@synapsor/runner 0.1.0-alpha.1 → 0.1.0-alpha.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +15 -13
- package/TRADEMARKS.md +23 -0
- package/dist/cli.js +15 -8723
- package/dist/runner.mjs +8767 -0
- package/docs/MCP_RUNNER_IMPLEMENTATION_PLAN.md +187 -0
- package/docs/README.md +56 -0
- package/docs/architecture.md +65 -0
- package/docs/capability-config.md +180 -0
- package/docs/cloud-mode.md +140 -0
- package/docs/config-migrations.md +67 -0
- package/docs/demo-transcript.md +73 -0
- package/docs/dependency-license-inventory.md +35 -0
- package/docs/first-10-minutes.md +147 -0
- package/docs/getting-started-own-database.md +367 -0
- package/docs/licensing.md +38 -0
- package/docs/limitations.md +75 -0
- package/docs/local-mode.md +246 -0
- package/docs/local-ui.md +163 -0
- package/docs/mcp-audit.md +135 -0
- package/docs/mcp-client-setup.md +155 -0
- package/docs/mcp-efficiency-benchmark.md +84 -0
- package/docs/operations.md +38 -0
- package/docs/own-db-20-minutes.md +185 -0
- package/docs/production-readiness.md +39 -0
- package/docs/protocol.md +90 -0
- package/docs/recipes.md +61 -0
- package/docs/roadmap.md +13 -0
- package/docs/schema-inspection.md +88 -0
- package/docs/security-boundary.md +70 -0
- package/docs/shadow-mode.md +67 -0
- package/docs/telemetry.md +28 -0
- package/docs/threat-model.md +25 -0
- package/docs/troubleshooting-first-run.md +248 -0
- package/docs/trusted-context.md +70 -0
- package/docs/writeback-executors.md +128 -0
- package/examples/dangerous-mcp-tools.json +88 -0
- package/examples/reference-support-billing-app/README.md +86 -0
- package/examples/reference-support-billing-app/docker-compose.yml +13 -0
- package/examples/reference-support-billing-app/mcp-client.generic.json +11 -0
- package/examples/reference-support-billing-app/schema.sql +55 -0
- package/examples/reference-support-billing-app/scripts/run-demo.sh +7 -0
- package/examples/reference-support-billing-app/seed.sql +26 -0
- package/examples/reference-support-billing-app/synapsor.runner.json +136 -0
- package/package.json +10 -4
- package/recipes/accounts.trial_extension.json +42 -0
- package/recipes/billing.late_fee_waiver.json +46 -0
- package/recipes/credits.account_credit.json +45 -0
- package/recipes/orders.refund_review.json +57 -0
- package/recipes/support.ticket_resolution.json +51 -0
- package/dist/bin.cjs +0 -13
|
@@ -0,0 +1,155 @@
|
|
|
1
|
+
# MCP Client Setup
|
|
2
|
+
|
|
3
|
+
The primary local proof path is still the one-command Docker demo:
|
|
4
|
+
|
|
5
|
+
```bash
|
|
6
|
+
./scripts/demo-docker.sh
|
|
7
|
+
```
|
|
8
|
+
|
|
9
|
+
Use this page after that demo passes and you want to attach a local MCP client. The tested integration contract here is stdio. Client-specific UIs change, so the checked-in examples verify config shape and `tools/list`, not every client screen.
|
|
10
|
+
|
|
11
|
+
Command examples use the published alpha package through `npx`. From a source
|
|
12
|
+
checkout, use `./bin/synapsor ...` only when you intentionally want the local
|
|
13
|
+
source wrapper.
