/cli.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAiBA,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AAiC3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAqC1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CA0KjB"}
1
+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAYA,OAAO,EAAqG,KAAK,WAAW,EAAwE,MAAM,6BAA6B,CAAC;AAkBxO,OAAO,EAA6G,KAAK,YAAY,EAAwB,MAAM,2BAA2B,CAAC;AAC/L,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AAkS3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAiD1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CA2OjB;AAo9CD,wBAAsB,0BAA0B,CAAC,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAM/H"}