|
|
14
|
+
|
|
15
|
+
Checked examples live in:
|
|
16
|
+
|
|
17
|
+
```text
|
|
18
|
+
examples/mcp-client-configs/
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
Validate them with:
|
|
22
|
+
|
|
23
|
+
```bash
|
|
24
|
+
corepack pnpm test:mcp-client-configs
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
## Generate A Client Snippet
|
|
28
|
+
|
|
29
|
+
Print a snippet without modifying any client files:
|
|
30
|
+
|
|
31
|
+
```bash
|
|
32
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner mcp config claude-desktop \
|
|
33
|
+
--config ./synapsor.runner.json \
|
|
34
|
+
--store ./.synapsor/local.db
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
Supported client names:
|
|
38
|
+
|
|
39
|
+
```text
|
|
40
|
+
generic-stdio
|
|
41
|
+
generic
|
|
42
|
+
claude-desktop
|
|
43
|
+
cursor
|
|
44
|
+
vscode
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
The older form is still supported:
|
|
48
|
+
|
|
49
|
+
```bash
|
|
50
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner mcp configure --client claude-desktop --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
Write is opt-in and requires an explicit destination:
|
|
54
|
+
|
|
55
|
+
```bash
|
|
56
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner mcp configure \
|
|
57
|
+
--client cursor \
|
|
58
|
+
--config ./synapsor.runner.json \
|
|
59
|
+
--store ./.synapsor/local.db \
|
|
60
|
+
--write \
|
|
61
|
+
--destination ./cursor-mcp.json
|
|
62
|
+
```
|
|
63
|
+
|
|
64
|
+
When the destination already exists, Synapsor Runner creates a timestamped
|
|
65
|
+
backup before writing. Noninteractive scripts must add `--yes`.
|
|
66
|
+
|
|
67
|
+
The command writes only the local stdio MCP command and args. It does not write
|
|
68
|
+
database URLs or passwords into the client config.
|
|
69
|
+
|
|
70
|
+
## Start Command
|
|
71
|
+
|
|
72
|
+
From the runner repository:
|
|
73
|
+
|
|
74
|
+
```bash
|
|
75
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner mcp serve --config ./examples/mcp-postgres-billing/synapsor.runner.json --store ./.synapsor/local.db
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
For the alpha package, keep the package tag explicit in client configuration.
|
|
79
|
+
|
|
80
|
+
## Generic stdio Client
|
|
81
|
+
|
|
82
|
+
```json
|
|
83
|
+
{
|
|
84
|
+
"mcpServers": {
|
|
85
|
+
"synapsor-runner": {
|
|
86
|
+
"command": "npx",
|
|
87
|
+
"args": [
|
|
88
|
+
"-y",
|
|
89
|
+
"-p",
|
|
90
|
+
"@synapsor/runner@alpha",
|
|
91
|
+
"synapsor-runner",
|
|
92
|
+
"mcp",
|
|
93
|
+
"serve",
|
|
94
|
+
"--config",
|
|
95
|
+
"./examples/mcp-postgres-billing/synapsor.runner.json",
|
|
96
|
+
"--store",
|
|
97
|
+
"./.synapsor/local.db"
|
|
98
|
+
],
|
|
99
|
+
"env": {
|
|
100
|
+
"BILLING_POSTGRES_READ_URL": "postgresql://synapsor_reader:...@localhost:55433/synapsor_runner_mcp_billing",
|
|
101
|
+
"SYNAPSOR_TENANT_ID": "acme",
|
|
102
|
+
"SYNAPSOR_PRINCIPAL": "local_billing_agent"
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
```
|
|
108
|
+
|
|
109
|
+
The MCP server should list semantic tools such as:
|
|
110
|
+
|
|
111
|
+
```text
|
|
112
|
+
billing.inspect_invoice
|
|
113
|
+
billing.propose_late_fee_waiver
|
|
114
|
+
```
|
|
115
|
+
|
|
116
|
+
It should not list:
|
|
117
|
+
|
|
118
|
+
```text
|
|
119
|
+
execute_sql
|
|
120
|
+
run_query
|
|
121
|
+
approve_proposal
|
|
122
|
+
commit_proposal
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
## Claude Desktop / Cursor / VS Code
|
|
126
|
+
|
|
127
|
+
Use the matching checked-in example as the starting point:
|
|
128
|
+
|
|
129
|
+
```text
|
|
130
|
+
examples/mcp-client-configs/claude-desktop.json
|
|
131
|
+
examples/mcp-client-configs/cursor.json
|
|
132
|
+
examples/mcp-client-configs/vscode.json
|
|
133
|
+
```
|
|
134
|
+
|
|
135
|
+
Each example uses the same stdio command/args/env structure. Replace the placeholder environment variables in your client settings or shell environment.
|
|
136
|
+
|
|
137
|
+
Do not add a write database URL to the MCP server environment unless you are intentionally running a local review/writeback demo. For normal read/proposal tool calls, use the read URL and trusted context values only.
|
|
138
|
+
|
|
139
|
+
Before documenting a client UI as officially tested, verify:
|
|
140
|
+
|
|
141
|
+
1. the server starts;
|
|
142
|
+
2. `tools/list` returns semantic tools;
|
|
143
|
+
3. read tools return evidence handles;
|
|
144
|
+
4. proposal tools return exact diffs and `source_database_changed: false`;
|
|
145
|
+
5. no approval or commit tool is model-callable;
|
|
146
|
+
6. resource reads work for proposal/evidence/replay handles.
|
|
147
|
+
|
|
148
|
+
## Troubleshooting
|
|
149
|
+
|
|
150
|
+
- Server not listed: check the command path, working directory, and config path.
|
|
151
|
+
- Tool schema mismatch: run `synapsor audit <exported-tools.json>`.
|
|
152
|
+
- Missing trusted context: set `SYNAPSOR_TENANT_ID` and `SYNAPSOR_PRINCIPAL`, or use the environment variables configured in `trusted_context.values`.
|
|
153
|
+
- Database unavailable: verify the read credential and host access.
|
|
154
|
+
- Proposal waiting review: approve outside the model with `synapsor proposals approve`.
|
|
155
|
+
- Stale-row conflict: inspect replay; the source row changed after the proposal was created, so the guarded worker refused to commit.
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
# MCP Efficiency Benchmark
|
|
2
|
+
|
|
3
|
+
Run:
|
|
4
|
+
|
|
5
|
+
From a source checkout, use `corepack pnpm runner benchmark mcp-efficiency`.
|
|
6
|
+
The global `synapsor` command is only needed after installing or linking the
|
|
7
|
+
CLI.
|
|
8
|
+
|
|
9
|
+
```bash
|
|
10
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner benchmark mcp-efficiency
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
For machine-readable output:
|
|
14
|
+
|
|
15
|
+
```bash
|
|
16
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner benchmark mcp-efficiency --json
|
|
17
|
+
```
|
|
18
|
+
|
|
19
|
+
The benchmark compares an included fixture, not universal model behavior.
|
|
20
|
+
|
|
21
|
+
Current fixture:
|
|
22
|
+
|
|
23
|
+
```text
|
|
24
|
+
late-fee-waiver
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
Checked-in snapshots:
|
|
28
|
+
|
|
29
|
+
```text
|
|
30
|
+
fixtures/benchmark/mcp-efficiency.txt
|
|
31
|
+
fixtures/benchmark/mcp-efficiency.json
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
The CLI tests compare both human-readable and machine-readable output against
|
|
35
|
+
those snapshots, so changes to the fixture, tokenizer, measurements, or wording
|
|
36
|
+
are reviewable.
|
|
37
|
+
|
|
38
|
+
Reference path:
|
|
39
|
+
|
|
40
|
+
```text
|
|
41
|
+
list_tables
|
|
42
|
+
describe_table invoices
|
|
43
|
+
query_database SELECT invoice
|
|
44
|
+
formulate raw UPDATE
|
|
45
|
+
execute_sql UPDATE invoice
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
Synapsor Runner semantic path:
|
|
49
|
+
|
|
50
|
+
```text
|
|
51
|
+
billing.inspect_invoice
|
|
52
|
+
billing.propose_late_fee_waiver
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
It measures:
|
|
56
|
+
|
|
57
|
+
- number of exposed tools;
|
|
58
|
+
- serialized `tools/list` bytes;
|
|
59
|
+
- token count with a pinned deterministic fixture tokenizer;
|
|
60
|
+
- scripted tool-call count;
|
|
61
|
+
- schema/context bytes and tokens exposed;
|
|
62
|
+
- business result bytes and tokens;
|
|
63
|
+
- whether raw SQL is exposed;
|
|
64
|
+
- whether write credentials are exposed;
|
|
65
|
+
- whether approval is separated;
|
|
66
|
+
- whether stale-row conflict is checked.
|
|
67
|
+
|
|
68
|
+
Tokenizer:
|
|
69
|
+
|
|
70
|
+
```text
|
|
71
|
+
synapsor-fixture-tokenizer-v1
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
This tokenizer is a deterministic regex tokenizer used only for repeatable
|
|
75
|
+
fixture comparison. It is not a model billing tokenizer.
|
|
76
|
+
|
|
77
|
+
Allowed README phrasing after implementation:
|
|
78
|
+
|
|
79
|
+
> In the included fixture, semantic capabilities replace generic schema
|
|
80
|
+
> exploration and raw SQL with two compact business tools. Run the benchmark to
|
|
81
|
+
> inspect tool definitions, reference tool-call count, and tokenized context
|
|
82
|
+
> size.
|
|
83
|
+
|
|
84
|
+
Do not claim guaranteed percentage savings across workloads.
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# Operations
|
|
2
|
+
|
|
3
|
+
## Required configuration
|
|
4
|
+
|
|
5
|
+
- `SYNAPSOR_CONTROL_PLANE_URL`
|
|
6
|
+
- `SYNAPSOR_RUNNER_TOKEN`
|
|
7
|
+
- `SYNAPSOR_RUNNER_ID`
|
|
8
|
+
- `SYNAPSOR_SOURCE_ID`
|
|
9
|
+
- `SYNAPSOR_DATABASE_URL`
|
|
10
|
+
- `SYNAPSOR_ENGINE=postgres|mysql`
|
|
11
|
+
|
|
12
|
+
## Routine checks
|
|
13
|
+
|
|
14
|
+
```bash
|
|
15
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner doctor
|
|
16
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner validate --job examples/postgres-support/job.approved.json
|
|
17
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner validate --job examples/mysql-orders/job.approved.json
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
`doctor` validates local configuration, calls Synapsor's runner-token doctor endpoint, confirms the token is authenticated for the configured source, checks database reachability and engine version, creates/verifies `synapsor_writeback_receipts`, and performs a rollback-only receipt insert to prove the configured credential can write runner receipts. It does not mutate business tables.
|
|
21
|
+
|
|
22
|
+
## Local fixture smoke
|
|
23
|
+
|
|
24
|
+
Run this before cutting a release or changing the adapters:
|
|
25
|
+
|
|
26
|
+
```bash
|
|
27
|
+
corepack pnpm test:docker
|
|
28
|
+
```
|
|
29
|
+
|
|
30
|
+
The smoke starts the local Postgres and MySQL fixtures, validates approved jobs, applies one guarded single-row update, retries the same idempotency key, verifies stale-version conflict, verifies tenant mismatch rejection, verifies disallowed-column validation, and tears down the containers with volumes.
|
|
31
|
+
|
|
32
|
+
## Shutdown
|
|
33
|
+
|
|
34
|
+
The runner handles `SIGINT` and `SIGTERM` by stopping the poll loop. In-flight database transactions complete or roll back through the adapter.
|
|
35
|
+
|
|
36
|
+
## Logs
|
|
37
|
+
|
|
38
|
+
Default logs include runner id, job id, proposal id, source id, engine, schema/table names, patch column names, status/error code, and durations. Logs must not include database URL/password, runner token, full patch values, full source rows, or customer data.
|
|
@@ -0,0 +1,185 @@
|
|
|
1
|
+
# Own Database In 10 Minutes
|
|
2
|
+
|
|
3
|
+
This path is for a developer who already understands the local demo and wants
|
|
4
|
+
to try one staging Postgres/MySQL table without writing `synapsor.runner.json`
|
|
5
|
+
by hand.
|
|
6
|
+
|
|
7
|
+
Do not start with your most sensitive production database. Start with staging,
|
|
8
|
+
a disposable database, or a least-privilege view.
|
|
9
|
+
|
|
10
|
+
## 1. Create A Read-Only Credential
|
|
11
|
+
|
|
12
|
+
Use a database user that can inspect metadata and read only the tables/views
|
|
13
|
+
needed for the experiment.
|
|
14
|
+
|
|
15
|
+
Set the connection string in an environment variable:
|
|
16
|
+
|
|
17
|
+
```bash
|
|
18
|
+
export DATABASE_URL="<postgres-or-mysql-read-url>"
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
Do not paste database URLs into MCP client configs or committed JSON files.
|
|
22
|
+
|
|
23
|
+
## 2. Inspect The Database
|
|
24
|
+
|
|
25
|
+
Fast path:
|
|
26
|
+
|
|
27
|
+
```bash
|
|
28
|
+
./scripts/use-your-db.sh
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
That command runs inspection, guided config generation, and tool preview. The
|
|
32
|
+
rest of this page shows the same steps explicitly.
|
|
33
|
+
|
|
34
|
+
```bash
|
|
35
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner inspect --from-env DATABASE_URL --engine auto
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
This prints discovered tables/views, primary keys, possible tenant/scope
|
|
39
|
+
columns, possible conflict/version columns, and fields suggested for review.
|
|
40
|
+
Inspection reads metadata and table shape. It does not expose raw SQL tools or
|
|
41
|
+
write credentials to the model.
|
|
42
|
+
|
|
43
|
+
For disposable staging databases, this shorter form also works:
|
|
44
|
+
|
|
45
|
+
```bash
|
|
46
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner inspect "$DATABASE_URL" --engine auto
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
Prefer `--from-env` on shared machines so URLs do not land in shell history.
|
|
50
|
+
|
|
51
|
+
## 3. Run The Guided Wizard
|
|
52
|
+
|
|
53
|
+
```bash
|
|
54
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner init --from-env DATABASE_URL --mode review --wizard
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
The wizard asks for:
|
|
58
|
+
|
|
59
|
+
- database engine;
|
|
60
|
+
- read URL environment-variable name;
|
|
61
|
+
- schema/database;
|
|
62
|
+
- table or view;
|
|
63
|
+
- primary key;
|
|
64
|
+
- tenant/scope column;
|
|
65
|
+
- conflict/version column;
|
|
66
|
+
- read-visible fields;
|
|
67
|
+
- mode: `read_only`, `shadow`, or `review`;
|
|
68
|
+
- business object name and namespace;
|
|
69
|
+
- proposal patch mapping if you choose `shadow` or `review`;
|
|
70
|
+
- trusted tenant/principal env vars;
|
|
71
|
+
- approval role;
|
|
72
|
+
- final confirmation before files are written.
|
|
73
|
+
|
|
74
|
+
The default mode for unknown schemas should be treated as a cautious staging
|
|
75
|
+
path. Do not enable real writeback until the read/proposal path is reviewed.
|
|
76
|
+
|
|
77
|
+
You can still run the complete wrapper:
|
|
78
|
+
|
|
79
|
+
```bash
|
|
80
|
+
./scripts/use-your-db.sh
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
It runs inspection, guided init, tool preview, and next-step printing in one
|
|
84
|
+
flow. For the lower-level CLI path, `synapsor onboard db --from-env
|
|
85
|
+
DATABASE_URL` runs the same own-database onboarding from the runner command.
|
|
86
|
+
|
|
87
|
+
## 4. What Gets Generated
|
|
88
|
+
|
|
89
|
+
The wizard creates:
|
|
90
|
+
|
|
91
|
+
- `synapsor.runner.json`;
|
|
92
|
+
- `.env.example`;
|
|
93
|
+
- `.synapsor/mcp/generic-stdio.json`;
|
|
94
|
+
- `.synapsor/mcp/claude-desktop.json`;
|
|
95
|
+
- `.synapsor/mcp/cursor.json`;
|
|
96
|
+
- `.synapsor/mcp/vscode.json`.
|
|
97
|
+
|
|
98
|
+
The generated config stores environment-variable names, not database secrets.
|
|
99
|
+
|
|
100
|
+
## 5. Preview What The Model Sees
|
|
101
|
+
|
|
102
|
+
```bash
|
|
103
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner config validate --config synapsor.runner.json
|
|
104
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner doctor --config synapsor.runner.json
|
|
105
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner tools preview --config synapsor.runner.json --store ./.synapsor/local.db
|
|
106
|
+
```
|
|
107
|
+
|
|
108
|
+
`doctor` checks config shape, trusted context env vars, source env vars,
|
|
109
|
+
read/write credential separation, source metadata when reachable, handler env
|
|
110
|
+
vars, and the semantic MCP tool boundary.
|
|
111
|
+
|
|
112
|
+
`tools preview` lists what the model would see and confirms:
|
|
113
|
+
|
|
114
|
+
- semantic tools present;
|
|
115
|
+
- `execute_sql` absent;
|
|
116
|
+
- approval tools absent;
|
|
117
|
+
- commit tools absent;
|
|
118
|
+
- database URLs absent;
|
|
119
|
+
- write credentials absent.
|
|
120
|
+
|
|
121
|
+
## 6. Serve MCP
|
|
122
|
+
|
|
123
|
+
```bash
|
|
124
|
+
export SYNAPSOR_TENANT_ID="acme"
|
|
125
|
+
export SYNAPSOR_PRINCIPAL="local_operator"
|
|
126
|
+
|
|
127
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner mcp serve \
|
|
128
|
+
--config ./synapsor.runner.json \
|
|
129
|
+
--store ./.synapsor/local.db
|
|
130
|
+
```
|
|
131
|
+
|
|
132
|
+
The MCP server exposes only the configured semantic tools. It does not expose
|
|
133
|
+
raw SQL, approval tools, commit tools, database URLs, write credentials, or
|
|
134
|
+
model-controlled tenant authority.
|
|
135
|
+
|
|
136
|
+
## 7. Review Proposals
|
|
137
|
+
|
|
138
|
+
If a proposal is created:
|
|
139
|
+
|
|
140
|
+
```bash
|
|
141
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner proposals list --store ./.synapsor/local.db
|
|
142
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner proposals show <proposal_id> --store ./.synapsor/local.db
|
|
143
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner replay show <proposal_id> --store ./.synapsor/local.db
|
|
144
|
+
```
|
|
145
|
+
|
|
146
|
+
Open the UI:
|
|
147
|
+
|
|
148
|
+
```bash
|
|
149
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner ui --tour --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
150
|
+
```
|
|
151
|
+
|
|
152
|
+
## 8. Apply Only After Review
|
|
153
|
+
|
|
154
|
+
For direct SQL writeback, set a separate writer credential only when ready:
|
|
155
|
+
|
|
156
|
+
```bash
|
|
157
|
+
export SYNAPSOR_DATABASE_WRITE_URL="<postgres-or-mysql-writer-url>"
|
|
158
|
+
```
|
|
159
|
+
|
|
160
|
+
Then:
|
|
161
|
+
|
|
162
|
+
```bash
|
|
163
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner proposals approve <proposal_id> --store ./.synapsor/local.db --actor local_reviewer --yes
|
|
164
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner proposals writeback-job <proposal_id> --store ./.synapsor/local.db --output job.json
|
|
165
|
+
|
|
166
|
+
SYNAPSOR_ENGINE=postgres \
|
|
167
|
+
SYNAPSOR_DATABASE_URL="$SYNAPSOR_DATABASE_WRITE_URL" \
|
|
168
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
|
|
169
|
+
```
|
|
170
|
+
|
|
171
|
+
If your application should own the business write, configure an `http_handler`
|
|
172
|
+
or `command_handler` executor instead of direct SQL writeback. See
|
|
173
|
+
[writeback-executors.md](writeback-executors.md).
|
|
174
|
+
|
|
175
|
+
## Safety Rules
|
|
176
|
+
|
|
177
|
+
- Never infer write authority silently.
|
|
178
|
+
- Every allowed write column must be explicitly reviewed.
|
|
179
|
+
- Every patch mapping must be explicitly reviewed.
|
|
180
|
+
- If no tenant column exists, use a safe view or explicitly acknowledge
|
|
181
|
+
single-tenant dev mode.
|
|
182
|
+
- If no conflict column exists, stay in `read_only` or `shadow` unless you
|
|
183
|
+
intentionally accept a weak guard for local testing.
|
|
184
|
+
- Never write during onboarding.
|
|
185
|
+
- Never put secrets in generated config.
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# Production Readiness
|
|
2
|
+
|
|
3
|
+
Synapsor Runner is a local, open-source MCP data-plane/runtime for reviewed
|
|
4
|
+
Postgres/MySQL business actions. It is not Synapsor Cloud and it is not the
|
|
5
|
+
Synapsor C++ DBMS.
|
|
6
|
+
|
|
7
|
+
Use a staging or disposable database first.
|
|
8
|
+
|
|
9
|
+
Allowed current claims:
|
|
10
|
+
|
|
11
|
+
- semantic MCP tools instead of raw SQL;
|
|
12
|
+
- source database remains unchanged during proposal creation;
|
|
13
|
+
- separate read and write credentials;
|
|
14
|
+
- exact row diff;
|
|
15
|
+
- local approval outside MCP;
|
|
16
|
+
- tenant, column, version, affected-row, and idempotency checks;
|
|
17
|
+
- approved app/API handler writeback with handler secrets kept in environment
|
|
18
|
+
variables;
|
|
19
|
+
- shadow-mode comparison between agent proposals and human actions;
|
|
20
|
+
- stale-row conflict detection in included fixtures;
|
|
21
|
+
- local replay for proposal/evidence/approval/writeback receipts.
|
|
22
|
+
|
|
23
|
+
Do not claim from this repository alone:
|
|
24
|
+
|
|
25
|
+
- high availability;
|
|
26
|
+
- compliance certification;
|
|
27
|
+
- mission-critical SLA;
|
|
28
|
+
- exactly-once across networks;
|
|
29
|
+
- general MCP security;
|
|
30
|
+
- prompt-injection immunity;
|
|
31
|
+
- physical branches for Postgres/MySQL;
|
|
32
|
+
- arbitrary business invariants are automatically understood.
|
|
33
|
+
|
|
34
|
+
Synapsor Cloud is the production/team control plane for shared approvals, RBAC,
|
|
35
|
+
hosted evidence/replay search, runner fleet status, leases, retention, audit
|
|
36
|
+
visibility, and support.
|
|
37
|
+
|
|
38
|
+
Before a public production-data claim, complete the release checklist, counsel
|
|
39
|
+
review, security review, and operational validation.
|
package/docs/protocol.md
ADDED
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
# Protocol
|
|
2
|
+
|
|
3
|
+
The public protocol has four versioned identifiers:
|
|
4
|
+
|
|
5
|
+
```text
|
|
6
|
+
synapsor.change-set.v1
|
|
7
|
+
synapsor.writeback-job.v1
|
|
8
|
+
synapsor.execution-receipt.v1
|
|
9
|
+
synapsor.runner-registration.v1
|
|
10
|
+
```
|
|
11
|
+
|
|
12
|
+
The schemas live in `schemas/`. Golden fixtures live in `fixtures/protocol/` and are copied into the main Synapsor repository so Cloud/C++/SDK work can validate the same contract.
|
|
13
|
+
|
|
14
|
+
`fixtures/protocol/MANIFEST.json` is the shared checksum note for the public protocol set. The same logical manifest is copied to the main Synapsor repository as `protocol/MANIFEST.json`. Tests in both repositories verify the SHA-256 digest for every schema and fixture.
|
|
15
|
+
|
|
16
|
+
The current alpha write path supports one operation:
|
|
17
|
+
|
|
18
|
+
```text
|
|
19
|
+
single_row_update
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
It does not support arbitrary SQL, DDL, INSERT, DELETE, UPSERT, stored procedures, dynamic table/column names from model input, or multi-row writes.
|
|
23
|
+
Schema, table, primary-key, tenant, conflict-guard, allowed-column, and patch
|
|
24
|
+
column identifiers must be fixed safe identifiers. Path-traversal strings and
|
|
25
|
+
SQL-fragment-like identifiers are rejected by protocol validation before the
|
|
26
|
+
Postgres/MySQL adapter can run.
|
|
27
|
+
|
|
28
|
+
## Change set
|
|
29
|
+
|
|
30
|
+
`synapsor.change-set.v1` describes the proposal created after a semantic capability reads the current row and derives an exact diff. It includes:
|
|
31
|
+
|
|
32
|
+
- proposal id and version;
|
|
33
|
+
- action name;
|
|
34
|
+
- trusted principal provenance;
|
|
35
|
+
- tenant/business-object scope;
|
|
36
|
+
- source table and primary key;
|
|
37
|
+
- before/patch/after maps;
|
|
38
|
+
- allowed columns;
|
|
39
|
+
- expected version guard;
|
|
40
|
+
- evidence bundle/query fingerprint;
|
|
41
|
+
- approval state;
|
|
42
|
+
- writeback state;
|
|
43
|
+
- `source_database_mutated: false`;
|
|
44
|
+
- proposal hash.
|
|
45
|
+
|
|
46
|
+
## Writeback job
|
|
47
|
+
|
|
48
|
+
`synapsor.writeback-job.v1` is the only object a runner may use to mutate the external database. Required fields include:
|
|
49
|
+
|
|
50
|
+
- `writeback_job_id`;
|
|
51
|
+
- `proposal_id`;
|
|
52
|
+
- `proposal_version`;
|
|
53
|
+
- `proposal_hash`;
|
|
54
|
+
- `runner_scope.project_id`;
|
|
55
|
+
- `runner_scope.source_id`;
|
|
56
|
+
- `engine`;
|
|
57
|
+
- `operation: single_row_update`;
|
|
58
|
+
- `target.schema`;
|
|
59
|
+
- `target.table`;
|
|
60
|
+
- `target.primary_key`;
|
|
61
|
+
- `tenant_guard`;
|
|
62
|
+
- `allowed_columns`;
|
|
63
|
+
- `patch`;
|
|
64
|
+
- `conflict_guard`;
|
|
65
|
+
- `idempotency_key`;
|
|
66
|
+
- `lease`.
|
|
67
|
+
|
|
68
|
+
The protocol package normalizes this public shape into the existing internal `protocol_version: "1.0"` worker shape so current Postgres/MySQL adapters remain stable while the public contract evolves.
|
|
69
|
+
|
|
70
|
+
## Execution receipt
|
|
71
|
+
|
|
72
|
+
`synapsor.execution-receipt.v1` records the terminal result:
|
|
73
|
+
|
|
74
|
+
```text
|
|
75
|
+
applied
|
|
76
|
+
conflict
|
|
77
|
+
failed
|
|
78
|
+
canceled
|
|
79
|
+
already_applied
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
Receipts include the writeback job id, proposal id, runner id, rows affected, idempotency key, version fields when available, source mutation state, safe error code, execution timestamp, and receipt hash.
|
|
83
|
+
|
|
84
|
+
## Runner registration
|
|
85
|
+
|
|
86
|
+
`synapsor.runner-registration.v1` describes a runner's id, version, supported engines, capabilities, project/source scope, and registration timestamp.
|
|
87
|
+
|
|
88
|
+
## Compatibility
|
|
89
|
+
|
|
90
|
+
Existing Cloud endpoints may still return the legacy `protocol_version: "1.0"` job/result envelope during migration. The runner validates both formats. New public examples and MCP work should use the `synapsor.*.v1` schema ids.
|
package/docs/recipes.md
ADDED
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
# Capability Recipes
|
|
2
|
+
|
|
3
|
+
Recipes are reviewed starter contracts for common database-backed agent actions.
|
|
4
|
+
|
|
5
|
+
They do not introspect and silently guess write authority. They generate a
|
|
6
|
+
starter config that you must map to your actual staging table names, columns,
|
|
7
|
+
tenant key, conflict column, and business limits.
|
|
8
|
+
|
|
9
|
+
List recipes:
|
|
10
|
+
|
|
11
|
+
```bash
|
|
12
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner recipes list
|
|
13
|
+
```
|
|
14
|
+
|
|
15
|
+
Inspect one:
|
|
16
|
+
|
|
17
|
+
```bash
|
|
18
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner recipes show billing.late_fee_waiver
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
Initialize a starter config:
|
|
22
|
+
|
|
23
|
+
```bash
|
|
24
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner recipes init billing.late_fee_waiver --output synapsor.runner.json
|
|
25
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner config validate --config synapsor.runner.json
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
Built-in recipes are JSON files under `recipes/`. They are starter data, not
|
|
29
|
+
runtime hardcoding. You can copy one, edit table/column/tool names for your
|
|
30
|
+
domain, and initialize from your file:
|
|
31
|
+
|
|
32
|
+
```bash
|
|
33
|
+
cp recipes/billing.late_fee_waiver.json my-recipe.json
|
|
34
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner recipes show ./my-recipe.json
|
|
35
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner recipes init ./my-recipe.json --output synapsor.runner.json
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
Available recipes:
|
|
39
|
+
|
|
40
|
+
- `billing.late_fee_waiver`
|
|
41
|
+
- `support.ticket_resolution`
|
|
42
|
+
- `orders.refund_review`
|
|
43
|
+
- `accounts.trial_extension`
|
|
44
|
+
- `credits.account_credit`
|
|
45
|
+
|
|
46
|
+
Each recipe includes:
|
|
47
|
+
|
|
48
|
+
- expected table type;
|
|
49
|
+
- required columns;
|
|
50
|
+
- recommended primary key;
|
|
51
|
+
- recommended tenant key;
|
|
52
|
+
- recommended conflict/version column;
|
|
53
|
+
- visible columns;
|
|
54
|
+
- allowed write columns;
|
|
55
|
+
- patch mapping;
|
|
56
|
+
- numeric/status bounds where relevant;
|
|
57
|
+
- semantic MCP tool names;
|
|
58
|
+
- staging-first notes.
|
|
59
|
+
|
|
60
|
+
Start with staging or a disposable database. Keep production write credentials
|
|
61
|
+
out of the MCP client.
|
package/docs/roadmap.md
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# Roadmap
|
|
2
|
+
|
|
3
|
+
Future packages can live in this same monorepo:
|
|
4
|
+
|
|
5
|
+
- MCP adapter
|
|
6
|
+
- LangGraph adapter
|
|
7
|
+
- OpenAI Agents SDK adapter
|
|
8
|
+
- CrewAI adapter
|
|
9
|
+
- ORM helpers for Prisma, Drizzle, Django, Rails, and SQLAlchemy
|
|
10
|
+
- Local read runner when product requirements and security review are complete
|
|
11
|
+
|
|
12
|
+
Do not add package stubs until the implementation is ready.
|
|
13
|
+
|